Context Navigation

source: vendor/3.6.23/source3/libsmb/clidfs.c

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 26.5 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	client connect/disconnect routines
4	Copyright (C) Andrew Tridgell 1994-1998
5	Copyright (C) Gerald (Jerry) Carter 2004
6	Copyright (C) Jeremy Allison 2007-2009
7
8	This program is free software; you can redistribute it and/or modify
9	it under the terms of the GNU General Public License as published by
10	the Free Software Foundation; either version 3 of the License, or
11	(at your option) any later version.
12
13	This program is distributed in the hope that it will be useful,
14	but WITHOUT ANY WARRANTY; without even the implied warranty of
15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	GNU General Public License for more details.
17
18	You should have received a copy of the GNU General Public License
19	along with this program. If not, see <http://www.gnu.org/licenses/>.
20	*/
21
22	#include "includes.h"
23	#include "libsmb/libsmb.h"
24	#include "libsmb/clirap.h"
25	#include "msdfs.h"
26	#include "trans2.h"
27	#include "libsmb/nmblib.h"
28
29	/********************************************************************
30	Important point.
31
32	DFS paths are always of the form \server\share\<pathname> (the \ characters
33	are not C escaped here).
34
35	- but if we're using POSIX paths then <pathname> may contain
36	'/' separators, not '\\' separators. So cope with '\\' or '/'
37	as a separator when looking at the pathname part.... JRA.
38	********************************************************************/
39
40	/********************************************************************
41	Ensure a connection is encrypted.
42	********************************************************************/
43
44	NTSTATUS cli_cm_force_encryption(struct cli_state *c,
45	const char *username,
46	const char *password,
47	const char *domain,
48	const char *sharename)
49	{
50	NTSTATUS status = cli_force_encryption(c,
51	username,
52	password,
53	domain);
54
55	if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
56	d_printf("Encryption required and "
57	"server that doesn't support "
58	"UNIX extensions - failing connect\n");
59	} else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
60	d_printf("Encryption required and "
61	"can't get UNIX CIFS extensions "
62	"version from server.\n");
63	} else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
64	d_printf("Encryption required and "
65	"share %s doesn't support "
66	"encryption.\n", sharename);
67	} else if (!NT_STATUS_IS_OK(status)) {
68	d_printf("Encryption required and "
69	"setup failed with error %s.\n",
70	nt_errstr(status));
71	}
72
73	return status;
74	}
75
76	/********************************************************************
77	Return a connection to a server.
78	********************************************************************/
79
80	static struct cli_state do_connect(TALLOC_CTX ctx,
81	const char *server,
82	const char *share,
83	const struct user_auth_info *auth_info,
84	bool show_sessetup,
85	bool force_encrypt,
86	int max_protocol,
87	int port,
88	int name_type)
89	{
90	struct cli_state *c = NULL;
91	struct nmb_name called, calling;
92	const char *called_str;
93	const char *server_n;
94	struct sockaddr_storage ss;
95	char *servicename;
96	char *sharename;
97	char newserver, newshare;
98	const char *username;
99	const char *password;
100	NTSTATUS status;
101
102	/* make a copy so we don't modify the global string 'service' */
103	servicename = talloc_strdup(ctx,share);
104	if (!servicename) {
105	return NULL;
106	}
107	sharename = servicename;
108	if (*sharename == '\\') {
109	sharename += 2;
110	called_str = sharename;
111	if (server == NULL) {
112	server = sharename;
113	}
114	sharename = strchr_m(sharename,'\\');
115	if (!sharename) {
116	return NULL;
117	}
118	*sharename = 0;
119	sharename++;
120	} else {
121	called_str = server;
122	}
123
124	server_n = server;
125
126	zero_sockaddr(&ss);
127
128	make_nmb_name(&calling, global_myname(), 0x0);
129	make_nmb_name(&called , called_str, name_type);
130
131	again:
132	zero_sockaddr(&ss);
133
134	/* have to open a new connection */
135	c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info));
136	if (c == NULL) {
137	d_printf("Connection to %s failed\n", server_n);
138	return NULL;
139	}
140	if (port) {
141	cli_set_port(c, port);
142	}
143
144	status = cli_connect(c, server_n, &ss);
145	if (!NT_STATUS_IS_OK(status)) {
146	d_printf("Connection to %s failed (Error %s)\n",
147	server_n,
148	nt_errstr(status));
149	cli_shutdown(c);
150	return NULL;
151	}
152
153	if (max_protocol == 0) {
154	max_protocol = PROTOCOL_NT1;
155	}
156	c->protocol = max_protocol;
157	c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
158	c->fallback_after_kerberos =
159	get_cmdline_auth_info_fallback_after_kerberos(auth_info);
160	c->use_ccache = get_cmdline_auth_info_use_ccache(auth_info);
161
162	if (!cli_session_request(c, &calling, &called)) {
163	char *p;
164	d_printf("session request to %s failed (%s)\n",
165	called.name, cli_errstr(c));
166	cli_shutdown(c);
167	c = NULL;
168	if ((p=strchr_m(called.name, '.'))) {
169	*p = 0;
170	goto again;
171	}
172	if (strcmp(called.name, "*SMBSERVER")) {
173	make_nmb_name(&called , "*SMBSERVER", 0x20);
174	goto again;
175	}
176	return NULL;
177	}
178
179	DEBUG(4,(" session request ok\n"));
180
181	status = cli_negprot(c);
182
183	if (!NT_STATUS_IS_OK(status)) {
184	d_printf("protocol negotiation failed: %s\n",
185	nt_errstr(status));
186	cli_shutdown(c);
187	return NULL;
188	}
189
190	username = get_cmdline_auth_info_username(auth_info);
191	password = get_cmdline_auth_info_password(auth_info);
192
193	if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
194	password, strlen(password),
195	password, strlen(password),
196	lp_workgroup()))) {
197	/* If a password was not supplied then
198	* try again with a null username. */
199	if (password[0] \|\| !username[0] \|\|
200	get_cmdline_auth_info_use_kerberos(auth_info) \|\|
201	!NT_STATUS_IS_OK(cli_session_setup(c, "",
202	"", 0,
203	"", 0,
204	lp_workgroup()))) {
205	d_printf("session setup failed: %s\n", cli_errstr(c));
206	if (NT_STATUS_V(cli_nt_error(c)) ==
207	NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
208	d_printf("did you forget to run kinit?\n");
209	cli_shutdown(c);
210	return NULL;
211	}
212	d_printf("Anonymous login successful\n");
213	status = cli_init_creds(c, "", lp_workgroup(), "");
214	} else {
215	status = cli_init_creds(c, username, lp_workgroup(), password);
216	}
217
218	if (!NT_STATUS_IS_OK(status)) {
219	DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
220	cli_shutdown(c);
221	return NULL;
222	}
223
224	if ( show_sessetup ) {
225	if (*c->server_domain) {
226	DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
227	c->server_domain,c->server_os,c->server_type));
228	} else if (c->server_os \|\| c->server_type) {
229	DEBUG(0,("OS=[%s] Server=[%s]\n",
230	c->server_os,c->server_type));
231	}
232	}
233	DEBUG(4,(" session setup ok\n"));
234
235	/* here's the fun part....to support 'msdfs proxy' shares
236	(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
237	here before trying to connect to the original share.
238	cli_check_msdfs_proxy() will fail if it is a normal share. */
239
240	if ((c->capabilities & CAP_DFS) &&
241	cli_check_msdfs_proxy(ctx, c, sharename,
242	&newserver, &newshare,
243	force_encrypt,
244	username,
245	password,
246	lp_workgroup())) {
247	cli_shutdown(c);
248	return do_connect(ctx, newserver,
249	newshare, auth_info, false,
250	force_encrypt, max_protocol,
251	port, name_type);
252	}
253
254	/* must be a normal share */
255
256	status = cli_tcon_andx(c, sharename, "?????",
257	password, strlen(password)+1);
258	if (!NT_STATUS_IS_OK(status)) {
259	d_printf("tree connect failed: %s\n", nt_errstr(status));
260	cli_shutdown(c);
261	return NULL;
262	}
263
264	if (force_encrypt) {
265	status = cli_cm_force_encryption(c,
266	username,
267	password,
268	lp_workgroup(),
269	sharename);
270	if (!NT_STATUS_IS_OK(status)) {
271	cli_shutdown(c);
272	return NULL;
273	}
274	}
275
276	DEBUG(4,(" tconx ok\n"));
277	return c;
278	}
279
280	/****************************************************************************
281	****************************************************************************/
282
283	static void cli_set_mntpoint(struct cli_state cli, const char mnt)
284	{
285	char *name = clean_name(NULL, mnt);
286	if (!name) {
287	return;
288	}
289	TALLOC_FREE(cli->dfs_mountpoint);
290	cli->dfs_mountpoint = talloc_strdup(cli, name);
291	TALLOC_FREE(name);
292	}
293
294	/********************************************************************
295	Add a new connection to the list.
296	referring_cli == NULL means a new initial connection.
297	********************************************************************/
298
299	static struct cli_state cli_cm_connect(TALLOC_CTX ctx,
300	struct cli_state *referring_cli,
301	const char *server,
302	const char *share,
303	const struct user_auth_info *auth_info,
304	bool show_hdr,
305	bool force_encrypt,
306	int max_protocol,
307	int port,
308	int name_type)
309	{
310	struct cli_state *cli;
311
312	cli = do_connect(ctx, server, share,
313	auth_info,
314	show_hdr, force_encrypt, max_protocol,
315	port, name_type);
316
317	if (!cli ) {
318	return NULL;
319	}
320
321	/* Enter into the list. */
322	if (referring_cli) {
323	DLIST_ADD_END(referring_cli, cli, struct cli_state *);
324	}
325
326	if (referring_cli && referring_cli->requested_posix_capabilities) {
327	uint16 major, minor;
328	uint32 caplow, caphigh;
329	NTSTATUS status;
330	status = cli_unix_extensions_version(cli, &major, &minor,
331	&caplow, &caphigh);
332	if (NT_STATUS_IS_OK(status)) {
333	cli_set_unix_extensions_capabilities(cli,
334	major, minor,
335	caplow, caphigh);
336	}
337	}
338
339	return cli;
340	}
341
342	/********************************************************************
343	Return a connection to a server on a particular share.
344	********************************************************************/
345
346	static struct cli_state cli_cm_find(struct cli_state cli,
347	const char *server,
348	const char *share)
349	{
350	struct cli_state *p;
351
352	if (cli == NULL) {
353	return NULL;
354	}
355
356	/* Search to the start of the list. */
357	for (p = cli; p; p = DLIST_PREV(p)) {
358	if (strequal(server, p->desthost) &&
359	strequal(share,p->share)) {
360	return p;
361	}
362	}
363
364	/* Search to the end of the list. */
365	for (p = cli->next; p; p = p->next) {
366	if (strequal(server, p->desthost) &&
367	strequal(share,p->share)) {
368	return p;
369	}
370	}
371
372	return NULL;
373	}
374
375	/****************************************************************************
376	Open a client connection to a \\server\share.
377	****************************************************************************/
378
379	struct cli_state cli_cm_open(TALLOC_CTX ctx,
380	struct cli_state *referring_cli,
381	const char *server,
382	const char *share,
383	const struct user_auth_info *auth_info,
384	bool show_hdr,
385	bool force_encrypt,
386	int max_protocol,
387	int port,
388	int name_type)
389	{
390	/* Try to reuse an existing connection in this list. */
391	struct cli_state *c = cli_cm_find(referring_cli, server, share);
392
393	if (c) {
394	return c;
395	}
396
397	if (auth_info == NULL) {
398	/* Can't do a new connection
399	* without auth info. */
400	d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
401	"without auth info\n",
402	server, share );
403	return NULL;
404	}
405
406	return cli_cm_connect(ctx,
407	referring_cli,
408	server,
409	share,
410	auth_info,
411	show_hdr,
412	force_encrypt,
413	max_protocol,
414	port,
415	name_type);
416	}
417
418	/****************************************************************************
419	****************************************************************************/
420
421	void cli_cm_display(const struct cli_state *cli)
422	{
423	int i;
424
425	for (i=0; cli; cli = cli->next,i++ ) {
426	d_printf("%d:\tserver=%s, share=%s\n",
427	i, cli->desthost, cli->share );
428	}
429	}
430
431	/****************************************************************************
432	****************************************************************************/
433
434	/****************************************************************************
435	****************************************************************************/
436
437	#if 0
438	void cli_cm_set_credentials(struct user_auth_info *auth_info)
439	{
440	SAFE_FREE(cm_creds.username);
441	cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
442	auth_info));
443
444	if (get_cmdline_auth_info_got_pass(auth_info)) {
445	cm_set_password(get_cmdline_auth_info_password(auth_info));
446	}
447
448	cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
449	cm_creds.fallback_after_kerberos = false;
450	cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
451	}
452	#endif
453
454	/**********************************************************************
455	split a dfs path into the server, share name, and extrapath components
456	**********************************************************************/
457
458	static bool split_dfs_path(TALLOC_CTX *ctx,
459	const char *nodepath,
460	char **pp_server,
461	char **pp_share,
462	char **pp_extrapath)
463	{
464	char p, q;
465	char *path;
466
467	*pp_server = NULL;
468	*pp_share = NULL;
469	*pp_extrapath = NULL;
470
471	path = talloc_strdup(ctx, nodepath);
472	if (!path) {
473	goto fail;
474	}
475
476	if ( path[0] != '\\' ) {
477	goto fail;
478	}
479
480	p = strchr_m( path + 1, '\\' );
481	if ( !p ) {
482	goto fail;
483	}
484
485	*p = '\0';
486	p++;
487
488	/* Look for any extra/deep path */
489	q = strchr_m(p, '\\');
490	if (q != NULL) {
491	*q = '\0';
492	q++;
493	*pp_extrapath = talloc_strdup(ctx, q);
494	} else {
495	*pp_extrapath = talloc_strdup(ctx, "");
496	}
497	if (*pp_extrapath == NULL) {
498	goto fail;
499	}
500
501	*pp_share = talloc_strdup(ctx, p);
502	if (*pp_share == NULL) {
503	goto fail;
504	}
505
506	*pp_server = talloc_strdup(ctx, &path[1]);
507	if (*pp_server == NULL) {
508	goto fail;
509	}
510
511	TALLOC_FREE(path);
512	return true;
513
514	fail:
515	TALLOC_FREE(*pp_share);
516	TALLOC_FREE(*pp_extrapath);
517	TALLOC_FREE(path);
518	return false;
519	}
520
521	/****************************************************************************
522	Return the original path truncated at the directory component before
523	the first wildcard character. Trust the caller to provide a NULL
524	terminated string
525	****************************************************************************/
526
527	static char clean_path(TALLOC_CTX ctx, const char *path)
528	{
529	size_t len;
530	char p1, p2, *p;
531	char *path_out;
532
533	/* No absolute paths. */
534	while (IS_DIRECTORY_SEP(*path)) {
535	path++;
536	}
537
538	path_out = talloc_strdup(ctx, path);
539	if (!path_out) {
540	return NULL;
541	}
542
543	p1 = strchr_m(path_out, '*');
544	p2 = strchr_m(path_out, '?');
545
546	if (p1 \|\| p2) {
547	if (p1 && p2) {
548	p = MIN(p1,p2);
549	} else if (!p1) {
550	p = p2;
551	} else {
552	p = p1;
553	}
554	*p = '\0';
555
556	/* Now go back to the start of this component. */
557	p1 = strrchr_m(path_out, '/');
558	p2 = strrchr_m(path_out, '\\');
559	p = MAX(p1,p2);
560	if (p) {
561	*p = '\0';
562	}
563	}
564
565	/* Strip any trailing separator */
566
567	len = strlen(path_out);
568	if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
569	path_out[len-1] = '\0';
570	}
571
572	return path_out;
573	}
574
575	/****************************************************************************
576	****************************************************************************/
577
578	static char cli_dfs_make_full_path(TALLOC_CTX ctx,
579	struct cli_state *cli,
580	const char *dir)
581	{
582	char path_sep = '\\';
583
584	/* Ensure the extrapath doesn't start with a separator. */
585	while (IS_DIRECTORY_SEP(*dir)) {
586	dir++;
587	}
588
589	if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
590	path_sep = '/';
591	}
592	return talloc_asprintf(ctx, "%c%s%c%s%c%s",
593	path_sep,
594	cli->desthost,
595	path_sep,
596	cli->share,
597	path_sep,
598	dir);
599	}
600
601	/********************************************************************
602	check for dfs referral
603	********************************************************************/
604
605	static bool cli_dfs_check_error(struct cli_state *cli, NTSTATUS expected,
606	NTSTATUS status)
607	{
608	/* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
609
610	if (!(cli->capabilities & CAP_UNICODE)) {
611	return false;
612	}
613	if (!(cli->capabilities & CAP_STATUS32)) {
614	return false;
615	}
616	if (NT_STATUS_EQUAL(status, expected)) {
617	return true;
618	}
619	return false;
620	}
621
622	/********************************************************************
623	Get the dfs referral link.
624	********************************************************************/
625
626	NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
627	struct cli_state *cli,
628	const char *path,
629	struct client_dfs_referral **refs,
630	size_t *num_refs,
631	size_t *consumed)
632	{
633	unsigned int data_len = 0;
634	unsigned int param_len = 0;
635	uint16 setup[1];
636	uint8_t *param = NULL;
637	uint8_t *rdata = NULL;
638	char *p;
639	char *endp;
640	size_t pathlen = 2*(strlen(path)+1);
641	smb_ucs2_t *path_ucs;
642	char *consumed_path = NULL;
643	uint16_t consumed_ucs;
644	uint16 num_referrals;
645	struct client_dfs_referral *referrals = NULL;
646	NTSTATUS status;
647
648	*num_refs = 0;
649	*refs = NULL;
650
651	SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);
652
653	param = SMB_MALLOC_ARRAY(uint8_t, 2+pathlen+2);
654	if (!param) {
655	status = NT_STATUS_NO_MEMORY;
656	goto out;
657	}
658	SSVAL(param, 0, 0x03); /* max referral level */
659	p = (char *)(&param[2]);
660
661	path_ucs = (smb_ucs2_t *)p;
662	p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
663	param_len = PTR_DIFF(p, param);
664
665	status = cli_trans(talloc_tos(), cli, SMBtrans2,
666	NULL, 0xffff, 0, 0,
667	setup, 1, 0,
668	param, param_len, 2,
669	NULL, 0, cli->max_xmit,
670	NULL,
671	NULL, 0, NULL, /* rsetup */
672	NULL, 0, NULL,
673	&rdata, 4, &data_len);
674	if (!NT_STATUS_IS_OK(status)) {
675	goto out;
676	}
677	if (data_len < 4) {
678	goto out;
679	}
680
681	endp = (char *)rdata + data_len;
682
683	consumed_ucs = SVAL(rdata, 0);
684	num_referrals = SVAL(rdata, 2);
685
686	/* consumed_ucs is the number of bytes
687	* of the UCS2 path consumed not counting any
688	* terminating null. We need to convert
689	* back to unix charset and count again
690	* to get the number of bytes consumed from
691	* the incoming path. */
692
693	if (pull_string_talloc(talloc_tos(),
694	NULL,
695	0,
696	&consumed_path,
697	path_ucs,
698	consumed_ucs,
699	STR_UNICODE) == 0) {
700	goto out;
701	}
702	if (consumed_path == NULL) {
703	goto out;
704	}
705	*consumed = strlen(consumed_path);
706
707	if (num_referrals != 0) {
708	uint16 ref_version;
709	uint16 ref_size;
710	int i;
711	uint16 node_offset;
712
713	referrals = talloc_array(ctx, struct client_dfs_referral,
714	num_referrals);
715
716	if (!referrals) {
717	goto out;
718	}
719	/* start at the referrals array */
720
721	p = (char *)rdata+8;
722	for (i=0; i<num_referrals && p < endp; i++) {
723	if (p + 18 > endp) {
724	goto out;
725	}
726	ref_version = SVAL(p, 0);
727	ref_size = SVAL(p, 2);
728	node_offset = SVAL(p, 16);
729
730	if (ref_version != 3) {
731	p += ref_size;
732	continue;
733	}
734
735	referrals[i].proximity = SVAL(p, 8);
736	referrals[i].ttl = SVAL(p, 10);
737
738	if (p + node_offset > endp) {
739	goto out;
740	}
741	clistr_pull_talloc(ctx, cli->inbuf,
742	SVAL(cli->inbuf, smb_flg2),
743	&referrals[i].dfspath,
744	p+node_offset, -1,
745	STR_TERMINATE\|STR_UNICODE);
746
747	if (!referrals[i].dfspath) {
748	goto out;
749	}
750	p += ref_size;
751	}
752	if (i < num_referrals) {
753	goto out;
754	}
755	}
756
757	*num_refs = num_referrals;
758	*refs = referrals;
759
760	out:
761
762	TALLOC_FREE(consumed_path);
763	SAFE_FREE(param);
764	TALLOC_FREE(rdata);
765	return status;
766	}
767
768	/********************************************************************
769	********************************************************************/
770
771	bool cli_resolve_path(TALLOC_CTX *ctx,
772	const char *mountpt,
773	const struct user_auth_info *dfs_auth_info,
774	struct cli_state *rootcli,
775	const char *path,
776	struct cli_state **targetcli,
777	char **pp_targetpath)
778	{
779	struct client_dfs_referral *refs = NULL;
780	size_t num_refs = 0;
781	size_t consumed = 0;
782	struct cli_state *cli_ipc = NULL;
783	char *dfs_path = NULL;
784	char *cleanpath = NULL;
785	char *extrapath = NULL;
786	int pathlen;
787	char *server = NULL;
788	char *share = NULL;
789	struct cli_state *newcli = NULL;
790	char *newpath = NULL;
791	char *newmount = NULL;
792	char *ppath = NULL;
793	SMB_STRUCT_STAT sbuf;
794	uint32 attributes;
795	NTSTATUS status;
796
797	if ( !rootcli \|\| !path \|\| !targetcli ) {
798	return false;
799	}
800
801	/* Don't do anything if this is not a DFS root. */
802
803	if ( !rootcli->dfsroot) {
804	*targetcli = rootcli;
805	*pp_targetpath = talloc_strdup(ctx, path);
806	if (!*pp_targetpath) {
807	return false;
808	}
809	return true;
810	}
811
812	*targetcli = NULL;
813
814	/* Send a trans2_query_path_info to check for a referral. */
815
816	cleanpath = clean_path(ctx, path);
817	if (!cleanpath) {
818	return false;
819	}
820
821	dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
822	if (!dfs_path) {
823	return false;
824	}
825
826	status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
827	if (NT_STATUS_IS_OK(status)) {
828	/* This is an ordinary path, just return it. */
829	*targetcli = rootcli;
830	*pp_targetpath = talloc_strdup(ctx, path);
831	if (!*pp_targetpath) {
832	return false;
833	}
834	goto done;
835	}
836
837	/* Special case where client asked for a path that does not exist */
838
839	if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND,
840	status)) {
841	*targetcli = rootcli;
842	*pp_targetpath = talloc_strdup(ctx, path);
843	if (!*pp_targetpath) {
844	return false;
845	}
846	goto done;
847	}
848
849	/* We got an error, check for DFS referral. */
850
851	if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED,
852	status)) {
853	return false;
854	}
855
856	/* Check for the referral. */
857
858	if (!(cli_ipc = cli_cm_open(ctx,
859	rootcli,
860	rootcli->desthost,
861	"IPC$",
862	dfs_auth_info,
863	false,
864	(rootcli->trans_enc_state != NULL),
865	rootcli->protocol,
866	0,
867	0x20))) {
868	return false;
869	}
870
871	status = cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
872	&num_refs, &consumed);
873	if (!NT_STATUS_IS_OK(status) \|\| !num_refs) {
874	return false;
875	}
876
877	/* Just store the first referral for now. */
878
879	if (!refs[0].dfspath) {
880	return false;
881	}
882	if (!split_dfs_path(ctx, refs[0].dfspath, &server, &share,
883	&extrapath)) {
884	return false;
885	}
886
887	/* Make sure to recreate the original string including any wildcards. */
888
889	dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
890	if (!dfs_path) {
891	return false;
892	}
893	pathlen = strlen(dfs_path);
894	consumed = MIN(pathlen, consumed);
895	*pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
896	if (!*pp_targetpath) {
897	return false;
898	}
899	dfs_path[consumed] = '\0';
900
901	/*
902	* *pp_targetpath is now the unconsumed part of the path.
903	* dfs_path is now the consumed part of the path
904	* (in \server\share\path format).
905	*/
906
907	/* Open the connection to the target server & share */
908	if ((*targetcli = cli_cm_open(ctx, rootcli,
909	server,
910	share,
911	dfs_auth_info,
912	false,
913	(rootcli->trans_enc_state != NULL),
914	rootcli->protocol,
915	0,
916	0x20)) == NULL) {
917	d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
918	server, share );
919	return false;
920	}
921
922	if (extrapath && strlen(extrapath) > 0) {
923	/* EMC Celerra NAS version 5.6.50 (at least) doesn't appear to */
924	/* put the trailing \ on the path, so to be save we put one in if needed */
925	if (extrapath[strlen(extrapath)-1] != '\\' && **pp_targetpath != '\\') {
926	*pp_targetpath = talloc_asprintf(ctx,
927	"%s\\%s",
928	extrapath,
929	*pp_targetpath);
930	} else {
931	*pp_targetpath = talloc_asprintf(ctx,
932	"%s%s",
933	extrapath,
934	*pp_targetpath);
935	}
936	if (!*pp_targetpath) {
937	return false;
938	}
939	}
940
941	/* parse out the consumed mount path */
942	/* trim off the \server\share\ */
943
944	ppath = dfs_path;
945
946	if (*ppath != '\\') {
947	d_printf("cli_resolve_path: "
948	"dfs_path (%s) not in correct format.\n",
949	dfs_path );
950	return false;
951	}
952
953	ppath++; /* Now pointing at start of server name. */
954
955	if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
956	return false;
957	}
958
959	ppath++; /* Now pointing at start of share name. */
960
961	if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
962	return false;
963	}
964
965	ppath++; /* Now pointing at path component. */
966
967	newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
968	if (!newmount) {
969	return false;
970	}
971
972	cli_set_mntpoint(*targetcli, newmount);
973
974	/* Check for another dfs referral, note that we are not
975	checking for loops here. */
976
977	if (!strequal(pp_targetpath, "\\") && !strequal(pp_targetpath, "/")) {
978	if (cli_resolve_path(ctx,
979	newmount,
980	dfs_auth_info,
981	*targetcli,
982	*pp_targetpath,
983	&newcli,
984	&newpath)) {
985	/*
986	* When cli_resolve_path returns true here it's always
987	* returning the complete path in newpath, so we're done
988	* here.
989	*/
990	*targetcli = newcli;
991	*pp_targetpath = newpath;
992	return true;
993	}
994	}
995
996	done:
997
998	/* If returning true ensure we return a dfs root full path. */
999	if ((*targetcli)->dfsroot) {
1000	dfs_path = talloc_strdup(ctx, *pp_targetpath);
1001	if (!dfs_path) {
1002	return false;
1003	}
1004	pp_targetpath = cli_dfs_make_full_path(ctx, targetcli, dfs_path);
1005	}
1006
1007	return true;
1008	}
1009
1010	/********************************************************************
1011	********************************************************************/
1012
1013	bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1014	struct cli_state *cli,
1015	const char *sharename,
1016	char **pp_newserver,
1017	char **pp_newshare,
1018	bool force_encrypt,
1019	const char *username,
1020	const char *password,
1021	const char *domain)
1022	{
1023	struct client_dfs_referral *refs = NULL;
1024	size_t num_refs = 0;
1025	size_t consumed = 0;
1026	char *fullpath = NULL;
1027	bool res;
1028	uint16 cnum;
1029	char *newextrapath = NULL;
1030	NTSTATUS status;
1031
1032	if (!cli \|\| !sharename) {
1033	return false;
1034	}
1035
1036	cnum = cli->cnum;
1037
1038	/* special case. never check for a referral on the IPC$ share */
1039
1040	if (strequal(sharename, "IPC$")) {
1041	return false;
1042	}
1043
1044	/* send a trans2_query_path_info to check for a referral */
1045
1046	fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1047	if (!fullpath) {
1048	return false;
1049	}
1050
1051	/* check for the referral */
1052
1053	if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
1054	return false;
1055	}
1056
1057	if (force_encrypt) {
1058	status = cli_cm_force_encryption(cli,
1059	username,
1060	password,
1061	lp_workgroup(),
1062	"IPC$");
1063	if (!NT_STATUS_IS_OK(status)) {
1064	return false;
1065	}
1066	}
1067
1068	status = cli_dfs_get_referral(ctx, cli, fullpath, &refs,
1069	&num_refs, &consumed);
1070	res = NT_STATUS_IS_OK(status);
1071
1072	status = cli_tdis(cli);
1073	if (!NT_STATUS_IS_OK(status)) {
1074	return false;
1075	}
1076
1077	cli->cnum = cnum;
1078
1079	if (!res \|\| !num_refs) {
1080	return false;
1081	}
1082
1083	if (!refs[0].dfspath) {
1084	return false;
1085	}
1086
1087	if (!split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1088	pp_newshare, &newextrapath)) {
1089	return false;
1090	}
1091
1092	/* check that this is not a self-referral */
1093
1094	if (strequal(cli->desthost, *pp_newserver) &&
1095	strequal(sharename, *pp_newshare)) {
1096	return false;
1097	}
1098
1099	return true;
1100	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: