2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 static void cli_state_handler(struct event_context *event_ctx,
23 struct fd_event *event, uint16 flags, void *p);
26 * Fetch an error out of a NBT packet
27 * @param[in] buf The SMB packet
28 * @retval The error, converted to NTSTATUS
31 NTSTATUS cli_pull_error(char *buf)
33 uint32_t flags2 = SVAL(buf, smb_flg2);
35 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
36 return NT_STATUS(IVAL(buf, smb_rcls));
39 /* if the client uses dos errors, but there is no error,
40 we should return no error here, otherwise it looks
41 like an unknown bad NT_STATUS. jmcd */
42 if (CVAL(buf, smb_rcls) == 0)
45 return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
49 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
50 * @param[in] cli The client connection that just received an error
51 * @param[in] status The error to set on "cli"
54 void cli_set_error(struct cli_state *cli, NTSTATUS status)
56 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
58 if (NT_STATUS_IS_DOS(status)) {
59 SSVAL(cli->inbuf, smb_flg2,
60 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
61 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
62 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
66 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
67 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
73 * @param[in] cli The client connection
74 * @retval The new, unused mid
77 static uint16_t cli_new_mid(struct cli_state *cli)
80 struct cli_request *req;
88 for (req = cli->outstanding_requests; req; req = req->next) {
89 if (result == req->mid) {
101 * Print an async req that happens to be a cli_request
102 * @param[in] mem_ctx The TALLOC_CTX to put the result on
103 * @param[in] req The request to print
104 * @retval The string representation of "req"
107 static char *cli_request_print(TALLOC_CTX *mem_ctx, struct async_req *req)
109 char *result = async_req_print(mem_ctx, req);
110 struct cli_request *cli_req = talloc_get_type_abort(
111 req->private_data, struct cli_request);
113 if (result == NULL) {
117 return talloc_asprintf_append_buffer(
118 result, "mid=%d\n", cli_req->mid);
122 * Destroy a cli_request
123 * @param[in] req The cli_request to kill
127 static int cli_request_destructor(struct cli_request *req)
129 if (req->enc_state != NULL) {
130 common_free_enc_buffer(req->enc_state, (char *)req->outbuf);
132 DLIST_REMOVE(req->cli->outstanding_requests, req);
133 if (req->cli->outstanding_requests == NULL) {
134 TALLOC_FREE(req->cli->fd_event);
140 * Are there already requests waiting in the chain_accumulator?
141 * @param[in] cli The cli_state we want to check
145 bool cli_in_chain(struct cli_state *cli)
147 if (cli->chain_accumulator == NULL) {
151 return (cli->chain_accumulator->num_async != 0);
155 * Is the SMB command able to hold an AND_X successor
156 * @param[in] cmd The SMB command in question
157 * @retval Can we add a chained request after "cmd"?
160 static bool is_andx_req(uint8_t cmd)
181 * @brief Find the smb_cmd offset of the last command pushed
182 * @param[in] buf The buffer we're building up
183 * @retval Where can we put our next andx cmd?
185 * While chaining requests, the "next" request we're looking at needs to put
186 * its SMB_Command before the data the previous request already built up added
187 * to the chain. Find the offset to the place where we have to put our cmd.
190 static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
195 cmd = CVAL(buf, smb_com);
197 SMB_ASSERT(is_andx_req(cmd));
201 while (CVAL(buf, ofs) != 0xff) {
203 if (!is_andx_req(CVAL(buf, ofs))) {
208 * ofs is from start of smb header, so add the 4 length
209 * bytes. The next cmd is right after the wct field.
211 ofs = SVAL(buf, ofs+2) + 4 + 1;
213 SMB_ASSERT(ofs+4 < talloc_get_size(buf));
221 * @brief Do the smb chaining at a buffer level
222 * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
223 * @param[in] smb_command The command that we want to issue
224 * @param[in] wct How many words?
225 * @param[in] vwv The words, already in network order
226 * @param[in] bytes_alignment How shall we align "bytes"?
227 * @param[in] num_bytes How many bytes?
228 * @param[in] bytes The data the request ships
230 * smb_splice_chain() adds the vwv and bytes to the request already present in
234 bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
235 uint8_t wct, const uint16_t *vwv,
236 size_t bytes_alignment,
237 uint32_t num_bytes, const uint8_t *bytes)
240 size_t old_size, new_size;
242 size_t chain_padding = 0;
243 size_t bytes_padding = 0;
246 old_size = talloc_get_size(*poutbuf);
249 * old_size == smb_wct means we're pushing the first request in for
253 first_request = (old_size == smb_wct);
255 if (!first_request && ((old_size % 4) != 0)) {
257 * Align the wct field of subsequent requests to a 4-byte
260 chain_padding = 4 - (old_size % 4);
264 * After the old request comes the new wct field (1 byte), the vwv's
265 * and the num_bytes field. After at we might need to align the bytes
266 * given to us to "bytes_alignment", increasing the num_bytes value.
269 new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
271 if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) {
272 bytes_padding = bytes_alignment - (new_size % bytes_alignment);
275 new_size += bytes_padding + num_bytes;
277 if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
278 DEBUG(1, ("splice_chain: %u bytes won't fit\n",
279 (unsigned)new_size));
283 outbuf = TALLOC_REALLOC_ARRAY(NULL, *poutbuf, uint8_t, new_size);
284 if (outbuf == NULL) {
285 DEBUG(0, ("talloc failed\n"));
291 SCVAL(outbuf, smb_com, smb_command);
295 if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
296 DEBUG(1, ("invalid command chain\n"));
297 *poutbuf = TALLOC_REALLOC_ARRAY(
298 NULL, *poutbuf, uint8_t, old_size);
302 if (chain_padding != 0) {
303 memset(outbuf + old_size, 0, chain_padding);
304 old_size += chain_padding;
307 SCVAL(outbuf, andx_cmd_ofs, smb_command);
308 SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
314 * Push the chained request:
319 SCVAL(outbuf, ofs, wct);
326 memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
327 ofs += sizeof(uint16_t) * wct;
333 SSVAL(outbuf, ofs, num_bytes + bytes_padding);
334 ofs += sizeof(uint16_t);
340 if (bytes_padding != 0) {
341 memset(outbuf + ofs, 0, bytes_padding);
342 ofs += bytes_padding;
349 memcpy(outbuf + ofs, bytes, num_bytes);
355 * @brief Destroy an async_req that is the visible part of a cli_request
356 * @param[in] req The request to kill
357 * @retval Return 0 to make talloc happy
359 * This destructor is a bit tricky: Because a cli_request can host more than
360 * one async_req for chained requests, we need to make sure that the
361 * "cli_request" that we were part of is correctly destroyed at the right
362 * time. This is done by NULLing out ourself from the "async" member of our
363 * "cli_request". If there is none left, then also TALLOC_FREE() the
364 * cli_request, which was a talloc child of the client connection cli_state.
367 static int cli_async_req_destructor(struct async_req *req)
369 struct cli_request *cli_req = talloc_get_type_abort(
370 req->private_data, struct cli_request);
376 for (i=0; i<cli_req->num_async; i++) {
377 if (cli_req->async[i] == req) {
378 cli_req->async[i] = NULL;
381 if (cli_req->async[i] != NULL) {
389 TALLOC_FREE(cli_req);
396 * @brief Chain up a request
397 * @param[in] mem_ctx The TALLOC_CTX for the result
398 * @param[in] ev The event context that will call us back
399 * @param[in] cli The cli_state we queue the request up for
400 * @param[in] smb_command The command that we want to issue
401 * @param[in] additional_flags open_and_x wants to add oplock header flags
402 * @param[in] wct How many words?
403 * @param[in] vwv The words, already in network order
404 * @param[in] num_bytes How many bytes?
405 * @param[in] bytes The data the request ships
407 * cli_request_chain() is the core of the SMB request marshalling routine. It
408 * will create a new async_req structure in the cli->chain_accumulator->async
409 * array and marshall the smb_cmd, the vwv array and the bytes into
410 * cli->chain_accumulator->outbuf.
413 static struct async_req *cli_request_chain(TALLOC_CTX *mem_ctx,
414 struct event_context *ev,
415 struct cli_state *cli,
417 uint8_t additional_flags,
418 uint8_t wct, const uint16_t *vwv,
419 size_t bytes_alignment,
421 const uint8_t *bytes)
423 struct async_req **tmp_reqs;
424 struct cli_request *req;
426 req = cli->chain_accumulator;
428 tmp_reqs = TALLOC_REALLOC_ARRAY(req, req->async, struct async_req *,
430 if (tmp_reqs == NULL) {
431 DEBUG(0, ("talloc failed\n"));
434 req->async = tmp_reqs;
437 req->async[req->num_async-1] = async_req_new(mem_ctx, ev);
438 if (req->async[req->num_async-1] == NULL) {
439 DEBUG(0, ("async_req_new failed\n"));
443 req->async[req->num_async-1]->private_data = req;
444 req->async[req->num_async-1]->print = cli_request_print;
445 talloc_set_destructor(req->async[req->num_async-1],
446 cli_async_req_destructor);
448 if (!smb_splice_chain(&req->outbuf, smb_command, wct, vwv,
449 bytes_alignment, num_bytes, bytes)) {
453 return req->async[req->num_async-1];
456 TALLOC_FREE(req->async[req->num_async-1]);
462 * @brief prepare a cli_state to accept a chain of requests
463 * @param[in] cli The cli_state we want to queue up in
464 * @param[in] ev The event_context that will call us back for the socket
465 * @param[in] size_hint How many bytes are expected, just an optimization
466 * @retval Did we have enough memory?
468 * cli_chain_cork() sets up a new cli_request in cli->chain_accumulator. If
469 * cli is used in an async fashion, i.e. if we have outstanding requests, then
470 * we do not have to create a fd event. If cli is used only with the sync
471 * helpers, we need to create the fd_event here.
473 * If you want to issue a chained request to the server, do a
474 * cli_chain_cork(), then do you cli_open_send(), cli_read_and_x_send(),
475 * cli_close_send() and so on. The async requests that come out of
476 * cli_xxx_send() are normal async requests with the difference that they
477 * won't be shipped individually. But the event_context will still trigger the
478 * req->async.fn to be called on every single request.
480 * You have to take care yourself that you only issue chainable requests in
481 * the middle of the chain.
484 bool cli_chain_cork(struct cli_state *cli, struct event_context *ev,
487 struct cli_request *req = NULL;
489 SMB_ASSERT(cli->chain_accumulator == NULL);
492 DEBUG(10, ("cli->fd closed\n"));
496 if (cli->fd_event == NULL) {
497 SMB_ASSERT(cli->outstanding_requests == NULL);
498 cli->fd_event = event_add_fd(ev, cli, cli->fd,
500 cli_state_handler, cli);
501 if (cli->fd_event == NULL) {
506 req = talloc(cli, struct cli_request);
512 if (size_hint == 0) {
515 req->outbuf = talloc_array(req, uint8_t, smb_wct + size_hint);
516 if (req->outbuf == NULL) {
519 req->outbuf = TALLOC_REALLOC_ARRAY(NULL, req->outbuf, uint8_t,
525 req->enc_state = NULL;
526 req->recv_helper.fn = NULL;
528 SSVAL(req->outbuf, smb_tid, cli->cnum);
529 cli_setup_packet_buf(cli, (char *)req->outbuf);
531 req->mid = cli_new_mid(cli);
533 cli->chain_accumulator = req;
535 DEBUG(10, ("cli_chain_cork: mid=%d\n", req->mid));
540 if (cli->outstanding_requests == NULL) {
541 TALLOC_FREE(cli->fd_event);
547 * Ship a request queued up via cli_request_chain()
548 * @param[in] cl The connection
551 void cli_chain_uncork(struct cli_state *cli)
553 struct cli_request *req = cli->chain_accumulator;
555 SMB_ASSERT(req != NULL);
557 DLIST_ADD_END(cli->outstanding_requests, req, struct cli_request *);
558 talloc_set_destructor(req, cli_request_destructor);
560 cli->chain_accumulator = NULL;
562 SSVAL(req->outbuf, smb_mid, req->mid);
563 smb_setlen((char *)req->outbuf, talloc_get_size(req->outbuf) - 4);
565 cli_calculate_sign_mac(cli, (char *)req->outbuf);
567 if (cli_encryption_on(cli)) {
571 status = cli_encrypt_message(cli, (char *)req->outbuf,
573 if (!NT_STATUS_IS_OK(status)) {
574 DEBUG(0, ("Error in encrypting client message. "
575 "Error %s\n", nt_errstr(status)));
579 req->outbuf = (uint8_t *)enc_buf;
580 req->enc_state = cli->trans_enc_state;
585 event_fd_set_writeable(cli->fd_event);
589 * @brief Send a request to the server
590 * @param[in] mem_ctx The TALLOC_CTX for the result
591 * @param[in] ev The event context that will call us back
592 * @param[in] cli The cli_state we queue the request up for
593 * @param[in] smb_command The command that we want to issue
594 * @param[in] additional_flags open_and_x wants to add oplock header flags
595 * @param[in] wct How many words?
596 * @param[in] vwv The words, already in network order
597 * @param[in] bytes_alignment How shall we align "bytes"?
598 * @param[in] num_bytes How many bytes?
599 * @param[in] bytes The data the request ships
601 * This is the generic routine to be used by the cli_xxx_send routines.
604 struct async_req *cli_request_send(TALLOC_CTX *mem_ctx,
605 struct event_context *ev,
606 struct cli_state *cli,
608 uint8_t additional_flags,
609 uint8_t wct, const uint16_t *vwv,
610 size_t bytes_alignment,
611 uint32_t num_bytes, const uint8_t *bytes)
613 struct async_req *result;
616 if (cli->chain_accumulator == NULL) {
617 if (!cli_chain_cork(cli, ev,
618 wct * sizeof(uint16_t) + num_bytes + 3)) {
619 DEBUG(1, ("cli_chain_cork failed\n"));
625 result = cli_request_chain(mem_ctx, ev, cli, smb_command,
626 additional_flags, wct, vwv, bytes_alignment,
629 if (result == NULL) {
630 DEBUG(1, ("cli_request_chain failed\n"));
634 cli_chain_uncork(cli);
641 * Figure out if there is an andx command behind the current one
642 * @param[in] buf The smb buffer to look at
643 * @param[in] ofs The offset to the wct field that is followed by the cmd
644 * @retval Is there a command following?
647 static bool have_andx_command(const char *buf, uint16_t ofs)
650 size_t buflen = talloc_get_size(buf);
652 if ((ofs == buflen-1) || (ofs == buflen)) {
656 wct = CVAL(buf, ofs);
659 * Not enough space for the command and a following pointer
663 return (CVAL(buf, ofs+1) != 0xff);
667 * @brief Pull reply data out of a request
668 * @param[in] req The request that we just received a reply for
669 * @param[out] pwct How many words did the server send?
670 * @param[out] pvwv The words themselves
671 * @param[out] pnum_bytes How many bytes did the server send?
672 * @param[out] pbytes The bytes themselves
673 * @retval Was the reply formally correct?
676 NTSTATUS cli_pull_reply(struct async_req *req,
677 uint8_t *pwct, uint16_t **pvwv,
678 uint16_t *pnum_bytes, uint8_t **pbytes)
680 struct cli_request *cli_req = talloc_get_type_abort(
681 req->private_data, struct cli_request);
684 size_t wct_ofs, bytes_offset;
688 for (i = 0; i < cli_req->num_async; i++) {
689 if (req == cli_req->async[i]) {
694 if (i == cli_req->num_async) {
695 cli_set_error(cli_req->cli, NT_STATUS_INVALID_PARAMETER);
696 return NT_STATUS_INVALID_PARAMETER;
700 * The status we pull here is only relevant for the last reply in the
704 status = cli_pull_error(cli_req->inbuf);
707 if (NT_STATUS_IS_ERR(status)
708 && !have_andx_command(cli_req->inbuf, smb_wct)) {
709 cli_set_error(cli_req->cli, status);
716 cmd = CVAL(cli_req->inbuf, smb_com);
719 for (j = 0; j < i; j++) {
722 return NT_STATUS_REQUEST_ABORTED;
724 if (!is_andx_req(cmd)) {
725 return NT_STATUS_INVALID_NETWORK_RESPONSE;
729 if (!have_andx_command(cli_req->inbuf, wct_ofs)) {
731 * This request was not completed because a previous
732 * request in the chain had received an error.
734 return NT_STATUS_REQUEST_ABORTED;
737 wct_ofs = SVAL(cli_req->inbuf, wct_ofs + 3);
740 * Skip the all-present length field. No overflow, we've just
741 * put a 16-bit value into a size_t.
745 if (wct_ofs+2 > talloc_get_size(cli_req->inbuf)) {
746 return NT_STATUS_INVALID_NETWORK_RESPONSE;
749 cmd = CVAL(cli_req->inbuf, wct_ofs + 1);
752 if (!have_andx_command(cli_req->inbuf, wct_ofs)
753 && NT_STATUS_IS_ERR(status)) {
755 * The last command takes the error code. All further commands
756 * down the requested chain will get a
757 * NT_STATUS_REQUEST_ABORTED.
763 wct = CVAL(cli_req->inbuf, wct_ofs);
765 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
766 num_bytes = SVAL(cli_req->inbuf, bytes_offset);
769 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
770 * is a 16-bit value. So bytes_offset being size_t should be far from
774 if ((bytes_offset + 2 > talloc_get_size(cli_req->inbuf))
775 || (bytes_offset > 0xffff)) {
776 return NT_STATUS_INVALID_NETWORK_RESPONSE;
780 *pvwv = (uint16_t *)(cli_req->inbuf + wct_ofs + 1);
781 *pnum_bytes = num_bytes;
782 *pbytes = (uint8_t *)cli_req->inbuf + bytes_offset + 2;
788 * Decrypt a PDU, check the signature
789 * @param[in] cli The cli_state that received something
790 * @param[in] pdu The incoming bytes
795 static NTSTATUS validate_smb_crypto(struct cli_state *cli, char *pdu)
799 if ((IVAL(pdu, 4) != 0x424d53ff) /* 0xFF"SMB" */
800 && (SVAL(pdu, 4) != 0x45ff)) /* 0xFF"E" */ {
801 DEBUG(10, ("Got non-SMB PDU\n"));
802 return NT_STATUS_INVALID_NETWORK_RESPONSE;
805 if (cli_encryption_on(cli) && CVAL(pdu, 0) == 0) {
806 uint16_t enc_ctx_num;
808 status = get_enc_ctx_num((uint8_t *)pdu, &enc_ctx_num);
809 if (!NT_STATUS_IS_OK(status)) {
810 DEBUG(10, ("get_enc_ctx_num returned %s\n",
815 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
816 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
818 cli->trans_enc_state->enc_ctx_num));
819 return NT_STATUS_INVALID_HANDLE;
822 status = common_decrypt_buffer(cli->trans_enc_state, pdu);
823 if (!NT_STATUS_IS_OK(status)) {
824 DEBUG(10, ("common_decrypt_buffer returned %s\n",
830 if (!cli_check_sign_mac(cli, pdu)) {
831 DEBUG(10, ("cli_check_sign_mac failed\n"));
832 return NT_STATUS_ACCESS_DENIED;
839 * A PDU has arrived on cli->evt_inbuf
840 * @param[in] cli The cli_state that received something
843 static void handle_incoming_pdu(struct cli_state *cli)
845 struct cli_request *req;
847 size_t raw_pdu_len, buf_len, pdu_len, rest_len;
855 * The encrypted PDU len might differ from the unencrypted one
857 raw_pdu_len = smb_len(cli->evt_inbuf) + 4;
858 buf_len = talloc_get_size(cli->evt_inbuf);
859 rest_len = buf_len - raw_pdu_len;
861 if (buf_len == raw_pdu_len) {
863 * Optimal case: Exactly one PDU was in the socket buffer
865 pdu = cli->evt_inbuf;
866 cli->evt_inbuf = NULL;
869 DEBUG(11, ("buf_len = %d, raw_pdu_len = %d, splitting "
870 "buffer\n", (int)buf_len, (int)raw_pdu_len));
872 if (raw_pdu_len < rest_len) {
874 * The PDU is shorter, talloc_memdup that one.
876 pdu = (char *)talloc_memdup(
877 cli, cli->evt_inbuf, raw_pdu_len);
879 memmove(cli->evt_inbuf, cli->evt_inbuf + raw_pdu_len,
880 buf_len - raw_pdu_len);
882 cli->evt_inbuf = TALLOC_REALLOC_ARRAY(
883 NULL, cli->evt_inbuf, char, rest_len);
886 status = NT_STATUS_NO_MEMORY;
887 goto invalidate_requests;
892 * The PDU is larger than the rest, talloc_memdup the
895 pdu = cli->evt_inbuf;
897 cli->evt_inbuf = (char *)talloc_memdup(
898 cli, pdu + raw_pdu_len, rest_len);
900 if (cli->evt_inbuf == NULL) {
901 status = NT_STATUS_NO_MEMORY;
902 goto invalidate_requests;
907 status = validate_smb_crypto(cli, pdu);
908 if (!NT_STATUS_IS_OK(status)) {
909 goto invalidate_requests;
912 mid = SVAL(pdu, smb_mid);
914 DEBUG(10, ("handle_incoming_pdu: got mid %d\n", mid));
916 for (req = cli->outstanding_requests; req; req = req->next) {
917 if (req->mid == mid) {
922 pdu_len = smb_len(pdu) + 4;
925 DEBUG(3, ("Request for mid %d not found, dumping PDU\n", mid));
931 req->inbuf = talloc_move(req, &pdu);
934 * Freeing the last async_req will free the req (see
935 * cli_async_req_destructor). So make a copy of req->num_async, we
936 * can't reference it in the last round.
939 num_async = req->num_async;
941 for (i=0; i<num_async; i++) {
943 * A request might have been talloc_free()'ed before we arrive
944 * here. It will have removed itself from req->async via its
945 * destructor cli_async_req_destructor().
947 if (req->async[i] != NULL) {
948 if (req->recv_helper.fn != NULL) {
949 req->recv_helper.fn(req->async[i]);
951 async_req_done(req->async[i]);
959 DEBUG(10, ("handle_incoming_pdu: Aborting with %s\n",
962 for (req = cli->outstanding_requests; req; req = req->next) {
963 async_req_error(req->async[0], status);
969 * fd event callback. This is the basic connection to the socket
970 * @param[in] event_ctx The event context that called us
971 * @param[in] event The event that fired
972 * @param[in] flags EVENT_FD_READ | EVENT_FD_WRITE
973 * @param[in] p private_data, in this case the cli_state
976 static void cli_state_handler(struct event_context *event_ctx,
977 struct fd_event *event, uint16 flags, void *p)
979 struct cli_state *cli = (struct cli_state *)p;
980 struct cli_request *req;
983 DEBUG(11, ("cli_state_handler called with flags %d\n", flags));
985 if (flags & EVENT_FD_WRITE) {
989 for (req = cli->outstanding_requests; req; req = req->next) {
990 to_send = smb_len(req->outbuf)+4;
991 if (to_send > req->sent) {
997 if (cli->fd_event != NULL) {
998 event_fd_set_not_writeable(cli->fd_event);
1003 sent = sys_send(cli->fd, req->outbuf + req->sent,
1004 to_send - req->sent, 0);
1007 status = map_nt_error_from_unix(errno);
1013 if (req->sent == to_send) {
1018 if (flags & EVENT_FD_READ) {
1020 size_t old_size, new_size;
1023 res = ioctl(cli->fd, FIONREAD, &available);
1025 DEBUG(10, ("ioctl(FIONREAD) failed: %s\n",
1027 status = map_nt_error_from_unix(errno);
1031 if (available == 0) {
1033 status = NT_STATUS_END_OF_FILE;
1037 old_size = talloc_get_size(cli->evt_inbuf);
1038 new_size = old_size + available;
1040 if (new_size < old_size) {
1042 status = NT_STATUS_UNEXPECTED_IO_ERROR;
1046 tmp = TALLOC_REALLOC_ARRAY(cli, cli->evt_inbuf, char,
1050 status = NT_STATUS_NO_MEMORY;
1053 cli->evt_inbuf = tmp;
1055 res = sys_recv(cli->fd, cli->evt_inbuf + old_size, available, 0);
1057 DEBUG(10, ("recv failed: %s\n", strerror(errno)));
1058 status = map_nt_error_from_unix(errno);
1062 DEBUG(11, ("cli_state_handler: received %d bytes, "
1063 "smb_len(evt_inbuf) = %d\n", (int)res,
1064 smb_len(cli->evt_inbuf)));
1066 /* recv *might* have returned less than announced */
1067 new_size = old_size + res;
1069 /* shrink, so I don't expect errors here */
1070 cli->evt_inbuf = TALLOC_REALLOC_ARRAY(cli, cli->evt_inbuf,
1073 while ((cli->evt_inbuf != NULL)
1074 && ((smb_len(cli->evt_inbuf) + 4) <= new_size)) {
1076 * we've got a complete NBT level PDU in evt_inbuf
1078 handle_incoming_pdu(cli);
1079 new_size = talloc_get_size(cli->evt_inbuf);
1086 for (req = cli->outstanding_requests; req; req = req->next) {
1088 for (i=0; i<req->num_async; i++) {
1089 async_req_error(req->async[i], status);
1092 TALLOC_FREE(cli->fd_event);