1 /* $NetBSD: vfs_lookup.c,v 1.175 2011/04/14 15:29:25 yamt Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.175 2011/04/14 15:29:25 yamt Exp $"); 41 42 #include "opt_magiclinks.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/syslimits.h> 48 #include <sys/time.h> 49 #include <sys/namei.h> 50 #include <sys/vnode.h> 51 #include <sys/mount.h> 52 #include <sys/errno.h> 53 #include <sys/filedesc.h> 54 #include <sys/hash.h> 55 #include <sys/proc.h> 56 #include <sys/syslog.h> 57 #include <sys/kauth.h> 58 #include <sys/ktrace.h> 59 60 #ifndef MAGICLINKS 61 #define MAGICLINKS 0 62 #endif 63 64 int vfs_magiclinks = MAGICLINKS; 65 66 /* 67 * Substitute replacement text for 'magic' strings in symlinks. 68 * Returns 0 if successful, and returns non-zero if an error 69 * occurs. (Currently, the only possible error is running out 70 * of temporary pathname space.) 71 * 72 * Looks for "@<string>" and "@<string>/", where <string> is a 73 * recognized 'magic' string. Replaces the "@<string>" with the 74 * appropriate replacement text. (Note that in some cases the 75 * replacement text may have zero length.) 76 * 77 * This would have been table driven, but the variance in 78 * replacement strings (and replacement string lengths) made 79 * that impractical. 80 */ 81 #define VNL(x) \ 82 (sizeof(x) - 1) 83 84 #define VO '{' 85 #define VC '}' 86 87 #define MATCH(str) \ 88 ((termchar == '/' && i + VNL(str) == *len) || \ 89 (i + VNL(str) < *len && \ 90 cp[i + VNL(str)] == termchar)) && \ 91 !strncmp((str), &cp[i], VNL(str)) 92 93 #define SUBSTITUTE(m, s, sl) \ 94 if ((newlen + (sl)) >= MAXPATHLEN) \ 95 return 1; \ 96 i += VNL(m); \ 97 if (termchar != '/') \ 98 i++; \ 99 (void)memcpy(&tmp[newlen], (s), (sl)); \ 100 newlen += (sl); \ 101 change = 1; \ 102 termchar = '/'; 103 104 static int 105 symlink_magic(struct proc *p, char *cp, size_t *len) 106 { 107 char *tmp; 108 size_t change, i, newlen, slen; 109 char termchar = '/'; 110 char idtmp[11]; /* enough for 32 bit *unsigned* integer */ 111 112 113 tmp = PNBUF_GET(); 114 for (change = i = newlen = 0; i < *len; ) { 115 if (cp[i] != '@') { 116 tmp[newlen++] = cp[i++]; 117 continue; 118 } 119 120 i++; 121 122 /* Check for @{var} syntax. */ 123 if (cp[i] == VO) { 124 termchar = VC; 125 i++; 126 } 127 128 /* 129 * The following checks should be ordered according 130 * to frequency of use. 131 */ 132 if (MATCH("machine_arch")) { 133 slen = VNL(MACHINE_ARCH); 134 SUBSTITUTE("machine_arch", MACHINE_ARCH, slen); 135 } else if (MATCH("machine")) { 136 slen = VNL(MACHINE); 137 SUBSTITUTE("machine", MACHINE, slen); 138 } else if (MATCH("hostname")) { 139 SUBSTITUTE("hostname", hostname, hostnamelen); 140 } else if (MATCH("osrelease")) { 141 slen = strlen(osrelease); 142 SUBSTITUTE("osrelease", osrelease, slen); 143 } else if (MATCH("emul")) { 144 slen = strlen(p->p_emul->e_name); 145 SUBSTITUTE("emul", p->p_emul->e_name, slen); 146 } else if (MATCH("kernel_ident")) { 147 slen = strlen(kernel_ident); 148 SUBSTITUTE("kernel_ident", kernel_ident, slen); 149 } else if (MATCH("domainname")) { 150 SUBSTITUTE("domainname", domainname, domainnamelen); 151 } else if (MATCH("ostype")) { 152 slen = strlen(ostype); 153 SUBSTITUTE("ostype", ostype, slen); 154 } else if (MATCH("uid")) { 155 slen = snprintf(idtmp, sizeof(idtmp), "%u", 156 kauth_cred_geteuid(kauth_cred_get())); 157 SUBSTITUTE("uid", idtmp, slen); 158 } else if (MATCH("ruid")) { 159 slen = snprintf(idtmp, sizeof(idtmp), "%u", 160 kauth_cred_getuid(kauth_cred_get())); 161 SUBSTITUTE("ruid", idtmp, slen); 162 } else if (MATCH("gid")) { 163 slen = snprintf(idtmp, sizeof(idtmp), "%u", 164 kauth_cred_getegid(kauth_cred_get())); 165 SUBSTITUTE("gid", idtmp, slen); 166 } else if (MATCH("rgid")) { 167 slen = snprintf(idtmp, sizeof(idtmp), "%u", 168 kauth_cred_getgid(kauth_cred_get())); 169 SUBSTITUTE("rgid", idtmp, slen); 170 } else { 171 tmp[newlen++] = '@'; 172 if (termchar == VC) 173 tmp[newlen++] = VO; 174 } 175 } 176 177 if (change) { 178 (void)memcpy(cp, tmp, newlen); 179 *len = newlen; 180 } 181 PNBUF_PUT(tmp); 182 183 return 0; 184 } 185 186 #undef VNL 187 #undef VO 188 #undef VC 189 #undef MATCH 190 #undef SUBSTITUTE 191 192 //////////////////////////////////////////////////////////// 193 194 /* 195 * Determine the namei hash (for cn_hash) for name. 196 * If *ep != NULL, hash from name to ep-1. 197 * If *ep == NULL, hash from name until the first NUL or '/', and 198 * return the location of this termination character in *ep. 199 * 200 * This function returns an equivalent hash to the MI hash32_strn(). 201 * The latter isn't used because in the *ep == NULL case, determining 202 * the length of the string to the first NUL or `/' and then calling 203 * hash32_strn() involves unnecessary double-handling of the data. 204 */ 205 uint32_t 206 namei_hash(const char *name, const char **ep) 207 { 208 uint32_t hash; 209 210 hash = HASH32_STR_INIT; 211 if (*ep != NULL) { 212 for (; name < *ep; name++) 213 hash = hash * 33 + *(const uint8_t *)name; 214 } else { 215 for (; *name != '\0' && *name != '/'; name++) 216 hash = hash * 33 + *(const uint8_t *)name; 217 *ep = name; 218 } 219 return (hash + (hash >> 5)); 220 } 221 222 //////////////////////////////////////////////////////////// 223 224 /* 225 * Sealed abstraction for pathnames. 226 * 227 * System-call-layer level code that is going to call namei should 228 * first create a pathbuf and adjust all the bells and whistles on it 229 * as needed by context 230 */ 231 232 struct pathbuf { 233 char *pb_path; 234 char *pb_pathcopy; 235 unsigned pb_pathcopyuses; 236 }; 237 238 static struct pathbuf * 239 pathbuf_create_raw(void) 240 { 241 struct pathbuf *pb; 242 243 pb = kmem_alloc(sizeof(*pb), KM_SLEEP); 244 if (pb == NULL) { 245 return NULL; 246 } 247 pb->pb_path = PNBUF_GET(); 248 if (pb->pb_path == NULL) { 249 kmem_free(pb, sizeof(*pb)); 250 return NULL; 251 } 252 pb->pb_pathcopy = NULL; 253 pb->pb_pathcopyuses = 0; 254 return pb; 255 } 256 257 void 258 pathbuf_destroy(struct pathbuf *pb) 259 { 260 KASSERT(pb->pb_pathcopyuses == 0); 261 KASSERT(pb->pb_pathcopy == NULL); 262 PNBUF_PUT(pb->pb_path); 263 kmem_free(pb, sizeof(*pb)); 264 } 265 266 struct pathbuf * 267 pathbuf_assimilate(char *pnbuf) 268 { 269 struct pathbuf *pb; 270 271 pb = kmem_alloc(sizeof(*pb), KM_SLEEP); 272 if (pb == NULL) { 273 return NULL; 274 } 275 pb->pb_path = pnbuf; 276 pb->pb_pathcopy = NULL; 277 pb->pb_pathcopyuses = 0; 278 return pb; 279 } 280 281 struct pathbuf * 282 pathbuf_create(const char *path) 283 { 284 struct pathbuf *pb; 285 int error; 286 287 pb = pathbuf_create_raw(); 288 if (pb == NULL) { 289 return NULL; 290 } 291 error = copystr(path, pb->pb_path, PATH_MAX, NULL); 292 if (error != 0) { 293 KASSERT(!"kernel path too long in pathbuf_create"); 294 /* make sure it's null-terminated, just in case */ 295 pb->pb_path[PATH_MAX-1] = '\0'; 296 } 297 return pb; 298 } 299 300 int 301 pathbuf_copyin(const char *userpath, struct pathbuf **ret) 302 { 303 struct pathbuf *pb; 304 int error; 305 306 pb = pathbuf_create_raw(); 307 if (pb == NULL) { 308 return ENOMEM; 309 } 310 error = copyinstr(userpath, pb->pb_path, PATH_MAX, NULL); 311 if (error) { 312 pathbuf_destroy(pb); 313 return error; 314 } 315 *ret = pb; 316 return 0; 317 } 318 319 /* 320 * XXX should not exist: 321 * 1. whether a pointer is kernel or user should be statically checkable 322 * 2. copyin should be handled by the upper part of the syscall layer, 323 * not in here. 324 */ 325 int 326 pathbuf_maybe_copyin(const char *path, enum uio_seg seg, struct pathbuf **ret) 327 { 328 if (seg == UIO_USERSPACE) { 329 return pathbuf_copyin(path, ret); 330 } else { 331 *ret = pathbuf_create(path); 332 if (*ret == NULL) { 333 return ENOMEM; 334 } 335 return 0; 336 } 337 } 338 339 /* 340 * Get a copy of the path buffer as it currently exists. If this is 341 * called after namei starts the results may be arbitrary. 342 */ 343 void 344 pathbuf_copystring(const struct pathbuf *pb, char *buf, size_t maxlen) 345 { 346 strlcpy(buf, pb->pb_path, maxlen); 347 } 348 349 /* 350 * These two functions allow access to a saved copy of the original 351 * path string. The first copy should be gotten before namei is 352 * called. Each copy that is gotten should be put back. 353 */ 354 355 const char * 356 pathbuf_stringcopy_get(struct pathbuf *pb) 357 { 358 if (pb->pb_pathcopyuses == 0) { 359 pb->pb_pathcopy = PNBUF_GET(); 360 strcpy(pb->pb_pathcopy, pb->pb_path); 361 } 362 pb->pb_pathcopyuses++; 363 return pb->pb_pathcopy; 364 } 365 366 void 367 pathbuf_stringcopy_put(struct pathbuf *pb, const char *str) 368 { 369 KASSERT(str == pb->pb_pathcopy); 370 KASSERT(pb->pb_pathcopyuses > 0); 371 pb->pb_pathcopyuses--; 372 if (pb->pb_pathcopyuses == 0) { 373 PNBUF_PUT(pb->pb_pathcopy); 374 pb->pb_pathcopy = NULL; 375 } 376 } 377 378 379 //////////////////////////////////////////////////////////// 380 381 /* 382 * namei: convert a pathname into a pointer to a (maybe-locked) vnode, 383 * and maybe also its parent directory vnode, and assorted other guff. 384 * See namei(9) for the interface documentation. 385 * 386 * 387 * The FOLLOW flag is set when symbolic links are to be followed 388 * when they occur at the end of the name translation process. 389 * Symbolic links are always followed for all other pathname 390 * components other than the last. 391 * 392 * The segflg defines whether the name is to be copied from user 393 * space or kernel space. 394 * 395 * Overall outline of namei: 396 * 397 * copy in name 398 * get starting directory 399 * while (!done && !error) { 400 * call lookup to search path. 401 * if symbolic link, massage name in buffer and continue 402 * } 403 */ 404 405 /* 406 * Search a pathname. 407 * This is a very central and rather complicated routine. 408 * 409 * The pathname is pointed to by ni_ptr and is of length ni_pathlen. 410 * The starting directory is passed in. The pathname is descended 411 * until done, or a symbolic link is encountered. The variable ni_more 412 * is clear if the path is completed; it is set to one if a symbolic 413 * link needing interpretation is encountered. 414 * 415 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on 416 * whether the name is to be looked up, created, renamed, or deleted. 417 * When CREATE, RENAME, or DELETE is specified, information usable in 418 * creating, renaming, or deleting a directory entry may be calculated. 419 * If flag has LOCKPARENT or'ed into it, the parent directory is returned 420 * locked. Otherwise the parent directory is not returned. If the target 421 * of the pathname exists and LOCKLEAF is or'ed into the flag the target 422 * is returned locked, otherwise it is returned unlocked. When creating 423 * or renaming and LOCKPARENT is specified, the target may not be ".". 424 * When deleting and LOCKPARENT is specified, the target may be ".". 425 * 426 * Overall outline of lookup: 427 * 428 * dirloop: 429 * identify next component of name at ndp->ni_ptr 430 * handle degenerate case where name is null string 431 * if .. and crossing mount points and on mounted filesys, find parent 432 * call VOP_LOOKUP routine for next component name 433 * directory vnode returned in ni_dvp, locked. 434 * component vnode returned in ni_vp (if it exists), locked. 435 * if result vnode is mounted on and crossing mount points, 436 * find mounted on vnode 437 * if more components of name, do next level at dirloop 438 * return the answer in ni_vp, locked if LOCKLEAF set 439 * if LOCKPARENT set, return locked parent in ni_dvp 440 */ 441 442 443 /* 444 * Internal state for a namei operation. 445 * 446 * cnp is always equal to &ndp->ni_cnp. 447 */ 448 struct namei_state { 449 struct nameidata *ndp; 450 struct componentname *cnp; 451 452 int docache; /* == 0 do not cache last component */ 453 int rdonly; /* lookup read-only flag bit */ 454 int slashes; 455 456 unsigned attempt_retry:1; /* true if error allows emul retry */ 457 }; 458 459 460 /* 461 * Initialize the namei working state. 462 */ 463 static void 464 namei_init(struct namei_state *state, struct nameidata *ndp) 465 { 466 state->ndp = ndp; 467 state->cnp = &ndp->ni_cnd; 468 KASSERT((state->cnp->cn_flags & INRELOOKUP) == 0); 469 470 state->docache = 0; 471 state->rdonly = 0; 472 state->slashes = 0; 473 474 #ifdef DIAGNOSTIC 475 if (!state->cnp->cn_cred) 476 panic("namei: bad cred/proc"); 477 if (state->cnp->cn_nameiop & (~OPMASK)) 478 panic("namei: nameiop contaminated with flags"); 479 if (state->cnp->cn_flags & OPMASK) 480 panic("namei: flags contaminated with nameiops"); 481 #endif 482 483 /* 484 * The buffer for name translation shall be the one inside the 485 * pathbuf. 486 */ 487 state->ndp->ni_pnbuf = state->ndp->ni_pathbuf->pb_path; 488 } 489 490 /* 491 * Clean up the working namei state, leaving things ready for return 492 * from namei. 493 */ 494 static void 495 namei_cleanup(struct namei_state *state) 496 { 497 KASSERT(state->cnp == &state->ndp->ni_cnd); 498 499 /* nothing for now */ 500 (void)state; 501 } 502 503 ////////////////////////////// 504 505 /* 506 * Get the directory context. 507 * Initializes the rootdir and erootdir state and returns a reference 508 * to the starting dir. 509 */ 510 static struct vnode * 511 namei_getstartdir(struct namei_state *state) 512 { 513 struct nameidata *ndp = state->ndp; 514 struct componentname *cnp = state->cnp; 515 struct cwdinfo *cwdi; /* pointer to cwd state */ 516 struct lwp *self = curlwp; /* thread doing namei() */ 517 struct vnode *rootdir, *erootdir, *curdir, *startdir; 518 519 cwdi = self->l_proc->p_cwdi; 520 rw_enter(&cwdi->cwdi_lock, RW_READER); 521 522 /* root dir */ 523 if (cwdi->cwdi_rdir == NULL || (cnp->cn_flags & NOCHROOT)) { 524 rootdir = rootvnode; 525 } else { 526 rootdir = cwdi->cwdi_rdir; 527 } 528 529 /* emulation root dir, if any */ 530 if ((cnp->cn_flags & TRYEMULROOT) == 0) { 531 /* if we don't want it, don't fetch it */ 532 erootdir = NULL; 533 } else if (cnp->cn_flags & EMULROOTSET) { 534 /* explicitly set emulroot; "/../" doesn't override this */ 535 erootdir = ndp->ni_erootdir; 536 } else if (!strncmp(ndp->ni_pnbuf, "/../", 4)) { 537 /* explicit reference to real rootdir */ 538 erootdir = NULL; 539 } else { 540 /* may be null */ 541 erootdir = cwdi->cwdi_edir; 542 } 543 544 /* current dir */ 545 curdir = cwdi->cwdi_cdir; 546 547 if (ndp->ni_pnbuf[0] != '/') { 548 startdir = curdir; 549 erootdir = NULL; 550 } else if (cnp->cn_flags & TRYEMULROOT && erootdir != NULL) { 551 startdir = erootdir; 552 } else { 553 startdir = rootdir; 554 erootdir = NULL; 555 } 556 557 state->ndp->ni_rootdir = rootdir; 558 state->ndp->ni_erootdir = erootdir; 559 560 /* 561 * Get a reference to the start dir so we can safely unlock cwdi. 562 * 563 * XXX: should we hold references to rootdir and erootdir while 564 * we're running? What happens if a multithreaded process chroots 565 * during namei? 566 */ 567 vref(startdir); 568 569 rw_exit(&cwdi->cwdi_lock); 570 return startdir; 571 } 572 573 /* 574 * Get the directory context for the nfsd case, in parallel to 575 * getstartdir. Initializes the rootdir and erootdir state and 576 * returns a reference to the passed-in starting dir. 577 */ 578 static struct vnode * 579 namei_getstartdir_for_nfsd(struct namei_state *state, struct vnode *startdir) 580 { 581 /* always use the real root, and never set an emulation root */ 582 state->ndp->ni_rootdir = rootvnode; 583 state->ndp->ni_erootdir = NULL; 584 585 vref(startdir); 586 return startdir; 587 } 588 589 590 /* 591 * Ktrace the namei operation. 592 */ 593 static void 594 namei_ktrace(struct namei_state *state) 595 { 596 struct nameidata *ndp = state->ndp; 597 struct componentname *cnp = state->cnp; 598 struct lwp *self = curlwp; /* thread doing namei() */ 599 const char *emul_path; 600 601 if (ktrpoint(KTR_NAMEI)) { 602 if (ndp->ni_erootdir != NULL) { 603 /* 604 * To make any sense, the trace entry need to have the 605 * text of the emulation path prepended. 606 * Usually we can get this from the current process, 607 * but when called from emul_find_interp() it is only 608 * in the exec_package - so we get it passed in ni_next 609 * (this is a hack). 610 */ 611 if (cnp->cn_flags & EMULROOTSET) 612 emul_path = ndp->ni_next; 613 else 614 emul_path = self->l_proc->p_emul->e_path; 615 ktrnamei2(emul_path, strlen(emul_path), 616 ndp->ni_pnbuf, ndp->ni_pathlen); 617 } else 618 ktrnamei(ndp->ni_pnbuf, ndp->ni_pathlen); 619 } 620 } 621 622 /* 623 * Start up namei. Find the root dir and cwd, establish the starting 624 * directory for lookup, and lock it. Also calls ktrace when 625 * appropriate. 626 */ 627 static int 628 namei_start(struct namei_state *state, struct vnode *forcecwd, 629 struct vnode **startdir_ret) 630 { 631 struct nameidata *ndp = state->ndp; 632 struct vnode *startdir; 633 634 /* length includes null terminator (was originally from copyinstr) */ 635 ndp->ni_pathlen = strlen(ndp->ni_pnbuf) + 1; 636 637 /* 638 * POSIX.1 requirement: "" is not a valid file name. 639 */ 640 if (ndp->ni_pathlen == 1) { 641 return ENOENT; 642 } 643 644 ndp->ni_loopcnt = 0; 645 646 /* Get starting directory, set up root, and ktrace. */ 647 if (forcecwd != NULL) { 648 startdir = namei_getstartdir_for_nfsd(state, forcecwd); 649 /* no ktrace */ 650 } else { 651 startdir = namei_getstartdir(state); 652 namei_ktrace(state); 653 } 654 655 vn_lock(startdir, LK_EXCLUSIVE | LK_RETRY); 656 657 *startdir_ret = startdir; 658 return 0; 659 } 660 661 /* 662 * Check for being at a symlink that we're going to follow. 663 */ 664 static inline int 665 namei_atsymlink(struct namei_state *state, struct vnode *foundobj) 666 { 667 return (foundobj->v_type == VLNK) && 668 (state->cnp->cn_flags & (FOLLOW|REQUIREDIR)); 669 } 670 671 /* 672 * Follow a symlink. 673 * 674 * Updates searchdir. inhibitmagic causes magic symlinks to not be 675 * interpreted; this is used by nfsd. 676 * 677 * Unlocks foundobj on success (ugh) 678 */ 679 static inline int 680 namei_follow(struct namei_state *state, int inhibitmagic, 681 struct vnode *searchdir, struct vnode *foundobj, 682 struct vnode **newsearchdir_ret) 683 { 684 struct nameidata *ndp = state->ndp; 685 struct componentname *cnp = state->cnp; 686 687 struct lwp *self = curlwp; /* thread doing namei() */ 688 struct iovec aiov; /* uio for reading symbolic links */ 689 struct uio auio; 690 char *cp; /* pointer into pathname argument */ 691 size_t linklen; 692 int error; 693 694 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 695 KASSERT(VOP_ISLOCKED(foundobj) == LK_EXCLUSIVE); 696 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) { 697 return ELOOP; 698 } 699 if (foundobj->v_mount->mnt_flag & MNT_SYMPERM) { 700 error = VOP_ACCESS(foundobj, VEXEC, cnp->cn_cred); 701 if (error != 0) 702 return error; 703 } 704 705 /* FUTURE: fix this to not use a second buffer */ 706 cp = PNBUF_GET(); 707 aiov.iov_base = cp; 708 aiov.iov_len = MAXPATHLEN; 709 auio.uio_iov = &aiov; 710 auio.uio_iovcnt = 1; 711 auio.uio_offset = 0; 712 auio.uio_rw = UIO_READ; 713 auio.uio_resid = MAXPATHLEN; 714 UIO_SETUP_SYSSPACE(&auio); 715 error = VOP_READLINK(foundobj, &auio, cnp->cn_cred); 716 if (error) { 717 PNBUF_PUT(cp); 718 return error; 719 } 720 linklen = MAXPATHLEN - auio.uio_resid; 721 if (linklen == 0) { 722 PNBUF_PUT(cp); 723 return ENOENT; 724 } 725 726 /* 727 * Do symlink substitution, if appropriate, and 728 * check length for potential overflow. 729 * 730 * Inhibit symlink substitution for nfsd. 731 * XXX: This is how it was before; is that a bug or a feature? 732 */ 733 if ((!inhibitmagic && vfs_magiclinks && 734 symlink_magic(self->l_proc, cp, &linklen)) || 735 (linklen + ndp->ni_pathlen >= MAXPATHLEN)) { 736 PNBUF_PUT(cp); 737 return ENAMETOOLONG; 738 } 739 if (ndp->ni_pathlen > 1) { 740 /* includes a null-terminator */ 741 memcpy(cp + linklen, ndp->ni_next, ndp->ni_pathlen); 742 } else { 743 cp[linklen] = '\0'; 744 } 745 ndp->ni_pathlen += linklen; 746 memcpy(ndp->ni_pnbuf, cp, ndp->ni_pathlen); 747 PNBUF_PUT(cp); 748 749 /* we're now starting from the beginning of the buffer again */ 750 cnp->cn_nameptr = ndp->ni_pnbuf; 751 752 /* must unlock this before relocking searchdir */ 753 VOP_UNLOCK(foundobj); 754 755 /* 756 * Check if root directory should replace current directory. 757 */ 758 if (ndp->ni_pnbuf[0] == '/') { 759 vput(searchdir); 760 /* Keep absolute symbolic links inside emulation root */ 761 searchdir = ndp->ni_erootdir; 762 if (searchdir == NULL || 763 (ndp->ni_pnbuf[1] == '.' 764 && ndp->ni_pnbuf[2] == '.' 765 && ndp->ni_pnbuf[3] == '/')) { 766 ndp->ni_erootdir = NULL; 767 searchdir = ndp->ni_rootdir; 768 } 769 vref(searchdir); 770 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 771 } 772 773 *newsearchdir_ret = searchdir; 774 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 775 return 0; 776 } 777 778 ////////////////////////////// 779 780 /* 781 * Inspect the leading path component and update the state accordingly. 782 */ 783 static int 784 lookup_parsepath(struct namei_state *state) 785 { 786 const char *cp; /* pointer into pathname argument */ 787 788 struct componentname *cnp = state->cnp; 789 struct nameidata *ndp = state->ndp; 790 791 KASSERT(cnp == &ndp->ni_cnd); 792 793 /* 794 * Search a new directory. 795 * 796 * The cn_hash value is for use by vfs_cache. 797 * The last component of the filename is left accessible via 798 * cnp->cn_nameptr for callers that need the name. Callers needing 799 * the name set the SAVENAME flag. When done, they assume 800 * responsibility for freeing the pathname buffer. 801 * 802 * At this point, our only vnode state is that the search dir 803 * is held and locked. 804 */ 805 cnp->cn_consume = 0; 806 cp = NULL; 807 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 808 cnp->cn_namelen = cp - cnp->cn_nameptr; 809 if (cnp->cn_namelen > NAME_MAX) { 810 return ENAMETOOLONG; 811 } 812 #ifdef NAMEI_DIAGNOSTIC 813 { char c = *cp; 814 *(char *)cp = '\0'; 815 printf("{%s}: ", cnp->cn_nameptr); 816 *(char *)cp = c; } 817 #endif /* NAMEI_DIAGNOSTIC */ 818 ndp->ni_pathlen -= cnp->cn_namelen; 819 ndp->ni_next = cp; 820 /* 821 * If this component is followed by a slash, then move the pointer to 822 * the next component forward, and remember that this component must be 823 * a directory. 824 */ 825 if (*cp == '/') { 826 do { 827 cp++; 828 } while (*cp == '/'); 829 state->slashes = cp - ndp->ni_next; 830 ndp->ni_pathlen -= state->slashes; 831 ndp->ni_next = cp; 832 cnp->cn_flags |= REQUIREDIR; 833 } else { 834 state->slashes = 0; 835 cnp->cn_flags &= ~REQUIREDIR; 836 } 837 /* 838 * We do special processing on the last component, whether or not it's 839 * a directory. Cache all intervening lookups, but not the final one. 840 */ 841 if (*cp == '\0') { 842 if (state->docache) 843 cnp->cn_flags |= MAKEENTRY; 844 else 845 cnp->cn_flags &= ~MAKEENTRY; 846 cnp->cn_flags |= ISLASTCN; 847 } else { 848 cnp->cn_flags |= MAKEENTRY; 849 cnp->cn_flags &= ~ISLASTCN; 850 } 851 if (cnp->cn_namelen == 2 && 852 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 853 cnp->cn_flags |= ISDOTDOT; 854 else 855 cnp->cn_flags &= ~ISDOTDOT; 856 857 return 0; 858 } 859 860 /* 861 * Call VOP_LOOKUP for a single lookup; return a new search directory 862 * (used when crossing mountpoints up or searching union mounts down) and 863 * the found object, which for create operations may be NULL on success. 864 */ 865 static int 866 lookup_once(struct namei_state *state, 867 struct vnode *searchdir, 868 struct vnode **newsearchdir_ret, 869 struct vnode **foundobj_ret) 870 { 871 struct vnode *tmpvn; /* scratch vnode */ 872 struct vnode *foundobj; /* result */ 873 struct mount *mp; /* mount table entry */ 874 struct lwp *l = curlwp; 875 int error; 876 877 struct componentname *cnp = state->cnp; 878 struct nameidata *ndp = state->ndp; 879 880 KASSERT(cnp == &ndp->ni_cnd); 881 KASSERT(VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE); 882 *newsearchdir_ret = searchdir; 883 884 /* 885 * Handle "..": two special cases. 886 * 1. If at root directory (e.g. after chroot) 887 * or at absolute root directory 888 * then ignore it so can't get out. 889 * 1a. If at the root of the emulation filesystem go to the real 890 * root. So "/../<path>" is always absolute. 891 * 1b. If we have somehow gotten out of a jail, warn 892 * and also ignore it so we can't get farther out. 893 * 2. If this vnode is the root of a mounted 894 * filesystem, then replace it with the 895 * vnode which was mounted on so we take the 896 * .. in the other file system. 897 */ 898 if (cnp->cn_flags & ISDOTDOT) { 899 struct proc *p = l->l_proc; 900 901 for (;;) { 902 if (searchdir == ndp->ni_rootdir || 903 searchdir == rootvnode) { 904 foundobj = searchdir; 905 vref(foundobj); 906 *foundobj_ret = foundobj; 907 error = 0; 908 goto done; 909 } 910 if (ndp->ni_rootdir != rootvnode) { 911 int retval; 912 913 VOP_UNLOCK(searchdir); 914 retval = vn_isunder(searchdir, ndp->ni_rootdir, l); 915 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 916 if (!retval) { 917 /* Oops! We got out of jail! */ 918 log(LOG_WARNING, 919 "chrooted pid %d uid %d (%s) " 920 "detected outside of its chroot\n", 921 p->p_pid, kauth_cred_geteuid(l->l_cred), 922 p->p_comm); 923 /* Put us at the jail root. */ 924 vput(searchdir); 925 searchdir = NULL; 926 foundobj = ndp->ni_rootdir; 927 vref(foundobj); 928 vref(foundobj); 929 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 930 *newsearchdir_ret = foundobj; 931 *foundobj_ret = foundobj; 932 error = 0; 933 goto done; 934 } 935 } 936 if ((searchdir->v_vflag & VV_ROOT) == 0 || 937 (cnp->cn_flags & NOCROSSMOUNT)) 938 break; 939 tmpvn = searchdir; 940 searchdir = searchdir->v_mount->mnt_vnodecovered; 941 vref(searchdir); 942 vput(tmpvn); 943 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 944 *newsearchdir_ret = searchdir; 945 } 946 } 947 948 /* 949 * We now have a segment name to search for, and a directory to search. 950 * Our vnode state here is that "searchdir" is held and locked. 951 */ 952 unionlookup: 953 foundobj = NULL; 954 error = VOP_LOOKUP(searchdir, &foundobj, cnp); 955 956 if (error != 0) { 957 #ifdef DIAGNOSTIC 958 if (foundobj != NULL) 959 panic("leaf `%s' should be empty", cnp->cn_nameptr); 960 #endif /* DIAGNOSTIC */ 961 #ifdef NAMEI_DIAGNOSTIC 962 printf("not found\n"); 963 #endif /* NAMEI_DIAGNOSTIC */ 964 if ((error == ENOENT) && 965 (searchdir->v_vflag & VV_ROOT) && 966 (searchdir->v_mount->mnt_flag & MNT_UNION)) { 967 tmpvn = searchdir; 968 searchdir = searchdir->v_mount->mnt_vnodecovered; 969 vref(searchdir); 970 vput(tmpvn); 971 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 972 *newsearchdir_ret = searchdir; 973 goto unionlookup; 974 } 975 976 if (error != EJUSTRETURN) 977 goto done; 978 979 /* 980 * If this was not the last component, or there were trailing 981 * slashes, and we are not going to create a directory, 982 * then the name must exist. 983 */ 984 if ((cnp->cn_flags & (REQUIREDIR | CREATEDIR)) == REQUIREDIR) { 985 error = ENOENT; 986 goto done; 987 } 988 989 /* 990 * If creating and at end of pathname, then can consider 991 * allowing file to be created. 992 */ 993 if (state->rdonly) { 994 error = EROFS; 995 goto done; 996 } 997 998 /* 999 * We return success and a NULL foundobj to indicate 1000 * that the entry doesn't currently exist, leaving a 1001 * pointer to the (normally, locked) directory vnode 1002 * as searchdir. 1003 */ 1004 *foundobj_ret = NULL; 1005 error = 0; 1006 goto done; 1007 } 1008 #ifdef NAMEI_DIAGNOSTIC 1009 printf("found\n"); 1010 #endif /* NAMEI_DIAGNOSTIC */ 1011 1012 /* 1013 * Take into account any additional components consumed by the 1014 * underlying filesystem. This will include any trailing slashes after 1015 * the last component consumed. 1016 */ 1017 if (cnp->cn_consume > 0) { 1018 ndp->ni_pathlen -= cnp->cn_consume - state->slashes; 1019 ndp->ni_next += cnp->cn_consume - state->slashes; 1020 cnp->cn_consume = 0; 1021 if (ndp->ni_next[0] == '\0') 1022 cnp->cn_flags |= ISLASTCN; 1023 } 1024 1025 /* 1026 * "foundobj" and "searchdir" are both locked and held, 1027 * and may be the same vnode. 1028 */ 1029 1030 /* 1031 * Check to see if the vnode has been mounted on; 1032 * if so find the root of the mounted file system. 1033 */ 1034 while (foundobj->v_type == VDIR && 1035 (mp = foundobj->v_mountedhere) != NULL && 1036 (cnp->cn_flags & NOCROSSMOUNT) == 0) { 1037 error = vfs_busy(mp, NULL); 1038 if (error != 0) { 1039 vput(foundobj); 1040 goto done; 1041 } 1042 KASSERT(searchdir != foundobj); 1043 VOP_UNLOCK(searchdir); 1044 vput(foundobj); 1045 error = VFS_ROOT(mp, &foundobj); 1046 vfs_unbusy(mp, false, NULL); 1047 if (error) { 1048 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 1049 goto done; 1050 } 1051 VOP_UNLOCK(foundobj); 1052 vn_lock(searchdir, LK_EXCLUSIVE | LK_RETRY); 1053 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 1054 } 1055 1056 *foundobj_ret = foundobj; 1057 error = 0; 1058 done: 1059 KASSERT(VOP_ISLOCKED(*newsearchdir_ret) == LK_EXCLUSIVE); 1060 /* 1061 * *foundobj_ret is valid only if error == 0. 1062 */ 1063 KASSERT(error != 0 || *foundobj_ret == NULL || 1064 VOP_ISLOCKED(*foundobj_ret) == LK_EXCLUSIVE); 1065 return error; 1066 } 1067 1068 ////////////////////////////// 1069 1070 /* 1071 * Do a complete path search from a single root directory. 1072 * (This is called up to twice if TRYEMULROOT is in effect.) 1073 */ 1074 static int 1075 namei_oneroot(struct namei_state *state, struct vnode *forcecwd, 1076 int neverfollow, int inhibitmagic) 1077 { 1078 struct nameidata *ndp = state->ndp; 1079 struct componentname *cnp = state->cnp; 1080 struct vnode *searchdir, *foundobj; 1081 const char *cp; 1082 int error; 1083 1084 error = namei_start(state, forcecwd, &searchdir); 1085 if (error) { 1086 ndp->ni_dvp = NULL; 1087 ndp->ni_vp = NULL; 1088 return error; 1089 } 1090 1091 /* 1092 * Setup: break out flag bits into variables. 1093 */ 1094 state->docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 1095 if (cnp->cn_nameiop == DELETE) 1096 state->docache = 0; 1097 state->rdonly = cnp->cn_flags & RDONLY; 1098 1099 /* 1100 * Keep going until we run out of path components. 1101 */ 1102 cnp->cn_nameptr = ndp->ni_pnbuf; 1103 for (;;) { 1104 1105 /* 1106 * If the directory we're on is unmounted, bail out. 1107 * XXX: should this also check if it's unlinked? 1108 */ 1109 if (searchdir->v_mount == NULL) { 1110 vput(searchdir); 1111 ndp->ni_dvp = NULL; 1112 ndp->ni_vp = NULL; 1113 return (ENOENT); 1114 } 1115 1116 /* 1117 * Look up the next path component. 1118 * (currently, this may consume more than one) 1119 */ 1120 1121 cnp->cn_flags &= ~ISSYMLINK; 1122 1123 dirloop: 1124 /* 1125 * If we have a leading string of slashes, remove 1126 * them, and just make sure the current node is a 1127 * directory. 1128 */ 1129 cp = cnp->cn_nameptr; 1130 if (*cp == '/') { 1131 do { 1132 cp++; 1133 } while (*cp == '/'); 1134 ndp->ni_pathlen -= cp - cnp->cn_nameptr; 1135 cnp->cn_nameptr = cp; 1136 1137 if (searchdir->v_type != VDIR) { 1138 vput(searchdir); 1139 ndp->ni_dvp = NULL; 1140 ndp->ni_vp = NULL; 1141 state->attempt_retry = 1; 1142 return ENOTDIR; 1143 } 1144 } 1145 1146 /* 1147 * If we've exhausted the path name, then just return the 1148 * current node. 1149 */ 1150 if (cnp->cn_nameptr[0] == '\0') { 1151 vref(searchdir); 1152 foundobj = searchdir; 1153 cnp->cn_flags |= ISLASTCN; 1154 1155 /* bleh */ 1156 goto terminal; 1157 } 1158 1159 error = lookup_parsepath(state); 1160 if (error) { 1161 vput(searchdir); 1162 ndp->ni_dvp = NULL; 1163 ndp->ni_vp = NULL; 1164 state->attempt_retry = 1; 1165 return (error); 1166 } 1167 1168 error = lookup_once(state, searchdir, &searchdir, &foundobj); 1169 if (error) { 1170 vput(searchdir); 1171 ndp->ni_dvp = NULL; 1172 ndp->ni_vp = NULL; 1173 /* 1174 * Note that if we're doing TRYEMULROOT we can 1175 * retry with the normal root. Where this is 1176 * currently set matches previous practice, 1177 * but the previous practice didn't make much 1178 * sense and somebody should sit down and 1179 * figure out which cases should cause retry 1180 * and which shouldn't. XXX. 1181 */ 1182 state->attempt_retry = 1; 1183 return (error); 1184 } 1185 1186 if (foundobj == NULL) { 1187 /* 1188 * Success with no object returned means we're 1189 * creating something and it isn't already 1190 * there. Break out of the main loop now so 1191 * the code below doesn't have to test for 1192 * foundobj == NULL. 1193 */ 1194 break; 1195 } 1196 1197 /* 1198 * Check for symbolic link. If we've reached one, 1199 * follow it, unless we aren't supposed to. Back up 1200 * over any slashes that we skipped, as we will need 1201 * them again. 1202 */ 1203 if (namei_atsymlink(state, foundobj)) { 1204 ndp->ni_pathlen += state->slashes; 1205 ndp->ni_next -= state->slashes; 1206 cnp->cn_flags |= ISSYMLINK; 1207 if (neverfollow) { 1208 error = EINVAL; 1209 } else { 1210 /* 1211 * dholland 20110410: if we're at a 1212 * union mount it might make sense to 1213 * use the top of the union stack here 1214 * rather than the layer we found the 1215 * symlink in. (FUTURE) 1216 */ 1217 error = namei_follow(state, inhibitmagic, 1218 searchdir, foundobj, 1219 &searchdir); 1220 } 1221 if (error) { 1222 KASSERT(searchdir != foundobj); 1223 vput(searchdir); 1224 vput(foundobj); 1225 ndp->ni_dvp = NULL; 1226 ndp->ni_vp = NULL; 1227 return error; 1228 } 1229 /* namei_follow unlocks it (ugh) so rele, not put */ 1230 vrele(foundobj); 1231 foundobj = NULL; 1232 continue; 1233 } 1234 1235 /* 1236 * Check for directory, if the component was 1237 * followed by a series of slashes. 1238 */ 1239 if ((foundobj->v_type != VDIR) && (cnp->cn_flags & REQUIREDIR)) { 1240 KASSERT(foundobj != searchdir); 1241 if (searchdir) { 1242 vput(searchdir); 1243 } 1244 vput(foundobj); 1245 ndp->ni_dvp = NULL; 1246 ndp->ni_vp = NULL; 1247 state->attempt_retry = 1; 1248 return ENOTDIR; 1249 } 1250 1251 /* 1252 * Not a symbolic link. If this was not the 1253 * last component, then continue at the next 1254 * component, else return. 1255 */ 1256 if (!(cnp->cn_flags & ISLASTCN)) { 1257 cnp->cn_nameptr = ndp->ni_next; 1258 if (searchdir == foundobj) { 1259 vrele(searchdir); 1260 } else { 1261 vput(searchdir); 1262 } 1263 searchdir = foundobj; 1264 foundobj = NULL; 1265 goto dirloop; 1266 } 1267 1268 terminal: 1269 if (foundobj == ndp->ni_erootdir) { 1270 /* 1271 * We are about to return the emulation root. 1272 * This isn't a good idea because code might 1273 * repeatedly lookup ".." until the file 1274 * matches that returned for "/" and loop 1275 * forever. So convert it to the real root. 1276 */ 1277 if (searchdir != NULL) { 1278 if (searchdir == foundobj) 1279 vrele(searchdir); 1280 else 1281 vput(searchdir); 1282 searchdir = NULL; 1283 } 1284 vput(foundobj); 1285 foundobj = ndp->ni_rootdir; 1286 vref(foundobj); 1287 vn_lock(foundobj, LK_EXCLUSIVE | LK_RETRY); 1288 } 1289 1290 /* 1291 * If the caller requested the parent node (i.e. it's 1292 * a CREATE, DELETE, or RENAME), and we don't have one 1293 * (because this is the root directory, or we crossed 1294 * a mount point), then we must fail. 1295 */ 1296 if (cnp->cn_nameiop != LOOKUP && 1297 (searchdir == NULL || 1298 searchdir->v_mount != foundobj->v_mount)) { 1299 if (searchdir) { 1300 vput(searchdir); 1301 } 1302 vput(foundobj); 1303 foundobj = NULL; 1304 ndp->ni_dvp = NULL; 1305 ndp->ni_vp = NULL; 1306 state->attempt_retry = 1; 1307 1308 switch (cnp->cn_nameiop) { 1309 case CREATE: 1310 return EEXIST; 1311 case DELETE: 1312 case RENAME: 1313 return EBUSY; 1314 default: 1315 break; 1316 } 1317 panic("Invalid nameiop\n"); 1318 } 1319 1320 /* 1321 * Disallow directory write attempts on read-only lookups. 1322 * Prefers EEXIST over EROFS for the CREATE case. 1323 */ 1324 if (state->rdonly && 1325 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 1326 if (searchdir) { 1327 if (foundobj != searchdir) { 1328 vput(searchdir); 1329 } else { 1330 vrele(searchdir); 1331 } 1332 searchdir = NULL; 1333 } 1334 vput(foundobj); 1335 foundobj = NULL; 1336 ndp->ni_dvp = NULL; 1337 ndp->ni_vp = NULL; 1338 state->attempt_retry = 1; 1339 return EROFS; 1340 } 1341 if ((cnp->cn_flags & LOCKLEAF) == 0) { 1342 /* 1343 * Note: if LOCKPARENT but not LOCKLEAF is 1344 * set, and searchdir == foundobj, this code 1345 * necessarily unlocks the parent as well as 1346 * the leaf. That is, just because you specify 1347 * LOCKPARENT doesn't mean you necessarily get 1348 * a locked parent vnode. The code in 1349 * vfs_syscalls.c, and possibly elsewhere, 1350 * that uses this combination "knows" this, so 1351 * it can't be safely changed. Feh. XXX 1352 */ 1353 VOP_UNLOCK(foundobj); 1354 } 1355 1356 break; 1357 } 1358 1359 /* 1360 * Done. 1361 */ 1362 1363 /* 1364 * If LOCKPARENT is not set, the parent directory isn't returned. 1365 */ 1366 if ((cnp->cn_flags & LOCKPARENT) == 0 && searchdir != NULL) { 1367 if (searchdir == foundobj) { 1368 vrele(searchdir); 1369 } else { 1370 vput(searchdir); 1371 } 1372 searchdir = NULL; 1373 } 1374 1375 ndp->ni_dvp = searchdir; 1376 ndp->ni_vp = foundobj; 1377 return 0; 1378 } 1379 1380 /* 1381 * Do namei; wrapper layer that handles TRYEMULROOT. 1382 */ 1383 static int 1384 namei_tryemulroot(struct namei_state *state, struct vnode *forcecwd, 1385 int neverfollow, int inhibitmagic) 1386 { 1387 int error; 1388 1389 struct nameidata *ndp = state->ndp; 1390 struct componentname *cnp = state->cnp; 1391 const char *savepath = NULL; 1392 1393 KASSERT(cnp == &ndp->ni_cnd); 1394 1395 if (cnp->cn_flags & TRYEMULROOT) { 1396 savepath = pathbuf_stringcopy_get(ndp->ni_pathbuf); 1397 } 1398 1399 emul_retry: 1400 state->attempt_retry = 0; 1401 1402 error = namei_oneroot(state, forcecwd, neverfollow, inhibitmagic); 1403 if (error) { 1404 /* 1405 * Once namei has started up, the existence of ni_erootdir 1406 * tells us whether we're working from an emulation root. 1407 * The TRYEMULROOT flag isn't necessarily authoritative. 1408 */ 1409 if (ndp->ni_erootdir != NULL && state->attempt_retry) { 1410 /* Retry the whole thing using the normal root */ 1411 cnp->cn_flags &= ~TRYEMULROOT; 1412 state->attempt_retry = 0; 1413 1414 /* kinda gross */ 1415 strcpy(ndp->ni_pathbuf->pb_path, savepath); 1416 pathbuf_stringcopy_put(ndp->ni_pathbuf, savepath); 1417 savepath = NULL; 1418 1419 goto emul_retry; 1420 } 1421 } 1422 if (savepath != NULL) { 1423 pathbuf_stringcopy_put(ndp->ni_pathbuf, savepath); 1424 } 1425 return error; 1426 } 1427 1428 /* 1429 * External interface. 1430 */ 1431 int 1432 namei(struct nameidata *ndp) 1433 { 1434 struct namei_state state; 1435 int error; 1436 1437 namei_init(&state, ndp); 1438 error = namei_tryemulroot(&state, NULL, 1439 0/*!neverfollow*/, 0/*!inhibitmagic*/); 1440 namei_cleanup(&state); 1441 1442 if (error) { 1443 /* make sure no stray refs leak out */ 1444 KASSERT(ndp->ni_dvp == NULL); 1445 KASSERT(ndp->ni_vp == NULL); 1446 } 1447 1448 return error; 1449 } 1450 1451 //////////////////////////////////////////////////////////// 1452 1453 /* 1454 * External interface used by nfsd. This is basically different from 1455 * namei only in that it has the ability to pass in the "current 1456 * directory", and uses an extra flag "neverfollow" for which there's 1457 * no physical flag defined in namei.h. (There used to be a cut&paste 1458 * copy of about half of namei in nfsd to allow these minor 1459 * adjustments to exist.) 1460 * 1461 * XXX: the namei interface should be adjusted so nfsd can just use 1462 * ordinary namei(). 1463 */ 1464 int 1465 lookup_for_nfsd(struct nameidata *ndp, struct vnode *forcecwd, int neverfollow) 1466 { 1467 struct namei_state state; 1468 int error; 1469 1470 namei_init(&state, ndp); 1471 error = namei_tryemulroot(&state, forcecwd, 1472 neverfollow, 1/*inhibitmagic*/); 1473 namei_cleanup(&state); 1474 1475 if (error) { 1476 /* make sure no stray refs leak out */ 1477 KASSERT(ndp->ni_dvp == NULL); 1478 KASSERT(ndp->ni_vp == NULL); 1479 } 1480 1481 return error; 1482 } 1483 1484 /* 1485 * A second external interface used by nfsd. This turns out to be a 1486 * single lookup used by the WebNFS code (ha!) to get "index.html" or 1487 * equivalent when asked for a directory. It should eventually evolve 1488 * into some kind of namei_once() call; for the time being it's kind 1489 * of a mess. XXX. 1490 * 1491 * dholland 20110109: I don't think it works, and I don't think it 1492 * worked before I started hacking and slashing either, and I doubt 1493 * anyone will ever notice. 1494 */ 1495 1496 /* 1497 * Internals. This calls lookup_once() after setting up the assorted 1498 * pieces of state the way they ought to be. 1499 */ 1500 static int 1501 do_lookup_for_nfsd_index(struct namei_state *state, struct vnode *startdir) 1502 { 1503 int error = 0; 1504 1505 struct componentname *cnp = state->cnp; 1506 struct nameidata *ndp = state->ndp; 1507 struct vnode *foundobj; 1508 const char *cp; /* pointer into pathname argument */ 1509 1510 KASSERT(cnp == &ndp->ni_cnd); 1511 1512 cnp->cn_nameptr = ndp->ni_pnbuf; 1513 state->docache = 1; 1514 state->rdonly = cnp->cn_flags & RDONLY; 1515 ndp->ni_dvp = NULL; 1516 cnp->cn_flags &= ~ISSYMLINK; 1517 1518 cnp->cn_consume = 0; 1519 cp = NULL; 1520 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 1521 cnp->cn_namelen = cp - cnp->cn_nameptr; 1522 KASSERT(cnp->cn_namelen <= NAME_MAX); 1523 ndp->ni_pathlen -= cnp->cn_namelen; 1524 ndp->ni_next = cp; 1525 state->slashes = 0; 1526 cnp->cn_flags &= ~REQUIREDIR; 1527 cnp->cn_flags |= MAKEENTRY|ISLASTCN; 1528 1529 if (cnp->cn_namelen == 2 && 1530 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 1531 cnp->cn_flags |= ISDOTDOT; 1532 else 1533 cnp->cn_flags &= ~ISDOTDOT; 1534 1535 /* 1536 * Because lookup_once can change the startdir, we need our 1537 * own reference to it to avoid consuming the caller's. 1538 */ 1539 vref(startdir); 1540 vn_lock(startdir, LK_EXCLUSIVE | LK_RETRY); 1541 error = lookup_once(state, startdir, &startdir, &foundobj); 1542 vput(startdir); 1543 if (error) { 1544 goto bad; 1545 } 1546 ndp->ni_vp = foundobj; 1547 1548 if (foundobj == NULL) { 1549 return 0; 1550 } 1551 1552 KASSERT((cnp->cn_flags & LOCKPARENT) == 0); 1553 if ((cnp->cn_flags & LOCKLEAF) == 0) { 1554 VOP_UNLOCK(foundobj); 1555 } 1556 return (0); 1557 1558 bad: 1559 ndp->ni_vp = NULL; 1560 return (error); 1561 } 1562 1563 /* 1564 * External interface. The partitioning between this function and the 1565 * above isn't very clear - the above function exists mostly so code 1566 * that uses "state->" can be shuffled around without having to change 1567 * it to "state.". 1568 */ 1569 int 1570 lookup_for_nfsd_index(struct nameidata *ndp, struct vnode *startdir) 1571 { 1572 struct namei_state state; 1573 int error; 1574 1575 /* 1576 * Note: the name sent in here (is not|should not be) allowed 1577 * to contain a slash. 1578 */ 1579 if (strlen(ndp->ni_pathbuf->pb_path) > NAME_MAX) { 1580 return ENAMETOOLONG; 1581 } 1582 if (strchr(ndp->ni_pathbuf->pb_path, '/')) { 1583 return EINVAL; 1584 } 1585 1586 ndp->ni_pathlen = strlen(ndp->ni_pathbuf->pb_path) + 1; 1587 ndp->ni_pnbuf = NULL; 1588 ndp->ni_cnd.cn_nameptr = NULL; 1589 1590 namei_init(&state, ndp); 1591 error = do_lookup_for_nfsd_index(&state, startdir); 1592 namei_cleanup(&state); 1593 1594 return error; 1595 } 1596 1597 //////////////////////////////////////////////////////////// 1598 1599 /* 1600 * Reacquire a path name component. 1601 * dvp is locked on entry and exit. 1602 * *vpp is locked on exit unless it's NULL. 1603 */ 1604 int 1605 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int dummy) 1606 { 1607 int rdonly; /* lookup read-only flag bit */ 1608 int error = 0; 1609 #ifdef DEBUG 1610 uint32_t newhash; /* DEBUG: check name hash */ 1611 const char *cp; /* DEBUG: check name ptr/len */ 1612 #endif /* DEBUG */ 1613 1614 (void)dummy; 1615 1616 /* 1617 * Setup: break out flag bits into variables. 1618 */ 1619 rdonly = cnp->cn_flags & RDONLY; 1620 cnp->cn_flags &= ~ISSYMLINK; 1621 1622 /* 1623 * Search a new directory. 1624 * 1625 * The cn_hash value is for use by vfs_cache. 1626 * The last component of the filename is left accessible via 1627 * cnp->cn_nameptr for callers that need the name. Callers needing 1628 * the name set the SAVENAME flag. When done, they assume 1629 * responsibility for freeing the pathname buffer. 1630 */ 1631 #ifdef DEBUG 1632 cp = NULL; 1633 newhash = namei_hash(cnp->cn_nameptr, &cp); 1634 if ((uint32_t)newhash != (uint32_t)cnp->cn_hash) 1635 panic("relookup: bad hash"); 1636 if (cnp->cn_namelen != cp - cnp->cn_nameptr) 1637 panic("relookup: bad len"); 1638 while (*cp == '/') 1639 cp++; 1640 if (*cp != 0) 1641 panic("relookup: not last component"); 1642 #endif /* DEBUG */ 1643 1644 /* 1645 * Check for degenerate name (e.g. / or "") 1646 * which is a way of talking about a directory, 1647 * e.g. like "/." or ".". 1648 */ 1649 if (cnp->cn_nameptr[0] == '\0') 1650 panic("relookup: null name"); 1651 1652 if (cnp->cn_flags & ISDOTDOT) 1653 panic("relookup: lookup on dot-dot"); 1654 1655 /* 1656 * We now have a segment name to search for, and a directory to search. 1657 */ 1658 cnp->cn_flags |= INRELOOKUP; 1659 error = VOP_LOOKUP(dvp, vpp, cnp); 1660 cnp->cn_flags &= ~INRELOOKUP; 1661 if ((error) != 0) { 1662 #ifdef DIAGNOSTIC 1663 if (*vpp != NULL) 1664 panic("leaf `%s' should be empty", cnp->cn_nameptr); 1665 #endif 1666 if (error != EJUSTRETURN) 1667 goto bad; 1668 } 1669 1670 #ifdef DIAGNOSTIC 1671 /* 1672 * Check for symbolic link 1673 */ 1674 if (*vpp && (*vpp)->v_type == VLNK && (cnp->cn_flags & FOLLOW)) 1675 panic("relookup: symlink found"); 1676 #endif 1677 1678 /* 1679 * Check for read-only lookups. 1680 */ 1681 if (rdonly && cnp->cn_nameiop != LOOKUP) { 1682 error = EROFS; 1683 if (*vpp) { 1684 vput(*vpp); 1685 } 1686 goto bad; 1687 } 1688 return (0); 1689 1690 bad: 1691 *vpp = NULL; 1692 return (error); 1693 } 1694 1695 /* 1696 * namei_simple - simple forms of namei. 1697 * 1698 * These are wrappers to allow the simple case callers of namei to be 1699 * left alone while everything else changes under them. 1700 */ 1701 1702 /* Flags */ 1703 struct namei_simple_flags_type { 1704 int dummy; 1705 }; 1706 static const struct namei_simple_flags_type ns_nn, ns_nt, ns_fn, ns_ft; 1707 const namei_simple_flags_t NSM_NOFOLLOW_NOEMULROOT = &ns_nn; 1708 const namei_simple_flags_t NSM_NOFOLLOW_TRYEMULROOT = &ns_nt; 1709 const namei_simple_flags_t NSM_FOLLOW_NOEMULROOT = &ns_fn; 1710 const namei_simple_flags_t NSM_FOLLOW_TRYEMULROOT = &ns_ft; 1711 1712 static 1713 int 1714 namei_simple_convert_flags(namei_simple_flags_t sflags) 1715 { 1716 if (sflags == NSM_NOFOLLOW_NOEMULROOT) 1717 return NOFOLLOW | 0; 1718 if (sflags == NSM_NOFOLLOW_TRYEMULROOT) 1719 return NOFOLLOW | TRYEMULROOT; 1720 if (sflags == NSM_FOLLOW_NOEMULROOT) 1721 return FOLLOW | 0; 1722 if (sflags == NSM_FOLLOW_TRYEMULROOT) 1723 return FOLLOW | TRYEMULROOT; 1724 panic("namei_simple_convert_flags: bogus sflags\n"); 1725 return 0; 1726 } 1727 1728 int 1729 namei_simple_kernel(const char *path, namei_simple_flags_t sflags, 1730 struct vnode **vp_ret) 1731 { 1732 struct nameidata nd; 1733 struct pathbuf *pb; 1734 int err; 1735 1736 pb = pathbuf_create(path); 1737 if (pb == NULL) { 1738 return ENOMEM; 1739 } 1740 1741 NDINIT(&nd, 1742 LOOKUP, 1743 namei_simple_convert_flags(sflags), 1744 pb); 1745 err = namei(&nd); 1746 if (err != 0) { 1747 pathbuf_destroy(pb); 1748 return err; 1749 } 1750 *vp_ret = nd.ni_vp; 1751 pathbuf_destroy(pb); 1752 return 0; 1753 } 1754 1755 int 1756 namei_simple_user(const char *path, namei_simple_flags_t sflags, 1757 struct vnode **vp_ret) 1758 { 1759 struct pathbuf *pb; 1760 struct nameidata nd; 1761 int err; 1762 1763 err = pathbuf_copyin(path, &pb); 1764 if (err) { 1765 return err; 1766 } 1767 1768 NDINIT(&nd, 1769 LOOKUP, 1770 namei_simple_convert_flags(sflags), 1771 pb); 1772 err = namei(&nd); 1773 if (err != 0) { 1774 pathbuf_destroy(pb); 1775 return err; 1776 } 1777 *vp_ret = nd.ni_vp; 1778 pathbuf_destroy(pb); 1779 return 0; 1780 } 1781