search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4/heimdal_build: use GetTimeOfDay macro instead of gettimeofday
[Samba/ita.git] / source3 / libsmb / clidfs.c
blobf4b52687f83ea146c5f7be9e61fad20d54407ba4
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 /********************************************************************
25 Important point.
26
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
29
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
34
35 /********************************************************************
36 Ensure a connection is encrypted.
37 ********************************************************************/
38
39 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
40 const char *username,
41 const char *password,
42 const char *domain,
43 const char *sharename)
44 {
45 NTSTATUS status = cli_force_encryption(c,
46 username,
47 password,
48 domain);
49
50 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
51 d_printf("Encryption required and "
52 "server that doesn't support "
53 "UNIX extensions - failing connect\n");
54 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
55 d_printf("Encryption required and "
56 "can't get UNIX CIFS extensions "
57 "version from server.\n");
58 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
59 d_printf("Encryption required and "
60 "share %s doesn't support "
61 "encryption.\n", sharename);
62 } else if (!NT_STATUS_IS_OK(status)) {
63 d_printf("Encryption required and "
64 "setup failed with error %s.\n",
65 nt_errstr(status));
66 }
67
68 return status;
69 }
70
71 /********************************************************************
72 Return a connection to a server.
73 ********************************************************************/
74
75 static struct cli_state *do_connect(TALLOC_CTX *ctx,
76 const char *server,
77 const char *share,
78 const struct user_auth_info *auth_info,
79 bool show_sessetup,
80 bool force_encrypt,
81 int max_protocol,
82 int port,
83 int name_type)
84 {
85 struct cli_state *c = NULL;
86 struct nmb_name called, calling;
87 const char *called_str;
88 const char *server_n;
89 struct sockaddr_storage ss;
90 char *servicename;
91 char *sharename;
92 char *newserver, *newshare;
93 const char *username;
94 const char *password;
95 NTSTATUS status;
96
97 /* make a copy so we don't modify the global string 'service' */
98 servicename = talloc_strdup(ctx,share);
99 if (!servicename) {
100 return NULL;
101 }
102 sharename = servicename;
103 if (*sharename == '\\') {
104 sharename += 2;
105 called_str = sharename;
106 if (server == NULL) {
107 server = sharename;
108 }
109 sharename = strchr_m(sharename,'\\');
110 if (!sharename) {
111 return NULL;
112 }
113 *sharename = 0;
114 sharename++;
115 } else {
116 called_str = server;
117 }
118
119 server_n = server;
120
121 zero_sockaddr(&ss);
122
123 make_nmb_name(&calling, global_myname(), 0x0);
124 make_nmb_name(&called , called_str, name_type);
125
126 again:
127 zero_sockaddr(&ss);
128
129 /* have to open a new connection */
130 if (!(c=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)))) {
131 d_printf("Connection to %s failed\n", server_n);
132 if (c) {
133 cli_shutdown(c);
134 }
135 return NULL;
136 }
137 if (port) {
138 cli_set_port(c, port);
139 }
140
141 status = cli_connect(c, server_n, &ss);
142 if (!NT_STATUS_IS_OK(status)) {
143 d_printf("Connection to %s failed (Error %s)\n",
144 server_n,
145 nt_errstr(status));
146 cli_shutdown(c);
147 return NULL;
148 }
149
150 if (max_protocol == 0) {
151 max_protocol = PROTOCOL_NT1;
152 }
153 c->protocol = max_protocol;
154 c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
155 c->fallback_after_kerberos =
156 get_cmdline_auth_info_fallback_after_kerberos(auth_info);
157 c->use_ccache = get_cmdline_auth_info_use_ccache(auth_info);
158
159 if (!cli_session_request(c, &calling, &called)) {
160 char *p;
161 d_printf("session request to %s failed (%s)\n",
162 called.name, cli_errstr(c));
163 cli_shutdown(c);
164 c = NULL;
165 if ((p=strchr_m(called.name, '.'))) {
166 *p = 0;
167 goto again;
168 }
169 if (strcmp(called.name, "*SMBSERVER")) {
170 make_nmb_name(&called , "*SMBSERVER", 0x20);
171 goto again;
172 }
173 return NULL;
174 }
175
176 DEBUG(4,(" session request ok\n"));
177
178 status = cli_negprot(c);
179
180 if (!NT_STATUS_IS_OK(status)) {
181 d_printf("protocol negotiation failed: %s\n",
182 nt_errstr(status));
183 cli_shutdown(c);
184 return NULL;
185 }
186
187 username = get_cmdline_auth_info_username(auth_info);
188 password = get_cmdline_auth_info_password(auth_info);
189
190 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
191 password, strlen(password),
192 password, strlen(password),
193 lp_workgroup()))) {
194 /* If a password was not supplied then
195 * try again with a null username. */
196 if (password[0] || !username[0] ||
197 get_cmdline_auth_info_use_kerberos(auth_info) ||
198 !NT_STATUS_IS_OK(cli_session_setup(c, "",
199 "", 0,
200 "", 0,
201 lp_workgroup()))) {
202 d_printf("session setup failed: %s\n", cli_errstr(c));
203 if (NT_STATUS_V(cli_nt_error(c)) ==
204 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
205 d_printf("did you forget to run kinit?\n");
206 cli_shutdown(c);
207 return NULL;
208 }
209 d_printf("Anonymous login successful\n");
210 status = cli_init_creds(c, "", lp_workgroup(), "");
211 } else {
212 status = cli_init_creds(c, username, lp_workgroup(), password);
213 }
214
215 if (!NT_STATUS_IS_OK(status)) {
216 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
217 cli_shutdown(c);
218 return NULL;
219 }
220
221 if ( show_sessetup ) {
222 if (*c->server_domain) {
223 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
224 c->server_domain,c->server_os,c->server_type));
225 } else if (*c->server_os || *c->server_type) {
226 DEBUG(0,("OS=[%s] Server=[%s]\n",
227 c->server_os,c->server_type));
228 }
229 }
230 DEBUG(4,(" session setup ok\n"));
231
232 /* here's the fun part....to support 'msdfs proxy' shares
233 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
234 here before trying to connect to the original share.
235 cli_check_msdfs_proxy() will fail if it is a normal share. */
236
237 if ((c->capabilities & CAP_DFS) &&
238 cli_check_msdfs_proxy(ctx, c, sharename,
239 &newserver, &newshare,
240 force_encrypt,
241 username,
242 password,
243 lp_workgroup())) {
244 cli_shutdown(c);
245 return do_connect(ctx, newserver,
246 newshare, auth_info, false,
247 force_encrypt, max_protocol,
248 port, name_type);
249 }
250
251 /* must be a normal share */
252
253 status = cli_tcon_andx(c, sharename, "?????",
254 password, strlen(password)+1);
255 if (!NT_STATUS_IS_OK(status)) {
256 d_printf("tree connect failed: %s\n", nt_errstr(status));
257 cli_shutdown(c);
258 return NULL;
259 }
260
261 if (force_encrypt) {
262 status = cli_cm_force_encryption(c,
263 username,
264 password,
265 lp_workgroup(),
266 sharename);
267 if (!NT_STATUS_IS_OK(status)) {
268 cli_shutdown(c);
269 return NULL;
270 }
271 }
272
273 DEBUG(4,(" tconx ok\n"));
274 return c;
275 }
276
277 /****************************************************************************
278 ****************************************************************************/
279
280 static void cli_set_mntpoint(struct cli_state *cli, const char *mnt)
281 {
282 char *name = clean_name(NULL, mnt);
283 if (!name) {
284 return;
285 }
286 TALLOC_FREE(cli->dfs_mountpoint);
287 cli->dfs_mountpoint = talloc_strdup(cli, name);
288 TALLOC_FREE(name);
289 }
290
291 /********************************************************************
292 Add a new connection to the list.
293 referring_cli == NULL means a new initial connection.
294 ********************************************************************/
295
296 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
297 struct cli_state *referring_cli,
298 const char *server,
299 const char *share,
300 const struct user_auth_info *auth_info,
301 bool show_hdr,
302 bool force_encrypt,
303 int max_protocol,
304 int port,
305 int name_type)
306 {
307 struct cli_state *cli;
308
309 cli = do_connect(ctx, server, share,
310 auth_info,
311 show_hdr, force_encrypt, max_protocol,
312 port, name_type);
313
314 if (!cli ) {
315 return NULL;
316 }
317
318 /* Enter into the list. */
319 if (referring_cli) {
320 DLIST_ADD_END(referring_cli, cli, struct cli_state *);
321 }
322
323 if (referring_cli && referring_cli->requested_posix_capabilities) {
324 uint16 major, minor;
325 uint32 caplow, caphigh;
326 NTSTATUS status;
327 status = cli_unix_extensions_version(cli, &major, &minor,
328 &caplow, &caphigh);
329 if (NT_STATUS_IS_OK(status)) {
330 cli_set_unix_extensions_capabilities(cli,
331 major, minor,
332 caplow, caphigh);
333 }
334 }
335
336 return cli;
337 }
338
339 /********************************************************************
340 Return a connection to a server on a particular share.
341 ********************************************************************/
342
343 static struct cli_state *cli_cm_find(struct cli_state *cli,
344 const char *server,
345 const char *share)
346 {
347 struct cli_state *p;
348
349 if (cli == NULL) {
350 return NULL;
351 }
352
353 /* Search to the start of the list. */
354 for (p = cli; p; p = DLIST_PREV(p)) {
355 if (strequal(server, p->desthost) &&
356 strequal(share,p->share)) {
357 return p;
358 }
359 }
360
361 /* Search to the end of the list. */
362 for (p = cli->next; p; p = p->next) {
363 if (strequal(server, p->desthost) &&
364 strequal(share,p->share)) {
365 return p;
366 }
367 }
368
369 return NULL;
370 }
371
372 /****************************************************************************
373 Open a client connection to a \\server\share.
374 ****************************************************************************/
375
376 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
377 struct cli_state *referring_cli,
378 const char *server,
379 const char *share,
380 const struct user_auth_info *auth_info,
381 bool show_hdr,
382 bool force_encrypt,
383 int max_protocol,
384 int port,
385 int name_type)
386 {
387 /* Try to reuse an existing connection in this list. */
388 struct cli_state *c = cli_cm_find(referring_cli, server, share);
389
390 if (c) {
391 return c;
392 }
393
394 if (auth_info == NULL) {
395 /* Can't do a new connection
396 * without auth info. */
397 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
398 "without auth info\n",
399 server, share );
400 return NULL;
401 }
402
403 return cli_cm_connect(ctx,
404 referring_cli,
405 server,
406 share,
407 auth_info,
408 show_hdr,
409 force_encrypt,
410 max_protocol,
411 port,
412 name_type);
413 }
414
415 /****************************************************************************
416 ****************************************************************************/
417
418 void cli_cm_display(const struct cli_state *cli)
419 {
420 int i;
421
422 for (i=0; cli; cli = cli->next,i++ ) {
423 d_printf("%d:\tserver=%s, share=%s\n",
424 i, cli->desthost, cli->share );
425 }
426 }
427
428 /****************************************************************************
429 ****************************************************************************/
430
431 /****************************************************************************
432 ****************************************************************************/
433
434 #if 0
435 void cli_cm_set_credentials(struct user_auth_info *auth_info)
436 {
437 SAFE_FREE(cm_creds.username);
438 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
439 auth_info));
440
441 if (get_cmdline_auth_info_got_pass(auth_info)) {
442 cm_set_password(get_cmdline_auth_info_password(auth_info));
443 }
444
445 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
446 cm_creds.fallback_after_kerberos = false;
447 cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
448 }
449 #endif
450
451 /**********************************************************************
452 split a dfs path into the server, share name, and extrapath components
453 **********************************************************************/
454
455 static void split_dfs_path(TALLOC_CTX *ctx,
456 const char *nodepath,
457 char **pp_server,
458 char **pp_share,
459 char **pp_extrapath)
460 {
461 char *p, *q;
462 char *path;
463
464 *pp_server = NULL;
465 *pp_share = NULL;
466 *pp_extrapath = NULL;
467
468 path = talloc_strdup(ctx, nodepath);
469 if (!path) {
470 return;
471 }
472
473 if ( path[0] != '\\' ) {
474 return;
475 }
476
477 p = strchr_m( path + 1, '\\' );
478 if ( !p ) {
479 return;
480 }
481
482 *p = '\0';
483 p++;
484
485 /* Look for any extra/deep path */
486 q = strchr_m(p, '\\');
487 if (q != NULL) {
488 *q = '\0';
489 q++;
490 *pp_extrapath = talloc_strdup(ctx, q);
491 } else {
492 *pp_extrapath = talloc_strdup(ctx, "");
493 }
494
495 *pp_share = talloc_strdup(ctx, p);
496 *pp_server = talloc_strdup(ctx, &path[1]);
497 }
498
499 /****************************************************************************
500 Return the original path truncated at the directory component before
501 the first wildcard character. Trust the caller to provide a NULL
502 terminated string
503 ****************************************************************************/
504
505 static char *clean_path(TALLOC_CTX *ctx, const char *path)
506 {
507 size_t len;
508 char *p1, *p2, *p;
509 char *path_out;
510
511 /* No absolute paths. */
512 while (IS_DIRECTORY_SEP(*path)) {
513 path++;
514 }
515
516 path_out = talloc_strdup(ctx, path);
517 if (!path_out) {
518 return NULL;
519 }
520
521 p1 = strchr_m(path_out, '*');
522 p2 = strchr_m(path_out, '?');
523
524 if (p1 || p2) {
525 if (p1 && p2) {
526 p = MIN(p1,p2);
527 } else if (!p1) {
528 p = p2;
529 } else {
530 p = p1;
531 }
532 *p = '\0';
533
534 /* Now go back to the start of this component. */
535 p1 = strrchr_m(path_out, '/');
536 p2 = strrchr_m(path_out, '\\');
537 p = MAX(p1,p2);
538 if (p) {
539 *p = '\0';
540 }
541 }
542
543 /* Strip any trailing separator */
544
545 len = strlen(path_out);
546 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
547 path_out[len-1] = '\0';
548 }
549
550 return path_out;
551 }
552
553 /****************************************************************************
554 ****************************************************************************/
555
556 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
557 struct cli_state *cli,
558 const char *dir)
559 {
560 char path_sep = '\\';
561
562 /* Ensure the extrapath doesn't start with a separator. */
563 while (IS_DIRECTORY_SEP(*dir)) {
564 dir++;
565 }
566
567 if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
568 path_sep = '/';
569 }
570 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
571 path_sep,
572 cli->desthost,
573 path_sep,
574 cli->share,
575 path_sep,
576 dir);
577 }
578
579 /********************************************************************
580 check for dfs referral
581 ********************************************************************/
582
583 static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
584 {
585 uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
586
587 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
588
589 if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
590 (flgs2&FLAGS2_UNICODE_STRINGS)))
591 return false;
592
593 if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
594 return true;
595
596 return false;
597 }
598
599 /********************************************************************
600 Get the dfs referral link.
601 ********************************************************************/
602
603 bool cli_dfs_get_referral(TALLOC_CTX *ctx,
604 struct cli_state *cli,
605 const char *path,
606 struct client_dfs_referral **refs,
607 size_t *num_refs,
608 size_t *consumed)
609 {
610 unsigned int data_len = 0;
611 unsigned int param_len = 0;
612 uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
613 char *param = NULL;
614 char *rparam=NULL, *rdata=NULL;
615 char *p;
616 char *endp;
617 size_t pathlen = 2*(strlen(path)+1);
618 smb_ucs2_t *path_ucs;
619 char *consumed_path = NULL;
620 uint16_t consumed_ucs;
621 uint16 num_referrals;
622 struct client_dfs_referral *referrals = NULL;
623 bool ret = false;
624
625 *num_refs = 0;
626 *refs = NULL;
627
628 param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
629 if (!param) {
630 goto out;
631 }
632 SSVAL(param, 0, 0x03); /* max referral level */
633 p = &param[2];
634
635 path_ucs = (smb_ucs2_t *)p;
636 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
637 param_len = PTR_DIFF(p, param);
638
639 if (!cli_send_trans(cli, SMBtrans2,
640 NULL, /* name */
641 -1, 0, /* fid, flags */
642 &setup, 1, 0, /* setup, length, max */
643 param, param_len, 2, /* param, length, max */
644 NULL, 0, cli->max_xmit /* data, length, max */
645 )) {
646 goto out;
647 }
648
649 if (!cli_receive_trans(cli, SMBtrans2,
650 &rparam, &param_len,
651 &rdata, &data_len)) {
652 goto out;
653 }
654
655 if (data_len < 4) {
656 goto out;
657 }
658
659 endp = rdata + data_len;
660
661 consumed_ucs = SVAL(rdata, 0);
662 num_referrals = SVAL(rdata, 2);
663
664 /* consumed_ucs is the number of bytes
665 * of the UCS2 path consumed not counting any
666 * terminating null. We need to convert
667 * back to unix charset and count again
668 * to get the number of bytes consumed from
669 * the incoming path. */
670
671 if (pull_string_talloc(talloc_tos(),
672 NULL,
673 0,
674 &consumed_path,
675 path_ucs,
676 consumed_ucs,
677 STR_UNICODE) == 0) {
678 goto out;
679 }
680 if (consumed_path == NULL) {
681 goto out;
682 }
683 *consumed = strlen(consumed_path);
684
685 if (num_referrals != 0) {
686 uint16 ref_version;
687 uint16 ref_size;
688 int i;
689 uint16 node_offset;
690
691 referrals = talloc_array(ctx, struct client_dfs_referral,
692 num_referrals);
693
694 if (!referrals) {
695 goto out;
696 }
697 /* start at the referrals array */
698
699 p = rdata+8;
700 for (i=0; i<num_referrals && p < endp; i++) {
701 if (p + 18 > endp) {
702 goto out;
703 }
704 ref_version = SVAL(p, 0);
705 ref_size = SVAL(p, 2);
706 node_offset = SVAL(p, 16);
707
708 if (ref_version != 3) {
709 p += ref_size;
710 continue;
711 }
712
713 referrals[i].proximity = SVAL(p, 8);
714 referrals[i].ttl = SVAL(p, 10);
715
716 if (p + node_offset > endp) {
717 goto out;
718 }
719 clistr_pull_talloc(ctx, cli->inbuf,
720 SVAL(cli->inbuf, smb_flg2),
721 &referrals[i].dfspath,
722 p+node_offset, -1,
723 STR_TERMINATE|STR_UNICODE);
724
725 if (!referrals[i].dfspath) {
726 goto out;
727 }
728 p += ref_size;
729 }
730 if (i < num_referrals) {
731 goto out;
732 }
733 }
734
735 ret = true;
736
737 *num_refs = num_referrals;
738 *refs = referrals;
739
740 out:
741
742 TALLOC_FREE(consumed_path);
743 SAFE_FREE(param);
744 SAFE_FREE(rdata);
745 SAFE_FREE(rparam);
746 return ret;
747 }
748
749 /********************************************************************
750 ********************************************************************/
751
752 bool cli_resolve_path(TALLOC_CTX *ctx,
753 const char *mountpt,
754 const struct user_auth_info *dfs_auth_info,
755 struct cli_state *rootcli,
756 const char *path,
757 struct cli_state **targetcli,
758 char **pp_targetpath)
759 {
760 struct client_dfs_referral *refs = NULL;
761 size_t num_refs = 0;
762 size_t consumed = 0;
763 struct cli_state *cli_ipc = NULL;
764 char *dfs_path = NULL;
765 char *cleanpath = NULL;
766 char *extrapath = NULL;
767 int pathlen;
768 char *server = NULL;
769 char *share = NULL;
770 struct cli_state *newcli = NULL;
771 char *newpath = NULL;
772 char *newmount = NULL;
773 char *ppath = NULL;
774 SMB_STRUCT_STAT sbuf;
775 uint32 attributes;
776 NTSTATUS status;
777
778 if ( !rootcli || !path || !targetcli ) {
779 return false;
780 }
781
782 /* Don't do anything if this is not a DFS root. */
783
784 if ( !rootcli->dfsroot) {
785 *targetcli = rootcli;
786 *pp_targetpath = talloc_strdup(ctx, path);
787 if (!*pp_targetpath) {
788 return false;
789 }
790 return true;
791 }
792
793 *targetcli = NULL;
794
795 /* Send a trans2_query_path_info to check for a referral. */
796
797 cleanpath = clean_path(ctx, path);
798 if (!cleanpath) {
799 return false;
800 }
801
802 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
803 if (!dfs_path) {
804 return false;
805 }
806
807 status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
808 if (NT_STATUS_IS_OK(status)) {
809 /* This is an ordinary path, just return it. */
810 *targetcli = rootcli;
811 *pp_targetpath = talloc_strdup(ctx, path);
812 if (!*pp_targetpath) {
813 return false;
814 }
815 goto done;
816 }
817
818 /* Special case where client asked for a path that does not exist */
819
820 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
821 *targetcli = rootcli;
822 *pp_targetpath = talloc_strdup(ctx, path);
823 if (!*pp_targetpath) {
824 return false;
825 }
826 goto done;
827 }
828
829 /* We got an error, check for DFS referral. */
830
831 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
832 return false;
833 }
834
835 /* Check for the referral. */
836
837 if (!(cli_ipc = cli_cm_open(ctx,
838 rootcli,
839 rootcli->desthost,
840 "IPC$",
841 dfs_auth_info,
842 false,
843 (rootcli->trans_enc_state != NULL),
844 rootcli->protocol,
845 0,
846 0x20))) {
847 return false;
848 }
849
850 if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
851 &num_refs, &consumed) || !num_refs) {
852 return false;
853 }
854
855 /* Just store the first referral for now. */
856
857 if (!refs[0].dfspath) {
858 return false;
859 }
860 split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
861
862 if (!server || !share) {
863 return false;
864 }
865
866 /* Make sure to recreate the original string including any wildcards. */
867
868 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
869 if (!dfs_path) {
870 return false;
871 }
872 pathlen = strlen(dfs_path);
873 consumed = MIN(pathlen, consumed);
874 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
875 if (!*pp_targetpath) {
876 return false;
877 }
878 dfs_path[consumed] = '\0';
879
880 /*
881 * *pp_targetpath is now the unconsumed part of the path.
882 * dfs_path is now the consumed part of the path
883 * (in \server\share\path format).
884 */
885
886 /* Open the connection to the target server & share */
887 if ((*targetcli = cli_cm_open(ctx, rootcli,
888 server,
889 share,
890 dfs_auth_info,
891 false,
892 (rootcli->trans_enc_state != NULL),
893 rootcli->protocol,
894 0,
895 0x20)) == NULL) {
896 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
897 server, share );
898 return false;
899 }
900
901 if (extrapath && strlen(extrapath) > 0) {
902 *pp_targetpath = talloc_asprintf(ctx,
903 "%s%s",
904 extrapath,
905 *pp_targetpath);
906 if (!*pp_targetpath) {
907 return false;
908 }
909 }
910
911 /* parse out the consumed mount path */
912 /* trim off the \server\share\ */
913
914 ppath = dfs_path;
915
916 if (*ppath != '\\') {
917 d_printf("cli_resolve_path: "
918 "dfs_path (%s) not in correct format.\n",
919 dfs_path );
920 return false;
921 }
922
923 ppath++; /* Now pointing at start of server name. */
924
925 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
926 return false;
927 }
928
929 ppath++; /* Now pointing at start of share name. */
930
931 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
932 return false;
933 }
934
935 ppath++; /* Now pointing at path component. */
936
937 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
938 if (!newmount) {
939 return false;
940 }
941
942 cli_set_mntpoint(*targetcli, newmount);
943
944 /* Check for another dfs referral, note that we are not
945 checking for loops here. */
946
947 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
948 if (cli_resolve_path(ctx,
949 newmount,
950 dfs_auth_info,
951 *targetcli,
952 *pp_targetpath,
953 &newcli,
954 &newpath)) {
955 /*
956 * When cli_resolve_path returns true here it's always
957 * returning the complete path in newpath, so we're done
958 * here.
959 */
960 *targetcli = newcli;
961 *pp_targetpath = newpath;
962 return true;
963 }
964 }
965
966 done:
967
968 /* If returning true ensure we return a dfs root full path. */
969 if ((*targetcli)->dfsroot) {
970 dfs_path = talloc_strdup(ctx, *pp_targetpath);
971 if (!dfs_path) {
972 return false;
973 }
974 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
975 }
976
977 return true;
978 }
979
980 /********************************************************************
981 ********************************************************************/
982
983 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
984 struct cli_state *cli,
985 const char *sharename,
986 char **pp_newserver,
987 char **pp_newshare,
988 bool force_encrypt,
989 const char *username,
990 const char *password,
991 const char *domain)
992 {
993 struct client_dfs_referral *refs = NULL;
994 size_t num_refs = 0;
995 size_t consumed = 0;
996 char *fullpath = NULL;
997 bool res;
998 uint16 cnum;
999 char *newextrapath = NULL;
1000 NTSTATUS status;
1001
1002 if (!cli || !sharename) {
1003 return false;
1004 }
1005
1006 cnum = cli->cnum;
1007
1008 /* special case. never check for a referral on the IPC$ share */
1009
1010 if (strequal(sharename, "IPC$")) {
1011 return false;
1012 }
1013
1014 /* send a trans2_query_path_info to check for a referral */
1015
1016 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1017 if (!fullpath) {
1018 return false;
1019 }
1020
1021 /* check for the referral */
1022
1023 if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
1024 return false;
1025 }
1026
1027 if (force_encrypt) {
1028 status = cli_cm_force_encryption(cli,
1029 username,
1030 password,
1031 lp_workgroup(),
1032 "IPC$");
1033 if (!NT_STATUS_IS_OK(status)) {
1034 return false;
1035 }
1036 }
1037
1038 res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1039
1040 status = cli_tdis(cli);
1041 if (!NT_STATUS_IS_OK(status)) {
1042 return false;
1043 }
1044
1045 cli->cnum = cnum;
1046
1047 if (!res || !num_refs) {
1048 return false;
1049 }
1050
1051 if (!refs[0].dfspath) {
1052 return false;
1053 }
1054
1055 split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1056 pp_newshare, &newextrapath );
1057
1058 if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
1059 return false;
1060 }
1061
1062 /* check that this is not a self-referral */
1063
1064 if (strequal(cli->desthost, *pp_newserver) &&
1065 strequal(sharename, *pp_newshare)) {
1066 return false;
1067 }
1068
1069 return true;
1070 }