search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pyldb: add tests for getting control results
[Samba.git] / source3 / libsmb / clidfs.c
blob1c879884fe1ca6cbea9ed1c946ff33856e6de0a6
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 /********************************************************************
25 Important point.
26
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
29
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
34
35 /********************************************************************
36 Ensure a connection is encrypted.
37 ********************************************************************/
38
39 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
40 const char *username,
41 const char *password,
42 const char *domain,
43 const char *sharename)
44 {
45 NTSTATUS status = cli_force_encryption(c,
46 username,
47 password,
48 domain);
49
50 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
51 d_printf("Encryption required and "
52 "server that doesn't support "
53 "UNIX extensions - failing connect\n");
54 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
55 d_printf("Encryption required and "
56 "can't get UNIX CIFS extensions "
57 "version from server.\n");
58 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
59 d_printf("Encryption required and "
60 "share %s doesn't support "
61 "encryption.\n", sharename);
62 } else if (!NT_STATUS_IS_OK(status)) {
63 d_printf("Encryption required and "
64 "setup failed with error %s.\n",
65 nt_errstr(status));
66 }
67
68 return status;
69 }
70
71 /********************************************************************
72 Return a connection to a server.
73 ********************************************************************/
74
75 static struct cli_state *do_connect(TALLOC_CTX *ctx,
76 const char *server,
77 const char *share,
78 const struct user_auth_info *auth_info,
79 bool show_sessetup,
80 bool force_encrypt,
81 int max_protocol,
82 int port,
83 int name_type)
84 {
85 struct cli_state *c = NULL;
86 struct nmb_name called, calling;
87 const char *called_str;
88 const char *server_n;
89 struct sockaddr_storage ss;
90 char *servicename;
91 char *sharename;
92 char *newserver, *newshare;
93 const char *username;
94 const char *password;
95 NTSTATUS status;
96
97 /* make a copy so we don't modify the global string 'service' */
98 servicename = talloc_strdup(ctx,share);
99 if (!servicename) {
100 return NULL;
101 }
102 sharename = servicename;
103 if (*sharename == '\\') {
104 sharename += 2;
105 called_str = sharename;
106 if (server == NULL) {
107 server = sharename;
108 }
109 sharename = strchr_m(sharename,'\\');
110 if (!sharename) {
111 return NULL;
112 }
113 *sharename = 0;
114 sharename++;
115 } else {
116 called_str = server;
117 }
118
119 server_n = server;
120
121 zero_sockaddr(&ss);
122
123 make_nmb_name(&calling, global_myname(), 0x0);
124 make_nmb_name(&called , called_str, name_type);
125
126 again:
127 zero_sockaddr(&ss);
128
129 /* have to open a new connection */
130 c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info));
131 if (c == NULL) {
132 d_printf("Connection to %s failed\n", server_n);
133 return NULL;
134 }
135 if (port) {
136 cli_set_port(c, port);
137 }
138
139 status = cli_connect(c, server_n, &ss);
140 if (!NT_STATUS_IS_OK(status)) {
141 d_printf("Connection to %s failed (Error %s)\n",
142 server_n,
143 nt_errstr(status));
144 cli_shutdown(c);
145 return NULL;
146 }
147
148 if (max_protocol == 0) {
149 max_protocol = PROTOCOL_NT1;
150 }
151 c->protocol = max_protocol;
152 c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
153 c->fallback_after_kerberos =
154 get_cmdline_auth_info_fallback_after_kerberos(auth_info);
155 c->use_ccache = get_cmdline_auth_info_use_ccache(auth_info);
156
157 if (!cli_session_request(c, &calling, &called)) {
158 char *p;
159 d_printf("session request to %s failed (%s)\n",
160 called.name, cli_errstr(c));
161 cli_shutdown(c);
162 c = NULL;
163 if ((p=strchr_m(called.name, '.'))) {
164 *p = 0;
165 goto again;
166 }
167 if (strcmp(called.name, "*SMBSERVER")) {
168 make_nmb_name(&called , "*SMBSERVER", 0x20);
169 goto again;
170 }
171 return NULL;
172 }
173
174 DEBUG(4,(" session request ok\n"));
175
176 status = cli_negprot(c);
177
178 if (!NT_STATUS_IS_OK(status)) {
179 d_printf("protocol negotiation failed: %s\n",
180 nt_errstr(status));
181 cli_shutdown(c);
182 return NULL;
183 }
184
185 username = get_cmdline_auth_info_username(auth_info);
186 password = get_cmdline_auth_info_password(auth_info);
187
188 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
189 password, strlen(password),
190 password, strlen(password),
191 lp_workgroup()))) {
192 /* If a password was not supplied then
193 * try again with a null username. */
194 if (password[0] || !username[0] ||
195 get_cmdline_auth_info_use_kerberos(auth_info) ||
196 !NT_STATUS_IS_OK(cli_session_setup(c, "",
197 "", 0,
198 "", 0,
199 lp_workgroup()))) {
200 d_printf("session setup failed: %s\n", cli_errstr(c));
201 if (NT_STATUS_V(cli_nt_error(c)) ==
202 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
203 d_printf("did you forget to run kinit?\n");
204 cli_shutdown(c);
205 return NULL;
206 }
207 d_printf("Anonymous login successful\n");
208 status = cli_init_creds(c, "", lp_workgroup(), "");
209 } else {
210 status = cli_init_creds(c, username, lp_workgroup(), password);
211 }
212
213 if (!NT_STATUS_IS_OK(status)) {
214 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
215 cli_shutdown(c);
216 return NULL;
217 }
218
219 if ( show_sessetup ) {
220 if (*c->server_domain) {
221 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
222 c->server_domain,c->server_os,c->server_type));
223 } else if (*c->server_os || *c->server_type) {
224 DEBUG(0,("OS=[%s] Server=[%s]\n",
225 c->server_os,c->server_type));
226 }
227 }
228 DEBUG(4,(" session setup ok\n"));
229
230 /* here's the fun part....to support 'msdfs proxy' shares
231 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
232 here before trying to connect to the original share.
233 cli_check_msdfs_proxy() will fail if it is a normal share. */
234
235 if ((c->capabilities & CAP_DFS) &&
236 cli_check_msdfs_proxy(ctx, c, sharename,
237 &newserver, &newshare,
238 force_encrypt,
239 username,
240 password,
241 lp_workgroup())) {
242 cli_shutdown(c);
243 return do_connect(ctx, newserver,
244 newshare, auth_info, false,
245 force_encrypt, max_protocol,
246 port, name_type);
247 }
248
249 /* must be a normal share */
250
251 status = cli_tcon_andx(c, sharename, "?????",
252 password, strlen(password)+1);
253 if (!NT_STATUS_IS_OK(status)) {
254 d_printf("tree connect failed: %s\n", nt_errstr(status));
255 cli_shutdown(c);
256 return NULL;
257 }
258
259 if (force_encrypt) {
260 status = cli_cm_force_encryption(c,
261 username,
262 password,
263 lp_workgroup(),
264 sharename);
265 if (!NT_STATUS_IS_OK(status)) {
266 cli_shutdown(c);
267 return NULL;
268 }
269 }
270
271 DEBUG(4,(" tconx ok\n"));
272 return c;
273 }
274
275 /****************************************************************************
276 ****************************************************************************/
277
278 static void cli_set_mntpoint(struct cli_state *cli, const char *mnt)
279 {
280 char *name = clean_name(NULL, mnt);
281 if (!name) {
282 return;
283 }
284 TALLOC_FREE(cli->dfs_mountpoint);
285 cli->dfs_mountpoint = talloc_strdup(cli, name);
286 TALLOC_FREE(name);
287 }
288
289 /********************************************************************
290 Add a new connection to the list.
291 referring_cli == NULL means a new initial connection.
292 ********************************************************************/
293
294 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
295 struct cli_state *referring_cli,
296 const char *server,
297 const char *share,
298 const struct user_auth_info *auth_info,
299 bool show_hdr,
300 bool force_encrypt,
301 int max_protocol,
302 int port,
303 int name_type)
304 {
305 struct cli_state *cli;
306
307 cli = do_connect(ctx, server, share,
308 auth_info,
309 show_hdr, force_encrypt, max_protocol,
310 port, name_type);
311
312 if (!cli ) {
313 return NULL;
314 }
315
316 /* Enter into the list. */
317 if (referring_cli) {
318 DLIST_ADD_END(referring_cli, cli, struct cli_state *);
319 }
320
321 if (referring_cli && referring_cli->requested_posix_capabilities) {
322 uint16 major, minor;
323 uint32 caplow, caphigh;
324 NTSTATUS status;
325 status = cli_unix_extensions_version(cli, &major, &minor,
326 &caplow, &caphigh);
327 if (NT_STATUS_IS_OK(status)) {
328 cli_set_unix_extensions_capabilities(cli,
329 major, minor,
330 caplow, caphigh);
331 }
332 }
333
334 return cli;
335 }
336
337 /********************************************************************
338 Return a connection to a server on a particular share.
339 ********************************************************************/
340
341 static struct cli_state *cli_cm_find(struct cli_state *cli,
342 const char *server,
343 const char *share)
344 {
345 struct cli_state *p;
346
347 if (cli == NULL) {
348 return NULL;
349 }
350
351 /* Search to the start of the list. */
352 for (p = cli; p; p = DLIST_PREV(p)) {
353 if (strequal(server, p->desthost) &&
354 strequal(share,p->share)) {
355 return p;
356 }
357 }
358
359 /* Search to the end of the list. */
360 for (p = cli->next; p; p = p->next) {
361 if (strequal(server, p->desthost) &&
362 strequal(share,p->share)) {
363 return p;
364 }
365 }
366
367 return NULL;
368 }
369
370 /****************************************************************************
371 Open a client connection to a \\server\share.
372 ****************************************************************************/
373
374 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
375 struct cli_state *referring_cli,
376 const char *server,
377 const char *share,
378 const struct user_auth_info *auth_info,
379 bool show_hdr,
380 bool force_encrypt,
381 int max_protocol,
382 int port,
383 int name_type)
384 {
385 /* Try to reuse an existing connection in this list. */
386 struct cli_state *c = cli_cm_find(referring_cli, server, share);
387
388 if (c) {
389 return c;
390 }
391
392 if (auth_info == NULL) {
393 /* Can't do a new connection
394 * without auth info. */
395 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
396 "without auth info\n",
397 server, share );
398 return NULL;
399 }
400
401 return cli_cm_connect(ctx,
402 referring_cli,
403 server,
404 share,
405 auth_info,
406 show_hdr,
407 force_encrypt,
408 max_protocol,
409 port,
410 name_type);
411 }
412
413 /****************************************************************************
414 ****************************************************************************/
415
416 void cli_cm_display(const struct cli_state *cli)
417 {
418 int i;
419
420 for (i=0; cli; cli = cli->next,i++ ) {
421 d_printf("%d:\tserver=%s, share=%s\n",
422 i, cli->desthost, cli->share );
423 }
424 }
425
426 /****************************************************************************
427 ****************************************************************************/
428
429 /****************************************************************************
430 ****************************************************************************/
431
432 #if 0
433 void cli_cm_set_credentials(struct user_auth_info *auth_info)
434 {
435 SAFE_FREE(cm_creds.username);
436 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
437 auth_info));
438
439 if (get_cmdline_auth_info_got_pass(auth_info)) {
440 cm_set_password(get_cmdline_auth_info_password(auth_info));
441 }
442
443 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
444 cm_creds.fallback_after_kerberos = false;
445 cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
446 }
447 #endif
448
449 /**********************************************************************
450 split a dfs path into the server, share name, and extrapath components
451 **********************************************************************/
452
453 static bool split_dfs_path(TALLOC_CTX *ctx,
454 const char *nodepath,
455 char **pp_server,
456 char **pp_share,
457 char **pp_extrapath)
458 {
459 char *p, *q;
460 char *path;
461
462 *pp_server = NULL;
463 *pp_share = NULL;
464 *pp_extrapath = NULL;
465
466 path = talloc_strdup(ctx, nodepath);
467 if (!path) {
468 goto fail;
469 }
470
471 if ( path[0] != '\\' ) {
472 goto fail;
473 }
474
475 p = strchr_m( path + 1, '\\' );
476 if ( !p ) {
477 goto fail;
478 }
479
480 *p = '\0';
481 p++;
482
483 /* Look for any extra/deep path */
484 q = strchr_m(p, '\\');
485 if (q != NULL) {
486 *q = '\0';
487 q++;
488 *pp_extrapath = talloc_strdup(ctx, q);
489 } else {
490 *pp_extrapath = talloc_strdup(ctx, "");
491 }
492 if (*pp_extrapath == NULL) {
493 goto fail;
494 }
495
496 *pp_share = talloc_strdup(ctx, p);
497 if (*pp_share == NULL) {
498 goto fail;
499 }
500
501 *pp_server = talloc_strdup(ctx, &path[1]);
502 if (*pp_server == NULL) {
503 goto fail;
504 }
505
506 TALLOC_FREE(path);
507 return true;
508
509 fail:
510 TALLOC_FREE(*pp_share);
511 TALLOC_FREE(*pp_extrapath);
512 TALLOC_FREE(path);
513 return false;
514 }
515
516 /****************************************************************************
517 Return the original path truncated at the directory component before
518 the first wildcard character. Trust the caller to provide a NULL
519 terminated string
520 ****************************************************************************/
521
522 static char *clean_path(TALLOC_CTX *ctx, const char *path)
523 {
524 size_t len;
525 char *p1, *p2, *p;
526 char *path_out;
527
528 /* No absolute paths. */
529 while (IS_DIRECTORY_SEP(*path)) {
530 path++;
531 }
532
533 path_out = talloc_strdup(ctx, path);
534 if (!path_out) {
535 return NULL;
536 }
537
538 p1 = strchr_m(path_out, '*');
539 p2 = strchr_m(path_out, '?');
540
541 if (p1 || p2) {
542 if (p1 && p2) {
543 p = MIN(p1,p2);
544 } else if (!p1) {
545 p = p2;
546 } else {
547 p = p1;
548 }
549 *p = '\0';
550
551 /* Now go back to the start of this component. */
552 p1 = strrchr_m(path_out, '/');
553 p2 = strrchr_m(path_out, '\\');
554 p = MAX(p1,p2);
555 if (p) {
556 *p = '\0';
557 }
558 }
559
560 /* Strip any trailing separator */
561
562 len = strlen(path_out);
563 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
564 path_out[len-1] = '\0';
565 }
566
567 return path_out;
568 }
569
570 /****************************************************************************
571 ****************************************************************************/
572
573 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
574 struct cli_state *cli,
575 const char *dir)
576 {
577 char path_sep = '\\';
578
579 /* Ensure the extrapath doesn't start with a separator. */
580 while (IS_DIRECTORY_SEP(*dir)) {
581 dir++;
582 }
583
584 if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
585 path_sep = '/';
586 }
587 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
588 path_sep,
589 cli->desthost,
590 path_sep,
591 cli->share,
592 path_sep,
593 dir);
594 }
595
596 /********************************************************************
597 check for dfs referral
598 ********************************************************************/
599
600 static bool cli_dfs_check_error(struct cli_state *cli, NTSTATUS expected,
601 NTSTATUS status)
602 {
603 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
604
605 if (!(cli->capabilities & CAP_UNICODE)) {
606 return false;
607 }
608 if (!(cli->capabilities & CAP_STATUS32)) {
609 return false;
610 }
611 if (NT_STATUS_EQUAL(status, expected)) {
612 return true;
613 }
614 return false;
615 }
616
617 /********************************************************************
618 Get the dfs referral link.
619 ********************************************************************/
620
621 NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
622 struct cli_state *cli,
623 const char *path,
624 struct client_dfs_referral **refs,
625 size_t *num_refs,
626 size_t *consumed)
627 {
628 unsigned int data_len = 0;
629 unsigned int param_len = 0;
630 uint16 setup[1];
631 uint8_t *param = NULL;
632 uint8_t *rdata = NULL;
633 char *p;
634 char *endp;
635 size_t pathlen = 2*(strlen(path)+1);
636 smb_ucs2_t *path_ucs;
637 char *consumed_path = NULL;
638 uint16_t consumed_ucs;
639 uint16 num_referrals;
640 struct client_dfs_referral *referrals = NULL;
641 NTSTATUS status;
642
643 *num_refs = 0;
644 *refs = NULL;
645
646 SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);
647
648 param = SMB_MALLOC_ARRAY(uint8_t, 2+pathlen+2);
649 if (!param) {
650 status = NT_STATUS_NO_MEMORY;
651 goto out;
652 }
653 SSVAL(param, 0, 0x03); /* max referral level */
654 p = (char *)(&param[2]);
655
656 path_ucs = (smb_ucs2_t *)p;
657 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
658 param_len = PTR_DIFF(p, param);
659
660 status = cli_trans(talloc_tos(), cli, SMBtrans2,
661 NULL, 0xffff, 0, 0,
662 setup, 1, 0,
663 param, param_len, 2,
664 NULL, 0, cli->max_xmit,
665 NULL,
666 NULL, 0, NULL, /* rsetup */
667 NULL, 0, NULL,
668 &rdata, 4, &data_len);
669 if (!NT_STATUS_IS_OK(status)) {
670 goto out;
671 }
672 if (data_len < 4) {
673 goto out;
674 }
675
676 endp = (char *)rdata + data_len;
677
678 consumed_ucs = SVAL(rdata, 0);
679 num_referrals = SVAL(rdata, 2);
680
681 /* consumed_ucs is the number of bytes
682 * of the UCS2 path consumed not counting any
683 * terminating null. We need to convert
684 * back to unix charset and count again
685 * to get the number of bytes consumed from
686 * the incoming path. */
687
688 if (pull_string_talloc(talloc_tos(),
689 NULL,
690 0,
691 &consumed_path,
692 path_ucs,
693 consumed_ucs,
694 STR_UNICODE) == 0) {
695 goto out;
696 }
697 if (consumed_path == NULL) {
698 goto out;
699 }
700 *consumed = strlen(consumed_path);
701
702 if (num_referrals != 0) {
703 uint16 ref_version;
704 uint16 ref_size;
705 int i;
706 uint16 node_offset;
707
708 referrals = talloc_array(ctx, struct client_dfs_referral,
709 num_referrals);
710
711 if (!referrals) {
712 goto out;
713 }
714 /* start at the referrals array */
715
716 p = (char *)rdata+8;
717 for (i=0; i<num_referrals && p < endp; i++) {
718 if (p + 18 > endp) {
719 goto out;
720 }
721 ref_version = SVAL(p, 0);
722 ref_size = SVAL(p, 2);
723 node_offset = SVAL(p, 16);
724
725 if (ref_version != 3) {
726 p += ref_size;
727 continue;
728 }
729
730 referrals[i].proximity = SVAL(p, 8);
731 referrals[i].ttl = SVAL(p, 10);
732
733 if (p + node_offset > endp) {
734 goto out;
735 }
736 clistr_pull_talloc(ctx, cli->inbuf,
737 SVAL(cli->inbuf, smb_flg2),
738 &referrals[i].dfspath,
739 p+node_offset, -1,
740 STR_TERMINATE|STR_UNICODE);
741
742 if (!referrals[i].dfspath) {
743 goto out;
744 }
745 p += ref_size;
746 }
747 if (i < num_referrals) {
748 goto out;
749 }
750 }
751
752 *num_refs = num_referrals;
753 *refs = referrals;
754
755 out:
756
757 TALLOC_FREE(consumed_path);
758 SAFE_FREE(param);
759 TALLOC_FREE(rdata);
760 return status;
761 }
762
763 /********************************************************************
764 ********************************************************************/
765
766 bool cli_resolve_path(TALLOC_CTX *ctx,
767 const char *mountpt,
768 const struct user_auth_info *dfs_auth_info,
769 struct cli_state *rootcli,
770 const char *path,
771 struct cli_state **targetcli,
772 char **pp_targetpath)
773 {
774 struct client_dfs_referral *refs = NULL;
775 size_t num_refs = 0;
776 size_t consumed = 0;
777 struct cli_state *cli_ipc = NULL;
778 char *dfs_path = NULL;
779 char *cleanpath = NULL;
780 char *extrapath = NULL;
781 int pathlen;
782 char *server = NULL;
783 char *share = NULL;
784 struct cli_state *newcli = NULL;
785 char *newpath = NULL;
786 char *newmount = NULL;
787 char *ppath = NULL;
788 SMB_STRUCT_STAT sbuf;
789 uint32 attributes;
790 NTSTATUS status;
791
792 if ( !rootcli || !path || !targetcli ) {
793 return false;
794 }
795
796 /* Don't do anything if this is not a DFS root. */
797
798 if ( !rootcli->dfsroot) {
799 *targetcli = rootcli;
800 *pp_targetpath = talloc_strdup(ctx, path);
801 if (!*pp_targetpath) {
802 return false;
803 }
804 return true;
805 }
806
807 *targetcli = NULL;
808
809 /* Send a trans2_query_path_info to check for a referral. */
810
811 cleanpath = clean_path(ctx, path);
812 if (!cleanpath) {
813 return false;
814 }
815
816 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
817 if (!dfs_path) {
818 return false;
819 }
820
821 status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
822 if (NT_STATUS_IS_OK(status)) {
823 /* This is an ordinary path, just return it. */
824 *targetcli = rootcli;
825 *pp_targetpath = talloc_strdup(ctx, path);
826 if (!*pp_targetpath) {
827 return false;
828 }
829 goto done;
830 }
831
832 /* Special case where client asked for a path that does not exist */
833
834 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND,
835 status)) {
836 *targetcli = rootcli;
837 *pp_targetpath = talloc_strdup(ctx, path);
838 if (!*pp_targetpath) {
839 return false;
840 }
841 goto done;
842 }
843
844 /* We got an error, check for DFS referral. */
845
846 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED,
847 status)) {
848 return false;
849 }
850
851 /* Check for the referral. */
852
853 if (!(cli_ipc = cli_cm_open(ctx,
854 rootcli,
855 rootcli->desthost,
856 "IPC$",
857 dfs_auth_info,
858 false,
859 (rootcli->trans_enc_state != NULL),
860 rootcli->protocol,
861 0,
862 0x20))) {
863 return false;
864 }
865
866 status = cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
867 &num_refs, &consumed);
868 if (!NT_STATUS_IS_OK(status) || !num_refs) {
869 return false;
870 }
871
872 /* Just store the first referral for now. */
873
874 if (!refs[0].dfspath) {
875 return false;
876 }
877 if (!split_dfs_path(ctx, refs[0].dfspath, &server, &share,
878 &extrapath)) {
879 return false;
880 }
881
882 /* Make sure to recreate the original string including any wildcards. */
883
884 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
885 if (!dfs_path) {
886 return false;
887 }
888 pathlen = strlen(dfs_path);
889 consumed = MIN(pathlen, consumed);
890 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
891 if (!*pp_targetpath) {
892 return false;
893 }
894 dfs_path[consumed] = '\0';
895
896 /*
897 * *pp_targetpath is now the unconsumed part of the path.
898 * dfs_path is now the consumed part of the path
899 * (in \server\share\path format).
900 */
901
902 /* Open the connection to the target server & share */
903 if ((*targetcli = cli_cm_open(ctx, rootcli,
904 server,
905 share,
906 dfs_auth_info,
907 false,
908 (rootcli->trans_enc_state != NULL),
909 rootcli->protocol,
910 0,
911 0x20)) == NULL) {
912 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
913 server, share );
914 return false;
915 }
916
917 if (extrapath && strlen(extrapath) > 0) {
918 *pp_targetpath = talloc_asprintf(ctx,
919 "%s%s",
920 extrapath,
921 *pp_targetpath);
922 if (!*pp_targetpath) {
923 return false;
924 }
925 }
926
927 /* parse out the consumed mount path */
928 /* trim off the \server\share\ */
929
930 ppath = dfs_path;
931
932 if (*ppath != '\\') {
933 d_printf("cli_resolve_path: "
934 "dfs_path (%s) not in correct format.\n",
935 dfs_path );
936 return false;
937 }
938
939 ppath++; /* Now pointing at start of server name. */
940
941 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
942 return false;
943 }
944
945 ppath++; /* Now pointing at start of share name. */
946
947 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
948 return false;
949 }
950
951 ppath++; /* Now pointing at path component. */
952
953 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
954 if (!newmount) {
955 return false;
956 }
957
958 cli_set_mntpoint(*targetcli, newmount);
959
960 /* Check for another dfs referral, note that we are not
961 checking for loops here. */
962
963 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
964 if (cli_resolve_path(ctx,
965 newmount,
966 dfs_auth_info,
967 *targetcli,
968 *pp_targetpath,
969 &newcli,
970 &newpath)) {
971 /*
972 * When cli_resolve_path returns true here it's always
973 * returning the complete path in newpath, so we're done
974 * here.
975 */
976 *targetcli = newcli;
977 *pp_targetpath = newpath;
978 return true;
979 }
980 }
981
982 done:
983
984 /* If returning true ensure we return a dfs root full path. */
985 if ((*targetcli)->dfsroot) {
986 dfs_path = talloc_strdup(ctx, *pp_targetpath);
987 if (!dfs_path) {
988 return false;
989 }
990 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
991 }
992
993 return true;
994 }
995
996 /********************************************************************
997 ********************************************************************/
998
999 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1000 struct cli_state *cli,
1001 const char *sharename,
1002 char **pp_newserver,
1003 char **pp_newshare,
1004 bool force_encrypt,
1005 const char *username,
1006 const char *password,
1007 const char *domain)
1008 {
1009 struct client_dfs_referral *refs = NULL;
1010 size_t num_refs = 0;
1011 size_t consumed = 0;
1012 char *fullpath = NULL;
1013 bool res;
1014 uint16 cnum;
1015 char *newextrapath = NULL;
1016 NTSTATUS status;
1017
1018 if (!cli || !sharename) {
1019 return false;
1020 }
1021
1022 cnum = cli->cnum;
1023
1024 /* special case. never check for a referral on the IPC$ share */
1025
1026 if (strequal(sharename, "IPC$")) {
1027 return false;
1028 }
1029
1030 /* send a trans2_query_path_info to check for a referral */
1031
1032 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1033 if (!fullpath) {
1034 return false;
1035 }
1036
1037 /* check for the referral */
1038
1039 if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
1040 return false;
1041 }
1042
1043 if (force_encrypt) {
1044 status = cli_cm_force_encryption(cli,
1045 username,
1046 password,
1047 lp_workgroup(),
1048 "IPC$");
1049 if (!NT_STATUS_IS_OK(status)) {
1050 return false;
1051 }
1052 }
1053
1054 status = cli_dfs_get_referral(ctx, cli, fullpath, &refs,
1055 &num_refs, &consumed);
1056 res = NT_STATUS_IS_OK(status);
1057
1058 status = cli_tdis(cli);
1059 if (!NT_STATUS_IS_OK(status)) {
1060 return false;
1061 }
1062
1063 cli->cnum = cnum;
1064
1065 if (!res || !num_refs) {
1066 return false;
1067 }
1068
1069 if (!refs[0].dfspath) {
1070 return false;
1071 }
1072
1073 if (!split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1074 pp_newshare, &newextrapath)) {
1075 return false;
1076 }
1077
1078 /* check that this is not a self-referral */
1079
1080 if (strequal(cli->desthost, *pp_newserver) &&
1081 strequal(sharename, *pp_newshare)) {
1082 return false;
1083 }
1084
1085 return true;
1086 }
Samba GIT mirror