search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
[Samba.git] / dfs_server / dfs_server_ad.c
blob3a25dff9d14c40fae5021ead14ba5089aa56f7c9
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright Matthieu Patou <mat@matws.net> 2010-2011
5 Copyright Stefan Metzmacher 2011
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "librpc/gen_ndr/dfsblobs.h"
23 #include "librpc/gen_ndr/ndr_dfsblobs.h"
24 #include "dsdb/samdb/samdb.h"
25 #include "auth/session.h"
26 #include "param/param.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "dfs_server/dfs_server_ad.h"
29 #include "lib/util/util_net.h"
30
31 #define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
32
33 /* A DC set is a group of DC, they might have been grouped together
34 because they belong to the same site, or to site with same cost ...
35 */
36 struct dc_set {
37 const char **names;
38 uint32_t count;
39 };
40
41 static void shuffle_dc_set(struct dc_set *list)
42 {
43 uint32_t i;
44
45 for (i = list->count; i > 1; i--) {
46 uint32_t r;
47 const char *tmp;
48
49 r = generate_random() % i;
50
51 tmp = list->names[i - 1];
52 list->names[i - 1] = list->names[r];
53 list->names[r] = tmp;
54 }
55 }
56
57 /*
58 fill a referral type structure
59 */
60 static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx,
61 struct dfs_referral_type *ref,
62 uint16_t version,
63 const char *dfs_path,
64 const char *server_path, int isfirstoffset)
65 {
66 ZERO_STRUCTP(ref);
67 switch (version) {
68 case 4:
69 ref->version = version;
70 /* For the moment there is a bug with XP that don't seems to appriciate much
71 * level4 so we return just level 3 for everyone
72 */
73 ref->referral.v4.server_type = DFS_SERVER_NON_ROOT;
74 /* "normal" referral seems to always include the GUID */
75 ref->referral.v4.size = 34;
76
77 if (isfirstoffset) {
78 ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK;
79 }
80 ref->referral.v4.ttl = 900; /* As w2k8r2 */
81 ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
82 if (ref->referral.v4.referrals.r1.DFS_path == NULL) {
83 return NT_STATUS_NO_MEMORY;
84 }
85 ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
86 if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) {
87 return NT_STATUS_NO_MEMORY;
88 }
89 ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
90 if (ref->referral.v4.referrals.r1.netw_address == NULL) {
91 return NT_STATUS_NO_MEMORY;
92 }
93 return NT_STATUS_OK;
94 case 3:
95 ref->version = version;
96 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
97 /* "normal" referral seems to always include the GUID */
98 ref->referral.v3.size = 34;
99
100 ref->referral.v3.entry_flags = 0;
101 ref->referral.v3.ttl = 600; /* As w2k3 */
102 ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
103 if (ref->referral.v3.referrals.r1.DFS_path == NULL) {
104 return NT_STATUS_NO_MEMORY;
105 }
106 ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
107 if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) {
108 return NT_STATUS_NO_MEMORY;
109 }
110 ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
111 if (ref->referral.v3.referrals.r1.netw_address == NULL) {
112 return NT_STATUS_NO_MEMORY;
113 }
114 return NT_STATUS_OK;
115 }
116 return NT_STATUS_INVALID_LEVEL;
117 }
118
119 /*
120 fill a domain refererral
121 */
122 static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx,
123 struct dfs_referral_type *ref,
124 uint16_t version,
125 const char *domain,
126 const char **names,
127 uint16_t numnames)
128 {
129 switch (version) {
130 case 3:
131 ZERO_STRUCTP(ref);
132 DEBUG(8, ("Called fill_domain_dfs_referraltype\n"));
133 ref->version = version;
134 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
135 #if 0
136 /* We use to have variable size, on Windows 2008R2 it's the same
137 * and it seems that it gives better results so ... let's use the same
138 * size.
139 *
140 * Additional note: XP SP2 will ask for version 3 and SP3 for version 4.
141 */
142 /*
143 * It's hard coded ... don't think it's a good way but the
144 * sizeof return not the correct values
145 *
146 * We have 18 if the GUID is not included 34 otherwise
147 */
148 if (numnames == 0) {
149 /* Windows return without the guid when returning domain list
150 */
151 ref->referral.v3.size = 18;
152 } else {
153 ref->referral.v3.size = 34;
154 }
155 #endif
156 /* As seen in w2k8r2 it always return the null GUID */
157 ref->referral.v3.size = 34;
158 ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP;
159 ref->referral.v3.ttl = 600; /* As w2k3 and w2k8r2*/
160 ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx,
161 domain);
162 if (ref->referral.v3.referrals.r2.special_name == NULL) {
163 return NT_STATUS_NO_MEMORY;
164 }
165 ref->referral.v3.referrals.r2.nb_expanded_names = numnames;
166 /* Put the final terminator */
167 if (names) {
168 int i;
169 const char **names2 = talloc_array(mem_ctx, const char *,
170 numnames+1);
171 NT_STATUS_HAVE_NO_MEMORY(names2);
172 for (i = 0; i<numnames; i++) {
173 names2[i] = talloc_asprintf(names2, "\\%s", names[i]);
174 NT_STATUS_HAVE_NO_MEMORY(names2[i]);
175 }
176 names2[numnames] = NULL;
177 ref->referral.v3.referrals.r2.expanded_names = names2;
178 }
179 return NT_STATUS_OK;
180 }
181 return NT_STATUS_INVALID_LEVEL;
182 }
183
184 /*
185 get the DCs list within a site
186 */
187 static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
188 struct ldb_dn *sitedn, struct dc_set *list,
189 bool dofqdn)
190 {
191 static const char *attrs[] = { "serverReference", NULL };
192 static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL };
193 struct ldb_result *r;
194 unsigned int i;
195 int ret;
196 const char **dc_list;
197
198 ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs,
199 "(&(objectClass=server)(serverReference=*))");
200 if (ret != LDB_SUCCESS) {
201 DEBUG(2,(__location__ ": Failed to get list of servers - %s\n",
202 ldb_errstring(ldb)));
203 return NT_STATUS_INTERNAL_ERROR;
204 }
205
206 if (r->count == 0) {
207 /* none in this site */
208 talloc_free(r);
209 return NT_STATUS_OK;
210 }
211
212 /*
213 * need to search for all server object to know the size of the array.
214 * Search all the object of class server in this site
215 */
216 dc_list = talloc_array(r, const char *, r->count);
217 if (dc_list == NULL) {
218 TALLOC_FREE(r);
219 return NT_STATUS_NO_MEMORY;
220 }
221
222 /* TODO put some random here in the order */
223 list->names = talloc_realloc(list, list->names, const char *, list->count + r->count);
224 if (list->names == NULL) {
225 TALLOC_FREE(r);
226 return NT_STATUS_NO_MEMORY;
227 }
228
229 for (i = 0; i<r->count; i++) {
230 struct ldb_dn *dn;
231 struct ldb_message *msg;
232
233 dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
234 if (!dn) {
235 return NT_STATUS_INTERNAL_ERROR;
236 }
237
238 ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
239 if (ret != LDB_SUCCESS) {
240 DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
241 ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
242 return NT_STATUS_INTERNAL_ERROR;
243 }
244
245 if (dofqdn) {
246 const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
247 if (dns == NULL) {
248 DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
249 ldb_dn_get_linearized(dn)));
250 talloc_free(r);
251 return NT_STATUS_INTERNAL_ERROR;
252 }
253
254 list->names[list->count] = talloc_strdup(list->names, dns);
255 if (list->names[list->count] == NULL) {
256 TALLOC_FREE(r);
257 return NT_STATUS_NO_MEMORY;
258 }
259 } else {
260 char *tmp;
261 const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
262 if (aname == NULL) {
263 DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
264 ldb_dn_get_linearized(dn)));
265 talloc_free(r);
266 return NT_STATUS_INTERNAL_ERROR;
267 }
268
269 tmp = talloc_strdup(list->names, aname);
270 if (tmp == NULL) {
271 TALLOC_FREE(r);
272 return NT_STATUS_NO_MEMORY;
273 }
274
275 /* Netbios name is also the sAMAccountName for
276 computer but without the final $ */
277 tmp[strlen(tmp) - 1] = '\0';
278 list->names[list->count] = tmp;
279 }
280 list->count++;
281 talloc_free(msg);
282 }
283
284 shuffle_dc_set(list);
285
286 talloc_free(r);
287 return NT_STATUS_OK;
288 }
289
290
291 /*
292 get all DCs
293 */
294 static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
295 const char *searched_site, bool need_fqdn,
296 struct dc_set ***pset_list, uint32_t flags)
297 {
298 /*
299 * Flags will be used later to indicate things like least-expensive
300 * or same-site options
301 */
302 const char *attrs_none[] = { NULL };
303 const char *attrs3[] = { "name", NULL };
304 struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn;
305 struct ldb_result *r;
306 struct dc_set **set_list = NULL;
307 uint32_t i;
308 int ret;
309 uint32_t current_pos = 0;
310 NTSTATUS status;
311 TALLOC_CTX *subctx;
312
313 *pset_list = set_list = NULL;
314
315 subctx = talloc_new(ctx);
316 NT_STATUS_HAVE_NO_MEMORY(subctx);
317
318 configdn = ldb_get_config_basedn(ldb);
319
320 /* Let's search for the Site container */
321 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none,
322 "(objectClass=sitesContainer)");
323 if (ret != LDB_SUCCESS) {
324 DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n",
325 ldb_dn_get_linearized(configdn), ldb_errstring(ldb)));
326 talloc_free(subctx);
327 return NT_STATUS_INTERNAL_ERROR;
328 }
329 if (r->count > 1) {
330 DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n",
331 r->count, ldb_dn_get_linearized(configdn)));
332 talloc_free(subctx);
333 return NT_STATUS_INTERNAL_ERROR;
334 }
335
336 sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn);
337 talloc_free(r);
338
339 /*
340 * TODO: Here we should have a more subtle handling
341 * for the case "same-site"
342 */
343 ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE,
344 attrs_none, "(objectClass=server)");
345 if (ret != LDB_SUCCESS) {
346 DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n",
347 ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb)));
348 talloc_free(subctx);
349 return NT_STATUS_INTERNAL_ERROR;
350 }
351 talloc_free(r);
352
353 if (searched_site != NULL && searched_site[0] != '\0') {
354 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE,
355 attrs_none, "(&(name=%s)(objectClass=site))", searched_site);
356 if (ret != LDB_SUCCESS) {
357 talloc_free(subctx);
358 return NT_STATUS_FOOBAR;
359 } else if (r->count != 1) {
360 talloc_free(subctx);
361 return NT_STATUS_FOOBAR;
362 }
363
364 /* All of this was to get the DN of the searched_site */
365 sitedn = r->msgs[0]->dn;
366
367 /*
368 * We will realloc + 2 because we will need one additional place
369 * for element at current_pos + 1 for the NULL element
370 */
371 set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2);
372 if (set_list == NULL) {
373 TALLOC_FREE(subctx);
374 return NT_STATUS_NO_MEMORY;
375 }
376
377 set_list[current_pos] = talloc(set_list, struct dc_set);
378 if (set_list[current_pos] == NULL) {
379 TALLOC_FREE(subctx);
380 return NT_STATUS_NO_MEMORY;
381 }
382
383 set_list[current_pos]->names = NULL;
384 set_list[current_pos]->count = 0;
385
386 set_list[current_pos+1] = NULL;
387
388 status = get_dcs_insite(subctx, ldb, sitedn,
389 set_list[current_pos], need_fqdn);
390 if (!NT_STATUS_IS_OK(status)) {
391 DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n",
392 ldb_dn_get_linearized(sitedn), nt_errstr(status)));
393 talloc_free(subctx);
394 return status;
395 }
396 talloc_free(r);
397 current_pos++;
398 }
399
400 /* Let's find all the sites */
401 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)");
402 if (ret != LDB_SUCCESS) {
403 DEBUG(2,(__location__ ": Failed to find any site containers in %s\n",
404 ldb_dn_get_linearized(configdn)));
405 talloc_free(subctx);
406 return NT_STATUS_INTERNAL_DB_CORRUPTION;
407 }
408
409 /*
410 * TODO:
411 * We should randomize the order in the main site,
412 * it's mostly needed for sysvol/netlogon referral.
413 * Depending of flag we either randomize order of the
414 * not "in the same site DCs"
415 * or we randomize by group of site that have the same cost
416 * In the long run we want to manipulate an array of site_set
417 * All the site in one set have the same cost (if least-expansive options is selected)
418 * and we will put all the dc related to 1 site set into 1 DCs set.
419 * Within a site set, site order has to be randomized
420 *
421 * But for the moment we just return the list of sites
422 */
423 if (r->count) {
424 /*
425 * We will realloc + 2 because we will need one additional place
426 * for element at current_pos + 1 for the NULL element
427 */
428 set_list = talloc_realloc(subctx, set_list, struct dc_set *,
429 current_pos+2);
430 if (set_list == NULL) {
431 TALLOC_FREE(subctx);
432 return NT_STATUS_NO_MEMORY;
433 }
434
435 set_list[current_pos] = talloc(ctx, struct dc_set);
436 if (set_list[current_pos] == NULL) {
437 TALLOC_FREE(subctx);
438 return NT_STATUS_NO_MEMORY;
439 }
440
441 set_list[current_pos]->names = NULL;
442 set_list[current_pos]->count = 0;
443
444 set_list[current_pos+1] = NULL;
445 }
446
447 for (i=0; i<r->count; i++) {
448 const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL);
449 if (site_name == NULL) {
450 DEBUG(2,(__location__ ": Failed to find name attribute in %s\n",
451 ldb_dn_get_linearized(r->msgs[i]->dn)));
452 talloc_free(subctx);
453 return NT_STATUS_INTERNAL_DB_CORRUPTION;
454 }
455
456 if (searched_site == NULL ||
457 strcmp(searched_site, site_name) != 0) {
458 DEBUG(2,(__location__ ": Site: %s %s\n",
459 searched_site, site_name));
460
461 /*
462 * Do all the site but the one of the client
463 * (because it has already been done ...)
464 */
465 dn = r->msgs[i]->dn;
466
467 status = get_dcs_insite(subctx, ldb, dn,
468 set_list[current_pos],
469 need_fqdn);
470 if (!NT_STATUS_IS_OK(status)) {
471 talloc_free(subctx);
472 return status;
473 }
474 }
475 }
476
477 *pset_list = talloc_move(ctx, &set_list);
478 talloc_free(subctx);
479 return NT_STATUS_OK;
480 }
481
482 static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
483 struct ldb_context *sam_ctx,
484 const struct tsocket_address *client,
485 struct dfs_GetDFSReferral *r)
486 {
487 /*
488 * TODO for the moment we just return the local domain
489 */
490 NTSTATUS status;
491 const char *dns_domain = lpcfg_dnsdomain(lp_ctx);
492 const char *netbios_domain = lpcfg_workgroup(lp_ctx);
493 struct dfs_referral_type *referrals;
494 const char *referral_str;
495 /* In the future this needs to be fetched from the ldb */
496 uint32_t found_domain = 2;
497
498 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
499 DEBUG(10 ,("Received a domain referral request on a non DC\n"));
500 return NT_STATUS_INVALID_PARAMETER;
501 }
502
503 if (r->in.req.max_referral_level < 3) {
504 DEBUG(2,("invalid max_referral_level %u\n",
505 r->in.req.max_referral_level));
506 return NT_STATUS_UNSUCCESSFUL;
507 }
508
509 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
510 if (r->out.resp == NULL) {
511 return NT_STATUS_NO_MEMORY;
512 }
513
514 r->out.resp->path_consumed = 0;
515 r->out.resp->header_flags = 0; /* Do like w2k3 */
516 r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */
517
518 referrals = talloc_zero_array(r->out.resp,
519 struct dfs_referral_type,
520 r->out.resp->nb_referrals);
521 if (referrals == NULL) {
522 return NT_STATUS_NO_MEMORY;
523 }
524 r->out.resp->referral_entries = referrals;
525
526 referral_str = talloc_asprintf(r, "\\%s", netbios_domain);
527 if (referral_str == NULL) {
528 return NT_STATUS_NO_MEMORY;
529 }
530
531 status = fill_domain_dfs_referraltype(referrals,
532 &referrals[0], 3,
533 referral_str,
534 NULL, 0);
535 if (!NT_STATUS_IS_OK(status)) {
536 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
537 __location__, nt_errstr(status)));
538 return status;
539 }
540
541 referral_str = talloc_asprintf(r, "\\%s", dns_domain);
542 if (referral_str == NULL) {
543 return NT_STATUS_NO_MEMORY;
544 }
545
546 status = fill_domain_dfs_referraltype(referrals,
547 &referrals[1], 3,
548 referral_str,
549 NULL, 0);
550 if (!NT_STATUS_IS_OK(status)) {
551 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
552 __location__, nt_errstr(status)));
553 return status;
554 }
555
556 return NT_STATUS_OK;
557 }
558
559 /*
560 * Handle the logic for dfs referral request like
561 * \\dns_domain or \\netbios_domain.
562 */
563 static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
564 struct ldb_context *sam_ctx,
565 const struct tsocket_address *client,
566 struct dfs_GetDFSReferral *r,
567 const char *domain_name)
568 {
569 NTSTATUS status;
570 const char *site_name = NULL; /* Name of the site where the client is */
571 bool need_fqdn = false;
572 unsigned int i;
573 const char **dc_list = NULL;
574 uint32_t num_dcs = 0;
575 struct dc_set **set;
576 char *client_str = NULL;
577 struct dfs_referral_type *referrals;
578 const char *referral_str;
579
580 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
581 return NT_STATUS_INVALID_PARAMETER;
582 }
583
584 if (r->in.req.max_referral_level < 3) {
585 DEBUG(2,("invalid max_referral_level %u\n",
586 r->in.req.max_referral_level));
587 return NT_STATUS_UNSUCCESSFUL;
588 }
589
590 DEBUG(10, ("in this we have request for %s requested is %s\n",
591 domain_name, r->in.req.servername));
592
593 if (strchr(domain_name,'.')) {
594 need_fqdn = 1;
595 }
596
597 if (tsocket_address_is_inet(client, "ip")) {
598 client_str = tsocket_address_inet_addr_string(client, r);
599 if (client_str == NULL) {
600 return NT_STATUS_NO_MEMORY;
601 }
602 }
603
604 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
605
606 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
607 if (!NT_STATUS_IS_OK(status)) {
608 DEBUG(3,("Unable to get list of DCs - %s\n",
609 nt_errstr(status)));
610 return status;
611 }
612
613 for(i=0; set[i]; i++) {
614 uint32_t j;
615
616 dc_list = talloc_realloc(r, dc_list, const char*,
617 num_dcs + set[i]->count + 1);
618 if (dc_list == NULL) {
619 return NT_STATUS_NO_MEMORY;
620 }
621
622 for(j=0; j<set[i]->count; j++) {
623 dc_list[num_dcs + j] = talloc_move(dc_list,
624 &set[i]->names[j]);
625 }
626 num_dcs = num_dcs + set[i]->count;
627 TALLOC_FREE(set[i]);
628 dc_list[num_dcs] = NULL;
629 }
630
631 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
632 if (r->out.resp == NULL) {
633 return NT_STATUS_NO_MEMORY;
634 }
635
636 r->out.resp->path_consumed = 0;
637 r->out.resp->header_flags = 0; /* Do like w2k3 */
638 r->out.resp->nb_referrals = 1;
639
640 referrals = talloc_zero_array(r->out.resp,
641 struct dfs_referral_type,
642 r->out.resp->nb_referrals);
643 if (referrals == NULL) {
644 return NT_STATUS_NO_MEMORY;
645 }
646 r->out.resp->referral_entries = referrals;
647
648 if (r->in.req.servername[0] == '\\') {
649 referral_str = talloc_asprintf(referrals, "%s",
650 domain_name);
651 } else {
652 referral_str = talloc_asprintf(referrals, "\\%s",
653 domain_name);
654 }
655 if (referral_str == NULL) {
656 return NT_STATUS_NO_MEMORY;
657 }
658
659 status = fill_domain_dfs_referraltype(referrals,
660 &referrals[0], 3,
661 referral_str,
662 dc_list, num_dcs);
663 if (!NT_STATUS_IS_OK(status)) {
664 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
665 __location__, nt_errstr(status)));
666 return status;
667 }
668
669 return NT_STATUS_OK;
670 }
671
672 /*
673 * Handle the logic for dfs referral request like
674 * \\domain\sysvol or \\domain\netlogon
675 */
676 static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
677 struct ldb_context *sam_ctx,
678 const struct tsocket_address *client,
679 struct dfs_GetDFSReferral *r,
680 const char *domain_name,
681 const char *dfs_name)
682 {
683 const char *site_name = NULL; /* Name of the site where the client is */
684 bool need_fqdn = false;
685 unsigned int i, c = 0, nb_entries = 0;
686 struct dc_set **set;
687 char *client_str = NULL;
688 NTSTATUS status;
689 struct dfs_referral_type *referrals;
690
691 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
692 return NT_STATUS_INVALID_PARAMETER;
693 }
694
695 if (r->in.req.max_referral_level < 3) {
696 DEBUG(2,("invalid max_referral_level %u\n",
697 r->in.req.max_referral_level));
698 return NT_STATUS_UNSUCCESSFUL;
699 }
700
701 DEBUG(10, ("in this we have request for %s and share %s requested is %s\n",
702 domain_name, dfs_name, r->in.req.servername));
703
704 if (strchr(domain_name,'.')) {
705 need_fqdn = 1;
706 }
707
708 if (tsocket_address_is_inet(client, "ip")) {
709 client_str = tsocket_address_inet_addr_string(client, r);
710 if (client_str == NULL) {
711 return NT_STATUS_NO_MEMORY;
712 }
713 }
714
715 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
716
717 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
718 if (!NT_STATUS_IS_OK(status)) {
719 DEBUG(3,("Unable to get list of DCs - %s\n",
720 nt_errstr(status)));
721 return status;
722 }
723
724 for(i=0; set[i]; i++) {
725 nb_entries = nb_entries + set[i]->count;
726 }
727
728 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
729 if (r->out.resp == NULL) {
730 return NT_STATUS_NO_MEMORY;
731 }
732
733 /* The length is expected in bytes */
734 r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2;
735 /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/
736 r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR;
737 r->out.resp->nb_referrals = nb_entries;
738
739 referrals = talloc_zero_array(r->out.resp,
740 struct dfs_referral_type,
741 r->out.resp->nb_referrals);
742 if (referrals == NULL) {
743 return NT_STATUS_NO_MEMORY;
744 }
745 r->out.resp->referral_entries = referrals;
746
747 c = 0;
748 for(i=0; set[i]; i++) {
749 uint32_t j;
750
751 for(j=0; j< set[i]->count; j++) {
752 struct dfs_referral_type *ref = &referrals[c];
753 const char *referral_str;
754
755 referral_str = talloc_asprintf(referrals, "\\%s\\%s",
756 set[i]->names[j], dfs_name);
757 if (referral_str == NULL) {
758 return NT_STATUS_NO_MEMORY;
759 }
760
761 DEBUG(8,("Doing a dfs referral for %s with this value "
762 "%s requested %s\n",
763 set[i]->names[j], referral_str,
764 r->in.req.servername));
765
766 status = fill_normal_dfs_referraltype(referrals, ref,
767 r->in.req.max_referral_level,
768 r->in.req.servername,
769 referral_str, c==0);
770
771
772 if (!NT_STATUS_IS_OK(status)) {
773 DEBUG(2,("%s: Unable to fill domain referral "
774 "structure - %s\n",
775 __location__, nt_errstr(status)));
776 return status;
777 }
778
779 c++;
780 }
781 }
782
783 return NT_STATUS_OK;
784 }
785
786 /*
787 trans2 getdfsreferral implementation
788 */
789 NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx,
790 struct ldb_context *sam_ctx,
791 const struct tsocket_address *client,
792 struct dfs_GetDFSReferral *r)
793 {
794 char *server_name = NULL;
795 char *dfs_name = NULL;
796 char *link_path = NULL;
797 const char *netbios_domain;
798 const char *dns_domain;
799 const char *netbios_name;
800 const char *dns_name;
801 const char **netbios_aliases;
802 char path_separator;
803
804 if (!lpcfg_host_msdfs(lp_ctx)) {
805 return NT_STATUS_FS_DRIVER_REQUIRED;
806 }
807
808 if (r->in.req.servername == NULL) {
809 return NT_STATUS_INVALID_PARAMETER;
810 }
811
812 DEBUG(8, ("Requested DFS name: %s length: %u\n",
813 r->in.req.servername,
814 (unsigned int)strlen_m(r->in.req.servername)*2));
815
816 /*
817 * If the servername is "" then we are in a case of domain dfs
818 * and the client just searches for the list of local domain
819 * it is attached and also trusted ones.
820 */
821 if (strlen(r->in.req.servername) == 0) {
822 return dodomain_referral(lp_ctx, sam_ctx, client, r);
823 }
824
825 server_name = talloc_strdup(r, r->in.req.servername);
826 if (server_name == NULL) {
827 return NT_STATUS_NO_MEMORY;
828 }
829
830 path_separator = (*server_name == '/') ? '/' : '\\';
831
832 while(*server_name && *server_name == path_separator) {
833 server_name++;
834 }
835
836 dfs_name = strchr_m(server_name, path_separator);
837 if (dfs_name != NULL) {
838 dfs_name[0] = '\0';
839 dfs_name++;
840
841 link_path = strchr_m(dfs_name, path_separator);
842 if (link_path != NULL) {
843 link_path[0] = '\0';
844 link_path++;
845 }
846 }
847
848 if (link_path != NULL) {
849 /*
850 * If it is a DFS Link we do not
851 * handle it here.
852 */
853 return NT_STATUS_NOT_FOUND;
854 }
855
856 netbios_domain = lpcfg_workgroup(lp_ctx);
857 dns_domain = lpcfg_dnsdomain(lp_ctx);
858 netbios_name = lpcfg_netbios_name(lp_ctx);
859 dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain);
860 if (dns_name == NULL) {
861 return NT_STATUS_NO_MEMORY;
862 }
863
864 if ((strcasecmp_m(server_name, netbios_name) == 0) ||
865 (strcasecmp_m(server_name, dns_name) == 0)) {
866 /*
867 * If it is not domain related do not
868 * handle it here.
869 */
870 return NT_STATUS_NOT_FOUND;
871 }
872
873 if (is_ipaddress(server_name)) {
874 /*
875 * If it is not domain related do not
876 * handle it here.
877 */
878 return NT_STATUS_NOT_FOUND;
879 }
880
881 netbios_aliases = lpcfg_netbios_aliases(lp_ctx);
882 while (netbios_aliases && *netbios_aliases) {
883 const char *netbios_alias = *netbios_aliases;
884 char *dns_alias;
885 int cmp;
886
887 cmp = strcasecmp_m(server_name, netbios_alias);
888 if (cmp == 0) {
889 /*
890 * If it is not domain related do not
891 * handle it here.
892 */
893 return NT_STATUS_NOT_FOUND;
894 }
895
896 dns_alias = talloc_asprintf(r, "%s.%s",
897 netbios_alias,
898 dns_domain);
899 if (dns_alias == NULL) {
900 return NT_STATUS_NO_MEMORY;
901 }
902
903 cmp = strcasecmp_m(server_name, dns_alias);
904 talloc_free(dns_alias);
905 if (cmp == 0) {
906 /*
907 * If it is not domain related do not
908 * handle it here.
909 */
910 return NT_STATUS_NOT_FOUND;
911 }
912 netbios_aliases++;
913 }
914
915 if ((strcasecmp_m(server_name, netbios_domain) != 0) &&
916 (strcasecmp_m(server_name, dns_domain) != 0)) {
917 /*
918 * Not a domain we handle.
919 */
920 return NT_STATUS_INVALID_PARAMETER;
921 }
922
923 /*
924 * Here we have filtered the thing the requested name don't contain our DNS name.
925 * So if the share == NULL or if share in ("sysvol", "netlogon")
926 * then we proceed. In the first case it will be a dc refereal in the second it will
927 * be just a sysvol/netlogon referral.
928 */
929 if (dfs_name == NULL) {
930 return dodc_referral(lp_ctx, sam_ctx,
931 client, r, server_name);
932 }
933
934 /*
935 * Here we have filtered the thing the requested name don't contain our DNS name.
936 * So if the share == NULL or if share in ("sysvol", "netlogon")
937 * then we proceed. In the first case it will be a dc refereal in the second it will
938 * be just a sysvol/netlogon referral.
939 */
940 if (strcasecmp(dfs_name, "sysvol") == 0 ||
941 strcasecmp(dfs_name, "netlogon") == 0) {
942 return dosysvol_referral(lp_ctx, sam_ctx, client, r,
943 server_name, dfs_name);
944 }
945
946 /* By default until all the case are handled */
947 return NT_STATUS_NOT_FOUND;
948 }
Samba GIT mirror