2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 static void cli_state_handler(struct event_context
*event_ctx
,
23 struct fd_event
*event
, uint16 flags
, void *p
);
26 * Read an smb packet asynchronously, discard keepalives
29 struct read_smb_state
{
30 struct tevent_context
*ev
;
35 static ssize_t
read_smb_more(uint8_t *buf
, size_t buflen
, void *private_data
);
36 static void read_smb_done(struct tevent_req
*subreq
);
38 static struct tevent_req
*read_smb_send(TALLOC_CTX
*mem_ctx
,
39 struct tevent_context
*ev
,
42 struct tevent_req
*result
, *subreq
;
43 struct read_smb_state
*state
;
45 result
= tevent_req_create(mem_ctx
, &state
, struct read_smb_state
);
52 subreq
= read_packet_send(state
, ev
, fd
, 4, read_smb_more
, NULL
);
56 tevent_req_set_callback(subreq
, read_smb_done
, result
);
63 static ssize_t
read_smb_more(uint8_t *buf
, size_t buflen
, void *private_data
)
66 return 0; /* We've been here, we're done */
68 return smb_len_large(buf
);
71 static void read_smb_done(struct tevent_req
*subreq
)
73 struct tevent_req
*req
= tevent_req_callback_data(
74 subreq
, struct tevent_req
);
75 struct read_smb_state
*state
= tevent_req_data(
76 req
, struct read_smb_state
);
80 len
= read_packet_recv(subreq
, state
, &state
->buf
, &err
);
83 tevent_req_error(req
, err
);
87 if (CVAL(state
->buf
, 0) == SMBkeepalive
) {
88 subreq
= read_packet_send(state
, state
->ev
, state
->fd
, 4,
90 if (tevent_req_nomem(subreq
, req
)) {
93 tevent_req_set_callback(subreq
, read_smb_done
, req
);
99 static ssize_t
read_smb_recv(struct tevent_req
*req
, TALLOC_CTX
*mem_ctx
,
100 uint8_t **pbuf
, int *perrno
)
102 struct read_smb_state
*state
= tevent_req_data(
103 req
, struct read_smb_state
);
105 if (tevent_req_is_unix_error(req
, perrno
)) {
108 *pbuf
= talloc_move(mem_ctx
, &state
->buf
);
109 return talloc_get_size(*pbuf
);
113 * Fetch an error out of a NBT packet
114 * @param[in] buf The SMB packet
115 * @retval The error, converted to NTSTATUS
118 NTSTATUS
cli_pull_error(char *buf
)
120 uint32_t flags2
= SVAL(buf
, smb_flg2
);
122 if (flags2
& FLAGS2_32_BIT_ERROR_CODES
) {
123 return NT_STATUS(IVAL(buf
, smb_rcls
));
126 /* if the client uses dos errors, but there is no error,
127 we should return no error here, otherwise it looks
128 like an unknown bad NT_STATUS. jmcd */
129 if (CVAL(buf
, smb_rcls
) == 0)
132 return NT_STATUS_DOS(CVAL(buf
, smb_rcls
), SVAL(buf
,smb_err
));
136 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
137 * @param[in] cli The client connection that just received an error
138 * @param[in] status The error to set on "cli"
141 void cli_set_error(struct cli_state
*cli
, NTSTATUS status
)
143 uint32_t flags2
= SVAL(cli
->inbuf
, smb_flg2
);
145 if (NT_STATUS_IS_DOS(status
)) {
146 SSVAL(cli
->inbuf
, smb_flg2
,
147 flags2
& ~FLAGS2_32_BIT_ERROR_CODES
);
148 SCVAL(cli
->inbuf
, smb_rcls
, NT_STATUS_DOS_CLASS(status
));
149 SSVAL(cli
->inbuf
, smb_err
, NT_STATUS_DOS_CODE(status
));
153 SSVAL(cli
->inbuf
, smb_flg2
, flags2
| FLAGS2_32_BIT_ERROR_CODES
);
154 SIVAL(cli
->inbuf
, smb_rcls
, NT_STATUS_V(status
));
160 * @param[in] cli The client connection
161 * @retval The new, unused mid
164 static uint16_t cli_new_mid(struct cli_state
*cli
)
167 struct cli_request
*req
;
175 for (req
= cli
->outstanding_requests
; req
; req
= req
->next
) {
176 if (result
== req
->mid
) {
188 * Print an async req that happens to be a cli_request
189 * @param[in] mem_ctx The TALLOC_CTX to put the result on
190 * @param[in] req The request to print
191 * @retval The string representation of "req"
194 static char *cli_request_print(TALLOC_CTX
*mem_ctx
, struct async_req
*req
)
196 char *result
= async_req_print(mem_ctx
, req
);
197 struct cli_request
*cli_req
= talloc_get_type_abort(
198 req
->private_data
, struct cli_request
);
200 if (result
== NULL
) {
204 return talloc_asprintf_append_buffer(
205 result
, "mid=%d\n", cli_req
->mid
);
209 * Destroy a cli_request
210 * @param[in] req The cli_request to kill
214 static int cli_request_destructor(struct cli_request
*req
)
216 if (req
->enc_state
!= NULL
) {
217 common_free_enc_buffer(req
->enc_state
, (char *)req
->outbuf
);
219 DLIST_REMOVE(req
->cli
->outstanding_requests
, req
);
220 if (req
->cli
->outstanding_requests
== NULL
) {
221 TALLOC_FREE(req
->cli
->fd_event
);
227 * Are there already requests waiting in the chain_accumulator?
228 * @param[in] cli The cli_state we want to check
232 bool cli_in_chain(struct cli_state
*cli
)
234 if (cli
->chain_accumulator
== NULL
) {
238 return (cli
->chain_accumulator
->num_async
!= 0);
242 * @brief Find the smb_cmd offset of the last command pushed
243 * @param[in] buf The buffer we're building up
244 * @retval Where can we put our next andx cmd?
246 * While chaining requests, the "next" request we're looking at needs to put
247 * its SMB_Command before the data the previous request already built up added
248 * to the chain. Find the offset to the place where we have to put our cmd.
251 static bool find_andx_cmd_ofs(uint8_t *buf
, size_t *pofs
)
256 cmd
= CVAL(buf
, smb_com
);
258 SMB_ASSERT(is_andx_req(cmd
));
262 while (CVAL(buf
, ofs
) != 0xff) {
264 if (!is_andx_req(CVAL(buf
, ofs
))) {
269 * ofs is from start of smb header, so add the 4 length
270 * bytes. The next cmd is right after the wct field.
272 ofs
= SVAL(buf
, ofs
+2) + 4 + 1;
274 SMB_ASSERT(ofs
+4 < talloc_get_size(buf
));
282 * @brief Do the smb chaining at a buffer level
283 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
284 * @param[in] smb_command The command that we want to issue
285 * @param[in] wct How many words?
286 * @param[in] vwv The words, already in network order
287 * @param[in] bytes_alignment How shall we align "bytes"?
288 * @param[in] num_bytes How many bytes?
289 * @param[in] bytes The data the request ships
291 * smb_splice_chain() adds the vwv and bytes to the request already present in
295 bool smb_splice_chain(uint8_t **poutbuf
, uint8_t smb_command
,
296 uint8_t wct
, const uint16_t *vwv
,
297 size_t bytes_alignment
,
298 uint32_t num_bytes
, const uint8_t *bytes
)
301 size_t old_size
, new_size
;
303 size_t chain_padding
= 0;
304 size_t bytes_padding
= 0;
307 old_size
= talloc_get_size(*poutbuf
);
310 * old_size == smb_wct means we're pushing the first request in for
314 first_request
= (old_size
== smb_wct
);
316 if (!first_request
&& ((old_size
% 4) != 0)) {
318 * Align the wct field of subsequent requests to a 4-byte
321 chain_padding
= 4 - (old_size
% 4);
325 * After the old request comes the new wct field (1 byte), the vwv's
326 * and the num_bytes field. After at we might need to align the bytes
327 * given to us to "bytes_alignment", increasing the num_bytes value.
330 new_size
= old_size
+ chain_padding
+ 1 + wct
* sizeof(uint16_t) + 2;
332 if ((bytes_alignment
!= 0) && ((new_size
% bytes_alignment
) != 0)) {
333 bytes_padding
= bytes_alignment
- (new_size
% bytes_alignment
);
336 new_size
+= bytes_padding
+ num_bytes
;
338 if ((smb_command
!= SMBwriteX
) && (new_size
> 0xffff)) {
339 DEBUG(1, ("splice_chain: %u bytes won't fit\n",
340 (unsigned)new_size
));
344 outbuf
= TALLOC_REALLOC_ARRAY(NULL
, *poutbuf
, uint8_t, new_size
);
345 if (outbuf
== NULL
) {
346 DEBUG(0, ("talloc failed\n"));
352 SCVAL(outbuf
, smb_com
, smb_command
);
356 if (!find_andx_cmd_ofs(outbuf
, &andx_cmd_ofs
)) {
357 DEBUG(1, ("invalid command chain\n"));
358 *poutbuf
= TALLOC_REALLOC_ARRAY(
359 NULL
, *poutbuf
, uint8_t, old_size
);
363 if (chain_padding
!= 0) {
364 memset(outbuf
+ old_size
, 0, chain_padding
);
365 old_size
+= chain_padding
;
368 SCVAL(outbuf
, andx_cmd_ofs
, smb_command
);
369 SSVAL(outbuf
, andx_cmd_ofs
+ 2, old_size
- 4);
375 * Push the chained request:
380 SCVAL(outbuf
, ofs
, wct
);
387 memcpy(outbuf
+ ofs
, vwv
, sizeof(uint16_t) * wct
);
388 ofs
+= sizeof(uint16_t) * wct
;
394 SSVAL(outbuf
, ofs
, num_bytes
+ bytes_padding
);
395 ofs
+= sizeof(uint16_t);
401 if (bytes_padding
!= 0) {
402 memset(outbuf
+ ofs
, 0, bytes_padding
);
403 ofs
+= bytes_padding
;
410 memcpy(outbuf
+ ofs
, bytes
, num_bytes
);
416 * @brief Destroy an async_req that is the visible part of a cli_request
417 * @param[in] req The request to kill
418 * @retval Return 0 to make talloc happy
420 * This destructor is a bit tricky: Because a cli_request can host more than
421 * one async_req for chained requests, we need to make sure that the
422 * "cli_request" that we were part of is correctly destroyed at the right
423 * time. This is done by NULLing out ourself from the "async" member of our
424 * "cli_request". If there is none left, then also TALLOC_FREE() the
425 * cli_request, which was a talloc child of the client connection cli_state.
428 static int cli_async_req_destructor(struct async_req
*req
)
430 struct cli_request
*cli_req
= talloc_get_type_abort(
431 req
->private_data
, struct cli_request
);
437 for (i
=0; i
<cli_req
->num_async
; i
++) {
438 if (cli_req
->async
[i
] == req
) {
439 cli_req
->async
[i
] = NULL
;
442 if (cli_req
->async
[i
] != NULL
) {
450 TALLOC_FREE(cli_req
);
457 * @brief Chain up a request
458 * @param[in] mem_ctx The TALLOC_CTX for the result
459 * @param[in] ev The event context that will call us back
460 * @param[in] cli The cli_state we queue the request up for
461 * @param[in] smb_command The command that we want to issue
462 * @param[in] additional_flags open_and_x wants to add oplock header flags
463 * @param[in] wct How many words?
464 * @param[in] vwv The words, already in network order
465 * @param[in] bytes_alignment How shall we align "bytes"?
466 * @param[in] num_bytes How many bytes?
467 * @param[in] bytes The data the request ships
469 * cli_request_chain() is the core of the SMB request marshalling routine. It
470 * will create a new async_req structure in the cli->chain_accumulator->async
471 * array and marshall the smb_cmd, the vwv array and the bytes into
472 * cli->chain_accumulator->outbuf.
475 static struct async_req
*cli_request_chain(TALLOC_CTX
*mem_ctx
,
476 struct event_context
*ev
,
477 struct cli_state
*cli
,
479 uint8_t additional_flags
,
480 uint8_t wct
, const uint16_t *vwv
,
481 size_t bytes_alignment
,
483 const uint8_t *bytes
)
485 struct async_req
**tmp_reqs
;
486 struct cli_request
*req
;
488 req
= cli
->chain_accumulator
;
490 tmp_reqs
= TALLOC_REALLOC_ARRAY(req
, req
->async
, struct async_req
*,
492 if (tmp_reqs
== NULL
) {
493 DEBUG(0, ("talloc failed\n"));
496 req
->async
= tmp_reqs
;
499 req
->async
[req
->num_async
-1] = async_req_new(mem_ctx
);
500 if (req
->async
[req
->num_async
-1] == NULL
) {
501 DEBUG(0, ("async_req_new failed\n"));
505 req
->async
[req
->num_async
-1]->private_data
= req
;
506 req
->async
[req
->num_async
-1]->print
= cli_request_print
;
507 talloc_set_destructor(req
->async
[req
->num_async
-1],
508 cli_async_req_destructor
);
510 if (!smb_splice_chain(&req
->outbuf
, smb_command
, wct
, vwv
,
511 bytes_alignment
, num_bytes
, bytes
)) {
515 return req
->async
[req
->num_async
-1];
518 TALLOC_FREE(req
->async
[req
->num_async
-1]);
524 * @brief prepare a cli_state to accept a chain of requests
525 * @param[in] cli The cli_state we want to queue up in
526 * @param[in] ev The event_context that will call us back for the socket
527 * @param[in] size_hint How many bytes are expected, just an optimization
528 * @retval Did we have enough memory?
530 * cli_chain_cork() sets up a new cli_request in cli->chain_accumulator. If
531 * cli is used in an async fashion, i.e. if we have outstanding requests, then
532 * we do not have to create a fd event. If cli is used only with the sync
533 * helpers, we need to create the fd_event here.
535 * If you want to issue a chained request to the server, do a
536 * cli_chain_cork(), then do you cli_open_send(), cli_read_and_x_send(),
537 * cli_close_send() and so on. The async requests that come out of
538 * cli_xxx_send() are normal async requests with the difference that they
539 * won't be shipped individually. But the event_context will still trigger the
540 * req->async.fn to be called on every single request.
542 * You have to take care yourself that you only issue chainable requests in
543 * the middle of the chain.
546 bool cli_chain_cork(struct cli_state
*cli
, struct event_context
*ev
,
549 struct cli_request
*req
= NULL
;
551 SMB_ASSERT(cli
->chain_accumulator
== NULL
);
554 DEBUG(10, ("cli->fd closed\n"));
558 if (cli
->fd_event
== NULL
) {
559 SMB_ASSERT(cli
->outstanding_requests
== NULL
);
560 cli
->fd_event
= event_add_fd(ev
, cli
, cli
->fd
,
562 cli_state_handler
, cli
);
563 if (cli
->fd_event
== NULL
) {
568 req
= talloc(cli
, struct cli_request
);
574 if (size_hint
== 0) {
577 req
->outbuf
= talloc_array(req
, uint8_t, smb_wct
+ size_hint
);
578 if (req
->outbuf
== NULL
) {
581 req
->outbuf
= TALLOC_REALLOC_ARRAY(NULL
, req
->outbuf
, uint8_t,
587 req
->enc_state
= NULL
;
588 req
->recv_helper
.fn
= NULL
;
590 SSVAL(req
->outbuf
, smb_tid
, cli
->cnum
);
591 cli_setup_packet_buf(cli
, (char *)req
->outbuf
);
593 req
->mid
= cli_new_mid(cli
);
595 cli
->chain_accumulator
= req
;
597 DEBUG(10, ("cli_chain_cork: mid=%d\n", req
->mid
));
602 if (cli
->outstanding_requests
== NULL
) {
603 TALLOC_FREE(cli
->fd_event
);
609 * Ship a request queued up via cli_request_chain()
610 * @param[in] cl The connection
613 void cli_chain_uncork(struct cli_state
*cli
)
615 struct cli_request
*req
= cli
->chain_accumulator
;
618 SMB_ASSERT(req
!= NULL
);
620 DLIST_ADD_END(cli
->outstanding_requests
, req
, struct cli_request
*);
621 talloc_set_destructor(req
, cli_request_destructor
);
623 cli
->chain_accumulator
= NULL
;
625 SSVAL(req
->outbuf
, smb_mid
, req
->mid
);
627 smblen
= talloc_get_size(req
->outbuf
) - 4;
629 smb_setlen((char *)req
->outbuf
, smblen
);
631 if (smblen
> 0x1ffff) {
633 * This is a POSIX 14 word large write. Overwrite just the
634 * size field, the '0xFFSMB' has been set by smb_setlen which
635 * _smb_setlen_large does not do.
637 _smb_setlen_large(((char *)req
->outbuf
), smblen
);
640 cli_calculate_sign_mac(cli
, (char *)req
->outbuf
);
642 if (cli_encryption_on(cli
)) {
646 status
= cli_encrypt_message(cli
, (char *)req
->outbuf
,
648 if (!NT_STATUS_IS_OK(status
)) {
649 DEBUG(0, ("Error in encrypting client message. "
650 "Error %s\n", nt_errstr(status
)));
654 req
->outbuf
= (uint8_t *)enc_buf
;
655 req
->enc_state
= cli
->trans_enc_state
;
660 event_fd_set_writeable(cli
->fd_event
);
664 * @brief Send a request to the server
665 * @param[in] mem_ctx The TALLOC_CTX for the result
666 * @param[in] ev The event context that will call us back
667 * @param[in] cli The cli_state we queue the request up for
668 * @param[in] smb_command The command that we want to issue
669 * @param[in] additional_flags open_and_x wants to add oplock header flags
670 * @param[in] wct How many words?
671 * @param[in] vwv The words, already in network order
672 * @param[in] bytes_alignment How shall we align "bytes"?
673 * @param[in] num_bytes How many bytes?
674 * @param[in] bytes The data the request ships
676 * This is the generic routine to be used by the cli_xxx_send routines.
679 struct async_req
*cli_request_send(TALLOC_CTX
*mem_ctx
,
680 struct event_context
*ev
,
681 struct cli_state
*cli
,
683 uint8_t additional_flags
,
684 uint8_t wct
, const uint16_t *vwv
,
685 size_t bytes_alignment
,
686 uint32_t num_bytes
, const uint8_t *bytes
)
688 struct async_req
*result
;
691 if (cli
->chain_accumulator
== NULL
) {
692 if (!cli_chain_cork(cli
, ev
,
693 wct
* sizeof(uint16_t) + num_bytes
+ 3)) {
694 DEBUG(1, ("cli_chain_cork failed\n"));
700 result
= cli_request_chain(mem_ctx
, ev
, cli
, smb_command
,
701 additional_flags
, wct
, vwv
, bytes_alignment
,
704 if (result
== NULL
) {
705 DEBUG(1, ("cli_request_chain failed\n"));
709 cli_chain_uncork(cli
);
716 * Calculate the current ofs to wct for requests like write&x
717 * @param[in] req The smb request we're currently building
718 * @retval how many bytes offset have we accumulated?
721 uint16_t cli_wct_ofs(const struct cli_state
*cli
)
725 if (cli
->chain_accumulator
== NULL
) {
729 buf_size
= talloc_get_size(cli
->chain_accumulator
->outbuf
);
731 if (buf_size
== smb_wct
) {
736 * Add alignment for subsequent requests
739 if ((buf_size
% 4) != 0) {
740 buf_size
+= (4 - (buf_size
% 4));
747 * Figure out if there is an andx command behind the current one
748 * @param[in] buf The smb buffer to look at
749 * @param[in] ofs The offset to the wct field that is followed by the cmd
750 * @retval Is there a command following?
753 static bool have_andx_command(const char *buf
, uint16_t ofs
)
756 size_t buflen
= talloc_get_size(buf
);
758 if ((ofs
== buflen
-1) || (ofs
== buflen
)) {
762 wct
= CVAL(buf
, ofs
);
765 * Not enough space for the command and a following pointer
769 return (CVAL(buf
, ofs
+1) != 0xff);
773 * @brief Pull reply data out of a request
774 * @param[in] req The request that we just received a reply for
775 * @param[out] pwct How many words did the server send?
776 * @param[out] pvwv The words themselves
777 * @param[out] pnum_bytes How many bytes did the server send?
778 * @param[out] pbytes The bytes themselves
779 * @retval Was the reply formally correct?
782 NTSTATUS
cli_pull_reply(struct async_req
*req
,
783 uint8_t *pwct
, uint16_t **pvwv
,
784 uint16_t *pnum_bytes
, uint8_t **pbytes
)
786 struct cli_request
*cli_req
= talloc_get_type_abort(
787 req
->private_data
, struct cli_request
);
790 size_t wct_ofs
, bytes_offset
;
794 for (i
= 0; i
< cli_req
->num_async
; i
++) {
795 if (req
== cli_req
->async
[i
]) {
800 if (i
== cli_req
->num_async
) {
801 cli_set_error(cli_req
->cli
, NT_STATUS_INVALID_PARAMETER
);
802 return NT_STATUS_INVALID_PARAMETER
;
806 * The status we pull here is only relevant for the last reply in the
810 status
= cli_pull_error(cli_req
->inbuf
);
813 if (NT_STATUS_IS_ERR(status
)
814 && !have_andx_command(cli_req
->inbuf
, smb_wct
)) {
815 cli_set_error(cli_req
->cli
, status
);
822 cmd
= CVAL(cli_req
->inbuf
, smb_com
);
825 for (j
= 0; j
< i
; j
++) {
828 return NT_STATUS_REQUEST_ABORTED
;
830 if (!is_andx_req(cmd
)) {
831 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
835 if (!have_andx_command(cli_req
->inbuf
, wct_ofs
)) {
837 * This request was not completed because a previous
838 * request in the chain had received an error.
840 return NT_STATUS_REQUEST_ABORTED
;
843 wct_ofs
= SVAL(cli_req
->inbuf
, wct_ofs
+ 3);
846 * Skip the all-present length field. No overflow, we've just
847 * put a 16-bit value into a size_t.
851 if (wct_ofs
+2 > talloc_get_size(cli_req
->inbuf
)) {
852 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
855 cmd
= CVAL(cli_req
->inbuf
, wct_ofs
+ 1);
858 if (!have_andx_command(cli_req
->inbuf
, wct_ofs
)
859 && NT_STATUS_IS_ERR(status
)) {
861 * The last command takes the error code. All further commands
862 * down the requested chain will get a
863 * NT_STATUS_REQUEST_ABORTED.
869 wct
= CVAL(cli_req
->inbuf
, wct_ofs
);
871 bytes_offset
= wct_ofs
+ 1 + wct
* sizeof(uint16_t);
872 num_bytes
= SVAL(cli_req
->inbuf
, bytes_offset
);
875 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
876 * is a 16-bit value. So bytes_offset being size_t should be far from
880 if ((bytes_offset
+ 2 > talloc_get_size(cli_req
->inbuf
))
881 || (bytes_offset
> 0xffff)) {
882 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
886 *pvwv
= (uint16_t *)(cli_req
->inbuf
+ wct_ofs
+ 1);
887 *pnum_bytes
= num_bytes
;
888 *pbytes
= (uint8_t *)cli_req
->inbuf
+ bytes_offset
+ 2;
894 * Decrypt a PDU, check the signature
895 * @param[in] cli The cli_state that received something
896 * @param[in] pdu The incoming bytes
901 static NTSTATUS
validate_smb_crypto(struct cli_state
*cli
, char *pdu
)
905 if ((IVAL(pdu
, 4) != 0x424d53ff) /* 0xFF"SMB" */
906 && (SVAL(pdu
, 4) != 0x45ff)) /* 0xFF"E" */ {
907 DEBUG(10, ("Got non-SMB PDU\n"));
908 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
911 if (cli_encryption_on(cli
) && CVAL(pdu
, 0) == 0) {
912 uint16_t enc_ctx_num
;
914 status
= get_enc_ctx_num((uint8_t *)pdu
, &enc_ctx_num
);
915 if (!NT_STATUS_IS_OK(status
)) {
916 DEBUG(10, ("get_enc_ctx_num returned %s\n",
921 if (enc_ctx_num
!= cli
->trans_enc_state
->enc_ctx_num
) {
922 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
924 cli
->trans_enc_state
->enc_ctx_num
));
925 return NT_STATUS_INVALID_HANDLE
;
928 status
= common_decrypt_buffer(cli
->trans_enc_state
, pdu
);
929 if (!NT_STATUS_IS_OK(status
)) {
930 DEBUG(10, ("common_decrypt_buffer returned %s\n",
936 if (!cli_check_sign_mac(cli
, pdu
)) {
937 DEBUG(10, ("cli_check_sign_mac failed\n"));
940 return NT_STATUS_ACCESS_DENIED
;
947 * A PDU has arrived on cli->evt_inbuf
948 * @param[in] cli The cli_state that received something
951 static void handle_incoming_pdu(struct cli_state
*cli
)
953 struct cli_request
*req
, *next
;
955 size_t raw_pdu_len
, buf_len
, pdu_len
, rest_len
;
963 * The encrypted PDU len might differ from the unencrypted one
965 raw_pdu_len
= smb_len(cli
->evt_inbuf
) + 4;
966 buf_len
= talloc_get_size(cli
->evt_inbuf
);
967 rest_len
= buf_len
- raw_pdu_len
;
969 if (buf_len
== raw_pdu_len
) {
971 * Optimal case: Exactly one PDU was in the socket buffer
973 pdu
= cli
->evt_inbuf
;
974 cli
->evt_inbuf
= NULL
;
977 DEBUG(11, ("buf_len = %d, raw_pdu_len = %d, splitting "
978 "buffer\n", (int)buf_len
, (int)raw_pdu_len
));
980 if (raw_pdu_len
< rest_len
) {
982 * The PDU is shorter, talloc_memdup that one.
984 pdu
= (char *)talloc_memdup(
985 cli
, cli
->evt_inbuf
, raw_pdu_len
);
987 memmove(cli
->evt_inbuf
, cli
->evt_inbuf
+ raw_pdu_len
,
988 buf_len
- raw_pdu_len
);
990 cli
->evt_inbuf
= TALLOC_REALLOC_ARRAY(
991 NULL
, cli
->evt_inbuf
, char, rest_len
);
994 status
= NT_STATUS_NO_MEMORY
;
995 goto invalidate_requests
;
1000 * The PDU is larger than the rest, talloc_memdup the
1003 pdu
= cli
->evt_inbuf
;
1005 cli
->evt_inbuf
= (char *)talloc_memdup(
1006 cli
, pdu
+ raw_pdu_len
, rest_len
);
1008 if (cli
->evt_inbuf
== NULL
) {
1009 status
= NT_STATUS_NO_MEMORY
;
1010 goto invalidate_requests
;
1015 if ((raw_pdu_len
== 4) && (CVAL(pdu
, 0) == SMBkeepalive
)) {
1016 DEBUG(10, ("Got keepalive\n"));
1021 status
= validate_smb_crypto(cli
, pdu
);
1022 if (!NT_STATUS_IS_OK(status
)) {
1023 goto invalidate_requests
;
1026 mid
= SVAL(pdu
, smb_mid
);
1028 DEBUG(10, ("handle_incoming_pdu: got mid %d\n", mid
));
1030 for (req
= cli
->outstanding_requests
; req
; req
= req
->next
) {
1031 if (req
->mid
== mid
) {
1036 pdu_len
= smb_len(pdu
) + 4;
1039 DEBUG(3, ("Request for mid %d not found, dumping PDU\n", mid
));
1045 req
->inbuf
= talloc_move(req
, &pdu
);
1048 * Freeing the last async_req will free the req (see
1049 * cli_async_req_destructor). So make a copy of req->num_async, we
1050 * can't reference it in the last round.
1053 num_async
= req
->num_async
;
1055 for (i
=0; i
<num_async
; i
++) {
1057 * A request might have been talloc_free()'ed before we arrive
1058 * here. It will have removed itself from req->async via its
1059 * destructor cli_async_req_destructor().
1061 if (req
->async
[i
] != NULL
) {
1062 if (req
->recv_helper
.fn
!= NULL
) {
1063 req
->recv_helper
.fn(req
->async
[i
]);
1065 async_req_done(req
->async
[i
]);
1071 invalidate_requests
:
1073 DEBUG(10, ("handle_incoming_pdu: Aborting with %s\n",
1074 nt_errstr(status
)));
1076 for (req
= cli
->outstanding_requests
; req
; req
= next
) {
1078 if (req
->num_async
) {
1079 async_req_nterror(req
->async
[0], status
);
1086 * fd event callback. This is the basic connection to the socket
1087 * @param[in] event_ctx The event context that called us
1088 * @param[in] event The event that fired
1089 * @param[in] flags EVENT_FD_READ | EVENT_FD_WRITE
1090 * @param[in] p private_data, in this case the cli_state
1093 static void cli_state_handler(struct event_context
*event_ctx
,
1094 struct fd_event
*event
, uint16 flags
, void *p
)
1096 struct cli_state
*cli
= (struct cli_state
*)p
;
1097 struct cli_request
*req
, *next
;
1100 DEBUG(11, ("cli_state_handler called with flags %d\n", flags
));
1102 if (cli
->fd
== -1) {
1103 status
= NT_STATUS_CONNECTION_INVALID
;
1107 if (flags
& EVENT_FD_WRITE
) {
1111 for (req
= cli
->outstanding_requests
; req
; req
= req
->next
) {
1112 to_send
= smb_len(req
->outbuf
)+4;
1113 if (to_send
> req
->sent
) {
1119 if (cli
->fd_event
!= NULL
) {
1120 event_fd_set_not_writeable(cli
->fd_event
);
1125 sent
= sys_send(cli
->fd
, req
->outbuf
+ req
->sent
,
1126 to_send
- req
->sent
, 0);
1129 status
= map_nt_error_from_unix(errno
);
1135 if (req
->sent
== to_send
) {
1140 if (flags
& EVENT_FD_READ
) {
1142 size_t old_size
, new_size
;
1145 res
= ioctl(cli
->fd
, FIONREAD
, &available
);
1147 DEBUG(10, ("ioctl(FIONREAD) failed: %s\n",
1149 status
= map_nt_error_from_unix(errno
);
1153 if (available
== 0) {
1155 status
= NT_STATUS_END_OF_FILE
;
1159 old_size
= talloc_get_size(cli
->evt_inbuf
);
1160 new_size
= old_size
+ available
;
1162 if (new_size
< old_size
) {
1164 status
= NT_STATUS_UNEXPECTED_IO_ERROR
;
1168 tmp
= TALLOC_REALLOC_ARRAY(cli
, cli
->evt_inbuf
, char,
1172 status
= NT_STATUS_NO_MEMORY
;
1175 cli
->evt_inbuf
= tmp
;
1177 res
= sys_recv(cli
->fd
, cli
->evt_inbuf
+ old_size
, available
, 0);
1179 DEBUG(10, ("recv failed: %s\n", strerror(errno
)));
1180 status
= map_nt_error_from_unix(errno
);
1184 DEBUG(11, ("cli_state_handler: received %d bytes, "
1185 "smb_len(evt_inbuf) = %d\n", (int)res
,
1186 smb_len(cli
->evt_inbuf
)));
1188 /* recv *might* have returned less than announced */
1189 new_size
= old_size
+ res
;
1191 /* shrink, so I don't expect errors here */
1192 cli
->evt_inbuf
= TALLOC_REALLOC_ARRAY(cli
, cli
->evt_inbuf
,
1195 while ((cli
->evt_inbuf
!= NULL
)
1196 && ((smb_len(cli
->evt_inbuf
) + 4) <= new_size
)) {
1198 * we've got a complete NBT level PDU in evt_inbuf
1200 handle_incoming_pdu(cli
);
1201 new_size
= talloc_get_size(cli
->evt_inbuf
);
1209 for (req
= cli
->outstanding_requests
; req
; req
= next
) {
1213 num_async
= req
->num_async
;
1215 for (i
=0; i
<num_async
; i
++) {
1216 async_req_nterror(req
->async
[i
], status
);
1219 TALLOC_FREE(cli
->fd_event
);
1220 if (cli
->fd
!= -1) {