search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-libsmbclient Convert dos error codes to NTstatus in async libsmbclient.
[Samba.git] / source3 / libsmb / async_smb.c
blob8e08d6fc406556ff2c47ac4b3c3fafdd0307a429
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 /*
23 * Read an smb packet asynchronously, discard keepalives
24 */
25
26 struct read_smb_state {
27 struct tevent_context *ev;
28 int fd;
29 uint8_t *buf;
30 };
31
32 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data);
33 static void read_smb_done(struct tevent_req *subreq);
34
35 static struct tevent_req *read_smb_send(TALLOC_CTX *mem_ctx,
36 struct tevent_context *ev,
37 int fd)
38 {
39 struct tevent_req *result, *subreq;
40 struct read_smb_state *state;
41
42 result = tevent_req_create(mem_ctx, &state, struct read_smb_state);
43 if (result == NULL) {
44 return NULL;
45 }
46 state->ev = ev;
47 state->fd = fd;
48
49 subreq = read_packet_send(state, ev, fd, 4, read_smb_more, NULL);
50 if (subreq == NULL) {
51 goto fail;
52 }
53 tevent_req_set_callback(subreq, read_smb_done, result);
54 return result;
55 fail:
56 TALLOC_FREE(result);
57 return NULL;
58 }
59
60 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data)
61 {
62 if (buflen > 4) {
63 return 0; /* We've been here, we're done */
64 }
65 return smb_len_large(buf);
66 }
67
68 static void read_smb_done(struct tevent_req *subreq)
69 {
70 struct tevent_req *req = tevent_req_callback_data(
71 subreq, struct tevent_req);
72 struct read_smb_state *state = tevent_req_data(
73 req, struct read_smb_state);
74 ssize_t len;
75 int err;
76
77 len = read_packet_recv(subreq, state, &state->buf, &err);
78 TALLOC_FREE(subreq);
79 if (len == -1) {
80 tevent_req_error(req, err);
81 return;
82 }
83
84 if (CVAL(state->buf, 0) == SMBkeepalive) {
85 subreq = read_packet_send(state, state->ev, state->fd, 4,
86 read_smb_more, NULL);
87 if (tevent_req_nomem(subreq, req)) {
88 return;
89 }
90 tevent_req_set_callback(subreq, read_smb_done, req);
91 return;
92 }
93 tevent_req_done(req);
94 }
95
96 static ssize_t read_smb_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
97 uint8_t **pbuf, int *perrno)
98 {
99 struct read_smb_state *state = tevent_req_data(
100 req, struct read_smb_state);
101
102 if (tevent_req_is_unix_error(req, perrno)) {
103 return -1;
104 }
105 *pbuf = talloc_move(mem_ctx, &state->buf);
106 return talloc_get_size(*pbuf);
107 }
108
109 /**
110 * Fetch an error out of a NBT packet
111 * @param[in] buf The SMB packet
112 * @retval The error, converted to NTSTATUS
113 */
114
115 NTSTATUS cli_pull_error(char *buf)
116 {
117 uint32_t flags2 = SVAL(buf, smb_flg2);
118
119 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
120 return NT_STATUS(IVAL(buf, smb_rcls));
121 }
122
123 return dos_to_ntstatus(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
124 }
125
126 /**
127 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
128 * @param[in] cli The client connection that just received an error
129 * @param[in] status The error to set on "cli"
130 */
131
132 void cli_set_error(struct cli_state *cli, NTSTATUS status)
133 {
134 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
135
136 if (NT_STATUS_IS_DOS(status)) {
137 SSVAL(cli->inbuf, smb_flg2,
138 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
139 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
140 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
141 return;
142 }
143
144 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
145 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
146 return;
147 }
148
149 /**
150 * Figure out if there is an andx command behind the current one
151 * @param[in] buf The smb buffer to look at
152 * @param[in] ofs The offset to the wct field that is followed by the cmd
153 * @retval Is there a command following?
154 */
155
156 static bool have_andx_command(const char *buf, uint16_t ofs)
157 {
158 uint8_t wct;
159 size_t buflen = talloc_get_size(buf);
160
161 if ((ofs == buflen-1) || (ofs == buflen)) {
162 return false;
163 }
164
165 wct = CVAL(buf, ofs);
166 if (wct < 2) {
167 /*
168 * Not enough space for the command and a following pointer
169 */
170 return false;
171 }
172 return (CVAL(buf, ofs+1) != 0xff);
173 }
174
175 #define MAX_SMB_IOV 5
176
177 struct cli_smb_state {
178 struct tevent_context *ev;
179 struct cli_state *cli;
180 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
181
182 /*
183 * For normal requests, cli_smb_req_send chooses a mid. Secondary
184 * trans requests need to use the mid of the primary request, so we
185 * need a place to store it. Assume it's set if != 0.
186 */
187 uint16_t mid;
188
189 uint16_t *vwv;
190 uint8_t bytecount_buf[2];
191
192 struct iovec iov[MAX_SMB_IOV+3];
193 int iov_count;
194
195 uint8_t *inbuf;
196 uint32_t seqnum;
197 int chain_num;
198 int chain_length;
199 struct tevent_req **chained_requests;
200 };
201
202 static uint16_t cli_alloc_mid(struct cli_state *cli)
203 {
204 int num_pending = talloc_array_length(cli->pending);
205 uint16_t result;
206
207 while (true) {
208 int i;
209
210 result = cli->mid++;
211 if ((result == 0) || (result == 0xffff)) {
212 continue;
213 }
214
215 for (i=0; i<num_pending; i++) {
216 if (result == cli_smb_req_mid(cli->pending[i])) {
217 break;
218 }
219 }
220
221 if (i == num_pending) {
222 return result;
223 }
224 }
225 }
226
227 void cli_smb_req_unset_pending(struct tevent_req *req)
228 {
229 struct cli_smb_state *state = tevent_req_data(
230 req, struct cli_smb_state);
231 struct cli_state *cli = state->cli;
232 int num_pending = talloc_array_length(cli->pending);
233 int i;
234
235 if (num_pending == 1) {
236 /*
237 * The pending read_smb tevent_req is a child of
238 * cli->pending. So if nothing is pending anymore, we need to
239 * delete the socket read fde.
240 */
241 TALLOC_FREE(cli->pending);
242 return;
243 }
244
245 for (i=0; i<num_pending; i++) {
246 if (req == cli->pending[i]) {
247 break;
248 }
249 }
250 if (i == num_pending) {
251 /*
252 * Something's seriously broken. Just returning here is the
253 * right thing nevertheless, the point of this routine is to
254 * remove ourselves from cli->pending.
255 */
256 return;
257 }
258
259 /*
260 * Remove ourselves from the cli->pending array
261 */
262 if (num_pending > 1) {
263 cli->pending[i] = cli->pending[num_pending-1];
264 }
265
266 /*
267 * No NULL check here, we're shrinking by sizeof(void *), and
268 * talloc_realloc just adjusts the size for this.
269 */
270 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
271 num_pending - 1);
272 return;
273 }
274
275 static int cli_smb_req_destructor(struct tevent_req *req)
276 {
277 cli_smb_req_unset_pending(req);
278 return 0;
279 }
280
281 static void cli_smb_received(struct tevent_req *subreq);
282
283 bool cli_smb_req_set_pending(struct tevent_req *req)
284 {
285 struct cli_smb_state *state = tevent_req_data(
286 req, struct cli_smb_state);
287 struct cli_state *cli;
288 struct tevent_req **pending;
289 int num_pending;
290 struct tevent_req *subreq;
291
292 cli = state->cli;
293 num_pending = talloc_array_length(cli->pending);
294
295 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
296 num_pending+1);
297 if (pending == NULL) {
298 return false;
299 }
300 pending[num_pending] = req;
301 cli->pending = pending;
302 talloc_set_destructor(req, cli_smb_req_destructor);
303
304 if (num_pending > 0) {
305 return true;
306 }
307
308 /*
309 * We're the first ones, add the read_smb request that waits for the
310 * answer from the server
311 */
312 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
313 if (subreq == NULL) {
314 cli_smb_req_unset_pending(req);
315 return false;
316 }
317 tevent_req_set_callback(subreq, cli_smb_received, cli);
318 return true;
319 }
320
321 /*
322 * Fetch a smb request's mid. Only valid after the request has been sent by
323 * cli_smb_req_send().
324 */
325 uint16_t cli_smb_req_mid(struct tevent_req *req)
326 {
327 struct cli_smb_state *state = tevent_req_data(
328 req, struct cli_smb_state);
329 return SVAL(state->header, smb_mid);
330 }
331
332 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
333 {
334 struct cli_smb_state *state = tevent_req_data(
335 req, struct cli_smb_state);
336 state->mid = mid;
337 }
338
339 static size_t iov_len(const struct iovec *iov, int count)
340 {
341 size_t result = 0;
342 int i;
343 for (i=0; i<count; i++) {
344 result += iov[i].iov_len;
345 }
346 return result;
347 }
348
349 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
350 int count)
351 {
352 size_t len = iov_len(iov, count);
353 size_t copied;
354 uint8_t *buf;
355 int i;
356
357 buf = talloc_array(mem_ctx, uint8_t, len);
358 if (buf == NULL) {
359 return NULL;
360 }
361 copied = 0;
362 for (i=0; i<count; i++) {
363 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
364 copied += iov[i].iov_len;
365 }
366 return buf;
367 }
368
369 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
370 struct event_context *ev,
371 struct cli_state *cli,
372 uint8_t smb_command,
373 uint8_t additional_flags,
374 uint8_t wct, uint16_t *vwv,
375 int iov_count,
376 struct iovec *bytes_iov)
377 {
378 struct tevent_req *result;
379 struct cli_smb_state *state;
380 struct timeval endtime;
381
382 if (iov_count > MAX_SMB_IOV) {
383 /*
384 * Should not happen :-)
385 */
386 return NULL;
387 }
388
389 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
390 if (result == NULL) {
391 return NULL;
392 }
393 state->ev = ev;
394 state->cli = cli;
395 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
396 state->chain_num = 0;
397 state->chained_requests = NULL;
398
399 cli_setup_packet_buf(cli, (char *)state->header);
400 SCVAL(state->header, smb_com, smb_command);
401 SSVAL(state->header, smb_tid, cli->cnum);
402 SCVAL(state->header, smb_wct, wct);
403
404 state->vwv = vwv;
405
406 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
407
408 state->iov[0].iov_base = (void *)state->header;
409 state->iov[0].iov_len = sizeof(state->header);
410 state->iov[1].iov_base = (void *)state->vwv;
411 state->iov[1].iov_len = wct * sizeof(uint16_t);
412 state->iov[2].iov_base = (void *)state->bytecount_buf;
413 state->iov[2].iov_len = sizeof(uint16_t);
414
415 if (iov_count != 0) {
416 memcpy(&state->iov[3], bytes_iov,
417 iov_count * sizeof(*bytes_iov));
418 }
419 state->iov_count = iov_count + 3;
420
421 if (cli->timeout) {
422 endtime = timeval_current_ofs(0, cli->timeout * 1000);
423 if (!tevent_req_set_endtime(result, ev, endtime)) {
424 tevent_req_nomem(NULL, result);
425 }
426 }
427 return result;
428 }
429
430 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
431 uint32_t *seqnum)
432 {
433 uint8_t *buf;
434
435 /*
436 * Obvious optimization: Make cli_calculate_sign_mac work with struct
437 * iovec directly. MD5Update would do that just fine.
438 */
439
440 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
441 return NT_STATUS_INVALID_PARAMETER;
442 }
443
444 buf = iov_concat(talloc_tos(), iov, count);
445 if (buf == NULL) {
446 return NT_STATUS_NO_MEMORY;
447 }
448
449 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
450 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
451
452 TALLOC_FREE(buf);
453 return NT_STATUS_OK;
454 }
455
456 static void cli_smb_sent(struct tevent_req *subreq);
457
458 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
459 struct cli_smb_state *state,
460 struct iovec *iov, int iov_count)
461 {
462 struct tevent_req *subreq;
463 NTSTATUS status;
464
465 if (state->cli->fd == -1) {
466 return NT_STATUS_CONNECTION_INVALID;
467 }
468
469 if (iov[0].iov_len < smb_wct) {
470 return NT_STATUS_INVALID_PARAMETER;
471 }
472
473 if (state->mid != 0) {
474 SSVAL(iov[0].iov_base, smb_mid, state->mid);
475 } else {
476 uint16_t mid = cli_alloc_mid(state->cli);
477 SSVAL(iov[0].iov_base, smb_mid, mid);
478 }
479
480 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
481
482 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
483
484 if (!NT_STATUS_IS_OK(status)) {
485 return status;
486 }
487
488 if (cli_encryption_on(state->cli)) {
489 char *buf, *enc_buf;
490
491 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
492 if (buf == NULL) {
493 return NT_STATUS_NO_MEMORY;
494 }
495 status = cli_encrypt_message(state->cli, (char *)buf,
496 &enc_buf);
497 TALLOC_FREE(buf);
498 if (!NT_STATUS_IS_OK(status)) {
499 DEBUG(0, ("Error in encrypting client message: %s\n",
500 nt_errstr(status)));
501 return status;
502 }
503 buf = (char *)talloc_memdup(state, enc_buf,
504 smb_len(enc_buf)+4);
505 SAFE_FREE(enc_buf);
506 if (buf == NULL) {
507 return NT_STATUS_NO_MEMORY;
508 }
509 iov[0].iov_base = (void *)buf;
510 iov[0].iov_len = talloc_get_size(buf);
511 iov_count = 1;
512 }
513 subreq = writev_send(state, state->ev, state->cli->outgoing,
514 state->cli->fd, false, iov, iov_count);
515 if (subreq == NULL) {
516 return NT_STATUS_NO_MEMORY;
517 }
518 tevent_req_set_callback(subreq, cli_smb_sent, req);
519 return NT_STATUS_OK;
520 }
521
522 NTSTATUS cli_smb_req_send(struct tevent_req *req)
523 {
524 struct cli_smb_state *state = tevent_req_data(
525 req, struct cli_smb_state);
526
527 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
528 }
529
530 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
531 struct event_context *ev,
532 struct cli_state *cli,
533 uint8_t smb_command,
534 uint8_t additional_flags,
535 uint8_t wct, uint16_t *vwv,
536 uint32_t num_bytes,
537 const uint8_t *bytes)
538 {
539 struct tevent_req *req;
540 struct iovec iov;
541 NTSTATUS status;
542
543 iov.iov_base = CONST_DISCARD(void *, bytes);
544 iov.iov_len = num_bytes;
545
546 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
547 additional_flags, wct, vwv, 1, &iov);
548 if (req == NULL) {
549 return NULL;
550 }
551
552 status = cli_smb_req_send(req);
553 if (!NT_STATUS_IS_OK(status)) {
554 tevent_req_nterror(req, status);
555 return tevent_req_post(req, ev);
556 }
557 return req;
558 }
559
560 static void cli_smb_sent(struct tevent_req *subreq)
561 {
562 struct tevent_req *req = tevent_req_callback_data(
563 subreq, struct tevent_req);
564 struct cli_smb_state *state = tevent_req_data(
565 req, struct cli_smb_state);
566 ssize_t nwritten;
567 int err;
568
569 nwritten = writev_recv(subreq, &err);
570 TALLOC_FREE(subreq);
571 if (nwritten == -1) {
572 if (state->cli->fd != -1) {
573 close(state->cli->fd);
574 state->cli->fd = -1;
575 }
576 tevent_req_nterror(req, map_nt_error_from_unix(err));
577 return;
578 }
579
580 switch (CVAL(state->header, smb_com)) {
581 case SMBtranss:
582 case SMBtranss2:
583 case SMBnttranss:
584 case SMBntcancel:
585 state->inbuf = NULL;
586 tevent_req_done(req);
587 return;
588 case SMBlockingX:
589 if ((CVAL(state->header, smb_wct) == 8) &&
590 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
591 state->inbuf = NULL;
592 tevent_req_done(req);
593 return;
594 }
595 }
596
597 if (!cli_smb_req_set_pending(req)) {
598 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
599 return;
600 }
601 }
602
603 static void cli_smb_received(struct tevent_req *subreq)
604 {
605 struct cli_state *cli = tevent_req_callback_data(
606 subreq, struct cli_state);
607 struct tevent_req *req;
608 struct cli_smb_state *state;
609 NTSTATUS status;
610 uint8_t *inbuf;
611 ssize_t received;
612 int num_pending;
613 int i, err;
614 uint16_t mid;
615 bool oplock_break;
616
617 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
618 TALLOC_FREE(subreq);
619 if (received == -1) {
620 if (cli->fd != -1) {
621 close(cli->fd);
622 cli->fd = -1;
623 }
624 status = map_nt_error_from_unix(err);
625 goto fail;
626 }
627
628 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
629 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
630 DEBUG(10, ("Got non-SMB PDU\n"));
631 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
632 goto fail;
633 }
634
635 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
636 uint16_t enc_ctx_num;
637
638 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
639 if (!NT_STATUS_IS_OK(status)) {
640 DEBUG(10, ("get_enc_ctx_num returned %s\n",
641 nt_errstr(status)));
642 goto fail;
643 }
644
645 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
646 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
647 enc_ctx_num,
648 cli->trans_enc_state->enc_ctx_num));
649 status = NT_STATUS_INVALID_HANDLE;
650 goto fail;
651 }
652
653 status = common_decrypt_buffer(cli->trans_enc_state,
654 (char *)inbuf);
655 if (!NT_STATUS_IS_OK(status)) {
656 DEBUG(10, ("common_decrypt_buffer returned %s\n",
657 nt_errstr(status)));
658 goto fail;
659 }
660 }
661
662 mid = SVAL(inbuf, smb_mid);
663 num_pending = talloc_array_length(cli->pending);
664
665 for (i=0; i<num_pending; i++) {
666 if (mid == cli_smb_req_mid(cli->pending[i])) {
667 break;
668 }
669 }
670 if (i == num_pending) {
671 /* Dump unexpected reply */
672 TALLOC_FREE(inbuf);
673 goto done;
674 }
675
676 oplock_break = false;
677
678 if (mid == 0xffff) {
679 /*
680 * Paranoia checks that this is really an oplock break request.
681 */
682 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
683 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
684 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
685 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
686 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
687
688 if (!oplock_break) {
689 /* Dump unexpected reply */
690 TALLOC_FREE(inbuf);
691 goto done;
692 }
693 }
694
695 req = cli->pending[i];
696 state = tevent_req_data(req, struct cli_smb_state);
697
698 if (!oplock_break /* oplock breaks are not signed */
699 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
700 DEBUG(10, ("cli_check_sign_mac failed\n"));
701 TALLOC_FREE(inbuf);
702 status = NT_STATUS_ACCESS_DENIED;
703 goto fail;
704 }
705
706 if (state->chained_requests == NULL) {
707 state->inbuf = talloc_move(state, &inbuf);
708 talloc_set_destructor(req, NULL);
709 cli_smb_req_destructor(req);
710 state->chain_num = 0;
711 state->chain_length = 1;
712 tevent_req_done(req);
713 } else {
714 struct tevent_req **chain = talloc_move(
715 talloc_tos(), &state->chained_requests);
716 int num_chained = talloc_array_length(chain);
717
718 for (i=0; i<num_chained; i++) {
719 state = tevent_req_data(chain[i], struct
720 cli_smb_state);
721 state->inbuf = inbuf;
722 state->chain_num = i;
723 state->chain_length = num_chained;
724 tevent_req_done(chain[i]);
725 }
726 TALLOC_FREE(inbuf);
727 TALLOC_FREE(chain);
728 }
729 done:
730 if (talloc_array_length(cli->pending) > 0) {
731 /*
732 * Set up another read request for the other pending cli_smb
733 * requests
734 */
735 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
736 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
737 if (subreq == NULL) {
738 status = NT_STATUS_NO_MEMORY;
739 goto fail;
740 }
741 tevent_req_set_callback(subreq, cli_smb_received, cli);
742 }
743 return;
744 fail:
745 /*
746 * Cancel all pending requests. We don't do a for-loop walking
747 * cli->pending because that array changes in
748 * cli_smb_req_destructor().
749 */
750 while (talloc_array_length(cli->pending) > 0) {
751 req = cli->pending[0];
752 talloc_set_destructor(req, NULL);
753 cli_smb_req_destructor(req);
754 tevent_req_nterror(req, status);
755 }
756 }
757
758 NTSTATUS cli_smb_recv(struct tevent_req *req,
759 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
760 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
761 uint32_t *pnum_bytes, uint8_t **pbytes)
762 {
763 struct cli_smb_state *state = tevent_req_data(
764 req, struct cli_smb_state);
765 NTSTATUS status = NT_STATUS_OK;
766 uint8_t cmd, wct;
767 uint16_t num_bytes;
768 size_t wct_ofs, bytes_offset;
769 int i;
770
771 if (tevent_req_is_nterror(req, &status)) {
772 return status;
773 }
774
775 if (state->inbuf == NULL) {
776 /* This was a request without a reply */
777 return NT_STATUS_OK;
778 }
779
780 wct_ofs = smb_wct;
781 cmd = CVAL(state->inbuf, smb_com);
782
783 for (i=0; i<state->chain_num; i++) {
784 if (i < state->chain_num-1) {
785 if (cmd == 0xff) {
786 return NT_STATUS_REQUEST_ABORTED;
787 }
788 if (!is_andx_req(cmd)) {
789 return NT_STATUS_INVALID_NETWORK_RESPONSE;
790 }
791 }
792
793 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
794 /*
795 * This request was not completed because a previous
796 * request in the chain had received an error.
797 */
798 return NT_STATUS_REQUEST_ABORTED;
799 }
800
801 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
802
803 /*
804 * Skip the all-present length field. No overflow, we've just
805 * put a 16-bit value into a size_t.
806 */
807 wct_ofs += 4;
808
809 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
810 return NT_STATUS_INVALID_NETWORK_RESPONSE;
811 }
812
813 cmd = CVAL(state->inbuf, wct_ofs + 1);
814 }
815
816 status = cli_pull_error((char *)state->inbuf);
817
818 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
819
820 if ((cmd == SMBsesssetupX)
821 && NT_STATUS_EQUAL(
822 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
823 /*
824 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
825 * valid return code for session setup
826 */
827 goto no_err;
828 }
829
830 if (NT_STATUS_IS_ERR(status)) {
831 /*
832 * The last command takes the error code. All
833 * further commands down the requested chain
834 * will get a NT_STATUS_REQUEST_ABORTED.
835 */
836 return status;
837 }
838 }
839
840 no_err:
841
842 wct = CVAL(state->inbuf, wct_ofs);
843 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
844 num_bytes = SVAL(state->inbuf, bytes_offset);
845
846 if (wct < min_wct) {
847 return NT_STATUS_INVALID_NETWORK_RESPONSE;
848 }
849
850 /*
851 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
852 * is a 16-bit value. So bytes_offset being size_t should be far from
853 * wrapping.
854 */
855 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
856 || (bytes_offset > 0xffff)) {
857 return NT_STATUS_INVALID_NETWORK_RESPONSE;
858 }
859
860 if (pwct != NULL) {
861 *pwct = wct;
862 }
863 if (pvwv != NULL) {
864 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
865 }
866 if (pnum_bytes != NULL) {
867 *pnum_bytes = num_bytes;
868 }
869 if (pbytes != NULL) {
870 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
871 }
872 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
873 if (state->chain_num == state->chain_length-1) {
874 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
875 } else {
876 *pinbuf = state->inbuf;
877 }
878 }
879
880 return status;
881 }
882
883 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
884 {
885 size_t wct_ofs;
886 int i;
887
888 wct_ofs = smb_wct - 4;
889
890 for (i=0; i<num_reqs; i++) {
891 struct cli_smb_state *state;
892 state = tevent_req_data(reqs[i], struct cli_smb_state);
893 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
894 wct_ofs = (wct_ofs + 3) & ~3;
895 }
896 return wct_ofs;
897 }
898
899 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
900 {
901 struct cli_smb_state *first_state = tevent_req_data(
902 reqs[0], struct cli_smb_state);
903 struct cli_smb_state *last_state = tevent_req_data(
904 reqs[num_reqs-1], struct cli_smb_state);
905 struct cli_smb_state *state;
906 size_t wct_offset;
907 size_t chain_padding = 0;
908 int i, iovlen;
909 struct iovec *iov = NULL;
910 struct iovec *this_iov;
911 NTSTATUS status;
912
913 iovlen = 0;
914 for (i=0; i<num_reqs; i++) {
915 state = tevent_req_data(reqs[i], struct cli_smb_state);
916 iovlen += state->iov_count;
917 }
918
919 iov = talloc_array(last_state, struct iovec, iovlen);
920 if (iov == NULL) {
921 return NT_STATUS_NO_MEMORY;
922 }
923
924 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
925 last_state, reqs, sizeof(*reqs) * num_reqs);
926 if (first_state->chained_requests == NULL) {
927 TALLOC_FREE(iov);
928 return NT_STATUS_NO_MEMORY;
929 }
930
931 wct_offset = smb_wct - 4;
932 this_iov = iov;
933
934 for (i=0; i<num_reqs; i++) {
935 size_t next_padding = 0;
936 uint16_t *vwv;
937
938 state = tevent_req_data(reqs[i], struct cli_smb_state);
939
940 if (i < num_reqs-1) {
941 if (!is_andx_req(CVAL(state->header, smb_com))
942 || CVAL(state->header, smb_wct) < 2) {
943 TALLOC_FREE(iov);
944 TALLOC_FREE(first_state->chained_requests);
945 return NT_STATUS_INVALID_PARAMETER;
946 }
947 }
948
949 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
950 if ((wct_offset % 4) != 0) {
951 next_padding = 4 - (wct_offset % 4);
952 }
953 wct_offset += next_padding;
954 vwv = state->vwv;
955
956 if (i < num_reqs-1) {
957 struct cli_smb_state *next_state = tevent_req_data(
958 reqs[i+1], struct cli_smb_state);
959 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
960 SCVAL(vwv+0, 1, 0);
961 SSVAL(vwv+1, 0, wct_offset);
962 } else if (is_andx_req(CVAL(state->header, smb_com))) {
963 /* properly end the chain */
964 SCVAL(vwv+0, 0, 0xff);
965 SCVAL(vwv+0, 1, 0xff);
966 SSVAL(vwv+1, 0, 0);
967 }
968
969 if (i == 0) {
970 this_iov[0] = state->iov[0];
971 } else {
972 /*
973 * This one is a bit subtle. We have to add
974 * chain_padding bytes between the requests, and we
975 * have to also include the wct field of the
976 * subsequent requests. We use the subsequent header
977 * for the padding, it contains the wct field in its
978 * last byte.
979 */
980 this_iov[0].iov_len = chain_padding+1;
981 this_iov[0].iov_base = (void *)&state->header[
982 sizeof(state->header) - this_iov[0].iov_len];
983 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
984 }
985 memcpy(this_iov+1, state->iov+1,
986 sizeof(struct iovec) * (state->iov_count-1));
987 this_iov += state->iov_count;
988 chain_padding = next_padding;
989 }
990
991 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
992 if (!NT_STATUS_IS_OK(status)) {
993 TALLOC_FREE(iov);
994 TALLOC_FREE(first_state->chained_requests);
995 return status;
996 }
997
998 return NT_STATUS_OK;
999 }
1000
1001 uint8_t *cli_smb_inbuf(struct tevent_req *req)
1002 {
1003 struct cli_smb_state *state = tevent_req_data(
1004 req, struct cli_smb_state);
1005 return state->inbuf;
1006 }
1007
1008 bool cli_has_async_calls(struct cli_state *cli)
1009 {
1010 return ((tevent_queue_length(cli->outgoing) != 0)
1011 || (talloc_array_length(cli->pending) != 0));
1012 }
1013
1014 struct cli_smb_oplock_break_waiter_state {
1015 uint16_t fnum;
1016 uint8_t level;
1017 };
1018
1019 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
1020
1021 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
1022 struct event_context *ev,
1023 struct cli_state *cli)
1024 {
1025 struct tevent_req *req, *subreq;
1026 struct cli_smb_oplock_break_waiter_state *state;
1027 struct cli_smb_state *smb_state;
1028
1029 req = tevent_req_create(mem_ctx, &state,
1030 struct cli_smb_oplock_break_waiter_state);
1031 if (req == NULL) {
1032 return NULL;
1033 }
1034
1035 /*
1036 * Create a fake SMB request that we will never send out. This is only
1037 * used to be set into the pending queue with the right mid.
1038 */
1039 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1040 if (tevent_req_nomem(subreq, req)) {
1041 return tevent_req_post(req, ev);
1042 }
1043 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1044 SSVAL(smb_state->header, smb_mid, 0xffff);
1045
1046 if (!cli_smb_req_set_pending(subreq)) {
1047 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1048 return tevent_req_post(req, ev);
1049 }
1050 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1051 return req;
1052 }
1053
1054 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1055 {
1056 struct tevent_req *req = tevent_req_callback_data(
1057 subreq, struct tevent_req);
1058 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1059 req, struct cli_smb_oplock_break_waiter_state);
1060 uint8_t wct;
1061 uint16_t *vwv;
1062 uint32_t num_bytes;
1063 uint8_t *bytes;
1064 uint8_t *inbuf;
1065 NTSTATUS status;
1066
1067 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1068 &num_bytes, &bytes);
1069 TALLOC_FREE(subreq);
1070 if (!NT_STATUS_IS_OK(status)) {
1071 tevent_req_nterror(req, status);
1072 return;
1073 }
1074 state->fnum = SVAL(vwv+2, 0);
1075 state->level = CVAL(vwv+3, 1);
1076 tevent_req_done(req);
1077 }
1078
1079 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1080 uint16_t *pfnum,
1081 uint8_t *plevel)
1082 {
1083 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1084 req, struct cli_smb_oplock_break_waiter_state);
1085 NTSTATUS status;
1086
1087 if (tevent_req_is_nterror(req, &status)) {
1088 return status;
1089 }
1090 *pfnum = state->fnum;
1091 *plevel = state->level;
1092 return NT_STATUS_OK;
1093 }
Samba GIT mirror