search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
source3/libsmb/errormap_wbc.h: fix licence/copyright
[Samba.git] / source3 / libsmb / async_smb.c
blob8c5627d04cd3c887c4593c772383dcf074adda73
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
28
29 /*
30 * Read an smb packet asynchronously, discard keepalives
31 */
32
33 struct read_smb_state {
34 struct tevent_context *ev;
35 int fd;
36 uint8_t *buf;
37 };
38
39 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data);
40 static void read_smb_done(struct tevent_req *subreq);
41
42 static struct tevent_req *read_smb_send(TALLOC_CTX *mem_ctx,
43 struct tevent_context *ev,
44 int fd)
45 {
46 struct tevent_req *result, *subreq;
47 struct read_smb_state *state;
48
49 result = tevent_req_create(mem_ctx, &state, struct read_smb_state);
50 if (result == NULL) {
51 return NULL;
52 }
53 state->ev = ev;
54 state->fd = fd;
55
56 subreq = read_packet_send(state, ev, fd, 4, read_smb_more, NULL);
57 if (subreq == NULL) {
58 goto fail;
59 }
60 tevent_req_set_callback(subreq, read_smb_done, result);
61 return result;
62 fail:
63 TALLOC_FREE(result);
64 return NULL;
65 }
66
67 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data)
68 {
69 if (buflen > 4) {
70 return 0; /* We've been here, we're done */
71 }
72 return smb_len_large(buf);
73 }
74
75 static void read_smb_done(struct tevent_req *subreq)
76 {
77 struct tevent_req *req = tevent_req_callback_data(
78 subreq, struct tevent_req);
79 struct read_smb_state *state = tevent_req_data(
80 req, struct read_smb_state);
81 ssize_t len;
82 int err;
83
84 len = read_packet_recv(subreq, state, &state->buf, &err);
85 TALLOC_FREE(subreq);
86 if (len == -1) {
87 tevent_req_error(req, err);
88 return;
89 }
90
91 if (CVAL(state->buf, 0) == SMBkeepalive) {
92 subreq = read_packet_send(state, state->ev, state->fd, 4,
93 read_smb_more, NULL);
94 if (tevent_req_nomem(subreq, req)) {
95 return;
96 }
97 tevent_req_set_callback(subreq, read_smb_done, req);
98 return;
99 }
100 tevent_req_done(req);
101 }
102
103 static ssize_t read_smb_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
104 uint8_t **pbuf, int *perrno)
105 {
106 struct read_smb_state *state = tevent_req_data(
107 req, struct read_smb_state);
108
109 if (tevent_req_is_unix_error(req, perrno)) {
110 return -1;
111 }
112 *pbuf = talloc_move(mem_ctx, &state->buf);
113 return talloc_get_size(*pbuf);
114 }
115
116 /**
117 * Fetch an error out of a NBT packet
118 * @param[in] buf The SMB packet
119 * @retval The error, converted to NTSTATUS
120 */
121
122 NTSTATUS cli_pull_error(char *buf)
123 {
124 uint32_t flags2 = SVAL(buf, smb_flg2);
125
126 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
127 return NT_STATUS(IVAL(buf, smb_rcls));
128 }
129
130 return dos_to_ntstatus(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
131 }
132
133 /**
134 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
135 * @param[in] cli The client connection that just received an error
136 * @param[in] status The error to set on "cli"
137 */
138
139 void cli_set_error(struct cli_state *cli, NTSTATUS status)
140 {
141 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
142
143 if (NT_STATUS_IS_DOS(status)) {
144 SSVAL(cli->inbuf, smb_flg2,
145 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
146 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
147 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
148 return;
149 }
150
151 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
152 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
153 return;
154 }
155
156 /**
157 * Figure out if there is an andx command behind the current one
158 * @param[in] buf The smb buffer to look at
159 * @param[in] ofs The offset to the wct field that is followed by the cmd
160 * @retval Is there a command following?
161 */
162
163 static bool have_andx_command(const char *buf, uint16_t ofs)
164 {
165 uint8_t wct;
166 size_t buflen = talloc_get_size(buf);
167
168 if ((ofs == buflen-1) || (ofs == buflen)) {
169 return false;
170 }
171
172 wct = CVAL(buf, ofs);
173 if (wct < 2) {
174 /*
175 * Not enough space for the command and a following pointer
176 */
177 return false;
178 }
179 return (CVAL(buf, ofs+1) != 0xff);
180 }
181
182 #define MAX_SMB_IOV 5
183
184 struct cli_smb_state {
185 struct tevent_context *ev;
186 struct cli_state *cli;
187 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
188
189 /*
190 * For normal requests, cli_smb_req_send chooses a mid. Secondary
191 * trans requests need to use the mid of the primary request, so we
192 * need a place to store it. Assume it's set if != 0.
193 */
194 uint16_t mid;
195
196 uint16_t *vwv;
197 uint8_t bytecount_buf[2];
198
199 struct iovec iov[MAX_SMB_IOV+3];
200 int iov_count;
201
202 uint8_t *inbuf;
203 uint32_t seqnum;
204 int chain_num;
205 int chain_length;
206 struct tevent_req **chained_requests;
207 };
208
209 static uint16_t cli_alloc_mid(struct cli_state *cli)
210 {
211 int num_pending = talloc_array_length(cli->pending);
212 uint16_t result;
213
214 while (true) {
215 int i;
216
217 result = cli->mid++;
218 if ((result == 0) || (result == 0xffff)) {
219 continue;
220 }
221
222 for (i=0; i<num_pending; i++) {
223 if (result == cli_smb_req_mid(cli->pending[i])) {
224 break;
225 }
226 }
227
228 if (i == num_pending) {
229 return result;
230 }
231 }
232 }
233
234 void cli_smb_req_unset_pending(struct tevent_req *req)
235 {
236 struct cli_smb_state *state = tevent_req_data(
237 req, struct cli_smb_state);
238 struct cli_state *cli = state->cli;
239 int num_pending = talloc_array_length(cli->pending);
240 int i;
241
242 if (num_pending == 1) {
243 /*
244 * The pending read_smb tevent_req is a child of
245 * cli->pending. So if nothing is pending anymore, we need to
246 * delete the socket read fde.
247 */
248 TALLOC_FREE(cli->pending);
249 return;
250 }
251
252 for (i=0; i<num_pending; i++) {
253 if (req == cli->pending[i]) {
254 break;
255 }
256 }
257 if (i == num_pending) {
258 /*
259 * Something's seriously broken. Just returning here is the
260 * right thing nevertheless, the point of this routine is to
261 * remove ourselves from cli->pending.
262 */
263 return;
264 }
265
266 /*
267 * Remove ourselves from the cli->pending array
268 */
269 if (num_pending > 1) {
270 cli->pending[i] = cli->pending[num_pending-1];
271 }
272
273 /*
274 * No NULL check here, we're shrinking by sizeof(void *), and
275 * talloc_realloc just adjusts the size for this.
276 */
277 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
278 num_pending - 1);
279 return;
280 }
281
282 static int cli_smb_req_destructor(struct tevent_req *req)
283 {
284 cli_smb_req_unset_pending(req);
285 return 0;
286 }
287
288 static void cli_smb_received(struct tevent_req *subreq);
289
290 bool cli_smb_req_set_pending(struct tevent_req *req)
291 {
292 struct cli_smb_state *state = tevent_req_data(
293 req, struct cli_smb_state);
294 struct cli_state *cli;
295 struct tevent_req **pending;
296 int num_pending;
297 struct tevent_req *subreq;
298
299 cli = state->cli;
300 num_pending = talloc_array_length(cli->pending);
301
302 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
303 num_pending+1);
304 if (pending == NULL) {
305 return false;
306 }
307 pending[num_pending] = req;
308 cli->pending = pending;
309 talloc_set_destructor(req, cli_smb_req_destructor);
310
311 if (num_pending > 0) {
312 return true;
313 }
314
315 /*
316 * We're the first ones, add the read_smb request that waits for the
317 * answer from the server
318 */
319 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
320 if (subreq == NULL) {
321 cli_smb_req_unset_pending(req);
322 return false;
323 }
324 tevent_req_set_callback(subreq, cli_smb_received, cli);
325 return true;
326 }
327
328 /*
329 * Fetch a smb request's mid. Only valid after the request has been sent by
330 * cli_smb_req_send().
331 */
332 uint16_t cli_smb_req_mid(struct tevent_req *req)
333 {
334 struct cli_smb_state *state = tevent_req_data(
335 req, struct cli_smb_state);
336 return SVAL(state->header, smb_mid);
337 }
338
339 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
340 {
341 struct cli_smb_state *state = tevent_req_data(
342 req, struct cli_smb_state);
343 state->mid = mid;
344 }
345
346 static size_t iov_len(const struct iovec *iov, int count)
347 {
348 size_t result = 0;
349 int i;
350 for (i=0; i<count; i++) {
351 result += iov[i].iov_len;
352 }
353 return result;
354 }
355
356 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
357 int count)
358 {
359 size_t len = iov_len(iov, count);
360 size_t copied;
361 uint8_t *buf;
362 int i;
363
364 buf = talloc_array(mem_ctx, uint8_t, len);
365 if (buf == NULL) {
366 return NULL;
367 }
368 copied = 0;
369 for (i=0; i<count; i++) {
370 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
371 copied += iov[i].iov_len;
372 }
373 return buf;
374 }
375
376 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
377 struct event_context *ev,
378 struct cli_state *cli,
379 uint8_t smb_command,
380 uint8_t additional_flags,
381 uint8_t wct, uint16_t *vwv,
382 int iov_count,
383 struct iovec *bytes_iov)
384 {
385 struct tevent_req *result;
386 struct cli_smb_state *state;
387 struct timeval endtime;
388
389 if (iov_count > MAX_SMB_IOV) {
390 /*
391 * Should not happen :-)
392 */
393 return NULL;
394 }
395
396 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
397 if (result == NULL) {
398 return NULL;
399 }
400 state->ev = ev;
401 state->cli = cli;
402 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
403 state->chain_num = 0;
404 state->chained_requests = NULL;
405
406 cli_setup_packet_buf(cli, (char *)state->header);
407 SCVAL(state->header, smb_com, smb_command);
408 SSVAL(state->header, smb_tid, cli->cnum);
409 SCVAL(state->header, smb_wct, wct);
410
411 state->vwv = vwv;
412
413 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
414
415 state->iov[0].iov_base = (void *)state->header;
416 state->iov[0].iov_len = sizeof(state->header);
417 state->iov[1].iov_base = (void *)state->vwv;
418 state->iov[1].iov_len = wct * sizeof(uint16_t);
419 state->iov[2].iov_base = (void *)state->bytecount_buf;
420 state->iov[2].iov_len = sizeof(uint16_t);
421
422 if (iov_count != 0) {
423 memcpy(&state->iov[3], bytes_iov,
424 iov_count * sizeof(*bytes_iov));
425 }
426 state->iov_count = iov_count + 3;
427
428 if (cli->timeout) {
429 endtime = timeval_current_ofs(cli->timeout / 1000,
430 (cli->timeout % 1000) * 1000);
431 if (!tevent_req_set_endtime(result, ev, endtime)) {
432 tevent_req_nomem(NULL, result);
433 }
434 }
435 return result;
436 }
437
438 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
439 uint32_t *seqnum)
440 {
441 uint8_t *buf;
442
443 /*
444 * Obvious optimization: Make cli_calculate_sign_mac work with struct
445 * iovec directly. MD5Update would do that just fine.
446 */
447
448 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
449 return NT_STATUS_INVALID_PARAMETER;
450 }
451
452 buf = iov_concat(talloc_tos(), iov, count);
453 if (buf == NULL) {
454 return NT_STATUS_NO_MEMORY;
455 }
456
457 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
458 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
459
460 TALLOC_FREE(buf);
461 return NT_STATUS_OK;
462 }
463
464 static void cli_smb_sent(struct tevent_req *subreq);
465
466 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
467 struct cli_smb_state *state,
468 struct iovec *iov, int iov_count)
469 {
470 struct tevent_req *subreq;
471 NTSTATUS status;
472
473 if (state->cli->fd == -1) {
474 return NT_STATUS_CONNECTION_INVALID;
475 }
476
477 if (iov[0].iov_len < smb_wct) {
478 return NT_STATUS_INVALID_PARAMETER;
479 }
480
481 if (state->mid != 0) {
482 SSVAL(iov[0].iov_base, smb_mid, state->mid);
483 } else {
484 uint16_t mid = cli_alloc_mid(state->cli);
485 SSVAL(iov[0].iov_base, smb_mid, mid);
486 }
487
488 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
489
490 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
491
492 if (!NT_STATUS_IS_OK(status)) {
493 return status;
494 }
495
496 if (cli_encryption_on(state->cli)) {
497 char *buf, *enc_buf;
498
499 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
500 if (buf == NULL) {
501 return NT_STATUS_NO_MEMORY;
502 }
503 status = cli_encrypt_message(state->cli, (char *)buf,
504 &enc_buf);
505 TALLOC_FREE(buf);
506 if (!NT_STATUS_IS_OK(status)) {
507 DEBUG(0, ("Error in encrypting client message: %s\n",
508 nt_errstr(status)));
509 return status;
510 }
511 buf = (char *)talloc_memdup(state, enc_buf,
512 smb_len(enc_buf)+4);
513 SAFE_FREE(enc_buf);
514 if (buf == NULL) {
515 return NT_STATUS_NO_MEMORY;
516 }
517 iov[0].iov_base = (void *)buf;
518 iov[0].iov_len = talloc_get_size(buf);
519 iov_count = 1;
520 }
521 subreq = writev_send(state, state->ev, state->cli->outgoing,
522 state->cli->fd, false, iov, iov_count);
523 if (subreq == NULL) {
524 return NT_STATUS_NO_MEMORY;
525 }
526 tevent_req_set_callback(subreq, cli_smb_sent, req);
527 return NT_STATUS_OK;
528 }
529
530 NTSTATUS cli_smb_req_send(struct tevent_req *req)
531 {
532 struct cli_smb_state *state = tevent_req_data(
533 req, struct cli_smb_state);
534
535 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
536 }
537
538 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
539 struct event_context *ev,
540 struct cli_state *cli,
541 uint8_t smb_command,
542 uint8_t additional_flags,
543 uint8_t wct, uint16_t *vwv,
544 uint32_t num_bytes,
545 const uint8_t *bytes)
546 {
547 struct tevent_req *req;
548 struct iovec iov;
549 NTSTATUS status;
550
551 iov.iov_base = CONST_DISCARD(void *, bytes);
552 iov.iov_len = num_bytes;
553
554 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
555 additional_flags, wct, vwv, 1, &iov);
556 if (req == NULL) {
557 return NULL;
558 }
559
560 status = cli_smb_req_send(req);
561 if (!NT_STATUS_IS_OK(status)) {
562 tevent_req_nterror(req, status);
563 return tevent_req_post(req, ev);
564 }
565 return req;
566 }
567
568 static void cli_smb_sent(struct tevent_req *subreq)
569 {
570 struct tevent_req *req = tevent_req_callback_data(
571 subreq, struct tevent_req);
572 struct cli_smb_state *state = tevent_req_data(
573 req, struct cli_smb_state);
574 ssize_t nwritten;
575 int err;
576
577 nwritten = writev_recv(subreq, &err);
578 TALLOC_FREE(subreq);
579 if (nwritten == -1) {
580 if (state->cli->fd != -1) {
581 close(state->cli->fd);
582 state->cli->fd = -1;
583 }
584 tevent_req_nterror(req, map_nt_error_from_unix(err));
585 return;
586 }
587
588 switch (CVAL(state->header, smb_com)) {
589 case SMBtranss:
590 case SMBtranss2:
591 case SMBnttranss:
592 case SMBntcancel:
593 state->inbuf = NULL;
594 tevent_req_done(req);
595 return;
596 case SMBlockingX:
597 if ((CVAL(state->header, smb_wct) == 8) &&
598 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
599 state->inbuf = NULL;
600 tevent_req_done(req);
601 return;
602 }
603 }
604
605 if (!cli_smb_req_set_pending(req)) {
606 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
607 return;
608 }
609 }
610
611 static void cli_smb_received(struct tevent_req *subreq)
612 {
613 struct cli_state *cli = tevent_req_callback_data(
614 subreq, struct cli_state);
615 struct tevent_req *req;
616 struct cli_smb_state *state;
617 NTSTATUS status;
618 uint8_t *inbuf;
619 ssize_t received;
620 int num_pending;
621 int i, err;
622 uint16_t mid;
623 bool oplock_break;
624
625 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
626 TALLOC_FREE(subreq);
627 if (received == -1) {
628 if (cli->fd != -1) {
629 close(cli->fd);
630 cli->fd = -1;
631 }
632 status = map_nt_error_from_unix(err);
633 goto fail;
634 }
635
636 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
637 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
638 DEBUG(10, ("Got non-SMB PDU\n"));
639 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
640 goto fail;
641 }
642
643 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
644 uint16_t enc_ctx_num;
645
646 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
647 if (!NT_STATUS_IS_OK(status)) {
648 DEBUG(10, ("get_enc_ctx_num returned %s\n",
649 nt_errstr(status)));
650 goto fail;
651 }
652
653 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
654 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
655 enc_ctx_num,
656 cli->trans_enc_state->enc_ctx_num));
657 status = NT_STATUS_INVALID_HANDLE;
658 goto fail;
659 }
660
661 status = common_decrypt_buffer(cli->trans_enc_state,
662 (char *)inbuf);
663 if (!NT_STATUS_IS_OK(status)) {
664 DEBUG(10, ("common_decrypt_buffer returned %s\n",
665 nt_errstr(status)));
666 goto fail;
667 }
668 }
669
670 mid = SVAL(inbuf, smb_mid);
671 num_pending = talloc_array_length(cli->pending);
672
673 for (i=0; i<num_pending; i++) {
674 if (mid == cli_smb_req_mid(cli->pending[i])) {
675 break;
676 }
677 }
678 if (i == num_pending) {
679 /* Dump unexpected reply */
680 TALLOC_FREE(inbuf);
681 goto done;
682 }
683
684 oplock_break = false;
685
686 if (mid == 0xffff) {
687 /*
688 * Paranoia checks that this is really an oplock break request.
689 */
690 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
691 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
692 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
693 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
694 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
695
696 if (!oplock_break) {
697 /* Dump unexpected reply */
698 TALLOC_FREE(inbuf);
699 goto done;
700 }
701 }
702
703 req = cli->pending[i];
704 state = tevent_req_data(req, struct cli_smb_state);
705
706 if (!oplock_break /* oplock breaks are not signed */
707 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
708 DEBUG(10, ("cli_check_sign_mac failed\n"));
709 TALLOC_FREE(inbuf);
710 status = NT_STATUS_ACCESS_DENIED;
711 close(cli->fd);
712 cli->fd = -1;
713 goto fail;
714 }
715
716 if (state->chained_requests == NULL) {
717 state->inbuf = talloc_move(state, &inbuf);
718 talloc_set_destructor(req, NULL);
719 cli_smb_req_destructor(req);
720 state->chain_num = 0;
721 state->chain_length = 1;
722 tevent_req_done(req);
723 } else {
724 struct tevent_req **chain = talloc_move(
725 talloc_tos(), &state->chained_requests);
726 int num_chained = talloc_array_length(chain);
727
728 for (i=0; i<num_chained; i++) {
729 state = tevent_req_data(chain[i], struct
730 cli_smb_state);
731 state->inbuf = inbuf;
732 state->chain_num = i;
733 state->chain_length = num_chained;
734 tevent_req_done(chain[i]);
735 }
736 TALLOC_FREE(inbuf);
737 TALLOC_FREE(chain);
738 }
739 done:
740 if (talloc_array_length(cli->pending) > 0) {
741 /*
742 * Set up another read request for the other pending cli_smb
743 * requests
744 */
745 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
746 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
747 if (subreq == NULL) {
748 status = NT_STATUS_NO_MEMORY;
749 goto fail;
750 }
751 tevent_req_set_callback(subreq, cli_smb_received, cli);
752 }
753 return;
754 fail:
755 /*
756 * Cancel all pending requests. We don't do a for-loop walking
757 * cli->pending because that array changes in
758 * cli_smb_req_destructor().
759 */
760 while (talloc_array_length(cli->pending) > 0) {
761 req = cli->pending[0];
762 talloc_set_destructor(req, NULL);
763 cli_smb_req_destructor(req);
764 tevent_req_nterror(req, status);
765 }
766 }
767
768 NTSTATUS cli_smb_recv(struct tevent_req *req,
769 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
770 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
771 uint32_t *pnum_bytes, uint8_t **pbytes)
772 {
773 struct cli_smb_state *state = tevent_req_data(
774 req, struct cli_smb_state);
775 NTSTATUS status = NT_STATUS_OK;
776 uint8_t cmd, wct;
777 uint16_t num_bytes;
778 size_t wct_ofs, bytes_offset;
779 int i;
780
781 if (tevent_req_is_nterror(req, &status)) {
782 return status;
783 }
784
785 if (state->inbuf == NULL) {
786 /* This was a request without a reply */
787 return NT_STATUS_OK;
788 }
789
790 wct_ofs = smb_wct;
791 cmd = CVAL(state->inbuf, smb_com);
792
793 for (i=0; i<state->chain_num; i++) {
794 if (i < state->chain_num-1) {
795 if (cmd == 0xff) {
796 return NT_STATUS_REQUEST_ABORTED;
797 }
798 if (!is_andx_req(cmd)) {
799 return NT_STATUS_INVALID_NETWORK_RESPONSE;
800 }
801 }
802
803 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
804 /*
805 * This request was not completed because a previous
806 * request in the chain had received an error.
807 */
808 return NT_STATUS_REQUEST_ABORTED;
809 }
810
811 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
812
813 /*
814 * Skip the all-present length field. No overflow, we've just
815 * put a 16-bit value into a size_t.
816 */
817 wct_ofs += 4;
818
819 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
820 return NT_STATUS_INVALID_NETWORK_RESPONSE;
821 }
822
823 cmd = CVAL(state->inbuf, wct_ofs + 1);
824 }
825
826 status = cli_pull_error((char *)state->inbuf);
827
828 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
829
830 if ((cmd == SMBsesssetupX)
831 && NT_STATUS_EQUAL(
832 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
833 /*
834 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
835 * valid return code for session setup
836 */
837 goto no_err;
838 }
839
840 if (NT_STATUS_IS_ERR(status)) {
841 /*
842 * The last command takes the error code. All
843 * further commands down the requested chain
844 * will get a NT_STATUS_REQUEST_ABORTED.
845 */
846 return status;
847 }
848 }
849
850 no_err:
851
852 wct = CVAL(state->inbuf, wct_ofs);
853 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
854 num_bytes = SVAL(state->inbuf, bytes_offset);
855
856 if (wct < min_wct) {
857 return NT_STATUS_INVALID_NETWORK_RESPONSE;
858 }
859
860 /*
861 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
862 * is a 16-bit value. So bytes_offset being size_t should be far from
863 * wrapping.
864 */
865 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
866 || (bytes_offset > 0xffff)) {
867 return NT_STATUS_INVALID_NETWORK_RESPONSE;
868 }
869
870 if (pwct != NULL) {
871 *pwct = wct;
872 }
873 if (pvwv != NULL) {
874 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
875 }
876 if (pnum_bytes != NULL) {
877 *pnum_bytes = num_bytes;
878 }
879 if (pbytes != NULL) {
880 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
881 }
882 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
883 if (state->chain_num == state->chain_length-1) {
884 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
885 } else {
886 *pinbuf = state->inbuf;
887 }
888 }
889
890 return status;
891 }
892
893 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
894 {
895 size_t wct_ofs;
896 int i;
897
898 wct_ofs = smb_wct - 4;
899
900 for (i=0; i<num_reqs; i++) {
901 struct cli_smb_state *state;
902 state = tevent_req_data(reqs[i], struct cli_smb_state);
903 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
904 wct_ofs = (wct_ofs + 3) & ~3;
905 }
906 return wct_ofs;
907 }
908
909 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
910 {
911 struct cli_smb_state *first_state = tevent_req_data(
912 reqs[0], struct cli_smb_state);
913 struct cli_smb_state *last_state = tevent_req_data(
914 reqs[num_reqs-1], struct cli_smb_state);
915 struct cli_smb_state *state;
916 size_t wct_offset;
917 size_t chain_padding = 0;
918 int i, iovlen;
919 struct iovec *iov = NULL;
920 struct iovec *this_iov;
921 NTSTATUS status;
922
923 iovlen = 0;
924 for (i=0; i<num_reqs; i++) {
925 state = tevent_req_data(reqs[i], struct cli_smb_state);
926 iovlen += state->iov_count;
927 }
928
929 iov = talloc_array(last_state, struct iovec, iovlen);
930 if (iov == NULL) {
931 return NT_STATUS_NO_MEMORY;
932 }
933
934 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
935 last_state, reqs, sizeof(*reqs) * num_reqs);
936 if (first_state->chained_requests == NULL) {
937 TALLOC_FREE(iov);
938 return NT_STATUS_NO_MEMORY;
939 }
940
941 wct_offset = smb_wct - 4;
942 this_iov = iov;
943
944 for (i=0; i<num_reqs; i++) {
945 size_t next_padding = 0;
946 uint16_t *vwv;
947
948 state = tevent_req_data(reqs[i], struct cli_smb_state);
949
950 if (i < num_reqs-1) {
951 if (!is_andx_req(CVAL(state->header, smb_com))
952 || CVAL(state->header, smb_wct) < 2) {
953 TALLOC_FREE(iov);
954 TALLOC_FREE(first_state->chained_requests);
955 return NT_STATUS_INVALID_PARAMETER;
956 }
957 }
958
959 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
960 if ((wct_offset % 4) != 0) {
961 next_padding = 4 - (wct_offset % 4);
962 }
963 wct_offset += next_padding;
964 vwv = state->vwv;
965
966 if (i < num_reqs-1) {
967 struct cli_smb_state *next_state = tevent_req_data(
968 reqs[i+1], struct cli_smb_state);
969 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
970 SCVAL(vwv+0, 1, 0);
971 SSVAL(vwv+1, 0, wct_offset);
972 } else if (is_andx_req(CVAL(state->header, smb_com))) {
973 /* properly end the chain */
974 SCVAL(vwv+0, 0, 0xff);
975 SCVAL(vwv+0, 1, 0xff);
976 SSVAL(vwv+1, 0, 0);
977 }
978
979 if (i == 0) {
980 this_iov[0] = state->iov[0];
981 } else {
982 /*
983 * This one is a bit subtle. We have to add
984 * chain_padding bytes between the requests, and we
985 * have to also include the wct field of the
986 * subsequent requests. We use the subsequent header
987 * for the padding, it contains the wct field in its
988 * last byte.
989 */
990 this_iov[0].iov_len = chain_padding+1;
991 this_iov[0].iov_base = (void *)&state->header[
992 sizeof(state->header) - this_iov[0].iov_len];
993 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
994 }
995 memcpy(this_iov+1, state->iov+1,
996 sizeof(struct iovec) * (state->iov_count-1));
997 this_iov += state->iov_count;
998 chain_padding = next_padding;
999 }
1000
1001 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
1002 if (!NT_STATUS_IS_OK(status)) {
1003 TALLOC_FREE(iov);
1004 TALLOC_FREE(first_state->chained_requests);
1005 return status;
1006 }
1007
1008 return NT_STATUS_OK;
1009 }
1010
1011 uint8_t *cli_smb_inbuf(struct tevent_req *req)
1012 {
1013 struct cli_smb_state *state = tevent_req_data(
1014 req, struct cli_smb_state);
1015 return state->inbuf;
1016 }
1017
1018 bool cli_has_async_calls(struct cli_state *cli)
1019 {
1020 return ((tevent_queue_length(cli->outgoing) != 0)
1021 || (talloc_array_length(cli->pending) != 0));
1022 }
1023
1024 struct cli_smb_oplock_break_waiter_state {
1025 uint16_t fnum;
1026 uint8_t level;
1027 };
1028
1029 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
1030
1031 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
1032 struct event_context *ev,
1033 struct cli_state *cli)
1034 {
1035 struct tevent_req *req, *subreq;
1036 struct cli_smb_oplock_break_waiter_state *state;
1037 struct cli_smb_state *smb_state;
1038
1039 req = tevent_req_create(mem_ctx, &state,
1040 struct cli_smb_oplock_break_waiter_state);
1041 if (req == NULL) {
1042 return NULL;
1043 }
1044
1045 /*
1046 * Create a fake SMB request that we will never send out. This is only
1047 * used to be set into the pending queue with the right mid.
1048 */
1049 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1050 if (tevent_req_nomem(subreq, req)) {
1051 return tevent_req_post(req, ev);
1052 }
1053 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1054 SSVAL(smb_state->header, smb_mid, 0xffff);
1055
1056 if (!cli_smb_req_set_pending(subreq)) {
1057 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1058 return tevent_req_post(req, ev);
1059 }
1060 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1061 return req;
1062 }
1063
1064 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1065 {
1066 struct tevent_req *req = tevent_req_callback_data(
1067 subreq, struct tevent_req);
1068 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1069 req, struct cli_smb_oplock_break_waiter_state);
1070 uint8_t wct;
1071 uint16_t *vwv;
1072 uint32_t num_bytes;
1073 uint8_t *bytes;
1074 uint8_t *inbuf;
1075 NTSTATUS status;
1076
1077 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1078 &num_bytes, &bytes);
1079 TALLOC_FREE(subreq);
1080 if (!NT_STATUS_IS_OK(status)) {
1081 tevent_req_nterror(req, status);
1082 return;
1083 }
1084 state->fnum = SVAL(vwv+2, 0);
1085 state->level = CVAL(vwv+3, 1);
1086 tevent_req_done(req);
1087 }
1088
1089 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1090 uint16_t *pfnum,
1091 uint8_t *plevel)
1092 {
1093 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1094 req, struct cli_smb_oplock_break_waiter_state);
1095 NTSTATUS status;
1096
1097 if (tevent_req_is_nterror(req, &status)) {
1098 return status;
1099 }
1100 *pfnum = state->fnum;
1101 *plevel = state->level;
1102 return NT_STATUS_OK;
1103 }
1104
1105
1106 struct cli_session_request_state {
1107 struct tevent_context *ev;
1108 int sock;
1109 uint32 len_hdr;
1110 struct iovec iov[3];
1111 uint8_t nb_session_response;
1112 };
1113
1114 static void cli_session_request_sent(struct tevent_req *subreq);
1115 static void cli_session_request_recvd(struct tevent_req *subreq);
1116
1117 struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
1118 struct tevent_context *ev,
1119 int sock,
1120 const struct nmb_name *called,
1121 const struct nmb_name *calling)
1122 {
1123 struct tevent_req *req, *subreq;
1124 struct cli_session_request_state *state;
1125
1126 req = tevent_req_create(mem_ctx, &state,
1127 struct cli_session_request_state);
1128 if (req == NULL) {
1129 return NULL;
1130 }
1131 state->ev = ev;
1132 state->sock = sock;
1133
1134 state->iov[1].iov_base = name_mangle(
1135 state, called->name, called->name_type);
1136 if (tevent_req_nomem(state->iov[1].iov_base, req)) {
1137 return tevent_req_post(req, ev);
1138 }
1139 state->iov[1].iov_len = name_len(
1140 (unsigned char *)state->iov[1].iov_base,
1141 talloc_get_size(state->iov[1].iov_base));
1142
1143 state->iov[2].iov_base = name_mangle(
1144 state, calling->name, calling->name_type);
1145 if (tevent_req_nomem(state->iov[2].iov_base, req)) {
1146 return tevent_req_post(req, ev);
1147 }
1148 state->iov[2].iov_len = name_len(
1149 (unsigned char *)state->iov[2].iov_base,
1150 talloc_get_size(state->iov[2].iov_base));
1151
1152 _smb_setlen(((char *)&state->len_hdr),
1153 state->iov[1].iov_len + state->iov[2].iov_len);
1154 SCVAL((char *)&state->len_hdr, 0, 0x81);
1155
1156 state->iov[0].iov_base = &state->len_hdr;
1157 state->iov[0].iov_len = sizeof(state->len_hdr);
1158
1159 subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
1160 if (tevent_req_nomem(subreq, req)) {
1161 return tevent_req_post(req, ev);
1162 }
1163 tevent_req_set_callback(subreq, cli_session_request_sent, req);
1164 return req;
1165 }
1166
1167 static void cli_session_request_sent(struct tevent_req *subreq)
1168 {
1169 struct tevent_req *req = tevent_req_callback_data(
1170 subreq, struct tevent_req);
1171 struct cli_session_request_state *state = tevent_req_data(
1172 req, struct cli_session_request_state);
1173 ssize_t ret;
1174 int err;
1175
1176 ret = writev_recv(subreq, &err);
1177 TALLOC_FREE(subreq);
1178 if (ret == -1) {
1179 tevent_req_error(req, err);
1180 return;
1181 }
1182 subreq = read_smb_send(state, state->ev, state->sock);
1183 if (tevent_req_nomem(subreq, req)) {
1184 return;
1185 }
1186 tevent_req_set_callback(subreq, cli_session_request_recvd, req);
1187 }
1188
1189 static void cli_session_request_recvd(struct tevent_req *subreq)
1190 {
1191 struct tevent_req *req = tevent_req_callback_data(
1192 subreq, struct tevent_req);
1193 struct cli_session_request_state *state = tevent_req_data(
1194 req, struct cli_session_request_state);
1195 uint8_t *buf;
1196 ssize_t ret;
1197 int err;
1198
1199 ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
1200 TALLOC_FREE(subreq);
1201
1202 if (ret < 4) {
1203 ret = -1;
1204 err = EIO;
1205 }
1206 if (ret == -1) {
1207 tevent_req_error(req, err);
1208 return;
1209 }
1210 /*
1211 * In case of an error there is more information in the data
1212 * portion according to RFC1002. We're not subtle enough to
1213 * respond to the different error conditions, so drop the
1214 * error info here.
1215 */
1216 state->nb_session_response = CVAL(buf, 0);
1217 tevent_req_done(req);
1218 }
1219
1220 bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
1221 {
1222 struct cli_session_request_state *state = tevent_req_data(
1223 req, struct cli_session_request_state);
1224
1225 if (tevent_req_is_unix_error(req, err)) {
1226 return false;
1227 }
1228 *resp = state->nb_session_response;
1229 return true;
1230 }
Samba GIT mirror