2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Gerald (Jerry) Carter 2004
6 Copyright (C) Jeremy Allison 2007-2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libsmb/libsmb.h"
24 #include "libsmb/clirap.h"
27 #include "libsmb/nmblib.h"
28 #include "../libcli/smb/smbXcli_base.h"
30 /********************************************************************
33 DFS paths are *always* of the form \server\share\<pathname> (the \ characters
34 are not C escaped here).
36 - but if we're using POSIX paths then <pathname> may contain
37 '/' separators, not '\\' separators. So cope with '\\' or '/'
38 as a separator when looking at the pathname part.... JRA.
39 ********************************************************************/
41 /********************************************************************
42 Ensure a connection is encrypted.
43 ********************************************************************/
45 NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
46 struct cli_credentials *creds,
47 const char *sharename)
49 uint16_t major, minor;
50 uint32_t caplow, caphigh;
53 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
54 status = smb2cli_session_encryption_on(c->smb2.session);
55 if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
56 d_printf("Encryption required and "
57 "server doesn't support "
58 "SMB3 encryption - failing connect\n");
59 } else if (!NT_STATUS_IS_OK(status)) {
60 d_printf("Encryption required and "
61 "setup failed with error %s.\n",
67 if (!SERVER_HAS_UNIX_CIFS(c)) {
68 d_printf("Encryption required and "
69 "server that doesn't support "
70 "UNIX extensions - failing connect\n");
71 return NT_STATUS_NOT_SUPPORTED;
74 status = cli_unix_extensions_version(c, &major, &minor, &caplow,
76 if (!NT_STATUS_IS_OK(status)) {
77 d_printf("Encryption required and "
78 "can't get UNIX CIFS extensions "
79 "version from server.\n");
80 return NT_STATUS_UNKNOWN_REVISION;
83 if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
84 d_printf("Encryption required and "
85 "share %s doesn't support "
86 "encryption.\n", sharename);
87 return NT_STATUS_UNSUPPORTED_COMPRESSION;
90 status = cli_smb1_setup_encryption(c, creds);
91 if (!NT_STATUS_IS_OK(status)) {
92 d_printf("Encryption required and "
93 "setup failed with error %s.\n",
101 NTSTATUS cli_cm_force_encryption(struct cli_state *c,
102 const char *username,
103 const char *password,
105 const char *sharename)
107 struct cli_credentials *creds = NULL;
110 creds = cli_session_creds_init(c,
113 NULL, /* default realm */
116 c->fallback_after_kerberos,
120 return NT_STATUS_NO_MEMORY;
123 status = cli_cm_force_encryption_creds(c, creds, sharename);
124 /* gensec currently references the creds so we can't free them here */
125 talloc_unlink(c, creds);
129 /********************************************************************
130 Return a connection to a server.
131 ********************************************************************/
133 static NTSTATUS do_connect(TALLOC_CTX *ctx,
136 const struct user_auth_info *auth_info,
142 struct cli_state **pcli)
144 struct cli_state *c = NULL;
147 char *newserver, *newshare;
148 const char *username;
149 const char *password;
153 int signing_state = get_cmdline_auth_info_signing_state(auth_info);
154 struct cli_credentials *creds = NULL;
157 signing_state = SMB_SIGNING_REQUIRED;
160 /* make a copy so we don't modify the global string 'service' */
161 servicename = talloc_strdup(ctx,share);
163 return NT_STATUS_NO_MEMORY;
165 sharename = servicename;
166 if (*sharename == '\\') {
168 if (server == NULL) {
171 sharename = strchr_m(sharename,'\\');
173 return NT_STATUS_NO_MEMORY;
178 if (server == NULL) {
179 return NT_STATUS_INVALID_PARAMETER;
182 if (get_cmdline_auth_info_use_kerberos(auth_info)) {
183 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
185 if (get_cmdline_auth_info_fallback_after_kerberos(auth_info)) {
186 flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
188 if (get_cmdline_auth_info_use_ccache(auth_info)) {
189 flags |= CLI_FULL_CONNECTION_USE_CCACHE;
191 if (get_cmdline_auth_info_use_pw_nt_hash(auth_info)) {
192 flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
195 status = cli_connect_nb(
196 server, NULL, port, name_type, NULL,
200 if (!NT_STATUS_IS_OK(status)) {
201 d_printf("Connection to %s failed (Error %s)\n",
207 if (max_protocol == 0) {
208 max_protocol = PROTOCOL_NT1;
210 DEBUG(4,(" session request ok\n"));
212 status = smbXcli_negprot(c->conn, c->timeout,
213 lp_client_min_protocol(),
216 if (!NT_STATUS_IS_OK(status)) {
217 d_printf("protocol negotiation failed: %s\n",
223 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
224 /* Ensure we ask for some initial credits. */
225 smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
228 username = get_cmdline_auth_info_username(auth_info);
229 password = get_cmdline_auth_info_password(auth_info);
230 domain = get_cmdline_auth_info_domain(auth_info);
231 if ((domain == NULL) || (domain[0] == '\0')) {
232 domain = lp_workgroup();
235 creds = get_cmdline_auth_info_creds(auth_info);
237 status = cli_session_setup_creds(c, creds);
238 if (!NT_STATUS_IS_OK(status)) {
239 /* If a password was not supplied then
240 * try again with a null username. */
241 if (password[0] || !username[0] ||
242 get_cmdline_auth_info_use_kerberos(auth_info) ||
243 !NT_STATUS_IS_OK(status = cli_session_setup_anon(c)))
245 d_printf("session setup failed: %s\n",
247 if (NT_STATUS_EQUAL(status,
248 NT_STATUS_MORE_PROCESSING_REQUIRED))
249 d_printf("did you forget to run kinit?\n");
253 d_printf("Anonymous login successful\n");
256 if (!NT_STATUS_IS_OK(status)) {
257 DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
262 if ( show_sessetup ) {
263 if (*c->server_domain) {
264 DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
265 c->server_domain,c->server_os,c->server_type));
266 } else if (*c->server_os || *c->server_type) {
267 DEBUG(0,("OS=[%s] Server=[%s]\n",
268 c->server_os,c->server_type));
271 DEBUG(4,(" session setup ok\n"));
273 /* here's the fun part....to support 'msdfs proxy' shares
274 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
275 here before trying to connect to the original share.
276 cli_check_msdfs_proxy() will fail if it is a normal share. */
278 if (smbXcli_conn_dfs_supported(c->conn) &&
279 cli_check_msdfs_proxy(ctx, c, sharename,
280 &newserver, &newshare,
281 force_encrypt, creds)) {
283 return do_connect(ctx, newserver,
284 newshare, auth_info, false,
285 force_encrypt, max_protocol,
286 port, name_type, pcli);
289 /* must be a normal share */
291 status = cli_tree_connect_creds(c, sharename, "?????", creds);
292 if (!NT_STATUS_IS_OK(status)) {
293 d_printf("tree connect failed: %s\n", nt_errstr(status));
299 status = cli_cm_force_encryption_creds(c,
302 if (!NT_STATUS_IS_OK(status)) {
308 DEBUG(4,(" tconx ok\n"));
313 /****************************************************************************
314 ****************************************************************************/
316 static void cli_set_mntpoint(struct cli_state *cli, const char *mnt)
318 TALLOC_CTX *frame = talloc_stackframe();
319 char *name = clean_name(frame, mnt);
324 TALLOC_FREE(cli->dfs_mountpoint);
325 cli->dfs_mountpoint = talloc_strdup(cli, name);
329 /********************************************************************
330 Add a new connection to the list.
331 referring_cli == NULL means a new initial connection.
332 ********************************************************************/
334 static NTSTATUS cli_cm_connect(TALLOC_CTX *ctx,
335 struct cli_state *referring_cli,
338 const struct user_auth_info *auth_info,
344 struct cli_state **pcli)
346 struct cli_state *cli;
349 status = do_connect(ctx, server, share,
351 show_hdr, force_encrypt, max_protocol,
352 port, name_type, &cli);
354 if (!NT_STATUS_IS_OK(status)) {
358 /* Enter into the list. */
360 DLIST_ADD_END(referring_cli, cli);
363 if (referring_cli && referring_cli->requested_posix_capabilities) {
364 uint16_t major, minor;
365 uint32_t caplow, caphigh;
366 status = cli_unix_extensions_version(cli, &major, &minor,
368 if (NT_STATUS_IS_OK(status)) {
369 cli_set_unix_extensions_capabilities(cli,
379 /********************************************************************
380 Return a connection to a server on a particular share.
381 ********************************************************************/
383 static struct cli_state *cli_cm_find(struct cli_state *cli,
393 /* Search to the start of the list. */
394 for (p = cli; p; p = DLIST_PREV(p)) {
395 const char *remote_name =
396 smbXcli_conn_remote_name(p->conn);
398 if (strequal(server, remote_name) &&
399 strequal(share,p->share)) {
404 /* Search to the end of the list. */
405 for (p = cli->next; p; p = p->next) {
406 const char *remote_name =
407 smbXcli_conn_remote_name(p->conn);
409 if (strequal(server, remote_name) &&
410 strequal(share,p->share)) {
418 /****************************************************************************
419 Open a client connection to a \\server\share.
420 ****************************************************************************/
422 NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
423 struct cli_state *referring_cli,
426 const struct user_auth_info *auth_info,
432 struct cli_state **pcli)
434 /* Try to reuse an existing connection in this list. */
435 struct cli_state *c = cli_cm_find(referring_cli, server, share);
443 if (auth_info == NULL) {
444 /* Can't do a new connection
445 * without auth info. */
446 d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
447 "without auth info\n",
449 return NT_STATUS_INVALID_PARAMETER;
452 status = cli_cm_connect(ctx,
463 if (!NT_STATUS_IS_OK(status)) {
470 /****************************************************************************
471 ****************************************************************************/
473 void cli_cm_display(struct cli_state *cli)
477 for (i=0; cli; cli = cli->next,i++ ) {
478 d_printf("%d:\tserver=%s, share=%s\n",
479 i, smbXcli_conn_remote_name(cli->conn), cli->share);
483 /****************************************************************************
484 ****************************************************************************/
486 /****************************************************************************
487 ****************************************************************************/
490 void cli_cm_set_credentials(struct user_auth_info *auth_info)
492 SAFE_FREE(cm_creds.username);
493 cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username(
496 if (get_cmdline_auth_info_got_pass(auth_info)) {
497 cm_set_password(get_cmdline_auth_info_password(auth_info));
500 cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
501 cm_creds.fallback_after_kerberos = false;
502 cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info);
506 /**********************************************************************
507 split a dfs path into the server, share name, and extrapath components
508 **********************************************************************/
510 static bool split_dfs_path(TALLOC_CTX *ctx,
511 const char *nodepath,
521 *pp_extrapath = NULL;
523 path = talloc_strdup(ctx, nodepath);
528 if ( path[0] != '\\' ) {
532 p = strchr_m( path + 1, '\\' );
540 /* Look for any extra/deep path */
541 q = strchr_m(p, '\\');
545 *pp_extrapath = talloc_strdup(ctx, q);
547 *pp_extrapath = talloc_strdup(ctx, "");
549 if (*pp_extrapath == NULL) {
553 *pp_share = talloc_strdup(ctx, p);
554 if (*pp_share == NULL) {
558 *pp_server = talloc_strdup(ctx, &path[1]);
559 if (*pp_server == NULL) {
567 TALLOC_FREE(*pp_share);
568 TALLOC_FREE(*pp_extrapath);
573 /****************************************************************************
574 Return the original path truncated at the directory component before
575 the first wildcard character. Trust the caller to provide a NULL
577 ****************************************************************************/
579 static char *clean_path(TALLOC_CTX *ctx, const char *path)
585 /* No absolute paths. */
586 while (IS_DIRECTORY_SEP(*path)) {
590 path_out = talloc_strdup(ctx, path);
595 p1 = strchr_m(path_out, '*');
596 p2 = strchr_m(path_out, '?');
608 /* Now go back to the start of this component. */
609 p1 = strrchr_m(path_out, '/');
610 p2 = strrchr_m(path_out, '\\');
617 /* Strip any trailing separator */
619 len = strlen(path_out);
620 if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
621 path_out[len-1] = '\0';
627 /****************************************************************************
628 ****************************************************************************/
630 static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
631 struct cli_state *cli,
634 char path_sep = '\\';
636 /* Ensure the extrapath doesn't start with a separator. */
637 while (IS_DIRECTORY_SEP(*dir)) {
641 if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
644 return talloc_asprintf(ctx, "%c%s%c%s%c%s",
646 smbXcli_conn_remote_name(cli->conn),
653 /********************************************************************
654 check for dfs referral
655 ********************************************************************/
657 static bool cli_dfs_check_error(struct cli_state *cli, NTSTATUS expected,
660 /* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
662 if (!(smbXcli_conn_use_unicode(cli->conn))) {
665 if (!(smb1cli_conn_capabilities(cli->conn) & CAP_STATUS32)) {
668 if (NT_STATUS_EQUAL(status, expected)) {
674 /********************************************************************
675 Get the dfs referral link.
676 ********************************************************************/
678 NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
679 struct cli_state *cli,
681 struct client_dfs_referral **refs,
685 unsigned int param_len = 0;
686 uint16_t recv_flags2;
687 uint8_t *param = NULL;
688 uint8_t *rdata = NULL;
691 smb_ucs2_t *path_ucs;
692 char *consumed_path = NULL;
693 uint16_t consumed_ucs;
694 uint16_t num_referrals;
695 struct client_dfs_referral *referrals = NULL;
697 TALLOC_CTX *frame = talloc_stackframe();
702 param = talloc_array(talloc_tos(), uint8_t, 2);
704 status = NT_STATUS_NO_MEMORY;
707 SSVAL(param, 0, 0x03); /* max referral level */
709 param = trans2_bytes_push_str(param, smbXcli_conn_use_unicode(cli->conn),
710 path, strlen(path)+1,
713 status = NT_STATUS_NO_MEMORY;
716 param_len = talloc_get_size(param);
717 path_ucs = (smb_ucs2_t *)¶m[2];
719 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
720 DATA_BLOB in_input_buffer;
721 DATA_BLOB in_output_buffer = data_blob_null;
722 DATA_BLOB out_input_buffer = data_blob_null;
723 DATA_BLOB out_output_buffer = data_blob_null;
725 in_input_buffer.data = param;
726 in_input_buffer.length = param_len;
728 status = smb2cli_ioctl(cli->conn,
732 UINT64_MAX, /* in_fid_persistent */
733 UINT64_MAX, /* in_fid_volatile */
734 FSCTL_DFS_GET_REFERRALS,
735 0, /* in_max_input_length */
737 CLI_BUFFER_SIZE, /* in_max_output_length */
739 SMB2_IOCTL_FLAG_IS_FSCTL,
743 if (!NT_STATUS_IS_OK(status)) {
747 if (out_output_buffer.length < 4) {
748 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
752 recv_flags2 = FLAGS2_UNICODE_STRINGS;
753 rdata = out_output_buffer.data;
754 endp = (char *)rdata + out_output_buffer.length;
756 unsigned int data_len = 0;
759 SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);
761 status = cli_trans(talloc_tos(), cli, SMBtrans2,
765 NULL, 0, CLI_BUFFER_SIZE,
767 NULL, 0, NULL, /* rsetup */
769 &rdata, 4, &data_len);
770 if (!NT_STATUS_IS_OK(status)) {
774 endp = (char *)rdata + data_len;
777 consumed_ucs = SVAL(rdata, 0);
778 num_referrals = SVAL(rdata, 2);
780 /* consumed_ucs is the number of bytes
781 * of the UCS2 path consumed not counting any
782 * terminating null. We need to convert
783 * back to unix charset and count again
784 * to get the number of bytes consumed from
785 * the incoming path. */
788 if (pull_string_talloc(talloc_tos(),
796 status = map_nt_error_from_unix(errno);
798 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
802 if (consumed_path == NULL) {
803 status = map_nt_error_from_unix(errno);
806 *consumed = strlen(consumed_path);
808 if (num_referrals != 0) {
809 uint16_t ref_version;
812 uint16_t node_offset;
814 referrals = talloc_array(ctx, struct client_dfs_referral,
818 status = NT_STATUS_NO_MEMORY;
821 /* start at the referrals array */
824 for (i=0; i<num_referrals && p < endp; i++) {
828 ref_version = SVAL(p, 0);
829 ref_size = SVAL(p, 2);
830 node_offset = SVAL(p, 16);
832 if (ref_version != 3) {
837 referrals[i].proximity = SVAL(p, 8);
838 referrals[i].ttl = SVAL(p, 10);
840 if (p + node_offset > endp) {
841 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
844 clistr_pull_talloc(referrals,
847 &referrals[i].dfspath,
849 PTR_DIFF(endp, p+node_offset),
850 STR_TERMINATE|STR_UNICODE);
852 if (!referrals[i].dfspath) {
853 status = map_nt_error_from_unix(errno);
858 if (i < num_referrals) {
859 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
864 *num_refs = num_referrals;
873 /********************************************************************
874 ********************************************************************/
875 struct cli_dfs_path_split {
881 NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
883 const struct user_auth_info *dfs_auth_info,
884 struct cli_state *rootcli,
886 struct cli_state **targetcli,
887 char **pp_targetpath)
889 struct client_dfs_referral *refs = NULL;
892 struct cli_state *cli_ipc = NULL;
893 char *dfs_path = NULL;
894 char *cleanpath = NULL;
895 char *extrapath = NULL;
897 struct cli_state *newcli = NULL;
898 struct cli_state *ccli = NULL;
900 char *newpath = NULL;
901 char *newmount = NULL;
903 SMB_STRUCT_STAT sbuf;
906 struct smbXcli_tcon *root_tcon = NULL;
907 struct smbXcli_tcon *target_tcon = NULL;
908 struct cli_dfs_path_split *dfs_refs = NULL;
910 if ( !rootcli || !path || !targetcli ) {
911 return NT_STATUS_INVALID_PARAMETER;
914 /* Don't do anything if this is not a DFS root. */
916 if (smbXcli_conn_protocol(rootcli->conn) >= PROTOCOL_SMB2_02) {
917 root_tcon = rootcli->smb2.tcon;
919 root_tcon = rootcli->smb1.tcon;
922 if (!smbXcli_tcon_is_dfs_share(root_tcon)) {
923 *targetcli = rootcli;
924 *pp_targetpath = talloc_strdup(ctx, path);
925 if (!*pp_targetpath) {
926 return NT_STATUS_NO_MEMORY;
933 /* Send a trans2_query_path_info to check for a referral. */
935 cleanpath = clean_path(ctx, path);
937 return NT_STATUS_NO_MEMORY;
940 dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
942 return NT_STATUS_NO_MEMORY;
945 status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
946 if (NT_STATUS_IS_OK(status)) {
947 /* This is an ordinary path, just return it. */
948 *targetcli = rootcli;
949 *pp_targetpath = talloc_strdup(ctx, path);
950 if (!*pp_targetpath) {
951 return NT_STATUS_NO_MEMORY;
956 /* Special case where client asked for a path that does not exist */
958 if (cli_dfs_check_error(rootcli, NT_STATUS_OBJECT_NAME_NOT_FOUND,
960 *targetcli = rootcli;
961 *pp_targetpath = talloc_strdup(ctx, path);
962 if (!*pp_targetpath) {
963 return NT_STATUS_NO_MEMORY;
968 /* We got an error, check for DFS referral. */
970 if (!cli_dfs_check_error(rootcli, NT_STATUS_PATH_NOT_COVERED,
975 /* Check for the referral. */
977 status = cli_cm_open(ctx,
979 smbXcli_conn_remote_name(rootcli->conn),
983 smb1cli_conn_encryption_on(rootcli->conn),
984 smbXcli_conn_protocol(rootcli->conn),
988 if (!NT_STATUS_IS_OK(status)) {
992 status = cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
993 &num_refs, &consumed);
994 if (!NT_STATUS_IS_OK(status)) {
998 if (!num_refs || !refs[0].dfspath) {
999 return NT_STATUS_NOT_FOUND;
1003 * Bug#10123 - DFS referal entries can be provided in a random order,
1004 * so check the connection cache for each item to avoid unnecessary
1007 dfs_refs = talloc_array(ctx, struct cli_dfs_path_split, num_refs);
1008 if (dfs_refs == NULL) {
1009 return NT_STATUS_NO_MEMORY;
1012 for (count = 0; count < num_refs; count++) {
1013 if (!split_dfs_path(dfs_refs, refs[count].dfspath,
1014 &dfs_refs[count].server,
1015 &dfs_refs[count].share,
1016 &dfs_refs[count].extrapath)) {
1017 TALLOC_FREE(dfs_refs);
1018 return NT_STATUS_NOT_FOUND;
1021 ccli = cli_cm_find(rootcli, dfs_refs[count].server,
1022 dfs_refs[count].share);
1024 extrapath = dfs_refs[count].extrapath;
1031 * If no cached connection was found, then connect to the first live
1032 * referral server in the list.
1034 for (count = 0; (ccli == NULL) && (count < num_refs); count++) {
1035 /* Connect to the target server & share */
1036 status = cli_cm_connect(ctx, rootcli,
1037 dfs_refs[count].server,
1038 dfs_refs[count].share,
1041 smb1cli_conn_encryption_on(rootcli->conn),
1042 smbXcli_conn_protocol(rootcli->conn),
1046 if (!NT_STATUS_IS_OK(status)) {
1047 d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
1048 dfs_refs[count].server,
1049 dfs_refs[count].share);
1052 extrapath = dfs_refs[count].extrapath;
1057 /* No available referral server for the connection */
1058 if (*targetcli == NULL) {
1059 TALLOC_FREE(dfs_refs);
1063 /* Make sure to recreate the original string including any wildcards. */
1065 dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
1067 TALLOC_FREE(dfs_refs);
1068 return NT_STATUS_NO_MEMORY;
1070 pathlen = strlen(dfs_path);
1071 consumed = MIN(pathlen, consumed);
1072 *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
1073 if (!*pp_targetpath) {
1074 TALLOC_FREE(dfs_refs);
1075 return NT_STATUS_NO_MEMORY;
1077 dfs_path[consumed] = '\0';
1080 * *pp_targetpath is now the unconsumed part of the path.
1081 * dfs_path is now the consumed part of the path
1082 * (in \server\share\path format).
1085 if (extrapath && strlen(extrapath) > 0) {
1086 /* EMC Celerra NAS version 5.6.50 (at least) doesn't appear to */
1087 /* put the trailing \ on the path, so to be save we put one in if needed */
1088 if (extrapath[strlen(extrapath)-1] != '\\' && **pp_targetpath != '\\') {
1089 *pp_targetpath = talloc_asprintf(ctx,
1094 *pp_targetpath = talloc_asprintf(ctx,
1099 if (!*pp_targetpath) {
1100 TALLOC_FREE(dfs_refs);
1101 return NT_STATUS_NO_MEMORY;
1105 /* parse out the consumed mount path */
1106 /* trim off the \server\share\ */
1110 if (*ppath != '\\') {
1111 d_printf("cli_resolve_path: "
1112 "dfs_path (%s) not in correct format.\n",
1114 TALLOC_FREE(dfs_refs);
1115 return NT_STATUS_NOT_FOUND;
1118 ppath++; /* Now pointing at start of server name. */
1120 if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
1121 TALLOC_FREE(dfs_refs);
1122 return NT_STATUS_NOT_FOUND;
1125 ppath++; /* Now pointing at start of share name. */
1127 if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
1128 TALLOC_FREE(dfs_refs);
1129 return NT_STATUS_NOT_FOUND;
1132 ppath++; /* Now pointing at path component. */
1134 newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
1136 TALLOC_FREE(dfs_refs);
1137 return NT_STATUS_NOT_FOUND;
1140 cli_set_mntpoint(*targetcli, newmount);
1142 /* Check for another dfs referral, note that we are not
1143 checking for loops here. */
1145 if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
1146 status = cli_resolve_path(ctx,
1153 if (NT_STATUS_IS_OK(status)) {
1155 * When cli_resolve_path returns true here it's always
1156 * returning the complete path in newpath, so we're done
1159 *targetcli = newcli;
1160 *pp_targetpath = newpath;
1161 TALLOC_FREE(dfs_refs);
1168 if (smbXcli_conn_protocol((*targetcli)->conn) >= PROTOCOL_SMB2_02) {
1169 target_tcon = (*targetcli)->smb2.tcon;
1171 target_tcon = (*targetcli)->smb1.tcon;
1174 /* If returning true ensure we return a dfs root full path. */
1175 if (smbXcli_tcon_is_dfs_share(target_tcon)) {
1176 dfs_path = talloc_strdup(ctx, *pp_targetpath);
1178 TALLOC_FREE(dfs_refs);
1179 return NT_STATUS_NO_MEMORY;
1181 *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
1182 if (*pp_targetpath == NULL) {
1183 TALLOC_FREE(dfs_refs);
1184 return NT_STATUS_NO_MEMORY;
1188 TALLOC_FREE(dfs_refs);
1189 return NT_STATUS_OK;
1192 /********************************************************************
1193 ********************************************************************/
1195 bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
1196 struct cli_state *cli,
1197 const char *sharename,
1198 char **pp_newserver,
1201 struct cli_credentials *creds)
1203 struct client_dfs_referral *refs = NULL;
1204 size_t num_refs = 0;
1205 size_t consumed = 0;
1206 char *fullpath = NULL;
1209 char *newextrapath = NULL;
1211 const char *remote_name;
1213 if (!cli || !sharename) {
1217 remote_name = smbXcli_conn_remote_name(cli->conn);
1218 cnum = cli_state_get_tid(cli);
1220 /* special case. never check for a referral on the IPC$ share */
1222 if (strequal(sharename, "IPC$")) {
1226 /* send a trans2_query_path_info to check for a referral */
1228 fullpath = talloc_asprintf(ctx, "\\%s\\%s", remote_name, sharename);
1233 /* check for the referral */
1235 if (!NT_STATUS_IS_OK(cli_tree_connect(cli, "IPC$", "IPC", NULL))) {
1239 if (force_encrypt) {
1240 status = cli_cm_force_encryption_creds(cli, creds, "IPC$");
1241 if (!NT_STATUS_IS_OK(status)) {
1246 status = cli_dfs_get_referral(ctx, cli, fullpath, &refs,
1247 &num_refs, &consumed);
1248 res = NT_STATUS_IS_OK(status);
1250 status = cli_tdis(cli);
1251 if (!NT_STATUS_IS_OK(status)) {
1255 cli_state_set_tid(cli, cnum);
1257 if (!res || !num_refs) {
1261 if (!refs[0].dfspath) {
1265 if (!split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
1266 pp_newshare, &newextrapath)) {
1270 /* check that this is not a self-referral */
1272 if (strequal(remote_name, *pp_newserver) &&
1273 strequal(sharename, *pp_newshare)) {