search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
upgradeprovision: never use xattr it's pointless in this usecase
[Samba/ekacnet.git] / source3 / libsmb / clidfs.c
blob99f52f4ca7b2eaf540eb9db2aac06c871910753a
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 /********************************************************************
25 Important point.
26
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
29
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
34
35 /********************************************************************
36 Ensure a connection is encrypted.
37 ********************************************************************/
38
39 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
40 const char *username,
41 const char *password,
42 const char *domain,
43 const char *sharename)
44 {
45 NTSTATUS status = cli_force_encryption(c,
46 username,
47 password,
48 domain);
49
50 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
51 d_printf("Encryption required and "
52 "server that doesn't support "
53 "UNIX extensions - failing connect\n");
54 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
55 d_printf("Encryption required and "
56 "can't get UNIX CIFS extensions "
57 "version from server.\n");
58 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
59 d_printf("Encryption required and "
60 "share %s doesn't support "
61 "encryption.\n", sharename);
62 } else if (!NT_STATUS_IS_OK(status)) {
63 d_printf("Encryption required and "
64 "setup failed with error %s.\n",
65 nt_errstr(status));
66 }
67
68 return status;
69 }
70
71 /********************************************************************
72 Return a connection to a server.
73 ********************************************************************/
74
75 static struct cli_state *do_connect(TALLOC_CTX *ctx,
76 const char *server,
77 const char *share,
78 const struct user_auth_info *auth_info,
79 bool show_sessetup,
80 bool force_encrypt,
81 int max_protocol,
82 int port,
83 int name_type)
84 {
85 struct cli_state *c = NULL;
86 struct nmb_name called, calling;
87 const char *called_str;
88 const char *server_n;
89 struct sockaddr_storage ss;
90 char *servicename;
91 char *sharename;
92 char *newserver, *newshare;
93 const char *username;
94 const char *password;
95 NTSTATUS status;
96
97 /* make a copy so we don't modify the global string 'service' */
98 servicename = talloc_strdup(ctx,share);
99 if (!servicename) {
100 return NULL;
101 }
102 sharename = servicename;
103 if (*sharename == '\\') {
104 sharename += 2;
105 called_str = sharename;
106 if (server == NULL) {
107 server = sharename;
108 }
109 sharename = strchr_m(sharename,'\\');
110 if (!sharename) {
111 return NULL;
112 }
113 *sharename = 0;
114 sharename++;
115 } else {
116 called_str = server;
117 }
118
119 server_n = server;
120
121 zero_sockaddr(&ss);
122
123 make_nmb_name(&calling, global_myname(), 0x0);
124 make_nmb_name(&called , called_str, name_type);
125
126 again:
127 zero_sockaddr(&ss);
128
129 /* have to open a new connection */
130 if (!(c=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)))) {
131 d_printf("Connection to %s failed\n", server_n);
132 if (c) {
133 cli_shutdown(c);
134 }
135 return NULL;
136 }
137 if (port) {
138 cli_set_port(c, port);
139 }
140
141 status = cli_connect(c, server_n, &ss);
142 if (!NT_STATUS_IS_OK(status)) {
143 d_printf("Connection to %s failed (Error %s)\n",
144 server_n,
145 nt_errstr(status));
146 cli_shutdown(c);
147 return NULL;
148 }
149
150 if (max_protocol == 0) {
151 max_protocol = PROTOCOL_NT1;
152 }
153 c->protocol = max_protocol;
154 c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
155 c->fallback_after_kerberos =
156 get_cmdline_auth_info_fallback_after_kerberos(auth_info);
157
158 if (!cli_session_request(c, &calling, &called)) {
159 char *p;
160 d_printf("session request to %s failed (%s)\n",
161 called.name, cli_errstr(c));
162 cli_shutdown(c);
163 c = NULL;
164 if ((p=strchr_m(called.name, '.'))) {
165 *p = 0;
166 goto again;
167 }
168 if (strcmp(called.name, "*SMBSERVER")) {
169 make_nmb_name(&called , "*SMBSERVER", 0x20);
170 goto again;
171 }
172 return NULL;
173 }
174
175 DEBUG(4,(" session request ok\n"));
176
177 status = cli_negprot(c);
178
179 if (!NT_STATUS_IS_OK(status)) {
180 d_printf("protocol negotiation failed: %s\n",
181 nt_errstr(status));
182 cli_shutdown(c);
183 return NULL;
184 }
185
186 username = get_cmdline_auth_info_username(auth_info);
187 password = get_cmdline_auth_info_password(auth_info);
188
189 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
190 password, strlen(password),
191 password, strlen(password),
192 lp_workgroup()))) {
193 /* If a password was not supplied then
194 * try again with a null username. */
195 if (password[0] || !username[0] ||
196 get_cmdline_auth_info_use_kerberos(auth_info) ||
197 !NT_STATUS_IS_OK(cli_session_setup(c, "",
198 "", 0,
199 "", 0,
200 lp_workgroup()))) {
201 d_printf("session setup failed: %s\n", cli_errstr(c));
202 if (NT_STATUS_V(cli_nt_error(c)) ==
203 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
204 d_printf("did you forget to run kinit?\n");
205 cli_shutdown(c);
206 return NULL;
207 }
208 d_printf("Anonymous login successful\n");
209 status = cli_init_creds(c, "", lp_workgroup(), "");
210 } else {
211 status = cli_init_creds(c, username, lp_workgroup(), password);
212 }
213
214 if (!NT_STATUS_IS_OK(status)) {
215 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
216 cli_shutdown(c);
217 return NULL;
218 }
219
220 if ( show_sessetup ) {
221 if (*c->server_domain) {
222 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
223 c->server_domain,c->server_os,c->server_type));
224 } else if (*c->server_os || *c->server_type) {
225 DEBUG(0,("OS=[%s] Server=[%s]\n",
226 c->server_os,c->server_type));
227 }
228 }
229 DEBUG(4,(" session setup ok\n"));
230
231 /* here's the fun part....to support 'msdfs proxy' shares
232 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
233 here before trying to connect to the original share.
234 cli_check_msdfs_proxy() will fail if it is a normal share. */
235
236 if ((c->capabilities & CAP_DFS) &&
237 cli_check_msdfs_proxy(ctx, c, sharename,
238 &newserver, &newshare,
239 force_encrypt,
240 username,
241 password,
242 lp_workgroup())) {
243 cli_shutdown(c);
244 return do_connect(ctx, newserver,
245 newshare, auth_info, false,
246 force_encrypt, max_protocol,
247 port, name_type);
248 }
249
250 /* must be a normal share */
251
252 status = cli_tcon_andx(c, sharename, "?????",
253 password, strlen(password)+1);
254 if (!NT_STATUS_IS_OK(status)) {
255 d_printf("tree connect failed: %s\n", nt_errstr(status));
256 cli_shutdown(c);
257 return NULL;
258 }
259
260 if (force_encrypt) {
261 status = cli_cm_force_encryption(c,
262 username,
263 password,
264 lp_workgroup(),
265 sharename);
266 if (!NT_STATUS_IS_OK(status)) {
267 cli_shutdown(c);
268 return NULL;
269 }
270 }
271
272 DEBUG(4,(" tconx ok\n"));
273 return c;
274 }
275
276 /****************************************************************************
277 ****************************************************************************/
278
279 static void cli_set_mntpoint(struct cli_state *cli, const char *mnt)
280 {
281 char *name = clean_name(NULL, mnt);
282 if (!name) {
283 return;
284 }
285 TALLOC_FREE(cli->dfs_mountpoint);
286 cli->dfs_mountpoint = talloc_strdup(cli, name);
287 TALLOC_FREE(name);
288 }
289
290 /********************************************************************
291 Add a new connection to the list.
292 referring_cli == NULL means a new initial connection.
293 ********************************************************************/
294
295 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
296 struct cli_state *referring_cli,
297 const char *server,
298 const char *share,
299 const struct user_auth_info *auth_info,
300 bool show_hdr,
301 bool force_encrypt,
302 int max_protocol,
303 int port,
304 int name_type)
305 {
306 struct cli_state *cli;
307
308 cli = do_connect(ctx, server, share,
309 auth_info,
310 show_hdr, force_encrypt, max_protocol,
311 port, name_type);
312
313 if (!cli ) {
314 return NULL;
315 }
316
317 /* Enter into the list. */
318 if (referring_cli) {
319 DLIST_ADD_END(referring_cli, cli, struct cli_state *);
320 }
321
322 if (referring_cli && referring_cli->posix_capabilities) {
323 uint16 major, minor;
324 uint32 caplow, caphigh;
325 NTSTATUS status;
326 status = cli_unix_extensions_version(cli, &major, &minor,
327 &caplow, &caphigh);
328 if (NT_STATUS_IS_OK(status)) {
329 cli_set_unix_extensions_capabilities(cli,
330 major, minor,
331 caplow, caphigh);
332 }
333 }
334
335 return cli;
336 }
337
338 /********************************************************************
339 Return a connection to a server on a particular share.
340 ********************************************************************/
341
342 static struct cli_state *cli_cm_find(struct cli_state *cli,
343 const char *server,
344 const char *share)
345 {
346 struct cli_state *p;
347
348 if (cli == NULL) {
349 return NULL;
350 }
351
352 /* Search to the start of the list. */
353 for (p = cli; p; p = p->prev) {
354 if (strequal(server, p->desthost) &&
355 strequal(share,p->share)) {
356 return p;
357 }
358 }
359
360 /* Search to the end of the list. */
361 for (p = cli->next; p; p = p->next) {
362 if (strequal(server, p->desthost) &&
363 strequal(share,p->share)) {
364 return p;
365 }
366 }
367
368 return NULL;
369 }
370
371 /****************************************************************************
372 Open a client connection to a \\server\share.
373 ****************************************************************************/
374
375 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
376 struct cli_state *referring_cli,
377 const char *server,
378 const char *share,
379 const struct user_auth_info *auth_info,
380 bool show_hdr,
381 bool force_encrypt,
382 int max_protocol,
383 int port,
384 int name_type)
385 {
386 /* Try to reuse an existing connection in this list. */
387 struct cli_state *c = cli_cm_find(referring_cli, server, share);
388
389 if (c) {
390 return c;
391 }
392
393 if (auth_info == NULL) {
394 /* Can't do a new connection
395 * without auth info. */
396 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
397 "without auth info\n",
398 server, share );
399 return NULL;
400 }
401
402 return cli_cm_connect(ctx,
403 referring_cli,
404 server,
405 share,
406 auth_info,
407 show_hdr,
408 force_encrypt,
409 max_protocol,
410 port,
411 name_type);
412 }
413
414 /****************************************************************************
415 ****************************************************************************/
416
417 void cli_cm_display(const struct cli_state *cli)
418 {
419 int i;
420
421 for (i=0; cli; cli = cli->next,i++ ) {
422 d_printf("%d:\tserver=%s, share=%s\n",
423 i, cli->desthost, cli->share );
424 }
425 }
426
427 /****************************************************************************
428 ****************************************************************************/
429
430 /****************************************************************************
431 ****************************************************************************/
432
433 #if 0
434 void cli_cm_set_credentials(struct user_auth_info *auth_info)
435 {
436 SAFE_FREE(cm_creds.username);
437 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
438 auth_info));
439
440 if (get_cmdline_auth_info_got_pass(auth_info)) {
441 cm_set_password(get_cmdline_auth_info_password(auth_info));
442 }
443
444 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
445 cm_creds.fallback_after_kerberos = false;
446 cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
447 }
448 #endif
449
450 /**********************************************************************
451 split a dfs path into the server, share name, and extrapath components
452 **********************************************************************/
453
454 static void split_dfs_path(TALLOC_CTX *ctx,
455 const char *nodepath,
456 char **pp_server,
457 char **pp_share,
458 char **pp_extrapath)
459 {
460 char *p, *q;
461 char *path;
462
463 *pp_server = NULL;
464 *pp_share = NULL;
465 *pp_extrapath = NULL;
466
467 path = talloc_strdup(ctx, nodepath);
468 if (!path) {
469 return;
470 }
471
472 if ( path[0] != '\\' ) {
473 return;
474 }
475
476 p = strchr_m( path + 1, '\\' );
477 if ( !p ) {
478 return;
479 }
480
481 *p = '\0';
482 p++;
483
484 /* Look for any extra/deep path */
485 q = strchr_m(p, '\\');
486 if (q != NULL) {
487 *q = '\0';
488 q++;
489 *pp_extrapath = talloc_strdup(ctx, q);
490 } else {
491 *pp_extrapath = talloc_strdup(ctx, "");
492 }
493
494 *pp_share = talloc_strdup(ctx, p);
495 *pp_server = talloc_strdup(ctx, &path[1]);
496 }
497
498 /****************************************************************************
499 Return the original path truncated at the directory component before
500 the first wildcard character. Trust the caller to provide a NULL
501 terminated string
502 ****************************************************************************/
503
504 static char *clean_path(TALLOC_CTX *ctx, const char *path)
505 {
506 size_t len;
507 char *p1, *p2, *p;
508 char *path_out;
509
510 /* No absolute paths. */
511 while (IS_DIRECTORY_SEP(*path)) {
512 path++;
513 }
514
515 path_out = talloc_strdup(ctx, path);
516 if (!path_out) {
517 return NULL;
518 }
519
520 p1 = strchr_m(path_out, '*');
521 p2 = strchr_m(path_out, '?');
522
523 if (p1 || p2) {
524 if (p1 && p2) {
525 p = MIN(p1,p2);
526 } else if (!p1) {
527 p = p2;
528 } else {
529 p = p1;
530 }
531 *p = '\0';
532
533 /* Now go back to the start of this component. */
534 p1 = strrchr_m(path_out, '/');
535 p2 = strrchr_m(path_out, '\\');
536 p = MAX(p1,p2);
537 if (p) {
538 *p = '\0';
539 }
540 }
541
542 /* Strip any trailing separator */
543
544 len = strlen(path_out);
545 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
546 path_out[len-1] = '\0';
547 }
548
549 return path_out;
550 }
551
552 /****************************************************************************
553 ****************************************************************************/
554
555 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
556 struct cli_state *cli,
557 const char *dir)
558 {
559 char path_sep = '\\';
560
561 /* Ensure the extrapath doesn't start with a separator. */
562 while (IS_DIRECTORY_SEP(*dir)) {
563 dir++;
564 }
565
566 if (cli->posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
567 path_sep = '/';
568 }
569 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
570 path_sep,
571 cli->desthost,
572 path_sep,
573 cli->share,
574 path_sep,
575 dir);
576 }
577
578 /********************************************************************
579 check for dfs referral
580 ********************************************************************/
581
582 static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
583 {
584 uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
585
586 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
587
588 if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
589 (flgs2&FLAGS2_UNICODE_STRINGS)))
590 return false;
591
592 if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
593 return true;
594
595 return false;
596 }
597
598 /********************************************************************
599 Get the dfs referral link.
600 ********************************************************************/
601
602 bool cli_dfs_get_referral(TALLOC_CTX *ctx,
603 struct cli_state *cli,
604 const char *path,
605 struct client_dfs_referral **refs,
606 size_t *num_refs,
607 size_t *consumed)
608 {
609 unsigned int data_len = 0;
610 unsigned int param_len = 0;
611 uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
612 char *param = NULL;
613 char *rparam=NULL, *rdata=NULL;
614 char *p;
615 char *endp;
616 size_t pathlen = 2*(strlen(path)+1);
617 smb_ucs2_t *path_ucs;
618 char *consumed_path = NULL;
619 uint16_t consumed_ucs;
620 uint16 num_referrals;
621 struct client_dfs_referral *referrals = NULL;
622 bool ret = false;
623
624 *num_refs = 0;
625 *refs = NULL;
626
627 param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
628 if (!param) {
629 goto out;
630 }
631 SSVAL(param, 0, 0x03); /* max referral level */
632 p = &param[2];
633
634 path_ucs = (smb_ucs2_t *)p;
635 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
636 param_len = PTR_DIFF(p, param);
637
638 if (!cli_send_trans(cli, SMBtrans2,
639 NULL, /* name */
640 -1, 0, /* fid, flags */
641 &setup, 1, 0, /* setup, length, max */
642 param, param_len, 2, /* param, length, max */
643 NULL, 0, cli->max_xmit /* data, length, max */
644 )) {
645 goto out;
646 }
647
648 if (!cli_receive_trans(cli, SMBtrans2,
649 &rparam, &param_len,
650 &rdata, &data_len)) {
651 goto out;
652 }
653
654 if (data_len < 4) {
655 goto out;
656 }
657
658 endp = rdata + data_len;
659
660 consumed_ucs = SVAL(rdata, 0);
661 num_referrals = SVAL(rdata, 2);
662
663 /* consumed_ucs is the number of bytes
664 * of the UCS2 path consumed not counting any
665 * terminating null. We need to convert
666 * back to unix charset and count again
667 * to get the number of bytes consumed from
668 * the incoming path. */
669
670 if (pull_string_talloc(talloc_tos(),
671 NULL,
672 0,
673 &consumed_path,
674 path_ucs,
675 consumed_ucs,
676 STR_UNICODE) == 0) {
677 goto out;
678 }
679 if (consumed_path == NULL) {
680 goto out;
681 }
682 *consumed = strlen(consumed_path);
683
684 if (num_referrals != 0) {
685 uint16 ref_version;
686 uint16 ref_size;
687 int i;
688 uint16 node_offset;
689
690 referrals = talloc_array(ctx, struct client_dfs_referral,
691 num_referrals);
692
693 if (!referrals) {
694 goto out;
695 }
696 /* start at the referrals array */
697
698 p = rdata+8;
699 for (i=0; i<num_referrals && p < endp; i++) {
700 if (p + 18 > endp) {
701 goto out;
702 }
703 ref_version = SVAL(p, 0);
704 ref_size = SVAL(p, 2);
705 node_offset = SVAL(p, 16);
706
707 if (ref_version != 3) {
708 p += ref_size;
709 continue;
710 }
711
712 referrals[i].proximity = SVAL(p, 8);
713 referrals[i].ttl = SVAL(p, 10);
714
715 if (p + node_offset > endp) {
716 goto out;
717 }
718 clistr_pull_talloc(ctx, cli->inbuf,
719 &referrals[i].dfspath,
720 p+node_offset, -1,
721 STR_TERMINATE|STR_UNICODE);
722
723 if (!referrals[i].dfspath) {
724 goto out;
725 }
726 p += ref_size;
727 }
728 if (i < num_referrals) {
729 goto out;
730 }
731 }
732
733 ret = true;
734
735 *num_refs = num_referrals;
736 *refs = referrals;
737
738 out:
739
740 TALLOC_FREE(consumed_path);
741 SAFE_FREE(param);
742 SAFE_FREE(rdata);
743 SAFE_FREE(rparam);
744 return ret;
745 }
746
747 /********************************************************************
748 ********************************************************************/
749
750 bool cli_resolve_path(TALLOC_CTX *ctx,
751 const char *mountpt,
752 const struct user_auth_info *dfs_auth_info,
753 struct cli_state *rootcli,
754 const char *path,
755 struct cli_state **targetcli,
756 char **pp_targetpath)
757 {
758 struct client_dfs_referral *refs = NULL;
759 size_t num_refs = 0;
760 size_t consumed = 0;
761 struct cli_state *cli_ipc = NULL;
762 char *dfs_path = NULL;
763 char *cleanpath = NULL;
764 char *extrapath = NULL;
765 int pathlen;
766 char *server = NULL;
767 char *share = NULL;
768 struct cli_state *newcli = NULL;
769 char *newpath = NULL;
770 char *newmount = NULL;
771 char *ppath = NULL;
772 SMB_STRUCT_STAT sbuf;
773 uint32 attributes;
774
775 if ( !rootcli || !path || !targetcli ) {
776 return false;
777 }
778
779 /* Don't do anything if this is not a DFS root. */
780
781 if ( !rootcli->dfsroot) {
782 *targetcli = rootcli;
783 *pp_targetpath = talloc_strdup(ctx, path);
784 if (!*pp_targetpath) {
785 return false;
786 }
787 return true;
788 }
789
790 *targetcli = NULL;
791
792 /* Send a trans2_query_path_info to check for a referral. */
793
794 cleanpath = clean_path(ctx, path);
795 if (!cleanpath) {
796 return false;
797 }
798
799 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
800 if (!dfs_path) {
801 return false;
802 }
803
804 if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
805 /* This is an ordinary path, just return it. */
806 *targetcli = rootcli;
807 *pp_targetpath = talloc_strdup(ctx, path);
808 if (!*pp_targetpath) {
809 return false;
810 }
811 goto done;
812 }
813
814 /* Special case where client asked for a path that does not exist */
815
816 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
817 *targetcli = rootcli;
818 *pp_targetpath = talloc_strdup(ctx, path);
819 if (!*pp_targetpath) {
820 return false;
821 }
822 goto done;
823 }
824
825 /* We got an error, check for DFS referral. */
826
827 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
828 return false;
829 }
830
831 /* Check for the referral. */
832
833 if (!(cli_ipc = cli_cm_open(ctx,
834 rootcli,
835 rootcli->desthost,
836 "IPC$",
837 dfs_auth_info,
838 false,
839 (rootcli->trans_enc_state != NULL),
840 rootcli->protocol,
841 0,
842 0x20))) {
843 return false;
844 }
845
846 if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
847 &num_refs, &consumed) || !num_refs) {
848 return false;
849 }
850
851 /* Just store the first referral for now. */
852
853 if (!refs[0].dfspath) {
854 return false;
855 }
856 split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
857
858 if (!server || !share) {
859 return false;
860 }
861
862 /* Make sure to recreate the original string including any wildcards. */
863
864 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
865 if (!dfs_path) {
866 return false;
867 }
868 pathlen = strlen(dfs_path);
869 consumed = MIN(pathlen, consumed);
870 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
871 if (!*pp_targetpath) {
872 return false;
873 }
874 dfs_path[consumed] = '\0';
875
876 /*
877 * *pp_targetpath is now the unconsumed part of the path.
878 * dfs_path is now the consumed part of the path
879 * (in \server\share\path format).
880 */
881
882 /* Open the connection to the target server & share */
883 if ((*targetcli = cli_cm_open(ctx, rootcli,
884 server,
885 share,
886 dfs_auth_info,
887 false,
888 (rootcli->trans_enc_state != NULL),
889 rootcli->protocol,
890 0,
891 0x20)) == NULL) {
892 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
893 server, share );
894 return false;
895 }
896
897 if (extrapath && strlen(extrapath) > 0) {
898 *pp_targetpath = talloc_asprintf(ctx,
899 "%s%s",
900 extrapath,
901 *pp_targetpath);
902 if (!*pp_targetpath) {
903 return false;
904 }
905 }
906
907 /* parse out the consumed mount path */
908 /* trim off the \server\share\ */
909
910 ppath = dfs_path;
911
912 if (*ppath != '\\') {
913 d_printf("cli_resolve_path: "
914 "dfs_path (%s) not in correct format.\n",
915 dfs_path );
916 return false;
917 }
918
919 ppath++; /* Now pointing at start of server name. */
920
921 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
922 return false;
923 }
924
925 ppath++; /* Now pointing at start of share name. */
926
927 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
928 return false;
929 }
930
931 ppath++; /* Now pointing at path component. */
932
933 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
934 if (!newmount) {
935 return false;
936 }
937
938 cli_set_mntpoint(*targetcli, newmount);
939
940 /* Check for another dfs referral, note that we are not
941 checking for loops here. */
942
943 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
944 if (cli_resolve_path(ctx,
945 newmount,
946 dfs_auth_info,
947 *targetcli,
948 *pp_targetpath,
949 &newcli,
950 &newpath)) {
951 /*
952 * When cli_resolve_path returns true here it's always
953 * returning the complete path in newpath, so we're done
954 * here.
955 */
956 *targetcli = newcli;
957 *pp_targetpath = newpath;
958 return true;
959 }
960 }
961
962 done:
963
964 /* If returning true ensure we return a dfs root full path. */
965 if ((*targetcli)->dfsroot) {
966 dfs_path = talloc_strdup(ctx, *pp_targetpath);
967 if (!dfs_path) {
968 return false;
969 }
970 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
971 }
972
973 return true;
974 }
975
976 /********************************************************************
977 ********************************************************************/
978
979 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
980 struct cli_state *cli,
981 const char *sharename,
982 char **pp_newserver,
983 char **pp_newshare,
984 bool force_encrypt,
985 const char *username,
986 const char *password,
987 const char *domain)
988 {
989 struct client_dfs_referral *refs = NULL;
990 size_t num_refs = 0;
991 size_t consumed = 0;
992 char *fullpath = NULL;
993 bool res;
994 uint16 cnum;
995 char *newextrapath = NULL;
996 NTSTATUS status;
997
998 if (!cli || !sharename) {
999 return false;
1000 }
1001
1002 cnum = cli->cnum;
1003
1004 /* special case. never check for a referral on the IPC$ share */
1005
1006 if (strequal(sharename, "IPC$")) {
1007 return false;
1008 }
1009
1010 /* send a trans2_query_path_info to check for a referral */
1011
1012 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1013 if (!fullpath) {
1014 return false;
1015 }
1016
1017 /* check for the referral */
1018
1019 if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
1020 return false;
1021 }
1022
1023 if (force_encrypt) {
1024 status = cli_cm_force_encryption(cli,
1025 username,
1026 password,
1027 lp_workgroup(),
1028 "IPC$");
1029 if (!NT_STATUS_IS_OK(status)) {
1030 return false;
1031 }
1032 }
1033
1034 res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1035
1036 status = cli_tdis(cli);
1037 if (!NT_STATUS_IS_OK(status)) {
1038 return false;
1039 }
1040
1041 cli->cnum = cnum;
1042
1043 if (!res || !num_refs) {
1044 return false;
1045 }
1046
1047 if (!refs[0].dfspath) {
1048 return false;
1049 }
1050
1051 split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1052 pp_newshare, &newextrapath );
1053
1054 if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
1055 return false;
1056 }
1057
1058 /* check that this is not a self-referral */
1059
1060 if (strequal(cli->desthost, *pp_newserver) &&
1061 strequal(sharename, *pp_newshare)) {
1062 return false;
1063 }
1064
1065 return true;
1066 }