2 Unix SMB/CIFS implementation.
3 SMB client generic functions
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /*******************************************************************
24 Setup the word count and byte count for a client smb message.
25 ********************************************************************/
27 int cli_set_message(char *buf
,int num_words
,int num_bytes
,bool zero
)
29 if (zero
&& (num_words
|| num_bytes
)) {
30 memset(buf
+ smb_size
,'\0',num_words
*2 + num_bytes
);
32 SCVAL(buf
,smb_wct
,num_words
);
33 SSVAL(buf
,smb_vwv
+ num_words
*SIZEOFWORD
,num_bytes
);
34 smb_setlen(buf
,smb_size
+ num_words
*2 + num_bytes
- 4);
35 return (smb_size
+ num_words
*2 + num_bytes
);
38 /****************************************************************************
39 Change the timeout (in milliseconds).
40 ****************************************************************************/
42 unsigned int cli_set_timeout(struct cli_state
*cli
, unsigned int timeout
)
44 unsigned int old_timeout
= cli
->timeout
;
45 cli
->timeout
= timeout
;
49 /****************************************************************************
50 Change the port number used to call on.
51 ****************************************************************************/
53 int cli_set_port(struct cli_state
*cli
, int port
)
59 /****************************************************************************
60 Read an smb from a fd ignoring all keepalive packets. Note that the buffer
61 *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
62 The timeout is in milliseconds
64 This is exactly the same as receive_smb except that it never returns
65 a session keepalive packet (just as receive_smb used to do).
66 receive_smb was changed to return keepalives as the oplock processing means this call
67 should never go into a blocking read.
68 ****************************************************************************/
70 static ssize_t
client_receive_smb(struct cli_state
*cli
, size_t maxlen
)
77 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_OK
);
79 status
= receive_smb_raw(cli
->fd
, cli
->inbuf
, cli
->timeout
,
81 if (!NT_STATUS_IS_OK(status
)) {
82 DEBUG(10,("client_receive_smb failed\n"));
85 if (NT_STATUS_EQUAL(status
, NT_STATUS_END_OF_FILE
)) {
86 set_smb_read_error(&cli
->smb_rw_error
,
91 if (NT_STATUS_EQUAL(status
, NT_STATUS_IO_TIMEOUT
)) {
92 set_smb_read_error(&cli
->smb_rw_error
,
97 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_ERROR
);
105 /* Ignore session keepalive packets. */
106 if(CVAL(cli
->inbuf
,0) != SMBkeepalive
) {
111 if (cli_encryption_on(cli
)) {
112 NTSTATUS status
= cli_decrypt_message(cli
);
113 if (!NT_STATUS_IS_OK(status
)) {
114 DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
116 cli
->smb_rw_error
= SMB_READ_BAD_DECRYPT
;
121 show_msg(cli
->inbuf
);
125 /****************************************************************************
127 ****************************************************************************/
129 bool cli_receive_smb(struct cli_state
*cli
)
133 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
138 len
= client_receive_smb(cli
, 0);
141 /* it might be an oplock break request */
142 if (!(CVAL(cli
->inbuf
, smb_flg
) & FLAG_REPLY
) &&
143 CVAL(cli
->inbuf
,smb_com
) == SMBlockingX
&&
144 SVAL(cli
->inbuf
,smb_vwv6
) == 0 &&
145 SVAL(cli
->inbuf
,smb_vwv7
) == 0) {
146 if (cli
->oplock_handler
) {
147 int fnum
= SVAL(cli
->inbuf
,smb_vwv2
);
148 unsigned char level
= CVAL(cli
->inbuf
,smb_vwv3
+1);
149 if (!cli
->oplock_handler(cli
, fnum
, level
)) {
153 /* try to prevent loops */
154 SCVAL(cli
->inbuf
,smb_com
,0xFF);
159 /* If the server is not responding, note that now */
161 DEBUG(0, ("Receiving SMB: Server stopped responding\n"));
167 if (!cli_check_sign_mac(cli
)) {
169 * If we get a signature failure in sessionsetup, then
170 * the server sometimes just reflects the sent signature
171 * back to us. Detect this and allow the upper layer to
172 * retrieve the correct Windows error message.
174 if (CVAL(cli
->outbuf
,smb_com
) == SMBsesssetupX
&&
175 (smb_len(cli
->inbuf
) > (smb_ss_field
+ 8 - 4)) &&
176 (SVAL(cli
->inbuf
,smb_flg2
) & FLAGS2_SMB_SECURITY_SIGNATURES
) &&
177 memcmp(&cli
->outbuf
[smb_ss_field
],&cli
->inbuf
[smb_ss_field
],8) == 0 &&
181 * Reflected signature on login error.
182 * Set bad sig but don't close fd.
184 cli
->smb_rw_error
= SMB_READ_BAD_SIG
;
188 DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
189 cli
->smb_rw_error
= SMB_READ_BAD_SIG
;
197 /****************************************************************************
198 Read the data portion of a readX smb.
199 The timeout is in milliseconds
200 ****************************************************************************/
202 ssize_t
cli_receive_smb_data(struct cli_state
*cli
, char *buffer
, size_t len
)
206 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_OK
);
208 status
= read_socket_with_timeout(
209 cli
->fd
, buffer
, len
, len
, cli
->timeout
, NULL
);
210 if (NT_STATUS_IS_OK(status
)) {
214 if (NT_STATUS_EQUAL(status
, NT_STATUS_END_OF_FILE
)) {
215 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_EOF
);
219 if (NT_STATUS_EQUAL(status
, NT_STATUS_IO_TIMEOUT
)) {
220 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_TIMEOUT
);
224 set_smb_read_error(&cli
->smb_rw_error
, SMB_READ_ERROR
);
228 /****************************************************************************
229 Read a smb readX header.
230 We can only use this if encryption and signing are off.
231 ****************************************************************************/
233 bool cli_receive_smb_readX_header(struct cli_state
*cli
)
242 /* Read up to the size of a readX header reply. */
243 len
= client_receive_smb(cli
, (smb_size
- 4) + 24);
246 /* it might be an oplock break request */
247 if (!(CVAL(cli
->inbuf
, smb_flg
) & FLAG_REPLY
) &&
248 CVAL(cli
->inbuf
,smb_com
) == SMBlockingX
&&
249 SVAL(cli
->inbuf
,smb_vwv6
) == 0 &&
250 SVAL(cli
->inbuf
,smb_vwv7
) == 0) {
251 ssize_t total_len
= smb_len(cli
->inbuf
);
253 if (total_len
> CLI_SAMBA_MAX_LARGE_READX_SIZE
+SAFETY_MARGIN
) {
257 /* Read the rest of the data. */
258 if ((total_len
- len
> 0) &&
259 !cli_receive_smb_data(cli
,cli
->inbuf
+len
,total_len
- len
)) {
263 if (cli
->oplock_handler
) {
264 int fnum
= SVAL(cli
->inbuf
,smb_vwv2
);
265 unsigned char level
= CVAL(cli
->inbuf
,smb_vwv3
+1);
266 if (!cli
->oplock_handler(cli
, fnum
, level
)) return false;
268 /* try to prevent loops */
269 SCVAL(cli
->inbuf
,smb_com
,0xFF);
274 /* If it's not the above size it probably was an error packet. */
276 if ((len
== (smb_size
- 4) + 24) && !cli_is_error(cli
)) {
277 /* Check it's a non-chained readX reply. */
278 if (!(CVAL(cli
->inbuf
, smb_flg
) & FLAG_REPLY
) ||
279 (CVAL(cli
->inbuf
,smb_vwv0
) != 0xFF) ||
280 (CVAL(cli
->inbuf
,smb_com
) != SMBreadX
)) {
282 * We're not coping here with asnyc replies to
283 * other calls. Punt here - we need async client
290 * We know it's a readX reply - ensure we've read the
291 * padding bytes also.
294 offset
= SVAL(cli
->inbuf
,smb_vwv6
);
297 size_t padbytes
= offset
- len
;
298 ret
= cli_receive_smb_data(cli
,smb_buf(cli
->inbuf
),padbytes
);
299 if (ret
!= padbytes
) {
309 cli
->smb_rw_error
= SMB_READ_ERROR
;
315 static ssize_t
write_socket(int fd
, const char *buf
, size_t len
)
319 DEBUG(6,("write_socket(%d,%d)\n",fd
,(int)len
));
320 ret
= write_data(fd
,buf
,len
);
322 DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd
,(int)len
,(int)ret
));
324 DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n",
325 (int)len
, fd
, strerror(errno
) ));
330 /****************************************************************************
332 ****************************************************************************/
334 bool cli_send_smb(struct cli_state
*cli
)
339 char *buf_out
= cli
->outbuf
;
340 bool enc_on
= cli_encryption_on(cli
);
342 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
346 cli_calculate_sign_mac(cli
);
349 NTSTATUS status
= cli_encrypt_message(cli
, &buf_out
);
350 if (!NT_STATUS_IS_OK(status
)) {
353 cli
->smb_rw_error
= SMB_WRITE_ERROR
;
354 DEBUG(0,("Error in encrypting client message. Error %s\n",
355 nt_errstr(status
) ));
360 len
= smb_len(buf_out
) + 4;
362 while (nwritten
< len
) {
363 ret
= write_socket(cli
->fd
,buf_out
+nwritten
,len
- nwritten
);
366 cli_free_enc_buffer(cli
, buf_out
);
370 cli
->smb_rw_error
= SMB_WRITE_ERROR
;
371 DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",
372 (int)len
,(int)ret
, strerror(errno
) ));
379 cli_free_enc_buffer(cli
, buf_out
);
382 /* Increment the mid so we can tell between responses. */
389 /****************************************************************************
390 Send a "direct" writeX smb to a fd.
391 ****************************************************************************/
393 bool cli_send_smb_direct_writeX(struct cli_state
*cli
,
397 /* First length to send is the offset to the data. */
398 size_t len
= SVAL(cli
->outbuf
,smb_vwv11
) + 4;
402 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
407 if (client_is_signing_on(cli
)) {
408 DEBUG(0,("cli_send_smb_large: cannot send signed packet.\n"));
412 while (nwritten
< len
) {
413 ret
= write_socket(cli
->fd
,cli
->outbuf
+nwritten
,len
- nwritten
);
417 cli
->smb_rw_error
= SMB_WRITE_ERROR
;
418 DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",
419 (int)len
,(int)ret
, strerror(errno
) ));
425 /* Now write the extra data. */
427 while (nwritten
< extradata
) {
428 ret
= write_socket(cli
->fd
,p
+nwritten
,extradata
- nwritten
);
432 cli
->smb_rw_error
= SMB_WRITE_ERROR
;
433 DEBUG(0,("Error writing %d extradata "
434 "bytes to client. %d (%s)\n",
435 (int)extradata
,(int)ret
, strerror(errno
) ));
441 /* Increment the mid so we can tell between responses. */
448 /****************************************************************************
449 Setup basics in a outgoing packet.
450 ****************************************************************************/
452 void cli_setup_packet(struct cli_state
*cli
)
455 SSVAL(cli
->outbuf
,smb_pid
,cli
->pid
);
456 SSVAL(cli
->outbuf
,smb_uid
,cli
->vuid
);
457 SSVAL(cli
->outbuf
,smb_mid
,cli
->mid
);
458 if (cli
->protocol
> PROTOCOL_CORE
) {
460 if (cli
->case_sensitive
) {
461 SCVAL(cli
->outbuf
,smb_flg
,0x0);
463 /* Default setting, case insensitive. */
464 SCVAL(cli
->outbuf
,smb_flg
,0x8);
466 flags2
= FLAGS2_LONG_PATH_COMPONENTS
;
467 if (cli
->capabilities
& CAP_UNICODE
)
468 flags2
|= FLAGS2_UNICODE_STRINGS
;
469 if ((cli
->capabilities
& CAP_DFS
) && cli
->dfsroot
)
470 flags2
|= FLAGS2_DFS_PATHNAMES
;
471 if (cli
->capabilities
& CAP_STATUS32
)
472 flags2
|= FLAGS2_32_BIT_ERROR_CODES
;
474 flags2
|= FLAGS2_EXTENDED_SECURITY
;
475 SSVAL(cli
->outbuf
,smb_flg2
, flags2
);
479 /****************************************************************************
480 Setup the bcc length of the packet from a pointer to the end of the data.
481 ****************************************************************************/
483 void cli_setup_bcc(struct cli_state
*cli
, void *p
)
485 set_message_bcc(cli
->outbuf
, PTR_DIFF(p
, smb_buf(cli
->outbuf
)));
488 /****************************************************************************
489 Initialise credentials of a client structure.
490 ****************************************************************************/
492 void cli_init_creds(struct cli_state
*cli
, const char *username
, const char *domain
, const char *password
)
494 fstrcpy(cli
->domain
, domain
);
495 fstrcpy(cli
->user_name
, username
);
496 pwd_set_cleartext(&cli
->pwd
, password
);
498 cli
->pwd
.null_pwd
= true;
501 DEBUG(10,("cli_init_creds: user %s domain %s\n", cli
->user_name
, cli
->domain
));
504 /****************************************************************************
505 Set the signing state (used from the command line).
506 ****************************************************************************/
508 void cli_setup_signing_state(struct cli_state
*cli
, int signing_state
)
510 if (signing_state
== Undefined
)
513 if (signing_state
== false) {
514 cli
->sign_info
.allow_smb_signing
= false;
515 cli
->sign_info
.mandatory_signing
= false;
519 cli
->sign_info
.allow_smb_signing
= true;
521 if (signing_state
== Required
)
522 cli
->sign_info
.mandatory_signing
= true;
525 /****************************************************************************
526 Initialise a client structure. Always returns a malloc'ed struct.
527 ****************************************************************************/
529 struct cli_state
*cli_initialise(void)
531 struct cli_state
*cli
= NULL
;
533 /* Check the effective uid - make sure we are not setuid */
534 if (is_setuid_root()) {
535 DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
539 cli
= SMB_MALLOC_P(struct cli_state
);
549 cli
->pid
= (uint16
)sys_getpid();
551 cli
->vuid
= UID_FIELD_INVALID
;
552 cli
->protocol
= PROTOCOL_NT1
;
553 cli
->timeout
= 20000; /* Timeout is in milliseconds. */
554 cli
->bufsize
= CLI_BUFFER_SIZE
+4;
555 cli
->max_xmit
= cli
->bufsize
;
556 cli
->outbuf
= (char *)SMB_MALLOC(cli
->bufsize
+SAFETY_MARGIN
);
557 cli
->inbuf
= (char *)SMB_MALLOC(cli
->bufsize
+SAFETY_MARGIN
);
558 cli
->oplock_handler
= cli_oplock_ack
;
559 cli
->case_sensitive
= false;
560 cli
->smb_rw_error
= SMB_READ_OK
;
562 cli
->use_spnego
= lp_client_use_spnego();
564 cli
->capabilities
= CAP_UNICODE
| CAP_STATUS32
| CAP_DFS
;
566 /* Set the CLI_FORCE_DOSERR environment variable to test
567 client routines using DOS errors instead of STATUS32
568 ones. This intended only as a temporary hack. */
569 if (getenv("CLI_FORCE_DOSERR"))
570 cli
->force_dos_errors
= true;
572 if (lp_client_signing())
573 cli
->sign_info
.allow_smb_signing
= true;
575 if (lp_client_signing() == Required
)
576 cli
->sign_info
.mandatory_signing
= true;
578 if (!cli
->outbuf
|| !cli
->inbuf
)
581 memset(cli
->outbuf
, 0, cli
->bufsize
);
582 memset(cli
->inbuf
, 0, cli
->bufsize
);
585 #if defined(DEVELOPER)
586 /* just because we over-allocate, doesn't mean it's right to use it */
587 clobber_region(FUNCTION_MACRO
, __LINE__
, cli
->outbuf
+cli
->bufsize
, SAFETY_MARGIN
);
588 clobber_region(FUNCTION_MACRO
, __LINE__
, cli
->inbuf
+cli
->bufsize
, SAFETY_MARGIN
);
591 /* initialise signing */
592 cli_null_set_signing(cli
);
594 cli
->initialised
= 1;
598 /* Clean up after malloc() error */
602 SAFE_FREE(cli
->inbuf
);
603 SAFE_FREE(cli
->outbuf
);
608 /****************************************************************************
610 Close an open named pipe over SMB. Free any authentication data.
611 Returns false if the cli_close call failed.
612 ****************************************************************************/
614 bool cli_rpc_pipe_close(struct rpc_pipe_client
*cli
)
622 ret
= cli_close(cli
->cli
, cli
->fnum
);
625 DEBUG(1,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
627 "to machine %s. Error was %s\n",
631 cli_errstr(cli
->cli
)));
634 if (cli
->auth
.cli_auth_data_free_func
) {
635 (*cli
->auth
.cli_auth_data_free_func
)(&cli
->auth
);
638 DEBUG(10,("cli_rpc_pipe_close: closed pipe %s to machine %s\n",
639 cli
->pipe_name
, cli
->cli
->desthost
));
641 DLIST_REMOVE(cli
->cli
->pipe_list
, cli
);
642 talloc_destroy(cli
->mem_ctx
);
646 /****************************************************************************
647 Close all pipes open on this session.
648 ****************************************************************************/
650 void cli_nt_pipes_close(struct cli_state
*cli
)
652 struct rpc_pipe_client
*cp
, *next
;
654 for (cp
= cli
->pipe_list
; cp
; cp
= next
) {
656 cli_rpc_pipe_close(cp
);
660 /****************************************************************************
661 Shutdown a client structure.
662 ****************************************************************************/
664 void cli_shutdown(struct cli_state
*cli
)
666 cli_nt_pipes_close(cli
);
669 * tell our peer to free his resources. Wihtout this, when an
670 * application attempts to do a graceful shutdown and calls
671 * smbc_free_context() to clean up all connections, some connections
672 * can remain active on the peer end, until some (long) timeout period
673 * later. This tree disconnect forces the peer to clean up, since the
674 * connection will be going away.
676 * Also, do not do tree disconnect when cli->smb_rw_error is SMB_DO_NOT_DO_TDIS
677 * the only user for this so far is smbmount which passes opened connection
678 * down to kernel's smbfs module.
680 if ( (cli
->cnum
!= (uint16
)-1) && (cli
->smb_rw_error
!= SMB_DO_NOT_DO_TDIS
) ) {
684 SAFE_FREE(cli
->outbuf
);
685 SAFE_FREE(cli
->inbuf
);
687 cli_free_signing_context(cli
);
688 data_blob_free(&cli
->secblob
);
689 data_blob_free(&cli
->user_session_key
);
695 cli
->smb_rw_error
= SMB_READ_OK
;
700 /****************************************************************************
701 Set socket options on a open connection.
702 ****************************************************************************/
704 void cli_sockopt(struct cli_state
*cli
, const char *options
)
706 set_socket_options(cli
->fd
, options
);
709 /****************************************************************************
710 Set the PID to use for smb messages. Return the old pid.
711 ****************************************************************************/
713 uint16
cli_setpid(struct cli_state
*cli
, uint16 pid
)
715 uint16 ret
= cli
->pid
;
720 /****************************************************************************
721 Set the case sensitivity flag on the packets. Returns old state.
722 ****************************************************************************/
724 bool cli_set_case_sensitive(struct cli_state
*cli
, bool case_sensitive
)
726 bool ret
= cli
->case_sensitive
;
727 cli
->case_sensitive
= case_sensitive
;
731 /****************************************************************************
732 Send a keepalive packet to the server
733 ****************************************************************************/
735 bool cli_send_keepalive(struct cli_state
*cli
)
738 DEBUG(3, ("cli_send_keepalive: fd == -1\n"));
741 if (!send_keepalive(cli
->fd
)) {
744 DEBUG(0,("Error sending keepalive packet to client.\n"));
750 /****************************************************************************
751 Send/receive a SMBecho command: ping the server
752 ****************************************************************************/
754 bool cli_echo(struct cli_state
*cli
, uint16 num_echos
,
755 unsigned char *data
, size_t length
)
760 SMB_ASSERT(length
< 1024);
762 memset(cli
->outbuf
,'\0',smb_size
);
763 cli_set_message(cli
->outbuf
,1,length
,true);
764 SCVAL(cli
->outbuf
,smb_com
,SMBecho
);
765 SSVAL(cli
->outbuf
,smb_tid
,65535);
766 SSVAL(cli
->outbuf
,smb_vwv0
,num_echos
);
767 cli_setup_packet(cli
);
768 p
= smb_buf(cli
->outbuf
);
769 memcpy(p
, data
, length
);
772 cli_setup_bcc(cli
, p
);
776 for (i
=0; i
<num_echos
; i
++) {
777 if (!cli_receive_smb(cli
)) {
781 if (cli_is_error(cli
)) {