2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /********************************************************************
27 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
28 are not C escaped here).
30 - but if we're using POSIX paths then <pathname> may contain
31 '/' separators, not '\\' separators. So cope with '\\' or '/'
32 as a separator when looking at the pathname part.... JRA.
33 ********************************************************************/
35 /********************************************************************
36 Ensure a connection is encrypted.
37 ********************************************************************/
39 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
43 const char *sharename)
45 NTSTATUS status = cli_force_encryption(c,
50 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
51 d_printf("Encryption required and "
52 "server that doesn't support "
53 "UNIX extensions - failing connect\n");
54 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
55 d_printf("Encryption required and "
56 "can't get UNIX CIFS extensions "
57 "version from server.\n");
58 } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
59 d_printf("Encryption required and "
60 "share %s doesn't support "
61 "encryption.\n", sharename);
62 } else if (!NT_STATUS_IS_OK(status)) {
63 d_printf("Encryption required and "
64 "setup failed with error %s.\n",
71 /********************************************************************
72 Return a connection to a server.
73 ********************************************************************/
75 static struct cli_state *do_connect(TALLOC_CTX *ctx,
78 const struct user_auth_info *auth_info,
85 struct cli_state *c = NULL;
86 struct nmb_name called, calling;
87 const char *called_str;
89 struct sockaddr_storage ss;
92 char *newserver, *newshare;
97 /* make a copy so we don't modify the global string 'service' */
98 servicename = talloc_strdup(ctx,share);
102 sharename = servicename;
103 if (*sharename == '\\') {
105 called_str = sharename;
106 if (server == NULL) {
109 sharename = strchr_m(sharename,'\\');
123 make_nmb_name(&calling, global_myname(), 0x0);
124 make_nmb_name(&called , called_str, name_type);
129 /* have to open a new connection */
130 if (!(c=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)))) {
131 d_printf("Connection to %s failed\n", server_n);
138 cli_set_port(c, port);
141 status = cli_connect(c, server_n, &ss);
142 if (!NT_STATUS_IS_OK(status)) {
143 d_printf("Connection to %s failed (Error %s)\n",
150 if (max_protocol == 0) {
151 max_protocol = PROTOCOL_NT1;
153 c->protocol = max_protocol;
154 c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
155 c->fallback_after_kerberos =
156 get_cmdline_auth_info_fallback_after_kerberos(auth_info);
158 if (!cli_session_request(c, &calling, &called)) {
160 d_printf("session request to %s failed (%s)\n",
161 called.name, cli_errstr(c));
164 if ((p=strchr_m(called.name, '.'))) {
168 if (strcmp(called.name, "*SMBSERVER")) {
169 make_nmb_name(&called , "*SMBSERVER", 0x20);
175 DEBUG(4,(" session request ok\n"));
177 status = cli_negprot(c);
179 if (!NT_STATUS_IS_OK(status)) {
180 d_printf("protocol negotiation failed: %s\n",
186 username = get_cmdline_auth_info_username(auth_info);
187 password = get_cmdline_auth_info_password(auth_info);
189 if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
190 password, strlen(password),
191 password, strlen(password),
193 /* If a password was not supplied then
194 * try again with a null username. */
195 if (password[0] || !username[0] ||
196 get_cmdline_auth_info_use_kerberos(auth_info) ||
197 !NT_STATUS_IS_OK(cli_session_setup(c, "",
201 d_printf("session setup failed: %s\n", cli_errstr(c));
202 if (NT_STATUS_V(cli_nt_error(c)) ==
203 NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
204 d_printf("did you forget to run kinit?\n");
208 d_printf("Anonymous login successful\n");
209 status = cli_init_creds(c, "", lp_workgroup(), "");
211 status = cli_init_creds(c, username, lp_workgroup(), password);
214 if (!NT_STATUS_IS_OK(status)) {
215 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
220 if ( show_sessetup ) {
221 if (*c->server_domain) {
222 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
223 c->server_domain,c->server_os,c->server_type));
224 } else if (*c->server_os || *c->server_type) {
225 DEBUG(0,("OS=[%s] Server=[%s]\n",
226 c->server_os,c->server_type));
229 DEBUG(4,(" session setup ok\n"));
231 /* here's the fun part....to support 'msdfs proxy' shares
232 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
233 here before trying to connect to the original share.
234 cli_check_msdfs_proxy() will fail if it is a normal share. */
236 if ((c->capabilities & CAP_DFS) &&
237 cli_check_msdfs_proxy(ctx, c, sharename,
238 &newserver, &newshare,
244 return do_connect(ctx, newserver,
245 newshare, auth_info, false,
246 force_encrypt, max_protocol,
250 /* must be a normal share */
252 status = cli_tcon_andx(c, sharename, "?????",
253 password, strlen(password)+1);
254 if (!NT_STATUS_IS_OK(status)) {
255 d_printf("tree connect failed: %s\n", nt_errstr(status));
261 status = cli_cm_force_encryption(c,
266 if (!NT_STATUS_IS_OK(status)) {
272 DEBUG(4,(" tconx ok\n"));
276 /****************************************************************************
277 ****************************************************************************/
279 static void cli_set_mntpoint(struct cli_state *cli, const char *mnt)
281 char *name = clean_name(NULL, mnt);
285 TALLOC_FREE(cli->dfs_mountpoint);
286 cli->dfs_mountpoint = talloc_strdup(cli, name);
290 /********************************************************************
291 Add a new connection to the list.
292 referring_cli == NULL means a new initial connection.
293 ********************************************************************/
295 static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
296 struct cli_state *referring_cli,
299 const struct user_auth_info *auth_info,
306 struct cli_state *cli;
308 cli = do_connect(ctx, server, share,
310 show_hdr, force_encrypt, max_protocol,
317 /* Enter into the list. */
319 DLIST_ADD_END(referring_cli, cli, struct cli_state *);
322 if (referring_cli && referring_cli->posix_capabilities) {
324 uint32 caplow, caphigh;
325 if (cli_unix_extensions_version(cli, &major,
326 &minor, &caplow, &caphigh)) {
327 cli_set_unix_extensions_capabilities(cli,
336 /********************************************************************
337 Return a connection to a server on a particular share.
338 ********************************************************************/
340 static struct cli_state *cli_cm_find(struct cli_state *cli,
350 /* Search to the start of the list. */
351 for (p = cli; p; p = p->prev) {
352 if (strequal(server, p->desthost) &&
353 strequal(share,p->share)) {
358 /* Search to the end of the list. */
359 for (p = cli->next; p; p = p->next) {
360 if (strequal(server, p->desthost) &&
361 strequal(share,p->share)) {
369 /****************************************************************************
370 Open a client connection to a \\server\share.
371 ****************************************************************************/
373 struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
374 struct cli_state *referring_cli,
377 const struct user_auth_info *auth_info,
384 /* Try to reuse an existing connection in this list. */
385 struct cli_state *c = cli_cm_find(referring_cli, server, share);
391 if (auth_info == NULL) {
392 /* Can't do a new connection
393 * without auth info. */
394 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
395 "without auth info\n",
400 return cli_cm_connect(ctx,
412 /****************************************************************************
413 ****************************************************************************/
415 void cli_cm_display(const struct cli_state *cli)
419 for (i=0; cli; cli = cli->next,i++ ) {
420 d_printf("%d:\tserver=%s, share=%s\n",
421 i, cli->desthost, cli->share );
425 /****************************************************************************
426 ****************************************************************************/
428 /****************************************************************************
429 ****************************************************************************/
432 void cli_cm_set_credentials(struct user_auth_info *auth_info)
434 SAFE_FREE(cm_creds.username);
435 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
438 if (get_cmdline_auth_info_got_pass(auth_info)) {
439 cm_set_password(get_cmdline_auth_info_password(auth_info));
442 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
443 cm_creds.fallback_after_kerberos = false;
444 cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
448 /**********************************************************************
449 split a dfs path into the server, share name, and extrapath components
450 **********************************************************************/
452 static void split_dfs_path(TALLOC_CTX *ctx,
453 const char *nodepath,
463 *pp_extrapath = NULL;
465 path = talloc_strdup(ctx, nodepath);
470 if ( path[0] != '\\' ) {
474 p = strchr_m( path + 1, '\\' );
482 /* Look for any extra/deep path */
483 q = strchr_m(p, '\\');
487 *pp_extrapath = talloc_strdup(ctx, q);
489 *pp_extrapath = talloc_strdup(ctx, "");
492 *pp_share = talloc_strdup(ctx, p);
493 *pp_server = talloc_strdup(ctx, &path[1]);
496 /****************************************************************************
497 Return the original path truncated at the directory component before
498 the first wildcard character. Trust the caller to provide a NULL
500 ****************************************************************************/
502 static char *clean_path(TALLOC_CTX *ctx, const char *path)
508 /* No absolute paths. */
509 while (IS_DIRECTORY_SEP(*path)) {
513 path_out = talloc_strdup(ctx, path);
518 p1 = strchr_m(path_out, '*');
519 p2 = strchr_m(path_out, '?');
531 /* Now go back to the start of this component. */
532 p1 = strrchr_m(path_out, '/');
533 p2 = strrchr_m(path_out, '\\');
540 /* Strip any trailing separator */
542 len = strlen(path_out);
543 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
544 path_out[len-1] = '\0';
550 /****************************************************************************
551 ****************************************************************************/
553 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
554 struct cli_state *cli,
557 char path_sep = '\\';
559 /* Ensure the extrapath doesn't start with a separator. */
560 while (IS_DIRECTORY_SEP(*dir)) {
564 if (cli->posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
567 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
576 /********************************************************************
577 check for dfs referral
578 ********************************************************************/
580 static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
582 uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
584 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
586 if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
587 (flgs2&FLAGS2_UNICODE_STRINGS)))
590 if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
596 /********************************************************************
597 Get the dfs referral link.
598 ********************************************************************/
600 bool cli_dfs_get_referral(TALLOC_CTX *ctx,
601 struct cli_state *cli,
603 CLIENT_DFS_REFERRAL**refs,
607 unsigned int data_len = 0;
608 unsigned int param_len = 0;
609 uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
611 char *rparam=NULL, *rdata=NULL;
614 size_t pathlen = 2*(strlen(path)+1);
615 smb_ucs2_t *path_ucs;
616 char *consumed_path = NULL;
617 uint16_t consumed_ucs;
618 uint16 num_referrals;
619 CLIENT_DFS_REFERRAL *referrals = NULL;
625 param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
629 SSVAL(param, 0, 0x03); /* max referral level */
632 path_ucs = (smb_ucs2_t *)p;
633 p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
634 param_len = PTR_DIFF(p, param);
636 if (!cli_send_trans(cli, SMBtrans2,
638 -1, 0, /* fid, flags */
639 &setup, 1, 0, /* setup, length, max */
640 param, param_len, 2, /* param, length, max */
641 NULL, 0, cli->max_xmit /* data, length, max */
646 if (!cli_receive_trans(cli, SMBtrans2,
648 &rdata, &data_len)) {
656 endp = rdata + data_len;
658 consumed_ucs = SVAL(rdata, 0);
659 num_referrals = SVAL(rdata, 2);
661 /* consumed_ucs is the number of bytes
662 * of the UCS2 path consumed not counting any
663 * terminating null. We need to convert
664 * back to unix charset and count again
665 * to get the number of bytes consumed from
666 * the incoming path. */
668 if (pull_string_talloc(talloc_tos(),
677 if (consumed_path == NULL) {
680 *consumed = strlen(consumed_path);
682 if (num_referrals != 0) {
688 referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
694 /* start at the referrals array */
697 for (i=0; i<num_referrals && p < endp; i++) {
701 ref_version = SVAL(p, 0);
702 ref_size = SVAL(p, 2);
703 node_offset = SVAL(p, 16);
705 if (ref_version != 3) {
710 referrals[i].proximity = SVAL(p, 8);
711 referrals[i].ttl = SVAL(p, 10);
713 if (p + node_offset > endp) {
716 clistr_pull_talloc(ctx, cli->inbuf,
717 &referrals[i].dfspath,
719 STR_TERMINATE|STR_UNICODE);
721 if (!referrals[i].dfspath) {
726 if (i < num_referrals) {
733 *num_refs = num_referrals;
738 TALLOC_FREE(consumed_path);
745 /********************************************************************
746 ********************************************************************/
748 bool cli_resolve_path(TALLOC_CTX *ctx,
750 const struct user_auth_info *dfs_auth_info,
751 struct cli_state *rootcli,
753 struct cli_state **targetcli,
754 char **pp_targetpath)
756 CLIENT_DFS_REFERRAL *refs = NULL;
759 struct cli_state *cli_ipc = NULL;
760 char *dfs_path = NULL;
761 char *cleanpath = NULL;
762 char *extrapath = NULL;
766 struct cli_state *newcli = NULL;
767 char *newpath = NULL;
768 char *newmount = NULL;
770 SMB_STRUCT_STAT sbuf;
773 if ( !rootcli || !path || !targetcli ) {
777 /* Don't do anything if this is not a DFS root. */
779 if ( !rootcli->dfsroot) {
780 *targetcli = rootcli;
781 *pp_targetpath = talloc_strdup(ctx, path);
782 if (!*pp_targetpath) {
790 /* Send a trans2_query_path_info to check for a referral. */
792 cleanpath = clean_path(ctx, path);
797 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
802 if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
803 /* This is an ordinary path, just return it. */
804 *targetcli = rootcli;
805 *pp_targetpath = talloc_strdup(ctx, path);
806 if (!*pp_targetpath) {
812 /* Special case where client asked for a path that does not exist */
814 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
815 *targetcli = rootcli;
816 *pp_targetpath = talloc_strdup(ctx, path);
817 if (!*pp_targetpath) {
823 /* We got an error, check for DFS referral. */
825 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
829 /* Check for the referral. */
831 if (!(cli_ipc = cli_cm_open(ctx,
837 (rootcli->trans_enc_state != NULL),
844 if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
845 &num_refs, &consumed) || !num_refs) {
849 /* Just store the first referral for now. */
851 if (!refs[0].dfspath) {
854 split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
856 if (!server || !share) {
860 /* Make sure to recreate the original string including any wildcards. */
862 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
866 pathlen = strlen(dfs_path);
867 consumed = MIN(pathlen, consumed);
868 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
869 if (!*pp_targetpath) {
872 dfs_path[consumed] = '\0';
875 * *pp_targetpath is now the unconsumed part of the path.
876 * dfs_path is now the consumed part of the path
877 * (in \server\share\path format).
880 /* Open the connection to the target server & share */
881 if ((*targetcli = cli_cm_open(ctx, rootcli,
886 (rootcli->trans_enc_state != NULL),
890 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
895 if (extrapath && strlen(extrapath) > 0) {
896 *pp_targetpath = talloc_asprintf(ctx,
900 if (!*pp_targetpath) {
905 /* parse out the consumed mount path */
906 /* trim off the \server\share\ */
910 if (*ppath != '\\') {
911 d_printf("cli_resolve_path: "
912 "dfs_path (%s) not in correct format.\n",
917 ppath++; /* Now pointing at start of server name. */
919 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
923 ppath++; /* Now pointing at start of share name. */
925 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
929 ppath++; /* Now pointing at path component. */
931 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
936 cli_set_mntpoint(*targetcli, newmount);
938 /* Check for another dfs referral, note that we are not
939 checking for loops here. */
941 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
942 if (cli_resolve_path(ctx,
950 * When cli_resolve_path returns true here it's always
951 * returning the complete path in newpath, so we're done
955 *pp_targetpath = newpath;
962 /* If returning true ensure we return a dfs root full path. */
963 if ((*targetcli)->dfsroot) {
964 dfs_path = talloc_strdup(ctx, *pp_targetpath);
968 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
974 /********************************************************************
975 ********************************************************************/
977 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
978 struct cli_state *cli,
979 const char *sharename,
983 const char *username,
984 const char *password,
987 CLIENT_DFS_REFERRAL *refs = NULL;
990 char *fullpath = NULL;
993 char *newextrapath = NULL;
995 if (!cli || !sharename) {
1001 /* special case. never check for a referral on the IPC$ share */
1003 if (strequal(sharename, "IPC$")) {
1007 /* send a trans2_query_path_info to check for a referral */
1009 fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
1014 /* check for the referral */
1016 if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
1020 if (force_encrypt) {
1021 NTSTATUS status = cli_cm_force_encryption(cli,
1026 if (!NT_STATUS_IS_OK(status)) {
1031 res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
1033 if (!cli_tdis(cli)) {
1039 if (!res || !num_refs) {
1043 if (!refs[0].dfspath) {
1047 split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1048 pp_newshare, &newextrapath );
1050 if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
1054 /* check that this is not a self-referral */
1056 if (strequal(cli->desthost, *pp_newserver) &&
1057 strequal(sharename, *pp_newshare)) {
git.samba.org / metze / samba / wip.git / blob