static void find_all_domain_master_names_query_success(struct subnet_record *subrec,
struct userdata_struct *userdata_in,
struct nmb_name *q_name, struct in_addr answer_ip, struct res_rec *rrec)
{
/*
* We now have a list of all the domain master browsers for all workgroups
* that have registered with the WINS server. Now do a node status request
* to each one and look for the first 1b name in the reply. This will be
* the workgroup name that we will add to the unicast subnet as a 'non-local'
* workgroup.
*/
struct nmb_name nmbname;
struct in_addr send_ip;
int i;
if( DEBUGLVL( 5 ) )
{
dbgtext( "find_all_domain_master_names_query_succes:\n" );
dbgtext( "Got answer from WINS server of %d ", (rrec->rdlength / 6) );
dbgtext( "IP addresses for Domain Master Browsers.\n" );
}
for(i = 0; i < rrec->rdlength / 6; i++)
{
/* Initiate the node status requests. */
make_nmb_name(&nmbname, "*", 0);
putip((char *)&send_ip, (char *)&rrec->rdata[(i*6) + 2]);
/*
* Don't send node status requests to ourself.
*/
if(ismyip( send_ip ))
{
if( DEBUGLVL( 5 ) )
{
dbgtext( "find_all_domain_master_names_query_succes:\n" );
dbgtext( "Not sending node status to our own IP " );
dbgtext( "%s.\n", inet_ntoa(send_ip) );
}
continue;
}
if( DEBUGLVL( 5 ) )
{
dbgtext( "find_all_domain_master_names_query_success:\n" );
dbgtext( "Sending node status request to IP %s.\n", inet_ntoa(send_ip) );
}
node_status( subrec, &nmbname, send_ip,
get_domain_master_name_node_status_success,
get_domain_master_name_node_status_fail,
NULL);
}
}
/********************************************************
resolve via "wins" method
*********************************************************/
static BOOL
resolve_wins (const char *name, struct in_addr *return_ip, int name_type)
{
int sock;
struct in_addr wins_ip;
BOOL wins_ismyip;
/*
* "wins" means do a unicast lookup to the WINS server.
* Ignore if there is no WINS server specified or if the
* WINS server is one of our interfaces (if we're being
* called from within nmbd - we can't do this call as we
* would then block).
*/
DEBUG (3, ("resolve_name: Attempting wins lookup for name %s<0x%x>\n", name, name_type));
if (!*lp_wins_server ())
{
DEBUG (3, ("resolve_name: WINS server resolution selected and no WINS server present.\n"));
return False;
}
wins_ip = *interpret_addr2 (lp_wins_server ());
wins_ismyip = ismyip (wins_ip);
if ((wins_ismyip && !global_in_nmbd) || !wins_ismyip)
{
sock = open_socket_in (SOCK_DGRAM, 0, 3, interpret_addr (lp_socket_address ()), True);
if (sock != -1)
{
struct in_addr *iplist = NULL;
int count;
iplist = name_query (sock, name, name_type, False, True, wins_ip, &count, NULL);
if (iplist != NULL)
{
*return_ip = iplist[0];
free ((char *) iplist);
close (sock);
return True;
}
close (sock);
}
}
return False;
}
static void announce_local_master_browser_to_domain_master_browser( struct work_record *work)
{
pstring outbuf;
unstring myname;
unstring dmb_name;
char *p;
if(ismyip(work->dmb_addr)) {
if( DEBUGLVL( 2 ) ) {
dbgtext( "announce_local_master_browser_to_domain_master_browser:\n" );
dbgtext( "We are both a domain and a local master browser for " );
dbgtext( "workgroup %s. ", work->work_group );
dbgtext( "Do not announce to ourselves.\n" );
}
return;
}
memset(outbuf,'\0',sizeof(outbuf));
p = outbuf;
SCVAL(p,0,ANN_MasterAnnouncement);
p++;
unstrcpy(myname, global_myname());
strupper_m(myname);
myname[15]='\0';
/* The call below does CH_UNIX -> CH_DOS conversion. JRA */
push_pstring_base(p, myname, outbuf);
p = skip_string(p,1);
if( DEBUGLVL( 4 ) ) {
dbgtext( "announce_local_master_browser_to_domain_master_browser:\n" );
dbgtext( "Sending local master announce to " );
dbgtext( "%s for workgroup %s.\n", nmb_namestr(&work->dmb_name),
work->work_group );
}
/* Target name for send_mailslot must be in UNIX charset. */
pull_ascii_nstring(dmb_name, sizeof(dmb_name), work->dmb_name.name);
send_mailslot(True, BROWSE_MAILSLOT, outbuf,PTR_DIFF(p,outbuf),
global_myname(), 0x0, dmb_name, 0x0,
work->dmb_addr, FIRST_SUBNET->myip, DGRAM_PORT);
}
static void announce_local_master_browser_to_domain_master_browser( struct work_record *work)
{
pstring outbuf;
char *p;
if(ismyip(work->dmb_addr))
{
if( DEBUGLVL( 2 ) )
{
dbgtext( "announce_local_master_browser_to_domain_master_browser:\n" );
dbgtext( "We are both a domain and a local master browser for " );
dbgtext( "workgroup %s. ", work->work_group );
dbgtext( "Do not announce to ourselves.\n" );
}
return;
}
memset(outbuf,'\0',sizeof(outbuf));
p = outbuf;
SCVAL(p,0,ANN_MasterAnnouncement);
p++;
StrnCpy(p,global_myname,15);
strupper(p);
p = skip_string(p,1);
if( DEBUGLVL( 4 ) )
{
dbgtext( "announce_local_master_browser_to_domain_master_browser:\n" );
dbgtext( "Sending local master announce to " );
dbgtext( "%s for workgroup %s.\n", nmb_namestr(&work->dmb_name),
work->work_group );
}
send_mailslot(True, BROWSE_MAILSLOT, outbuf,PTR_DIFF(p,outbuf),
global_myname, 0x0, work->dmb_name.name, 0x0,
work->dmb_addr, FIRST_SUBNET->myip, DGRAM_PORT);
}
static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
{
struct cli_state *cli = NULL;
fstring desthost;
struct in_addr dest_ip;
const char *p;
char *pserver;
BOOL connected_ok = False;
if (!(cli = cli_initialise()))
return NULL;
/* security = server just can't function with spnego */
cli->use_spnego = False;
pserver = talloc_strdup(mem_ctx, lp_passwordserver());
p = pserver;
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
standard_sub_basic(current_user_info.smb_name, current_user_info.domain,
desthost, sizeof(desthost));
strupper_m(desthost);
if(!resolve_name( desthost, &dest_ip, 0x20)) {
DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
continue;
}
if (ismyip(dest_ip)) {
DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
continue;
}
/* we use a mutex to prevent two connections at once - when a
Win2k PDC get two connections where one hasn't completed a
session setup yet it will send a TCP reset to the first
connection (tridge) */
if (!grab_server_mutex(desthost)) {
return NULL;
}
if (cli_connect(cli, desthost, &dest_ip)) {
DEBUG(3,("connected to password server %s\n",desthost));
connected_ok = True;
break;
}
}
if (!connected_ok) {
release_server_mutex();
DEBUG(0,("password server not available\n"));
cli_shutdown(cli);
return NULL;
}
if (!attempt_netbios_session_request(&cli, global_myname(),
desthost, &dest_ip)) {
release_server_mutex();
DEBUG(1,("password server fails session request\n"));
cli_shutdown(cli);
return NULL;
}
if (strequal(desthost,myhostname())) {
exit_server_cleanly("Password server loop!");
}
DEBUG(3,("got session\n"));
if (!cli_negprot(cli)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
if (cli->protocol < PROTOCOL_LANMAN2 ||
!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
DEBUG(1,("%s isn't in user level security mode\n",desthost));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
/* Get the first session setup done quickly, to avoid silly
Win2k bugs. (The next connection to the server will kill
this one...
*/
if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0,
""))) {
DEBUG(0,("%s rejected the initial session setup (%s)\n",
desthost, cli_errstr(cli)));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
release_server_mutex();
DEBUG(3,("password server OK\n"));
return cli;
}
/****************************************************************************
support for server level security
****************************************************************************/
struct cli_state *server_cryptkey(void)
{
fstring desthost;
struct in_addr dest_ip;
extern fstring local_machine;
char *p;
if (!cli_initialise(&cli))
return NULL;
for (p=strtok(lp_passwordserver(),LIST_SEP); p ; p = strtok(NULL,LIST_SEP)) {
fstrcpy(desthost,p);
standard_sub_basic(desthost);
strupper(desthost);
if(!resolve_name( desthost, &dest_ip)) {
DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",p));
continue;
}
if (ismyip(dest_ip)) {
DEBUG(1,("Password server loop - disabling password server %s\n",p));
continue;
}
if (cli_connect(&cli, desthost, &dest_ip)) {
DEBUG(3,("connected to password server %s\n",p));
break;
}
}
if (!p) {
DEBUG(1,("password server not available\n"));
cli_shutdown(&cli);
return NULL;
}
if (!cli_session_request(&cli, desthost, 0x20, local_machine)) {
DEBUG(1,("%s rejected the session\n",desthost));
cli_shutdown(&cli);
return NULL;
}
DEBUG(3,("got session\n"));
if (!cli_negprot(&cli)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
cli_shutdown(&cli);
return NULL;
}
if (cli.protocol < PROTOCOL_LANMAN2 ||
!(cli.sec_mode & 1)) {
DEBUG(1,("%s isn't in user level security mode\n",desthost));
cli_shutdown(&cli);
return NULL;
}
DEBUG(3,("password server OK\n"));
return &cli;
}
