| blob | 203bba8cabb013b27fe29e9acd8c307f439f4fcb |
1 /*
2 * Copyright (c) 2004 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $DragonFly: src/sys/kern/vfs_nlookup.c,v 1.22 2007/05/09 05:12:45 dillon Exp $
35 */
36 /*
37 * nlookup() is the 'new' namei interface. Rather then return directory and
38 * leaf vnodes (in various lock states) the new interface instead deals in
39 * namecache records. Namecache records may represent both a positive or
40 * a negative hit. The namespace is locked via the namecache record instead
41 * of via the vnode, and only the leaf namecache record (representing the
42 * filename) needs to be locked.
43 *
44 * This greatly improves filesystem parallelism and is a huge simplification
45 * of the API verses the old vnode locking / namei scheme.
46 *
47 * Filesystems must actively control the caching aspects of the namecache,
48 * and since namecache pointers are used as handles they are non-optional
49 * even for filesystems which do not generally wish to cache things. It is
50 * intended that a separate cache coherency API will be constructed to handle
51 * these issues.
52 */
56 #include <sys/param.h>
57 #include <sys/systm.h>
58 #include <sys/kernel.h>
59 #include <sys/vnode.h>
60 #include <sys/mount.h>
61 #include <sys/filedesc.h>
62 #include <sys/proc.h>
63 #include <sys/namei.h>
64 #include <sys/nlookup.h>
65 #include <sys/malloc.h>
66 #include <sys/stat.h>
67 #include <sys/objcache.h>
69 #ifdef KTRACE
70 #include <sys/ktrace.h>
71 #endif
73 /*
74 * Initialize a nlookup() structure, early error return for copyin faults
75 * or a degenerate empty string (which is not allowed).
76 *
77 * The first process proc0's credentials are used if the calling thread
78 * is not associated with a process context.
79 */
80 int
83 {
86 thread_t td;
92 /*
93 * note: the pathlen set by copy*str() includes the terminating \0.
94 */
100 else
103 /*
104 * Don't allow empty pathnames.
105 * POSIX.1 requirement: "" is not a vaild file name.
106 */
122 }
127 }
129 }
131 /*
132 * This works similarly to nlookup_init() but does not assume a process
133 * context. rootnch is always chosen for the root directory and the cred
134 * and starting directory are supplied in arguments.
135 */
136 int
140 {
142 thread_t td;
152 else
155 /*
156 * Don't allow empty pathnames.
157 * POSIX.1 requirement: "" is not a vaild file name.
158 */
171 }
173 }
175 /*
176 * Set a different credential; this credential will be used by future
177 * operations performed on nd.nl_open_vp and nlookupdata structure.
178 */
179 void
181 {
188 }
189 }
191 /*
192 * Cleanup a nlookupdata structure after we are through with it. This may
193 * be called on any nlookupdata structure initialized with nlookup_init().
194 * Calling nlookup_done() is mandatory in all cases except where nlookup_init()
195 * returns an error, even if as a consumer you believe you have taken all
196 * dynamic elements out of the nlookupdata structure.
197 */
198 void
200 {
205 }
207 }
215 }
219 }
224 }
227 }
229 }
231 void
233 {
235 }
237 /*
238 * Simple all-in-one nlookup. Returns a locked namecache structure or NULL
239 * if an error occured.
240 *
241 * Note that the returned ncp is not checked for permissions, though VEXEC
242 * is checked on the directory path leading up to the result. The caller
243 * must call naccess() to check the permissions of the returned leaf.
244 */
245 struct nchandle
248 {
259 }
263 }
265 }
267 /*
268 * Do a generic nlookup. Note that the passed nd is not nlookup_done()'d
269 * on return, even if an error occurs. If no error occurs the returned
270 * nl_nch is always referenced and locked, otherwise it may or may not be.
271 *
272 * Intermediate directory elements, including the current directory, require
273 * execute (search) permission. nlookup does not examine the access
274 * permissions on the returned element.
275 *
276 * If NLC_CREATE or NLC_DELETE is set the last directory must allow node
277 * creation (VCREATE/VDELETE), and an error code of 0 will be returned for
278 * a non-existant target. Otherwise a non-existant target will cause
279 * ENOENT to be returned.
280 */
281 int
283 {
293 #ifdef KTRACE
296 #endif
299 /*
300 * Setup for the loop. The current working namecache element must
301 * be in a refd + unlocked state. This typically the case on entry except
302 * when stringing nlookup()'s along in a chain, since nlookup() always
303 * returns nl_nch in a locked state.
304 */
309 }
312 /*
313 * Loop on the path components. At the top of the loop nd->nl_nch
314 * is ref'd and unlocked and represents our current position.
315 */
317 /*
318 * Check if the root directory should replace the current
319 * directory. This is done at the start of a translation
320 * or after a symbolic link has been found. In other cases
321 * ptr will never be pointing at a '/'.
322 */
335 }
337 }
339 /*
340 * Check directory search permissions.
341 */
345 /*
346 * Extract the path component
347 */
353 /*
354 * Lookup the path component in the cache, creating an unresolved
355 * entry if necessary. We have to handle "." and ".." as special
356 * cases.
357 *
358 * When handling ".." we have to detect a traversal back through a
359 * mount point. If we are at the root, ".." just returns the root.
360 *
361 * This subsection returns a locked, refd 'nch' unless it errors out.
362 * The namecache topology is not allowed to be disconnected, so
363 * encountering a NULL parent will generate EINVAL. This typically
364 * occurs when a directory is removed out from under a process.
365 *
366 * If NLC_DELETE is set neither '.' or '..' can be the last component
367 * of a path.
368 */
376 ) {
377 /*
378 * ".." at the root returns the root
379 */
382 /*
383 * Locate the parent ncp. If we are at the root of a
384 * filesystem mount we have to skip to the mounted-on
385 * point in the underlying filesystem.
386 */
393 }
402 }
404 }
405 /*
406 * [end of subsection] ncp is locked and ref'd. nd->nl_nch is ref'd
407 */
409 /*
410 * Resolve the namespace if necessary. The ncp returned by
411 * cache_nlookup() is referenced and locked.
412 *
413 * XXX neither '.' nor '..' should return EAGAIN since they were
414 * previously resolved and thus cannot be newly created ncp's.
415 */
421 }
423 /*
424 * Early completion. ENOENT is not an error if this is the last
425 * component and NLC_CREATE was requested. Note that ncp->nc_error
426 * is left as ENOENT in that case, which we check later on.
427 *
428 * Also handle invalid '.' or '..' components terminating a path
429 * during removal. The standard requires this and pax pretty
430 *stupidly depends on it.
431 */
433 ;
439 }
441 /*
442 * Early completion on error.
443 */
447 }
449 /*
450 * If the element is a symlink and it is either not the last
451 * element or it is the last element and we are allowed to
452 * follow symlinks, resolve the symlink.
453 */
456 ) {
461 }
467 /*
468 * Concatenate trailing path elements onto the returned symlink.
469 * Note that if the path component (ptr) is not exhausted, it
470 * will being with a '/', so we do not have to add another one.
471 *
472 * The symlink may not be empty.
473 */
479 }
487 /*
488 * Go back up to the top to resolve any initial '/'s in the
489 * symlink.
490 */
492 }
494 /*
495 * If the element is a directory and we are crossing a mount point,
496 * Locate the mount.
497 */
501 ) {
509 ;
516 }
517 }
521 }
523 /*
524 * Skip any slashes to get to the next element. If there
525 * are any slashes at all the current element must be a
526 * directory or, in the create case, intended to become a directory.
527 * If it isn't we break without incrementing ptr and fall through
528 * to the failure case below.
529 */
533 ) {
535 }
537 }
539 /*
540 * Continuation case: additional elements and the current
541 * element is a directory.
542 */
548 }
550 /*
551 * Failure case: additional elements and the current element
552 * is not a directory
553 */
558 }
560 /*
561 * Successful lookup of last element.
562 *
563 * Check directory permissions if a deletion is specified.
564 */
569 }
570 }
572 /*
573 * Termination: no more elements. If NLC_CREATE was set the
574 * ncp may represent a negative hit (ncp->nc_error will be ENOENT),
575 * but we still return an error code of 0.
576 */
582 }
584 }
586 /*
587 * Resolve a mount point's glue ncp. This ncp connects creates the illusion
588 * of continuity in the namecache tree by connecting the ncp related to the
589 * vnode under the mount to the ncp related to the mount's root vnode.
590 *
591 * If no error occured a locked, ref'd ncp is stored in *ncpp.
592 */
593 int
595 {
603 ;
611 }
612 }
614 }
616 /*
617 * Read the contents of a symlink, allocate a path buffer out of the
618 * namei_oc and initialize the supplied nlcomponent with the result.
619 *
620 * If an error occurs no buffer will be allocated or returned in the nlc.
621 */
622 int
625 {
658 }
659 }
665 fail:
669 }
671 /*
672 * Check access [XXX cache vattr!] [XXX quota]
673 *
674 * Generally check the V* access bits from sys/vnode.h. All specified bits
675 * must pass for this function to return 0.
676 *
677 * If VCREATE is specified and the target ncp represents a non-existant
678 * file or dir, or if VDELETE is specified and the target exists, the parent
679 * directory is checked for VWRITE. If VEXCL is specified and the target
680 * ncp represents a positive hit, an error is returned.
681 *
682 * If VCREATE is not specified and the target does not exist (negative hit),
683 * ENOENT is returned. Note that nlookup() does not (and should not) return
684 * ENOENT for non-existant leafs.
685 *
686 * The passed ncp may or may not be locked. The caller should use a
687 * locked ncp on leaf lookups, especially for VCREATE, VDELETE, and VEXCL
688 * checks.
689 */
690 int
692 {
702 }
707 ) {
716 }
717 }
720 }
727 /* XXX cache the va in the namecache or in the vnode */
732 }
733 }
737 }
738 }
740 }
742 /*
743 * Check the requested access against the given vattr using cred.
744 */
745 int
747 {
750 /*
751 * Test the immutable bit for files, directories, and softlinks.
752 */
757 }
758 }
760 /*
761 * root gets universal access
762 */
766 /*
767 * Check owner perms, group perms, and world perms
768 */
774 }
782 }
783 }
789 }