static int
ufs_delete_denied(struct vnode *vdp, struct vnode *tdp, struct ucred *cred,
struct thread *td)
{
int error;
#ifdef UFS_ACL
/*
* NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-03.txt
*
* 3.16.2.1. ACE4_DELETE vs. ACE4_DELETE_CHILD
*/
/*
* XXX: Is this check required?
*/
error = VOP_ACCESS(vdp, VEXEC, cred, td);
if (error)
return (error);
error = VOP_ACCESSX(tdp, VDELETE, cred, td);
if (error == 0)
return (0);
error = VOP_ACCESSX(vdp, VDELETE_CHILD, cred, td);
if (error == 0)
return (0);
error = VOP_ACCESSX(vdp, VEXPLICIT_DENY | VDELETE_CHILD, cred, td);
if (error)
return (error);
#endif /* !UFS_ACL */
/*
* Standard Unix access control - delete access requires VWRITE.
*/
error = VOP_ACCESS(vdp, VWRITE, cred, td);
if (error)
return (error);
/*
* If directory is "sticky", then user must own
* the directory, or the file in it, else she
* may not delete it (unless she's root). This
* implements append-only directories.
*/
if ((VTOI(vdp)->i_mode & ISVTX) &&
VOP_ACCESS(vdp, VADMIN, cred, td) &&
VOP_ACCESS(tdp, VADMIN, cred, td))
return (EPERM);
return (0);
}
/* This is VOP_ACCESS().
* permtype = bitwise-OR of MAY_READ, MAY_WRITE, MAY_EXEC
* For 2.6.27 and beyond we may need to handle other
* permission requests than the tradional MAY_[RWX], like
* MAY_ACCESS.
*/
extern int
vnode_iop_permission(
INODE_T *ip,
int permtype
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)
, struct nameidata *nd
#endif
#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,32)
, unsigned int flags
#endif
)
{
int err;
CALL_DATA_T cd;
ASSERT_I_SEM_NOT_MINE(ip);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38)
/* We can't deal with RCU lookups, the lookup will happen after
* a rcu_read_lock call, which means we can't block. Additionally,
* vfsmount_lock is locked, which means we can't call mntput
* (and other functions). We use the permission callback to detect
* and refuse RCU operations, which are then retried without using RCU.
*/
if (flags & IPERM_FLAG_RCU)
return -ECHILD;
#endif
mdki_linux_init_call_data(&cd);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
/* we are not dealing with MAY_ACCESS and MAY_OPEN */
permtype &= (MAY_READ | MAY_WRITE | MAY_EXEC);
#endif
/*
* Vnode core wants the mode test bits to be in the user position, not the
* low bits. Bits are in same order as standard UNIX rwx.
*/
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)
err = VOP_ACCESS(ITOV(ip), permtype << 6, 0, &cd, (nameidata_ctx *) nd);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,32)
err = VOP_ACCESS(ITOV(ip), permtype << 6, 0, &cd, NULL);
#else
err = VOP_ACCESS(ITOV(ip), permtype << 6, 0, &cd,
(nameidata_ctx *) (unsigned long) flags);
#endif
err = mdki_errno_unix_to_linux(err);
mdki_linux_destroy_call_data(&cd);
return err;
}
/*
* Credential check based on process requesting service, and per-attribute
* permissions.
*/
static int
ufs_extattr_credcheck(struct vnode *vp, struct ufs_extattr_list_entry *uele,
struct ucred *cred, struct proc *p, int access)
{
/*
* Kernel-invoked always succeeds.
*/
if (cred == NULL)
return (0);
/*
* Do not allow privileged processes in jail to directly
* manipulate system attributes.
*
* XXX What capability should apply here?
* Probably CAP_SYS_SETFFLAG.
*/
switch (uele->uele_attrnamespace) {
case EXTATTR_NAMESPACE_SYSTEM:
return (suser(cred, &p->p_acflag));
case EXTATTR_NAMESPACE_USER:
return (VOP_ACCESS(vp, access, cred, p));
default:
return (EPERM);
}
}
/*ARGSUSED2*/
static int
devfs_create(struct vnode *dvp, char *nm, struct vattr *vap, vcexcl_t excl,
int mode, struct vnode **vpp, struct cred *cred, int flag)
{
int error;
struct vnode *vp;
dcmn_err2(("devfs_create %s\n", nm));
error = dv_find(VTODV(dvp), nm, &vp, NULL, NULLVP, cred, 0);
if (error == 0) {
if (excl == EXCL)
error = EEXIST;
else if (vp->v_type == VDIR && (mode & VWRITE))
error = EISDIR;
else
error = VOP_ACCESS(vp, mode, 0, cred);
if (error) {
VN_RELE(vp);
} else
*vpp = vp;
} else if (error == ENOENT)
error = EROFS;
return (error);
}
/*
* genfs_ufslike_remove_check_permitted: Check whether a remove is
* permitted given our credentials, assuming UFS-like permission and
* ownership semantics.
*
* Everything must be locked and referenced.
*/
int
genfs_ufslike_remove_check_permitted(kauth_cred_t cred,
struct vnode *dvp, mode_t dmode, uid_t duid,
struct vnode *vp, uid_t uid)
{
int error;
KASSERT(dvp != NULL);
KASSERT(vp != NULL);
KASSERT(dvp != vp);
KASSERT(dvp->v_type == VDIR);
KASSERT(vp->v_type != VDIR);
KASSERT(dvp->v_mount == vp->v_mount);
KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE);
KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
/*
* We need to write to the directory to remove from it.
*/
error = VOP_ACCESS(dvp, VWRITE, cred);
if (error)
return error;
error = genfs_ufslike_check_sticky(cred, dmode, duid, vp, uid);
if (error)
return error;
return 0;
}
/* ARGSUSED */
static int
auto_open(vnode_t **vpp, int flag, cred_t *cred, caller_context_t *ct)
{
vnode_t *newvp;
int error;
AUTOFS_DPRINT((4, "auto_open: *vpp=%p\n", (void *)*vpp));
error = auto_trigger_mount(*vpp, cred, &newvp);
if (error)
goto done;
if (newvp != NULL) {
/*
* Node is now mounted on.
*/
VN_RELE(*vpp);
*vpp = newvp;
error = VOP_ACCESS(*vpp, VREAD, 0, cred, ct);
if (!error)
error = VOP_OPEN(vpp, flag, cred, ct);
}
done:
AUTOFS_DPRINT((5, "auto_open: *vpp=%p error=%d\n", (void *)*vpp,
error));
return (error);
}
static int
tmpfs_nlookupdotdot(struct vop_nlookupdotdot_args *v)
{
struct vnode *dvp = v->a_dvp;
struct vnode **vpp = v->a_vpp;
struct tmpfs_node *dnode = VP_TO_TMPFS_NODE(dvp);
struct ucred *cred = v->a_cred;
struct mount *mp;
int error;
*vpp = NULL;
mp = dvp->v_mount;
/* Check accessibility of requested node as a first step. */
error = VOP_ACCESS(dvp, VEXEC, cred);
if (error != 0)
return error;
if (dnode->tn_dir.tn_parent != NULL) {
/* Allocate a new vnode on the matching entry. */
error = tmpfs_alloc_vp(dvp->v_mount, dnode->tn_dir.tn_parent,
LK_EXCLUSIVE | LK_RETRY, vpp);
if (*vpp)
vn_unlock(*vpp);
}
return (*vpp == NULL) ? ENOENT : 0;
}
static int
smbfs_getextattr(struct vop_getextattr_args *ap)
/* {
IN struct vnode *a_vp;
IN char *a_name;
INOUT struct uio *a_uio;
IN kauth_cred_t a_cred;
};
*/
{
struct vnode *vp = ap->a_vp;
struct lwp *l = ap->a_l;
kauth_cred_t cred = ap->a_cred;
struct uio *uio = ap->a_uio;
const char *name = ap->a_name;
struct smbnode *np = VTOSMB(vp);
struct vattr vattr;
char buf[10];
int i, attr, error;
error = VOP_ACCESS(vp, VREAD, cred, td);
if (error)
return error;
error = VOP_GETATTR(vp, &vattr, cred, td);
if (error)
return error;
if (strcmp(name, "dosattr") == 0) {
attr = np->n_dosattr;
for (i = 0; i < 6; i++, attr >>= 1)
buf[i] = (attr & 1) ? smbfs_atl[i] : '-';
buf[i] = 0;
error = uiomove(buf, i, uio);
} else
static int
devfs_access(struct vnode *vp, int mode, int flags, struct cred *cr)
{
struct dv_node *dv = VTODV(vp);
int res;
dcmn_err2(("devfs_access %s\n", dv->dv_name));
ASSERT(dv->dv_attr || dv->dv_attrvp);
/* restrict console access to privileged processes */
if ((vp->v_rdev == rconsdev) && secpolicy_console(cr) != 0) {
return (EACCES);
}
if (dv->dv_attr && ((dv->dv_flags & DV_ACL) == 0)) {
rw_enter(&dv->dv_contents, RW_READER);
if (dv->dv_attr) {
res = devfs_unlocked_access(dv, mode, cr);
rw_exit(&dv->dv_contents);
return (res);
}
rw_exit(&dv->dv_contents);
}
return (VOP_ACCESS(dv->dv_attrvp, mode, flags, cr));
}
int
vn_openchk(struct vnode *vp, kauth_cred_t cred, int fflags)
{
int permbits = 0;
int error;
if ((fflags & O_DIRECTORY) != 0 && vp->v_type != VDIR)
return ENOTDIR;
if ((fflags & FREAD) != 0) {
permbits = VREAD;
}
if ((fflags & (FWRITE | O_TRUNC)) != 0) {
permbits |= VWRITE;
if (vp->v_type == VDIR) {
error = EISDIR;
goto bad;
}
error = vn_writechk(vp);
if (error != 0)
goto bad;
}
error = VOP_ACCESS(vp, permbits, cred);
bad:
return error;
}
/* ARGSUSED */
static int
xattr_dir_access(vnode_t *vp, int mode, int flags, cred_t *cr,
caller_context_t *ct)
{
int error;
vnode_t *realvp = NULL;
if (mode & VWRITE) {
return (EACCES);
}
error = xattr_dir_realdir(vp, &realvp, LOOKUP_XATTR, cr, ct);
if ((error == ENOENT || error == EINVAL)) {
/*
* These errors mean there's no "real" xattr dir.
* The GFS xattr dir always allows access.
*/
return (0);
}
if (error != 0) {
/*
* The "real" xattr dir was not accessible.
*/
return (error);
}
/*
* We got the "real" xattr dir.
* Pass through the access call.
*/
error = VOP_ACCESS(realvp, mode, flags, cr, ct);
return (error);
}
/*
* Change the mode on a file.
* Inode must be locked before calling.
*/
static int
ext2_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
{
struct inode *ip = VTOI(vp);
int error;
/*
* To modify the permissions on a file, must possess VADMIN
* for that file.
*/
if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
return (error);
/*
* Privileged processes may set the sticky bit on non-directories,
* as well as set the setgid bit on a file with a group that the
* process is not a member of.
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0);
if (error)
return (EFTYPE);
}
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
if (error)
return (error);
}
ip->i_mode &= ~ALLPERMS;
ip->i_mode |= (mode & ALLPERMS);
ip->i_flag |= IN_CHANGE;
return (0);
}
/*ARGSUSED2*/
static int
devpts_create(struct vnode *dvp, char *nm, struct vattr *vap, vcexcl_t excl,
int mode, struct vnode **vpp, struct cred *cred, int flag,
caller_context_t *ct, vsecattr_t *vsecp)
{
int error;
struct vnode *vp;
*vpp = NULL;
error = devpts_lookup(dvp, nm, &vp, NULL, 0, NULL, cred, ct, NULL,
NULL);
if (error == 0) {
if (excl == EXCL)
error = EEXIST;
else if (vp->v_type == VDIR && (mode & VWRITE))
error = EISDIR;
else
error = VOP_ACCESS(vp, mode, 0, cred, ct);
if (error) {
VN_RELE(vp);
} else
*vpp = vp;
} else if (error == ENOENT) {
error = EROFS;
}
return (error);
}
/*ARGSUSED*/
int
cttyopen(dev_t dev, int flag, int mode, struct proc *p)
{
struct vnode *ttyvp = cttyvp(p);
int error;
if (ttyvp == NULL)
return (ENXIO);
vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, p);
#ifdef PARANOID
/*
* Since group is tty and mode is 620 on most terminal lines
* and since sessions protect terminals from processes outside
* your session, this check is probably no longer necessary.
* Since it inhibits setuid root programs that later switch
* to another user from accessing /dev/tty, we have decided
* to delete this test. (mckusick 5/93)
*/
error = VOP_ACCESS(ttyvp,
(flag&FREAD ? VREAD : 0) | (flag&FWRITE ? VWRITE : 0), p->p_ucred, p);
if (!error)
#endif /* PARANOID */
error = VOP_OPEN(ttyvp, flag, NOCRED, p);
VOP_UNLOCK(ttyvp, 0, p);
return (error);
}
int
ibcs2_sys_eaccess(struct lwp *l, const struct ibcs2_sys_eaccess_args *uap, register_t *retval)
{
/* {
syscallarg(char *) path;
syscallarg(int) flags;
} */
struct vnode *vp;
int error, flags;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
SCARG(uap, path));
if ((error = namei(&nd)) != 0)
return error;
vp = nd.ni_vp;
/* Flags == 0 means only check for existence. */
if (SCARG(uap, flags)) {
flags = 0;
if (SCARG(uap, flags) & IBCS2_R_OK)
flags |= VREAD;
if (SCARG(uap, flags) & IBCS2_W_OK)
flags |= VWRITE;
if (SCARG(uap, flags) & IBCS2_X_OK)
flags |= VEXEC;
if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
error = VOP_ACCESS(vp, flags, l->l_cred);
}
vput(vp);
return error;
}
int
spec_access(void *v)
{
struct vop_access_args *ap = v;
struct vnode *vp = ap->a_vp;
if (!(vp->v_flag & VCLONE))
return (EBADF);
return (VOP_ACCESS(vp->v_specparent, ap->a_mode, ap->a_cred, ap->a_p));
}
static OSKIT_COMDECL filesystem_getroot(oskit_filesystem_t *f,
struct oskit_dir **out_dir)
{
struct gfilesystem *fs = (struct gfilesystem *) f;
oskit_dir_t *d;
struct proc *p;
oskit_error_t ferror;
struct vnode *vp;
int error;
if (!fs || !fs->count || !fs->mp)
return OSKIT_E_INVALIDARG;
ferror = getproc(&p);
if (ferror)
return ferror;
error = VFS_ROOT(fs->mp, &vp);
if (error)
{
prfree(p);
return errno_to_oskit_error(error);
}
error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p);
if (error)
{
vput(vp);
prfree(p);
return errno_to_oskit_error(error);
}
d = (oskit_dir_t *) hashtab_search(vptab, (hashtab_key_t) vp);
if (d)
{
oskit_dir_addref(d);
}
else
{
d = (oskit_dir_t *) gfile_create(fs,vp);
if (!d)
{
vput(vp);
prfree(p);
return OSKIT_ENOMEM;
}
}
vput(vp);
prfree(p);
*out_dir = d;
return 0;
}
STATIC int
linvfs_permission(
struct inode *inode,
int mode)
{
vnode_t *vp = LINVFS_GET_VP(inode);
int error;
mode <<= 6; /* convert from linux to vnode access bits */
VOP_ACCESS(vp, mode, NULL, error);
return -error;
}
int
RUMP_VOP_ACCESS(struct vnode *vp,
int mode,
struct kauth_cred *cred)
{
int error;
rump_schedule();
error = VOP_ACCESS(vp, mode, cred);
rump_unschedule();
return error;
}
/*ARGSUSED*/
int
socket_vop_access(struct vnode *vp, int mode, int flags, struct cred *cr,
caller_context_t *ct)
{
struct sonode *so = VTOSO(vp);
if (!SOCK_IS_NONSTR(so)) {
ASSERT(so->so_sockparams->sp_sdev_info.sd_vnode != NULL);
return (VOP_ACCESS(so->so_sockparams->sp_sdev_info.sd_vnode,
mode, flags, cr, NULL));
}
return (0);
}
/*
* Common code for vnode access operations.
*/
int
vn_access(struct vnode *vp, int mode)
{
struct proc *p = curproc;
int error;
if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p)))
return (error);
error = VOP_ACCESS(vp, mode, p->p_ucred, p);
VOP_UNLOCK(vp, 0, p);
return (error);
}
/*
* smb_vop_access
*
* This is a wrapper round VOP_ACCESS. VOP_ACCESS checks the given mode
* against file's ACL or Unix permissions. CIFS on the other hand needs to
* know if the requested operation can succeed for the given object, this
* requires more checks in case of DELETE bit since permissions on the parent
* directory are important as well. Based on Windows rules if parent's ACL
* grant FILE_DELETE_CHILD a file can be delete regardless of the file's
* permissions.
*/
int
smb_vop_access(vnode_t *vp, int mode, int flags, vnode_t *dir_vp, cred_t *cr)
{
int error = 0;
if (mode == 0)
return (0);
if ((flags == V_ACE_MASK) && (mode & ACE_DELETE)) {
if (dir_vp) {
error = VOP_ACCESS(dir_vp, ACE_DELETE_CHILD, flags,
cr, NULL);
if (error == 0)
mode &= ~ACE_DELETE;
}
}
if (mode) {
error = VOP_ACCESS(vp, mode, flags, cr, NULL);
}
return (error);
}
int
sc_access(thread_t *t, syscall_result_t *r, access_args_t *args)
{
int error = 0;
vnode_t *node;
proc_t *proc = t->thr_proc;
char fname[PATH_MAX];
if((error = copyinstr(fname, args->fname, PATH_MAX)))
return error;
if((error = vfs_lookup(proc->p_curdir, &node, fname, t, LKP_ACCESS_REAL_ID)))
return error;
int res = VOP_ACCESS(node, args->mode, proc->p_cred);
vrele(node);
return res;
}
/* ARGSUSED */
static int
nm_access(vnode_t *vp, int mode, int flags, cred_t *crp,
caller_context_t *ct)
{
struct namenode *nodep = VTONM(vp);
int error;
mutex_enter(&nodep->nm_lock);
error = nm_access_unlocked(nodep, mode, crp);
mutex_exit(&nodep->nm_lock);
if (error == 0)
return (VOP_ACCESS(nodep->nm_filevp, mode, flags, crp, ct));
else
return (error);
}
/* ARGSUSED */
static int
auto_access(
vnode_t *vp,
int mode,
int flags,
cred_t *cred,
caller_context_t *ct)
{
fnnode_t *fnp = vntofn(vp);
vnode_t *newvp;
int error;
AUTOFS_DPRINT((4, "auto_access: vp=%p\n", (void *)vp));
if (error = auto_trigger_mount(vp, cred, &newvp))
goto done;
if (newvp != NULL) {
/*
* Node is mounted on.
*/
error = VOP_ACCESS(newvp, mode, 0, cred, ct);
VN_RELE(newvp);
} else {
int shift = 0;
/*
* really interested in the autofs node, check the
* access on it
*/
ASSERT(error == 0);
if (crgetuid(cred) != fnp->fn_uid) {
shift += 3;
if (groupmember(fnp->fn_gid, cred) == 0)
shift += 3;
}
error = secpolicy_vnode_access2(cred, vp, fnp->fn_uid,
fnp->fn_mode << shift, mode);
}
done:
AUTOFS_DPRINT((5, "auto_access: error=%d\n", error));
return (error);
}
/*
* Perform chown operation on inode ip;
* inode must be locked prior to call.
*/
static int
ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
struct thread *td)
{
struct inode *ip = VTOI(vp);
uid_t ouid;
gid_t ogid;
int error = 0;
if (uid == (uid_t)VNOVAL)
uid = ip->i_uid;
if (gid == (gid_t)VNOVAL)
gid = ip->i_gid;
/*
* To modify the ownership of a file, must possess VADMIN
* for that file.
*/
if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
return (error);
/*
* To change the owner of a file, or change the group of a file
* to a group of which we are not a member, the caller must
* have privilege.
*/
if (uid != ip->i_uid || (gid != ip->i_gid &&
!groupmember(gid, cred))) {
error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
ogid = ip->i_gid;
ouid = ip->i_uid;
ip->i_gid = gid;
ip->i_uid = uid;
ip->i_flag |= IN_CHANGE;
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0)
ip->i_mode &= ~(ISUID | ISGID);
}
return (0);
}
static int zfsfuse_access(fuse_req_t req, fuse_ino_t ino, int mask)
{
vfs_t *vfs = (vfs_t *) fuse_req_userdata(req);
zfsvfs_t *zfsvfs = vfs->vfs_data;
ZFS_ENTER(zfsvfs);
znode_t *znode;
int error = zfs_zget(zfsvfs, ino, &znode, B_TRUE);
if(error) {
ZFS_EXIT(zfsvfs);
/* If the inode we are trying to get was recently deleted
dnode_hold_impl will return EEXIST instead of ENOENT */
return error == EEXIST ? ENOENT : error;
}
ASSERT(znode != NULL);
vnode_t *vp = ZTOV(znode);
ASSERT(vp != NULL);
cred_t cred;
zfsfuse_getcred(req, &cred);
int mode = 0;
if(mask & R_OK)
mode |= VREAD;
if(mask & W_OK)
mode |= VWRITE;
if(mask & X_OK)
mode |= VEXEC;
error = VOP_ACCESS(vp, mode, 0, &cred, NULL);
VN_RELE(vp);
ZFS_EXIT(zfsvfs);
return error;
}
static int
cd9660_mount(struct mount *mp, struct thread *td)
{
struct vnode *devvp;
char *fspec;
int error;
mode_t accessmode;
struct nameidata ndp;
struct iso_mnt *imp = 0;
/*
* Unconditionally mount as read-only.
*/
MNT_ILOCK(mp);
mp->mnt_flag |= MNT_RDONLY;
MNT_IUNLOCK(mp);
fspec = vfs_getopts(mp->mnt_optnew, "from", &error);
if (error)
return (error);
imp = VFSTOISOFS(mp);
if (mp->mnt_flag & MNT_UPDATE) {
if (vfs_flagopt(mp->mnt_optnew, "export", NULL, 0))
return (0);
}
/*
* Not an update, or updating the name: look up the name
* and verify that it refers to a sensible block device.
*/
NDINIT(&ndp, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, fspec, td);
if ((error = namei(&ndp)))
return (error);
NDFREE(&ndp, NDF_ONLY_PNBUF);
devvp = ndp.ni_vp;
if (!vn_isdisk(devvp, &error)) {
vput(devvp);
return (error);
}
/*
* Verify that user has necessary permissions on the device,
* or has superuser abilities
*/
accessmode = VREAD;
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
if (error)
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
if (error) {
vput(devvp);
return (error);
}
if ((mp->mnt_flag & MNT_UPDATE) == 0) {
error = iso_mountfs(devvp, mp, td);
if (error)
vrele(devvp);
} else {
if (devvp != imp->im_devvp)
error = EINVAL; /* needs translation */
vput(devvp);
}
if (error)
return (error);
vfs_mountedfrom(mp, fspec);
return (0);
}
/*
* Convert a component of a pathname into a pointer to a locked inode.
* This is a very central and rather complicated routine.
* If the file system is not maintained in a strict tree hierarchy,
* this can result in a deadlock situation (see comments in code below).
*
* The cnp->cn_nameiop argument is LOOKUP, CREATE, RENAME, or DELETE depending
* on whether the name is to be looked up, created, renamed, or deleted.
* When CREATE, RENAME, or DELETE is specified, information usable in
* creating, renaming, or deleting a directory entry may be calculated.
* If flag has LOCKPARENT or'ed into it and the target of the pathname
* exists, lookup returns both the target and its parent directory locked.
* When creating or renaming and LOCKPARENT is specified, the target may
* not be ".". When deleting and LOCKPARENT is specified, the target may
* be "."., but the caller must check to ensure it does an vrele and vput
* instead of two vputs.
*
* Overall outline of ufs_lookup:
*
* check accessibility of directory
* look for name in cache, if found, then if at end of path
* and deleting or creating, drop it, else return name
* search for name in directory, to found or notfound
* notfound:
* if creating, return locked directory, leaving info on available slots
* else return error
* found:
* if at end of path and deleting, return information to allow delete
* if at end of path and rewriting (RENAME and LOCKPARENT), lock target
* inode and return info to allow rewrite
* if not at end, add name to cache; if at end and neither creating
* nor deleting, add name to cache
*/
int
ufs_lookup(void *v)
{
struct vop_lookup_args *ap = v;
struct vnode *vdp; /* vnode for directory being searched */
struct inode *dp; /* inode for directory being searched */
struct buf *bp; /* a buffer of directory entries */
struct direct *ep; /* the current directory entry */
int entryoffsetinblock; /* offset of ep in bp's buffer */
enum {NONE, COMPACT, FOUND} slotstatus;
doff_t slotoffset; /* offset of area with free space */
int slotsize; /* size of area at slotoffset */
int slotfreespace; /* amount of space free in slot */
int slotneeded; /* size of the entry we're seeking */
int numdirpasses; /* strategy for directory search */
doff_t endsearch; /* offset to end directory search */
doff_t prevoff; /* prev entry dp->i_offset */
struct vnode *pdp; /* saved dp during symlink work */
struct vnode *tdp; /* returned by VFS_VGET */
doff_t enduseful; /* pointer past last used dir slot */
u_long bmask; /* block offset mask */
int lockparent; /* 1 => lockparent flag is set */
int wantparent; /* 1 => wantparent or lockparent flag */
int namlen, error;
struct vnode **vpp = ap->a_vpp;
struct componentname *cnp = ap->a_cnp;
struct ucred *cred = cnp->cn_cred;
int flags;
int nameiop = cnp->cn_nameiop;
struct proc *p = cnp->cn_proc;
cnp->cn_flags &= ~PDIRUNLOCK;
flags = cnp->cn_flags;
bp = NULL;
slotoffset = -1;
*vpp = NULL;
vdp = ap->a_dvp;
dp = VTOI(vdp);
lockparent = flags & LOCKPARENT;
wantparent = flags & (LOCKPARENT|WANTPARENT);
/*
* Check accessiblity of directory.
*/
if ((DIP(dp, mode) & IFMT) != IFDIR)
return (ENOTDIR);
if ((error = VOP_ACCESS(vdp, VEXEC, cred)) != 0)
return (error);
if ((flags & ISLASTCN) && (vdp->v_mount->mnt_flag & MNT_RDONLY) &&
(cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME))
return (EROFS);
/*
* We now have a segment name to search for, and a directory to search.
*
* Before tediously performing a linear scan of the directory,
* check the name cache to see if the directory/name pair
* we are looking for is known already.
*/
if ((error = cache_lookup(vdp, vpp, cnp)) >= 0)
return (error);
/*
* Suppress search for slots unless creating
* file and at end of pathname, in which case
* we watch for a place to put the new file in
* case it doesn't already exist.
*/
slotstatus = FOUND;
slotfreespace = slotsize = slotneeded = 0;
if ((nameiop == CREATE || nameiop == RENAME) &&
(flags & ISLASTCN)) {
slotstatus = NONE;
slotneeded = (sizeof(struct direct) - MAXNAMLEN +
cnp->cn_namelen + 3) &~ 3;
}
/*
* If there is cached information on a previous search of
* this directory, pick up where we last left off.
* We cache only lookups as these are the most common
* and have the greatest payoff. Caching CREATE has little
* benefit as it usually must search the entire directory
* to determine that the entry does not exist. Caching the
* location of the last DELETE or RENAME has not reduced
* profiling time and hence has been removed in the interest
* of simplicity.
*/
bmask = VFSTOUFS(vdp->v_mount)->um_mountp->mnt_stat.f_iosize - 1;
#ifdef UFS_DIRHASH
/*
* Use dirhash for fast operations on large directories. The logic
* to determine whether to hash the directory is contained within
* ufsdirhash_build(); a zero return means that it decided to hash
* this directory and it successfully built up the hash table.
*/
if (ufsdirhash_build(dp) == 0) {
/* Look for a free slot if needed. */
enduseful = DIP(dp, size);
if (slotstatus != FOUND) {
slotoffset = ufsdirhash_findfree(dp, slotneeded,
&slotsize);
if (slotoffset >= 0) {
slotstatus = COMPACT;
enduseful = ufsdirhash_enduseful(dp);
if (enduseful < 0)
enduseful = DIP(dp, size);
}
}
/* Look up the component. */
numdirpasses = 1;
entryoffsetinblock = 0; /* silence compiler warning */
switch (ufsdirhash_lookup(dp, cnp->cn_nameptr, cnp->cn_namelen,
&dp->i_offset, &bp, nameiop == DELETE ? &prevoff : NULL)) {
case 0:
ep = (struct direct *)((char *)bp->b_data +
(dp->i_offset & bmask));
goto foundentry;
case ENOENT:
#define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
dp->i_offset = roundup2(DIP(dp, size), DIRBLKSIZ);
goto notfound;
default:
/* Something failed; just do a linear search. */
break;
}
}
#endif /* UFS_DIRHASH */
if (nameiop != LOOKUP || dp->i_diroff == 0 ||
dp->i_diroff >= DIP(dp, size)) {
entryoffsetinblock = 0;
dp->i_offset = 0;
numdirpasses = 1;
} else {
dp->i_offset = dp->i_diroff;
if ((entryoffsetinblock = dp->i_offset & bmask) &&
(error = UFS_BUFATOFF(dp, (off_t)dp->i_offset, NULL, &bp)))
return (error);
numdirpasses = 2;
nchstats.ncs_2passes++;
}
prevoff = dp->i_offset;
endsearch = roundup(DIP(dp, size), DIRBLKSIZ);
enduseful = 0;
searchloop:
while (dp->i_offset < endsearch) {
/*
* If necessary, get the next directory block.
*/
if ((dp->i_offset & bmask) == 0) {
if (bp != NULL)
brelse(bp);
error = UFS_BUFATOFF(dp, (off_t)dp->i_offset, NULL,
&bp);
if (error)
return (error);
entryoffsetinblock = 0;
}
/*
* If still looking for a slot, and at a DIRBLKSIZE
* boundary, have to start looking for free space again.
*/
if (slotstatus == NONE &&
(entryoffsetinblock & (DIRBLKSIZ - 1)) == 0) {
slotoffset = -1;
slotfreespace = 0;
}
/*
* Get pointer to next entry.
* Full validation checks are slow, so we only check
* enough to insure forward progress through the
* directory. Complete checks can be run by patching
* "dirchk" to be true.
*/
ep = (struct direct *)((char *)bp->b_data + entryoffsetinblock);
if (ep->d_reclen == 0 ||
(dirchk && ufs_dirbadentry(vdp, ep, entryoffsetinblock))) {
int i;
ufs_dirbad(dp, dp->i_offset, "mangled entry");
i = DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1));
dp->i_offset += i;
entryoffsetinblock += i;
continue;
}
/*
* If an appropriate sized slot has not yet been found,
* check to see if one is available. Also accumulate space
* in the current block so that we can determine if
* compaction is viable.
*/
if (slotstatus != FOUND) {
int size = ep->d_reclen;
if (ep->d_ino != 0)
size -= DIRSIZ(FSFMT(vdp), ep);
if (size > 0) {
if (size >= slotneeded) {
slotstatus = FOUND;
slotoffset = dp->i_offset;
slotsize = ep->d_reclen;
} else if (slotstatus == NONE) {
slotfreespace += size;
if (slotoffset == -1)
slotoffset = dp->i_offset;
if (slotfreespace >= slotneeded) {
slotstatus = COMPACT;
slotsize = dp->i_offset +
ep->d_reclen - slotoffset;
}
}
}
}
/*
* Check for a name match.
*/
if (ep->d_ino) {
# if (BYTE_ORDER == LITTLE_ENDIAN)
if (vdp->v_mount->mnt_maxsymlinklen > 0)
namlen = ep->d_namlen;
else
namlen = ep->d_type;
# else
namlen = ep->d_namlen;
# endif
if (namlen == cnp->cn_namelen &&
!memcmp(cnp->cn_nameptr, ep->d_name, namlen)) {
#ifdef UFS_DIRHASH
foundentry:
#endif
/*
* Save directory entry's inode number and
* reclen in ndp->ni_ufs area, and release
* directory buffer.
*/
dp->i_ino = ep->d_ino;
dp->i_reclen = ep->d_reclen;
goto found;
}
}
prevoff = dp->i_offset;
dp->i_offset += ep->d_reclen;
entryoffsetinblock += ep->d_reclen;
if (ep->d_ino)
enduseful = dp->i_offset;
}
#ifdef UFS_DIRHASH
notfound:
#endif
/*
* If we started in the middle of the directory and failed
* to find our target, we must check the beginning as well.
*/
if (numdirpasses == 2) {
numdirpasses--;
dp->i_offset = 0;
endsearch = dp->i_diroff;
goto searchloop;
}
if (bp != NULL)
brelse(bp);
/*
* If creating, and at end of pathname and current
* directory has not been removed, then can consider
* allowing file to be created.
*/
if ((nameiop == CREATE || nameiop == RENAME) &&
(flags & ISLASTCN) && dp->i_effnlink != 0) {
/*
* Access for write is interpreted as allowing
* creation of files in the directory.
*/
error = VOP_ACCESS(vdp, VWRITE, cred);
if (error)
return (error);
/*
* Return an indication of where the new directory
* entry should be put. If we didn't find a slot,
* then set dp->i_count to 0 indicating
* that the new slot belongs at the end of the
* directory. If we found a slot, then the new entry
* can be put in the range from dp->i_offset to
* dp->i_offset + dp->i_count.
*/
if (slotstatus == NONE) {
dp->i_offset = roundup(DIP(dp, size), DIRBLKSIZ);
dp->i_count = 0;
enduseful = dp->i_offset;
} else if (nameiop == DELETE) {
dp->i_offset = slotoffset;
if ((dp->i_offset & (DIRBLKSIZ - 1)) == 0)
dp->i_count = 0;
else
dp->i_count = dp->i_offset - prevoff;
} else {
dp->i_offset = slotoffset;
dp->i_count = slotsize;
if (enduseful < slotoffset + slotsize)
enduseful = slotoffset + slotsize;
}
dp->i_endoff = roundup(enduseful, DIRBLKSIZ);
/*
* We return with the directory locked, so that
* the parameters we set up above will still be
* valid if we actually decide to do a direnter().
* We return ni_vp == NULL to indicate that the entry
* does not currently exist; we leave a pointer to
* the (locked) directory inode in ndp->ni_dvp.
* The pathname buffer is saved so that the name
* can be obtained later.
*
* NB - if the directory is unlocked, then this
* information cannot be used.
*/
cnp->cn_flags |= SAVENAME;
if (!lockparent) {
VOP_UNLOCK(vdp, 0);
cnp->cn_flags |= PDIRUNLOCK;
}
return (EJUSTRETURN);
}
/*
* Insert name into cache (as non-existent) if appropriate.
*/
if ((cnp->cn_flags & MAKEENTRY) && nameiop != CREATE)
cache_enter(vdp, *vpp, cnp);
return (ENOENT);
found:
if (numdirpasses == 2)
nchstats.ncs_pass2++;
/*
* Check that directory length properly reflects presence
* of this entry.
*/
if (dp->i_offset + DIRSIZ(FSFMT(vdp), ep) > DIP(dp, size)) {
ufs_dirbad(dp, dp->i_offset, "i_ffs_size too small");
DIP_ASSIGN(dp, size, dp->i_offset + DIRSIZ(FSFMT(vdp), ep));
dp->i_flag |= IN_CHANGE | IN_UPDATE;
UFS_WAPBL_UPDATE(dp, MNT_WAIT);
}
brelse(bp);
/*
* Found component in pathname.
* If the final component of path name, save information
* in the cache as to where the entry was found.
*/
if ((flags & ISLASTCN) && nameiop == LOOKUP)
dp->i_diroff = dp->i_offset &~ (DIRBLKSIZ - 1);
/*
* If deleting, and at end of pathname, return
* parameters which can be used to remove file.
* If the wantparent flag isn't set, we return only
* the directory (in ndp->ni_dvp), otherwise we go
* on and lock the inode, being careful with ".".
*/
if (nameiop == DELETE && (flags & ISLASTCN)) {
/*
* Write access to directory required to delete files.
*/
error = VOP_ACCESS(vdp, VWRITE, cred);
if (error)
return (error);
/*
* Return pointer to current entry in dp->i_offset,
* and distance past previous entry (if there
* is a previous entry in this block) in dp->i_count.
* Save directory inode pointer in ndp->ni_dvp for dirremove().
*/
if ((dp->i_offset & (DIRBLKSIZ - 1)) == 0)
dp->i_count = 0;
else
dp->i_count = dp->i_offset - prevoff;
if (dp->i_number == dp->i_ino) {
vref(vdp);
*vpp = vdp;
return (0);
}
error = VFS_VGET(vdp->v_mount, dp->i_ino, &tdp);
if (error)
return (error);
/*
* If directory is "sticky", then user must own
* the directory, or the file in it, else she
* may not delete it (unless she's root). This
* implements append-only directories.
*/
if ((DIP(dp, mode) & ISVTX) &&
cred->cr_uid != 0 &&
cred->cr_uid != DIP(dp, uid) &&
DIP(VTOI(tdp), uid) != cred->cr_uid) {
vput(tdp);
return (EPERM);
}
*vpp = tdp;
if (!lockparent) {
VOP_UNLOCK(vdp, 0);
cnp->cn_flags |= PDIRUNLOCK;
}
return (0);
}
/*
* If rewriting (RENAME), return the inode and the
* information required to rewrite the present directory
* Must get inode of directory entry to verify it's a
* regular file, or empty directory.
*/
if (nameiop == RENAME && wantparent &&
(flags & ISLASTCN)) {
error = VOP_ACCESS(vdp, VWRITE, cred);
if (error)
return (error);
/*
* Careful about locking second inode.
* This can only occur if the target is ".".
*/
if (dp->i_number == dp->i_ino)
return (EISDIR);
error = VFS_VGET(vdp->v_mount, dp->i_ino, &tdp);
if (error)
return (error);
*vpp = tdp;
cnp->cn_flags |= SAVENAME;
if (!lockparent) {
VOP_UNLOCK(vdp, 0);
cnp->cn_flags |= PDIRUNLOCK;
}
return (0);
}
/*
* Step through the translation in the name. We do not `vput' the
* directory because we may need it again if a symbolic link
* is relative to the current directory. Instead we save it
* unlocked as "pdp". We must get the target inode before unlocking
* the directory to insure that the inode will not be removed
* before we get it. We prevent deadlock by always fetching
* inodes from the root, moving down the directory tree. Thus
* when following backward pointers ".." we must unlock the
* parent directory before getting the requested directory.
* There is a potential race condition here if both the current
* and parent directories are removed before the VFS_VGET for the
* inode associated with ".." returns. We hope that this occurs
* infrequently since we cannot avoid this race condition without
* implementing a sophisticated deadlock detection algorithm.
* Note also that this simple deadlock detection scheme will not
* work if the file system has any hard links other than ".."
* that point backwards in the directory structure.
*/
pdp = vdp;
if (flags & ISDOTDOT) {
VOP_UNLOCK(pdp, 0); /* race to get the inode */
cnp->cn_flags |= PDIRUNLOCK;
error = VFS_VGET(vdp->v_mount, dp->i_ino, &tdp);
if (error) {
if (vn_lock(pdp, LK_EXCLUSIVE | LK_RETRY, p) == 0)
cnp->cn_flags &= ~PDIRUNLOCK;
return (error);
}
if (lockparent && (flags & ISLASTCN)) {
if ((error = vn_lock(pdp, LK_EXCLUSIVE, p))) {
vput(tdp);
return (error);
}
cnp->cn_flags &= ~PDIRUNLOCK;
}
*vpp = tdp;
} else if (dp->i_number == dp->i_ino) {
vref(vdp); /* we want ourself, ie "." */
*vpp = vdp;
} else {
error = VFS_VGET(vdp->v_mount, dp->i_ino, &tdp);
if (error)
return (error);
if (!lockparent || !(flags & ISLASTCN)) {
VOP_UNLOCK(pdp, 0);
cnp->cn_flags |= PDIRUNLOCK;
}
*vpp = tdp;
}
/*
* Insert name into cache if appropriate.
*/
if (cnp->cn_flags & MAKEENTRY)
cache_enter(vdp, *vpp, cnp);
return (0);
}
/*
* Rename system call.
* rename("foo", "bar");
* is essentially
* unlink("bar");
* link("foo", "bar");
* unlink("foo");
* but ``atomically''. Can't do full commit without saving state in the
* inode on disk which isn't feasible at this time. Best we can do is
* always guarantee the target exists.
*
* Basic algorithm is:
*
* 1) Bump link count on source while we're linking it to the
* target. This also ensure the inode won't be deleted out
* from underneath us while we work (it may be truncated by
* a concurrent `trunc' or `open' for creation).
* 2) Link source to destination. If destination already exists,
* delete it first.
* 3) Unlink source reference to inode if still around. If a
* directory was moved and the parent of the destination
* is different from the source, patch the ".." entry in the
* directory.
*/
static int
ext2_rename(struct vop_rename_args *ap)
{
struct vnode *tvp = ap->a_tvp;
struct vnode *tdvp = ap->a_tdvp;
struct vnode *fvp = ap->a_fvp;
struct vnode *fdvp = ap->a_fdvp;
struct componentname *tcnp = ap->a_tcnp;
struct componentname *fcnp = ap->a_fcnp;
struct inode *ip, *xp, *dp;
struct dirtemplate dirbuf;
int doingdirectory = 0, oldparent = 0, newparent = 0;
int error = 0;
u_char namlen;
#ifdef DIAGNOSTIC
if ((tcnp->cn_flags & HASBUF) == 0 ||
(fcnp->cn_flags & HASBUF) == 0)
panic("ext2_rename: no name");
#endif
/*
* Check for cross-device rename.
*/
if ((fvp->v_mount != tdvp->v_mount) ||
(tvp && (fvp->v_mount != tvp->v_mount))) {
error = EXDEV;
abortit:
if (tdvp == tvp)
vrele(tdvp);
else
vput(tdvp);
if (tvp)
vput(tvp);
vrele(fdvp);
vrele(fvp);
return (error);
}
if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
(VTOI(tdvp)->i_flags & APPEND))) {
error = EPERM;
goto abortit;
}
/*
* Renaming a file to itself has no effect. The upper layers should
* not call us in that case. Temporarily just warn if they do.
*/
if (fvp == tvp) {
printf("ext2_rename: fvp == tvp (can't happen)\n");
error = 0;
goto abortit;
}
if ((error = vn_lock(fvp, LK_EXCLUSIVE)) != 0)
goto abortit;
dp = VTOI(fdvp);
ip = VTOI(fvp);
if (ip->i_nlink >= EXT2_LINK_MAX) {
VOP_UNLOCK(fvp, 0);
error = EMLINK;
goto abortit;
}
if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
|| (dp->i_flags & APPEND)) {
VOP_UNLOCK(fvp, 0);
error = EPERM;
goto abortit;
}
if ((ip->i_mode & IFMT) == IFDIR) {
/*
* Avoid ".", "..", and aliases of "." for obvious reasons.
*/
if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
dp == ip || (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT ||
(ip->i_flag & IN_RENAME)) {
VOP_UNLOCK(fvp, 0);
error = EINVAL;
goto abortit;
}
ip->i_flag |= IN_RENAME;
oldparent = dp->i_number;
doingdirectory++;
}
vrele(fdvp);
/*
* When the target exists, both the directory
* and target vnodes are returned locked.
*/
dp = VTOI(tdvp);
xp = NULL;
if (tvp)
xp = VTOI(tvp);
/*
* 1) Bump link count while we're moving stuff
* around. If we crash somewhere before
* completing our work, the link count
* may be wrong, but correctable.
*/
ip->i_nlink++;
ip->i_flag |= IN_CHANGE;
if ((error = ext2_update(fvp, !DOINGASYNC(fvp))) != 0) {
VOP_UNLOCK(fvp, 0);
goto bad;
}
/*
* If ".." must be changed (ie the directory gets a new
* parent) then the source directory must not be in the
* directory hierarchy above the target, as this would
* orphan everything below the source directory. Also
* the user must have write permission in the source so
* as to be able to change "..". We must repeat the call
* to namei, as the parent directory is unlocked by the
* call to checkpath().
*/
error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
VOP_UNLOCK(fvp, 0);
if (oldparent != dp->i_number)
newparent = dp->i_number;
if (doingdirectory && newparent) {
if (error) /* write access check above */
goto bad;
if (xp != NULL)
vput(tvp);
error = ext2_checkpath(ip, dp, tcnp->cn_cred);
if (error)
goto out;
VREF(tdvp);
error = relookup(tdvp, &tvp, tcnp);
if (error)
goto out;
vrele(tdvp);
dp = VTOI(tdvp);
xp = NULL;
if (tvp)
xp = VTOI(tvp);
}
/*
* 2) If target doesn't exist, link the target
* to the source and unlink the source.
* Otherwise, rewrite the target directory
* entry to reference the source inode and
* expunge the original entry's existence.
*/
if (xp == NULL) {
if (dp->i_devvp != ip->i_devvp)
panic("ext2_rename: EXDEV");
/*
* Account for ".." in new directory.
* When source and destination have the same
* parent we don't fool with the link count.
*/
if (doingdirectory && newparent) {
if ((nlink_t)dp->i_nlink >= EXT2_LINK_MAX) {
error = EMLINK;
goto bad;
}
dp->i_nlink++;
dp->i_flag |= IN_CHANGE;
error = ext2_update(tdvp, !DOINGASYNC(tdvp));
if (error)
goto bad;
}
error = ext2_direnter(ip, tdvp, tcnp);
if (error) {
if (doingdirectory && newparent) {
dp->i_nlink--;
dp->i_flag |= IN_CHANGE;
(void)ext2_update(tdvp, 1);
}
goto bad;
}
vput(tdvp);
} else {
if (xp->i_devvp != dp->i_devvp || xp->i_devvp != ip->i_devvp)
panic("ext2_rename: EXDEV");
/*
* Short circuit rename(foo, foo).
*/
if (xp->i_number == ip->i_number)
panic("ext2_rename: same file");
/*
* If the parent directory is "sticky", then the user must
* own the parent directory, or the destination of the rename,
* otherwise the destination may not be changed (except by
* root). This implements append-only directories.
*/
if ((dp->i_mode & S_ISTXT) && tcnp->cn_cred->cr_uid != 0 &&
tcnp->cn_cred->cr_uid != dp->i_uid &&
xp->i_uid != tcnp->cn_cred->cr_uid) {
error = EPERM;
goto bad;
}
/*
* Target must be empty if a directory and have no links
* to it. Also, ensure source and target are compatible
* (both directories, or both not directories).
*/
if ((xp->i_mode&IFMT) == IFDIR) {
if (! ext2_dirempty(xp, dp->i_number, tcnp->cn_cred) ||
xp->i_nlink > 2) {
error = ENOTEMPTY;
goto bad;
}
if (!doingdirectory) {
error = ENOTDIR;
goto bad;
}
cache_purge(tdvp);
} else if (doingdirectory) {
error = EISDIR;
goto bad;
}
error = ext2_dirrewrite(dp, ip, tcnp);
if (error)
goto bad;
/*
* If the target directory is in the same
* directory as the source directory,
* decrement the link count on the parent
* of the target directory.
*/
if (doingdirectory && !newparent) {
dp->i_nlink--;
dp->i_flag |= IN_CHANGE;
}
vput(tdvp);
/*
* Adjust the link count of the target to
* reflect the dirrewrite above. If this is
* a directory it is empty and there are
* no links to it, so we can squash the inode and
* any space associated with it. We disallowed
* renaming over top of a directory with links to
* it above, as the remaining link would point to
* a directory without "." or ".." entries.
*/
xp->i_nlink--;
if (doingdirectory) {
if (--xp->i_nlink != 0)
panic("ext2_rename: linked directory");
error = ext2_truncate(tvp, (off_t)0, IO_SYNC,
tcnp->cn_cred, tcnp->cn_thread);
}
xp->i_flag |= IN_CHANGE;
vput(tvp);
xp = NULL;
}
/*
* 3) Unlink the source.
*/
fcnp->cn_flags &= ~MODMASK;
fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
VREF(fdvp);
error = relookup(fdvp, &fvp, fcnp);
if (error == 0)
vrele(fdvp);
if (fvp != NULL) {
xp = VTOI(fvp);
dp = VTOI(fdvp);
} else {
/*
* From name has disappeared.
*/
if (doingdirectory)
panic("ext2_rename: lost dir entry");
vrele(ap->a_fvp);
return (0);
}
/*
* Ensure that the directory entry still exists and has not
* changed while the new name has been entered. If the source is
* a file then the entry may have been unlinked or renamed. In
* either case there is no further work to be done. If the source
* is a directory then it cannot have been rmdir'ed; its link
* count of three would cause a rmdir to fail with ENOTEMPTY.
* The IN_RENAME flag ensures that it cannot be moved by another
* rename.
*/
if (xp != ip) {
if (doingdirectory)
panic("ext2_rename: lost dir entry");
} else {
/*
* If the source is a directory with a
* new parent, the link count of the old
* parent directory must be decremented
* and ".." set to point to the new parent.
*/
if (doingdirectory && newparent) {
dp->i_nlink--;
dp->i_flag |= IN_CHANGE;
error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf,
sizeof(struct dirtemplate), (off_t)0,
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
tcnp->cn_cred, NOCRED, NULL, NULL);
if (error == 0) {
/* Like ufs little-endian: */
namlen = dirbuf.dotdot_type;
if (namlen != 2 ||
dirbuf.dotdot_name[0] != '.' ||
dirbuf.dotdot_name[1] != '.') {
ext2_dirbad(xp, (doff_t)12,
"rename: mangled dir");
} else {
dirbuf.dotdot_ino = newparent;
(void) vn_rdwr(UIO_WRITE, fvp,
(caddr_t)&dirbuf,
sizeof(struct dirtemplate),
(off_t)0, UIO_SYSSPACE,
IO_NODELOCKED | IO_SYNC |
IO_NOMACCHECK, tcnp->cn_cred,
NOCRED, NULL, NULL);
cache_purge(fdvp);
}
}
}
error = ext2_dirremove(fdvp, fcnp);
if (!error) {
xp->i_nlink--;
xp->i_flag |= IN_CHANGE;
}
xp->i_flag &= ~IN_RENAME;
}
if (dp)
vput(fdvp);
if (xp)
vput(fvp);
vrele(ap->a_fvp);
return (error);
bad:
if (xp)
vput(ITOV(xp));
vput(ITOV(dp));
out:
if (doingdirectory)
ip->i_flag &= ~IN_RENAME;
if (vn_lock(fvp, LK_EXCLUSIVE) == 0) {
ip->i_nlink--;
ip->i_flag |= IN_CHANGE;
ip->i_flag &= ~IN_RENAME;
vput(fvp);
} else
vrele(fvp);
return (error);
}
