search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libnetapi: add libnetapi_set_use_kerberos
[Samba/gebeck_regimport.git] / source3 / libsmb / clidfs.c
blob0b55d930aaa50479cb97a7cbcf9e93760dd9a856
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 /********************************************************************
25 Important point.
26
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
29
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
34
35 struct client_connection {
36 struct client_connection *prev, *next;
37 struct cli_state *cli;
38 char *mount;
39 };
40
41 /* global state....globals reek! */
42 int max_protocol = PROTOCOL_NT1;
43
44 static struct cm_cred_struct {
45 char *username;
46 char *password;
47 bool got_pass;
48 bool use_kerberos;
49 bool fallback_after_kerberos;
50 int signing_state;
51 } cm_creds;
52
53 static void cm_set_password(const char *newpass);
54
55 static int port;
56 static int name_type = 0x20;
57 static bool have_ip;
58 static struct sockaddr_storage dest_ss;
59
60 static struct client_connection *connections;
61
62 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
63 struct cli_state *cli,
64 const char *sharename,
65 char **pp_newserver,
66 char **pp_newshare,
67 bool force_encrypt,
68 const char *username,
69 const char *password,
70 const char *domain);
71
72 /********************************************************************
73 Ensure a connection is encrypted.
74 ********************************************************************/
75
76 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
77 const char *username,
78 const char *password,
79 const char *domain,
80 const char *sharename)
81 {
82 NTSTATUS status = cli_force_encryption(c,
83 username,
84 password,
85 domain);
86
87 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
88 d_printf("Encryption required and "
89 "server that doesn't support "
90 "UNIX extensions - failing connect\n");
91 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
92 d_printf("Encryption required and "
93 "can't get UNIX CIFS extensions "
94 "version from server.\n");
95 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
96 d_printf("Encryption required and "
97 "share %s doesn't support "
98 "encryption.\n", sharename);
99 } else if (!NT_STATUS_IS_OK(status)) {
100 d_printf("Encryption required and "
101 "setup failed with error %s.\n",
102 nt_errstr(status));
103 }
104
105 return status;
106 }
107
108 /********************************************************************
109 Return a connection to a server.
110 ********************************************************************/
111
112 static struct cli_state *do_connect(TALLOC_CTX *ctx,
113 const char *server,
114 const char *share,
115 bool show_sessetup,
116 bool force_encrypt)
117 {
118 struct cli_state *c = NULL;
119 struct nmb_name called, calling;
120 const char *server_n;
121 struct sockaddr_storage ss;
122 char *servicename;
123 char *sharename;
124 char *newserver, *newshare;
125 const char *username;
126 const char *password;
127 NTSTATUS status;
128
129 /* make a copy so we don't modify the global string 'service' */
130 servicename = talloc_strdup(ctx,share);
131 if (!servicename) {
132 return NULL;
133 }
134 sharename = servicename;
135 if (*sharename == '\\') {
136 server = sharename+2;
137 sharename = strchr_m(server,'\\');
138 if (!sharename) {
139 return NULL;
140 }
141 *sharename = 0;
142 sharename++;
143 }
144
145 server_n = server;
146
147 zero_addr(&ss);
148
149 make_nmb_name(&calling, global_myname(), 0x0);
150 make_nmb_name(&called , server, name_type);
151
152 again:
153 zero_addr(&ss);
154 if (have_ip)
155 ss = dest_ss;
156
157 /* have to open a new connection */
158 if (!(c=cli_initialise()) || (cli_set_port(c, port) != port)) {
159 d_printf("Connection to %s failed\n", server_n);
160 if (c) {
161 cli_shutdown(c);
162 }
163 return NULL;
164 }
165 status = cli_connect(c, server_n, &ss);
166 if (!NT_STATUS_IS_OK(status)) {
167 d_printf("Connection to %s failed (Error %s)\n",
168 server_n,
169 nt_errstr(status));
170 cli_shutdown(c);
171 return NULL;
172 }
173
174 c->protocol = max_protocol;
175 c->use_kerberos = cm_creds.use_kerberos;
176 c->fallback_after_kerberos = cm_creds.fallback_after_kerberos;
177 cli_setup_signing_state(c, cm_creds.signing_state);
178
179 if (!cli_session_request(c, &calling, &called)) {
180 char *p;
181 d_printf("session request to %s failed (%s)\n",
182 called.name, cli_errstr(c));
183 cli_shutdown(c);
184 c = NULL;
185 if ((p=strchr_m(called.name, '.'))) {
186 *p = 0;
187 goto again;
188 }
189 if (strcmp(called.name, "*SMBSERVER")) {
190 make_nmb_name(&called , "*SMBSERVER", 0x20);
191 goto again;
192 }
193 return NULL;
194 }
195
196 DEBUG(4,(" session request ok\n"));
197
198 if (!cli_negprot(c)) {
199 d_printf("protocol negotiation failed\n");
200 cli_shutdown(c);
201 return NULL;
202 }
203
204 if (!cm_creds.got_pass && !cm_creds.use_kerberos) {
205 char *pass = getpass("Password: ");
206 if (pass) {
207 cm_set_password(pass);
208 }
209 }
210
211 username = cm_creds.username ? cm_creds.username : "";
212 password = cm_creds.password ? cm_creds.password : "";
213
214 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
215 password, strlen(password),
216 password, strlen(password),
217 lp_workgroup()))) {
218 /* If a password was not supplied then
219 * try again with a null username. */
220 if (password[0] || !username[0] || cm_creds.use_kerberos ||
221 !NT_STATUS_IS_OK(cli_session_setup(c, "",
222 "", 0,
223 "", 0,
224 lp_workgroup()))) {
225 d_printf("session setup failed: %s\n", cli_errstr(c));
226 if (NT_STATUS_V(cli_nt_error(c)) ==
227 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
228 d_printf("did you forget to run kinit?\n");
229 cli_shutdown(c);
230 return NULL;
231 }
232 d_printf("Anonymous login successful\n");
233 }
234
235 if ( show_sessetup ) {
236 if (*c->server_domain) {
237 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
238 c->server_domain,c->server_os,c->server_type));
239 } else if (*c->server_os || *c->server_type) {
240 DEBUG(0,("OS=[%s] Server=[%s]\n",
241 c->server_os,c->server_type));
242 }
243 }
244 DEBUG(4,(" session setup ok\n"));
245
246 /* here's the fun part....to support 'msdfs proxy' shares
247 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
248 here before trying to connect to the original share.
249 check_dfs_proxy() will fail if it is a normal share. */
250
251 if ((c->capabilities & CAP_DFS) &&
252 cli_check_msdfs_proxy(ctx, c, sharename,
253 &newserver, &newshare,
254 force_encrypt,
255 username,
256 password,
257 lp_workgroup())) {
258 cli_shutdown(c);
259 return do_connect(ctx, newserver,
260 newshare, false, force_encrypt);
261 }
262
263 /* must be a normal share */
264
265 if (!cli_send_tconX(c, sharename, "?????",
266 password, strlen(password)+1)) {
267 d_printf("tree connect failed: %s\n", cli_errstr(c));
268 cli_shutdown(c);
269 return NULL;
270 }
271
272 if (force_encrypt) {
273 status = cli_cm_force_encryption(c,
274 username,
275 password,
276 lp_workgroup(),
277 sharename);
278 if (!NT_STATUS_IS_OK(status)) {
279 cli_shutdown(c);
280 return NULL;
281 }
282 }
283
284 DEBUG(4,(" tconx ok\n"));
285 return c;
286 }
287
288 /****************************************************************************
289 ****************************************************************************/
290
291 static void cli_cm_set_mntpoint(struct cli_state *c, const char *mnt)
292 {
293 struct client_connection *p;
294 int i;
295
296 for (p=connections,i=0; p; p=p->next,i++) {
297 if (strequal(p->cli->desthost, c->desthost) &&
298 strequal(p->cli->share, c->share)) {
299 break;
300 }
301 }
302
303 if (p) {
304 char *name = clean_name(NULL, p->mount);
305 if (!name) {
306 return;
307 }
308 p->mount = talloc_strdup(p, name);
309 TALLOC_FREE(name);
310 }
311 }
312
313 /****************************************************************************
314 ****************************************************************************/
315
316 const char *cli_cm_get_mntpoint(struct cli_state *c)
317 {
318 struct client_connection *p;
319 int i;
320
321 for (p=connections,i=0; p; p=p->next,i++) {
322 if (strequal(p->cli->desthost, c->desthost) &&
323 strequal(p->cli->share, c->share)) {
324 break;
325 }
326 }
327
328 if (p) {
329 return p->mount;
330 }
331 return NULL;
332 }
333
334 /********************************************************************
335 Add a new connection to the list
336 ********************************************************************/
337
338 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
339 struct cli_state *referring_cli,
340 const char *server,
341 const char *share,
342 bool show_hdr,
343 bool force_encrypt)
344 {
345 struct client_connection *node;
346
347 /* NB This must be the null context here... JRA. */
348 node = TALLOC_ZERO_ARRAY(NULL, struct client_connection, 1);
349 if (!node) {
350 return NULL;
351 }
352
353 node->cli = do_connect(ctx, server, share, show_hdr, force_encrypt);
354
355 if ( !node->cli ) {
356 TALLOC_FREE( node );
357 return NULL;
358 }
359
360 DLIST_ADD( connections, node );
361
362 cli_cm_set_mntpoint(node->cli, "");
363
364 if (referring_cli && referring_cli->posix_capabilities) {
365 uint16 major, minor;
366 uint32 caplow, caphigh;
367 if (cli_unix_extensions_version(node->cli, &major,
368 &minor, &caplow, &caphigh)) {
369 cli_set_unix_extensions_capabilities(node->cli,
370 major, minor,
371 caplow, caphigh);
372 }
373 }
374
375 return node->cli;
376 }
377
378 /********************************************************************
379 Return a connection to a server.
380 ********************************************************************/
381
382 static struct cli_state *cli_cm_find(const char *server, const char *share)
383 {
384 struct client_connection *p;
385
386 for (p=connections; p; p=p->next) {
387 if ( strequal(server, p->cli->desthost) &&
388 strequal(share,p->cli->share)) {
389 return p->cli;
390 }
391 }
392
393 return NULL;
394 }
395
396 /****************************************************************************
397 Open a client connection to a \\server\share. Set's the current *cli
398 global variable as a side-effect (but only if the connection is successful).
399 ****************************************************************************/
400
401 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
402 struct cli_state *referring_cli,
403 const char *server,
404 const char *share,
405 bool show_hdr,
406 bool force_encrypt)
407 {
408 struct cli_state *c;
409
410 /* try to reuse an existing connection */
411
412 c = cli_cm_find(server, share);
413 if (!c) {
414 c = cli_cm_connect(ctx, referring_cli,
415 server, share, show_hdr, force_encrypt);
416 }
417
418 return c;
419 }
420
421 /****************************************************************************
422 ****************************************************************************/
423
424 void cli_cm_shutdown(void)
425 {
426 struct client_connection *p, *x;
427
428 for (p=connections; p;) {
429 cli_shutdown(p->cli);
430 x = p;
431 p = p->next;
432
433 TALLOC_FREE(x);
434 }
435
436 connections = NULL;
437 return;
438 }
439
440 /****************************************************************************
441 ****************************************************************************/
442
443 void cli_cm_display(void)
444 {
445 struct client_connection *p;
446 int i;
447
448 for ( p=connections,i=0; p; p=p->next,i++ ) {
449 d_printf("%d:\tserver=%s, share=%s\n",
450 i, p->cli->desthost, p->cli->share );
451 }
452 }
453
454 /****************************************************************************
455 ****************************************************************************/
456
457 static void cm_set_password(const char *newpass)
458 {
459 SAFE_FREE(cm_creds.password);
460 cm_creds.password = SMB_STRDUP(newpass);
461 if (cm_creds.password) {
462 cm_creds.got_pass = true;
463 }
464 }
465
466 /****************************************************************************
467 ****************************************************************************/
468
469 void cli_cm_set_credentials(void)
470 {
471 SAFE_FREE(cm_creds.username);
472 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username());
473
474 if (get_cmdline_auth_info_got_pass()) {
475 cm_set_password(get_cmdline_auth_info_password());
476 }
477
478 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos();
479 cm_creds.fallback_after_kerberos = false;
480 cm_creds.signing_state = get_cmdline_auth_info_signing_state();
481 }
482
483 /****************************************************************************
484 ****************************************************************************/
485
486 void cli_cm_set_port(int port_number)
487 {
488 port = port_number;
489 }
490
491 /****************************************************************************
492 ****************************************************************************/
493
494 void cli_cm_set_dest_name_type(int type)
495 {
496 name_type = type;
497 }
498
499 /****************************************************************************
500 ****************************************************************************/
501
502 void cli_cm_set_signing_state(int state)
503 {
504 cm_creds.signing_state = state;
505 }
506
507 /****************************************************************************
508 ****************************************************************************/
509
510 void cli_cm_set_username(const char *username)
511 {
512 SAFE_FREE(cm_creds.username);
513 cm_creds.username = SMB_STRDUP(username);
514 }
515
516 /****************************************************************************
517 ****************************************************************************/
518
519 void cli_cm_set_password(const char *newpass)
520 {
521 SAFE_FREE(cm_creds.password);
522 cm_creds.password = SMB_STRDUP(newpass);
523 if (cm_creds.password) {
524 cm_creds.got_pass = true;
525 }
526 }
527
528 /****************************************************************************
529 ****************************************************************************/
530
531 void cli_cm_set_use_kerberos(void)
532 {
533 cm_creds.use_kerberos = true;
534 }
535
536 /****************************************************************************
537 ****************************************************************************/
538
539 void cli_cm_set_fallback_after_kerberos(void)
540 {
541 cm_creds.fallback_after_kerberos = true;
542 }
543
544 /****************************************************************************
545 ****************************************************************************/
546
547 void cli_cm_set_dest_ss(struct sockaddr_storage *pss)
548 {
549 dest_ss = *pss;
550 have_ip = true;
551 }
552
553 /**********************************************************************
554 split a dfs path into the server, share name, and extrapath components
555 **********************************************************************/
556
557 static void split_dfs_path(TALLOC_CTX *ctx,
558 const char *nodepath,
559 char **pp_server,
560 char **pp_share,
561 char **pp_extrapath)
562 {
563 char *p, *q;
564 char *path;
565
566 *pp_server = NULL;
567 *pp_share = NULL;
568 *pp_extrapath = NULL;
569
570 path = talloc_strdup(ctx, nodepath);
571 if (!path) {
572 return;
573 }
574
575 if ( path[0] != '\\' ) {
576 return;
577 }
578
579 p = strchr_m( path + 1, '\\' );
580 if ( !p ) {
581 return;
582 }
583
584 *p = '\0';
585 p++;
586
587 /* Look for any extra/deep path */
588 q = strchr_m(p, '\\');
589 if (q != NULL) {
590 *q = '\0';
591 q++;
592 *pp_extrapath = talloc_strdup(ctx, q);
593 } else {
594 *pp_extrapath = talloc_strdup(ctx, "");
595 }
596
597 *pp_share = talloc_strdup(ctx, p);
598 *pp_server = talloc_strdup(ctx, &path[1]);
599 }
600
601 /****************************************************************************
602 Return the original path truncated at the directory component before
603 the first wildcard character. Trust the caller to provide a NULL
604 terminated string
605 ****************************************************************************/
606
607 static char *clean_path(TALLOC_CTX *ctx, const char *path)
608 {
609 size_t len;
610 char *p1, *p2, *p;
611 char *path_out;
612
613 /* No absolute paths. */
614 while (IS_DIRECTORY_SEP(*path)) {
615 path++;
616 }
617
618 path_out = talloc_strdup(ctx, path);
619 if (!path_out) {
620 return NULL;
621 }
622
623 p1 = strchr_m(path_out, '*');
624 p2 = strchr_m(path_out, '?');
625
626 if (p1 || p2) {
627 if (p1 && p2) {
628 p = MIN(p1,p2);
629 } else if (!p1) {
630 p = p2;
631 } else {
632 p = p1;
633 }
634 *p = '\0';
635
636 /* Now go back to the start of this component. */
637 p1 = strrchr_m(path_out, '/');
638 p2 = strrchr_m(path_out, '\\');
639 p = MAX(p1,p2);
640 if (p) {
641 *p = '\0';
642 }
643 }
644
645 /* Strip any trailing separator */
646
647 len = strlen(path_out);
648 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
649 path_out[len-1] = '\0';
650 }
651
652 return path_out;
653 }
654
655 /****************************************************************************
656 ****************************************************************************/
657
658 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
659 struct cli_state *cli,
660 const char *dir)
661 {
662 /* Ensure the extrapath doesn't start with a separator. */
663 while (IS_DIRECTORY_SEP(*dir)) {
664 dir++;
665 }
666
667 return talloc_asprintf(ctx, "\\%s\\%s\\%s",
668 cli->desthost, cli->share, dir);
669 }
670
671 /********************************************************************
672 check for dfs referral
673 ********************************************************************/
674
675 static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
676 {
677 uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
678
679 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
680
681 if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
682 (flgs2&FLAGS2_UNICODE_STRINGS)))
683 return false;
684
685 if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
686 return true;
687
688 return false;
689 }
690
691 /********************************************************************
692 Get the dfs referral link.
693 ********************************************************************/
694
695 bool cli_dfs_get_referral(TALLOC_CTX *ctx,
696 struct cli_state *cli,
697 const char *path,
698 CLIENT_DFS_REFERRAL**refs,
699 size_t *num_refs,
700 uint16 *consumed)
701 {
702 unsigned int data_len = 0;
703 unsigned int param_len = 0;
704 uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
705 char *param;
706 char *rparam=NULL, *rdata=NULL;
707 char *p;
708 char *endp;
709 size_t pathlen = 2*(strlen(path)+1);
710 uint16 num_referrals;
711 CLIENT_DFS_REFERRAL *referrals = NULL;
712 bool ret = false;
713
714 *num_refs = 0;
715 *refs = NULL;
716
717 param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
718 if (!param) {
719 return false;
720 }
721 SSVAL(param, 0, 0x03); /* max referral level */
722 p = &param[2];
723
724 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
725 param_len = PTR_DIFF(p, param);
726
727 if (!cli_send_trans(cli, SMBtrans2,
728 NULL, /* name */
729 -1, 0, /* fid, flags */
730 &setup, 1, 0, /* setup, length, max */
731 param, param_len, 2, /* param, length, max */
732 NULL, 0, cli->max_xmit /* data, length, max */
733 )) {
734 SAFE_FREE(param);
735 return false;
736 }
737
738 SAFE_FREE(param);
739
740 if (!cli_receive_trans(cli, SMBtrans2,
741 &rparam, &param_len,
742 &rdata, &data_len)) {
743 return false;
744 }
745
746 if (data_len < 4) {
747 goto out;
748 }
749
750 endp = rdata + data_len;
751
752 *consumed = SVAL(rdata, 0);
753 num_referrals = SVAL(rdata, 2);
754
755 if (num_referrals != 0) {
756 uint16 ref_version;
757 uint16 ref_size;
758 int i;
759 uint16 node_offset;
760
761 referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
762 num_referrals);
763
764 if (!referrals) {
765 goto out;
766 }
767 /* start at the referrals array */
768
769 p = rdata+8;
770 for (i=0; i<num_referrals && p < endp; i++) {
771 if (p + 18 > endp) {
772 goto out;
773 }
774 ref_version = SVAL(p, 0);
775 ref_size = SVAL(p, 2);
776 node_offset = SVAL(p, 16);
777
778 if (ref_version != 3) {
779 p += ref_size;
780 continue;
781 }
782
783 referrals[i].proximity = SVAL(p, 8);
784 referrals[i].ttl = SVAL(p, 10);
785
786 if (p + node_offset > endp) {
787 goto out;
788 }
789 clistr_pull_talloc(ctx, cli, &referrals[i].dfspath,
790 p+node_offset, -1,
791 STR_TERMINATE|STR_UNICODE );
792
793 if (!referrals[i].dfspath) {
794 goto out;
795 }
796 p += ref_size;
797 }
798 if (i < num_referrals) {
799 goto out;
800 }
801 }
802
803 ret = true;
804
805 *num_refs = num_referrals;
806 *refs = referrals;
807
808 out:
809
810 SAFE_FREE(rdata);
811 SAFE_FREE(rparam);
812 return ret;
813 }
814
815 /********************************************************************
816 ********************************************************************/
817
818 bool cli_resolve_path(TALLOC_CTX *ctx,
819 const char *mountpt,
820 struct cli_state *rootcli,
821 const char *path,
822 struct cli_state **targetcli,
823 char **pp_targetpath)
824 {
825 CLIENT_DFS_REFERRAL *refs = NULL;
826 size_t num_refs = 0;
827 uint16 consumed;
828 struct cli_state *cli_ipc = NULL;
829 char *dfs_path = NULL;
830 char *cleanpath = NULL;
831 char *extrapath = NULL;
832 int pathlen;
833 char *server = NULL;
834 char *share = NULL;
835 struct cli_state *newcli = NULL;
836 char *newpath = NULL;
837 char *newmount = NULL;
838 char *ppath = NULL;
839 SMB_STRUCT_STAT sbuf;
840 uint32 attributes;
841
842 if ( !rootcli || !path || !targetcli ) {
843 return false;
844 }
845
846 /* Don't do anything if this is not a DFS root. */
847
848 if ( !rootcli->dfsroot) {
849 *targetcli = rootcli;
850 *pp_targetpath = talloc_strdup(ctx, path);
851 if (!*pp_targetpath) {
852 return false;
853 }
854 return true;
855 }
856
857 *targetcli = NULL;
858
859 /* Send a trans2_query_path_info to check for a referral. */
860
861 cleanpath = clean_path(ctx, path);
862 if (!cleanpath) {
863 return false;
864 }
865
866 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
867 if (!dfs_path) {
868 return false;
869 }
870
871 if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
872 /* This is an ordinary path, just return it. */
873 *targetcli = rootcli;
874 *pp_targetpath = talloc_strdup(ctx, path);
875 if (!*pp_targetpath) {
876 return false;
877 }
878 goto done;
879 }
880
881 /* Special case where client asked for a path that does not exist */
882
883 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
884 *targetcli = rootcli;
885 *pp_targetpath = talloc_strdup(ctx, path);
886 if (!*pp_targetpath) {
887 return false;
888 }
889 goto done;
890 }
891
892 /* We got an error, check for DFS referral. */
893
894 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
895 return false;
896 }
897
898 /* Check for the referral. */
899
900 if (!(cli_ipc = cli_cm_open(ctx, rootcli,
901 rootcli->desthost,
902 "IPC$", false,
903 (rootcli->trans_enc_state != NULL)))) {
904 return false;
905 }
906
907 if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
908 &num_refs, &consumed) || !num_refs) {
909 return false;
910 }
911
912 /* Just store the first referral for now. */
913
914 if (!refs[0].dfspath) {
915 return false;
916 }
917 split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
918
919 if (!server || !share) {
920 return false;
921 }
922
923 /* Make sure to recreate the original string including any wildcards. */
924
925 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
926 if (!dfs_path) {
927 return false;
928 }
929 pathlen = strlen(dfs_path)*2;
930 consumed = MIN(pathlen, consumed);
931 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed/2]);
932 if (!*pp_targetpath) {
933 return false;
934 }
935 dfs_path[consumed/2] = '\0';
936
937 /*
938 * *pp_targetpath is now the unconsumed part of the path.
939 * dfs_path is now the consumed part of the path
940 * (in \server\share\path format).
941 */
942
943 /* Open the connection to the target server & share */
944 if ((*targetcli = cli_cm_open(ctx, rootcli,
945 server,
946 share,
947 false,
948 (rootcli->trans_enc_state != NULL))) == NULL) {
949 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
950 server, share );
951 return false;
952 }
953
954 if (extrapath && strlen(extrapath) > 0) {
955 *pp_targetpath = talloc_asprintf(ctx,
956 "%s%s",
957 extrapath,
958 *pp_targetpath);
959 if (!*pp_targetpath) {
960 return false;
961 }
962 }
963
964 /* parse out the consumed mount path */
965 /* trim off the \server\share\ */
966
967 ppath = dfs_path;
968
969 if (*ppath != '\\') {
970 d_printf("cli_resolve_path: "
971 "dfs_path (%s) not in correct format.\n",
972 dfs_path );
973 return false;
974 }
975
976 ppath++; /* Now pointing at start of server name. */
977
978 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
979 return false;
980 }
981
982 ppath++; /* Now pointing at start of share name. */
983
984 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
985 return false;
986 }
987
988 ppath++; /* Now pointing at path component. */
989
990 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
991 if (!newmount) {
992 return false;
993 }
994
995 cli_cm_set_mntpoint(*targetcli, newmount);
996
997 /* Check for another dfs referral, note that we are not
998 checking for loops here. */
999
1000 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
1001 if (cli_resolve_path(ctx,
1002 newmount,
1003 *targetcli,
1004 *pp_targetpath,
1005 &newcli,
1006 &newpath)) {
1007 /*
1008 * When cli_resolve_path returns true here it's always
1009 * returning the complete path in newpath, so we're done
1010 * here.
1011 */
1012 *targetcli = newcli;
1013 *pp_targetpath = newpath;
1014 return true;
1015 }
1016 }
1017
1018 done:
1019
1020 /* If returning true ensure we return a dfs root full path. */
1021 if ((*targetcli)->dfsroot) {
1022 dfs_path = talloc_strdup(ctx, *pp_targetpath);
1023 if (!dfs_path) {
1024 return false;
1025 }
1026 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
1027 }
1028
1029 return true;
1030 }
1031
1032 /********************************************************************
1033 ********************************************************************/
1034
1035 static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1036 struct cli_state *cli,
1037 const char *sharename,
1038 char **pp_newserver,
1039 char **pp_newshare,
1040 bool force_encrypt,
1041 const char *username,
1042 const char *password,
1043 const char *domain)
1044 {
1045 CLIENT_DFS_REFERRAL *refs = NULL;
1046 size_t num_refs = 0;
1047 uint16 consumed;
1048 char *fullpath = NULL;
1049 bool res;
1050 uint16 cnum;
1051 char *newextrapath = NULL;
1052
1053 if (!cli || !sharename) {
1054 return false;
1055 }
1056
1057 cnum = cli->cnum;
1058
1059 /* special case. never check for a referral on the IPC$ share */
1060
1061 if (strequal(sharename, "IPC$")) {
1062 return false;
1063 }
1064
1065 /* send a trans2_query_path_info to check for a referral */
1066
1067 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1068 if (!fullpath) {
1069 return false;
1070 }
1071
1072 /* check for the referral */
1073
1074 if (!cli_send_tconX(cli, "IPC$", "IPC", NULL, 0)) {
1075 return false;
1076 }
1077
1078 if (force_encrypt) {
1079 NTSTATUS status = cli_cm_force_encryption(cli,
1080 username,
1081 password,
1082 lp_workgroup(),
1083 "IPC$");
1084 if (!NT_STATUS_IS_OK(status)) {
1085 return false;
1086 }
1087 }
1088
1089 res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1090
1091 if (!cli_tdis(cli)) {
1092 return false;
1093 }
1094
1095 cli->cnum = cnum;
1096
1097 if (!res || !num_refs) {
1098 return false;
1099 }
1100
1101 if (!refs[0].dfspath) {
1102 return false;
1103 }
1104
1105 split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1106 pp_newshare, &newextrapath );
1107
1108 if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
1109 return false;
1110 }
1111
1112 /* check that this is not a self-referral */
1113
1114 if (strequal(cli->desthost, *pp_newserver) &&
1115 strequal(sharename, *pp_newshare)) {
1116 return false;
1117 }
1118
1119 return true;
1120 }
reg import