2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) David Disseldorp 2013-2015
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "../libcli/security/security.h"
27 #include "../lib/util/tevent_ntstatus.h"
28 #include "rpc_server/srv_pipe_hnd.h"
29 #include "include/ntioctl.h"
30 #include "../librpc/ndr/libndr.h"
31 #include "librpc/gen_ndr/ndr_ioctl.h"
32 #include "smb2_ioctl_private.h"
34 static NTSTATUS fsctl_dup_extents_check_overlap(struct files_struct *src_fsp,
35 struct files_struct *dst_fsp,
36 struct fsctl_dup_extents_to_file *dup_extents)
38 uint64_t src_off_last;
39 uint64_t tgt_off_last;
41 if (!file_id_equal(&src_fsp->file_id, &dst_fsp->file_id)) {
42 /* src and dest refer to different files */
46 if (dup_extents->byte_count == 0) {
47 /* no range to overlap */
52 * [MS-FSCC] 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE Reply
53 * STATUS_NOT_SUPPORTED:
54 * The source and target destination ranges overlap on the same file.
57 src_off_last = dup_extents->source_off + dup_extents->byte_count - 1;
58 if ((dup_extents->target_off >= dup_extents->source_off)
59 && (dup_extents->target_off <= src_off_last)) {
64 return NT_STATUS_NOT_SUPPORTED;
68 tgt_off_last = dup_extents->target_off + dup_extents->byte_count - 1;
69 if ((tgt_off_last >= dup_extents->source_off)
70 && (tgt_off_last <= src_off_last)) {
75 return NT_STATUS_NOT_SUPPORTED;
81 struct fsctl_dup_extents_state {
82 struct tevent_context *ev;
83 struct connection_struct *conn;
84 struct fsctl_dup_extents_to_file dup_extents;
87 static void fsctl_dup_extents_vfs_done(struct tevent_req *subreq);
89 static struct tevent_req *fsctl_dup_extents_send(TALLOC_CTX *mem_ctx,
90 struct tevent_context *ev,
91 struct files_struct *dst_fsp,
93 struct smbd_smb2_request *smb2req)
95 struct tevent_req *req = NULL;
96 struct tevent_req *subreq = NULL;
97 struct fsctl_dup_extents_state *state = NULL;
98 uint64_t src_fid_persistent = 0;
99 uint64_t src_fid_volatile = 0;
100 struct files_struct *src_fsp = NULL;
104 req = tevent_req_create(mem_ctx, &state,
105 struct fsctl_dup_extents_state);
109 *state = (struct fsctl_dup_extents_state) {
110 .conn = dst_fsp->conn,
114 if (dst_fsp == NULL) {
115 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
116 return tevent_req_post(req, ev);
119 if ((dst_fsp->conn->fs_capabilities
120 & FILE_SUPPORTS_BLOCK_REFCOUNTING) == 0) {
121 DBG_INFO("FS does not advertise block refcounting support\n");
122 tevent_req_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
123 return tevent_req_post(req, ev);
126 ndr_ret = ndr_pull_struct_blob(in_input, state, &state->dup_extents,
127 (ndr_pull_flags_fn_t)ndr_pull_fsctl_dup_extents_to_file);
128 if (ndr_ret != NDR_ERR_SUCCESS) {
129 DBG_ERR("failed to unmarshall dup extents to file req\n");
130 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
131 return tevent_req_post(req, ev);
134 src_fid_persistent = BVAL(state->dup_extents.source_fid, 0);
135 src_fid_volatile = BVAL(state->dup_extents.source_fid, 8);
136 src_fsp = file_fsp_get(smb2req, src_fid_persistent, src_fid_volatile);
137 if ((src_fsp == NULL)
138 || (src_fsp->file_id.devid != dst_fsp->file_id.devid)) {
140 * [MS-FSCC] 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE Reply
141 * STATUS_INVALID_PARAMETER:
142 * The FileHandle parameter is either invalid or does not
143 * represent a handle to an opened file on the same volume.
145 * Windows Server responds with NT_STATUS_INVALID_HANDLE instead
146 * of STATUS_INVALID_PARAMETER here, despite the above spec.
148 DBG_ERR("invalid src_fsp for dup_extents\n");
149 tevent_req_nterror(req, NT_STATUS_INVALID_HANDLE);
150 return tevent_req_post(req, ev);
153 if (state->dup_extents.byte_count == 0) {
154 DBG_ERR("skipping zero length dup extents\n");
155 tevent_req_done(req);
156 return tevent_req_post(req, ev);
159 status = fsctl_dup_extents_check_overlap(src_fsp, dst_fsp,
160 &state->dup_extents);
161 if (!NT_STATUS_IS_OK(status)) {
162 tevent_req_nterror(req, status);
163 return tevent_req_post(req, ev);
166 subreq = SMB_VFS_COPY_CHUNK_SEND(dst_fsp->conn, state, ev,
167 src_fsp, state->dup_extents.source_off,
168 dst_fsp, state->dup_extents.target_off,
169 state->dup_extents.byte_count,
170 VFS_COPY_CHUNK_FL_MUST_CLONE);
171 if (tevent_req_nomem(subreq, req)) {
172 return tevent_req_post(req, ev);
175 tevent_req_set_callback(subreq, fsctl_dup_extents_vfs_done, req);
180 static void fsctl_dup_extents_vfs_done(struct tevent_req *subreq)
182 struct tevent_req *req = tevent_req_callback_data(
183 subreq, struct tevent_req);
184 struct fsctl_dup_extents_state *state = tevent_req_data(
185 req, struct fsctl_dup_extents_state);
189 status = SMB_VFS_COPY_CHUNK_RECV(state->conn, subreq, &nb_chunk);
191 if (tevent_req_nterror(req, status)) {
195 if (nb_chunk != state->dup_extents.byte_count) {
196 tevent_req_nterror(req, NT_STATUS_IO_DEVICE_ERROR);
200 tevent_req_done(req);
203 static NTSTATUS fsctl_dup_extents_recv(struct tevent_req *req)
205 return tevent_req_simple_recv_ntstatus(req);
208 static NTSTATUS fsctl_get_cmprn(TALLOC_CTX *mem_ctx,
209 struct tevent_context *ev,
210 struct files_struct *fsp,
211 size_t in_max_output,
212 DATA_BLOB *out_output)
214 struct compression_state cmpr_state;
215 enum ndr_err_code ndr_ret;
220 return NT_STATUS_FILE_CLOSED;
223 /* Windows doesn't check for SEC_FILE_READ_ATTRIBUTE permission here */
225 ZERO_STRUCT(cmpr_state);
226 if (fsp->conn->fs_capabilities & FILE_FILE_COMPRESSION) {
227 status = SMB_VFS_GET_COMPRESSION(fsp->conn,
232 if (!NT_STATUS_IS_OK(status)) {
237 * bso#12144: The underlying filesystem doesn't support
238 * compression, so we should respond with "not-compressed"
239 * (like WS2016 ReFS) instead of STATUS_NOT_SUPPORTED or
240 * NT_STATUS_INVALID_DEVICE_REQUEST.
242 cmpr_state.format = COMPRESSION_FORMAT_NONE;
245 ndr_ret = ndr_push_struct_blob(&output, mem_ctx,
247 (ndr_push_flags_fn_t)ndr_push_compression_state);
248 if (ndr_ret != NDR_ERR_SUCCESS) {
249 return NT_STATUS_INTERNAL_ERROR;
252 if (in_max_output < output.length) {
253 DEBUG(1, ("max output %u too small for compression state %ld\n",
254 (unsigned int)in_max_output, (long int)output.length));
255 return NT_STATUS_INVALID_USER_BUFFER;
257 *out_output = output;
262 static NTSTATUS fsctl_set_cmprn(TALLOC_CTX *mem_ctx,
263 struct tevent_context *ev,
264 struct files_struct *fsp,
267 struct compression_state cmpr_state;
268 enum ndr_err_code ndr_ret;
272 return NT_STATUS_FILE_CLOSED;
275 /* WRITE_DATA permission is required, WRITE_ATTRIBUTES is not */
276 status = check_access_fsp(fsp, FILE_WRITE_DATA);
277 if (!NT_STATUS_IS_OK(status)) {
281 ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &cmpr_state,
282 (ndr_pull_flags_fn_t)ndr_pull_compression_state);
283 if (ndr_ret != NDR_ERR_SUCCESS) {
284 DEBUG(0, ("failed to unmarshall set compression req\n"));
285 return NT_STATUS_INVALID_PARAMETER;
288 status = NT_STATUS_NOT_SUPPORTED;
289 if (fsp->conn->fs_capabilities & FILE_FILE_COMPRESSION) {
290 status = SMB_VFS_SET_COMPRESSION(fsp->conn,
294 } else if (cmpr_state.format == COMPRESSION_FORMAT_NONE) {
296 * bso#12144: The underlying filesystem doesn't support
297 * compression. We should still accept set(FORMAT_NONE) requests
298 * (like WS2016 ReFS).
300 status = NT_STATUS_OK;
306 static NTSTATUS fsctl_zero_data(TALLOC_CTX *mem_ctx,
307 struct tevent_context *ev,
308 struct files_struct *fsp,
311 struct file_zero_data_info zdata_info;
312 enum ndr_err_code ndr_ret;
313 struct lock_struct lck;
320 return NT_STATUS_FILE_CLOSED;
323 /* WRITE_DATA permission is required */
324 status = check_access_fsp(fsp, FILE_WRITE_DATA);
325 if (!NT_STATUS_IS_OK(status)) {
329 /* allow regardless of whether FS supports sparse or not */
331 ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &zdata_info,
332 (ndr_pull_flags_fn_t)ndr_pull_file_zero_data_info);
333 if (ndr_ret != NDR_ERR_SUCCESS) {
334 DEBUG(0, ("failed to unmarshall zero data request\n"));
335 return NT_STATUS_INVALID_PARAMETER;
338 if (zdata_info.beyond_final_zero < zdata_info.file_off) {
339 DEBUG(0, ("invalid zero data params: off %lu, bfz, %lu\n",
340 (unsigned long)zdata_info.file_off,
341 (unsigned long)zdata_info.beyond_final_zero));
342 return NT_STATUS_INVALID_PARAMETER;
345 /* convert strange "beyond final zero" param into length */
346 len = zdata_info.beyond_final_zero - zdata_info.file_off;
349 DEBUG(2, ("zero data called with zero length range\n"));
353 init_strict_lock_struct(fsp,
354 fsp->op->global->open_persistent_id,
360 if (!SMB_VFS_STRICT_LOCK(fsp->conn, fsp, &lck)) {
361 DEBUG(2, ("failed to lock range for zero-data\n"));
362 return NT_STATUS_FILE_LOCK_CONFLICT;
366 * MS-FSCC <58> Section 2.3.67
367 * This FSCTL sets the range of bytes to zero (0) without extending the
370 * The VFS_FALLOCATE_FL_KEEP_SIZE flag is used to satisfy this
374 mode = VFS_FALLOCATE_FL_PUNCH_HOLE | VFS_FALLOCATE_FL_KEEP_SIZE;
375 ret = SMB_VFS_FALLOCATE(fsp, mode, zdata_info.file_off, len);
377 status = map_nt_error_from_unix_common(errno);
378 DEBUG(2, ("zero-data fallocate(0x%x) failed: %s\n", mode,
380 SMB_VFS_STRICT_UNLOCK(fsp->conn, fsp, &lck);
384 if (!fsp->is_sparse && lp_strict_allocate(SNUM(fsp->conn))) {
386 * File marked non-sparse and "strict allocate" is enabled -
387 * allocate the range that we just punched out.
388 * In future FALLOC_FL_ZERO_RANGE could be used exclusively for
389 * this, but it's currently only supported on XFS and ext4.
391 * The newly allocated range still won't be found by SEEK_DATA
392 * for QAR, but stat.st_blocks will reflect it.
394 ret = SMB_VFS_FALLOCATE(fsp, VFS_FALLOCATE_FL_KEEP_SIZE,
395 zdata_info.file_off, len);
397 status = map_nt_error_from_unix_common(errno);
398 DEBUG(0, ("fallocate failed: %s\n", strerror(errno)));
399 SMB_VFS_STRICT_UNLOCK(fsp->conn, fsp, &lck);
404 SMB_VFS_STRICT_UNLOCK(fsp->conn, fsp, &lck);
408 static NTSTATUS fsctl_qar_buf_push(TALLOC_CTX *mem_ctx,
409 struct file_alloced_range_buf *qar_buf,
410 DATA_BLOB *qar_array_blob)
413 enum ndr_err_code ndr_ret;
416 ndr_ret = ndr_push_struct_blob(&new_slot, mem_ctx, qar_buf,
417 (ndr_push_flags_fn_t)ndr_push_file_alloced_range_buf);
418 if (ndr_ret != NDR_ERR_SUCCESS) {
419 DEBUG(0, ("failed to marshall QAR buf\n"));
420 return NT_STATUS_INVALID_PARAMETER;
423 /* TODO should be able to avoid copy by pushing into prealloced buf */
424 ok = data_blob_append(mem_ctx, qar_array_blob, new_slot.data,
426 data_blob_free(&new_slot);
428 return NT_STATUS_NO_MEMORY;
434 static NTSTATUS fsctl_qar_seek_fill(TALLOC_CTX *mem_ctx,
435 struct files_struct *fsp,
438 DATA_BLOB *qar_array_blob)
440 NTSTATUS status = NT_STATUS_NOT_SUPPORTED;
442 #ifdef HAVE_LSEEK_HOLE_DATA
443 while (curr_off <= max_off) {
446 struct file_alloced_range_buf qar_buf;
449 data_off = SMB_VFS_LSEEK(fsp, curr_off, SEEK_DATA);
450 if ((data_off == -1) && (errno == ENXIO)) {
451 /* no data from curr_off to EOF */
453 } else if (data_off == -1) {
454 status = map_nt_error_from_unix_common(errno);
455 DEBUG(1, ("lseek data failed: %s\n", strerror(errno)));
459 if (data_off > max_off) {
460 /* found something, but passed range of interest */
464 hole_off = SMB_VFS_LSEEK(fsp, data_off, SEEK_HOLE);
465 if (hole_off == -1) {
466 status = map_nt_error_from_unix_common(errno);
467 DEBUG(1, ("lseek hole failed: %s\n", strerror(errno)));
471 if (hole_off <= data_off) {
472 DEBUG(1, ("lseek inconsistent: hole %lu at or before "
473 "data %lu\n", (unsigned long)hole_off,
474 (unsigned long)data_off));
475 return NT_STATUS_INTERNAL_ERROR;
478 qar_buf.file_off = data_off;
479 /* + 1 to convert maximum offset to length */
480 qar_buf.len = MIN(hole_off, max_off + 1) - data_off;
482 status = fsctl_qar_buf_push(mem_ctx, &qar_buf, qar_array_blob);
483 if (!NT_STATUS_IS_OK(status)) {
484 return NT_STATUS_NO_MEMORY;
489 status = NT_STATUS_OK;
495 static NTSTATUS fsctl_qar(TALLOC_CTX *mem_ctx,
496 struct tevent_context *ev,
497 struct files_struct *fsp,
499 size_t in_max_output,
500 DATA_BLOB *out_output)
502 struct fsctl_query_alloced_ranges_req qar_req;
503 struct fsctl_query_alloced_ranges_rsp qar_rsp;
504 DATA_BLOB qar_array_blob = data_blob_null;
506 enum ndr_err_code ndr_ret;
509 SMB_STRUCT_STAT sbuf;
512 return NT_STATUS_FILE_CLOSED;
515 /* READ_DATA permission is required */
516 status = check_access_fsp(fsp, FILE_READ_DATA);
517 if (!NT_STATUS_IS_OK(status)) {
521 ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &qar_req,
522 (ndr_pull_flags_fn_t)ndr_pull_fsctl_query_alloced_ranges_req);
523 if (ndr_ret != NDR_ERR_SUCCESS) {
524 DEBUG(0, ("failed to unmarshall QAR req\n"));
525 return NT_STATUS_INVALID_PARAMETER;
529 * XXX Windows Server 2008 & 2012 servers don't return lock-conflict
530 * for QAR requests over an exclusively locked range!
533 ret = SMB_VFS_FSTAT(fsp, &sbuf);
535 status = map_nt_error_from_unix_common(errno);
536 DEBUG(2, ("fstat failed: %s\n", strerror(errno)));
540 if ((qar_req.buf.len == 0)
541 || (sbuf.st_ex_size == 0)
542 || (qar_req.buf.file_off >= sbuf.st_ex_size)) {
543 /* zero length range or after EOF, no ranges to return */
547 /* check for integer overflow */
548 if (qar_req.buf.file_off + qar_req.buf.len < qar_req.buf.file_off) {
549 return NT_STATUS_INVALID_PARAMETER;
553 * Maximum offset is either the last valid offset _before_ EOF, or the
554 * last byte offset within the requested range. -1 converts length to
555 * offset, which is easier to work with for SEEK_DATA/SEEK_HOLE, E.g.:
557 * /off=0 /off=512K /st_ex_size=1M
558 * |-------------------------------------|
560 * |-------------------------------------|
562 * |=====================================|
563 * | QAR off=512K, len=1M |
564 * |=================^===================|
567 * |==================|
568 * |QAR off=0 len=512K|
569 * |==================|
573 max_off = MIN(sbuf.st_ex_size,
574 qar_req.buf.file_off + qar_req.buf.len) - 1;
576 if (!fsp->is_sparse) {
577 struct file_alloced_range_buf qar_buf;
579 /* file is non-sparse, claim file_off->max_off is allocated */
580 qar_buf.file_off = qar_req.buf.file_off;
581 /* + 1 to convert maximum offset back to length */
582 qar_buf.len = max_off - qar_req.buf.file_off + 1;
584 status = fsctl_qar_buf_push(mem_ctx, &qar_buf, &qar_array_blob);
586 status = fsctl_qar_seek_fill(mem_ctx, fsp, qar_req.buf.file_off,
587 max_off, &qar_array_blob);
589 if (!NT_STATUS_IS_OK(status)) {
593 /* marshall response buffer. */
594 qar_rsp.far_buf_array = qar_array_blob;
596 ndr_ret = ndr_push_struct_blob(out_output, mem_ctx, &qar_rsp,
597 (ndr_push_flags_fn_t)ndr_push_fsctl_query_alloced_ranges_rsp);
598 if (ndr_ret != NDR_ERR_SUCCESS) {
599 DEBUG(0, ("failed to marshall QAR rsp\n"));
600 return NT_STATUS_INVALID_PARAMETER;
603 if (out_output->length > in_max_output) {
604 DEBUG(2, ("QAR output len %lu exceeds max %lu\n",
605 (unsigned long)out_output->length,
606 (unsigned long)in_max_output));
607 data_blob_free(out_output);
608 return NT_STATUS_BUFFER_TOO_SMALL;
614 static void smb2_ioctl_filesys_dup_extents_done(struct tevent_req *subreq);
616 struct tevent_req *smb2_ioctl_filesys(uint32_t ctl_code,
617 struct tevent_context *ev,
618 struct tevent_req *req,
619 struct smbd_smb2_ioctl_state *state)
624 case FSCTL_GET_COMPRESSION:
625 status = fsctl_get_cmprn(state, ev, state->fsp,
626 state->in_max_output,
628 if (!tevent_req_nterror(req, status)) {
629 tevent_req_done(req);
631 return tevent_req_post(req, ev);
633 case FSCTL_SET_COMPRESSION:
634 status = fsctl_set_cmprn(state, ev, state->fsp,
636 if (!tevent_req_nterror(req, status)) {
637 tevent_req_done(req);
639 return tevent_req_post(req, ev);
641 case FSCTL_SET_ZERO_DATA:
642 status = fsctl_zero_data(state, ev, state->fsp,
644 if (!tevent_req_nterror(req, status)) {
645 tevent_req_done(req);
647 return tevent_req_post(req, ev);
649 case FSCTL_QUERY_ALLOCATED_RANGES:
650 status = fsctl_qar(state, ev, state->fsp,
652 state->in_max_output,
654 if (!tevent_req_nterror(req, status)) {
655 tevent_req_done(req);
657 return tevent_req_post(req, ev);
659 case FSCTL_DUP_EXTENTS_TO_FILE: {
660 struct tevent_req *subreq = NULL;
662 subreq = fsctl_dup_extents_send(state, ev,
666 if (tevent_req_nomem(subreq, req)) {
667 return tevent_req_post(req, ev);
669 tevent_req_set_callback(subreq,
670 smb2_ioctl_filesys_dup_extents_done,
676 uint8_t *out_data = NULL;
677 uint32_t out_data_len = 0;
679 if (state->fsp == NULL) {
680 status = NT_STATUS_NOT_SUPPORTED;
682 status = SMB_VFS_FSCTL(state->fsp,
685 state->smbreq->flags2,
686 state->in_input.data,
687 state->in_input.length,
689 state->in_max_output,
691 state->out_output = data_blob_const(out_data, out_data_len);
692 if (NT_STATUS_IS_OK(status)) {
693 tevent_req_done(req);
694 return tevent_req_post(req, ev);
698 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
699 if (IS_IPC(state->smbreq->conn)) {
700 status = NT_STATUS_FS_DRIVER_REQUIRED;
702 status = NT_STATUS_INVALID_DEVICE_REQUEST;
706 tevent_req_nterror(req, status);
707 return tevent_req_post(req, ev);
712 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
713 return tevent_req_post(req, ev);
716 static void smb2_ioctl_filesys_dup_extents_done(struct tevent_req *subreq)
718 struct tevent_req *req = tevent_req_callback_data(subreq,
722 status = fsctl_dup_extents_recv(subreq);
724 if (!tevent_req_nterror(req, status)) {
725 tevent_req_done(req);