2
Unix SMB/CIFS implementation.
4
SMB2 client transport context management functions
6
Copyright (C) Andrew Tridgell 2005
8
This program is free software; you can redistribute it and/or modify
9
it under the terms of the GNU General Public License as published by
10
the Free Software Foundation; either version 3 of the License, or
11
(at your option) any later version.
13
This program is distributed in the hope that it will be useful,
14
but WITHOUT ANY WARRANTY; without even the implied warranty of
15
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
GNU General Public License for more details.
18
You should have received a copy of the GNU General Public License
19
along with this program. If not, see <http://www.gnu.org/licenses/>.
23
#include "libcli/raw/libcliraw.h"
24
#include "libcli/raw/raw_proto.h"
25
#include "libcli/smb2/smb2.h"
26
#include "libcli/smb2/smb2_calls.h"
27
#include "lib/socket/socket.h"
28
#include "lib/events/events.h"
29
#include "lib/stream/packet.h"
30
#include "../lib/util/dlinklist.h"
34
an event has happened on the socket
36
static void smb2_transport_event_handler(struct tevent_context *ev,
37
struct tevent_fd *fde,
38
uint16_t flags, void *private_data)
40
struct smb2_transport *transport = talloc_get_type(private_data,
41
struct smb2_transport);
42
if (flags & EVENT_FD_READ) {
43
packet_recv(transport->packet);
46
if (flags & EVENT_FD_WRITE) {
47
packet_queue_run(transport->packet);
54
static int transport_destructor(struct smb2_transport *transport)
56
smb2_transport_dead(transport, NT_STATUS_LOCAL_DISCONNECT);
64
static void smb2_transport_error(void *private_data, NTSTATUS status)
66
struct smb2_transport *transport = talloc_get_type(private_data,
67
struct smb2_transport);
68
smb2_transport_dead(transport, status);
71
static NTSTATUS smb2_transport_finish_recv(void *private_data, DATA_BLOB blob);
74
create a transport structure based on an established socket
76
struct smb2_transport *smb2_transport_init(struct smbcli_socket *sock,
77
TALLOC_CTX *parent_ctx,
78
struct smbcli_options *options)
80
struct smb2_transport *transport;
82
transport = talloc_zero(parent_ctx, struct smb2_transport);
83
if (!transport) return NULL;
85
transport->socket = talloc_steal(transport, sock);
86
transport->options = *options;
88
/* setup the stream -> packet parser */
89
transport->packet = packet_init(transport);
90
if (transport->packet == NULL) {
91
talloc_free(transport);
94
packet_set_private(transport->packet, transport);
95
packet_set_socket(transport->packet, transport->socket->sock);
96
packet_set_callback(transport->packet, smb2_transport_finish_recv);
97
packet_set_full_request(transport->packet, packet_full_request_nbt);
98
packet_set_error_handler(transport->packet, smb2_transport_error);
99
packet_set_event_context(transport->packet, transport->socket->event.ctx);
100
packet_set_nofree(transport->packet);
102
/* take over event handling from the socket layer - it only
103
handles events up until we are connected */
104
talloc_free(transport->socket->event.fde);
105
transport->socket->event.fde = event_add_fd(transport->socket->event.ctx,
107
socket_get_fd(transport->socket->sock),
109
smb2_transport_event_handler,
112
packet_set_fde(transport->packet, transport->socket->event.fde);
113
packet_set_serialise(transport->packet);
115
talloc_set_destructor(transport, transport_destructor);
121
mark the transport as dead
123
void smb2_transport_dead(struct smb2_transport *transport, NTSTATUS status)
125
smbcli_sock_dead(transport->socket);
127
if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
128
status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
131
/* kill all pending receives */
132
while (transport->pending_recv) {
133
struct smb2_request *req = transport->pending_recv;
134
req->state = SMB2_REQUEST_ERROR;
135
req->status = status;
136
DLIST_REMOVE(transport->pending_recv, req);
143
static NTSTATUS smb2_handle_oplock_break(struct smb2_transport *transport,
144
const DATA_BLOB *blob)
149
hdr = blob->data+NBT_HDR_SIZE;
151
if (blob->length < (SMB2_MIN_SIZE+0x18)) {
152
DEBUG(1,("Discarding smb2 oplock reply of size %u\n",
153
(unsigned)blob->length));
154
return NT_STATUS_INVALID_NETWORK_RESPONSE;
157
opcode = SVAL(hdr, SMB2_HDR_OPCODE);
159
if (opcode != SMB2_OP_BREAK) {
160
return NT_STATUS_INVALID_NETWORK_RESPONSE;
163
if (transport->oplock.handler) {
164
uint8_t *body = hdr+SMB2_HDR_BODY;
165
struct smb2_handle h;
168
level = CVAL(body, 0x02);
169
smb2_pull_handle(body+0x08, &h);
171
transport->oplock.handler(transport, &h, level,
172
transport->oplock.private_data);
174
DEBUG(5,("Got SMB2 oplock break with no handler\n"));
181
we have a full request in our receive buffer - match it to a pending request
184
static NTSTATUS smb2_transport_finish_recv(void *private_data, DATA_BLOB blob)
186
struct smb2_transport *transport = talloc_get_type(private_data,
187
struct smb2_transport);
188
uint8_t *buffer, *hdr;
190
struct smb2_request *req = NULL;
193
uint16_t buffer_code;
194
uint32_t dynamic_size;
201
hdr = buffer+NBT_HDR_SIZE;
203
if (len < SMB2_MIN_SIZE) {
204
DEBUG(1,("Discarding smb2 reply of size %d\n", len));
208
flags = IVAL(hdr, SMB2_HDR_FLAGS);
209
seqnum = BVAL(hdr, SMB2_HDR_MESSAGE_ID);
211
/* see MS-SMB2 3.2.5.19 */
212
if (seqnum == UINT64_MAX) {
213
return smb2_handle_oplock_break(transport, &blob);
216
/* match the incoming request against the list of pending requests */
217
for (req=transport->pending_recv; req; req=req->next) {
218
if (req->seqnum == seqnum) break;
222
DEBUG(1,("Discarding unmatched reply with seqnum 0x%llx op %d\n",
223
(long long)seqnum, SVAL(hdr, SMB2_HDR_OPCODE)));
227
/* fill in the 'in' portion of the matching request */
228
req->in.buffer = buffer;
229
talloc_steal(req, buffer);
231
req->in.allocated = req->in.size;
234
req->in.body = hdr+SMB2_HDR_BODY;
235
req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
236
req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
238
if ((flags & SMB2_HDR_FLAG_ASYNC) &&
239
NT_STATUS_EQUAL(req->status, STATUS_PENDING)) {
240
req->cancel.can_cancel = true;
241
req->cancel.pending_id = IVAL(hdr, SMB2_HDR_PID);
242
for (i=0; i< req->cancel.do_cancel; i++) {
249
if (req->session && req->session->signing_active) {
250
status = smb2_check_signature(&req->in,
251
req->session->session_key);
252
if (!NT_STATUS_IS_OK(status)) {
253
/* the spec says to ignore packets with a bad signature */
259
buffer_code = SVAL(req->in.body, 0);
260
req->in.body_fixed = (buffer_code & ~1);
261
req->in.dynamic = NULL;
262
dynamic_size = req->in.body_size - req->in.body_fixed;
263
if (dynamic_size != 0 && (buffer_code & 1)) {
264
req->in.dynamic = req->in.body + req->in.body_fixed;
265
if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
266
DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n",
272
smb2_setup_bufinfo(req);
274
DEBUG(2, ("SMB2 RECV seqnum=0x%llx\n", (long long)req->seqnum));
275
dump_data(5, req->in.body, req->in.body_size);
277
/* if this request has an async handler then call that to
278
notify that the reply has been received. This might destroy
279
the request so it must happen last */
280
DLIST_REMOVE(transport->pending_recv, req);
281
req->state = SMB2_REQUEST_DONE;
288
dump_data(5, buffer, len);
290
DLIST_REMOVE(transport->pending_recv, req);
291
req->state = SMB2_REQUEST_ERROR;
298
return NT_STATUS_UNSUCCESSFUL;
302
handle timeouts of individual smb requests
304
static void smb2_timeout_handler(struct tevent_context *ev, struct tevent_timer *te,
305
struct timeval t, void *private_data)
307
struct smb2_request *req = talloc_get_type(private_data, struct smb2_request);
309
if (req->state == SMB2_REQUEST_RECV) {
310
DLIST_REMOVE(req->transport->pending_recv, req);
312
req->status = NT_STATUS_IO_TIMEOUT;
313
req->state = SMB2_REQUEST_ERROR;
323
static int smb2_request_destructor(struct smb2_request *req)
325
if (req->state == SMB2_REQUEST_RECV) {
326
DLIST_REMOVE(req->transport->pending_recv, req);
333
put a request into the send queue
335
void smb2_transport_send(struct smb2_request *req)
340
_smb2_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE);
342
DEBUG(2, ("SMB2 send seqnum=0x%llx\n", (long long)req->seqnum));
343
dump_data(5, req->out.body, req->out.body_size);
345
/* check if the transport is dead */
346
if (req->transport->socket->sock == NULL) {
347
req->state = SMB2_REQUEST_ERROR;
348
req->status = NT_STATUS_NET_WRITE_FAULT;
352
/* possibly sign the message */
353
if (req->session && req->session->signing_active) {
354
status = smb2_sign_message(&req->out, req->session->session_key);
355
if (!NT_STATUS_IS_OK(status)) {
356
req->state = SMB2_REQUEST_ERROR;
357
req->status = status;
362
blob = data_blob_const(req->out.buffer, req->out.size);
363
status = packet_send(req->transport->packet, blob);
364
if (!NT_STATUS_IS_OK(status)) {
365
req->state = SMB2_REQUEST_ERROR;
366
req->status = status;
370
req->state = SMB2_REQUEST_RECV;
371
DLIST_ADD(req->transport->pending_recv, req);
374
if (req->transport->options.request_timeout) {
375
event_add_timed(req->transport->socket->event.ctx, req,
376
timeval_current_ofs(req->transport->options.request_timeout, 0),
377
smb2_timeout_handler, req);
380
talloc_set_destructor(req, smb2_request_destructor);
383
static void idle_handler(struct tevent_context *ev,
384
struct tevent_timer *te, struct timeval t, void *private_data)
386
struct smb2_transport *transport = talloc_get_type(private_data,
387
struct smb2_transport);
388
struct timeval next = timeval_add(&t, 0, transport->idle.period);
389
transport->socket->event.te = event_add_timed(transport->socket->event.ctx,
392
idle_handler, transport);
393
transport->idle.func(transport, transport->idle.private_data);
397
setup the idle handler for a transport
398
the period is in microseconds
400
void smb2_transport_idle_handler(struct smb2_transport *transport,
401
void (*idle_func)(struct smb2_transport *, void *),
405
transport->idle.func = idle_func;
406
transport->idle.private_data = private_data;
407
transport->idle.period = period;
409
if (transport->socket->event.te != NULL) {
410
talloc_free(transport->socket->event.te);
413
transport->socket->event.te = event_add_timed(transport->socket->event.ctx,
415
timeval_current_ofs(0, period),
416
idle_handler, transport);