*/
#include "includes.h"
+#include "dlinklist.h"
+#include "libcli/raw/libcliraw.h"
+#define TORTURE_TRANS_DATA 0
/*
check out of bounds for incoming data
*/
-static BOOL raw_trans_oob(struct cli_request *req,
+static BOOL raw_trans_oob(struct smbcli_request *req,
uint_t offset, uint_t count)
{
- char *ptr;
+ uint8_t *ptr;
if (count == 0) {
return False;
/****************************************************************************
receive a SMB trans or trans2 response allocating the necessary memory
****************************************************************************/
-NTSTATUS smb_raw_trans2_recv(struct cli_request *req,
+NTSTATUS smb_raw_trans2_recv(struct smbcli_request *req,
TALLOC_CTX *mem_ctx,
struct smb_trans2 *parms)
{
int total_data=0;
int total_param=0;
- char *tdata;
- char *tparam;
+ uint8_t *tdata;
+ uint8_t *tparam;
parms->out.data.length = 0;
parms->out.data.data = NULL;
parms->out.params.length = 0;
parms->out.params.data = NULL;
- if (!cli_request_receive(req)) {
- return cli_request_destroy(req);
+ if (!smbcli_request_receive(req)) {
+ return smbcli_request_destroy(req);
}
/*
* be treated as such.
*/
if (NT_STATUS_IS_ERR(req->status)) {
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
- CLI_CHECK_MIN_WCT(req, 10);
+ SMBCLI_CHECK_MIN_WCT(req, 10);
/* parse out the lengths */
total_data = SVAL(req->in.vwv, VWV(1));
/* allocate it */
if (total_data != 0) {
- tdata = talloc_realloc(mem_ctx, parms->out.data.data,total_data);
+ tdata = talloc(mem_ctx, total_data);
if (!tdata) {
DEBUG(0,("smb_raw_receive_trans: failed to enlarge data buffer to %d bytes\n", total_data));
req->status = NT_STATUS_NO_MEMORY;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
parms->out.data.data = tdata;
}
if (total_param != 0) {
- tparam = talloc_realloc(mem_ctx, parms->out.params.data,total_param);
+ tparam = talloc(mem_ctx, total_param);
if (!tparam) {
DEBUG(0,("smb_raw_receive_trans: failed to enlarge param buffer to %d bytes\n", total_param));
req->status = NT_STATUS_NO_MEMORY;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
parms->out.params.data = tparam;
}
parms->out.setup_count = SVAL(req->in.vwv, VWV(9));
- CLI_CHECK_WCT(req, 10 + parms->out.setup_count);
+ SMBCLI_CHECK_WCT(req, 10 + parms->out.setup_count);
if (parms->out.setup_count > 0) {
int i;
parms->out.setup = talloc(mem_ctx, 2 * parms->out.setup_count);
if (!parms->out.setup) {
req->status = NT_STATUS_NO_MEMORY;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
for (i=0;i<parms->out.setup_count;i++) {
parms->out.setup[i] = SVAL(req->in.vwv, VWV(10+i));
/* they must *only* shrink */
DEBUG(1,("smb_raw_receive_trans: data/params expanded!\n"));
req->status = NT_STATUS_BUFFER_TOO_SMALL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
total_data = total_data2;
param_count + param_disp > total_param) {
DEBUG(1,("smb_raw_receive_trans: Buffer overflow\n"));
req->status = NT_STATUS_BUFFER_TOO_SMALL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
/* check the server isn't being nasty */
raw_trans_oob(req, data_ofs, data_count)) {
DEBUG(1,("smb_raw_receive_trans: out of bounds parameters!\n"));
req->status = NT_STATUS_BUFFER_TOO_SMALL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
if (data_count) {
if (total_data <= parms->out.data.length && total_param <= parms->out.params.length)
break;
- /* to receive more requests we need to mark this request as not received */
- req->in.buffer = NULL;
-
- if (!cli_request_receive(req)) {
+ if (!smbcli_request_receive_more(req)) {
req->status = NT_STATUS_UNSUCCESSFUL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
}
failed:
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
-NTSTATUS smb_raw_trans_recv(struct cli_request *req,
+NTSTATUS smb_raw_trans_recv(struct smbcli_request *req,
TALLOC_CTX *mem_ctx,
struct smb_trans2 *parms)
{
return smb_raw_trans2_recv(req, mem_ctx, parms);
}
-/****************************************************************************
- trans/trans2 raw async interface - only BLOBs used in this interface.
- note that this doesn't yet support multi-part requests
-****************************************************************************/
-struct cli_request *smb_raw_trans_send_backend(struct cli_tree *tree,
- struct smb_trans2 *parms,
- uint8 command)
+
+/*
+ trans/trans2 raw async interface - only BLOBs used in this interface.
+*/
+struct smbcli_request *smb_raw_trans_send_backend(struct smbcli_tree *tree,
+ struct smb_trans2 *parms,
+ uint8_t command)
{
int wct = 14 + parms->in.setup_count;
- struct cli_request *req;
- char *outdata,*outparam;
+ struct smbcli_request *req, *req2;
+ uint8_t *outdata,*outparam;
int i;
int padding;
size_t namelen = 0;
+ uint16_t data_disp, data_length, max_data;
if (command == SMBtrans)
padding = 1;
else
padding = 3;
- req = cli_request_setup(tree, command, wct, padding);
+ req = smbcli_request_setup(tree, command, wct, padding);
if (!req) {
return NULL;
}
-
+
+ /* Watch out, this changes the req->out.* pointers */
+ if (command == SMBtrans && parms->in.trans_name) {
+ namelen = smbcli_req_append_string(req, parms->in.trans_name,
+ STR_TERMINATE);
+ }
+
/* fill in SMB parameters */
outparam = req->out.data + padding;
outdata = outparam + parms->in.params.length;
/* make sure we don't leak data via the padding */
memset(req->out.data, 0, padding);
- if (command == SMBtrans && parms->in.trans_name) {
- namelen = cli_req_append_string(req, parms->in.trans_name,
- STR_TERMINATE);
+ data_length = parms->in.data.length;
+
+ max_data = smb_raw_max_trans_data(tree, parms->in.params.length);
+ if (max_data < data_length) {
+ data_length = max_data;
+ }
+
+#if TORTURE_TRANS_DATA
+ if (data_length > 1) {
+ data_length /= 2;
}
+#endif
/* primary request */
SSVAL(req->out.vwv,VWV(0),parms->in.params.length);
SSVAL(req->out.vwv,VWV(8),0); /* reserved */
SSVAL(req->out.vwv,VWV(9),parms->in.params.length);
SSVAL(req->out.vwv,VWV(10),PTR_DIFF(outparam,req->out.hdr)+namelen);
- SSVAL(req->out.vwv,VWV(11),parms->in.data.length);
+ SSVAL(req->out.vwv,VWV(11),data_length);
SSVAL(req->out.vwv,VWV(12),PTR_DIFF(outdata,req->out.hdr)+namelen);
SSVAL(req->out.vwv,VWV(13),parms->in.setup_count);
for (i=0;i<parms->in.setup_count;i++) {
SSVAL(req->out.vwv,VWV(14)+i*2,parms->in.setup[i]);
}
if (parms->in.params.data) {
- cli_req_append_blob(req, &parms->in.params);
+ smbcli_req_append_blob(req, &parms->in.params);
}
if (parms->in.data.data) {
- cli_req_append_blob(req, &parms->in.data);
+ DATA_BLOB data;
+ data.data = parms->in.data.data;
+ data.length = data_length;
+ smbcli_req_append_blob(req, &data);
}
- if (!cli_request_send(req)) {
- cli_request_destroy(req);
+ if (!smbcli_request_send(req)) {
+ smbcli_request_destroy(req);
return NULL;
}
+
+ data_disp = data_length;
+
+
+ if (data_disp != parms->in.data.length) {
+ /* TODO: this should be done asynchronously .... */
+ if (!smbcli_request_receive(req) ||
+ !NT_STATUS_IS_OK(req->status)) {
+ return req;
+ }
+
+ req->state = SMBCLI_REQUEST_RECV;
+ DLIST_ADD(req->transport->pending_recv, req);
+ }
+
+
+ while (data_disp != parms->in.data.length) {
+ data_length = parms->in.data.length - data_disp;
+
+ max_data = smb_raw_max_trans_data(tree, 0);
+ if (max_data < data_length) {
+ data_length = max_data;
+ }
+
+#if TORTURE_TRANS_DATA
+ if (data_length > 1) {
+ data_length /= 2;
+ }
+#endif
+
+ req2 = smbcli_request_setup(tree, command+1, 9, data_length);
+ if (!req2) {
+ return NULL;
+ }
+ req2->mid = req->mid;
+ SSVAL(req2->out.hdr, HDR_MID, req2->mid);
+
+ outdata = req2->out.data;
+
+ SSVAL(req2->out.vwv,VWV(0), parms->in.params.length);
+ SSVAL(req2->out.vwv,VWV(1), parms->in.data.length);
+ SSVAL(req2->out.vwv,VWV(2), 0);
+ SSVAL(req2->out.vwv,VWV(3), 0);
+ SSVAL(req2->out.vwv,VWV(4), 0);
+ SSVAL(req2->out.vwv,VWV(5), data_length);
+ SSVAL(req2->out.vwv,VWV(6), PTR_DIFF(outdata,req2->out.hdr));
+ SSVAL(req2->out.vwv,VWV(7), data_disp);
+ SSVAL(req2->out.vwv,VWV(8), 0xFFFF);
+
+ memcpy(req2->out.data, parms->in.data.data + data_disp, data_length);
+
+ data_disp += data_length;
+
+ req2->one_way_request = 1;
+
+ if (!smbcli_request_send(req2)) {
+ smbcli_request_destroy(req2);
+ return NULL;
+ }
+
+ req->seq_num = req2->seq_num;
+ }
+
return req;
}
-/****************************************************************************
- trans/trans2 raw async interface - only BLOBs used in this interface.
-note that this doesn't yet support multi-part requests
-****************************************************************************/
-struct cli_request *smb_raw_trans_send(struct cli_tree *tree,
+/*
+ trans/trans2 raw async interface - only BLOBs used in this interface.
+ note that this doesn't yet support multi-part requests
+*/
+struct smbcli_request *smb_raw_trans_send(struct smbcli_tree *tree,
struct smb_trans2 *parms)
{
return smb_raw_trans_send_backend(tree, parms, SMBtrans);
}
-struct cli_request *smb_raw_trans2_send(struct cli_tree *tree,
+struct smbcli_request *smb_raw_trans2_send(struct smbcli_tree *tree,
struct smb_trans2 *parms)
{
return smb_raw_trans_send_backend(tree, parms, SMBtrans2);
/*
trans2 synchronous blob interface
*/
-NTSTATUS smb_raw_trans2(struct cli_tree *tree,
+NTSTATUS smb_raw_trans2(struct smbcli_tree *tree,
TALLOC_CTX *mem_ctx,
struct smb_trans2 *parms)
{
- struct cli_request *req;
+ struct smbcli_request *req;
req = smb_raw_trans2_send(tree, parms);
if (!req) return NT_STATUS_UNSUCCESSFUL;
return smb_raw_trans2_recv(req, mem_ctx, parms);
/*
trans synchronous blob interface
*/
-NTSTATUS smb_raw_trans(struct cli_tree *tree,
+NTSTATUS smb_raw_trans(struct smbcli_tree *tree,
TALLOC_CTX *mem_ctx,
struct smb_trans2 *parms)
{
- struct cli_request *req;
+ struct smbcli_request *req;
req = smb_raw_trans_send(tree, parms);
if (!req) return NT_STATUS_UNSUCCESSFUL;
return smb_raw_trans_recv(req, mem_ctx, parms);
}
+
/****************************************************************************
receive a SMB nttrans response allocating the necessary memory
****************************************************************************/
-NTSTATUS smb_raw_nttrans_recv(struct cli_request *req,
+NTSTATUS smb_raw_nttrans_recv(struct smbcli_request *req,
TALLOC_CTX *mem_ctx,
struct smb_nttrans *parms)
{
uint32_t total_data, recvd_data=0;
uint32_t total_param, recvd_param=0;
- if (!cli_request_receive(req) ||
- cli_request_is_error(req)) {
- return cli_request_destroy(req);
+ if (!smbcli_request_receive(req) ||
+ smbcli_request_is_error(req)) {
+ return smbcli_request_destroy(req);
}
/* sanity check */
"SMBnttrans",
CVAL(req->in.hdr,HDR_COM)));
req->status = NT_STATUS_UNSUCCESSFUL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
- CLI_CHECK_MIN_WCT(req, 18);
+ SMBCLI_CHECK_MIN_WCT(req, 18);
/* parse out the lengths */
total_param = IVAL(req->in.vwv, 3);
if (parms->out.data.length != total_data ||
parms->out.params.length != total_param) {
req->status = NT_STATUS_NO_MEMORY;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
parms->out.setup_count = CVAL(req->in.vwv, 35);
- CLI_CHECK_WCT(req, 18 + parms->out.setup_count);
+ SMBCLI_CHECK_WCT(req, 18 + parms->out.setup_count);
if (parms->out.setup_count > 0) {
int i;
parms->out.setup = talloc(mem_ctx, 2 * parms->out.setup_count);
if (!parms->out.setup) {
req->status = NT_STATUS_NO_MEMORY;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
for (i=0;i<parms->out.setup_count;i++) {
parms->out.setup[i] = SVAL(req->in.vwv, VWV(18+i));
/* they must *only* shrink */
DEBUG(1,("smb_raw_receive_nttrans: data/params expanded!\n"));
req->status = NT_STATUS_BUFFER_TOO_SMALL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
total_data = total_data2;
param_count + param_disp > total_param) {
DEBUG(1,("smb_raw_receive_nttrans: Buffer overflow\n"));
req->status = NT_STATUS_BUFFER_TOO_SMALL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
/* check the server isn't being nasty */
raw_trans_oob(req, data_ofs, data_count)) {
DEBUG(1,("smb_raw_receive_nttrans: out of bounds parameters!\n"));
req->status = NT_STATUS_BUFFER_TOO_SMALL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
if (data_count) {
break;
}
- if (!cli_request_receive(req) ||
- cli_request_is_error(req)) {
- return cli_request_destroy(req);
+ if (!smbcli_request_receive(req) ||
+ smbcli_request_is_error(req)) {
+ return smbcli_request_destroy(req);
}
/* sanity check */
DEBUG(0,("smb_raw_receive_nttrans: Expected nttranss, got command 0x%02x\n",
CVAL(req->in.hdr, HDR_COM)));
req->status = NT_STATUS_UNSUCCESSFUL;
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
}
failed:
- return cli_request_destroy(req);
+ return smbcli_request_destroy(req);
}
nttrans raw - only BLOBs used in this interface.
at the moment we only handle a single primary request
****************************************************************************/
-struct cli_request *smb_raw_nttrans_send(struct cli_tree *tree,
+struct smbcli_request *smb_raw_nttrans_send(struct smbcli_tree *tree,
struct smb_nttrans *parms)
{
- struct cli_request *req;
- char *outdata, *outparam;
+ struct smbcli_request *req;
+ uint8_t *outdata, *outparam;
int i;
int align = 0;
align = 3;
}
- req = cli_request_setup(tree, SMBnttrans,
+ req = smbcli_request_setup(tree, SMBnttrans,
19 + parms->in.setup_count,
align +
parms->in.params.length +
outparam = req->out.data + align;
outdata = outparam + parms->in.params.length;
+ if (align != 0) {
+ memset(req->out.data, 0, align);
+ }
+
SCVAL(req->out.vwv, 0, parms->in.max_setup);
SSVAL(req->out.vwv, 1, 0); /* reserved */
SIVAL(req->out.vwv, 3, parms->in.params.length);
memcpy(outparam, parms->in.params.data, parms->in.params.length);
}
if (parms->in.data.length) {
- memcpy(outparam, parms->in.data.data, parms->in.data.length);
+ memcpy(outdata, parms->in.data.data, parms->in.data.length);
}
- if (!cli_request_send(req)) {
- cli_request_destroy(req);
+ if (!smbcli_request_send(req)) {
+ smbcli_request_destroy(req);
return NULL;
}
/****************************************************************************
receive a SMB nttrans response allocating the necessary memory
****************************************************************************/
-NTSTATUS smb_raw_nttrans(struct cli_tree *tree,
+NTSTATUS smb_raw_nttrans(struct smbcli_tree *tree,
TALLOC_CTX *mem_ctx,
struct smb_nttrans *parms)
{
- struct cli_request *req;
+ struct smbcli_request *req;
req = smb_raw_nttrans_send(tree, parms);
if (!req) {
return smb_raw_nttrans_recv(req, mem_ctx, parms);
}
+
+/*
+ work out the maximum data size for a trans request while avoiding
+ multi-part replies
+
+ TODO: we only need to avoid multi-part replies because the
+ multi-part trans receive code is broken.
+*/
+size_t smb_raw_max_trans_data(struct smbcli_tree *tree, size_t param_size)
+{
+ return tree->session->transport->options.max_xmit - (70 + param_size);
+}