2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /********************************************************************
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
35 /********************************************************************
36 Ensure a connection is encrypted.
37 ********************************************************************/
39 NTSTATUS
cli_cm_force_encryption(struct cli_state
*c
,
43 const char *sharename
)
45 NTSTATUS status
= cli_force_encryption(c
,
50 if (NT_STATUS_EQUAL(status
,NT_STATUS_NOT_SUPPORTED
)) {
51 d_printf("Encryption required and "
52 "server that doesn't support "
53 "UNIX extensions - failing connect\n");
54 } else if (NT_STATUS_EQUAL(status
,NT_STATUS_UNKNOWN_REVISION
)) {
55 d_printf("Encryption required and "
56 "can't get UNIX CIFS extensions "
57 "version from server.\n");
58 } else if (NT_STATUS_EQUAL(status
,NT_STATUS_UNSUPPORTED_COMPRESSION
)) {
59 d_printf("Encryption required and "
60 "share %s doesn't support "
61 "encryption.\n", sharename
);
62 } else if (!NT_STATUS_IS_OK(status
)) {
63 d_printf("Encryption required and "
64 "setup failed with error %s.\n",
71 /********************************************************************
72 Return a connection to a server.
73 ********************************************************************/
75 static struct cli_state
*do_connect(TALLOC_CTX
*ctx
,
78 const struct user_auth_info
*auth_info
,
85 struct cli_state
*c
= NULL
;
86 struct nmb_name called
, calling
;
87 const char *called_str
;
89 struct sockaddr_storage ss
;
92 char *newserver
, *newshare
;
97 /* make a copy so we don't modify the global string 'service' */
98 servicename
= talloc_strdup(ctx
,share
);
102 sharename
= servicename
;
103 if (*sharename
== '\\') {
105 called_str
= sharename
;
106 if (server
== NULL
) {
109 sharename
= strchr_m(sharename
,'\\');
123 make_nmb_name(&calling
, global_myname(), 0x0);
124 make_nmb_name(&called
, called_str
, name_type
);
129 /* have to open a new connection */
130 if (!(c
=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info
)))) {
131 d_printf("Connection to %s failed\n", server_n
);
138 cli_set_port(c
, port
);
141 status
= cli_connect(c
, server_n
, &ss
);
142 if (!NT_STATUS_IS_OK(status
)) {
143 d_printf("Connection to %s failed (Error %s)\n",
150 if (max_protocol
== 0) {
151 max_protocol
= PROTOCOL_NT1
;
153 c
->protocol
= max_protocol
;
154 c
->use_kerberos
= get_cmdline_auth_info_use_kerberos(auth_info
);
155 c
->fallback_after_kerberos
=
156 get_cmdline_auth_info_fallback_after_kerberos(auth_info
);
157 c
->use_ccache
= get_cmdline_auth_info_use_ccache(auth_info
);
159 if (!cli_session_request(c
, &calling
, &called
)) {
161 d_printf("session request to %s failed (%s)\n",
162 called
.name
, cli_errstr(c
));
165 if ((p
=strchr_m(called
.name
, '.'))) {
169 if (strcmp(called
.name
, "*SMBSERVER")) {
170 make_nmb_name(&called
, "*SMBSERVER", 0x20);
176 DEBUG(4,(" session request ok\n"));
178 status
= cli_negprot(c
);
180 if (!NT_STATUS_IS_OK(status
)) {
181 d_printf("protocol negotiation failed: %s\n",
187 username
= get_cmdline_auth_info_username(auth_info
);
188 password
= get_cmdline_auth_info_password(auth_info
);
190 if (!NT_STATUS_IS_OK(cli_session_setup(c
, username
,
191 password
, strlen(password
),
192 password
, strlen(password
),
194 /* If a password was not supplied then
195 * try again with a null username. */
196 if (password
[0] || !username
[0] ||
197 get_cmdline_auth_info_use_kerberos(auth_info
) ||
198 !NT_STATUS_IS_OK(cli_session_setup(c
, "",
202 d_printf("session setup failed: %s\n", cli_errstr(c
));
203 if (NT_STATUS_V(cli_nt_error(c
)) ==
204 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED
))
205 d_printf("did you forget to run kinit?\n");
209 d_printf("Anonymous login successful\n");
210 status
= cli_init_creds(c
, "", lp_workgroup(), "");
212 status
= cli_init_creds(c
, username
, lp_workgroup(), password
);
215 if (!NT_STATUS_IS_OK(status
)) {
216 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status
)));
221 if ( show_sessetup
) {
222 if (*c
->server_domain
) {
223 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
224 c
->server_domain
,c
->server_os
,c
->server_type
));
225 } else if (*c
->server_os
|| *c
->server_type
) {
226 DEBUG(0,("OS=[%s] Server=[%s]\n",
227 c
->server_os
,c
->server_type
));
230 DEBUG(4,(" session setup ok\n"));
232 /* here's the fun part....to support 'msdfs proxy' shares
233 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
234 here before trying to connect to the original share.
235 cli_check_msdfs_proxy() will fail if it is a normal share. */
237 if ((c
->capabilities
& CAP_DFS
) &&
238 cli_check_msdfs_proxy(ctx
, c
, sharename
,
239 &newserver
, &newshare
,
245 return do_connect(ctx
, newserver
,
246 newshare
, auth_info
, false,
247 force_encrypt
, max_protocol
,
251 /* must be a normal share */
253 status
= cli_tcon_andx(c
, sharename
, "?????",
254 password
, strlen(password
)+1);
255 if (!NT_STATUS_IS_OK(status
)) {
256 d_printf("tree connect failed: %s\n", nt_errstr(status
));
262 status
= cli_cm_force_encryption(c
,
267 if (!NT_STATUS_IS_OK(status
)) {
273 DEBUG(4,(" tconx ok\n"));
277 /****************************************************************************
278 ****************************************************************************/
280 static void cli_set_mntpoint(struct cli_state
*cli
, const char *mnt
)
282 char *name
= clean_name(NULL
, mnt
);
286 TALLOC_FREE(cli
->dfs_mountpoint
);
287 cli
->dfs_mountpoint
= talloc_strdup(cli
, name
);
291 /********************************************************************
292 Add a new connection to the list.
293 referring_cli == NULL means a new initial connection.
294 ********************************************************************/
296 static struct cli_state
*cli_cm_connect(TALLOC_CTX
*ctx
,
297 struct cli_state
*referring_cli
,
300 const struct user_auth_info
*auth_info
,
307 struct cli_state
*cli
;
309 cli
= do_connect(ctx
, server
, share
,
311 show_hdr
, force_encrypt
, max_protocol
,
318 /* Enter into the list. */
320 DLIST_ADD_END(referring_cli
, cli
, struct cli_state
*);
323 if (referring_cli
&& referring_cli
->requested_posix_capabilities
) {
325 uint32 caplow
, caphigh
;
327 status
= cli_unix_extensions_version(cli
, &major
, &minor
,
329 if (NT_STATUS_IS_OK(status
)) {
330 cli_set_unix_extensions_capabilities(cli
,
339 /********************************************************************
340 Return a connection to a server on a particular share.
341 ********************************************************************/
343 static struct cli_state
*cli_cm_find(struct cli_state
*cli
,
353 /* Search to the start of the list. */
354 for (p
= cli
; p
; p
= DLIST_PREV(p
)) {
355 if (strequal(server
, p
->desthost
) &&
356 strequal(share
,p
->share
)) {
361 /* Search to the end of the list. */
362 for (p
= cli
->next
; p
; p
= p
->next
) {
363 if (strequal(server
, p
->desthost
) &&
364 strequal(share
,p
->share
)) {
372 /****************************************************************************
373 Open a client connection to a \\server\share.
374 ****************************************************************************/
376 struct cli_state
*cli_cm_open(TALLOC_CTX
*ctx
,
377 struct cli_state
*referring_cli
,
380 const struct user_auth_info
*auth_info
,
387 /* Try to reuse an existing connection in this list. */
388 struct cli_state
*c
= cli_cm_find(referring_cli
, server
, share
);
394 if (auth_info
== NULL
) {
395 /* Can't do a new connection
396 * without auth info. */
397 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
398 "without auth info\n",
403 return cli_cm_connect(ctx
,
415 /****************************************************************************
416 ****************************************************************************/
418 void cli_cm_display(const struct cli_state
*cli
)
422 for (i
=0; cli
; cli
= cli
->next
,i
++ ) {
423 d_printf("%d:\tserver=%s, share=%s\n",
424 i
, cli
->desthost
, cli
->share
);
428 /****************************************************************************
429 ****************************************************************************/
431 /****************************************************************************
432 ****************************************************************************/
435 void cli_cm_set_credentials(struct user_auth_info
*auth_info
)
437 SAFE_FREE(cm_creds
.username
);
438 cm_creds
.username
= SMB_STRDUP(get_cmdline_auth_info_username(
441 if (get_cmdline_auth_info_got_pass(auth_info
)) {
442 cm_set_password(get_cmdline_auth_info_password(auth_info
));
445 cm_creds
.use_kerberos
= get_cmdline_auth_info_use_kerberos(auth_info
);
446 cm_creds
.fallback_after_kerberos
= false;
447 cm_creds
.signing_state
= get_cmdline_auth_info_signing_state(auth_info
);
451 /**********************************************************************
452 split a dfs path into the server, share name, and extrapath components
453 **********************************************************************/
455 static void split_dfs_path(TALLOC_CTX
*ctx
,
456 const char *nodepath
,
466 *pp_extrapath
= NULL
;
468 path
= talloc_strdup(ctx
, nodepath
);
473 if ( path
[0] != '\\' ) {
477 p
= strchr_m( path
+ 1, '\\' );
485 /* Look for any extra/deep path */
486 q
= strchr_m(p
, '\\');
490 *pp_extrapath
= talloc_strdup(ctx
, q
);
492 *pp_extrapath
= talloc_strdup(ctx
, "");
495 *pp_share
= talloc_strdup(ctx
, p
);
496 *pp_server
= talloc_strdup(ctx
, &path
[1]);
499 /****************************************************************************
500 Return the original path truncated at the directory component before
501 the first wildcard character. Trust the caller to provide a NULL
503 ****************************************************************************/
505 static char *clean_path(TALLOC_CTX
*ctx
, const char *path
)
511 /* No absolute paths. */
512 while (IS_DIRECTORY_SEP(*path
)) {
516 path_out
= talloc_strdup(ctx
, path
);
521 p1
= strchr_m(path_out
, '*');
522 p2
= strchr_m(path_out
, '?');
534 /* Now go back to the start of this component. */
535 p1
= strrchr_m(path_out
, '/');
536 p2
= strrchr_m(path_out
, '\\');
543 /* Strip any trailing separator */
545 len
= strlen(path_out
);
546 if ( (len
> 0) && IS_DIRECTORY_SEP(path_out
[len
-1])) {
547 path_out
[len
-1] = '\0';
553 /****************************************************************************
554 ****************************************************************************/
556 static char *cli_dfs_make_full_path(TALLOC_CTX
*ctx
,
557 struct cli_state
*cli
,
560 char path_sep
= '\\';
562 /* Ensure the extrapath doesn't start with a separator. */
563 while (IS_DIRECTORY_SEP(*dir
)) {
567 if (cli
->requested_posix_capabilities
& CIFS_UNIX_POSIX_PATHNAMES_CAP
) {
570 return talloc_asprintf(ctx
, "%c%s%c%s%c%s",
579 /********************************************************************
580 check for dfs referral
581 ********************************************************************/
583 static bool cli_dfs_check_error( struct cli_state
*cli
, NTSTATUS status
)
585 uint32 flgs2
= SVAL(cli
->inbuf
,smb_flg2
);
587 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
589 if (!((flgs2
&FLAGS2_32_BIT_ERROR_CODES
) &&
590 (flgs2
&FLAGS2_UNICODE_STRINGS
)))
593 if (NT_STATUS_EQUAL(status
, NT_STATUS(IVAL(cli
->inbuf
,smb_rcls
))))
599 /********************************************************************
600 Get the dfs referral link.
601 ********************************************************************/
603 bool cli_dfs_get_referral(TALLOC_CTX
*ctx
,
604 struct cli_state
*cli
,
606 struct client_dfs_referral
**refs
,
610 unsigned int data_len
= 0;
611 unsigned int param_len
= 0;
612 uint16 setup
= TRANSACT2_GET_DFS_REFERRAL
;
614 char *rparam
=NULL
, *rdata
=NULL
;
617 size_t pathlen
= 2*(strlen(path
)+1);
618 smb_ucs2_t
*path_ucs
;
619 char *consumed_path
= NULL
;
620 uint16_t consumed_ucs
;
621 uint16 num_referrals
;
622 struct client_dfs_referral
*referrals
= NULL
;
628 param
= SMB_MALLOC_ARRAY(char, 2+pathlen
+2);
632 SSVAL(param
, 0, 0x03); /* max referral level */
635 path_ucs
= (smb_ucs2_t
*)p
;
636 p
+= clistr_push(cli
, p
, path
, pathlen
, STR_TERMINATE
);
637 param_len
= PTR_DIFF(p
, param
);
639 if (!cli_send_trans(cli
, SMBtrans2
,
641 -1, 0, /* fid, flags */
642 &setup
, 1, 0, /* setup, length, max */
643 param
, param_len
, 2, /* param, length, max */
644 NULL
, 0, cli
->max_xmit
/* data, length, max */
649 if (!cli_receive_trans(cli
, SMBtrans2
,
651 &rdata
, &data_len
)) {
659 endp
= rdata
+ data_len
;
661 consumed_ucs
= SVAL(rdata
, 0);
662 num_referrals
= SVAL(rdata
, 2);
664 /* consumed_ucs is the number of bytes
665 * of the UCS2 path consumed not counting any
666 * terminating null. We need to convert
667 * back to unix charset and count again
668 * to get the number of bytes consumed from
669 * the incoming path. */
671 if (pull_string_talloc(talloc_tos(),
680 if (consumed_path
== NULL
) {
683 *consumed
= strlen(consumed_path
);
685 if (num_referrals
!= 0) {
691 referrals
= talloc_array(ctx
, struct client_dfs_referral
,
697 /* start at the referrals array */
700 for (i
=0; i
<num_referrals
&& p
< endp
; i
++) {
704 ref_version
= SVAL(p
, 0);
705 ref_size
= SVAL(p
, 2);
706 node_offset
= SVAL(p
, 16);
708 if (ref_version
!= 3) {
713 referrals
[i
].proximity
= SVAL(p
, 8);
714 referrals
[i
].ttl
= SVAL(p
, 10);
716 if (p
+ node_offset
> endp
) {
719 clistr_pull_talloc(ctx
, cli
->inbuf
,
720 SVAL(cli
->inbuf
, smb_flg2
),
721 &referrals
[i
].dfspath
,
723 STR_TERMINATE
|STR_UNICODE
);
725 if (!referrals
[i
].dfspath
) {
730 if (i
< num_referrals
) {
737 *num_refs
= num_referrals
;
742 TALLOC_FREE(consumed_path
);
749 /********************************************************************
750 ********************************************************************/
752 bool cli_resolve_path(TALLOC_CTX
*ctx
,
754 const struct user_auth_info
*dfs_auth_info
,
755 struct cli_state
*rootcli
,
757 struct cli_state
**targetcli
,
758 char **pp_targetpath
)
760 struct client_dfs_referral
*refs
= NULL
;
763 struct cli_state
*cli_ipc
= NULL
;
764 char *dfs_path
= NULL
;
765 char *cleanpath
= NULL
;
766 char *extrapath
= NULL
;
770 struct cli_state
*newcli
= NULL
;
771 char *newpath
= NULL
;
772 char *newmount
= NULL
;
774 SMB_STRUCT_STAT sbuf
;
778 if ( !rootcli
|| !path
|| !targetcli
) {
782 /* Don't do anything if this is not a DFS root. */
784 if ( !rootcli
->dfsroot
) {
785 *targetcli
= rootcli
;
786 *pp_targetpath
= talloc_strdup(ctx
, path
);
787 if (!*pp_targetpath
) {
795 /* Send a trans2_query_path_info to check for a referral. */
797 cleanpath
= clean_path(ctx
, path
);
802 dfs_path
= cli_dfs_make_full_path(ctx
, rootcli
, cleanpath
);
807 status
= cli_qpathinfo_basic( rootcli
, dfs_path
, &sbuf
, &attributes
);
808 if (NT_STATUS_IS_OK(status
)) {
809 /* This is an ordinary path, just return it. */
810 *targetcli
= rootcli
;
811 *pp_targetpath
= talloc_strdup(ctx
, path
);
812 if (!*pp_targetpath
) {
818 /* Special case where client asked for a path that does not exist */
820 if (cli_dfs_check_error(rootcli
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
821 *targetcli
= rootcli
;
822 *pp_targetpath
= talloc_strdup(ctx
, path
);
823 if (!*pp_targetpath
) {
829 /* We got an error, check for DFS referral. */
831 if (!cli_dfs_check_error(rootcli
, NT_STATUS_PATH_NOT_COVERED
)) {
835 /* Check for the referral. */
837 if (!(cli_ipc
= cli_cm_open(ctx
,
843 (rootcli
->trans_enc_state
!= NULL
),
850 if (!cli_dfs_get_referral(ctx
, cli_ipc
, dfs_path
, &refs
,
851 &num_refs
, &consumed
) || !num_refs
) {
855 /* Just store the first referral for now. */
857 if (!refs
[0].dfspath
) {
860 split_dfs_path(ctx
, refs
[0].dfspath
, &server
, &share
, &extrapath
);
862 if (!server
|| !share
) {
866 /* Make sure to recreate the original string including any wildcards. */
868 dfs_path
= cli_dfs_make_full_path(ctx
, rootcli
, path
);
872 pathlen
= strlen(dfs_path
);
873 consumed
= MIN(pathlen
, consumed
);
874 *pp_targetpath
= talloc_strdup(ctx
, &dfs_path
[consumed
]);
875 if (!*pp_targetpath
) {
878 dfs_path
[consumed
] = '\0';
881 * *pp_targetpath is now the unconsumed part of the path.
882 * dfs_path is now the consumed part of the path
883 * (in \server\share\path format).
886 /* Open the connection to the target server & share */
887 if ((*targetcli
= cli_cm_open(ctx
, rootcli
,
892 (rootcli
->trans_enc_state
!= NULL
),
896 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
901 if (extrapath
&& strlen(extrapath
) > 0) {
902 *pp_targetpath
= talloc_asprintf(ctx
,
906 if (!*pp_targetpath
) {
911 /* parse out the consumed mount path */
912 /* trim off the \server\share\ */
916 if (*ppath
!= '\\') {
917 d_printf("cli_resolve_path: "
918 "dfs_path (%s) not in correct format.\n",
923 ppath
++; /* Now pointing at start of server name. */
925 if ((ppath
= strchr_m( dfs_path
, '\\' )) == NULL
) {
929 ppath
++; /* Now pointing at start of share name. */
931 if ((ppath
= strchr_m( ppath
+1, '\\' )) == NULL
) {
935 ppath
++; /* Now pointing at path component. */
937 newmount
= talloc_asprintf(ctx
, "%s\\%s", mountpt
, ppath
);
942 cli_set_mntpoint(*targetcli
, newmount
);
944 /* Check for another dfs referral, note that we are not
945 checking for loops here. */
947 if (!strequal(*pp_targetpath
, "\\") && !strequal(*pp_targetpath
, "/")) {
948 if (cli_resolve_path(ctx
,
956 * When cli_resolve_path returns true here it's always
957 * returning the complete path in newpath, so we're done
961 *pp_targetpath
= newpath
;
968 /* If returning true ensure we return a dfs root full path. */
969 if ((*targetcli
)->dfsroot
) {
970 dfs_path
= talloc_strdup(ctx
, *pp_targetpath
);
974 *pp_targetpath
= cli_dfs_make_full_path(ctx
, *targetcli
, dfs_path
);
980 /********************************************************************
981 ********************************************************************/
983 bool cli_check_msdfs_proxy(TALLOC_CTX
*ctx
,
984 struct cli_state
*cli
,
985 const char *sharename
,
989 const char *username
,
990 const char *password
,
993 struct client_dfs_referral
*refs
= NULL
;
996 char *fullpath
= NULL
;
999 char *newextrapath
= NULL
;
1002 if (!cli
|| !sharename
) {
1008 /* special case. never check for a referral on the IPC$ share */
1010 if (strequal(sharename
, "IPC$")) {
1014 /* send a trans2_query_path_info to check for a referral */
1016 fullpath
= talloc_asprintf(ctx
, "\\%s\\%s", cli
->desthost
, sharename
);
1021 /* check for the referral */
1023 if (!NT_STATUS_IS_OK(cli_tcon_andx(cli
, "IPC$", "IPC", NULL
, 0))) {
1027 if (force_encrypt
) {
1028 status
= cli_cm_force_encryption(cli
,
1033 if (!NT_STATUS_IS_OK(status
)) {
1038 res
= cli_dfs_get_referral(ctx
, cli
, fullpath
, &refs
, &num_refs
, &consumed
);
1040 status
= cli_tdis(cli
);
1041 if (!NT_STATUS_IS_OK(status
)) {
1047 if (!res
|| !num_refs
) {
1051 if (!refs
[0].dfspath
) {
1055 split_dfs_path(ctx
, refs
[0].dfspath
, pp_newserver
,
1056 pp_newshare
, &newextrapath
);
1058 if ((*pp_newserver
== NULL
) || (*pp_newshare
== NULL
)) {
1062 /* check that this is not a self-referral */
1064 if (strequal(cli
->desthost
, *pp_newserver
) &&
1065 strequal(sharename
, *pp_newshare
)) {