diff options
Diffstat (limited to 'source3/libsmb/clidfs.c')
| -rw-r--r-- | source3/libsmb/clidfs.c | 1125 |
1 files changed, 1125 insertions, 0 deletions
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c new file mode 100644 index 0000000000..7b63f9535e --- /dev/null +++ b/source3/libsmb/clidfs.c @@ -0,0 +1,1125 @@ +/* + Unix SMB/CIFS implementation. + client connect/disconnect routines + Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) Gerald (Jerry) Carter 2004 + Copyright (C) Jeremy Allison 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +/******************************************************************** + Important point. + + DFS paths are *always* of the form \server\share\<pathname> (the \ characters + are not C escaped here). + + - but if we're using POSIX paths then <pathname> may contain + '/' separators, not '\\' separators. So cope with '\\' or '/' + as a separator when looking at the pathname part.... JRA. +********************************************************************/ + +struct client_connection { + struct client_connection *prev, *next; + struct cli_state *cli; + char *mount; +}; + +/* global state....globals reek! */ +int max_protocol = PROTOCOL_NT1; + +static struct cm_cred_struct { + char *username; + char *password; + bool got_pass; + bool use_kerberos; + bool fallback_after_kerberos; + int signing_state; +} cm_creds; + +static void cm_set_password(const char *newpass); + +static int port; +static int name_type = 0x20; +static bool have_ip; +static struct sockaddr_storage dest_ss; + +static struct client_connection *connections; + +static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, + struct cli_state *cli, + const char *sharename, + char **pp_newserver, + char **pp_newshare, + bool force_encrypt, + const char *username, + const char *password, + const char *domain); + +/******************************************************************** + Ensure a connection is encrypted. +********************************************************************/ + +NTSTATUS cli_cm_force_encryption(struct cli_state *c, + const char *username, + const char *password, + const char *domain, + const char *sharename) +{ + NTSTATUS status = cli_force_encryption(c, + username, + password, + domain); + + if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) { + d_printf("Encryption required and " + "server that doesn't support " + "UNIX extensions - failing connect\n"); + } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) { + d_printf("Encryption required and " + "can't get UNIX CIFS extensions " + "version from server.\n"); + } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) { + d_printf("Encryption required and " + "share %s doesn't support " + "encryption.\n", sharename); + } else if (!NT_STATUS_IS_OK(status)) { + d_printf("Encryption required and " + "setup failed with error %s.\n", + nt_errstr(status)); + } + + return status; +} + +/******************************************************************** + Return a connection to a server. +********************************************************************/ + +static struct cli_state *do_connect(TALLOC_CTX *ctx, + const char *server, + const char *share, + bool show_sessetup, + bool force_encrypt) +{ + struct cli_state *c = NULL; + struct nmb_name called, calling; + const char *server_n; + struct sockaddr_storage ss; + char *servicename; + char *sharename; + char *newserver, *newshare; + const char *username; + const char *password; + NTSTATUS status; + + /* make a copy so we don't modify the global string 'service' */ + servicename = talloc_strdup(ctx,share); + if (!servicename) { + return NULL; + } + sharename = servicename; + if (*sharename == '\\') { + server = sharename+2; + sharename = strchr_m(server,'\\'); + if (!sharename) { + return NULL; + } + *sharename = 0; + sharename++; + } + + server_n = server; + + zero_addr(&ss); + + make_nmb_name(&calling, global_myname(), 0x0); + make_nmb_name(&called , server, name_type); + + again: + zero_addr(&ss); + if (have_ip) + ss = dest_ss; + + /* have to open a new connection */ + if (!(c=cli_initialise()) || (cli_set_port(c, port) != port)) { + d_printf("Connection to %s failed\n", server_n); + if (c) { + cli_shutdown(c); + } + return NULL; + } + status = cli_connect(c, server_n, &ss); + if (!NT_STATUS_IS_OK(status)) { + d_printf("Connection to %s failed (Error %s)\n", + server_n, + nt_errstr(status)); + cli_shutdown(c); + return NULL; + } + + c->protocol = max_protocol; + c->use_kerberos = cm_creds.use_kerberos; + c->fallback_after_kerberos = cm_creds.fallback_after_kerberos; + cli_setup_signing_state(c, cm_creds.signing_state); + + if (!cli_session_request(c, &calling, &called)) { + char *p; + d_printf("session request to %s failed (%s)\n", + called.name, cli_errstr(c)); + cli_shutdown(c); + c = NULL; + if ((p=strchr_m(called.name, '.'))) { + *p = 0; + goto again; + } + if (strcmp(called.name, "*SMBSERVER")) { + make_nmb_name(&called , "*SMBSERVER", 0x20); + goto again; + } + return NULL; + } + + DEBUG(4,(" session request ok\n")); + + if (!cli_negprot(c)) { + d_printf("protocol negotiation failed\n"); + cli_shutdown(c); + return NULL; + } + + if (!cm_creds.got_pass && !cm_creds.use_kerberos) { + char *label = NULL; + char *pass; + label = talloc_asprintf(ctx, "Enter %s's password: ", + cm_creds.username); + pass = getpass(label); + if (pass) { + cm_set_password(pass); + } + TALLOC_FREE(label); + } + + username = cm_creds.username ? cm_creds.username : ""; + password = cm_creds.password ? cm_creds.password : ""; + + if (!NT_STATUS_IS_OK(cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + lp_workgroup()))) { + /* If a password was not supplied then + * try again with a null username. */ + if (password[0] || !username[0] || cm_creds.use_kerberos || + !NT_STATUS_IS_OK(cli_session_setup(c, "", + "", 0, + "", 0, + lp_workgroup()))) { + d_printf("session setup failed: %s\n", cli_errstr(c)); + if (NT_STATUS_V(cli_nt_error(c)) == + NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED)) + d_printf("did you forget to run kinit?\n"); + cli_shutdown(c); + return NULL; + } + d_printf("Anonymous login successful\n"); + } + + if ( show_sessetup ) { + if (*c->server_domain) { + DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n", + c->server_domain,c->server_os,c->server_type)); + } else if (*c->server_os || *c->server_type) { + DEBUG(0,("OS=[%s] Server=[%s]\n", + c->server_os,c->server_type)); + } + } + DEBUG(4,(" session setup ok\n")); + + /* here's the fun part....to support 'msdfs proxy' shares + (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL + here before trying to connect to the original share. + check_dfs_proxy() will fail if it is a normal share. */ + + if ((c->capabilities & CAP_DFS) && + cli_check_msdfs_proxy(ctx, c, sharename, + &newserver, &newshare, + force_encrypt, + username, + password, + lp_workgroup())) { + cli_shutdown(c); + return do_connect(ctx, newserver, + newshare, false, force_encrypt); + } + + /* must be a normal share */ + + if (!cli_send_tconX(c, sharename, "?????", + password, strlen(password)+1)) { + d_printf("tree connect failed: %s\n", cli_errstr(c)); + cli_shutdown(c); + return NULL; + } + + if (force_encrypt) { + status = cli_cm_force_encryption(c, + username, + password, + lp_workgroup(), + sharename); + if (!NT_STATUS_IS_OK(status)) { + cli_shutdown(c); + return NULL; + } + } + + DEBUG(4,(" tconx ok\n")); + return c; +} + +/**************************************************************************** +****************************************************************************/ + +static void cli_cm_set_mntpoint(struct cli_state *c, const char *mnt) +{ + struct client_connection *p; + int i; + + for (p=connections,i=0; p; p=p->next,i++) { + if (strequal(p->cli->desthost, c->desthost) && + strequal(p->cli->share, c->share)) { + break; + } + } + + if (p) { + char *name = clean_name(NULL, p->mount); + if (!name) { + return; + } + p->mount = talloc_strdup(p, name); + TALLOC_FREE(name); + } +} + +/**************************************************************************** +****************************************************************************/ + +const char *cli_cm_get_mntpoint(struct cli_state *c) +{ + struct client_connection *p; + int i; + + for (p=connections,i=0; p; p=p->next,i++) { + if (strequal(p->cli->desthost, c->desthost) && + strequal(p->cli->share, c->share)) { + break; + } + } + + if (p) { + return p->mount; + } + return NULL; +} + +/******************************************************************** + Add a new connection to the list +********************************************************************/ + +static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx, + struct cli_state *referring_cli, + const char *server, + const char *share, + bool show_hdr, + bool force_encrypt) +{ + struct client_connection *node; + + /* NB This must be the null context here... JRA. */ + node = TALLOC_ZERO_ARRAY(NULL, struct client_connection, 1); + if (!node) { + return NULL; + } + + node->cli = do_connect(ctx, server, share, show_hdr, force_encrypt); + + if ( !node->cli ) { + TALLOC_FREE( node ); + return NULL; + } + + DLIST_ADD( connections, node ); + + cli_cm_set_mntpoint(node->cli, ""); + + if (referring_cli && referring_cli->posix_capabilities) { + uint16 major, minor; + uint32 caplow, caphigh; + if (cli_unix_extensions_version(node->cli, &major, + &minor, &caplow, &caphigh)) { + cli_set_unix_extensions_capabilities(node->cli, + major, minor, + caplow, caphigh); + } + } + + return node->cli; +} + +/******************************************************************** + Return a connection to a server. +********************************************************************/ + +static struct cli_state *cli_cm_find(const char *server, const char *share) +{ + struct client_connection *p; + + for (p=connections; p; p=p->next) { + if ( strequal(server, p->cli->desthost) && + strequal(share,p->cli->share)) { + return p->cli; + } + } + + return NULL; +} + +/**************************************************************************** + Open a client connection to a \\server\share. Set's the current *cli + global variable as a side-effect (but only if the connection is successful). +****************************************************************************/ + +struct cli_state *cli_cm_open(TALLOC_CTX *ctx, + struct cli_state *referring_cli, + const char *server, + const char *share, + bool show_hdr, + bool force_encrypt) +{ + struct cli_state *c; + + /* try to reuse an existing connection */ + + c = cli_cm_find(server, share); + if (!c) { + c = cli_cm_connect(ctx, referring_cli, + server, share, show_hdr, force_encrypt); + } + + return c; +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_shutdown(void) +{ + struct client_connection *p, *x; + + for (p=connections; p;) { + cli_shutdown(p->cli); + x = p; + p = p->next; + + TALLOC_FREE(x); + } + + connections = NULL; + return; +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_display(void) +{ + struct client_connection *p; + int i; + + for ( p=connections,i=0; p; p=p->next,i++ ) { + d_printf("%d:\tserver=%s, share=%s\n", + i, p->cli->desthost, p->cli->share ); + } +} + +/**************************************************************************** +****************************************************************************/ + +static void cm_set_password(const char *newpass) +{ + SAFE_FREE(cm_creds.password); + cm_creds.password = SMB_STRDUP(newpass); + if (cm_creds.password) { + cm_creds.got_pass = true; + } +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_credentials(void) +{ + SAFE_FREE(cm_creds.username); + cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username()); + + if (get_cmdline_auth_info_got_pass()) { + cm_set_password(get_cmdline_auth_info_password()); + } + + cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(); + cm_creds.fallback_after_kerberos = false; + cm_creds.signing_state = get_cmdline_auth_info_signing_state(); +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_port(int port_number) +{ + port = port_number; +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_dest_name_type(int type) +{ + name_type = type; +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_signing_state(int state) +{ + cm_creds.signing_state = state; +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_username(const char *username) +{ + SAFE_FREE(cm_creds.username); + cm_creds.username = SMB_STRDUP(username); +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_password(const char *newpass) +{ + SAFE_FREE(cm_creds.password); + cm_creds.password = SMB_STRDUP(newpass); + if (cm_creds.password) { + cm_creds.got_pass = true; + } +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_use_kerberos(void) +{ + cm_creds.use_kerberos = true; +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_fallback_after_kerberos(void) +{ + cm_creds.fallback_after_kerberos = true; +} + +/**************************************************************************** +****************************************************************************/ + +void cli_cm_set_dest_ss(struct sockaddr_storage *pss) +{ + dest_ss = *pss; + have_ip = true; +} + +/********************************************************************** + split a dfs path into the server, share name, and extrapath components +**********************************************************************/ + +static void split_dfs_path(TALLOC_CTX *ctx, + const char *nodepath, + char **pp_server, + char **pp_share, + char **pp_extrapath) +{ + char *p, *q; + char *path; + + *pp_server = NULL; + *pp_share = NULL; + *pp_extrapath = NULL; + + path = talloc_strdup(ctx, nodepath); + if (!path) { + return; + } + + if ( path[0] != '\\' ) { + return; + } + + p = strchr_m( path + 1, '\\' ); + if ( !p ) { + return; + } + + *p = '\0'; + p++; + + /* Look for any extra/deep path */ + q = strchr_m(p, '\\'); + if (q != NULL) { + *q = '\0'; + q++; + *pp_extrapath = talloc_strdup(ctx, q); + } else { + *pp_extrapath = talloc_strdup(ctx, ""); + } + + *pp_share = talloc_strdup(ctx, p); + *pp_server = talloc_strdup(ctx, &path[1]); +} + +/**************************************************************************** + Return the original path truncated at the directory component before + the first wildcard character. Trust the caller to provide a NULL + terminated string +****************************************************************************/ + +static char *clean_path(TALLOC_CTX *ctx, const char *path) +{ + size_t len; + char *p1, *p2, *p; + char *path_out; + + /* No absolute paths. */ + while (IS_DIRECTORY_SEP(*path)) { + path++; + } + + path_out = talloc_strdup(ctx, path); + if (!path_out) { + return NULL; + } + + p1 = strchr_m(path_out, '*'); + p2 = strchr_m(path_out, '?'); + + if (p1 || p2) { + if (p1 && p2) { + p = MIN(p1,p2); + } else if (!p1) { + p = p2; + } else { + p = p1; + } + *p = '\0'; + + /* Now go back to the start of this component. */ + p1 = strrchr_m(path_out, '/'); + p2 = strrchr_m(path_out, '\\'); + p = MAX(p1,p2); + if (p) { + *p = '\0'; + } + } + + /* Strip any trailing separator */ + + len = strlen(path_out); + if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) { + path_out[len-1] = '\0'; + } + + return path_out; +} + +/**************************************************************************** +****************************************************************************/ + +static char *cli_dfs_make_full_path(TALLOC_CTX *ctx, + struct cli_state *cli, + const char *dir) +{ + /* Ensure the extrapath doesn't start with a separator. */ + while (IS_DIRECTORY_SEP(*dir)) { + dir++; + } + + return talloc_asprintf(ctx, "\\%s\\%s\\%s", + cli->desthost, cli->share, dir); +} + +/******************************************************************** + check for dfs referral +********************************************************************/ + +static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status ) +{ + uint32 flgs2 = SVAL(cli->inbuf,smb_flg2); + + /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */ + + if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) && + (flgs2&FLAGS2_UNICODE_STRINGS))) + return false; + + if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls)))) + return true; + + return false; +} + +/******************************************************************** + Get the dfs referral link. +********************************************************************/ + +bool cli_dfs_get_referral(TALLOC_CTX *ctx, + struct cli_state *cli, + const char *path, + CLIENT_DFS_REFERRAL**refs, + size_t *num_refs, + uint16 *consumed) +{ + unsigned int data_len = 0; + unsigned int param_len = 0; + uint16 setup = TRANSACT2_GET_DFS_REFERRAL; + char *param; + char *rparam=NULL, *rdata=NULL; + char *p; + char *endp; + size_t pathlen = 2*(strlen(path)+1); + uint16 num_referrals; + CLIENT_DFS_REFERRAL *referrals = NULL; + bool ret = false; + + *num_refs = 0; + *refs = NULL; + + param = SMB_MALLOC_ARRAY(char, 2+pathlen+2); + if (!param) { + return false; + } + SSVAL(param, 0, 0x03); /* max referral level */ + p = ¶m[2]; + + p += clistr_push(cli, p, path, pathlen, STR_TERMINATE); + param_len = PTR_DIFF(p, param); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, /* name */ + -1, 0, /* fid, flags */ + &setup, 1, 0, /* setup, length, max */ + param, param_len, 2, /* param, length, max */ + NULL, 0, cli->max_xmit /* data, length, max */ + )) { + SAFE_FREE(param); + return false; + } + + SAFE_FREE(param); + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, ¶m_len, + &rdata, &data_len)) { + return false; + } + + if (data_len < 4) { + goto out; + } + + endp = rdata + data_len; + + *consumed = SVAL(rdata, 0); + num_referrals = SVAL(rdata, 2); + + if (num_referrals != 0) { + uint16 ref_version; + uint16 ref_size; + int i; + uint16 node_offset; + + referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL, + num_referrals); + + if (!referrals) { + goto out; + } + /* start at the referrals array */ + + p = rdata+8; + for (i=0; i<num_referrals && p < endp; i++) { + if (p + 18 > endp) { + goto out; + } + ref_version = SVAL(p, 0); + ref_size = SVAL(p, 2); + node_offset = SVAL(p, 16); + + if (ref_version != 3) { + p += ref_size; + continue; + } + + referrals[i].proximity = SVAL(p, 8); + referrals[i].ttl = SVAL(p, 10); + + if (p + node_offset > endp) { + goto out; + } + clistr_pull_talloc(ctx, cli, &referrals[i].dfspath, + p+node_offset, -1, + STR_TERMINATE|STR_UNICODE ); + + if (!referrals[i].dfspath) { + goto out; + } + p += ref_size; + } + if (i < num_referrals) { + goto out; + } + } + + ret = true; + + *num_refs = num_referrals; + *refs = referrals; + + out: + + SAFE_FREE(rdata); + SAFE_FREE(rparam); + return ret; +} + +/******************************************************************** +********************************************************************/ + +bool cli_resolve_path(TALLOC_CTX *ctx, + const char *mountpt, + struct cli_state *rootcli, + const char *path, + struct cli_state **targetcli, + char **pp_targetpath) +{ + CLIENT_DFS_REFERRAL *refs = NULL; + size_t num_refs = 0; + uint16 consumed; + struct cli_state *cli_ipc = NULL; + char *dfs_path = NULL; + char *cleanpath = NULL; + char *extrapath = NULL; + int pathlen; + char *server = NULL; + char *share = NULL; + struct cli_state *newcli = NULL; + char *newpath = NULL; + char *newmount = NULL; + char *ppath = NULL; + SMB_STRUCT_STAT sbuf; + uint32 attributes; + + if ( !rootcli || !path || !targetcli ) { + return false; + } + + /* Don't do anything if this is not a DFS root. */ + + if ( !rootcli->dfsroot) { + *targetcli = rootcli; + *pp_targetpath = talloc_strdup(ctx, path); + if (!*pp_targetpath) { + return false; + } + return true; + } + + *targetcli = NULL; + + /* Send a trans2_query_path_info to check for a referral. */ + + cleanpath = clean_path(ctx, path); + if (!cleanpath) { + return false; + } + + dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath); + if (!dfs_path) { + return false; + } + + if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) { + /* This is an ordinary path, just return it. */ + *targetcli = rootcli; + *pp_targetpath = talloc_strdup(ctx, path); + if (!*pp_targetpath) { + return false; + } + goto done; + } + + /* Special case where client asked for a path that does not exist */ + + if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + *targetcli = rootcli; + *pp_targetpath = talloc_strdup(ctx, path); + if (!*pp_targetpath) { + return false; + } + goto done; + } + + /* We got an error, check for DFS referral. */ + + if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) { + return false; + } + + /* Check for the referral. */ + + if (!(cli_ipc = cli_cm_open(ctx, rootcli, + rootcli->desthost, + "IPC$", false, + (rootcli->trans_enc_state != NULL)))) { + return false; + } + + if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs, + &num_refs, &consumed) || !num_refs) { + return false; + } + + /* Just store the first referral for now. */ + + if (!refs[0].dfspath) { + return false; + } + split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath ); + + if (!server || !share) { + return false; + } + + /* Make sure to recreate the original string including any wildcards. */ + + dfs_path = cli_dfs_make_full_path(ctx, rootcli, path); + if (!dfs_path) { + return false; + } + pathlen = strlen(dfs_path)*2; + consumed = MIN(pathlen, consumed); + *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed/2]); + if (!*pp_targetpath) { + return false; + } + dfs_path[consumed/2] = '\0'; + + /* + * *pp_targetpath is now the unconsumed part of the path. + * dfs_path is now the consumed part of the path + * (in \server\share\path format). + */ + + /* Open the connection to the target server & share */ + if ((*targetcli = cli_cm_open(ctx, rootcli, + server, + share, + false, + (rootcli->trans_enc_state != NULL))) == NULL) { + d_printf("Unable to follow dfs referral [\\%s\\%s]\n", + server, share ); + return false; + } + + if (extrapath && strlen(extrapath) > 0) { + *pp_targetpath = talloc_asprintf(ctx, + "%s%s", + extrapath, + *pp_targetpath); + if (!*pp_targetpath) { + return false; + } + } + + /* parse out the consumed mount path */ + /* trim off the \server\share\ */ + + ppath = dfs_path; + + if (*ppath != '\\') { + d_printf("cli_resolve_path: " + "dfs_path (%s) not in correct format.\n", + dfs_path ); + return false; + } + + ppath++; /* Now pointing at start of server name. */ + + if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) { + return false; + } + + ppath++; /* Now pointing at start of share name. */ + + if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) { + return false; + } + + ppath++; /* Now pointing at path component. */ + + newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath ); + if (!newmount) { + return false; + } + + cli_cm_set_mntpoint(*targetcli, newmount); + + /* Check for another dfs referral, note that we are not + checking for loops here. */ + + if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) { + if (cli_resolve_path(ctx, + newmount, + *targetcli, + *pp_targetpath, + &newcli, + &newpath)) { + /* + * When cli_resolve_path returns true here it's always + * returning the complete path in newpath, so we're done + * here. + */ + *targetcli = newcli; + *pp_targetpath = newpath; + return true; + } + } + + done: + + /* If returning true ensure we return a dfs root full path. */ + if ((*targetcli)->dfsroot) { + dfs_path = talloc_strdup(ctx, *pp_targetpath); + if (!dfs_path) { + return false; + } + *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path); + } + + return true; +} + +/******************************************************************** +********************************************************************/ + +static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, + struct cli_state *cli, + const char *sharename, + char **pp_newserver, + char **pp_newshare, + bool force_encrypt, + const char *username, + const char *password, + const char *domain) +{ + CLIENT_DFS_REFERRAL *refs = NULL; + size_t num_refs = 0; + uint16 consumed; + char *fullpath = NULL; + bool res; + uint16 cnum; + char *newextrapath = NULL; + + if (!cli || !sharename) { + return false; + } + + cnum = cli->cnum; + + /* special case. never check for a referral on the IPC$ share */ + + if (strequal(sharename, "IPC$")) { + return false; + } + + /* send a trans2_query_path_info to check for a referral */ + + fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename ); + if (!fullpath) { + return false; + } + + /* check for the referral */ + + if (!cli_send_tconX(cli, "IPC$", "IPC", NULL, 0)) { + return false; + } + + if (force_encrypt) { + NTSTATUS status = cli_cm_force_encryption(cli, + username, + password, + lp_workgroup(), + "IPC$"); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + } + + res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed); + + if (!cli_tdis(cli)) { + return false; + } + + cli->cnum = cnum; + + if (!res || !num_refs) { + return false; + } + + if (!refs[0].dfspath) { + return false; + } + + split_dfs_path(ctx, refs[0].dfspath, pp_newserver, + pp_newshare, &newextrapath ); + + if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) { + return false; + } + + /* check that this is not a self-referral */ + + if (strequal(cli->desthost, *pp_newserver) && + strequal(sharename, *pp_newshare)) { + return false; + } + + return true; +} |