Modified revamp of the libsmbclient interface.
[tprouty/samba.git] / source3 / libsmb / libsmb_server.c
1 /* 
2    Unix SMB/Netbios implementation.
3    SMB client library implementation
4    Copyright (C) Andrew Tridgell 1998
5    Copyright (C) Richard Sharpe 2000, 2002
6    Copyright (C) John Terpstra 2000
7    Copyright (C) Tom Jansen (Ninja ISD) 2002 
8    Copyright (C) Derrell Lipman 2003-2008
9    Copyright (C) Jeremy Allison 2007, 2008
10    
11    This program is free software; you can redistribute it and/or modify
12    it under the terms of the GNU General Public License as published by
13    the Free Software Foundation; either version 3 of the License, or
14    (at your option) any later version.
15    
16    This program is distributed in the hope that it will be useful,
17    but WITHOUT ANY WARRANTY; without even the implied warranty of
18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19    GNU General Public License for more details.
20    
21    You should have received a copy of the GNU General Public License
22    along with this program.  If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
28
29
30 /* 
31  * Check a server for being alive and well.
32  * returns 0 if the server is in shape. Returns 1 on error 
33  * 
34  * Also useable outside libsmbclient to enable external cache
35  * to do some checks too.
36  */
37 int
38 SMBC_check_server(SMBCCTX * context,
39                   SMBCSRV * server) 
40 {
41         socklen_t size;
42         struct sockaddr addr;
43
44         size = sizeof(addr);
45         return (getpeername(server->cli->fd, &addr, &size) == -1);
46 }
47
48 /* 
49  * Remove a server from the cached server list it's unused.
50  * On success, 0 is returned. 1 is returned if the server could not be removed.
51  * 
52  * Also useable outside libsmbclient
53  */
54 int
55 SMBC_remove_unused_server(SMBCCTX * context,
56                           SMBCSRV * srv)
57 {
58         SMBCFILE * file;
59
60         /* are we being fooled ? */
61         if (!context || !context->internal->initialized || !srv) {
62                 return 1;
63         }
64         
65         /* Check all open files/directories for a relation with this server */
66         for (file = context->internal->files; file; file = file->next) {
67                 if (file->srv == srv) {
68                         /* Still used */
69                         DEBUG(3, ("smbc_remove_usused_server: "
70                                   "%p still used by %p.\n",
71                                   srv, file));
72                         return 1;
73                 }
74         }
75
76         DLIST_REMOVE(context->internal->servers, srv);
77
78         cli_shutdown(srv->cli);
79         srv->cli = NULL;
80
81         DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
82
83         (context->cache.remove_cached_server_fn)(context, srv);
84
85         SAFE_FREE(srv);
86         return 0;
87 }
88
89 /****************************************************************
90  * Call the auth_fn with fixed size (fstring) buffers.
91  ***************************************************************/
92 void
93 SMBC_call_auth_fn(TALLOC_CTX *ctx,
94                   SMBCCTX *context,
95                   const char *server,
96                   const char *share,
97                   char **pp_workgroup,
98                   char **pp_username,
99                   char **pp_password)
100 {
101         fstring workgroup;
102         fstring username;
103         fstring password;
104
105         strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
106         strlcpy(username, *pp_username, sizeof(username));
107         strlcpy(password, *pp_password, sizeof(password));
108
109         (context->server.get_auth_data_fn)(
110                 server, share,
111                 workgroup, sizeof(workgroup),
112                 username, sizeof(username),
113                 password, sizeof(password));
114
115         TALLOC_FREE(*pp_workgroup);
116         TALLOC_FREE(*pp_username);
117         TALLOC_FREE(*pp_password);
118
119         *pp_workgroup = talloc_strdup(ctx, workgroup);
120         *pp_username = talloc_strdup(ctx, username);
121         *pp_password = talloc_strdup(ctx, password);
122 }
123
124
125 void
126 SMBC_get_auth_data(const char *server, const char *share,
127                    char *workgroup_buf, int workgroup_buf_len,
128                    char *username_buf, int username_buf_len,
129                    char *password_buf, int password_buf_len)
130 {
131         /* Default function just uses provided data.  Nothing to do. */
132 }
133
134
135
136 SMBCSRV *
137 SMBC_find_server(TALLOC_CTX *ctx,
138                  SMBCCTX *context,
139                  const char *server,
140                  const char *share,
141                  char **pp_workgroup,
142                  char **pp_username,
143                  char **pp_password)
144 {
145         SMBCSRV *srv;
146         int auth_called = 0;
147
148  check_server_cache:
149
150         srv = (context->cache.get_cached_server_fn)(context,
151                                                     server, share,
152                                                     *pp_workgroup,
153                                                     *pp_username);
154
155         if (!auth_called && !srv && (!*pp_username || !(*pp_username)[0] ||
156                                 !*pp_password || !(*pp_password)[0])) {
157                 SMBC_call_auth_fn(ctx, context, server, share,
158                                 pp_workgroup, pp_username, pp_password);
159
160                 if (!pp_workgroup || !pp_username || !pp_password) {
161                         return NULL;
162                 }
163
164                 /*
165                  * However, smbc_auth_fn may have picked up info relating to
166                  * an existing connection, so try for an existing connection
167                  * again ...
168                  */
169                 auth_called = 1;
170                 goto check_server_cache;
171
172         }
173
174         if (srv) {
175                 if ((context->server.check_server_fn)(context, srv)) {
176                         /*
177                          * This server is no good anymore
178                          * Try to remove it and check for more possible
179                          * servers in the cache
180                          */
181                         if ((context->server.remove_unused_server_fn)(context,
182                                                                       srv)) { 
183                                 /*
184                                  * We could not remove the server completely,
185                                  * remove it from the cache so we will not get
186                                  * it again. It will be removed when the last
187                                  * file/dir is closed.
188                                  */
189                                 (context->cache.remove_cached_server_fn)(context,
190                                                                          srv);
191                         }
192
193                         /*
194                          * Maybe there are more cached connections to this
195                          * server
196                          */
197                         goto check_server_cache;
198                 }
199
200                 return srv;
201         }
202
203         return NULL;
204 }
205
206 /*
207  * Connect to a server, possibly on an existing connection
208  *
209  * Here, what we want to do is: If the server and username
210  * match an existing connection, reuse that, otherwise, establish a
211  * new connection.
212  *
213  * If we have to create a new connection, call the auth_fn to get the
214  * info we need, unless the username and password were passed in.
215  */
216
217 SMBCSRV *
218 SMBC_server(TALLOC_CTX *ctx,
219             SMBCCTX *context,
220             bool connect_if_not_found,
221             const char *server,
222             const char *share,
223             char **pp_workgroup,
224             char **pp_username,
225             char **pp_password)
226 {
227         SMBCSRV *srv=NULL;
228         struct cli_state *c;
229         struct nmb_name called, calling;
230         const char *server_n = server;
231         struct sockaddr_storage ss;
232         int tried_reverse = 0;
233         int port_try_first;
234         int port_try_next;
235         const char *username_used;
236         NTSTATUS status;
237
238         zero_addr(&ss);
239         ZERO_STRUCT(c);
240
241         if (server[0] == 0) {
242                 errno = EPERM;
243                 return NULL;
244         }
245
246         /* Look for a cached connection */
247         srv = SMBC_find_server(ctx, context, server, share,
248                           pp_workgroup, pp_username, pp_password);
249
250         /*
251          * If we found a connection and we're only allowed one share per
252          * server...
253          */
254         if (srv && *share != '\0' && context->internal->one_share_per_server) {
255
256                 /*
257                  * ... then if there's no current connection to the share,
258                  * connect to it.  SMBC_find_server(), or rather the function
259                  * pointed to by context->cache.get_cached_srv_fn which
260                  * was called by SMBC_find_server(), will have issued a tree
261                  * disconnect if the requested share is not the same as the
262                  * one that was already connected.
263                  */
264                 if (srv->cli->cnum == (uint16) -1) {
265                         /* Ensure we have accurate auth info */
266                         SMBC_call_auth_fn(ctx, context, server, share,
267                                 pp_workgroup, pp_username, pp_password);
268
269                         if (!*pp_workgroup || !*pp_username || !*pp_password) {
270                                 errno = ENOMEM;
271                                 cli_shutdown(srv->cli);
272                                 srv->cli = NULL;
273                                 (context->cache.remove_cached_server_fn)(context,
274                                                                          srv);
275                                 return NULL;
276                         }
277
278                         /*
279                          * We don't need to renegotiate encryption
280                          * here as the encryption context is not per
281                          * tid.
282                          */
283
284                         if (!cli_send_tconX(srv->cli, share, "?????",
285                                                 *pp_password,
286                                                 strlen(*pp_password)+1)) {
287
288                                 errno = SMBC_errno(context, srv->cli);
289                                 cli_shutdown(srv->cli);
290                                 srv->cli = NULL;
291                                 (context->cache.remove_cached_server_fn)(context,
292                                                                          srv);
293                                 srv = NULL;
294                         }
295
296                         /*
297                          * Regenerate the dev value since it's based on both
298                          * server and share
299                          */
300                         if (srv) {
301                                 srv->dev = (dev_t)(str_checksum(server) ^
302                                                    str_checksum(share));
303                         }
304                 }
305         }
306
307         /* If we have a connection... */
308         if (srv) {
309
310                 /* ... then we're done here.  Give 'em what they came for. */
311                 return srv;
312         }
313
314         /* If we're not asked to connect when a connection doesn't exist... */
315         if (! connect_if_not_found) {
316                 /* ... then we're done here. */
317                 return NULL;
318         }
319
320         if (!*pp_workgroup || !*pp_username || !*pp_password) {
321                 errno = ENOMEM;
322                 return NULL;
323         }
324
325         make_nmb_name(&calling, context->config.netbios_name, 0x0);
326         make_nmb_name(&called , server, 0x20);
327
328         DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
329
330         DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
331
332  again:
333
334         zero_addr(&ss);
335
336         /* have to open a new connection */
337         if ((c = cli_initialise()) == NULL) {
338                 errno = ENOMEM;
339                 return NULL;
340         }
341
342         if (context->flags.bits & SMB_CTX_FLAG_USE_KERBEROS) {
343                 c->use_kerberos = True;
344         }
345         if (context->flags.bits & SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS) {
346                 c->fallback_after_kerberos = True;
347         }
348
349         c->timeout = context->config.timeout;
350
351         /*
352          * Force use of port 139 for first try if share is $IPC, empty, or
353          * null, so browse lists can work
354          */
355         if (share == NULL || *share == '\0' || strcmp(share, "IPC$") == 0) {
356                 port_try_first = 139;
357                 port_try_next = 445;
358         } else {
359                 port_try_first = 445;
360                 port_try_next = 139;
361         }
362
363         c->port = port_try_first;
364
365         status = cli_connect(c, server_n, &ss);
366         if (!NT_STATUS_IS_OK(status)) {
367
368                 /* First connection attempt failed.  Try alternate port. */
369                 c->port = port_try_next;
370
371                 status = cli_connect(c, server_n, &ss);
372                 if (!NT_STATUS_IS_OK(status)) {
373                         cli_shutdown(c);
374                         errno = ETIMEDOUT;
375                         return NULL;
376                 }
377         }
378
379         if (!cli_session_request(c, &calling, &called)) {
380                 cli_shutdown(c);
381                 if (strcmp(called.name, "*SMBSERVER")) {
382                         make_nmb_name(&called , "*SMBSERVER", 0x20);
383                         goto again;
384                 } else {  /* Try one more time, but ensure we don't loop */
385
386                         /* Only try this if server is an IP address ... */
387
388                         if (is_ipaddress(server) && !tried_reverse) {
389                                 fstring remote_name;
390                                 struct sockaddr_storage rem_ss;
391
392                                 if (!interpret_string_addr(&rem_ss, server,
393                                                         NI_NUMERICHOST)) {
394                                         DEBUG(4, ("Could not convert IP address "
395                                                 "%s to struct sockaddr_storage\n",
396                                                 server));
397                                         errno = ETIMEDOUT;
398                                         return NULL;
399                                 }
400
401                                 tried_reverse++; /* Yuck */
402
403                                 if (name_status_find("*", 0, 0, &rem_ss, remote_name)) {
404                                         make_nmb_name(&called, remote_name, 0x20);
405                                         goto again;
406                                 }
407                         }
408                 }
409                 errno = ETIMEDOUT;
410                 return NULL;
411         }
412
413         DEBUG(4,(" session request ok\n"));
414
415         if (!cli_negprot(c)) {
416                 cli_shutdown(c);
417                 errno = ETIMEDOUT;
418                 return NULL;
419         }
420
421         username_used = *pp_username;
422
423         if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
424                                                *pp_password, strlen(*pp_password),
425                                                *pp_password, strlen(*pp_password),
426                                                *pp_workgroup))) {
427
428                 /* Failed.  Try an anonymous login, if allowed by flags. */
429                 username_used = "";
430
431                 if ((context->flags.bits &
432                      SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
433                     !NT_STATUS_IS_OK(cli_session_setup(c, username_used,
434                                                        *pp_password, 1,
435                                                        *pp_password, 0,
436                                                        *pp_workgroup))) {
437
438                         cli_shutdown(c);
439                         errno = EPERM;
440                         return NULL;
441                 }
442         }
443
444         DEBUG(4,(" session setup ok\n"));
445
446         if (!cli_send_tconX(c, share, "?????",
447                             *pp_password, strlen(*pp_password)+1)) {
448                 errno = SMBC_errno(context, c);
449                 cli_shutdown(c);
450                 return NULL;
451         }
452
453         DEBUG(4,(" tconx ok\n"));
454
455         if (context->internal->smb_encryption_level) {
456                 /* Attempt UNIX smb encryption. */
457                 if (!NT_STATUS_IS_OK(cli_force_encryption(c,
458                                                 username_used,
459                                                 *pp_password,
460                                                 *pp_workgroup))) {
461
462                         /*
463                          * context->smb_encryption_level == 1
464                          * means don't fail if encryption can't be negotiated,
465                          * == 2 means fail if encryption can't be negotiated.
466                          */
467
468                         DEBUG(4,(" SMB encrypt failed\n"));
469
470                         if (context->internal->smb_encryption_level == 2) {
471                                 cli_shutdown(c);
472                                 errno = EPERM;
473                                 return NULL;
474                         }
475                 }
476                 DEBUG(4,(" SMB encrypt ok\n"));
477         }
478
479         /*
480          * Ok, we have got a nice connection
481          * Let's allocate a server structure.
482          */
483
484         srv = SMB_MALLOC_P(SMBCSRV);
485         if (!srv) {
486                 errno = ENOMEM;
487                 goto failed;
488         }
489
490         ZERO_STRUCTP(srv);
491         srv->cli = c;
492         srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
493         srv->no_pathinfo = False;
494         srv->no_pathinfo2 = False;
495         srv->no_nt_session = False;
496
497         /* now add it to the cache (internal or external)  */
498         /* Let the cache function set errno if it wants to */
499         errno = 0;
500         if ((context->cache.add_cached_server_fn)(context, srv,
501                                                   server, share,
502                                                   *pp_workgroup,
503                                                   *pp_username)) {
504                 int saved_errno = errno;
505                 DEBUG(3, (" Failed to add server to cache\n"));
506                 errno = saved_errno;
507                 if (errno == 0) {
508                         errno = ENOMEM;
509                 }
510                 goto failed;
511         }
512
513         DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
514                   server, share, srv));
515
516         DLIST_ADD(context->internal->servers, srv);
517         return srv;
518
519  failed:
520         cli_shutdown(c);
521         if (!srv) {
522                 return NULL;
523         }
524
525         SAFE_FREE(srv);
526         return NULL;
527 }
528
529 /*
530  * Connect to a server for getting/setting attributes, possibly on an existing
531  * connection.  This works similarly to SMBC_server().
532  */
533 SMBCSRV *
534 SMBC_attr_server(TALLOC_CTX *ctx,
535                  SMBCCTX *context,
536                  const char *server,
537                  const char *share,
538                  char **pp_workgroup,
539                  char **pp_username,
540                  char **pp_password)
541 {
542         int flags;
543         struct sockaddr_storage ss;
544         struct cli_state *ipc_cli;
545         struct rpc_pipe_client *pipe_hnd;
546         NTSTATUS nt_status;
547         SMBCSRV *ipc_srv=NULL;
548
549         /*
550          * See if we've already created this special connection.  Reference
551          * our "special" share name '*IPC$', which is an impossible real share
552          * name due to the leading asterisk.
553          */
554         ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
555                               pp_workgroup, pp_username, pp_password);
556         if (!ipc_srv) {
557
558                 /* We didn't find a cached connection.  Get the password */
559                 if (!*pp_password || (*pp_password)[0] == '\0') {
560                         /* ... then retrieve it now. */
561                         SMBC_call_auth_fn(ctx, context, server, share,
562                                 pp_workgroup, pp_username, pp_password);
563                         if (!*pp_workgroup || !*pp_username || !*pp_password) {
564                                 errno = ENOMEM;
565                                 return NULL;
566                         }
567                 }
568
569                 flags = 0;
570                 if (context->flags.bits & SMB_CTX_FLAG_USE_KERBEROS) {
571                         flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
572                 }
573
574                 zero_addr(&ss);
575                 nt_status = cli_full_connection(&ipc_cli,
576                                                 global_myname(), server,
577                                                 &ss, 0, "IPC$", "?????",
578                                                 *pp_username,
579                                                 *pp_workgroup,
580                                                 *pp_password,
581                                                 flags,
582                                                 Undefined, NULL);
583                 if (! NT_STATUS_IS_OK(nt_status)) {
584                         DEBUG(1,("cli_full_connection failed! (%s)\n",
585                                  nt_errstr(nt_status)));
586                         errno = ENOTSUP;
587                         return NULL;
588                 }
589
590                 if (context->internal->smb_encryption_level) {
591                         /* Attempt UNIX smb encryption. */
592                         if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
593                                                 *pp_username,
594                                                 *pp_password,
595                                                 *pp_workgroup))) {
596
597                                 /*
598                                  * context->smb_encryption_level ==
599                                  * 1 means don't fail if encryption can't be
600                                  * negotiated, == 2 means fail if encryption
601                                  * can't be negotiated.
602                                  */
603
604                                 DEBUG(4,(" SMB encrypt failed on IPC$\n"));
605
606                                 if (context->internal->smb_encryption_level == 2) {
607                                         cli_shutdown(ipc_cli);
608                                         errno = EPERM;
609                                         return NULL;
610                                 }
611                         }
612                         DEBUG(4,(" SMB encrypt ok on IPC$\n"));
613                 }
614
615                 ipc_srv = SMB_MALLOC_P(SMBCSRV);
616                 if (!ipc_srv) {
617                         errno = ENOMEM;
618                         cli_shutdown(ipc_cli);
619                         return NULL;
620                 }
621
622                 ZERO_STRUCTP(ipc_srv);
623                 ipc_srv->cli = ipc_cli;
624
625                 pipe_hnd = cli_rpc_pipe_open_noauth(ipc_srv->cli,
626                                                     PI_LSARPC,
627                                                     &nt_status);
628                 if (!pipe_hnd) {
629                     DEBUG(1, ("cli_nt_session_open fail!\n"));
630                     errno = ENOTSUP;
631                     cli_shutdown(ipc_srv->cli);
632                     free(ipc_srv);
633                     return NULL;
634                 }
635
636                 /*
637                  * Some systems don't support
638                  * SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
639                  * so we might as well do it too.
640                  */
641
642                 nt_status = rpccli_lsa_open_policy(
643                     pipe_hnd,
644                     talloc_tos(),
645                     True,
646                     GENERIC_EXECUTE_ACCESS,
647                     &ipc_srv->pol);
648
649                 if (!NT_STATUS_IS_OK(nt_status)) {
650                     errno = SMBC_errno(context, ipc_srv->cli);
651                     cli_shutdown(ipc_srv->cli);
652                     return NULL;
653                 }
654
655                 /* now add it to the cache (internal or external) */
656
657                 errno = 0;      /* let cache function set errno if it likes */
658                 if ((context->cache.add_cached_server_fn)(context, ipc_srv,
659                                                           server,
660                                                           "*IPC$",
661                                                           *pp_workgroup,
662                                                           *pp_username)) {
663                         DEBUG(3, (" Failed to add server to cache\n"));
664                         if (errno == 0) {
665                                 errno = ENOMEM;
666                         }
667                         cli_shutdown(ipc_srv->cli);
668                         free(ipc_srv);
669                         return NULL;
670                 }
671
672                 DLIST_ADD(context->internal->servers, ipc_srv);
673         }
674
675         return ipc_srv;
676 }