1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 28*7c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate /* 31*7c478bd9Sstevel@tonic-gate * Portions of this source code were derived from Berkeley 4.3 BSD 32*7c478bd9Sstevel@tonic-gate * under license from the Regents of the University of California. 33*7c478bd9Sstevel@tonic-gate */ 34*7c478bd9Sstevel@tonic-gate 35*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #include <sys/param.h> 38*7c478bd9Sstevel@tonic-gate #include <sys/isa_defs.h> 39*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 40*7c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 41*7c478bd9Sstevel@tonic-gate #include <sys/cred.h> 42*7c478bd9Sstevel@tonic-gate #include <sys/user.h> 43*7c478bd9Sstevel@tonic-gate #include <sys/systm.h> 44*7c478bd9Sstevel@tonic-gate #include <sys/errno.h> 45*7c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 46*7c478bd9Sstevel@tonic-gate #include <sys/pathname.h> 47*7c478bd9Sstevel@tonic-gate #include <sys/var.h> 48*7c478bd9Sstevel@tonic-gate #include <sys/vfs.h> 49*7c478bd9Sstevel@tonic-gate #include <sys/vnode.h> 50*7c478bd9Sstevel@tonic-gate #include <sys/file.h> 51*7c478bd9Sstevel@tonic-gate #include <sys/mode.h> 52*7c478bd9Sstevel@tonic-gate #include <sys/proc.h> 53*7c478bd9Sstevel@tonic-gate #include <sys/uio.h> 54*7c478bd9Sstevel@tonic-gate #include <sys/ioreq.h> 55*7c478bd9Sstevel@tonic-gate #include <sys/poll.h> 56*7c478bd9Sstevel@tonic-gate #include <sys/kmem.h> 57*7c478bd9Sstevel@tonic-gate #include <sys/filio.h> 58*7c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 59*7c478bd9Sstevel@tonic-gate #include <sys/policy.h> 60*7c478bd9Sstevel@tonic-gate #include <sys/zone.h> 61*7c478bd9Sstevel@tonic-gate 62*7c478bd9Sstevel@tonic-gate #include <sys/debug.h> 63*7c478bd9Sstevel@tonic-gate #include <c2/audit.h> 64*7c478bd9Sstevel@tonic-gate 65*7c478bd9Sstevel@tonic-gate /* 66*7c478bd9Sstevel@tonic-gate * Change current working directory ("."). 67*7c478bd9Sstevel@tonic-gate */ 68*7c478bd9Sstevel@tonic-gate static int chdirec(vnode_t *, int ischroot, int do_traverse); 69*7c478bd9Sstevel@tonic-gate 70*7c478bd9Sstevel@tonic-gate int 71*7c478bd9Sstevel@tonic-gate chdir(char *fname) 72*7c478bd9Sstevel@tonic-gate { 73*7c478bd9Sstevel@tonic-gate vnode_t *vp; 74*7c478bd9Sstevel@tonic-gate int error; 75*7c478bd9Sstevel@tonic-gate 76*7c478bd9Sstevel@tonic-gate lookup: 77*7c478bd9Sstevel@tonic-gate if (error = lookupname(fname, UIO_USERSPACE, FOLLOW, NULLVPP, &vp)) { 78*7c478bd9Sstevel@tonic-gate if (error == ESTALE) 79*7c478bd9Sstevel@tonic-gate goto lookup; 80*7c478bd9Sstevel@tonic-gate return (set_errno(error)); 81*7c478bd9Sstevel@tonic-gate } 82*7c478bd9Sstevel@tonic-gate 83*7c478bd9Sstevel@tonic-gate error = chdirec(vp, 0, 1); 84*7c478bd9Sstevel@tonic-gate if (error) { 85*7c478bd9Sstevel@tonic-gate if (error == ESTALE) 86*7c478bd9Sstevel@tonic-gate goto lookup; 87*7c478bd9Sstevel@tonic-gate return (set_errno(error)); 88*7c478bd9Sstevel@tonic-gate } 89*7c478bd9Sstevel@tonic-gate return (0); 90*7c478bd9Sstevel@tonic-gate } 91*7c478bd9Sstevel@tonic-gate 92*7c478bd9Sstevel@tonic-gate /* 93*7c478bd9Sstevel@tonic-gate * File-descriptor based version of 'chdir'. 94*7c478bd9Sstevel@tonic-gate */ 95*7c478bd9Sstevel@tonic-gate int 96*7c478bd9Sstevel@tonic-gate fchdir(int fd) 97*7c478bd9Sstevel@tonic-gate { 98*7c478bd9Sstevel@tonic-gate vnode_t *vp; 99*7c478bd9Sstevel@tonic-gate file_t *fp; 100*7c478bd9Sstevel@tonic-gate int error; 101*7c478bd9Sstevel@tonic-gate 102*7c478bd9Sstevel@tonic-gate if ((fp = getf(fd)) == NULL) 103*7c478bd9Sstevel@tonic-gate return (set_errno(EBADF)); 104*7c478bd9Sstevel@tonic-gate vp = fp->f_vnode; 105*7c478bd9Sstevel@tonic-gate VN_HOLD(vp); 106*7c478bd9Sstevel@tonic-gate releasef(fd); 107*7c478bd9Sstevel@tonic-gate error = chdirec(vp, 0, 0); 108*7c478bd9Sstevel@tonic-gate if (error) 109*7c478bd9Sstevel@tonic-gate return (set_errno(error)); 110*7c478bd9Sstevel@tonic-gate return (0); 111*7c478bd9Sstevel@tonic-gate } 112*7c478bd9Sstevel@tonic-gate 113*7c478bd9Sstevel@tonic-gate /* 114*7c478bd9Sstevel@tonic-gate * Change notion of root ("/") directory. 115*7c478bd9Sstevel@tonic-gate */ 116*7c478bd9Sstevel@tonic-gate int 117*7c478bd9Sstevel@tonic-gate chroot(char *fname) 118*7c478bd9Sstevel@tonic-gate { 119*7c478bd9Sstevel@tonic-gate vnode_t *vp; 120*7c478bd9Sstevel@tonic-gate int error; 121*7c478bd9Sstevel@tonic-gate 122*7c478bd9Sstevel@tonic-gate lookup: 123*7c478bd9Sstevel@tonic-gate if (error = lookupname(fname, UIO_USERSPACE, FOLLOW, NULLVPP, &vp)) { 124*7c478bd9Sstevel@tonic-gate if (error == ESTALE) 125*7c478bd9Sstevel@tonic-gate goto lookup; 126*7c478bd9Sstevel@tonic-gate return (set_errno(error)); 127*7c478bd9Sstevel@tonic-gate } 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate error = chdirec(vp, 1, 1); 130*7c478bd9Sstevel@tonic-gate if (error) { 131*7c478bd9Sstevel@tonic-gate if (error == ESTALE) 132*7c478bd9Sstevel@tonic-gate goto lookup; 133*7c478bd9Sstevel@tonic-gate return (set_errno(error)); 134*7c478bd9Sstevel@tonic-gate } 135*7c478bd9Sstevel@tonic-gate return (0); 136*7c478bd9Sstevel@tonic-gate } 137*7c478bd9Sstevel@tonic-gate 138*7c478bd9Sstevel@tonic-gate /* 139*7c478bd9Sstevel@tonic-gate * ++++++++++++++++++++++++ 140*7c478bd9Sstevel@tonic-gate * ++ SunOS4.1 Buyback ++ 141*7c478bd9Sstevel@tonic-gate * ++++++++++++++++++++++++ 142*7c478bd9Sstevel@tonic-gate * Change root directory with a user given fd 143*7c478bd9Sstevel@tonic-gate */ 144*7c478bd9Sstevel@tonic-gate int 145*7c478bd9Sstevel@tonic-gate fchroot(int fd) 146*7c478bd9Sstevel@tonic-gate { 147*7c478bd9Sstevel@tonic-gate vnode_t *vp; 148*7c478bd9Sstevel@tonic-gate file_t *fp; 149*7c478bd9Sstevel@tonic-gate int error; 150*7c478bd9Sstevel@tonic-gate 151*7c478bd9Sstevel@tonic-gate if ((fp = getf(fd)) == NULL) 152*7c478bd9Sstevel@tonic-gate return (set_errno(EBADF)); 153*7c478bd9Sstevel@tonic-gate vp = fp->f_vnode; 154*7c478bd9Sstevel@tonic-gate VN_HOLD(vp); 155*7c478bd9Sstevel@tonic-gate releasef(fd); 156*7c478bd9Sstevel@tonic-gate error = chdirec(vp, 1, 0); 157*7c478bd9Sstevel@tonic-gate if (error) 158*7c478bd9Sstevel@tonic-gate return (set_errno(error)); 159*7c478bd9Sstevel@tonic-gate return (0); 160*7c478bd9Sstevel@tonic-gate } 161*7c478bd9Sstevel@tonic-gate 162*7c478bd9Sstevel@tonic-gate static int 163*7c478bd9Sstevel@tonic-gate chdirec(vnode_t *vp, int ischroot, int do_traverse) 164*7c478bd9Sstevel@tonic-gate { 165*7c478bd9Sstevel@tonic-gate int error; 166*7c478bd9Sstevel@tonic-gate vnode_t *oldvp; 167*7c478bd9Sstevel@tonic-gate proc_t *pp = curproc; 168*7c478bd9Sstevel@tonic-gate vnode_t **vpp; 169*7c478bd9Sstevel@tonic-gate refstr_t *cwd; 170*7c478bd9Sstevel@tonic-gate int newcwd = 1; 171*7c478bd9Sstevel@tonic-gate 172*7c478bd9Sstevel@tonic-gate if (vp->v_type != VDIR) { 173*7c478bd9Sstevel@tonic-gate error = ENOTDIR; 174*7c478bd9Sstevel@tonic-gate goto bad; 175*7c478bd9Sstevel@tonic-gate } 176*7c478bd9Sstevel@tonic-gate if (error = VOP_ACCESS(vp, VEXEC, 0, CRED())) 177*7c478bd9Sstevel@tonic-gate goto bad; 178*7c478bd9Sstevel@tonic-gate 179*7c478bd9Sstevel@tonic-gate /* 180*7c478bd9Sstevel@tonic-gate * The VOP_ACCESS() may have covered 'vp' with a new filesystem, 181*7c478bd9Sstevel@tonic-gate * if 'vp' is an autoFS vnode. Traverse the mountpoint so 182*7c478bd9Sstevel@tonic-gate * that we don't end up with a covered current directory. 183*7c478bd9Sstevel@tonic-gate */ 184*7c478bd9Sstevel@tonic-gate if (vn_mountedvfs(vp) != NULL && do_traverse) { 185*7c478bd9Sstevel@tonic-gate if (error = traverse(&vp)) 186*7c478bd9Sstevel@tonic-gate goto bad; 187*7c478bd9Sstevel@tonic-gate } 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate /* 190*7c478bd9Sstevel@tonic-gate * Special chroot semantics: chroot is allowed if privileged 191*7c478bd9Sstevel@tonic-gate * or if the target is really a loopback mount of the root (or 192*7c478bd9Sstevel@tonic-gate * root of the zone) as determined by comparing dev and inode 193*7c478bd9Sstevel@tonic-gate * numbers 194*7c478bd9Sstevel@tonic-gate */ 195*7c478bd9Sstevel@tonic-gate if (ischroot) { 196*7c478bd9Sstevel@tonic-gate struct vattr tattr; 197*7c478bd9Sstevel@tonic-gate struct vattr rattr; 198*7c478bd9Sstevel@tonic-gate vnode_t *zonevp = curproc->p_zone->zone_rootvp; 199*7c478bd9Sstevel@tonic-gate 200*7c478bd9Sstevel@tonic-gate tattr.va_mask = AT_FSID|AT_NODEID; 201*7c478bd9Sstevel@tonic-gate if (error = VOP_GETATTR(vp, &tattr, 0, CRED())) 202*7c478bd9Sstevel@tonic-gate goto bad; 203*7c478bd9Sstevel@tonic-gate 204*7c478bd9Sstevel@tonic-gate rattr.va_mask = AT_FSID|AT_NODEID; 205*7c478bd9Sstevel@tonic-gate if (error = VOP_GETATTR(zonevp, &rattr, 0, CRED())) 206*7c478bd9Sstevel@tonic-gate goto bad; 207*7c478bd9Sstevel@tonic-gate 208*7c478bd9Sstevel@tonic-gate if ((tattr.va_fsid != rattr.va_fsid || 209*7c478bd9Sstevel@tonic-gate tattr.va_nodeid != rattr.va_nodeid) && 210*7c478bd9Sstevel@tonic-gate (error = secpolicy_chroot(CRED())) != 0) 211*7c478bd9Sstevel@tonic-gate goto bad; 212*7c478bd9Sstevel@tonic-gate 213*7c478bd9Sstevel@tonic-gate vpp = &PTOU(pp)->u_rdir; 214*7c478bd9Sstevel@tonic-gate } else { 215*7c478bd9Sstevel@tonic-gate vpp = &PTOU(pp)->u_cdir; 216*7c478bd9Sstevel@tonic-gate } 217*7c478bd9Sstevel@tonic-gate 218*7c478bd9Sstevel@tonic-gate #ifdef C2_AUDIT 219*7c478bd9Sstevel@tonic-gate if (audit_active) /* update abs cwd/root path see c2audit.c */ 220*7c478bd9Sstevel@tonic-gate audit_chdirec(vp, vpp); 221*7c478bd9Sstevel@tonic-gate #endif 222*7c478bd9Sstevel@tonic-gate 223*7c478bd9Sstevel@tonic-gate mutex_enter(&pp->p_lock); 224*7c478bd9Sstevel@tonic-gate /* 225*7c478bd9Sstevel@tonic-gate * This bit of logic prevents us from overwriting u_cwd if we are 226*7c478bd9Sstevel@tonic-gate * changing to the same directory. We set the cwd to NULL so that we 227*7c478bd9Sstevel@tonic-gate * don't try to do the lookup on the next call to getcwd(). 228*7c478bd9Sstevel@tonic-gate */ 229*7c478bd9Sstevel@tonic-gate if (!ischroot && *vpp != NULL && vp != NULL && VN_CMP(*vpp, vp)) 230*7c478bd9Sstevel@tonic-gate newcwd = 0; 231*7c478bd9Sstevel@tonic-gate 232*7c478bd9Sstevel@tonic-gate oldvp = *vpp; 233*7c478bd9Sstevel@tonic-gate *vpp = vp; 234*7c478bd9Sstevel@tonic-gate if ((cwd = PTOU(pp)->u_cwd) != NULL && newcwd) 235*7c478bd9Sstevel@tonic-gate PTOU(pp)->u_cwd = NULL; 236*7c478bd9Sstevel@tonic-gate mutex_exit(&pp->p_lock); 237*7c478bd9Sstevel@tonic-gate 238*7c478bd9Sstevel@tonic-gate if (cwd && newcwd) 239*7c478bd9Sstevel@tonic-gate refstr_rele(cwd); 240*7c478bd9Sstevel@tonic-gate if (oldvp) 241*7c478bd9Sstevel@tonic-gate VN_RELE(oldvp); 242*7c478bd9Sstevel@tonic-gate return (0); 243*7c478bd9Sstevel@tonic-gate 244*7c478bd9Sstevel@tonic-gate bad: 245*7c478bd9Sstevel@tonic-gate VN_RELE(vp); 246*7c478bd9Sstevel@tonic-gate return (error); 247*7c478bd9Sstevel@tonic-gate } 248