Context Navigation

source: branches/samba-3.2.x/source/libsmb/libsmb_server.c@ 233

Visit:

Last change on this file since 233 was 232, checked in by Herwig Bauernfeind, 17 years ago
Update 3.2 branch to 3.2.8
File size: 26.6 KB

Line
1	/*
2	Unix SMB/Netbios implementation.
3	SMB client library implementation
4	Copyright (C) Andrew Tridgell 1998
5	Copyright (C) Richard Sharpe 2000, 2002
6	Copyright (C) John Terpstra 2000
7	Copyright (C) Tom Jansen (Ninja ISD) 2002
8	Copyright (C) Derrell Lipman 2003-2008
9	Copyright (C) Jeremy Allison 2007, 2008
10
11	This program is free software; you can redistribute it and/or modify
12	it under the terms of the GNU General Public License as published by
13	the Free Software Foundation; either version 3 of the License, or
14	(at your option) any later version.
15
16	This program is distributed in the hope that it will be useful,
17	but WITHOUT ANY WARRANTY; without even the implied warranty of
18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	GNU General Public License for more details.
20
21	You should have received a copy of the GNU General Public License
22	along with this program. If not, see <http://www.gnu.org/licenses/>.
23	*/
24
25	#include "includes.h"
26	#include "libsmbclient.h"
27	#include "libsmb_internal.h"
28
29
30	/*
31	* Check a server for being alive and well.
32	* returns 0 if the server is in shape. Returns 1 on error
33	*
34	* Also useable outside libsmbclient to enable external cache
35	* to do some checks too.
36	*/
37	int
38	SMBC_check_server(SMBCCTX * context,
39	SMBCSRV * server)
40	{
41	socklen_t size;
42	struct sockaddr addr;
43
44	size = sizeof(addr);
45	return (getpeername(server->cli->fd, &addr, &size) == -1);
46	}
47
48	/*
49	* Remove a server from the cached server list it's unused.
50	* On success, 0 is returned. 1 is returned if the server could not be removed.
51	*
52	* Also useable outside libsmbclient
53	*/
54	int
55	SMBC_remove_unused_server(SMBCCTX * context,
56	SMBCSRV * srv)
57	{
58	SMBCFILE * file;
59
60	/* are we being fooled ? */
61	if (!context \|\| !context->internal->initialized \|\| !srv) {
62	return 1;
63	}
64
65	/* Check all open files/directories for a relation with this server */
66	for (file = context->internal->files; file; file = file->next) {
67	if (file->srv == srv) {
68	/* Still used */
69	DEBUG(3, ("smbc_remove_usused_server: "
70	"%p still used by %p.\n",
71	srv, file));
72	return 1;
73	}
74	}
75
76	DLIST_REMOVE(context->internal->servers, srv);
77
78	cli_shutdown(srv->cli);
79	srv->cli = NULL;
80
81	DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
82
83	smbc_getFunctionRemoveCachedServer(context)(context, srv);
84
85	SAFE_FREE(srv);
86	return 0;
87	}
88
89	/****************************************************************
90	* Call the auth_fn with fixed size (fstring) buffers.
91	***************************************************************/
92	void
93	SMBC_call_auth_fn(TALLOC_CTX *ctx,
94	SMBCCTX *context,
95	const char *server,
96	const char *share,
97	char **pp_workgroup,
98	char **pp_username,
99	char **pp_password)
100	{
101	fstring workgroup;
102	fstring username;
103	fstring password;
104	smbc_get_auth_data_with_context_fn auth_with_context_fn;
105
106	strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
107	strlcpy(username, *pp_username, sizeof(username));
108	strlcpy(password, *pp_password, sizeof(password));
109
110	/* See if there's an authentication with context function provided */
111	auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
112	if (auth_with_context_fn)
113	{
114	(* auth_with_context_fn)(context,
115	server, share,
116	workgroup, sizeof(workgroup),
117	username, sizeof(username),
118	password, sizeof(password));
119	}
120	else
121	{
122	smbc_getFunctionAuthData(context)(server, share,
123	workgroup, sizeof(workgroup),
124	username, sizeof(username),
125	password, sizeof(password));
126	}
127
128	TALLOC_FREE(*pp_workgroup);
129	TALLOC_FREE(*pp_username);
130	TALLOC_FREE(*pp_password);
131
132	*pp_workgroup = talloc_strdup(ctx, workgroup);
133	*pp_username = talloc_strdup(ctx, username);
134	*pp_password = talloc_strdup(ctx, password);
135	}
136
137
138	void
139	SMBC_get_auth_data(const char server, const char share,
140	char *workgroup_buf, int workgroup_buf_len,
141	char *username_buf, int username_buf_len,
142	char *password_buf, int password_buf_len)
143	{
144	/* Default function just uses provided data. Nothing to do. */
145	}
146
147
148
149	SMBCSRV *
150	SMBC_find_server(TALLOC_CTX *ctx,
151	SMBCCTX *context,
152	const char *server,
153	const char *share,
154	char **pp_workgroup,
155	char **pp_username,
156	char **pp_password)
157	{
158	SMBCSRV *srv;
159	int auth_called = 0;
160
161	if (!pp_workgroup \|\| !pp_username \|\| !pp_password) {
162	return NULL;
163	}
164
165	check_server_cache:
166
167	srv = smbc_getFunctionGetCachedServer(context)(context,
168	server, share,
169	*pp_workgroup,
170	*pp_username);
171
172	if (!auth_called && !srv && (!pp_username \|\| !(pp_username)[0] \|\|
173	!pp_password \|\| !(pp_password)[0])) {
174	SMBC_call_auth_fn(ctx, context, server, share,
175	pp_workgroup, pp_username, pp_password);
176
177	/*
178	* However, smbc_auth_fn may have picked up info relating to
179	* an existing connection, so try for an existing connection
180	* again ...
181	*/
182	auth_called = 1;
183	goto check_server_cache;
184
185	}
186
187	if (srv) {
188	if (smbc_getFunctionCheckServer(context)(context, srv)) {
189	/*
190	* This server is no good anymore
191	* Try to remove it and check for more possible
192	* servers in the cache
193	*/
194	if (smbc_getFunctionRemoveUnusedServer(context)(context,
195	srv)) {
196	/*
197	* We could not remove the server completely,
198	* remove it from the cache so we will not get
199	* it again. It will be removed when the last
200	* file/dir is closed.
201	*/
202	smbc_getFunctionRemoveCachedServer(context)(context,
203	srv);
204	}
205
206	/*
207	* Maybe there are more cached connections to this
208	* server
209	*/
210	goto check_server_cache;
211	}
212
213	return srv;
214	}
215
216	return NULL;
217	}
218
219	/*
220	* Connect to a server, possibly on an existing connection
221	*
222	* Here, what we want to do is: If the server and username
223	* match an existing connection, reuse that, otherwise, establish a
224	* new connection.
225	*
226	* If we have to create a new connection, call the auth_fn to get the
227	* info we need, unless the username and password were passed in.
228	*/
229
230	SMBCSRV *
231	SMBC_server(TALLOC_CTX *ctx,
232	SMBCCTX *context,
233	bool connect_if_not_found,
234	const char *server,
235	const char *share,
236	char **pp_workgroup,
237	char **pp_username,
238	char **pp_password)
239	{
240	SMBCSRV *srv=NULL;
241	struct cli_state *c;
242	struct nmb_name called, calling;
243	const char *server_n = server;
244	struct sockaddr_storage ss;
245	int tried_reverse = 0;
246	int port_try_first;
247	int port_try_next;
248	int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
249	uint32 fs_attrs = 0;
250	const char *username_used;
251	NTSTATUS status;
252
253	zero_sockaddr(&ss);
254	ZERO_STRUCT(c);
255
256	if (server[0] == 0) {
257	errno = EPERM;
258	return NULL;
259	}
260
261	/* Look for a cached connection */
262	srv = SMBC_find_server(ctx, context, server, share,
263	pp_workgroup, pp_username, pp_password);
264
265	/*
266	* If we found a connection and we're only allowed one share per
267	* server...
268	*/
269	if (srv &&
270	*share != '\0' &&
271	smbc_getOptionOneSharePerServer(context)) {
272
273	/*
274	* ... then if there's no current connection to the share,
275	* connect to it. SMBC_find_server(), or rather the function
276	* pointed to by context->get_cached_srv_fn which
277	* was called by SMBC_find_server(), will have issued a tree
278	* disconnect if the requested share is not the same as the
279	* one that was already connected.
280	*/
281	if (srv->cli->cnum == (uint16) -1) {
282	/* Ensure we have accurate auth info */
283	SMBC_call_auth_fn(ctx, context, server, share,
284	pp_workgroup,
285	pp_username,
286	pp_password);
287
288	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
289	errno = ENOMEM;
290	cli_shutdown(srv->cli);
291	srv->cli = NULL;
292	smbc_getFunctionRemoveCachedServer(context)(context,
293	srv);
294	return NULL;
295	}
296
297	/*
298	* We don't need to renegotiate encryption
299	* here as the encryption context is not per
300	* tid.
301	*/
302
303	if (!cli_send_tconX(srv->cli, share, "?????",
304	*pp_password,
305	strlen(*pp_password)+1)) {
306
307	errno = SMBC_errno(context, srv->cli);
308	cli_shutdown(srv->cli);
309	srv->cli = NULL;
310	smbc_getFunctionRemoveCachedServer(context)(context,
311	srv);
312	srv = NULL;
313	}
314
315	/* Determine if this share supports case sensitivity */
316	if (is_ipc) {
317	DEBUG(4,
318	("IPC$ so ignore case sensitivity\n"));
319	} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
320	DEBUG(4, ("Could not retrieve "
321	"case sensitivity flag: %s.\n",
322	cli_errstr(c)));
323
324	/*
325	* We can't determine the case sensitivity of
326	* the share. We have no choice but to use the
327	* user-specified case sensitivity setting.
328	*/
329	if (smbc_getOptionCaseSensitive(context)) {
330	cli_set_case_sensitive(c, True);
331	} else {
332	cli_set_case_sensitive(c, False);
333	}
334	} else {
335	DEBUG(4,
336	("Case sensitive: %s\n",
337	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
338	? "True"
339	: "False")));
340	cli_set_case_sensitive(
341	c,
342	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
343	? True
344	: False));
345	}
346
347	/*
348	* Regenerate the dev value since it's based on both
349	* server and share
350	*/
351	if (srv) {
352	srv->dev = (dev_t)(str_checksum(server) ^
353	str_checksum(share));
354	}
355	}
356	}
357
358	/* If we have a connection... */
359	if (srv) {
360
361	/* ... then we're done here. Give 'em what they came for. */
362	return srv;
363	}
364
365	/* If we're not asked to connect when a connection doesn't exist... */
366	if (! connect_if_not_found) {
367	/* ... then we're done here. */
368	return NULL;
369	}
370
371	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
372	errno = ENOMEM;
373	return NULL;
374	}
375
376	make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0);
377	make_nmb_name(&called , server, 0x20);
378
379	DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
380
381	DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
382
383	again:
384
385	zero_sockaddr(&ss);
386
387	/* have to open a new connection */
388	if ((c = cli_initialise()) == NULL) {
389	errno = ENOMEM;
390	return NULL;
391	}
392
393	if (smbc_getOptionUseKerberos(context)) {
394	c->use_kerberos = True;
395	}
396
397	if (smbc_getOptionFallbackAfterKerberos(context)) {
398	c->fallback_after_kerberos = True;
399	}
400
401	c->timeout = smbc_getTimeout(context);
402
403	/*
404	* Force use of port 139 for first try if share is $IPC, empty, or
405	* null, so browse lists can work
406	*/
407	if (share == NULL \|\| *share == '\0' \|\| is_ipc) {
408	port_try_first = 139;
409	port_try_next = 445;
410	} else {
411	port_try_first = 445;
412	port_try_next = 139;
413	}
414
415	c->port = port_try_first;
416
417	status = cli_connect(c, server_n, &ss);
418	if (!NT_STATUS_IS_OK(status)) {
419
420	/* First connection attempt failed. Try alternate port. */
421	c->port = port_try_next;
422
423	status = cli_connect(c, server_n, &ss);
424	if (!NT_STATUS_IS_OK(status)) {
425	cli_shutdown(c);
426	errno = ETIMEDOUT;
427	return NULL;
428	}
429	}
430
431	if (!cli_session_request(c, &calling, &called)) {
432	cli_shutdown(c);
433	if (strcmp(called.name, "*SMBSERVER")) {
434	make_nmb_name(&called , "*SMBSERVER", 0x20);
435	goto again;
436	} else { /* Try one more time, but ensure we don't loop */
437
438	/* Only try this if server is an IP address ... */
439
440	if (is_ipaddress(server) && !tried_reverse) {
441	fstring remote_name;
442	struct sockaddr_storage rem_ss;
443
444	if (!interpret_string_addr(&rem_ss, server,
445	NI_NUMERICHOST)) {
446	DEBUG(4, ("Could not convert IP address "
447	"%s to struct sockaddr_storage\n",
448	server));
449	errno = ETIMEDOUT;
450	return NULL;
451	}
452
453	tried_reverse++; /* Yuck */
454
455	if (name_status_find("*", 0, 0,
456	&rem_ss, remote_name)) {
457	make_nmb_name(&called,
458	remote_name,
459	0x20);
460	goto again;
461	}
462	}
463	}
464	errno = ETIMEDOUT;
465	return NULL;
466	}
467
468	DEBUG(4,(" session request ok\n"));
469
470	if (!cli_negprot(c)) {
471	cli_shutdown(c);
472	errno = ETIMEDOUT;
473	return NULL;
474	}
475
476	username_used = *pp_username;
477
478	if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
479	*pp_password,
480	strlen(*pp_password),
481	*pp_password,
482	strlen(*pp_password),
483	*pp_workgroup))) {
484
485	/* Failed. Try an anonymous login, if allowed by flags. */
486	username_used = "";
487
488	if (smbc_getOptionNoAutoAnonymousLogin(context) \|\|
489	!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
490	*pp_password, 1,
491	*pp_password, 0,
492	*pp_workgroup))) {
493
494	cli_shutdown(c);
495	errno = EPERM;
496	return NULL;
497	}
498	}
499
500	DEBUG(4,(" session setup ok\n"));
501
502	if (!cli_send_tconX(c, share, "?????",
503	pp_password, strlen(pp_password)+1)) {
504	errno = SMBC_errno(context, c);
505	cli_shutdown(c);
506	return NULL;
507	}
508
509	DEBUG(4,(" tconx ok\n"));
510
511	/* Determine if this share supports case sensitivity */
512	if (is_ipc) {
513	DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
514	} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
515	DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
516	cli_errstr(c)));
517
518	/*
519	* We can't determine the case sensitivity of the share. We
520	* have no choice but to use the user-specified case
521	* sensitivity setting.
522	*/
523	if (smbc_getOptionCaseSensitive(context)) {
524	cli_set_case_sensitive(c, True);
525	} else {
526	cli_set_case_sensitive(c, False);
527	}
528	} else {
529	DEBUG(4, ("Case sensitive: %s\n",
530	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
531	? "True"
532	: "False")));
533	cli_set_case_sensitive(c,
534	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
535	? True
536	: False));
537	}
538
539	if (context->internal->smb_encryption_level) {
540	/* Attempt UNIX smb encryption. */
541	if (!NT_STATUS_IS_OK(cli_force_encryption(c,
542	username_used,
543	*pp_password,
544	*pp_workgroup))) {
545
546	/*
547	* context->smb_encryption_level == 1
548	* means don't fail if encryption can't be negotiated,
549	* == 2 means fail if encryption can't be negotiated.
550	*/
551
552	DEBUG(4,(" SMB encrypt failed\n"));
553
554	if (context->internal->smb_encryption_level == 2) {
555	cli_shutdown(c);
556	errno = EPERM;
557	return NULL;
558	}
559	}
560	DEBUG(4,(" SMB encrypt ok\n"));
561	}
562
563	/*
564	* Ok, we have got a nice connection
565	* Let's allocate a server structure.
566	*/
567
568	srv = SMB_MALLOC_P(SMBCSRV);
569	if (!srv) {
570	errno = ENOMEM;
571	goto failed;
572	}
573
574	ZERO_STRUCTP(srv);
575	srv->cli = c;
576	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
577	srv->no_pathinfo = False;
578	srv->no_pathinfo2 = False;
579	srv->no_nt_session = False;
580
581	/* now add it to the cache (internal or external) */
582	/* Let the cache function set errno if it wants to */
583	errno = 0;
584	if (smbc_getFunctionAddCachedServer(context)(context, srv,
585	server, share,
586	*pp_workgroup,
587	*pp_username)) {
588	int saved_errno = errno;
589	DEBUG(3, (" Failed to add server to cache\n"));
590	errno = saved_errno;
591	if (errno == 0) {
592	errno = ENOMEM;
593	}
594	goto failed;
595	}
596
597	DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
598	server, share, srv));
599
600	DLIST_ADD(context->internal->servers, srv);
601	return srv;
602
603	failed:
604	cli_shutdown(c);
605	if (!srv) {
606	return NULL;
607	}
608
609	SAFE_FREE(srv);
610	return NULL;
611	}
612
613	/*
614	* Connect to a server for getting/setting attributes, possibly on an existing
615	* connection. This works similarly to SMBC_server().
616	*/
617	SMBCSRV *
618	SMBC_attr_server(TALLOC_CTX *ctx,
619	SMBCCTX *context,
620	const char *server,
621	const char *share,
622	char **pp_workgroup,
623	char **pp_username,
624	char **pp_password)
625	{
626	int flags;
627	struct sockaddr_storage ss;
628	struct cli_state *ipc_cli;
629	struct rpc_pipe_client *pipe_hnd;
630	NTSTATUS nt_status;
631	SMBCSRV *ipc_srv=NULL;
632
633	/*
634	* See if we've already created this special connection. Reference
635	* our "special" share name '*IPC$', which is an impossible real share
636	* name due to the leading asterisk.
637	*/
638	ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
639	pp_workgroup, pp_username, pp_password);
640	if (!ipc_srv) {
641
642	/* We didn't find a cached connection. Get the password */
643	if (!pp_password \|\| (pp_password)[0] == '\0') {
644	/* ... then retrieve it now. */
645	SMBC_call_auth_fn(ctx, context, server, share,
646	pp_workgroup,
647	pp_username,
648	pp_password);
649	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
650	errno = ENOMEM;
651	return NULL;
652	}
653	}
654
655	flags = 0;
656	if (smbc_getOptionUseKerberos(context)) {
657	flags \|= CLI_FULL_CONNECTION_USE_KERBEROS;
658	}
659
660	zero_sockaddr(&ss);
661	nt_status = cli_full_connection(&ipc_cli,
662	global_myname(), server,
663	&ss, 0, "IPC$", "?????",
664	*pp_username,
665	*pp_workgroup,
666	*pp_password,
667	flags,
668	Undefined, NULL);
669	if (! NT_STATUS_IS_OK(nt_status)) {
670	DEBUG(1,("cli_full_connection failed! (%s)\n",
671	nt_errstr(nt_status)));
672	errno = ENOTSUP;
673	return NULL;
674	}
675
676	if (context->internal->smb_encryption_level) {
677	/* Attempt UNIX smb encryption. */
678	if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
679	*pp_username,
680	*pp_password,
681	*pp_workgroup))) {
682
683	/*
684	* context->smb_encryption_level ==
685	* 1 means don't fail if encryption can't be
686	* negotiated, == 2 means fail if encryption
687	* can't be negotiated.
688	*/
689
690	DEBUG(4,(" SMB encrypt failed on IPC$\n"));
691
692	if (context->internal->smb_encryption_level == 2) {
693	cli_shutdown(ipc_cli);
694	errno = EPERM;
695	return NULL;
696	}
697	}
698	DEBUG(4,(" SMB encrypt ok on IPC$\n"));
699	}
700
701	ipc_srv = SMB_MALLOC_P(SMBCSRV);
702	if (!ipc_srv) {
703	errno = ENOMEM;
704	cli_shutdown(ipc_cli);
705	return NULL;
706	}
707
708	ZERO_STRUCTP(ipc_srv);
709	ipc_srv->cli = ipc_cli;
710
711	pipe_hnd = cli_rpc_pipe_open_noauth(ipc_srv->cli,
712	PI_LSARPC,
713	&nt_status);
714	if (!pipe_hnd) {
715	DEBUG(1, ("cli_nt_session_open fail!\n"));
716	errno = ENOTSUP;
717	cli_shutdown(ipc_srv->cli);
718	free(ipc_srv);
719	return NULL;
720	}
721
722	/*
723	* Some systems don't support
724	* SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
725	* so we might as well do it too.
726	*/
727
728	nt_status = rpccli_lsa_open_policy(
729	pipe_hnd,
730	talloc_tos(),
731	True,
732	GENERIC_EXECUTE_ACCESS,
733	&ipc_srv->pol);
734
735	if (!NT_STATUS_IS_OK(nt_status)) {
736	errno = SMBC_errno(context, ipc_srv->cli);
737	cli_shutdown(ipc_srv->cli);
738	return NULL;
739	}
740
741	/* now add it to the cache (internal or external) */
742
743	errno = 0; /* let cache function set errno if it likes */
744	if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
745	server,
746	"*IPC$",
747	*pp_workgroup,
748	*pp_username)) {
749	DEBUG(3, (" Failed to add server to cache\n"));
750	if (errno == 0) {
751	errno = ENOMEM;
752	}
753	cli_shutdown(ipc_srv->cli);
754	free(ipc_srv);
755	return NULL;
756	}
757
758	DLIST_ADD(context->internal->servers, ipc_srv);
759	}
760
761	return ipc_srv;
762	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: