Samba source code parsing-smbclient command stream

Smbclient provides FTP-like shared file operations. This article describes the implementation of smbclient from the source code perspective. The specific use of smbclient commands can be found through the Help Command and the Internet.

The following code analyzes how a smbclient command is sent to a remote machine and the returned results. Here we take a simple command "Close <fnum>" as an example to analyze the entire process of the program as follows:

Step 1. pai_close (void) is located in soure3/client. C. Each smbclient command has a function similar to the name of CMD _ ***. These functions are used to prepare parameters for the CLI _ *** function in step 2.

-Obtain the "downtime" of the temporary memory from the global memory stackframe ". This step mainly uses the talloc library and completes memory management with Samba's own needs. For more information, see the talloc in the previous blog.

-Analyze the passed <fnum> and simply call atoi to convert it to the string type.

-Call cli_close ().

Step 2. cli_close (CLI, fnum) is located in sourtms3/client. C. It receives the function passed by CMD _ *** for substantive work. The first CLI parameter is cli_state global data. The data structure contains almost the vast majority of information about the current connection. For example:

Cli_state's precursor and successor, current connection information, customer domain name, user name, server domain, OS, POSIX capability, open pipeline list, opportunity lock information, use smb1 or smb2? The associated session, tree connection, and open handle. Second

Parameters are the opened handles prepared above. Different CLI _ *** commands may require additional parameters. These parameters are mainly prepared for the specific command of the lower-layer protocol. See the CIFS or smb2 protocol to determine the parameters required for each command.

-The protocol type used by the current connection is determined based on the CLI-> connection-> protocol type. If the protocol type is smb2, The smb2 processing function cli_smb2_close_fnum is called (located in soure3/libsmb/cli_smb2_fnum.c ). Here we will focus on smb1 processing.

-If the current connection uses smb1, the system determines whether there is an outgoing or pending message based on the event waiting queue of the current connection->. If yes, an error is returned. (Because we use synchronous smb1 message here)

-Call samba_tevent_context_init to allocate tevent

-Call cli_close_send () to send the close immediate CIFS message. This function will be analyzed in the future.

-Call tevent_req_poll () to wait for the event to receive the event

-Call cli_close_recv () to receive the close datagram returned by the server and return

The blue section above is used by the tevent library for Io processing. This article further analyzes the Protocol Processing Section of the red part. The two red tag functions complete the protocol group package, protocol sending, and Protocol receiving processing.

Cli_close_send ():

Step 1: Call cli_close_create (), set the event type and callback function according to the protocol group package

-Call tevent_req_create () to create an immediate event and set the status to tevent_req_in_progress;

-Call cli_smb_req_create (talloc_ctx, tevent_context, cli_state, smb_command, additinal_flags, WCT, * VWV, iov_count, iovec *), and then call smb1cli_req_create () (In libcli/SMB/smbxcli_base.c) completed

Works in a specific group according to the protocol. Note that smb1 does not define the complete data packet format for each CIFS protocol in the group package, but only defines the header (with WCT) field, sending is performed by controlling IOV and iov_count. For details, refer to the following code:

Dependencies (Conn-> protocol, Conn-> smb1.capabilities, smb_command, additional_flags, clear_flags, & flags, additional_flags2, clear_flags2, & flags2 ); // obtain the flags required by the current command. // set the fields of the CIFS header to complete the sival (State-> smb1.hdr, 0, smb_magic) conversion. scval (State-> smb1.hdr, hdr_com, smb_command); sival (State-> smb1.hdr, history, nt_status_v (nt_status_ OK); scval (State-> smb1.hdr, hdr_flg, flags); ssval, Hdr_flg2, flags2); ssval (State-> smb1.hdr, hdr_pidhigh, pid> 16); ssval (State-> smb1.hdr, hdr_tid, tid); ssval (State-> smb1.hdr, hdr_pid, pid); ssval (State-> smb1.hdr, hdr_uid, UID); ssval (State-> smb1.hdr, hdr_mid, 0 ); /* This comes later */scval (State-> smb1.hdr, hdr_wct, WCT); State-> smb1.vwv = VWV ;//??? // Calculate the BCC field ssval (State-> smb1.bytecount _ Buf, 0, smbxcli_iov_len (bytes_iov, iov_count )); // The following is the domain state that each smb1 command contains-> smb1.iov [0]. iov_base = (void *) state-> length_hdr; // "SMB" state-> smb1.iov [0]. iov_len = sizeof (State-> length_hdr); State-> smb1.iov [1]. iov_base = (void *) state-> smb1.hdr; // header field state-> smb1.iov [1]. iov_len = sizeof (State-> smb1.hdr); State-> smb1.iov [2]. iov_base = (void *) state-> smb1.vwv; // The specific data state contained in the WCT field-> smb1.iov [2]. iov_len = WCT * sizeof (uint16_t); State-> smb1.iov [3]. iov_base = (void *) state-> smb1.bytecount _ Buf; // BCC domain state-> smb1.iov [3]. iov_len = sizeof (uint16_t); // use IOV [4] To send if (iov_count! = 0) {memcpy (& State-> smb1.iov [4], bytes_iov, iov_count * sizeof (* bytes_iov);} state-> smb1.iov _ COUNT = iov_count + 4;

-After the group package ends, call tevent_req_set_callbak () to set the callback function of the event to cli_close_done (). In this function, call the cli_smb_recv () function to receive SMB packets. Note: At this time, the group package and event-related registration activities have been completed and ready for is sent.

Step 2: Call smb1cli_req_chain_submit () to complete message sending.

Cli_close_recv ():

-Because the immediate time is registered, the program blocks tevent_req_poll () in the previous step until the corresponding event receives a notification and returns it from the registered callback. At this point, we have received the returned data packet of close (received by the callback function). For close command, we only need to simply process the returned value. Other complex commands may require further analysis of returned values, such as saving opened file handles and treeid information.

Summary:

In fact, the implementation of the client side is relatively simple. The key point is the use of the tevent Library and the analysis of the Protocol group package. The use of the tevent library can be quickly learned through the materials, but the Protocol group package and processing involves a lot of details, you do not need to master all, just analyze a simple command.

Samba source code parsing-smbclient command stream