search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-utils/net_rpc_printer.c: print more info on write error
[Samba/gebeck_regimport.git] / source3 / libsmb / async_smb.c
blob87614bd3265381ab818aa030aa71c4a1ccfb9ac1
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
28 #include "read_smb.h"
29
30 static NTSTATUS cli_pull_raw_error(const uint8_t *buf)
31 {
32 uint32_t flags2 = SVAL(buf, smb_flg2);
33
34 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
35 return NT_STATUS(IVAL(buf, smb_rcls));
36 }
37
38 return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
39 }
40
41 /**
42 * Figure out if there is an andx command behind the current one
43 * @param[in] buf The smb buffer to look at
44 * @param[in] ofs The offset to the wct field that is followed by the cmd
45 * @retval Is there a command following?
46 */
47
48 static bool have_andx_command(const char *buf, uint16_t ofs)
49 {
50 uint8_t wct;
51 size_t buflen = talloc_get_size(buf);
52
53 if ((ofs == buflen-1) || (ofs == buflen)) {
54 return false;
55 }
56
57 wct = CVAL(buf, ofs);
58 if (wct < 2) {
59 /*
60 * Not enough space for the command and a following pointer
61 */
62 return false;
63 }
64 return (CVAL(buf, ofs+1) != 0xff);
65 }
66
67 #define MAX_SMB_IOV 5
68
69 struct cli_smb_state {
70 struct tevent_context *ev;
71 struct cli_state *cli;
72 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
73
74 /*
75 * For normal requests, cli_smb_req_send chooses a mid. Secondary
76 * trans requests need to use the mid of the primary request, so we
77 * need a place to store it. Assume it's set if != 0.
78 */
79 uint16_t mid;
80
81 uint16_t *vwv;
82 uint8_t bytecount_buf[2];
83
84 struct iovec iov[MAX_SMB_IOV+3];
85 int iov_count;
86
87 uint8_t *inbuf;
88 uint32_t seqnum;
89 int chain_num;
90 int chain_length;
91 struct tevent_req **chained_requests;
92 };
93
94 static uint16_t cli_alloc_mid(struct cli_state *cli)
95 {
96 int num_pending = talloc_array_length(cli->conn.pending);
97 uint16_t result;
98
99 while (true) {
100 int i;
101
102 result = cli->smb1.mid++;
103 if ((result == 0) || (result == 0xffff)) {
104 continue;
105 }
106
107 for (i=0; i<num_pending; i++) {
108 if (result == cli_smb_req_mid(cli->conn.pending[i])) {
109 break;
110 }
111 }
112
113 if (i == num_pending) {
114 return result;
115 }
116 }
117 }
118
119 void cli_smb_req_unset_pending(struct tevent_req *req)
120 {
121 struct cli_smb_state *state = tevent_req_data(
122 req, struct cli_smb_state);
123 struct cli_state *cli = state->cli;
124 int num_pending = talloc_array_length(cli->conn.pending);
125 int i;
126
127 if (state->mid != 0) {
128 /*
129 * This is a [nt]trans[2] request which waits
130 * for more than one reply.
131 */
132 return;
133 }
134
135 if (num_pending == 1) {
136 /*
137 * The pending read_smb tevent_req is a child of
138 * cli->pending. So if nothing is pending anymore, we need to
139 * delete the socket read fde.
140 */
141 TALLOC_FREE(cli->conn.pending);
142 return;
143 }
144
145 for (i=0; i<num_pending; i++) {
146 if (req == cli->conn.pending[i]) {
147 break;
148 }
149 }
150 if (i == num_pending) {
151 /*
152 * Something's seriously broken. Just returning here is the
153 * right thing nevertheless, the point of this routine is to
154 * remove ourselves from cli->conn.pending.
155 */
156 return;
157 }
158
159 /*
160 * Remove ourselves from the cli->conn.pending array
161 */
162 cli->conn.pending[i] = cli->conn.pending[num_pending-1];
163
164 /*
165 * No NULL check here, we're shrinking by sizeof(void *), and
166 * talloc_realloc just adjusts the size for this.
167 */
168 cli->conn.pending = talloc_realloc(NULL, cli->conn.pending,
169 struct tevent_req *,
170 num_pending - 1);
171 return;
172 }
173
174 static int cli_smb_req_destructor(struct tevent_req *req)
175 {
176 struct cli_smb_state *state = tevent_req_data(
177 req, struct cli_smb_state);
178 /*
179 * Make sure we really remove it from
180 * the pending array on destruction.
181 */
182 state->mid = 0;
183 cli_smb_req_unset_pending(req);
184 return 0;
185 }
186
187 static void cli_smb_received(struct tevent_req *subreq);
188
189 bool cli_smb_req_set_pending(struct tevent_req *req)
190 {
191 struct cli_smb_state *state = tevent_req_data(
192 req, struct cli_smb_state);
193 struct cli_state *cli;
194 struct tevent_req **pending;
195 int num_pending;
196 struct tevent_req *subreq;
197
198 cli = state->cli;
199 num_pending = talloc_array_length(cli->conn.pending);
200
201 pending = talloc_realloc(cli, cli->conn.pending, struct tevent_req *,
202 num_pending+1);
203 if (pending == NULL) {
204 return false;
205 }
206 pending[num_pending] = req;
207 cli->conn.pending = pending;
208 talloc_set_destructor(req, cli_smb_req_destructor);
209
210 if (num_pending > 0) {
211 return true;
212 }
213
214 /*
215 * We're the first ones, add the read_smb request that waits for the
216 * answer from the server
217 */
218 subreq = read_smb_send(cli->conn.pending, state->ev, cli->conn.fd);
219 if (subreq == NULL) {
220 cli_smb_req_unset_pending(req);
221 return false;
222 }
223 tevent_req_set_callback(subreq, cli_smb_received, cli);
224 return true;
225 }
226
227 /*
228 * Fetch a smb request's mid. Only valid after the request has been sent by
229 * cli_smb_req_send().
230 */
231 uint16_t cli_smb_req_mid(struct tevent_req *req)
232 {
233 struct cli_smb_state *state = tevent_req_data(
234 req, struct cli_smb_state);
235 return SVAL(state->header, smb_mid);
236 }
237
238 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
239 {
240 struct cli_smb_state *state = tevent_req_data(
241 req, struct cli_smb_state);
242 state->mid = mid;
243 }
244
245 uint32_t cli_smb_req_seqnum(struct tevent_req *req)
246 {
247 struct cli_smb_state *state = tevent_req_data(
248 req, struct cli_smb_state);
249 return state->seqnum;
250 }
251
252 void cli_smb_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
253 {
254 struct cli_smb_state *state = tevent_req_data(
255 req, struct cli_smb_state);
256 state->seqnum = seqnum;
257 }
258
259 static size_t iov_len(const struct iovec *iov, int count)
260 {
261 size_t result = 0;
262 int i;
263 for (i=0; i<count; i++) {
264 result += iov[i].iov_len;
265 }
266 return result;
267 }
268
269 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
270 int count)
271 {
272 size_t len = iov_len(iov, count);
273 size_t copied;
274 uint8_t *buf;
275 int i;
276
277 buf = talloc_array(mem_ctx, uint8_t, len);
278 if (buf == NULL) {
279 return NULL;
280 }
281 copied = 0;
282 for (i=0; i<count; i++) {
283 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
284 copied += iov[i].iov_len;
285 }
286 return buf;
287 }
288
289 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
290 struct event_context *ev,
291 struct cli_state *cli,
292 uint8_t smb_command,
293 uint8_t additional_flags,
294 uint8_t wct, uint16_t *vwv,
295 int iov_count,
296 struct iovec *bytes_iov)
297 {
298 struct tevent_req *result;
299 struct cli_smb_state *state;
300 struct timeval endtime;
301
302 if (iov_count > MAX_SMB_IOV) {
303 /*
304 * Should not happen :-)
305 */
306 return NULL;
307 }
308
309 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
310 if (result == NULL) {
311 return NULL;
312 }
313 state->ev = ev;
314 state->cli = cli;
315 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
316 state->chain_num = 0;
317 state->chained_requests = NULL;
318
319 cli_setup_packet_buf(cli, (char *)state->header);
320 SCVAL(state->header, smb_com, smb_command);
321 SSVAL(state->header, smb_tid, cli->smb1.tid);
322 SCVAL(state->header, smb_wct, wct);
323
324 state->vwv = vwv;
325
326 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
327
328 state->iov[0].iov_base = (void *)state->header;
329 state->iov[0].iov_len = sizeof(state->header);
330 state->iov[1].iov_base = (void *)state->vwv;
331 state->iov[1].iov_len = wct * sizeof(uint16_t);
332 state->iov[2].iov_base = (void *)state->bytecount_buf;
333 state->iov[2].iov_len = sizeof(uint16_t);
334
335 if (iov_count != 0) {
336 memcpy(&state->iov[3], bytes_iov,
337 iov_count * sizeof(*bytes_iov));
338 }
339 state->iov_count = iov_count + 3;
340
341 if (cli->timeout) {
342 endtime = timeval_current_ofs_msec(cli->timeout);
343 if (!tevent_req_set_endtime(result, ev, endtime)) {
344 tevent_req_oom(result);
345 }
346 }
347 return result;
348 }
349
350 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
351 uint32_t *seqnum)
352 {
353 uint8_t *buf;
354
355 /*
356 * Obvious optimization: Make cli_calculate_sign_mac work with struct
357 * iovec directly. MD5Update would do that just fine.
358 */
359
360 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
361 return NT_STATUS_INVALID_PARAMETER;
362 }
363
364 buf = iov_concat(talloc_tos(), iov, count);
365 if (buf == NULL) {
366 return NT_STATUS_NO_MEMORY;
367 }
368
369 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
370 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
371
372 TALLOC_FREE(buf);
373 return NT_STATUS_OK;
374 }
375
376 static void cli_smb_sent(struct tevent_req *subreq);
377
378 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
379 struct cli_smb_state *state,
380 struct iovec *iov, int iov_count)
381 {
382 struct tevent_req *subreq;
383 NTSTATUS status;
384
385 if (!cli_state_is_connected(state->cli)) {
386 return NT_STATUS_CONNECTION_INVALID;
387 }
388
389 if (iov[0].iov_len < smb_wct) {
390 return NT_STATUS_INVALID_PARAMETER;
391 }
392
393 if (state->mid != 0) {
394 SSVAL(iov[0].iov_base, smb_mid, state->mid);
395 } else {
396 uint16_t mid = cli_alloc_mid(state->cli);
397 SSVAL(iov[0].iov_base, smb_mid, mid);
398 }
399
400 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
401
402 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
403
404 if (!NT_STATUS_IS_OK(status)) {
405 return status;
406 }
407
408 if (cli_encryption_on(state->cli)) {
409 char *buf, *enc_buf;
410
411 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
412 if (buf == NULL) {
413 return NT_STATUS_NO_MEMORY;
414 }
415 status = common_encrypt_buffer(state->cli->trans_enc_state,
416 (char *)buf, &enc_buf);
417 TALLOC_FREE(buf);
418 if (!NT_STATUS_IS_OK(status)) {
419 DEBUG(0, ("Error in encrypting client message: %s\n",
420 nt_errstr(status)));
421 return status;
422 }
423 buf = (char *)talloc_memdup(state, enc_buf,
424 smb_len(enc_buf)+4);
425 SAFE_FREE(enc_buf);
426 if (buf == NULL) {
427 return NT_STATUS_NO_MEMORY;
428 }
429 iov[0].iov_base = (void *)buf;
430 iov[0].iov_len = talloc_get_size(buf);
431 iov_count = 1;
432 }
433 subreq = writev_send(state, state->ev, state->cli->conn.outgoing,
434 state->cli->conn.fd, false, iov, iov_count);
435 if (subreq == NULL) {
436 return NT_STATUS_NO_MEMORY;
437 }
438 tevent_req_set_callback(subreq, cli_smb_sent, req);
439 return NT_STATUS_OK;
440 }
441
442 NTSTATUS cli_smb_req_send(struct tevent_req *req)
443 {
444 struct cli_smb_state *state = tevent_req_data(
445 req, struct cli_smb_state);
446
447 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
448 }
449
450 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
451 struct event_context *ev,
452 struct cli_state *cli,
453 uint8_t smb_command,
454 uint8_t additional_flags,
455 uint8_t wct, uint16_t *vwv,
456 uint32_t num_bytes,
457 const uint8_t *bytes)
458 {
459 struct tevent_req *req;
460 struct iovec iov;
461 NTSTATUS status;
462
463 iov.iov_base = discard_const_p(void, bytes);
464 iov.iov_len = num_bytes;
465
466 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
467 additional_flags, wct, vwv, 1, &iov);
468 if (req == NULL) {
469 return NULL;
470 }
471
472 status = cli_smb_req_send(req);
473 if (!NT_STATUS_IS_OK(status)) {
474 tevent_req_nterror(req, status);
475 return tevent_req_post(req, ev);
476 }
477 return req;
478 }
479
480 static void cli_smb_sent(struct tevent_req *subreq)
481 {
482 struct tevent_req *req = tevent_req_callback_data(
483 subreq, struct tevent_req);
484 struct cli_smb_state *state = tevent_req_data(
485 req, struct cli_smb_state);
486 ssize_t nwritten;
487 int err;
488
489 nwritten = writev_recv(subreq, &err);
490 TALLOC_FREE(subreq);
491 if (nwritten == -1) {
492 cli_state_disconnect(state->cli);
493 tevent_req_nterror(req, map_nt_error_from_unix(err));
494 return;
495 }
496
497 switch (CVAL(state->header, smb_com)) {
498 case SMBtranss:
499 case SMBtranss2:
500 case SMBnttranss:
501 case SMBntcancel:
502 state->inbuf = NULL;
503 tevent_req_done(req);
504 return;
505 case SMBlockingX:
506 if ((CVAL(state->header, smb_wct) == 8) &&
507 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
508 state->inbuf = NULL;
509 tevent_req_done(req);
510 return;
511 }
512 }
513
514 if (!cli_smb_req_set_pending(req)) {
515 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
516 return;
517 }
518 }
519
520 static void cli_smb_received(struct tevent_req *subreq)
521 {
522 struct cli_state *cli = tevent_req_callback_data(
523 subreq, struct cli_state);
524 struct tevent_req *req;
525 struct cli_smb_state *state;
526 NTSTATUS status;
527 uint8_t *inbuf;
528 ssize_t received;
529 int num_pending;
530 int i, err;
531 uint16_t mid;
532 bool oplock_break;
533
534 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
535 TALLOC_FREE(subreq);
536 if (received == -1) {
537 cli_state_disconnect(cli);
538 status = map_nt_error_from_unix(err);
539 goto fail;
540 }
541
542 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
543 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
544 DEBUG(10, ("Got non-SMB PDU\n"));
545 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
546 goto fail;
547 }
548
549 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
550 uint16_t enc_ctx_num;
551
552 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
553 if (!NT_STATUS_IS_OK(status)) {
554 DEBUG(10, ("get_enc_ctx_num returned %s\n",
555 nt_errstr(status)));
556 goto fail;
557 }
558
559 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
560 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
561 enc_ctx_num,
562 cli->trans_enc_state->enc_ctx_num));
563 status = NT_STATUS_INVALID_HANDLE;
564 goto fail;
565 }
566
567 status = common_decrypt_buffer(cli->trans_enc_state,
568 (char *)inbuf);
569 if (!NT_STATUS_IS_OK(status)) {
570 DEBUG(10, ("common_decrypt_buffer returned %s\n",
571 nt_errstr(status)));
572 goto fail;
573 }
574 }
575
576 mid = SVAL(inbuf, smb_mid);
577 num_pending = talloc_array_length(cli->conn.pending);
578
579 for (i=0; i<num_pending; i++) {
580 if (mid == cli_smb_req_mid(cli->conn.pending[i])) {
581 break;
582 }
583 }
584 if (i == num_pending) {
585 /* Dump unexpected reply */
586 TALLOC_FREE(inbuf);
587 goto done;
588 }
589
590 oplock_break = false;
591
592 if (mid == 0xffff) {
593 /*
594 * Paranoia checks that this is really an oplock break request.
595 */
596 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
597 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
598 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
599 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
600 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
601
602 if (!oplock_break) {
603 /* Dump unexpected reply */
604 TALLOC_FREE(inbuf);
605 goto done;
606 }
607 }
608
609 req = cli->conn.pending[i];
610 state = tevent_req_data(req, struct cli_smb_state);
611
612 if (!oplock_break /* oplock breaks are not signed */
613 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
614 DEBUG(10, ("cli_check_sign_mac failed\n"));
615 TALLOC_FREE(inbuf);
616 status = NT_STATUS_ACCESS_DENIED;
617 cli_state_disconnect(cli);
618 goto fail;
619 }
620
621 if (state->chained_requests == NULL) {
622 state->inbuf = talloc_move(state, &inbuf);
623 talloc_set_destructor(req, NULL);
624 cli_smb_req_unset_pending(req);
625 state->chain_num = 0;
626 state->chain_length = 1;
627 tevent_req_done(req);
628 } else {
629 struct tevent_req **chain = talloc_move(
630 talloc_tos(), &state->chained_requests);
631 int num_chained = talloc_array_length(chain);
632
633 for (i=0; i<num_chained; i++) {
634 state = tevent_req_data(chain[i], struct
635 cli_smb_state);
636 state->inbuf = inbuf;
637 state->chain_num = i;
638 state->chain_length = num_chained;
639 tevent_req_done(chain[i]);
640 }
641 TALLOC_FREE(inbuf);
642 TALLOC_FREE(chain);
643 }
644 done:
645 if (talloc_array_length(cli->conn.pending) > 0) {
646 /*
647 * Set up another read request for the other pending cli_smb
648 * requests
649 */
650 state = tevent_req_data(cli->conn.pending[0],
651 struct cli_smb_state);
652 subreq = read_smb_send(cli->conn.pending, state->ev, cli->conn.fd);
653 if (subreq == NULL) {
654 status = NT_STATUS_NO_MEMORY;
655 goto fail;
656 }
657 tevent_req_set_callback(subreq, cli_smb_received, cli);
658 }
659 return;
660 fail:
661 /*
662 * Cancel all pending requests. We don't do a for-loop walking
663 * cli->conn.pending because that array changes in
664 * cli_smb_req_destructor().
665 */
666 while (talloc_array_length(cli->conn.pending) > 0) {
667 req = cli->conn.pending[0];
668 talloc_set_destructor(req, NULL);
669 cli_smb_req_unset_pending(req);
670 tevent_req_nterror(req, status);
671 }
672 }
673
674 NTSTATUS cli_smb_recv(struct tevent_req *req,
675 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
676 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
677 uint32_t *pnum_bytes, uint8_t **pbytes)
678 {
679 struct cli_smb_state *state = tevent_req_data(
680 req, struct cli_smb_state);
681 NTSTATUS status = NT_STATUS_OK;
682 uint8_t cmd, wct;
683 uint16_t num_bytes;
684 size_t wct_ofs, bytes_offset;
685 int i;
686
687 if (tevent_req_is_nterror(req, &status)) {
688 return status;
689 }
690
691 if (state->inbuf == NULL) {
692 if (min_wct != 0) {
693 return NT_STATUS_INVALID_NETWORK_RESPONSE;
694 }
695 if (pinbuf) {
696 *pinbuf = NULL;
697 }
698 if (pwct) {
699 *pwct = 0;
700 }
701 if (pvwv) {
702 *pvwv = NULL;
703 }
704 if (pnum_bytes) {
705 *pnum_bytes = 0;
706 }
707 if (pbytes) {
708 *pbytes = NULL;
709 }
710 /* This was a request without a reply */
711 return NT_STATUS_OK;
712 }
713
714 wct_ofs = smb_wct;
715 cmd = CVAL(state->inbuf, smb_com);
716
717 for (i=0; i<state->chain_num; i++) {
718 if (i < state->chain_num-1) {
719 if (cmd == 0xff) {
720 return NT_STATUS_REQUEST_ABORTED;
721 }
722 if (!is_andx_req(cmd)) {
723 return NT_STATUS_INVALID_NETWORK_RESPONSE;
724 }
725 }
726
727 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
728 /*
729 * This request was not completed because a previous
730 * request in the chain had received an error.
731 */
732 return NT_STATUS_REQUEST_ABORTED;
733 }
734
735 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
736
737 /*
738 * Skip the all-present length field. No overflow, we've just
739 * put a 16-bit value into a size_t.
740 */
741 wct_ofs += 4;
742
743 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
744 return NT_STATUS_INVALID_NETWORK_RESPONSE;
745 }
746
747 cmd = CVAL(state->inbuf, wct_ofs + 1);
748 }
749
750 state->cli->raw_status = cli_pull_raw_error(state->inbuf);
751 if (NT_STATUS_IS_DOS(state->cli->raw_status)) {
752 uint8_t eclass = NT_STATUS_DOS_CLASS(state->cli->raw_status);
753 uint16_t ecode = NT_STATUS_DOS_CODE(state->cli->raw_status);
754 /*
755 * TODO: is it really a good idea to do a mapping here?
756 *
757 * The old cli_pull_error() also does it, so I do not change
758 * the behavior yet.
759 */
760 status = dos_to_ntstatus(eclass, ecode);
761 } else {
762 status = state->cli->raw_status;
763 }
764
765 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
766
767 if ((cmd == SMBsesssetupX)
768 && NT_STATUS_EQUAL(
769 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
770 /*
771 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
772 * valid return code for session setup
773 */
774 goto no_err;
775 }
776
777 if (NT_STATUS_IS_ERR(status)) {
778 /*
779 * The last command takes the error code. All
780 * further commands down the requested chain
781 * will get a NT_STATUS_REQUEST_ABORTED.
782 */
783 return status;
784 }
785 }
786
787 no_err:
788
789 wct = CVAL(state->inbuf, wct_ofs);
790 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
791 num_bytes = SVAL(state->inbuf, bytes_offset);
792
793 if (wct < min_wct) {
794 return NT_STATUS_INVALID_NETWORK_RESPONSE;
795 }
796
797 /*
798 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
799 * is a 16-bit value. So bytes_offset being size_t should be far from
800 * wrapping.
801 */
802 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
803 || (bytes_offset > 0xffff)) {
804 return NT_STATUS_INVALID_NETWORK_RESPONSE;
805 }
806
807 if (pwct != NULL) {
808 *pwct = wct;
809 }
810 if (pvwv != NULL) {
811 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
812 }
813 if (pnum_bytes != NULL) {
814 *pnum_bytes = num_bytes;
815 }
816 if (pbytes != NULL) {
817 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
818 }
819 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
820 if (state->chain_num == state->chain_length-1) {
821 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
822 } else {
823 *pinbuf = state->inbuf;
824 }
825 }
826
827 return status;
828 }
829
830 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
831 {
832 size_t wct_ofs;
833 int i;
834
835 wct_ofs = smb_wct - 4;
836
837 for (i=0; i<num_reqs; i++) {
838 struct cli_smb_state *state;
839 state = tevent_req_data(reqs[i], struct cli_smb_state);
840 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
841 wct_ofs = (wct_ofs + 3) & ~3;
842 }
843 return wct_ofs;
844 }
845
846 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
847 {
848 struct cli_smb_state *first_state = tevent_req_data(
849 reqs[0], struct cli_smb_state);
850 struct cli_smb_state *last_state = tevent_req_data(
851 reqs[num_reqs-1], struct cli_smb_state);
852 struct cli_smb_state *state;
853 size_t wct_offset;
854 size_t chain_padding = 0;
855 int i, iovlen;
856 struct iovec *iov = NULL;
857 struct iovec *this_iov;
858 NTSTATUS status;
859
860 iovlen = 0;
861 for (i=0; i<num_reqs; i++) {
862 state = tevent_req_data(reqs[i], struct cli_smb_state);
863 iovlen += state->iov_count;
864 }
865
866 iov = talloc_array(last_state, struct iovec, iovlen);
867 if (iov == NULL) {
868 return NT_STATUS_NO_MEMORY;
869 }
870
871 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
872 last_state, reqs, sizeof(*reqs) * num_reqs);
873 if (first_state->chained_requests == NULL) {
874 TALLOC_FREE(iov);
875 return NT_STATUS_NO_MEMORY;
876 }
877
878 wct_offset = smb_wct - 4;
879 this_iov = iov;
880
881 for (i=0; i<num_reqs; i++) {
882 size_t next_padding = 0;
883 uint16_t *vwv;
884
885 state = tevent_req_data(reqs[i], struct cli_smb_state);
886
887 if (i < num_reqs-1) {
888 if (!is_andx_req(CVAL(state->header, smb_com))
889 || CVAL(state->header, smb_wct) < 2) {
890 TALLOC_FREE(iov);
891 TALLOC_FREE(first_state->chained_requests);
892 return NT_STATUS_INVALID_PARAMETER;
893 }
894 }
895
896 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
897 if ((wct_offset % 4) != 0) {
898 next_padding = 4 - (wct_offset % 4);
899 }
900 wct_offset += next_padding;
901 vwv = state->vwv;
902
903 if (i < num_reqs-1) {
904 struct cli_smb_state *next_state = tevent_req_data(
905 reqs[i+1], struct cli_smb_state);
906 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
907 SCVAL(vwv+0, 1, 0);
908 SSVAL(vwv+1, 0, wct_offset);
909 } else if (is_andx_req(CVAL(state->header, smb_com))) {
910 /* properly end the chain */
911 SCVAL(vwv+0, 0, 0xff);
912 SCVAL(vwv+0, 1, 0xff);
913 SSVAL(vwv+1, 0, 0);
914 }
915
916 if (i == 0) {
917 this_iov[0] = state->iov[0];
918 } else {
919 /*
920 * This one is a bit subtle. We have to add
921 * chain_padding bytes between the requests, and we
922 * have to also include the wct field of the
923 * subsequent requests. We use the subsequent header
924 * for the padding, it contains the wct field in its
925 * last byte.
926 */
927 this_iov[0].iov_len = chain_padding+1;
928 this_iov[0].iov_base = (void *)&state->header[
929 sizeof(state->header) - this_iov[0].iov_len];
930 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
931 }
932 memcpy(this_iov+1, state->iov+1,
933 sizeof(struct iovec) * (state->iov_count-1));
934 this_iov += state->iov_count;
935 chain_padding = next_padding;
936 }
937
938 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
939 if (!NT_STATUS_IS_OK(status)) {
940 TALLOC_FREE(iov);
941 TALLOC_FREE(first_state->chained_requests);
942 return status;
943 }
944
945 return NT_STATUS_OK;
946 }
947
948 bool cli_has_async_calls(struct cli_state *cli)
949 {
950 return ((tevent_queue_length(cli->conn.outgoing) != 0)
951 || (talloc_array_length(cli->conn.pending) != 0));
952 }
953
954 struct cli_smb_oplock_break_waiter_state {
955 uint16_t fnum;
956 uint8_t level;
957 };
958
959 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
960
961 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
962 struct event_context *ev,
963 struct cli_state *cli)
964 {
965 struct tevent_req *req, *subreq;
966 struct cli_smb_oplock_break_waiter_state *state;
967 struct cli_smb_state *smb_state;
968
969 req = tevent_req_create(mem_ctx, &state,
970 struct cli_smb_oplock_break_waiter_state);
971 if (req == NULL) {
972 return NULL;
973 }
974
975 /*
976 * Create a fake SMB request that we will never send out. This is only
977 * used to be set into the pending queue with the right mid.
978 */
979 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
980 if (tevent_req_nomem(subreq, req)) {
981 return tevent_req_post(req, ev);
982 }
983 smb_state = tevent_req_data(subreq, struct cli_smb_state);
984 SSVAL(smb_state->header, smb_mid, 0xffff);
985
986 if (!cli_smb_req_set_pending(subreq)) {
987 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
988 return tevent_req_post(req, ev);
989 }
990 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
991 return req;
992 }
993
994 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
995 {
996 struct tevent_req *req = tevent_req_callback_data(
997 subreq, struct tevent_req);
998 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
999 req, struct cli_smb_oplock_break_waiter_state);
1000 uint8_t wct;
1001 uint16_t *vwv;
1002 uint32_t num_bytes;
1003 uint8_t *bytes;
1004 uint8_t *inbuf;
1005 NTSTATUS status;
1006
1007 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1008 &num_bytes, &bytes);
1009 TALLOC_FREE(subreq);
1010 if (!NT_STATUS_IS_OK(status)) {
1011 tevent_req_nterror(req, status);
1012 return;
1013 }
1014 state->fnum = SVAL(vwv+2, 0);
1015 state->level = CVAL(vwv+3, 1);
1016 tevent_req_done(req);
1017 }
1018
1019 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1020 uint16_t *pfnum,
1021 uint8_t *plevel)
1022 {
1023 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1024 req, struct cli_smb_oplock_break_waiter_state);
1025 NTSTATUS status;
1026
1027 if (tevent_req_is_nterror(req, &status)) {
1028 return status;
1029 }
1030 *pfnum = state->fnum;
1031 *plevel = state->level;
1032 return NT_STATUS_OK;
1033 }
1034
1035
1036 struct cli_session_request_state {
1037 struct tevent_context *ev;
1038 int sock;
1039 uint32 len_hdr;
1040 struct iovec iov[3];
1041 uint8_t nb_session_response;
1042 };
1043
1044 static void cli_session_request_sent(struct tevent_req *subreq);
1045 static void cli_session_request_recvd(struct tevent_req *subreq);
1046
1047 struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
1048 struct tevent_context *ev,
1049 int sock,
1050 const struct nmb_name *called,
1051 const struct nmb_name *calling)
1052 {
1053 struct tevent_req *req, *subreq;
1054 struct cli_session_request_state *state;
1055
1056 req = tevent_req_create(mem_ctx, &state,
1057 struct cli_session_request_state);
1058 if (req == NULL) {
1059 return NULL;
1060 }
1061 state->ev = ev;
1062 state->sock = sock;
1063
1064 state->iov[1].iov_base = name_mangle(
1065 state, called->name, called->name_type);
1066 if (tevent_req_nomem(state->iov[1].iov_base, req)) {
1067 return tevent_req_post(req, ev);
1068 }
1069 state->iov[1].iov_len = name_len(
1070 (unsigned char *)state->iov[1].iov_base,
1071 talloc_get_size(state->iov[1].iov_base));
1072
1073 state->iov[2].iov_base = name_mangle(
1074 state, calling->name, calling->name_type);
1075 if (tevent_req_nomem(state->iov[2].iov_base, req)) {
1076 return tevent_req_post(req, ev);
1077 }
1078 state->iov[2].iov_len = name_len(
1079 (unsigned char *)state->iov[2].iov_base,
1080 talloc_get_size(state->iov[2].iov_base));
1081
1082 _smb_setlen(((char *)&state->len_hdr),
1083 state->iov[1].iov_len + state->iov[2].iov_len);
1084 SCVAL((char *)&state->len_hdr, 0, 0x81);
1085
1086 state->iov[0].iov_base = &state->len_hdr;
1087 state->iov[0].iov_len = sizeof(state->len_hdr);
1088
1089 subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
1090 if (tevent_req_nomem(subreq, req)) {
1091 return tevent_req_post(req, ev);
1092 }
1093 tevent_req_set_callback(subreq, cli_session_request_sent, req);
1094 return req;
1095 }
1096
1097 static void cli_session_request_sent(struct tevent_req *subreq)
1098 {
1099 struct tevent_req *req = tevent_req_callback_data(
1100 subreq, struct tevent_req);
1101 struct cli_session_request_state *state = tevent_req_data(
1102 req, struct cli_session_request_state);
1103 ssize_t ret;
1104 int err;
1105
1106 ret = writev_recv(subreq, &err);
1107 TALLOC_FREE(subreq);
1108 if (ret == -1) {
1109 tevent_req_error(req, err);
1110 return;
1111 }
1112 subreq = read_smb_send(state, state->ev, state->sock);
1113 if (tevent_req_nomem(subreq, req)) {
1114 return;
1115 }
1116 tevent_req_set_callback(subreq, cli_session_request_recvd, req);
1117 }
1118
1119 static void cli_session_request_recvd(struct tevent_req *subreq)
1120 {
1121 struct tevent_req *req = tevent_req_callback_data(
1122 subreq, struct tevent_req);
1123 struct cli_session_request_state *state = tevent_req_data(
1124 req, struct cli_session_request_state);
1125 uint8_t *buf;
1126 ssize_t ret;
1127 int err;
1128
1129 ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
1130 TALLOC_FREE(subreq);
1131
1132 if (ret < 4) {
1133 ret = -1;
1134 err = EIO;
1135 }
1136 if (ret == -1) {
1137 tevent_req_error(req, err);
1138 return;
1139 }
1140 /*
1141 * In case of an error there is more information in the data
1142 * portion according to RFC1002. We're not subtle enough to
1143 * respond to the different error conditions, so drop the
1144 * error info here.
1145 */
1146 state->nb_session_response = CVAL(buf, 0);
1147 tevent_req_done(req);
1148 }
1149
1150 bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
1151 {
1152 struct cli_session_request_state *state = tevent_req_data(
1153 req, struct cli_session_request_state);
1154
1155 if (tevent_req_is_unix_error(req, err)) {
1156 return false;
1157 }
1158 *resp = state->nb_session_response;
1159 return true;
1160 }
reg import