search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix bug #7669.
[Samba.git] / source / libsmb / clidfs.c
blob1b17679c80bd5c7a86eea00c53f76c42b74c0bd3
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 /********************************************************************
25 Important point.
26
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
29
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
34
35 struct client_connection {
36 struct client_connection *prev, *next;
37 struct cli_state *cli;
38 char *mount;
39 };
40
41 /* global state....globals reek! */
42 int max_protocol = PROTOCOL_NT1;
43
44 static struct cm_cred_struct {
45 char *username;
46 char *password;
47 bool got_pass;
48 bool use_kerberos;
49 bool fallback_after_kerberos;
50 int signing_state;
51 } cm_creds;
52
53 static void cm_set_password(const char *newpass);
54
55 static int port;
56 static int name_type = 0x20;
57 static bool have_ip;
58 static struct sockaddr_storage dest_ss;
59
60 static struct client_connection *connections;
61
62 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
63 struct cli_state *cli,
64 const char *sharename,
65 char **pp_newserver,
66 char **pp_newshare,
67 bool force_encrypt,
68 const char *username,
69 const char *password,
70 const char *domain);
71
72 /********************************************************************
73 Ensure a connection is encrypted.
74 ********************************************************************/
75
76 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
77 const char *username,
78 const char *password,
79 const char *domain,
80 const char *sharename)
81 {
82 NTSTATUS status = cli_force_encryption(c,
83 username,
84 password,
85 domain);
86
87 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
88 d_printf("Encryption required and "
89 "server that doesn't support "
90 "UNIX extensions - failing connect\n");
91 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
92 d_printf("Encryption required and "
93 "can't get UNIX CIFS extensions "
94 "version from server.\n");
95 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
96 d_printf("Encryption required and "
97 "share %s doesn't support "
98 "encryption.\n", sharename);
99 } else if (!NT_STATUS_IS_OK(status)) {
100 d_printf("Encryption required and "
101 "setup failed with error %s.\n",
102 nt_errstr(status));
103 }
104
105 return status;
106 }
107
108 /********************************************************************
109 Return a connection to a server.
110 ********************************************************************/
111
112 static struct cli_state *do_connect(TALLOC_CTX *ctx,
113 const char *server,
114 const char *share,
115 bool show_sessetup,
116 bool force_encrypt)
117 {
118 struct cli_state *c = NULL;
119 struct nmb_name called, calling;
120 const char *server_n;
121 struct sockaddr_storage ss;
122 char *servicename;
123 char *sharename;
124 char *newserver, *newshare;
125 const char *username;
126 const char *password;
127 NTSTATUS status;
128
129 /* make a copy so we don't modify the global string 'service' */
130 servicename = talloc_strdup(ctx,share);
131 if (!servicename) {
132 return NULL;
133 }
134 sharename = servicename;
135 if (*sharename == '\\') {
136 server = sharename+2;
137 sharename = strchr_m(server,'\\');
138 if (!sharename) {
139 return NULL;
140 }
141 *sharename = 0;
142 sharename++;
143 }
144
145 server_n = server;
146
147 zero_sockaddr(&ss);
148
149 make_nmb_name(&calling, global_myname(), 0x0);
150 make_nmb_name(&called , server, name_type);
151
152 again:
153 zero_sockaddr(&ss);
154 if (have_ip)
155 ss = dest_ss;
156
157 /* have to open a new connection */
158 if (!(c=cli_initialise()) || (cli_set_port(c, port) != port)) {
159 d_printf("Connection to %s failed\n", server_n);
160 if (c) {
161 cli_shutdown(c);
162 }
163 return NULL;
164 }
165 status = cli_connect(c, server_n, &ss);
166 if (!NT_STATUS_IS_OK(status)) {
167 d_printf("Connection to %s failed (Error %s)\n",
168 server_n,
169 nt_errstr(status));
170 cli_shutdown(c);
171 return NULL;
172 }
173
174 c->protocol = max_protocol;
175 c->use_kerberos = cm_creds.use_kerberos;
176 c->fallback_after_kerberos = cm_creds.fallback_after_kerberos;
177 cli_setup_signing_state(c, cm_creds.signing_state);
178
179 if (!cli_session_request(c, &calling, &called)) {
180 char *p;
181 d_printf("session request to %s failed (%s)\n",
182 called.name, cli_errstr(c));
183 cli_shutdown(c);
184 c = NULL;
185 if ((p=strchr_m(called.name, '.'))) {
186 *p = 0;
187 goto again;
188 }
189 if (strcmp(called.name, "*SMBSERVER")) {
190 make_nmb_name(&called , "*SMBSERVER", 0x20);
191 goto again;
192 }
193 return NULL;
194 }
195
196 DEBUG(4,(" session request ok\n"));
197
198 if (!cli_negprot(c)) {
199 d_printf("protocol negotiation failed\n");
200 cli_shutdown(c);
201 return NULL;
202 }
203
204 if (!cm_creds.got_pass && !cm_creds.use_kerberos) {
205 char *label = NULL;
206 char *pass;
207 label = talloc_asprintf(ctx, "Enter %s's password: ",
208 cm_creds.username);
209 pass = getpass(label);
210 if (pass) {
211 cm_set_password(pass);
212 }
213 TALLOC_FREE(label);
214 }
215
216 username = cm_creds.username ? cm_creds.username : "";
217 password = cm_creds.password ? cm_creds.password : "";
218
219 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
220 password, strlen(password),
221 password, strlen(password),
222 lp_workgroup()))) {
223 /* If a password was not supplied then
224 * try again with a null username. */
225 if (password[0] || !username[0] || cm_creds.use_kerberos ||
226 !NT_STATUS_IS_OK(cli_session_setup(c, "",
227 "", 0,
228 "", 0,
229 lp_workgroup()))) {
230 d_printf("session setup failed: %s\n", cli_errstr(c));
231 if (NT_STATUS_V(cli_nt_error(c)) ==
232 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
233 d_printf("did you forget to run kinit?\n");
234 cli_shutdown(c);
235 return NULL;
236 }
237 d_printf("Anonymous login successful\n");
238 cli_init_creds(c, "", lp_workgroup(), "");
239 } else {
240 cli_init_creds(c, username, lp_workgroup(), password);
241 }
242
243 if ( show_sessetup ) {
244 if (*c->server_domain) {
245 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
246 c->server_domain,c->server_os,c->server_type));
247 } else if (*c->server_os || *c->server_type) {
248 DEBUG(0,("OS=[%s] Server=[%s]\n",
249 c->server_os,c->server_type));
250 }
251 }
252 DEBUG(4,(" session setup ok\n"));
253
254 /* here's the fun part....to support 'msdfs proxy' shares
255 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
256 here before trying to connect to the original share.
257 check_dfs_proxy() will fail if it is a normal share. */
258
259 if ((c->capabilities & CAP_DFS) &&
260 cli_check_msdfs_proxy(ctx, c, sharename,
261 &newserver, &newshare,
262 force_encrypt,
263 username,
264 password,
265 lp_workgroup())) {
266 cli_shutdown(c);
267 return do_connect(ctx, newserver,
268 newshare, false, force_encrypt);
269 }
270
271 /* must be a normal share */
272
273 if (!cli_send_tconX(c, sharename, "?????",
274 password, strlen(password)+1)) {
275 d_printf("tree connect failed: %s\n", cli_errstr(c));
276 cli_shutdown(c);
277 return NULL;
278 }
279
280 if (force_encrypt) {
281 status = cli_cm_force_encryption(c,
282 username,
283 password,
284 lp_workgroup(),
285 sharename);
286 if (!NT_STATUS_IS_OK(status)) {
287 cli_shutdown(c);
288 return NULL;
289 }
290 }
291
292 DEBUG(4,(" tconx ok\n"));
293 return c;
294 }
295
296 /****************************************************************************
297 ****************************************************************************/
298
299 static void cli_cm_set_mntpoint(struct cli_state *c, const char *mnt)
300 {
301 struct client_connection *p;
302 int i;
303
304 for (p=connections,i=0; p; p=p->next,i++) {
305 if (strequal(p->cli->desthost, c->desthost) &&
306 strequal(p->cli->share, c->share)) {
307 break;
308 }
309 }
310
311 if (p) {
312 char *name = clean_name(NULL, mnt);
313 if (!name) {
314 return;
315 }
316 TALLOC_FREE(p->mount);
317 p->mount = talloc_strdup(p, name);
318 TALLOC_FREE(name);
319 }
320 }
321
322 /****************************************************************************
323 ****************************************************************************/
324
325 const char *cli_cm_get_mntpoint(struct cli_state *c)
326 {
327 struct client_connection *p;
328 int i;
329
330 for (p=connections,i=0; p; p=p->next,i++) {
331 if (strequal(p->cli->desthost, c->desthost) &&
332 strequal(p->cli->share, c->share)) {
333 break;
334 }
335 }
336
337 if (p) {
338 return p->mount;
339 }
340 return NULL;
341 }
342
343 /********************************************************************
344 Add a new connection to the list
345 ********************************************************************/
346
347 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
348 struct cli_state *referring_cli,
349 const char *server,
350 const char *share,
351 bool show_hdr,
352 bool force_encrypt)
353 {
354 struct client_connection *node;
355
356 /* NB This must be the null context here... JRA. */
357 node = TALLOC_ZERO_ARRAY(NULL, struct client_connection, 1);
358 if (!node) {
359 return NULL;
360 }
361
362 node->cli = do_connect(ctx, server, share, show_hdr, force_encrypt);
363
364 if ( !node->cli ) {
365 TALLOC_FREE( node );
366 return NULL;
367 }
368
369 DLIST_ADD( connections, node );
370
371 cli_cm_set_mntpoint(node->cli, "");
372
373 if (referring_cli && referring_cli->posix_capabilities) {
374 uint16 major, minor;
375 uint32 caplow, caphigh;
376 if (cli_unix_extensions_version(node->cli, &major,
377 &minor, &caplow, &caphigh)) {
378 cli_set_unix_extensions_capabilities(node->cli,
379 major, minor,
380 caplow, caphigh);
381 }
382 }
383
384 return node->cli;
385 }
386
387 /********************************************************************
388 Return a connection to a server.
389 ********************************************************************/
390
391 static struct cli_state *cli_cm_find(const char *server, const char *share)
392 {
393 struct client_connection *p;
394
395 for (p=connections; p; p=p->next) {
396 if ( strequal(server, p->cli->desthost) &&
397 strequal(share,p->cli->share)) {
398 return p->cli;
399 }
400 }
401
402 return NULL;
403 }
404
405 /****************************************************************************
406 Open a client connection to a \\server\share. Set's the current *cli
407 global variable as a side-effect (but only if the connection is successful).
408 ****************************************************************************/
409
410 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
411 struct cli_state *referring_cli,
412 const char *server,
413 const char *share,
414 bool show_hdr,
415 bool force_encrypt)
416 {
417 struct cli_state *c;
418
419 /* try to reuse an existing connection */
420
421 c = cli_cm_find(server, share);
422 if (!c) {
423 c = cli_cm_connect(ctx, referring_cli,
424 server, share, show_hdr, force_encrypt);
425 }
426
427 return c;
428 }
429
430 /****************************************************************************
431 ****************************************************************************/
432
433 void cli_cm_shutdown(void)
434 {
435 struct client_connection *p, *x;
436
437 for (p=connections; p;) {
438 cli_shutdown(p->cli);
439 x = p;
440 p = p->next;
441
442 TALLOC_FREE(x);
443 }
444
445 connections = NULL;
446 return;
447 }
448
449 /****************************************************************************
450 ****************************************************************************/
451
452 void cli_cm_display(void)
453 {
454 struct client_connection *p;
455 int i;
456
457 for ( p=connections,i=0; p; p=p->next,i++ ) {
458 d_printf("%d:\tserver=%s, share=%s\n",
459 i, p->cli->desthost, p->cli->share );
460 }
461 }
462
463 /****************************************************************************
464 ****************************************************************************/
465
466 static void cm_set_password(const char *newpass)
467 {
468 SAFE_FREE(cm_creds.password);
469 cm_creds.password = SMB_STRDUP(newpass);
470 if (cm_creds.password) {
471 cm_creds.got_pass = true;
472 }
473 }
474
475 /****************************************************************************
476 ****************************************************************************/
477
478 void cli_cm_set_credentials(void)
479 {
480 SAFE_FREE(cm_creds.username);
481 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username());
482
483 if (get_cmdline_auth_info_got_pass()) {
484 cm_set_password(get_cmdline_auth_info_password());
485 }
486
487 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos();
488 cm_creds.fallback_after_kerberos = false;
489 cm_creds.signing_state = get_cmdline_auth_info_signing_state();
490 }
491
492 /****************************************************************************
493 ****************************************************************************/
494
495 void cli_cm_set_port(int port_number)
496 {
497 port = port_number;
498 }
499
500 /****************************************************************************
501 ****************************************************************************/
502
503 void cli_cm_set_dest_name_type(int type)
504 {
505 name_type = type;
506 }
507
508 /****************************************************************************
509 ****************************************************************************/
510
511 void cli_cm_set_signing_state(int state)
512 {
513 cm_creds.signing_state = state;
514 }
515
516 /****************************************************************************
517 ****************************************************************************/
518
519 void cli_cm_set_username(const char *username)
520 {
521 SAFE_FREE(cm_creds.username);
522 cm_creds.username = SMB_STRDUP(username);
523 }
524
525 /****************************************************************************
526 ****************************************************************************/
527
528 void cli_cm_set_password(const char *newpass)
529 {
530 SAFE_FREE(cm_creds.password);
531 cm_creds.password = SMB_STRDUP(newpass);
532 if (cm_creds.password) {
533 cm_creds.got_pass = true;
534 }
535 }
536
537 /****************************************************************************
538 ****************************************************************************/
539
540 void cli_cm_set_use_kerberos(void)
541 {
542 cm_creds.use_kerberos = true;
543 }
544
545 /****************************************************************************
546 ****************************************************************************/
547
548 void cli_cm_set_fallback_after_kerberos(void)
549 {
550 cm_creds.fallback_after_kerberos = true;
551 }
552
553 /****************************************************************************
554 ****************************************************************************/
555
556 void cli_cm_set_dest_ss(struct sockaddr_storage *pss)
557 {
558 dest_ss = *pss;
559 have_ip = true;
560 }
561
562 /**********************************************************************
563 split a dfs path into the server, share name, and extrapath components
564 **********************************************************************/
565
566 static void split_dfs_path(TALLOC_CTX *ctx,
567 const char *nodepath,
568 char **pp_server,
569 char **pp_share,
570 char **pp_extrapath)
571 {
572 char *p, *q;
573 char *path;
574
575 *pp_server = NULL;
576 *pp_share = NULL;
577 *pp_extrapath = NULL;
578
579 path = talloc_strdup(ctx, nodepath);
580 if (!path) {
581 return;
582 }
583
584 if ( path[0] != '\\' ) {
585 return;
586 }
587
588 p = strchr_m( path + 1, '\\' );
589 if ( !p ) {
590 return;
591 }
592
593 *p = '\0';
594 p++;
595
596 /* Look for any extra/deep path */
597 q = strchr_m(p, '\\');
598 if (q != NULL) {
599 *q = '\0';
600 q++;
601 *pp_extrapath = talloc_strdup(ctx, q);
602 } else {
603 *pp_extrapath = talloc_strdup(ctx, "");
604 }
605
606 *pp_share = talloc_strdup(ctx, p);
607 *pp_server = talloc_strdup(ctx, &path[1]);
608 }
609
610 /****************************************************************************
611 Return the original path truncated at the directory component before
612 the first wildcard character. Trust the caller to provide a NULL
613 terminated string
614 ****************************************************************************/
615
616 static char *clean_path(TALLOC_CTX *ctx, const char *path)
617 {
618 size_t len;
619 char *p1, *p2, *p;
620 char *path_out;
621
622 /* No absolute paths. */
623 while (IS_DIRECTORY_SEP(*path)) {
624 path++;
625 }
626
627 path_out = talloc_strdup(ctx, path);
628 if (!path_out) {
629 return NULL;
630 }
631
632 p1 = strchr_m(path_out, '*');
633 p2 = strchr_m(path_out, '?');
634
635 if (p1 || p2) {
636 if (p1 && p2) {
637 p = MIN(p1,p2);
638 } else if (!p1) {
639 p = p2;
640 } else {
641 p = p1;
642 }
643 *p = '\0';
644
645 /* Now go back to the start of this component. */
646 p1 = strrchr_m(path_out, '/');
647 p2 = strrchr_m(path_out, '\\');
648 p = MAX(p1,p2);
649 if (p) {
650 *p = '\0';
651 }
652 }
653
654 /* Strip any trailing separator */
655
656 len = strlen(path_out);
657 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
658 path_out[len-1] = '\0';
659 }
660
661 return path_out;
662 }
663
664 /****************************************************************************
665 ****************************************************************************/
666
667 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
668 struct cli_state *cli,
669 const char *dir)
670 {
671 char path_sep = '\\';
672
673 /* Ensure the extrapath doesn't start with a separator. */
674 while (IS_DIRECTORY_SEP(*dir)) {
675 dir++;
676 }
677
678 if (cli->posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
679 path_sep = '/';
680 }
681 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
682 path_sep,
683 cli->desthost,
684 path_sep,
685 cli->share,
686 path_sep,
687 dir);
688 }
689
690 /********************************************************************
691 check for dfs referral
692 ********************************************************************/
693
694 static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
695 {
696 uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
697
698 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
699
700 if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
701 (flgs2&FLAGS2_UNICODE_STRINGS)))
702 return false;
703
704 if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
705 return true;
706
707 return false;
708 }
709
710 /********************************************************************
711 Get the dfs referral link.
712 ********************************************************************/
713
714 bool cli_dfs_get_referral(TALLOC_CTX *ctx,
715 struct cli_state *cli,
716 const char *path,
717 CLIENT_DFS_REFERRAL**refs,
718 size_t *num_refs,
719 uint16 *consumed)
720 {
721 unsigned int data_len = 0;
722 unsigned int param_len = 0;
723 uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
724 char *param;
725 char *rparam=NULL, *rdata=NULL;
726 char *p;
727 char *endp;
728 size_t pathlen = 2*(strlen(path)+1);
729 uint16 num_referrals;
730 CLIENT_DFS_REFERRAL *referrals = NULL;
731 bool ret = false;
732
733 *num_refs = 0;
734 *refs = NULL;
735
736 param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
737 if (!param) {
738 return false;
739 }
740 SSVAL(param, 0, 0x03); /* max referral level */
741 p = &param[2];
742
743 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
744 param_len = PTR_DIFF(p, param);
745
746 if (!cli_send_trans(cli, SMBtrans2,
747 NULL, /* name */
748 -1, 0, /* fid, flags */
749 &setup, 1, 0, /* setup, length, max */
750 param, param_len, 2, /* param, length, max */
751 NULL, 0, cli->max_xmit /* data, length, max */
752 )) {
753 SAFE_FREE(param);
754 return false;
755 }
756
757 SAFE_FREE(param);
758
759 if (!cli_receive_trans(cli, SMBtrans2,
760 &rparam, &param_len,
761 &rdata, &data_len)) {
762 return false;
763 }
764
765 if (data_len < 4) {
766 goto out;
767 }
768
769 endp = rdata + data_len;
770
771 *consumed = SVAL(rdata, 0);
772 num_referrals = SVAL(rdata, 2);
773
774 if (num_referrals != 0) {
775 uint16 ref_version;
776 uint16 ref_size;
777 int i;
778 uint16 node_offset;
779
780 referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
781 num_referrals);
782
783 if (!referrals) {
784 goto out;
785 }
786 /* start at the referrals array */
787
788 p = rdata+8;
789 for (i=0; i<num_referrals && p < endp; i++) {
790 if (p + 18 > endp) {
791 goto out;
792 }
793 ref_version = SVAL(p, 0);
794 ref_size = SVAL(p, 2);
795 node_offset = SVAL(p, 16);
796
797 if (ref_version != 3) {
798 p += ref_size;
799 continue;
800 }
801
802 referrals[i].proximity = SVAL(p, 8);
803 referrals[i].ttl = SVAL(p, 10);
804
805 if (p + node_offset > endp) {
806 goto out;
807 }
808 clistr_pull_talloc(ctx, cli, &referrals[i].dfspath,
809 p+node_offset, -1,
810 STR_TERMINATE|STR_UNICODE );
811
812 if (!referrals[i].dfspath) {
813 goto out;
814 }
815 p += ref_size;
816 }
817 if (i < num_referrals) {
818 goto out;
819 }
820 }
821
822 ret = true;
823
824 *num_refs = num_referrals;
825 *refs = referrals;
826
827 out:
828
829 SAFE_FREE(rdata);
830 SAFE_FREE(rparam);
831 return ret;
832 }
833
834 /********************************************************************
835 ********************************************************************/
836
837 bool cli_resolve_path(TALLOC_CTX *ctx,
838 const char *mountpt,
839 struct cli_state *rootcli,
840 const char *path,
841 struct cli_state **targetcli,
842 char **pp_targetpath)
843 {
844 CLIENT_DFS_REFERRAL *refs = NULL;
845 size_t num_refs = 0;
846 uint16 consumed;
847 struct cli_state *cli_ipc = NULL;
848 char *dfs_path = NULL;
849 char *cleanpath = NULL;
850 char *extrapath = NULL;
851 int pathlen;
852 char *server = NULL;
853 char *share = NULL;
854 struct cli_state *newcli = NULL;
855 char *newpath = NULL;
856 char *newmount = NULL;
857 char *ppath = NULL;
858 SMB_STRUCT_STAT sbuf;
859 uint32 attributes;
860
861 if ( !rootcli || !path || !targetcli ) {
862 return false;
863 }
864
865 /* Don't do anything if this is not a DFS root. */
866
867 if ( !rootcli->dfsroot) {
868 *targetcli = rootcli;
869 *pp_targetpath = talloc_strdup(ctx, path);
870 if (!*pp_targetpath) {
871 return false;
872 }
873 return true;
874 }
875
876 *targetcli = NULL;
877
878 /* Send a trans2_query_path_info to check for a referral. */
879
880 cleanpath = clean_path(ctx, path);
881 if (!cleanpath) {
882 return false;
883 }
884
885 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
886 if (!dfs_path) {
887 return false;
888 }
889
890 if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
891 /* This is an ordinary path, just return it. */
892 *targetcli = rootcli;
893 *pp_targetpath = talloc_strdup(ctx, path);
894 if (!*pp_targetpath) {
895 return false;
896 }
897 goto done;
898 }
899
900 /* Special case where client asked for a path that does not exist */
901
902 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
903 *targetcli = rootcli;
904 *pp_targetpath = talloc_strdup(ctx, path);
905 if (!*pp_targetpath) {
906 return false;
907 }
908 goto done;
909 }
910
911 /* We got an error, check for DFS referral. */
912
913 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
914 return false;
915 }
916
917 /* Check for the referral. */
918
919 if (!(cli_ipc = cli_cm_open(ctx, rootcli,
920 rootcli->desthost,
921 "IPC$", false,
922 (rootcli->trans_enc_state != NULL)))) {
923 return false;
924 }
925
926 if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
927 &num_refs, &consumed) || !num_refs) {
928 return false;
929 }
930
931 /* Just store the first referral for now. */
932
933 if (!refs[0].dfspath) {
934 return false;
935 }
936 split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
937
938 if (!server || !share) {
939 return false;
940 }
941
942 /* Make sure to recreate the original string including any wildcards. */
943
944 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
945 if (!dfs_path) {
946 return false;
947 }
948 pathlen = strlen(dfs_path)*2;
949 consumed = MIN(pathlen, consumed);
950 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed/2]);
951 if (!*pp_targetpath) {
952 return false;
953 }
954 dfs_path[consumed/2] = '\0';
955
956 /*
957 * *pp_targetpath is now the unconsumed part of the path.
958 * dfs_path is now the consumed part of the path
959 * (in \server\share\path format).
960 */
961
962 /* Open the connection to the target server & share */
963 if ((*targetcli = cli_cm_open(ctx, rootcli,
964 server,
965 share,
966 false,
967 (rootcli->trans_enc_state != NULL))) == NULL) {
968 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
969 server, share );
970 return false;
971 }
972
973 if (extrapath && strlen(extrapath) > 0) {
974 *pp_targetpath = talloc_asprintf(ctx,
975 "%s%s",
976 extrapath,
977 *pp_targetpath);
978 if (!*pp_targetpath) {
979 return false;
980 }
981 }
982
983 /* parse out the consumed mount path */
984 /* trim off the \server\share\ */
985
986 ppath = dfs_path;
987
988 if (*ppath != '\\') {
989 d_printf("cli_resolve_path: "
990 "dfs_path (%s) not in correct format.\n",
991 dfs_path );
992 return false;
993 }
994
995 ppath++; /* Now pointing at start of server name. */
996
997 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
998 return false;
999 }
1000
1001 ppath++; /* Now pointing at start of share name. */
1002
1003 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
1004 return false;
1005 }
1006
1007 ppath++; /* Now pointing at path component. */
1008
1009 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
1010 if (!newmount) {
1011 return false;
1012 }
1013
1014 cli_cm_set_mntpoint(*targetcli, newmount);
1015
1016 /* Check for another dfs referral, note that we are not
1017 checking for loops here. */
1018
1019 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
1020 if (cli_resolve_path(ctx,
1021 newmount,
1022 *targetcli,
1023 *pp_targetpath,
1024 &newcli,
1025 &newpath)) {
1026 /*
1027 * When cli_resolve_path returns true here it's always
1028 * returning the complete path in newpath, so we're done
1029 * here.
1030 */
1031 *targetcli = newcli;
1032 *pp_targetpath = newpath;
1033 return true;
1034 }
1035 }
1036
1037 done:
1038
1039 /* If returning true ensure we return a dfs root full path. */
1040 if ((*targetcli)->dfsroot) {
1041 dfs_path = talloc_strdup(ctx, *pp_targetpath);
1042 if (!dfs_path) {
1043 return false;
1044 }
1045 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
1046 }
1047
1048 return true;
1049 }
1050
1051 /********************************************************************
1052 ********************************************************************/
1053
1054 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1055 struct cli_state *cli,
1056 const char *sharename,
1057 char **pp_newserver,
1058 char **pp_newshare,
1059 bool force_encrypt,
1060 const char *username,
1061 const char *password,
1062 const char *domain)
1063 {
1064 CLIENT_DFS_REFERRAL *refs = NULL;
1065 size_t num_refs = 0;
1066 uint16 consumed;
1067 char *fullpath = NULL;
1068 bool res;
1069 uint16 cnum;
1070 char *newextrapath = NULL;
1071
1072 if (!cli || !sharename) {
1073 return false;
1074 }
1075
1076 cnum = cli->cnum;
1077
1078 /* special case. never check for a referral on the IPC$ share */
1079
1080 if (strequal(sharename, "IPC$")) {
1081 return false;
1082 }
1083
1084 /* send a trans2_query_path_info to check for a referral */
1085
1086 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1087 if (!fullpath) {
1088 return false;
1089 }
1090
1091 /* check for the referral */
1092
1093 if (!cli_send_tconX(cli, "IPC$", "IPC", NULL, 0)) {
1094 return false;
1095 }
1096
1097 if (force_encrypt) {
1098 NTSTATUS status = cli_cm_force_encryption(cli,
1099 username,
1100 password,
1101 lp_workgroup(),
1102 "IPC$");
1103 if (!NT_STATUS_IS_OK(status)) {
1104 return false;
1105 }
1106 }
1107
1108 res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1109
1110 if (!cli_tdis(cli)) {
1111 return false;
1112 }
1113
1114 cli->cnum = cnum;
1115
1116 if (!res || !num_refs) {
1117 return false;
1118 }
1119
1120 if (!refs[0].dfspath) {
1121 return false;
1122 }
1123
1124 split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1125 pp_newshare, &newextrapath );
1126
1127 if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
1128 return false;
1129 }
1130
1131 /* check that this is not a self-referral */
1132
1133 if (strequal(cli->desthost, *pp_newserver) &&
1134 strequal(sharename, *pp_newshare)) {
1135 return false;
1136 }
1137
1138 return true;
1139 }
Samba GIT mirror