search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends
[Samba.git] / dfs_server / dfs_server_ad.c
blob3d93e19c9898fb53dca8be5db66b9982289b1cad
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright Matthieu Patou <mat@matws.net> 2010-2011
5 Copyright Stefan Metzmacher 2011
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "librpc/gen_ndr/dfsblobs.h"
23 #include "librpc/gen_ndr/ndr_dfsblobs.h"
24 #include "dsdb/samdb/samdb.h"
25 #include "auth/session.h"
26 #include "param/param.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "dfs_server/dfs_server_ad.h"
29 #include "lib/util/util_net.h"
30
31 #define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
32
33 /* A DC set is a group of DC, they might have been grouped together
34 because they belong to the same site, or to site with same cost ...
35 */
36 struct dc_set {
37 const char **names;
38 uint32_t count;
39 };
40
41 static void shuffle_dc_set(struct dc_set *list)
42 {
43 uint32_t i;
44
45 srandom(time(NULL));
46
47 for (i = list->count; i > 1; i--) {
48 uint32_t r;
49 const char *tmp;
50
51 r = random() % i;
52
53 tmp = list->names[i - 1];
54 list->names[i - 1] = list->names[r];
55 list->names[r] = tmp;
56 }
57 }
58
59 /*
60 fill a referral type structure
61 */
62 static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx,
63 struct dfs_referral_type *ref,
64 uint16_t version,
65 const char *dfs_path,
66 const char *server_path, int isfirstoffset)
67 {
68 ZERO_STRUCTP(ref);
69 switch (version) {
70 case 4:
71 ref->version = version;
72 /* For the moment there is a bug with XP that don't seems to appriciate much
73 * level4 so we return just level 3 for everyone
74 */
75 ref->referral.v4.server_type = DFS_SERVER_NON_ROOT;
76 /* "normal" referral seems to always include the GUID */
77 ref->referral.v4.size = 34;
78
79 if (isfirstoffset) {
80 ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK;
81 }
82 ref->referral.v4.ttl = 900; /* As w2k8r2 */
83 ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
84 if (ref->referral.v4.referrals.r1.DFS_path == NULL) {
85 return NT_STATUS_NO_MEMORY;
86 }
87 ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
88 if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) {
89 return NT_STATUS_NO_MEMORY;
90 }
91 ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
92 if (ref->referral.v4.referrals.r1.netw_address == NULL) {
93 return NT_STATUS_NO_MEMORY;
94 }
95 return NT_STATUS_OK;
96 case 3:
97 ref->version = version;
98 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
99 /* "normal" referral seems to always include the GUID */
100 ref->referral.v3.size = 34;
101
102 ref->referral.v3.entry_flags = 0;
103 ref->referral.v3.ttl = 600; /* As w2k3 */
104 ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
105 if (ref->referral.v3.referrals.r1.DFS_path == NULL) {
106 return NT_STATUS_NO_MEMORY;
107 }
108 ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
109 if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) {
110 return NT_STATUS_NO_MEMORY;
111 }
112 ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
113 if (ref->referral.v3.referrals.r1.netw_address == NULL) {
114 return NT_STATUS_NO_MEMORY;
115 }
116 return NT_STATUS_OK;
117 }
118 return NT_STATUS_INVALID_LEVEL;
119 }
120
121 /*
122 fill a domain refererral
123 */
124 static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx,
125 struct dfs_referral_type *ref,
126 uint16_t version,
127 const char *domain,
128 const char **names,
129 uint16_t numnames)
130 {
131 switch (version) {
132 case 3:
133 ZERO_STRUCTP(ref);
134 DEBUG(8, ("Called fill_domain_dfs_referraltype\n"));
135 ref->version = version;
136 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
137 #if 0
138 /* We use to have variable size, on Windows 2008R2 it's the same
139 * and it seems that it gives better results so ... let's use the same
140 * size.
141 *
142 * Additional note: XP SP2 will ask for version 3 and SP3 for version 4.
143 */
144 /*
145 * It's hard coded ... don't think it's a good way but the
146 * sizeof return not the correct values
147 *
148 * We have 18 if the GUID is not included 34 otherwise
149 */
150 if (numnames == 0) {
151 /* Windows return without the guid when returning domain list
152 */
153 ref->referral.v3.size = 18;
154 } else {
155 ref->referral.v3.size = 34;
156 }
157 #endif
158 /* As seen in w2k8r2 it always return the null GUID */
159 ref->referral.v3.size = 34;
160 ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP;
161 ref->referral.v3.ttl = 600; /* As w2k3 and w2k8r2*/
162 ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx,
163 domain);
164 if (ref->referral.v3.referrals.r2.special_name == NULL) {
165 return NT_STATUS_NO_MEMORY;
166 }
167 ref->referral.v3.referrals.r2.nb_expanded_names = numnames;
168 /* Put the final terminator */
169 if (names) {
170 int i;
171 const char **names2 = talloc_array(mem_ctx, const char *,
172 numnames+1);
173 NT_STATUS_HAVE_NO_MEMORY(names2);
174 for (i = 0; i<numnames; i++) {
175 names2[i] = talloc_asprintf(names2, "\\%s", names[i]);
176 NT_STATUS_HAVE_NO_MEMORY(names2[i]);
177 }
178 names2[numnames] = NULL;
179 ref->referral.v3.referrals.r2.expanded_names = names2;
180 }
181 return NT_STATUS_OK;
182 }
183 return NT_STATUS_INVALID_LEVEL;
184 }
185
186 /*
187 get the DCs list within a site
188 */
189 static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
190 struct ldb_dn *sitedn, struct dc_set *list,
191 bool dofqdn)
192 {
193 static const char *attrs[] = { "serverReference", NULL };
194 static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL };
195 struct ldb_result *r;
196 unsigned int i;
197 int ret;
198 const char **dc_list;
199
200 ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs,
201 "(&(objectClass=server)(serverReference=*))");
202 if (ret != LDB_SUCCESS) {
203 DEBUG(2,(__location__ ": Failed to get list of servers - %s\n",
204 ldb_errstring(ldb)));
205 return NT_STATUS_INTERNAL_ERROR;
206 }
207
208 if (r->count == 0) {
209 /* none in this site */
210 talloc_free(r);
211 return NT_STATUS_OK;
212 }
213
214 /*
215 * need to search for all server object to know the size of the array.
216 * Search all the object of class server in this site
217 */
218 dc_list = talloc_array(r, const char *, r->count);
219 if (dc_list == NULL) {
220 TALLOC_FREE(r);
221 return NT_STATUS_NO_MEMORY;
222 }
223
224 /* TODO put some random here in the order */
225 list->names = talloc_realloc(list, list->names, const char *, list->count + r->count);
226 if (list->names == NULL) {
227 TALLOC_FREE(r);
228 return NT_STATUS_NO_MEMORY;
229 }
230
231 for (i = 0; i<r->count; i++) {
232 struct ldb_dn *dn;
233 struct ldb_message *msg;
234
235 dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
236 if (!dn) {
237 return NT_STATUS_INTERNAL_ERROR;
238 }
239
240 ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
241 if (ret != LDB_SUCCESS) {
242 DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
243 ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
244 return NT_STATUS_INTERNAL_ERROR;
245 }
246
247 if (dofqdn) {
248 const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
249 if (dns == NULL) {
250 DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
251 ldb_dn_get_linearized(dn)));
252 talloc_free(r);
253 return NT_STATUS_INTERNAL_ERROR;
254 }
255
256 list->names[list->count] = talloc_strdup(list->names, dns);
257 if (list->names[list->count] == NULL) {
258 TALLOC_FREE(r);
259 return NT_STATUS_NO_MEMORY;
260 }
261 } else {
262 char *tmp;
263 const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
264 if (aname == NULL) {
265 DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
266 ldb_dn_get_linearized(dn)));
267 talloc_free(r);
268 return NT_STATUS_INTERNAL_ERROR;
269 }
270
271 tmp = talloc_strdup(list->names, aname);
272 if (tmp == NULL) {
273 TALLOC_FREE(r);
274 return NT_STATUS_NO_MEMORY;
275 }
276
277 /* Netbios name is also the sAMAccountName for
278 computer but without the final $ */
279 tmp[strlen(tmp) - 1] = '\0';
280 list->names[list->count] = tmp;
281 }
282 list->count++;
283 talloc_free(msg);
284 }
285
286 shuffle_dc_set(list);
287
288 talloc_free(r);
289 return NT_STATUS_OK;
290 }
291
292
293 /*
294 get all DCs
295 */
296 static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
297 const char *searched_site, bool need_fqdn,
298 struct dc_set ***pset_list, uint32_t flags)
299 {
300 /*
301 * Flags will be used later to indicate things like least-expensive
302 * or same-site options
303 */
304 const char *attrs_none[] = { NULL };
305 const char *attrs3[] = { "name", NULL };
306 struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn;
307 struct ldb_result *r;
308 struct dc_set **set_list = NULL;
309 uint32_t i;
310 int ret;
311 uint32_t current_pos = 0;
312 NTSTATUS status;
313 TALLOC_CTX *subctx;
314
315 *pset_list = set_list = NULL;
316
317 subctx = talloc_new(ctx);
318 NT_STATUS_HAVE_NO_MEMORY(subctx);
319
320 configdn = ldb_get_config_basedn(ldb);
321
322 /* Let's search for the Site container */
323 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none,
324 "(objectClass=sitesContainer)");
325 if (ret != LDB_SUCCESS) {
326 DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n",
327 ldb_dn_get_linearized(configdn), ldb_errstring(ldb)));
328 talloc_free(subctx);
329 return NT_STATUS_INTERNAL_ERROR;
330 }
331 if (r->count > 1) {
332 DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n",
333 r->count, ldb_dn_get_linearized(configdn)));
334 talloc_free(subctx);
335 return NT_STATUS_INTERNAL_ERROR;
336 }
337
338 sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn);
339 talloc_free(r);
340
341 /*
342 * TODO: Here we should have a more subtle handling
343 * for the case "same-site"
344 */
345 ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE,
346 attrs_none, "(objectClass=server)");
347 if (ret != LDB_SUCCESS) {
348 DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n",
349 ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb)));
350 talloc_free(subctx);
351 return NT_STATUS_INTERNAL_ERROR;
352 }
353 talloc_free(r);
354
355 if (searched_site != NULL && searched_site[0] != '\0') {
356 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE,
357 attrs_none, "(&(name=%s)(objectClass=site))", searched_site);
358 if (ret != LDB_SUCCESS) {
359 talloc_free(subctx);
360 return NT_STATUS_FOOBAR;
361 } else if (r->count != 1) {
362 talloc_free(subctx);
363 return NT_STATUS_FOOBAR;
364 }
365
366 /* All of this was to get the DN of the searched_site */
367 sitedn = r->msgs[0]->dn;
368
369 /*
370 * We will realloc + 2 because we will need one additional place
371 * for element at current_pos + 1 for the NULL element
372 */
373 set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2);
374 if (set_list == NULL) {
375 TALLOC_FREE(subctx);
376 return NT_STATUS_NO_MEMORY;
377 }
378
379 set_list[current_pos] = talloc(set_list, struct dc_set);
380 if (set_list[current_pos] == NULL) {
381 TALLOC_FREE(subctx);
382 return NT_STATUS_NO_MEMORY;
383 }
384
385 set_list[current_pos]->names = NULL;
386 set_list[current_pos]->count = 0;
387
388 set_list[current_pos+1] = NULL;
389
390 status = get_dcs_insite(subctx, ldb, sitedn,
391 set_list[current_pos], need_fqdn);
392 if (!NT_STATUS_IS_OK(status)) {
393 DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n",
394 ldb_dn_get_linearized(sitedn), nt_errstr(status)));
395 talloc_free(subctx);
396 return status;
397 }
398 talloc_free(r);
399 current_pos++;
400 }
401
402 /* Let's find all the sites */
403 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)");
404 if (ret != LDB_SUCCESS) {
405 DEBUG(2,(__location__ ": Failed to find any site containers in %s\n",
406 ldb_dn_get_linearized(configdn)));
407 talloc_free(subctx);
408 return NT_STATUS_INTERNAL_DB_CORRUPTION;
409 }
410
411 /*
412 * TODO:
413 * We should randomize the order in the main site,
414 * it's mostly needed for sysvol/netlogon referral.
415 * Depending of flag we either randomize order of the
416 * not "in the same site DCs"
417 * or we randomize by group of site that have the same cost
418 * In the long run we want to manipulate an array of site_set
419 * All the site in one set have the same cost (if least-expansive options is selected)
420 * and we will put all the dc related to 1 site set into 1 DCs set.
421 * Within a site set, site order has to be randomized
422 *
423 * But for the moment we just return the list of sites
424 */
425 if (r->count) {
426 /*
427 * We will realloc + 2 because we will need one additional place
428 * for element at current_pos + 1 for the NULL element
429 */
430 set_list = talloc_realloc(subctx, set_list, struct dc_set *,
431 current_pos+2);
432 if (set_list == NULL) {
433 TALLOC_FREE(subctx);
434 return NT_STATUS_NO_MEMORY;
435 }
436
437 set_list[current_pos] = talloc(ctx, struct dc_set);
438 if (set_list[current_pos] == NULL) {
439 TALLOC_FREE(subctx);
440 return NT_STATUS_NO_MEMORY;
441 }
442
443 set_list[current_pos]->names = NULL;
444 set_list[current_pos]->count = 0;
445
446 set_list[current_pos+1] = NULL;
447 }
448
449 for (i=0; i<r->count; i++) {
450 const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL);
451 if (site_name == NULL) {
452 DEBUG(2,(__location__ ": Failed to find name attribute in %s\n",
453 ldb_dn_get_linearized(r->msgs[i]->dn)));
454 talloc_free(subctx);
455 return NT_STATUS_INTERNAL_DB_CORRUPTION;
456 }
457
458 if (searched_site == NULL ||
459 strcmp(searched_site, site_name) != 0) {
460 DEBUG(2,(__location__ ": Site: %s %s\n",
461 searched_site, site_name));
462
463 /*
464 * Do all the site but the one of the client
465 * (because it has already been done ...)
466 */
467 dn = r->msgs[i]->dn;
468
469 status = get_dcs_insite(subctx, ldb, dn,
470 set_list[current_pos],
471 need_fqdn);
472 if (!NT_STATUS_IS_OK(status)) {
473 talloc_free(subctx);
474 return status;
475 }
476 }
477 }
478
479 *pset_list = talloc_move(ctx, &set_list);
480 talloc_free(subctx);
481 return NT_STATUS_OK;
482 }
483
484 static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
485 struct ldb_context *sam_ctx,
486 const struct tsocket_address *client,
487 struct dfs_GetDFSReferral *r)
488 {
489 /*
490 * TODO for the moment we just return the local domain
491 */
492 NTSTATUS status;
493 const char *dns_domain = lpcfg_dnsdomain(lp_ctx);
494 const char *netbios_domain = lpcfg_workgroup(lp_ctx);
495 struct dfs_referral_type *referrals;
496 const char *referral_str;
497 /* In the future this needs to be fetched from the ldb */
498 uint32_t found_domain = 2;
499
500 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
501 DEBUG(10 ,("Received a domain referral request on a non DC\n"));
502 return NT_STATUS_INVALID_PARAMETER;
503 }
504
505 if (r->in.req.max_referral_level < 3) {
506 DEBUG(2,("invalid max_referral_level %u\n",
507 r->in.req.max_referral_level));
508 return NT_STATUS_UNSUCCESSFUL;
509 }
510
511 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
512 if (r->out.resp == NULL) {
513 return NT_STATUS_NO_MEMORY;
514 }
515
516 r->out.resp->path_consumed = 0;
517 r->out.resp->header_flags = 0; /* Do like w2k3 */
518 r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */
519
520 referrals = talloc_zero_array(r->out.resp,
521 struct dfs_referral_type,
522 r->out.resp->nb_referrals);
523 if (referrals == NULL) {
524 return NT_STATUS_NO_MEMORY;
525 }
526 r->out.resp->referral_entries = referrals;
527
528 referral_str = talloc_asprintf(r, "\\%s", netbios_domain);
529 if (referral_str == NULL) {
530 return NT_STATUS_NO_MEMORY;
531 }
532
533 status = fill_domain_dfs_referraltype(referrals,
534 &referrals[0], 3,
535 referral_str,
536 NULL, 0);
537 if (!NT_STATUS_IS_OK(status)) {
538 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
539 __location__, nt_errstr(status)));
540 return status;
541 }
542
543 referral_str = talloc_asprintf(r, "\\%s", dns_domain);
544 if (referral_str == NULL) {
545 return NT_STATUS_NO_MEMORY;
546 }
547
548 status = fill_domain_dfs_referraltype(referrals,
549 &referrals[1], 3,
550 referral_str,
551 NULL, 0);
552 if (!NT_STATUS_IS_OK(status)) {
553 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
554 __location__, nt_errstr(status)));
555 return status;
556 }
557
558 return NT_STATUS_OK;
559 }
560
561 /*
562 * Handle the logic for dfs referral request like
563 * \\dns_domain or \\netbios_domain.
564 */
565 static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
566 struct ldb_context *sam_ctx,
567 const struct tsocket_address *client,
568 struct dfs_GetDFSReferral *r,
569 const char *domain_name)
570 {
571 NTSTATUS status;
572 const char *site_name = NULL; /* Name of the site where the client is */
573 bool need_fqdn = false;
574 unsigned int i;
575 const char **dc_list = NULL;
576 uint32_t num_dcs = 0;
577 struct dc_set **set;
578 char *client_str = NULL;
579 struct dfs_referral_type *referrals;
580 const char *referral_str;
581
582 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
583 return NT_STATUS_INVALID_PARAMETER;
584 }
585
586 if (r->in.req.max_referral_level < 3) {
587 DEBUG(2,("invalid max_referral_level %u\n",
588 r->in.req.max_referral_level));
589 return NT_STATUS_UNSUCCESSFUL;
590 }
591
592 DEBUG(10, ("in this we have request for %s requested is %s\n",
593 domain_name, r->in.req.servername));
594
595 if (strchr(domain_name,'.')) {
596 need_fqdn = 1;
597 }
598
599 if (tsocket_address_is_inet(client, "ip")) {
600 client_str = tsocket_address_inet_addr_string(client, r);
601 if (client_str == NULL) {
602 return NT_STATUS_NO_MEMORY;
603 }
604 }
605
606 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
607
608 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
609 if (!NT_STATUS_IS_OK(status)) {
610 DEBUG(3,("Unable to get list of DCs - %s\n",
611 nt_errstr(status)));
612 return status;
613 }
614
615 for(i=0; set[i]; i++) {
616 uint32_t j;
617
618 dc_list = talloc_realloc(r, dc_list, const char*,
619 num_dcs + set[i]->count + 1);
620 if (dc_list == NULL) {
621 return NT_STATUS_NO_MEMORY;
622 }
623
624 for(j=0; j<set[i]->count; j++) {
625 dc_list[num_dcs + j] = talloc_move(dc_list,
626 &set[i]->names[j]);
627 }
628 num_dcs = num_dcs + set[i]->count;
629 TALLOC_FREE(set[i]);
630 dc_list[num_dcs] = NULL;
631 }
632
633 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
634 if (r->out.resp == NULL) {
635 return NT_STATUS_NO_MEMORY;
636 }
637
638 r->out.resp->path_consumed = 0;
639 r->out.resp->header_flags = 0; /* Do like w2k3 */
640 r->out.resp->nb_referrals = 1;
641
642 referrals = talloc_zero_array(r->out.resp,
643 struct dfs_referral_type,
644 r->out.resp->nb_referrals);
645 if (referrals == NULL) {
646 return NT_STATUS_NO_MEMORY;
647 }
648 r->out.resp->referral_entries = referrals;
649
650 if (r->in.req.servername[0] == '\\') {
651 referral_str = talloc_asprintf(referrals, "%s",
652 domain_name);
653 } else {
654 referral_str = talloc_asprintf(referrals, "\\%s",
655 domain_name);
656 }
657 if (referral_str == NULL) {
658 return NT_STATUS_NO_MEMORY;
659 }
660
661 status = fill_domain_dfs_referraltype(referrals,
662 &referrals[0], 3,
663 referral_str,
664 dc_list, num_dcs);
665 if (!NT_STATUS_IS_OK(status)) {
666 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
667 __location__, nt_errstr(status)));
668 return status;
669 }
670
671 return NT_STATUS_OK;
672 }
673
674 /*
675 * Handle the logic for dfs referral request like
676 * \\domain\sysvol or \\domain\netlogon
677 */
678 static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
679 struct ldb_context *sam_ctx,
680 const struct tsocket_address *client,
681 struct dfs_GetDFSReferral *r,
682 const char *domain_name,
683 const char *dfs_name)
684 {
685 const char *site_name = NULL; /* Name of the site where the client is */
686 bool need_fqdn = false;
687 unsigned int i, c = 0, nb_entries = 0;
688 struct dc_set **set;
689 char *client_str = NULL;
690 NTSTATUS status;
691 struct dfs_referral_type *referrals;
692
693 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
694 return NT_STATUS_INVALID_PARAMETER;
695 }
696
697 if (r->in.req.max_referral_level < 3) {
698 DEBUG(2,("invalid max_referral_level %u\n",
699 r->in.req.max_referral_level));
700 return NT_STATUS_UNSUCCESSFUL;
701 }
702
703 DEBUG(10, ("in this we have request for %s and share %s requested is %s\n",
704 domain_name, dfs_name, r->in.req.servername));
705
706 if (strchr(domain_name,'.')) {
707 need_fqdn = 1;
708 }
709
710 if (tsocket_address_is_inet(client, "ip")) {
711 client_str = tsocket_address_inet_addr_string(client, r);
712 if (client_str == NULL) {
713 return NT_STATUS_NO_MEMORY;
714 }
715 }
716
717 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
718
719 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
720 if (!NT_STATUS_IS_OK(status)) {
721 DEBUG(3,("Unable to get list of DCs - %s\n",
722 nt_errstr(status)));
723 return status;
724 }
725
726 for(i=0; set[i]; i++) {
727 nb_entries = nb_entries + set[i]->count;
728 }
729
730 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
731 if (r->out.resp == NULL) {
732 return NT_STATUS_NO_MEMORY;
733 }
734
735 /* The length is expected in bytes */
736 r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2;
737 /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/
738 r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR;
739 r->out.resp->nb_referrals = nb_entries;
740
741 referrals = talloc_zero_array(r->out.resp,
742 struct dfs_referral_type,
743 r->out.resp->nb_referrals);
744 if (referrals == NULL) {
745 return NT_STATUS_NO_MEMORY;
746 }
747 r->out.resp->referral_entries = referrals;
748
749 c = 0;
750 for(i=0; set[i]; i++) {
751 uint32_t j;
752
753 for(j=0; j< set[i]->count; j++) {
754 struct dfs_referral_type *ref = &referrals[c];
755 const char *referral_str;
756
757 referral_str = talloc_asprintf(referrals, "\\%s\\%s",
758 set[i]->names[j], dfs_name);
759 if (referral_str == NULL) {
760 return NT_STATUS_NO_MEMORY;
761 }
762
763 DEBUG(8,("Doing a dfs referral for %s with this value "
764 "%s requested %s\n",
765 set[i]->names[j], referral_str,
766 r->in.req.servername));
767
768 status = fill_normal_dfs_referraltype(referrals, ref,
769 r->in.req.max_referral_level,
770 r->in.req.servername,
771 referral_str, c==0);
772
773
774 if (!NT_STATUS_IS_OK(status)) {
775 DEBUG(2,("%s: Unable to fill domain referral "
776 "structure - %s\n",
777 __location__, nt_errstr(status)));
778 return status;
779 }
780
781 c++;
782 }
783 }
784
785 return NT_STATUS_OK;
786 }
787
788 /*
789 trans2 getdfsreferral implementation
790 */
791 NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx,
792 struct ldb_context *sam_ctx,
793 const struct tsocket_address *client,
794 struct dfs_GetDFSReferral *r)
795 {
796 char *server_name = NULL;
797 char *dfs_name = NULL;
798 char *link_path = NULL;
799 const char *netbios_domain;
800 const char *dns_domain;
801 const char *netbios_name;
802 const char *dns_name;
803 const char **netbios_aliases;
804
805 if (!lpcfg_host_msdfs(lp_ctx)) {
806 return NT_STATUS_FS_DRIVER_REQUIRED;
807 }
808
809 if (r->in.req.servername == NULL) {
810 return NT_STATUS_INVALID_PARAMETER;
811 }
812
813 DEBUG(8, ("Requested DFS name: %s length: %u\n",
814 r->in.req.servername,
815 (unsigned int)strlen_m(r->in.req.servername)*2));
816
817 /*
818 * If the servername is "" then we are in a case of domain dfs
819 * and the client just searches for the list of local domain
820 * it is attached and also trusted ones.
821 */
822 if (strlen(r->in.req.servername) == 0) {
823 return dodomain_referral(lp_ctx, sam_ctx, client, r);
824 }
825
826 server_name = talloc_strdup(r, r->in.req.servername);
827 if (server_name == NULL) {
828 return NT_STATUS_NO_MEMORY;
829 }
830
831 while(*server_name && *server_name == '\\') {
832 server_name++;
833 }
834
835 dfs_name = strchr(server_name, '\\');
836 if (dfs_name != NULL) {
837 dfs_name[0] = '\0';
838 dfs_name++;
839
840 link_path = strchr(dfs_name, '\\');
841 if (link_path != NULL) {
842 link_path[0] = '\0';
843 link_path++;
844 }
845 }
846
847 if (link_path != NULL) {
848 /*
849 * If it is a DFS Link we do not
850 * handle it here.
851 */
852 return NT_STATUS_NOT_FOUND;
853 }
854
855 netbios_domain = lpcfg_workgroup(lp_ctx);
856 dns_domain = lpcfg_dnsdomain(lp_ctx);
857 netbios_name = lpcfg_netbios_name(lp_ctx);
858 dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain);
859 if (dns_name == NULL) {
860 return NT_STATUS_NO_MEMORY;
861 }
862
863 if ((strcasecmp_m(server_name, netbios_name) == 0) ||
864 (strcasecmp_m(server_name, dns_name) == 0)) {
865 /*
866 * If it is not domain related do not
867 * handle it here.
868 */
869 return NT_STATUS_NOT_FOUND;
870 }
871
872 if (is_ipaddress(server_name)) {
873 /*
874 * If it is not domain related do not
875 * handle it here.
876 */
877 return NT_STATUS_NOT_FOUND;
878 }
879
880 netbios_aliases = lpcfg_netbios_aliases(lp_ctx);
881 while (netbios_aliases && *netbios_aliases) {
882 const char *netbios_alias = *netbios_aliases;
883 char *dns_alias;
884 int cmp;
885
886 cmp = strcasecmp_m(server_name, netbios_alias);
887 if (cmp == 0) {
888 /*
889 * If it is not domain related do not
890 * handle it here.
891 */
892 return NT_STATUS_NOT_FOUND;
893 }
894
895 dns_alias = talloc_asprintf(r, "%s.%s",
896 netbios_alias,
897 dns_domain);
898 if (dns_alias == NULL) {
899 return NT_STATUS_NO_MEMORY;
900 }
901
902 cmp = strcasecmp_m(server_name, dns_alias);
903 talloc_free(dns_alias);
904 if (cmp == 0) {
905 /*
906 * If it is not domain related do not
907 * handle it here.
908 */
909 return NT_STATUS_NOT_FOUND;
910 }
911 netbios_aliases++;
912 }
913
914 if ((strcasecmp_m(server_name, netbios_domain) != 0) &&
915 (strcasecmp_m(server_name, dns_domain) != 0)) {
916 /*
917 * Not a domain we handle.
918 */
919 return NT_STATUS_INVALID_PARAMETER;
920 }
921
922 /*
923 * Here we have filtered the thing the requested name don't contain our DNS name.
924 * So if the share == NULL or if share in ("sysvol", "netlogon")
925 * then we proceed. In the first case it will be a dc refereal in the second it will
926 * be just a sysvol/netlogon referral.
927 */
928 if (dfs_name == NULL) {
929 return dodc_referral(lp_ctx, sam_ctx,
930 client, r, server_name);
931 }
932
933 /*
934 * Here we have filtered the thing the requested name don't contain our DNS name.
935 * So if the share == NULL or if share in ("sysvol", "netlogon")
936 * then we proceed. In the first case it will be a dc refereal in the second it will
937 * be just a sysvol/netlogon referral.
938 */
939 if (strcasecmp(dfs_name, "sysvol") == 0 ||
940 strcasecmp(dfs_name, "netlogon") == 0) {
941 return dosysvol_referral(lp_ctx, sam_ctx, client, r,
942 server_name, dfs_name);
943 }
944
945 /* By default until all the case are handled */
946 return NT_STATUS_NOT_FOUND;
947 }
Samba GIT mirror