2010-09-14 15:46:31 +10:00
/*
Unix SMB / CIFS implementation .
a composite API for finding a DC and its name via CLDAP
Copyright ( C ) Andrew Tridgell 2010
Copyright ( C ) Andrew Bartlett 2010
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "include/includes.h"
# include <tevent.h>
# include "libcli/resolve/resolve.h"
# include "libcli/cldap/cldap.h"
2010-09-14 17:48:52 +10:00
# include "libcli/finddc.h"
2010-09-20 17:42:13 +10:00
# include "libcli/security/security.h"
2010-09-14 15:46:31 +10:00
# include "lib/util/tevent_ntstatus.h"
2011-10-21 20:09:37 +02:00
# include "lib/tsocket/tsocket.h"
2010-09-14 15:46:31 +10:00
# include "libcli/composite/composite.h"
2012-12-01 09:14:19 +01:00
# include "lib/util/util_net.h"
2010-09-14 15:46:31 +10:00
struct finddcs_cldap_state {
struct tevent_context * ev ;
struct tevent_req * req ;
2010-09-14 20:10:51 +10:00
const char * domain_name ;
2010-09-14 15:46:31 +10:00
struct dom_sid * domain_sid ;
2010-09-18 20:22:44 -07:00
const char * srv_name ;
2010-09-14 15:46:31 +10:00
const char * * srv_addresses ;
uint32_t minimum_dc_flags ;
uint32_t srv_address_index ;
struct cldap_socket * cldap ;
struct cldap_netlogon * netlogon ;
2015-05-20 11:17:38 +03:00
NTSTATUS status ;
2010-09-14 15:46:31 +10:00
} ;
static void finddcs_cldap_srv_resolved ( struct composite_context * ctx ) ;
static void finddcs_cldap_netlogon_replied ( struct tevent_req * req ) ;
2010-09-14 20:10:51 +10:00
static bool finddcs_cldap_srv_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx ) ;
static bool finddcs_cldap_nbt_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx ) ;
2012-12-01 08:56:57 +01:00
static void finddcs_cldap_nbt_resolved ( struct composite_context * ctx ) ;
2012-12-01 09:14:19 +01:00
static bool finddcs_cldap_name_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx ) ;
static void finddcs_cldap_name_resolved ( struct composite_context * ctx ) ;
2010-09-23 19:49:12 -07:00
static void finddcs_cldap_next_server ( struct finddcs_cldap_state * state ) ;
static bool finddcs_cldap_ipaddress ( struct finddcs_cldap_state * state , struct finddcs * io ) ;
2010-09-14 15:46:31 +10:00
/*
* find a list of DCs via DNS / CLDAP
*/
struct tevent_req * finddcs_cldap_send ( TALLOC_CTX * mem_ctx ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
struct finddcs_cldap_state * state ;
struct tevent_req * req ;
req = tevent_req_create ( mem_ctx , & state , struct finddcs_cldap_state ) ;
if ( req = = NULL ) {
return NULL ;
}
state - > req = req ;
state - > ev = event_ctx ;
state - > minimum_dc_flags = io - > in . minimum_dc_flags ;
2011-11-23 09:45:31 +01:00
if ( io - > in . domain_name ) {
state - > domain_name = talloc_strdup ( state , io - > in . domain_name ) ;
if ( tevent_req_nomem ( state - > domain_name , req ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
} else {
state - > domain_name = NULL ;
2010-09-14 15:46:31 +10:00
}
if ( io - > in . domain_sid ) {
state - > domain_sid = dom_sid_dup ( state , io - > in . domain_sid ) ;
if ( tevent_req_nomem ( state - > domain_sid , req ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
} else {
state - > domain_sid = NULL ;
}
2010-09-23 19:49:12 -07:00
if ( io - > in . server_address ) {
2012-12-01 09:14:19 +01:00
if ( is_ipaddress ( io - > in . server_address ) ) {
DEBUG ( 4 , ( " finddcs: searching for a DC by IP %s \n " ,
io - > in . server_address ) ) ;
if ( ! finddcs_cldap_ipaddress ( state , io ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
} else {
if ( ! finddcs_cldap_name_lookup ( state , io , resolve_ctx ,
event_ctx ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
2010-09-23 19:49:12 -07:00
}
2011-11-23 09:45:31 +01:00
} else if ( io - > in . domain_name ) {
if ( strchr ( state - > domain_name , ' . ' ) ) {
/* looks like a DNS name */
DEBUG ( 4 , ( " finddcs: searching for a DC by DNS domain %s \n " , state - > domain_name ) ) ;
if ( ! finddcs_cldap_srv_lookup ( state , io , resolve_ctx ,
event_ctx ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
} else {
DEBUG ( 4 , ( " finddcs: searching for a DC by NBT lookup %s \n " , state - > domain_name ) ) ;
if ( ! finddcs_cldap_nbt_lookup ( state , io , resolve_ctx ,
event_ctx ) ) {
return tevent_req_post ( req , event_ctx ) ;
}
2010-09-14 20:10:51 +10:00
}
} else {
2011-11-23 09:45:31 +01:00
/* either we have the domain name or the IP address */
tevent_req_nterror ( req , NT_STATUS_INVALID_PARAMETER_MIX ) ;
DEBUG ( 2 , ( " finddcs: Please specify at least the domain name or the IP address! \n " ) ) ;
return tevent_req_post ( req , event_ctx ) ;
2010-09-14 20:10:51 +10:00
}
return req ;
}
2010-09-23 19:49:12 -07:00
/*
we ' ve been told the IP of the server , bypass name
resolution and go straight to CLDAP
*/
static bool finddcs_cldap_ipaddress ( struct finddcs_cldap_state * state , struct finddcs * io )
{
NTSTATUS status ;
state - > srv_addresses = talloc_array ( state , const char * , 2 ) ;
if ( tevent_req_nomem ( state - > srv_addresses , state - > req ) ) {
return false ;
}
state - > srv_addresses [ 0 ] = talloc_strdup ( state - > srv_addresses , io - > in . server_address ) ;
if ( tevent_req_nomem ( state - > srv_addresses [ 0 ] , state - > req ) ) {
return false ;
}
state - > srv_addresses [ 1 ] = NULL ;
state - > srv_address_index = 0 ;
finddcs_cldap_next_server ( state ) ;
return tevent_req_is_nterror ( state - > req , & status ) ;
}
2010-09-14 20:10:51 +10:00
/*
start a SRV DNS lookup
*/
static bool finddcs_cldap_srv_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
struct composite_context * creq ;
struct nbt_name name ;
2010-09-14 15:46:31 +10:00
if ( io - > in . site_name ) {
2010-09-18 20:22:44 -07:00
state - > srv_name = talloc_asprintf ( state , " _ldap._tcp.%s._sites.%s " ,
2010-09-14 20:10:51 +10:00
io - > in . site_name , io - > in . domain_name ) ;
2010-09-14 15:46:31 +10:00
} else {
2010-09-18 20:22:44 -07:00
state - > srv_name = talloc_asprintf ( state , " _ldap._tcp.%s " , io - > in . domain_name ) ;
2010-09-14 15:46:31 +10:00
}
2010-10-15 17:40:53 +11:00
DEBUG ( 4 , ( " finddcs: looking for SRV records for %s \n " , state - > srv_name ) ) ;
2010-09-18 20:22:44 -07:00
make_nbt_name ( & name , state - > srv_name , 0 ) ;
2010-09-14 15:46:31 +10:00
creq = resolve_name_ex_send ( resolve_ctx , state ,
RESOLVE_NAME_FLAG_FORCE_DNS | RESOLVE_NAME_FLAG_DNS_SRV ,
0 , & name , event_ctx ) ;
2010-09-14 20:10:51 +10:00
if ( tevent_req_nomem ( creq , state - > req ) ) {
return false ;
2010-09-14 15:46:31 +10:00
}
creq - > async . fn = finddcs_cldap_srv_resolved ;
creq - > async . private_data = state ;
2010-09-14 20:10:51 +10:00
return true ;
2010-09-14 15:46:31 +10:00
}
2010-09-14 20:10:51 +10:00
/*
start a NBT name lookup for domain < 1 C >
*/
static bool finddcs_cldap_nbt_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
struct composite_context * creq ;
struct nbt_name name ;
make_nbt_name ( & name , state - > domain_name , NBT_NAME_LOGON ) ;
creq = resolve_name_send ( resolve_ctx , state , & name , event_ctx ) ;
if ( tevent_req_nomem ( creq , state - > req ) ) {
return false ;
}
2012-12-01 08:56:57 +01:00
creq - > async . fn = finddcs_cldap_nbt_resolved ;
2010-09-14 20:10:51 +10:00
creq - > async . private_data = state ;
return true ;
}
2010-09-14 15:46:31 +10:00
2012-12-01 09:14:19 +01:00
static bool finddcs_cldap_name_lookup ( struct finddcs_cldap_state * state ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
struct composite_context * creq ;
struct nbt_name name ;
make_nbt_name ( & name , io - > in . server_address , NBT_NAME_SERVER ) ;
creq = resolve_name_send ( resolve_ctx , state , & name , event_ctx ) ;
if ( tevent_req_nomem ( creq , state - > req ) ) {
return false ;
}
creq - > async . fn = finddcs_cldap_name_resolved ;
creq - > async . private_data = state ;
return true ;
}
2010-09-14 15:46:31 +10:00
/*
fire off a CLDAP query to the next server
*/
static void finddcs_cldap_next_server ( struct finddcs_cldap_state * state )
{
struct tevent_req * subreq ;
2011-10-21 20:09:37 +02:00
struct tsocket_address * dest ;
int ret ;
2015-05-20 11:17:38 +03:00
TALLOC_FREE ( state - > cldap ) ;
2010-09-14 15:46:31 +10:00
if ( state - > srv_addresses [ state - > srv_address_index ] = = NULL ) {
2015-05-20 11:17:38 +03:00
if ( NT_STATUS_IS_OK ( state - > status ) ) {
tevent_req_nterror ( state - > req , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ;
} else {
tevent_req_nterror ( state - > req , state - > status ) ;
}
2010-09-19 12:31:33 -07:00
DEBUG ( 2 , ( " finddcs: No matching CLDAP server found \n " ) ) ;
2010-09-14 15:46:31 +10:00
return ;
}
2011-10-21 20:09:37 +02:00
/* we should get the port from the SRV response */
ret = tsocket_address_inet_from_strings ( state , " ip " ,
state - > srv_addresses [ state - > srv_address_index ] ,
389 ,
& dest ) ;
2011-10-22 03:09:59 +02:00
if ( ret = = 0 ) {
2015-05-20 11:17:38 +03:00
state - > status = NT_STATUS_OK ;
2011-10-22 03:09:59 +02:00
} else {
2015-05-20 11:17:38 +03:00
state - > status = map_nt_error_from_unix_common ( errno ) ;
2011-10-22 03:09:59 +02:00
}
2015-05-20 11:17:38 +03:00
if ( ! NT_STATUS_IS_OK ( state - > status ) ) {
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
2011-10-21 20:09:37 +02:00
return ;
}
2015-05-20 11:17:38 +03:00
state - > status = cldap_socket_init ( state , NULL , dest , & state - > cldap ) ;
if ( ! NT_STATUS_IS_OK ( state - > status ) ) {
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
2011-10-21 20:09:37 +02:00
return ;
}
2011-10-22 03:09:59 +02:00
TALLOC_FREE ( state - > netlogon ) ;
2010-09-14 15:46:31 +10:00
state - > netlogon = talloc_zero ( state , struct cldap_netlogon ) ;
2015-05-20 11:17:38 +03:00
if ( state - > netlogon = = NULL ) {
state - > status = NT_STATUS_NO_MEMORY ;
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
2010-09-14 15:46:31 +10:00
return ;
}
2011-11-23 09:45:31 +01:00
if ( ( state - > domain_name ! = NULL ) & & ( strchr ( state - > domain_name , ' . ' ) ) ) {
2010-09-14 20:10:51 +10:00
state - > netlogon - > in . realm = state - > domain_name ;
}
2010-09-14 15:46:31 +10:00
if ( state - > domain_sid ) {
state - > netlogon - > in . domain_sid = dom_sid_string ( state , state - > domain_sid ) ;
2015-05-20 11:17:38 +03:00
if ( state - > netlogon - > in . domain_sid = = NULL ) {
state - > status = NT_STATUS_NO_MEMORY ;
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
2010-09-14 15:46:31 +10:00
return ;
}
}
state - > netlogon - > in . acct_control = - 1 ;
state - > netlogon - > in . version =
NETLOGON_NT_VERSION_5 |
NETLOGON_NT_VERSION_5EX |
NETLOGON_NT_VERSION_IP ;
state - > netlogon - > in . map_response = true ;
2011-11-10 13:18:20 +01:00
DEBUG ( 4 , ( " finddcs: performing CLDAP query on %s \n " ,
state - > srv_addresses [ state - > srv_address_index ] ) ) ;
2010-10-15 17:40:53 +11:00
2011-10-10 15:42:57 +02:00
subreq = cldap_netlogon_send ( state , state - > ev ,
state - > cldap , state - > netlogon ) ;
2015-05-20 11:17:38 +03:00
if ( subreq = = NULL ) {
state - > status = NT_STATUS_NO_MEMORY ;
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
2010-09-14 15:46:31 +10:00
return ;
}
tevent_req_set_callback ( subreq , finddcs_cldap_netlogon_replied , state ) ;
}
/*
we have a response from a CLDAP server for a netlogon request
*/
static void finddcs_cldap_netlogon_replied ( struct tevent_req * subreq )
{
struct finddcs_cldap_state * state ;
NTSTATUS status ;
state = tevent_req_callback_data ( subreq , struct finddcs_cldap_state ) ;
status = cldap_netlogon_recv ( subreq , state - > netlogon , state - > netlogon ) ;
2011-10-22 03:09:59 +02:00
TALLOC_FREE ( subreq ) ;
TALLOC_FREE ( state - > cldap ) ;
2010-09-14 15:46:31 +10:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2015-05-20 11:17:38 +03:00
state - > status = status ;
2010-09-14 15:46:31 +10:00
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
return ;
}
if ( state - > minimum_dc_flags ! =
( state - > minimum_dc_flags & state - > netlogon - > out . netlogon . data . nt5_ex . server_type ) ) {
/* the server didn't match the minimum requirements */
2010-10-15 17:40:53 +11:00
DEBUG ( 4 , ( " finddcs: Skipping DC %s with server_type=0x%08x - required 0x%08x \n " ,
2010-09-14 15:46:31 +10:00
state - > srv_addresses [ state - > srv_address_index ] ,
2010-09-15 09:20:59 +10:00
state - > netlogon - > out . netlogon . data . nt5_ex . server_type ,
state - > minimum_dc_flags ) ) ;
2010-09-14 15:46:31 +10:00
state - > srv_address_index + + ;
finddcs_cldap_next_server ( state ) ;
return ;
}
2010-10-15 17:40:53 +11:00
DEBUG ( 4 , ( " finddcs: Found matching DC %s with server_type=0x%08x \n " ,
state - > srv_addresses [ state - > srv_address_index ] ,
state - > netlogon - > out . netlogon . data . nt5_ex . server_type ) ) ;
2010-09-14 15:46:31 +10:00
tevent_req_done ( state - > req ) ;
}
2012-12-01 09:14:19 +01:00
static void finddcs_cldap_name_resolved ( struct composite_context * ctx )
{
struct finddcs_cldap_state * state =
talloc_get_type ( ctx - > async . private_data , struct finddcs_cldap_state ) ;
NTSTATUS status ;
unsigned i ;
status = resolve_name_multiple_recv ( ctx , state , & state - > srv_addresses ) ;
if ( tevent_req_nterror ( state - > req , status ) ) {
DEBUG ( 2 , ( " finddcs: No matching server found \n " ) ) ;
return ;
}
for ( i = 0 ; state - > srv_addresses [ i ] ; i + + ) {
DEBUG ( 4 , ( " finddcs: response %u at '%s' \n " ,
i , state - > srv_addresses [ i ] ) ) ;
}
state - > srv_address_index = 0 ;
2015-05-20 11:17:38 +03:00
state - > status = NT_STATUS_OK ;
2012-12-01 09:14:19 +01:00
finddcs_cldap_next_server ( state ) ;
}
2010-09-14 20:10:51 +10:00
/*
handle NBT name lookup reply
*/
2012-12-01 08:56:57 +01:00
static void finddcs_cldap_nbt_resolved ( struct composite_context * ctx )
2010-09-14 20:10:51 +10:00
{
struct finddcs_cldap_state * state =
talloc_get_type ( ctx - > async . private_data , struct finddcs_cldap_state ) ;
NTSTATUS status ;
2012-12-01 08:56:57 +01:00
unsigned i ;
2010-09-14 20:10:51 +10:00
2012-12-01 08:56:57 +01:00
status = resolve_name_multiple_recv ( ctx , state , & state - > srv_addresses ) ;
2010-09-14 20:10:51 +10:00
if ( tevent_req_nterror ( state - > req , status ) ) {
2010-09-19 12:31:33 -07:00
DEBUG ( 2 , ( " finddcs: No matching NBT <1c> server found \n " ) ) ;
2010-09-14 20:10:51 +10:00
return ;
}
2012-12-01 08:56:57 +01:00
for ( i = 0 ; state - > srv_addresses [ i ] ; i + + ) {
DEBUG ( 4 , ( " finddcs: NBT <1c> response %u at '%s' \n " ,
i , state - > srv_addresses [ i ] ) ) ;
2010-09-14 20:10:51 +10:00
}
state - > srv_address_index = 0 ;
finddcs_cldap_next_server ( state ) ;
}
2010-09-14 15:46:31 +10:00
/*
* Having got a DNS SRV answer , fire off the first CLDAP request
*/
static void finddcs_cldap_srv_resolved ( struct composite_context * ctx )
{
struct finddcs_cldap_state * state =
talloc_get_type ( ctx - > async . private_data , struct finddcs_cldap_state ) ;
NTSTATUS status ;
2010-11-05 18:56:46 +11:00
unsigned i ;
2010-09-14 15:46:31 +10:00
status = resolve_name_multiple_recv ( ctx , state , & state - > srv_addresses ) ;
if ( tevent_req_nterror ( state - > req , status ) ) {
2010-09-19 12:31:33 -07:00
DEBUG ( 2 , ( " finddcs: Failed to find SRV record for %s \n " , state - > srv_name ) ) ;
2010-09-14 15:46:31 +10:00
return ;
}
2010-11-05 18:56:46 +11:00
for ( i = 0 ; state - > srv_addresses [ i ] ; i + + ) {
2010-11-06 14:44:33 +11:00
DEBUG ( 4 , ( " finddcs: DNS SRV response %u at '%s' \n " , i , state - > srv_addresses [ i ] ) ) ;
2010-11-05 18:56:46 +11:00
}
2010-09-14 15:46:31 +10:00
state - > srv_address_index = 0 ;
2015-05-20 11:17:38 +03:00
state - > status = NT_STATUS_OK ;
2010-09-14 15:46:31 +10:00
finddcs_cldap_next_server ( state ) ;
}
NTSTATUS finddcs_cldap_recv ( struct tevent_req * req , TALLOC_CTX * mem_ctx , struct finddcs * io )
{
struct finddcs_cldap_state * state = tevent_req_data ( req , struct finddcs_cldap_state ) ;
bool ok ;
NTSTATUS status ;
ok = tevent_req_poll ( req , state - > ev ) ;
if ( ! ok ) {
talloc_free ( req ) ;
return NT_STATUS_INTERNAL_ERROR ;
}
2013-06-15 20:39:53 +02:00
if ( tevent_req_is_nterror ( req , & status ) ) {
tevent_req_received ( req ) ;
return status ;
2010-09-14 15:46:31 +10:00
}
2013-06-15 20:39:53 +02:00
talloc_steal ( mem_ctx , state - > netlogon ) ;
io - > out . netlogon = state - > netlogon - > out . netlogon ;
io - > out . address = talloc_steal (
mem_ctx , state - > srv_addresses [ state - > srv_address_index ] ) ;
2010-09-14 15:46:31 +10:00
tevent_req_received ( req ) ;
2013-06-15 20:39:53 +02:00
return NT_STATUS_OK ;
2010-09-14 15:46:31 +10:00
}
NTSTATUS finddcs_cldap ( TALLOC_CTX * mem_ctx ,
struct finddcs * io ,
struct resolve_context * resolve_ctx ,
struct tevent_context * event_ctx )
{
NTSTATUS status ;
struct tevent_req * req = finddcs_cldap_send ( mem_ctx ,
io ,
resolve_ctx ,
event_ctx ) ;
status = finddcs_cldap_recv ( req , mem_ctx , io ) ;
talloc_free ( req ) ;
return status ;
}