search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:torture/rpc/samba3rpc.c: make use of dcerpc_binding_handle stubs
[Samba/nascimento.git] / source3 / libsmb / async_smb.c
blob2f1f45c0a684dd6324401658b7783add00a14bf3
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 /*
23 * Read an smb packet asynchronously, discard keepalives
24 */
25
26 struct read_smb_state {
27 struct tevent_context *ev;
28 int fd;
29 uint8_t *buf;
30 };
31
32 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data);
33 static void read_smb_done(struct tevent_req *subreq);
34
35 static struct tevent_req *read_smb_send(TALLOC_CTX *mem_ctx,
36 struct tevent_context *ev,
37 int fd)
38 {
39 struct tevent_req *result, *subreq;
40 struct read_smb_state *state;
41
42 result = tevent_req_create(mem_ctx, &state, struct read_smb_state);
43 if (result == NULL) {
44 return NULL;
45 }
46 state->ev = ev;
47 state->fd = fd;
48
49 subreq = read_packet_send(state, ev, fd, 4, read_smb_more, NULL);
50 if (subreq == NULL) {
51 goto fail;
52 }
53 tevent_req_set_callback(subreq, read_smb_done, result);
54 return result;
55 fail:
56 TALLOC_FREE(result);
57 return NULL;
58 }
59
60 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data)
61 {
62 if (buflen > 4) {
63 return 0; /* We've been here, we're done */
64 }
65 return smb_len_large(buf);
66 }
67
68 static void read_smb_done(struct tevent_req *subreq)
69 {
70 struct tevent_req *req = tevent_req_callback_data(
71 subreq, struct tevent_req);
72 struct read_smb_state *state = tevent_req_data(
73 req, struct read_smb_state);
74 ssize_t len;
75 int err;
76
77 len = read_packet_recv(subreq, state, &state->buf, &err);
78 TALLOC_FREE(subreq);
79 if (len == -1) {
80 tevent_req_error(req, err);
81 return;
82 }
83
84 if (CVAL(state->buf, 0) == SMBkeepalive) {
85 subreq = read_packet_send(state, state->ev, state->fd, 4,
86 read_smb_more, NULL);
87 if (tevent_req_nomem(subreq, req)) {
88 return;
89 }
90 tevent_req_set_callback(subreq, read_smb_done, req);
91 return;
92 }
93 tevent_req_done(req);
94 }
95
96 static ssize_t read_smb_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
97 uint8_t **pbuf, int *perrno)
98 {
99 struct read_smb_state *state = tevent_req_data(
100 req, struct read_smb_state);
101
102 if (tevent_req_is_unix_error(req, perrno)) {
103 return -1;
104 }
105 *pbuf = talloc_move(mem_ctx, &state->buf);
106 return talloc_get_size(*pbuf);
107 }
108
109 /**
110 * Fetch an error out of a NBT packet
111 * @param[in] buf The SMB packet
112 * @retval The error, converted to NTSTATUS
113 */
114
115 NTSTATUS cli_pull_error(char *buf)
116 {
117 uint32_t flags2 = SVAL(buf, smb_flg2);
118
119 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
120 return NT_STATUS(IVAL(buf, smb_rcls));
121 }
122
123 /* if the client uses dos errors, but there is no error,
124 we should return no error here, otherwise it looks
125 like an unknown bad NT_STATUS. jmcd */
126 if (CVAL(buf, smb_rcls) == 0)
127 return NT_STATUS_OK;
128
129 return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
130 }
131
132 /**
133 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
134 * @param[in] cli The client connection that just received an error
135 * @param[in] status The error to set on "cli"
136 */
137
138 void cli_set_error(struct cli_state *cli, NTSTATUS status)
139 {
140 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
141
142 if (NT_STATUS_IS_DOS(status)) {
143 SSVAL(cli->inbuf, smb_flg2,
144 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
145 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
146 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
147 return;
148 }
149
150 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
151 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
152 return;
153 }
154
155 /**
156 * Figure out if there is an andx command behind the current one
157 * @param[in] buf The smb buffer to look at
158 * @param[in] ofs The offset to the wct field that is followed by the cmd
159 * @retval Is there a command following?
160 */
161
162 static bool have_andx_command(const char *buf, uint16_t ofs)
163 {
164 uint8_t wct;
165 size_t buflen = talloc_get_size(buf);
166
167 if ((ofs == buflen-1) || (ofs == buflen)) {
168 return false;
169 }
170
171 wct = CVAL(buf, ofs);
172 if (wct < 2) {
173 /*
174 * Not enough space for the command and a following pointer
175 */
176 return false;
177 }
178 return (CVAL(buf, ofs+1) != 0xff);
179 }
180
181 #define MAX_SMB_IOV 5
182
183 struct cli_smb_state {
184 struct tevent_context *ev;
185 struct cli_state *cli;
186 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
187
188 /*
189 * For normal requests, cli_smb_req_send chooses a mid. Secondary
190 * trans requests need to use the mid of the primary request, so we
191 * need a place to store it. Assume it's set if != 0.
192 */
193 uint16_t mid;
194
195 uint16_t *vwv;
196 uint8_t bytecount_buf[2];
197
198 struct iovec iov[MAX_SMB_IOV+3];
199 int iov_count;
200
201 uint8_t *inbuf;
202 uint32_t seqnum;
203 int chain_num;
204 int chain_length;
205 struct tevent_req **chained_requests;
206 };
207
208 static uint16_t cli_alloc_mid(struct cli_state *cli)
209 {
210 int num_pending = talloc_array_length(cli->pending);
211 uint16_t result;
212
213 while (true) {
214 int i;
215
216 result = cli->mid++;
217 if ((result == 0) || (result == 0xffff)) {
218 continue;
219 }
220
221 for (i=0; i<num_pending; i++) {
222 if (result == cli_smb_req_mid(cli->pending[i])) {
223 break;
224 }
225 }
226
227 if (i == num_pending) {
228 return result;
229 }
230 }
231 }
232
233 void cli_smb_req_unset_pending(struct tevent_req *req)
234 {
235 struct cli_smb_state *state = tevent_req_data(
236 req, struct cli_smb_state);
237 struct cli_state *cli = state->cli;
238 int num_pending = talloc_array_length(cli->pending);
239 int i;
240
241 if (num_pending == 1) {
242 /*
243 * The pending read_smb tevent_req is a child of
244 * cli->pending. So if nothing is pending anymore, we need to
245 * delete the socket read fde.
246 */
247 TALLOC_FREE(cli->pending);
248 return;
249 }
250
251 for (i=0; i<num_pending; i++) {
252 if (req == cli->pending[i]) {
253 break;
254 }
255 }
256 if (i == num_pending) {
257 /*
258 * Something's seriously broken. Just returning here is the
259 * right thing nevertheless, the point of this routine is to
260 * remove ourselves from cli->pending.
261 */
262 return;
263 }
264
265 /*
266 * Remove ourselves from the cli->pending array
267 */
268 if (num_pending > 1) {
269 cli->pending[i] = cli->pending[num_pending-1];
270 }
271
272 /*
273 * No NULL check here, we're shrinking by sizeof(void *), and
274 * talloc_realloc just adjusts the size for this.
275 */
276 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
277 num_pending - 1);
278 return;
279 }
280
281 static int cli_smb_req_destructor(struct tevent_req *req)
282 {
283 cli_smb_req_unset_pending(req);
284 return 0;
285 }
286
287 static void cli_smb_received(struct tevent_req *subreq);
288
289 bool cli_smb_req_set_pending(struct tevent_req *req)
290 {
291 struct cli_smb_state *state = tevent_req_data(
292 req, struct cli_smb_state);
293 struct cli_state *cli;
294 struct tevent_req **pending;
295 int num_pending;
296 struct tevent_req *subreq;
297
298 cli = state->cli;
299 num_pending = talloc_array_length(cli->pending);
300
301 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
302 num_pending+1);
303 if (pending == NULL) {
304 return false;
305 }
306 pending[num_pending] = req;
307 cli->pending = pending;
308 talloc_set_destructor(req, cli_smb_req_destructor);
309
310 if (num_pending > 0) {
311 return true;
312 }
313
314 /*
315 * We're the first ones, add the read_smb request that waits for the
316 * answer from the server
317 */
318 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
319 if (subreq == NULL) {
320 cli_smb_req_unset_pending(req);
321 return false;
322 }
323 tevent_req_set_callback(subreq, cli_smb_received, cli);
324 return true;
325 }
326
327 /*
328 * Fetch a smb request's mid. Only valid after the request has been sent by
329 * cli_smb_req_send().
330 */
331 uint16_t cli_smb_req_mid(struct tevent_req *req)
332 {
333 struct cli_smb_state *state = tevent_req_data(
334 req, struct cli_smb_state);
335 return SVAL(state->header, smb_mid);
336 }
337
338 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
339 {
340 struct cli_smb_state *state = tevent_req_data(
341 req, struct cli_smb_state);
342 state->mid = mid;
343 }
344
345 static size_t iov_len(const struct iovec *iov, int count)
346 {
347 size_t result = 0;
348 int i;
349 for (i=0; i<count; i++) {
350 result += iov[i].iov_len;
351 }
352 return result;
353 }
354
355 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
356 int count)
357 {
358 size_t len = iov_len(iov, count);
359 size_t copied;
360 uint8_t *buf;
361 int i;
362
363 buf = talloc_array(mem_ctx, uint8_t, len);
364 if (buf == NULL) {
365 return NULL;
366 }
367 copied = 0;
368 for (i=0; i<count; i++) {
369 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
370 copied += iov[i].iov_len;
371 }
372 return buf;
373 }
374
375 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
376 struct event_context *ev,
377 struct cli_state *cli,
378 uint8_t smb_command,
379 uint8_t additional_flags,
380 uint8_t wct, uint16_t *vwv,
381 int iov_count,
382 struct iovec *bytes_iov)
383 {
384 struct tevent_req *result;
385 struct cli_smb_state *state;
386 struct timeval endtime;
387
388 if (iov_count > MAX_SMB_IOV) {
389 /*
390 * Should not happen :-)
391 */
392 return NULL;
393 }
394
395 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
396 if (result == NULL) {
397 return NULL;
398 }
399 state->ev = ev;
400 state->cli = cli;
401 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
402 state->chain_num = 0;
403 state->chained_requests = NULL;
404
405 cli_setup_packet_buf(cli, (char *)state->header);
406 SCVAL(state->header, smb_com, smb_command);
407 SSVAL(state->header, smb_tid, cli->cnum);
408 SCVAL(state->header, smb_wct, wct);
409
410 state->vwv = vwv;
411
412 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
413
414 state->iov[0].iov_base = (void *)state->header;
415 state->iov[0].iov_len = sizeof(state->header);
416 state->iov[1].iov_base = (void *)state->vwv;
417 state->iov[1].iov_len = wct * sizeof(uint16_t);
418 state->iov[2].iov_base = (void *)state->bytecount_buf;
419 state->iov[2].iov_len = sizeof(uint16_t);
420
421 if (iov_count != 0) {
422 memcpy(&state->iov[3], bytes_iov,
423 iov_count * sizeof(*bytes_iov));
424 }
425 state->iov_count = iov_count + 3;
426
427 endtime = timeval_current_ofs(0, cli->timeout * 1000);
428 if (!tevent_req_set_endtime(result, ev, endtime)) {
429 tevent_req_nomem(NULL, result);
430 }
431 return result;
432 }
433
434 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
435 uint32_t *seqnum)
436 {
437 uint8_t *buf;
438
439 /*
440 * Obvious optimization: Make cli_calculate_sign_mac work with struct
441 * iovec directly. MD5Update would do that just fine.
442 */
443
444 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
445 return NT_STATUS_INVALID_PARAMETER;
446 }
447
448 buf = iov_concat(talloc_tos(), iov, count);
449 if (buf == NULL) {
450 return NT_STATUS_NO_MEMORY;
451 }
452
453 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
454 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
455
456 TALLOC_FREE(buf);
457 return NT_STATUS_OK;
458 }
459
460 static void cli_smb_sent(struct tevent_req *subreq);
461
462 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
463 struct cli_smb_state *state,
464 struct iovec *iov, int iov_count)
465 {
466 struct tevent_req *subreq;
467 NTSTATUS status;
468
469 if (state->cli->fd == -1) {
470 return NT_STATUS_CONNECTION_INVALID;
471 }
472
473 if (iov[0].iov_len < smb_wct) {
474 return NT_STATUS_INVALID_PARAMETER;
475 }
476
477 if (state->mid != 0) {
478 SSVAL(iov[0].iov_base, smb_mid, state->mid);
479 } else {
480 uint16_t mid = cli_alloc_mid(state->cli);
481 SSVAL(iov[0].iov_base, smb_mid, mid);
482 }
483
484 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
485
486 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
487
488 if (!NT_STATUS_IS_OK(status)) {
489 return status;
490 }
491
492 if (cli_encryption_on(state->cli)) {
493 char *buf, *enc_buf;
494
495 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
496 if (buf == NULL) {
497 return NT_STATUS_NO_MEMORY;
498 }
499 status = cli_encrypt_message(state->cli, (char *)buf,
500 &enc_buf);
501 TALLOC_FREE(buf);
502 if (!NT_STATUS_IS_OK(status)) {
503 DEBUG(0, ("Error in encrypting client message: %s\n",
504 nt_errstr(status)));
505 return status;
506 }
507 buf = (char *)talloc_memdup(state, enc_buf,
508 smb_len(enc_buf)+4);
509 SAFE_FREE(enc_buf);
510 if (buf == NULL) {
511 return NT_STATUS_NO_MEMORY;
512 }
513 iov[0].iov_base = (void *)buf;
514 iov[0].iov_len = talloc_get_size(buf);
515 iov_count = 1;
516 }
517 subreq = writev_send(state, state->ev, state->cli->outgoing,
518 state->cli->fd, false, iov, iov_count);
519 if (subreq == NULL) {
520 return NT_STATUS_NO_MEMORY;
521 }
522 tevent_req_set_callback(subreq, cli_smb_sent, req);
523 return NT_STATUS_OK;
524 }
525
526 NTSTATUS cli_smb_req_send(struct tevent_req *req)
527 {
528 struct cli_smb_state *state = tevent_req_data(
529 req, struct cli_smb_state);
530
531 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
532 }
533
534 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
535 struct event_context *ev,
536 struct cli_state *cli,
537 uint8_t smb_command,
538 uint8_t additional_flags,
539 uint8_t wct, uint16_t *vwv,
540 uint32_t num_bytes,
541 const uint8_t *bytes)
542 {
543 struct tevent_req *req;
544 struct iovec iov;
545 NTSTATUS status;
546
547 iov.iov_base = CONST_DISCARD(void *, bytes);
548 iov.iov_len = num_bytes;
549
550 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
551 additional_flags, wct, vwv, 1, &iov);
552 if (req == NULL) {
553 return NULL;
554 }
555
556 status = cli_smb_req_send(req);
557 if (!NT_STATUS_IS_OK(status)) {
558 tevent_req_nterror(req, status);
559 return tevent_req_post(req, ev);
560 }
561 return req;
562 }
563
564 static void cli_smb_sent(struct tevent_req *subreq)
565 {
566 struct tevent_req *req = tevent_req_callback_data(
567 subreq, struct tevent_req);
568 struct cli_smb_state *state = tevent_req_data(
569 req, struct cli_smb_state);
570 ssize_t nwritten;
571 int err;
572
573 nwritten = writev_recv(subreq, &err);
574 TALLOC_FREE(subreq);
575 if (nwritten == -1) {
576 if (state->cli->fd != -1) {
577 close(state->cli->fd);
578 state->cli->fd = -1;
579 }
580 tevent_req_nterror(req, map_nt_error_from_unix(err));
581 return;
582 }
583
584 switch (CVAL(state->header, smb_com)) {
585 case SMBtranss:
586 case SMBtranss2:
587 case SMBnttranss:
588 case SMBntcancel:
589 state->inbuf = NULL;
590 tevent_req_done(req);
591 return;
592 case SMBlockingX:
593 if ((CVAL(state->header, smb_wct) == 8) &&
594 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
595 state->inbuf = NULL;
596 tevent_req_done(req);
597 return;
598 }
599 }
600
601 if (!cli_smb_req_set_pending(req)) {
602 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
603 return;
604 }
605 }
606
607 static void cli_smb_received(struct tevent_req *subreq)
608 {
609 struct cli_state *cli = tevent_req_callback_data(
610 subreq, struct cli_state);
611 struct tevent_req *req;
612 struct cli_smb_state *state;
613 NTSTATUS status;
614 uint8_t *inbuf;
615 ssize_t received;
616 int num_pending;
617 int i, err;
618 uint16_t mid;
619 bool oplock_break;
620
621 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
622 TALLOC_FREE(subreq);
623 if (received == -1) {
624 if (cli->fd != -1) {
625 close(cli->fd);
626 cli->fd = -1;
627 }
628 status = map_nt_error_from_unix(err);
629 goto fail;
630 }
631
632 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
633 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
634 DEBUG(10, ("Got non-SMB PDU\n"));
635 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
636 goto fail;
637 }
638
639 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
640 uint16_t enc_ctx_num;
641
642 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
643 if (!NT_STATUS_IS_OK(status)) {
644 DEBUG(10, ("get_enc_ctx_num returned %s\n",
645 nt_errstr(status)));
646 goto fail;
647 }
648
649 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
650 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
651 enc_ctx_num,
652 cli->trans_enc_state->enc_ctx_num));
653 status = NT_STATUS_INVALID_HANDLE;
654 goto fail;
655 }
656
657 status = common_decrypt_buffer(cli->trans_enc_state,
658 (char *)inbuf);
659 if (!NT_STATUS_IS_OK(status)) {
660 DEBUG(10, ("common_decrypt_buffer returned %s\n",
661 nt_errstr(status)));
662 goto fail;
663 }
664 }
665
666 mid = SVAL(inbuf, smb_mid);
667 num_pending = talloc_array_length(cli->pending);
668
669 for (i=0; i<num_pending; i++) {
670 if (mid == cli_smb_req_mid(cli->pending[i])) {
671 break;
672 }
673 }
674 if (i == num_pending) {
675 /* Dump unexpected reply */
676 TALLOC_FREE(inbuf);
677 goto done;
678 }
679
680 oplock_break = false;
681
682 if (mid == 0xffff) {
683 /*
684 * Paranoia checks that this is really an oplock break request.
685 */
686 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
687 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
688 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
689 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
690 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
691
692 if (!oplock_break) {
693 /* Dump unexpected reply */
694 TALLOC_FREE(inbuf);
695 goto done;
696 }
697 }
698
699 req = cli->pending[i];
700 state = tevent_req_data(req, struct cli_smb_state);
701
702 if (!oplock_break /* oplock breaks are not signed */
703 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
704 DEBUG(10, ("cli_check_sign_mac failed\n"));
705 TALLOC_FREE(inbuf);
706 status = NT_STATUS_ACCESS_DENIED;
707 goto fail;
708 }
709
710 if (state->chained_requests == NULL) {
711 state->inbuf = talloc_move(state, &inbuf);
712 talloc_set_destructor(req, NULL);
713 cli_smb_req_destructor(req);
714 state->chain_num = 0;
715 state->chain_length = 1;
716 tevent_req_done(req);
717 } else {
718 struct tevent_req **chain = talloc_move(
719 talloc_tos(), &state->chained_requests);
720 int num_chained = talloc_array_length(chain);
721
722 for (i=0; i<num_chained; i++) {
723 state = tevent_req_data(chain[i], struct
724 cli_smb_state);
725 state->inbuf = inbuf;
726 state->chain_num = i;
727 state->chain_length = num_chained;
728 tevent_req_done(chain[i]);
729 }
730 TALLOC_FREE(inbuf);
731 TALLOC_FREE(chain);
732 }
733 done:
734 if (talloc_array_length(cli->pending) > 0) {
735 /*
736 * Set up another read request for the other pending cli_smb
737 * requests
738 */
739 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
740 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
741 if (subreq == NULL) {
742 status = NT_STATUS_NO_MEMORY;
743 goto fail;
744 }
745 tevent_req_set_callback(subreq, cli_smb_received, cli);
746 }
747 return;
748 fail:
749 /*
750 * Cancel all pending requests. We don't do a for-loop walking
751 * cli->pending because that array changes in
752 * cli_smb_req_destructor().
753 */
754 while (talloc_array_length(cli->pending) > 0) {
755 req = cli->pending[0];
756 talloc_set_destructor(req, NULL);
757 cli_smb_req_destructor(req);
758 tevent_req_nterror(req, status);
759 }
760 }
761
762 NTSTATUS cli_smb_recv(struct tevent_req *req,
763 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
764 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
765 uint32_t *pnum_bytes, uint8_t **pbytes)
766 {
767 struct cli_smb_state *state = tevent_req_data(
768 req, struct cli_smb_state);
769 NTSTATUS status = NT_STATUS_OK;
770 uint8_t cmd, wct;
771 uint16_t num_bytes;
772 size_t wct_ofs, bytes_offset;
773 int i;
774
775 if (tevent_req_is_nterror(req, &status)) {
776 return status;
777 }
778
779 if (state->inbuf == NULL) {
780 /* This was a request without a reply */
781 return NT_STATUS_OK;
782 }
783
784 wct_ofs = smb_wct;
785 cmd = CVAL(state->inbuf, smb_com);
786
787 for (i=0; i<state->chain_num; i++) {
788 if (i < state->chain_num-1) {
789 if (cmd == 0xff) {
790 return NT_STATUS_REQUEST_ABORTED;
791 }
792 if (!is_andx_req(cmd)) {
793 return NT_STATUS_INVALID_NETWORK_RESPONSE;
794 }
795 }
796
797 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
798 /*
799 * This request was not completed because a previous
800 * request in the chain had received an error.
801 */
802 return NT_STATUS_REQUEST_ABORTED;
803 }
804
805 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
806
807 /*
808 * Skip the all-present length field. No overflow, we've just
809 * put a 16-bit value into a size_t.
810 */
811 wct_ofs += 4;
812
813 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
814 return NT_STATUS_INVALID_NETWORK_RESPONSE;
815 }
816
817 cmd = CVAL(state->inbuf, wct_ofs + 1);
818 }
819
820 status = cli_pull_error((char *)state->inbuf);
821
822 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
823
824 if ((cmd == SMBsesssetupX)
825 && NT_STATUS_EQUAL(
826 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
827 /*
828 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
829 * valid return code for session setup
830 */
831 goto no_err;
832 }
833
834 if (NT_STATUS_IS_ERR(status)) {
835 /*
836 * The last command takes the error code. All
837 * further commands down the requested chain
838 * will get a NT_STATUS_REQUEST_ABORTED.
839 */
840 return status;
841 }
842 }
843
844 no_err:
845
846 wct = CVAL(state->inbuf, wct_ofs);
847 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
848 num_bytes = SVAL(state->inbuf, bytes_offset);
849
850 if (wct < min_wct) {
851 return NT_STATUS_INVALID_NETWORK_RESPONSE;
852 }
853
854 /*
855 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
856 * is a 16-bit value. So bytes_offset being size_t should be far from
857 * wrapping.
858 */
859 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
860 || (bytes_offset > 0xffff)) {
861 return NT_STATUS_INVALID_NETWORK_RESPONSE;
862 }
863
864 if (pwct != NULL) {
865 *pwct = wct;
866 }
867 if (pvwv != NULL) {
868 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
869 }
870 if (pnum_bytes != NULL) {
871 *pnum_bytes = num_bytes;
872 }
873 if (pbytes != NULL) {
874 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
875 }
876 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
877 if (state->chain_num == state->chain_length-1) {
878 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
879 } else {
880 *pinbuf = state->inbuf;
881 }
882 }
883
884 return status;
885 }
886
887 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
888 {
889 size_t wct_ofs;
890 int i;
891
892 wct_ofs = smb_wct - 4;
893
894 for (i=0; i<num_reqs; i++) {
895 struct cli_smb_state *state;
896 state = tevent_req_data(reqs[i], struct cli_smb_state);
897 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
898 wct_ofs = (wct_ofs + 3) & ~3;
899 }
900 return wct_ofs;
901 }
902
903 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
904 {
905 struct cli_smb_state *first_state = tevent_req_data(
906 reqs[0], struct cli_smb_state);
907 struct cli_smb_state *last_state = tevent_req_data(
908 reqs[num_reqs-1], struct cli_smb_state);
909 struct cli_smb_state *state;
910 size_t wct_offset;
911 size_t chain_padding = 0;
912 int i, iovlen;
913 struct iovec *iov = NULL;
914 struct iovec *this_iov;
915 NTSTATUS status;
916
917 iovlen = 0;
918 for (i=0; i<num_reqs; i++) {
919 state = tevent_req_data(reqs[i], struct cli_smb_state);
920 iovlen += state->iov_count;
921 }
922
923 iov = talloc_array(last_state, struct iovec, iovlen);
924 if (iov == NULL) {
925 return NT_STATUS_NO_MEMORY;
926 }
927
928 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
929 last_state, reqs, sizeof(*reqs) * num_reqs);
930 if (first_state->chained_requests == NULL) {
931 TALLOC_FREE(iov);
932 return NT_STATUS_NO_MEMORY;
933 }
934
935 wct_offset = smb_wct - 4;
936 this_iov = iov;
937
938 for (i=0; i<num_reqs; i++) {
939 size_t next_padding = 0;
940 uint16_t *vwv;
941
942 state = tevent_req_data(reqs[i], struct cli_smb_state);
943
944 if (i < num_reqs-1) {
945 if (!is_andx_req(CVAL(state->header, smb_com))
946 || CVAL(state->header, smb_wct) < 2) {
947 TALLOC_FREE(iov);
948 TALLOC_FREE(first_state->chained_requests);
949 return NT_STATUS_INVALID_PARAMETER;
950 }
951 }
952
953 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
954 if ((wct_offset % 4) != 0) {
955 next_padding = 4 - (wct_offset % 4);
956 }
957 wct_offset += next_padding;
958 vwv = state->vwv;
959
960 if (i < num_reqs-1) {
961 struct cli_smb_state *next_state = tevent_req_data(
962 reqs[i+1], struct cli_smb_state);
963 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
964 SCVAL(vwv+0, 1, 0);
965 SSVAL(vwv+1, 0, wct_offset);
966 } else if (is_andx_req(CVAL(state->header, smb_com))) {
967 /* properly end the chain */
968 SCVAL(vwv+0, 0, 0xff);
969 SCVAL(vwv+0, 1, 0xff);
970 SSVAL(vwv+1, 0, 0);
971 }
972
973 if (i == 0) {
974 this_iov[0] = state->iov[0];
975 } else {
976 /*
977 * This one is a bit subtle. We have to add
978 * chain_padding bytes between the requests, and we
979 * have to also include the wct field of the
980 * subsequent requests. We use the subsequent header
981 * for the padding, it contains the wct field in its
982 * last byte.
983 */
984 this_iov[0].iov_len = chain_padding+1;
985 this_iov[0].iov_base = (void *)&state->header[
986 sizeof(state->header) - this_iov[0].iov_len];
987 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
988 }
989 memcpy(this_iov+1, state->iov+1,
990 sizeof(struct iovec) * (state->iov_count-1));
991 this_iov += state->iov_count;
992 chain_padding = next_padding;
993 }
994
995 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
996 if (!NT_STATUS_IS_OK(status)) {
997 TALLOC_FREE(iov);
998 TALLOC_FREE(first_state->chained_requests);
999 return status;
1000 }
1001
1002 return NT_STATUS_OK;
1003 }
1004
1005 uint8_t *cli_smb_inbuf(struct tevent_req *req)
1006 {
1007 struct cli_smb_state *state = tevent_req_data(
1008 req, struct cli_smb_state);
1009 return state->inbuf;
1010 }
1011
1012 bool cli_has_async_calls(struct cli_state *cli)
1013 {
1014 return ((tevent_queue_length(cli->outgoing) != 0)
1015 || (talloc_array_length(cli->pending) != 0));
1016 }
1017
1018 struct cli_smb_oplock_break_waiter_state {
1019 uint16_t fnum;
1020 uint8_t level;
1021 };
1022
1023 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
1024
1025 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
1026 struct event_context *ev,
1027 struct cli_state *cli)
1028 {
1029 struct tevent_req *req, *subreq;
1030 struct cli_smb_oplock_break_waiter_state *state;
1031 struct cli_smb_state *smb_state;
1032
1033 req = tevent_req_create(mem_ctx, &state,
1034 struct cli_smb_oplock_break_waiter_state);
1035 if (req == NULL) {
1036 return NULL;
1037 }
1038
1039 /*
1040 * Create a fake SMB request that we will never send out. This is only
1041 * used to be set into the pending queue with the right mid.
1042 */
1043 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1044 if (tevent_req_nomem(subreq, req)) {
1045 return tevent_req_post(req, ev);
1046 }
1047 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1048 SSVAL(smb_state->header, smb_mid, 0xffff);
1049
1050 if (!cli_smb_req_set_pending(subreq)) {
1051 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1052 return tevent_req_post(req, ev);
1053 }
1054 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1055 return req;
1056 }
1057
1058 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1059 {
1060 struct tevent_req *req = tevent_req_callback_data(
1061 subreq, struct tevent_req);
1062 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1063 req, struct cli_smb_oplock_break_waiter_state);
1064 uint8_t wct;
1065 uint16_t *vwv;
1066 uint32_t num_bytes;
1067 uint8_t *bytes;
1068 uint8_t *inbuf;
1069 NTSTATUS status;
1070
1071 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1072 &num_bytes, &bytes);
1073 TALLOC_FREE(subreq);
1074 if (!NT_STATUS_IS_OK(status)) {
1075 tevent_req_nterror(req, status);
1076 return;
1077 }
1078 state->fnum = SVAL(vwv+2, 0);
1079 state->level = CVAL(vwv+3, 1);
1080 tevent_req_done(req);
1081 }
1082
1083 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1084 uint16_t *pfnum,
1085 uint8_t *plevel)
1086 {
1087 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1088 req, struct cli_smb_oplock_break_waiter_state);
1089 NTSTATUS status;
1090
1091 if (tevent_req_is_nterror(req, &status)) {
1092 return status;
1093 }
1094 *pfnum = state->fnum;
1095 *plevel = state->level;
1096 return NT_STATUS_OK;
1097 }