2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "../lib/async_req/async_sock.h"
22 #include "async_smb.h"
25 * Read an smb packet asynchronously, discard keepalives
28 struct read_smb_state {
29 struct tevent_context *ev;
34 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data);
35 static void read_smb_done(struct tevent_req *subreq);
37 static struct tevent_req *read_smb_send(TALLOC_CTX *mem_ctx,
38 struct tevent_context *ev,
41 struct tevent_req *result, *subreq;
42 struct read_smb_state *state;
44 result = tevent_req_create(mem_ctx, &state, struct read_smb_state);
51 subreq = read_packet_send(state, ev, fd, 4, read_smb_more, NULL);
55 tevent_req_set_callback(subreq, read_smb_done, result);
62 static ssize_t read_smb_more(uint8_t *buf, size_t buflen, void *private_data)
65 return 0; /* We've been here, we're done */
67 return smb_len_large(buf);
70 static void read_smb_done(struct tevent_req *subreq)
72 struct tevent_req *req = tevent_req_callback_data(
73 subreq, struct tevent_req);
74 struct read_smb_state *state = tevent_req_data(
75 req, struct read_smb_state);
79 len = read_packet_recv(subreq, state, &state->buf, &err);
82 tevent_req_error(req, err);
86 if (CVAL(state->buf, 0) == SMBkeepalive) {
87 subreq = read_packet_send(state, state->ev, state->fd, 4,
89 if (tevent_req_nomem(subreq, req)) {
92 tevent_req_set_callback(subreq, read_smb_done, req);
98 static ssize_t read_smb_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
99 uint8_t **pbuf, int *perrno)
101 struct read_smb_state *state = tevent_req_data(
102 req, struct read_smb_state);
104 if (tevent_req_is_unix_error(req, perrno)) {
107 *pbuf = talloc_move(mem_ctx, &state->buf);
108 return talloc_get_size(*pbuf);
112 * Fetch an error out of a NBT packet
113 * @param[in] buf The SMB packet
114 * @retval The error, converted to NTSTATUS
117 NTSTATUS cli_pull_error(char *buf)
119 uint32_t flags2 = SVAL(buf, smb_flg2);
121 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
122 return NT_STATUS(IVAL(buf, smb_rcls));
125 return dos_to_ntstatus(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
129 * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
130 * @param[in] cli The client connection that just received an error
131 * @param[in] status The error to set on "cli"
134 void cli_set_error(struct cli_state *cli, NTSTATUS status)
136 uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
138 if (NT_STATUS_IS_DOS(status)) {
139 SSVAL(cli->inbuf, smb_flg2,
140 flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
141 SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
142 SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
146 SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
147 SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
152 * Figure out if there is an andx command behind the current one
153 * @param[in] buf The smb buffer to look at
154 * @param[in] ofs The offset to the wct field that is followed by the cmd
155 * @retval Is there a command following?
158 static bool have_andx_command(const char *buf, uint16_t ofs)
161 size_t buflen = talloc_get_size(buf);
163 if ((ofs == buflen-1) || (ofs == buflen)) {
167 wct = CVAL(buf, ofs);
170 * Not enough space for the command and a following pointer
174 return (CVAL(buf, ofs+1) != 0xff);
177 #define MAX_SMB_IOV 5
179 struct cli_smb_state {
180 struct tevent_context *ev;
181 struct cli_state *cli;
182 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
185 * For normal requests, cli_smb_req_send chooses a mid. Secondary
186 * trans requests need to use the mid of the primary request, so we
187 * need a place to store it. Assume it's set if != 0.
192 uint8_t bytecount_buf[2];
194 struct iovec iov[MAX_SMB_IOV+3];
201 struct tevent_req **chained_requests;
204 static uint16_t cli_alloc_mid(struct cli_state *cli)
206 int num_pending = talloc_array_length(cli->pending);
213 if ((result == 0) || (result == 0xffff)) {
217 for (i=0; i<num_pending; i++) {
218 if (result == cli_smb_req_mid(cli->pending[i])) {
223 if (i == num_pending) {
229 void cli_smb_req_unset_pending(struct tevent_req *req)
231 struct cli_smb_state *state = tevent_req_data(
232 req, struct cli_smb_state);
233 struct cli_state *cli = state->cli;
234 int num_pending = talloc_array_length(cli->pending);
237 if (num_pending == 1) {
239 * The pending read_smb tevent_req is a child of
240 * cli->pending. So if nothing is pending anymore, we need to
241 * delete the socket read fde.
243 TALLOC_FREE(cli->pending);
247 for (i=0; i<num_pending; i++) {
248 if (req == cli->pending[i]) {
252 if (i == num_pending) {
254 * Something's seriously broken. Just returning here is the
255 * right thing nevertheless, the point of this routine is to
256 * remove ourselves from cli->pending.
262 * Remove ourselves from the cli->pending array
264 if (num_pending > 1) {
265 cli->pending[i] = cli->pending[num_pending-1];
269 * No NULL check here, we're shrinking by sizeof(void *), and
270 * talloc_realloc just adjusts the size for this.
272 cli->pending = talloc_realloc(NULL, cli->pending, struct tevent_req *,
277 static int cli_smb_req_destructor(struct tevent_req *req)
279 cli_smb_req_unset_pending(req);
283 static void cli_smb_received(struct tevent_req *subreq);
285 bool cli_smb_req_set_pending(struct tevent_req *req)
287 struct cli_smb_state *state = tevent_req_data(
288 req, struct cli_smb_state);
289 struct cli_state *cli;
290 struct tevent_req **pending;
292 struct tevent_req *subreq;
295 num_pending = talloc_array_length(cli->pending);
297 pending = talloc_realloc(cli, cli->pending, struct tevent_req *,
299 if (pending == NULL) {
302 pending[num_pending] = req;
303 cli->pending = pending;
304 talloc_set_destructor(req, cli_smb_req_destructor);
306 if (num_pending > 0) {
311 * We're the first ones, add the read_smb request that waits for the
312 * answer from the server
314 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
315 if (subreq == NULL) {
316 cli_smb_req_unset_pending(req);
319 tevent_req_set_callback(subreq, cli_smb_received, cli);
324 * Fetch a smb request's mid. Only valid after the request has been sent by
325 * cli_smb_req_send().
327 uint16_t cli_smb_req_mid(struct tevent_req *req)
329 struct cli_smb_state *state = tevent_req_data(
330 req, struct cli_smb_state);
331 return SVAL(state->header, smb_mid);
334 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
336 struct cli_smb_state *state = tevent_req_data(
337 req, struct cli_smb_state);
341 static size_t iov_len(const struct iovec *iov, int count)
345 for (i=0; i<count; i++) {
346 result += iov[i].iov_len;
351 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
354 size_t len = iov_len(iov, count);
359 buf = talloc_array(mem_ctx, uint8_t, len);
364 for (i=0; i<count; i++) {
365 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
366 copied += iov[i].iov_len;
371 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
372 struct event_context *ev,
373 struct cli_state *cli,
375 uint8_t additional_flags,
376 uint8_t wct, uint16_t *vwv,
378 struct iovec *bytes_iov)
380 struct tevent_req *result;
381 struct cli_smb_state *state;
382 struct timeval endtime;
384 if (iov_count > MAX_SMB_IOV) {
386 * Should not happen :-)
391 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
392 if (result == NULL) {
397 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
398 state->chain_num = 0;
399 state->chained_requests = NULL;
401 cli_setup_packet_buf(cli, (char *)state->header);
402 SCVAL(state->header, smb_com, smb_command);
403 SSVAL(state->header, smb_tid, cli->cnum);
404 SCVAL(state->header, smb_wct, wct);
408 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
410 state->iov[0].iov_base = (void *)state->header;
411 state->iov[0].iov_len = sizeof(state->header);
412 state->iov[1].iov_base = (void *)state->vwv;
413 state->iov[1].iov_len = wct * sizeof(uint16_t);
414 state->iov[2].iov_base = (void *)state->bytecount_buf;
415 state->iov[2].iov_len = sizeof(uint16_t);
417 if (iov_count != 0) {
418 memcpy(&state->iov[3], bytes_iov,
419 iov_count * sizeof(*bytes_iov));
421 state->iov_count = iov_count + 3;
424 endtime = timeval_current_ofs(0, cli->timeout * 1000);
425 if (!tevent_req_set_endtime(result, ev, endtime)) {
426 tevent_req_nomem(NULL, result);
432 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
438 * Obvious optimization: Make cli_calculate_sign_mac work with struct
439 * iovec directly. MD5Update would do that just fine.
442 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
443 return NT_STATUS_INVALID_PARAMETER;
446 buf = iov_concat(talloc_tos(), iov, count);
448 return NT_STATUS_NO_MEMORY;
451 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
452 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
458 static void cli_smb_sent(struct tevent_req *subreq);
460 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
461 struct cli_smb_state *state,
462 struct iovec *iov, int iov_count)
464 struct tevent_req *subreq;
467 if (state->cli->fd == -1) {
468 return NT_STATUS_CONNECTION_INVALID;
471 if (iov[0].iov_len < smb_wct) {
472 return NT_STATUS_INVALID_PARAMETER;
475 if (state->mid != 0) {
476 SSVAL(iov[0].iov_base, smb_mid, state->mid);
478 uint16_t mid = cli_alloc_mid(state->cli);
479 SSVAL(iov[0].iov_base, smb_mid, mid);
482 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
484 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
486 if (!NT_STATUS_IS_OK(status)) {
490 if (cli_encryption_on(state->cli)) {
493 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
495 return NT_STATUS_NO_MEMORY;
497 status = cli_encrypt_message(state->cli, (char *)buf,
500 if (!NT_STATUS_IS_OK(status)) {
501 DEBUG(0, ("Error in encrypting client message: %s\n",
505 buf = (char *)talloc_memdup(state, enc_buf,
509 return NT_STATUS_NO_MEMORY;
511 iov[0].iov_base = (void *)buf;
512 iov[0].iov_len = talloc_get_size(buf);
515 subreq = writev_send(state, state->ev, state->cli->outgoing,
516 state->cli->fd, false, iov, iov_count);
517 if (subreq == NULL) {
518 return NT_STATUS_NO_MEMORY;
520 tevent_req_set_callback(subreq, cli_smb_sent, req);
524 NTSTATUS cli_smb_req_send(struct tevent_req *req)
526 struct cli_smb_state *state = tevent_req_data(
527 req, struct cli_smb_state);
529 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
532 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
533 struct event_context *ev,
534 struct cli_state *cli,
536 uint8_t additional_flags,
537 uint8_t wct, uint16_t *vwv,
539 const uint8_t *bytes)
541 struct tevent_req *req;
545 iov.iov_base = CONST_DISCARD(void *, bytes);
546 iov.iov_len = num_bytes;
548 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
549 additional_flags, wct, vwv, 1, &iov);
554 status = cli_smb_req_send(req);
555 if (!NT_STATUS_IS_OK(status)) {
556 tevent_req_nterror(req, status);
557 return tevent_req_post(req, ev);
562 static void cli_smb_sent(struct tevent_req *subreq)
564 struct tevent_req *req = tevent_req_callback_data(
565 subreq, struct tevent_req);
566 struct cli_smb_state *state = tevent_req_data(
567 req, struct cli_smb_state);
571 nwritten = writev_recv(subreq, &err);
573 if (nwritten == -1) {
574 if (state->cli->fd != -1) {
575 close(state->cli->fd);
578 tevent_req_nterror(req, map_nt_error_from_unix(err));
582 switch (CVAL(state->header, smb_com)) {
588 tevent_req_done(req);
591 if ((CVAL(state->header, smb_wct) == 8) &&
592 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
594 tevent_req_done(req);
599 if (!cli_smb_req_set_pending(req)) {
600 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
605 static void cli_smb_received(struct tevent_req *subreq)
607 struct cli_state *cli = tevent_req_callback_data(
608 subreq, struct cli_state);
609 struct tevent_req *req;
610 struct cli_smb_state *state;
619 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
621 if (received == -1) {
626 status = map_nt_error_from_unix(err);
630 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
631 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
632 DEBUG(10, ("Got non-SMB PDU\n"));
633 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
637 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
638 uint16_t enc_ctx_num;
640 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
641 if (!NT_STATUS_IS_OK(status)) {
642 DEBUG(10, ("get_enc_ctx_num returned %s\n",
647 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
648 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
650 cli->trans_enc_state->enc_ctx_num));
651 status = NT_STATUS_INVALID_HANDLE;
655 status = common_decrypt_buffer(cli->trans_enc_state,
657 if (!NT_STATUS_IS_OK(status)) {
658 DEBUG(10, ("common_decrypt_buffer returned %s\n",
664 mid = SVAL(inbuf, smb_mid);
665 num_pending = talloc_array_length(cli->pending);
667 for (i=0; i<num_pending; i++) {
668 if (mid == cli_smb_req_mid(cli->pending[i])) {
672 if (i == num_pending) {
673 /* Dump unexpected reply */
678 oplock_break = false;
682 * Paranoia checks that this is really an oplock break request.
684 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
685 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
686 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
687 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
688 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
691 /* Dump unexpected reply */
697 req = cli->pending[i];
698 state = tevent_req_data(req, struct cli_smb_state);
700 if (!oplock_break /* oplock breaks are not signed */
701 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
702 DEBUG(10, ("cli_check_sign_mac failed\n"));
704 status = NT_STATUS_ACCESS_DENIED;
710 if (state->chained_requests == NULL) {
711 state->inbuf = talloc_move(state, &inbuf);
712 talloc_set_destructor(req, NULL);
713 cli_smb_req_destructor(req);
714 state->chain_num = 0;
715 state->chain_length = 1;
716 tevent_req_done(req);
718 struct tevent_req **chain = talloc_move(
719 talloc_tos(), &state->chained_requests);
720 int num_chained = talloc_array_length(chain);
722 for (i=0; i<num_chained; i++) {
723 state = tevent_req_data(chain[i], struct
725 state->inbuf = inbuf;
726 state->chain_num = i;
727 state->chain_length = num_chained;
728 tevent_req_done(chain[i]);
734 if (talloc_array_length(cli->pending) > 0) {
736 * Set up another read request for the other pending cli_smb
739 state = tevent_req_data(cli->pending[0], struct cli_smb_state);
740 subreq = read_smb_send(cli->pending, state->ev, cli->fd);
741 if (subreq == NULL) {
742 status = NT_STATUS_NO_MEMORY;
745 tevent_req_set_callback(subreq, cli_smb_received, cli);
750 * Cancel all pending requests. We don't do a for-loop walking
751 * cli->pending because that array changes in
752 * cli_smb_req_destructor().
754 while (talloc_array_length(cli->pending) > 0) {
755 req = cli->pending[0];
756 talloc_set_destructor(req, NULL);
757 cli_smb_req_destructor(req);
758 tevent_req_nterror(req, status);
762 NTSTATUS cli_smb_recv(struct tevent_req *req,
763 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
764 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
765 uint32_t *pnum_bytes, uint8_t **pbytes)
767 struct cli_smb_state *state = tevent_req_data(
768 req, struct cli_smb_state);
769 NTSTATUS status = NT_STATUS_OK;
772 size_t wct_ofs, bytes_offset;
775 if (tevent_req_is_nterror(req, &status)) {
779 if (state->inbuf == NULL) {
780 /* This was a request without a reply */
785 cmd = CVAL(state->inbuf, smb_com);
787 for (i=0; i<state->chain_num; i++) {
788 if (i < state->chain_num-1) {
790 return NT_STATUS_REQUEST_ABORTED;
792 if (!is_andx_req(cmd)) {
793 return NT_STATUS_INVALID_NETWORK_RESPONSE;
797 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
799 * This request was not completed because a previous
800 * request in the chain had received an error.
802 return NT_STATUS_REQUEST_ABORTED;
805 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
808 * Skip the all-present length field. No overflow, we've just
809 * put a 16-bit value into a size_t.
813 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
814 return NT_STATUS_INVALID_NETWORK_RESPONSE;
817 cmd = CVAL(state->inbuf, wct_ofs + 1);
820 status = cli_pull_error((char *)state->inbuf);
822 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
824 if ((cmd == SMBsesssetupX)
826 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
828 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
829 * valid return code for session setup
834 if (NT_STATUS_IS_ERR(status)) {
836 * The last command takes the error code. All
837 * further commands down the requested chain
838 * will get a NT_STATUS_REQUEST_ABORTED.
846 wct = CVAL(state->inbuf, wct_ofs);
847 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
848 num_bytes = SVAL(state->inbuf, bytes_offset);
851 return NT_STATUS_INVALID_NETWORK_RESPONSE;
855 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
856 * is a 16-bit value. So bytes_offset being size_t should be far from
859 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
860 || (bytes_offset > 0xffff)) {
861 return NT_STATUS_INVALID_NETWORK_RESPONSE;
868 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
870 if (pnum_bytes != NULL) {
871 *pnum_bytes = num_bytes;
873 if (pbytes != NULL) {
874 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
876 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
877 if (state->chain_num == state->chain_length-1) {
878 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
880 *pinbuf = state->inbuf;
887 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
892 wct_ofs = smb_wct - 4;
894 for (i=0; i<num_reqs; i++) {
895 struct cli_smb_state *state;
896 state = tevent_req_data(reqs[i], struct cli_smb_state);
897 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
898 wct_ofs = (wct_ofs + 3) & ~3;
903 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
905 struct cli_smb_state *first_state = tevent_req_data(
906 reqs[0], struct cli_smb_state);
907 struct cli_smb_state *last_state = tevent_req_data(
908 reqs[num_reqs-1], struct cli_smb_state);
909 struct cli_smb_state *state;
911 size_t chain_padding = 0;
913 struct iovec *iov = NULL;
914 struct iovec *this_iov;
918 for (i=0; i<num_reqs; i++) {
919 state = tevent_req_data(reqs[i], struct cli_smb_state);
920 iovlen += state->iov_count;
923 iov = talloc_array(last_state, struct iovec, iovlen);
925 return NT_STATUS_NO_MEMORY;
928 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
929 last_state, reqs, sizeof(*reqs) * num_reqs);
930 if (first_state->chained_requests == NULL) {
932 return NT_STATUS_NO_MEMORY;
935 wct_offset = smb_wct - 4;
938 for (i=0; i<num_reqs; i++) {
939 size_t next_padding = 0;
942 state = tevent_req_data(reqs[i], struct cli_smb_state);
944 if (i < num_reqs-1) {
945 if (!is_andx_req(CVAL(state->header, smb_com))
946 || CVAL(state->header, smb_wct) < 2) {
948 TALLOC_FREE(first_state->chained_requests);
949 return NT_STATUS_INVALID_PARAMETER;
953 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
954 if ((wct_offset % 4) != 0) {
955 next_padding = 4 - (wct_offset % 4);
957 wct_offset += next_padding;
960 if (i < num_reqs-1) {
961 struct cli_smb_state *next_state = tevent_req_data(
962 reqs[i+1], struct cli_smb_state);
963 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
965 SSVAL(vwv+1, 0, wct_offset);
966 } else if (is_andx_req(CVAL(state->header, smb_com))) {
967 /* properly end the chain */
968 SCVAL(vwv+0, 0, 0xff);
969 SCVAL(vwv+0, 1, 0xff);
974 this_iov[0] = state->iov[0];
977 * This one is a bit subtle. We have to add
978 * chain_padding bytes between the requests, and we
979 * have to also include the wct field of the
980 * subsequent requests. We use the subsequent header
981 * for the padding, it contains the wct field in its
984 this_iov[0].iov_len = chain_padding+1;
985 this_iov[0].iov_base = (void *)&state->header[
986 sizeof(state->header) - this_iov[0].iov_len];
987 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
989 memcpy(this_iov+1, state->iov+1,
990 sizeof(struct iovec) * (state->iov_count-1));
991 this_iov += state->iov_count;
992 chain_padding = next_padding;
995 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
996 if (!NT_STATUS_IS_OK(status)) {
998 TALLOC_FREE(first_state->chained_requests);
1002 return NT_STATUS_OK;
1005 uint8_t *cli_smb_inbuf(struct tevent_req *req)
1007 struct cli_smb_state *state = tevent_req_data(
1008 req, struct cli_smb_state);
1009 return state->inbuf;
1012 bool cli_has_async_calls(struct cli_state *cli)
1014 return ((tevent_queue_length(cli->outgoing) != 0)
1015 || (talloc_array_length(cli->pending) != 0));
1018 struct cli_smb_oplock_break_waiter_state {
1023 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
1025 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
1026 struct event_context *ev,
1027 struct cli_state *cli)
1029 struct tevent_req *req, *subreq;
1030 struct cli_smb_oplock_break_waiter_state *state;
1031 struct cli_smb_state *smb_state;
1033 req = tevent_req_create(mem_ctx, &state,
1034 struct cli_smb_oplock_break_waiter_state);
1040 * Create a fake SMB request that we will never send out. This is only
1041 * used to be set into the pending queue with the right mid.
1043 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
1044 if (tevent_req_nomem(subreq, req)) {
1045 return tevent_req_post(req, ev);
1047 smb_state = tevent_req_data(subreq, struct cli_smb_state);
1048 SSVAL(smb_state->header, smb_mid, 0xffff);
1050 if (!cli_smb_req_set_pending(subreq)) {
1051 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1052 return tevent_req_post(req, ev);
1054 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1058 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1060 struct tevent_req *req = tevent_req_callback_data(
1061 subreq, struct tevent_req);
1062 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1063 req, struct cli_smb_oplock_break_waiter_state);
1071 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1072 &num_bytes, &bytes);
1073 TALLOC_FREE(subreq);
1074 if (!NT_STATUS_IS_OK(status)) {
1075 tevent_req_nterror(req, status);
1078 state->fnum = SVAL(vwv+2, 0);
1079 state->level = CVAL(vwv+3, 1);
1080 tevent_req_done(req);
1083 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1087 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1088 req, struct cli_smb_oplock_break_waiter_state);
1091 if (tevent_req_is_nterror(req, &status)) {
1094 *pfnum = state->fnum;
1095 *plevel = state->level;
1096 return NT_STATUS_OK;
1100 struct cli_session_request_state {
1101 struct tevent_context *ev;
1104 struct iovec iov[3];
1105 uint8_t nb_session_response;
1108 static void cli_session_request_sent(struct tevent_req *subreq);
1109 static void cli_session_request_recvd(struct tevent_req *subreq);
1111 struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
1112 struct tevent_context *ev,
1114 const struct nmb_name *called,
1115 const struct nmb_name *calling)
1117 struct tevent_req *req, *subreq;
1118 struct cli_session_request_state *state;
1120 req = tevent_req_create(mem_ctx, &state,
1121 struct cli_session_request_state);
1128 state->iov[1].iov_base = name_mangle(
1129 state, called->name, called->name_type);
1130 if (tevent_req_nomem(state->iov[1].iov_base, req)) {
1131 return tevent_req_post(req, ev);
1133 state->iov[1].iov_len = name_len(
1134 (unsigned char *)state->iov[1].iov_base,
1135 talloc_get_size(state->iov[1].iov_base));
1137 state->iov[2].iov_base = name_mangle(
1138 state, calling->name, calling->name_type);
1139 if (tevent_req_nomem(state->iov[2].iov_base, req)) {
1140 return tevent_req_post(req, ev);
1142 state->iov[2].iov_len = name_len(
1143 (unsigned char *)state->iov[2].iov_base,
1144 talloc_get_size(state->iov[2].iov_base));
1146 _smb_setlen(((char *)&state->len_hdr),
1147 state->iov[1].iov_len + state->iov[2].iov_len);
1148 SCVAL((char *)&state->len_hdr, 0, 0x81);
1150 state->iov[0].iov_base = &state->len_hdr;
1151 state->iov[0].iov_len = sizeof(state->len_hdr);
1153 subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
1154 if (tevent_req_nomem(subreq, req)) {
1155 return tevent_req_post(req, ev);
1157 tevent_req_set_callback(subreq, cli_session_request_sent, req);
1161 static void cli_session_request_sent(struct tevent_req *subreq)
1163 struct tevent_req *req = tevent_req_callback_data(
1164 subreq, struct tevent_req);
1165 struct cli_session_request_state *state = tevent_req_data(
1166 req, struct cli_session_request_state);
1170 ret = writev_recv(subreq, &err);
1171 TALLOC_FREE(subreq);
1173 tevent_req_error(req, err);
1176 subreq = read_smb_send(state, state->ev, state->sock);
1177 if (tevent_req_nomem(subreq, req)) {
1180 tevent_req_set_callback(subreq, cli_session_request_recvd, req);
1183 static void cli_session_request_recvd(struct tevent_req *subreq)
1185 struct tevent_req *req = tevent_req_callback_data(
1186 subreq, struct tevent_req);
1187 struct cli_session_request_state *state = tevent_req_data(
1188 req, struct cli_session_request_state);
1193 ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
1194 TALLOC_FREE(subreq);
1201 tevent_req_error(req, err);
1205 * In case of an error there is more information in the data
1206 * portion according to RFC1002. We're not subtle enough to
1207 * respond to the different error conditions, so drop the
1210 state->nb_session_response = CVAL(buf, 0);
1211 tevent_req_done(req);
1214 bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
1216 struct cli_session_request_state *state = tevent_req_data(
1217 req, struct cli_session_request_state);
1219 if (tevent_req_is_unix_error(req, err)) {
1222 *resp = state->nb_session_response;