source4/libcli/smb2/transport.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    SMB2 client transport context management functions
   5
   6    Copyright (C) Andrew Tridgell 2005
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "libcli/raw/libcliraw.h"
  25 #include "libcli/smb2/smb2.h"
  26 #include "libcli/smb2/smb2_calls.h"
  27 #include "lib/socket/socket.h"
  28 #include "lib/events/events.h"
  29 #include "lib/stream/packet.h"
  30 #include "include/dlinklist.h"
  31
  32
  33 /*
  34   an event has happened on the socket
  35 */
  36 static void smb2_transport_event_handler(struct event_context *ev,
  37                                          struct fd_event *fde,
  38                                          uint16_t flags, void *private)
  39 {
  40         struct smb2_transport *transport = talloc_get_type(private,
  41                                                            struct smb2_transport);
  42         if (flags & EVENT_FD_READ) {
  43                 packet_recv(transport->packet);
  44                 return;
  45         }
  46         if (flags & EVENT_FD_WRITE) {
  47                 packet_queue_run(transport->packet);
  48         }
  49 }
  50
  51 /*
  52   destroy a transport
  53  */
  54 static int transport_destructor(void *ptr)
  55 {
  56         struct smb2_transport *transport = ptr;
  57         smb2_transport_dead(transport);
  58         return 0;
  59 }
  60
  61
  62 /*
  63   handle receive errors
  64 */
  65 static void smb2_transport_error(void *private, NTSTATUS status)
  66 {
  67         struct smb2_transport *transport = talloc_get_type(private,
  68                                                            struct smb2_transport);
  69         smb2_transport_dead(transport);
  70 }
  71
  72 static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob);
  73
  74 /*
  75   create a transport structure based on an established socket
  76 */
  77 struct smb2_transport *smb2_transport_init(struct smbcli_socket *sock,
  78                                            TALLOC_CTX *parent_ctx)
  79 {
  80         struct smb2_transport *transport;
  81
  82         transport = talloc_zero(parent_ctx, struct smb2_transport);
  83         if (!transport) return NULL;
  84
  85         transport->socket = talloc_steal(transport, sock);
  86
  87         /* setup the stream -> packet parser */
  88         transport->packet = packet_init(transport);
  89         if (transport->packet == NULL) {
  90                 talloc_free(transport);
  91                 return NULL;
  92         }
  93         packet_set_private(transport->packet, transport);
  94         packet_set_socket(transport->packet, transport->socket->sock);
  95         packet_set_callback(transport->packet, smb2_transport_finish_recv);
  96         packet_set_full_request(transport->packet, packet_full_request_nbt);
  97         packet_set_error_handler(transport->packet, smb2_transport_error);
  98         packet_set_event_context(transport->packet, transport->socket->event.ctx);
  99         packet_set_nofree(transport->packet);
 100
 101         /* take over event handling from the socket layer - it only
 102            handles events up until we are connected */
 103         talloc_free(transport->socket->event.fde);
 104         transport->socket->event.fde = event_add_fd(transport->socket->event.ctx,
 105                                                     transport->socket,
 106                                                     socket_get_fd(transport->socket->sock),
 107                                                     EVENT_FD_READ,
 108                                                     smb2_transport_event_handler,
 109                                                     transport);
 110
 111         packet_set_fde(transport->packet, transport->socket->event.fde);
 112         packet_set_serialise(transport->packet);
 113
 114         talloc_set_destructor(transport, transport_destructor);
 115
 116         transport->options.timeout = 30;
 117
 118         return transport;
 119 }
 120
 121 /*
 122   mark the transport as dead
 123 */
 124 void smb2_transport_dead(struct smb2_transport *transport)
 125 {
 126         smbcli_sock_dead(transport->socket);
 127
 128         /* kill all pending receives */
 129         while (transport->pending_recv) {
 130                 struct smb2_request *req = transport->pending_recv;
 131                 req->state = SMB2_REQUEST_ERROR;
 132                 req->status = NT_STATUS_NET_WRITE_FAULT;
 133                 DLIST_REMOVE(transport->pending_recv, req);
 134                 if (req->async.fn) {
 135                         req->async.fn(req);
 136                 }
 137         }
 138 }
 139
 140 /*
 141   we have a full request in our receive buffer - match it to a pending request
 142   and process
 143  */
 144 static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
 145 {
 146         struct smb2_transport *transport = talloc_get_type(private,
 147                                                              struct smb2_transport);
 148         uint8_t *buffer, *hdr;
 149         int len;
 150         struct smb2_request *req = NULL;
 151         uint64_t seqnum;
 152         uint16_t buffer_code;
 153         uint32_t dynamic_size;
 154
 155         buffer = blob.data;
 156         len = blob.length;
 157
 158         hdr = buffer+NBT_HDR_SIZE;
 159
 160         if (len < SMB2_MIN_SIZE) {
 161                 DEBUG(1,("Discarding smb2 reply of size %d\n", len));
 162                 goto error;
 163         }
 164
 165         seqnum = BVAL(hdr, SMB2_HDR_SEQNUM);
 166
 167         /* match the incoming request against the list of pending requests */
 168         for (req=transport->pending_recv; req; req=req->next) {
 169                 if (req->seqnum == seqnum) break;
 170         }
 171
 172         if (!req) {
 173                 DEBUG(1,("Discarding unmatched reply with seqnum 0x%llx op %d\n",
 174                          (long long)seqnum, SVAL(hdr, SMB2_HDR_OPCODE)));
 175                 goto error;
 176         }
 177
 178         /* fill in the 'in' portion of the matching request */
 179         req->in.buffer = buffer;
 180         talloc_steal(req, buffer);
 181         req->in.size = len;
 182         req->in.allocated = req->in.size;
 183
 184         req->in.hdr       = hdr;
 185         req->in.body      = hdr+SMB2_HDR_BODY;
 186         req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
 187         req->status       = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
 188
 189         if (NT_STATUS_EQUAL(req->status, STATUS_PENDING)) {
 190                 /* the server has helpfully told us that this request is still being
 191                    processed. how useful :) */
 192                 talloc_free(buffer);
 193                 return NT_STATUS_OK;
 194         }
 195
 196         buffer_code = SVAL(req->in.body, 0);
 197         req->in.dynamic = NULL;
 198         dynamic_size = req->in.body_size - (buffer_code & ~1);
 199         if (dynamic_size != 0 && (buffer_code & 1)) {
 200                 req->in.dynamic = req->in.body + (buffer_code & ~1);
 201                 if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
 202                         DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n",
 203                                  dynamic_size));
 204                         goto error;
 205                 }
 206         }
 207
 208         DEBUG(2, ("SMB2 RECV seqnum=0x%llx\n", (long long)req->seqnum));
 209         dump_data(5, req->in.body, req->in.body_size);
 210
 211         /* if this request has an async handler then call that to
 212            notify that the reply has been received. This might destroy
 213            the request so it must happen last */
 214         DLIST_REMOVE(transport->pending_recv, req);
 215         req->state = SMB2_REQUEST_DONE;
 216         if (req->async.fn) {
 217                 req->async.fn(req);
 218         }
 219         return NT_STATUS_OK;
 220
 221 error:
 222         dump_data(5, buffer, len);
 223         if (req) {
 224                 DLIST_REMOVE(transport->pending_recv, req);
 225                 req->state = SMB2_REQUEST_ERROR;
 226                 if (req->async.fn) {
 227                         req->async.fn(req);
 228                 }
 229         } else {
 230                 talloc_free(buffer);
 231         }
 232         return NT_STATUS_UNSUCCESSFUL;
 233 }
 234
 235 /*
 236   handle timeouts of individual smb requests
 237 */
 238 static void smb2_timeout_handler(struct event_context *ev, struct timed_event *te,
 239                                  struct timeval t, void *private)
 240 {
 241         struct smb2_request *req = talloc_get_type(private, struct smb2_request);
 242
 243         if (req->state == SMB2_REQUEST_RECV) {
 244                 DLIST_REMOVE(req->transport->pending_recv, req);
 245         }
 246         req->status = NT_STATUS_IO_TIMEOUT;
 247         req->state = SMB2_REQUEST_ERROR;
 248         if (req->async.fn) {
 249                 req->async.fn(req);
 250         }
 251 }
 252
 253
 254 /*
 255   destroy a request
 256 */
 257 static int smb2_request_destructor(void *ptr)
 258 {
 259         struct smb2_request *req = talloc_get_type(ptr, struct smb2_request);
 260         if (req->state == SMB2_REQUEST_RECV) {
 261                 DLIST_REMOVE(req->transport->pending_recv, req);
 262         }
 263         return 0;
 264 }
 265
 266
 267 /*
 268   put a request into the send queue
 269 */
 270 void smb2_transport_send(struct smb2_request *req)
 271 {
 272         DATA_BLOB blob;
 273         NTSTATUS status;
 274
 275         _smb2_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE);
 276
 277         DEBUG(2, ("SMB2 send seqnum=0x%llx\n", (long long)req->seqnum));
 278         dump_data(5, req->out.body, req->out.body_size);
 279
 280         /* check if the transport is dead */
 281         if (req->transport->socket->sock == NULL) {
 282                 req->state = SMB2_REQUEST_ERROR;
 283                 req->status = NT_STATUS_NET_WRITE_FAULT;
 284                 return;
 285         }
 286
 287         blob = data_blob_const(req->out.buffer, req->out.size);
 288         status = packet_send(req->transport->packet, blob);
 289         if (!NT_STATUS_IS_OK(status)) {
 290                 req->state = SMB2_REQUEST_ERROR;
 291                 req->status = status;
 292                 return;
 293         }
 294
 295         req->state = SMB2_REQUEST_RECV;
 296         DLIST_ADD(req->transport->pending_recv, req);
 297
 298         /* add a timeout */
 299         if (req->transport->options.timeout) {
 300                 event_add_timed(req->transport->socket->event.ctx, req,
 301                                 timeval_current_ofs(req->transport->options.timeout, 0),
 302                                 smb2_timeout_handler, req);
 303         }
 304
 305         talloc_set_destructor(req, smb2_request_destructor);
 306 }