2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) David Disseldorp 2012
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "../libcli/security/security.h"
27 #include "../lib/util/tevent_ntstatus.h"
28 #include "../lib/ccan/build_assert/build_assert.h"
29 #include "include/ntioctl.h"
30 #include "../librpc/ndr/libndr.h"
31 #include "librpc/gen_ndr/ndr_ioctl.h"
32 #include "smb2_ioctl_private.h"
34 #define COPYCHUNK_MAX_CHUNKS 256 /* 2k8r2 & win8 = 256 */
35 #define COPYCHUNK_MAX_CHUNK_LEN 1048576 /* 2k8r2 & win8 = 1048576 */
36 #define COPYCHUNK_MAX_TOTAL_LEN 16777216 /* 2k8r2 & win8 = 16777216 */
37 static void copychunk_pack_limits(struct srv_copychunk_rsp *cc_rsp)
39 cc_rsp->chunks_written = COPYCHUNK_MAX_CHUNKS;
40 cc_rsp->chunk_bytes_written = COPYCHUNK_MAX_CHUNK_LEN;
41 cc_rsp->total_bytes_written = COPYCHUNK_MAX_TOTAL_LEN;
44 static NTSTATUS copychunk_check_limits(struct srv_copychunk_copy *cc_copy)
47 uint32_t total_len = 0;
49 if (cc_copy->chunk_count > COPYCHUNK_MAX_CHUNKS) {
50 return NT_STATUS_INVALID_PARAMETER;
53 for (i = 0; i < cc_copy->chunk_count; i++) {
54 if (cc_copy->chunks[i].length > COPYCHUNK_MAX_CHUNK_LEN) {
55 return NT_STATUS_INVALID_PARAMETER;
57 total_len += cc_copy->chunks[i].length;
59 if (total_len > COPYCHUNK_MAX_TOTAL_LEN) {
60 return NT_STATUS_INVALID_PARAMETER;
66 static void copychunk_unlock_all(struct files_struct *src_fsp,
67 struct files_struct *dst_fsp,
68 struct lock_struct *rd_locks,
69 struct lock_struct *wr_locks,
75 for (i = 0; i < num_locks; i++) {
76 SMB_VFS_STRICT_UNLOCK(src_fsp->conn, src_fsp, &rd_locks[i]);
77 SMB_VFS_STRICT_UNLOCK(dst_fsp->conn, dst_fsp, &wr_locks[i]);
81 /* request read and write locks for each chunk */
82 static NTSTATUS copychunk_lock_all(TALLOC_CTX *mem_ctx,
83 struct srv_copychunk_copy *cc_copy,
84 struct files_struct *src_fsp,
85 struct files_struct *dst_fsp,
86 struct lock_struct **rd_locks,
87 struct lock_struct **wr_locks,
92 struct lock_struct *rlocks;
93 struct lock_struct *wlocks;
95 rlocks = talloc_array(mem_ctx, struct lock_struct,
96 cc_copy->chunk_count);
98 status = NT_STATUS_NO_MEMORY;
102 wlocks = talloc_array(mem_ctx, struct lock_struct,
103 cc_copy->chunk_count);
104 if (wlocks == NULL) {
105 status = NT_STATUS_NO_MEMORY;
106 goto err_rlocks_free;
109 for (i = 0; i < cc_copy->chunk_count; i++) {
110 init_strict_lock_struct(src_fsp,
111 src_fsp->op->global->open_persistent_id,
112 cc_copy->chunks[i].source_off,
113 cc_copy->chunks[i].length,
116 init_strict_lock_struct(dst_fsp,
117 dst_fsp->op->global->open_persistent_id,
118 cc_copy->chunks[i].target_off,
119 cc_copy->chunks[i].length,
123 if (!SMB_VFS_STRICT_LOCK(src_fsp->conn, src_fsp, &rlocks[i])) {
124 status = NT_STATUS_FILE_LOCK_CONFLICT;
127 if (!SMB_VFS_STRICT_LOCK(dst_fsp->conn, dst_fsp, &wlocks[i])) {
128 /* unlock last rlock, otherwise missed by cleanup */
129 SMB_VFS_STRICT_UNLOCK(src_fsp->conn, src_fsp,
131 status = NT_STATUS_FILE_LOCK_CONFLICT;
144 /* cleanup all locks successfully issued so far */
145 copychunk_unlock_all(src_fsp, dst_fsp, rlocks, wlocks, i);
154 struct fsctl_srv_copychunk_state {
155 struct connection_struct *conn;
156 uint32_t dispatch_count;
158 uint32_t bad_recv_count;
161 struct files_struct *src_fsp;
162 struct files_struct *dst_fsp;
163 struct lock_struct *wlocks;
164 struct lock_struct *rlocks;
167 COPYCHUNK_OUT_EMPTY = 0,
168 COPYCHUNK_OUT_LIMITS,
172 static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq);
174 static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx,
175 struct tevent_context *ev,
176 struct files_struct *dst_fsp,
178 struct smbd_smb2_request *smb2req)
180 struct tevent_req *req;
181 struct srv_copychunk_copy cc_copy;
182 enum ndr_err_code ndr_ret;
183 uint64_t src_persistent_h;
184 uint64_t src_volatile_h;
186 struct srv_copychunk *chunk;
187 struct fsctl_srv_copychunk_state *state;
189 req = tevent_req_create(mem_ctx, &state,
190 struct fsctl_srv_copychunk_state);
194 state->conn = dst_fsp->conn;
195 ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &cc_copy,
196 (ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_copy);
197 if (ndr_ret != NDR_ERR_SUCCESS) {
198 DEBUG(0, ("failed to unmarshall copy chunk req\n"));
199 state->status = NT_STATUS_INVALID_PARAMETER;
200 tevent_req_nterror(req, state->status);
201 return tevent_req_post(req, ev);
204 /* persistent/volatile keys sent as the resume key */
205 src_persistent_h = BVAL(cc_copy.source_key, 0);
206 src_volatile_h = BVAL(cc_copy.source_key, 8);
207 state->src_fsp = file_fsp_get(smb2req, src_persistent_h, src_volatile_h);
208 if (state->src_fsp == NULL) {
209 DEBUG(3, ("invalid resume key in copy chunk req\n"));
210 state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
211 tevent_req_nterror(req, state->status);
212 return tevent_req_post(req, ev);
215 state->dst_fsp = dst_fsp;
217 * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request
218 * If Open.GrantedAccess of the destination file does not
219 * include FILE_WRITE_DATA, then the request MUST be failed with
220 * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the
221 * destination file does not include FILE_READ_DATA access and
222 * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be
223 * failed with STATUS_ACCESS_DENIED.
225 if (!CHECK_WRITE(state->dst_fsp)) {
226 state->status = NT_STATUS_ACCESS_DENIED;
227 tevent_req_nterror(req, state->status);
228 return tevent_req_post(req, ev);
230 if (!CHECK_READ(state->dst_fsp, smb2req->smb1req)) {
231 state->status = NT_STATUS_ACCESS_DENIED;
232 tevent_req_nterror(req, state->status);
233 return tevent_req_post(req, ev);
235 if (!CHECK_READ(state->src_fsp, smb2req->smb1req)) {
236 state->status = NT_STATUS_ACCESS_DENIED;
237 tevent_req_nterror(req, state->status);
238 return tevent_req_post(req, ev);
241 state->status = copychunk_check_limits(&cc_copy);
242 if (tevent_req_nterror(req, state->status)) {
243 DEBUG(3, ("copy chunk req exceeds limits\n"));
244 state->out_data = COPYCHUNK_OUT_LIMITS;
245 return tevent_req_post(req, ev);
248 /* any errors from here onwards should carry copychunk response data */
249 state->out_data = COPYCHUNK_OUT_RSP;
251 state->status = copychunk_lock_all(state,
258 if (tevent_req_nterror(req, state->status)) {
259 return tevent_req_post(req, ev);
262 for (i = 0; i < cc_copy.chunk_count; i++) {
263 struct tevent_req *vfs_subreq;
264 chunk = &cc_copy.chunks[i];
265 vfs_subreq = SMB_VFS_COPY_CHUNK_SEND(dst_fsp->conn,
272 if (vfs_subreq == NULL) {
273 DEBUG(0, ("VFS copy chunk send failed\n"));
274 state->status = NT_STATUS_NO_MEMORY;
275 if (state->dispatch_count == 0) {
276 /* nothing dispatched, return immediately */
277 copychunk_unlock_all(state->src_fsp,
282 tevent_req_nterror(req, state->status);
283 return tevent_req_post(req, ev);
286 * wait for dispatched to complete before
287 * returning error, locks held.
292 tevent_req_set_callback(vfs_subreq,
293 fsctl_srv_copychunk_vfs_done, req);
294 state->dispatch_count++;
297 /* hold locks until all dispatched requests are completed */
301 static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq)
303 struct tevent_req *req = tevent_req_callback_data(
304 subreq, struct tevent_req);
305 struct fsctl_srv_copychunk_state *state = tevent_req_data(req,
306 struct fsctl_srv_copychunk_state);
307 off_t chunk_nwritten;
311 status = SMB_VFS_COPY_CHUNK_RECV(state->conn, subreq,
314 if (NT_STATUS_IS_OK(status)) {
315 DEBUG(10, ("good copy chunk recv %d of %d\n",
317 state->dispatch_count));
318 state->total_written += chunk_nwritten;
320 DEBUG(0, ("bad status in copy chunk recv %d of %d: %s\n",
322 state->dispatch_count,
324 state->bad_recv_count++;
325 /* may overwrite previous failed status */
326 state->status = status;
329 if (state->recv_count != state->dispatch_count) {
331 * Wait for all VFS copy_chunk requests to complete, even
332 * if an error is received for a specific chunk.
337 /* all VFS copy_chunk requests done */
338 copychunk_unlock_all(state->src_fsp,
344 if (!tevent_req_nterror(req, state->status)) {
345 tevent_req_done(req);
349 static NTSTATUS fsctl_srv_copychunk_recv(struct tevent_req *req,
350 struct srv_copychunk_rsp *cc_rsp,
353 struct fsctl_srv_copychunk_state *state = tevent_req_data(req,
354 struct fsctl_srv_copychunk_state);
357 switch (state->out_data) {
358 case COPYCHUNK_OUT_EMPTY:
361 case COPYCHUNK_OUT_LIMITS:
362 /* 2.2.32.1 - send back our maximum transfer size limits */
363 copychunk_pack_limits(cc_rsp);
366 case COPYCHUNK_OUT_RSP:
367 cc_rsp->chunks_written = state->recv_count - state->bad_recv_count;
368 cc_rsp->chunk_bytes_written = 0;
369 cc_rsp->total_bytes_written = state->total_written;
372 default: /* not reached */
376 status = state->status;
377 tevent_req_received(req);
382 static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
383 struct tevent_context *ev,
384 struct smbXsrv_connection *conn,
386 uint32_t in_max_output,
387 DATA_BLOB *out_output,
390 uint32_t in_capabilities;
391 DATA_BLOB in_guid_blob;
393 uint16_t in_security_mode;
394 uint16_t in_num_dialects;
396 DATA_BLOB out_guid_blob;
399 if (in_input->length < 0x18) {
400 return NT_STATUS_INVALID_PARAMETER;
403 in_capabilities = IVAL(in_input->data, 0x00);
404 in_guid_blob = data_blob_const(in_input->data + 0x04, 16);
405 in_security_mode = SVAL(in_input->data, 0x14);
406 in_num_dialects = SVAL(in_input->data, 0x16);
408 if (in_input->length < (0x18 + in_num_dialects*2)) {
409 return NT_STATUS_INVALID_PARAMETER;
412 if (in_max_output < 0x18) {
413 return NT_STATUS_BUFFER_TOO_SMALL;
416 status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
417 if (!NT_STATUS_IS_OK(status)) {
421 if (in_num_dialects != conn->smb2.client.num_dialects) {
423 return NT_STATUS_ACCESS_DENIED;
426 for (i=0; i < in_num_dialects; i++) {
427 uint16_t v = SVAL(in_input->data, 0x18 + i*2);
429 if (conn->smb2.client.dialects[i] != v) {
431 return NT_STATUS_ACCESS_DENIED;
435 if (GUID_compare(&in_guid, &conn->smb2.client.guid) != 0) {
437 return NT_STATUS_ACCESS_DENIED;
440 if (in_security_mode != conn->smb2.client.security_mode) {
442 return NT_STATUS_ACCESS_DENIED;
445 if (in_capabilities != conn->smb2.client.capabilities) {
447 return NT_STATUS_ACCESS_DENIED;
450 status = GUID_to_ndr_blob(&conn->smb2.server.guid, mem_ctx,
452 if (!NT_STATUS_IS_OK(status)) {
456 *out_output = data_blob_talloc(mem_ctx, NULL, 0x18);
457 if (out_output->data == NULL) {
458 return NT_STATUS_NO_MEMORY;
461 SIVAL(out_output->data, 0x00, conn->smb2.server.capabilities);
462 memcpy(out_output->data+0x04, out_guid_blob.data, 16);
463 SIVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
464 SIVAL(out_output->data, 0x16, conn->smb2.server.dialect);
469 static NTSTATUS fsctl_srv_req_resume_key(TALLOC_CTX *mem_ctx,
470 struct tevent_context *ev,
471 struct files_struct *fsp,
472 uint32_t in_max_output,
473 DATA_BLOB *out_output)
475 struct req_resume_key_rsp rkey_rsp;
476 enum ndr_err_code ndr_ret;
480 return NT_STATUS_FILE_CLOSED;
483 ZERO_STRUCT(rkey_rsp);
484 /* combine persistent and volatile handles for the resume key */
485 SBVAL(rkey_rsp.resume_key, 0, fsp->op->global->open_persistent_id);
486 SBVAL(rkey_rsp.resume_key, 8, fsp->op->global->open_volatile_id);
488 ndr_ret = ndr_push_struct_blob(&output, mem_ctx, &rkey_rsp,
489 (ndr_push_flags_fn_t)ndr_push_req_resume_key_rsp);
490 if (ndr_ret != NDR_ERR_SUCCESS) {
491 return NT_STATUS_INTERNAL_ERROR;
494 if (in_max_output < output.length) {
495 DEBUG(1, ("max output %u too small for resume key rsp %ld\n",
496 in_max_output, (long int)output.length));
497 return NT_STATUS_INVALID_PARAMETER;
499 *out_output = output;
504 static void smb2_ioctl_network_fs_copychunk_done(struct tevent_req *subreq);
506 struct tevent_req *smb2_ioctl_network_fs(uint32_t ctl_code,
507 struct tevent_context *ev,
508 struct tevent_req *req,
509 struct smbd_smb2_ioctl_state *state)
511 struct tevent_req *subreq;
515 case FSCTL_SRV_COPYCHUNK:
516 subreq = fsctl_srv_copychunk_send(state, ev, state->fsp,
519 if (tevent_req_nomem(subreq, req)) {
520 return tevent_req_post(req, ev);
522 tevent_req_set_callback(subreq,
523 smb2_ioctl_network_fs_copychunk_done,
527 case FSCTL_VALIDATE_NEGOTIATE_INFO:
528 status = fsctl_validate_neg_info(state, ev,
529 state->smbreq->sconn->conn,
531 state->in_max_output,
534 if (!tevent_req_nterror(req, status)) {
535 tevent_req_done(req);
537 return tevent_req_post(req, ev);
539 case FSCTL_SRV_REQUEST_RESUME_KEY:
540 status = fsctl_srv_req_resume_key(state, ev, state->fsp,
541 state->in_max_output,
543 if (!tevent_req_nterror(req, status)) {
544 tevent_req_done(req);
546 return tevent_req_post(req, ev);
549 uint8_t *out_data = NULL;
550 uint32_t out_data_len = 0;
552 if (state->fsp == NULL) {
553 status = NT_STATUS_NOT_SUPPORTED;
555 status = SMB_VFS_FSCTL(state->fsp,
558 state->smbreq->flags2,
559 state->in_input.data,
560 state->in_input.length,
562 state->in_max_output,
564 state->out_output = data_blob_const(out_data, out_data_len);
565 if (NT_STATUS_IS_OK(status)) {
566 tevent_req_done(req);
567 return tevent_req_post(req, ev);
571 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
572 if (IS_IPC(state->smbreq->conn)) {
573 status = NT_STATUS_FS_DRIVER_REQUIRED;
575 status = NT_STATUS_INVALID_DEVICE_REQUEST;
579 tevent_req_nterror(req, status);
580 return tevent_req_post(req, ev);
585 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
586 return tevent_req_post(req, ev);
589 static void smb2_ioctl_network_fs_copychunk_done(struct tevent_req *subreq)
591 struct tevent_req *req = tevent_req_callback_data(subreq,
593 struct smbd_smb2_ioctl_state *ioctl_state = tevent_req_data(req,
594 struct smbd_smb2_ioctl_state);
595 struct srv_copychunk_rsp cc_rsp;
597 bool pack_rsp = false;
600 status = fsctl_srv_copychunk_recv(subreq, &cc_rsp, &pack_rsp);
602 if (pack_rsp == true) {
603 enum ndr_err_code ndr_ret;
604 ndr_ret = ndr_push_struct_blob(&ioctl_state->out_output,
607 (ndr_push_flags_fn_t)ndr_push_srv_copychunk_rsp);
608 if (ndr_ret != NDR_ERR_SUCCESS) {
609 status = NT_STATUS_INTERNAL_ERROR;
613 if (!tevent_req_nterror(req, status)) {
614 tevent_req_done(req);
git.samba.org / obnox / samba / samba-obnox.git / blob