-/*
+/*
Unix SMB/CIFS implementation.
client connect/disconnect routines
Copyright (C) Andrew Tridgell 1994-1998
Copyright (C) Gerald (Jerry) Carter 2004
Copyright (C) Jeremy Allison 2007
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
struct client_connection {
struct client_connection *prev, *next;
struct cli_state *cli;
- pstring mount;
+ char *mount;
};
-/* global state....globals reek! */
+static struct cm_cred_struct {
+ char *username;
+ char *password;
+ bool got_pass;
+ bool use_kerberos;
+ bool fallback_after_kerberos;
+ int signing_state;
+} cm_creds;
-static pstring username;
-static pstring password;
-static BOOL use_kerberos;
-static BOOL got_pass;
-static int signing_state;
-int max_protocol = PROTOCOL_NT1;
-
-static int port;
-static int name_type = 0x20;
-static BOOL have_ip;
-static struct in_addr dest_ip;
+static void cm_set_password(const char *newpass);
static struct client_connection *connections;
+static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *sharename,
+ char **pp_newserver,
+ char **pp_newshare,
+ bool force_encrypt,
+ const char *username,
+ const char *password,
+ const char *domain);
+
+/********************************************************************
+ Ensure a connection is encrypted.
+********************************************************************/
+
+NTSTATUS cli_cm_force_encryption(struct cli_state *c,
+ const char *username,
+ const char *password,
+ const char *domain,
+ const char *sharename)
+{
+ NTSTATUS status = cli_force_encryption(c,
+ username,
+ password,
+ domain);
+
+ if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
+ d_printf("Encryption required and "
+ "server that doesn't support "
+ "UNIX extensions - failing connect\n");
+ } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
+ d_printf("Encryption required and "
+ "can't get UNIX CIFS extensions "
+ "version from server.\n");
+ } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
+ d_printf("Encryption required and "
+ "share %s doesn't support "
+ "encryption.\n", sharename);
+ } else if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "setup failed with error %s.\n",
+ nt_errstr(status));
+ }
+
+ return status;
+}
+
/********************************************************************
Return a connection to a server.
********************************************************************/
-static struct cli_state *do_connect( const char *server, const char *share,
- BOOL show_sessetup )
+static struct cli_state *do_connect(TALLOC_CTX *ctx,
+ const char *server,
+ const char *share,
+ bool show_sessetup,
+ bool force_encrypt,
+ int max_protocol,
+ int port,
+ int name_type)
{
struct cli_state *c = NULL;
struct nmb_name called, calling;
const char *server_n;
- struct in_addr ip;
- pstring servicename;
+ struct sockaddr_storage ss;
+ char *servicename;
char *sharename;
- fstring newserver, newshare;
+ char *newserver, *newshare;
+ const char *username;
+ const char *password;
NTSTATUS status;
-
+
/* make a copy so we don't modify the global string 'service' */
- pstrcpy(servicename, share);
+ servicename = talloc_strdup(ctx,share);
+ if (!servicename) {
+ return NULL;
+ }
sharename = servicename;
if (*sharename == '\\') {
- server = sharename+2;
- sharename = strchr_m(server,'\\');
- if (!sharename) return NULL;
+ sharename += 2;
+ if (server == NULL) {
+ server = sharename;
+ }
+ sharename = strchr_m(sharename,'\\');
+ if (!sharename) {
+ return NULL;
+ }
*sharename = 0;
sharename++;
}
server_n = server;
-
- zero_ip_v4(&ip);
+
+ zero_sockaddr(&ss);
make_nmb_name(&calling, global_myname(), 0x0);
make_nmb_name(&called , server, name_type);
again:
- zero_ip_v4(&ip);
- if (have_ip)
- ip = dest_ip;
+ zero_sockaddr(&ss);
/* have to open a new connection */
- if (!(c=cli_initialise()) || (cli_set_port(c, port) != port)) {
+ if (!(c=cli_initialise())) {
d_printf("Connection to %s failed\n", server_n);
+ if (c) {
+ cli_shutdown(c);
+ }
return NULL;
}
- status = cli_connect(c, server_n, &ip);
+ if (port) {
+ cli_set_port(c, port);
+ }
+
+ status = cli_connect(c, server_n, &ss);
if (!NT_STATUS_IS_OK(status)) {
- d_printf("Connection to %s failed (Error %s)\n", server_n, nt_errstr(status));
+ d_printf("Connection to %s failed (Error %s)\n",
+ server_n,
+ nt_errstr(status));
+ cli_shutdown(c);
return NULL;
}
+ if (max_protocol == 0) {
+ max_protocol = PROTOCOL_NT1;
+ }
c->protocol = max_protocol;
- c->use_kerberos = use_kerberos;
- cli_setup_signing_state(c, signing_state);
-
+ c->use_kerberos = cm_creds.use_kerberos;
+ c->fallback_after_kerberos = cm_creds.fallback_after_kerberos;
+ cli_setup_signing_state(c, cm_creds.signing_state);
if (!cli_session_request(c, &calling, &called)) {
char *p;
- d_printf("session request to %s failed (%s)\n",
+ d_printf("session request to %s failed (%s)\n",
called.name, cli_errstr(c));
cli_shutdown(c);
c = NULL;
DEBUG(4,(" session request ok\n"));
- if (!cli_negprot(c)) {
- d_printf("protocol negotiation failed\n");
+ status = cli_negprot(c);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("protocol negotiation failed: %s\n",
+ nt_errstr(status));
cli_shutdown(c);
return NULL;
}
- if (!got_pass) {
- char *pass = getpass("Password: ");
+ if (!cm_creds.got_pass && !cm_creds.use_kerberos) {
+ char *label = NULL;
+ char *pass;
+ label = talloc_asprintf(ctx, "Enter %s's password: ",
+ cm_creds.username);
+ pass = getpass(label);
if (pass) {
- pstrcpy(password, pass);
- got_pass = 1;
+ cm_set_password(pass);
}
+ TALLOC_FREE(label);
}
- if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
+ username = cm_creds.username ? cm_creds.username : "";
+ password = cm_creds.password ? cm_creds.password : "";
+
+ if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
password, strlen(password),
password, strlen(password),
lp_workgroup()))) {
- /* if a password was not supplied then try again with a null username */
- if (password[0] || !username[0] || use_kerberos ||
- !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0,
- lp_workgroup()))) {
+ /* If a password was not supplied then
+ * try again with a null username. */
+ if (password[0] || !username[0] || cm_creds.use_kerberos ||
+ !NT_STATUS_IS_OK(cli_session_setup(c, "",
+ "", 0,
+ "", 0,
+ lp_workgroup()))) {
d_printf("session setup failed: %s\n", cli_errstr(c));
- if (NT_STATUS_V(cli_nt_error(c)) ==
+ if (NT_STATUS_V(cli_nt_error(c)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
d_printf("did you forget to run kinit?\n");
cli_shutdown(c);
if (*c->server_domain) {
DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
c->server_domain,c->server_os,c->server_type));
- } else if (*c->server_os || *c->server_type){
+ } else if (*c->server_os || *c->server_type) {
DEBUG(0,("OS=[%s] Server=[%s]\n",
c->server_os,c->server_type));
- }
+ }
}
DEBUG(4,(" session setup ok\n"));
/* here's the fun part....to support 'msdfs proxy' shares
- (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
+ (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
here before trying to connect to the original share.
check_dfs_proxy() will fail if it is a normal share. */
- if ( (c->capabilities & CAP_DFS) && cli_check_msdfs_proxy( c, sharename, newserver, newshare ) ) {
+ if ((c->capabilities & CAP_DFS) &&
+ cli_check_msdfs_proxy(ctx, c, sharename,
+ &newserver, &newshare,
+ force_encrypt,
+ username,
+ password,
+ lp_workgroup())) {
cli_shutdown(c);
- return do_connect( newserver, newshare, False );
+ return do_connect(ctx, newserver,
+ newshare, false,
+ force_encrypt, max_protocol,
+ port, name_type);
}
/* must be a normal share */
- if (!cli_send_tconX(c, sharename, "?????", password, strlen(password)+1)) {
+ if (!cli_send_tconX(c, sharename, "?????",
+ password, strlen(password)+1)) {
d_printf("tree connect failed: %s\n", cli_errstr(c));
cli_shutdown(c);
return NULL;
}
- DEBUG(4,(" tconx ok\n"));
+ if (force_encrypt) {
+ status = cli_cm_force_encryption(c,
+ username,
+ password,
+ lp_workgroup(),
+ sharename);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_shutdown(c);
+ return NULL;
+ }
+ }
+ DEBUG(4,(" tconx ok\n"));
return c;
}
/****************************************************************************
****************************************************************************/
-static void cli_cm_set_mntpoint( struct cli_state *c, const char *mnt )
+static void cli_cm_set_mntpoint(struct cli_state *c, const char *mnt)
{
struct client_connection *p;
int i;
- for ( p=connections,i=0; p; p=p->next,i++ ) {
- if ( strequal(p->cli->desthost, c->desthost) && strequal(p->cli->share, c->share) )
+ for (p=connections,i=0; p; p=p->next,i++) {
+ if (strequal(p->cli->desthost, c->desthost) &&
+ strequal(p->cli->share, c->share)) {
break;
+ }
}
-
- if ( p ) {
- pstrcpy( p->mount, mnt );
- clean_name(p->mount);
+
+ if (p) {
+ char *name = clean_name(NULL, mnt);
+ if (!name) {
+ return;
+ }
+ TALLOC_FREE(p->mount);
+ p->mount = talloc_strdup(p, name);
+ TALLOC_FREE(name);
}
}
/****************************************************************************
****************************************************************************/
-const char *cli_cm_get_mntpoint( struct cli_state *c )
+const char *cli_cm_get_mntpoint(struct cli_state *c)
{
struct client_connection *p;
int i;
- for ( p=connections,i=0; p; p=p->next,i++ ) {
- if ( strequal(p->cli->desthost, c->desthost) && strequal(p->cli->share, c->share) )
+ for (p=connections,i=0; p; p=p->next,i++) {
+ if (strequal(p->cli->desthost, c->desthost) &&
+ strequal(p->cli->share, c->share)) {
break;
+ }
}
-
- if ( p )
+
+ if (p) {
return p->mount;
-
+ }
return NULL;
}
Add a new connection to the list
********************************************************************/
-static struct cli_state *cli_cm_connect( const char *server,
+static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx,
+ struct cli_state *referring_cli,
+ const char *server,
const char *share,
- BOOL show_hdr)
+ bool show_hdr,
+ bool force_encrypt,
+ int max_protocol,
+ int port,
+ int name_type)
{
struct client_connection *node;
-
- node = SMB_XMALLOC_P( struct client_connection );
-
- node->cli = do_connect( server, share, show_hdr );
+
+ /* NB This must be the null context here... JRA. */
+ node = TALLOC_ZERO_ARRAY(NULL, struct client_connection, 1);
+ if (!node) {
+ return NULL;
+ }
+
+ node->cli = do_connect(ctx, server, share,
+ show_hdr, force_encrypt, max_protocol,
+ port, name_type);
if ( !node->cli ) {
- SAFE_FREE( node );
+ TALLOC_FREE( node );
return NULL;
}
DLIST_ADD( connections, node );
- cli_cm_set_mntpoint( node->cli, "" );
+ cli_cm_set_mntpoint(node->cli, "");
- return node->cli;
+ if (referring_cli && referring_cli->posix_capabilities) {
+ uint16 major, minor;
+ uint32 caplow, caphigh;
+ if (cli_unix_extensions_version(node->cli, &major,
+ &minor, &caplow, &caphigh)) {
+ cli_set_unix_extensions_capabilities(node->cli,
+ major, minor,
+ caplow, caphigh);
+ }
+ }
+ return node->cli;
}
/********************************************************************
Return a connection to a server.
********************************************************************/
-static struct cli_state *cli_cm_find( const char *server, const char *share )
+static struct cli_state *cli_cm_find(const char *server, const char *share)
{
struct client_connection *p;
- for ( p=connections; p; p=p->next ) {
- if ( strequal(server, p->cli->desthost) && strequal(share,p->cli->share) )
+ for (p=connections; p; p=p->next) {
+ if ( strequal(server, p->cli->desthost) &&
+ strequal(share,p->cli->share)) {
return p->cli;
+ }
}
return NULL;
}
/****************************************************************************
- open a client connection to a \\server\share. Set's the current *cli
+ Open a client connection to a \\server\share. Set's the current *cli
global variable as a side-effect (but only if the connection is successful).
****************************************************************************/
-struct cli_state *cli_cm_open(const char *server,
+struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
+ struct cli_state *referring_cli,
+ const char *server,
const char *share,
- BOOL show_hdr)
+ bool show_hdr,
+ bool force_encrypt,
+ int max_protocol,
+ int port,
+ int name_type)
{
struct cli_state *c;
-
+
/* try to reuse an existing connection */
- c = cli_cm_find( server, share );
-
- if ( !c ) {
- c = cli_cm_connect(server, share, show_hdr);
+ c = cli_cm_find(server, share);
+ if (!c) {
+ c = cli_cm_connect(ctx, referring_cli,
+ server, share, show_hdr, force_encrypt,
+ max_protocol, port, name_type);
}
return c;
/****************************************************************************
****************************************************************************/
-void cli_cm_shutdown( void )
+void cli_cm_shutdown(void)
{
-
struct client_connection *p, *x;
- for ( p=connections; p; ) {
- cli_shutdown( p->cli );
+ for (p=connections; p;) {
+ cli_shutdown(p->cli);
x = p;
p = p->next;
- SAFE_FREE( x );
+ TALLOC_FREE(x);
}
connections = NULL;
int i;
for ( p=connections,i=0; p; p=p->next,i++ ) {
- d_printf("%d:\tserver=%s, share=%s\n",
+ d_printf("%d:\tserver=%s, share=%s\n",
i, p->cli->desthost, p->cli->share );
}
}
/****************************************************************************
****************************************************************************/
-void cli_cm_set_credentials( struct user_auth_info *user )
+static void cm_set_password(const char *newpass)
{
- pstrcpy( username, user->username );
-
- if ( user->got_pass ) {
- pstrcpy( password, user->password );
- got_pass = True;
+ SAFE_FREE(cm_creds.password);
+ cm_creds.password = SMB_STRDUP(newpass);
+ if (cm_creds.password) {
+ cm_creds.got_pass = true;
}
-
- use_kerberos = user->use_kerberos;
- signing_state = user->signing_state;
}
/****************************************************************************
****************************************************************************/
-void cli_cm_set_port( int port_number )
+void cli_cm_set_credentials(struct user_auth_info *auth_info)
+{
+ SAFE_FREE(cm_creds.username);
+ cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
+ auth_info));
+
+ if (get_cmdline_auth_info_got_pass(auth_info)) {
+ cm_set_password(get_cmdline_auth_info_password(auth_info));
+ }
+
+ cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
+ cm_creds.fallback_after_kerberos = false;
+ cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+void cli_cm_set_signing_state(int state)
+{
+ cm_creds.signing_state = state;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+void cli_cm_set_username(const char *username)
+{
+ SAFE_FREE(cm_creds.username);
+ cm_creds.username = SMB_STRDUP(username);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+void cli_cm_set_password(const char *newpass)
{
- port = port_number;
+ SAFE_FREE(cm_creds.password);
+ cm_creds.password = SMB_STRDUP(newpass);
+ if (cm_creds.password) {
+ cm_creds.got_pass = true;
+ }
}
/****************************************************************************
****************************************************************************/
-void cli_cm_set_dest_name_type( int type )
+void cli_cm_set_use_kerberos(void)
{
- name_type = type;
+ cm_creds.use_kerberos = true;
}
/****************************************************************************
****************************************************************************/
-void cli_cm_set_dest_ip(struct in_addr ip )
+void cli_cm_set_fallback_after_kerberos(void)
{
- dest_ip = ip;
- have_ip = True;
+ cm_creds.fallback_after_kerberos = true;
}
/**********************************************************************
split a dfs path into the server, share name, and extrapath components
**********************************************************************/
-static void split_dfs_path( const char *nodepath, fstring server, fstring share, pstring extrapath )
+static void split_dfs_path(TALLOC_CTX *ctx,
+ const char *nodepath,
+ char **pp_server,
+ char **pp_share,
+ char **pp_extrapath)
{
char *p, *q;
- pstring path;
+ char *path;
+
+ *pp_server = NULL;
+ *pp_share = NULL;
+ *pp_extrapath = NULL;
- pstrcpy( path, nodepath );
+ path = talloc_strdup(ctx, nodepath);
+ if (!path) {
+ return;
+ }
if ( path[0] != '\\' ) {
return;
if (q != NULL) {
*q = '\0';
q++;
- pstrcpy( extrapath, q );
+ *pp_extrapath = talloc_strdup(ctx, q);
} else {
- pstrcpy( extrapath, '\0' );
+ *pp_extrapath = talloc_strdup(ctx, "");
}
-
- fstrcpy( share, p );
- fstrcpy( server, &path[1] );
+
+ *pp_share = talloc_strdup(ctx, p);
+ *pp_server = talloc_strdup(ctx, &path[1]);
}
/****************************************************************************
Return the original path truncated at the directory component before
- the first wildcard character. Trust the caller to provide a NULL
+ the first wildcard character. Trust the caller to provide a NULL
terminated string
****************************************************************************/
-static void clean_path(const char *path, pstring path_out)
+static char *clean_path(TALLOC_CTX *ctx, const char *path)
{
size_t len;
char *p1, *p2, *p;
-
+ char *path_out;
+
/* No absolute paths. */
while (IS_DIRECTORY_SEP(*path)) {
path++;
}
- pstrcpy(path_out, path);
+ path_out = talloc_strdup(ctx, path);
+ if (!path_out) {
+ return NULL;
+ }
p1 = strchr_m(path_out, '*');
p2 = strchr_m(path_out, '?');
if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
path_out[len-1] = '\0';
}
+
+ return path_out;
}
/****************************************************************************
****************************************************************************/
-static void cli_dfs_make_full_path( struct cli_state *cli,
- const char *dir,
- pstring path_out)
+static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *dir)
{
/* Ensure the extrapath doesn't start with a separator. */
while (IS_DIRECTORY_SEP(*dir)) {
dir++;
}
- pstr_sprintf( path_out, "\\%s\\%s\\%s", cli->desthost, cli->share, dir);
+ return talloc_asprintf(ctx, "\\%s\\%s\\%s",
+ cli->desthost, cli->share, dir);
}
/********************************************************************
check for dfs referral
********************************************************************/
-static BOOL cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
+static bool cli_dfs_check_error( struct cli_state *cli, NTSTATUS status )
{
uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
/* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
- if ( !( (flgs2&FLAGS2_32_BIT_ERROR_CODES) && (flgs2&FLAGS2_UNICODE_STRINGS) ) )
- return False;
+ if (!((flgs2&FLAGS2_32_BIT_ERROR_CODES) &&
+ (flgs2&FLAGS2_UNICODE_STRINGS)))
+ return false;
- if ( NT_STATUS_EQUAL( status, NT_STATUS(IVAL(cli->inbuf,smb_rcls)) ) )
- return True;
+ if (NT_STATUS_EQUAL(status, NT_STATUS(IVAL(cli->inbuf,smb_rcls))))
+ return true;
- return False;
+ return false;
}
/********************************************************************
- get the dfs referral link
+ Get the dfs referral link.
********************************************************************/
-BOOL cli_dfs_get_referral( struct cli_state *cli,
- const char *path,
+bool cli_dfs_get_referral(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *path,
CLIENT_DFS_REFERRAL**refs,
size_t *num_refs,
uint16 *consumed)
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_GET_DFS_REFERRAL;
- char param[sizeof(pstring)+2];
- pstring data;
+ char *param;
char *rparam=NULL, *rdata=NULL;
char *p;
+ char *endp;
size_t pathlen = 2*(strlen(path)+1);
uint16 num_referrals;
CLIENT_DFS_REFERRAL *referrals = NULL;
-
- memset(param, 0, sizeof(param));
+ bool ret = false;
+
+ *num_refs = 0;
+ *refs = NULL;
+
+ param = SMB_MALLOC_ARRAY(char, 2+pathlen+2);
+ if (!param) {
+ return false;
+ }
SSVAL(param, 0, 0x03); /* max referral level */
p = ¶m[2];
- p += clistr_push(cli, p, path, MIN(pathlen, sizeof(param)-2), STR_TERMINATE);
+ p += clistr_push(cli, p, path, pathlen, STR_TERMINATE);
param_len = PTR_DIFF(p, param);
if (!cli_send_trans(cli, SMBtrans2,
- NULL, /* name */
- -1, 0, /* fid, flags */
- &setup, 1, 0, /* setup, length, max */
- param, param_len, 2, /* param, length, max */
- (char *)&data, data_len, cli->max_xmit /* data, length, max */
- )) {
- return False;
+ NULL, /* name */
+ -1, 0, /* fid, flags */
+ &setup, 1, 0, /* setup, length, max */
+ param, param_len, 2, /* param, length, max */
+ NULL, 0, cli->max_xmit /* data, length, max */
+ )) {
+ SAFE_FREE(param);
+ return false;
}
+ SAFE_FREE(param);
+
if (!cli_receive_trans(cli, SMBtrans2,
&rparam, ¶m_len,
&rdata, &data_len)) {
- return False;
+ return false;
}
-
- *consumed = SVAL( rdata, 0 );
- num_referrals = SVAL( rdata, 2 );
-
- if ( num_referrals != 0 ) {
+
+ if (data_len < 4) {
+ goto out;
+ }
+
+ endp = rdata + data_len;
+
+ *consumed = SVAL(rdata, 0);
+ num_referrals = SVAL(rdata, 2);
+
+ if (num_referrals != 0) {
uint16 ref_version;
uint16 ref_size;
int i;
uint16 node_offset;
- referrals = SMB_XMALLOC_ARRAY( CLIENT_DFS_REFERRAL, num_referrals );
+ referrals = TALLOC_ARRAY(ctx, CLIENT_DFS_REFERRAL,
+ num_referrals);
+ if (!referrals) {
+ goto out;
+ }
/* start at the referrals array */
-
+
p = rdata+8;
- for ( i=0; i<num_referrals; i++ ) {
- ref_version = SVAL( p, 0 );
- ref_size = SVAL( p, 2 );
- node_offset = SVAL( p, 16 );
-
- if ( ref_version != 3 ) {
+ for (i=0; i<num_referrals && p < endp; i++) {
+ if (p + 18 > endp) {
+ goto out;
+ }
+ ref_version = SVAL(p, 0);
+ ref_size = SVAL(p, 2);
+ node_offset = SVAL(p, 16);
+
+ if (ref_version != 3) {
p += ref_size;
continue;
}
-
- referrals[i].proximity = SVAL( p, 8 );
- referrals[i].ttl = SVAL( p, 10 );
- clistr_pull( cli, referrals[i].dfspath, p+node_offset,
- sizeof(referrals[i].dfspath), -1, STR_TERMINATE|STR_UNICODE );
+ referrals[i].proximity = SVAL(p, 8);
+ referrals[i].ttl = SVAL(p, 10);
+ if (p + node_offset > endp) {
+ goto out;
+ }
+ clistr_pull_talloc(ctx, cli->inbuf,
+ &referrals[i].dfspath,
+ p+node_offset, -1,
+ STR_TERMINATE|STR_UNICODE);
+
+ if (!referrals[i].dfspath) {
+ goto out;
+ }
p += ref_size;
}
+ if (i < num_referrals) {
+ goto out;
+ }
}
-
+
+ ret = true;
+
*num_refs = num_referrals;
*refs = referrals;
+ out:
+
SAFE_FREE(rdata);
SAFE_FREE(rparam);
-
- return True;
+ return ret;
}
-
/********************************************************************
********************************************************************/
-BOOL cli_resolve_path( const char *mountpt,
+bool cli_resolve_path(TALLOC_CTX *ctx,
+ const char *mountpt,
struct cli_state *rootcli,
const char *path,
struct cli_state **targetcli,
- pstring targetpath)
+ char **pp_targetpath)
{
CLIENT_DFS_REFERRAL *refs = NULL;
- size_t num_refs;
+ size_t num_refs = 0;
uint16 consumed;
- struct cli_state *cli_ipc;
- pstring dfs_path, cleanpath, extrapath;
+ struct cli_state *cli_ipc = NULL;
+ char *dfs_path = NULL;
+ char *cleanpath = NULL;
+ char *extrapath = NULL;
int pathlen;
- fstring server, share;
- struct cli_state *newcli;
- pstring newpath;
- pstring newmount;
- char *ppath, *temppath = NULL;
-
+ char *server = NULL;
+ char *share = NULL;
+ struct cli_state *newcli = NULL;
+ char *newpath = NULL;
+ char *newmount = NULL;
+ char *ppath = NULL;
SMB_STRUCT_STAT sbuf;
uint32 attributes;
-
+
if ( !rootcli || !path || !targetcli ) {
- return False;
+ return false;
}
-
+
/* Don't do anything if this is not a DFS root. */
if ( !rootcli->dfsroot) {
*targetcli = rootcli;
- pstrcpy( targetpath, path );
- return True;
+ *pp_targetpath = talloc_strdup(ctx, path);
+ if (!*pp_targetpath) {
+ return false;
+ }
+ return true;
}
*targetcli = NULL;
/* Send a trans2_query_path_info to check for a referral. */
- clean_path(path, cleanpath);
- cli_dfs_make_full_path(rootcli, cleanpath, dfs_path );
+ cleanpath = clean_path(ctx, path);
+ if (!cleanpath) {
+ return false;
+ }
+
+ dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
+ if (!dfs_path) {
+ return false;
+ }
- if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes ) ) {
+ if (cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes)) {
/* This is an ordinary path, just return it. */
*targetcli = rootcli;
- pstrcpy( targetpath, path );
+ *pp_targetpath = talloc_strdup(ctx, path);
+ if (!*pp_targetpath) {
+ return false;
+ }
goto done;
}
/* Special case where client asked for a path that does not exist */
- if ( cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND) ) {
+ if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
*targetcli = rootcli;
- pstrcpy( targetpath, path );
+ *pp_targetpath = talloc_strdup(ctx, path);
+ if (!*pp_targetpath) {
+ return false;
+ }
goto done;
}
/* We got an error, check for DFS referral. */
- if ( !cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
- return False;
+ if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED)) {
+ return false;
}
/* Check for the referral. */
- if ( !(cli_ipc = cli_cm_open( rootcli->desthost, "IPC$", False )) ) {
- return False;
+ if (!(cli_ipc = cli_cm_open(ctx, rootcli,
+ rootcli->desthost,
+ "IPC$", false,
+ (rootcli->trans_enc_state != NULL),
+ rootcli->protocol,
+ 0,
+ 0x20))) {
+ return false;
}
-
- if ( !cli_dfs_get_referral(cli_ipc, dfs_path, &refs, &num_refs, &consumed)
- || !num_refs ) {
- return False;
+
+ if (!cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
+ &num_refs, &consumed) || !num_refs) {
+ return false;
}
-
+
/* Just store the first referral for now. */
- split_dfs_path( refs[0].dfspath, server, share, extrapath );
- SAFE_FREE(refs);
+ if (!refs[0].dfspath) {
+ return false;
+ }
+ split_dfs_path(ctx, refs[0].dfspath, &server, &share, &extrapath );
+
+ if (!server || !share) {
+ return false;
+ }
/* Make sure to recreate the original string including any wildcards. */
-
- cli_dfs_make_full_path( rootcli, path, dfs_path);
- pathlen = strlen( dfs_path )*2;
- consumed = MIN(pathlen, consumed );
- pstrcpy( targetpath, &dfs_path[consumed/2] );
+
+ dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
+ if (!dfs_path) {
+ return false;
+ }
+ pathlen = strlen(dfs_path)*2;
+ consumed = MIN(pathlen, consumed);
+ *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed/2]);
+ if (!*pp_targetpath) {
+ return false;
+ }
dfs_path[consumed/2] = '\0';
/*
- * targetpath is now the unconsumed part of the path.
- * dfs_path is now the consumed part of the path (in \server\share\path format).
+ * *pp_targetpath is now the unconsumed part of the path.
+ * dfs_path is now the consumed part of the path
+ * (in \server\share\path format).
*/
/* Open the connection to the target server & share */
-
- if ( (*targetcli = cli_cm_open(server, share, False)) == NULL ) {
+ if ((*targetcli = cli_cm_open(ctx, rootcli,
+ server,
+ share,
+ false,
+ (rootcli->trans_enc_state != NULL),
+ rootcli->protocol,
+ 0,
+ 0x20)) == NULL) {
d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
server, share );
- return False;
+ return false;
}
-
- if (strlen(extrapath) > 0) {
- string_append(&temppath, extrapath);
- string_append(&temppath, targetpath);
- pstrcpy( targetpath, temppath );
+
+ if (extrapath && strlen(extrapath) > 0) {
+ *pp_targetpath = talloc_asprintf(ctx,
+ "%s%s",
+ extrapath,
+ *pp_targetpath);
+ if (!*pp_targetpath) {
+ return false;
+ }
}
-
+
/* parse out the consumed mount path */
/* trim off the \server\share\ */
ppath = dfs_path;
if (*ppath != '\\') {
- d_printf("cli_resolve_path: dfs_path (%s) not in correct format.\n",
+ d_printf("cli_resolve_path: "
+ "dfs_path (%s) not in correct format.\n",
dfs_path );
- return False;
+ return false;
}
ppath++; /* Now pointing at start of server name. */
-
+
if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
- return False;
+ return false;
}
ppath++; /* Now pointing at start of share name. */
if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
- return False;
+ return false;
}
ppath++; /* Now pointing at path component. */
- pstr_sprintf( newmount, "%s\\%s", mountpt, ppath );
+ newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
+ if (!newmount) {
+ return false;
+ }
- cli_cm_set_mntpoint( *targetcli, newmount );
+ cli_cm_set_mntpoint(*targetcli, newmount);
- /* Check for another dfs referral, note that we are not
+ /* Check for another dfs referral, note that we are not
checking for loops here. */
- if ( !strequal( targetpath, "\\" ) && !strequal( targetpath, "/")) {
- if ( cli_resolve_path( newmount, *targetcli, targetpath, &newcli, newpath ) ) {
+ if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
+ if (cli_resolve_path(ctx,
+ newmount,
+ *targetcli,
+ *pp_targetpath,
+ &newcli,
+ &newpath)) {
/*
* When cli_resolve_path returns true here it's always
* returning the complete path in newpath, so we're done
* here.
*/
*targetcli = newcli;
- pstrcpy( targetpath, newpath );
- return True;
+ *pp_targetpath = newpath;
+ return true;
}
}
done:
- /* If returning True ensure we return a dfs root full path. */
- if ( (*targetcli)->dfsroot ) {
- pstrcpy(dfs_path, targetpath );
- cli_dfs_make_full_path( *targetcli, dfs_path, targetpath);
+ /* If returning true ensure we return a dfs root full path. */
+ if ((*targetcli)->dfsroot) {
+ dfs_path = talloc_strdup(ctx, *pp_targetpath);
+ if (!dfs_path) {
+ return false;
+ }
+ *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
}
- return True;
+ return true;
}
/********************************************************************
********************************************************************/
-BOOL cli_check_msdfs_proxy( struct cli_state *cli, const char *sharename,
- fstring newserver, fstring newshare )
+static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *sharename,
+ char **pp_newserver,
+ char **pp_newshare,
+ bool force_encrypt,
+ const char *username,
+ const char *password,
+ const char *domain)
{
CLIENT_DFS_REFERRAL *refs = NULL;
- size_t num_refs;
+ size_t num_refs = 0;
uint16 consumed;
- pstring fullpath;
- BOOL res;
+ char *fullpath = NULL;
+ bool res;
uint16 cnum;
- pstring newextrapath;
-
- if ( !cli || !sharename )
- return False;
+ char *newextrapath = NULL;
+
+ if (!cli || !sharename) {
+ return false;
+ }
cnum = cli->cnum;
/* special case. never check for a referral on the IPC$ share */
- if ( strequal( sharename, "IPC$" ) ) {
- return False;
+ if (strequal(sharename, "IPC$")) {
+ return false;
}
-
+
/* send a trans2_query_path_info to check for a referral */
-
- pstr_sprintf( fullpath, "\\%s\\%s", cli->desthost, sharename );
+
+ fullpath = talloc_asprintf(ctx, "\\%s\\%s", cli->desthost, sharename );
+ if (!fullpath) {
+ return false;
+ }
/* check for the referral */
if (!cli_send_tconX(cli, "IPC$", "IPC", NULL, 0)) {
- return False;
+ return false;
+ }
+
+ if (force_encrypt) {
+ NTSTATUS status = cli_cm_force_encryption(cli,
+ username,
+ password,
+ lp_workgroup(),
+ "IPC$");
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
}
- res = cli_dfs_get_referral(cli, fullpath, &refs, &num_refs, &consumed);
+ res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
if (!cli_tdis(cli)) {
- SAFE_FREE( refs );
- return False;
+ return false;
}
cli->cnum = cnum;
- if (!res || !num_refs ) {
- SAFE_FREE( refs );
- return False;
+ if (!res || !num_refs) {
+ return false;
+ }
+
+ if (!refs[0].dfspath) {
+ return false;
+ }
+
+ split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
+ pp_newshare, &newextrapath );
+
+ if ((*pp_newserver == NULL) || (*pp_newshare == NULL)) {
+ return false;
}
-
- split_dfs_path( refs[0].dfspath, newserver, newshare, newextrapath );
/* check that this is not a self-referral */
- if ( strequal( cli->desthost, newserver ) && strequal( sharename, newshare ) ) {
- SAFE_FREE( refs );
- return False;
+ if (strequal(cli->desthost, *pp_newserver) &&
+ strequal(sharename, *pp_newshare)) {
+ return false;
}
-
- SAFE_FREE( refs );
-
- return True;
+
+ return true;
}