/*
* adcli
*
* Copyright (C) 2012 Red Hat Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*
* Author: Stef Walter <stefw@gnome.org>
*/
#include "config.h"
#include "adcli.h"
#include "adprivate.h"
#include "addisco.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <assert.h>
#include <netdb.h>
#include <resolv.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
/* Number of servers to do discovery against.
* For AD DS maximum number of DCs is 1200.
*/
#define DISCO_COUNT 1200
/* The time period in which to do rapid requests */
#define DISCO_FEVER 1
/* Discovery timeout in seconds */
#define DISCO_TIME 15
/* Type of LDAP to use for discovery */
#define DISCO_SCHEME "cldap"
typedef struct _srvinfo {
unsigned short priority;
unsigned short weight;
unsigned short port;
char *hostname;
struct _srvinfo *next;
} srvinfo;
static void
freesrvinfo (srvinfo *res)
{
srvinfo *next;
while (res != NULL) {
next = res->next;
free (res->hostname);
free (res);
res = next;
}
}
static int
perform_query (const char *rrname,
unsigned char **answer,
int *length)
{
unsigned char *ans = NULL;
unsigned char *mem;
int len = 512;
int herr;
int ret;
for (;;) {
len *= 2;
mem = realloc (ans, len);
if (mem == NULL) {
free (ans);
return EAI_MEMORY;
}
ans = mem;
ret = res_query (rrname, C_IN, T_SRV, ans, len);
/* If answer fit in the buffer then we're done */
if (ret < 0 || ret < len) {
len = ret;
break;
}
/*
* On overflow some res_query's return the length needed, others
* return the full length entered. This code works in either case.
*/
}
herr = h_errno;
if (len <= 0) {
free (ans);
if (len == 0 || herr == HOST_NOT_FOUND || herr == NO_DATA)
return EAI_NONAME;
else if (herr == TRY_AGAIN)
return EAI_AGAIN;
else
return EAI_FAIL;
} else {
*answer = ans;
*length = len;
return 0;
}
}
static unsigned short
get_16 (unsigned char **p,
unsigned char *end)
{
unsigned short val;
if (end - (*p) < 2)
return 0;
val = ns_get16 (*p);
(*p) += 2;
return val;
}
static unsigned long
get_32 (unsigned char **p,
unsigned char *end)
{
unsigned long val;
if (end - (*p) < 4)
return 0;
val = ns_get32 (*p);
(*p) += 4;
return val;
}
static char *
get_string (unsigned char *beg,
unsigned char *end,
unsigned char **at)
{
char buffer[HOST_NAME_MAX];
int n;
n = dn_expand (beg, end, *at, buffer, sizeof (buffer));
if (n < 0)
return NULL;
(*at) += n;
return strdup (buffer);
}
static int
parse_record (unsigned char *answer,
unsigned char *p,
unsigned char *end,
srvinfo **res)
{
srvinfo *srv;
/* Check that the below calls are sane */
if (end - p < 8)
return 0;
srv = calloc (1, sizeof (srvinfo));
if (srv == NULL)
return EAI_MEMORY;
srv->priority = get_16 (&p, end);
srv->weight = get_16 (&p, end);
srv->port = get_16 (&p, end);
srv->hostname = get_string (answer, end, &p);
if (!srv->hostname) {
free (srv);
return EAI_FAIL;
}
/* This is not perfect RFC 2782 sorting */
while (*res != NULL) {
if (srv->priority == (*res)->priority) {
/* Just sort zero weights first */
if (!!srv->weight > !!((*res)->weight))
break;
} else if (srv->priority > (*res)->priority) {
break;
}
res = &((*res)->next);
}
srv->next = *res;
*res = srv;
return 0;
}
static int
parse_answer (unsigned char *answer,
int length,
srvinfo **res)
{
srvinfo *results = NULL;
unsigned char *p, *end;
unsigned short type, qclass, rdlength;
HEADER *header;
int count;
int ret;
int n;
header = (HEADER *)answer;
p = answer + sizeof (HEADER);
end = answer + length;
if (p > end)
return EAI_FAIL;
/* Skip query */
count = ntohs (header->qdcount);
while (count-- && p < end) {
n = dn_skipname (p, end);
if (n < 0)
return EAI_FAIL;
p += (n + 4);
}
if (count >= 0)
return EAI_FAIL;
/* Read answers */
count = ntohs (header->ancount);
while (count-- && p < end) {
n = dn_skipname (p, end);
if (n < 0 || (end - p) < (n + 10)) {
freesrvinfo (results);
return EAI_FAIL;
}
p += n;
type = get_16 (&p, end);
qclass = get_16 (&p, end);
get_32 (&p, end); /* skip the ttl */
rdlength = get_16 (&p, end);
if (type == T_SRV && qclass == C_IN && (end - p) >= rdlength) {
ret = parse_record (answer, p, end, &results);
if (ret != 0) {
freesrvinfo (results);
return ret;
}
}
p += rdlength;
}
/* Note that we allow truncated results by not checking count */
/* 'A Target of "." means that the service is decidedly not
* available at this domain.'
*/
if (results == NULL ||
(results->next == NULL &&
strcmp (results->hostname, ".") == 0)) {
freesrvinfo (results);
return EAI_NONAME;
}
*res = results;
return 0;
}
static int
getsrvinfo (const char *rrname,
srvinfo **res)
{
unsigned char *answer;
int length;
int ret;
ret = perform_query (rrname, &answer, &length);
if (ret != 0)
return ret;
ret = parse_answer (answer, length, res);
free (answer);
return ret;
}
static int
parse_disco_string (unsigned char *beg,
unsigned char *end,
unsigned char **at,
char **result)
{
char *string;
assert (result);
string = get_string (beg, end, at);
if (string == NULL)
return 0;
free (*result);
*result = string;
return 1;
}
static int
get_32_le (unsigned char **at,
unsigned char *end,
unsigned int *val)
{
unsigned char *p = *at;
if (end - p < 4)
return 0;
*val = p[0] | p[1] << 8 | p[2] << 16 | p[3] << 24;
(*at) += 4;
return 1;
}
static int
skip_n (unsigned char **at,
unsigned char *end,
int n)
{
if (end - (*at) < n)
return 0;
(*at) += n;
return 1;
}
static adcli_disco *
parse_disco_data (struct berval *bv)
{
unsigned char *at, *end, *beg;
unsigned int type;
adcli_disco *disco;
char *user = NULL;
beg = (unsigned char *)bv->bv_val;
end = beg + bv->bv_len;
at = beg;
disco = calloc (1, sizeof (adcli_disco));
return_val_if_fail (disco != NULL, NULL);
/* domain forest */
if (!get_32_le (&at, end, &type) || type != 23 ||
!get_32_le (&at, end, &disco->flags) ||
!skip_n (&at, end, 16) || /* guid */
!parse_disco_string (beg, end, &at, &disco->forest) ||
!parse_disco_string (beg, end, &at, &disco->domain) ||
!parse_disco_string (beg, end, &at, &disco->host_name) ||
!parse_disco_string (beg, end, &at, &disco->domain_short) ||
!parse_disco_string (beg, end, &at, &disco->host_short) ||
!parse_disco_string (beg, end, &at, &user) ||
!parse_disco_string (beg, end, &at, &disco->server_site) ||
!parse_disco_string (beg, end, &at, &disco->client_site)) {
_adcli_warn ("Could not parse NetLogon discovery data");
adcli_disco_free (disco);
disco = NULL;
} else {
_adcli_info ("Received NetLogon info from: %s", disco->host_name);
}
/* We don't care about these */
free (user);
return disco;
}
static int
insert_disco_sorted (adcli_disco **res,
adcli_disco *disco,
int usability,
int unique)
{
adcli_disco **at = NULL;
/* Sort in order of usability of this disco record */
while (*res != NULL) {
if (unique && strcasecmp (disco->host_name, (*res)->host_name) == 0)
return 0;
if (!at && usability > adcli_disco_usable (*res))
at = res;
if (at && !unique)
break;
res = &((*res)->next);
}
if (at == NULL)
at = res;
disco->next = *at;
*at = disco;
return 1;
}
static int
parse_disco (LDAP *ldap,
const char *host_addr,
LDAPMessage *message,
adcli_disco **res)
{
adcli_disco *disco = NULL;
LDAPMessage *entry;
struct berval **bvs;
int usability;
entry = ldap_first_entry (ldap, message);
if (entry != NULL) {
bvs = ldap_get_values_len (ldap, entry, "NetLogon");
if (bvs != NULL) {
if (!bvs[0])
disco = NULL;
else
disco = parse_disco_data (bvs[0]);
ldap_value_free_len (bvs);
}
}
if (!disco)
return ADCLI_DISCO_UNUSABLE;
disco->host_addr = strdup (host_addr);
return_val_if_fail (disco, ADCLI_DISCO_UNUSABLE);
usability = adcli_disco_usable (disco);
if (!insert_disco_sorted (res, disco, usability, 0))
assert (0 && "not reached");
return usability;
}
static int
ldap_disco_poller (LDAP **ldap,
LDAPMessage **message,
adcli_disco **results,
const char **addrs)
{
int found = ADCLI_DISCO_UNUSABLE;
int close_ldap;
int parsed;
int ret = 0;
struct timeval tvpoll = { 0, 0 };
switch (ldap_result (*ldap, LDAP_RES_ANY, 1, &tvpoll, message)) {
case LDAP_RES_SEARCH_ENTRY:
case LDAP_RES_SEARCH_RESULT:
parsed = parse_disco (*ldap, *addrs, *message, results);
if (parsed > found)
found = parsed;
ldap_msgfree (*message);
close_ldap = 1;
break;
case -1:
ldap_get_option (*ldap, LDAP_OPT_RESULT_CODE, &ret);
close_ldap = 1;
break;
default:
ldap_msgfree (*message);
close_ldap = 0;
break;
}
if (ret != LDAP_SUCCESS) {
_adcli_ldap_handle_failure (*ldap, ADCLI_ERR_CONFIG,
"Couldn't perform discovery search");
}
/* Done with this connection */
if (close_ldap) {
ldap_unbind_ext_s (*ldap, NULL, NULL);
*ldap = NULL;
}
return found;
}
static int
ldap_disco (const char *domain,
srvinfo *srv,
adcli_disco **results)
{
char *attrs[] = { "NetLogon", NULL };
LDAP *ldap[DISCO_COUNT];
const char *addrs[DISCO_COUNT];
int found = ADCLI_DISCO_UNUSABLE;
LDAPMessage *message;
char buffer[1024];
struct addrinfo hints;
struct addrinfo *res, *ai;
const char *scheme;
int msgidp;
int version;
time_t started;
time_t now;
char *url;
char *filter;
char *value;
int num, i;
int ret;
int have_any = 0;
struct timeval interval;
if (domain) {
value = _adcli_ldap_escape_filter (domain);
return_val_if_fail (value != NULL, 0);
if (asprintf (&filter, "(&(DnsDomain=%s)(NtVer=\\06\\00\\00\\00))", value) < 0)
return_val_if_reached (0);
free (value);
} else {
if (asprintf (&filter, "(&(NtVer=\\06\\00\\00\\00)(AAC=\\00\\00\\00\\00))") < 0)
return_val_if_reached (0);
}
memset (addrs, 0, sizeof (addrs));
memset (ldap, 0, sizeof (ldap));
/* Make sure cldap is supported, it's not always built into openldap */
if (ldap_is_ldap_url (DISCO_SCHEME "://hostname"))
scheme = DISCO_SCHEME;
else
scheme = "ldap";
/*
* The ai_socktype and ai_protocol hint fields are unused below,
* but are set in order to prevent duplicate returns from
* getaddrinfo().
*/
memset (&hints, 0, sizeof (hints));
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags |= AI_NUMERICSERV;
#ifdef AI_ADDRCONFIG
hints.ai_flags |= AI_ADDRCONFIG;
#endif
for (num = 0; srv != NULL; srv = srv->next) {
ret = getaddrinfo (srv->hostname, "389", &hints, &res);
if (ret != 0) {
_adcli_warn ("Couldn't resolve server host: %s: %s",
srv->hostname, gai_strerror (ret));
continue;
}
for (ai = res; num < DISCO_COUNT && ai != NULL; ai = ai->ai_next) {
if (getnameinfo (ai->ai_addr, ai->ai_addrlen, buffer, sizeof (buffer),
NULL, 0, NI_NUMERICHOST) != 0)
return_val_if_reached (0);
if (ai->ai_family == AF_INET6) {
/*
* Currently openldap has cldap bugs when used with IPv6:
* http://www.openldap.org/its/index.cgi/Incoming?id=7694
*/
if (asprintf (&url, "%s://[%s]", "ldap", buffer) < 0)
return_val_if_reached (0);
} else {
if (asprintf (&url, "%s://%s", scheme, buffer) < 0)
return_val_if_reached (0);
}
ret = ldap_initialize (&ldap[num], url);
if (ret == LDAP_SUCCESS) {
version = LDAP_VERSION3;
ldap_set_option (ldap[num], LDAP_OPT_PROTOCOL_VERSION, &version);
ldap_set_option (ldap[num], LDAP_OPT_REFERRALS , 0);
addrs[num] = srv->hostname;
have_any = 1;
num++;
} else {
_adcli_err ("Couldn't perform discovery on server: %s: %s", url, ldap_err2string (ret));
}
free (url);
}
freeaddrinfo (res);
}
/* Initial send and short time wait */
interval.tv_sec = 0;
for (i = 0; ADCLI_DISCO_UNUSABLE == found && i < num; ++i) {
int parsed;
if (NULL == ldap[i])
continue;
have_any = 1;
_adcli_info ("Sending NetLogon ping to domain controller: %s", addrs[i]);
ret = ldap_search_ext (ldap[i], "", LDAP_SCOPE_BASE,
filter, attrs, 0, NULL, NULL, NULL,
-1, &msgidp);
if (ret != LDAP_SUCCESS) {
_adcli_ldap_handle_failure (ldap[i], ADCLI_ERR_CONFIG,
"Couldn't perform discovery search");
ldap_unbind_ext_s (ldap[i], NULL, NULL);
ldap[i] = NULL;
}
/* From https://msdn.microsoft.com/en-us/library/ff718294.aspx first
* five DCs are given 0.4 seconds timeout, next five are given 0.2
* seconds, and the rest are given 0.1 seconds
*/
if (i < 5) {
interval.tv_usec = 400000;
} else if (i < 10) {
interval.tv_usec = 200000;
} else {
interval.tv_usec = 100000;
}
select (0, NULL, NULL, NULL, &interval);
parsed = ldap_disco_poller (&(ldap[i]), &message, results, &(addrs[i]));
if (parsed > found)
found = parsed;
}
/* Wait some more until LDAP timeout (DISCO_TIME) */
for (started = now = time (NULL);
have_any && ADCLI_DISCO_UNUSABLE == found && now < started + DISCO_TIME;
now = time (NULL)) {
select (0, NULL, NULL, NULL, &interval);
have_any = 0;
for (i = 0; ADCLI_DISCO_UNUSABLE == found && i < num; ++i) {
int parsed;
if (ldap[i] == NULL)
continue;
have_any = 1;
parsed = ldap_disco_poller (&(ldap[i]), &message, results, &(addrs[i]));
if (parsed > found)
found = parsed;
}
}
for (i = 0; i < num; i++) {
if (ldap[i] != NULL)
ldap_unbind_ext_s (ldap[i], NULL, NULL);
}
free (filter);
return found;
}
static void
fill_disco (adcli_disco **results,
int usability,
const char *domain,
const char *site,
srvinfo *srv)
{
adcli_disco *disco;
while (srv != NULL) {
disco = calloc (1, sizeof (adcli_disco));
return_if_fail (disco != NULL);
disco->client_site = site ? strdup (site) : NULL;
disco->server_site = site ? strdup (site) : NULL;
disco->domain = strdup (domain);
disco->host_name = strdup (srv->hostname);
disco->host_addr = strdup (srv->hostname);
if (!insert_disco_sorted (results, disco, usability, 1))
adcli_disco_free (disco);
srv = srv->next;
}
}
static int
site_disco (adcli_disco *disco,
adcli_disco **results)
{
srvinfo *srv;
char *rrname;
int found;
int ret;
if (!disco->client_site || !disco->domain)
return ADCLI_DISCO_MAYBE;
if (asprintf (&rrname, "_ldap._tcp.%s._sites.dc._msdcs.%s",
disco->client_site, disco->domain) < 0)
return_val_if_reached (ADCLI_DISCO_UNUSABLE);
_adcli_info ("Discovering site domain controllers: %s", rrname);
ret = getsrvinfo (rrname, &srv);
switch (ret) {
case 0:
break;
case EAI_NONAME:
case EAI_AGAIN:
_adcli_err ("No LDAP SRV site records: %s: %s",
rrname, gai_strerror (ret));
break;
default:
_adcli_err ("Couldn't resolve SRV site records: %s: %s",
rrname, gai_strerror (ret));
break;
}
free (rrname);
if (ret != 0)
return ADCLI_DISCO_MAYBE;
/*
* Now that we have discovered the site domain controllers do a
* second round of cldap discovery.
*/
found = ldap_disco (disco->domain, srv, results);
fill_disco (results, ADCLI_DISCO_MAYBE,
disco->domain, disco->client_site, srv);
freesrvinfo (srv);
return found;
}
int
adcli_disco_domain (const char *domain,
adcli_disco **results)
{
char *rrname;
srvinfo *srv;
int found;
int ret;
return_unexpected_if_fail (domain != NULL);
return_unexpected_if_fail (results != NULL);
*results = NULL;
if (asprintf (&rrname, "_ldap._tcp.%s", domain) < 0)
return_unexpected_if_reached ();
_adcli_info ("Discovering domain controllers: %s", rrname);
ret = getsrvinfo (rrname, &srv);
switch (ret) {
case 0:
break;
case EAI_NONAME:
case EAI_AGAIN:
_adcli_err ("No LDAP SRV records for domain: %s: %s",
rrname, gai_strerror (ret));
break;
default:
_adcli_err ("Couldn't resolve SRV record: %s: %s",
rrname, gai_strerror (ret));
break;
}
free (rrname);
if (ret != 0)
return 0;
found = ldap_disco (domain, srv, results);
if (found == ADCLI_DISCO_MAYBE) {
assert (*results);
found = site_disco (*results, results);
}
fill_disco (results, ADCLI_DISCO_MAYBE, domain, NULL, srv);
freesrvinfo (srv);
return found;
}
int
adcli_disco_host (const char *host,
adcli_disco **results)
{
srvinfo srv;
return_val_if_fail (host != NULL, 0);
return_val_if_fail (results != NULL, 0);
*results = NULL;
memset (&srv, 0, sizeof (srv));
srv.hostname = (char *)host;
return ldap_disco (NULL, &srv, results);
}
void
adcli_disco_free (adcli_disco *disco)
{
adcli_disco *next;
for (; disco != NULL; disco = next) {
next = disco->next;
free (disco->host_addr);
free (disco->host_name);
free (disco->host_short);
free (disco->forest);
free (disco->domain);
free (disco->domain_short);
free (disco->client_site);
free (disco->server_site);
free (disco);
}
}
int
adcli_disco_usable (adcli_disco *disco)
{
return_val_if_fail (disco != NULL, ADCLI_DISCO_UNUSABLE);
if (disco->flags != 0) {
if ((disco->flags & (ADCLI_DISCO_KDC | ADCLI_DISCO_LDAP | ADCLI_DISCO_WRITABLE)) == 0)
return ADCLI_DISCO_UNUSABLE;
}
if (disco->client_site && disco->server_site &&
strcasecmp (disco->client_site, disco->server_site) == 0)
return ADCLI_DISCO_USABLE;
return ADCLI_DISCO_MAYBE;
}