search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Replace previous change by different test
[minix.git] / servers / mfs / path.c
blobf558c89c4a10a7258d20df0dc6a411bb046f10d7
1 /* This file contains the procedures that look up path names in the directory
2 * system and determine the inode number that goes with a given path name.
3 *
4 * The entry points into this file are
5 * eat_path: the 'main' routine of the path-to-inode conversion mechanism
6 * last_dir: find the final directory on a given path
7 * advance: parse one component of a path name
8 * search_dir: search a directory for a string and return its inode number
9 *
10 */
11
12 #include "fs.h"
13 #include "assert.h"
14 #include <string.h>
15 #include <minix/endpoint.h>
16 #include <sys/stat.h>
17 #include <sys/types.h>
18 #include "buf.h"
19 #include "inode.h"
20 #include "super.h"
21 #include <minix/vfsif.h>
22 #include <minix/libminixfs.h>
23
24
25 char dot1[2] = "."; /* used for search_dir to bypass the access */
26 char dot2[3] = ".."; /* permissions for . and .. */
27
28 static char *get_name(char *name, char string[MFS_NAME_MAX+1]);
29 static int ltraverse(struct inode *rip, char *suffix);
30 static int parse_path(ino_t dir_ino, ino_t root_ino, int flags, struct
31 inode **res_inop, size_t *offsetp, int *symlinkp);
32
33
34 /*===========================================================================*
35 * fs_lookup *
36 *===========================================================================*/
37 int fs_lookup()
38 {
39 cp_grant_id_t grant;
40 int r, r1, flags, symlinks;
41 unsigned int len;
42 size_t offset = 0, path_size;
43 ino_t dir_ino, root_ino;
44 struct inode *rip;
45
46 grant = (cp_grant_id_t) fs_m_in.REQ_GRANT;
47 path_size = (size_t) fs_m_in.REQ_PATH_SIZE; /* Size of the buffer */
48 len = (int) fs_m_in.REQ_PATH_LEN; /* including terminating nul */
49 dir_ino = (ino_t) fs_m_in.REQ_DIR_INO;
50 root_ino = (ino_t) fs_m_in.REQ_ROOT_INO;
51 flags = (int) fs_m_in.REQ_FLAGS;
52
53 /* Check length. */
54 if(len > sizeof(user_path)) return(E2BIG); /* too big for buffer */
55 if(len == 0) return(EINVAL); /* too small */
56
57 /* Copy the pathname and set up caller's user and group id */
58 r = sys_safecopyfrom(VFS_PROC_NR, grant, /*offset*/ (vir_bytes) 0,
59 (vir_bytes) user_path, (size_t) len);
60 if(r != OK) return(r);
61
62 /* Verify this is a null-terminated path. */
63 if(user_path[len - 1] != '\0') return(EINVAL);
64
65 memset(&credentials, 0, sizeof(credentials));
66 if(!(flags & PATH_GET_UCRED)) { /* Do we have to copy uid/gid credentials? */
67 caller_uid = (uid_t) fs_m_in.REQ_UID;
68 caller_gid = (gid_t) fs_m_in.REQ_GID;
69 } else {
70 if((r=fs_lookup_credentials(&credentials,
71 &caller_uid, &caller_gid,
72 (cp_grant_id_t) fs_m_in.REQ_GRANT2,
73 (size_t) fs_m_in.REQ_UCRED_SIZE)) != OK)
74 return r;
75 }
76
77 /* Lookup inode */
78 rip = NULL;
79 r = parse_path(dir_ino, root_ino, flags, &rip, &offset, &symlinks);
80
81 if(symlinks != 0 && (r == ELEAVEMOUNT || r == EENTERMOUNT || r == ESYMLINK)){
82 len = strlen(user_path)+1;
83 if(len > path_size) return(ENAMETOOLONG);
84
85 r1 = sys_safecopyto(VFS_PROC_NR, grant, (vir_bytes) 0,
86 (vir_bytes) user_path, (size_t) len);
87 if(r1 != OK) return(r1);
88 }
89
90 if(r == ELEAVEMOUNT || r == ESYMLINK) {
91 /* Report offset and the error */
92 fs_m_out.RES_OFFSET = offset;
93 fs_m_out.RES_SYMLOOP = symlinks;
94
95 return(r);
96 }
97
98 if (r != OK && r != EENTERMOUNT) return(r);
99
100 fs_m_out.RES_INODE_NR = rip->i_num;
101 fs_m_out.RES_MODE = rip->i_mode;
102 fs_m_out.RES_FILE_SIZE_LO = rip->i_size;
103 fs_m_out.RES_SYMLOOP = symlinks;
104 fs_m_out.RES_UID = rip->i_uid;
105 fs_m_out.RES_GID = rip->i_gid;
106
107 /* This is only valid for block and character specials. But it doesn't
108 * cause any harm to set RES_DEV always. */
109 fs_m_out.RES_DEV = (dev_t) rip->i_zone[0];
110
111 if(r == EENTERMOUNT) {
112 fs_m_out.RES_OFFSET = offset;
113 put_inode(rip); /* Only return a reference to the final object */
114 }
115
116 return(r);
117 }
118
119
120 /*===========================================================================*
121 * parse_path *
122 *===========================================================================*/
123 static int parse_path(dir_ino, root_ino, flags, res_inop, offsetp, symlinkp)
124 ino_t dir_ino;
125 ino_t root_ino;
126 int flags;
127 struct inode **res_inop;
128 size_t *offsetp;
129 int *symlinkp;
130 {
131 /* Parse the path in user_path, starting at dir_ino. If the path is the empty
132 * string, just return dir_ino. It is upto the caller to treat an empty
133 * path in a special way. Otherwise, if the path consists of just one or
134 * more slash ('/') characters, the path is replaced with ".". Otherwise,
135 * just look up the first (or only) component in path after skipping any
136 * leading slashes.
137 */
138 int r, leaving_mount;
139 struct inode *rip, *dir_ip;
140 char *cp, *next_cp; /* component and next component */
141 char component[MFS_NAME_MAX+1];
142
143 /* Start parsing path at the first component in user_path */
144 cp = user_path;
145
146 /* No symlinks encountered yet */
147 *symlinkp = 0;
148
149 /* Find starting inode inode according to the request message */
150 if((rip = find_inode(fs_dev, dir_ino)) == NULL)
151 return(ENOENT);
152
153 /* If dir has been removed return ENOENT. */
154 if (rip->i_nlinks == NO_LINK) return(ENOENT);
155
156 dup_inode(rip);
157
158 /* If the given start inode is a mountpoint, we must be here because the file
159 * system mounted on top returned an ELEAVEMOUNT error. In this case, we must
160 * only accept ".." as the first path component.
161 */
162 leaving_mount = rip->i_mountpoint; /* True iff rip is a mountpoint */
163
164 /* Scan the path component by component. */
165 while (TRUE) {
166 if(cp[0] == '\0') {
167 /* We're done; either the path was empty or we've parsed all
168 components of the path */
169
170 *res_inop = rip;
171 *offsetp += cp - user_path;
172
173 /* Return EENTERMOUNT if we are at a mount point */
174 if (rip->i_mountpoint) return(EENTERMOUNT);
175
176 return(OK);
177 }
178
179 while(cp[0] == '/') cp++;
180 next_cp = get_name(cp, component);
181
182 /* Special code for '..'. A process is not allowed to leave a chrooted
183 * environment. A lookup of '..' at the root of a mounted filesystem
184 * has to return ELEAVEMOUNT. In both cases, the caller needs search
185 * permission for the current inode, as it is used as directory.
186 */
187 if(strcmp(component, "..") == 0) {
188 /* 'rip' is now accessed as directory */
189 if ((r = forbidden(rip, X_BIT)) != OK) {
190 put_inode(rip);
191 return(r);
192 }
193
194 if (rip->i_num == root_ino) {
195 cp = next_cp;
196 continue; /* Ignore the '..' at a process' root
197 and move on to the next component */
198 }
199
200 if (rip->i_num == ROOT_INODE && !rip->i_sp->s_is_root) {
201 /* Climbing up to parent FS */
202
203 put_inode(rip);
204 *offsetp += cp - user_path;
205 return(ELEAVEMOUNT);
206 }
207 }
208
209 /* Only check for a mount point if we are not coming from one. */
210 if (!leaving_mount && rip->i_mountpoint) {
211 /* Going to enter a child FS */
212
213 *res_inop = rip;
214 *offsetp += cp - user_path;
215 return(EENTERMOUNT);
216 }
217
218 /* There is more path. Keep parsing.
219 * If we're leaving a mountpoint, skip directory permission checks.
220 */
221 dir_ip = rip;
222 rip = advance(dir_ip, leaving_mount ? dot2 : component, CHK_PERM);
223 if(err_code == ELEAVEMOUNT || err_code == EENTERMOUNT)
224 err_code = OK;
225
226 if (err_code != OK) {
227 put_inode(dir_ip);
228 return(err_code);
229 }
230
231 leaving_mount = 0;
232
233 /* The call to advance() succeeded. Fetch next component. */
234 if (S_ISLNK(rip->i_mode)) {
235
236 if (next_cp[0] == '\0' && (flags & PATH_RET_SYMLINK)) {
237 put_inode(dir_ip);
238 *res_inop = rip;
239 *offsetp += next_cp - user_path;
240 return(OK);
241 }
242
243 /* Extract path name from the symlink file */
244 r = ltraverse(rip, next_cp);
245 next_cp = user_path;
246 *offsetp = 0;
247
248 /* Symloop limit reached? */
249 if (++(*symlinkp) > SYMLOOP_MAX)
250 r = ELOOP;
251
252 if (r != OK) {
253 put_inode(dir_ip);
254 put_inode(rip);
255 return(r);
256 }
257
258 if (next_cp[0] == '/') {
259 put_inode(dir_ip);
260 put_inode(rip);
261 return(ESYMLINK);
262 }
263
264 put_inode(rip);
265 dup_inode(dir_ip);
266 rip = dir_ip;
267 }
268
269 put_inode(dir_ip);
270 cp = next_cp; /* Process subsequent component in next round */
271 }
272 }
273
274
275 /*===========================================================================*
276 * ltraverse *
277 *===========================================================================*/
278 static int ltraverse(rip, suffix)
279 register struct inode *rip; /* symbolic link */
280 char *suffix; /* current remaining path. Has to point in the
281 * user_path buffer
282 */
283 {
284 /* Traverse a symbolic link. Copy the link text from the inode and insert
285 * the text into the path. Return error code or report success. Base
286 * directory has to be determined according to the first character of the
287 * new pathname.
288 */
289
290 block_t blink; /* block containing link text */
291 size_t llen; /* length of link */
292 size_t slen; /* length of suffix */
293 struct buf *bp; /* buffer containing link text */
294 char *sp; /* start of link text */
295
296 if ((blink = read_map(rip, (off_t) 0)) == NO_BLOCK)
297 return(EIO);
298
299 bp = get_block(rip->i_dev, blink, NORMAL);
300 llen = (size_t) rip->i_size;
301 sp = b_data(bp);
302 slen = strlen(suffix);
303
304 /* The path we're parsing looks like this:
305 * /already/processed/path/<link> or
306 * /already/processed/path/<link>/not/yet/processed/path
307 * After expanding the <link>, the path will look like
308 * <expandedlink> or
309 * <expandedlink>/not/yet/processed
310 * In both cases user_path must have enough room to hold <expandedlink>.
311 * However, in the latter case we have to move /not/yet/processed to the
312 * right place first, before we expand <link>. When strlen(<expandedlink>) is
313 * smaller than strlen(/already/processes/path), we move the suffix to the
314 * left. Is strlen(<expandedlink>) greater then we move it to the right. Else
315 * we do nothing.
316 */
317
318 if (slen > 0) { /* Do we have path after the link? */
319 /* For simplicity we require that suffix starts with a slash */
320 if (suffix[0] != '/') {
321 panic("ltraverse: suffix does not start with a slash");
322 }
323
324 /* To be able to expand the <link>, we have to move the 'suffix'
325 * to the right place.
326 */
327 if (slen + llen + 1 > sizeof(user_path))
328 return(ENAMETOOLONG);/* <expandedlink>+suffix+\0 does not fit*/
329 if ((unsigned) (suffix-user_path) != llen) {
330 /* Move suffix left or right */
331 memmove(&user_path[llen], suffix, slen+1);
332 }
333 } else {
334 if (llen + 1 > sizeof(user_path))
335 return(ENAMETOOLONG); /* <expandedlink> + \0 does not fix */
336
337 /* Set terminating nul */
338 user_path[llen]= '\0';
339 }
340
341 /* Everything is set, now copy the expanded link to user_path */
342 memmove(user_path, sp, llen);
343
344 put_block(bp, DIRECTORY_BLOCK);
345 return(OK);
346 }
347
348
349 /*===========================================================================*
350 * advance *
351 *===========================================================================*/
352 struct inode *advance(dirp, string, chk_perm)
353 struct inode *dirp; /* inode for directory to be searched */
354 char string[MFS_NAME_MAX]; /* component name to look for */
355 int chk_perm; /* check permissions when string is looked up*/
356 {
357 /* Given a directory and a component of a path, look up the component in
358 * the directory, find the inode, open it, and return a pointer to its inode
359 * slot.
360 */
361 ino_t numb;
362 struct inode *rip;
363
364 /* If 'string' is empty, return an error. */
365 if (string[0] == '\0') {
366 err_code = ENOENT;
367 return(NULL);
368 }
369
370 /* Check for NULL. */
371 if (dirp == NULL) return(NULL);
372
373 /* If 'string' is not present in the directory, signal error. */
374 if ( (err_code = search_dir(dirp, string, &numb, LOOK_UP, chk_perm)) != OK) {
375 return(NULL);
376 }
377
378 /* The component has been found in the directory. Get inode. */
379 if ( (rip = get_inode(dirp->i_dev, (int) numb)) == NULL) {
380 return(NULL);
381 }
382
383 /* The following test is for "mountpoint/.." where mountpoint is a
384 * mountpoint. ".." will refer to the root of the mounted filesystem,
385 * but has to become a reference to the parent of the 'mountpoint'
386 * directory.
387 *
388 * This case is recognized by the looked up name pointing to a
389 * root inode, and the directory in which it is held being a
390 * root inode, _and_ the name[1] being '.'. (This is a test for '..'
391 * and excludes '.'.)
392 */
393 if (rip->i_num == ROOT_INODE) {
394 if (dirp->i_num == ROOT_INODE) {
395 if (string[1] == '.') {
396 if (!rip->i_sp->s_is_root) {
397 /* Climbing up mountpoint */
398 err_code = ELEAVEMOUNT;
399 }
400 }
401 }
402 }
403
404 /* See if the inode is mounted on. If so, switch to root directory of the
405 * mounted file system. The super_block provides the linkage between the
406 * inode mounted on and the root directory of the mounted file system.
407 */
408 if (rip->i_mountpoint) {
409 /* Mountpoint encountered, report it */
410 err_code = EENTERMOUNT;
411 }
412
413 return(rip);
414 }
415
416
417 /*===========================================================================*
418 * get_name *
419 *===========================================================================*/
420 static char *get_name(path_name, string)
421 char *path_name; /* path name to parse */
422 char string[MFS_NAME_MAX+1]; /* component extracted from 'old_name' */
423 {
424 /* Given a pointer to a path name in fs space, 'path_name', copy the first
425 * component to 'string' (truncated if necessary, always nul terminated).
426 * A pointer to the string after the first component of the name as yet
427 * unparsed is returned. Roughly speaking,
428 * 'get_name' = 'path_name' - 'string'.
429 *
430 * This routine follows the standard convention that /usr/ast, /usr//ast,
431 * //usr///ast and /usr/ast/ are all equivalent.
432 */
433 size_t len;
434 char *cp, *ep;
435
436 cp = path_name;
437
438 /* Skip leading slashes */
439 while (cp[0] == '/') cp++;
440
441 /* Find the end of the first component */
442 ep = cp;
443 while(ep[0] != '\0' && ep[0] != '/')
444 ep++;
445
446 len = (size_t) (ep - cp);
447
448 /* Truncate the amount to be copied if it exceeds MFS_NAME_MAX */
449 if (len > MFS_NAME_MAX) len = MFS_NAME_MAX;
450
451 /* Special case of the string at cp is empty */
452 if (len == 0)
453 strlcpy(string, ".", MFS_NAME_MAX + 1); /* Return "." */
454 else {
455 memcpy(string, cp, len);
456 string[len]= '\0';
457 }
458
459 return(ep);
460 }
461
462
463 /*===========================================================================*
464 * search_dir *
465 *===========================================================================*/
466 int search_dir(ldir_ptr, string, numb, flag, check_permissions)
467 register struct inode *ldir_ptr; /* ptr to inode for dir to search */
468 char string[MFS_NAME_MAX]; /* component to search for */
469 ino_t *numb; /* pointer to inode number */
470 int flag; /* LOOK_UP, ENTER, DELETE or IS_EMPTY */
471 int check_permissions; /* check permissions when flag is !IS_EMPTY */
472 {
473 /* This function searches the directory whose inode is pointed to by 'ldip':
474 * if (flag == ENTER) enter 'string' in the directory with inode # '*numb';
475 * if (flag == DELETE) delete 'string' from the directory;
476 * if (flag == LOOK_UP) search for 'string' and return inode # in 'numb';
477 * if (flag == IS_EMPTY) return OK if only . and .. in dir else ENOTEMPTY;
478 *
479 * if 'string' is dot1 or dot2, no access permissions are checked.
480 */
481
482 register struct direct *dp = NULL;
483 register struct buf *bp = NULL;
484 int i, r, e_hit, t, match;
485 mode_t bits;
486 off_t pos;
487 unsigned new_slots, old_slots;
488 block_t b;
489 struct super_block *sp;
490 int extended = 0;
491
492 /* If 'ldir_ptr' is not a pointer to a dir inode, error. */
493 if ( (ldir_ptr->i_mode & I_TYPE) != I_DIRECTORY) {
494 return(ENOTDIR);
495 }
496
497 if((flag == DELETE || flag == ENTER) && ldir_ptr->i_sp->s_rd_only)
498 return EROFS;
499
500 r = OK;
501
502 if (flag != IS_EMPTY) {
503 bits = (flag == LOOK_UP ? X_BIT : W_BIT | X_BIT);
504
505 if (string == dot1 || string == dot2) {
506 if (flag != LOOK_UP) r = read_only(ldir_ptr);
507 /* only a writable device is required. */
508 } else if(check_permissions) {
509 r = forbidden(ldir_ptr, bits); /* check access permissions */
510 }
511 }
512 if (r != OK) return(r);
513
514 /* Step through the directory one block at a time. */
515 old_slots = (unsigned) (ldir_ptr->i_size/DIR_ENTRY_SIZE);
516 new_slots = 0;
517 e_hit = FALSE;
518 match = 0; /* set when a string match occurs */
519
520 pos = 0;
521 if (flag == ENTER && ldir_ptr->i_last_dpos < ldir_ptr->i_size) {
522 pos = ldir_ptr->i_last_dpos;
523 new_slots = (unsigned) (pos/DIR_ENTRY_SIZE);
524 }
525
526 for (; pos < ldir_ptr->i_size; pos += ldir_ptr->i_sp->s_block_size) {
527 b = read_map(ldir_ptr, pos); /* get block number */
528
529 /* Since directories don't have holes, 'b' cannot be NO_BLOCK. */
530 bp = get_block(ldir_ptr->i_dev, b, NORMAL); /* get a dir block */
531
532 assert(bp != NULL);
533
534 /* Search a directory block. */
535 for (dp = &b_dir(bp)[0];
536 dp < &b_dir(bp)[NR_DIR_ENTRIES(ldir_ptr->i_sp->s_block_size)];
537 dp++) {
538 if (++new_slots > old_slots) { /* not found, but room left */
539 if (flag == ENTER) e_hit = TRUE;
540 break;
541 }
542
543 /* Match occurs if string found. */
544 if (flag != ENTER && dp->mfs_d_ino != NO_ENTRY) {
545 if (flag == IS_EMPTY) {
546 /* If this test succeeds, dir is not empty. */
547 if (strcmp(dp->mfs_d_name, "." ) != 0 &&
548 strcmp(dp->mfs_d_name, "..") != 0) match = 1;
549 } else {
550 if (strncmp(dp->mfs_d_name, string,
551 sizeof(dp->mfs_d_name)) == 0){
552 match = 1;
553 }
554 }
555 }
556
557 if (match) {
558 /* LOOK_UP or DELETE found what it wanted. */
559 r = OK;
560 if (flag == IS_EMPTY) r = ENOTEMPTY;
561 else if (flag == DELETE) {
562 /* Save d_ino for recovery. */
563 t = MFS_NAME_MAX - sizeof(ino_t);
564 *((ino_t *) &dp->mfs_d_name[t]) = dp->mfs_d_ino;
565 dp->mfs_d_ino = NO_ENTRY; /* erase entry */
566 MARKDIRTY(bp);
567 ldir_ptr->i_update |= CTIME | MTIME;
568 IN_MARKDIRTY(ldir_ptr);
569 if (pos < ldir_ptr->i_last_dpos)
570 ldir_ptr->i_last_dpos = pos;
571 } else {
572 sp = ldir_ptr->i_sp; /* 'flag' is LOOK_UP */
573 *numb = (ino_t) conv4(sp->s_native,
574 (int) dp->mfs_d_ino);
575 }
576 put_block(bp, DIRECTORY_BLOCK);
577 return(r);
578 }
579
580 /* Check for free slot for the benefit of ENTER. */
581 if (flag == ENTER && dp->mfs_d_ino == 0) {
582 e_hit = TRUE; /* we found a free slot */
583 break;
584 }
585 }
586
587 /* The whole block has been searched or ENTER has a free slot. */
588 if (e_hit) break; /* e_hit set if ENTER can be performed now */
589 put_block(bp, DIRECTORY_BLOCK); /* otherwise, continue searching dir */
590 }
591
592 /* The whole directory has now been searched. */
593 if (flag != ENTER) {
594 return(flag == IS_EMPTY ? OK : ENOENT);
595 }
596
597 /* When ENTER next time, start searching for free slot from
598 * i_last_dpos. It gives some performance improvement (3-5%).
599 */
600 ldir_ptr->i_last_dpos = pos;
601
602 /* This call is for ENTER. If no free slot has been found so far, try to
603 * extend directory.
604 */
605 if (e_hit == FALSE) { /* directory is full and no room left in last block */
606 new_slots++; /* increase directory size by 1 entry */
607 if (new_slots == 0) return(EFBIG); /* dir size limited by slot count */
608 if ( (bp = new_block(ldir_ptr, ldir_ptr->i_size)) == NULL)
609 return(err_code);
610 dp = &b_dir(bp)[0];
611 extended = 1;
612 }
613
614 /* 'bp' now points to a directory block with space. 'dp' points to slot. */
615 (void) memset(dp->mfs_d_name, 0, (size_t) MFS_NAME_MAX); /* clear entry */
616 for (i = 0; i < MFS_NAME_MAX && string[i]; i++) dp->mfs_d_name[i] = string[i];
617 sp = ldir_ptr->i_sp;
618 dp->mfs_d_ino = conv4(sp->s_native, (int) *numb);
619 MARKDIRTY(bp);
620 put_block(bp, DIRECTORY_BLOCK);
621 ldir_ptr->i_update |= CTIME | MTIME; /* mark mtime for update later */
622 IN_MARKDIRTY(ldir_ptr);
623 if (new_slots > old_slots) {
624 ldir_ptr->i_size = (off_t) new_slots * DIR_ENTRY_SIZE;
625 /* Send the change to disk if the directory is extended. */
626 if (extended) rw_inode(ldir_ptr, WRITING);
627 }
628 return(OK);
629 }
630
MINIX 3 (repo.or.cz mirror)