2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5 Copyright (C) Stefan Metzmacher 2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/network.h"
23 #include "../lib/async_req/async_sock.h"
24 #include "../lib/util/tevent_ntstatus.h"
25 #include "../lib/util/tevent_unix.h"
26 #include "lib/util/util_net.h"
27 #include "lib/util/dlinklist.h"
28 #include "lib/util/iov_buf.h"
29 #include "../libcli/smb/smb_common.h"
30 #include "../libcli/smb/smb_seal.h"
31 #include "../libcli/smb/smb_signing.h"
32 #include "../libcli/smb/read_smb.h"
33 #include "smbXcli_base.h"
34 #include "librpc/ndr/libndr.h"
35 #include "libcli/smb/smb2_negotiate_context.h"
36 #include "lib/crypto/sha512.h"
37 #include "lib/crypto/aes.h"
38 #include "lib/crypto/aes_ccm_128.h"
39 #include "lib/crypto/aes_gcm_128.h"
43 struct smbXcli_session;
48 struct sockaddr_storage local_ss;
49 struct sockaddr_storage remote_ss;
50 const char *remote_name;
52 struct tevent_queue *outgoing;
53 struct tevent_req **pending;
54 struct tevent_req *read_smb_req;
55 struct tevent_req *suicide_req;
57 enum protocol_types min_protocol;
58 enum protocol_types max_protocol;
59 enum protocol_types protocol;
62 bool mandatory_signing;
65 * The incoming dispatch function should return:
66 * - NT_STATUS_RETRY, if more incoming PDUs are expected.
67 * - NT_STATUS_OK, if no more processing is desired, e.g.
68 * the dispatch function called
70 * - All other return values disconnect the connection.
72 NTSTATUS (*dispatch_incoming)(struct smbXcli_conn *conn,
78 uint32_t capabilities;
83 uint32_t capabilities;
86 uint16_t security_mode;
95 const char *workgroup;
101 uint32_t capabilities;
106 struct smb_signing_state *signing;
107 struct smb_trans_enc_state *trans_enc;
109 struct tevent_req *read_braw_req;
114 uint32_t capabilities;
115 uint16_t security_mode;
120 uint32_t capabilities;
121 uint16_t security_mode;
123 uint32_t max_trans_size;
124 uint32_t max_read_size;
125 uint32_t max_write_size;
133 uint16_t cur_credits;
134 uint16_t max_credits;
136 uint32_t cc_chunk_len;
137 uint32_t cc_max_chunks;
141 uint8_t preauth_sha512[64];
144 struct smbXcli_session *sessions;
147 struct smb2cli_session {
149 uint16_t session_flags;
150 DATA_BLOB application_key;
151 DATA_BLOB signing_key;
154 DATA_BLOB encryption_key;
155 DATA_BLOB decryption_key;
156 uint64_t nonce_high_random;
157 uint64_t nonce_high_max;
160 uint16_t channel_sequence;
164 struct smbXcli_session {
165 struct smbXcli_session *prev, *next;
166 struct smbXcli_conn *conn;
170 DATA_BLOB application_key;
174 struct smb2cli_session *smb2;
177 DATA_BLOB signing_key;
178 uint8_t preauth_sha512[64];
182 * this should be a short term hack
183 * until the upper layers have implemented
186 bool disconnect_expired;
189 struct smbXcli_tcon {
191 uint32_t fs_attributes;
195 uint16_t optional_support;
196 uint32_t maximal_access;
197 uint32_t guest_maximal_access;
206 uint32_t capabilities;
207 uint32_t maximal_access;
213 struct smbXcli_req_state {
214 struct tevent_context *ev;
215 struct smbXcli_conn *conn;
216 struct smbXcli_session *session; /* maybe NULL */
217 struct smbXcli_tcon *tcon; /* maybe NULL */
219 uint8_t length_hdr[4];
226 /* Space for the header including the wct */
227 uint8_t hdr[HDR_VWV];
230 * For normal requests, smb1cli_req_send chooses a mid.
231 * SecondaryV trans requests need to use the mid of the primary
232 * request, so we need a place to store it.
233 * Assume it is set if != 0.
238 uint8_t bytecount_buf[2];
240 #define MAX_SMB_IOV 10
241 /* length_hdr, hdr, words, byte_count, buffers */
242 struct iovec iov[1 + 3 + MAX_SMB_IOV];
247 struct tevent_req **chained_requests;
250 NTSTATUS recv_status;
251 /* always an array of 3 talloc elements */
252 struct iovec *recv_iov;
256 const uint8_t *fixed;
261 uint8_t transform[SMB2_TF_HDR_SIZE];
262 uint8_t hdr[SMB2_HDR_BODY];
263 uint8_t pad[7]; /* padding space for compounding */
266 * always an array of 3 talloc elements
267 * (without a SMB2_TRANSFORM header!)
271 struct iovec *recv_iov;
274 * the expected max for the response dyn_len
276 uint32_t max_dyn_len;
278 uint16_t credit_charge;
282 uint64_t encryption_session_id;
284 bool signing_skipped;
287 uint16_t cancel_flags;
293 static int smbXcli_conn_destructor(struct smbXcli_conn *conn)
296 * NT_STATUS_OK, means we do not notify the callers
298 smbXcli_conn_disconnect(conn, NT_STATUS_OK);
300 while (conn->sessions) {
301 conn->sessions->conn = NULL;
302 DLIST_REMOVE(conn->sessions, conn->sessions);
305 if (conn->smb1.trans_enc) {
306 TALLOC_FREE(conn->smb1.trans_enc);
312 struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
314 const char *remote_name,
315 enum smb_signing_setting signing_state,
316 uint32_t smb1_capabilities,
317 struct GUID *client_guid,
318 uint32_t smb2_capabilities)
320 struct smbXcli_conn *conn = NULL;
322 struct sockaddr *sa = NULL;
326 conn = talloc_zero(mem_ctx, struct smbXcli_conn);
333 conn->remote_name = talloc_strdup(conn, remote_name);
334 if (conn->remote_name == NULL) {
338 ss = (void *)&conn->local_ss;
339 sa = (struct sockaddr *)ss;
340 sa_length = sizeof(conn->local_ss);
341 ret = getsockname(fd, sa, &sa_length);
345 ss = (void *)&conn->remote_ss;
346 sa = (struct sockaddr *)ss;
347 sa_length = sizeof(conn->remote_ss);
348 ret = getpeername(fd, sa, &sa_length);
353 conn->outgoing = tevent_queue_create(conn, "smbXcli_outgoing");
354 if (conn->outgoing == NULL) {
357 conn->pending = NULL;
359 conn->min_protocol = PROTOCOL_NONE;
360 conn->max_protocol = PROTOCOL_NONE;
361 conn->protocol = PROTOCOL_NONE;
363 switch (signing_state) {
364 case SMB_SIGNING_OFF:
366 conn->allow_signing = false;
367 conn->desire_signing = false;
368 conn->mandatory_signing = false;
370 case SMB_SIGNING_DEFAULT:
371 case SMB_SIGNING_IF_REQUIRED:
372 /* if the server requires it */
373 conn->allow_signing = true;
374 conn->desire_signing = false;
375 conn->mandatory_signing = false;
377 case SMB_SIGNING_REQUIRED:
379 conn->allow_signing = true;
380 conn->desire_signing = true;
381 conn->mandatory_signing = true;
385 conn->smb1.client.capabilities = smb1_capabilities;
386 conn->smb1.client.max_xmit = UINT16_MAX;
388 conn->smb1.capabilities = conn->smb1.client.capabilities;
389 conn->smb1.max_xmit = 1024;
393 /* initialise signing */
394 conn->smb1.signing = smb_signing_init(conn,
396 conn->desire_signing,
397 conn->mandatory_signing);
398 if (!conn->smb1.signing) {
402 conn->smb2.client.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
403 if (conn->mandatory_signing) {
404 conn->smb2.client.security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
407 conn->smb2.client.guid = *client_guid;
409 conn->smb2.client.capabilities = smb2_capabilities;
411 conn->smb2.cur_credits = 1;
412 conn->smb2.max_credits = 0;
413 conn->smb2.io_priority = 1;
416 * Samba and Windows servers accept a maximum of 16 MiB with a maximum
417 * chunk length of 1 MiB.
419 conn->smb2.cc_chunk_len = 1024 * 1024;
420 conn->smb2.cc_max_chunks = 16;
422 talloc_set_destructor(conn, smbXcli_conn_destructor);
430 bool smbXcli_conn_is_connected(struct smbXcli_conn *conn)
436 if (conn->sock_fd == -1) {
443 enum protocol_types smbXcli_conn_protocol(struct smbXcli_conn *conn)
445 return conn->protocol;
448 bool smbXcli_conn_use_unicode(struct smbXcli_conn *conn)
450 if (conn->protocol >= PROTOCOL_SMB2_02) {
454 if (conn->smb1.capabilities & CAP_UNICODE) {
461 void smbXcli_conn_set_sockopt(struct smbXcli_conn *conn, const char *options)
463 set_socket_options(conn->sock_fd, options);
466 const struct sockaddr_storage *smbXcli_conn_local_sockaddr(struct smbXcli_conn *conn)
468 return &conn->local_ss;
471 const struct sockaddr_storage *smbXcli_conn_remote_sockaddr(struct smbXcli_conn *conn)
473 return &conn->remote_ss;
476 const char *smbXcli_conn_remote_name(struct smbXcli_conn *conn)
478 return conn->remote_name;
481 uint16_t smbXcli_conn_max_requests(struct smbXcli_conn *conn)
483 if (conn->protocol >= PROTOCOL_SMB2_02) {
490 return conn->smb1.server.max_mux;
493 NTTIME smbXcli_conn_server_system_time(struct smbXcli_conn *conn)
495 if (conn->protocol >= PROTOCOL_SMB2_02) {
496 return conn->smb2.server.system_time;
499 return conn->smb1.server.system_time;
502 const DATA_BLOB *smbXcli_conn_server_gss_blob(struct smbXcli_conn *conn)
504 if (conn->protocol >= PROTOCOL_SMB2_02) {
505 return &conn->smb2.server.gss_blob;
508 return &conn->smb1.server.gss_blob;
511 const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn)
513 if (conn->protocol >= PROTOCOL_SMB2_02) {
514 return &conn->smb2.server.guid;
517 return &conn->smb1.server.guid;
520 struct smbXcli_conn_samba_suicide_state {
521 struct smbXcli_conn *conn;
524 struct tevent_req *write_req;
527 static void smbXcli_conn_samba_suicide_cleanup(struct tevent_req *req,
528 enum tevent_req_state req_state);
529 static void smbXcli_conn_samba_suicide_done(struct tevent_req *subreq);
531 struct tevent_req *smbXcli_conn_samba_suicide_send(TALLOC_CTX *mem_ctx,
532 struct tevent_context *ev,
533 struct smbXcli_conn *conn,
536 struct tevent_req *req, *subreq;
537 struct smbXcli_conn_samba_suicide_state *state;
539 req = tevent_req_create(mem_ctx, &state,
540 struct smbXcli_conn_samba_suicide_state);
545 SIVAL(state->buf, 4, 0x74697865);
546 SCVAL(state->buf, 8, exitcode);
547 _smb_setlen_nbt(state->buf, sizeof(state->buf)-4);
549 if (conn->suicide_req != NULL) {
550 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
551 return tevent_req_post(req, ev);
554 state->iov.iov_base = state->buf;
555 state->iov.iov_len = sizeof(state->buf);
557 subreq = writev_send(state, ev, conn->outgoing, conn->sock_fd,
558 false, &state->iov, 1);
559 if (tevent_req_nomem(subreq, req)) {
560 return tevent_req_post(req, ev);
562 tevent_req_set_callback(subreq, smbXcli_conn_samba_suicide_done, req);
563 state->write_req = subreq;
565 tevent_req_set_cleanup_fn(req, smbXcli_conn_samba_suicide_cleanup);
568 * We need to use tevent_req_defer_callback()
569 * in order to allow smbXcli_conn_disconnect()
570 * to do a safe cleanup.
572 tevent_req_defer_callback(req, ev);
573 conn->suicide_req = req;
578 static void smbXcli_conn_samba_suicide_cleanup(struct tevent_req *req,
579 enum tevent_req_state req_state)
581 struct smbXcli_conn_samba_suicide_state *state = tevent_req_data(
582 req, struct smbXcli_conn_samba_suicide_state);
584 TALLOC_FREE(state->write_req);
586 if (state->conn == NULL) {
590 if (state->conn->suicide_req == req) {
591 state->conn->suicide_req = NULL;
596 static void smbXcli_conn_samba_suicide_done(struct tevent_req *subreq)
598 struct tevent_req *req = tevent_req_callback_data(
599 subreq, struct tevent_req);
600 struct smbXcli_conn_samba_suicide_state *state = tevent_req_data(
601 req, struct smbXcli_conn_samba_suicide_state);
605 state->write_req = NULL;
607 nwritten = writev_recv(subreq, &err);
609 if (nwritten == -1) {
610 /* here, we need to notify all pending requests */
611 NTSTATUS status = map_nt_error_from_unix_common(err);
612 smbXcli_conn_disconnect(state->conn, status);
615 tevent_req_done(req);
618 NTSTATUS smbXcli_conn_samba_suicide_recv(struct tevent_req *req)
620 return tevent_req_simple_recv_ntstatus(req);
623 NTSTATUS smbXcli_conn_samba_suicide(struct smbXcli_conn *conn,
626 TALLOC_CTX *frame = talloc_stackframe();
627 struct tevent_context *ev;
628 struct tevent_req *req;
629 NTSTATUS status = NT_STATUS_NO_MEMORY;
632 if (smbXcli_conn_has_async_calls(conn)) {
634 * Can't use sync call while an async call is in flight
636 status = NT_STATUS_INVALID_PARAMETER_MIX;
639 ev = samba_tevent_context_init(frame);
643 req = smbXcli_conn_samba_suicide_send(frame, ev, conn, exitcode);
647 ok = tevent_req_poll_ntstatus(req, ev, &status);
651 status = smbXcli_conn_samba_suicide_recv(req);
657 uint32_t smb1cli_conn_capabilities(struct smbXcli_conn *conn)
659 return conn->smb1.capabilities;
662 uint32_t smb1cli_conn_max_xmit(struct smbXcli_conn *conn)
664 return conn->smb1.max_xmit;
667 bool smb1cli_conn_req_possible(struct smbXcli_conn *conn)
670 uint16_t possible = conn->smb1.server.max_mux;
672 pending = tevent_queue_length(conn->outgoing);
673 if (pending >= possible) {
676 pending += talloc_array_length(conn->pending);
677 if (pending >= possible) {
684 uint32_t smb1cli_conn_server_session_key(struct smbXcli_conn *conn)
686 return conn->smb1.server.session_key;
689 const uint8_t *smb1cli_conn_server_challenge(struct smbXcli_conn *conn)
691 return conn->smb1.server.challenge;
694 uint16_t smb1cli_conn_server_security_mode(struct smbXcli_conn *conn)
696 return conn->smb1.server.security_mode;
699 bool smb1cli_conn_server_readbraw(struct smbXcli_conn *conn)
701 return conn->smb1.server.readbraw;
704 bool smb1cli_conn_server_writebraw(struct smbXcli_conn *conn)
706 return conn->smb1.server.writebraw;
709 bool smb1cli_conn_server_lockread(struct smbXcli_conn *conn)
711 return conn->smb1.server.lockread;
714 bool smb1cli_conn_server_writeunlock(struct smbXcli_conn *conn)
716 return conn->smb1.server.writeunlock;
719 int smb1cli_conn_server_time_zone(struct smbXcli_conn *conn)
721 return conn->smb1.server.time_zone;
724 bool smb1cli_conn_activate_signing(struct smbXcli_conn *conn,
725 const DATA_BLOB user_session_key,
726 const DATA_BLOB response)
728 return smb_signing_activate(conn->smb1.signing,
733 bool smb1cli_conn_check_signing(struct smbXcli_conn *conn,
734 const uint8_t *buf, uint32_t seqnum)
736 const uint8_t *hdr = buf + NBT_HDR_SIZE;
737 size_t len = smb_len_nbt(buf);
739 return smb_signing_check_pdu(conn->smb1.signing, hdr, len, seqnum);
742 bool smb1cli_conn_signing_is_active(struct smbXcli_conn *conn)
744 return smb_signing_is_active(conn->smb1.signing);
747 void smb1cli_conn_set_encryption(struct smbXcli_conn *conn,
748 struct smb_trans_enc_state *es)
750 /* Replace the old state, if any. */
751 if (conn->smb1.trans_enc) {
752 TALLOC_FREE(conn->smb1.trans_enc);
754 conn->smb1.trans_enc = es;
757 bool smb1cli_conn_encryption_on(struct smbXcli_conn *conn)
759 return common_encryption_on(conn->smb1.trans_enc);
763 static NTSTATUS smb1cli_pull_raw_error(const uint8_t *hdr)
765 uint32_t flags2 = SVAL(hdr, HDR_FLG2);
766 NTSTATUS status = NT_STATUS(IVAL(hdr, HDR_RCLS));
768 if (NT_STATUS_IS_OK(status)) {
772 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
776 return NT_STATUS_DOS(CVAL(hdr, HDR_RCLS), SVAL(hdr, HDR_ERR));
780 * Is the SMB command able to hold an AND_X successor
781 * @param[in] cmd The SMB command in question
782 * @retval Can we add a chained request after "cmd"?
784 bool smb1cli_is_andx_req(uint8_t cmd)
804 static uint16_t smb1cli_alloc_mid(struct smbXcli_conn *conn)
806 size_t num_pending = talloc_array_length(conn->pending);
809 if (conn->protocol == PROTOCOL_NONE) {
811 * This is what windows sends on the SMB1 Negprot request
812 * and some vendors reuse the SMB1 MID as SMB2 sequence number.
820 result = conn->smb1.mid++;
821 if ((result == 0) || (result == 0xffff)) {
825 for (i=0; i<num_pending; i++) {
826 if (result == smb1cli_req_mid(conn->pending[i])) {
831 if (i == num_pending) {
837 void smbXcli_req_unset_pending(struct tevent_req *req)
839 struct smbXcli_req_state *state =
841 struct smbXcli_req_state);
842 struct smbXcli_conn *conn = state->conn;
843 size_t num_pending = talloc_array_length(conn->pending);
846 if (state->smb1.mid != 0) {
848 * This is a [nt]trans[2] request which waits
849 * for more than one reply.
854 tevent_req_set_cleanup_fn(req, NULL);
856 if (num_pending == 1) {
858 * The pending read_smb tevent_req is a child of
859 * conn->pending. So if nothing is pending anymore, we need to
860 * delete the socket read fde.
862 TALLOC_FREE(conn->pending);
863 conn->read_smb_req = NULL;
867 for (i=0; i<num_pending; i++) {
868 if (req == conn->pending[i]) {
872 if (i == num_pending) {
874 * Something's seriously broken. Just returning here is the
875 * right thing nevertheless, the point of this routine is to
876 * remove ourselves from conn->pending.
882 * Remove ourselves from the conn->pending array
884 for (; i < (num_pending - 1); i++) {
885 conn->pending[i] = conn->pending[i+1];
889 * No NULL check here, we're shrinking by sizeof(void *), and
890 * talloc_realloc just adjusts the size for this.
892 conn->pending = talloc_realloc(NULL, conn->pending, struct tevent_req *,
897 static void smbXcli_req_cleanup(struct tevent_req *req,
898 enum tevent_req_state req_state)
900 struct smbXcli_req_state *state =
902 struct smbXcli_req_state);
905 case TEVENT_REQ_RECEIVED:
907 * Make sure we really remove it from
908 * the pending array on destruction.
911 smbXcli_req_unset_pending(req);
918 static bool smb1cli_req_cancel(struct tevent_req *req);
919 static bool smb2cli_req_cancel(struct tevent_req *req);
921 static bool smbXcli_req_cancel(struct tevent_req *req)
923 struct smbXcli_req_state *state =
925 struct smbXcli_req_state);
927 if (!smbXcli_conn_is_connected(state->conn)) {
931 if (state->conn->protocol == PROTOCOL_NONE) {
935 if (state->conn->protocol >= PROTOCOL_SMB2_02) {
936 return smb2cli_req_cancel(req);
939 return smb1cli_req_cancel(req);
942 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn);
944 bool smbXcli_req_set_pending(struct tevent_req *req)
946 struct smbXcli_req_state *state =
948 struct smbXcli_req_state);
949 struct smbXcli_conn *conn;
950 struct tevent_req **pending;
955 if (!smbXcli_conn_is_connected(conn)) {
959 num_pending = talloc_array_length(conn->pending);
961 pending = talloc_realloc(conn, conn->pending, struct tevent_req *,
963 if (pending == NULL) {
966 pending[num_pending] = req;
967 conn->pending = pending;
968 tevent_req_set_cleanup_fn(req, smbXcli_req_cleanup);
969 tevent_req_set_cancel_fn(req, smbXcli_req_cancel);
971 if (!smbXcli_conn_receive_next(conn)) {
973 * the caller should notify the current request
975 * And all other pending requests get notified
976 * by smbXcli_conn_disconnect().
978 smbXcli_req_unset_pending(req);
979 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
986 static void smbXcli_conn_received(struct tevent_req *subreq);
988 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn)
990 size_t num_pending = talloc_array_length(conn->pending);
991 struct tevent_req *req;
992 struct smbXcli_req_state *state;
994 if (conn->read_smb_req != NULL) {
998 if (num_pending == 0) {
999 if (conn->smb2.mid < UINT64_MAX) {
1000 /* no more pending requests, so we are done for now */
1005 * If there are no more SMB2 requests possible,
1006 * because we are out of message ids,
1007 * we need to disconnect.
1009 smbXcli_conn_disconnect(conn, NT_STATUS_CONNECTION_ABORTED);
1013 req = conn->pending[0];
1014 state = tevent_req_data(req, struct smbXcli_req_state);
1017 * We're the first ones, add the read_smb request that waits for the
1018 * answer from the server
1020 conn->read_smb_req = read_smb_send(conn->pending,
1023 if (conn->read_smb_req == NULL) {
1026 tevent_req_set_callback(conn->read_smb_req, smbXcli_conn_received, conn);
1030 void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
1032 struct smbXcli_session *session;
1033 int sock_fd = conn->sock_fd;
1035 tevent_queue_stop(conn->outgoing);
1039 session = conn->sessions;
1040 if (talloc_array_length(conn->pending) == 0) {
1042 * if we do not have pending requests
1043 * there is no need to update the channel_sequence
1047 for (; session; session = session->next) {
1048 smb2cli_session_increment_channel_sequence(session);
1051 if (conn->suicide_req != NULL) {
1053 * smbXcli_conn_samba_suicide_send()
1054 * used tevent_req_defer_callback() already.
1056 if (!NT_STATUS_IS_OK(status)) {
1057 tevent_req_nterror(conn->suicide_req, status);
1059 conn->suicide_req = NULL;
1063 * Cancel all pending requests. We do not do a for-loop walking
1064 * conn->pending because that array changes in
1065 * smbXcli_req_unset_pending.
1067 while (talloc_array_length(conn->pending) > 0) {
1068 struct tevent_req *req;
1069 struct smbXcli_req_state *state;
1070 struct tevent_req **chain;
1074 req = conn->pending[0];
1075 state = tevent_req_data(req, struct smbXcli_req_state);
1077 if (state->smb1.chained_requests == NULL) {
1079 * We're dead. No point waiting for trans2
1082 state->smb1.mid = 0;
1084 smbXcli_req_unset_pending(req);
1086 if (NT_STATUS_IS_OK(status)) {
1087 /* do not notify the callers */
1092 * we need to defer the callback, because we may notify
1093 * more then one caller.
1095 tevent_req_defer_callback(req, state->ev);
1096 tevent_req_nterror(req, status);
1100 chain = talloc_move(conn, &state->smb1.chained_requests);
1101 num_chained = talloc_array_length(chain);
1103 for (i=0; i<num_chained; i++) {
1105 state = tevent_req_data(req, struct smbXcli_req_state);
1108 * We're dead. No point waiting for trans2
1111 state->smb1.mid = 0;
1113 smbXcli_req_unset_pending(req);
1115 if (NT_STATUS_IS_OK(status)) {
1116 /* do not notify the callers */
1121 * we need to defer the callback, because we may notify
1122 * more than one caller.
1124 tevent_req_defer_callback(req, state->ev);
1125 tevent_req_nterror(req, status);
1130 if (sock_fd != -1) {
1136 * Fetch a smb request's mid. Only valid after the request has been sent by
1137 * smb1cli_req_send().
1139 uint16_t smb1cli_req_mid(struct tevent_req *req)
1141 struct smbXcli_req_state *state =
1142 tevent_req_data(req,
1143 struct smbXcli_req_state);
1145 if (state->smb1.mid != 0) {
1146 return state->smb1.mid;
1149 return SVAL(state->smb1.hdr, HDR_MID);
1152 void smb1cli_req_set_mid(struct tevent_req *req, uint16_t mid)
1154 struct smbXcli_req_state *state =
1155 tevent_req_data(req,
1156 struct smbXcli_req_state);
1158 state->smb1.mid = mid;
1161 uint32_t smb1cli_req_seqnum(struct tevent_req *req)
1163 struct smbXcli_req_state *state =
1164 tevent_req_data(req,
1165 struct smbXcli_req_state);
1167 return state->smb1.seqnum;
1170 void smb1cli_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
1172 struct smbXcli_req_state *state =
1173 tevent_req_data(req,
1174 struct smbXcli_req_state);
1176 state->smb1.seqnum = seqnum;
1179 static size_t smbXcli_iov_len(const struct iovec *iov, int count)
1181 ssize_t ret = iov_buflen(iov, count);
1183 /* Ignore the overflow case for now ... */
1187 static uint8_t *smbXcli_iov_concat(TALLOC_CTX *mem_ctx,
1188 const struct iovec *iov,
1194 buflen = iov_buflen(iov, count);
1199 buf = talloc_array(mem_ctx, uint8_t, buflen);
1204 iov_buf(iov, count, buf, buflen);
1209 static void smb1cli_req_flags(enum protocol_types protocol,
1210 uint32_t smb1_capabilities,
1211 uint8_t smb_command,
1212 uint8_t additional_flags,
1213 uint8_t clear_flags,
1215 uint16_t additional_flags2,
1216 uint16_t clear_flags2,
1220 uint16_t flags2 = 0;
1222 if (protocol >= PROTOCOL_LANMAN1) {
1223 flags |= FLAG_CASELESS_PATHNAMES;
1224 flags |= FLAG_CANONICAL_PATHNAMES;
1227 if (protocol >= PROTOCOL_LANMAN2) {
1228 flags2 |= FLAGS2_LONG_PATH_COMPONENTS;
1229 flags2 |= FLAGS2_EXTENDED_ATTRIBUTES;
1232 if (protocol >= PROTOCOL_NT1) {
1233 flags2 |= FLAGS2_IS_LONG_NAME;
1235 if (smb1_capabilities & CAP_UNICODE) {
1236 flags2 |= FLAGS2_UNICODE_STRINGS;
1238 if (smb1_capabilities & CAP_STATUS32) {
1239 flags2 |= FLAGS2_32_BIT_ERROR_CODES;
1241 if (smb1_capabilities & CAP_EXTENDED_SECURITY) {
1242 flags2 |= FLAGS2_EXTENDED_SECURITY;
1246 flags |= additional_flags;
1247 flags &= ~clear_flags;
1248 flags2 |= additional_flags2;
1249 flags2 &= ~clear_flags2;
1255 static void smb1cli_req_cancel_done(struct tevent_req *subreq);
1257 static bool smb1cli_req_cancel(struct tevent_req *req)
1259 struct smbXcli_req_state *state =
1260 tevent_req_data(req,
1261 struct smbXcli_req_state);
1266 struct tevent_req *subreq;
1269 flags = CVAL(state->smb1.hdr, HDR_FLG);
1270 flags2 = SVAL(state->smb1.hdr, HDR_FLG2);
1271 pid = SVAL(state->smb1.hdr, HDR_PID);
1272 pid |= SVAL(state->smb1.hdr, HDR_PIDHIGH)<<16;
1273 mid = SVAL(state->smb1.hdr, HDR_MID);
1275 subreq = smb1cli_req_create(state, state->ev,
1285 0, NULL); /* bytes */
1286 if (subreq == NULL) {
1289 smb1cli_req_set_mid(subreq, mid);
1291 status = smb1cli_req_chain_submit(&subreq, 1);
1292 if (!NT_STATUS_IS_OK(status)) {
1293 TALLOC_FREE(subreq);
1296 smb1cli_req_set_mid(subreq, 0);
1298 tevent_req_set_callback(subreq, smb1cli_req_cancel_done, NULL);
1303 static void smb1cli_req_cancel_done(struct tevent_req *subreq)
1305 /* we do not care about the result */
1306 TALLOC_FREE(subreq);
1309 struct tevent_req *smb1cli_req_create(TALLOC_CTX *mem_ctx,
1310 struct tevent_context *ev,
1311 struct smbXcli_conn *conn,
1312 uint8_t smb_command,
1313 uint8_t additional_flags,
1314 uint8_t clear_flags,
1315 uint16_t additional_flags2,
1316 uint16_t clear_flags2,
1317 uint32_t timeout_msec,
1319 struct smbXcli_tcon *tcon,
1320 struct smbXcli_session *session,
1321 uint8_t wct, uint16_t *vwv,
1323 struct iovec *bytes_iov)
1325 struct tevent_req *req;
1326 struct smbXcli_req_state *state;
1328 uint16_t flags2 = 0;
1333 if (iov_count > MAX_SMB_IOV) {
1335 * Should not happen :-)
1340 req = tevent_req_create(mem_ctx, &state,
1341 struct smbXcli_req_state);
1347 state->session = session;
1351 uid = session->smb1.session_id;
1355 tid = tcon->smb1.tcon_id;
1357 if (tcon->fs_attributes & FILE_CASE_SENSITIVE_SEARCH) {
1358 clear_flags |= FLAG_CASELESS_PATHNAMES;
1360 /* Default setting, case insensitive. */
1361 additional_flags |= FLAG_CASELESS_PATHNAMES;
1364 if (smbXcli_conn_dfs_supported(conn) &&
1365 smbXcli_tcon_is_dfs_share(tcon))
1367 additional_flags2 |= FLAGS2_DFS_PATHNAMES;
1371 state->smb1.recv_cmd = 0xFF;
1372 state->smb1.recv_status = NT_STATUS_INTERNAL_ERROR;
1373 state->smb1.recv_iov = talloc_zero_array(state, struct iovec, 3);
1374 if (state->smb1.recv_iov == NULL) {
1379 smb1cli_req_flags(conn->protocol,
1380 conn->smb1.capabilities,
1389 SIVAL(state->smb1.hdr, 0, SMB_MAGIC);
1390 SCVAL(state->smb1.hdr, HDR_COM, smb_command);
1391 SIVAL(state->smb1.hdr, HDR_RCLS, NT_STATUS_V(NT_STATUS_OK));
1392 SCVAL(state->smb1.hdr, HDR_FLG, flags);
1393 SSVAL(state->smb1.hdr, HDR_FLG2, flags2);
1394 SSVAL(state->smb1.hdr, HDR_PIDHIGH, pid >> 16);
1395 SSVAL(state->smb1.hdr, HDR_TID, tid);
1396 SSVAL(state->smb1.hdr, HDR_PID, pid);
1397 SSVAL(state->smb1.hdr, HDR_UID, uid);
1398 SSVAL(state->smb1.hdr, HDR_MID, 0); /* this comes later */
1399 SCVAL(state->smb1.hdr, HDR_WCT, wct);
1401 state->smb1.vwv = vwv;
1403 num_bytes = iov_buflen(bytes_iov, iov_count);
1404 if (num_bytes == -1) {
1406 * I'd love to add a check for num_bytes<=UINT16_MAX here, but
1407 * the smbclient->samba connections can lie and transfer more.
1413 SSVAL(state->smb1.bytecount_buf, 0, num_bytes);
1415 state->smb1.iov[0].iov_base = (void *)state->length_hdr;
1416 state->smb1.iov[0].iov_len = sizeof(state->length_hdr);
1417 state->smb1.iov[1].iov_base = (void *)state->smb1.hdr;
1418 state->smb1.iov[1].iov_len = sizeof(state->smb1.hdr);
1419 state->smb1.iov[2].iov_base = (void *)state->smb1.vwv;
1420 state->smb1.iov[2].iov_len = wct * sizeof(uint16_t);
1421 state->smb1.iov[3].iov_base = (void *)state->smb1.bytecount_buf;
1422 state->smb1.iov[3].iov_len = sizeof(uint16_t);
1424 if (iov_count != 0) {
1425 memcpy(&state->smb1.iov[4], bytes_iov,
1426 iov_count * sizeof(*bytes_iov));
1428 state->smb1.iov_count = iov_count + 4;
1430 if (timeout_msec > 0) {
1431 struct timeval endtime;
1433 endtime = timeval_current_ofs_msec(timeout_msec);
1434 if (!tevent_req_set_endtime(req, ev, endtime)) {
1439 switch (smb_command) {
1443 state->one_way = true;
1446 state->one_way = true;
1447 state->smb1.one_way_seqnum = true;
1451 (CVAL(vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
1452 state->one_way = true;
1460 static NTSTATUS smb1cli_conn_signv(struct smbXcli_conn *conn,
1461 struct iovec *iov, int iov_count,
1463 bool one_way_seqnum)
1465 TALLOC_CTX *frame = NULL;
1469 * Obvious optimization: Make cli_calculate_sign_mac work with struct
1470 * iovec directly. MD5Update would do that just fine.
1473 if (iov_count < 4) {
1474 return NT_STATUS_INVALID_PARAMETER_MIX;
1476 if (iov[0].iov_len != NBT_HDR_SIZE) {
1477 return NT_STATUS_INVALID_PARAMETER_MIX;
1479 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
1480 return NT_STATUS_INVALID_PARAMETER_MIX;
1482 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
1483 return NT_STATUS_INVALID_PARAMETER_MIX;
1485 if (iov[3].iov_len != sizeof(uint16_t)) {
1486 return NT_STATUS_INVALID_PARAMETER_MIX;
1489 frame = talloc_stackframe();
1491 buf = smbXcli_iov_concat(frame, &iov[1], iov_count - 1);
1493 return NT_STATUS_NO_MEMORY;
1496 *seqnum = smb_signing_next_seqnum(conn->smb1.signing,
1498 smb_signing_sign_pdu(conn->smb1.signing,
1499 buf, talloc_get_size(buf),
1501 memcpy(iov[1].iov_base, buf, iov[1].iov_len);
1504 return NT_STATUS_OK;
1507 static void smb1cli_req_writev_done(struct tevent_req *subreq);
1508 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1509 TALLOC_CTX *tmp_mem,
1512 static NTSTATUS smb1cli_req_writev_submit(struct tevent_req *req,
1513 struct smbXcli_req_state *state,
1514 struct iovec *iov, int iov_count)
1516 struct tevent_req *subreq;
1522 if (!smbXcli_conn_is_connected(state->conn)) {
1523 return NT_STATUS_CONNECTION_DISCONNECTED;
1526 if (state->conn->protocol > PROTOCOL_NT1) {
1527 return NT_STATUS_REVISION_MISMATCH;
1530 if (iov_count < 4) {
1531 return NT_STATUS_INVALID_PARAMETER_MIX;
1533 if (iov[0].iov_len != NBT_HDR_SIZE) {
1534 return NT_STATUS_INVALID_PARAMETER_MIX;
1536 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
1537 return NT_STATUS_INVALID_PARAMETER_MIX;
1539 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
1540 return NT_STATUS_INVALID_PARAMETER_MIX;
1542 if (iov[3].iov_len != sizeof(uint16_t)) {
1543 return NT_STATUS_INVALID_PARAMETER_MIX;
1546 cmd = CVAL(iov[1].iov_base, HDR_COM);
1547 if (cmd == SMBreadBraw) {
1548 if (smbXcli_conn_has_async_calls(state->conn)) {
1549 return NT_STATUS_INVALID_PARAMETER_MIX;
1551 state->conn->smb1.read_braw_req = req;
1554 if (state->smb1.mid != 0) {
1555 mid = state->smb1.mid;
1557 mid = smb1cli_alloc_mid(state->conn);
1559 SSVAL(iov[1].iov_base, HDR_MID, mid);
1561 nbtlen = iov_buflen(&iov[1], iov_count-1);
1562 if ((nbtlen == -1) || (nbtlen > 0x1FFFF)) {
1563 return NT_STATUS_INVALID_PARAMETER_MIX;
1566 _smb_setlen_nbt(iov[0].iov_base, nbtlen);
1568 status = smb1cli_conn_signv(state->conn, iov, iov_count,
1569 &state->smb1.seqnum,
1570 state->smb1.one_way_seqnum);
1572 if (!NT_STATUS_IS_OK(status)) {
1577 * If we supported multiple encrytion contexts
1578 * here we'd look up based on tid.
1580 if (common_encryption_on(state->conn->smb1.trans_enc)) {
1581 char *buf, *enc_buf;
1583 buf = (char *)smbXcli_iov_concat(talloc_tos(), iov, iov_count);
1585 return NT_STATUS_NO_MEMORY;
1587 status = common_encrypt_buffer(state->conn->smb1.trans_enc,
1588 (char *)buf, &enc_buf);
1590 if (!NT_STATUS_IS_OK(status)) {
1591 DEBUG(0, ("Error in encrypting client message: %s\n",
1592 nt_errstr(status)));
1595 buf = (char *)talloc_memdup(state, enc_buf,
1596 smb_len_nbt(enc_buf)+4);
1599 return NT_STATUS_NO_MEMORY;
1601 iov[0].iov_base = (void *)buf;
1602 iov[0].iov_len = talloc_get_size(buf);
1606 if (state->conn->dispatch_incoming == NULL) {
1607 state->conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
1610 tevent_req_set_cancel_fn(req, smbXcli_req_cancel);
1612 subreq = writev_send(state, state->ev, state->conn->outgoing,
1613 state->conn->sock_fd, false, iov, iov_count);
1614 if (subreq == NULL) {
1615 return NT_STATUS_NO_MEMORY;
1617 tevent_req_set_callback(subreq, smb1cli_req_writev_done, req);
1618 return NT_STATUS_OK;
1621 struct tevent_req *smb1cli_req_send(TALLOC_CTX *mem_ctx,
1622 struct tevent_context *ev,
1623 struct smbXcli_conn *conn,
1624 uint8_t smb_command,
1625 uint8_t additional_flags,
1626 uint8_t clear_flags,
1627 uint16_t additional_flags2,
1628 uint16_t clear_flags2,
1629 uint32_t timeout_msec,
1631 struct smbXcli_tcon *tcon,
1632 struct smbXcli_session *session,
1633 uint8_t wct, uint16_t *vwv,
1635 const uint8_t *bytes)
1637 struct tevent_req *req;
1641 iov.iov_base = discard_const_p(void, bytes);
1642 iov.iov_len = num_bytes;
1644 req = smb1cli_req_create(mem_ctx, ev, conn, smb_command,
1645 additional_flags, clear_flags,
1646 additional_flags2, clear_flags2,
1653 if (!tevent_req_is_in_progress(req)) {
1654 return tevent_req_post(req, ev);
1656 status = smb1cli_req_chain_submit(&req, 1);
1657 if (tevent_req_nterror(req, status)) {
1658 return tevent_req_post(req, ev);
1663 static void smb1cli_req_writev_done(struct tevent_req *subreq)
1665 struct tevent_req *req =
1666 tevent_req_callback_data(subreq,
1668 struct smbXcli_req_state *state =
1669 tevent_req_data(req,
1670 struct smbXcli_req_state);
1674 nwritten = writev_recv(subreq, &err);
1675 TALLOC_FREE(subreq);
1676 if (nwritten == -1) {
1677 NTSTATUS status = map_nt_error_from_unix_common(err);
1678 smbXcli_conn_disconnect(state->conn, status);
1679 tevent_req_nterror(req, status);
1683 if (state->one_way) {
1684 state->inbuf = NULL;
1685 tevent_req_done(req);
1689 if (!smbXcli_req_set_pending(req)) {
1690 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1695 static void smbXcli_conn_received(struct tevent_req *subreq)
1697 struct smbXcli_conn *conn =
1698 tevent_req_callback_data(subreq,
1699 struct smbXcli_conn);
1700 TALLOC_CTX *frame = talloc_stackframe();
1706 if (subreq != conn->read_smb_req) {
1707 DEBUG(1, ("Internal error: cli_smb_received called with "
1708 "unexpected subreq\n"));
1709 smbXcli_conn_disconnect(conn, NT_STATUS_INTERNAL_ERROR);
1713 conn->read_smb_req = NULL;
1715 received = read_smb_recv(subreq, frame, &inbuf, &err);
1716 TALLOC_FREE(subreq);
1717 if (received == -1) {
1718 status = map_nt_error_from_unix_common(err);
1719 smbXcli_conn_disconnect(conn, status);
1724 status = conn->dispatch_incoming(conn, frame, inbuf);
1726 if (NT_STATUS_IS_OK(status)) {
1728 * We should not do any more processing
1729 * as the dispatch function called
1730 * tevent_req_done().
1735 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
1737 * We got an error, so notify all pending requests
1739 smbXcli_conn_disconnect(conn, status);
1744 * We got NT_STATUS_RETRY, so we may ask for a
1745 * next incoming pdu.
1747 if (!smbXcli_conn_receive_next(conn)) {
1748 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
1752 static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
1753 struct iovec **piov, int *pnum_iov)
1764 size_t min_size = MIN_SMB_SIZE;
1766 buflen = smb_len_tcp(buf);
1769 hdr = buf + NBT_HDR_SIZE;
1771 status = smb1cli_pull_raw_error(hdr);
1772 if (NT_STATUS_IS_ERR(status)) {
1774 * This is an ugly hack to support OS/2
1775 * which skips the byte_count in the DATA block
1776 * on some error responses.
1780 min_size -= sizeof(uint16_t);
1783 if (buflen < min_size) {
1784 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1788 * This returns iovec elements in the following order:
1803 iov = talloc_array(mem_ctx, struct iovec, num_iov);
1805 return NT_STATUS_NO_MEMORY;
1807 iov[0].iov_base = hdr;
1808 iov[0].iov_len = HDR_WCT;
1811 cmd = CVAL(hdr, HDR_COM);
1815 size_t len = buflen - taken;
1817 struct iovec *iov_tmp;
1824 * we need at least WCT
1826 needed = sizeof(uint8_t);
1828 DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
1829 __location__, (int)len, (int)needed));
1834 * Now we check if the specified words are there
1836 wct = CVAL(hdr, wct_ofs);
1837 needed += wct * sizeof(uint16_t);
1839 DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
1840 __location__, (int)len, (int)needed));
1844 if ((num_iov == 1) &&
1846 NT_STATUS_IS_ERR(status))
1849 * This is an ugly hack to support OS/2
1850 * which skips the byte_count in the DATA block
1851 * on some error responses.
1855 iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
1857 if (iov_tmp == NULL) {
1859 return NT_STATUS_NO_MEMORY;
1862 cur = &iov[num_iov];
1866 cur[0].iov_base = hdr + (wct_ofs + sizeof(uint8_t));
1868 cur[1].iov_base = cur[0].iov_base;
1875 * we need at least BCC
1877 needed += sizeof(uint16_t);
1879 DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
1880 __location__, (int)len, (int)needed));
1885 * Now we check if the specified bytes are there
1887 bcc_ofs = wct_ofs + sizeof(uint8_t) + wct * sizeof(uint16_t);
1888 bcc = SVAL(hdr, bcc_ofs);
1889 needed += bcc * sizeof(uint8_t);
1891 DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
1892 __location__, (int)len, (int)needed));
1897 * we allocate 2 iovec structures for words and bytes
1899 iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
1901 if (iov_tmp == NULL) {
1903 return NT_STATUS_NO_MEMORY;
1906 cur = &iov[num_iov];
1909 cur[0].iov_len = wct * sizeof(uint16_t);
1910 cur[0].iov_base = hdr + (wct_ofs + sizeof(uint8_t));
1911 cur[1].iov_len = bcc * sizeof(uint8_t);
1912 cur[1].iov_base = hdr + (bcc_ofs + sizeof(uint16_t));
1916 if (!smb1cli_is_andx_req(cmd)) {
1918 * If the current command does not have AndX chanining
1924 if (wct == 0 && bcc == 0) {
1926 * An empty response also ends the chain,
1927 * most likely with an error.
1933 DEBUG(10, ("%s: wct[%d] < 2 for cmd[0x%02X]\n",
1934 __location__, (int)wct, (int)cmd));
1937 cmd = CVAL(cur[0].iov_base, 0);
1940 * If it is the end of the chain we are also done.
1944 wct_ofs = SVAL(cur[0].iov_base, 2);
1946 if (wct_ofs < taken) {
1947 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1949 if (wct_ofs > buflen) {
1950 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1954 * we consumed everything up to the start of the next
1960 remaining = buflen - taken;
1962 if (remaining > 0 && num_iov >= 3) {
1964 * The last DATA block gets the remaining
1965 * bytes, this is needed to support
1966 * CAP_LARGE_WRITEX and CAP_LARGE_READX.
1968 iov[num_iov-1].iov_len += remaining;
1972 *pnum_iov = num_iov;
1973 return NT_STATUS_OK;
1977 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1980 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1981 TALLOC_CTX *tmp_mem,
1984 struct tevent_req *req;
1985 struct smbXcli_req_state *state;
1992 uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
1993 size_t len = smb_len_tcp(inbuf);
1994 struct iovec *iov = NULL;
1996 struct tevent_req **chain = NULL;
1997 size_t num_chained = 0;
1998 size_t num_responses = 0;
2000 if (conn->smb1.read_braw_req != NULL) {
2001 req = conn->smb1.read_braw_req;
2002 conn->smb1.read_braw_req = NULL;
2003 state = tevent_req_data(req, struct smbXcli_req_state);
2005 smbXcli_req_unset_pending(req);
2007 if (state->smb1.recv_iov == NULL) {
2009 * For requests with more than
2010 * one response, we have to readd the
2013 state->smb1.recv_iov = talloc_zero_array(state,
2016 if (tevent_req_nomem(state->smb1.recv_iov, req)) {
2017 return NT_STATUS_OK;
2021 state->smb1.recv_iov[0].iov_base = (void *)(inhdr);
2022 state->smb1.recv_iov[0].iov_len = len;
2023 ZERO_STRUCT(state->smb1.recv_iov[1]);
2024 ZERO_STRUCT(state->smb1.recv_iov[2]);
2026 state->smb1.recv_cmd = SMBreadBraw;
2027 state->smb1.recv_status = NT_STATUS_OK;
2028 state->inbuf = talloc_move(state->smb1.recv_iov, &inbuf);
2030 tevent_req_done(req);
2031 return NT_STATUS_OK;
2034 if ((IVAL(inhdr, 0) != SMB_MAGIC) /* 0xFF"SMB" */
2035 && (SVAL(inhdr, 0) != 0x45ff)) /* 0xFF"E" */ {
2036 DEBUG(10, ("Got non-SMB PDU\n"));
2037 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2041 * If we supported multiple encrytion contexts
2042 * here we'd look up based on tid.
2044 if (common_encryption_on(conn->smb1.trans_enc)
2045 && (CVAL(inbuf, 0) == 0)) {
2046 uint16_t enc_ctx_num;
2048 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
2049 if (!NT_STATUS_IS_OK(status)) {
2050 DEBUG(10, ("get_enc_ctx_num returned %s\n",
2051 nt_errstr(status)));
2055 if (enc_ctx_num != conn->smb1.trans_enc->enc_ctx_num) {
2056 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
2058 conn->smb1.trans_enc->enc_ctx_num));
2059 return NT_STATUS_INVALID_HANDLE;
2062 status = common_decrypt_buffer(conn->smb1.trans_enc,
2064 if (!NT_STATUS_IS_OK(status)) {
2065 DEBUG(10, ("common_decrypt_buffer returned %s\n",
2066 nt_errstr(status)));
2069 inhdr = inbuf + NBT_HDR_SIZE;
2070 len = smb_len_nbt(inbuf);
2073 mid = SVAL(inhdr, HDR_MID);
2074 num_pending = talloc_array_length(conn->pending);
2076 for (i=0; i<num_pending; i++) {
2077 if (mid == smb1cli_req_mid(conn->pending[i])) {
2081 if (i == num_pending) {
2082 /* Dump unexpected reply */
2083 return NT_STATUS_RETRY;
2086 oplock_break = false;
2088 if (mid == 0xffff) {
2090 * Paranoia checks that this is really an oplock break request.
2092 oplock_break = (len == 51); /* hdr + 8 words */
2093 oplock_break &= ((CVAL(inhdr, HDR_FLG) & FLAG_REPLY) == 0);
2094 oplock_break &= (CVAL(inhdr, HDR_COM) == SMBlockingX);
2095 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(6)) == 0);
2096 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(7)) == 0);
2098 if (!oplock_break) {
2099 /* Dump unexpected reply */
2100 return NT_STATUS_RETRY;
2104 req = conn->pending[i];
2105 state = tevent_req_data(req, struct smbXcli_req_state);
2107 if (!oplock_break /* oplock breaks are not signed */
2108 && !smb_signing_check_pdu(conn->smb1.signing,
2109 inhdr, len, state->smb1.seqnum+1)) {
2110 DEBUG(10, ("cli_check_sign_mac failed\n"));
2111 return NT_STATUS_ACCESS_DENIED;
2114 status = smb1cli_inbuf_parse_chain(inbuf, tmp_mem,
2116 if (!NT_STATUS_IS_OK(status)) {
2117 DEBUG(10,("smb1cli_inbuf_parse_chain - %s\n",
2118 nt_errstr(status)));
2122 cmd = CVAL(inhdr, HDR_COM);
2123 status = smb1cli_pull_raw_error(inhdr);
2125 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) &&
2126 (state->session != NULL) && state->session->disconnect_expired)
2129 * this should be a short term hack
2130 * until the upper layers have implemented
2131 * re-authentication.
2136 if (state->smb1.chained_requests == NULL) {
2138 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2141 smbXcli_req_unset_pending(req);
2143 if (state->smb1.recv_iov == NULL) {
2145 * For requests with more than
2146 * one response, we have to readd the
2149 state->smb1.recv_iov = talloc_zero_array(state,
2152 if (tevent_req_nomem(state->smb1.recv_iov, req)) {
2153 return NT_STATUS_OK;
2157 state->smb1.recv_cmd = cmd;
2158 state->smb1.recv_status = status;
2159 state->inbuf = talloc_move(state->smb1.recv_iov, &inbuf);
2161 state->smb1.recv_iov[0] = iov[0];
2162 state->smb1.recv_iov[1] = iov[1];
2163 state->smb1.recv_iov[2] = iov[2];
2165 if (talloc_array_length(conn->pending) == 0) {
2166 tevent_req_done(req);
2167 return NT_STATUS_OK;
2170 tevent_req_defer_callback(req, state->ev);
2171 tevent_req_done(req);
2172 return NT_STATUS_RETRY;
2175 chain = talloc_move(tmp_mem, &state->smb1.chained_requests);
2176 num_chained = talloc_array_length(chain);
2177 num_responses = (num_iov - 1)/2;
2179 if (num_responses > num_chained) {
2180 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2183 for (i=0; i<num_chained; i++) {
2184 size_t iov_idx = 1 + (i*2);
2185 struct iovec *cur = &iov[iov_idx];
2189 state = tevent_req_data(req, struct smbXcli_req_state);
2191 smbXcli_req_unset_pending(req);
2194 * as we finish multiple requests here
2195 * we need to defer the callbacks as
2196 * they could destroy our current stack state.
2198 tevent_req_defer_callback(req, state->ev);
2200 if (i >= num_responses) {
2201 tevent_req_nterror(req, NT_STATUS_REQUEST_ABORTED);
2205 if (state->smb1.recv_iov == NULL) {
2207 * For requests with more than
2208 * one response, we have to readd the
2211 state->smb1.recv_iov = talloc_zero_array(state,
2214 if (tevent_req_nomem(state->smb1.recv_iov, req)) {
2219 state->smb1.recv_cmd = cmd;
2221 if (i == (num_responses - 1)) {
2223 * The last request in the chain gets the status
2225 state->smb1.recv_status = status;
2227 cmd = CVAL(cur[0].iov_base, 0);
2228 state->smb1.recv_status = NT_STATUS_OK;
2231 state->inbuf = inbuf;
2234 * Note: here we use talloc_reference() in a way
2235 * that does not expose it to the caller.
2237 inbuf_ref = talloc_reference(state->smb1.recv_iov, inbuf);
2238 if (tevent_req_nomem(inbuf_ref, req)) {
2242 /* copy the related buffers */
2243 state->smb1.recv_iov[0] = iov[0];
2244 state->smb1.recv_iov[1] = cur[0];
2245 state->smb1.recv_iov[2] = cur[1];
2247 tevent_req_done(req);
2250 return NT_STATUS_RETRY;
2253 NTSTATUS smb1cli_req_recv(struct tevent_req *req,
2254 TALLOC_CTX *mem_ctx,
2255 struct iovec **piov,
2259 uint32_t *pvwv_offset,
2260 uint32_t *pnum_bytes,
2262 uint32_t *pbytes_offset,
2264 const struct smb1cli_req_expected_response *expected,
2265 size_t num_expected)
2267 struct smbXcli_req_state *state =
2268 tevent_req_data(req,
2269 struct smbXcli_req_state);
2270 NTSTATUS status = NT_STATUS_OK;
2271 struct iovec *recv_iov = NULL;
2272 uint8_t *hdr = NULL;
2274 uint32_t vwv_offset = 0;
2275 uint16_t *vwv = NULL;
2276 uint32_t num_bytes = 0;
2277 uint32_t bytes_offset = 0;
2278 uint8_t *bytes = NULL;
2280 bool found_status = false;
2281 bool found_size = false;
2295 if (pvwv_offset != NULL) {
2298 if (pnum_bytes != NULL) {
2301 if (pbytes != NULL) {
2304 if (pbytes_offset != NULL) {
2307 if (pinbuf != NULL) {
2311 if (state->inbuf != NULL) {
2312 recv_iov = state->smb1.recv_iov;
2313 state->smb1.recv_iov = NULL;
2314 if (state->smb1.recv_cmd != SMBreadBraw) {
2315 hdr = (uint8_t *)recv_iov[0].iov_base;
2316 wct = recv_iov[1].iov_len/2;
2317 vwv = (uint16_t *)recv_iov[1].iov_base;
2318 vwv_offset = PTR_DIFF(vwv, hdr);
2319 num_bytes = recv_iov[2].iov_len;
2320 bytes = (uint8_t *)recv_iov[2].iov_base;
2321 bytes_offset = PTR_DIFF(bytes, hdr);
2325 if (tevent_req_is_nterror(req, &status)) {
2326 for (i=0; i < num_expected; i++) {
2327 if (NT_STATUS_EQUAL(status, expected[i].status)) {
2328 found_status = true;
2334 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2340 if (num_expected == 0) {
2341 found_status = true;
2345 status = state->smb1.recv_status;
2347 for (i=0; i < num_expected; i++) {
2348 if (!NT_STATUS_EQUAL(status, expected[i].status)) {
2352 found_status = true;
2353 if (expected[i].wct == 0) {
2358 if (expected[i].wct == wct) {
2364 if (!found_status) {
2369 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2373 *piov = talloc_move(mem_ctx, &recv_iov);
2385 if (pvwv_offset != NULL) {
2386 *pvwv_offset = vwv_offset;
2388 if (pnum_bytes != NULL) {
2389 *pnum_bytes = num_bytes;
2391 if (pbytes != NULL) {
2394 if (pbytes_offset != NULL) {
2395 *pbytes_offset = bytes_offset;
2397 if (pinbuf != NULL) {
2398 *pinbuf = state->inbuf;
2404 size_t smb1cli_req_wct_ofs(struct tevent_req **reqs, int num_reqs)
2411 for (i=0; i<num_reqs; i++) {
2412 struct smbXcli_req_state *state;
2413 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2414 wct_ofs += smbXcli_iov_len(state->smb1.iov+2,
2415 state->smb1.iov_count-2);
2416 wct_ofs = (wct_ofs + 3) & ~3;
2421 NTSTATUS smb1cli_req_chain_submit(struct tevent_req **reqs, int num_reqs)
2423 struct smbXcli_req_state *first_state =
2424 tevent_req_data(reqs[0],
2425 struct smbXcli_req_state);
2426 struct smbXcli_req_state *state;
2428 size_t chain_padding = 0;
2430 struct iovec *iov = NULL;
2431 struct iovec *this_iov;
2435 if (num_reqs == 1) {
2436 return smb1cli_req_writev_submit(reqs[0], first_state,
2437 first_state->smb1.iov,
2438 first_state->smb1.iov_count);
2442 for (i=0; i<num_reqs; i++) {
2443 if (!tevent_req_is_in_progress(reqs[i])) {
2444 return NT_STATUS_INTERNAL_ERROR;
2447 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2449 if (state->smb1.iov_count < 4) {
2450 return NT_STATUS_INVALID_PARAMETER_MIX;
2455 * The NBT and SMB header
2468 iovlen += state->smb1.iov_count - 2;
2471 iov = talloc_zero_array(first_state, struct iovec, iovlen);
2473 return NT_STATUS_NO_MEMORY;
2476 first_state->smb1.chained_requests = (struct tevent_req **)talloc_memdup(
2477 first_state, reqs, sizeof(*reqs) * num_reqs);
2478 if (first_state->smb1.chained_requests == NULL) {
2480 return NT_STATUS_NO_MEMORY;
2483 wct_offset = HDR_WCT;
2486 for (i=0; i<num_reqs; i++) {
2487 size_t next_padding = 0;
2490 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2492 if (i < num_reqs-1) {
2493 if (!smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))
2494 || CVAL(state->smb1.hdr, HDR_WCT) < 2) {
2496 TALLOC_FREE(first_state->smb1.chained_requests);
2497 return NT_STATUS_INVALID_PARAMETER_MIX;
2501 wct_offset += smbXcli_iov_len(state->smb1.iov+2,
2502 state->smb1.iov_count-2) + 1;
2503 if ((wct_offset % 4) != 0) {
2504 next_padding = 4 - (wct_offset % 4);
2506 wct_offset += next_padding;
2507 vwv = state->smb1.vwv;
2509 if (i < num_reqs-1) {
2510 struct smbXcli_req_state *next_state =
2511 tevent_req_data(reqs[i+1],
2512 struct smbXcli_req_state);
2513 SCVAL(vwv+0, 0, CVAL(next_state->smb1.hdr, HDR_COM));
2515 SSVAL(vwv+1, 0, wct_offset);
2516 } else if (smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))) {
2517 /* properly end the chain */
2518 SCVAL(vwv+0, 0, 0xff);
2519 SCVAL(vwv+0, 1, 0xff);
2525 * The NBT and SMB header
2527 this_iov[0] = state->smb1.iov[0];
2528 this_iov[1] = state->smb1.iov[1];
2532 * This one is a bit subtle. We have to add
2533 * chain_padding bytes between the requests, and we
2534 * have to also include the wct field of the
2535 * subsequent requests. We use the subsequent header
2536 * for the padding, it contains the wct field in its
2539 this_iov[0].iov_len = chain_padding+1;
2540 this_iov[0].iov_base = (void *)&state->smb1.hdr[
2541 sizeof(state->smb1.hdr) - this_iov[0].iov_len];
2542 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
2547 * copy the words and bytes
2549 memcpy(this_iov, state->smb1.iov+2,
2550 sizeof(struct iovec) * (state->smb1.iov_count-2));
2551 this_iov += state->smb1.iov_count - 2;
2552 chain_padding = next_padding;
2555 nbt_len = iov_buflen(&iov[1], iovlen-1);
2556 if ((nbt_len == -1) || (nbt_len > first_state->conn->smb1.max_xmit)) {
2558 TALLOC_FREE(first_state->smb1.chained_requests);
2559 return NT_STATUS_INVALID_PARAMETER_MIX;
2562 status = smb1cli_req_writev_submit(reqs[0], first_state, iov, iovlen);
2563 if (!NT_STATUS_IS_OK(status)) {
2565 TALLOC_FREE(first_state->smb1.chained_requests);
2569 return NT_STATUS_OK;
2572 bool smbXcli_conn_has_async_calls(struct smbXcli_conn *conn)
2574 return ((tevent_queue_length(conn->outgoing) != 0)
2575 || (talloc_array_length(conn->pending) != 0));
2578 bool smbXcli_conn_dfs_supported(struct smbXcli_conn *conn)
2580 if (conn->protocol >= PROTOCOL_SMB2_02) {
2581 return (smb2cli_conn_server_capabilities(conn) & SMB2_CAP_DFS);
2584 return (smb1cli_conn_capabilities(conn) & CAP_DFS);
2587 bool smb2cli_conn_req_possible(struct smbXcli_conn *conn, uint32_t *max_dyn_len)
2589 uint16_t credits = 1;
2591 if (conn->smb2.cur_credits == 0) {
2592 if (max_dyn_len != NULL) {
2598 if (conn->smb2.server.capabilities & SMB2_CAP_LARGE_MTU) {
2599 credits = conn->smb2.cur_credits;
2602 if (max_dyn_len != NULL) {
2603 *max_dyn_len = credits * 65536;
2609 uint32_t smb2cli_conn_server_capabilities(struct smbXcli_conn *conn)
2611 return conn->smb2.server.capabilities;
2614 uint16_t smb2cli_conn_server_security_mode(struct smbXcli_conn *conn)
2616 return conn->smb2.server.security_mode;
2619 uint32_t smb2cli_conn_max_trans_size(struct smbXcli_conn *conn)
2621 return conn->smb2.server.max_trans_size;
2624 uint32_t smb2cli_conn_max_read_size(struct smbXcli_conn *conn)
2626 return conn->smb2.server.max_read_size;
2629 uint32_t smb2cli_conn_max_write_size(struct smbXcli_conn *conn)
2631 return conn->smb2.server.max_write_size;
2634 void smb2cli_conn_set_max_credits(struct smbXcli_conn *conn,
2635 uint16_t max_credits)
2637 conn->smb2.max_credits = max_credits;
2640 uint8_t smb2cli_conn_get_io_priority(struct smbXcli_conn *conn)
2642 if (conn->protocol < PROTOCOL_SMB3_11) {
2646 return conn->smb2.io_priority;
2649 void smb2cli_conn_set_io_priority(struct smbXcli_conn *conn,
2650 uint8_t io_priority)
2652 conn->smb2.io_priority = io_priority;
2655 uint32_t smb2cli_conn_cc_chunk_len(struct smbXcli_conn *conn)
2657 return conn->smb2.cc_chunk_len;
2660 void smb2cli_conn_set_cc_chunk_len(struct smbXcli_conn *conn,
2663 conn->smb2.cc_chunk_len = chunk_len;
2666 uint32_t smb2cli_conn_cc_max_chunks(struct smbXcli_conn *conn)
2668 return conn->smb2.cc_max_chunks;
2671 void smb2cli_conn_set_cc_max_chunks(struct smbXcli_conn *conn,
2672 uint32_t max_chunks)
2674 conn->smb2.cc_max_chunks = max_chunks;
2677 static void smb2cli_req_cancel_done(struct tevent_req *subreq);
2679 static bool smb2cli_req_cancel(struct tevent_req *req)
2681 struct smbXcli_req_state *state =
2682 tevent_req_data(req,
2683 struct smbXcli_req_state);
2684 struct smbXcli_tcon *tcon = state->tcon;
2685 struct smbXcli_session *session = state->session;
2686 uint8_t *fixed = state->smb2.pad;
2687 uint16_t fixed_len = 4;
2688 struct tevent_req *subreq;
2689 struct smbXcli_req_state *substate;
2692 SSVAL(fixed, 0, 0x04);
2695 subreq = smb2cli_req_create(state, state->ev,
2703 if (subreq == NULL) {
2706 substate = tevent_req_data(subreq, struct smbXcli_req_state);
2708 SIVAL(substate->smb2.hdr, SMB2_HDR_FLAGS, state->smb2.cancel_flags);
2709 SBVAL(substate->smb2.hdr, SMB2_HDR_MESSAGE_ID, state->smb2.cancel_mid);
2710 SBVAL(substate->smb2.hdr, SMB2_HDR_ASYNC_ID, state->smb2.cancel_aid);
2712 status = smb2cli_req_compound_submit(&subreq, 1);
2713 if (!NT_STATUS_IS_OK(status)) {
2714 TALLOC_FREE(subreq);
2718 tevent_req_set_callback(subreq, smb2cli_req_cancel_done, NULL);
2723 static void smb2cli_req_cancel_done(struct tevent_req *subreq)
2725 /* we do not care about the result */
2726 TALLOC_FREE(subreq);
2729 struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
2730 struct tevent_context *ev,
2731 struct smbXcli_conn *conn,
2733 uint32_t additional_flags,
2734 uint32_t clear_flags,
2735 uint32_t timeout_msec,
2736 struct smbXcli_tcon *tcon,
2737 struct smbXcli_session *session,
2738 const uint8_t *fixed,
2742 uint32_t max_dyn_len)
2744 struct tevent_req *req;
2745 struct smbXcli_req_state *state;
2749 bool use_channel_sequence = false;
2750 uint16_t channel_sequence = 0;
2751 bool use_replay_flag = false;
2753 req = tevent_req_create(mem_ctx, &state,
2754 struct smbXcli_req_state);
2761 state->session = session;
2764 if (conn->smb2.server.capabilities & SMB2_CAP_PERSISTENT_HANDLES) {
2765 use_channel_sequence = true;
2766 } else if (conn->smb2.server.capabilities & SMB2_CAP_MULTI_CHANNEL) {
2767 use_channel_sequence = true;
2770 if (smbXcli_conn_protocol(conn) >= PROTOCOL_SMB3_00) {
2771 use_replay_flag = true;
2774 if (smbXcli_conn_protocol(conn) >= PROTOCOL_SMB3_11) {
2775 flags |= SMB2_PRIORITY_VALUE_TO_MASK(conn->smb2.io_priority);
2779 uid = session->smb2->session_id;
2781 if (use_channel_sequence) {
2782 channel_sequence = session->smb2->channel_sequence;
2785 if (use_replay_flag && session->smb2->replay_active) {
2786 additional_flags |= SMB2_HDR_FLAG_REPLAY_OPERATION;
2789 state->smb2.should_sign = session->smb2->should_sign;
2790 state->smb2.should_encrypt = session->smb2->should_encrypt;
2792 if (cmd == SMB2_OP_SESSSETUP &&
2793 session->smb2_channel.signing_key.length == 0 &&
2794 session->smb2->signing_key.length != 0)
2797 * a session bind needs to be signed
2799 state->smb2.should_sign = true;
2802 if (cmd == SMB2_OP_SESSSETUP &&
2803 session->smb2_channel.signing_key.length == 0) {
2804 state->smb2.should_encrypt = false;
2807 if (additional_flags & SMB2_HDR_FLAG_SIGNED) {
2808 if (session->smb2_channel.signing_key.length == 0) {
2809 tevent_req_nterror(req, NT_STATUS_NO_USER_SESSION_KEY);
2813 additional_flags &= ~SMB2_HDR_FLAG_SIGNED;
2814 state->smb2.should_sign = true;
2819 tid = tcon->smb2.tcon_id;
2821 if (tcon->smb2.should_sign) {
2822 state->smb2.should_sign = true;
2824 if (tcon->smb2.should_encrypt) {
2825 state->smb2.should_encrypt = true;
2829 if (state->smb2.should_encrypt) {
2830 state->smb2.should_sign = false;
2833 state->smb2.recv_iov = talloc_zero_array(state, struct iovec, 3);
2834 if (state->smb2.recv_iov == NULL) {
2839 flags |= additional_flags;
2840 flags &= ~clear_flags;
2842 state->smb2.fixed = fixed;
2843 state->smb2.fixed_len = fixed_len;
2844 state->smb2.dyn = dyn;
2845 state->smb2.dyn_len = dyn_len;
2846 state->smb2.max_dyn_len = max_dyn_len;
2848 if (state->smb2.should_encrypt) {
2849 SIVAL(state->smb2.transform, SMB2_TF_PROTOCOL_ID, SMB2_TF_MAGIC);
2850 SBVAL(state->smb2.transform, SMB2_TF_SESSION_ID, uid);
2853 SIVAL(state->smb2.hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
2854 SSVAL(state->smb2.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
2855 SSVAL(state->smb2.hdr, SMB2_HDR_OPCODE, cmd);
2856 SSVAL(state->smb2.hdr, SMB2_HDR_CHANNEL_SEQUENCE, channel_sequence);
2857 SIVAL(state->smb2.hdr, SMB2_HDR_FLAGS, flags);
2858 SIVAL(state->smb2.hdr, SMB2_HDR_PID, 0); /* reserved */
2859 SIVAL(state->smb2.hdr, SMB2_HDR_TID, tid);
2860 SBVAL(state->smb2.hdr, SMB2_HDR_SESSION_ID, uid);
2863 case SMB2_OP_CANCEL:
2864 state->one_way = true;
2868 * If this is a dummy request, it will have
2869 * UINT64_MAX as message id.
2870 * If we send on break acknowledgement,
2871 * this gets overwritten later.
2873 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, UINT64_MAX);
2877 if (timeout_msec > 0) {
2878 struct timeval endtime;
2880 endtime = timeval_current_ofs_msec(timeout_msec);
2881 if (!tevent_req_set_endtime(req, ev, endtime)) {
2889 void smb2cli_req_set_notify_async(struct tevent_req *req)
2891 struct smbXcli_req_state *state =
2892 tevent_req_data(req,
2893 struct smbXcli_req_state);
2895 state->smb2.notify_async = true;
2898 static void smb2cli_req_writev_done(struct tevent_req *subreq);
2899 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
2900 TALLOC_CTX *tmp_mem,
2903 NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
2906 struct smbXcli_req_state *state;
2907 struct tevent_req *subreq;
2909 int i, num_iov, nbt_len;
2911 const DATA_BLOB *encryption_key = NULL;
2912 uint64_t encryption_session_id = 0;
2913 uint64_t nonce_high = UINT64_MAX;
2914 uint64_t nonce_low = UINT64_MAX;
2917 * 1 for the nbt length, optional TRANSFORM
2918 * per request: HDR, fixed, dyn, padding
2919 * -1 because the last one does not need padding
2922 iov = talloc_array(reqs[0], struct iovec, 1 + 1 + 4*num_reqs - 1);
2924 return NT_STATUS_NO_MEMORY;
2931 * the session of the first request that requires encryption
2932 * specifies the encryption key.
2934 for (i=0; i<num_reqs; i++) {
2935 if (!tevent_req_is_in_progress(reqs[i])) {
2936 return NT_STATUS_INTERNAL_ERROR;
2939 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
2941 if (!smbXcli_conn_is_connected(state->conn)) {
2942 return NT_STATUS_CONNECTION_DISCONNECTED;
2945 if ((state->conn->protocol != PROTOCOL_NONE) &&
2946 (state->conn->protocol < PROTOCOL_SMB2_02)) {
2947 return NT_STATUS_REVISION_MISMATCH;
2950 if (state->session == NULL) {
2954 if (!state->smb2.should_encrypt) {
2958 encryption_key = &state->session->smb2->encryption_key;
2959 if (encryption_key->length == 0) {
2960 return NT_STATUS_INVALID_PARAMETER_MIX;
2963 encryption_session_id = state->session->smb2->session_id;
2965 state->session->smb2->nonce_low += 1;
2966 if (state->session->smb2->nonce_low == 0) {
2967 state->session->smb2->nonce_high += 1;
2968 state->session->smb2->nonce_low += 1;
2972 * CCM and GCM algorithms must never have their
2973 * nonce wrap, or the security of the whole
2974 * communication and the keys is destroyed.
2975 * We must drop the connection once we have
2976 * transfered too much data.
2978 * NOTE: We assume nonces greater than 8 bytes.
2980 if (state->session->smb2->nonce_high >=
2981 state->session->smb2->nonce_high_max)
2983 return NT_STATUS_ENCRYPTION_FAILED;
2986 nonce_high = state->session->smb2->nonce_high_random;
2987 nonce_high += state->session->smb2->nonce_high;
2988 nonce_low = state->session->smb2->nonce_low;
2991 iov[num_iov].iov_base = state->smb2.transform;
2992 iov[num_iov].iov_len = sizeof(state->smb2.transform);
2995 SBVAL(state->smb2.transform, SMB2_TF_PROTOCOL_ID, SMB2_TF_MAGIC);
2996 SBVAL(state->smb2.transform, SMB2_TF_NONCE,
2998 SBVAL(state->smb2.transform, SMB2_TF_NONCE+8,
3000 SBVAL(state->smb2.transform, SMB2_TF_SESSION_ID,
3001 encryption_session_id);
3003 nbt_len += SMB2_TF_HDR_SIZE;
3007 for (i=0; i<num_reqs; i++) {
3016 const DATA_BLOB *signing_key = NULL;
3018 if (!tevent_req_is_in_progress(reqs[i])) {
3019 return NT_STATUS_INTERNAL_ERROR;
3022 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
3024 if (!smbXcli_conn_is_connected(state->conn)) {
3025 return NT_STATUS_CONNECTION_DISCONNECTED;
3028 if ((state->conn->protocol != PROTOCOL_NONE) &&
3029 (state->conn->protocol < PROTOCOL_SMB2_02)) {
3030 return NT_STATUS_REVISION_MISMATCH;
3033 opcode = SVAL(state->smb2.hdr, SMB2_HDR_OPCODE);
3034 if (opcode == SMB2_OP_CANCEL) {
3038 avail = UINT64_MAX - state->conn->smb2.mid;
3040 return NT_STATUS_CONNECTION_ABORTED;
3043 if (state->conn->smb2.server.capabilities & SMB2_CAP_LARGE_MTU) {
3044 uint32_t max_dyn_len = 1;
3046 max_dyn_len = MAX(max_dyn_len, state->smb2.dyn_len);
3047 max_dyn_len = MAX(max_dyn_len, state->smb2.max_dyn_len);
3049 charge = (max_dyn_len - 1)/ 65536 + 1;
3054 charge = MAX(state->smb2.credit_charge, charge);
3056 avail = MIN(avail, state->conn->smb2.cur_credits);
3057 if (avail < charge) {
3058 return NT_STATUS_INTERNAL_ERROR;
3062 if (state->conn->smb2.max_credits > state->conn->smb2.cur_credits) {
3063 credits = state->conn->smb2.max_credits -
3064 state->conn->smb2.cur_credits;
3066 if (state->conn->smb2.max_credits >= state->conn->smb2.cur_credits) {
3070 mid = state->conn->smb2.mid;
3071 state->conn->smb2.mid += charge;
3072 state->conn->smb2.cur_credits -= charge;
3074 if (state->conn->smb2.server.capabilities & SMB2_CAP_LARGE_MTU) {
3075 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT_CHARGE, charge);
3077 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT, credits);
3078 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
3080 state->smb2.cancel_flags = 0;
3081 state->smb2.cancel_mid = mid;
3082 state->smb2.cancel_aid = 0;
3085 if (state->session && encryption_key == NULL) {
3087 * We prefer the channel signing key if it is
3090 if (state->smb2.should_sign) {
3091 signing_key = &state->session->smb2_channel.signing_key;
3095 * If it is a channel binding, we already have the main
3096 * signing key and try that one.
3098 if (signing_key && signing_key->length == 0) {
3099 signing_key = &state->session->smb2->signing_key;
3103 * If we do not have any session key yet, we skip the
3104 * signing of SMB2_OP_SESSSETUP requests.
3106 if (signing_key && signing_key->length == 0) {
3112 iov[num_iov].iov_base = state->smb2.hdr;
3113 iov[num_iov].iov_len = sizeof(state->smb2.hdr);
3116 iov[num_iov].iov_base = discard_const(state->smb2.fixed);
3117 iov[num_iov].iov_len = state->smb2.fixed_len;
3120 if (state->smb2.dyn != NULL) {
3121 iov[num_iov].iov_base = discard_const(state->smb2.dyn);
3122 iov[num_iov].iov_len = state->smb2.dyn_len;
3126 reqlen = sizeof(state->smb2.hdr);
3127 reqlen += state->smb2.fixed_len;
3128 reqlen += state->smb2.dyn_len;
3130 if (i < num_reqs-1) {
3131 if ((reqlen % 8) > 0) {
3132 uint8_t pad = 8 - (reqlen % 8);
3133 iov[num_iov].iov_base = state->smb2.pad;
3134 iov[num_iov].iov_len = pad;
3138 SIVAL(state->smb2.hdr, SMB2_HDR_NEXT_COMMAND, reqlen);
3141 state->smb2.encryption_session_id = encryption_session_id;
3143 if (signing_key != NULL) {
3146 status = smb2_signing_sign_pdu(*signing_key,
3147 state->session->conn->protocol,
3148 &iov[hdr_iov], num_iov - hdr_iov);
3149 if (!NT_STATUS_IS_OK(status)) {
3156 ret = smbXcli_req_set_pending(reqs[i]);
3158 return NT_STATUS_NO_MEMORY;
3162 state = tevent_req_data(reqs[0], struct smbXcli_req_state);
3163 _smb_setlen_tcp(state->length_hdr, nbt_len);
3164 iov[0].iov_base = state->length_hdr;
3165 iov[0].iov_len = sizeof(state->length_hdr);
3167 if (encryption_key != NULL) {
3169 size_t buflen = nbt_len - SMB2_TF_HDR_SIZE;
3173 buf = talloc_array(iov, uint8_t, buflen);
3175 return NT_STATUS_NO_MEMORY;
3179 * We copy the buffers before encrypting them,
3180 * this is at least currently needed for the
3181 * to keep state->smb2.hdr.
3183 * Also the callers may expect there buffers
3186 for (vi = tf_iov + 1; vi < num_iov; vi++) {
3187 struct iovec *v = &iov[vi];
3188 const uint8_t *o = (const uint8_t *)v->iov_base;
3190 memcpy(buf, o, v->iov_len);
3191 v->iov_base = (void *)buf;
3195 status = smb2_signing_encrypt_pdu(*encryption_key,
3196 state->conn->smb2.server.cipher,
3197 &iov[tf_iov], num_iov - tf_iov);
3198 if (!NT_STATUS_IS_OK(status)) {
3203 if (state->conn->dispatch_incoming == NULL) {
3204 state->conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
3207 subreq = writev_send(state, state->ev, state->conn->outgoing,
3208 state->conn->sock_fd, false, iov, num_iov);
3209 if (subreq == NULL) {
3210 return NT_STATUS_NO_MEMORY;
3212 tevent_req_set_callback(subreq, smb2cli_req_writev_done, reqs[0]);
3213 return NT_STATUS_OK;
3216 void smb2cli_req_set_credit_charge(struct tevent_req *req, uint16_t charge)
3218 struct smbXcli_req_state *state =
3219 tevent_req_data(req,
3220 struct smbXcli_req_state);
3222 state->smb2.credit_charge = charge;
3225 struct tevent_req *smb2cli_req_send(TALLOC_CTX *mem_ctx,
3226 struct tevent_context *ev,
3227 struct smbXcli_conn *conn,
3229 uint32_t additional_flags,
3230 uint32_t clear_flags,
3231 uint32_t timeout_msec,
3232 struct smbXcli_tcon *tcon,
3233 struct smbXcli_session *session,
3234 const uint8_t *fixed,
3238 uint32_t max_dyn_len)
3240 struct tevent_req *req;
3243 req = smb2cli_req_create(mem_ctx, ev, conn, cmd,
3244 additional_flags, clear_flags,
3253 if (!tevent_req_is_in_progress(req)) {
3254 return tevent_req_post(req, ev);
3256 status = smb2cli_req_compound_submit(&req, 1);
3257 if (tevent_req_nterror(req, status)) {
3258 return tevent_req_post(req, ev);
3263 static void smb2cli_req_writev_done(struct tevent_req *subreq)
3265 struct tevent_req *req =
3266 tevent_req_callback_data(subreq,
3268 struct smbXcli_req_state *state =
3269 tevent_req_data(req,
3270 struct smbXcli_req_state);
3274 nwritten = writev_recv(subreq, &err);
3275 TALLOC_FREE(subreq);
3276 if (nwritten == -1) {
3277 /* here, we need to notify all pending requests */
3278 NTSTATUS status = map_nt_error_from_unix_common(err);
3279 smbXcli_conn_disconnect(state->conn, status);
3284 static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
3287 TALLOC_CTX *mem_ctx,
3288 struct iovec **piov, int *pnum_iov)
3293 uint8_t *first_hdr = buf;
3294 size_t verified_buflen = 0;
3298 iov = talloc_array(mem_ctx, struct iovec, num_iov);
3300 return NT_STATUS_NO_MEMORY;
3303 while (taken < buflen) {
3304 size_t len = buflen - taken;
3305 uint8_t *hdr = first_hdr + taken;
3308 size_t next_command_ofs;
3310 struct iovec *iov_tmp;
3312 if (verified_buflen > taken) {
3313 len = verified_buflen - taken;
3320 DEBUG(10, ("%d bytes left, expected at least %d\n",
3324 if (IVAL(hdr, 0) == SMB2_TF_MAGIC) {
3325 struct smbXcli_session *s;
3327 struct iovec tf_iov[2];
3331 if (len < SMB2_TF_HDR_SIZE) {
3332 DEBUG(10, ("%d bytes left, expected at least %d\n",
3333 (int)len, SMB2_TF_HDR_SIZE));
3337 tf_len = SMB2_TF_HDR_SIZE;
3340 hdr = first_hdr + taken;
3341 enc_len = IVAL(tf, SMB2_TF_MSG_SIZE);
3342 uid = BVAL(tf, SMB2_TF_SESSION_ID);
3344 if (len < SMB2_TF_HDR_SIZE + enc_len) {
3345 DEBUG(10, ("%d bytes left, expected at least %d\n",
3347 (int)(SMB2_TF_HDR_SIZE + enc_len)));
3352 for (; s; s = s->next) {
3353 if (s->smb2->session_id != uid) {
3360 DEBUG(10, ("unknown session_id %llu\n",
3361 (unsigned long long)uid));
3365 tf_iov[0].iov_base = (void *)tf;
3366 tf_iov[0].iov_len = tf_len;
3367 tf_iov[1].iov_base = (void *)hdr;
3368 tf_iov[1].iov_len = enc_len;
3370 status = smb2_signing_decrypt_pdu(s->smb2->decryption_key,
3371 conn->smb2.server.cipher,
3373 if (!NT_STATUS_IS_OK(status)) {
3378 verified_buflen = taken + enc_len;
3383 * We need the header plus the body length field
3386 if (len < SMB2_HDR_BODY + 2) {
3387 DEBUG(10, ("%d bytes left, expected at least %d\n",
3388 (int)len, SMB2_HDR_BODY));
3391 if (IVAL(hdr, 0) != SMB2_MAGIC) {
3392 DEBUG(10, ("Got non-SMB2 PDU: %x\n",
3396 if (SVAL(hdr, 4) != SMB2_HDR_BODY) {
3397 DEBUG(10, ("Got HDR len %d, expected %d\n",
3398 SVAL(hdr, 4), SMB2_HDR_BODY));
3403 next_command_ofs = IVAL(hdr, SMB2_HDR_NEXT_COMMAND);
3404 body_size = SVAL(hdr, SMB2_HDR_BODY);
3406 if (next_command_ofs != 0) {
3407 if (next_command_ofs < (SMB2_HDR_BODY + 2)) {
3410 if (next_command_ofs > full_size) {
3413 full_size = next_command_ofs;
3415 if (body_size < 2) {
3418 body_size &= 0xfffe;
3420 if (body_size > (full_size - SMB2_HDR_BODY)) {
3424 iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
3426 if (iov_tmp == NULL) {
3428 return NT_STATUS_NO_MEMORY;
3431 cur = &iov[num_iov];
3434 cur[0].iov_base = tf;
3435 cur[0].iov_len = tf_len;
3436 cur[1].iov_base = hdr;
3437 cur[1].iov_len = SMB2_HDR_BODY;
3438 cur[2].iov_base = hdr + SMB2_HDR_BODY;
3439 cur[2].iov_len = body_size;
3440 cur[3].iov_base = hdr + SMB2_HDR_BODY + body_size;
3441 cur[3].iov_len = full_size - (SMB2_HDR_BODY + body_size);
3447 *pnum_iov = num_iov;
3448 return NT_STATUS_OK;
3452 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3455 static struct tevent_req *smb2cli_conn_find_pending(struct smbXcli_conn *conn,
3458 size_t num_pending = talloc_array_length(conn->pending);
3461 for (i=0; i<num_pending; i++) {
3462 struct tevent_req *req = conn->pending[i];
3463 struct smbXcli_req_state *state =
3464 tevent_req_data(req,
3465 struct smbXcli_req_state);
3467 if (mid == BVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID)) {
3474 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
3475 TALLOC_CTX *tmp_mem,
3478 struct tevent_req *req;
3479 struct smbXcli_req_state *state = NULL;
3484 struct smbXcli_session *last_session = NULL;
3485 size_t inbuf_len = smb_len_tcp(inbuf);
3487 status = smb2cli_inbuf_parse_compound(conn,
3488 inbuf + NBT_HDR_SIZE,
3492 if (!NT_STATUS_IS_OK(status)) {
3496 for (i=0; i<num_iov; i+=4) {
3497 uint8_t *inbuf_ref = NULL;
3498 struct iovec *cur = &iov[i];
3499 uint8_t *inhdr = (uint8_t *)cur[1].iov_base;
3500 uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
3501 uint32_t flags = IVAL(inhdr, SMB2_HDR_FLAGS);
3502 uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
3503 uint16_t req_opcode;
3505 uint16_t credits = SVAL(inhdr, SMB2_HDR_CREDIT);
3506 uint32_t new_credits;
3507 struct smbXcli_session *session = NULL;
3508 const DATA_BLOB *signing_key = NULL;
3509 bool was_encrypted = false;
3511 new_credits = conn->smb2.cur_credits;
3512 new_credits += credits;
3513 if (new_credits > UINT16_MAX) {
3514 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3516 conn->smb2.cur_credits += credits;
3518 req = smb2cli_conn_find_pending(conn, mid);
3520 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3522 state = tevent_req_data(req, struct smbXcli_req_state);
3524 req_opcode = SVAL(state->smb2.hdr, SMB2_HDR_OPCODE);
3525 if (opcode != req_opcode) {
3526 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3528 req_flags = SVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
3530 if (!(flags & SMB2_HDR_FLAG_REDIRECT)) {
3531 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3534 status = NT_STATUS(IVAL(inhdr, SMB2_HDR_STATUS));
3535 if ((flags & SMB2_HDR_FLAG_ASYNC) &&
3536 NT_STATUS_EQUAL(status, STATUS_PENDING)) {
3537 uint64_t async_id = BVAL(inhdr, SMB2_HDR_ASYNC_ID);
3539 if (state->smb2.got_async) {
3540 /* We only expect one STATUS_PENDING response */
3541 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3543 state->smb2.got_async = true;
3546 * async interim responses are not signed,
3547 * even if the SMB2_HDR_FLAG_SIGNED flag
3550 state->smb2.cancel_flags = SMB2_HDR_FLAG_ASYNC;
3551 state->smb2.cancel_mid = 0;
3552 state->smb2.cancel_aid = async_id;
3554 if (state->smb2.notify_async) {
3555 tevent_req_defer_callback(req, state->ev);
3556 tevent_req_notify_callback(req);
3561 session = state->session;
3562 if (req_flags & SMB2_HDR_FLAG_CHAINED) {
3563 session = last_session;
3565 last_session = session;
3567 if (state->smb2.should_sign) {
3568 if (!(flags & SMB2_HDR_FLAG_SIGNED)) {
3569 return NT_STATUS_ACCESS_DENIED;
3573 if (flags & SMB2_HDR_FLAG_SIGNED) {
3574 uint64_t uid = BVAL(inhdr, SMB2_HDR_SESSION_ID);
3576 if (session == NULL) {
3577 struct smbXcli_session *s;
3579 s = state->conn->sessions;
3580 for (; s; s = s->next) {
3581 if (s->smb2->session_id != uid) {
3590 if (session == NULL) {
3591 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3594 last_session = session;
3595 signing_key = &session->smb2_channel.signing_key;
3598 if (opcode == SMB2_OP_SESSSETUP) {
3600 * We prefer the channel signing key, if it is
3603 * If we do not have a channel signing key yet,
3604 * we try the main signing key, if it is not
3605 * the final response.
3607 if (signing_key && signing_key->length == 0 &&
3608 !NT_STATUS_IS_OK(status)) {
3609 signing_key = &session->smb2->signing_key;
3612 if (signing_key && signing_key->length == 0) {
3614 * If we do not have a session key to
3615 * verify the signature, we defer the
3616 * signing check to the caller.
3618 * The caller gets NT_STATUS_OK, it
3620 * smb2cli_session_set_session_key()
3622 * smb2cli_session_set_channel_key()
3623 * which will check the signature
3624 * with the channel signing key.
3630 if (cur[0].iov_len == SMB2_TF_HDR_SIZE) {
3631 const uint8_t *tf = (const uint8_t *)cur[0].iov_base;
3632 uint64_t uid = BVAL(tf, SMB2_TF_SESSION_ID);
3635 * If the response was encrypted in a SMB2_TRANSFORM
3636 * pdu, which belongs to the correct session,
3637 * we do not need to do signing checks
3639 * It could be the session the response belongs to
3640 * or the session that was used to encrypt the
3641 * SMB2_TRANSFORM request.
3643 if ((session && session->smb2->session_id == uid) ||
3644 (state->smb2.encryption_session_id == uid)) {
3646 was_encrypted = true;
3650 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
3652 * if the server returns NT_STATUS_USER_SESSION_DELETED
3653 * the response is not signed and we should
3654 * propagate the NT_STATUS_USER_SESSION_DELETED
3655 * status to the caller.
3657 state->smb2.signing_skipped = true;
3661 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
3663 * if the server returns
3664 * NT_STATUS_INVALID_PARAMETER
3665 * the response might not be encrypted.
3667 if (state->smb2.should_encrypt && !was_encrypted) {
3668 state->smb2.signing_skipped = true;
3673 if (state->smb2.should_encrypt && !was_encrypted) {
3674 if (!state->smb2.signing_skipped) {
3675 return NT_STATUS_ACCESS_DENIED;
3679 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED) ||
3680 NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) ||
3681 NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
3683 * if the server returns
3684 * NT_STATUS_NETWORK_NAME_DELETED
3685 * NT_STATUS_FILE_CLOSED
3686 * NT_STATUS_INVALID_PARAMETER
3687 * the response might not be signed
3688 * as this happens before the signing checks.
3690 * If server echos the signature (or all zeros)
3691 * we should report the status from the server
3697 cmp = memcmp(inhdr+SMB2_HDR_SIGNATURE,
3698 state->smb2.hdr+SMB2_HDR_SIGNATURE,
3701 state->smb2.signing_skipped = true;
3707 static const uint8_t zeros[16];
3709 cmp = memcmp(inhdr+SMB2_HDR_SIGNATURE,
3713 state->smb2.signing_skipped = true;
3720 status = smb2_signing_check_pdu(*signing_key,
3721 state->conn->protocol,
3723 if (!NT_STATUS_IS_OK(status)) {
3725 * If the signing check fails, we disconnect
3732 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) &&
3733 (session != NULL) && session->disconnect_expired)
3736 * this should be a short term hack
3737 * until the upper layers have implemented
3738 * re-authentication.
3743 smbXcli_req_unset_pending(req);
3746 * There might be more than one response
3747 * we need to defer the notifications
3749 if ((num_iov == 5) && (talloc_array_length(conn->pending) == 0)) {
3754 tevent_req_defer_callback(req, state->ev);
3758 * Note: here we use talloc_reference() in a way
3759 * that does not expose it to the caller.
3761 inbuf_ref = talloc_reference(state->smb2.recv_iov, inbuf);
3762 if (tevent_req_nomem(inbuf_ref, req)) {
3766 /* copy the related buffers */
3767 state->smb2.recv_iov[0] = cur[1];
3768 state->smb2.recv_iov[1] = cur[2];
3769 state->smb2.recv_iov[2] = cur[3];
3771 tevent_req_done(req);
3775 return NT_STATUS_RETRY;
3778 return NT_STATUS_OK;
3781 NTSTATUS smb2cli_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
3782 struct iovec **piov,
3783 const struct smb2cli_req_expected_response *expected,
3784 size_t num_expected)
3786 struct smbXcli_req_state *state =
3787 tevent_req_data(req,
3788 struct smbXcli_req_state);
3791 bool found_status = false;
3792 bool found_size = false;
3799 if (tevent_req_is_in_progress(req) && state->smb2.got_async) {
3800 return STATUS_PENDING;
3803 if (tevent_req_is_nterror(req, &status)) {
3804 for (i=0; i < num_expected; i++) {
3805 if (NT_STATUS_EQUAL(status, expected[i].status)) {
3806 found_status = true;
3812 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
3818 if (num_expected == 0) {
3819 found_status = true;
3823 status = NT_STATUS(IVAL(state->smb2.recv_iov[0].iov_base, SMB2_HDR_STATUS));
3824 body_size = SVAL(state->smb2.recv_iov[1].iov_base, 0);
3826 for (i=0; i < num_expected; i++) {
3827 if (!NT_STATUS_EQUAL(status, expected[i].status)) {
3831 found_status = true;
3832 if (expected[i].body_size == 0) {
3837 if (expected[i].body_size == body_size) {
3843 if (!found_status) {
3847 if (state->smb2.signing_skipped) {
3848 if (num_expected > 0) {
3849 return NT_STATUS_ACCESS_DENIED;
3851 if (!NT_STATUS_IS_ERR(status)) {
3852 return NT_STATUS_ACCESS_DENIED;
3857 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3861 *piov = talloc_move(mem_ctx, &state->smb2.recv_iov);
3867 NTSTATUS smb2cli_req_get_sent_iov(struct tevent_req *req,
3868 struct iovec *sent_iov)
3870 struct smbXcli_req_state *state =
3871 tevent_req_data(req,
3872 struct smbXcli_req_state);
3874 if (tevent_req_is_in_progress(req)) {
3875 return STATUS_PENDING;
3878 sent_iov[0].iov_base = state->smb2.hdr;
3879 sent_iov[0].iov_len = sizeof(state->smb2.hdr);
3881 sent_iov[1].iov_base = discard_const(state->smb2.fixed);
3882 sent_iov[1].iov_len = state->smb2.fixed_len;
3884 if (state->smb2.dyn != NULL) {
3885 sent_iov[2].iov_base = discard_const(state->smb2.dyn);
3886 sent_iov[2].iov_len = state->smb2.dyn_len;
3888 sent_iov[2].iov_base = NULL;
3889 sent_iov[2].iov_len = 0;
3892 return NT_STATUS_OK;
3895 static const struct {
3896 enum protocol_types proto;
3897 const char *smb1_name;
3898 } smb1cli_prots[] = {
3899 {PROTOCOL_CORE, "PC NETWORK PROGRAM 1.0"},
3900 {PROTOCOL_COREPLUS, "MICROSOFT NETWORKS 1.03"},
3901 {PROTOCOL_LANMAN1, "MICROSOFT NETWORKS 3.0"},
3902 {PROTOCOL_LANMAN1, "LANMAN1.0"},
3903 {PROTOCOL_LANMAN2, "LM1.2X002"},
3904 {PROTOCOL_LANMAN2, "DOS LANMAN2.1"},
3905 {PROTOCOL_LANMAN2, "LANMAN2.1"},
3906 {PROTOCOL_LANMAN2, "Samba"},
3907 {PROTOCOL_NT1, "NT LANMAN 1.0"},
3908 {PROTOCOL_NT1, "NT LM 0.12"},
3909 {PROTOCOL_SMB2_02, "SMB 2.002"},
3910 {PROTOCOL_SMB2_10, "SMB 2.???"},
3913 static const struct {
3914 enum protocol_types proto;
3915 uint16_t smb2_dialect;
3916 } smb2cli_prots[] = {
3917 {PROTOCOL_SMB2_02, SMB2_DIALECT_REVISION_202},
3918 {PROTOCOL_SMB2_10, SMB2_DIALECT_REVISION_210},
3919 {PROTOCOL_SMB2_22, SMB2_DIALECT_REVISION_222},
3920 {PROTOCOL_SMB2_24, SMB2_DIALECT_REVISION_224},
3921 {PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300},
3922 {PROTOCOL_SMB3_02, SMB3_DIALECT_REVISION_302},
3923 {PROTOCOL_SMB3_10, SMB3_DIALECT_REVISION_310},
3924 {PROTOCOL_SMB3_11, SMB3_DIALECT_REVISION_311},
3927 struct smbXcli_negprot_state {
3928 struct smbXcli_conn *conn;
3929 struct tevent_context *ev;
3930 uint32_t timeout_msec;
3937 static void smbXcli_negprot_invalid_done(struct tevent_req *subreq);
3938 static struct tevent_req *smbXcli_negprot_smb1_subreq(struct smbXcli_negprot_state *state);
3939 static void smbXcli_negprot_smb1_done(struct tevent_req *subreq);
3940 static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_state *state);
3941 static void smbXcli_negprot_smb2_done(struct tevent_req *subreq);
3942 static NTSTATUS smbXcli_negprot_dispatch_incoming(struct smbXcli_conn *conn,
3946 struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx,
3947 struct tevent_context *ev,
3948 struct smbXcli_conn *conn,
3949 uint32_t timeout_msec,
3950 enum protocol_types min_protocol,
3951 enum protocol_types max_protocol)
3953 struct tevent_req *req, *subreq;
3954 struct smbXcli_negprot_state *state;
3956 req = tevent_req_create(mem_ctx, &state,
3957 struct smbXcli_negprot_state);
3963 state->timeout_msec = timeout_msec;
3965 if (min_protocol == PROTOCOL_NONE) {
3966 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
3967 return tevent_req_post(req, ev);
3970 if (max_protocol == PROTOCOL_NONE) {
3971 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
3972 return tevent_req_post(req, ev);
3975 if (min_protocol > max_protocol) {
3976 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
3977 return tevent_req_post(req, ev);
3980 conn->min_protocol = min_protocol;
3981 conn->max_protocol = max_protocol;
3982 conn->protocol = PROTOCOL_NONE;
3984 if ((min_protocol < PROTOCOL_SMB2_02) &&
3985 (max_protocol < PROTOCOL_SMB2_02)) {
3989 conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
3991 subreq = smbXcli_negprot_smb1_subreq(state);
3992 if (tevent_req_nomem(subreq, req)) {
3993 return tevent_req_post(req, ev);
3995 tevent_req_set_callback(subreq, smbXcli_negprot_smb1_done, req);
3999 if ((min_protocol >= PROTOCOL_SMB2_02) &&
4000 (max_protocol >= PROTOCOL_SMB2_02)) {
4004 conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
4007 * As we're starting with an SMB2 negprot, emulate Windows
4008 * and ask for 31 credits in the initial SMB2 negprot.
4009 * If we don't and leave requested credits at
4010 * zero, MacOSX servers return zero credits on
4011 * the negprot reply and we fail to connect.
4013 smb2cli_conn_set_max_credits(conn,
4014 WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK);
4016 subreq = smbXcli_negprot_smb2_subreq(state);
4017 if (tevent_req_nomem(subreq, req)) {
4018 return tevent_req_post(req, ev);
4020 tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
4025 * We send an SMB1 negprot with the SMB2 dialects
4026 * and expect a SMB1 or a SMB2 response.
4028 * smbXcli_negprot_dispatch_incoming() will fix the
4029 * callback to match protocol of the response.
4031 conn->dispatch_incoming = smbXcli_negprot_dispatch_incoming;
4033 subreq = smbXcli_negprot_smb1_subreq(state);
4034 if (tevent_req_nomem(subreq, req)) {
4035 return tevent_req_post(req, ev);
4037 tevent_req_set_callback(subreq, smbXcli_negprot_invalid_done, req);
4041 static void smbXcli_negprot_invalid_done(struct tevent_req *subreq)
4043 struct tevent_req *req =
4044 tevent_req_callback_data(subreq,
4049 * we just want the low level error
4051 status = tevent_req_simple_recv_ntstatus(subreq);
4052 TALLOC_FREE(subreq);
4053 if (tevent_req_nterror(req, status)) {
4057 /* this should never happen */
4058 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
4061 static struct tevent_req *smbXcli_negprot_smb1_subreq(struct smbXcli_negprot_state *state)
4064 DATA_BLOB bytes = data_blob_null;
4068 /* setup the protocol strings */
4069 for (i=0; i < ARRAY_SIZE(smb1cli_prots); i++) {
4073 if (smb1cli_prots[i].proto < state->conn->min_protocol) {
4077 if (smb1cli_prots[i].proto > state->conn->max_protocol) {
4081 ok = data_blob_append(state, &bytes, &c, sizeof(c));
4087 * We now it is already ascii and
4088 * we want NULL termination.
4090 ok = data_blob_append(state, &bytes,
4091 smb1cli_prots[i].smb1_name,
4092 strlen(smb1cli_prots[i].smb1_name)+1);
4098 smb1cli_req_flags(state->conn->max_protocol,
4099 state->conn->smb1.client.capabilities,
4104 return smb1cli_req_send(state, state->ev, state->conn,
4108 state->timeout_msec,
4109 0xFFFE, 0, NULL, /* pid, tid, session */
4110 0, NULL, /* wct, vwv */
4111 bytes.length, bytes.data);
4114 static void smbXcli_negprot_smb1_done(struct tevent_req *subreq)
4116 struct tevent_req *req =
4117 tevent_req_callback_data(subreq,
4119 struct smbXcli_negprot_state *state =
4120 tevent_req_data(req,
4121 struct smbXcli_negprot_state);
4122 struct smbXcli_conn *conn = state->conn;
4123 struct iovec *recv_iov = NULL;
4132 size_t num_prots = 0;
4134 uint32_t client_capabilities = conn->smb1.client.capabilities;
4135 uint32_t both_capabilities;
4136 uint32_t server_capabilities = 0;
4137 uint32_t capabilities;
4138 uint32_t client_max_xmit = conn->smb1.client.max_xmit;
4139 uint32_t server_max_xmit = 0;
4141 uint32_t server_max_mux = 0;
4142 uint16_t server_security_mode = 0;
4143 uint32_t server_session_key = 0;
4144 bool server_readbraw = false;
4145 bool server_writebraw = false;
4146 bool server_lockread = false;
4147 bool server_writeunlock = false;
4148 struct GUID server_guid = GUID_zero();
4149 DATA_BLOB server_gss_blob = data_blob_null;
4150 uint8_t server_challenge[8];
4151 char *server_workgroup = NULL;
4152 char *server_name = NULL;
4153 int server_time_zone = 0;
4154 NTTIME server_system_time = 0;
4155 static const struct smb1cli_req_expected_response expected[] = {
4157 .status = NT_STATUS_OK,
4158 .wct = 0x11, /* NT1 */
4161 .status = NT_STATUS_OK,
4162 .wct = 0x0D, /* LM */
4165 .status = NT_STATUS_OK,
4166 .wct = 0x01, /* CORE */
4170 ZERO_STRUCT(server_challenge);
4172 status = smb1cli_req_recv(subreq, state,
4177 NULL, /* pvwv_offset */
4180 NULL, /* pbytes_offset */
4182 expected, ARRAY_SIZE(expected));
4183 TALLOC_FREE(subreq);
4184 if (tevent_req_nterror(req, status)) {
4188 flags = CVAL(inhdr, HDR_FLG);
4190 protnum = SVAL(vwv, 0);
4192 for (i=0; i < ARRAY_SIZE(smb1cli_prots); i++) {
4193 if (smb1cli_prots[i].proto < state->conn->min_protocol) {
4197 if (smb1cli_prots[i].proto > state->conn->max_protocol) {
4201 if (protnum != num_prots) {
4206 conn->protocol = smb1cli_prots[i].proto;
4210 if (conn->protocol == PROTOCOL_NONE) {
4211 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4215 if ((conn->protocol < PROTOCOL_NT1) && conn->mandatory_signing) {
4216 DEBUG(0,("smbXcli_negprot: SMB signing is mandatory "
4217 "and the selected protocol level doesn't support it.\n"));
4218 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
4222 if (flags & FLAG_SUPPORT_LOCKREAD) {
4223 server_lockread = true;
4224 server_writeunlock = true;
4227 if (conn->protocol >= PROTOCOL_NT1) {
4228 const char *client_signing = NULL;
4229 bool server_mandatory = false;
4230 bool server_allowed = false;
4231 const char *server_signing = NULL;
4236 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4241 server_security_mode = CVAL(vwv + 1, 0);
4242 server_max_mux = SVAL(vwv + 1, 1);
4243 server_max_xmit = IVAL(vwv + 3, 1);
4244 server_session_key = IVAL(vwv + 7, 1);
4245 server_time_zone = SVALS(vwv + 15, 1);
4246 server_time_zone *= 60;
4247 /* this time arrives in real GMT */
4248 server_system_time = BVAL(vwv + 11, 1);
4249 server_capabilities = IVAL(vwv + 9, 1);
4251 key_len = CVAL(vwv + 16, 1);
4253 if (server_capabilities & CAP_RAW_MODE) {
4254 server_readbraw = true;
4255 server_writebraw = true;
4257 if (server_capabilities & CAP_LOCK_AND_READ) {
4258 server_lockread = true;
4261 if (server_capabilities & CAP_EXTENDED_SECURITY) {
4262 DATA_BLOB blob1, blob2;
4264 if (num_bytes < 16) {
4265 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4269 blob1 = data_blob_const(bytes, 16);
4270 status = GUID_from_data_blob(&blob1, &server_guid);
4271 if (tevent_req_nterror(req, status)) {
4275 blob1 = data_blob_const(bytes+16, num_bytes-16);
4276 blob2 = data_blob_dup_talloc(state, blob1);
4277 if (blob1.length > 0 &&
4278 tevent_req_nomem(blob2.data, req)) {
4281 server_gss_blob = blob2;
4283 DATA_BLOB blob1, blob2;
4285 if (num_bytes < key_len) {
4286 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4290 if (key_len != 0 && key_len != 8) {
4291 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4296 memcpy(server_challenge, bytes, 8);
4299 blob1 = data_blob_const(bytes+key_len, num_bytes-key_len);
4300 blob2 = data_blob_const(bytes+key_len, num_bytes-key_len);
4301 if (blob1.length > 0) {
4304 len = utf16_len_n(blob1.data,
4308 ok = convert_string_talloc(state,
4316 status = map_nt_error_from_unix_common(errno);
4317 tevent_req_nterror(req, status);
4322 blob2.data += blob1.length;
4323 blob2.length -= blob1.length;
4324 if (blob2.length > 0) {
4327 len = utf16_len_n(blob1.data,
4331 ok = convert_string_talloc(state,
4339 status = map_nt_error_from_unix_common(errno);
4340 tevent_req_nterror(req, status);
4346 client_signing = "disabled";
4347 if (conn->allow_signing) {
4348 client_signing = "allowed";
4350 if (conn->mandatory_signing) {
4351 client_signing = "required";
4354 server_signing = "not supported";
4355 if (server_security_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
4356 server_signing = "supported";
4357 server_allowed = true;
4358 } else if (conn->mandatory_signing) {
4360 * We have mandatory signing as client
4361 * lets assume the server will look at our
4362 * FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
4363 * flag in the session setup
4365 server_signing = "not announced";
4366 server_allowed = true;
4368 if (server_security_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
4369 server_signing = "required";
4370 server_mandatory = true;
4373 ok = smb_signing_set_negotiated(conn->smb1.signing,
4377 DEBUG(1,("cli_negprot: SMB signing is required, "
4378 "but client[%s] and server[%s] mismatch\n",
4379 client_signing, server_signing));
4380 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
4384 } else if (conn->protocol >= PROTOCOL_LANMAN1) {
4390 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4394 server_security_mode = SVAL(vwv + 1, 0);
4395 server_max_xmit = SVAL(vwv + 2, 0);
4396 server_max_mux = SVAL(vwv + 3, 0);
4397 server_readbraw = ((SVAL(vwv + 5, 0) & 0x1) != 0);
4398 server_writebraw = ((SVAL(vwv + 5, 0) & 0x2) != 0);
4399 server_session_key = IVAL(vwv + 6, 0);
4400 server_time_zone = SVALS(vwv + 10, 0);
4401 server_time_zone *= 60;
4402 /* this time is converted to GMT by make_unix_date */
4403 t = pull_dos_date((const uint8_t *)(vwv + 8), server_time_zone);
4404 unix_to_nt_time(&server_system_time, t);
4405 key_len = SVAL(vwv + 11, 0);
4407 if (num_bytes < key_len) {
4408 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4412 if (key_len != 0 && key_len != 8) {
4413 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4418 memcpy(server_challenge, bytes, 8);
4421 blob1 = data_blob_const(bytes+key_len, num_bytes-key_len);
4422 if (blob1.length > 0) {
4426 len = utf16_len_n(blob1.data,
4430 ok = convert_string_talloc(state,
4438 status = map_nt_error_from_unix_common(errno);
4439 tevent_req_nterror(req, status);
4445 /* the old core protocol */
4446 server_time_zone = get_time_zone(time(NULL));
4447 server_max_xmit = 1024;
4451 if (server_max_xmit < 1024) {
4452 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4456 if (server_max_mux < 1) {
4457 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4462 * Now calculate the negotiated capabilities
4463 * based on the mask for:
4464 * - client only flags
4465 * - flags used in both directions
4466 * - server only flags
4468 both_capabilities = client_capabilities & server_capabilities;
4469 capabilities = client_capabilities & SMB_CAP_CLIENT_MASK;
4470 capabilities |= both_capabilities & SMB_CAP_BOTH_MASK;
4471 capabilities |= server_capabilities & SMB_CAP_SERVER_MASK;
4473 max_xmit = MIN(client_max_xmit, server_max_xmit);
4475 conn->smb1.server.capabilities = server_capabilities;
4476 conn->smb1.capabilities = capabilities;
4478 conn->smb1.server.max_xmit = server_max_xmit;
4479 conn->smb1.max_xmit = max_xmit;
4481 conn->smb1.server.max_mux = server_max_mux;
4483 conn->smb1.server.security_mode = server_security_mode;
4485 conn->smb1.server.readbraw = server_readbraw;
4486 conn->smb1.server.writebraw = server_writebraw;
4487 conn->smb1.server.lockread = server_lockread;
4488 conn->smb1.server.writeunlock = server_writeunlock;
4490 conn->smb1.server.session_key = server_session_key;
4492 talloc_steal(conn, server_gss_blob.data);
4493 conn->smb1.server.gss_blob = server_gss_blob;
4494 conn->smb1.server.guid = server_guid;
4495 memcpy(conn->smb1.server.challenge, server_challenge, 8);
4496 conn->smb1.server.workgroup = talloc_move(conn, &server_workgroup);
4497 conn->smb1.server.name = talloc_move(conn, &server_name);
4499 conn->smb1.server.time_zone = server_time_zone;
4500 conn->smb1.server.system_time = server_system_time;
4502 tevent_req_done(req);
4505 static size_t smbXcli_padding_helper(uint32_t offset, size_t n)
4507 if ((offset & (n-1)) == 0) return 0;
4508 return n - (offset & (n-1));
4511 static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_state *state)
4515 uint16_t dialect_count = 0;
4516 DATA_BLOB dyn = data_blob_null;
4518 for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
4522 if (smb2cli_prots[i].proto < state->conn->min_protocol) {
4526 if (smb2cli_prots[i].proto > state->conn->max_protocol) {
4530 SSVAL(val, 0, smb2cli_prots[i].smb2_dialect);
4532 ok = data_blob_append(state, &dyn, val, sizeof(val));
4540 buf = state->smb2.fixed;
4542 SSVAL(buf, 2, dialect_count);
4543 SSVAL(buf, 4, state->conn->smb2.client.security_mode);
4544 SSVAL(buf, 6, 0); /* Reserved */
4545 if (state->conn->max_protocol >= PROTOCOL_SMB2_22) {
4546 SIVAL(buf, 8, state->conn->smb2.client.capabilities);
4548 SIVAL(buf, 8, 0); /* Capabilities */
4550 if (state->conn->max_protocol >= PROTOCOL_SMB2_10) {
4554 status = GUID_to_ndr_blob(&state->conn->smb2.client.guid,
4556 if (!NT_STATUS_IS_OK(status)) {
4559 memcpy(buf+12, blob.data, 16); /* ClientGuid */
4561 memset(buf+12, 0, 16); /* ClientGuid */
4564 if (state->conn->max_protocol >= PROTOCOL_SMB3_10) {
4566 struct smb2_negotiate_contexts c = { .num_contexts = 0, };
4570 const uint8_t zeros[8] = {0, };
4574 SSVAL(p, 0, 1); /* HashAlgorithmCount */
4575 SSVAL(p, 2, 32); /* SaltLength */
4576 SSVAL(p, 4, SMB2_PREAUTH_INTEGRITY_SHA512);
4577 generate_random_buffer(p + 6, 32);
4579 b = data_blob_const(p, 38);
4580 status = smb2_negotiate_context_add(state, &c,
4581 SMB2_PREAUTH_INTEGRITY_CAPABILITIES, b);
4582 if (!NT_STATUS_IS_OK(status)) {
4586 SSVAL(p, 0, 2); /* ChiperCount */
4587 SSVAL(p, 2, SMB2_ENCRYPTION_AES128_GCM);
4588 SSVAL(p, 4, SMB2_ENCRYPTION_AES128_CCM);
4590 b = data_blob_const(p, 6);
4591 status = smb2_negotiate_context_add(state, &c,
4592 SMB2_ENCRYPTION_CAPABILITIES, b);
4593 if (!NT_STATUS_IS_OK(status)) {
4597 status = smb2_negotiate_context_push(state, &b, c);
4598 if (!NT_STATUS_IS_OK(status)) {
4602 offset = SMB2_HDR_BODY + sizeof(state->smb2.fixed) + dyn.length;
4603 pad = smbXcli_padding_helper(offset, 8);
4605 ok = data_blob_append(state, &dyn, zeros, pad);
4611 ok = data_blob_append(state, &dyn, b.data, b.length);
4616 SIVAL(buf, 28, offset); /* NegotiateContextOffset */
4617 SSVAL(buf, 32, c.num_contexts); /* NegotiateContextCount */
4618 SSVAL(buf, 34, 0); /* Reserved */
4620 SBVAL(buf, 28, 0); /* Reserved/ClientStartTime */
4623 return smb2cli_req_send(state, state->ev,
4624 state->conn, SMB2_OP_NEGPROT,
4626 state->timeout_msec,
4627 NULL, NULL, /* tcon, session */
4628 state->smb2.fixed, sizeof(state->smb2.fixed),
4629 dyn.data, dyn.length,
4630 UINT16_MAX); /* max_dyn_len */
4633 static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
4635 struct tevent_req *req =
4636 tevent_req_callback_data(subreq,
4638 struct smbXcli_negprot_state *state =
4639 tevent_req_data(req,
4640 struct smbXcli_negprot_state);
4641 struct smbXcli_conn *conn = state->conn;
4642 size_t security_offset, security_length;
4648 uint16_t dialect_revision;
4649 struct smb2_negotiate_contexts c = { .num_contexts = 0, };
4650 uint32_t negotiate_context_offset = 0;
4651 uint16_t negotiate_context_count = 0;
4652 DATA_BLOB negotiate_context_blob = data_blob_null;
4656 struct smb2_negotiate_context *preauth = NULL;
4657 uint16_t hash_count;
4658 uint16_t salt_length;
4659 uint16_t hash_selected;
4660 struct hc_sha512state sctx;
4661 struct smb2_negotiate_context *cipher = NULL;
4662 struct iovec sent_iov[3];
4663 static const struct smb2cli_req_expected_response expected[] = {
4665 .status = NT_STATUS_OK,
4670 status = smb2cli_req_recv(subreq, state, &iov,
4671 expected, ARRAY_SIZE(expected));
4672 if (tevent_req_nterror(req, status)) {
4676 body = (uint8_t *)iov[1].iov_base;
4678 dialect_revision = SVAL(body, 4);
4680 for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
4681 if (smb2cli_prots[i].proto < state->conn->min_protocol) {
4685 if (smb2cli_prots[i].proto > state->conn->max_protocol) {
4689 if (smb2cli_prots[i].smb2_dialect != dialect_revision) {
4693 conn->protocol = smb2cli_prots[i].proto;
4697 if (conn->protocol == PROTOCOL_NONE) {
4698 TALLOC_FREE(subreq);
4700 if (state->conn->min_protocol >= PROTOCOL_SMB2_02) {
4701 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4705 if (dialect_revision != SMB2_DIALECT_REVISION_2FF) {
4706 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4710 /* make sure we do not loop forever */
4711 state->conn->min_protocol = PROTOCOL_SMB2_02;
4714 * send a SMB2 negprot, in order to negotiate
4717 subreq = smbXcli_negprot_smb2_subreq(state);
4718 if (tevent_req_nomem(subreq, req)) {
4721 tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
4725 conn->smb2.server.security_mode = SVAL(body, 2);
4726 if (conn->protocol >= PROTOCOL_SMB3_10) {
4727 negotiate_context_count = SVAL(body, 6);
4730 blob = data_blob_const(body + 8, 16);
4731 status = GUID_from_data_blob(&blob, &conn->smb2.server.guid);
4732 if (tevent_req_nterror(req, status)) {
4736 conn->smb2.server.capabilities = IVAL(body, 24);
4737 conn->smb2.server.max_trans_size= IVAL(body, 28);
4738 conn->smb2.server.max_read_size = IVAL(body, 32);
4739 conn->smb2.server.max_write_size= IVAL(body, 36);
4740 conn->smb2.server.system_time = BVAL(body, 40);
4741 conn->smb2.server.start_time = BVAL(body, 48);
4743 security_offset = SVAL(body, 56);
4744 security_length = SVAL(body, 58);
4746 if (security_offset != SMB2_HDR_BODY + iov[1].iov_len) {
4747 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4751 if (security_length > iov[2].iov_len) {
4752 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4756 conn->smb2.server.gss_blob = data_blob_talloc(conn,
4759 if (tevent_req_nomem(conn->smb2.server.gss_blob.data, req)) {
4763 if (conn->protocol < PROTOCOL_SMB3_10) {
4764 TALLOC_FREE(subreq);
4766 if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) {
4767 conn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
4769 tevent_req_done(req);
4773 if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) {
4774 tevent_req_nterror(req,
4775 NT_STATUS_INVALID_NETWORK_RESPONSE);
4779 negotiate_context_offset = IVAL(body, 60);
4780 if (negotiate_context_offset < security_offset) {
4781 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4785 ctx_ofs = negotiate_context_offset - security_offset;
4786 if (ctx_ofs > iov[2].iov_len) {
4787 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4790 avail = iov[2].iov_len - security_length;
4791 needed = iov[2].iov_len - ctx_ofs;
4792 if (needed > avail) {
4793 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4797 negotiate_context_blob.data = (uint8_t *)iov[2].iov_base;
4798 negotiate_context_blob.length = iov[2].iov_len;
4800 negotiate_context_blob.data += ctx_ofs;
4801 negotiate_context_blob.length -= ctx_ofs;
4803 status = smb2_negotiate_context_parse(state, negotiate_context_blob, &c);
4804 if (tevent_req_nterror(req, status)) {
4808 if (negotiate_context_count != c.num_contexts) {
4809 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4813 preauth = smb2_negotiate_context_find(&c,
4814 SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
4815 if (preauth == NULL) {
4816 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4820 if (preauth->data.length < 6) {
4821 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4825 hash_count = SVAL(preauth->data.data, 0);
4826 salt_length = SVAL(preauth->data.data, 2);
4827 hash_selected = SVAL(preauth->data.data, 4);
4829 if (hash_count != 1) {
4830 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4834 if (preauth->data.length != (6 + salt_length)) {
4835 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4839 if (hash_selected != SMB2_PREAUTH_INTEGRITY_SHA512) {
4840 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
4844 cipher = smb2_negotiate_context_find(&c, SMB2_ENCRYPTION_CAPABILITIES);
4845 if (cipher != NULL) {
4846 uint16_t cipher_count;
4848 if (cipher->data.length < 2) {
4849 tevent_req_nterror(req,
4850 NT_STATUS_INVALID_NETWORK_RESPONSE);
4854 cipher_count = SVAL(cipher->data.data, 0);
4856 if (cipher_count > 1) {
4857 tevent_req_nterror(req,
4858 NT_STATUS_INVALID_NETWORK_RESPONSE);
4862 if (cipher->data.length != (2 + 2 * cipher_count)) {
4863 tevent_req_nterror(req,
4864 NT_STATUS_INVALID_NETWORK_RESPONSE);
4868 if (cipher_count == 1) {
4869 uint16_t cipher_selected;
4871 cipher_selected = SVAL(cipher->data.data, 2);
4873 switch (cipher_selected) {
4874 case SMB2_ENCRYPTION_AES128_GCM:
4875 case SMB2_ENCRYPTION_AES128_CCM:
4876 conn->smb2.server.cipher = cipher_selected;
4882 /* First we hash the request */
4883 smb2cli_req_get_sent_iov(subreq, sent_iov);
4884 samba_SHA512_Init(&sctx);
4885 samba_SHA512_Update(&sctx, conn->smb2.preauth_sha512,
4886 sizeof(conn->smb2.preauth_sha512));
4887 for (i = 0; i < 3; i++) {
4888 samba_SHA512_Update(&sctx, sent_iov[i].iov_base, sent_iov[i].iov_len);
4890 samba_SHA512_Final(conn->smb2.preauth_sha512, &sctx);
4891 TALLOC_FREE(subreq);
4893 /* And now we hash the response */
4894 samba_SHA512_Init(&sctx);
4895 samba_SHA512_Update(&sctx, conn->smb2.preauth_sha512,
4896 sizeof(conn->smb2.preauth_sha512));
4897 for (i = 0; i < 3; i++) {
4898 samba_SHA512_Update(&sctx, iov[i].iov_base, iov[i].iov_len);
4900 samba_SHA512_Final(conn->smb2.preauth_sha512, &sctx);
4902 tevent_req_done(req);
4905 static NTSTATUS smbXcli_negprot_dispatch_incoming(struct smbXcli_conn *conn,
4906 TALLOC_CTX *tmp_mem,
4909 size_t num_pending = talloc_array_length(conn->pending);
4910 struct tevent_req *subreq;
4911 struct smbXcli_req_state *substate;
4912 struct tevent_req *req;
4913 uint32_t protocol_magic;
4914 size_t inbuf_len = smb_len_nbt(inbuf);
4916 if (num_pending != 1) {
4917 return NT_STATUS_INTERNAL_ERROR;
4920 if (inbuf_len < 4) {
4921 return NT_STATUS_INVALID_NETWORK_RESPONSE;
4924 subreq = conn->pending[0];
4925 substate = tevent_req_data(subreq, struct smbXcli_req_state);
4926 req = tevent_req_callback_data(subreq, struct tevent_req);
4928 protocol_magic = IVAL(inbuf, 4);
4930 switch (protocol_magic) {
4932 tevent_req_set_callback(subreq, smbXcli_negprot_smb1_done, req);
4933 conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
4934 return smb1cli_conn_dispatch_incoming(conn, tmp_mem, inbuf);
4937 if (substate->smb2.recv_iov == NULL) {
4939 * For the SMB1 negprot we have move it.
4941 substate->smb2.recv_iov = substate->smb1.recv_iov;
4942 substate->smb1.recv_iov = NULL;
4946 * we got an SMB2 answer, which consumed sequence number 0
4947 * so we need to use 1 as the next one.
4949 * we also need to set the current credits to 0
4950 * as we consumed the initial one. The SMB2 answer
4951 * hopefully grant us a new credit.
4954 conn->smb2.cur_credits = 0;
4955 tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
4956 conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
4957 return smb2cli_conn_dispatch_incoming(conn, tmp_mem, inbuf);
4960 DEBUG(10, ("Got non-SMB PDU\n"));
4961 return NT_STATUS_INVALID_NETWORK_RESPONSE;
4964 NTSTATUS smbXcli_negprot_recv(struct tevent_req *req)
4966 return tevent_req_simple_recv_ntstatus(req);
4969 NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn,
4970 uint32_t timeout_msec,
4971 enum protocol_types min_protocol,
4972 enum protocol_types max_protocol)
4974 TALLOC_CTX *frame = talloc_stackframe();
4975 struct tevent_context *ev;
4976 struct tevent_req *req;
4977 NTSTATUS status = NT_STATUS_NO_MEMORY;
4980 if (smbXcli_conn_has_async_calls(conn)) {
4982 * Can't use sync call while an async call is in flight
4984 status = NT_STATUS_INVALID_PARAMETER_MIX;
4987 ev = samba_tevent_context_init(frame);
4991 req = smbXcli_negprot_send(frame, ev, conn, timeout_msec,
4992 min_protocol, max_protocol);
4996 ok = tevent_req_poll_ntstatus(req, ev, &status);
5000 status = smbXcli_negprot_recv(req);
5006 struct smb2cli_validate_negotiate_info_state {
5007 struct smbXcli_conn *conn;
5008 DATA_BLOB in_input_buffer;
5009 DATA_BLOB in_output_buffer;
5010 DATA_BLOB out_input_buffer;
5011 DATA_BLOB out_output_buffer;
5015 static void smb2cli_validate_negotiate_info_done(struct tevent_req *subreq);
5017 struct tevent_req *smb2cli_validate_negotiate_info_send(TALLOC_CTX *mem_ctx,
5018 struct tevent_context *ev,
5019 struct smbXcli_conn *conn,
5020 uint32_t timeout_msec,
5021 struct smbXcli_session *session,
5022 struct smbXcli_tcon *tcon)
5024 struct tevent_req *req;
5025 struct smb2cli_validate_negotiate_info_state *state;
5027 uint16_t dialect_count = 0;
5028 struct tevent_req *subreq;
5029 bool _save_should_sign;
5032 req = tevent_req_create(mem_ctx, &state,
5033 struct smb2cli_validate_negotiate_info_state);
5039 state->in_input_buffer = data_blob_talloc_zero(state,
5040 4 + 16 + 1 + 1 + 2);
5041 if (tevent_req_nomem(state->in_input_buffer.data, req)) {
5042 return tevent_req_post(req, ev);
5044 buf = state->in_input_buffer.data;
5046 if (state->conn->max_protocol >= PROTOCOL_SMB2_22) {
5047 SIVAL(buf, 0, conn->smb2.client.capabilities);
5049 SIVAL(buf, 0, 0); /* Capabilities */
5051 if (state->conn->max_protocol >= PROTOCOL_SMB2_10) {
5055 status = GUID_to_ndr_blob(&conn->smb2.client.guid,
5057 if (!NT_STATUS_IS_OK(status)) {
5060 memcpy(buf+4, blob.data, 16); /* ClientGuid */
5062 memset(buf+4, 0, 16); /* ClientGuid */
5064 if (state->conn->min_protocol >= PROTOCOL_SMB2_02) {
5065 SCVAL(buf, 20, conn->smb2.client.security_mode);
5069 SCVAL(buf, 21, 0); /* reserved */
5071 for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
5075 if (smb2cli_prots[i].proto < state->conn->min_protocol) {
5079 if (smb2cli_prots[i].proto > state->conn->max_protocol) {
5083 if (smb2cli_prots[i].proto == state->conn->protocol) {
5084 state->dialect = smb2cli_prots[i].smb2_dialect;
5087 ofs = state->in_input_buffer.length;
5088 ok = data_blob_realloc(state, &state->in_input_buffer,
5091 tevent_req_oom(req);
5092 return tevent_req_post(req, ev);
5095 buf = state->in_input_buffer.data;
5096 SSVAL(buf, ofs, smb2cli_prots[i].smb2_dialect);
5100 buf = state->in_input_buffer.data;
5101 SSVAL(buf, 22, dialect_count);
5103 _save_should_sign = smb2cli_tcon_is_signing_on(tcon);
5104 smb2cli_tcon_should_sign(tcon, true);
5105 subreq = smb2cli_ioctl_send(state, ev, conn,
5106 timeout_msec, session, tcon,
5107 UINT64_MAX, /* in_fid_persistent */
5108 UINT64_MAX, /* in_fid_volatile */
5109 FSCTL_VALIDATE_NEGOTIATE_INFO,
5110 0, /* in_max_input_length */
5111 &state->in_input_buffer,
5112 24, /* in_max_output_length */
5113 &state->in_output_buffer,
5114 SMB2_IOCTL_FLAG_IS_FSCTL);
5115 smb2cli_tcon_should_sign(tcon, _save_should_sign);
5116 if (tevent_req_nomem(subreq, req)) {
5117 return tevent_req_post(req, ev);
5119 tevent_req_set_callback(subreq,
5120 smb2cli_validate_negotiate_info_done,
5126 static void smb2cli_validate_negotiate_info_done(struct tevent_req *subreq)
5128 struct tevent_req *req =
5129 tevent_req_callback_data(subreq,
5131 struct smb2cli_validate_negotiate_info_state *state =
5132 tevent_req_data(req,
5133 struct smb2cli_validate_negotiate_info_state);
5136 uint32_t capabilities;
5137 DATA_BLOB guid_blob;
5138 struct GUID server_guid;
5139 uint16_t security_mode;
5142 status = smb2cli_ioctl_recv(subreq, state,
5143 &state->out_input_buffer,
5144 &state->out_output_buffer);
5145 TALLOC_FREE(subreq);
5146 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED)) {
5148 * The response was signed, but not supported
5150 * Older Windows and Samba releases return
5151 * NT_STATUS_FILE_CLOSED.
5153 tevent_req_done(req);
5156 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_DEVICE_REQUEST)) {
5158 * The response was signed, but not supported
5160 * This is returned by the NTVFS based Samba 4.x file server
5163 tevent_req_done(req);
5166 if (NT_STATUS_EQUAL(status, NT_STATUS_FS_DRIVER_REQUIRED)) {
5168 * The response was signed, but not supported
5170 * This is returned by the NTVFS based Samba 4.x file server
5173 tevent_req_done(req);
5176 if (tevent_req_nterror(req, status)) {
5180 if (state->out_output_buffer.length != 24) {
5181 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
5185 buf = state->out_output_buffer.data;
5187 capabilities = IVAL(buf, 0);
5188 guid_blob = data_blob_const(buf + 4, 16);
5189 status = GUID_from_data_blob(&guid_blob, &server_guid);
5190 if (tevent_req_nterror(req, status)) {
5193 security_mode = CVAL(buf, 20);
5194 dialect = SVAL(buf, 22);
5196 if (capabilities != state->conn->smb2.server.capabilities) {
5197 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
5201 if (!GUID_equal(&server_guid, &state->conn->smb2.server.guid)) {
5202 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
5206 if (security_mode != state->conn->smb2.server.security_mode) {
5207 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
5211 if (dialect != state->dialect) {
5212 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
5216 tevent_req_done(req);
5219 NTSTATUS smb2cli_validate_negotiate_info_recv(struct tevent_req *req)
5221 return tevent_req_simple_recv_ntstatus(req);
5224 static int smbXcli_session_destructor(struct smbXcli_session *session)
5226 if (session->conn == NULL) {
5230 DLIST_REMOVE(session->conn->sessions, session);
5234 struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx,
5235 struct smbXcli_conn *conn)
5237 struct smbXcli_session *session;
5239 session = talloc_zero(mem_ctx, struct smbXcli_session);
5240 if (session == NULL) {
5243 session->smb2 = talloc_zero(session, struct smb2cli_session);
5244 if (session->smb2 == NULL) {
5245 talloc_free(session);
5248 talloc_set_destructor(session, smbXcli_session_destructor);
5250 DLIST_ADD_END(conn->sessions, session, struct smbXcli_session *);
5251 session->conn = conn;
5253 memcpy(session->smb2_channel.preauth_sha512,
5254 conn->smb2.preauth_sha512,
5255 sizeof(session->smb2_channel.preauth_sha512));
5260 struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx,
5261 struct smbXcli_session *src)
5263 struct smbXcli_session *session;
5265 session = talloc_zero(mem_ctx, struct smbXcli_session);
5266 if (session == NULL) {
5269 session->smb2 = talloc_zero(session, struct smb2cli_session);
5270 if (session->smb2 == NULL) {
5271 talloc_free(session);
5275 session->conn = src->conn;
5276 *session->smb2 = *src->smb2;
5277 session->smb2_channel = src->smb2_channel;
5278 session->disconnect_expired = src->disconnect_expired;
5280 DLIST_ADD_END(src->conn->sessions, session, struct smbXcli_session *);
5281 talloc_set_destructor(session, smbXcli_session_destructor);
5286 bool smbXcli_session_is_authenticated(struct smbXcli_session *session)
5288 const DATA_BLOB *application_key;
5290 if (session->conn == NULL) {
5295 * If we have an application key we had a session key negotiated
5298 if (session->conn->protocol >= PROTOCOL_SMB2_02) {
5299 application_key = &session->smb2->application_key;
5301 application_key = &session->smb1.application_key;
5304 if (application_key->length == 0) {
5311 NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
5312 TALLOC_CTX *mem_ctx,
5315 const DATA_BLOB *application_key;
5317 *key = data_blob_null;
5319 if (session->conn == NULL) {
5320 return NT_STATUS_NO_USER_SESSION_KEY;
5323 if (session->conn->protocol >= PROTOCOL_SMB2_02) {
5324 application_key = &session->smb2->application_key;
5326 application_key = &session->smb1.application_key;
5329 if (application_key->length == 0) {
5330 return NT_STATUS_NO_USER_SESSION_KEY;
5333 *key = data_blob_dup_talloc(mem_ctx, *application_key);
5334 if (key->data == NULL) {
5335 return NT_STATUS_NO_MEMORY;
5338 return NT_STATUS_OK;
5341 void smbXcli_session_set_disconnect_expired(struct smbXcli_session *session)
5343 session->disconnect_expired = true;
5346 uint16_t smb1cli_session_current_id(struct smbXcli_session *session)
5348 return session->smb1.session_id;
5351 void smb1cli_session_set_id(struct smbXcli_session *session,
5352 uint16_t session_id)
5354 session->smb1.session_id = session_id;
5357 NTSTATUS smb1cli_session_set_session_key(struct smbXcli_session *session,
5358 const DATA_BLOB _session_key)
5360 struct smbXcli_conn *conn = session->conn;
5361 uint8_t session_key[16];
5364 return NT_STATUS_INVALID_PARAMETER_MIX;
5367 if (session->smb1.application_key.length != 0) {
5369 * TODO: do not allow this...
5371 * return NT_STATUS_INVALID_PARAMETER_MIX;
5373 data_blob_clear_free(&session->smb1.application_key);
5374 session->smb1.protected_key = false;
5377 if (_session_key.length == 0) {
5378 return NT_STATUS_OK;
5381 ZERO_STRUCT(session_key);
5382 memcpy(session_key, _session_key.data,
5383 MIN(_session_key.length, sizeof(session_key)));
5385 session->smb1.application_key = data_blob_talloc(session,
5387 sizeof(session_key));
5388 ZERO_STRUCT(session_key);
5389 if (session->smb1.application_key.data == NULL) {
5390 return NT_STATUS_NO_MEMORY;
5393 session->smb1.protected_key = false;
5395 return NT_STATUS_OK;
5398 NTSTATUS smb1cli_session_protect_session_key(struct smbXcli_session *session)
5400 if (session->smb1.protected_key) {
5401 /* already protected */
5402 return NT_STATUS_OK;
5405 if (session->smb1.application_key.length != 16) {
5406 return NT_STATUS_INVALID_PARAMETER_MIX;
5409 smb_key_derivation(session->smb1.application_key.data,
5410 session->smb1.application_key.length,
5411 session->smb1.application_key.data);
5413 session->smb1.protected_key = true;
5415 return NT_STATUS_OK;
5418 uint8_t smb2cli_session_security_mode(struct smbXcli_session *session)
5420 struct smbXcli_conn *conn = session->conn;
5421 uint8_t security_mode = 0;
5424 return security_mode;
5427 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
5428 if (conn->mandatory_signing) {
5429 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
5432 return security_mode;
5435 uint64_t smb2cli_session_current_id(struct smbXcli_session *session)
5437 return session->smb2->session_id;
5440 uint16_t smb2cli_session_get_flags(struct smbXcli_session *session)
5442 return session->smb2->session_flags;
5445 void smb2cli_session_set_id_and_flags(struct smbXcli_session *session,
5446 uint64_t session_id,
5447 uint16_t session_flags)
5449 session->smb2->session_id = session_id;
5450 session->smb2->session_flags = session_flags;
5453 void smb2cli_session_increment_channel_sequence(struct smbXcli_session *session)
5455 session->smb2->channel_sequence += 1;
5458 uint16_t smb2cli_session_reset_channel_sequence(struct smbXcli_session *session,
5459 uint16_t channel_sequence)
5463 prev_cs = session->smb2->channel_sequence;
5464 session->smb2->channel_sequence = channel_sequence;
5469 void smb2cli_session_start_replay(struct smbXcli_session *session)
5471 session->smb2->replay_active = true;
5474 void smb2cli_session_stop_replay(struct smbXcli_session *session)
5476 session->smb2->replay_active = false;
5479 NTSTATUS smb2cli_session_update_preauth(struct smbXcli_session *session,
5480 const struct iovec *iov)
5482 struct hc_sha512state sctx;
5485 if (session->conn == NULL) {
5486 return NT_STATUS_INTERNAL_ERROR;
5489 if (session->conn->protocol < PROTOCOL_SMB3_10) {
5490 return NT_STATUS_OK;
5493 if (session->smb2_channel.signing_key.length != 0) {
5494 return NT_STATUS_OK;
5497 samba_SHA512_Init(&sctx);
5498 samba_SHA512_Update(&sctx, session->smb2_channel.preauth_sha512,
5499 sizeof(session->smb2_channel.preauth_sha512));
5500 for (i = 0; i < 3; i++) {
5501 samba_SHA512_Update(&sctx, iov[i].iov_base, iov[i].iov_len);
5503 samba_SHA512_Final(session->smb2_channel.preauth_sha512, &sctx);
5505 return NT_STATUS_OK;
5508 NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
5509 const DATA_BLOB _session_key,
5510 const struct iovec *recv_iov)
5512 struct smbXcli_conn *conn = session->conn;
5513 uint16_t no_sign_flags;
5514 uint8_t session_key[16];
5515 bool check_signature = true;
5518 struct _derivation {
5523 struct _derivation signing;
5524 struct _derivation encryption;
5525 struct _derivation decryption;
5526 struct _derivation application;
5528 size_t nonce_size = 0;
5531 return NT_STATUS_INVALID_PARAMETER_MIX;
5534 if (recv_iov[0].iov_len != SMB2_HDR_BODY) {
5535 return NT_STATUS_INVALID_PARAMETER_MIX;
5538 no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
5540 if (session->smb2->session_flags & no_sign_flags) {
5541 session->smb2->should_sign = false;
5542 return NT_STATUS_OK;
5545 if (session->smb2->signing_key.length != 0) {
5546 return NT_STATUS_INVALID_PARAMETER_MIX;
5549 if (conn->protocol >= PROTOCOL_SMB3_10) {
5550 struct _derivation *d;
5553 p = data_blob_const(session->smb2_channel.preauth_sha512,
5554 sizeof(session->smb2_channel.preauth_sha512));
5556 d = &derivation.signing;
5557 d->label = data_blob_string_const_null("SMBSigningKey");
5560 d = &derivation.encryption;
5561 d->label = data_blob_string_const_null("SMBC2SCipherKey");
5564 d = &derivation.decryption;
5565 d->label = data_blob_string_const_null("SMBS2CCipherKey");
5568 d = &derivation.application;
5569 d->label = data_blob_string_const_null("SMBAppKey");
5572 } else if (conn->protocol >= PROTOCOL_SMB2_24) {
5573 struct _derivation *d;
5575 d = &derivation.signing;
5576 d->label = data_blob_string_const_null("SMB2AESCMAC");
5577 d->context = data_blob_string_const_null("SmbSign");
5579 d = &derivation.encryption;
5580 d->label = data_blob_string_const_null("SMB2AESCCM");
5581 d->context = data_blob_string_const_null("ServerIn ");
5583 d = &derivation.decryption;
5584 d->label = data_blob_string_const_null("SMB2AESCCM");
5585 d->context = data_blob_string_const_null("ServerOut");
5587 d = &derivation.application;
5588 d->label = data_blob_string_const_null("SMB2APP");
5589 d->context = data_blob_string_const_null("SmbRpc");
5592 ZERO_STRUCT(session_key);
5593 memcpy(session_key, _session_key.data,
5594 MIN(_session_key.length, sizeof(session_key)));
5596 session->smb2->signing_key = data_blob_talloc(session,
5598 sizeof(session_key));
5599 if (session->smb2->signing_key.data == NULL) {
5600 ZERO_STRUCT(session_key);
5601 return NT_STATUS_NO_MEMORY;
5604 if (conn->protocol >= PROTOCOL_SMB2_24) {
5605 struct _derivation *d = &derivation.signing;
5607 smb2_key_derivation(session_key, sizeof(session_key),
5608 d->label.data, d->label.length,
5609 d->context.data, d->context.length,
5610 session->smb2->signing_key.data);
5613 session->smb2->encryption_key = data_blob_dup_talloc(session,
5614 session->smb2->signing_key);
5615 if (session->smb2->encryption_key.data == NULL) {
5616 ZERO_STRUCT(session_key);
5617 return NT_STATUS_NO_MEMORY;
5620 if (conn->protocol >= PROTOCOL_SMB2_24) {
5621 struct _derivation *d = &derivation.encryption;
5623 smb2_key_derivation(session_key, sizeof(session_key),
5624 d->label.data, d->label.length,
5625 d->context.data, d->context.length,
5626 session->smb2->encryption_key.data);
5629 session->smb2->decryption_key = data_blob_dup_talloc(session,
5630 session->smb2->signing_key);
5631 if (session->smb2->decryption_key.data == NULL) {
5632 ZERO_STRUCT(session_key);
5633 return NT_STATUS_NO_MEMORY;
5636 if (conn->protocol >= PROTOCOL_SMB2_24) {
5637 struct _derivation *d = &derivation.decryption;
5639 smb2_key_derivation(session_key, sizeof(session_key),
5640 d->label.data, d->label.length,
5641 d->context.data, d->context.length,
5642 session->smb2->decryption_key.data);
5645 session->smb2->application_key = data_blob_dup_talloc(session,
5646 session->smb2->signing_key);
5647 if (session->smb2->application_key.data == NULL) {
5648 ZERO_STRUCT(session_key);
5649 return NT_STATUS_NO_MEMORY;
5652 if (conn->protocol >= PROTOCOL_SMB2_24) {
5653 struct _derivation *d = &derivation.application;
5655 smb2_key_derivation(session_key, sizeof(session_key),
5656 d->label.data, d->label.length,
5657 d->context.data, d->context.length,
5658 session->smb2->application_key.data);
5660 ZERO_STRUCT(session_key);
5662 session->smb2_channel.signing_key = data_blob_dup_talloc(session,
5663 session->smb2->signing_key);
5664 if (session->smb2_channel.signing_key.data == NULL) {
5665 return NT_STATUS_NO_MEMORY;
5668 check_signature = conn->mandatory_signing;
5670 hdr_flags = IVAL(recv_iov[0].iov_base, SMB2_HDR_FLAGS);
5671 if (hdr_flags & SMB2_HDR_FLAG_SIGNED) {
5673 * Sadly some vendors don't sign the
5674 * final SMB2 session setup response
5676 * At least Windows and Samba are always doing this
5677 * if there's a session key available.
5679 * We only check the signature if it's mandatory
5680 * or SMB2_HDR_FLAG_SIGNED is provided.
5682 check_signature = true;
5685 if (conn->protocol >= PROTOCOL_SMB3_10) {
5686 check_signature = true;
5689 if (check_signature) {
5690 status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
5691 session->conn->protocol,
5693 if (!NT_STATUS_IS_OK(status)) {
5698 session->smb2->should_sign = false;
5699 session->smb2->should_encrypt = false;
5701 if (conn->desire_signing) {
5702 session->smb2->should_sign = true;
5705 if (conn->smb2.server.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
5706 session->smb2->should_sign = true;
5709 if (session->smb2->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) {
5710 session->smb2->should_encrypt = true;
5713 if (conn->protocol < PROTOCOL_SMB2_24) {
5714 session->smb2->should_encrypt = false;
5717 if (conn->smb2.server.cipher == 0) {
5718 session->smb2->should_encrypt = false;
5722 * CCM and GCM algorithms must never have their
5723 * nonce wrap, or the security of the whole
5724 * communication and the keys is destroyed.
5725 * We must drop the connection once we have
5726 * transfered too much data.
5728 * NOTE: We assume nonces greater than 8 bytes.
5730 generate_random_buffer((uint8_t *)&session->smb2->nonce_high_random,
5731 sizeof(session->smb2->nonce_high_random));
5732 switch (conn->smb2.server.cipher) {
5733 case SMB2_ENCRYPTION_AES128_CCM:
5734 nonce_size = AES_CCM_128_NONCE_SIZE;
5736 case SMB2_ENCRYPTION_AES128_GCM:
5737 nonce_size = AES_GCM_128_IV_SIZE;
5743 session->smb2->nonce_high_max = SMB2_NONCE_HIGH_MAX(nonce_size);
5744 session->smb2->nonce_high = 0;
5745 session->smb2->nonce_low = 0;
5747 return NT_STATUS_OK;
5750 NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx,
5751 struct smbXcli_session *session1,
5752 struct smbXcli_conn *conn,
5753 struct smbXcli_session **_session2)
5755 struct smbXcli_session *session2;
5757 if (session1->smb2->signing_key.length == 0) {
5758 return NT_STATUS_INVALID_PARAMETER_MIX;
5762 return NT_STATUS_INVALID_PARAMETER_MIX;
5765 session2 = talloc_zero(mem_ctx, struct smbXcli_session);
5766 if (session2 == NULL) {
5767 return NT_STATUS_NO_MEMORY;
5769 session2->smb2 = talloc_reference(session2, session1->smb2);
5770 if (session2->smb2 == NULL) {
5771 talloc_free(session2);
5772 return NT_STATUS_NO_MEMORY;
5775 talloc_set_destructor(session2, smbXcli_session_destructor);
5776 DLIST_ADD_END(conn->sessions, session2, struct smbXcli_session *);
5777 session2->conn = conn;
5779 memcpy(session2->smb2_channel.preauth_sha512,
5780 conn->smb2.preauth_sha512,
5781 sizeof(session2->smb2_channel.preauth_sha512));
5783 *_session2 = session2;
5784 return NT_STATUS_OK;
5787 NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
5788 const DATA_BLOB _channel_key,
5789 const struct iovec *recv_iov)
5791 struct smbXcli_conn *conn = session->conn;
5792 uint8_t channel_key[16];
5794 struct _derivation {
5799 struct _derivation signing;
5803 return NT_STATUS_INVALID_PARAMETER_MIX;
5806 if (session->smb2_channel.signing_key.length != 0) {
5807 return NT_STATUS_INVALID_PARAMETER_MIX;
5810 if (conn->protocol >= PROTOCOL_SMB3_10) {
5811 struct _derivation *d;
5814 p = data_blob_const(session->smb2_channel.preauth_sha512,
5815 sizeof(session->smb2_channel.preauth_sha512));
5817 d = &derivation.signing;
5818 d->label = data_blob_string_const_null("SMBSigningKey");
5820 } else if (conn->protocol >= PROTOCOL_SMB2_24) {
5821 struct _derivation *d;
5823 d = &derivation.signing;
5824 d->label = data_blob_string_const_null("SMB2AESCMAC");
5825 d->context = data_blob_string_const_null("SmbSign");
5828 ZERO_STRUCT(channel_key);
5829 memcpy(channel_key, _channel_key.data,
5830 MIN(_channel_key.length, sizeof(channel_key)));
5832 session->smb2_channel.signing_key = data_blob_talloc(session,
5834 sizeof(channel_key));
5835 if (session->smb2_channel.signing_key.data == NULL) {
5836 ZERO_STRUCT(channel_key);
5837 return NT_STATUS_NO_MEMORY;
5840 if (conn->protocol >= PROTOCOL_SMB2_24) {
5841 struct _derivation *d = &derivation.signing;
5843 smb2_key_derivation(channel_key, sizeof(channel_key),
5844 d->label.data, d->label.length,
5845 d->context.data, d->context.length,
5846 session->smb2_channel.signing_key.data);
5848 ZERO_STRUCT(channel_key);
5850 status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
5851 session->conn->protocol,
5853 if (!NT_STATUS_IS_OK(status)) {
5857 return NT_STATUS_OK;
5860 NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
5862 if (session->smb2->should_encrypt) {
5863 return NT_STATUS_OK;
5866 if (session->conn->protocol < PROTOCOL_SMB2_24) {
5867 return NT_STATUS_NOT_SUPPORTED;
5870 if (session->conn->smb2.server.cipher == 0) {
5871 return NT_STATUS_NOT_SUPPORTED;
5874 if (session->smb2->signing_key.data == NULL) {
5875 return NT_STATUS_NOT_SUPPORTED;
5877 session->smb2->should_encrypt = true;
5878 return NT_STATUS_OK;
5881 struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx)
5883 struct smbXcli_tcon *tcon;
5885 tcon = talloc_zero(mem_ctx, struct smbXcli_tcon);
5893 void smbXcli_tcon_set_fs_attributes(struct smbXcli_tcon *tcon,
5894 uint32_t fs_attributes)
5896 tcon->fs_attributes = fs_attributes;
5899 uint32_t smbXcli_tcon_get_fs_attributes(struct smbXcli_tcon *tcon)
5901 return tcon->fs_attributes;
5904 bool smbXcli_tcon_is_dfs_share(struct smbXcli_tcon *tcon)
5910 if (tcon->is_smb1) {
5911 if (tcon->smb1.optional_support & SMB_SHARE_IN_DFS) {
5918 if (tcon->smb2.capabilities & SMB2_SHARE_CAP_DFS) {
5925 uint16_t smb1cli_tcon_current_id(struct smbXcli_tcon *tcon)
5927 return tcon->smb1.tcon_id;
5930 void smb1cli_tcon_set_id(struct smbXcli_tcon *tcon, uint16_t tcon_id)
5932 tcon->is_smb1 = true;
5933 tcon->smb1.tcon_id = tcon_id;
5936 bool smb1cli_tcon_set_values(struct smbXcli_tcon *tcon,
5938 uint16_t optional_support,
5939 uint32_t maximal_access,
5940 uint32_t guest_maximal_access,
5941 const char *service,
5942 const char *fs_type)
5944 tcon->is_smb1 = true;
5945 tcon->fs_attributes = 0;
5946 tcon->smb1.tcon_id = tcon_id;
5947 tcon->smb1.optional_support = optional_support;
5948 tcon->smb1.maximal_access = maximal_access;
5949 tcon->smb1.guest_maximal_access = guest_maximal_access;
5951 TALLOC_FREE(tcon->smb1.service);
5952 tcon->smb1.service = talloc_strdup(tcon, service);
5953 if (service != NULL && tcon->smb1.service == NULL) {
5957 TALLOC_FREE(tcon->smb1.fs_type);
5958 tcon->smb1.fs_type = talloc_strdup(tcon, fs_type);
5959 if (fs_type != NULL && tcon->smb1.fs_type == NULL) {
5966 uint32_t smb2cli_tcon_current_id(struct smbXcli_tcon *tcon)
5968 return tcon->smb2.tcon_id;
5971 uint32_t smb2cli_tcon_capabilities(struct smbXcli_tcon *tcon)
5973 return tcon->smb2.capabilities;
5976 void smb2cli_tcon_set_values(struct smbXcli_tcon *tcon,
5977 struct smbXcli_session *session,
5981 uint32_t capabilities,
5982 uint32_t maximal_access)
5984 tcon->is_smb1 = false;
5985 tcon->fs_attributes = 0;
5986 tcon->smb2.tcon_id = tcon_id;
5987 tcon->smb2.type = type;
5988 tcon->smb2.flags = flags;
5989 tcon->smb2.capabilities = capabilities;
5990 tcon->smb2.maximal_access = maximal_access;
5992 tcon->smb2.should_sign = false;
5993 tcon->smb2.should_encrypt = false;
5995 if (session == NULL) {
5999 tcon->smb2.should_sign = session->smb2->should_sign;
6000 tcon->smb2.should_encrypt = session->smb2->should_encrypt;
6002 if (flags & SMB2_SHAREFLAG_ENCRYPT_DATA) {
6003 tcon->smb2.should_encrypt = true;
6007 void smb2cli_tcon_should_sign(struct smbXcli_tcon *tcon,
6010 tcon->smb2.should_sign = should_sign;
6013 bool smb2cli_tcon_is_signing_on(struct smbXcli_tcon *tcon)
6015 if (tcon->smb2.should_encrypt) {
6019 return tcon->smb2.should_sign;
6022 void smb2cli_tcon_should_encrypt(struct smbXcli_tcon *tcon,
6023 bool should_encrypt)
6025 tcon->smb2.should_encrypt = should_encrypt;
6028 bool smb2cli_tcon_is_encryption_on(struct smbXcli_tcon *tcon)
6030 return tcon->smb2.should_encrypt;