2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "../libcli/smb/smb_seal.h"
27 #include "libsmb/nmblib.h"
28 #include "../libcli/smb/read_smb.h"
30 static NTSTATUS
cli_pull_raw_error(const uint8_t *buf
)
32 const uint8_t *hdr
= buf
+ NBT_HDR_SIZE
;
33 uint32_t flags2
= SVAL(hdr
, HDR_FLG2
);
34 NTSTATUS status
= NT_STATUS(IVAL(hdr
, HDR_RCLS
));
36 if (NT_STATUS_IS_OK(status
)) {
40 if (flags2
& FLAGS2_32_BIT_ERROR_CODES
) {
44 return NT_STATUS_DOS(CVAL(hdr
, HDR_RCLS
), SVAL(hdr
, HDR_ERR
));
48 * Figure out if there is an andx command behind the current one
49 * @param[in] buf The smb buffer to look at
50 * @param[in] ofs The offset to the wct field that is followed by the cmd
51 * @retval Is there a command following?
54 static bool have_andx_command(const char *buf
, uint16_t ofs
)
57 size_t buflen
= talloc_get_size(buf
);
59 if ((ofs
== buflen
-1) || (ofs
== buflen
)) {
66 * Not enough space for the command and a following pointer
70 return (CVAL(buf
, ofs
+1) != 0xff);
75 struct cli_smb_state
{
76 struct tevent_context
*ev
;
77 struct cli_state
*cli
;
78 uint8_t header
[smb_wct
+1]; /* Space for the header including the wct */
81 * For normal requests, cli_smb_req_send chooses a mid. Secondary
82 * trans requests need to use the mid of the primary request, so we
83 * need a place to store it. Assume it's set if != 0.
88 uint8_t bytecount_buf
[2];
90 struct iovec iov
[MAX_SMB_IOV
+3];
97 struct tevent_req
**chained_requests
;
102 static uint16_t cli_alloc_mid(struct cli_state
*cli
)
104 int num_pending
= talloc_array_length(cli
->conn
.pending
);
110 result
= cli
->conn
.smb1
.mid
++;
111 if ((result
== 0) || (result
== 0xffff)) {
115 for (i
=0; i
<num_pending
; i
++) {
116 if (result
== cli_smb_req_mid(cli
->conn
.pending
[i
])) {
121 if (i
== num_pending
) {
127 void cli_smb_req_unset_pending(struct tevent_req
*req
)
129 struct cli_smb_state
*state
= tevent_req_data(
130 req
, struct cli_smb_state
);
131 struct cli_state
*cli
= state
->cli
;
132 int num_pending
= talloc_array_length(cli
->conn
.pending
);
135 if (state
->mid
!= 0) {
137 * This is a [nt]trans[2] request which waits
138 * for more than one reply.
143 talloc_set_destructor(req
, NULL
);
145 if (num_pending
== 1) {
147 * The pending read_smb tevent_req is a child of
148 * cli->pending. So if nothing is pending anymore, we need to
149 * delete the socket read fde.
151 TALLOC_FREE(cli
->conn
.pending
);
152 cli
->conn
.read_smb_req
= NULL
;
156 for (i
=0; i
<num_pending
; i
++) {
157 if (req
== cli
->conn
.pending
[i
]) {
161 if (i
== num_pending
) {
163 * Something's seriously broken. Just returning here is the
164 * right thing nevertheless, the point of this routine is to
165 * remove ourselves from cli->conn.pending.
171 * Remove ourselves from the cli->conn.pending array
173 for (; i
< (num_pending
- 1); i
++) {
174 cli
->conn
.pending
[i
] = cli
->conn
.pending
[i
+1];
178 * No NULL check here, we're shrinking by sizeof(void *), and
179 * talloc_realloc just adjusts the size for this.
181 cli
->conn
.pending
= talloc_realloc(NULL
, cli
->conn
.pending
,
187 static int cli_smb_req_destructor(struct tevent_req
*req
)
189 struct cli_smb_state
*state
= tevent_req_data(
190 req
, struct cli_smb_state
);
192 * Make sure we really remove it from
193 * the pending array on destruction.
196 cli_smb_req_unset_pending(req
);
200 static bool cli_state_receive_next(struct cli_state
*cli
);
201 static void cli_state_notify_pending(struct cli_state
*cli
, NTSTATUS status
);
203 bool cli_smb_req_set_pending(struct tevent_req
*req
)
205 struct cli_smb_state
*state
= tevent_req_data(
206 req
, struct cli_smb_state
);
207 struct cli_state
*cli
;
208 struct tevent_req
**pending
;
212 num_pending
= talloc_array_length(cli
->conn
.pending
);
214 pending
= talloc_realloc(cli
, cli
->conn
.pending
, struct tevent_req
*,
216 if (pending
== NULL
) {
219 pending
[num_pending
] = req
;
220 cli
->conn
.pending
= pending
;
221 talloc_set_destructor(req
, cli_smb_req_destructor
);
223 if (!cli_state_receive_next(cli
)) {
225 * the caller should notify the current request
227 * And all other pending requests get notified
228 * by cli_state_notify_pending().
230 cli_smb_req_unset_pending(req
);
231 cli_state_notify_pending(cli
, NT_STATUS_NO_MEMORY
);
238 static void cli_smb_received(struct tevent_req
*subreq
);
239 static NTSTATUS
cli_state_dispatch_smb1(struct cli_state
*cli
,
243 static bool cli_state_receive_next(struct cli_state
*cli
)
245 size_t num_pending
= talloc_array_length(cli
->conn
.pending
);
246 struct tevent_req
*req
;
247 struct cli_smb_state
*state
;
249 if (cli
->conn
.read_smb_req
!= NULL
) {
253 if (num_pending
== 0) {
257 req
= cli
->conn
.pending
[0];
258 state
= tevent_req_data(req
, struct cli_smb_state
);
260 cli
->conn
.dispatch_incoming
= cli_state_dispatch_smb1
;
263 * We're the first ones, add the read_smb request that waits for the
264 * answer from the server
266 cli
->conn
.read_smb_req
= read_smb_send(cli
->conn
.pending
, state
->ev
,
268 if (cli
->conn
.read_smb_req
== NULL
) {
271 tevent_req_set_callback(cli
->conn
.read_smb_req
, cli_smb_received
, cli
);
275 static void cli_state_notify_pending(struct cli_state
*cli
, NTSTATUS status
)
277 cli_state_disconnect(cli
);
280 * Cancel all pending requests. We do not do a for-loop walking
281 * cli->conn.pending because that array changes in
282 * cli_smb_req_destructor().
284 while (talloc_array_length(cli
->conn
.pending
) > 0) {
285 struct tevent_req
*req
;
286 struct cli_smb_state
*state
;
288 req
= cli
->conn
.pending
[0];
289 state
= tevent_req_data(req
, struct cli_smb_state
);
292 * We're dead. No point waiting for trans2
297 cli_smb_req_unset_pending(req
);
300 * we need to defer the callback, because we may notify more
303 tevent_req_defer_callback(req
, state
->ev
);
304 tevent_req_nterror(req
, status
);
309 * Fetch a smb request's mid. Only valid after the request has been sent by
310 * cli_smb_req_send().
312 uint16_t cli_smb_req_mid(struct tevent_req
*req
)
314 struct cli_smb_state
*state
= tevent_req_data(
315 req
, struct cli_smb_state
);
317 if (state
->mid
!= 0) {
321 return SVAL(state
->header
, smb_mid
);
324 void cli_smb_req_set_mid(struct tevent_req
*req
, uint16_t mid
)
326 struct cli_smb_state
*state
= tevent_req_data(
327 req
, struct cli_smb_state
);
331 uint32_t cli_smb_req_seqnum(struct tevent_req
*req
)
333 struct cli_smb_state
*state
= tevent_req_data(
334 req
, struct cli_smb_state
);
335 return state
->seqnum
;
338 void cli_smb_req_set_seqnum(struct tevent_req
*req
, uint32_t seqnum
)
340 struct cli_smb_state
*state
= tevent_req_data(
341 req
, struct cli_smb_state
);
342 state
->seqnum
= seqnum
;
345 static size_t iov_len(const struct iovec
*iov
, int count
)
349 for (i
=0; i
<count
; i
++) {
350 result
+= iov
[i
].iov_len
;
355 static uint8_t *iov_concat(TALLOC_CTX
*mem_ctx
, const struct iovec
*iov
,
358 size_t len
= iov_len(iov
, count
);
363 buf
= talloc_array(mem_ctx
, uint8_t, len
);
368 for (i
=0; i
<count
; i
++) {
369 memcpy(buf
+copied
, iov
[i
].iov_base
, iov
[i
].iov_len
);
370 copied
+= iov
[i
].iov_len
;
375 struct tevent_req
*cli_smb_req_create(TALLOC_CTX
*mem_ctx
,
376 struct event_context
*ev
,
377 struct cli_state
*cli
,
379 uint8_t additional_flags
,
380 uint8_t wct
, uint16_t *vwv
,
382 struct iovec
*bytes_iov
)
384 struct tevent_req
*result
;
385 struct cli_smb_state
*state
;
386 struct timeval endtime
;
388 if (iov_count
> MAX_SMB_IOV
) {
390 * Should not happen :-)
395 result
= tevent_req_create(mem_ctx
, &state
, struct cli_smb_state
);
396 if (result
== NULL
) {
401 state
->mid
= 0; /* Set to auto-choose in cli_smb_req_send */
402 state
->chain_num
= 0;
403 state
->chained_requests
= NULL
;
405 cli_setup_packet_buf(cli
, (char *)state
->header
);
406 SCVAL(state
->header
, smb_com
, smb_command
);
407 SSVAL(state
->header
, smb_tid
, cli
->smb1
.tid
);
408 SCVAL(state
->header
, smb_wct
, wct
);
412 SSVAL(state
->bytecount_buf
, 0, iov_len(bytes_iov
, iov_count
));
414 state
->iov
[0].iov_base
= (void *)state
->header
;
415 state
->iov
[0].iov_len
= sizeof(state
->header
);
416 state
->iov
[1].iov_base
= (void *)state
->vwv
;
417 state
->iov
[1].iov_len
= wct
* sizeof(uint16_t);
418 state
->iov
[2].iov_base
= (void *)state
->bytecount_buf
;
419 state
->iov
[2].iov_len
= sizeof(uint16_t);
421 if (iov_count
!= 0) {
422 memcpy(&state
->iov
[3], bytes_iov
,
423 iov_count
* sizeof(*bytes_iov
));
425 state
->iov_count
= iov_count
+ 3;
428 endtime
= timeval_current_ofs_msec(cli
->timeout
);
429 if (!tevent_req_set_endtime(result
, ev
, endtime
)) {
434 switch (smb_command
) {
439 state
->one_way
= true;
443 (CVAL(vwv
+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE
)) {
444 state
->one_way
= true;
452 static NTSTATUS
cli_signv(struct cli_state
*cli
, struct iovec
*iov
, int count
,
458 * Obvious optimization: Make cli_calculate_sign_mac work with struct
459 * iovec directly. MD5Update would do that just fine.
462 if ((count
<= 0) || (iov
[0].iov_len
< smb_wct
)) {
463 return NT_STATUS_INVALID_PARAMETER
;
466 buf
= iov_concat(talloc_tos(), iov
, count
);
468 return NT_STATUS_NO_MEMORY
;
471 cli_calculate_sign_mac(cli
, (char *)buf
, seqnum
);
472 memcpy(iov
[0].iov_base
, buf
, iov
[0].iov_len
);
478 static void cli_smb_sent(struct tevent_req
*subreq
);
480 static NTSTATUS
cli_smb_req_iov_send(struct tevent_req
*req
,
481 struct cli_smb_state
*state
,
482 struct iovec
*iov
, int iov_count
)
484 struct tevent_req
*subreq
;
487 if (!cli_state_is_connected(state
->cli
)) {
488 return NT_STATUS_CONNECTION_DISCONNECTED
;
491 if (iov
[0].iov_len
< smb_wct
) {
492 return NT_STATUS_INVALID_PARAMETER
;
495 if (state
->mid
!= 0) {
496 SSVAL(iov
[0].iov_base
, smb_mid
, state
->mid
);
498 uint16_t mid
= cli_alloc_mid(state
->cli
);
499 SSVAL(iov
[0].iov_base
, smb_mid
, mid
);
502 smb_setlen((char *)iov
[0].iov_base
, iov_len(iov
, iov_count
) - 4);
504 status
= cli_signv(state
->cli
, iov
, iov_count
, &state
->seqnum
);
506 if (!NT_STATUS_IS_OK(status
)) {
510 if (cli_state_encryption_on(state
->cli
)) {
513 buf
= (char *)iov_concat(talloc_tos(), iov
, iov_count
);
515 return NT_STATUS_NO_MEMORY
;
517 status
= common_encrypt_buffer(state
->cli
->trans_enc_state
,
518 (char *)buf
, &enc_buf
);
520 if (!NT_STATUS_IS_OK(status
)) {
521 DEBUG(0, ("Error in encrypting client message: %s\n",
525 buf
= (char *)talloc_memdup(state
, enc_buf
,
529 return NT_STATUS_NO_MEMORY
;
531 iov
[0].iov_base
= (void *)buf
;
532 iov
[0].iov_len
= talloc_get_size(buf
);
535 subreq
= writev_send(state
, state
->ev
, state
->cli
->conn
.outgoing
,
536 state
->cli
->conn
.fd
, false, iov
, iov_count
);
537 if (subreq
== NULL
) {
538 return NT_STATUS_NO_MEMORY
;
540 tevent_req_set_callback(subreq
, cli_smb_sent
, req
);
544 NTSTATUS
cli_smb_req_send(struct tevent_req
*req
)
546 struct cli_smb_state
*state
= tevent_req_data(
547 req
, struct cli_smb_state
);
549 if (!tevent_req_is_in_progress(req
)) {
550 return NT_STATUS_INTERNAL_ERROR
;
553 return cli_smb_req_iov_send(req
, state
, state
->iov
, state
->iov_count
);
556 struct tevent_req
*cli_smb_send(TALLOC_CTX
*mem_ctx
,
557 struct event_context
*ev
,
558 struct cli_state
*cli
,
560 uint8_t additional_flags
,
561 uint8_t wct
, uint16_t *vwv
,
563 const uint8_t *bytes
)
565 struct tevent_req
*req
;
569 iov
.iov_base
= discard_const_p(void, bytes
);
570 iov
.iov_len
= num_bytes
;
572 req
= cli_smb_req_create(mem_ctx
, ev
, cli
, smb_command
,
573 additional_flags
, wct
, vwv
, 1, &iov
);
577 if (!tevent_req_is_in_progress(req
)) {
578 return tevent_req_post(req
, ev
);
580 status
= cli_smb_req_send(req
);
581 if (!NT_STATUS_IS_OK(status
)) {
582 tevent_req_nterror(req
, status
);
583 return tevent_req_post(req
, ev
);
588 static void cli_smb_sent(struct tevent_req
*subreq
)
590 struct tevent_req
*req
= tevent_req_callback_data(
591 subreq
, struct tevent_req
);
592 struct cli_smb_state
*state
= tevent_req_data(
593 req
, struct cli_smb_state
);
597 nwritten
= writev_recv(subreq
, &err
);
599 if (nwritten
== -1) {
600 NTSTATUS status
= map_nt_error_from_unix(err
);
601 cli_state_notify_pending(state
->cli
, status
);
605 if (state
->one_way
) {
607 tevent_req_done(req
);
611 if (!cli_smb_req_set_pending(req
)) {
612 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
617 static void cli_smb_received(struct tevent_req
*subreq
)
619 struct cli_state
*cli
= tevent_req_callback_data(
620 subreq
, struct cli_state
);
621 TALLOC_CTX
*frame
= talloc_stackframe();
627 if (subreq
!= cli
->conn
.read_smb_req
) {
628 DEBUG(1, ("Internal error: cli_smb_received called with "
629 "unexpected subreq\n"));
630 status
= NT_STATUS_INTERNAL_ERROR
;
631 cli_state_notify_pending(cli
, status
);
636 received
= read_smb_recv(subreq
, frame
, &inbuf
, &err
);
638 cli
->conn
.read_smb_req
= NULL
;
639 if (received
== -1) {
640 status
= map_nt_error_from_unix(err
);
641 cli_state_notify_pending(cli
, status
);
646 status
= cli
->conn
.dispatch_incoming(cli
, frame
, inbuf
);
648 if (NT_STATUS_IS_OK(status
)) {
650 * We should not do any more processing
651 * as the dispatch function called
655 } else if (!NT_STATUS_EQUAL(status
, NT_STATUS_RETRY
)) {
657 * We got an error, so notify all pending requests
659 cli_state_notify_pending(cli
, status
);
664 * We got NT_STATUS_RETRY, so we may ask for a
667 if (!cli_state_receive_next(cli
)) {
668 cli_state_notify_pending(cli
, NT_STATUS_NO_MEMORY
);
672 static NTSTATUS
cli_state_dispatch_smb1(struct cli_state
*cli
,
676 struct tevent_req
*req
;
677 struct cli_smb_state
*state
;
684 if ((IVAL(inbuf
, 4) != 0x424d53ff) /* 0xFF"SMB" */
685 && (SVAL(inbuf
, 4) != 0x45ff)) /* 0xFF"E" */ {
686 DEBUG(10, ("Got non-SMB PDU\n"));
687 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
690 if (cli_state_encryption_on(cli
) && (CVAL(inbuf
, 0) == 0)) {
691 uint16_t enc_ctx_num
;
693 status
= get_enc_ctx_num(inbuf
, &enc_ctx_num
);
694 if (!NT_STATUS_IS_OK(status
)) {
695 DEBUG(10, ("get_enc_ctx_num returned %s\n",
700 if (enc_ctx_num
!= cli
->trans_enc_state
->enc_ctx_num
) {
701 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
703 cli
->trans_enc_state
->enc_ctx_num
));
704 return NT_STATUS_INVALID_HANDLE
;
707 status
= common_decrypt_buffer(cli
->trans_enc_state
,
709 if (!NT_STATUS_IS_OK(status
)) {
710 DEBUG(10, ("common_decrypt_buffer returned %s\n",
716 mid
= SVAL(inbuf
, smb_mid
);
717 num_pending
= talloc_array_length(cli
->conn
.pending
);
719 for (i
=0; i
<num_pending
; i
++) {
720 if (mid
== cli_smb_req_mid(cli
->conn
.pending
[i
])) {
724 if (i
== num_pending
) {
725 /* Dump unexpected reply */
726 return NT_STATUS_RETRY
;
729 oplock_break
= false;
733 * Paranoia checks that this is really an oplock break request.
735 oplock_break
= (smb_len(inbuf
) == 51); /* hdr + 8 words */
736 oplock_break
&= ((CVAL(inbuf
, smb_flg
) & FLAG_REPLY
) == 0);
737 oplock_break
&= (CVAL(inbuf
, smb_com
) == SMBlockingX
);
738 oplock_break
&= (SVAL(inbuf
, smb_vwv6
) == 0);
739 oplock_break
&= (SVAL(inbuf
, smb_vwv7
) == 0);
742 /* Dump unexpected reply */
743 return NT_STATUS_RETRY
;
747 req
= cli
->conn
.pending
[i
];
748 state
= tevent_req_data(req
, struct cli_smb_state
);
750 if (!oplock_break
/* oplock breaks are not signed */
751 && !cli_check_sign_mac(cli
, (char *)inbuf
, state
->seqnum
+1)) {
752 DEBUG(10, ("cli_check_sign_mac failed\n"));
753 return NT_STATUS_ACCESS_DENIED
;
756 if (state
->chained_requests
!= NULL
) {
757 struct tevent_req
**chain
= talloc_move(frame
,
758 &state
->chained_requests
);
759 int num_chained
= talloc_array_length(chain
);
762 * We steal the inbuf to the chain,
763 * so that it will stay until all
764 * requests of the chain are finished.
766 * Each requests in the chain will
767 * hold a talloc reference to the chain.
768 * This way we do not expose the talloc_reference()
769 * behavior to the callers.
771 talloc_steal(chain
, inbuf
);
773 for (i
=0; i
<num_chained
; i
++) {
774 struct tevent_req
**ref
;
777 state
= tevent_req_data(req
, struct cli_smb_state
);
779 cli_smb_req_unset_pending(req
);
782 * as we finish multiple requests here
783 * we need to defer the callbacks as
784 * they could destroy our current stack state.
786 tevent_req_defer_callback(req
, state
->ev
);
788 ref
= talloc_reference(state
, chain
);
789 if (tevent_req_nomem(ref
, req
)) {
793 state
->inbuf
= inbuf
;
794 state
->chain_num
= i
;
795 state
->chain_length
= num_chained
;
797 tevent_req_done(req
);
800 return NT_STATUS_RETRY
;
803 cli_smb_req_unset_pending(req
);
805 state
->inbuf
= talloc_move(state
, &inbuf
);
806 state
->chain_num
= 0;
807 state
->chain_length
= 1;
809 if (talloc_array_length(cli
->conn
.pending
) == 0) {
810 tevent_req_done(req
);
814 tevent_req_defer_callback(req
, state
->ev
);
815 tevent_req_done(req
);
816 return NT_STATUS_RETRY
;
819 NTSTATUS
cli_smb_recv(struct tevent_req
*req
,
820 TALLOC_CTX
*mem_ctx
, uint8_t **pinbuf
,
821 uint8_t min_wct
, uint8_t *pwct
, uint16_t **pvwv
,
822 uint32_t *pnum_bytes
, uint8_t **pbytes
)
824 struct cli_smb_state
*state
= tevent_req_data(
825 req
, struct cli_smb_state
);
826 NTSTATUS status
= NT_STATUS_OK
;
829 size_t wct_ofs
, bytes_offset
;
832 if (tevent_req_is_nterror(req
, &status
)) {
836 if (state
->inbuf
== NULL
) {
838 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
855 /* This was a request without a reply */
860 cmd
= CVAL(state
->inbuf
, smb_com
);
862 for (i
=0; i
<state
->chain_num
; i
++) {
863 if (i
< state
->chain_num
-1) {
865 return NT_STATUS_REQUEST_ABORTED
;
867 if (!is_andx_req(cmd
)) {
868 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
872 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
874 * This request was not completed because a previous
875 * request in the chain had received an error.
877 return NT_STATUS_REQUEST_ABORTED
;
880 wct_ofs
= SVAL(state
->inbuf
, wct_ofs
+ 3);
883 * Skip the all-present length field. No overflow, we've just
884 * put a 16-bit value into a size_t.
888 if (wct_ofs
+2 > talloc_get_size(state
->inbuf
)) {
889 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
892 cmd
= CVAL(state
->inbuf
, wct_ofs
+ 1);
895 state
->cli
->raw_status
= cli_pull_raw_error(state
->inbuf
);
896 if (NT_STATUS_IS_DOS(state
->cli
->raw_status
)) {
897 uint8_t eclass
= NT_STATUS_DOS_CLASS(state
->cli
->raw_status
);
898 uint16_t ecode
= NT_STATUS_DOS_CODE(state
->cli
->raw_status
);
900 * TODO: is it really a good idea to do a mapping here?
902 * The old cli_pull_error() also does it, so I do not change
905 status
= dos_to_ntstatus(eclass
, ecode
);
907 status
= state
->cli
->raw_status
;
910 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
912 if ((cmd
== SMBsesssetupX
)
914 status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
916 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
917 * valid return code for session setup
922 if (NT_STATUS_IS_ERR(status
)) {
924 * The last command takes the error code. All
925 * further commands down the requested chain
926 * will get a NT_STATUS_REQUEST_ABORTED.
934 wct
= CVAL(state
->inbuf
, wct_ofs
);
935 bytes_offset
= wct_ofs
+ 1 + wct
* sizeof(uint16_t);
936 num_bytes
= SVAL(state
->inbuf
, bytes_offset
);
939 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
943 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
944 * is a 16-bit value. So bytes_offset being size_t should be far from
947 if ((bytes_offset
+ 2 > talloc_get_size(state
->inbuf
))
948 || (bytes_offset
> 0xffff)) {
949 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
956 *pvwv
= (uint16_t *)(state
->inbuf
+ wct_ofs
+ 1);
958 if (pnum_bytes
!= NULL
) {
959 *pnum_bytes
= num_bytes
;
961 if (pbytes
!= NULL
) {
962 *pbytes
= (uint8_t *)state
->inbuf
+ bytes_offset
+ 2;
964 if ((mem_ctx
!= NULL
) && (pinbuf
!= NULL
)) {
965 if (state
->chain_num
== state
->chain_length
-1) {
966 *pinbuf
= talloc_move(mem_ctx
, &state
->inbuf
);
968 *pinbuf
= state
->inbuf
;
975 size_t cli_smb_wct_ofs(struct tevent_req
**reqs
, int num_reqs
)
980 wct_ofs
= smb_wct
- 4;
982 for (i
=0; i
<num_reqs
; i
++) {
983 struct cli_smb_state
*state
;
984 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
985 wct_ofs
+= iov_len(state
->iov
+1, state
->iov_count
-1);
986 wct_ofs
= (wct_ofs
+ 3) & ~3;
991 NTSTATUS
cli_smb_chain_send(struct tevent_req
**reqs
, int num_reqs
)
993 struct cli_smb_state
*first_state
= tevent_req_data(
994 reqs
[0], struct cli_smb_state
);
995 struct cli_smb_state
*last_state
= tevent_req_data(
996 reqs
[num_reqs
-1], struct cli_smb_state
);
997 struct cli_smb_state
*state
;
999 size_t chain_padding
= 0;
1001 struct iovec
*iov
= NULL
;
1002 struct iovec
*this_iov
;
1006 for (i
=0; i
<num_reqs
; i
++) {
1007 if (!tevent_req_is_in_progress(reqs
[i
])) {
1008 return NT_STATUS_INTERNAL_ERROR
;
1011 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
1012 iovlen
+= state
->iov_count
;
1015 iov
= talloc_array(last_state
, struct iovec
, iovlen
);
1017 return NT_STATUS_NO_MEMORY
;
1020 first_state
->chained_requests
= (struct tevent_req
**)talloc_memdup(
1021 last_state
, reqs
, sizeof(*reqs
) * num_reqs
);
1022 if (first_state
->chained_requests
== NULL
) {
1024 return NT_STATUS_NO_MEMORY
;
1027 wct_offset
= smb_wct
- 4;
1030 for (i
=0; i
<num_reqs
; i
++) {
1031 size_t next_padding
= 0;
1034 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
1036 if (i
< num_reqs
-1) {
1037 if (!is_andx_req(CVAL(state
->header
, smb_com
))
1038 || CVAL(state
->header
, smb_wct
) < 2) {
1040 TALLOC_FREE(first_state
->chained_requests
);
1041 return NT_STATUS_INVALID_PARAMETER
;
1045 wct_offset
+= iov_len(state
->iov
+1, state
->iov_count
-1) + 1;
1046 if ((wct_offset
% 4) != 0) {
1047 next_padding
= 4 - (wct_offset
% 4);
1049 wct_offset
+= next_padding
;
1052 if (i
< num_reqs
-1) {
1053 struct cli_smb_state
*next_state
= tevent_req_data(
1054 reqs
[i
+1], struct cli_smb_state
);
1055 SCVAL(vwv
+0, 0, CVAL(next_state
->header
, smb_com
));
1057 SSVAL(vwv
+1, 0, wct_offset
);
1058 } else if (is_andx_req(CVAL(state
->header
, smb_com
))) {
1059 /* properly end the chain */
1060 SCVAL(vwv
+0, 0, 0xff);
1061 SCVAL(vwv
+0, 1, 0xff);
1066 this_iov
[0] = state
->iov
[0];
1069 * This one is a bit subtle. We have to add
1070 * chain_padding bytes between the requests, and we
1071 * have to also include the wct field of the
1072 * subsequent requests. We use the subsequent header
1073 * for the padding, it contains the wct field in its
1076 this_iov
[0].iov_len
= chain_padding
+1;
1077 this_iov
[0].iov_base
= (void *)&state
->header
[
1078 sizeof(state
->header
) - this_iov
[0].iov_len
];
1079 memset(this_iov
[0].iov_base
, 0, this_iov
[0].iov_len
-1);
1081 memcpy(this_iov
+1, state
->iov
+1,
1082 sizeof(struct iovec
) * (state
->iov_count
-1));
1083 this_iov
+= state
->iov_count
;
1084 chain_padding
= next_padding
;
1087 status
= cli_smb_req_iov_send(reqs
[0], last_state
, iov
, iovlen
);
1088 if (!NT_STATUS_IS_OK(status
)) {
1090 TALLOC_FREE(first_state
->chained_requests
);
1094 return NT_STATUS_OK
;
1097 bool cli_has_async_calls(struct cli_state
*cli
)
1099 return ((tevent_queue_length(cli
->conn
.outgoing
) != 0)
1100 || (talloc_array_length(cli
->conn
.pending
) != 0));