search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Do proper error handling if the socket is closed
[Samba/gebeck_regimport.git] / source3 / libsmb / async_smb.c
bloba4c58aa5c7e321ca248f102d73f3d4b26fa82137
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 static void cli_state_handler(struct event_context *event_ctx,
23 struct fd_event *event, uint16 flags, void *p);
24
25 /**
26 * Fetch an error out of a NBT packet
27 * @param[in] buf The SMB packet
28 * @retval The error, converted to NTSTATUS
29 */
30
31 NTSTATUS cli_pull_error(char *buf)
32 {
33 uint32_t flags2 = SVAL(buf, smb_flg2);
34
35 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
36 return NT_STATUS(IVAL(buf, smb_rcls));
37 }
38
39 /* if the client uses dos errors, but there is no error,
40 we should return no error here, otherwise it looks
41 like an unknown bad NT_STATUS. jmcd */
42 if (CVAL(buf, smb_rcls) == 0)
43 return NT_STATUS_OK;
44
45 return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
46 }
47
48 /**
49 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
50 * @param[in] cli The client connection that just received an error
51 * @param[in] status The error to set on "cli"
52 */
53
54 void cli_set_error(struct cli_state *cli, NTSTATUS status)
55 {
56 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
57
58 if (NT_STATUS_IS_DOS(status)) {
59 SSVAL(cli->inbuf, smb_flg2,
60 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
61 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
62 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
63 return;
64 }
65
66 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
67 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
68 return;
69 }
70
71 /**
72 * Allocate a new mid
73 * @param[in] cli The client connection
74 * @retval The new, unused mid
75 */
76
77 static uint16_t cli_new_mid(struct cli_state *cli)
78 {
79 uint16_t result;
80 struct cli_request *req;
81
82 while (true) {
83 result = cli->mid++;
84 if (result == 0) {
85 continue;
86 }
87
88 for (req = cli->outstanding_requests; req; req = req->next) {
89 if (result == req->mid) {
90 break;
91 }
92 }
93
94 if (req == NULL) {
95 return result;
96 }
97 }
98 }
99
100 /**
101 * Print an async req that happens to be a cli_request
102 * @param[in] mem_ctx The TALLOC_CTX to put the result on
103 * @param[in] req The request to print
104 * @retval The string representation of "req"
105 */
106
107 static char *cli_request_print(TALLOC_CTX *mem_ctx, struct async_req *req)
108 {
109 char *result = async_req_print(mem_ctx, req);
110 struct cli_request *cli_req = talloc_get_type_abort(
111 req->private_data, struct cli_request);
112
113 if (result == NULL) {
114 return NULL;
115 }
116
117 return talloc_asprintf_append_buffer(
118 result, "mid=%d\n", cli_req->mid);
119 }
120
121 /**
122 * Destroy a cli_request
123 * @param[in] req The cli_request to kill
124 * @retval Can't fail
125 */
126
127 static int cli_request_destructor(struct cli_request *req)
128 {
129 if (req->enc_state != NULL) {
130 common_free_enc_buffer(req->enc_state, req->outbuf);
131 }
132 DLIST_REMOVE(req->cli->outstanding_requests, req);
133 if (req->cli->outstanding_requests == NULL) {
134 TALLOC_FREE(req->cli->fd_event);
135 }
136 return 0;
137 }
138
139 /**
140 * Is the SMB command able to hold an AND_X successor
141 * @param[in] cmd The SMB command in question
142 * @retval Can we add a chained request after "cmd"?
143 */
144
145 static bool is_andx_req(uint8_t cmd)
146 {
147 switch (cmd) {
148 case SMBtconX:
149 case SMBlockingX:
150 case SMBopenX:
151 case SMBreadX:
152 case SMBwriteX:
153 case SMBsesssetupX:
154 case SMBulogoffX:
155 case SMBntcreateX:
156 return true;
157 break;
158 default:
159 break;
160 }
161
162 return false;
163 }
164
165 /**
166 * @brief Find the smb_cmd offset of the last command pushed
167 * @param[in] buf The buffer we're building up
168 * @retval Where can we put our next andx cmd?
169 *
170 * While chaining requests, the "next" request we're looking at needs to put
171 * its SMB_Command before the data the previous request already built up added
172 * to the chain. Find the offset to the place where we have to put our cmd.
173 */
174
175 static bool find_andx_cmd_ofs(char *buf, size_t *pofs)
176 {
177 uint8_t cmd;
178 size_t ofs;
179
180 cmd = CVAL(buf, smb_com);
181
182 SMB_ASSERT(is_andx_req(cmd));
183
184 ofs = smb_vwv0;
185
186 while (CVAL(buf, ofs) != 0xff) {
187
188 if (!is_andx_req(CVAL(buf, ofs))) {
189 return false;
190 }
191
192 /*
193 * ofs is from start of smb header, so add the 4 length
194 * bytes. The next cmd is right after the wct field.
195 */
196 ofs = SVAL(buf, ofs+2) + 4 + 1;
197
198 SMB_ASSERT(ofs+4 < talloc_get_size(buf));
199 }
200
201 *pofs = ofs;
202 return true;
203 }
204
205 /**
206 * @brief Destroy an async_req that is the visible part of a cli_request
207 * @param[in] req The request to kill
208 * @retval Return 0 to make talloc happy
209 *
210 * This destructor is a bit tricky: Because a cli_request can host more than
211 * one async_req for chained requests, we need to make sure that the
212 * "cli_request" that we were part of is correctly destroyed at the right
213 * time. This is done by NULLing out ourself from the "async" member of our
214 * "cli_request". If there is none left, then also TALLOC_FREE() the
215 * cli_request, which was a talloc child of the client connection cli_state.
216 */
217
218 static int cli_async_req_destructor(struct async_req *req)
219 {
220 struct cli_request *cli_req = talloc_get_type_abort(
221 req->private_data, struct cli_request);
222 int i, pending;
223 bool found = false;
224
225 pending = 0;
226
227 for (i=0; i<cli_req->num_async; i++) {
228 if (cli_req->async[i] == req) {
229 cli_req->async[i] = NULL;
230 found = true;
231 }
232 if (cli_req->async[i] != NULL) {
233 pending += 1;
234 }
235 }
236
237 SMB_ASSERT(found);
238
239 if (pending == 0) {
240 TALLOC_FREE(cli_req);
241 }
242
243 return 0;
244 }
245
246 /**
247 * @brief Chain up a request
248 * @param[in] mem_ctx The TALLOC_CTX for the result
249 * @param[in] ev The event context that will call us back
250 * @param[in] cli The cli_state we queue the request up for
251 * @param[in] smb_command The command that we want to issue
252 * @param[in] additional_flags open_and_x wants to add oplock header flags
253 * @param[in] wct How many words?
254 * @param[in] vwv The words, already in network order
255 * @param[in] num_bytes How many bytes?
256 * @param[in] bytes The data the request ships
257 *
258 * cli_request_chain() is the core of the SMB request marshalling routine. It
259 * will create a new async_req structure in the cli->chain_accumulator->async
260 * array and marshall the smb_cmd, the vwv array and the bytes into
261 * cli->chain_accumulator->outbuf.
262 */
263
264 static struct async_req *cli_request_chain(TALLOC_CTX *mem_ctx,
265 struct event_context *ev,
266 struct cli_state *cli,
267 uint8_t smb_command,
268 uint8_t additional_flags,
269 uint8_t wct, const uint16_t *vwv,
270 uint16_t num_bytes,
271 const uint8_t *bytes)
272 {
273 struct async_req **tmp_reqs;
274 char *tmp_buf;
275 struct cli_request *req;
276 size_t old_size, new_size;
277 size_t ofs;
278
279 req = cli->chain_accumulator;
280
281 tmp_reqs = TALLOC_REALLOC_ARRAY(req, req->async, struct async_req *,
282 req->num_async + 1);
283 if (tmp_reqs == NULL) {
284 DEBUG(0, ("talloc failed\n"));
285 return NULL;
286 }
287 req->async = tmp_reqs;
288 req->num_async += 1;
289
290 req->async[req->num_async-1] = async_req_new(mem_ctx, ev);
291 if (req->async[req->num_async-1] == NULL) {
292 DEBUG(0, ("async_req_new failed\n"));
293 req->num_async -= 1;
294 return NULL;
295 }
296 req->async[req->num_async-1]->private_data = req;
297 req->async[req->num_async-1]->print = cli_request_print;
298 talloc_set_destructor(req->async[req->num_async-1],
299 cli_async_req_destructor);
300
301 old_size = talloc_get_size(req->outbuf);
302
303 /*
304 * We need space for the wct field, the words, the byte count field
305 * and the bytes themselves.
306 */
307 new_size = old_size + 1 + wct * sizeof(uint16_t) + 2 + num_bytes;
308
309 if (new_size > 0xffff) {
310 DEBUG(1, ("cli_request_chain: %u bytes won't fit\n",
311 (unsigned)new_size));
312 goto fail;
313 }
314
315 tmp_buf = TALLOC_REALLOC_ARRAY(NULL, req->outbuf, char, new_size);
316 if (tmp_buf == NULL) {
317 DEBUG(0, ("talloc failed\n"));
318 goto fail;
319 }
320 req->outbuf = tmp_buf;
321
322 if (old_size == smb_wct) {
323 SCVAL(req->outbuf, smb_com, smb_command);
324 } else {
325 size_t andx_cmd_ofs;
326 if (!find_andx_cmd_ofs(req->outbuf, &andx_cmd_ofs)) {
327 DEBUG(1, ("invalid command chain\n"));
328 goto fail;
329 }
330 SCVAL(req->outbuf, andx_cmd_ofs, smb_command);
331 SSVAL(req->outbuf, andx_cmd_ofs + 2, old_size - 4);
332 }
333
334 ofs = old_size;
335
336 SCVAL(req->outbuf, ofs, wct);
337 ofs += 1;
338
339 memcpy(req->outbuf + ofs, vwv, sizeof(uint16_t) * wct);
340 ofs += sizeof(uint16_t) * wct;
341
342 SSVAL(req->outbuf, ofs, num_bytes);
343 ofs += sizeof(uint16_t);
344
345 memcpy(req->outbuf + ofs, bytes, num_bytes);
346
347 return req->async[req->num_async-1];
348
349 fail:
350 TALLOC_FREE(req->async[req->num_async-1]);
351 req->num_async -= 1;
352 return NULL;
353 }
354
355 /**
356 * @brief prepare a cli_state to accept a chain of requests
357 * @param[in] cli The cli_state we want to queue up in
358 * @param[in] ev The event_context that will call us back for the socket
359 * @param[in] size_hint How many bytes are expected, just an optimization
360 * @retval Did we have enough memory?
361 *
362 * cli_chain_cork() sets up a new cli_request in cli->chain_accumulator. If
363 * cli is used in an async fashion, i.e. if we have outstanding requests, then
364 * we do not have to create a fd event. If cli is used only with the sync
365 * helpers, we need to create the fd_event here.
366 *
367 * If you want to issue a chained request to the server, do a
368 * cli_chain_cork(), then do you cli_open_send(), cli_read_and_x_send(),
369 * cli_close_send() and so on. The async requests that come out of
370 * cli_xxx_send() are normal async requests with the difference that they
371 * won't be shipped individually. But the event_context will still trigger the
372 * req->async.fn to be called on every single request.
373 *
374 * You have to take care yourself that you only issue chainable requests in
375 * the middle of the chain.
376 */
377
378 bool cli_chain_cork(struct cli_state *cli, struct event_context *ev,
379 size_t size_hint)
380 {
381 struct cli_request *req = NULL;
382
383 SMB_ASSERT(cli->chain_accumulator == NULL);
384
385 if (cli->fd_event == NULL) {
386 SMB_ASSERT(cli->outstanding_requests == NULL);
387 cli->fd_event = event_add_fd(ev, cli, cli->fd,
388 EVENT_FD_READ,
389 cli_state_handler, cli);
390 if (cli->fd_event == NULL) {
391 return false;
392 }
393 }
394
395 req = talloc(cli, struct cli_request);
396 if (req == NULL) {
397 goto fail;
398 }
399 req->cli = cli;
400
401 if (size_hint == 0) {
402 size_hint = 100;
403 }
404 req->outbuf = talloc_array(req, char, smb_wct + size_hint);
405 if (req->outbuf == NULL) {
406 goto fail;
407 }
408 req->outbuf = TALLOC_REALLOC_ARRAY(NULL, req->outbuf, char, smb_wct);
409
410 req->num_async = 0;
411 req->async = NULL;
412
413 req->enc_state = NULL;
414 req->recv_helper.fn = NULL;
415
416 SSVAL(req->outbuf, smb_tid, cli->cnum);
417 cli_setup_packet_buf(cli, req->outbuf);
418
419 req->mid = cli_new_mid(cli);
420 SSVAL(req->outbuf, smb_mid, req->mid);
421
422 cli->chain_accumulator = req;
423
424 DEBUG(10, ("cli_chain_cork: mid=%d\n", req->mid));
425
426 return true;
427 fail:
428 TALLOC_FREE(req);
429 if (cli->outstanding_requests == NULL) {
430 TALLOC_FREE(cli->fd_event);
431 }
432 return false;
433 }
434
435 /**
436 * Ship a request queued up via cli_request_chain()
437 * @param[in] cl The connection
438 */
439
440 void cli_chain_uncork(struct cli_state *cli)
441 {
442 struct cli_request *req = cli->chain_accumulator;
443
444 SMB_ASSERT(req != NULL);
445
446 DLIST_ADD_END(cli->outstanding_requests, req, struct cli_request *);
447 talloc_set_destructor(req, cli_request_destructor);
448
449 cli->chain_accumulator = NULL;
450
451 smb_setlen(req->outbuf, talloc_get_size(req->outbuf) - 4);
452
453 cli_calculate_sign_mac(cli, req->outbuf);
454
455 if (cli_encryption_on(cli)) {
456 NTSTATUS status;
457 char *enc_buf;
458
459 status = cli_encrypt_message(cli, req->outbuf, &enc_buf);
460 if (!NT_STATUS_IS_OK(status)) {
461 DEBUG(0, ("Error in encrypting client message. "
462 "Error %s\n", nt_errstr(status)));
463 TALLOC_FREE(req);
464 return;
465 }
466 req->outbuf = enc_buf;
467 req->enc_state = cli->trans_enc_state;
468 }
469
470 req->sent = 0;
471
472 event_fd_set_writeable(cli->fd_event);
473 }
474
475 /**
476 * @brief Send a request to the server
477 * @param[in] mem_ctx The TALLOC_CTX for the result
478 * @param[in] ev The event context that will call us back
479 * @param[in] cli The cli_state we queue the request up for
480 * @param[in] smb_command The command that we want to issue
481 * @param[in] additional_flags open_and_x wants to add oplock header flags
482 * @param[in] wct How many words?
483 * @param[in] vwv The words, already in network order
484 * @param[in] num_bytes How many bytes?
485 * @param[in] bytes The data the request ships
486 *
487 * This is the generic routine to be used by the cli_xxx_send routines.
488 */
489
490 struct async_req *cli_request_send(TALLOC_CTX *mem_ctx,
491 struct event_context *ev,
492 struct cli_state *cli,
493 uint8_t smb_command,
494 uint8_t additional_flags,
495 uint8_t wct, const uint16_t *vwv,
496 uint16_t num_bytes, const uint8_t *bytes)
497 {
498 struct async_req *result;
499 bool uncork = false;
500
501 if (cli->chain_accumulator == NULL) {
502 if (!cli_chain_cork(cli, ev,
503 wct * sizeof(uint16_t) + num_bytes + 3)) {
504 DEBUG(1, ("cli_chain_cork failed\n"));
505 return NULL;
506 }
507 uncork = true;
508 }
509
510 result = cli_request_chain(mem_ctx, ev, cli, smb_command,
511 additional_flags, wct, vwv,
512 num_bytes, bytes);
513
514 if (result == NULL) {
515 DEBUG(1, ("cli_request_chain failed\n"));
516 }
517
518 if (uncork) {
519 cli_chain_uncork(cli);
520 }
521
522 return result;
523 }
524
525 /**
526 * Figure out if there is an andx command behind the current one
527 * @param[in] buf The smb buffer to look at
528 * @param[in] ofs The offset to the wct field that is followed by the cmd
529 * @retval Is there a command following?
530 */
531
532 static bool have_andx_command(const char *buf, uint16_t ofs)
533 {
534 uint8_t wct;
535 size_t buflen = talloc_get_size(buf);
536
537 if ((ofs == buflen-1) || (ofs == buflen)) {
538 return false;
539 }
540
541 wct = CVAL(buf, ofs);
542 if (wct < 2) {
543 /*
544 * Not enough space for the command and a following pointer
545 */
546 return false;
547 }
548 return (CVAL(buf, ofs+1) != 0xff);
549 }
550
551 /**
552 * @brief Pull reply data out of a request
553 * @param[in] req The request that we just received a reply for
554 * @param[out] pwct How many words did the server send?
555 * @param[out] pvwv The words themselves
556 * @param[out] pnum_bytes How many bytes did the server send?
557 * @param[out] pbytes The bytes themselves
558 * @retval Was the reply formally correct?
559 */
560
561 NTSTATUS cli_pull_reply(struct async_req *req,
562 uint8_t *pwct, uint16_t **pvwv,
563 uint16_t *pnum_bytes, uint8_t **pbytes)
564 {
565 struct cli_request *cli_req = talloc_get_type_abort(
566 req->private_data, struct cli_request);
567 uint8_t wct, cmd;
568 uint16_t num_bytes;
569 size_t wct_ofs, bytes_offset;
570 int i, j;
571 NTSTATUS status;
572
573 for (i = 0; i < cli_req->num_async; i++) {
574 if (req == cli_req->async[i]) {
575 break;
576 }
577 }
578
579 if (i == cli_req->num_async) {
580 cli_set_error(cli_req->cli, NT_STATUS_INVALID_PARAMETER);
581 return NT_STATUS_INVALID_PARAMETER;
582 }
583
584 /**
585 * The status we pull here is only relevant for the last reply in the
586 * chain.
587 */
588
589 status = cli_pull_error(cli_req->inbuf);
590
591 if (i == 0) {
592 if (NT_STATUS_IS_ERR(status)
593 && !have_andx_command(cli_req->inbuf, smb_wct)) {
594 cli_set_error(cli_req->cli, status);
595 return status;
596 }
597 wct_ofs = smb_wct;
598 goto done;
599 }
600
601 cmd = CVAL(cli_req->inbuf, smb_com);
602 wct_ofs = smb_wct;
603
604 for (j = 0; j < i; j++) {
605 if (j < i-1) {
606 if (cmd == 0xff) {
607 return NT_STATUS_REQUEST_ABORTED;
608 }
609 if (!is_andx_req(cmd)) {
610 return NT_STATUS_INVALID_NETWORK_RESPONSE;
611 }
612 }
613
614 if (!have_andx_command(cli_req->inbuf, wct_ofs)) {
615 /*
616 * This request was not completed because a previous
617 * request in the chain had received an error.
618 */
619 return NT_STATUS_REQUEST_ABORTED;
620 }
621
622 wct_ofs = SVAL(cli_req->inbuf, wct_ofs + 3);
623
624 /*
625 * Skip the all-present length field. No overflow, we've just
626 * put a 16-bit value into a size_t.
627 */
628 wct_ofs += 4;
629
630 if (wct_ofs+2 > talloc_get_size(cli_req->inbuf)) {
631 return NT_STATUS_INVALID_NETWORK_RESPONSE;
632 }
633
634 cmd = CVAL(cli_req->inbuf, wct_ofs + 1);
635 }
636
637 if (!have_andx_command(cli_req->inbuf, wct_ofs)
638 && NT_STATUS_IS_ERR(status)) {
639 /*
640 * The last command takes the error code. All further commands
641 * down the requested chain will get a
642 * NT_STATUS_REQUEST_ABORTED.
643 */
644 return status;
645 }
646
647 done:
648 wct = CVAL(cli_req->inbuf, wct_ofs);
649
650 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
651 num_bytes = SVAL(cli_req->inbuf, bytes_offset);
652
653 /*
654 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
655 * is a 16-bit value. So bytes_offset being size_t should be far from
656 * wrapping.
657 */
658
659 if ((bytes_offset + 2 > talloc_get_size(cli_req->inbuf))
660 || (bytes_offset > 0xffff)) {
661 return NT_STATUS_INVALID_NETWORK_RESPONSE;
662 }
663
664 *pwct = wct;
665 *pvwv = (uint16_t *)(cli_req->inbuf + wct_ofs + 1);
666 *pnum_bytes = num_bytes;
667 *pbytes = (uint8_t *)cli_req->inbuf + bytes_offset + 2;
668
669 return NT_STATUS_OK;
670 }
671
672 /**
673 * A PDU has arrived on cli->evt_inbuf
674 * @param[in] cli The cli_state that received something
675 */
676
677 static void handle_incoming_pdu(struct cli_state *cli)
678 {
679 struct cli_request *req;
680 uint16_t mid;
681 size_t raw_pdu_len, buf_len, pdu_len, rest_len;
682 char *pdu;
683 int i;
684 NTSTATUS status;
685
686 int num_async;
687
688 /*
689 * The encrypted PDU len might differ from the unencrypted one
690 */
691 raw_pdu_len = smb_len(cli->evt_inbuf) + 4;
692 buf_len = talloc_get_size(cli->evt_inbuf);
693 rest_len = buf_len - raw_pdu_len;
694
695 if (buf_len == raw_pdu_len) {
696 /*
697 * Optimal case: Exactly one PDU was in the socket buffer
698 */
699 pdu = cli->evt_inbuf;
700 cli->evt_inbuf = NULL;
701 }
702 else {
703 DEBUG(11, ("buf_len = %d, raw_pdu_len = %d, splitting "
704 "buffer\n", (int)buf_len, (int)raw_pdu_len));
705
706 if (raw_pdu_len < rest_len) {
707 /*
708 * The PDU is shorter, talloc_memdup that one.
709 */
710 pdu = (char *)talloc_memdup(
711 cli, cli->evt_inbuf, raw_pdu_len);
712
713 memmove(cli->evt_inbuf, cli->evt_inbuf + raw_pdu_len,
714 buf_len - raw_pdu_len);
715
716 cli->evt_inbuf = TALLOC_REALLOC_ARRAY(
717 NULL, cli->evt_inbuf, char, rest_len);
718
719 if (pdu == NULL) {
720 status = NT_STATUS_NO_MEMORY;
721 goto invalidate_requests;
722 }
723 }
724 else {
725 /*
726 * The PDU is larger than the rest, talloc_memdup the
727 * rest
728 */
729 pdu = cli->evt_inbuf;
730
731 cli->evt_inbuf = (char *)talloc_memdup(
732 cli, pdu + raw_pdu_len, rest_len);
733
734 if (cli->evt_inbuf == NULL) {
735 status = NT_STATUS_NO_MEMORY;
736 goto invalidate_requests;
737 }
738 }
739
740 }
741
742 /*
743 * TODO: Handle oplock break requests
744 */
745
746 if (cli_encryption_on(cli) && CVAL(pdu, 0) == 0) {
747 uint16_t enc_ctx_num;
748
749 status = get_enc_ctx_num((uint8_t *)pdu, &enc_ctx_num);
750 if (!NT_STATUS_IS_OK(status)) {
751 DEBUG(10, ("get_enc_ctx_num returned %s\n",
752 nt_errstr(status)));
753 goto invalidate_requests;
754 }
755
756 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
757 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
758 enc_ctx_num,
759 cli->trans_enc_state->enc_ctx_num));
760 status = NT_STATUS_INVALID_HANDLE;
761 goto invalidate_requests;
762 }
763
764 status = common_decrypt_buffer(cli->trans_enc_state,
765 pdu);
766 if (!NT_STATUS_IS_OK(status)) {
767 DEBUG(10, ("common_decrypt_buffer returned %s\n",
768 nt_errstr(status)));
769 goto invalidate_requests;
770 }
771 }
772
773 if (!cli_check_sign_mac(cli, pdu)) {
774 DEBUG(10, ("cli_check_sign_mac failed\n"));
775 status = NT_STATUS_ACCESS_DENIED;
776 goto invalidate_requests;
777 }
778
779 mid = SVAL(pdu, smb_mid);
780
781 DEBUG(10, ("handle_incoming_pdu: got mid %d\n", mid));
782
783 for (req = cli->outstanding_requests; req; req = req->next) {
784 if (req->mid == mid) {
785 break;
786 }
787 }
788
789 pdu_len = smb_len(pdu) + 4;
790
791 if (req == NULL) {
792 DEBUG(3, ("Request for mid %d not found, dumping PDU\n", mid));
793
794 TALLOC_FREE(pdu);
795 return;
796 }
797
798 req->inbuf = talloc_move(req, &pdu);
799
800 /*
801 * Freeing the last async_req will free the req (see
802 * cli_async_req_destructor). So make a copy of req->num_async, we
803 * can't reference it in the last round.
804 */
805
806 num_async = req->num_async;
807
808 for (i=0; i<num_async; i++) {
809 /**
810 * A request might have been talloc_free()'ed before we arrive
811 * here. It will have removed itself from req->async via its
812 * destructor cli_async_req_destructor().
813 */
814 if (req->async[i] != NULL) {
815 if (req->recv_helper.fn != NULL) {
816 req->recv_helper.fn(req->async[i]);
817 } else {
818 async_req_done(req->async[i]);
819 }
820 }
821 }
822 return;
823
824 invalidate_requests:
825
826 DEBUG(10, ("handle_incoming_pdu: Aborting with %s\n",
827 nt_errstr(status)));
828
829 for (req = cli->outstanding_requests; req; req = req->next) {
830 async_req_error(req->async[0], status);
831 }
832 return;
833 }
834
835 /**
836 * fd event callback. This is the basic connection to the socket
837 * @param[in] event_ctx The event context that called us
838 * @param[in] event The event that fired
839 * @param[in] flags EVENT_FD_READ | EVENT_FD_WRITE
840 * @param[in] p private_data, in this case the cli_state
841 */
842
843 static void cli_state_handler(struct event_context *event_ctx,
844 struct fd_event *event, uint16 flags, void *p)
845 {
846 struct cli_state *cli = (struct cli_state *)p;
847 struct cli_request *req;
848 NTSTATUS status;
849
850 DEBUG(11, ("cli_state_handler called with flags %d\n", flags));
851
852 if (flags & EVENT_FD_READ) {
853 int res, available;
854 size_t old_size, new_size;
855 char *tmp;
856
857 res = ioctl(cli->fd, FIONREAD, &available);
858 if (res == -1) {
859 DEBUG(10, ("ioctl(FIONREAD) failed: %s\n",
860 strerror(errno)));
861 status = map_nt_error_from_unix(errno);
862 goto sock_error;
863 }
864
865 if (available == 0) {
866 /* EOF */
867 status = NT_STATUS_END_OF_FILE;
868 goto sock_error;
869 }
870
871 old_size = talloc_get_size(cli->evt_inbuf);
872 new_size = old_size + available;
873
874 if (new_size < old_size) {
875 /* wrap */
876 status = NT_STATUS_UNEXPECTED_IO_ERROR;
877 goto sock_error;
878 }
879
880 tmp = TALLOC_REALLOC_ARRAY(cli, cli->evt_inbuf, char,
881 new_size);
882 if (tmp == NULL) {
883 /* nomem */
884 status = NT_STATUS_NO_MEMORY;
885 goto sock_error;
886 }
887 cli->evt_inbuf = tmp;
888
889 res = recv(cli->fd, cli->evt_inbuf + old_size, available, 0);
890 if (res == -1) {
891 DEBUG(10, ("recv failed: %s\n", strerror(errno)));
892 status = map_nt_error_from_unix(errno);
893 goto sock_error;
894 }
895
896 DEBUG(11, ("cli_state_handler: received %d bytes, "
897 "smb_len(evt_inbuf) = %d\n", (int)res,
898 smb_len(cli->evt_inbuf)));
899
900 /* recv *might* have returned less than announced */
901 new_size = old_size + res;
902
903 /* shrink, so I don't expect errors here */
904 cli->evt_inbuf = TALLOC_REALLOC_ARRAY(cli, cli->evt_inbuf,
905 char, new_size);
906
907 while ((cli->evt_inbuf != NULL)
908 && ((smb_len(cli->evt_inbuf) + 4) <= new_size)) {
909 /*
910 * we've got a complete NBT level PDU in evt_inbuf
911 */
912 handle_incoming_pdu(cli);
913 new_size = talloc_get_size(cli->evt_inbuf);
914 }
915 }
916
917 if (flags & EVENT_FD_WRITE) {
918 size_t to_send;
919 ssize_t sent;
920
921 for (req = cli->outstanding_requests; req; req = req->next) {
922 to_send = smb_len(req->outbuf)+4;
923 if (to_send > req->sent) {
924 break;
925 }
926 }
927
928 if (req == NULL) {
929 if (cli->fd_event != NULL) {
930 event_fd_set_not_writeable(cli->fd_event);
931 }
932 return;
933 }
934
935 sent = send(cli->fd, req->outbuf + req->sent,
936 to_send - req->sent, 0);
937
938 if (sent < 0) {
939 status = map_nt_error_from_unix(errno);
940 goto sock_error;
941 }
942
943 req->sent += sent;
944
945 if (req->sent == to_send) {
946 return;
947 }
948 }
949 return;
950
951 sock_error:
952 for (req = cli->outstanding_requests; req; req = req->next) {
953 int i;
954 for (i=0; i<req->num_async; i++) {
955 async_req_error(req->async[i], status);
956 }
957 }
958 TALLOC_FREE(cli->fd_event);
959 close(cli->fd);
960 cli->fd = -1;
961 }
reg import