search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove unneeded initializations (we already talloc_zero).
[Samba.git] / source3 / libsmb / async_smb.c
blob7e8adda5d44a1f0421ab35f1c291bdca3f02a3ad
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
28
29 /*
30 * Read an smb packet asynchronously, discard keepalives
31 */
32
33 struct read_smb_state {
34 struct tevent_context *ev;
35 int fd;
36 uint8_t *buf;
37 };
38
39 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data);
40 static void read_smb_done(struct tevent_req *subreq);
41
42 static struct tevent_req *read_smb_send(TALLOC_CTX *mem_ctx,
43 struct tevent_context *ev,
44 int fd)
45 {
46 struct tevent_req *result, *subreq;
47 struct read_smb_state *state;
48
49 result = tevent_req_create(mem_ctx, &state, struct read_smb_state);
50 if (result == NULL) {
51 return NULL;
52 }
53 state->ev = ev;
54 state->fd = fd;
55
56 subreq = read_packet_send(state, ev, fd, 4, read_smb_more, NULL);
57 if (subreq == NULL) {
58 goto fail;
59 }
60 tevent_req_set_callback(subreq, read_smb_done, result);
61 return result;
62 fail:
63 TALLOC_FREE(result);
64 return NULL;
65 }
66
67 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data)
68 {
69 if (buflen > 4) {
70 return 0; /* We've been here, we're done */
71 }
72 return smb_len_large(buf);
73 }
74
75 static void read_smb_done(struct tevent_req *subreq)
76 {
77 struct tevent_req *req = tevent_req_callback_data(
78 subreq, struct tevent_req);
79 struct read_smb_state *state = tevent_req_data(
80 req, struct read_smb_state);
81 ssize_t len;
82 int err;
83
84 len = read_packet_recv(subreq, state, &state->buf, &err);
85 TALLOC_FREE(subreq);
86 if (len == -1) {
87 tevent_req_error(req, err);
88 return;
89 }
90
91 if (CVAL(state->buf, 0) == SMBkeepalive) {
92 subreq = read_packet_send(state, state->ev, state->fd, 4,
93 read_smb_more, NULL);
94 if (tevent_req_nomem(subreq, req)) {
95 return;
96 }
97 tevent_req_set_callback(subreq, read_smb_done, req);
98 return;
99 }
100 tevent_req_done(req);
101 }
102
103 static ssize_t read_smb_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
104 uint8_t **pbuf, int *perrno)
105 {
106 struct read_smb_state *state = tevent_req_data(
107 req, struct read_smb_state);
108
109 if (tevent_req_is_unix_error(req, perrno)) {
110 return -1;
111 }
112 *pbuf = talloc_move(mem_ctx, &state->buf);
113 return talloc_get_size(*pbuf);
114 }
115
116 /**
117 * Fetch an error out of a NBT packet
118 * @param[in] buf The SMB packet
119 * @retval The error, converted to NTSTATUS
120 */
121
122 NTSTATUS cli_pull_error(char *buf)
123 {
124 uint32_t flags2 = SVAL(buf, smb_flg2);
125
126 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
127 return NT_STATUS(IVAL(buf, smb_rcls));
128 }
129
130 return dos_to_ntstatus(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
131 }
132
133 /**
134 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
135 * @param[in] cli The client connection that just received an error
136 * @param[in] status The error to set on "cli"
137 */
138
139 void cli_set_error(struct cli_state *cli, NTSTATUS status)
140 {
141 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
142
143 if (NT_STATUS_IS_DOS(status)) {
144 SSVAL(cli->inbuf, smb_flg2,
145 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
146 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
147 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
148 return;
149 }
150
151 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
152 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
153 return;
154 }
155
156 /**
157 * Figure out if there is an andx command behind the current one
158 * @param[in] buf The smb buffer to look at
159 * @param[in] ofs The offset to the wct field that is followed by the cmd
160 * @retval Is there a command following?
161 */
162
163 static bool have_andx_command(const char *buf, uint16_t ofs)
164 {
165 uint8_t wct;
166 size_t buflen = talloc_get_size(buf);
167
168 if ((ofs == buflen-1) || (ofs == buflen)) {
169 return false;
170 }
171
172 wct = CVAL(buf, ofs);
173 if (wct < 2) {
174 /*
175 * Not enough space for the command and a following pointer
176 */
177 return false;
178 }
179 return (CVAL(buf, ofs+1) != 0xff);
180 }
181
182 #define MAX_SMB_IOV 5
183
184 struct cli_smb_state {
185 struct tevent_context *ev;
186 struct cli_state *cli;
187 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
188
189 /*
190 * For normal requests, cli_smb_req_send chooses a mid. Secondary
191 * trans requests need to use the mid of the primary request, so we
192 * need a place to store it. Assume it's set if != 0.
193 */
194 uint16_t mid;
195
196 uint16_t *vwv;
197 uint8_t bytecount_buf[2];
198
199 struct iovec iov[MAX_SMB_IOV+3];
200 int iov_count;
201
202 uint8_t *inbuf;
203 uint32_t seqnum;
204 int chain_num;
205 int chain_length;
206 struct tevent_req **chained_requests;
207 };
208
209 static uint16_t cli_alloc_mid(struct cli_state *cli)
210 {
211 int num_pending = talloc_array_length(cli->pending);
212 uint16_t result;
213
214 while (true) {
215 int i;
216
217 result = cli->mid++;
218 if ((result == 0) || (result == 0xffff)) {
219 continue;
220 }
221
222 for (i=0; i<num_pending; i++) {
223 if (result == cli_smb_req_mid(cli->pending[i])) {
224 break;
225 }
226 }
227
228 if (i == num_pending) {
229 return result;
230 }
231 }
232 }
233
234 void cli_smb_req_unset_pending(struct tevent_req *req)
235 {
236 struct cli_smb_state *state = tevent_req_data(
237 req, struct cli_smb_state);
238 struct cli_state *cli = state->cli;
239 int num_pending = talloc_array_length(cli->pending);
240 int i;
241
242 if (state->mid != 0) {
243 /*
244 * This is a [nt]trans[2] request which waits
245 * for more than one reply.
246 */
247 return;
248 }
249
250 if (num_pending == 1) {
251 /*
252 * The pending read_smb tevent_req is a child of
253 * cli->pending. So if nothing is pending anymore, we need to
254 * delete the socket read fde.
255 */
256 TALLOC_FREE(cli->pending);
257 return;
258 }
259
260 for (i=0; i<num_pending; i++) {
261 if (req == cli->pending[i]) {
262 break;
263 }
264 }
265 if (i == num_pending) {
266 /*
267 * Something's seriously broken. Just returning here is the
268 * right thing nevertheless, the point of this routine is to
269 * remove ourselves from cli->pending.
270 */
271 return;
272 }
273
274 /*
275 * Remove ourselves from the cli->pending array
276 */
277 if (num_pending > 1) {
278 cli->pending[i] = cli->pending[num_pending-1];
279 }
280
281 /*
282 * No NULL check here, we're shrinking by sizeof(void *), and
283 * talloc_realloc just adjusts the size for this.
284 */
285 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
286 num_pending - 1);
287 return;
288 }
289
290 static int cli_smb_req_destructor(struct tevent_req *req)
291 {
292 struct cli_smb_state *state = tevent_req_data(
293 req, struct cli_smb_state);
294 /*
295 * Make sure we really remove it from
296 * the pending array on destruction.
297 */
298 state->mid = 0;
299 cli_smb_req_unset_pending(req);
300 return 0;
301 }
302
303 static void cli_smb_received(struct tevent_req *subreq);
304
305 bool cli_smb_req_set_pending(struct tevent_req *req)
306 {
307 struct cli_smb_state *state = tevent_req_data(
308 req, struct cli_smb_state);
309 struct cli_state *cli;
310 struct tevent_req **pending;
311 int num_pending;
312 struct tevent_req *subreq;
313
314 cli = state->cli;
315 num_pending = talloc_array_length(cli->pending);
316
317 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
318 num_pending+1);
319 if (pending == NULL) {
320 return false;
321 }
322 pending[num_pending] = req;
323 cli->pending = pending;
324 talloc_set_destructor(req, cli_smb_req_destructor);
325
326 if (num_pending > 0) {
327 return true;
328 }
329
330 /*
331 * We're the first ones, add the read_smb request that waits for the
332 * answer from the server
333 */
334 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
335 if (subreq == NULL) {
336 cli_smb_req_unset_pending(req);
337 return false;
338 }
339 tevent_req_set_callback(subreq, cli_smb_received, cli);
340 return true;
341 }
342
343 /*
344 * Fetch a smb request's mid. Only valid after the request has been sent by
345 * cli_smb_req_send().
346 */
347 uint16_t cli_smb_req_mid(struct tevent_req *req)
348 {
349 struct cli_smb_state *state = tevent_req_data(
350 req, struct cli_smb_state);
351 return SVAL(state->header, smb_mid);
352 }
353
354 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
355 {
356 struct cli_smb_state *state = tevent_req_data(
357 req, struct cli_smb_state);
358 state->mid = mid;
359 }
360
361 uint32_t cli_smb_req_seqnum(struct tevent_req *req)
362 {
363 struct cli_smb_state *state = tevent_req_data(
364 req, struct cli_smb_state);
365 return state->seqnum;
366 }
367
368 void cli_smb_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
369 {
370 struct cli_smb_state *state = tevent_req_data(
371 req, struct cli_smb_state);
372 state->seqnum = seqnum;
373 }
374
375 static size_t iov_len(const struct iovec *iov, int count)
376 {
377 size_t result = 0;
378 int i;
379 for (i=0; i<count; i++) {
380 result += iov[i].iov_len;
381 }
382 return result;
383 }
384
385 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
386 int count)
387 {
388 size_t len = iov_len(iov, count);
389 size_t copied;
390 uint8_t *buf;
391 int i;
392
393 buf = talloc_array(mem_ctx, uint8_t, len);
394 if (buf == NULL) {
395 return NULL;
396 }
397 copied = 0;
398 for (i=0; i<count; i++) {
399 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
400 copied += iov[i].iov_len;
401 }
402 return buf;
403 }
404
405 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
406 struct event_context *ev,
407 struct cli_state *cli,
408 uint8_t smb_command,
409 uint8_t additional_flags,
410 uint8_t wct, uint16_t *vwv,
411 int iov_count,
412 struct iovec *bytes_iov)
413 {
414 struct tevent_req *result;
415 struct cli_smb_state *state;
416 struct timeval endtime;
417
418 if (iov_count > MAX_SMB_IOV) {
419 /*
420 * Should not happen :-)
421 */
422 return NULL;
423 }
424
425 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
426 if (result == NULL) {
427 return NULL;
428 }
429 state->ev = ev;
430 state->cli = cli;
431 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
432 state->chain_num = 0;
433 state->chained_requests = NULL;
434
435 cli_setup_packet_buf(cli, (char *)state->header);
436 SCVAL(state->header, smb_com, smb_command);
437 SSVAL(state->header, smb_tid, cli->cnum);
438 SCVAL(state->header, smb_wct, wct);
439
440 state->vwv = vwv;
441
442 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
443
444 state->iov[0].iov_base = (void *)state->header;
445 state->iov[0].iov_len = sizeof(state->header);
446 state->iov[1].iov_base = (void *)state->vwv;
447 state->iov[1].iov_len = wct * sizeof(uint16_t);
448 state->iov[2].iov_base = (void *)state->bytecount_buf;
449 state->iov[2].iov_len = sizeof(uint16_t);
450
451 if (iov_count != 0) {
452 memcpy(&state->iov[3], bytes_iov,
453 iov_count * sizeof(*bytes_iov));
454 }
455 state->iov_count = iov_count + 3;
456
457 if (cli->timeout) {
458 endtime = timeval_current_ofs(cli->timeout / 1000,
459 (cli->timeout % 1000) * 1000);
460 if (!tevent_req_set_endtime(result, ev, endtime)) {
461 tevent_req_nomem(NULL, result);
462 }
463 }
464 return result;
465 }
466
467 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
468 uint32_t *seqnum)
469 {
470 uint8_t *buf;
471
472 /*
473 * Obvious optimization: Make cli_calculate_sign_mac work with struct
474 * iovec directly. MD5Update would do that just fine.
475 */
476
477 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
478 return NT_STATUS_INVALID_PARAMETER;
479 }
480
481 buf = iov_concat(talloc_tos(), iov, count);
482 if (buf == NULL) {
483 return NT_STATUS_NO_MEMORY;
484 }
485
486 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
487 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
488
489 TALLOC_FREE(buf);
490 return NT_STATUS_OK;
491 }
492
493 static void cli_smb_sent(struct tevent_req *subreq);
494
495 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
496 struct cli_smb_state *state,
497 struct iovec *iov, int iov_count)
498 {
499 struct tevent_req *subreq;
500 NTSTATUS status;
501
502 if (state->cli->fd == -1) {
503 return NT_STATUS_CONNECTION_INVALID;
504 }
505
506 if (iov[0].iov_len < smb_wct) {
507 return NT_STATUS_INVALID_PARAMETER;
508 }
509
510 if (state->mid != 0) {
511 SSVAL(iov[0].iov_base, smb_mid, state->mid);
512 } else {
513 uint16_t mid = cli_alloc_mid(state->cli);
514 SSVAL(iov[0].iov_base, smb_mid, mid);
515 }
516
517 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
518
519 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
520
521 if (!NT_STATUS_IS_OK(status)) {
522 return status;
523 }
524
525 if (cli_encryption_on(state->cli)) {
526 char *buf, *enc_buf;
527
528 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
529 if (buf == NULL) {
530 return NT_STATUS_NO_MEMORY;
531 }
532 status = cli_encrypt_message(state->cli, (char *)buf,
533 &enc_buf);
534 TALLOC_FREE(buf);
535 if (!NT_STATUS_IS_OK(status)) {
536 DEBUG(0, ("Error in encrypting client message: %s\n",
537 nt_errstr(status)));
538 return status;
539 }
540 buf = (char *)talloc_memdup(state, enc_buf,
541 smb_len(enc_buf)+4);
542 SAFE_FREE(enc_buf);
543 if (buf == NULL) {
544 return NT_STATUS_NO_MEMORY;
545 }
546 iov[0].iov_base = (void *)buf;
547 iov[0].iov_len = talloc_get_size(buf);
548 iov_count = 1;
549 }
550 subreq = writev_send(state, state->ev, state->cli->outgoing,
551 state->cli->fd, false, iov, iov_count);
552 if (subreq == NULL) {
553 return NT_STATUS_NO_MEMORY;
554 }
555 tevent_req_set_callback(subreq, cli_smb_sent, req);
556 return NT_STATUS_OK;
557 }
558
559 NTSTATUS cli_smb_req_send(struct tevent_req *req)
560 {
561 struct cli_smb_state *state = tevent_req_data(
562 req, struct cli_smb_state);
563
564 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
565 }
566
567 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
568 struct event_context *ev,
569 struct cli_state *cli,
570 uint8_t smb_command,
571 uint8_t additional_flags,
572 uint8_t wct, uint16_t *vwv,
573 uint32_t num_bytes,
574 const uint8_t *bytes)
575 {
576 struct tevent_req *req;
577 struct iovec iov;
578 NTSTATUS status;
579
580 iov.iov_base = CONST_DISCARD(void *, bytes);
581 iov.iov_len = num_bytes;
582
583 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
584 additional_flags, wct, vwv, 1, &iov);
585 if (req == NULL) {
586 return NULL;
587 }
588
589 status = cli_smb_req_send(req);
590 if (!NT_STATUS_IS_OK(status)) {
591 tevent_req_nterror(req, status);
592 return tevent_req_post(req, ev);
593 }
594 return req;
595 }
596
597 static void cli_smb_sent(struct tevent_req *subreq)
598 {
599 struct tevent_req *req = tevent_req_callback_data(
600 subreq, struct tevent_req);
601 struct cli_smb_state *state = tevent_req_data(
602 req, struct cli_smb_state);
603 ssize_t nwritten;
604 int err;
605
606 nwritten = writev_recv(subreq, &err);
607 TALLOC_FREE(subreq);
608 if (nwritten == -1) {
609 if (state->cli->fd != -1) {
610 close(state->cli->fd);
611 state->cli->fd = -1;
612 }
613 tevent_req_nterror(req, map_nt_error_from_unix(err));
614 return;
615 }
616
617 switch (CVAL(state->header, smb_com)) {
618 case SMBtranss:
619 case SMBtranss2:
620 case SMBnttranss:
621 case SMBntcancel:
622 state->inbuf = NULL;
623 tevent_req_done(req);
624 return;
625 case SMBlockingX:
626 if ((CVAL(state->header, smb_wct) == 8) &&
627 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
628 state->inbuf = NULL;
629 tevent_req_done(req);
630 return;
631 }
632 }
633
634 if (!cli_smb_req_set_pending(req)) {
635 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
636 return;
637 }
638 }
639
640 static void cli_smb_received(struct tevent_req *subreq)
641 {
642 struct cli_state *cli = tevent_req_callback_data(
643 subreq, struct cli_state);
644 struct tevent_req *req;
645 struct cli_smb_state *state;
646 NTSTATUS status;
647 uint8_t *inbuf;
648 ssize_t received;
649 int num_pending;
650 int i, err;
651 uint16_t mid;
652 bool oplock_break;
653
654 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
655 TALLOC_FREE(subreq);
656 if (received == -1) {
657 if (cli->fd != -1) {
658 close(cli->fd);
659 cli->fd = -1;
660 }
661 status = map_nt_error_from_unix(err);
662 goto fail;
663 }
664
665 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
666 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
667 DEBUG(10, ("Got non-SMB PDU\n"));
668 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
669 goto fail;
670 }
671
672 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
673 uint16_t enc_ctx_num;
674
675 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
676 if (!NT_STATUS_IS_OK(status)) {
677 DEBUG(10, ("get_enc_ctx_num returned %s\n",
678 nt_errstr(status)));
679 goto fail;
680 }
681
682 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
683 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
684 enc_ctx_num,
685 cli->trans_enc_state->enc_ctx_num));
686 status = NT_STATUS_INVALID_HANDLE;
687 goto fail;
688 }
689
690 status = common_decrypt_buffer(cli->trans_enc_state,
691 (char *)inbuf);
692 if (!NT_STATUS_IS_OK(status)) {
693 DEBUG(10, ("common_decrypt_buffer returned %s\n",
694 nt_errstr(status)));
695 goto fail;
696 }
697 }
698
699 mid = SVAL(inbuf, smb_mid);
700 num_pending = talloc_array_length(cli->pending);
701
702 for (i=0; i<num_pending; i++) {
703 if (mid == cli_smb_req_mid(cli->pending[i])) {
704 break;
705 }
706 }
707 if (i == num_pending) {
708 /* Dump unexpected reply */
709 TALLOC_FREE(inbuf);
710 goto done;
711 }
712
713 oplock_break = false;
714
715 if (mid == 0xffff) {
716 /*
717 * Paranoia checks that this is really an oplock break request.
718 */
719 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
720 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
721 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
722 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
723 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
724
725 if (!oplock_break) {
726 /* Dump unexpected reply */
727 TALLOC_FREE(inbuf);
728 goto done;
729 }
730 }
731
732 req = cli->pending[i];
733 state = tevent_req_data(req, struct cli_smb_state);
734
735 if (!oplock_break /* oplock breaks are not signed */
736 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
737 DEBUG(10, ("cli_check_sign_mac failed\n"));
738 TALLOC_FREE(inbuf);
739 status = NT_STATUS_ACCESS_DENIED;
740 close(cli->fd);
741 cli->fd = -1;
742 goto fail;
743 }
744
745 if (state->chained_requests == NULL) {
746 state->inbuf = talloc_move(state, &inbuf);
747 talloc_set_destructor(req, NULL);
748 cli_smb_req_unset_pending(req);
749 state->chain_num = 0;
750 state->chain_length = 1;
751 tevent_req_done(req);
752 } else {
753 struct tevent_req **chain = talloc_move(
754 talloc_tos(), &state->chained_requests);
755 int num_chained = talloc_array_length(chain);
756
757 for (i=0; i<num_chained; i++) {
758 state = tevent_req_data(chain[i], struct
759 cli_smb_state);
760 state->inbuf = inbuf;
761 state->chain_num = i;
762 state->chain_length = num_chained;
763 tevent_req_done(chain[i]);
764 }
765 TALLOC_FREE(inbuf);
766 TALLOC_FREE(chain);
767 }
768 done:
769 if (talloc_array_length(cli->pending) > 0) {
770 /*
771 * Set up another read request for the other pending cli_smb
772 * requests
773 */
774 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
775 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
776 if (subreq == NULL) {
777 status = NT_STATUS_NO_MEMORY;
778 goto fail;
779 }
780 tevent_req_set_callback(subreq, cli_smb_received, cli);
781 }
782 return;
783 fail:
784 /*
785 * Cancel all pending requests. We don't do a for-loop walking
786 * cli->pending because that array changes in
787 * cli_smb_req_destructor().
788 */
789 while (talloc_array_length(cli->pending) > 0) {
790 req = cli->pending[0];
791 talloc_set_destructor(req, NULL);
792 cli_smb_req_unset_pending(req);
793 tevent_req_nterror(req, status);
794 }
795 }
796
797 NTSTATUS cli_smb_recv(struct tevent_req *req,
798 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
799 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
800 uint32_t *pnum_bytes, uint8_t **pbytes)
801 {
802 struct cli_smb_state *state = tevent_req_data(
803 req, struct cli_smb_state);
804 NTSTATUS status = NT_STATUS_OK;
805 uint8_t cmd, wct;
806 uint16_t num_bytes;
807 size_t wct_ofs, bytes_offset;
808 int i;
809
810 if (tevent_req_is_nterror(req, &status)) {
811 return status;
812 }
813
814 if (state->inbuf == NULL) {
815 if (min_wct != 0) {
816 return NT_STATUS_INVALID_NETWORK_RESPONSE;
817 }
818 if (pinbuf) {
819 *pinbuf = NULL;
820 }
821 if (pwct) {
822 *pwct = 0;
823 }
824 if (pvwv) {
825 *pvwv = NULL;
826 }
827 if (pnum_bytes) {
828 *pnum_bytes = 0;
829 }
830 if (pbytes) {
831 *pbytes = NULL;
832 }
833 /* This was a request without a reply */
834 return NT_STATUS_OK;
835 }
836
837 wct_ofs = smb_wct;
838 cmd = CVAL(state->inbuf, smb_com);
839
840 for (i=0; i<state->chain_num; i++) {
841 if (i < state->chain_num-1) {
842 if (cmd == 0xff) {
843 return NT_STATUS_REQUEST_ABORTED;
844 }
845 if (!is_andx_req(cmd)) {
846 return NT_STATUS_INVALID_NETWORK_RESPONSE;
847 }
848 }
849
850 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
851 /*
852 * This request was not completed because a previous
853 * request in the chain had received an error.
854 */
855 return NT_STATUS_REQUEST_ABORTED;
856 }
857
858 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
859
860 /*
861 * Skip the all-present length field. No overflow, we've just
862 * put a 16-bit value into a size_t.
863 */
864 wct_ofs += 4;
865
866 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
867 return NT_STATUS_INVALID_NETWORK_RESPONSE;
868 }
869
870 cmd = CVAL(state->inbuf, wct_ofs + 1);
871 }
872
873 status = cli_pull_error((char *)state->inbuf);
874
875 cli_set_error(state->cli, status);
876
877 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
878
879 if ((cmd == SMBsesssetupX)
880 && NT_STATUS_EQUAL(
881 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
882 /*
883 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
884 * valid return code for session setup
885 */
886 goto no_err;
887 }
888
889 if (NT_STATUS_IS_ERR(status)) {
890 /*
891 * The last command takes the error code. All
892 * further commands down the requested chain
893 * will get a NT_STATUS_REQUEST_ABORTED.
894 */
895 return status;
896 }
897 }
898
899 no_err:
900
901 wct = CVAL(state->inbuf, wct_ofs);
902 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
903 num_bytes = SVAL(state->inbuf, bytes_offset);
904
905 if (wct < min_wct) {
906 return NT_STATUS_INVALID_NETWORK_RESPONSE;
907 }
908
909 /*
910 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
911 * is a 16-bit value. So bytes_offset being size_t should be far from
912 * wrapping.
913 */
914 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
915 || (bytes_offset > 0xffff)) {
916 return NT_STATUS_INVALID_NETWORK_RESPONSE;
917 }
918
919 if (pwct != NULL) {
920 *pwct = wct;
921 }
922 if (pvwv != NULL) {
923 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
924 }
925 if (pnum_bytes != NULL) {
926 *pnum_bytes = num_bytes;
927 }
928 if (pbytes != NULL) {
929 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
930 }
931 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
932 if (state->chain_num == state->chain_length-1) {
933 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
934 } else {
935 *pinbuf = state->inbuf;
936 }
937 }
938
939 return status;
940 }
941
942 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
943 {
944 size_t wct_ofs;
945 int i;
946
947 wct_ofs = smb_wct - 4;
948
949 for (i=0; i<num_reqs; i++) {
950 struct cli_smb_state *state;
951 state = tevent_req_data(reqs[i], struct cli_smb_state);
952 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
953 wct_ofs = (wct_ofs + 3) & ~3;
954 }
955 return wct_ofs;
956 }
957
958 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
959 {
960 struct cli_smb_state *first_state = tevent_req_data(
961 reqs[0], struct cli_smb_state);
962 struct cli_smb_state *last_state = tevent_req_data(
963 reqs[num_reqs-1], struct cli_smb_state);
964 struct cli_smb_state *state;
965 size_t wct_offset;
966 size_t chain_padding = 0;
967 int i, iovlen;
968 struct iovec *iov = NULL;
969 struct iovec *this_iov;
970 NTSTATUS status;
971
972 iovlen = 0;
973 for (i=0; i<num_reqs; i++) {
974 state = tevent_req_data(reqs[i], struct cli_smb_state);
975 iovlen += state->iov_count;
976 }
977
978 iov = talloc_array(last_state, struct iovec, iovlen);
979 if (iov == NULL) {
980 return NT_STATUS_NO_MEMORY;
981 }
982
983 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
984 last_state, reqs, sizeof(*reqs) * num_reqs);
985 if (first_state->chained_requests == NULL) {
986 TALLOC_FREE(iov);
987 return NT_STATUS_NO_MEMORY;
988 }
989
990 wct_offset = smb_wct - 4;
991 this_iov = iov;
992
993 for (i=0; i<num_reqs; i++) {
994 size_t next_padding = 0;
995 uint16_t *vwv;
996
997 state = tevent_req_data(reqs[i], struct cli_smb_state);
998
999 if (i < num_reqs-1) {
1000 if (!is_andx_req(CVAL(state->header, smb_com))
1001 || CVAL(state->header, smb_wct) < 2) {
1002 TALLOC_FREE(iov);
1003 TALLOC_FREE(first_state->chained_requests);
1004 return NT_STATUS_INVALID_PARAMETER;
1005 }
1006 }
1007
1008 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
1009 if ((wct_offset % 4) != 0) {
1010 next_padding = 4 - (wct_offset % 4);
1011 }
1012 wct_offset += next_padding;
1013 vwv = state->vwv;
1014
1015 if (i < num_reqs-1) {
1016 struct cli_smb_state *next_state = tevent_req_data(
1017 reqs[i+1], struct cli_smb_state);
1018 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
1019 SCVAL(vwv+0, 1, 0);
1020 SSVAL(vwv+1, 0, wct_offset);
1021 } else if (is_andx_req(CVAL(state->header, smb_com))) {
1022 /* properly end the chain */
1023 SCVAL(vwv+0, 0, 0xff);
1024 SCVAL(vwv+0, 1, 0xff);
1025 SSVAL(vwv+1, 0, 0);
1026 }
1027
1028 if (i == 0) {
1029 this_iov[0] = state->iov[0];
1030 } else {
1031 /*
1032 * This one is a bit subtle. We have to add
1033 * chain_padding bytes between the requests, and we
1034 * have to also include the wct field of the
1035 * subsequent requests. We use the subsequent header
1036 * for the padding, it contains the wct field in its
1037 * last byte.
1038 */
1039 this_iov[0].iov_len = chain_padding+1;
1040 this_iov[0].iov_base = (void *)&state->header[
1041 sizeof(state->header) - this_iov[0].iov_len];
1042 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
1043 }
1044 memcpy(this_iov+1, state->iov+1,
1045 sizeof(struct iovec) * (state->iov_count-1));
1046 this_iov += state->iov_count;
1047 chain_padding = next_padding;
1048 }
1049
1050 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
1051 if (!NT_STATUS_IS_OK(status)) {
1052 TALLOC_FREE(iov);
1053 TALLOC_FREE(first_state->chained_requests);
1054 return status;
1055 }
1056
1057 return NT_STATUS_OK;
1058 }
1059
1060 uint8_t *cli_smb_inbuf(struct tevent_req *req)
1061 {
1062 struct cli_smb_state *state = tevent_req_data(
1063 req, struct cli_smb_state);
1064 return state->inbuf;
1065 }
1066
1067 bool cli_has_async_calls(struct cli_state *cli)
1068 {
1069 return ((tevent_queue_length(cli->outgoing) != 0)
1070 || (talloc_array_length(cli->pending) != 0));
1071 }
1072
1073 struct cli_smb_oplock_break_waiter_state {
1074 uint16_t fnum;
1075 uint8_t level;
1076 };
1077
1078 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
1079
1080 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
1081 struct event_context *ev,
1082 struct cli_state *cli)
1083 {
1084 struct tevent_req *req, *subreq;
1085 struct cli_smb_oplock_break_waiter_state *state;
1086 struct cli_smb_state *smb_state;
1087
1088 req = tevent_req_create(mem_ctx, &state,
1089 struct cli_smb_oplock_break_waiter_state);
1090 if (req == NULL) {
1091 return NULL;
1092 }
1093
1094 /*
1095 * Create a fake SMB request that we will never send out. This is only
1096 * used to be set into the pending queue with the right mid.
1097 */
1098 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1099 if (tevent_req_nomem(subreq, req)) {
1100 return tevent_req_post(req, ev);
1101 }
1102 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1103 SSVAL(smb_state->header, smb_mid, 0xffff);
1104
1105 if (!cli_smb_req_set_pending(subreq)) {
1106 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1107 return tevent_req_post(req, ev);
1108 }
1109 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1110 return req;
1111 }
1112
1113 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1114 {
1115 struct tevent_req *req = tevent_req_callback_data(
1116 subreq, struct tevent_req);
1117 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1118 req, struct cli_smb_oplock_break_waiter_state);
1119 uint8_t wct;
1120 uint16_t *vwv;
1121 uint32_t num_bytes;
1122 uint8_t *bytes;
1123 uint8_t *inbuf;
1124 NTSTATUS status;
1125
1126 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1127 &num_bytes, &bytes);
1128 TALLOC_FREE(subreq);
1129 if (!NT_STATUS_IS_OK(status)) {
1130 tevent_req_nterror(req, status);
1131 return;
1132 }
1133 state->fnum = SVAL(vwv+2, 0);
1134 state->level = CVAL(vwv+3, 1);
1135 tevent_req_done(req);
1136 }
1137
1138 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1139 uint16_t *pfnum,
1140 uint8_t *plevel)
1141 {
1142 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1143 req, struct cli_smb_oplock_break_waiter_state);
1144 NTSTATUS status;
1145
1146 if (tevent_req_is_nterror(req, &status)) {
1147 return status;
1148 }
1149 *pfnum = state->fnum;
1150 *plevel = state->level;
1151 return NT_STATUS_OK;
1152 }
1153
1154
1155 struct cli_session_request_state {
1156 struct tevent_context *ev;
1157 int sock;
1158 uint32 len_hdr;
1159 struct iovec iov[3];
1160 uint8_t nb_session_response;
1161 };
1162
1163 static void cli_session_request_sent(struct tevent_req *subreq);
1164 static void cli_session_request_recvd(struct tevent_req *subreq);
1165
1166 struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
1167 struct tevent_context *ev,
1168 int sock,
1169 const struct nmb_name *called,
1170 const struct nmb_name *calling)
1171 {
1172 struct tevent_req *req, *subreq;
1173 struct cli_session_request_state *state;
1174
1175 req = tevent_req_create(mem_ctx, &state,
1176 struct cli_session_request_state);
1177 if (req == NULL) {
1178 return NULL;
1179 }
1180 state->ev = ev;
1181 state->sock = sock;
1182
1183 state->iov[1].iov_base = name_mangle(
1184 state, called->name, called->name_type);
1185 if (tevent_req_nomem(state->iov[1].iov_base, req)) {
1186 return tevent_req_post(req, ev);
1187 }
1188 state->iov[1].iov_len = name_len(
1189 (unsigned char *)state->iov[1].iov_base,
1190 talloc_get_size(state->iov[1].iov_base));
1191
1192 state->iov[2].iov_base = name_mangle(
1193 state, calling->name, calling->name_type);
1194 if (tevent_req_nomem(state->iov[2].iov_base, req)) {
1195 return tevent_req_post(req, ev);
1196 }
1197 state->iov[2].iov_len = name_len(
1198 (unsigned char *)state->iov[2].iov_base,
1199 talloc_get_size(state->iov[2].iov_base));
1200
1201 _smb_setlen(((char *)&state->len_hdr),
1202 state->iov[1].iov_len + state->iov[2].iov_len);
1203 SCVAL((char *)&state->len_hdr, 0, 0x81);
1204
1205 state->iov[0].iov_base = &state->len_hdr;
1206 state->iov[0].iov_len = sizeof(state->len_hdr);
1207
1208 subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
1209 if (tevent_req_nomem(subreq, req)) {
1210 return tevent_req_post(req, ev);
1211 }
1212 tevent_req_set_callback(subreq, cli_session_request_sent, req);
1213 return req;
1214 }
1215
1216 static void cli_session_request_sent(struct tevent_req *subreq)
1217 {
1218 struct tevent_req *req = tevent_req_callback_data(
1219 subreq, struct tevent_req);
1220 struct cli_session_request_state *state = tevent_req_data(
1221 req, struct cli_session_request_state);
1222 ssize_t ret;
1223 int err;
1224
1225 ret = writev_recv(subreq, &err);
1226 TALLOC_FREE(subreq);
1227 if (ret == -1) {
1228 tevent_req_error(req, err);
1229 return;
1230 }
1231 subreq = read_smb_send(state, state->ev, state->sock);
1232 if (tevent_req_nomem(subreq, req)) {
1233 return;
1234 }
1235 tevent_req_set_callback(subreq, cli_session_request_recvd, req);
1236 }
1237
1238 static void cli_session_request_recvd(struct tevent_req *subreq)
1239 {
1240 struct tevent_req *req = tevent_req_callback_data(
1241 subreq, struct tevent_req);
1242 struct cli_session_request_state *state = tevent_req_data(
1243 req, struct cli_session_request_state);
1244 uint8_t *buf;
1245 ssize_t ret;
1246 int err;
1247
1248 ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
1249 TALLOC_FREE(subreq);
1250
1251 if (ret < 4) {
1252 ret = -1;
1253 err = EIO;
1254 }
1255 if (ret == -1) {
1256 tevent_req_error(req, err);
1257 return;
1258 }
1259 /*
1260 * In case of an error there is more information in the data
1261 * portion according to RFC1002. We're not subtle enough to
1262 * respond to the different error conditions, so drop the
1263 * error info here.
1264 */
1265 state->nb_session_response = CVAL(buf, 0);
1266 tevent_req_done(req);
1267 }
1268
1269 bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
1270 {
1271 struct cli_session_request_state *state = tevent_req_data(
1272 req, struct cli_session_request_state);
1273
1274 if (tevent_req_is_unix_error(req, err)) {
1275 return false;
1276 }
1277 *resp = state->nb_session_response;
1278 return true;
1279 }
Samba GIT mirror