1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26/*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
27/*	  All Rights Reserved  	*/
28
29/*
30 * Copyright (c) 2013, OmniTI Computer Consulting, Inc. All rights reserved.
31 */
32/*
33 * Portions of this source code were derived from Berkeley 4.3 BSD
34 * under license from the Regents of the University of California.
35 */
36
37#include <sys/param.h>
38#include <sys/isa_defs.h>
39#include <sys/types.h>
40#include <sys/sysmacros.h>
41#include <sys/user.h>
42#include <sys/systm.h>
43#include <sys/errno.h>
44#include <sys/fcntl.h>
45#include <sys/stat.h>
46#include <sys/vnode.h>
47#include <sys/vfs.h>
48#include <sys/file.h>
49#include <sys/mode.h>
50#include <sys/uio.h>
51#include <sys/debug.h>
52#include <c2/audit.h>
53
54/*
55 * Common code for openat().  Check permissions, allocate an open
56 * file structure, and call the device open routine (if any).
57 */
58
59static int
60copen(int startfd, char *fname, int filemode, int createmode)
61{
62	struct pathname pn;
63	vnode_t *vp, *sdvp;
64	file_t *fp, *startfp;
65	enum vtype type;
66	int error;
67	int fd, dupfd;
68	vnode_t *startvp;
69	proc_t *p = curproc;
70	uio_seg_t seg = UIO_USERSPACE;
71	char *open_filename = fname;
72	uint32_t auditing = AU_AUDITING();
73	char startchar;
74
75	if (filemode & (FSEARCH|FEXEC)) {
76		/*
77		 * Must be one or the other and neither FREAD nor FWRITE
78		 * Must not be any of FAPPEND FCREAT FTRUNC FXATTR FXATTRDIROPEN
79		 * XXX: Should these just be silently ignored?
80		 */
81		if ((filemode & (FREAD|FWRITE)) ||
82		    (filemode & (FSEARCH|FEXEC)) == (FSEARCH|FEXEC) ||
83		    (filemode & (FAPPEND|FCREAT|FTRUNC|FXATTR|FXATTRDIROPEN)))
84			return (set_errno(EINVAL));
85	}
86
87	if (startfd == AT_FDCWD) {
88		/*
89		 * Regular open()
90		 */
91		startvp = NULL;
92	} else {
93		/*
94		 * We're here via openat()
95		 */
96		if (copyin(fname, &startchar, sizeof (char)))
97			return (set_errno(EFAULT));
98
99		/*
100		 * if startchar is / then startfd is ignored
101		 */
102		if (startchar == '/')
103			startvp = NULL;
104		else {
105			if ((startfp = getf(startfd)) == NULL)
106				return (set_errno(EBADF));
107			startvp = startfp->f_vnode;
108			VN_HOLD(startvp);
109			releasef(startfd);
110		}
111	}
112
113	/*
114	 * Handle __openattrdirat() requests
115	 */
116	if (filemode & FXATTRDIROPEN) {
117		if (auditing && startvp != NULL)
118			audit_setfsat_path(1);
119		if (error = lookupnameat(fname, seg, FOLLOW,
120		    NULLVPP, &vp, startvp))
121			return (set_errno(error));
122		if (startvp != NULL)
123			VN_RELE(startvp);
124
125		startvp = vp;
126	}
127
128	/*
129	 * Do we need to go into extended attribute space?
130	 */
131	if (filemode & FXATTR) {
132		if (startfd == AT_FDCWD) {
133			if (copyin(fname, &startchar, sizeof (char)))
134				return (set_errno(EFAULT));
135
136			/*
137			 * If startchar == '/' then no extended attributes
138			 * are looked up.
139			 */
140			if (startchar == '/') {
141				startvp = NULL;
142			} else {
143				mutex_enter(&p->p_lock);
144				startvp = PTOU(p)->u_cdir;
145				VN_HOLD(startvp);
146				mutex_exit(&p->p_lock);
147			}
148		}
149
150		/*
151		 * Make sure we have a valid extended attribute request.
152		 * We must either have a real fd or AT_FDCWD and a relative
153		 * pathname.
154		 */
155		if (startvp == NULL) {
156			goto noxattr;
157		}
158	}
159
160	if (filemode & (FXATTR|FXATTRDIROPEN)) {
161		vattr_t vattr;
162
163		if (error = pn_get(fname, UIO_USERSPACE, &pn)) {
164			goto out;
165		}
166
167		/*
168		 * In order to access hidden attribute directory the
169		 * user must be able to stat() the file
170		 */
171		vattr.va_mask = AT_ALL;
172		if (error = VOP_GETATTR(startvp, &vattr, 0, CRED(), NULL)) {
173			pn_free(&pn);
174			goto out;
175		}
176
177		if ((startvp->v_vfsp->vfs_flag & VFS_XATTR) != 0 ||
178		    vfs_has_feature(startvp->v_vfsp, VFSFT_SYSATTR_VIEWS)) {
179			error = VOP_LOOKUP(startvp, "", &sdvp, &pn,
180			    (filemode & FXATTRDIROPEN) ? LOOKUP_XATTR :
181			    LOOKUP_XATTR|CREATE_XATTR_DIR, rootvp, CRED(),
182			    NULL, NULL, NULL);
183		} else {
184			error = EINVAL;
185		}
186
187		/*
188		 * For __openattrdirat() use "." as filename to open
189		 * as part of vn_openat()
190		 */
191		if (error == 0 && (filemode & FXATTRDIROPEN)) {
192			open_filename = ".";
193			seg = UIO_SYSSPACE;
194		}
195
196		pn_free(&pn);
197		if (error != 0)
198			goto out;
199
200		VN_RELE(startvp);
201		startvp = sdvp;
202	}
203
204noxattr:
205	if ((filemode & (FREAD|FWRITE|FSEARCH|FEXEC|FXATTRDIROPEN)) != 0) {
206		if ((filemode & (FNONBLOCK|FNDELAY)) == (FNONBLOCK|FNDELAY))
207			filemode &= ~FNDELAY;
208		error = falloc((vnode_t *)NULL, filemode, &fp, &fd);
209		if (error == 0) {
210			if (auditing && startvp != NULL)
211				audit_setfsat_path(1);
212			/*
213			 * Last arg is a don't-care term if
214			 * !(filemode & FCREAT).
215			 */
216			error = vn_openat(open_filename, seg, filemode,
217			    (int)(createmode & MODEMASK),
218			    &vp, CRCREAT, PTOU(curproc)->u_cmask,
219			    startvp, fd);
220
221			if (startvp != NULL)
222				VN_RELE(startvp);
223			if (error == 0) {
224				if ((vp->v_flag & VDUP) == 0) {
225					fp->f_vnode = vp;
226					mutex_exit(&fp->f_tlock);
227					/*
228					 * We must now fill in the slot
229					 * falloc reserved.
230					 */
231					setf(fd, fp);
232					if ((filemode & FCLOEXEC) != 0) {
233						f_setfd(fd, FD_CLOEXEC);
234					}
235					return (fd);
236				} else {
237					/*
238					 * Special handling for /dev/fd.
239					 * Give up the file pointer
240					 * and dup the indicated file descriptor
241					 * (in v_rdev). This is ugly, but I've
242					 * seen worse.
243					 */
244					unfalloc(fp);
245					dupfd = getminor(vp->v_rdev);
246					type = vp->v_type;
247					mutex_enter(&vp->v_lock);
248					vp->v_flag &= ~VDUP;
249					mutex_exit(&vp->v_lock);
250					VN_RELE(vp);
251					if (type != VCHR)
252						return (set_errno(EINVAL));
253					if ((fp = getf(dupfd)) == NULL) {
254						setf(fd, NULL);
255						return (set_errno(EBADF));
256					}
257					mutex_enter(&fp->f_tlock);
258					fp->f_count++;
259					mutex_exit(&fp->f_tlock);
260					setf(fd, fp);
261					if ((filemode & FCLOEXEC) != 0) {
262						f_setfd(fd, FD_CLOEXEC);
263					}
264					releasef(dupfd);
265				}
266				return (fd);
267			} else {
268				setf(fd, NULL);
269				unfalloc(fp);
270				return (set_errno(error));
271			}
272		}
273	} else {
274		error = EINVAL;
275	}
276out:
277	if (startvp != NULL)
278		VN_RELE(startvp);
279	return (set_errno(error));
280}
281
282#define	OPENMODE32(fmode)	(((fmode) & (FSEARCH | FEXEC))? \
283				    (fmode) : (fmode) - FOPEN)
284#define	OPENMODE64(fmode)	(OPENMODE32(fmode) | FOFFMAX)
285#ifdef _LP64
286#define	OPENMODE(fmode)		OPENMODE64(fmode)
287#else
288#define	OPENMODE(fmode)		OPENMODE32(fmode)
289#endif
290
291/*
292 * Open a file.
293 */
294int
295openat(int fd, char *path, int fmode, int cmode)
296{
297	return (copen(fd, path, OPENMODE(fmode), cmode));
298}
299
300int
301open(char *path, int fmode, int cmode)
302{
303	return (openat(AT_FDCWD, path, fmode, cmode));
304}
305
306#if defined(_ILP32) || defined(_SYSCALL32_IMPL)
307/*
308 * Open for large files in 32-bit environment. Sets the FOFFMAX flag.
309 */
310int
311openat64(int fd, char *path, int fmode, int cmode)
312{
313	return (copen(fd, path, OPENMODE64(fmode), cmode));
314}
315
316int
317open64(char *path, int fmode, int cmode)
318{
319	return (openat64(AT_FDCWD, path, fmode, cmode));
320}
321
322#endif	/* _ILP32 || _SYSCALL32_IMPL */
323
324#ifdef _SYSCALL32_IMPL
325/*
326 * Open for 32-bit compatibility on 64-bit kernel
327 */
328int
329openat32(int fd, char *path, int fmode, int cmode)
330{
331	return (copen(fd, path, OPENMODE32(fmode), cmode));
332}
333
334int
335open32(char *path, int fmode, int cmode)
336{
337	return (openat32(AT_FDCWD, path, fmode, cmode));
338}
339
340#endif	/* _SYSCALL32_IMPL */
341