search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:NBT-WINSREPLICATION: don't mark a local variable as static
[Samba/kamenim.git] / source3 / libsmb / async_smb.c
blob0667fa3ab2e50ab9172168f8ecc837094d7f7b66
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 /*
23 * Read an smb packet asynchronously, discard keepalives
24 */
25
26 struct read_smb_state {
27 struct tevent_context *ev;
28 int fd;
29 uint8_t *buf;
30 };
31
32 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data);
33 static void read_smb_done(struct tevent_req *subreq);
34
35 static struct tevent_req *read_smb_send(TALLOC_CTX *mem_ctx,
36 struct tevent_context *ev,
37 int fd)
38 {
39 struct tevent_req *result, *subreq;
40 struct read_smb_state *state;
41
42 result = tevent_req_create(mem_ctx, &state, struct read_smb_state);
43 if (result == NULL) {
44 return NULL;
45 }
46 state->ev = ev;
47 state->fd = fd;
48
49 subreq = read_packet_send(state, ev, fd, 4, read_smb_more, NULL);
50 if (subreq == NULL) {
51 goto fail;
52 }
53 tevent_req_set_callback(subreq, read_smb_done, result);
54 return result;
55 fail:
56 TALLOC_FREE(result);
57 return NULL;
58 }
59
60 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data)
61 {
62 if (buflen > 4) {
63 return 0; /* We've been here, we're done */
64 }
65 return smb_len_large(buf);
66 }
67
68 static void read_smb_done(struct tevent_req *subreq)
69 {
70 struct tevent_req *req = tevent_req_callback_data(
71 subreq, struct tevent_req);
72 struct read_smb_state *state = tevent_req_data(
73 req, struct read_smb_state);
74 ssize_t len;
75 int err;
76
77 len = read_packet_recv(subreq, state, &state->buf, &err);
78 TALLOC_FREE(subreq);
79 if (len == -1) {
80 tevent_req_error(req, err);
81 return;
82 }
83
84 if (CVAL(state->buf, 0) == SMBkeepalive) {
85 subreq = read_packet_send(state, state->ev, state->fd, 4,
86 read_smb_more, NULL);
87 if (tevent_req_nomem(subreq, req)) {
88 return;
89 }
90 tevent_req_set_callback(subreq, read_smb_done, req);
91 return;
92 }
93 tevent_req_done(req);
94 }
95
96 static ssize_t read_smb_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
97 uint8_t **pbuf, int *perrno)
98 {
99 struct read_smb_state *state = tevent_req_data(
100 req, struct read_smb_state);
101
102 if (tevent_req_is_unix_error(req, perrno)) {
103 return -1;
104 }
105 *pbuf = talloc_move(mem_ctx, &state->buf);
106 return talloc_get_size(*pbuf);
107 }
108
109 /**
110 * Fetch an error out of a NBT packet
111 * @param[in] buf The SMB packet
112 * @retval The error, converted to NTSTATUS
113 */
114
115 NTSTATUS cli_pull_error(char *buf)
116 {
117 uint32_t flags2 = SVAL(buf, smb_flg2);
118
119 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
120 return NT_STATUS(IVAL(buf, smb_rcls));
121 }
122
123 /* if the client uses dos errors, but there is no error,
124 we should return no error here, otherwise it looks
125 like an unknown bad NT_STATUS. jmcd */
126 if (CVAL(buf, smb_rcls) == 0)
127 return NT_STATUS_OK;
128
129 return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
130 }
131
132 /**
133 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
134 * @param[in] cli The client connection that just received an error
135 * @param[in] status The error to set on "cli"
136 */
137
138 void cli_set_error(struct cli_state *cli, NTSTATUS status)
139 {
140 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
141
142 if (NT_STATUS_IS_DOS(status)) {
143 SSVAL(cli->inbuf, smb_flg2,
144 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
145 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
146 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
147 return;
148 }
149
150 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
151 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
152 return;
153 }
154
155 /**
156 * Figure out if there is an andx command behind the current one
157 * @param[in] buf The smb buffer to look at
158 * @param[in] ofs The offset to the wct field that is followed by the cmd
159 * @retval Is there a command following?
160 */
161
162 static bool have_andx_command(const char *buf, uint16_t ofs)
163 {
164 uint8_t wct;
165 size_t buflen = talloc_get_size(buf);
166
167 if ((ofs == buflen-1) || (ofs == buflen)) {
168 return false;
169 }
170
171 wct = CVAL(buf, ofs);
172 if (wct < 2) {
173 /*
174 * Not enough space for the command and a following pointer
175 */
176 return false;
177 }
178 return (CVAL(buf, ofs+1) != 0xff);
179 }
180
181 #define MAX_SMB_IOV 5
182
183 struct cli_smb_state {
184 struct tevent_context *ev;
185 struct cli_state *cli;
186 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
187
188 /*
189 * For normal requests, cli_smb_req_send chooses a mid. Secondary
190 * trans requests need to use the mid of the primary request, so we
191 * need a place to store it. Assume it's set if != 0.
192 */
193 uint16_t mid;
194
195 uint16_t *vwv;
196 uint8_t bytecount_buf[2];
197
198 struct iovec iov[MAX_SMB_IOV+3];
199 int iov_count;
200
201 uint8_t *inbuf;
202 uint32_t seqnum;
203 int chain_num;
204 struct tevent_req **chained_requests;
205 };
206
207 static uint16_t cli_alloc_mid(struct cli_state *cli)
208 {
209 int num_pending = talloc_array_length(cli->pending);
210 uint16_t result;
211
212 while (true) {
213 int i;
214
215 result = cli->mid++;
216 if ((result == 0) || (result == 0xffff)) {
217 continue;
218 }
219
220 for (i=0; i<num_pending; i++) {
221 if (result == cli_smb_req_mid(cli->pending[i])) {
222 break;
223 }
224 }
225
226 if (i == num_pending) {
227 return result;
228 }
229 }
230 }
231
232 void cli_smb_req_unset_pending(struct tevent_req *req)
233 {
234 struct cli_smb_state *state = tevent_req_data(
235 req, struct cli_smb_state);
236 struct cli_state *cli = state->cli;
237 int num_pending = talloc_array_length(cli->pending);
238 int i;
239
240 if (num_pending == 1) {
241 /*
242 * The pending read_smb tevent_req is a child of
243 * cli->pending. So if nothing is pending anymore, we need to
244 * delete the socket read fde.
245 */
246 TALLOC_FREE(cli->pending);
247 return;
248 }
249
250 for (i=0; i<num_pending; i++) {
251 if (req == cli->pending[i]) {
252 break;
253 }
254 }
255 if (i == num_pending) {
256 /*
257 * Something's seriously broken. Just returning here is the
258 * right thing nevertheless, the point of this routine is to
259 * remove ourselves from cli->pending.
260 */
261 return;
262 }
263
264 /*
265 * Remove ourselves from the cli->pending array
266 */
267 if (num_pending > 1) {
268 cli->pending[i] = cli->pending[num_pending-1];
269 }
270
271 /*
272 * No NULL check here, we're shrinking by sizeof(void *), and
273 * talloc_realloc just adjusts the size for this.
274 */
275 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
276 num_pending - 1);
277 return;
278 }
279
280 static int cli_smb_req_destructor(struct tevent_req *req)
281 {
282 cli_smb_req_unset_pending(req);
283 return 0;
284 }
285
286 static void cli_smb_received(struct tevent_req *subreq);
287
288 bool cli_smb_req_set_pending(struct tevent_req *req)
289 {
290 struct cli_smb_state *state = tevent_req_data(
291 req, struct cli_smb_state);
292 struct cli_state *cli;
293 struct tevent_req **pending;
294 int num_pending;
295 struct tevent_req *subreq;
296
297 cli = state->cli;
298 num_pending = talloc_array_length(cli->pending);
299
300 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
301 num_pending+1);
302 if (pending == NULL) {
303 return false;
304 }
305 pending[num_pending] = req;
306 cli->pending = pending;
307 talloc_set_destructor(req, cli_smb_req_destructor);
308
309 if (num_pending > 0) {
310 return true;
311 }
312
313 /*
314 * We're the first ones, add the read_smb request that waits for the
315 * answer from the server
316 */
317 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
318 if (subreq == NULL) {
319 cli_smb_req_unset_pending(req);
320 return false;
321 }
322 tevent_req_set_callback(subreq, cli_smb_received, cli);
323 return true;
324 }
325
326 /*
327 * Fetch a smb request's mid. Only valid after the request has been sent by
328 * cli_smb_req_send().
329 */
330 uint16_t cli_smb_req_mid(struct tevent_req *req)
331 {
332 struct cli_smb_state *state = tevent_req_data(
333 req, struct cli_smb_state);
334 return SVAL(state->header, smb_mid);
335 }
336
337 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
338 {
339 struct cli_smb_state *state = tevent_req_data(
340 req, struct cli_smb_state);
341 state->mid = mid;
342 }
343
344 static size_t iov_len(const struct iovec *iov, int count)
345 {
346 size_t result = 0;
347 int i;
348 for (i=0; i<count; i++) {
349 result += iov[i].iov_len;
350 }
351 return result;
352 }
353
354 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
355 int count)
356 {
357 size_t len = iov_len(iov, count);
358 size_t copied;
359 uint8_t *buf;
360 int i;
361
362 buf = talloc_array(mem_ctx, uint8_t, len);
363 if (buf == NULL) {
364 return NULL;
365 }
366 copied = 0;
367 for (i=0; i<count; i++) {
368 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
369 copied += iov[i].iov_len;
370 }
371 return buf;
372 }
373
374 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
375 struct event_context *ev,
376 struct cli_state *cli,
377 uint8_t smb_command,
378 uint8_t additional_flags,
379 uint8_t wct, uint16_t *vwv,
380 int iov_count,
381 struct iovec *bytes_iov)
382 {
383 struct tevent_req *result;
384 struct cli_smb_state *state;
385 struct timeval endtime;
386
387 if (iov_count > MAX_SMB_IOV) {
388 /*
389 * Should not happen :-)
390 */
391 return NULL;
392 }
393
394 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
395 if (result == NULL) {
396 return NULL;
397 }
398 state->ev = ev;
399 state->cli = cli;
400 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
401 state->chain_num = 0;
402 state->chained_requests = NULL;
403
404 cli_setup_packet_buf(cli, (char *)state->header);
405 SCVAL(state->header, smb_com, smb_command);
406 SSVAL(state->header, smb_tid, cli->cnum);
407 SCVAL(state->header, smb_wct, wct);
408
409 state->vwv = vwv;
410
411 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
412
413 state->iov[0].iov_base = (void *)state->header;
414 state->iov[0].iov_len = sizeof(state->header);
415 state->iov[1].iov_base = (void *)state->vwv;
416 state->iov[1].iov_len = wct * sizeof(uint16_t);
417 state->iov[2].iov_base = (void *)state->bytecount_buf;
418 state->iov[2].iov_len = sizeof(uint16_t);
419
420 if (iov_count != 0) {
421 memcpy(&state->iov[3], bytes_iov,
422 iov_count * sizeof(*bytes_iov));
423 }
424 state->iov_count = iov_count + 3;
425
426 endtime = timeval_current_ofs(0, cli->timeout * 1000);
427 if (!tevent_req_set_endtime(result, ev, endtime)) {
428 tevent_req_nomem(NULL, result);
429 }
430 return result;
431 }
432
433 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
434 uint32_t *seqnum)
435 {
436 uint8_t *buf;
437
438 /*
439 * Obvious optimization: Make cli_calculate_sign_mac work with struct
440 * iovec directly. MD5Update would do that just fine.
441 */
442
443 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
444 return NT_STATUS_INVALID_PARAMETER;
445 }
446
447 buf = iov_concat(talloc_tos(), iov, count);
448 if (buf == NULL) {
449 return NT_STATUS_NO_MEMORY;
450 }
451
452 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
453 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
454
455 TALLOC_FREE(buf);
456 return NT_STATUS_OK;
457 }
458
459 static void cli_smb_sent(struct tevent_req *subreq);
460
461 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
462 struct cli_smb_state *state,
463 struct iovec *iov, int iov_count)
464 {
465 struct tevent_req *subreq;
466 NTSTATUS status;
467
468 if (state->cli->fd == -1) {
469 return NT_STATUS_CONNECTION_INVALID;
470 }
471
472 if (iov[0].iov_len < smb_wct) {
473 return NT_STATUS_INVALID_PARAMETER;
474 }
475
476 if (state->mid != 0) {
477 SSVAL(iov[0].iov_base, smb_mid, state->mid);
478 } else {
479 SSVAL(iov[0].iov_base, smb_mid, cli_alloc_mid(state->cli));
480 }
481
482 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
483
484 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
485
486 if (!NT_STATUS_IS_OK(status)) {
487 return status;
488 }
489
490 if (cli_encryption_on(state->cli)) {
491 char *buf, *enc_buf;
492
493 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
494 if (buf == NULL) {
495 return NT_STATUS_NO_MEMORY;
496 }
497 status = cli_encrypt_message(state->cli, (char *)buf,
498 &enc_buf);
499 TALLOC_FREE(buf);
500 if (!NT_STATUS_IS_OK(status)) {
501 DEBUG(0, ("Error in encrypting client message: %s\n",
502 nt_errstr(status)));
503 return status;
504 }
505 buf = (char *)talloc_memdup(state, enc_buf,
506 smb_len(enc_buf)+4);
507 SAFE_FREE(enc_buf);
508 if (buf == NULL) {
509 return NT_STATUS_NO_MEMORY;
510 }
511 iov[0].iov_base = (void *)buf;
512 iov[0].iov_len = talloc_get_size(buf);
513 iov_count = 1;
514 }
515 subreq = writev_send(state, state->ev, state->cli->outgoing,
516 state->cli->fd, false, iov, iov_count);
517 if (subreq == NULL) {
518 return NT_STATUS_NO_MEMORY;
519 }
520 tevent_req_set_callback(subreq, cli_smb_sent, req);
521 return NT_STATUS_OK;
522 }
523
524 NTSTATUS cli_smb_req_send(struct tevent_req *req)
525 {
526 struct cli_smb_state *state = tevent_req_data(
527 req, struct cli_smb_state);
528
529 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
530 }
531
532 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
533 struct event_context *ev,
534 struct cli_state *cli,
535 uint8_t smb_command,
536 uint8_t additional_flags,
537 uint8_t wct, uint16_t *vwv,
538 uint32_t num_bytes,
539 const uint8_t *bytes)
540 {
541 struct tevent_req *req;
542 struct iovec iov;
543 NTSTATUS status;
544
545 iov.iov_base = CONST_DISCARD(void *, bytes);
546 iov.iov_len = num_bytes;
547
548 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
549 additional_flags, wct, vwv, 1, &iov);
550 if (req == NULL) {
551 return NULL;
552 }
553
554 status = cli_smb_req_send(req);
555 if (!NT_STATUS_IS_OK(status)) {
556 tevent_req_nterror(req, status);
557 return tevent_req_post(req, ev);
558 }
559 return req;
560 }
561
562 static void cli_smb_sent(struct tevent_req *subreq)
563 {
564 struct tevent_req *req = tevent_req_callback_data(
565 subreq, struct tevent_req);
566 struct cli_smb_state *state = tevent_req_data(
567 req, struct cli_smb_state);
568 ssize_t nwritten;
569 int err;
570
571 nwritten = writev_recv(subreq, &err);
572 TALLOC_FREE(subreq);
573 if (nwritten == -1) {
574 if (state->cli->fd != -1) {
575 close(state->cli->fd);
576 state->cli->fd = -1;
577 }
578 tevent_req_nterror(req, map_nt_error_from_unix(err));
579 return;
580 }
581
582 switch (CVAL(state->header, smb_com)) {
583 case SMBtranss:
584 case SMBtranss2:
585 case SMBnttranss:
586 case SMBntcancel:
587 state->inbuf = NULL;
588 tevent_req_done(req);
589 return;
590 case SMBlockingX:
591 if ((CVAL(state->header, smb_wct) == 8) &&
592 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
593 state->inbuf = NULL;
594 tevent_req_done(req);
595 return;
596 }
597 }
598
599 if (!cli_smb_req_set_pending(req)) {
600 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
601 return;
602 }
603 }
604
605 static void cli_smb_received(struct tevent_req *subreq)
606 {
607 struct cli_state *cli = tevent_req_callback_data(
608 subreq, struct cli_state);
609 struct tevent_req *req;
610 struct cli_smb_state *state;
611 NTSTATUS status;
612 uint8_t *inbuf;
613 ssize_t received;
614 int num_pending;
615 int i, err;
616 uint16_t mid;
617 bool oplock_break;
618
619 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
620 TALLOC_FREE(subreq);
621 if (received == -1) {
622 if (cli->fd != -1) {
623 close(cli->fd);
624 cli->fd = -1;
625 }
626 status = map_nt_error_from_unix(err);
627 goto fail;
628 }
629
630 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
631 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
632 DEBUG(10, ("Got non-SMB PDU\n"));
633 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
634 goto fail;
635 }
636
637 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
638 uint16_t enc_ctx_num;
639
640 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
641 if (!NT_STATUS_IS_OK(status)) {
642 DEBUG(10, ("get_enc_ctx_num returned %s\n",
643 nt_errstr(status)));
644 goto fail;
645 }
646
647 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
648 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
649 enc_ctx_num,
650 cli->trans_enc_state->enc_ctx_num));
651 status = NT_STATUS_INVALID_HANDLE;
652 goto fail;
653 }
654
655 status = common_decrypt_buffer(cli->trans_enc_state,
656 (char *)inbuf);
657 if (!NT_STATUS_IS_OK(status)) {
658 DEBUG(10, ("common_decrypt_buffer returned %s\n",
659 nt_errstr(status)));
660 goto fail;
661 }
662 }
663
664 mid = SVAL(inbuf, smb_mid);
665 num_pending = talloc_array_length(cli->pending);
666
667 for (i=0; i<num_pending; i++) {
668 if (mid == cli_smb_req_mid(cli->pending[i])) {
669 break;
670 }
671 }
672 if (i == num_pending) {
673 /* Dump unexpected reply */
674 TALLOC_FREE(inbuf);
675 goto done;
676 }
677
678 oplock_break = false;
679
680 if (mid == 0xffff) {
681 /*
682 * Paranoia checks that this is really an oplock break request.
683 */
684 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
685 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
686 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
687 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
688 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
689
690 if (!oplock_break) {
691 /* Dump unexpected reply */
692 TALLOC_FREE(inbuf);
693 goto done;
694 }
695 }
696
697 req = cli->pending[i];
698 state = tevent_req_data(req, struct cli_smb_state);
699
700 if (!oplock_break /* oplock breaks are not signed */
701 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
702 DEBUG(10, ("cli_check_sign_mac failed\n"));
703 TALLOC_FREE(inbuf);
704 status = NT_STATUS_ACCESS_DENIED;
705 goto fail;
706 }
707
708 if (state->chained_requests == NULL) {
709 state->inbuf = talloc_move(state, &inbuf);
710 talloc_set_destructor(req, NULL);
711 cli_smb_req_destructor(req);
712 tevent_req_done(req);
713 } else {
714 struct tevent_req **chain = talloc_move(
715 talloc_tos(), &state->chained_requests);
716 int num_chained = talloc_array_length(chain);
717
718 for (i=0; i<num_chained; i++) {
719 state = tevent_req_data(chain[i], struct
720 cli_smb_state);
721 state->inbuf = inbuf;
722 state->chain_num = i;
723 tevent_req_done(chain[i]);
724 }
725 TALLOC_FREE(inbuf);
726 TALLOC_FREE(chain);
727 }
728 done:
729 if (talloc_array_length(cli->pending) > 0) {
730 /*
731 * Set up another read request for the other pending cli_smb
732 * requests
733 */
734 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
735 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
736 if (subreq == NULL) {
737 status = NT_STATUS_NO_MEMORY;
738 goto fail;
739 }
740 tevent_req_set_callback(subreq, cli_smb_received, cli);
741 }
742 return;
743 fail:
744 /*
745 * Cancel all pending requests. We don't do a for-loop walking
746 * cli->pending because that array changes in
747 * cli_smb_req_destructor().
748 */
749 while (talloc_array_length(cli->pending) > 0) {
750 req = cli->pending[0];
751 talloc_set_destructor(req, NULL);
752 cli_smb_req_destructor(req);
753 tevent_req_nterror(req, status);
754 }
755 }
756
757 NTSTATUS cli_smb_recv(struct tevent_req *req, uint8_t min_wct,
758 uint8_t *pwct, uint16_t **pvwv,
759 uint32_t *pnum_bytes, uint8_t **pbytes)
760 {
761 struct cli_smb_state *state = tevent_req_data(
762 req, struct cli_smb_state);
763 NTSTATUS status = NT_STATUS_OK;
764 uint8_t cmd, wct;
765 uint16_t num_bytes;
766 size_t wct_ofs, bytes_offset;
767 int i;
768
769 if (tevent_req_is_nterror(req, &status)) {
770 return status;
771 }
772
773 if (state->inbuf == NULL) {
774 /* This was a request without a reply */
775 return NT_STATUS_OK;
776 }
777
778 wct_ofs = smb_wct;
779 cmd = CVAL(state->inbuf, smb_com);
780
781 for (i=0; i<state->chain_num; i++) {
782 if (i < state->chain_num-1) {
783 if (cmd == 0xff) {
784 return NT_STATUS_REQUEST_ABORTED;
785 }
786 if (!is_andx_req(cmd)) {
787 return NT_STATUS_INVALID_NETWORK_RESPONSE;
788 }
789 }
790
791 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
792 /*
793 * This request was not completed because a previous
794 * request in the chain had received an error.
795 */
796 return NT_STATUS_REQUEST_ABORTED;
797 }
798
799 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
800
801 /*
802 * Skip the all-present length field. No overflow, we've just
803 * put a 16-bit value into a size_t.
804 */
805 wct_ofs += 4;
806
807 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
808 return NT_STATUS_INVALID_NETWORK_RESPONSE;
809 }
810
811 cmd = CVAL(state->inbuf, wct_ofs + 1);
812 }
813
814 status = cli_pull_error((char *)state->inbuf);
815
816 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
817
818 if ((cmd == SMBsesssetupX)
819 && NT_STATUS_EQUAL(
820 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
821 /*
822 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
823 * valid return code for session setup
824 */
825 goto no_err;
826 }
827
828 if (NT_STATUS_IS_ERR(status)) {
829 /*
830 * The last command takes the error code. All
831 * further commands down the requested chain
832 * will get a NT_STATUS_REQUEST_ABORTED.
833 */
834 return status;
835 }
836 }
837
838 no_err:
839
840 wct = CVAL(state->inbuf, wct_ofs);
841 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
842 num_bytes = SVAL(state->inbuf, bytes_offset);
843
844 if (wct < min_wct) {
845 return NT_STATUS_INVALID_NETWORK_RESPONSE;
846 }
847
848 /*
849 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
850 * is a 16-bit value. So bytes_offset being size_t should be far from
851 * wrapping.
852 */
853 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
854 || (bytes_offset > 0xffff)) {
855 return NT_STATUS_INVALID_NETWORK_RESPONSE;
856 }
857
858 if (pwct != NULL) {
859 *pwct = wct;
860 }
861 if (pvwv != NULL) {
862 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
863 }
864 if (pnum_bytes != NULL) {
865 *pnum_bytes = num_bytes;
866 }
867 if (pbytes != NULL) {
868 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
869 }
870
871 return status;
872 }
873
874 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
875 {
876 size_t wct_ofs;
877 int i;
878
879 wct_ofs = smb_wct - 4;
880
881 for (i=0; i<num_reqs; i++) {
882 struct cli_smb_state *state;
883 state = tevent_req_data(reqs[i], struct cli_smb_state);
884 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
885 wct_ofs = (wct_ofs + 3) & ~3;
886 }
887 return wct_ofs;
888 }
889
890 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
891 {
892 struct cli_smb_state *first_state = tevent_req_data(
893 reqs[0], struct cli_smb_state);
894 struct cli_smb_state *last_state = tevent_req_data(
895 reqs[num_reqs-1], struct cli_smb_state);
896 struct cli_smb_state *state;
897 size_t wct_offset;
898 size_t chain_padding = 0;
899 int i, iovlen;
900 struct iovec *iov = NULL;
901 struct iovec *this_iov;
902 NTSTATUS status;
903
904 iovlen = 0;
905 for (i=0; i<num_reqs; i++) {
906 state = tevent_req_data(reqs[i], struct cli_smb_state);
907 iovlen += state->iov_count;
908 }
909
910 iov = talloc_array(last_state, struct iovec, iovlen);
911 if (iov == NULL) {
912 return NT_STATUS_NO_MEMORY;
913 }
914
915 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
916 last_state, reqs, sizeof(*reqs) * num_reqs);
917 if (first_state->chained_requests == NULL) {
918 TALLOC_FREE(iov);
919 return NT_STATUS_NO_MEMORY;
920 }
921
922 wct_offset = smb_wct - 4;
923 this_iov = iov;
924
925 for (i=0; i<num_reqs; i++) {
926 size_t next_padding = 0;
927 uint16_t *vwv;
928
929 state = tevent_req_data(reqs[i], struct cli_smb_state);
930
931 if (i < num_reqs-1) {
932 if (!is_andx_req(CVAL(state->header, smb_com))
933 || CVAL(state->header, smb_wct) < 2) {
934 TALLOC_FREE(iov);
935 TALLOC_FREE(first_state->chained_requests);
936 return NT_STATUS_INVALID_PARAMETER;
937 }
938 }
939
940 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
941 if ((wct_offset % 4) != 0) {
942 next_padding = 4 - (wct_offset % 4);
943 }
944 wct_offset += next_padding;
945 vwv = state->vwv;
946
947 if (i < num_reqs-1) {
948 struct cli_smb_state *next_state = tevent_req_data(
949 reqs[i+1], struct cli_smb_state);
950 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
951 SCVAL(vwv+0, 1, 0);
952 SSVAL(vwv+1, 0, wct_offset);
953 } else if (is_andx_req(CVAL(state->header, smb_com))) {
954 /* properly end the chain */
955 SCVAL(vwv+0, 0, 0xff);
956 SCVAL(vwv+0, 1, 0xff);
957 SSVAL(vwv+1, 0, 0);
958 }
959
960 if (i == 0) {
961 this_iov[0] = state->iov[0];
962 } else {
963 /*
964 * This one is a bit subtle. We have to add
965 * chain_padding bytes between the requests, and we
966 * have to also include the wct field of the
967 * subsequent requests. We use the subsequent header
968 * for the padding, it contains the wct field in its
969 * last byte.
970 */
971 this_iov[0].iov_len = chain_padding+1;
972 this_iov[0].iov_base = (void *)&state->header[
973 sizeof(state->header) - this_iov[0].iov_len];
974 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
975 }
976 memcpy(this_iov+1, state->iov+1,
977 sizeof(struct iovec) * (state->iov_count-1));
978 this_iov += state->iov_count;
979 chain_padding = next_padding;
980 }
981
982 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
983 if (!NT_STATUS_IS_OK(status)) {
984 TALLOC_FREE(iov);
985 TALLOC_FREE(first_state->chained_requests);
986 return status;
987 }
988
989 return NT_STATUS_OK;
990 }
991
992 uint8_t *cli_smb_inbuf(struct tevent_req *req)
993 {
994 struct cli_smb_state *state = tevent_req_data(
995 req, struct cli_smb_state);
996 return state->inbuf;
997 }
998
999 bool cli_has_async_calls(struct cli_state *cli)
1000 {
1001 return ((tevent_queue_length(cli->outgoing) != 0)
1002 || (talloc_array_length(cli->pending) != 0));
1003 }
1004
1005 struct cli_smb_oplock_break_waiter_state {
1006 uint16_t fnum;
1007 uint8_t level;
1008 };
1009
1010 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
1011
1012 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
1013 struct event_context *ev,
1014 struct cli_state *cli)
1015 {
1016 struct tevent_req *req, *subreq;
1017 struct cli_smb_oplock_break_waiter_state *state;
1018 struct cli_smb_state *smb_state;
1019
1020 req = tevent_req_create(mem_ctx, &state,
1021 struct cli_smb_oplock_break_waiter_state);
1022 if (req == NULL) {
1023 return NULL;
1024 }
1025
1026 /*
1027 * Create a fake SMB request that we will never send out. This is only
1028 * used to be set into the pending queue with the right mid.
1029 */
1030 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1031 if (tevent_req_nomem(subreq, req)) {
1032 return tevent_req_post(req, ev);
1033 }
1034 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1035 SSVAL(smb_state->header, smb_mid, 0xffff);
1036
1037 if (!cli_smb_req_set_pending(subreq)) {
1038 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1039 return tevent_req_post(req, ev);
1040 }
1041 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1042 return req;
1043 }
1044
1045 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1046 {
1047 struct tevent_req *req = tevent_req_callback_data(
1048 subreq, struct tevent_req);
1049 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1050 req, struct cli_smb_oplock_break_waiter_state);
1051 uint8_t wct;
1052 uint16_t *vwv;
1053 uint32_t num_bytes;
1054 uint8_t *bytes;
1055 NTSTATUS status;
1056
1057 status = cli_smb_recv(subreq, 8, &wct, &vwv, &num_bytes, &bytes);
1058 if (!NT_STATUS_IS_OK(status)) {
1059 TALLOC_FREE(subreq);
1060 tevent_req_nterror(req, status);
1061 return;
1062 }
1063 state->fnum = SVAL(vwv+2, 0);
1064 state->level = CVAL(vwv+3, 1);
1065 tevent_req_done(req);
1066 }
1067
1068 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1069 uint16_t *pfnum,
1070 uint8_t *plevel)
1071 {
1072 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1073 req, struct cli_smb_oplock_break_waiter_state);
1074 NTSTATUS status;
1075
1076 if (tevent_req_is_nterror(req, &status)) {
1077 return status;
1078 }
1079 *pfnum = state->fnum;
1080 *plevel = state->level;
1081 return NT_STATUS_OK;
1082 }
kamenim's samba4 branches