2 Unix SMB/CIFS implementation.
3 SMB client generic functions
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Jeremy Allison 2007.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smb_signing.h"
24 /*******************************************************************
25 Setup the word count and byte count for a client smb message.
26 ********************************************************************/
28 int cli_set_message(char *buf,int num_words,int num_bytes,bool zero)
30 if (zero && (num_words || num_bytes)) {
31 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
33 SCVAL(buf,smb_wct,num_words);
34 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
35 smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
36 return (smb_size + num_words*2 + num_bytes);
39 /****************************************************************************
40 Change the timeout (in milliseconds).
41 ****************************************************************************/
43 unsigned int cli_set_timeout(struct cli_state *cli, unsigned int timeout)
45 unsigned int old_timeout = cli->timeout;
46 cli->timeout = timeout;
50 /****************************************************************************
51 Change the port number used to call on.
52 ****************************************************************************/
54 void cli_set_port(struct cli_state *cli, int port)
59 /****************************************************************************
60 convenience routine to find if we negotiated ucs2
61 ****************************************************************************/
63 bool cli_ucs2(struct cli_state *cli)
65 return ((cli->capabilities & CAP_UNICODE) != 0);
69 /****************************************************************************
70 Read an smb from a fd ignoring all keepalive packets.
71 The timeout is in milliseconds
73 This is exactly the same as receive_smb except that it never returns
74 a session keepalive packet (just as receive_smb used to do).
75 receive_smb was changed to return keepalives as the oplock processing means this call
76 should never go into a blocking read.
77 ****************************************************************************/
79 static ssize_t client_receive_smb(struct cli_state *cli, size_t maxlen)
86 set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
88 status = receive_smb_raw(cli->fd, cli->inbuf, cli->bufsize,
89 cli->timeout, maxlen, &len);
90 if (!NT_STATUS_IS_OK(status)) {
91 DEBUG(10,("client_receive_smb failed\n"));
94 if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
95 set_smb_read_error(&cli->smb_rw_error,
100 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
101 set_smb_read_error(&cli->smb_rw_error,
106 set_smb_read_error(&cli->smb_rw_error, SMB_READ_ERROR);
111 * I don't believe len can be < 0 with NT_STATUS_OK
112 * returned above, but this check doesn't hurt. JRA.
115 if ((ssize_t)len < 0) {
119 /* Ignore session keepalive packets. */
120 if(CVAL(cli->inbuf,0) != SMBkeepalive) {
125 if (cli_encryption_on(cli)) {
126 NTSTATUS status = cli_decrypt_message(cli);
127 if (!NT_STATUS_IS_OK(status)) {
128 DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
130 cli->smb_rw_error = SMB_READ_BAD_DECRYPT;
135 show_msg(cli->inbuf);
139 static bool cli_state_set_seqnum(struct cli_state *cli, uint16_t mid, uint32_t seqnum)
141 struct cli_state_seqnum *c;
143 for (c = cli->seqnum; c; c = c->next) {
150 c = talloc_zero(cli, struct cli_state_seqnum);
157 c->persistent = false;
158 DLIST_ADD_END(cli->seqnum, c, struct cli_state_seqnum *);
163 bool cli_state_seqnum_persistent(struct cli_state *cli,
166 struct cli_state_seqnum *c;
168 for (c = cli->seqnum; c; c = c->next) {
170 c->persistent = true;
178 bool cli_state_seqnum_remove(struct cli_state *cli,
181 struct cli_state_seqnum *c;
183 for (c = cli->seqnum; c; c = c->next) {
185 DLIST_REMOVE(cli->seqnum, c);
194 static uint32_t cli_state_get_seqnum(struct cli_state *cli, uint16_t mid)
196 struct cli_state_seqnum *c;
198 for (c = cli->seqnum; c; c = c->next) {
200 uint32_t seqnum = c->seqnum;
201 if (!c->persistent) {
202 DLIST_REMOVE(cli->seqnum, c);
212 /****************************************************************************
214 ****************************************************************************/
216 bool cli_receive_smb(struct cli_state *cli)
222 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
227 len = client_receive_smb(cli, 0);
230 /* it might be an oplock break request */
231 if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) &&
232 CVAL(cli->inbuf,smb_com) == SMBlockingX &&
233 SVAL(cli->inbuf,smb_vwv6) == 0 &&
234 SVAL(cli->inbuf,smb_vwv7) == 0) {
235 if (cli->oplock_handler) {
236 int fnum = SVAL(cli->inbuf,smb_vwv2);
237 unsigned char level = CVAL(cli->inbuf,smb_vwv3+1);
238 if (!NT_STATUS_IS_OK(cli->oplock_handler(cli, fnum, level))) {
242 /* try to prevent loops */
243 SCVAL(cli->inbuf,smb_com,0xFF);
248 /* If the server is not responding, note that now */
250 char addr[INET6_ADDRSTRLEN];
252 print_sockaddr(addr, sizeof(addr), &cli->dest_ss);
253 DEBUG(0, ("Receiving SMB: Server %s stopped responding\n",
260 mid = SVAL(cli->inbuf,smb_mid);
261 seqnum = cli_state_get_seqnum(cli, mid);
263 if (!cli_check_sign_mac(cli, cli->inbuf, seqnum+1)) {
265 * If we get a signature failure in sessionsetup, then
266 * the server sometimes just reflects the sent signature
267 * back to us. Detect this and allow the upper layer to
268 * retrieve the correct Windows error message.
270 if (CVAL(cli->outbuf,smb_com) == SMBsesssetupX &&
271 (smb_len(cli->inbuf) > (smb_ss_field + 8 - 4)) &&
272 (SVAL(cli->inbuf,smb_flg2) & FLAGS2_SMB_SECURITY_SIGNATURES) &&
273 memcmp(&cli->outbuf[smb_ss_field],&cli->inbuf[smb_ss_field],8) == 0 &&
277 * Reflected signature on login error.
278 * Set bad sig but don't close fd.
280 cli->smb_rw_error = SMB_READ_BAD_SIG;
284 DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
285 cli->smb_rw_error = SMB_READ_BAD_SIG;
293 static ssize_t write_socket(int fd, const char *buf, size_t len)
297 DEBUG(6,("write_socket(%d,%d)\n",fd,(int)len));
298 ret = write_data(fd,buf,len);
300 DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,(int)len,(int)ret));
302 DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n",
303 (int)len, fd, strerror(errno) ));
308 /****************************************************************************
310 ****************************************************************************/
312 bool cli_send_smb(struct cli_state *cli)
317 char *buf_out = cli->outbuf;
318 bool enc_on = cli_encryption_on(cli);
321 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
325 cli_calculate_sign_mac(cli, cli->outbuf, &seqnum);
327 if (!cli_state_set_seqnum(cli, cli->mid, seqnum)) {
328 DEBUG(0,("Failed to store mid[%u]/seqnum[%u]\n",
329 (unsigned int)cli->mid,
330 (unsigned int)seqnum));
335 NTSTATUS status = cli_encrypt_message(cli, cli->outbuf,
337 if (!NT_STATUS_IS_OK(status)) {
340 cli->smb_rw_error = SMB_WRITE_ERROR;
341 DEBUG(0,("Error in encrypting client message. Error %s\n",
342 nt_errstr(status) ));
347 len = smb_len(buf_out) + 4;
349 while (nwritten < len) {
350 ret = write_socket(cli->fd,buf_out+nwritten,len - nwritten);
353 cli_free_enc_buffer(cli, buf_out);
357 cli->smb_rw_error = SMB_WRITE_ERROR;
358 DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",
359 (int)len,(int)ret, strerror(errno) ));
366 cli_free_enc_buffer(cli, buf_out);
369 /* Increment the mid so we can tell between responses. */
376 /****************************************************************************
377 Send a "direct" writeX smb to a fd.
378 ****************************************************************************/
380 bool cli_send_smb_direct_writeX(struct cli_state *cli,
384 /* First length to send is the offset to the data. */
385 size_t len = SVAL(cli->outbuf,smb_vwv11) + 4;
389 /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
394 if (client_is_signing_on(cli)) {
395 DEBUG(0,("cli_send_smb_large: cannot send signed packet.\n"));
399 iov[0].iov_base = (void *)cli->outbuf;
400 iov[0].iov_len = len;
401 iov[1].iov_base = CONST_DISCARD(void *, p);
402 iov[1].iov_len = extradata;
404 nwritten = write_data_iov(cli->fd, iov, 2);
405 if (nwritten < (len + extradata)) {
408 cli->smb_rw_error = SMB_WRITE_ERROR;
409 DEBUG(0,("Error writing %d bytes to client. (%s)\n",
410 (int)(len+extradata), strerror(errno)));
414 /* Increment the mid so we can tell between responses. */
421 /****************************************************************************
422 Setup basics in a outgoing packet.
423 ****************************************************************************/
425 void cli_setup_packet_buf(struct cli_state *cli, char *buf)
429 SIVAL(buf,smb_rcls,0);
430 SSVAL(buf,smb_pid,cli->pid);
431 memset(buf+smb_pidhigh, 0, 12);
432 SSVAL(buf,smb_uid,cli->vuid);
433 SSVAL(buf,smb_mid,cli->mid);
435 if (cli->protocol <= PROTOCOL_CORE) {
439 if (cli->case_sensitive) {
440 SCVAL(buf,smb_flg,0x0);
442 /* Default setting, case insensitive. */
443 SCVAL(buf,smb_flg,0x8);
445 flags2 = FLAGS2_LONG_PATH_COMPONENTS;
446 if (cli->capabilities & CAP_UNICODE)
447 flags2 |= FLAGS2_UNICODE_STRINGS;
448 if ((cli->capabilities & CAP_DFS) && cli->dfsroot)
449 flags2 |= FLAGS2_DFS_PATHNAMES;
450 if (cli->capabilities & CAP_STATUS32)
451 flags2 |= FLAGS2_32_BIT_ERROR_CODES;
453 flags2 |= FLAGS2_EXTENDED_SECURITY;
454 SSVAL(buf,smb_flg2, flags2);
457 void cli_setup_packet(struct cli_state *cli)
459 cli_setup_packet_buf(cli, cli->outbuf);
462 /****************************************************************************
463 Setup the bcc length of the packet from a pointer to the end of the data.
464 ****************************************************************************/
466 void cli_setup_bcc(struct cli_state *cli, void *p)
468 set_message_bcc(cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf)));
471 /****************************************************************************
472 Initialize Domain, user or password.
473 ****************************************************************************/
475 NTSTATUS cli_set_domain(struct cli_state *cli, const char *domain)
477 TALLOC_FREE(cli->domain);
478 cli->domain = talloc_strdup(cli, domain ? domain : "");
479 if (cli->domain == NULL) {
480 return NT_STATUS_NO_MEMORY;
485 NTSTATUS cli_set_username(struct cli_state *cli, const char *username)
487 TALLOC_FREE(cli->user_name);
488 cli->user_name = talloc_strdup(cli, username ? username : "");
489 if (cli->user_name == NULL) {
490 return NT_STATUS_NO_MEMORY;
495 NTSTATUS cli_set_password(struct cli_state *cli, const char *password)
497 TALLOC_FREE(cli->password);
499 /* Password can be NULL. */
501 cli->password = talloc_strdup(cli, password);
502 if (cli->password == NULL) {
503 return NT_STATUS_NO_MEMORY;
506 /* Use zero NTLMSSP hashes and session key. */
507 cli->password = NULL;
513 /****************************************************************************
514 Initialise credentials of a client structure.
515 ****************************************************************************/
517 NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password)
519 NTSTATUS status = cli_set_username(cli, username);
520 if (!NT_STATUS_IS_OK(status)) {
523 status = cli_set_domain(cli, domain);
524 if (!NT_STATUS_IS_OK(status)) {
527 DEBUG(10,("cli_init_creds: user %s domain %s\n", cli->user_name, cli->domain));
529 return cli_set_password(cli, password);
532 /****************************************************************************
533 Initialise a client structure. Always returns a talloc'ed struct.
534 Set the signing state (used from the command line).
535 ****************************************************************************/
537 struct cli_state *cli_initialise_ex(int signing_state)
539 struct cli_state *cli = NULL;
540 bool allow_smb_signing = false;
541 bool mandatory_signing = false;
543 /* Check the effective uid - make sure we are not setuid */
544 if (is_setuid_root()) {
545 DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
549 cli = TALLOC_ZERO_P(NULL, struct cli_state);
554 cli->dfs_mountpoint = talloc_strdup(cli, "");
555 if (!cli->dfs_mountpoint) {
561 cli->pid = (uint16)sys_getpid();
563 cli->vuid = UID_FIELD_INVALID;
564 cli->protocol = PROTOCOL_NT1;
565 cli->timeout = 20000; /* Timeout is in milliseconds. */
566 cli->bufsize = CLI_BUFFER_SIZE+4;
567 cli->max_xmit = cli->bufsize;
568 cli->outbuf = (char *)SMB_MALLOC(cli->bufsize+SAFETY_MARGIN);
570 cli->inbuf = (char *)SMB_MALLOC(cli->bufsize+SAFETY_MARGIN);
571 cli->oplock_handler = cli_oplock_ack;
572 cli->case_sensitive = false;
573 cli->smb_rw_error = SMB_READ_OK;
575 cli->use_spnego = lp_client_use_spnego();
577 cli->capabilities = CAP_UNICODE | CAP_STATUS32 | CAP_DFS;
579 /* Set the CLI_FORCE_DOSERR environment variable to test
580 client routines using DOS errors instead of STATUS32
581 ones. This intended only as a temporary hack. */
582 if (getenv("CLI_FORCE_DOSERR"))
583 cli->force_dos_errors = true;
585 if (lp_client_signing()) {
586 allow_smb_signing = true;
589 if (lp_client_signing() == Required) {
590 mandatory_signing = true;
593 if (signing_state != Undefined) {
594 allow_smb_signing = true;
597 if (signing_state == false) {
598 allow_smb_signing = false;
599 mandatory_signing = false;
602 if (signing_state == Required) {
603 mandatory_signing = true;
606 if (!cli->outbuf || !cli->inbuf)
609 memset(cli->outbuf, 0, cli->bufsize);
610 memset(cli->inbuf, 0, cli->bufsize);
613 #if defined(DEVELOPER)
614 /* just because we over-allocate, doesn't mean it's right to use it */
615 clobber_region(FUNCTION_MACRO, __LINE__, cli->outbuf+cli->bufsize, SAFETY_MARGIN);
616 clobber_region(FUNCTION_MACRO, __LINE__, cli->inbuf+cli->bufsize, SAFETY_MARGIN);
619 /* initialise signing */
620 cli->signing_state = smb_signing_init(cli,
623 if (!cli->signing_state) {
627 cli->outgoing = tevent_queue_create(cli, "cli_outgoing");
628 if (cli->outgoing == NULL) {
633 cli->initialised = 1;
637 /* Clean up after malloc() error */
641 SAFE_FREE(cli->inbuf);
642 SAFE_FREE(cli->outbuf);
647 struct cli_state *cli_initialise(void)
649 return cli_initialise_ex(Undefined);
652 /****************************************************************************
653 Close all pipes open on this session.
654 ****************************************************************************/
656 void cli_nt_pipes_close(struct cli_state *cli)
658 while (cli->pipe_list != NULL) {
660 * No TALLOC_FREE here!
662 talloc_free(cli->pipe_list);
666 /****************************************************************************
667 Shutdown a client structure.
668 ****************************************************************************/
670 static void _cli_shutdown(struct cli_state *cli)
672 cli_nt_pipes_close(cli);
675 * tell our peer to free his resources. Wihtout this, when an
676 * application attempts to do a graceful shutdown and calls
677 * smbc_free_context() to clean up all connections, some connections
678 * can remain active on the peer end, until some (long) timeout period
679 * later. This tree disconnect forces the peer to clean up, since the
680 * connection will be going away.
682 * Also, do not do tree disconnect when cli->smb_rw_error is SMB_DO_NOT_DO_TDIS
683 * the only user for this so far is smbmount which passes opened connection
684 * down to kernel's smbfs module.
686 if ( (cli->cnum != (uint16)-1) && (cli->smb_rw_error != SMB_DO_NOT_DO_TDIS ) ) {
690 SAFE_FREE(cli->outbuf);
691 SAFE_FREE(cli->inbuf);
693 data_blob_free(&cli->secblob);
694 data_blob_free(&cli->user_session_key);
700 cli->smb_rw_error = SMB_READ_OK;
703 * Need to free pending first, they remove themselves
705 while (cli->pending) {
706 talloc_free(cli->pending[0]);
711 void cli_shutdown(struct cli_state *cli)
713 struct cli_state *cli_head;
717 DLIST_HEAD(cli, cli_head);
718 if (cli_head == cli) {
720 * head of a DFS list, shutdown all subsidiary DFS
723 struct cli_state *p, *next;
725 for (p = cli_head->next; p; p = next) {
727 DLIST_REMOVE(cli_head, p);
731 DLIST_REMOVE(cli_head, cli);
737 /****************************************************************************
738 Set socket options on a open connection.
739 ****************************************************************************/
741 void cli_sockopt(struct cli_state *cli, const char *options)
743 set_socket_options(cli->fd, options);
746 /****************************************************************************
747 Set the PID to use for smb messages. Return the old pid.
748 ****************************************************************************/
750 uint16 cli_setpid(struct cli_state *cli, uint16 pid)
752 uint16 ret = cli->pid;
757 /****************************************************************************
758 Set the case sensitivity flag on the packets. Returns old state.
759 ****************************************************************************/
761 bool cli_set_case_sensitive(struct cli_state *cli, bool case_sensitive)
763 bool ret = cli->case_sensitive;
764 cli->case_sensitive = case_sensitive;
768 /****************************************************************************
769 Send a keepalive packet to the server
770 ****************************************************************************/
772 bool cli_send_keepalive(struct cli_state *cli)
775 DEBUG(3, ("cli_send_keepalive: fd == -1\n"));
778 if (!send_keepalive(cli->fd)) {
781 DEBUG(0,("Error sending keepalive packet to client.\n"));
787 struct cli_echo_state {
793 static void cli_echo_done(struct tevent_req *subreq);
795 struct tevent_req *cli_echo_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
796 struct cli_state *cli, uint16_t num_echos,
799 struct tevent_req *req, *subreq;
800 struct cli_echo_state *state;
802 req = tevent_req_create(mem_ctx, &state, struct cli_echo_state);
806 SSVAL(state->vwv, 0, num_echos);
808 state->num_echos = num_echos;
810 subreq = cli_smb_send(state, ev, cli, SMBecho, 0, 1, state->vwv,
811 data.length, data.data);
812 if (subreq == NULL) {
815 tevent_req_set_callback(subreq, cli_echo_done, req);
822 static void cli_echo_done(struct tevent_req *subreq)
824 struct tevent_req *req = tevent_req_callback_data(
825 subreq, struct tevent_req);
826 struct cli_echo_state *state = tevent_req_data(
827 req, struct cli_echo_state);
833 status = cli_smb_recv(subreq, state, &inbuf, 0, NULL, NULL,
835 if (!NT_STATUS_IS_OK(status)) {
836 tevent_req_nterror(req, status);
839 if ((num_bytes != state->data.length)
840 || (memcmp(bytes, state->data.data, num_bytes) != 0)) {
841 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
845 state->num_echos -=1;
846 if (state->num_echos == 0) {
847 tevent_req_done(req);
851 if (!cli_smb_req_set_pending(subreq)) {
852 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
858 * Get the result out from an echo request
859 * @param[in] req The async_req from cli_echo_send
860 * @retval Did the server reply correctly?
863 NTSTATUS cli_echo_recv(struct tevent_req *req)
865 return tevent_req_simple_recv_ntstatus(req);
869 * @brief Send/Receive SMBEcho requests
870 * @param[in] mem_ctx The memory context to put the async_req on
871 * @param[in] ev The event context that will call us back
872 * @param[in] cli The connection to send the echo to
873 * @param[in] num_echos How many times do we want to get the reply?
874 * @param[in] data The data we want to get back
875 * @retval Did the server reply correctly?
878 NTSTATUS cli_echo(struct cli_state *cli, uint16_t num_echos, DATA_BLOB data)
880 TALLOC_CTX *frame = talloc_stackframe();
881 struct event_context *ev;
882 struct tevent_req *req;
883 NTSTATUS status = NT_STATUS_OK;
885 if (cli_has_async_calls(cli)) {
887 * Can't use sync call while an async call is in flight
889 status = NT_STATUS_INVALID_PARAMETER;
893 ev = event_context_init(frame);
895 status = NT_STATUS_NO_MEMORY;
899 req = cli_echo_send(frame, ev, cli, num_echos, data);
901 status = NT_STATUS_NO_MEMORY;
905 if (!tevent_req_poll(req, ev)) {
906 status = map_nt_error_from_unix(errno);
910 status = cli_echo_recv(req);
913 if (!NT_STATUS_IS_OK(status)) {
914 cli_set_error(cli, status);
920 * Is the SMB command able to hold an AND_X successor
921 * @param[in] cmd The SMB command in question
922 * @retval Can we add a chained request after "cmd"?
924 bool is_andx_req(uint8_t cmd)
944 NTSTATUS cli_smb(TALLOC_CTX *mem_ctx, struct cli_state *cli,
945 uint8_t smb_command, uint8_t additional_flags,
946 uint8_t wct, uint16_t *vwv,
947 uint32_t num_bytes, const uint8_t *bytes,
948 struct tevent_req **result_parent,
949 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
950 uint32_t *pnum_bytes, uint8_t **pbytes)
952 struct tevent_context *ev;
953 struct tevent_req *req = NULL;
954 NTSTATUS status = NT_STATUS_NO_MEMORY;
956 if (cli_has_async_calls(cli)) {
957 return NT_STATUS_INVALID_PARAMETER;
959 ev = tevent_context_init(mem_ctx);
963 req = cli_smb_send(mem_ctx, ev, cli, smb_command, additional_flags,
964 wct, vwv, num_bytes, bytes);
968 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
971 status = cli_smb_recv(req, NULL, NULL, min_wct, pwct, pvwv,
975 if (NT_STATUS_IS_OK(status)) {
976 *result_parent = req;