/*
* smb_query_pathname
*
* Determine the absolute pathname of 'node' within the share.
* For some levels (e.g. ALL_INFO) the pathname should include the
* sharename for others (e.g. NAME_INFO) the pathname should be
* relative to the share.
* For example if the node represents file "test1.txt" in directory
* "dir1" on share "share1"
* - if include_share is TRUE the pathname would be: \share1\dir1\test1.txt
* - if include_share is FALSE the pathname would be: \dir1\test1.txt
*
* If node represents a named stream, construct the pathname for the
* associated unnamed stream then append the stream name.
*/
static int
smb_query_pathname(smb_tree_t *tree, smb_node_t *node, boolean_t include_share,
char *buf, size_t buflen)
{
char *sharename = tree->t_sharename;
int rc;
size_t len;
vnode_t *vp;
if (include_share) {
len = snprintf(buf, buflen, "\\%s", sharename);
if (len == (buflen - 1))
return (ENAMETOOLONG);
buf += len;
buflen -= len;
}
if (SMB_IS_STREAM(node))
vp = node->n_unode->vp;
else
vp = node->vp;
rc = vnodetopath(tree->t_snode->vp, vp, buf, buflen, kcred);
if (rc == 0) {
(void) strsubst(buf, '/', '\\');
if (SMB_IS_STREAM(node))
(void) strlcat(buf, node->od_name, buflen);
}
return (rc);
}
/*ARGSUSED*/
static int
lo_mount(struct vfs *vfsp,
struct vnode *vp,
struct mounta *uap,
struct cred *cr)
{
int error;
struct vnode *srootvp = NULL; /* the server's root */
struct vnode *realrootvp;
struct loinfo *li;
int nodev;
nodev = vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL);
if ((error = secpolicy_fs_mount(cr, vp, vfsp)) != 0)
return (EPERM);
/*
* Loopback devices which get "nodevices" added can be done without
* "nodevices" set because we cannot import devices into a zone
* with loopback. Note that we have all zone privileges when
* this happens; if not, we'd have gotten "nosuid".
*/
if (!nodev && vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL))
vfs_setmntopt(vfsp, MNTOPT_DEVICES, NULL, VFS_NODISPLAY);
mutex_enter(&vp->v_lock);
if (!(uap->flags & MS_OVERLAY) &&
(vp->v_count != 1 || (vp->v_flag & VROOT))) {
mutex_exit(&vp->v_lock);
return (EBUSY);
}
mutex_exit(&vp->v_lock);
/*
* Find real root, and make vfs point to real vfs
*/
if (error = lookupname(uap->spec, (uap->flags & MS_SYSSPACE) ?
UIO_SYSSPACE : UIO_USERSPACE, FOLLOW, NULLVPP, &realrootvp))
return (error);
/*
* Enforce MAC policy if needed.
*
* Loopback mounts must not allow writing up. The dominance test
* is intended to prevent a global zone caller from accidentally
* creating write-up conditions between two labeled zones.
* Local zones can't violate MAC on their own without help from
* the global zone because they can't name a pathname that
* they don't already have.
*
* The special case check for the NET_MAC_AWARE process flag is
* to support the case of the automounter in the global zone. We
* permit automounting of local zone directories such as home
* directories, into the global zone as required by setlabel,
* zonecopy, and saving of desktop sessions. Such mounts are
* trusted not to expose the contents of one zone's directories
* to another by leaking them through the global zone.
*/
if (is_system_labeled() && crgetzoneid(cr) == GLOBAL_ZONEID) {
char specname[MAXPATHLEN];
zone_t *from_zptr;
zone_t *to_zptr;
if (vnodetopath(NULL, realrootvp, specname,
sizeof (specname), CRED()) != 0) {
VN_RELE(realrootvp);
return (EACCES);
}
from_zptr = zone_find_by_path(specname);
to_zptr = zone_find_by_path(refstr_value(vfsp->vfs_mntpt));
/*
* Special case for zone devfs: the zone for /dev will
* incorrectly appear as the global zone since it's not
* under the zone rootpath. So for zone devfs check allow
* read-write mounts.
*
* Second special case for scratch zones used for Live Upgrade:
* this is used to mount the zone's root from /root to /a in
* the scratch zone. As with the other special case, this
* appears to be outside of the zone because it's not under
* the zone rootpath, which is $ZONEPATH/lu in the scratch
* zone case.
*/
if (from_zptr != to_zptr &&
!(to_zptr->zone_flags & ZF_IS_SCRATCH)) {
/*
* We know at this point that the labels aren't equal
* because the zone pointers aren't equal, and zones
* can't share a label.
*
* If the source is the global zone then making
* it available to a local zone must be done in
* read-only mode as the label will become admin_low.
*
* If it is a mount between local zones then if
* the current process is in the global zone and has
* the NET_MAC_AWARE flag, then regular read-write
* access is allowed. If it's in some other zone, but
* the label on the mount point dominates the original
* source, then allow the mount as read-only
* ("read-down").
*/
if (from_zptr->zone_id == GLOBAL_ZONEID) {
/* make the mount read-only */
vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
} else { /* cross-zone mount */
if (to_zptr->zone_id == GLOBAL_ZONEID &&
/* LINTED: no consequent */
getpflags(NET_MAC_AWARE, cr) != 0) {
/* Allow the mount as read-write */
} else if (bldominates(
label2bslabel(to_zptr->zone_slabel),
label2bslabel(from_zptr->zone_slabel))) {
/* make the mount read-only */
vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
} else {
VN_RELE(realrootvp);
zone_rele(to_zptr);
zone_rele(from_zptr);
return (EACCES);
}
}
}
zone_rele(to_zptr);
zone_rele(from_zptr);
}
/*
* realrootvp may be an AUTOFS node, in which case we
* perform a VOP_ACCESS() to trigger the mount of the
* intended filesystem, so we loopback mount the intended
* filesystem instead of the AUTOFS filesystem.
*/
(void) VOP_ACCESS(realrootvp, 0, 0, cr, NULL);
/*
* We're interested in the top most filesystem.
* This is specially important when uap->spec is a trigger
* AUTOFS node, since we're really interested in mounting the
* filesystem AUTOFS mounted as result of the VOP_ACCESS()
* call not the AUTOFS node itself.
*/
if (vn_mountedvfs(realrootvp) != NULL) {
if (error = traverse(&realrootvp)) {
VN_RELE(realrootvp);
return (error);
}
}
/*
* Allocate a vfs info struct and attach it
*/
li = kmem_zalloc(sizeof (struct loinfo), KM_SLEEP);
li->li_realvfs = realrootvp->v_vfsp;
li->li_mountvfs = vfsp;
/*
* Set mount flags to be inherited by loopback vfs's
*/
if (vfs_optionisset(vfsp, MNTOPT_RO, NULL)) {
li->li_mflag |= VFS_RDONLY;
}
if (vfs_optionisset(vfsp, MNTOPT_NOSUID, NULL)) {
li->li_mflag |= (VFS_NOSETUID|VFS_NODEVICES);
}
if (vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL)) {
li->li_mflag |= VFS_NODEVICES;
}
if (vfs_optionisset(vfsp, MNTOPT_NOSETUID, NULL)) {
li->li_mflag |= VFS_NOSETUID;
}
/*
* Permissive flags are added to the "deny" bitmap.
*/
if (vfs_optionisset(vfsp, MNTOPT_NOXATTR, NULL)) {
li->li_dflag |= VFS_XATTR;
}
if (vfs_optionisset(vfsp, MNTOPT_NONBMAND, NULL)) {
li->li_dflag |= VFS_NBMAND;
}
/*
* Propagate inheritable mount flags from the real vfs.
*/
if ((li->li_realvfs->vfs_flag & VFS_RDONLY) &&
!vfs_optionisset(vfsp, MNTOPT_RO, NULL))
vfs_setmntopt(vfsp, MNTOPT_RO, NULL,
VFS_NODISPLAY);
if ((li->li_realvfs->vfs_flag & VFS_NOSETUID) &&
!vfs_optionisset(vfsp, MNTOPT_NOSETUID, NULL))
vfs_setmntopt(vfsp, MNTOPT_NOSETUID, NULL,
VFS_NODISPLAY);
if ((li->li_realvfs->vfs_flag & VFS_NODEVICES) &&
!vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL))
vfs_setmntopt(vfsp, MNTOPT_NODEVICES, NULL,
VFS_NODISPLAY);
/*
* Permissive flags such as VFS_XATTR, as opposed to restrictive flags
* such as VFS_RDONLY, are handled differently. An explicit
* MNTOPT_NOXATTR should override the underlying filesystem's VFS_XATTR.
*/
if ((li->li_realvfs->vfs_flag & VFS_XATTR) &&
!vfs_optionisset(vfsp, MNTOPT_NOXATTR, NULL) &&
!vfs_optionisset(vfsp, MNTOPT_XATTR, NULL))
vfs_setmntopt(vfsp, MNTOPT_XATTR, NULL,
VFS_NODISPLAY);
if ((li->li_realvfs->vfs_flag & VFS_NBMAND) &&
!vfs_optionisset(vfsp, MNTOPT_NBMAND, NULL) &&
!vfs_optionisset(vfsp, MNTOPT_NONBMAND, NULL))
vfs_setmntopt(vfsp, MNTOPT_NBMAND, NULL,
VFS_NODISPLAY);
li->li_refct = 0;
vfsp->vfs_data = (caddr_t)li;
vfsp->vfs_bcount = 0;
vfsp->vfs_fstype = lofsfstype;
vfsp->vfs_bsize = li->li_realvfs->vfs_bsize;
vfsp->vfs_dev = li->li_realvfs->vfs_dev;
vfsp->vfs_fsid.val[0] = li->li_realvfs->vfs_fsid.val[0];
vfsp->vfs_fsid.val[1] = li->li_realvfs->vfs_fsid.val[1];
if (vfs_optionisset(vfsp, MNTOPT_LOFS_NOSUB, NULL)) {
li->li_flag |= LO_NOSUB;
}
/*
* Propagate any VFS features
*/
vfs_propagate_features(li->li_realvfs, vfsp);
/*
* Setup the hashtable. If the root of this mount isn't a directory,
* there's no point in allocating a large hashtable. A table with one
* bucket is sufficient.
*/
if (realrootvp->v_type != VDIR)
lsetup(li, 1);
else
lsetup(li, 0);
/*
* Make the root vnode
*/
srootvp = makelonode(realrootvp, li, 0);
srootvp->v_flag |= VROOT;
li->li_rootvp = srootvp;
#ifdef LODEBUG
lo_dprint(4, "lo_mount: vfs %p realvfs %p root %p realroot %p li %p\n",
vfsp, li->li_realvfs, srootvp, realrootvp, li);
#endif
return (0);
}
/*
* The typical call consists of:
* - priv_set_t
* - some integer data (type, value)
* for now, it's just one bit.
*/
static klpd_head_t *
klpd_marshall(klpd_reg_t *p, const priv_set_t *rq, va_list ap)
{
char *tmp;
uint_t type;
vnode_t *vp;
size_t len = sizeof (priv_set_t) + sizeof (klpd_head_t);
size_t plen, clen;
int proto;
klpd_arg_t *kap = NULL;
klpd_head_t *khp;
type = va_arg(ap, uint_t);
switch (type) {
case KLPDARG_NOMORE:
khp = kmem_zalloc(len, KM_SLEEP);
khp->klh_argoff = 0;
break;
case KLPDARG_VNODE:
len += offsetof(klpd_arg_t, kla_str);
vp = va_arg(ap, vnode_t *);
if (vp == NULL)
return (NULL);
tmp = va_arg(ap, char *);
if (tmp != NULL && *tmp != '\0')
clen = strlen(tmp) + 1;
else
clen = 0;
len += ROUNDUP(MAXPATHLEN, sizeof (uint_t));
khp = kmem_zalloc(len, KM_SLEEP);
khp->klh_argoff = sizeof (klpd_head_t) + sizeof (priv_set_t);
kap = KLH_ARG(khp);
if (vnodetopath(crgetzone(p->klpd_cred)->zone_rootvp,
vp, kap->kla_str, MAXPATHLEN, p->klpd_cred) != 0) {
kmem_free(khp, len);
return (NULL);
}
if (clen != 0) {
plen = strlen(kap->kla_str);
if (plen + clen + 1 >= MAXPATHLEN) {
kmem_free(khp, len);
return (NULL);
}
/* Don't make root into a double "/" */
if (plen <= 2)
plen = 0;
kap->kla_str[plen] = '/';
bcopy(tmp, &kap->kla_str[plen + 1], clen);
}
break;
case KLPDARG_PORT:
proto = va_arg(ap, int);
switch (proto) {
case IPPROTO_TCP: type = KLPDARG_TCPPORT;
break;
case IPPROTO_UDP: type = KLPDARG_UDPPORT;
break;
case IPPROTO_SCTP: type = KLPDARG_SCTPPORT;
break;
case PROTO_SDP: type = KLPDARG_SDPPORT;
break;
}
/* FALLTHROUGH */
case KLPDARG_INT:
case KLPDARG_TCPPORT:
case KLPDARG_UDPPORT:
case KLPDARG_SCTPPORT:
case KLPDARG_SDPPORT:
len += sizeof (*kap);
khp = kmem_zalloc(len, KM_SLEEP);
khp->klh_argoff = sizeof (klpd_head_t) + sizeof (priv_set_t);
kap = KLH_ARG(khp);
kap->kla_int = va_arg(ap, int);
break;
default:
return (NULL);
}
khp->klh_vers = KLPDCALL_VERS;
khp->klh_len = len;
khp->klh_privoff = sizeof (*khp);
*KLH_PRIVSET(khp) = *rq;
if (kap != NULL) {
kap->kla_type = type;
kap->kla_dlen = len - khp->klh_argoff;
}
return (khp);
}
/*
* getflabel -
*
* Return pointer to the ts_label associated with the specified file,
* or returns NULL if error occurs. Caller is responsible for doing
* a label_rele of the ts_label.
*/
ts_label_t *
getflabel(vnode_t *vp)
{
vfs_t *vfsp, *rvfsp;
vnode_t *rvp, *rvp2;
zone_t *zone;
ts_label_t *zl;
int err;
boolean_t vfs_is_held = B_FALSE;
char vpath[MAXPATHLEN];
ASSERT(vp);
vfsp = vp->v_vfsp;
if (vfsp == NULL)
return (NULL);
rvp = vp;
/*
* Traverse lofs mounts and fattach'es to get the real vnode
*/
if (VOP_REALVP(rvp, &rvp2, NULL) == 0)
rvp = rvp2;
rvfsp = rvp->v_vfsp;
/* rvp/rvfsp now represent the real vnode/vfs we will be using */
/* Go elsewhere to handle all nfs files. */
if (strncmp(vfssw[rvfsp->vfs_fstype].vsw_name, "nfs", 3) == 0)
return (getflabel_nfs(rvfsp));
/*
* Fast path, for objects in a labeled zone: everything except
* for lofs/nfs will be just the label of that zone.
*/
if ((rvfsp->vfs_zone != NULL) && (rvfsp->vfs_zone != global_zone)) {
if ((strcmp(vfssw[rvfsp->vfs_fstype].vsw_name,
"lofs") != 0)) {
zone = rvfsp->vfs_zone;
zone_hold(zone);
goto zone_out; /* return this label */
}
}
/*
* Get the vnode path -- it may be missing or weird for some
* cases, like devices. In those cases use the label of the
* current zone.
*/
err = vnodetopath(rootdir, rvp, vpath, sizeof (vpath), kcred);
if ((err != 0) || (*vpath != '/')) {
zone = curproc->p_zone;
zone_hold(zone);
goto zone_out;
}
/*
* For zfs filesystem, return the explicit label property if a
* meaningful one exists.
*/
if (strncmp(vfssw[rvfsp->vfs_fstype].vsw_name, "zfs", 3) == 0) {
ts_label_t *tsl;
tsl = getflabel_zfs(rvfsp);
/* if label found, return it, otherwise continue... */
if (tsl != NULL)
return (tsl);
}
/*
* If a mountpoint exists, hold the vfs while we reference it.
* Otherwise if mountpoint is NULL it should not be held (e.g.,
* a hold/release on spec_vfs would result in an attempted free
* and panic.)
*/
if (vfsp->vfs_mntpt != NULL) {
VFS_HOLD(vfsp);
vfs_is_held = B_TRUE;
}
zone = zone_find_by_any_path(vpath, B_FALSE);
/*
* If the vnode source zone is properly set to a non-global zone, or
* any zone if the mount is R/W, then use the label of that zone.
*/
if ((zone != global_zone) || ((vfsp->vfs_flag & VFS_RDONLY) != 0))
goto zone_out; /* return this label */
/*
* Otherwise, if we're not in the global zone, use the label of
* our zone.
*/
if ((zone = curproc->p_zone) != global_zone) {
zone_hold(zone);
goto zone_out; /* return this label */
}
/*
* We're in the global zone and the mount is R/W ... so the file
* may actually be in the global zone -- or in the root of any zone.
* Always build our own path for the file, to be sure it's simplified
* (i.e., no ".", "..", "//", and so on).
*/
zone_rele(zone);
zone = zone_find_by_any_path(vpath, B_FALSE);
zone_out:
if ((curproc->p_zone == global_zone) && (zone == global_zone)) {
vfs_t *nvfs;
boolean_t exported = B_FALSE;
refstr_t *mntpt_ref;
char *mntpt;
/*
* File is in the global zone - check whether it's admin_high.
* If it's in a filesys that was exported from the global zone,
* it's admin_low by definition. Otherwise, if it's in a
* filesys that's NOT exported to any zone, it's admin_high.
*
* And for these files if there wasn't a valid mount resource,
* the file must be admin_high (not exported, probably a global
* zone device).
*/
if (!vfs_is_held)
goto out_high;
mntpt_ref = vfs_getmntpoint(vfsp);
mntpt = (char *)refstr_value(mntpt_ref);
if ((mntpt != NULL) && (*mntpt == '/')) {
zone_t *to_zone;
to_zone = zone_find_by_any_path(mntpt, B_FALSE);
zone_rele(to_zone);
if (to_zone != global_zone) {
/* force admin_low */
exported = B_TRUE;
}
}
if (mntpt_ref)
refstr_rele(mntpt_ref);
if (!exported) {
size_t plen = strlen(vpath);
vfs_list_read_lock();
nvfs = vfsp->vfs_next;
while (nvfs != vfsp) {
const char *rstr;
size_t rlen = 0;
/*
* Skip checking this vfs if it's not lofs
* (the only way to export from the global
* zone to a zone).
*/
if (strncmp(vfssw[nvfs->vfs_fstype].vsw_name,
"lofs", 4) != 0) {
nvfs = nvfs->vfs_next;
continue;
}
rstr = refstr_value(nvfs->vfs_resource);
if (rstr != NULL)
rlen = strlen(rstr);
/*
* Check for a match: does this vfs correspond
* to our global zone file path? I.e., check
* if the resource string of this vfs is a
* prefix of our path.
*/
if ((rlen > 0) && (rlen <= plen) &&
(strncmp(rstr, vpath, rlen) == 0) &&
(vpath[rlen] == '/' ||
vpath[rlen] == '\0')) {
/* force admin_low */
exported = B_TRUE;
break;
}
nvfs = nvfs->vfs_next;
}
vfs_list_unlock();
}
if (!exported)
goto out_high;
}
if (vfs_is_held)
VFS_RELE(vfsp);
/*
* Now that we have the "home" zone for the file, return the slabel
* of that zone.
*/
zl = zone->zone_slabel;
label_hold(zl);
zone_rele(zone);
return (zl);
out_high:
if (vfs_is_held)
VFS_RELE(vfsp);
label_hold(l_admin_high);
zone_rele(zone);
return (l_admin_high);
}
