2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5 Copyright (C) Stefan Metzmacher 2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/network.h"
23 #include "../lib/async_req/async_sock.h"
24 #include "../lib/util/tevent_ntstatus.h"
25 #include "../lib/util/tevent_unix.h"
26 #include "lib/util/util_net.h"
27 #include "lib/util/dlinklist.h"
28 #include "../libcli/smb/smb_common.h"
29 #include "../libcli/smb/smb_seal.h"
30 #include "../libcli/smb/smb_signing.h"
31 #include "../libcli/smb/read_smb.h"
32 #include "smbXcli_base.h"
33 #include "librpc/ndr/libndr.h"
37 struct smbXcli_session;
42 struct sockaddr_storage local_ss;
43 struct sockaddr_storage remote_ss;
44 const char *remote_name;
46 struct tevent_queue *outgoing;
47 struct tevent_req **pending;
48 struct tevent_req *read_smb_req;
50 enum protocol_types protocol;
53 bool mandatory_signing;
56 * The incoming dispatch function should return:
57 * - NT_STATUS_RETRY, if more incoming PDUs are expected.
58 * - NT_STATUS_OK, if no more processing is desired, e.g.
59 * the dispatch function called
61 * - All other return values disconnect the connection.
63 NTSTATUS (*dispatch_incoming)(struct smbXcli_conn *conn,
69 uint32_t capabilities;
74 uint32_t capabilities;
77 uint16_t security_mode;
86 const char *workgroup;
92 uint32_t capabilities;
97 struct smb_signing_state *signing;
98 struct smb_trans_enc_state *trans_enc;
100 struct tevent_req *read_braw_req;
105 uint32_t capabilities;
106 uint16_t security_mode;
111 uint32_t capabilities;
112 uint16_t security_mode;
114 uint32_t max_trans_size;
115 uint32_t max_read_size;
116 uint32_t max_write_size;
123 uint16_t cur_credits;
124 uint16_t max_credits;
127 struct smbXcli_session *sessions;
130 struct smbXcli_session {
131 struct smbXcli_session *prev, *next;
132 struct smbXcli_conn *conn;
136 uint16_t session_flags;
137 DATA_BLOB application_key;
138 DATA_BLOB signing_key;
141 DATA_BLOB encryption_key;
142 DATA_BLOB decryption_key;
143 uint64_t channel_nonce;
144 uint64_t channel_next;
145 DATA_BLOB channel_signing_key;
149 struct smbXcli_req_state {
150 struct tevent_context *ev;
151 struct smbXcli_conn *conn;
152 struct smbXcli_session *session; /* maybe NULL */
154 uint8_t length_hdr[4];
161 /* Space for the header including the wct */
162 uint8_t hdr[HDR_VWV];
165 * For normal requests, smb1cli_req_send chooses a mid.
166 * SecondaryV trans requests need to use the mid of the primary
167 * request, so we need a place to store it.
168 * Assume it is set if != 0.
173 uint8_t bytecount_buf[2];
175 #define MAX_SMB_IOV 10
176 /* length_hdr, hdr, words, byte_count, buffers */
177 struct iovec iov[1 + 3 + MAX_SMB_IOV];
182 struct tevent_req **chained_requests;
185 NTSTATUS recv_status;
186 /* always an array of 3 talloc elements */
187 struct iovec *recv_iov;
191 const uint8_t *fixed;
197 uint8_t pad[7]; /* padding space for compounding */
199 /* always an array of 3 talloc elements */
200 struct iovec *recv_iov;
202 uint16_t credit_charge;
204 bool signing_skipped;
210 static int smbXcli_conn_destructor(struct smbXcli_conn *conn)
213 * NT_STATUS_OK, means we do not notify the callers
215 smbXcli_conn_disconnect(conn, NT_STATUS_OK);
217 while (conn->sessions) {
218 conn->sessions->conn = NULL;
219 DLIST_REMOVE(conn->sessions, conn->sessions);
222 if (conn->smb1.trans_enc) {
223 TALLOC_FREE(conn->smb1.trans_enc);
229 struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
231 const char *remote_name,
232 enum smb_signing_setting signing_state,
233 uint32_t smb1_capabilities,
234 struct GUID *client_guid,
235 uint32_t smb2_capabilities)
237 struct smbXcli_conn *conn = NULL;
239 struct sockaddr *sa = NULL;
243 conn = talloc_zero(mem_ctx, struct smbXcli_conn);
249 conn->write_fd = dup(fd);
250 if (conn->write_fd == -1) {
254 conn->remote_name = talloc_strdup(conn, remote_name);
255 if (conn->remote_name == NULL) {
260 ss = (void *)&conn->local_ss;
261 sa = (struct sockaddr *)ss;
262 sa_length = sizeof(conn->local_ss);
263 ret = getsockname(fd, sa, &sa_length);
267 ss = (void *)&conn->remote_ss;
268 sa = (struct sockaddr *)ss;
269 sa_length = sizeof(conn->remote_ss);
270 ret = getpeername(fd, sa, &sa_length);
275 conn->outgoing = tevent_queue_create(conn, "smbXcli_outgoing");
276 if (conn->outgoing == NULL) {
279 conn->pending = NULL;
281 conn->protocol = PROTOCOL_NONE;
283 switch (signing_state) {
284 case SMB_SIGNING_OFF:
286 conn->allow_signing = false;
287 conn->desire_signing = false;
288 conn->mandatory_signing = false;
290 case SMB_SIGNING_DEFAULT:
291 case SMB_SIGNING_IF_REQUIRED:
292 /* if the server requires it */
293 conn->allow_signing = true;
294 conn->desire_signing = false;
295 conn->mandatory_signing = false;
297 case SMB_SIGNING_REQUIRED:
299 conn->allow_signing = true;
300 conn->desire_signing = true;
301 conn->mandatory_signing = true;
305 conn->smb1.client.capabilities = smb1_capabilities;
306 conn->smb1.client.max_xmit = UINT16_MAX;
308 conn->smb1.capabilities = conn->smb1.client.capabilities;
309 conn->smb1.max_xmit = 1024;
313 /* initialise signing */
314 conn->smb1.signing = smb_signing_init(conn,
316 conn->desire_signing,
317 conn->mandatory_signing);
318 if (!conn->smb1.signing) {
322 conn->smb2.client.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
323 if (conn->mandatory_signing) {
324 conn->smb2.client.security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
327 conn->smb2.client.guid = *client_guid;
329 conn->smb2.client.capabilities = smb2_capabilities;
331 conn->smb2.cur_credits = 1;
332 conn->smb2.max_credits = 0;
334 talloc_set_destructor(conn, smbXcli_conn_destructor);
338 if (conn->write_fd != -1) {
339 close(conn->write_fd);
345 bool smbXcli_conn_is_connected(struct smbXcli_conn *conn)
351 if (conn->read_fd == -1) {
358 enum protocol_types smbXcli_conn_protocol(struct smbXcli_conn *conn)
360 return conn->protocol;
363 bool smbXcli_conn_use_unicode(struct smbXcli_conn *conn)
365 if (conn->protocol >= PROTOCOL_SMB2_02) {
369 if (conn->smb1.capabilities & CAP_UNICODE) {
376 void smbXcli_conn_set_sockopt(struct smbXcli_conn *conn, const char *options)
378 set_socket_options(conn->read_fd, options);
381 const struct sockaddr_storage *smbXcli_conn_local_sockaddr(struct smbXcli_conn *conn)
383 return &conn->local_ss;
386 const struct sockaddr_storage *smbXcli_conn_remote_sockaddr(struct smbXcli_conn *conn)
388 return &conn->remote_ss;
391 const char *smbXcli_conn_remote_name(struct smbXcli_conn *conn)
393 return conn->remote_name;
396 uint16_t smbXcli_conn_max_requests(struct smbXcli_conn *conn)
398 if (conn->protocol >= PROTOCOL_SMB2_02) {
405 return conn->smb1.server.max_mux;
408 NTTIME smbXcli_conn_server_system_time(struct smbXcli_conn *conn)
410 if (conn->protocol >= PROTOCOL_SMB2_02) {
411 return conn->smb2.server.system_time;
414 return conn->smb1.server.system_time;
417 const DATA_BLOB *smbXcli_conn_server_gss_blob(struct smbXcli_conn *conn)
419 if (conn->protocol >= PROTOCOL_SMB2_02) {
420 return &conn->smb2.server.gss_blob;
423 return &conn->smb1.server.gss_blob;
426 const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn)
428 if (conn->protocol >= PROTOCOL_SMB2_02) {
429 return &conn->smb2.server.guid;
432 return &conn->smb1.server.guid;
435 struct smbXcli_conn_samba_suicide_state {
436 struct smbXcli_conn *conn;
441 static void smbXcli_conn_samba_suicide_done(struct tevent_req *subreq);
443 struct tevent_req *smbXcli_conn_samba_suicide_send(TALLOC_CTX *mem_ctx,
444 struct tevent_context *ev,
445 struct smbXcli_conn *conn,
448 struct tevent_req *req, *subreq;
449 struct smbXcli_conn_samba_suicide_state *state;
451 req = tevent_req_create(mem_ctx, &state,
452 struct smbXcli_conn_samba_suicide_state);
457 SIVAL(state->buf, 4, 0x74697865);
458 SCVAL(state->buf, 8, exitcode);
459 _smb_setlen_nbt(state->buf, sizeof(state->buf)-4);
461 state->iov.iov_base = state->buf;
462 state->iov.iov_len = sizeof(state->buf);
464 subreq = writev_send(state, ev, conn->outgoing, conn->write_fd,
465 false, &state->iov, 1);
466 if (tevent_req_nomem(subreq, req)) {
467 return tevent_req_post(req, ev);
469 tevent_req_set_callback(subreq, smbXcli_conn_samba_suicide_done, req);
473 static void smbXcli_conn_samba_suicide_done(struct tevent_req *subreq)
475 struct tevent_req *req = tevent_req_callback_data(
476 subreq, struct tevent_req);
477 struct smbXcli_conn_samba_suicide_state *state = tevent_req_data(
478 req, struct smbXcli_conn_samba_suicide_state);
482 nwritten = writev_recv(subreq, &err);
484 if (nwritten == -1) {
485 NTSTATUS status = map_nt_error_from_unix_common(err);
486 smbXcli_conn_disconnect(state->conn, status);
489 tevent_req_done(req);
492 NTSTATUS smbXcli_conn_samba_suicide_recv(struct tevent_req *req)
494 return tevent_req_simple_recv_ntstatus(req);
497 NTSTATUS smbXcli_conn_samba_suicide(struct smbXcli_conn *conn,
500 TALLOC_CTX *frame = talloc_stackframe();
501 struct tevent_context *ev;
502 struct tevent_req *req;
503 NTSTATUS status = NT_STATUS_NO_MEMORY;
506 if (smbXcli_conn_has_async_calls(conn)) {
508 * Can't use sync call while an async call is in flight
510 status = NT_STATUS_INVALID_PARAMETER_MIX;
513 ev = tevent_context_init(frame);
517 req = smbXcli_conn_samba_suicide_send(frame, ev, conn, exitcode);
521 ok = tevent_req_poll(req, ev);
523 status = map_nt_error_from_unix_common(errno);
526 status = smbXcli_conn_samba_suicide_recv(req);
532 uint32_t smb1cli_conn_capabilities(struct smbXcli_conn *conn)
534 return conn->smb1.capabilities;
537 uint32_t smb1cli_conn_max_xmit(struct smbXcli_conn *conn)
539 return conn->smb1.max_xmit;
542 uint32_t smb1cli_conn_server_session_key(struct smbXcli_conn *conn)
544 return conn->smb1.server.session_key;
547 const uint8_t *smb1cli_conn_server_challenge(struct smbXcli_conn *conn)
549 return conn->smb1.server.challenge;
552 uint16_t smb1cli_conn_server_security_mode(struct smbXcli_conn *conn)
554 return conn->smb1.server.security_mode;
557 bool smb1cli_conn_server_readbraw(struct smbXcli_conn *conn)
559 return conn->smb1.server.readbraw;
562 bool smb1cli_conn_server_writebraw(struct smbXcli_conn *conn)
564 return conn->smb1.server.writebraw;
567 bool smb1cli_conn_server_lockread(struct smbXcli_conn *conn)
569 return conn->smb1.server.lockread;
572 bool smb1cli_conn_server_writeunlock(struct smbXcli_conn *conn)
574 return conn->smb1.server.writeunlock;
577 int smb1cli_conn_server_time_zone(struct smbXcli_conn *conn)
579 return conn->smb1.server.time_zone;
582 bool smb1cli_conn_activate_signing(struct smbXcli_conn *conn,
583 const DATA_BLOB user_session_key,
584 const DATA_BLOB response)
586 return smb_signing_activate(conn->smb1.signing,
591 bool smb1cli_conn_check_signing(struct smbXcli_conn *conn,
592 const uint8_t *buf, uint32_t seqnum)
594 return smb_signing_check_pdu(conn->smb1.signing, buf, seqnum);
597 bool smb1cli_conn_signing_is_active(struct smbXcli_conn *conn)
599 return smb_signing_is_active(conn->smb1.signing);
602 void smb1cli_conn_set_encryption(struct smbXcli_conn *conn,
603 struct smb_trans_enc_state *es)
605 /* Replace the old state, if any. */
606 if (conn->smb1.trans_enc) {
607 TALLOC_FREE(conn->smb1.trans_enc);
609 conn->smb1.trans_enc = es;
612 bool smb1cli_conn_encryption_on(struct smbXcli_conn *conn)
614 return common_encryption_on(conn->smb1.trans_enc);
618 static NTSTATUS smb1cli_pull_raw_error(const uint8_t *hdr)
620 uint32_t flags2 = SVAL(hdr, HDR_FLG2);
621 NTSTATUS status = NT_STATUS(IVAL(hdr, HDR_RCLS));
623 if (NT_STATUS_IS_OK(status)) {
627 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
631 return NT_STATUS_DOS(CVAL(hdr, HDR_RCLS), SVAL(hdr, HDR_ERR));
635 * Is the SMB command able to hold an AND_X successor
636 * @param[in] cmd The SMB command in question
637 * @retval Can we add a chained request after "cmd"?
639 bool smb1cli_is_andx_req(uint8_t cmd)
659 static uint16_t smb1cli_alloc_mid(struct smbXcli_conn *conn)
661 size_t num_pending = talloc_array_length(conn->pending);
667 result = conn->smb1.mid++;
668 if ((result == 0) || (result == 0xffff)) {
672 for (i=0; i<num_pending; i++) {
673 if (result == smb1cli_req_mid(conn->pending[i])) {
678 if (i == num_pending) {
684 void smbXcli_req_unset_pending(struct tevent_req *req)
686 struct smbXcli_req_state *state =
688 struct smbXcli_req_state);
689 struct smbXcli_conn *conn = state->conn;
690 size_t num_pending = talloc_array_length(conn->pending);
693 if (state->smb1.mid != 0) {
695 * This is a [nt]trans[2] request which waits
696 * for more than one reply.
701 talloc_set_destructor(req, NULL);
703 if (num_pending == 1) {
705 * The pending read_smb tevent_req is a child of
706 * conn->pending. So if nothing is pending anymore, we need to
707 * delete the socket read fde.
709 TALLOC_FREE(conn->pending);
710 conn->read_smb_req = NULL;
714 for (i=0; i<num_pending; i++) {
715 if (req == conn->pending[i]) {
719 if (i == num_pending) {
721 * Something's seriously broken. Just returning here is the
722 * right thing nevertheless, the point of this routine is to
723 * remove ourselves from conn->pending.
729 * Remove ourselves from the conn->pending array
731 for (; i < (num_pending - 1); i++) {
732 conn->pending[i] = conn->pending[i+1];
736 * No NULL check here, we're shrinking by sizeof(void *), and
737 * talloc_realloc just adjusts the size for this.
739 conn->pending = talloc_realloc(NULL, conn->pending, struct tevent_req *,
744 static int smbXcli_req_destructor(struct tevent_req *req)
746 struct smbXcli_req_state *state =
748 struct smbXcli_req_state);
751 * Make sure we really remove it from
752 * the pending array on destruction.
755 smbXcli_req_unset_pending(req);
759 static bool smb1cli_req_cancel(struct tevent_req *req);
760 static bool smb2cli_req_cancel(struct tevent_req *req);
762 static bool smbXcli_req_cancel(struct tevent_req *req)
764 struct smbXcli_req_state *state =
766 struct smbXcli_req_state);
768 if (!smbXcli_conn_is_connected(state->conn)) {
772 if (state->conn->protocol == PROTOCOL_NONE) {
776 if (state->conn->protocol >= PROTOCOL_SMB2_02) {
777 return smb2cli_req_cancel(req);
780 return smb1cli_req_cancel(req);
783 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn);
785 bool smbXcli_req_set_pending(struct tevent_req *req)
787 struct smbXcli_req_state *state =
789 struct smbXcli_req_state);
790 struct smbXcli_conn *conn;
791 struct tevent_req **pending;
796 if (!smbXcli_conn_is_connected(conn)) {
800 num_pending = talloc_array_length(conn->pending);
802 pending = talloc_realloc(conn, conn->pending, struct tevent_req *,
804 if (pending == NULL) {
807 pending[num_pending] = req;
808 conn->pending = pending;
809 talloc_set_destructor(req, smbXcli_req_destructor);
810 tevent_req_set_cancel_fn(req, smbXcli_req_cancel);
812 if (!smbXcli_conn_receive_next(conn)) {
814 * the caller should notify the current request
816 * And all other pending requests get notified
817 * by smbXcli_conn_disconnect().
819 smbXcli_req_unset_pending(req);
820 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
827 static void smbXcli_conn_received(struct tevent_req *subreq);
829 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn)
831 size_t num_pending = talloc_array_length(conn->pending);
832 struct tevent_req *req;
833 struct smbXcli_req_state *state;
835 if (conn->read_smb_req != NULL) {
839 if (num_pending == 0) {
840 if (conn->smb2.mid < UINT64_MAX) {
841 /* no more pending requests, so we are done for now */
846 * If there are no more SMB2 requests possible,
847 * because we are out of message ids,
848 * we need to disconnect.
850 smbXcli_conn_disconnect(conn, NT_STATUS_CONNECTION_ABORTED);
854 req = conn->pending[0];
855 state = tevent_req_data(req, struct smbXcli_req_state);
858 * We're the first ones, add the read_smb request that waits for the
859 * answer from the server
861 conn->read_smb_req = read_smb_send(conn->pending,
864 if (conn->read_smb_req == NULL) {
867 tevent_req_set_callback(conn->read_smb_req, smbXcli_conn_received, conn);
871 void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
873 tevent_queue_stop(conn->outgoing);
875 if (conn->read_fd != -1) {
876 close(conn->read_fd);
878 if (conn->write_fd != -1) {
879 close(conn->write_fd);
885 * Cancel all pending requests. We do not do a for-loop walking
886 * conn->pending because that array changes in
887 * smbXcli_req_unset_pending.
889 while (talloc_array_length(conn->pending) > 0) {
890 struct tevent_req *req;
891 struct smbXcli_req_state *state;
892 struct tevent_req **chain;
896 req = conn->pending[0];
897 state = tevent_req_data(req, struct smbXcli_req_state);
899 if (state->smb1.chained_requests == NULL) {
901 * We're dead. No point waiting for trans2
906 smbXcli_req_unset_pending(req);
908 if (NT_STATUS_IS_OK(status)) {
909 /* do not notify the callers */
914 * we need to defer the callback, because we may notify
915 * more then one caller.
917 tevent_req_defer_callback(req, state->ev);
918 tevent_req_nterror(req, status);
922 chain = talloc_move(conn, &state->smb1.chained_requests);
923 num_chained = talloc_array_length(chain);
925 for (i=0; i<num_chained; i++) {
927 state = tevent_req_data(req, struct smbXcli_req_state);
930 * We're dead. No point waiting for trans2
935 smbXcli_req_unset_pending(req);
937 if (NT_STATUS_IS_OK(status)) {
938 /* do not notify the callers */
943 * we need to defer the callback, because we may notify
944 * more than one caller.
946 tevent_req_defer_callback(req, state->ev);
947 tevent_req_nterror(req, status);
954 * Fetch a smb request's mid. Only valid after the request has been sent by
955 * smb1cli_req_send().
957 uint16_t smb1cli_req_mid(struct tevent_req *req)
959 struct smbXcli_req_state *state =
961 struct smbXcli_req_state);
963 if (state->smb1.mid != 0) {
964 return state->smb1.mid;
967 return SVAL(state->smb1.hdr, HDR_MID);
970 void smb1cli_req_set_mid(struct tevent_req *req, uint16_t mid)
972 struct smbXcli_req_state *state =
974 struct smbXcli_req_state);
976 state->smb1.mid = mid;
979 uint32_t smb1cli_req_seqnum(struct tevent_req *req)
981 struct smbXcli_req_state *state =
983 struct smbXcli_req_state);
985 return state->smb1.seqnum;
988 void smb1cli_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
990 struct smbXcli_req_state *state =
992 struct smbXcli_req_state);
994 state->smb1.seqnum = seqnum;
997 static size_t smbXcli_iov_len(const struct iovec *iov, int count)
1001 for (i=0; i<count; i++) {
1002 result += iov[i].iov_len;
1007 static uint8_t *smbXcli_iov_concat(TALLOC_CTX *mem_ctx,
1008 const struct iovec *iov,
1011 size_t len = smbXcli_iov_len(iov, count);
1016 buf = talloc_array(mem_ctx, uint8_t, len);
1021 for (i=0; i<count; i++) {
1022 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
1023 copied += iov[i].iov_len;
1028 static void smb1cli_req_flags(enum protocol_types protocol,
1029 uint32_t smb1_capabilities,
1030 uint8_t smb_command,
1031 uint8_t additional_flags,
1032 uint8_t clear_flags,
1034 uint16_t additional_flags2,
1035 uint16_t clear_flags2,
1039 uint16_t flags2 = 0;
1041 if (protocol >= PROTOCOL_LANMAN1) {
1042 flags |= FLAG_CASELESS_PATHNAMES;
1043 flags |= FLAG_CANONICAL_PATHNAMES;
1046 if (protocol >= PROTOCOL_LANMAN2) {
1047 flags2 |= FLAGS2_LONG_PATH_COMPONENTS;
1048 flags2 |= FLAGS2_EXTENDED_ATTRIBUTES;
1051 if (protocol >= PROTOCOL_NT1) {
1052 flags2 |= FLAGS2_IS_LONG_NAME;
1054 if (smb1_capabilities & CAP_UNICODE) {
1055 flags2 |= FLAGS2_UNICODE_STRINGS;
1057 if (smb1_capabilities & CAP_STATUS32) {
1058 flags2 |= FLAGS2_32_BIT_ERROR_CODES;
1060 if (smb1_capabilities & CAP_EXTENDED_SECURITY) {
1061 flags2 |= FLAGS2_EXTENDED_SECURITY;
1065 flags |= additional_flags;
1066 flags &= ~clear_flags;
1067 flags2 |= additional_flags2;
1068 flags2 &= ~clear_flags2;
1074 static void smb1cli_req_cancel_done(struct tevent_req *subreq);
1076 static bool smb1cli_req_cancel(struct tevent_req *req)
1078 struct smbXcli_req_state *state =
1079 tevent_req_data(req,
1080 struct smbXcli_req_state);
1087 struct tevent_req *subreq;
1090 flags = CVAL(state->smb1.hdr, HDR_FLG);
1091 flags2 = SVAL(state->smb1.hdr, HDR_FLG2);
1092 pid = SVAL(state->smb1.hdr, HDR_PID);
1093 pid |= SVAL(state->smb1.hdr, HDR_PIDHIGH)<<16;
1094 tid = SVAL(state->smb1.hdr, HDR_TID);
1095 uid = SVAL(state->smb1.hdr, HDR_UID);
1096 mid = SVAL(state->smb1.hdr, HDR_MID);
1098 subreq = smb1cli_req_create(state, state->ev,
1106 0, NULL); /* bytes */
1107 if (subreq == NULL) {
1110 smb1cli_req_set_mid(subreq, mid);
1112 status = smb1cli_req_chain_submit(&subreq, 1);
1113 if (!NT_STATUS_IS_OK(status)) {
1114 TALLOC_FREE(subreq);
1117 smb1cli_req_set_mid(subreq, 0);
1119 tevent_req_set_callback(subreq, smb1cli_req_cancel_done, NULL);
1124 static void smb1cli_req_cancel_done(struct tevent_req *subreq)
1126 /* we do not care about the result */
1127 TALLOC_FREE(subreq);
1130 struct tevent_req *smb1cli_req_create(TALLOC_CTX *mem_ctx,
1131 struct tevent_context *ev,
1132 struct smbXcli_conn *conn,
1133 uint8_t smb_command,
1134 uint8_t additional_flags,
1135 uint8_t clear_flags,
1136 uint16_t additional_flags2,
1137 uint16_t clear_flags2,
1138 uint32_t timeout_msec,
1142 uint8_t wct, uint16_t *vwv,
1144 struct iovec *bytes_iov)
1146 struct tevent_req *req;
1147 struct smbXcli_req_state *state;
1149 uint16_t flags2 = 0;
1151 if (iov_count > MAX_SMB_IOV) {
1153 * Should not happen :-)
1158 req = tevent_req_create(mem_ctx, &state,
1159 struct smbXcli_req_state);
1166 state->smb1.recv_cmd = 0xFF;
1167 state->smb1.recv_status = NT_STATUS_INTERNAL_ERROR;
1168 state->smb1.recv_iov = talloc_zero_array(state, struct iovec, 3);
1169 if (state->smb1.recv_iov == NULL) {
1174 smb1cli_req_flags(conn->protocol,
1175 conn->smb1.capabilities,
1184 SIVAL(state->smb1.hdr, 0, SMB_MAGIC);
1185 SCVAL(state->smb1.hdr, HDR_COM, smb_command);
1186 SIVAL(state->smb1.hdr, HDR_RCLS, NT_STATUS_V(NT_STATUS_OK));
1187 SCVAL(state->smb1.hdr, HDR_FLG, flags);
1188 SSVAL(state->smb1.hdr, HDR_FLG2, flags2);
1189 SSVAL(state->smb1.hdr, HDR_PIDHIGH, pid >> 16);
1190 SSVAL(state->smb1.hdr, HDR_TID, tid);
1191 SSVAL(state->smb1.hdr, HDR_PID, pid);
1192 SSVAL(state->smb1.hdr, HDR_UID, uid);
1193 SSVAL(state->smb1.hdr, HDR_MID, 0); /* this comes later */
1194 SCVAL(state->smb1.hdr, HDR_WCT, wct);
1196 state->smb1.vwv = vwv;
1198 SSVAL(state->smb1.bytecount_buf, 0, smbXcli_iov_len(bytes_iov, iov_count));
1200 state->smb1.iov[0].iov_base = (void *)state->length_hdr;
1201 state->smb1.iov[0].iov_len = sizeof(state->length_hdr);
1202 state->smb1.iov[1].iov_base = (void *)state->smb1.hdr;
1203 state->smb1.iov[1].iov_len = sizeof(state->smb1.hdr);
1204 state->smb1.iov[2].iov_base = (void *)state->smb1.vwv;
1205 state->smb1.iov[2].iov_len = wct * sizeof(uint16_t);
1206 state->smb1.iov[3].iov_base = (void *)state->smb1.bytecount_buf;
1207 state->smb1.iov[3].iov_len = sizeof(uint16_t);
1209 if (iov_count != 0) {
1210 memcpy(&state->smb1.iov[4], bytes_iov,
1211 iov_count * sizeof(*bytes_iov));
1213 state->smb1.iov_count = iov_count + 4;
1215 if (timeout_msec > 0) {
1216 struct timeval endtime;
1218 endtime = timeval_current_ofs_msec(timeout_msec);
1219 if (!tevent_req_set_endtime(req, ev, endtime)) {
1224 switch (smb_command) {
1228 state->one_way = true;
1231 state->one_way = true;
1232 state->smb1.one_way_seqnum = true;
1236 (CVAL(vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
1237 state->one_way = true;
1245 static NTSTATUS smb1cli_conn_signv(struct smbXcli_conn *conn,
1246 struct iovec *iov, int iov_count,
1248 bool one_way_seqnum)
1250 TALLOC_CTX *frame = NULL;
1254 * Obvious optimization: Make cli_calculate_sign_mac work with struct
1255 * iovec directly. MD5Update would do that just fine.
1258 if (iov_count < 4) {
1259 return NT_STATUS_INVALID_PARAMETER_MIX;
1261 if (iov[0].iov_len != NBT_HDR_SIZE) {
1262 return NT_STATUS_INVALID_PARAMETER_MIX;
1264 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
1265 return NT_STATUS_INVALID_PARAMETER_MIX;
1267 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
1268 return NT_STATUS_INVALID_PARAMETER_MIX;
1270 if (iov[3].iov_len != sizeof(uint16_t)) {
1271 return NT_STATUS_INVALID_PARAMETER_MIX;
1274 frame = talloc_stackframe();
1276 buf = smbXcli_iov_concat(frame, iov, iov_count);
1278 return NT_STATUS_NO_MEMORY;
1281 *seqnum = smb_signing_next_seqnum(conn->smb1.signing,
1283 smb_signing_sign_pdu(conn->smb1.signing, buf, *seqnum);
1284 memcpy(iov[1].iov_base, buf+4, iov[1].iov_len);
1287 return NT_STATUS_OK;
1290 static void smb1cli_req_writev_done(struct tevent_req *subreq);
1291 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1292 TALLOC_CTX *tmp_mem,
1295 static NTSTATUS smb1cli_req_writev_submit(struct tevent_req *req,
1296 struct smbXcli_req_state *state,
1297 struct iovec *iov, int iov_count)
1299 struct tevent_req *subreq;
1304 if (!smbXcli_conn_is_connected(state->conn)) {
1305 return NT_STATUS_CONNECTION_DISCONNECTED;
1308 if (state->conn->protocol > PROTOCOL_NT1) {
1309 return NT_STATUS_REVISION_MISMATCH;
1312 if (iov_count < 4) {
1313 return NT_STATUS_INVALID_PARAMETER_MIX;
1315 if (iov[0].iov_len != NBT_HDR_SIZE) {
1316 return NT_STATUS_INVALID_PARAMETER_MIX;
1318 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
1319 return NT_STATUS_INVALID_PARAMETER_MIX;
1321 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
1322 return NT_STATUS_INVALID_PARAMETER_MIX;
1324 if (iov[3].iov_len != sizeof(uint16_t)) {
1325 return NT_STATUS_INVALID_PARAMETER_MIX;
1328 cmd = CVAL(iov[1].iov_base, HDR_COM);
1329 if (cmd == SMBreadBraw) {
1330 if (smbXcli_conn_has_async_calls(state->conn)) {
1331 return NT_STATUS_INVALID_PARAMETER_MIX;
1333 state->conn->smb1.read_braw_req = req;
1336 if (state->smb1.mid != 0) {
1337 mid = state->smb1.mid;
1339 mid = smb1cli_alloc_mid(state->conn);
1341 SSVAL(iov[1].iov_base, HDR_MID, mid);
1343 _smb_setlen_nbt(iov[0].iov_base, smbXcli_iov_len(&iov[1], iov_count-1));
1345 status = smb1cli_conn_signv(state->conn, iov, iov_count,
1346 &state->smb1.seqnum,
1347 state->smb1.one_way_seqnum);
1349 if (!NT_STATUS_IS_OK(status)) {
1354 * If we supported multiple encrytion contexts
1355 * here we'd look up based on tid.
1357 if (common_encryption_on(state->conn->smb1.trans_enc)) {
1358 char *buf, *enc_buf;
1360 buf = (char *)smbXcli_iov_concat(talloc_tos(), iov, iov_count);
1362 return NT_STATUS_NO_MEMORY;
1364 status = common_encrypt_buffer(state->conn->smb1.trans_enc,
1365 (char *)buf, &enc_buf);
1367 if (!NT_STATUS_IS_OK(status)) {
1368 DEBUG(0, ("Error in encrypting client message: %s\n",
1369 nt_errstr(status)));
1372 buf = (char *)talloc_memdup(state, enc_buf,
1373 smb_len_nbt(enc_buf)+4);
1376 return NT_STATUS_NO_MEMORY;
1378 iov[0].iov_base = (void *)buf;
1379 iov[0].iov_len = talloc_get_size(buf);
1383 if (state->conn->dispatch_incoming == NULL) {
1384 state->conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
1387 tevent_req_set_cancel_fn(req, smbXcli_req_cancel);
1389 subreq = writev_send(state, state->ev, state->conn->outgoing,
1390 state->conn->write_fd, false, iov, iov_count);
1391 if (subreq == NULL) {
1392 return NT_STATUS_NO_MEMORY;
1394 tevent_req_set_callback(subreq, smb1cli_req_writev_done, req);
1395 return NT_STATUS_OK;
1398 struct tevent_req *smb1cli_req_send(TALLOC_CTX *mem_ctx,
1399 struct tevent_context *ev,
1400 struct smbXcli_conn *conn,
1401 uint8_t smb_command,
1402 uint8_t additional_flags,
1403 uint8_t clear_flags,
1404 uint16_t additional_flags2,
1405 uint16_t clear_flags2,
1406 uint32_t timeout_msec,
1410 uint8_t wct, uint16_t *vwv,
1412 const uint8_t *bytes)
1414 struct tevent_req *req;
1418 iov.iov_base = discard_const_p(void, bytes);
1419 iov.iov_len = num_bytes;
1421 req = smb1cli_req_create(mem_ctx, ev, conn, smb_command,
1422 additional_flags, clear_flags,
1423 additional_flags2, clear_flags2,
1430 if (!tevent_req_is_in_progress(req)) {
1431 return tevent_req_post(req, ev);
1433 status = smb1cli_req_chain_submit(&req, 1);
1434 if (tevent_req_nterror(req, status)) {
1435 return tevent_req_post(req, ev);
1440 static void smb1cli_req_writev_done(struct tevent_req *subreq)
1442 struct tevent_req *req =
1443 tevent_req_callback_data(subreq,
1445 struct smbXcli_req_state *state =
1446 tevent_req_data(req,
1447 struct smbXcli_req_state);
1451 nwritten = writev_recv(subreq, &err);
1452 TALLOC_FREE(subreq);
1453 if (nwritten == -1) {
1454 NTSTATUS status = map_nt_error_from_unix_common(err);
1455 smbXcli_conn_disconnect(state->conn, status);
1459 if (state->one_way) {
1460 state->inbuf = NULL;
1461 tevent_req_done(req);
1465 if (!smbXcli_req_set_pending(req)) {
1466 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1471 static void smbXcli_conn_received(struct tevent_req *subreq)
1473 struct smbXcli_conn *conn =
1474 tevent_req_callback_data(subreq,
1475 struct smbXcli_conn);
1476 TALLOC_CTX *frame = talloc_stackframe();
1482 if (subreq != conn->read_smb_req) {
1483 DEBUG(1, ("Internal error: cli_smb_received called with "
1484 "unexpected subreq\n"));
1485 status = NT_STATUS_INTERNAL_ERROR;
1486 smbXcli_conn_disconnect(conn, status);
1490 conn->read_smb_req = NULL;
1492 received = read_smb_recv(subreq, frame, &inbuf, &err);
1493 TALLOC_FREE(subreq);
1494 if (received == -1) {
1495 status = map_nt_error_from_unix_common(err);
1496 smbXcli_conn_disconnect(conn, status);
1501 status = conn->dispatch_incoming(conn, frame, inbuf);
1503 if (NT_STATUS_IS_OK(status)) {
1505 * We should not do any more processing
1506 * as the dispatch function called
1507 * tevent_req_done().
1510 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
1512 * We got an error, so notify all pending requests
1514 smbXcli_conn_disconnect(conn, status);
1519 * We got NT_STATUS_RETRY, so we may ask for a
1520 * next incoming pdu.
1522 if (!smbXcli_conn_receive_next(conn)) {
1523 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
1527 static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
1528 struct iovec **piov, int *pnum_iov)
1539 buflen = smb_len_nbt(buf);
1542 hdr = buf + NBT_HDR_SIZE;
1544 if (buflen < MIN_SMB_SIZE) {
1545 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1549 * This returns iovec elements in the following order:
1564 iov = talloc_array(mem_ctx, struct iovec, num_iov);
1566 return NT_STATUS_NO_MEMORY;
1568 iov[0].iov_base = hdr;
1569 iov[0].iov_len = HDR_WCT;
1572 cmd = CVAL(hdr, HDR_COM);
1576 size_t len = buflen - taken;
1578 struct iovec *iov_tmp;
1585 * we need at least WCT and BCC
1587 needed = sizeof(uint8_t) + sizeof(uint16_t);
1589 DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
1590 __location__, (int)len, (int)needed));
1595 * Now we check if the specified words are there
1597 wct = CVAL(hdr, wct_ofs);
1598 needed += wct * sizeof(uint16_t);
1600 DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
1601 __location__, (int)len, (int)needed));
1606 * Now we check if the specified bytes are there
1608 bcc_ofs = wct_ofs + sizeof(uint8_t) + wct * sizeof(uint16_t);
1609 bcc = SVAL(hdr, bcc_ofs);
1610 needed += bcc * sizeof(uint8_t);
1612 DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
1613 __location__, (int)len, (int)needed));
1618 * we allocate 2 iovec structures for words and bytes
1620 iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
1622 if (iov_tmp == NULL) {
1624 return NT_STATUS_NO_MEMORY;
1627 cur = &iov[num_iov];
1630 cur[0].iov_len = wct * sizeof(uint16_t);
1631 cur[0].iov_base = hdr + (wct_ofs + sizeof(uint8_t));
1632 cur[1].iov_len = bcc * sizeof(uint8_t);
1633 cur[1].iov_base = hdr + (bcc_ofs + sizeof(uint16_t));
1637 if (!smb1cli_is_andx_req(cmd)) {
1639 * If the current command does not have AndX chanining
1645 if (wct == 0 && bcc == 0) {
1647 * An empty response also ends the chain,
1648 * most likely with an error.
1654 DEBUG(10, ("%s: wct[%d] < 2 for cmd[0x%02X]\n",
1655 __location__, (int)wct, (int)cmd));
1658 cmd = CVAL(cur[0].iov_base, 0);
1661 * If it is the end of the chain we are also done.
1665 wct_ofs = SVAL(cur[0].iov_base, 2);
1667 if (wct_ofs < taken) {
1668 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1670 if (wct_ofs > buflen) {
1671 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1675 * we consumed everything up to the start of the next
1681 remaining = buflen - taken;
1683 if (remaining > 0 && num_iov >= 3) {
1685 * The last DATA block gets the remaining
1686 * bytes, this is needed to support
1687 * CAP_LARGE_WRITEX and CAP_LARGE_READX.
1689 iov[num_iov-1].iov_len += remaining;
1693 *pnum_iov = num_iov;
1694 return NT_STATUS_OK;
1698 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1701 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1702 TALLOC_CTX *tmp_mem,
1705 struct tevent_req *req;
1706 struct smbXcli_req_state *state;
1713 const uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
1714 struct iovec *iov = NULL;
1716 struct tevent_req **chain = NULL;
1717 size_t num_chained = 0;
1718 size_t num_responses = 0;
1720 if (conn->smb1.read_braw_req != NULL) {
1721 req = conn->smb1.read_braw_req;
1722 conn->smb1.read_braw_req = NULL;
1723 state = tevent_req_data(req, struct smbXcli_req_state);
1725 smbXcli_req_unset_pending(req);
1727 if (state->smb1.recv_iov == NULL) {
1729 * For requests with more than
1730 * one response, we have to readd the
1733 state->smb1.recv_iov = talloc_zero_array(state,
1736 if (tevent_req_nomem(state->smb1.recv_iov, req)) {
1737 return NT_STATUS_OK;
1741 state->smb1.recv_iov[0].iov_base = (void *)(inbuf + NBT_HDR_SIZE);
1742 state->smb1.recv_iov[0].iov_len = smb_len_nbt(inbuf);
1743 ZERO_STRUCT(state->smb1.recv_iov[1]);
1744 ZERO_STRUCT(state->smb1.recv_iov[2]);
1746 state->smb1.recv_cmd = SMBreadBraw;
1747 state->smb1.recv_status = NT_STATUS_OK;
1748 state->inbuf = talloc_move(state->smb1.recv_iov, &inbuf);
1750 tevent_req_done(req);
1751 return NT_STATUS_OK;
1754 if ((IVAL(inhdr, 0) != SMB_MAGIC) /* 0xFF"SMB" */
1755 && (SVAL(inhdr, 0) != 0x45ff)) /* 0xFF"E" */ {
1756 DEBUG(10, ("Got non-SMB PDU\n"));
1757 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1761 * If we supported multiple encrytion contexts
1762 * here we'd look up based on tid.
1764 if (common_encryption_on(conn->smb1.trans_enc)
1765 && (CVAL(inbuf, 0) == 0)) {
1766 uint16_t enc_ctx_num;
1768 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
1769 if (!NT_STATUS_IS_OK(status)) {
1770 DEBUG(10, ("get_enc_ctx_num returned %s\n",
1771 nt_errstr(status)));
1775 if (enc_ctx_num != conn->smb1.trans_enc->enc_ctx_num) {
1776 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
1778 conn->smb1.trans_enc->enc_ctx_num));
1779 return NT_STATUS_INVALID_HANDLE;
1782 status = common_decrypt_buffer(conn->smb1.trans_enc,
1784 if (!NT_STATUS_IS_OK(status)) {
1785 DEBUG(10, ("common_decrypt_buffer returned %s\n",
1786 nt_errstr(status)));
1791 mid = SVAL(inhdr, HDR_MID);
1792 num_pending = talloc_array_length(conn->pending);
1794 for (i=0; i<num_pending; i++) {
1795 if (mid == smb1cli_req_mid(conn->pending[i])) {
1799 if (i == num_pending) {
1800 /* Dump unexpected reply */
1801 return NT_STATUS_RETRY;
1804 oplock_break = false;
1806 if (mid == 0xffff) {
1808 * Paranoia checks that this is really an oplock break request.
1810 oplock_break = (smb_len_nbt(inbuf) == 51); /* hdr + 8 words */
1811 oplock_break &= ((CVAL(inhdr, HDR_FLG) & FLAG_REPLY) == 0);
1812 oplock_break &= (CVAL(inhdr, HDR_COM) == SMBlockingX);
1813 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(6)) == 0);
1814 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(7)) == 0);
1816 if (!oplock_break) {
1817 /* Dump unexpected reply */
1818 return NT_STATUS_RETRY;
1822 req = conn->pending[i];
1823 state = tevent_req_data(req, struct smbXcli_req_state);
1825 if (!oplock_break /* oplock breaks are not signed */
1826 && !smb_signing_check_pdu(conn->smb1.signing,
1827 inbuf, state->smb1.seqnum+1)) {
1828 DEBUG(10, ("cli_check_sign_mac failed\n"));
1829 return NT_STATUS_ACCESS_DENIED;
1832 status = smb1cli_inbuf_parse_chain(inbuf, tmp_mem,
1834 if (!NT_STATUS_IS_OK(status)) {
1835 DEBUG(10,("smb1cli_inbuf_parse_chain - %s\n",
1836 nt_errstr(status)));
1840 cmd = CVAL(inhdr, HDR_COM);
1841 status = smb1cli_pull_raw_error(inhdr);
1843 if (state->smb1.chained_requests == NULL) {
1845 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1848 smbXcli_req_unset_pending(req);
1850 if (state->smb1.recv_iov == NULL) {
1852 * For requests with more than
1853 * one response, we have to readd the
1856 state->smb1.recv_iov = talloc_zero_array(state,
1859 if (tevent_req_nomem(state->smb1.recv_iov, req)) {
1860 return NT_STATUS_OK;
1864 state->smb1.recv_cmd = cmd;
1865 state->smb1.recv_status = status;
1866 state->inbuf = talloc_move(state->smb1.recv_iov, &inbuf);
1868 state->smb1.recv_iov[0] = iov[0];
1869 state->smb1.recv_iov[1] = iov[1];
1870 state->smb1.recv_iov[2] = iov[2];
1872 if (talloc_array_length(conn->pending) == 0) {
1873 tevent_req_done(req);
1874 return NT_STATUS_OK;
1877 tevent_req_defer_callback(req, state->ev);
1878 tevent_req_done(req);
1879 return NT_STATUS_RETRY;
1882 chain = talloc_move(tmp_mem, &state->smb1.chained_requests);
1883 num_chained = talloc_array_length(chain);
1884 num_responses = (num_iov - 1)/2;
1886 if (num_responses > num_chained) {
1887 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1890 for (i=0; i<num_chained; i++) {
1891 size_t iov_idx = 1 + (i*2);
1892 struct iovec *cur = &iov[iov_idx];
1896 state = tevent_req_data(req, struct smbXcli_req_state);
1898 smbXcli_req_unset_pending(req);
1901 * as we finish multiple requests here
1902 * we need to defer the callbacks as
1903 * they could destroy our current stack state.
1905 tevent_req_defer_callback(req, state->ev);
1907 if (i >= num_responses) {
1908 tevent_req_nterror(req, NT_STATUS_REQUEST_ABORTED);
1912 if (state->smb1.recv_iov == NULL) {
1914 * For requests with more than
1915 * one response, we have to readd the
1918 state->smb1.recv_iov = talloc_zero_array(state,
1921 if (tevent_req_nomem(state->smb1.recv_iov, req)) {
1926 state->smb1.recv_cmd = cmd;
1928 if (i == (num_responses - 1)) {
1930 * The last request in the chain gets the status
1932 state->smb1.recv_status = status;
1934 cmd = CVAL(cur[0].iov_base, 0);
1935 state->smb1.recv_status = NT_STATUS_OK;
1938 state->inbuf = inbuf;
1941 * Note: here we use talloc_reference() in a way
1942 * that does not expose it to the caller.
1944 inbuf_ref = talloc_reference(state->smb1.recv_iov, inbuf);
1945 if (tevent_req_nomem(inbuf_ref, req)) {
1949 /* copy the related buffers */
1950 state->smb1.recv_iov[0] = iov[0];
1951 state->smb1.recv_iov[1] = cur[0];
1952 state->smb1.recv_iov[2] = cur[1];
1954 tevent_req_done(req);
1957 return NT_STATUS_RETRY;
1960 NTSTATUS smb1cli_req_recv(struct tevent_req *req,
1961 TALLOC_CTX *mem_ctx,
1962 struct iovec **piov,
1966 uint32_t *pvwv_offset,
1967 uint32_t *pnum_bytes,
1969 uint32_t *pbytes_offset,
1971 const struct smb1cli_req_expected_response *expected,
1972 size_t num_expected)
1974 struct smbXcli_req_state *state =
1975 tevent_req_data(req,
1976 struct smbXcli_req_state);
1977 NTSTATUS status = NT_STATUS_OK;
1978 struct iovec *recv_iov = NULL;
1979 uint8_t *hdr = NULL;
1981 uint32_t vwv_offset = 0;
1982 uint16_t *vwv = NULL;
1983 uint32_t num_bytes = 0;
1984 uint32_t bytes_offset = 0;
1985 uint8_t *bytes = NULL;
1987 bool found_status = false;
1988 bool found_size = false;
2002 if (pvwv_offset != NULL) {
2005 if (pnum_bytes != NULL) {
2008 if (pbytes != NULL) {
2011 if (pbytes_offset != NULL) {
2014 if (pinbuf != NULL) {
2018 if (state->inbuf != NULL) {
2019 recv_iov = state->smb1.recv_iov;
2020 state->smb1.recv_iov = NULL;
2021 if (state->smb1.recv_cmd != SMBreadBraw) {
2022 hdr = (uint8_t *)recv_iov[0].iov_base;
2023 wct = recv_iov[1].iov_len/2;
2024 vwv = (uint16_t *)recv_iov[1].iov_base;
2025 vwv_offset = PTR_DIFF(vwv, hdr);
2026 num_bytes = recv_iov[2].iov_len;
2027 bytes = (uint8_t *)recv_iov[2].iov_base;
2028 bytes_offset = PTR_DIFF(bytes, hdr);
2032 if (tevent_req_is_nterror(req, &status)) {
2033 for (i=0; i < num_expected; i++) {
2034 if (NT_STATUS_EQUAL(status, expected[i].status)) {
2035 found_status = true;
2041 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2047 if (num_expected == 0) {
2048 found_status = true;
2052 status = state->smb1.recv_status;
2054 for (i=0; i < num_expected; i++) {
2055 if (!NT_STATUS_EQUAL(status, expected[i].status)) {
2059 found_status = true;
2060 if (expected[i].wct == 0) {
2065 if (expected[i].wct == wct) {
2071 if (!found_status) {
2076 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2080 *piov = talloc_move(mem_ctx, &recv_iov);
2092 if (pvwv_offset != NULL) {
2093 *pvwv_offset = vwv_offset;
2095 if (pnum_bytes != NULL) {
2096 *pnum_bytes = num_bytes;
2098 if (pbytes != NULL) {
2101 if (pbytes_offset != NULL) {
2102 *pbytes_offset = bytes_offset;
2104 if (pinbuf != NULL) {
2105 *pinbuf = state->inbuf;
2111 size_t smb1cli_req_wct_ofs(struct tevent_req **reqs, int num_reqs)
2118 for (i=0; i<num_reqs; i++) {
2119 struct smbXcli_req_state *state;
2120 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2121 wct_ofs += smbXcli_iov_len(state->smb1.iov+2,
2122 state->smb1.iov_count-2);
2123 wct_ofs = (wct_ofs + 3) & ~3;
2128 NTSTATUS smb1cli_req_chain_submit(struct tevent_req **reqs, int num_reqs)
2130 struct smbXcli_req_state *first_state =
2131 tevent_req_data(reqs[0],
2132 struct smbXcli_req_state);
2133 struct smbXcli_req_state *state;
2135 size_t chain_padding = 0;
2137 struct iovec *iov = NULL;
2138 struct iovec *this_iov;
2142 if (num_reqs == 1) {
2143 return smb1cli_req_writev_submit(reqs[0], first_state,
2144 first_state->smb1.iov,
2145 first_state->smb1.iov_count);
2149 for (i=0; i<num_reqs; i++) {
2150 if (!tevent_req_is_in_progress(reqs[i])) {
2151 return NT_STATUS_INTERNAL_ERROR;
2154 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2156 if (state->smb1.iov_count < 4) {
2157 return NT_STATUS_INVALID_PARAMETER_MIX;
2162 * The NBT and SMB header
2175 iovlen += state->smb1.iov_count - 2;
2178 iov = talloc_zero_array(first_state, struct iovec, iovlen);
2180 return NT_STATUS_NO_MEMORY;
2183 first_state->smb1.chained_requests = (struct tevent_req **)talloc_memdup(
2184 first_state, reqs, sizeof(*reqs) * num_reqs);
2185 if (first_state->smb1.chained_requests == NULL) {
2187 return NT_STATUS_NO_MEMORY;
2190 wct_offset = HDR_WCT;
2193 for (i=0; i<num_reqs; i++) {
2194 size_t next_padding = 0;
2197 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2199 if (i < num_reqs-1) {
2200 if (!smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))
2201 || CVAL(state->smb1.hdr, HDR_WCT) < 2) {
2203 TALLOC_FREE(first_state->smb1.chained_requests);
2204 return NT_STATUS_INVALID_PARAMETER_MIX;
2208 wct_offset += smbXcli_iov_len(state->smb1.iov+2,
2209 state->smb1.iov_count-2) + 1;
2210 if ((wct_offset % 4) != 0) {
2211 next_padding = 4 - (wct_offset % 4);
2213 wct_offset += next_padding;
2214 vwv = state->smb1.vwv;
2216 if (i < num_reqs-1) {
2217 struct smbXcli_req_state *next_state =
2218 tevent_req_data(reqs[i+1],
2219 struct smbXcli_req_state);
2220 SCVAL(vwv+0, 0, CVAL(next_state->smb1.hdr, HDR_COM));
2222 SSVAL(vwv+1, 0, wct_offset);
2223 } else if (smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))) {
2224 /* properly end the chain */
2225 SCVAL(vwv+0, 0, 0xff);
2226 SCVAL(vwv+0, 1, 0xff);
2232 * The NBT and SMB header
2234 this_iov[0] = state->smb1.iov[0];
2235 this_iov[1] = state->smb1.iov[1];
2239 * This one is a bit subtle. We have to add
2240 * chain_padding bytes between the requests, and we
2241 * have to also include the wct field of the
2242 * subsequent requests. We use the subsequent header
2243 * for the padding, it contains the wct field in its
2246 this_iov[0].iov_len = chain_padding+1;
2247 this_iov[0].iov_base = (void *)&state->smb1.hdr[
2248 sizeof(state->smb1.hdr) - this_iov[0].iov_len];
2249 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
2254 * copy the words and bytes
2256 memcpy(this_iov, state->smb1.iov+2,
2257 sizeof(struct iovec) * (state->smb1.iov_count-2));
2258 this_iov += state->smb1.iov_count - 2;
2259 chain_padding = next_padding;
2262 nbt_len = smbXcli_iov_len(&iov[1], iovlen-1);
2263 if (nbt_len > first_state->conn->smb1.max_xmit) {
2265 TALLOC_FREE(first_state->smb1.chained_requests);
2266 return NT_STATUS_INVALID_PARAMETER_MIX;
2269 status = smb1cli_req_writev_submit(reqs[0], first_state, iov, iovlen);
2270 if (!NT_STATUS_IS_OK(status)) {
2272 TALLOC_FREE(first_state->smb1.chained_requests);
2276 return NT_STATUS_OK;
2279 bool smbXcli_conn_has_async_calls(struct smbXcli_conn *conn)
2281 return ((tevent_queue_length(conn->outgoing) != 0)
2282 || (talloc_array_length(conn->pending) != 0));
2285 uint32_t smb2cli_conn_server_capabilities(struct smbXcli_conn *conn)
2287 return conn->smb2.server.capabilities;
2290 uint16_t smb2cli_conn_server_security_mode(struct smbXcli_conn *conn)
2292 return conn->smb2.server.security_mode;
2295 uint32_t smb2cli_conn_max_trans_size(struct smbXcli_conn *conn)
2297 return conn->smb2.server.max_trans_size;
2300 uint32_t smb2cli_conn_max_read_size(struct smbXcli_conn *conn)
2302 return conn->smb2.server.max_read_size;
2305 uint32_t smb2cli_conn_max_write_size(struct smbXcli_conn *conn)
2307 return conn->smb2.server.max_write_size;
2310 void smb2cli_conn_set_max_credits(struct smbXcli_conn *conn,
2311 uint16_t max_credits)
2313 conn->smb2.max_credits = max_credits;
2316 static void smb2cli_req_cancel_done(struct tevent_req *subreq);
2318 static bool smb2cli_req_cancel(struct tevent_req *req)
2320 struct smbXcli_req_state *state =
2321 tevent_req_data(req,
2322 struct smbXcli_req_state);
2323 uint32_t flags = IVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
2324 uint32_t pid = IVAL(state->smb2.hdr, SMB2_HDR_PID);
2325 uint32_t tid = IVAL(state->smb2.hdr, SMB2_HDR_TID);
2326 uint64_t mid = BVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID);
2327 uint64_t aid = BVAL(state->smb2.hdr, SMB2_HDR_ASYNC_ID);
2328 struct smbXcli_session *session = state->session;
2329 uint8_t *fixed = state->smb2.pad;
2330 uint16_t fixed_len = 4;
2331 struct tevent_req *subreq;
2332 struct smbXcli_req_state *substate;
2335 SSVAL(fixed, 0, 0x04);
2338 subreq = smb2cli_req_create(state, state->ev,
2346 if (subreq == NULL) {
2349 substate = tevent_req_data(subreq, struct smbXcli_req_state);
2351 if (flags & SMB2_HDR_FLAG_ASYNC) {
2355 SIVAL(substate->smb2.hdr, SMB2_HDR_FLAGS, flags);
2356 SIVAL(substate->smb2.hdr, SMB2_HDR_PID, pid);
2357 SIVAL(substate->smb2.hdr, SMB2_HDR_TID, tid);
2358 SBVAL(substate->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
2359 SBVAL(substate->smb2.hdr, SMB2_HDR_ASYNC_ID, aid);
2361 status = smb2cli_req_compound_submit(&subreq, 1);
2362 if (!NT_STATUS_IS_OK(status)) {
2363 TALLOC_FREE(subreq);
2367 tevent_req_set_callback(subreq, smb2cli_req_cancel_done, NULL);
2372 static void smb2cli_req_cancel_done(struct tevent_req *subreq)
2374 /* we do not care about the result */
2375 TALLOC_FREE(subreq);
2378 struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
2379 struct tevent_context *ev,
2380 struct smbXcli_conn *conn,
2382 uint32_t additional_flags,
2383 uint32_t clear_flags,
2384 uint32_t timeout_msec,
2387 struct smbXcli_session *session,
2388 const uint8_t *fixed,
2393 struct tevent_req *req;
2394 struct smbXcli_req_state *state;
2398 req = tevent_req_create(mem_ctx, &state,
2399 struct smbXcli_req_state);
2406 state->session = session;
2409 uid = session->smb2.session_id;
2412 state->smb2.recv_iov = talloc_zero_array(state, struct iovec, 3);
2413 if (state->smb2.recv_iov == NULL) {
2418 flags |= additional_flags;
2419 flags &= ~clear_flags;
2421 state->smb2.fixed = fixed;
2422 state->smb2.fixed_len = fixed_len;
2423 state->smb2.dyn = dyn;
2424 state->smb2.dyn_len = dyn_len;
2426 SIVAL(state->smb2.hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
2427 SSVAL(state->smb2.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
2428 SSVAL(state->smb2.hdr, SMB2_HDR_OPCODE, cmd);
2429 SIVAL(state->smb2.hdr, SMB2_HDR_FLAGS, flags);
2430 SIVAL(state->smb2.hdr, SMB2_HDR_PID, pid);
2431 SIVAL(state->smb2.hdr, SMB2_HDR_TID, tid);
2432 SBVAL(state->smb2.hdr, SMB2_HDR_SESSION_ID, uid);
2435 case SMB2_OP_CANCEL:
2436 state->one_way = true;
2440 * If this is a dummy request, it will have
2441 * UINT64_MAX as message id.
2442 * If we send on break acknowledgement,
2443 * this gets overwritten later.
2445 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, UINT64_MAX);
2449 if (timeout_msec > 0) {
2450 struct timeval endtime;
2452 endtime = timeval_current_ofs_msec(timeout_msec);
2453 if (!tevent_req_set_endtime(req, ev, endtime)) {
2461 void smb2cli_req_set_notify_async(struct tevent_req *req)
2463 struct smbXcli_req_state *state =
2464 tevent_req_data(req,
2465 struct smbXcli_req_state);
2467 state->smb2.notify_async = true;
2470 static void smb2cli_req_writev_done(struct tevent_req *subreq);
2471 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
2472 TALLOC_CTX *tmp_mem,
2475 NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
2478 struct smbXcli_req_state *state;
2479 struct tevent_req *subreq;
2481 int i, num_iov, nbt_len;
2484 * 1 for the nbt length
2485 * per request: HDR, fixed, dyn, padding
2486 * -1 because the last one does not need padding
2489 iov = talloc_array(reqs[0], struct iovec, 1 + 4*num_reqs - 1);
2491 return NT_STATUS_NO_MEMORY;
2497 for (i=0; i<num_reqs; i++) {
2506 const DATA_BLOB *signing_key = NULL;
2508 if (!tevent_req_is_in_progress(reqs[i])) {
2509 return NT_STATUS_INTERNAL_ERROR;
2512 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2514 if (!smbXcli_conn_is_connected(state->conn)) {
2515 return NT_STATUS_CONNECTION_DISCONNECTED;
2518 if ((state->conn->protocol != PROTOCOL_NONE) &&
2519 (state->conn->protocol < PROTOCOL_SMB2_02)) {
2520 return NT_STATUS_REVISION_MISMATCH;
2523 opcode = SVAL(state->smb2.hdr, SMB2_HDR_OPCODE);
2524 if (opcode == SMB2_OP_CANCEL) {
2528 avail = UINT64_MAX - state->conn->smb2.mid;
2530 return NT_STATUS_CONNECTION_ABORTED;
2533 if (state->conn->smb2.server.capabilities & SMB2_CAP_LARGE_MTU) {
2534 charge = (MAX(state->smb2.dyn_len, 1) - 1)/ 65536 + 1;
2539 charge = MAX(state->smb2.credit_charge, charge);
2541 avail = MIN(avail, state->conn->smb2.cur_credits);
2542 if (avail < charge) {
2543 return NT_STATUS_INTERNAL_ERROR;
2547 if (state->conn->smb2.max_credits > state->conn->smb2.cur_credits) {
2548 credits = state->conn->smb2.max_credits -
2549 state->conn->smb2.cur_credits;
2551 if (state->conn->smb2.max_credits >= state->conn->smb2.cur_credits) {
2555 mid = state->conn->smb2.mid;
2556 state->conn->smb2.mid += charge;
2557 state->conn->smb2.cur_credits -= charge;
2559 if (state->conn->smb2.server.capabilities & SMB2_CAP_LARGE_MTU) {
2560 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT_CHARGE, charge);
2562 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT, credits);
2563 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
2566 if (state->session) {
2567 bool should_sign = state->session->smb2.should_sign;
2569 if (opcode == SMB2_OP_SESSSETUP &&
2570 state->session->smb2.signing_key.length != 0) {
2575 * We prefer the channel signing key if it is
2579 signing_key = &state->session->smb2.channel_signing_key;
2583 * If it is a channel binding, we already have the main
2584 * signing key and try that one.
2586 if (signing_key && signing_key->length == 0) {
2587 signing_key = &state->session->smb2.signing_key;
2591 * If we do not have any session key yet, we skip the
2592 * signing of SMB2_OP_SESSSETUP requests.
2594 if (signing_key && signing_key->length == 0) {
2600 iov[num_iov].iov_base = state->smb2.hdr;
2601 iov[num_iov].iov_len = sizeof(state->smb2.hdr);
2604 iov[num_iov].iov_base = discard_const(state->smb2.fixed);
2605 iov[num_iov].iov_len = state->smb2.fixed_len;
2608 if (state->smb2.dyn != NULL) {
2609 iov[num_iov].iov_base = discard_const(state->smb2.dyn);
2610 iov[num_iov].iov_len = state->smb2.dyn_len;
2614 reqlen = sizeof(state->smb2.hdr);
2615 reqlen += state->smb2.fixed_len;
2616 reqlen += state->smb2.dyn_len;
2618 if (i < num_reqs-1) {
2619 if ((reqlen % 8) > 0) {
2620 uint8_t pad = 8 - (reqlen % 8);
2621 iov[num_iov].iov_base = state->smb2.pad;
2622 iov[num_iov].iov_len = pad;
2626 SIVAL(state->smb2.hdr, SMB2_HDR_NEXT_COMMAND, reqlen);
2633 status = smb2_signing_sign_pdu(*signing_key,
2634 state->session->conn->protocol,
2635 &iov[hdr_iov], num_iov - hdr_iov);
2636 if (!NT_STATUS_IS_OK(status)) {
2641 ret = smbXcli_req_set_pending(reqs[i]);
2643 return NT_STATUS_NO_MEMORY;
2647 state = tevent_req_data(reqs[0], struct smbXcli_req_state);
2648 _smb_setlen_tcp(state->length_hdr, nbt_len);
2649 iov[0].iov_base = state->length_hdr;
2650 iov[0].iov_len = sizeof(state->length_hdr);
2652 if (state->conn->dispatch_incoming == NULL) {
2653 state->conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
2656 subreq = writev_send(state, state->ev, state->conn->outgoing,
2657 state->conn->write_fd, false, iov, num_iov);
2658 if (subreq == NULL) {
2659 return NT_STATUS_NO_MEMORY;
2661 tevent_req_set_callback(subreq, smb2cli_req_writev_done, reqs[0]);
2662 return NT_STATUS_OK;
2665 void smb2cli_req_set_credit_charge(struct tevent_req *req, uint16_t charge)
2667 struct smbXcli_req_state *state =
2668 tevent_req_data(req,
2669 struct smbXcli_req_state);
2671 state->smb2.credit_charge = charge;
2674 struct tevent_req *smb2cli_req_send(TALLOC_CTX *mem_ctx,
2675 struct tevent_context *ev,
2676 struct smbXcli_conn *conn,
2678 uint32_t additional_flags,
2679 uint32_t clear_flags,
2680 uint32_t timeout_msec,
2683 struct smbXcli_session *session,
2684 const uint8_t *fixed,
2689 struct tevent_req *req;
2692 req = smb2cli_req_create(mem_ctx, ev, conn, cmd,
2693 additional_flags, clear_flags,
2696 fixed, fixed_len, dyn, dyn_len);
2700 if (!tevent_req_is_in_progress(req)) {
2701 return tevent_req_post(req, ev);
2703 status = smb2cli_req_compound_submit(&req, 1);
2704 if (tevent_req_nterror(req, status)) {
2705 return tevent_req_post(req, ev);
2710 static void smb2cli_req_writev_done(struct tevent_req *subreq)
2712 struct tevent_req *req =
2713 tevent_req_callback_data(subreq,
2715 struct smbXcli_req_state *state =
2716 tevent_req_data(req,
2717 struct smbXcli_req_state);
2721 nwritten = writev_recv(subreq, &err);
2722 TALLOC_FREE(subreq);
2723 if (nwritten == -1) {
2724 /* here, we need to notify all pending requests */
2725 NTSTATUS status = map_nt_error_from_unix_common(err);
2726 smbXcli_conn_disconnect(state->conn, status);
2731 static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
2734 TALLOC_CTX *mem_ctx,
2735 struct iovec **piov, int *pnum_iov)
2740 uint8_t *first_hdr = buf;
2742 iov = talloc_array(mem_ctx, struct iovec, num_iov);
2744 return NT_STATUS_NO_MEMORY;
2747 while (taken < buflen) {
2748 size_t len = buflen - taken;
2749 uint8_t *hdr = first_hdr + taken;
2752 size_t next_command_ofs;
2754 struct iovec *iov_tmp;
2757 * We need the header plus the body length field
2760 if (len < SMB2_HDR_BODY + 2) {
2761 DEBUG(10, ("%d bytes left, expected at least %d\n",
2762 (int)len, SMB2_HDR_BODY));
2765 if (IVAL(hdr, 0) != SMB2_MAGIC) {
2766 DEBUG(10, ("Got non-SMB2 PDU: %x\n",
2770 if (SVAL(hdr, 4) != SMB2_HDR_BODY) {
2771 DEBUG(10, ("Got HDR len %d, expected %d\n",
2772 SVAL(hdr, 4), SMB2_HDR_BODY));
2777 next_command_ofs = IVAL(hdr, SMB2_HDR_NEXT_COMMAND);
2778 body_size = SVAL(hdr, SMB2_HDR_BODY);
2780 if (next_command_ofs != 0) {
2781 if (next_command_ofs < (SMB2_HDR_BODY + 2)) {
2784 if (next_command_ofs > full_size) {
2787 full_size = next_command_ofs;
2789 if (body_size < 2) {
2792 body_size &= 0xfffe;
2794 if (body_size > (full_size - SMB2_HDR_BODY)) {
2798 iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
2800 if (iov_tmp == NULL) {
2802 return NT_STATUS_NO_MEMORY;
2805 cur = &iov[num_iov];
2808 cur[0].iov_base = hdr;
2809 cur[0].iov_len = SMB2_HDR_BODY;
2810 cur[1].iov_base = hdr + SMB2_HDR_BODY;
2811 cur[1].iov_len = body_size;
2812 cur[2].iov_base = hdr + SMB2_HDR_BODY + body_size;
2813 cur[2].iov_len = full_size - (SMB2_HDR_BODY + body_size);
2819 *pnum_iov = num_iov;
2820 return NT_STATUS_OK;
2824 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2827 static struct tevent_req *smb2cli_conn_find_pending(struct smbXcli_conn *conn,
2830 size_t num_pending = talloc_array_length(conn->pending);
2833 for (i=0; i<num_pending; i++) {
2834 struct tevent_req *req = conn->pending[i];
2835 struct smbXcli_req_state *state =
2836 tevent_req_data(req,
2837 struct smbXcli_req_state);
2839 if (mid == BVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID)) {
2846 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
2847 TALLOC_CTX *tmp_mem,
2850 struct tevent_req *req;
2851 struct smbXcli_req_state *state = NULL;
2856 struct smbXcli_session *last_session = NULL;
2857 size_t inbuf_len = smb_len_tcp(inbuf);
2859 status = smb2cli_inbuf_parse_compound(conn,
2860 inbuf + NBT_HDR_SIZE,
2864 if (!NT_STATUS_IS_OK(status)) {
2868 for (i=0; i<num_iov; i+=3) {
2869 uint8_t *inbuf_ref = NULL;
2870 struct iovec *cur = &iov[i];
2871 uint8_t *inhdr = (uint8_t *)cur[0].iov_base;
2872 uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
2873 uint32_t flags = IVAL(inhdr, SMB2_HDR_FLAGS);
2874 uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
2875 uint16_t req_opcode;
2877 uint16_t credits = SVAL(inhdr, SMB2_HDR_CREDIT);
2878 uint32_t new_credits;
2879 struct smbXcli_session *session = NULL;
2880 const DATA_BLOB *signing_key = NULL;
2881 bool should_sign = false;
2883 new_credits = conn->smb2.cur_credits;
2884 new_credits += credits;
2885 if (new_credits > UINT16_MAX) {
2886 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2888 conn->smb2.cur_credits += credits;
2890 req = smb2cli_conn_find_pending(conn, mid);
2892 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2894 state = tevent_req_data(req, struct smbXcli_req_state);
2896 state->smb2.got_async = false;
2898 req_opcode = SVAL(state->smb2.hdr, SMB2_HDR_OPCODE);
2899 if (opcode != req_opcode) {
2900 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2902 req_flags = SVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
2904 if (!(flags & SMB2_HDR_FLAG_REDIRECT)) {
2905 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2908 status = NT_STATUS(IVAL(inhdr, SMB2_HDR_STATUS));
2909 if ((flags & SMB2_HDR_FLAG_ASYNC) &&
2910 NT_STATUS_EQUAL(status, STATUS_PENDING)) {
2911 uint64_t async_id = BVAL(inhdr, SMB2_HDR_ASYNC_ID);
2914 * async interim responses are not signed,
2915 * even if the SMB2_HDR_FLAG_SIGNED flag
2918 req_flags |= SMB2_HDR_FLAG_ASYNC;
2919 SBVAL(state->smb2.hdr, SMB2_HDR_FLAGS, req_flags);
2920 SBVAL(state->smb2.hdr, SMB2_HDR_ASYNC_ID, async_id);
2922 if (state->smb2.notify_async) {
2923 state->smb2.got_async = true;
2924 tevent_req_defer_callback(req, state->ev);
2925 tevent_req_notify_callback(req);
2930 session = state->session;
2931 if (req_flags & SMB2_HDR_FLAG_CHAINED) {
2932 session = last_session;
2934 last_session = session;
2937 should_sign = session->smb2.should_sign;
2938 if (opcode == SMB2_OP_SESSSETUP &&
2939 session->smb2.signing_key.length != 0) {
2945 if (!(flags & SMB2_HDR_FLAG_SIGNED)) {
2946 return NT_STATUS_ACCESS_DENIED;
2950 if (flags & SMB2_HDR_FLAG_SIGNED) {
2951 uint64_t uid = BVAL(inhdr, SMB2_HDR_SESSION_ID);
2953 if (session == NULL) {
2954 struct smbXcli_session *s;
2956 s = state->conn->sessions;
2957 for (; s; s = s->next) {
2958 if (s->smb2.session_id != uid) {
2967 if (session == NULL) {
2968 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2971 last_session = session;
2972 signing_key = &session->smb2.channel_signing_key;
2975 if (opcode == SMB2_OP_SESSSETUP) {
2977 * We prefer the channel signing key, if it is
2980 * If we do not have a channel signing key yet,
2981 * we try the main signing key, if it is not
2982 * the final response.
2984 if (signing_key && signing_key->length == 0 &&
2985 !NT_STATUS_IS_OK(status)) {
2986 signing_key = &session->smb2.signing_key;
2989 if (signing_key && signing_key->length == 0) {
2991 * If we do not have a session key to
2992 * verify the signature, we defer the
2993 * signing check to the caller.
2995 * The caller gets NT_STATUS_OK, it
2997 * smb2cli_session_set_session_key()
2999 * smb2cli_session_set_channel_key()
3000 * which will check the signature
3001 * with the channel signing key.
3007 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
3009 * if the server returns NT_STATUS_USER_SESSION_DELETED
3010 * the response is not signed and we should
3011 * propagate the NT_STATUS_USER_SESSION_DELETED
3012 * status to the caller.
3017 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED) ||
3018 NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) ||
3019 NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
3021 * if the server returns
3022 * NT_STATUS_NETWORK_NAME_DELETED
3023 * NT_STATUS_FILE_CLOSED
3024 * NT_STATUS_INVALID_PARAMETER
3025 * the response might not be signed
3026 * as this happens before the signing checks.
3028 * If server echos the signature (or all zeros)
3029 * we should report the status from the server
3035 cmp = memcmp(inhdr+SMB2_HDR_SIGNATURE,
3036 state->smb2.hdr+SMB2_HDR_SIGNATURE,
3039 state->smb2.signing_skipped = true;
3045 static const uint8_t zeros[16];
3047 cmp = memcmp(inhdr+SMB2_HDR_SIGNATURE,
3051 state->smb2.signing_skipped = true;
3058 status = smb2_signing_check_pdu(*signing_key,
3059 state->conn->protocol,
3061 if (!NT_STATUS_IS_OK(status)) {
3063 * If the signing check fails, we disconnect
3070 smbXcli_req_unset_pending(req);
3073 * There might be more than one response
3074 * we need to defer the notifications
3076 if ((num_iov == 4) && (talloc_array_length(conn->pending) == 0)) {
3081 tevent_req_defer_callback(req, state->ev);
3085 * Note: here we use talloc_reference() in a way
3086 * that does not expose it to the caller.
3088 inbuf_ref = talloc_reference(state->smb2.recv_iov, inbuf);
3089 if (tevent_req_nomem(inbuf_ref, req)) {
3093 /* copy the related buffers */
3094 state->smb2.recv_iov[0] = cur[0];
3095 state->smb2.recv_iov[1] = cur[1];
3096 state->smb2.recv_iov[2] = cur[2];
3098 tevent_req_done(req);
3102 return NT_STATUS_RETRY;
3105 return NT_STATUS_OK;
3108 NTSTATUS smb2cli_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
3109 struct iovec **piov,
3110 const struct smb2cli_req_expected_response *expected,
3111 size_t num_expected)
3113 struct smbXcli_req_state *state =
3114 tevent_req_data(req,
3115 struct smbXcli_req_state);
3118 bool found_status = false;
3119 bool found_size = false;
3126 if (state->smb2.got_async) {
3127 return STATUS_PENDING;
3130 if (tevent_req_is_nterror(req, &status)) {
3131 for (i=0; i < num_expected; i++) {
3132 if (NT_STATUS_EQUAL(status, expected[i].status)) {
3133 found_status = true;
3139 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
3145 if (num_expected == 0) {
3146 found_status = true;
3150 status = NT_STATUS(IVAL(state->smb2.recv_iov[0].iov_base, SMB2_HDR_STATUS));
3151 body_size = SVAL(state->smb2.recv_iov[1].iov_base, 0);
3153 for (i=0; i < num_expected; i++) {
3154 if (!NT_STATUS_EQUAL(status, expected[i].status)) {
3158 found_status = true;
3159 if (expected[i].body_size == 0) {
3164 if (expected[i].body_size == body_size) {
3170 if (!found_status) {
3174 if (state->smb2.signing_skipped) {
3175 if (num_expected > 0) {
3176 return NT_STATUS_ACCESS_DENIED;
3178 if (!NT_STATUS_IS_ERR(status)) {
3179 return NT_STATUS_ACCESS_DENIED;
3184 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3188 *piov = talloc_move(mem_ctx, &state->smb2.recv_iov);
3194 static const struct {
3195 enum protocol_types proto;
3196 const char *smb1_name;
3197 } smb1cli_prots[] = {
3198 {PROTOCOL_CORE, "PC NETWORK PROGRAM 1.0"},
3199 {PROTOCOL_COREPLUS, "MICROSOFT NETWORKS 1.03"},
3200 {PROTOCOL_LANMAN1, "MICROSOFT NETWORKS 3.0"},
3201 {PROTOCOL_LANMAN1, "LANMAN1.0"},
3202 {PROTOCOL_LANMAN2, "LM1.2X002"},
3203 {PROTOCOL_LANMAN2, "DOS LANMAN2.1"},
3204 {PROTOCOL_LANMAN2, "LANMAN2.1"},
3205 {PROTOCOL_LANMAN2, "Samba"},
3206 {PROTOCOL_NT1, "NT LANMAN 1.0"},
3207 {PROTOCOL_NT1, "NT LM 0.12"},
3208 {PROTOCOL_SMB2_02, "SMB 2.002"},
3209 {PROTOCOL_SMB2_10, "SMB 2.???"},
3212 static const struct {
3213 enum protocol_types proto;
3214 uint16_t smb2_dialect;
3215 } smb2cli_prots[] = {
3216 {PROTOCOL_SMB2_02, SMB2_DIALECT_REVISION_202},
3217 {PROTOCOL_SMB2_10, SMB2_DIALECT_REVISION_210},
3218 {PROTOCOL_SMB2_22, SMB2_DIALECT_REVISION_222},
3219 {PROTOCOL_SMB2_24, SMB2_DIALECT_REVISION_224},
3220 {PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300},
3223 struct smbXcli_negprot_state {
3224 struct smbXcli_conn *conn;
3225 struct tevent_context *ev;
3226 uint32_t timeout_msec;
3227 enum protocol_types min_protocol;
3228 enum protocol_types max_protocol;
3232 uint8_t dyn[ARRAY_SIZE(smb2cli_prots)*2];
3236 static void smbXcli_negprot_invalid_done(struct tevent_req *subreq);
3237 static struct tevent_req *smbXcli_negprot_smb1_subreq(struct smbXcli_negprot_state *state);
3238 static void smbXcli_negprot_smb1_done(struct tevent_req *subreq);
3239 static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_state *state);
3240 static void smbXcli_negprot_smb2_done(struct tevent_req *subreq);
3241 static NTSTATUS smbXcli_negprot_dispatch_incoming(struct smbXcli_conn *conn,
3245 struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx,
3246 struct tevent_context *ev,
3247 struct smbXcli_conn *conn,
3248 uint32_t timeout_msec,
3249 enum protocol_types min_protocol,
3250 enum protocol_types max_protocol)
3252 struct tevent_req *req, *subreq;
3253 struct smbXcli_negprot_state *state;
3255 req = tevent_req_create(mem_ctx, &state,
3256 struct smbXcli_negprot_state);
3262 state->timeout_msec = timeout_msec;
3263 state->min_protocol = min_protocol;
3264 state->max_protocol = max_protocol;
3266 if (min_protocol == PROTOCOL_NONE) {
3267 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
3268 return tevent_req_post(req, ev);
3271 if (max_protocol == PROTOCOL_NONE) {
3272 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
3273 return tevent_req_post(req, ev);
3276 if (min_protocol > max_protocol) {
3277 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
3278 return tevent_req_post(req, ev);
3281 if ((min_protocol < PROTOCOL_SMB2_02) &&
3282 (max_protocol < PROTOCOL_SMB2_02)) {
3286 conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
3288 subreq = smbXcli_negprot_smb1_subreq(state);
3289 if (tevent_req_nomem(subreq, req)) {
3290 return tevent_req_post(req, ev);
3292 tevent_req_set_callback(subreq, smbXcli_negprot_smb1_done, req);
3296 if ((min_protocol >= PROTOCOL_SMB2_02) &&
3297 (max_protocol >= PROTOCOL_SMB2_02)) {
3301 conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
3303 subreq = smbXcli_negprot_smb2_subreq(state);
3304 if (tevent_req_nomem(subreq, req)) {
3305 return tevent_req_post(req, ev);
3307 tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
3312 * We send an SMB1 negprot with the SMB2 dialects
3313 * and expect a SMB1 or a SMB2 response.
3315 * smbXcli_negprot_dispatch_incoming() will fix the
3316 * callback to match protocol of the response.
3318 conn->dispatch_incoming = smbXcli_negprot_dispatch_incoming;
3320 subreq = smbXcli_negprot_smb1_subreq(state);
3321 if (tevent_req_nomem(subreq, req)) {
3322 return tevent_req_post(req, ev);
3324 tevent_req_set_callback(subreq, smbXcli_negprot_invalid_done, req);
3328 static void smbXcli_negprot_invalid_done(struct tevent_req *subreq)
3330 struct tevent_req *req =
3331 tevent_req_callback_data(subreq,
3336 * we just want the low level error
3338 status = tevent_req_simple_recv_ntstatus(subreq);
3339 TALLOC_FREE(subreq);
3340 if (tevent_req_nterror(req, status)) {
3344 /* this should never happen */
3345 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
3348 static struct tevent_req *smbXcli_negprot_smb1_subreq(struct smbXcli_negprot_state *state)
3351 DATA_BLOB bytes = data_blob_null;
3355 /* setup the protocol strings */
3356 for (i=0; i < ARRAY_SIZE(smb1cli_prots); i++) {
3360 if (smb1cli_prots[i].proto < state->min_protocol) {
3364 if (smb1cli_prots[i].proto > state->max_protocol) {
3368 ok = data_blob_append(state, &bytes, &c, sizeof(c));
3374 * We now it is already ascii and
3375 * we want NULL termination.
3377 ok = data_blob_append(state, &bytes,
3378 smb1cli_prots[i].smb1_name,
3379 strlen(smb1cli_prots[i].smb1_name)+1);
3385 smb1cli_req_flags(state->max_protocol,
3386 state->conn->smb1.client.capabilities,
3391 return smb1cli_req_send(state, state->ev, state->conn,
3395 state->timeout_msec,
3396 0xFFFE, 0, 0, /* pid, tid, uid */
3397 0, NULL, /* wct, vwv */
3398 bytes.length, bytes.data);
3401 static void smbXcli_negprot_smb1_done(struct tevent_req *subreq)
3403 struct tevent_req *req =
3404 tevent_req_callback_data(subreq,
3406 struct smbXcli_negprot_state *state =
3407 tevent_req_data(req,
3408 struct smbXcli_negprot_state);
3409 struct smbXcli_conn *conn = state->conn;
3410 struct iovec *recv_iov = NULL;
3419 size_t num_prots = 0;
3421 uint32_t client_capabilities = conn->smb1.client.capabilities;
3422 uint32_t both_capabilities;
3423 uint32_t server_capabilities = 0;
3424 uint32_t capabilities;
3425 uint32_t client_max_xmit = conn->smb1.client.max_xmit;
3426 uint32_t server_max_xmit = 0;
3428 uint32_t server_max_mux = 0;
3429 uint16_t server_security_mode = 0;
3430 uint32_t server_session_key = 0;
3431 bool server_readbraw = false;
3432 bool server_writebraw = false;
3433 bool server_lockread = false;
3434 bool server_writeunlock = false;
3435 struct GUID server_guid = GUID_zero();
3436 DATA_BLOB server_gss_blob = data_blob_null;
3437 uint8_t server_challenge[8];
3438 char *server_workgroup = NULL;
3439 char *server_name = NULL;
3440 int server_time_zone = 0;
3441 NTTIME server_system_time = 0;
3442 static const struct smb1cli_req_expected_response expected[] = {
3444 .status = NT_STATUS_OK,
3445 .wct = 0x11, /* NT1 */
3448 .status = NT_STATUS_OK,
3449 .wct = 0x0D, /* LM */
3452 .status = NT_STATUS_OK,
3453 .wct = 0x01, /* CORE */
3457 ZERO_STRUCT(server_challenge);
3459 status = smb1cli_req_recv(subreq, state,
3464 NULL, /* pvwv_offset */
3467 NULL, /* pbytes_offset */
3469 expected, ARRAY_SIZE(expected));
3470 TALLOC_FREE(subreq);
3471 if (tevent_req_nterror(req, status)) {
3475 flags = CVAL(inhdr, HDR_FLG);
3477 protnum = SVAL(vwv, 0);
3479 for (i=0; i < ARRAY_SIZE(smb1cli_prots); i++) {
3480 if (smb1cli_prots[i].proto < state->min_protocol) {
3484 if (smb1cli_prots[i].proto > state->max_protocol) {
3488 if (protnum != num_prots) {
3493 conn->protocol = smb1cli_prots[i].proto;
3497 if (conn->protocol == PROTOCOL_NONE) {
3498 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3502 if ((conn->protocol < PROTOCOL_NT1) && conn->mandatory_signing) {
3503 DEBUG(0,("smbXcli_negprot: SMB signing is mandatory "
3504 "and the selected protocol level doesn't support it.\n"));
3505 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
3509 if (flags & FLAG_SUPPORT_LOCKREAD) {
3510 server_lockread = true;
3511 server_writeunlock = true;
3514 if (conn->protocol >= PROTOCOL_NT1) {
3515 const char *client_signing = NULL;
3516 bool server_mandatory = false;
3517 bool server_allowed = false;
3518 const char *server_signing = NULL;
3523 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3528 server_security_mode = CVAL(vwv + 1, 0);
3529 server_max_mux = SVAL(vwv + 1, 1);
3530 server_max_xmit = IVAL(vwv + 3, 1);
3531 server_session_key = IVAL(vwv + 7, 1);
3532 server_time_zone = SVALS(vwv + 15, 1);
3533 server_time_zone *= 60;
3534 /* this time arrives in real GMT */
3535 server_system_time = BVAL(vwv + 11, 1);
3536 server_capabilities = IVAL(vwv + 9, 1);
3538 key_len = CVAL(vwv + 16, 1);
3540 if (server_capabilities & CAP_RAW_MODE) {
3541 server_readbraw = true;
3542 server_writebraw = true;
3544 if (server_capabilities & CAP_LOCK_AND_READ) {
3545 server_lockread = true;
3548 if (server_capabilities & CAP_EXTENDED_SECURITY) {
3549 DATA_BLOB blob1, blob2;
3551 if (num_bytes < 16) {
3552 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3556 blob1 = data_blob_const(bytes, 16);
3557 status = GUID_from_data_blob(&blob1, &server_guid);
3558 if (tevent_req_nterror(req, status)) {
3562 blob1 = data_blob_const(bytes+16, num_bytes-16);
3563 blob2 = data_blob_dup_talloc(state, blob1);
3564 if (blob1.length > 0 &&
3565 tevent_req_nomem(blob2.data, req)) {
3568 server_gss_blob = blob2;
3570 DATA_BLOB blob1, blob2;
3572 if (num_bytes < key_len) {
3573 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3577 if (key_len != 0 && key_len != 8) {
3578 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3583 memcpy(server_challenge, bytes, 8);
3586 blob1 = data_blob_const(bytes+key_len, num_bytes-key_len);
3587 blob2 = data_blob_const(bytes+key_len, num_bytes-key_len);
3588 if (blob1.length > 0) {
3591 len = utf16_len_n(blob1.data,
3595 ok = convert_string_talloc(state,
3603 status = map_nt_error_from_unix_common(errno);
3604 tevent_req_nterror(req, status);
3609 blob2.data += blob1.length;
3610 blob2.length -= blob1.length;
3611 if (blob2.length > 0) {
3614 len = utf16_len_n(blob1.data,
3618 ok = convert_string_talloc(state,
3626 status = map_nt_error_from_unix_common(errno);
3627 tevent_req_nterror(req, status);
3633 client_signing = "disabled";
3634 if (conn->allow_signing) {
3635 client_signing = "allowed";
3637 if (conn->mandatory_signing) {
3638 client_signing = "required";
3641 server_signing = "not supported";
3642 if (server_security_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
3643 server_signing = "supported";
3644 server_allowed = true;
3646 if (server_security_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
3647 server_signing = "required";
3648 server_mandatory = true;
3651 ok = smb_signing_set_negotiated(conn->smb1.signing,
3655 DEBUG(1,("cli_negprot: SMB signing is required, "
3656 "but client[%s] and server[%s] mismatch\n",
3657 client_signing, server_signing));
3658 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
3662 } else if (conn->protocol >= PROTOCOL_LANMAN1) {
3668 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3672 server_security_mode = SVAL(vwv + 1, 0);
3673 server_max_xmit = SVAL(vwv + 2, 0);
3674 server_max_mux = SVAL(vwv + 3, 0);
3675 server_readbraw = ((SVAL(vwv + 5, 0) & 0x1) != 0);
3676 server_writebraw = ((SVAL(vwv + 5, 0) & 0x2) != 0);
3677 server_session_key = IVAL(vwv + 6, 0);
3678 server_time_zone = SVALS(vwv + 10, 0);
3679 server_time_zone *= 60;
3680 /* this time is converted to GMT by make_unix_date */
3681 t = pull_dos_date((const uint8_t *)(vwv + 8), server_time_zone);
3682 unix_to_nt_time(&server_system_time, t);
3683 key_len = SVAL(vwv + 11, 0);
3685 if (num_bytes < key_len) {
3686 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3690 if (key_len != 0 && key_len != 8) {
3691 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3696 memcpy(server_challenge, bytes, 8);
3699 blob1 = data_blob_const(bytes+key_len, num_bytes-key_len);
3700 if (blob1.length > 0) {
3704 len = utf16_len_n(blob1.data,
3708 ok = convert_string_talloc(state,
3716 status = map_nt_error_from_unix_common(errno);
3717 tevent_req_nterror(req, status);
3723 /* the old core protocol */
3724 server_time_zone = get_time_zone(time(NULL));
3725 server_max_xmit = 1024;
3729 if (server_max_xmit < 1024) {
3730 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3734 if (server_max_mux < 1) {
3735 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3740 * Now calculate the negotiated capabilities
3741 * based on the mask for:
3742 * - client only flags
3743 * - flags used in both directions
3744 * - server only flags
3746 both_capabilities = client_capabilities & server_capabilities;
3747 capabilities = client_capabilities & SMB_CAP_CLIENT_MASK;
3748 capabilities |= both_capabilities & SMB_CAP_BOTH_MASK;
3749 capabilities |= server_capabilities & SMB_CAP_SERVER_MASK;
3751 max_xmit = MIN(client_max_xmit, server_max_xmit);
3753 conn->smb1.server.capabilities = server_capabilities;
3754 conn->smb1.capabilities = capabilities;
3756 conn->smb1.server.max_xmit = server_max_xmit;
3757 conn->smb1.max_xmit = max_xmit;
3759 conn->smb1.server.max_mux = server_max_mux;
3761 conn->smb1.server.security_mode = server_security_mode;
3763 conn->smb1.server.readbraw = server_readbraw;
3764 conn->smb1.server.writebraw = server_writebraw;
3765 conn->smb1.server.lockread = server_lockread;
3766 conn->smb1.server.writeunlock = server_writeunlock;
3768 conn->smb1.server.session_key = server_session_key;
3770 talloc_steal(conn, server_gss_blob.data);
3771 conn->smb1.server.gss_blob = server_gss_blob;
3772 conn->smb1.server.guid = server_guid;
3773 memcpy(conn->smb1.server.challenge, server_challenge, 8);
3774 conn->smb1.server.workgroup = talloc_move(conn, &server_workgroup);
3775 conn->smb1.server.name = talloc_move(conn, &server_name);
3777 conn->smb1.server.time_zone = server_time_zone;
3778 conn->smb1.server.system_time = server_system_time;
3780 tevent_req_done(req);
3783 static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_state *state)
3787 uint16_t dialect_count = 0;
3789 buf = state->smb2.dyn;
3790 for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
3791 if (smb2cli_prots[i].proto < state->min_protocol) {
3795 if (smb2cli_prots[i].proto > state->max_protocol) {
3799 SSVAL(buf, dialect_count*2, smb2cli_prots[i].smb2_dialect);
3803 buf = state->smb2.fixed;
3805 SSVAL(buf, 2, dialect_count);
3806 SSVAL(buf, 4, state->conn->smb2.client.security_mode);
3807 SSVAL(buf, 6, 0); /* Reserved */
3808 if (state->max_protocol >= PROTOCOL_SMB2_22) {
3809 SIVAL(buf, 8, state->conn->smb2.client.capabilities);
3811 SIVAL(buf, 8, 0); /* Capabilities */
3813 if (state->max_protocol >= PROTOCOL_SMB2_10) {
3817 status = GUID_to_ndr_blob(&state->conn->smb2.client.guid,
3819 if (!NT_STATUS_IS_OK(status)) {
3822 memcpy(buf+12, blob.data, 16); /* ClientGuid */
3824 memset(buf+12, 0, 16); /* ClientGuid */
3826 SBVAL(buf, 28, 0); /* ClientStartTime */
3828 return smb2cli_req_send(state, state->ev,
3829 state->conn, SMB2_OP_NEGPROT,
3831 state->timeout_msec,
3832 0xFEFF, 0, NULL, /* pid, tid, session */
3833 state->smb2.fixed, sizeof(state->smb2.fixed),
3834 state->smb2.dyn, dialect_count*2);
3837 static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
3839 struct tevent_req *req =
3840 tevent_req_callback_data(subreq,
3842 struct smbXcli_negprot_state *state =
3843 tevent_req_data(req,
3844 struct smbXcli_negprot_state);
3845 struct smbXcli_conn *conn = state->conn;
3846 size_t security_offset, security_length;
3852 uint16_t dialect_revision;
3853 static const struct smb2cli_req_expected_response expected[] = {
3855 .status = NT_STATUS_OK,
3860 status = smb2cli_req_recv(subreq, state, &iov,
3861 expected, ARRAY_SIZE(expected));
3862 TALLOC_FREE(subreq);
3863 if (tevent_req_nterror(req, status)) {
3867 body = (uint8_t *)iov[1].iov_base;
3869 dialect_revision = SVAL(body, 4);
3871 for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
3872 if (smb2cli_prots[i].proto < state->min_protocol) {
3876 if (smb2cli_prots[i].proto > state->max_protocol) {
3880 if (smb2cli_prots[i].smb2_dialect != dialect_revision) {
3884 conn->protocol = smb2cli_prots[i].proto;
3888 if (conn->protocol == PROTOCOL_NONE) {
3889 if (state->min_protocol >= PROTOCOL_SMB2_02) {
3890 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3894 if (dialect_revision != SMB2_DIALECT_REVISION_2FF) {
3895 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3899 /* make sure we do not loop forever */
3900 state->min_protocol = PROTOCOL_SMB2_02;
3903 * send a SMB2 negprot, in order to negotiate
3906 subreq = smbXcli_negprot_smb2_subreq(state);
3907 if (tevent_req_nomem(subreq, req)) {
3910 tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
3914 conn->smb2.server.security_mode = SVAL(body, 2);
3916 blob = data_blob_const(body + 8, 16);
3917 status = GUID_from_data_blob(&blob, &conn->smb2.server.guid);
3918 if (tevent_req_nterror(req, status)) {
3922 conn->smb2.server.capabilities = IVAL(body, 24);
3923 conn->smb2.server.max_trans_size= IVAL(body, 28);
3924 conn->smb2.server.max_read_size = IVAL(body, 32);
3925 conn->smb2.server.max_write_size= IVAL(body, 36);
3926 conn->smb2.server.system_time = BVAL(body, 40);
3927 conn->smb2.server.start_time = BVAL(body, 48);
3929 security_offset = SVAL(body, 56);
3930 security_length = SVAL(body, 58);
3932 if (security_offset != SMB2_HDR_BODY + iov[1].iov_len) {
3933 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3937 if (security_length > iov[2].iov_len) {
3938 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
3942 conn->smb2.server.gss_blob = data_blob_talloc(conn,
3945 if (tevent_req_nomem(conn->smb2.server.gss_blob.data, req)) {
3949 tevent_req_done(req);
3952 static NTSTATUS smbXcli_negprot_dispatch_incoming(struct smbXcli_conn *conn,
3953 TALLOC_CTX *tmp_mem,
3956 size_t num_pending = talloc_array_length(conn->pending);
3957 struct tevent_req *subreq;
3958 struct smbXcli_req_state *substate;
3959 struct tevent_req *req;
3960 uint32_t protocol_magic;
3961 size_t inbuf_len = smb_len_nbt(inbuf);
3963 if (num_pending != 1) {
3964 return NT_STATUS_INTERNAL_ERROR;
3967 if (inbuf_len < 4) {
3968 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3971 subreq = conn->pending[0];
3972 substate = tevent_req_data(subreq, struct smbXcli_req_state);
3973 req = tevent_req_callback_data(subreq, struct tevent_req);
3975 protocol_magic = IVAL(inbuf, 4);
3977 switch (protocol_magic) {
3979 tevent_req_set_callback(subreq, smbXcli_negprot_smb1_done, req);
3980 conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
3981 return smb1cli_conn_dispatch_incoming(conn, tmp_mem, inbuf);
3984 if (substate->smb2.recv_iov == NULL) {
3986 * For the SMB1 negprot we have move it.
3988 substate->smb2.recv_iov = substate->smb1.recv_iov;
3989 substate->smb1.recv_iov = NULL;
3993 * we got an SMB2 answer, which consumed sequence number 0
3994 * so we need to use 1 as the next one
3997 tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
3998 conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
3999 return smb2cli_conn_dispatch_incoming(conn, tmp_mem, inbuf);
4002 DEBUG(10, ("Got non-SMB PDU\n"));
4003 return NT_STATUS_INVALID_NETWORK_RESPONSE;
4006 NTSTATUS smbXcli_negprot_recv(struct tevent_req *req)
4008 return tevent_req_simple_recv_ntstatus(req);
4011 NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn,
4012 uint32_t timeout_msec,
4013 enum protocol_types min_protocol,
4014 enum protocol_types max_protocol)
4016 TALLOC_CTX *frame = talloc_stackframe();
4017 struct tevent_context *ev;
4018 struct tevent_req *req;
4019 NTSTATUS status = NT_STATUS_NO_MEMORY;
4022 if (smbXcli_conn_has_async_calls(conn)) {
4024 * Can't use sync call while an async call is in flight
4026 status = NT_STATUS_INVALID_PARAMETER_MIX;
4029 ev = tevent_context_init(frame);
4033 req = smbXcli_negprot_send(frame, ev, conn, timeout_msec,
4034 min_protocol, max_protocol);
4038 ok = tevent_req_poll(req, ev);
4040 status = map_nt_error_from_unix_common(errno);
4043 status = smbXcli_negprot_recv(req);
4049 static int smbXcli_session_destructor(struct smbXcli_session *session)
4051 if (session->conn == NULL) {
4055 DLIST_REMOVE(session->conn->sessions, session);
4059 struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx,
4060 struct smbXcli_conn *conn)
4062 struct smbXcli_session *session;
4064 session = talloc_zero(mem_ctx, struct smbXcli_session);
4065 if (session == NULL) {
4068 talloc_set_destructor(session, smbXcli_session_destructor);
4070 DLIST_ADD_END(conn->sessions, session, struct smbXcli_session *);
4071 session->conn = conn;
4076 uint8_t smb2cli_session_security_mode(struct smbXcli_session *session)
4078 struct smbXcli_conn *conn = session->conn;
4079 uint8_t security_mode = 0;
4082 return security_mode;
4085 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
4086 if (conn->mandatory_signing) {
4087 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
4090 return security_mode;
4093 uint64_t smb2cli_session_current_id(struct smbXcli_session *session)
4095 return session->smb2.session_id;
4098 uint16_t smb2cli_session_get_flags(struct smbXcli_session *session)
4100 return session->smb2.session_flags;
4103 NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
4104 TALLOC_CTX *mem_ctx,
4107 *key = data_blob_null;
4109 if (session->smb2.application_key.length == 0) {
4110 return NT_STATUS_NO_USER_SESSION_KEY;
4113 *key = data_blob_dup_talloc(mem_ctx, session->smb2.application_key);
4114 if (key->data == NULL) {
4115 return NT_STATUS_NO_MEMORY;
4118 return NT_STATUS_OK;
4121 void smb2cli_session_set_id_and_flags(struct smbXcli_session *session,
4122 uint64_t session_id,
4123 uint16_t session_flags)
4125 session->smb2.session_id = session_id;
4126 session->smb2.session_flags = session_flags;
4129 NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
4130 const DATA_BLOB _session_key,
4131 const struct iovec *recv_iov)
4133 struct smbXcli_conn *conn = session->conn;
4134 uint16_t no_sign_flags;
4135 uint8_t session_key[16];
4139 return NT_STATUS_INVALID_PARAMETER_MIX;
4142 no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
4144 if (session->smb2.session_flags & no_sign_flags) {
4145 session->smb2.should_sign = false;
4146 return NT_STATUS_OK;
4149 if (session->smb2.signing_key.length != 0) {
4150 return NT_STATUS_INVALID_PARAMETER_MIX;
4153 ZERO_STRUCT(session_key);
4154 memcpy(session_key, _session_key.data,
4155 MIN(_session_key.length, sizeof(session_key)));
4157 session->smb2.signing_key = data_blob_talloc(session,
4159 sizeof(session_key));
4160 if (session->smb2.signing_key.data == NULL) {
4161 ZERO_STRUCT(session_key);
4162 return NT_STATUS_NO_MEMORY;
4165 if (conn->protocol >= PROTOCOL_SMB2_24) {
4166 const DATA_BLOB label = data_blob_string_const_null("SMB2AESCMAC");
4167 const DATA_BLOB context = data_blob_string_const_null("SmbSign");
4169 smb2_key_derivation(session_key, sizeof(session_key),
4170 label.data, label.length,
4171 context.data, context.length,
4172 session->smb2.signing_key.data);
4175 session->smb2.encryption_key = data_blob_dup_talloc(session,
4176 session->smb2.signing_key);
4177 if (session->smb2.encryption_key.data == NULL) {
4178 ZERO_STRUCT(session_key);
4179 return NT_STATUS_NO_MEMORY;
4182 if (conn->protocol >= PROTOCOL_SMB2_24) {
4183 const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
4184 const DATA_BLOB context = data_blob_string_const_null("ServerIn ");
4186 smb2_key_derivation(session_key, sizeof(session_key),
4187 label.data, label.length,
4188 context.data, context.length,
4189 session->smb2.encryption_key.data);
4192 session->smb2.decryption_key = data_blob_dup_talloc(session,
4193 session->smb2.signing_key);
4194 if (session->smb2.decryption_key.data == NULL) {
4195 ZERO_STRUCT(session_key);
4196 return NT_STATUS_NO_MEMORY;
4199 if (conn->protocol >= PROTOCOL_SMB2_24) {
4200 const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
4201 const DATA_BLOB context = data_blob_string_const_null("ServerOut");
4203 smb2_key_derivation(session_key, sizeof(session_key),
4204 label.data, label.length,
4205 context.data, context.length,
4206 session->smb2.decryption_key.data);
4209 session->smb2.application_key = data_blob_dup_talloc(session,
4210 session->smb2.signing_key);
4211 if (session->smb2.application_key.data == NULL) {
4212 ZERO_STRUCT(session_key);
4213 return NT_STATUS_NO_MEMORY;
4216 if (conn->protocol >= PROTOCOL_SMB2_24) {
4217 const DATA_BLOB label = data_blob_string_const_null("SMB2APP");
4218 const DATA_BLOB context = data_blob_string_const_null("SmbRpc");
4220 smb2_key_derivation(session_key, sizeof(session_key),
4221 label.data, label.length,
4222 context.data, context.length,
4223 session->smb2.application_key.data);
4225 ZERO_STRUCT(session_key);
4227 session->smb2.channel_signing_key = data_blob_dup_talloc(session,
4228 session->smb2.signing_key);
4229 if (session->smb2.channel_signing_key.data == NULL) {
4230 return NT_STATUS_NO_MEMORY;
4233 status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
4234 session->conn->protocol,
4236 if (!NT_STATUS_IS_OK(status)) {
4240 session->smb2.should_sign = false;
4241 session->smb2.should_encrypt = false;
4243 if (conn->desire_signing) {
4244 session->smb2.should_sign = true;
4247 if (conn->smb2.server.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
4248 session->smb2.should_sign = true;
4251 generate_random_buffer((uint8_t *)&session->smb2.channel_nonce,
4252 sizeof(session->smb2.channel_nonce));
4253 session->smb2.channel_next = 1;
4255 return NT_STATUS_OK;
4258 NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx,
4259 struct smbXcli_session *session1,
4260 struct smbXcli_conn *conn,
4261 struct smbXcli_session **_session2)
4263 struct smbXcli_session *session2;
4265 if (session1->smb2.signing_key.length == 0) {
4266 return NT_STATUS_INVALID_PARAMETER_MIX;
4269 if (session1->smb2.channel_next == 0) {
4270 return NT_STATUS_INVALID_PARAMETER_MIX;
4274 return NT_STATUS_INVALID_PARAMETER_MIX;
4277 session2 = talloc_zero(mem_ctx, struct smbXcli_session);
4278 if (session2 == NULL) {
4279 return NT_STATUS_NO_MEMORY;
4281 session2->smb2.session_id = session1->smb2.session_id;
4282 session2->smb2.session_flags = session1->smb2.session_flags;
4284 session2->smb2.signing_key = data_blob_dup_talloc(session2,
4285 session1->smb2.signing_key);
4286 if (session2->smb2.signing_key.data == NULL) {
4287 return NT_STATUS_NO_MEMORY;
4290 session2->smb2.application_key = data_blob_dup_talloc(session2,
4291 session1->smb2.application_key);
4292 if (session2->smb2.application_key.data == NULL) {
4293 return NT_STATUS_NO_MEMORY;
4296 session2->smb2.should_sign = session1->smb2.should_sign;
4297 session2->smb2.should_encrypt = session1->smb2.should_encrypt;
4299 session2->smb2.channel_nonce = session1->smb2.channel_nonce;
4300 session2->smb2.channel_nonce += session1->smb2.channel_next;
4301 session1->smb2.channel_next++;
4303 session2->smb2.encryption_key = data_blob_dup_talloc(session2,
4304 session1->smb2.encryption_key);
4305 if (session2->smb2.encryption_key.data == NULL) {
4306 return NT_STATUS_NO_MEMORY;
4309 session2->smb2.decryption_key = data_blob_dup_talloc(session2,
4310 session1->smb2.decryption_key);
4311 if (session2->smb2.decryption_key.data == NULL) {
4312 return NT_STATUS_NO_MEMORY;
4315 talloc_set_destructor(session2, smbXcli_session_destructor);
4316 DLIST_ADD_END(conn->sessions, session2, struct smbXcli_session *);
4317 session2->conn = conn;
4319 *_session2 = session2;
4320 return NT_STATUS_OK;
4323 NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
4324 const DATA_BLOB _channel_key,
4325 const struct iovec *recv_iov)
4327 struct smbXcli_conn *conn = session->conn;
4328 uint8_t channel_key[16];
4332 return NT_STATUS_INVALID_PARAMETER_MIX;
4335 if (session->smb2.channel_signing_key.length != 0) {
4336 return NT_STATUS_INVALID_PARAMETER_MIX;
4339 ZERO_STRUCT(channel_key);
4340 memcpy(channel_key, _channel_key.data,
4341 MIN(_channel_key.length, sizeof(channel_key)));
4343 session->smb2.channel_signing_key = data_blob_talloc(session,
4345 sizeof(channel_key));
4346 if (session->smb2.channel_signing_key.data == NULL) {
4347 ZERO_STRUCT(channel_key);
4348 return NT_STATUS_NO_MEMORY;
4351 if (conn->protocol >= PROTOCOL_SMB2_24) {
4352 const DATA_BLOB label = data_blob_string_const_null("SMB2AESCMAC");
4353 const DATA_BLOB context = data_blob_string_const_null("SmbSign");
4355 smb2_key_derivation(channel_key, sizeof(channel_key),
4356 label.data, label.length,
4357 context.data, context.length,
4358 session->smb2.channel_signing_key.data);
4360 ZERO_STRUCT(channel_key);
4362 status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
4363 session->conn->protocol,
4365 if (!NT_STATUS_IS_OK(status)) {
4369 return NT_STATUS_OK;