tests/krb5/as_req_tests.py: add new tests to cover more of the AS-REQ protocol
[Samba.git] / dfs_server / dfs_server_ad.c
blob84a19bd380551af2db88cc169079e150981dc253
1 /*
2 Unix SMB/CIFS implementation.
4 Copyright Matthieu Patou <mat@matws.net> 2010-2011
5 Copyright Stefan Metzmacher 2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "librpc/gen_ndr/dfsblobs.h"
23 #include "librpc/gen_ndr/ndr_dfsblobs.h"
24 #include "dsdb/samdb/samdb.h"
25 #include "auth/session.h"
26 #include "param/param.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "dfs_server/dfs_server_ad.h"
29 #include "lib/util/util_net.h"
30 #include "libds/common/roles.h"
32 #define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
34 /* A DC set is a group of DC, they might have been grouped together
35 because they belong to the same site, or to site with same cost ...
37 struct dc_set {
38 const char **names;
39 uint32_t count;
42 static void shuffle_dc_set(struct dc_set *list)
44 uint32_t i;
46 for (i = list->count; i > 1; i--) {
47 uint32_t r;
48 const char *tmp;
50 r = generate_random() % i;
52 tmp = list->names[i - 1];
53 list->names[i - 1] = list->names[r];
54 list->names[r] = tmp;
59 fill a referral type structure
61 static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx,
62 struct dfs_referral_type *ref,
63 uint16_t version,
64 const char *dfs_path,
65 const char *server_path, int isfirstoffset)
67 ZERO_STRUCTP(ref);
68 switch (version) {
69 case 4:
70 ref->version = version;
71 /* For the moment there is a bug with XP that don't seems to appriciate much
72 * level4 so we return just level 3 for everyone
74 ref->referral.v4.server_type = DFS_SERVER_NON_ROOT;
75 /* "normal" referral seems to always include the GUID */
76 ref->referral.v4.size = 34;
78 if (isfirstoffset) {
79 ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK;
81 ref->referral.v4.ttl = 900; /* As w2k8r2 */
82 ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
83 if (ref->referral.v4.referrals.r1.DFS_path == NULL) {
84 return NT_STATUS_NO_MEMORY;
86 ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
87 if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) {
88 return NT_STATUS_NO_MEMORY;
90 ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
91 if (ref->referral.v4.referrals.r1.netw_address == NULL) {
92 return NT_STATUS_NO_MEMORY;
94 return NT_STATUS_OK;
95 case 3:
96 ref->version = version;
97 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
98 /* "normal" referral seems to always include the GUID */
99 ref->referral.v3.size = 34;
101 ref->referral.v3.entry_flags = 0;
102 ref->referral.v3.ttl = 600; /* As w2k3 */
103 ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
104 if (ref->referral.v3.referrals.r1.DFS_path == NULL) {
105 return NT_STATUS_NO_MEMORY;
107 ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
108 if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) {
109 return NT_STATUS_NO_MEMORY;
111 ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
112 if (ref->referral.v3.referrals.r1.netw_address == NULL) {
113 return NT_STATUS_NO_MEMORY;
115 return NT_STATUS_OK;
117 return NT_STATUS_INVALID_LEVEL;
121 fill a domain refererral
123 static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx,
124 struct dfs_referral_type *ref,
125 uint16_t version,
126 const char *domain,
127 const char **names,
128 uint16_t numnames)
130 switch (version) {
131 case 3:
132 ZERO_STRUCTP(ref);
133 DEBUG(8, ("Called fill_domain_dfs_referraltype\n"));
134 ref->version = version;
135 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
136 #if 0
137 /* We use to have variable size, on Windows 2008R2 it's the same
138 * and it seems that it gives better results so ... let's use the same
139 * size.
141 * Additional note: XP SP2 will ask for version 3 and SP3 for version 4.
144 * It's hard coded ... don't think it's a good way but the
145 * sizeof return not the correct values
147 * We have 18 if the GUID is not included 34 otherwise
149 if (numnames == 0) {
150 /* Windows return without the guid when returning domain list
152 ref->referral.v3.size = 18;
153 } else {
154 ref->referral.v3.size = 34;
156 #endif
157 /* As seen in w2k8r2 it always return the null GUID */
158 ref->referral.v3.size = 34;
159 ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP;
160 ref->referral.v3.ttl = 600; /* As w2k3 and w2k8r2*/
161 ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx,
162 domain);
163 if (ref->referral.v3.referrals.r2.special_name == NULL) {
164 return NT_STATUS_NO_MEMORY;
166 ref->referral.v3.referrals.r2.nb_expanded_names = numnames;
167 /* Put the final terminator */
168 if (names) {
169 int i;
170 const char **names2 = talloc_array(mem_ctx, const char *,
171 numnames+1);
172 NT_STATUS_HAVE_NO_MEMORY(names2);
173 for (i = 0; i<numnames; i++) {
174 names2[i] = talloc_asprintf(names2, "\\%s", names[i]);
175 NT_STATUS_HAVE_NO_MEMORY(names2[i]);
177 names2[numnames] = NULL;
178 ref->referral.v3.referrals.r2.expanded_names = names2;
180 return NT_STATUS_OK;
182 return NT_STATUS_INVALID_LEVEL;
186 get the DCs list within a site
188 static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
189 struct ldb_dn *sitedn, struct dc_set *list,
190 bool dofqdn)
192 static const char *attrs[] = { "serverReference", NULL };
193 static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL };
194 struct ldb_result *r;
195 unsigned int i;
196 int ret;
197 const char **dc_list;
199 ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs,
200 "(&(objectClass=server)(serverReference=*))");
201 if (ret != LDB_SUCCESS) {
202 DEBUG(2,(__location__ ": Failed to get list of servers - %s\n",
203 ldb_errstring(ldb)));
204 return NT_STATUS_INTERNAL_ERROR;
207 if (r->count == 0) {
208 /* none in this site */
209 talloc_free(r);
210 return NT_STATUS_OK;
214 * need to search for all server object to know the size of the array.
215 * Search all the object of class server in this site
217 dc_list = talloc_array(r, const char *, r->count);
218 if (dc_list == NULL) {
219 TALLOC_FREE(r);
220 return NT_STATUS_NO_MEMORY;
223 /* TODO put some random here in the order */
224 list->names = talloc_realloc(list, list->names, const char *, list->count + r->count);
225 if (list->names == NULL) {
226 TALLOC_FREE(r);
227 return NT_STATUS_NO_MEMORY;
230 for (i = 0; i<r->count; i++) {
231 struct ldb_dn *dn;
232 struct ldb_message *msg;
234 dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
235 if (!dn) {
236 return NT_STATUS_INTERNAL_ERROR;
239 ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
240 if (ret != LDB_SUCCESS) {
241 DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
242 ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
243 return NT_STATUS_INTERNAL_ERROR;
246 if (dofqdn) {
247 const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
248 if (dns == NULL) {
249 DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
250 ldb_dn_get_linearized(dn)));
251 talloc_free(r);
252 return NT_STATUS_INTERNAL_ERROR;
255 list->names[list->count] = talloc_strdup(list->names, dns);
256 if (list->names[list->count] == NULL) {
257 TALLOC_FREE(r);
258 return NT_STATUS_NO_MEMORY;
260 } else {
261 char *tmp;
262 const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
263 if (aname == NULL) {
264 DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
265 ldb_dn_get_linearized(dn)));
266 talloc_free(r);
267 return NT_STATUS_INTERNAL_ERROR;
270 tmp = talloc_strdup(list->names, aname);
271 if (tmp == NULL) {
272 TALLOC_FREE(r);
273 return NT_STATUS_NO_MEMORY;
276 /* Netbios name is also the sAMAccountName for
277 computer but without the final $ */
278 tmp[strlen(tmp) - 1] = '\0';
279 list->names[list->count] = tmp;
281 list->count++;
282 talloc_free(msg);
285 shuffle_dc_set(list);
287 talloc_free(r);
288 return NT_STATUS_OK;
293 get all DCs
295 static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
296 const char *searched_site, bool need_fqdn,
297 struct dc_set ***pset_list, uint32_t flags)
300 * Flags will be used later to indicate things like least-expensive
301 * or same-site options
303 const char *attrs_none[] = { NULL };
304 const char *attrs3[] = { "name", NULL };
305 struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn;
306 struct ldb_result *r;
307 struct dc_set **set_list = NULL;
308 uint32_t i;
309 int ret;
310 uint32_t current_pos = 0;
311 NTSTATUS status;
312 TALLOC_CTX *subctx;
314 *pset_list = set_list = NULL;
316 subctx = talloc_new(ctx);
317 NT_STATUS_HAVE_NO_MEMORY(subctx);
319 configdn = ldb_get_config_basedn(ldb);
321 /* Let's search for the Site container */
322 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none,
323 "(objectClass=sitesContainer)");
324 if (ret != LDB_SUCCESS) {
325 DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n",
326 ldb_dn_get_linearized(configdn), ldb_errstring(ldb)));
327 talloc_free(subctx);
328 return NT_STATUS_INTERNAL_ERROR;
330 if (r->count > 1) {
331 DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n",
332 r->count, ldb_dn_get_linearized(configdn)));
333 talloc_free(subctx);
334 return NT_STATUS_INTERNAL_ERROR;
337 sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn);
338 talloc_free(r);
341 * TODO: Here we should have a more subtle handling
342 * for the case "same-site"
344 ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE,
345 attrs_none, "(objectClass=server)");
346 if (ret != LDB_SUCCESS) {
347 DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n",
348 ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb)));
349 talloc_free(subctx);
350 return NT_STATUS_INTERNAL_ERROR;
352 talloc_free(r);
354 if (searched_site != NULL && searched_site[0] != '\0') {
355 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE,
356 attrs_none, "(&(name=%s)(objectClass=site))", searched_site);
357 if (ret != LDB_SUCCESS) {
358 talloc_free(subctx);
359 return NT_STATUS_FOOBAR;
360 } else if (r->count != 1) {
361 talloc_free(subctx);
362 return NT_STATUS_FOOBAR;
365 /* All of this was to get the DN of the searched_site */
366 sitedn = r->msgs[0]->dn;
369 * We will realloc + 2 because we will need one additional place
370 * for element at current_pos + 1 for the NULL element
372 set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2);
373 if (set_list == NULL) {
374 TALLOC_FREE(subctx);
375 return NT_STATUS_NO_MEMORY;
378 set_list[current_pos] = talloc(set_list, struct dc_set);
379 if (set_list[current_pos] == NULL) {
380 TALLOC_FREE(subctx);
381 return NT_STATUS_NO_MEMORY;
384 set_list[current_pos]->names = NULL;
385 set_list[current_pos]->count = 0;
387 set_list[current_pos+1] = NULL;
389 status = get_dcs_insite(subctx, ldb, sitedn,
390 set_list[current_pos], need_fqdn);
391 if (!NT_STATUS_IS_OK(status)) {
392 DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n",
393 ldb_dn_get_linearized(sitedn), nt_errstr(status)));
394 talloc_free(subctx);
395 return status;
397 talloc_free(r);
398 current_pos++;
401 /* Let's find all the sites */
402 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)");
403 if (ret != LDB_SUCCESS) {
404 DEBUG(2,(__location__ ": Failed to find any site containers in %s\n",
405 ldb_dn_get_linearized(configdn)));
406 talloc_free(subctx);
407 return NT_STATUS_INTERNAL_DB_CORRUPTION;
411 * TODO:
412 * We should randomize the order in the main site,
413 * it's mostly needed for sysvol/netlogon referral.
414 * Depending of flag we either randomize order of the
415 * not "in the same site DCs"
416 * or we randomize by group of site that have the same cost
417 * In the long run we want to manipulate an array of site_set
418 * All the site in one set have the same cost (if least-expansive options is selected)
419 * and we will put all the dc related to 1 site set into 1 DCs set.
420 * Within a site set, site order has to be randomized
422 * But for the moment we just return the list of sites
424 if (r->count) {
426 * We will realloc + 2 because we will need one additional place
427 * for element at current_pos + 1 for the NULL element
429 set_list = talloc_realloc(subctx, set_list, struct dc_set *,
430 current_pos+2);
431 if (set_list == NULL) {
432 TALLOC_FREE(subctx);
433 return NT_STATUS_NO_MEMORY;
436 set_list[current_pos] = talloc(ctx, struct dc_set);
437 if (set_list[current_pos] == NULL) {
438 TALLOC_FREE(subctx);
439 return NT_STATUS_NO_MEMORY;
442 set_list[current_pos]->names = NULL;
443 set_list[current_pos]->count = 0;
445 set_list[current_pos+1] = NULL;
448 for (i=0; i<r->count; i++) {
449 const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL);
450 if (site_name == NULL) {
451 DEBUG(2,(__location__ ": Failed to find name attribute in %s\n",
452 ldb_dn_get_linearized(r->msgs[i]->dn)));
453 talloc_free(subctx);
454 return NT_STATUS_INTERNAL_DB_CORRUPTION;
457 if (searched_site == NULL ||
458 strcmp(searched_site, site_name) != 0) {
459 DEBUG(2,(__location__ ": Site: %s %s\n",
460 searched_site, site_name));
463 * Do all the site but the one of the client
464 * (because it has already been done ...)
466 dn = r->msgs[i]->dn;
468 status = get_dcs_insite(subctx, ldb, dn,
469 set_list[current_pos],
470 need_fqdn);
471 if (!NT_STATUS_IS_OK(status)) {
472 talloc_free(subctx);
473 return status;
478 *pset_list = talloc_move(ctx, &set_list);
479 talloc_free(subctx);
480 return NT_STATUS_OK;
483 static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
484 struct ldb_context *sam_ctx,
485 const struct tsocket_address *client,
486 struct dfs_GetDFSReferral *r)
489 * TODO for the moment we just return the local domain
491 NTSTATUS status;
492 const char *dns_domain = lpcfg_dnsdomain(lp_ctx);
493 const char *netbios_domain = lpcfg_workgroup(lp_ctx);
494 struct dfs_referral_type *referrals;
495 const char *referral_str;
496 /* In the future this needs to be fetched from the ldb */
497 uint32_t found_domain = 2;
499 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
500 DEBUG(10 ,("Received a domain referral request on a non DC\n"));
501 return NT_STATUS_INVALID_PARAMETER;
504 if (r->in.req.max_referral_level < 3) {
505 DEBUG(2,("invalid max_referral_level %u\n",
506 r->in.req.max_referral_level));
507 return NT_STATUS_UNSUCCESSFUL;
510 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
511 if (r->out.resp == NULL) {
512 return NT_STATUS_NO_MEMORY;
515 r->out.resp->path_consumed = 0;
516 r->out.resp->header_flags = 0; /* Do like w2k3 */
517 r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */
519 referrals = talloc_zero_array(r->out.resp,
520 struct dfs_referral_type,
521 r->out.resp->nb_referrals);
522 if (referrals == NULL) {
523 return NT_STATUS_NO_MEMORY;
525 r->out.resp->referral_entries = referrals;
527 referral_str = talloc_asprintf(r, "\\%s", netbios_domain);
528 if (referral_str == NULL) {
529 return NT_STATUS_NO_MEMORY;
532 status = fill_domain_dfs_referraltype(referrals,
533 &referrals[0], 3,
534 referral_str,
535 NULL, 0);
536 if (!NT_STATUS_IS_OK(status)) {
537 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
538 __location__, nt_errstr(status)));
539 return status;
542 referral_str = talloc_asprintf(r, "\\%s", dns_domain);
543 if (referral_str == NULL) {
544 return NT_STATUS_NO_MEMORY;
547 status = fill_domain_dfs_referraltype(referrals,
548 &referrals[1], 3,
549 referral_str,
550 NULL, 0);
551 if (!NT_STATUS_IS_OK(status)) {
552 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
553 __location__, nt_errstr(status)));
554 return status;
557 return NT_STATUS_OK;
561 * Handle the logic for dfs referral request like
562 * \\dns_domain or \\netbios_domain.
564 static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
565 struct ldb_context *sam_ctx,
566 const struct tsocket_address *client,
567 struct dfs_GetDFSReferral *r,
568 const char *domain_name)
570 NTSTATUS status;
571 const char *site_name = NULL; /* Name of the site where the client is */
572 bool need_fqdn = false;
573 unsigned int i;
574 const char **dc_list = NULL;
575 uint32_t num_dcs = 0;
576 struct dc_set **set;
577 char *client_str = NULL;
578 struct dfs_referral_type *referrals;
579 const char *referral_str;
581 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
582 return NT_STATUS_INVALID_PARAMETER;
585 if (r->in.req.max_referral_level < 3) {
586 DEBUG(2,("invalid max_referral_level %u\n",
587 r->in.req.max_referral_level));
588 return NT_STATUS_UNSUCCESSFUL;
591 DEBUG(10, ("in this we have request for %s requested is %s\n",
592 domain_name, r->in.req.servername));
594 if (strchr(domain_name,'.')) {
595 need_fqdn = 1;
598 if (tsocket_address_is_inet(client, "ip")) {
599 client_str = tsocket_address_inet_addr_string(client, r);
600 if (client_str == NULL) {
601 return NT_STATUS_NO_MEMORY;
605 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true);
607 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
608 if (!NT_STATUS_IS_OK(status)) {
609 DEBUG(3,("Unable to get list of DCs - %s\n",
610 nt_errstr(status)));
611 return status;
614 for(i=0; set[i]; i++) {
615 uint32_t j;
617 dc_list = talloc_realloc(r, dc_list, const char*,
618 num_dcs + set[i]->count + 1);
619 if (dc_list == NULL) {
620 return NT_STATUS_NO_MEMORY;
623 for(j=0; j<set[i]->count; j++) {
624 dc_list[num_dcs + j] = talloc_move(dc_list,
625 &set[i]->names[j]);
627 num_dcs = num_dcs + set[i]->count;
628 TALLOC_FREE(set[i]);
629 dc_list[num_dcs] = NULL;
632 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
633 if (r->out.resp == NULL) {
634 return NT_STATUS_NO_MEMORY;
637 r->out.resp->path_consumed = 0;
638 r->out.resp->header_flags = 0; /* Do like w2k3 */
639 r->out.resp->nb_referrals = 1;
641 referrals = talloc_zero_array(r->out.resp,
642 struct dfs_referral_type,
643 r->out.resp->nb_referrals);
644 if (referrals == NULL) {
645 return NT_STATUS_NO_MEMORY;
647 r->out.resp->referral_entries = referrals;
649 if (r->in.req.servername[0] == '\\') {
650 referral_str = talloc_asprintf(referrals, "%s",
651 domain_name);
652 } else {
653 referral_str = talloc_asprintf(referrals, "\\%s",
654 domain_name);
656 if (referral_str == NULL) {
657 return NT_STATUS_NO_MEMORY;
660 status = fill_domain_dfs_referraltype(referrals,
661 &referrals[0], 3,
662 referral_str,
663 dc_list, num_dcs);
664 if (!NT_STATUS_IS_OK(status)) {
665 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
666 __location__, nt_errstr(status)));
667 return status;
670 return NT_STATUS_OK;
674 * Handle the logic for dfs referral request like
675 * \\domain\sysvol or \\domain\netlogon
677 static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
678 struct ldb_context *sam_ctx,
679 const struct tsocket_address *client,
680 struct dfs_GetDFSReferral *r,
681 const char *domain_name,
682 const char *dfs_name)
684 const char *site_name = NULL; /* Name of the site where the client is */
685 bool need_fqdn = false;
686 unsigned int i, c = 0, nb_entries = 0;
687 struct dc_set **set;
688 char *client_str = NULL;
689 NTSTATUS status;
690 struct dfs_referral_type *referrals;
692 if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
693 return NT_STATUS_INVALID_PARAMETER;
696 if (r->in.req.max_referral_level < 3) {
697 DEBUG(2,("invalid max_referral_level %u\n",
698 r->in.req.max_referral_level));
699 return NT_STATUS_UNSUCCESSFUL;
702 DEBUG(10, ("in this we have request for %s and share %s requested is %s\n",
703 domain_name, dfs_name, r->in.req.servername));
705 if (strchr(domain_name,'.')) {
706 need_fqdn = 1;
709 if (tsocket_address_is_inet(client, "ip")) {
710 client_str = tsocket_address_inet_addr_string(client, r);
711 if (client_str == NULL) {
712 return NT_STATUS_NO_MEMORY;
716 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true);
718 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
719 if (!NT_STATUS_IS_OK(status)) {
720 DEBUG(3,("Unable to get list of DCs - %s\n",
721 nt_errstr(status)));
722 return status;
725 for(i=0; set[i]; i++) {
726 nb_entries = nb_entries + set[i]->count;
729 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
730 if (r->out.resp == NULL) {
731 return NT_STATUS_NO_MEMORY;
734 /* The length is expected in bytes */
735 r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2;
736 /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/
737 r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR;
738 r->out.resp->nb_referrals = nb_entries;
740 referrals = talloc_zero_array(r->out.resp,
741 struct dfs_referral_type,
742 r->out.resp->nb_referrals);
743 if (referrals == NULL) {
744 return NT_STATUS_NO_MEMORY;
746 r->out.resp->referral_entries = referrals;
748 c = 0;
749 for(i=0; set[i]; i++) {
750 uint32_t j;
752 for(j=0; j< set[i]->count; j++) {
753 struct dfs_referral_type *ref = &referrals[c];
754 const char *referral_str;
756 referral_str = talloc_asprintf(referrals, "\\%s\\%s",
757 set[i]->names[j], dfs_name);
758 if (referral_str == NULL) {
759 return NT_STATUS_NO_MEMORY;
762 DEBUG(8,("Doing a dfs referral for %s with this value "
763 "%s requested %s\n",
764 set[i]->names[j], referral_str,
765 r->in.req.servername));
767 status = fill_normal_dfs_referraltype(referrals, ref,
768 r->in.req.max_referral_level,
769 r->in.req.servername,
770 referral_str, c==0);
773 if (!NT_STATUS_IS_OK(status)) {
774 DEBUG(2,("%s: Unable to fill domain referral "
775 "structure - %s\n",
776 __location__, nt_errstr(status)));
777 return status;
780 c++;
784 return NT_STATUS_OK;
788 trans2 getdfsreferral implementation
790 NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx,
791 struct ldb_context *sam_ctx,
792 const struct tsocket_address *client,
793 struct dfs_GetDFSReferral *r)
795 char *server_name = NULL;
796 char *dfs_name = NULL;
797 char *link_path = NULL;
798 const char *netbios_domain;
799 const char *dns_domain;
800 const char *netbios_name;
801 const char *dns_name;
802 const char **netbios_aliases;
803 char path_separator;
805 if (!lpcfg_host_msdfs(lp_ctx)) {
806 return NT_STATUS_FS_DRIVER_REQUIRED;
809 if (r->in.req.servername == NULL) {
810 return NT_STATUS_INVALID_PARAMETER;
813 DEBUG(8, ("Requested DFS name: %s length: %u\n",
814 r->in.req.servername,
815 (unsigned int)strlen_m(r->in.req.servername)*2));
818 * If the servername is "" then we are in a case of domain dfs
819 * and the client just searches for the list of local domain
820 * it is attached and also trusted ones.
822 if (strlen(r->in.req.servername) == 0) {
823 return dodomain_referral(lp_ctx, sam_ctx, client, r);
826 server_name = talloc_strdup(r, r->in.req.servername);
827 if (server_name == NULL) {
828 return NT_STATUS_NO_MEMORY;
831 path_separator = (*server_name == '/') ? '/' : '\\';
833 while(*server_name && *server_name == path_separator) {
834 server_name++;
837 dfs_name = strchr_m(server_name, path_separator);
838 if (dfs_name != NULL) {
839 dfs_name[0] = '\0';
840 dfs_name++;
842 link_path = strchr_m(dfs_name, path_separator);
843 if (link_path != NULL) {
844 link_path[0] = '\0';
845 link_path++;
849 if (link_path != NULL) {
851 * If it is a DFS Link we do not
852 * handle it here.
854 return NT_STATUS_NOT_FOUND;
857 netbios_domain = lpcfg_workgroup(lp_ctx);
858 dns_domain = lpcfg_dnsdomain(lp_ctx);
859 netbios_name = lpcfg_netbios_name(lp_ctx);
860 dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain);
861 if (dns_name == NULL) {
862 return NT_STATUS_NO_MEMORY;
865 if ((strcasecmp_m(server_name, netbios_name) == 0) ||
866 (strcasecmp_m(server_name, dns_name) == 0)) {
868 * If it is not domain related do not
869 * handle it here.
871 return NT_STATUS_NOT_FOUND;
874 if (is_ipaddress(server_name)) {
876 * If it is not domain related do not
877 * handle it here.
879 return NT_STATUS_NOT_FOUND;
882 netbios_aliases = lpcfg_netbios_aliases(lp_ctx);
883 while (netbios_aliases && *netbios_aliases) {
884 const char *netbios_alias = *netbios_aliases;
885 char *dns_alias;
886 int cmp;
888 cmp = strcasecmp_m(server_name, netbios_alias);
889 if (cmp == 0) {
891 * If it is not domain related do not
892 * handle it here.
894 return NT_STATUS_NOT_FOUND;
897 dns_alias = talloc_asprintf(r, "%s.%s",
898 netbios_alias,
899 dns_domain);
900 if (dns_alias == NULL) {
901 return NT_STATUS_NO_MEMORY;
904 cmp = strcasecmp_m(server_name, dns_alias);
905 talloc_free(dns_alias);
906 if (cmp == 0) {
908 * If it is not domain related do not
909 * handle it here.
911 return NT_STATUS_NOT_FOUND;
913 netbios_aliases++;
916 if ((strcasecmp_m(server_name, netbios_domain) != 0) &&
917 (strcasecmp_m(server_name, dns_domain) != 0)) {
919 * Not a domain we handle.
921 return NT_STATUS_INVALID_PARAMETER;
925 * Here we have filtered the thing the requested name don't contain our DNS name.
926 * So if the share == NULL or if share in ("sysvol", "netlogon")
927 * then we proceed. In the first case it will be a dc refereal in the second it will
928 * be just a sysvol/netlogon referral.
930 if (dfs_name == NULL) {
931 return dodc_referral(lp_ctx, sam_ctx,
932 client, r, server_name);
936 * Here we have filtered the thing the requested name don't contain our DNS name.
937 * So if the share == NULL or if share in ("sysvol", "netlogon")
938 * then we proceed. In the first case it will be a dc refereal in the second it will
939 * be just a sysvol/netlogon referral.
941 if (strcasecmp(dfs_name, "sysvol") == 0 ||
942 strcasecmp(dfs_name, "netlogon") == 0) {
943 return dosysvol_referral(lp_ctx, sam_ctx, client, r,
944 server_name, dfs_name);
947 /* By default until all the case are handled */
948 return NT_STATUS_NOT_FOUND;