2 Unix SMB/CIFS implementation.
3 Infrastructure for async SMB client requests
4 Copyright (C) Volker Lendecke 2008
5 Copyright (C) Stefan Metzmacher 2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/network.h"
23 #include "../lib/async_req/async_sock.h"
24 #include "../lib/util/tevent_ntstatus.h"
25 #include "../lib/util/tevent_unix.h"
26 #include "lib/util/util_net.h"
27 #include "../libcli/smb/smb_common.h"
28 #include "../libcli/smb/smb_seal.h"
29 #include "../libcli/smb/smb_signing.h"
30 #include "../libcli/smb/read_smb.h"
31 #include "smbXcli_base.h"
32 #include "librpc/ndr/libndr.h"
36 struct sockaddr_storage local_ss;
37 struct sockaddr_storage remote_ss;
38 const char *remote_name;
40 struct tevent_queue *outgoing;
41 struct tevent_req **pending;
42 struct tevent_req *read_smb_req;
44 enum protocol_types protocol;
47 bool mandatory_signing;
50 * The incoming dispatch function should return:
51 * - NT_STATUS_RETRY, if more incoming PDUs are expected.
52 * - NT_STATUS_OK, if no more processing is desired, e.g.
53 * the dispatch function called
55 * - All other return values disconnect the connection.
57 NTSTATUS (*dispatch_incoming)(struct smbXcli_conn *conn,
63 uint32_t capabilities;
68 uint32_t capabilities;
71 uint16_t security_mode;
80 const char *workgroup;
85 uint32_t capabilities;
90 struct smb_signing_state *signing;
91 struct smb_trans_enc_state *trans_enc;
96 uint16_t security_mode;
100 uint32_t capabilities;
101 uint16_t security_mode;
103 uint32_t max_trans_size;
104 uint32_t max_read_size;
105 uint32_t max_write_size;
115 struct smbXcli_req_state {
116 struct tevent_context *ev;
117 struct smbXcli_conn *conn;
119 uint8_t length_hdr[4];
126 /* Space for the header including the wct */
127 uint8_t hdr[HDR_VWV];
130 * For normal requests, smb1cli_req_send chooses a mid.
131 * SecondaryV trans requests need to use the mid of the primary
132 * request, so we need a place to store it.
133 * Assume it is set if != 0.
138 uint8_t bytecount_buf[2];
140 #define MAX_SMB_IOV 5
141 /* length_hdr, hdr, words, byte_count, buffers */
142 struct iovec iov[1 + 3 + MAX_SMB_IOV];
148 struct tevent_req **chained_requests;
151 NTSTATUS recv_status;
152 /* always an array of 3 talloc elements */
153 struct iovec *recv_iov;
157 const uint8_t *fixed;
163 uint8_t pad[7]; /* padding space for compounding */
165 /* always an array of 3 talloc elements */
166 struct iovec *recv_iov;
170 static int smbXcli_conn_destructor(struct smbXcli_conn *conn)
173 * NT_STATUS_OK, means we do not notify the callers
175 smbXcli_conn_disconnect(conn, NT_STATUS_OK);
177 if (conn->smb1.trans_enc) {
178 common_free_encryption_state(&conn->smb1.trans_enc);
184 struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
186 const char *remote_name,
187 enum smb_signing_setting signing_state,
188 uint32_t smb1_capabilities)
190 struct smbXcli_conn *conn = NULL;
192 struct sockaddr *sa = NULL;
196 conn = talloc_zero(mem_ctx, struct smbXcli_conn);
201 conn->remote_name = talloc_strdup(conn, remote_name);
202 if (conn->remote_name == NULL) {
208 ss = (void *)&conn->local_ss;
209 sa = (struct sockaddr *)ss;
210 sa_length = sizeof(conn->local_ss);
211 ret = getsockname(fd, sa, &sa_length);
215 ss = (void *)&conn->remote_ss;
216 sa = (struct sockaddr *)ss;
217 sa_length = sizeof(conn->remote_ss);
218 ret = getpeername(fd, sa, &sa_length);
223 conn->outgoing = tevent_queue_create(conn, "smbXcli_outgoing");
224 if (conn->outgoing == NULL) {
227 conn->pending = NULL;
229 conn->protocol = PROTOCOL_NONE;
231 switch (signing_state) {
232 case SMB_SIGNING_OFF:
234 conn->allow_signing = false;
235 conn->desire_signing = false;
236 conn->mandatory_signing = false;
238 case SMB_SIGNING_DEFAULT:
239 case SMB_SIGNING_IF_REQUIRED:
240 /* if the server requires it */
241 conn->allow_signing = true;
242 conn->desire_signing = false;
243 conn->mandatory_signing = false;
245 case SMB_SIGNING_REQUIRED:
247 conn->allow_signing = true;
248 conn->desire_signing = true;
249 conn->mandatory_signing = true;
253 conn->smb1.client.capabilities = smb1_capabilities;
254 conn->smb1.client.max_xmit = UINT16_MAX;
256 conn->smb1.capabilities = conn->smb1.client.capabilities;
257 conn->smb1.max_xmit = 1024;
261 /* initialise signing */
262 conn->smb1.signing = smb_signing_init(conn,
264 conn->desire_signing,
265 conn->mandatory_signing);
266 if (!conn->smb1.signing) {
270 conn->smb2.client.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
271 if (conn->mandatory_signing) {
272 conn->smb2.client.security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
275 talloc_set_destructor(conn, smbXcli_conn_destructor);
283 bool smbXcli_conn_is_connected(struct smbXcli_conn *conn)
289 if (conn->fd == -1) {
296 enum protocol_types smbXcli_conn_protocol(struct smbXcli_conn *conn)
298 return conn->protocol;
301 bool smbXcli_conn_use_unicode(struct smbXcli_conn *conn)
303 if (conn->protocol >= PROTOCOL_SMB2_02) {
307 if (conn->smb1.capabilities & CAP_UNICODE) {
314 void smbXcli_conn_set_sockopt(struct smbXcli_conn *conn, const char *options)
316 set_socket_options(conn->fd, options);
319 const struct sockaddr_storage *smbXcli_conn_local_sockaddr(struct smbXcli_conn *conn)
321 return &conn->local_ss;
324 const struct sockaddr_storage *smbXcli_conn_remote_sockaddr(struct smbXcli_conn *conn)
326 return &conn->remote_ss;
329 const char *smbXcli_conn_remote_name(struct smbXcli_conn *conn)
331 return conn->remote_name;
334 bool smb1cli_conn_activate_signing(struct smbXcli_conn *conn,
335 const DATA_BLOB user_session_key,
336 const DATA_BLOB response)
338 return smb_signing_activate(conn->smb1.signing,
343 bool smb1cli_conn_check_signing(struct smbXcli_conn *conn,
344 const uint8_t *buf, uint32_t seqnum)
346 return smb_signing_check_pdu(conn->smb1.signing, buf, seqnum);
349 bool smb1cli_conn_signing_is_active(struct smbXcli_conn *conn)
351 return smb_signing_is_active(conn->smb1.signing);
354 void smb1cli_conn_set_encryption(struct smbXcli_conn *conn,
355 struct smb_trans_enc_state *es)
357 /* Replace the old state, if any. */
358 if (conn->smb1.trans_enc) {
359 common_free_encryption_state(&conn->smb1.trans_enc);
361 conn->smb1.trans_enc = es;
364 bool smb1cli_conn_encryption_on(struct smbXcli_conn *conn)
366 return common_encryption_on(conn->smb1.trans_enc);
370 static NTSTATUS smb1cli_pull_raw_error(const uint8_t *hdr)
372 uint32_t flags2 = SVAL(hdr, HDR_FLG2);
373 NTSTATUS status = NT_STATUS(IVAL(hdr, HDR_RCLS));
375 if (NT_STATUS_IS_OK(status)) {
379 if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
383 return NT_STATUS_DOS(CVAL(hdr, HDR_RCLS), SVAL(hdr, HDR_ERR));
387 * Figure out if there is an andx command behind the current one
388 * @param[in] buf The smb buffer to look at
389 * @param[in] ofs The offset to the wct field that is followed by the cmd
390 * @retval Is there a command following?
393 static bool smb1cli_have_andx_command(const uint8_t *buf,
398 size_t buflen = talloc_get_size(buf);
400 if (!smb1cli_is_andx_req(cmd)) {
404 if ((ofs == buflen-1) || (ofs == buflen)) {
408 wct = CVAL(buf, ofs);
411 * Not enough space for the command and a following pointer
415 return (CVAL(buf, ofs+1) != 0xff);
419 * Is the SMB command able to hold an AND_X successor
420 * @param[in] cmd The SMB command in question
421 * @retval Can we add a chained request after "cmd"?
423 bool smb1cli_is_andx_req(uint8_t cmd)
443 static uint16_t smb1cli_alloc_mid(struct smbXcli_conn *conn)
445 size_t num_pending = talloc_array_length(conn->pending);
451 result = conn->smb1.mid++;
452 if ((result == 0) || (result == 0xffff)) {
456 for (i=0; i<num_pending; i++) {
457 if (result == smb1cli_req_mid(conn->pending[i])) {
462 if (i == num_pending) {
468 void smbXcli_req_unset_pending(struct tevent_req *req)
470 struct smbXcli_req_state *state =
472 struct smbXcli_req_state);
473 struct smbXcli_conn *conn = state->conn;
474 size_t num_pending = talloc_array_length(conn->pending);
477 if (state->smb1.mid != 0) {
479 * This is a [nt]trans[2] request which waits
480 * for more than one reply.
485 talloc_set_destructor(req, NULL);
487 if (num_pending == 1) {
489 * The pending read_smb tevent_req is a child of
490 * conn->pending. So if nothing is pending anymore, we need to
491 * delete the socket read fde.
493 TALLOC_FREE(conn->pending);
494 conn->read_smb_req = NULL;
498 for (i=0; i<num_pending; i++) {
499 if (req == conn->pending[i]) {
503 if (i == num_pending) {
505 * Something's seriously broken. Just returning here is the
506 * right thing nevertheless, the point of this routine is to
507 * remove ourselves from conn->pending.
513 * Remove ourselves from the conn->pending array
515 for (; i < (num_pending - 1); i++) {
516 conn->pending[i] = conn->pending[i+1];
520 * No NULL check here, we're shrinking by sizeof(void *), and
521 * talloc_realloc just adjusts the size for this.
523 conn->pending = talloc_realloc(NULL, conn->pending, struct tevent_req *,
528 static int smbXcli_req_destructor(struct tevent_req *req)
530 struct smbXcli_req_state *state =
532 struct smbXcli_req_state);
535 * Make sure we really remove it from
536 * the pending array on destruction.
539 smbXcli_req_unset_pending(req);
543 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn);
545 bool smbXcli_req_set_pending(struct tevent_req *req)
547 struct smbXcli_req_state *state =
549 struct smbXcli_req_state);
550 struct smbXcli_conn *conn;
551 struct tevent_req **pending;
556 if (!smbXcli_conn_is_connected(conn)) {
560 num_pending = talloc_array_length(conn->pending);
562 pending = talloc_realloc(conn, conn->pending, struct tevent_req *,
564 if (pending == NULL) {
567 pending[num_pending] = req;
568 conn->pending = pending;
569 talloc_set_destructor(req, smbXcli_req_destructor);
571 if (!smbXcli_conn_receive_next(conn)) {
573 * the caller should notify the current request
575 * And all other pending requests get notified
576 * by smbXcli_conn_disconnect().
578 smbXcli_req_unset_pending(req);
579 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
586 static void smbXcli_conn_received(struct tevent_req *subreq);
588 static bool smbXcli_conn_receive_next(struct smbXcli_conn *conn)
590 size_t num_pending = talloc_array_length(conn->pending);
591 struct tevent_req *req;
592 struct smbXcli_req_state *state;
594 if (conn->read_smb_req != NULL) {
598 if (num_pending == 0) {
599 if (conn->smb2.mid < UINT64_MAX) {
600 /* no more pending requests, so we are done for now */
605 * If there are no more SMB2 requests possible,
606 * because we are out of message ids,
607 * we need to disconnect.
609 smbXcli_conn_disconnect(conn, NT_STATUS_CONNECTION_ABORTED);
613 req = conn->pending[0];
614 state = tevent_req_data(req, struct smbXcli_req_state);
617 * We're the first ones, add the read_smb request that waits for the
618 * answer from the server
620 conn->read_smb_req = read_smb_send(conn->pending, state->ev, conn->fd);
621 if (conn->read_smb_req == NULL) {
624 tevent_req_set_callback(conn->read_smb_req, smbXcli_conn_received, conn);
628 void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
630 if (conn->fd != -1) {
636 * Cancel all pending requests. We do not do a for-loop walking
637 * conn->pending because that array changes in
638 * smbXcli_req_unset_pending.
640 while (talloc_array_length(conn->pending) > 0) {
641 struct tevent_req *req;
642 struct smbXcli_req_state *state;
644 req = conn->pending[0];
645 state = tevent_req_data(req, struct smbXcli_req_state);
648 * We're dead. No point waiting for trans2
653 smbXcli_req_unset_pending(req);
655 if (NT_STATUS_IS_OK(status)) {
656 /* do not notify the callers */
661 * we need to defer the callback, because we may notify more
664 tevent_req_defer_callback(req, state->ev);
665 tevent_req_nterror(req, status);
670 * Fetch a smb request's mid. Only valid after the request has been sent by
671 * smb1cli_req_send().
673 uint16_t smb1cli_req_mid(struct tevent_req *req)
675 struct smbXcli_req_state *state =
677 struct smbXcli_req_state);
679 if (state->smb1.mid != 0) {
680 return state->smb1.mid;
683 return SVAL(state->smb1.hdr, HDR_MID);
686 void smb1cli_req_set_mid(struct tevent_req *req, uint16_t mid)
688 struct smbXcli_req_state *state =
690 struct smbXcli_req_state);
692 state->smb1.mid = mid;
695 uint32_t smb1cli_req_seqnum(struct tevent_req *req)
697 struct smbXcli_req_state *state =
699 struct smbXcli_req_state);
701 return state->smb1.seqnum;
704 void smb1cli_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
706 struct smbXcli_req_state *state =
708 struct smbXcli_req_state);
710 state->smb1.seqnum = seqnum;
713 static size_t smbXcli_iov_len(const struct iovec *iov, int count)
717 for (i=0; i<count; i++) {
718 result += iov[i].iov_len;
723 static uint8_t *smbXcli_iov_concat(TALLOC_CTX *mem_ctx,
724 const struct iovec *iov,
727 size_t len = smbXcli_iov_len(iov, count);
732 buf = talloc_array(mem_ctx, uint8_t, len);
737 for (i=0; i<count; i++) {
738 memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
739 copied += iov[i].iov_len;
744 static void smb1cli_req_flags(enum protocol_types protocol,
745 uint32_t smb1_capabilities,
747 uint8_t additional_flags,
750 uint16_t additional_flags2,
751 uint16_t clear_flags2,
757 if (protocol >= PROTOCOL_LANMAN1) {
758 flags |= FLAG_CASELESS_PATHNAMES;
759 flags |= FLAG_CANONICAL_PATHNAMES;
762 if (protocol >= PROTOCOL_LANMAN2) {
763 flags2 |= FLAGS2_LONG_PATH_COMPONENTS;
764 flags2 |= FLAGS2_EXTENDED_ATTRIBUTES;
767 if (protocol >= PROTOCOL_NT1) {
768 flags2 |= FLAGS2_IS_LONG_NAME;
770 if (smb1_capabilities & CAP_UNICODE) {
771 flags2 |= FLAGS2_UNICODE_STRINGS;
773 if (smb1_capabilities & CAP_STATUS32) {
774 flags2 |= FLAGS2_32_BIT_ERROR_CODES;
776 if (smb1_capabilities & CAP_EXTENDED_SECURITY) {
777 flags2 |= FLAGS2_EXTENDED_SECURITY;
781 flags |= additional_flags;
782 flags &= ~clear_flags;
783 flags2 |= additional_flags2;
784 flags2 &= ~clear_flags2;
790 struct tevent_req *smb1cli_req_create(TALLOC_CTX *mem_ctx,
791 struct tevent_context *ev,
792 struct smbXcli_conn *conn,
794 uint8_t additional_flags,
796 uint16_t additional_flags2,
797 uint16_t clear_flags2,
798 uint32_t timeout_msec,
802 uint8_t wct, uint16_t *vwv,
804 struct iovec *bytes_iov)
806 struct tevent_req *req;
807 struct smbXcli_req_state *state;
811 if (iov_count > MAX_SMB_IOV) {
813 * Should not happen :-)
818 req = tevent_req_create(mem_ctx, &state,
819 struct smbXcli_req_state);
826 state->smb1.recv_cmd = 0xFF;
827 state->smb1.recv_status = NT_STATUS_INTERNAL_ERROR;
828 state->smb1.recv_iov = talloc_zero_array(state, struct iovec, 3);
829 if (state->smb1.recv_iov == NULL) {
834 smb1cli_req_flags(conn->protocol,
835 conn->smb1.capabilities,
844 SIVAL(state->smb1.hdr, 0, SMB_MAGIC);
845 SCVAL(state->smb1.hdr, HDR_COM, smb_command);
846 SIVAL(state->smb1.hdr, HDR_RCLS, NT_STATUS_V(NT_STATUS_OK));
847 SCVAL(state->smb1.hdr, HDR_FLG, flags);
848 SSVAL(state->smb1.hdr, HDR_FLG2, flags2);
849 SSVAL(state->smb1.hdr, HDR_PIDHIGH, pid >> 16);
850 SSVAL(state->smb1.hdr, HDR_TID, tid);
851 SSVAL(state->smb1.hdr, HDR_PID, pid);
852 SSVAL(state->smb1.hdr, HDR_UID, uid);
853 SSVAL(state->smb1.hdr, HDR_MID, 0); /* this comes later */
854 SSVAL(state->smb1.hdr, HDR_WCT, wct);
856 state->smb1.vwv = vwv;
858 SSVAL(state->smb1.bytecount_buf, 0, smbXcli_iov_len(bytes_iov, iov_count));
860 state->smb1.iov[0].iov_base = (void *)state->length_hdr;
861 state->smb1.iov[0].iov_len = sizeof(state->length_hdr);
862 state->smb1.iov[1].iov_base = (void *)state->smb1.hdr;
863 state->smb1.iov[1].iov_len = sizeof(state->smb1.hdr);
864 state->smb1.iov[2].iov_base = (void *)state->smb1.vwv;
865 state->smb1.iov[2].iov_len = wct * sizeof(uint16_t);
866 state->smb1.iov[3].iov_base = (void *)state->smb1.bytecount_buf;
867 state->smb1.iov[3].iov_len = sizeof(uint16_t);
869 if (iov_count != 0) {
870 memcpy(&state->smb1.iov[4], bytes_iov,
871 iov_count * sizeof(*bytes_iov));
873 state->smb1.iov_count = iov_count + 4;
875 if (timeout_msec > 0) {
876 struct timeval endtime;
878 endtime = timeval_current_ofs_msec(timeout_msec);
879 if (!tevent_req_set_endtime(req, ev, endtime)) {
884 switch (smb_command) {
889 state->one_way = true;
893 (CVAL(vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
894 state->one_way = true;
902 static NTSTATUS smb1cli_conn_signv(struct smbXcli_conn *conn,
903 struct iovec *iov, int iov_count,
909 * Obvious optimization: Make cli_calculate_sign_mac work with struct
910 * iovec directly. MD5Update would do that just fine.
914 return NT_STATUS_INVALID_PARAMETER_MIX;
916 if (iov[0].iov_len != NBT_HDR_SIZE) {
917 return NT_STATUS_INVALID_PARAMETER_MIX;
919 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
920 return NT_STATUS_INVALID_PARAMETER_MIX;
922 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
923 return NT_STATUS_INVALID_PARAMETER_MIX;
925 if (iov[3].iov_len != sizeof(uint16_t)) {
926 return NT_STATUS_INVALID_PARAMETER_MIX;
929 buf = smbXcli_iov_concat(talloc_tos(), iov, iov_count);
931 return NT_STATUS_NO_MEMORY;
934 *seqnum = smb_signing_next_seqnum(conn->smb1.signing, false);
935 smb_signing_sign_pdu(conn->smb1.signing, buf, *seqnum);
936 memcpy(iov[1].iov_base, buf+4, iov[1].iov_len);
942 static void smb1cli_req_writev_done(struct tevent_req *subreq);
943 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
947 static NTSTATUS smb1cli_req_writev_submit(struct tevent_req *req,
948 struct smbXcli_req_state *state,
949 struct iovec *iov, int iov_count)
951 struct tevent_req *subreq;
955 if (!smbXcli_conn_is_connected(state->conn)) {
956 return NT_STATUS_CONNECTION_DISCONNECTED;
959 if (state->conn->protocol > PROTOCOL_NT1) {
960 return NT_STATUS_REVISION_MISMATCH;
964 return NT_STATUS_INVALID_PARAMETER_MIX;
966 if (iov[0].iov_len != NBT_HDR_SIZE) {
967 return NT_STATUS_INVALID_PARAMETER_MIX;
969 if (iov[1].iov_len != (MIN_SMB_SIZE-sizeof(uint16_t))) {
970 return NT_STATUS_INVALID_PARAMETER_MIX;
972 if (iov[2].iov_len > (0xFF * sizeof(uint16_t))) {
973 return NT_STATUS_INVALID_PARAMETER_MIX;
975 if (iov[3].iov_len != sizeof(uint16_t)) {
976 return NT_STATUS_INVALID_PARAMETER_MIX;
979 if (state->smb1.mid != 0) {
980 mid = state->smb1.mid;
982 mid = smb1cli_alloc_mid(state->conn);
984 SSVAL(iov[1].iov_base, HDR_MID, mid);
986 _smb_setlen_nbt(iov[0].iov_base, smbXcli_iov_len(&iov[1], iov_count-1));
988 status = smb1cli_conn_signv(state->conn, iov, iov_count,
989 &state->smb1.seqnum);
991 if (!NT_STATUS_IS_OK(status)) {
996 * If we supported multiple encrytion contexts
997 * here we'd look up based on tid.
999 if (common_encryption_on(state->conn->smb1.trans_enc)) {
1000 char *buf, *enc_buf;
1002 buf = (char *)smbXcli_iov_concat(talloc_tos(), iov, iov_count);
1004 return NT_STATUS_NO_MEMORY;
1006 status = common_encrypt_buffer(state->conn->smb1.trans_enc,
1007 (char *)buf, &enc_buf);
1009 if (!NT_STATUS_IS_OK(status)) {
1010 DEBUG(0, ("Error in encrypting client message: %s\n",
1011 nt_errstr(status)));
1014 buf = (char *)talloc_memdup(state, enc_buf,
1015 smb_len_nbt(enc_buf)+4);
1018 return NT_STATUS_NO_MEMORY;
1020 iov[0].iov_base = (void *)buf;
1021 iov[0].iov_len = talloc_get_size(buf);
1025 if (state->conn->dispatch_incoming == NULL) {
1026 state->conn->dispatch_incoming = smb1cli_conn_dispatch_incoming;
1029 subreq = writev_send(state, state->ev, state->conn->outgoing,
1030 state->conn->fd, false, iov, iov_count);
1031 if (subreq == NULL) {
1032 return NT_STATUS_NO_MEMORY;
1034 tevent_req_set_callback(subreq, smb1cli_req_writev_done, req);
1035 return NT_STATUS_OK;
1038 struct tevent_req *smb1cli_req_send(TALLOC_CTX *mem_ctx,
1039 struct tevent_context *ev,
1040 struct smbXcli_conn *conn,
1041 uint8_t smb_command,
1042 uint8_t additional_flags,
1043 uint8_t clear_flags,
1044 uint16_t additional_flags2,
1045 uint16_t clear_flags2,
1046 uint32_t timeout_msec,
1050 uint8_t wct, uint16_t *vwv,
1052 const uint8_t *bytes)
1054 struct tevent_req *req;
1058 iov.iov_base = discard_const_p(void, bytes);
1059 iov.iov_len = num_bytes;
1061 req = smb1cli_req_create(mem_ctx, ev, conn, smb_command,
1062 additional_flags, clear_flags,
1063 additional_flags2, clear_flags2,
1070 if (!tevent_req_is_in_progress(req)) {
1071 return tevent_req_post(req, ev);
1073 status = smb1cli_req_chain_submit(&req, 1);
1074 if (tevent_req_nterror(req, status)) {
1075 return tevent_req_post(req, ev);
1080 static void smb1cli_req_writev_done(struct tevent_req *subreq)
1082 struct tevent_req *req =
1083 tevent_req_callback_data(subreq,
1085 struct smbXcli_req_state *state =
1086 tevent_req_data(req,
1087 struct smbXcli_req_state);
1091 nwritten = writev_recv(subreq, &err);
1092 TALLOC_FREE(subreq);
1093 if (nwritten == -1) {
1094 NTSTATUS status = map_nt_error_from_unix_common(err);
1095 smbXcli_conn_disconnect(state->conn, status);
1099 if (state->one_way) {
1100 state->inbuf = NULL;
1101 tevent_req_done(req);
1105 if (!smbXcli_req_set_pending(req)) {
1106 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1111 static void smbXcli_conn_received(struct tevent_req *subreq)
1113 struct smbXcli_conn *conn =
1114 tevent_req_callback_data(subreq,
1115 struct smbXcli_conn);
1116 TALLOC_CTX *frame = talloc_stackframe();
1122 if (subreq != conn->read_smb_req) {
1123 DEBUG(1, ("Internal error: cli_smb_received called with "
1124 "unexpected subreq\n"));
1125 status = NT_STATUS_INTERNAL_ERROR;
1126 smbXcli_conn_disconnect(conn, status);
1130 conn->read_smb_req = NULL;
1132 received = read_smb_recv(subreq, frame, &inbuf, &err);
1133 TALLOC_FREE(subreq);
1134 if (received == -1) {
1135 status = map_nt_error_from_unix_common(err);
1136 smbXcli_conn_disconnect(conn, status);
1141 status = conn->dispatch_incoming(conn, frame, inbuf);
1143 if (NT_STATUS_IS_OK(status)) {
1145 * We should not do any more processing
1146 * as the dispatch function called
1147 * tevent_req_done().
1150 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
1152 * We got an error, so notify all pending requests
1154 smbXcli_conn_disconnect(conn, status);
1159 * We got NT_STATUS_RETRY, so we may ask for a
1160 * next incoming pdu.
1162 if (!smbXcli_conn_receive_next(conn)) {
1163 smbXcli_conn_disconnect(conn, NT_STATUS_NO_MEMORY);
1167 static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1168 TALLOC_CTX *tmp_mem,
1171 struct tevent_req *req;
1172 struct smbXcli_req_state *state;
1178 const uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
1180 if ((IVAL(inhdr, 0) != SMB_MAGIC) /* 0xFF"SMB" */
1181 && (SVAL(inhdr, 0) != 0x45ff)) /* 0xFF"E" */ {
1182 DEBUG(10, ("Got non-SMB PDU\n"));
1183 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1187 * If we supported multiple encrytion contexts
1188 * here we'd look up based on tid.
1190 if (common_encryption_on(conn->smb1.trans_enc)
1191 && (CVAL(inbuf, 0) == 0)) {
1192 uint16_t enc_ctx_num;
1194 status = get_enc_ctx_num(inbuf, &enc_ctx_num);
1195 if (!NT_STATUS_IS_OK(status)) {
1196 DEBUG(10, ("get_enc_ctx_num returned %s\n",
1197 nt_errstr(status)));
1201 if (enc_ctx_num != conn->smb1.trans_enc->enc_ctx_num) {
1202 DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
1204 conn->smb1.trans_enc->enc_ctx_num));
1205 return NT_STATUS_INVALID_HANDLE;
1208 status = common_decrypt_buffer(conn->smb1.trans_enc,
1210 if (!NT_STATUS_IS_OK(status)) {
1211 DEBUG(10, ("common_decrypt_buffer returned %s\n",
1212 nt_errstr(status)));
1217 mid = SVAL(inhdr, HDR_MID);
1218 num_pending = talloc_array_length(conn->pending);
1220 for (i=0; i<num_pending; i++) {
1221 if (mid == smb1cli_req_mid(conn->pending[i])) {
1225 if (i == num_pending) {
1226 /* Dump unexpected reply */
1227 return NT_STATUS_RETRY;
1230 oplock_break = false;
1232 if (mid == 0xffff) {
1234 * Paranoia checks that this is really an oplock break request.
1236 oplock_break = (smb_len_nbt(inbuf) == 51); /* hdr + 8 words */
1237 oplock_break &= ((CVAL(inhdr, HDR_FLG) & FLAG_REPLY) == 0);
1238 oplock_break &= (CVAL(inhdr, HDR_COM) == SMBlockingX);
1239 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(6)) == 0);
1240 oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(7)) == 0);
1242 if (!oplock_break) {
1243 /* Dump unexpected reply */
1244 return NT_STATUS_RETRY;
1248 req = conn->pending[i];
1249 state = tevent_req_data(req, struct smbXcli_req_state);
1251 if (!oplock_break /* oplock breaks are not signed */
1252 && !smb_signing_check_pdu(conn->smb1.signing,
1253 inbuf, state->smb1.seqnum+1)) {
1254 DEBUG(10, ("cli_check_sign_mac failed\n"));
1255 return NT_STATUS_ACCESS_DENIED;
1258 if (state->smb1.chained_requests != NULL) {
1259 struct tevent_req **chain = talloc_move(tmp_mem,
1260 &state->smb1.chained_requests);
1261 size_t num_chained = talloc_array_length(chain);
1264 * We steal the inbuf to the chain,
1265 * so that it will stay until all
1266 * requests of the chain are finished.
1268 * Each requests in the chain will
1269 * hold a talloc reference to the chain.
1270 * This way we do not expose the talloc_reference()
1271 * behavior to the callers.
1273 talloc_steal(chain, inbuf);
1275 for (i=0; i<num_chained; i++) {
1276 struct tevent_req **ref;
1279 state = tevent_req_data(req, struct smbXcli_req_state);
1281 smbXcli_req_unset_pending(req);
1284 * as we finish multiple requests here
1285 * we need to defer the callbacks as
1286 * they could destroy our current stack state.
1288 tevent_req_defer_callback(req, state->ev);
1290 ref = talloc_reference(state, chain);
1291 if (tevent_req_nomem(ref, req)) {
1295 state->inbuf = inbuf;
1296 state->smb1.chain_num = i;
1297 state->smb1.chain_length = num_chained;
1299 tevent_req_done(req);
1301 return NT_STATUS_RETRY;
1304 smbXcli_req_unset_pending(req);
1306 state->inbuf = talloc_move(state, &inbuf);
1307 state->smb1.chain_num = 0;
1308 state->smb1.chain_length = 1;
1310 if (talloc_array_length(conn->pending) == 0) {
1311 tevent_req_done(req);
1312 return NT_STATUS_OK;
1315 tevent_req_defer_callback(req, state->ev);
1316 tevent_req_done(req);
1317 return NT_STATUS_RETRY;
1320 NTSTATUS smb1cli_req_recv(struct tevent_req *req,
1321 TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
1322 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
1323 uint32_t *pnum_bytes, uint8_t **pbytes)
1325 struct smbXcli_req_state *state =
1326 tevent_req_data(req,
1327 struct smbXcli_req_state);
1328 NTSTATUS status = NT_STATUS_OK;
1331 size_t wct_ofs, bytes_offset;
1334 if (tevent_req_is_nterror(req, &status)) {
1338 if (state->inbuf == NULL) {
1340 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1357 /* This was a request without a reply */
1358 return NT_STATUS_OK;
1361 wct_ofs = NBT_HDR_SIZE + HDR_WCT;
1362 cmd = CVAL(state->inbuf, NBT_HDR_SIZE + HDR_COM);
1364 for (i=0; i<state->smb1.chain_num; i++) {
1365 if (i < state->smb1.chain_num-1) {
1367 return NT_STATUS_REQUEST_ABORTED;
1369 if (!smb1cli_is_andx_req(cmd)) {
1370 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1374 if (!smb1cli_have_andx_command(state->inbuf, wct_ofs, cmd)) {
1376 * This request was not completed because a previous
1377 * request in the chain had received an error.
1379 return NT_STATUS_REQUEST_ABORTED;
1382 cmd = CVAL(state->inbuf, wct_ofs + 1);
1383 wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
1386 * Skip the all-present length field. No overflow, we've just
1387 * put a 16-bit value into a size_t.
1391 if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
1392 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1396 status = smb1cli_pull_raw_error(state->inbuf+NBT_HDR_SIZE);
1398 if (!smb1cli_have_andx_command(state->inbuf, wct_ofs, cmd)) {
1400 if ((cmd == SMBsesssetupX)
1402 status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1404 * NT_STATUS_MORE_PROCESSING_REQUIRED is a
1405 * valid return code for session setup
1410 if (NT_STATUS_IS_ERR(status)) {
1412 * The last command takes the error code. All
1413 * further commands down the requested chain
1414 * will get a NT_STATUS_REQUEST_ABORTED.
1420 * Only the last request in the chain get the returned
1423 status = NT_STATUS_OK;
1428 wct = CVAL(state->inbuf, wct_ofs);
1429 bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
1430 num_bytes = SVAL(state->inbuf, bytes_offset);
1432 if (wct < min_wct) {
1433 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1437 * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
1438 * is a 16-bit value. So bytes_offset being size_t should be far from
1441 if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
1442 || (bytes_offset > 0xffff)) {
1443 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1450 *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
1452 if (pnum_bytes != NULL) {
1453 *pnum_bytes = num_bytes;
1455 if (pbytes != NULL) {
1456 *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
1458 if ((mem_ctx != NULL) && (pinbuf != NULL)) {
1459 if (state->smb1.chain_num == state->smb1.chain_length-1) {
1460 *pinbuf = talloc_move(mem_ctx, &state->inbuf);
1462 *pinbuf = state->inbuf;
1469 size_t smb1cli_req_wct_ofs(struct tevent_req **reqs, int num_reqs)
1476 for (i=0; i<num_reqs; i++) {
1477 struct smbXcli_req_state *state;
1478 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1479 wct_ofs += smbXcli_iov_len(state->smb1.iov+2,
1480 state->smb1.iov_count-2);
1481 wct_ofs = (wct_ofs + 3) & ~3;
1486 NTSTATUS smb1cli_req_chain_submit(struct tevent_req **reqs, int num_reqs)
1488 struct smbXcli_req_state *first_state =
1489 tevent_req_data(reqs[0],
1490 struct smbXcli_req_state);
1491 struct smbXcli_req_state *last_state =
1492 tevent_req_data(reqs[num_reqs-1],
1493 struct smbXcli_req_state);
1494 struct smbXcli_req_state *state;
1496 size_t chain_padding = 0;
1498 struct iovec *iov = NULL;
1499 struct iovec *this_iov;
1503 if (num_reqs == 1) {
1504 return smb1cli_req_writev_submit(reqs[0], first_state,
1505 first_state->smb1.iov,
1506 first_state->smb1.iov_count);
1510 for (i=0; i<num_reqs; i++) {
1511 if (!tevent_req_is_in_progress(reqs[i])) {
1512 return NT_STATUS_INTERNAL_ERROR;
1515 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1517 if (state->smb1.iov_count < 4) {
1518 return NT_STATUS_INVALID_PARAMETER_MIX;
1523 * The NBT and SMB header
1536 iovlen += state->smb1.iov_count - 2;
1539 iov = talloc_zero_array(last_state, struct iovec, iovlen);
1541 return NT_STATUS_NO_MEMORY;
1544 first_state->smb1.chained_requests = (struct tevent_req **)talloc_memdup(
1545 last_state, reqs, sizeof(*reqs) * num_reqs);
1546 if (first_state->smb1.chained_requests == NULL) {
1548 return NT_STATUS_NO_MEMORY;
1551 wct_offset = HDR_WCT;
1554 for (i=0; i<num_reqs; i++) {
1555 size_t next_padding = 0;
1558 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1560 if (i < num_reqs-1) {
1561 if (!smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))
1562 || CVAL(state->smb1.hdr, HDR_WCT) < 2) {
1564 TALLOC_FREE(first_state->smb1.chained_requests);
1565 return NT_STATUS_INVALID_PARAMETER_MIX;
1569 wct_offset += smbXcli_iov_len(state->smb1.iov+2,
1570 state->smb1.iov_count-2) + 1;
1571 if ((wct_offset % 4) != 0) {
1572 next_padding = 4 - (wct_offset % 4);
1574 wct_offset += next_padding;
1575 vwv = state->smb1.vwv;
1577 if (i < num_reqs-1) {
1578 struct smbXcli_req_state *next_state =
1579 tevent_req_data(reqs[i+1],
1580 struct smbXcli_req_state);
1581 SCVAL(vwv+0, 0, CVAL(next_state->smb1.hdr, HDR_COM));
1583 SSVAL(vwv+1, 0, wct_offset);
1584 } else if (smb1cli_is_andx_req(CVAL(state->smb1.hdr, HDR_COM))) {
1585 /* properly end the chain */
1586 SCVAL(vwv+0, 0, 0xff);
1587 SCVAL(vwv+0, 1, 0xff);
1593 * The NBT and SMB header
1595 this_iov[0] = state->smb1.iov[0];
1596 this_iov[1] = state->smb1.iov[1];
1600 * This one is a bit subtle. We have to add
1601 * chain_padding bytes between the requests, and we
1602 * have to also include the wct field of the
1603 * subsequent requests. We use the subsequent header
1604 * for the padding, it contains the wct field in its
1607 this_iov[0].iov_len = chain_padding+1;
1608 this_iov[0].iov_base = (void *)&state->smb1.hdr[
1609 sizeof(state->smb1.hdr) - this_iov[0].iov_len];
1610 memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
1615 * copy the words and bytes
1617 memcpy(this_iov, state->smb1.iov+2,
1618 sizeof(struct iovec) * (state->smb1.iov_count-2));
1619 this_iov += state->smb1.iov_count - 2;
1620 chain_padding = next_padding;
1623 nbt_len = smbXcli_iov_len(&iov[1], iovlen-1);
1624 if (nbt_len > first_state->conn->smb1.max_xmit) {
1626 TALLOC_FREE(first_state->smb1.chained_requests);
1627 return NT_STATUS_INVALID_PARAMETER_MIX;
1630 status = smb1cli_req_writev_submit(reqs[0], last_state, iov, iovlen);
1631 if (!NT_STATUS_IS_OK(status)) {
1633 TALLOC_FREE(first_state->smb1.chained_requests);
1637 for (i=0; i < (num_reqs - 1); i++) {
1638 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1640 state->smb1.seqnum = last_state->smb1.seqnum;
1643 return NT_STATUS_OK;
1646 bool smbXcli_conn_has_async_calls(struct smbXcli_conn *conn)
1648 return ((tevent_queue_length(conn->outgoing) != 0)
1649 || (talloc_array_length(conn->pending) != 0));
1652 struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
1653 struct tevent_context *ev,
1654 struct smbXcli_conn *conn,
1656 uint32_t additional_flags,
1657 uint32_t clear_flags,
1658 uint32_t timeout_msec,
1662 const uint8_t *fixed,
1667 struct tevent_req *req;
1668 struct smbXcli_req_state *state;
1671 req = tevent_req_create(mem_ctx, &state,
1672 struct smbXcli_req_state);
1680 state->smb2.recv_iov = talloc_zero_array(state, struct iovec, 3);
1681 if (state->smb2.recv_iov == NULL) {
1686 flags |= additional_flags;
1687 flags &= ~clear_flags;
1689 state->smb2.fixed = fixed;
1690 state->smb2.fixed_len = fixed_len;
1691 state->smb2.dyn = dyn;
1692 state->smb2.dyn_len = dyn_len;
1694 SIVAL(state->smb2.hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
1695 SSVAL(state->smb2.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
1696 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT_CHARGE, 1);
1697 SIVAL(state->smb2.hdr, SMB2_HDR_STATUS, NT_STATUS_V(NT_STATUS_OK));
1698 SSVAL(state->smb2.hdr, SMB2_HDR_OPCODE, cmd);
1699 SSVAL(state->smb2.hdr, SMB2_HDR_CREDIT, 31);
1700 SIVAL(state->smb2.hdr, SMB2_HDR_FLAGS, flags);
1701 SIVAL(state->smb2.hdr, SMB2_HDR_PID, pid);
1702 SIVAL(state->smb2.hdr, SMB2_HDR_TID, tid);
1703 SBVAL(state->smb2.hdr, SMB2_HDR_SESSION_ID, uid);
1706 case SMB2_OP_CANCEL:
1707 state->one_way = true;
1711 * If this is a dummy request, it will have
1712 * UINT64_MAX as message id.
1713 * If we send on break acknowledgement,
1714 * this gets overwritten later.
1716 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, UINT64_MAX);
1720 if (timeout_msec > 0) {
1721 struct timeval endtime;
1723 endtime = timeval_current_ofs_msec(timeout_msec);
1724 if (!tevent_req_set_endtime(req, ev, endtime)) {
1732 static void smb2cli_writev_done(struct tevent_req *subreq);
1733 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
1734 TALLOC_CTX *tmp_mem,
1737 NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
1740 struct smbXcli_req_state *state;
1741 struct tevent_req *subreq;
1743 int i, num_iov, nbt_len;
1746 * 1 for the nbt length
1747 * per request: HDR, fixed, dyn, padding
1748 * -1 because the last one does not need padding
1751 iov = talloc_array(reqs[0], struct iovec, 1 + 4*num_reqs - 1);
1753 return NT_STATUS_NO_MEMORY;
1759 for (i=0; i<num_reqs; i++) {
1764 if (!tevent_req_is_in_progress(reqs[i])) {
1765 return NT_STATUS_INTERNAL_ERROR;
1768 state = tevent_req_data(reqs[i], struct smbXcli_req_state);
1770 if (!smbXcli_conn_is_connected(state->conn)) {
1771 return NT_STATUS_CONNECTION_DISCONNECTED;
1774 if ((state->conn->protocol != PROTOCOL_NONE) &&
1775 (state->conn->protocol < PROTOCOL_SMB2_02)) {
1776 return NT_STATUS_REVISION_MISMATCH;
1779 if (state->conn->smb2.mid == UINT64_MAX) {
1780 return NT_STATUS_CONNECTION_ABORTED;
1783 mid = state->conn->smb2.mid;
1784 state->conn->smb2.mid += 1;
1786 SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
1788 iov[num_iov].iov_base = state->smb2.hdr;
1789 iov[num_iov].iov_len = sizeof(state->smb2.hdr);
1792 iov[num_iov].iov_base = discard_const(state->smb2.fixed);
1793 iov[num_iov].iov_len = state->smb2.fixed_len;
1796 if (state->smb2.dyn != NULL) {
1797 iov[num_iov].iov_base = discard_const(state->smb2.dyn);
1798 iov[num_iov].iov_len = state->smb2.dyn_len;
1802 reqlen = sizeof(state->smb2.hdr);
1803 reqlen += state->smb2.fixed_len;
1804 reqlen += state->smb2.dyn_len;
1806 if (i < num_reqs-1) {
1807 if ((reqlen % 8) > 0) {
1808 uint8_t pad = 8 - (reqlen % 8);
1809 iov[num_iov].iov_base = state->smb2.pad;
1810 iov[num_iov].iov_len = pad;
1814 SIVAL(state->smb2.hdr, SMB2_HDR_NEXT_COMMAND, reqlen);
1818 ret = smbXcli_req_set_pending(reqs[i]);
1820 return NT_STATUS_NO_MEMORY;
1825 * TODO: Do signing here
1828 state = tevent_req_data(reqs[0], struct smbXcli_req_state);
1829 _smb_setlen_tcp(state->length_hdr, nbt_len);
1830 iov[0].iov_base = state->length_hdr;
1831 iov[0].iov_len = sizeof(state->length_hdr);
1833 if (state->conn->dispatch_incoming == NULL) {
1834 state->conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
1837 subreq = writev_send(state, state->ev, state->conn->outgoing,
1838 state->conn->fd, false, iov, num_iov);
1839 if (subreq == NULL) {
1840 return NT_STATUS_NO_MEMORY;
1842 tevent_req_set_callback(subreq, smb2cli_writev_done, reqs[0]);
1843 return NT_STATUS_OK;
1846 struct tevent_req *smb2cli_req_send(TALLOC_CTX *mem_ctx,
1847 struct tevent_context *ev,
1848 struct smbXcli_conn *conn,
1850 uint32_t additional_flags,
1851 uint32_t clear_flags,
1852 uint32_t timeout_msec,
1856 const uint8_t *fixed,
1861 struct tevent_req *req;
1864 req = smb2cli_req_create(mem_ctx, ev, conn, cmd,
1865 additional_flags, clear_flags,
1868 fixed, fixed_len, dyn, dyn_len);
1872 if (!tevent_req_is_in_progress(req)) {
1873 return tevent_req_post(req, ev);
1875 status = smb2cli_req_compound_submit(&req, 1);
1876 if (tevent_req_nterror(req, status)) {
1877 return tevent_req_post(req, ev);
1882 static void smb2cli_writev_done(struct tevent_req *subreq)
1884 struct tevent_req *req =
1885 tevent_req_callback_data(subreq,
1887 struct smbXcli_req_state *state =
1888 tevent_req_data(req,
1889 struct smbXcli_req_state);
1893 nwritten = writev_recv(subreq, &err);
1894 TALLOC_FREE(subreq);
1895 if (nwritten == -1) {
1896 /* here, we need to notify all pending requests */
1897 NTSTATUS status = map_nt_error_from_unix_common(err);
1898 smbXcli_conn_disconnect(state->conn, status);
1903 static NTSTATUS smb2cli_inbuf_parse_compound(uint8_t *buf, TALLOC_CTX *mem_ctx,
1904 struct iovec **piov, int *pnum_iov)
1914 iov = talloc_array(mem_ctx, struct iovec, num_iov);
1916 return NT_STATUS_NO_MEMORY;
1919 buflen = smb_len_tcp(buf);
1921 first_hdr = buf + NBT_HDR_SIZE;
1923 while (taken < buflen) {
1924 size_t len = buflen - taken;
1925 uint8_t *hdr = first_hdr + taken;
1928 size_t next_command_ofs;
1930 struct iovec *iov_tmp;
1933 * We need the header plus the body length field
1936 if (len < SMB2_HDR_BODY + 2) {
1937 DEBUG(10, ("%d bytes left, expected at least %d\n",
1938 (int)len, SMB2_HDR_BODY));
1941 if (IVAL(hdr, 0) != SMB2_MAGIC) {
1942 DEBUG(10, ("Got non-SMB2 PDU: %x\n",
1946 if (SVAL(hdr, 4) != SMB2_HDR_BODY) {
1947 DEBUG(10, ("Got HDR len %d, expected %d\n",
1948 SVAL(hdr, 4), SMB2_HDR_BODY));
1953 next_command_ofs = IVAL(hdr, SMB2_HDR_NEXT_COMMAND);
1954 body_size = SVAL(hdr, SMB2_HDR_BODY);
1956 if (next_command_ofs != 0) {
1957 if (next_command_ofs < (SMB2_HDR_BODY + 2)) {
1960 if (next_command_ofs > full_size) {
1963 full_size = next_command_ofs;
1965 if (body_size < 2) {
1968 body_size &= 0xfffe;
1970 if (body_size > (full_size - SMB2_HDR_BODY)) {
1974 iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
1976 if (iov_tmp == NULL) {
1978 return NT_STATUS_NO_MEMORY;
1981 cur = &iov[num_iov];
1984 cur[0].iov_base = hdr;
1985 cur[0].iov_len = SMB2_HDR_BODY;
1986 cur[1].iov_base = hdr + SMB2_HDR_BODY;
1987 cur[1].iov_len = body_size;
1988 cur[2].iov_base = hdr + SMB2_HDR_BODY + body_size;
1989 cur[2].iov_len = full_size - (SMB2_HDR_BODY + body_size);
1995 *pnum_iov = num_iov;
1996 return NT_STATUS_OK;
2000 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2003 static struct tevent_req *smb2cli_conn_find_pending(struct smbXcli_conn *conn,
2006 size_t num_pending = talloc_array_length(conn->pending);
2009 for (i=0; i<num_pending; i++) {
2010 struct tevent_req *req = conn->pending[i];
2011 struct smbXcli_req_state *state =
2012 tevent_req_data(req,
2013 struct smbXcli_req_state);
2015 if (mid == BVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID)) {
2022 static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
2023 TALLOC_CTX *tmp_mem,
2026 struct tevent_req *req;
2027 struct smbXcli_req_state *state = NULL;
2033 status = smb2cli_inbuf_parse_compound(inbuf, tmp_mem,
2035 if (!NT_STATUS_IS_OK(status)) {
2039 for (i=0; i<num_iov; i+=3) {
2040 uint8_t *inbuf_ref = NULL;
2041 struct iovec *cur = &iov[i];
2042 uint8_t *inhdr = (uint8_t *)cur[0].iov_base;
2043 uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
2044 uint32_t flags = IVAL(inhdr, SMB2_HDR_FLAGS);
2045 uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
2046 uint16_t req_opcode;
2048 req = smb2cli_conn_find_pending(conn, mid);
2050 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2052 state = tevent_req_data(req, struct smbXcli_req_state);
2054 req_opcode = SVAL(state->smb2.hdr, SMB2_HDR_OPCODE);
2055 if (opcode != req_opcode) {
2056 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2059 if (!(flags & SMB2_HDR_FLAG_REDIRECT)) {
2060 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2063 status = NT_STATUS(IVAL(inhdr, SMB2_HDR_STATUS));
2064 if ((flags & SMB2_HDR_FLAG_ASYNC) &&
2065 NT_STATUS_EQUAL(status, STATUS_PENDING)) {
2066 uint32_t req_flags = IVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
2067 uint64_t async_id = BVAL(inhdr, SMB2_HDR_ASYNC_ID);
2069 req_flags |= SMB2_HDR_FLAG_ASYNC;
2070 SBVAL(state->smb2.hdr, SMB2_HDR_FLAGS, req_flags);
2071 SBVAL(state->smb2.hdr, SMB2_HDR_ASYNC_ID, async_id);
2075 smbXcli_req_unset_pending(req);
2078 * There might be more than one response
2079 * we need to defer the notifications
2081 if ((num_iov == 4) && (talloc_array_length(conn->pending) == 0)) {
2086 tevent_req_defer_callback(req, state->ev);
2090 * Note: here we use talloc_reference() in a way
2091 * that does not expose it to the caller.
2093 inbuf_ref = talloc_reference(state->smb2.recv_iov, inbuf);
2094 if (tevent_req_nomem(inbuf_ref, req)) {
2098 /* copy the related buffers */
2099 state->smb2.recv_iov[0] = cur[0];
2100 state->smb2.recv_iov[1] = cur[1];
2101 state->smb2.recv_iov[2] = cur[2];
2103 tevent_req_done(req);
2107 return NT_STATUS_RETRY;
2110 return NT_STATUS_OK;
2113 NTSTATUS smb2cli_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2114 struct iovec **piov,
2115 const struct smb2cli_req_expected_response *expected,
2116 size_t num_expected)
2118 struct smbXcli_req_state *state =
2119 tevent_req_data(req,
2120 struct smbXcli_req_state);
2123 bool found_status = false;
2124 bool found_size = false;
2131 if (tevent_req_is_nterror(req, &status)) {
2132 for (i=0; i < num_expected; i++) {
2133 if (NT_STATUS_EQUAL(status, expected[i].status)) {
2134 found_status = true;
2140 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2146 if (num_expected == 0) {
2147 found_status = true;
2151 status = NT_STATUS(IVAL(state->smb2.recv_iov[0].iov_base, SMB2_HDR_STATUS));
2152 body_size = SVAL(state->smb2.recv_iov[1].iov_base, 0);
2154 for (i=0; i < num_expected; i++) {
2155 if (!NT_STATUS_EQUAL(status, expected[i].status)) {
2159 found_status = true;
2160 if (expected[i].body_size == 0) {
2165 if (expected[i].body_size == body_size) {
2171 if (!found_status) {
2176 return NT_STATUS_INVALID_NETWORK_RESPONSE;
2180 *piov = talloc_move(mem_ctx, &state->smb2.recv_iov);