Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Copyright Matthieu Patou <mat@matws.net> 2010-2011
5 : Copyright Stefan Metzmacher 2011
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "librpc/gen_ndr/dfsblobs.h"
23 : #include "librpc/gen_ndr/ndr_dfsblobs.h"
24 : #include "dsdb/samdb/samdb.h"
25 : #include "auth/session.h"
26 : #include "param/param.h"
27 : #include "lib/tsocket/tsocket.h"
28 : #include "dfs_server/dfs_server_ad.h"
29 : #include "lib/util/util_net.h"
30 : #include "libds/common/roles.h"
31 :
32 : #define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
33 :
34 : #undef strcasecmp
35 :
36 : /* A DC set is a group of DC, they might have been grouped together
37 : because they belong to the same site, or to site with same cost ...
38 : */
39 : struct dc_set {
40 : const char **names;
41 : uint32_t count;
42 : };
43 :
44 24 : static void shuffle_dc_set(struct dc_set *list)
45 : {
46 0 : uint32_t i;
47 :
48 24 : for (i = list->count; i > 1; i--) {
49 0 : uint32_t r;
50 0 : const char *tmp;
51 :
52 0 : r = generate_random() % i;
53 :
54 0 : tmp = list->names[i - 1];
55 0 : list->names[i - 1] = list->names[r];
56 0 : list->names[r] = tmp;
57 : }
58 24 : }
59 :
60 : /*
61 : fill a referral type structure
62 : */
63 6 : static NTSTATUS fill_normal_dfs_referraltype(TALLOC_CTX *mem_ctx,
64 : struct dfs_referral_type *ref,
65 : uint16_t version,
66 : const char *dfs_path,
67 : const char *server_path, int isfirstoffset)
68 : {
69 6 : ZERO_STRUCTP(ref);
70 6 : switch (version) {
71 3 : case 4:
72 3 : ref->version = version;
73 : /* For the moment there is a bug with XP that doesn't
74 : * seem to appreciate much level4 so we return just
75 : * level 3 for everyone
76 : */
77 3 : ref->referral.v4.server_type = DFS_SERVER_NON_ROOT;
78 : /* "normal" referral seems to always include the GUID */
79 3 : ref->referral.v4.size = 34;
80 :
81 3 : if (isfirstoffset) {
82 3 : ref->referral.v4.entry_flags = DFS_HEADER_FLAG_TARGET_BCK;
83 : }
84 3 : ref->referral.v4.ttl = 900; /* As w2k8r2 */
85 3 : ref->referral.v4.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
86 3 : if (ref->referral.v4.referrals.r1.DFS_path == NULL) {
87 0 : return NT_STATUS_NO_MEMORY;
88 : }
89 3 : ref->referral.v4.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
90 3 : if (ref->referral.v4.referrals.r1.DFS_alt_path == NULL) {
91 0 : return NT_STATUS_NO_MEMORY;
92 : }
93 3 : ref->referral.v4.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
94 3 : if (ref->referral.v4.referrals.r1.netw_address == NULL) {
95 0 : return NT_STATUS_NO_MEMORY;
96 : }
97 3 : return NT_STATUS_OK;
98 3 : case 3:
99 3 : ref->version = version;
100 3 : ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
101 : /* "normal" referral seems to always include the GUID */
102 3 : ref->referral.v3.size = 34;
103 :
104 3 : ref->referral.v3.entry_flags = 0;
105 3 : ref->referral.v3.ttl = 600; /* As w2k3 */
106 3 : ref->referral.v3.referrals.r1.DFS_path = talloc_strdup(mem_ctx, dfs_path);
107 3 : if (ref->referral.v3.referrals.r1.DFS_path == NULL) {
108 0 : return NT_STATUS_NO_MEMORY;
109 : }
110 3 : ref->referral.v3.referrals.r1.DFS_alt_path = talloc_strdup(mem_ctx, dfs_path);
111 3 : if (ref->referral.v3.referrals.r1.DFS_alt_path == NULL) {
112 0 : return NT_STATUS_NO_MEMORY;
113 : }
114 3 : ref->referral.v3.referrals.r1.netw_address = talloc_strdup(mem_ctx, server_path);
115 3 : if (ref->referral.v3.referrals.r1.netw_address == NULL) {
116 0 : return NT_STATUS_NO_MEMORY;
117 : }
118 3 : return NT_STATUS_OK;
119 : }
120 0 : return NT_STATUS_INVALID_LEVEL;
121 : }
122 :
123 : /*
124 : fill a domain refererral
125 : */
126 54 : static NTSTATUS fill_domain_dfs_referraltype(TALLOC_CTX *mem_ctx,
127 : struct dfs_referral_type *ref,
128 : uint16_t version,
129 : const char *domain,
130 : const char **names,
131 : uint16_t numnames)
132 : {
133 54 : switch (version) {
134 54 : case 3:
135 54 : ZERO_STRUCTP(ref);
136 54 : DEBUG(8, ("Called fill_domain_dfs_referraltype\n"));
137 54 : ref->version = version;
138 54 : ref->referral.v3.server_type = DFS_SERVER_NON_ROOT;
139 : #if 0
140 : /* We use to have variable size, on Windows 2008R2 it's the same
141 : * and it seems that it gives better results so ... let's use the same
142 : * size.
143 : *
144 : * Additional note: XP SP2 will ask for version 3 and SP3 for version 4.
145 : */
146 : /*
147 : * It's hard coded ... don't think it's a good way but the
148 : * sizeof return not the correct values
149 : *
150 : * We have 18 if the GUID is not included 34 otherwise
151 : */
152 : if (numnames == 0) {
153 : /* Windows return without the guid when returning domain list
154 : */
155 : ref->referral.v3.size = 18;
156 : } else {
157 : ref->referral.v3.size = 34;
158 : }
159 : #endif
160 : /* As seen in w2k8r2 it always return the null GUID */
161 54 : ref->referral.v3.size = 34;
162 54 : ref->referral.v3.entry_flags = DFS_FLAG_REFERRAL_DOMAIN_RESP;
163 54 : ref->referral.v3.ttl = 600; /* As w2k3 and w2k8r2*/
164 54 : ref->referral.v3.referrals.r2.special_name = talloc_strdup(mem_ctx,
165 : domain);
166 54 : if (ref->referral.v3.referrals.r2.special_name == NULL) {
167 0 : return NT_STATUS_NO_MEMORY;
168 : }
169 54 : ref->referral.v3.referrals.r2.nb_expanded_names = numnames;
170 : /* Put the final terminator */
171 54 : if (names) {
172 0 : int i;
173 18 : const char **names2 = talloc_array(mem_ctx, const char *,
174 : numnames+1);
175 18 : NT_STATUS_HAVE_NO_MEMORY(names2);
176 36 : for (i = 0; i<numnames; i++) {
177 18 : names2[i] = talloc_asprintf(names2, "\\%s", names[i]);
178 18 : NT_STATUS_HAVE_NO_MEMORY(names2[i]);
179 : }
180 18 : names2[numnames] = NULL;
181 18 : ref->referral.v3.referrals.r2.expanded_names = names2;
182 : }
183 54 : return NT_STATUS_OK;
184 : }
185 0 : return NT_STATUS_INVALID_LEVEL;
186 : }
187 :
188 : /*
189 : get the DCs list within a site
190 : */
191 24 : static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
192 : struct ldb_dn *sitedn, struct dc_set *list,
193 : bool dofqdn)
194 : {
195 0 : static const char *attrs[] = { "serverReference", NULL };
196 0 : static const char *attrs2[] = { "dNSHostName", "sAMAccountName", NULL };
197 0 : struct ldb_result *r;
198 0 : unsigned int i;
199 0 : int ret;
200 0 : const char **dc_list;
201 :
202 24 : ret = ldb_search(ldb, ctx, &r, sitedn, LDB_SCOPE_SUBTREE, attrs,
203 : "(&(objectClass=server)(serverReference=*))");
204 24 : if (ret != LDB_SUCCESS) {
205 0 : DEBUG(2,(__location__ ": Failed to get list of servers - %s\n",
206 : ldb_errstring(ldb)));
207 0 : return NT_STATUS_INTERNAL_ERROR;
208 : }
209 :
210 24 : if (r->count == 0) {
211 : /* none in this site */
212 0 : talloc_free(r);
213 0 : return NT_STATUS_OK;
214 : }
215 :
216 : /*
217 : * need to search for all server object to know the size of the array.
218 : * Search all the object of class server in this site
219 : */
220 24 : dc_list = talloc_array(r, const char *, r->count);
221 24 : if (dc_list == NULL) {
222 0 : TALLOC_FREE(r);
223 0 : return NT_STATUS_NO_MEMORY;
224 : }
225 :
226 : /* TODO put some random here in the order */
227 24 : list->names = talloc_realloc(list, list->names, const char *, list->count + r->count);
228 24 : if (list->names == NULL) {
229 0 : TALLOC_FREE(r);
230 0 : return NT_STATUS_NO_MEMORY;
231 : }
232 :
233 48 : for (i = 0; i<r->count; i++) {
234 0 : struct ldb_dn *dn;
235 0 : struct ldb_message *msg;
236 :
237 24 : dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
238 24 : if (!dn) {
239 0 : return NT_STATUS_INTERNAL_ERROR;
240 : }
241 :
242 24 : ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
243 24 : if (ret != LDB_SUCCESS) {
244 0 : DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
245 : ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
246 0 : return NT_STATUS_INTERNAL_ERROR;
247 : }
248 :
249 24 : if (dofqdn) {
250 15 : const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
251 15 : if (dns == NULL) {
252 0 : DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
253 : ldb_dn_get_linearized(dn)));
254 0 : talloc_free(r);
255 0 : return NT_STATUS_INTERNAL_ERROR;
256 : }
257 :
258 15 : list->names[list->count] = talloc_strdup(list->names, dns);
259 15 : if (list->names[list->count] == NULL) {
260 0 : TALLOC_FREE(r);
261 0 : return NT_STATUS_NO_MEMORY;
262 : }
263 : } else {
264 0 : char *tmp;
265 9 : const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
266 9 : if (aname == NULL) {
267 0 : DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
268 : ldb_dn_get_linearized(dn)));
269 0 : talloc_free(r);
270 0 : return NT_STATUS_INTERNAL_ERROR;
271 : }
272 :
273 9 : tmp = talloc_strdup(list->names, aname);
274 9 : if (tmp == NULL) {
275 0 : TALLOC_FREE(r);
276 0 : return NT_STATUS_NO_MEMORY;
277 : }
278 :
279 : /* Netbios name is also the sAMAccountName for
280 : computer but without the final $ */
281 9 : tmp[strlen(tmp) - 1] = '\0';
282 9 : list->names[list->count] = tmp;
283 : }
284 24 : list->count++;
285 24 : talloc_free(msg);
286 : }
287 :
288 24 : shuffle_dc_set(list);
289 :
290 24 : talloc_free(r);
291 24 : return NT_STATUS_OK;
292 : }
293 :
294 :
295 : /*
296 : get all DCs
297 : */
298 24 : static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
299 : const char *searched_site, bool need_fqdn,
300 : struct dc_set ***pset_list, uint32_t flags)
301 : {
302 : /*
303 : * Flags will be used later to indicate things like least-expensive
304 : * or same-site options
305 : */
306 24 : const char *attrs_none[] = { NULL };
307 24 : const char *attrs3[] = { "name", NULL };
308 0 : struct ldb_dn *configdn, *sitedn, *dn, *sitescontainerdn;
309 0 : struct ldb_result *r;
310 24 : struct dc_set **set_list = NULL;
311 0 : uint32_t i;
312 0 : int ret;
313 24 : uint32_t current_pos = 0;
314 0 : NTSTATUS status;
315 0 : TALLOC_CTX *subctx;
316 :
317 24 : *pset_list = set_list = NULL;
318 :
319 24 : subctx = talloc_new(ctx);
320 24 : NT_STATUS_HAVE_NO_MEMORY(subctx);
321 :
322 24 : configdn = ldb_get_config_basedn(ldb);
323 :
324 : /* Let's search for the Site container */
325 24 : ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs_none,
326 : "(objectClass=sitesContainer)");
327 24 : if (ret != LDB_SUCCESS) {
328 0 : DEBUG(2,(__location__ ": Failed to find sitesContainer within %s - %s\n",
329 : ldb_dn_get_linearized(configdn), ldb_errstring(ldb)));
330 0 : talloc_free(subctx);
331 0 : return NT_STATUS_INTERNAL_ERROR;
332 : }
333 24 : if (r->count > 1) {
334 0 : DEBUG(2,(__location__ ": Expected 1 sitesContainer - found %u within %s\n",
335 : r->count, ldb_dn_get_linearized(configdn)));
336 0 : talloc_free(subctx);
337 0 : return NT_STATUS_INTERNAL_ERROR;
338 : }
339 :
340 24 : sitescontainerdn = talloc_steal(subctx, r->msgs[0]->dn);
341 24 : talloc_free(r);
342 :
343 : /*
344 : * TODO: Here we should have a more subtle handling
345 : * for the case "same-site"
346 : */
347 24 : ret = ldb_search(ldb, subctx, &r, sitescontainerdn, LDB_SCOPE_SUBTREE,
348 : attrs_none, "(objectClass=server)");
349 24 : if (ret != LDB_SUCCESS) {
350 0 : DEBUG(2,(__location__ ": Failed to find servers within %s - %s\n",
351 : ldb_dn_get_linearized(sitescontainerdn), ldb_errstring(ldb)));
352 0 : talloc_free(subctx);
353 0 : return NT_STATUS_INTERNAL_ERROR;
354 : }
355 24 : talloc_free(r);
356 :
357 24 : if (searched_site != NULL && searched_site[0] != '\0') {
358 24 : ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE,
359 : attrs_none, "(&(name=%s)(objectClass=site))", searched_site);
360 24 : if (ret != LDB_SUCCESS) {
361 0 : talloc_free(subctx);
362 0 : return NT_STATUS_FOOBAR;
363 24 : } else if (r->count != 1) {
364 0 : talloc_free(subctx);
365 0 : return NT_STATUS_FOOBAR;
366 : }
367 :
368 : /* All of this was to get the DN of the searched_site */
369 24 : sitedn = r->msgs[0]->dn;
370 :
371 : /*
372 : * We will realloc + 2 because we will need one additional place
373 : * for element at current_pos + 1 for the NULL element
374 : */
375 24 : set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2);
376 24 : if (set_list == NULL) {
377 0 : TALLOC_FREE(subctx);
378 0 : return NT_STATUS_NO_MEMORY;
379 : }
380 :
381 24 : set_list[current_pos] = talloc(set_list, struct dc_set);
382 24 : if (set_list[current_pos] == NULL) {
383 0 : TALLOC_FREE(subctx);
384 0 : return NT_STATUS_NO_MEMORY;
385 : }
386 :
387 24 : set_list[current_pos]->names = NULL;
388 24 : set_list[current_pos]->count = 0;
389 :
390 24 : set_list[current_pos+1] = NULL;
391 :
392 24 : status = get_dcs_insite(subctx, ldb, sitedn,
393 24 : set_list[current_pos], need_fqdn);
394 24 : if (!NT_STATUS_IS_OK(status)) {
395 0 : DEBUG(2,(__location__ ": Failed to get DC from site %s - %s\n",
396 : ldb_dn_get_linearized(sitedn), nt_errstr(status)));
397 0 : talloc_free(subctx);
398 0 : return status;
399 : }
400 24 : talloc_free(r);
401 24 : current_pos++;
402 : }
403 :
404 : /* Let's find all the sites */
405 24 : ret = ldb_search(ldb, subctx, &r, configdn, LDB_SCOPE_SUBTREE, attrs3, "(objectClass=site)");
406 24 : if (ret != LDB_SUCCESS) {
407 0 : DEBUG(2,(__location__ ": Failed to find any site containers in %s\n",
408 : ldb_dn_get_linearized(configdn)));
409 0 : talloc_free(subctx);
410 0 : return NT_STATUS_INTERNAL_DB_CORRUPTION;
411 : }
412 :
413 : /*
414 : * TODO:
415 : * We should randomize the order in the main site,
416 : * it's mostly needed for sysvol/netlogon referral.
417 : * Depending of flag we either randomize order of the
418 : * not "in the same site DCs"
419 : * or we randomize by group of site that have the same cost
420 : * In the long run we want to manipulate an array of site_set
421 : * All the site in one set have the same cost (if least-expansive options is selected)
422 : * and we will put all the dc related to 1 site set into 1 DCs set.
423 : * Within a site set, site order has to be randomized
424 : *
425 : * But for the moment we just return the list of sites
426 : */
427 24 : if (r->count) {
428 : /*
429 : * We will realloc + 2 because we will need one additional place
430 : * for element at current_pos + 1 for the NULL element
431 : */
432 24 : set_list = talloc_realloc(subctx, set_list, struct dc_set *,
433 : current_pos+2);
434 24 : if (set_list == NULL) {
435 0 : TALLOC_FREE(subctx);
436 0 : return NT_STATUS_NO_MEMORY;
437 : }
438 :
439 24 : set_list[current_pos] = talloc(ctx, struct dc_set);
440 24 : if (set_list[current_pos] == NULL) {
441 0 : TALLOC_FREE(subctx);
442 0 : return NT_STATUS_NO_MEMORY;
443 : }
444 :
445 24 : set_list[current_pos]->names = NULL;
446 24 : set_list[current_pos]->count = 0;
447 :
448 24 : set_list[current_pos+1] = NULL;
449 : }
450 :
451 48 : for (i=0; i<r->count; i++) {
452 24 : const char *site_name = ldb_msg_find_attr_as_string(r->msgs[i], "name", NULL);
453 24 : if (site_name == NULL) {
454 0 : DEBUG(2,(__location__ ": Failed to find name attribute in %s\n",
455 : ldb_dn_get_linearized(r->msgs[i]->dn)));
456 0 : talloc_free(subctx);
457 0 : return NT_STATUS_INTERNAL_DB_CORRUPTION;
458 : }
459 :
460 24 : if (searched_site == NULL ||
461 24 : strcmp(searched_site, site_name) != 0) {
462 0 : DEBUG(2,
463 : (__location__ ": Site: %s %s\n",
464 : searched_site != NULL ? searched_site
465 : : "UNKNOWN",
466 : site_name));
467 :
468 : /*
469 : * Do all the site but the one of the client
470 : * (because it has already been done ...)
471 : */
472 0 : dn = r->msgs[i]->dn;
473 :
474 0 : status = get_dcs_insite(subctx, ldb, dn,
475 0 : set_list[current_pos],
476 : need_fqdn);
477 0 : if (!NT_STATUS_IS_OK(status)) {
478 0 : talloc_free(subctx);
479 0 : return status;
480 : }
481 : }
482 : }
483 :
484 24 : *pset_list = talloc_move(ctx, &set_list);
485 24 : talloc_free(subctx);
486 24 : return NT_STATUS_OK;
487 : }
488 :
489 21 : static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
490 : struct ldb_context *sam_ctx,
491 : const struct tsocket_address *client,
492 : struct dfs_GetDFSReferral *r)
493 : {
494 : /*
495 : * TODO for the moment we just return the local domain
496 : */
497 0 : NTSTATUS status;
498 21 : const char *dns_domain = lpcfg_dnsdomain(lp_ctx);
499 21 : const char *netbios_domain = lpcfg_workgroup(lp_ctx);
500 0 : struct dfs_referral_type *referrals;
501 0 : const char *referral_str;
502 : /* In the future this needs to be fetched from the ldb */
503 21 : uint32_t found_domain = 2;
504 :
505 21 : if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
506 0 : DEBUG(10 ,("Received a domain referral request on a non DC\n"));
507 0 : return NT_STATUS_INVALID_PARAMETER;
508 : }
509 :
510 21 : if (r->in.req.max_referral_level < 3) {
511 3 : DEBUG(2,("invalid max_referral_level %u\n",
512 : r->in.req.max_referral_level));
513 3 : return NT_STATUS_UNSUCCESSFUL;
514 : }
515 :
516 18 : r->out.resp = talloc_zero(r, struct dfs_referral_resp);
517 18 : if (r->out.resp == NULL) {
518 0 : return NT_STATUS_NO_MEMORY;
519 : }
520 :
521 18 : r->out.resp->path_consumed = 0;
522 18 : r->out.resp->header_flags = 0; /* Do like w2k3 */
523 18 : r->out.resp->nb_referrals = found_domain; /* the fqdn one + the NT domain */
524 :
525 18 : referrals = talloc_zero_array(r->out.resp,
526 : struct dfs_referral_type,
527 : r->out.resp->nb_referrals);
528 18 : if (referrals == NULL) {
529 0 : return NT_STATUS_NO_MEMORY;
530 : }
531 18 : r->out.resp->referral_entries = referrals;
532 :
533 18 : referral_str = talloc_asprintf(r, "\\%s", netbios_domain);
534 18 : if (referral_str == NULL) {
535 0 : return NT_STATUS_NO_MEMORY;
536 : }
537 :
538 18 : status = fill_domain_dfs_referraltype(referrals,
539 : &referrals[0], 3,
540 : referral_str,
541 : NULL, 0);
542 18 : if (!NT_STATUS_IS_OK(status)) {
543 0 : DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
544 : __location__, nt_errstr(status)));
545 0 : return status;
546 : }
547 :
548 18 : referral_str = talloc_asprintf(r, "\\%s", dns_domain);
549 18 : if (referral_str == NULL) {
550 0 : return NT_STATUS_NO_MEMORY;
551 : }
552 :
553 18 : status = fill_domain_dfs_referraltype(referrals,
554 : &referrals[1], 3,
555 : referral_str,
556 : NULL, 0);
557 18 : if (!NT_STATUS_IS_OK(status)) {
558 0 : DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
559 : __location__, nt_errstr(status)));
560 0 : return status;
561 : }
562 :
563 18 : return NT_STATUS_OK;
564 : }
565 :
566 : /*
567 : * Handle the logic for dfs referral request like
568 : * \\dns_domain or \\netbios_domain.
569 : */
570 18 : static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
571 : struct ldb_context *sam_ctx,
572 : const struct tsocket_address *client,
573 : struct dfs_GetDFSReferral *r,
574 : const char *domain_name)
575 : {
576 0 : NTSTATUS status;
577 18 : const char *site_name = NULL; /* Name of the site where the client is */
578 18 : bool need_fqdn = false;
579 0 : unsigned int i;
580 18 : const char **dc_list = NULL;
581 18 : uint32_t num_dcs = 0;
582 0 : struct dc_set **set;
583 18 : char *client_str = NULL;
584 0 : struct dfs_referral_type *referrals;
585 0 : const char *referral_str;
586 :
587 18 : if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
588 0 : return NT_STATUS_INVALID_PARAMETER;
589 : }
590 :
591 18 : if (r->in.req.max_referral_level < 3) {
592 0 : DEBUG(2,("invalid max_referral_level %u\n",
593 : r->in.req.max_referral_level));
594 0 : return NT_STATUS_UNSUCCESSFUL;
595 : }
596 :
597 18 : DEBUG(10, ("in this we have request for %s requested is %s\n",
598 : domain_name, r->in.req.servername));
599 :
600 18 : if (strchr(domain_name,'.')) {
601 9 : need_fqdn = 1;
602 : }
603 :
604 18 : if (tsocket_address_is_inet(client, "ip")) {
605 18 : client_str = tsocket_address_inet_addr_string(client, r);
606 18 : if (client_str == NULL) {
607 0 : return NT_STATUS_NO_MEMORY;
608 : }
609 : }
610 :
611 18 : site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true);
612 :
613 18 : status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
614 18 : if (!NT_STATUS_IS_OK(status)) {
615 0 : DEBUG(3,("Unable to get list of DCs - %s\n",
616 : nt_errstr(status)));
617 0 : return status;
618 : }
619 :
620 54 : for(i=0; set[i]; i++) {
621 0 : uint32_t j;
622 :
623 36 : dc_list = talloc_realloc(r, dc_list, const char*,
624 : num_dcs + set[i]->count + 1);
625 36 : if (dc_list == NULL) {
626 0 : return NT_STATUS_NO_MEMORY;
627 : }
628 :
629 54 : for(j=0; j<set[i]->count; j++) {
630 18 : dc_list[num_dcs + j] = talloc_move(dc_list,
631 : &set[i]->names[j]);
632 : }
633 36 : num_dcs = num_dcs + set[i]->count;
634 36 : TALLOC_FREE(set[i]);
635 36 : dc_list[num_dcs] = NULL;
636 : }
637 :
638 18 : r->out.resp = talloc_zero(r, struct dfs_referral_resp);
639 18 : if (r->out.resp == NULL) {
640 0 : return NT_STATUS_NO_MEMORY;
641 : }
642 :
643 18 : r->out.resp->path_consumed = 0;
644 18 : r->out.resp->header_flags = 0; /* Do like w2k3 */
645 18 : r->out.resp->nb_referrals = 1;
646 :
647 18 : referrals = talloc_zero_array(r->out.resp,
648 : struct dfs_referral_type,
649 : r->out.resp->nb_referrals);
650 18 : if (referrals == NULL) {
651 0 : return NT_STATUS_NO_MEMORY;
652 : }
653 18 : r->out.resp->referral_entries = referrals;
654 :
655 18 : if (r->in.req.servername[0] == '\\') {
656 12 : referral_str = talloc_asprintf(referrals, "%s",
657 : domain_name);
658 : } else {
659 6 : referral_str = talloc_asprintf(referrals, "\\%s",
660 : domain_name);
661 : }
662 18 : if (referral_str == NULL) {
663 0 : return NT_STATUS_NO_MEMORY;
664 : }
665 :
666 18 : status = fill_domain_dfs_referraltype(referrals,
667 : &referrals[0], 3,
668 : referral_str,
669 : dc_list, num_dcs);
670 18 : if (!NT_STATUS_IS_OK(status)) {
671 0 : DEBUG(2,("%s: Unable to fill domain referral structure - %s\n",
672 : __location__, nt_errstr(status)));
673 0 : return status;
674 : }
675 :
676 18 : return NT_STATUS_OK;
677 : }
678 :
679 : /*
680 : * Handle the logic for dfs referral request like
681 : * \\domain\sysvol or \\domain\netlogon
682 : */
683 6 : static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
684 : struct ldb_context *sam_ctx,
685 : const struct tsocket_address *client,
686 : struct dfs_GetDFSReferral *r,
687 : const char *domain_name,
688 : const char *dfs_name)
689 : {
690 6 : const char *site_name = NULL; /* Name of the site where the client is */
691 6 : bool need_fqdn = false;
692 6 : unsigned int i, c = 0, nb_entries = 0;
693 0 : struct dc_set **set;
694 6 : char *client_str = NULL;
695 0 : NTSTATUS status;
696 0 : struct dfs_referral_type *referrals;
697 :
698 6 : if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
699 0 : return NT_STATUS_INVALID_PARAMETER;
700 : }
701 :
702 6 : if (r->in.req.max_referral_level < 3) {
703 0 : DEBUG(2,("invalid max_referral_level %u\n",
704 : r->in.req.max_referral_level));
705 0 : return NT_STATUS_UNSUCCESSFUL;
706 : }
707 :
708 6 : DEBUG(10, ("in this we have request for %s and share %s requested is %s\n",
709 : domain_name, dfs_name, r->in.req.servername));
710 :
711 6 : if (strchr(domain_name,'.')) {
712 6 : need_fqdn = 1;
713 : }
714 :
715 6 : if (tsocket_address_is_inet(client, "ip")) {
716 6 : client_str = tsocket_address_inet_addr_string(client, r);
717 6 : if (client_str == NULL) {
718 0 : return NT_STATUS_NO_MEMORY;
719 : }
720 : }
721 :
722 6 : site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true);
723 :
724 6 : status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0);
725 6 : if (!NT_STATUS_IS_OK(status)) {
726 0 : DEBUG(3,("Unable to get list of DCs - %s\n",
727 : nt_errstr(status)));
728 0 : return status;
729 : }
730 :
731 18 : for(i=0; set[i]; i++) {
732 12 : nb_entries = nb_entries + set[i]->count;
733 : }
734 :
735 6 : r->out.resp = talloc_zero(r, struct dfs_referral_resp);
736 6 : if (r->out.resp == NULL) {
737 0 : return NT_STATUS_NO_MEMORY;
738 : }
739 :
740 : /* The length is expected in bytes */
741 6 : r->out.resp->path_consumed = strlen_m(r->in.req.servername) * 2;
742 : /* Do like w2k3 and like in 3.3.5.3 of MS-DFSC*/
743 6 : r->out.resp->header_flags = DFS_HEADER_FLAG_STORAGE_SVR;
744 6 : r->out.resp->nb_referrals = nb_entries;
745 :
746 6 : referrals = talloc_zero_array(r->out.resp,
747 : struct dfs_referral_type,
748 : r->out.resp->nb_referrals);
749 6 : if (referrals == NULL) {
750 0 : return NT_STATUS_NO_MEMORY;
751 : }
752 6 : r->out.resp->referral_entries = referrals;
753 :
754 6 : c = 0;
755 18 : for(i=0; set[i]; i++) {
756 : uint32_t j;
757 :
758 18 : for(j=0; j< set[i]->count; j++) {
759 6 : struct dfs_referral_type *ref = &referrals[c];
760 0 : const char *referral_str;
761 :
762 6 : referral_str = talloc_asprintf(referrals, "\\%s\\%s",
763 6 : set[i]->names[j], dfs_name);
764 6 : if (referral_str == NULL) {
765 0 : return NT_STATUS_NO_MEMORY;
766 : }
767 :
768 6 : DEBUG(8,("Doing a dfs referral for %s with this value "
769 : "%s requested %s\n",
770 : set[i]->names[j], referral_str,
771 : r->in.req.servername));
772 :
773 6 : status = fill_normal_dfs_referraltype(referrals, ref,
774 6 : r->in.req.max_referral_level,
775 : r->in.req.servername,
776 : referral_str, c==0);
777 :
778 :
779 6 : if (!NT_STATUS_IS_OK(status)) {
780 0 : DEBUG(2,("%s: Unable to fill domain referral "
781 : "structure - %s\n",
782 : __location__, nt_errstr(status)));
783 0 : return status;
784 : }
785 :
786 6 : c++;
787 : }
788 : }
789 :
790 6 : return NT_STATUS_OK;
791 : }
792 :
793 : /*
794 : trans2 getdfsreferral implementation
795 : */
796 394 : NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx,
797 : struct ldb_context *sam_ctx,
798 : const struct tsocket_address *client,
799 : struct dfs_GetDFSReferral *r)
800 : {
801 394 : char *server_name = NULL;
802 394 : char *dfs_name = NULL;
803 394 : char *link_path = NULL;
804 0 : const char *netbios_domain;
805 0 : const char *dns_domain;
806 0 : const char *netbios_name;
807 0 : const char *dns_name;
808 0 : const char **netbios_aliases;
809 0 : char path_separator;
810 :
811 394 : if (!lpcfg_host_msdfs(lp_ctx)) {
812 0 : return NT_STATUS_FS_DRIVER_REQUIRED;
813 : }
814 :
815 394 : if (r->in.req.servername == NULL) {
816 0 : return NT_STATUS_INVALID_PARAMETER;
817 : }
818 :
819 394 : DEBUG(8, ("Requested DFS name: %s length: %u\n",
820 : r->in.req.servername,
821 : (unsigned int)strlen_m(r->in.req.servername)*2));
822 :
823 : /*
824 : * If the servername is "" then we are in a case of domain dfs
825 : * and the client just searches for the list of local domain
826 : * it is attached and also trusted ones.
827 : */
828 394 : if (strlen(r->in.req.servername) == 0) {
829 21 : return dodomain_referral(lp_ctx, sam_ctx, client, r);
830 : }
831 :
832 373 : server_name = talloc_strdup(r, r->in.req.servername);
833 373 : if (server_name == NULL) {
834 0 : return NT_STATUS_NO_MEMORY;
835 : }
836 :
837 373 : path_separator = (*server_name == '/') ? '/' : '\\';
838 :
839 734 : while(*server_name && *server_name == path_separator) {
840 361 : server_name++;
841 : }
842 :
843 373 : dfs_name = strchr_m(server_name, path_separator);
844 373 : if (dfs_name != NULL) {
845 352 : dfs_name[0] = '\0';
846 352 : dfs_name++;
847 :
848 352 : link_path = strchr_m(dfs_name, path_separator);
849 352 : if (link_path != NULL) {
850 3 : link_path[0] = '\0';
851 3 : link_path++;
852 : }
853 : }
854 :
855 373 : if (link_path != NULL) {
856 : /*
857 : * If it is a DFS Link we do not
858 : * handle it here.
859 : */
860 3 : return NT_STATUS_NOT_FOUND;
861 : }
862 :
863 370 : netbios_domain = lpcfg_workgroup(lp_ctx);
864 370 : dns_domain = lpcfg_dnsdomain(lp_ctx);
865 370 : netbios_name = lpcfg_netbios_name(lp_ctx);
866 370 : dns_name = talloc_asprintf(r, "%s.%s", netbios_name, dns_domain);
867 370 : if (dns_name == NULL) {
868 0 : return NT_STATUS_NO_MEMORY;
869 : }
870 :
871 500 : if ((strcasecmp_m(server_name, netbios_name) == 0) ||
872 130 : (strcasecmp_m(server_name, dns_name) == 0)) {
873 : /*
874 : * If it is not domain related do not
875 : * handle it here.
876 : */
877 289 : return NT_STATUS_NOT_FOUND;
878 : }
879 :
880 81 : if (is_ipaddress(server_name)) {
881 : /*
882 : * If it is not domain related do not
883 : * handle it here.
884 : */
885 54 : return NT_STATUS_NOT_FOUND;
886 : }
887 :
888 27 : netbios_aliases = lpcfg_netbios_aliases(lp_ctx);
889 36 : while (netbios_aliases && *netbios_aliases) {
890 9 : const char *netbios_alias = *netbios_aliases;
891 0 : char *dns_alias;
892 0 : int cmp;
893 :
894 9 : cmp = strcasecmp_m(server_name, netbios_alias);
895 9 : if (cmp == 0) {
896 : /*
897 : * If it is not domain related do not
898 : * handle it here.
899 : */
900 0 : return NT_STATUS_NOT_FOUND;
901 : }
902 :
903 9 : dns_alias = talloc_asprintf(r, "%s.%s",
904 : netbios_alias,
905 : dns_domain);
906 9 : if (dns_alias == NULL) {
907 0 : return NT_STATUS_NO_MEMORY;
908 : }
909 :
910 9 : cmp = strcasecmp_m(server_name, dns_alias);
911 9 : talloc_free(dns_alias);
912 9 : if (cmp == 0) {
913 : /*
914 : * If it is not domain related do not
915 : * handle it here.
916 : */
917 0 : return NT_STATUS_NOT_FOUND;
918 : }
919 9 : netbios_aliases++;
920 : }
921 :
922 45 : if ((strcasecmp_m(server_name, netbios_domain) != 0) &&
923 18 : (strcasecmp_m(server_name, dns_domain) != 0)) {
924 : /*
925 : * Not a domain we handle.
926 : */
927 3 : return NT_STATUS_INVALID_PARAMETER;
928 : }
929 :
930 : /*
931 : * Here we have filtered the thing the requested name don't contain our DNS name.
932 : * So if the share == NULL or if share in ("sysvol", "netlogon")
933 : * then we proceed. In the first case it will be a dc refereal in the second it will
934 : * be just a sysvol/netlogon referral.
935 : */
936 24 : if (dfs_name == NULL) {
937 18 : return dodc_referral(lp_ctx, sam_ctx,
938 : client, r, server_name);
939 : }
940 :
941 : /*
942 : * Here we have filtered the thing the requested name don't contain our DNS name.
943 : * So if the share == NULL or if share in ("sysvol", "netlogon")
944 : * then we proceed. In the first case it will be a dc refereal in the second it will
945 : * be just a sysvol/netlogon referral.
946 : */
947 6 : if (strcasecmp(dfs_name, "sysvol") == 0 ||
948 0 : strcasecmp(dfs_name, "netlogon") == 0) {
949 6 : return dosysvol_referral(lp_ctx, sam_ctx, client, r,
950 : server_name, dfs_name);
951 : }
952 :
953 : /* By default until all the case are handled */
954 0 : return NT_STATUS_NOT_FOUND;
955 : }
|
