Fix for CVE-2009-2906.
[Samba.git] / source3 / libsmb / clidfs.c
blob5e944f1aaad29d6a3a98ff0780cc54275b5b7fa7
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "includes.h"
24 /********************************************************************
25 Important point.
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
35 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
36 struct cli_state *cli,
37 const char *sharename,
38 char **pp_newserver,
39 char **pp_newshare,
40 bool force_encrypt,
41 const char *username,
42 const char *password,
43 const char *domain);
45 /********************************************************************
46 Ensure a connection is encrypted.
47 ********************************************************************/
49 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
50 const char *username,
51 const char *password,
52 const char *domain,
53 const char *sharename)
55 NTSTATUS status = cli_force_encryption(c,
56 username,
57 password,
58 domain);
60 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
61 d_printf("Encryption required and "
62 "server that doesn't support "
63 "UNIX extensions - failing connect\n");
64 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
65 d_printf("Encryption required and "
66 "can't get UNIX CIFS extensions "
67 "version from server.\n");
68 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
69 d_printf("Encryption required and "
70 "share %s doesn't support "
71 "encryption.\n", sharename);
72 } else if (!NT_STATUS_IS_OK(status)) {
73 d_printf("Encryption required and "
74 "setup failed with error %s.\n",
75 nt_errstr(status));
78 return status;
81 /********************************************************************
82 Return a connection to a server.
83 ********************************************************************/
85 static struct cli_state *do_connect(TALLOC_CTX *ctx,
86 const char *server,
87 const char *share,
88 const struct user_auth_info *auth_info,
89 bool show_sessetup,
90 bool force_encrypt,
91 int max_protocol,
92 int port,
93 int name_type)
95 struct cli_state *c = NULL;
96 struct nmb_name called, calling;
97 const char *called_str;
98 const char *server_n;
99 struct sockaddr_storage ss;
100 char *servicename;
101 char *sharename;
102 char *newserver, *newshare;
103 const char *username;
104 const char *password;
105 NTSTATUS status;
107 /* make a copy so we don't modify the global string 'service' */
108 servicename = talloc_strdup(ctx,share);
109 if (!servicename) {
110 return NULL;
112 sharename = servicename;
113 if (*sharename == '\\') {
114 sharename += 2;
115 called_str = sharename;
116 if (server == NULL) {
117 server = sharename;
119 sharename = strchr_m(sharename,'\\');
120 if (!sharename) {
121 return NULL;
123 *sharename = 0;
124 sharename++;
125 } else {
126 called_str = server;
129 server_n = server;
131 zero_sockaddr(&ss);
133 make_nmb_name(&calling, global_myname(), 0x0);
134 make_nmb_name(&called , called_str, name_type);
136 again:
137 zero_sockaddr(&ss);
139 /* have to open a new connection */
140 if (!(c=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)))) {
141 d_printf("Connection to %s failed\n", server_n);
142 if (c) {
143 cli_shutdown(c);
145 return NULL;
147 if (port) {
148 cli_set_port(c, port);
151 status = cli_connect(c, server_n, &ss);
152 if (!NT_STATUS_IS_OK(status)) {
153 d_printf("Connection to %s failed (Error %s)\n",
154 server_n,
155 nt_errstr(status));
156 cli_shutdown(c);
157 return NULL;
160 if (max_protocol == 0) {
161 max_protocol = PROTOCOL_NT1;
163 c->protocol = max_protocol;
164 c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
165 c->fallback_after_kerberos =
166 get_cmdline_auth_info_fallback_after_kerberos(auth_info);
168 if (!cli_session_request(c, &calling, &called)) {
169 char *p;
170 d_printf("session request to %s failed (%s)\n",
171 called.name, cli_errstr(c));
172 cli_shutdown(c);
173 c = NULL;
174 if ((p=strchr_m(called.name, '.'))) {
175 *p = 0;
176 goto again;
178 if (strcmp(called.name, "*SMBSERVER")) {
179 make_nmb_name(&called , "*SMBSERVER", 0x20);
180 goto again;
182 return NULL;
185 DEBUG(4,(" session request ok\n"));
187 status = cli_negprot(c);
189 if (!NT_STATUS_IS_OK(status)) {
190 d_printf("protocol negotiation failed: %s\n",
191 nt_errstr(status));
192 cli_shutdown(c);
193 return NULL;
196 username = get_cmdline_auth_info_username(auth_info);
197 password = get_cmdline_auth_info_password(auth_info);
199 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
200 password, strlen(password),
201 password, strlen(password),
202 lp_workgroup()))) {
203 /* If a password was not supplied then
204 * try again with a null username. */
205 if (password[0] || !username[0] ||
206 get_cmdline_auth_info_use_kerberos(auth_info) ||
207 !NT_STATUS_IS_OK(cli_session_setup(c, "",
208 "", 0,
209 "", 0,
210 lp_workgroup()))) {
211 d_printf("session setup failed: %s\n", cli_errstr(c));
212 if (NT_STATUS_V(cli_nt_error(c)) ==
213 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
214 d_printf("did you forget to run kinit?\n");
215 cli_shutdown(c);
216 return NULL;
218 d_printf("Anonymous login successful\n");
221 if ( show_sessetup ) {
222 if (*c->server_domain) {
223 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
224 c->server_domain,c->server_os,c->server_type));
225 } else if (*c->server_os || *c->server_type) {
226 DEBUG(0,("OS=[%s] Server=[%s]\n",
227 c->server_os,c->server_type));
230 DEBUG(4,(" session setup ok\n"));
232 /* here's the fun part....to support 'msdfs proxy' shares
233 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
234 here before trying to connect to the original share.
235 check_dfs_proxy() will fail if it is a normal share. */
237 if ((c->capabilities & CAP_DFS) &&
238 cli_check_msdfs_proxy(ctx, c, sharename,
239 &newserver, &newshare,
240 force_encrypt,
241 username,
242 password,
243 lp_workgroup())) {
244 cli_shutdown(c);
245 return do_connect(ctx, newserver,
246 newshare, auth_info, false,
247 force_encrypt, max_protocol,
248 port, name_type);
251 /* must be a normal share */
253 status = cli_tcon_andx(c, sharename, "?????",
254 password, strlen(password)+1);
255 if (!NT_STATUS_IS_OK(status)) {
256 d_printf("tree connect failed: %s\n", nt_errstr(status));
257 cli_shutdown(c);
258 return NULL;
261 if (force_encrypt) {
262 status = cli_cm_force_encryption(c,
263 username,
264 password,
265 lp_workgroup(),
266 sharename);
267 if (!NT_STATUS_IS_OK(status)) {
268 cli_shutdown(c);
269 return NULL;
273 DEBUG(4,(" tconx ok\n"));
274 return c;
277 /****************************************************************************
278 ****************************************************************************/
280 static void cli_set_mntpoint(struct cli_state *cli, const char *mnt)
282 char *name = clean_name(NULL, mnt);
283 if (!name) {
284 return;
286 TALLOC_FREE(cli->dfs_mountpoint);
287 cli->dfs_mountpoint = talloc_strdup(cli, name);
288 TALLOC_FREE(name);
291 /********************************************************************
292 Add a new connection to the list.
293 referring_cli == NULL means a new initial connection.
294 ********************************************************************/
296 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
297 struct cli_state *referring_cli,
298 const char *server,
299 const char *share,
300 const struct user_auth_info *auth_info,
301 bool show_hdr,
302 bool force_encrypt,
303 int max_protocol,
304 int port,
305 int name_type)
307 struct cli_state *cli;
309 cli = do_connect(ctx, server, share,
310 auth_info,
311 show_hdr, force_encrypt, max_protocol,
312 port, name_type);
314 if (!cli ) {
315 return NULL;
318 /* Enter into the list. */
319 if (referring_cli) {
320 DLIST_ADD_END(referring_cli, cli, struct cli_state *);
323 if (referring_cli && referring_cli->posix_capabilities) {
324 uint16 major, minor;
325 uint32 caplow, caphigh;
326 if (cli_unix_extensions_version(cli, &major,
327 &minor, &caplow, &caphigh)) {
328 cli_set_unix_extensions_capabilities(cli,
329 major, minor,
330 caplow, caphigh);
334 return cli;
337 /********************************************************************
338 Return a connection to a server on a particular share.
339 ********************************************************************/
341 static struct cli_state *cli_cm_find(struct cli_state *cli,
342 const char *server,
343 const char *share)
345 struct cli_state *p;
347 if (cli == NULL) {
348 return NULL;
351 /* Search to the start of the list. */
352 for (p = cli; p; p = p->prev) {
353 if (strequal(server, p->desthost) &&
354 strequal(share,p->share)) {
355 return p;
359 /* Search to the end of the list. */
360 for (p = cli->next; p; p = p->next) {
361 if (strequal(server, p->desthost) &&
362 strequal(share,p->share)) {
363 return p;
367 return NULL;
370 /****************************************************************************
371 Open a client connection to a \\server\share.
372 ****************************************************************************/
374 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
375 struct cli_state *referring_cli,
376 const char *server,
377 const char *share,
378 const struct user_auth_info *auth_info,
379 bool show_hdr,
380 bool force_encrypt,
381 int max_protocol,
382 int port,
383 int name_type)
385 /* Try to reuse an existing connection in this list. */
386 struct cli_state *c = cli_cm_find(referring_cli, server, share);
388 if (c) {
389 return c;
392 if (auth_info == NULL) {
393 /* Can't do a new connection
394 * without auth info. */
395 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
396 "without auth info\n",
397 server, share );
398 return NULL;
401 return cli_cm_connect(ctx,
402 referring_cli,
403 server,
404 share,
405 auth_info,
406 show_hdr,
407 force_encrypt,
408 max_protocol,
409 port,
410 name_type);
413 /****************************************************************************
414 ****************************************************************************/
416 void cli_cm_display(const struct cli_state *cli)
418 int i;
420 for (i=0; cli; cli = cli->next,i++ ) {
421 d_printf("%d:\tserver=%s, share=%s\n",
422 i, cli->desthost, cli->share );
426 /****************************************************************************
427 ****************************************************************************/
429 /****************************************************************************
430 ****************************************************************************/
432 #if 0
433 void cli_cm_set_credentials(struct user_auth_info *auth_info)
435 SAFE_FREE(cm_creds.username);
436 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
437 auth_info));
439 if (get_cmdline_auth_info_got_pass(auth_info)) {
440 cm_set_password(get_cmdline_auth_info_password(auth_info));
443 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
444 cm_creds.fallback_after_kerberos = false;
445 cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
447 #endif
449 /**********************************************************************
450 split a dfs path into the server, share name, and extrapath components
451 **********************************************************************/
453 static void split_dfs_path(TALLOC_CTX *ctx,
454 const char *nodepath,
455 char **pp_server,
456 char **pp_share,
457 char **pp_extrapath)
459 char *p, *q;
460 char *path;
462 *pp_server = NULL;
463 *pp_share = NULL;
464 *pp_extrapath = NULL;
466 path = talloc_strdup(ctx, nodepath);
467 if (!path) {
468 return;
471 if ( path[0] != '\\' ) {
472 return;
475 p = strchr_m( path + 1, '\\' );
476 if ( !p ) {
477 return;
480 *p = '\0';
481 p++;
483 /* Look for any extra/deep path */
484 q = strchr_m(p, '\\');
485 if (q != NULL) {
486 *q = '\0';
487 q++;
488 *pp_extrapath = talloc_strdup(ctx, q);
489 } else {
490 *pp_extrapath = talloc_strdup(ctx, "");
493 *pp_share = talloc_strdup(ctx, p);
494 *pp_server = talloc_strdup(ctx, &path[1]);
497 /****************************************************************************
498 Return the original path truncated at the directory component before
499 the first wildcard character. Trust the caller to provide a NULL
500 terminated string
501 ****************************************************************************/
503 static char *clean_path(TALLOC_CTX *ctx, const char *path)
505 size_t len;
506 char *p1, *p2, *p;
507 char *path_out;
509 /* No absolute paths. */
510 while (IS_DIRECTORY_SEP(*path)) {
511 path++;
514 path_out = talloc_strdup(ctx, path);
515 if (!path_out) {
516 return NULL;
519 p1 = strchr_m(path_out, '*');
520 p2 = strchr_m(path_out, '?');
522 if (p1 || p2) {
523 if (p1 && p2) {
524 p = MIN(p1,p2);
525 } else if (!p1) {
526 p = p2;
527 } else {
528 p = p1;
530 *p = '\0';
532 /* Now go back to the start of this component. */
533 p1 = strrchr_m(path_out, '/');
534 p2 = strrchr_m(path_out, '\\');
535 p = MAX(p1,p2);
536 if (p) {
537 *p = '\0';
541 /* Strip any trailing separator */
543 len = strlen(path_out);
544 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
545 path_out[len-1] = '\0';
548 return path_out;
551 /****************************************************************************
552 ****************************************************************************/
554 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
555 struct cli_state *cli,
556 const char *dir)
558 char path_sep = '\\';
560 /* Ensure the extrapath doesn't start with a separator. */
561 while (IS_DIRECTORY_SEP(*dir)) {
562 dir++;
565 if (cli->posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
566 path_sep = '/';
568 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
569 path_sep,
570 cli->desthost,
571 path_sep,
572 cli->share,
573 path_sep,
574 dir);
577 /********************************************************************
578 check for dfs referral
579 ********************************************************************/
581 static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
583 uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
585 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
587 if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
588 (flgs2&FLAGS2_UNICODE_STRINGS)))
589 return false;
591 if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
592 return true;
594 return false;
597 /********************************************************************
598 Get the dfs referral link.
599 ********************************************************************/
601 bool cli_dfs_get_referral(TALLOC_CTX *ctx,
602 struct cli_state *cli,
603 const char *path,
604 CLIENT_DFS_REFERRAL**refs,
605 size_t *num_refs,
606 size_t *consumed)
608 unsigned int data_len = 0;
609 unsigned int param_len = 0;
610 uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
611 char *param = NULL;
612 char *rparam=NULL, *rdata=NULL;
613 char *p;
614 char *endp;
615 size_t pathlen = 2*(strlen(path)+1);
616 smb_ucs2_t *path_ucs;
617 char *consumed_path = NULL;
618 uint16_t consumed_ucs;
619 uint16 num_referrals;
620 CLIENT_DFS_REFERRAL *referrals = NULL;
621 bool ret = false;
623 *num_refs = 0;
624 *refs = NULL;
626 param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
627 if (!param) {
628 goto out;
630 SSVAL(param, 0, 0x03); /* max referral level */
631 p = &param[2];
633 path_ucs = (smb_ucs2_t *)p;
634 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
635 param_len = PTR_DIFF(p, param);
637 if (!cli_send_trans(cli, SMBtrans2,
638 NULL, /* name */
639 -1, 0, /* fid, flags */
640 &setup, 1, 0, /* setup, length, max */
641 param, param_len, 2, /* param, length, max */
642 NULL, 0, cli->max_xmit /* data, length, max */
643 )) {
644 goto out;
647 if (!cli_receive_trans(cli, SMBtrans2,
648 &rparam, &param_len,
649 &rdata, &data_len)) {
650 goto out;
653 if (data_len < 4) {
654 goto out;
657 endp = rdata + data_len;
659 consumed_ucs = SVAL(rdata, 0);
660 num_referrals = SVAL(rdata, 2);
662 /* consumed_ucs is the number of bytes
663 * of the UCS2 path consumed not counting any
664 * terminating null. We need to convert
665 * back to unix charset and count again
666 * to get the number of bytes consumed from
667 * the incoming path. */
669 if (pull_string_talloc(talloc_tos(),
670 NULL,
672 &consumed_path,
673 path_ucs,
674 consumed_ucs,
675 STR_UNICODE) == 0) {
676 goto out;
678 if (consumed_path == NULL) {
679 goto out;
681 *consumed = strlen(consumed_path);
683 if (num_referrals != 0) {
684 uint16 ref_version;
685 uint16 ref_size;
686 int i;
687 uint16 node_offset;
689 referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
690 num_referrals);
692 if (!referrals) {
693 goto out;
695 /* start at the referrals array */
697 p = rdata+8;
698 for (i=0; i<num_referrals && p < endp; i++) {
699 if (p + 18 > endp) {
700 goto out;
702 ref_version = SVAL(p, 0);
703 ref_size = SVAL(p, 2);
704 node_offset = SVAL(p, 16);
706 if (ref_version != 3) {
707 p += ref_size;
708 continue;
711 referrals[i].proximity = SVAL(p, 8);
712 referrals[i].ttl = SVAL(p, 10);
714 if (p + node_offset > endp) {
715 goto out;
717 clistr_pull_talloc(ctx, cli->inbuf,
718 &referrals[i].dfspath,
719 p+node_offset, -1,
720 STR_TERMINATE|STR_UNICODE);
722 if (!referrals[i].dfspath) {
723 goto out;
725 p += ref_size;
727 if (i < num_referrals) {
728 goto out;
732 ret = true;
734 *num_refs = num_referrals;
735 *refs = referrals;
737 out:
739 TALLOC_FREE(consumed_path);
740 SAFE_FREE(param);
741 SAFE_FREE(rdata);
742 SAFE_FREE(rparam);
743 return ret;
746 /********************************************************************
747 ********************************************************************/
749 bool cli_resolve_path(TALLOC_CTX *ctx,
750 const char *mountpt,
751 const struct user_auth_info *dfs_auth_info,
752 struct cli_state *rootcli,
753 const char *path,
754 struct cli_state **targetcli,
755 char **pp_targetpath)
757 CLIENT_DFS_REFERRAL *refs = NULL;
758 size_t num_refs = 0;
759 size_t consumed = 0;
760 struct cli_state *cli_ipc = NULL;
761 char *dfs_path = NULL;
762 char *cleanpath = NULL;
763 char *extrapath = NULL;
764 int pathlen;
765 char *server = NULL;
766 char *share = NULL;
767 struct cli_state *newcli = NULL;
768 char *newpath = NULL;
769 char *newmount = NULL;
770 char *ppath = NULL;
771 SMB_STRUCT_STAT sbuf;
772 uint32 attributes;
774 if ( !rootcli || !path || !targetcli ) {
775 return false;
778 /* Don't do anything if this is not a DFS root. */
780 if ( !rootcli->dfsroot) {
781 *targetcli = rootcli;
782 *pp_targetpath = talloc_strdup(ctx, path);
783 if (!*pp_targetpath) {
784 return false;
786 return true;
789 *targetcli = NULL;
791 /* Send a trans2_query_path_info to check for a referral. */
793 cleanpath = clean_path(ctx, path);
794 if (!cleanpath) {
795 return false;
798 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
799 if (!dfs_path) {
800 return false;
803 if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
804 /* This is an ordinary path, just return it. */
805 *targetcli = rootcli;
806 *pp_targetpath = talloc_strdup(ctx, path);
807 if (!*pp_targetpath) {
808 return false;
810 goto done;
813 /* Special case where client asked for a path that does not exist */
815 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
816 *targetcli = rootcli;
817 *pp_targetpath = talloc_strdup(ctx, path);
818 if (!*pp_targetpath) {
819 return false;
821 goto done;
824 /* We got an error, check for DFS referral. */
826 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
827 return false;
830 /* Check for the referral. */
832 if (!(cli_ipc = cli_cm_open(ctx,
833 rootcli,
834 rootcli->desthost,
835 "IPC$",
836 dfs_auth_info,
837 false,
838 (rootcli->trans_enc_state != NULL),
839 rootcli->protocol,
841 0x20))) {
842 return false;
845 if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
846 &num_refs, &consumed) || !num_refs) {
847 return false;
850 /* Just store the first referral for now. */
852 if (!refs[0].dfspath) {
853 return false;
855 split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
857 if (!server || !share) {
858 return false;
861 /* Make sure to recreate the original string including any wildcards. */
863 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
864 if (!dfs_path) {
865 return false;
867 pathlen = strlen(dfs_path);
868 consumed = MIN(pathlen, consumed);
869 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
870 if (!*pp_targetpath) {
871 return false;
873 dfs_path[consumed] = '\0';
876 * *pp_targetpath is now the unconsumed part of the path.
877 * dfs_path is now the consumed part of the path
878 * (in \server\share\path format).
881 /* Open the connection to the target server & share */
882 if ((*targetcli = cli_cm_open(ctx, rootcli,
883 server,
884 share,
885 dfs_auth_info,
886 false,
887 (rootcli->trans_enc_state != NULL),
888 rootcli->protocol,
890 0x20)) == NULL) {
891 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
892 server, share );
893 return false;
896 if (extrapath && strlen(extrapath) > 0) {
897 *pp_targetpath = talloc_asprintf(ctx,
898 "%s%s",
899 extrapath,
900 *pp_targetpath);
901 if (!*pp_targetpath) {
902 return false;
906 /* parse out the consumed mount path */
907 /* trim off the \server\share\ */
909 ppath = dfs_path;
911 if (*ppath != '\\') {
912 d_printf("cli_resolve_path: "
913 "dfs_path (%s) not in correct format.\n",
914 dfs_path );
915 return false;
918 ppath++; /* Now pointing at start of server name. */
920 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
921 return false;
924 ppath++; /* Now pointing at start of share name. */
926 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
927 return false;
930 ppath++; /* Now pointing at path component. */
932 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
933 if (!newmount) {
934 return false;
937 cli_set_mntpoint(*targetcli, newmount);
939 /* Check for another dfs referral, note that we are not
940 checking for loops here. */
942 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
943 if (cli_resolve_path(ctx,
944 newmount,
945 dfs_auth_info,
946 *targetcli,
947 *pp_targetpath,
948 &newcli,
949 &newpath)) {
951 * When cli_resolve_path returns true here it's always
952 * returning the complete path in newpath, so we're done
953 * here.
955 *targetcli = newcli;
956 *pp_targetpath = newpath;
957 return true;
961 done:
963 /* If returning true ensure we return a dfs root full path. */
964 if ((*targetcli)->dfsroot) {
965 dfs_path = talloc_strdup(ctx, *pp_targetpath);
966 if (!dfs_path) {
967 return false;
969 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
972 return true;
975 /********************************************************************
976 ********************************************************************/
978 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
979 struct cli_state *cli,
980 const char *sharename,
981 char **pp_newserver,
982 char **pp_newshare,
983 bool force_encrypt,
984 const char *username,
985 const char *password,
986 const char *domain)
988 CLIENT_DFS_REFERRAL *refs = NULL;
989 size_t num_refs = 0;
990 size_t consumed = 0;
991 char *fullpath = NULL;
992 bool res;
993 uint16 cnum;
994 char *newextrapath = NULL;
996 if (!cli || !sharename) {
997 return false;
1000 cnum = cli->cnum;
1002 /* special case. never check for a referral on the IPC$ share */
1004 if (strequal(sharename, "IPC$")) {
1005 return false;
1008 /* send a trans2_query_path_info to check for a referral */
1010 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1011 if (!fullpath) {
1012 return false;
1015 /* check for the referral */
1017 if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
1018 return false;
1021 if (force_encrypt) {
1022 NTSTATUS status = cli_cm_force_encryption(cli,
1023 username,
1024 password,
1025 lp_workgroup(),
1026 "IPC$");
1027 if (!NT_STATUS_IS_OK(status)) {
1028 return false;
1032 res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1034 if (!cli_tdis(cli)) {
1035 return false;
1038 cli->cnum = cnum;
1040 if (!res || !num_refs) {
1041 return false;
1044 if (!refs[0].dfspath) {
1045 return false;
1048 split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1049 pp_newshare, &newextrapath );
1051 if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
1052 return false;
1055 /* check that this is not a self-referral */
1057 if (strequal(cli->desthost, *pp_newserver) &&
1058 strequal(sharename, *pp_newshare)) {
1059 return false;
1062 return true;