source3/smbd/smb2_ioctl_filesys.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Core SMB2 server
   4
   5    Copyright (C) Stefan Metzmacher 2009
   6    Copyright (C) David Disseldorp 2013-2015
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "smbd/smbd.h"
  24 #include "smbd/globals.h"
  25 #include "../libcli/smb/smb_common.h"
  26 #include "../libcli/security/security.h"
  27 #include "../lib/util/tevent_ntstatus.h"
  28 #include "rpc_server/srv_pipe_hnd.h"
  29 #include "include/ntioctl.h"
  30 #include "../librpc/ndr/libndr.h"
  31 #include "librpc/gen_ndr/ndr_ioctl.h"
  32 #include "smb2_ioctl_private.h"
  33
  34 /*
  35  * XXX this may reduce dup_extents->byte_count so that it's less than the
  36  * target file size.
  37  */
  38 static NTSTATUS fsctl_dup_extents_check_lengths(struct files_struct *src_fsp,
  39                                                 struct files_struct *dst_fsp,
  40                                 struct fsctl_dup_extents_to_file *dup_extents)
  41 {
  42         NTSTATUS status;
  43
  44         if ((dup_extents->source_off + dup_extents->byte_count
  45                                                 < dup_extents->source_off)
  46          || (dup_extents->target_off + dup_extents->byte_count
  47                                                 < dup_extents->target_off)) {
  48                 return NT_STATUS_INVALID_PARAMETER;     /* wrap */
  49         }
  50
  51         status = vfs_stat_fsp(src_fsp);
  52         if (!NT_STATUS_IS_OK(status)) {
  53                 return status;
  54         }
  55
  56         /*
  57          * XXX vfs_btrfs and vfs_default have size checks in the copychunk
  58          * handler, as this needs to be rechecked after the src has potentially
  59          * been extended by a previous chunk in the compound copychunk req.
  60          */
  61         if (src_fsp->fsp_name->st.st_ex_size
  62                         < dup_extents->source_off + dup_extents->byte_count) {
  63                 DEBUG(2, ("dup_extents req exceeds src size\n"));
  64                 return NT_STATUS_NOT_SUPPORTED;
  65         }
  66
  67         status = vfs_stat_fsp(dst_fsp);
  68         if (!NT_STATUS_IS_OK(status)) {
  69                 return status;
  70         }
  71
  72         if (dst_fsp->fsp_name->st.st_ex_size
  73                         < dup_extents->target_off + dup_extents->byte_count) {
  74
  75                 if (dst_fsp->fsp_name->st.st_ex_size - dup_extents->target_off
  76                                         > dst_fsp->fsp_name->st.st_ex_size) {
  77                         return NT_STATUS_INVALID_PARAMETER;     /* wrap */
  78                 }
  79
  80                 /*
  81                  * this server behaviour is pretty hairy, but we need to match
  82                  * Windows, so...
  83                  */
  84                 DEBUG(2, ("dup_extents req exceeds target size, capping\n"));
  85                 dup_extents->byte_count = dst_fsp->fsp_name->st.st_ex_size
  86                                                 - dup_extents->target_off;
  87         }
  88
  89         return NT_STATUS_OK;
  90 }
  91
  92 static NTSTATUS fsctl_dup_extents_check_overlap(struct files_struct *src_fsp,
  93                                                 struct files_struct *dst_fsp,
  94                                 struct fsctl_dup_extents_to_file *dup_extents)
  95 {
  96         uint64_t src_off_last;
  97         uint64_t tgt_off_last;
  98
  99         if (!file_id_equal(&src_fsp->file_id, &dst_fsp->file_id)) {
 100                 /* src and dest refer to different files */
 101                 return NT_STATUS_OK;
 102         }
 103
 104         if (dup_extents->byte_count == 0) {
 105                 /* no range to overlap */
 106                 return NT_STATUS_OK;
 107         }
 108
 109         /*
 110          * [MS-FSCC] 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE Reply
 111          * STATUS_NOT_SUPPORTED:
 112          * The source and target destination ranges overlap on the same file.
 113          */
 114
 115         src_off_last = dup_extents->source_off + dup_extents->byte_count - 1;
 116         if ((dup_extents->target_off >= dup_extents->source_off)
 117                                 && (dup_extents->target_off <= src_off_last)) {
 118                 /*
 119                  * src: |-----------|
 120                  * tgt:       |-----------|
 121                  */
 122                 return NT_STATUS_NOT_SUPPORTED;
 123         }
 124
 125
 126         tgt_off_last = dup_extents->target_off + dup_extents->byte_count - 1;
 127         if ((tgt_off_last >= dup_extents->source_off)
 128                                         && (tgt_off_last <= src_off_last)) {
 129                 /*
 130                  * src:       |-----------|
 131                  * tgt: |-----------|
 132                  */
 133                 return NT_STATUS_NOT_SUPPORTED;
 134         }
 135
 136         return NT_STATUS_OK;
 137 }
 138
 139 static NTSTATUS fsctl_dup_extents_check_sparse(struct files_struct *src_fsp,
 140                                                struct files_struct *dst_fsp)
 141 {
 142         /*
 143          * 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE Reply...
 144          * STATUS_NOT_SUPPORTED: Target file is sparse, while source
 145          *                       is a non-sparse file.
 146          *
 147          * WS2016 has the following behaviour (MS are in the process of fixing
 148          * the spec):
 149          * STATUS_NOT_SUPPORTED is returned if the source is sparse, while the
 150          * target is non-sparse. However, if target is sparse while the source
 151          * is non-sparse, then FSCTL_DUPLICATE_EXTENTS_TO_FILE completes
 152          * successfully.
 153          */
 154         if ((src_fsp->is_sparse) && (!dst_fsp->is_sparse)) {
 155                 return NT_STATUS_NOT_SUPPORTED;
 156         }
 157
 158         return NT_STATUS_OK;
 159 }
 160
 161 struct fsctl_dup_extents_state {
 162         struct tevent_context *ev;
 163         struct connection_struct *conn;
 164         struct files_struct *dst_fsp;
 165         struct fsctl_dup_extents_to_file dup_extents;
 166 };
 167
 168 static void fsctl_dup_extents_offload_read_done(struct tevent_req *subreq);
 169 static void fsctl_dup_extents_vfs_done(struct tevent_req *subreq);
 170
 171 static struct tevent_req *fsctl_dup_extents_send(TALLOC_CTX *mem_ctx,
 172                                                  struct tevent_context *ev,
 173                                                  struct files_struct *dst_fsp,
 174                                                  DATA_BLOB *in_input,
 175                                                  struct smbd_smb2_request *smb2req)
 176 {
 177         struct tevent_req *req = NULL;
 178         struct tevent_req *subreq = NULL;
 179         struct fsctl_dup_extents_state *state = NULL;
 180         uint64_t src_fid_persistent = 0;
 181         uint64_t src_fid_volatile = 0;
 182         struct files_struct *src_fsp = NULL;
 183         int ndr_ret;
 184         NTSTATUS status;
 185
 186         req = tevent_req_create(mem_ctx, &state,
 187                                 struct fsctl_dup_extents_state);
 188         if (req == NULL) {
 189                 return NULL;
 190         }
 191
 192         if (dst_fsp == NULL) {
 193                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
 194                 return tevent_req_post(req, ev);
 195         }
 196
 197         *state = (struct fsctl_dup_extents_state) {
 198                 .conn = dst_fsp->conn,
 199                 .ev = ev,
 200                 .dst_fsp = dst_fsp,
 201         };
 202
 203         if ((dst_fsp->conn->fs_capabilities
 204                                 & FILE_SUPPORTS_BLOCK_REFCOUNTING) == 0) {
 205                 DBG_INFO("FS does not advertise block refcounting support\n");
 206                 tevent_req_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
 207                 return tevent_req_post(req, ev);
 208         }
 209
 210         ndr_ret = ndr_pull_struct_blob(in_input, state, &state->dup_extents,
 211                        (ndr_pull_flags_fn_t)ndr_pull_fsctl_dup_extents_to_file);
 212         if (ndr_ret != NDR_ERR_SUCCESS) {
 213                 DBG_ERR("failed to unmarshall dup extents to file req\n");
 214                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
 215                 return tevent_req_post(req, ev);
 216         }
 217
 218         src_fid_persistent = BVAL(state->dup_extents.source_fid, 0);
 219         src_fid_volatile = BVAL(state->dup_extents.source_fid, 8);
 220         src_fsp = file_fsp_get(smb2req, src_fid_persistent, src_fid_volatile);
 221         if ((src_fsp == NULL)
 222                       || (src_fsp->file_id.devid != dst_fsp->file_id.devid)) {
 223                 /*
 224                  * [MS-FSCC] 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE Reply
 225                  * STATUS_INVALID_PARAMETER:
 226                  * The FileHandle parameter is either invalid or does not
 227                  * represent a handle to an opened file on the same volume.
 228                  *
 229                  * Windows Server responds with NT_STATUS_INVALID_HANDLE instead
 230                  * of STATUS_INVALID_PARAMETER here, despite the above spec.
 231                  */
 232                 DBG_ERR("invalid src_fsp for dup_extents\n");
 233                 tevent_req_nterror(req, NT_STATUS_INVALID_HANDLE);
 234                 return tevent_req_post(req, ev);
 235         }
 236
 237         status = fsctl_dup_extents_check_lengths(src_fsp, dst_fsp,
 238                                                  &state->dup_extents);
 239         if (!NT_STATUS_IS_OK(status)) {
 240                 tevent_req_nterror(req, status);
 241                 return tevent_req_post(req, ev);
 242         }
 243
 244         if (state->dup_extents.byte_count == 0) {
 245                 DBG_ERR("skipping zero length dup extents\n");
 246                 tevent_req_done(req);
 247                 return tevent_req_post(req, ev);
 248         }
 249
 250         status = fsctl_dup_extents_check_overlap(src_fsp, dst_fsp,
 251                                                  &state->dup_extents);
 252         if (!NT_STATUS_IS_OK(status)) {
 253                 tevent_req_nterror(req, status);
 254                 return tevent_req_post(req, ev);
 255         }
 256
 257         status = fsctl_dup_extents_check_sparse(src_fsp, dst_fsp);
 258         if (!NT_STATUS_IS_OK(status)) {
 259                 tevent_req_nterror(req, status);
 260                 return tevent_req_post(req, ev);
 261         }
 262
 263         subreq = SMB_VFS_OFFLOAD_READ_SEND(state, ev, src_fsp,
 264                                            FSCTL_DUP_EXTENTS_TO_FILE,
 265                                            0, 0, 0);
 266         if (tevent_req_nomem(subreq, req)) {
 267                 return tevent_req_post(req, ev);
 268         }
 269         tevent_req_set_callback(subreq, fsctl_dup_extents_offload_read_done,
 270                                 req);
 271         return req;
 272 }
 273
 274 static void fsctl_dup_extents_offload_read_done(struct tevent_req *subreq)
 275 {
 276         struct tevent_req *req = tevent_req_callback_data(
 277                 subreq, struct tevent_req);
 278         struct fsctl_dup_extents_state *state = tevent_req_data(
 279                 req, struct fsctl_dup_extents_state);
 280         DATA_BLOB token;
 281         NTSTATUS status;
 282
 283         status = SMB_VFS_OFFLOAD_READ_RECV(subreq, state->dst_fsp->conn,
 284                                            state, &token);
 285         if (tevent_req_nterror(req, status)) {
 286                 return;
 287         }
 288
 289         /* tell the VFS to ignore locks across the clone, matching ReFS */
 290         subreq = SMB_VFS_OFFLOAD_WRITE_SEND(state->dst_fsp->conn,
 291                                             state,
 292                                             state->ev,
 293                                             FSCTL_DUP_EXTENTS_TO_FILE,
 294                                             &token,
 295                                             state->dup_extents.source_off,
 296                                             state->dst_fsp,
 297                                             state->dup_extents.target_off,
 298                                             state->dup_extents.byte_count);
 299         if (tevent_req_nomem(subreq, req)) {
 300                 return;
 301         }
 302         tevent_req_set_callback(subreq, fsctl_dup_extents_vfs_done, req);
 303         return;
 304 }
 305
 306 static void fsctl_dup_extents_vfs_done(struct tevent_req *subreq)
 307 {
 308         struct tevent_req *req = tevent_req_callback_data(
 309                 subreq, struct tevent_req);
 310         struct fsctl_dup_extents_state *state = tevent_req_data(
 311                 req, struct fsctl_dup_extents_state);
 312         off_t nb_chunk;
 313         NTSTATUS status;
 314
 315         status = SMB_VFS_OFFLOAD_WRITE_RECV(state->conn, subreq, &nb_chunk);
 316         TALLOC_FREE(subreq);
 317         if (tevent_req_nterror(req, status)) {
 318                 return;
 319         }
 320
 321         if (nb_chunk != state->dup_extents.byte_count) {
 322                 tevent_req_nterror(req, NT_STATUS_IO_DEVICE_ERROR);
 323                 return;
 324         }
 325
 326         tevent_req_done(req);
 327 }
 328
 329 static NTSTATUS fsctl_dup_extents_recv(struct tevent_req *req)
 330 {
 331         return tevent_req_simple_recv_ntstatus(req);
 332 }
 333
 334 static NTSTATUS fsctl_get_cmprn(TALLOC_CTX *mem_ctx,
 335                                 struct tevent_context *ev,
 336                                 struct files_struct *fsp,
 337                                 size_t in_max_output,
 338                                 DATA_BLOB *out_output)
 339 {
 340         struct compression_state cmpr_state;
 341         enum ndr_err_code ndr_ret;
 342         DATA_BLOB output;
 343         NTSTATUS status;
 344
 345         if (fsp == NULL) {
 346                 return NT_STATUS_FILE_CLOSED;
 347         }
 348
 349         /* Windows doesn't check for SEC_FILE_READ_ATTRIBUTE permission here */
 350
 351         ZERO_STRUCT(cmpr_state);
 352         if (fsp->conn->fs_capabilities & FILE_FILE_COMPRESSION) {
 353                 status = SMB_VFS_GET_COMPRESSION(fsp->conn,
 354                                                  mem_ctx,
 355                                                  fsp,
 356                                                  NULL,
 357                                                  &cmpr_state.format);
 358                 if (!NT_STATUS_IS_OK(status)) {
 359                         return status;
 360                 }
 361         } else {
 362                 /*
 363                  * bso#12144: The underlying filesystem doesn't support
 364                  * compression, so we should respond with "not-compressed"
 365                  * (like WS2016 ReFS) instead of STATUS_NOT_SUPPORTED or
 366                  * NT_STATUS_INVALID_DEVICE_REQUEST.
 367                  */
 368                 cmpr_state.format = COMPRESSION_FORMAT_NONE;
 369         }
 370
 371         ndr_ret = ndr_push_struct_blob(&output, mem_ctx,
 372                                        &cmpr_state,
 373                         (ndr_push_flags_fn_t)ndr_push_compression_state);
 374         if (ndr_ret != NDR_ERR_SUCCESS) {
 375                 return NT_STATUS_INTERNAL_ERROR;
 376         }
 377
 378         if (in_max_output < output.length) {
 379                 DEBUG(1, ("max output %u too small for compression state %ld\n",
 380                       (unsigned int)in_max_output, (long int)output.length));
 381                 return NT_STATUS_INVALID_USER_BUFFER;
 382         }
 383         *out_output = output;
 384
 385         return NT_STATUS_OK;
 386 }
 387
 388 static NTSTATUS fsctl_set_cmprn(TALLOC_CTX *mem_ctx,
 389                                 struct tevent_context *ev,
 390                                 struct files_struct *fsp,
 391                                 DATA_BLOB *in_input)
 392 {
 393         struct compression_state cmpr_state;
 394         enum ndr_err_code ndr_ret;
 395         NTSTATUS status;
 396
 397         if (fsp == NULL) {
 398                 return NT_STATUS_FILE_CLOSED;
 399         }
 400
 401         /* WRITE_DATA permission is required, WRITE_ATTRIBUTES is not */
 402         status = check_access_fsp(fsp, FILE_WRITE_DATA);
 403         if (!NT_STATUS_IS_OK(status)) {
 404                 return status;
 405         }
 406
 407         ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &cmpr_state,
 408                         (ndr_pull_flags_fn_t)ndr_pull_compression_state);
 409         if (ndr_ret != NDR_ERR_SUCCESS) {
 410                 DEBUG(0, ("failed to unmarshall set compression req\n"));
 411                 return NT_STATUS_INVALID_PARAMETER;
 412         }
 413
 414         status = NT_STATUS_NOT_SUPPORTED;
 415         if (fsp->conn->fs_capabilities & FILE_FILE_COMPRESSION) {
 416                 status = SMB_VFS_SET_COMPRESSION(fsp->conn,
 417                                                  mem_ctx,
 418                                                  fsp,
 419                                                  cmpr_state.format);
 420         } else if (cmpr_state.format == COMPRESSION_FORMAT_NONE) {
 421                 /*
 422                  * bso#12144: The underlying filesystem doesn't support
 423                  * compression. We should still accept set(FORMAT_NONE) requests
 424                  * (like WS2016 ReFS).
 425                  */
 426                 status = NT_STATUS_OK;
 427         }
 428
 429         return status;
 430 }
 431
 432 static NTSTATUS fsctl_zero_data(TALLOC_CTX *mem_ctx,
 433                                 struct tevent_context *ev,
 434                                 struct files_struct *fsp,
 435                                 DATA_BLOB *in_input)
 436 {
 437         struct file_zero_data_info zdata_info;
 438         enum ndr_err_code ndr_ret;
 439         struct lock_struct lck;
 440         int mode;
 441         uint64_t len;
 442         int ret;
 443         NTSTATUS status;
 444
 445         if (fsp == NULL) {
 446                 return NT_STATUS_FILE_CLOSED;
 447         }
 448
 449         /* WRITE_DATA permission is required */
 450         status = check_access_fsp(fsp, FILE_WRITE_DATA);
 451         if (!NT_STATUS_IS_OK(status)) {
 452                 return status;
 453         }
 454
 455         /* allow regardless of whether FS supports sparse or not */
 456
 457         ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &zdata_info,
 458                         (ndr_pull_flags_fn_t)ndr_pull_file_zero_data_info);
 459         if (ndr_ret != NDR_ERR_SUCCESS) {
 460                 DEBUG(0, ("failed to unmarshall zero data request\n"));
 461                 return NT_STATUS_INVALID_PARAMETER;
 462         }
 463
 464         if (zdata_info.beyond_final_zero < zdata_info.file_off) {
 465                 DEBUG(0, ("invalid zero data params: off %lu, bfz, %lu\n",
 466                           (unsigned long)zdata_info.file_off,
 467                           (unsigned long)zdata_info.beyond_final_zero));
 468                 return NT_STATUS_INVALID_PARAMETER;
 469         }
 470
 471         /* convert strange "beyond final zero" param into length */
 472         len = zdata_info.beyond_final_zero - zdata_info.file_off;
 473
 474         if (len == 0) {
 475                 DEBUG(2, ("zero data called with zero length range\n"));
 476                 return NT_STATUS_OK;
 477         }
 478
 479         init_strict_lock_struct(fsp,
 480                                 fsp->op->global->open_persistent_id,
 481                                 zdata_info.file_off,
 482                                 len,
 483                                 WRITE_LOCK,
 484                                 &lck);
 485
 486         if (!SMB_VFS_STRICT_LOCK(fsp->conn, fsp, &lck)) {
 487                 DEBUG(2, ("failed to lock range for zero-data\n"));
 488                 return NT_STATUS_FILE_LOCK_CONFLICT;
 489         }
 490
 491         /*
 492          * MS-FSCC <58> Section 2.3.67
 493          * This FSCTL sets the range of bytes to zero (0) without extending the
 494          * file size.
 495          *
 496          * The VFS_FALLOCATE_FL_KEEP_SIZE flag is used to satisfy this
 497          * constraint.
 498          */
 499
 500         mode = VFS_FALLOCATE_FL_PUNCH_HOLE | VFS_FALLOCATE_FL_KEEP_SIZE;
 501         ret = SMB_VFS_FALLOCATE(fsp, mode, zdata_info.file_off, len);
 502         if (ret == -1)  {
 503                 status = map_nt_error_from_unix_common(errno);
 504                 DEBUG(2, ("zero-data fallocate(0x%x) failed: %s\n", mode,
 505                       strerror(errno)));
 506                 SMB_VFS_STRICT_UNLOCK(fsp->conn, fsp, &lck);
 507                 return status;
 508         }
 509
 510         if (!fsp->is_sparse && lp_strict_allocate(SNUM(fsp->conn))) {
 511                 /*
 512                  * File marked non-sparse and "strict allocate" is enabled -
 513                  * allocate the range that we just punched out.
 514                  * In future FALLOC_FL_ZERO_RANGE could be used exclusively for
 515                  * this, but it's currently only supported on XFS and ext4.
 516                  *
 517                  * The newly allocated range still won't be found by SEEK_DATA
 518                  * for QAR, but stat.st_blocks will reflect it.
 519                  */
 520                 ret = SMB_VFS_FALLOCATE(fsp, VFS_FALLOCATE_FL_KEEP_SIZE,
 521                                         zdata_info.file_off, len);
 522                 if (ret == -1)  {
 523                         status = map_nt_error_from_unix_common(errno);
 524                         DEBUG(0, ("fallocate failed: %s\n", strerror(errno)));
 525                         SMB_VFS_STRICT_UNLOCK(fsp->conn, fsp, &lck);
 526                         return status;
 527                 }
 528         }
 529
 530         SMB_VFS_STRICT_UNLOCK(fsp->conn, fsp, &lck);
 531         return NT_STATUS_OK;
 532 }
 533
 534 static NTSTATUS fsctl_qar_buf_push(TALLOC_CTX *mem_ctx,
 535                                    struct file_alloced_range_buf *qar_buf,
 536                                    DATA_BLOB *qar_array_blob)
 537 {
 538         DATA_BLOB new_slot;
 539         enum ndr_err_code ndr_ret;
 540         bool ok;
 541
 542         ndr_ret = ndr_push_struct_blob(&new_slot, mem_ctx, qar_buf,
 543                         (ndr_push_flags_fn_t)ndr_push_file_alloced_range_buf);
 544         if (ndr_ret != NDR_ERR_SUCCESS) {
 545                 DEBUG(0, ("failed to marshall QAR buf\n"));
 546                 return NT_STATUS_INVALID_PARAMETER;
 547         }
 548
 549         /* TODO should be able to avoid copy by pushing into prealloced buf */
 550         ok = data_blob_append(mem_ctx, qar_array_blob, new_slot.data,
 551                               new_slot.length);
 552         data_blob_free(&new_slot);
 553         if (!ok) {
 554                 return NT_STATUS_NO_MEMORY;
 555         }
 556
 557         return NT_STATUS_OK;
 558 }
 559
 560 static NTSTATUS fsctl_qar_seek_fill(TALLOC_CTX *mem_ctx,
 561                                     struct files_struct *fsp,
 562                                     off_t curr_off,
 563                                     off_t max_off,
 564                                     DATA_BLOB *qar_array_blob)
 565 {
 566         NTSTATUS status = NT_STATUS_NOT_SUPPORTED;
 567
 568 #ifdef HAVE_LSEEK_HOLE_DATA
 569         while (curr_off <= max_off) {
 570                 off_t data_off;
 571                 off_t hole_off;
 572                 struct file_alloced_range_buf qar_buf;
 573
 574                 /* seek next data */
 575                 data_off = SMB_VFS_LSEEK(fsp, curr_off, SEEK_DATA);
 576                 if ((data_off == -1) && (errno == ENXIO)) {
 577                         /* no data from curr_off to EOF */
 578                         break;
 579                 } else if (data_off == -1) {
 580                         status = map_nt_error_from_unix_common(errno);
 581                         DEBUG(1, ("lseek data failed: %s\n", strerror(errno)));
 582                         return status;
 583                 }
 584
 585                 if (data_off > max_off) {
 586                         /* found something, but passed range of interest */
 587                         break;
 588                 }
 589
 590                 hole_off = SMB_VFS_LSEEK(fsp, data_off, SEEK_HOLE);
 591                 if (hole_off == -1) {
 592                         status = map_nt_error_from_unix_common(errno);
 593                         DEBUG(1, ("lseek hole failed: %s\n", strerror(errno)));
 594                         return status;
 595                 }
 596
 597                 if (hole_off <= data_off) {
 598                         DEBUG(1, ("lseek inconsistent: hole %lu at or before "
 599                                   "data %lu\n", (unsigned long)hole_off,
 600                                   (unsigned long)data_off));
 601                         return NT_STATUS_INTERNAL_ERROR;
 602                 }
 603
 604                 qar_buf.file_off = data_off;
 605                 /* + 1 to convert maximum offset to length */
 606                 qar_buf.len = MIN(hole_off, max_off + 1) - data_off;
 607
 608                 status = fsctl_qar_buf_push(mem_ctx, &qar_buf, qar_array_blob);
 609                 if (!NT_STATUS_IS_OK(status)) {
 610                         return NT_STATUS_NO_MEMORY;
 611                 }
 612
 613                 curr_off = hole_off;
 614         }
 615         status = NT_STATUS_OK;
 616 #endif
 617
 618         return status;
 619 }
 620
 621 static NTSTATUS fsctl_qar(TALLOC_CTX *mem_ctx,
 622                           struct tevent_context *ev,
 623                           struct files_struct *fsp,
 624                           DATA_BLOB *in_input,
 625                           size_t in_max_output,
 626                           DATA_BLOB *out_output)
 627 {
 628         struct fsctl_query_alloced_ranges_req qar_req;
 629         struct fsctl_query_alloced_ranges_rsp qar_rsp;
 630         DATA_BLOB qar_array_blob = data_blob_null;
 631         uint64_t max_off;
 632         enum ndr_err_code ndr_ret;
 633         int ret;
 634         NTSTATUS status;
 635         SMB_STRUCT_STAT sbuf;
 636
 637         if (fsp == NULL) {
 638                 return NT_STATUS_FILE_CLOSED;
 639         }
 640
 641         /* READ_DATA permission is required */
 642         status = check_access_fsp(fsp, FILE_READ_DATA);
 643         if (!NT_STATUS_IS_OK(status)) {
 644                 return status;
 645         }
 646
 647         ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &qar_req,
 648                 (ndr_pull_flags_fn_t)ndr_pull_fsctl_query_alloced_ranges_req);
 649         if (ndr_ret != NDR_ERR_SUCCESS) {
 650                 DEBUG(0, ("failed to unmarshall QAR req\n"));
 651                 return NT_STATUS_INVALID_PARAMETER;
 652         }
 653
 654         /*
 655          * XXX Windows Server 2008 & 2012 servers don't return lock-conflict
 656          * for QAR requests over an exclusively locked range!
 657          */
 658
 659         ret = SMB_VFS_FSTAT(fsp, &sbuf);
 660         if (ret == -1) {
 661                 status = map_nt_error_from_unix_common(errno);
 662                 DEBUG(2, ("fstat failed: %s\n", strerror(errno)));
 663                 return status;
 664         }
 665
 666         if ((qar_req.buf.len == 0)
 667          || (sbuf.st_ex_size == 0)
 668          || (qar_req.buf.file_off >= sbuf.st_ex_size)) {
 669                 /* zero length range or after EOF, no ranges to return */
 670                 return NT_STATUS_OK;
 671         }
 672
 673         /* check for integer overflow */
 674         if (qar_req.buf.file_off + qar_req.buf.len < qar_req.buf.file_off) {
 675                 return NT_STATUS_INVALID_PARAMETER;
 676         }
 677
 678         /*
 679          * Maximum offset is either the last valid offset _before_ EOF, or the
 680          * last byte offset within the requested range. -1 converts length to
 681          * offset, which is easier to work with for SEEK_DATA/SEEK_HOLE, E.g.:
 682          *
 683          * /off=0             /off=512K          /st_ex_size=1M
 684          * |-------------------------------------|
 685          * | File data                           |
 686          * |-------------------------------------|
 687          *                                                   QAR end\
 688          *                    |=====================================|
 689          *                    |    QAR off=512K, len=1M             |
 690          *                    |=================^===================|
 691          *                                   max_off=1M - 1
 692          *             QAR end\
 693          * |==================|
 694          * |QAR off=0 len=512K|
 695          * |==================|
 696          *                   ^
 697          *                max_off=512K - 1
 698          */
 699         max_off = MIN(sbuf.st_ex_size,
 700                       qar_req.buf.file_off + qar_req.buf.len) - 1;
 701
 702         if (!fsp->is_sparse) {
 703                 struct file_alloced_range_buf qar_buf;
 704
 705                 /* file is non-sparse, claim file_off->max_off is allocated */
 706                 qar_buf.file_off = qar_req.buf.file_off;
 707                 /* + 1 to convert maximum offset back to length */
 708                 qar_buf.len = max_off - qar_req.buf.file_off + 1;
 709
 710                 status = fsctl_qar_buf_push(mem_ctx, &qar_buf, &qar_array_blob);
 711         } else {
 712                 status = fsctl_qar_seek_fill(mem_ctx, fsp, qar_req.buf.file_off,
 713                                              max_off, &qar_array_blob);
 714         }
 715         if (!NT_STATUS_IS_OK(status)) {
 716                 return status;
 717         }
 718
 719         /* marshall response buffer. */
 720         qar_rsp.far_buf_array = qar_array_blob;
 721
 722         ndr_ret = ndr_push_struct_blob(out_output, mem_ctx, &qar_rsp,
 723                 (ndr_push_flags_fn_t)ndr_push_fsctl_query_alloced_ranges_rsp);
 724         if (ndr_ret != NDR_ERR_SUCCESS) {
 725                 DEBUG(0, ("failed to marshall QAR rsp\n"));
 726                 return NT_STATUS_INVALID_PARAMETER;
 727         }
 728
 729         if (out_output->length > in_max_output) {
 730                 DEBUG(2, ("QAR output len %lu exceeds max %lu\n",
 731                           (unsigned long)out_output->length,
 732                           (unsigned long)in_max_output));
 733                 data_blob_free(out_output);
 734                 return NT_STATUS_BUFFER_TOO_SMALL;
 735         }
 736
 737         return NT_STATUS_OK;
 738 }
 739
 740 static void smb2_ioctl_filesys_dup_extents_done(struct tevent_req *subreq);
 741
 742 struct tevent_req *smb2_ioctl_filesys(uint32_t ctl_code,
 743                                       struct tevent_context *ev,
 744                                       struct tevent_req *req,
 745                                       struct smbd_smb2_ioctl_state *state)
 746 {
 747         NTSTATUS status;
 748
 749         switch (ctl_code) {
 750         case FSCTL_GET_COMPRESSION:
 751                 status = fsctl_get_cmprn(state, ev, state->fsp,
 752                                          state->in_max_output,
 753                                          &state->out_output);
 754                 if (!tevent_req_nterror(req, status)) {
 755                         tevent_req_done(req);
 756                 }
 757                 return tevent_req_post(req, ev);
 758                 break;
 759         case FSCTL_SET_COMPRESSION:
 760                 status = fsctl_set_cmprn(state, ev, state->fsp,
 761                                          &state->in_input);
 762                 if (!tevent_req_nterror(req, status)) {
 763                         tevent_req_done(req);
 764                 }
 765                 return tevent_req_post(req, ev);
 766                 break;
 767         case FSCTL_SET_ZERO_DATA:
 768                 status = fsctl_zero_data(state, ev, state->fsp,
 769                                          &state->in_input);
 770                 if (!tevent_req_nterror(req, status)) {
 771                         tevent_req_done(req);
 772                 }
 773                 return tevent_req_post(req, ev);
 774                 break;
 775         case FSCTL_QUERY_ALLOCATED_RANGES:
 776                 status = fsctl_qar(state, ev, state->fsp,
 777                                    &state->in_input,
 778                                    state->in_max_output,
 779                                    &state->out_output);
 780                 if (!tevent_req_nterror(req, status)) {
 781                         tevent_req_done(req);
 782                 }
 783                 return tevent_req_post(req, ev);
 784                 break;
 785         case FSCTL_DUP_EXTENTS_TO_FILE: {
 786                 struct tevent_req *subreq = NULL;
 787
 788                 subreq = fsctl_dup_extents_send(state, ev,
 789                                                 state->fsp,
 790                                                 &state->in_input,
 791                                                 state->smb2req);
 792                 if (tevent_req_nomem(subreq, req)) {
 793                         return tevent_req_post(req, ev);
 794                 }
 795                 tevent_req_set_callback(subreq,
 796                                         smb2_ioctl_filesys_dup_extents_done,
 797                                         req);
 798                 return req;
 799                 break;
 800         }
 801         default: {
 802                 uint8_t *out_data = NULL;
 803                 uint32_t out_data_len = 0;
 804
 805                 if (state->fsp == NULL) {
 806                         status = NT_STATUS_NOT_SUPPORTED;
 807                 } else {
 808                         status = SMB_VFS_FSCTL(state->fsp,
 809                                                state,
 810                                                ctl_code,
 811                                                state->smbreq->flags2,
 812                                                state->in_input.data,
 813                                                state->in_input.length,
 814                                                &out_data,
 815                                                state->in_max_output,
 816                                                &out_data_len);
 817                         state->out_output = data_blob_const(out_data, out_data_len);
 818                         if (NT_STATUS_IS_OK(status)) {
 819                                 tevent_req_done(req);
 820                                 return tevent_req_post(req, ev);
 821                         }
 822                 }
 823
 824                 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
 825                         if (IS_IPC(state->smbreq->conn)) {
 826                                 status = NT_STATUS_FS_DRIVER_REQUIRED;
 827                         } else {
 828                                 status = NT_STATUS_INVALID_DEVICE_REQUEST;
 829                         }
 830                 }
 831
 832                 tevent_req_nterror(req, status);
 833                 return tevent_req_post(req, ev);
 834                 break;
 835         }
 836         }
 837
 838         tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
 839         return tevent_req_post(req, ev);
 840 }
 841
 842 static void smb2_ioctl_filesys_dup_extents_done(struct tevent_req *subreq)
 843 {
 844         struct tevent_req *req = tevent_req_callback_data(subreq,
 845                                                           struct tevent_req);
 846         NTSTATUS status;
 847
 848         status = fsctl_dup_extents_recv(subreq);
 849         TALLOC_FREE(subreq);
 850         if (!tevent_req_nterror(req, status)) {
 851                 tevent_req_done(req);
 852         }
 853 }