Context Navigation

source: branches/samba-3.5.x/source3/libsmb/clidfs.c@ 770

Visit:

Last change on this file since 770 was 599, checked in by Herwig Bauernfeind, 14 years ago
Samba 3.5: Update trunk to 3.5.9
File size: 26.0 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	client connect/disconnect routines
4	Copyright (C) Andrew Tridgell 1994-1998
5	Copyright (C) Gerald (Jerry) Carter 2004
6	Copyright (C) Jeremy Allison 2007-2009
7
8	This program is free software; you can redistribute it and/or modify
9	it under the terms of the GNU General Public License as published by
10	the Free Software Foundation; either version 3 of the License, or
11	(at your option) any later version.
12
13	This program is distributed in the hope that it will be useful,
14	but WITHOUT ANY WARRANTY; without even the implied warranty of
15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	GNU General Public License for more details.
17
18	You should have received a copy of the GNU General Public License
19	along with this program. If not, see <http://www.gnu.org/licenses/>.
20	*/
21
22	#include "includes.h"
23
24	/********************************************************************
25	Important point.
26
27	DFS paths are always of the form \server\share\<pathname> (the \ characters
28	are not C escaped here).
29
30	- but if we're using POSIX paths then <pathname> may contain
31	'/' separators, not '\\' separators. So cope with '\\' or '/'
32	as a separator when looking at the pathname part.... JRA.
33	********************************************************************/
34
35	/********************************************************************
36	Ensure a connection is encrypted.
37	********************************************************************/
38
39	NTSTATUS cli_cm_force_encryption(struct cli_state *c,
40	const char *username,
41	const char *password,
42	const char *domain,
43	const char *sharename)
44	{
45	NTSTATUS status = cli_force_encryption(c,
46	username,
47	password,
48	domain);
49
50	if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
51	d_printf("Encryption required and "
52	"server that doesn't support "
53	"UNIX extensions - failing connect\n");
54	} else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
55	d_printf("Encryption required and "
56	"can't get UNIX CIFS extensions "
57	"version from server.\n");
58	} else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
59	d_printf("Encryption required and "
60	"share %s doesn't support "
61	"encryption.\n", sharename);
62	} else if (!NT_STATUS_IS_OK(status)) {
63	d_printf("Encryption required and "
64	"setup failed with error %s.\n",
65	nt_errstr(status));
66	}
67
68	return status;
69	}
70
71	/********************************************************************
72	Return a connection to a server.
73	********************************************************************/
74
75	static struct cli_state do_connect(TALLOC_CTX ctx,
76	const char *server,
77	const char *share,
78	const struct user_auth_info *auth_info,
79	bool show_sessetup,
80	bool force_encrypt,
81	int max_protocol,
82	int port,
83	int name_type)
84	{
85	struct cli_state *c = NULL;
86	struct nmb_name called, calling;
87	const char *called_str;
88	const char *server_n;
89	struct sockaddr_storage ss;
90	char *servicename;
91	char *sharename;
92	char newserver, newshare;
93	const char *username;
94	const char *password;
95	NTSTATUS status;
96
97	/* make a copy so we don't modify the global string 'service' */
98	servicename = talloc_strdup(ctx,share);
99	if (!servicename) {
100	return NULL;
101	}
102	sharename = servicename;
103	if (*sharename == '\\') {
104	sharename += 2;
105	called_str = sharename;
106	if (server == NULL) {
107	server = sharename;
108	}
109	sharename = strchr_m(sharename,'\\');
110	if (!sharename) {
111	return NULL;
112	}
113	*sharename = 0;
114	sharename++;
115	} else {
116	called_str = server;
117	}
118
119	server_n = server;
120
121	zero_sockaddr(&ss);
122
123	make_nmb_name(&calling, global_myname(), 0x0);
124	make_nmb_name(&called , called_str, name_type);
125
126	again:
127	zero_sockaddr(&ss);
128
129	/* have to open a new connection */
130	if (!(c=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)))) {
131	d_printf("Connection to %s failed\n", server_n);
132	if (c) {
133	cli_shutdown(c);
134	}
135	return NULL;
136	}
137	if (port) {
138	cli_set_port(c, port);
139	}
140
141	status = cli_connect(c, server_n, &ss);
142	if (!NT_STATUS_IS_OK(status)) {
143	d_printf("Connection to %s failed (Error %s)\n",
144	server_n,
145	nt_errstr(status));
146	cli_shutdown(c);
147	return NULL;
148	}
149
150	if (max_protocol == 0) {
151	max_protocol = PROTOCOL_NT1;
152	}
153	c->protocol = max_protocol;
154	c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
155	c->fallback_after_kerberos =
156	get_cmdline_auth_info_fallback_after_kerberos(auth_info);
157	c->use_ccache = get_cmdline_auth_info_use_ccache(auth_info);
158
159	if (!cli_session_request(c, &calling, &called)) {
160	char *p;
161	d_printf("session request to %s failed (%s)\n",
162	called.name, cli_errstr(c));
163	cli_shutdown(c);
164	c = NULL;
165	if ((p=strchr_m(called.name, '.'))) {
166	*p = 0;
167	goto again;
168	}
169	if (strcmp(called.name, "*SMBSERVER")) {
170	make_nmb_name(&called , "*SMBSERVER", 0x20);
171	goto again;
172	}
173	return NULL;
174	}
175
176	DEBUG(4,(" session request ok\n"));
177
178	status = cli_negprot(c);
179
180	if (!NT_STATUS_IS_OK(status)) {
181	d_printf("protocol negotiation failed: %s\n",
182	nt_errstr(status));
183	cli_shutdown(c);
184	return NULL;
185	}
186
187	username = get_cmdline_auth_info_username(auth_info);
188	password = get_cmdline_auth_info_password(auth_info);
189
190	if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
191	password, strlen(password),
192	password, strlen(password),
193	lp_workgroup()))) {
194	/* If a password was not supplied then
195	* try again with a null username. */
196	if (password[0] \|\| !username[0] \|\|
197	get_cmdline_auth_info_use_kerberos(auth_info) \|\|
198	!NT_STATUS_IS_OK(cli_session_setup(c, "",
199	"", 0,
200	"", 0,
201	lp_workgroup()))) {
202	d_printf("session setup failed: %s\n", cli_errstr(c));
203	if (NT_STATUS_V(cli_nt_error(c)) ==
204	NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
205	d_printf("did you forget to run kinit?\n");
206	cli_shutdown(c);
207	return NULL;
208	}
209	d_printf("Anonymous login successful\n");
210	status = cli_init_creds(c, "", lp_workgroup(), "");
211	} else {
212	status = cli_init_creds(c, username, lp_workgroup(), password);
213	}
214
215	if (!NT_STATUS_IS_OK(status)) {
216	DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
217	cli_shutdown(c);
218	return NULL;
219	}
220
221	if ( show_sessetup ) {
222	if (*c->server_domain) {
223	DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
224	c->server_domain,c->server_os,c->server_type));
225	} else if (c->server_os \|\| c->server_type) {
226	DEBUG(0,("OS=[%s] Server=[%s]\n",
227	c->server_os,c->server_type));
228	}
229	}
230	DEBUG(4,(" session setup ok\n"));
231
232	/* here's the fun part....to support 'msdfs proxy' shares
233	(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
234	here before trying to connect to the original share.
235	cli_check_msdfs_proxy() will fail if it is a normal share. */
236
237	if ((c->capabilities & CAP_DFS) &&
238	cli_check_msdfs_proxy(ctx, c, sharename,
239	&newserver, &newshare,
240	force_encrypt,
241	username,
242	password,
243	lp_workgroup())) {
244	cli_shutdown(c);
245	return do_connect(ctx, newserver,
246	newshare, auth_info, false,
247	force_encrypt, max_protocol,
248	port, name_type);
249	}
250
251	/* must be a normal share */
252
253	status = cli_tcon_andx(c, sharename, "?????",
254	password, strlen(password)+1);
255	if (!NT_STATUS_IS_OK(status)) {
256	d_printf("tree connect failed: %s\n", nt_errstr(status));
257	cli_shutdown(c);
258	return NULL;
259	}
260
261	if (force_encrypt) {
262	status = cli_cm_force_encryption(c,
263	username,
264	password,
265	lp_workgroup(),
266	sharename);
267	if (!NT_STATUS_IS_OK(status)) {
268	cli_shutdown(c);
269	return NULL;
270	}
271	}
272
273	DEBUG(4,(" tconx ok\n"));
274	return c;
275	}
276
277	/****************************************************************************
278	****************************************************************************/
279
280	static void cli_set_mntpoint(struct cli_state cli, const char mnt)
281	{
282	char *name = clean_name(NULL, mnt);
283	if (!name) {
284	return;
285	}
286	TALLOC_FREE(cli->dfs_mountpoint);
287	cli->dfs_mountpoint = talloc_strdup(cli, name);
288	TALLOC_FREE(name);
289	}
290
291	/********************************************************************
292	Add a new connection to the list.
293	referring_cli == NULL means a new initial connection.
294	********************************************************************/
295
296	static struct cli_state cli_cm_connect(TALLOC_CTX ctx,
297	struct cli_state *referring_cli,
298	const char *server,
299	const char *share,
300	const struct user_auth_info *auth_info,
301	bool show_hdr,
302	bool force_encrypt,
303	int max_protocol,
304	int port,
305	int name_type)
306	{
307	struct cli_state *cli;
308
309	cli = do_connect(ctx, server, share,
310	auth_info,
311	show_hdr, force_encrypt, max_protocol,
312	port, name_type);
313
314	if (!cli ) {
315	return NULL;
316	}
317
318	/* Enter into the list. */
319	if (referring_cli) {
320	DLIST_ADD_END(referring_cli, cli, struct cli_state *);
321	}
322
323	if (referring_cli && referring_cli->posix_capabilities) {
324	uint16 major, minor;
325	uint32 caplow, caphigh;
326	NTSTATUS status;
327	status = cli_unix_extensions_version(cli, &major, &minor,
328	&caplow, &caphigh);
329	if (NT_STATUS_IS_OK(status)) {
330	cli_set_unix_extensions_capabilities(cli,
331	major, minor,
332	caplow, caphigh);
333	}
334	}
335
336	return cli;
337	}
338
339	/********************************************************************
340	Return a connection to a server on a particular share.
341	********************************************************************/
342
343	static struct cli_state cli_cm_find(struct cli_state cli,
344	const char *server,
345	const char *share)
346	{
347	struct cli_state *p;
348
349	if (cli == NULL) {
350	return NULL;
351	}
352
353	/* Search to the start of the list. */
354	for (p = cli; p; p = p->prev) {
355	if (strequal(server, p->desthost) &&
356	strequal(share,p->share)) {
357	return p;
358	}
359	}
360
361	/* Search to the end of the list. */
362	for (p = cli->next; p; p = p->next) {
363	if (strequal(server, p->desthost) &&
364	strequal(share,p->share)) {
365	return p;
366	}
367	}
368
369	return NULL;
370	}
371
372	/****************************************************************************
373	Open a client connection to a \\server\share.
374	****************************************************************************/
375
376	struct cli_state cli_cm_open(TALLOC_CTX ctx,
377	struct cli_state *referring_cli,
378	const char *server,
379	const char *share,
380	const struct user_auth_info *auth_info,
381	bool show_hdr,
382	bool force_encrypt,
383	int max_protocol,
384	int port,
385	int name_type)
386	{
387	/* Try to reuse an existing connection in this list. */
388	struct cli_state *c = cli_cm_find(referring_cli, server, share);
389
390	if (c) {
391	return c;
392	}
393
394	if (auth_info == NULL) {
395	/* Can't do a new connection
396	* without auth info. */
397	d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
398	"without auth info\n",
399	server, share );
400	return NULL;
401	}
402
403	return cli_cm_connect(ctx,
404	referring_cli,
405	server,
406	share,
407	auth_info,
408	show_hdr,
409	force_encrypt,
410	max_protocol,
411	port,
412	name_type);
413	}
414
415	/****************************************************************************
416	****************************************************************************/
417
418	void cli_cm_display(const struct cli_state *cli)
419	{
420	int i;
421
422	for (i=0; cli; cli = cli->next,i++ ) {
423	d_printf("%d:\tserver=%s, share=%s\n",
424	i, cli->desthost, cli->share );
425	}
426	}
427
428	/****************************************************************************
429	****************************************************************************/
430
431	/****************************************************************************
432	****************************************************************************/
433
434	#if 0
435	void cli_cm_set_credentials(struct user_auth_info *auth_info)
436	{
437	SAFE_FREE(cm_creds.username);
438	cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
439	auth_info));
440
441	if (get_cmdline_auth_info_got_pass(auth_info)) {
442	cm_set_password(get_cmdline_auth_info_password(auth_info));
443	}
444
445	cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
446	cm_creds.fallback_after_kerberos = false;
447	cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
448	}
449	#endif
450
451	/**********************************************************************
452	split a dfs path into the server, share name, and extrapath components
453	**********************************************************************/
454
455	static void split_dfs_path(TALLOC_CTX *ctx,
456	const char *nodepath,
457	char **pp_server,
458	char **pp_share,
459	char **pp_extrapath)
460	{
461	char p, q;
462	char *path;
463
464	*pp_server = NULL;
465	*pp_share = NULL;
466	*pp_extrapath = NULL;
467
468	path = talloc_strdup(ctx, nodepath);
469	if (!path) {
470	return;
471	}
472
473	if ( path[0] != '\\' ) {
474	return;
475	}
476
477	p = strchr_m( path + 1, '\\' );
478	if ( !p ) {
479	return;
480	}
481
482	*p = '\0';
483	p++;
484
485	/* Look for any extra/deep path */
486	q = strchr_m(p, '\\');
487	if (q != NULL) {
488	*q = '\0';
489	q++;
490	*pp_extrapath = talloc_strdup(ctx, q);
491	} else {
492	*pp_extrapath = talloc_strdup(ctx, "");
493	}
494
495	*pp_share = talloc_strdup(ctx, p);
496	*pp_server = talloc_strdup(ctx, &path[1]);
497	}
498
499	/****************************************************************************
500	Return the original path truncated at the directory component before
501	the first wildcard character. Trust the caller to provide a NULL
502	terminated string
503	****************************************************************************/
504
505	static char clean_path(TALLOC_CTX ctx, const char *path)
506	{
507	size_t len;
508	char p1, p2, *p;
509	char *path_out;
510
511	/* No absolute paths. */
512	while (IS_DIRECTORY_SEP(*path)) {
513	path++;
514	}
515
516	path_out = talloc_strdup(ctx, path);
517	if (!path_out) {
518	return NULL;
519	}
520
521	p1 = strchr_m(path_out, '*');
522	p2 = strchr_m(path_out, '?');
523
524	if (p1 \|\| p2) {
525	if (p1 && p2) {
526	p = MIN(p1,p2);
527	} else if (!p1) {
528	p = p2;
529	} else {
530	p = p1;
531	}
532	*p = '\0';
533
534	/* Now go back to the start of this component. */
535	p1 = strrchr_m(path_out, '/');
536	p2 = strrchr_m(path_out, '\\');
537	p = MAX(p1,p2);
538	if (p) {
539	*p = '\0';
540	}
541	}
542
543	/* Strip any trailing separator */
544
545	len = strlen(path_out);
546	if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
547	path_out[len-1] = '\0';
548	}
549
550	return path_out;
551	}
552
553	/****************************************************************************
554	****************************************************************************/
555
556	static char cli_dfs_make_full_path(TALLOC_CTX ctx,
557	struct cli_state *cli,
558	const char *dir)
559	{
560	char path_sep = '\\';
561
562	/* Ensure the extrapath doesn't start with a separator. */
563	while (IS_DIRECTORY_SEP(*dir)) {
564	dir++;
565	}
566
567	if (cli->posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
568	path_sep = '/';
569	}
570	return talloc_asprintf(ctx, "%c%s%c%s%c%s",
571	path_sep,
572	cli->desthost,
573	path_sep,
574	cli->share,
575	path_sep,
576	dir);
577	}
578
579	/********************************************************************
580	check for dfs referral
581	********************************************************************/
582
583	static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
584	{
585	uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
586
587	/* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
588
589	if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
590	(flgs2&FLAGS2_UNICODE_STRINGS)))
591	return false;
592
593	if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
594	return true;
595
596	return false;
597	}
598
599	/********************************************************************
600	Get the dfs referral link.
601	********************************************************************/
602
603	bool cli_dfs_get_referral(TALLOC_CTX *ctx,
604	struct cli_state *cli,
605	const char *path,
606	CLIENT_DFS_REFERRAL**refs,
607	size_t *num_refs,
608	size_t *consumed)
609	{
610	unsigned int data_len = 0;
611	unsigned int param_len = 0;
612	uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
613	char *param = NULL;
614	char rparam=NULL, rdata=NULL;
615	char *p;
616	char *endp;
617	size_t pathlen = 2*(strlen(path)+1);
618	smb_ucs2_t *path_ucs;
619	char *consumed_path = NULL;
620	uint16_t consumed_ucs;
621	uint16 num_referrals;
622	CLIENT_DFS_REFERRAL *referrals = NULL;
623	bool ret = false;
624
625	*num_refs = 0;
626	*refs = NULL;
627
628	param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
629	if (!param) {
630	goto out;
631	}
632	SSVAL(param, 0, 0x03); /* max referral level */
633	p = &param[2];
634
635	path_ucs = (smb_ucs2_t *)p;
636	p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
637	param_len = PTR_DIFF(p, param);
638
639	if (!cli_send_trans(cli, SMBtrans2,
640	NULL, /* name */
641	-1, 0, /* fid, flags */
642	&setup, 1, 0, /* setup, length, max */
643	param, param_len, 2, /* param, length, max */
644	NULL, 0, cli->max_xmit /* data, length, max */
645	)) {
646	goto out;
647	}
648
649	if (!cli_receive_trans(cli, SMBtrans2,
650	&rparam, &param_len,
651	&rdata, &data_len)) {
652	goto out;
653	}
654
655	if (data_len < 4) {
656	goto out;
657	}
658
659	endp = rdata + data_len;
660
661	consumed_ucs = SVAL(rdata, 0);
662	num_referrals = SVAL(rdata, 2);
663
664	/* consumed_ucs is the number of bytes
665	* of the UCS2 path consumed not counting any
666	* terminating null. We need to convert
667	* back to unix charset and count again
668	* to get the number of bytes consumed from
669	* the incoming path. */
670
671	if (pull_string_talloc(talloc_tos(),
672	NULL,
673	0,
674	&consumed_path,
675	path_ucs,
676	consumed_ucs,
677	STR_UNICODE) == 0) {
678	goto out;
679	}
680	if (consumed_path == NULL) {
681	goto out;
682	}
683	*consumed = strlen(consumed_path);
684
685	if (num_referrals != 0) {
686	uint16 ref_version;
687	uint16 ref_size;
688	int i;
689	uint16 node_offset;
690
691	referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
692	num_referrals);
693
694	if (!referrals) {
695	goto out;
696	}
697	/* start at the referrals array */
698
699	p = rdata+8;
700	for (i=0; i<num_referrals && p < endp; i++) {
701	if (p + 18 > endp) {
702	goto out;
703	}
704	ref_version = SVAL(p, 0);
705	ref_size = SVAL(p, 2);
706	node_offset = SVAL(p, 16);
707
708	if (ref_version != 3) {
709	p += ref_size;
710	continue;
711	}
712
713	referrals[i].proximity = SVAL(p, 8);
714	referrals[i].ttl = SVAL(p, 10);
715
716	if (p + node_offset > endp) {
717	goto out;
718	}
719	clistr_pull_talloc(ctx, cli->inbuf,
720	&referrals[i].dfspath,
721	p+node_offset, -1,
722	STR_TERMINATE\|STR_UNICODE);
723
724	if (!referrals[i].dfspath) {
725	goto out;
726	}
727	p += ref_size;
728	}
729	if (i < num_referrals) {
730	goto out;
731	}
732	}
733
734	ret = true;
735
736	*num_refs = num_referrals;
737	*refs = referrals;
738
739	out:
740
741	TALLOC_FREE(consumed_path);
742	SAFE_FREE(param);
743	SAFE_FREE(rdata);
744	SAFE_FREE(rparam);
745	return ret;
746	}
747
748	/********************************************************************
749	********************************************************************/
750
751	bool cli_resolve_path(TALLOC_CTX *ctx,
752	const char *mountpt,
753	const struct user_auth_info *dfs_auth_info,
754	struct cli_state *rootcli,
755	const char *path,
756	struct cli_state **targetcli,
757	char **pp_targetpath)
758	{
759	CLIENT_DFS_REFERRAL *refs = NULL;
760	size_t num_refs = 0;
761	size_t consumed = 0;
762	struct cli_state *cli_ipc = NULL;
763	char *dfs_path = NULL;
764	char *cleanpath = NULL;
765	char *extrapath = NULL;
766	int pathlen;
767	char *server = NULL;
768	char *share = NULL;
769	struct cli_state *newcli = NULL;
770	char *newpath = NULL;
771	char *newmount = NULL;
772	char *ppath = NULL;
773	SMB_STRUCT_STAT sbuf;
774	uint32 attributes;
775
776	if ( !rootcli \|\| !path \|\| !targetcli ) {
777	return false;
778	}
779
780	/* Don't do anything if this is not a DFS root. */
781
782	if ( !rootcli->dfsroot) {
783	*targetcli = rootcli;
784	*pp_targetpath = talloc_strdup(ctx, path);
785	if (!*pp_targetpath) {
786	return false;
787	}
788	return true;
789	}
790
791	*targetcli = NULL;
792
793	/* Send a trans2_query_path_info to check for a referral. */
794
795	cleanpath = clean_path(ctx, path);
796	if (!cleanpath) {
797	return false;
798	}
799
800	dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
801	if (!dfs_path) {
802	return false;
803	}
804
805	if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
806	/* This is an ordinary path, just return it. */
807	*targetcli = rootcli;
808	*pp_targetpath = talloc_strdup(ctx, path);
809	if (!*pp_targetpath) {
810	return false;
811	}
812	goto done;
813	}
814
815	/* Special case where client asked for a path that does not exist */
816
817	if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
818	*targetcli = rootcli;
819	*pp_targetpath = talloc_strdup(ctx, path);
820	if (!*pp_targetpath) {
821	return false;
822	}
823	goto done;
824	}
825
826	/* We got an error, check for DFS referral. */
827
828	if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
829	return false;
830	}
831
832	/* Check for the referral. */
833
834	if (!(cli_ipc = cli_cm_open(ctx,
835	rootcli,
836	rootcli->desthost,
837	"IPC$",
838	dfs_auth_info,
839	false,
840	(rootcli->trans_enc_state != NULL),
841	rootcli->protocol,
842	0,
843	0x20))) {
844	return false;
845	}
846
847	if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
848	&num_refs, &consumed) \|\| !num_refs) {
849	return false;
850	}
851
852	/* Just store the first referral for now. */
853
854	if (!refs[0].dfspath) {
855	return false;
856	}
857	split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
858
859	if (!server \|\| !share) {
860	return false;
861	}
862
863	/* Make sure to recreate the original string including any wildcards. */
864
865	dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
866	if (!dfs_path) {
867	return false;
868	}
869	pathlen = strlen(dfs_path);
870	consumed = MIN(pathlen, consumed);
871	*pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
872	if (!*pp_targetpath) {
873	return false;
874	}
875	dfs_path[consumed] = '\0';
876
877	/*
878	* *pp_targetpath is now the unconsumed part of the path.
879	* dfs_path is now the consumed part of the path
880	* (in \server\share\path format).
881	*/
882
883	/* Open the connection to the target server & share */
884	if ((*targetcli = cli_cm_open(ctx, rootcli,
885	server,
886	share,
887	dfs_auth_info,
888	false,
889	(rootcli->trans_enc_state != NULL),
890	rootcli->protocol,
891	0,
892	0x20)) == NULL) {
893	d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
894	server, share );
895	return false;
896	}
897
898	if (extrapath && strlen(extrapath) > 0) {
899	/* EMC Celerra NAS version 5.6.50 (at least) doesn't appear to */
900	/* put the trailing \ on the path, so to be save we put one in if needed */
901	if (extrapath[strlen(extrapath)-1] != '\\' && **pp_targetpath != '\\') {
902	*pp_targetpath = talloc_asprintf(ctx,
903	"%s\\%s",
904	extrapath,
905	*pp_targetpath);
906	} else {
907	*pp_targetpath = talloc_asprintf(ctx,
908	"%s%s",
909	extrapath,
910	*pp_targetpath);
911	}
912	if (!*pp_targetpath) {
913	return false;
914	}
915	}
916
917	/* parse out the consumed mount path */
918	/* trim off the \server\share\ */
919
920	ppath = dfs_path;
921
922	if (*ppath != '\\') {
923	d_printf("cli_resolve_path: "
924	"dfs_path (%s) not in correct format.\n",
925	dfs_path );
926	return false;
927	}
928
929	ppath++; /* Now pointing at start of server name. */
930
931	if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
932	return false;
933	}
934
935	ppath++; /* Now pointing at start of share name. */
936
937	if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
938	return false;
939	}
940
941	ppath++; /* Now pointing at path component. */
942
943	newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
944	if (!newmount) {
945	return false;
946	}
947
948	cli_set_mntpoint(*targetcli, newmount);
949
950	/* Check for another dfs referral, note that we are not
951	checking for loops here. */
952
953	if (!strequal(pp_targetpath, "\\") && !strequal(pp_targetpath, "/")) {
954	if (cli_resolve_path(ctx,
955	newmount,
956	dfs_auth_info,
957	*targetcli,
958	*pp_targetpath,
959	&newcli,
960	&newpath)) {
961	/*
962	* When cli_resolve_path returns true here it's always
963	* returning the complete path in newpath, so we're done
964	* here.
965	*/
966	*targetcli = newcli;
967	*pp_targetpath = newpath;
968	return true;
969	}
970	}
971
972	done:
973
974	/* If returning true ensure we return a dfs root full path. */
975	if ((*targetcli)->dfsroot) {
976	dfs_path = talloc_strdup(ctx, *pp_targetpath);
977	if (!dfs_path) {
978	return false;
979	}
980	pp_targetpath = cli_dfs_make_full_path(ctx, targetcli, dfs_path);
981	}
982
983	return true;
984	}
985
986	/********************************************************************
987	********************************************************************/
988
989	bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
990	struct cli_state *cli,
991	const char *sharename,
992	char **pp_newserver,
993	char **pp_newshare,
994	bool force_encrypt,
995	const char *username,
996	const char *password,
997	const char *domain)
998	{
999	CLIENT_DFS_REFERRAL *refs = NULL;
1000	size_t num_refs = 0;
1001	size_t consumed = 0;
1002	char *fullpath = NULL;
1003	bool res;
1004	uint16 cnum;
1005	char *newextrapath = NULL;
1006
1007	if (!cli \|\| !sharename) {
1008	return false;
1009	}
1010
1011	cnum = cli->cnum;
1012
1013	/* special case. never check for a referral on the IPC$ share */
1014
1015	if (strequal(sharename, "IPC$")) {
1016	return false;
1017	}
1018
1019	/* send a trans2_query_path_info to check for a referral */
1020
1021	fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1022	if (!fullpath) {
1023	return false;
1024	}
1025
1026	/* check for the referral */
1027
1028	if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
1029	return false;
1030	}
1031
1032	if (force_encrypt) {
1033	NTSTATUS status = cli_cm_force_encryption(cli,
1034	username,
1035	password,
1036	lp_workgroup(),
1037	"IPC$");
1038	if (!NT_STATUS_IS_OK(status)) {
1039	return false;
1040	}
1041	}
1042
1043	res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1044
1045	if (!cli_tdis(cli)) {
1046	return false;
1047	}
1048
1049	cli->cnum = cnum;
1050
1051	if (!res \|\| !num_refs) {
1052	return false;
1053	}
1054
1055	if (!refs[0].dfspath) {
1056	return false;
1057	}
1058
1059	split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1060	pp_newshare, &newextrapath );
1061
1062	if ((pp_newserver == NULL) \|\| (pp_newshare == NULL)) {
1063	return false;
1064	}
1065
1066	/* check that this is not a self-referral */
1067
1068	if (strequal(cli->desthost, *pp_newserver) &&
1069	strequal(sharename, *pp_newshare)) {
1070	return false;
1071	}
1072
1073	return true;
1074	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: