/**
* Get an IP address as a string (works for both IPv4 and IPv6). Note
* that the resolution happens asynchronously and that the first call
* may not immediately result in the FQN (but instead in a
* human-readable IP address).
*
* @param client handle to the client making the request (for sending the reply)
* @param af AF_INET or AF_INET6
* @param ip `struct in_addr` or `struct in6_addr`
*/
static void
get_ip_as_string (struct GNUNET_SERVER_Client *client,
int af,
const void *ip)
{
struct IPCache *pos;
struct IPCache *next;
struct GNUNET_TIME_Absolute now;
struct GNUNET_SERVER_TransmitContext *tc;
size_t ip_len;
struct in6_addr ix;
switch (af)
{
case AF_INET:
ip_len = sizeof (struct in_addr);
break;
case AF_INET6:
ip_len = sizeof (struct in6_addr);
break;
default:
GNUNET_assert (0);
}
now = GNUNET_TIME_absolute_get ();
next = cache_head;
while ( (NULL != (pos = next)) &&
( (pos->af != af) ||
(pos->ip_len != ip_len) ||
(0 != memcmp (pos->ip, ip, ip_len))) )
{
next = pos->next;
if (GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us <
60 * 60 * 1000 * 1000LL)
{
GNUNET_CONTAINER_DLL_remove (cache_head,
cache_tail,
pos);
GNUNET_free_non_null (pos->addr);
GNUNET_free (pos);
continue;
}
}
if (NULL != pos)
{
if ( (1 == inet_pton (af,
pos->ip,
&ix)) &&
(GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us >
120 * 1000 * 1000LL) )
{
/* try again if still numeric AND 2 minutes have expired */
GNUNET_free_non_null (pos->addr);
pos->addr = NULL;
cache_resolve (pos);
pos->last_request = now;
}
}
else
{
pos = GNUNET_malloc (sizeof (struct IPCache) + ip_len);
pos->ip = &pos[1];
memcpy (&pos[1], ip, ip_len);
pos->last_request = now;
pos->last_refresh = now;
pos->ip_len = ip_len;
pos->af = af;
GNUNET_CONTAINER_DLL_insert (cache_head,
cache_tail,
pos);
cache_resolve (pos);
}
tc = GNUNET_SERVER_transmit_context_create (client);
if (NULL != pos->addr)
GNUNET_SERVER_transmit_context_append_data (tc, pos->addr,
strlen (pos->addr) + 1,
GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
else
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Reverse lookup failed\n");
GNUNET_SERVER_transmit_context_append_data (tc, NULL, 0,
GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
GNUNET_SERVER_transmit_context_run (tc, GNUNET_TIME_UNIT_FOREVER_REL);
}
/*
* Do a generic nlookup. Note that the passed nd is not nlookup_done()'d
* on return, even if an error occurs. If no error occurs or NLC_CREATE
* is flagged and ENOENT is returned, then the returned nl_nch is always
* referenced and locked exclusively.
*
* WARNING: For any general error other than ENOENT w/NLC_CREATE, the
* the resulting nl_nch may or may not be locked and if locked
* might be locked either shared or exclusive.
*
* Intermediate directory elements, including the current directory, require
* execute (search) permission. nlookup does not examine the access
* permissions on the returned element.
*
* If NLC_CREATE is set the last directory must allow node creation,
* and an error code of 0 will be returned for a non-existant
* target (not ENOENT).
*
* If NLC_RENAME_DST is set the last directory mut allow node deletion,
* plus the sticky check is made, and an error code of 0 will be returned
* for a non-existant target (not ENOENT).
*
* If NLC_DELETE is set the last directory mut allow node deletion,
* plus the sticky check is made.
*
* If NLC_REFDVP is set nd->nl_dvp will be set to the directory vnode
* of the returned entry. The vnode will be referenced, but not locked,
* and will be released by nlookup_done() along with everything else.
*
* NOTE: As an optimization we attempt to obtain a shared namecache lock
* on any intermediate elements. On success, the returned element
* is ALWAYS locked exclusively.
*/
int
nlookup(struct nlookupdata *nd)
{
globaldata_t gd = mycpu;
struct nlcomponent nlc;
struct nchandle nch;
struct nchandle par;
struct nchandle nctmp;
struct mount *mp;
struct vnode *hvp; /* hold to prevent recyclement */
int wasdotordotdot;
char *ptr;
char *nptr;
int error;
int len;
int dflags;
int hit = 1;
int saveflag = nd->nl_flags & ~NLC_NCDIR;
boolean_t doretry = FALSE;
boolean_t inretry = FALSE;
nlookup_start:
#ifdef KTRACE
if (KTRPOINT(nd->nl_td, KTR_NAMEI))
ktrnamei(nd->nl_td->td_lwp, nd->nl_path);
#endif
bzero(&nlc, sizeof(nlc));
/*
* Setup for the loop. The current working namecache element is
* always at least referenced. We lock it as required, but always
* return a locked, resolved namecache entry.
*/
nd->nl_loopcnt = 0;
if (nd->nl_dvp) {
vrele(nd->nl_dvp);
nd->nl_dvp = NULL;
}
ptr = nd->nl_path;
/*
* Loop on the path components. At the top of the loop nd->nl_nch
* is ref'd and unlocked and represents our current position.
*/
for (;;) {
/*
* Make sure nl_nch is locked so we can access the vnode, resolution
* state, etc.
*/
if ((nd->nl_flags & NLC_NCPISLOCKED) == 0) {
nd->nl_flags |= NLC_NCPISLOCKED;
cache_lock_maybe_shared(&nd->nl_nch, wantsexcllock(nd, ptr));
}
/*
* Check if the root directory should replace the current
* directory. This is done at the start of a translation
* or after a symbolic link has been found. In other cases
* ptr will never be pointing at a '/'.
*/
if (*ptr == '/') {
do {
++ptr;
} while (*ptr == '/');
cache_unlock(&nd->nl_nch);
cache_get_maybe_shared(&nd->nl_rootnch, &nch,
wantsexcllock(nd, ptr));
if (nd->nl_flags & NLC_NCDIR) {
cache_drop_ncdir(&nd->nl_nch);
nd->nl_flags &= ~NLC_NCDIR;
} else {
cache_drop(&nd->nl_nch);
}
nd->nl_nch = nch; /* remains locked */
/*
* Fast-track termination. There is no parent directory of
* the root in the same mount from the point of view of
* the caller so return EACCES if NLC_REFDVP is specified,
* and EEXIST if NLC_CREATE is also specified.
* e.g. 'rmdir /' or 'mkdir /' are not allowed.
*/
if (*ptr == 0) {
if (nd->nl_flags & NLC_REFDVP)
error = (nd->nl_flags & NLC_CREATE) ? EEXIST : EACCES;
else
error = 0;
break;
}
continue;
}
/*
* Pre-calculate next path component so we can check whether the
* current component directory is the last directory in the path
* or not.
*/
for (nptr = ptr; *nptr && *nptr != '/'; ++nptr)
;
/*
* Check directory search permissions (nd->nl_nch is locked & refd).
* This will load dflags to obtain directory-special permissions to
* be checked along with the last component.
*
* We only need to pass-in &dflags for the second-to-last component.
* Optimize by passing-in NULL for any prior components, which may
* allow the code to bypass the naccess() call.
*/
dflags = 0;
if (*nptr == '/')
error = naccess(&nd->nl_nch, NLC_EXEC, nd->nl_cred, NULL);
else
error = naccess(&nd->nl_nch, NLC_EXEC, nd->nl_cred, &dflags);
if (error) {
if (keeperror(nd, error))
break;
error = 0;
}
/*
* Extract the next (or last) path component. Path components are
* limited to 255 characters.
*/
nlc.nlc_nameptr = ptr;
nlc.nlc_namelen = nptr - ptr;
ptr = nptr;
if (nlc.nlc_namelen >= 256) {
error = ENAMETOOLONG;
break;
}
/*
* Lookup the path component in the cache, creating an unresolved
* entry if necessary. We have to handle "." and ".." as special
* cases.
*
* When handling ".." we have to detect a traversal back through a
* mount point. If we are at the root, ".." just returns the root.
*
* When handling "." or ".." we also have to recalculate dflags
* since our dflags will be for some sub-directory instead of the
* parent dir.
*
* This subsection returns a locked, refd 'nch' unless it errors out,
* and an unlocked but still ref'd nd->nl_nch.
*
* The namecache topology is not allowed to be disconnected, so
* encountering a NULL parent will generate EINVAL. This typically
* occurs when a directory is removed out from under a process.
*
* WARNING! The unlocking of nd->nl_nch is sensitive code.
*/
KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
if (nlc.nlc_namelen == 1 && nlc.nlc_nameptr[0] == '.') {
cache_unlock(&nd->nl_nch);
nd->nl_flags &= ~NLC_NCPISLOCKED;
cache_get_maybe_shared(&nd->nl_nch, &nch, wantsexcllock(nd, ptr));
wasdotordotdot = 1;
} else if (nlc.nlc_namelen == 2 &&
nlc.nlc_nameptr[0] == '.' && nlc.nlc_nameptr[1] == '.') {
if (nd->nl_nch.mount == nd->nl_rootnch.mount &&
nd->nl_nch.ncp == nd->nl_rootnch.ncp
) {
/*
* ".." at the root returns the root
*/
cache_unlock(&nd->nl_nch);
nd->nl_flags &= ~NLC_NCPISLOCKED;
cache_get_maybe_shared(&nd->nl_nch, &nch,
wantsexcllock(nd, ptr));
} else {
/*
* Locate the parent ncp. If we are at the root of a
* filesystem mount we have to skip to the mounted-on
* point in the underlying filesystem.
*
* Expect the parent to always be good since the
* mountpoint doesn't go away. XXX hack. cache_get()
* requires the ncp to already have a ref as a safety.
*
* However, a process which has been broken out of a chroot
* will wind up with a NULL parent if it tries to '..' above
* the real root, deal with the case. Note that this does
* not protect us from a jail breakout, it just stops a panic
* if the jail-broken process tries to '..' past the real
* root.
*/
nctmp = nd->nl_nch;
while (nctmp.ncp == nctmp.mount->mnt_ncmountpt.ncp) {
nctmp = nctmp.mount->mnt_ncmounton;
if (nctmp.ncp == NULL)
break;
}
if (nctmp.ncp == NULL) {
if (curthread->td_proc) {
kprintf("vfs_nlookup: '..' traverse broke "
"jail: pid %d (%s)\n",
curthread->td_proc->p_pid,
curthread->td_comm);
}
nctmp = nd->nl_rootnch;
} else {
nctmp.ncp = nctmp.ncp->nc_parent;
}
cache_hold(&nctmp);
cache_unlock(&nd->nl_nch);
nd->nl_flags &= ~NLC_NCPISLOCKED;
cache_get_maybe_shared(&nctmp, &nch, wantsexcllock(nd, ptr));
cache_drop(&nctmp); /* NOTE: zero's nctmp */
}
wasdotordotdot = 2;
} else {
/*
* Must unlock nl_nch when traversing down the path. However,
* the child ncp has not yet been found/created and the parent's
* child list might be empty. Thus releasing the lock can
* allow a race whereby the parent ncp's vnode is recycled.
* This case can occur especially when maxvnodes is set very low.
*
* We need the parent's ncp to remain resolved for all normal
* filesystem activities, so we vhold() the vp during the lookup
* to prevent recyclement due to vnlru / maxvnodes.
*
* If we race an unlink or rename the ncp might be marked
* DESTROYED after resolution, requiring a retry.
*/
if ((hvp = nd->nl_nch.ncp->nc_vp) != NULL)
vhold(hvp);
cache_unlock(&nd->nl_nch);
nd->nl_flags &= ~NLC_NCPISLOCKED;
error = cache_nlookup_maybe_shared(&nd->nl_nch, &nlc,
wantsexcllock(nd, ptr), &nch);
if (error == EWOULDBLOCK) {
nch = cache_nlookup(&nd->nl_nch, &nlc);
if (nch.ncp->nc_flag & NCF_UNRESOLVED)
hit = 0;
for (;;) {
error = cache_resolve(&nch, nd->nl_cred);
if (error != EAGAIN &&
(nch.ncp->nc_flag & NCF_DESTROYED) == 0) {
if (error == ESTALE) {
if (!inretry)
error = ENOENT;
doretry = TRUE;
}
break;
}
kprintf("[diagnostic] nlookup: relookup %*.*s\n",
nch.ncp->nc_nlen, nch.ncp->nc_nlen,
nch.ncp->nc_name);
cache_put(&nch);
nch = cache_nlookup(&nd->nl_nch, &nlc);
}
}
if (hvp)
vdrop(hvp);
wasdotordotdot = 0;
}
/*
* If the last component was "." or ".." our dflags no longer
* represents the parent directory and we have to explicitly
* look it up.
*
* Expect the parent to be good since nch is locked.
*/
if (wasdotordotdot && error == 0) {
dflags = 0;
if ((par.ncp = nch.ncp->nc_parent) != NULL) {
par.mount = nch.mount;
cache_hold(&par);
cache_lock_maybe_shared(&par, wantsexcllock(nd, ptr));
error = naccess(&par, 0, nd->nl_cred, &dflags);
cache_put(&par);
if (error) {
if (!keeperror(nd, error))
error = 0;
}
}
}
/*
* [end of subsection]
*
* nch is locked and referenced.
* nd->nl_nch is unlocked and referenced.
*
* nl_nch must be unlocked or we could chain lock to the root
* if a resolve gets stuck (e.g. in NFS).
*/
KKASSERT((nd->nl_flags & NLC_NCPISLOCKED) == 0);
/*
* Resolve the namespace if necessary. The ncp returned by
* cache_nlookup() is referenced and locked.
*
* XXX neither '.' nor '..' should return EAGAIN since they were
* previously resolved and thus cannot be newly created ncp's.
*/
if (nch.ncp->nc_flag & NCF_UNRESOLVED) {
hit = 0;
error = cache_resolve(&nch, nd->nl_cred);
if (error == ESTALE) {
if (!inretry)
error = ENOENT;
doretry = TRUE;
}
KKASSERT(error != EAGAIN);
} else {
error = nch.ncp->nc_error;
}
/*
* Early completion. ENOENT is not an error if this is the last
* component and NLC_CREATE or NLC_RENAME (rename target) was
* requested. Note that ncp->nc_error is left as ENOENT in that
* case, which we check later on.
*
* Also handle invalid '.' or '..' components terminating a path
* for a create/rename/delete. The standard requires this and pax
* pretty stupidly depends on it.
*/
if (islastelement(ptr)) {
if (error == ENOENT &&
(nd->nl_flags & (NLC_CREATE | NLC_RENAME_DST))
) {
if (nd->nl_flags & NLC_NFS_RDONLY) {
error = EROFS;
} else {
error = naccess(&nch, nd->nl_flags | dflags,
nd->nl_cred, NULL);
}
}
if (error == 0 && wasdotordotdot &&
(nd->nl_flags & (NLC_CREATE | NLC_DELETE |
NLC_RENAME_SRC | NLC_RENAME_DST))) {
/*
* POSIX junk
*/
if (nd->nl_flags & NLC_CREATE)
error = EEXIST;
else if (nd->nl_flags & NLC_DELETE)
error = (wasdotordotdot == 1) ? EINVAL : ENOTEMPTY;
else
error = EINVAL;
}
}
/*
* Early completion on error.
*/
if (error) {
cache_put(&nch);
break;
}
/*
* If the element is a symlink and it is either not the last
* element or it is the last element and we are allowed to
* follow symlinks, resolve the symlink.
*/
if ((nch.ncp->nc_flag & NCF_ISSYMLINK) &&
(*ptr || (nd->nl_flags & NLC_FOLLOW))
) {
if (nd->nl_loopcnt++ >= MAXSYMLINKS) {
error = ELOOP;
cache_put(&nch);
break;
}
error = nreadsymlink(nd, &nch, &nlc);
cache_put(&nch);
if (error)
break;
/*
* Concatenate trailing path elements onto the returned symlink.
* Note that if the path component (ptr) is not exhausted, it
* will being with a '/', so we do not have to add another one.
*
* The symlink may not be empty.
*/
len = strlen(ptr);
if (nlc.nlc_namelen == 0 || nlc.nlc_namelen + len >= MAXPATHLEN) {
error = nlc.nlc_namelen ? ENAMETOOLONG : ENOENT;
objcache_put(namei_oc, nlc.nlc_nameptr);
break;
}
bcopy(ptr, nlc.nlc_nameptr + nlc.nlc_namelen, len + 1);
if (nd->nl_flags & NLC_HASBUF)
objcache_put(namei_oc, nd->nl_path);
nd->nl_path = nlc.nlc_nameptr;
nd->nl_flags |= NLC_HASBUF;
ptr = nd->nl_path;
/*
* Go back up to the top to resolve any initial '/'s in the
* symlink.
*/
continue;
}
/*
* If the element is a directory and we are crossing a mount point,
* Locate the mount.
*/
while ((nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
(nd->nl_flags & NLC_NOCROSSMOUNT) == 0 &&
(mp = cache_findmount(&nch)) != NULL
) {
struct vnode *tdp;
int vfs_do_busy = 0;
/*
* VFS must be busied before the namecache entry is locked,
* but we don't want to waste time calling vfs_busy() if the
* mount point is already resolved.
*/
again:
cache_put(&nch);
if (vfs_do_busy) {
while (vfs_busy(mp, 0)) {
if (mp->mnt_kern_flag & MNTK_UNMOUNT) {
kprintf("nlookup: warning umount race avoided\n");
cache_dropmount(mp);
error = EBUSY;
vfs_do_busy = 0;
goto double_break;
}
}
}
cache_get_maybe_shared(&mp->mnt_ncmountpt, &nch,
wantsexcllock(nd, ptr));
if (nch.ncp->nc_flag & NCF_UNRESOLVED) {
if (vfs_do_busy == 0) {
vfs_do_busy = 1;
goto again;
}
error = VFS_ROOT(mp, &tdp);
vfs_unbusy(mp);
vfs_do_busy = 0;
if (keeperror(nd, error)) {
cache_dropmount(mp);
break;
}
if (error == 0) {
cache_setvp(&nch, tdp);
vput(tdp);
}
}
if (vfs_do_busy)
vfs_unbusy(mp);
cache_dropmount(mp);
}
if (keeperror(nd, error)) {
cache_put(&nch);
double_break:
break;
}
/*
* Skip any slashes to get to the next element. If there
* are any slashes at all the current element must be a
* directory or, in the create case, intended to become a directory.
* If it isn't we break without incrementing ptr and fall through
* to the failure case below.
*/
while (*ptr == '/') {
if ((nch.ncp->nc_flag & NCF_ISDIR) == 0 &&
!(nd->nl_flags & NLC_WILLBEDIR)
) {
break;
}
++ptr;
}
/*
* Continuation case: additional elements and the current
* element is a directory.
*/
if (*ptr && (nch.ncp->nc_flag & NCF_ISDIR)) {
if (nd->nl_flags & NLC_NCDIR) {
cache_drop_ncdir(&nd->nl_nch);
nd->nl_flags &= ~NLC_NCDIR;
} else {
cache_drop(&nd->nl_nch);
}
cache_unlock(&nch);
KKASSERT((nd->nl_flags & NLC_NCPISLOCKED) == 0);
nd->nl_nch = nch;
continue;
}
/*
* Failure case: additional elements and the current element
* is not a directory
*/
if (*ptr) {
cache_put(&nch);
error = ENOTDIR;
break;
}
/*
* Successful lookup of last element.
*
* Check permissions if the target exists. If the target does not
* exist directory permissions were already tested in the early
* completion code above.
*
* nd->nl_flags will be adjusted on return with NLC_APPENDONLY
* if the file is marked append-only, and NLC_STICKY if the directory
* containing the file is sticky.
*/
if (nch.ncp->nc_vp && (nd->nl_flags & NLC_ALLCHKS)) {
error = naccess(&nch, nd->nl_flags | dflags,
nd->nl_cred, NULL);
if (keeperror(nd, error)) {
cache_put(&nch);
break;
}
}
/*
* Termination: no more elements.
*
* If NLC_REFDVP is set acquire a referenced parent dvp.
*/
if (nd->nl_flags & NLC_REFDVP) {
cache_lock(&nd->nl_nch);
error = cache_vref(&nd->nl_nch, nd->nl_cred, &nd->nl_dvp);
cache_unlock(&nd->nl_nch);
if (keeperror(nd, error)) {
kprintf("NLC_REFDVP: Cannot ref dvp of %p\n", nch.ncp);
cache_put(&nch);
break;
}
}
if (nd->nl_flags & NLC_NCDIR) {
cache_drop_ncdir(&nd->nl_nch);
nd->nl_flags &= ~NLC_NCDIR;
} else {
cache_drop(&nd->nl_nch);
}
nd->nl_nch = nch;
nd->nl_flags |= NLC_NCPISLOCKED;
error = 0;
break;
}
if (hit)
++gd->gd_nchstats->ncs_longhits;
else
++gd->gd_nchstats->ncs_longmiss;
if (nd->nl_flags & NLC_NCPISLOCKED)
KKASSERT(cache_lockstatus(&nd->nl_nch) > 0);
/*
* Retry the whole thing if doretry flag is set, but only once.
* autofs(5) may mount another filesystem under its root directory
* while resolving a path.
*/
if (doretry && !inretry) {
inretry = TRUE;
nd->nl_flags &= NLC_NCDIR;
nd->nl_flags |= saveflag;
goto nlookup_start;
}
/*
* NOTE: If NLC_CREATE was set the ncp may represent a negative hit
* (ncp->nc_error will be ENOENT), but we will still return an error
* code of 0.
*/
return(error);
}
/*
* Common code for vnode open operations. Check permissions, and call
* the VOP_NOPEN or VOP_NCREATE routine.
*
* The caller is responsible for setting up nd with nlookup_init() and
* for cleaning it up with nlookup_done(), whether we return an error
* or not.
*
* On success nd->nl_open_vp will hold a referenced and, if requested,
* locked vnode. A locked vnode is requested via NLC_LOCKVP. If fp
* is non-NULL the vnode will be installed in the file pointer.
*
* NOTE: The vnode is referenced just once on return whether or not it
* is also installed in the file pointer.
*/
int
vn_open(struct nlookupdata *nd, struct file *fp, int fmode, int cmode)
{
struct vnode *vp;
struct ucred *cred = nd->nl_cred;
struct vattr vat;
struct vattr *vap = &vat;
int error;
u_int flags;
uint64_t osize;
struct mount *mp;
/*
* Certain combinations are illegal
*/
if ((fmode & (FWRITE | O_TRUNC)) == O_TRUNC)
return(EACCES);
/*
* Lookup the path and create or obtain the vnode. After a
* successful lookup a locked nd->nl_nch will be returned.
*
* The result of this section should be a locked vnode.
*
* XXX with only a little work we should be able to avoid locking
* the vnode if FWRITE, O_CREAT, and O_TRUNC are *not* set.
*/
nd->nl_flags |= NLC_OPEN;
if (fmode & O_APPEND)
nd->nl_flags |= NLC_APPEND;
if (fmode & O_TRUNC)
nd->nl_flags |= NLC_TRUNCATE;
if (fmode & FREAD)
nd->nl_flags |= NLC_READ;
if (fmode & FWRITE)
nd->nl_flags |= NLC_WRITE;
if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0)
nd->nl_flags |= NLC_FOLLOW;
if (fmode & O_CREAT) {
/*
* CONDITIONAL CREATE FILE CASE
*
* Setting NLC_CREATE causes a negative hit to store
* the negative hit ncp and not return an error. Then
* nc_error or nc_vp may be checked to see if the ncp
* represents a negative hit. NLC_CREATE also requires
* write permission on the governing directory or EPERM
* is returned.
*/
nd->nl_flags |= NLC_CREATE;
nd->nl_flags |= NLC_REFDVP;
bwillinode(1);
error = nlookup(nd);
} else {
/*
* NORMAL OPEN FILE CASE
*/
error = nlookup(nd);
}
if (error)
return (error);
/*
* split case to allow us to re-resolve and retry the ncp in case
* we get ESTALE.
*/
again:
if (fmode & O_CREAT) {
if (nd->nl_nch.ncp->nc_vp == NULL) {
if ((error = ncp_writechk(&nd->nl_nch)) != 0)
return (error);
VATTR_NULL(vap);
vap->va_type = VREG;
vap->va_mode = cmode;
if (fmode & O_EXCL)
vap->va_vaflags |= VA_EXCLUSIVE;
error = VOP_NCREATE(&nd->nl_nch, nd->nl_dvp, &vp,
nd->nl_cred, vap);
if (error)
return (error);
fmode &= ~O_TRUNC;
/* locked vnode is returned */
} else {
if (fmode & O_EXCL) {
error = EEXIST;
} else {
error = cache_vget(&nd->nl_nch, cred,
LK_EXCLUSIVE, &vp);
}
if (error)
return (error);
fmode &= ~O_CREAT;
}
} else {
error = cache_vget(&nd->nl_nch, cred, LK_EXCLUSIVE, &vp);
if (error)
return (error);
}
/*
* We have a locked vnode and ncp now. Note that the ncp will
* be cleaned up by the caller if nd->nl_nch is left intact.
*/
if (vp->v_type == VLNK) {
error = EMLINK;
goto bad;
}
if (vp->v_type == VSOCK) {
error = EOPNOTSUPP;
goto bad;
}
if ((fmode & O_CREAT) == 0) {
if (fmode & (FWRITE | O_TRUNC)) {
if (vp->v_type == VDIR) {
error = EISDIR;
goto bad;
}
error = vn_writechk(vp, &nd->nl_nch);
if (error) {
/*
* Special stale handling, re-resolve the
* vnode.
*/
if (error == ESTALE) {
vput(vp);
vp = NULL;
cache_setunresolved(&nd->nl_nch);
error = cache_resolve(&nd->nl_nch, cred);
if (error == 0)
goto again;
}
goto bad;
}
}
}
if (fmode & O_TRUNC) {
vn_unlock(vp); /* XXX */
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
osize = vp->v_filesize;
VATTR_NULL(vap);
vap->va_size = 0;
error = VOP_SETATTR(vp, vap, cred);
if (error)
goto bad;
error = VOP_GETATTR(vp, vap);
if (error)
goto bad;
mp = vq_vptomp(vp);
VFS_ACCOUNT(mp, vap->va_uid, vap->va_gid, -osize);
}
/*
* Set or clear VNSWAPCACHE on the vp based on nd->nl_nch.ncp->nc_flag.
* These particular bits a tracked all the way from the root.
*
* NOTE: Might not work properly on NFS servers due to the
* disconnected namecache.
*/
flags = nd->nl_nch.ncp->nc_flag;
if ((flags & (NCF_UF_CACHE | NCF_UF_PCACHE)) &&
(flags & (NCF_SF_NOCACHE | NCF_SF_PNOCACHE)) == 0) {
vsetflags(vp, VSWAPCACHE);
} else {
vclrflags(vp, VSWAPCACHE);
}
/*
* Setup the fp so VOP_OPEN can override it. No descriptor has been
* associated with the fp yet so we own it clean.
*
* f_nchandle inherits nl_nch. This used to be necessary only for
* directories but now we do it unconditionally so f*() ops
* such as fchmod() can access the actual namespace that was
* used to open the file.
*/
if (fp) {
if (nd->nl_flags & NLC_APPENDONLY)
fmode |= FAPPENDONLY;
fp->f_nchandle = nd->nl_nch;
cache_zero(&nd->nl_nch);
cache_unlock(&fp->f_nchandle);
}
/*
* Get rid of nl_nch. vn_open does not return it (it returns the
* vnode or the file pointer). Note: we can't leave nl_nch locked
* through the VOP_OPEN anyway since the VOP_OPEN may block, e.g.
* on /dev/ttyd0
*/
if (nd->nl_nch.ncp)
cache_put(&nd->nl_nch);
error = VOP_OPEN(vp, fmode, cred, fp);
if (error) {
/*
* setting f_ops to &badfileops will prevent the descriptor
* code from trying to close and release the vnode, since
* the open failed we do not want to call close.
*/
if (fp) {
fp->f_data = NULL;
fp->f_ops = &badfileops;
}
goto bad;
}
#if 0
/*
* Assert that VREG files have been setup for vmio.
*/
KASSERT(vp->v_type != VREG || vp->v_object != NULL,
("vn_open: regular file was not VMIO enabled!"));
#endif
/*
* Return the vnode. XXX needs some cleaning up. The vnode is
* only returned in the fp == NULL case.
*/
if (fp == NULL) {
nd->nl_open_vp = vp;
nd->nl_vp_fmode = fmode;
if ((nd->nl_flags & NLC_LOCKVP) == 0)
vn_unlock(vp);
} else {
vput(vp);
}
return (0);
bad:
if (vp)
vput(vp);
return (error);
}
static int
naccess(struct nchandle *nch, int nflags, struct ucred *cred, int *nflagsp)
{
struct vnode *vp;
struct vattr va;
struct namecache *ncp;
int error;
int cflags;
KKASSERT(cache_lockstatus(nch) > 0);
ncp = nch->ncp;
if (ncp->nc_flag & NCF_UNRESOLVED) {
cache_resolve(nch, cred);
ncp = nch->ncp;
}
error = ncp->nc_error;
/*
* Directory permissions checks. Silently ignore ENOENT if these
* tests pass. It isn't an error.
*
* We can safely resolve ncp->nc_parent because ncp is currently
* locked.
*/
if (nflags & (NLC_CREATE | NLC_DELETE | NLC_RENAME_SRC | NLC_RENAME_DST)) {
if (((nflags & NLC_CREATE) && ncp->nc_vp == NULL) ||
((nflags & NLC_DELETE) && ncp->nc_vp != NULL) ||
((nflags & NLC_RENAME_SRC) && ncp->nc_vp != NULL) ||
(nflags & NLC_RENAME_DST)
) {
struct nchandle par;
if ((par.ncp = ncp->nc_parent) == NULL) {
if (error != EAGAIN)
error = EINVAL;
} else if (error == 0 || error == ENOENT) {
par.mount = nch->mount;
cache_hold(&par);
cache_lock_maybe_shared(&par, 0);
error = naccess(&par, NLC_WRITE, cred, NULL);
cache_put(&par);
}
}
}
/*
* NLC_EXCL check. Target file must not exist.
*/
if (error == 0 && (nflags & NLC_EXCL) && ncp->nc_vp != NULL)
error = EEXIST;
/*
* Try to short-cut the vnode operation for intermediate directory
* components. This is a major SMP win because it avoids having
* to execute a lot of code for intermediate directory components,
* including shared refs and locks on intermediate directory vnodes.
*
* We can only do this if the caller does not need nflagsp.
*/
if (error == 0 && nflagsp == NULL &&
nflags == NLC_EXEC && (ncp->nc_flag & NCF_WXOK)) {
return 0;
}
/*
* Get the vnode attributes so we can do the rest of our checks.
*
* NOTE: We only call naccess_va() if the target exists.
*/
if (error == 0) {
error = cache_vget(nch, cred, LK_SHARED, &vp);
if (error == ENOENT) {
/*
* Silently zero-out ENOENT if creating or renaming
* (rename target). It isn't an error.
*/
if (nflags & (NLC_CREATE | NLC_RENAME_DST))
error = 0;
} else if (error == 0) {
/*
* Get the vnode attributes and check for illegal O_TRUNC
* requests and read-only mounts.
*
* NOTE: You can still open devices on read-only mounts for
* writing.
*
* NOTE: creates/deletes/renames are handled by the NLC_WRITE
* check on the parent directory above.
*
* XXX cache the va in the namecache or in the vnode
*/
error = VOP_GETATTR(vp, &va);
if (error == 0 && (nflags & NLC_TRUNCATE)) {
switch(va.va_type) {
case VREG:
case VDATABASE:
case VCHR:
case VBLK:
case VFIFO:
break;
case VDIR:
error = EISDIR;
break;
default:
error = EINVAL;
break;
}
}
if (error == 0 && (nflags & NLC_WRITE) && vp->v_mount &&
(vp->v_mount->mnt_flag & MNT_RDONLY)
) {
switch(va.va_type) {
case VDIR:
case VLNK:
case VREG:
case VDATABASE:
error = EROFS;
break;
default:
break;
}
}
vput(vp);
/*
* Check permissions based on file attributes. The passed
* flags (*nflagsp) are modified with feedback based on
* special attributes and requirements.
*/
if (error == 0) {
/*
* Adjust the returned (*nflagsp) if non-NULL.
*/
if (nflagsp) {
if ((va.va_mode & VSVTX) && va.va_uid != cred->cr_uid)
*nflagsp |= NLC_STICKY;
if (va.va_flags & APPEND)
*nflagsp |= NLC_APPENDONLY;
if (va.va_flags & IMMUTABLE)
*nflagsp |= NLC_IMMUTABLE;
}
/*
* NCF_WXOK can be set for world-searchable directories.
*
* XXX When we implement capabilities this code would also
* need a cap check, or only set the flag if there are no
* capabilities.
*/
cflags = 0;
if (va.va_type == VDIR &&
(va.va_mode & S_WXOK_MASK) == S_WXOK_MASK) {
cflags |= NCF_WXOK;
}
/*
* Track swapcache management flags in the namecache.
*
* Calculate the flags based on the current vattr info
* and recalculate the inherited flags from the parent
* (the original cache linkage may have occurred without
* getattrs and thus have stale flags).
*/
if (va.va_flags & SF_NOCACHE)
cflags |= NCF_SF_NOCACHE;
if (va.va_flags & UF_CACHE)
cflags |= NCF_UF_CACHE;
if (ncp->nc_parent) {
if (ncp->nc_parent->nc_flag &
(NCF_SF_NOCACHE | NCF_SF_PNOCACHE)) {
cflags |= NCF_SF_PNOCACHE;
}
if (ncp->nc_parent->nc_flag &
(NCF_UF_CACHE | NCF_UF_PCACHE)) {
cflags |= NCF_UF_PCACHE;
}
}
/*
* We're not supposed to update nc_flag when holding a shared
* lock, but we allow the case for certain flags. Note that
* holding an exclusive lock allows updating nc_flag without
* atomics. nc_flag is not allowe to be updated at all unless
* a shared or exclusive lock is held.
*/
atomic_clear_short(&ncp->nc_flag,
(NCF_SF_NOCACHE | NCF_UF_CACHE |
NCF_SF_PNOCACHE | NCF_UF_PCACHE |
NCF_WXOK) & ~cflags);
atomic_set_short(&ncp->nc_flag, cflags);
/*
* Process general access.
*/
error = naccess_va(&va, nflags, cred);
}
}
}
return(error);
}
