mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
3eb2cfc1ad
Jeremy.
(This used to be commit eea07b0c83
)
1070 lines
24 KiB
C
1070 lines
24 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
client connect/disconnect routines
|
|
Copyright (C) Andrew Tridgell 1994-1998
|
|
Copyright (C) Gerald (Jerry) Carter 2004
|
|
Copyright (C) Jeremy Allison 2007
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
/********************************************************************
|
|
Important point.
|
|
|
|
DFS paths are *always* of the form \server\share\<pathname> (the \ characters
|
|
are not C escaped here).
|
|
|
|
- but if we're using POSIX paths then <pathname> may contain
|
|
'/' separators, not '\\' separators. So cope with '\\' or '/'
|
|
as a separator when looking at the pathname part.... JRA.
|
|
********************************************************************/
|
|
|
|
struct client_connection {
|
|
struct client_connection *prev, *next;
|
|
struct cli_state *cli;
|
|
char *mount;
|
|
};
|
|
|
|
/* global state....globals reek! */
|
|
int max_protocol = PROTOCOL_NT1;
|
|
|
|
static struct cm_cred_struct {
|
|
char *username;
|
|
char *password;
|
|
bool got_pass;
|
|
bool use_kerberos;
|
|
int signing_state;
|
|
} cm_creds;
|
|
|
|
static void cm_set_password(const char *newpass);
|
|
|
|
static int port;
|
|
static int name_type = 0x20;
|
|
static bool have_ip;
|
|
static struct sockaddr_storage dest_ss;
|
|
|
|
static struct client_connection *connections;
|
|
|
|
static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
|
|
struct cli_state *cli,
|
|
const char *sharename,
|
|
char **pp_newserver,
|
|
char **pp_newshare,
|
|
bool force_encrypt,
|
|
const char *username,
|
|
const char *password,
|
|
const char *domain);
|
|
|
|
/********************************************************************
|
|
Ensure a connection is encrypted.
|
|
********************************************************************/
|
|
|
|
NTSTATUS cli_cm_force_encryption(struct cli_state *c,
|
|
const char *username,
|
|
const char *password,
|
|
const char *domain,
|
|
const char *sharename)
|
|
{
|
|
NTSTATUS status = cli_force_encryption(c,
|
|
username,
|
|
password,
|
|
domain);
|
|
|
|
if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
|
|
d_printf("Encryption required and "
|
|
"server that doesn't support "
|
|
"UNIX extensions - failing connect\n");
|
|
} else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
|
|
d_printf("Encryption required and "
|
|
"can't get UNIX CIFS extensions "
|
|
"version from server.\n");
|
|
} else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
|
|
d_printf("Encryption required and "
|
|
"share %s doesn't support "
|
|
"encryption.\n", sharename);
|
|
} else if (!NT_STATUS_IS_OK(status)) {
|
|
d_printf("Encryption required and "
|
|
"setup failed with error %s.\n",
|
|
nt_errstr(status));
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
/********************************************************************
|
|
Return a connection to a server.
|
|
********************************************************************/
|
|
|
|
static struct cli_state *do_connect(TALLOC_CTX *ctx,
|
|
const char *server,
|
|
const char *share,
|
|
bool show_sessetup,
|
|
bool force_encrypt)
|
|
{
|
|
struct cli_state *c = NULL;
|
|
struct nmb_name called, calling;
|
|
const char *server_n;
|
|
struct sockaddr_storage ss;
|
|
char *servicename;
|
|
char *sharename;
|
|
char *newserver, *newshare;
|
|
const char *username;
|
|
const char *password;
|
|
NTSTATUS status;
|
|
|
|
/* make a copy so we don't modify the global string 'service' */
|
|
servicename = talloc_strdup(ctx,share);
|
|
if (!servicename) {
|
|
return NULL;
|
|
}
|
|
sharename = servicename;
|
|
if (*sharename == '\\') {
|
|
server = sharename+2;
|
|
sharename = strchr_m(server,'\\');
|
|
if (!sharename) {
|
|
return NULL;
|
|
}
|
|
*sharename = 0;
|
|
sharename++;
|
|
}
|
|
|
|
server_n = server;
|
|
|
|
zero_addr(&ss);
|
|
|
|
make_nmb_name(&calling, global_myname(), 0x0);
|
|
make_nmb_name(&called , server, name_type);
|
|
|
|
again:
|
|
zero_addr(&ss);
|
|
if (have_ip)
|
|
ss = dest_ss;
|
|
|
|
/* have to open a new connection */
|
|
if (!(c=cli_initialise()) || (cli_set_port(c, port) != port)) {
|
|
d_printf("Connection to %s failed\n", server_n);
|
|
if (c) {
|
|
cli_shutdown(c);
|
|
}
|
|
return NULL;
|
|
}
|
|
status = cli_connect(c, server_n, &ss);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
d_printf("Connection to %s failed (Error %s)\n",
|
|
server_n,
|
|
nt_errstr(status));
|
|
cli_shutdown(c);
|
|
return NULL;
|
|
}
|
|
|
|
c->protocol = max_protocol;
|
|
c->use_kerberos = cm_creds.use_kerberos;
|
|
cli_setup_signing_state(c, cm_creds.signing_state);
|
|
|
|
if (!cli_session_request(c, &calling, &called)) {
|
|
char *p;
|
|
d_printf("session request to %s failed (%s)\n",
|
|
called.name, cli_errstr(c));
|
|
cli_shutdown(c);
|
|
c = NULL;
|
|
if ((p=strchr_m(called.name, '.'))) {
|
|
*p = 0;
|
|
goto again;
|
|
}
|
|
if (strcmp(called.name, "*SMBSERVER")) {
|
|
make_nmb_name(&called , "*SMBSERVER", 0x20);
|
|
goto again;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
DEBUG(4,(" session request ok\n"));
|
|
|
|
if (!cli_negprot(c)) {
|
|
d_printf("protocol negotiation failed\n");
|
|
cli_shutdown(c);
|
|
return NULL;
|
|
}
|
|
|
|
if (!cm_creds.got_pass) {
|
|
char *pass = getpass("Password: ");
|
|
if (pass) {
|
|
cm_set_password(pass);
|
|
}
|
|
}
|
|
|
|
username = cm_creds.username ? cm_creds.username : "";
|
|
password = cm_creds.password ? cm_creds.password : "";
|
|
|
|
if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
|
|
password, strlen(password),
|
|
password, strlen(password),
|
|
lp_workgroup()))) {
|
|
/* If a password was not supplied then
|
|
* try again with a null username. */
|
|
if (password[0] || !username[0] || cm_creds.use_kerberos ||
|
|
!NT_STATUS_IS_OK(cli_session_setup(c, "",
|
|
"", 0,
|
|
"", 0,
|
|
lp_workgroup()))) {
|
|
d_printf("session setup failed: %s\n", cli_errstr(c));
|
|
if (NT_STATUS_V(cli_nt_error(c)) ==
|
|
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
|
|
d_printf("did you forget to run kinit?\n");
|
|
cli_shutdown(c);
|
|
return NULL;
|
|
}
|
|
d_printf("Anonymous login successful\n");
|
|
}
|
|
|
|
if ( show_sessetup ) {
|
|
if (*c->server_domain) {
|
|
DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
|
|
c->server_domain,c->server_os,c->server_type));
|
|
} else if (*c->server_os || *c->server_type) {
|
|
DEBUG(0,("OS=[%s] Server=[%s]\n",
|
|
c->server_os,c->server_type));
|
|
}
|
|
}
|
|
DEBUG(4,(" session setup ok\n"));
|
|
|
|
/* here's the fun part....to support 'msdfs proxy' shares
|
|
(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
|
|
here before trying to connect to the original share.
|
|
check_dfs_proxy() will fail if it is a normal share. */
|
|
|
|
if ((c->capabilities & CAP_DFS) &&
|
|
cli_check_msdfs_proxy(ctx, c, sharename,
|
|
&newserver, &newshare,
|
|
force_encrypt,
|
|
username,
|
|
password,
|
|
lp_workgroup())) {
|
|
cli_shutdown(c);
|
|
return do_connect(ctx, newserver,
|
|
newshare, false, force_encrypt);
|
|
}
|
|
|
|
/* must be a normal share */
|
|
|
|
if (!cli_send_tconX(c, sharename, "?????",
|
|
password, strlen(password)+1)) {
|
|
d_printf("tree connect failed: %s\n", cli_errstr(c));
|
|
cli_shutdown(c);
|
|
return NULL;
|
|
}
|
|
|
|
if (force_encrypt) {
|
|
status = cli_cm_force_encryption(c,
|
|
username,
|
|
password,
|
|
lp_workgroup(),
|
|
sharename);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
cli_shutdown(c);
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
DEBUG(4,(" tconx ok\n"));
|
|
return c;
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
static void cli_cm_set_mntpoint(struct cli_state *c, const char *mnt)
|
|
{
|
|
struct client_connection *p;
|
|
int i;
|
|
|
|
for (p=connections,i=0; p; p=p->next,i++) {
|
|
if (strequal(p->cli->desthost, c->desthost) &&
|
|
strequal(p->cli->share, c->share)) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (p) {
|
|
char *name = clean_name(NULL, p->mount);
|
|
if (!name) {
|
|
return;
|
|
}
|
|
p->mount = talloc_strdup(p, name);
|
|
TALLOC_FREE(name);
|
|
}
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
const char *cli_cm_get_mntpoint(struct cli_state *c)
|
|
{
|
|
struct client_connection *p;
|
|
int i;
|
|
|
|
for (p=connections,i=0; p; p=p->next,i++) {
|
|
if (strequal(p->cli->desthost, c->desthost) &&
|
|
strequal(p->cli->share, c->share)) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (p) {
|
|
return p->mount;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
/********************************************************************
|
|
Add a new connection to the list
|
|
********************************************************************/
|
|
|
|
static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
|
|
struct cli_state *referring_cli,
|
|
const char *server,
|
|
const char *share,
|
|
bool show_hdr,
|
|
bool force_encrypt)
|
|
{
|
|
struct client_connection *node;
|
|
|
|
/* NB This must be the null context here... JRA. */
|
|
node = TALLOC_ZERO_ARRAY(NULL, struct client_connection, 1);
|
|
if (!node) {
|
|
return NULL;
|
|
}
|
|
|
|
node->cli = do_connect(ctx, server, share, show_hdr, force_encrypt);
|
|
|
|
if ( !node->cli ) {
|
|
TALLOC_FREE( node );
|
|
return NULL;
|
|
}
|
|
|
|
DLIST_ADD( connections, node );
|
|
|
|
cli_cm_set_mntpoint(node->cli, "");
|
|
|
|
if (referring_cli && referring_cli->posix_capabilities) {
|
|
uint16 major, minor;
|
|
uint32 caplow, caphigh;
|
|
if (cli_unix_extensions_version(node->cli, &major,
|
|
&minor, &caplow, &caphigh)) {
|
|
cli_set_unix_extensions_capabilities(node->cli,
|
|
major, minor,
|
|
caplow, caphigh);
|
|
}
|
|
}
|
|
|
|
return node->cli;
|
|
}
|
|
|
|
/********************************************************************
|
|
Return a connection to a server.
|
|
********************************************************************/
|
|
|
|
static struct cli_state *cli_cm_find(const char *server, const char *share)
|
|
{
|
|
struct client_connection *p;
|
|
|
|
for (p=connections; p; p=p->next) {
|
|
if ( strequal(server, p->cli->desthost) &&
|
|
strequal(share,p->cli->share)) {
|
|
return p->cli;
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/****************************************************************************
|
|
Open a client connection to a \\server\share. Set's the current *cli
|
|
global variable as a side-effect (but only if the connection is successful).
|
|
****************************************************************************/
|
|
|
|
struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
|
|
struct cli_state *referring_cli,
|
|
const char *server,
|
|
const char *share,
|
|
bool show_hdr,
|
|
bool force_encrypt)
|
|
{
|
|
struct cli_state *c;
|
|
|
|
/* try to reuse an existing connection */
|
|
|
|
c = cli_cm_find(server, share);
|
|
if (!c) {
|
|
c = cli_cm_connect(ctx, referring_cli,
|
|
server, share, show_hdr, force_encrypt);
|
|
}
|
|
|
|
return c;
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
void cli_cm_shutdown(void)
|
|
{
|
|
struct client_connection *p, *x;
|
|
|
|
for (p=connections; p;) {
|
|
cli_shutdown(p->cli);
|
|
x = p;
|
|
p = p->next;
|
|
|
|
TALLOC_FREE(x);
|
|
}
|
|
|
|
connections = NULL;
|
|
return;
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
void cli_cm_display(void)
|
|
{
|
|
struct client_connection *p;
|
|
int i;
|
|
|
|
for ( p=connections,i=0; p; p=p->next,i++ ) {
|
|
d_printf("%d:\tserver=%s, share=%s\n",
|
|
i, p->cli->desthost, p->cli->share );
|
|
}
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
static void cm_set_password(const char *newpass)
|
|
{
|
|
SAFE_FREE(cm_creds.password);
|
|
cm_creds.password = SMB_STRDUP(newpass);
|
|
if (cm_creds.password) {
|
|
cm_creds.got_pass = true;
|
|
}
|
|
}
|
|
|
|
void cli_cm_set_credentials(void)
|
|
{
|
|
SAFE_FREE(cm_creds.username);
|
|
cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username());
|
|
|
|
if (get_cmdline_auth_info_got_pass()) {
|
|
cm_set_password(get_cmdline_auth_info_password());
|
|
}
|
|
|
|
cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos();
|
|
cm_creds.signing_state = get_cmdline_auth_info_signing_state();
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
void cli_cm_set_port(int port_number)
|
|
{
|
|
port = port_number;
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
void cli_cm_set_dest_name_type(int type)
|
|
{
|
|
name_type = type;
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
void cli_cm_set_dest_ss(struct sockaddr_storage *pss)
|
|
{
|
|
dest_ss = *pss;
|
|
have_ip = true;
|
|
}
|
|
|
|
/**********************************************************************
|
|
split a dfs path into the server, share name, and extrapath components
|
|
**********************************************************************/
|
|
|
|
static void split_dfs_path(TALLOC_CTX *ctx,
|
|
const char *nodepath,
|
|
char **pp_server,
|
|
char **pp_share,
|
|
char **pp_extrapath)
|
|
{
|
|
char *p, *q;
|
|
char *path;
|
|
|
|
*pp_server = NULL;
|
|
*pp_share = NULL;
|
|
*pp_extrapath = NULL;
|
|
|
|
path = talloc_strdup(ctx, nodepath);
|
|
if (!path) {
|
|
return;
|
|
}
|
|
|
|
if ( path[0] != '\\' ) {
|
|
return;
|
|
}
|
|
|
|
p = strchr_m( path + 1, '\\' );
|
|
if ( !p ) {
|
|
return;
|
|
}
|
|
|
|
*p = '\0';
|
|
p++;
|
|
|
|
/* Look for any extra/deep path */
|
|
q = strchr_m(p, '\\');
|
|
if (q != NULL) {
|
|
*q = '\0';
|
|
q++;
|
|
*pp_extrapath = talloc_strdup(ctx, q);
|
|
} else {
|
|
*pp_extrapath = talloc_strdup(ctx, "");
|
|
}
|
|
|
|
*pp_share = talloc_strdup(ctx, p);
|
|
*pp_server = talloc_strdup(ctx, &path[1]);
|
|
}
|
|
|
|
/****************************************************************************
|
|
Return the original path truncated at the directory component before
|
|
the first wildcard character. Trust the caller to provide a NULL
|
|
terminated string
|
|
****************************************************************************/
|
|
|
|
static char *clean_path(TALLOC_CTX *ctx, const char *path)
|
|
{
|
|
size_t len;
|
|
char *p1, *p2, *p;
|
|
char *path_out;
|
|
|
|
/* No absolute paths. */
|
|
while (IS_DIRECTORY_SEP(*path)) {
|
|
path++;
|
|
}
|
|
|
|
path_out = talloc_strdup(ctx, path);
|
|
if (!path_out) {
|
|
return NULL;
|
|
}
|
|
|
|
p1 = strchr_m(path_out, '*');
|
|
p2 = strchr_m(path_out, '?');
|
|
|
|
if (p1 || p2) {
|
|
if (p1 && p2) {
|
|
p = MIN(p1,p2);
|
|
} else if (!p1) {
|
|
p = p2;
|
|
} else {
|
|
p = p1;
|
|
}
|
|
*p = '\0';
|
|
|
|
/* Now go back to the start of this component. */
|
|
p1 = strrchr_m(path_out, '/');
|
|
p2 = strrchr_m(path_out, '\\');
|
|
p = MAX(p1,p2);
|
|
if (p) {
|
|
*p = '\0';
|
|
}
|
|
}
|
|
|
|
/* Strip any trailing separator */
|
|
|
|
len = strlen(path_out);
|
|
if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
|
|
path_out[len-1] = '\0';
|
|
}
|
|
|
|
return path_out;
|
|
}
|
|
|
|
/****************************************************************************
|
|
****************************************************************************/
|
|
|
|
static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
|
|
struct cli_state *cli,
|
|
const char *dir)
|
|
{
|
|
/* Ensure the extrapath doesn't start with a separator. */
|
|
while (IS_DIRECTORY_SEP(*dir)) {
|
|
dir++;
|
|
}
|
|
|
|
return talloc_asprintf(ctx, "\\%s\\%s\\%s",
|
|
cli->desthost, cli->share, dir);
|
|
}
|
|
|
|
/********************************************************************
|
|
check for dfs referral
|
|
********************************************************************/
|
|
|
|
static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
|
|
{
|
|
uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
|
|
|
|
/* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
|
|
|
|
if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
|
|
(flgs2&FLAGS2_UNICODE_STRINGS)))
|
|
return false;
|
|
|
|
if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
/********************************************************************
|
|
Get the dfs referral link.
|
|
********************************************************************/
|
|
|
|
bool cli_dfs_get_referral(TALLOC_CTX *ctx,
|
|
struct cli_state *cli,
|
|
const char *path,
|
|
CLIENT_DFS_REFERRAL**refs,
|
|
size_t *num_refs,
|
|
uint16 *consumed)
|
|
{
|
|
unsigned int data_len = 0;
|
|
unsigned int param_len = 0;
|
|
uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
|
|
char *param;
|
|
char *rparam=NULL, *rdata=NULL;
|
|
char *p;
|
|
char *endp;
|
|
size_t pathlen = 2*(strlen(path)+1);
|
|
uint16 num_referrals;
|
|
CLIENT_DFS_REFERRAL *referrals = NULL;
|
|
bool ret = false;
|
|
|
|
*num_refs = 0;
|
|
*refs = NULL;
|
|
|
|
param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
|
|
if (!param) {
|
|
return false;
|
|
}
|
|
SSVAL(param, 0, 0x03); /* max referral level */
|
|
p = ¶m[2];
|
|
|
|
p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
|
|
param_len = PTR_DIFF(p, param);
|
|
|
|
if (!cli_send_trans(cli, SMBtrans2,
|
|
NULL, /* name */
|
|
-1, 0, /* fid, flags */
|
|
&setup, 1, 0, /* setup, length, max */
|
|
param, param_len, 2, /* param, length, max */
|
|
NULL, 0, cli->max_xmit /* data, length, max */
|
|
)) {
|
|
SAFE_FREE(param);
|
|
return false;
|
|
}
|
|
|
|
SAFE_FREE(param);
|
|
|
|
if (!cli_receive_trans(cli, SMBtrans2,
|
|
&rparam, ¶m_len,
|
|
&rdata, &data_len)) {
|
|
return false;
|
|
}
|
|
|
|
if (data_len < 4) {
|
|
goto out;
|
|
}
|
|
|
|
endp = rdata + data_len;
|
|
|
|
*consumed = SVAL(rdata, 0);
|
|
num_referrals = SVAL(rdata, 2);
|
|
|
|
if (num_referrals != 0) {
|
|
uint16 ref_version;
|
|
uint16 ref_size;
|
|
int i;
|
|
uint16 node_offset;
|
|
|
|
referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
|
|
num_referrals);
|
|
|
|
if (!referrals) {
|
|
goto out;
|
|
}
|
|
/* start at the referrals array */
|
|
|
|
p = rdata+8;
|
|
for (i=0; i<num_referrals && p < endp; i++) {
|
|
if (p + 18 > endp) {
|
|
goto out;
|
|
}
|
|
ref_version = SVAL(p, 0);
|
|
ref_size = SVAL(p, 2);
|
|
node_offset = SVAL(p, 16);
|
|
|
|
if (ref_version != 3) {
|
|
p += ref_size;
|
|
continue;
|
|
}
|
|
|
|
referrals[i].proximity = SVAL(p, 8);
|
|
referrals[i].ttl = SVAL(p, 10);
|
|
|
|
if (p + node_offset > endp) {
|
|
goto out;
|
|
}
|
|
clistr_pull_talloc(ctx, cli, &referrals[i].dfspath,
|
|
p+node_offset, -1,
|
|
STR_TERMINATE|STR_UNICODE );
|
|
|
|
if (!referrals[i].dfspath) {
|
|
goto out;
|
|
}
|
|
p += ref_size;
|
|
}
|
|
if (i < num_referrals) {
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
ret = true;
|
|
|
|
*num_refs = num_referrals;
|
|
*refs = referrals;
|
|
|
|
out:
|
|
|
|
SAFE_FREE(rdata);
|
|
SAFE_FREE(rparam);
|
|
return ret;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
bool cli_resolve_path(TALLOC_CTX *ctx,
|
|
const char *mountpt,
|
|
struct cli_state *rootcli,
|
|
const char *path,
|
|
struct cli_state **targetcli,
|
|
char **pp_targetpath)
|
|
{
|
|
CLIENT_DFS_REFERRAL *refs = NULL;
|
|
size_t num_refs = 0;
|
|
uint16 consumed;
|
|
struct cli_state *cli_ipc = NULL;
|
|
char *dfs_path = NULL;
|
|
char *cleanpath = NULL;
|
|
char *extrapath = NULL;
|
|
int pathlen;
|
|
char *server = NULL;
|
|
char *share = NULL;
|
|
struct cli_state *newcli = NULL;
|
|
char *newpath = NULL;
|
|
char *newmount = NULL;
|
|
char *ppath = NULL;
|
|
SMB_STRUCT_STAT sbuf;
|
|
uint32 attributes;
|
|
|
|
if ( !rootcli || !path || !targetcli ) {
|
|
return false;
|
|
}
|
|
|
|
/* Don't do anything if this is not a DFS root. */
|
|
|
|
if ( !rootcli->dfsroot) {
|
|
*targetcli = rootcli;
|
|
*pp_targetpath = talloc_strdup(ctx, path);
|
|
if (!*pp_targetpath) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
*targetcli = NULL;
|
|
|
|
/* Send a trans2_query_path_info to check for a referral. */
|
|
|
|
cleanpath = clean_path(ctx, path);
|
|
if (!cleanpath) {
|
|
return false;
|
|
}
|
|
|
|
dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
|
|
if (!dfs_path) {
|
|
return false;
|
|
}
|
|
|
|
if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
|
|
/* This is an ordinary path, just return it. */
|
|
*targetcli = rootcli;
|
|
*pp_targetpath = talloc_strdup(ctx, path);
|
|
if (!*pp_targetpath) {
|
|
return false;
|
|
}
|
|
goto done;
|
|
}
|
|
|
|
/* Special case where client asked for a path that does not exist */
|
|
|
|
if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
|
|
*targetcli = rootcli;
|
|
*pp_targetpath = talloc_strdup(ctx, path);
|
|
if (!*pp_targetpath) {
|
|
return false;
|
|
}
|
|
goto done;
|
|
}
|
|
|
|
/* We got an error, check for DFS referral. */
|
|
|
|
if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
|
|
return false;
|
|
}
|
|
|
|
/* Check for the referral. */
|
|
|
|
if (!(cli_ipc = cli_cm_open(ctx, rootcli,
|
|
rootcli->desthost,
|
|
"IPC$", false,
|
|
(rootcli->trans_enc_state != NULL)))) {
|
|
return false;
|
|
}
|
|
|
|
if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
|
|
&num_refs, &consumed) || !num_refs) {
|
|
return false;
|
|
}
|
|
|
|
/* Just store the first referral for now. */
|
|
|
|
if (!refs[0].dfspath) {
|
|
return false;
|
|
}
|
|
split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
|
|
|
|
if (!server || !share) {
|
|
return false;
|
|
}
|
|
|
|
/* Make sure to recreate the original string including any wildcards. */
|
|
|
|
dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
|
|
if (!dfs_path) {
|
|
return false;
|
|
}
|
|
pathlen = strlen(dfs_path)*2;
|
|
consumed = MIN(pathlen, consumed);
|
|
*pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed/2]);
|
|
if (!*pp_targetpath) {
|
|
return false;
|
|
}
|
|
dfs_path[consumed/2] = '\0';
|
|
|
|
/*
|
|
* *pp_targetpath is now the unconsumed part of the path.
|
|
* dfs_path is now the consumed part of the path
|
|
* (in \server\share\path format).
|
|
*/
|
|
|
|
/* Open the connection to the target server & share */
|
|
if ((*targetcli = cli_cm_open(ctx, rootcli,
|
|
server,
|
|
share,
|
|
false,
|
|
(rootcli->trans_enc_state != NULL))) == NULL) {
|
|
d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
|
|
server, share );
|
|
return false;
|
|
}
|
|
|
|
if (extrapath && strlen(extrapath) > 0) {
|
|
*pp_targetpath = talloc_asprintf(ctx,
|
|
"%s%s",
|
|
extrapath,
|
|
*pp_targetpath);
|
|
if (!*pp_targetpath) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/* parse out the consumed mount path */
|
|
/* trim off the \server\share\ */
|
|
|
|
ppath = dfs_path;
|
|
|
|
if (*ppath != '\\') {
|
|
d_printf("cli_resolve_path: "
|
|
"dfs_path (%s) not in correct format.\n",
|
|
dfs_path );
|
|
return false;
|
|
}
|
|
|
|
ppath++; /* Now pointing at start of server name. */
|
|
|
|
if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
|
|
return false;
|
|
}
|
|
|
|
ppath++; /* Now pointing at start of share name. */
|
|
|
|
if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
|
|
return false;
|
|
}
|
|
|
|
ppath++; /* Now pointing at path component. */
|
|
|
|
newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
|
|
if (!newmount) {
|
|
return false;
|
|
}
|
|
|
|
cli_cm_set_mntpoint(*targetcli, newmount);
|
|
|
|
/* Check for another dfs referral, note that we are not
|
|
checking for loops here. */
|
|
|
|
if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
|
|
if (cli_resolve_path(ctx,
|
|
newmount,
|
|
*targetcli,
|
|
*pp_targetpath,
|
|
&newcli,
|
|
&newpath)) {
|
|
/*
|
|
* When cli_resolve_path returns true here it's always
|
|
* returning the complete path in newpath, so we're done
|
|
* here.
|
|
*/
|
|
*targetcli = newcli;
|
|
*pp_targetpath = newpath;
|
|
return true;
|
|
}
|
|
}
|
|
|
|
done:
|
|
|
|
/* If returning true ensure we return a dfs root full path. */
|
|
if ((*targetcli)->dfsroot) {
|
|
dfs_path = talloc_strdup(ctx, *pp_targetpath);
|
|
if (!dfs_path) {
|
|
return false;
|
|
}
|
|
*pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/********************************************************************
|
|
********************************************************************/
|
|
|
|
static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
|
|
struct cli_state *cli,
|
|
const char *sharename,
|
|
char **pp_newserver,
|
|
char **pp_newshare,
|
|
bool force_encrypt,
|
|
const char *username,
|
|
const char *password,
|
|
const char *domain)
|
|
{
|
|
CLIENT_DFS_REFERRAL *refs = NULL;
|
|
size_t num_refs = 0;
|
|
uint16 consumed;
|
|
char *fullpath = NULL;
|
|
bool res;
|
|
uint16 cnum;
|
|
char *newextrapath = NULL;
|
|
|
|
if (!cli || !sharename) {
|
|
return false;
|
|
}
|
|
|
|
cnum = cli->cnum;
|
|
|
|
/* special case. never check for a referral on the IPC$ share */
|
|
|
|
if (strequal(sharename, "IPC$")) {
|
|
return false;
|
|
}
|
|
|
|
/* send a trans2_query_path_info to check for a referral */
|
|
|
|
fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
|
|
if (!fullpath) {
|
|
return false;
|
|
}
|
|
|
|
/* check for the referral */
|
|
|
|
if (!cli_send_tconX(cli, "IPC$", "IPC", NULL, 0)) {
|
|
return false;
|
|
}
|
|
|
|
if (force_encrypt) {
|
|
NTSTATUS status = cli_cm_force_encryption(cli,
|
|
username,
|
|
password,
|
|
lp_workgroup(),
|
|
"IPC$");
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
|
|
|
|
if (!cli_tdis(cli)) {
|
|
return false;
|
|
}
|
|
|
|
cli->cnum = cnum;
|
|
|
|
if (!res || !num_refs) {
|
|
return false;
|
|
}
|
|
|
|
if (!refs[0].dfspath) {
|
|
return false;
|
|
}
|
|
|
|
split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
|
|
pp_newshare, &newextrapath );
|
|
|
|
if (!pp_newserver || !pp_newshare) {
|
|
return false;
|
|
}
|
|
|
|
/* check that this is not a self-referral */
|
|
|
|
if (strequal(cli->desthost, *pp_newserver) &&
|
|
strequal(sharename, *pp_newshare)) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|