search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:libsmb: return NT_STATUS_CONNECTION_DISCONNECTED instead of NT_STATUS_CONNECTION_I...
[Samba.git] / source3 / libsmb / async_smb.c
blobe55d5bd3656c476d28672254c3f5da758c109522
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
28 #include "read_smb.h"
29
30 static NTSTATUS cli_pull_raw_error(const uint8_t *buf)
31 {
32 uint32_t flags2 = SVAL(buf, smb_flg2);
33 NTSTATUS status = NT_STATUS(IVAL(buf, smb_rcls));
34
35 if (NT_STATUS_IS_OK(status)) {
36 return NT_STATUS_OK;
37 }
38
39 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
40 return status;
41 }
42
43 return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
44 }
45
46 /**
47 * Figure out if there is an andx command behind the current one
48 * @param[in] buf The smb buffer to look at
49 * @param[in] ofs The offset to the wct field that is followed by the cmd
50 * @retval Is there a command following?
51 */
52
53 static bool have_andx_command(const char *buf, uint16_t ofs)
54 {
55 uint8_t wct;
56 size_t buflen = talloc_get_size(buf);
57
58 if ((ofs == buflen-1) || (ofs == buflen)) {
59 return false;
60 }
61
62 wct = CVAL(buf, ofs);
63 if (wct < 2) {
64 /*
65 * Not enough space for the command and a following pointer
66 */
67 return false;
68 }
69 return (CVAL(buf, ofs+1) != 0xff);
70 }
71
72 #define MAX_SMB_IOV 5
73
74 struct cli_smb_state {
75 struct tevent_context *ev;
76 struct cli_state *cli;
77 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
78
79 /*
80 * For normal requests, cli_smb_req_send chooses a mid. Secondary
81 * trans requests need to use the mid of the primary request, so we
82 * need a place to store it. Assume it's set if != 0.
83 */
84 uint16_t mid;
85
86 uint16_t *vwv;
87 uint8_t bytecount_buf[2];
88
89 struct iovec iov[MAX_SMB_IOV+3];
90 int iov_count;
91
92 uint8_t *inbuf;
93 uint32_t seqnum;
94 int chain_num;
95 int chain_length;
96 struct tevent_req **chained_requests;
97
98 bool one_way;
99 };
100
101 static uint16_t cli_alloc_mid(struct cli_state *cli)
102 {
103 int num_pending = talloc_array_length(cli->conn.pending);
104 uint16_t result;
105
106 while (true) {
107 int i;
108
109 result = cli->smb1.mid++;
110 if ((result == 0) || (result == 0xffff)) {
111 continue;
112 }
113
114 for (i=0; i<num_pending; i++) {
115 if (result == cli_smb_req_mid(cli->conn.pending[i])) {
116 break;
117 }
118 }
119
120 if (i == num_pending) {
121 return result;
122 }
123 }
124 }
125
126 void cli_smb_req_unset_pending(struct tevent_req *req)
127 {
128 struct cli_smb_state *state = tevent_req_data(
129 req, struct cli_smb_state);
130 struct cli_state *cli = state->cli;
131 int num_pending = talloc_array_length(cli->conn.pending);
132 int i;
133
134 if (state->mid != 0) {
135 /*
136 * This is a [nt]trans[2] request which waits
137 * for more than one reply.
138 */
139 return;
140 }
141
142 talloc_set_destructor(req, NULL);
143
144 if (num_pending == 1) {
145 /*
146 * The pending read_smb tevent_req is a child of
147 * cli->pending. So if nothing is pending anymore, we need to
148 * delete the socket read fde.
149 */
150 TALLOC_FREE(cli->conn.pending);
151 cli->conn.read_smb_req = NULL;
152 return;
153 }
154
155 for (i=0; i<num_pending; i++) {
156 if (req == cli->conn.pending[i]) {
157 break;
158 }
159 }
160 if (i == num_pending) {
161 /*
162 * Something's seriously broken. Just returning here is the
163 * right thing nevertheless, the point of this routine is to
164 * remove ourselves from cli->conn.pending.
165 */
166 return;
167 }
168
169 /*
170 * Remove ourselves from the cli->conn.pending array
171 */
172 for (; i < (num_pending - 1); i++) {
173 cli->conn.pending[i] = cli->conn.pending[i+1];
174 }
175
176 /*
177 * No NULL check here, we're shrinking by sizeof(void *), and
178 * talloc_realloc just adjusts the size for this.
179 */
180 cli->conn.pending = talloc_realloc(NULL, cli->conn.pending,
181 struct tevent_req *,
182 num_pending - 1);
183 return;
184 }
185
186 static int cli_smb_req_destructor(struct tevent_req *req)
187 {
188 struct cli_smb_state *state = tevent_req_data(
189 req, struct cli_smb_state);
190 /*
191 * Make sure we really remove it from
192 * the pending array on destruction.
193 */
194 state->mid = 0;
195 cli_smb_req_unset_pending(req);
196 return 0;
197 }
198
199 static bool cli_state_receive_next(struct cli_state *cli);
200 static void cli_state_notify_pending(struct cli_state *cli, NTSTATUS status);
201
202 bool cli_smb_req_set_pending(struct tevent_req *req)
203 {
204 struct cli_smb_state *state = tevent_req_data(
205 req, struct cli_smb_state);
206 struct cli_state *cli;
207 struct tevent_req **pending;
208 int num_pending;
209
210 cli = state->cli;
211 num_pending = talloc_array_length(cli->conn.pending);
212
213 pending = talloc_realloc(cli, cli->conn.pending, struct tevent_req *,
214 num_pending+1);
215 if (pending == NULL) {
216 return false;
217 }
218 pending[num_pending] = req;
219 cli->conn.pending = pending;
220 talloc_set_destructor(req, cli_smb_req_destructor);
221
222 if (!cli_state_receive_next(cli)) {
223 /*
224 * the caller should notify the current request
225 *
226 * And all other pending requests get notified
227 * by cli_state_notify_pending().
228 */
229 cli_smb_req_unset_pending(req);
230 cli_state_notify_pending(cli, NT_STATUS_NO_MEMORY);
231 return false;
232 }
233
234 return true;
235 }
236
237 static void cli_smb_received(struct tevent_req *subreq);
238 static NTSTATUS cli_state_dispatch_smb1(struct cli_state *cli,
239 TALLOC_CTX *frame,
240 uint8_t *inbuf);
241
242 static bool cli_state_receive_next(struct cli_state *cli)
243 {
244 size_t num_pending = talloc_array_length(cli->conn.pending);
245 struct tevent_req *req;
246 struct cli_smb_state *state;
247
248 if (cli->conn.read_smb_req != NULL) {
249 return true;
250 }
251
252 if (num_pending == 0) {
253 return true;
254 }
255
256 req = cli->conn.pending[0];
257 state = tevent_req_data(req, struct cli_smb_state);
258
259 cli->conn.dispatch_incoming = cli_state_dispatch_smb1;
260
261 /*
262 * We're the first ones, add the read_smb request that waits for the
263 * answer from the server
264 */
265 cli->conn.read_smb_req = read_smb_send(cli->conn.pending, state->ev,
266 cli->conn.fd);
267 if (cli->conn.read_smb_req == NULL) {
268 return false;
269 }
270 tevent_req_set_callback(cli->conn.read_smb_req, cli_smb_received, cli);
271 return true;
272 }
273
274 static void cli_state_notify_pending(struct cli_state *cli, NTSTATUS status)
275 {
276 cli_state_disconnect(cli);
277
278 /*
279 * Cancel all pending requests. We do not do a for-loop walking
280 * cli->conn.pending because that array changes in
281 * cli_smb_req_destructor().
282 */
283 while (talloc_array_length(cli->conn.pending) > 0) {
284 struct tevent_req *req;
285 struct cli_smb_state *state;
286
287 req = cli->conn.pending[0];
288 state = tevent_req_data(req, struct cli_smb_state);
289
290 cli_smb_req_unset_pending(req);
291
292 /*
293 * we need to defer the callback, because we may notify more
294 * then one caller.
295 */
296 tevent_req_defer_callback(req, state->ev);
297 tevent_req_nterror(req, status);
298 }
299 }
300
301 /*
302 * Fetch a smb request's mid. Only valid after the request has been sent by
303 * cli_smb_req_send().
304 */
305 uint16_t cli_smb_req_mid(struct tevent_req *req)
306 {
307 struct cli_smb_state *state = tevent_req_data(
308 req, struct cli_smb_state);
309
310 if (state->mid != 0) {
311 return state->mid;
312 }
313
314 return SVAL(state->header, smb_mid);
315 }
316
317 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
318 {
319 struct cli_smb_state *state = tevent_req_data(
320 req, struct cli_smb_state);
321 state->mid = mid;
322 }
323
324 uint32_t cli_smb_req_seqnum(struct tevent_req *req)
325 {
326 struct cli_smb_state *state = tevent_req_data(
327 req, struct cli_smb_state);
328 return state->seqnum;
329 }
330
331 void cli_smb_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
332 {
333 struct cli_smb_state *state = tevent_req_data(
334 req, struct cli_smb_state);
335 state->seqnum = seqnum;
336 }
337
338 static size_t iov_len(const struct iovec *iov, int count)
339 {
340 size_t result = 0;
341 int i;
342 for (i=0; i<count; i++) {
343 result += iov[i].iov_len;
344 }
345 return result;
346 }
347
348 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
349 int count)
350 {
351 size_t len = iov_len(iov, count);
352 size_t copied;
353 uint8_t *buf;
354 int i;
355
356 buf = talloc_array(mem_ctx, uint8_t, len);
357 if (buf == NULL) {
358 return NULL;
359 }
360 copied = 0;
361 for (i=0; i<count; i++) {
362 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
363 copied += iov[i].iov_len;
364 }
365 return buf;
366 }
367
368 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
369 struct event_context *ev,
370 struct cli_state *cli,
371 uint8_t smb_command,
372 uint8_t additional_flags,
373 uint8_t wct, uint16_t *vwv,
374 int iov_count,
375 struct iovec *bytes_iov)
376 {
377 struct tevent_req *result;
378 struct cli_smb_state *state;
379 struct timeval endtime;
380
381 if (iov_count > MAX_SMB_IOV) {
382 /*
383 * Should not happen :-)
384 */
385 return NULL;
386 }
387
388 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
389 if (result == NULL) {
390 return NULL;
391 }
392 state->ev = ev;
393 state->cli = cli;
394 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
395 state->chain_num = 0;
396 state->chained_requests = NULL;
397
398 cli_setup_packet_buf(cli, (char *)state->header);
399 SCVAL(state->header, smb_com, smb_command);
400 SSVAL(state->header, smb_tid, cli->smb1.tid);
401 SCVAL(state->header, smb_wct, wct);
402
403 state->vwv = vwv;
404
405 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
406
407 state->iov[0].iov_base = (void *)state->header;
408 state->iov[0].iov_len = sizeof(state->header);
409 state->iov[1].iov_base = (void *)state->vwv;
410 state->iov[1].iov_len = wct * sizeof(uint16_t);
411 state->iov[2].iov_base = (void *)state->bytecount_buf;
412 state->iov[2].iov_len = sizeof(uint16_t);
413
414 if (iov_count != 0) {
415 memcpy(&state->iov[3], bytes_iov,
416 iov_count * sizeof(*bytes_iov));
417 }
418 state->iov_count = iov_count + 3;
419
420 if (cli->timeout) {
421 endtime = timeval_current_ofs_msec(cli->timeout);
422 if (!tevent_req_set_endtime(result, ev, endtime)) {
423 tevent_req_oom(result);
424 }
425 }
426
427 switch (smb_command) {
428 case SMBtranss:
429 case SMBtranss2:
430 case SMBnttranss:
431 case SMBntcancel:
432 state->one_way = true;
433 break;
434 case SMBlockingX:
435 if ((wct == 8) &&
436 (CVAL(vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
437 state->one_way = true;
438 }
439 break;
440 }
441
442 return result;
443 }
444
445 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
446 uint32_t *seqnum)
447 {
448 uint8_t *buf;
449
450 /*
451 * Obvious optimization: Make cli_calculate_sign_mac work with struct
452 * iovec directly. MD5Update would do that just fine.
453 */
454
455 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
456 return NT_STATUS_INVALID_PARAMETER;
457 }
458
459 buf = iov_concat(talloc_tos(), iov, count);
460 if (buf == NULL) {
461 return NT_STATUS_NO_MEMORY;
462 }
463
464 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
465 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
466
467 TALLOC_FREE(buf);
468 return NT_STATUS_OK;
469 }
470
471 static void cli_smb_sent(struct tevent_req *subreq);
472
473 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
474 struct cli_smb_state *state,
475 struct iovec *iov, int iov_count)
476 {
477 struct tevent_req *subreq;
478 NTSTATUS status;
479
480 if (!cli_state_is_connected(state->cli)) {
481 return NT_STATUS_CONNECTION_DISCONNECTED;
482 }
483
484 if (iov[0].iov_len < smb_wct) {
485 return NT_STATUS_INVALID_PARAMETER;
486 }
487
488 if (state->mid != 0) {
489 SSVAL(iov[0].iov_base, smb_mid, state->mid);
490 } else {
491 uint16_t mid = cli_alloc_mid(state->cli);
492 SSVAL(iov[0].iov_base, smb_mid, mid);
493 }
494
495 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
496
497 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
498
499 if (!NT_STATUS_IS_OK(status)) {
500 return status;
501 }
502
503 if (cli_encryption_on(state->cli)) {
504 char *buf, *enc_buf;
505
506 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
507 if (buf == NULL) {
508 return NT_STATUS_NO_MEMORY;
509 }
510 status = common_encrypt_buffer(state->cli->trans_enc_state,
511 (char *)buf, &enc_buf);
512 TALLOC_FREE(buf);
513 if (!NT_STATUS_IS_OK(status)) {
514 DEBUG(0, ("Error in encrypting client message: %s\n",
515 nt_errstr(status)));
516 return status;
517 }
518 buf = (char *)talloc_memdup(state, enc_buf,
519 smb_len(enc_buf)+4);
520 SAFE_FREE(enc_buf);
521 if (buf == NULL) {
522 return NT_STATUS_NO_MEMORY;
523 }
524 iov[0].iov_base = (void *)buf;
525 iov[0].iov_len = talloc_get_size(buf);
526 iov_count = 1;
527 }
528 subreq = writev_send(state, state->ev, state->cli->conn.outgoing,
529 state->cli->conn.fd, false, iov, iov_count);
530 if (subreq == NULL) {
531 return NT_STATUS_NO_MEMORY;
532 }
533 tevent_req_set_callback(subreq, cli_smb_sent, req);
534 return NT_STATUS_OK;
535 }
536
537 NTSTATUS cli_smb_req_send(struct tevent_req *req)
538 {
539 struct cli_smb_state *state = tevent_req_data(
540 req, struct cli_smb_state);
541
542 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
543 }
544
545 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
546 struct event_context *ev,
547 struct cli_state *cli,
548 uint8_t smb_command,
549 uint8_t additional_flags,
550 uint8_t wct, uint16_t *vwv,
551 uint32_t num_bytes,
552 const uint8_t *bytes)
553 {
554 struct tevent_req *req;
555 struct iovec iov;
556 NTSTATUS status;
557
558 iov.iov_base = discard_const_p(void, bytes);
559 iov.iov_len = num_bytes;
560
561 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
562 additional_flags, wct, vwv, 1, &iov);
563 if (req == NULL) {
564 return NULL;
565 }
566
567 status = cli_smb_req_send(req);
568 if (!NT_STATUS_IS_OK(status)) {
569 tevent_req_nterror(req, status);
570 return tevent_req_post(req, ev);
571 }
572 return req;
573 }
574
575 static void cli_smb_sent(struct tevent_req *subreq)
576 {
577 struct tevent_req *req = tevent_req_callback_data(
578 subreq, struct tevent_req);
579 struct cli_smb_state *state = tevent_req_data(
580 req, struct cli_smb_state);
581 ssize_t nwritten;
582 int err;
583
584 nwritten = writev_recv(subreq, &err);
585 TALLOC_FREE(subreq);
586 if (nwritten == -1) {
587 NTSTATUS status = map_nt_error_from_unix(err);
588 cli_state_notify_pending(state->cli, status);
589 return;
590 }
591
592 if (state->one_way) {
593 state->inbuf = NULL;
594 tevent_req_done(req);
595 return;
596 }
597
598 if (!cli_smb_req_set_pending(req)) {
599 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
600 return;
601 }
602 }
603
604 static void cli_smb_received(struct tevent_req *subreq)
605 {
606 struct cli_state *cli = tevent_req_callback_data(
607 subreq, struct cli_state);
608 TALLOC_CTX *frame = talloc_stackframe();
609 NTSTATUS status;
610 uint8_t *inbuf;
611 ssize_t received;
612 int err;
613
614 if (subreq != cli->conn.read_smb_req) {
615 DEBUG(1, ("Internal error: cli_smb_received called with "
616 "unexpected subreq\n"));
617 status = NT_STATUS_INTERNAL_ERROR;
618 cli_state_notify_pending(cli, status);
619 TALLOC_FREE(frame);
620 return;
621 }
622
623 received = read_smb_recv(subreq, frame, &inbuf, &err);
624 TALLOC_FREE(subreq);
625 cli->conn.read_smb_req = NULL;
626 if (received == -1) {
627 status = map_nt_error_from_unix(err);
628 cli_state_notify_pending(cli, status);
629 TALLOC_FREE(frame);
630 return;
631 }
632
633 status = cli->conn.dispatch_incoming(cli, frame, inbuf);
634 TALLOC_FREE(frame);
635 if (NT_STATUS_IS_OK(status)) {
636 /*
637 * We should not do any more processing
638 * as the dispatch function called
639 * tevent_req_done().
640 */
641 return;
642 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
643 /*
644 * We got an error, so notify all pending requests
645 */
646 cli_state_notify_pending(cli, status);
647 return;
648 }
649
650 /*
651 * We got NT_STATUS_RETRY, so we may ask for a
652 * next incoming pdu.
653 */
654 if (!cli_state_receive_next(cli)) {
655 cli_state_notify_pending(cli, NT_STATUS_NO_MEMORY);
656 }
657 }
658
659 static NTSTATUS cli_state_dispatch_smb1(struct cli_state *cli,
660 TALLOC_CTX *frame,
661 uint8_t *inbuf)
662 {
663 struct tevent_req *req;
664 struct cli_smb_state *state;
665 NTSTATUS status;
666 int num_pending;
667 int i;
668 uint16_t mid;
669 bool oplock_break;
670
671 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
672 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
673 DEBUG(10, ("Got non-SMB PDU\n"));
674 return NT_STATUS_INVALID_NETWORK_RESPONSE;
675 }
676
677 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
678 uint16_t enc_ctx_num;
679
680 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
681 if (!NT_STATUS_IS_OK(status)) {
682 DEBUG(10, ("get_enc_ctx_num returned %s\n",
683 nt_errstr(status)));
684 return status;
685 }
686
687 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
688 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
689 enc_ctx_num,
690 cli->trans_enc_state->enc_ctx_num));
691 return NT_STATUS_INVALID_HANDLE;
692 }
693
694 status = common_decrypt_buffer(cli->trans_enc_state,
695 (char *)inbuf);
696 if (!NT_STATUS_IS_OK(status)) {
697 DEBUG(10, ("common_decrypt_buffer returned %s\n",
698 nt_errstr(status)));
699 return status;
700 }
701 }
702
703 mid = SVAL(inbuf, smb_mid);
704 num_pending = talloc_array_length(cli->conn.pending);
705
706 for (i=0; i<num_pending; i++) {
707 if (mid == cli_smb_req_mid(cli->conn.pending[i])) {
708 break;
709 }
710 }
711 if (i == num_pending) {
712 /* Dump unexpected reply */
713 return NT_STATUS_RETRY;
714 }
715
716 oplock_break = false;
717
718 if (mid == 0xffff) {
719 /*
720 * Paranoia checks that this is really an oplock break request.
721 */
722 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
723 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
724 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
725 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
726 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
727
728 if (!oplock_break) {
729 /* Dump unexpected reply */
730 return NT_STATUS_RETRY;
731 }
732 }
733
734 req = cli->conn.pending[i];
735 state = tevent_req_data(req, struct cli_smb_state);
736
737 if (!oplock_break /* oplock breaks are not signed */
738 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
739 DEBUG(10, ("cli_check_sign_mac failed\n"));
740 return NT_STATUS_ACCESS_DENIED;
741 }
742
743 if (state->chained_requests != NULL) {
744 struct tevent_req **chain = talloc_move(frame,
745 &state->chained_requests);
746 int num_chained = talloc_array_length(chain);
747
748 /*
749 * We steal the inbuf to the chain,
750 * so that it will stay until all
751 * requests of the chain are finished.
752 *
753 * Each requests in the chain will
754 * hold a talloc reference to the chain.
755 * This way we do not expose the talloc_reference()
756 * behavior to the callers.
757 */
758 talloc_steal(chain, inbuf);
759
760 for (i=0; i<num_chained; i++) {
761 struct tevent_req **ref;
762
763 req = chain[i];
764 state = tevent_req_data(req, struct cli_smb_state);
765
766 cli_smb_req_unset_pending(req);
767
768 /*
769 * as we finish multiple requests here
770 * we need to defer the callbacks as
771 * they could destroy our current stack state.
772 */
773 tevent_req_defer_callback(req, state->ev);
774
775 ref = talloc_reference(state, chain);
776 if (tevent_req_nomem(ref, req)) {
777 continue;
778 }
779
780 state->inbuf = inbuf;
781 state->chain_num = i;
782 state->chain_length = num_chained;
783
784 tevent_req_done(req);
785 }
786
787 return NT_STATUS_RETRY;
788 }
789
790 cli_smb_req_unset_pending(req);
791
792 state->inbuf = talloc_move(state, &inbuf);
793 state->chain_num = 0;
794 state->chain_length = 1;
795
796 if (talloc_array_length(cli->conn.pending) == 0) {
797 tevent_req_done(req);
798 return NT_STATUS_OK;
799 }
800
801 tevent_req_defer_callback(req, state->ev);
802 tevent_req_done(req);
803 return NT_STATUS_RETRY;
804 }
805
806 NTSTATUS cli_smb_recv(struct tevent_req *req,
807 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
808 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
809 uint32_t *pnum_bytes, uint8_t **pbytes)
810 {
811 struct cli_smb_state *state = tevent_req_data(
812 req, struct cli_smb_state);
813 NTSTATUS status = NT_STATUS_OK;
814 uint8_t cmd, wct;
815 uint16_t num_bytes;
816 size_t wct_ofs, bytes_offset;
817 int i;
818
819 if (tevent_req_is_nterror(req, &status)) {
820 return status;
821 }
822
823 if (state->inbuf == NULL) {
824 if (min_wct != 0) {
825 return NT_STATUS_INVALID_NETWORK_RESPONSE;
826 }
827 if (pinbuf) {
828 *pinbuf = NULL;
829 }
830 if (pwct) {
831 *pwct = 0;
832 }
833 if (pvwv) {
834 *pvwv = NULL;
835 }
836 if (pnum_bytes) {
837 *pnum_bytes = 0;
838 }
839 if (pbytes) {
840 *pbytes = NULL;
841 }
842 /* This was a request without a reply */
843 return NT_STATUS_OK;
844 }
845
846 wct_ofs = smb_wct;
847 cmd = CVAL(state->inbuf, smb_com);
848
849 for (i=0; i<state->chain_num; i++) {
850 if (i < state->chain_num-1) {
851 if (cmd == 0xff) {
852 return NT_STATUS_REQUEST_ABORTED;
853 }
854 if (!is_andx_req(cmd)) {
855 return NT_STATUS_INVALID_NETWORK_RESPONSE;
856 }
857 }
858
859 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
860 /*
861 * This request was not completed because a previous
862 * request in the chain had received an error.
863 */
864 return NT_STATUS_REQUEST_ABORTED;
865 }
866
867 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
868
869 /*
870 * Skip the all-present length field. No overflow, we've just
871 * put a 16-bit value into a size_t.
872 */
873 wct_ofs += 4;
874
875 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
876 return NT_STATUS_INVALID_NETWORK_RESPONSE;
877 }
878
879 cmd = CVAL(state->inbuf, wct_ofs + 1);
880 }
881
882 state->cli->raw_status = cli_pull_raw_error(state->inbuf);
883 if (NT_STATUS_IS_DOS(state->cli->raw_status)) {
884 uint8_t eclass = NT_STATUS_DOS_CLASS(state->cli->raw_status);
885 uint16_t ecode = NT_STATUS_DOS_CODE(state->cli->raw_status);
886 /*
887 * TODO: is it really a good idea to do a mapping here?
888 *
889 * The old cli_pull_error() also does it, so I do not change
890 * the behavior yet.
891 */
892 status = dos_to_ntstatus(eclass, ecode);
893 } else {
894 status = state->cli->raw_status;
895 }
896
897 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
898
899 if ((cmd == SMBsesssetupX)
900 && NT_STATUS_EQUAL(
901 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
902 /*
903 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
904 * valid return code for session setup
905 */
906 goto no_err;
907 }
908
909 if (NT_STATUS_IS_ERR(status)) {
910 /*
911 * The last command takes the error code. All
912 * further commands down the requested chain
913 * will get a NT_STATUS_REQUEST_ABORTED.
914 */
915 return status;
916 }
917 }
918
919 no_err:
920
921 wct = CVAL(state->inbuf, wct_ofs);
922 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
923 num_bytes = SVAL(state->inbuf, bytes_offset);
924
925 if (wct < min_wct) {
926 return NT_STATUS_INVALID_NETWORK_RESPONSE;
927 }
928
929 /*
930 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
931 * is a 16-bit value. So bytes_offset being size_t should be far from
932 * wrapping.
933 */
934 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
935 || (bytes_offset > 0xffff)) {
936 return NT_STATUS_INVALID_NETWORK_RESPONSE;
937 }
938
939 if (pwct != NULL) {
940 *pwct = wct;
941 }
942 if (pvwv != NULL) {
943 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
944 }
945 if (pnum_bytes != NULL) {
946 *pnum_bytes = num_bytes;
947 }
948 if (pbytes != NULL) {
949 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
950 }
951 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
952 if (state->chain_num == state->chain_length-1) {
953 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
954 } else {
955 *pinbuf = state->inbuf;
956 }
957 }
958
959 return status;
960 }
961
962 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
963 {
964 size_t wct_ofs;
965 int i;
966
967 wct_ofs = smb_wct - 4;
968
969 for (i=0; i<num_reqs; i++) {
970 struct cli_smb_state *state;
971 state = tevent_req_data(reqs[i], struct cli_smb_state);
972 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
973 wct_ofs = (wct_ofs + 3) & ~3;
974 }
975 return wct_ofs;
976 }
977
978 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
979 {
980 struct cli_smb_state *first_state = tevent_req_data(
981 reqs[0], struct cli_smb_state);
982 struct cli_smb_state *last_state = tevent_req_data(
983 reqs[num_reqs-1], struct cli_smb_state);
984 struct cli_smb_state *state;
985 size_t wct_offset;
986 size_t chain_padding = 0;
987 int i, iovlen;
988 struct iovec *iov = NULL;
989 struct iovec *this_iov;
990 NTSTATUS status;
991
992 iovlen = 0;
993 for (i=0; i<num_reqs; i++) {
994 state = tevent_req_data(reqs[i], struct cli_smb_state);
995 iovlen += state->iov_count;
996 }
997
998 iov = talloc_array(last_state, struct iovec, iovlen);
999 if (iov == NULL) {
1000 return NT_STATUS_NO_MEMORY;
1001 }
1002
1003 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
1004 last_state, reqs, sizeof(*reqs) * num_reqs);
1005 if (first_state->chained_requests == NULL) {
1006 TALLOC_FREE(iov);
1007 return NT_STATUS_NO_MEMORY;
1008 }
1009
1010 wct_offset = smb_wct - 4;
1011 this_iov = iov;
1012
1013 for (i=0; i<num_reqs; i++) {
1014 size_t next_padding = 0;
1015 uint16_t *vwv;
1016
1017 state = tevent_req_data(reqs[i], struct cli_smb_state);
1018
1019 if (i < num_reqs-1) {
1020 if (!is_andx_req(CVAL(state->header, smb_com))
1021 || CVAL(state->header, smb_wct) < 2) {
1022 TALLOC_FREE(iov);
1023 TALLOC_FREE(first_state->chained_requests);
1024 return NT_STATUS_INVALID_PARAMETER;
1025 }
1026 }
1027
1028 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
1029 if ((wct_offset % 4) != 0) {
1030 next_padding = 4 - (wct_offset % 4);
1031 }
1032 wct_offset += next_padding;
1033 vwv = state->vwv;
1034
1035 if (i < num_reqs-1) {
1036 struct cli_smb_state *next_state = tevent_req_data(
1037 reqs[i+1], struct cli_smb_state);
1038 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
1039 SCVAL(vwv+0, 1, 0);
1040 SSVAL(vwv+1, 0, wct_offset);
1041 } else if (is_andx_req(CVAL(state->header, smb_com))) {
1042 /* properly end the chain */
1043 SCVAL(vwv+0, 0, 0xff);
1044 SCVAL(vwv+0, 1, 0xff);
1045 SSVAL(vwv+1, 0, 0);
1046 }
1047
1048 if (i == 0) {
1049 this_iov[0] = state->iov[0];
1050 } else {
1051 /*
1052 * This one is a bit subtle. We have to add
1053 * chain_padding bytes between the requests, and we
1054 * have to also include the wct field of the
1055 * subsequent requests. We use the subsequent header
1056 * for the padding, it contains the wct field in its
1057 * last byte.
1058 */
1059 this_iov[0].iov_len = chain_padding+1;
1060 this_iov[0].iov_base = (void *)&state->header[
1061 sizeof(state->header) - this_iov[0].iov_len];
1062 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
1063 }
1064 memcpy(this_iov+1, state->iov+1,
1065 sizeof(struct iovec) * (state->iov_count-1));
1066 this_iov += state->iov_count;
1067 chain_padding = next_padding;
1068 }
1069
1070 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
1071 if (!NT_STATUS_IS_OK(status)) {
1072 TALLOC_FREE(iov);
1073 TALLOC_FREE(first_state->chained_requests);
1074 return status;
1075 }
1076
1077 return NT_STATUS_OK;
1078 }
1079
1080 bool cli_has_async_calls(struct cli_state *cli)
1081 {
1082 return ((tevent_queue_length(cli->conn.outgoing) != 0)
1083 || (talloc_array_length(cli->conn.pending) != 0));
1084 }
Samba GIT mirror