search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: Remove message_to_share_mode_entry and vice versa
[Samba.git] / source3 / libsmb / clidfs.c
blobde8ac4dc1ea8f7343264b15328488d5e45d3a033
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "libsmb/libsmb.h"
24 #include "libsmb/clirap.h"
25 #include "msdfs.h"
26 #include "trans2.h"
27 #include "libsmb/nmblib.h"
28 #include "../libcli/smb/smbXcli_base.h"
29 #include "auth/credentials/credentials.h"
30 #include "lib/param/param.h"
31 #include "libcli/smb/smb2_negotiate_context.h"
32
33 /********************************************************************
34 Important point.
35
36 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
37 are not C escaped here).
38
39 - but if we're using POSIX paths then <pathname> may contain
40 '/' separators, not '\\' separators. So cope with '\\' or '/'
41 as a separator when looking at the pathname part.... JRA.
42 ********************************************************************/
43
44 /********************************************************************
45 Ensure a connection is encrypted.
46 ********************************************************************/
47
48 static NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
49 struct cli_credentials *creds,
50 const char *sharename)
51 {
52 uint16_t major, minor;
53 uint32_t caplow, caphigh;
54 NTSTATUS status;
55 bool temp_ipc = false;
56
57 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
58 status = smb2cli_session_encryption_on(c->smb2.session);
59 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
60 d_printf("Encryption required and "
61 "server doesn't support "
62 "SMB3 encryption - failing connect\n");
63 } else if (!NT_STATUS_IS_OK(status)) {
64 d_printf("Encryption required and "
65 "setup failed with error %s.\n",
66 nt_errstr(status));
67 }
68 return status;
69 }
70
71 if (!SERVER_HAS_UNIX_CIFS(c)) {
72 d_printf("Encryption required and "
73 "server that doesn't support "
74 "UNIX extensions - failing connect\n");
75 return NT_STATUS_NOT_SUPPORTED;
76 }
77
78 if (c->smb1.tcon == NULL) {
79 status = cli_tree_connect_creds(c, "IPC$", "IPC", creds);
80 if (!NT_STATUS_IS_OK(status)) {
81 d_printf("Encryption required and "
82 "can't connect to IPC$ to check "
83 "UNIX CIFS extensions.\n");
84 return NT_STATUS_UNKNOWN_REVISION;
85 }
86 temp_ipc = true;
87 }
88
89 status = cli_unix_extensions_version(c, &major, &minor, &caplow,
90 &caphigh);
91 if (!NT_STATUS_IS_OK(status)) {
92 d_printf("Encryption required and "
93 "can't get UNIX CIFS extensions "
94 "version from server.\n");
95 if (temp_ipc) {
96 cli_tdis(c);
97 }
98 return NT_STATUS_UNKNOWN_REVISION;
99 }
100
101 if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
102 d_printf("Encryption required and "
103 "share %s doesn't support "
104 "encryption.\n", sharename);
105 if (temp_ipc) {
106 cli_tdis(c);
107 }
108 return NT_STATUS_UNSUPPORTED_COMPRESSION;
109 }
110
111 status = cli_smb1_setup_encryption(c, creds);
112 if (!NT_STATUS_IS_OK(status)) {
113 d_printf("Encryption required and "
114 "setup failed with error %s.\n",
115 nt_errstr(status));
116 if (temp_ipc) {
117 cli_tdis(c);
118 }
119 return status;
120 }
121
122 if (temp_ipc) {
123 cli_tdis(c);
124 }
125 return NT_STATUS_OK;
126 }
127
128 /********************************************************************
129 Return a connection to a server.
130 ********************************************************************/
131
132 static NTSTATUS do_connect(TALLOC_CTX *ctx,
133 const char *server,
134 const char *share,
135 struct cli_credentials *creds,
136 const struct sockaddr_storage *dest_ss,
137 int port,
138 int name_type,
139 struct cli_state **pcli)
140 {
141 struct cli_state *c = NULL;
142 char *servicename;
143 char *sharename;
144 char *newserver, *newshare;
145 NTSTATUS status;
146 int flags = 0;
147 enum protocol_types protocol = PROTOCOL_NONE;
148 enum smb_signing_setting signing_state =
149 cli_credentials_get_smb_signing(creds);
150 enum smb_encryption_setting encryption_state =
151 cli_credentials_get_smb_encryption(creds);
152 struct smb2_negotiate_contexts *in_contexts = NULL;
153 struct smb2_negotiate_contexts *out_contexts = NULL;
154
155 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
156 signing_state = SMB_SIGNING_REQUIRED;
157 }
158
159 /* make a copy so we don't modify the global string 'service' */
160 servicename = talloc_strdup(ctx,share);
161 if (!servicename) {
162 return NT_STATUS_NO_MEMORY;
163 }
164 sharename = servicename;
165 if (*sharename == '\\') {
166 sharename += 2;
167 if (server == NULL) {
168 server = sharename;
169 }
170 sharename = strchr_m(sharename,'\\');
171 if (!sharename) {
172 return NT_STATUS_NO_MEMORY;
173 }
174 *sharename = 0;
175 sharename++;
176 }
177 if (server == NULL) {
178 return NT_STATUS_INVALID_PARAMETER;
179 }
180
181 /*
182 * The functions cli_resolve_path() and cli_cm_open() might not create a
183 * new cli context, but might return an already existing one. This
184 * forces us to have a long lived cli allocated on the NULL context.
185 */
186 status = cli_connect_nb(NULL,
187 server,
188 dest_ss,
189 port,
190 name_type,
191 NULL,
192 signing_state,
193 flags,
194 &c);
195
196 if (!NT_STATUS_IS_OK(status)) {
197 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
198 DBG_ERR("NetBIOS support disabled, unable to connect\n");
199 }
200
201 DBG_WARNING("Connection to %s failed (Error %s)\n",
202 server,
203 nt_errstr(status));
204 return status;
205 }
206
207 DEBUG(4,(" session request ok\n"));
208
209 in_contexts = talloc_zero(ctx, struct smb2_negotiate_contexts);
210 if (in_contexts == NULL) {
211 return NT_STATUS_NO_MEMORY;
212 }
213
214 status = smb2_negotiate_context_add(
215 in_contexts,
216 in_contexts,
217 SMB2_POSIX_EXTENSIONS_AVAILABLE,
218 (const uint8_t *)SMB2_CREATE_TAG_POSIX,
219 strlen(SMB2_CREATE_TAG_POSIX));
220 if (!NT_STATUS_IS_OK(status)) {
221 return status;
222 }
223
224 status = smbXcli_negprot(c->conn,
225 c->timeout,
226 lp_client_min_protocol(),
227 lp_client_max_protocol(),
228 in_contexts,
229 ctx,
230 &out_contexts);
231 TALLOC_FREE(in_contexts);
232
233 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
234 d_printf("Protocol negotiation (with timeout %d ms) timed out against server %s\n",
235 c->timeout,
236 smbXcli_conn_remote_name(c->conn));
237 cli_shutdown(c);
238 return status;
239 } else if (!NT_STATUS_IS_OK(status)) {
240 d_printf("Protocol negotiation to server %s (for a protocol between %s and %s) failed: %s\n",
241 smbXcli_conn_remote_name(c->conn),
242 lpcfg_get_smb_protocol(lp_client_min_protocol()),
243 lpcfg_get_smb_protocol(lp_client_max_protocol()),
244 nt_errstr(status));
245 cli_shutdown(c);
246 return status;
247 }
248 protocol = smbXcli_conn_protocol(c->conn);
249 DEBUG(4,(" negotiated dialect[%s] against server[%s]\n",
250 smb_protocol_types_string(protocol),
251 smbXcli_conn_remote_name(c->conn)));
252
253 if (protocol >= PROTOCOL_SMB2_02) {
254 /* Ensure we ask for some initial credits. */
255 smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
256 }
257
258 status = cli_session_setup_creds(c, creds);
259 if (!NT_STATUS_IS_OK(status)) {
260 /* If a password was not supplied then
261 * try again with a null username. */
262 if (encryption_state == SMB_ENCRYPTION_REQUIRED ||
263 smbXcli_conn_signing_mandatory(c->conn) ||
264 cli_credentials_authentication_requested(creds) ||
265 cli_credentials_is_anonymous(creds) ||
266 !NT_STATUS_IS_OK(status = cli_session_setup_anon(c)))
267 {
268 d_printf("session setup failed: %s\n",
269 nt_errstr(status));
270 if (NT_STATUS_EQUAL(status,
271 NT_STATUS_MORE_PROCESSING_REQUIRED))
272 d_printf("did you forget to run kinit?\n");
273 cli_shutdown(c);
274 return status;
275 }
276 d_printf("Anonymous login successful\n");
277 }
278
279 if (!NT_STATUS_IS_OK(status)) {
280 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
281 cli_shutdown(c);
282 return status;
283 }
284
285 DEBUG(4,(" session setup ok\n"));
286
287 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
288 status = cli_cm_force_encryption_creds(c,
289 creds,
290 sharename);
291 if (!NT_STATUS_IS_OK(status)) {
292 switch (encryption_state) {
293 case SMB_ENCRYPTION_DESIRED:
294 break;
295 case SMB_ENCRYPTION_REQUIRED:
296 default:
297 cli_shutdown(c);
298 return status;
299 }
300 }
301 }
302
303 /* here's the fun part....to support 'msdfs proxy' shares
304 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
305 here before trying to connect to the original share.
306 cli_check_msdfs_proxy() will fail if it is a normal share. */
307
308 if (smbXcli_conn_dfs_supported(c->conn) &&
309 cli_check_msdfs_proxy(ctx, c, sharename,
310 &newserver, &newshare,
311 creds)) {
312 cli_shutdown(c);
313 return do_connect(ctx, newserver,
314 newshare, creds,
315 NULL, port, name_type, pcli);
316 }
317
318 /* must be a normal share */
319
320 status = cli_tree_connect_creds(c, sharename, "?????", creds);
321 if (!NT_STATUS_IS_OK(status)) {
322 d_printf("tree connect failed: %s\n", nt_errstr(status));
323 cli_shutdown(c);
324 return status;
325 }
326
327 DEBUG(4,(" tconx ok\n"));
328 *pcli = c;
329 return NT_STATUS_OK;
330 }
331
332 /********************************************************************
333 Add a new connection to the list.
334 referring_cli == NULL means a new initial connection.
335 ********************************************************************/
336
337 static NTSTATUS cli_cm_connect(TALLOC_CTX *ctx,
338 struct cli_state *referring_cli,
339 const char *server,
340 const char *share,
341 struct cli_credentials *creds,
342 const struct sockaddr_storage *dest_ss,
343 int port,
344 int name_type,
345 struct cli_state **pcli)
346 {
347 struct cli_state *cli = NULL;
348 NTSTATUS status;
349
350 status = do_connect(ctx, server, share,
351 creds,
352 dest_ss, port, name_type, &cli);
353
354 if (!NT_STATUS_IS_OK(status)) {
355 return status;
356 }
357
358 /*
359 * This can't happen, this test is to satisfy static
360 * checkers (clang)
361 */
362 if (cli == NULL) {
363 return NT_STATUS_NO_MEMORY;
364 }
365
366 /* Enter into the list. */
367 if (referring_cli) {
368 DLIST_ADD_END(referring_cli, cli);
369 }
370
371 if (referring_cli && referring_cli->requested_posix_capabilities) {
372 uint16_t major, minor;
373 uint32_t caplow, caphigh;
374 status = cli_unix_extensions_version(cli, &major, &minor,
375 &caplow, &caphigh);
376 if (NT_STATUS_IS_OK(status)) {
377 cli_set_unix_extensions_capabilities(cli,
378 major, minor,
379 caplow, caphigh);
380 }
381 }
382
383 *pcli = cli;
384 return NT_STATUS_OK;
385 }
386
387 /********************************************************************
388 Return a connection to a server on a particular share.
389 ********************************************************************/
390
391 static struct cli_state *cli_cm_find(struct cli_state *cli,
392 const char *server,
393 const char *share)
394 {
395 struct cli_state *p;
396
397 if (cli == NULL) {
398 return NULL;
399 }
400
401 /* Search to the start of the list. */
402 for (p = cli; p; p = DLIST_PREV(p)) {
403 const char *remote_name =
404 smbXcli_conn_remote_name(p->conn);
405
406 if (strequal(server, remote_name) &&
407 strequal(share,p->share)) {
408 return p;
409 }
410 }
411
412 /* Search to the end of the list. */
413 for (p = cli->next; p; p = p->next) {
414 const char *remote_name =
415 smbXcli_conn_remote_name(p->conn);
416
417 if (strequal(server, remote_name) &&
418 strequal(share,p->share)) {
419 return p;
420 }
421 }
422
423 return NULL;
424 }
425
426 /****************************************************************************
427 Open a client connection to a \\server\share.
428 ****************************************************************************/
429
430 NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
431 struct cli_state *referring_cli,
432 const char *server,
433 const char *share,
434 struct cli_credentials *creds,
435 const struct sockaddr_storage *dest_ss,
436 int port,
437 int name_type,
438 struct cli_state **pcli)
439 {
440 /* Try to reuse an existing connection in this list. */
441 struct cli_state *c = cli_cm_find(referring_cli, server, share);
442 NTSTATUS status;
443
444 if (c) {
445 *pcli = c;
446 return NT_STATUS_OK;
447 }
448
449 if (creds == NULL) {
450 /* Can't do a new connection
451 * without auth info. */
452 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
453 "without client credentials\n",
454 server, share );
455 return NT_STATUS_INVALID_PARAMETER;
456 }
457
458 status = cli_cm_connect(ctx,
459 referring_cli,
460 server,
461 share,
462 creds,
463 dest_ss,
464 port,
465 name_type,
466 &c);
467 if (!NT_STATUS_IS_OK(status)) {
468 return status;
469 }
470 *pcli = c;
471 return NT_STATUS_OK;
472 }
473
474 /****************************************************************************
475 ****************************************************************************/
476
477 void cli_cm_display(struct cli_state *cli)
478 {
479 int i;
480
481 for (i=0; cli; cli = cli->next,i++ ) {
482 d_printf("%d:\tserver=%s, share=%s\n",
483 i, smbXcli_conn_remote_name(cli->conn), cli->share);
484 }
485 }
486
487 /**********************************************************************
488 split a dfs path into the server, share name, and extrapath components
489 **********************************************************************/
490
491 static bool split_dfs_path(TALLOC_CTX *ctx,
492 const char *nodepath,
493 char **pp_server,
494 char **pp_share,
495 char **pp_extrapath)
496 {
497 char *p, *q;
498 char *path;
499
500 *pp_server = NULL;
501 *pp_share = NULL;
502 *pp_extrapath = NULL;
503
504 path = talloc_strdup(ctx, nodepath);
505 if (!path) {
506 goto fail;
507 }
508
509 if ( path[0] != '\\' ) {
510 goto fail;
511 }
512
513 p = strchr_m( path + 1, '\\' );
514 if ( !p ) {
515 goto fail;
516 }
517
518 *p = '\0';
519 p++;
520
521 /* Look for any extra/deep path */
522 q = strchr_m(p, '\\');
523 if (q != NULL) {
524 *q = '\0';
525 q++;
526 *pp_extrapath = talloc_strdup(ctx, q);
527 } else {
528 *pp_extrapath = talloc_strdup(ctx, "");
529 }
530 if (*pp_extrapath == NULL) {
531 goto fail;
532 }
533
534 *pp_share = talloc_strdup(ctx, p);
535 if (*pp_share == NULL) {
536 goto fail;
537 }
538
539 *pp_server = talloc_strdup(ctx, &path[1]);
540 if (*pp_server == NULL) {
541 goto fail;
542 }
543
544 TALLOC_FREE(path);
545 return true;
546
547 fail:
548 TALLOC_FREE(*pp_share);
549 TALLOC_FREE(*pp_extrapath);
550 TALLOC_FREE(path);
551 return false;
552 }
553
554 /****************************************************************************
555 Return the original path truncated at the directory component before
556 the first wildcard character. Trust the caller to provide a NULL
557 terminated string
558 ****************************************************************************/
559
560 static char *clean_path(TALLOC_CTX *ctx, const char *path)
561 {
562 size_t len;
563 char *p1, *p2, *p;
564 char *path_out;
565
566 /* No absolute paths. */
567 while (IS_DIRECTORY_SEP(*path)) {
568 path++;
569 }
570
571 path_out = talloc_strdup(ctx, path);
572 if (!path_out) {
573 return NULL;
574 }
575
576 p1 = strchr_m(path_out, '*');
577 p2 = strchr_m(path_out, '?');
578
579 if (p1 || p2) {
580 if (p1 && p2) {
581 p = MIN(p1,p2);
582 } else if (!p1) {
583 p = p2;
584 } else {
585 p = p1;
586 }
587 *p = '\0';
588
589 /* Now go back to the start of this component. */
590 p1 = strrchr_m(path_out, '/');
591 p2 = strrchr_m(path_out, '\\');
592 p = MAX(p1,p2);
593 if (p) {
594 *p = '\0';
595 }
596 }
597
598 /* Strip any trailing separator */
599
600 len = strlen(path_out);
601 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
602 path_out[len-1] = '\0';
603 }
604
605 return path_out;
606 }
607
608 /****************************************************************************
609 ****************************************************************************/
610
611 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
612 struct cli_state *cli,
613 const char *dir)
614 {
615 char path_sep = '\\';
616
617 /* Ensure the extrapath doesn't start with a separator. */
618 while (IS_DIRECTORY_SEP(*dir)) {
619 dir++;
620 }
621
622 if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
623 path_sep = '/';
624 }
625 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
626 path_sep,
627 smbXcli_conn_remote_name(cli->conn),
628 path_sep,
629 cli->share,
630 path_sep,
631 dir);
632 }
633
634 /********************************************************************
635 Check if a path has already been converted to DFS.
636 ********************************************************************/
637
638 bool cli_dfs_is_already_full_path(struct cli_state *cli, const char *path)
639 {
640 const char *server = smbXcli_conn_remote_name(cli->conn);
641 size_t server_len = strlen(server);
642 bool found_server = false;
643 const char *share = cli->share;
644 size_t share_len = strlen(share);
645 bool found_share = false;
646
647 if (!IS_DIRECTORY_SEP(path[0])) {
648 return false;
649 }
650 path++;
651 found_server = (strncasecmp_m(path, server, server_len) == 0);
652 if (!found_server) {
653 return false;
654 }
655 path += server_len;
656 if (!IS_DIRECTORY_SEP(path[0])) {
657 return false;
658 }
659 path++;
660 found_share = (strncasecmp_m(path, share, share_len) == 0);
661 if (!found_share) {
662 return false;
663 }
664 path += share_len;
665 if (path[0] == '\0') {
666 return true;
667 }
668 if (IS_DIRECTORY_SEP(path[0])) {
669 return true;
670 }
671 return false;
672 }
673
674 /********************************************************************
675 Get the dfs referral link.
676 ********************************************************************/
677
678 NTSTATUS cli_dfs_get_referral_ex(TALLOC_CTX *ctx,
679 struct cli_state *cli,
680 const char *path,
681 uint16_t max_referral_level,
682 struct client_dfs_referral **refs,
683 size_t *num_refs,
684 size_t *consumed)
685 {
686 unsigned int param_len = 0;
687 uint16_t recv_flags2;
688 uint8_t *param = NULL;
689 uint8_t *rdata = NULL;
690 char *p;
691 char *endp;
692 smb_ucs2_t *path_ucs;
693 char *consumed_path = NULL;
694 uint16_t consumed_ucs;
695 uint16_t num_referrals;
696 struct client_dfs_referral *referrals = NULL;
697 NTSTATUS status;
698 TALLOC_CTX *frame = talloc_stackframe();
699
700 *num_refs = 0;
701 *refs = NULL;
702
703 param = talloc_array(talloc_tos(), uint8_t, 2);
704 if (!param) {
705 status = NT_STATUS_NO_MEMORY;
706 goto out;
707 }
708 SSVAL(param, 0, max_referral_level);
709
710 param = trans2_bytes_push_str(param, smbXcli_conn_use_unicode(cli->conn),
711 path, strlen(path)+1,
712 NULL);
713 if (!param) {
714 status = NT_STATUS_NO_MEMORY;
715 goto out;
716 }
717 param_len = talloc_get_size(param);
718 path_ucs = (smb_ucs2_t *)&param[2];
719
720 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
721 DATA_BLOB in_input_buffer;
722 DATA_BLOB in_output_buffer = data_blob_null;
723 DATA_BLOB out_input_buffer = data_blob_null;
724 DATA_BLOB out_output_buffer = data_blob_null;
725
726 in_input_buffer.data = param;
727 in_input_buffer.length = param_len;
728
729 status = smb2cli_ioctl(cli->conn,
730 cli->timeout,
731 cli->smb2.session,
732 cli->smb2.tcon,
733 UINT64_MAX, /* in_fid_persistent */
734 UINT64_MAX, /* in_fid_volatile */
735 FSCTL_DFS_GET_REFERRALS,
736 0, /* in_max_input_length */
737 &in_input_buffer,
738 CLI_BUFFER_SIZE, /* in_max_output_length */
739 &in_output_buffer,
740 SMB2_IOCTL_FLAG_IS_FSCTL,
741 talloc_tos(),
742 &out_input_buffer,
743 &out_output_buffer);
744 if (!NT_STATUS_IS_OK(status)) {
745 goto out;
746 }
747
748 if (out_output_buffer.length < 4) {
749 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
750 goto out;
751 }
752
753 recv_flags2 = FLAGS2_UNICODE_STRINGS;
754 rdata = out_output_buffer.data;
755 endp = (char *)rdata + out_output_buffer.length;
756 } else {
757 unsigned int data_len = 0;
758 uint16_t setup[1];
759
760 SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);
761
762 status = cli_trans(talloc_tos(), cli, SMBtrans2,
763 NULL, 0xffff, 0, 0,
764 setup, 1, 0,
765 param, param_len, 2,
766 NULL, 0, CLI_BUFFER_SIZE,
767 &recv_flags2,
768 NULL, 0, NULL, /* rsetup */
769 NULL, 0, NULL,
770 &rdata, 4, &data_len);
771 if (!NT_STATUS_IS_OK(status)) {
772 goto out;
773 }
774
775 endp = (char *)rdata + data_len;
776 }
777
778 consumed_ucs = SVAL(rdata, 0);
779 num_referrals = SVAL(rdata, 2);
780
781 /* consumed_ucs is the number of bytes
782 * of the UCS2 path consumed not counting any
783 * terminating null. We need to convert
784 * back to unix charset and count again
785 * to get the number of bytes consumed from
786 * the incoming path. */
787
788 errno = 0;
789 if (pull_string_talloc(talloc_tos(),
790 NULL,
791 0,
792 &consumed_path,
793 path_ucs,
794 consumed_ucs,
795 STR_UNICODE) == 0) {
796 if (errno != 0) {
797 status = map_nt_error_from_unix(errno);
798 } else {
799 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
800 }
801 goto out;
802 }
803 if (consumed_path == NULL) {
804 status = map_nt_error_from_unix(errno);
805 goto out;
806 }
807 *consumed = strlen(consumed_path);
808
809 if (num_referrals != 0) {
810 uint16_t ref_version;
811 uint16_t ref_size;
812 int i;
813 uint16_t node_offset;
814
815 referrals = talloc_array(ctx, struct client_dfs_referral,
816 num_referrals);
817
818 if (!referrals) {
819 status = NT_STATUS_NO_MEMORY;
820 goto out;
821 }
822 /* start at the referrals array */
823
824 p = (char *)rdata+8;
825 for (i=0; i<num_referrals && p < endp; i++) {
826 if (p + 18 > endp) {
827 goto out;
828 }
829 ref_version = SVAL(p, 0);
830 ref_size = SVAL(p, 2);
831 node_offset = SVAL(p, 16);
832
833 if (ref_version != 3) {
834 p += ref_size;
835 continue;
836 }
837
838 referrals[i].proximity = SVAL(p, 8);
839 referrals[i].ttl = SVAL(p, 10);
840
841 if (p + node_offset > endp) {
842 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
843 goto out;
844 }
845 pull_string_talloc(referrals,
846 (const char *)rdata,
847 recv_flags2,
848 &referrals[i].dfspath,
849 p+node_offset,
850 PTR_DIFF(endp, p+node_offset),
851 STR_TERMINATE|STR_UNICODE);
852
853 if (!referrals[i].dfspath) {
854 status = map_nt_error_from_unix(errno);
855 goto out;
856 }
857 p += ref_size;
858 }
859 if (i < num_referrals) {
860 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
861 goto out;
862 }
863 }
864
865 *num_refs = num_referrals;
866 *refs = referrals;
867
868 out:
869
870 TALLOC_FREE(frame);
871 return status;
872 }
873
874 NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
875 struct cli_state *cli,
876 const char *path,
877 struct client_dfs_referral **refs,
878 size_t *num_refs,
879 size_t *consumed)
880 {
881 return cli_dfs_get_referral_ex(ctx,
882 cli,
883 path,
884 3,
885 refs, /* Max referral level we want */
886 num_refs,
887 consumed);
888 }
889
890 static bool cli_conn_have_dfs(struct cli_state *cli)
891 {
892 struct smbXcli_conn *conn = cli->conn;
893 struct smbXcli_tcon *tcon = NULL;
894 bool ok;
895
896 if (smbXcli_conn_protocol(conn) < PROTOCOL_SMB2_02) {
897 uint32_t capabilities = smb1cli_conn_capabilities(conn);
898
899 if ((capabilities & CAP_STATUS32) == 0) {
900 return false;
901 }
902 if ((capabilities & CAP_UNICODE) == 0) {
903 return false;
904 }
905
906 tcon = cli->smb1.tcon;
907 } else {
908 tcon = cli->smb2.tcon;
909 }
910
911 ok = smbXcli_tcon_is_dfs_share(tcon);
912 return ok;
913 }
914
915 /********************************************************************
916 ********************************************************************/
917 struct cli_dfs_path_split {
918 char *server;
919 char *share;
920 char *extrapath;
921 };
922
923 NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
924 const char *mountpt,
925 struct cli_credentials *creds,
926 struct cli_state *rootcli,
927 const char *path,
928 struct cli_state **targetcli,
929 char **pp_targetpath)
930 {
931 struct client_dfs_referral *refs = NULL;
932 size_t num_refs = 0;
933 size_t consumed = 0;
934 struct cli_state *cli_ipc = NULL;
935 char *dfs_path = NULL;
936 char *cleanpath = NULL;
937 char *extrapath = NULL;
938 int pathlen;
939 struct cli_state *newcli = NULL;
940 struct cli_state *ccli = NULL;
941 size_t count = 0;
942 char *newpath = NULL;
943 char *newmount = NULL;
944 char *ppath = NULL;
945 SMB_STRUCT_STAT sbuf;
946 uint32_t attributes;
947 NTSTATUS status;
948 struct smbXcli_tcon *target_tcon = NULL;
949 struct cli_dfs_path_split *dfs_refs = NULL;
950 bool ok;
951 bool is_already_dfs = false;
952
953 if ( !rootcli || !path || !targetcli ) {
954 return NT_STATUS_INVALID_PARAMETER;
955 }
956
957 /*
958 * Avoid more than one leading directory separator
959 */
960 while (IS_DIRECTORY_SEP(path[0]) && IS_DIRECTORY_SEP(path[1])) {
961 path++;
962 }
963
964 ok = cli_conn_have_dfs(rootcli);
965 if (!ok) {
966 *targetcli = rootcli;
967 *pp_targetpath = talloc_strdup(ctx, path);
968 if (!*pp_targetpath) {
969 return NT_STATUS_NO_MEMORY;
970 }
971 return NT_STATUS_OK;
972 }
973
974 *targetcli = NULL;
975
976 is_already_dfs = cli_dfs_is_already_full_path(rootcli, path);
977 if (is_already_dfs) {
978 const char *localpath = NULL;
979 /*
980 * Given path is already converted to DFS.
981 * Convert to a local path so clean_path()
982 * can correctly strip any wildcards.
983 */
984 status = cli_dfs_target_check(ctx,
985 rootcli,
986 path,
987 &localpath);
988 if (!NT_STATUS_IS_OK(status)) {
989 return status;
990 }
991 path = localpath;
992 }
993
994 /* Send a trans2_query_path_info to check for a referral. */
995
996 cleanpath = clean_path(ctx, path);
997 if (!cleanpath) {
998 return NT_STATUS_NO_MEMORY;
999 }
1000
1001 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
1002 if (!dfs_path) {
1003 return NT_STATUS_NO_MEMORY;
1004 }
1005
1006 status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
1007 if (NT_STATUS_IS_OK(status)) {
1008 /* This is an ordinary path, just return it. */
1009 *targetcli = rootcli;
1010 *pp_targetpath = talloc_strdup(ctx, path);
1011 if (!*pp_targetpath) {
1012 return NT_STATUS_NO_MEMORY;
1013 }
1014 goto done;
1015 }
1016
1017 /* Special case where client asked for a path that does not exist */
1018
1019 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1020 *targetcli = rootcli;
1021 *pp_targetpath = talloc_strdup(ctx, path);
1022 if (!*pp_targetpath) {
1023 return NT_STATUS_NO_MEMORY;
1024 }
1025 goto done;
1026 }
1027
1028 /* We got an error, check for DFS referral. */
1029
1030 if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
1031 return status;
1032 }
1033
1034 /* Check for the referral. */
1035
1036 status = cli_cm_open(ctx,
1037 rootcli,
1038 smbXcli_conn_remote_name(rootcli->conn),
1039 "IPC$",
1040 creds,
1041 NULL, /* dest_ss not needed, we reuse the transport */
1042 0,
1043 0x20,
1044 &cli_ipc);
1045 if (!NT_STATUS_IS_OK(status)) {
1046 return status;
1047 }
1048
1049 status = cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
1050 &num_refs, &consumed);
1051 if (!NT_STATUS_IS_OK(status)) {
1052 return status;
1053 }
1054
1055 if (!num_refs || !refs[0].dfspath) {
1056 return NT_STATUS_NOT_FOUND;
1057 }
1058
1059 /*
1060 * Bug#10123 - DFS referral entries can be provided in a random order,
1061 * so check the connection cache for each item to avoid unnecessary
1062 * reconnections.
1063 */
1064 dfs_refs = talloc_array(ctx, struct cli_dfs_path_split, num_refs);
1065 if (dfs_refs == NULL) {
1066 return NT_STATUS_NO_MEMORY;
1067 }
1068
1069 for (count = 0; count < num_refs; count++) {
1070 if (!split_dfs_path(dfs_refs, refs[count].dfspath,
1071 &dfs_refs[count].server,
1072 &dfs_refs[count].share,
1073 &dfs_refs[count].extrapath)) {
1074 TALLOC_FREE(dfs_refs);
1075 return NT_STATUS_NOT_FOUND;
1076 }
1077
1078 ccli = cli_cm_find(rootcli, dfs_refs[count].server,
1079 dfs_refs[count].share);
1080 if (ccli != NULL) {
1081 extrapath = dfs_refs[count].extrapath;
1082 *targetcli = ccli;
1083 break;
1084 }
1085 }
1086
1087 /*
1088 * If no cached connection was found, then connect to the first live
1089 * referral server in the list.
1090 */
1091 for (count = 0; (ccli == NULL) && (count < num_refs); count++) {
1092 /* Connect to the target server & share */
1093 status = cli_cm_connect(ctx, rootcli,
1094 dfs_refs[count].server,
1095 dfs_refs[count].share,
1096 creds,
1097 NULL, /* dest_ss */
1098 0, /* port */
1099 0x20,
1100 targetcli);
1101 if (!NT_STATUS_IS_OK(status)) {
1102 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
1103 dfs_refs[count].server,
1104 dfs_refs[count].share);
1105 continue;
1106 } else {
1107 extrapath = dfs_refs[count].extrapath;
1108 break;
1109 }
1110 }
1111
1112 /* No available referral server for the connection */
1113 if (*targetcli == NULL) {
1114 TALLOC_FREE(dfs_refs);
1115 return status;
1116 }
1117
1118 /* Make sure to recreate the original string including any wildcards. */
1119
1120 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
1121 if (!dfs_path) {
1122 TALLOC_FREE(dfs_refs);
1123 return NT_STATUS_NO_MEMORY;
1124 }
1125 pathlen = strlen(dfs_path);
1126 consumed = MIN(pathlen, consumed);
1127 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
1128 if (!*pp_targetpath) {
1129 TALLOC_FREE(dfs_refs);
1130 return NT_STATUS_NO_MEMORY;
1131 }
1132 dfs_path[consumed] = '\0';
1133
1134 /*
1135 * *pp_targetpath is now the unconsumed part of the path.
1136 * dfs_path is now the consumed part of the path
1137 * (in \server\share\path format).
1138 */
1139
1140 if (extrapath && strlen(extrapath) > 0) {
1141 /* EMC Celerra NAS version 5.6.50 (at least) doesn't appear to */
1142 /* put the trailing \ on the path, so to be safe we put one in if needed */
1143 if (extrapath[strlen(extrapath)-1] != '\\' && **pp_targetpath != '\\') {
1144 *pp_targetpath = talloc_asprintf(ctx,
1145 "%s\\%s",
1146 extrapath,
1147 *pp_targetpath);
1148 } else {
1149 *pp_targetpath = talloc_asprintf(ctx,
1150 "%s%s",
1151 extrapath,
1152 *pp_targetpath);
1153 }
1154 if (!*pp_targetpath) {
1155 TALLOC_FREE(dfs_refs);
1156 return NT_STATUS_NO_MEMORY;
1157 }
1158 }
1159
1160 /* parse out the consumed mount path */
1161 /* trim off the \server\share\ */
1162
1163 ppath = dfs_path;
1164
1165 if (*ppath != '\\') {
1166 d_printf("cli_resolve_path: "
1167 "dfs_path (%s) not in correct format.\n",
1168 dfs_path );
1169 TALLOC_FREE(dfs_refs);
1170 return NT_STATUS_NOT_FOUND;
1171 }
1172
1173 ppath++; /* Now pointing at start of server name. */
1174
1175 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
1176 TALLOC_FREE(dfs_refs);
1177 return NT_STATUS_NOT_FOUND;
1178 }
1179
1180 ppath++; /* Now pointing at start of share name. */
1181
1182 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
1183 TALLOC_FREE(dfs_refs);
1184 return NT_STATUS_NOT_FOUND;
1185 }
1186
1187 ppath++; /* Now pointing at path component. */
1188
1189 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
1190 if (!newmount) {
1191 TALLOC_FREE(dfs_refs);
1192 return NT_STATUS_NOT_FOUND;
1193 }
1194
1195 /* Check for another dfs referral, note that we are not
1196 checking for loops here. */
1197
1198 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
1199 status = cli_resolve_path(ctx,
1200 newmount,
1201 creds,
1202 *targetcli,
1203 *pp_targetpath,
1204 &newcli,
1205 &newpath);
1206 if (NT_STATUS_IS_OK(status)) {
1207 /*
1208 * When cli_resolve_path returns true here it's always
1209 * returning the complete path in newpath, so we're done
1210 * here.
1211 */
1212 *targetcli = newcli;
1213 *pp_targetpath = newpath;
1214 TALLOC_FREE(dfs_refs);
1215 return status;
1216 }
1217 }
1218
1219 done:
1220
1221 if (smbXcli_conn_protocol((*targetcli)->conn) >= PROTOCOL_SMB2_02) {
1222 target_tcon = (*targetcli)->smb2.tcon;
1223 } else {
1224 target_tcon = (*targetcli)->smb1.tcon;
1225 }
1226
1227 /* If returning true ensure we return a dfs root full path. */
1228 if (smbXcli_tcon_is_dfs_share(target_tcon)) {
1229 dfs_path = talloc_strdup(ctx, *pp_targetpath);
1230 if (!dfs_path) {
1231 TALLOC_FREE(dfs_refs);
1232 return NT_STATUS_NO_MEMORY;
1233 }
1234 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
1235 if (*pp_targetpath == NULL) {
1236 TALLOC_FREE(dfs_refs);
1237 return NT_STATUS_NO_MEMORY;
1238 }
1239 }
1240
1241 TALLOC_FREE(dfs_refs);
1242 return NT_STATUS_OK;
1243 }
1244
1245 /********************************************************************
1246 ********************************************************************/
1247
1248 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1249 struct cli_state *cli,
1250 const char *sharename,
1251 char **pp_newserver,
1252 char **pp_newshare,
1253 struct cli_credentials *creds)
1254 {
1255 struct client_dfs_referral *refs = NULL;
1256 size_t num_refs = 0;
1257 size_t consumed = 0;
1258 char *fullpath = NULL;
1259 bool res;
1260 struct smbXcli_tcon *orig_tcon = NULL;
1261 char *orig_share = NULL;
1262 char *newextrapath = NULL;
1263 NTSTATUS status;
1264 const char *remote_name;
1265 enum smb_encryption_setting encryption_state =
1266 cli_credentials_get_smb_encryption(creds);
1267
1268 if (!cli || !sharename) {
1269 return false;
1270 }
1271
1272 remote_name = smbXcli_conn_remote_name(cli->conn);
1273
1274 /* special case. never check for a referral on the IPC$ share */
1275
1276 if (strequal(sharename, "IPC$")) {
1277 return false;
1278 }
1279
1280 /* send a trans2_query_path_info to check for a referral */
1281
1282 fullpath = talloc_asprintf(ctx, "\\%s\\%s", remote_name, sharename);
1283 if (!fullpath) {
1284 return false;
1285 }
1286
1287 /* Store tcon state. */
1288 if (cli_state_has_tcon(cli)) {
1289 cli_state_save_tcon_share(cli, &orig_tcon, &orig_share);
1290 }
1291
1292 /* check for the referral */
1293
1294 if (!NT_STATUS_IS_OK(cli_tree_connect(cli, "IPC$", "IPC", NULL))) {
1295 cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
1296 return false;
1297 }
1298
1299 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
1300 status = cli_cm_force_encryption_creds(cli, creds, "IPC$");
1301 if (!NT_STATUS_IS_OK(status)) {
1302 switch (encryption_state) {
1303 case SMB_ENCRYPTION_DESIRED:
1304 break;
1305 case SMB_ENCRYPTION_REQUIRED:
1306 default:
1307 /*
1308 * Failed to set up encryption.
1309 * Disconnect the temporary IPC$
1310 * tcon before restoring the original
1311 * tcon so we don't leak it.
1312 */
1313 cli_tdis(cli);
1314 cli_state_restore_tcon_share(cli,
1315 orig_tcon,
1316 orig_share);
1317 return false;
1318 }
1319 }
1320 }
1321
1322 status = cli_dfs_get_referral(ctx, cli, fullpath, &refs,
1323 &num_refs, &consumed);
1324 res = NT_STATUS_IS_OK(status);
1325
1326 status = cli_tdis(cli);
1327
1328 cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
1329
1330 if (!NT_STATUS_IS_OK(status)) {
1331 return false;
1332 }
1333
1334 if (!res || !num_refs) {
1335 return false;
1336 }
1337
1338 if (!refs[0].dfspath) {
1339 return false;
1340 }
1341
1342 if (!split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1343 pp_newshare, &newextrapath)) {
1344 return false;
1345 }
1346
1347 /* check that this is not a self-referral */
1348
1349 if (strequal(remote_name, *pp_newserver) &&
1350 strequal(sharename, *pp_newshare)) {
1351 return false;
1352 }
1353
1354 return true;
1355 }
1356
1357 /********************************************************************
1358 Windows and NetApp (and arguably the SMB1/2/3 specs) expect a non-DFS
1359 path for the targets of rename and hardlink. If we have been given
1360 a DFS path for these calls, convert it back into a local path by
1361 stripping off the DFS prefix.
1362 ********************************************************************/
1363
1364 NTSTATUS cli_dfs_target_check(TALLOC_CTX *mem_ctx,
1365 struct cli_state *cli,
1366 const char *fname_dst,
1367 const char **fname_dst_out)
1368 {
1369 char *dfs_prefix = NULL;
1370 size_t prefix_len = 0;
1371 struct smbXcli_tcon *tcon = NULL;
1372
1373 if (!smbXcli_conn_dfs_supported(cli->conn)) {
1374 goto copy_fname_out;
1375 }
1376 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
1377 tcon = cli->smb2.tcon;
1378 } else {
1379 tcon = cli->smb1.tcon;
1380 }
1381 if (!smbXcli_tcon_is_dfs_share(tcon)) {
1382 goto copy_fname_out;
1383 }
1384 dfs_prefix = cli_dfs_make_full_path(mem_ctx, cli, "");
1385 if (dfs_prefix == NULL) {
1386 return NT_STATUS_NO_MEMORY;
1387 }
1388 prefix_len = strlen(dfs_prefix);
1389 if (strncmp(fname_dst, dfs_prefix, prefix_len) != 0) {
1390 /*
1391 * Prefix doesn't match. Assume it was
1392 * already stripped or not added in the
1393 * first place.
1394 */
1395 goto copy_fname_out;
1396 }
1397 /* Return the trailing name after the prefix. */
1398 *fname_dst_out = &fname_dst[prefix_len];
1399 TALLOC_FREE(dfs_prefix);
1400 return NT_STATUS_OK;
1401
1402 copy_fname_out:
1403
1404 /*
1405 * No change to the destination name. Just
1406 * point it at the incoming destination name.
1407 */
1408 *fname_dst_out = fname_dst;
1409 TALLOC_FREE(dfs_prefix);
1410 return NT_STATUS_OK;
1411 }
1412
1413 /********************************************************************
1414 Convert a pathname into a DFS path if it hasn't already been converted.
1415 Always returns a talloc'ed path, makes it easy to pass const paths in.
1416 ********************************************************************/
1417
1418 char *smb1_dfs_share_path(TALLOC_CTX *ctx,
1419 struct cli_state *cli,
1420 const char *path)
1421 {
1422 bool is_dfs = smbXcli_conn_dfs_supported(cli->conn) &&
1423 smbXcli_tcon_is_dfs_share(cli->smb1.tcon);
1424 bool is_already_dfs_path = false;
1425 bool posix = (cli->requested_posix_capabilities &
1426 CIFS_UNIX_POSIX_PATHNAMES_CAP);
1427 char sepchar = (posix ? '/' : '\\');
1428
1429 if (!is_dfs) {
1430 return talloc_strdup(ctx, path);
1431 }
1432 is_already_dfs_path = cli_dfs_is_already_full_path(cli, path);
1433 if (is_already_dfs_path) {
1434 return talloc_strdup(ctx, path);
1435 }
1436 /*
1437 * We don't use cli_dfs_make_full_path() as,
1438 * when given a null path, cli_dfs_make_full_path
1439 * deliberately adds a trailing '\\' (this is by
1440 * design to check for an existing DFS prefix match).
1441 */
1442 if (path[0] == '\0') {
1443 return talloc_asprintf(ctx,
1444 "%c%s%c%s",
1445 sepchar,
1446 smbXcli_conn_remote_name(cli->conn),
1447 sepchar,
1448 cli->share);
1449 }
1450 while (*path == sepchar) {
1451 path++;
1452 }
1453 return talloc_asprintf(ctx,
1454 "%c%s%c%s%c%s",
1455 sepchar,
1456 smbXcli_conn_remote_name(cli->conn),
1457 sepchar,
1458 cli->share,
1459 sepchar,
1460 path);
1461 }
Samba GIT mirror