Context Navigation

source: branches/samba-3.3.x/source/libsmb/libsmb_server.c

Visit:

Last change on this file was 370, checked in by Herwig Bauernfeind, 16 years ago
Update Samba 3.3 to 3.3.10 (source)
File size: 27.0 KB

Line
1	/*
2	Unix SMB/Netbios implementation.
3	SMB client library implementation
4	Copyright (C) Andrew Tridgell 1998
5	Copyright (C) Richard Sharpe 2000, 2002
6	Copyright (C) John Terpstra 2000
7	Copyright (C) Tom Jansen (Ninja ISD) 2002
8	Copyright (C) Derrell Lipman 2003-2008
9	Copyright (C) Jeremy Allison 2007, 2008
10
11	This program is free software; you can redistribute it and/or modify
12	it under the terms of the GNU General Public License as published by
13	the Free Software Foundation; either version 3 of the License, or
14	(at your option) any later version.
15
16	This program is distributed in the hope that it will be useful,
17	but WITHOUT ANY WARRANTY; without even the implied warranty of
18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	GNU General Public License for more details.
20
21	You should have received a copy of the GNU General Public License
22	along with this program. If not, see <http://www.gnu.org/licenses/>.
23	*/
24
25	#include "includes.h"
26	#include "libsmbclient.h"
27	#include "libsmb_internal.h"
28
29
30	/*
31	* Check a server for being alive and well.
32	* returns 0 if the server is in shape. Returns 1 on error
33	*
34	* Also useable outside libsmbclient to enable external cache
35	* to do some checks too.
36	*/
37	int
38	SMBC_check_server(SMBCCTX * context,
39	SMBCSRV * server)
40	{
41	socklen_t size;
42	struct sockaddr addr;
43
44	size = sizeof(addr);
45	return (getpeername(server->cli->fd, &addr, &size) == -1);
46	}
47
48	/*
49	* Remove a server from the cached server list it's unused.
50	* On success, 0 is returned. 1 is returned if the server could not be removed.
51	*
52	* Also useable outside libsmbclient
53	*/
54	int
55	SMBC_remove_unused_server(SMBCCTX * context,
56	SMBCSRV * srv)
57	{
58	SMBCFILE * file;
59
60	/* are we being fooled ? */
61	if (!context \|\| !context->internal->initialized \|\| !srv) {
62	return 1;
63	}
64
65	/* Check all open files/directories for a relation with this server */
66	for (file = context->internal->files; file; file = file->next) {
67	if (file->srv == srv) {
68	/* Still used */
69	DEBUG(3, ("smbc_remove_usused_server: "
70	"%p still used by %p.\n",
71	srv, file));
72	return 1;
73	}
74	}
75
76	DLIST_REMOVE(context->internal->servers, srv);
77
78	cli_shutdown(srv->cli);
79	srv->cli = NULL;
80
81	DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
82
83	smbc_getFunctionRemoveCachedServer(context)(context, srv);
84
85	SAFE_FREE(srv);
86	return 0;
87	}
88
89	/****************************************************************
90	* Call the auth_fn with fixed size (fstring) buffers.
91	***************************************************************/
92	void
93	SMBC_call_auth_fn(TALLOC_CTX *ctx,
94	SMBCCTX *context,
95	const char *server,
96	const char *share,
97	char **pp_workgroup,
98	char **pp_username,
99	char **pp_password)
100	{
101	fstring workgroup;
102	fstring username;
103	fstring password;
104	smbc_get_auth_data_with_context_fn auth_with_context_fn;
105
106	strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
107	strlcpy(username, *pp_username, sizeof(username));
108	strlcpy(password, *pp_password, sizeof(password));
109
110	/* See if there's an authentication with context function provided */
111	auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
112	if (auth_with_context_fn)
113	{
114	(* auth_with_context_fn)(context,
115	server, share,
116	workgroup, sizeof(workgroup),
117	username, sizeof(username),
118	password, sizeof(password));
119	}
120	else
121	{
122	smbc_getFunctionAuthData(context)(server, share,
123	workgroup, sizeof(workgroup),
124	username, sizeof(username),
125	password, sizeof(password));
126	}
127
128	TALLOC_FREE(*pp_workgroup);
129	TALLOC_FREE(*pp_username);
130	TALLOC_FREE(*pp_password);
131
132	*pp_workgroup = talloc_strdup(ctx, workgroup);
133	*pp_username = talloc_strdup(ctx, username);
134	*pp_password = talloc_strdup(ctx, password);
135	}
136
137
138	void
139	SMBC_get_auth_data(const char server, const char share,
140	char *workgroup_buf, int workgroup_buf_len,
141	char *username_buf, int username_buf_len,
142	char *password_buf, int password_buf_len)
143	{
144	/* Default function just uses provided data. Nothing to do. */
145	}
146
147
148
149	SMBCSRV *
150	SMBC_find_server(TALLOC_CTX *ctx,
151	SMBCCTX *context,
152	const char *server,
153	const char *share,
154	char **pp_workgroup,
155	char **pp_username,
156	char **pp_password)
157	{
158	SMBCSRV *srv;
159	int auth_called = 0;
160
161	if (!pp_workgroup \|\| !pp_username \|\| !pp_password) {
162	return NULL;
163	}
164
165	check_server_cache:
166
167	srv = smbc_getFunctionGetCachedServer(context)(context,
168	server, share,
169	*pp_workgroup,
170	*pp_username);
171
172	if (!auth_called && !srv && (!pp_username \|\| !(pp_username)[0] \|\|
173	!pp_password \|\| !(pp_password)[0])) {
174	SMBC_call_auth_fn(ctx, context, server, share,
175	pp_workgroup, pp_username, pp_password);
176
177	/*
178	* However, smbc_auth_fn may have picked up info relating to
179	* an existing connection, so try for an existing connection
180	* again ...
181	*/
182	auth_called = 1;
183	goto check_server_cache;
184
185	}
186
187	if (srv) {
188	if (smbc_getFunctionCheckServer(context)(context, srv)) {
189	/*
190	* This server is no good anymore
191	* Try to remove it and check for more possible
192	* servers in the cache
193	*/
194	if (smbc_getFunctionRemoveUnusedServer(context)(context,
195	srv)) {
196	/*
197	* We could not remove the server completely,
198	* remove it from the cache so we will not get
199	* it again. It will be removed when the last
200	* file/dir is closed.
201	*/
202	smbc_getFunctionRemoveCachedServer(context)(context,
203	srv);
204	}
205
206	/*
207	* Maybe there are more cached connections to this
208	* server
209	*/
210	goto check_server_cache;
211	}
212
213	return srv;
214	}
215
216	return NULL;
217	}
218
219	/*
220	* Connect to a server, possibly on an existing connection
221	*
222	* Here, what we want to do is: If the server and username
223	* match an existing connection, reuse that, otherwise, establish a
224	* new connection.
225	*
226	* If we have to create a new connection, call the auth_fn to get the
227	* info we need, unless the username and password were passed in.
228	*/
229
230	SMBCSRV *
231	SMBC_server(TALLOC_CTX *ctx,
232	SMBCCTX *context,
233	bool connect_if_not_found,
234	const char *server,
235	const char *share,
236	char **pp_workgroup,
237	char **pp_username,
238	char **pp_password)
239	{
240	SMBCSRV *srv=NULL;
241	char *workgroup = NULL;
242	struct cli_state *c;
243	struct nmb_name called, calling;
244	const char *server_n = server;
245	struct sockaddr_storage ss;
246	int tried_reverse = 0;
247	int port_try_first;
248	int port_try_next;
249	int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
250	uint32 fs_attrs = 0;
251	const char *username_used;
252	NTSTATUS status;
253
254	zero_sockaddr(&ss);
255	ZERO_STRUCT(c);
256
257	if (server[0] == 0) {
258	errno = EPERM;
259	return NULL;
260	}
261
262	/* Look for a cached connection */
263	srv = SMBC_find_server(ctx, context, server, share,
264	pp_workgroup, pp_username, pp_password);
265
266	/*
267	* If we found a connection and we're only allowed one share per
268	* server...
269	*/
270	if (srv &&
271	*share != '\0' &&
272	smbc_getOptionOneSharePerServer(context)) {
273
274	/*
275	* ... then if there's no current connection to the share,
276	* connect to it. SMBC_find_server(), or rather the function
277	* pointed to by context->get_cached_srv_fn which
278	* was called by SMBC_find_server(), will have issued a tree
279	* disconnect if the requested share is not the same as the
280	* one that was already connected.
281	*/
282	if (srv->cli->cnum == (uint16) -1) {
283	/* Ensure we have accurate auth info */
284	SMBC_call_auth_fn(ctx, context, server, share,
285	pp_workgroup,
286	pp_username,
287	pp_password);
288
289	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
290	errno = ENOMEM;
291	cli_shutdown(srv->cli);
292	srv->cli = NULL;
293	smbc_getFunctionRemoveCachedServer(context)(context,
294	srv);
295	return NULL;
296	}
297
298	/*
299	* We don't need to renegotiate encryption
300	* here as the encryption context is not per
301	* tid.
302	*/
303
304	if (!cli_send_tconX(srv->cli, share, "?????",
305	*pp_password,
306	strlen(*pp_password)+1)) {
307
308	errno = SMBC_errno(context, srv->cli);
309	cli_shutdown(srv->cli);
310	srv->cli = NULL;
311	smbc_getFunctionRemoveCachedServer(context)(context,
312	srv);
313	srv = NULL;
314	}
315
316	/* Determine if this share supports case sensitivity */
317	if (is_ipc) {
318	DEBUG(4,
319	("IPC$ so ignore case sensitivity\n"));
320	} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
321	DEBUG(4, ("Could not retrieve "
322	"case sensitivity flag: %s.\n",
323	cli_errstr(c)));
324
325	/*
326	* We can't determine the case sensitivity of
327	* the share. We have no choice but to use the
328	* user-specified case sensitivity setting.
329	*/
330	if (smbc_getOptionCaseSensitive(context)) {
331	cli_set_case_sensitive(c, True);
332	} else {
333	cli_set_case_sensitive(c, False);
334	}
335	} else {
336	DEBUG(4,
337	("Case sensitive: %s\n",
338	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
339	? "True"
340	: "False")));
341	cli_set_case_sensitive(
342	c,
343	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
344	? True
345	: False));
346	}
347
348	/*
349	* Regenerate the dev value since it's based on both
350	* server and share
351	*/
352	if (srv) {
353	srv->dev = (dev_t)(str_checksum(server) ^
354	str_checksum(share));
355	}
356	}
357	}
358
359	/* If we have a connection... */
360	if (srv) {
361
362	/* ... then we're done here. Give 'em what they came for. */
363	goto done;
364	}
365
366	/* If we're not asked to connect when a connection doesn't exist... */
367	if (! connect_if_not_found) {
368	/* ... then we're done here. */
369	return NULL;
370	}
371
372	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
373	errno = ENOMEM;
374	return NULL;
375	}
376
377	make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0);
378	make_nmb_name(&called , server, 0x20);
379
380	DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
381
382	DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
383
384	again:
385
386	zero_sockaddr(&ss);
387
388	/* have to open a new connection */
389	if ((c = cli_initialise()) == NULL) {
390	errno = ENOMEM;
391	return NULL;
392	}
393
394	if (smbc_getOptionUseKerberos(context)) {
395	c->use_kerberos = True;
396	}
397
398	if (smbc_getOptionFallbackAfterKerberos(context)) {
399	c->fallback_after_kerberos = True;
400	}
401
402	c->timeout = smbc_getTimeout(context);
403
404	/*
405	* Force use of port 139 for first try if share is $IPC, empty, or
406	* null, so browse lists can work
407	*/
408	if (share == NULL \|\| *share == '\0' \|\| is_ipc) {
409	port_try_first = 139;
410	port_try_next = 445;
411	} else {
412	port_try_first = 445;
413	port_try_next = 139;
414	}
415
416	c->port = port_try_first;
417
418	status = cli_connect(c, server_n, &ss);
419	if (!NT_STATUS_IS_OK(status)) {
420
421	/* First connection attempt failed. Try alternate port. */
422	c->port = port_try_next;
423
424	status = cli_connect(c, server_n, &ss);
425	if (!NT_STATUS_IS_OK(status)) {
426	cli_shutdown(c);
427	errno = ETIMEDOUT;
428	return NULL;
429	}
430	}
431
432	if (!cli_session_request(c, &calling, &called)) {
433	cli_shutdown(c);
434	if (strcmp(called.name, "*SMBSERVER")) {
435	make_nmb_name(&called , "*SMBSERVER", 0x20);
436	goto again;
437	} else { /* Try one more time, but ensure we don't loop */
438
439	/* Only try this if server is an IP address ... */
440
441	if (is_ipaddress(server) && !tried_reverse) {
442	fstring remote_name;
443	struct sockaddr_storage rem_ss;
444
445	if (!interpret_string_addr(&rem_ss, server,
446	NI_NUMERICHOST)) {
447	DEBUG(4, ("Could not convert IP address "
448	"%s to struct sockaddr_storage\n",
449	server));
450	errno = ETIMEDOUT;
451	return NULL;
452	}
453
454	tried_reverse++; /* Yuck */
455
456	if (name_status_find("*", 0, 0,
457	&rem_ss, remote_name)) {
458	make_nmb_name(&called,
459	remote_name,
460	0x20);
461	goto again;
462	}
463	}
464	}
465	errno = ETIMEDOUT;
466	return NULL;
467	}
468
469	DEBUG(4,(" session request ok\n"));
470
471	if (!cli_negprot(c)) {
472	cli_shutdown(c);
473	errno = ETIMEDOUT;
474	return NULL;
475	}
476
477	username_used = *pp_username;
478
479	if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
480	*pp_password,
481	strlen(*pp_password),
482	*pp_password,
483	strlen(*pp_password),
484	*pp_workgroup))) {
485
486	/* Failed. Try an anonymous login, if allowed by flags. */
487	username_used = "";
488
489	if (smbc_getOptionNoAutoAnonymousLogin(context) \|\|
490	!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
491	*pp_password, 1,
492	*pp_password, 0,
493	*pp_workgroup))) {
494
495	cli_shutdown(c);
496	errno = EPERM;
497	return NULL;
498	}
499	}
500
501	cli_init_creds(c, username_used, pp_workgroup, pp_password);
502
503	DEBUG(4,(" session setup ok\n"));
504
505	if (!cli_send_tconX(c, share, "?????",
506	pp_password, strlen(pp_password)+1)) {
507	errno = SMBC_errno(context, c);
508	cli_shutdown(c);
509	return NULL;
510	}
511
512	DEBUG(4,(" tconx ok\n"));
513
514	/* Determine if this share supports case sensitivity */
515	if (is_ipc) {
516	DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
517	} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
518	DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
519	cli_errstr(c)));
520
521	/*
522	* We can't determine the case sensitivity of the share. We
523	* have no choice but to use the user-specified case
524	* sensitivity setting.
525	*/
526	if (smbc_getOptionCaseSensitive(context)) {
527	cli_set_case_sensitive(c, True);
528	} else {
529	cli_set_case_sensitive(c, False);
530	}
531	} else {
532	DEBUG(4, ("Case sensitive: %s\n",
533	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
534	? "True"
535	: "False")));
536	cli_set_case_sensitive(c,
537	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
538	? True
539	: False));
540	}
541
542	if (context->internal->smb_encryption_level) {
543	/* Attempt UNIX smb encryption. */
544	if (!NT_STATUS_IS_OK(cli_force_encryption(c,
545	username_used,
546	*pp_password,
547	*pp_workgroup))) {
548
549	/*
550	* context->smb_encryption_level == 1
551	* means don't fail if encryption can't be negotiated,
552	* == 2 means fail if encryption can't be negotiated.
553	*/
554
555	DEBUG(4,(" SMB encrypt failed\n"));
556
557	if (context->internal->smb_encryption_level == 2) {
558	cli_shutdown(c);
559	errno = EPERM;
560	return NULL;
561	}
562	}
563	DEBUG(4,(" SMB encrypt ok\n"));
564	}
565
566	/*
567	* Ok, we have got a nice connection
568	* Let's allocate a server structure.
569	*/
570
571	srv = SMB_MALLOC_P(SMBCSRV);
572	if (!srv) {
573	errno = ENOMEM;
574	goto failed;
575	}
576
577	ZERO_STRUCTP(srv);
578	srv->cli = c;
579	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
580	srv->no_pathinfo = False;
581	srv->no_pathinfo2 = False;
582	srv->no_nt_session = False;
583
584	/* now add it to the cache (internal or external) */
585	/* Let the cache function set errno if it wants to */
586	errno = 0;
587	if (smbc_getFunctionAddCachedServer(context)(context, srv,
588	server, share,
589	*pp_workgroup,
590	*pp_username)) {
591	int saved_errno = errno;
592	DEBUG(3, (" Failed to add server to cache\n"));
593	errno = saved_errno;
594	if (errno == 0) {
595	errno = ENOMEM;
596	}
597	goto failed;
598	}
599
600	DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
601	server, share, srv));
602
603	DLIST_ADD(context->internal->servers, srv);
604	done:
605	if (!pp_workgroup \|\| !pp_workgroup \|\| !*pp_workgroup) {
606	workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
607	} else {
608	workgroup = *pp_workgroup;
609	}
610	if(!workgroup) {
611	return NULL;
612	}
613
614	/* set the credentials to make DFS work */
615	smbc_set_credentials_with_fallback(context,
616	workgroup,
617	*pp_username,
618	*pp_password);
619
620	return srv;
621
622	failed:
623	cli_shutdown(c);
624	if (!srv) {
625	return NULL;
626	}
627
628	SAFE_FREE(srv);
629	return NULL;
630	}
631
632	/*
633	* Connect to a server for getting/setting attributes, possibly on an existing
634	* connection. This works similarly to SMBC_server().
635	*/
636	SMBCSRV *
637	SMBC_attr_server(TALLOC_CTX *ctx,
638	SMBCCTX *context,
639	const char *server,
640	const char *share,
641	char **pp_workgroup,
642	char **pp_username,
643	char **pp_password)
644	{
645	int flags;
646	struct sockaddr_storage ss;
647	struct cli_state *ipc_cli;
648	struct rpc_pipe_client *pipe_hnd;
649	NTSTATUS nt_status;
650	SMBCSRV *ipc_srv=NULL;
651
652	/*
653	* See if we've already created this special connection. Reference
654	* our "special" share name '*IPC$', which is an impossible real share
655	* name due to the leading asterisk.
656	*/
657	ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
658	pp_workgroup, pp_username, pp_password);
659	if (!ipc_srv) {
660
661	/* We didn't find a cached connection. Get the password */
662	if (!pp_password \|\| (pp_password)[0] == '\0') {
663	/* ... then retrieve it now. */
664	SMBC_call_auth_fn(ctx, context, server, share,
665	pp_workgroup,
666	pp_username,
667	pp_password);
668	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
669	errno = ENOMEM;
670	return NULL;
671	}
672	}
673
674	flags = 0;
675	if (smbc_getOptionUseKerberos(context)) {
676	flags \|= CLI_FULL_CONNECTION_USE_KERBEROS;
677	}
678
679	zero_sockaddr(&ss);
680	nt_status = cli_full_connection(&ipc_cli,
681	global_myname(), server,
682	&ss, 0, "IPC$", "?????",
683	*pp_username,
684	*pp_workgroup,
685	*pp_password,
686	flags,
687	Undefined, NULL);
688	if (! NT_STATUS_IS_OK(nt_status)) {
689	DEBUG(1,("cli_full_connection failed! (%s)\n",
690	nt_errstr(nt_status)));
691	errno = ENOTSUP;
692	return NULL;
693	}
694
695	if (context->internal->smb_encryption_level) {
696	/* Attempt UNIX smb encryption. */
697	if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
698	*pp_username,
699	*pp_password,
700	*pp_workgroup))) {
701
702	/*
703	* context->smb_encryption_level ==
704	* 1 means don't fail if encryption can't be
705	* negotiated, == 2 means fail if encryption
706	* can't be negotiated.
707	*/
708
709	DEBUG(4,(" SMB encrypt failed on IPC$\n"));
710
711	if (context->internal->smb_encryption_level == 2) {
712	cli_shutdown(ipc_cli);
713	errno = EPERM;
714	return NULL;
715	}
716	}
717	DEBUG(4,(" SMB encrypt ok on IPC$\n"));
718	}
719
720	ipc_srv = SMB_MALLOC_P(SMBCSRV);
721	if (!ipc_srv) {
722	errno = ENOMEM;
723	cli_shutdown(ipc_cli);
724	return NULL;
725	}
726
727	ZERO_STRUCTP(ipc_srv);
728	ipc_srv->cli = ipc_cli;
729
730	nt_status = cli_rpc_pipe_open_noauth(
731	ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd);
732	if (!NT_STATUS_IS_OK(nt_status)) {
733	DEBUG(1, ("cli_nt_session_open fail!\n"));
734	errno = ENOTSUP;
735	cli_shutdown(ipc_srv->cli);
736	free(ipc_srv);
737	return NULL;
738	}
739
740	/*
741	* Some systems don't support
742	* SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
743	* so we might as well do it too.
744	*/
745
746	nt_status = rpccli_lsa_open_policy(
747	pipe_hnd,
748	talloc_tos(),
749	True,
750	GENERIC_EXECUTE_ACCESS,
751	&ipc_srv->pol);
752
753	if (!NT_STATUS_IS_OK(nt_status)) {
754	errno = SMBC_errno(context, ipc_srv->cli);
755	cli_shutdown(ipc_srv->cli);
756	return NULL;
757	}
758
759	/* now add it to the cache (internal or external) */
760
761	errno = 0; /* let cache function set errno if it likes */
762	if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
763	server,
764	"*IPC$",
765	*pp_workgroup,
766	*pp_username)) {
767	DEBUG(3, (" Failed to add server to cache\n"));
768	if (errno == 0) {
769	errno = ENOMEM;
770	}
771	cli_shutdown(ipc_srv->cli);
772	free(ipc_srv);
773	return NULL;
774	}
775
776	DLIST_ADD(context->internal->servers, ipc_srv);
777	}
778
779	return ipc_srv;
780	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: