1 /* $NetBSD: vfs_lookup.c,v 1.192 2011/09/27 02:10:55 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.192 2011/09/27 02:10:55 christos Exp $"); 41 42 #include "opt_magiclinks.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/syslimits.h> 48 #include <sys/time.h> 49 #include <sys/namei.h> 50 #include <sys/vnode.h> 51 #include <sys/mount.h> 52 #include <sys/errno.h> 53 #include <sys/filedesc.h> 54 #include <sys/hash.h> 55 #include <sys/proc.h> 56 #include <sys/syslog.h> 57 #include <sys/kauth.h> 58 #include <sys/ktrace.h> 59 #include <sys/dirent.h> 60 61 #ifndef MAGICLINKS 62 #define MAGICLINKS 0 63 #endif 64 65 int vfs_magiclinks = MAGICLINKS; 66 67 __CTASSERT(MAXNAMLEN == NAME_MAX); 68 69 /* 70 * Substitute replacement text for 'magic' strings in symlinks. 71 * Returns 0 if successful, and returns non-zero if an error 72 * occurs. (Currently, the only possible error is running out 73 * of temporary pathname space.) 74 * 75 * Looks for "@<string>" and "@<string>/", where <string> is a 76 * recognized 'magic' string. Replaces the "@<string>" with the 77 * appropriate replacement text. (Note that in some cases the 78 * replacement text may have zero length.) 79 * 80 * This would have been table driven, but the variance in 81 * replacement strings (and replacement string lengths) made 82 * that impractical. 83 */ 84 #define VNL(x) \ 85 (sizeof(x) - 1) 86 87 #define VO '{' 88 #define VC '}' 89 90 #define MATCH(str) \ 91 ((termchar == '/' && i + VNL(str) == *len) || \ 92 (i + VNL(str) < *len && \ 93 cp[i + VNL(str)] == termchar)) && \ 94 !strncmp((str), &cp[i], VNL(str)) 95 96 #define SUBSTITUTE(m, s, sl) \ 97 if ((newlen + (sl)) >= MAXPATHLEN) \ 98 return 1; \ 99 i += VNL(m); \ 100 if (termchar != '/') \ 101 i++; \ 102 (void)memcpy(&tmp[newlen], (s), (sl)); \ 103 newlen += (sl); \ 104 change = 1; \ 105 termchar = '/'; 106 107 static int 108 symlink_magic(struct proc *p, char *cp, size_t *len) 109 { 110 char *tmp; 111 size_t change, i, newlen, slen; 112 char termchar = '/'; 113 char idtmp[11]; /* enough for 32 bit *unsigned* integer */ 114 115 116 tmp = PNBUF_GET(); 117 for (change = i = newlen = 0; i < *len; ) { 118 if (cp[i] != '@') { 119 tmp[newlen++] = cp[i++]; 120 continue; 121 } 122 123 i++; 124 125 /* Check for @{var} syntax. */ 126 if (cp[i] == VO) { 127 termchar = VC; 128 i++; 129 } 130 131 /* 132 * The following checks should be ordered according 133 * to frequency of use. 134 */ 135 if (MATCH("machine_arch")) { 136 slen = VNL(MACHINE_ARCH); 137 SUBSTITUTE("machine_arch", MACHINE_ARCH, slen); 138 } else if (MATCH("machine")) { 139 slen = VNL(MACHINE); 140 SUBSTITUTE("machine", MACHINE, slen); 141 } else if (MATCH("hostname")) { 142 SUBSTITUTE("hostname", hostname, hostnamelen); 143 } else if (MATCH("osrelease")) { 144 slen = strlen(osrelease); 145 SUBSTITUTE("osrelease", osrelease, slen); 146 } else if (MATCH("emul")) { 147 slen = strlen(p->p_emul->e_name); 148 SUBSTITUTE("emul", p->p_emul->e_name, slen); 149 } else if (MATCH("kernel_ident")) { 150 slen = strlen(kernel_ident); 151 SUBSTITUTE("kernel_ident", kernel_ident, slen); 152 } else if (MATCH("domainname")) { 153 SUBSTITUTE("domainname", domainname, domainnamelen); 154 } else if (MATCH("ostype")) { 155 slen = strlen(ostype); 156 SUBSTITUTE("ostype", ostype, slen); 157 } else if (MATCH("uid")) { 158 slen = snprintf(idtmp, sizeof(idtmp), "%u", 159 kauth_cred_geteuid(kauth_cred_get())); 160 SUBSTITUTE("uid", idtmp, slen); 161 } else if (MATCH("ruid")) { 162 slen = snprintf(idtmp, sizeof(idtmp), "%u", 163 kauth_cred_getuid(kauth_cred_get())); 164 SUBSTITUTE("ruid", idtmp, slen); 165 } else if (MATCH("gid")) { 166 slen = snprintf(idtmp, sizeof(idtmp), "%u", 167 kauth_cred_getegid(kauth_cred_get())); 168 SUBSTITUTE("gid", idtmp, slen); 169 } else if (MATCH("rgid")) { 170 slen = snprintf(idtmp, sizeof(idtmp), "%u", 171 kauth_cred_getgid(kauth_cred_get())); 172 SUBSTITUTE("rgid", idtmp, slen); 173 } else { 174 tmp[newlen++] = '@'; 175 if (termchar == VC) 176 tmp[newlen++] = VO; 177 } 178 } 179 180 if (change) { 181 (void)memcpy(cp, tmp, newlen); 182 *len = newlen; 183 } 184 PNBUF_PUT(tmp); 185 186 return 0; 187 } 188 189 #undef VNL 190 #undef VO 191 #undef VC 192 #undef MATCH 193 #undef SUBSTITUTE 194 195 //////////////////////////////////////////////////////////// 196 197 /* 198 * Determine the namei hash (for cn_hash) for name. 199 * If *ep != NULL, hash from name to ep-1. 200 * If *ep == NULL, hash from name until the first NUL or '/', and 201 * return the location of this termination character in *ep. 202 * 203 * This function returns an equivalent hash to the MI hash32_strn(). 204 * The latter isn't used because in the *ep == NULL case, determining 205 * the length of the string to the first NUL or `/' and then calling 206 * hash32_strn() involves unnecessary double-handling of the data. 207 */ 208 uint32_t 209 namei_hash(const char *name, const char **ep) 210 { 211 uint32_t hash; 212 213 hash = HASH32_STR_INIT; 214 if (*ep != NULL) { 215 for (; name < *ep; name++) 216 hash = hash * 33 + *(const uint8_t *)name; 217 } else { 218 for (; *name != '\0' && *name != '/'; name++) 219 hash = hash * 33 + *(const uint8_t *)name; 220 *ep = name; 221 } 222 return (hash + (hash >> 5)); 223 } 224 225 //////////////////////////////////////////////////////////// 226 227 /* 228 * Sealed abstraction for pathnames. 229 * 230 * System-call-layer level code that is going to call namei should 231 * first create a pathbuf and adjust all the bells and whistles on it 232 * as needed by context. 233 */ 234 235 struct pathbuf { 236 char *pb_path; 237 char *pb_pathcopy; 238 unsigned pb_pathcopyuses; 239 }; 240 241 static struct pathbuf * 242 pathbuf_create_raw(void) 243 { 244 struct pathbuf *pb; 245 246 pb = kmem_alloc(sizeof(*pb), KM_SLEEP); 247 if (pb == NULL) { 248 return NULL; 249 } 250 pb->pb_path = PNBUF_GET(); 251 if (pb->pb_path == NULL) { 252 kmem_free(pb, sizeof(*pb)); 253 return NULL; 254 } 255 pb->pb_pathcopy = NULL; 256 pb->pb_pathcopyuses = 0; 257 return pb; 258 } 259 260 void 261 pathbuf_destroy(struct pathbuf *pb) 262 { 263 KASSERT(pb->pb_pathcopyuses == 0); 264 KASSERT(pb->pb_pathcopy == NULL); 265 PNBUF_PUT(pb->pb_path); 266 kmem_free(pb, sizeof(*pb)); 267 } 268 269 struct pathbuf * 270 pathbuf_assimilate(char *pnbuf) 271 { 272 struct pathbuf *pb; 273 274 pb = kmem_alloc(sizeof(*pb), KM_SLEEP); 275 if (pb == NULL) { 276 return NULL; 277 } 278 pb->pb_path = pnbuf; 279 pb->pb_pathcopy = NULL; 280 pb->pb_pathcopyuses = 0; 281 return pb; 282 } 283 284 struct pathbuf * 285 pathbuf_create(const char *path) 286 { 287 struct pathbuf *pb; 288 int error; 289 290 pb = pathbuf_create_raw(); 291 if (pb == NULL) { 292 return NULL; 293 } 294 error = copystr(path, pb->pb_path, PATH_MAX, NULL); 295 if (error != 0) { 296 KASSERT(!"kernel path too long in pathbuf_create"); 297 /* make sure it's null-terminated, just in case */ 298 pb->pb_path[PATH_MAX-1] = '\0'; 299 } 300 return pb; 301 } 302 303 int 304 pathbuf_copyin(const char *userpath, struct pathbuf **ret) 305 { 306 struct pathbuf *pb; 307 int error; 308 309 pb = pathbuf_create_raw(); 310 if (pb == NULL) { 311 return ENOMEM; 312 } 313 error = copyinstr(userpath, pb->pb_path, PATH_MAX, NULL); 314 if (error) { 315 pathbuf_destroy(pb); 316 return error; 317 } 318 *ret = pb; 319 return 0; 320 } 321 322 /* 323 * XXX should not exist: 324 * 1. whether a pointer is kernel or user should be statically checkable. 325 * 2. copyin should be handled by the upper part of the syscall layer, 326 * not in here. 327 */ 328 int 329 pathbuf_maybe_copyin(const char *path, enum uio_seg seg, struct pathbuf **ret) 330 { 331 if (seg == UIO_USERSPACE) { 332 return pathbuf_copyin(path, ret); 333 } else { 334 *ret = pathbuf_create(path); 335 if (*ret == NULL) { 336 return ENOMEM; 337 } 338 return 0; 339 } 340 } 341 342 /* 343 * Get a copy of the path buffer as it currently exists. If this is 344 * called after namei starts the results may be arbitrary. 345 */ 346 void 347 pathbuf_copystring(const struct pathbuf *pb, char *buf, size_t maxlen) 348 { 349 strlcpy(buf, pb->pb_path, maxlen); 350 } 351 352 /* 353 * These two functions allow access to a saved copy of the original 354 * path string. The first copy should be gotten before namei is 355 * called. Each copy that is gotten should be put back. 356 */ 357 358 const char * 359 pathbuf_stringcopy_get(struct pathbuf *pb) 360 { 361 if (pb->pb_pathcopyuses == 0) { 362 pb->pb_pathcopy = PNBUF_GET(); 363 strcpy(pb->pb_pathcopy, pb->pb_path); 364 } 365 pb->pb_pathcopyuses++; 366 return pb->pb_pathcopy; 367 } 368 369 void 370 pathbuf_stringcopy_put(struct pathbuf *pb, const char *str) 371 { 372 KASSERT(str == pb->pb_pathcopy); 373 KASSERT(pb->pb_pathcopyuses > 0); 374 pb->pb_pathcopyuses--; 375 if (pb->pb_pathcopyuses == 0) { 376 PNBUF_PUT(pb->pb_pathcopy); 377 pb->pb_pathcopy = NULL; 378 } 379 } 380 381 382 //////////////////////////////////////////////////////////// 383 384 /* 385 * namei: convert a pathname into a pointer to a (maybe-locked) vnode, 386 * and maybe also its parent directory vnode, and assorted other guff. 387 * See namei(9) for the interface documentation. 388 * 389 * 390 * The FOLLOW flag is set when symbolic links are to be followed 391 * when they occur at the end of the name translation process. 392 * Symbolic links are always followed for all other pathname 393 * components other than the last. 394 * 395 * The segflg defines whether the name is to be copied from user 396 * space or kernel space. 397 * 398 * Overall outline of namei: 399 * 400 * copy in name 401 * get starting directory 402 * while (!done && !error) { 403 * call lookup to search path. 404 * if symbolic link, massage name in buffer and continue 405 * } 406 */ 407 408 /* 409 * Search a pathname. 410 * This is a very central and rather complicated routine. 411 * 412 * The pathname is pointed to by ni_ptr and is of length ni_pathlen. 413 * The starting directory is passed in. The pathname is descended 414 * until done, or a symbolic link is encountered. The variable ni_more 415 * is clear if the path is completed; it is set to one if a symbolic 416 * link needing interpretation is encountered. 417 * 418 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on 419 * whether the name is to be looked up, created, renamed, or deleted. 420 * When CREATE, RENAME, or DELETE is specified, information usable in 421 * creating, renaming, or deleting a directory entry may be calculated. 422 * If flag has LOCKPARENT or'ed into it, the parent directory is returned 423 * locked. Otherwise the parent directory is not returned. If the target 424 * of the pathname exists and LOCKLEAF is or'ed into the flag the target 425 * is returned locked, otherwise it is returned unlocked. When creating 426 * or renaming and LOCKPARENT is specified, the target may not be ".". 427 * When deleting and LOCKPARENT is specified, the target may be ".". 428 * 429 * Overall outline of lookup: 430 * 431 * dirloop: 432 * identify next component of name at ndp->ni_ptr 433 * handle degenerate case where name is null string 434 * if .. and crossing mount points and on mounted filesys, find parent 435 * call VOP_LOOKUP routine for next component name 436 * directory vnode returned in ni_dvp, locked. 437 * component vnode returned in ni_vp (if it exists), locked. 438 * if result vnode is mounted on and crossing mount points, 439 * find mounted on vnode 440 * if more components of name, do next level at dirloop 441 * return the answer in ni_vp, locked if LOCKLEAF set 442 * if LOCKPARENT set, return locked parent in ni_dvp 443 */ 444 445 446 /* 447 * Internal state for a namei operation. 448 * 449 * cnp is always equal to &ndp->ni_cnp. 450 */ 451 struct namei_state { 452 struct nameidata *ndp; 453 struct componentname *cnp; 454 455 int docache; /* == 0 do not cache last component */ 456 int rdonly; /* lookup read-only flag bit */ 457 int slashes; 458 459 unsigned attempt_retry:1; /* true if error allows emul retry */ 460 }; 461 462 463 /* 464 * Initialize the namei working state. 465 */ 466 static void 467 namei_init(struct namei_state *state, struct nameidata *ndp) 468 { 469 state->ndp = ndp; 470 state->cnp = &ndp->ni_cnd; 471 KASSERT((state->cnp->cn_flags & INRELOOKUP) == 0); 472 473 state->docache = 0; 474 state->rdonly = 0; 475 state->slashes = 0; 476 477 #ifdef DIAGNOSTIC 478 if (!state->cnp->cn_cred) 479 panic("namei: bad cred/proc"); 480 if (state->cnp->cn_nameiop & (~OPMASK)) 481 panic("namei: nameiop contaminated with flags"); 482 if (state->cnp->cn_flags & OPMASK) 483 panic("namei: flags contaminated with nameiops"); 484 #endif 485 486 /* 487 * The buffer for name translation shall be the one inside the 488 * pathbuf. 489 */ 490 state->ndp->ni_pnbuf = state->ndp->ni_pathbuf->pb_path; 491 } 492 493 /* 494 * Clean up the working namei state, leaving things ready for return 495 * from namei. 496 */ 497 static void 498 namei_cleanup(struct namei_state *state) 499 { 500 KASSERT(state->cnp == &state->ndp->ni_cnd); 501 502 /* nothing for now */ 503 (void)state; 504 } 505 506 ////////////////////////////// 507 508 /* 509 * Get the directory context. 510 * Initializes the rootdir and erootdir state and returns a reference 511 * to the starting dir. 512 */ 513 static struct vnode * 514 namei_getstartdir(struct namei_state *state) 515 { 516 struct nameidata *ndp = state->ndp; 517 struct componentname *cnp = state->cnp; 518 struct cwdinfo *cwdi; /* pointer to cwd state */ 519 struct lwp *self = curlwp; /* thread doing namei() */ 520 struct vnode *rootdir, *erootdir, *curdir, *startdir; 521 522 cwdi = self->l_proc->p_cwdi; 523 rw_enter(&cwdi->cwdi_lock, RW_READER); 524 525 /* root dir */ 526 if (cwdi->cwdi_rdir == NULL || (cnp->cn_flags & NOCHROOT)) { 527 rootdir = rootvnode; 528 } else { 529 rootdir = cwdi->cwdi_rdir; 530 } 531 532 /* emulation root dir, if any */ 533 if ((cnp->cn_flags & TRYEMULROOT) == 0) { 534 /* if we don't want it, don't fetch it */ 535 erootdir = NULL; 536 } else if (cnp->cn_flags & EMULROOTSET) { 537 /* explicitly set emulroot; "/../" doesn't override this */ 538 erootdir = ndp->ni_erootdir; 539 } else if (!strncmp(ndp->ni_pnbuf, "/../", 4)) { 540 /* explicit reference to real rootdir */ 541 erootdir = NULL; 542 } else { 543 /* may be null */ 544 erootdir = cwdi->cwdi_edir; 545 } 546 547 /* current dir */ 548 curdir = cwdi->cwdi_cdir; 549 550 if (ndp->ni_pnbuf[0] != '/') { 551 startdir = curdir; 552 erootdir = NULL; 553 } else if (cnp->cn_flags & TRYEMULROOT && erootdir != NULL) { 554 startdir = erootdir; 555 } else { 556 startdir = rootdir; 557 erootdir = NULL; 558 } 559 560 state->ndp->ni_rootdir = rootdir; 561 state->ndp->ni_erootdir = erootdir; 562 563 /* 564 * Get a reference to the start dir so we can safely unlock cwdi. 565 * 566 * XXX: should we hold references to rootdir and erootdir while 567 * we're running? What happens if a multithreaded process chroots 568 * during namei? 569 */ 570 vref(startdir); 571 572 rw_exit(&cwdi->cwdi_lock); 573 return startdir; 574 } 575 576 /* 577 * Get the directory context for the nfsd case, in parallel to 578 * getstartdir. Initializes the rootdir and erootdir state and 579 * returns a reference to the passed-in starting dir. 580 */ 581 static struct vnode * 582 namei_getstartdir_for_nfsd(struct namei_state *state, struct vnode *startdir) 583 { 584 /* always use the real root, and never set an emulation root */ 585 state->ndp->ni_rootdir = rootvnode; 586 state->ndp->ni_erootdir = NULL; 587 588 vref(startdir); 589 return startdir; 590 } 591 592 593 /* 594 * Ktrace the namei operation. 595 */ 596 static void 597 namei_ktrace(struct namei_state *state) 598 { 599 struct nameidata *ndp = state->ndp; 600 struct componentname *cnp = state->cnp; 601 struct lwp *self = curlwp; /* thread doing namei() */ 602 const char *emul_path; 603 604 if (ktrpoint(KTR_NAMEI)) { 605 if (ndp->ni_erootdir != NULL) { 606 /* 607 * To make any sense, the trace entry need to have the 608 * text of the emulation path prepended. 609 * Usually we can get this from the current process, 610 * but when called from emul_find_interp() it is only 611 * in the exec_package - so we get it passed in ni_next 612 * (this is a hack). 613 */ 614 if (cnp->cn_flags & EMULROOTSET) 615 emul_path = ndp->ni_next; 616 else 617 emul_path = self->l_proc->p_emul->e_path; 618 ktrnamei2(emul_path, strlen(emul_path), 619 ndp->ni_pnbuf, ndp->ni_pathlen); 620 } else 621 ktrnamei(ndp->ni_pnbuf, ndp->ni_pathlen); 622 } 623 } 624 625 /* 626 * Start up namei. Find the root dir and cwd, establish the starting 627 * directory for lookup, and lock it. Also calls ktrace when 628 * appropriate. 629 */ 630 static int 631 namei_start(struct namei_state *state, struct vnode *forcecwd, 632 struct vnode **startdir_ret) 633 { 634 struct nameidata *ndp = state->ndp; 635 struct vnode *startdir; 636 637 /* length includes null terminator (was originally from copyinstr) */ 638 ndp->ni_pathlen = strlen(ndp->ni_pnbuf) + 1; 639 640 /* 641 * POSIX.1 requirement: "" is not a valid file name. 642 */ 643 if (ndp->ni_pathlen == 1) { 644 return ENOENT; 645 } 646 647 ndp->ni_loopcnt = 0; 648 649 /* Get starting directory, set up root, and ktrace. */ 650 if (forcecwd != NULL) { 651 startdir = namei_getstartdir_for_nfsd(state, forcecwd); 652 /* no ktrace */ 653 } else { 654 startdir = namei_getstartdir(state); 655 namei_ktrace(state); 656 } 657 658 vn_lock(startdir, LK_EXCLUSIVE | LK_RETRY); 659 660 *startdir_ret = startdir; 661 return 0; 662 } 663 664 /* 665 * Check for being at a symlink that we're going to follow. 666 */ 667 static inline int 668 namei_atsymlink(struct namei_state *state, struct vnode *foundobj) 669 { 670 return (foundobj->v_type == VLNK) && 671 (state->cnp->cn_flags & (FOLLOW|REQUIREDIR)); 672 } 673 674 /* 675 * Follow a symlink. 676 * 677 * Updates searchdir. inhibitmagic causes magic symlinks to not be 678 * interpreted; this is used by nfsd. 679 * 680 * Unlocks foundobj on success (ugh) 681 */ 682 static inline int 683 namei_follow(struct namei_state *state, int inhibitmagic, 684 struct vnode *searchdir, struct vnode *foundobj, 685 struct vnode **newsearchdir_ret) 686 { 687 struct nameidata *ndp = state->ndp; 688 struct componentname *cnp = state->cnp; 689 690 struct lwp *self = curlwp; /* thread doing namei() */ 691 struct iovec aiov; /* uio for reading symbolic links */ 692 struct uio auio; 693 char *cp; /* pointer into pathname argument */ 694 size_t linklen; 695 int error; 696 697 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 698 KASSERT(VOP_ISLOCKED(foundobj) == LK_EXCLUSIVE); 699 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) { 700 return ELOOP; 701 } 702 if (foundobj->v_mount->mnt_flag & MNT_SYMPERM) { 703 error = VOP_ACCESS(foundobj, VEXEC, cnp->cn_cred); 704 if (error != 0) 705 return error; 706 } 707 708 /* FUTURE: fix this to not use a second buffer */ 709 cp = PNBUF_GET(); 710 aiov.iov_base = cp; 711 aiov.iov_len = MAXPATHLEN; 712 auio.uio_iov = &aiov; 713 auio.uio_iovcnt = 1; 714 auio.uio_offset = 0; 715 auio.uio_rw = UIO_READ; 716 auio.uio_resid = MAXPATHLEN; 717 UIO_SETUP_SYSSPACE(&auio); 718 error = VOP_READLINK(foundobj, &auio, cnp->cn_cred); 719 if (error) { 720 PNBUF_PUT(cp); 721 return error; 722 } 723 linklen = MAXPATHLEN - auio.uio_resid; 724 if (linklen == 0) { 725 PNBUF_PUT(cp); 726 return ENOENT; 727 } 728 729 /* 730 * Do symlink substitution, if appropriate, and 731 * check length for potential overflow. 732 * 733 * Inhibit symlink substitution for nfsd. 734 * XXX: This is how it was before; is that a bug or a feature? 735 */ 736 if ((!inhibitmagic && vfs_magiclinks && 737 symlink_magic(self->l_proc, cp, &linklen)) || 738 (linklen + ndp->ni_pathlen >= MAXPATHLEN)) { 739 PNBUF_PUT(cp); 740 return ENAMETOOLONG; 741 } 742 if (ndp->ni_pathlen > 1) { 743 /* includes a null-terminator */ 744 memcpy(cp + linklen, ndp->ni_next, ndp->ni_pathlen); 745 } else { 746 cp[linklen] = '\0'; 747 } 748 ndp->ni_pathlen += linklen; 749 memcpy(ndp->ni_pnbuf, cp, ndp->ni_pathlen); 750 PNBUF_PUT(cp); 751 752 /* we're now starting from the beginning of the buffer again */ 753 cnp->cn_nameptr = ndp->ni_pnbuf; 754 755 /* must unlock this before relocking searchdir */ 756 VOP_UNLOCK(foundobj); 757 758 /* 759 * Check if root directory should replace current directory. 760 */ 761 if (ndp->ni_pnbuf[0] == '/') { 762 vput(searchdir); 763 /* Keep absolute symbolic links inside emulation root */ 764 searchdir = ndp->ni_erootdir; 765 if (searchdir == NULL || 766 (ndp->ni_pnbuf[1] == '.' 767 && ndp->ni_pnbuf[2] == '.' 768 && ndp->ni_pnbuf[3] == '/')) { 769 ndp->ni_erootdir = NULL; 770 searchdir = ndp->ni_rootdir; 771 } 772 vref(searchdir); 773 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 774 while (cnp->cn_nameptr[0] == '/') { 775 cnp->cn_nameptr++; 776 ndp->ni_pathlen--; 777 } 778 } 779 780 *newsearchdir_ret = searchdir; 781 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 782 return 0; 783 } 784 785 ////////////////////////////// 786 787 /* 788 * Inspect the leading path component and update the state accordingly. 789 */ 790 static int 791 lookup_parsepath(struct namei_state *state) 792 { 793 const char *cp; /* pointer into pathname argument */ 794 795 struct componentname *cnp = state->cnp; 796 struct nameidata *ndp = state->ndp; 797 798 KASSERT(cnp == &ndp->ni_cnd); 799 800 /* 801 * Search a new directory. 802 * 803 * The cn_hash value is for use by vfs_cache. 804 * The last component of the filename is left accessible via 805 * cnp->cn_nameptr for callers that need the name. Callers needing 806 * the name set the SAVENAME flag. When done, they assume 807 * responsibility for freeing the pathname buffer. 808 * 809 * At this point, our only vnode state is that the search dir 810 * is held and locked. 811 */ 812 cnp->cn_consume = 0; 813 cp = NULL; 814 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 815 cnp->cn_namelen = cp - cnp->cn_nameptr; 816 if (cnp->cn_namelen > KERNEL_NAME_MAX) { 817 return ENAMETOOLONG; 818 } 819 #ifdef NAMEI_DIAGNOSTIC 820 { char c = *cp; 821 *(char *)cp = '\0'; 822 printf("{%s}: ", cnp->cn_nameptr); 823 *(char *)cp = c; } 824 #endif /* NAMEI_DIAGNOSTIC */ 825 ndp->ni_pathlen -= cnp->cn_namelen; 826 ndp->ni_next = cp; 827 /* 828 * If this component is followed by a slash, then move the pointer to 829 * the next component forward, and remember that this component must be 830 * a directory. 831 */ 832 if (*cp == '/') { 833 do { 834 cp++; 835 } while (*cp == '/'); 836 state->slashes = cp - ndp->ni_next; 837 ndp->ni_pathlen -= state->slashes; 838 ndp->ni_next = cp; 839 cnp->cn_flags |= REQUIREDIR; 840 } else { 841 state->slashes = 0; 842 cnp->cn_flags &= ~REQUIREDIR; 843 } 844 /* 845 * We do special processing on the last component, whether or not it's 846 * a directory. Cache all intervening lookups, but not the final one. 847 */ 848 if (*cp == '\0') { 849 if (state->docache) 850 cnp->cn_flags |= MAKEENTRY; 851 else 852 cnp->cn_flags &= ~MAKEENTRY; 853 cnp->cn_flags |= ISLASTCN; 854 } else { 855 cnp->cn_flags |= MAKEENTRY; 856 cnp->cn_flags &= ~ISLASTCN; 857 } 858 if (cnp->cn_namelen == 2 && 859 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 860 cnp->cn_flags |= ISDOTDOT; 861 else 862 cnp->cn_flags &= ~ISDOTDOT; 863 864 return 0; 865 } 866 867 /* 868 * Call VOP_LOOKUP for a single lookup; return a new search directory 869 * (used when crossing mountpoints up or searching union mounts down) and 870 * the found object, which for create operations may be NULL on success. 871 */ 872 static int 873 lookup_once(struct namei_state *state, 874 struct vnode *searchdir, 875 struct vnode **newsearchdir_ret, 876 struct vnode **foundobj_ret) 877 { 878 struct vnode *tmpvn; /* scratch vnode */ 879 struct vnode *foundobj; /* result */ 880 struct mount *mp; /* mount table entry */ 881 struct lwp *l = curlwp; 882 int error; 883 884 struct componentname *cnp = state->cnp; 885 struct nameidata *ndp = state->ndp; 886 887 KASSERT(cnp == &ndp->ni_cnd); 888 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 889 *newsearchdir_ret = searchdir; 890 891 /* 892 * Handle "..": two special cases. 893 * 1. If at root directory (e.g. after chroot) 894 * or at absolute root directory 895 * then ignore it so can't get out. 896 * 1a. If at the root of the emulation filesystem go to the real 897 * root. So "/../<path>" is always absolute. 898 * 1b. If we have somehow gotten out of a jail, warn 899 * and also ignore it so we can't get farther out. 900 * 2. If this vnode is the root of a mounted 901 * filesystem, then replace it with the 902 * vnode which was mounted on so we take the 903 * .. in the other file system. 904 */ 905 if (cnp->cn_flags & ISDOTDOT) { 906 struct proc *p = l->l_proc; 907 908 for (;;) { 909 if (searchdir == ndp->ni_rootdir || 910 searchdir == rootvnode) { 911 foundobj = searchdir; 912 vref(foundobj); 913 *foundobj_ret = foundobj; 914 error = 0; 915 goto done; 916 } 917 if (ndp->ni_rootdir != rootvnode) { 918 int retval; 919 920 VOP_UNLOCK(searchdir); 921 retval = vn_isunder(searchdir, ndp->ni_rootdir, l); 922 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 923 if (!retval) { 924 /* Oops! We got out of jail! */ 925 log(LOG_WARNING, 926 "chrooted pid %d uid %d (%s) " 927 "detected outside of its chroot\n", 928 p->p_pid, kauth_cred_geteuid(l->l_cred), 929 p->p_comm); 930 /* Put us at the jail root. */ 931 vput(searchdir); 932 searchdir = NULL; 933 foundobj = ndp->ni_rootdir; 934 vref(foundobj); 935 vref(foundobj); 936 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 937 *newsearchdir_ret = foundobj; 938 *foundobj_ret = foundobj; 939 error = 0; 940 goto done; 941 } 942 } 943 if ((searchdir->v_vflag & VV_ROOT) == 0 || 944 (cnp->cn_flags & NOCROSSMOUNT)) 945 break; 946 tmpvn = searchdir; 947 searchdir = searchdir->v_mount->mnt_vnodecovered; 948 vref(searchdir); 949 vput(tmpvn); 950 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 951 *newsearchdir_ret = searchdir; 952 } 953 } 954 955 /* 956 * We now have a segment name to search for, and a directory to search. 957 * Our vnode state here is that "searchdir" is held and locked. 958 */ 959 unionlookup: 960 foundobj = NULL; 961 error = VOP_LOOKUP(searchdir, &foundobj, cnp); 962 963 if (error != 0) { 964 #ifdef DIAGNOSTIC 965 if (foundobj != NULL) 966 panic("leaf `%s' should be empty", cnp->cn_nameptr); 967 #endif /* DIAGNOSTIC */ 968 #ifdef NAMEI_DIAGNOSTIC 969 printf("not found\n"); 970 #endif /* NAMEI_DIAGNOSTIC */ 971 if ((error == ENOENT) && 972 (searchdir->v_vflag & VV_ROOT) && 973 (searchdir->v_mount->mnt_flag & MNT_UNION)) { 974 tmpvn = searchdir; 975 searchdir = searchdir->v_mount->mnt_vnodecovered; 976 vref(searchdir); 977 vput(tmpvn); 978 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 979 *newsearchdir_ret = searchdir; 980 goto unionlookup; 981 } 982 983 if (error != EJUSTRETURN) 984 goto done; 985 986 /* 987 * If this was not the last component, or there were trailing 988 * slashes, and we are not going to create a directory, 989 * then the name must exist. 990 */ 991 if ((cnp->cn_flags & (REQUIREDIR | CREATEDIR)) == REQUIREDIR) { 992 error = ENOENT; 993 goto done; 994 } 995 996 /* 997 * If creating and at end of pathname, then can consider 998 * allowing file to be created. 999 */ 1000 if (state->rdonly) { 1001 error = EROFS; 1002 goto done; 1003 } 1004 1005 /* 1006 * We return success and a NULL foundobj to indicate 1007 * that the entry doesn't currently exist, leaving a 1008 * pointer to the (normally, locked) directory vnode 1009 * as searchdir. 1010 */ 1011 *foundobj_ret = NULL; 1012 error = 0; 1013 goto done; 1014 } 1015 #ifdef NAMEI_DIAGNOSTIC 1016 printf("found\n"); 1017 #endif /* NAMEI_DIAGNOSTIC */ 1018 1019 /* 1020 * Take into account any additional components consumed by the 1021 * underlying filesystem. This will include any trailing slashes after 1022 * the last component consumed. 1023 */ 1024 if (cnp->cn_consume > 0) { 1025 ndp->ni_pathlen -= cnp->cn_consume - state->slashes; 1026 ndp->ni_next += cnp->cn_consume - state->slashes; 1027 cnp->cn_consume = 0; 1028 if (ndp->ni_next[0] == '\0') 1029 cnp->cn_flags |= ISLASTCN; 1030 } 1031 1032 /* 1033 * "foundobj" and "searchdir" are both locked and held, 1034 * and may be the same vnode. 1035 */ 1036 1037 /* 1038 * Check to see if the vnode has been mounted on; 1039 * if so find the root of the mounted file system. 1040 */ 1041 while (foundobj->v_type == VDIR && 1042 (mp = foundobj->v_mountedhere) != NULL && 1043 (cnp->cn_flags & NOCROSSMOUNT) == 0) { 1044 error = vfs_busy(mp, NULL); 1045 if (error != 0) { 1046 if (searchdir != foundobj) { 1047 vput(foundobj); 1048 } else { 1049 vrele(foundobj); 1050 } 1051 goto done; 1052 } 1053 if (searchdir != foundobj) { 1054 VOP_UNLOCK(searchdir); 1055 } 1056 vput(foundobj); 1057 error = VFS_ROOT(mp, &foundobj); 1058 vfs_unbusy(mp, false, NULL); 1059 if (error) { 1060 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 1061 goto done; 1062 } 1063 /* 1064 * avoid locking vnodes from two filesystems because it's 1065 * prune to deadlock. eg. when using puffs. 1066 * also, it isn't a good idea to propagate slowness of a 1067 * filesystem up to the root directory. 1068 * for now, only handle the common case. (ie. foundobj is VDIR) 1069 */ 1070 if (foundobj->v_type == VDIR) { 1071 vrele(searchdir); 1072 *newsearchdir_ret = searchdir = foundobj; 1073 vref(searchdir); 1074 } else { 1075 VOP_UNLOCK(foundobj); 1076 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 1077 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 1078 } 1079 } 1080 1081 *foundobj_ret = foundobj; 1082 error = 0; 1083 done: 1084 KASSERT(VOP_ISLOCKED(*newsearchdir_ret) == LK_EXCLUSIVE); 1085 /* 1086 * *foundobj_ret is valid only if error == 0. 1087 */ 1088 KASSERT(error != 0 || *foundobj_ret == NULL || 1089 VOP_ISLOCKED(*foundobj_ret) == LK_EXCLUSIVE); 1090 return error; 1091 } 1092 1093 ////////////////////////////// 1094 1095 /* 1096 * Do a complete path search from a single root directory. 1097 * (This is called up to twice if TRYEMULROOT is in effect.) 1098 */ 1099 static int 1100 namei_oneroot(struct namei_state *state, struct vnode *forcecwd, 1101 int neverfollow, int inhibitmagic) 1102 { 1103 struct nameidata *ndp = state->ndp; 1104 struct componentname *cnp = state->cnp; 1105 struct vnode *searchdir, *foundobj; 1106 int error; 1107 1108 error = namei_start(state, forcecwd, &searchdir); 1109 if (error) { 1110 ndp->ni_dvp = NULL; 1111 ndp->ni_vp = NULL; 1112 return error; 1113 } 1114 KASSERT(searchdir->v_type == VDIR); 1115 1116 /* 1117 * Setup: break out flag bits into variables. 1118 */ 1119 state->docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 1120 if (cnp->cn_nameiop == DELETE) 1121 state->docache = 0; 1122 state->rdonly = cnp->cn_flags & RDONLY; 1123 1124 /* 1125 * Keep going until we run out of path components. 1126 */ 1127 cnp->cn_nameptr = ndp->ni_pnbuf; 1128 1129 /* drop leading slashes (already used them to choose startdir) */ 1130 while (cnp->cn_nameptr[0] == '/') { 1131 cnp->cn_nameptr++; 1132 ndp->ni_pathlen--; 1133 } 1134 /* was it just "/"? */ 1135 if (cnp->cn_nameptr[0] == '\0') { 1136 foundobj = searchdir; 1137 searchdir = NULL; 1138 cnp->cn_flags |= ISLASTCN; 1139 1140 /* bleh */ 1141 goto skiploop; 1142 } 1143 1144 for (;;) { 1145 1146 /* 1147 * If the directory we're on is unmounted, bail out. 1148 * XXX: should this also check if it's unlinked? 1149 * XXX: yes it should... but how? 1150 */ 1151 if (searchdir->v_mount == NULL) { 1152 vput(searchdir); 1153 ndp->ni_dvp = NULL; 1154 ndp->ni_vp = NULL; 1155 return (ENOENT); 1156 } 1157 1158 /* 1159 * Look up the next path component. 1160 * (currently, this may consume more than one) 1161 */ 1162 1163 /* There should be no slashes here. */ 1164 KASSERT(cnp->cn_nameptr[0] != '/'); 1165 1166 /* and we shouldn't have looped around if we were done */ 1167 KASSERT(cnp->cn_nameptr[0] != '\0'); 1168 1169 error = lookup_parsepath(state); 1170 if (error) { 1171 vput(searchdir); 1172 ndp->ni_dvp = NULL; 1173 ndp->ni_vp = NULL; 1174 state->attempt_retry = 1; 1175 return (error); 1176 } 1177 1178 error = lookup_once(state, searchdir, &searchdir, &foundobj); 1179 if (error) { 1180 vput(searchdir); 1181 ndp->ni_dvp = NULL; 1182 ndp->ni_vp = NULL; 1183 /* 1184 * Note that if we're doing TRYEMULROOT we can 1185 * retry with the normal root. Where this is 1186 * currently set matches previous practice, 1187 * but the previous practice didn't make much 1188 * sense and somebody should sit down and 1189 * figure out which cases should cause retry 1190 * and which shouldn't. XXX. 1191 */ 1192 state->attempt_retry = 1; 1193 return (error); 1194 } 1195 1196 if (foundobj == NULL) { 1197 /* 1198 * Success with no object returned means we're 1199 * creating something and it isn't already 1200 * there. Break out of the main loop now so 1201 * the code below doesn't have to test for 1202 * foundobj == NULL. 1203 */ 1204 break; 1205 } 1206 1207 /* 1208 * Check for symbolic link. If we've reached one, 1209 * follow it, unless we aren't supposed to. Back up 1210 * over any slashes that we skipped, as we will need 1211 * them again. 1212 */ 1213 if (namei_atsymlink(state, foundobj)) { 1214 ndp->ni_pathlen += state->slashes; 1215 ndp->ni_next -= state->slashes; 1216 if (neverfollow) { 1217 error = EINVAL; 1218 } else { 1219 /* 1220 * dholland 20110410: if we're at a 1221 * union mount it might make sense to 1222 * use the top of the union stack here 1223 * rather than the layer we found the 1224 * symlink in. (FUTURE) 1225 */ 1226 error = namei_follow(state, inhibitmagic, 1227 searchdir, foundobj, 1228 &searchdir); 1229 } 1230 if (error) { 1231 KASSERT(searchdir != foundobj); 1232 vput(searchdir); 1233 vput(foundobj); 1234 ndp->ni_dvp = NULL; 1235 ndp->ni_vp = NULL; 1236 return error; 1237 } 1238 /* namei_follow unlocks it (ugh) so rele, not put */ 1239 vrele(foundobj); 1240 foundobj = NULL; 1241 1242 /* 1243 * If we followed a symlink to `/' and there 1244 * are no more components after the symlink, 1245 * we're done with the loop and what we found 1246 * is the searchdir. 1247 */ 1248 if (cnp->cn_nameptr[0] == '\0') { 1249 foundobj = searchdir; 1250 searchdir = NULL; 1251 cnp->cn_flags |= ISLASTCN; 1252 break; 1253 } 1254 1255 continue; 1256 } 1257 1258 /* 1259 * Not a symbolic link. 1260 * 1261 * Check for directory, if the component was 1262 * followed by a series of slashes. 1263 */ 1264 if ((foundobj->v_type != VDIR) && 1265 (cnp->cn_flags & REQUIREDIR)) { 1266 if (searchdir == foundobj) { 1267 vrele(searchdir); 1268 } else { 1269 vput(searchdir); 1270 } 1271 vput(foundobj); 1272 ndp->ni_dvp = NULL; 1273 ndp->ni_vp = NULL; 1274 state->attempt_retry = 1; 1275 return ENOTDIR; 1276 } 1277 1278 /* 1279 * Stop if we've reached the last component. 1280 */ 1281 if (cnp->cn_flags & ISLASTCN) { 1282 break; 1283 } 1284 1285 /* 1286 * Continue with the next component. 1287 */ 1288 cnp->cn_nameptr = ndp->ni_next; 1289 if (searchdir == foundobj) { 1290 vrele(searchdir); 1291 } else { 1292 vput(searchdir); 1293 } 1294 searchdir = foundobj; 1295 foundobj = NULL; 1296 } 1297 1298 skiploop: 1299 1300 if (foundobj != NULL) { 1301 if (foundobj == ndp->ni_erootdir) { 1302 /* 1303 * We are about to return the emulation root. 1304 * This isn't a good idea because code might 1305 * repeatedly lookup ".." until the file 1306 * matches that returned for "/" and loop 1307 * forever. So convert it to the real root. 1308 */ 1309 if (searchdir != NULL) { 1310 if (searchdir == foundobj) 1311 vrele(searchdir); 1312 else 1313 vput(searchdir); 1314 searchdir = NULL; 1315 } 1316 vput(foundobj); 1317 foundobj = ndp->ni_rootdir; 1318 vref(foundobj); 1319 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 1320 } 1321 1322 /* 1323 * If the caller requested the parent node (i.e. it's 1324 * a CREATE, DELETE, or RENAME), and we don't have one 1325 * (because this is the root directory, or we crossed 1326 * a mount point), then we must fail. 1327 */ 1328 if (cnp->cn_nameiop != LOOKUP && 1329 (searchdir == NULL || 1330 searchdir->v_mount != foundobj->v_mount)) { 1331 if (searchdir) { 1332 vput(searchdir); 1333 } 1334 vput(foundobj); 1335 foundobj = NULL; 1336 ndp->ni_dvp = NULL; 1337 ndp->ni_vp = NULL; 1338 state->attempt_retry = 1; 1339 1340 switch (cnp->cn_nameiop) { 1341 case CREATE: 1342 return EEXIST; 1343 case DELETE: 1344 case RENAME: 1345 return EBUSY; 1346 default: 1347 break; 1348 } 1349 panic("Invalid nameiop\n"); 1350 } 1351 1352 /* 1353 * Disallow directory write attempts on read-only lookups. 1354 * Prefers EEXIST over EROFS for the CREATE case. 1355 */ 1356 if (state->rdonly && 1357 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 1358 if (searchdir) { 1359 if (foundobj != searchdir) { 1360 vput(searchdir); 1361 } else { 1362 vrele(searchdir); 1363 } 1364 searchdir = NULL; 1365 } 1366 vput(foundobj); 1367 foundobj = NULL; 1368 ndp->ni_dvp = NULL; 1369 ndp->ni_vp = NULL; 1370 state->attempt_retry = 1; 1371 return EROFS; 1372 } 1373 if ((cnp->cn_flags & LOCKLEAF) == 0) { 1374 /* 1375 * Note: if LOCKPARENT but not LOCKLEAF is 1376 * set, and searchdir == foundobj, this code 1377 * necessarily unlocks the parent as well as 1378 * the leaf. That is, just because you specify 1379 * LOCKPARENT doesn't mean you necessarily get 1380 * a locked parent vnode. The code in 1381 * vfs_syscalls.c, and possibly elsewhere, 1382 * that uses this combination "knows" this, so 1383 * it can't be safely changed. Feh. XXX 1384 */ 1385 VOP_UNLOCK(foundobj); 1386 } 1387 } 1388 1389 /* 1390 * Done. 1391 */ 1392 1393 /* 1394 * If LOCKPARENT is not set, the parent directory isn't returned. 1395 */ 1396 if ((cnp->cn_flags & LOCKPARENT) == 0 && searchdir != NULL) { 1397 if (searchdir == foundobj) { 1398 vrele(searchdir); 1399 } else { 1400 vput(searchdir); 1401 } 1402 searchdir = NULL; 1403 } 1404 1405 ndp->ni_dvp = searchdir; 1406 ndp->ni_vp = foundobj; 1407 return 0; 1408 } 1409 1410 /* 1411 * Do namei; wrapper layer that handles TRYEMULROOT. 1412 */ 1413 static int 1414 namei_tryemulroot(struct namei_state *state, struct vnode *forcecwd, 1415 int neverfollow, int inhibitmagic) 1416 { 1417 int error; 1418 1419 struct nameidata *ndp = state->ndp; 1420 struct componentname *cnp = state->cnp; 1421 const char *savepath = NULL; 1422 1423 KASSERT(cnp == &ndp->ni_cnd); 1424 1425 if (cnp->cn_flags & TRYEMULROOT) { 1426 savepath = pathbuf_stringcopy_get(ndp->ni_pathbuf); 1427 } 1428 1429 emul_retry: 1430 state->attempt_retry = 0; 1431 1432 error = namei_oneroot(state, forcecwd, neverfollow, inhibitmagic); 1433 if (error) { 1434 /* 1435 * Once namei has started up, the existence of ni_erootdir 1436 * tells us whether we're working from an emulation root. 1437 * The TRYEMULROOT flag isn't necessarily authoritative. 1438 */ 1439 if (ndp->ni_erootdir != NULL && state->attempt_retry) { 1440 /* Retry the whole thing using the normal root */ 1441 cnp->cn_flags &= ~TRYEMULROOT; 1442 state->attempt_retry = 0; 1443 1444 /* kinda gross */ 1445 strcpy(ndp->ni_pathbuf->pb_path, savepath); 1446 pathbuf_stringcopy_put(ndp->ni_pathbuf, savepath); 1447 savepath = NULL; 1448 1449 goto emul_retry; 1450 } 1451 } 1452 if (savepath != NULL) { 1453 pathbuf_stringcopy_put(ndp->ni_pathbuf, savepath); 1454 } 1455 return error; 1456 } 1457 1458 /* 1459 * External interface. 1460 */ 1461 int 1462 namei(struct nameidata *ndp) 1463 { 1464 struct namei_state state; 1465 int error; 1466 1467 namei_init(&state, ndp); 1468 error = namei_tryemulroot(&state, NULL, 1469 0/*!neverfollow*/, 0/*!inhibitmagic*/); 1470 namei_cleanup(&state); 1471 1472 if (error) { 1473 /* make sure no stray refs leak out */ 1474 KASSERT(ndp->ni_dvp == NULL); 1475 KASSERT(ndp->ni_vp == NULL); 1476 } 1477 1478 return error; 1479 } 1480 1481 //////////////////////////////////////////////////////////// 1482 1483 /* 1484 * External interface used by nfsd. This is basically different from 1485 * namei only in that it has the ability to pass in the "current 1486 * directory", and uses an extra flag "neverfollow" for which there's 1487 * no physical flag defined in namei.h. (There used to be a cut&paste 1488 * copy of about half of namei in nfsd to allow these minor 1489 * adjustments to exist.) 1490 * 1491 * XXX: the namei interface should be adjusted so nfsd can just use 1492 * ordinary namei(). 1493 */ 1494 int 1495 lookup_for_nfsd(struct nameidata *ndp, struct vnode *forcecwd, int neverfollow) 1496 { 1497 struct namei_state state; 1498 int error; 1499 1500 namei_init(&state, ndp); 1501 error = namei_tryemulroot(&state, forcecwd, 1502 neverfollow, 1/*inhibitmagic*/); 1503 namei_cleanup(&state); 1504 1505 if (error) { 1506 /* make sure no stray refs leak out */ 1507 KASSERT(ndp->ni_dvp == NULL); 1508 KASSERT(ndp->ni_vp == NULL); 1509 } 1510 1511 return error; 1512 } 1513 1514 /* 1515 * A second external interface used by nfsd. This turns out to be a 1516 * single lookup used by the WebNFS code (ha!) to get "index.html" or 1517 * equivalent when asked for a directory. It should eventually evolve 1518 * into some kind of namei_once() call; for the time being it's kind 1519 * of a mess. XXX. 1520 * 1521 * dholland 20110109: I don't think it works, and I don't think it 1522 * worked before I started hacking and slashing either, and I doubt 1523 * anyone will ever notice. 1524 */ 1525 1526 /* 1527 * Internals. This calls lookup_once() after setting up the assorted 1528 * pieces of state the way they ought to be. 1529 */ 1530 static int 1531 do_lookup_for_nfsd_index(struct namei_state *state, struct vnode *startdir) 1532 { 1533 int error = 0; 1534 1535 struct componentname *cnp = state->cnp; 1536 struct nameidata *ndp = state->ndp; 1537 struct vnode *foundobj; 1538 const char *cp; /* pointer into pathname argument */ 1539 1540 KASSERT(cnp == &ndp->ni_cnd); 1541 1542 cnp->cn_nameptr = ndp->ni_pnbuf; 1543 state->docache = 1; 1544 state->rdonly = cnp->cn_flags & RDONLY; 1545 ndp->ni_dvp = NULL; 1546 1547 cnp->cn_consume = 0; 1548 cp = NULL; 1549 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 1550 cnp->cn_namelen = cp - cnp->cn_nameptr; 1551 KASSERT(cnp->cn_namelen <= KERNEL_NAME_MAX); 1552 ndp->ni_pathlen -= cnp->cn_namelen; 1553 ndp->ni_next = cp; 1554 state->slashes = 0; 1555 cnp->cn_flags &= ~REQUIREDIR; 1556 cnp->cn_flags |= MAKEENTRY|ISLASTCN; 1557 1558 if (cnp->cn_namelen == 2 && 1559 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 1560 cnp->cn_flags |= ISDOTDOT; 1561 else 1562 cnp->cn_flags &= ~ISDOTDOT; 1563 1564 /* 1565 * Because lookup_once can change the startdir, we need our 1566 * own reference to it to avoid consuming the caller's. 1567 */ 1568 vref(startdir); 1569 vn_lock(startdir, LK_EXCLUSIVE | LK_RETRY); 1570 error = lookup_once(state, startdir, &startdir, &foundobj); 1571 if (error == 0 && startdir == foundobj) { 1572 vrele(startdir); 1573 } else { 1574 vput(startdir); 1575 } 1576 if (error) { 1577 goto bad; 1578 } 1579 ndp->ni_vp = foundobj; 1580 1581 if (foundobj == NULL) { 1582 return 0; 1583 } 1584 1585 KASSERT((cnp->cn_flags & LOCKPARENT) == 0); 1586 if ((cnp->cn_flags & LOCKLEAF) == 0) { 1587 VOP_UNLOCK(foundobj); 1588 } 1589 return (0); 1590 1591 bad: 1592 ndp->ni_vp = NULL; 1593 return (error); 1594 } 1595 1596 /* 1597 * External interface. The partitioning between this function and the 1598 * above isn't very clear - the above function exists mostly so code 1599 * that uses "state->" can be shuffled around without having to change 1600 * it to "state.". 1601 */ 1602 int 1603 lookup_for_nfsd_index(struct nameidata *ndp, struct vnode *startdir) 1604 { 1605 struct namei_state state; 1606 int error; 1607 1608 /* 1609 * Note: the name sent in here (is not|should not be) allowed 1610 * to contain a slash. 1611 */ 1612 if (strlen(ndp->ni_pathbuf->pb_path) > KERNEL_NAME_MAX) { 1613 return ENAMETOOLONG; 1614 } 1615 if (strchr(ndp->ni_pathbuf->pb_path, '/')) { 1616 return EINVAL; 1617 } 1618 1619 ndp->ni_pathlen = strlen(ndp->ni_pathbuf->pb_path) + 1; 1620 ndp->ni_pnbuf = NULL; 1621 ndp->ni_cnd.cn_nameptr = NULL; 1622 1623 namei_init(&state, ndp); 1624 error = do_lookup_for_nfsd_index(&state, startdir); 1625 namei_cleanup(&state); 1626 1627 return error; 1628 } 1629 1630 //////////////////////////////////////////////////////////// 1631 1632 /* 1633 * Reacquire a path name component. 1634 * dvp is locked on entry and exit. 1635 * *vpp is locked on exit unless it's NULL. 1636 */ 1637 int 1638 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int dummy) 1639 { 1640 int rdonly; /* lookup read-only flag bit */ 1641 int error = 0; 1642 #ifdef DEBUG 1643 uint32_t newhash; /* DEBUG: check name hash */ 1644 const char *cp; /* DEBUG: check name ptr/len */ 1645 #endif /* DEBUG */ 1646 1647 (void)dummy; 1648 1649 /* 1650 * Setup: break out flag bits into variables. 1651 */ 1652 rdonly = cnp->cn_flags & RDONLY; 1653 1654 /* 1655 * Search a new directory. 1656 * 1657 * The cn_hash value is for use by vfs_cache. 1658 * The last component of the filename is left accessible via 1659 * cnp->cn_nameptr for callers that need the name. Callers needing 1660 * the name set the SAVENAME flag. When done, they assume 1661 * responsibility for freeing the pathname buffer. 1662 */ 1663 #ifdef DEBUG 1664 cp = NULL; 1665 newhash = namei_hash(cnp->cn_nameptr, &cp); 1666 if ((uint32_t)newhash != (uint32_t)cnp->cn_hash) 1667 panic("relookup: bad hash"); 1668 if (cnp->cn_namelen != cp - cnp->cn_nameptr) 1669 panic("relookup: bad len"); 1670 while (*cp == '/') 1671 cp++; 1672 if (*cp != 0) 1673 panic("relookup: not last component"); 1674 #endif /* DEBUG */ 1675 1676 /* 1677 * Check for degenerate name (e.g. / or "") 1678 * which is a way of talking about a directory, 1679 * e.g. like "/." or ".". 1680 */ 1681 if (cnp->cn_nameptr[0] == '\0') 1682 panic("relookup: null name"); 1683 1684 if (cnp->cn_flags & ISDOTDOT) 1685 panic("relookup: lookup on dot-dot"); 1686 1687 /* 1688 * We now have a segment name to search for, and a directory to search. 1689 */ 1690 cnp->cn_flags |= INRELOOKUP; 1691 error = VOP_LOOKUP(dvp, vpp, cnp); 1692 cnp->cn_flags &= ~INRELOOKUP; 1693 if ((error) != 0) { 1694 #ifdef DIAGNOSTIC 1695 if (*vpp != NULL) 1696 panic("leaf `%s' should be empty", cnp->cn_nameptr); 1697 #endif 1698 if (error != EJUSTRETURN) 1699 goto bad; 1700 } 1701 1702 #ifdef DIAGNOSTIC 1703 /* 1704 * Check for symbolic link 1705 */ 1706 if (*vpp && (*vpp)->v_type == VLNK && (cnp->cn_flags & FOLLOW)) 1707 panic("relookup: symlink found"); 1708 #endif 1709 1710 /* 1711 * Check for read-only lookups. 1712 */ 1713 if (rdonly && cnp->cn_nameiop != LOOKUP) { 1714 error = EROFS; 1715 if (*vpp) { 1716 vput(*vpp); 1717 } 1718 goto bad; 1719 } 1720 return (0); 1721 1722 bad: 1723 *vpp = NULL; 1724 return (error); 1725 } 1726 1727 /* 1728 * namei_simple - simple forms of namei. 1729 * 1730 * These are wrappers to allow the simple case callers of namei to be 1731 * left alone while everything else changes under them. 1732 */ 1733 1734 /* Flags */ 1735 struct namei_simple_flags_type { 1736 int dummy; 1737 }; 1738 static const struct namei_simple_flags_type ns_nn, ns_nt, ns_fn, ns_ft; 1739 const namei_simple_flags_t NSM_NOFOLLOW_NOEMULROOT = &ns_nn; 1740 const namei_simple_flags_t NSM_NOFOLLOW_TRYEMULROOT = &ns_nt; 1741 const namei_simple_flags_t NSM_FOLLOW_NOEMULROOT = &ns_fn; 1742 const namei_simple_flags_t NSM_FOLLOW_TRYEMULROOT = &ns_ft; 1743 1744 static 1745 int 1746 namei_simple_convert_flags(namei_simple_flags_t sflags) 1747 { 1748 if (sflags == NSM_NOFOLLOW_NOEMULROOT) 1749 return NOFOLLOW | 0; 1750 if (sflags == NSM_NOFOLLOW_TRYEMULROOT) 1751 return NOFOLLOW | TRYEMULROOT; 1752 if (sflags == NSM_FOLLOW_NOEMULROOT) 1753 return FOLLOW | 0; 1754 if (sflags == NSM_FOLLOW_TRYEMULROOT) 1755 return FOLLOW | TRYEMULROOT; 1756 panic("namei_simple_convert_flags: bogus sflags\n"); 1757 return 0; 1758 } 1759 1760 int 1761 namei_simple_kernel(const char *path, namei_simple_flags_t sflags, 1762 struct vnode **vp_ret) 1763 { 1764 struct nameidata nd; 1765 struct pathbuf *pb; 1766 int err; 1767 1768 pb = pathbuf_create(path); 1769 if (pb == NULL) { 1770 return ENOMEM; 1771 } 1772 1773 NDINIT(&nd, 1774 LOOKUP, 1775 namei_simple_convert_flags(sflags), 1776 pb); 1777 err = namei(&nd); 1778 if (err != 0) { 1779 pathbuf_destroy(pb); 1780 return err; 1781 } 1782 *vp_ret = nd.ni_vp; 1783 pathbuf_destroy(pb); 1784 return 0; 1785 } 1786 1787 int 1788 namei_simple_user(const char *path, namei_simple_flags_t sflags, 1789 struct vnode **vp_ret) 1790 { 1791 struct pathbuf *pb; 1792 struct nameidata nd; 1793 int err; 1794 1795 err = pathbuf_copyin(path, &pb); 1796 if (err) { 1797 return err; 1798 } 1799 1800 NDINIT(&nd, 1801 LOOKUP, 1802 namei_simple_convert_flags(sflags), 1803 pb); 1804 err = namei(&nd); 1805 if (err != 0) { 1806 pathbuf_destroy(pb); 1807 return err; 1808 } 1809 *vp_ret = nd.ni_vp; 1810 pathbuf_destroy(pb); 1811 return 0; 1812 } 1813