CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd
[Samba.git] / dfs_server / dfs_server_ad.c
blob7f4384f443e6623ac3c7839b424144c6db96e006
1 /*
2 Unix SMB/CIFS implementation.
4 Copyright Matthieu Patou <mat@matws.net> 2010-2011
5 Copyright Stefan Metzmacher 2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "librpc/gen_ndr/dfsblobs.h"
23 #include "librpc/gen_ndr/ndr_dfsblobs.h"
24 #include "dsdb/samdb/samdb.h"
25 #include "auth/session.h"
26 #include "param/param.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "dfs_server/dfs_server_ad.h"
29 #include "lib/util/util_net.h"
30 #include "libds/common/roles.h"
32 #define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
34 #undef strcasecmp
36 /* A DC set is a group of DC, they might have been grouped together
37 because they belong to the same site, or to site with same cost ...
39 struct dc_set {
40 const char **names;
41 uint32_t count;
44 static void shuffle_dc_set(struct dc_set *list)
46 uint32_t i;
48 for (i = list->count; i > 1; i--) {
49 uint32_t r;
50 const char *tmp;
52 r = generate_random() % i;
54 tmp = list->names[i - 1];
55 list->names[i - 1] = list->names[r];
56 list->names[r] = tmp;
61 fill a referral type structure
63 static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx,
64 struct dfs_referral_type *ref,
65 uint16_t version,
66 const char *dfs_path,
67 const char *server_path, int isfirstoffset)
69 ZERO_STRUCTP(ref);
70 switch (version) {
71 case 4:
72 ref->version = version;
73 /* For the moment there is a bug with XP that don't seems to appriciate much
74 * level4 so we return just level 3 for everyone
76 ref->referral.v4.server_type = DFS_SERVER_NON_ROOT;
77 /* "normal" referral seems to always include the GUID */
78 ref->referral.v4.size = 34;
80 if (isfirstoffset) {
81 ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK;
83 ref->referral.v4.ttl = 900; /* As w2k8r2 */
84 ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
85 if (ref->referral.v4.referrals.r1.DFS_path == NULL) {
86 return NT_STATUS_NO_MEMORY;
88 ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
89 if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) {
90 return NT_STATUS_NO_MEMORY;
92 ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
93 if (ref->referral.v4.referrals.r1.netw_address == NULL) {
94 return NT_STATUS_NO_MEMORY;
96 return NT_STATUS_OK;
97 case 3:
98 ref->version = version;
99 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
100 /* "normal" referral seems to always include the GUID */
101 ref->referral.v3.size = 34;
103 ref->referral.v3.entry_flags = 0;
104 ref->referral.v3.ttl = 600; /* As w2k3 */
105 ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
106 if (ref->referral.v3.referrals.r1.DFS_path == NULL) {
107 return NT_STATUS_NO_MEMORY;
109 ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
110 if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) {
111 return NT_STATUS_NO_MEMORY;
113 ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
114 if (ref->referral.v3.referrals.r1.netw_address == NULL) {
115 return NT_STATUS_NO_MEMORY;
117 return NT_STATUS_OK;
119 return NT_STATUS_INVALID_LEVEL;
123 fill a domain refererral
125 static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx,
126 struct dfs_referral_type *ref,
127 uint16_t version,
128 const char *domain,
129 const char **names,
130 uint16_t numnames)
132 switch (version) {
133 case 3:
134 ZERO_STRUCTP(ref);
135 DEBUG(8, ("Called fill_domain_dfs_referraltype\n"));
136 ref->version = version;
137 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
138 #if 0
139 /* We use to have variable size, on Windows 2008R2 it's the same
140 * and it seems that it gives better results so ... let's use the same
141 * size.
143 * Additional note: XP SP2 will ask for version 3 and SP3 for version 4.
146 * It's hard coded ... don't think it's a good way but the
147 * sizeof return not the correct values
149 * We have 18 if the GUID is not included 34 otherwise
151 if (numnames == 0) {
152 /* Windows return without the guid when returning domain list
154 ref->referral.v3.size = 18;
155 } else {
156 ref->referral.v3.size = 34;
158 #endif
159 /* As seen in w2k8r2 it always return the null GUID */
160 ref->referral.v3.size = 34;
161 ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP;
162 ref->referral.v3.ttl = 600; /* As w2k3 and w2k8r2*/
163 ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx,
164 domain);
165 if (ref->referral.v3.referrals.r2.special_name == NULL) {
166 return NT_STATUS_NO_MEMORY;
168 ref->referral.v3.referrals.r2.nb_expanded_names = numnames;
169 /* Put the final terminator */
170 if (names) {
171 int i;
172 const char **names2 = talloc_array(mem_ctx, const char *,
173 numnames+1);
174 NT_STATUS_HAVE_NO_MEMORY(names2);
175 for (i = 0; i<numnames; i++) {
176 names2[i] = talloc_asprintf(names2, "\\%s", names[i]);
177 NT_STATUS_HAVE_NO_MEMORY(names2[i]);
179 names2[numnames] = NULL;
180 ref->referral.v3.referrals.r2.expanded_names = names2;
182 return NT_STATUS_OK;
184 return NT_STATUS_INVALID_LEVEL;
188 get the DCs list within a site
190 static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
191 struct ldb_dn *sitedn, struct dc_set *list,
192 bool dofqdn)
194 static const char *attrs[] = { "serverReference", NULL };
195 static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL };
196 struct ldb_result *r;
197 unsigned int i;
198 int ret;
199 const char **dc_list;
201 ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs,
202 "(&(objectClass=server)(serverReference=*))");
203 if (ret != LDB_SUCCESS) {
204 DEBUG(2,(__location__ ": Failed to get list of servers - %s\n",
205 ldb_errstring(ldb)));
206 return NT_STATUS_INTERNAL_ERROR;
209 if (r->count == 0) {
210 /* none in this site */
211 talloc_free(r);
212 return NT_STATUS_OK;
216 * need to search for all server object to know the size of the array.
217 * Search all the object of class server in this site
219 dc_list = talloc_array(r, const char *, r->count);
220 if (dc_list == NULL) {
221 TALLOC_FREE(r);
222 return NT_STATUS_NO_MEMORY;
225 /* TODO put some random here in the order */
226 list->names = talloc_realloc(list, list->names, const char *, list->count + r->count);
227 if (list->names == NULL) {
228 TALLOC_FREE(r);
229 return NT_STATUS_NO_MEMORY;
232 for (i = 0; i<r->count; i++) {
233 struct ldb_dn *dn;
234 struct ldb_message *msg;
236 dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
237 if (!dn) {
238 return NT_STATUS_INTERNAL_ERROR;
241 ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
242 if (ret != LDB_SUCCESS) {
243 DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
244 ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
245 return NT_STATUS_INTERNAL_ERROR;
248 if (dofqdn) {
249 const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
250 if (dns == NULL) {
251 DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
252 ldb_dn_get_linearized(dn)));
253 talloc_free(r);
254 return NT_STATUS_INTERNAL_ERROR;
257 list->names[list->count] = talloc_strdup(list->names, dns);
258 if (list->names[list->count] == NULL) {
259 TALLOC_FREE(r);
260 return NT_STATUS_NO_MEMORY;
262 } else {
263 char *tmp;
264 const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
265 if (aname == NULL) {
266 DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
267 ldb_dn_get_linearized(dn)));
268 talloc_free(r);
269 return NT_STATUS_INTERNAL_ERROR;
272 tmp = talloc_strdup(list->names, aname);
273 if (tmp == NULL) {
274 TALLOC_FREE(r);
275 return NT_STATUS_NO_MEMORY;
278 /* Netbios name is also the sAMAccountName for
279 computer but without the final $ */
280 tmp[strlen(tmp) - 1] = '\0';
281 list->names[list->count] = tmp;
283 list->count++;
284 talloc_free(msg);
287 shuffle_dc_set(list);
289 talloc_free(r);
290 return NT_STATUS_OK;
295 get all DCs
297 static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
298 const char *searched_site, bool need_fqdn,
299 struct dc_set ***pset_list, uint32_t flags)
302 * Flags will be used later to indicate things like least-expensive
303 * or same-site options
305 const char *attrs_none[] = { NULL };
306 const char *attrs3[] = { "name", NULL };
307 struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn;
308 struct ldb_result *r;
309 struct dc_set **set_list = NULL;
310 uint32_t i;
311 int ret;
312 uint32_t current_pos = 0;
313 NTSTATUS status;
314 TALLOC_CTX *subctx;
316 *pset_list = set_list = NULL;
318 subctx = talloc_new(ctx);
319 NT_STATUS_HAVE_NO_MEMORY(subctx);
321 configdn = ldb_get_config_basedn(ldb);
323 /* Let's search for the Site container */
324 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none,
325 "(objectClass=sitesContainer)");
326 if (ret != LDB_SUCCESS) {
327 DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n",
328 ldb_dn_get_linearized(configdn), ldb_errstring(ldb)));
329 talloc_free(subctx);
330 return NT_STATUS_INTERNAL_ERROR;
332 if (r->count > 1) {
333 DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n",
334 r->count, ldb_dn_get_linearized(configdn)));
335 talloc_free(subctx);
336 return NT_STATUS_INTERNAL_ERROR;
339 sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn);
340 talloc_free(r);
343 * TODO: Here we should have a more subtle handling
344 * for the case "same-site"
346 ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE,
347 attrs_none, "(objectClass=server)");
348 if (ret != LDB_SUCCESS) {
349 DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n",
350 ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb)));
351 talloc_free(subctx);
352 return NT_STATUS_INTERNAL_ERROR;
354 talloc_free(r);
356 if (searched_site != NULL && searched_site[0] != '\0') {
357 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE,
358 attrs_none, "(&(name=%s)(objectClass=site))", searched_site);
359 if (ret != LDB_SUCCESS) {
360 talloc_free(subctx);
361 return NT_STATUS_FOOBAR;
362 } else if (r->count != 1) {
363 talloc_free(subctx);
364 return NT_STATUS_FOOBAR;
367 /* All of this was to get the DN of the searched_site */
368 sitedn = r->msgs[0]->dn;
371 * We will realloc + 2 because we will need one additional place
372 * for element at current_pos + 1 for the NULL element
374 set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2);
375 if (set_list == NULL) {
376 TALLOC_FREE(subctx);
377 return NT_STATUS_NO_MEMORY;
380 set_list[current_pos] = talloc(set_list, struct dc_set);
381 if (set_list[current_pos] == NULL) {
382 TALLOC_FREE(subctx);
383 return NT_STATUS_NO_MEMORY;
386 set_list[current_pos]->names = NULL;
387 set_list[current_pos]->count = 0;
389 set_list[current_pos+1] = NULL;
391 status = get_dcs_insite(subctx, ldb, sitedn,
392 set_list[current_pos], need_fqdn);
393 if (!NT_STATUS_IS_OK(status)) {
394 DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n",
395 ldb_dn_get_linearized(sitedn), nt_errstr(status)));
396 talloc_free(subctx);
397 return status;
399 talloc_free(r);
400 current_pos++;
403 /* Let's find all the sites */
404 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)");
405 if (ret != LDB_SUCCESS) {
406 DEBUG(2,(__location__ ": Failed to find any site containers in %s\n",
407 ldb_dn_get_linearized(configdn)));
408 talloc_free(subctx);
409 return NT_STATUS_INTERNAL_DB_CORRUPTION;
413 * TODO:
414 * We should randomize the order in the main site,
415 * it's mostly needed for sysvol/netlogon referral.
416 * Depending of flag we either randomize order of the
417 * not "in the same site DCs"
418 * or we randomize by group of site that have the same cost
419 * In the long run we want to manipulate an array of site_set
420 * All the site in one set have the same cost (if least-expansive options is selected)
421 * and we will put all the dc related to 1 site set into 1 DCs set.
422 * Within a site set, site order has to be randomized
424 * But for the moment we just return the list of sites
426 if (r->count) {
428 * We will realloc + 2 because we will need one additional place
429 * for element at current_pos + 1 for the NULL element
431 set_list = talloc_realloc(subctx, set_list, struct dc_set *,
432 current_pos+2);
433 if (set_list == NULL) {
434 TALLOC_FREE(subctx);
435 return NT_STATUS_NO_MEMORY;
438 set_list[current_pos] = talloc(ctx, struct dc_set);
439 if (set_list[current_pos] == NULL) {
440 TALLOC_FREE(subctx);
441 return NT_STATUS_NO_MEMORY;
444 set_list[current_pos]->names = NULL;
445 set_list[current_pos]->count = 0;
447 set_list[current_pos+1] = NULL;
450 for (i=0; i<r->count; i++) {
451 const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL);
452 if (site_name == NULL) {
453 DEBUG(2,(__location__ ": Failed to find name attribute in %s\n",
454 ldb_dn_get_linearized(r->msgs[i]->dn)));
455 talloc_free(subctx);
456 return NT_STATUS_INTERNAL_DB_CORRUPTION;
459 if (searched_site == NULL ||
460 strcmp(searched_site, site_name) != 0) {
461 DEBUG(2,(__location__ ": Site: %s %s\n",
462 searched_site, site_name));
465 * Do all the site but the one of the client
466 * (because it has already been done ...)
468 dn = r->msgs[i]->dn;
470 status = get_dcs_insite(subctx, ldb, dn,
471 set_list[current_pos],
472 need_fqdn);
473 if (!NT_STATUS_IS_OK(status)) {
474 talloc_free(subctx);
475 return status;
480 *pset_list = talloc_move(ctx, &set_list);
481 talloc_free(subctx);
482 return NT_STATUS_OK;
485 static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
486 struct ldb_context *sam_ctx,
487 const struct tsocket_address *client,
488 struct dfs_GetDFSReferral *r)
491 * TODO for the moment we just return the local domain
493 NTSTATUS status;
494 const char *dns_domain = lpcfg_dnsdomain(lp_ctx);
495 const char *netbios_domain = lpcfg_workgroup(lp_ctx);
496 struct dfs_referral_type *referrals;
497 const char *referral_str;
498 /* In the future this needs to be fetched from the ldb */
499 uint32_t found_domain = 2;
501 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
502 DEBUG(10 ,("Received a domain referral request on a non DC\n"));
503 return NT_STATUS_INVALID_PARAMETER;
506 if (r->in.req.max_referral_level < 3) {
507 DEBUG(2,("invalid max_referral_level %u\n",
508 r->in.req.max_referral_level));
509 return NT_STATUS_UNSUCCESSFUL;
512 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
513 if (r->out.resp == NULL) {
514 return NT_STATUS_NO_MEMORY;
517 r->out.resp->path_consumed = 0;
518 r->out.resp->header_flags = 0; /* Do like w2k3 */
519 r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */
521 referrals = talloc_zero_array(r->out.resp,
522 struct dfs_referral_type,
523 r->out.resp->nb_referrals);
524 if (referrals == NULL) {
525 return NT_STATUS_NO_MEMORY;
527 r->out.resp->referral_entries = referrals;
529 referral_str = talloc_asprintf(r, "\\%s", netbios_domain);
530 if (referral_str == NULL) {
531 return NT_STATUS_NO_MEMORY;
534 status = fill_domain_dfs_referraltype(referrals,
535 &referrals[0], 3,
536 referral_str,
537 NULL, 0);
538 if (!NT_STATUS_IS_OK(status)) {
539 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
540 __location__, nt_errstr(status)));
541 return status;
544 referral_str = talloc_asprintf(r, "\\%s", dns_domain);
545 if (referral_str == NULL) {
546 return NT_STATUS_NO_MEMORY;
549 status = fill_domain_dfs_referraltype(referrals,
550 &referrals[1], 3,
551 referral_str,
552 NULL, 0);
553 if (!NT_STATUS_IS_OK(status)) {
554 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
555 __location__, nt_errstr(status)));
556 return status;
559 return NT_STATUS_OK;
563 * Handle the logic for dfs referral request like
564 * \\dns_domain or \\netbios_domain.
566 static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
567 struct ldb_context *sam_ctx,
568 const struct tsocket_address *client,
569 struct dfs_GetDFSReferral *r,
570 const char *domain_name)
572 NTSTATUS status;
573 const char *site_name = NULL; /* Name of the site where the client is */
574 bool need_fqdn = false;
575 unsigned int i;
576 const char **dc_list = NULL;
577 uint32_t num_dcs = 0;
578 struct dc_set **set;
579 char *client_str = NULL;
580 struct dfs_referral_type *referrals;
581 const char *referral_str;
583 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
584 return NT_STATUS_INVALID_PARAMETER;
587 if (r->in.req.max_referral_level < 3) {
588 DEBUG(2,("invalid max_referral_level %u\n",
589 r->in.req.max_referral_level));
590 return NT_STATUS_UNSUCCESSFUL;
593 DEBUG(10, ("in this we have request for %s requested is %s\n",
594 domain_name, r->in.req.servername));
596 if (strchr(domain_name,'.')) {
597 need_fqdn = 1;
600 if (tsocket_address_is_inet(client, "ip")) {
601 client_str = tsocket_address_inet_addr_string(client, r);
602 if (client_str == NULL) {
603 return NT_STATUS_NO_MEMORY;
607 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true);
609 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
610 if (!NT_STATUS_IS_OK(status)) {
611 DEBUG(3,("Unable to get list of DCs - %s\n",
612 nt_errstr(status)));
613 return status;
616 for(i=0; set[i]; i++) {
617 uint32_t j;
619 dc_list = talloc_realloc(r, dc_list, const char*,
620 num_dcs + set[i]->count + 1);
621 if (dc_list == NULL) {
622 return NT_STATUS_NO_MEMORY;
625 for(j=0; j<set[i]->count; j++) {
626 dc_list[num_dcs + j] = talloc_move(dc_list,
627 &set[i]->names[j]);
629 num_dcs = num_dcs + set[i]->count;
630 TALLOC_FREE(set[i]);
631 dc_list[num_dcs] = NULL;
634 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
635 if (r->out.resp == NULL) {
636 return NT_STATUS_NO_MEMORY;
639 r->out.resp->path_consumed = 0;
640 r->out.resp->header_flags = 0; /* Do like w2k3 */
641 r->out.resp->nb_referrals = 1;
643 referrals = talloc_zero_array(r->out.resp,
644 struct dfs_referral_type,
645 r->out.resp->nb_referrals);
646 if (referrals == NULL) {
647 return NT_STATUS_NO_MEMORY;
649 r->out.resp->referral_entries = referrals;
651 if (r->in.req.servername[0] == '\\') {
652 referral_str = talloc_asprintf(referrals, "%s",
653 domain_name);
654 } else {
655 referral_str = talloc_asprintf(referrals, "\\%s",
656 domain_name);
658 if (referral_str == NULL) {
659 return NT_STATUS_NO_MEMORY;
662 status = fill_domain_dfs_referraltype(referrals,
663 &referrals[0], 3,
664 referral_str,
665 dc_list, num_dcs);
666 if (!NT_STATUS_IS_OK(status)) {
667 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
668 __location__, nt_errstr(status)));
669 return status;
672 return NT_STATUS_OK;
676 * Handle the logic for dfs referral request like
677 * \\domain\sysvol or \\domain\netlogon
679 static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
680 struct ldb_context *sam_ctx,
681 const struct tsocket_address *client,
682 struct dfs_GetDFSReferral *r,
683 const char *domain_name,
684 const char *dfs_name)
686 const char *site_name = NULL; /* Name of the site where the client is */
687 bool need_fqdn = false;
688 unsigned int i, c = 0, nb_entries = 0;
689 struct dc_set **set;
690 char *client_str = NULL;
691 NTSTATUS status;
692 struct dfs_referral_type *referrals;
694 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
695 return NT_STATUS_INVALID_PARAMETER;
698 if (r->in.req.max_referral_level < 3) {
699 DEBUG(2,("invalid max_referral_level %u\n",
700 r->in.req.max_referral_level));
701 return NT_STATUS_UNSUCCESSFUL;
704 DEBUG(10, ("in this we have request for %s and share %s requested is %s\n",
705 domain_name, dfs_name, r->in.req.servername));
707 if (strchr(domain_name,'.')) {
708 need_fqdn = 1;
711 if (tsocket_address_is_inet(client, "ip")) {
712 client_str = tsocket_address_inet_addr_string(client, r);
713 if (client_str == NULL) {
714 return NT_STATUS_NO_MEMORY;
718 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true);
720 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
721 if (!NT_STATUS_IS_OK(status)) {
722 DEBUG(3,("Unable to get list of DCs - %s\n",
723 nt_errstr(status)));
724 return status;
727 for(i=0; set[i]; i++) {
728 nb_entries = nb_entries + set[i]->count;
731 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
732 if (r->out.resp == NULL) {
733 return NT_STATUS_NO_MEMORY;
736 /* The length is expected in bytes */
737 r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2;
738 /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/
739 r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR;
740 r->out.resp->nb_referrals = nb_entries;
742 referrals = talloc_zero_array(r->out.resp,
743 struct dfs_referral_type,
744 r->out.resp->nb_referrals);
745 if (referrals == NULL) {
746 return NT_STATUS_NO_MEMORY;
748 r->out.resp->referral_entries = referrals;
750 c = 0;
751 for(i=0; set[i]; i++) {
752 uint32_t j;
754 for(j=0; j< set[i]->count; j++) {
755 struct dfs_referral_type *ref = &referrals[c];
756 const char *referral_str;
758 referral_str = talloc_asprintf(referrals, "\\%s\\%s",
759 set[i]->names[j], dfs_name);
760 if (referral_str == NULL) {
761 return NT_STATUS_NO_MEMORY;
764 DEBUG(8,("Doing a dfs referral for %s with this value "
765 "%s requested %s\n",
766 set[i]->names[j], referral_str,
767 r->in.req.servername));
769 status = fill_normal_dfs_referraltype(referrals, ref,
770 r->in.req.max_referral_level,
771 r->in.req.servername,
772 referral_str, c==0);
775 if (!NT_STATUS_IS_OK(status)) {
776 DEBUG(2,("%s: Unable to fill domain referral "
777 "structure - %s\n",
778 __location__, nt_errstr(status)));
779 return status;
782 c++;
786 return NT_STATUS_OK;
790 trans2 getdfsreferral implementation
792 NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx,
793 struct ldb_context *sam_ctx,
794 const struct tsocket_address *client,
795 struct dfs_GetDFSReferral *r)
797 char *server_name = NULL;
798 char *dfs_name = NULL;
799 char *link_path = NULL;
800 const char *netbios_domain;
801 const char *dns_domain;
802 const char *netbios_name;
803 const char *dns_name;
804 const char **netbios_aliases;
805 char path_separator;
807 if (!lpcfg_host_msdfs(lp_ctx)) {
808 return NT_STATUS_FS_DRIVER_REQUIRED;
811 if (r->in.req.servername == NULL) {
812 return NT_STATUS_INVALID_PARAMETER;
815 DEBUG(8, ("Requested DFS name: %s length: %u\n",
816 r->in.req.servername,
817 (unsigned int)strlen_m(r->in.req.servername)*2));
820 * If the servername is "" then we are in a case of domain dfs
821 * and the client just searches for the list of local domain
822 * it is attached and also trusted ones.
824 if (strlen(r->in.req.servername) == 0) {
825 return dodomain_referral(lp_ctx, sam_ctx, client, r);
828 server_name = talloc_strdup(r, r->in.req.servername);
829 if (server_name == NULL) {
830 return NT_STATUS_NO_MEMORY;
833 path_separator = (*server_name == '/') ? '/' : '\\';
835 while(*server_name && *server_name == path_separator) {
836 server_name++;
839 dfs_name = strchr_m(server_name, path_separator);
840 if (dfs_name != NULL) {
841 dfs_name[0] = '\0';
842 dfs_name++;
844 link_path = strchr_m(dfs_name, path_separator);
845 if (link_path != NULL) {
846 link_path[0] = '\0';
847 link_path++;
851 if (link_path != NULL) {
853 * If it is a DFS Link we do not
854 * handle it here.
856 return NT_STATUS_NOT_FOUND;
859 netbios_domain = lpcfg_workgroup(lp_ctx);
860 dns_domain = lpcfg_dnsdomain(lp_ctx);
861 netbios_name = lpcfg_netbios_name(lp_ctx);
862 dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain);
863 if (dns_name == NULL) {
864 return NT_STATUS_NO_MEMORY;
867 if ((strcasecmp_m(server_name, netbios_name) == 0) ||
868 (strcasecmp_m(server_name, dns_name) == 0)) {
870 * If it is not domain related do not
871 * handle it here.
873 return NT_STATUS_NOT_FOUND;
876 if (is_ipaddress(server_name)) {
878 * If it is not domain related do not
879 * handle it here.
881 return NT_STATUS_NOT_FOUND;
884 netbios_aliases = lpcfg_netbios_aliases(lp_ctx);
885 while (netbios_aliases && *netbios_aliases) {
886 const char *netbios_alias = *netbios_aliases;
887 char *dns_alias;
888 int cmp;
890 cmp = strcasecmp_m(server_name, netbios_alias);
891 if (cmp == 0) {
893 * If it is not domain related do not
894 * handle it here.
896 return NT_STATUS_NOT_FOUND;
899 dns_alias = talloc_asprintf(r, "%s.%s",
900 netbios_alias,
901 dns_domain);
902 if (dns_alias == NULL) {
903 return NT_STATUS_NO_MEMORY;
906 cmp = strcasecmp_m(server_name, dns_alias);
907 talloc_free(dns_alias);
908 if (cmp == 0) {
910 * If it is not domain related do not
911 * handle it here.
913 return NT_STATUS_NOT_FOUND;
915 netbios_aliases++;
918 if ((strcasecmp_m(server_name, netbios_domain) != 0) &&
919 (strcasecmp_m(server_name, dns_domain) != 0)) {
921 * Not a domain we handle.
923 return NT_STATUS_INVALID_PARAMETER;
927 * Here we have filtered the thing the requested name don't contain our DNS name.
928 * So if the share == NULL or if share in ("sysvol", "netlogon")
929 * then we proceed. In the first case it will be a dc refereal in the second it will
930 * be just a sysvol/netlogon referral.
932 if (dfs_name == NULL) {
933 return dodc_referral(lp_ctx, sam_ctx,
934 client, r, server_name);
938 * Here we have filtered the thing the requested name don't contain our DNS name.
939 * So if the share == NULL or if share in ("sysvol", "netlogon")
940 * then we proceed. In the first case it will be a dc refereal in the second it will
941 * be just a sysvol/netlogon referral.
943 if (strcasecmp(dfs_name, "sysvol") == 0 ||
944 strcasecmp(dfs_name, "netlogon") == 0) {
945 return dosysvol_referral(lp_ctx, sam_ctx, client, r,
946 server_name, dfs_name);
949 /* By default until all the case are handled */
950 return NT_STATUS_NOT_FOUND;