search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:docs: remove documentation of "idmap read only" which was removed.
[Samba.git] / source3 / libsmb / async_smb.c
blob9708e3ccd3061defae3120ed3cbae4a6457b130d
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "../lib/async_req/async_sock.h"
22 #include "async_smb.h"
23 #include "smb_crypt.h"
24
25 /*
26 * Read an smb packet asynchronously, discard keepalives
27 */
28
29 struct read_smb_state {
30 struct tevent_context *ev;
31 int fd;
32 uint8_t *buf;
33 };
34
35 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data);
36 static void read_smb_done(struct tevent_req *subreq);
37
38 static struct tevent_req *read_smb_send(TALLOC_CTX *mem_ctx,
39 struct tevent_context *ev,
40 int fd)
41 {
42 struct tevent_req *result, *subreq;
43 struct read_smb_state *state;
44
45 result = tevent_req_create(mem_ctx, &state, struct read_smb_state);
46 if (result == NULL) {
47 return NULL;
48 }
49 state->ev = ev;
50 state->fd = fd;
51
52 subreq = read_packet_send(state, ev, fd, 4, read_smb_more, NULL);
53 if (subreq == NULL) {
54 goto fail;
55 }
56 tevent_req_set_callback(subreq, read_smb_done, result);
57 return result;
58 fail:
59 TALLOC_FREE(result);
60 return NULL;
61 }
62
63 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data)
64 {
65 if (buflen > 4) {
66 return 0; /* We've been here, we're done */
67 }
68 return smb_len_large(buf);
69 }
70
71 static void read_smb_done(struct tevent_req *subreq)
72 {
73 struct tevent_req *req = tevent_req_callback_data(
74 subreq, struct tevent_req);
75 struct read_smb_state *state = tevent_req_data(
76 req, struct read_smb_state);
77 ssize_t len;
78 int err;
79
80 len = read_packet_recv(subreq, state, &state->buf, &err);
81 TALLOC_FREE(subreq);
82 if (len == -1) {
83 tevent_req_error(req, err);
84 return;
85 }
86
87 if (CVAL(state->buf, 0) == SMBkeepalive) {
88 subreq = read_packet_send(state, state->ev, state->fd, 4,
89 read_smb_more, NULL);
90 if (tevent_req_nomem(subreq, req)) {
91 return;
92 }
93 tevent_req_set_callback(subreq, read_smb_done, req);
94 return;
95 }
96 tevent_req_done(req);
97 }
98
99 static ssize_t read_smb_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
100 uint8_t **pbuf, int *perrno)
101 {
102 struct read_smb_state *state = tevent_req_data(
103 req, struct read_smb_state);
104
105 if (tevent_req_is_unix_error(req, perrno)) {
106 return -1;
107 }
108 *pbuf = talloc_move(mem_ctx, &state->buf);
109 return talloc_get_size(*pbuf);
110 }
111
112 /**
113 * Fetch an error out of a NBT packet
114 * @param[in] buf The SMB packet
115 * @retval The error, converted to NTSTATUS
116 */
117
118 NTSTATUS cli_pull_error(char *buf)
119 {
120 uint32_t flags2 = SVAL(buf, smb_flg2);
121
122 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
123 return NT_STATUS(IVAL(buf, smb_rcls));
124 }
125
126 return dos_to_ntstatus(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
127 }
128
129 /**
130 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
131 * @param[in] cli The client connection that just received an error
132 * @param[in] status The error to set on "cli"
133 */
134
135 void cli_set_error(struct cli_state *cli, NTSTATUS status)
136 {
137 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
138
139 if (NT_STATUS_IS_DOS(status)) {
140 SSVAL(cli->inbuf, smb_flg2,
141 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
142 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
143 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
144 return;
145 }
146
147 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
148 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
149 return;
150 }
151
152 /**
153 * Figure out if there is an andx command behind the current one
154 * @param[in] buf The smb buffer to look at
155 * @param[in] ofs The offset to the wct field that is followed by the cmd
156 * @retval Is there a command following?
157 */
158
159 static bool have_andx_command(const char *buf, uint16_t ofs)
160 {
161 uint8_t wct;
162 size_t buflen = talloc_get_size(buf);
163
164 if ((ofs == buflen-1) || (ofs == buflen)) {
165 return false;
166 }
167
168 wct = CVAL(buf, ofs);
169 if (wct < 2) {
170 /*
171 * Not enough space for the command and a following pointer
172 */
173 return false;
174 }
175 return (CVAL(buf, ofs+1) != 0xff);
176 }
177
178 #define MAX_SMB_IOV 5
179
180 struct cli_smb_state {
181 struct tevent_context *ev;
182 struct cli_state *cli;
183 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
184
185 /*
186 * For normal requests, cli_smb_req_send chooses a mid. Secondary
187 * trans requests need to use the mid of the primary request, so we
188 * need a place to store it. Assume it's set if != 0.
189 */
190 uint16_t mid;
191
192 uint16_t *vwv;
193 uint8_t bytecount_buf[2];
194
195 struct iovec iov[MAX_SMB_IOV+3];
196 int iov_count;
197
198 uint8_t *inbuf;
199 uint32_t seqnum;
200 int chain_num;
201 int chain_length;
202 struct tevent_req **chained_requests;
203 };
204
205 static uint16_t cli_alloc_mid(struct cli_state *cli)
206 {
207 int num_pending = talloc_array_length(cli->pending);
208 uint16_t result;
209
210 while (true) {
211 int i;
212
213 result = cli->mid++;
214 if ((result == 0) || (result == 0xffff)) {
215 continue;
216 }
217
218 for (i=0; i<num_pending; i++) {
219 if (result == cli_smb_req_mid(cli->pending[i])) {
220 break;
221 }
222 }
223
224 if (i == num_pending) {
225 return result;
226 }
227 }
228 }
229
230 void cli_smb_req_unset_pending(struct tevent_req *req)
231 {
232 struct cli_smb_state *state = tevent_req_data(
233 req, struct cli_smb_state);
234 struct cli_state *cli = state->cli;
235 int num_pending = talloc_array_length(cli->pending);
236 int i;
237
238 if (num_pending == 1) {
239 /*
240 * The pending read_smb tevent_req is a child of
241 * cli->pending. So if nothing is pending anymore, we need to
242 * delete the socket read fde.
243 */
244 TALLOC_FREE(cli->pending);
245 return;
246 }
247
248 for (i=0; i<num_pending; i++) {
249 if (req == cli->pending[i]) {
250 break;
251 }
252 }
253 if (i == num_pending) {
254 /*
255 * Something's seriously broken. Just returning here is the
256 * right thing nevertheless, the point of this routine is to
257 * remove ourselves from cli->pending.
258 */
259 return;
260 }
261
262 /*
263 * Remove ourselves from the cli->pending array
264 */
265 if (num_pending > 1) {
266 cli->pending[i] = cli->pending[num_pending-1];
267 }
268
269 /*
270 * No NULL check here, we're shrinking by sizeof(void *), and
271 * talloc_realloc just adjusts the size for this.
272 */
273 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
274 num_pending - 1);
275 return;
276 }
277
278 static int cli_smb_req_destructor(struct tevent_req *req)
279 {
280 cli_smb_req_unset_pending(req);
281 return 0;
282 }
283
284 static void cli_smb_received(struct tevent_req *subreq);
285
286 bool cli_smb_req_set_pending(struct tevent_req *req)
287 {
288 struct cli_smb_state *state = tevent_req_data(
289 req, struct cli_smb_state);
290 struct cli_state *cli;
291 struct tevent_req **pending;
292 int num_pending;
293 struct tevent_req *subreq;
294
295 cli = state->cli;
296 num_pending = talloc_array_length(cli->pending);
297
298 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
299 num_pending+1);
300 if (pending == NULL) {
301 return false;
302 }
303 pending[num_pending] = req;
304 cli->pending = pending;
305 talloc_set_destructor(req, cli_smb_req_destructor);
306
307 if (num_pending > 0) {
308 return true;
309 }
310
311 /*
312 * We're the first ones, add the read_smb request that waits for the
313 * answer from the server
314 */
315 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
316 if (subreq == NULL) {
317 cli_smb_req_unset_pending(req);
318 return false;
319 }
320 tevent_req_set_callback(subreq, cli_smb_received, cli);
321 return true;
322 }
323
324 /*
325 * Fetch a smb request's mid. Only valid after the request has been sent by
326 * cli_smb_req_send().
327 */
328 uint16_t cli_smb_req_mid(struct tevent_req *req)
329 {
330 struct cli_smb_state *state = tevent_req_data(
331 req, struct cli_smb_state);
332 return SVAL(state->header, smb_mid);
333 }
334
335 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
336 {
337 struct cli_smb_state *state = tevent_req_data(
338 req, struct cli_smb_state);
339 state->mid = mid;
340 }
341
342 static size_t iov_len(const struct iovec *iov, int count)
343 {
344 size_t result = 0;
345 int i;
346 for (i=0; i<count; i++) {
347 result += iov[i].iov_len;
348 }
349 return result;
350 }
351
352 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
353 int count)
354 {
355 size_t len = iov_len(iov, count);
356 size_t copied;
357 uint8_t *buf;
358 int i;
359
360 buf = talloc_array(mem_ctx, uint8_t, len);
361 if (buf == NULL) {
362 return NULL;
363 }
364 copied = 0;
365 for (i=0; i<count; i++) {
366 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
367 copied += iov[i].iov_len;
368 }
369 return buf;
370 }
371
372 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
373 struct event_context *ev,
374 struct cli_state *cli,
375 uint8_t smb_command,
376 uint8_t additional_flags,
377 uint8_t wct, uint16_t *vwv,
378 int iov_count,
379 struct iovec *bytes_iov)
380 {
381 struct tevent_req *result;
382 struct cli_smb_state *state;
383 struct timeval endtime;
384
385 if (iov_count > MAX_SMB_IOV) {
386 /*
387 * Should not happen :-)
388 */
389 return NULL;
390 }
391
392 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
393 if (result == NULL) {
394 return NULL;
395 }
396 state->ev = ev;
397 state->cli = cli;
398 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
399 state->chain_num = 0;
400 state->chained_requests = NULL;
401
402 cli_setup_packet_buf(cli, (char *)state->header);
403 SCVAL(state->header, smb_com, smb_command);
404 SSVAL(state->header, smb_tid, cli->cnum);
405 SCVAL(state->header, smb_wct, wct);
406
407 state->vwv = vwv;
408
409 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
410
411 state->iov[0].iov_base = (void *)state->header;
412 state->iov[0].iov_len = sizeof(state->header);
413 state->iov[1].iov_base = (void *)state->vwv;
414 state->iov[1].iov_len = wct * sizeof(uint16_t);
415 state->iov[2].iov_base = (void *)state->bytecount_buf;
416 state->iov[2].iov_len = sizeof(uint16_t);
417
418 if (iov_count != 0) {
419 memcpy(&state->iov[3], bytes_iov,
420 iov_count * sizeof(*bytes_iov));
421 }
422 state->iov_count = iov_count + 3;
423
424 if (cli->timeout) {
425 endtime = timeval_current_ofs(0, cli->timeout * 1000);
426 if (!tevent_req_set_endtime(result, ev, endtime)) {
427 tevent_req_nomem(NULL, result);
428 }
429 }
430 return result;
431 }
432
433 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
434 uint32_t *seqnum)
435 {
436 uint8_t *buf;
437
438 /*
439 * Obvious optimization: Make cli_calculate_sign_mac work with struct
440 * iovec directly. MD5Update would do that just fine.
441 */
442
443 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
444 return NT_STATUS_INVALID_PARAMETER;
445 }
446
447 buf = iov_concat(talloc_tos(), iov, count);
448 if (buf == NULL) {
449 return NT_STATUS_NO_MEMORY;
450 }
451
452 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
453 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
454
455 TALLOC_FREE(buf);
456 return NT_STATUS_OK;
457 }
458
459 static void cli_smb_sent(struct tevent_req *subreq);
460
461 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
462 struct cli_smb_state *state,
463 struct iovec *iov, int iov_count)
464 {
465 struct tevent_req *subreq;
466 NTSTATUS status;
467
468 if (state->cli->fd == -1) {
469 return NT_STATUS_CONNECTION_INVALID;
470 }
471
472 if (iov[0].iov_len < smb_wct) {
473 return NT_STATUS_INVALID_PARAMETER;
474 }
475
476 if (state->mid != 0) {
477 SSVAL(iov[0].iov_base, smb_mid, state->mid);
478 } else {
479 uint16_t mid = cli_alloc_mid(state->cli);
480 SSVAL(iov[0].iov_base, smb_mid, mid);
481 }
482
483 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
484
485 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
486
487 if (!NT_STATUS_IS_OK(status)) {
488 return status;
489 }
490
491 if (cli_encryption_on(state->cli)) {
492 char *buf, *enc_buf;
493
494 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
495 if (buf == NULL) {
496 return NT_STATUS_NO_MEMORY;
497 }
498 status = cli_encrypt_message(state->cli, (char *)buf,
499 &enc_buf);
500 TALLOC_FREE(buf);
501 if (!NT_STATUS_IS_OK(status)) {
502 DEBUG(0, ("Error in encrypting client message: %s\n",
503 nt_errstr(status)));
504 return status;
505 }
506 buf = (char *)talloc_memdup(state, enc_buf,
507 smb_len(enc_buf)+4);
508 SAFE_FREE(enc_buf);
509 if (buf == NULL) {
510 return NT_STATUS_NO_MEMORY;
511 }
512 iov[0].iov_base = (void *)buf;
513 iov[0].iov_len = talloc_get_size(buf);
514 iov_count = 1;
515 }
516 subreq = writev_send(state, state->ev, state->cli->outgoing,
517 state->cli->fd, false, iov, iov_count);
518 if (subreq == NULL) {
519 return NT_STATUS_NO_MEMORY;
520 }
521 tevent_req_set_callback(subreq, cli_smb_sent, req);
522 return NT_STATUS_OK;
523 }
524
525 NTSTATUS cli_smb_req_send(struct tevent_req *req)
526 {
527 struct cli_smb_state *state = tevent_req_data(
528 req, struct cli_smb_state);
529
530 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
531 }
532
533 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
534 struct event_context *ev,
535 struct cli_state *cli,
536 uint8_t smb_command,
537 uint8_t additional_flags,
538 uint8_t wct, uint16_t *vwv,
539 uint32_t num_bytes,
540 const uint8_t *bytes)
541 {
542 struct tevent_req *req;
543 struct iovec iov;
544 NTSTATUS status;
545
546 iov.iov_base = CONST_DISCARD(void *, bytes);
547 iov.iov_len = num_bytes;
548
549 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
550 additional_flags, wct, vwv, 1, &iov);
551 if (req == NULL) {
552 return NULL;
553 }
554
555 status = cli_smb_req_send(req);
556 if (!NT_STATUS_IS_OK(status)) {
557 tevent_req_nterror(req, status);
558 return tevent_req_post(req, ev);
559 }
560 return req;
561 }
562
563 static void cli_smb_sent(struct tevent_req *subreq)
564 {
565 struct tevent_req *req = tevent_req_callback_data(
566 subreq, struct tevent_req);
567 struct cli_smb_state *state = tevent_req_data(
568 req, struct cli_smb_state);
569 ssize_t nwritten;
570 int err;
571
572 nwritten = writev_recv(subreq, &err);
573 TALLOC_FREE(subreq);
574 if (nwritten == -1) {
575 if (state->cli->fd != -1) {
576 close(state->cli->fd);
577 state->cli->fd = -1;
578 }
579 tevent_req_nterror(req, map_nt_error_from_unix(err));
580 return;
581 }
582
583 switch (CVAL(state->header, smb_com)) {
584 case SMBtranss:
585 case SMBtranss2:
586 case SMBnttranss:
587 case SMBntcancel:
588 state->inbuf = NULL;
589 tevent_req_done(req);
590 return;
591 case SMBlockingX:
592 if ((CVAL(state->header, smb_wct) == 8) &&
593 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
594 state->inbuf = NULL;
595 tevent_req_done(req);
596 return;
597 }
598 }
599
600 if (!cli_smb_req_set_pending(req)) {
601 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
602 return;
603 }
604 }
605
606 static void cli_smb_received(struct tevent_req *subreq)
607 {
608 struct cli_state *cli = tevent_req_callback_data(
609 subreq, struct cli_state);
610 struct tevent_req *req;
611 struct cli_smb_state *state;
612 NTSTATUS status;
613 uint8_t *inbuf;
614 ssize_t received;
615 int num_pending;
616 int i, err;
617 uint16_t mid;
618 bool oplock_break;
619
620 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
621 TALLOC_FREE(subreq);
622 if (received == -1) {
623 if (cli->fd != -1) {
624 close(cli->fd);
625 cli->fd = -1;
626 }
627 status = map_nt_error_from_unix(err);
628 goto fail;
629 }
630
631 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
632 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
633 DEBUG(10, ("Got non-SMB PDU\n"));
634 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
635 goto fail;
636 }
637
638 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
639 uint16_t enc_ctx_num;
640
641 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
642 if (!NT_STATUS_IS_OK(status)) {
643 DEBUG(10, ("get_enc_ctx_num returned %s\n",
644 nt_errstr(status)));
645 goto fail;
646 }
647
648 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
649 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
650 enc_ctx_num,
651 cli->trans_enc_state->enc_ctx_num));
652 status = NT_STATUS_INVALID_HANDLE;
653 goto fail;
654 }
655
656 status = common_decrypt_buffer(cli->trans_enc_state,
657 (char *)inbuf);
658 if (!NT_STATUS_IS_OK(status)) {
659 DEBUG(10, ("common_decrypt_buffer returned %s\n",
660 nt_errstr(status)));
661 goto fail;
662 }
663 }
664
665 mid = SVAL(inbuf, smb_mid);
666 num_pending = talloc_array_length(cli->pending);
667
668 for (i=0; i<num_pending; i++) {
669 if (mid == cli_smb_req_mid(cli->pending[i])) {
670 break;
671 }
672 }
673 if (i == num_pending) {
674 /* Dump unexpected reply */
675 TALLOC_FREE(inbuf);
676 goto done;
677 }
678
679 oplock_break = false;
680
681 if (mid == 0xffff) {
682 /*
683 * Paranoia checks that this is really an oplock break request.
684 */
685 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
686 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
687 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
688 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
689 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
690
691 if (!oplock_break) {
692 /* Dump unexpected reply */
693 TALLOC_FREE(inbuf);
694 goto done;
695 }
696 }
697
698 req = cli->pending[i];
699 state = tevent_req_data(req, struct cli_smb_state);
700
701 if (!oplock_break /* oplock breaks are not signed */
702 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
703 DEBUG(10, ("cli_check_sign_mac failed\n"));
704 TALLOC_FREE(inbuf);
705 status = NT_STATUS_ACCESS_DENIED;
706 close(cli->fd);
707 cli->fd = -1;
708 goto fail;
709 }
710
711 if (state->chained_requests == NULL) {
712 state->inbuf = talloc_move(state, &inbuf);
713 talloc_set_destructor(req, NULL);
714 cli_smb_req_destructor(req);
715 state->chain_num = 0;
716 state->chain_length = 1;
717 tevent_req_done(req);
718 } else {
719 struct tevent_req **chain = talloc_move(
720 talloc_tos(), &state->chained_requests);
721 int num_chained = talloc_array_length(chain);
722
723 for (i=0; i<num_chained; i++) {
724 state = tevent_req_data(chain[i], struct
725 cli_smb_state);
726 state->inbuf = inbuf;
727 state->chain_num = i;
728 state->chain_length = num_chained;
729 tevent_req_done(chain[i]);
730 }
731 TALLOC_FREE(inbuf);
732 TALLOC_FREE(chain);
733 }
734 done:
735 if (talloc_array_length(cli->pending) > 0) {
736 /*
737 * Set up another read request for the other pending cli_smb
738 * requests
739 */
740 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
741 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
742 if (subreq == NULL) {
743 status = NT_STATUS_NO_MEMORY;
744 goto fail;
745 }
746 tevent_req_set_callback(subreq, cli_smb_received, cli);
747 }
748 return;
749 fail:
750 /*
751 * Cancel all pending requests. We don't do a for-loop walking
752 * cli->pending because that array changes in
753 * cli_smb_req_destructor().
754 */
755 while (talloc_array_length(cli->pending) > 0) {
756 req = cli->pending[0];
757 talloc_set_destructor(req, NULL);
758 cli_smb_req_destructor(req);
759 tevent_req_nterror(req, status);
760 }
761 }
762
763 NTSTATUS cli_smb_recv(struct tevent_req *req,
764 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
765 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
766 uint32_t *pnum_bytes, uint8_t **pbytes)
767 {
768 struct cli_smb_state *state = tevent_req_data(
769 req, struct cli_smb_state);
770 NTSTATUS status = NT_STATUS_OK;
771 uint8_t cmd, wct;
772 uint16_t num_bytes;
773 size_t wct_ofs, bytes_offset;
774 int i;
775
776 if (tevent_req_is_nterror(req, &status)) {
777 return status;
778 }
779
780 if (state->inbuf == NULL) {
781 /* This was a request without a reply */
782 return NT_STATUS_OK;
783 }
784
785 wct_ofs = smb_wct;
786 cmd = CVAL(state->inbuf, smb_com);
787
788 for (i=0; i<state->chain_num; i++) {
789 if (i < state->chain_num-1) {
790 if (cmd == 0xff) {
791 return NT_STATUS_REQUEST_ABORTED;
792 }
793 if (!is_andx_req(cmd)) {
794 return NT_STATUS_INVALID_NETWORK_RESPONSE;
795 }
796 }
797
798 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
799 /*
800 * This request was not completed because a previous
801 * request in the chain had received an error.
802 */
803 return NT_STATUS_REQUEST_ABORTED;
804 }
805
806 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
807
808 /*
809 * Skip the all-present length field. No overflow, we've just
810 * put a 16-bit value into a size_t.
811 */
812 wct_ofs += 4;
813
814 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
815 return NT_STATUS_INVALID_NETWORK_RESPONSE;
816 }
817
818 cmd = CVAL(state->inbuf, wct_ofs + 1);
819 }
820
821 status = cli_pull_error((char *)state->inbuf);
822
823 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
824
825 if ((cmd == SMBsesssetupX)
826 && NT_STATUS_EQUAL(
827 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
828 /*
829 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
830 * valid return code for session setup
831 */
832 goto no_err;
833 }
834
835 if (NT_STATUS_IS_ERR(status)) {
836 /*
837 * The last command takes the error code. All
838 * further commands down the requested chain
839 * will get a NT_STATUS_REQUEST_ABORTED.
840 */
841 return status;
842 }
843 }
844
845 no_err:
846
847 wct = CVAL(state->inbuf, wct_ofs);
848 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
849 num_bytes = SVAL(state->inbuf, bytes_offset);
850
851 if (wct < min_wct) {
852 return NT_STATUS_INVALID_NETWORK_RESPONSE;
853 }
854
855 /*
856 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
857 * is a 16-bit value. So bytes_offset being size_t should be far from
858 * wrapping.
859 */
860 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
861 || (bytes_offset > 0xffff)) {
862 return NT_STATUS_INVALID_NETWORK_RESPONSE;
863 }
864
865 if (pwct != NULL) {
866 *pwct = wct;
867 }
868 if (pvwv != NULL) {
869 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
870 }
871 if (pnum_bytes != NULL) {
872 *pnum_bytes = num_bytes;
873 }
874 if (pbytes != NULL) {
875 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
876 }
877 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
878 if (state->chain_num == state->chain_length-1) {
879 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
880 } else {
881 *pinbuf = state->inbuf;
882 }
883 }
884
885 return status;
886 }
887
888 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
889 {
890 size_t wct_ofs;
891 int i;
892
893 wct_ofs = smb_wct - 4;
894
895 for (i=0; i<num_reqs; i++) {
896 struct cli_smb_state *state;
897 state = tevent_req_data(reqs[i], struct cli_smb_state);
898 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
899 wct_ofs = (wct_ofs + 3) & ~3;
900 }
901 return wct_ofs;
902 }
903
904 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
905 {
906 struct cli_smb_state *first_state = tevent_req_data(
907 reqs[0], struct cli_smb_state);
908 struct cli_smb_state *last_state = tevent_req_data(
909 reqs[num_reqs-1], struct cli_smb_state);
910 struct cli_smb_state *state;
911 size_t wct_offset;
912 size_t chain_padding = 0;
913 int i, iovlen;
914 struct iovec *iov = NULL;
915 struct iovec *this_iov;
916 NTSTATUS status;
917
918 iovlen = 0;
919 for (i=0; i<num_reqs; i++) {
920 state = tevent_req_data(reqs[i], struct cli_smb_state);
921 iovlen += state->iov_count;
922 }
923
924 iov = talloc_array(last_state, struct iovec, iovlen);
925 if (iov == NULL) {
926 return NT_STATUS_NO_MEMORY;
927 }
928
929 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
930 last_state, reqs, sizeof(*reqs) * num_reqs);
931 if (first_state->chained_requests == NULL) {
932 TALLOC_FREE(iov);
933 return NT_STATUS_NO_MEMORY;
934 }
935
936 wct_offset = smb_wct - 4;
937 this_iov = iov;
938
939 for (i=0; i<num_reqs; i++) {
940 size_t next_padding = 0;
941 uint16_t *vwv;
942
943 state = tevent_req_data(reqs[i], struct cli_smb_state);
944
945 if (i < num_reqs-1) {
946 if (!is_andx_req(CVAL(state->header, smb_com))
947 || CVAL(state->header, smb_wct) < 2) {
948 TALLOC_FREE(iov);
949 TALLOC_FREE(first_state->chained_requests);
950 return NT_STATUS_INVALID_PARAMETER;
951 }
952 }
953
954 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
955 if ((wct_offset % 4) != 0) {
956 next_padding = 4 - (wct_offset % 4);
957 }
958 wct_offset += next_padding;
959 vwv = state->vwv;
960
961 if (i < num_reqs-1) {
962 struct cli_smb_state *next_state = tevent_req_data(
963 reqs[i+1], struct cli_smb_state);
964 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
965 SCVAL(vwv+0, 1, 0);
966 SSVAL(vwv+1, 0, wct_offset);
967 } else if (is_andx_req(CVAL(state->header, smb_com))) {
968 /* properly end the chain */
969 SCVAL(vwv+0, 0, 0xff);
970 SCVAL(vwv+0, 1, 0xff);
971 SSVAL(vwv+1, 0, 0);
972 }
973
974 if (i == 0) {
975 this_iov[0] = state->iov[0];
976 } else {
977 /*
978 * This one is a bit subtle. We have to add
979 * chain_padding bytes between the requests, and we
980 * have to also include the wct field of the
981 * subsequent requests. We use the subsequent header
982 * for the padding, it contains the wct field in its
983 * last byte.
984 */
985 this_iov[0].iov_len = chain_padding+1;
986 this_iov[0].iov_base = (void *)&state->header[
987 sizeof(state->header) - this_iov[0].iov_len];
988 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
989 }
990 memcpy(this_iov+1, state->iov+1,
991 sizeof(struct iovec) * (state->iov_count-1));
992 this_iov += state->iov_count;
993 chain_padding = next_padding;
994 }
995
996 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
997 if (!NT_STATUS_IS_OK(status)) {
998 TALLOC_FREE(iov);
999 TALLOC_FREE(first_state->chained_requests);
1000 return status;
1001 }
1002
1003 return NT_STATUS_OK;
1004 }
1005
1006 uint8_t *cli_smb_inbuf(struct tevent_req *req)
1007 {
1008 struct cli_smb_state *state = tevent_req_data(
1009 req, struct cli_smb_state);
1010 return state->inbuf;
1011 }
1012
1013 bool cli_has_async_calls(struct cli_state *cli)
1014 {
1015 return ((tevent_queue_length(cli->outgoing) != 0)
1016 || (talloc_array_length(cli->pending) != 0));
1017 }
1018
1019 struct cli_smb_oplock_break_waiter_state {
1020 uint16_t fnum;
1021 uint8_t level;
1022 };
1023
1024 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
1025
1026 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
1027 struct event_context *ev,
1028 struct cli_state *cli)
1029 {
1030 struct tevent_req *req, *subreq;
1031 struct cli_smb_oplock_break_waiter_state *state;
1032 struct cli_smb_state *smb_state;
1033
1034 req = tevent_req_create(mem_ctx, &state,
1035 struct cli_smb_oplock_break_waiter_state);
1036 if (req == NULL) {
1037 return NULL;
1038 }
1039
1040 /*
1041 * Create a fake SMB request that we will never send out. This is only
1042 * used to be set into the pending queue with the right mid.
1043 */
1044 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1045 if (tevent_req_nomem(subreq, req)) {
1046 return tevent_req_post(req, ev);
1047 }
1048 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1049 SSVAL(smb_state->header, smb_mid, 0xffff);
1050
1051 if (!cli_smb_req_set_pending(subreq)) {
1052 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1053 return tevent_req_post(req, ev);
1054 }
1055 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1056 return req;
1057 }
1058
1059 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1060 {
1061 struct tevent_req *req = tevent_req_callback_data(
1062 subreq, struct tevent_req);
1063 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1064 req, struct cli_smb_oplock_break_waiter_state);
1065 uint8_t wct;
1066 uint16_t *vwv;
1067 uint32_t num_bytes;
1068 uint8_t *bytes;
1069 uint8_t *inbuf;
1070 NTSTATUS status;
1071
1072 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1073 &num_bytes, &bytes);
1074 TALLOC_FREE(subreq);
1075 if (!NT_STATUS_IS_OK(status)) {
1076 tevent_req_nterror(req, status);
1077 return;
1078 }
1079 state->fnum = SVAL(vwv+2, 0);
1080 state->level = CVAL(vwv+3, 1);
1081 tevent_req_done(req);
1082 }
1083
1084 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1085 uint16_t *pfnum,
1086 uint8_t *plevel)
1087 {
1088 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1089 req, struct cli_smb_oplock_break_waiter_state);
1090 NTSTATUS status;
1091
1092 if (tevent_req_is_nterror(req, &status)) {
1093 return status;
1094 }
1095 *pfnum = state->fnum;
1096 *plevel = state->level;
1097 return NT_STATUS_OK;
1098 }
1099
1100
1101 struct cli_session_request_state {
1102 struct tevent_context *ev;
1103 int sock;
1104 uint32 len_hdr;
1105 struct iovec iov[3];
1106 uint8_t nb_session_response;
1107 };
1108
1109 static void cli_session_request_sent(struct tevent_req *subreq);
1110 static void cli_session_request_recvd(struct tevent_req *subreq);
1111
1112 struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
1113 struct tevent_context *ev,
1114 int sock,
1115 const struct nmb_name *called,
1116 const struct nmb_name *calling)
1117 {
1118 struct tevent_req *req, *subreq;
1119 struct cli_session_request_state *state;
1120
1121 req = tevent_req_create(mem_ctx, &state,
1122 struct cli_session_request_state);
1123 if (req == NULL) {
1124 return NULL;
1125 }
1126 state->ev = ev;
1127 state->sock = sock;
1128
1129 state->iov[1].iov_base = name_mangle(
1130 state, called->name, called->name_type);
1131 if (tevent_req_nomem(state->iov[1].iov_base, req)) {
1132 return tevent_req_post(req, ev);
1133 }
1134 state->iov[1].iov_len = name_len(
1135 (unsigned char *)state->iov[1].iov_base,
1136 talloc_get_size(state->iov[1].iov_base));
1137
1138 state->iov[2].iov_base = name_mangle(
1139 state, calling->name, calling->name_type);
1140 if (tevent_req_nomem(state->iov[2].iov_base, req)) {
1141 return tevent_req_post(req, ev);
1142 }
1143 state->iov[2].iov_len = name_len(
1144 (unsigned char *)state->iov[2].iov_base,
1145 talloc_get_size(state->iov[2].iov_base));
1146
1147 _smb_setlen(((char *)&state->len_hdr),
1148 state->iov[1].iov_len + state->iov[2].iov_len);
1149 SCVAL((char *)&state->len_hdr, 0, 0x81);
1150
1151 state->iov[0].iov_base = &state->len_hdr;
1152 state->iov[0].iov_len = sizeof(state->len_hdr);
1153
1154 subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
1155 if (tevent_req_nomem(subreq, req)) {
1156 return tevent_req_post(req, ev);
1157 }
1158 tevent_req_set_callback(subreq, cli_session_request_sent, req);
1159 return req;
1160 }
1161
1162 static void cli_session_request_sent(struct tevent_req *subreq)
1163 {
1164 struct tevent_req *req = tevent_req_callback_data(
1165 subreq, struct tevent_req);
1166 struct cli_session_request_state *state = tevent_req_data(
1167 req, struct cli_session_request_state);
1168 ssize_t ret;
1169 int err;
1170
1171 ret = writev_recv(subreq, &err);
1172 TALLOC_FREE(subreq);
1173 if (ret == -1) {
1174 tevent_req_error(req, err);
1175 return;
1176 }
1177 subreq = read_smb_send(state, state->ev, state->sock);
1178 if (tevent_req_nomem(subreq, req)) {
1179 return;
1180 }
1181 tevent_req_set_callback(subreq, cli_session_request_recvd, req);
1182 }
1183
1184 static void cli_session_request_recvd(struct tevent_req *subreq)
1185 {
1186 struct tevent_req *req = tevent_req_callback_data(
1187 subreq, struct tevent_req);
1188 struct cli_session_request_state *state = tevent_req_data(
1189 req, struct cli_session_request_state);
1190 uint8_t *buf;
1191 ssize_t ret;
1192 int err;
1193
1194 ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
1195 TALLOC_FREE(subreq);
1196
1197 if (ret < 4) {
1198 ret = -1;
1199 err = EIO;
1200 }
1201 if (ret == -1) {
1202 tevent_req_error(req, err);
1203 return;
1204 }
1205 /*
1206 * In case of an error there is more information in the data
1207 * portion according to RFC1002. We're not subtle enough to
1208 * respond to the different error conditions, so drop the
1209 * error info here.
1210 */
1211 state->nb_session_response = CVAL(buf, 0);
1212 tevent_req_done(req);
1213 }
1214
1215 bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
1216 {
1217 struct cli_session_request_state *state = tevent_req_data(
1218 req, struct cli_session_request_state);
1219
1220 if (tevent_req_is_unix_error(req, err)) {
1221 return false;
1222 }
1223 *resp = state->nb_session_response;
1224 return true;
1225 }
Samba GIT mirror