1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 28 /* All Rights Reserved */ 29 30 /* 31 * Portions of this source code were derived from Berkeley 4.3 BSD 32 * under license from the Regents of the University of California. 33 */ 34 35 #pragma ident "%Z%%M% %I% %E% SMI" 36 37 #include <sys/param.h> 38 #include <sys/isa_defs.h> 39 #include <sys/types.h> 40 #include <sys/sysmacros.h> 41 #include <sys/cred.h> 42 #include <sys/user.h> 43 #include <sys/systm.h> 44 #include <sys/errno.h> 45 #include <sys/fcntl.h> 46 #include <sys/pathname.h> 47 #include <sys/var.h> 48 #include <sys/vfs.h> 49 #include <sys/vnode.h> 50 #include <sys/file.h> 51 #include <sys/mode.h> 52 #include <sys/proc.h> 53 #include <sys/uio.h> 54 #include <sys/poll.h> 55 #include <sys/kmem.h> 56 #include <sys/filio.h> 57 #include <sys/cmn_err.h> 58 #include <sys/policy.h> 59 #include <sys/zone.h> 60 61 #include <sys/debug.h> 62 #include <c2/audit.h> 63 64 /* 65 * Change current working directory ("."). 66 */ 67 static int chdirec(vnode_t *, int ischroot, int do_traverse); 68 69 int 70 chdir(char *fname) 71 { 72 vnode_t *vp; 73 int error; 74 75 lookup: 76 if (error = lookupname(fname, UIO_USERSPACE, FOLLOW, NULLVPP, &vp)) { 77 if (error == ESTALE) 78 goto lookup; 79 return (set_errno(error)); 80 } 81 82 error = chdirec(vp, 0, 1); 83 if (error) { 84 if (error == ESTALE) 85 goto lookup; 86 return (set_errno(error)); 87 } 88 return (0); 89 } 90 91 /* 92 * File-descriptor based version of 'chdir'. 93 */ 94 int 95 fchdir(int fd) 96 { 97 vnode_t *vp; 98 file_t *fp; 99 int error; 100 101 if ((fp = getf(fd)) == NULL) 102 return (set_errno(EBADF)); 103 vp = fp->f_vnode; 104 VN_HOLD(vp); 105 releasef(fd); 106 error = chdirec(vp, 0, 0); 107 if (error) 108 return (set_errno(error)); 109 return (0); 110 } 111 112 /* 113 * Change notion of root ("/") directory. 114 */ 115 int 116 chroot(char *fname) 117 { 118 vnode_t *vp; 119 int error; 120 121 lookup: 122 if (error = lookupname(fname, UIO_USERSPACE, FOLLOW, NULLVPP, &vp)) { 123 if (error == ESTALE) 124 goto lookup; 125 return (set_errno(error)); 126 } 127 128 error = chdirec(vp, 1, 1); 129 if (error) { 130 if (error == ESTALE) 131 goto lookup; 132 return (set_errno(error)); 133 } 134 return (0); 135 } 136 137 /* 138 * ++++++++++++++++++++++++ 139 * ++ SunOS4.1 Buyback ++ 140 * ++++++++++++++++++++++++ 141 * Change root directory with a user given fd 142 */ 143 int 144 fchroot(int fd) 145 { 146 vnode_t *vp; 147 file_t *fp; 148 int error; 149 150 if ((fp = getf(fd)) == NULL) 151 return (set_errno(EBADF)); 152 vp = fp->f_vnode; 153 VN_HOLD(vp); 154 releasef(fd); 155 error = chdirec(vp, 1, 0); 156 if (error) 157 return (set_errno(error)); 158 return (0); 159 } 160 161 static int 162 chdirec(vnode_t *vp, int ischroot, int do_traverse) 163 { 164 int error; 165 vnode_t *oldvp; 166 proc_t *pp = curproc; 167 vnode_t **vpp; 168 refstr_t *cwd; 169 int newcwd = 1; 170 171 if (vp->v_type != VDIR) { 172 error = ENOTDIR; 173 goto bad; 174 } 175 if (error = VOP_ACCESS(vp, VEXEC, 0, CRED())) 176 goto bad; 177 178 /* 179 * The VOP_ACCESS() may have covered 'vp' with a new filesystem, 180 * if 'vp' is an autoFS vnode. Traverse the mountpoint so 181 * that we don't end up with a covered current directory. 182 */ 183 if (vn_mountedvfs(vp) != NULL && do_traverse) { 184 if (error = traverse(&vp)) 185 goto bad; 186 } 187 188 /* 189 * Special chroot semantics: chroot is allowed if privileged 190 * or if the target is really a loopback mount of the root (or 191 * root of the zone) as determined by comparing dev and inode 192 * numbers 193 */ 194 if (ischroot) { 195 struct vattr tattr; 196 struct vattr rattr; 197 vnode_t *zonevp = curproc->p_zone->zone_rootvp; 198 199 tattr.va_mask = AT_FSID|AT_NODEID; 200 if (error = VOP_GETATTR(vp, &tattr, 0, CRED())) 201 goto bad; 202 203 rattr.va_mask = AT_FSID|AT_NODEID; 204 if (error = VOP_GETATTR(zonevp, &rattr, 0, CRED())) 205 goto bad; 206 207 if ((tattr.va_fsid != rattr.va_fsid || 208 tattr.va_nodeid != rattr.va_nodeid) && 209 (error = secpolicy_chroot(CRED())) != 0) 210 goto bad; 211 212 vpp = &PTOU(pp)->u_rdir; 213 } else { 214 vpp = &PTOU(pp)->u_cdir; 215 } 216 217 #ifdef C2_AUDIT 218 if (audit_active) /* update abs cwd/root path see c2audit.c */ 219 audit_chdirec(vp, vpp); 220 #endif 221 222 mutex_enter(&pp->p_lock); 223 /* 224 * This bit of logic prevents us from overwriting u_cwd if we are 225 * changing to the same directory. We set the cwd to NULL so that we 226 * don't try to do the lookup on the next call to getcwd(). 227 */ 228 if (!ischroot && *vpp != NULL && vp != NULL && VN_CMP(*vpp, vp)) 229 newcwd = 0; 230 231 oldvp = *vpp; 232 *vpp = vp; 233 if ((cwd = PTOU(pp)->u_cwd) != NULL && newcwd) 234 PTOU(pp)->u_cwd = NULL; 235 mutex_exit(&pp->p_lock); 236 237 if (cwd && newcwd) 238 refstr_rele(cwd); 239 if (oldvp) 240 VN_RELE(oldvp); 241 return (0); 242 243 bad: 244 VN_RELE(vp); 245 return (error); 246 } 247