1 /* $NetBSD: vfs_lookup.c,v 1.184 2011/05/16 15:09:31 dholland Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.184 2011/05/16 15:09:31 dholland Exp $"); 41 42 #include "opt_magiclinks.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/syslimits.h> 48 #include <sys/time.h> 49 #include <sys/namei.h> 50 #include <sys/vnode.h> 51 #include <sys/mount.h> 52 #include <sys/errno.h> 53 #include <sys/filedesc.h> 54 #include <sys/hash.h> 55 #include <sys/proc.h> 56 #include <sys/syslog.h> 57 #include <sys/kauth.h> 58 #include <sys/ktrace.h> 59 60 #ifndef MAGICLINKS 61 #define MAGICLINKS 0 62 #endif 63 64 int vfs_magiclinks = MAGICLINKS; 65 66 /* 67 * Substitute replacement text for 'magic' strings in symlinks. 68 * Returns 0 if successful, and returns non-zero if an error 69 * occurs. (Currently, the only possible error is running out 70 * of temporary pathname space.) 71 * 72 * Looks for "@<string>" and "@<string>/", where <string> is a 73 * recognized 'magic' string. Replaces the "@<string>" with the 74 * appropriate replacement text. (Note that in some cases the 75 * replacement text may have zero length.) 76 * 77 * This would have been table driven, but the variance in 78 * replacement strings (and replacement string lengths) made 79 * that impractical. 80 */ 81 #define VNL(x) \ 82 (sizeof(x) - 1) 83 84 #define VO '{' 85 #define VC '}' 86 87 #define MATCH(str) \ 88 ((termchar == '/' && i + VNL(str) == *len) || \ 89 (i + VNL(str) < *len && \ 90 cp[i + VNL(str)] == termchar)) && \ 91 !strncmp((str), &cp[i], VNL(str)) 92 93 #define SUBSTITUTE(m, s, sl) \ 94 if ((newlen + (sl)) >= MAXPATHLEN) \ 95 return 1; \ 96 i += VNL(m); \ 97 if (termchar != '/') \ 98 i++; \ 99 (void)memcpy(&tmp[newlen], (s), (sl)); \ 100 newlen += (sl); \ 101 change = 1; \ 102 termchar = '/'; 103 104 static int 105 symlink_magic(struct proc *p, char *cp, size_t *len) 106 { 107 char *tmp; 108 size_t change, i, newlen, slen; 109 char termchar = '/'; 110 char idtmp[11]; /* enough for 32 bit *unsigned* integer */ 111 112 113 tmp = PNBUF_GET(); 114 for (change = i = newlen = 0; i < *len; ) { 115 if (cp[i] != '@') { 116 tmp[newlen++] = cp[i++]; 117 continue; 118 } 119 120 i++; 121 122 /* Check for @{var} syntax. */ 123 if (cp[i] == VO) { 124 termchar = VC; 125 i++; 126 } 127 128 /* 129 * The following checks should be ordered according 130 * to frequency of use. 131 */ 132 if (MATCH("machine_arch")) { 133 slen = VNL(MACHINE_ARCH); 134 SUBSTITUTE("machine_arch", MACHINE_ARCH, slen); 135 } else if (MATCH("machine")) { 136 slen = VNL(MACHINE); 137 SUBSTITUTE("machine", MACHINE, slen); 138 } else if (MATCH("hostname")) { 139 SUBSTITUTE("hostname", hostname, hostnamelen); 140 } else if (MATCH("osrelease")) { 141 slen = strlen(osrelease); 142 SUBSTITUTE("osrelease", osrelease, slen); 143 } else if (MATCH("emul")) { 144 slen = strlen(p->p_emul->e_name); 145 SUBSTITUTE("emul", p->p_emul->e_name, slen); 146 } else if (MATCH("kernel_ident")) { 147 slen = strlen(kernel_ident); 148 SUBSTITUTE("kernel_ident", kernel_ident, slen); 149 } else if (MATCH("domainname")) { 150 SUBSTITUTE("domainname", domainname, domainnamelen); 151 } else if (MATCH("ostype")) { 152 slen = strlen(ostype); 153 SUBSTITUTE("ostype", ostype, slen); 154 } else if (MATCH("uid")) { 155 slen = snprintf(idtmp, sizeof(idtmp), "%u", 156 kauth_cred_geteuid(kauth_cred_get())); 157 SUBSTITUTE("uid", idtmp, slen); 158 } else if (MATCH("ruid")) { 159 slen = snprintf(idtmp, sizeof(idtmp), "%u", 160 kauth_cred_getuid(kauth_cred_get())); 161 SUBSTITUTE("ruid", idtmp, slen); 162 } else if (MATCH("gid")) { 163 slen = snprintf(idtmp, sizeof(idtmp), "%u", 164 kauth_cred_getegid(kauth_cred_get())); 165 SUBSTITUTE("gid", idtmp, slen); 166 } else if (MATCH("rgid")) { 167 slen = snprintf(idtmp, sizeof(idtmp), "%u", 168 kauth_cred_getgid(kauth_cred_get())); 169 SUBSTITUTE("rgid", idtmp, slen); 170 } else { 171 tmp[newlen++] = '@'; 172 if (termchar == VC) 173 tmp[newlen++] = VO; 174 } 175 } 176 177 if (change) { 178 (void)memcpy(cp, tmp, newlen); 179 *len = newlen; 180 } 181 PNBUF_PUT(tmp); 182 183 return 0; 184 } 185 186 #undef VNL 187 #undef VO 188 #undef VC 189 #undef MATCH 190 #undef SUBSTITUTE 191 192 //////////////////////////////////////////////////////////// 193 194 /* 195 * Determine the namei hash (for cn_hash) for name. 196 * If *ep != NULL, hash from name to ep-1. 197 * If *ep == NULL, hash from name until the first NUL or '/', and 198 * return the location of this termination character in *ep. 199 * 200 * This function returns an equivalent hash to the MI hash32_strn(). 201 * The latter isn't used because in the *ep == NULL case, determining 202 * the length of the string to the first NUL or `/' and then calling 203 * hash32_strn() involves unnecessary double-handling of the data. 204 */ 205 uint32_t 206 namei_hash(const char *name, const char **ep) 207 { 208 uint32_t hash; 209 210 hash = HASH32_STR_INIT; 211 if (*ep != NULL) { 212 for (; name < *ep; name++) 213 hash = hash * 33 + *(const uint8_t *)name; 214 } else { 215 for (; *name != '\0' && *name != '/'; name++) 216 hash = hash * 33 + *(const uint8_t *)name; 217 *ep = name; 218 } 219 return (hash + (hash >> 5)); 220 } 221 222 //////////////////////////////////////////////////////////// 223 224 /* 225 * Sealed abstraction for pathnames. 226 * 227 * System-call-layer level code that is going to call namei should 228 * first create a pathbuf and adjust all the bells and whistles on it 229 * as needed by context. 230 */ 231 232 struct pathbuf { 233 char *pb_path; 234 char *pb_pathcopy; 235 unsigned pb_pathcopyuses; 236 }; 237 238 static struct pathbuf * 239 pathbuf_create_raw(void) 240 { 241 struct pathbuf *pb; 242 243 pb = kmem_alloc(sizeof(*pb), KM_SLEEP); 244 if (pb == NULL) { 245 return NULL; 246 } 247 pb->pb_path = PNBUF_GET(); 248 if (pb->pb_path == NULL) { 249 kmem_free(pb, sizeof(*pb)); 250 return NULL; 251 } 252 pb->pb_pathcopy = NULL; 253 pb->pb_pathcopyuses = 0; 254 return pb; 255 } 256 257 void 258 pathbuf_destroy(struct pathbuf *pb) 259 { 260 KASSERT(pb->pb_pathcopyuses == 0); 261 KASSERT(pb->pb_pathcopy == NULL); 262 PNBUF_PUT(pb->pb_path); 263 kmem_free(pb, sizeof(*pb)); 264 } 265 266 struct pathbuf * 267 pathbuf_assimilate(char *pnbuf) 268 { 269 struct pathbuf *pb; 270 271 pb = kmem_alloc(sizeof(*pb), KM_SLEEP); 272 if (pb == NULL) { 273 return NULL; 274 } 275 pb->pb_path = pnbuf; 276 pb->pb_pathcopy = NULL; 277 pb->pb_pathcopyuses = 0; 278 return pb; 279 } 280 281 struct pathbuf * 282 pathbuf_create(const char *path) 283 { 284 struct pathbuf *pb; 285 int error; 286 287 pb = pathbuf_create_raw(); 288 if (pb == NULL) { 289 return NULL; 290 } 291 error = copystr(path, pb->pb_path, PATH_MAX, NULL); 292 if (error != 0) { 293 KASSERT(!"kernel path too long in pathbuf_create"); 294 /* make sure it's null-terminated, just in case */ 295 pb->pb_path[PATH_MAX-1] = '\0'; 296 } 297 return pb; 298 } 299 300 int 301 pathbuf_copyin(const char *userpath, struct pathbuf **ret) 302 { 303 struct pathbuf *pb; 304 int error; 305 306 pb = pathbuf_create_raw(); 307 if (pb == NULL) { 308 return ENOMEM; 309 } 310 error = copyinstr(userpath, pb->pb_path, PATH_MAX, NULL); 311 if (error) { 312 pathbuf_destroy(pb); 313 return error; 314 } 315 *ret = pb; 316 return 0; 317 } 318 319 /* 320 * XXX should not exist: 321 * 1. whether a pointer is kernel or user should be statically checkable. 322 * 2. copyin should be handled by the upper part of the syscall layer, 323 * not in here. 324 */ 325 int 326 pathbuf_maybe_copyin(const char *path, enum uio_seg seg, struct pathbuf **ret) 327 { 328 if (seg == UIO_USERSPACE) { 329 return pathbuf_copyin(path, ret); 330 } else { 331 *ret = pathbuf_create(path); 332 if (*ret == NULL) { 333 return ENOMEM; 334 } 335 return 0; 336 } 337 } 338 339 /* 340 * Get a copy of the path buffer as it currently exists. If this is 341 * called after namei starts the results may be arbitrary. 342 */ 343 void 344 pathbuf_copystring(const struct pathbuf *pb, char *buf, size_t maxlen) 345 { 346 strlcpy(buf, pb->pb_path, maxlen); 347 } 348 349 /* 350 * These two functions allow access to a saved copy of the original 351 * path string. The first copy should be gotten before namei is 352 * called. Each copy that is gotten should be put back. 353 */ 354 355 const char * 356 pathbuf_stringcopy_get(struct pathbuf *pb) 357 { 358 if (pb->pb_pathcopyuses == 0) { 359 pb->pb_pathcopy = PNBUF_GET(); 360 strcpy(pb->pb_pathcopy, pb->pb_path); 361 } 362 pb->pb_pathcopyuses++; 363 return pb->pb_pathcopy; 364 } 365 366 void 367 pathbuf_stringcopy_put(struct pathbuf *pb, const char *str) 368 { 369 KASSERT(str == pb->pb_pathcopy); 370 KASSERT(pb->pb_pathcopyuses > 0); 371 pb->pb_pathcopyuses--; 372 if (pb->pb_pathcopyuses == 0) { 373 PNBUF_PUT(pb->pb_pathcopy); 374 pb->pb_pathcopy = NULL; 375 } 376 } 377 378 379 //////////////////////////////////////////////////////////// 380 381 /* 382 * namei: convert a pathname into a pointer to a (maybe-locked) vnode, 383 * and maybe also its parent directory vnode, and assorted other guff. 384 * See namei(9) for the interface documentation. 385 * 386 * 387 * The FOLLOW flag is set when symbolic links are to be followed 388 * when they occur at the end of the name translation process. 389 * Symbolic links are always followed for all other pathname 390 * components other than the last. 391 * 392 * The segflg defines whether the name is to be copied from user 393 * space or kernel space. 394 * 395 * Overall outline of namei: 396 * 397 * copy in name 398 * get starting directory 399 * while (!done && !error) { 400 * call lookup to search path. 401 * if symbolic link, massage name in buffer and continue 402 * } 403 */ 404 405 /* 406 * Search a pathname. 407 * This is a very central and rather complicated routine. 408 * 409 * The pathname is pointed to by ni_ptr and is of length ni_pathlen. 410 * The starting directory is passed in. The pathname is descended 411 * until done, or a symbolic link is encountered. The variable ni_more 412 * is clear if the path is completed; it is set to one if a symbolic 413 * link needing interpretation is encountered. 414 * 415 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on 416 * whether the name is to be looked up, created, renamed, or deleted. 417 * When CREATE, RENAME, or DELETE is specified, information usable in 418 * creating, renaming, or deleting a directory entry may be calculated. 419 * If flag has LOCKPARENT or'ed into it, the parent directory is returned 420 * locked. Otherwise the parent directory is not returned. If the target 421 * of the pathname exists and LOCKLEAF is or'ed into the flag the target 422 * is returned locked, otherwise it is returned unlocked. When creating 423 * or renaming and LOCKPARENT is specified, the target may not be ".". 424 * When deleting and LOCKPARENT is specified, the target may be ".". 425 * 426 * Overall outline of lookup: 427 * 428 * dirloop: 429 * identify next component of name at ndp->ni_ptr 430 * handle degenerate case where name is null string 431 * if .. and crossing mount points and on mounted filesys, find parent 432 * call VOP_LOOKUP routine for next component name 433 * directory vnode returned in ni_dvp, locked. 434 * component vnode returned in ni_vp (if it exists), locked. 435 * if result vnode is mounted on and crossing mount points, 436 * find mounted on vnode 437 * if more components of name, do next level at dirloop 438 * return the answer in ni_vp, locked if LOCKLEAF set 439 * if LOCKPARENT set, return locked parent in ni_dvp 440 */ 441 442 443 /* 444 * Internal state for a namei operation. 445 * 446 * cnp is always equal to &ndp->ni_cnp. 447 */ 448 struct namei_state { 449 struct nameidata *ndp; 450 struct componentname *cnp; 451 452 int docache; /* == 0 do not cache last component */ 453 int rdonly; /* lookup read-only flag bit */ 454 int slashes; 455 456 unsigned attempt_retry:1; /* true if error allows emul retry */ 457 }; 458 459 460 /* 461 * Initialize the namei working state. 462 */ 463 static void 464 namei_init(struct namei_state *state, struct nameidata *ndp) 465 { 466 state->ndp = ndp; 467 state->cnp = &ndp->ni_cnd; 468 KASSERT((state->cnp->cn_flags & INRELOOKUP) == 0); 469 470 state->docache = 0; 471 state->rdonly = 0; 472 state->slashes = 0; 473 474 #ifdef DIAGNOSTIC 475 if (!state->cnp->cn_cred) 476 panic("namei: bad cred/proc"); 477 if (state->cnp->cn_nameiop & (~OPMASK)) 478 panic("namei: nameiop contaminated with flags"); 479 if (state->cnp->cn_flags & OPMASK) 480 panic("namei: flags contaminated with nameiops"); 481 #endif 482 483 /* 484 * The buffer for name translation shall be the one inside the 485 * pathbuf. 486 */ 487 state->ndp->ni_pnbuf = state->ndp->ni_pathbuf->pb_path; 488 } 489 490 /* 491 * Clean up the working namei state, leaving things ready for return 492 * from namei. 493 */ 494 static void 495 namei_cleanup(struct namei_state *state) 496 { 497 KASSERT(state->cnp == &state->ndp->ni_cnd); 498 499 /* nothing for now */ 500 (void)state; 501 } 502 503 ////////////////////////////// 504 505 /* 506 * Get the directory context. 507 * Initializes the rootdir and erootdir state and returns a reference 508 * to the starting dir. 509 */ 510 static struct vnode * 511 namei_getstartdir(struct namei_state *state) 512 { 513 struct nameidata *ndp = state->ndp; 514 struct componentname *cnp = state->cnp; 515 struct cwdinfo *cwdi; /* pointer to cwd state */ 516 struct lwp *self = curlwp; /* thread doing namei() */ 517 struct vnode *rootdir, *erootdir, *curdir, *startdir; 518 519 cwdi = self->l_proc->p_cwdi; 520 rw_enter(&cwdi->cwdi_lock, RW_READER); 521 522 /* root dir */ 523 if (cwdi->cwdi_rdir == NULL || (cnp->cn_flags & NOCHROOT)) { 524 rootdir = rootvnode; 525 } else { 526 rootdir = cwdi->cwdi_rdir; 527 } 528 529 /* emulation root dir, if any */ 530 if ((cnp->cn_flags & TRYEMULROOT) == 0) { 531 /* if we don't want it, don't fetch it */ 532 erootdir = NULL; 533 } else if (cnp->cn_flags & EMULROOTSET) { 534 /* explicitly set emulroot; "/../" doesn't override this */ 535 erootdir = ndp->ni_erootdir; 536 } else if (!strncmp(ndp->ni_pnbuf, "/../", 4)) { 537 /* explicit reference to real rootdir */ 538 erootdir = NULL; 539 } else { 540 /* may be null */ 541 erootdir = cwdi->cwdi_edir; 542 } 543 544 /* current dir */ 545 curdir = cwdi->cwdi_cdir; 546 547 if (ndp->ni_pnbuf[0] != '/') { 548 startdir = curdir; 549 erootdir = NULL; 550 } else if (cnp->cn_flags & TRYEMULROOT && erootdir != NULL) { 551 startdir = erootdir; 552 } else { 553 startdir = rootdir; 554 erootdir = NULL; 555 } 556 557 state->ndp->ni_rootdir = rootdir; 558 state->ndp->ni_erootdir = erootdir; 559 560 /* 561 * Get a reference to the start dir so we can safely unlock cwdi. 562 * 563 * XXX: should we hold references to rootdir and erootdir while 564 * we're running? What happens if a multithreaded process chroots 565 * during namei? 566 */ 567 vref(startdir); 568 569 rw_exit(&cwdi->cwdi_lock); 570 return startdir; 571 } 572 573 /* 574 * Get the directory context for the nfsd case, in parallel to 575 * getstartdir. Initializes the rootdir and erootdir state and 576 * returns a reference to the passed-in starting dir. 577 */ 578 static struct vnode * 579 namei_getstartdir_for_nfsd(struct namei_state *state, struct vnode *startdir) 580 { 581 /* always use the real root, and never set an emulation root */ 582 state->ndp->ni_rootdir = rootvnode; 583 state->ndp->ni_erootdir = NULL; 584 585 vref(startdir); 586 return startdir; 587 } 588 589 590 /* 591 * Ktrace the namei operation. 592 */ 593 static void 594 namei_ktrace(struct namei_state *state) 595 { 596 struct nameidata *ndp = state->ndp; 597 struct componentname *cnp = state->cnp; 598 struct lwp *self = curlwp; /* thread doing namei() */ 599 const char *emul_path; 600 601 if (ktrpoint(KTR_NAMEI)) { 602 if (ndp->ni_erootdir != NULL) { 603 /* 604 * To make any sense, the trace entry need to have the 605 * text of the emulation path prepended. 606 * Usually we can get this from the current process, 607 * but when called from emul_find_interp() it is only 608 * in the exec_package - so we get it passed in ni_next 609 * (this is a hack). 610 */ 611 if (cnp->cn_flags & EMULROOTSET) 612 emul_path = ndp->ni_next; 613 else 614 emul_path = self->l_proc->p_emul->e_path; 615 ktrnamei2(emul_path, strlen(emul_path), 616 ndp->ni_pnbuf, ndp->ni_pathlen); 617 } else 618 ktrnamei(ndp->ni_pnbuf, ndp->ni_pathlen); 619 } 620 } 621 622 /* 623 * Start up namei. Find the root dir and cwd, establish the starting 624 * directory for lookup, and lock it. Also calls ktrace when 625 * appropriate. 626 */ 627 static int 628 namei_start(struct namei_state *state, struct vnode *forcecwd, 629 struct vnode **startdir_ret) 630 { 631 struct nameidata *ndp = state->ndp; 632 struct vnode *startdir; 633 634 /* length includes null terminator (was originally from copyinstr) */ 635 ndp->ni_pathlen = strlen(ndp->ni_pnbuf) + 1; 636 637 /* 638 * POSIX.1 requirement: "" is not a valid file name. 639 */ 640 if (ndp->ni_pathlen == 1) { 641 return ENOENT; 642 } 643 644 ndp->ni_loopcnt = 0; 645 646 /* Get starting directory, set up root, and ktrace. */ 647 if (forcecwd != NULL) { 648 startdir = namei_getstartdir_for_nfsd(state, forcecwd); 649 /* no ktrace */ 650 } else { 651 startdir = namei_getstartdir(state); 652 namei_ktrace(state); 653 } 654 655 vn_lock(startdir, LK_EXCLUSIVE | LK_RETRY); 656 657 *startdir_ret = startdir; 658 return 0; 659 } 660 661 /* 662 * Check for being at a symlink that we're going to follow. 663 */ 664 static inline int 665 namei_atsymlink(struct namei_state *state, struct vnode *foundobj) 666 { 667 return (foundobj->v_type == VLNK) && 668 (state->cnp->cn_flags & (FOLLOW|REQUIREDIR)); 669 } 670 671 /* 672 * Follow a symlink. 673 * 674 * Updates searchdir. inhibitmagic causes magic symlinks to not be 675 * interpreted; this is used by nfsd. 676 * 677 * Unlocks foundobj on success (ugh) 678 */ 679 static inline int 680 namei_follow(struct namei_state *state, int inhibitmagic, 681 struct vnode *searchdir, struct vnode *foundobj, 682 struct vnode **newsearchdir_ret) 683 { 684 struct nameidata *ndp = state->ndp; 685 struct componentname *cnp = state->cnp; 686 687 struct lwp *self = curlwp; /* thread doing namei() */ 688 struct iovec aiov; /* uio for reading symbolic links */ 689 struct uio auio; 690 char *cp; /* pointer into pathname argument */ 691 size_t linklen; 692 int error; 693 694 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 695 KASSERT(VOP_ISLOCKED(foundobj) == LK_EXCLUSIVE); 696 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) { 697 return ELOOP; 698 } 699 if (foundobj->v_mount->mnt_flag & MNT_SYMPERM) { 700 error = VOP_ACCESS(foundobj, VEXEC, cnp->cn_cred); 701 if (error != 0) 702 return error; 703 } 704 705 /* FUTURE: fix this to not use a second buffer */ 706 cp = PNBUF_GET(); 707 aiov.iov_base = cp; 708 aiov.iov_len = MAXPATHLEN; 709 auio.uio_iov = &aiov; 710 auio.uio_iovcnt = 1; 711 auio.uio_offset = 0; 712 auio.uio_rw = UIO_READ; 713 auio.uio_resid = MAXPATHLEN; 714 UIO_SETUP_SYSSPACE(&auio); 715 error = VOP_READLINK(foundobj, &auio, cnp->cn_cred); 716 if (error) { 717 PNBUF_PUT(cp); 718 return error; 719 } 720 linklen = MAXPATHLEN - auio.uio_resid; 721 if (linklen == 0) { 722 PNBUF_PUT(cp); 723 return ENOENT; 724 } 725 726 /* 727 * Do symlink substitution, if appropriate, and 728 * check length for potential overflow. 729 * 730 * Inhibit symlink substitution for nfsd. 731 * XXX: This is how it was before; is that a bug or a feature? 732 */ 733 if ((!inhibitmagic && vfs_magiclinks && 734 symlink_magic(self->l_proc, cp, &linklen)) || 735 (linklen + ndp->ni_pathlen >= MAXPATHLEN)) { 736 PNBUF_PUT(cp); 737 return ENAMETOOLONG; 738 } 739 if (ndp->ni_pathlen > 1) { 740 /* includes a null-terminator */ 741 memcpy(cp + linklen, ndp->ni_next, ndp->ni_pathlen); 742 } else { 743 cp[linklen] = '\0'; 744 } 745 ndp->ni_pathlen += linklen; 746 memcpy(ndp->ni_pnbuf, cp, ndp->ni_pathlen); 747 PNBUF_PUT(cp); 748 749 /* we're now starting from the beginning of the buffer again */ 750 cnp->cn_nameptr = ndp->ni_pnbuf; 751 752 /* must unlock this before relocking searchdir */ 753 VOP_UNLOCK(foundobj); 754 755 /* 756 * Check if root directory should replace current directory. 757 */ 758 if (ndp->ni_pnbuf[0] == '/') { 759 vput(searchdir); 760 /* Keep absolute symbolic links inside emulation root */ 761 searchdir = ndp->ni_erootdir; 762 if (searchdir == NULL || 763 (ndp->ni_pnbuf[1] == '.' 764 && ndp->ni_pnbuf[2] == '.' 765 && ndp->ni_pnbuf[3] == '/')) { 766 ndp->ni_erootdir = NULL; 767 searchdir = ndp->ni_rootdir; 768 } 769 vref(searchdir); 770 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 771 } 772 773 *newsearchdir_ret = searchdir; 774 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 775 return 0; 776 } 777 778 ////////////////////////////// 779 780 /* 781 * Inspect the leading path component and update the state accordingly. 782 */ 783 static int 784 lookup_parsepath(struct namei_state *state) 785 { 786 const char *cp; /* pointer into pathname argument */ 787 788 struct componentname *cnp = state->cnp; 789 struct nameidata *ndp = state->ndp; 790 791 KASSERT(cnp == &ndp->ni_cnd); 792 793 /* 794 * Search a new directory. 795 * 796 * The cn_hash value is for use by vfs_cache. 797 * The last component of the filename is left accessible via 798 * cnp->cn_nameptr for callers that need the name. Callers needing 799 * the name set the SAVENAME flag. When done, they assume 800 * responsibility for freeing the pathname buffer. 801 * 802 * At this point, our only vnode state is that the search dir 803 * is held and locked. 804 */ 805 cnp->cn_consume = 0; 806 cp = NULL; 807 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 808 cnp->cn_namelen = cp - cnp->cn_nameptr; 809 if (cnp->cn_namelen > NAME_MAX) { 810 return ENAMETOOLONG; 811 } 812 #ifdef NAMEI_DIAGNOSTIC 813 { char c = *cp; 814 *(char *)cp = '\0'; 815 printf("{%s}: ", cnp->cn_nameptr); 816 *(char *)cp = c; } 817 #endif /* NAMEI_DIAGNOSTIC */ 818 ndp->ni_pathlen -= cnp->cn_namelen; 819 ndp->ni_next = cp; 820 /* 821 * If this component is followed by a slash, then move the pointer to 822 * the next component forward, and remember that this component must be 823 * a directory. 824 */ 825 if (*cp == '/') { 826 do { 827 cp++; 828 } while (*cp == '/'); 829 state->slashes = cp - ndp->ni_next; 830 ndp->ni_pathlen -= state->slashes; 831 ndp->ni_next = cp; 832 cnp->cn_flags |= REQUIREDIR; 833 } else { 834 state->slashes = 0; 835 cnp->cn_flags &= ~REQUIREDIR; 836 } 837 /* 838 * We do special processing on the last component, whether or not it's 839 * a directory. Cache all intervening lookups, but not the final one. 840 */ 841 if (*cp == '\0') { 842 if (state->docache) 843 cnp->cn_flags |= MAKEENTRY; 844 else 845 cnp->cn_flags &= ~MAKEENTRY; 846 cnp->cn_flags |= ISLASTCN; 847 } else { 848 cnp->cn_flags |= MAKEENTRY; 849 cnp->cn_flags &= ~ISLASTCN; 850 } 851 if (cnp->cn_namelen == 2 && 852 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 853 cnp->cn_flags |= ISDOTDOT; 854 else 855 cnp->cn_flags &= ~ISDOTDOT; 856 857 return 0; 858 } 859 860 /* 861 * Call VOP_LOOKUP for a single lookup; return a new search directory 862 * (used when crossing mountpoints up or searching union mounts down) and 863 * the found object, which for create operations may be NULL on success. 864 */ 865 static int 866 lookup_once(struct namei_state *state, 867 struct vnode *searchdir, 868 struct vnode **newsearchdir_ret, 869 struct vnode **foundobj_ret) 870 { 871 struct vnode *tmpvn; /* scratch vnode */ 872 struct vnode *foundobj; /* result */ 873 struct mount *mp; /* mount table entry */ 874 struct lwp *l = curlwp; 875 int error; 876 877 struct componentname *cnp = state->cnp; 878 struct nameidata *ndp = state->ndp; 879 880 KASSERT(cnp == &ndp->ni_cnd); 881 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 882 *newsearchdir_ret = searchdir; 883 884 /* 885 * Handle "..": two special cases. 886 * 1. If at root directory (e.g. after chroot) 887 * or at absolute root directory 888 * then ignore it so can't get out. 889 * 1a. If at the root of the emulation filesystem go to the real 890 * root. So "/../<path>" is always absolute. 891 * 1b. If we have somehow gotten out of a jail, warn 892 * and also ignore it so we can't get farther out. 893 * 2. If this vnode is the root of a mounted 894 * filesystem, then replace it with the 895 * vnode which was mounted on so we take the 896 * .. in the other file system. 897 */ 898 if (cnp->cn_flags & ISDOTDOT) { 899 struct proc *p = l->l_proc; 900 901 for (;;) { 902 if (searchdir == ndp->ni_rootdir || 903 searchdir == rootvnode) { 904 foundobj = searchdir; 905 vref(foundobj); 906 *foundobj_ret = foundobj; 907 error = 0; 908 goto done; 909 } 910 if (ndp->ni_rootdir != rootvnode) { 911 int retval; 912 913 VOP_UNLOCK(searchdir); 914 retval = vn_isunder(searchdir, ndp->ni_rootdir, l); 915 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 916 if (!retval) { 917 /* Oops! We got out of jail! */ 918 log(LOG_WARNING, 919 "chrooted pid %d uid %d (%s) " 920 "detected outside of its chroot\n", 921 p->p_pid, kauth_cred_geteuid(l->l_cred), 922 p->p_comm); 923 /* Put us at the jail root. */ 924 vput(searchdir); 925 searchdir = NULL; 926 foundobj = ndp->ni_rootdir; 927 vref(foundobj); 928 vref(foundobj); 929 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 930 *newsearchdir_ret = foundobj; 931 *foundobj_ret = foundobj; 932 error = 0; 933 goto done; 934 } 935 } 936 if ((searchdir->v_vflag & VV_ROOT) == 0 || 937 (cnp->cn_flags & NOCROSSMOUNT)) 938 break; 939 tmpvn = searchdir; 940 searchdir = searchdir->v_mount->mnt_vnodecovered; 941 vref(searchdir); 942 vput(tmpvn); 943 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 944 *newsearchdir_ret = searchdir; 945 } 946 } 947 948 /* 949 * We now have a segment name to search for, and a directory to search. 950 * Our vnode state here is that "searchdir" is held and locked. 951 */ 952 unionlookup: 953 foundobj = NULL; 954 error = VOP_LOOKUP(searchdir, &foundobj, cnp); 955 956 if (error != 0) { 957 #ifdef DIAGNOSTIC 958 if (foundobj != NULL) 959 panic("leaf `%s' should be empty", cnp->cn_nameptr); 960 #endif /* DIAGNOSTIC */ 961 #ifdef NAMEI_DIAGNOSTIC 962 printf("not found\n"); 963 #endif /* NAMEI_DIAGNOSTIC */ 964 if ((error == ENOENT) && 965 (searchdir->v_vflag & VV_ROOT) && 966 (searchdir->v_mount->mnt_flag & MNT_UNION)) { 967 tmpvn = searchdir; 968 searchdir = searchdir->v_mount->mnt_vnodecovered; 969 vref(searchdir); 970 vput(tmpvn); 971 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 972 *newsearchdir_ret = searchdir; 973 goto unionlookup; 974 } 975 976 if (error != EJUSTRETURN) 977 goto done; 978 979 /* 980 * If this was not the last component, or there were trailing 981 * slashes, and we are not going to create a directory, 982 * then the name must exist. 983 */ 984 if ((cnp->cn_flags & (REQUIREDIR | CREATEDIR)) == REQUIREDIR) { 985 error = ENOENT; 986 goto done; 987 } 988 989 /* 990 * If creating and at end of pathname, then can consider 991 * allowing file to be created. 992 */ 993 if (state->rdonly) { 994 error = EROFS; 995 goto done; 996 } 997 998 /* 999 * We return success and a NULL foundobj to indicate 1000 * that the entry doesn't currently exist, leaving a 1001 * pointer to the (normally, locked) directory vnode 1002 * as searchdir. 1003 */ 1004 *foundobj_ret = NULL; 1005 error = 0; 1006 goto done; 1007 } 1008 #ifdef NAMEI_DIAGNOSTIC 1009 printf("found\n"); 1010 #endif /* NAMEI_DIAGNOSTIC */ 1011 1012 /* 1013 * Take into account any additional components consumed by the 1014 * underlying filesystem. This will include any trailing slashes after 1015 * the last component consumed. 1016 */ 1017 if (cnp->cn_consume > 0) { 1018 ndp->ni_pathlen -= cnp->cn_consume - state->slashes; 1019 ndp->ni_next += cnp->cn_consume - state->slashes; 1020 cnp->cn_consume = 0; 1021 if (ndp->ni_next[0] == '\0') 1022 cnp->cn_flags |= ISLASTCN; 1023 } 1024 1025 /* 1026 * "foundobj" and "searchdir" are both locked and held, 1027 * and may be the same vnode. 1028 */ 1029 1030 /* 1031 * Check to see if the vnode has been mounted on; 1032 * if so find the root of the mounted file system. 1033 */ 1034 while (foundobj->v_type == VDIR && 1035 (mp = foundobj->v_mountedhere) != NULL && 1036 (cnp->cn_flags & NOCROSSMOUNT) == 0) { 1037 error = vfs_busy(mp, NULL); 1038 if (error != 0) { 1039 vput(foundobj); 1040 goto done; 1041 } 1042 KASSERT(searchdir != foundobj); 1043 VOP_UNLOCK(searchdir); 1044 vput(foundobj); 1045 error = VFS_ROOT(mp, &foundobj); 1046 vfs_unbusy(mp, false, NULL); 1047 if (error) { 1048 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 1049 goto done; 1050 } 1051 VOP_UNLOCK(foundobj); 1052 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 1053 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 1054 } 1055 1056 *foundobj_ret = foundobj; 1057 error = 0; 1058 done: 1059 KASSERT(VOP_ISLOCKED(*newsearchdir_ret) == LK_EXCLUSIVE); 1060 /* 1061 * *foundobj_ret is valid only if error == 0. 1062 */ 1063 KASSERT(error != 0 || *foundobj_ret == NULL || 1064 VOP_ISLOCKED(*foundobj_ret) == LK_EXCLUSIVE); 1065 return error; 1066 } 1067 1068 ////////////////////////////// 1069 1070 /* 1071 * Do a complete path search from a single root directory. 1072 * (This is called up to twice if TRYEMULROOT is in effect.) 1073 */ 1074 static int 1075 namei_oneroot(struct namei_state *state, struct vnode *forcecwd, 1076 int neverfollow, int inhibitmagic) 1077 { 1078 struct nameidata *ndp = state->ndp; 1079 struct componentname *cnp = state->cnp; 1080 struct vnode *searchdir, *foundobj; 1081 const char *cp; 1082 int error; 1083 1084 error = namei_start(state, forcecwd, &searchdir); 1085 if (error) { 1086 ndp->ni_dvp = NULL; 1087 ndp->ni_vp = NULL; 1088 return error; 1089 } 1090 1091 /* 1092 * Setup: break out flag bits into variables. 1093 */ 1094 state->docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 1095 if (cnp->cn_nameiop == DELETE) 1096 state->docache = 0; 1097 state->rdonly = cnp->cn_flags & RDONLY; 1098 1099 /* 1100 * Keep going until we run out of path components. 1101 */ 1102 cnp->cn_nameptr = ndp->ni_pnbuf; 1103 for (;;) { 1104 1105 /* 1106 * If the directory we're on is unmounted, bail out. 1107 * XXX: should this also check if it's unlinked? 1108 */ 1109 if (searchdir->v_mount == NULL) { 1110 vput(searchdir); 1111 ndp->ni_dvp = NULL; 1112 ndp->ni_vp = NULL; 1113 return (ENOENT); 1114 } 1115 1116 /* 1117 * Look up the next path component. 1118 * (currently, this may consume more than one) 1119 */ 1120 1121 /* 1122 * If we have a leading string of slashes, remove 1123 * them, and just make sure the current node is a 1124 * directory. 1125 */ 1126 cp = cnp->cn_nameptr; 1127 if (*cp == '/') { 1128 do { 1129 cp++; 1130 } while (*cp == '/'); 1131 ndp->ni_pathlen -= cp - cnp->cn_nameptr; 1132 cnp->cn_nameptr = cp; 1133 1134 if (searchdir->v_type != VDIR) { 1135 vput(searchdir); 1136 ndp->ni_dvp = NULL; 1137 ndp->ni_vp = NULL; 1138 state->attempt_retry = 1; 1139 return ENOTDIR; 1140 } 1141 } 1142 1143 /* 1144 * If we've exhausted the path name, then just return the 1145 * current node. 1146 */ 1147 if (cnp->cn_nameptr[0] == '\0') { 1148 foundobj = searchdir; 1149 searchdir = NULL; 1150 cnp->cn_flags |= ISLASTCN; 1151 1152 /* bleh */ 1153 break; 1154 } 1155 1156 error = lookup_parsepath(state); 1157 if (error) { 1158 vput(searchdir); 1159 ndp->ni_dvp = NULL; 1160 ndp->ni_vp = NULL; 1161 state->attempt_retry = 1; 1162 return (error); 1163 } 1164 1165 error = lookup_once(state, searchdir, &searchdir, &foundobj); 1166 if (error) { 1167 vput(searchdir); 1168 ndp->ni_dvp = NULL; 1169 ndp->ni_vp = NULL; 1170 /* 1171 * Note that if we're doing TRYEMULROOT we can 1172 * retry with the normal root. Where this is 1173 * currently set matches previous practice, 1174 * but the previous practice didn't make much 1175 * sense and somebody should sit down and 1176 * figure out which cases should cause retry 1177 * and which shouldn't. XXX. 1178 */ 1179 state->attempt_retry = 1; 1180 return (error); 1181 } 1182 1183 if (foundobj == NULL) { 1184 /* 1185 * Success with no object returned means we're 1186 * creating something and it isn't already 1187 * there. Break out of the main loop now so 1188 * the code below doesn't have to test for 1189 * foundobj == NULL. 1190 */ 1191 break; 1192 } 1193 1194 /* 1195 * Check for symbolic link. If we've reached one, 1196 * follow it, unless we aren't supposed to. Back up 1197 * over any slashes that we skipped, as we will need 1198 * them again. 1199 */ 1200 if (namei_atsymlink(state, foundobj)) { 1201 ndp->ni_pathlen += state->slashes; 1202 ndp->ni_next -= state->slashes; 1203 if (neverfollow) { 1204 error = EINVAL; 1205 } else { 1206 /* 1207 * dholland 20110410: if we're at a 1208 * union mount it might make sense to 1209 * use the top of the union stack here 1210 * rather than the layer we found the 1211 * symlink in. (FUTURE) 1212 */ 1213 error = namei_follow(state, inhibitmagic, 1214 searchdir, foundobj, 1215 &searchdir); 1216 } 1217 if (error) { 1218 KASSERT(searchdir != foundobj); 1219 vput(searchdir); 1220 vput(foundobj); 1221 ndp->ni_dvp = NULL; 1222 ndp->ni_vp = NULL; 1223 return error; 1224 } 1225 /* namei_follow unlocks it (ugh) so rele, not put */ 1226 vrele(foundobj); 1227 foundobj = NULL; 1228 continue; 1229 } 1230 1231 /* 1232 * Not a symbolic link. 1233 * 1234 * Check for directory, if the component was 1235 * followed by a series of slashes. 1236 */ 1237 if ((foundobj->v_type != VDIR) && (cnp->cn_flags & REQUIREDIR)) { 1238 KASSERT(foundobj != searchdir); 1239 if (searchdir) { 1240 vput(searchdir); 1241 } 1242 vput(foundobj); 1243 ndp->ni_dvp = NULL; 1244 ndp->ni_vp = NULL; 1245 state->attempt_retry = 1; 1246 return ENOTDIR; 1247 } 1248 1249 /* 1250 * Stop if we've reached the last component. 1251 */ 1252 if (cnp->cn_flags & ISLASTCN) { 1253 break; 1254 } 1255 1256 /* 1257 * Continue with the next component. 1258 */ 1259 cnp->cn_nameptr = ndp->ni_next; 1260 if (searchdir == foundobj) { 1261 vrele(searchdir); 1262 } else { 1263 vput(searchdir); 1264 } 1265 searchdir = foundobj; 1266 foundobj = NULL; 1267 } 1268 1269 if (foundobj != NULL) { 1270 if (foundobj == ndp->ni_erootdir) { 1271 /* 1272 * We are about to return the emulation root. 1273 * This isn't a good idea because code might 1274 * repeatedly lookup ".." until the file 1275 * matches that returned for "/" and loop 1276 * forever. So convert it to the real root. 1277 */ 1278 if (searchdir != NULL) { 1279 if (searchdir == foundobj) 1280 vrele(searchdir); 1281 else 1282 vput(searchdir); 1283 searchdir = NULL; 1284 } 1285 vput(foundobj); 1286 foundobj = ndp->ni_rootdir; 1287 vref(foundobj); 1288 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 1289 } 1290 1291 /* 1292 * If the caller requested the parent node (i.e. it's 1293 * a CREATE, DELETE, or RENAME), and we don't have one 1294 * (because this is the root directory, or we crossed 1295 * a mount point), then we must fail. 1296 */ 1297 if (cnp->cn_nameiop != LOOKUP && 1298 (searchdir == NULL || 1299 searchdir->v_mount != foundobj->v_mount)) { 1300 if (searchdir) { 1301 vput(searchdir); 1302 } 1303 vput(foundobj); 1304 foundobj = NULL; 1305 ndp->ni_dvp = NULL; 1306 ndp->ni_vp = NULL; 1307 state->attempt_retry = 1; 1308 1309 switch (cnp->cn_nameiop) { 1310 case CREATE: 1311 return EEXIST; 1312 case DELETE: 1313 case RENAME: 1314 return EBUSY; 1315 default: 1316 break; 1317 } 1318 panic("Invalid nameiop\n"); 1319 } 1320 1321 /* 1322 * Disallow directory write attempts on read-only lookups. 1323 * Prefers EEXIST over EROFS for the CREATE case. 1324 */ 1325 if (state->rdonly && 1326 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 1327 if (searchdir) { 1328 if (foundobj != searchdir) { 1329 vput(searchdir); 1330 } else { 1331 vrele(searchdir); 1332 } 1333 searchdir = NULL; 1334 } 1335 vput(foundobj); 1336 foundobj = NULL; 1337 ndp->ni_dvp = NULL; 1338 ndp->ni_vp = NULL; 1339 state->attempt_retry = 1; 1340 return EROFS; 1341 } 1342 if ((cnp->cn_flags & LOCKLEAF) == 0) { 1343 /* 1344 * Note: if LOCKPARENT but not LOCKLEAF is 1345 * set, and searchdir == foundobj, this code 1346 * necessarily unlocks the parent as well as 1347 * the leaf. That is, just because you specify 1348 * LOCKPARENT doesn't mean you necessarily get 1349 * a locked parent vnode. The code in 1350 * vfs_syscalls.c, and possibly elsewhere, 1351 * that uses this combination "knows" this, so 1352 * it can't be safely changed. Feh. XXX 1353 */ 1354 VOP_UNLOCK(foundobj); 1355 } 1356 } 1357 1358 /* 1359 * Done. 1360 */ 1361 1362 /* 1363 * If LOCKPARENT is not set, the parent directory isn't returned. 1364 */ 1365 if ((cnp->cn_flags & LOCKPARENT) == 0 && searchdir != NULL) { 1366 if (searchdir == foundobj) { 1367 vrele(searchdir); 1368 } else { 1369 vput(searchdir); 1370 } 1371 searchdir = NULL; 1372 } 1373 1374 ndp->ni_dvp = searchdir; 1375 ndp->ni_vp = foundobj; 1376 return 0; 1377 } 1378 1379 /* 1380 * Do namei; wrapper layer that handles TRYEMULROOT. 1381 */ 1382 static int 1383 namei_tryemulroot(struct namei_state *state, struct vnode *forcecwd, 1384 int neverfollow, int inhibitmagic) 1385 { 1386 int error; 1387 1388 struct nameidata *ndp = state->ndp; 1389 struct componentname *cnp = state->cnp; 1390 const char *savepath = NULL; 1391 1392 KASSERT(cnp == &ndp->ni_cnd); 1393 1394 if (cnp->cn_flags & TRYEMULROOT) { 1395 savepath = pathbuf_stringcopy_get(ndp->ni_pathbuf); 1396 } 1397 1398 emul_retry: 1399 state->attempt_retry = 0; 1400 1401 error = namei_oneroot(state, forcecwd, neverfollow, inhibitmagic); 1402 if (error) { 1403 /* 1404 * Once namei has started up, the existence of ni_erootdir 1405 * tells us whether we're working from an emulation root. 1406 * The TRYEMULROOT flag isn't necessarily authoritative. 1407 */ 1408 if (ndp->ni_erootdir != NULL && state->attempt_retry) { 1409 /* Retry the whole thing using the normal root */ 1410 cnp->cn_flags &= ~TRYEMULROOT; 1411 state->attempt_retry = 0; 1412 1413 /* kinda gross */ 1414 strcpy(ndp->ni_pathbuf->pb_path, savepath); 1415 pathbuf_stringcopy_put(ndp->ni_pathbuf, savepath); 1416 savepath = NULL; 1417 1418 goto emul_retry; 1419 } 1420 } 1421 if (savepath != NULL) { 1422 pathbuf_stringcopy_put(ndp->ni_pathbuf, savepath); 1423 } 1424 return error; 1425 } 1426 1427 /* 1428 * External interface. 1429 */ 1430 int 1431 namei(struct nameidata *ndp) 1432 { 1433 struct namei_state state; 1434 int error; 1435 1436 namei_init(&state, ndp); 1437 error = namei_tryemulroot(&state, NULL, 1438 0/*!neverfollow*/, 0/*!inhibitmagic*/); 1439 namei_cleanup(&state); 1440 1441 if (error) { 1442 /* make sure no stray refs leak out */ 1443 KASSERT(ndp->ni_dvp == NULL); 1444 KASSERT(ndp->ni_vp == NULL); 1445 } 1446 1447 return error; 1448 } 1449 1450 //////////////////////////////////////////////////////////// 1451 1452 /* 1453 * External interface used by nfsd. This is basically different from 1454 * namei only in that it has the ability to pass in the "current 1455 * directory", and uses an extra flag "neverfollow" for which there's 1456 * no physical flag defined in namei.h. (There used to be a cut&paste 1457 * copy of about half of namei in nfsd to allow these minor 1458 * adjustments to exist.) 1459 * 1460 * XXX: the namei interface should be adjusted so nfsd can just use 1461 * ordinary namei(). 1462 */ 1463 int 1464 lookup_for_nfsd(struct nameidata *ndp, struct vnode *forcecwd, int neverfollow) 1465 { 1466 struct namei_state state; 1467 int error; 1468 1469 namei_init(&state, ndp); 1470 error = namei_tryemulroot(&state, forcecwd, 1471 neverfollow, 1/*inhibitmagic*/); 1472 namei_cleanup(&state); 1473 1474 if (error) { 1475 /* make sure no stray refs leak out */ 1476 KASSERT(ndp->ni_dvp == NULL); 1477 KASSERT(ndp->ni_vp == NULL); 1478 } 1479 1480 return error; 1481 } 1482 1483 /* 1484 * A second external interface used by nfsd. This turns out to be a 1485 * single lookup used by the WebNFS code (ha!) to get "index.html" or 1486 * equivalent when asked for a directory. It should eventually evolve 1487 * into some kind of namei_once() call; for the time being it's kind 1488 * of a mess. XXX. 1489 * 1490 * dholland 20110109: I don't think it works, and I don't think it 1491 * worked before I started hacking and slashing either, and I doubt 1492 * anyone will ever notice. 1493 */ 1494 1495 /* 1496 * Internals. This calls lookup_once() after setting up the assorted 1497 * pieces of state the way they ought to be. 1498 */ 1499 static int 1500 do_lookup_for_nfsd_index(struct namei_state *state, struct vnode *startdir) 1501 { 1502 int error = 0; 1503 1504 struct componentname *cnp = state->cnp; 1505 struct nameidata *ndp = state->ndp; 1506 struct vnode *foundobj; 1507 const char *cp; /* pointer into pathname argument */ 1508 1509 KASSERT(cnp == &ndp->ni_cnd); 1510 1511 cnp->cn_nameptr = ndp->ni_pnbuf; 1512 state->docache = 1; 1513 state->rdonly = cnp->cn_flags & RDONLY; 1514 ndp->ni_dvp = NULL; 1515 1516 cnp->cn_consume = 0; 1517 cp = NULL; 1518 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 1519 cnp->cn_namelen = cp - cnp->cn_nameptr; 1520 KASSERT(cnp->cn_namelen <= NAME_MAX); 1521 ndp->ni_pathlen -= cnp->cn_namelen; 1522 ndp->ni_next = cp; 1523 state->slashes = 0; 1524 cnp->cn_flags &= ~REQUIREDIR; 1525 cnp->cn_flags |= MAKEENTRY|ISLASTCN; 1526 1527 if (cnp->cn_namelen == 2 && 1528 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 1529 cnp->cn_flags |= ISDOTDOT; 1530 else 1531 cnp->cn_flags &= ~ISDOTDOT; 1532 1533 /* 1534 * Because lookup_once can change the startdir, we need our 1535 * own reference to it to avoid consuming the caller's. 1536 */ 1537 vref(startdir); 1538 vn_lock(startdir, LK_EXCLUSIVE | LK_RETRY); 1539 error = lookup_once(state, startdir, &startdir, &foundobj); 1540 vput(startdir); 1541 if (error) { 1542 goto bad; 1543 } 1544 ndp->ni_vp = foundobj; 1545 1546 if (foundobj == NULL) { 1547 return 0; 1548 } 1549 1550 KASSERT((cnp->cn_flags & LOCKPARENT) == 0); 1551 if ((cnp->cn_flags & LOCKLEAF) == 0) { 1552 VOP_UNLOCK(foundobj); 1553 } 1554 return (0); 1555 1556 bad: 1557 ndp->ni_vp = NULL; 1558 return (error); 1559 } 1560 1561 /* 1562 * External interface. The partitioning between this function and the 1563 * above isn't very clear - the above function exists mostly so code 1564 * that uses "state->" can be shuffled around without having to change 1565 * it to "state.". 1566 */ 1567 int 1568 lookup_for_nfsd_index(struct nameidata *ndp, struct vnode *startdir) 1569 { 1570 struct namei_state state; 1571 int error; 1572 1573 /* 1574 * Note: the name sent in here (is not|should not be) allowed 1575 * to contain a slash. 1576 */ 1577 if (strlen(ndp->ni_pathbuf->pb_path) > NAME_MAX) { 1578 return ENAMETOOLONG; 1579 } 1580 if (strchr(ndp->ni_pathbuf->pb_path, '/')) { 1581 return EINVAL; 1582 } 1583 1584 ndp->ni_pathlen = strlen(ndp->ni_pathbuf->pb_path) + 1; 1585 ndp->ni_pnbuf = NULL; 1586 ndp->ni_cnd.cn_nameptr = NULL; 1587 1588 namei_init(&state, ndp); 1589 error = do_lookup_for_nfsd_index(&state, startdir); 1590 namei_cleanup(&state); 1591 1592 return error; 1593 } 1594 1595 //////////////////////////////////////////////////////////// 1596 1597 /* 1598 * Reacquire a path name component. 1599 * dvp is locked on entry and exit. 1600 * *vpp is locked on exit unless it's NULL. 1601 */ 1602 int 1603 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int dummy) 1604 { 1605 int rdonly; /* lookup read-only flag bit */ 1606 int error = 0; 1607 #ifdef DEBUG 1608 uint32_t newhash; /* DEBUG: check name hash */ 1609 const char *cp; /* DEBUG: check name ptr/len */ 1610 #endif /* DEBUG */ 1611 1612 (void)dummy; 1613 1614 /* 1615 * Setup: break out flag bits into variables. 1616 */ 1617 rdonly = cnp->cn_flags & RDONLY; 1618 1619 /* 1620 * Search a new directory. 1621 * 1622 * The cn_hash value is for use by vfs_cache. 1623 * The last component of the filename is left accessible via 1624 * cnp->cn_nameptr for callers that need the name. Callers needing 1625 * the name set the SAVENAME flag. When done, they assume 1626 * responsibility for freeing the pathname buffer. 1627 */ 1628 #ifdef DEBUG 1629 cp = NULL; 1630 newhash = namei_hash(cnp->cn_nameptr, &cp); 1631 if ((uint32_t)newhash != (uint32_t)cnp->cn_hash) 1632 panic("relookup: bad hash"); 1633 if (cnp->cn_namelen != cp - cnp->cn_nameptr) 1634 panic("relookup: bad len"); 1635 while (*cp == '/') 1636 cp++; 1637 if (*cp != 0) 1638 panic("relookup: not last component"); 1639 #endif /* DEBUG */ 1640 1641 /* 1642 * Check for degenerate name (e.g. / or "") 1643 * which is a way of talking about a directory, 1644 * e.g. like "/." or ".". 1645 */ 1646 if (cnp->cn_nameptr[0] == '\0') 1647 panic("relookup: null name"); 1648 1649 if (cnp->cn_flags & ISDOTDOT) 1650 panic("relookup: lookup on dot-dot"); 1651 1652 /* 1653 * We now have a segment name to search for, and a directory to search. 1654 */ 1655 cnp->cn_flags |= INRELOOKUP; 1656 error = VOP_LOOKUP(dvp, vpp, cnp); 1657 cnp->cn_flags &= ~INRELOOKUP; 1658 if ((error) != 0) { 1659 #ifdef DIAGNOSTIC 1660 if (*vpp != NULL) 1661 panic("leaf `%s' should be empty", cnp->cn_nameptr); 1662 #endif 1663 if (error != EJUSTRETURN) 1664 goto bad; 1665 } 1666 1667 #ifdef DIAGNOSTIC 1668 /* 1669 * Check for symbolic link 1670 */ 1671 if (*vpp && (*vpp)->v_type == VLNK && (cnp->cn_flags & FOLLOW)) 1672 panic("relookup: symlink found"); 1673 #endif 1674 1675 /* 1676 * Check for read-only lookups. 1677 */ 1678 if (rdonly && cnp->cn_nameiop != LOOKUP) { 1679 error = EROFS; 1680 if (*vpp) { 1681 vput(*vpp); 1682 } 1683 goto bad; 1684 } 1685 return (0); 1686 1687 bad: 1688 *vpp = NULL; 1689 return (error); 1690 } 1691 1692 /* 1693 * namei_simple - simple forms of namei. 1694 * 1695 * These are wrappers to allow the simple case callers of namei to be 1696 * left alone while everything else changes under them. 1697 */ 1698 1699 /* Flags */ 1700 struct namei_simple_flags_type { 1701 int dummy; 1702 }; 1703 static const struct namei_simple_flags_type ns_nn, ns_nt, ns_fn, ns_ft; 1704 const namei_simple_flags_t NSM_NOFOLLOW_NOEMULROOT = &ns_nn; 1705 const namei_simple_flags_t NSM_NOFOLLOW_TRYEMULROOT = &ns_nt; 1706 const namei_simple_flags_t NSM_FOLLOW_NOEMULROOT = &ns_fn; 1707 const namei_simple_flags_t NSM_FOLLOW_TRYEMULROOT = &ns_ft; 1708 1709 static 1710 int 1711 namei_simple_convert_flags(namei_simple_flags_t sflags) 1712 { 1713 if (sflags == NSM_NOFOLLOW_NOEMULROOT) 1714 return NOFOLLOW | 0; 1715 if (sflags == NSM_NOFOLLOW_TRYEMULROOT) 1716 return NOFOLLOW | TRYEMULROOT; 1717 if (sflags == NSM_FOLLOW_NOEMULROOT) 1718 return FOLLOW | 0; 1719 if (sflags == NSM_FOLLOW_TRYEMULROOT) 1720 return FOLLOW | TRYEMULROOT; 1721 panic("namei_simple_convert_flags: bogus sflags\n"); 1722 return 0; 1723 } 1724 1725 int 1726 namei_simple_kernel(const char *path, namei_simple_flags_t sflags, 1727 struct vnode **vp_ret) 1728 { 1729 struct nameidata nd; 1730 struct pathbuf *pb; 1731 int err; 1732 1733 pb = pathbuf_create(path); 1734 if (pb == NULL) { 1735 return ENOMEM; 1736 } 1737 1738 NDINIT(&nd, 1739 LOOKUP, 1740 namei_simple_convert_flags(sflags), 1741 pb); 1742 err = namei(&nd); 1743 if (err != 0) { 1744 pathbuf_destroy(pb); 1745 return err; 1746 } 1747 *vp_ret = nd.ni_vp; 1748 pathbuf_destroy(pb); 1749 return 0; 1750 } 1751 1752 int 1753 namei_simple_user(const char *path, namei_simple_flags_t sflags, 1754 struct vnode **vp_ret) 1755 { 1756 struct pathbuf *pb; 1757 struct nameidata nd; 1758 int err; 1759 1760 err = pathbuf_copyin(path, &pb); 1761 if (err) { 1762 return err; 1763 } 1764 1765 NDINIT(&nd, 1766 LOOKUP, 1767 namei_simple_convert_flags(sflags), 1768 pb); 1769 err = namei(&nd); 1770 if (err != 0) { 1771 pathbuf_destroy(pb); 1772 return err; 1773 } 1774 *vp_ret = nd.ni_vp; 1775 pathbuf_destroy(pb); 1776 return 0; 1777 } 1778