s3-waf: Link pdbedit only against needed subsystems.
[Samba/gebeck_regimport.git] / dfs_server / dfs_server_ad.c
blob22d3263b03b5b4ed10e77581094b87b00c72e5cf
1 /*
2 Unix SMB/CIFS implementation.
4 Copyright Matthieu Patou <mat@matws.net> 2010-2011
5 Copyright Stefan Metzmacher 2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "librpc/gen_ndr/dfsblobs.h"
23 #include "librpc/gen_ndr/ndr_dfsblobs.h"
24 #include "dsdb/samdb/samdb.h"
25 #include "auth/session.h"
26 #include "param/param.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "dfs_server/dfs_server_ad.h"
30 #define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
32 /* A DC set is a group of DC, they might have been grouped together
33 because they belong to the same site, or to site with same cost ...
35 struct dc_set {
36 const char **names;
37 uint32_t count;
41 fill a referral type structure
43 static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx,
44 struct dfs_referral_type *ref,
45 uint16_t version,
46 const char *dfs_path,
47 const char *server_path, int isfirstoffset)
49 ZERO_STRUCTP(ref);
50 switch (version) {
51 case 4:
52 version = 3;
53 # if 0
54 /* For the moment there is a bug with XP that don't seems to appriciate much
55 * level4 so we return just level 3 for everyone
57 ref->referral.v4.server_type = DFS_SERVER_NON_ROOT;
58 /* "normal" referral seems to always include the GUID */
59 ref->referral.v4.size = 34;
61 if (isfirstoffset) {
62 ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK;
64 ref->referral.v4.ttl = 900; /* As w2k8r2 */
65 ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
66 if (ref->referral.v4.referrals.r1.DFS_path == NULL) {
67 return NT_STATUS_NO_MEMORY;
69 ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
70 if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) {
71 return NT_STATUS_NO_MEMORY;
73 ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
74 if (ref->referral.v4.referrals.r1.netw_address == NULL) {
75 return NT_STATUS_NO_MEMORY;
77 return NT_STATUS_OK;
78 #endif
79 case 3:
80 ref->version = version;
81 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
82 /* "normal" referral seems to always include the GUID */
83 ref->referral.v3.size = 34;
85 ref->referral.v3.entry_flags = 0;
86 ref->referral.v3.ttl = 600; /* As w2k3 */
87 ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
88 if (ref->referral.v3.referrals.r1.DFS_path == NULL) {
89 return NT_STATUS_NO_MEMORY;
91 ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
92 if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) {
93 return NT_STATUS_NO_MEMORY;
95 ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
96 if (ref->referral.v3.referrals.r1.netw_address == NULL) {
97 return NT_STATUS_NO_MEMORY;
99 return NT_STATUS_OK;
101 return NT_STATUS_INVALID_LEVEL;
105 fill a domain refererral
107 static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx,
108 struct dfs_referral_type *ref,
109 uint16_t version,
110 const char *domain,
111 const char **names,
112 uint16_t numnames)
114 switch (version) {
115 case 3:
116 ZERO_STRUCTP(ref);
117 DEBUG(8, ("Called fill_domain_dfs_referraltype\n"));
118 ref->version = version;
119 ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
121 * It's hard coded ... don't think it's a good way but the
122 * sizeof return not the correct values
124 * We have 18 if the GUID is not included 34 otherwise
126 if (numnames == 0) {
127 /* Windows return without the guid when returning domain list
129 ref->referral.v3.size = 18;
130 } else {
131 ref->referral.v3.size = 34;
133 ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP;
134 ref->referral.v3.ttl = 600; /* As w2k3 */
135 ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx,
136 domain);
137 if (ref->referral.v3.referrals.r2.special_name == NULL) {
138 return NT_STATUS_NO_MEMORY;
140 ref->referral.v3.referrals.r2.nb_expanded_names = numnames;
141 /* Put the final terminator */
142 if (names) {
143 int i;
144 const char **names2 = talloc_array(mem_ctx, const char *,
145 numnames+1);
146 NT_STATUS_HAVE_NO_MEMORY(names2);
147 for (i = 0; i<numnames; i++) {
148 names2[i] = talloc_asprintf(names2, "\\%s", names[i]);
149 NT_STATUS_HAVE_NO_MEMORY(names2[i]);
151 names2[numnames] = NULL;
152 ref->referral.v3.referrals.r2.expanded_names = names2;
154 return NT_STATUS_OK;
156 return NT_STATUS_INVALID_LEVEL;
160 get the DCs list within a site
162 static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
163 struct ldb_dn *sitedn, struct dc_set *list,
164 bool dofqdn)
166 static const char *attrs[] = { "serverReference", NULL };
167 static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL };
168 struct ldb_result *r;
169 unsigned int i;
170 int ret;
171 const char **dc_list;
173 ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs,
174 "(&(objectClass=server)(serverReference=*))");
175 if (ret != LDB_SUCCESS) {
176 DEBUG(2,(__location__ ": Failed to get list of servers - %s\n",
177 ldb_errstring(ldb)));
178 return NT_STATUS_INTERNAL_ERROR;
181 if (r->count == 0) {
182 /* none in this site */
183 talloc_free(r);
184 return NT_STATUS_OK;
188 * need to search for all server object to know the size of the array.
189 * Search all the object of class server in this site
191 dc_list = talloc_array(r, const char *, r->count);
192 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(dc_list, r);
194 /* TODO put some random here in the order */
195 list->names = talloc_realloc(list, list->names, const char *, list->count + r->count);
196 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(list->names, r);
198 for (i = 0; i<r->count; i++) {
199 struct ldb_dn *dn;
200 struct ldb_result *r2;
202 dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
203 if (!dn) {
204 return NT_STATUS_INTERNAL_ERROR;
207 ret = ldb_search(ldb, r, &r2, dn, LDB_SCOPE_BASE, attrs2, "(objectClass=computer)");
208 if (ret != LDB_SUCCESS) {
209 DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
210 ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
211 return NT_STATUS_INTERNAL_ERROR;
214 if (dofqdn) {
215 const char *dns = ldb_msg_find_attr_as_string(r2->msgs[0], "dNSHostName", NULL);
216 if (dns == NULL) {
217 DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
218 ldb_dn_get_linearized(dn)));
219 talloc_free(r);
220 return NT_STATUS_INTERNAL_ERROR;
223 list->names[list->count] = talloc_strdup(list->names, dns);
224 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(list->names[list->count], r);
225 } else {
226 char *tmp;
227 const char *acct = ldb_msg_find_attr_as_string(r2->msgs[0], "sAMAccountName", NULL);
228 if (acct == NULL) {
229 DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
230 ldb_dn_get_linearized(dn)));
231 talloc_free(r);
232 return NT_STATUS_INTERNAL_ERROR;
235 tmp = talloc_strdup(list->names, acct);
236 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(tmp, r);
238 /* Netbios name is also the sAMAccountName for
239 computer but without the final $ */
240 tmp[strlen(tmp) - 1] = '\0';
241 list->names[list->count] = tmp;
243 list->count++;
244 talloc_free(r2);
247 talloc_free(r);
248 return NT_STATUS_OK;
253 get all DCs
255 static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
256 const char *searched_site, bool need_fqdn,
257 struct dc_set ***pset_list, uint32_t flags)
260 * Flags will be used later to indicate things like least-expensive
261 * or same-site options
263 const char *attrs_none[] = { NULL };
264 const char *attrs3[] = { "name", NULL };
265 struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn;
266 struct ldb_result *r;
267 struct dc_set **set_list = NULL;
268 uint32_t i;
269 int ret;
270 uint32_t current_pos = 0;
271 NTSTATUS status;
272 TALLOC_CTX *subctx = talloc_new(ctx);
274 *pset_list = set_list = NULL;
276 subctx = talloc_new(ctx);
277 NT_STATUS_HAVE_NO_MEMORY(subctx);
279 configdn = ldb_get_config_basedn(ldb);
281 /* Let's search for the Site container */
282 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none,
283 "(objectClass=sitesContainer)");
284 if (ret != LDB_SUCCESS) {
285 DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n",
286 ldb_dn_get_linearized(configdn), ldb_errstring(ldb)));
287 talloc_free(subctx);
288 return NT_STATUS_INTERNAL_ERROR;
290 if (r->count > 1) {
291 DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n",
292 r->count, ldb_dn_get_linearized(configdn)));
293 talloc_free(subctx);
294 return NT_STATUS_INTERNAL_ERROR;
297 sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn);
298 talloc_free(r);
301 * TODO: Here we should have a more subtle handling
302 * for the case "same-site"
304 ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE,
305 attrs_none, "(objectClass=server)");
306 if (ret != LDB_SUCCESS) {
307 DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n",
308 ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb)));
309 talloc_free(subctx);
310 return NT_STATUS_INTERNAL_ERROR;
312 talloc_free(r);
314 if (searched_site != NULL && searched_site[0] != '\0') {
315 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE,
316 attrs_none, "(&(name=%s)(objectClass=site))", searched_site);
317 if (ret != LDB_SUCCESS) {
318 talloc_free(subctx);
319 return NT_STATUS_FOOBAR;
320 } else if (r->count != 1) {
321 talloc_free(subctx);
322 return NT_STATUS_FOOBAR;
325 /* All of this was to get the DN of the searched_site */
326 sitedn = r->msgs[0]->dn;
328 set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+1);
329 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(set_list, subctx);
331 set_list[current_pos] = talloc(set_list, struct dc_set);
332 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(set_list[current_pos], subctx);
334 set_list[current_pos]->names = NULL;
335 set_list[current_pos]->count = 0;
336 status = get_dcs_insite(subctx, ldb, sitedn,
337 set_list[current_pos], need_fqdn);
338 if (!NT_STATUS_IS_OK(status)) {
339 DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n",
340 ldb_dn_get_linearized(sitedn), nt_errstr(status)));
341 talloc_free(subctx);
342 return status;
344 talloc_free(r);
345 current_pos++;
348 /* Let's find all the sites */
349 ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)");
350 if (ret != LDB_SUCCESS) {
351 DEBUG(2,(__location__ ": Failed to find any site containers in %s\n",
352 ldb_dn_get_linearized(configdn)));
353 talloc_free(subctx);
354 return NT_STATUS_INTERNAL_DB_CORRUPTION;
358 * TODO:
359 * We should randomize the order in the main site,
360 * it's mostly needed for sysvol/netlogon referral.
361 * Depending of flag we either randomize order of the
362 * not "in the same site DCs"
363 * or we randomize by group of site that have the same cost
364 * In the long run we want to manipulate an array of site_set
365 * All the site in one set have the same cost (if least-expansive options is selected)
366 * and we will put all the dc related to 1 site set into 1 DCs set.
367 * Within a site set, site order has to be randomized
369 * But for the moment we just return the list of sites
371 if (r->count) {
373 * We will realloc + 2 because we will need one additional place
374 * for element at current_pos + 1 for the NULL element
376 set_list = talloc_realloc(subctx, set_list, struct dc_set *,
377 current_pos+2);
378 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(set_list, subctx);
380 set_list[current_pos] = talloc(ctx, struct dc_set);
381 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(set_list[current_pos], subctx);
383 set_list[current_pos]->names = NULL;
384 set_list[current_pos]->count = 0;
386 set_list[current_pos+1] = NULL;
389 for (i=0; i<r->count; i++) {
390 const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL);
391 if (site_name == NULL) {
392 DEBUG(2,(__location__ ": Failed to find name attribute in %s\n",
393 ldb_dn_get_linearized(r->msgs[i]->dn)));
394 talloc_free(subctx);
395 return NT_STATUS_INTERNAL_DB_CORRUPTION;
398 if (searched_site == NULL ||
399 strcmp(searched_site, site_name) != 0) {
400 DEBUG(2,(__location__ ": Site: %s %s\n",
401 searched_site, site_name));
404 * Do all the site but the one of the client
405 * (because it has already been done ...)
407 dn = r->msgs[i]->dn;
409 status = get_dcs_insite(subctx, ldb, dn,
410 set_list[current_pos],
411 need_fqdn);
412 if (!NT_STATUS_IS_OK(status)) {
413 talloc_free(subctx);
414 return status;
418 current_pos++;
419 set_list[current_pos] = NULL;
421 *pset_list = talloc_move(ctx, &set_list);
422 talloc_free(subctx);
423 return NT_STATUS_OK;
426 static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
427 struct ldb_context *sam_ctx,
428 const struct tsocket_address *client,
429 struct dfs_GetDFSReferral *r)
432 * TODO for the moment we just return the local domain
434 NTSTATUS status;
435 const char *dns_domain = lpcfg_dnsdomain(lp_ctx);
436 const char *netbios_domain = lpcfg_workgroup(lp_ctx);
437 struct dfs_referral_type *referrals;
438 const char *referral_str;
439 /* In the future this needs to be fetched from the ldb */
440 uint32_t found_domain = 2;
442 if (lpcfg_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
443 DEBUG(10 ,("Received a domain referral request on a non DC\n"));
444 return NT_STATUS_INVALID_PARAMETER;
447 if (r->in.req.max_referral_level < 3) {
448 DEBUG(2,("invalid max_referral_level %u\n",
449 r->in.req.max_referral_level));
450 return NT_STATUS_UNSUCCESSFUL;
453 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
454 if (r->out.resp == NULL) {
455 return NT_STATUS_NO_MEMORY;
458 r->out.resp->path_consumed = 0;
459 r->out.resp->header_flags = 0; /* Do like w2k3 */
460 r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */
462 referrals = talloc_zero_array(r->out.resp,
463 struct dfs_referral_type,
464 r->out.resp->nb_referrals);
465 if (referrals == NULL) {
466 return NT_STATUS_NO_MEMORY;
468 r->out.resp->referral_entries = referrals;
470 referral_str = talloc_asprintf(r, "\\%s", netbios_domain);
471 if (referral_str == NULL) {
472 return NT_STATUS_NO_MEMORY;
475 status = fill_domain_dfs_referraltype(referrals,
476 &referrals[0], 3,
477 referral_str,
478 NULL, 0);
479 if (!NT_STATUS_IS_OK(status)) {
480 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
481 __location__, nt_errstr(status)));
482 return status;
485 referral_str = talloc_asprintf(r, "\\%s", dns_domain);
486 if (referral_str == NULL) {
487 return NT_STATUS_NO_MEMORY;
490 status = fill_domain_dfs_referraltype(referrals,
491 &referrals[1], 3,
492 referral_str,
493 NULL, 0);
494 if (!NT_STATUS_IS_OK(status)) {
495 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
496 __location__, nt_errstr(status)));
497 return status;
500 return NT_STATUS_OK;
504 * Handle the logic for dfs referral request like
505 * \\dns_domain or \\netbios_domain.
507 static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
508 struct ldb_context *sam_ctx,
509 const struct tsocket_address *client,
510 struct dfs_GetDFSReferral *r,
511 const char *domain_name)
513 NTSTATUS status;
514 const char *site_name = NULL; /* Name of the site where the client is */
515 bool need_fqdn = false;
516 unsigned int i;
517 const char **dc_list = NULL;
518 uint32_t num_dcs = 0;
519 struct dc_set **set;
520 char *client_str = NULL;
521 struct dfs_referral_type *referrals;
522 const char *referral_str;
524 if (lpcfg_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
525 return NT_STATUS_INVALID_PARAMETER;
528 if (r->in.req.max_referral_level < 3) {
529 DEBUG(2,("invalid max_referral_level %u\n",
530 r->in.req.max_referral_level));
531 return NT_STATUS_UNSUCCESSFUL;
534 DEBUG(10, ("in this we have request for %s requested is %s\n",
535 domain_name, r->in.req.servername));
537 if (strchr(domain_name,'.')) {
538 need_fqdn = 1;
541 if (tsocket_address_is_inet(client, "ip")) {
542 client_str = tsocket_address_inet_addr_string(client, r);
543 if (client_str == NULL) {
544 return NT_STATUS_NO_MEMORY;
548 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
550 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
551 if (!NT_STATUS_IS_OK(status)) {
552 DEBUG(3,("Unable to get list of DCs - %s\n",
553 nt_errstr(status)));
554 return status;
557 for(i=0; set[i]; i++) {
558 uint32_t j;
560 dc_list = talloc_realloc(r, dc_list, const char*,
561 num_dcs + set[i]->count + 1);
562 if (dc_list == NULL) {
563 return NT_STATUS_NO_MEMORY;
566 for(j=0; j<set[i]->count; j++) {
567 dc_list[num_dcs + j] = talloc_move(dc_list,
568 &set[i]->names[j]);
570 num_dcs = num_dcs + set[i]->count;
571 TALLOC_FREE(set[i]);
572 dc_list[num_dcs] = NULL;
575 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
576 if (r->out.resp == NULL) {
577 return NT_STATUS_NO_MEMORY;
580 r->out.resp->path_consumed = 0;
581 r->out.resp->header_flags = 0; /* Do like w2k3 */
582 r->out.resp->nb_referrals = 1;
584 referrals = talloc_zero_array(r->out.resp,
585 struct dfs_referral_type,
586 r->out.resp->nb_referrals);
587 if (referrals == NULL) {
588 return NT_STATUS_NO_MEMORY;
590 r->out.resp->referral_entries = referrals;
592 if (r->in.req.servername[0] == '\\') {
593 referral_str = talloc_asprintf(referrals, "%s",
594 domain_name);
595 } else {
596 referral_str = talloc_asprintf(referrals, "\\%s",
597 domain_name);
599 if (referral_str == NULL) {
600 return NT_STATUS_NO_MEMORY;
603 status = fill_domain_dfs_referraltype(referrals,
604 &referrals[0], 3,
605 referral_str,
606 dc_list, num_dcs);
607 if (!NT_STATUS_IS_OK(status)) {
608 DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
609 __location__, nt_errstr(status)));
610 return status;
613 return NT_STATUS_OK;
617 * Handle the logic for dfs referral request like
618 * \\domain\sysvol or \\domain\netlogon
620 static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
621 struct ldb_context *sam_ctx,
622 const struct tsocket_address *client,
623 struct dfs_GetDFSReferral *r,
624 const char *domain_name,
625 const char *dfs_name)
627 const char *site_name = NULL; /* Name of the site where the client is */
628 bool need_fqdn = false;
629 unsigned int i, c = 0, nb_entries = 0;
630 struct dc_set **set;
631 char *client_str = NULL;
632 NTSTATUS status;
633 struct dfs_referral_type *referrals;
635 if (lpcfg_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
636 return NT_STATUS_INVALID_PARAMETER;
639 if (r->in.req.max_referral_level < 3) {
640 DEBUG(2,("invalid max_referral_level %u\n",
641 r->in.req.max_referral_level));
642 return NT_STATUS_UNSUCCESSFUL;
645 DEBUG(10, ("in this we have request for %s and share %s requested is %s\n",
646 domain_name, dfs_name, r->in.req.servername));
648 if (strchr(domain_name,'.')) {
649 need_fqdn = 1;
652 if (tsocket_address_is_inet(client, "ip")) {
653 client_str = tsocket_address_inet_addr_string(client, r);
654 if (client_str == NULL) {
655 return NT_STATUS_NO_MEMORY;
659 site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL);
661 status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
662 if (!NT_STATUS_IS_OK(status)) {
663 DEBUG(3,("Unable to get list of DCs - %s\n",
664 nt_errstr(status)));
665 return status;
668 for(i=0; set[i]; i++) {
669 nb_entries = nb_entries + set[i]->count;
672 r->out.resp = talloc_zero(r, struct dfs_referral_resp);
673 if (r->out.resp == NULL) {
674 return NT_STATUS_NO_MEMORY;
677 /* The length is expected in bytes */
678 r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2;
679 /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/
680 r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR;
681 r->out.resp->nb_referrals = nb_entries;
683 referrals = talloc_zero_array(r->out.resp,
684 struct dfs_referral_type,
685 r->out.resp->nb_referrals);
686 if (referrals == NULL) {
687 return NT_STATUS_NO_MEMORY;
689 r->out.resp->referral_entries = referrals;
691 c = 0;
692 for(i=0; set[i]; i++) {
693 uint32_t j;
695 for(j=0; j< set[i]->count; j++) {
696 struct dfs_referral_type *ref = &referrals[c];
697 const char *referral_str;
699 referral_str = talloc_asprintf(referrals, "\\%s\\%s",
700 set[i]->names[j], dfs_name);
701 if (referral_str == NULL) {
702 return NT_STATUS_NO_MEMORY;
705 DEBUG(8,("Doing a dfs referral for %s with this value "
706 "%s requested %s\n",
707 set[i]->names[j], referral_str,
708 r->in.req.servername));
710 status = fill_normal_dfs_referraltype(referrals, ref,
711 r->in.req.max_referral_level,
712 r->in.req.servername,
713 referral_str, c==0);
716 if (!NT_STATUS_IS_OK(status)) {
717 DEBUG(2,("%s: Unable to fill domain referral "
718 "structure - %s\n",
719 __location__, nt_errstr(status)));
720 return status;
723 c++;
727 return NT_STATUS_OK;
731 trans2 getdfsreferral implementation
733 NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx,
734 struct ldb_context *sam_ctx,
735 const struct tsocket_address *client,
736 struct dfs_GetDFSReferral *r)
738 char *server_name = NULL;
739 char *dfs_name = NULL;
740 char *link_path = NULL;
741 const char *netbios_domain;
742 const char *dns_domain;
743 const char *netbios_name;
744 const char *dns_name;
746 if (!lpcfg_host_msdfs(lp_ctx)) {
747 return NT_STATUS_FS_DRIVER_REQUIRED;
750 if (r->in.req.servername == NULL) {
751 return NT_STATUS_INVALID_PARAMETER;
754 DEBUG(8, ("Requested DFS name: %s length: %u\n",
755 r->in.req.servername,
756 (unsigned int)strlen_m(r->in.req.servername)*2));
759 * If the servername is "" then we are in a case of domain dfs
760 * and the client just searches for the list of local domain
761 * it is attached and also trusted ones.
763 if (strlen(r->in.req.servername) == 0) {
764 return dodomain_referral(lp_ctx, sam_ctx, client, r);
767 server_name = talloc_strdup(r, r->in.req.servername);
768 if (server_name == NULL) {
769 return NT_STATUS_NO_MEMORY;
772 while(*server_name && *server_name == '\\') {
773 server_name++;
776 dfs_name = strchr(server_name, '\\');
777 if (dfs_name != NULL) {
778 dfs_name[0] = '\0';
779 dfs_name++;
781 link_path = strchr(dfs_name, '\\');
782 if (link_path != NULL) {
783 link_path[0] = '\0';
784 link_path++;
788 if (link_path != NULL) {
790 * If it is a DFS Link we do not
791 * handle it here.
793 return NT_STATUS_NOT_FOUND;
796 netbios_domain = lpcfg_workgroup(lp_ctx);
797 dns_domain = lpcfg_dnsdomain(lp_ctx);
798 netbios_name = lpcfg_netbios_name(lp_ctx);
799 dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain);
800 if (dns_name == NULL) {
801 return NT_STATUS_NO_MEMORY;
804 if ((strcasecmp_m(server_name, netbios_name) == 0) ||
805 (strcasecmp_m(server_name, dns_name) == 0)) {
807 * If it is not domain related do not
808 * handle it here.
810 return NT_STATUS_NOT_FOUND;
814 if ((strcasecmp_m(server_name, netbios_domain) != 0) &&
815 (strcasecmp_m(server_name, dns_domain) != 0)) {
817 * Not a domain we handle.
819 return NT_STATUS_INVALID_PARAMETER;
823 * Here we have filtered the thing the requested name don't contain our DNS name.
824 * So if the share == NULL or if share in ("sysvol", "netlogon")
825 * then we proceed. In the first case it will be a dc refereal in the second it will
826 * be just a sysvol/netlogon referral.
828 if (dfs_name == NULL) {
829 return dodc_referral(lp_ctx, sam_ctx,
830 client, r, server_name);
834 * Here we have filtered the thing the requested name don't contain our DNS name.
835 * So if the share == NULL or if share in ("sysvol", "netlogon")
836 * then we proceed. In the first case it will be a dc refereal in the second it will
837 * be just a sysvol/netlogon referral.
839 if (strcasecmp(dfs_name, "sysvol") == 0 ||
840 strcasecmp(dfs_name, "netlogon") == 0) {
841 return dosysvol_referral(lp_ctx, sam_ctx, client, r,
842 server_name, dfs_name);
845 /* By default until all the case are handled */
846 return NT_STATUS_NOT_FOUND;