3482 lines
93 KiB
C
3482 lines
93 KiB
C
|
/*
|
||
|
* Copyright (c) 2004-2012 Apple Inc. All rights reserved.
|
||
|
*
|
||
|
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
|
||
|
*
|
||
|
* This file contains Original Code and/or Modifications of Original Code
|
||
|
* as defined in and that are subject to the Apple Public Source License
|
||
|
* Version 2.0 (the 'License'). You may not use this file except in
|
||
|
* compliance with the License. The rights granted to you under the License
|
||
|
* may not be used to create, or enable the creation or redistribution of,
|
||
|
* unlawful or unlicensed copies of an Apple operating system, or to
|
||
|
* circumvent, violate, or enable the circumvention or violation of, any
|
||
|
* terms of an Apple operating system software license agreement.
|
||
|
*
|
||
|
* Please obtain a copy of the License at
|
||
|
* http://www.opensource.apple.com/apsl/ and read it before using this file.
|
||
|
*
|
||
|
* The Original Code and all software distributed under the License are
|
||
|
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
|
||
|
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
|
||
|
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
|
||
|
* Please see the License for the specific language governing rights and
|
||
|
* limitations under the License.
|
||
|
*
|
||
|
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
|
||
|
*/
|
||
|
/*
|
||
|
* NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
|
||
|
* support for mandatory and extensible security protections. This notice
|
||
|
* is included in support of clause 2.2 (b) of the Apple Public License,
|
||
|
* Version 2.0.
|
||
|
*/
|
||
|
|
||
|
#include <sys/param.h>
|
||
|
|
||
|
#include <sys/fcntl.h>
|
||
|
#include <sys/fsevents.h>
|
||
|
#include <sys/kernel.h>
|
||
|
#include <sys/kauth.h>
|
||
|
#include <kern/kalloc.h>
|
||
|
#include <sys/mount_internal.h>
|
||
|
#include <sys/namei.h>
|
||
|
#include <sys/proc_internal.h>
|
||
|
#include <sys/stat.h>
|
||
|
#include <sys/uio.h>
|
||
|
#include <sys/utfconv.h>
|
||
|
#include <sys/vnode.h>
|
||
|
#include <sys/vnode_internal.h>
|
||
|
#include <sys/xattr.h>
|
||
|
|
||
|
#include <libkern/OSByteOrder.h>
|
||
|
#include <vm/vm_kern.h>
|
||
|
|
||
|
#if CONFIG_MACF
|
||
|
#include <security/mac_framework.h>
|
||
|
#endif
|
||
|
|
||
|
|
||
|
#if NAMEDSTREAMS
|
||
|
|
||
|
static int shadow_sequence;
|
||
|
|
||
|
/*
|
||
|
* We use %p to prevent loss of precision for pointers on varying architectures.
|
||
|
*/
|
||
|
|
||
|
#define SHADOW_NAME_FMT ".vfs_rsrc_stream_%p%08x%p"
|
||
|
#define SHADOW_DIR_FMT ".vfs_rsrc_streams_%p%x"
|
||
|
#define SHADOW_DIR_CONTAINER "/var/run"
|
||
|
|
||
|
#define MAKE_SHADOW_NAME(VP, NAME) \
|
||
|
snprintf((NAME), sizeof((NAME)), (SHADOW_NAME_FMT), \
|
||
|
((void*)(VM_KERNEL_ADDRPERM(VP))), \
|
||
|
(VP)->v_id, \
|
||
|
((void*)(VM_KERNEL_ADDRPERM((VP)->v_data))))
|
||
|
|
||
|
/* The full path to the shadow directory */
|
||
|
#define MAKE_SHADOW_DIRNAME(VP, NAME) \
|
||
|
snprintf((NAME), sizeof((NAME)), (SHADOW_DIR_CONTAINER "/" SHADOW_DIR_FMT), \
|
||
|
((void*)(VM_KERNEL_ADDRPERM(VP))), shadow_sequence)
|
||
|
|
||
|
/* The shadow directory as a 'leaf' entry */
|
||
|
#define MAKE_SHADOW_DIR_LEAF(VP, NAME) \
|
||
|
snprintf((NAME), sizeof((NAME)), (SHADOW_DIR_FMT), \
|
||
|
((void*)(VM_KERNEL_ADDRPERM(VP))), shadow_sequence)
|
||
|
|
||
|
static int default_getnamedstream(vnode_t vp, vnode_t *svpp, const char *name, enum nsoperation op, vfs_context_t context);
|
||
|
|
||
|
static int default_makenamedstream(vnode_t vp, vnode_t *svpp, const char *name, vfs_context_t context);
|
||
|
|
||
|
static int default_removenamedstream(vnode_t vp, const char *name, vfs_context_t context);
|
||
|
|
||
|
static int getshadowfile(vnode_t vp, vnode_t *svpp, int makestream, size_t *rsrcsize, int *creator, vfs_context_t context);
|
||
|
|
||
|
static int get_shadow_dir(vnode_t *sdvpp);
|
||
|
|
||
|
#endif /* NAMEDSTREAMS */
|
||
|
|
||
|
/*
|
||
|
* Default xattr support routines.
|
||
|
*/
|
||
|
|
||
|
static int default_getxattr(vnode_t vp, const char *name, uio_t uio, size_t *size, int options,
|
||
|
vfs_context_t context);
|
||
|
static int default_setxattr(vnode_t vp, const char *name, uio_t uio, int options,
|
||
|
vfs_context_t context);
|
||
|
static int default_listxattr(vnode_t vp, uio_t uio, size_t *size, int options,
|
||
|
vfs_context_t context);
|
||
|
static int default_removexattr(vnode_t vp, const char *name, int options,
|
||
|
vfs_context_t context);
|
||
|
|
||
|
/*
|
||
|
* Retrieve the data of an extended attribute.
|
||
|
*/
|
||
|
int
|
||
|
vn_getxattr(vnode_t vp, const char *name, uio_t uio, size_t *size,
|
||
|
int options, vfs_context_t context)
|
||
|
{
|
||
|
int error;
|
||
|
|
||
|
if (!XATTR_VNODE_SUPPORTED(vp)) {
|
||
|
return EPERM;
|
||
|
}
|
||
|
#if NAMEDSTREAMS
|
||
|
/* getxattr calls are not allowed for streams. */
|
||
|
if (vp->v_flag & VISNAMEDSTREAM) {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
#endif
|
||
|
/*
|
||
|
* Non-kernel request need extra checks performed.
|
||
|
*
|
||
|
* The XATTR_NOSECURITY flag implies a kernel request.
|
||
|
*/
|
||
|
if (!(options & XATTR_NOSECURITY)) {
|
||
|
#if CONFIG_MACF
|
||
|
error = mac_vnode_check_getextattr(context, vp, name, uio);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
#endif /* MAC */
|
||
|
if ((error = xattr_validatename(name))) {
|
||
|
goto out;
|
||
|
}
|
||
|
if ((error = vnode_authorize(vp, NULL, KAUTH_VNODE_READ_EXTATTRIBUTES, context))) {
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* The offset can only be non-zero for resource forks. */
|
||
|
if (uio_offset(uio) != 0 &&
|
||
|
strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) != 0) {
|
||
|
error = EINVAL;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
error = VNOP_GETXATTR(vp, name, uio, size, options, context);
|
||
|
if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) {
|
||
|
/*
|
||
|
* A filesystem may keep some EAs natively and return ENOTSUP for others.
|
||
|
*/
|
||
|
error = default_getxattr(vp, name, uio, size, options, context);
|
||
|
}
|
||
|
out:
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Set the data of an extended attribute.
|
||
|
*/
|
||
|
int
|
||
|
vn_setxattr(vnode_t vp, const char *name, uio_t uio, int options, vfs_context_t context)
|
||
|
{
|
||
|
int error;
|
||
|
|
||
|
if (!XATTR_VNODE_SUPPORTED(vp)) {
|
||
|
return EPERM;
|
||
|
}
|
||
|
#if NAMEDSTREAMS
|
||
|
/* setxattr calls are not allowed for streams. */
|
||
|
if (vp->v_flag & VISNAMEDSTREAM) {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
#endif
|
||
|
if ((options & (XATTR_REPLACE | XATTR_CREATE)) == (XATTR_REPLACE | XATTR_CREATE)) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
if ((error = xattr_validatename(name))) {
|
||
|
return error;
|
||
|
}
|
||
|
if (!(options & XATTR_NOSECURITY)) {
|
||
|
#if CONFIG_MACF
|
||
|
error = mac_vnode_check_setextattr(context, vp, name, uio);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
#endif /* MAC */
|
||
|
error = vnode_authorize(vp, NULL, KAUTH_VNODE_WRITE_EXTATTRIBUTES, context);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
/* The offset can only be non-zero for resource forks. */
|
||
|
if (uio_offset(uio) != 0 &&
|
||
|
strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) != 0) {
|
||
|
error = EINVAL;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
error = VNOP_SETXATTR(vp, name, uio, options, context);
|
||
|
#ifdef DUAL_EAS
|
||
|
/*
|
||
|
* An EJUSTRETURN is from a filesystem which keeps this xattr
|
||
|
* natively as well as in a dot-underscore file. In this case the
|
||
|
* EJUSTRETURN means the filesytem has done nothing, but identifies the
|
||
|
* EA as one which may be represented natively and/or in a DU, and
|
||
|
* since XATTR_CREATE or XATTR_REPLACE was specified, only up here in
|
||
|
* in vn_setxattr can we do the getxattrs needed to ascertain whether
|
||
|
* the XATTR_{CREATE,REPLACE} should yield an error.
|
||
|
*/
|
||
|
if (error == EJUSTRETURN) {
|
||
|
int native = 0, dufile = 0;
|
||
|
size_t sz; /* not used */
|
||
|
|
||
|
native = VNOP_GETXATTR(vp, name, NULL, &sz, 0, context) ? 0 : 1;
|
||
|
dufile = default_getxattr(vp, name, NULL, &sz, 0, context) ? 0 : 1;
|
||
|
if (options & XATTR_CREATE && (native || dufile)) {
|
||
|
error = EEXIST;
|
||
|
goto out;
|
||
|
}
|
||
|
if (options & XATTR_REPLACE && !(native || dufile)) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
/*
|
||
|
* Having determined no CREATE/REPLACE error should result, we
|
||
|
* zero those bits, so both backing stores get written to.
|
||
|
*/
|
||
|
options &= ~(XATTR_CREATE | XATTR_REPLACE);
|
||
|
error = VNOP_SETXATTR(vp, name, uio, options, context);
|
||
|
/* the mainline path here is to have error==ENOTSUP ... */
|
||
|
}
|
||
|
#endif /* DUAL_EAS */
|
||
|
if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) {
|
||
|
/*
|
||
|
* A filesystem may keep some EAs natively and return ENOTSUP for others.
|
||
|
*/
|
||
|
error = default_setxattr(vp, name, uio, options, context);
|
||
|
}
|
||
|
#if CONFIG_MACF
|
||
|
if ((error == 0) && !(options & XATTR_NOSECURITY)) {
|
||
|
mac_vnode_notify_setextattr(context, vp, name, uio);
|
||
|
if (vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL) {
|
||
|
mac_vnode_label_update_extattr(vnode_mount(vp), vp, name);
|
||
|
}
|
||
|
}
|
||
|
#endif
|
||
|
out:
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Remove an extended attribute.
|
||
|
*/
|
||
|
int
|
||
|
vn_removexattr(vnode_t vp, const char * name, int options, vfs_context_t context)
|
||
|
{
|
||
|
int error;
|
||
|
|
||
|
if (!XATTR_VNODE_SUPPORTED(vp)) {
|
||
|
return EPERM;
|
||
|
}
|
||
|
#if NAMEDSTREAMS
|
||
|
/* removexattr calls are not allowed for streams. */
|
||
|
if (vp->v_flag & VISNAMEDSTREAM) {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
#endif
|
||
|
if ((error = xattr_validatename(name))) {
|
||
|
return error;
|
||
|
}
|
||
|
if (!(options & XATTR_NOSECURITY)) {
|
||
|
#if CONFIG_MACF
|
||
|
error = mac_vnode_check_deleteextattr(context, vp, name);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
#endif /* MAC */
|
||
|
error = vnode_authorize(vp, NULL, KAUTH_VNODE_WRITE_EXTATTRIBUTES, context);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
error = VNOP_REMOVEXATTR(vp, name, options, context);
|
||
|
if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) {
|
||
|
/*
|
||
|
* A filesystem may keep some EAs natively and return ENOTSUP for others.
|
||
|
*/
|
||
|
error = default_removexattr(vp, name, options, context);
|
||
|
#ifdef DUAL_EAS
|
||
|
} else if (error == EJUSTRETURN) {
|
||
|
/*
|
||
|
* EJUSTRETURN is from a filesystem which keeps this xattr natively as well
|
||
|
* as in a dot-underscore file. EJUSTRETURN means the filesytem did remove
|
||
|
* a native xattr, so failure to find it in a DU file during
|
||
|
* default_removexattr should not be considered an error.
|
||
|
*/
|
||
|
error = default_removexattr(vp, name, options, context);
|
||
|
if (error == ENOATTR) {
|
||
|
error = 0;
|
||
|
}
|
||
|
#endif /* DUAL_EAS */
|
||
|
}
|
||
|
#if CONFIG_MACF
|
||
|
if ((error == 0) && !(options & XATTR_NOSECURITY)) {
|
||
|
mac_vnode_notify_deleteextattr(context, vp, name);
|
||
|
if (vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL) {
|
||
|
mac_vnode_label_update_extattr(vnode_mount(vp), vp, name);
|
||
|
}
|
||
|
}
|
||
|
#endif
|
||
|
out:
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Retrieve the list of extended attribute names.
|
||
|
*/
|
||
|
int
|
||
|
vn_listxattr(vnode_t vp, uio_t uio, size_t *size, int options, vfs_context_t context)
|
||
|
{
|
||
|
int error;
|
||
|
|
||
|
if (!XATTR_VNODE_SUPPORTED(vp)) {
|
||
|
return EPERM;
|
||
|
}
|
||
|
#if NAMEDSTREAMS
|
||
|
/* listxattr calls are not allowed for streams. */
|
||
|
if (vp->v_flag & VISNAMEDSTREAM) {
|
||
|
return EPERM;
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
if (!(options & XATTR_NOSECURITY)) {
|
||
|
#if CONFIG_MACF
|
||
|
error = mac_vnode_check_listextattr(context, vp);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
#endif /* MAC */
|
||
|
|
||
|
error = vnode_authorize(vp, NULL, KAUTH_VNODE_READ_EXTATTRIBUTES, context);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
error = VNOP_LISTXATTR(vp, uio, size, options, context);
|
||
|
if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) {
|
||
|
/*
|
||
|
* A filesystem may keep some but not all EAs natively, in which case
|
||
|
* the native EA names will have been uiomove-d out (or *size updated)
|
||
|
* and the default_listxattr here will finish the job.
|
||
|
*/
|
||
|
error = default_listxattr(vp, uio, size, options, context);
|
||
|
}
|
||
|
out:
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
int
|
||
|
xattr_validatename(const char *name)
|
||
|
{
|
||
|
size_t namelen;
|
||
|
|
||
|
if (name == NULL || name[0] == '\0') {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
namelen = strlen(name);
|
||
|
|
||
|
if (utf8_validatestr((const unsigned char *)name, namelen) != 0) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Determine whether an EA is a protected system attribute.
|
||
|
*/
|
||
|
int
|
||
|
xattr_protected(const char *attrname)
|
||
|
{
|
||
|
return !strncmp(attrname, "com.apple.system.", 17);
|
||
|
}
|
||
|
|
||
|
|
||
|
static void
|
||
|
vnode_setasnamedstream_internal(vnode_t vp, vnode_t svp)
|
||
|
{
|
||
|
uint32_t streamflags = VISNAMEDSTREAM;
|
||
|
|
||
|
if ((vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) == 0) {
|
||
|
streamflags |= VISSHADOW;
|
||
|
}
|
||
|
|
||
|
/* Tag the vnode. */
|
||
|
vnode_lock_spin(svp);
|
||
|
svp->v_flag |= streamflags;
|
||
|
vnode_unlock(svp);
|
||
|
|
||
|
/* Tag the parent so we know to flush credentials for streams on setattr */
|
||
|
vnode_lock_spin(vp);
|
||
|
vp->v_lflag |= VL_HASSTREAMS;
|
||
|
vnode_unlock(vp);
|
||
|
|
||
|
/* Make the file it's parent.
|
||
|
* Note: This parent link helps us distinguish vnodes for
|
||
|
* shadow stream files from vnodes for resource fork on file
|
||
|
* systems that support namedstream natively (both have
|
||
|
* VISNAMEDSTREAM set) by allowing access to mount structure
|
||
|
* for checking MNTK_NAMED_STREAMS bit at many places in the
|
||
|
* code.
|
||
|
*/
|
||
|
vnode_update_identity(svp, vp, NULL, 0, 0, VNODE_UPDATE_NAMEDSTREAM_PARENT);
|
||
|
|
||
|
if (vnode_isdyldsharedcache(vp)) {
|
||
|
vnode_lock_spin(svp);
|
||
|
svp->v_flag |= VSHARED_DYLD;
|
||
|
vnode_unlock(svp);
|
||
|
}
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
errno_t
|
||
|
vnode_setasnamedstream(vnode_t vp, vnode_t svp)
|
||
|
{
|
||
|
if ((vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) == 0) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
vnode_setasnamedstream_internal(vp, svp);
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
#if NAMEDSTREAMS
|
||
|
|
||
|
/*
|
||
|
* Obtain a named stream from vnode vp.
|
||
|
*/
|
||
|
errno_t
|
||
|
vnode_getnamedstream(vnode_t vp, vnode_t *svpp, const char *name, enum nsoperation op, int flags, vfs_context_t context)
|
||
|
{
|
||
|
int error;
|
||
|
|
||
|
if (vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) {
|
||
|
error = VNOP_GETNAMEDSTREAM(vp, svpp, name, op, flags, context);
|
||
|
} else {
|
||
|
if (flags) {
|
||
|
error = ENOTSUP;
|
||
|
} else {
|
||
|
error = default_getnamedstream(vp, svpp, name, op, context);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (error == 0) {
|
||
|
vnode_setasnamedstream_internal(vp, *svpp);
|
||
|
}
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Make a named stream for vnode vp.
|
||
|
*/
|
||
|
errno_t
|
||
|
vnode_makenamedstream(vnode_t vp, vnode_t *svpp, const char *name, int flags, vfs_context_t context)
|
||
|
{
|
||
|
int error;
|
||
|
|
||
|
if (vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) {
|
||
|
error = VNOP_MAKENAMEDSTREAM(vp, svpp, name, flags, context);
|
||
|
} else {
|
||
|
error = default_makenamedstream(vp, svpp, name, context);
|
||
|
}
|
||
|
|
||
|
if (error == 0) {
|
||
|
vnode_setasnamedstream_internal(vp, *svpp);
|
||
|
}
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Remove a named stream from vnode vp.
|
||
|
*/
|
||
|
errno_t
|
||
|
vnode_removenamedstream(vnode_t vp, vnode_t svp, const char *name, int flags, vfs_context_t context)
|
||
|
{
|
||
|
int error;
|
||
|
|
||
|
if (vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) {
|
||
|
error = VNOP_REMOVENAMEDSTREAM(vp, svp, name, flags, context);
|
||
|
} else {
|
||
|
error = default_removenamedstream(vp, name, context);
|
||
|
}
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
#define NS_IOBUFSIZE (128 * 1024)
|
||
|
|
||
|
/*
|
||
|
* Release a named stream shadow file.
|
||
|
*
|
||
|
* Note: This function is called from two places where we do not need
|
||
|
* to check if the vnode has any references held before deleting the
|
||
|
* shadow file. Once from vclean() when the vnode is being reclaimed
|
||
|
* and we do not hold any references on the vnode. Second time from
|
||
|
* default_getnamedstream() when we get an error during shadow stream
|
||
|
* file initialization so that other processes who are waiting for the
|
||
|
* shadow stream file initialization by the creator will get opportunity
|
||
|
* to create and initialize the file again.
|
||
|
*/
|
||
|
errno_t
|
||
|
vnode_relenamedstream(vnode_t vp, vnode_t svp)
|
||
|
{
|
||
|
vnode_t dvp;
|
||
|
struct componentname cn;
|
||
|
char tmpname[80];
|
||
|
errno_t err;
|
||
|
|
||
|
/*
|
||
|
* We need to use the kernel context here. If we used the supplied
|
||
|
* VFS context we have no clue whether or not it originated from userland
|
||
|
* where it could be subject to a chroot jail. We need to ensure that all
|
||
|
* filesystem access to shadow files is done on the same FS regardless of
|
||
|
* userland process restrictions.
|
||
|
*/
|
||
|
vfs_context_t kernelctx = vfs_context_kernel();
|
||
|
|
||
|
cache_purge(svp);
|
||
|
|
||
|
vnode_lock(svp);
|
||
|
MAKE_SHADOW_NAME(vp, tmpname);
|
||
|
vnode_unlock(svp);
|
||
|
|
||
|
cn.cn_nameiop = DELETE;
|
||
|
cn.cn_flags = ISLASTCN;
|
||
|
cn.cn_context = kernelctx;
|
||
|
cn.cn_pnbuf = tmpname;
|
||
|
cn.cn_pnlen = sizeof(tmpname);
|
||
|
cn.cn_nameptr = cn.cn_pnbuf;
|
||
|
cn.cn_namelen = (int)strlen(tmpname);
|
||
|
|
||
|
/*
|
||
|
* Obtain the vnode for the shadow files directory. Make sure to
|
||
|
* use the kernel ctx as described above.
|
||
|
*/
|
||
|
err = get_shadow_dir(&dvp);
|
||
|
if (err != 0) {
|
||
|
return err;
|
||
|
}
|
||
|
|
||
|
(void) VNOP_REMOVE(dvp, svp, &cn, 0, kernelctx);
|
||
|
vnode_put(dvp);
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Flush a named stream shadow file.
|
||
|
*
|
||
|
* 'vp' represents the AppleDouble file.
|
||
|
* 'svp' represents the shadow file.
|
||
|
*/
|
||
|
errno_t
|
||
|
vnode_flushnamedstream(vnode_t vp, vnode_t svp, vfs_context_t context)
|
||
|
{
|
||
|
struct vnode_attr va;
|
||
|
uio_t auio = NULL;
|
||
|
caddr_t bufptr = NULL;
|
||
|
size_t bufsize = 0;
|
||
|
size_t offset;
|
||
|
size_t iosize;
|
||
|
size_t datasize;
|
||
|
int error;
|
||
|
/*
|
||
|
* The kernel context must be used for all I/O to the shadow file
|
||
|
* and its namespace operations
|
||
|
*/
|
||
|
vfs_context_t kernelctx = vfs_context_kernel();
|
||
|
|
||
|
/* The supplied context is used for access to the AD file itself */
|
||
|
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_data_size);
|
||
|
if (VNOP_GETATTR(svp, &va, context) != 0 ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_data_size)) {
|
||
|
return 0;
|
||
|
}
|
||
|
if (va.va_data_size > UINT32_MAX) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
datasize = (size_t)va.va_data_size;
|
||
|
if (datasize == 0) {
|
||
|
(void) default_removexattr(vp, XATTR_RESOURCEFORK_NAME, 0, context);
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
iosize = bufsize = MIN(datasize, NS_IOBUFSIZE);
|
||
|
bufptr = kalloc_data(bufsize, Z_WAITOK);
|
||
|
if (bufptr == NULL) {
|
||
|
return ENOMEM;
|
||
|
}
|
||
|
auio = uio_create(1, 0, UIO_SYSSPACE, UIO_READ);
|
||
|
offset = 0;
|
||
|
|
||
|
/*
|
||
|
* Copy the shadow stream file data into the resource fork.
|
||
|
*/
|
||
|
error = VNOP_OPEN(svp, 0, kernelctx);
|
||
|
if (error) {
|
||
|
printf("vnode_flushnamedstream: err %d opening file\n", error);
|
||
|
goto out;
|
||
|
}
|
||
|
while (offset < datasize) {
|
||
|
iosize = MIN(datasize - offset, iosize);
|
||
|
|
||
|
uio_reset(auio, offset, UIO_SYSSPACE, UIO_READ);
|
||
|
uio_addiov(auio, (uintptr_t)bufptr, iosize);
|
||
|
error = VNOP_READ(svp, auio, 0, kernelctx);
|
||
|
if (error) {
|
||
|
break;
|
||
|
}
|
||
|
/* Since there's no truncate xattr we must remove the resource fork. */
|
||
|
if (offset == 0) {
|
||
|
error = default_removexattr(vp, XATTR_RESOURCEFORK_NAME, 0, context);
|
||
|
if ((error != 0) && (error != ENOATTR)) {
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
uio_reset(auio, offset, UIO_SYSSPACE, UIO_WRITE);
|
||
|
uio_addiov(auio, (uintptr_t)bufptr, iosize);
|
||
|
error = vn_setxattr(vp, XATTR_RESOURCEFORK_NAME, auio, XATTR_NOSECURITY, context);
|
||
|
if (error) {
|
||
|
break;
|
||
|
}
|
||
|
offset += iosize;
|
||
|
}
|
||
|
|
||
|
/* close shadowfile */
|
||
|
(void) VNOP_CLOSE(svp, 0, kernelctx);
|
||
|
out:
|
||
|
kfree_data(bufptr, bufsize);
|
||
|
if (auio) {
|
||
|
uio_free(auio);
|
||
|
}
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Verify that the vnode 'vp' is a vnode that lives in the shadow
|
||
|
* directory. We can't just query the parent pointer directly since
|
||
|
* the shadowfile is hooked up to the actual file it's a stream for.
|
||
|
*/
|
||
|
errno_t
|
||
|
vnode_verifynamedstream(vnode_t vp)
|
||
|
{
|
||
|
int error;
|
||
|
struct vnode *shadow_dvp = NULL;
|
||
|
struct vnode *shadowfile = NULL;
|
||
|
struct componentname cn;
|
||
|
|
||
|
/*
|
||
|
* We need to use the kernel context here. If we used the supplied
|
||
|
* VFS context we have no clue whether or not it originated from userland
|
||
|
* where it could be subject to a chroot jail. We need to ensure that all
|
||
|
* filesystem access to shadow files is done on the same FS regardless of
|
||
|
* userland process restrictions.
|
||
|
*/
|
||
|
vfs_context_t kernelctx = vfs_context_kernel();
|
||
|
char tmpname[80];
|
||
|
|
||
|
|
||
|
/* Get the shadow directory vnode */
|
||
|
error = get_shadow_dir(&shadow_dvp);
|
||
|
if (error) {
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/* Re-generate the shadow name in the buffer */
|
||
|
MAKE_SHADOW_NAME(vp, tmpname);
|
||
|
|
||
|
/* Look up item in shadow dir */
|
||
|
bzero(&cn, sizeof(cn));
|
||
|
cn.cn_nameiop = LOOKUP;
|
||
|
cn.cn_flags = ISLASTCN | CN_ALLOWRSRCFORK;
|
||
|
cn.cn_context = kernelctx;
|
||
|
cn.cn_pnbuf = tmpname;
|
||
|
cn.cn_pnlen = sizeof(tmpname);
|
||
|
cn.cn_nameptr = cn.cn_pnbuf;
|
||
|
cn.cn_namelen = (int)strlen(tmpname);
|
||
|
|
||
|
if (VNOP_LOOKUP(shadow_dvp, &shadowfile, &cn, kernelctx) == 0) {
|
||
|
/* is the pointer the same? */
|
||
|
if (shadowfile == vp) {
|
||
|
error = 0;
|
||
|
} else {
|
||
|
error = EPERM;
|
||
|
}
|
||
|
/* drop the iocount acquired */
|
||
|
vnode_put(shadowfile);
|
||
|
}
|
||
|
|
||
|
/* Drop iocount on shadow dir */
|
||
|
vnode_put(shadow_dvp);
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Access or create the shadow file as needed.
|
||
|
*
|
||
|
* 'makestream' with non-zero value means that we need to guarantee we were the
|
||
|
* creator of the shadow file.
|
||
|
*
|
||
|
* 'context' is the user supplied context for the original VFS operation that
|
||
|
* caused us to need a shadow file.
|
||
|
*
|
||
|
* int pointed to by 'creator' is nonzero if we created the shadowfile.
|
||
|
*/
|
||
|
static int
|
||
|
getshadowfile(vnode_t vp, vnode_t *svpp, int makestream, size_t *rsrcsize,
|
||
|
int *creator, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t dvp = NULLVP;
|
||
|
vnode_t svp = NULLVP;
|
||
|
struct componentname cn;
|
||
|
struct vnode_attr va;
|
||
|
char tmpname[80];
|
||
|
size_t datasize = 0;
|
||
|
int error = 0;
|
||
|
int retries = 0;
|
||
|
vfs_context_t kernelctx = vfs_context_kernel();
|
||
|
|
||
|
retry_create:
|
||
|
*creator = 0;
|
||
|
/* Establish a unique file name. */
|
||
|
MAKE_SHADOW_NAME(vp, tmpname);
|
||
|
bzero(&cn, sizeof(cn));
|
||
|
cn.cn_nameiop = LOOKUP;
|
||
|
cn.cn_flags = ISLASTCN;
|
||
|
cn.cn_context = context;
|
||
|
cn.cn_pnbuf = tmpname;
|
||
|
cn.cn_pnlen = sizeof(tmpname);
|
||
|
cn.cn_nameptr = cn.cn_pnbuf;
|
||
|
cn.cn_namelen = (int)strlen(tmpname);
|
||
|
|
||
|
/* Pick up uid, gid, mode and date from original file. */
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_uid);
|
||
|
VATTR_WANTED(&va, va_gid);
|
||
|
VATTR_WANTED(&va, va_mode);
|
||
|
VATTR_WANTED(&va, va_create_time);
|
||
|
VATTR_WANTED(&va, va_modify_time);
|
||
|
if (VNOP_GETATTR(vp, &va, context) != 0 ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_uid) ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_gid) ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_mode)) {
|
||
|
va.va_uid = KAUTH_UID_NONE;
|
||
|
va.va_gid = KAUTH_GID_NONE;
|
||
|
va.va_mode = S_IRUSR | S_IWUSR;
|
||
|
}
|
||
|
va.va_vaflags = VA_EXCLUSIVE;
|
||
|
VATTR_SET(&va, va_type, VREG);
|
||
|
/* We no longer change the access, but we still hide it. */
|
||
|
VATTR_SET(&va, va_flags, UF_HIDDEN);
|
||
|
|
||
|
/* Obtain the vnode for the shadow files directory. */
|
||
|
if (get_shadow_dir(&dvp) != 0) {
|
||
|
error = ENOTDIR;
|
||
|
goto out;
|
||
|
}
|
||
|
if (!makestream) {
|
||
|
/* See if someone else already has it open. */
|
||
|
if (VNOP_LOOKUP(dvp, &svp, &cn, kernelctx) == 0) {
|
||
|
/* Double check existence by asking for size. */
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_data_size);
|
||
|
if (VNOP_GETATTR(svp, &va, context) == 0 &&
|
||
|
VATTR_IS_SUPPORTED(&va, va_data_size)) {
|
||
|
goto out; /* OK to use. */
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Otherwise make sure the resource fork data exists.
|
||
|
* Use the supplied context for accessing the AD file.
|
||
|
*/
|
||
|
error = vn_getxattr(vp, XATTR_RESOURCEFORK_NAME, NULL, &datasize,
|
||
|
XATTR_NOSECURITY, context);
|
||
|
/*
|
||
|
* To maintain binary compatibility with legacy Carbon
|
||
|
* emulated resource fork support, if the resource fork
|
||
|
* doesn't exist but the Finder Info does, then act as
|
||
|
* if an empty resource fork is present (see 4724359).
|
||
|
*/
|
||
|
if ((error == ENOATTR) &&
|
||
|
(vn_getxattr(vp, XATTR_FINDERINFO_NAME, NULL, &datasize,
|
||
|
XATTR_NOSECURITY, context) == 0)) {
|
||
|
datasize = 0;
|
||
|
error = 0;
|
||
|
} else {
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/* If the resource fork exists, its size is expected to be non-zero. */
|
||
|
if (datasize == 0) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
/* Create the shadow stream file. */
|
||
|
error = VNOP_CREATE(dvp, &svp, &cn, &va, kernelctx);
|
||
|
if (error == 0) {
|
||
|
vnode_recycle(svp);
|
||
|
*creator = 1;
|
||
|
} else if ((error == EEXIST) && !makestream) {
|
||
|
error = VNOP_LOOKUP(dvp, &svp, &cn, kernelctx);
|
||
|
} else if ((error == ENOENT) && !makestream) {
|
||
|
/*
|
||
|
* We could have raced with a rmdir on the shadow directory
|
||
|
* post-lookup. Retry from the beginning, 1x only, to
|
||
|
* try and see if we need to re-create the shadow directory
|
||
|
* in get_shadow_dir.
|
||
|
*/
|
||
|
if (retries == 0) {
|
||
|
retries++;
|
||
|
if (dvp) {
|
||
|
vnode_put(dvp);
|
||
|
dvp = NULLVP;
|
||
|
}
|
||
|
if (svp) {
|
||
|
vnode_put(svp);
|
||
|
svp = NULLVP;
|
||
|
}
|
||
|
goto retry_create;
|
||
|
}
|
||
|
/* Otherwise, just error out normally below */
|
||
|
}
|
||
|
|
||
|
out:
|
||
|
if (dvp) {
|
||
|
vnode_put(dvp);
|
||
|
}
|
||
|
if (error) {
|
||
|
/* On errors, clean up shadow stream file. */
|
||
|
if (svp) {
|
||
|
vnode_put(svp);
|
||
|
svp = NULLVP;
|
||
|
}
|
||
|
}
|
||
|
*svpp = svp;
|
||
|
if (rsrcsize) {
|
||
|
*rsrcsize = datasize;
|
||
|
}
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
|
||
|
static int
|
||
|
default_getnamedstream(vnode_t vp, vnode_t *svpp, const char *name, enum nsoperation op, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t svp = NULLVP;
|
||
|
uio_t auio = NULL;
|
||
|
caddr_t bufptr = NULL;
|
||
|
size_t bufsize = 0;
|
||
|
size_t datasize = 0;
|
||
|
int creator;
|
||
|
int error;
|
||
|
|
||
|
/* need the kernel context for accessing the shadowfile */
|
||
|
vfs_context_t kernelctx = vfs_context_kernel();
|
||
|
|
||
|
/*
|
||
|
* Only the "com.apple.ResourceFork" stream is supported here.
|
||
|
*/
|
||
|
if (strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) != 0) {
|
||
|
*svpp = NULLVP;
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
retry:
|
||
|
/*
|
||
|
* Obtain a shadow file for the resource fork I/O.
|
||
|
*
|
||
|
* Need to pass along the supplied context so that getshadowfile
|
||
|
* can access the AD file as needed, using it.
|
||
|
*/
|
||
|
error = getshadowfile(vp, &svp, 0, &datasize, &creator, context);
|
||
|
if (error) {
|
||
|
*svpp = NULLVP;
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* The creator of the shadow file provides its file data,
|
||
|
* all other threads should wait until its ready. In order to
|
||
|
* prevent a deadlock during error codepaths, we need to check if the
|
||
|
* vnode is being created, or if it has failed out. Regardless of success or
|
||
|
* failure, we set the VISSHADOW bit on the vnode, so we check that
|
||
|
* if the vnode's flags don't have VISNAMEDSTREAM set. If it doesn't,
|
||
|
* then we can infer the creator isn't done yet. If it's there, but
|
||
|
* VISNAMEDSTREAM is not set, then we can infer it errored out and we should
|
||
|
* try again.
|
||
|
*/
|
||
|
if (!creator) {
|
||
|
vnode_lock(svp);
|
||
|
if (svp->v_flag & VISNAMEDSTREAM) {
|
||
|
/* data is ready, go use it */
|
||
|
vnode_unlock(svp);
|
||
|
goto out;
|
||
|
} else {
|
||
|
/* It's not ready, wait for it (sleep using v_parent as channel) */
|
||
|
if ((svp->v_flag & VISSHADOW)) {
|
||
|
/*
|
||
|
* No VISNAMEDSTREAM, but we did see VISSHADOW, indicating that the other
|
||
|
* thread is done with this vnode. Just unlock the vnode and try again
|
||
|
*/
|
||
|
vnode_unlock(svp);
|
||
|
} else {
|
||
|
/* Otherwise, sleep if the shadow file is not created yet */
|
||
|
msleep((caddr_t)&svp->v_parent, &svp->v_lock, PINOD | PDROP,
|
||
|
"getnamedstream", NULL);
|
||
|
}
|
||
|
vnode_put(svp);
|
||
|
svp = NULLVP;
|
||
|
goto retry;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Copy the real resource fork data into shadow stream file.
|
||
|
*/
|
||
|
if (op == NS_OPEN && datasize != 0) {
|
||
|
size_t offset;
|
||
|
size_t iosize;
|
||
|
|
||
|
iosize = bufsize = MIN(datasize, NS_IOBUFSIZE);
|
||
|
bufptr = kalloc_data(bufsize, Z_WAITOK);
|
||
|
if (bufptr == NULL) {
|
||
|
error = ENOMEM;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
auio = uio_create(1, 0, UIO_SYSSPACE, UIO_READ);
|
||
|
offset = 0;
|
||
|
|
||
|
/* open the shadow file */
|
||
|
error = VNOP_OPEN(svp, 0, kernelctx);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
while (offset < datasize) {
|
||
|
size_t tmpsize;
|
||
|
|
||
|
iosize = MIN(datasize - offset, iosize);
|
||
|
|
||
|
uio_reset(auio, offset, UIO_SYSSPACE, UIO_READ);
|
||
|
uio_addiov(auio, (uintptr_t)bufptr, iosize);
|
||
|
/* use supplied ctx for AD file */
|
||
|
error = vn_getxattr(vp, XATTR_RESOURCEFORK_NAME, auio, &tmpsize,
|
||
|
XATTR_NOSECURITY, context);
|
||
|
if (error) {
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
uio_reset(auio, offset, UIO_SYSSPACE, UIO_WRITE);
|
||
|
uio_addiov(auio, (uintptr_t)bufptr, iosize);
|
||
|
/* kernel context for writing shadowfile */
|
||
|
error = VNOP_WRITE(svp, auio, 0, kernelctx);
|
||
|
if (error) {
|
||
|
break;
|
||
|
}
|
||
|
offset += iosize;
|
||
|
}
|
||
|
|
||
|
/* close shadow file */
|
||
|
(void) VNOP_CLOSE(svp, 0, kernelctx);
|
||
|
}
|
||
|
out:
|
||
|
/* Wake up anyone waiting for svp file content */
|
||
|
if (creator) {
|
||
|
if (error == 0) {
|
||
|
vnode_lock(svp);
|
||
|
/* VISSHADOW would be set later on anyway, so we set it now */
|
||
|
svp->v_flag |= (VISNAMEDSTREAM | VISSHADOW);
|
||
|
wakeup((caddr_t)&svp->v_parent);
|
||
|
vnode_unlock(svp);
|
||
|
} else {
|
||
|
/* On post create errors, get rid of the shadow file. This
|
||
|
* way if there is another process waiting for initialization
|
||
|
* of the shadowfile by the current process will wake up and
|
||
|
* retry by creating and initializing the shadow file again.
|
||
|
* Also add the VISSHADOW bit here to indicate we're done operating
|
||
|
* on this vnode.
|
||
|
*/
|
||
|
(void)vnode_relenamedstream(vp, svp);
|
||
|
vnode_lock(svp);
|
||
|
svp->v_flag |= VISSHADOW;
|
||
|
wakeup((caddr_t)&svp->v_parent);
|
||
|
vnode_unlock(svp);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
kfree_data(bufptr, bufsize);
|
||
|
if (auio) {
|
||
|
uio_free(auio);
|
||
|
}
|
||
|
if (error) {
|
||
|
/* On errors, clean up shadow stream file. */
|
||
|
if (svp) {
|
||
|
vnode_put(svp);
|
||
|
svp = NULLVP;
|
||
|
}
|
||
|
}
|
||
|
*svpp = svp;
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
default_makenamedstream(vnode_t vp, vnode_t *svpp, const char *name, vfs_context_t context)
|
||
|
{
|
||
|
int creator;
|
||
|
int error;
|
||
|
|
||
|
/*
|
||
|
* Only the "com.apple.ResourceFork" stream is supported here.
|
||
|
*/
|
||
|
if (strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) != 0) {
|
||
|
*svpp = NULLVP;
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
|
||
|
/* Supply the context to getshadowfile so it can manipulate the AD file */
|
||
|
error = getshadowfile(vp, svpp, 1, NULL, &creator, context);
|
||
|
|
||
|
/*
|
||
|
* Wake up any waiters over in default_getnamedstream().
|
||
|
*/
|
||
|
if ((error == 0) && (*svpp != NULL) && creator) {
|
||
|
vnode_t svp = *svpp;
|
||
|
|
||
|
vnode_lock(svp);
|
||
|
/* If we're the creator, mark it as a named stream */
|
||
|
svp->v_flag |= (VISNAMEDSTREAM | VISSHADOW);
|
||
|
/* Wakeup any waiters on the v_parent channel */
|
||
|
wakeup((caddr_t)&svp->v_parent);
|
||
|
vnode_unlock(svp);
|
||
|
}
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
default_removenamedstream(vnode_t vp, const char *name, vfs_context_t context)
|
||
|
{
|
||
|
/*
|
||
|
* Only the "com.apple.ResourceFork" stream is supported here.
|
||
|
*/
|
||
|
if (strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) != 0) {
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
/*
|
||
|
* XXX - what about other opened instances?
|
||
|
*/
|
||
|
return default_removexattr(vp, XATTR_RESOURCEFORK_NAME, 0, context);
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
get_shadow_dir(vnode_t *sdvpp)
|
||
|
{
|
||
|
vnode_t dvp = NULLVP;
|
||
|
vnode_t sdvp = NULLVP;
|
||
|
struct componentname cn;
|
||
|
struct vnode_attr va;
|
||
|
char tmpname[80];
|
||
|
uint32_t tmp_fsid;
|
||
|
int error;
|
||
|
vfs_context_t kernelctx = vfs_context_kernel();
|
||
|
|
||
|
bzero(tmpname, sizeof(tmpname));
|
||
|
MAKE_SHADOW_DIRNAME(rootvnode, tmpname);
|
||
|
/*
|
||
|
* Look up the shadow directory to ensure that it still exists.
|
||
|
* By looking it up, we get an iocounted dvp to use, and avoid some coherency issues
|
||
|
* in caching it when multiple threads may be trying to manipulate the pointers.
|
||
|
*
|
||
|
* Make sure to use the kernel context. We want a singular view of
|
||
|
* the shadow dir regardless of chrooted processes.
|
||
|
*/
|
||
|
error = vnode_lookup(tmpname, 0, &sdvp, kernelctx);
|
||
|
if (error == 0) {
|
||
|
/*
|
||
|
* If we get here, then we have successfully looked up the shadow dir,
|
||
|
* and it has an iocount from the lookup. Return the vp in the output argument.
|
||
|
*/
|
||
|
*sdvpp = sdvp;
|
||
|
return 0;
|
||
|
}
|
||
|
/* In the failure case, no iocount is acquired */
|
||
|
sdvp = NULLVP;
|
||
|
bzero(tmpname, sizeof(tmpname));
|
||
|
|
||
|
/*
|
||
|
* Obtain the vnode for "/var/run" directory using the kernel
|
||
|
* context.
|
||
|
*
|
||
|
* This is defined in the SHADOW_DIR_CONTAINER macro
|
||
|
*/
|
||
|
if (vnode_lookup(SHADOW_DIR_CONTAINER, 0, &dvp, kernelctx) != 0) {
|
||
|
error = ENOTSUP;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Create the shadow stream directory.
|
||
|
* 'dvp' below suggests the parent directory so
|
||
|
* we only need to provide the leaf entry name
|
||
|
*/
|
||
|
MAKE_SHADOW_DIR_LEAF(rootvnode, tmpname);
|
||
|
bzero(&cn, sizeof(cn));
|
||
|
cn.cn_nameiop = LOOKUP;
|
||
|
cn.cn_flags = ISLASTCN;
|
||
|
cn.cn_context = kernelctx;
|
||
|
cn.cn_pnbuf = tmpname;
|
||
|
cn.cn_pnlen = sizeof(tmpname);
|
||
|
cn.cn_nameptr = cn.cn_pnbuf;
|
||
|
cn.cn_namelen = (int)strlen(tmpname);
|
||
|
|
||
|
/*
|
||
|
* owned by root, only readable by root, hidden
|
||
|
*/
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_SET(&va, va_uid, 0);
|
||
|
VATTR_SET(&va, va_gid, 0);
|
||
|
VATTR_SET(&va, va_mode, S_IRUSR | S_IXUSR);
|
||
|
VATTR_SET(&va, va_type, VDIR);
|
||
|
VATTR_SET(&va, va_flags, UF_HIDDEN);
|
||
|
va.va_vaflags = VA_EXCLUSIVE;
|
||
|
|
||
|
error = VNOP_MKDIR(dvp, &sdvp, &cn, &va, kernelctx);
|
||
|
|
||
|
/*
|
||
|
* There can be only one winner for an exclusive create.
|
||
|
*/
|
||
|
if (error == EEXIST) {
|
||
|
/* loser has to look up directory */
|
||
|
error = VNOP_LOOKUP(dvp, &sdvp, &cn, kernelctx);
|
||
|
if (error == 0) {
|
||
|
/* Make sure its in fact a directory */
|
||
|
if (sdvp->v_type != VDIR) {
|
||
|
goto baddir;
|
||
|
}
|
||
|
/* Obtain the fsid for /var/run directory */
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_fsid);
|
||
|
if (VNOP_GETATTR(dvp, &va, kernelctx) != 0 ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_fsid)) {
|
||
|
goto baddir;
|
||
|
}
|
||
|
tmp_fsid = va.va_fsid;
|
||
|
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_uid);
|
||
|
VATTR_WANTED(&va, va_gid);
|
||
|
VATTR_WANTED(&va, va_mode);
|
||
|
VATTR_WANTED(&va, va_fsid);
|
||
|
VATTR_WANTED(&va, va_dirlinkcount);
|
||
|
VATTR_WANTED(&va, va_acl);
|
||
|
/* Provide defaults for attrs that may not be supported */
|
||
|
va.va_dirlinkcount = 1;
|
||
|
va.va_acl = (kauth_acl_t) KAUTH_FILESEC_NONE;
|
||
|
|
||
|
if (VNOP_GETATTR(sdvp, &va, kernelctx) != 0 ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_uid) ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_gid) ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_mode) ||
|
||
|
!VATTR_IS_SUPPORTED(&va, va_fsid)) {
|
||
|
goto baddir;
|
||
|
}
|
||
|
/*
|
||
|
* Make sure its what we want:
|
||
|
* - owned by root
|
||
|
* - not writable by anyone
|
||
|
* - on same file system as /var/run
|
||
|
* - not a hard-linked directory
|
||
|
* - no ACLs (they might grant write access)
|
||
|
*/
|
||
|
if ((va.va_uid != 0) || (va.va_gid != 0) ||
|
||
|
(va.va_mode & (S_IWUSR | S_IRWXG | S_IRWXO)) ||
|
||
|
(va.va_fsid != tmp_fsid) ||
|
||
|
(va.va_dirlinkcount != 1) ||
|
||
|
(va.va_acl != (kauth_acl_t) KAUTH_FILESEC_NONE)) {
|
||
|
goto baddir;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
out:
|
||
|
if (dvp) {
|
||
|
vnode_put(dvp);
|
||
|
}
|
||
|
if (error) {
|
||
|
/* On errors, clean up shadow stream directory. */
|
||
|
if (sdvp) {
|
||
|
vnode_put(sdvp);
|
||
|
sdvp = NULLVP;
|
||
|
}
|
||
|
}
|
||
|
*sdvpp = sdvp;
|
||
|
return error;
|
||
|
|
||
|
baddir:
|
||
|
/* This is not the dir we're looking for, move along */
|
||
|
++shadow_sequence; /* try something else next time */
|
||
|
error = ENOTDIR;
|
||
|
goto out;
|
||
|
}
|
||
|
#endif /* NAMEDSTREAMS */
|
||
|
|
||
|
|
||
|
#if CONFIG_APPLEDOUBLE
|
||
|
/*
|
||
|
* Default Implementation (Non-native EA)
|
||
|
*/
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Typical "._" AppleDouble Header File layout:
|
||
|
* ------------------------------------------------------------
|
||
|
* MAGIC 0x00051607
|
||
|
* VERSION 0x00020000
|
||
|
* FILLER 0
|
||
|
* COUNT 2
|
||
|
* .-- AD ENTRY[0] Finder Info Entry (must be first)
|
||
|
* .--+-- AD ENTRY[1] Resource Fork Entry (must be last)
|
||
|
* | '-> FINDER INFO
|
||
|
* | ///////////// Fixed Size Data (32 bytes)
|
||
|
* | EXT ATTR HDR
|
||
|
* | /////////////
|
||
|
* | ATTR ENTRY[0] --.
|
||
|
* | ATTR ENTRY[1] --+--.
|
||
|
* | ATTR ENTRY[2] --+--+--.
|
||
|
* | ... | | |
|
||
|
* | ATTR ENTRY[N] --+--+--+--.
|
||
|
* | ATTR DATA 0 <-' | | |
|
||
|
* | //////////// | | |
|
||
|
* | ATTR DATA 1 <----' | |
|
||
|
* | ///////////// | |
|
||
|
* | ATTR DATA 2 <-------' |
|
||
|
* | ///////////// |
|
||
|
* | ... |
|
||
|
* | ATTR DATA N <----------'
|
||
|
* | /////////////
|
||
|
* | Attribute Free Space
|
||
|
* |
|
||
|
* '----> RESOURCE FORK
|
||
|
* ///////////// Variable Sized Data
|
||
|
* /////////////
|
||
|
* /////////////
|
||
|
* /////////////
|
||
|
* /////////////
|
||
|
* /////////////
|
||
|
* ...
|
||
|
* /////////////
|
||
|
*
|
||
|
* ------------------------------------------------------------
|
||
|
*
|
||
|
* NOTE: The EXT ATTR HDR, ATTR ENTRY's and ATTR DATA's are
|
||
|
* stored as part of the Finder Info. The length in the Finder
|
||
|
* Info AppleDouble entry includes the length of the extended
|
||
|
* attribute header, attribute entries, and attribute data.
|
||
|
*/
|
||
|
|
||
|
/*
|
||
|
* On Disk Data Structures
|
||
|
*
|
||
|
* Note: Motorola 68K alignment and big-endian.
|
||
|
*
|
||
|
* See RFC 1740 for additional information about the AppleDouble file format.
|
||
|
*
|
||
|
*/
|
||
|
|
||
|
#define ADH_MAGIC 0x00051607
|
||
|
#define ADH_VERSION 0x00020000
|
||
|
#define ADH_MACOSX "Mac OS X "
|
||
|
|
||
|
/*
|
||
|
* AppleDouble Entry ID's
|
||
|
*/
|
||
|
#define AD_DATA 1 /* Data fork */
|
||
|
#define AD_RESOURCE 2 /* Resource fork */
|
||
|
#define AD_REALNAME 3 /* File's name on home file system */
|
||
|
#define AD_COMMENT 4 /* Standard Mac comment */
|
||
|
#define AD_ICONBW 5 /* Mac black & white icon */
|
||
|
#define AD_ICONCOLOR 6 /* Mac color icon */
|
||
|
#define AD_UNUSED 7 /* Not used */
|
||
|
#define AD_FILEDATES 8 /* File dates; create, modify, etc */
|
||
|
#define AD_FINDERINFO 9 /* Mac Finder info & extended info */
|
||
|
#define AD_MACINFO 10 /* Mac file info, attributes, etc */
|
||
|
#define AD_PRODOSINFO 11 /* Pro-DOS file info, attrib., etc */
|
||
|
#define AD_MSDOSINFO 12 /* MS-DOS file info, attributes, etc */
|
||
|
#define AD_AFPNAME 13 /* Short name on AFP server */
|
||
|
#define AD_AFPINFO 14 /* AFP file info, attrib., etc */
|
||
|
#define AD_AFPDIRID 15 /* AFP directory ID */
|
||
|
#define AD_ATTRIBUTES AD_FINDERINFO
|
||
|
|
||
|
|
||
|
#define ATTR_FILE_PREFIX "._"
|
||
|
#define ATTR_HDR_MAGIC 0x41545452 /* 'ATTR' */
|
||
|
|
||
|
#define ATTR_BUF_SIZE 4096 /* default size of the attr file and how much we'll grow by */
|
||
|
|
||
|
/* Implementation Limits */
|
||
|
#define ATTR_MAX_SIZE AD_XATTR_MAXSIZE
|
||
|
#define ATTR_MAX_HDR_SIZE 65536
|
||
|
/*
|
||
|
* Note: ATTR_MAX_HDR_SIZE is the largest attribute header
|
||
|
* size supported (including the attribute entries). All of
|
||
|
* the attribute entries must reside within this limit. If
|
||
|
* any of the attribute data crosses the ATTR_MAX_HDR_SIZE
|
||
|
* boundry, then all of the attribute data I/O is performed
|
||
|
* separately from the attribute header I/O.
|
||
|
*
|
||
|
* In particular, all of the attr_entry structures must lie
|
||
|
* completely within the first ATTR_MAX_HDR_SIZE bytes of the
|
||
|
* AppleDouble file. However, the attribute data (i.e. the
|
||
|
* contents of the extended attributes) may extend beyond the
|
||
|
* first ATTR_MAX_HDR_SIZE bytes of the file. Note that this
|
||
|
* limit is to allow the implementation to optimize by reading
|
||
|
* the first ATTR_MAX_HDR_SIZE bytes of the file.
|
||
|
*/
|
||
|
|
||
|
|
||
|
#define FINDERINFOSIZE 32
|
||
|
|
||
|
typedef struct apple_double_entry {
|
||
|
u_int32_t type; /* entry type: see list, 0 invalid */
|
||
|
u_int32_t offset; /* entry data offset from the beginning of the file. */
|
||
|
u_int32_t length; /* entry data length in bytes. */
|
||
|
} __attribute__((aligned(2), packed)) apple_double_entry_t;
|
||
|
|
||
|
|
||
|
typedef struct apple_double_header {
|
||
|
u_int32_t magic; /* == ADH_MAGIC */
|
||
|
u_int32_t version; /* format version: 2 = 0x00020000 */
|
||
|
u_int32_t filler[4];
|
||
|
u_int16_t numEntries; /* number of entries which follow */
|
||
|
apple_double_entry_t entries[2]; /* 'finfo' & 'rsrc' always exist */
|
||
|
u_int8_t finfo[FINDERINFOSIZE]; /* Must start with Finder Info (32 bytes) */
|
||
|
u_int8_t pad[2]; /* get better alignment inside attr_header */
|
||
|
} __attribute__((aligned(2), packed)) apple_double_header_t;
|
||
|
|
||
|
#define ADHDRSIZE (4+4+16+2)
|
||
|
|
||
|
/* Entries are aligned on 4 byte boundaries */
|
||
|
typedef struct attr_entry {
|
||
|
u_int32_t offset; /* file offset to data */
|
||
|
u_int32_t length; /* size of attribute data */
|
||
|
u_int16_t flags;
|
||
|
u_int8_t namelen;
|
||
|
u_int8_t name[1]; /* NULL-terminated UTF-8 name (up to 128 bytes max) */
|
||
|
} __attribute__((aligned(2), packed)) attr_entry_t;
|
||
|
|
||
|
|
||
|
/* Header + entries must fit into 64K. Data may extend beyond 64K. */
|
||
|
typedef struct attr_header {
|
||
|
apple_double_header_t appledouble;
|
||
|
u_int32_t magic; /* == ATTR_HDR_MAGIC */
|
||
|
u_int32_t debug_tag; /* for debugging == file id of owning file */
|
||
|
u_int32_t total_size; /* file offset of end of attribute header + entries + data */
|
||
|
u_int32_t data_start; /* file offset to attribute data area */
|
||
|
u_int32_t data_length; /* length of attribute data area */
|
||
|
u_int32_t reserved[3];
|
||
|
u_int16_t flags;
|
||
|
u_int16_t num_attrs;
|
||
|
} __attribute__((aligned(2), packed)) attr_header_t;
|
||
|
|
||
|
|
||
|
/* Empty Resource Fork Header */
|
||
|
typedef struct rsrcfork_header {
|
||
|
u_int32_t fh_DataOffset;
|
||
|
u_int32_t fh_MapOffset;
|
||
|
u_int32_t fh_DataLength;
|
||
|
u_int32_t fh_MapLength;
|
||
|
u_int8_t systemData[112];
|
||
|
u_int8_t appData[128];
|
||
|
u_int32_t mh_DataOffset;
|
||
|
u_int32_t mh_MapOffset;
|
||
|
u_int32_t mh_DataLength;
|
||
|
u_int32_t mh_MapLength;
|
||
|
u_int32_t mh_Next;
|
||
|
u_int16_t mh_RefNum;
|
||
|
u_int8_t mh_Attr;
|
||
|
u_int8_t mh_InMemoryAttr;
|
||
|
u_int16_t mh_Types;
|
||
|
u_int16_t mh_Names;
|
||
|
u_int16_t typeCount;
|
||
|
} __attribute__((aligned(2), packed)) rsrcfork_header_t;
|
||
|
|
||
|
#define RF_FIRST_RESOURCE 256
|
||
|
#define RF_NULL_MAP_LENGTH 30
|
||
|
#define RF_EMPTY_TAG "This resource fork intentionally left blank "
|
||
|
|
||
|
/* Runtime information about the attribute file. */
|
||
|
typedef struct attr_info {
|
||
|
vfs_context_t context;
|
||
|
vnode_t filevp;
|
||
|
size_t filesize;
|
||
|
size_t iosize;
|
||
|
u_int8_t *rawdata;
|
||
|
size_t rawsize; /* minimum of filesize or ATTR_MAX_HDR_SIZE */
|
||
|
apple_double_header_t *filehdr;
|
||
|
apple_double_entry_t *finderinfo;
|
||
|
apple_double_entry_t *rsrcfork;
|
||
|
attr_header_t *attrhdr;
|
||
|
attr_entry_t *attr_entry;
|
||
|
u_int8_t readonly;
|
||
|
u_int8_t emptyfinderinfo;
|
||
|
} attr_info_t;
|
||
|
|
||
|
|
||
|
#define ATTR_SETTING 1
|
||
|
|
||
|
#define ATTR_ALIGN 3L /* Use four-byte alignment */
|
||
|
|
||
|
#define ATTR_ENTRY_LENGTH(namelen) \
|
||
|
((sizeof(attr_entry_t) - 1 + (namelen) + ATTR_ALIGN) & (~ATTR_ALIGN))
|
||
|
|
||
|
#define ATTR_NEXT(ae) \
|
||
|
(attr_entry_t *)((u_int8_t *)(ae) + ATTR_ENTRY_LENGTH((ae)->namelen))
|
||
|
|
||
|
#define ATTR_VALID(ae, ai) \
|
||
|
((&(ae)->namelen < ((ai).rawdata + (ai).rawsize)) && \
|
||
|
(u_int8_t *)ATTR_NEXT(ae) <= ((ai).rawdata + (ai).rawsize))
|
||
|
|
||
|
#define SWAP16(x) OSSwapBigToHostInt16((x))
|
||
|
#define SWAP32(x) OSSwapBigToHostInt32((x))
|
||
|
#define SWAP64(x) OSSwapBigToHostInt64((x))
|
||
|
|
||
|
|
||
|
static u_int32_t emptyfinfo[8] = {0};
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Local support routines
|
||
|
*/
|
||
|
static void close_xattrfile(vnode_t xvp, int fileflags, vfs_context_t context);
|
||
|
|
||
|
static int open_xattrfile(vnode_t vp, int fileflags, vnode_t *xvpp, vfs_context_t context);
|
||
|
|
||
|
static int create_xattrfile(vnode_t xvp, u_int32_t fileid, vfs_context_t context);
|
||
|
|
||
|
static int remove_xattrfile(vnode_t xvp, vfs_context_t context);
|
||
|
|
||
|
static int get_xattrinfo(vnode_t xvp, int setting, attr_info_t *ainfop, vfs_context_t context);
|
||
|
|
||
|
static void rel_xattrinfo(attr_info_t *ainfop);
|
||
|
|
||
|
static int write_xattrinfo(attr_info_t *ainfop);
|
||
|
|
||
|
static void init_empty_resource_fork(rsrcfork_header_t * rsrcforkhdr);
|
||
|
|
||
|
static int lock_xattrfile(vnode_t xvp, short locktype, vfs_context_t context);
|
||
|
|
||
|
static int unlock_xattrfile(vnode_t xvp, vfs_context_t context);
|
||
|
|
||
|
|
||
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||
|
static void swap_adhdr(apple_double_header_t *adh);
|
||
|
static void swap_attrhdr(attr_header_t *ah, attr_info_t* info);
|
||
|
|
||
|
#else
|
||
|
#define swap_adhdr(x)
|
||
|
#define swap_attrhdr(x, y)
|
||
|
#endif
|
||
|
|
||
|
static int check_and_swap_attrhdr(attr_header_t *ah, attr_info_t* ainfop);
|
||
|
static int shift_data_down(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context);
|
||
|
static int shift_data_up(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context);
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Sanity check and swap the header of an AppleDouble file. Assumes the buffer
|
||
|
* is in big endian (as it would exist on disk). Verifies the following:
|
||
|
* - magic field
|
||
|
* - version field
|
||
|
* - number of entries
|
||
|
* - that each entry fits within the file size
|
||
|
*
|
||
|
* If the header is invalid, ENOATTR is returned.
|
||
|
*
|
||
|
* NOTE: Does not attempt to validate the extended attributes header that
|
||
|
* may be embedded in the Finder Info entry.
|
||
|
*/
|
||
|
static int
|
||
|
check_and_swap_apple_double_header(attr_info_t *ainfop)
|
||
|
{
|
||
|
int i, j;
|
||
|
u_int32_t header_end;
|
||
|
u_int32_t entry_end;
|
||
|
size_t rawsize;
|
||
|
apple_double_header_t *header;
|
||
|
|
||
|
rawsize = ainfop->rawsize;
|
||
|
header = (apple_double_header_t *) ainfop->rawdata;
|
||
|
|
||
|
/* Is the file big enough to contain an AppleDouble header? */
|
||
|
if (rawsize < offsetof(apple_double_header_t, entries)) {
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
|
||
|
/* Swap the AppleDouble header fields to native order */
|
||
|
header->magic = SWAP32(header->magic);
|
||
|
header->version = SWAP32(header->version);
|
||
|
header->numEntries = SWAP16(header->numEntries);
|
||
|
|
||
|
/* Sanity check the AppleDouble header fields */
|
||
|
if (header->magic != ADH_MAGIC ||
|
||
|
header->version != ADH_VERSION ||
|
||
|
header->numEntries < 1 ||
|
||
|
header->numEntries > 15) {
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
|
||
|
/* Calculate where the entries[] array ends */
|
||
|
header_end = offsetof(apple_double_header_t, entries) +
|
||
|
header->numEntries * sizeof(apple_double_entry_t);
|
||
|
|
||
|
/* Is the file big enough to contain the AppleDouble entries? */
|
||
|
if (rawsize < header_end) {
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
|
||
|
/* Swap and sanity check each AppleDouble entry */
|
||
|
for (i = 0; i < header->numEntries; i++) {
|
||
|
/* Swap the per-entry fields to native order */
|
||
|
header->entries[i].type = SWAP32(header->entries[i].type);
|
||
|
header->entries[i].offset = SWAP32(header->entries[i].offset);
|
||
|
header->entries[i].length = SWAP32(header->entries[i].length);
|
||
|
|
||
|
entry_end = header->entries[i].offset + header->entries[i].length;
|
||
|
|
||
|
/*
|
||
|
* Does the entry's content start within the header itself,
|
||
|
* did the addition overflow, or does the entry's content
|
||
|
* extend past the end of the file?
|
||
|
*/
|
||
|
if (header->entries[i].offset < header_end ||
|
||
|
entry_end < header->entries[i].offset ||
|
||
|
entry_end > ainfop->filesize) {
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Does the current entry's content overlap with a previous
|
||
|
* entry's content?
|
||
|
*
|
||
|
* Yes, this is O(N**2), and there are more efficient algorithms
|
||
|
* for testing pairwise overlap of N ranges when N is large.
|
||
|
* But we have already ensured N < 16, and N is almost always 2.
|
||
|
* So there's no point in using a more complex algorithm.
|
||
|
*/
|
||
|
|
||
|
for (j = 0; j < i; j++) {
|
||
|
if (entry_end > header->entries[j].offset &&
|
||
|
header->entries[j].offset + header->entries[j].length > header->entries[i].offset) {
|
||
|
return ENOATTR;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Retrieve the data of an extended attribute.
|
||
|
*/
|
||
|
static int
|
||
|
default_getxattr(vnode_t vp, const char *name, uio_t uio, size_t *size,
|
||
|
__unused int options, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t xvp = NULL;
|
||
|
attr_info_t ainfo;
|
||
|
attr_header_t *header;
|
||
|
attr_entry_t *entry;
|
||
|
u_int8_t *attrdata;
|
||
|
u_int32_t datalen;
|
||
|
size_t namelen;
|
||
|
int isrsrcfork;
|
||
|
int fileflags;
|
||
|
int i;
|
||
|
int error;
|
||
|
|
||
|
fileflags = FREAD;
|
||
|
if (strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) == 0) {
|
||
|
isrsrcfork = 1;
|
||
|
/*
|
||
|
* Open the file locked (shared) since the Carbon
|
||
|
* File Manager may have the Apple Double file open
|
||
|
* and could be changing the resource fork.
|
||
|
*/
|
||
|
fileflags |= O_SHLOCK;
|
||
|
} else {
|
||
|
isrsrcfork = 0;
|
||
|
}
|
||
|
|
||
|
if ((error = open_xattrfile(vp, fileflags, &xvp, context))) {
|
||
|
return error;
|
||
|
}
|
||
|
if ((error = get_xattrinfo(xvp, 0, &ainfo, context))) {
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/* Get the Finder Info. */
|
||
|
if (strncmp(name, XATTR_FINDERINFO_NAME, sizeof(XATTR_FINDERINFO_NAME)) == 0) {
|
||
|
if (ainfo.finderinfo == NULL || ainfo.emptyfinderinfo) {
|
||
|
error = ENOATTR;
|
||
|
} else if (uio == NULL) {
|
||
|
*size = FINDERINFOSIZE;
|
||
|
error = 0;
|
||
|
} else if (uio_offset(uio) != 0) {
|
||
|
error = EINVAL;
|
||
|
} else if (uio_resid(uio) < FINDERINFOSIZE) {
|
||
|
error = ERANGE;
|
||
|
} else {
|
||
|
attrdata = (u_int8_t*)ainfo.filehdr + ainfo.finderinfo->offset;
|
||
|
error = uiomove((caddr_t)attrdata, FINDERINFOSIZE, uio);
|
||
|
}
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/* Read the Resource Fork. */
|
||
|
if (isrsrcfork) {
|
||
|
if (!vnode_isreg(vp)) {
|
||
|
error = EPERM;
|
||
|
} else if (ainfo.rsrcfork == NULL) {
|
||
|
error = ENOATTR;
|
||
|
} else if (uio == NULL) {
|
||
|
*size = (size_t)ainfo.rsrcfork->length;
|
||
|
} else {
|
||
|
uio_setoffset(uio, uio_offset(uio) + ainfo.rsrcfork->offset);
|
||
|
error = VNOP_READ(xvp, uio, 0, context);
|
||
|
if (error == 0) {
|
||
|
uio_setoffset(uio, uio_offset(uio) - ainfo.rsrcfork->offset);
|
||
|
}
|
||
|
}
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
if (ainfo.attrhdr == NULL || ainfo.attr_entry == NULL) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
if (uio_offset(uio) != 0) {
|
||
|
error = EINVAL;
|
||
|
goto out;
|
||
|
}
|
||
|
error = ENOATTR;
|
||
|
namelen = strlen(name) + 1;
|
||
|
header = ainfo.attrhdr;
|
||
|
entry = ainfo.attr_entry;
|
||
|
/*
|
||
|
* Search for attribute name in the header.
|
||
|
*/
|
||
|
for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) {
|
||
|
if (strncmp((const char *)entry->name, name, namelen) == 0) {
|
||
|
datalen = entry->length;
|
||
|
if (uio == NULL) {
|
||
|
*size = datalen;
|
||
|
error = 0;
|
||
|
break;
|
||
|
}
|
||
|
if (uio_resid(uio) < (user_ssize_t)datalen) {
|
||
|
error = ERANGE;
|
||
|
break;
|
||
|
}
|
||
|
if (entry->offset + datalen < ATTR_MAX_HDR_SIZE) {
|
||
|
attrdata = ((u_int8_t *)header + entry->offset);
|
||
|
error = uiomove((caddr_t)attrdata, datalen, uio);
|
||
|
} else {
|
||
|
uio_setoffset(uio, entry->offset);
|
||
|
error = VNOP_READ(xvp, uio, 0, context);
|
||
|
uio_setoffset(uio, 0);
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
entry = ATTR_NEXT(entry);
|
||
|
}
|
||
|
out:
|
||
|
rel_xattrinfo(&ainfo);
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Set the data of an extended attribute.
|
||
|
*/
|
||
|
static int __attribute__((noinline))
|
||
|
default_setxattr(vnode_t vp, const char *name, uio_t uio, int options, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t xvp = NULL;
|
||
|
attr_info_t ainfo;
|
||
|
attr_header_t *header;
|
||
|
attr_entry_t *entry;
|
||
|
attr_entry_t *lastentry;
|
||
|
u_int8_t *attrdata;
|
||
|
size_t datalen;
|
||
|
size_t entrylen;
|
||
|
size_t datafreespace;
|
||
|
int namelen;
|
||
|
int found = 0;
|
||
|
int i;
|
||
|
int splitdata;
|
||
|
int fileflags;
|
||
|
int error;
|
||
|
char finfo[FINDERINFOSIZE];
|
||
|
|
||
|
datalen = uio_resid(uio);
|
||
|
if (datalen > XATTR_MAXSIZE) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
namelen = (int)strlen(name) + 1;
|
||
|
if (namelen > UINT8_MAX) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
entrylen = ATTR_ENTRY_LENGTH(namelen);
|
||
|
|
||
|
/*
|
||
|
* By convention, Finder Info that is all zeroes is equivalent to not
|
||
|
* having a Finder Info EA. So if we're trying to set the Finder Info
|
||
|
* to all zeroes, then delete it instead. If a file didn't have an
|
||
|
* AppleDouble file before, this prevents creating an AppleDouble file
|
||
|
* with no useful content.
|
||
|
*
|
||
|
* If neither XATTR_CREATE nor XATTR_REPLACE were specified, we check
|
||
|
* for all zeroes Finder Info before opening the AppleDouble file.
|
||
|
* But if either of those options were specified, we need to open the
|
||
|
* AppleDouble file to see whether there was already Finder Info (so we
|
||
|
* can return an error if needed); this case is handled further below.
|
||
|
*
|
||
|
* NOTE: this copies the Finder Info data into the "finfo" local.
|
||
|
*/
|
||
|
if (strncmp(name, XATTR_FINDERINFO_NAME, sizeof(XATTR_FINDERINFO_NAME)) == 0) {
|
||
|
/*
|
||
|
* TODO: check the XATTR_CREATE and XATTR_REPLACE flags.
|
||
|
* That means we probably have to open_xattrfile and get_xattrinfo.
|
||
|
*/
|
||
|
if (uio_offset(uio) != 0 || datalen != FINDERINFOSIZE) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
error = uiomove(finfo, (int)datalen, uio);
|
||
|
if (error) {
|
||
|
return error;
|
||
|
}
|
||
|
if ((options & (XATTR_CREATE | XATTR_REPLACE)) == 0 &&
|
||
|
bcmp(finfo, emptyfinfo, FINDERINFOSIZE) == 0) {
|
||
|
error = default_removexattr(vp, name, 0, context);
|
||
|
if (error == ENOATTR) {
|
||
|
error = 0;
|
||
|
}
|
||
|
return error;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
start:
|
||
|
/*
|
||
|
* Open the file locked since setting an attribute
|
||
|
* can change the layout of the Apple Double file.
|
||
|
*/
|
||
|
fileflags = FREAD | FWRITE | O_EXLOCK;
|
||
|
if ((error = open_xattrfile(vp, O_CREAT | fileflags, &xvp, context))) {
|
||
|
return error;
|
||
|
}
|
||
|
if ((error = get_xattrinfo(xvp, ATTR_SETTING, &ainfo, context))) {
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/* Set the Finder Info. */
|
||
|
if (strncmp(name, XATTR_FINDERINFO_NAME, sizeof(XATTR_FINDERINFO_NAME)) == 0) {
|
||
|
if (ainfo.finderinfo && !ainfo.emptyfinderinfo) {
|
||
|
/* attr exists and "create" was specified? */
|
||
|
if (options & XATTR_CREATE) {
|
||
|
error = EEXIST;
|
||
|
goto out;
|
||
|
}
|
||
|
} else {
|
||
|
/* attr doesn't exists and "replace" was specified? */
|
||
|
if (options & XATTR_REPLACE) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
if (options != 0 && bcmp(finfo, emptyfinfo, FINDERINFOSIZE) == 0) {
|
||
|
/*
|
||
|
* Setting the Finder Info to all zeroes is equivalent to
|
||
|
* removing it. Close the xattr file and let
|
||
|
* default_removexattr do the work (including deleting
|
||
|
* the xattr file if there are no other xattrs).
|
||
|
*
|
||
|
* Note that we have to handle the case where the
|
||
|
* Finder Info was already all zeroes, and we ignore
|
||
|
* ENOATTR.
|
||
|
*
|
||
|
* The common case where options == 0 was handled above.
|
||
|
*/
|
||
|
rel_xattrinfo(&ainfo);
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
error = default_removexattr(vp, name, 0, context);
|
||
|
if (error == ENOATTR) {
|
||
|
error = 0;
|
||
|
}
|
||
|
return error;
|
||
|
}
|
||
|
if (ainfo.finderinfo) {
|
||
|
attrdata = (u_int8_t *)ainfo.filehdr + ainfo.finderinfo->offset;
|
||
|
bcopy(finfo, attrdata, datalen);
|
||
|
ainfo.iosize = sizeof(attr_header_t);
|
||
|
error = write_xattrinfo(&ainfo);
|
||
|
goto out;
|
||
|
}
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/* Write the Resource Fork. */
|
||
|
if (strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) == 0) {
|
||
|
off_t endoffset;
|
||
|
|
||
|
if (!vnode_isreg(vp)) {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
/* Make sure we have a rsrc fork pointer.. */
|
||
|
if (ainfo.rsrcfork == NULL) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
if (ainfo.rsrcfork) {
|
||
|
if (ainfo.rsrcfork->length != 0) {
|
||
|
if (options & XATTR_CREATE) {
|
||
|
/* attr exists, and create specified ? */
|
||
|
error = EEXIST;
|
||
|
goto out;
|
||
|
}
|
||
|
} else {
|
||
|
/* Zero length AD rsrc fork */
|
||
|
if (options & XATTR_REPLACE) {
|
||
|
/* attr doesn't exist (0-length), but replace specified ? */
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
/* We can't do much if we somehow didn't get an AD rsrc pointer */
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
endoffset = uio_resid(uio) + uio_offset(uio); /* new size */
|
||
|
if (endoffset > UINT32_MAX || endoffset < 0) {
|
||
|
error = EINVAL;
|
||
|
goto out;
|
||
|
}
|
||
|
uio_setoffset(uio, uio_offset(uio) + ainfo.rsrcfork->offset);
|
||
|
error = VNOP_WRITE(xvp, uio, 0, context);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
uio_setoffset(uio, uio_offset(uio) - ainfo.rsrcfork->offset);
|
||
|
if (endoffset > ainfo.rsrcfork->length) {
|
||
|
ainfo.rsrcfork->length = (u_int32_t)endoffset;
|
||
|
ainfo.iosize = sizeof(attr_header_t);
|
||
|
error = write_xattrinfo(&ainfo);
|
||
|
goto out;
|
||
|
}
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
if (datalen > ATTR_MAX_SIZE) {
|
||
|
return E2BIG; /* EINVAL instead ? */
|
||
|
}
|
||
|
|
||
|
if (ainfo.attrhdr == NULL) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
header = ainfo.attrhdr;
|
||
|
entry = ainfo.attr_entry;
|
||
|
|
||
|
/* Check if data area crosses the maximum header size. */
|
||
|
if ((header->data_start + header->data_length + entrylen + datalen) > ATTR_MAX_HDR_SIZE) {
|
||
|
splitdata = 1; /* do data I/O separately */
|
||
|
} else {
|
||
|
splitdata = 0;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* See if attribute already exists.
|
||
|
*/
|
||
|
for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) {
|
||
|
if (strncmp((const char *)entry->name, name, namelen) == 0) {
|
||
|
found = 1;
|
||
|
break;
|
||
|
}
|
||
|
entry = ATTR_NEXT(entry);
|
||
|
}
|
||
|
|
||
|
if (found) {
|
||
|
if (options & XATTR_CREATE) {
|
||
|
error = EEXIST;
|
||
|
goto out;
|
||
|
}
|
||
|
if (datalen == entry->length) {
|
||
|
if (splitdata) {
|
||
|
uio_setoffset(uio, entry->offset);
|
||
|
error = VNOP_WRITE(xvp, uio, 0, context);
|
||
|
uio_setoffset(uio, 0);
|
||
|
if (error) {
|
||
|
printf("setxattr: VNOP_WRITE error %d\n", error);
|
||
|
}
|
||
|
} else {
|
||
|
attrdata = (u_int8_t *)header + entry->offset;
|
||
|
error = uiomove((caddr_t)attrdata, (int)datalen, uio);
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
ainfo.iosize = ainfo.attrhdr->data_start + ainfo.attrhdr->data_length;
|
||
|
error = write_xattrinfo(&ainfo);
|
||
|
if (error) {
|
||
|
printf("setxattr: write_xattrinfo error %d\n", error);
|
||
|
}
|
||
|
}
|
||
|
goto out;
|
||
|
} else {
|
||
|
/*
|
||
|
* Brute force approach - just remove old entry and set new entry.
|
||
|
*/
|
||
|
found = 0;
|
||
|
rel_xattrinfo(&ainfo);
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
error = default_removexattr(vp, name, options, context);
|
||
|
if (error) {
|
||
|
return error;
|
||
|
}
|
||
|
/* Clear XATTR_REPLACE option since we just removed the attribute. */
|
||
|
options &= ~XATTR_REPLACE;
|
||
|
goto start; /* start over */
|
||
|
}
|
||
|
} else {
|
||
|
if (!ATTR_VALID(entry, ainfo)) {
|
||
|
error = ENOSPC;
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (options & XATTR_REPLACE) {
|
||
|
error = ENOATTR; /* nothing there to replace */
|
||
|
goto out;
|
||
|
}
|
||
|
/* Check if header size limit has been reached. */
|
||
|
if ((header->data_start + entrylen) > ATTR_MAX_HDR_SIZE) {
|
||
|
error = ENOSPC;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
datafreespace = header->total_size - (header->data_start + header->data_length);
|
||
|
|
||
|
/* Check if we need more space. */
|
||
|
if ((datalen + entrylen) > datafreespace) {
|
||
|
size_t growsize;
|
||
|
|
||
|
growsize = roundup((datalen + entrylen) - datafreespace, ATTR_BUF_SIZE);
|
||
|
|
||
|
/* Clip roundup size when we can still fit in ATTR_MAX_HDR_SIZE. */
|
||
|
if (!splitdata && (header->total_size + growsize) > ATTR_MAX_HDR_SIZE) {
|
||
|
growsize = ATTR_MAX_HDR_SIZE - header->total_size;
|
||
|
}
|
||
|
|
||
|
ainfo.filesize += growsize;
|
||
|
error = vnode_setsize(xvp, ainfo.filesize, 0, context);
|
||
|
if (error) {
|
||
|
printf("setxattr: VNOP_TRUNCATE error %d\n", error);
|
||
|
}
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Move the resource fork out of the way.
|
||
|
*/
|
||
|
if (ainfo.rsrcfork) {
|
||
|
if (ainfo.rsrcfork->length != 0) {
|
||
|
shift_data_down(xvp,
|
||
|
ainfo.rsrcfork->offset,
|
||
|
ainfo.rsrcfork->length,
|
||
|
growsize, context);
|
||
|
}
|
||
|
ainfo.rsrcfork->offset += growsize;
|
||
|
}
|
||
|
ainfo.finderinfo->length += growsize;
|
||
|
header->total_size += growsize;
|
||
|
}
|
||
|
|
||
|
/* Make space for a new entry. */
|
||
|
if (splitdata) {
|
||
|
shift_data_down(xvp,
|
||
|
header->data_start,
|
||
|
header->data_length,
|
||
|
entrylen, context);
|
||
|
} else {
|
||
|
bcopy((u_int8_t *)header + header->data_start,
|
||
|
(u_int8_t *)header + header->data_start + entrylen,
|
||
|
header->data_length);
|
||
|
}
|
||
|
header->data_start += entrylen;
|
||
|
|
||
|
/* Fix up entry data offsets. */
|
||
|
lastentry = entry;
|
||
|
for (entry = ainfo.attr_entry; entry != lastentry && ATTR_VALID(entry, ainfo); entry = ATTR_NEXT(entry)) {
|
||
|
entry->offset += entrylen;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* If the attribute data area is entirely within
|
||
|
* the header buffer, then just update the buffer,
|
||
|
* otherwise we'll write it separately to the file.
|
||
|
*/
|
||
|
if (splitdata) {
|
||
|
off_t offset;
|
||
|
|
||
|
/* Write new attribute data after the end of existing data. */
|
||
|
offset = header->data_start + header->data_length;
|
||
|
uio_setoffset(uio, offset);
|
||
|
error = VNOP_WRITE(xvp, uio, 0, context);
|
||
|
uio_setoffset(uio, 0);
|
||
|
if (error) {
|
||
|
printf("setxattr: VNOP_WRITE error %d\n", error);
|
||
|
goto out;
|
||
|
}
|
||
|
} else {
|
||
|
attrdata = (u_int8_t *)header + header->data_start + header->data_length;
|
||
|
|
||
|
error = uiomove((caddr_t)attrdata, (int)datalen, uio);
|
||
|
if (error) {
|
||
|
printf("setxattr: uiomove error %d\n", error);
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* Create the attribute entry. */
|
||
|
lastentry->length = (u_int32_t)datalen;
|
||
|
lastentry->offset = header->data_start + header->data_length;
|
||
|
lastentry->namelen = (u_int8_t)namelen;
|
||
|
lastentry->flags = 0;
|
||
|
bcopy(name, &lastentry->name[0], namelen);
|
||
|
|
||
|
/* Update the attributes header. */
|
||
|
header->num_attrs++;
|
||
|
header->data_length += datalen;
|
||
|
|
||
|
if (splitdata) {
|
||
|
/* Only write the entries, since the data was written separately. */
|
||
|
ainfo.iosize = ainfo.attrhdr->data_start;
|
||
|
} else {
|
||
|
/* The entry and data are both in the header; write them together. */
|
||
|
ainfo.iosize = ainfo.attrhdr->data_start + ainfo.attrhdr->data_length;
|
||
|
}
|
||
|
error = write_xattrinfo(&ainfo);
|
||
|
if (error) {
|
||
|
printf("setxattr: write_xattrinfo error %d\n", error);
|
||
|
}
|
||
|
|
||
|
out:
|
||
|
rel_xattrinfo(&ainfo);
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
|
||
|
/* Touch the change time if we changed an attribute. */
|
||
|
if (error == 0) {
|
||
|
struct vnode_attr va;
|
||
|
|
||
|
/* Re-write the mtime to cause a ctime change. */
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_modify_time);
|
||
|
if (vnode_getattr(vp, &va, context) == 0) {
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_SET(&va, va_modify_time, va.va_modify_time);
|
||
|
(void) vnode_setattr(vp, &va, context);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
post_event_if_success(vp, error, NOTE_ATTRIB);
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Remove an extended attribute.
|
||
|
*/
|
||
|
static int
|
||
|
default_removexattr(vnode_t vp, const char *name, __unused int options, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t xvp = NULL;
|
||
|
attr_info_t ainfo;
|
||
|
attr_header_t *header;
|
||
|
attr_entry_t *entry;
|
||
|
attr_entry_t *oldslot;
|
||
|
u_int8_t *attrdata;
|
||
|
u_int32_t dataoff;
|
||
|
size_t datalen;
|
||
|
size_t entrylen;
|
||
|
int namelen;
|
||
|
int found = 0, lastone = 0;
|
||
|
int i;
|
||
|
int splitdata;
|
||
|
int attrcount = 0;
|
||
|
int isrsrcfork;
|
||
|
int fileflags;
|
||
|
int error;
|
||
|
|
||
|
fileflags = FREAD | FWRITE;
|
||
|
if (strncmp(name, XATTR_RESOURCEFORK_NAME, sizeof(XATTR_RESOURCEFORK_NAME)) == 0) {
|
||
|
isrsrcfork = 1;
|
||
|
/*
|
||
|
* Open the file locked (exclusive) since the Carbon
|
||
|
* File Manager may have the Apple Double file open
|
||
|
* and could be changing the resource fork.
|
||
|
*/
|
||
|
fileflags |= O_EXLOCK;
|
||
|
} else {
|
||
|
isrsrcfork = 0;
|
||
|
}
|
||
|
|
||
|
if ((error = open_xattrfile(vp, fileflags, &xvp, context))) {
|
||
|
return error;
|
||
|
}
|
||
|
if ((error = get_xattrinfo(xvp, 0, &ainfo, context))) {
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
return error;
|
||
|
}
|
||
|
if (ainfo.attrhdr) {
|
||
|
attrcount += ainfo.attrhdr->num_attrs;
|
||
|
}
|
||
|
if (ainfo.rsrcfork) {
|
||
|
++attrcount;
|
||
|
}
|
||
|
if (ainfo.finderinfo && !ainfo.emptyfinderinfo) {
|
||
|
++attrcount;
|
||
|
}
|
||
|
|
||
|
/* Clear the Finder Info. */
|
||
|
if (strncmp(name, XATTR_FINDERINFO_NAME, sizeof(XATTR_FINDERINFO_NAME)) == 0) {
|
||
|
if (ainfo.finderinfo == NULL || ainfo.emptyfinderinfo) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
/* On removal of last attribute the ._ file is removed. */
|
||
|
if (--attrcount == 0) {
|
||
|
goto out;
|
||
|
}
|
||
|
attrdata = (u_int8_t *)ainfo.filehdr + ainfo.finderinfo->offset;
|
||
|
bzero((caddr_t)attrdata, FINDERINFOSIZE);
|
||
|
error = write_xattrinfo(&ainfo);
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/* Clear the Resource Fork. */
|
||
|
if (isrsrcfork) {
|
||
|
if (!vnode_isreg(vp)) {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
if (ainfo.rsrcfork == NULL || ainfo.rsrcfork->length == 0) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
/* On removal of last attribute the ._ file is removed. */
|
||
|
if (--attrcount == 0) {
|
||
|
goto out;
|
||
|
}
|
||
|
/*
|
||
|
* XXX
|
||
|
* If the resource fork isn't the last AppleDouble
|
||
|
* entry then the space needs to be reclaimed by
|
||
|
* shifting the entries after the resource fork.
|
||
|
*/
|
||
|
if ((ainfo.rsrcfork->offset + ainfo.rsrcfork->length) == ainfo.filesize) {
|
||
|
ainfo.filesize -= ainfo.rsrcfork->length;
|
||
|
error = vnode_setsize(xvp, ainfo.filesize, 0, context);
|
||
|
}
|
||
|
if (error == 0) {
|
||
|
ainfo.rsrcfork->length = 0;
|
||
|
ainfo.iosize = sizeof(attr_header_t);
|
||
|
error = write_xattrinfo(&ainfo);
|
||
|
}
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
if (ainfo.attrhdr == NULL) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
namelen = (int)strlen(name) + 1;
|
||
|
header = ainfo.attrhdr;
|
||
|
entry = ainfo.attr_entry;
|
||
|
|
||
|
/*
|
||
|
* See if this attribute exists.
|
||
|
*/
|
||
|
for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) {
|
||
|
if (strncmp((const char *)entry->name, name, namelen) == 0) {
|
||
|
found = 1;
|
||
|
if ((i + 1) == header->num_attrs) {
|
||
|
lastone = 1;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
entry = ATTR_NEXT(entry);
|
||
|
}
|
||
|
if (!found) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
/* On removal of last attribute the ._ file is removed. */
|
||
|
if (--attrcount == 0) {
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
datalen = entry->length;
|
||
|
dataoff = entry->offset;
|
||
|
entrylen = ATTR_ENTRY_LENGTH(namelen);
|
||
|
if ((header->data_start + header->data_length) > ATTR_MAX_HDR_SIZE) {
|
||
|
splitdata = 1;
|
||
|
} else {
|
||
|
splitdata = 0;
|
||
|
}
|
||
|
|
||
|
/* Remove the attribute entry. */
|
||
|
if (!lastone) {
|
||
|
bcopy((u_int8_t *)entry + entrylen, (u_int8_t *)entry,
|
||
|
((size_t)header + header->data_start) - ((size_t)entry + entrylen));
|
||
|
}
|
||
|
|
||
|
/* Adjust the attribute data. */
|
||
|
if (splitdata) {
|
||
|
shift_data_up(xvp,
|
||
|
header->data_start,
|
||
|
dataoff - header->data_start,
|
||
|
entrylen,
|
||
|
context);
|
||
|
if (!lastone) {
|
||
|
shift_data_up(xvp,
|
||
|
dataoff + datalen,
|
||
|
(header->data_start + header->data_length) - (dataoff + datalen),
|
||
|
datalen + entrylen,
|
||
|
context);
|
||
|
}
|
||
|
/* XXX write zeros to freed space ? */
|
||
|
ainfo.iosize = ainfo.attrhdr->data_start - entrylen;
|
||
|
} else {
|
||
|
bcopy((u_int8_t *)header + header->data_start,
|
||
|
(u_int8_t *)header + header->data_start - entrylen,
|
||
|
dataoff - header->data_start);
|
||
|
if (!lastone) {
|
||
|
bcopy((u_int8_t *)header + dataoff + datalen,
|
||
|
(u_int8_t *)header + dataoff - entrylen,
|
||
|
(header->data_start + header->data_length) - (dataoff + datalen));
|
||
|
}
|
||
|
bzero(((u_int8_t *)header + header->data_start + header->data_length) - (datalen + entrylen), (datalen + entrylen));
|
||
|
ainfo.iosize = ainfo.attrhdr->data_start + ainfo.attrhdr->data_length;
|
||
|
}
|
||
|
|
||
|
/* Adjust the header values and entry offsets. */
|
||
|
header->num_attrs--;
|
||
|
header->data_start -= entrylen;
|
||
|
header->data_length -= datalen;
|
||
|
|
||
|
oldslot = entry;
|
||
|
entry = ainfo.attr_entry;
|
||
|
for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) {
|
||
|
entry->offset -= entrylen;
|
||
|
if (entry >= oldslot) {
|
||
|
entry->offset -= datalen;
|
||
|
}
|
||
|
entry = ATTR_NEXT(entry);
|
||
|
}
|
||
|
error = write_xattrinfo(&ainfo);
|
||
|
if (error) {
|
||
|
printf("removexattr: write_xattrinfo error %d\n", error);
|
||
|
}
|
||
|
out:
|
||
|
rel_xattrinfo(&ainfo);
|
||
|
|
||
|
/* When there are no more attributes remove the ._ file. */
|
||
|
if (attrcount == 0) {
|
||
|
if (fileflags & O_EXLOCK) {
|
||
|
(void) unlock_xattrfile(xvp, context);
|
||
|
}
|
||
|
VNOP_CLOSE(xvp, fileflags, context);
|
||
|
vnode_rele(xvp);
|
||
|
error = remove_xattrfile(xvp, context);
|
||
|
vnode_put(xvp);
|
||
|
} else {
|
||
|
close_xattrfile(xvp, fileflags, context);
|
||
|
}
|
||
|
/* Touch the change time if we changed an attribute. */
|
||
|
if (error == 0) {
|
||
|
struct vnode_attr va;
|
||
|
|
||
|
/* Re-write the mtime to cause a ctime change. */
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_modify_time);
|
||
|
if (vnode_getattr(vp, &va, context) == 0) {
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_SET(&va, va_modify_time, va.va_modify_time);
|
||
|
(void) vnode_setattr(vp, &va, context);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
post_event_if_success(vp, error, NOTE_ATTRIB);
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Retrieve the list of extended attribute names.
|
||
|
*/
|
||
|
static int
|
||
|
default_listxattr(vnode_t vp, uio_t uio, size_t *size, __unused int options, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t xvp = NULL;
|
||
|
attr_info_t ainfo;
|
||
|
attr_entry_t *entry;
|
||
|
int i, count;
|
||
|
int error;
|
||
|
|
||
|
/*
|
||
|
* We do not zero "*size" here as we don't want to stomp a size set when
|
||
|
* VNOP_LISTXATTR processed any native EAs. That size is initially zeroed by the
|
||
|
* system call layer, up in listxattr or flistxattr.
|
||
|
*/
|
||
|
|
||
|
if ((error = open_xattrfile(vp, FREAD, &xvp, context))) {
|
||
|
if (error == ENOATTR) {
|
||
|
error = 0;
|
||
|
}
|
||
|
return error;
|
||
|
}
|
||
|
if ((error = get_xattrinfo(xvp, 0, &ainfo, context))) {
|
||
|
if (error == ENOATTR) {
|
||
|
error = 0;
|
||
|
}
|
||
|
close_xattrfile(xvp, FREAD, context);
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/* Check for Finder Info. */
|
||
|
if (ainfo.finderinfo && !ainfo.emptyfinderinfo) {
|
||
|
if (uio == NULL) {
|
||
|
*size += sizeof(XATTR_FINDERINFO_NAME);
|
||
|
} else if (uio_resid(uio) < (user_ssize_t)sizeof(XATTR_FINDERINFO_NAME)) {
|
||
|
error = ERANGE;
|
||
|
goto out;
|
||
|
} else {
|
||
|
error = uiomove(XATTR_FINDERINFO_NAME,
|
||
|
sizeof(XATTR_FINDERINFO_NAME), uio);
|
||
|
if (error) {
|
||
|
error = ERANGE;
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* Check for Resource Fork. */
|
||
|
if (vnode_isreg(vp) && ainfo.rsrcfork) {
|
||
|
if (uio == NULL) {
|
||
|
*size += sizeof(XATTR_RESOURCEFORK_NAME);
|
||
|
} else if (uio_resid(uio) < (user_ssize_t)sizeof(XATTR_RESOURCEFORK_NAME)) {
|
||
|
error = ERANGE;
|
||
|
goto out;
|
||
|
} else {
|
||
|
error = uiomove(XATTR_RESOURCEFORK_NAME,
|
||
|
sizeof(XATTR_RESOURCEFORK_NAME), uio);
|
||
|
if (error) {
|
||
|
error = ERANGE;
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* Check for attributes. */
|
||
|
if (ainfo.attrhdr) {
|
||
|
count = ainfo.attrhdr->num_attrs;
|
||
|
for (i = 0, entry = ainfo.attr_entry; i < count && ATTR_VALID(entry, ainfo); i++) {
|
||
|
if (xattr_protected((const char *)entry->name) ||
|
||
|
((entry->namelen < XATTR_MAXNAMELEN) &&
|
||
|
(entry->name[entry->namelen] == '\0') &&
|
||
|
(xattr_validatename((const char *)entry->name) != 0))) {
|
||
|
entry = ATTR_NEXT(entry);
|
||
|
continue;
|
||
|
}
|
||
|
if (uio == NULL) {
|
||
|
*size += entry->namelen;
|
||
|
entry = ATTR_NEXT(entry);
|
||
|
continue;
|
||
|
}
|
||
|
if (uio_resid(uio) < entry->namelen) {
|
||
|
error = ERANGE;
|
||
|
break;
|
||
|
}
|
||
|
error = uiomove((caddr_t) entry->name, entry->namelen, uio);
|
||
|
if (error) {
|
||
|
if (error != EFAULT) {
|
||
|
error = ERANGE;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
entry = ATTR_NEXT(entry);
|
||
|
}
|
||
|
}
|
||
|
out:
|
||
|
rel_xattrinfo(&ainfo);
|
||
|
close_xattrfile(xvp, FREAD, context);
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
open_xattrfile(vnode_t vp, int fileflags, vnode_t *xvpp, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t xvp = NULLVP;
|
||
|
vnode_t dvp = NULLVP;
|
||
|
struct vnode_attr *va = NULL;
|
||
|
struct nameidata *nd = NULL;
|
||
|
char smallname[64];
|
||
|
char *filename = NULL;
|
||
|
const char *basename = NULL;
|
||
|
size_t alloc_len = 0;
|
||
|
size_t copy_len;
|
||
|
errno_t error;
|
||
|
int opened = 0;
|
||
|
int referenced = 0;
|
||
|
|
||
|
if (vnode_isvroot(vp) && vnode_isdir(vp)) {
|
||
|
/*
|
||
|
* For the root directory use "._." to hold the attributes.
|
||
|
*/
|
||
|
filename = &smallname[0];
|
||
|
snprintf(filename, sizeof(smallname), "%s%s", ATTR_FILE_PREFIX, ".");
|
||
|
dvp = vp; /* the "._." file resides in the root dir */
|
||
|
goto lookup;
|
||
|
}
|
||
|
if ((dvp = vnode_getparent(vp)) == NULLVP) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
if ((basename = vnode_getname(vp)) == NULL) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/* "._" Attribute files cannot have attributes */
|
||
|
if (vp->v_type == VREG && strlen(basename) > 2 &&
|
||
|
basename[0] == '.' && basename[1] == '_') {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
filename = &smallname[0];
|
||
|
alloc_len = snprintf(filename, sizeof(smallname), "%s%s", ATTR_FILE_PREFIX, basename);
|
||
|
if (alloc_len >= sizeof(smallname)) {
|
||
|
alloc_len++; /* snprintf result doesn't include '\0' */
|
||
|
filename = kalloc_data(alloc_len, Z_WAITOK);
|
||
|
copy_len = snprintf(filename, alloc_len, "%s%s", ATTR_FILE_PREFIX, basename);
|
||
|
}
|
||
|
/*
|
||
|
* Note that the lookup here does not authorize. Since we are looking
|
||
|
* up in the same directory that we already have the file vnode in,
|
||
|
* we must have been given the file vnode legitimately. Read/write
|
||
|
* access has already been authorized in layers above for calls from
|
||
|
* userspace, and the authorization code using this path to read
|
||
|
* file security from the EA must always get access
|
||
|
*/
|
||
|
lookup:
|
||
|
nd = kalloc_type(struct nameidata, Z_WAITOK);
|
||
|
NDINIT(nd, LOOKUP, OP_OPEN, LOCKLEAF | NOFOLLOW | USEDVP | DONOTAUTH,
|
||
|
UIO_SYSSPACE, CAST_USER_ADDR_T(filename), context);
|
||
|
nd->ni_dvp = dvp;
|
||
|
|
||
|
va = kalloc_type(struct vnode_attr, Z_WAITOK);
|
||
|
|
||
|
if (fileflags & O_CREAT) {
|
||
|
nd->ni_cnd.cn_nameiop = CREATE;
|
||
|
#if CONFIG_TRIGGERS
|
||
|
nd->ni_op = OP_LINK;
|
||
|
#endif
|
||
|
if (dvp != vp) {
|
||
|
nd->ni_cnd.cn_flags |= LOCKPARENT;
|
||
|
}
|
||
|
if ((error = namei(nd))) {
|
||
|
nd->ni_dvp = NULLVP;
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
if ((xvp = nd->ni_vp) == NULLVP) {
|
||
|
uid_t uid;
|
||
|
gid_t gid;
|
||
|
mode_t umode;
|
||
|
|
||
|
/*
|
||
|
* Pick up uid/gid/mode from target file.
|
||
|
*/
|
||
|
VATTR_INIT(va);
|
||
|
VATTR_WANTED(va, va_uid);
|
||
|
VATTR_WANTED(va, va_gid);
|
||
|
VATTR_WANTED(va, va_mode);
|
||
|
if (VNOP_GETATTR(vp, va, context) == 0 &&
|
||
|
VATTR_IS_SUPPORTED(va, va_uid) &&
|
||
|
VATTR_IS_SUPPORTED(va, va_gid) &&
|
||
|
VATTR_IS_SUPPORTED(va, va_mode)) {
|
||
|
uid = va->va_uid;
|
||
|
gid = va->va_gid;
|
||
|
umode = va->va_mode & (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
|
||
|
} else { /* fallback values */
|
||
|
uid = KAUTH_UID_NONE;
|
||
|
gid = KAUTH_GID_NONE;
|
||
|
umode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
|
||
|
}
|
||
|
|
||
|
VATTR_INIT(va);
|
||
|
VATTR_SET(va, va_type, VREG);
|
||
|
VATTR_SET(va, va_mode, umode);
|
||
|
if (uid != KAUTH_UID_NONE) {
|
||
|
VATTR_SET(va, va_uid, uid);
|
||
|
}
|
||
|
if (gid != KAUTH_GID_NONE) {
|
||
|
VATTR_SET(va, va_gid, gid);
|
||
|
}
|
||
|
|
||
|
error = vn_create(dvp, &nd->ni_vp, nd, va,
|
||
|
VN_CREATE_NOAUTH | VN_CREATE_NOINHERIT | VN_CREATE_NOLABEL,
|
||
|
0, NULL,
|
||
|
context);
|
||
|
if (error) {
|
||
|
error = ENOATTR;
|
||
|
} else {
|
||
|
xvp = nd->ni_vp;
|
||
|
}
|
||
|
}
|
||
|
nameidone(nd);
|
||
|
if (dvp != vp) {
|
||
|
vnode_put(dvp); /* drop iocount from LOCKPARENT request above */
|
||
|
}
|
||
|
if (error) {
|
||
|
goto out;
|
||
|
}
|
||
|
} else {
|
||
|
if ((error = namei(nd))) {
|
||
|
nd->ni_dvp = NULLVP;
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
xvp = nd->ni_vp;
|
||
|
nameidone(nd);
|
||
|
}
|
||
|
nd->ni_dvp = NULLVP;
|
||
|
|
||
|
if (xvp->v_type != VREG) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
/*
|
||
|
* Owners must match.
|
||
|
*/
|
||
|
VATTR_INIT(va);
|
||
|
VATTR_WANTED(va, va_uid);
|
||
|
if (VNOP_GETATTR(vp, va, context) == 0 && VATTR_IS_SUPPORTED(va, va_uid)) {
|
||
|
uid_t owner = va->va_uid;
|
||
|
|
||
|
VATTR_INIT(va);
|
||
|
VATTR_WANTED(va, va_uid);
|
||
|
if (VNOP_GETATTR(xvp, va, context) == 0 && (owner != va->va_uid)) {
|
||
|
error = ENOATTR; /* don't use this "._" file */
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ((error = VNOP_OPEN(xvp, fileflags & ~(O_EXLOCK | O_SHLOCK), context))) {
|
||
|
error = ENOATTR;
|
||
|
goto out;
|
||
|
}
|
||
|
opened = 1;
|
||
|
|
||
|
if ((error = vnode_ref(xvp))) {
|
||
|
goto out;
|
||
|
}
|
||
|
referenced = 1;
|
||
|
|
||
|
/* If create was requested, make sure file header exists. */
|
||
|
if (fileflags & O_CREAT) {
|
||
|
VATTR_INIT(va);
|
||
|
VATTR_WANTED(va, va_data_size);
|
||
|
VATTR_WANTED(va, va_fileid);
|
||
|
VATTR_WANTED(va, va_nlink);
|
||
|
if ((error = vnode_getattr(xvp, va, context)) != 0) {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/* If the file is empty then add a default header. */
|
||
|
if (va->va_data_size == 0) {
|
||
|
/* Don't adopt hard-linked "._" files. */
|
||
|
if (VATTR_IS_SUPPORTED(va, va_nlink) && va->va_nlink > 1) {
|
||
|
error = EPERM;
|
||
|
goto out;
|
||
|
}
|
||
|
if ((error = create_xattrfile(xvp, (u_int32_t)va->va_fileid, context))) {
|
||
|
goto out;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
/* Apply file locking if requested. */
|
||
|
if (fileflags & (O_EXLOCK | O_SHLOCK)) {
|
||
|
short locktype;
|
||
|
|
||
|
locktype = (fileflags & O_EXLOCK) ? F_WRLCK : F_RDLCK;
|
||
|
error = lock_xattrfile(xvp, locktype, context);
|
||
|
if (error) {
|
||
|
error = ENOATTR;
|
||
|
}
|
||
|
}
|
||
|
out:
|
||
|
if (error) {
|
||
|
if (xvp != NULLVP) {
|
||
|
if (opened) {
|
||
|
(void) VNOP_CLOSE(xvp, fileflags, context);
|
||
|
}
|
||
|
|
||
|
if (fileflags & O_CREAT) {
|
||
|
/* Delete the xattr file if we encountered any errors */
|
||
|
(void) remove_xattrfile(xvp, context);
|
||
|
}
|
||
|
|
||
|
if (referenced) {
|
||
|
(void) vnode_rele(xvp);
|
||
|
}
|
||
|
(void) vnode_put(xvp);
|
||
|
xvp = NULLVP;
|
||
|
}
|
||
|
if ((error == ENOATTR) && (fileflags & O_CREAT)) {
|
||
|
error = EPERM;
|
||
|
}
|
||
|
}
|
||
|
/* Release resources after error-handling */
|
||
|
kfree_type(struct nameidata, nd);
|
||
|
kfree_type(struct vnode_attr, va);
|
||
|
if (dvp && (dvp != vp)) {
|
||
|
vnode_put(dvp);
|
||
|
}
|
||
|
if (basename) {
|
||
|
vnode_putname(basename);
|
||
|
}
|
||
|
if (filename && filename != &smallname[0]) {
|
||
|
kfree_data(filename, alloc_len);
|
||
|
}
|
||
|
|
||
|
*xvpp = xvp; /* return a referenced vnode */
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
close_xattrfile(vnode_t xvp, int fileflags, vfs_context_t context)
|
||
|
{
|
||
|
// if (fileflags & FWRITE)
|
||
|
// (void) VNOP_FSYNC(xvp, MNT_WAIT, context);
|
||
|
|
||
|
if (fileflags & (O_EXLOCK | O_SHLOCK)) {
|
||
|
(void) unlock_xattrfile(xvp, context);
|
||
|
}
|
||
|
|
||
|
(void) VNOP_CLOSE(xvp, fileflags, context);
|
||
|
(void) vnode_rele(xvp);
|
||
|
(void) vnode_put(xvp);
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
remove_xattrfile(vnode_t xvp, vfs_context_t context)
|
||
|
{
|
||
|
vnode_t dvp;
|
||
|
struct nameidata nd;
|
||
|
char *path = NULL;
|
||
|
int pathlen;
|
||
|
int error = 0;
|
||
|
|
||
|
path = zalloc(ZV_NAMEI);
|
||
|
pathlen = MAXPATHLEN;
|
||
|
error = vn_getpath(xvp, path, &pathlen);
|
||
|
if (error) {
|
||
|
zfree(ZV_NAMEI, path);
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
NDINIT(&nd, DELETE, OP_UNLINK, LOCKPARENT | NOFOLLOW | DONOTAUTH,
|
||
|
UIO_SYSSPACE, CAST_USER_ADDR_T(path), context);
|
||
|
error = namei(&nd);
|
||
|
zfree(ZV_NAMEI, path);
|
||
|
if (error) {
|
||
|
return error;
|
||
|
}
|
||
|
dvp = nd.ni_dvp;
|
||
|
xvp = nd.ni_vp;
|
||
|
|
||
|
error = VNOP_REMOVE(dvp, xvp, &nd.ni_cnd, 0, context);
|
||
|
nameidone(&nd);
|
||
|
vnode_put(dvp);
|
||
|
vnode_put(xvp);
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Read in and parse the AppleDouble header and entries, and the extended
|
||
|
* attribute header and entries if any. Populates the fields of ainfop
|
||
|
* based on the headers and entries found.
|
||
|
*
|
||
|
* The basic idea is to:
|
||
|
* - Read in up to ATTR_MAX_HDR_SIZE bytes of the start of the file. All
|
||
|
* AppleDouble entries, the extended attribute header, and extended
|
||
|
* attribute entries must lie within this part of the file; the rest of
|
||
|
* the AppleDouble handling code assumes this. Plus it allows us to
|
||
|
* somewhat optimize by doing a smaller number of larger I/Os.
|
||
|
* - Swap and sanity check the AppleDouble header (including the AppleDouble
|
||
|
* entries).
|
||
|
* - Find the Finder Info and Resource Fork entries, if any.
|
||
|
* - If we're going to be writing, try to make sure the Finder Info entry has
|
||
|
* room to store the extended attribute header, plus some space for extended
|
||
|
* attributes.
|
||
|
* - Swap and sanity check the extended attribute header and entries (if any).
|
||
|
*/
|
||
|
static int
|
||
|
get_xattrinfo(vnode_t xvp, int setting, attr_info_t *ainfop, vfs_context_t context)
|
||
|
{
|
||
|
uio_t auio = NULL;
|
||
|
void * buffer = NULL;
|
||
|
apple_double_header_t *filehdr;
|
||
|
struct vnode_attr va;
|
||
|
size_t iosize = 0;
|
||
|
int i;
|
||
|
int error;
|
||
|
|
||
|
bzero(ainfop, sizeof(attr_info_t));
|
||
|
ainfop->filevp = xvp;
|
||
|
ainfop->context = context;
|
||
|
VATTR_INIT(&va);
|
||
|
VATTR_WANTED(&va, va_data_size);
|
||
|
VATTR_WANTED(&va, va_fileid);
|
||
|
if ((error = vnode_getattr(xvp, &va, context))) {
|
||
|
goto bail;
|
||
|
}
|
||
|
ainfop->filesize = va.va_data_size;
|
||
|
|
||
|
/* When setting attributes, allow room for the header to grow. */
|
||
|
if (setting) {
|
||
|
iosize = ATTR_MAX_HDR_SIZE;
|
||
|
} else {
|
||
|
iosize = MIN(ATTR_MAX_HDR_SIZE, ainfop->filesize);
|
||
|
}
|
||
|
|
||
|
if (iosize == 0 || iosize < sizeof(apple_double_header_t)) {
|
||
|
error = ENOATTR;
|
||
|
goto bail;
|
||
|
}
|
||
|
|
||
|
ainfop->iosize = iosize;
|
||
|
buffer = kalloc_data(iosize, Z_WAITOK | Z_ZERO);
|
||
|
if (buffer == NULL) {
|
||
|
error = ENOMEM;
|
||
|
goto bail;
|
||
|
}
|
||
|
|
||
|
auio = uio_create(1, 0, UIO_SYSSPACE, UIO_READ);
|
||
|
uio_addiov(auio, (uintptr_t)buffer, iosize);
|
||
|
|
||
|
/* Read the file header. */
|
||
|
error = VNOP_READ(xvp, auio, 0, context);
|
||
|
if (error) {
|
||
|
goto bail;
|
||
|
}
|
||
|
ainfop->rawsize = iosize - uio_resid(auio);
|
||
|
ainfop->rawdata = (u_int8_t *)buffer;
|
||
|
|
||
|
filehdr = (apple_double_header_t *)buffer;
|
||
|
|
||
|
error = check_and_swap_apple_double_header(ainfop);
|
||
|
if (error) {
|
||
|
goto bail;
|
||
|
}
|
||
|
|
||
|
ainfop->filehdr = filehdr; /* valid AppleDouble header */
|
||
|
|
||
|
/* rel_xattrinfo is responsible for freeing the header buffer */
|
||
|
buffer = NULL;
|
||
|
|
||
|
/* Find the Finder Info and Resource Fork entries, if any */
|
||
|
for (i = 0; i < filehdr->numEntries; ++i) {
|
||
|
if (filehdr->entries[i].type == AD_FINDERINFO &&
|
||
|
filehdr->entries[i].length >= FINDERINFOSIZE) {
|
||
|
/* We found the Finder Info entry. */
|
||
|
ainfop->finderinfo = &filehdr->entries[i];
|
||
|
|
||
|
/* At this point check_and_swap_apple_double_header() call above
|
||
|
* verified that all apple double entires are valid:
|
||
|
* they point somewhere within the file.
|
||
|
*
|
||
|
* Now for finderinfo make sure that the fixed portion
|
||
|
* is within the buffer we read in.
|
||
|
*/
|
||
|
if (((ainfop->finderinfo->offset + FINDERINFOSIZE) > ainfop->finderinfo->offset) &&
|
||
|
((ainfop->finderinfo->offset + FINDERINFOSIZE) <= ainfop->rawsize)) {
|
||
|
/*
|
||
|
* Is the Finder Info "empty" (all zeroes)? If so,
|
||
|
* we'll pretend like the Finder Info extended attribute
|
||
|
* does not exist.
|
||
|
*/
|
||
|
if (bcmp((u_int8_t*)ainfop->filehdr + ainfop->finderinfo->offset, emptyfinfo, sizeof(emptyfinfo)) == 0) {
|
||
|
ainfop->emptyfinderinfo = 1;
|
||
|
}
|
||
|
} else {
|
||
|
error = ENOATTR;
|
||
|
goto bail;
|
||
|
}
|
||
|
}
|
||
|
if (filehdr->entries[i].type == AD_RESOURCE) {
|
||
|
/*
|
||
|
* Ignore zero-length resource forks when getting. If setting,
|
||
|
* we need to remember the resource fork entry so it can be
|
||
|
* updated once the new content has been written.
|
||
|
*/
|
||
|
if (filehdr->entries[i].length == 0 && !setting) {
|
||
|
continue;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Check to see if any "empty" resource fork is ours (i.e. is ignorable).
|
||
|
*
|
||
|
* The "empty" resource headers we created have a system data tag of:
|
||
|
* "This resource fork intentionally left blank "
|
||
|
*/
|
||
|
if (filehdr->entries[i].length == sizeof(rsrcfork_header_t) && !setting) {
|
||
|
uio_t rf_uio;
|
||
|
u_int8_t systemData[64];
|
||
|
int rf_err;
|
||
|
|
||
|
|
||
|
/* Read the system data which starts at byte 16 */
|
||
|
rf_uio = uio_create(1, 0, UIO_SYSSPACE, UIO_READ);
|
||
|
uio_addiov(rf_uio, (uintptr_t)systemData, sizeof(systemData));
|
||
|
uio_setoffset(rf_uio, filehdr->entries[i].offset + 16);
|
||
|
rf_err = VNOP_READ(xvp, rf_uio, 0, context);
|
||
|
uio_free(rf_uio);
|
||
|
|
||
|
if (rf_err != 0 ||
|
||
|
bcmp(systemData, RF_EMPTY_TAG, sizeof(RF_EMPTY_TAG)) == 0) {
|
||
|
continue; /* skip this resource fork */
|
||
|
}
|
||
|
}
|
||
|
ainfop->rsrcfork = &filehdr->entries[i];
|
||
|
if (i != (filehdr->numEntries - 1)) {
|
||
|
printf("get_xattrinfo: resource fork not last entry\n");
|
||
|
ainfop->readonly = 1;
|
||
|
}
|
||
|
continue;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* See if this file looks like it is laid out correctly to contain
|
||
|
* extended attributes. If so, then do the following:
|
||
|
*
|
||
|
* - If we're going to be writing, try to make sure the Finder Info
|
||
|
* entry has room to store the extended attribute header, plus some
|
||
|
* space for extended attributes.
|
||
|
*
|
||
|
* - Swap and sanity check the extended attribute header and entries
|
||
|
* (if any).
|
||
|
*/
|
||
|
if (filehdr->numEntries == 2 &&
|
||
|
ainfop->finderinfo == &filehdr->entries[0] &&
|
||
|
ainfop->rsrcfork == &filehdr->entries[1] &&
|
||
|
ainfop->finderinfo->offset == offsetof(apple_double_header_t, finfo)) {
|
||
|
attr_header_t *attrhdr;
|
||
|
attrhdr = (attr_header_t *)filehdr;
|
||
|
/*
|
||
|
* If we're going to be writing, try to make sure the Finder
|
||
|
* Info entry has room to store the extended attribute header,
|
||
|
* plus some space for extended attributes.
|
||
|
*/
|
||
|
if (setting && ainfop->finderinfo->length == FINDERINFOSIZE) {
|
||
|
size_t delta;
|
||
|
size_t writesize;
|
||
|
|
||
|
delta = ATTR_BUF_SIZE - (filehdr->entries[0].offset + FINDERINFOSIZE);
|
||
|
if (ainfop->rsrcfork && filehdr->entries[1].length) {
|
||
|
/* Make some room before existing resource fork. */
|
||
|
shift_data_down(xvp,
|
||
|
filehdr->entries[1].offset,
|
||
|
filehdr->entries[1].length,
|
||
|
delta, context);
|
||
|
writesize = sizeof(attr_header_t);
|
||
|
} else {
|
||
|
/* We are in case where existing resource fork of length 0, try to create a new, empty resource fork. */
|
||
|
rsrcfork_header_t *rsrcforkhdr;
|
||
|
|
||
|
/* Do we have enough space in the header buffer for empty resource fork */
|
||
|
if (filehdr->entries[1].offset + delta + sizeof(rsrcfork_header_t) > ainfop->iosize) {
|
||
|
/* we do not have space, bail for now */
|
||
|
error = ENOATTR;
|
||
|
goto bail;
|
||
|
}
|
||
|
|
||
|
vnode_setsize(xvp, filehdr->entries[1].offset + delta, 0, context);
|
||
|
|
||
|
/* Steal some space for an empty RF header. */
|
||
|
delta -= sizeof(rsrcfork_header_t);
|
||
|
|
||
|
bzero(&attrhdr->appledouble.pad[0], delta);
|
||
|
rsrcforkhdr = (rsrcfork_header_t *)((char *)filehdr + filehdr->entries[1].offset + delta);
|
||
|
|
||
|
/* Fill in Empty Resource Fork Header. */
|
||
|
init_empty_resource_fork(rsrcforkhdr);
|
||
|
|
||
|
filehdr->entries[1].length = sizeof(rsrcfork_header_t);
|
||
|
writesize = ATTR_BUF_SIZE;
|
||
|
}
|
||
|
filehdr->entries[0].length += delta;
|
||
|
filehdr->entries[1].offset += delta;
|
||
|
|
||
|
/* Fill in Attribute Header. */
|
||
|
attrhdr->magic = ATTR_HDR_MAGIC;
|
||
|
attrhdr->debug_tag = (u_int32_t)va.va_fileid;
|
||
|
attrhdr->total_size = filehdr->entries[1].offset;
|
||
|
attrhdr->data_start = sizeof(attr_header_t);
|
||
|
attrhdr->data_length = 0;
|
||
|
attrhdr->reserved[0] = 0;
|
||
|
attrhdr->reserved[1] = 0;
|
||
|
attrhdr->reserved[2] = 0;
|
||
|
attrhdr->flags = 0;
|
||
|
attrhdr->num_attrs = 0;
|
||
|
|
||
|
/* Push out new header */
|
||
|
uio_reset(auio, 0, UIO_SYSSPACE, UIO_WRITE);
|
||
|
uio_addiov(auio, (uintptr_t)filehdr, writesize);
|
||
|
|
||
|
swap_adhdr(filehdr); /* to big endian */
|
||
|
swap_attrhdr(attrhdr, ainfop); /* to big endian */
|
||
|
error = VNOP_WRITE(xvp, auio, 0, context);
|
||
|
swap_adhdr(filehdr); /* back to native */
|
||
|
/* The attribute header gets swapped below. */
|
||
|
}
|
||
|
}
|
||
|
/*
|
||
|
* Swap and sanity check the extended attribute header and
|
||
|
* entries (if any). The Finder Info content must be big enough
|
||
|
* to include the extended attribute header; if not, we just
|
||
|
* ignore it.
|
||
|
*
|
||
|
* Note that we're passing the offset + length (i.e. the end)
|
||
|
* of the Finder Info instead of rawsize to validate_attrhdr.
|
||
|
* This ensures that all extended attributes lie within the
|
||
|
* Finder Info content according to the AppleDouble entry.
|
||
|
*
|
||
|
* Sets ainfop->attrhdr and ainfop->attr_entry if a valid
|
||
|
* header was found.
|
||
|
*/
|
||
|
if (ainfop->finderinfo &&
|
||
|
ainfop->finderinfo == &filehdr->entries[0] &&
|
||
|
ainfop->finderinfo->length >= (sizeof(attr_header_t) - sizeof(apple_double_header_t))) {
|
||
|
attr_header_t *attrhdr = (attr_header_t*)filehdr;
|
||
|
|
||
|
if (ainfop->finderinfo->offset != offsetof(apple_double_header_t, finfo)) {
|
||
|
error = ENOATTR;
|
||
|
goto bail;
|
||
|
}
|
||
|
|
||
|
if ((error = check_and_swap_attrhdr(attrhdr, ainfop)) == 0) {
|
||
|
ainfop->attrhdr = attrhdr; /* valid attribute header */
|
||
|
/* First attr_entry starts immediately following attribute header */
|
||
|
ainfop->attr_entry = (attr_entry_t *)&attrhdr[1];
|
||
|
}
|
||
|
}
|
||
|
|
||
|
error = 0;
|
||
|
bail:
|
||
|
if (auio != NULL) {
|
||
|
uio_free(auio);
|
||
|
}
|
||
|
kfree_data(buffer, iosize);
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
|
||
|
static int
|
||
|
create_xattrfile(vnode_t xvp, u_int32_t fileid, vfs_context_t context)
|
||
|
{
|
||
|
attr_header_t *xah;
|
||
|
rsrcfork_header_t *rsrcforkhdr;
|
||
|
void * buffer;
|
||
|
uio_t auio;
|
||
|
int rsrcforksize;
|
||
|
int error;
|
||
|
|
||
|
buffer = kalloc_data(ATTR_BUF_SIZE, Z_WAITOK | Z_ZERO);
|
||
|
|
||
|
xah = (attr_header_t *)buffer;
|
||
|
auio = uio_create(1, 0, UIO_SYSSPACE, UIO_WRITE);
|
||
|
uio_addiov(auio, (uintptr_t)buffer, ATTR_BUF_SIZE);
|
||
|
rsrcforksize = sizeof(rsrcfork_header_t);
|
||
|
rsrcforkhdr = (rsrcfork_header_t *) ((char *)buffer + ATTR_BUF_SIZE - rsrcforksize);
|
||
|
|
||
|
/* Fill in Apple Double Header. */
|
||
|
xah->appledouble.magic = SWAP32(ADH_MAGIC);
|
||
|
xah->appledouble.version = SWAP32(ADH_VERSION);
|
||
|
xah->appledouble.numEntries = SWAP16(2);
|
||
|
xah->appledouble.entries[0].type = SWAP32(AD_FINDERINFO);
|
||
|
xah->appledouble.entries[0].offset = SWAP32(offsetof(apple_double_header_t, finfo));
|
||
|
xah->appledouble.entries[0].length = SWAP32(ATTR_BUF_SIZE - offsetof(apple_double_header_t, finfo) - rsrcforksize);
|
||
|
xah->appledouble.entries[1].type = SWAP32(AD_RESOURCE);
|
||
|
xah->appledouble.entries[1].offset = SWAP32(ATTR_BUF_SIZE - rsrcforksize);
|
||
|
xah->appledouble.entries[1].length = SWAP32(rsrcforksize);
|
||
|
bcopy(ADH_MACOSX, xah->appledouble.filler, sizeof(xah->appledouble.filler));
|
||
|
|
||
|
/* Fill in Attribute Header. */
|
||
|
xah->magic = SWAP32(ATTR_HDR_MAGIC);
|
||
|
xah->debug_tag = SWAP32(fileid);
|
||
|
xah->total_size = SWAP32(ATTR_BUF_SIZE - rsrcforksize);
|
||
|
xah->data_start = SWAP32(sizeof(attr_header_t));
|
||
|
|
||
|
/* Fill in Empty Resource Fork Header. */
|
||
|
init_empty_resource_fork(rsrcforkhdr);
|
||
|
|
||
|
/* Push it out. */
|
||
|
error = VNOP_WRITE(xvp, auio, IO_UNIT, context);
|
||
|
|
||
|
/* Did we write out the full uio? */
|
||
|
if (uio_resid(auio) > 0) {
|
||
|
error = ENOSPC;
|
||
|
}
|
||
|
|
||
|
uio_free(auio);
|
||
|
kfree_data(buffer, ATTR_BUF_SIZE);
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
init_empty_resource_fork(rsrcfork_header_t * rsrcforkhdr)
|
||
|
{
|
||
|
bzero(rsrcforkhdr, sizeof(rsrcfork_header_t));
|
||
|
rsrcforkhdr->fh_DataOffset = SWAP32(RF_FIRST_RESOURCE);
|
||
|
rsrcforkhdr->fh_MapOffset = SWAP32(RF_FIRST_RESOURCE);
|
||
|
rsrcforkhdr->fh_MapLength = SWAP32(RF_NULL_MAP_LENGTH);
|
||
|
rsrcforkhdr->mh_DataOffset = SWAP32(RF_FIRST_RESOURCE);
|
||
|
rsrcforkhdr->mh_MapOffset = SWAP32(RF_FIRST_RESOURCE);
|
||
|
rsrcforkhdr->mh_MapLength = SWAP32(RF_NULL_MAP_LENGTH);
|
||
|
rsrcforkhdr->mh_Types = SWAP16(RF_NULL_MAP_LENGTH - 2 );
|
||
|
rsrcforkhdr->mh_Names = SWAP16(RF_NULL_MAP_LENGTH);
|
||
|
rsrcforkhdr->typeCount = SWAP16(-1);
|
||
|
bcopy(RF_EMPTY_TAG, rsrcforkhdr->systemData, sizeof(RF_EMPTY_TAG));
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
rel_xattrinfo(attr_info_t *ainfop)
|
||
|
{
|
||
|
kfree_data_addr(ainfop->filehdr);
|
||
|
bzero(ainfop, sizeof(attr_info_t));
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
write_xattrinfo(attr_info_t *ainfop)
|
||
|
{
|
||
|
uio_t auio;
|
||
|
int error;
|
||
|
|
||
|
auio = uio_create(1, 0, UIO_SYSSPACE, UIO_WRITE);
|
||
|
uio_addiov(auio, (uintptr_t)ainfop->filehdr, ainfop->iosize);
|
||
|
|
||
|
swap_adhdr(ainfop->filehdr);
|
||
|
if (ainfop->attrhdr != NULL) {
|
||
|
swap_attrhdr(ainfop->attrhdr, ainfop);
|
||
|
}
|
||
|
|
||
|
error = VNOP_WRITE(ainfop->filevp, auio, 0, ainfop->context);
|
||
|
|
||
|
swap_adhdr(ainfop->filehdr);
|
||
|
if (ainfop->attrhdr != NULL) {
|
||
|
swap_attrhdr(ainfop->attrhdr, ainfop);
|
||
|
}
|
||
|
uio_free(auio);
|
||
|
|
||
|
return error;
|
||
|
}
|
||
|
|
||
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||
|
/*
|
||
|
* Endian swap apple double header
|
||
|
*/
|
||
|
static void
|
||
|
swap_adhdr(apple_double_header_t *adh)
|
||
|
{
|
||
|
int count;
|
||
|
int i;
|
||
|
|
||
|
count = (adh->magic == ADH_MAGIC) ? adh->numEntries : SWAP16(adh->numEntries);
|
||
|
|
||
|
adh->magic = SWAP32(adh->magic);
|
||
|
adh->version = SWAP32(adh->version);
|
||
|
adh->numEntries = SWAP16(adh->numEntries);
|
||
|
|
||
|
for (i = 0; i < count; i++) {
|
||
|
adh->entries[i].type = SWAP32(adh->entries[i].type);
|
||
|
adh->entries[i].offset = SWAP32(adh->entries[i].offset);
|
||
|
adh->entries[i].length = SWAP32(adh->entries[i].length);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Endian swap extended attributes header
|
||
|
*/
|
||
|
static void
|
||
|
swap_attrhdr(attr_header_t *ah, attr_info_t* info)
|
||
|
{
|
||
|
attr_entry_t *ae;
|
||
|
int count;
|
||
|
int i;
|
||
|
|
||
|
count = (ah->magic == ATTR_HDR_MAGIC) ? ah->num_attrs : SWAP16(ah->num_attrs);
|
||
|
|
||
|
ah->magic = SWAP32(ah->magic);
|
||
|
ah->debug_tag = SWAP32(ah->debug_tag);
|
||
|
ah->total_size = SWAP32(ah->total_size);
|
||
|
ah->data_start = SWAP32(ah->data_start);
|
||
|
ah->data_length = SWAP32(ah->data_length);
|
||
|
ah->flags = SWAP16(ah->flags);
|
||
|
ah->num_attrs = SWAP16(ah->num_attrs);
|
||
|
|
||
|
ae = (attr_entry_t *)(&ah[1]);
|
||
|
for (i = 0; i < count && ATTR_VALID(ae, *info); i++, ae = ATTR_NEXT(ae)) {
|
||
|
ae->offset = SWAP32(ae->offset);
|
||
|
ae->length = SWAP32(ae->length);
|
||
|
ae->flags = SWAP16(ae->flags);
|
||
|
}
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
/*
|
||
|
* Validate and swap the attributes header contents, and each attribute's
|
||
|
* attr_entry_t.
|
||
|
*
|
||
|
* Note: Assumes the caller has verified that the Finder Info content is large
|
||
|
* enough to contain the attr_header structure itself. Therefore, we can
|
||
|
* swap the header fields before sanity checking them.
|
||
|
*/
|
||
|
static int
|
||
|
check_and_swap_attrhdr(attr_header_t *ah, attr_info_t *ainfop)
|
||
|
{
|
||
|
attr_entry_t *ae;
|
||
|
u_int8_t *buf_end;
|
||
|
u_int32_t end;
|
||
|
int count;
|
||
|
int i;
|
||
|
uint32_t total_header_size;
|
||
|
uint32_t total_data_size;
|
||
|
|
||
|
if (ah == NULL) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
if (SWAP32(ah->magic) != ATTR_HDR_MAGIC) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* Swap the basic header fields */
|
||
|
ah->magic = SWAP32(ah->magic);
|
||
|
ah->debug_tag = SWAP32(ah->debug_tag);
|
||
|
ah->total_size = SWAP32(ah->total_size);
|
||
|
ah->data_start = SWAP32(ah->data_start);
|
||
|
ah->data_length = SWAP32(ah->data_length);
|
||
|
ah->flags = SWAP16(ah->flags);
|
||
|
ah->num_attrs = SWAP16(ah->num_attrs);
|
||
|
|
||
|
/*
|
||
|
* Make sure the total_size fits within the Finder Info area, and the
|
||
|
* extended attribute data area fits within total_size.
|
||
|
*/
|
||
|
end = ah->data_start + ah->data_length;
|
||
|
if (ah->total_size > ainfop->finderinfo->offset + ainfop->finderinfo->length ||
|
||
|
ah->data_start < sizeof(attr_header_t) ||
|
||
|
end < ah->data_start ||
|
||
|
end > ah->total_size) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Make sure each of the attr_entry_t's fits within total_size.
|
||
|
*/
|
||
|
buf_end = ainfop->rawdata + ah->data_start;
|
||
|
if (buf_end > ainfop->rawdata + ainfop->rawsize) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
count = ah->num_attrs;
|
||
|
if (count > 256) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
ae = (attr_entry_t *)(&ah[1]);
|
||
|
|
||
|
total_header_size = sizeof(attr_header_t);
|
||
|
total_data_size = 0;
|
||
|
for (i = 0; i < count; i++) {
|
||
|
/* Make sure the fixed-size part of this attr_entry_t fits. */
|
||
|
if ((u_int8_t *) &ae[1] > buf_end) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* Make sure the variable-length name fits */
|
||
|
if (&ae->name[ae->namelen] > buf_end) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* Make sure that namelen is matching name's real length, namelen included NUL */
|
||
|
if (strnlen((const char *)ae->name, ae->namelen) != ae->namelen - 1) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* Swap the attribute entry fields */
|
||
|
ae->offset = SWAP32(ae->offset);
|
||
|
ae->length = SWAP32(ae->length);
|
||
|
ae->flags = SWAP16(ae->flags);
|
||
|
|
||
|
/* Make sure the attribute content fits and points to the data part */
|
||
|
end = ae->offset + ae->length;
|
||
|
if (end < ae->offset || end > ah->total_size) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* Make sure entry points to data section and not header */
|
||
|
if (ae->offset < ah->data_start || end > ah->data_start + ah->data_length) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* We verified namelen is ok above, so add this entry's size to a total */
|
||
|
if (os_add_overflow(total_header_size, ATTR_ENTRY_LENGTH(ae->namelen), &total_header_size)) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* We verified that entry's length is within data section, so add it to running size total */
|
||
|
if (os_add_overflow(total_data_size, ae->length, &total_data_size)) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
ae = ATTR_NEXT(ae);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* make sure data_start is actually after all the xattr key entries */
|
||
|
if (ah->data_start < total_header_size) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
/* make sure all entries' data length add to header's idea of data length */
|
||
|
if (total_data_size != ah->data_length) {
|
||
|
return EINVAL;
|
||
|
}
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// "start" & "end" are byte offsets in the file.
|
||
|
// "to" is the byte offset we want to move the
|
||
|
// data to. "to" should be > "start".
|
||
|
//
|
||
|
// we do the copy backwards to avoid problems if
|
||
|
// there's an overlap.
|
||
|
//
|
||
|
static int
|
||
|
shift_data_down(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context)
|
||
|
{
|
||
|
int ret, iolen;
|
||
|
size_t chunk, orig_chunk;
|
||
|
char *buff;
|
||
|
off_t pos;
|
||
|
kauth_cred_t ucred = vfs_context_ucred(context);
|
||
|
proc_t p = vfs_context_proc(context);
|
||
|
|
||
|
if (delta == 0 || len == 0) {
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
chunk = 4096;
|
||
|
if (len < chunk) {
|
||
|
chunk = len;
|
||
|
}
|
||
|
orig_chunk = chunk;
|
||
|
|
||
|
buff = kalloc_data(chunk, Z_WAITOK);
|
||
|
if (buff == NULL) {
|
||
|
return ENOMEM;
|
||
|
}
|
||
|
|
||
|
for (pos = start + len - chunk; pos >= start; pos -= chunk) {
|
||
|
ret = vn_rdwr(UIO_READ, xvp, buff, (int)chunk, pos, UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, ucred, &iolen, p);
|
||
|
if (iolen != 0) {
|
||
|
printf("xattr:shift_data: error reading data @ %lld (read %d of %lu) (%d)\n",
|
||
|
pos, ret, chunk, ret);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
ret = vn_rdwr(UIO_WRITE, xvp, buff, (int)chunk, pos + delta, UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, ucred, &iolen, p);
|
||
|
if (iolen != 0) {
|
||
|
printf("xattr:shift_data: error writing data @ %lld (wrote %d of %lu) (%d)\n",
|
||
|
pos + delta, ret, chunk, ret);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if ((pos - (off_t)chunk) < start) {
|
||
|
chunk = pos - start;
|
||
|
|
||
|
if (chunk == 0) { // we're all done
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
kfree_data(buff, orig_chunk);
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
|
||
|
static int
|
||
|
shift_data_up(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context)
|
||
|
{
|
||
|
int ret, iolen;
|
||
|
size_t chunk, orig_chunk;
|
||
|
char *buff;
|
||
|
off_t pos;
|
||
|
off_t end;
|
||
|
kauth_cred_t ucred = vfs_context_ucred(context);
|
||
|
proc_t p = vfs_context_proc(context);
|
||
|
|
||
|
if (delta == 0 || len == 0) {
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
chunk = 4096;
|
||
|
if (len < chunk) {
|
||
|
chunk = len;
|
||
|
}
|
||
|
orig_chunk = chunk;
|
||
|
end = start + len;
|
||
|
|
||
|
buff = kalloc_data(chunk, Z_WAITOK);
|
||
|
if (buff == NULL) {
|
||
|
return ENOMEM;
|
||
|
}
|
||
|
|
||
|
for (pos = start; pos < end; pos += chunk) {
|
||
|
ret = vn_rdwr(UIO_READ, xvp, buff, (int)chunk, pos, UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, ucred, &iolen, p);
|
||
|
if (iolen != 0) {
|
||
|
printf("xattr:shift_data: error reading data @ %lld (read %d of %lu) (%d)\n",
|
||
|
pos, ret, chunk, ret);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
ret = vn_rdwr(UIO_WRITE, xvp, buff, (int)chunk, pos - delta, UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, ucred, &iolen, p);
|
||
|
if (iolen != 0) {
|
||
|
printf("xattr:shift_data: error writing data @ %lld (wrote %d of %lu) (%d)\n",
|
||
|
pos + delta, ret, chunk, ret);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if ((pos + (off_t)chunk) > end) {
|
||
|
chunk = end - pos;
|
||
|
|
||
|
if (chunk == 0) { // we're all done
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
kfree_data(buff, orig_chunk);
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
lock_xattrfile(vnode_t xvp, short locktype, vfs_context_t context)
|
||
|
{
|
||
|
struct flock lf;
|
||
|
int error;
|
||
|
|
||
|
lf.l_whence = SEEK_SET;
|
||
|
lf.l_start = 0;
|
||
|
lf.l_len = 0;
|
||
|
lf.l_type = locktype; /* F_WRLCK or F_RDLCK */
|
||
|
/* Note: id is just a kernel address that's not a proc */
|
||
|
error = VNOP_ADVLOCK(xvp, (caddr_t)xvp, F_SETLK, &lf, F_FLOCK | F_WAIT, context, NULL);
|
||
|
return error == ENOTSUP ? 0 : error;
|
||
|
}
|
||
|
|
||
|
int
|
||
|
unlock_xattrfile(vnode_t xvp, vfs_context_t context)
|
||
|
{
|
||
|
struct flock lf;
|
||
|
int error;
|
||
|
|
||
|
lf.l_whence = SEEK_SET;
|
||
|
lf.l_start = 0;
|
||
|
lf.l_len = 0;
|
||
|
lf.l_type = F_UNLCK;
|
||
|
/* Note: id is just a kernel address that's not a proc */
|
||
|
error = VNOP_ADVLOCK(xvp, (caddr_t)xvp, F_UNLCK, &lf, F_FLOCK, context, NULL);
|
||
|
return error == ENOTSUP ? 0 : error;
|
||
|
}
|
||
|
|
||
|
#else /* CONFIG_APPLEDOUBLE */
|
||
|
|
||
|
|
||
|
static int
|
||
|
default_getxattr(__unused vnode_t vp, __unused const char *name,
|
||
|
__unused uio_t uio, __unused size_t *size, __unused int options,
|
||
|
__unused vfs_context_t context)
|
||
|
{
|
||
|
return ENOTSUP;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
default_setxattr(__unused vnode_t vp, __unused const char *name,
|
||
|
__unused uio_t uio, __unused int options, __unused vfs_context_t context)
|
||
|
{
|
||
|
return ENOTSUP;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
default_listxattr(__unused vnode_t vp,
|
||
|
__unused uio_t uio, __unused size_t *size, __unused int options,
|
||
|
__unused vfs_context_t context)
|
||
|
{
|
||
|
return ENOTSUP;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
default_removexattr(__unused vnode_t vp, __unused const char *name,
|
||
|
__unused int options, __unused vfs_context_t context)
|
||
|
{
|
||
|
return ENOTSUP;
|
||
|
}
|
||
|
|
||
|
#endif /* CONFIG_APPLEDOUBLE */
|