2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "../lib/async_req/async_sock.h"
22 #include "async_smb.h"
25 * Read an smb packet asynchronously, discard keepalives
28 struct read_smb_state
{
29 struct tevent_context
*ev
;
34 static ssize_t
read_smb_more(uint8_t *buf
, size_t buflen
, void *private_data
);
35 static void read_smb_done(struct tevent_req
*subreq
);
37 static struct tevent_req
*read_smb_send(TALLOC_CTX
*mem_ctx
,
38 struct tevent_context
*ev
,
41 struct tevent_req
*result
, *subreq
;
42 struct read_smb_state
*state
;
44 result
= tevent_req_create(mem_ctx
, &state
, struct read_smb_state
);
51 subreq
= read_packet_send(state
, ev
, fd
, 4, read_smb_more
, NULL
);
55 tevent_req_set_callback(subreq
, read_smb_done
, result
);
62 static ssize_t
read_smb_more(uint8_t *buf
, size_t buflen
, void *private_data
)
65 return 0; /* We've been here, we're done */
67 return smb_len_large(buf
);
70 static void read_smb_done(struct tevent_req
*subreq
)
72 struct tevent_req
*req
= tevent_req_callback_data(
73 subreq
, struct tevent_req
);
74 struct read_smb_state
*state
= tevent_req_data(
75 req
, struct read_smb_state
);
79 len
= read_packet_recv(subreq
, state
, &state
->buf
, &err
);
82 tevent_req_error(req
, err
);
86 if (CVAL(state
->buf
, 0) == SMBkeepalive
) {
87 subreq
= read_packet_send(state
, state
->ev
, state
->fd
, 4,
89 if (tevent_req_nomem(subreq
, req
)) {
92 tevent_req_set_callback(subreq
, read_smb_done
, req
);
98 static ssize_t
read_smb_recv(struct tevent_req
*req
, TALLOC_CTX
*mem_ctx
,
99 uint8_t **pbuf
, int *perrno
)
101 struct read_smb_state
*state
= tevent_req_data(
102 req
, struct read_smb_state
);
104 if (tevent_req_is_unix_error(req
, perrno
)) {
107 *pbuf
= talloc_move(mem_ctx
, &state
->buf
);
108 return talloc_get_size(*pbuf
);
112 * Fetch an error out of a NBT packet
113 * @param[in] buf The SMB packet
114 * @retval The error, converted to NTSTATUS
117 NTSTATUS
cli_pull_error(char *buf
)
119 uint32_t flags2
= SVAL(buf
, smb_flg2
);
121 if (flags2
& FLAGS2_32_BIT_ERROR_CODES
) {
122 return NT_STATUS(IVAL(buf
, smb_rcls
));
125 return dos_to_ntstatus(CVAL(buf
, smb_rcls
), SVAL(buf
,smb_err
));
129 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
130 * @param[in] cli The client connection that just received an error
131 * @param[in] status The error to set on "cli"
134 void cli_set_error(struct cli_state
*cli
, NTSTATUS status
)
136 uint32_t flags2
= SVAL(cli
->inbuf
, smb_flg2
);
138 if (NT_STATUS_IS_DOS(status
)) {
139 SSVAL(cli
->inbuf
, smb_flg2
,
140 flags2
& ~FLAGS2_32_BIT_ERROR_CODES
);
141 SCVAL(cli
->inbuf
, smb_rcls
, NT_STATUS_DOS_CLASS(status
));
142 SSVAL(cli
->inbuf
, smb_err
, NT_STATUS_DOS_CODE(status
));
146 SSVAL(cli
->inbuf
, smb_flg2
, flags2
| FLAGS2_32_BIT_ERROR_CODES
);
147 SIVAL(cli
->inbuf
, smb_rcls
, NT_STATUS_V(status
));
152 * Figure out if there is an andx command behind the current one
153 * @param[in] buf The smb buffer to look at
154 * @param[in] ofs The offset to the wct field that is followed by the cmd
155 * @retval Is there a command following?
158 static bool have_andx_command(const char *buf
, uint16_t ofs
)
161 size_t buflen
= talloc_get_size(buf
);
163 if ((ofs
== buflen
-1) || (ofs
== buflen
)) {
167 wct
= CVAL(buf
, ofs
);
170 * Not enough space for the command and a following pointer
174 return (CVAL(buf
, ofs
+1) != 0xff);
177 #define MAX_SMB_IOV 5
179 struct cli_smb_state
{
180 struct tevent_context
*ev
;
181 struct cli_state
*cli
;
182 uint8_t header
[smb_wct
+1]; /* Space for the header including the wct */
185 * For normal requests, cli_smb_req_send chooses a mid. Secondary
186 * trans requests need to use the mid of the primary request, so we
187 * need a place to store it. Assume it's set if != 0.
192 uint8_t bytecount_buf
[2];
194 struct iovec iov
[MAX_SMB_IOV
+3];
201 struct tevent_req
**chained_requests
;
204 static uint16_t cli_alloc_mid(struct cli_state
*cli
)
206 int num_pending
= talloc_array_length(cli
->pending
);
213 if ((result
== 0) || (result
== 0xffff)) {
217 for (i
=0; i
<num_pending
; i
++) {
218 if (result
== cli_smb_req_mid(cli
->pending
[i
])) {
223 if (i
== num_pending
) {
229 void cli_smb_req_unset_pending(struct tevent_req
*req
)
231 struct cli_smb_state
*state
= tevent_req_data(
232 req
, struct cli_smb_state
);
233 struct cli_state
*cli
= state
->cli
;
234 int num_pending
= talloc_array_length(cli
->pending
);
237 if (num_pending
== 1) {
239 * The pending read_smb tevent_req is a child of
240 * cli->pending. So if nothing is pending anymore, we need to
241 * delete the socket read fde.
243 TALLOC_FREE(cli
->pending
);
247 for (i
=0; i
<num_pending
; i
++) {
248 if (req
== cli
->pending
[i
]) {
252 if (i
== num_pending
) {
254 * Something's seriously broken. Just returning here is the
255 * right thing nevertheless, the point of this routine is to
256 * remove ourselves from cli->pending.
262 * Remove ourselves from the cli->pending array
264 if (num_pending
> 1) {
265 cli
->pending
[i
] = cli
->pending
[num_pending
-1];
269 * No NULL check here, we're shrinking by sizeof(void *), and
270 * talloc_realloc just adjusts the size for this.
272 cli
->pending
= talloc_realloc(NULL
, cli
->pending
, struct tevent_req
*,
277 static int cli_smb_req_destructor(struct tevent_req
*req
)
279 cli_smb_req_unset_pending(req
);
283 static void cli_smb_received(struct tevent_req
*subreq
);
285 bool cli_smb_req_set_pending(struct tevent_req
*req
)
287 struct cli_smb_state
*state
= tevent_req_data(
288 req
, struct cli_smb_state
);
289 struct cli_state
*cli
;
290 struct tevent_req
**pending
;
292 struct tevent_req
*subreq
;
295 num_pending
= talloc_array_length(cli
->pending
);
297 pending
= talloc_realloc(cli
, cli
->pending
, struct tevent_req
*,
299 if (pending
== NULL
) {
302 pending
[num_pending
] = req
;
303 cli
->pending
= pending
;
304 talloc_set_destructor(req
, cli_smb_req_destructor
);
306 if (num_pending
> 0) {
311 * We're the first ones, add the read_smb request that waits for the
312 * answer from the server
314 subreq
= read_smb_send(cli
->pending
, state
->ev
, cli
->fd
);
315 if (subreq
== NULL
) {
316 cli_smb_req_unset_pending(req
);
319 tevent_req_set_callback(subreq
, cli_smb_received
, cli
);
324 * Fetch a smb request's mid. Only valid after the request has been sent by
325 * cli_smb_req_send().
327 uint16_t cli_smb_req_mid(struct tevent_req
*req
)
329 struct cli_smb_state
*state
= tevent_req_data(
330 req
, struct cli_smb_state
);
331 return SVAL(state
->header
, smb_mid
);
334 void cli_smb_req_set_mid(struct tevent_req
*req
, uint16_t mid
)
336 struct cli_smb_state
*state
= tevent_req_data(
337 req
, struct cli_smb_state
);
341 static size_t iov_len(const struct iovec
*iov
, int count
)
345 for (i
=0; i
<count
; i
++) {
346 result
+= iov
[i
].iov_len
;
351 static uint8_t *iov_concat(TALLOC_CTX
*mem_ctx
, const struct iovec
*iov
,
354 size_t len
= iov_len(iov
, count
);
359 buf
= talloc_array(mem_ctx
, uint8_t, len
);
364 for (i
=0; i
<count
; i
++) {
365 memcpy(buf
+copied
, iov
[i
].iov_base
, iov
[i
].iov_len
);
366 copied
+= iov
[i
].iov_len
;
371 struct tevent_req
*cli_smb_req_create(TALLOC_CTX
*mem_ctx
,
372 struct event_context
*ev
,
373 struct cli_state
*cli
,
375 uint8_t additional_flags
,
376 uint8_t wct
, uint16_t *vwv
,
378 struct iovec
*bytes_iov
)
380 struct tevent_req
*result
;
381 struct cli_smb_state
*state
;
382 struct timeval endtime
;
384 if (iov_count
> MAX_SMB_IOV
) {
386 * Should not happen :-)
391 result
= tevent_req_create(mem_ctx
, &state
, struct cli_smb_state
);
392 if (result
== NULL
) {
397 state
->mid
= 0; /* Set to auto-choose in cli_smb_req_send */
398 state
->chain_num
= 0;
399 state
->chained_requests
= NULL
;
401 cli_setup_packet_buf(cli
, (char *)state
->header
);
402 SCVAL(state
->header
, smb_com
, smb_command
);
403 SSVAL(state
->header
, smb_tid
, cli
->cnum
);
404 SCVAL(state
->header
, smb_wct
, wct
);
408 SSVAL(state
->bytecount_buf
, 0, iov_len(bytes_iov
, iov_count
));
410 state
->iov
[0].iov_base
= (void *)state
->header
;
411 state
->iov
[0].iov_len
= sizeof(state
->header
);
412 state
->iov
[1].iov_base
= (void *)state
->vwv
;
413 state
->iov
[1].iov_len
= wct
* sizeof(uint16_t);
414 state
->iov
[2].iov_base
= (void *)state
->bytecount_buf
;
415 state
->iov
[2].iov_len
= sizeof(uint16_t);
417 if (iov_count
!= 0) {
418 memcpy(&state
->iov
[3], bytes_iov
,
419 iov_count
* sizeof(*bytes_iov
));
421 state
->iov_count
= iov_count
+ 3;
424 endtime
= timeval_current_ofs(0, cli
->timeout
* 1000);
425 if (!tevent_req_set_endtime(result
, ev
, endtime
)) {
426 tevent_req_nomem(NULL
, result
);
432 static NTSTATUS
cli_signv(struct cli_state
*cli
, struct iovec
*iov
, int count
,
438 * Obvious optimization: Make cli_calculate_sign_mac work with struct
439 * iovec directly. MD5Update would do that just fine.
442 if ((count
<= 0) || (iov
[0].iov_len
< smb_wct
)) {
443 return NT_STATUS_INVALID_PARAMETER
;
446 buf
= iov_concat(talloc_tos(), iov
, count
);
448 return NT_STATUS_NO_MEMORY
;
451 cli_calculate_sign_mac(cli
, (char *)buf
, seqnum
);
452 memcpy(iov
[0].iov_base
, buf
, iov
[0].iov_len
);
458 static void cli_smb_sent(struct tevent_req
*subreq
);
460 static NTSTATUS
cli_smb_req_iov_send(struct tevent_req
*req
,
461 struct cli_smb_state
*state
,
462 struct iovec
*iov
, int iov_count
)
464 struct tevent_req
*subreq
;
467 if (state
->cli
->fd
== -1) {
468 return NT_STATUS_CONNECTION_INVALID
;
471 if (iov
[0].iov_len
< smb_wct
) {
472 return NT_STATUS_INVALID_PARAMETER
;
475 if (state
->mid
!= 0) {
476 SSVAL(iov
[0].iov_base
, smb_mid
, state
->mid
);
478 uint16_t mid
= cli_alloc_mid(state
->cli
);
479 SSVAL(iov
[0].iov_base
, smb_mid
, mid
);
482 smb_setlen((char *)iov
[0].iov_base
, iov_len(iov
, iov_count
) - 4);
484 status
= cli_signv(state
->cli
, iov
, iov_count
, &state
->seqnum
);
486 if (!NT_STATUS_IS_OK(status
)) {
490 if (cli_encryption_on(state
->cli
)) {
493 buf
= (char *)iov_concat(talloc_tos(), iov
, iov_count
);
495 return NT_STATUS_NO_MEMORY
;
497 status
= cli_encrypt_message(state
->cli
, (char *)buf
,
500 if (!NT_STATUS_IS_OK(status
)) {
501 DEBUG(0, ("Error in encrypting client message: %s\n",
505 buf
= (char *)talloc_memdup(state
, enc_buf
,
509 return NT_STATUS_NO_MEMORY
;
511 iov
[0].iov_base
= (void *)buf
;
512 iov
[0].iov_len
= talloc_get_size(buf
);
515 subreq
= writev_send(state
, state
->ev
, state
->cli
->outgoing
,
516 state
->cli
->fd
, false, iov
, iov_count
);
517 if (subreq
== NULL
) {
518 return NT_STATUS_NO_MEMORY
;
520 tevent_req_set_callback(subreq
, cli_smb_sent
, req
);
524 NTSTATUS
cli_smb_req_send(struct tevent_req
*req
)
526 struct cli_smb_state
*state
= tevent_req_data(
527 req
, struct cli_smb_state
);
529 return cli_smb_req_iov_send(req
, state
, state
->iov
, state
->iov_count
);
532 struct tevent_req
*cli_smb_send(TALLOC_CTX
*mem_ctx
,
533 struct event_context
*ev
,
534 struct cli_state
*cli
,
536 uint8_t additional_flags
,
537 uint8_t wct
, uint16_t *vwv
,
539 const uint8_t *bytes
)
541 struct tevent_req
*req
;
545 iov
.iov_base
= CONST_DISCARD(void *, bytes
);
546 iov
.iov_len
= num_bytes
;
548 req
= cli_smb_req_create(mem_ctx
, ev
, cli
, smb_command
,
549 additional_flags
, wct
, vwv
, 1, &iov
);
554 status
= cli_smb_req_send(req
);
555 if (!NT_STATUS_IS_OK(status
)) {
556 tevent_req_nterror(req
, status
);
557 return tevent_req_post(req
, ev
);
562 static void cli_smb_sent(struct tevent_req
*subreq
)
564 struct tevent_req
*req
= tevent_req_callback_data(
565 subreq
, struct tevent_req
);
566 struct cli_smb_state
*state
= tevent_req_data(
567 req
, struct cli_smb_state
);
571 nwritten
= writev_recv(subreq
, &err
);
573 if (nwritten
== -1) {
574 if (state
->cli
->fd
!= -1) {
575 close(state
->cli
->fd
);
578 tevent_req_nterror(req
, map_nt_error_from_unix(err
));
582 switch (CVAL(state
->header
, smb_com
)) {
588 tevent_req_done(req
);
591 if ((CVAL(state
->header
, smb_wct
) == 8) &&
592 (CVAL(state
->vwv
+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE
)) {
594 tevent_req_done(req
);
599 if (!cli_smb_req_set_pending(req
)) {
600 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
605 static void cli_smb_received(struct tevent_req
*subreq
)
607 struct cli_state
*cli
= tevent_req_callback_data(
608 subreq
, struct cli_state
);
609 struct tevent_req
*req
;
610 struct cli_smb_state
*state
;
619 received
= read_smb_recv(subreq
, talloc_tos(), &inbuf
, &err
);
621 if (received
== -1) {
626 status
= map_nt_error_from_unix(err
);
630 if ((IVAL(inbuf
, 4) != 0x424d53ff) /* 0xFF"SMB" */
631 && (SVAL(inbuf
, 4) != 0x45ff)) /* 0xFF"E" */ {
632 DEBUG(10, ("Got non-SMB PDU\n"));
633 status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
637 if (cli_encryption_on(cli
) && (CVAL(inbuf
, 0) == 0)) {
638 uint16_t enc_ctx_num
;
640 status
= get_enc_ctx_num(inbuf
, &enc_ctx_num
);
641 if (!NT_STATUS_IS_OK(status
)) {
642 DEBUG(10, ("get_enc_ctx_num returned %s\n",
647 if (enc_ctx_num
!= cli
->trans_enc_state
->enc_ctx_num
) {
648 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
650 cli
->trans_enc_state
->enc_ctx_num
));
651 status
= NT_STATUS_INVALID_HANDLE
;
655 status
= common_decrypt_buffer(cli
->trans_enc_state
,
657 if (!NT_STATUS_IS_OK(status
)) {
658 DEBUG(10, ("common_decrypt_buffer returned %s\n",
664 mid
= SVAL(inbuf
, smb_mid
);
665 num_pending
= talloc_array_length(cli
->pending
);
667 for (i
=0; i
<num_pending
; i
++) {
668 if (mid
== cli_smb_req_mid(cli
->pending
[i
])) {
672 if (i
== num_pending
) {
673 /* Dump unexpected reply */
678 oplock_break
= false;
682 * Paranoia checks that this is really an oplock break request.
684 oplock_break
= (smb_len(inbuf
) == 51); /* hdr + 8 words */
685 oplock_break
&= ((CVAL(inbuf
, smb_flg
) & FLAG_REPLY
) == 0);
686 oplock_break
&= (CVAL(inbuf
, smb_com
) == SMBlockingX
);
687 oplock_break
&= (SVAL(inbuf
, smb_vwv6
) == 0);
688 oplock_break
&= (SVAL(inbuf
, smb_vwv7
) == 0);
691 /* Dump unexpected reply */
697 req
= cli
->pending
[i
];
698 state
= tevent_req_data(req
, struct cli_smb_state
);
700 if (!oplock_break
/* oplock breaks are not signed */
701 && !cli_check_sign_mac(cli
, (char *)inbuf
, state
->seqnum
+1)) {
702 DEBUG(10, ("cli_check_sign_mac failed\n"));
704 status
= NT_STATUS_ACCESS_DENIED
;
710 if (state
->chained_requests
== NULL
) {
711 state
->inbuf
= talloc_move(state
, &inbuf
);
712 talloc_set_destructor(req
, NULL
);
713 cli_smb_req_destructor(req
);
714 state
->chain_num
= 0;
715 state
->chain_length
= 1;
716 tevent_req_done(req
);
718 struct tevent_req
**chain
= talloc_move(
719 talloc_tos(), &state
->chained_requests
);
720 int num_chained
= talloc_array_length(chain
);
722 for (i
=0; i
<num_chained
; i
++) {
723 state
= tevent_req_data(chain
[i
], struct
725 state
->inbuf
= inbuf
;
726 state
->chain_num
= i
;
727 state
->chain_length
= num_chained
;
728 tevent_req_done(chain
[i
]);
734 if (talloc_array_length(cli
->pending
) > 0) {
736 * Set up another read request for the other pending cli_smb
739 state
= tevent_req_data(cli
->pending
[0], struct cli_smb_state
);
740 subreq
= read_smb_send(cli
->pending
, state
->ev
, cli
->fd
);
741 if (subreq
== NULL
) {
742 status
= NT_STATUS_NO_MEMORY
;
745 tevent_req_set_callback(subreq
, cli_smb_received
, cli
);
750 * Cancel all pending requests. We don't do a for-loop walking
751 * cli->pending because that array changes in
752 * cli_smb_req_destructor().
754 while (talloc_array_length(cli
->pending
) > 0) {
755 req
= cli
->pending
[0];
756 talloc_set_destructor(req
, NULL
);
757 cli_smb_req_destructor(req
);
758 tevent_req_nterror(req
, status
);
762 NTSTATUS
cli_smb_recv(struct tevent_req
*req
,
763 TALLOC_CTX
*mem_ctx
, uint8_t **pinbuf
,
764 uint8_t min_wct
, uint8_t *pwct
, uint16_t **pvwv
,
765 uint32_t *pnum_bytes
, uint8_t **pbytes
)
767 struct cli_smb_state
*state
= tevent_req_data(
768 req
, struct cli_smb_state
);
769 NTSTATUS status
= NT_STATUS_OK
;
772 size_t wct_ofs
, bytes_offset
;
775 if (tevent_req_is_nterror(req
, &status
)) {
779 if (state
->inbuf
== NULL
) {
780 /* This was a request without a reply */
785 cmd
= CVAL(state
->inbuf
, smb_com
);
787 for (i
=0; i
<state
->chain_num
; i
++) {
788 if (i
< state
->chain_num
-1) {
790 return NT_STATUS_REQUEST_ABORTED
;
792 if (!is_andx_req(cmd
)) {
793 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
797 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
799 * This request was not completed because a previous
800 * request in the chain had received an error.
802 return NT_STATUS_REQUEST_ABORTED
;
805 wct_ofs
= SVAL(state
->inbuf
, wct_ofs
+ 3);
808 * Skip the all-present length field. No overflow, we've just
809 * put a 16-bit value into a size_t.
813 if (wct_ofs
+2 > talloc_get_size(state
->inbuf
)) {
814 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
817 cmd
= CVAL(state
->inbuf
, wct_ofs
+ 1);
820 status
= cli_pull_error((char *)state
->inbuf
);
822 if (!have_andx_command((char *)state
->inbuf
, wct_ofs
)) {
824 if ((cmd
== SMBsesssetupX
)
826 status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
828 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
829 * valid return code for session setup
834 if (NT_STATUS_IS_ERR(status
)) {
836 * The last command takes the error code. All
837 * further commands down the requested chain
838 * will get a NT_STATUS_REQUEST_ABORTED.
846 wct
= CVAL(state
->inbuf
, wct_ofs
);
847 bytes_offset
= wct_ofs
+ 1 + wct
* sizeof(uint16_t);
848 num_bytes
= SVAL(state
->inbuf
, bytes_offset
);
851 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
855 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
856 * is a 16-bit value. So bytes_offset being size_t should be far from
859 if ((bytes_offset
+ 2 > talloc_get_size(state
->inbuf
))
860 || (bytes_offset
> 0xffff)) {
861 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
868 *pvwv
= (uint16_t *)(state
->inbuf
+ wct_ofs
+ 1);
870 if (pnum_bytes
!= NULL
) {
871 *pnum_bytes
= num_bytes
;
873 if (pbytes
!= NULL
) {
874 *pbytes
= (uint8_t *)state
->inbuf
+ bytes_offset
+ 2;
876 if ((mem_ctx
!= NULL
) && (pinbuf
!= NULL
)) {
877 if (state
->chain_num
== state
->chain_length
-1) {
878 *pinbuf
= talloc_move(mem_ctx
, &state
->inbuf
);
880 *pinbuf
= state
->inbuf
;
887 size_t cli_smb_wct_ofs(struct tevent_req
**reqs
, int num_reqs
)
892 wct_ofs
= smb_wct
- 4;
894 for (i
=0; i
<num_reqs
; i
++) {
895 struct cli_smb_state
*state
;
896 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
897 wct_ofs
+= iov_len(state
->iov
+1, state
->iov_count
-1);
898 wct_ofs
= (wct_ofs
+ 3) & ~3;
903 NTSTATUS
cli_smb_chain_send(struct tevent_req
**reqs
, int num_reqs
)
905 struct cli_smb_state
*first_state
= tevent_req_data(
906 reqs
[0], struct cli_smb_state
);
907 struct cli_smb_state
*last_state
= tevent_req_data(
908 reqs
[num_reqs
-1], struct cli_smb_state
);
909 struct cli_smb_state
*state
;
911 size_t chain_padding
= 0;
913 struct iovec
*iov
= NULL
;
914 struct iovec
*this_iov
;
918 for (i
=0; i
<num_reqs
; i
++) {
919 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
920 iovlen
+= state
->iov_count
;
923 iov
= talloc_array(last_state
, struct iovec
, iovlen
);
925 return NT_STATUS_NO_MEMORY
;
928 first_state
->chained_requests
= (struct tevent_req
**)talloc_memdup(
929 last_state
, reqs
, sizeof(*reqs
) * num_reqs
);
930 if (first_state
->chained_requests
== NULL
) {
932 return NT_STATUS_NO_MEMORY
;
935 wct_offset
= smb_wct
- 4;
938 for (i
=0; i
<num_reqs
; i
++) {
939 size_t next_padding
= 0;
942 state
= tevent_req_data(reqs
[i
], struct cli_smb_state
);
944 if (i
< num_reqs
-1) {
945 if (!is_andx_req(CVAL(state
->header
, smb_com
))
946 || CVAL(state
->header
, smb_wct
) < 2) {
948 TALLOC_FREE(first_state
->chained_requests
);
949 return NT_STATUS_INVALID_PARAMETER
;
953 wct_offset
+= iov_len(state
->iov
+1, state
->iov_count
-1) + 1;
954 if ((wct_offset
% 4) != 0) {
955 next_padding
= 4 - (wct_offset
% 4);
957 wct_offset
+= next_padding
;
960 if (i
< num_reqs
-1) {
961 struct cli_smb_state
*next_state
= tevent_req_data(
962 reqs
[i
+1], struct cli_smb_state
);
963 SCVAL(vwv
+0, 0, CVAL(next_state
->header
, smb_com
));
965 SSVAL(vwv
+1, 0, wct_offset
);
966 } else if (is_andx_req(CVAL(state
->header
, smb_com
))) {
967 /* properly end the chain */
968 SCVAL(vwv
+0, 0, 0xff);
969 SCVAL(vwv
+0, 1, 0xff);
974 this_iov
[0] = state
->iov
[0];
977 * This one is a bit subtle. We have to add
978 * chain_padding bytes between the requests, and we
979 * have to also include the wct field of the
980 * subsequent requests. We use the subsequent header
981 * for the padding, it contains the wct field in its
984 this_iov
[0].iov_len
= chain_padding
+1;
985 this_iov
[0].iov_base
= (void *)&state
->header
[
986 sizeof(state
->header
) - this_iov
[0].iov_len
];
987 memset(this_iov
[0].iov_base
, 0, this_iov
[0].iov_len
-1);
989 memcpy(this_iov
+1, state
->iov
+1,
990 sizeof(struct iovec
) * (state
->iov_count
-1));
991 this_iov
+= state
->iov_count
;
992 chain_padding
= next_padding
;
995 status
= cli_smb_req_iov_send(reqs
[0], last_state
, iov
, iovlen
);
996 if (!NT_STATUS_IS_OK(status
)) {
998 TALLOC_FREE(first_state
->chained_requests
);
1002 return NT_STATUS_OK
;
1005 uint8_t *cli_smb_inbuf(struct tevent_req
*req
)
1007 struct cli_smb_state
*state
= tevent_req_data(
1008 req
, struct cli_smb_state
);
1009 return state
->inbuf
;
1012 bool cli_has_async_calls(struct cli_state
*cli
)
1014 return ((tevent_queue_length(cli
->outgoing
) != 0)
1015 || (talloc_array_length(cli
->pending
) != 0));
1018 struct cli_smb_oplock_break_waiter_state
{
1023 static void cli_smb_oplock_break_waiter_done(struct tevent_req
*subreq
);
1025 struct tevent_req
*cli_smb_oplock_break_waiter_send(TALLOC_CTX
*mem_ctx
,
1026 struct event_context
*ev
,
1027 struct cli_state
*cli
)
1029 struct tevent_req
*req
, *subreq
;
1030 struct cli_smb_oplock_break_waiter_state
*state
;
1031 struct cli_smb_state
*smb_state
;
1033 req
= tevent_req_create(mem_ctx
, &state
,
1034 struct cli_smb_oplock_break_waiter_state
);
1040 * Create a fake SMB request that we will never send out. This is only
1041 * used to be set into the pending queue with the right mid.
1043 subreq
= cli_smb_req_create(mem_ctx
, ev
, cli
, 0, 0, 0, NULL
, 0, NULL
);
1044 if (tevent_req_nomem(subreq
, req
)) {
1045 return tevent_req_post(req
, ev
);
1047 smb_state
= tevent_req_data(subreq
, struct cli_smb_state
);
1048 SSVAL(smb_state
->header
, smb_mid
, 0xffff);
1050 if (!cli_smb_req_set_pending(subreq
)) {
1051 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
1052 return tevent_req_post(req
, ev
);
1054 tevent_req_set_callback(subreq
, cli_smb_oplock_break_waiter_done
, req
);
1058 static void cli_smb_oplock_break_waiter_done(struct tevent_req
*subreq
)
1060 struct tevent_req
*req
= tevent_req_callback_data(
1061 subreq
, struct tevent_req
);
1062 struct cli_smb_oplock_break_waiter_state
*state
= tevent_req_data(
1063 req
, struct cli_smb_oplock_break_waiter_state
);
1071 status
= cli_smb_recv(subreq
, state
, &inbuf
, 8, &wct
, &vwv
,
1072 &num_bytes
, &bytes
);
1073 TALLOC_FREE(subreq
);
1074 if (!NT_STATUS_IS_OK(status
)) {
1075 tevent_req_nterror(req
, status
);
1078 state
->fnum
= SVAL(vwv
+2, 0);
1079 state
->level
= CVAL(vwv
+3, 1);
1080 tevent_req_done(req
);
1083 NTSTATUS
cli_smb_oplock_break_waiter_recv(struct tevent_req
*req
,
1087 struct cli_smb_oplock_break_waiter_state
*state
= tevent_req_data(
1088 req
, struct cli_smb_oplock_break_waiter_state
);
1091 if (tevent_req_is_nterror(req
, &status
)) {
1094 *pfnum
= state
->fnum
;
1095 *plevel
= state
->level
;
1096 return NT_STATUS_OK
;
1100 struct cli_session_request_state
{
1101 struct tevent_context
*ev
;
1104 struct iovec iov
[3];
1105 uint8_t nb_session_response
;
1108 static void cli_session_request_sent(struct tevent_req
*subreq
);
1109 static void cli_session_request_recvd(struct tevent_req
*subreq
);
1111 struct tevent_req
*cli_session_request_send(TALLOC_CTX
*mem_ctx
,
1112 struct tevent_context
*ev
,
1114 const struct nmb_name
*called
,
1115 const struct nmb_name
*calling
)
1117 struct tevent_req
*req
, *subreq
;
1118 struct cli_session_request_state
*state
;
1120 req
= tevent_req_create(mem_ctx
, &state
,
1121 struct cli_session_request_state
);
1128 state
->iov
[1].iov_base
= name_mangle(
1129 state
, called
->name
, called
->name_type
);
1130 if (tevent_req_nomem(state
->iov
[1].iov_base
, req
)) {
1131 return tevent_req_post(req
, ev
);
1133 state
->iov
[1].iov_len
= name_len(
1134 (unsigned char *)state
->iov
[1].iov_base
,
1135 talloc_get_size(state
->iov
[1].iov_base
));
1137 state
->iov
[2].iov_base
= name_mangle(
1138 state
, calling
->name
, calling
->name_type
);
1139 if (tevent_req_nomem(state
->iov
[2].iov_base
, req
)) {
1140 return tevent_req_post(req
, ev
);
1142 state
->iov
[2].iov_len
= name_len(
1143 (unsigned char *)state
->iov
[2].iov_base
,
1144 talloc_get_size(state
->iov
[2].iov_base
));
1146 _smb_setlen(((char *)&state
->len_hdr
),
1147 state
->iov
[1].iov_len
+ state
->iov
[2].iov_len
);
1148 SCVAL((char *)&state
->len_hdr
, 0, 0x81);
1150 state
->iov
[0].iov_base
= &state
->len_hdr
;
1151 state
->iov
[0].iov_len
= sizeof(state
->len_hdr
);
1153 subreq
= writev_send(state
, ev
, NULL
, sock
, true, state
->iov
, 3);
1154 if (tevent_req_nomem(subreq
, req
)) {
1155 return tevent_req_post(req
, ev
);
1157 tevent_req_set_callback(subreq
, cli_session_request_sent
, req
);
1161 static void cli_session_request_sent(struct tevent_req
*subreq
)
1163 struct tevent_req
*req
= tevent_req_callback_data(
1164 subreq
, struct tevent_req
);
1165 struct cli_session_request_state
*state
= tevent_req_data(
1166 req
, struct cli_session_request_state
);
1170 ret
= writev_recv(subreq
, &err
);
1171 TALLOC_FREE(subreq
);
1173 tevent_req_error(req
, err
);
1176 subreq
= read_smb_send(state
, state
->ev
, state
->sock
);
1177 if (tevent_req_nomem(subreq
, req
)) {
1180 tevent_req_set_callback(subreq
, cli_session_request_recvd
, req
);
1183 static void cli_session_request_recvd(struct tevent_req
*subreq
)
1185 struct tevent_req
*req
= tevent_req_callback_data(
1186 subreq
, struct tevent_req
);
1187 struct cli_session_request_state
*state
= tevent_req_data(
1188 req
, struct cli_session_request_state
);
1193 ret
= read_smb_recv(subreq
, talloc_tos(), &buf
, &err
);
1194 TALLOC_FREE(subreq
);
1201 tevent_req_error(req
, err
);
1205 * In case of an error there is more information in the data
1206 * portion according to RFC1002. We're not subtle enough to
1207 * respond to the different error conditions, so drop the
1210 state
->nb_session_response
= CVAL(buf
, 0);
1211 tevent_req_done(req
);
1214 bool cli_session_request_recv(struct tevent_req
*req
, int *err
, uint8_t *resp
)
1216 struct cli_session_request_state
*state
= tevent_req_data(
1217 req
, struct cli_session_request_state
);
1219 if (tevent_req_is_unix_error(req
, err
)) {
1222 *resp
= state
->nb_session_response
;