search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix bug #6021 - smbclient du command does not recuse properly
[Samba.git] / source / libsmb / clidfs.c
blob9fdc239c3658a5a380b3e9734cac17b7ae36f6cf
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 /********************************************************************
25 Important point.
26
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
29
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
34
35 struct client_connection {
36 struct client_connection *prev, *next;
37 struct cli_state *cli;
38 char *mount;
39 };
40
41 /* global state....globals reek! */
42 int max_protocol = PROTOCOL_NT1;
43
44 static struct cm_cred_struct {
45 char *username;
46 char *password;
47 bool got_pass;
48 bool use_kerberos;
49 bool fallback_after_kerberos;
50 int signing_state;
51 } cm_creds;
52
53 static void cm_set_password(const char *newpass);
54
55 static int port;
56 static int name_type = 0x20;
57 static bool have_ip;
58 static struct sockaddr_storage dest_ss;
59
60 static struct client_connection *connections;
61
62 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
63 struct cli_state *cli,
64 const char *sharename,
65 char **pp_newserver,
66 char **pp_newshare,
67 bool force_encrypt,
68 const char *username,
69 const char *password,
70 const char *domain);
71
72 /********************************************************************
73 Ensure a connection is encrypted.
74 ********************************************************************/
75
76 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
77 const char *username,
78 const char *password,
79 const char *domain,
80 const char *sharename)
81 {
82 NTSTATUS status = cli_force_encryption(c,
83 username,
84 password,
85 domain);
86
87 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
88 d_printf("Encryption required and "
89 "server that doesn't support "
90 "UNIX extensions - failing connect\n");
91 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
92 d_printf("Encryption required and "
93 "can't get UNIX CIFS extensions "
94 "version from server.\n");
95 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
96 d_printf("Encryption required and "
97 "share %s doesn't support "
98 "encryption.\n", sharename);
99 } else if (!NT_STATUS_IS_OK(status)) {
100 d_printf("Encryption required and "
101 "setup failed with error %s.\n",
102 nt_errstr(status));
103 }
104
105 return status;
106 }
107
108 /********************************************************************
109 Return a connection to a server.
110 ********************************************************************/
111
112 static struct cli_state *do_connect(TALLOC_CTX *ctx,
113 const char *server,
114 const char *share,
115 bool show_sessetup,
116 bool force_encrypt)
117 {
118 struct cli_state *c = NULL;
119 struct nmb_name called, calling;
120 const char *server_n;
121 struct sockaddr_storage ss;
122 char *servicename;
123 char *sharename;
124 char *newserver, *newshare;
125 const char *username;
126 const char *password;
127 NTSTATUS status;
128
129 /* make a copy so we don't modify the global string 'service' */
130 servicename = talloc_strdup(ctx,share);
131 if (!servicename) {
132 return NULL;
133 }
134 sharename = servicename;
135 if (*sharename == '\\') {
136 server = sharename+2;
137 sharename = strchr_m(server,'\\');
138 if (!sharename) {
139 return NULL;
140 }
141 *sharename = 0;
142 sharename++;
143 }
144
145 server_n = server;
146
147 zero_sockaddr(&ss);
148
149 make_nmb_name(&calling, global_myname(), 0x0);
150 make_nmb_name(&called , server, name_type);
151
152 again:
153 zero_sockaddr(&ss);
154 if (have_ip)
155 ss = dest_ss;
156
157 /* have to open a new connection */
158 if (!(c=cli_initialise()) || (cli_set_port(c, port) != port)) {
159 d_printf("Connection to %s failed\n", server_n);
160 if (c) {
161 cli_shutdown(c);
162 }
163 return NULL;
164 }
165 status = cli_connect(c, server_n, &ss);
166 if (!NT_STATUS_IS_OK(status)) {
167 d_printf("Connection to %s failed (Error %s)\n",
168 server_n,
169 nt_errstr(status));
170 cli_shutdown(c);
171 return NULL;
172 }
173
174 c->protocol = max_protocol;
175 c->use_kerberos = cm_creds.use_kerberos;
176 c->fallback_after_kerberos = cm_creds.fallback_after_kerberos;
177 cli_setup_signing_state(c, cm_creds.signing_state);
178
179 if (!cli_session_request(c, &calling, &called)) {
180 char *p;
181 d_printf("session request to %s failed (%s)\n",
182 called.name, cli_errstr(c));
183 cli_shutdown(c);
184 c = NULL;
185 if ((p=strchr_m(called.name, '.'))) {
186 *p = 0;
187 goto again;
188 }
189 if (strcmp(called.name, "*SMBSERVER")) {
190 make_nmb_name(&called , "*SMBSERVER", 0x20);
191 goto again;
192 }
193 return NULL;
194 }
195
196 DEBUG(4,(" session request ok\n"));
197
198 if (!cli_negprot(c)) {
199 d_printf("protocol negotiation failed\n");
200 cli_shutdown(c);
201 return NULL;
202 }
203
204 if (!cm_creds.got_pass && !cm_creds.use_kerberos) {
205 char *label = NULL;
206 char *pass;
207 label = talloc_asprintf(ctx, "Enter %s's password: ",
208 cm_creds.username);
209 pass = getpass(label);
210 if (pass) {
211 cm_set_password(pass);
212 }
213 TALLOC_FREE(label);
214 }
215
216 username = cm_creds.username ? cm_creds.username : "";
217 password = cm_creds.password ? cm_creds.password : "";
218
219 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
220 password, strlen(password),
221 password, strlen(password),
222 lp_workgroup()))) {
223 /* If a password was not supplied then
224 * try again with a null username. */
225 if (password[0] || !username[0] || cm_creds.use_kerberos ||
226 !NT_STATUS_IS_OK(cli_session_setup(c, "",
227 "", 0,
228 "", 0,
229 lp_workgroup()))) {
230 d_printf("session setup failed: %s\n", cli_errstr(c));
231 if (NT_STATUS_V(cli_nt_error(c)) ==
232 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
233 d_printf("did you forget to run kinit?\n");
234 cli_shutdown(c);
235 return NULL;
236 }
237 d_printf("Anonymous login successful\n");
238 }
239
240 if ( show_sessetup ) {
241 if (*c->server_domain) {
242 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
243 c->server_domain,c->server_os,c->server_type));
244 } else if (*c->server_os || *c->server_type) {
245 DEBUG(0,("OS=[%s] Server=[%s]\n",
246 c->server_os,c->server_type));
247 }
248 }
249 DEBUG(4,(" session setup ok\n"));
250
251 /* here's the fun part....to support 'msdfs proxy' shares
252 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
253 here before trying to connect to the original share.
254 check_dfs_proxy() will fail if it is a normal share. */
255
256 if ((c->capabilities & CAP_DFS) &&
257 cli_check_msdfs_proxy(ctx, c, sharename,
258 &newserver, &newshare,
259 force_encrypt,
260 username,
261 password,
262 lp_workgroup())) {
263 cli_shutdown(c);
264 return do_connect(ctx, newserver,
265 newshare, false, force_encrypt);
266 }
267
268 /* must be a normal share */
269
270 if (!cli_send_tconX(c, sharename, "?????",
271 password, strlen(password)+1)) {
272 d_printf("tree connect failed: %s\n", cli_errstr(c));
273 cli_shutdown(c);
274 return NULL;
275 }
276
277 if (force_encrypt) {
278 status = cli_cm_force_encryption(c,
279 username,
280 password,
281 lp_workgroup(),
282 sharename);
283 if (!NT_STATUS_IS_OK(status)) {
284 cli_shutdown(c);
285 return NULL;
286 }
287 }
288
289 DEBUG(4,(" tconx ok\n"));
290 return c;
291 }
292
293 /****************************************************************************
294 ****************************************************************************/
295
296 static void cli_cm_set_mntpoint(struct cli_state *c, const char *mnt)
297 {
298 struct client_connection *p;
299 int i;
300
301 for (p=connections,i=0; p; p=p->next,i++) {
302 if (strequal(p->cli->desthost, c->desthost) &&
303 strequal(p->cli->share, c->share)) {
304 break;
305 }
306 }
307
308 if (p) {
309 char *name = clean_name(NULL, mnt);
310 if (!name) {
311 return;
312 }
313 TALLOC_FREE(p->mount);
314 p->mount = talloc_strdup(p, name);
315 TALLOC_FREE(name);
316 }
317 }
318
319 /****************************************************************************
320 ****************************************************************************/
321
322 const char *cli_cm_get_mntpoint(struct cli_state *c)
323 {
324 struct client_connection *p;
325 int i;
326
327 for (p=connections,i=0; p; p=p->next,i++) {
328 if (strequal(p->cli->desthost, c->desthost) &&
329 strequal(p->cli->share, c->share)) {
330 break;
331 }
332 }
333
334 if (p) {
335 return p->mount;
336 }
337 return NULL;
338 }
339
340 /********************************************************************
341 Add a new connection to the list
342 ********************************************************************/
343
344 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
345 struct cli_state *referring_cli,
346 const char *server,
347 const char *share,
348 bool show_hdr,
349 bool force_encrypt)
350 {
351 struct client_connection *node;
352
353 /* NB This must be the null context here... JRA. */
354 node = TALLOC_ZERO_ARRAY(NULL, struct client_connection, 1);
355 if (!node) {
356 return NULL;
357 }
358
359 node->cli = do_connect(ctx, server, share, show_hdr, force_encrypt);
360
361 if ( !node->cli ) {
362 TALLOC_FREE( node );
363 return NULL;
364 }
365
366 DLIST_ADD( connections, node );
367
368 cli_cm_set_mntpoint(node->cli, "");
369
370 if (referring_cli && referring_cli->posix_capabilities) {
371 uint16 major, minor;
372 uint32 caplow, caphigh;
373 if (cli_unix_extensions_version(node->cli, &major,
374 &minor, &caplow, &caphigh)) {
375 cli_set_unix_extensions_capabilities(node->cli,
376 major, minor,
377 caplow, caphigh);
378 }
379 }
380
381 return node->cli;
382 }
383
384 /********************************************************************
385 Return a connection to a server.
386 ********************************************************************/
387
388 static struct cli_state *cli_cm_find(const char *server, const char *share)
389 {
390 struct client_connection *p;
391
392 for (p=connections; p; p=p->next) {
393 if ( strequal(server, p->cli->desthost) &&
394 strequal(share,p->cli->share)) {
395 return p->cli;
396 }
397 }
398
399 return NULL;
400 }
401
402 /****************************************************************************
403 Open a client connection to a \\server\share. Set's the current *cli
404 global variable as a side-effect (but only if the connection is successful).
405 ****************************************************************************/
406
407 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
408 struct cli_state *referring_cli,
409 const char *server,
410 const char *share,
411 bool show_hdr,
412 bool force_encrypt)
413 {
414 struct cli_state *c;
415
416 /* try to reuse an existing connection */
417
418 c = cli_cm_find(server, share);
419 if (!c) {
420 c = cli_cm_connect(ctx, referring_cli,
421 server, share, show_hdr, force_encrypt);
422 }
423
424 return c;
425 }
426
427 /****************************************************************************
428 ****************************************************************************/
429
430 void cli_cm_shutdown(void)
431 {
432 struct client_connection *p, *x;
433
434 for (p=connections; p;) {
435 cli_shutdown(p->cli);
436 x = p;
437 p = p->next;
438
439 TALLOC_FREE(x);
440 }
441
442 connections = NULL;
443 return;
444 }
445
446 /****************************************************************************
447 ****************************************************************************/
448
449 void cli_cm_display(void)
450 {
451 struct client_connection *p;
452 int i;
453
454 for ( p=connections,i=0; p; p=p->next,i++ ) {
455 d_printf("%d:\tserver=%s, share=%s\n",
456 i, p->cli->desthost, p->cli->share );
457 }
458 }
459
460 /****************************************************************************
461 ****************************************************************************/
462
463 static void cm_set_password(const char *newpass)
464 {
465 SAFE_FREE(cm_creds.password);
466 cm_creds.password = SMB_STRDUP(newpass);
467 if (cm_creds.password) {
468 cm_creds.got_pass = true;
469 }
470 }
471
472 /****************************************************************************
473 ****************************************************************************/
474
475 void cli_cm_set_credentials(void)
476 {
477 SAFE_FREE(cm_creds.username);
478 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username());
479
480 if (get_cmdline_auth_info_got_pass()) {
481 cm_set_password(get_cmdline_auth_info_password());
482 }
483
484 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos();
485 cm_creds.fallback_after_kerberos = false;
486 cm_creds.signing_state = get_cmdline_auth_info_signing_state();
487 }
488
489 /****************************************************************************
490 ****************************************************************************/
491
492 void cli_cm_set_port(int port_number)
493 {
494 port = port_number;
495 }
496
497 /****************************************************************************
498 ****************************************************************************/
499
500 void cli_cm_set_dest_name_type(int type)
501 {
502 name_type = type;
503 }
504
505 /****************************************************************************
506 ****************************************************************************/
507
508 void cli_cm_set_signing_state(int state)
509 {
510 cm_creds.signing_state = state;
511 }
512
513 /****************************************************************************
514 ****************************************************************************/
515
516 void cli_cm_set_username(const char *username)
517 {
518 SAFE_FREE(cm_creds.username);
519 cm_creds.username = SMB_STRDUP(username);
520 }
521
522 /****************************************************************************
523 ****************************************************************************/
524
525 void cli_cm_set_password(const char *newpass)
526 {
527 SAFE_FREE(cm_creds.password);
528 cm_creds.password = SMB_STRDUP(newpass);
529 if (cm_creds.password) {
530 cm_creds.got_pass = true;
531 }
532 }
533
534 /****************************************************************************
535 ****************************************************************************/
536
537 void cli_cm_set_use_kerberos(void)
538 {
539 cm_creds.use_kerberos = true;
540 }
541
542 /****************************************************************************
543 ****************************************************************************/
544
545 void cli_cm_set_fallback_after_kerberos(void)
546 {
547 cm_creds.fallback_after_kerberos = true;
548 }
549
550 /****************************************************************************
551 ****************************************************************************/
552
553 void cli_cm_set_dest_ss(struct sockaddr_storage *pss)
554 {
555 dest_ss = *pss;
556 have_ip = true;
557 }
558
559 /**********************************************************************
560 split a dfs path into the server, share name, and extrapath components
561 **********************************************************************/
562
563 static void split_dfs_path(TALLOC_CTX *ctx,
564 const char *nodepath,
565 char **pp_server,
566 char **pp_share,
567 char **pp_extrapath)
568 {
569 char *p, *q;
570 char *path;
571
572 *pp_server = NULL;
573 *pp_share = NULL;
574 *pp_extrapath = NULL;
575
576 path = talloc_strdup(ctx, nodepath);
577 if (!path) {
578 return;
579 }
580
581 if ( path[0] != '\\' ) {
582 return;
583 }
584
585 p = strchr_m( path + 1, '\\' );
586 if ( !p ) {
587 return;
588 }
589
590 *p = '\0';
591 p++;
592
593 /* Look for any extra/deep path */
594 q = strchr_m(p, '\\');
595 if (q != NULL) {
596 *q = '\0';
597 q++;
598 *pp_extrapath = talloc_strdup(ctx, q);
599 } else {
600 *pp_extrapath = talloc_strdup(ctx, "");
601 }
602
603 *pp_share = talloc_strdup(ctx, p);
604 *pp_server = talloc_strdup(ctx, &path[1]);
605 }
606
607 /****************************************************************************
608 Return the original path truncated at the directory component before
609 the first wildcard character. Trust the caller to provide a NULL
610 terminated string
611 ****************************************************************************/
612
613 static char *clean_path(TALLOC_CTX *ctx, const char *path)
614 {
615 size_t len;
616 char *p1, *p2, *p;
617 char *path_out;
618
619 /* No absolute paths. */
620 while (IS_DIRECTORY_SEP(*path)) {
621 path++;
622 }
623
624 path_out = talloc_strdup(ctx, path);
625 if (!path_out) {
626 return NULL;
627 }
628
629 p1 = strchr_m(path_out, '*');
630 p2 = strchr_m(path_out, '?');
631
632 if (p1 || p2) {
633 if (p1 && p2) {
634 p = MIN(p1,p2);
635 } else if (!p1) {
636 p = p2;
637 } else {
638 p = p1;
639 }
640 *p = '\0';
641
642 /* Now go back to the start of this component. */
643 p1 = strrchr_m(path_out, '/');
644 p2 = strrchr_m(path_out, '\\');
645 p = MAX(p1,p2);
646 if (p) {
647 *p = '\0';
648 }
649 }
650
651 /* Strip any trailing separator */
652
653 len = strlen(path_out);
654 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
655 path_out[len-1] = '\0';
656 }
657
658 return path_out;
659 }
660
661 /****************************************************************************
662 ****************************************************************************/
663
664 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
665 struct cli_state *cli,
666 const char *dir)
667 {
668 /* Ensure the extrapath doesn't start with a separator. */
669 while (IS_DIRECTORY_SEP(*dir)) {
670 dir++;
671 }
672
673 return talloc_asprintf(ctx, "\\%s\\%s\\%s",
674 cli->desthost, cli->share, dir);
675 }
676
677 /********************************************************************
678 check for dfs referral
679 ********************************************************************/
680
681 static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
682 {
683 uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
684
685 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
686
687 if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
688 (flgs2&FLAGS2_UNICODE_STRINGS)))
689 return false;
690
691 if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
692 return true;
693
694 return false;
695 }
696
697 /********************************************************************
698 Get the dfs referral link.
699 ********************************************************************/
700
701 bool cli_dfs_get_referral(TALLOC_CTX *ctx,
702 struct cli_state *cli,
703 const char *path,
704 CLIENT_DFS_REFERRAL**refs,
705 size_t *num_refs,
706 uint16 *consumed)
707 {
708 unsigned int data_len = 0;
709 unsigned int param_len = 0;
710 uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
711 char *param;
712 char *rparam=NULL, *rdata=NULL;
713 char *p;
714 char *endp;
715 size_t pathlen = 2*(strlen(path)+1);
716 uint16 num_referrals;
717 CLIENT_DFS_REFERRAL *referrals = NULL;
718 bool ret = false;
719
720 *num_refs = 0;
721 *refs = NULL;
722
723 param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
724 if (!param) {
725 return false;
726 }
727 SSVAL(param, 0, 0x03); /* max referral level */
728 p = &param[2];
729
730 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
731 param_len = PTR_DIFF(p, param);
732
733 if (!cli_send_trans(cli, SMBtrans2,
734 NULL, /* name */
735 -1, 0, /* fid, flags */
736 &setup, 1, 0, /* setup, length, max */
737 param, param_len, 2, /* param, length, max */
738 NULL, 0, cli->max_xmit /* data, length, max */
739 )) {
740 SAFE_FREE(param);
741 return false;
742 }
743
744 SAFE_FREE(param);
745
746 if (!cli_receive_trans(cli, SMBtrans2,
747 &rparam, &param_len,
748 &rdata, &data_len)) {
749 return false;
750 }
751
752 if (data_len < 4) {
753 goto out;
754 }
755
756 endp = rdata + data_len;
757
758 *consumed = SVAL(rdata, 0);
759 num_referrals = SVAL(rdata, 2);
760
761 if (num_referrals != 0) {
762 uint16 ref_version;
763 uint16 ref_size;
764 int i;
765 uint16 node_offset;
766
767 referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
768 num_referrals);
769
770 if (!referrals) {
771 goto out;
772 }
773 /* start at the referrals array */
774
775 p = rdata+8;
776 for (i=0; i<num_referrals && p < endp; i++) {
777 if (p + 18 > endp) {
778 goto out;
779 }
780 ref_version = SVAL(p, 0);
781 ref_size = SVAL(p, 2);
782 node_offset = SVAL(p, 16);
783
784 if (ref_version != 3) {
785 p += ref_size;
786 continue;
787 }
788
789 referrals[i].proximity = SVAL(p, 8);
790 referrals[i].ttl = SVAL(p, 10);
791
792 if (p + node_offset > endp) {
793 goto out;
794 }
795 clistr_pull_talloc(ctx, cli, &referrals[i].dfspath,
796 p+node_offset, -1,
797 STR_TERMINATE|STR_UNICODE );
798
799 if (!referrals[i].dfspath) {
800 goto out;
801 }
802 p += ref_size;
803 }
804 if (i < num_referrals) {
805 goto out;
806 }
807 }
808
809 ret = true;
810
811 *num_refs = num_referrals;
812 *refs = referrals;
813
814 out:
815
816 SAFE_FREE(rdata);
817 SAFE_FREE(rparam);
818 return ret;
819 }
820
821 /********************************************************************
822 ********************************************************************/
823
824 bool cli_resolve_path(TALLOC_CTX *ctx,
825 const char *mountpt,
826 struct cli_state *rootcli,
827 const char *path,
828 struct cli_state **targetcli,
829 char **pp_targetpath)
830 {
831 CLIENT_DFS_REFERRAL *refs = NULL;
832 size_t num_refs = 0;
833 uint16 consumed;
834 struct cli_state *cli_ipc = NULL;
835 char *dfs_path = NULL;
836 char *cleanpath = NULL;
837 char *extrapath = NULL;
838 int pathlen;
839 char *server = NULL;
840 char *share = NULL;
841 struct cli_state *newcli = NULL;
842 char *newpath = NULL;
843 char *newmount = NULL;
844 char *ppath = NULL;
845 SMB_STRUCT_STAT sbuf;
846 uint32 attributes;
847
848 if ( !rootcli || !path || !targetcli ) {
849 return false;
850 }
851
852 /* Don't do anything if this is not a DFS root. */
853
854 if ( !rootcli->dfsroot) {
855 *targetcli = rootcli;
856 *pp_targetpath = talloc_strdup(ctx, path);
857 if (!*pp_targetpath) {
858 return false;
859 }
860 return true;
861 }
862
863 *targetcli = NULL;
864
865 /* Send a trans2_query_path_info to check for a referral. */
866
867 cleanpath = clean_path(ctx, path);
868 if (!cleanpath) {
869 return false;
870 }
871
872 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
873 if (!dfs_path) {
874 return false;
875 }
876
877 if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
878 /* This is an ordinary path, just return it. */
879 *targetcli = rootcli;
880 *pp_targetpath = talloc_strdup(ctx, path);
881 if (!*pp_targetpath) {
882 return false;
883 }
884 goto done;
885 }
886
887 /* Special case where client asked for a path that does not exist */
888
889 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
890 *targetcli = rootcli;
891 *pp_targetpath = talloc_strdup(ctx, path);
892 if (!*pp_targetpath) {
893 return false;
894 }
895 goto done;
896 }
897
898 /* We got an error, check for DFS referral. */
899
900 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
901 return false;
902 }
903
904 /* Check for the referral. */
905
906 if (!(cli_ipc = cli_cm_open(ctx, rootcli,
907 rootcli->desthost,
908 "IPC$", false,
909 (rootcli->trans_enc_state != NULL)))) {
910 return false;
911 }
912
913 if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
914 &num_refs, &consumed) || !num_refs) {
915 return false;
916 }
917
918 /* Just store the first referral for now. */
919
920 if (!refs[0].dfspath) {
921 return false;
922 }
923 split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
924
925 if (!server || !share) {
926 return false;
927 }
928
929 /* Make sure to recreate the original string including any wildcards. */
930
931 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
932 if (!dfs_path) {
933 return false;
934 }
935 pathlen = strlen(dfs_path)*2;
936 consumed = MIN(pathlen, consumed);
937 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed/2]);
938 if (!*pp_targetpath) {
939 return false;
940 }
941 dfs_path[consumed/2] = '\0';
942
943 /*
944 * *pp_targetpath is now the unconsumed part of the path.
945 * dfs_path is now the consumed part of the path
946 * (in \server\share\path format).
947 */
948
949 /* Open the connection to the target server & share */
950 if ((*targetcli = cli_cm_open(ctx, rootcli,
951 server,
952 share,
953 false,
954 (rootcli->trans_enc_state != NULL))) == NULL) {
955 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
956 server, share );
957 return false;
958 }
959
960 if (extrapath && strlen(extrapath) > 0) {
961 *pp_targetpath = talloc_asprintf(ctx,
962 "%s%s",
963 extrapath,
964 *pp_targetpath);
965 if (!*pp_targetpath) {
966 return false;
967 }
968 }
969
970 /* parse out the consumed mount path */
971 /* trim off the \server\share\ */
972
973 ppath = dfs_path;
974
975 if (*ppath != '\\') {
976 d_printf("cli_resolve_path: "
977 "dfs_path (%s) not in correct format.\n",
978 dfs_path );
979 return false;
980 }
981
982 ppath++; /* Now pointing at start of server name. */
983
984 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
985 return false;
986 }
987
988 ppath++; /* Now pointing at start of share name. */
989
990 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
991 return false;
992 }
993
994 ppath++; /* Now pointing at path component. */
995
996 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
997 if (!newmount) {
998 return false;
999 }
1000
1001 cli_cm_set_mntpoint(*targetcli, newmount);
1002
1003 /* Check for another dfs referral, note that we are not
1004 checking for loops here. */
1005
1006 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
1007 if (cli_resolve_path(ctx,
1008 newmount,
1009 *targetcli,
1010 *pp_targetpath,
1011 &newcli,
1012 &newpath)) {
1013 /*
1014 * When cli_resolve_path returns true here it's always
1015 * returning the complete path in newpath, so we're done
1016 * here.
1017 */
1018 *targetcli = newcli;
1019 *pp_targetpath = newpath;
1020 return true;
1021 }
1022 }
1023
1024 done:
1025
1026 /* If returning true ensure we return a dfs root full path. */
1027 if ((*targetcli)->dfsroot) {
1028 dfs_path = talloc_strdup(ctx, *pp_targetpath);
1029 if (!dfs_path) {
1030 return false;
1031 }
1032 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
1033 }
1034
1035 return true;
1036 }
1037
1038 /********************************************************************
1039 ********************************************************************/
1040
1041 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1042 struct cli_state *cli,
1043 const char *sharename,
1044 char **pp_newserver,
1045 char **pp_newshare,
1046 bool force_encrypt,
1047 const char *username,
1048 const char *password,
1049 const char *domain)
1050 {
1051 CLIENT_DFS_REFERRAL *refs = NULL;
1052 size_t num_refs = 0;
1053 uint16 consumed;
1054 char *fullpath = NULL;
1055 bool res;
1056 uint16 cnum;
1057 char *newextrapath = NULL;
1058
1059 if (!cli || !sharename) {
1060 return false;
1061 }
1062
1063 cnum = cli->cnum;
1064
1065 /* special case. never check for a referral on the IPC$ share */
1066
1067 if (strequal(sharename, "IPC$")) {
1068 return false;
1069 }
1070
1071 /* send a trans2_query_path_info to check for a referral */
1072
1073 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1074 if (!fullpath) {
1075 return false;
1076 }
1077
1078 /* check for the referral */
1079
1080 if (!cli_send_tconX(cli, "IPC$", "IPC", NULL, 0)) {
1081 return false;
1082 }
1083
1084 if (force_encrypt) {
1085 NTSTATUS status = cli_cm_force_encryption(cli,
1086 username,
1087 password,
1088 lp_workgroup(),
1089 "IPC$");
1090 if (!NT_STATUS_IS_OK(status)) {
1091 return false;
1092 }
1093 }
1094
1095 res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1096
1097 if (!cli_tdis(cli)) {
1098 return false;
1099 }
1100
1101 cli->cnum = cnum;
1102
1103 if (!res || !num_refs) {
1104 return false;
1105 }
1106
1107 if (!refs[0].dfspath) {
1108 return false;
1109 }
1110
1111 split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1112 pp_newshare, &newextrapath );
1113
1114 if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
1115 return false;
1116 }
1117
1118 /* check that this is not a self-referral */
1119
1120 if (strequal(cli->desthost, *pp_newserver) &&
1121 strequal(sharename, *pp_newshare)) {
1122 return false;
1123 }
1124
1125 return true;
1126 }
Samba GIT mirror