1 /* $NetBSD: vfs_lookup.c,v 1.104 2008/01/30 11:47:00 ad Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.104 2008/01/30 11:47:00 ad Exp $"); 41 42 #include "opt_magiclinks.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/syslimits.h> 48 #include <sys/time.h> 49 #include <sys/namei.h> 50 #include <sys/vnode.h> 51 #include <sys/mount.h> 52 #include <sys/errno.h> 53 #include <sys/filedesc.h> 54 #include <sys/hash.h> 55 #include <sys/malloc.h> 56 #include <sys/proc.h> 57 #include <sys/syslog.h> 58 #include <sys/kauth.h> 59 #include <sys/ktrace.h> 60 61 #ifndef MAGICLINKS 62 #define MAGICLINKS 0 63 #endif 64 65 struct pathname_internal { 66 char *pathbuf; 67 bool needfree; 68 }; 69 70 int vfs_magiclinks = MAGICLINKS; 71 72 pool_cache_t pnbuf_cache; /* pathname buffer cache */ 73 74 /* 75 * Substitute replacement text for 'magic' strings in symlinks. 76 * Returns 0 if successful, and returns non-zero if an error 77 * occurs. (Currently, the only possible error is running out 78 * of temporary pathname space.) 79 * 80 * Looks for "@<string>" and "@<string>/", where <string> is a 81 * recognized 'magic' string. Replaces the "@<string>" with the 82 * appropriate replacement text. (Note that in some cases the 83 * replacement text may have zero length.) 84 * 85 * This would have been table driven, but the variance in 86 * replacement strings (and replacement string lengths) made 87 * that impractical. 88 */ 89 #define VNL(x) \ 90 (sizeof(x) - 1) 91 92 #define VO '{' 93 #define VC '}' 94 95 #define MATCH(str) \ 96 ((termchar == '/' && i + VNL(str) == *len) || \ 97 (i + VNL(str) < *len && \ 98 cp[i + VNL(str)] == termchar)) && \ 99 !strncmp((str), &cp[i], VNL(str)) 100 101 #define SUBSTITUTE(m, s, sl) \ 102 if ((newlen + (sl)) > MAXPATHLEN) \ 103 return (1); \ 104 i += VNL(m); \ 105 if (termchar != '/') \ 106 i++; \ 107 memcpy(&tmp[newlen], (s), (sl)); \ 108 newlen += (sl); \ 109 change = 1; \ 110 termchar = '/'; 111 112 static int 113 symlink_magic(struct proc *p, char *cp, int *len) 114 { 115 char *tmp; 116 int change, i, newlen; 117 int termchar = '/'; 118 char uidtmp[11]; /* XXX elad */ 119 120 121 tmp = PNBUF_GET(); 122 for (change = i = newlen = 0; i < *len; ) { 123 if (cp[i] != '@') { 124 tmp[newlen++] = cp[i++]; 125 continue; 126 } 127 128 i++; 129 130 /* Check for @{var} syntax. */ 131 if (cp[i] == VO) { 132 termchar = VC; 133 i++; 134 } 135 136 /* 137 * The following checks should be ordered according 138 * to frequency of use. 139 */ 140 if (MATCH("machine_arch")) { 141 SUBSTITUTE("machine_arch", MACHINE_ARCH, 142 sizeof(MACHINE_ARCH) - 1); 143 } else if (MATCH("machine")) { 144 SUBSTITUTE("machine", MACHINE, 145 sizeof(MACHINE) - 1); 146 } else if (MATCH("hostname")) { 147 SUBSTITUTE("hostname", hostname, 148 hostnamelen); 149 } else if (MATCH("osrelease")) { 150 SUBSTITUTE("osrelease", osrelease, 151 strlen(osrelease)); 152 } else if (MATCH("emul")) { 153 SUBSTITUTE("emul", p->p_emul->e_name, 154 strlen(p->p_emul->e_name)); 155 } else if (MATCH("kernel_ident")) { 156 SUBSTITUTE("kernel_ident", kernel_ident, 157 strlen(kernel_ident)); 158 } else if (MATCH("domainname")) { 159 SUBSTITUTE("domainname", domainname, 160 domainnamelen); 161 } else if (MATCH("ostype")) { 162 SUBSTITUTE("ostype", ostype, 163 strlen(ostype)); 164 } else if (MATCH("uid")) { 165 (void)snprintf(uidtmp, sizeof(uidtmp), "%u", 166 kauth_cred_geteuid(kauth_cred_get())); 167 SUBSTITUTE("uid", uidtmp, strlen(uidtmp)); 168 } else if (MATCH("ruid")) { 169 (void)snprintf(uidtmp, sizeof(uidtmp), "%u", 170 kauth_cred_getuid(kauth_cred_get())); 171 SUBSTITUTE("ruid", uidtmp, strlen(uidtmp)); 172 } else { 173 tmp[newlen++] = '@'; 174 if (termchar == VC) 175 tmp[newlen++] = VO; 176 } 177 } 178 179 if (change) { 180 memcpy(cp, tmp, newlen); 181 *len = newlen; 182 } 183 PNBUF_PUT(tmp); 184 185 return (0); 186 } 187 188 #undef VNL 189 #undef VO 190 #undef VC 191 #undef MATCH 192 #undef SUBSTITUTE 193 194 /* 195 * Convert a pathname into a pointer to a locked vnode. 196 * 197 * The FOLLOW flag is set when symbolic links are to be followed 198 * when they occur at the end of the name translation process. 199 * Symbolic links are always followed for all other pathname 200 * components other than the last. 201 * 202 * The segflg defines whether the name is to be copied from user 203 * space or kernel space. 204 * 205 * Overall outline of namei: 206 * 207 * copy in name 208 * get starting directory 209 * while (!done && !error) { 210 * call lookup to search path. 211 * if symbolic link, massage name in buffer and continue 212 * } 213 */ 214 int 215 namei(struct nameidata *ndp) 216 { 217 struct cwdinfo *cwdi; /* pointer to cwd state */ 218 char *cp; /* pointer into pathname argument */ 219 struct vnode *dp; /* the directory we are searching */ 220 struct iovec aiov; /* uio for reading symbolic links */ 221 struct lwp *l = curlwp; /* thread doing namei() */ 222 struct uio auio; 223 int error, linklen; 224 struct componentname *cnp = &ndp->ni_cnd; 225 226 #ifdef DIAGNOSTIC 227 if (!cnp->cn_cred) 228 panic("namei: bad cred/proc"); 229 if (cnp->cn_nameiop & (~OPMASK)) 230 panic("namei: nameiop contaminated with flags"); 231 if (cnp->cn_flags & OPMASK) 232 panic("namei: flags contaminated with nameiops"); 233 #endif 234 235 /* 236 * Get a buffer for the name to be translated, and copy the 237 * name into the buffer. 238 */ 239 if ((cnp->cn_flags & HASBUF) == 0) 240 cnp->cn_pnbuf = PNBUF_GET(); 241 emul_retry: 242 if (ndp->ni_segflg == UIO_SYSSPACE) 243 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, 244 MAXPATHLEN, &ndp->ni_pathlen); 245 else 246 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, 247 MAXPATHLEN, &ndp->ni_pathlen); 248 249 /* 250 * POSIX.1 requirement: "" is not a valid file name. 251 */ 252 if (!error && ndp->ni_pathlen == 1) 253 error = ENOENT; 254 255 if (error) { 256 PNBUF_PUT(cnp->cn_pnbuf); 257 ndp->ni_vp = NULL; 258 return (error); 259 } 260 ndp->ni_loopcnt = 0; 261 262 /* 263 * Get root directory for the translation. 264 */ 265 cwdi = l->l_proc->p_cwdi; 266 rw_enter(&cwdi->cwdi_lock, RW_READER); 267 dp = cwdi->cwdi_rdir; 268 if (dp == NULL) 269 dp = rootvnode; 270 ndp->ni_rootdir = dp; 271 272 /* 273 * Check if starting from root directory or current directory. 274 */ 275 if (cnp->cn_pnbuf[0] == '/') { 276 if (cnp->cn_flags & TRYEMULROOT) { 277 if (cnp->cn_flags & EMULROOTSET) { 278 /* Called from (eg) emul_find_interp() */ 279 dp = ndp->ni_erootdir; 280 } else { 281 if (cwdi->cwdi_edir == NULL 282 || (cnp->cn_pnbuf[1] == '.' 283 && cnp->cn_pnbuf[2] == '.' 284 && cnp->cn_pnbuf[3] == '/')) { 285 ndp->ni_erootdir = NULL; 286 } else { 287 dp = cwdi->cwdi_edir; 288 ndp->ni_erootdir = dp; 289 } 290 } 291 } else 292 ndp->ni_erootdir = NULL; 293 } else { 294 dp = cwdi->cwdi_cdir; 295 ndp->ni_erootdir = NULL; 296 } 297 VREF(dp); 298 rw_exit(&cwdi->cwdi_lock); 299 300 if (ktrpoint(KTR_NAMEI)) { 301 if (ndp->ni_erootdir != NULL) { 302 /* 303 * To make any sense, the trace entry need to have the 304 * text of the emulation path prepended. 305 * Usually we can get this from the current process, 306 * but when called from emul_find_interp() it is only 307 * in the exec_package - so we get it passed in ni_next 308 * (this is a hack). 309 */ 310 const char *emul_path; 311 if (cnp->cn_flags & EMULROOTSET) 312 emul_path = ndp->ni_next; 313 else 314 emul_path = l->l_proc->p_emul->e_path; 315 ktrnamei2(emul_path, strlen(emul_path), 316 cnp->cn_pnbuf, ndp->ni_pathlen); 317 } else 318 ktrnamei(cnp->cn_pnbuf, ndp->ni_pathlen); 319 } 320 321 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 322 /* Loop through symbolic links */ 323 for (;;) { 324 if (!dp->v_mount) { 325 /* Give up if the directory is no longer mounted */ 326 vput(dp); 327 PNBUF_PUT(cnp->cn_pnbuf); 328 return (ENOENT); 329 } 330 cnp->cn_nameptr = cnp->cn_pnbuf; 331 ndp->ni_startdir = dp; 332 error = lookup(ndp); 333 if (error != 0) { 334 if (ndp->ni_dvp) { 335 vput(ndp->ni_dvp); 336 } 337 if (ndp->ni_erootdir != NULL) { 338 /* Retry the whole thing from the normal root */ 339 cnp->cn_flags &= ~TRYEMULROOT; 340 goto emul_retry; 341 } 342 PNBUF_PUT(cnp->cn_pnbuf); 343 return (error); 344 } 345 346 /* 347 * Check for symbolic link 348 */ 349 if ((cnp->cn_flags & ISSYMLINK) == 0) { 350 if ((cnp->cn_flags & LOCKPARENT) == 0 && ndp->ni_dvp) { 351 if (ndp->ni_dvp == ndp->ni_vp) { 352 vrele(ndp->ni_dvp); 353 } else { 354 vput(ndp->ni_dvp); 355 } 356 } 357 if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) 358 PNBUF_PUT(cnp->cn_pnbuf); 359 else 360 cnp->cn_flags |= HASBUF; 361 return (0); 362 } 363 364 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) { 365 error = ELOOP; 366 break; 367 } 368 if (ndp->ni_vp->v_mount->mnt_flag & MNT_SYMPERM) { 369 error = VOP_ACCESS(ndp->ni_vp, VEXEC, cnp->cn_cred); 370 if (error != 0) 371 break; 372 } 373 if (ndp->ni_pathlen > 1) 374 cp = PNBUF_GET(); 375 else 376 cp = cnp->cn_pnbuf; 377 aiov.iov_base = cp; 378 aiov.iov_len = MAXPATHLEN; 379 auio.uio_iov = &aiov; 380 auio.uio_iovcnt = 1; 381 auio.uio_offset = 0; 382 auio.uio_rw = UIO_READ; 383 auio.uio_resid = MAXPATHLEN; 384 UIO_SETUP_SYSSPACE(&auio); 385 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred); 386 if (error) { 387 badlink: 388 if (ndp->ni_pathlen > 1) 389 PNBUF_PUT(cp); 390 break; 391 } 392 linklen = MAXPATHLEN - auio.uio_resid; 393 if (linklen == 0) { 394 error = ENOENT; 395 goto badlink; 396 } 397 398 /* 399 * Do symlink substitution, if appropriate, and 400 * check length for potential overflow. 401 */ 402 if ((vfs_magiclinks && 403 symlink_magic(l->l_proc, cp, &linklen)) || 404 (linklen + ndp->ni_pathlen >= MAXPATHLEN)) { 405 error = ENAMETOOLONG; 406 goto badlink; 407 } 408 if (ndp->ni_pathlen > 1) { 409 memcpy(cp + linklen, ndp->ni_next, ndp->ni_pathlen); 410 PNBUF_PUT(cnp->cn_pnbuf); 411 cnp->cn_pnbuf = cp; 412 } else 413 cnp->cn_pnbuf[linklen] = '\0'; 414 ndp->ni_pathlen += linklen; 415 vput(ndp->ni_vp); 416 dp = ndp->ni_dvp; 417 418 /* 419 * Check if root directory should replace current directory. 420 */ 421 if (cnp->cn_pnbuf[0] == '/') { 422 vput(dp); 423 /* Keep absolute symbolic links inside emulation root */ 424 dp = ndp->ni_erootdir; 425 if (dp == NULL || (cnp->cn_pnbuf[1] == '.' 426 && cnp->cn_pnbuf[2] == '.' 427 && cnp->cn_pnbuf[3] == '/')) { 428 ndp->ni_erootdir = NULL; 429 dp = ndp->ni_rootdir; 430 } 431 VREF(dp); 432 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 433 } 434 } 435 /* Failed to process a symbolic link */ 436 KASSERT(ndp->ni_dvp != ndp->ni_vp); 437 vput(ndp->ni_dvp); 438 vput(ndp->ni_vp); 439 ndp->ni_vp = NULL; 440 PNBUF_PUT(cnp->cn_pnbuf); 441 return (error); 442 } 443 444 /* 445 * Determine the namei hash (for cn_hash) for name. 446 * If *ep != NULL, hash from name to ep-1. 447 * If *ep == NULL, hash from name until the first NUL or '/', and 448 * return the location of this termination character in *ep. 449 * 450 * This function returns an equivalent hash to the MI hash32_strn(). 451 * The latter isn't used because in the *ep == NULL case, determining 452 * the length of the string to the first NUL or `/' and then calling 453 * hash32_strn() involves unnecessary double-handling of the data. 454 */ 455 uint32_t 456 namei_hash(const char *name, const char **ep) 457 { 458 uint32_t hash; 459 460 hash = HASH32_STR_INIT; 461 if (*ep != NULL) { 462 for (; name < *ep; name++) 463 hash = hash * 33 + *(const uint8_t *)name; 464 } else { 465 for (; *name != '\0' && *name != '/'; name++) 466 hash = hash * 33 + *(const uint8_t *)name; 467 *ep = name; 468 } 469 return (hash + (hash >> 5)); 470 } 471 472 /* 473 * Search a pathname. 474 * This is a very central and rather complicated routine. 475 * 476 * The pathname is pointed to by ni_ptr and is of length ni_pathlen. 477 * The starting directory is taken from ni_startdir. The pathname is 478 * descended until done, or a symbolic link is encountered. The variable 479 * ni_more is clear if the path is completed; it is set to one if a 480 * symbolic link needing interpretation is encountered. 481 * 482 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on 483 * whether the name is to be looked up, created, renamed, or deleted. 484 * When CREATE, RENAME, or DELETE is specified, information usable in 485 * creating, renaming, or deleting a directory entry may be calculated. 486 * If flag has LOCKPARENT or'ed into it, the parent directory is returned 487 * locked. Otherwise the parent directory is not returned. If the target 488 * of the pathname exists and LOCKLEAF is or'ed into the flag the target 489 * is returned locked, otherwise it is returned unlocked. When creating 490 * or renaming and LOCKPARENT is specified, the target may not be ".". 491 * When deleting and LOCKPARENT is specified, the target may be ".". 492 * 493 * Overall outline of lookup: 494 * 495 * dirloop: 496 * identify next component of name at ndp->ni_ptr 497 * handle degenerate case where name is null string 498 * if .. and crossing mount points and on mounted filesys, find parent 499 * call VOP_LOOKUP routine for next component name 500 * directory vnode returned in ni_dvp, locked. 501 * component vnode returned in ni_vp (if it exists), locked. 502 * if result vnode is mounted on and crossing mount points, 503 * find mounted on vnode 504 * if more components of name, do next level at dirloop 505 * return the answer in ni_vp, locked if LOCKLEAF set 506 * if LOCKPARENT set, return locked parent in ni_dvp 507 */ 508 int 509 lookup(struct nameidata *ndp) 510 { 511 const char *cp; /* pointer into pathname argument */ 512 struct vnode *dp = 0; /* the directory we are searching */ 513 struct vnode *tdp; /* saved dp */ 514 struct mount *mp; /* mount table entry */ 515 int docache; /* == 0 do not cache last component */ 516 int rdonly; /* lookup read-only flag bit */ 517 int error = 0; 518 int slashes; 519 struct componentname *cnp = &ndp->ni_cnd; 520 struct lwp *l = curlwp; 521 522 /* 523 * Setup: break out flag bits into variables. 524 */ 525 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 526 if (cnp->cn_nameiop == DELETE) 527 docache = 0; 528 rdonly = cnp->cn_flags & RDONLY; 529 ndp->ni_dvp = NULL; 530 cnp->cn_flags &= ~ISSYMLINK; 531 dp = ndp->ni_startdir; 532 ndp->ni_startdir = NULLVP; 533 534 /* 535 * If we have a leading string of slashes, remove them, and just make 536 * sure the current node is a directory. 537 */ 538 cp = cnp->cn_nameptr; 539 if (*cp == '/') { 540 do { 541 cp++; 542 } while (*cp == '/'); 543 ndp->ni_pathlen -= cp - cnp->cn_nameptr; 544 cnp->cn_nameptr = cp; 545 546 if (dp->v_type != VDIR) { 547 error = ENOTDIR; 548 vput(dp); 549 goto bad; 550 } 551 552 /* 553 * If we've exhausted the path name, then just return the 554 * current node. 555 */ 556 if (cnp->cn_nameptr[0] == '\0') { 557 ndp->ni_vp = dp; 558 cnp->cn_flags |= ISLASTCN; 559 goto terminal; 560 } 561 } 562 563 dirloop: 564 /* 565 * Search a new directory. 566 * 567 * The cn_hash value is for use by vfs_cache. 568 * The last component of the filename is left accessible via 569 * cnp->cn_nameptr for callers that need the name. Callers needing 570 * the name set the SAVENAME flag. When done, they assume 571 * responsibility for freeing the pathname buffer. 572 * 573 * At this point, our only vnode state is that "dp" is held and locked. 574 */ 575 cnp->cn_consume = 0; 576 cp = NULL; 577 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 578 cnp->cn_namelen = cp - cnp->cn_nameptr; 579 if (cnp->cn_namelen > NAME_MAX) { 580 vput(dp); 581 error = ENAMETOOLONG; 582 ndp->ni_dvp = NULL; 583 goto bad; 584 } 585 #ifdef NAMEI_DIAGNOSTIC 586 { char c = *cp; 587 *(char *)cp = '\0'; 588 printf("{%s}: ", cnp->cn_nameptr); 589 *(char *)cp = c; } 590 #endif /* NAMEI_DIAGNOSTIC */ 591 ndp->ni_pathlen -= cnp->cn_namelen; 592 ndp->ni_next = cp; 593 /* 594 * If this component is followed by a slash, then move the pointer to 595 * the next component forward, and remember that this component must be 596 * a directory. 597 */ 598 if (*cp == '/') { 599 do { 600 cp++; 601 } while (*cp == '/'); 602 slashes = cp - ndp->ni_next; 603 ndp->ni_pathlen -= slashes; 604 ndp->ni_next = cp; 605 cnp->cn_flags |= REQUIREDIR; 606 } else { 607 slashes = 0; 608 cnp->cn_flags &= ~REQUIREDIR; 609 } 610 /* 611 * We do special processing on the last component, whether or not it's 612 * a directory. Cache all intervening lookups, but not the final one. 613 */ 614 if (*cp == '\0') { 615 if (docache) 616 cnp->cn_flags |= MAKEENTRY; 617 else 618 cnp->cn_flags &= ~MAKEENTRY; 619 cnp->cn_flags |= ISLASTCN; 620 } else { 621 cnp->cn_flags |= MAKEENTRY; 622 cnp->cn_flags &= ~ISLASTCN; 623 } 624 if (cnp->cn_namelen == 2 && 625 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 626 cnp->cn_flags |= ISDOTDOT; 627 else 628 cnp->cn_flags &= ~ISDOTDOT; 629 630 /* 631 * Handle "..": two special cases. 632 * 1. If at root directory (e.g. after chroot) 633 * or at absolute root directory 634 * then ignore it so can't get out. 635 * 1a. If at the root of the emulation filesystem go to the real 636 * root. So "/../<path>" is always absolute. 637 * 1b. If we have somehow gotten out of a jail, warn 638 * and also ignore it so we can't get farther out. 639 * 2. If this vnode is the root of a mounted 640 * filesystem, then replace it with the 641 * vnode which was mounted on so we take the 642 * .. in the other file system. 643 */ 644 if (cnp->cn_flags & ISDOTDOT) { 645 struct proc *p = l->l_proc; 646 647 for (;;) { 648 if (dp == ndp->ni_rootdir || dp == rootvnode) { 649 ndp->ni_dvp = dp; 650 ndp->ni_vp = dp; 651 VREF(dp); 652 goto nextname; 653 } 654 if (ndp->ni_rootdir != rootvnode) { 655 int retval; 656 657 VOP_UNLOCK(dp, 0); 658 retval = vn_isunder(dp, ndp->ni_rootdir, l); 659 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 660 if (!retval) { 661 /* Oops! We got out of jail! */ 662 log(LOG_WARNING, 663 "chrooted pid %d uid %d (%s) " 664 "detected outside of its chroot\n", 665 p->p_pid, kauth_cred_geteuid(l->l_cred), 666 p->p_comm); 667 /* Put us at the jail root. */ 668 vput(dp); 669 dp = ndp->ni_rootdir; 670 ndp->ni_dvp = dp; 671 ndp->ni_vp = dp; 672 VREF(dp); 673 VREF(dp); 674 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 675 goto nextname; 676 } 677 } 678 if ((dp->v_vflag & VV_ROOT) == 0 || 679 (cnp->cn_flags & NOCROSSMOUNT)) 680 break; 681 tdp = dp; 682 dp = dp->v_mount->mnt_vnodecovered; 683 vput(tdp); 684 VREF(dp); 685 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 686 } 687 } 688 689 /* 690 * We now have a segment name to search for, and a directory to search. 691 * Again, our only vnode state is that "dp" is held and locked. 692 */ 693 unionlookup: 694 ndp->ni_dvp = dp; 695 ndp->ni_vp = NULL; 696 error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp); 697 if (error != 0) { 698 #ifdef DIAGNOSTIC 699 if (ndp->ni_vp != NULL) 700 panic("leaf `%s' should be empty", cnp->cn_nameptr); 701 #endif /* DIAGNOSTIC */ 702 #ifdef NAMEI_DIAGNOSTIC 703 printf("not found\n"); 704 #endif /* NAMEI_DIAGNOSTIC */ 705 if ((error == ENOENT) && 706 (dp->v_vflag & VV_ROOT) && 707 (dp->v_mount->mnt_flag & MNT_UNION)) { 708 tdp = dp; 709 dp = dp->v_mount->mnt_vnodecovered; 710 vput(tdp); 711 VREF(dp); 712 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 713 goto unionlookup; 714 } 715 716 if (error != EJUSTRETURN) 717 goto bad; 718 719 /* 720 * If this was not the last component, or there were trailing 721 * slashes, and we are not going to create a directory, 722 * then the name must exist. 723 */ 724 if ((cnp->cn_flags & (REQUIREDIR | CREATEDIR)) == REQUIREDIR) { 725 error = ENOENT; 726 goto bad; 727 } 728 729 /* 730 * If creating and at end of pathname, then can consider 731 * allowing file to be created. 732 */ 733 if (rdonly) { 734 error = EROFS; 735 goto bad; 736 } 737 738 /* 739 * We return with ni_vp NULL to indicate that the entry 740 * doesn't currently exist, leaving a pointer to the 741 * (possibly locked) directory vnode in ndp->ni_dvp. 742 */ 743 if (cnp->cn_flags & SAVESTART) { 744 ndp->ni_startdir = ndp->ni_dvp; 745 VREF(ndp->ni_startdir); 746 } 747 return (0); 748 } 749 #ifdef NAMEI_DIAGNOSTIC 750 printf("found\n"); 751 #endif /* NAMEI_DIAGNOSTIC */ 752 753 /* 754 * Take into account any additional components consumed by the 755 * underlying filesystem. This will include any trailing slashes after 756 * the last component consumed. 757 */ 758 if (cnp->cn_consume > 0) { 759 ndp->ni_pathlen -= cnp->cn_consume - slashes; 760 ndp->ni_next += cnp->cn_consume - slashes; 761 cnp->cn_consume = 0; 762 if (ndp->ni_next[0] == '\0') 763 cnp->cn_flags |= ISLASTCN; 764 } 765 766 dp = ndp->ni_vp; 767 768 /* 769 * "dp" and "ndp->ni_dvp" are both locked and held, 770 * and may be the same vnode. 771 */ 772 773 /* 774 * Check to see if the vnode has been mounted on; 775 * if so find the root of the mounted file system. 776 */ 777 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) && 778 (cnp->cn_flags & NOCROSSMOUNT) == 0) { 779 if (vfs_busy(mp, RW_READER, 0)) 780 continue; 781 782 KASSERT(ndp->ni_dvp != dp); 783 VOP_UNLOCK(ndp->ni_dvp, 0); 784 vput(dp); 785 error = VFS_ROOT(mp, &tdp); 786 vfs_unbusy(mp, false); 787 if (error) { 788 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY); 789 goto bad; 790 } 791 VOP_UNLOCK(tdp, 0); 792 ndp->ni_vp = dp = tdp; 793 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY); 794 vn_lock(ndp->ni_vp, LK_EXCLUSIVE | LK_RETRY); 795 } 796 797 /* 798 * Check for symbolic link. Back up over any slashes that we skipped, 799 * as we will need them again. 800 */ 801 if ((dp->v_type == VLNK) && (cnp->cn_flags & (FOLLOW|REQUIREDIR))) { 802 ndp->ni_pathlen += slashes; 803 ndp->ni_next -= slashes; 804 cnp->cn_flags |= ISSYMLINK; 805 return (0); 806 } 807 808 /* 809 * Check for directory, if the component was followed by a series of 810 * slashes. 811 */ 812 if ((dp->v_type != VDIR) && (cnp->cn_flags & REQUIREDIR)) { 813 error = ENOTDIR; 814 KASSERT(dp != ndp->ni_dvp); 815 vput(dp); 816 goto bad; 817 } 818 819 nextname: 820 821 /* 822 * Not a symbolic link. If this was not the last component, then 823 * continue at the next component, else return. 824 */ 825 if (!(cnp->cn_flags & ISLASTCN)) { 826 cnp->cn_nameptr = ndp->ni_next; 827 if (ndp->ni_dvp == dp) { 828 vrele(ndp->ni_dvp); 829 } else { 830 vput(ndp->ni_dvp); 831 } 832 goto dirloop; 833 } 834 835 terminal: 836 if (dp == ndp->ni_erootdir) { 837 /* 838 * We are about to return the emulation root. 839 * This isn't a good idea because code might repeatedly 840 * lookup ".." until the file matches that returned 841 * for "/" and loop forever. 842 * So convert it to the real root. 843 */ 844 if (ndp->ni_dvp == dp) 845 vrele(dp); 846 else 847 if (ndp->ni_dvp != NULL) 848 vput(ndp->ni_dvp); 849 ndp->ni_dvp = NULL; 850 vput(dp); 851 dp = ndp->ni_rootdir; 852 VREF(dp); 853 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 854 ndp->ni_vp = dp; 855 } 856 857 /* 858 * If the caller requested the parent node (i.e. 859 * it's a CREATE, DELETE, or RENAME), and we don't have one 860 * (because this is the root directory), then we must fail. 861 */ 862 if (ndp->ni_dvp == NULL && cnp->cn_nameiop != LOOKUP) { 863 switch (cnp->cn_nameiop) { 864 case CREATE: 865 error = EEXIST; 866 break; 867 case DELETE: 868 case RENAME: 869 error = EBUSY; 870 break; 871 default: 872 KASSERT(0); 873 } 874 vput(dp); 875 goto bad; 876 } 877 878 /* 879 * Disallow directory write attempts on read-only lookups. 880 * Prefers EEXIST over EROFS for the CREATE case. 881 */ 882 if (rdonly && 883 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 884 error = EROFS; 885 if (dp != ndp->ni_dvp) { 886 vput(dp); 887 } 888 goto bad; 889 } 890 if (ndp->ni_dvp != NULL) { 891 if (cnp->cn_flags & SAVESTART) { 892 ndp->ni_startdir = ndp->ni_dvp; 893 VREF(ndp->ni_startdir); 894 } 895 } 896 if ((cnp->cn_flags & LOCKLEAF) == 0) { 897 VOP_UNLOCK(dp, 0); 898 } 899 return (0); 900 901 bad: 902 ndp->ni_vp = NULL; 903 return (error); 904 } 905 906 /* 907 * Reacquire a path name component. 908 * dvp is locked on entry and exit. 909 * *vpp is locked on exit unless it's NULL. 910 */ 911 int 912 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp) 913 { 914 int rdonly; /* lookup read-only flag bit */ 915 int error = 0; 916 #ifdef DEBUG 917 uint32_t newhash; /* DEBUG: check name hash */ 918 const char *cp; /* DEBUG: check name ptr/len */ 919 #endif /* DEBUG */ 920 921 /* 922 * Setup: break out flag bits into variables. 923 */ 924 rdonly = cnp->cn_flags & RDONLY; 925 cnp->cn_flags &= ~ISSYMLINK; 926 927 /* 928 * Search a new directory. 929 * 930 * The cn_hash value is for use by vfs_cache. 931 * The last component of the filename is left accessible via 932 * cnp->cn_nameptr for callers that need the name. Callers needing 933 * the name set the SAVENAME flag. When done, they assume 934 * responsibility for freeing the pathname buffer. 935 */ 936 #ifdef DEBUG 937 cp = NULL; 938 newhash = namei_hash(cnp->cn_nameptr, &cp); 939 if ((uint32_t)newhash != (uint32_t)cnp->cn_hash) 940 panic("relookup: bad hash"); 941 if (cnp->cn_namelen != cp - cnp->cn_nameptr) 942 panic("relookup: bad len"); 943 while (*cp == '/') 944 cp++; 945 if (*cp != 0) 946 panic("relookup: not last component"); 947 #endif /* DEBUG */ 948 949 /* 950 * Check for degenerate name (e.g. / or "") 951 * which is a way of talking about a directory, 952 * e.g. like "/." or ".". 953 */ 954 if (cnp->cn_nameptr[0] == '\0') 955 panic("relookup: null name"); 956 957 if (cnp->cn_flags & ISDOTDOT) 958 panic("relookup: lookup on dot-dot"); 959 960 /* 961 * We now have a segment name to search for, and a directory to search. 962 */ 963 if ((error = VOP_LOOKUP(dvp, vpp, cnp)) != 0) { 964 #ifdef DIAGNOSTIC 965 if (*vpp != NULL) 966 panic("leaf `%s' should be empty", cnp->cn_nameptr); 967 #endif 968 if (error != EJUSTRETURN) 969 goto bad; 970 } 971 972 #ifdef DIAGNOSTIC 973 /* 974 * Check for symbolic link 975 */ 976 if (*vpp && (*vpp)->v_type == VLNK && (cnp->cn_flags & FOLLOW)) 977 panic("relookup: symlink found"); 978 #endif 979 980 /* 981 * Check for read-only lookups. 982 */ 983 if (rdonly && cnp->cn_nameiop != LOOKUP) { 984 error = EROFS; 985 if (*vpp) { 986 vput(*vpp); 987 } 988 goto bad; 989 } 990 if (cnp->cn_flags & SAVESTART) 991 VREF(dvp); 992 return (0); 993 994 bad: 995 *vpp = NULL; 996 return (error); 997 } 998