search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not SIGNED quantities
[Samba.git] / dfs_server / dfs_server_ad.c
blob504ab799ba3badf241e9ee52bb608f7836adec61
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright Matthieu Patou <mat@matws.net> 2010-2011
5 Copyright Stefan Metzmacher 2011
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "librpc/gen_ndr/dfsblobs.h"
23 #include "librpc/gen_ndr/ndr_dfsblobs.h"
24 #include "dsdb/samdb/samdb.h"
25 #include "auth/session.h"
26 #include "param/param.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "dfs_server/dfs_server_ad.h"
29 #include "lib/util/util_net.h"
30
31 #define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
32
33 /* A DC set is a group of DC, they might have been grouped together
34 because they belong to the same site, or to site with same cost ...
35 */
36 struct dc_set {
37 const char **names;
38 uint32_t count;
39 };
40
41 /*
42 fill a referral type structure
43 */
44 static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx,
45 struct dfs_referral_type *ref,
46 uint16_t version,
47 const char *dfs_path,
48 const char *server_path, int isfirstoffset)
49 {
50 ZERO_STRUCTP(ref);
51 switch (version) {
52 case 4:
53 ref->version = version;
54 /* For the moment there is a bug with XP that don't seems to appriciate much
55 * level4 so we return just level 3 for everyone
56 */
57 ref->referral.v4.server_type = DFS_SERVER_NON_ROOT;
58 /* "normal" referral seems to always include the GUID */
59 ref->referral.v4.size = 34;
60
61 if (isfirstoffset) {
62 ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK;
63 }
64 ref->referral.v4.ttl = 900; /* As w2k8r2 */
65 ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
66 if (ref->referral.v4.referrals.r1.DFS_path == NULL) {
67 return NT_STATUS_NO_MEMORY;
68 }
69 ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
70 if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) {
71 return NT_STATUS_NO_MEMORY;
72 }
73 ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
74 if (ref->referral.v4.referrals.r1.netw_address == NULL) {
75 return NT_STATUS_NO_MEMORY;
76 }
77 return NT_STATUS_OK;
78 case 3:
79 ref->version = version;
80 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
81 /* "normal" referral seems to always include the GUID */
82 ref->referral.v3.size = 34;
83
84 ref->referral.v3.entry_flags = 0;
85 ref->referral.v3.ttl = 600; /* As w2k3 */
86 ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
87 if (ref->referral.v3.referrals.r1.DFS_path == NULL) {
88 return NT_STATUS_NO_MEMORY;
89 }
90 ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
91 if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) {
92 return NT_STATUS_NO_MEMORY;
93 }
94 ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
95 if (ref->referral.v3.referrals.r1.netw_address == NULL) {
96 return NT_STATUS_NO_MEMORY;
97 }
98 return NT_STATUS_OK;
99 }
100 return NT_STATUS_INVALID_LEVEL;
101 }
102
103 /*
104 fill a domain refererral
105 */
106 static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx,
107 struct dfs_referral_type *ref,
108 uint16_t version,
109 const char *domain,
110 const char **names,
111 uint16_t numnames)
112 {
113 switch (version) {
114 case 3:
115 ZERO_STRUCTP(ref);
116 DEBUG(8, ("Called fill_domain_dfs_referraltype\n"));
117 ref->version = version;
118 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
119 #if 0
120 /* We use to have variable size, on Windows 2008R2 it's the same
121 * and it seems that it gives better results so ... let's use the same
122 * size.
123 *
124 * Additional note: XP SP2 will ask for version 3 and SP3 for version 4.
125 */
126 /*
127 * It's hard coded ... don't think it's a good way but the
128 * sizeof return not the correct values
129 *
130 * We have 18 if the GUID is not included 34 otherwise
131 */
132 if (numnames == 0) {
133 /* Windows return without the guid when returning domain list
134 */
135 ref->referral.v3.size = 18;
136 } else {
137 ref->referral.v3.size = 34;
138 }
139 #endif
140 /* As seen in w2k8r2 it always return the null GUID */
141 ref->referral.v3.size = 34;
142 ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP;
143 ref->referral.v3.ttl = 600; /* As w2k3 and w2k8r2*/
144 ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx,
145 domain);
146 if (ref->referral.v3.referrals.r2.special_name == NULL) {
147 return NT_STATUS_NO_MEMORY;
148 }
149 ref->referral.v3.referrals.r2.nb_expanded_names = numnames;
150 /* Put the final terminator */
151 if (names) {
152 int i;
153 const char **names2 = talloc_array(mem_ctx, const char *,
154 numnames+1);
155 NT_STATUS_HAVE_NO_MEMORY(names2);
156 for (i = 0; i<numnames; i++) {
157 names2[i] = talloc_asprintf(names2, "\\%s", names[i]);
158 NT_STATUS_HAVE_NO_MEMORY(names2[i]);
159 }
160 names2[numnames] = NULL;
161 ref->referral.v3.referrals.r2.expanded_names = names2;
162 }
163 return NT_STATUS_OK;
164 }
165 return NT_STATUS_INVALID_LEVEL;
166 }
167
168 /*
169 get the DCs list within a site
170 */
171 static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
172 struct ldb_dn *sitedn, struct dc_set *list,
173 bool dofqdn)
174 {
175 static const char *attrs[] = { "serverReference", NULL };
176 static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL };
177 struct ldb_result *r;
178 unsigned int i;
179 int ret;
180 const char **dc_list;
181
182 ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs,
183 "(&(objectClass=server)(serverReference=*))");
184 if (ret != LDB_SUCCESS) {
185 DEBUG(2,(__location__ ": Failed to get list of servers - %s\n",
186 ldb_errstring(ldb)));
187 return NT_STATUS_INTERNAL_ERROR;
188 }
189
190 if (r->count == 0) {
191 /* none in this site */
192 talloc_free(r);
193 return NT_STATUS_OK;
194 }
195
196 /*
197 * need to search for all server object to know the size of the array.
198 * Search all the object of class server in this site
199 */
200 dc_list = talloc_array(r, const char *, r->count);
201 if (dc_list == NULL) {
202 TALLOC_FREE(r);
203 return NT_STATUS_NO_MEMORY;
204 }
205
206 /* TODO put some random here in the order */
207 list->names = talloc_realloc(list, list->names, const char *, list->count + r->count);
208 if (list->names == NULL) {
209 TALLOC_FREE(r);
210 return NT_STATUS_NO_MEMORY;
211 }
212
213 for (i = 0; i<r->count; i++) {
214 struct ldb_dn *dn;
215 struct ldb_message *msg;
216
217 dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
218 if (!dn) {
219 return NT_STATUS_INTERNAL_ERROR;
220 }
221
222 ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
223 if (ret != LDB_SUCCESS) {
224 DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
225 ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
226 return NT_STATUS_INTERNAL_ERROR;
227 }
228
229 if (dofqdn) {
230 const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
231 if (dns == NULL) {
232 DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
233 ldb_dn_get_linearized(dn)));
234 talloc_free(r);
235 return NT_STATUS_INTERNAL_ERROR;
236 }
237
238 list->names[list->count] = talloc_strdup(list->names, dns);
239 if (list->names[list->count] == NULL) {
240 TALLOC_FREE(r);
241 return NT_STATUS_NO_MEMORY;
242 }
243 } else {
244 char *tmp;
245 const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
246 if (aname == NULL) {
247 DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
248 ldb_dn_get_linearized(dn)));
249 talloc_free(r);
250 return NT_STATUS_INTERNAL_ERROR;
251 }
252
253 tmp = talloc_strdup(list->names, aname);
254 if (tmp == NULL) {
255 TALLOC_FREE(r);
256 return NT_STATUS_NO_MEMORY;
257 }
258
259 /* Netbios name is also the sAMAccountName for
260 computer but without the final $ */
261 tmp[strlen(tmp) - 1] = '\0';
262 list->names[list->count] = tmp;
263 }
264 list->count++;
265 talloc_free(msg);
266 }
267
268 talloc_free(r);
269 return NT_STATUS_OK;
270 }
271
272
273 /*
274 get all DCs
275 */
276 static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
277 const char *searched_site, bool need_fqdn,
278 struct dc_set ***pset_list, uint32_t flags)
279 {
280 /*
281 * Flags will be used later to indicate things like least-expensive
282 * or same-site options
283 */
284 const char *attrs_none[] = { NULL };
285 const char *attrs3[] = { "name", NULL };
286 struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn;
287 struct ldb_result *r;
288 struct dc_set **set_list = NULL;
289 uint32_t i;
290 int ret;
291 uint32_t current_pos = 0;
292 NTSTATUS status;
293 TALLOC_CTX *subctx;
294
295 *pset_list = set_list = NULL;
296
297 subctx = talloc_new(ctx);
298 NT_STATUS_HAVE_NO_MEMORY(subctx);
299
300 configdn = ldb_get_config_basedn(ldb);
301
302 /* Let's search for the Site container */
303 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none,
304 "(objectClass=sitesContainer)");
305 if (ret != LDB_SUCCESS) {
306 DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n",
307 ldb_dn_get_linearized(configdn), ldb_errstring(ldb)));
308 talloc_free(subctx);
309 return NT_STATUS_INTERNAL_ERROR;
310 }
311 if (r->count > 1) {
312 DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n",
313 r->count, ldb_dn_get_linearized(configdn)));
314 talloc_free(subctx);
315 return NT_STATUS_INTERNAL_ERROR;
316 }
317
318 sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn);
319 talloc_free(r);
320
321 /*
322 * TODO: Here we should have a more subtle handling
323 * for the case "same-site"
324 */
325 ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE,
326 attrs_none, "(objectClass=server)");
327 if (ret != LDB_SUCCESS) {
328 DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n",
329 ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb)));
330 talloc_free(subctx);
331 return NT_STATUS_INTERNAL_ERROR;
332 }
333 talloc_free(r);
334
335 if (searched_site != NULL && searched_site[0] != '\0') {
336 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE,
337 attrs_none, "(&(name=%s)(objectClass=site))", searched_site);
338 if (ret != LDB_SUCCESS) {
339 talloc_free(subctx);
340 return NT_STATUS_FOOBAR;
341 } else if (r->count != 1) {
342 talloc_free(subctx);
343 return NT_STATUS_FOOBAR;
344 }
345
346 /* All of this was to get the DN of the searched_site */
347 sitedn = r->msgs[0]->dn;
348
349 set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+1);
350 if (set_list == NULL) {
351 TALLOC_FREE(subctx);
352 return NT_STATUS_NO_MEMORY;
353 }
354
355 set_list[current_pos] = talloc(set_list, struct dc_set);
356 if (set_list[current_pos] == NULL) {
357 TALLOC_FREE(subctx);
358 return NT_STATUS_NO_MEMORY;
359 }
360
361 set_list[current_pos]->names = NULL;
362 set_list[current_pos]->count = 0;
363 status = get_dcs_insite(subctx, ldb, sitedn,
364 set_list[current_pos], need_fqdn);
365 if (!NT_STATUS_IS_OK(status)) {
366 DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n",
367 ldb_dn_get_linearized(sitedn), nt_errstr(status)));
368 talloc_free(subctx);
369 return status;
370 }
371 talloc_free(r);
372 current_pos++;
373 }
374
375 /* Let's find all the sites */
376 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)");
377 if (ret != LDB_SUCCESS) {
378 DEBUG(2,(__location__ ": Failed to find any site containers in %s\n",
379 ldb_dn_get_linearized(configdn)));
380 talloc_free(subctx);
381 return NT_STATUS_INTERNAL_DB_CORRUPTION;
382 }
383
384 /*
385 * TODO:
386 * We should randomize the order in the main site,
387 * it's mostly needed for sysvol/netlogon referral.
388 * Depending of flag we either randomize order of the
389 * not "in the same site DCs"
390 * or we randomize by group of site that have the same cost
391 * In the long run we want to manipulate an array of site_set
392 * All the site in one set have the same cost (if least-expansive options is selected)
393 * and we will put all the dc related to 1 site set into 1 DCs set.
394 * Within a site set, site order has to be randomized
395 *
396 * But for the moment we just return the list of sites
397 */
398 if (r->count) {
399 /*
400 * We will realloc + 2 because we will need one additional place
401 * for element at current_pos + 1 for the NULL element
402 */
403 set_list = talloc_realloc(subctx, set_list, struct dc_set *,
404 current_pos+2);
405 if (set_list == NULL) {
406 TALLOC_FREE(subctx);
407 return NT_STATUS_NO_MEMORY;
408 }
409
410 set_list[current_pos] = talloc(ctx, struct dc_set);
411 if (set_list[current_pos] == NULL) {
412 TALLOC_FREE(subctx);
413 return NT_STATUS_NO_MEMORY;
414 }
415
416 set_list[current_pos]->names = NULL;
417 set_list[current_pos]->count = 0;
418
419 set_list[current_pos+1] = NULL;
420 }
421
422 for (i=0; i<r->count; i++) {
423 const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL);
424 if (site_name == NULL) {
425 DEBUG(2,(__location__ ": Failed to find name attribute in %s\n",
426 ldb_dn_get_linearized(r->msgs[i]->dn)));
427 talloc_free(subctx);
428 return NT_STATUS_INTERNAL_DB_CORRUPTION;
429 }
430
431 if (searched_site == NULL ||
432 strcmp(searched_site, site_name) != 0) {
433 DEBUG(2,(__location__ ": Site: %s %s\n",
434 searched_site, site_name));
435
436 /*
437 * Do all the site but the one of the client
438 * (because it has already been done ...)
439 */
440 dn = r->msgs[i]->dn;
441
442 status = get_dcs_insite(subctx, ldb, dn,
443 set_list[current_pos],
444 need_fqdn);
445 if (!NT_STATUS_IS_OK(status)) {
446 talloc_free(subctx);
447 return status;
448 }
449 }
450 }
451 current_pos++;
452 set_list[current_pos] = NULL;
453
454 *pset_list = talloc_move(ctx, &set_list);
455 talloc_free(subctx);
456 return NT_STATUS_OK;
457 }
458
459 static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
460 struct ldb_context *sam_ctx,
461 const struct tsocket_address *client,
462 struct dfs_GetDFSReferral *r)
463 {
464 /*
465 * TODO for the moment we just return the local domain
466 */
467 NTSTATUS status;
468 const char *dns_domain = lpcfg_dnsdomain(lp_ctx);
469 const char *netbios_domain = lpcfg_workgroup(lp_ctx);
470 struct dfs_referral_type *referrals;
471 const char *referral_str;
472 /* In the future this needs to be fetched from the ldb */
473 uint32_t found_domain = 2;
474
475 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
476 DEBUG(10 ,("Received a domain referral request on a non DC\n"));
477 return NT_STATUS_INVALID_PARAMETER;
478 }
479
480 if (r->in.req.max_referral_level < 3) {
481 DEBUG(2,("invalid max_referral_level %u\n",
482 r->in.req.max_referral_level));
483 return NT_STATUS_UNSUCCESSFUL;
484 }
485
486 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
487 if (r->out.resp == NULL) {
488 return NT_STATUS_NO_MEMORY;
489 }
490
491 r->out.resp->path_consumed = 0;
492 r->out.resp->header_flags = 0; /* Do like w2k3 */
493 r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */
494
495 referrals = talloc_zero_array(r->out.resp,
496 struct dfs_referral_type,
497 r->out.resp->nb_referrals);
498 if (referrals == NULL) {
499 return NT_STATUS_NO_MEMORY;
500 }
501 r->out.resp->referral_entries = referrals;
502
503 referral_str = talloc_asprintf(r, "\\%s", netbios_domain);
504 if (referral_str == NULL) {
505 return NT_STATUS_NO_MEMORY;
506 }
507
508 status = fill_domain_dfs_referraltype(referrals,
509 &referrals[0], 3,
510 referral_str,
511 NULL, 0);
512 if (!NT_STATUS_IS_OK(status)) {
513 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
514 __location__, nt_errstr(status)));
515 return status;
516 }
517
518 referral_str = talloc_asprintf(r, "\\%s", dns_domain);
519 if (referral_str == NULL) {
520 return NT_STATUS_NO_MEMORY;
521 }
522
523 status = fill_domain_dfs_referraltype(referrals,
524 &referrals[1], 3,
525 referral_str,
526 NULL, 0);
527 if (!NT_STATUS_IS_OK(status)) {
528 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
529 __location__, nt_errstr(status)));
530 return status;
531 }
532
533 return NT_STATUS_OK;
534 }
535
536 /*
537 * Handle the logic for dfs referral request like
538 * \\dns_domain or \\netbios_domain.
539 */
540 static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
541 struct ldb_context *sam_ctx,
542 const struct tsocket_address *client,
543 struct dfs_GetDFSReferral *r,
544 const char *domain_name)
545 {
546 NTSTATUS status;
547 const char *site_name = NULL; /* Name of the site where the client is */
548 bool need_fqdn = false;
549 unsigned int i;
550 const char **dc_list = NULL;
551 uint32_t num_dcs = 0;
552 struct dc_set **set;
553 char *client_str = NULL;
554 struct dfs_referral_type *referrals;
555 const char *referral_str;
556
557 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
558 return NT_STATUS_INVALID_PARAMETER;
559 }
560
561 if (r->in.req.max_referral_level < 3) {
562 DEBUG(2,("invalid max_referral_level %u\n",
563 r->in.req.max_referral_level));
564 return NT_STATUS_UNSUCCESSFUL;
565 }
566
567 DEBUG(10, ("in this we have request for %s requested is %s\n",
568 domain_name, r->in.req.servername));
569
570 if (strchr(domain_name,'.')) {
571 need_fqdn = 1;
572 }
573
574 if (tsocket_address_is_inet(client, "ip")) {
575 client_str = tsocket_address_inet_addr_string(client, r);
576 if (client_str == NULL) {
577 return NT_STATUS_NO_MEMORY;
578 }
579 }
580
581 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
582
583 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
584 if (!NT_STATUS_IS_OK(status)) {
585 DEBUG(3,("Unable to get list of DCs - %s\n",
586 nt_errstr(status)));
587 return status;
588 }
589
590 for(i=0; set[i]; i++) {
591 uint32_t j;
592
593 dc_list = talloc_realloc(r, dc_list, const char*,
594 num_dcs + set[i]->count + 1);
595 if (dc_list == NULL) {
596 return NT_STATUS_NO_MEMORY;
597 }
598
599 for(j=0; j<set[i]->count; j++) {
600 dc_list[num_dcs + j] = talloc_move(dc_list,
601 &set[i]->names[j]);
602 }
603 num_dcs = num_dcs + set[i]->count;
604 TALLOC_FREE(set[i]);
605 dc_list[num_dcs] = NULL;
606 }
607
608 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
609 if (r->out.resp == NULL) {
610 return NT_STATUS_NO_MEMORY;
611 }
612
613 r->out.resp->path_consumed = 0;
614 r->out.resp->header_flags = 0; /* Do like w2k3 */
615 r->out.resp->nb_referrals = 1;
616
617 referrals = talloc_zero_array(r->out.resp,
618 struct dfs_referral_type,
619 r->out.resp->nb_referrals);
620 if (referrals == NULL) {
621 return NT_STATUS_NO_MEMORY;
622 }
623 r->out.resp->referral_entries = referrals;
624
625 if (r->in.req.servername[0] == '\\') {
626 referral_str = talloc_asprintf(referrals, "%s",
627 domain_name);
628 } else {
629 referral_str = talloc_asprintf(referrals, "\\%s",
630 domain_name);
631 }
632 if (referral_str == NULL) {
633 return NT_STATUS_NO_MEMORY;
634 }
635
636 status = fill_domain_dfs_referraltype(referrals,
637 &referrals[0], 3,
638 referral_str,
639 dc_list, num_dcs);
640 if (!NT_STATUS_IS_OK(status)) {
641 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
642 __location__, nt_errstr(status)));
643 return status;
644 }
645
646 return NT_STATUS_OK;
647 }
648
649 /*
650 * Handle the logic for dfs referral request like
651 * \\domain\sysvol or \\domain\netlogon
652 */
653 static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
654 struct ldb_context *sam_ctx,
655 const struct tsocket_address *client,
656 struct dfs_GetDFSReferral *r,
657 const char *domain_name,
658 const char *dfs_name)
659 {
660 const char *site_name = NULL; /* Name of the site where the client is */
661 bool need_fqdn = false;
662 unsigned int i, c = 0, nb_entries = 0;
663 struct dc_set **set;
664 char *client_str = NULL;
665 NTSTATUS status;
666 struct dfs_referral_type *referrals;
667
668 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
669 return NT_STATUS_INVALID_PARAMETER;
670 }
671
672 if (r->in.req.max_referral_level < 3) {
673 DEBUG(2,("invalid max_referral_level %u\n",
674 r->in.req.max_referral_level));
675 return NT_STATUS_UNSUCCESSFUL;
676 }
677
678 DEBUG(10, ("in this we have request for %s and share %s requested is %s\n",
679 domain_name, dfs_name, r->in.req.servername));
680
681 if (strchr(domain_name,'.')) {
682 need_fqdn = 1;
683 }
684
685 if (tsocket_address_is_inet(client, "ip")) {
686 client_str = tsocket_address_inet_addr_string(client, r);
687 if (client_str == NULL) {
688 return NT_STATUS_NO_MEMORY;
689 }
690 }
691
692 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
693
694 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
695 if (!NT_STATUS_IS_OK(status)) {
696 DEBUG(3,("Unable to get list of DCs - %s\n",
697 nt_errstr(status)));
698 return status;
699 }
700
701 for(i=0; set[i]; i++) {
702 nb_entries = nb_entries + set[i]->count;
703 }
704
705 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
706 if (r->out.resp == NULL) {
707 return NT_STATUS_NO_MEMORY;
708 }
709
710 /* The length is expected in bytes */
711 r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2;
712 /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/
713 r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR;
714 r->out.resp->nb_referrals = nb_entries;
715
716 referrals = talloc_zero_array(r->out.resp,
717 struct dfs_referral_type,
718 r->out.resp->nb_referrals);
719 if (referrals == NULL) {
720 return NT_STATUS_NO_MEMORY;
721 }
722 r->out.resp->referral_entries = referrals;
723
724 c = 0;
725 for(i=0; set[i]; i++) {
726 uint32_t j;
727
728 for(j=0; j< set[i]->count; j++) {
729 struct dfs_referral_type *ref = &referrals[c];
730 const char *referral_str;
731
732 referral_str = talloc_asprintf(referrals, "\\%s\\%s",
733 set[i]->names[j], dfs_name);
734 if (referral_str == NULL) {
735 return NT_STATUS_NO_MEMORY;
736 }
737
738 DEBUG(8,("Doing a dfs referral for %s with this value "
739 "%s requested %s\n",
740 set[i]->names[j], referral_str,
741 r->in.req.servername));
742
743 status = fill_normal_dfs_referraltype(referrals, ref,
744 r->in.req.max_referral_level,
745 r->in.req.servername,
746 referral_str, c==0);
747
748
749 if (!NT_STATUS_IS_OK(status)) {
750 DEBUG(2,("%s: Unable to fill domain referral "
751 "structure - %s\n",
752 __location__, nt_errstr(status)));
753 return status;
754 }
755
756 c++;
757 }
758 }
759
760 return NT_STATUS_OK;
761 }
762
763 /*
764 trans2 getdfsreferral implementation
765 */
766 NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx,
767 struct ldb_context *sam_ctx,
768 const struct tsocket_address *client,
769 struct dfs_GetDFSReferral *r)
770 {
771 char *server_name = NULL;
772 char *dfs_name = NULL;
773 char *link_path = NULL;
774 const char *netbios_domain;
775 const char *dns_domain;
776 const char *netbios_name;
777 const char *dns_name;
778 const char **netbios_aliases;
779
780 if (!lpcfg_host_msdfs(lp_ctx)) {
781 return NT_STATUS_FS_DRIVER_REQUIRED;
782 }
783
784 if (r->in.req.servername == NULL) {
785 return NT_STATUS_INVALID_PARAMETER;
786 }
787
788 DEBUG(8, ("Requested DFS name: %s length: %u\n",
789 r->in.req.servername,
790 (unsigned int)strlen_m(r->in.req.servername)*2));
791
792 /*
793 * If the servername is "" then we are in a case of domain dfs
794 * and the client just searches for the list of local domain
795 * it is attached and also trusted ones.
796 */
797 if (strlen(r->in.req.servername) == 0) {
798 return dodomain_referral(lp_ctx, sam_ctx, client, r);
799 }
800
801 server_name = talloc_strdup(r, r->in.req.servername);
802 if (server_name == NULL) {
803 return NT_STATUS_NO_MEMORY;
804 }
805
806 while(*server_name && *server_name == '\\') {
807 server_name++;
808 }
809
810 dfs_name = strchr(server_name, '\\');
811 if (dfs_name != NULL) {
812 dfs_name[0] = '\0';
813 dfs_name++;
814
815 link_path = strchr(dfs_name, '\\');
816 if (link_path != NULL) {
817 link_path[0] = '\0';
818 link_path++;
819 }
820 }
821
822 if (link_path != NULL) {
823 /*
824 * If it is a DFS Link we do not
825 * handle it here.
826 */
827 return NT_STATUS_NOT_FOUND;
828 }
829
830 netbios_domain = lpcfg_workgroup(lp_ctx);
831 dns_domain = lpcfg_dnsdomain(lp_ctx);
832 netbios_name = lpcfg_netbios_name(lp_ctx);
833 dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain);
834 if (dns_name == NULL) {
835 return NT_STATUS_NO_MEMORY;
836 }
837
838 if ((strcasecmp_m(server_name, netbios_name) == 0) ||
839 (strcasecmp_m(server_name, dns_name) == 0)) {
840 /*
841 * If it is not domain related do not
842 * handle it here.
843 */
844 return NT_STATUS_NOT_FOUND;
845 }
846
847 if (is_ipaddress(server_name)) {
848 /*
849 * If it is not domain related do not
850 * handle it here.
851 */
852 return NT_STATUS_NOT_FOUND;
853 }
854
855 netbios_aliases = lpcfg_netbios_aliases(lp_ctx);
856 while (netbios_aliases && *netbios_aliases) {
857 const char *netbios_alias = *netbios_aliases;
858 char *dns_alias;
859 int cmp;
860
861 cmp = strcasecmp_m(server_name, netbios_alias);
862 if (cmp == 0) {
863 /*
864 * If it is not domain related do not
865 * handle it here.
866 */
867 return NT_STATUS_NOT_FOUND;
868 }
869
870 dns_alias = talloc_asprintf(r, "%s.%s",
871 netbios_alias,
872 dns_domain);
873 if (dns_alias == NULL) {
874 return NT_STATUS_NO_MEMORY;
875 }
876
877 cmp = strcasecmp_m(server_name, dns_alias);
878 talloc_free(dns_alias);
879 if (cmp == 0) {
880 /*
881 * If it is not domain related do not
882 * handle it here.
883 */
884 return NT_STATUS_NOT_FOUND;
885 }
886 netbios_aliases++;
887 }
888
889 if ((strcasecmp_m(server_name, netbios_domain) != 0) &&
890 (strcasecmp_m(server_name, dns_domain) != 0)) {
891 /*
892 * Not a domain we handle.
893 */
894 return NT_STATUS_INVALID_PARAMETER;
895 }
896
897 /*
898 * Here we have filtered the thing the requested name don't contain our DNS name.
899 * So if the share == NULL or if share in ("sysvol", "netlogon")
900 * then we proceed. In the first case it will be a dc refereal in the second it will
901 * be just a sysvol/netlogon referral.
902 */
903 if (dfs_name == NULL) {
904 return dodc_referral(lp_ctx, sam_ctx,
905 client, r, server_name);
906 }
907
908 /*
909 * Here we have filtered the thing the requested name don't contain our DNS name.
910 * So if the share == NULL or if share in ("sysvol", "netlogon")
911 * then we proceed. In the first case it will be a dc refereal in the second it will
912 * be just a sysvol/netlogon referral.
913 */
914 if (strcasecmp(dfs_name, "sysvol") == 0 ||
915 strcasecmp(dfs_name, "netlogon") == 0) {
916 return dosysvol_referral(lp_ctx, sam_ctx, client, r,
917 server_name, dfs_name);
918 }
919
920 /* By default until all the case are handled */
921 return NT_STATUS_NOT_FOUND;
922 }
Samba GIT mirror