2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "libsmb/libsmb.h"
22 #include "../lib/async_req/async_sock.h"
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "../lib/util/tevent_unix.h"
25 #include "async_smb.h"
26 #include "smb_crypt.h"
27 #include "libsmb/nmblib.h"
30 static NTSTATUS cli_pull_raw_error(const uint8_t *buf)
32 uint32_t flags2 = SVAL(buf, smb_flg2);
34 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
35 return NT_STATUS(IVAL(buf, smb_rcls));
38 return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
42 * Figure out if there is an andx command behind the current one
43 * @param[in] buf The smb buffer to look at
44 * @param[in] ofs The offset to the wct field that is followed by the cmd
45 * @retval Is there a command following?
48 static bool have_andx_command(const char *buf, uint16_t ofs)
51 size_t buflen = talloc_get_size(buf);
53 if ((ofs == buflen-1) || (ofs == buflen)) {
60 * Not enough space for the command and a following pointer
64 return (CVAL(buf, ofs+1) != 0xff);
69 struct cli_smb_state {
70 struct tevent_context *ev;
71 struct cli_state *cli;
72 uint8_t header[smb_wct+1]; /* Space for the header including the wct */
75 * For normal requests, cli_smb_req_send chooses a mid. Secondary
76 * trans requests need to use the mid of the primary request, so we
77 * need a place to store it. Assume it's set if != 0.
82 uint8_t bytecount_buf[2];
84 struct iovec iov[MAX_SMB_IOV+3];
91 struct tevent_req **chained_requests;
94 static uint16_t cli_alloc_mid(struct cli_state *cli)
96 int num_pending = talloc_array_length(cli->conn.pending);
102 result = cli->smb1.mid++;
103 if ((result == 0) || (result == 0xffff)) {
107 for (i=0; i<num_pending; i++) {
108 if (result == cli_smb_req_mid(cli->conn.pending[i])) {
113 if (i == num_pending) {
119 void cli_smb_req_unset_pending(struct tevent_req *req)
121 struct cli_smb_state *state = tevent_req_data(
122 req, struct cli_smb_state);
123 struct cli_state *cli = state->cli;
124 int num_pending = talloc_array_length(cli->conn.pending);
127 if (state->mid != 0) {
129 * This is a [nt]trans[2] request which waits
130 * for more than one reply.
135 if (num_pending == 1) {
137 * The pending read_smb tevent_req is a child of
138 * cli->pending. So if nothing is pending anymore, we need to
139 * delete the socket read fde.
141 TALLOC_FREE(cli->conn.pending);
145 for (i=0; i<num_pending; i++) {
146 if (req == cli->conn.pending[i]) {
150 if (i == num_pending) {
152 * Something's seriously broken. Just returning here is the
153 * right thing nevertheless, the point of this routine is to
154 * remove ourselves from cli->conn.pending.
160 * Remove ourselves from the cli->conn.pending array
162 cli->conn.pending[i] = cli->conn.pending[num_pending-1];
165 * No NULL check here, we're shrinking by sizeof(void *), and
166 * talloc_realloc just adjusts the size for this.
168 cli->conn.pending = talloc_realloc(NULL, cli->conn.pending,
174 static int cli_smb_req_destructor(struct tevent_req *req)
176 struct cli_smb_state *state = tevent_req_data(
177 req, struct cli_smb_state);
179 * Make sure we really remove it from
180 * the pending array on destruction.
183 cli_smb_req_unset_pending(req);
187 static void cli_smb_received(struct tevent_req *subreq);
189 bool cli_smb_req_set_pending(struct tevent_req *req)
191 struct cli_smb_state *state = tevent_req_data(
192 req, struct cli_smb_state);
193 struct cli_state *cli;
194 struct tevent_req **pending;
196 struct tevent_req *subreq;
199 num_pending = talloc_array_length(cli->conn.pending);
201 pending = talloc_realloc(cli, cli->conn.pending, struct tevent_req *,
203 if (pending == NULL) {
206 pending[num_pending] = req;
207 cli->conn.pending = pending;
208 talloc_set_destructor(req, cli_smb_req_destructor);
210 if (num_pending > 0) {
215 * We're the first ones, add the read_smb request that waits for the
216 * answer from the server
218 subreq = read_smb_send(cli->conn.pending, state->ev, cli->fd);
219 if (subreq == NULL) {
220 cli_smb_req_unset_pending(req);
223 tevent_req_set_callback(subreq, cli_smb_received, cli);
228 * Fetch a smb request's mid. Only valid after the request has been sent by
229 * cli_smb_req_send().
231 uint16_t cli_smb_req_mid(struct tevent_req *req)
233 struct cli_smb_state *state = tevent_req_data(
234 req, struct cli_smb_state);
235 return SVAL(state->header, smb_mid);
238 void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
240 struct cli_smb_state *state = tevent_req_data(
241 req, struct cli_smb_state);
245 uint32_t cli_smb_req_seqnum(struct tevent_req *req)
247 struct cli_smb_state *state = tevent_req_data(
248 req, struct cli_smb_state);
249 return state->seqnum;
252 void cli_smb_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
254 struct cli_smb_state *state = tevent_req_data(
255 req, struct cli_smb_state);
256 state->seqnum = seqnum;
259 static size_t iov_len(const struct iovec *iov, int count)
263 for (i=0; i<count; i++) {
264 result += iov[i].iov_len;
269 static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
272 size_t len = iov_len(iov, count);
277 buf = talloc_array(mem_ctx, uint8_t, len);
282 for (i=0; i<count; i++) {
283 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
284 copied += iov[i].iov_len;
289 struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
290 struct event_context *ev,
291 struct cli_state *cli,
293 uint8_t additional_flags,
294 uint8_t wct, uint16_t *vwv,
296 struct iovec *bytes_iov)
298 struct tevent_req *result;
299 struct cli_smb_state *state;
300 struct timeval endtime;
302 if (iov_count > MAX_SMB_IOV) {
304 * Should not happen :-)
309 result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
310 if (result == NULL) {
315 state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
316 state->chain_num = 0;
317 state->chained_requests = NULL;
319 cli_setup_packet_buf(cli, (char *)state->header);
320 SCVAL(state->header, smb_com, smb_command);
321 SSVAL(state->header, smb_tid, cli->smb1.tid);
322 SCVAL(state->header, smb_wct, wct);
326 SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
328 state->iov[0].iov_base = (void *)state->header;
329 state->iov[0].iov_len = sizeof(state->header);
330 state->iov[1].iov_base = (void *)state->vwv;
331 state->iov[1].iov_len = wct * sizeof(uint16_t);
332 state->iov[2].iov_base = (void *)state->bytecount_buf;
333 state->iov[2].iov_len = sizeof(uint16_t);
335 if (iov_count != 0) {
336 memcpy(&state->iov[3], bytes_iov,
337 iov_count * sizeof(*bytes_iov));
339 state->iov_count = iov_count + 3;
342 endtime = timeval_current_ofs_msec(cli->timeout);
343 if (!tevent_req_set_endtime(result, ev, endtime)) {
344 tevent_req_oom(result);
350 static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
356 * Obvious optimization: Make cli_calculate_sign_mac work with struct
357 * iovec directly. MD5Update would do that just fine.
360 if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
361 return NT_STATUS_INVALID_PARAMETER;
364 buf = iov_concat(talloc_tos(), iov, count);
366 return NT_STATUS_NO_MEMORY;
369 cli_calculate_sign_mac(cli, (char *)buf, seqnum);
370 memcpy(iov[0].iov_base, buf, iov[0].iov_len);
376 static void cli_smb_sent(struct tevent_req *subreq);
378 static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
379 struct cli_smb_state *state,
380 struct iovec *iov, int iov_count)
382 struct tevent_req *subreq;
385 if (!cli_state_is_connected(state->cli)) {
386 return NT_STATUS_CONNECTION_INVALID;
389 if (iov[0].iov_len < smb_wct) {
390 return NT_STATUS_INVALID_PARAMETER;
393 if (state->mid != 0) {
394 SSVAL(iov[0].iov_base, smb_mid, state->mid);
396 uint16_t mid = cli_alloc_mid(state->cli);
397 SSVAL(iov[0].iov_base, smb_mid, mid);
400 smb_setlen((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
402 status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
404 if (!NT_STATUS_IS_OK(status)) {
408 if (cli_encryption_on(state->cli)) {
411 buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
413 return NT_STATUS_NO_MEMORY;
415 status = common_encrypt_buffer(state->cli->trans_enc_state,
416 (char *)buf, &enc_buf);
418 if (!NT_STATUS_IS_OK(status)) {
419 DEBUG(0, ("Error in encrypting client message: %s\n",
423 buf = (char *)talloc_memdup(state, enc_buf,
427 return NT_STATUS_NO_MEMORY;
429 iov[0].iov_base = (void *)buf;
430 iov[0].iov_len = talloc_get_size(buf);
433 subreq = writev_send(state, state->ev, state->cli->conn.outgoing,
434 state->cli->fd, false, iov, iov_count);
435 if (subreq == NULL) {
436 return NT_STATUS_NO_MEMORY;
438 tevent_req_set_callback(subreq, cli_smb_sent, req);
442 NTSTATUS cli_smb_req_send(struct tevent_req *req)
444 struct cli_smb_state *state = tevent_req_data(
445 req, struct cli_smb_state);
447 return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
450 struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
451 struct event_context *ev,
452 struct cli_state *cli,
454 uint8_t additional_flags,
455 uint8_t wct, uint16_t *vwv,
457 const uint8_t *bytes)
459 struct tevent_req *req;
463 iov.iov_base = discard_const_p(void, bytes);
464 iov.iov_len = num_bytes;
466 req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
467 additional_flags, wct, vwv, 1, &iov);
472 status = cli_smb_req_send(req);
473 if (!NT_STATUS_IS_OK(status)) {
474 tevent_req_nterror(req, status);
475 return tevent_req_post(req, ev);
480 static void cli_smb_sent(struct tevent_req *subreq)
482 struct tevent_req *req = tevent_req_callback_data(
483 subreq, struct tevent_req);
484 struct cli_smb_state *state = tevent_req_data(
485 req, struct cli_smb_state);
489 nwritten = writev_recv(subreq, &err);
491 if (nwritten == -1) {
492 if (state->cli->fd != -1) {
493 close(state->cli->fd);
496 tevent_req_nterror(req, map_nt_error_from_unix(err));
500 switch (CVAL(state->header, smb_com)) {
506 tevent_req_done(req);
509 if ((CVAL(state->header, smb_wct) == 8) &&
510 (CVAL(state->vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
512 tevent_req_done(req);
517 if (!cli_smb_req_set_pending(req)) {
518 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
523 static void cli_smb_received(struct tevent_req *subreq)
525 struct cli_state *cli = tevent_req_callback_data(
526 subreq, struct cli_state);
527 struct tevent_req *req;
528 struct cli_smb_state *state;
537 received = read_smb_recv(subreq, talloc_tos(), &inbuf, &err);
539 if (received == -1) {
544 status = map_nt_error_from_unix(err);
548 if ((IVAL(inbuf, 4) != 0x424d53ff) /* 0xFF"SMB" */
549 && (SVAL(inbuf, 4) != 0x45ff)) /* 0xFF"E" */ {
550 DEBUG(10, ("Got non-SMB PDU\n"));
551 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
555 if (cli_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
556 uint16_t enc_ctx_num;
558 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
559 if (!NT_STATUS_IS_OK(status)) {
560 DEBUG(10, ("get_enc_ctx_num returned %s\n",
565 if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
566 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
568 cli->trans_enc_state->enc_ctx_num));
569 status = NT_STATUS_INVALID_HANDLE;
573 status = common_decrypt_buffer(cli->trans_enc_state,
575 if (!NT_STATUS_IS_OK(status)) {
576 DEBUG(10, ("common_decrypt_buffer returned %s\n",
582 mid = SVAL(inbuf, smb_mid);
583 num_pending = talloc_array_length(cli->conn.pending);
585 for (i=0; i<num_pending; i++) {
586 if (mid == cli_smb_req_mid(cli->conn.pending[i])) {
590 if (i == num_pending) {
591 /* Dump unexpected reply */
596 oplock_break = false;
600 * Paranoia checks that this is really an oplock break request.
602 oplock_break = (smb_len(inbuf) == 51); /* hdr + 8 words */
603 oplock_break &= ((CVAL(inbuf, smb_flg) & FLAG_REPLY) == 0);
604 oplock_break &= (CVAL(inbuf, smb_com) == SMBlockingX);
605 oplock_break &= (SVAL(inbuf, smb_vwv6) == 0);
606 oplock_break &= (SVAL(inbuf, smb_vwv7) == 0);
609 /* Dump unexpected reply */
615 req = cli->conn.pending[i];
616 state = tevent_req_data(req, struct cli_smb_state);
618 if (!oplock_break /* oplock breaks are not signed */
619 && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
620 DEBUG(10, ("cli_check_sign_mac failed\n"));
622 status = NT_STATUS_ACCESS_DENIED;
628 if (state->chained_requests == NULL) {
629 state->inbuf = talloc_move(state, &inbuf);
630 talloc_set_destructor(req, NULL);
631 cli_smb_req_unset_pending(req);
632 state->chain_num = 0;
633 state->chain_length = 1;
634 tevent_req_done(req);
636 struct tevent_req **chain = talloc_move(
637 talloc_tos(), &state->chained_requests);
638 int num_chained = talloc_array_length(chain);
640 for (i=0; i<num_chained; i++) {
641 state = tevent_req_data(chain[i], struct
643 state->inbuf = inbuf;
644 state->chain_num = i;
645 state->chain_length = num_chained;
646 tevent_req_done(chain[i]);
652 if (talloc_array_length(cli->conn.pending) > 0) {
654 * Set up another read request for the other pending cli_smb
657 state = tevent_req_data(cli->conn.pending[0],
658 struct cli_smb_state);
659 subreq = read_smb_send(cli->conn.pending, state->ev, cli->fd);
660 if (subreq == NULL) {
661 status = NT_STATUS_NO_MEMORY;
664 tevent_req_set_callback(subreq, cli_smb_received, cli);
669 * Cancel all pending requests. We don't do a for-loop walking
670 * cli->conn.pending because that array changes in
671 * cli_smb_req_destructor().
673 while (talloc_array_length(cli->conn.pending) > 0) {
674 req = cli->conn.pending[0];
675 talloc_set_destructor(req, NULL);
676 cli_smb_req_unset_pending(req);
677 tevent_req_nterror(req, status);
681 NTSTATUS cli_smb_recv(struct tevent_req *req,
682 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
683 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
684 uint32_t *pnum_bytes, uint8_t **pbytes)
686 struct cli_smb_state *state = tevent_req_data(
687 req, struct cli_smb_state);
688 NTSTATUS status = NT_STATUS_OK;
691 size_t wct_ofs, bytes_offset;
694 if (tevent_req_is_nterror(req, &status)) {
698 if (state->inbuf == NULL) {
700 return NT_STATUS_INVALID_NETWORK_RESPONSE;
717 /* This was a request without a reply */
722 cmd = CVAL(state->inbuf, smb_com);
724 for (i=0; i<state->chain_num; i++) {
725 if (i < state->chain_num-1) {
727 return NT_STATUS_REQUEST_ABORTED;
729 if (!is_andx_req(cmd)) {
730 return NT_STATUS_INVALID_NETWORK_RESPONSE;
734 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
736 * This request was not completed because a previous
737 * request in the chain had received an error.
739 return NT_STATUS_REQUEST_ABORTED;
742 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
745 * Skip the all-present length field. No overflow, we've just
746 * put a 16-bit value into a size_t.
750 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
751 return NT_STATUS_INVALID_NETWORK_RESPONSE;
754 cmd = CVAL(state->inbuf, wct_ofs + 1);
757 state->cli->raw_status = cli_pull_raw_error(state->inbuf);
758 if (NT_STATUS_IS_DOS(state->cli->raw_status)) {
759 uint8_t eclass = NT_STATUS_DOS_CLASS(state->cli->raw_status);
760 uint16_t ecode = NT_STATUS_DOS_CODE(state->cli->raw_status);
762 * TODO: is it really a good idea to do a mapping here?
764 * The old cli_pull_error() also does it, so I do not change
767 status = dos_to_ntstatus(eclass, ecode);
769 status = state->cli->raw_status;
772 if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
774 if ((cmd == SMBsesssetupX)
776 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
778 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
779 * valid return code for session setup
784 if (NT_STATUS_IS_ERR(status)) {
786 * The last command takes the error code. All
787 * further commands down the requested chain
788 * will get a NT_STATUS_REQUEST_ABORTED.
796 wct = CVAL(state->inbuf, wct_ofs);
797 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
798 num_bytes = SVAL(state->inbuf, bytes_offset);
801 return NT_STATUS_INVALID_NETWORK_RESPONSE;
805 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
806 * is a 16-bit value. So bytes_offset being size_t should be far from
809 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
810 || (bytes_offset > 0xffff)) {
811 return NT_STATUS_INVALID_NETWORK_RESPONSE;
818 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
820 if (pnum_bytes != NULL) {
821 *pnum_bytes = num_bytes;
823 if (pbytes != NULL) {
824 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
826 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
827 if (state->chain_num == state->chain_length-1) {
828 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
830 *pinbuf = state->inbuf;
837 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
842 wct_ofs = smb_wct - 4;
844 for (i=0; i<num_reqs; i++) {
845 struct cli_smb_state *state;
846 state = tevent_req_data(reqs[i], struct cli_smb_state);
847 wct_ofs += iov_len(state->iov+1, state->iov_count-1);
848 wct_ofs = (wct_ofs + 3) & ~3;
853 NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
855 struct cli_smb_state *first_state = tevent_req_data(
856 reqs[0], struct cli_smb_state);
857 struct cli_smb_state *last_state = tevent_req_data(
858 reqs[num_reqs-1], struct cli_smb_state);
859 struct cli_smb_state *state;
861 size_t chain_padding = 0;
863 struct iovec *iov = NULL;
864 struct iovec *this_iov;
868 for (i=0; i<num_reqs; i++) {
869 state = tevent_req_data(reqs[i], struct cli_smb_state);
870 iovlen += state->iov_count;
873 iov = talloc_array(last_state, struct iovec, iovlen);
875 return NT_STATUS_NO_MEMORY;
878 first_state->chained_requests = (struct tevent_req **)talloc_memdup(
879 last_state, reqs, sizeof(*reqs) * num_reqs);
880 if (first_state->chained_requests == NULL) {
882 return NT_STATUS_NO_MEMORY;
885 wct_offset = smb_wct - 4;
888 for (i=0; i<num_reqs; i++) {
889 size_t next_padding = 0;
892 state = tevent_req_data(reqs[i], struct cli_smb_state);
894 if (i < num_reqs-1) {
895 if (!is_andx_req(CVAL(state->header, smb_com))
896 || CVAL(state->header, smb_wct) < 2) {
898 TALLOC_FREE(first_state->chained_requests);
899 return NT_STATUS_INVALID_PARAMETER;
903 wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
904 if ((wct_offset % 4) != 0) {
905 next_padding = 4 - (wct_offset % 4);
907 wct_offset += next_padding;
910 if (i < num_reqs-1) {
911 struct cli_smb_state *next_state = tevent_req_data(
912 reqs[i+1], struct cli_smb_state);
913 SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
915 SSVAL(vwv+1, 0, wct_offset);
916 } else if (is_andx_req(CVAL(state->header, smb_com))) {
917 /* properly end the chain */
918 SCVAL(vwv+0, 0, 0xff);
919 SCVAL(vwv+0, 1, 0xff);
924 this_iov[0] = state->iov[0];
927 * This one is a bit subtle. We have to add
928 * chain_padding bytes between the requests, and we
929 * have to also include the wct field of the
930 * subsequent requests. We use the subsequent header
931 * for the padding, it contains the wct field in its
934 this_iov[0].iov_len = chain_padding+1;
935 this_iov[0].iov_base = (void *)&state->header[
936 sizeof(state->header) - this_iov[0].iov_len];
937 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
939 memcpy(this_iov+1, state->iov+1,
940 sizeof(struct iovec) * (state->iov_count-1));
941 this_iov += state->iov_count;
942 chain_padding = next_padding;
945 status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
946 if (!NT_STATUS_IS_OK(status)) {
948 TALLOC_FREE(first_state->chained_requests);
955 bool cli_has_async_calls(struct cli_state *cli)
957 return ((tevent_queue_length(cli->conn.outgoing) != 0)
958 || (talloc_array_length(cli->conn.pending) != 0));
961 struct cli_smb_oplock_break_waiter_state {
966 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
968 struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
969 struct event_context *ev,
970 struct cli_state *cli)
972 struct tevent_req *req, *subreq;
973 struct cli_smb_oplock_break_waiter_state *state;
974 struct cli_smb_state *smb_state;
976 req = tevent_req_create(mem_ctx, &state,
977 struct cli_smb_oplock_break_waiter_state);
983 * Create a fake SMB request that we will never send out. This is only
984 * used to be set into the pending queue with the right mid.
986 subreq = cli_smb_req_create(mem_ctx, ev, cli, 0, 0, 0, NULL, 0, NULL);
987 if (tevent_req_nomem(subreq, req)) {
988 return tevent_req_post(req, ev);
990 smb_state = tevent_req_data(subreq, struct cli_smb_state);
991 SSVAL(smb_state->header, smb_mid, 0xffff);
993 if (!cli_smb_req_set_pending(subreq)) {
994 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
995 return tevent_req_post(req, ev);
997 tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
1001 static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
1003 struct tevent_req *req = tevent_req_callback_data(
1004 subreq, struct tevent_req);
1005 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1006 req, struct cli_smb_oplock_break_waiter_state);
1014 status = cli_smb_recv(subreq, state, &inbuf, 8, &wct, &vwv,
1015 &num_bytes, &bytes);
1016 TALLOC_FREE(subreq);
1017 if (!NT_STATUS_IS_OK(status)) {
1018 tevent_req_nterror(req, status);
1021 state->fnum = SVAL(vwv+2, 0);
1022 state->level = CVAL(vwv+3, 1);
1023 tevent_req_done(req);
1026 NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
1030 struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
1031 req, struct cli_smb_oplock_break_waiter_state);
1034 if (tevent_req_is_nterror(req, &status)) {
1037 *pfnum = state->fnum;
1038 *plevel = state->level;
1039 return NT_STATUS_OK;
1043 struct cli_session_request_state {
1044 struct tevent_context *ev;
1047 struct iovec iov[3];
1048 uint8_t nb_session_response;
1051 static void cli_session_request_sent(struct tevent_req *subreq);
1052 static void cli_session_request_recvd(struct tevent_req *subreq);
1054 struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
1055 struct tevent_context *ev,
1057 const struct nmb_name *called,
1058 const struct nmb_name *calling)
1060 struct tevent_req *req, *subreq;
1061 struct cli_session_request_state *state;
1063 req = tevent_req_create(mem_ctx, &state,
1064 struct cli_session_request_state);
1071 state->iov[1].iov_base = name_mangle(
1072 state, called->name, called->name_type);
1073 if (tevent_req_nomem(state->iov[1].iov_base, req)) {
1074 return tevent_req_post(req, ev);
1076 state->iov[1].iov_len = name_len(
1077 (unsigned char *)state->iov[1].iov_base,
1078 talloc_get_size(state->iov[1].iov_base));
1080 state->iov[2].iov_base = name_mangle(
1081 state, calling->name, calling->name_type);
1082 if (tevent_req_nomem(state->iov[2].iov_base, req)) {
1083 return tevent_req_post(req, ev);
1085 state->iov[2].iov_len = name_len(
1086 (unsigned char *)state->iov[2].iov_base,
1087 talloc_get_size(state->iov[2].iov_base));
1089 _smb_setlen(((char *)&state->len_hdr),
1090 state->iov[1].iov_len + state->iov[2].iov_len);
1091 SCVAL((char *)&state->len_hdr, 0, 0x81);
1093 state->iov[0].iov_base = &state->len_hdr;
1094 state->iov[0].iov_len = sizeof(state->len_hdr);
1096 subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
1097 if (tevent_req_nomem(subreq, req)) {
1098 return tevent_req_post(req, ev);
1100 tevent_req_set_callback(subreq, cli_session_request_sent, req);
1104 static void cli_session_request_sent(struct tevent_req *subreq)
1106 struct tevent_req *req = tevent_req_callback_data(
1107 subreq, struct tevent_req);
1108 struct cli_session_request_state *state = tevent_req_data(
1109 req, struct cli_session_request_state);
1113 ret = writev_recv(subreq, &err);
1114 TALLOC_FREE(subreq);
1116 tevent_req_error(req, err);
1119 subreq = read_smb_send(state, state->ev, state->sock);
1120 if (tevent_req_nomem(subreq, req)) {
1123 tevent_req_set_callback(subreq, cli_session_request_recvd, req);
1126 static void cli_session_request_recvd(struct tevent_req *subreq)
1128 struct tevent_req *req = tevent_req_callback_data(
1129 subreq, struct tevent_req);
1130 struct cli_session_request_state *state = tevent_req_data(
1131 req, struct cli_session_request_state);
1136 ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
1137 TALLOC_FREE(subreq);
1144 tevent_req_error(req, err);
1148 * In case of an error there is more information in the data
1149 * portion according to RFC1002. We're not subtle enough to
1150 * respond to the different error conditions, so drop the
1153 state->nb_session_response = CVAL(buf, 0);
1154 tevent_req_done(req);
1157 bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
1159 struct cli_session_request_state *state = tevent_req_data(
1160 req, struct cli_session_request_state);
1162 if (tevent_req_is_unix_error(req, err)) {
1165 *resp = state->nb_session_response;