summaryrefslogtreecommitdiff
path: root/libcli/smb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-07-18 14:35:03 +0200
committerStefan Metzmacher <metze@samba.org>2011-11-24 19:02:29 +0100
commit012dee3803bd22721f7b821c5cca5db9e15d8ed9 (patch)
tree78dd9e45d443f8def6d3dbe8ee2efaa2b170b389 /libcli/smb
parent53ad886f75f189a7c865acf455398c3f3ce38111 (diff)
downloadsamba-012dee3803bd22721f7b821c5cca5db9e15d8ed9.tar.gz
samba-012dee3803bd22721f7b821c5cca5db9e15d8ed9.tar.bz2
samba-012dee3803bd22721f7b821c5cca5db9e15d8ed9.zip
smbXcli: cp source3/libsmb/async_smb.c libcli/smb/smbXcli_base.c
metze
Diffstat (limited to 'libcli/smb')
-rw-r--r--libcli/smb/smbXcli_base.c1118
1 files changed, 1118 insertions, 0 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
new file mode 100644
index 0000000000..574ca3b2ba
--- /dev/null
+++ b/libcli/smb/smbXcli_base.c
@@ -0,0 +1,1118 @@
+/*
+ Unix SMB/CIFS implementation.
+ Infrastructure for async SMB client requests
+ Copyright (C) Volker Lendecke 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/async_req/async_sock.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "../lib/util/tevent_unix.h"
+#include "async_smb.h"
+#include "../libcli/smb/smb_seal.h"
+#include "libsmb/nmblib.h"
+#include "../libcli/smb/read_smb.h"
+
+static NTSTATUS cli_pull_raw_error(const uint8_t *buf)
+{
+ const uint8_t *hdr = buf + NBT_HDR_SIZE;
+ uint32_t flags2 = SVAL(hdr, HDR_FLG2);
+ NTSTATUS status = NT_STATUS(IVAL(hdr, HDR_RCLS));
+
+ if (NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_OK;
+ }
+
+ if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
+ return status;
+ }
+
+ return NT_STATUS_DOS(CVAL(hdr, HDR_RCLS), SVAL(hdr, HDR_ERR));
+}
+
+/**
+ * Figure out if there is an andx command behind the current one
+ * @param[in] buf The smb buffer to look at
+ * @param[in] ofs The offset to the wct field that is followed by the cmd
+ * @retval Is there a command following?
+ */
+
+static bool have_andx_command(const char *buf, uint16_t ofs, uint8_t cmd)
+{
+ uint8_t wct;
+ size_t buflen = talloc_get_size(buf);
+
+ if (!is_andx_req(cmd)) {
+ return false;
+ }
+
+ if ((ofs == buflen-1) || (ofs == buflen)) {
+ return false;
+ }
+
+ wct = CVAL(buf, ofs);
+ if (wct < 2) {
+ /*
+ * Not enough space for the command and a following pointer
+ */
+ return false;
+ }
+ return (CVAL(buf, ofs+1) != 0xff);
+}
+
+#define MAX_SMB_IOV 5
+
+struct cli_smb_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint8_t header[smb_wct+1]; /* Space for the header including the wct */
+
+ /*
+ * For normal requests, cli_smb_req_send chooses a mid. Secondary
+ * trans requests need to use the mid of the primary request, so we
+ * need a place to store it. Assume it's set if != 0.
+ */
+ uint16_t mid;
+
+ uint16_t *vwv;
+ uint8_t bytecount_buf[2];
+
+ struct iovec iov[MAX_SMB_IOV+3];
+ int iov_count;
+
+ uint8_t *inbuf;
+ uint32_t seqnum;
+ int chain_num;
+ int chain_length;
+ struct tevent_req **chained_requests;
+
+ bool one_way;
+};
+
+static uint16_t cli_alloc_mid(struct cli_state *cli)
+{
+ int num_pending = talloc_array_length(cli->conn.pending);
+ uint16_t result;
+
+ while (true) {
+ int i;
+
+ result = cli->conn.smb1.mid++;
+ if ((result == 0) || (result == 0xffff)) {
+ continue;
+ }
+
+ for (i=0; i<num_pending; i++) {
+ if (result == cli_smb_req_mid(cli->conn.pending[i])) {
+ break;
+ }
+ }
+
+ if (i == num_pending) {
+ return result;
+ }
+ }
+}
+
+void cli_smb_req_unset_pending(struct tevent_req *req)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ struct cli_state *cli = state->cli;
+ int num_pending = talloc_array_length(cli->conn.pending);
+ int i;
+
+ if (state->mid != 0) {
+ /*
+ * This is a [nt]trans[2] request which waits
+ * for more than one reply.
+ */
+ return;
+ }
+
+ talloc_set_destructor(req, NULL);
+
+ if (num_pending == 1) {
+ /*
+ * The pending read_smb tevent_req is a child of
+ * cli->pending. So if nothing is pending anymore, we need to
+ * delete the socket read fde.
+ */
+ TALLOC_FREE(cli->conn.pending);
+ cli->conn.read_smb_req = NULL;
+ return;
+ }
+
+ for (i=0; i<num_pending; i++) {
+ if (req == cli->conn.pending[i]) {
+ break;
+ }
+ }
+ if (i == num_pending) {
+ /*
+ * Something's seriously broken. Just returning here is the
+ * right thing nevertheless, the point of this routine is to
+ * remove ourselves from cli->conn.pending.
+ */
+ return;
+ }
+
+ /*
+ * Remove ourselves from the cli->conn.pending array
+ */
+ for (; i < (num_pending - 1); i++) {
+ cli->conn.pending[i] = cli->conn.pending[i+1];
+ }
+
+ /*
+ * No NULL check here, we're shrinking by sizeof(void *), and
+ * talloc_realloc just adjusts the size for this.
+ */
+ cli->conn.pending = talloc_realloc(NULL, cli->conn.pending,
+ struct tevent_req *,
+ num_pending - 1);
+ return;
+}
+
+static int cli_smb_req_destructor(struct tevent_req *req)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ /*
+ * Make sure we really remove it from
+ * the pending array on destruction.
+ */
+ state->mid = 0;
+ cli_smb_req_unset_pending(req);
+ return 0;
+}
+
+static bool cli_state_receive_next(struct cli_state *cli);
+static void cli_state_notify_pending(struct cli_state *cli, NTSTATUS status);
+
+bool cli_smb_req_set_pending(struct tevent_req *req)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ struct cli_state *cli;
+ struct tevent_req **pending;
+ int num_pending;
+
+ cli = state->cli;
+ num_pending = talloc_array_length(cli->conn.pending);
+
+ pending = talloc_realloc(cli, cli->conn.pending, struct tevent_req *,
+ num_pending+1);
+ if (pending == NULL) {
+ return false;
+ }
+ pending[num_pending] = req;
+ cli->conn.pending = pending;
+ talloc_set_destructor(req, cli_smb_req_destructor);
+
+ if (!cli_state_receive_next(cli)) {
+ /*
+ * the caller should notify the current request
+ *
+ * And all other pending requests get notified
+ * by cli_state_notify_pending().
+ */
+ cli_smb_req_unset_pending(req);
+ cli_state_notify_pending(cli, NT_STATUS_NO_MEMORY);
+ return false;
+ }
+
+ return true;
+}
+
+static void cli_smb_received(struct tevent_req *subreq);
+static NTSTATUS cli_state_dispatch_smb1(struct cli_state *cli,
+ TALLOC_CTX *frame,
+ uint8_t *inbuf);
+
+static bool cli_state_receive_next(struct cli_state *cli)
+{
+ size_t num_pending = talloc_array_length(cli->conn.pending);
+ struct tevent_req *req;
+ struct cli_smb_state *state;
+
+ if (cli->conn.read_smb_req != NULL) {
+ return true;
+ }
+
+ if (num_pending == 0) {
+ return true;
+ }
+
+ req = cli->conn.pending[0];
+ state = tevent_req_data(req, struct cli_smb_state);
+
+ cli->conn.dispatch_incoming = cli_state_dispatch_smb1;
+
+ /*
+ * We're the first ones, add the read_smb request that waits for the
+ * answer from the server
+ */
+ cli->conn.read_smb_req = read_smb_send(cli->conn.pending, state->ev,
+ cli->conn.fd);
+ if (cli->conn.read_smb_req == NULL) {
+ return false;
+ }
+ tevent_req_set_callback(cli->conn.read_smb_req, cli_smb_received, cli);
+ return true;
+}
+
+static void cli_state_notify_pending(struct cli_state *cli, NTSTATUS status)
+{
+ cli_state_disconnect(cli);
+
+ /*
+ * Cancel all pending requests. We do not do a for-loop walking
+ * cli->conn.pending because that array changes in
+ * cli_smb_req_destructor().
+ */
+ while (talloc_array_length(cli->conn.pending) > 0) {
+ struct tevent_req *req;
+ struct cli_smb_state *state;
+
+ req = cli->conn.pending[0];
+ state = tevent_req_data(req, struct cli_smb_state);
+
+ /*
+ * We're dead. No point waiting for trans2
+ * replies.
+ */
+ state->mid = 0;
+
+ cli_smb_req_unset_pending(req);
+
+ /*
+ * we need to defer the callback, because we may notify more
+ * then one caller.
+ */
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_nterror(req, status);
+ }
+}
+
+/*
+ * Fetch a smb request's mid. Only valid after the request has been sent by
+ * cli_smb_req_send().
+ */
+uint16_t cli_smb_req_mid(struct tevent_req *req)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+
+ if (state->mid != 0) {
+ return state->mid;
+ }
+
+ return SVAL(state->header, smb_mid);
+}
+
+void cli_smb_req_set_mid(struct tevent_req *req, uint16_t mid)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ state->mid = mid;
+}
+
+uint32_t cli_smb_req_seqnum(struct tevent_req *req)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ return state->seqnum;
+}
+
+void cli_smb_req_set_seqnum(struct tevent_req *req, uint32_t seqnum)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ state->seqnum = seqnum;
+}
+
+static size_t iov_len(const struct iovec *iov, int count)
+{
+ size_t result = 0;
+ int i;
+ for (i=0; i<count; i++) {
+ result += iov[i].iov_len;
+ }
+ return result;
+}
+
+static uint8_t *iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov,
+ int count)
+{
+ size_t len = iov_len(iov, count);
+ size_t copied;
+ uint8_t *buf;
+ int i;
+
+ buf = talloc_array(mem_ctx, uint8_t, len);
+ if (buf == NULL) {
+ return NULL;
+ }
+ copied = 0;
+ for (i=0; i<count; i++) {
+ memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len);
+ copied += iov[i].iov_len;
+ }
+ return buf;
+}
+
+struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint8_t smb_command,
+ uint8_t additional_flags,
+ uint8_t wct, uint16_t *vwv,
+ int iov_count,
+ struct iovec *bytes_iov)
+{
+ struct tevent_req *result;
+ struct cli_smb_state *state;
+ struct timeval endtime;
+
+ if (iov_count > MAX_SMB_IOV) {
+ /*
+ * Should not happen :-)
+ */
+ return NULL;
+ }
+
+ result = tevent_req_create(mem_ctx, &state, struct cli_smb_state);
+ if (result == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->mid = 0; /* Set to auto-choose in cli_smb_req_send */
+ state->chain_num = 0;
+ state->chained_requests = NULL;
+
+ cli_setup_packet_buf(cli, (char *)state->header);
+ SCVAL(state->header, smb_com, smb_command);
+ SSVAL(state->header, smb_tid, cli->smb1.tid);
+ SCVAL(state->header, smb_wct, wct);
+
+ state->vwv = vwv;
+
+ SSVAL(state->bytecount_buf, 0, iov_len(bytes_iov, iov_count));
+
+ state->iov[0].iov_base = (void *)state->header;
+ state->iov[0].iov_len = sizeof(state->header);
+ state->iov[1].iov_base = (void *)state->vwv;
+ state->iov[1].iov_len = wct * sizeof(uint16_t);
+ state->iov[2].iov_base = (void *)state->bytecount_buf;
+ state->iov[2].iov_len = sizeof(uint16_t);
+
+ if (iov_count != 0) {
+ memcpy(&state->iov[3], bytes_iov,
+ iov_count * sizeof(*bytes_iov));
+ }
+ state->iov_count = iov_count + 3;
+
+ if (cli->timeout) {
+ endtime = timeval_current_ofs_msec(cli->timeout);
+ if (!tevent_req_set_endtime(result, ev, endtime)) {
+ return result;
+ }
+ }
+
+ switch (smb_command) {
+ case SMBtranss:
+ case SMBtranss2:
+ case SMBnttranss:
+ case SMBntcancel:
+ state->one_way = true;
+ break;
+ case SMBlockingX:
+ if ((wct == 8) &&
+ (CVAL(vwv+3, 0) == LOCKING_ANDX_OPLOCK_RELEASE)) {
+ state->one_way = true;
+ }
+ break;
+ }
+
+ return result;
+}
+
+static NTSTATUS cli_signv(struct cli_state *cli, struct iovec *iov, int count,
+ uint32_t *seqnum)
+{
+ uint8_t *buf;
+
+ /*
+ * Obvious optimization: Make cli_calculate_sign_mac work with struct
+ * iovec directly. MD5Update would do that just fine.
+ */
+
+ if ((count <= 0) || (iov[0].iov_len < smb_wct)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ buf = iov_concat(talloc_tos(), iov, count);
+ if (buf == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cli_calculate_sign_mac(cli, (char *)buf, seqnum);
+ memcpy(iov[0].iov_base, buf, iov[0].iov_len);
+
+ TALLOC_FREE(buf);
+ return NT_STATUS_OK;
+}
+
+static void cli_smb_sent(struct tevent_req *subreq);
+
+static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
+ struct cli_smb_state *state,
+ struct iovec *iov, int iov_count)
+{
+ struct tevent_req *subreq;
+ NTSTATUS status;
+
+ if (!cli_state_is_connected(state->cli)) {
+ return NT_STATUS_CONNECTION_DISCONNECTED;
+ }
+
+ if (iov[0].iov_len < smb_wct) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (state->mid != 0) {
+ SSVAL(iov[0].iov_base, smb_mid, state->mid);
+ } else {
+ uint16_t mid = cli_alloc_mid(state->cli);
+ SSVAL(iov[0].iov_base, smb_mid, mid);
+ }
+
+ smb_setlen_nbt((char *)iov[0].iov_base, iov_len(iov, iov_count) - 4);
+
+ status = cli_signv(state->cli, iov, iov_count, &state->seqnum);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (cli_state_encryption_on(state->cli)) {
+ char *buf, *enc_buf;
+
+ buf = (char *)iov_concat(talloc_tos(), iov, iov_count);
+ if (buf == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ status = common_encrypt_buffer(state->cli->trans_enc_state,
+ (char *)buf, &enc_buf);
+ TALLOC_FREE(buf);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Error in encrypting client message: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ buf = (char *)talloc_memdup(state, enc_buf,
+ smb_len_nbt(enc_buf)+4);
+ SAFE_FREE(enc_buf);
+ if (buf == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ iov[0].iov_base = (void *)buf;
+ iov[0].iov_len = talloc_get_size(buf);
+ iov_count = 1;
+ }
+ subreq = writev_send(state, state->ev, state->cli->conn.outgoing,
+ state->cli->conn.fd, false, iov, iov_count);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ tevent_req_set_callback(subreq, cli_smb_sent, req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb_req_send(struct tevent_req *req)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+
+ if (!tevent_req_is_in_progress(req)) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ return cli_smb_req_iov_send(req, state, state->iov, state->iov_count);
+}
+
+struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint8_t smb_command,
+ uint8_t additional_flags,
+ uint8_t wct, uint16_t *vwv,
+ uint32_t num_bytes,
+ const uint8_t *bytes)
+{
+ struct tevent_req *req;
+ struct iovec iov;
+ NTSTATUS status;
+
+ iov.iov_base = discard_const_p(void, bytes);
+ iov.iov_len = num_bytes;
+
+ req = cli_smb_req_create(mem_ctx, ev, cli, smb_command,
+ additional_flags, wct, vwv, 1, &iov);
+ if (req == NULL) {
+ return NULL;
+ }
+ if (!tevent_req_is_in_progress(req)) {
+ return tevent_req_post(req, ev);
+ }
+ status = cli_smb_req_send(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void cli_smb_sent(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ ssize_t nwritten;
+ int err;
+
+ nwritten = writev_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (nwritten == -1) {
+ NTSTATUS status = map_nt_error_from_unix_common(err);
+ cli_state_notify_pending(state->cli, status);
+ return;
+ }
+
+ if (state->one_way) {
+ state->inbuf = NULL;
+ tevent_req_done(req);
+ return;
+ }
+
+ if (!cli_smb_req_set_pending(req)) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+}
+
+static void cli_smb_received(struct tevent_req *subreq)
+{
+ struct cli_state *cli = tevent_req_callback_data(
+ subreq, struct cli_state);
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+ uint8_t *inbuf;
+ ssize_t received;
+ int err;
+
+ if (subreq != cli->conn.read_smb_req) {
+ DEBUG(1, ("Internal error: cli_smb_received called with "
+ "unexpected subreq\n"));
+ status = NT_STATUS_INTERNAL_ERROR;
+ cli_state_notify_pending(cli, status);
+ TALLOC_FREE(frame);
+ return;
+ }
+
+ received = read_smb_recv(subreq, frame, &inbuf, &err);
+ TALLOC_FREE(subreq);
+ cli->conn.read_smb_req = NULL;
+ if (received == -1) {
+ status = map_nt_error_from_unix_common(err);
+ cli_state_notify_pending(cli, status);
+ TALLOC_FREE(frame);
+ return;
+ }
+
+ status = cli->conn.dispatch_incoming(cli, frame, inbuf);
+ TALLOC_FREE(frame);
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * We should not do any more processing
+ * as the dispatch function called
+ * tevent_req_done().
+ */
+ return;
+ } else if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
+ /*
+ * We got an error, so notify all pending requests
+ */
+ cli_state_notify_pending(cli, status);
+ return;
+ }
+
+ /*
+ * We got NT_STATUS_RETRY, so we may ask for a
+ * next incoming pdu.
+ */
+ if (!cli_state_receive_next(cli)) {
+ cli_state_notify_pending(cli, NT_STATUS_NO_MEMORY);
+ }
+}
+
+static NTSTATUS cli_state_dispatch_smb1(struct cli_state *cli,
+ TALLOC_CTX *frame,
+ uint8_t *inbuf)
+{
+ struct tevent_req *req;
+ struct cli_smb_state *state;
+ NTSTATUS status;
+ int num_pending;
+ int i;
+ uint16_t mid;
+ bool oplock_break;
+ const uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
+
+ if ((IVAL(inhdr, 0) != SMB_MAGIC) /* 0xFF"SMB" */
+ && (SVAL(inhdr, 0) != 0x45ff)) /* 0xFF"E" */ {
+ DEBUG(10, ("Got non-SMB PDU\n"));
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (cli_state_encryption_on(cli) && (CVAL(inbuf, 0) == 0)) {
+ uint16_t enc_ctx_num;
+
+ status = get_enc_ctx_num(inbuf, &enc_ctx_num);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("get_enc_ctx_num returned %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
+ DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
+ enc_ctx_num,
+ cli->trans_enc_state->enc_ctx_num));
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ status = common_decrypt_buffer(cli->trans_enc_state,
+ (char *)inbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("common_decrypt_buffer returned %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ }
+
+ mid = SVAL(inhdr, HDR_MID);
+ num_pending = talloc_array_length(cli->conn.pending);
+
+ for (i=0; i<num_pending; i++) {
+ if (mid == cli_smb_req_mid(cli->conn.pending[i])) {
+ break;
+ }
+ }
+ if (i == num_pending) {
+ /* Dump unexpected reply */
+ return NT_STATUS_RETRY;
+ }
+
+ oplock_break = false;
+
+ if (mid == 0xffff) {
+ /*
+ * Paranoia checks that this is really an oplock break request.
+ */
+ oplock_break = (smb_len_nbt(inbuf) == 51); /* hdr + 8 words */
+ oplock_break &= ((CVAL(inhdr, HDR_FLG) & FLAG_REPLY) == 0);
+ oplock_break &= (CVAL(inhdr, HDR_COM) == SMBlockingX);
+ oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(6)) == 0);
+ oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(7)) == 0);
+
+ if (!oplock_break) {
+ /* Dump unexpected reply */
+ return NT_STATUS_RETRY;
+ }
+ }
+
+ req = cli->conn.pending[i];
+ state = tevent_req_data(req, struct cli_smb_state);
+
+ if (!oplock_break /* oplock breaks are not signed */
+ && !cli_check_sign_mac(cli, (char *)inbuf, state->seqnum+1)) {
+ DEBUG(10, ("cli_check_sign_mac failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (state->chained_requests != NULL) {
+ struct tevent_req **chain = talloc_move(frame,
+ &state->chained_requests);
+ int num_chained = talloc_array_length(chain);
+
+ /*
+ * We steal the inbuf to the chain,
+ * so that it will stay until all
+ * requests of the chain are finished.
+ *
+ * Each requests in the chain will
+ * hold a talloc reference to the chain.
+ * This way we do not expose the talloc_reference()
+ * behavior to the callers.
+ */
+ talloc_steal(chain, inbuf);
+
+ for (i=0; i<num_chained; i++) {
+ struct tevent_req **ref;
+
+ req = chain[i];
+ state = tevent_req_data(req, struct cli_smb_state);
+
+ cli_smb_req_unset_pending(req);
+
+ /*
+ * as we finish multiple requests here
+ * we need to defer the callbacks as
+ * they could destroy our current stack state.
+ */
+ tevent_req_defer_callback(req, state->ev);
+
+ ref = talloc_reference(state, chain);
+ if (tevent_req_nomem(ref, req)) {
+ continue;
+ }
+
+ state->inbuf = inbuf;
+ state->chain_num = i;
+ state->chain_length = num_chained;
+
+ tevent_req_done(req);
+ }
+
+ return NT_STATUS_RETRY;
+ }
+
+ cli_smb_req_unset_pending(req);
+
+ state->inbuf = talloc_move(state, &inbuf);
+ state->chain_num = 0;
+ state->chain_length = 1;
+
+ if (talloc_array_length(cli->conn.pending) == 0) {
+ tevent_req_done(req);
+ return NT_STATUS_OK;
+ }
+
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_done(req);
+ return NT_STATUS_RETRY;
+}
+
+NTSTATUS cli_smb_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
+ uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
+ uint32_t *pnum_bytes, uint8_t **pbytes)
+{
+ struct cli_smb_state *state = tevent_req_data(
+ req, struct cli_smb_state);
+ NTSTATUS status = NT_STATUS_OK;
+ uint8_t cmd, wct;
+ uint16_t num_bytes;
+ size_t wct_ofs, bytes_offset;
+ int i;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (state->inbuf == NULL) {
+ if (min_wct != 0) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (pinbuf) {
+ *pinbuf = NULL;
+ }
+ if (pwct) {
+ *pwct = 0;
+ }
+ if (pvwv) {
+ *pvwv = NULL;
+ }
+ if (pnum_bytes) {
+ *pnum_bytes = 0;
+ }
+ if (pbytes) {
+ *pbytes = NULL;
+ }
+ /* This was a request without a reply */
+ return NT_STATUS_OK;
+ }
+
+ wct_ofs = smb_wct;
+ cmd = CVAL(state->inbuf, smb_com);
+
+ for (i=0; i<state->chain_num; i++) {
+ if (i < state->chain_num-1) {
+ if (cmd == 0xff) {
+ return NT_STATUS_REQUEST_ABORTED;
+ }
+ if (!is_andx_req(cmd)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ }
+
+ if (!have_andx_command((char *)state->inbuf, wct_ofs, cmd)) {
+ /*
+ * This request was not completed because a previous
+ * request in the chain had received an error.
+ */
+ return NT_STATUS_REQUEST_ABORTED;
+ }
+
+ cmd = CVAL(state->inbuf, wct_ofs + 1);
+ wct_ofs = SVAL(state->inbuf, wct_ofs + 3);
+
+ /*
+ * Skip the all-present length field. No overflow, we've just
+ * put a 16-bit value into a size_t.
+ */
+ wct_ofs += 4;
+
+ if (wct_ofs+2 > talloc_get_size(state->inbuf)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ }
+
+ state->cli->raw_status = cli_pull_raw_error(state->inbuf);
+ if (NT_STATUS_IS_DOS(state->cli->raw_status) &&
+ state->cli->map_dos_errors) {
+ uint8_t eclass = NT_STATUS_DOS_CLASS(state->cli->raw_status);
+ uint16_t ecode = NT_STATUS_DOS_CODE(state->cli->raw_status);
+ /*
+ * TODO: is it really a good idea to do a mapping here?
+ *
+ * The old cli_pull_error() also does it, so I do not change
+ * the behavior yet.
+ */
+ status = dos_to_ntstatus(eclass, ecode);
+ } else {
+ status = state->cli->raw_status;
+ }
+
+ if (!have_andx_command((char *)state->inbuf, wct_ofs, cmd)) {
+
+ if ((cmd == SMBsesssetupX)
+ && NT_STATUS_EQUAL(
+ status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ /*
+ * NT_STATUS_MORE_PROCESSING_REQUIRED is a
+ * valid return code for session setup
+ */
+ goto no_err;
+ }
+
+ if (NT_STATUS_IS_ERR(status)) {
+ /*
+ * The last command takes the error code. All
+ * further commands down the requested chain
+ * will get a NT_STATUS_REQUEST_ABORTED.
+ */
+ return status;
+ }
+ } else {
+ /*
+ * Only the last request in the chain get the returned
+ * status.
+ */
+ status = NT_STATUS_OK;
+ }
+
+no_err:
+
+ wct = CVAL(state->inbuf, wct_ofs);
+ bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
+ num_bytes = SVAL(state->inbuf, bytes_offset);
+
+ if (wct < min_wct) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ /*
+ * wct_ofs is a 16-bit value plus 4, wct is a 8-bit value, num_bytes
+ * is a 16-bit value. So bytes_offset being size_t should be far from
+ * wrapping.
+ */
+ if ((bytes_offset + 2 > talloc_get_size(state->inbuf))
+ || (bytes_offset > 0xffff)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (pwct != NULL) {
+ *pwct = wct;
+ }
+ if (pvwv != NULL) {
+ *pvwv = (uint16_t *)(state->inbuf + wct_ofs + 1);
+ }
+ if (pnum_bytes != NULL) {
+ *pnum_bytes = num_bytes;
+ }
+ if (pbytes != NULL) {
+ *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
+ }
+ if ((mem_ctx != NULL) && (pinbuf != NULL)) {
+ if (state->chain_num == state->chain_length-1) {
+ *pinbuf = talloc_move(mem_ctx, &state->inbuf);
+ } else {
+ *pinbuf = state->inbuf;
+ }
+ }
+
+ return status;
+}
+
+size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
+{
+ size_t wct_ofs;
+ int i;
+
+ wct_ofs = smb_wct - 4;
+
+ for (i=0; i<num_reqs; i++) {
+ struct cli_smb_state *state;
+ state = tevent_req_data(reqs[i], struct cli_smb_state);
+ wct_ofs += iov_len(state->iov+1, state->iov_count-1);
+ wct_ofs = (wct_ofs + 3) & ~3;
+ }
+ return wct_ofs;
+}
+
+NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs)
+{
+ struct cli_smb_state *first_state = tevent_req_data(
+ reqs[0], struct cli_smb_state);
+ struct cli_smb_state *last_state = tevent_req_data(
+ reqs[num_reqs-1], struct cli_smb_state);
+ struct cli_smb_state *state;
+ size_t wct_offset;
+ size_t chain_padding = 0;
+ int i, iovlen;
+ struct iovec *iov = NULL;
+ struct iovec *this_iov;
+ NTSTATUS status;
+
+ iovlen = 0;
+ for (i=0; i<num_reqs; i++) {
+ if (!tevent_req_is_in_progress(reqs[i])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ state = tevent_req_data(reqs[i], struct cli_smb_state);
+ iovlen += state->iov_count;
+ }
+
+ iov = talloc_array(last_state, struct iovec, iovlen);
+ if (iov == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ first_state->chained_requests = (struct tevent_req **)talloc_memdup(
+ last_state, reqs, sizeof(*reqs) * num_reqs);
+ if (first_state->chained_requests == NULL) {
+ TALLOC_FREE(iov);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ wct_offset = smb_wct - 4;
+ this_iov = iov;
+
+ for (i=0; i<num_reqs; i++) {
+ size_t next_padding = 0;
+ uint16_t *vwv;
+
+ state = tevent_req_data(reqs[i], struct cli_smb_state);
+
+ if (i < num_reqs-1) {
+ if (!is_andx_req(CVAL(state->header, smb_com))
+ || CVAL(state->header, smb_wct) < 2) {
+ TALLOC_FREE(iov);
+ TALLOC_FREE(first_state->chained_requests);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ wct_offset += iov_len(state->iov+1, state->iov_count-1) + 1;
+ if ((wct_offset % 4) != 0) {
+ next_padding = 4 - (wct_offset % 4);
+ }
+ wct_offset += next_padding;
+ vwv = state->vwv;
+
+ if (i < num_reqs-1) {
+ struct cli_smb_state *next_state = tevent_req_data(
+ reqs[i+1], struct cli_smb_state);
+ SCVAL(vwv+0, 0, CVAL(next_state->header, smb_com));
+ SCVAL(vwv+0, 1, 0);
+ SSVAL(vwv+1, 0, wct_offset);
+ } else if (is_andx_req(CVAL(state->header, smb_com))) {
+ /* properly end the chain */
+ SCVAL(vwv+0, 0, 0xff);
+ SCVAL(vwv+0, 1, 0xff);
+ SSVAL(vwv+1, 0, 0);
+ }
+
+ if (i == 0) {
+ this_iov[0] = state->iov[0];
+ } else {
+ /*
+ * This one is a bit subtle. We have to add
+ * chain_padding bytes between the requests, and we
+ * have to also include the wct field of the
+ * subsequent requests. We use the subsequent header
+ * for the padding, it contains the wct field in its
+ * last byte.
+ */
+ this_iov[0].iov_len = chain_padding+1;
+ this_iov[0].iov_base = (void *)&state->header[
+ sizeof(state->header) - this_iov[0].iov_len];
+ memset(this_iov[0].iov_base, 0, this_iov[0].iov_len-1);
+ }
+ memcpy(this_iov+1, state->iov+1,
+ sizeof(struct iovec) * (state->iov_count-1));
+ this_iov += state->iov_count;
+ chain_padding = next_padding;
+ }
+
+ status = cli_smb_req_iov_send(reqs[0], last_state, iov, iovlen);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(iov);
+ TALLOC_FREE(first_state->chained_requests);
+ return status;
+ }
+
+ for (i=0; i < (num_reqs - 1); i++) {
+ state = tevent_req_data(reqs[i], struct cli_smb_state);
+
+ state->seqnum = last_state->seqnum;
+ }
+
+ return NT_STATUS_OK;
+}
+
+bool cli_has_async_calls(struct cli_state *cli)
+{
+ return ((tevent_queue_length(cli->conn.outgoing) != 0)
+ || (talloc_array_length(cli->conn.pending) != 0));
+}