2010-09-14 09:46:31 +04:00
/*
Unix SMB / CIFS implementation .
a composite API for finding a DC and its name via CLDAP
Copyright ( C ) Andrew Tridgell 2010
Copyright ( C ) Andrew Bartlett 2010
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "include/includes.h"
# include <tevent.h>
# include "libcli/resolve/resolve.h"
# include "libcli/cldap/cldap.h"
2010-09-14 11:48:52 +04:00
# include "libcli/finddc.h"
2010-09-20 11:42:13 +04:00
# include "libcli/security/security.h"
2010-09-14 09:46:31 +04:00
# include "lib/util/tevent_ntstatus.h"
2011-10-21 22:09:37 +04:00
# include "lib/tsocket/tsocket.h"
2010-09-14 09:46:31 +04:00
# include "libcli/composite/composite.h"
struct finddcs_cldap_state {
struct tevent_context * ev ;
struct tevent_req * req ;
2010-09-14 14:10:51 +04:00
const char * domain_name ;
2010-09-14 09:46:31 +04:00
struct dom_sid * domain_sid ;
2010-09-19 07:22:44 +04:00
const char * srv_name ;
2010-09-14 09:46:31 +04:00
const char * * srv_addresses ;
uint32_t minimum_dc_flags ;
uint32_t srv_address_index ;
struct cldap_socket * cldap ;
struct cldap_netlogon * netlogon ;
} ;
static void finddcs_cldap_srv_resolved ( struct composite_context * ctx ) ;
static void finddcs_cldap_netlogon_replied ( struct tevent_req * req ) ;
2010-09-14 14:10:51 +04:00
static bool finddcs_cldap_srv_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx ) ;
static bool finddcs_cldap_nbt_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx ) ;
static void finddcs_cldap_name_resolved ( struct composite_context * ctx ) ;
2010-09-24 06:49:12 +04:00
static void finddcs_cldap_next_server ( struct finddcs_cldap_state * state ) ;
static bool finddcs_cldap_ipaddress ( struct finddcs_cldap_state * state , struct finddcs * io ) ;
2010-09-14 09:46:31 +04:00
/*
* find a list of DCs via DNS / CLDAP
*
*/
struct tevent_req * finddcs_cldap_send ( TALLOC_CTX * mem_ctx ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
struct finddcs_cldap_state * state ;
struct tevent_req * req ;
req = tevent_req_create ( mem_ctx , & state , struct finddcs_cldap_state ) ;
if ( req = = NULL ) {
return NULL ;
}
state - > req = req ;
state - > ev = event_ctx ;
state - > minimum_dc_flags = io - > in . minimum_dc_flags ;
2010-09-14 14:10:51 +04:00
state - > domain_name = talloc_strdup ( state , io - > in . domain_name ) ;
if ( tevent_req_nomem ( state - > domain_name , req ) ) {
2010-09-14 09:46:31 +04:00
return tevent_req_post ( req , event_ctx ) ;
}
if ( io - > in . domain_sid ) {
state - > domain_sid = dom_sid_dup ( state , io - > in . domain_sid ) ;
if ( tevent_req_nomem ( state - > domain_sid , req ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
} else {
state - > domain_sid = NULL ;
}
2010-09-24 06:49:12 +04:00
if ( io - > in . server_address ) {
2010-10-15 10:40:53 +04:00
DEBUG ( 4 , ( " finddcs: searching for a DC by IP %s \n " , io - > in . server_address ) ) ;
2010-09-24 06:49:12 +04:00
if ( ! finddcs_cldap_ipaddress ( state , io ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
} else if ( strchr ( state - > domain_name , ' . ' ) ) {
2010-09-14 14:10:51 +04:00
/* looks like a DNS name */
2010-10-15 10:40:53 +04:00
DEBUG ( 4 , ( " finddcs: searching for a DC by DNS domain %s \n " , state - > domain_name ) ) ;
2010-09-14 14:10:51 +04:00
if ( ! finddcs_cldap_srv_lookup ( state , io , resolve_ctx , event_ctx ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
} else {
2010-10-15 10:40:53 +04:00
DEBUG ( 4 , ( " finddcs: searching for a DC by NBT lookup %s \n " , state - > domain_name ) ) ;
2010-09-14 14:10:51 +04:00
if ( ! finddcs_cldap_nbt_lookup ( state , io , resolve_ctx , event_ctx ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
}
return req ;
}
2010-09-24 06:49:12 +04:00
/*
we ' ve been told the IP of the server , bypass name
resolution and go straight to CLDAP
*/
static bool finddcs_cldap_ipaddress ( struct finddcs_cldap_state * state , struct finddcs * io )
{
NTSTATUS status ;
state - > srv_addresses = talloc_array ( state , const char * , 2 ) ;
if ( tevent_req_nomem ( state - > srv_addresses , state - > req ) ) {
return false ;
}
state - > srv_addresses [ 0 ] = talloc_strdup ( state - > srv_addresses , io - > in . server_address ) ;
if ( tevent_req_nomem ( state - > srv_addresses [ 0 ] , state - > req ) ) {
return false ;
}
state - > srv_addresses [ 1 ] = NULL ;
state - > srv_address_index = 0 ;
finddcs_cldap_next_server ( state ) ;
return tevent_req_is_nterror ( state - > req , & status ) ;
}
2010-09-14 14:10:51 +04:00
/*
start a SRV DNS lookup
*/
static bool finddcs_cldap_srv_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
struct composite_context * creq ;
struct nbt_name name ;
2010-09-14 09:46:31 +04:00
if ( io - > in . site_name ) {
2010-09-19 07:22:44 +04:00
state - > srv_name = talloc_asprintf ( state , " _ldap._tcp.%s._sites.%s " ,
2010-09-14 14:10:51 +04:00
io - > in . site_name , io - > in . domain_name ) ;
2010-09-14 09:46:31 +04:00
} else {
2010-09-19 07:22:44 +04:00
state - > srv_name = talloc_asprintf ( state , " _ldap._tcp.%s " , io - > in . domain_name ) ;
2010-09-14 09:46:31 +04:00
}
2010-10-15 10:40:53 +04:00
DEBUG ( 4 , ( " finddcs: looking for SRV records for %s \n " , state - > srv_name ) ) ;
2010-09-19 07:22:44 +04:00
make_nbt_name ( & name , state - > srv_name , 0 ) ;
2010-09-14 09:46:31 +04:00
creq = resolve_name_ex_send ( resolve_ctx , state ,
RESOLVE_NAME_FLAG_FORCE_DNS | RESOLVE_NAME_FLAG_DNS_SRV ,
0 , & name , event_ctx ) ;
2010-09-14 14:10:51 +04:00
if ( tevent_req_nomem ( creq , state - > req ) ) {
return false ;
2010-09-14 09:46:31 +04:00
}
creq - > async . fn = finddcs_cldap_srv_resolved ;
creq - > async . private_data = state ;
2010-09-14 14:10:51 +04:00
return true ;
2010-09-14 09:46:31 +04:00
}
2010-09-14 14:10:51 +04:00
/*
start a NBT name lookup for domain < 1 C >
*/
static bool finddcs_cldap_nbt_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
struct composite_context * creq ;
struct nbt_name name ;
make_nbt_name ( & name , state - > domain_name , NBT_NAME_LOGON ) ;
creq = resolve_name_send ( resolve_ctx , state , & name , event_ctx ) ;
if ( tevent_req_nomem ( creq , state - > req ) ) {
return false ;
}
creq - > async . fn = finddcs_cldap_name_resolved ;
creq - > async . private_data = state ;
return true ;
}
2010-09-14 09:46:31 +04:00
/*
fire off a CLDAP query to the next server
*/
static void finddcs_cldap_next_server ( struct finddcs_cldap_state * state )
{
struct tevent_req * subreq ;
2011-10-21 22:09:37 +04:00
struct tsocket_address * dest ;
int ret ;
NTSTATUS status ;
2010-09-14 09:46:31 +04:00
if ( state - > srv_addresses [ state - > srv_address_index ] = = NULL ) {
tevent_req_nterror ( state - > req , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ;
2010-09-19 23:31:33 +04:00
DEBUG ( 2 , ( " finddcs: No matching CLDAP server found \n " ) ) ;
2010-09-14 09:46:31 +04:00
return ;
}
2011-10-21 22:09:37 +04:00
/* we should get the port from the SRV response */
ret = tsocket_address_inet_from_strings ( state , " ip " ,
state - > srv_addresses [ state - > srv_address_index ] ,
389 ,
& dest ) ;
2011-10-22 05:09:59 +04:00
if ( ret = = 0 ) {
status = NT_STATUS_OK ;
} else {
status = map_nt_error_from_unix_common ( errno ) ;
}
if ( tevent_req_nterror ( state - > req , status ) ) {
2011-10-21 22:09:37 +04:00
return ;
}
status = cldap_socket_init ( state , NULL , dest , & state - > cldap ) ;
if ( tevent_req_nterror ( state - > req , status ) ) {
return ;
}
2010-09-14 09:46:31 +04:00
state - > netlogon = talloc_zero ( state , struct cldap_netlogon ) ;
if ( tevent_req_nomem ( state - > netlogon , state - > req ) ) {
return ;
}
2010-09-14 14:10:51 +04:00
if ( strchr ( state - > domain_name , ' . ' ) ) {
state - > netlogon - > in . realm = state - > domain_name ;
}
2010-09-14 09:46:31 +04:00
if ( state - > domain_sid ) {
state - > netlogon - > in . domain_sid = dom_sid_string ( state , state - > domain_sid ) ;
if ( tevent_req_nomem ( state - > netlogon - > in . domain_sid , state - > req ) ) {
return ;
}
}
state - > netlogon - > in . acct_control = - 1 ;
state - > netlogon - > in . version =
NETLOGON_NT_VERSION_5 |
NETLOGON_NT_VERSION_5EX |
NETLOGON_NT_VERSION_IP ;
state - > netlogon - > in . map_response = true ;
2010-10-15 10:40:53 +04:00
DEBUG ( 4 , ( " finddcs: performing CLDAP query on %s \n " , state - > netlogon - > in . dest_address ) ) ;
2011-10-10 17:42:57 +04:00
subreq = cldap_netlogon_send ( state , state - > ev ,
state - > cldap , state - > netlogon ) ;
2010-09-14 09:46:31 +04:00
if ( tevent_req_nomem ( subreq , state - > req ) ) {
return ;
}
tevent_req_set_callback ( subreq , finddcs_cldap_netlogon_replied , state ) ;
}
/*
we have a response from a CLDAP server for a netlogon request
*/
static void finddcs_cldap_netlogon_replied ( struct tevent_req * subreq )
{
struct finddcs_cldap_state * state ;
NTSTATUS status ;
state = tevent_req_callback_data ( subreq , struct finddcs_cldap_state ) ;
status = cldap_netlogon_recv ( subreq , state - > netlogon , state - > netlogon ) ;
2010-09-15 06:22:48 +04:00
talloc_free ( subreq ) ;
2010-09-14 09:46:31 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
return ;
}
if ( state - > minimum_dc_flags ! =
( state - > minimum_dc_flags & state - > netlogon - > out . netlogon . data . nt5_ex . server_type ) ) {
/* the server didn't match the minimum requirements */
2010-10-15 10:40:53 +04:00
DEBUG ( 4 , ( " finddcs: Skipping DC %s with server_type=0x%08x - required 0x%08x \n " ,
2010-09-14 09:46:31 +04:00
state - > srv_addresses [ state - > srv_address_index ] ,
2010-09-15 03:20:59 +04:00
state - > netlogon - > out . netlogon . data . nt5_ex . server_type ,
state - > minimum_dc_flags ) ) ;
2010-09-14 09:46:31 +04:00
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
return ;
}
2010-10-15 10:40:53 +04:00
DEBUG ( 4 , ( " finddcs: Found matching DC %s with server_type=0x%08x \n " ,
state - > srv_addresses [ state - > srv_address_index ] ,
state - > netlogon - > out . netlogon . data . nt5_ex . server_type ) ) ;
2010-09-14 09:46:31 +04:00
tevent_req_done ( state - > req ) ;
}
2010-09-14 14:10:51 +04:00
/*
handle NBT name lookup reply
*/
static void finddcs_cldap_name_resolved ( struct composite_context * ctx )
{
struct finddcs_cldap_state * state =
talloc_get_type ( ctx - > async . private_data , struct finddcs_cldap_state ) ;
const char * address ;
NTSTATUS status ;
status = resolve_name_recv ( ctx , state , & address ) ;
if ( tevent_req_nterror ( state - > req , status ) ) {
2010-09-19 23:31:33 +04:00
DEBUG ( 2 , ( " finddcs: No matching NBT <1c> server found \n " ) ) ;
2010-09-14 14:10:51 +04:00
return ;
}
2010-09-19 23:31:33 +04:00
DEBUG ( 4 , ( " finddcs: Found NBT <1c> server at %s \n " , address ) ) ;
2010-09-14 14:10:51 +04:00
state - > srv_addresses = talloc_array ( state , const char * , 2 ) ;
if ( tevent_req_nomem ( state - > srv_addresses , state - > req ) ) {
return ;
}
state - > srv_addresses [ 0 ] = address ;
state - > srv_addresses [ 1 ] = NULL ;
state - > srv_address_index = 0 ;
finddcs_cldap_next_server ( state ) ;
}
2010-09-14 09:46:31 +04:00
/*
* Having got a DNS SRV answer , fire off the first CLDAP request
*/
static void finddcs_cldap_srv_resolved ( struct composite_context * ctx )
{
struct finddcs_cldap_state * state =
talloc_get_type ( ctx - > async . private_data , struct finddcs_cldap_state ) ;
NTSTATUS status ;
2010-11-05 10:56:46 +03:00
unsigned i ;
2010-09-14 09:46:31 +04:00
status = resolve_name_multiple_recv ( ctx , state , & state - > srv_addresses ) ;
if ( tevent_req_nterror ( state - > req , status ) ) {
2010-09-19 23:31:33 +04:00
DEBUG ( 2 , ( " finddcs: Failed to find SRV record for %s \n " , state - > srv_name ) ) ;
2010-09-14 09:46:31 +04:00
return ;
}
2010-11-05 10:56:46 +03:00
for ( i = 0 ; state - > srv_addresses [ i ] ; i + + ) {
2010-11-06 06:44:33 +03:00
DEBUG ( 4 , ( " finddcs: DNS SRV response %u at '%s' \n " , i , state - > srv_addresses [ i ] ) ) ;
2010-11-05 10:56:46 +03:00
}
2010-09-14 09:46:31 +04:00
state - > srv_address_index = 0 ;
finddcs_cldap_next_server ( state ) ;
}
NTSTATUS finddcs_cldap_recv ( struct tevent_req * req , TALLOC_CTX * mem_ctx , struct finddcs * io )
{
struct finddcs_cldap_state * state = tevent_req_data ( req , struct finddcs_cldap_state ) ;
bool ok ;
NTSTATUS status ;
ok = tevent_req_poll ( req , state - > ev ) ;
if ( ! ok ) {
talloc_free ( req ) ;
return NT_STATUS_INTERNAL_ERROR ;
}
status = tevent_req_simple_recv_ntstatus ( req ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_steal ( mem_ctx , state - > netlogon ) ;
io - > out . netlogon = state - > netlogon - > out . netlogon ;
io - > out . address = talloc_steal ( mem_ctx , state - > srv_addresses [ state - > srv_address_index ] ) ;
}
tevent_req_received ( req ) ;
return status ;
}
NTSTATUS finddcs_cldap ( TALLOC_CTX * mem_ctx ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
NTSTATUS status ;
struct tevent_req * req = finddcs_cldap_send ( mem_ctx ,
io ,
resolve_ctx ,
event_ctx ) ;
status = finddcs_cldap_recv ( req , mem_ctx , io ) ;
talloc_free ( req ) ;
return status ;
}