diff options
Diffstat (limited to '')
-rw-r--r-- | dfs_server/dfs_server_ad.c | 951 |
1 files changed, 951 insertions, 0 deletions
diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c new file mode 100644 index 0000000..7f4384f --- /dev/null +++ b/dfs_server/dfs_server_ad.c @@ -0,0 +1,951 @@ +/* + Unix SMB/CIFS implementation. + + Copyright Matthieu Patou <mat@matws.net> 2010-2011 + Copyright Stefan Metzmacher 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "librpc/gen_ndr/dfsblobs.h" +#include "librpc/gen_ndr/ndr_dfsblobs.h" +#include "dsdb/samdb/samdb.h" +#include "auth/session.h" +#include "param/param.h" +#include "lib/tsocket/tsocket.h" +#include "dfs_server/dfs_server_ad.h" +#include "lib/util/util_net.h" +#include "libds/common/roles.h" + +#define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */ + +#undef strcasecmp + +/* A DC set is a group of DC, they might have been grouped together + because they belong to the same site, or to site with same cost ... +*/ +struct dc_set { + const char **names; + uint32_t count; +}; + +static void shuffle_dc_set(struct dc_set *list) +{ + uint32_t i; + + for (i = list->count; i > 1; i--) { + uint32_t r; + const char *tmp; + + r = generate_random() % i; + + tmp = list->names[i - 1]; + list->names[i - 1] = list->names[r]; + list->names[r] = tmp; + } +} + +/* + fill a referral type structure + */ +static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx, + struct dfs_referral_type *ref, + uint16_t version, + const char *dfs_path, + const char *server_path, int isfirstoffset) +{ + ZERO_STRUCTP(ref); + switch (version) { + case 4: + ref->version = version; + /* For the moment there is a bug with XP that don't seems to appriciate much + * level4 so we return just level 3 for everyone + */ + ref->referral.v4.server_type = DFS_SERVER_NON_ROOT; + /* "normal" referral seems to always include the GUID */ + ref->referral.v4.size = 34; + + if (isfirstoffset) { + ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK; + } + ref->referral.v4.ttl = 900; /* As w2k8r2 */ + ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path); + if (ref->referral.v4.referrals.r1.DFS_path == NULL) { + return NT_STATUS_NO_MEMORY; + } + ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path); + if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) { + return NT_STATUS_NO_MEMORY; + } + ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path); + if (ref->referral.v4.referrals.r1.netw_address == NULL) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; + case 3: + ref->version = version; + ref->referral.v3.server_type = DFS_SERVER_NON_ROOT; + /* "normal" referral seems to always include the GUID */ + ref->referral.v3.size = 34; + + ref->referral.v3.entry_flags = 0; + ref->referral.v3.ttl = 600; /* As w2k3 */ + ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path); + if (ref->referral.v3.referrals.r1.DFS_path == NULL) { + return NT_STATUS_NO_MEMORY; + } + ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path); + if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) { + return NT_STATUS_NO_MEMORY; + } + ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path); + if (ref->referral.v3.referrals.r1.netw_address == NULL) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; + } + return NT_STATUS_INVALID_LEVEL; +} + +/* + fill a domain refererral + */ +static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx, + struct dfs_referral_type *ref, + uint16_t version, + const char *domain, + const char **names, + uint16_t numnames) +{ + switch (version) { + case 3: + ZERO_STRUCTP(ref); + DEBUG(8, ("Called fill_domain_dfs_referraltype\n")); + ref->version = version; + ref->referral.v3.server_type = DFS_SERVER_NON_ROOT; +#if 0 + /* We use to have variable size, on Windows 2008R2 it's the same + * and it seems that it gives better results so ... let's use the same + * size. + * + * Additional note: XP SP2 will ask for version 3 and SP3 for version 4. + */ + /* + * It's hard coded ... don't think it's a good way but the + * sizeof return not the correct values + * + * We have 18 if the GUID is not included 34 otherwise + */ + if (numnames == 0) { + /* Windows return without the guid when returning domain list + */ + ref->referral.v3.size = 18; + } else { + ref->referral.v3.size = 34; + } +#endif + /* As seen in w2k8r2 it always return the null GUID */ + ref->referral.v3.size = 34; + ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP; + ref->referral.v3.ttl = 600; /* As w2k3 and w2k8r2*/ + ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx, + domain); + if (ref->referral.v3.referrals.r2.special_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + ref->referral.v3.referrals.r2.nb_expanded_names = numnames; + /* Put the final terminator */ + if (names) { + int i; + const char **names2 = talloc_array(mem_ctx, const char *, + numnames+1); + NT_STATUS_HAVE_NO_MEMORY(names2); + for (i = 0; i<numnames; i++) { + names2[i] = talloc_asprintf(names2, "\\%s", names[i]); + NT_STATUS_HAVE_NO_MEMORY(names2[i]); + } + names2[numnames] = NULL; + ref->referral.v3.referrals.r2.expanded_names = names2; + } + return NT_STATUS_OK; + } + return NT_STATUS_INVALID_LEVEL; +} + +/* + get the DCs list within a site + */ +static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb, + struct ldb_dn *sitedn, struct dc_set *list, + bool dofqdn) +{ + static const char *attrs[] = { "serverReference", NULL }; + static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL }; + struct ldb_result *r; + unsigned int i; + int ret; + const char **dc_list; + + ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs, + "(&(objectClass=server)(serverReference=*))"); + if (ret != LDB_SUCCESS) { + DEBUG(2,(__location__ ": Failed to get list of servers - %s\n", + ldb_errstring(ldb))); + return NT_STATUS_INTERNAL_ERROR; + } + + if (r->count == 0) { + /* none in this site */ + talloc_free(r); + return NT_STATUS_OK; + } + + /* + * need to search for all server object to know the size of the array. + * Search all the object of class server in this site + */ + dc_list = talloc_array(r, const char *, r->count); + if (dc_list == NULL) { + TALLOC_FREE(r); + return NT_STATUS_NO_MEMORY; + } + + /* TODO put some random here in the order */ + list->names = talloc_realloc(list, list->names, const char *, list->count + r->count); + if (list->names == NULL) { + TALLOC_FREE(r); + return NT_STATUS_NO_MEMORY; + } + + for (i = 0; i<r->count; i++) { + struct ldb_dn *dn; + struct ldb_message *msg; + + dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference"); + if (!dn) { + return NT_STATUS_INTERNAL_ERROR; + } + + ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)"); + if (ret != LDB_SUCCESS) { + DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n", + ldb_dn_get_linearized(dn), ldb_errstring(ldb))); + return NT_STATUS_INTERNAL_ERROR; + } + + if (dofqdn) { + const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL); + if (dns == NULL) { + DEBUG(2,(__location__ ": dNSHostName missing on %s\n", + ldb_dn_get_linearized(dn))); + talloc_free(r); + return NT_STATUS_INTERNAL_ERROR; + } + + list->names[list->count] = talloc_strdup(list->names, dns); + if (list->names[list->count] == NULL) { + TALLOC_FREE(r); + return NT_STATUS_NO_MEMORY; + } + } else { + char *tmp; + const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL); + if (aname == NULL) { + DEBUG(2,(__location__ ": sAMAccountName missing on %s\n", + ldb_dn_get_linearized(dn))); + talloc_free(r); + return NT_STATUS_INTERNAL_ERROR; + } + + tmp = talloc_strdup(list->names, aname); + if (tmp == NULL) { + TALLOC_FREE(r); + return NT_STATUS_NO_MEMORY; + } + + /* Netbios name is also the sAMAccountName for + computer but without the final $ */ + tmp[strlen(tmp) - 1] = '\0'; + list->names[list->count] = tmp; + } + list->count++; + talloc_free(msg); + } + + shuffle_dc_set(list); + + talloc_free(r); + return NT_STATUS_OK; +} + + +/* + get all DCs + */ +static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb, + const char *searched_site, bool need_fqdn, + struct dc_set ***pset_list, uint32_t flags) +{ + /* + * Flags will be used later to indicate things like least-expensive + * or same-site options + */ + const char *attrs_none[] = { NULL }; + const char *attrs3[] = { "name", NULL }; + struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn; + struct ldb_result *r; + struct dc_set **set_list = NULL; + uint32_t i; + int ret; + uint32_t current_pos = 0; + NTSTATUS status; + TALLOC_CTX *subctx; + + *pset_list = set_list = NULL; + + subctx = talloc_new(ctx); + NT_STATUS_HAVE_NO_MEMORY(subctx); + + configdn = ldb_get_config_basedn(ldb); + + /* Let's search for the Site container */ + ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none, + "(objectClass=sitesContainer)"); + if (ret != LDB_SUCCESS) { + DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n", + ldb_dn_get_linearized(configdn), ldb_errstring(ldb))); + talloc_free(subctx); + return NT_STATUS_INTERNAL_ERROR; + } + if (r->count > 1) { + DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n", + r->count, ldb_dn_get_linearized(configdn))); + talloc_free(subctx); + return NT_STATUS_INTERNAL_ERROR; + } + + sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn); + talloc_free(r); + + /* + * TODO: Here we should have a more subtle handling + * for the case "same-site" + */ + ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE, + attrs_none, "(objectClass=server)"); + if (ret != LDB_SUCCESS) { + DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n", + ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb))); + talloc_free(subctx); + return NT_STATUS_INTERNAL_ERROR; + } + talloc_free(r); + + if (searched_site != NULL && searched_site[0] != '\0') { + ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, + attrs_none, "(&(name=%s)(objectClass=site))", searched_site); + if (ret != LDB_SUCCESS) { + talloc_free(subctx); + return NT_STATUS_FOOBAR; + } else if (r->count != 1) { + talloc_free(subctx); + return NT_STATUS_FOOBAR; + } + + /* All of this was to get the DN of the searched_site */ + sitedn = r->msgs[0]->dn; + + /* + * We will realloc + 2 because we will need one additional place + * for element at current_pos + 1 for the NULL element + */ + set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2); + if (set_list == NULL) { + TALLOC_FREE(subctx); + return NT_STATUS_NO_MEMORY; + } + + set_list[current_pos] = talloc(set_list, struct dc_set); + if (set_list[current_pos] == NULL) { + TALLOC_FREE(subctx); + return NT_STATUS_NO_MEMORY; + } + + set_list[current_pos]->names = NULL; + set_list[current_pos]->count = 0; + + set_list[current_pos+1] = NULL; + + status = get_dcs_insite(subctx, ldb, sitedn, + set_list[current_pos], need_fqdn); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n", + ldb_dn_get_linearized(sitedn), nt_errstr(status))); + talloc_free(subctx); + return status; + } + talloc_free(r); + current_pos++; + } + + /* Let's find all the sites */ + ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)"); + if (ret != LDB_SUCCESS) { + DEBUG(2,(__location__ ": Failed to find any site containers in %s\n", + ldb_dn_get_linearized(configdn))); + talloc_free(subctx); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + /* + * TODO: + * We should randomize the order in the main site, + * it's mostly needed for sysvol/netlogon referral. + * Depending of flag we either randomize order of the + * not "in the same site DCs" + * or we randomize by group of site that have the same cost + * In the long run we want to manipulate an array of site_set + * All the site in one set have the same cost (if least-expansive options is selected) + * and we will put all the dc related to 1 site set into 1 DCs set. + * Within a site set, site order has to be randomized + * + * But for the moment we just return the list of sites + */ + if (r->count) { + /* + * We will realloc + 2 because we will need one additional place + * for element at current_pos + 1 for the NULL element + */ + set_list = talloc_realloc(subctx, set_list, struct dc_set *, + current_pos+2); + if (set_list == NULL) { + TALLOC_FREE(subctx); + return NT_STATUS_NO_MEMORY; + } + + set_list[current_pos] = talloc(ctx, struct dc_set); + if (set_list[current_pos] == NULL) { + TALLOC_FREE(subctx); + return NT_STATUS_NO_MEMORY; + } + + set_list[current_pos]->names = NULL; + set_list[current_pos]->count = 0; + + set_list[current_pos+1] = NULL; + } + + for (i=0; i<r->count; i++) { + const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL); + if (site_name == NULL) { + DEBUG(2,(__location__ ": Failed to find name attribute in %s\n", + ldb_dn_get_linearized(r->msgs[i]->dn))); + talloc_free(subctx); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (searched_site == NULL || + strcmp(searched_site, site_name) != 0) { + DEBUG(2,(__location__ ": Site: %s %s\n", + searched_site, site_name)); + + /* + * Do all the site but the one of the client + * (because it has already been done ...) + */ + dn = r->msgs[i]->dn; + + status = get_dcs_insite(subctx, ldb, dn, + set_list[current_pos], + need_fqdn); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(subctx); + return status; + } + } + } + + *pset_list = talloc_move(ctx, &set_list); + talloc_free(subctx); + return NT_STATUS_OK; +} + +static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx, + struct ldb_context *sam_ctx, + const struct tsocket_address *client, + struct dfs_GetDFSReferral *r) +{ + /* + * TODO for the moment we just return the local domain + */ + NTSTATUS status; + const char *dns_domain = lpcfg_dnsdomain(lp_ctx); + const char *netbios_domain = lpcfg_workgroup(lp_ctx); + struct dfs_referral_type *referrals; + const char *referral_str; + /* In the future this needs to be fetched from the ldb */ + uint32_t found_domain = 2; + + if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) { + DEBUG(10 ,("Received a domain referral request on a non DC\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + if (r->in.req.max_referral_level < 3) { + DEBUG(2,("invalid max_referral_level %u\n", + r->in.req.max_referral_level)); + return NT_STATUS_UNSUCCESSFUL; + } + + r->out.resp = talloc_zero(r, struct dfs_referral_resp); + if (r->out.resp == NULL) { + return NT_STATUS_NO_MEMORY; + } + + r->out.resp->path_consumed = 0; + r->out.resp->header_flags = 0; /* Do like w2k3 */ + r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */ + + referrals = talloc_zero_array(r->out.resp, + struct dfs_referral_type, + r->out.resp->nb_referrals); + if (referrals == NULL) { + return NT_STATUS_NO_MEMORY; + } + r->out.resp->referral_entries = referrals; + + referral_str = talloc_asprintf(r, "\\%s", netbios_domain); + if (referral_str == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = fill_domain_dfs_referraltype(referrals, + &referrals[0], 3, + referral_str, + NULL, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("%s: Unable to fill domain referral structure - %s\n", + __location__, nt_errstr(status))); + return status; + } + + referral_str = talloc_asprintf(r, "\\%s", dns_domain); + if (referral_str == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = fill_domain_dfs_referraltype(referrals, + &referrals[1], 3, + referral_str, + NULL, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("%s: Unable to fill domain referral structure - %s\n", + __location__, nt_errstr(status))); + return status; + } + + return NT_STATUS_OK; +} + +/* + * Handle the logic for dfs referral request like + * \\dns_domain or \\netbios_domain. + */ +static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx, + struct ldb_context *sam_ctx, + const struct tsocket_address *client, + struct dfs_GetDFSReferral *r, + const char *domain_name) +{ + NTSTATUS status; + const char *site_name = NULL; /* Name of the site where the client is */ + bool need_fqdn = false; + unsigned int i; + const char **dc_list = NULL; + uint32_t num_dcs = 0; + struct dc_set **set; + char *client_str = NULL; + struct dfs_referral_type *referrals; + const char *referral_str; + + if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (r->in.req.max_referral_level < 3) { + DEBUG(2,("invalid max_referral_level %u\n", + r->in.req.max_referral_level)); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(10, ("in this we have request for %s requested is %s\n", + domain_name, r->in.req.servername)); + + if (strchr(domain_name,'.')) { + need_fqdn = 1; + } + + if (tsocket_address_is_inet(client, "ip")) { + client_str = tsocket_address_inet_addr_string(client, r); + if (client_str == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + + site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true); + + status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3,("Unable to get list of DCs - %s\n", + nt_errstr(status))); + return status; + } + + for(i=0; set[i]; i++) { + uint32_t j; + + dc_list = talloc_realloc(r, dc_list, const char*, + num_dcs + set[i]->count + 1); + if (dc_list == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for(j=0; j<set[i]->count; j++) { + dc_list[num_dcs + j] = talloc_move(dc_list, + &set[i]->names[j]); + } + num_dcs = num_dcs + set[i]->count; + TALLOC_FREE(set[i]); + dc_list[num_dcs] = NULL; + } + + r->out.resp = talloc_zero(r, struct dfs_referral_resp); + if (r->out.resp == NULL) { + return NT_STATUS_NO_MEMORY; + } + + r->out.resp->path_consumed = 0; + r->out.resp->header_flags = 0; /* Do like w2k3 */ + r->out.resp->nb_referrals = 1; + + referrals = talloc_zero_array(r->out.resp, + struct dfs_referral_type, + r->out.resp->nb_referrals); + if (referrals == NULL) { + return NT_STATUS_NO_MEMORY; + } + r->out.resp->referral_entries = referrals; + + if (r->in.req.servername[0] == '\\') { + referral_str = talloc_asprintf(referrals, "%s", + domain_name); + } else { + referral_str = talloc_asprintf(referrals, "\\%s", + domain_name); + } + if (referral_str == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = fill_domain_dfs_referraltype(referrals, + &referrals[0], 3, + referral_str, + dc_list, num_dcs); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("%s: Unable to fill domain referral structure - %s\n", + __location__, nt_errstr(status))); + return status; + } + + return NT_STATUS_OK; +} + +/* + * Handle the logic for dfs referral request like + * \\domain\sysvol or \\domain\netlogon + */ +static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx, + struct ldb_context *sam_ctx, + const struct tsocket_address *client, + struct dfs_GetDFSReferral *r, + const char *domain_name, + const char *dfs_name) +{ + const char *site_name = NULL; /* Name of the site where the client is */ + bool need_fqdn = false; + unsigned int i, c = 0, nb_entries = 0; + struct dc_set **set; + char *client_str = NULL; + NTSTATUS status; + struct dfs_referral_type *referrals; + + if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (r->in.req.max_referral_level < 3) { + DEBUG(2,("invalid max_referral_level %u\n", + r->in.req.max_referral_level)); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(10, ("in this we have request for %s and share %s requested is %s\n", + domain_name, dfs_name, r->in.req.servername)); + + if (strchr(domain_name,'.')) { + need_fqdn = 1; + } + + if (tsocket_address_is_inet(client, "ip")) { + client_str = tsocket_address_inet_addr_string(client, r); + if (client_str == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + + site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true); + + status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3,("Unable to get list of DCs - %s\n", + nt_errstr(status))); + return status; + } + + for(i=0; set[i]; i++) { + nb_entries = nb_entries + set[i]->count; + } + + r->out.resp = talloc_zero(r, struct dfs_referral_resp); + if (r->out.resp == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* The length is expected in bytes */ + r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2; + /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/ + r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR; + r->out.resp->nb_referrals = nb_entries; + + referrals = talloc_zero_array(r->out.resp, + struct dfs_referral_type, + r->out.resp->nb_referrals); + if (referrals == NULL) { + return NT_STATUS_NO_MEMORY; + } + r->out.resp->referral_entries = referrals; + + c = 0; + for(i=0; set[i]; i++) { + uint32_t j; + + for(j=0; j< set[i]->count; j++) { + struct dfs_referral_type *ref = &referrals[c]; + const char *referral_str; + + referral_str = talloc_asprintf(referrals, "\\%s\\%s", + set[i]->names[j], dfs_name); + if (referral_str == NULL) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(8,("Doing a dfs referral for %s with this value " + "%s requested %s\n", + set[i]->names[j], referral_str, + r->in.req.servername)); + + status = fill_normal_dfs_referraltype(referrals, ref, + r->in.req.max_referral_level, + r->in.req.servername, + referral_str, c==0); + + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("%s: Unable to fill domain referral " + "structure - %s\n", + __location__, nt_errstr(status))); + return status; + } + + c++; + } + } + + return NT_STATUS_OK; +} + +/* + trans2 getdfsreferral implementation +*/ +NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx, + struct ldb_context *sam_ctx, + const struct tsocket_address *client, + struct dfs_GetDFSReferral *r) +{ + char *server_name = NULL; + char *dfs_name = NULL; + char *link_path = NULL; + const char *netbios_domain; + const char *dns_domain; + const char *netbios_name; + const char *dns_name; + const char **netbios_aliases; + char path_separator; + + if (!lpcfg_host_msdfs(lp_ctx)) { + return NT_STATUS_FS_DRIVER_REQUIRED; + } + + if (r->in.req.servername == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + + DEBUG(8, ("Requested DFS name: %s length: %u\n", + r->in.req.servername, + (unsigned int)strlen_m(r->in.req.servername)*2)); + + /* + * If the servername is "" then we are in a case of domain dfs + * and the client just searches for the list of local domain + * it is attached and also trusted ones. + */ + if (strlen(r->in.req.servername) == 0) { + return dodomain_referral(lp_ctx, sam_ctx, client, r); + } + + server_name = talloc_strdup(r, r->in.req.servername); + if (server_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + + path_separator = (*server_name == '/') ? '/' : '\\'; + + while(*server_name && *server_name == path_separator) { + server_name++; + } + + dfs_name = strchr_m(server_name, path_separator); + if (dfs_name != NULL) { + dfs_name[0] = '\0'; + dfs_name++; + + link_path = strchr_m(dfs_name, path_separator); + if (link_path != NULL) { + link_path[0] = '\0'; + link_path++; + } + } + + if (link_path != NULL) { + /* + * If it is a DFS Link we do not + * handle it here. + */ + return NT_STATUS_NOT_FOUND; + } + + netbios_domain = lpcfg_workgroup(lp_ctx); + dns_domain = lpcfg_dnsdomain(lp_ctx); + netbios_name = lpcfg_netbios_name(lp_ctx); + dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain); + if (dns_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if ((strcasecmp_m(server_name, netbios_name) == 0) || + (strcasecmp_m(server_name, dns_name) == 0)) { + /* + * If it is not domain related do not + * handle it here. + */ + return NT_STATUS_NOT_FOUND; + } + + if (is_ipaddress(server_name)) { + /* + * If it is not domain related do not + * handle it here. + */ + return NT_STATUS_NOT_FOUND; + } + + netbios_aliases = lpcfg_netbios_aliases(lp_ctx); + while (netbios_aliases && *netbios_aliases) { + const char *netbios_alias = *netbios_aliases; + char *dns_alias; + int cmp; + + cmp = strcasecmp_m(server_name, netbios_alias); + if (cmp == 0) { + /* + * If it is not domain related do not + * handle it here. + */ + return NT_STATUS_NOT_FOUND; + } + + dns_alias = talloc_asprintf(r, "%s.%s", + netbios_alias, + dns_domain); + if (dns_alias == NULL) { + return NT_STATUS_NO_MEMORY; + } + + cmp = strcasecmp_m(server_name, dns_alias); + talloc_free(dns_alias); + if (cmp == 0) { + /* + * If it is not domain related do not + * handle it here. + */ + return NT_STATUS_NOT_FOUND; + } + netbios_aliases++; + } + + if ((strcasecmp_m(server_name, netbios_domain) != 0) && + (strcasecmp_m(server_name, dns_domain) != 0)) { + /* + * Not a domain we handle. + */ + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * Here we have filtered the thing the requested name don't contain our DNS name. + * So if the share == NULL or if share in ("sysvol", "netlogon") + * then we proceed. In the first case it will be a dc refereal in the second it will + * be just a sysvol/netlogon referral. + */ + if (dfs_name == NULL) { + return dodc_referral(lp_ctx, sam_ctx, + client, r, server_name); + } + + /* + * Here we have filtered the thing the requested name don't contain our DNS name. + * So if the share == NULL or if share in ("sysvol", "netlogon") + * then we proceed. In the first case it will be a dc refereal in the second it will + * be just a sysvol/netlogon referral. + */ + if (strcasecmp(dfs_name, "sysvol") == 0 || + strcasecmp(dfs_name, "netlogon") == 0) { + return dosysvol_referral(lp_ctx, sam_ctx, client, r, + server_name, dfs_name); + } + + /* By default until all the case are handled */ + return NT_STATUS_NOT_FOUND; +} |