2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libsmb/libsmb.h"
24 #include "libsmb/clirap.h"
27 #include "libsmb/nmblib.h"
28 #include "../libcli/smb/smbXcli_base.h"
29 #include "auth/credentials/credentials.h"
30 #include "lib/param/param.h"
31 #include "libcli/smb/smb2_negotiate_context.h"
33 /********************************************************************
36 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
37 are not C escaped here).
39 - but if we're using POSIX paths then <pathname> may contain
40 '/' separators, not '\\' separators. So cope with '\\' or '/'
41 as a separator when looking at the pathname part.... JRA.
42 ********************************************************************/
44 /********************************************************************
45 Ensure a connection is encrypted.
46 ********************************************************************/
48 static NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
49 struct cli_credentials *creds,
50 const char *sharename)
52 uint16_t major, minor;
53 uint32_t caplow, caphigh;
55 bool temp_ipc = false;
57 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
58 status = smb2cli_session_encryption_on(c->smb2.session);
59 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
60 d_printf("Encryption required and "
61 "server doesn't support "
62 "SMB3 encryption - failing connect\n");
63 } else if (!NT_STATUS_IS_OK(status)) {
64 d_printf("Encryption required and "
65 "setup failed with error %s.\n",
71 if (!SERVER_HAS_UNIX_CIFS(c)) {
72 d_printf("Encryption required and "
73 "server that doesn't support "
74 "UNIX extensions - failing connect\n");
75 return NT_STATUS_NOT_SUPPORTED;
78 if (c->smb1.tcon == NULL) {
79 status = cli_tree_connect_creds(c, "IPC$", "IPC", creds);
80 if (!NT_STATUS_IS_OK(status)) {
81 d_printf("Encryption required and "
82 "can't connect to IPC$ to check "
83 "UNIX CIFS extensions.\n");
84 return NT_STATUS_UNKNOWN_REVISION;
89 status = cli_unix_extensions_version(c, &major, &minor, &caplow,
91 if (!NT_STATUS_IS_OK(status)) {
92 d_printf("Encryption required and "
93 "can't get UNIX CIFS extensions "
94 "version from server.\n");
98 return NT_STATUS_UNKNOWN_REVISION;
101 if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
102 d_printf("Encryption required and "
103 "share %s doesn't support "
104 "encryption.\n", sharename);
108 return NT_STATUS_UNSUPPORTED_COMPRESSION;
111 status = cli_smb1_setup_encryption(c, creds);
112 if (!NT_STATUS_IS_OK(status)) {
113 d_printf("Encryption required and "
114 "setup failed with error %s.\n",
128 /********************************************************************
129 Return a connection to a server.
130 ********************************************************************/
132 static NTSTATUS do_connect(TALLOC_CTX *ctx,
135 struct cli_credentials *creds,
136 const struct sockaddr_storage *dest_ss,
139 struct cli_state **pcli)
141 struct cli_state *c = NULL;
144 char *newserver, *newshare;
147 enum protocol_types protocol = PROTOCOL_NONE;
148 enum smb_signing_setting signing_state =
149 cli_credentials_get_smb_signing(creds);
150 enum smb_encryption_setting encryption_state =
151 cli_credentials_get_smb_encryption(creds);
152 struct smb2_negotiate_contexts *in_contexts = NULL;
153 struct smb2_negotiate_contexts *out_contexts = NULL;
155 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
156 signing_state = SMB_SIGNING_REQUIRED;
159 /* make a copy so we don't modify the global string 'service' */
160 servicename = talloc_strdup(ctx,share);
162 return NT_STATUS_NO_MEMORY;
164 sharename = servicename;
165 if (*sharename == '\\') {
167 if (server == NULL) {
170 sharename = strchr_m(sharename,'\\');
172 return NT_STATUS_NO_MEMORY;
177 if (server == NULL) {
178 return NT_STATUS_INVALID_PARAMETER;
182 * The functions cli_resolve_path() and cli_cm_open() might not create a
183 * new cli context, but might return an already existing one. This
184 * forces us to have a long lived cli allocated on the NULL context.
186 status = cli_connect_nb(NULL,
196 if (!NT_STATUS_IS_OK(status)) {
197 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
198 DBG_ERR("NetBIOS support disabled, unable to connect\n");
201 DBG_WARNING("Connection to %s failed (Error %s)\n",
207 DEBUG(4,(" session request ok\n"));
209 in_contexts = talloc_zero(ctx, struct smb2_negotiate_contexts);
210 if (in_contexts == NULL) {
211 return NT_STATUS_NO_MEMORY;
214 status = smb2_negotiate_context_add(
217 SMB2_POSIX_EXTENSIONS_AVAILABLE,
218 (const uint8_t *)SMB2_CREATE_TAG_POSIX,
219 strlen(SMB2_CREATE_TAG_POSIX));
220 if (!NT_STATUS_IS_OK(status)) {
224 status = smbXcli_negprot(c->conn,
226 lp_client_min_protocol(),
227 lp_client_max_protocol(),
231 TALLOC_FREE(in_contexts);
233 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
234 d_printf("Protocol negotiation (with timeout %d ms) timed out against server %s\n",
236 smbXcli_conn_remote_name(c->conn));
239 } else if (!NT_STATUS_IS_OK(status)) {
240 d_printf("Protocol negotiation to server %s (for a protocol between %s and %s) failed: %s\n",
241 smbXcli_conn_remote_name(c->conn),
242 lpcfg_get_smb_protocol(lp_client_min_protocol()),
243 lpcfg_get_smb_protocol(lp_client_max_protocol()),
248 protocol = smbXcli_conn_protocol(c->conn);
249 DEBUG(4,(" negotiated dialect[%s] against server[%s]\n",
250 smb_protocol_types_string(protocol),
251 smbXcli_conn_remote_name(c->conn)));
253 if (protocol >= PROTOCOL_SMB2_02) {
254 /* Ensure we ask for some initial credits. */
255 smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
258 status = cli_session_setup_creds(c, creds);
259 if (!NT_STATUS_IS_OK(status)) {
260 /* If a password was not supplied then
261 * try again with a null username. */
262 if (encryption_state == SMB_ENCRYPTION_REQUIRED ||
263 smbXcli_conn_signing_mandatory(c->conn) ||
264 cli_credentials_authentication_requested(creds) ||
265 cli_credentials_is_anonymous(creds) ||
266 !NT_STATUS_IS_OK(status = cli_session_setup_anon(c)))
268 d_printf("session setup failed: %s\n",
270 if (NT_STATUS_EQUAL(status,
271 NT_STATUS_MORE_PROCESSING_REQUIRED))
272 d_printf("did you forget to run kinit?\n");
276 d_printf("Anonymous login successful\n");
279 if (!NT_STATUS_IS_OK(status)) {
280 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
285 DEBUG(4,(" session setup ok\n"));
287 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
288 status = cli_cm_force_encryption_creds(c,
291 if (!NT_STATUS_IS_OK(status)) {
292 switch (encryption_state) {
293 case SMB_ENCRYPTION_DESIRED:
295 case SMB_ENCRYPTION_REQUIRED:
303 /* here's the fun part....to support 'msdfs proxy' shares
304 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
305 here before trying to connect to the original share.
306 cli_check_msdfs_proxy() will fail if it is a normal share. */
308 if (smbXcli_conn_dfs_supported(c->conn) &&
309 cli_check_msdfs_proxy(ctx, c, sharename,
310 &newserver, &newshare,
313 return do_connect(ctx, newserver,
315 NULL, port, name_type, pcli);
318 /* must be a normal share */
320 status = cli_tree_connect_creds(c, sharename, "?????", creds);
321 if (!NT_STATUS_IS_OK(status)) {
322 d_printf("tree connect failed: %s\n", nt_errstr(status));
327 DEBUG(4,(" tconx ok\n"));
332 /********************************************************************
333 Add a new connection to the list.
334 referring_cli == NULL means a new initial connection.
335 ********************************************************************/
337 static NTSTATUS cli_cm_connect(TALLOC_CTX *ctx,
338 struct cli_state *referring_cli,
341 struct cli_credentials *creds,
342 const struct sockaddr_storage *dest_ss,
345 struct cli_state **pcli)
347 struct cli_state *cli = NULL;
350 status = do_connect(ctx, server, share,
352 dest_ss, port, name_type, &cli);
354 if (!NT_STATUS_IS_OK(status)) {
359 * This can't happen, this test is to satisfy static
363 return NT_STATUS_NO_MEMORY;
366 /* Enter into the list. */
368 DLIST_ADD_END(referring_cli, cli);
371 if (referring_cli && referring_cli->requested_posix_capabilities) {
372 uint16_t major, minor;
373 uint32_t caplow, caphigh;
374 status = cli_unix_extensions_version(cli, &major, &minor,
376 if (NT_STATUS_IS_OK(status)) {
377 cli_set_unix_extensions_capabilities(cli,
387 /********************************************************************
388 Return a connection to a server on a particular share.
389 ********************************************************************/
391 static struct cli_state *cli_cm_find(struct cli_state *cli,
401 /* Search to the start of the list. */
402 for (p = cli; p; p = DLIST_PREV(p)) {
403 const char *remote_name =
404 smbXcli_conn_remote_name(p->conn);
406 if (strequal(server, remote_name) &&
407 strequal(share,p->share)) {
412 /* Search to the end of the list. */
413 for (p = cli->next; p; p = p->next) {
414 const char *remote_name =
415 smbXcli_conn_remote_name(p->conn);
417 if (strequal(server, remote_name) &&
418 strequal(share,p->share)) {
426 /****************************************************************************
427 Open a client connection to a \\server\share.
428 ****************************************************************************/
430 NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
431 struct cli_state *referring_cli,
434 struct cli_credentials *creds,
435 const struct sockaddr_storage *dest_ss,
438 struct cli_state **pcli)
440 /* Try to reuse an existing connection in this list. */
441 struct cli_state *c = cli_cm_find(referring_cli, server, share);
450 /* Can't do a new connection
451 * without auth info. */
452 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
453 "without client credentials\n",
455 return NT_STATUS_INVALID_PARAMETER;
458 status = cli_cm_connect(ctx,
467 if (!NT_STATUS_IS_OK(status)) {
474 /****************************************************************************
475 ****************************************************************************/
477 void cli_cm_display(struct cli_state *cli)
481 for (i=0; cli; cli = cli->next,i++ ) {
482 d_printf("%d:\tserver=%s, share=%s\n",
483 i, smbXcli_conn_remote_name(cli->conn), cli->share);
487 /**********************************************************************
488 split a dfs path into the server, share name, and extrapath components
489 **********************************************************************/
491 static bool split_dfs_path(TALLOC_CTX *ctx,
492 const char *nodepath,
502 *pp_extrapath = NULL;
504 path = talloc_strdup(ctx, nodepath);
509 if ( path[0] != '\\' ) {
513 p = strchr_m( path + 1, '\\' );
521 /* Look for any extra/deep path */
522 q = strchr_m(p, '\\');
526 *pp_extrapath = talloc_strdup(ctx, q);
528 *pp_extrapath = talloc_strdup(ctx, "");
530 if (*pp_extrapath == NULL) {
534 *pp_share = talloc_strdup(ctx, p);
535 if (*pp_share == NULL) {
539 *pp_server = talloc_strdup(ctx, &path[1]);
540 if (*pp_server == NULL) {
548 TALLOC_FREE(*pp_share);
549 TALLOC_FREE(*pp_extrapath);
554 /****************************************************************************
555 Return the original path truncated at the directory component before
556 the first wildcard character. Trust the caller to provide a NULL
558 ****************************************************************************/
560 static char *clean_path(TALLOC_CTX *ctx, const char *path)
566 /* No absolute paths. */
567 while (IS_DIRECTORY_SEP(*path)) {
571 path_out = talloc_strdup(ctx, path);
576 p1 = strchr_m(path_out, '*');
577 p2 = strchr_m(path_out, '?');
589 /* Now go back to the start of this component. */
590 p1 = strrchr_m(path_out, '/');
591 p2 = strrchr_m(path_out, '\\');
598 /* Strip any trailing separator */
600 len = strlen(path_out);
601 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
602 path_out[len-1] = '\0';
608 /****************************************************************************
609 ****************************************************************************/
611 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
612 struct cli_state *cli,
615 char path_sep = '\\';
617 /* Ensure the extrapath doesn't start with a separator. */
618 while (IS_DIRECTORY_SEP(*dir)) {
622 if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
625 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
627 smbXcli_conn_remote_name(cli->conn),
634 /********************************************************************
635 Check if a path has already been converted to DFS.
636 ********************************************************************/
638 bool cli_dfs_is_already_full_path(struct cli_state *cli, const char *path)
640 const char *server = smbXcli_conn_remote_name(cli->conn);
641 size_t server_len = strlen(server);
642 bool found_server = false;
643 const char *share = cli->share;
644 size_t share_len = strlen(share);
645 bool found_share = false;
647 if (!IS_DIRECTORY_SEP(path[0])) {
651 found_server = (strncasecmp_m(path, server, server_len) == 0);
656 if (!IS_DIRECTORY_SEP(path[0])) {
660 found_share = (strncasecmp_m(path, share, share_len) == 0);
665 if (path[0] == '\0') {
668 if (IS_DIRECTORY_SEP(path[0])) {
674 /********************************************************************
675 Get the dfs referral link.
676 ********************************************************************/
678 NTSTATUS cli_dfs_get_referral_ex(TALLOC_CTX *ctx,
679 struct cli_state *cli,
681 uint16_t max_referral_level,
682 struct client_dfs_referral **refs,
686 unsigned int param_len = 0;
687 uint16_t recv_flags2;
688 uint8_t *param = NULL;
689 uint8_t *rdata = NULL;
692 smb_ucs2_t *path_ucs;
693 char *consumed_path = NULL;
694 uint16_t consumed_ucs;
695 uint16_t num_referrals;
696 struct client_dfs_referral *referrals = NULL;
698 TALLOC_CTX *frame = talloc_stackframe();
703 param = talloc_array(talloc_tos(), uint8_t, 2);
705 status = NT_STATUS_NO_MEMORY;
708 SSVAL(param, 0, max_referral_level);
710 param = trans2_bytes_push_str(param, smbXcli_conn_use_unicode(cli->conn),
711 path, strlen(path)+1,
714 status = NT_STATUS_NO_MEMORY;
717 param_len = talloc_get_size(param);
718 path_ucs = (smb_ucs2_t *)¶m[2];
720 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
721 DATA_BLOB in_input_buffer;
722 DATA_BLOB in_output_buffer = data_blob_null;
723 DATA_BLOB out_input_buffer = data_blob_null;
724 DATA_BLOB out_output_buffer = data_blob_null;
726 in_input_buffer.data = param;
727 in_input_buffer.length = param_len;
729 status = smb2cli_ioctl(cli->conn,
733 UINT64_MAX, /* in_fid_persistent */
734 UINT64_MAX, /* in_fid_volatile */
735 FSCTL_DFS_GET_REFERRALS,
736 0, /* in_max_input_length */
738 CLI_BUFFER_SIZE, /* in_max_output_length */
740 SMB2_IOCTL_FLAG_IS_FSCTL,
744 if (!NT_STATUS_IS_OK(status)) {
748 if (out_output_buffer.length < 4) {
749 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
753 recv_flags2 = FLAGS2_UNICODE_STRINGS;
754 rdata = out_output_buffer.data;
755 endp = (char *)rdata + out_output_buffer.length;
757 unsigned int data_len = 0;
760 SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);
762 status = cli_trans(talloc_tos(), cli, SMBtrans2,
766 NULL, 0, CLI_BUFFER_SIZE,
768 NULL, 0, NULL, /* rsetup */
770 &rdata, 4, &data_len);
771 if (!NT_STATUS_IS_OK(status)) {
775 endp = (char *)rdata + data_len;
778 consumed_ucs = SVAL(rdata, 0);
779 num_referrals = SVAL(rdata, 2);
781 /* consumed_ucs is the number of bytes
782 * of the UCS2 path consumed not counting any
783 * terminating null. We need to convert
784 * back to unix charset and count again
785 * to get the number of bytes consumed from
786 * the incoming path. */
789 if (pull_string_talloc(talloc_tos(),
797 status = map_nt_error_from_unix(errno);
799 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
803 if (consumed_path == NULL) {
804 status = map_nt_error_from_unix(errno);
807 *consumed = strlen(consumed_path);
809 if (num_referrals != 0) {
810 uint16_t ref_version;
813 uint16_t node_offset;
815 referrals = talloc_array(ctx, struct client_dfs_referral,
819 status = NT_STATUS_NO_MEMORY;
822 /* start at the referrals array */
825 for (i=0; i<num_referrals && p < endp; i++) {
829 ref_version = SVAL(p, 0);
830 ref_size = SVAL(p, 2);
831 node_offset = SVAL(p, 16);
833 if (ref_version != 3) {
838 referrals[i].proximity = SVAL(p, 8);
839 referrals[i].ttl = SVAL(p, 10);
841 if (p + node_offset > endp) {
842 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
845 pull_string_talloc(referrals,
848 &referrals[i].dfspath,
850 PTR_DIFF(endp, p+node_offset),
851 STR_TERMINATE|STR_UNICODE);
853 if (!referrals[i].dfspath) {
854 status = map_nt_error_from_unix(errno);
859 if (i < num_referrals) {
860 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
865 *num_refs = num_referrals;
874 NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
875 struct cli_state *cli,
877 struct client_dfs_referral **refs,
881 return cli_dfs_get_referral_ex(ctx,
885 refs, /* Max referral level we want */
890 static bool cli_conn_have_dfs(struct cli_state *cli)
892 struct smbXcli_conn *conn = cli->conn;
893 struct smbXcli_tcon *tcon = NULL;
896 if (smbXcli_conn_protocol(conn) < PROTOCOL_SMB2_02) {
897 uint32_t capabilities = smb1cli_conn_capabilities(conn);
899 if ((capabilities & CAP_STATUS32) == 0) {
902 if ((capabilities & CAP_UNICODE) == 0) {
906 tcon = cli->smb1.tcon;
908 tcon = cli->smb2.tcon;
911 ok = smbXcli_tcon_is_dfs_share(tcon);
915 /********************************************************************
916 ********************************************************************/
917 struct cli_dfs_path_split {
923 NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
925 struct cli_credentials *creds,
926 struct cli_state *rootcli,
928 struct cli_state **targetcli,
929 char **pp_targetpath)
931 struct client_dfs_referral *refs = NULL;
934 struct cli_state *cli_ipc = NULL;
935 char *dfs_path = NULL;
936 char *cleanpath = NULL;
937 char *extrapath = NULL;
939 struct cli_state *newcli = NULL;
940 struct cli_state *ccli = NULL;
942 char *newpath = NULL;
943 char *newmount = NULL;
945 SMB_STRUCT_STAT sbuf;
948 struct smbXcli_tcon *target_tcon = NULL;
949 struct cli_dfs_path_split *dfs_refs = NULL;
951 bool is_already_dfs = false;
953 if ( !rootcli || !path || !targetcli ) {
954 return NT_STATUS_INVALID_PARAMETER;
958 * Avoid more than one leading directory separator
960 while (IS_DIRECTORY_SEP(path[0]) && IS_DIRECTORY_SEP(path[1])) {
964 ok = cli_conn_have_dfs(rootcli);
966 *targetcli = rootcli;
967 *pp_targetpath = talloc_strdup(ctx, path);
968 if (!*pp_targetpath) {
969 return NT_STATUS_NO_MEMORY;
976 is_already_dfs = cli_dfs_is_already_full_path(rootcli, path);
977 if (is_already_dfs) {
978 const char *localpath = NULL;
980 * Given path is already converted to DFS.
981 * Convert to a local path so clean_path()
982 * can correctly strip any wildcards.
984 status = cli_dfs_target_check(ctx,
988 if (!NT_STATUS_IS_OK(status)) {
994 /* Send a trans2_query_path_info to check for a referral. */
996 cleanpath = clean_path(ctx, path);
998 return NT_STATUS_NO_MEMORY;
1001 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
1003 return NT_STATUS_NO_MEMORY;
1006 status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
1007 if (NT_STATUS_IS_OK(status)) {
1008 /* This is an ordinary path, just return it. */
1009 *targetcli = rootcli;
1010 *pp_targetpath = talloc_strdup(ctx, path);
1011 if (!*pp_targetpath) {
1012 return NT_STATUS_NO_MEMORY;
1017 /* Special case where client asked for a path that does not exist */
1019 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1020 *targetcli = rootcli;
1021 *pp_targetpath = talloc_strdup(ctx, path);
1022 if (!*pp_targetpath) {
1023 return NT_STATUS_NO_MEMORY;
1028 /* We got an error, check for DFS referral. */
1030 if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
1034 /* Check for the referral. */
1036 status = cli_cm_open(ctx,
1038 smbXcli_conn_remote_name(rootcli->conn),
1041 NULL, /* dest_ss not needed, we reuse the transport */
1045 if (!NT_STATUS_IS_OK(status)) {
1049 status = cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
1050 &num_refs, &consumed);
1051 if (!NT_STATUS_IS_OK(status)) {
1055 if (!num_refs || !refs[0].dfspath) {
1056 return NT_STATUS_NOT_FOUND;
1060 * Bug#10123 - DFS referral entries can be provided in a random order,
1061 * so check the connection cache for each item to avoid unnecessary
1064 dfs_refs = talloc_array(ctx, struct cli_dfs_path_split, num_refs);
1065 if (dfs_refs == NULL) {
1066 return NT_STATUS_NO_MEMORY;
1069 for (count = 0; count < num_refs; count++) {
1070 if (!split_dfs_path(dfs_refs, refs[count].dfspath,
1071 &dfs_refs[count].server,
1072 &dfs_refs[count].share,
1073 &dfs_refs[count].extrapath)) {
1074 TALLOC_FREE(dfs_refs);
1075 return NT_STATUS_NOT_FOUND;
1078 ccli = cli_cm_find(rootcli, dfs_refs[count].server,
1079 dfs_refs[count].share);
1081 extrapath = dfs_refs[count].extrapath;
1088 * If no cached connection was found, then connect to the first live
1089 * referral server in the list.
1091 for (count = 0; (ccli == NULL) && (count < num_refs); count++) {
1092 /* Connect to the target server & share */
1093 status = cli_cm_connect(ctx, rootcli,
1094 dfs_refs[count].server,
1095 dfs_refs[count].share,
1101 if (!NT_STATUS_IS_OK(status)) {
1102 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
1103 dfs_refs[count].server,
1104 dfs_refs[count].share);
1107 extrapath = dfs_refs[count].extrapath;
1112 /* No available referral server for the connection */
1113 if (*targetcli == NULL) {
1114 TALLOC_FREE(dfs_refs);
1118 /* Make sure to recreate the original string including any wildcards. */
1120 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
1122 TALLOC_FREE(dfs_refs);
1123 return NT_STATUS_NO_MEMORY;
1125 pathlen = strlen(dfs_path);
1126 consumed = MIN(pathlen, consumed);
1127 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
1128 if (!*pp_targetpath) {
1129 TALLOC_FREE(dfs_refs);
1130 return NT_STATUS_NO_MEMORY;
1132 dfs_path[consumed] = '\0';
1135 * *pp_targetpath is now the unconsumed part of the path.
1136 * dfs_path is now the consumed part of the path
1137 * (in \server\share\path format).
1140 if (extrapath && strlen(extrapath) > 0) {
1141 /* EMC Celerra NAS version 5.6.50 (at least) doesn't appear to */
1142 /* put the trailing \ on the path, so to be safe we put one in if needed */
1143 if (extrapath[strlen(extrapath)-1] != '\\' && **pp_targetpath != '\\') {
1144 *pp_targetpath = talloc_asprintf(ctx,
1149 *pp_targetpath = talloc_asprintf(ctx,
1154 if (!*pp_targetpath) {
1155 TALLOC_FREE(dfs_refs);
1156 return NT_STATUS_NO_MEMORY;
1160 /* parse out the consumed mount path */
1161 /* trim off the \server\share\ */
1165 if (*ppath != '\\') {
1166 d_printf("cli_resolve_path: "
1167 "dfs_path (%s) not in correct format.\n",
1169 TALLOC_FREE(dfs_refs);
1170 return NT_STATUS_NOT_FOUND;
1173 ppath++; /* Now pointing at start of server name. */
1175 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
1176 TALLOC_FREE(dfs_refs);
1177 return NT_STATUS_NOT_FOUND;
1180 ppath++; /* Now pointing at start of share name. */
1182 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
1183 TALLOC_FREE(dfs_refs);
1184 return NT_STATUS_NOT_FOUND;
1187 ppath++; /* Now pointing at path component. */
1189 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
1191 TALLOC_FREE(dfs_refs);
1192 return NT_STATUS_NOT_FOUND;
1195 /* Check for another dfs referral, note that we are not
1196 checking for loops here. */
1198 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
1199 status = cli_resolve_path(ctx,
1206 if (NT_STATUS_IS_OK(status)) {
1208 * When cli_resolve_path returns true here it's always
1209 * returning the complete path in newpath, so we're done
1212 *targetcli = newcli;
1213 *pp_targetpath = newpath;
1214 TALLOC_FREE(dfs_refs);
1221 if (smbXcli_conn_protocol((*targetcli)->conn) >= PROTOCOL_SMB2_02) {
1222 target_tcon = (*targetcli)->smb2.tcon;
1224 target_tcon = (*targetcli)->smb1.tcon;
1227 /* If returning true ensure we return a dfs root full path. */
1228 if (smbXcli_tcon_is_dfs_share(target_tcon)) {
1229 dfs_path = talloc_strdup(ctx, *pp_targetpath);
1231 TALLOC_FREE(dfs_refs);
1232 return NT_STATUS_NO_MEMORY;
1234 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
1235 if (*pp_targetpath == NULL) {
1236 TALLOC_FREE(dfs_refs);
1237 return NT_STATUS_NO_MEMORY;
1241 TALLOC_FREE(dfs_refs);
1242 return NT_STATUS_OK;
1245 /********************************************************************
1246 ********************************************************************/
1248 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1249 struct cli_state *cli,
1250 const char *sharename,
1251 char **pp_newserver,
1253 struct cli_credentials *creds)
1255 struct client_dfs_referral *refs = NULL;
1256 size_t num_refs = 0;
1257 size_t consumed = 0;
1258 char *fullpath = NULL;
1260 struct smbXcli_tcon *orig_tcon = NULL;
1261 char *orig_share = NULL;
1262 char *newextrapath = NULL;
1264 const char *remote_name;
1265 enum smb_encryption_setting encryption_state =
1266 cli_credentials_get_smb_encryption(creds);
1268 if (!cli || !sharename) {
1272 remote_name = smbXcli_conn_remote_name(cli->conn);
1274 /* special case. never check for a referral on the IPC$ share */
1276 if (strequal(sharename, "IPC$")) {
1280 /* send a trans2_query_path_info to check for a referral */
1282 fullpath = talloc_asprintf(ctx, "\\%s\\%s", remote_name, sharename);
1287 /* Store tcon state. */
1288 if (cli_state_has_tcon(cli)) {
1289 cli_state_save_tcon_share(cli, &orig_tcon, &orig_share);
1292 /* check for the referral */
1294 if (!NT_STATUS_IS_OK(cli_tree_connect(cli, "IPC$", "IPC", NULL))) {
1295 cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
1299 if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
1300 status = cli_cm_force_encryption_creds(cli, creds, "IPC$");
1301 if (!NT_STATUS_IS_OK(status)) {
1302 switch (encryption_state) {
1303 case SMB_ENCRYPTION_DESIRED:
1305 case SMB_ENCRYPTION_REQUIRED:
1308 * Failed to set up encryption.
1309 * Disconnect the temporary IPC$
1310 * tcon before restoring the original
1311 * tcon so we don't leak it.
1314 cli_state_restore_tcon_share(cli,
1322 status = cli_dfs_get_referral(ctx, cli, fullpath, &refs,
1323 &num_refs, &consumed);
1324 res = NT_STATUS_IS_OK(status);
1326 status = cli_tdis(cli);
1328 cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
1330 if (!NT_STATUS_IS_OK(status)) {
1334 if (!res || !num_refs) {
1338 if (!refs[0].dfspath) {
1342 if (!split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1343 pp_newshare, &newextrapath)) {
1347 /* check that this is not a self-referral */
1349 if (strequal(remote_name, *pp_newserver) &&
1350 strequal(sharename, *pp_newshare)) {
1357 /********************************************************************
1358 Windows and NetApp (and arguably the SMB1/2/3 specs) expect a non-DFS
1359 path for the targets of rename and hardlink. If we have been given
1360 a DFS path for these calls, convert it back into a local path by
1361 stripping off the DFS prefix.
1362 ********************************************************************/
1364 NTSTATUS cli_dfs_target_check(TALLOC_CTX *mem_ctx,
1365 struct cli_state *cli,
1366 const char *fname_dst,
1367 const char **fname_dst_out)
1369 char *dfs_prefix = NULL;
1370 size_t prefix_len = 0;
1371 struct smbXcli_tcon *tcon = NULL;
1373 if (!smbXcli_conn_dfs_supported(cli->conn)) {
1374 goto copy_fname_out;
1376 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
1377 tcon = cli->smb2.tcon;
1379 tcon = cli->smb1.tcon;
1381 if (!smbXcli_tcon_is_dfs_share(tcon)) {
1382 goto copy_fname_out;
1384 dfs_prefix = cli_dfs_make_full_path(mem_ctx, cli, "");
1385 if (dfs_prefix == NULL) {
1386 return NT_STATUS_NO_MEMORY;
1388 prefix_len = strlen(dfs_prefix);
1389 if (strncmp(fname_dst, dfs_prefix, prefix_len) != 0) {
1391 * Prefix doesn't match. Assume it was
1392 * already stripped or not added in the
1395 goto copy_fname_out;
1397 /* Return the trailing name after the prefix. */
1398 *fname_dst_out = &fname_dst[prefix_len];
1399 TALLOC_FREE(dfs_prefix);
1400 return NT_STATUS_OK;
1405 * No change to the destination name. Just
1406 * point it at the incoming destination name.
1408 *fname_dst_out = fname_dst;
1409 TALLOC_FREE(dfs_prefix);
1410 return NT_STATUS_OK;
1413 /********************************************************************
1414 Convert a pathname into a DFS path if it hasn't already been converted.
1415 Always returns a talloc'ed path, makes it easy to pass const paths in.
1416 ********************************************************************/
1418 char *smb1_dfs_share_path(TALLOC_CTX *ctx,
1419 struct cli_state *cli,
1422 bool is_dfs = smbXcli_conn_dfs_supported(cli->conn) &&
1423 smbXcli_tcon_is_dfs_share(cli->smb1.tcon);
1424 bool is_already_dfs_path = false;
1425 bool posix = (cli->requested_posix_capabilities &
1426 CIFS_UNIX_POSIX_PATHNAMES_CAP);
1427 char sepchar = (posix ? '/' : '\\');
1430 return talloc_strdup(ctx, path);
1432 is_already_dfs_path = cli_dfs_is_already_full_path(cli, path);
1433 if (is_already_dfs_path) {
1434 return talloc_strdup(ctx, path);
1437 * We don't use cli_dfs_make_full_path() as,
1438 * when given a null path, cli_dfs_make_full_path
1439 * deliberately adds a trailing '\\' (this is by
1440 * design to check for an existing DFS prefix match).
1442 if (path[0] == '\0') {
1443 return talloc_asprintf(ctx,
1446 smbXcli_conn_remote_name(cli->conn),
1450 while (*path == sepchar) {
1453 return talloc_asprintf(ctx,
1456 smbXcli_conn_remote_name(cli->conn),
git.samba.org / samba.git / blob