2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
31 * Fetch an error out of a NBT packet
32 * @param[in] buf The SMB packet
33 * @retval The error, converted to NTSTATUS
36 NTSTATUS
cli_pull_error(char *buf
)
38 uint32_t flags2
= SVAL(buf
, smb_flg2
);
40 if (flags2
& FLAGS2_32_BIT_ERROR_CODES
) {
41 return NT_STATUS(IVAL(buf
, smb_rcls
));
44 return dos_to_ntstatus(CVAL(buf
, smb_rcls
), SVAL(buf
,smb_err
));
48 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
49 * @param[in] cli The client connection that just received an error
50 * @param[in] status The error to set on "cli"
53 void cli_set_error(struct cli_state
*cli
, NTSTATUS status
)
55 uint32_t flags2
= SVAL(cli
->inbuf
, smb_flg2
);
57 if (NT_STATUS_IS_DOS(status
)) {
58 SSVAL(cli
->inbuf
, smb_flg2
,
59 flags2
& ~FLAGS2_32_BIT_ERROR_CODES
);
60 SCVAL(cli
->inbuf
, smb_rcls
, NT_STATUS_DOS_CLASS(status
));
61 SSVAL(cli
->inbuf
, smb_err
, NT_STATUS_DOS_CODE(status
));
65 SSVAL(cli
->inbuf
, smb_flg2
, flags2
| FLAGS2_32_BIT_ERROR_CODES
);
66 SIVAL(cli
->inbuf
, smb_rcls
, NT_STATUS_V(status
));
71 * Figure out if there is an andx command behind the current one
72 * @param[in] buf The smb buffer to look at
73 * @param[in] ofs The offset to the wct field that is followed by the cmd
74 * @retval Is there a command following?
77 static bool have_andx_command(const char *buf
, uint16_t ofs
)
80 size_t buflen
= talloc_get_size(buf
);
82 if ((ofs
== buflen
-1) || (ofs
== buflen
)) {
89 * Not enough space for the command and a following pointer
93 return (CVAL(buf
, ofs
+1) != 0xff);
98 struct cli_smb_state
{
99 struct tevent_context
*ev
;
100 struct cli_state
*cli
;
101 uint8_t header
[smb_wct
+1]; /* Space for the header including the wct */
104 * For normal requests, cli_smb_req_send chooses a mid. Secondary
105 * trans requests need to use the mid of the primary request, so we
106 * need a place to store it. Assume it's set if != 0.
111 uint8_t bytecount_buf
[2];
113 struct iovec iov
[MAX_SMB_IOV
+3];
120 struct tevent_req
**chained_requests
;
123 static uint16_t cli_alloc_mid(struct cli_state
*cli
)
125 int num_pending
= talloc_array_length(cli
->pending
);
132 if ((result
== 0) || (result
== 0xffff)) {
136 for (i
=0; i
<num_pending
; i
++) {
137 if (result
== cli_smb_req_mid(cli
->pending
[i
])) {
142 if (i
== num_pending
) {
148 void cli_smb_req_unset_pending(struct tevent_req
*req
)
150 struct cli_smb_state
*state
= tevent_req_data(
151 req
, struct cli_smb_state
);
152 struct cli_state
*cli
= state
->cli
;
153 int num_pending
= talloc_array_length(cli
->pending
);
156 if (state
->mid
!= 0) {
158 * This is a [nt]trans[2] request which waits
159 * for more than one reply.
164 if (num_pending
== 1) {
166 * The pending read_smb tevent_req is a child of
167 * cli->pending. So if nothing is pending anymore, we need to
168 * delete the socket read fde.
170 TALLOC_FREE(cli
->pending
);
174 for (i
=0; i
<num_pending
; i
++) {
175 if (req
== cli
->pending
[i
]) {
179 if (i
== num_pending
) {
181 * Something's seriously broken. Just returning here is the
182 * right thing nevertheless, the point of this routine is to
183 * remove ourselves from cli->pending.
189 * Remove ourselves from the cli->pending array
191 cli
->pending
[i
] = cli
->pending
[num_pending
-1];
194 * No NULL check here, we're shrinking by sizeof(void *), and
195 * talloc_realloc just adjusts the size for this.
197 cli
->pending
= talloc_realloc(NULL
, cli
->pending
, struct tevent_req
*,
202 static int cli_smb_req_destructor(struct tevent_req
*req
)
204 struct cli_smb_state
*state
= tevent_req_data(
205 req
, struct cli_smb_state
);
207 * Make sure we really remove it from
208 * the pending array on destruction.
211 cli_smb_req_unset_pending(req
);
215 static void cli_smb_received(struct tevent_req
*subreq
);
217 bool cli_smb_req_set_pending(struct tevent_req
*req
)
219 struct cli_smb_state
*state
= tevent_req_data(
220 req
, struct cli_smb_state
);
221 struct cli_state
*cli
;
222 struct tevent_req
**pending
;
224 struct tevent_req
*subreq
;
227 num_pending
= talloc_array_length(cli
->pending
);
229 pending
= talloc_realloc(cli
, cli
->pending
, struct tevent_req
*,
231 if (pending
== NULL
) {
234 pending
[num_pending
] = req
;
235 cli
->pending
= pending
;
236 talloc_set_destructor(req
, cli_smb_req_destructor
);
238 if (num_pending
> 0) {
243 * We're the first ones, add the read_smb request that waits for the
244 * answer from the server
246 subreq
= read_smb_send(cli
->pending
, state
->ev
, cli
->fd
);
247 if (subreq
== NULL
) {
248 cli_smb_req_unset_pending(req
);
251 tevent_req_set_callback(subreq
, cli_smb_received
, cli
);
256 * Fetch a smb request's mid. Only valid after the request has been sent by
257 * cli_smb_req_send().
259 uint16_t cli_smb_req_mid(struct tevent_req
*req
)
261 struct cli_smb_state
*state
= tevent_req_data(
262 req
, struct cli_smb_state
);
263 return SVAL(state
->header
, smb_mid
);
266 void cli_smb_req_set_mid(struct tevent_req
*req
, uint16_t mid
)
268 struct cli_smb_state
*state
= tevent_req_data(
269 req
, struct cli_smb_state
);
273 uint32_t cli_smb_req_seqnum(struct tevent_req
*req
)
275 struct cli_smb_state
*state
= tevent_req_data(
276 req
, struct cli_smb_state
);
277 return state
->seqnum
;
280 void cli_smb_req_set_seqnum(struct tevent_req
*req
, uint32_t seqnum
)
282 struct cli_smb_state
*state
= tevent_req_data(
283 req
, struct cli_smb_state
);
284 state
->seqnum
= seqnum
;
287 static size_t iov_len(const struct iovec
*iov
, int count
)
291 for (i
=0; i
<count
; i
++) {
292 result
+= iov
[i
].iov_len
;
297 static uint8_t *iov_concat(TALLOC_CTX
*mem_ctx
, const struct iovec
*iov
,
300 size_t len
= iov_len(iov
, count
);
305 buf
= talloc_array(mem_ctx
, uint8_t, len
);
310 for (i
=0; i
<count
; i
++) {
311 memcpy(buf
+copied
, iov
[i
].iov_base
, iov
[i
].iov_len
);
312 copied
+= iov
[i
].iov_len
;
317 struct tevent_req
*cli_smb_req_create(TALLOC_CTX
*mem_ctx
,
318 struct event_context
*ev
,
319 struct cli_state
*cli
,
321 uint8_t additional_flags
,
322 uint8_t wct
, uint16_t *vwv
,
324 struct iovec
*bytes_iov
)
326 struct tevent_req
*result
;
327 struct cli_smb_state
*state
;
328 struct timeval endtime
;
330 if (iov_count
> MAX_SMB_IOV
) {
332 * Should not happen :-)
337 result
= tevent_req_create(mem_ctx
, &state
, struct cli_smb_state
);
338 if (result
== NULL
) {
343 state
->mid
= 0; /* Set to auto-choose in cli_smb_req_send */
344 state
->chain_num
= 0;
345 state
->chained_requests
= NULL
;
347 cli_setup_packet_buf(cli
, (char *)state
->header
);
348 SCVAL(state
->header
, smb_com
, smb_command
);
349 SSVAL(state
->header
, smb_tid
, cli
->cnum
);
350 SCVAL(state
->header
, smb_wct
, wct
);
354 SSVAL(state
->bytecount_buf
, 0, iov_len(bytes_iov
, iov_count
));
356 state
->iov
[0].iov_base
= (void *)state
->header
;
357 state
->iov
[0].iov_len
= sizeof(state
->header
);
358 state
->iov
[1].iov_base
= (void *)state
->vwv
;
359 state
->iov
[1].iov_len
= wct
* sizeof(uint16_t);
360 state
->iov
[2].iov_base
= (void *)state
->bytecount_buf
;
361 state
->iov
[2].iov_len
= sizeof(uint16_t);
363 if (iov_count
!= 0) {
364 memcpy(&state
->iov
[3], bytes_iov
,
365 iov_count
* sizeof(*bytes_iov
));
367 state
->iov_count
= iov_count
+ 3;
370 endtime
= timeval_current_ofs_msec(cli
->timeout
);
371 if (!tevent_req_set_endtime(result
, ev
, endtime
)) {
372 tevent_req_nomem(NULL
, result
);
378 static NTSTATUS
cli_signv(struct cli_state
*cli
, struct iovec
*iov
, int count
,
384 * Obvious optimization: Make cli_calculate_sign_mac work with struct
385 * iovec directly. MD5Update would do that just fine.
388 if ((count
<= 0) || (iov
[0].iov_len
< smb_wct
)) {
389 return NT_STATUS_INVALID_PARAMETER
;
392 buf
= iov_concat(talloc_tos(), iov
, count
);
394 return NT_STATUS_NO_MEMORY
;
397 cli_calculate_sign_mac(cli
, (char *)buf
, seqnum
);
398 memcpy(iov
[0].iov_base
, buf
, iov
[0].iov_len
);
404 static void cli_smb_sent(struct tevent_req
*subreq
);
406 static NTSTATUS
cli_smb_req_iov_send(struct tevent_req
*req
,
407 struct cli_smb_state
*state
,
408 struct iovec
*iov
, int iov_count
)
410 struct tevent_req
*subreq
;
413 if (state
->cli
->fd
== -1) {
414 return NT_STATUS_CONNECTION_INVALID
;
417 if (iov
[0].iov_len
< smb_wct
) {
418 return NT_STATUS_INVALID_PARAMETER
;
421 if (state
->mid
!= 0) {
422 SSVAL(iov
[0].iov_base
, smb_mid
, state
->mid
);
424 uint16_t mid
= cli_alloc_mid(state
->cli
);
425 SSVAL(iov
[0].iov_base
, smb_mid
, mid
);
428 smb_setlen((char *)iov
[0].iov_base
, iov_len(iov
, iov_count
) - 4);
430 status
= cli_signv(state
->cli
, iov
, iov_count
, &state
->seqnum
);
432 if (!NT_STATUS_IS_OK(status
)) {
436 if (cli_encryption_on(state
->cli
)) {
439 buf
= (char *)iov_concat(talloc_tos(), iov
, iov_count
);
441 return NT_STATUS_NO_MEMORY
;
443 status
= common_encrypt_buffer(state
->cli
->trans_enc_state
,
444 (char *)buf
, &enc_buf
);
446 if (!NT_STATUS_IS_OK(status
)) {
447 DEBUG(0, ("Error in encrypting client message: %s\n",
451 buf
= (char *)talloc_memdup(state
, enc_buf
,
455 return NT_STATUS_NO_MEMORY
;
457 iov
[0].iov_base
= (void *)buf
;
458 iov
[0].iov_len
= talloc_get_size(buf
);
461 subreq
= writev_send(state
, state
->ev
, state
->cli
->outgoing
,
462 state
->cli
->fd
, false, iov
, iov_count
);
463 if (subreq
== NULL
) {
464 return NT_STATUS_NO_MEMORY
;
466 tevent_req_set_callback(subreq
, cli_smb_sent
, req
);
470 NTSTATUS
cli_smb_req_send(struct tevent_req
*req
)
472 struct cli_smb_state
*state
= tevent_req_data(
473 req
, struct cli_smb_state
);
475 return cli_smb_req_iov_send(req
, state
, state
->iov
, state
->iov_count
);
478 struct tevent_req
*cli_smb_send(TALLOC_CTX
*mem_ctx
,
479 struct event_context
*ev
,
480 struct cli_state
*cli
,
482 uint8_t additional_flags
,
483 uint8_t wct
, uint16_t *vwv
,
485 const uint8_t *bytes
)
487 struct tevent_req
*req
;
491 iov
.iov_base
= discard_const_p(void, bytes
);
492 iov
.iov_len
= num_bytes
;
494 req
= cli_smb_req_create(mem_ctx
, ev
, cli
, smb_command
,
495 additional_flags
, wct
, vwv
, 1, &iov
);
500 status
= cli_smb_req_send(req
);
501 if (!NT_STATUS_IS_OK(status
)) {
502 tevent_req_nterror(req
, status
);
503 return tevent_req_post(req
, ev
);
508 static void cli_smb_sent(struct tevent_req
*subreq
)
510 struct tevent_req
*req
= tevent_req_callback_data(
511 subreq
, struct tevent_req
);
512 struct cli_smb_state
*state
= tevent_req_data(
513 req
, struct cli_smb_state
);
517 nwritten
= writev_recv(subreq
, &err
);
519 if (nwritten
== -1) {
520 if (state
->cli
->fd
!= -1) {
521 close(state
->cli
->fd
);
524 tevent_req_nterror(req
, map_nt_error_from_unix(err
));
528 switch (CVAL(state
->header
, smb_com
)) {
534 tevent_req_done(req
);
537 if ((CVAL(state
->header
, smb_wct
) == 8) &&
538 (CVAL(state
->vwv
+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE
)) {
540 tevent_req_done(req
);
545 if (!cli_smb_req_set_pending(req
)) {
546 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
551 static void cli_smb_received(struct tevent_req
*subreq
)
553 struct cli_state
*cli
= tevent_req_callback_data(
554 subreq
, struct cli_state
);
555 struct tevent_req
*req
;
556 struct cli_smb_state
*state
;
565 received
= read_smb_recv(subreq
, talloc_tos(), &inbuf
, &err
);
567 if (received
== -1) {
572 status
= map_nt_error_from_unix(err
);
576 if ((IVAL(inbuf
, 4) != 0x424d53ff) /* 0xFF"SMB" */
577 && (SVAL(inbuf
, 4) != 0x45ff)) /* 0xFF"E" */ {
578 DEBUG(10, ("Got non-SMB PDU\n"));
579 status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
583 if (cli_encryption_on(cli
) && (CVAL(inbuf
, 0) == 0)) {
584 uint16_t enc_ctx_num
;
586 status
= get_enc_ctx_num(inbuf
, &enc_ctx_num
);
587 if (!NT_STATUS_IS_OK(status
)) {
588 DEBUG(10, ("get_enc_ctx_num returned %s\n",
593 if (enc_ctx_num
!= cli
->trans_enc_state
->enc_ctx_num
) {
594 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
596 cli
->trans_enc_state
->enc_ctx_num
));
597 status
= NT_STATUS_INVALID_HANDLE
;
601 status
= common_decrypt_buffer(cli
->trans_enc_state
,
603 if (!NT_STATUS_IS_OK(status
)) {
604 DEBUG(10, ("common_decrypt_buffer returned %s\n",
610 mid
= SVAL(inbuf
, smb_mid
);
611 num_pending
= talloc_array_length(cli
->pending
);
613 for (i
=0; i
<num_pending
; i
++) {
614 if (mid
== cli_smb_req_mid(cli
->pending
[i
])) {
618 if (i
== num_pending
) {
619 /* Dump unexpected reply */
624 oplock_break
= false;
628 * Paranoia checks that this is really an oplock break request.
630 oplock_break
= (smb_len(inbuf
) == 51); /* hdr + 8 words */
631 oplock_break
&= ((CVAL(inbuf
, smb_flg
) & FLAG_REPLY
) == 0);
632 oplock_break
&= (CVAL(inbuf
, smb_com
) == SMBlockingX
);
633 oplock_break
&= (SVAL(inbuf
, smb_vwv6
) == 0);
634 oplock_break
&= (SVAL(inbuf
, smb_vwv7
) == 0);
637 /* Dump unexpected reply */
643 req
= cli
->pending
[i
];
644 state
= tevent_req_data(req
, struct cli_smb_state
);
646 if (!oplock_break
/* oplock breaks are not signed */
647 && !cli_check_sign_mac(cli
, (char *)inbuf
, state
->seqnum
+1)) {
648 DEBUG(10, ("cli_check_sign_mac failed\n"));
650 status
= NT_STATUS_ACCESS_DENIED
;
656 if (state
->chained_requests
== NULL
) {
657 state
->inbuf
= talloc_move(state
, &inbuf
);
658 talloc_set_destructor(req
, NULL
);
659 cli_smb_req_unset_pending(req
);
660 state
->chain_num
= 0;
661 state
->chain_length
= 1;
662 tevent_req_done(req
);
664 struct tevent_req
**chain
= talloc_move(
665 talloc_tos(), &state
->chained_requests
);
666 int num_chained
= talloc_array_length(chain
);
668 for (i
=0; i
<num_chained
; i
++) {
669 state
= tevent_req_data(chain
[i
], struct
671 state
->inbuf
= inbuf
;
672 state
->chain_num
= i
;
673 state
->chain_length
= num_chained
;
674 tevent_req_done(chain
[i
]);
680 if (talloc_array_length(cli
->pending
) > 0) {
682 * Set up another read request for the other pending cli_smb
685 state
= tevent_req_data(cli
->pending
[0], struct cli_smb_state
);
686 subreq
= read_smb_send(cli
->pending
, state
->ev
, cli
->fd
);
687 if (subreq
== NULL
) {
688 status
= NT_STATUS_NO_MEMORY
;
691 tevent_req_set_callback(subreq
, cli_smb_received
, cli
);
696 * Cancel all pending requests. We don't do a for-loop walking
697 * cli->pending because that array changes in
698 * cli_smb_req_destructor().
700 while (talloc_array_length(cli
->pending
) > 0) {
701 req
= cli
->pending
[0];
702 talloc_set_destructor(req
, NULL
);
703 cli_smb_req_unset_pending(req
);
704 tevent_req_nterror(req
, status
);
708 NTSTATUS
cli_smb_recv(struct tevent_req
*req
,
709 TALLOC_CTX
*mem_ctx
, uint8_t **pinbuf
,
710 uint8_t min_wct
, uint8_t *pwct
, uint16_t **pvwv
,
711 uint32_t *pnum_bytes
, uint8_t **pbytes
)
713 struct cli_smb_state
*state
= tevent_req_data(
714 req
, struct cli_smb_state
);
715 NTSTATUS status
= NT_STATUS_OK
;
718 size_t wct_ofs
, bytes_offset
;
721 if (tevent_req_is_nterror(req
, &status
)) {
725 if (state
->inbuf
== NULL
) {
727 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
744 /* This was a request without a reply */
749 cmd
= CVAL(state
->inbuf
, smb_com
);
751 for (i
=0; i
<state
->chain_num
; i
++) {
752 if (i
< state
->chain_num
-1) {
754 return NT_STATUS_REQUEST_ABORTED
;
756 if (!is_andx_req(cmd
)) {
757 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
761 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
763 * This request was not completed because a previous
764 * request in the chain had received an error.
766 return NT_STATUS_REQUEST_ABORTED
;
769 wct_ofs
= SVAL(state
->inbuf
, wct_ofs
+ 3);
772 * Skip the all-present length field. No overflow, we've just
773 * put a 16-bit value into a size_t.
777 if (wct_ofs
+2 > talloc_get_size(state
->inbuf
)) {
778 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
781 cmd
= CVAL(state
->inbuf
, wct_ofs
+ 1);
784 status
= cli_pull_error((char *)state
->inbuf
);
786 cli_set_error(state
->cli
, status
);
788 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
790 if ((cmd
== SMBsesssetupX
)
792 status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
794 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
795 * valid return code for session setup
800 if (NT_STATUS_IS_ERR(status
)) {
802 * The last command takes the error code. All
803 * further commands down the requested chain
804 * will get a NT_STATUS_REQUEST_ABORTED.
812 wct
= CVAL(state
->inbuf
, wct_ofs
);
813 bytes_offset
= wct_ofs
+ 1 + wct
* sizeof(uint16_t);
814 num_bytes
= SVAL(state
->inbuf
, bytes_offset
);
817 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
821 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
822 * is a 16-bit value. So bytes_offset being size_t should be far from
825 if ((bytes_offset
+ 2 > talloc_get_size(state
->inbuf
))
826 || (bytes_offset
> 0xffff)) {
827 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
834 *pvwv
= (uint16_t *)(state
->inbuf
+ wct_ofs
+ 1);
836 if (pnum_bytes
!= NULL
) {
837 *pnum_bytes
= num_bytes
;
839 if (pbytes
!= NULL
) {
840 *pbytes
= (uint8_t *)state
->inbuf
+ bytes_offset
+ 2;
842 if ((mem_ctx
!= NULL
) && (pinbuf
!= NULL
)) {
843 if (state
->chain_num
== state
->chain_length
-1) {
844 *pinbuf
= talloc_move(mem_ctx
, &state
->inbuf
);
846 *pinbuf
= state
->inbuf
;
853 size_t cli_smb_wct_ofs(struct tevent_req
**reqs
, int num_reqs
)
858 wct_ofs
= smb_wct
- 4;
860 for (i
=0; i
<num_reqs
; i
++) {
861 struct cli_smb_state
*state
;
862 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
863 wct_ofs
+= iov_len(state
->iov
+1, state
->iov_count
-1);
864 wct_ofs
= (wct_ofs
+ 3) & ~3;
869 NTSTATUS
cli_smb_chain_send(struct tevent_req
**reqs
, int num_reqs
)
871 struct cli_smb_state
*first_state
= tevent_req_data(
872 reqs
[0], struct cli_smb_state
);
873 struct cli_smb_state
*last_state
= tevent_req_data(
874 reqs
[num_reqs
-1], struct cli_smb_state
);
875 struct cli_smb_state
*state
;
877 size_t chain_padding
= 0;
879 struct iovec
*iov
= NULL
;
880 struct iovec
*this_iov
;
884 for (i
=0; i
<num_reqs
; i
++) {
885 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
886 iovlen
+= state
->iov_count
;
889 iov
= talloc_array(last_state
, struct iovec
, iovlen
);
891 return NT_STATUS_NO_MEMORY
;
894 first_state
->chained_requests
= (struct tevent_req
**)talloc_memdup(
895 last_state
, reqs
, sizeof(*reqs
) * num_reqs
);
896 if (first_state
->chained_requests
== NULL
) {
898 return NT_STATUS_NO_MEMORY
;
901 wct_offset
= smb_wct
- 4;
904 for (i
=0; i
<num_reqs
; i
++) {
905 size_t next_padding
= 0;
908 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
910 if (i
< num_reqs
-1) {
911 if (!is_andx_req(CVAL(state
->header
, smb_com
))
912 || CVAL(state
->header
, smb_wct
) < 2) {
914 TALLOC_FREE(first_state
->chained_requests
);
915 return NT_STATUS_INVALID_PARAMETER
;
919 wct_offset
+= iov_len(state
->iov
+1, state
->iov_count
-1) + 1;
920 if ((wct_offset
% 4) != 0) {
921 next_padding
= 4 - (wct_offset
% 4);
923 wct_offset
+= next_padding
;
926 if (i
< num_reqs
-1) {
927 struct cli_smb_state
*next_state
= tevent_req_data(
928 reqs
[i
+1], struct cli_smb_state
);
929 SCVAL(vwv
+0, 0, CVAL(next_state
->header
, smb_com
));
931 SSVAL(vwv
+1, 0, wct_offset
);
932 } else if (is_andx_req(CVAL(state
->header
, smb_com
))) {
933 /* properly end the chain */
934 SCVAL(vwv
+0, 0, 0xff);
935 SCVAL(vwv
+0, 1, 0xff);
940 this_iov
[0] = state
->iov
[0];
943 * This one is a bit subtle. We have to add
944 * chain_padding bytes between the requests, and we
945 * have to also include the wct field of the
946 * subsequent requests. We use the subsequent header
947 * for the padding, it contains the wct field in its
950 this_iov
[0].iov_len
= chain_padding
+1;
951 this_iov
[0].iov_base
= (void *)&state
->header
[
952 sizeof(state
->header
) - this_iov
[0].iov_len
];
953 memset(this_iov
[0].iov_base
, 0, this_iov
[0].iov_len
-1);
955 memcpy(this_iov
+1, state
->iov
+1,
956 sizeof(struct iovec
) * (state
->iov_count
-1));
957 this_iov
+= state
->iov_count
;
958 chain_padding
= next_padding
;
961 status
= cli_smb_req_iov_send(reqs
[0], last_state
, iov
, iovlen
);
962 if (!NT_STATUS_IS_OK(status
)) {
964 TALLOC_FREE(first_state
->chained_requests
);
971 uint8_t *cli_smb_inbuf(struct tevent_req
*req
)
973 struct cli_smb_state
*state
= tevent_req_data(
974 req
, struct cli_smb_state
);
978 bool cli_has_async_calls(struct cli_state
*cli
)
980 return ((tevent_queue_length(cli
->outgoing
) != 0)
981 || (talloc_array_length(cli
->pending
) != 0));
984 struct cli_smb_oplock_break_waiter_state
{
989 static void cli_smb_oplock_break_waiter_done(struct tevent_req
*subreq
);
991 struct tevent_req
*cli_smb_oplock_break_waiter_send(TALLOC_CTX
*mem_ctx
,
992 struct event_context
*ev
,
993 struct cli_state
*cli
)
995 struct tevent_req
*req
, *subreq
;
996 struct cli_smb_oplock_break_waiter_state
*state
;
997 struct cli_smb_state
*smb_state
;
999 req
= tevent_req_create(mem_ctx
, &state
,
1000 struct cli_smb_oplock_break_waiter_state
);
1006 * Create a fake SMB request that we will never send out. This is only
1007 * used to be set into the pending queue with the right mid.
1009 subreq
= cli_smb_req_create(mem_ctx
, ev
, cli
, 0, 0, 0, NULL
, 0, NULL
);
1010 if (tevent_req_nomem(subreq
, req
)) {
1011 return tevent_req_post(req
, ev
);
1013 smb_state
= tevent_req_data(subreq
, struct cli_smb_state
);
1014 SSVAL(smb_state
->header
, smb_mid
, 0xffff);
1016 if (!cli_smb_req_set_pending(subreq
)) {
1017 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
1018 return tevent_req_post(req
, ev
);
1020 tevent_req_set_callback(subreq
, cli_smb_oplock_break_waiter_done
, req
);
1024 static void cli_smb_oplock_break_waiter_done(struct tevent_req
*subreq
)
1026 struct tevent_req
*req
= tevent_req_callback_data(
1027 subreq
, struct tevent_req
);
1028 struct cli_smb_oplock_break_waiter_state
*state
= tevent_req_data(
1029 req
, struct cli_smb_oplock_break_waiter_state
);
1037 status
= cli_smb_recv(subreq
, state
, &inbuf
, 8, &wct
, &vwv
,
1038 &num_bytes
, &bytes
);
1039 TALLOC_FREE(subreq
);
1040 if (!NT_STATUS_IS_OK(status
)) {
1041 tevent_req_nterror(req
, status
);
1044 state
->fnum
= SVAL(vwv
+2, 0);
1045 state
->level
= CVAL(vwv
+3, 1);
1046 tevent_req_done(req
);
1049 NTSTATUS
cli_smb_oplock_break_waiter_recv(struct tevent_req
*req
,
1053 struct cli_smb_oplock_break_waiter_state
*state
= tevent_req_data(
1054 req
, struct cli_smb_oplock_break_waiter_state
);
1057 if (tevent_req_is_nterror(req
, &status
)) {
1060 *pfnum
= state
->fnum
;
1061 *plevel
= state
->level
;
1062 return NT_STATUS_OK
;
1066 struct cli_session_request_state
{
1067 struct tevent_context
*ev
;
1070 struct iovec iov
[3];
1071 uint8_t nb_session_response
;
1074 static void cli_session_request_sent(struct tevent_req
*subreq
);
1075 static void cli_session_request_recvd(struct tevent_req
*subreq
);
1077 struct tevent_req
*cli_session_request_send(TALLOC_CTX
*mem_ctx
,
1078 struct tevent_context
*ev
,
1080 const struct nmb_name
*called
,
1081 const struct nmb_name
*calling
)
1083 struct tevent_req
*req
, *subreq
;
1084 struct cli_session_request_state
*state
;
1086 req
= tevent_req_create(mem_ctx
, &state
,
1087 struct cli_session_request_state
);
1094 state
->iov
[1].iov_base
= name_mangle(
1095 state
, called
->name
, called
->name_type
);
1096 if (tevent_req_nomem(state
->iov
[1].iov_base
, req
)) {
1097 return tevent_req_post(req
, ev
);
1099 state
->iov
[1].iov_len
= name_len(
1100 (unsigned char *)state
->iov
[1].iov_base
,
1101 talloc_get_size(state
->iov
[1].iov_base
));
1103 state
->iov
[2].iov_base
= name_mangle(
1104 state
, calling
->name
, calling
->name_type
);
1105 if (tevent_req_nomem(state
->iov
[2].iov_base
, req
)) {
1106 return tevent_req_post(req
, ev
);
1108 state
->iov
[2].iov_len
= name_len(
1109 (unsigned char *)state
->iov
[2].iov_base
,
1110 talloc_get_size(state
->iov
[2].iov_base
));
1112 _smb_setlen(((char *)&state
->len_hdr
),
1113 state
->iov
[1].iov_len
+ state
->iov
[2].iov_len
);
1114 SCVAL((char *)&state
->len_hdr
, 0, 0x81);
1116 state
->iov
[0].iov_base
= &state
->len_hdr
;
1117 state
->iov
[0].iov_len
= sizeof(state
->len_hdr
);
1119 subreq
= writev_send(state
, ev
, NULL
, sock
, true, state
->iov
, 3);
1120 if (tevent_req_nomem(subreq
, req
)) {
1121 return tevent_req_post(req
, ev
);
1123 tevent_req_set_callback(subreq
, cli_session_request_sent
, req
);
1127 static void cli_session_request_sent(struct tevent_req
*subreq
)
1129 struct tevent_req
*req
= tevent_req_callback_data(
1130 subreq
, struct tevent_req
);
1131 struct cli_session_request_state
*state
= tevent_req_data(
1132 req
, struct cli_session_request_state
);
1136 ret
= writev_recv(subreq
, &err
);
1137 TALLOC_FREE(subreq
);
1139 tevent_req_error(req
, err
);
1142 subreq
= read_smb_send(state
, state
->ev
, state
->sock
);
1143 if (tevent_req_nomem(subreq
, req
)) {
1146 tevent_req_set_callback(subreq
, cli_session_request_recvd
, req
);
1149 static void cli_session_request_recvd(struct tevent_req
*subreq
)
1151 struct tevent_req
*req
= tevent_req_callback_data(
1152 subreq
, struct tevent_req
);
1153 struct cli_session_request_state
*state
= tevent_req_data(
1154 req
, struct cli_session_request_state
);
1159 ret
= read_smb_recv(subreq
, talloc_tos(), &buf
, &err
);
1160 TALLOC_FREE(subreq
);
1167 tevent_req_error(req
, err
);
1171 * In case of an error there is more information in the data
1172 * portion according to RFC1002. We're not subtle enough to
1173 * respond to the different error conditions, so drop the
1176 state
->nb_session_response
= CVAL(buf
, 0);
1177 tevent_req_done(req
);
1180 bool cli_session_request_recv(struct tevent_req
*req
, int *err
, uint8_t *resp
)
1182 struct cli_session_request_state
*state
= tevent_req_data(
1183 req
, struct cli_session_request_state
);
1185 if (tevent_req_is_unix_error(req
, err
)) {
1188 *resp
= state
->nb_session_response
;