mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-29 12:44:53 +01:00
64a1fca498
Removed some unnecessary #includes.
579 lines
14 KiB
C
579 lines
14 KiB
C
/*
|
|
* Copyright (c) 1994 The Regents of the University of California.
|
|
* Copyright (c) 1994 Jan-Simon Pendry.
|
|
* All rights reserved.
|
|
*
|
|
* This code is derived from software donated to Berkeley by
|
|
* Jan-Simon Pendry.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)union_vfsops.c 8.7 (Berkeley) 3/5/94
|
|
* $Id: union_vfsops.c,v 1.10 1995/05/30 08:07:26 rgrimes Exp $
|
|
*/
|
|
|
|
/*
|
|
* Union Layer
|
|
*/
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/time.h>
|
|
#include <sys/types.h>
|
|
#include <sys/proc.h>
|
|
#include <sys/vnode.h>
|
|
#include <sys/mount.h>
|
|
#include <sys/namei.h>
|
|
#include <sys/malloc.h>
|
|
#include <sys/filedesc.h>
|
|
#include <sys/queue.h>
|
|
#include <miscfs/union/union.h>
|
|
|
|
extern int union_init __P((void));
|
|
|
|
extern int union_fhtovp __P((struct mount *mp, struct fid *fidp,
|
|
struct mbuf *nam, struct vnode **vpp,
|
|
int *exflagsp, struct ucred **credanonp));
|
|
extern int union_mount __P((struct mount *mp, char *path, caddr_t data,
|
|
struct nameidata *ndp, struct proc *p));
|
|
extern int union_quotactl __P((struct mount *mp, int cmd, uid_t uid,
|
|
caddr_t arg, struct proc *p));
|
|
extern int union_root __P((struct mount *mp, struct vnode **vpp));
|
|
extern int union_start __P((struct mount *mp, int flags, struct proc *p));
|
|
extern int union_statfs __P((struct mount *mp, struct statfs *sbp,
|
|
struct proc *p));
|
|
extern int union_sync __P((struct mount *mp, int waitfor,
|
|
struct ucred *cred, struct proc *p));
|
|
extern int union_unmount __P((struct mount *mp, int mntflags,
|
|
struct proc *p));
|
|
extern int union_vget __P((struct mount *mp, ino_t ino,
|
|
struct vnode **vpp));
|
|
extern int union_vptofh __P((struct vnode *vp, struct fid *fhp));
|
|
|
|
/*
|
|
* Mount union filesystem
|
|
*/
|
|
int
|
|
union_mount(mp, path, data, ndp, p)
|
|
struct mount *mp;
|
|
char *path;
|
|
caddr_t data;
|
|
struct nameidata *ndp;
|
|
struct proc *p;
|
|
{
|
|
int error = 0;
|
|
struct union_args args;
|
|
struct vnode *lowerrootvp = NULLVP;
|
|
struct vnode *upperrootvp = NULLVP;
|
|
struct union_mount *um;
|
|
struct ucred *cred = 0;
|
|
struct ucred *scred;
|
|
struct vattr va;
|
|
char *cp = 0;
|
|
int len;
|
|
u_int size;
|
|
|
|
#ifdef UNION_DIAGNOSTIC
|
|
printf("union_mount(mp = %x)\n", mp);
|
|
#endif
|
|
|
|
/*
|
|
* Update is a no-op
|
|
*/
|
|
if (mp->mnt_flag & MNT_UPDATE) {
|
|
/*
|
|
* Need to provide.
|
|
* 1. a way to convert between rdonly and rdwr mounts.
|
|
* 2. support for nfs exports.
|
|
*/
|
|
error = EOPNOTSUPP;
|
|
goto bad;
|
|
}
|
|
|
|
/*
|
|
* Take a copy of the process's credentials. This isn't
|
|
* quite right since the euid will always be zero and we
|
|
* want to get the "real" users credentials. So fix up
|
|
* the uid field after taking the copy.
|
|
*/
|
|
cred = crdup(p->p_ucred);
|
|
cred->cr_uid = p->p_cred->p_ruid;
|
|
|
|
/*
|
|
* Ensure the *real* user has write permission on the
|
|
* mounted-on directory. This allows the mount_union
|
|
* command to be made setuid root so allowing anyone
|
|
* to do union mounts onto any directory on which they
|
|
* have write permission and which they also own.
|
|
*/
|
|
error = VOP_GETATTR(mp->mnt_vnodecovered, &va, cred, p);
|
|
if (error)
|
|
goto bad;
|
|
if ((va.va_uid != cred->cr_uid) &&
|
|
(cred->cr_uid != 0)) {
|
|
error = EACCES;
|
|
goto bad;
|
|
}
|
|
error = VOP_ACCESS(mp->mnt_vnodecovered, VWRITE, cred, p);
|
|
if (error)
|
|
goto bad;
|
|
|
|
/*
|
|
* Get argument
|
|
*/
|
|
error = copyin(data, (caddr_t)&args, sizeof(struct union_args));
|
|
if (error)
|
|
goto bad;
|
|
|
|
lowerrootvp = mp->mnt_vnodecovered;
|
|
VREF(lowerrootvp);
|
|
|
|
/*
|
|
* Find upper node. Use the real process credentials,
|
|
* not the effective ones since this will have come
|
|
* through a setuid process (mount_union). All this
|
|
* messing around with permissions is entirely bogus
|
|
* and should be removed by allowing any user straight
|
|
* past the mount system call.
|
|
*/
|
|
scred = p->p_ucred;
|
|
p->p_ucred = cred;
|
|
NDINIT(ndp, LOOKUP, FOLLOW|WANTPARENT,
|
|
UIO_USERSPACE, args.target, p);
|
|
p->p_ucred = scred;
|
|
|
|
error = namei(ndp);
|
|
if (error)
|
|
goto bad;
|
|
|
|
upperrootvp = ndp->ni_vp;
|
|
vrele(ndp->ni_dvp);
|
|
ndp->ni_dvp = NULL;
|
|
|
|
if (upperrootvp->v_type != VDIR) {
|
|
error = EINVAL;
|
|
goto bad;
|
|
}
|
|
|
|
um = (struct union_mount *) malloc(sizeof(struct union_mount),
|
|
M_UFSMNT, M_WAITOK); /* XXX */
|
|
|
|
/*
|
|
* Keep a held reference to the target vnodes.
|
|
* They are vrele'd in union_unmount.
|
|
*
|
|
* Depending on the _BELOW flag, the filesystems are
|
|
* viewed in a different order. In effect, this is the
|
|
* same as providing a mount under option to the mount syscall.
|
|
*/
|
|
|
|
um->um_op = args.mntflags & UNMNT_OPMASK;
|
|
switch (um->um_op) {
|
|
case UNMNT_ABOVE:
|
|
um->um_lowervp = lowerrootvp;
|
|
um->um_uppervp = upperrootvp;
|
|
break;
|
|
|
|
case UNMNT_BELOW:
|
|
um->um_lowervp = upperrootvp;
|
|
um->um_uppervp = lowerrootvp;
|
|
break;
|
|
|
|
case UNMNT_REPLACE:
|
|
vrele(lowerrootvp);
|
|
lowerrootvp = NULLVP;
|
|
um->um_uppervp = upperrootvp;
|
|
um->um_lowervp = lowerrootvp;
|
|
break;
|
|
|
|
default:
|
|
error = EINVAL;
|
|
goto bad;
|
|
}
|
|
|
|
um->um_cred = cred;
|
|
um->um_cmode = UN_DIRMODE &~ p->p_fd->fd_cmask;
|
|
|
|
/*
|
|
* Depending on what you think the MNT_LOCAL flag might mean,
|
|
* you may want the && to be || on the conditional below.
|
|
* At the moment it has been defined that the filesystem is
|
|
* only local if it is all local, ie the MNT_LOCAL flag implies
|
|
* that the entire namespace is local. If you think the MNT_LOCAL
|
|
* flag implies that some of the files might be stored locally
|
|
* then you will want to change the conditional.
|
|
*/
|
|
if (um->um_op == UNMNT_ABOVE) {
|
|
if (((um->um_lowervp == NULLVP) ||
|
|
(um->um_lowervp->v_mount->mnt_flag & MNT_LOCAL)) &&
|
|
(um->um_uppervp->v_mount->mnt_flag & MNT_LOCAL))
|
|
mp->mnt_flag |= MNT_LOCAL;
|
|
}
|
|
|
|
/*
|
|
* Copy in the upper layer's RDONLY flag. This is for the benefit
|
|
* of lookup() which explicitly checks the flag, rather than asking
|
|
* the filesystem for it's own opinion. This means, that an update
|
|
* mount of the underlying filesystem to go from rdonly to rdwr
|
|
* will leave the unioned view as read-only.
|
|
*/
|
|
mp->mnt_flag |= (um->um_uppervp->v_mount->mnt_flag & MNT_RDONLY);
|
|
|
|
/*
|
|
* This is a user mount. Privilege check for unmount
|
|
* will be done in union_unmount.
|
|
*/
|
|
mp->mnt_flag |= MNT_USER;
|
|
|
|
mp->mnt_data = (qaddr_t) um;
|
|
getnewfsid(mp, MOUNT_UNION);
|
|
|
|
(void) copyinstr(path, mp->mnt_stat.f_mntonname, MNAMELEN - 1, &size);
|
|
bzero(mp->mnt_stat.f_mntonname + size, MNAMELEN - size);
|
|
|
|
switch (um->um_op) {
|
|
case UNMNT_ABOVE:
|
|
cp = "<above>";
|
|
break;
|
|
case UNMNT_BELOW:
|
|
cp = "<below>";
|
|
break;
|
|
case UNMNT_REPLACE:
|
|
cp = "";
|
|
break;
|
|
}
|
|
len = strlen(cp);
|
|
bcopy(cp, mp->mnt_stat.f_mntfromname, len);
|
|
|
|
cp = mp->mnt_stat.f_mntfromname + len;
|
|
len = MNAMELEN - len;
|
|
|
|
(void) copyinstr(args.target, cp, len - 1, &size);
|
|
bzero(cp + size, len - size);
|
|
|
|
(void)union_statfs(mp, &mp->mnt_stat, p);
|
|
|
|
#ifdef UNION_DIAGNOSTIC
|
|
printf("union_mount: from %s, on %s\n",
|
|
mp->mnt_stat.f_mntfromname, mp->mnt_stat.f_mntonname);
|
|
#endif
|
|
return (0);
|
|
|
|
bad:
|
|
if (cred)
|
|
crfree(cred);
|
|
if (upperrootvp)
|
|
vrele(upperrootvp);
|
|
if (lowerrootvp)
|
|
vrele(lowerrootvp);
|
|
return (error);
|
|
}
|
|
|
|
/*
|
|
* VFS start. Nothing needed here - the start routine
|
|
* on the underlying filesystem(s) will have been called
|
|
* when that filesystem was mounted.
|
|
*/
|
|
int
|
|
union_start(mp, flags, p)
|
|
struct mount *mp;
|
|
int flags;
|
|
struct proc *p;
|
|
{
|
|
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Free reference to union layer
|
|
*/
|
|
int
|
|
union_unmount(mp, mntflags, p)
|
|
struct mount *mp;
|
|
int mntflags;
|
|
struct proc *p;
|
|
{
|
|
struct union_mount *um = MOUNTTOUNIONMOUNT(mp);
|
|
struct vnode *um_rootvp;
|
|
int error;
|
|
int flags = 0;
|
|
|
|
#ifdef UNION_DIAGNOSTIC
|
|
printf("union_unmount(mp = %x)\n", mp);
|
|
#endif
|
|
|
|
/* only the mounter, or superuser can unmount */
|
|
if ((p->p_cred->p_ruid != um->um_cred->cr_uid) &&
|
|
(error = suser(p->p_ucred, &p->p_acflag)))
|
|
return (error);
|
|
|
|
if (mntflags & MNT_FORCE) {
|
|
/* union can never be rootfs so don't check for it */
|
|
if (!doforce)
|
|
return (EINVAL);
|
|
flags |= FORCECLOSE;
|
|
}
|
|
|
|
error = union_root(mp, &um_rootvp);
|
|
if (error)
|
|
return (error);
|
|
if (um_rootvp->v_usecount > 1) {
|
|
vput(um_rootvp);
|
|
return (EBUSY);
|
|
}
|
|
error = vflush(mp, um_rootvp, flags);
|
|
if (error) {
|
|
vput(um_rootvp);
|
|
return (error);
|
|
}
|
|
|
|
#ifdef UNION_DIAGNOSTIC
|
|
vprint("alias root of lower", um_rootvp);
|
|
#endif
|
|
/*
|
|
* Discard references to upper and lower target vnodes.
|
|
*/
|
|
if (um->um_lowervp)
|
|
vrele(um->um_lowervp);
|
|
vrele(um->um_uppervp);
|
|
crfree(um->um_cred);
|
|
/*
|
|
* Release reference on underlying root vnode
|
|
*/
|
|
vput(um_rootvp);
|
|
/*
|
|
* And blow it away for future re-use
|
|
*/
|
|
vgone(um_rootvp);
|
|
/*
|
|
* Finally, throw away the union_mount structure
|
|
*/
|
|
free(mp->mnt_data, M_UFSMNT); /* XXX */
|
|
mp->mnt_data = 0;
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
union_root(mp, vpp)
|
|
struct mount *mp;
|
|
struct vnode **vpp;
|
|
{
|
|
struct union_mount *um = MOUNTTOUNIONMOUNT(mp);
|
|
int error;
|
|
int loselock;
|
|
|
|
#ifdef UNION_DIAGNOSTIC
|
|
printf("union_root(mp = %x, lvp = %x, uvp = %x)\n", mp,
|
|
um->um_lowervp,
|
|
um->um_uppervp);
|
|
#endif
|
|
|
|
/*
|
|
* Return locked reference to root.
|
|
*/
|
|
VREF(um->um_uppervp);
|
|
if ((um->um_op == UNMNT_BELOW) &&
|
|
VOP_ISLOCKED(um->um_uppervp)) {
|
|
loselock = 1;
|
|
} else {
|
|
VOP_LOCK(um->um_uppervp);
|
|
loselock = 0;
|
|
}
|
|
if (um->um_lowervp)
|
|
VREF(um->um_lowervp);
|
|
error = union_allocvp(vpp, mp,
|
|
(struct vnode *) 0,
|
|
(struct vnode *) 0,
|
|
(struct componentname *) 0,
|
|
um->um_uppervp,
|
|
um->um_lowervp);
|
|
|
|
if (error) {
|
|
if (!loselock)
|
|
VOP_UNLOCK(um->um_uppervp);
|
|
vrele(um->um_uppervp);
|
|
if (um->um_lowervp)
|
|
vrele(um->um_lowervp);
|
|
} else {
|
|
(*vpp)->v_flag |= VROOT;
|
|
if (loselock)
|
|
VTOUNION(*vpp)->un_flags &= ~UN_ULOCK;
|
|
}
|
|
|
|
return (error);
|
|
}
|
|
|
|
int
|
|
union_quotactl(mp, cmd, uid, arg, p)
|
|
struct mount *mp;
|
|
int cmd;
|
|
uid_t uid;
|
|
caddr_t arg;
|
|
struct proc *p;
|
|
{
|
|
|
|
return (EOPNOTSUPP);
|
|
}
|
|
|
|
int
|
|
union_statfs(mp, sbp, p)
|
|
struct mount *mp;
|
|
struct statfs *sbp;
|
|
struct proc *p;
|
|
{
|
|
int error;
|
|
struct union_mount *um = MOUNTTOUNIONMOUNT(mp);
|
|
struct statfs mstat;
|
|
int lbsize;
|
|
|
|
#ifdef UNION_DIAGNOSTIC
|
|
printf("union_statfs(mp = %x, lvp = %x, uvp = %x)\n", mp,
|
|
um->um_lowervp,
|
|
um->um_uppervp);
|
|
#endif
|
|
|
|
bzero(&mstat, sizeof(mstat));
|
|
|
|
if (um->um_lowervp) {
|
|
error = VFS_STATFS(um->um_lowervp->v_mount, &mstat, p);
|
|
if (error)
|
|
return (error);
|
|
}
|
|
|
|
/* now copy across the "interesting" information and fake the rest */
|
|
#if 0
|
|
sbp->f_type = mstat.f_type;
|
|
sbp->f_flags = mstat.f_flags;
|
|
sbp->f_bsize = mstat.f_bsize;
|
|
sbp->f_iosize = mstat.f_iosize;
|
|
#endif
|
|
lbsize = mstat.f_bsize;
|
|
sbp->f_blocks = mstat.f_blocks;
|
|
sbp->f_bfree = mstat.f_bfree;
|
|
sbp->f_bavail = mstat.f_bavail;
|
|
sbp->f_files = mstat.f_files;
|
|
sbp->f_ffree = mstat.f_ffree;
|
|
|
|
error = VFS_STATFS(um->um_uppervp->v_mount, &mstat, p);
|
|
if (error)
|
|
return (error);
|
|
|
|
sbp->f_type = MOUNT_UNION;
|
|
sbp->f_flags = mstat.f_flags;
|
|
sbp->f_bsize = mstat.f_bsize;
|
|
sbp->f_iosize = mstat.f_iosize;
|
|
|
|
/*
|
|
* if the lower and upper blocksizes differ, then frig the
|
|
* block counts so that the sizes reported by df make some
|
|
* kind of sense. none of this makes sense though.
|
|
*/
|
|
|
|
if (mstat.f_bsize != lbsize) {
|
|
sbp->f_blocks = sbp->f_blocks * lbsize / mstat.f_bsize;
|
|
sbp->f_bfree = sbp->f_bfree * lbsize / mstat.f_bsize;
|
|
sbp->f_bavail = sbp->f_bavail * lbsize / mstat.f_bsize;
|
|
}
|
|
sbp->f_blocks += mstat.f_blocks;
|
|
sbp->f_bfree += mstat.f_bfree;
|
|
sbp->f_bavail += mstat.f_bavail;
|
|
sbp->f_files += mstat.f_files;
|
|
sbp->f_ffree += mstat.f_ffree;
|
|
|
|
if (sbp != &mp->mnt_stat) {
|
|
bcopy(&mp->mnt_stat.f_fsid, &sbp->f_fsid, sizeof(sbp->f_fsid));
|
|
bcopy(mp->mnt_stat.f_mntonname, sbp->f_mntonname, MNAMELEN);
|
|
bcopy(mp->mnt_stat.f_mntfromname, sbp->f_mntfromname, MNAMELEN);
|
|
}
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
union_sync(mp, waitfor, cred, p)
|
|
struct mount *mp;
|
|
int waitfor;
|
|
struct ucred *cred;
|
|
struct proc *p;
|
|
{
|
|
|
|
/*
|
|
* XXX - Assumes no data cached at union layer.
|
|
*/
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
union_vget(mp, ino, vpp)
|
|
struct mount *mp;
|
|
ino_t ino;
|
|
struct vnode **vpp;
|
|
{
|
|
|
|
return (EOPNOTSUPP);
|
|
}
|
|
|
|
int
|
|
union_fhtovp(mp, fidp, nam, vpp, exflagsp, credanonp)
|
|
struct mount *mp;
|
|
struct fid *fidp;
|
|
struct mbuf *nam;
|
|
struct vnode **vpp;
|
|
int *exflagsp;
|
|
struct ucred **credanonp;
|
|
{
|
|
|
|
return (EOPNOTSUPP);
|
|
}
|
|
|
|
int
|
|
union_vptofh(vp, fhp)
|
|
struct vnode *vp;
|
|
struct fid *fhp;
|
|
{
|
|
|
|
return (EOPNOTSUPP);
|
|
}
|
|
|
|
struct vfsops union_vfsops = {
|
|
union_mount,
|
|
union_start,
|
|
union_unmount,
|
|
union_root,
|
|
union_quotactl,
|
|
union_statfs,
|
|
union_sync,
|
|
union_vget,
|
|
union_fhtovp,
|
|
union_vptofh,
|
|
union_init,
|
|
};
|
|
|
|
VFS_SET(union_vfsops, union, MOUNT_UNION, VFCF_LOOPBACK);
|