2 Unix SMB/CIFS implementation.
3 SMB client generic functions
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /*******************************************************************
24 Setup the word count and byte count for a client smb message.
25 ********************************************************************/
27 int cli_set_message(char *buf
,int num_words
,int num_bytes
,bool zero
)
29 if (zero
&& (num_words
|| num_bytes
)) {
30 memset(buf
+ smb_size
,'\0',num_words
*2 + num_bytes
);
32 SCVAL(buf
,smb_wct
,num_words
);
33 SSVAL(buf
,smb_vwv
+ num_words
*SIZEOFWORD
,num_bytes
);
34 smb_setlen(buf
,smb_size
+ num_words
*2 + num_bytes
- 4);
35 return (smb_size
+ num_words
*2 + num_bytes
);
38 /****************************************************************************
39 Change the timeout (in milliseconds).
40 ****************************************************************************/
42 unsigned int cli_set_timeout(struct cli_state
*cli
, unsigned int timeout
)
44 unsigned int old_timeout
= cli
->timeout
;
45 cli
->timeout
= timeout
;
49 /****************************************************************************
50 Change the port number used to call on.
51 ****************************************************************************/
53 int cli_set_port(struct cli_state
*cli
, int port
)
59 /****************************************************************************
60 Read an smb from a fd ignoring all keepalive packets.
61 The timeout is in milliseconds
63 This is exactly the same as receive_smb except that it never returns
64 a session keepalive packet (just as receive_smb used to do).
65 receive_smb was changed to return keepalives as the oplock processing means this call
66 should never go into a blocking read.
67 ****************************************************************************/
69 static ssize_t
client_receive_smb(struct cli_state
*cli
, size_t maxlen
)
76 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_OK
);
78 status
= receive_smb_raw(cli
->fd
, cli
->inbuf
, cli
->bufsize
,
79 cli
->timeout
, maxlen
, &len
);
80 if (!NT_STATUS_IS_OK(status
)) {
81 DEBUG(10,("client_receive_smb failed\n"));
84 if (NT_STATUS_EQUAL(status
, NT_STATUS_END_OF_FILE
)) {
85 set_smb_read_error(&cli
->smb_rw_error
,
90 if (NT_STATUS_EQUAL(status
, NT_STATUS_IO_TIMEOUT
)) {
91 set_smb_read_error(&cli
->smb_rw_error
,
96 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_ERROR
);
101 * I don't believe len can be < 0 with NT_STATUS_OK
102 * returned above, but this check doesn't hurt. JRA.
105 if ((ssize_t
)len
< 0) {
109 /* Ignore session keepalive packets. */
110 if(CVAL(cli
->inbuf
,0) != SMBkeepalive
) {
115 if (cli_encryption_on(cli
)) {
116 NTSTATUS status
= cli_decrypt_message(cli
);
117 if (!NT_STATUS_IS_OK(status
)) {
118 DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
120 cli
->smb_rw_error
= SMB_READ_BAD_DECRYPT
;
125 show_msg(cli
->inbuf
);
129 /****************************************************************************
131 ****************************************************************************/
133 bool cli_receive_smb(struct cli_state
*cli
)
137 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
142 len
= client_receive_smb(cli
, 0);
145 /* it might be an oplock break request */
146 if (!(CVAL(cli
->inbuf
, smb_flg
) & FLAG_REPLY
) &&
147 CVAL(cli
->inbuf
,smb_com
) == SMBlockingX
&&
148 SVAL(cli
->inbuf
,smb_vwv6
) == 0 &&
149 SVAL(cli
->inbuf
,smb_vwv7
) == 0) {
150 if (cli
->oplock_handler
) {
151 int fnum
= SVAL(cli
->inbuf
,smb_vwv2
);
152 unsigned char level
= CVAL(cli
->inbuf
,smb_vwv3
+1);
153 if (!cli
->oplock_handler(cli
, fnum
, level
)) {
157 /* try to prevent loops */
158 SCVAL(cli
->inbuf
,smb_com
,0xFF);
163 /* If the server is not responding, note that now */
165 DEBUG(0, ("Receiving SMB: Server stopped responding\n"));
171 if (!cli_check_sign_mac(cli
, cli
->inbuf
)) {
173 * If we get a signature failure in sessionsetup, then
174 * the server sometimes just reflects the sent signature
175 * back to us. Detect this and allow the upper layer to
176 * retrieve the correct Windows error message.
178 if (CVAL(cli
->outbuf
,smb_com
) == SMBsesssetupX
&&
179 (smb_len(cli
->inbuf
) > (smb_ss_field
+ 8 - 4)) &&
180 (SVAL(cli
->inbuf
,smb_flg2
) & FLAGS2_SMB_SECURITY_SIGNATURES
) &&
181 memcmp(&cli
->outbuf
[smb_ss_field
],&cli
->inbuf
[smb_ss_field
],8) == 0 &&
185 * Reflected signature on login error.
186 * Set bad sig but don't close fd.
188 cli
->smb_rw_error
= SMB_READ_BAD_SIG
;
192 DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
193 cli
->smb_rw_error
= SMB_READ_BAD_SIG
;
201 /****************************************************************************
202 Read the data portion of a readX smb.
203 The timeout is in milliseconds
204 ****************************************************************************/
206 ssize_t
cli_receive_smb_data(struct cli_state
*cli
, char *buffer
, size_t len
)
210 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_OK
);
212 status
= read_socket_with_timeout(
213 cli
->fd
, buffer
, len
, len
, cli
->timeout
, NULL
);
214 if (NT_STATUS_IS_OK(status
)) {
218 if (NT_STATUS_EQUAL(status
, NT_STATUS_END_OF_FILE
)) {
219 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_EOF
);
223 if (NT_STATUS_EQUAL(status
, NT_STATUS_IO_TIMEOUT
)) {
224 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_TIMEOUT
);
228 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_ERROR
);
232 static ssize_t
write_socket(int fd
, const char *buf
, size_t len
)
236 DEBUG(6,("write_socket(%d,%d)\n",fd
,(int)len
));
237 ret
= write_data(fd
,buf
,len
);
239 DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd
,(int)len
,(int)ret
));
241 DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n",
242 (int)len
, fd
, strerror(errno
) ));
247 /****************************************************************************
249 ****************************************************************************/
251 bool cli_send_smb(struct cli_state
*cli
)
256 char *buf_out
= cli
->outbuf
;
257 bool enc_on
= cli_encryption_on(cli
);
259 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
263 cli_calculate_sign_mac(cli
, cli
->outbuf
);
266 NTSTATUS status
= cli_encrypt_message(cli
, cli
->outbuf
,
268 if (!NT_STATUS_IS_OK(status
)) {
271 cli
->smb_rw_error
= SMB_WRITE_ERROR
;
272 DEBUG(0,("Error in encrypting client message. Error %s\n",
273 nt_errstr(status
) ));
278 len
= smb_len(buf_out
) + 4;
280 while (nwritten
< len
) {
281 ret
= write_socket(cli
->fd
,buf_out
+nwritten
,len
- nwritten
);
284 cli_free_enc_buffer(cli
, buf_out
);
288 cli
->smb_rw_error
= SMB_WRITE_ERROR
;
289 DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",
290 (int)len
,(int)ret
, strerror(errno
) ));
297 cli_free_enc_buffer(cli
, buf_out
);
300 /* Increment the mid so we can tell between responses. */
307 /****************************************************************************
308 Send a "direct" writeX smb to a fd.
309 ****************************************************************************/
311 bool cli_send_smb_direct_writeX(struct cli_state
*cli
,
315 /* First length to send is the offset to the data. */
316 size_t len
= SVAL(cli
->outbuf
,smb_vwv11
) + 4;
320 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
325 if (client_is_signing_on(cli
)) {
326 DEBUG(0,("cli_send_smb_large: cannot send signed packet.\n"));
330 iov
[0].iov_base
= cli
->outbuf
;
331 iov
[0].iov_len
= len
;
332 iov
[1].iov_base
= CONST_DISCARD(char *, p
);
333 iov
[1].iov_len
= extradata
;
335 nwritten
= write_data_iov(cli
->fd
, iov
, 2);
336 if (nwritten
< (len
+ extradata
)) {
339 cli
->smb_rw_error
= SMB_WRITE_ERROR
;
340 DEBUG(0,("Error writing %d bytes to client. (%s)\n",
341 (int)(len
+extradata
), strerror(errno
)));
345 /* Increment the mid so we can tell between responses. */
352 /****************************************************************************
353 Setup basics in a outgoing packet.
354 ****************************************************************************/
356 void cli_setup_packet_buf(struct cli_state
*cli
, char *buf
)
360 SIVAL(buf
,smb_rcls
,0);
361 SSVAL(buf
,smb_pid
,cli
->pid
);
362 memset(buf
+smb_pidhigh
, 0, 12);
363 SSVAL(buf
,smb_uid
,cli
->vuid
);
364 SSVAL(buf
,smb_mid
,cli
->mid
);
366 if (cli
->protocol
<= PROTOCOL_CORE
) {
370 if (cli
->case_sensitive
) {
371 SCVAL(buf
,smb_flg
,0x0);
373 /* Default setting, case insensitive. */
374 SCVAL(buf
,smb_flg
,0x8);
376 flags2
= FLAGS2_LONG_PATH_COMPONENTS
;
377 if (cli
->capabilities
& CAP_UNICODE
)
378 flags2
|= FLAGS2_UNICODE_STRINGS
;
379 if ((cli
->capabilities
& CAP_DFS
) && cli
->dfsroot
)
380 flags2
|= FLAGS2_DFS_PATHNAMES
;
381 if (cli
->capabilities
& CAP_STATUS32
)
382 flags2
|= FLAGS2_32_BIT_ERROR_CODES
;
384 flags2
|= FLAGS2_EXTENDED_SECURITY
;
385 SSVAL(buf
,smb_flg2
, flags2
);
388 void cli_setup_packet(struct cli_state
*cli
)
390 cli_setup_packet_buf(cli
, cli
->outbuf
);
393 /****************************************************************************
394 Setup the bcc length of the packet from a pointer to the end of the data.
395 ****************************************************************************/
397 void cli_setup_bcc(struct cli_state
*cli
, void *p
)
399 set_message_bcc(cli
->outbuf
, PTR_DIFF(p
, smb_buf(cli
->outbuf
)));
402 /****************************************************************************
403 Initialise credentials of a client structure.
404 ****************************************************************************/
406 void cli_init_creds(struct cli_state
*cli
, const char *username
, const char *domain
, const char *password
)
408 fstrcpy(cli
->domain
, domain
);
409 fstrcpy(cli
->user_name
, username
);
410 pwd_set_cleartext(&cli
->pwd
, password
);
412 cli
->pwd
.null_pwd
= true;
415 DEBUG(10,("cli_init_creds: user %s domain %s\n", cli
->user_name
, cli
->domain
));
418 /****************************************************************************
419 Set the signing state (used from the command line).
420 ****************************************************************************/
422 void cli_setup_signing_state(struct cli_state
*cli
, int signing_state
)
424 if (signing_state
== Undefined
)
427 if (signing_state
== false) {
428 cli
->sign_info
.allow_smb_signing
= false;
429 cli
->sign_info
.mandatory_signing
= false;
433 cli
->sign_info
.allow_smb_signing
= true;
435 if (signing_state
== Required
)
436 cli
->sign_info
.mandatory_signing
= true;
439 /****************************************************************************
440 Initialise a client structure. Always returns a malloc'ed struct.
441 ****************************************************************************/
443 struct cli_state
*cli_initialise(void)
445 struct cli_state
*cli
= NULL
;
447 /* Check the effective uid - make sure we are not setuid */
448 if (is_setuid_root()) {
449 DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
453 cli
= talloc(NULL
, struct cli_state
);
463 cli
->pid
= (uint16
)sys_getpid();
465 cli
->vuid
= UID_FIELD_INVALID
;
466 cli
->protocol
= PROTOCOL_NT1
;
467 cli
->timeout
= 20000; /* Timeout is in milliseconds. */
468 cli
->bufsize
= CLI_BUFFER_SIZE
+4;
469 cli
->max_xmit
= cli
->bufsize
;
470 cli
->outbuf
= (char *)SMB_MALLOC(cli
->bufsize
+SAFETY_MARGIN
);
471 cli
->inbuf
= (char *)SMB_MALLOC(cli
->bufsize
+SAFETY_MARGIN
);
472 cli
->oplock_handler
= cli_oplock_ack
;
473 cli
->case_sensitive
= false;
474 cli
->smb_rw_error
= SMB_READ_OK
;
476 cli
->use_spnego
= lp_client_use_spnego();
478 cli
->capabilities
= CAP_UNICODE
| CAP_STATUS32
| CAP_DFS
;
480 /* Set the CLI_FORCE_DOSERR environment variable to test
481 client routines using DOS errors instead of STATUS32
482 ones. This intended only as a temporary hack. */
483 if (getenv("CLI_FORCE_DOSERR"))
484 cli
->force_dos_errors
= true;
486 if (lp_client_signing())
487 cli
->sign_info
.allow_smb_signing
= true;
489 if (lp_client_signing() == Required
)
490 cli
->sign_info
.mandatory_signing
= true;
492 if (!cli
->outbuf
|| !cli
->inbuf
)
495 memset(cli
->outbuf
, 0, cli
->bufsize
);
496 memset(cli
->inbuf
, 0, cli
->bufsize
);
499 #if defined(DEVELOPER)
500 /* just because we over-allocate, doesn't mean it's right to use it */
501 clobber_region(FUNCTION_MACRO
, __LINE__
, cli
->outbuf
+cli
->bufsize
, SAFETY_MARGIN
);
502 clobber_region(FUNCTION_MACRO
, __LINE__
, cli
->inbuf
+cli
->bufsize
, SAFETY_MARGIN
);
505 /* initialise signing */
506 cli_null_set_signing(cli
);
508 cli
->initialised
= 1;
512 /* Clean up after malloc() error */
516 SAFE_FREE(cli
->inbuf
);
517 SAFE_FREE(cli
->outbuf
);
522 /****************************************************************************
524 Close an open named pipe over SMB. Free any authentication data.
525 Returns false if the cli_close call failed.
526 ****************************************************************************/
528 bool cli_rpc_pipe_close(struct rpc_pipe_client
*cli
)
536 ret
= cli_close(cli
->cli
, cli
->fnum
);
539 DEBUG(1,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
541 "to machine %s. Error was %s\n",
545 cli_errstr(cli
->cli
)));
548 if (cli
->auth
.cli_auth_data_free_func
) {
549 (*cli
->auth
.cli_auth_data_free_func
)(&cli
->auth
);
552 DEBUG(10,("cli_rpc_pipe_close: closed pipe %s to machine %s\n",
553 cli
->pipe_name
, cli
->cli
->desthost
));
555 DLIST_REMOVE(cli
->cli
->pipe_list
, cli
);
556 talloc_destroy(cli
->mem_ctx
);
560 /****************************************************************************
561 Close all pipes open on this session.
562 ****************************************************************************/
564 void cli_nt_pipes_close(struct cli_state
*cli
)
566 struct rpc_pipe_client
*cp
, *next
;
568 for (cp
= cli
->pipe_list
; cp
; cp
= next
) {
570 cli_rpc_pipe_close(cp
);
574 /****************************************************************************
575 Shutdown a client structure.
576 ****************************************************************************/
578 void cli_shutdown(struct cli_state
*cli
)
580 cli_nt_pipes_close(cli
);
583 * tell our peer to free his resources. Wihtout this, when an
584 * application attempts to do a graceful shutdown and calls
585 * smbc_free_context() to clean up all connections, some connections
586 * can remain active on the peer end, until some (long) timeout period
587 * later. This tree disconnect forces the peer to clean up, since the
588 * connection will be going away.
590 * Also, do not do tree disconnect when cli->smb_rw_error is SMB_DO_NOT_DO_TDIS
591 * the only user for this so far is smbmount which passes opened connection
592 * down to kernel's smbfs module.
594 if ( (cli
->cnum
!= (uint16
)-1) && (cli
->smb_rw_error
!= SMB_DO_NOT_DO_TDIS
) ) {
598 SAFE_FREE(cli
->outbuf
);
599 SAFE_FREE(cli
->inbuf
);
601 cli_free_signing_context(cli
);
602 data_blob_free(&cli
->secblob
);
603 data_blob_free(&cli
->user_session_key
);
609 cli
->smb_rw_error
= SMB_READ_OK
;
614 /****************************************************************************
615 Set socket options on a open connection.
616 ****************************************************************************/
618 void cli_sockopt(struct cli_state
*cli
, const char *options
)
620 set_socket_options(cli
->fd
, options
);
623 /****************************************************************************
624 Set the PID to use for smb messages. Return the old pid.
625 ****************************************************************************/
627 uint16
cli_setpid(struct cli_state
*cli
, uint16 pid
)
629 uint16 ret
= cli
->pid
;
634 /****************************************************************************
635 Set the case sensitivity flag on the packets. Returns old state.
636 ****************************************************************************/
638 bool cli_set_case_sensitive(struct cli_state
*cli
, bool case_sensitive
)
640 bool ret
= cli
->case_sensitive
;
641 cli
->case_sensitive
= case_sensitive
;
645 /****************************************************************************
646 Send a keepalive packet to the server
647 ****************************************************************************/
649 bool cli_send_keepalive(struct cli_state
*cli
)
652 DEBUG(3, ("cli_send_keepalive: fd == -1\n"));
655 if (!send_keepalive(cli
->fd
)) {
658 DEBUG(0,("Error sending keepalive packet to client.\n"));
664 /****************************************************************************
665 Send/receive a SMBecho command: ping the server
666 ****************************************************************************/
668 bool cli_echo(struct cli_state
*cli
, uint16 num_echos
,
669 unsigned char *data
, size_t length
)
674 SMB_ASSERT(length
< 1024);
676 memset(cli
->outbuf
,'\0',smb_size
);
677 cli_set_message(cli
->outbuf
,1,length
,true);
678 SCVAL(cli
->outbuf
,smb_com
,SMBecho
);
679 SSVAL(cli
->outbuf
,smb_tid
,65535);
680 SSVAL(cli
->outbuf
,smb_vwv0
,num_echos
);
681 cli_setup_packet(cli
);
682 p
= smb_buf(cli
->outbuf
);
683 memcpy(p
, data
, length
);
686 cli_setup_bcc(cli
, p
);
690 for (i
=0; i
<num_echos
; i
++) {
691 if (!cli_receive_smb(cli
)) {
695 if (cli_is_error(cli
)) {