2 Unix SMB/CIFS implementation.
3 SMB client generic functions
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int smb_read_error
;
26 /****************************************************************************
27 Change the timeout (in milliseconds).
28 ****************************************************************************/
30 unsigned int cli_set_timeout(struct cli_state
*cli
, unsigned int timeout
)
32 unsigned int old_timeout
= cli
->timeout
;
33 cli
->timeout
= timeout
;
37 /****************************************************************************
38 Change the port number used to call on.
39 ****************************************************************************/
41 int cli_set_port(struct cli_state
*cli
, int port
)
47 /****************************************************************************
48 Read an smb from a fd ignoring all keepalive packets. Note that the buffer
49 *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
50 The timeout is in milliseconds
52 This is exactly the same as receive_smb except that it can be set to never return
53 a session keepalive packet (just as receive_smb used to do).
54 receive_smb was changed to return keepalives as the oplock processing means this call
55 should never go into a blocking read.
56 ****************************************************************************/
58 static ssize_t
client_receive_smb(struct cli_state
*cli
, BOOL eat_keepalives
, size_t maxlen
)
62 char *buffer
= cli
->inbuf
;
63 unsigned int timeout
= cli
->timeout
;
66 len
= receive_smb_raw(fd
, buffer
, timeout
, maxlen
);
69 DEBUG(10,("client_receive_smb failed\n"));
74 /* Ignore session keepalive packets. */
75 if (eat_keepalives
&& (CVAL(buffer
,0) == SMBkeepalive
)) {
81 if (cli_encryption_on(cli
)) {
82 NTSTATUS status
= cli_decrypt_message(cli
);
83 if (!NT_STATUS_IS_OK(status
)) {
84 DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
86 cli
->smb_rw_error
= READ_BAD_DECRYPT
;
96 /****************************************************************************
98 ****************************************************************************/
100 BOOL
cli_receive_smb_internal(struct cli_state
*cli
, BOOL eat_keepalives
)
104 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
109 len
= client_receive_smb(cli
, eat_keepalives
, 0);
111 if (len
>= 0 && !eat_keepalives
&& (CVAL(cli
->inbuf
,0) == SMBkeepalive
)) {
112 /* Give back the keepalive. */
117 /* it might be an oplock break request */
118 if (!(CVAL(cli
->inbuf
, smb_flg
) & FLAG_REPLY
) &&
119 CVAL(cli
->inbuf
,smb_com
) == SMBlockingX
&&
120 SVAL(cli
->inbuf
,smb_vwv6
) == 0 &&
121 SVAL(cli
->inbuf
,smb_vwv7
) == 0) {
122 if (cli
->oplock_handler
) {
123 int fnum
= SVAL(cli
->inbuf
,smb_vwv2
);
124 unsigned char level
= CVAL(cli
->inbuf
,smb_vwv3
+1);
125 if (!cli
->oplock_handler(cli
, fnum
, level
)) {
129 /* try to prevent loops */
130 SCVAL(cli
->inbuf
,smb_com
,0xFF);
135 /* If the server is not responding, note that now */
137 DEBUG(0, ("Receiving SMB: Server stopped responding\n"));
138 cli
->smb_rw_error
= smb_read_error
;
144 if (!cli_check_sign_mac(cli
)) {
146 * If we get a signature failure in sessionsetup, then
147 * the server sometimes just reflects the sent signature
148 * back to us. Detect this and allow the upper layer to
149 * retrieve the correct Windows error message.
151 if (CVAL(cli
->outbuf
,smb_com
) == SMBsesssetupX
&&
152 (smb_len(cli
->inbuf
) > (smb_ss_field
+ 8 - 4)) &&
153 (SVAL(cli
->inbuf
,smb_flg2
) & FLAGS2_SMB_SECURITY_SIGNATURES
) &&
154 memcmp(&cli
->outbuf
[smb_ss_field
],&cli
->inbuf
[smb_ss_field
],8) == 0 &&
158 * Reflected signature on login error.
159 * Set bad sig but don't close fd.
161 cli
->smb_rw_error
= READ_BAD_SIG
;
165 DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
166 cli
->smb_rw_error
= READ_BAD_SIG
;
175 /****************************************************************************
176 Recv an smb - eat keepalives.
177 ****************************************************************************/
179 BOOL
cli_receive_smb(struct cli_state
*cli
)
181 return cli_receive_smb_internal(cli
, True
);
184 /****************************************************************************
185 Recv an smb - return keepalives.
186 ****************************************************************************/
188 BOOL
cli_receive_smb_return_keepalive(struct cli_state
*cli
)
190 return cli_receive_smb_internal(cli
, False
);
193 /****************************************************************************
194 Read the data portion of a readX smb.
195 The timeout is in milliseconds
196 ****************************************************************************/
198 ssize_t
cli_receive_smb_data(struct cli_state
*cli
, char *buffer
, size_t len
)
200 if (cli
->timeout
> 0) {
201 return read_socket_with_timeout(cli
->fd
, buffer
, len
, len
, cli
->timeout
);
203 return read_data(cli
->fd
, buffer
, len
);
207 /****************************************************************************
208 Read a smb readX header.
209 We can only use this if encryption and signing are off.
210 ****************************************************************************/
212 BOOL
cli_receive_smb_readX_header(struct cli_state
*cli
)
221 /* Read up to the size of a readX header reply. */
222 len
= client_receive_smb(cli
, True
, (smb_size
- 4) + 24);
225 /* it might be an oplock break request */
226 if (!(CVAL(cli
->inbuf
, smb_flg
) & FLAG_REPLY
) &&
227 CVAL(cli
->inbuf
,smb_com
) == SMBlockingX
&&
228 SVAL(cli
->inbuf
,smb_vwv6
) == 0 &&
229 SVAL(cli
->inbuf
,smb_vwv7
) == 0) {
230 ssize_t total_len
= smb_len(cli
->inbuf
);
232 if (total_len
> CLI_SAMBA_MAX_LARGE_READX_SIZE
+SAFETY_MARGIN
) {
236 /* Read the rest of the data. */
237 if ((total_len
- len
> 0) &&
238 !cli_receive_smb_data(cli
,cli
->inbuf
+len
,total_len
- len
)) {
242 if (cli
->oplock_handler
) {
243 int fnum
= SVAL(cli
->inbuf
,smb_vwv2
);
244 unsigned char level
= CVAL(cli
->inbuf
,smb_vwv3
+1);
245 if (!cli
->oplock_handler(cli
, fnum
, level
)) return False
;
247 /* try to prevent loops */
248 SCVAL(cli
->inbuf
,smb_com
,0xFF);
253 /* If it's not the above size it probably was an error packet. */
255 if ((len
== (smb_size
- 4) + 24) && !cli_is_error(cli
)) {
256 /* Check it's a non-chained readX reply. */
257 if (!(CVAL(cli
->inbuf
, smb_flg
) & FLAG_REPLY
) ||
258 (CVAL(cli
->inbuf
,smb_vwv0
) != 0xFF) ||
259 (CVAL(cli
->inbuf
,smb_com
) != SMBreadX
)) {
261 * We're not coping here with asnyc replies to
262 * other calls. Punt here - we need async client
269 * We know it's a readX reply - ensure we've read the
270 * padding bytes also.
273 offset
= SVAL(cli
->inbuf
,smb_vwv6
);
276 size_t padbytes
= offset
- len
;
277 ret
= cli_receive_smb_data(cli
,smb_buf(cli
->inbuf
),padbytes
);
278 if (ret
!= padbytes
) {
288 cli
->smb_rw_error
= smb_read_error
= READ_ERROR
;
294 static ssize_t
write_socket(int fd
, const char *buf
, size_t len
)
298 DEBUG(6,("write_socket(%d,%d)\n",fd
,(int)len
));
299 ret
= write_data(fd
,buf
,len
);
301 DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd
,(int)len
,(int)ret
));
303 DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n",
304 (int)len
, fd
, strerror(errno
) ));
309 /****************************************************************************
311 ****************************************************************************/
313 BOOL
cli_send_smb(struct cli_state
*cli
)
318 char *buf_out
= cli
->outbuf
;
319 BOOL enc_on
= cli_encryption_on(cli
);
321 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
326 cli_calculate_sign_mac(cli
);
329 NTSTATUS status
= cli_encrypt_message(cli
, &buf_out
);
330 if (!NT_STATUS_IS_OK(status
)) {
333 cli
->smb_rw_error
= WRITE_ERROR
;
334 DEBUG(0,("Error in encrypting client message. Error %s\n",
335 nt_errstr(status
) ));
340 len
= smb_len(buf_out
) + 4;
342 while (nwritten
< len
) {
343 ret
= write_socket(cli
->fd
,buf_out
+nwritten
,len
- nwritten
);
346 cli_free_enc_buffer(cli
, buf_out
);
350 cli
->smb_rw_error
= WRITE_ERROR
;
351 DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",
352 (int)len
,(int)ret
, strerror(errno
) ));
358 cli_free_enc_buffer(cli
, buf_out
);
360 /* Increment the mid so we can tell between responses. */
368 /****************************************************************************
369 Setup basics in a outgoing packet.
370 ****************************************************************************/
372 void cli_setup_packet(struct cli_state
*cli
)
375 SSVAL(cli
->outbuf
,smb_pid
,cli
->pid
);
376 SSVAL(cli
->outbuf
,smb_uid
,cli
->vuid
);
377 SSVAL(cli
->outbuf
,smb_mid
,cli
->mid
);
378 if (cli
->protocol
> PROTOCOL_CORE
) {
380 if (cli
->case_sensitive
) {
381 SCVAL(cli
->outbuf
,smb_flg
,0x0);
383 /* Default setting, case insensitive. */
384 SCVAL(cli
->outbuf
,smb_flg
,0x8);
386 flags2
= FLAGS2_LONG_PATH_COMPONENTS
;
387 if (cli
->capabilities
& CAP_UNICODE
)
388 flags2
|= FLAGS2_UNICODE_STRINGS
;
389 if ((cli
->capabilities
& CAP_DFS
) && cli
->dfsroot
)
390 flags2
|= FLAGS2_DFS_PATHNAMES
;
391 if (cli
->capabilities
& CAP_STATUS32
)
392 flags2
|= FLAGS2_32_BIT_ERROR_CODES
;
394 flags2
|= FLAGS2_EXTENDED_SECURITY
;
395 SSVAL(cli
->outbuf
,smb_flg2
, flags2
);
399 /****************************************************************************
400 Setup the bcc length of the packet from a pointer to the end of the data.
401 ****************************************************************************/
403 void cli_setup_bcc(struct cli_state
*cli
, void *p
)
405 set_message_bcc(NULL
,cli
->outbuf
, PTR_DIFF(p
, smb_buf(cli
->outbuf
)));
408 /****************************************************************************
409 Initialise credentials of a client structure.
410 ****************************************************************************/
412 void cli_init_creds(struct cli_state
*cli
, const char *username
, const char *domain
, const char *password
)
414 fstrcpy(cli
->domain
, domain
);
415 fstrcpy(cli
->user_name
, username
);
416 pwd_set_cleartext(&cli
->pwd
, password
);
418 cli
->pwd
.null_pwd
= True
;
421 DEBUG(10,("cli_init_creds: user %s domain %s\n", cli
->user_name
, cli
->domain
));
424 /****************************************************************************
425 Set the signing state (used from the command line).
426 ****************************************************************************/
428 void cli_setup_signing_state(struct cli_state
*cli
, int signing_state
)
430 if (signing_state
== Undefined
)
433 if (signing_state
== False
) {
434 cli
->sign_info
.allow_smb_signing
= False
;
435 cli
->sign_info
.mandatory_signing
= False
;
439 cli
->sign_info
.allow_smb_signing
= True
;
441 if (signing_state
== Required
)
442 cli
->sign_info
.mandatory_signing
= True
;
445 /****************************************************************************
446 Initialise a client structure. Always returns a malloc'ed struct.
447 ****************************************************************************/
449 struct cli_state
*cli_initialise(void)
451 struct cli_state
*cli
= NULL
;
453 /* Check the effective uid - make sure we are not setuid */
454 if (is_setuid_root()) {
455 DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
459 cli
= SMB_MALLOC_P(struct cli_state
);
469 cli
->pid
= (uint16
)sys_getpid();
471 cli
->vuid
= UID_FIELD_INVALID
;
472 cli
->protocol
= PROTOCOL_NT1
;
473 cli
->timeout
= 20000; /* Timeout is in milliseconds. */
474 cli
->bufsize
= CLI_BUFFER_SIZE
+4;
475 cli
->max_xmit
= cli
->bufsize
;
476 cli
->outbuf
= (char *)SMB_MALLOC(cli
->bufsize
+SAFETY_MARGIN
);
477 cli
->inbuf
= (char *)SMB_MALLOC(cli
->bufsize
+SAFETY_MARGIN
);
478 cli
->oplock_handler
= cli_oplock_ack
;
479 cli
->case_sensitive
= False
;
480 cli
->smb_rw_error
= 0;
482 cli
->use_spnego
= lp_client_use_spnego();
484 cli
->capabilities
= CAP_UNICODE
| CAP_STATUS32
| CAP_DFS
;
486 /* Set the CLI_FORCE_DOSERR environment variable to test
487 client routines using DOS errors instead of STATUS32
488 ones. This intended only as a temporary hack. */
489 if (getenv("CLI_FORCE_DOSERR"))
490 cli
->force_dos_errors
= True
;
492 if (lp_client_signing())
493 cli
->sign_info
.allow_smb_signing
= True
;
495 if (lp_client_signing() == Required
)
496 cli
->sign_info
.mandatory_signing
= True
;
498 if (!cli
->outbuf
|| !cli
->inbuf
)
501 if ((cli
->mem_ctx
= talloc_init("cli based talloc")) == NULL
)
504 memset(cli
->outbuf
, 0, cli
->bufsize
);
505 memset(cli
->inbuf
, 0, cli
->bufsize
);
508 #if defined(DEVELOPER)
509 /* just because we over-allocate, doesn't mean it's right to use it */
510 clobber_region(FUNCTION_MACRO
, __LINE__
, cli
->outbuf
+cli
->bufsize
, SAFETY_MARGIN
);
511 clobber_region(FUNCTION_MACRO
, __LINE__
, cli
->inbuf
+cli
->bufsize
, SAFETY_MARGIN
);
514 /* initialise signing */
515 cli_null_set_signing(cli
);
517 cli
->initialised
= 1;
521 /* Clean up after malloc() error */
525 SAFE_FREE(cli
->inbuf
);
526 SAFE_FREE(cli
->outbuf
);
531 /****************************************************************************
533 Close an open named pipe over SMB. Free any authentication data.
534 Returns False if the cli_close call failed.
535 ****************************************************************************/
537 BOOL
cli_rpc_pipe_close(struct rpc_pipe_client
*cli
)
545 ret
= cli_close(cli
->cli
, cli
->fnum
);
548 DEBUG(1,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
550 "to machine %s. Error was %s\n",
554 cli_errstr(cli
->cli
)));
557 if (cli
->auth
.cli_auth_data_free_func
) {
558 (*cli
->auth
.cli_auth_data_free_func
)(&cli
->auth
);
561 DEBUG(10,("cli_rpc_pipe_close: closed pipe %s to machine %s\n",
562 cli
->pipe_name
, cli
->cli
->desthost
));
564 DLIST_REMOVE(cli
->cli
->pipe_list
, cli
);
565 talloc_destroy(cli
->mem_ctx
);
569 /****************************************************************************
570 Close all pipes open on this session.
571 ****************************************************************************/
573 void cli_nt_pipes_close(struct cli_state
*cli
)
575 struct rpc_pipe_client
*cp
, *next
;
577 for (cp
= cli
->pipe_list
; cp
; cp
= next
) {
579 cli_rpc_pipe_close(cp
);
583 /****************************************************************************
584 Shutdown a client structure.
585 ****************************************************************************/
587 void cli_shutdown(struct cli_state
*cli
)
589 cli_nt_pipes_close(cli
);
592 * tell our peer to free his resources. Wihtout this, when an
593 * application attempts to do a graceful shutdown and calls
594 * smbc_free_context() to clean up all connections, some connections
595 * can remain active on the peer end, until some (long) timeout period
596 * later. This tree disconnect forces the peer to clean up, since the
597 * connection will be going away.
599 * Also, do not do tree disconnect when cli->smb_rw_error is DO_NOT_DO_TDIS
600 * the only user for this so far is smbmount which passes opened connection
601 * down to kernel's smbfs module.
603 if ( (cli
->cnum
!= (uint16
)-1) && (cli
->smb_rw_error
!= DO_NOT_DO_TDIS
) ) {
607 SAFE_FREE(cli
->outbuf
);
608 SAFE_FREE(cli
->inbuf
);
610 cli_free_signing_context(cli
);
611 cli_free_encryption_context(cli
);
613 data_blob_free(&cli
->secblob
);
614 data_blob_free(&cli
->user_session_key
);
617 talloc_destroy(cli
->mem_ctx
);
625 cli
->smb_rw_error
= 0;
630 /****************************************************************************
631 Set socket options on a open connection.
632 ****************************************************************************/
634 void cli_sockopt(struct cli_state
*cli
, const char *options
)
636 set_socket_options(cli
->fd
, options
);
639 /****************************************************************************
640 Set the PID to use for smb messages. Return the old pid.
641 ****************************************************************************/
643 uint16
cli_setpid(struct cli_state
*cli
, uint16 pid
)
645 uint16 ret
= cli
->pid
;
650 /****************************************************************************
651 Set the case sensitivity flag on the packets. Returns old state.
652 ****************************************************************************/
654 BOOL
cli_set_case_sensitive(struct cli_state
*cli
, BOOL case_sensitive
)
656 BOOL ret
= cli
->case_sensitive
;
657 cli
->case_sensitive
= case_sensitive
;
661 /****************************************************************************
662 Send a keepalive packet to the server
663 ****************************************************************************/
665 BOOL
cli_send_keepalive(struct cli_state
*cli
)
668 DEBUG(3, ("cli_send_keepalive: fd == -1\n"));
671 if (!send_keepalive(cli
->fd
)) {
674 DEBUG(0,("Error sending keepalive packet to client.\n"));
680 /****************************************************************************
681 Send/receive a SMBecho command: ping the server
682 ****************************************************************************/
684 BOOL
cli_echo(struct cli_state
*cli
, unsigned char *data
, size_t length
)
688 SMB_ASSERT(length
< 1024);
690 memset(cli
->outbuf
,'\0',smb_size
);
691 set_message(NULL
,cli
->outbuf
,1,length
,True
);
692 SCVAL(cli
->outbuf
,smb_com
,SMBecho
);
693 SSVAL(cli
->outbuf
,smb_tid
,65535);
694 SSVAL(cli
->outbuf
,smb_vwv0
,1);
695 cli_setup_packet(cli
);
696 p
= smb_buf(cli
->outbuf
);
697 memcpy(p
, data
, length
);
700 cli_setup_bcc(cli
, p
);
703 if (!cli_receive_smb(cli
)) {
707 if (cli_is_error(cli
)) {