search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nsswitch:libwbclient - fix leak in wbcCtxPingDc2
[Samba.git] / source3 / libsmb / clidfs.c
blob1e73aa221dc3655f2662c79762e5892976b181ad
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "libsmb/libsmb.h"
24 #include "libsmb/clirap.h"
25 #include "msdfs.h"
26 #include "trans2.h"
27 #include "libsmb/nmblib.h"
28 #include "../libcli/smb/smbXcli_base.h"
29 #include "auth/credentials/credentials.h"
30
31 /********************************************************************
32 Important point.
33
34 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
35 are not C escaped here).
36
37 - but if we're using POSIX paths then <pathname> may contain
38 '/' separators, not '\\' separators. So cope with '\\' or '/'
39 as a separator when looking at the pathname part.... JRA.
40 ********************************************************************/
41
42 /********************************************************************
43 Ensure a connection is encrypted.
44 ********************************************************************/
45
46 static NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
47 struct cli_credentials *creds,
48 const char *sharename)
49 {
50 uint16_t major, minor;
51 uint32_t caplow, caphigh;
52 NTSTATUS status;
53 bool temp_ipc = false;
54
55 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
56 status = smb2cli_session_encryption_on(c->smb2.session);
57 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
58 d_printf("Encryption required and "
59 "server doesn't support "
60 "SMB3 encryption - failing connect\n");
61 } else if (!NT_STATUS_IS_OK(status)) {
62 d_printf("Encryption required and "
63 "setup failed with error %s.\n",
64 nt_errstr(status));
65 }
66 return status;
67 }
68
69 if (!SERVER_HAS_UNIX_CIFS(c)) {
70 d_printf("Encryption required and "
71 "server that doesn't support "
72 "UNIX extensions - failing connect\n");
73 return NT_STATUS_NOT_SUPPORTED;
74 }
75
76 if (c->smb1.tcon == NULL) {
77 status = cli_tree_connect_creds(c, "IPC$", "IPC", creds);
78 if (!NT_STATUS_IS_OK(status)) {
79 d_printf("Encryption required and "
80 "can't connect to IPC$ to check "
81 "UNIX CIFS extensions.\n");
82 return NT_STATUS_UNKNOWN_REVISION;
83 }
84 temp_ipc = true;
85 }
86
87 status = cli_unix_extensions_version(c, &major, &minor, &caplow,
88 &caphigh);
89 if (!NT_STATUS_IS_OK(status)) {
90 d_printf("Encryption required and "
91 "can't get UNIX CIFS extensions "
92 "version from server.\n");
93 if (temp_ipc) {
94 cli_tdis(c);
95 }
96 return NT_STATUS_UNKNOWN_REVISION;
97 }
98
99 if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
100 d_printf("Encryption required and "
101 "share %s doesn't support "
102 "encryption.\n", sharename);
103 if (temp_ipc) {
104 cli_tdis(c);
105 }
106 return NT_STATUS_UNSUPPORTED_COMPRESSION;
107 }
108
109 status = cli_smb1_setup_encryption(c, creds);
110 if (!NT_STATUS_IS_OK(status)) {
111 d_printf("Encryption required and "
112 "setup failed with error %s.\n",
113 nt_errstr(status));
114 if (temp_ipc) {
115 cli_tdis(c);
116 }
117 return status;
118 }
119
120 if (temp_ipc) {
121 cli_tdis(c);
122 }
123 return NT_STATUS_OK;
124 }
125
126 /********************************************************************
127 Return a connection to a server.
128 ********************************************************************/
129
130 static NTSTATUS do_connect(TALLOC_CTX *ctx,
131 const char *server,
132 const char *share,
133 struct cli_credentials *creds,
134 const struct sockaddr_storage *dest_ss,
135 int port,
136 int name_type,
137 struct cli_state **pcli)
138 {
139 struct cli_state *c = NULL;
140 char *servicename;
141 char *sharename;
142 char *newserver, *newshare;
143 NTSTATUS status;
144 int flags = 0;
145 enum protocol_types protocol = PROTOCOL_NONE;
146 enum smb_signing_setting signing_state =
147 cli_credentials_get_smb_signing(creds);
148 enum smb_encryption_setting encryption_state =
149 cli_credentials_get_smb_encryption(creds);
150
151 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
152 signing_state = SMB_SIGNING_REQUIRED;
153 }
154
155 /* make a copy so we don't modify the global string 'service' */
156 servicename = talloc_strdup(ctx,share);
157 if (!servicename) {
158 return NT_STATUS_NO_MEMORY;
159 }
160 sharename = servicename;
161 if (*sharename == '\\') {
162 sharename += 2;
163 if (server == NULL) {
164 server = sharename;
165 }
166 sharename = strchr_m(sharename,'\\');
167 if (!sharename) {
168 return NT_STATUS_NO_MEMORY;
169 }
170 *sharename = 0;
171 sharename++;
172 }
173 if (server == NULL) {
174 return NT_STATUS_INVALID_PARAMETER;
175 }
176
177 status = cli_connect_nb(
178 server, dest_ss, port, name_type, NULL,
179 signing_state,
180 flags, &c);
181
182 if (!NT_STATUS_IS_OK(status)) {
183 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
184 DBG_ERR("NetBIOS support disabled, unable to connect");
185 }
186
187 DBG_WARNING("Connection to %s failed (Error %s)\n",
188 server,
189 nt_errstr(status));
190 return status;
191 }
192
193 DEBUG(4,(" session request ok\n"));
194
195 status = smbXcli_negprot(c->conn, c->timeout,
196 lp_client_min_protocol(),
197 lp_client_max_protocol());
198
199 if (!NT_STATUS_IS_OK(status)) {
200 d_printf("protocol negotiation failed: %s\n",
201 nt_errstr(status));
202 cli_shutdown(c);
203 return status;
204 }
205 protocol = smbXcli_conn_protocol(c->conn);
206 DEBUG(4,(" negotiated dialect[%s] against server[%s]\n",
207 smb_protocol_types_string(protocol),
208 smbXcli_conn_remote_name(c->conn)));
209
210 if (protocol >= PROTOCOL_SMB2_02) {
211 /* Ensure we ask for some initial credits. */
212 smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
213 }
214
215 status = cli_session_setup_creds(c, creds);
216 if (!NT_STATUS_IS_OK(status)) {
217 /* If a password was not supplied then
218 * try again with a null username. */
219 if (encryption_state == SMB_ENCRYPTION_REQUIRED ||
220 smbXcli_conn_signing_mandatory(c->conn) ||
221 cli_credentials_authentication_requested(creds) ||
222 cli_credentials_is_anonymous(creds) ||
223 !NT_STATUS_IS_OK(status = cli_session_setup_anon(c)))
224 {
225 d_printf("session setup failed: %s\n",
226 nt_errstr(status));
227 if (NT_STATUS_EQUAL(status,
228 NT_STATUS_MORE_PROCESSING_REQUIRED))
229 d_printf("did you forget to run kinit?\n");
230 cli_shutdown(c);
231 return status;
232 }
233 d_printf("Anonymous login successful\n");
234 }
235
236 if (!NT_STATUS_IS_OK(status)) {
237 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
238 cli_shutdown(c);
239 return status;
240 }
241
242 DEBUG(4,(" session setup ok\n"));
243
244 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
245 status = cli_cm_force_encryption_creds(c,
246 creds,
247 sharename);
248 if (!NT_STATUS_IS_OK(status)) {
249 switch (encryption_state) {
250 case SMB_ENCRYPTION_DESIRED:
251 break;
252 case SMB_ENCRYPTION_REQUIRED:
253 default:
254 cli_shutdown(c);
255 return status;
256 }
257 }
258 }
259
260 /* here's the fun part....to support 'msdfs proxy' shares
261 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
262 here before trying to connect to the original share.
263 cli_check_msdfs_proxy() will fail if it is a normal share. */
264
265 if (smbXcli_conn_dfs_supported(c->conn) &&
266 cli_check_msdfs_proxy(ctx, c, sharename,
267 &newserver, &newshare,
268 creds)) {
269 cli_shutdown(c);
270 return do_connect(ctx, newserver,
271 newshare, creds,
272 NULL, port, name_type, pcli);
273 }
274
275 /* must be a normal share */
276
277 status = cli_tree_connect_creds(c, sharename, "?????", creds);
278 if (!NT_STATUS_IS_OK(status)) {
279 d_printf("tree connect failed: %s\n", nt_errstr(status));
280 cli_shutdown(c);
281 return status;
282 }
283
284 DEBUG(4,(" tconx ok\n"));
285 *pcli = c;
286 return NT_STATUS_OK;
287 }
288
289 /********************************************************************
290 Add a new connection to the list.
291 referring_cli == NULL means a new initial connection.
292 ********************************************************************/
293
294 static NTSTATUS cli_cm_connect(TALLOC_CTX *ctx,
295 struct cli_state *referring_cli,
296 const char *server,
297 const char *share,
298 struct cli_credentials *creds,
299 const struct sockaddr_storage *dest_ss,
300 int port,
301 int name_type,
302 struct cli_state **pcli)
303 {
304 struct cli_state *cli = NULL;
305 NTSTATUS status;
306
307 status = do_connect(ctx, server, share,
308 creds,
309 dest_ss, port, name_type, &cli);
310
311 if (!NT_STATUS_IS_OK(status)) {
312 return status;
313 }
314
315 /*
316 * This can't happen, this test is to satisfy static
317 * checkers (clang)
318 */
319 if (cli == NULL) {
320 return NT_STATUS_NO_MEMORY;
321 }
322
323 /* Enter into the list. */
324 if (referring_cli) {
325 DLIST_ADD_END(referring_cli, cli);
326 }
327
328 if (referring_cli && referring_cli->requested_posix_capabilities) {
329 uint16_t major, minor;
330 uint32_t caplow, caphigh;
331 status = cli_unix_extensions_version(cli, &major, &minor,
332 &caplow, &caphigh);
333 if (NT_STATUS_IS_OK(status)) {
334 cli_set_unix_extensions_capabilities(cli,
335 major, minor,
336 caplow, caphigh);
337 }
338 }
339
340 *pcli = cli;
341 return NT_STATUS_OK;
342 }
343
344 /********************************************************************
345 Return a connection to a server on a particular share.
346 ********************************************************************/
347
348 static struct cli_state *cli_cm_find(struct cli_state *cli,
349 const char *server,
350 const char *share)
351 {
352 struct cli_state *p;
353
354 if (cli == NULL) {
355 return NULL;
356 }
357
358 /* Search to the start of the list. */
359 for (p = cli; p; p = DLIST_PREV(p)) {
360 const char *remote_name =
361 smbXcli_conn_remote_name(p->conn);
362
363 if (strequal(server, remote_name) &&
364 strequal(share,p->share)) {
365 return p;
366 }
367 }
368
369 /* Search to the end of the list. */
370 for (p = cli->next; p; p = p->next) {
371 const char *remote_name =
372 smbXcli_conn_remote_name(p->conn);
373
374 if (strequal(server, remote_name) &&
375 strequal(share,p->share)) {
376 return p;
377 }
378 }
379
380 return NULL;
381 }
382
383 /****************************************************************************
384 Open a client connection to a \\server\share.
385 ****************************************************************************/
386
387 NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
388 struct cli_state *referring_cli,
389 const char *server,
390 const char *share,
391 struct cli_credentials *creds,
392 const struct sockaddr_storage *dest_ss,
393 int port,
394 int name_type,
395 struct cli_state **pcli)
396 {
397 /* Try to reuse an existing connection in this list. */
398 struct cli_state *c = cli_cm_find(referring_cli, server, share);
399 NTSTATUS status;
400
401 if (c) {
402 *pcli = c;
403 return NT_STATUS_OK;
404 }
405
406 if (creds == NULL) {
407 /* Can't do a new connection
408 * without auth info. */
409 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
410 "without client credentials\n",
411 server, share );
412 return NT_STATUS_INVALID_PARAMETER;
413 }
414
415 status = cli_cm_connect(ctx,
416 referring_cli,
417 server,
418 share,
419 creds,
420 dest_ss,
421 port,
422 name_type,
423 &c);
424 if (!NT_STATUS_IS_OK(status)) {
425 return status;
426 }
427 *pcli = c;
428 return NT_STATUS_OK;
429 }
430
431 /****************************************************************************
432 ****************************************************************************/
433
434 void cli_cm_display(struct cli_state *cli)
435 {
436 int i;
437
438 for (i=0; cli; cli = cli->next,i++ ) {
439 d_printf("%d:\tserver=%s, share=%s\n",
440 i, smbXcli_conn_remote_name(cli->conn), cli->share);
441 }
442 }
443
444 /**********************************************************************
445 split a dfs path into the server, share name, and extrapath components
446 **********************************************************************/
447
448 static bool split_dfs_path(TALLOC_CTX *ctx,
449 const char *nodepath,
450 char **pp_server,
451 char **pp_share,
452 char **pp_extrapath)
453 {
454 char *p, *q;
455 char *path;
456
457 *pp_server = NULL;
458 *pp_share = NULL;
459 *pp_extrapath = NULL;
460
461 path = talloc_strdup(ctx, nodepath);
462 if (!path) {
463 goto fail;
464 }
465
466 if ( path[0] != '\\' ) {
467 goto fail;
468 }
469
470 p = strchr_m( path + 1, '\\' );
471 if ( !p ) {
472 goto fail;
473 }
474
475 *p = '\0';
476 p++;
477
478 /* Look for any extra/deep path */
479 q = strchr_m(p, '\\');
480 if (q != NULL) {
481 *q = '\0';
482 q++;
483 *pp_extrapath = talloc_strdup(ctx, q);
484 } else {
485 *pp_extrapath = talloc_strdup(ctx, "");
486 }
487 if (*pp_extrapath == NULL) {
488 goto fail;
489 }
490
491 *pp_share = talloc_strdup(ctx, p);
492 if (*pp_share == NULL) {
493 goto fail;
494 }
495
496 *pp_server = talloc_strdup(ctx, &path[1]);
497 if (*pp_server == NULL) {
498 goto fail;
499 }
500
501 TALLOC_FREE(path);
502 return true;
503
504 fail:
505 TALLOC_FREE(*pp_share);
506 TALLOC_FREE(*pp_extrapath);
507 TALLOC_FREE(path);
508 return false;
509 }
510
511 /****************************************************************************
512 Return the original path truncated at the directory component before
513 the first wildcard character. Trust the caller to provide a NULL
514 terminated string
515 ****************************************************************************/
516
517 static char *clean_path(TALLOC_CTX *ctx, const char *path)
518 {
519 size_t len;
520 char *p1, *p2, *p;
521 char *path_out;
522
523 /* No absolute paths. */
524 while (IS_DIRECTORY_SEP(*path)) {
525 path++;
526 }
527
528 path_out = talloc_strdup(ctx, path);
529 if (!path_out) {
530 return NULL;
531 }
532
533 p1 = strchr_m(path_out, '*');
534 p2 = strchr_m(path_out, '?');
535
536 if (p1 || p2) {
537 if (p1 && p2) {
538 p = MIN(p1,p2);
539 } else if (!p1) {
540 p = p2;
541 } else {
542 p = p1;
543 }
544 *p = '\0';
545
546 /* Now go back to the start of this component. */
547 p1 = strrchr_m(path_out, '/');
548 p2 = strrchr_m(path_out, '\\');
549 p = MAX(p1,p2);
550 if (p) {
551 *p = '\0';
552 }
553 }
554
555 /* Strip any trailing separator */
556
557 len = strlen(path_out);
558 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
559 path_out[len-1] = '\0';
560 }
561
562 return path_out;
563 }
564
565 /****************************************************************************
566 ****************************************************************************/
567
568 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
569 struct cli_state *cli,
570 const char *dir)
571 {
572 char path_sep = '\\';
573
574 /* Ensure the extrapath doesn't start with a separator. */
575 while (IS_DIRECTORY_SEP(*dir)) {
576 dir++;
577 }
578
579 if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
580 path_sep = '/';
581 }
582 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
583 path_sep,
584 smbXcli_conn_remote_name(cli->conn),
585 path_sep,
586 cli->share,
587 path_sep,
588 dir);
589 }
590
591 /********************************************************************
592 Get the dfs referral link.
593 ********************************************************************/
594
595 NTSTATUS cli_dfs_get_referral_ex(TALLOC_CTX *ctx,
596 struct cli_state *cli,
597 const char *path,
598 uint16_t max_referral_level,
599 struct client_dfs_referral **refs,
600 size_t *num_refs,
601 size_t *consumed)
602 {
603 unsigned int param_len = 0;
604 uint16_t recv_flags2;
605 uint8_t *param = NULL;
606 uint8_t *rdata = NULL;
607 char *p;
608 char *endp;
609 smb_ucs2_t *path_ucs;
610 char *consumed_path = NULL;
611 uint16_t consumed_ucs;
612 uint16_t num_referrals;
613 struct client_dfs_referral *referrals = NULL;
614 NTSTATUS status;
615 TALLOC_CTX *frame = talloc_stackframe();
616
617 *num_refs = 0;
618 *refs = NULL;
619
620 param = talloc_array(talloc_tos(), uint8_t, 2);
621 if (!param) {
622 status = NT_STATUS_NO_MEMORY;
623 goto out;
624 }
625 SSVAL(param, 0, max_referral_level);
626
627 param = trans2_bytes_push_str(param, smbXcli_conn_use_unicode(cli->conn),
628 path, strlen(path)+1,
629 NULL);
630 if (!param) {
631 status = NT_STATUS_NO_MEMORY;
632 goto out;
633 }
634 param_len = talloc_get_size(param);
635 path_ucs = (smb_ucs2_t *)&param[2];
636
637 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
638 DATA_BLOB in_input_buffer;
639 DATA_BLOB in_output_buffer = data_blob_null;
640 DATA_BLOB out_input_buffer = data_blob_null;
641 DATA_BLOB out_output_buffer = data_blob_null;
642
643 in_input_buffer.data = param;
644 in_input_buffer.length = param_len;
645
646 status = smb2cli_ioctl(cli->conn,
647 cli->timeout,
648 cli->smb2.session,
649 cli->smb2.tcon,
650 UINT64_MAX, /* in_fid_persistent */
651 UINT64_MAX, /* in_fid_volatile */
652 FSCTL_DFS_GET_REFERRALS,
653 0, /* in_max_input_length */
654 &in_input_buffer,
655 CLI_BUFFER_SIZE, /* in_max_output_length */
656 &in_output_buffer,
657 SMB2_IOCTL_FLAG_IS_FSCTL,
658 talloc_tos(),
659 &out_input_buffer,
660 &out_output_buffer);
661 if (!NT_STATUS_IS_OK(status)) {
662 goto out;
663 }
664
665 if (out_output_buffer.length < 4) {
666 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
667 goto out;
668 }
669
670 recv_flags2 = FLAGS2_UNICODE_STRINGS;
671 rdata = out_output_buffer.data;
672 endp = (char *)rdata + out_output_buffer.length;
673 } else {
674 unsigned int data_len = 0;
675 uint16_t setup[1];
676
677 SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);
678
679 status = cli_trans(talloc_tos(), cli, SMBtrans2,
680 NULL, 0xffff, 0, 0,
681 setup, 1, 0,
682 param, param_len, 2,
683 NULL, 0, CLI_BUFFER_SIZE,
684 &recv_flags2,
685 NULL, 0, NULL, /* rsetup */
686 NULL, 0, NULL,
687 &rdata, 4, &data_len);
688 if (!NT_STATUS_IS_OK(status)) {
689 goto out;
690 }
691
692 endp = (char *)rdata + data_len;
693 }
694
695 consumed_ucs = SVAL(rdata, 0);
696 num_referrals = SVAL(rdata, 2);
697
698 /* consumed_ucs is the number of bytes
699 * of the UCS2 path consumed not counting any
700 * terminating null. We need to convert
701 * back to unix charset and count again
702 * to get the number of bytes consumed from
703 * the incoming path. */
704
705 errno = 0;
706 if (pull_string_talloc(talloc_tos(),
707 NULL,
708 0,
709 &consumed_path,
710 path_ucs,
711 consumed_ucs,
712 STR_UNICODE) == 0) {
713 if (errno != 0) {
714 status = map_nt_error_from_unix(errno);
715 } else {
716 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
717 }
718 goto out;
719 }
720 if (consumed_path == NULL) {
721 status = map_nt_error_from_unix(errno);
722 goto out;
723 }
724 *consumed = strlen(consumed_path);
725
726 if (num_referrals != 0) {
727 uint16_t ref_version;
728 uint16_t ref_size;
729 int i;
730 uint16_t node_offset;
731
732 referrals = talloc_array(ctx, struct client_dfs_referral,
733 num_referrals);
734
735 if (!referrals) {
736 status = NT_STATUS_NO_MEMORY;
737 goto out;
738 }
739 /* start at the referrals array */
740
741 p = (char *)rdata+8;
742 for (i=0; i<num_referrals && p < endp; i++) {
743 if (p + 18 > endp) {
744 goto out;
745 }
746 ref_version = SVAL(p, 0);
747 ref_size = SVAL(p, 2);
748 node_offset = SVAL(p, 16);
749
750 if (ref_version != 3) {
751 p += ref_size;
752 continue;
753 }
754
755 referrals[i].proximity = SVAL(p, 8);
756 referrals[i].ttl = SVAL(p, 10);
757
758 if (p + node_offset > endp) {
759 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
760 goto out;
761 }
762 pull_string_talloc(referrals,
763 (const char *)rdata,
764 recv_flags2,
765 &referrals[i].dfspath,
766 p+node_offset,
767 PTR_DIFF(endp, p+node_offset),
768 STR_TERMINATE|STR_UNICODE);
769
770 if (!referrals[i].dfspath) {
771 status = map_nt_error_from_unix(errno);
772 goto out;
773 }
774 p += ref_size;
775 }
776 if (i < num_referrals) {
777 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
778 goto out;
779 }
780 }
781
782 *num_refs = num_referrals;
783 *refs = referrals;
784
785 out:
786
787 TALLOC_FREE(frame);
788 return status;
789 }
790
791 NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
792 struct cli_state *cli,
793 const char *path,
794 struct client_dfs_referral **refs,
795 size_t *num_refs,
796 size_t *consumed)
797 {
798 return cli_dfs_get_referral_ex(ctx,
799 cli,
800 path,
801 3,
802 refs, /* Max referral level we want */
803 num_refs,
804 consumed);
805 }
806
807 static bool cli_conn_have_dfs(struct cli_state *cli)
808 {
809 struct smbXcli_conn *conn = cli->conn;
810 struct smbXcli_tcon *tcon = NULL;
811 bool ok;
812
813 if (smbXcli_conn_protocol(conn) < PROTOCOL_SMB2_02) {
814 uint32_t capabilities = smb1cli_conn_capabilities(conn);
815
816 if ((capabilities & CAP_STATUS32) == 0) {
817 return false;
818 }
819 if ((capabilities & CAP_UNICODE) == 0) {
820 return false;
821 }
822
823 tcon = cli->smb1.tcon;
824 } else {
825 tcon = cli->smb2.tcon;
826 }
827
828 ok = smbXcli_tcon_is_dfs_share(tcon);
829 return ok;
830 }
831
832 /********************************************************************
833 ********************************************************************/
834 struct cli_dfs_path_split {
835 char *server;
836 char *share;
837 char *extrapath;
838 };
839
840 NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
841 const char *mountpt,
842 struct cli_credentials *creds,
843 struct cli_state *rootcli,
844 const char *path,
845 struct cli_state **targetcli,
846 char **pp_targetpath)
847 {
848 struct client_dfs_referral *refs = NULL;
849 size_t num_refs = 0;
850 size_t consumed = 0;
851 struct cli_state *cli_ipc = NULL;
852 char *dfs_path = NULL;
853 char *cleanpath = NULL;
854 char *extrapath = NULL;
855 int pathlen;
856 struct cli_state *newcli = NULL;
857 struct cli_state *ccli = NULL;
858 size_t count = 0;
859 char *newpath = NULL;
860 char *newmount = NULL;
861 char *ppath = NULL;
862 SMB_STRUCT_STAT sbuf;
863 uint32_t attributes;
864 NTSTATUS status;
865 struct smbXcli_tcon *target_tcon = NULL;
866 struct cli_dfs_path_split *dfs_refs = NULL;
867 bool ok;
868
869 if ( !rootcli || !path || !targetcli ) {
870 return NT_STATUS_INVALID_PARAMETER;
871 }
872
873 /*
874 * Avoid more than one leading directory separator
875 */
876 while (IS_DIRECTORY_SEP(path[0]) && IS_DIRECTORY_SEP(path[1])) {
877 path++;
878 }
879
880 ok = cli_conn_have_dfs(rootcli);
881 if (!ok) {
882 *targetcli = rootcli;
883 *pp_targetpath = talloc_strdup(ctx, path);
884 if (!*pp_targetpath) {
885 return NT_STATUS_NO_MEMORY;
886 }
887 return NT_STATUS_OK;
888 }
889
890 *targetcli = NULL;
891
892 /* Send a trans2_query_path_info to check for a referral. */
893
894 cleanpath = clean_path(ctx, path);
895 if (!cleanpath) {
896 return NT_STATUS_NO_MEMORY;
897 }
898
899 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
900 if (!dfs_path) {
901 return NT_STATUS_NO_MEMORY;
902 }
903
904 status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
905 if (NT_STATUS_IS_OK(status)) {
906 /* This is an ordinary path, just return it. */
907 *targetcli = rootcli;
908 *pp_targetpath = talloc_strdup(ctx, path);
909 if (!*pp_targetpath) {
910 return NT_STATUS_NO_MEMORY;
911 }
912 goto done;
913 }
914
915 /* Special case where client asked for a path that does not exist */
916
917 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
918 *targetcli = rootcli;
919 *pp_targetpath = talloc_strdup(ctx, path);
920 if (!*pp_targetpath) {
921 return NT_STATUS_NO_MEMORY;
922 }
923 goto done;
924 }
925
926 /* We got an error, check for DFS referral. */
927
928 if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
929 return status;
930 }
931
932 /* Check for the referral. */
933
934 status = cli_cm_open(ctx,
935 rootcli,
936 smbXcli_conn_remote_name(rootcli->conn),
937 "IPC$",
938 creds,
939 NULL, /* dest_ss not needed, we reuse the transport */
940 0,
941 0x20,
942 &cli_ipc);
943 if (!NT_STATUS_IS_OK(status)) {
944 return status;
945 }
946
947 status = cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
948 &num_refs, &consumed);
949 if (!NT_STATUS_IS_OK(status)) {
950 return status;
951 }
952
953 if (!num_refs || !refs[0].dfspath) {
954 return NT_STATUS_NOT_FOUND;
955 }
956
957 /*
958 * Bug#10123 - DFS referal entries can be provided in a random order,
959 * so check the connection cache for each item to avoid unnecessary
960 * reconnections.
961 */
962 dfs_refs = talloc_array(ctx, struct cli_dfs_path_split, num_refs);
963 if (dfs_refs == NULL) {
964 return NT_STATUS_NO_MEMORY;
965 }
966
967 for (count = 0; count < num_refs; count++) {
968 if (!split_dfs_path(dfs_refs, refs[count].dfspath,
969 &dfs_refs[count].server,
970 &dfs_refs[count].share,
971 &dfs_refs[count].extrapath)) {
972 TALLOC_FREE(dfs_refs);
973 return NT_STATUS_NOT_FOUND;
974 }
975
976 ccli = cli_cm_find(rootcli, dfs_refs[count].server,
977 dfs_refs[count].share);
978 if (ccli != NULL) {
979 extrapath = dfs_refs[count].extrapath;
980 *targetcli = ccli;
981 break;
982 }
983 }
984
985 /*
986 * If no cached connection was found, then connect to the first live
987 * referral server in the list.
988 */
989 for (count = 0; (ccli == NULL) && (count < num_refs); count++) {
990 /* Connect to the target server & share */
991 status = cli_cm_connect(ctx, rootcli,
992 dfs_refs[count].server,
993 dfs_refs[count].share,
994 creds,
995 NULL, /* dest_ss */
996 0, /* port */
997 0x20,
998 targetcli);
999 if (!NT_STATUS_IS_OK(status)) {
1000 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
1001 dfs_refs[count].server,
1002 dfs_refs[count].share);
1003 continue;
1004 } else {
1005 extrapath = dfs_refs[count].extrapath;
1006 break;
1007 }
1008 }
1009
1010 /* No available referral server for the connection */
1011 if (*targetcli == NULL) {
1012 TALLOC_FREE(dfs_refs);
1013 return status;
1014 }
1015
1016 /* Make sure to recreate the original string including any wildcards. */
1017
1018 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
1019 if (!dfs_path) {
1020 TALLOC_FREE(dfs_refs);
1021 return NT_STATUS_NO_MEMORY;
1022 }
1023 pathlen = strlen(dfs_path);
1024 consumed = MIN(pathlen, consumed);
1025 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
1026 if (!*pp_targetpath) {
1027 TALLOC_FREE(dfs_refs);
1028 return NT_STATUS_NO_MEMORY;
1029 }
1030 dfs_path[consumed] = '\0';
1031
1032 /*
1033 * *pp_targetpath is now the unconsumed part of the path.
1034 * dfs_path is now the consumed part of the path
1035 * (in \server\share\path format).
1036 */
1037
1038 if (extrapath && strlen(extrapath) > 0) {
1039 /* EMC Celerra NAS version 5.6.50 (at least) doesn't appear to */
1040 /* put the trailing \ on the path, so to be safe we put one in if needed */
1041 if (extrapath[strlen(extrapath)-1] != '\\' && **pp_targetpath != '\\') {
1042 *pp_targetpath = talloc_asprintf(ctx,
1043 "%s\\%s",
1044 extrapath,
1045 *pp_targetpath);
1046 } else {
1047 *pp_targetpath = talloc_asprintf(ctx,
1048 "%s%s",
1049 extrapath,
1050 *pp_targetpath);
1051 }
1052 if (!*pp_targetpath) {
1053 TALLOC_FREE(dfs_refs);
1054 return NT_STATUS_NO_MEMORY;
1055 }
1056 }
1057
1058 /* parse out the consumed mount path */
1059 /* trim off the \server\share\ */
1060
1061 ppath = dfs_path;
1062
1063 if (*ppath != '\\') {
1064 d_printf("cli_resolve_path: "
1065 "dfs_path (%s) not in correct format.\n",
1066 dfs_path );
1067 TALLOC_FREE(dfs_refs);
1068 return NT_STATUS_NOT_FOUND;
1069 }
1070
1071 ppath++; /* Now pointing at start of server name. */
1072
1073 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
1074 TALLOC_FREE(dfs_refs);
1075 return NT_STATUS_NOT_FOUND;
1076 }
1077
1078 ppath++; /* Now pointing at start of share name. */
1079
1080 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
1081 TALLOC_FREE(dfs_refs);
1082 return NT_STATUS_NOT_FOUND;
1083 }
1084
1085 ppath++; /* Now pointing at path component. */
1086
1087 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
1088 if (!newmount) {
1089 TALLOC_FREE(dfs_refs);
1090 return NT_STATUS_NOT_FOUND;
1091 }
1092
1093 /* Check for another dfs referral, note that we are not
1094 checking for loops here. */
1095
1096 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
1097 status = cli_resolve_path(ctx,
1098 newmount,
1099 creds,
1100 *targetcli,
1101 *pp_targetpath,
1102 &newcli,
1103 &newpath);
1104 if (NT_STATUS_IS_OK(status)) {
1105 /*
1106 * When cli_resolve_path returns true here it's always
1107 * returning the complete path in newpath, so we're done
1108 * here.
1109 */
1110 *targetcli = newcli;
1111 *pp_targetpath = newpath;
1112 TALLOC_FREE(dfs_refs);
1113 return status;
1114 }
1115 }
1116
1117 done:
1118
1119 if (smbXcli_conn_protocol((*targetcli)->conn) >= PROTOCOL_SMB2_02) {
1120 target_tcon = (*targetcli)->smb2.tcon;
1121 } else {
1122 target_tcon = (*targetcli)->smb1.tcon;
1123 }
1124
1125 /* If returning true ensure we return a dfs root full path. */
1126 if (smbXcli_tcon_is_dfs_share(target_tcon)) {
1127 dfs_path = talloc_strdup(ctx, *pp_targetpath);
1128 if (!dfs_path) {
1129 TALLOC_FREE(dfs_refs);
1130 return NT_STATUS_NO_MEMORY;
1131 }
1132 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
1133 if (*pp_targetpath == NULL) {
1134 TALLOC_FREE(dfs_refs);
1135 return NT_STATUS_NO_MEMORY;
1136 }
1137 }
1138
1139 TALLOC_FREE(dfs_refs);
1140 return NT_STATUS_OK;
1141 }
1142
1143 /********************************************************************
1144 ********************************************************************/
1145
1146 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1147 struct cli_state *cli,
1148 const char *sharename,
1149 char **pp_newserver,
1150 char **pp_newshare,
1151 struct cli_credentials *creds)
1152 {
1153 struct client_dfs_referral *refs = NULL;
1154 size_t num_refs = 0;
1155 size_t consumed = 0;
1156 char *fullpath = NULL;
1157 bool res;
1158 struct smbXcli_tcon *orig_tcon = NULL;
1159 char *newextrapath = NULL;
1160 NTSTATUS status;
1161 const char *remote_name;
1162 enum smb_encryption_setting encryption_state =
1163 cli_credentials_get_smb_encryption(creds);
1164
1165 if (!cli || !sharename) {
1166 return false;
1167 }
1168
1169 remote_name = smbXcli_conn_remote_name(cli->conn);
1170
1171 /* special case. never check for a referral on the IPC$ share */
1172
1173 if (strequal(sharename, "IPC$")) {
1174 return false;
1175 }
1176
1177 /* send a trans2_query_path_info to check for a referral */
1178
1179 fullpath = talloc_asprintf(ctx, "\\%s\\%s", remote_name, sharename);
1180 if (!fullpath) {
1181 return false;
1182 }
1183
1184 /* Store tcon state. */
1185 if (cli_state_has_tcon(cli)) {
1186 orig_tcon = cli_state_save_tcon(cli);
1187 if (orig_tcon == NULL) {
1188 return false;
1189 }
1190 }
1191
1192 /* check for the referral */
1193
1194 if (!NT_STATUS_IS_OK(cli_tree_connect(cli, "IPC$", "IPC", NULL))) {
1195 cli_state_restore_tcon(cli, orig_tcon);
1196 return false;
1197 }
1198
1199 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
1200 status = cli_cm_force_encryption_creds(cli, creds, "IPC$");
1201 if (!NT_STATUS_IS_OK(status)) {
1202 switch (encryption_state) {
1203 case SMB_ENCRYPTION_DESIRED:
1204 break;
1205 case SMB_ENCRYPTION_REQUIRED:
1206 default:
1207 /*
1208 * Failed to set up encryption.
1209 * Disconnect the temporary IPC$
1210 * tcon before restoring the original
1211 * tcon so we don't leak it.
1212 */
1213 cli_tdis(cli);
1214 cli_state_restore_tcon(cli, orig_tcon);
1215 return false;
1216 }
1217 }
1218 }
1219
1220 status = cli_dfs_get_referral(ctx, cli, fullpath, &refs,
1221 &num_refs, &consumed);
1222 res = NT_STATUS_IS_OK(status);
1223
1224 status = cli_tdis(cli);
1225
1226 cli_state_restore_tcon(cli, orig_tcon);
1227
1228 if (!NT_STATUS_IS_OK(status)) {
1229 return false;
1230 }
1231
1232 if (!res || !num_refs) {
1233 return false;
1234 }
1235
1236 if (!refs[0].dfspath) {
1237 return false;
1238 }
1239
1240 if (!split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1241 pp_newshare, &newextrapath)) {
1242 return false;
1243 }
1244
1245 /* check that this is not a self-referral */
1246
1247 if (strequal(remote_name, *pp_newserver) &&
1248 strequal(sharename, *pp_newshare)) {
1249 return false;
1250 }
1251
1252 return true;
1253 }
1254
1255 /********************************************************************
1256 Windows and NetApp (and arguably the SMB1/2/3 specs) expect a non-DFS
1257 path for the targets of rename and hardlink. If we have been given
1258 a DFS path for these calls, convert it back into a local path by
1259 stripping off the DFS prefix.
1260 ********************************************************************/
1261
1262 NTSTATUS cli_dfs_target_check(TALLOC_CTX *mem_ctx,
1263 struct cli_state *cli,
1264 const char *fname_src,
1265 const char *fname_dst,
1266 const char **fname_dst_out)
1267 {
1268 char *dfs_prefix = NULL;
1269 size_t prefix_len = 0;
1270 struct smbXcli_tcon *tcon = NULL;
1271
1272 if (!smbXcli_conn_dfs_supported(cli->conn)) {
1273 goto copy_fname_out;
1274 }
1275 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
1276 tcon = cli->smb2.tcon;
1277 } else {
1278 tcon = cli->smb1.tcon;
1279 }
1280 if (!smbXcli_tcon_is_dfs_share(tcon)) {
1281 goto copy_fname_out;
1282 }
1283 dfs_prefix = cli_dfs_make_full_path(mem_ctx, cli, "");
1284 if (dfs_prefix == NULL) {
1285 return NT_STATUS_NO_MEMORY;
1286 }
1287 prefix_len = strlen(dfs_prefix);
1288 if (strncmp(fname_dst, dfs_prefix, prefix_len) != 0) {
1289 /*
1290 * Prefix doesn't match. Assume it was
1291 * already stripped or not added in the
1292 * first place.
1293 */
1294 goto copy_fname_out;
1295 }
1296 /* Return the trailing name after the prefix. */
1297 *fname_dst_out = &fname_dst[prefix_len];
1298 TALLOC_FREE(dfs_prefix);
1299 return NT_STATUS_OK;
1300
1301 copy_fname_out:
1302
1303 /*
1304 * No change to the destination name. Just
1305 * point it at the incoming destination name.
1306 */
1307 *fname_dst_out = fname_dst;
1308 TALLOC_FREE(dfs_prefix);
1309 return NT_STATUS_OK;
1310 }
Samba GIT mirror