2 Unix SMB/Netbios implementation.
4 MSDFS services for Samba
5 Copyright (C) Shirish Kalele 2000
6 Copyright (C) Jeremy Allison 2007
7 Copyright (C) Robin McCorkell 2015
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #define DBGC_CLASS DBGC_MSDFS
26 #include "system/filesys.h"
27 #include "smbd/smbd.h"
28 #include "smbd/globals.h"
31 #include "lib/param/loadparm.h"
32 #include "libcli/security/security.h"
33 #include "librpc/gen_ndr/ndr_dfsblobs.h"
34 #include "lib/tsocket/tsocket.h"
36 /**********************************************************************
37 Parse a DFS pathname of the form \hostname\service\reqpath
38 into the dfs_path structure.
39 If POSIX pathnames is true, the pathname may also be of the
40 form /hostname/service/reqpath.
41 We cope with either here.
43 Unfortunately, due to broken clients who might set the
44 SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES bit and then
45 send a local path, we have to cope with that too....
47 If conn != NULL then ensure the provided service is
48 the one pointed to by the connection.
50 This version does everything using pointers within one copy of the
51 pathname string, talloced on the struct dfs_path pointer (which
52 must be talloced). This may be too clever to live....
54 **********************************************************************/
56 static NTSTATUS parse_dfs_path(connection_struct *conn,
59 bool allow_broken_path,
60 struct dfs_path *pdp, /* MUST BE TALLOCED */
61 bool *ppath_contains_wcard)
67 NTSTATUS status = NT_STATUS_OK;
73 * This is the only talloc we should need to do
74 * on the struct dfs_path. All the pointers inside
75 * it should point to offsets within this string.
78 pathname_local = talloc_strdup(pdp, pathname);
79 if (!pathname_local) {
80 return NT_STATUS_NO_MEMORY;
82 /* Get a pointer to the terminating '\0' */
83 eos_ptr = &pathname_local[strlen(pathname_local)];
84 p = temp = pathname_local;
87 * Non-broken DFS paths *must* start with the
88 * path separator. For Windows this is always '\\',
89 * for posix paths this is always '/'.
92 if (*pathname == '/') {
93 pdp->posix_path = true;
96 pdp->posix_path = false;
100 if (allow_broken_path && (*pathname != sepchar)) {
101 DEBUG(10,("parse_dfs_path: path %s doesn't start with %c\n",
102 pathname, sepchar ));
104 * Possibly client sent a local path by mistake.
105 * Try and convert to a local path.
106 * Note that this is an SMB1-only fallback
107 * to cope with known broken SMB1 clients.
110 pdp->hostname = eos_ptr; /* "" */
111 pdp->servicename = eos_ptr; /* "" */
113 /* We've got no info about separators. */
114 pdp->posix_path = lp_posix_pathnames();
116 DEBUG(10,("parse_dfs_path: trying to convert %s to a "
123 * Safe to use on talloc'ed string as it only shrinks.
124 * It also doesn't affect the eos_ptr.
126 trim_char(temp,sepchar,sepchar);
128 DEBUG(10,("parse_dfs_path: temp = |%s| after trimming %c's\n",
132 /* Parse out hostname. */
133 p = strchr_m(temp,sepchar);
135 DEBUG(10,("parse_dfs_path: can't parse hostname from path %s\n",
138 * Possibly client sent a local path by mistake.
139 * Try and convert to a local path.
142 pdp->hostname = eos_ptr; /* "" */
143 pdp->servicename = eos_ptr; /* "" */
146 DEBUG(10,("parse_dfs_path: trying to convert %s "
152 pdp->hostname = temp;
154 DEBUG(10,("parse_dfs_path: hostname: %s\n",pdp->hostname));
156 /* Parse out servicename. */
158 p = strchr_m(servicename,sepchar);
163 /* Is this really our servicename ? */
164 if (conn && !( strequal(servicename, lp_servicename(talloc_tos(), SNUM(conn)))
165 || (strequal(servicename, HOMES_NAME)
166 && strequal(lp_servicename(talloc_tos(), SNUM(conn)),
167 get_current_username()) )) ) {
168 DEBUG(10,("parse_dfs_path: %s is not our servicename\n",
172 * Possibly client sent a local path by mistake.
173 * Try and convert to a local path.
176 pdp->hostname = eos_ptr; /* "" */
177 pdp->servicename = eos_ptr; /* "" */
179 /* Repair the path - replace the sepchar's
182 *servicename = sepchar;
188 DEBUG(10,("parse_dfs_path: trying to convert %s "
194 pdp->servicename = servicename;
196 DEBUG(10,("parse_dfs_path: servicename: %s\n",pdp->servicename));
199 /* Client sent self referral \server\share. */
200 pdp->reqpath = eos_ptr; /* "" */
208 *ppath_contains_wcard = False;
212 /* Rest is reqpath. */
213 if (pdp->posix_path) {
214 status = check_path_syntax_posix(pdp->reqpath);
217 status = check_path_syntax_wcard(pdp->reqpath,
218 ppath_contains_wcard);
220 status = check_path_syntax(pdp->reqpath);
224 if (!NT_STATUS_IS_OK(status)) {
225 DEBUG(10,("parse_dfs_path: '%s' failed with %s\n",
226 p, nt_errstr(status) ));
230 DEBUG(10,("parse_dfs_path: rest of the path: %s\n",pdp->reqpath));
234 /********************************************************
235 Fake up a connection struct for the VFS layer, for use in
236 applications (such as the python bindings), that do not want the
237 global working directory changed under them.
239 SMB_VFS_CONNECT requires root privileges.
240 *********************************************************/
242 static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
243 struct tevent_context *ev,
244 struct messaging_context *msg,
245 connection_struct **pconn,
248 const struct auth_session_info *session_info)
250 connection_struct *conn;
252 const char *vfs_user;
253 struct smbd_server_connection *sconn;
254 const char *servicename = lp_const_servicename(snum);
256 sconn = talloc_zero(ctx, struct smbd_server_connection);
258 return NT_STATUS_NO_MEMORY;
262 sconn->msg_ctx = msg;
264 conn = conn_new(sconn);
267 return NT_STATUS_NO_MEMORY;
270 /* Now we have conn, we need to make sconn a child of conn,
271 * for a proper talloc tree */
272 talloc_steal(conn, sconn);
274 if (snum == -1 && servicename == NULL) {
275 servicename = "Unknown Service (snum == -1)";
278 connpath = talloc_strdup(conn, path);
281 return NT_STATUS_NO_MEMORY;
283 connpath = talloc_string_sub(conn,
289 return NT_STATUS_NO_MEMORY;
292 /* needed for smbd_vfs_init() */
294 conn->params->service = snum;
295 conn->cnum = TID_FIELD_INVALID;
297 if (session_info != NULL) {
298 conn->session_info = copy_session_info(conn, session_info);
299 if (conn->session_info == NULL) {
300 DEBUG(0, ("copy_serverinfo failed\n"));
302 return NT_STATUS_NO_MEMORY;
304 vfs_user = conn->session_info->unix_info->unix_name;
306 /* use current authenticated user in absence of session_info */
307 vfs_user = get_current_username();
310 set_conn_connectpath(conn, connpath);
313 * New code to check if there's a share security descriptor
314 * added from NT server manager. This is done after the
315 * smb.conf checks are done as we need a uid and token. JRA.
318 if (conn->session_info) {
319 share_access_check(conn->session_info->security_token,
321 MAXIMUM_ALLOWED_ACCESS,
322 &conn->share_access);
324 if ((conn->share_access & FILE_WRITE_DATA) == 0) {
325 if ((conn->share_access & FILE_READ_DATA) == 0) {
326 /* No access, read or write. */
327 DEBUG(3,("create_conn_struct: connection to %s "
328 "denied due to security "
332 return NT_STATUS_ACCESS_DENIED;
334 conn->read_only = true;
338 conn->share_access = 0;
339 conn->read_only = true;
342 if (!smbd_vfs_init(conn)) {
343 NTSTATUS status = map_nt_error_from_unix(errno);
344 DEBUG(0,("create_conn_struct: smbd_vfs_init failed.\n"));
349 /* this must be the first filesystem operation that we do */
350 if (SMB_VFS_CONNECT(conn, servicename, vfs_user) < 0) {
351 DEBUG(0,("VFS connect failed!\n"));
353 return NT_STATUS_UNSUCCESSFUL;
356 conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
362 /********************************************************
363 Fake up a connection struct for the VFS layer, for use in
364 applications (such as the python bindings), that do not want the
365 global working directory changed under them.
367 SMB_VFS_CONNECT requires root privileges.
368 *********************************************************/
370 NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
371 struct tevent_context *ev,
372 struct messaging_context *msg,
373 connection_struct **pconn,
376 const struct auth_session_info *session_info)
380 status = create_conn_struct_as_root(ctx, ev,
389 /********************************************************
390 Fake up a connection struct for the VFS layer.
391 Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
393 The old working directory is returned on *poldcwd, allocated on ctx.
394 *********************************************************/
396 NTSTATUS create_conn_struct_cwd(TALLOC_CTX *ctx,
397 struct tevent_context *ev,
398 struct messaging_context *msg,
399 connection_struct **pconn,
402 const struct auth_session_info *session_info,
405 connection_struct *conn;
408 NTSTATUS status = create_conn_struct(ctx, ev,
412 if (!NT_STATUS_IS_OK(status)) {
417 * Windows seems to insist on doing trans2getdfsreferral() calls on
418 * the IPC$ share as the anonymous user. If we try to chdir as that
419 * user we will fail.... WTF ? JRA.
422 oldcwd = vfs_GetWd(ctx, conn);
423 if (oldcwd == NULL) {
424 status = map_nt_error_from_unix(errno);
425 DEBUG(3, ("vfs_GetWd failed: %s\n", strerror(errno)));
430 if (vfs_ChDir(conn,conn->connectpath) != 0) {
431 status = map_nt_error_from_unix(errno);
432 DEBUG(3,("create_conn_struct: Can't ChDir to new conn path %s. "
434 conn->connectpath, strerror(errno) ));
445 static void shuffle_strlist(char **list, int count)
451 for (i = count; i > 1; i--) {
452 r = generate_random() % i;
460 /**********************************************************************
461 Parse the contents of a symlink to verify if it is an msdfs referral
462 A valid referral is of the form:
464 msdfs:server1\share1,server2\share2
465 msdfs:server1\share1\pathname,server2\share2\pathname
466 msdfs:server1/share1,server2/share2
467 msdfs:server1/share1/pathname,server2/share2/pathname.
469 Note that the alternate paths returned here must be of the canonicalized
473 \server\share\path\to\file,
475 even in posix path mode. This is because we have no knowledge if the
476 server we're referring to understands posix paths.
477 **********************************************************************/
479 static bool parse_msdfs_symlink(TALLOC_CTX *ctx,
482 struct referral **preflist,
487 char **alt_path = NULL;
489 struct referral *reflist;
492 temp = talloc_strdup(ctx, target);
496 prot = strtok_r(temp, ":", &saveptr);
498 DEBUG(0,("parse_msdfs_symlink: invalid path !\n"));
502 alt_path = talloc_array(ctx, char *, MAX_REFERRAL_COUNT);
507 /* parse out the alternate paths */
508 while((count<MAX_REFERRAL_COUNT) &&
509 ((alt_path[count] = strtok_r(NULL, ",", &saveptr)) != NULL)) {
513 /* shuffle alternate paths */
514 if (lp_msdfs_shuffle_referrals(snum)) {
515 shuffle_strlist(alt_path, count);
518 DEBUG(10,("parse_msdfs_symlink: count=%d\n", count));
521 reflist = *preflist = talloc_zero_array(ctx,
522 struct referral, count);
523 if(reflist == NULL) {
524 TALLOC_FREE(alt_path);
528 reflist = *preflist = NULL;
531 for(i=0;i<count;i++) {
534 /* Canonicalize link target.
535 * Replace all /'s in the path by a \ */
536 string_replace(alt_path[i], '/', '\\');
538 /* Remove leading '\\'s */
540 while (*p && (*p == '\\')) {
544 reflist[i].alternate_path = talloc_asprintf(ctx,
547 if (!reflist[i].alternate_path) {
551 reflist[i].proximity = 0;
552 reflist[i].ttl = REFERRAL_TTL;
553 DEBUG(10, ("parse_msdfs_symlink: Created alt path: %s\n",
554 reflist[i].alternate_path));
559 TALLOC_FREE(alt_path);
563 /**********************************************************************
564 Returns true if the unix path is a valid msdfs symlink and also
565 returns the target string from inside the link.
566 **********************************************************************/
568 static bool is_msdfs_link_internal(TALLOC_CTX *ctx,
569 connection_struct *conn,
570 struct smb_filename *smb_fname,
571 char **pp_link_target)
573 int referral_len = 0;
574 #if defined(HAVE_BROKEN_READLINK)
575 char link_target_buf[PATH_MAX];
577 char link_target_buf[7];
580 char *link_target = NULL;
582 if (pp_link_target) {
584 link_target = talloc_array(ctx, char, bufsize);
588 *pp_link_target = link_target;
590 bufsize = sizeof(link_target_buf);
591 link_target = link_target_buf;
594 if (SMB_VFS_LSTAT(conn, smb_fname) != 0) {
595 DEBUG(5,("is_msdfs_link_read_target: %s does not exist.\n",
596 smb_fname->base_name));
599 if (!S_ISLNK(smb_fname->st.st_ex_mode)) {
600 DEBUG(5,("is_msdfs_link_read_target: %s is not a link.\n",
601 smb_fname->base_name));
605 referral_len = SMB_VFS_READLINK(conn, smb_fname,
606 link_target, bufsize - 1);
607 if (referral_len == -1) {
608 DEBUG(0,("is_msdfs_link_read_target: Error reading "
609 "msdfs link %s: %s\n",
610 smb_fname->base_name, strerror(errno)));
613 link_target[referral_len] = '\0';
615 DEBUG(5,("is_msdfs_link_internal: %s -> %s\n", smb_fname->base_name,
618 if (!strnequal(link_target, "msdfs:", 6)) {
625 if (link_target != link_target_buf) {
626 TALLOC_FREE(link_target);
631 /**********************************************************************
632 Returns true if the unix path is a valid msdfs symlink.
633 **********************************************************************/
635 bool is_msdfs_link(connection_struct *conn,
636 struct smb_filename *smb_fname)
638 return is_msdfs_link_internal(talloc_tos(),
644 /*****************************************************************
645 Used by other functions to decide if a dfs path is remote,
646 and to get the list of referred locations for that remote path.
648 search_flag: For findfirsts, dfs links themselves are not
649 redirected, but paths beyond the links are. For normal smb calls,
650 even dfs links need to be redirected.
652 consumedcntp: how much of the dfs path is being redirected. the client
653 should try the remaining path on the redirected server.
655 If this returns NT_STATUS_PATH_NOT_COVERED the contents of the msdfs
656 link redirect are in targetpath.
657 *****************************************************************/
659 static NTSTATUS dfs_path_lookup(TALLOC_CTX *ctx,
660 connection_struct *conn,
661 const char *dfspath, /* Incoming complete dfs path */
662 const struct dfs_path *pdp, /* Parsed out
663 server+share+extrapath. */
666 char **pp_targetpath)
671 struct smb_filename *smb_fname = NULL;
672 char *canon_dfspath = NULL; /* Canonicalized dfs path. (only '/'
675 DEBUG(10,("dfs_path_lookup: Conn path = %s reqpath = %s\n",
676 conn->connectpath, pdp->reqpath));
679 * Note the unix path conversion here we're doing we
680 * throw away. We're looking for a symlink for a dfs
681 * resolution, if we don't find it we'll do another
682 * unix_convert later in the codepath.
685 status = unix_convert(ctx, conn, pdp->reqpath, &smb_fname,
688 if (!NT_STATUS_IS_OK(status)) {
689 if (!NT_STATUS_EQUAL(status,
690 NT_STATUS_OBJECT_PATH_NOT_FOUND)) {
693 if (smb_fname == NULL || smb_fname->base_name == NULL) {
698 /* Optimization - check if we can redirect the whole path. */
700 if (is_msdfs_link_internal(ctx, conn, smb_fname, pp_targetpath)) {
701 /* XX_ALLOW_WCARD_XXX is called from search functions. */
703 (UCF_COND_ALLOW_WCARD_LCOMP|
704 UCF_ALWAYS_ALLOW_WCARD_LCOMP)) {
705 DEBUG(6,("dfs_path_lookup (FindFirst) No redirection "
706 "for dfs link %s.\n", dfspath));
707 status = NT_STATUS_OK;
711 DEBUG(6,("dfs_path_lookup: %s resolves to a "
712 "valid dfs link %s.\n", dfspath,
713 pp_targetpath ? *pp_targetpath : ""));
716 *consumedcntp = strlen(dfspath);
718 status = NT_STATUS_PATH_NOT_COVERED;
722 /* Prepare to test only for '/' components in the given path,
723 * so if a Windows path replace all '\\' characters with '/'.
724 * For a POSIX DFS path we know all separators are already '/'. */
726 canon_dfspath = talloc_strdup(ctx, dfspath);
727 if (!canon_dfspath) {
728 status = NT_STATUS_NO_MEMORY;
731 if (!pdp->posix_path) {
732 string_replace(canon_dfspath, '\\', '/');
736 * localpath comes out of unix_convert, so it has
737 * no trailing backslash. Make sure that canon_dfspath hasn't either.
738 * Fix for bug #4860 from Jan Martin <Jan.Martin@rwedea.com>.
741 trim_char(canon_dfspath,0,'/');
744 * Redirect if any component in the path is a link.
745 * We do this by walking backwards through the
746 * local path, chopping off the last component
747 * in both the local path and the canonicalized
748 * DFS path. If we hit a DFS link then we're done.
751 p = strrchr_m(smb_fname->base_name, '/');
753 q = strrchr_m(canon_dfspath, '/');
762 if (is_msdfs_link_internal(ctx, conn,
763 smb_fname, pp_targetpath)) {
764 DEBUG(4, ("dfs_path_lookup: Redirecting %s because "
765 "parent %s is dfs link\n", dfspath,
766 smb_fname_str_dbg(smb_fname)));
769 *consumedcntp = strlen(canon_dfspath);
770 DEBUG(10, ("dfs_path_lookup: Path consumed: %s "
776 status = NT_STATUS_PATH_NOT_COVERED;
780 /* Step back on the filesystem. */
781 p = strrchr_m(smb_fname->base_name, '/');
784 /* And in the canonicalized dfs path. */
785 q = strrchr_m(canon_dfspath, '/');
789 status = NT_STATUS_OK;
791 TALLOC_FREE(smb_fname);
795 /*****************************************************************
796 Decides if a dfs pathname should be redirected or not.
797 If not, the pathname is converted to a tcon-relative local unix path
799 search_wcard_flag: this flag performs 2 functions both related
800 to searches. See resolve_dfs_path() and parse_dfs_path_XX()
803 This function can return NT_STATUS_OK, meaning use the returned path as-is
804 (mapped into a local path).
805 or NT_STATUS_NOT_COVERED meaning return a DFS redirect, or
806 any other NT_STATUS error which is a genuine error to be
807 returned to the client.
808 *****************************************************************/
810 static NTSTATUS dfs_redirect(TALLOC_CTX *ctx,
811 connection_struct *conn,
814 bool allow_broken_path,
816 bool *ppath_contains_wcard)
819 bool search_wcard_flag = (ucf_flags &
820 (UCF_COND_ALLOW_WCARD_LCOMP|UCF_ALWAYS_ALLOW_WCARD_LCOMP));
821 struct dfs_path *pdp = talloc(ctx, struct dfs_path);
824 return NT_STATUS_NO_MEMORY;
827 status = parse_dfs_path(conn, path_in, search_wcard_flag,
828 allow_broken_path, pdp,
829 ppath_contains_wcard);
830 if (!NT_STATUS_IS_OK(status)) {
835 if (pdp->reqpath[0] == '\0') {
837 *pp_path_out = talloc_strdup(ctx, "");
839 return NT_STATUS_NO_MEMORY;
841 DEBUG(5,("dfs_redirect: self-referral.\n"));
845 /* If dfs pathname for a non-dfs share, convert to tcon-relative
846 path and return OK */
848 if (!lp_msdfs_root(SNUM(conn))) {
849 *pp_path_out = talloc_strdup(ctx, pdp->reqpath);
852 return NT_STATUS_NO_MEMORY;
857 /* If it looked like a local path (zero hostname/servicename)
858 * just treat as a tcon-relative path. */
860 if (pdp->hostname[0] == '\0' && pdp->servicename[0] == '\0') {
861 *pp_path_out = talloc_strdup(ctx, pdp->reqpath);
864 return NT_STATUS_NO_MEMORY;
869 if (!( strequal(pdp->servicename, lp_servicename(talloc_tos(), SNUM(conn)))
870 || (strequal(pdp->servicename, HOMES_NAME)
871 && strequal(lp_servicename(talloc_tos(), SNUM(conn)),
872 conn->session_info->unix_info->sanitized_username) )) ) {
874 /* The given sharename doesn't match this connection. */
877 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
880 status = dfs_path_lookup(ctx, conn, path_in, pdp,
881 ucf_flags, NULL, NULL);
882 if (!NT_STATUS_IS_OK(status)) {
883 if (NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
884 DEBUG(3,("dfs_redirect: Redirecting %s\n", path_in));
886 DEBUG(10,("dfs_redirect: dfs_path_lookup "
887 "failed for %s with %s\n",
888 path_in, nt_errstr(status) ));
893 DEBUG(3,("dfs_redirect: Not redirecting %s.\n", path_in));
895 /* Form non-dfs tcon-relative path */
896 *pp_path_out = talloc_strdup(ctx, pdp->reqpath);
899 return NT_STATUS_NO_MEMORY;
902 DEBUG(3,("dfs_redirect: Path %s converted to non-dfs path %s\n",
909 /**********************************************************************
910 Return a self referral.
911 **********************************************************************/
913 static NTSTATUS self_ref(TALLOC_CTX *ctx,
914 const char *dfs_path,
915 struct junction_map *jucn,
917 bool *self_referralp)
919 struct referral *ref;
921 *self_referralp = True;
923 jucn->referral_count = 1;
924 if((ref = talloc_zero(ctx, struct referral)) == NULL) {
925 return NT_STATUS_NO_MEMORY;
928 ref->alternate_path = talloc_strdup(ctx, dfs_path);
929 if (!ref->alternate_path) {
931 return NT_STATUS_NO_MEMORY;
934 ref->ttl = REFERRAL_TTL;
935 jucn->referral_list = ref;
936 *consumedcntp = strlen(dfs_path);
940 /**********************************************************************
941 Gets valid referrals for a dfs path and fills up the
942 junction_map structure.
943 **********************************************************************/
945 NTSTATUS get_referred_path(TALLOC_CTX *ctx,
946 const char *dfs_path,
947 const struct tsocket_address *remote_address,
948 const struct tsocket_address *local_address,
949 bool allow_broken_path,
950 struct junction_map *jucn,
952 bool *self_referralp)
954 struct connection_struct *conn;
955 char *targetpath = NULL;
957 NTSTATUS status = NT_STATUS_NOT_FOUND;
959 struct dfs_path *pdp = talloc(ctx, struct dfs_path);
963 return NT_STATUS_NO_MEMORY;
966 *self_referralp = False;
968 status = parse_dfs_path(NULL, dfs_path, False, allow_broken_path,
970 if (!NT_STATUS_IS_OK(status)) {
974 jucn->service_name = talloc_strdup(ctx, pdp->servicename);
975 jucn->volume_name = talloc_strdup(ctx, pdp->reqpath);
976 if (!jucn->service_name || !jucn->volume_name) {
978 return NT_STATUS_NO_MEMORY;
981 /* Verify the share is a dfs root */
982 snum = lp_servicenumber(jucn->service_name);
984 char *service_name = NULL;
985 if ((snum = find_service(ctx, jucn->service_name, &service_name)) < 0) {
986 return NT_STATUS_NOT_FOUND;
989 return NT_STATUS_NO_MEMORY;
991 TALLOC_FREE(jucn->service_name);
992 jucn->service_name = talloc_strdup(ctx, service_name);
993 if (!jucn->service_name) {
995 return NT_STATUS_NO_MEMORY;
999 if (!lp_msdfs_root(snum) && (*lp_msdfs_proxy(talloc_tos(), snum) == '\0')) {
1000 DEBUG(3,("get_referred_path: |%s| in dfs path %s is not "
1002 pdp->servicename, dfs_path));
1004 return NT_STATUS_NOT_FOUND;
1008 * Self referrals are tested with a anonymous IPC connection and
1009 * a GET_DFS_REFERRAL call to \\server\share. (which means
1010 * dp.reqpath[0] points to an empty string). create_conn_struct cd's
1011 * into the directory and will fail if it cannot (as the anonymous
1012 * user). Cope with this.
1015 if (pdp->reqpath[0] == '\0') {
1017 struct referral *ref;
1020 if (*lp_msdfs_proxy(talloc_tos(), snum) == '\0') {
1022 return self_ref(ctx,
1030 * It's an msdfs proxy share. Redirect to
1031 * the configured target share.
1034 tmp = talloc_asprintf(talloc_tos(), "msdfs:%s",
1035 lp_msdfs_proxy(talloc_tos(), snum));
1038 return NT_STATUS_NO_MEMORY;
1041 if (!parse_msdfs_symlink(ctx, snum, tmp, &ref, &refcount)) {
1044 return NT_STATUS_INVALID_PARAMETER;
1047 jucn->referral_count = refcount;
1048 jucn->referral_list = ref;
1049 *consumedcntp = strlen(dfs_path);
1051 return NT_STATUS_OK;
1054 status = create_conn_struct_cwd(ctx,
1055 server_event_context(),
1056 server_messaging_context(),
1058 lp_path(talloc_tos(), snum), NULL, &oldpath);
1059 if (!NT_STATUS_IS_OK(status)) {
1067 * The remote and local address should be passed down to
1068 * create_conn_struct_cwd.
1070 if (conn->sconn->remote_address == NULL) {
1071 conn->sconn->remote_address =
1072 tsocket_address_copy(remote_address, conn->sconn);
1073 if (conn->sconn->remote_address == NULL) {
1075 return NT_STATUS_NO_MEMORY;
1078 if (conn->sconn->local_address == NULL) {
1079 conn->sconn->local_address =
1080 tsocket_address_copy(local_address, conn->sconn);
1081 if (conn->sconn->local_address == NULL) {
1083 return NT_STATUS_NO_MEMORY;
1087 /* If this is a DFS path dfs_lookup should return
1088 * NT_STATUS_PATH_NOT_COVERED. */
1090 status = dfs_path_lookup(ctx, conn, dfs_path, pdp,
1091 0, consumedcntp, &targetpath);
1093 if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
1094 DEBUG(3,("get_referred_path: No valid referrals for path %s\n",
1096 if (NT_STATUS_IS_OK(status)) {
1098 * We are in an error path here (we
1099 * know it's not a DFS path), but
1100 * dfs_path_lookup() can return
1101 * NT_STATUS_OK. Ensure we always
1102 * return a valid error code.
1104 * #9588 - ACLs are not inherited to directories
1107 status = NT_STATUS_NOT_FOUND;
1112 /* We know this is a valid dfs link. Parse the targetpath. */
1113 if (!parse_msdfs_symlink(ctx, snum, targetpath,
1114 &jucn->referral_list,
1115 &jucn->referral_count)) {
1116 DEBUG(3,("get_referred_path: failed to parse symlink "
1117 "target %s\n", targetpath ));
1118 status = NT_STATUS_NOT_FOUND;
1122 status = NT_STATUS_OK;
1124 vfs_ChDir(conn, oldpath);
1125 SMB_VFS_DISCONNECT(conn);
1131 /******************************************************************
1132 Set up the DFS referral for the dfs pathname. This call returns
1133 the amount of the path covered by this server, and where the
1134 client should be redirected to. This is the meat of the
1135 TRANS2_GET_DFS_REFERRAL call.
1136 ******************************************************************/
1138 int setup_dfs_referral(connection_struct *orig_conn,
1139 const char *dfs_path,
1140 int max_referral_level,
1141 char **ppdata, NTSTATUS *pstatus)
1143 char *pdata = *ppdata;
1145 struct dfs_GetDFSReferral *r;
1146 DATA_BLOB blob = data_blob_null;
1148 enum ndr_err_code ndr_err;
1150 r = talloc_zero(talloc_tos(), struct dfs_GetDFSReferral);
1152 *pstatus = NT_STATUS_NO_MEMORY;
1156 r->in.req.max_referral_level = max_referral_level;
1157 r->in.req.servername = talloc_strdup(r, dfs_path);
1158 if (r->in.req.servername == NULL) {
1160 *pstatus = NT_STATUS_NO_MEMORY;
1164 status = SMB_VFS_GET_DFS_REFERRALS(orig_conn, r);
1165 if (!NT_STATUS_IS_OK(status)) {
1171 ndr_err = ndr_push_struct_blob(&blob, r,
1173 (ndr_push_flags_fn_t)ndr_push_dfs_referral_resp);
1174 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1176 *pstatus = NT_STATUS_INVALID_PARAMETER;
1180 pdata = (char *)SMB_REALLOC(pdata, blob.length);
1183 DEBUG(0,("referral setup:"
1184 "malloc failed for Realloc!\n"));
1188 reply_size = blob.length;
1189 memcpy(pdata, blob.data, blob.length);
1192 *pstatus = NT_STATUS_OK;
1196 /**********************************************************************
1197 The following functions are called by the NETDFS RPC pipe functions
1198 **********************************************************************/
1200 /*********************************************************************
1201 Creates a junction structure from a DFS pathname
1202 **********************************************************************/
1204 bool create_junction(TALLOC_CTX *ctx,
1205 const char *dfs_path,
1206 bool allow_broken_path,
1207 struct junction_map *jucn)
1211 struct dfs_path *pdp = talloc(ctx,struct dfs_path);
1217 status = parse_dfs_path(NULL, dfs_path, False, allow_broken_path,
1219 if (!NT_STATUS_IS_OK(status)) {
1223 /* check if path is dfs : validate first token */
1224 if (!is_myname_or_ipaddr(pdp->hostname)) {
1225 DEBUG(4,("create_junction: Invalid hostname %s "
1227 pdp->hostname, dfs_path));
1232 /* Check for a non-DFS share */
1233 snum = lp_servicenumber(pdp->servicename);
1235 if(snum < 0 || !lp_msdfs_root(snum)) {
1236 DEBUG(4,("create_junction: %s is not an msdfs root.\n",
1242 jucn->service_name = talloc_strdup(ctx, pdp->servicename);
1243 jucn->volume_name = talloc_strdup(ctx, pdp->reqpath);
1244 jucn->comment = lp_comment(ctx, snum);
1247 if (!jucn->service_name || !jucn->volume_name || ! jucn->comment) {
1253 /**********************************************************************
1254 Forms a valid Unix pathname from the junction
1255 **********************************************************************/
1257 static bool junction_to_local_path(const struct junction_map *jucn,
1259 connection_struct **conn_out,
1265 snum = lp_servicenumber(jucn->service_name);
1269 status = create_conn_struct_cwd(talloc_tos(),
1270 server_event_context(),
1271 server_messaging_context(),
1273 snum, lp_path(talloc_tos(), snum), NULL, oldpath);
1274 if (!NT_STATUS_IS_OK(status)) {
1278 *pp_path_out = talloc_asprintf(*conn_out,
1280 lp_path(talloc_tos(), snum),
1282 if (!*pp_path_out) {
1283 vfs_ChDir(*conn_out, *oldpath);
1284 SMB_VFS_DISCONNECT(*conn_out);
1285 conn_free(*conn_out);
1291 bool create_msdfs_link(const struct junction_map *jucn)
1295 char *msdfs_link = NULL;
1296 connection_struct *conn;
1298 bool insert_comma = False;
1300 struct smb_filename *smb_fname = NULL;
1302 if(!junction_to_local_path(jucn, &path, &conn, &cwd)) {
1306 /* Form the msdfs_link contents */
1307 msdfs_link = talloc_strdup(conn, "msdfs:");
1311 for(i=0; i<jucn->referral_count; i++) {
1312 char *refpath = jucn->referral_list[i].alternate_path;
1314 /* Alternate paths always use Windows separators. */
1315 trim_char(refpath, '\\', '\\');
1316 if(*refpath == '\0') {
1318 insert_comma = False;
1322 if (i > 0 && insert_comma) {
1323 msdfs_link = talloc_asprintf_append_buffer(msdfs_link,
1327 msdfs_link = talloc_asprintf_append_buffer(msdfs_link,
1335 if (!insert_comma) {
1336 insert_comma = True;
1340 DEBUG(5,("create_msdfs_link: Creating new msdfs link: %s -> %s\n",
1343 smb_fname = synthetic_smb_fname(talloc_tos(),
1348 if (smb_fname == NULL) {
1353 if(SMB_VFS_SYMLINK(conn, msdfs_link, smb_fname) < 0) {
1354 if (errno == EEXIST) {
1355 if(SMB_VFS_UNLINK(conn, smb_fname)!=0) {
1356 TALLOC_FREE(smb_fname);
1360 if (SMB_VFS_SYMLINK(conn, msdfs_link, smb_fname) < 0) {
1361 DEBUG(1,("create_msdfs_link: symlink failed "
1362 "%s -> %s\nError: %s\n",
1363 path, msdfs_link, strerror(errno)));
1371 TALLOC_FREE(smb_fname);
1372 vfs_ChDir(conn, cwd);
1373 SMB_VFS_DISCONNECT(conn);
1378 bool remove_msdfs_link(const struct junction_map *jucn)
1382 connection_struct *conn;
1384 struct smb_filename *smb_fname;
1386 if (!junction_to_local_path(jucn, &path, &conn, &cwd)) {
1390 smb_fname = synthetic_smb_fname(talloc_tos(),
1395 if (smb_fname == NULL) {
1400 if( SMB_VFS_UNLINK(conn, smb_fname) == 0 ) {
1404 TALLOC_FREE(smb_fname);
1405 vfs_ChDir(conn, cwd);
1406 SMB_VFS_DISCONNECT(conn);
1411 /*********************************************************************
1412 Return the number of DFS links at the root of this share.
1413 *********************************************************************/
1415 static int count_dfs_links(TALLOC_CTX *ctx, int snum)
1419 const char *dname = NULL;
1420 char *talloced = NULL;
1421 const char *connect_path = lp_path(talloc_tos(), snum);
1422 const char *msdfs_proxy = lp_msdfs_proxy(talloc_tos(), snum);
1423 connection_struct *conn;
1426 struct smb_filename *smb_fname = NULL;
1428 if(*connect_path == '\0') {
1433 * Fake up a connection struct for the VFS layer.
1436 status = create_conn_struct_cwd(talloc_tos(),
1437 server_event_context(),
1438 server_messaging_context(),
1440 snum, connect_path, NULL, &cwd);
1441 if (!NT_STATUS_IS_OK(status)) {
1442 DEBUG(3, ("create_conn_struct failed: %s\n",
1443 nt_errstr(status)));
1447 /* Count a link for the msdfs root - convention */
1450 /* No more links if this is an msdfs proxy. */
1451 if (*msdfs_proxy != '\0') {
1455 smb_fname = synthetic_smb_fname(talloc_tos(),
1460 if (smb_fname == NULL) {
1464 /* Now enumerate all dfs links */
1465 dirp = SMB_VFS_OPENDIR(conn, smb_fname, NULL, 0);
1470 while ((dname = vfs_readdirname(conn, dirp, NULL, &talloced))
1472 struct smb_filename *smb_dname =
1473 synthetic_smb_fname(talloc_tos(),
1478 if (smb_dname == NULL) {
1481 if (is_msdfs_link(conn, smb_dname)) {
1484 TALLOC_FREE(talloced);
1485 TALLOC_FREE(smb_dname);
1488 SMB_VFS_CLOSEDIR(conn,dirp);
1491 TALLOC_FREE(smb_fname);
1492 vfs_ChDir(conn, cwd);
1493 SMB_VFS_DISCONNECT(conn);
1498 /*********************************************************************
1499 *********************************************************************/
1501 static int form_junctions(TALLOC_CTX *ctx,
1503 struct junction_map *jucn,
1508 const char *dname = NULL;
1509 char *talloced = NULL;
1510 const char *connect_path = lp_path(talloc_tos(), snum);
1511 char *service_name = lp_servicename(talloc_tos(), snum);
1512 const char *msdfs_proxy = lp_msdfs_proxy(talloc_tos(), snum);
1513 connection_struct *conn;
1514 struct referral *ref = NULL;
1516 struct smb_filename *smb_fname = NULL;
1519 if (jn_remain == 0) {
1523 if(*connect_path == '\0') {
1528 * Fake up a connection struct for the VFS layer.
1531 status = create_conn_struct_cwd(ctx,
1532 server_event_context(),
1533 server_messaging_context(),
1534 &conn, snum, connect_path, NULL,
1536 if (!NT_STATUS_IS_OK(status)) {
1537 DEBUG(3, ("create_conn_struct failed: %s\n",
1538 nt_errstr(status)));
1542 /* form a junction for the msdfs root - convention
1543 DO NOT REMOVE THIS: NT clients will not work with us
1544 if this is not present
1546 jucn[cnt].service_name = talloc_strdup(ctx,service_name);
1547 jucn[cnt].volume_name = talloc_strdup(ctx, "");
1548 if (!jucn[cnt].service_name || !jucn[cnt].volume_name) {
1551 jucn[cnt].comment = "";
1552 jucn[cnt].referral_count = 1;
1554 ref = jucn[cnt].referral_list = talloc_zero(ctx, struct referral);
1555 if (jucn[cnt].referral_list == NULL) {
1560 ref->ttl = REFERRAL_TTL;
1561 if (*msdfs_proxy != '\0') {
1562 ref->alternate_path = talloc_strdup(ctx,
1565 ref->alternate_path = talloc_asprintf(ctx,
1567 get_local_machine_name(),
1571 if (!ref->alternate_path) {
1576 /* Don't enumerate if we're an msdfs proxy. */
1577 if (*msdfs_proxy != '\0') {
1581 smb_fname = synthetic_smb_fname(talloc_tos(),
1586 if (smb_fname == NULL) {
1590 /* Now enumerate all dfs links */
1591 dirp = SMB_VFS_OPENDIR(conn, smb_fname, NULL, 0);
1596 while ((dname = vfs_readdirname(conn, dirp, NULL, &talloced))
1598 char *link_target = NULL;
1599 struct smb_filename *smb_dname = NULL;
1601 if (cnt >= jn_remain) {
1602 DEBUG(2, ("form_junctions: ran out of MSDFS "
1604 TALLOC_FREE(talloced);
1607 smb_dname = synthetic_smb_fname(talloc_tos(),
1612 if (smb_dname == NULL) {
1613 TALLOC_FREE(talloced);
1616 if (is_msdfs_link_internal(ctx,
1618 smb_dname, &link_target)) {
1619 if (parse_msdfs_symlink(ctx, snum,
1621 &jucn[cnt].referral_list,
1622 &jucn[cnt].referral_count)) {
1624 jucn[cnt].service_name = talloc_strdup(ctx,
1626 jucn[cnt].volume_name = talloc_strdup(ctx,
1628 if (!jucn[cnt].service_name ||
1629 !jucn[cnt].volume_name) {
1630 TALLOC_FREE(talloced);
1633 jucn[cnt].comment = "";
1636 TALLOC_FREE(link_target);
1638 TALLOC_FREE(talloced);
1639 TALLOC_FREE(smb_dname);
1645 SMB_VFS_CLOSEDIR(conn,dirp);
1648 TALLOC_FREE(smb_fname);
1649 vfs_ChDir(conn, cwd);
1654 struct junction_map *enum_msdfs_links(TALLOC_CTX *ctx, size_t *p_num_jn)
1656 struct junction_map *jn = NULL;
1658 size_t jn_count = 0;
1662 if(!lp_host_msdfs()) {
1666 /* Ensure all the usershares are loaded. */
1668 load_registry_shares();
1669 sharecount = load_usershare_shares(NULL, connections_snum_used);
1672 for(i=0;i < sharecount;i++) {
1673 if(lp_msdfs_root(i)) {
1674 jn_count += count_dfs_links(ctx, i);
1677 if (jn_count == 0) {
1680 jn = talloc_array(ctx, struct junction_map, jn_count);
1684 for(i=0; i < sharecount; i++) {
1685 if (*p_num_jn >= jn_count) {
1688 if(lp_msdfs_root(i)) {
1689 *p_num_jn += form_junctions(ctx, i,
1691 jn_count - *p_num_jn);
1697 /******************************************************************************
1698 Core function to resolve a dfs pathname possibly containing a wildcard. If
1699 ppath_contains_wcard != NULL, it will be set to true if a wildcard is
1700 detected during dfs resolution.
1701 ******************************************************************************/
1703 NTSTATUS resolve_dfspath_wcard(TALLOC_CTX *ctx,
1704 connection_struct *conn,
1705 const char *name_in,
1707 bool allow_broken_path,
1709 bool *ppath_contains_wcard)
1711 bool path_contains_wcard = false;
1712 NTSTATUS status = NT_STATUS_OK;
1714 status = dfs_redirect(ctx,
1720 &path_contains_wcard);
1722 if (NT_STATUS_IS_OK(status) &&
1723 ppath_contains_wcard != NULL &&
1724 path_contains_wcard) {
1725 *ppath_contains_wcard = path_contains_wcard;
git.samba.org / kai / samba-autobuild / .git / blob