2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
30 static NTSTATUS
cli_pull_raw_error(const uint8_t *buf
)
32 uint32_t flags2
= SVAL(buf
, smb_flg2
);
34 if (flags2
& FLAGS2_32_BIT_ERROR_CODES
) {
35 return NT_STATUS(IVAL(buf
, smb_rcls
));
38 return NT_STATUS_DOS(CVAL(buf
, smb_rcls
), SVAL(buf
,smb_err
));
42 * Figure out if there is an andx command behind the current one
43 * @param[in] buf The smb buffer to look at
44 * @param[in] ofs The offset to the wct field that is followed by the cmd
45 * @retval Is there a command following?
48 static bool have_andx_command(const char *buf
, uint16_t ofs
)
51 size_t buflen
= talloc_get_size(buf
);
53 if ((ofs
== buflen
-1) || (ofs
== buflen
)) {
60 * Not enough space for the command and a following pointer
64 return (CVAL(buf
, ofs
+1) != 0xff);
69 struct cli_smb_state
{
70 struct tevent_context
*ev
;
71 struct cli_state
*cli
;
72 uint8_t header
[smb_wct
+1]; /* Space for the header including the wct */
75 * For normal requests, cli_smb_req_send chooses a mid. Secondary
76 * trans requests need to use the mid of the primary request, so we
77 * need a place to store it. Assume it's set if != 0.
82 uint8_t bytecount_buf
[2];
84 struct iovec iov
[MAX_SMB_IOV
+3];
91 struct tevent_req
**chained_requests
;
94 static uint16_t cli_alloc_mid(struct cli_state
*cli
)
96 int num_pending
= talloc_array_length(cli
->conn
.pending
);
102 result
= cli
->smb1
.mid
++;
103 if ((result
== 0) || (result
== 0xffff)) {
107 for (i
=0; i
<num_pending
; i
++) {
108 if (result
== cli_smb_req_mid(cli
->conn
.pending
[i
])) {
113 if (i
== num_pending
) {
119 void cli_smb_req_unset_pending(struct tevent_req
*req
)
121 struct cli_smb_state
*state
= tevent_req_data(
122 req
, struct cli_smb_state
);
123 struct cli_state
*cli
= state
->cli
;
124 int num_pending
= talloc_array_length(cli
->conn
.pending
);
127 if (state
->mid
!= 0) {
129 * This is a [nt]trans[2] request which waits
130 * for more than one reply.
135 if (num_pending
== 1) {
137 * The pending read_smb tevent_req is a child of
138 * cli->pending. So if nothing is pending anymore, we need to
139 * delete the socket read fde.
141 TALLOC_FREE(cli
->conn
.pending
);
145 for (i
=0; i
<num_pending
; i
++) {
146 if (req
== cli
->conn
.pending
[i
]) {
150 if (i
== num_pending
) {
152 * Something's seriously broken. Just returning here is the
153 * right thing nevertheless, the point of this routine is to
154 * remove ourselves from cli->conn.pending.
160 * Remove ourselves from the cli->conn.pending array
162 cli
->conn
.pending
[i
] = cli
->conn
.pending
[num_pending
-1];
165 * No NULL check here, we're shrinking by sizeof(void *), and
166 * talloc_realloc just adjusts the size for this.
168 cli
->conn
.pending
= talloc_realloc(NULL
, cli
->conn
.pending
,
174 static int cli_smb_req_destructor(struct tevent_req
*req
)
176 struct cli_smb_state
*state
= tevent_req_data(
177 req
, struct cli_smb_state
);
179 * Make sure we really remove it from
180 * the pending array on destruction.
183 cli_smb_req_unset_pending(req
);
187 static void cli_smb_received(struct tevent_req
*subreq
);
189 bool cli_smb_req_set_pending(struct tevent_req
*req
)
191 struct cli_smb_state
*state
= tevent_req_data(
192 req
, struct cli_smb_state
);
193 struct cli_state
*cli
;
194 struct tevent_req
**pending
;
196 struct tevent_req
*subreq
;
199 num_pending
= talloc_array_length(cli
->conn
.pending
);
201 pending
= talloc_realloc(cli
, cli
->conn
.pending
, struct tevent_req
*,
203 if (pending
== NULL
) {
206 pending
[num_pending
] = req
;
207 cli
->conn
.pending
= pending
;
208 talloc_set_destructor(req
, cli_smb_req_destructor
);
210 if (num_pending
> 0) {
215 * We're the first ones, add the read_smb request that waits for the
216 * answer from the server
218 subreq
= read_smb_send(cli
->conn
.pending
, state
->ev
, cli
->conn
.fd
);
219 if (subreq
== NULL
) {
220 cli_smb_req_unset_pending(req
);
223 tevent_req_set_callback(subreq
, cli_smb_received
, cli
);
228 * Fetch a smb request's mid. Only valid after the request has been sent by
229 * cli_smb_req_send().
231 uint16_t cli_smb_req_mid(struct tevent_req
*req
)
233 struct cli_smb_state
*state
= tevent_req_data(
234 req
, struct cli_smb_state
);
235 return SVAL(state
->header
, smb_mid
);
238 void cli_smb_req_set_mid(struct tevent_req
*req
, uint16_t mid
)
240 struct cli_smb_state
*state
= tevent_req_data(
241 req
, struct cli_smb_state
);
245 uint32_t cli_smb_req_seqnum(struct tevent_req
*req
)
247 struct cli_smb_state
*state
= tevent_req_data(
248 req
, struct cli_smb_state
);
249 return state
->seqnum
;
252 void cli_smb_req_set_seqnum(struct tevent_req
*req
, uint32_t seqnum
)
254 struct cli_smb_state
*state
= tevent_req_data(
255 req
, struct cli_smb_state
);
256 state
->seqnum
= seqnum
;
259 static size_t iov_len(const struct iovec
*iov
, int count
)
263 for (i
=0; i
<count
; i
++) {
264 result
+= iov
[i
].iov_len
;
269 static uint8_t *iov_concat(TALLOC_CTX
*mem_ctx
, const struct iovec
*iov
,
272 size_t len
= iov_len(iov
, count
);
277 buf
= talloc_array(mem_ctx
, uint8_t, len
);
282 for (i
=0; i
<count
; i
++) {
283 memcpy(buf
+copied
, iov
[i
].iov_base
, iov
[i
].iov_len
);
284 copied
+= iov
[i
].iov_len
;
289 struct tevent_req
*cli_smb_req_create(TALLOC_CTX
*mem_ctx
,
290 struct event_context
*ev
,
291 struct cli_state
*cli
,
293 uint8_t additional_flags
,
294 uint8_t wct
, uint16_t *vwv
,
296 struct iovec
*bytes_iov
)
298 struct tevent_req
*result
;
299 struct cli_smb_state
*state
;
300 struct timeval endtime
;
302 if (iov_count
> MAX_SMB_IOV
) {
304 * Should not happen :-)
309 result
= tevent_req_create(mem_ctx
, &state
, struct cli_smb_state
);
310 if (result
== NULL
) {
315 state
->mid
= 0; /* Set to auto-choose in cli_smb_req_send */
316 state
->chain_num
= 0;
317 state
->chained_requests
= NULL
;
319 cli_setup_packet_buf(cli
, (char *)state
->header
);
320 SCVAL(state
->header
, smb_com
, smb_command
);
321 SSVAL(state
->header
, smb_tid
, cli
->smb1
.tid
);
322 SCVAL(state
->header
, smb_wct
, wct
);
326 SSVAL(state
->bytecount_buf
, 0, iov_len(bytes_iov
, iov_count
));
328 state
->iov
[0].iov_base
= (void *)state
->header
;
329 state
->iov
[0].iov_len
= sizeof(state
->header
);
330 state
->iov
[1].iov_base
= (void *)state
->vwv
;
331 state
->iov
[1].iov_len
= wct
* sizeof(uint16_t);
332 state
->iov
[2].iov_base
= (void *)state
->bytecount_buf
;
333 state
->iov
[2].iov_len
= sizeof(uint16_t);
335 if (iov_count
!= 0) {
336 memcpy(&state
->iov
[3], bytes_iov
,
337 iov_count
* sizeof(*bytes_iov
));
339 state
->iov_count
= iov_count
+ 3;
342 endtime
= timeval_current_ofs_msec(cli
->timeout
);
343 if (!tevent_req_set_endtime(result
, ev
, endtime
)) {
344 tevent_req_oom(result
);
350 static NTSTATUS
cli_signv(struct cli_state
*cli
, struct iovec
*iov
, int count
,
356 * Obvious optimization: Make cli_calculate_sign_mac work with struct
357 * iovec directly. MD5Update would do that just fine.
360 if ((count
<= 0) || (iov
[0].iov_len
< smb_wct
)) {
361 return NT_STATUS_INVALID_PARAMETER
;
364 buf
= iov_concat(talloc_tos(), iov
, count
);
366 return NT_STATUS_NO_MEMORY
;
369 cli_calculate_sign_mac(cli
, (char *)buf
, seqnum
);
370 memcpy(iov
[0].iov_base
, buf
, iov
[0].iov_len
);
376 static void cli_smb_sent(struct tevent_req
*subreq
);
378 static NTSTATUS
cli_smb_req_iov_send(struct tevent_req
*req
,
379 struct cli_smb_state
*state
,
380 struct iovec
*iov
, int iov_count
)
382 struct tevent_req
*subreq
;
385 if (!cli_state_is_connected(state
->cli
)) {
386 return NT_STATUS_CONNECTION_INVALID
;
389 if (iov
[0].iov_len
< smb_wct
) {
390 return NT_STATUS_INVALID_PARAMETER
;
393 if (state
->mid
!= 0) {
394 SSVAL(iov
[0].iov_base
, smb_mid
, state
->mid
);
396 uint16_t mid
= cli_alloc_mid(state
->cli
);
397 SSVAL(iov
[0].iov_base
, smb_mid
, mid
);
400 smb_setlen((char *)iov
[0].iov_base
, iov_len(iov
, iov_count
) - 4);
402 status
= cli_signv(state
->cli
, iov
, iov_count
, &state
->seqnum
);
404 if (!NT_STATUS_IS_OK(status
)) {
408 if (cli_encryption_on(state
->cli
)) {
411 buf
= (char *)iov_concat(talloc_tos(), iov
, iov_count
);
413 return NT_STATUS_NO_MEMORY
;
415 status
= common_encrypt_buffer(state
->cli
->trans_enc_state
,
416 (char *)buf
, &enc_buf
);
418 if (!NT_STATUS_IS_OK(status
)) {
419 DEBUG(0, ("Error in encrypting client message: %s\n",
423 buf
= (char *)talloc_memdup(state
, enc_buf
,
427 return NT_STATUS_NO_MEMORY
;
429 iov
[0].iov_base
= (void *)buf
;
430 iov
[0].iov_len
= talloc_get_size(buf
);
433 subreq
= writev_send(state
, state
->ev
, state
->cli
->conn
.outgoing
,
434 state
->cli
->conn
.fd
, false, iov
, iov_count
);
435 if (subreq
== NULL
) {
436 return NT_STATUS_NO_MEMORY
;
438 tevent_req_set_callback(subreq
, cli_smb_sent
, req
);
442 NTSTATUS
cli_smb_req_send(struct tevent_req
*req
)
444 struct cli_smb_state
*state
= tevent_req_data(
445 req
, struct cli_smb_state
);
447 return cli_smb_req_iov_send(req
, state
, state
->iov
, state
->iov_count
);
450 struct tevent_req
*cli_smb_send(TALLOC_CTX
*mem_ctx
,
451 struct event_context
*ev
,
452 struct cli_state
*cli
,
454 uint8_t additional_flags
,
455 uint8_t wct
, uint16_t *vwv
,
457 const uint8_t *bytes
)
459 struct tevent_req
*req
;
463 iov
.iov_base
= discard_const_p(void, bytes
);
464 iov
.iov_len
= num_bytes
;
466 req
= cli_smb_req_create(mem_ctx
, ev
, cli
, smb_command
,
467 additional_flags
, wct
, vwv
, 1, &iov
);
472 status
= cli_smb_req_send(req
);
473 if (!NT_STATUS_IS_OK(status
)) {
474 tevent_req_nterror(req
, status
);
475 return tevent_req_post(req
, ev
);
480 static void cli_smb_sent(struct tevent_req
*subreq
)
482 struct tevent_req
*req
= tevent_req_callback_data(
483 subreq
, struct tevent_req
);
484 struct cli_smb_state
*state
= tevent_req_data(
485 req
, struct cli_smb_state
);
489 nwritten
= writev_recv(subreq
, &err
);
491 if (nwritten
== -1) {
492 cli_state_disconnect(state
->cli
);
493 tevent_req_nterror(req
, map_nt_error_from_unix(err
));
497 switch (CVAL(state
->header
, smb_com
)) {
503 tevent_req_done(req
);
506 if ((CVAL(state
->header
, smb_wct
) == 8) &&
507 (CVAL(state
->vwv
+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE
)) {
509 tevent_req_done(req
);
514 if (!cli_smb_req_set_pending(req
)) {
515 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
520 static void cli_smb_received(struct tevent_req
*subreq
)
522 struct cli_state
*cli
= tevent_req_callback_data(
523 subreq
, struct cli_state
);
524 struct tevent_req
*req
;
525 struct cli_smb_state
*state
;
534 received
= read_smb_recv(subreq
, talloc_tos(), &inbuf
, &err
);
536 if (received
== -1) {
537 cli_state_disconnect(cli
);
538 status
= map_nt_error_from_unix(err
);
542 if ((IVAL(inbuf
, 4) != 0x424d53ff) /* 0xFF"SMB" */
543 && (SVAL(inbuf
, 4) != 0x45ff)) /* 0xFF"E" */ {
544 DEBUG(10, ("Got non-SMB PDU\n"));
545 status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
549 if (cli_encryption_on(cli
) && (CVAL(inbuf
, 0) == 0)) {
550 uint16_t enc_ctx_num
;
552 status
= get_enc_ctx_num(inbuf
, &enc_ctx_num
);
553 if (!NT_STATUS_IS_OK(status
)) {
554 DEBUG(10, ("get_enc_ctx_num returned %s\n",
559 if (enc_ctx_num
!= cli
->trans_enc_state
->enc_ctx_num
) {
560 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
562 cli
->trans_enc_state
->enc_ctx_num
));
563 status
= NT_STATUS_INVALID_HANDLE
;
567 status
= common_decrypt_buffer(cli
->trans_enc_state
,
569 if (!NT_STATUS_IS_OK(status
)) {
570 DEBUG(10, ("common_decrypt_buffer returned %s\n",
576 mid
= SVAL(inbuf
, smb_mid
);
577 num_pending
= talloc_array_length(cli
->conn
.pending
);
579 for (i
=0; i
<num_pending
; i
++) {
580 if (mid
== cli_smb_req_mid(cli
->conn
.pending
[i
])) {
584 if (i
== num_pending
) {
585 /* Dump unexpected reply */
590 oplock_break
= false;
594 * Paranoia checks that this is really an oplock break request.
596 oplock_break
= (smb_len(inbuf
) == 51); /* hdr + 8 words */
597 oplock_break
&= ((CVAL(inbuf
, smb_flg
) & FLAG_REPLY
) == 0);
598 oplock_break
&= (CVAL(inbuf
, smb_com
) == SMBlockingX
);
599 oplock_break
&= (SVAL(inbuf
, smb_vwv6
) == 0);
600 oplock_break
&= (SVAL(inbuf
, smb_vwv7
) == 0);
603 /* Dump unexpected reply */
609 req
= cli
->conn
.pending
[i
];
610 state
= tevent_req_data(req
, struct cli_smb_state
);
612 if (!oplock_break
/* oplock breaks are not signed */
613 && !cli_check_sign_mac(cli
, (char *)inbuf
, state
->seqnum
+1)) {
614 DEBUG(10, ("cli_check_sign_mac failed\n"));
616 status
= NT_STATUS_ACCESS_DENIED
;
617 cli_state_disconnect(cli
);
621 if (state
->chained_requests
== NULL
) {
622 state
->inbuf
= talloc_move(state
, &inbuf
);
623 talloc_set_destructor(req
, NULL
);
624 cli_smb_req_unset_pending(req
);
625 state
->chain_num
= 0;
626 state
->chain_length
= 1;
627 tevent_req_done(req
);
629 struct tevent_req
**chain
= talloc_move(
630 talloc_tos(), &state
->chained_requests
);
631 int num_chained
= talloc_array_length(chain
);
633 for (i
=0; i
<num_chained
; i
++) {
634 state
= tevent_req_data(chain
[i
], struct
636 state
->inbuf
= inbuf
;
637 state
->chain_num
= i
;
638 state
->chain_length
= num_chained
;
639 tevent_req_done(chain
[i
]);
645 if (talloc_array_length(cli
->conn
.pending
) > 0) {
647 * Set up another read request for the other pending cli_smb
650 state
= tevent_req_data(cli
->conn
.pending
[0],
651 struct cli_smb_state
);
652 subreq
= read_smb_send(cli
->conn
.pending
, state
->ev
, cli
->conn
.fd
);
653 if (subreq
== NULL
) {
654 status
= NT_STATUS_NO_MEMORY
;
657 tevent_req_set_callback(subreq
, cli_smb_received
, cli
);
662 * Cancel all pending requests. We don't do a for-loop walking
663 * cli->conn.pending because that array changes in
664 * cli_smb_req_destructor().
666 while (talloc_array_length(cli
->conn
.pending
) > 0) {
667 req
= cli
->conn
.pending
[0];
668 talloc_set_destructor(req
, NULL
);
669 cli_smb_req_unset_pending(req
);
670 tevent_req_nterror(req
, status
);
674 NTSTATUS
cli_smb_recv(struct tevent_req
*req
,
675 TALLOC_CTX
*mem_ctx
, uint8_t **pinbuf
,
676 uint8_t min_wct
, uint8_t *pwct
, uint16_t **pvwv
,
677 uint32_t *pnum_bytes
, uint8_t **pbytes
)
679 struct cli_smb_state
*state
= tevent_req_data(
680 req
, struct cli_smb_state
);
681 NTSTATUS status
= NT_STATUS_OK
;
684 size_t wct_ofs
, bytes_offset
;
687 if (tevent_req_is_nterror(req
, &status
)) {
691 if (state
->inbuf
== NULL
) {
693 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
710 /* This was a request without a reply */
715 cmd
= CVAL(state
->inbuf
, smb_com
);
717 for (i
=0; i
<state
->chain_num
; i
++) {
718 if (i
< state
->chain_num
-1) {
720 return NT_STATUS_REQUEST_ABORTED
;
722 if (!is_andx_req(cmd
)) {
723 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
727 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
729 * This request was not completed because a previous
730 * request in the chain had received an error.
732 return NT_STATUS_REQUEST_ABORTED
;
735 wct_ofs
= SVAL(state
->inbuf
, wct_ofs
+ 3);
738 * Skip the all-present length field. No overflow, we've just
739 * put a 16-bit value into a size_t.
743 if (wct_ofs
+2 > talloc_get_size(state
->inbuf
)) {
744 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
747 cmd
= CVAL(state
->inbuf
, wct_ofs
+ 1);
750 state
->cli
->raw_status
= cli_pull_raw_error(state
->inbuf
);
751 if (NT_STATUS_IS_DOS(state
->cli
->raw_status
)) {
752 uint8_t eclass
= NT_STATUS_DOS_CLASS(state
->cli
->raw_status
);
753 uint16_t ecode
= NT_STATUS_DOS_CODE(state
->cli
->raw_status
);
755 * TODO: is it really a good idea to do a mapping here?
757 * The old cli_pull_error() also does it, so I do not change
760 status
= dos_to_ntstatus(eclass
, ecode
);
762 status
= state
->cli
->raw_status
;
765 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
767 if ((cmd
== SMBsesssetupX
)
769 status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
771 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
772 * valid return code for session setup
777 if (NT_STATUS_IS_ERR(status
)) {
779 * The last command takes the error code. All
780 * further commands down the requested chain
781 * will get a NT_STATUS_REQUEST_ABORTED.
789 wct
= CVAL(state
->inbuf
, wct_ofs
);
790 bytes_offset
= wct_ofs
+ 1 + wct
* sizeof(uint16_t);
791 num_bytes
= SVAL(state
->inbuf
, bytes_offset
);
794 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
798 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
799 * is a 16-bit value. So bytes_offset being size_t should be far from
802 if ((bytes_offset
+ 2 > talloc_get_size(state
->inbuf
))
803 || (bytes_offset
> 0xffff)) {
804 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
811 *pvwv
= (uint16_t *)(state
->inbuf
+ wct_ofs
+ 1);
813 if (pnum_bytes
!= NULL
) {
814 *pnum_bytes
= num_bytes
;
816 if (pbytes
!= NULL
) {
817 *pbytes
= (uint8_t *)state
->inbuf
+ bytes_offset
+ 2;
819 if ((mem_ctx
!= NULL
) && (pinbuf
!= NULL
)) {
820 if (state
->chain_num
== state
->chain_length
-1) {
821 *pinbuf
= talloc_move(mem_ctx
, &state
->inbuf
);
823 *pinbuf
= state
->inbuf
;
830 size_t cli_smb_wct_ofs(struct tevent_req
**reqs
, int num_reqs
)
835 wct_ofs
= smb_wct
- 4;
837 for (i
=0; i
<num_reqs
; i
++) {
838 struct cli_smb_state
*state
;
839 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
840 wct_ofs
+= iov_len(state
->iov
+1, state
->iov_count
-1);
841 wct_ofs
= (wct_ofs
+ 3) & ~3;
846 NTSTATUS
cli_smb_chain_send(struct tevent_req
**reqs
, int num_reqs
)
848 struct cli_smb_state
*first_state
= tevent_req_data(
849 reqs
[0], struct cli_smb_state
);
850 struct cli_smb_state
*last_state
= tevent_req_data(
851 reqs
[num_reqs
-1], struct cli_smb_state
);
852 struct cli_smb_state
*state
;
854 size_t chain_padding
= 0;
856 struct iovec
*iov
= NULL
;
857 struct iovec
*this_iov
;
861 for (i
=0; i
<num_reqs
; i
++) {
862 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
863 iovlen
+= state
->iov_count
;
866 iov
= talloc_array(last_state
, struct iovec
, iovlen
);
868 return NT_STATUS_NO_MEMORY
;
871 first_state
->chained_requests
= (struct tevent_req
**)talloc_memdup(
872 last_state
, reqs
, sizeof(*reqs
) * num_reqs
);
873 if (first_state
->chained_requests
== NULL
) {
875 return NT_STATUS_NO_MEMORY
;
878 wct_offset
= smb_wct
- 4;
881 for (i
=0; i
<num_reqs
; i
++) {
882 size_t next_padding
= 0;
885 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
887 if (i
< num_reqs
-1) {
888 if (!is_andx_req(CVAL(state
->header
, smb_com
))
889 || CVAL(state
->header
, smb_wct
) < 2) {
891 TALLOC_FREE(first_state
->chained_requests
);
892 return NT_STATUS_INVALID_PARAMETER
;
896 wct_offset
+= iov_len(state
->iov
+1, state
->iov_count
-1) + 1;
897 if ((wct_offset
% 4) != 0) {
898 next_padding
= 4 - (wct_offset
% 4);
900 wct_offset
+= next_padding
;
903 if (i
< num_reqs
-1) {
904 struct cli_smb_state
*next_state
= tevent_req_data(
905 reqs
[i
+1], struct cli_smb_state
);
906 SCVAL(vwv
+0, 0, CVAL(next_state
->header
, smb_com
));
908 SSVAL(vwv
+1, 0, wct_offset
);
909 } else if (is_andx_req(CVAL(state
->header
, smb_com
))) {
910 /* properly end the chain */
911 SCVAL(vwv
+0, 0, 0xff);
912 SCVAL(vwv
+0, 1, 0xff);
917 this_iov
[0] = state
->iov
[0];
920 * This one is a bit subtle. We have to add
921 * chain_padding bytes between the requests, and we
922 * have to also include the wct field of the
923 * subsequent requests. We use the subsequent header
924 * for the padding, it contains the wct field in its
927 this_iov
[0].iov_len
= chain_padding
+1;
928 this_iov
[0].iov_base
= (void *)&state
->header
[
929 sizeof(state
->header
) - this_iov
[0].iov_len
];
930 memset(this_iov
[0].iov_base
, 0, this_iov
[0].iov_len
-1);
932 memcpy(this_iov
+1, state
->iov
+1,
933 sizeof(struct iovec
) * (state
->iov_count
-1));
934 this_iov
+= state
->iov_count
;
935 chain_padding
= next_padding
;
938 status
= cli_smb_req_iov_send(reqs
[0], last_state
, iov
, iovlen
);
939 if (!NT_STATUS_IS_OK(status
)) {
941 TALLOC_FREE(first_state
->chained_requests
);
948 bool cli_has_async_calls(struct cli_state
*cli
)
950 return ((tevent_queue_length(cli
->conn
.outgoing
) != 0)
951 || (talloc_array_length(cli
->conn
.pending
) != 0));
954 struct cli_smb_oplock_break_waiter_state
{
959 static void cli_smb_oplock_break_waiter_done(struct tevent_req
*subreq
);
961 struct tevent_req
*cli_smb_oplock_break_waiter_send(TALLOC_CTX
*mem_ctx
,
962 struct event_context
*ev
,
963 struct cli_state
*cli
)
965 struct tevent_req
*req
, *subreq
;
966 struct cli_smb_oplock_break_waiter_state
*state
;
967 struct cli_smb_state
*smb_state
;
969 req
= tevent_req_create(mem_ctx
, &state
,
970 struct cli_smb_oplock_break_waiter_state
);
976 * Create a fake SMB request that we will never send out. This is only
977 * used to be set into the pending queue with the right mid.
979 subreq
= cli_smb_req_create(mem_ctx
, ev
, cli
, 0, 0, 0, NULL
, 0, NULL
);
980 if (tevent_req_nomem(subreq
, req
)) {
981 return tevent_req_post(req
, ev
);
983 smb_state
= tevent_req_data(subreq
, struct cli_smb_state
);
984 SSVAL(smb_state
->header
, smb_mid
, 0xffff);
986 if (!cli_smb_req_set_pending(subreq
)) {
987 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
988 return tevent_req_post(req
, ev
);
990 tevent_req_set_callback(subreq
, cli_smb_oplock_break_waiter_done
, req
);
994 static void cli_smb_oplock_break_waiter_done(struct tevent_req
*subreq
)
996 struct tevent_req
*req
= tevent_req_callback_data(
997 subreq
, struct tevent_req
);
998 struct cli_smb_oplock_break_waiter_state
*state
= tevent_req_data(
999 req
, struct cli_smb_oplock_break_waiter_state
);
1007 status
= cli_smb_recv(subreq
, state
, &inbuf
, 8, &wct
, &vwv
,
1008 &num_bytes
, &bytes
);
1009 TALLOC_FREE(subreq
);
1010 if (!NT_STATUS_IS_OK(status
)) {
1011 tevent_req_nterror(req
, status
);
1014 state
->fnum
= SVAL(vwv
+2, 0);
1015 state
->level
= CVAL(vwv
+3, 1);
1016 tevent_req_done(req
);
1019 NTSTATUS
cli_smb_oplock_break_waiter_recv(struct tevent_req
*req
,
1023 struct cli_smb_oplock_break_waiter_state
*state
= tevent_req_data(
1024 req
, struct cli_smb_oplock_break_waiter_state
);
1027 if (tevent_req_is_nterror(req
, &status
)) {
1030 *pfnum
= state
->fnum
;
1031 *plevel
= state
->level
;
1032 return NT_STATUS_OK
;
1036 struct cli_session_request_state
{
1037 struct tevent_context
*ev
;
1040 struct iovec iov
[3];
1041 uint8_t nb_session_response
;
1044 static void cli_session_request_sent(struct tevent_req
*subreq
);
1045 static void cli_session_request_recvd(struct tevent_req
*subreq
);
1047 struct tevent_req
*cli_session_request_send(TALLOC_CTX
*mem_ctx
,
1048 struct tevent_context
*ev
,
1050 const struct nmb_name
*called
,
1051 const struct nmb_name
*calling
)
1053 struct tevent_req
*req
, *subreq
;
1054 struct cli_session_request_state
*state
;
1056 req
= tevent_req_create(mem_ctx
, &state
,
1057 struct cli_session_request_state
);
1064 state
->iov
[1].iov_base
= name_mangle(
1065 state
, called
->name
, called
->name_type
);
1066 if (tevent_req_nomem(state
->iov
[1].iov_base
, req
)) {
1067 return tevent_req_post(req
, ev
);
1069 state
->iov
[1].iov_len
= name_len(
1070 (unsigned char *)state
->iov
[1].iov_base
,
1071 talloc_get_size(state
->iov
[1].iov_base
));
1073 state
->iov
[2].iov_base
= name_mangle(
1074 state
, calling
->name
, calling
->name_type
);
1075 if (tevent_req_nomem(state
->iov
[2].iov_base
, req
)) {
1076 return tevent_req_post(req
, ev
);
1078 state
->iov
[2].iov_len
= name_len(
1079 (unsigned char *)state
->iov
[2].iov_base
,
1080 talloc_get_size(state
->iov
[2].iov_base
));
1082 _smb_setlen(((char *)&state
->len_hdr
),
1083 state
->iov
[1].iov_len
+ state
->iov
[2].iov_len
);
1084 SCVAL((char *)&state
->len_hdr
, 0, 0x81);
1086 state
->iov
[0].iov_base
= &state
->len_hdr
;
1087 state
->iov
[0].iov_len
= sizeof(state
->len_hdr
);
1089 subreq
= writev_send(state
, ev
, NULL
, sock
, true, state
->iov
, 3);
1090 if (tevent_req_nomem(subreq
, req
)) {
1091 return tevent_req_post(req
, ev
);
1093 tevent_req_set_callback(subreq
, cli_session_request_sent
, req
);
1097 static void cli_session_request_sent(struct tevent_req
*subreq
)
1099 struct tevent_req
*req
= tevent_req_callback_data(
1100 subreq
, struct tevent_req
);
1101 struct cli_session_request_state
*state
= tevent_req_data(
1102 req
, struct cli_session_request_state
);
1106 ret
= writev_recv(subreq
, &err
);
1107 TALLOC_FREE(subreq
);
1109 tevent_req_error(req
, err
);
1112 subreq
= read_smb_send(state
, state
->ev
, state
->sock
);
1113 if (tevent_req_nomem(subreq
, req
)) {
1116 tevent_req_set_callback(subreq
, cli_session_request_recvd
, req
);
1119 static void cli_session_request_recvd(struct tevent_req
*subreq
)
1121 struct tevent_req
*req
= tevent_req_callback_data(
1122 subreq
, struct tevent_req
);
1123 struct cli_session_request_state
*state
= tevent_req_data(
1124 req
, struct cli_session_request_state
);
1129 ret
= read_smb_recv(subreq
, talloc_tos(), &buf
, &err
);
1130 TALLOC_FREE(subreq
);
1137 tevent_req_error(req
, err
);
1141 * In case of an error there is more information in the data
1142 * portion according to RFC1002. We're not subtle enough to
1143 * respond to the different error conditions, so drop the
1146 state
->nb_session_response
= CVAL(buf
, 0);
1147 tevent_req_done(req
);
1150 bool cli_session_request_recv(struct tevent_req
*req
, int *err
, uint8_t *resp
)
1152 struct cli_session_request_state
*state
= tevent_req_data(
1153 req
, struct cli_session_request_state
);
1155 if (tevent_req_is_unix_error(req
, err
)) {
1158 *resp
= state
->nb_session_response
;