2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5 Copyright (C) Stefan Metzmacher 2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/network.h"
23 #include "../lib/async_req/async_sock.h"
24 #include "../lib/util/tevent_ntstatus.h"
25 #include "../lib/util/tevent_unix.h"
26 #include "lib/util/util_net.h"
27 #include "../libcli/smb/smb_common.h"
28 #include "../libcli/smb/smb_seal.h"
29 #include "../libcli/smb/smb_signing.h"
30 #include "../libcli/smb/read_smb.h"
31 #include "smbXcli_base.h"
32 #include "librpc/ndr/libndr.h"
36 struct sockaddr_storage local_ss;
37 struct sockaddr_storage remote_ss;
38 const char *remote_name;
40 struct tevent_queue *outgoing;
41 struct tevent_req **pending;
42 struct tevent_req *read_smb_req;
44 enum protocol_types protocol;
47 bool mandatory_signing;
50 * The incoming dispatch function should return:
51 * - NT_STATUS_RETRY, if more incoming PDUs are expected.
52 * - NT_STATUS_OK, if no more processing is desired, e.g.
53 * the dispatch function called
55 * - All other return values disconnect the connection.
57 NTSTATUS (*dispatch_incoming)(struct smbXcli_conn *conn,
63 uint32_t capabilities;
68 uint32_t capabilities;
71 uint16_t security_mode;
80 const char *workgroup;
85 uint32_t capabilities;
90 struct smb_signing_state *signing;
91 struct smb_trans_enc_state *trans_enc;
96 uint16_t security_mode;
100 uint32_t capabilities;
101 uint16_t security_mode;
103 uint32_t max_trans_size;
104 uint32_t max_read_size;
105 uint32_t max_write_size;
115 struct smbXcli_req_state {
116 struct tevent_context *ev;
117 struct smbXcli_conn *conn;
119 uint8_t length_hdr[4];
126 /* Space for the header including the wct */
127 uint8_t hdr[HDR_VWV];
130 * For normal requests, smb1cli_req_send chooses a mid.
131 * SecondaryV trans requests need to use the mid of the primary
132 * request, so we need a place to store it.
133 * Assume it is set if != 0.
138 uint8_t bytecount_buf[2];
140 #define MAX_SMB_IOV 5
141 /* length_hdr, hdr, words, byte_count, buffers */
142 struct iovec iov[1 + 3 + MAX_SMB_IOV];
148 struct tevent_req **chained_requests;
151 NTSTATUS recv_status;
152 /* always an array of 3 talloc elements */
153 struct iovec *recv_iov;
157 const uint8_t *fixed;
163 uint8_t pad[7]; /* padding space for compounding */
165 /* always an array of 3 talloc elements */
166 struct iovec *recv_iov;
170 static int smbXcli_conn_destructor(struct smbXcli_conn *conn)
173 * NT_STATUS_OK, means we do not notify the callers
175 smbXcli_conn_disconnect(conn, NT_STATUS_OK);
177 if (conn->smb1.trans_enc) {
178 common_free_encryption_state(&conn->smb1.trans_enc);
184 struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
186 const char *remote_name,
187 enum smb_signing_setting signing_state,
188 uint32_t smb1_capabilities)
190 struct smbXcli_conn *conn = NULL;
192 struct sockaddr *sa = NULL;
196 conn = talloc_zero(mem_ctx, struct smbXcli_conn);
201 conn->remote_name = talloc_strdup(conn, remote_name);
202 if (conn->remote_name == NULL) {
208 ss = (void *)&conn->local_ss;
209 sa = (struct sockaddr *)ss;
210 sa_length = sizeof(conn->local_ss);
211 ret = getsockname(fd, sa, &sa_length);
215 ss = (void *)&conn->remote_ss;
216 sa = (struct sockaddr *)ss;
217 sa_length = sizeof(conn->remote_ss);
218 ret = getpeername(fd, sa, &sa_length);
223 conn->outgoing = tevent_queue_create(conn, "smbXcli_outgoing");
224 if (conn->outgoing == NULL) {
227 conn->pending = NULL;
229 conn->protocol = PROTOCOL_NONE;
231 switch (signing_state) {
232 case SMB_SIGNING_OFF:
234 conn->allow_signing = false;
235 conn->desire_signing = false;
236 conn->mandatory_signing = false;
238 case SMB_SIGNING_DEFAULT:
239 case SMB_SIGNING_IF_REQUIRED:
240 /* if the server requires it */
241 conn->allow_signing = true;
242 conn->desire_signing = false;
243 conn->mandatory_signing = false;
245 case SMB_SIGNING_REQUIRED:
247 conn->allow_signing = true;
248 conn->desire_signing = true;
249 conn->mandatory_signing = true;
253 conn->smb1.client.capabilities = smb1_capabilities;
254 conn->smb1.client.max_xmit = UINT16_MAX;
256 conn->smb1.capabilities = conn->smb1.client.capabilities;
257 conn->smb1.max_xmit = 1024;
261 /* initialise signing */
262 conn->smb1.signing = smb_signing_init(conn,
264 conn->desire_signing,
265 conn->mandatory_signing);
266 if (!conn->smb1.signing) {
270 conn->smb2.client.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
271 if (conn->mandatory_signing) {
272 conn->smb2.client.security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
275 talloc_set_destructor(conn, smbXcli_conn_destructor);
283 bool smbXcli_conn_is_connected(struct smbXcli_conn *conn)
289 if (conn->fd == -1) {
296 enum protocol_types smbXcli_conn_protocol(struct smbXcli_conn *conn)
298 return conn->protocol;
301 bool smbXcli_conn_use_unicode(struct smbXcli_conn *conn)
303 if (conn->protocol >= PROTOCOL_SMB2_02) {
307 if (conn->smb1.capabilities & CAP_UNICODE) {
314 void smbXcli_conn_set_sockopt(struct smbXcli_conn *conn, const char *options)
316 set_socket_options(conn->fd, options);
319 const struct sockaddr_storage *smbXcli_conn_local_sockaddr(struct smbXcli_conn *conn)
321 return &conn->local_ss;
324 const struct sockaddr_storage *smbXcli_conn_remote_sockaddr(struct smbXcli_conn *conn)
326 return &conn->remote_ss;
329 const char *smbXcli_conn_remote_name(struct smbXcli_conn *conn)
331 return conn->remote_name;
334 bool smb1cli_conn_activate_signing(struct smbXcli_conn *conn,
335 const DATA_BLOB user_session_key,
336 const DATA_BLOB response)
338 return smb_signing_activate(conn->smb1.signing,
343 bool smb1cli_conn_check_signing(struct smbXcli_conn *conn,
344 const uint8_t *buf, uint32_t seqnum)
346 return smb_signing_check_pdu(conn->smb1.signing, buf, seqnum);
349 bool smb1cli_conn_signing_is_active(struct smbXcli_conn *conn)
351 return smb_signing_is_active(conn->smb1.signing);
354 void smb1cli_conn_set_encryption(struct smbXcli_conn *conn,
355 struct smb_trans_enc_state *es)
357 /* Replace the old state, if any. */
358 if (conn->smb1.trans_enc) {
359 common_free_encryption_state(&conn->smb1.trans_enc);
361 conn->smb1.trans_enc = es;
364 bool smb1cli_conn_encryption_on(struct smbXcli_conn *conn)
366 return common_encryption_on(conn->smb1.trans_enc);
370 static NTSTATUS smb1cli_pull_raw_error(const uint8_t *buf)
372 const uint8_t *hdr = buf + NBT_HDR_SIZE;
373 uint32_t flags2 = SVAL(hdr, HDR_FLG2);
374 NTSTATUS status = NT_STATUS(IVAL(hdr, HDR_RCLS));
376 if (NT_STATUS_IS_OK(status)) {
380 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
384 return NT_STATUS_DOS(CVAL(hdr, HDR_RCLS), SVAL(hdr, HDR_ERR));
388 * Figure out if there is an andx command behind the current one
389 * @param[in] buf The smb buffer to look at
390 * @param[in] ofs The offset to the wct field that is followed by the cmd
391 * @retval Is there a command following?
394 static bool smb1cli_have_andx_command(const uint8_t *buf,
399 size_t buflen = talloc_get_size(buf);
401 if (!smb1cli_is_andx_req(cmd)) {
405 if ((ofs == buflen-1) || (ofs == buflen)) {
409 wct = CVAL(buf, ofs);
412 * Not enough space for the command and a following pointer
416 return (CVAL(buf, ofs+1) != 0xff);
420 * Is the SMB command able to hold an AND_X successor
421 * @param[in] cmd The SMB command in question
422 * @retval Can we add a chained request after "cmd"?
424 bool smb1cli_is_andx_req(uint8_t cmd)
444 static uint16_t smb1cli_alloc_mid(struct smbXcli_conn *conn)
446 size_t num_pending = talloc_array_length(conn->pending);
452 result = conn->smb1.mid++;
453 if ((result == 0) || (result == 0xffff)) {
457 for (i=0; i<num_pending; i++) {
458 if (result == smb1cli_req_mid(conn->pending[i])) {
463 if (i == num_pending) {
469 void smbXcli_req_unset_pending(struct tevent_req *req)
471 struct smbXcli_req_state *state =
473 struct smbXcli_req_state);
474 struct smbXcli_conn *conn = state->conn;
475 size_t num_pending = talloc_array_length(conn->pending);
478 if (state->smb1.mid != 0) {
480 * This is a [nt]trans[2] request which waits
481 * for more than one reply.
486 talloc_set_destructor(req, NULL);
488 if (num_pending == 1) {
490 * The pending read_smb tevent_req is a child of
491 * conn->pending. So if nothing is pending anymore, we need to
492 * delete the socket read fde.
494 TALLOC_FREE(conn->pending);
495 conn->read_smb_req = NULL;
499 for (i=0; i<num_pending; i++) {
500 if (req == conn->pending[i]) {
504 if (i == num_pending) {
506 * Something's seriously broken. Just returning here is the
507 * right thing nevertheless, the point of this routine is to
508 * remove ourselves from conn->pending.
514 * Remove ourselves from the conn->pending array
516 for (; i < (num_pending - 1); i++) {
517 conn->pending[i] = conn->pending[i+1];
521 * No NULL check here, we're shrinking by sizeof(void *), and
522 * talloc_realloc just adjusts the size for this.
524 conn->pending = talloc_realloc(NULL, conn->pending, struct tevent_req *,
529 static int smbXcli_req_destructor(struct tevent_req *req)
531 struct smbXcli_req_state *state =
533 struct smbXcli_req_state);
536 * Make sure we really remove it from
537 * the pending array on destruction.
540 smbXcli_req_unset_pending(req);
544 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn);
546 bool smbXcli_req_set_pending(struct tevent_req *req)
548 struct smbXcli_req_state *state =
550 struct smbXcli_req_state);
551 struct smbXcli_conn *conn;
552 struct tevent_req **pending;
557 if (!smbXcli_conn_is_connected(conn)) {
561 num_pending = talloc_array_length(conn->pending);
563 pending = talloc_realloc(conn, conn->pending, struct tevent_req *,
565 if (pending == NULL) {
568 pending[num_pending] = req;
569 conn->pending = pending;
570 talloc_set_destructor(req, smbXcli_req_destructor);
572 if (!smbXcli_conn_receive_next(conn)) {
574 * the caller should notify the current request
576 * And all other pending requests get notified
577 * by smbXcli_conn_disconnect().
579 smbXcli_req_unset_pending(req);
580 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
587 static void smbXcli_conn_received(struct tevent_req *subreq);
589 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn)
591 size_t num_pending = talloc_array_length(conn->pending);
592 struct tevent_req *req;
593 struct smbXcli_req_state *state;
595 if (conn->read_smb_req != NULL) {
599 if (num_pending == 0) {
600 if (conn->smb2.mid < UINT64_MAX) {
601 /* no more pending requests, so we are done for now */
606 * If there are no more SMB2 requests possible,
607 * because we are out of message ids,
608 * we need to disconnect.
610 smbXcli_conn_disconnect(conn, NT_STATUS_CONNECTION_ABORTED);
614 req = conn->pending[0];
615 state = tevent_req_data(req, struct smbXcli_req_state);
618 * We're the first ones, add the read_smb request that waits for the
619 * answer from the server
621 conn->read_smb_req = read_smb_send(conn->pending, state->ev, conn->fd);
622 if (conn->read_smb_req == NULL) {
625 tevent_req_set_callback(conn->read_smb_req, smbXcli_conn_received, conn);
629 void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
631 if (conn->fd != -1) {
637 * Cancel all pending requests. We do not do a for-loop walking
638 * conn->pending because that array changes in
639 * smbXcli_req_unset_pending.
641 while (talloc_array_length(conn->pending) > 0) {
642 struct tevent_req *req;
643 struct smbXcli_req_state *state;
645 req = conn->pending[0];
646 state = tevent_req_data(req, struct smbXcli_req_state);
649 * We're dead. No point waiting for trans2
654 smbXcli_req_unset_pending(req);
656 if (NT_STATUS_IS_OK(status)) {
657 /* do not notify the callers */
662 * we need to defer the callback, because we may notify more
665 tevent_req_defer_callback(req, state->ev);
666 tevent_req_nterror(req, status);
671 * Fetch a smb request's mid. Only valid after the request has been sent by
672 * smb1cli_req_send().
674 uint16_t smb1cli_req_mid(struct tevent_req *req)
676 struct smbXcli_req_state *state =
678 struct smbXcli_req_state);
680 if (state->smb1.mid != 0) {
681 return state->smb1.mid;
684 return SVAL(state->smb1.hdr, HDR_MID);
687 void smb1cli_req_set_mid(struct tevent_req *req, uint16_t mid)
689 struct smbXcli_req_state *state =
691 struct smbXcli_req_state);
693 state->smb1.mid = mid;
696 uint32_t smb1cli_req_seqnum(struct tevent_req *req)
698 struct smbXcli_req_state *state =
700 struct smbXcli_req_state);
702 return state->smb1.seqnum;
705 void smb1cli_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
707 struct smbXcli_req_state *state =
709 struct smbXcli_req_state);
711 state->smb1.seqnum = seqnum;
714 static size_t smbXcli_iov_len(const struct iovec *iov, int count)
718 for (i=0; i<count; i++) {
719 result += iov[i].iov_len;
724 static uint8_t *smbXcli_iov_concat(TALLOC_CTX *mem_ctx,
725 const struct iovec *iov,
728 size_t len = smbXcli_iov_len(iov, count);
733 buf = talloc_array(mem_ctx, uint8_t, len);
738 for (i=0; i<count; i++) {
739 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
740 copied += iov[i].iov_len;
745 static void smb1cli_req_flags(enum protocol_types protocol,
746 uint32_t smb1_capabilities,
748 uint8_t additional_flags,
751 uint16_t additional_flags2,
752 uint16_t clear_flags2,
758 if (protocol >= PROTOCOL_LANMAN1) {
759 flags |= FLAG_CASELESS_PATHNAMES;
760 flags |= FLAG_CANONICAL_PATHNAMES;
763 if (protocol >= PROTOCOL_LANMAN2) {
764 flags2 |= FLAGS2_LONG_PATH_COMPONENTS;
765 flags2 |= FLAGS2_EXTENDED_ATTRIBUTES;
768 if (protocol >= PROTOCOL_NT1) {
769 flags2 |= FLAGS2_IS_LONG_NAME;
771 if (smb1_capabilities & CAP_UNICODE) {
772 flags2 |= FLAGS2_UNICODE_STRINGS;
774 if (smb1_capabilities & CAP_STATUS32) {
775 flags2 |= FLAGS2_32_BIT_ERROR_CODES;
777 if (smb1_capabilities & CAP_EXTENDED_SECURITY) {
778 flags2 |= FLAGS2_EXTENDED_SECURITY;
782 flags |= additional_flags;
783 flags &= ~clear_flags;
784 flags2 |= additional_flags2;
785 flags2 &= ~clear_flags2;
791 struct tevent_req *smb1cli_req_create(TALLOC_CTX *mem_ctx,
792 struct tevent_context *ev,
793 struct smbXcli_conn *conn,
795 uint8_t additional_flags,
797 uint16_t additional_flags2,
798 uint16_t clear_flags2,
799 uint32_t timeout_msec,
803 uint8_t wct, uint16_t *vwv,
805 struct iovec *bytes_iov)
807 struct tevent_req *req;
808 struct smbXcli_req_state *state;
812 if (iov_count > MAX_SMB_IOV) {
814 * Should not happen :-)
819 req = tevent_req_create(mem_ctx, &state,
820 struct smbXcli_req_state);
827 state->smb1.recv_cmd = 0xFF;
828 state->smb1.recv_status = NT_STATUS_INTERNAL_ERROR;
829 state->smb1.recv_iov = talloc_zero_array(state, struct iovec, 3);
830 if (state->smb1.recv_iov == NULL) {
835 smb1cli_req_flags(conn->protocol,
836 conn->smb1.capabilities,
845 SIVAL(state->smb1.hdr, 0, SMB_MAGIC);
846 SCVAL(state->smb1.hdr, HDR_COM, smb_command);
847 SIVAL(state->smb1.hdr, HDR_RCLS, NT_STATUS_V(NT_STATUS_OK));
848 SCVAL(state->smb1.hdr, HDR_FLG, flags);
849 SSVAL(state->smb1.hdr, HDR_FLG2, flags2);
850 SSVAL(state->smb1.hdr, HDR_PIDHIGH, pid >> 16);
851 SSVAL(state->smb1.hdr, HDR_TID, tid);
852 SSVAL(state->smb1.hdr, HDR_PID, pid);
853 SSVAL(state->smb1.hdr, HDR_UID, uid);
854 SSVAL(state->smb1.hdr, HDR_MID, 0); /* this comes later */
855 SSVAL(state->smb1.hdr, HDR_WCT, wct);
857 state->smb1.vwv = vwv;
859 SSVAL(state->smb1.bytecount_buf, 0, smbXcli_iov_len(bytes_iov, iov_count));
861 state->smb1.iov[0].iov_base = (void *)state->length_hdr;
862 state->smb1.iov[0].iov_len = sizeof(state->length_hdr);
863 state->smb1.iov[1].iov_base = (void *)state->smb1.hdr;
864 state->smb1.iov[1].iov_len = sizeof(state->smb1.hdr);
865 state->smb1.iov[2].iov_base = (void *)state->smb1.vwv;
866 state->smb1.iov[2].iov_len = wct * sizeof(uint16_t);
867 state->smb1.iov[3].iov_base = (void *)state->smb1.bytecount_buf;
868 state->smb1.iov[3].iov_len = sizeof(uint16_t);
870 if (iov_count != 0) {
871 memcpy(&state->smb1.iov[4], bytes_iov,
872 iov_count * sizeof(*bytes_iov));
874 state->smb1.iov_count = iov_count + 4;
876 if (timeout_msec > 0) {
877 struct timeval endtime;
879 endtime = timeval_current_ofs_msec(timeout_msec);
880 if (!tevent_req_set_endtime(req, ev, endtime)) {
885 switch (smb_command) {
890 state->one_way = true;
894 (CVAL(vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
895 state->one_way = true;
903 static NTSTATUS smb1cli_conn_signv(struct smbXcli_conn *conn,
904 struct iovec *iov, int iov_count,
910 * Obvious optimization: Make cli_calculate_sign_mac work with struct
911 * iovec directly. MD5Update would do that just fine.
915 return NT_STATUS_INVALID_PARAMETER_MIX;
917 if (iov[0].iov_len != NBT_HDR_SIZE) {
918 return NT_STATUS_INVALID_PARAMETER_MIX;
920 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
921 return NT_STATUS_INVALID_PARAMETER_MIX;
923 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
924 return NT_STATUS_INVALID_PARAMETER_MIX;
926 if (iov[3].iov_len != sizeof(uint16_t)) {
927 return NT_STATUS_INVALID_PARAMETER_MIX;
930 buf = smbXcli_iov_concat(talloc_tos(), iov, iov_count);
932 return NT_STATUS_NO_MEMORY;
935 *seqnum = smb_signing_next_seqnum(conn->smb1.signing, false);
936 smb_signing_sign_pdu(conn->smb1.signing, buf, *seqnum);
937 memcpy(iov[1].iov_base, buf+4, iov[1].iov_len);
943 static void smb1cli_req_writev_done(struct tevent_req *subreq);
944 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
948 static NTSTATUS smb1cli_req_writev_submit(struct tevent_req *req,
949 struct smbXcli_req_state *state,
950 struct iovec *iov, int iov_count)
952 struct tevent_req *subreq;
956 if (!smbXcli_conn_is_connected(state->conn)) {
957 return NT_STATUS_CONNECTION_DISCONNECTED;
960 if (state->conn->protocol > PROTOCOL_NT1) {
961 return NT_STATUS_REVISION_MISMATCH;
965 return NT_STATUS_INVALID_PARAMETER_MIX;
967 if (iov[0].iov_len != NBT_HDR_SIZE) {
968 return NT_STATUS_INVALID_PARAMETER_MIX;
970 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
971 return NT_STATUS_INVALID_PARAMETER_MIX;
973 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
974 return NT_STATUS_INVALID_PARAMETER_MIX;
976 if (iov[3].iov_len != sizeof(uint16_t)) {
977 return NT_STATUS_INVALID_PARAMETER_MIX;
980 if (state->smb1.mid != 0) {
981 mid = state->smb1.mid;
983 mid = smb1cli_alloc_mid(state->conn);
985 SSVAL(iov[1].iov_base, HDR_MID, mid);
987 _smb_setlen_nbt(iov[0].iov_base, smbXcli_iov_len(&iov[1], iov_count-1));
989 status = smb1cli_conn_signv(state->conn, iov, iov_count,
990 &state->smb1.seqnum);
992 if (!NT_STATUS_IS_OK(status)) {
997 * If we supported multiple encrytion contexts
998 * here we'd look up based on tid.
1000 if (common_encryption_on(state->conn->smb1.trans_enc)) {
1001 char *buf, *enc_buf;
1003 buf = (char *)smbXcli_iov_concat(talloc_tos(), iov, iov_count);
1005 return NT_STATUS_NO_MEMORY;
1007 status = common_encrypt_buffer(state->conn->smb1.trans_enc,
1008 (char *)buf, &enc_buf);
1010 if (!NT_STATUS_IS_OK(status)) {
1011 DEBUG(0, ("Error in encrypting client message: %s\n",
1012 nt_errstr(status)));
1015 buf = (char *)talloc_memdup(state, enc_buf,
1016 smb_len_nbt(enc_buf)+4);
1019 return NT_STATUS_NO_MEMORY;
1021 iov[0].iov_base = (void *)buf;
1022 iov[0].iov_len = talloc_get_size(buf);
1026 if (state->conn->dispatch_incoming == NULL) {
1027 state->conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
1030 subreq = writev_send(state, state->ev, state->conn->outgoing,
1031 state->conn->fd, false, iov, iov_count);
1032 if (subreq == NULL) {
1033 return NT_STATUS_NO_MEMORY;
1035 tevent_req_set_callback(subreq, smb1cli_req_writev_done, req);
1036 return NT_STATUS_OK;
1039 struct tevent_req *smb1cli_req_send(TALLOC_CTX *mem_ctx,
1040 struct tevent_context *ev,
1041 struct smbXcli_conn *conn,
1042 uint8_t smb_command,
1043 uint8_t additional_flags,
1044 uint8_t clear_flags,
1045 uint16_t additional_flags2,
1046 uint16_t clear_flags2,
1047 uint32_t timeout_msec,
1051 uint8_t wct, uint16_t *vwv,
1053 const uint8_t *bytes)
1055 struct tevent_req *req;
1059 iov.iov_base = discard_const_p(void, bytes);
1060 iov.iov_len = num_bytes;
1062 req = smb1cli_req_create(mem_ctx, ev, conn, smb_command,
1063 additional_flags, clear_flags,
1064 additional_flags2, clear_flags2,
1071 if (!tevent_req_is_in_progress(req)) {
1072 return tevent_req_post(req, ev);
1074 status = smb1cli_req_chain_submit(&req, 1);
1075 if (tevent_req_nterror(req, status)) {
1076 return tevent_req_post(req, ev);
1081 static void smb1cli_req_writev_done(struct tevent_req *subreq)
1083 struct tevent_req *req =
1084 tevent_req_callback_data(subreq,
1086 struct smbXcli_req_state *state =
1087 tevent_req_data(req,
1088 struct smbXcli_req_state);
1092 nwritten = writev_recv(subreq, &err);
1093 TALLOC_FREE(subreq);
1094 if (nwritten == -1) {
1095 NTSTATUS status = map_nt_error_from_unix_common(err);
1096 smbXcli_conn_disconnect(state->conn, status);
1100 if (state->one_way) {
1101 state->inbuf = NULL;
1102 tevent_req_done(req);
1106 if (!smbXcli_req_set_pending(req)) {
1107 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1112 static void smbXcli_conn_received(struct tevent_req *subreq)
1114 struct smbXcli_conn *conn =
1115 tevent_req_callback_data(subreq,
1116 struct smbXcli_conn);
1117 TALLOC_CTX *frame = talloc_stackframe();
1123 if (subreq != conn->read_smb_req) {
1124 DEBUG(1, ("Internal error: cli_smb_received called with "
1125 "unexpected subreq\n"));
1126 status = NT_STATUS_INTERNAL_ERROR;
1127 smbXcli_conn_disconnect(conn, status);
1131 conn->read_smb_req = NULL;
1133 received = read_smb_recv(subreq, frame, &inbuf, &err);
1134 TALLOC_FREE(subreq);
1135 if (received == -1) {
1136 status = map_nt_error_from_unix_common(err);
1137 smbXcli_conn_disconnect(conn, status);
1142 status = conn->dispatch_incoming(conn, frame, inbuf);
1144 if (NT_STATUS_IS_OK(status)) {
1146 * We should not do any more processing
1147 * as the dispatch function called
1148 * tevent_req_done().
1151 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
1153 * We got an error, so notify all pending requests
1155 smbXcli_conn_disconnect(conn, status);
1160 * We got NT_STATUS_RETRY, so we may ask for a
1161 * next incoming pdu.
1163 if (!smbXcli_conn_receive_next(conn)) {
1164 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
1168 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1169 TALLOC_CTX *tmp_mem,
1172 struct tevent_req *req;
1173 struct smbXcli_req_state *state;
1179 const uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
1181 if ((IVAL(inhdr, 0) != SMB_MAGIC) /* 0xFF"SMB" */
1182 && (SVAL(inhdr, 0) != 0x45ff)) /* 0xFF"E" */ {
1183 DEBUG(10, ("Got non-SMB PDU\n"));
1184 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1188 * If we supported multiple encrytion contexts
1189 * here we'd look up based on tid.
1191 if (common_encryption_on(conn->smb1.trans_enc)
1192 && (CVAL(inbuf, 0) == 0)) {
1193 uint16_t enc_ctx_num;
1195 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
1196 if (!NT_STATUS_IS_OK(status)) {
1197 DEBUG(10, ("get_enc_ctx_num returned %s\n",
1198 nt_errstr(status)));
1202 if (enc_ctx_num != conn->smb1.trans_enc->enc_ctx_num) {
1203 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
1205 conn->smb1.trans_enc->enc_ctx_num));
1206 return NT_STATUS_INVALID_HANDLE;
1209 status = common_decrypt_buffer(conn->smb1.trans_enc,
1211 if (!NT_STATUS_IS_OK(status)) {
1212 DEBUG(10, ("common_decrypt_buffer returned %s\n",
1213 nt_errstr(status)));
1218 mid = SVAL(inhdr, HDR_MID);
1219 num_pending = talloc_array_length(conn->pending);
1221 for (i=0; i<num_pending; i++) {
1222 if (mid == smb1cli_req_mid(conn->pending[i])) {
1226 if (i == num_pending) {
1227 /* Dump unexpected reply */
1228 return NT_STATUS_RETRY;
1231 oplock_break = false;
1233 if (mid == 0xffff) {
1235 * Paranoia checks that this is really an oplock break request.
1237 oplock_break = (smb_len_nbt(inbuf) == 51); /* hdr + 8 words */
1238 oplock_break &= ((CVAL(inhdr, HDR_FLG) & FLAG_REPLY) == 0);
1239 oplock_break &= (CVAL(inhdr, HDR_COM) == SMBlockingX);
1240 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(6)) == 0);
1241 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(7)) == 0);
1243 if (!oplock_break) {
1244 /* Dump unexpected reply */
1245 return NT_STATUS_RETRY;
1249 req = conn->pending[i];
1250 state = tevent_req_data(req, struct smbXcli_req_state);
1252 if (!oplock_break /* oplock breaks are not signed */
1253 && !smb_signing_check_pdu(conn->smb1.signing,
1254 inbuf, state->smb1.seqnum+1)) {
1255 DEBUG(10, ("cli_check_sign_mac failed\n"));
1256 return NT_STATUS_ACCESS_DENIED;
1259 if (state->smb1.chained_requests != NULL) {
1260 struct tevent_req **chain = talloc_move(tmp_mem,
1261 &state->smb1.chained_requests);
1262 size_t num_chained = talloc_array_length(chain);
1265 * We steal the inbuf to the chain,
1266 * so that it will stay until all
1267 * requests of the chain are finished.
1269 * Each requests in the chain will
1270 * hold a talloc reference to the chain.
1271 * This way we do not expose the talloc_reference()
1272 * behavior to the callers.
1274 talloc_steal(chain, inbuf);
1276 for (i=0; i<num_chained; i++) {
1277 struct tevent_req **ref;
1280 state = tevent_req_data(req, struct smbXcli_req_state);
1282 smbXcli_req_unset_pending(req);
1285 * as we finish multiple requests here
1286 * we need to defer the callbacks as
1287 * they could destroy our current stack state.
1289 tevent_req_defer_callback(req, state->ev);
1291 ref = talloc_reference(state, chain);
1292 if (tevent_req_nomem(ref, req)) {
1296 state->inbuf = inbuf;
1297 state->smb1.chain_num = i;
1298 state->smb1.chain_length = num_chained;
1300 tevent_req_done(req);
1302 return NT_STATUS_RETRY;
1305 smbXcli_req_unset_pending(req);
1307 state->inbuf = talloc_move(state, &inbuf);
1308 state->smb1.chain_num = 0;
1309 state->smb1.chain_length = 1;
1311 if (talloc_array_length(conn->pending) == 0) {
1312 tevent_req_done(req);
1313 return NT_STATUS_OK;
1316 tevent_req_defer_callback(req, state->ev);
1317 tevent_req_done(req);
1318 return NT_STATUS_RETRY;
1321 NTSTATUS smb1cli_req_recv(struct tevent_req *req,
1322 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
1323 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
1324 uint32_t *pnum_bytes, uint8_t **pbytes)
1326 struct smbXcli_req_state *state =
1327 tevent_req_data(req,
1328 struct smbXcli_req_state);
1329 NTSTATUS status = NT_STATUS_OK;
1332 size_t wct_ofs, bytes_offset;
1335 if (tevent_req_is_nterror(req, &status)) {
1339 if (state->inbuf == NULL) {
1341 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1358 /* This was a request without a reply */
1359 return NT_STATUS_OK;
1362 wct_ofs = NBT_HDR_SIZE + HDR_WCT;
1363 cmd = CVAL(state->inbuf, NBT_HDR_SIZE + HDR_COM);
1365 for (i=0; i<state->smb1.chain_num; i++) {
1366 if (i < state->smb1.chain_num-1) {
1368 return NT_STATUS_REQUEST_ABORTED;
1370 if (!smb1cli_is_andx_req(cmd)) {
1371 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1375 if (!smb1cli_have_andx_command(state->inbuf, wct_ofs, cmd)) {
1377 * This request was not completed because a previous
1378 * request in the chain had received an error.
1380 return NT_STATUS_REQUEST_ABORTED;
1383 cmd = CVAL(state->inbuf, wct_ofs + 1);
1384 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
1387 * Skip the all-present length field. No overflow, we've just
1388 * put a 16-bit value into a size_t.
1392 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
1393 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1397 status = smb1cli_pull_raw_error(state->inbuf);
1399 if (!smb1cli_have_andx_command(state->inbuf, wct_ofs, cmd)) {
1401 if ((cmd == SMBsesssetupX)
1403 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1405 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
1406 * valid return code for session setup
1411 if (NT_STATUS_IS_ERR(status)) {
1413 * The last command takes the error code. All
1414 * further commands down the requested chain
1415 * will get a NT_STATUS_REQUEST_ABORTED.
1421 * Only the last request in the chain get the returned
1424 status = NT_STATUS_OK;
1429 wct = CVAL(state->inbuf, wct_ofs);
1430 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
1431 num_bytes = SVAL(state->inbuf, bytes_offset);
1433 if (wct < min_wct) {
1434 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1438 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
1439 * is a 16-bit value. So bytes_offset being size_t should be far from
1442 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
1443 || (bytes_offset > 0xffff)) {
1444 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1451 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
1453 if (pnum_bytes != NULL) {
1454 *pnum_bytes = num_bytes;
1456 if (pbytes != NULL) {
1457 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
1459 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
1460 if (state->smb1.chain_num == state->smb1.chain_length-1) {
1461 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
1463 *pinbuf = state->inbuf;
1470 size_t smb1cli_req_wct_ofs(struct tevent_req **reqs, int num_reqs)
1477 for (i=0; i<num_reqs; i++) {
1478 struct smbXcli_req_state *state;
1479 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1480 wct_ofs += smbXcli_iov_len(state->smb1.iov+2,
1481 state->smb1.iov_count-2);
1482 wct_ofs = (wct_ofs + 3) & ~3;
1487 NTSTATUS smb1cli_req_chain_submit(struct tevent_req **reqs, int num_reqs)
1489 struct smbXcli_req_state *first_state =
1490 tevent_req_data(reqs[0],
1491 struct smbXcli_req_state);
1492 struct smbXcli_req_state *last_state =
1493 tevent_req_data(reqs[num_reqs-1],
1494 struct smbXcli_req_state);
1495 struct smbXcli_req_state *state;
1497 size_t chain_padding = 0;
1499 struct iovec *iov = NULL;
1500 struct iovec *this_iov;
1504 if (num_reqs == 1) {
1505 return smb1cli_req_writev_submit(reqs[0], first_state,
1506 first_state->smb1.iov,
1507 first_state->smb1.iov_count);
1511 for (i=0; i<num_reqs; i++) {
1512 if (!tevent_req_is_in_progress(reqs[i])) {
1513 return NT_STATUS_INTERNAL_ERROR;
1516 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1518 if (state->smb1.iov_count < 4) {
1519 return NT_STATUS_INVALID_PARAMETER_MIX;
1524 * The NBT and SMB header
1537 iovlen += state->smb1.iov_count - 2;
1540 iov = talloc_zero_array(last_state, struct iovec, iovlen);
1542 return NT_STATUS_NO_MEMORY;
1545 first_state->smb1.chained_requests = (struct tevent_req **)talloc_memdup(
1546 last_state, reqs, sizeof(*reqs) * num_reqs);
1547 if (first_state->smb1.chained_requests == NULL) {
1549 return NT_STATUS_NO_MEMORY;
1552 wct_offset = HDR_WCT;
1555 for (i=0; i<num_reqs; i++) {
1556 size_t next_padding = 0;
1559 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1561 if (i < num_reqs-1) {
1562 if (!smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))
1563 || CVAL(state->smb1.hdr, HDR_WCT) < 2) {
1565 TALLOC_FREE(first_state->smb1.chained_requests);
1566 return NT_STATUS_INVALID_PARAMETER_MIX;
1570 wct_offset += smbXcli_iov_len(state->smb1.iov+2,
1571 state->smb1.iov_count-2) + 1;
1572 if ((wct_offset % 4) != 0) {
1573 next_padding = 4 - (wct_offset % 4);
1575 wct_offset += next_padding;
1576 vwv = state->smb1.vwv;
1578 if (i < num_reqs-1) {
1579 struct smbXcli_req_state *next_state =
1580 tevent_req_data(reqs[i+1],
1581 struct smbXcli_req_state);
1582 SCVAL(vwv+0, 0, CVAL(next_state->smb1.hdr, HDR_COM));
1584 SSVAL(vwv+1, 0, wct_offset);
1585 } else if (smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))) {
1586 /* properly end the chain */
1587 SCVAL(vwv+0, 0, 0xff);
1588 SCVAL(vwv+0, 1, 0xff);
1594 * The NBT and SMB header
1596 this_iov[0] = state->smb1.iov[0];
1597 this_iov[1] = state->smb1.iov[1];
1601 * This one is a bit subtle. We have to add
1602 * chain_padding bytes between the requests, and we
1603 * have to also include the wct field of the
1604 * subsequent requests. We use the subsequent header
1605 * for the padding, it contains the wct field in its
1608 this_iov[0].iov_len = chain_padding+1;
1609 this_iov[0].iov_base = (void *)&state->smb1.hdr[
1610 sizeof(state->smb1.hdr) - this_iov[0].iov_len];
1611 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
1616 * copy the words and bytes
1618 memcpy(this_iov, state->smb1.iov+2,
1619 sizeof(struct iovec) * (state->smb1.iov_count-2));
1620 this_iov += state->smb1.iov_count - 2;
1621 chain_padding = next_padding;
1624 nbt_len = smbXcli_iov_len(&iov[1], iovlen-1);
1625 if (nbt_len > first_state->conn->smb1.max_xmit) {
1627 TALLOC_FREE(first_state->smb1.chained_requests);
1628 return NT_STATUS_INVALID_PARAMETER_MIX;
1631 status = smb1cli_req_writev_submit(reqs[0], last_state, iov, iovlen);
1632 if (!NT_STATUS_IS_OK(status)) {
1634 TALLOC_FREE(first_state->smb1.chained_requests);
1638 for (i=0; i < (num_reqs - 1); i++) {
1639 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1641 state->smb1.seqnum = last_state->smb1.seqnum;
1644 return NT_STATUS_OK;
1647 bool smbXcli_conn_has_async_calls(struct smbXcli_conn *conn)
1649 return ((tevent_queue_length(conn->outgoing) != 0)
1650 || (talloc_array_length(conn->pending) != 0));
1653 struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
1654 struct tevent_context *ev,
1655 struct smbXcli_conn *conn,
1657 uint32_t additional_flags,
1658 uint32_t clear_flags,
1659 uint32_t timeout_msec,
1663 const uint8_t *fixed,
1668 struct tevent_req *req;
1669 struct smbXcli_req_state *state;
1672 req = tevent_req_create(mem_ctx, &state,
1673 struct smbXcli_req_state);
1681 state->smb2.recv_iov = talloc_zero_array(state, struct iovec, 3);
1682 if (state->smb2.recv_iov == NULL) {
1687 flags |= additional_flags;
1688 flags &= ~clear_flags;
1690 state->smb2.fixed = fixed;
1691 state->smb2.fixed_len = fixed_len;
1692 state->smb2.dyn = dyn;
1693 state->smb2.dyn_len = dyn_len;
1695 SIVAL(state->smb2.hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
1696 SSVAL(state->smb2.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
1697 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT_CHARGE, 1);
1698 SIVAL(state->smb2.hdr, SMB2_HDR_STATUS, NT_STATUS_V(NT_STATUS_OK));
1699 SSVAL(state->smb2.hdr, SMB2_HDR_OPCODE, cmd);
1700 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT, 31);
1701 SIVAL(state->smb2.hdr, SMB2_HDR_FLAGS, flags);
1702 SIVAL(state->smb2.hdr, SMB2_HDR_PID, pid);
1703 SIVAL(state->smb2.hdr, SMB2_HDR_TID, tid);
1704 SBVAL(state->smb2.hdr, SMB2_HDR_SESSION_ID, uid);
1707 case SMB2_OP_CANCEL:
1708 state->one_way = true;
1712 * If this is a dummy request, it will have
1713 * UINT64_MAX as message id.
1714 * If we send on break acknowledgement,
1715 * this gets overwritten later.
1717 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, UINT64_MAX);
1721 if (timeout_msec > 0) {
1722 struct timeval endtime;
1724 endtime = timeval_current_ofs_msec(timeout_msec);
1725 if (!tevent_req_set_endtime(req, ev, endtime)) {
1733 static void smb2cli_writev_done(struct tevent_req *subreq);
1734 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1735 TALLOC_CTX *tmp_mem,
1738 NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
1741 struct smbXcli_req_state *state;
1742 struct tevent_req *subreq;
1744 int i, num_iov, nbt_len;
1747 * 1 for the nbt length
1748 * per request: HDR, fixed, dyn, padding
1749 * -1 because the last one does not need padding
1752 iov = talloc_array(reqs[0], struct iovec, 1 + 4*num_reqs - 1);
1754 return NT_STATUS_NO_MEMORY;
1760 for (i=0; i<num_reqs; i++) {
1765 if (!tevent_req_is_in_progress(reqs[i])) {
1766 return NT_STATUS_INTERNAL_ERROR;
1769 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1771 if (!smbXcli_conn_is_connected(state->conn)) {
1772 return NT_STATUS_CONNECTION_DISCONNECTED;
1775 if ((state->conn->protocol != PROTOCOL_NONE) &&
1776 (state->conn->protocol < PROTOCOL_SMB2_02)) {
1777 return NT_STATUS_REVISION_MISMATCH;
1780 if (state->conn->smb2.mid == UINT64_MAX) {
1781 return NT_STATUS_CONNECTION_ABORTED;
1784 mid = state->conn->smb2.mid;
1785 state->conn->smb2.mid += 1;
1787 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
1789 iov[num_iov].iov_base = state->smb2.hdr;
1790 iov[num_iov].iov_len = sizeof(state->smb2.hdr);
1793 iov[num_iov].iov_base = discard_const(state->smb2.fixed);
1794 iov[num_iov].iov_len = state->smb2.fixed_len;
1797 if (state->smb2.dyn != NULL) {
1798 iov[num_iov].iov_base = discard_const(state->smb2.dyn);
1799 iov[num_iov].iov_len = state->smb2.dyn_len;
1803 reqlen = sizeof(state->smb2.hdr);
1804 reqlen += state->smb2.fixed_len;
1805 reqlen += state->smb2.dyn_len;
1807 if (i < num_reqs-1) {
1808 if ((reqlen % 8) > 0) {
1809 uint8_t pad = 8 - (reqlen % 8);
1810 iov[num_iov].iov_base = state->smb2.pad;
1811 iov[num_iov].iov_len = pad;
1815 SIVAL(state->smb2.hdr, SMB2_HDR_NEXT_COMMAND, reqlen);
1819 ret = smbXcli_req_set_pending(reqs[i]);
1821 return NT_STATUS_NO_MEMORY;
1826 * TODO: Do signing here
1829 state = tevent_req_data(reqs[0], struct smbXcli_req_state);
1830 _smb_setlen_tcp(state->length_hdr, nbt_len);
1831 iov[0].iov_base = state->length_hdr;
1832 iov[0].iov_len = sizeof(state->length_hdr);
1834 if (state->conn->dispatch_incoming == NULL) {
1835 state->conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
1838 subreq = writev_send(state, state->ev, state->conn->outgoing,
1839 state->conn->fd, false, iov, num_iov);
1840 if (subreq == NULL) {
1841 return NT_STATUS_NO_MEMORY;
1843 tevent_req_set_callback(subreq, smb2cli_writev_done, reqs[0]);
1844 return NT_STATUS_OK;
1847 struct tevent_req *smb2cli_req_send(TALLOC_CTX *mem_ctx,
1848 struct tevent_context *ev,
1849 struct smbXcli_conn *conn,
1851 uint32_t additional_flags,
1852 uint32_t clear_flags,
1853 uint32_t timeout_msec,
1857 const uint8_t *fixed,
1862 struct tevent_req *req;
1865 req = smb2cli_req_create(mem_ctx, ev, conn, cmd,
1866 additional_flags, clear_flags,
1869 fixed, fixed_len, dyn, dyn_len);
1873 if (!tevent_req_is_in_progress(req)) {
1874 return tevent_req_post(req, ev);
1876 status = smb2cli_req_compound_submit(&req, 1);
1877 if (tevent_req_nterror(req, status)) {
1878 return tevent_req_post(req, ev);
1883 static void smb2cli_writev_done(struct tevent_req *subreq)
1885 struct tevent_req *req =
1886 tevent_req_callback_data(subreq,
1888 struct smbXcli_req_state *state =
1889 tevent_req_data(req,
1890 struct smbXcli_req_state);
1894 nwritten = writev_recv(subreq, &err);
1895 TALLOC_FREE(subreq);
1896 if (nwritten == -1) {
1897 /* here, we need to notify all pending requests */
1898 NTSTATUS status = map_nt_error_from_unix_common(err);
1899 smbXcli_conn_disconnect(state->conn, status);
1904 static NTSTATUS smb2cli_inbuf_parse_compound(uint8_t *buf, TALLOC_CTX *mem_ctx,
1905 struct iovec **piov, int *pnum_iov)
1915 iov = talloc_array(mem_ctx, struct iovec, num_iov);
1917 return NT_STATUS_NO_MEMORY;
1920 buflen = smb_len_tcp(buf);
1922 first_hdr = buf + NBT_HDR_SIZE;
1924 while (taken < buflen) {
1925 size_t len = buflen - taken;
1926 uint8_t *hdr = first_hdr + taken;
1929 size_t next_command_ofs;
1931 struct iovec *iov_tmp;
1934 * We need the header plus the body length field
1937 if (len < SMB2_HDR_BODY + 2) {
1938 DEBUG(10, ("%d bytes left, expected at least %d\n",
1939 (int)len, SMB2_HDR_BODY));
1942 if (IVAL(hdr, 0) != SMB2_MAGIC) {
1943 DEBUG(10, ("Got non-SMB2 PDU: %x\n",
1947 if (SVAL(hdr, 4) != SMB2_HDR_BODY) {
1948 DEBUG(10, ("Got HDR len %d, expected %d\n",
1949 SVAL(hdr, 4), SMB2_HDR_BODY));
1954 next_command_ofs = IVAL(hdr, SMB2_HDR_NEXT_COMMAND);
1955 body_size = SVAL(hdr, SMB2_HDR_BODY);
1957 if (next_command_ofs != 0) {
1958 if (next_command_ofs < (SMB2_HDR_BODY + 2)) {
1961 if (next_command_ofs > full_size) {
1964 full_size = next_command_ofs;
1966 if (body_size < 2) {
1969 body_size &= 0xfffe;
1971 if (body_size > (full_size - SMB2_HDR_BODY)) {
1975 iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
1977 if (iov_tmp == NULL) {
1979 return NT_STATUS_NO_MEMORY;
1982 cur = &iov[num_iov];
1985 cur[0].iov_base = hdr;
1986 cur[0].iov_len = SMB2_HDR_BODY;
1987 cur[1].iov_base = hdr + SMB2_HDR_BODY;
1988 cur[1].iov_len = body_size;
1989 cur[2].iov_base = hdr + SMB2_HDR_BODY + body_size;
1990 cur[2].iov_len = full_size - (SMB2_HDR_BODY + body_size);
1996 *pnum_iov = num_iov;
1997 return NT_STATUS_OK;
2001 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2004 static struct tevent_req *smb2cli_conn_find_pending(struct smbXcli_conn *conn,
2007 size_t num_pending = talloc_array_length(conn->pending);
2010 for (i=0; i<num_pending; i++) {
2011 struct tevent_req *req = conn->pending[i];
2012 struct smbXcli_req_state *state =
2013 tevent_req_data(req,
2014 struct smbXcli_req_state);
2016 if (mid == BVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID)) {
2023 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
2024 TALLOC_CTX *tmp_mem,
2027 struct tevent_req *req;
2028 struct smbXcli_req_state *state = NULL;
2034 status = smb2cli_inbuf_parse_compound(inbuf, tmp_mem,
2036 if (!NT_STATUS_IS_OK(status)) {
2040 for (i=0; i<num_iov; i+=3) {
2041 uint8_t *inbuf_ref = NULL;
2042 struct iovec *cur = &iov[i];
2043 uint8_t *inhdr = (uint8_t *)cur[0].iov_base;
2044 uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
2045 uint32_t flags = IVAL(inhdr, SMB2_HDR_FLAGS);
2046 uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
2047 uint16_t req_opcode;
2049 req = smb2cli_conn_find_pending(conn, mid);
2051 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2053 state = tevent_req_data(req, struct smbXcli_req_state);
2055 req_opcode = SVAL(state->smb2.hdr, SMB2_HDR_OPCODE);
2056 if (opcode != req_opcode) {
2057 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2060 if (!(flags & SMB2_HDR_FLAG_REDIRECT)) {
2061 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2064 status = NT_STATUS(IVAL(inhdr, SMB2_HDR_STATUS));
2065 if ((flags & SMB2_HDR_FLAG_ASYNC) &&
2066 NT_STATUS_EQUAL(status, STATUS_PENDING)) {
2067 uint32_t req_flags = IVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
2068 uint64_t async_id = BVAL(inhdr, SMB2_HDR_ASYNC_ID);
2070 req_flags |= SMB2_HDR_FLAG_ASYNC;
2071 SBVAL(state->smb2.hdr, SMB2_HDR_FLAGS, req_flags);
2072 SBVAL(state->smb2.hdr, SMB2_HDR_ASYNC_ID, async_id);
2076 smbXcli_req_unset_pending(req);
2079 * There might be more than one response
2080 * we need to defer the notifications
2082 if ((num_iov == 4) && (talloc_array_length(conn->pending) == 0)) {
2087 tevent_req_defer_callback(req, state->ev);
2091 * Note: here we use talloc_reference() in a way
2092 * that does not expose it to the caller.
2094 inbuf_ref = talloc_reference(state->smb2.recv_iov, inbuf);
2095 if (tevent_req_nomem(inbuf_ref, req)) {
2099 /* copy the related buffers */
2100 state->smb2.recv_iov[0] = cur[0];
2101 state->smb2.recv_iov[1] = cur[1];
2102 state->smb2.recv_iov[2] = cur[2];
2104 tevent_req_done(req);
2108 return NT_STATUS_RETRY;
2111 return NT_STATUS_OK;
2114 NTSTATUS smb2cli_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2115 struct iovec **piov,
2116 const struct smb2cli_req_expected_response *expected,
2117 size_t num_expected)
2119 struct smbXcli_req_state *state =
2120 tevent_req_data(req,
2121 struct smbXcli_req_state);
2124 bool found_status = false;
2125 bool found_size = false;
2132 if (tevent_req_is_nterror(req, &status)) {
2133 for (i=0; i < num_expected; i++) {
2134 if (NT_STATUS_EQUAL(status, expected[i].status)) {
2135 found_status = true;
2141 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2147 if (num_expected == 0) {
2148 found_status = true;
2152 status = NT_STATUS(IVAL(state->smb2.recv_iov[0].iov_base, SMB2_HDR_STATUS));
2153 body_size = SVAL(state->smb2.recv_iov[1].iov_base, 0);
2155 for (i=0; i < num_expected; i++) {
2156 if (!NT_STATUS_EQUAL(status, expected[i].status)) {
2160 found_status = true;
2161 if (expected[i].body_size == 0) {
2166 if (expected[i].body_size == body_size) {
2172 if (!found_status) {
2177 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2181 *piov = talloc_move(mem_ctx, &state->smb2.recv_iov);