search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Replace shadow_copy2 with a new implementation
[Samba.git] / source3 / libsmb / async_smb.c
blob145e0aeb551220fee9cc841572334ae5ee76482b
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
28 #include "read_smb.h"
29
30 /**
31 * Fetch an error out of a NBT packet
32 * @param[in] buf The SMB packet
33 * @retval The error, converted to NTSTATUS
34 */
35
36 NTSTATUS cli_pull_error(char *buf)
37 {
38 uint32_t flags2 = SVAL(buf, smb_flg2);
39
40 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
41 return NT_STATUS(IVAL(buf, smb_rcls));
42 }
43
44 return dos_to_ntstatus(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
45 }
46
47 /**
48 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
49 * @param[in] cli The client connection that just received an error
50 * @param[in] status The error to set on "cli"
51 */
52
53 void cli_set_error(struct cli_state *cli, NTSTATUS status)
54 {
55 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
56
57 if (NT_STATUS_IS_DOS(status)) {
58 SSVAL(cli->inbuf, smb_flg2,
59 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
60 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
61 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
62 return;
63 }
64
65 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
66 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
67 return;
68 }
69
70 /**
71 * Figure out if there is an andx command behind the current one
72 * @param[in] buf The smb buffer to look at
73 * @param[in] ofs The offset to the wct field that is followed by the cmd
74 * @retval Is there a command following?
75 */
76
77 static bool have_andx_command(const char *buf, uint16_t ofs)
78 {
79 uint8_t wct;
80 size_t buflen = talloc_get_size(buf);
81
82 if ((ofs == buflen-1) || (ofs == buflen)) {
83 return false;
84 }
85
86 wct = CVAL(buf, ofs);
87 if (wct < 2) {
88 /*
89 * Not enough space for the command and a following pointer
90 */
91 return false;
92 }
93 return (CVAL(buf, ofs+1) != 0xff);
94 }
95
96 #define MAX_SMB_IOV 5
97
98 struct cli_smb_state {
99 struct tevent_context *ev;
100 struct cli_state *cli;
101 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
102
103 /*
104 * For normal requests, cli_smb_req_send chooses a mid. Secondary
105 * trans requests need to use the mid of the primary request, so we
106 * need a place to store it. Assume it's set if != 0.
107 */
108 uint16_t mid;
109
110 uint16_t *vwv;
111 uint8_t bytecount_buf[2];
112
113 struct iovec iov[MAX_SMB_IOV+3];
114 int iov_count;
115
116 uint8_t *inbuf;
117 uint32_t seqnum;
118 int chain_num;
119 int chain_length;
120 struct tevent_req **chained_requests;
121 };
122
123 static uint16_t cli_alloc_mid(struct cli_state *cli)
124 {
125 int num_pending = talloc_array_length(cli->pending);
126 uint16_t result;
127
128 while (true) {
129 int i;
130
131 result = cli->mid++;
132 if ((result == 0) || (result == 0xffff)) {
133 continue;
134 }
135
136 for (i=0; i<num_pending; i++) {
137 if (result == cli_smb_req_mid(cli->pending[i])) {
138 break;
139 }
140 }
141
142 if (i == num_pending) {
143 return result;
144 }
145 }
146 }
147
148 void cli_smb_req_unset_pending(struct tevent_req *req)
149 {
150 struct cli_smb_state *state = tevent_req_data(
151 req, struct cli_smb_state);
152 struct cli_state *cli = state->cli;
153 int num_pending = talloc_array_length(cli->pending);
154 int i;
155
156 if (state->mid != 0) {
157 /*
158 * This is a [nt]trans[2] request which waits
159 * for more than one reply.
160 */
161 return;
162 }
163
164 if (num_pending == 1) {
165 /*
166 * The pending read_smb tevent_req is a child of
167 * cli->pending. So if nothing is pending anymore, we need to
168 * delete the socket read fde.
169 */
170 TALLOC_FREE(cli->pending);
171 return;
172 }
173
174 for (i=0; i<num_pending; i++) {
175 if (req == cli->pending[i]) {
176 break;
177 }
178 }
179 if (i == num_pending) {
180 /*
181 * Something's seriously broken. Just returning here is the
182 * right thing nevertheless, the point of this routine is to
183 * remove ourselves from cli->pending.
184 */
185 return;
186 }
187
188 /*
189 * Remove ourselves from the cli->pending array
190 */
191 cli->pending[i] = cli->pending[num_pending-1];
192
193 /*
194 * No NULL check here, we're shrinking by sizeof(void *), and
195 * talloc_realloc just adjusts the size for this.
196 */
197 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
198 num_pending - 1);
199 return;
200 }
201
202 static int cli_smb_req_destructor(struct tevent_req *req)
203 {
204 struct cli_smb_state *state = tevent_req_data(
205 req, struct cli_smb_state);
206 /*
207 * Make sure we really remove it from
208 * the pending array on destruction.
209 */
210 state->mid = 0;
211 cli_smb_req_unset_pending(req);
212 return 0;
213 }
214
215 static void cli_smb_received(struct tevent_req *subreq);
216
217 bool cli_smb_req_set_pending(struct tevent_req *req)
218 {
219 struct cli_smb_state *state = tevent_req_data(
220 req, struct cli_smb_state);
221 struct cli_state *cli;
222 struct tevent_req **pending;
223 int num_pending;
224 struct tevent_req *subreq;
225
226 cli = state->cli;
227 num_pending = talloc_array_length(cli->pending);
228
229 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
230 num_pending+1);
231 if (pending == NULL) {
232 return false;
233 }
234 pending[num_pending] = req;
235 cli->pending = pending;
236 talloc_set_destructor(req, cli_smb_req_destructor);
237
238 if (num_pending > 0) {
239 return true;
240 }
241
242 /*
243 * We're the first ones, add the read_smb request that waits for the
244 * answer from the server
245 */
246 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
247 if (subreq == NULL) {
248 cli_smb_req_unset_pending(req);
249 return false;
250 }
251 tevent_req_set_callback(subreq, cli_smb_received, cli);
252 return true;
253 }
254
255 /*
256 * Fetch a smb request's mid. Only valid after the request has been sent by
257 * cli_smb_req_send().
258 */
259 uint16_t cli_smb_req_mid(struct tevent_req *req)
260 {
261 struct cli_smb_state *state = tevent_req_data(
262 req, struct cli_smb_state);
263 return SVAL(state->header, smb_mid);
264 }
265
266 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
267 {
268 struct cli_smb_state *state = tevent_req_data(
269 req, struct cli_smb_state);
270 state->mid = mid;
271 }
272
273 uint32_t cli_smb_req_seqnum(struct tevent_req *req)
274 {
275 struct cli_smb_state *state = tevent_req_data(
276 req, struct cli_smb_state);
277 return state->seqnum;
278 }
279
280 void cli_smb_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
281 {
282 struct cli_smb_state *state = tevent_req_data(
283 req, struct cli_smb_state);
284 state->seqnum = seqnum;
285 }
286
287 static size_t iov_len(const struct iovec *iov, int count)
288 {
289 size_t result = 0;
290 int i;
291 for (i=0; i<count; i++) {
292 result += iov[i].iov_len;
293 }
294 return result;
295 }
296
297 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
298 int count)
299 {
300 size_t len = iov_len(iov, count);
301 size_t copied;
302 uint8_t *buf;
303 int i;
304
305 buf = talloc_array(mem_ctx, uint8_t, len);
306 if (buf == NULL) {
307 return NULL;
308 }
309 copied = 0;
310 for (i=0; i<count; i++) {
311 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
312 copied += iov[i].iov_len;
313 }
314 return buf;
315 }
316
317 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
318 struct event_context *ev,
319 struct cli_state *cli,
320 uint8_t smb_command,
321 uint8_t additional_flags,
322 uint8_t wct, uint16_t *vwv,
323 int iov_count,
324 struct iovec *bytes_iov)
325 {
326 struct tevent_req *result;
327 struct cli_smb_state *state;
328 struct timeval endtime;
329
330 if (iov_count > MAX_SMB_IOV) {
331 /*
332 * Should not happen :-)
333 */
334 return NULL;
335 }
336
337 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
338 if (result == NULL) {
339 return NULL;
340 }
341 state->ev = ev;
342 state->cli = cli;
343 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
344 state->chain_num = 0;
345 state->chained_requests = NULL;
346
347 cli_setup_packet_buf(cli, (char *)state->header);
348 SCVAL(state->header, smb_com, smb_command);
349 SSVAL(state->header, smb_tid, cli->cnum);
350 SCVAL(state->header, smb_wct, wct);
351
352 state->vwv = vwv;
353
354 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
355
356 state->iov[0].iov_base = (void *)state->header;
357 state->iov[0].iov_len = sizeof(state->header);
358 state->iov[1].iov_base = (void *)state->vwv;
359 state->iov[1].iov_len = wct * sizeof(uint16_t);
360 state->iov[2].iov_base = (void *)state->bytecount_buf;
361 state->iov[2].iov_len = sizeof(uint16_t);
362
363 if (iov_count != 0) {
364 memcpy(&state->iov[3], bytes_iov,
365 iov_count * sizeof(*bytes_iov));
366 }
367 state->iov_count = iov_count + 3;
368
369 if (cli->timeout) {
370 endtime = timeval_current_ofs_msec(cli->timeout);
371 if (!tevent_req_set_endtime(result, ev, endtime)) {
372 tevent_req_nomem(NULL, result);
373 }
374 }
375 return result;
376 }
377
378 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
379 uint32_t *seqnum)
380 {
381 uint8_t *buf;
382
383 /*
384 * Obvious optimization: Make cli_calculate_sign_mac work with struct
385 * iovec directly. MD5Update would do that just fine.
386 */
387
388 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
389 return NT_STATUS_INVALID_PARAMETER;
390 }
391
392 buf = iov_concat(talloc_tos(), iov, count);
393 if (buf == NULL) {
394 return NT_STATUS_NO_MEMORY;
395 }
396
397 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
398 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
399
400 TALLOC_FREE(buf);
401 return NT_STATUS_OK;
402 }
403
404 static void cli_smb_sent(struct tevent_req *subreq);
405
406 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
407 struct cli_smb_state *state,
408 struct iovec *iov, int iov_count)
409 {
410 struct tevent_req *subreq;
411 NTSTATUS status;
412
413 if (state->cli->fd == -1) {
414 return NT_STATUS_CONNECTION_INVALID;
415 }
416
417 if (iov[0].iov_len < smb_wct) {
418 return NT_STATUS_INVALID_PARAMETER;
419 }
420
421 if (state->mid != 0) {
422 SSVAL(iov[0].iov_base, smb_mid, state->mid);
423 } else {
424 uint16_t mid = cli_alloc_mid(state->cli);
425 SSVAL(iov[0].iov_base, smb_mid, mid);
426 }
427
428 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
429
430 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
431
432 if (!NT_STATUS_IS_OK(status)) {
433 return status;
434 }
435
436 if (cli_encryption_on(state->cli)) {
437 char *buf, *enc_buf;
438
439 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
440 if (buf == NULL) {
441 return NT_STATUS_NO_MEMORY;
442 }
443 status = common_encrypt_buffer(state->cli->trans_enc_state,
444 (char *)buf, &enc_buf);
445 TALLOC_FREE(buf);
446 if (!NT_STATUS_IS_OK(status)) {
447 DEBUG(0, ("Error in encrypting client message: %s\n",
448 nt_errstr(status)));
449 return status;
450 }
451 buf = (char *)talloc_memdup(state, enc_buf,
452 smb_len(enc_buf)+4);
453 SAFE_FREE(enc_buf);
454 if (buf == NULL) {
455 return NT_STATUS_NO_MEMORY;
456 }
457 iov[0].iov_base = (void *)buf;
458 iov[0].iov_len = talloc_get_size(buf);
459 iov_count = 1;
460 }
461 subreq = writev_send(state, state->ev, state->cli->outgoing,
462 state->cli->fd, false, iov, iov_count);
463 if (subreq == NULL) {
464 return NT_STATUS_NO_MEMORY;
465 }
466 tevent_req_set_callback(subreq, cli_smb_sent, req);
467 return NT_STATUS_OK;
468 }
469
470 NTSTATUS cli_smb_req_send(struct tevent_req *req)
471 {
472 struct cli_smb_state *state = tevent_req_data(
473 req, struct cli_smb_state);
474
475 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
476 }
477
478 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
479 struct event_context *ev,
480 struct cli_state *cli,
481 uint8_t smb_command,
482 uint8_t additional_flags,
483 uint8_t wct, uint16_t *vwv,
484 uint32_t num_bytes,
485 const uint8_t *bytes)
486 {
487 struct tevent_req *req;
488 struct iovec iov;
489 NTSTATUS status;
490
491 iov.iov_base = discard_const_p(void, bytes);
492 iov.iov_len = num_bytes;
493
494 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
495 additional_flags, wct, vwv, 1, &iov);
496 if (req == NULL) {
497 return NULL;
498 }
499
500 status = cli_smb_req_send(req);
501 if (!NT_STATUS_IS_OK(status)) {
502 tevent_req_nterror(req, status);
503 return tevent_req_post(req, ev);
504 }
505 return req;
506 }
507
508 static void cli_smb_sent(struct tevent_req *subreq)
509 {
510 struct tevent_req *req = tevent_req_callback_data(
511 subreq, struct tevent_req);
512 struct cli_smb_state *state = tevent_req_data(
513 req, struct cli_smb_state);
514 ssize_t nwritten;
515 int err;
516
517 nwritten = writev_recv(subreq, &err);
518 TALLOC_FREE(subreq);
519 if (nwritten == -1) {
520 if (state->cli->fd != -1) {
521 close(state->cli->fd);
522 state->cli->fd = -1;
523 }
524 tevent_req_nterror(req, map_nt_error_from_unix(err));
525 return;
526 }
527
528 switch (CVAL(state->header, smb_com)) {
529 case SMBtranss:
530 case SMBtranss2:
531 case SMBnttranss:
532 case SMBntcancel:
533 state->inbuf = NULL;
534 tevent_req_done(req);
535 return;
536 case SMBlockingX:
537 if ((CVAL(state->header, smb_wct) == 8) &&
538 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
539 state->inbuf = NULL;
540 tevent_req_done(req);
541 return;
542 }
543 }
544
545 if (!cli_smb_req_set_pending(req)) {
546 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
547 return;
548 }
549 }
550
551 static void cli_smb_received(struct tevent_req *subreq)
552 {
553 struct cli_state *cli = tevent_req_callback_data(
554 subreq, struct cli_state);
555 struct tevent_req *req;
556 struct cli_smb_state *state;
557 NTSTATUS status;
558 uint8_t *inbuf;
559 ssize_t received;
560 int num_pending;
561 int i, err;
562 uint16_t mid;
563 bool oplock_break;
564
565 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
566 TALLOC_FREE(subreq);
567 if (received == -1) {
568 if (cli->fd != -1) {
569 close(cli->fd);
570 cli->fd = -1;
571 }
572 status = map_nt_error_from_unix(err);
573 goto fail;
574 }
575
576 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
577 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
578 DEBUG(10, ("Got non-SMB PDU\n"));
579 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
580 goto fail;
581 }
582
583 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
584 uint16_t enc_ctx_num;
585
586 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
587 if (!NT_STATUS_IS_OK(status)) {
588 DEBUG(10, ("get_enc_ctx_num returned %s\n",
589 nt_errstr(status)));
590 goto fail;
591 }
592
593 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
594 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
595 enc_ctx_num,
596 cli->trans_enc_state->enc_ctx_num));
597 status = NT_STATUS_INVALID_HANDLE;
598 goto fail;
599 }
600
601 status = common_decrypt_buffer(cli->trans_enc_state,
602 (char *)inbuf);
603 if (!NT_STATUS_IS_OK(status)) {
604 DEBUG(10, ("common_decrypt_buffer returned %s\n",
605 nt_errstr(status)));
606 goto fail;
607 }
608 }
609
610 mid = SVAL(inbuf, smb_mid);
611 num_pending = talloc_array_length(cli->pending);
612
613 for (i=0; i<num_pending; i++) {
614 if (mid == cli_smb_req_mid(cli->pending[i])) {
615 break;
616 }
617 }
618 if (i == num_pending) {
619 /* Dump unexpected reply */
620 TALLOC_FREE(inbuf);
621 goto done;
622 }
623
624 oplock_break = false;
625
626 if (mid == 0xffff) {
627 /*
628 * Paranoia checks that this is really an oplock break request.
629 */
630 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
631 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
632 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
633 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
634 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
635
636 if (!oplock_break) {
637 /* Dump unexpected reply */
638 TALLOC_FREE(inbuf);
639 goto done;
640 }
641 }
642
643 req = cli->pending[i];
644 state = tevent_req_data(req, struct cli_smb_state);
645
646 if (!oplock_break /* oplock breaks are not signed */
647 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
648 DEBUG(10, ("cli_check_sign_mac failed\n"));
649 TALLOC_FREE(inbuf);
650 status = NT_STATUS_ACCESS_DENIED;
651 close(cli->fd);
652 cli->fd = -1;
653 goto fail;
654 }
655
656 if (state->chained_requests == NULL) {
657 state->inbuf = talloc_move(state, &inbuf);
658 talloc_set_destructor(req, NULL);
659 cli_smb_req_unset_pending(req);
660 state->chain_num = 0;
661 state->chain_length = 1;
662 tevent_req_done(req);
663 } else {
664 struct tevent_req **chain = talloc_move(
665 talloc_tos(), &state->chained_requests);
666 int num_chained = talloc_array_length(chain);
667
668 for (i=0; i<num_chained; i++) {
669 state = tevent_req_data(chain[i], struct
670 cli_smb_state);
671 state->inbuf = inbuf;
672 state->chain_num = i;
673 state->chain_length = num_chained;
674 tevent_req_done(chain[i]);
675 }
676 TALLOC_FREE(inbuf);
677 TALLOC_FREE(chain);
678 }
679 done:
680 if (talloc_array_length(cli->pending) > 0) {
681 /*
682 * Set up another read request for the other pending cli_smb
683 * requests
684 */
685 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
686 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
687 if (subreq == NULL) {
688 status = NT_STATUS_NO_MEMORY;
689 goto fail;
690 }
691 tevent_req_set_callback(subreq, cli_smb_received, cli);
692 }
693 return;
694 fail:
695 /*
696 * Cancel all pending requests. We don't do a for-loop walking
697 * cli->pending because that array changes in
698 * cli_smb_req_destructor().
699 */
700 while (talloc_array_length(cli->pending) > 0) {
701 req = cli->pending[0];
702 talloc_set_destructor(req, NULL);
703 cli_smb_req_unset_pending(req);
704 tevent_req_nterror(req, status);
705 }
706 }
707
708 NTSTATUS cli_smb_recv(struct tevent_req *req,
709 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
710 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
711 uint32_t *pnum_bytes, uint8_t **pbytes)
712 {
713 struct cli_smb_state *state = tevent_req_data(
714 req, struct cli_smb_state);
715 NTSTATUS status = NT_STATUS_OK;
716 uint8_t cmd, wct;
717 uint16_t num_bytes;
718 size_t wct_ofs, bytes_offset;
719 int i;
720
721 if (tevent_req_is_nterror(req, &status)) {
722 return status;
723 }
724
725 if (state->inbuf == NULL) {
726 if (min_wct != 0) {
727 return NT_STATUS_INVALID_NETWORK_RESPONSE;
728 }
729 if (pinbuf) {
730 *pinbuf = NULL;
731 }
732 if (pwct) {
733 *pwct = 0;
734 }
735 if (pvwv) {
736 *pvwv = NULL;
737 }
738 if (pnum_bytes) {
739 *pnum_bytes = 0;
740 }
741 if (pbytes) {
742 *pbytes = NULL;
743 }
744 /* This was a request without a reply */
745 return NT_STATUS_OK;
746 }
747
748 wct_ofs = smb_wct;
749 cmd = CVAL(state->inbuf, smb_com);
750
751 for (i=0; i<state->chain_num; i++) {
752 if (i < state->chain_num-1) {
753 if (cmd == 0xff) {
754 return NT_STATUS_REQUEST_ABORTED;
755 }
756 if (!is_andx_req(cmd)) {
757 return NT_STATUS_INVALID_NETWORK_RESPONSE;
758 }
759 }
760
761 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
762 /*
763 * This request was not completed because a previous
764 * request in the chain had received an error.
765 */
766 return NT_STATUS_REQUEST_ABORTED;
767 }
768
769 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
770
771 /*
772 * Skip the all-present length field. No overflow, we've just
773 * put a 16-bit value into a size_t.
774 */
775 wct_ofs += 4;
776
777 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
778 return NT_STATUS_INVALID_NETWORK_RESPONSE;
779 }
780
781 cmd = CVAL(state->inbuf, wct_ofs + 1);
782 }
783
784 status = cli_pull_error((char *)state->inbuf);
785
786 cli_set_error(state->cli, status);
787
788 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
789
790 if ((cmd == SMBsesssetupX)
791 && NT_STATUS_EQUAL(
792 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
793 /*
794 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
795 * valid return code for session setup
796 */
797 goto no_err;
798 }
799
800 if (NT_STATUS_IS_ERR(status)) {
801 /*
802 * The last command takes the error code. All
803 * further commands down the requested chain
804 * will get a NT_STATUS_REQUEST_ABORTED.
805 */
806 return status;
807 }
808 }
809
810 no_err:
811
812 wct = CVAL(state->inbuf, wct_ofs);
813 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
814 num_bytes = SVAL(state->inbuf, bytes_offset);
815
816 if (wct < min_wct) {
817 return NT_STATUS_INVALID_NETWORK_RESPONSE;
818 }
819
820 /*
821 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
822 * is a 16-bit value. So bytes_offset being size_t should be far from
823 * wrapping.
824 */
825 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
826 || (bytes_offset > 0xffff)) {
827 return NT_STATUS_INVALID_NETWORK_RESPONSE;
828 }
829
830 if (pwct != NULL) {
831 *pwct = wct;
832 }
833 if (pvwv != NULL) {
834 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
835 }
836 if (pnum_bytes != NULL) {
837 *pnum_bytes = num_bytes;
838 }
839 if (pbytes != NULL) {
840 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
841 }
842 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
843 if (state->chain_num == state->chain_length-1) {
844 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
845 } else {
846 *pinbuf = state->inbuf;
847 }
848 }
849
850 return status;
851 }
852
853 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
854 {
855 size_t wct_ofs;
856 int i;
857
858 wct_ofs = smb_wct - 4;
859
860 for (i=0; i<num_reqs; i++) {
861 struct cli_smb_state *state;
862 state = tevent_req_data(reqs[i], struct cli_smb_state);
863 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
864 wct_ofs = (wct_ofs + 3) & ~3;
865 }
866 return wct_ofs;
867 }
868
869 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
870 {
871 struct cli_smb_state *first_state = tevent_req_data(
872 reqs[0], struct cli_smb_state);
873 struct cli_smb_state *last_state = tevent_req_data(
874 reqs[num_reqs-1], struct cli_smb_state);
875 struct cli_smb_state *state;
876 size_t wct_offset;
877 size_t chain_padding = 0;
878 int i, iovlen;
879 struct iovec *iov = NULL;
880 struct iovec *this_iov;
881 NTSTATUS status;
882
883 iovlen = 0;
884 for (i=0; i<num_reqs; i++) {
885 state = tevent_req_data(reqs[i], struct cli_smb_state);
886 iovlen += state->iov_count;
887 }
888
889 iov = talloc_array(last_state, struct iovec, iovlen);
890 if (iov == NULL) {
891 return NT_STATUS_NO_MEMORY;
892 }
893
894 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
895 last_state, reqs, sizeof(*reqs) * num_reqs);
896 if (first_state->chained_requests == NULL) {
897 TALLOC_FREE(iov);
898 return NT_STATUS_NO_MEMORY;
899 }
900
901 wct_offset = smb_wct - 4;
902 this_iov = iov;
903
904 for (i=0; i<num_reqs; i++) {
905 size_t next_padding = 0;
906 uint16_t *vwv;
907
908 state = tevent_req_data(reqs[i], struct cli_smb_state);
909
910 if (i < num_reqs-1) {
911 if (!is_andx_req(CVAL(state->header, smb_com))
912 || CVAL(state->header, smb_wct) < 2) {
913 TALLOC_FREE(iov);
914 TALLOC_FREE(first_state->chained_requests);
915 return NT_STATUS_INVALID_PARAMETER;
916 }
917 }
918
919 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
920 if ((wct_offset % 4) != 0) {
921 next_padding = 4 - (wct_offset % 4);
922 }
923 wct_offset += next_padding;
924 vwv = state->vwv;
925
926 if (i < num_reqs-1) {
927 struct cli_smb_state *next_state = tevent_req_data(
928 reqs[i+1], struct cli_smb_state);
929 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
930 SCVAL(vwv+0, 1, 0);
931 SSVAL(vwv+1, 0, wct_offset);
932 } else if (is_andx_req(CVAL(state->header, smb_com))) {
933 /* properly end the chain */
934 SCVAL(vwv+0, 0, 0xff);
935 SCVAL(vwv+0, 1, 0xff);
936 SSVAL(vwv+1, 0, 0);
937 }
938
939 if (i == 0) {
940 this_iov[0] = state->iov[0];
941 } else {
942 /*
943 * This one is a bit subtle. We have to add
944 * chain_padding bytes between the requests, and we
945 * have to also include the wct field of the
946 * subsequent requests. We use the subsequent header
947 * for the padding, it contains the wct field in its
948 * last byte.
949 */
950 this_iov[0].iov_len = chain_padding+1;
951 this_iov[0].iov_base = (void *)&state->header[
952 sizeof(state->header) - this_iov[0].iov_len];
953 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
954 }
955 memcpy(this_iov+1, state->iov+1,
956 sizeof(struct iovec) * (state->iov_count-1));
957 this_iov += state->iov_count;
958 chain_padding = next_padding;
959 }
960
961 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
962 if (!NT_STATUS_IS_OK(status)) {
963 TALLOC_FREE(iov);
964 TALLOC_FREE(first_state->chained_requests);
965 return status;
966 }
967
968 return NT_STATUS_OK;
969 }
970
971 uint8_t *cli_smb_inbuf(struct tevent_req *req)
972 {
973 struct cli_smb_state *state = tevent_req_data(
974 req, struct cli_smb_state);
975 return state->inbuf;
976 }
977
978 bool cli_has_async_calls(struct cli_state *cli)
979 {
980 return ((tevent_queue_length(cli->outgoing) != 0)
981 || (talloc_array_length(cli->pending) != 0));
982 }
983
984 struct cli_smb_oplock_break_waiter_state {
985 uint16_t fnum;
986 uint8_t level;
987 };
988
989 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
990
991 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
992 struct event_context *ev,
993 struct cli_state *cli)
994 {
995 struct tevent_req *req, *subreq;
996 struct cli_smb_oplock_break_waiter_state *state;
997 struct cli_smb_state *smb_state;
998
999 req = tevent_req_create(mem_ctx, &state,
1000 struct cli_smb_oplock_break_waiter_state);
1001 if (req == NULL) {
1002 return NULL;
1003 }
1004
1005 /*
1006 * Create a fake SMB request that we will never send out. This is only
1007 * used to be set into the pending queue with the right mid.
1008 */
1009 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1010 if (tevent_req_nomem(subreq, req)) {
1011 return tevent_req_post(req, ev);
1012 }
1013 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1014 SSVAL(smb_state->header, smb_mid, 0xffff);
1015
1016 if (!cli_smb_req_set_pending(subreq)) {
1017 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1018 return tevent_req_post(req, ev);
1019 }
1020 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1021 return req;
1022 }
1023
1024 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1025 {
1026 struct tevent_req *req = tevent_req_callback_data(
1027 subreq, struct tevent_req);
1028 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1029 req, struct cli_smb_oplock_break_waiter_state);
1030 uint8_t wct;
1031 uint16_t *vwv;
1032 uint32_t num_bytes;
1033 uint8_t *bytes;
1034 uint8_t *inbuf;
1035 NTSTATUS status;
1036
1037 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1038 &num_bytes, &bytes);
1039 TALLOC_FREE(subreq);
1040 if (!NT_STATUS_IS_OK(status)) {
1041 tevent_req_nterror(req, status);
1042 return;
1043 }
1044 state->fnum = SVAL(vwv+2, 0);
1045 state->level = CVAL(vwv+3, 1);
1046 tevent_req_done(req);
1047 }
1048
1049 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1050 uint16_t *pfnum,
1051 uint8_t *plevel)
1052 {
1053 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1054 req, struct cli_smb_oplock_break_waiter_state);
1055 NTSTATUS status;
1056
1057 if (tevent_req_is_nterror(req, &status)) {
1058 return status;
1059 }
1060 *pfnum = state->fnum;
1061 *plevel = state->level;
1062 return NT_STATUS_OK;
1063 }
1064
1065
1066 struct cli_session_request_state {
1067 struct tevent_context *ev;
1068 int sock;
1069 uint32 len_hdr;
1070 struct iovec iov[3];
1071 uint8_t nb_session_response;
1072 };
1073
1074 static void cli_session_request_sent(struct tevent_req *subreq);
1075 static void cli_session_request_recvd(struct tevent_req *subreq);
1076
1077 struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
1078 struct tevent_context *ev,
1079 int sock,
1080 const struct nmb_name *called,
1081 const struct nmb_name *calling)
1082 {
1083 struct tevent_req *req, *subreq;
1084 struct cli_session_request_state *state;
1085
1086 req = tevent_req_create(mem_ctx, &state,
1087 struct cli_session_request_state);
1088 if (req == NULL) {
1089 return NULL;
1090 }
1091 state->ev = ev;
1092 state->sock = sock;
1093
1094 state->iov[1].iov_base = name_mangle(
1095 state, called->name, called->name_type);
1096 if (tevent_req_nomem(state->iov[1].iov_base, req)) {
1097 return tevent_req_post(req, ev);
1098 }
1099 state->iov[1].iov_len = name_len(
1100 (unsigned char *)state->iov[1].iov_base,
1101 talloc_get_size(state->iov[1].iov_base));
1102
1103 state->iov[2].iov_base = name_mangle(
1104 state, calling->name, calling->name_type);
1105 if (tevent_req_nomem(state->iov[2].iov_base, req)) {
1106 return tevent_req_post(req, ev);
1107 }
1108 state->iov[2].iov_len = name_len(
1109 (unsigned char *)state->iov[2].iov_base,
1110 talloc_get_size(state->iov[2].iov_base));
1111
1112 _smb_setlen(((char *)&state->len_hdr),
1113 state->iov[1].iov_len + state->iov[2].iov_len);
1114 SCVAL((char *)&state->len_hdr, 0, 0x81);
1115
1116 state->iov[0].iov_base = &state->len_hdr;
1117 state->iov[0].iov_len = sizeof(state->len_hdr);
1118
1119 subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
1120 if (tevent_req_nomem(subreq, req)) {
1121 return tevent_req_post(req, ev);
1122 }
1123 tevent_req_set_callback(subreq, cli_session_request_sent, req);
1124 return req;
1125 }
1126
1127 static void cli_session_request_sent(struct tevent_req *subreq)
1128 {
1129 struct tevent_req *req = tevent_req_callback_data(
1130 subreq, struct tevent_req);
1131 struct cli_session_request_state *state = tevent_req_data(
1132 req, struct cli_session_request_state);
1133 ssize_t ret;
1134 int err;
1135
1136 ret = writev_recv(subreq, &err);
1137 TALLOC_FREE(subreq);
1138 if (ret == -1) {
1139 tevent_req_error(req, err);
1140 return;
1141 }
1142 subreq = read_smb_send(state, state->ev, state->sock);
1143 if (tevent_req_nomem(subreq, req)) {
1144 return;
1145 }
1146 tevent_req_set_callback(subreq, cli_session_request_recvd, req);
1147 }
1148
1149 static void cli_session_request_recvd(struct tevent_req *subreq)
1150 {
1151 struct tevent_req *req = tevent_req_callback_data(
1152 subreq, struct tevent_req);
1153 struct cli_session_request_state *state = tevent_req_data(
1154 req, struct cli_session_request_state);
1155 uint8_t *buf;
1156 ssize_t ret;
1157 int err;
1158
1159 ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
1160 TALLOC_FREE(subreq);
1161
1162 if (ret < 4) {
1163 ret = -1;
1164 err = EIO;
1165 }
1166 if (ret == -1) {
1167 tevent_req_error(req, err);
1168 return;
1169 }
1170 /*
1171 * In case of an error there is more information in the data
1172 * portion according to RFC1002. We're not subtle enough to
1173 * respond to the different error conditions, so drop the
1174 * error info here.
1175 */
1176 state->nb_session_response = CVAL(buf, 0);
1177 tevent_req_done(req);
1178 }
1179
1180 bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
1181 {
1182 struct cli_session_request_state *state = tevent_req_data(
1183 req, struct cli_session_request_state);
1184
1185 if (tevent_req_is_unix_error(req, err)) {
1186 return false;
1187 }
1188 *resp = state->nb_session_response;
1189 return true;
1190 }
Samba GIT mirror