1 | /* |
2 | * Copyright (c) 2004-2012 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | /* |
29 | * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce |
30 | * support for mandatory and extensible security protections. This notice |
31 | * is included in support of clause 2.2 (b) of the Apple Public License, |
32 | * Version 2.0. |
33 | */ |
34 | |
35 | #include <sys/param.h> |
36 | |
37 | #include <sys/fcntl.h> |
38 | #include <sys/fsevents.h> |
39 | #include <sys/kernel.h> |
40 | #include <sys/kauth.h> |
41 | #include <kern/kalloc.h> |
42 | #include <sys/mount_internal.h> |
43 | #include <sys/namei.h> |
44 | #include <sys/proc_internal.h> |
45 | #include <sys/stat.h> |
46 | #include <sys/uio.h> |
47 | #include <sys/utfconv.h> |
48 | #include <sys/vnode.h> |
49 | #include <sys/vnode_internal.h> |
50 | #include <sys/xattr.h> |
51 | |
52 | #include <libkern/OSByteOrder.h> |
53 | #include <vm/vm_kern.h> |
54 | |
55 | #if CONFIG_MACF |
56 | #include <security/mac_framework.h> |
57 | #endif |
58 | |
59 | |
60 | #if NAMEDSTREAMS |
61 | |
62 | static int shadow_sequence; |
63 | |
64 | /* |
65 | * We use %p to prevent loss of precision for pointers on varying architectures. |
66 | */ |
67 | |
68 | #define SHADOW_NAME_FMT ".vfs_rsrc_stream_%p%08x%p" |
69 | #define SHADOW_DIR_FMT ".vfs_rsrc_streams_%p%x" |
70 | #define SHADOW_DIR_CONTAINER "/var/run" |
71 | |
72 | #define MAKE_SHADOW_NAME(VP, NAME) \ |
73 | snprintf((NAME), sizeof((NAME)), (SHADOW_NAME_FMT), \ |
74 | ((void*)(VM_KERNEL_ADDRPERM(VP))), \ |
75 | (VP)->v_id, \ |
76 | ((void*)(VM_KERNEL_ADDRPERM((VP)->v_data)))) |
77 | |
78 | /* The full path to the shadow directory */ |
79 | #define MAKE_SHADOW_DIRNAME(VP, NAME) \ |
80 | snprintf((NAME), sizeof((NAME)), (SHADOW_DIR_CONTAINER "/" SHADOW_DIR_FMT), \ |
81 | ((void*)(VM_KERNEL_ADDRPERM(VP))), shadow_sequence) |
82 | |
83 | /* The shadow directory as a 'leaf' entry */ |
84 | #define MAKE_SHADOW_DIR_LEAF(VP, NAME) \ |
85 | snprintf((NAME), sizeof((NAME)), (SHADOW_DIR_FMT), \ |
86 | ((void*)(VM_KERNEL_ADDRPERM(VP))), shadow_sequence) |
87 | |
88 | static int default_getnamedstream(vnode_t vp, vnode_t *svpp, const char *name, enum nsoperation op, vfs_context_t context); |
89 | |
90 | static int default_makenamedstream(vnode_t vp, vnode_t *svpp, const char *name, vfs_context_t context); |
91 | |
92 | static int default_removenamedstream(vnode_t vp, const char *name, vfs_context_t context); |
93 | |
94 | static int getshadowfile(vnode_t vp, vnode_t *svpp, int makestream, size_t *rsrcsize, int *creator, vfs_context_t context); |
95 | |
96 | static int get_shadow_dir(vnode_t *sdvpp); |
97 | |
98 | #endif /* NAMEDSTREAMS */ |
99 | |
100 | /* |
101 | * Default xattr support routines. |
102 | */ |
103 | |
104 | static int default_getxattr(vnode_t vp, const char *name, uio_t uio, size_t *size, int options, |
105 | vfs_context_t context); |
106 | static int default_setxattr(vnode_t vp, const char *name, uio_t uio, int options, |
107 | vfs_context_t context); |
108 | static int default_listxattr(vnode_t vp, uio_t uio, size_t *size, int options, |
109 | vfs_context_t context); |
110 | static int default_removexattr(vnode_t vp, const char *name, int options, |
111 | vfs_context_t context); |
112 | |
113 | /* |
114 | * Retrieve the data of an extended attribute. |
115 | */ |
116 | int |
117 | vn_getxattr(vnode_t vp, const char *name, uio_t uio, size_t *size, |
118 | int options, vfs_context_t context) |
119 | { |
120 | int error; |
121 | |
122 | if (!XATTR_VNODE_SUPPORTED(vp)) { |
123 | return EPERM; |
124 | } |
125 | #if NAMEDSTREAMS |
126 | /* getxattr calls are not allowed for streams. */ |
127 | if (vp->v_flag & VISNAMEDSTREAM) { |
128 | error = EPERM; |
129 | goto out; |
130 | } |
131 | #endif |
132 | /* |
133 | * Non-kernel request need extra checks performed. |
134 | * |
135 | * The XATTR_NOSECURITY flag implies a kernel request. |
136 | */ |
137 | if (!(options & XATTR_NOSECURITY)) { |
138 | #if CONFIG_MACF |
139 | error = mac_vnode_check_getextattr(ctx: context, vp, name, uio); |
140 | if (error) { |
141 | goto out; |
142 | } |
143 | #endif /* MAC */ |
144 | if ((error = xattr_validatename(name))) { |
145 | goto out; |
146 | } |
147 | if ((error = vnode_authorize(vp, NULL, KAUTH_VNODE_READ_EXTATTRIBUTES, ctx: context))) { |
148 | goto out; |
149 | } |
150 | } |
151 | |
152 | /* The offset can only be non-zero for resource forks. */ |
153 | if (uio_offset(a_uio: uio) != 0 && |
154 | strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) != 0) { |
155 | error = EINVAL; |
156 | goto out; |
157 | } |
158 | |
159 | error = VNOP_GETXATTR(vp, name, uio, size, options, ctx: context); |
160 | if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) { |
161 | /* |
162 | * A filesystem may keep some EAs natively and return ENOTSUP for others. |
163 | */ |
164 | error = default_getxattr(vp, name, uio, size, options, context); |
165 | } |
166 | out: |
167 | return error; |
168 | } |
169 | |
170 | /* |
171 | * Set the data of an extended attribute. |
172 | */ |
173 | int |
174 | vn_setxattr(vnode_t vp, const char *name, uio_t uio, int options, vfs_context_t context) |
175 | { |
176 | int error; |
177 | |
178 | if (!XATTR_VNODE_SUPPORTED(vp)) { |
179 | return EPERM; |
180 | } |
181 | #if NAMEDSTREAMS |
182 | /* setxattr calls are not allowed for streams. */ |
183 | if (vp->v_flag & VISNAMEDSTREAM) { |
184 | error = EPERM; |
185 | goto out; |
186 | } |
187 | #endif |
188 | if ((options & (XATTR_REPLACE | XATTR_CREATE)) == (XATTR_REPLACE | XATTR_CREATE)) { |
189 | return EINVAL; |
190 | } |
191 | if ((error = xattr_validatename(name))) { |
192 | return error; |
193 | } |
194 | if (!(options & XATTR_NOSECURITY)) { |
195 | #if CONFIG_MACF |
196 | error = mac_vnode_check_setextattr(ctx: context, vp, name, uio); |
197 | if (error) { |
198 | goto out; |
199 | } |
200 | #endif /* MAC */ |
201 | error = vnode_authorize(vp, NULL, KAUTH_VNODE_WRITE_EXTATTRIBUTES, ctx: context); |
202 | if (error) { |
203 | goto out; |
204 | } |
205 | } |
206 | /* The offset can only be non-zero for resource forks. */ |
207 | if (uio_offset(a_uio: uio) != 0 && |
208 | strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) != 0) { |
209 | error = EINVAL; |
210 | goto out; |
211 | } |
212 | |
213 | error = VNOP_SETXATTR(vp, name, uio, options, ctx: context); |
214 | #ifdef DUAL_EAS |
215 | /* |
216 | * An EJUSTRETURN is from a filesystem which keeps this xattr |
217 | * natively as well as in a dot-underscore file. In this case the |
218 | * EJUSTRETURN means the filesytem has done nothing, but identifies the |
219 | * EA as one which may be represented natively and/or in a DU, and |
220 | * since XATTR_CREATE or XATTR_REPLACE was specified, only up here in |
221 | * in vn_setxattr can we do the getxattrs needed to ascertain whether |
222 | * the XATTR_{CREATE,REPLACE} should yield an error. |
223 | */ |
224 | if (error == EJUSTRETURN) { |
225 | int native = 0, dufile = 0; |
226 | size_t sz; /* not used */ |
227 | |
228 | native = VNOP_GETXATTR(vp, name, NULL, &sz, 0, context) ? 0 : 1; |
229 | dufile = default_getxattr(vp, name, NULL, &sz, 0, context) ? 0 : 1; |
230 | if (options & XATTR_CREATE && (native || dufile)) { |
231 | error = EEXIST; |
232 | goto out; |
233 | } |
234 | if (options & XATTR_REPLACE && !(native || dufile)) { |
235 | error = ENOATTR; |
236 | goto out; |
237 | } |
238 | /* |
239 | * Having determined no CREATE/REPLACE error should result, we |
240 | * zero those bits, so both backing stores get written to. |
241 | */ |
242 | options &= ~(XATTR_CREATE | XATTR_REPLACE); |
243 | error = VNOP_SETXATTR(vp, name, uio, options, context); |
244 | /* the mainline path here is to have error==ENOTSUP ... */ |
245 | } |
246 | #endif /* DUAL_EAS */ |
247 | if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) { |
248 | /* |
249 | * A filesystem may keep some EAs natively and return ENOTSUP for others. |
250 | */ |
251 | error = default_setxattr(vp, name, uio, options, context); |
252 | } |
253 | #if CONFIG_MACF |
254 | if ((error == 0) && !(options & XATTR_NOSECURITY)) { |
255 | mac_vnode_notify_setextattr(ctx: context, vp, name, uio); |
256 | if (vfs_flags(mp: vnode_mount(vp)) & MNT_MULTILABEL) { |
257 | mac_vnode_label_update_extattr(mp: vnode_mount(vp), vp, name); |
258 | } |
259 | } |
260 | #endif |
261 | out: |
262 | return error; |
263 | } |
264 | |
265 | /* |
266 | * Remove an extended attribute. |
267 | */ |
268 | int |
269 | vn_removexattr(vnode_t vp, const char * name, int options, vfs_context_t context) |
270 | { |
271 | int error; |
272 | |
273 | if (!XATTR_VNODE_SUPPORTED(vp)) { |
274 | return EPERM; |
275 | } |
276 | #if NAMEDSTREAMS |
277 | /* removexattr calls are not allowed for streams. */ |
278 | if (vp->v_flag & VISNAMEDSTREAM) { |
279 | error = EPERM; |
280 | goto out; |
281 | } |
282 | #endif |
283 | if ((error = xattr_validatename(name))) { |
284 | return error; |
285 | } |
286 | if (!(options & XATTR_NOSECURITY)) { |
287 | #if CONFIG_MACF |
288 | error = mac_vnode_check_deleteextattr(ctx: context, vp, name); |
289 | if (error) { |
290 | goto out; |
291 | } |
292 | #endif /* MAC */ |
293 | error = vnode_authorize(vp, NULL, KAUTH_VNODE_WRITE_EXTATTRIBUTES, ctx: context); |
294 | if (error) { |
295 | goto out; |
296 | } |
297 | } |
298 | error = VNOP_REMOVEXATTR(vp, name, options, context); |
299 | if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) { |
300 | /* |
301 | * A filesystem may keep some EAs natively and return ENOTSUP for others. |
302 | */ |
303 | error = default_removexattr(vp, name, options, context); |
304 | #ifdef DUAL_EAS |
305 | } else if (error == EJUSTRETURN) { |
306 | /* |
307 | * EJUSTRETURN is from a filesystem which keeps this xattr natively as well |
308 | * as in a dot-underscore file. EJUSTRETURN means the filesytem did remove |
309 | * a native xattr, so failure to find it in a DU file during |
310 | * default_removexattr should not be considered an error. |
311 | */ |
312 | error = default_removexattr(vp, name, options, context); |
313 | if (error == ENOATTR) { |
314 | error = 0; |
315 | } |
316 | #endif /* DUAL_EAS */ |
317 | } |
318 | #if CONFIG_MACF |
319 | if ((error == 0) && !(options & XATTR_NOSECURITY)) { |
320 | mac_vnode_notify_deleteextattr(ctx: context, vp, name); |
321 | if (vfs_flags(mp: vnode_mount(vp)) & MNT_MULTILABEL) { |
322 | mac_vnode_label_update_extattr(mp: vnode_mount(vp), vp, name); |
323 | } |
324 | } |
325 | #endif |
326 | out: |
327 | return error; |
328 | } |
329 | |
330 | /* |
331 | * Retrieve the list of extended attribute names. |
332 | */ |
333 | int |
334 | vn_listxattr(vnode_t vp, uio_t uio, size_t *size, int options, vfs_context_t context) |
335 | { |
336 | int error; |
337 | |
338 | if (!XATTR_VNODE_SUPPORTED(vp)) { |
339 | return EPERM; |
340 | } |
341 | #if NAMEDSTREAMS |
342 | /* listxattr calls are not allowed for streams. */ |
343 | if (vp->v_flag & VISNAMEDSTREAM) { |
344 | return EPERM; |
345 | } |
346 | #endif |
347 | |
348 | if (!(options & XATTR_NOSECURITY)) { |
349 | #if CONFIG_MACF |
350 | error = mac_vnode_check_listextattr(ctx: context, vp); |
351 | if (error) { |
352 | goto out; |
353 | } |
354 | #endif /* MAC */ |
355 | |
356 | error = vnode_authorize(vp, NULL, KAUTH_VNODE_READ_EXTATTRIBUTES, ctx: context); |
357 | if (error) { |
358 | goto out; |
359 | } |
360 | } |
361 | |
362 | error = VNOP_LISTXATTR(vp, uio, size, options, context); |
363 | if (error == ENOTSUP && !(options & XATTR_NODEFAULT)) { |
364 | /* |
365 | * A filesystem may keep some but not all EAs natively, in which case |
366 | * the native EA names will have been uiomove-d out (or *size updated) |
367 | * and the default_listxattr here will finish the job. |
368 | */ |
369 | error = default_listxattr(vp, uio, size, options, context); |
370 | } |
371 | out: |
372 | return error; |
373 | } |
374 | |
375 | int |
376 | xattr_validatename(const char *name) |
377 | { |
378 | size_t namelen; |
379 | |
380 | if (name == NULL || name[0] == '\0') { |
381 | return EINVAL; |
382 | } |
383 | namelen = strlen(s: name); |
384 | |
385 | if (utf8_validatestr(utf8p: (const unsigned char *)name, utf8len: namelen) != 0) { |
386 | return EINVAL; |
387 | } |
388 | |
389 | return 0; |
390 | } |
391 | |
392 | |
393 | /* |
394 | * Determine whether an EA is a protected system attribute. |
395 | */ |
396 | int |
397 | xattr_protected(const char *attrname) |
398 | { |
399 | return !strncmp(s1: attrname, s2: "com.apple.system." , n: 17); |
400 | } |
401 | |
402 | |
403 | static void |
404 | vnode_setasnamedstream_internal(vnode_t vp, vnode_t svp) |
405 | { |
406 | uint32_t streamflags = VISNAMEDSTREAM; |
407 | |
408 | if ((vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) == 0) { |
409 | streamflags |= VISSHADOW; |
410 | } |
411 | |
412 | /* Tag the vnode. */ |
413 | vnode_lock_spin(svp); |
414 | svp->v_flag |= streamflags; |
415 | vnode_unlock(svp); |
416 | |
417 | /* Tag the parent so we know to flush credentials for streams on setattr */ |
418 | vnode_lock_spin(vp); |
419 | vp->v_lflag |= VL_HASSTREAMS; |
420 | vnode_unlock(vp); |
421 | |
422 | /* Make the file it's parent. |
423 | * Note: This parent link helps us distinguish vnodes for |
424 | * shadow stream files from vnodes for resource fork on file |
425 | * systems that support namedstream natively (both have |
426 | * VISNAMEDSTREAM set) by allowing access to mount structure |
427 | * for checking MNTK_NAMED_STREAMS bit at many places in the |
428 | * code. |
429 | */ |
430 | vnode_update_identity(vp: svp, dvp: vp, NULL, name_len: 0, name_hashval: 0, VNODE_UPDATE_NAMEDSTREAM_PARENT); |
431 | |
432 | if (vnode_isdyldsharedcache(vp)) { |
433 | vnode_lock_spin(svp); |
434 | svp->v_flag |= VSHARED_DYLD; |
435 | vnode_unlock(svp); |
436 | } |
437 | |
438 | return; |
439 | } |
440 | |
441 | errno_t |
442 | vnode_setasnamedstream(vnode_t vp, vnode_t svp) |
443 | { |
444 | if ((vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) == 0) { |
445 | return EINVAL; |
446 | } |
447 | |
448 | vnode_setasnamedstream_internal(vp, svp); |
449 | return 0; |
450 | } |
451 | |
452 | #if NAMEDSTREAMS |
453 | |
454 | /* |
455 | * Obtain a named stream from vnode vp. |
456 | */ |
457 | errno_t |
458 | vnode_getnamedstream(vnode_t vp, vnode_t *svpp, const char *name, enum nsoperation op, int flags, vfs_context_t context) |
459 | { |
460 | int error; |
461 | |
462 | if (vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) { |
463 | error = VNOP_GETNAMEDSTREAM(vp, svpp, name, op, flags, context); |
464 | } else { |
465 | if (flags) { |
466 | error = ENOTSUP; |
467 | } else { |
468 | error = default_getnamedstream(vp, svpp, name, op, context); |
469 | } |
470 | } |
471 | |
472 | if (error == 0) { |
473 | vnode_setasnamedstream_internal(vp, svp: *svpp); |
474 | } |
475 | |
476 | return error; |
477 | } |
478 | |
479 | /* |
480 | * Make a named stream for vnode vp. |
481 | */ |
482 | errno_t |
483 | vnode_makenamedstream(vnode_t vp, vnode_t *svpp, const char *name, int flags, vfs_context_t context) |
484 | { |
485 | int error; |
486 | |
487 | if (vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) { |
488 | error = VNOP_MAKENAMEDSTREAM(vp, svpp, name, flags, context); |
489 | } else { |
490 | error = default_makenamedstream(vp, svpp, name, context); |
491 | } |
492 | |
493 | if (error == 0) { |
494 | vnode_setasnamedstream_internal(vp, svp: *svpp); |
495 | } |
496 | |
497 | return error; |
498 | } |
499 | |
500 | /* |
501 | * Remove a named stream from vnode vp. |
502 | */ |
503 | errno_t |
504 | vnode_removenamedstream(vnode_t vp, vnode_t svp, const char *name, int flags, vfs_context_t context) |
505 | { |
506 | int error; |
507 | |
508 | if (vp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) { |
509 | error = VNOP_REMOVENAMEDSTREAM(vp, svp, name, flags, context); |
510 | } else { |
511 | error = default_removenamedstream(vp, name, context); |
512 | } |
513 | |
514 | return error; |
515 | } |
516 | |
517 | #define NS_IOBUFSIZE (128 * 1024) |
518 | |
519 | /* |
520 | * Release a named stream shadow file. |
521 | * |
522 | * Note: This function is called from two places where we do not need |
523 | * to check if the vnode has any references held before deleting the |
524 | * shadow file. Once from vclean() when the vnode is being reclaimed |
525 | * and we do not hold any references on the vnode. Second time from |
526 | * default_getnamedstream() when we get an error during shadow stream |
527 | * file initialization so that other processes who are waiting for the |
528 | * shadow stream file initialization by the creator will get opportunity |
529 | * to create and initialize the file again. |
530 | */ |
531 | errno_t |
532 | vnode_relenamedstream(vnode_t vp, vnode_t svp) |
533 | { |
534 | vnode_t dvp; |
535 | struct componentname cn; |
536 | char tmpname[80]; |
537 | errno_t err; |
538 | |
539 | /* |
540 | * We need to use the kernel context here. If we used the supplied |
541 | * VFS context we have no clue whether or not it originated from userland |
542 | * where it could be subject to a chroot jail. We need to ensure that all |
543 | * filesystem access to shadow files is done on the same FS regardless of |
544 | * userland process restrictions. |
545 | */ |
546 | vfs_context_t kernelctx = vfs_context_kernel(); |
547 | |
548 | cache_purge(vp: svp); |
549 | |
550 | vnode_lock(svp); |
551 | MAKE_SHADOW_NAME(vp, tmpname); |
552 | vnode_unlock(svp); |
553 | |
554 | cn.cn_nameiop = DELETE; |
555 | cn.cn_flags = ISLASTCN; |
556 | cn.cn_context = kernelctx; |
557 | cn.cn_pnbuf = tmpname; |
558 | cn.cn_pnlen = sizeof(tmpname); |
559 | cn.cn_nameptr = cn.cn_pnbuf; |
560 | cn.cn_namelen = (int)strlen(s: tmpname); |
561 | |
562 | /* |
563 | * Obtain the vnode for the shadow files directory. Make sure to |
564 | * use the kernel ctx as described above. |
565 | */ |
566 | err = get_shadow_dir(sdvpp: &dvp); |
567 | if (err != 0) { |
568 | return err; |
569 | } |
570 | |
571 | (void) VNOP_REMOVE(dvp, svp, &cn, 0, kernelctx); |
572 | vnode_put(vp: dvp); |
573 | |
574 | return 0; |
575 | } |
576 | |
577 | /* |
578 | * Flush a named stream shadow file. |
579 | * |
580 | * 'vp' represents the AppleDouble file. |
581 | * 'svp' represents the shadow file. |
582 | */ |
583 | errno_t |
584 | vnode_flushnamedstream(vnode_t vp, vnode_t svp, vfs_context_t context) |
585 | { |
586 | struct vnode_attr va; |
587 | uio_t auio = NULL; |
588 | caddr_t bufptr = NULL; |
589 | size_t bufsize = 0; |
590 | size_t offset; |
591 | size_t iosize; |
592 | size_t datasize; |
593 | int error; |
594 | /* |
595 | * The kernel context must be used for all I/O to the shadow file |
596 | * and its namespace operations |
597 | */ |
598 | vfs_context_t kernelctx = vfs_context_kernel(); |
599 | |
600 | /* The supplied context is used for access to the AD file itself */ |
601 | |
602 | VATTR_INIT(&va); |
603 | VATTR_WANTED(&va, va_data_size); |
604 | if (VNOP_GETATTR(svp, &va, context) != 0 || |
605 | !VATTR_IS_SUPPORTED(&va, va_data_size)) { |
606 | return 0; |
607 | } |
608 | if (va.va_data_size > UINT32_MAX) { |
609 | return EINVAL; |
610 | } |
611 | datasize = (size_t)va.va_data_size; |
612 | if (datasize == 0) { |
613 | (void) default_removexattr(vp, XATTR_RESOURCEFORK_NAME, options: 0, context); |
614 | return 0; |
615 | } |
616 | |
617 | iosize = bufsize = MIN(datasize, NS_IOBUFSIZE); |
618 | bufptr = kalloc_data(bufsize, Z_WAITOK); |
619 | if (bufptr == NULL) { |
620 | return ENOMEM; |
621 | } |
622 | auio = uio_create(a_iovcount: 1, a_offset: 0, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_READ); |
623 | offset = 0; |
624 | |
625 | /* |
626 | * Copy the shadow stream file data into the resource fork. |
627 | */ |
628 | error = VNOP_OPEN(svp, 0, kernelctx); |
629 | if (error) { |
630 | printf("vnode_flushnamedstream: err %d opening file\n" , error); |
631 | goto out; |
632 | } |
633 | while (offset < datasize) { |
634 | iosize = MIN(datasize - offset, iosize); |
635 | |
636 | uio_reset(a_uio: auio, a_offset: offset, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_READ); |
637 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)bufptr, a_length: iosize); |
638 | error = VNOP_READ(vp: svp, uio: auio, ioflag: 0, ctx: kernelctx); |
639 | if (error) { |
640 | break; |
641 | } |
642 | /* Since there's no truncate xattr we must remove the resource fork. */ |
643 | if (offset == 0) { |
644 | error = default_removexattr(vp, XATTR_RESOURCEFORK_NAME, options: 0, context); |
645 | if ((error != 0) && (error != ENOATTR)) { |
646 | break; |
647 | } |
648 | } |
649 | uio_reset(a_uio: auio, a_offset: offset, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_WRITE); |
650 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)bufptr, a_length: iosize); |
651 | error = vn_setxattr(vp, XATTR_RESOURCEFORK_NAME, uio: auio, XATTR_NOSECURITY, context); |
652 | if (error) { |
653 | break; |
654 | } |
655 | offset += iosize; |
656 | } |
657 | |
658 | /* close shadowfile */ |
659 | (void) VNOP_CLOSE(svp, 0, kernelctx); |
660 | out: |
661 | kfree_data(bufptr, bufsize); |
662 | if (auio) { |
663 | uio_free(a_uio: auio); |
664 | } |
665 | return error; |
666 | } |
667 | |
668 | |
669 | /* |
670 | * Verify that the vnode 'vp' is a vnode that lives in the shadow |
671 | * directory. We can't just query the parent pointer directly since |
672 | * the shadowfile is hooked up to the actual file it's a stream for. |
673 | */ |
674 | errno_t |
675 | vnode_verifynamedstream(vnode_t vp) |
676 | { |
677 | int error; |
678 | struct vnode *shadow_dvp = NULL; |
679 | struct vnode *shadowfile = NULL; |
680 | struct componentname cn; |
681 | |
682 | /* |
683 | * We need to use the kernel context here. If we used the supplied |
684 | * VFS context we have no clue whether or not it originated from userland |
685 | * where it could be subject to a chroot jail. We need to ensure that all |
686 | * filesystem access to shadow files is done on the same FS regardless of |
687 | * userland process restrictions. |
688 | */ |
689 | vfs_context_t kernelctx = vfs_context_kernel(); |
690 | char tmpname[80]; |
691 | |
692 | |
693 | /* Get the shadow directory vnode */ |
694 | error = get_shadow_dir(sdvpp: &shadow_dvp); |
695 | if (error) { |
696 | return error; |
697 | } |
698 | |
699 | /* Re-generate the shadow name in the buffer */ |
700 | MAKE_SHADOW_NAME(vp, tmpname); |
701 | |
702 | /* Look up item in shadow dir */ |
703 | bzero(s: &cn, n: sizeof(cn)); |
704 | cn.cn_nameiop = LOOKUP; |
705 | cn.cn_flags = ISLASTCN | CN_ALLOWRSRCFORK; |
706 | cn.cn_context = kernelctx; |
707 | cn.cn_pnbuf = tmpname; |
708 | cn.cn_pnlen = sizeof(tmpname); |
709 | cn.cn_nameptr = cn.cn_pnbuf; |
710 | cn.cn_namelen = (int)strlen(s: tmpname); |
711 | |
712 | if (VNOP_LOOKUP(shadow_dvp, &shadowfile, &cn, kernelctx) == 0) { |
713 | /* is the pointer the same? */ |
714 | if (shadowfile == vp) { |
715 | error = 0; |
716 | } else { |
717 | error = EPERM; |
718 | } |
719 | /* drop the iocount acquired */ |
720 | vnode_put(vp: shadowfile); |
721 | } |
722 | |
723 | /* Drop iocount on shadow dir */ |
724 | vnode_put(vp: shadow_dvp); |
725 | return error; |
726 | } |
727 | |
728 | /* |
729 | * Access or create the shadow file as needed. |
730 | * |
731 | * 'makestream' with non-zero value means that we need to guarantee we were the |
732 | * creator of the shadow file. |
733 | * |
734 | * 'context' is the user supplied context for the original VFS operation that |
735 | * caused us to need a shadow file. |
736 | * |
737 | * int pointed to by 'creator' is nonzero if we created the shadowfile. |
738 | */ |
739 | static int |
740 | getshadowfile(vnode_t vp, vnode_t *svpp, int makestream, size_t *rsrcsize, |
741 | int *creator, vfs_context_t context) |
742 | { |
743 | vnode_t dvp = NULLVP; |
744 | vnode_t svp = NULLVP; |
745 | struct componentname cn; |
746 | struct vnode_attr va; |
747 | char tmpname[80]; |
748 | size_t datasize = 0; |
749 | int error = 0; |
750 | int retries = 0; |
751 | vfs_context_t kernelctx = vfs_context_kernel(); |
752 | |
753 | retry_create: |
754 | *creator = 0; |
755 | /* Establish a unique file name. */ |
756 | MAKE_SHADOW_NAME(vp, tmpname); |
757 | bzero(s: &cn, n: sizeof(cn)); |
758 | cn.cn_nameiop = LOOKUP; |
759 | cn.cn_flags = ISLASTCN; |
760 | cn.cn_context = context; |
761 | cn.cn_pnbuf = tmpname; |
762 | cn.cn_pnlen = sizeof(tmpname); |
763 | cn.cn_nameptr = cn.cn_pnbuf; |
764 | cn.cn_namelen = (int)strlen(s: tmpname); |
765 | |
766 | /* Pick up uid, gid, mode and date from original file. */ |
767 | VATTR_INIT(&va); |
768 | VATTR_WANTED(&va, va_uid); |
769 | VATTR_WANTED(&va, va_gid); |
770 | VATTR_WANTED(&va, va_mode); |
771 | VATTR_WANTED(&va, va_create_time); |
772 | VATTR_WANTED(&va, va_modify_time); |
773 | if (VNOP_GETATTR(vp, &va, context) != 0 || |
774 | !VATTR_IS_SUPPORTED(&va, va_uid) || |
775 | !VATTR_IS_SUPPORTED(&va, va_gid) || |
776 | !VATTR_IS_SUPPORTED(&va, va_mode)) { |
777 | va.va_uid = KAUTH_UID_NONE; |
778 | va.va_gid = KAUTH_GID_NONE; |
779 | va.va_mode = S_IRUSR | S_IWUSR; |
780 | } |
781 | va.va_vaflags = VA_EXCLUSIVE; |
782 | VATTR_SET(&va, va_type, VREG); |
783 | /* We no longer change the access, but we still hide it. */ |
784 | VATTR_SET(&va, va_flags, UF_HIDDEN); |
785 | |
786 | /* Obtain the vnode for the shadow files directory. */ |
787 | if (get_shadow_dir(sdvpp: &dvp) != 0) { |
788 | error = ENOTDIR; |
789 | goto out; |
790 | } |
791 | if (!makestream) { |
792 | /* See if someone else already has it open. */ |
793 | if (VNOP_LOOKUP(dvp, &svp, &cn, kernelctx) == 0) { |
794 | /* Double check existence by asking for size. */ |
795 | VATTR_INIT(&va); |
796 | VATTR_WANTED(&va, va_data_size); |
797 | if (VNOP_GETATTR(svp, &va, context) == 0 && |
798 | VATTR_IS_SUPPORTED(&va, va_data_size)) { |
799 | goto out; /* OK to use. */ |
800 | } |
801 | } |
802 | |
803 | /* |
804 | * Otherwise make sure the resource fork data exists. |
805 | * Use the supplied context for accessing the AD file. |
806 | */ |
807 | error = vn_getxattr(vp, XATTR_RESOURCEFORK_NAME, NULL, size: &datasize, |
808 | XATTR_NOSECURITY, context); |
809 | /* |
810 | * To maintain binary compatibility with legacy Carbon |
811 | * emulated resource fork support, if the resource fork |
812 | * doesn't exist but the Finder Info does, then act as |
813 | * if an empty resource fork is present (see 4724359). |
814 | */ |
815 | if ((error == ENOATTR) && |
816 | (vn_getxattr(vp, XATTR_FINDERINFO_NAME, NULL, size: &datasize, |
817 | XATTR_NOSECURITY, context) == 0)) { |
818 | datasize = 0; |
819 | error = 0; |
820 | } else { |
821 | if (error) { |
822 | goto out; |
823 | } |
824 | |
825 | /* If the resource fork exists, its size is expected to be non-zero. */ |
826 | if (datasize == 0) { |
827 | error = ENOATTR; |
828 | goto out; |
829 | } |
830 | } |
831 | } |
832 | /* Create the shadow stream file. */ |
833 | error = VNOP_CREATE(dvp, &svp, &cn, &va, kernelctx); |
834 | if (error == 0) { |
835 | vnode_recycle(vp: svp); |
836 | *creator = 1; |
837 | } else if ((error == EEXIST) && !makestream) { |
838 | error = VNOP_LOOKUP(dvp, &svp, &cn, kernelctx); |
839 | } else if ((error == ENOENT) && !makestream) { |
840 | /* |
841 | * We could have raced with a rmdir on the shadow directory |
842 | * post-lookup. Retry from the beginning, 1x only, to |
843 | * try and see if we need to re-create the shadow directory |
844 | * in get_shadow_dir. |
845 | */ |
846 | if (retries == 0) { |
847 | retries++; |
848 | if (dvp) { |
849 | vnode_put(vp: dvp); |
850 | dvp = NULLVP; |
851 | } |
852 | if (svp) { |
853 | vnode_put(vp: svp); |
854 | svp = NULLVP; |
855 | } |
856 | goto retry_create; |
857 | } |
858 | /* Otherwise, just error out normally below */ |
859 | } |
860 | |
861 | out: |
862 | if (dvp) { |
863 | vnode_put(vp: dvp); |
864 | } |
865 | if (error) { |
866 | /* On errors, clean up shadow stream file. */ |
867 | if (svp) { |
868 | vnode_put(vp: svp); |
869 | svp = NULLVP; |
870 | } |
871 | } |
872 | *svpp = svp; |
873 | if (rsrcsize) { |
874 | *rsrcsize = datasize; |
875 | } |
876 | return error; |
877 | } |
878 | |
879 | |
880 | static int |
881 | default_getnamedstream(vnode_t vp, vnode_t *svpp, const char *name, enum nsoperation op, vfs_context_t context) |
882 | { |
883 | vnode_t svp = NULLVP; |
884 | uio_t auio = NULL; |
885 | caddr_t bufptr = NULL; |
886 | size_t bufsize = 0; |
887 | size_t datasize = 0; |
888 | int creator; |
889 | int error; |
890 | |
891 | /* need the kernel context for accessing the shadowfile */ |
892 | vfs_context_t kernelctx = vfs_context_kernel(); |
893 | |
894 | /* |
895 | * Only the "com.apple.ResourceFork" stream is supported here. |
896 | */ |
897 | if (strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) != 0) { |
898 | *svpp = NULLVP; |
899 | return ENOATTR; |
900 | } |
901 | retry: |
902 | /* |
903 | * Obtain a shadow file for the resource fork I/O. |
904 | * |
905 | * Need to pass along the supplied context so that getshadowfile |
906 | * can access the AD file as needed, using it. |
907 | */ |
908 | error = getshadowfile(vp, svpp: &svp, makestream: 0, rsrcsize: &datasize, creator: &creator, context); |
909 | if (error) { |
910 | *svpp = NULLVP; |
911 | return error; |
912 | } |
913 | |
914 | /* |
915 | * The creator of the shadow file provides its file data, |
916 | * all other threads should wait until its ready. In order to |
917 | * prevent a deadlock during error codepaths, we need to check if the |
918 | * vnode is being created, or if it has failed out. Regardless of success or |
919 | * failure, we set the VISSHADOW bit on the vnode, so we check that |
920 | * if the vnode's flags don't have VISNAMEDSTREAM set. If it doesn't, |
921 | * then we can infer the creator isn't done yet. If it's there, but |
922 | * VISNAMEDSTREAM is not set, then we can infer it errored out and we should |
923 | * try again. |
924 | */ |
925 | if (!creator) { |
926 | vnode_lock(svp); |
927 | if (svp->v_flag & VISNAMEDSTREAM) { |
928 | /* data is ready, go use it */ |
929 | vnode_unlock(svp); |
930 | goto out; |
931 | } else { |
932 | /* It's not ready, wait for it (sleep using v_parent as channel) */ |
933 | if ((svp->v_flag & VISSHADOW)) { |
934 | /* |
935 | * No VISNAMEDSTREAM, but we did see VISSHADOW, indicating that the other |
936 | * thread is done with this vnode. Just unlock the vnode and try again |
937 | */ |
938 | vnode_unlock(svp); |
939 | } else { |
940 | /* Otherwise, sleep if the shadow file is not created yet */ |
941 | msleep(chan: (caddr_t)&svp->v_parent, mtx: &svp->v_lock, PINOD | PDROP, |
942 | wmesg: "getnamedstream" , NULL); |
943 | } |
944 | vnode_put(vp: svp); |
945 | svp = NULLVP; |
946 | goto retry; |
947 | } |
948 | } |
949 | |
950 | /* |
951 | * Copy the real resource fork data into shadow stream file. |
952 | */ |
953 | if (op == NS_OPEN && datasize != 0) { |
954 | size_t offset; |
955 | size_t iosize; |
956 | |
957 | iosize = bufsize = MIN(datasize, NS_IOBUFSIZE); |
958 | bufptr = kalloc_data(bufsize, Z_WAITOK); |
959 | if (bufptr == NULL) { |
960 | error = ENOMEM; |
961 | goto out; |
962 | } |
963 | |
964 | auio = uio_create(a_iovcount: 1, a_offset: 0, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_READ); |
965 | offset = 0; |
966 | |
967 | /* open the shadow file */ |
968 | error = VNOP_OPEN(svp, 0, kernelctx); |
969 | if (error) { |
970 | goto out; |
971 | } |
972 | while (offset < datasize) { |
973 | size_t tmpsize; |
974 | |
975 | iosize = MIN(datasize - offset, iosize); |
976 | |
977 | uio_reset(a_uio: auio, a_offset: offset, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_READ); |
978 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)bufptr, a_length: iosize); |
979 | /* use supplied ctx for AD file */ |
980 | error = vn_getxattr(vp, XATTR_RESOURCEFORK_NAME, uio: auio, size: &tmpsize, |
981 | XATTR_NOSECURITY, context); |
982 | if (error) { |
983 | break; |
984 | } |
985 | |
986 | uio_reset(a_uio: auio, a_offset: offset, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_WRITE); |
987 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)bufptr, a_length: iosize); |
988 | /* kernel context for writing shadowfile */ |
989 | error = VNOP_WRITE(vp: svp, uio: auio, ioflag: 0, ctx: kernelctx); |
990 | if (error) { |
991 | break; |
992 | } |
993 | offset += iosize; |
994 | } |
995 | |
996 | /* close shadow file */ |
997 | (void) VNOP_CLOSE(svp, 0, kernelctx); |
998 | } |
999 | out: |
1000 | /* Wake up anyone waiting for svp file content */ |
1001 | if (creator) { |
1002 | if (error == 0) { |
1003 | vnode_lock(svp); |
1004 | /* VISSHADOW would be set later on anyway, so we set it now */ |
1005 | svp->v_flag |= (VISNAMEDSTREAM | VISSHADOW); |
1006 | wakeup(chan: (caddr_t)&svp->v_parent); |
1007 | vnode_unlock(svp); |
1008 | } else { |
1009 | /* On post create errors, get rid of the shadow file. This |
1010 | * way if there is another process waiting for initialization |
1011 | * of the shadowfile by the current process will wake up and |
1012 | * retry by creating and initializing the shadow file again. |
1013 | * Also add the VISSHADOW bit here to indicate we're done operating |
1014 | * on this vnode. |
1015 | */ |
1016 | (void)vnode_relenamedstream(vp, svp); |
1017 | vnode_lock(svp); |
1018 | svp->v_flag |= VISSHADOW; |
1019 | wakeup(chan: (caddr_t)&svp->v_parent); |
1020 | vnode_unlock(svp); |
1021 | } |
1022 | } |
1023 | |
1024 | kfree_data(bufptr, bufsize); |
1025 | if (auio) { |
1026 | uio_free(a_uio: auio); |
1027 | } |
1028 | if (error) { |
1029 | /* On errors, clean up shadow stream file. */ |
1030 | if (svp) { |
1031 | vnode_put(vp: svp); |
1032 | svp = NULLVP; |
1033 | } |
1034 | } |
1035 | *svpp = svp; |
1036 | return error; |
1037 | } |
1038 | |
1039 | static int |
1040 | default_makenamedstream(vnode_t vp, vnode_t *svpp, const char *name, vfs_context_t context) |
1041 | { |
1042 | int creator; |
1043 | int error; |
1044 | |
1045 | /* |
1046 | * Only the "com.apple.ResourceFork" stream is supported here. |
1047 | */ |
1048 | if (strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) != 0) { |
1049 | *svpp = NULLVP; |
1050 | return ENOATTR; |
1051 | } |
1052 | |
1053 | /* Supply the context to getshadowfile so it can manipulate the AD file */ |
1054 | error = getshadowfile(vp, svpp, makestream: 1, NULL, creator: &creator, context); |
1055 | |
1056 | /* |
1057 | * Wake up any waiters over in default_getnamedstream(). |
1058 | */ |
1059 | if ((error == 0) && (*svpp != NULL) && creator) { |
1060 | vnode_t svp = *svpp; |
1061 | |
1062 | vnode_lock(svp); |
1063 | /* If we're the creator, mark it as a named stream */ |
1064 | svp->v_flag |= (VISNAMEDSTREAM | VISSHADOW); |
1065 | /* Wakeup any waiters on the v_parent channel */ |
1066 | wakeup(chan: (caddr_t)&svp->v_parent); |
1067 | vnode_unlock(svp); |
1068 | } |
1069 | |
1070 | return error; |
1071 | } |
1072 | |
1073 | static int |
1074 | default_removenamedstream(vnode_t vp, const char *name, vfs_context_t context) |
1075 | { |
1076 | /* |
1077 | * Only the "com.apple.ResourceFork" stream is supported here. |
1078 | */ |
1079 | if (strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) != 0) { |
1080 | return ENOATTR; |
1081 | } |
1082 | /* |
1083 | * XXX - what about other opened instances? |
1084 | */ |
1085 | return default_removexattr(vp, XATTR_RESOURCEFORK_NAME, options: 0, context); |
1086 | } |
1087 | |
1088 | static int |
1089 | get_shadow_dir(vnode_t *sdvpp) |
1090 | { |
1091 | vnode_t dvp = NULLVP; |
1092 | vnode_t sdvp = NULLVP; |
1093 | struct componentname cn; |
1094 | struct vnode_attr va; |
1095 | char tmpname[80]; |
1096 | uint32_t tmp_fsid; |
1097 | int error; |
1098 | vfs_context_t kernelctx = vfs_context_kernel(); |
1099 | |
1100 | bzero(s: tmpname, n: sizeof(tmpname)); |
1101 | MAKE_SHADOW_DIRNAME(rootvnode, tmpname); |
1102 | /* |
1103 | * Look up the shadow directory to ensure that it still exists. |
1104 | * By looking it up, we get an iocounted dvp to use, and avoid some coherency issues |
1105 | * in caching it when multiple threads may be trying to manipulate the pointers. |
1106 | * |
1107 | * Make sure to use the kernel context. We want a singular view of |
1108 | * the shadow dir regardless of chrooted processes. |
1109 | */ |
1110 | error = vnode_lookup(path: tmpname, flags: 0, vpp: &sdvp, ctx: kernelctx); |
1111 | if (error == 0) { |
1112 | /* |
1113 | * If we get here, then we have successfully looked up the shadow dir, |
1114 | * and it has an iocount from the lookup. Return the vp in the output argument. |
1115 | */ |
1116 | *sdvpp = sdvp; |
1117 | return 0; |
1118 | } |
1119 | /* In the failure case, no iocount is acquired */ |
1120 | sdvp = NULLVP; |
1121 | bzero(s: tmpname, n: sizeof(tmpname)); |
1122 | |
1123 | /* |
1124 | * Obtain the vnode for "/var/run" directory using the kernel |
1125 | * context. |
1126 | * |
1127 | * This is defined in the SHADOW_DIR_CONTAINER macro |
1128 | */ |
1129 | if (vnode_lookup(SHADOW_DIR_CONTAINER, flags: 0, vpp: &dvp, ctx: kernelctx) != 0) { |
1130 | error = ENOTSUP; |
1131 | goto out; |
1132 | } |
1133 | |
1134 | /* |
1135 | * Create the shadow stream directory. |
1136 | * 'dvp' below suggests the parent directory so |
1137 | * we only need to provide the leaf entry name |
1138 | */ |
1139 | MAKE_SHADOW_DIR_LEAF(rootvnode, tmpname); |
1140 | bzero(s: &cn, n: sizeof(cn)); |
1141 | cn.cn_nameiop = LOOKUP; |
1142 | cn.cn_flags = ISLASTCN; |
1143 | cn.cn_context = kernelctx; |
1144 | cn.cn_pnbuf = tmpname; |
1145 | cn.cn_pnlen = sizeof(tmpname); |
1146 | cn.cn_nameptr = cn.cn_pnbuf; |
1147 | cn.cn_namelen = (int)strlen(s: tmpname); |
1148 | |
1149 | /* |
1150 | * owned by root, only readable by root, hidden |
1151 | */ |
1152 | VATTR_INIT(&va); |
1153 | VATTR_SET(&va, va_uid, 0); |
1154 | VATTR_SET(&va, va_gid, 0); |
1155 | VATTR_SET(&va, va_mode, S_IRUSR | S_IXUSR); |
1156 | VATTR_SET(&va, va_type, VDIR); |
1157 | VATTR_SET(&va, va_flags, UF_HIDDEN); |
1158 | va.va_vaflags = VA_EXCLUSIVE; |
1159 | |
1160 | error = VNOP_MKDIR(dvp, &sdvp, &cn, &va, kernelctx); |
1161 | |
1162 | /* |
1163 | * There can be only one winner for an exclusive create. |
1164 | */ |
1165 | if (error == EEXIST) { |
1166 | /* loser has to look up directory */ |
1167 | error = VNOP_LOOKUP(dvp, &sdvp, &cn, kernelctx); |
1168 | if (error == 0) { |
1169 | /* Make sure its in fact a directory */ |
1170 | if (sdvp->v_type != VDIR) { |
1171 | goto baddir; |
1172 | } |
1173 | /* Obtain the fsid for /var/run directory */ |
1174 | VATTR_INIT(&va); |
1175 | VATTR_WANTED(&va, va_fsid); |
1176 | if (VNOP_GETATTR(dvp, &va, kernelctx) != 0 || |
1177 | !VATTR_IS_SUPPORTED(&va, va_fsid)) { |
1178 | goto baddir; |
1179 | } |
1180 | tmp_fsid = va.va_fsid; |
1181 | |
1182 | VATTR_INIT(&va); |
1183 | VATTR_WANTED(&va, va_uid); |
1184 | VATTR_WANTED(&va, va_gid); |
1185 | VATTR_WANTED(&va, va_mode); |
1186 | VATTR_WANTED(&va, va_fsid); |
1187 | VATTR_WANTED(&va, va_dirlinkcount); |
1188 | VATTR_WANTED(&va, va_acl); |
1189 | /* Provide defaults for attrs that may not be supported */ |
1190 | va.va_dirlinkcount = 1; |
1191 | va.va_acl = (kauth_acl_t) KAUTH_FILESEC_NONE; |
1192 | |
1193 | if (VNOP_GETATTR(sdvp, &va, kernelctx) != 0 || |
1194 | !VATTR_IS_SUPPORTED(&va, va_uid) || |
1195 | !VATTR_IS_SUPPORTED(&va, va_gid) || |
1196 | !VATTR_IS_SUPPORTED(&va, va_mode) || |
1197 | !VATTR_IS_SUPPORTED(&va, va_fsid)) { |
1198 | goto baddir; |
1199 | } |
1200 | /* |
1201 | * Make sure its what we want: |
1202 | * - owned by root |
1203 | * - not writable by anyone |
1204 | * - on same file system as /var/run |
1205 | * - not a hard-linked directory |
1206 | * - no ACLs (they might grant write access) |
1207 | */ |
1208 | if ((va.va_uid != 0) || (va.va_gid != 0) || |
1209 | (va.va_mode & (S_IWUSR | S_IRWXG | S_IRWXO)) || |
1210 | (va.va_fsid != tmp_fsid) || |
1211 | (va.va_dirlinkcount != 1) || |
1212 | (va.va_acl != (kauth_acl_t) KAUTH_FILESEC_NONE)) { |
1213 | goto baddir; |
1214 | } |
1215 | } |
1216 | } |
1217 | out: |
1218 | if (dvp) { |
1219 | vnode_put(vp: dvp); |
1220 | } |
1221 | if (error) { |
1222 | /* On errors, clean up shadow stream directory. */ |
1223 | if (sdvp) { |
1224 | vnode_put(vp: sdvp); |
1225 | sdvp = NULLVP; |
1226 | } |
1227 | } |
1228 | *sdvpp = sdvp; |
1229 | return error; |
1230 | |
1231 | baddir: |
1232 | /* This is not the dir we're looking for, move along */ |
1233 | ++shadow_sequence; /* try something else next time */ |
1234 | error = ENOTDIR; |
1235 | goto out; |
1236 | } |
1237 | #endif /* NAMEDSTREAMS */ |
1238 | |
1239 | |
1240 | #if CONFIG_APPLEDOUBLE |
1241 | /* |
1242 | * Default Implementation (Non-native EA) |
1243 | */ |
1244 | |
1245 | |
1246 | /* |
1247 | * Typical "._" AppleDouble Header File layout: |
1248 | * ------------------------------------------------------------ |
1249 | * MAGIC 0x00051607 |
1250 | * VERSION 0x00020000 |
1251 | * FILLER 0 |
1252 | * COUNT 2 |
1253 | * .-- AD ENTRY[0] Finder Info Entry (must be first) |
1254 | * .--+-- AD ENTRY[1] Resource Fork Entry (must be last) |
1255 | * | '-> FINDER INFO |
1256 | * | ///////////// Fixed Size Data (32 bytes) |
1257 | * | EXT ATTR HDR |
1258 | * | ///////////// |
1259 | * | ATTR ENTRY[0] --. |
1260 | * | ATTR ENTRY[1] --+--. |
1261 | * | ATTR ENTRY[2] --+--+--. |
1262 | * | ... | | | |
1263 | * | ATTR ENTRY[N] --+--+--+--. |
1264 | * | ATTR DATA 0 <-' | | | |
1265 | * | //////////// | | | |
1266 | * | ATTR DATA 1 <----' | | |
1267 | * | ///////////// | | |
1268 | * | ATTR DATA 2 <-------' | |
1269 | * | ///////////// | |
1270 | * | ... | |
1271 | * | ATTR DATA N <----------' |
1272 | * | ///////////// |
1273 | * | Attribute Free Space |
1274 | * | |
1275 | * '----> RESOURCE FORK |
1276 | * ///////////// Variable Sized Data |
1277 | * ///////////// |
1278 | * ///////////// |
1279 | * ///////////// |
1280 | * ///////////// |
1281 | * ///////////// |
1282 | * ... |
1283 | * ///////////// |
1284 | * |
1285 | * ------------------------------------------------------------ |
1286 | * |
1287 | * NOTE: The EXT ATTR HDR, ATTR ENTRY's and ATTR DATA's are |
1288 | * stored as part of the Finder Info. The length in the Finder |
1289 | * Info AppleDouble entry includes the length of the extended |
1290 | * attribute header, attribute entries, and attribute data. |
1291 | */ |
1292 | |
1293 | /* |
1294 | * On Disk Data Structures |
1295 | * |
1296 | * Note: Motorola 68K alignment and big-endian. |
1297 | * |
1298 | * See RFC 1740 for additional information about the AppleDouble file format. |
1299 | * |
1300 | */ |
1301 | |
1302 | #define ADH_MAGIC 0x00051607 |
1303 | #define ADH_VERSION 0x00020000 |
1304 | #define ADH_MACOSX "Mac OS X " |
1305 | |
1306 | /* |
1307 | * AppleDouble Entry ID's |
1308 | */ |
1309 | #define AD_DATA 1 /* Data fork */ |
1310 | #define AD_RESOURCE 2 /* Resource fork */ |
1311 | #define AD_REALNAME 3 /* File's name on home file system */ |
1312 | #define 4 /* Standard Mac comment */ |
1313 | #define AD_ICONBW 5 /* Mac black & white icon */ |
1314 | #define AD_ICONCOLOR 6 /* Mac color icon */ |
1315 | #define AD_UNUSED 7 /* Not used */ |
1316 | #define AD_FILEDATES 8 /* File dates; create, modify, etc */ |
1317 | #define AD_FINDERINFO 9 /* Mac Finder info & extended info */ |
1318 | #define AD_MACINFO 10 /* Mac file info, attributes, etc */ |
1319 | #define AD_PRODOSINFO 11 /* Pro-DOS file info, attrib., etc */ |
1320 | #define AD_MSDOSINFO 12 /* MS-DOS file info, attributes, etc */ |
1321 | #define AD_AFPNAME 13 /* Short name on AFP server */ |
1322 | #define AD_AFPINFO 14 /* AFP file info, attrib., etc */ |
1323 | #define AD_AFPDIRID 15 /* AFP directory ID */ |
1324 | #define AD_ATTRIBUTES AD_FINDERINFO |
1325 | |
1326 | |
1327 | #define ATTR_FILE_PREFIX "._" |
1328 | #define ATTR_HDR_MAGIC 0x41545452 /* 'ATTR' */ |
1329 | |
1330 | #define ATTR_BUF_SIZE 4096 /* default size of the attr file and how much we'll grow by */ |
1331 | |
1332 | /* Implementation Limits */ |
1333 | #define ATTR_MAX_SIZE AD_XATTR_MAXSIZE |
1334 | #define ATTR_MAX_HDR_SIZE 65536 |
1335 | /* |
1336 | * Note: ATTR_MAX_HDR_SIZE is the largest attribute header |
1337 | * size supported (including the attribute entries). All of |
1338 | * the attribute entries must reside within this limit. If |
1339 | * any of the attribute data crosses the ATTR_MAX_HDR_SIZE |
1340 | * boundry, then all of the attribute data I/O is performed |
1341 | * separately from the attribute header I/O. |
1342 | * |
1343 | * In particular, all of the attr_entry structures must lie |
1344 | * completely within the first ATTR_MAX_HDR_SIZE bytes of the |
1345 | * AppleDouble file. However, the attribute data (i.e. the |
1346 | * contents of the extended attributes) may extend beyond the |
1347 | * first ATTR_MAX_HDR_SIZE bytes of the file. Note that this |
1348 | * limit is to allow the implementation to optimize by reading |
1349 | * the first ATTR_MAX_HDR_SIZE bytes of the file. |
1350 | */ |
1351 | |
1352 | |
1353 | #define FINDERINFOSIZE 32 |
1354 | |
1355 | typedef struct apple_double_entry { |
1356 | u_int32_t type; /* entry type: see list, 0 invalid */ |
1357 | u_int32_t offset; /* entry data offset from the beginning of the file. */ |
1358 | u_int32_t length; /* entry data length in bytes. */ |
1359 | } __attribute__((aligned(2), packed)) apple_double_entry_t; |
1360 | |
1361 | |
1362 | typedef struct { |
1363 | u_int32_t ; /* == ADH_MAGIC */ |
1364 | u_int32_t ; /* format version: 2 = 0x00020000 */ |
1365 | u_int32_t [4]; |
1366 | u_int16_t ; /* number of entries which follow */ |
1367 | apple_double_entry_t [2]; /* 'finfo' & 'rsrc' always exist */ |
1368 | u_int8_t [FINDERINFOSIZE]; /* Must start with Finder Info (32 bytes) */ |
1369 | u_int8_t [2]; /* get better alignment inside attr_header */ |
1370 | } __attribute__((aligned(2), packed)) ; |
1371 | |
1372 | #define ADHDRSIZE (4+4+16+2) |
1373 | |
1374 | /* Entries are aligned on 4 byte boundaries */ |
1375 | typedef struct attr_entry { |
1376 | u_int32_t offset; /* file offset to data */ |
1377 | u_int32_t length; /* size of attribute data */ |
1378 | u_int16_t flags; |
1379 | u_int8_t namelen; |
1380 | u_int8_t name[1]; /* NULL-terminated UTF-8 name (up to 128 bytes max) */ |
1381 | } __attribute__((aligned(2), packed)) attr_entry_t; |
1382 | |
1383 | |
1384 | /* Header + entries must fit into 64K. Data may extend beyond 64K. */ |
1385 | typedef struct { |
1386 | apple_double_header_t ; |
1387 | u_int32_t ; /* == ATTR_HDR_MAGIC */ |
1388 | u_int32_t ; /* for debugging == file id of owning file */ |
1389 | u_int32_t ; /* file offset of end of attribute header + entries + data */ |
1390 | u_int32_t ; /* file offset to attribute data area */ |
1391 | u_int32_t ; /* length of attribute data area */ |
1392 | u_int32_t [3]; |
1393 | u_int16_t ; |
1394 | u_int16_t ; |
1395 | } __attribute__((aligned(2), packed)) ; |
1396 | |
1397 | |
1398 | /* Empty Resource Fork Header */ |
1399 | typedef struct { |
1400 | u_int32_t ; |
1401 | u_int32_t ; |
1402 | u_int32_t ; |
1403 | u_int32_t ; |
1404 | u_int8_t [112]; |
1405 | u_int8_t [128]; |
1406 | u_int32_t ; |
1407 | u_int32_t ; |
1408 | u_int32_t ; |
1409 | u_int32_t ; |
1410 | u_int32_t ; |
1411 | u_int16_t ; |
1412 | u_int8_t ; |
1413 | u_int8_t ; |
1414 | u_int16_t ; |
1415 | u_int16_t ; |
1416 | u_int16_t ; |
1417 | } __attribute__((aligned(2), packed)) ; |
1418 | |
1419 | #define RF_FIRST_RESOURCE 256 |
1420 | #define RF_NULL_MAP_LENGTH 30 |
1421 | #define RF_EMPTY_TAG "This resource fork intentionally left blank " |
1422 | |
1423 | /* Runtime information about the attribute file. */ |
1424 | typedef struct attr_info { |
1425 | vfs_context_t context; |
1426 | vnode_t filevp; |
1427 | size_t filesize; |
1428 | size_t iosize; |
1429 | u_int8_t *rawdata; |
1430 | size_t rawsize; /* minimum of filesize or ATTR_MAX_HDR_SIZE */ |
1431 | apple_double_header_t *filehdr; |
1432 | apple_double_entry_t *finderinfo; |
1433 | apple_double_entry_t *rsrcfork; |
1434 | attr_header_t *attrhdr; |
1435 | attr_entry_t *attr_entry; |
1436 | u_int8_t readonly; |
1437 | u_int8_t emptyfinderinfo; |
1438 | } attr_info_t; |
1439 | |
1440 | |
1441 | #define ATTR_SETTING 1 |
1442 | |
1443 | #define ATTR_ALIGN 3L /* Use four-byte alignment */ |
1444 | |
1445 | #define ATTR_ENTRY_LENGTH(namelen) \ |
1446 | ((sizeof(attr_entry_t) - 1 + (namelen) + ATTR_ALIGN) & (~ATTR_ALIGN)) |
1447 | |
1448 | #define ATTR_NEXT(ae) \ |
1449 | (attr_entry_t *)((u_int8_t *)(ae) + ATTR_ENTRY_LENGTH((ae)->namelen)) |
1450 | |
1451 | #define ATTR_VALID(ae, ai) \ |
1452 | ((&(ae)->namelen < ((ai).rawdata + (ai).rawsize)) && \ |
1453 | (u_int8_t *)ATTR_NEXT(ae) <= ((ai).rawdata + (ai).rawsize)) |
1454 | |
1455 | #define SWAP16(x) OSSwapBigToHostInt16((x)) |
1456 | #define SWAP32(x) OSSwapBigToHostInt32((x)) |
1457 | #define SWAP64(x) OSSwapBigToHostInt64((x)) |
1458 | |
1459 | |
1460 | static u_int32_t emptyfinfo[8] = {0}; |
1461 | |
1462 | |
1463 | /* |
1464 | * Local support routines |
1465 | */ |
1466 | static void close_xattrfile(vnode_t xvp, int fileflags, vfs_context_t context); |
1467 | |
1468 | static int open_xattrfile(vnode_t vp, int fileflags, vnode_t *xvpp, vfs_context_t context); |
1469 | |
1470 | static int create_xattrfile(vnode_t xvp, u_int32_t fileid, vfs_context_t context); |
1471 | |
1472 | static int remove_xattrfile(vnode_t xvp, vfs_context_t context); |
1473 | |
1474 | static int get_xattrinfo(vnode_t xvp, int setting, attr_info_t *ainfop, vfs_context_t context); |
1475 | |
1476 | static void rel_xattrinfo(attr_info_t *ainfop); |
1477 | |
1478 | static int write_xattrinfo(attr_info_t *ainfop); |
1479 | |
1480 | static void init_empty_resource_fork(rsrcfork_header_t * rsrcforkhdr); |
1481 | |
1482 | static int lock_xattrfile(vnode_t xvp, short locktype, vfs_context_t context); |
1483 | |
1484 | static int unlock_xattrfile(vnode_t xvp, vfs_context_t context); |
1485 | |
1486 | |
1487 | #if BYTE_ORDER == LITTLE_ENDIAN |
1488 | static void swap_adhdr(apple_double_header_t *adh); |
1489 | static void swap_attrhdr(attr_header_t *ah, attr_info_t* info); |
1490 | |
1491 | #else |
1492 | #define swap_adhdr(x) |
1493 | #define swap_attrhdr(x, y) |
1494 | #endif |
1495 | |
1496 | static int check_and_swap_attrhdr(attr_header_t *ah, attr_info_t* ainfop); |
1497 | static int shift_data_down(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context); |
1498 | static int shift_data_up(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context); |
1499 | |
1500 | |
1501 | /* |
1502 | * Sanity check and swap the header of an AppleDouble file. Assumes the buffer |
1503 | * is in big endian (as it would exist on disk). Verifies the following: |
1504 | * - magic field |
1505 | * - version field |
1506 | * - number of entries |
1507 | * - that each entry fits within the file size |
1508 | * |
1509 | * If the header is invalid, ENOATTR is returned. |
1510 | * |
1511 | * NOTE: Does not attempt to validate the extended attributes header that |
1512 | * may be embedded in the Finder Info entry. |
1513 | */ |
1514 | static int |
1515 | check_and_swap_apple_double_header(attr_info_t *ainfop) |
1516 | { |
1517 | int i, j; |
1518 | u_int32_t ; |
1519 | u_int32_t entry_end; |
1520 | size_t rawsize; |
1521 | apple_double_header_t *; |
1522 | |
1523 | rawsize = ainfop->rawsize; |
1524 | header = (apple_double_header_t *) ainfop->rawdata; |
1525 | |
1526 | /* Is the file big enough to contain an AppleDouble header? */ |
1527 | if (rawsize < offsetof(apple_double_header_t, entries)) { |
1528 | return ENOATTR; |
1529 | } |
1530 | |
1531 | /* Swap the AppleDouble header fields to native order */ |
1532 | header->magic = SWAP32(header->magic); |
1533 | header->version = SWAP32(header->version); |
1534 | header->numEntries = SWAP16(header->numEntries); |
1535 | |
1536 | /* Sanity check the AppleDouble header fields */ |
1537 | if (header->magic != ADH_MAGIC || |
1538 | header->version != ADH_VERSION || |
1539 | header->numEntries < 1 || |
1540 | header->numEntries > 15) { |
1541 | return ENOATTR; |
1542 | } |
1543 | |
1544 | /* Calculate where the entries[] array ends */ |
1545 | header_end = offsetof(apple_double_header_t, entries) + |
1546 | header->numEntries * sizeof(apple_double_entry_t); |
1547 | |
1548 | /* Is the file big enough to contain the AppleDouble entries? */ |
1549 | if (rawsize < header_end) { |
1550 | return ENOATTR; |
1551 | } |
1552 | |
1553 | /* Swap and sanity check each AppleDouble entry */ |
1554 | for (i = 0; i < header->numEntries; i++) { |
1555 | /* Swap the per-entry fields to native order */ |
1556 | header->entries[i].type = SWAP32(header->entries[i].type); |
1557 | header->entries[i].offset = SWAP32(header->entries[i].offset); |
1558 | header->entries[i].length = SWAP32(header->entries[i].length); |
1559 | |
1560 | entry_end = header->entries[i].offset + header->entries[i].length; |
1561 | |
1562 | /* |
1563 | * Does the entry's content start within the header itself, |
1564 | * did the addition overflow, or does the entry's content |
1565 | * extend past the end of the file? |
1566 | */ |
1567 | if (header->entries[i].offset < header_end || |
1568 | entry_end < header->entries[i].offset || |
1569 | entry_end > ainfop->filesize) { |
1570 | return ENOATTR; |
1571 | } |
1572 | |
1573 | /* |
1574 | * Does the current entry's content overlap with a previous |
1575 | * entry's content? |
1576 | * |
1577 | * Yes, this is O(N**2), and there are more efficient algorithms |
1578 | * for testing pairwise overlap of N ranges when N is large. |
1579 | * But we have already ensured N < 16, and N is almost always 2. |
1580 | * So there's no point in using a more complex algorithm. |
1581 | */ |
1582 | |
1583 | for (j = 0; j < i; j++) { |
1584 | if (entry_end > header->entries[j].offset && |
1585 | header->entries[j].offset + header->entries[j].length > header->entries[i].offset) { |
1586 | return ENOATTR; |
1587 | } |
1588 | } |
1589 | } |
1590 | |
1591 | return 0; |
1592 | } |
1593 | |
1594 | |
1595 | |
1596 | /* |
1597 | * Retrieve the data of an extended attribute. |
1598 | */ |
1599 | static int |
1600 | default_getxattr(vnode_t vp, const char *name, uio_t uio, size_t *size, |
1601 | __unused int options, vfs_context_t context) |
1602 | { |
1603 | vnode_t xvp = NULL; |
1604 | attr_info_t ainfo; |
1605 | attr_header_t *; |
1606 | attr_entry_t *entry; |
1607 | u_int8_t *attrdata; |
1608 | u_int32_t datalen; |
1609 | size_t namelen; |
1610 | int isrsrcfork; |
1611 | int fileflags; |
1612 | int i; |
1613 | int error; |
1614 | |
1615 | fileflags = FREAD; |
1616 | if (strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) == 0) { |
1617 | isrsrcfork = 1; |
1618 | /* |
1619 | * Open the file locked (shared) since the Carbon |
1620 | * File Manager may have the Apple Double file open |
1621 | * and could be changing the resource fork. |
1622 | */ |
1623 | fileflags |= O_SHLOCK; |
1624 | } else { |
1625 | isrsrcfork = 0; |
1626 | } |
1627 | |
1628 | if ((error = open_xattrfile(vp, fileflags, xvpp: &xvp, context))) { |
1629 | return error; |
1630 | } |
1631 | if ((error = get_xattrinfo(xvp, setting: 0, ainfop: &ainfo, context))) { |
1632 | close_xattrfile(xvp, fileflags, context); |
1633 | return error; |
1634 | } |
1635 | |
1636 | /* Get the Finder Info. */ |
1637 | if (strncmp(s1: name, XATTR_FINDERINFO_NAME, n: sizeof(XATTR_FINDERINFO_NAME)) == 0) { |
1638 | if (ainfo.finderinfo == NULL || ainfo.emptyfinderinfo) { |
1639 | error = ENOATTR; |
1640 | } else if (uio == NULL) { |
1641 | *size = FINDERINFOSIZE; |
1642 | error = 0; |
1643 | } else if (uio_offset(a_uio: uio) != 0) { |
1644 | error = EINVAL; |
1645 | } else if (uio_resid(a_uio: uio) < FINDERINFOSIZE) { |
1646 | error = ERANGE; |
1647 | } else { |
1648 | attrdata = (u_int8_t*)ainfo.filehdr + ainfo.finderinfo->offset; |
1649 | error = uiomove(cp: (caddr_t)attrdata, FINDERINFOSIZE, uio); |
1650 | } |
1651 | goto out; |
1652 | } |
1653 | |
1654 | /* Read the Resource Fork. */ |
1655 | if (isrsrcfork) { |
1656 | if (!vnode_isreg(vp)) { |
1657 | error = EPERM; |
1658 | } else if (ainfo.rsrcfork == NULL) { |
1659 | error = ENOATTR; |
1660 | } else if (uio == NULL) { |
1661 | *size = (size_t)ainfo.rsrcfork->length; |
1662 | } else { |
1663 | uio_setoffset(a_uio: uio, a_offset: uio_offset(a_uio: uio) + ainfo.rsrcfork->offset); |
1664 | error = VNOP_READ(vp: xvp, uio, ioflag: 0, ctx: context); |
1665 | if (error == 0) { |
1666 | uio_setoffset(a_uio: uio, a_offset: uio_offset(a_uio: uio) - ainfo.rsrcfork->offset); |
1667 | } |
1668 | } |
1669 | goto out; |
1670 | } |
1671 | |
1672 | if (ainfo.attrhdr == NULL || ainfo.attr_entry == NULL) { |
1673 | error = ENOATTR; |
1674 | goto out; |
1675 | } |
1676 | if (uio_offset(a_uio: uio) != 0) { |
1677 | error = EINVAL; |
1678 | goto out; |
1679 | } |
1680 | error = ENOATTR; |
1681 | namelen = strlen(s: name) + 1; |
1682 | header = ainfo.attrhdr; |
1683 | entry = ainfo.attr_entry; |
1684 | /* |
1685 | * Search for attribute name in the header. |
1686 | */ |
1687 | for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) { |
1688 | if (strncmp(s1: (const char *)entry->name, s2: name, n: namelen) == 0) { |
1689 | datalen = entry->length; |
1690 | if (uio == NULL) { |
1691 | *size = datalen; |
1692 | error = 0; |
1693 | break; |
1694 | } |
1695 | if (uio_resid(a_uio: uio) < (user_ssize_t)datalen) { |
1696 | error = ERANGE; |
1697 | break; |
1698 | } |
1699 | if (entry->offset + datalen < ATTR_MAX_HDR_SIZE) { |
1700 | attrdata = ((u_int8_t *)header + entry->offset); |
1701 | error = uiomove(cp: (caddr_t)attrdata, n: datalen, uio); |
1702 | } else { |
1703 | uio_setoffset(a_uio: uio, a_offset: entry->offset); |
1704 | error = VNOP_READ(vp: xvp, uio, ioflag: 0, ctx: context); |
1705 | uio_setoffset(a_uio: uio, a_offset: 0); |
1706 | } |
1707 | break; |
1708 | } |
1709 | entry = ATTR_NEXT(entry); |
1710 | } |
1711 | out: |
1712 | rel_xattrinfo(ainfop: &ainfo); |
1713 | close_xattrfile(xvp, fileflags, context); |
1714 | |
1715 | return error; |
1716 | } |
1717 | |
1718 | /* |
1719 | * Set the data of an extended attribute. |
1720 | */ |
1721 | static int __attribute__((noinline)) |
1722 | default_setxattr(vnode_t vp, const char *name, uio_t uio, int options, vfs_context_t context) |
1723 | { |
1724 | vnode_t xvp = NULL; |
1725 | attr_info_t ainfo; |
1726 | attr_header_t *; |
1727 | attr_entry_t *entry; |
1728 | attr_entry_t *lastentry; |
1729 | u_int8_t *attrdata; |
1730 | size_t datalen; |
1731 | size_t entrylen; |
1732 | size_t datafreespace; |
1733 | int namelen; |
1734 | int found = 0; |
1735 | int i; |
1736 | int splitdata; |
1737 | int fileflags; |
1738 | int error; |
1739 | char finfo[FINDERINFOSIZE]; |
1740 | |
1741 | datalen = uio_resid(a_uio: uio); |
1742 | if (datalen > XATTR_MAXSIZE) { |
1743 | return EINVAL; |
1744 | } |
1745 | namelen = (int)strlen(s: name) + 1; |
1746 | if (namelen > UINT8_MAX) { |
1747 | return EINVAL; |
1748 | } |
1749 | entrylen = ATTR_ENTRY_LENGTH(namelen); |
1750 | |
1751 | /* |
1752 | * By convention, Finder Info that is all zeroes is equivalent to not |
1753 | * having a Finder Info EA. So if we're trying to set the Finder Info |
1754 | * to all zeroes, then delete it instead. If a file didn't have an |
1755 | * AppleDouble file before, this prevents creating an AppleDouble file |
1756 | * with no useful content. |
1757 | * |
1758 | * If neither XATTR_CREATE nor XATTR_REPLACE were specified, we check |
1759 | * for all zeroes Finder Info before opening the AppleDouble file. |
1760 | * But if either of those options were specified, we need to open the |
1761 | * AppleDouble file to see whether there was already Finder Info (so we |
1762 | * can return an error if needed); this case is handled further below. |
1763 | * |
1764 | * NOTE: this copies the Finder Info data into the "finfo" local. |
1765 | */ |
1766 | if (strncmp(s1: name, XATTR_FINDERINFO_NAME, n: sizeof(XATTR_FINDERINFO_NAME)) == 0) { |
1767 | /* |
1768 | * TODO: check the XATTR_CREATE and XATTR_REPLACE flags. |
1769 | * That means we probably have to open_xattrfile and get_xattrinfo. |
1770 | */ |
1771 | if (uio_offset(a_uio: uio) != 0 || datalen != FINDERINFOSIZE) { |
1772 | return EINVAL; |
1773 | } |
1774 | error = uiomove(cp: finfo, n: (int)datalen, uio); |
1775 | if (error) { |
1776 | return error; |
1777 | } |
1778 | if ((options & (XATTR_CREATE | XATTR_REPLACE)) == 0 && |
1779 | bcmp(s1: finfo, s2: emptyfinfo, FINDERINFOSIZE) == 0) { |
1780 | error = default_removexattr(vp, name, options: 0, context); |
1781 | if (error == ENOATTR) { |
1782 | error = 0; |
1783 | } |
1784 | return error; |
1785 | } |
1786 | } |
1787 | |
1788 | start: |
1789 | /* |
1790 | * Open the file locked since setting an attribute |
1791 | * can change the layout of the Apple Double file. |
1792 | */ |
1793 | fileflags = FREAD | FWRITE | O_EXLOCK; |
1794 | if ((error = open_xattrfile(vp, O_CREAT | fileflags, xvpp: &xvp, context))) { |
1795 | return error; |
1796 | } |
1797 | if ((error = get_xattrinfo(xvp, ATTR_SETTING, ainfop: &ainfo, context))) { |
1798 | close_xattrfile(xvp, fileflags, context); |
1799 | return error; |
1800 | } |
1801 | |
1802 | /* Set the Finder Info. */ |
1803 | if (strncmp(s1: name, XATTR_FINDERINFO_NAME, n: sizeof(XATTR_FINDERINFO_NAME)) == 0) { |
1804 | if (ainfo.finderinfo && !ainfo.emptyfinderinfo) { |
1805 | /* attr exists and "create" was specified? */ |
1806 | if (options & XATTR_CREATE) { |
1807 | error = EEXIST; |
1808 | goto out; |
1809 | } |
1810 | } else { |
1811 | /* attr doesn't exists and "replace" was specified? */ |
1812 | if (options & XATTR_REPLACE) { |
1813 | error = ENOATTR; |
1814 | goto out; |
1815 | } |
1816 | } |
1817 | if (options != 0 && bcmp(s1: finfo, s2: emptyfinfo, FINDERINFOSIZE) == 0) { |
1818 | /* |
1819 | * Setting the Finder Info to all zeroes is equivalent to |
1820 | * removing it. Close the xattr file and let |
1821 | * default_removexattr do the work (including deleting |
1822 | * the xattr file if there are no other xattrs). |
1823 | * |
1824 | * Note that we have to handle the case where the |
1825 | * Finder Info was already all zeroes, and we ignore |
1826 | * ENOATTR. |
1827 | * |
1828 | * The common case where options == 0 was handled above. |
1829 | */ |
1830 | rel_xattrinfo(ainfop: &ainfo); |
1831 | close_xattrfile(xvp, fileflags, context); |
1832 | error = default_removexattr(vp, name, options: 0, context); |
1833 | if (error == ENOATTR) { |
1834 | error = 0; |
1835 | } |
1836 | return error; |
1837 | } |
1838 | if (ainfo.finderinfo) { |
1839 | attrdata = (u_int8_t *)ainfo.filehdr + ainfo.finderinfo->offset; |
1840 | bcopy(src: finfo, dst: attrdata, n: datalen); |
1841 | ainfo.iosize = sizeof(attr_header_t); |
1842 | error = write_xattrinfo(ainfop: &ainfo); |
1843 | goto out; |
1844 | } |
1845 | error = ENOATTR; |
1846 | goto out; |
1847 | } |
1848 | |
1849 | /* Write the Resource Fork. */ |
1850 | if (strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) == 0) { |
1851 | off_t endoffset; |
1852 | |
1853 | if (!vnode_isreg(vp)) { |
1854 | error = EPERM; |
1855 | goto out; |
1856 | } |
1857 | /* Make sure we have a rsrc fork pointer.. */ |
1858 | if (ainfo.rsrcfork == NULL) { |
1859 | error = ENOATTR; |
1860 | goto out; |
1861 | } |
1862 | if (ainfo.rsrcfork) { |
1863 | if (ainfo.rsrcfork->length != 0) { |
1864 | if (options & XATTR_CREATE) { |
1865 | /* attr exists, and create specified ? */ |
1866 | error = EEXIST; |
1867 | goto out; |
1868 | } |
1869 | } else { |
1870 | /* Zero length AD rsrc fork */ |
1871 | if (options & XATTR_REPLACE) { |
1872 | /* attr doesn't exist (0-length), but replace specified ? */ |
1873 | error = ENOATTR; |
1874 | goto out; |
1875 | } |
1876 | } |
1877 | } else { |
1878 | /* We can't do much if we somehow didn't get an AD rsrc pointer */ |
1879 | error = ENOATTR; |
1880 | goto out; |
1881 | } |
1882 | |
1883 | endoffset = uio_resid(a_uio: uio) + uio_offset(a_uio: uio); /* new size */ |
1884 | if (endoffset > UINT32_MAX || endoffset < 0) { |
1885 | error = EINVAL; |
1886 | goto out; |
1887 | } |
1888 | uio_setoffset(a_uio: uio, a_offset: uio_offset(a_uio: uio) + ainfo.rsrcfork->offset); |
1889 | error = VNOP_WRITE(vp: xvp, uio, ioflag: 0, ctx: context); |
1890 | if (error) { |
1891 | goto out; |
1892 | } |
1893 | uio_setoffset(a_uio: uio, a_offset: uio_offset(a_uio: uio) - ainfo.rsrcfork->offset); |
1894 | if (endoffset > ainfo.rsrcfork->length) { |
1895 | ainfo.rsrcfork->length = (u_int32_t)endoffset; |
1896 | ainfo.iosize = sizeof(attr_header_t); |
1897 | error = write_xattrinfo(ainfop: &ainfo); |
1898 | goto out; |
1899 | } |
1900 | goto out; |
1901 | } |
1902 | |
1903 | if (datalen > ATTR_MAX_SIZE) { |
1904 | return E2BIG; /* EINVAL instead ? */ |
1905 | } |
1906 | |
1907 | if (ainfo.attrhdr == NULL) { |
1908 | error = ENOATTR; |
1909 | goto out; |
1910 | } |
1911 | header = ainfo.attrhdr; |
1912 | entry = ainfo.attr_entry; |
1913 | |
1914 | /* Check if data area crosses the maximum header size. */ |
1915 | if ((header->data_start + header->data_length + entrylen + datalen) > ATTR_MAX_HDR_SIZE) { |
1916 | splitdata = 1; /* do data I/O separately */ |
1917 | } else { |
1918 | splitdata = 0; |
1919 | } |
1920 | |
1921 | /* |
1922 | * See if attribute already exists. |
1923 | */ |
1924 | for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) { |
1925 | if (strncmp(s1: (const char *)entry->name, s2: name, n: namelen) == 0) { |
1926 | found = 1; |
1927 | break; |
1928 | } |
1929 | entry = ATTR_NEXT(entry); |
1930 | } |
1931 | |
1932 | if (found) { |
1933 | if (options & XATTR_CREATE) { |
1934 | error = EEXIST; |
1935 | goto out; |
1936 | } |
1937 | if (datalen == entry->length) { |
1938 | if (splitdata) { |
1939 | uio_setoffset(a_uio: uio, a_offset: entry->offset); |
1940 | error = VNOP_WRITE(vp: xvp, uio, ioflag: 0, ctx: context); |
1941 | uio_setoffset(a_uio: uio, a_offset: 0); |
1942 | if (error) { |
1943 | printf("setxattr: VNOP_WRITE error %d\n" , error); |
1944 | } |
1945 | } else { |
1946 | attrdata = (u_int8_t *)header + entry->offset; |
1947 | error = uiomove(cp: (caddr_t)attrdata, n: (int)datalen, uio); |
1948 | if (error) { |
1949 | goto out; |
1950 | } |
1951 | ainfo.iosize = ainfo.attrhdr->data_start + ainfo.attrhdr->data_length; |
1952 | error = write_xattrinfo(ainfop: &ainfo); |
1953 | if (error) { |
1954 | printf("setxattr: write_xattrinfo error %d\n" , error); |
1955 | } |
1956 | } |
1957 | goto out; |
1958 | } else { |
1959 | /* |
1960 | * Brute force approach - just remove old entry and set new entry. |
1961 | */ |
1962 | found = 0; |
1963 | rel_xattrinfo(ainfop: &ainfo); |
1964 | close_xattrfile(xvp, fileflags, context); |
1965 | error = default_removexattr(vp, name, options, context); |
1966 | if (error) { |
1967 | return error; |
1968 | } |
1969 | /* Clear XATTR_REPLACE option since we just removed the attribute. */ |
1970 | options &= ~XATTR_REPLACE; |
1971 | goto start; /* start over */ |
1972 | } |
1973 | } else { |
1974 | if (!ATTR_VALID(entry, ainfo)) { |
1975 | error = ENOSPC; |
1976 | goto out; |
1977 | } |
1978 | } |
1979 | |
1980 | if (options & XATTR_REPLACE) { |
1981 | error = ENOATTR; /* nothing there to replace */ |
1982 | goto out; |
1983 | } |
1984 | /* Check if header size limit has been reached. */ |
1985 | if ((header->data_start + entrylen) > ATTR_MAX_HDR_SIZE) { |
1986 | error = ENOSPC; |
1987 | goto out; |
1988 | } |
1989 | |
1990 | datafreespace = header->total_size - (header->data_start + header->data_length); |
1991 | |
1992 | /* Check if we need more space. */ |
1993 | if ((datalen + entrylen) > datafreespace) { |
1994 | size_t growsize; |
1995 | |
1996 | growsize = roundup((datalen + entrylen) - datafreespace, ATTR_BUF_SIZE); |
1997 | |
1998 | /* Clip roundup size when we can still fit in ATTR_MAX_HDR_SIZE. */ |
1999 | if (!splitdata && (header->total_size + growsize) > ATTR_MAX_HDR_SIZE) { |
2000 | growsize = ATTR_MAX_HDR_SIZE - header->total_size; |
2001 | } |
2002 | |
2003 | ainfo.filesize += growsize; |
2004 | error = vnode_setsize(xvp, ainfo.filesize, ioflag: 0, context); |
2005 | if (error) { |
2006 | printf("setxattr: VNOP_TRUNCATE error %d\n" , error); |
2007 | } |
2008 | if (error) { |
2009 | goto out; |
2010 | } |
2011 | |
2012 | /* |
2013 | * Move the resource fork out of the way. |
2014 | */ |
2015 | if (ainfo.rsrcfork) { |
2016 | if (ainfo.rsrcfork->length != 0) { |
2017 | shift_data_down(xvp, |
2018 | start: ainfo.rsrcfork->offset, |
2019 | len: ainfo.rsrcfork->length, |
2020 | delta: growsize, context); |
2021 | } |
2022 | ainfo.rsrcfork->offset += growsize; |
2023 | } |
2024 | ainfo.finderinfo->length += growsize; |
2025 | header->total_size += growsize; |
2026 | } |
2027 | |
2028 | /* Make space for a new entry. */ |
2029 | if (splitdata) { |
2030 | shift_data_down(xvp, |
2031 | start: header->data_start, |
2032 | len: header->data_length, |
2033 | delta: entrylen, context); |
2034 | } else { |
2035 | bcopy(src: (u_int8_t *)header + header->data_start, |
2036 | dst: (u_int8_t *)header + header->data_start + entrylen, |
2037 | n: header->data_length); |
2038 | } |
2039 | header->data_start += entrylen; |
2040 | |
2041 | /* Fix up entry data offsets. */ |
2042 | lastentry = entry; |
2043 | for (entry = ainfo.attr_entry; entry != lastentry && ATTR_VALID(entry, ainfo); entry = ATTR_NEXT(entry)) { |
2044 | entry->offset += entrylen; |
2045 | } |
2046 | |
2047 | /* |
2048 | * If the attribute data area is entirely within |
2049 | * the header buffer, then just update the buffer, |
2050 | * otherwise we'll write it separately to the file. |
2051 | */ |
2052 | if (splitdata) { |
2053 | off_t offset; |
2054 | |
2055 | /* Write new attribute data after the end of existing data. */ |
2056 | offset = header->data_start + header->data_length; |
2057 | uio_setoffset(a_uio: uio, a_offset: offset); |
2058 | error = VNOP_WRITE(vp: xvp, uio, ioflag: 0, ctx: context); |
2059 | uio_setoffset(a_uio: uio, a_offset: 0); |
2060 | if (error) { |
2061 | printf("setxattr: VNOP_WRITE error %d\n" , error); |
2062 | goto out; |
2063 | } |
2064 | } else { |
2065 | attrdata = (u_int8_t *)header + header->data_start + header->data_length; |
2066 | |
2067 | error = uiomove(cp: (caddr_t)attrdata, n: (int)datalen, uio); |
2068 | if (error) { |
2069 | printf("setxattr: uiomove error %d\n" , error); |
2070 | goto out; |
2071 | } |
2072 | } |
2073 | |
2074 | /* Create the attribute entry. */ |
2075 | lastentry->length = (u_int32_t)datalen; |
2076 | lastentry->offset = header->data_start + header->data_length; |
2077 | lastentry->namelen = (u_int8_t)namelen; |
2078 | lastentry->flags = 0; |
2079 | bcopy(src: name, dst: &lastentry->name[0], n: namelen); |
2080 | |
2081 | /* Update the attributes header. */ |
2082 | header->num_attrs++; |
2083 | header->data_length += datalen; |
2084 | |
2085 | if (splitdata) { |
2086 | /* Only write the entries, since the data was written separately. */ |
2087 | ainfo.iosize = ainfo.attrhdr->data_start; |
2088 | } else { |
2089 | /* The entry and data are both in the header; write them together. */ |
2090 | ainfo.iosize = ainfo.attrhdr->data_start + ainfo.attrhdr->data_length; |
2091 | } |
2092 | error = write_xattrinfo(ainfop: &ainfo); |
2093 | if (error) { |
2094 | printf("setxattr: write_xattrinfo error %d\n" , error); |
2095 | } |
2096 | |
2097 | out: |
2098 | rel_xattrinfo(ainfop: &ainfo); |
2099 | close_xattrfile(xvp, fileflags, context); |
2100 | |
2101 | /* Touch the change time if we changed an attribute. */ |
2102 | if (error == 0) { |
2103 | struct vnode_attr va; |
2104 | |
2105 | /* Re-write the mtime to cause a ctime change. */ |
2106 | VATTR_INIT(&va); |
2107 | VATTR_WANTED(&va, va_modify_time); |
2108 | if (vnode_getattr(vp, vap: &va, ctx: context) == 0) { |
2109 | VATTR_INIT(&va); |
2110 | VATTR_SET(&va, va_modify_time, va.va_modify_time); |
2111 | (void) vnode_setattr(vp, vap: &va, ctx: context); |
2112 | } |
2113 | } |
2114 | |
2115 | post_event_if_success(vp, error, NOTE_ATTRIB); |
2116 | |
2117 | return error; |
2118 | } |
2119 | |
2120 | |
2121 | /* |
2122 | * Remove an extended attribute. |
2123 | */ |
2124 | static int |
2125 | default_removexattr(vnode_t vp, const char *name, __unused int options, vfs_context_t context) |
2126 | { |
2127 | vnode_t xvp = NULL; |
2128 | attr_info_t ainfo; |
2129 | attr_header_t *; |
2130 | attr_entry_t *entry; |
2131 | attr_entry_t *oldslot; |
2132 | u_int8_t *attrdata; |
2133 | u_int32_t dataoff; |
2134 | size_t datalen; |
2135 | size_t entrylen; |
2136 | int namelen; |
2137 | int found = 0, lastone = 0; |
2138 | int i; |
2139 | int splitdata; |
2140 | int attrcount = 0; |
2141 | int isrsrcfork; |
2142 | int fileflags; |
2143 | int error; |
2144 | |
2145 | fileflags = FREAD | FWRITE; |
2146 | if (strncmp(s1: name, XATTR_RESOURCEFORK_NAME, n: sizeof(XATTR_RESOURCEFORK_NAME)) == 0) { |
2147 | isrsrcfork = 1; |
2148 | /* |
2149 | * Open the file locked (exclusive) since the Carbon |
2150 | * File Manager may have the Apple Double file open |
2151 | * and could be changing the resource fork. |
2152 | */ |
2153 | fileflags |= O_EXLOCK; |
2154 | } else { |
2155 | isrsrcfork = 0; |
2156 | } |
2157 | |
2158 | if ((error = open_xattrfile(vp, fileflags, xvpp: &xvp, context))) { |
2159 | return error; |
2160 | } |
2161 | if ((error = get_xattrinfo(xvp, setting: 0, ainfop: &ainfo, context))) { |
2162 | close_xattrfile(xvp, fileflags, context); |
2163 | return error; |
2164 | } |
2165 | if (ainfo.attrhdr) { |
2166 | attrcount += ainfo.attrhdr->num_attrs; |
2167 | } |
2168 | if (ainfo.rsrcfork) { |
2169 | ++attrcount; |
2170 | } |
2171 | if (ainfo.finderinfo && !ainfo.emptyfinderinfo) { |
2172 | ++attrcount; |
2173 | } |
2174 | |
2175 | /* Clear the Finder Info. */ |
2176 | if (strncmp(s1: name, XATTR_FINDERINFO_NAME, n: sizeof(XATTR_FINDERINFO_NAME)) == 0) { |
2177 | if (ainfo.finderinfo == NULL || ainfo.emptyfinderinfo) { |
2178 | error = ENOATTR; |
2179 | goto out; |
2180 | } |
2181 | /* On removal of last attribute the ._ file is removed. */ |
2182 | if (--attrcount == 0) { |
2183 | goto out; |
2184 | } |
2185 | attrdata = (u_int8_t *)ainfo.filehdr + ainfo.finderinfo->offset; |
2186 | bzero(s: (caddr_t)attrdata, FINDERINFOSIZE); |
2187 | error = write_xattrinfo(ainfop: &ainfo); |
2188 | goto out; |
2189 | } |
2190 | |
2191 | /* Clear the Resource Fork. */ |
2192 | if (isrsrcfork) { |
2193 | if (!vnode_isreg(vp)) { |
2194 | error = EPERM; |
2195 | goto out; |
2196 | } |
2197 | if (ainfo.rsrcfork == NULL || ainfo.rsrcfork->length == 0) { |
2198 | error = ENOATTR; |
2199 | goto out; |
2200 | } |
2201 | /* On removal of last attribute the ._ file is removed. */ |
2202 | if (--attrcount == 0) { |
2203 | goto out; |
2204 | } |
2205 | /* |
2206 | * XXX |
2207 | * If the resource fork isn't the last AppleDouble |
2208 | * entry then the space needs to be reclaimed by |
2209 | * shifting the entries after the resource fork. |
2210 | */ |
2211 | if ((ainfo.rsrcfork->offset + ainfo.rsrcfork->length) == ainfo.filesize) { |
2212 | ainfo.filesize -= ainfo.rsrcfork->length; |
2213 | error = vnode_setsize(xvp, ainfo.filesize, ioflag: 0, context); |
2214 | } |
2215 | if (error == 0) { |
2216 | ainfo.rsrcfork->length = 0; |
2217 | ainfo.iosize = sizeof(attr_header_t); |
2218 | error = write_xattrinfo(ainfop: &ainfo); |
2219 | } |
2220 | goto out; |
2221 | } |
2222 | |
2223 | if (ainfo.attrhdr == NULL) { |
2224 | error = ENOATTR; |
2225 | goto out; |
2226 | } |
2227 | namelen = (int)strlen(s: name) + 1; |
2228 | header = ainfo.attrhdr; |
2229 | entry = ainfo.attr_entry; |
2230 | |
2231 | /* |
2232 | * See if this attribute exists. |
2233 | */ |
2234 | for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) { |
2235 | if (strncmp(s1: (const char *)entry->name, s2: name, n: namelen) == 0) { |
2236 | found = 1; |
2237 | if ((i + 1) == header->num_attrs) { |
2238 | lastone = 1; |
2239 | } |
2240 | break; |
2241 | } |
2242 | entry = ATTR_NEXT(entry); |
2243 | } |
2244 | if (!found) { |
2245 | error = ENOATTR; |
2246 | goto out; |
2247 | } |
2248 | /* On removal of last attribute the ._ file is removed. */ |
2249 | if (--attrcount == 0) { |
2250 | goto out; |
2251 | } |
2252 | |
2253 | datalen = entry->length; |
2254 | dataoff = entry->offset; |
2255 | entrylen = ATTR_ENTRY_LENGTH(namelen); |
2256 | if ((header->data_start + header->data_length) > ATTR_MAX_HDR_SIZE) { |
2257 | splitdata = 1; |
2258 | } else { |
2259 | splitdata = 0; |
2260 | } |
2261 | |
2262 | /* Remove the attribute entry. */ |
2263 | if (!lastone) { |
2264 | bcopy(src: (u_int8_t *)entry + entrylen, dst: (u_int8_t *)entry, |
2265 | n: ((size_t)header + header->data_start) - ((size_t)entry + entrylen)); |
2266 | } |
2267 | |
2268 | /* Adjust the attribute data. */ |
2269 | if (splitdata) { |
2270 | shift_data_up(xvp, |
2271 | start: header->data_start, |
2272 | len: dataoff - header->data_start, |
2273 | delta: entrylen, |
2274 | context); |
2275 | if (!lastone) { |
2276 | shift_data_up(xvp, |
2277 | start: dataoff + datalen, |
2278 | len: (header->data_start + header->data_length) - (dataoff + datalen), |
2279 | delta: datalen + entrylen, |
2280 | context); |
2281 | } |
2282 | /* XXX write zeros to freed space ? */ |
2283 | ainfo.iosize = ainfo.attrhdr->data_start - entrylen; |
2284 | } else { |
2285 | bcopy(src: (u_int8_t *)header + header->data_start, |
2286 | dst: (u_int8_t *)header + header->data_start - entrylen, |
2287 | n: dataoff - header->data_start); |
2288 | if (!lastone) { |
2289 | bcopy(src: (u_int8_t *)header + dataoff + datalen, |
2290 | dst: (u_int8_t *)header + dataoff - entrylen, |
2291 | n: (header->data_start + header->data_length) - (dataoff + datalen)); |
2292 | } |
2293 | bzero(s: ((u_int8_t *)header + header->data_start + header->data_length) - (datalen + entrylen), n: (datalen + entrylen)); |
2294 | ainfo.iosize = ainfo.attrhdr->data_start + ainfo.attrhdr->data_length; |
2295 | } |
2296 | |
2297 | /* Adjust the header values and entry offsets. */ |
2298 | header->num_attrs--; |
2299 | header->data_start -= entrylen; |
2300 | header->data_length -= datalen; |
2301 | |
2302 | oldslot = entry; |
2303 | entry = ainfo.attr_entry; |
2304 | for (i = 0; i < header->num_attrs && ATTR_VALID(entry, ainfo); i++) { |
2305 | entry->offset -= entrylen; |
2306 | if (entry >= oldslot) { |
2307 | entry->offset -= datalen; |
2308 | } |
2309 | entry = ATTR_NEXT(entry); |
2310 | } |
2311 | error = write_xattrinfo(ainfop: &ainfo); |
2312 | if (error) { |
2313 | printf("removexattr: write_xattrinfo error %d\n" , error); |
2314 | } |
2315 | out: |
2316 | rel_xattrinfo(ainfop: &ainfo); |
2317 | |
2318 | /* When there are no more attributes remove the ._ file. */ |
2319 | if (attrcount == 0) { |
2320 | if (fileflags & O_EXLOCK) { |
2321 | (void) unlock_xattrfile(xvp, context); |
2322 | } |
2323 | VNOP_CLOSE(xvp, fileflags, context); |
2324 | vnode_rele(vp: xvp); |
2325 | error = remove_xattrfile(xvp, context); |
2326 | vnode_put(vp: xvp); |
2327 | } else { |
2328 | close_xattrfile(xvp, fileflags, context); |
2329 | } |
2330 | /* Touch the change time if we changed an attribute. */ |
2331 | if (error == 0) { |
2332 | struct vnode_attr va; |
2333 | |
2334 | /* Re-write the mtime to cause a ctime change. */ |
2335 | VATTR_INIT(&va); |
2336 | VATTR_WANTED(&va, va_modify_time); |
2337 | if (vnode_getattr(vp, vap: &va, ctx: context) == 0) { |
2338 | VATTR_INIT(&va); |
2339 | VATTR_SET(&va, va_modify_time, va.va_modify_time); |
2340 | (void) vnode_setattr(vp, vap: &va, ctx: context); |
2341 | } |
2342 | } |
2343 | |
2344 | post_event_if_success(vp, error, NOTE_ATTRIB); |
2345 | |
2346 | return error; |
2347 | } |
2348 | |
2349 | |
2350 | /* |
2351 | * Retrieve the list of extended attribute names. |
2352 | */ |
2353 | static int |
2354 | default_listxattr(vnode_t vp, uio_t uio, size_t *size, __unused int options, vfs_context_t context) |
2355 | { |
2356 | vnode_t xvp = NULL; |
2357 | attr_info_t ainfo; |
2358 | attr_entry_t *entry; |
2359 | int i, count; |
2360 | int error; |
2361 | |
2362 | /* |
2363 | * We do not zero "*size" here as we don't want to stomp a size set when |
2364 | * VNOP_LISTXATTR processed any native EAs. That size is initially zeroed by the |
2365 | * system call layer, up in listxattr or flistxattr. |
2366 | */ |
2367 | |
2368 | if ((error = open_xattrfile(vp, FREAD, xvpp: &xvp, context))) { |
2369 | if (error == ENOATTR) { |
2370 | error = 0; |
2371 | } |
2372 | return error; |
2373 | } |
2374 | if ((error = get_xattrinfo(xvp, setting: 0, ainfop: &ainfo, context))) { |
2375 | if (error == ENOATTR) { |
2376 | error = 0; |
2377 | } |
2378 | close_xattrfile(xvp, FREAD, context); |
2379 | return error; |
2380 | } |
2381 | |
2382 | /* Check for Finder Info. */ |
2383 | if (ainfo.finderinfo && !ainfo.emptyfinderinfo) { |
2384 | if (uio == NULL) { |
2385 | *size += sizeof(XATTR_FINDERINFO_NAME); |
2386 | } else if (uio_resid(a_uio: uio) < (user_ssize_t)sizeof(XATTR_FINDERINFO_NAME)) { |
2387 | error = ERANGE; |
2388 | goto out; |
2389 | } else { |
2390 | error = uiomove(XATTR_FINDERINFO_NAME, |
2391 | n: sizeof(XATTR_FINDERINFO_NAME), uio); |
2392 | if (error) { |
2393 | error = ERANGE; |
2394 | goto out; |
2395 | } |
2396 | } |
2397 | } |
2398 | |
2399 | /* Check for Resource Fork. */ |
2400 | if (vnode_isreg(vp) && ainfo.rsrcfork) { |
2401 | if (uio == NULL) { |
2402 | *size += sizeof(XATTR_RESOURCEFORK_NAME); |
2403 | } else if (uio_resid(a_uio: uio) < (user_ssize_t)sizeof(XATTR_RESOURCEFORK_NAME)) { |
2404 | error = ERANGE; |
2405 | goto out; |
2406 | } else { |
2407 | error = uiomove(XATTR_RESOURCEFORK_NAME, |
2408 | n: sizeof(XATTR_RESOURCEFORK_NAME), uio); |
2409 | if (error) { |
2410 | error = ERANGE; |
2411 | goto out; |
2412 | } |
2413 | } |
2414 | } |
2415 | |
2416 | /* Check for attributes. */ |
2417 | if (ainfo.attrhdr) { |
2418 | count = ainfo.attrhdr->num_attrs; |
2419 | for (i = 0, entry = ainfo.attr_entry; i < count && ATTR_VALID(entry, ainfo); i++) { |
2420 | if (xattr_protected(attrname: (const char *)entry->name) || |
2421 | ((entry->namelen < XATTR_MAXNAMELEN) && |
2422 | (entry->name[entry->namelen] == '\0') && |
2423 | (xattr_validatename(name: (const char *)entry->name) != 0))) { |
2424 | entry = ATTR_NEXT(entry); |
2425 | continue; |
2426 | } |
2427 | if (uio == NULL) { |
2428 | *size += entry->namelen; |
2429 | entry = ATTR_NEXT(entry); |
2430 | continue; |
2431 | } |
2432 | if (uio_resid(a_uio: uio) < entry->namelen) { |
2433 | error = ERANGE; |
2434 | break; |
2435 | } |
2436 | error = uiomove(cp: (caddr_t) entry->name, n: entry->namelen, uio); |
2437 | if (error) { |
2438 | if (error != EFAULT) { |
2439 | error = ERANGE; |
2440 | } |
2441 | break; |
2442 | } |
2443 | entry = ATTR_NEXT(entry); |
2444 | } |
2445 | } |
2446 | out: |
2447 | rel_xattrinfo(ainfop: &ainfo); |
2448 | close_xattrfile(xvp, FREAD, context); |
2449 | |
2450 | return error; |
2451 | } |
2452 | |
2453 | static int |
2454 | open_xattrfile(vnode_t vp, int fileflags, vnode_t *xvpp, vfs_context_t context) |
2455 | { |
2456 | vnode_t xvp = NULLVP; |
2457 | vnode_t dvp = NULLVP; |
2458 | struct vnode_attr *va = NULL; |
2459 | struct nameidata *nd = NULL; |
2460 | char smallname[64]; |
2461 | char *filename = NULL; |
2462 | const char *basename = NULL; |
2463 | size_t alloc_len = 0; |
2464 | size_t copy_len; |
2465 | errno_t error; |
2466 | int opened = 0; |
2467 | int referenced = 0; |
2468 | |
2469 | if (vnode_isvroot(vp) && vnode_isdir(vp)) { |
2470 | /* |
2471 | * For the root directory use "._." to hold the attributes. |
2472 | */ |
2473 | filename = &smallname[0]; |
2474 | snprintf(filename, count: sizeof(smallname), "%s%s" , ATTR_FILE_PREFIX, "." ); |
2475 | dvp = vp; /* the "._." file resides in the root dir */ |
2476 | goto lookup; |
2477 | } |
2478 | if ((dvp = vnode_getparent(vp)) == NULLVP) { |
2479 | error = ENOATTR; |
2480 | goto out; |
2481 | } |
2482 | if ((basename = vnode_getname(vp)) == NULL) { |
2483 | error = ENOATTR; |
2484 | goto out; |
2485 | } |
2486 | |
2487 | /* "._" Attribute files cannot have attributes */ |
2488 | if (vp->v_type == VREG && strlen(s: basename) > 2 && |
2489 | basename[0] == '.' && basename[1] == '_') { |
2490 | error = EPERM; |
2491 | goto out; |
2492 | } |
2493 | filename = &smallname[0]; |
2494 | alloc_len = snprintf(filename, count: sizeof(smallname), "%s%s" , ATTR_FILE_PREFIX, basename); |
2495 | if (alloc_len >= sizeof(smallname)) { |
2496 | alloc_len++; /* snprintf result doesn't include '\0' */ |
2497 | filename = kalloc_data(alloc_len, Z_WAITOK); |
2498 | copy_len = snprintf(filename, count: alloc_len, "%s%s" , ATTR_FILE_PREFIX, basename); |
2499 | } |
2500 | /* |
2501 | * Note that the lookup here does not authorize. Since we are looking |
2502 | * up in the same directory that we already have the file vnode in, |
2503 | * we must have been given the file vnode legitimately. Read/write |
2504 | * access has already been authorized in layers above for calls from |
2505 | * userspace, and the authorization code using this path to read |
2506 | * file security from the EA must always get access |
2507 | */ |
2508 | lookup: |
2509 | nd = kalloc_type(struct nameidata, Z_WAITOK); |
2510 | NDINIT(nd, LOOKUP, OP_OPEN, LOCKLEAF | NOFOLLOW | USEDVP | DONOTAUTH, |
2511 | UIO_SYSSPACE, CAST_USER_ADDR_T(filename), context); |
2512 | nd->ni_dvp = dvp; |
2513 | |
2514 | va = kalloc_type(struct vnode_attr, Z_WAITOK); |
2515 | |
2516 | if (fileflags & O_CREAT) { |
2517 | nd->ni_cnd.cn_nameiop = CREATE; |
2518 | #if CONFIG_TRIGGERS |
2519 | nd->ni_op = OP_LINK; |
2520 | #endif |
2521 | if (dvp != vp) { |
2522 | nd->ni_cnd.cn_flags |= LOCKPARENT; |
2523 | } |
2524 | if ((error = namei(ndp: nd))) { |
2525 | nd->ni_dvp = NULLVP; |
2526 | error = ENOATTR; |
2527 | goto out; |
2528 | } |
2529 | if ((xvp = nd->ni_vp) == NULLVP) { |
2530 | uid_t uid; |
2531 | gid_t gid; |
2532 | mode_t umode; |
2533 | |
2534 | /* |
2535 | * Pick up uid/gid/mode from target file. |
2536 | */ |
2537 | VATTR_INIT(va); |
2538 | VATTR_WANTED(va, va_uid); |
2539 | VATTR_WANTED(va, va_gid); |
2540 | VATTR_WANTED(va, va_mode); |
2541 | if (VNOP_GETATTR(vp, va, context) == 0 && |
2542 | VATTR_IS_SUPPORTED(va, va_uid) && |
2543 | VATTR_IS_SUPPORTED(va, va_gid) && |
2544 | VATTR_IS_SUPPORTED(va, va_mode)) { |
2545 | uid = va->va_uid; |
2546 | gid = va->va_gid; |
2547 | umode = va->va_mode & (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); |
2548 | } else { /* fallback values */ |
2549 | uid = KAUTH_UID_NONE; |
2550 | gid = KAUTH_GID_NONE; |
2551 | umode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; |
2552 | } |
2553 | |
2554 | VATTR_INIT(va); |
2555 | VATTR_SET(va, va_type, VREG); |
2556 | VATTR_SET(va, va_mode, umode); |
2557 | if (uid != KAUTH_UID_NONE) { |
2558 | VATTR_SET(va, va_uid, uid); |
2559 | } |
2560 | if (gid != KAUTH_GID_NONE) { |
2561 | VATTR_SET(va, va_gid, gid); |
2562 | } |
2563 | |
2564 | error = vn_create(dvp, &nd->ni_vp, nd, va, |
2565 | VN_CREATE_NOAUTH | VN_CREATE_NOINHERIT | VN_CREATE_NOLABEL, |
2566 | 0, NULL, |
2567 | context); |
2568 | if (error) { |
2569 | error = ENOATTR; |
2570 | } else { |
2571 | xvp = nd->ni_vp; |
2572 | } |
2573 | } |
2574 | nameidone(nd); |
2575 | if (dvp != vp) { |
2576 | vnode_put(vp: dvp); /* drop iocount from LOCKPARENT request above */ |
2577 | } |
2578 | if (error) { |
2579 | goto out; |
2580 | } |
2581 | } else { |
2582 | if ((error = namei(ndp: nd))) { |
2583 | nd->ni_dvp = NULLVP; |
2584 | error = ENOATTR; |
2585 | goto out; |
2586 | } |
2587 | xvp = nd->ni_vp; |
2588 | nameidone(nd); |
2589 | } |
2590 | nd->ni_dvp = NULLVP; |
2591 | |
2592 | if (xvp->v_type != VREG) { |
2593 | error = ENOATTR; |
2594 | goto out; |
2595 | } |
2596 | /* |
2597 | * Owners must match. |
2598 | */ |
2599 | VATTR_INIT(va); |
2600 | VATTR_WANTED(va, va_uid); |
2601 | if (VNOP_GETATTR(vp, va, context) == 0 && VATTR_IS_SUPPORTED(va, va_uid)) { |
2602 | uid_t owner = va->va_uid; |
2603 | |
2604 | VATTR_INIT(va); |
2605 | VATTR_WANTED(va, va_uid); |
2606 | if (VNOP_GETATTR(xvp, va, context) == 0 && (owner != va->va_uid)) { |
2607 | error = ENOATTR; /* don't use this "._" file */ |
2608 | goto out; |
2609 | } |
2610 | } |
2611 | |
2612 | if ((error = VNOP_OPEN(xvp, fileflags & ~(O_EXLOCK | O_SHLOCK), context))) { |
2613 | error = ENOATTR; |
2614 | goto out; |
2615 | } |
2616 | opened = 1; |
2617 | |
2618 | if ((error = vnode_ref(vp: xvp))) { |
2619 | goto out; |
2620 | } |
2621 | referenced = 1; |
2622 | |
2623 | /* If create was requested, make sure file header exists. */ |
2624 | if (fileflags & O_CREAT) { |
2625 | VATTR_INIT(va); |
2626 | VATTR_WANTED(va, va_data_size); |
2627 | VATTR_WANTED(va, va_fileid); |
2628 | VATTR_WANTED(va, va_nlink); |
2629 | if ((error = vnode_getattr(vp: xvp, vap: va, ctx: context)) != 0) { |
2630 | error = EPERM; |
2631 | goto out; |
2632 | } |
2633 | |
2634 | /* If the file is empty then add a default header. */ |
2635 | if (va->va_data_size == 0) { |
2636 | /* Don't adopt hard-linked "._" files. */ |
2637 | if (VATTR_IS_SUPPORTED(va, va_nlink) && va->va_nlink > 1) { |
2638 | error = EPERM; |
2639 | goto out; |
2640 | } |
2641 | if ((error = create_xattrfile(xvp, fileid: (u_int32_t)va->va_fileid, context))) { |
2642 | goto out; |
2643 | } |
2644 | } |
2645 | } |
2646 | /* Apply file locking if requested. */ |
2647 | if (fileflags & (O_EXLOCK | O_SHLOCK)) { |
2648 | short locktype; |
2649 | |
2650 | locktype = (fileflags & O_EXLOCK) ? F_WRLCK : F_RDLCK; |
2651 | error = lock_xattrfile(xvp, locktype, context); |
2652 | if (error) { |
2653 | error = ENOATTR; |
2654 | } |
2655 | } |
2656 | out: |
2657 | if (error) { |
2658 | if (xvp != NULLVP) { |
2659 | if (opened) { |
2660 | (void) VNOP_CLOSE(xvp, fileflags, context); |
2661 | } |
2662 | |
2663 | if (fileflags & O_CREAT) { |
2664 | /* Delete the xattr file if we encountered any errors */ |
2665 | (void) remove_xattrfile(xvp, context); |
2666 | } |
2667 | |
2668 | if (referenced) { |
2669 | (void) vnode_rele(vp: xvp); |
2670 | } |
2671 | (void) vnode_put(vp: xvp); |
2672 | xvp = NULLVP; |
2673 | } |
2674 | if ((error == ENOATTR) && (fileflags & O_CREAT)) { |
2675 | error = EPERM; |
2676 | } |
2677 | } |
2678 | /* Release resources after error-handling */ |
2679 | kfree_type(struct nameidata, nd); |
2680 | kfree_type(struct vnode_attr, va); |
2681 | if (dvp && (dvp != vp)) { |
2682 | vnode_put(vp: dvp); |
2683 | } |
2684 | if (basename) { |
2685 | vnode_putname(name: basename); |
2686 | } |
2687 | if (filename && filename != &smallname[0]) { |
2688 | kfree_data(filename, alloc_len); |
2689 | } |
2690 | |
2691 | *xvpp = xvp; /* return a referenced vnode */ |
2692 | return error; |
2693 | } |
2694 | |
2695 | static void |
2696 | close_xattrfile(vnode_t xvp, int fileflags, vfs_context_t context) |
2697 | { |
2698 | // if (fileflags & FWRITE) |
2699 | // (void) VNOP_FSYNC(xvp, MNT_WAIT, context); |
2700 | |
2701 | if (fileflags & (O_EXLOCK | O_SHLOCK)) { |
2702 | (void) unlock_xattrfile(xvp, context); |
2703 | } |
2704 | |
2705 | (void) VNOP_CLOSE(xvp, fileflags, context); |
2706 | (void) vnode_rele(vp: xvp); |
2707 | (void) vnode_put(vp: xvp); |
2708 | } |
2709 | |
2710 | static int |
2711 | remove_xattrfile(vnode_t xvp, vfs_context_t context) |
2712 | { |
2713 | vnode_t dvp; |
2714 | struct nameidata nd; |
2715 | char *path = NULL; |
2716 | int pathlen; |
2717 | int error = 0; |
2718 | |
2719 | path = zalloc(view: ZV_NAMEI); |
2720 | pathlen = MAXPATHLEN; |
2721 | error = vn_getpath(vp: xvp, pathbuf: path, len: &pathlen); |
2722 | if (error) { |
2723 | zfree(ZV_NAMEI, path); |
2724 | return error; |
2725 | } |
2726 | |
2727 | NDINIT(&nd, DELETE, OP_UNLINK, LOCKPARENT | NOFOLLOW | DONOTAUTH, |
2728 | UIO_SYSSPACE, CAST_USER_ADDR_T(path), context); |
2729 | error = namei(ndp: &nd); |
2730 | zfree(ZV_NAMEI, path); |
2731 | if (error) { |
2732 | return error; |
2733 | } |
2734 | dvp = nd.ni_dvp; |
2735 | xvp = nd.ni_vp; |
2736 | |
2737 | error = VNOP_REMOVE(dvp, xvp, &nd.ni_cnd, 0, context); |
2738 | nameidone(&nd); |
2739 | vnode_put(vp: dvp); |
2740 | vnode_put(vp: xvp); |
2741 | |
2742 | return error; |
2743 | } |
2744 | |
2745 | /* |
2746 | * Read in and parse the AppleDouble header and entries, and the extended |
2747 | * attribute header and entries if any. Populates the fields of ainfop |
2748 | * based on the headers and entries found. |
2749 | * |
2750 | * The basic idea is to: |
2751 | * - Read in up to ATTR_MAX_HDR_SIZE bytes of the start of the file. All |
2752 | * AppleDouble entries, the extended attribute header, and extended |
2753 | * attribute entries must lie within this part of the file; the rest of |
2754 | * the AppleDouble handling code assumes this. Plus it allows us to |
2755 | * somewhat optimize by doing a smaller number of larger I/Os. |
2756 | * - Swap and sanity check the AppleDouble header (including the AppleDouble |
2757 | * entries). |
2758 | * - Find the Finder Info and Resource Fork entries, if any. |
2759 | * - If we're going to be writing, try to make sure the Finder Info entry has |
2760 | * room to store the extended attribute header, plus some space for extended |
2761 | * attributes. |
2762 | * - Swap and sanity check the extended attribute header and entries (if any). |
2763 | */ |
2764 | static int |
2765 | get_xattrinfo(vnode_t xvp, int setting, attr_info_t *ainfop, vfs_context_t context) |
2766 | { |
2767 | uio_t auio = NULL; |
2768 | void * buffer = NULL; |
2769 | apple_double_header_t *filehdr; |
2770 | struct vnode_attr va; |
2771 | size_t iosize = 0; |
2772 | int i; |
2773 | int error; |
2774 | |
2775 | bzero(s: ainfop, n: sizeof(attr_info_t)); |
2776 | ainfop->filevp = xvp; |
2777 | ainfop->context = context; |
2778 | VATTR_INIT(&va); |
2779 | VATTR_WANTED(&va, va_data_size); |
2780 | VATTR_WANTED(&va, va_fileid); |
2781 | if ((error = vnode_getattr(vp: xvp, vap: &va, ctx: context))) { |
2782 | goto bail; |
2783 | } |
2784 | ainfop->filesize = va.va_data_size; |
2785 | |
2786 | /* When setting attributes, allow room for the header to grow. */ |
2787 | if (setting) { |
2788 | iosize = ATTR_MAX_HDR_SIZE; |
2789 | } else { |
2790 | iosize = MIN(ATTR_MAX_HDR_SIZE, ainfop->filesize); |
2791 | } |
2792 | |
2793 | if (iosize == 0 || iosize < sizeof(apple_double_header_t)) { |
2794 | error = ENOATTR; |
2795 | goto bail; |
2796 | } |
2797 | |
2798 | ainfop->iosize = iosize; |
2799 | buffer = kalloc_data(iosize, Z_WAITOK | Z_ZERO); |
2800 | if (buffer == NULL) { |
2801 | error = ENOMEM; |
2802 | goto bail; |
2803 | } |
2804 | |
2805 | auio = uio_create(a_iovcount: 1, a_offset: 0, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_READ); |
2806 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)buffer, a_length: iosize); |
2807 | |
2808 | /* Read the file header. */ |
2809 | error = VNOP_READ(vp: xvp, uio: auio, ioflag: 0, ctx: context); |
2810 | if (error) { |
2811 | goto bail; |
2812 | } |
2813 | ainfop->rawsize = iosize - uio_resid(a_uio: auio); |
2814 | ainfop->rawdata = (u_int8_t *)buffer; |
2815 | |
2816 | filehdr = (apple_double_header_t *)buffer; |
2817 | |
2818 | error = check_and_swap_apple_double_header(ainfop); |
2819 | if (error) { |
2820 | goto bail; |
2821 | } |
2822 | |
2823 | ainfop->filehdr = filehdr; /* valid AppleDouble header */ |
2824 | |
2825 | /* rel_xattrinfo is responsible for freeing the header buffer */ |
2826 | buffer = NULL; |
2827 | |
2828 | /* Find the Finder Info and Resource Fork entries, if any */ |
2829 | for (i = 0; i < filehdr->numEntries; ++i) { |
2830 | if (filehdr->entries[i].type == AD_FINDERINFO && |
2831 | filehdr->entries[i].length >= FINDERINFOSIZE) { |
2832 | /* We found the Finder Info entry. */ |
2833 | ainfop->finderinfo = &filehdr->entries[i]; |
2834 | |
2835 | /* At this point check_and_swap_apple_double_header() call above |
2836 | * verified that all apple double entires are valid: |
2837 | * they point somewhere within the file. |
2838 | * |
2839 | * Now for finderinfo make sure that the fixed portion |
2840 | * is within the buffer we read in. |
2841 | */ |
2842 | if (((ainfop->finderinfo->offset + FINDERINFOSIZE) > ainfop->finderinfo->offset) && |
2843 | ((ainfop->finderinfo->offset + FINDERINFOSIZE) <= ainfop->rawsize)) { |
2844 | /* |
2845 | * Is the Finder Info "empty" (all zeroes)? If so, |
2846 | * we'll pretend like the Finder Info extended attribute |
2847 | * does not exist. |
2848 | */ |
2849 | if (bcmp(s1: (u_int8_t*)ainfop->filehdr + ainfop->finderinfo->offset, s2: emptyfinfo, n: sizeof(emptyfinfo)) == 0) { |
2850 | ainfop->emptyfinderinfo = 1; |
2851 | } |
2852 | } else { |
2853 | error = ENOATTR; |
2854 | goto bail; |
2855 | } |
2856 | } |
2857 | if (filehdr->entries[i].type == AD_RESOURCE) { |
2858 | /* |
2859 | * Ignore zero-length resource forks when getting. If setting, |
2860 | * we need to remember the resource fork entry so it can be |
2861 | * updated once the new content has been written. |
2862 | */ |
2863 | if (filehdr->entries[i].length == 0 && !setting) { |
2864 | continue; |
2865 | } |
2866 | |
2867 | /* |
2868 | * Check to see if any "empty" resource fork is ours (i.e. is ignorable). |
2869 | * |
2870 | * The "empty" resource headers we created have a system data tag of: |
2871 | * "This resource fork intentionally left blank " |
2872 | */ |
2873 | if (filehdr->entries[i].length == sizeof(rsrcfork_header_t) && !setting) { |
2874 | uio_t rf_uio; |
2875 | u_int8_t systemData[64]; |
2876 | int rf_err; |
2877 | |
2878 | |
2879 | /* Read the system data which starts at byte 16 */ |
2880 | rf_uio = uio_create(a_iovcount: 1, a_offset: 0, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_READ); |
2881 | uio_addiov(a_uio: rf_uio, a_baseaddr: (uintptr_t)systemData, a_length: sizeof(systemData)); |
2882 | uio_setoffset(a_uio: rf_uio, a_offset: filehdr->entries[i].offset + 16); |
2883 | rf_err = VNOP_READ(vp: xvp, uio: rf_uio, ioflag: 0, ctx: context); |
2884 | uio_free(a_uio: rf_uio); |
2885 | |
2886 | if (rf_err != 0 || |
2887 | bcmp(s1: systemData, RF_EMPTY_TAG, n: sizeof(RF_EMPTY_TAG)) == 0) { |
2888 | continue; /* skip this resource fork */ |
2889 | } |
2890 | } |
2891 | ainfop->rsrcfork = &filehdr->entries[i]; |
2892 | if (i != (filehdr->numEntries - 1)) { |
2893 | printf("get_xattrinfo: resource fork not last entry\n" ); |
2894 | ainfop->readonly = 1; |
2895 | } |
2896 | continue; |
2897 | } |
2898 | } |
2899 | |
2900 | /* |
2901 | * See if this file looks like it is laid out correctly to contain |
2902 | * extended attributes. If so, then do the following: |
2903 | * |
2904 | * - If we're going to be writing, try to make sure the Finder Info |
2905 | * entry has room to store the extended attribute header, plus some |
2906 | * space for extended attributes. |
2907 | * |
2908 | * - Swap and sanity check the extended attribute header and entries |
2909 | * (if any). |
2910 | */ |
2911 | if (filehdr->numEntries == 2 && |
2912 | ainfop->finderinfo == &filehdr->entries[0] && |
2913 | ainfop->rsrcfork == &filehdr->entries[1] && |
2914 | ainfop->finderinfo->offset == offsetof(apple_double_header_t, finfo)) { |
2915 | attr_header_t *attrhdr; |
2916 | attrhdr = (attr_header_t *)filehdr; |
2917 | /* |
2918 | * If we're going to be writing, try to make sure the Finder |
2919 | * Info entry has room to store the extended attribute header, |
2920 | * plus some space for extended attributes. |
2921 | */ |
2922 | if (setting && ainfop->finderinfo->length == FINDERINFOSIZE) { |
2923 | size_t delta; |
2924 | size_t writesize; |
2925 | |
2926 | delta = ATTR_BUF_SIZE - (filehdr->entries[0].offset + FINDERINFOSIZE); |
2927 | if (ainfop->rsrcfork && filehdr->entries[1].length) { |
2928 | /* Make some room before existing resource fork. */ |
2929 | shift_data_down(xvp, |
2930 | start: filehdr->entries[1].offset, |
2931 | len: filehdr->entries[1].length, |
2932 | delta, context); |
2933 | writesize = sizeof(attr_header_t); |
2934 | } else { |
2935 | /* We are in case where existing resource fork of length 0, try to create a new, empty resource fork. */ |
2936 | rsrcfork_header_t *rsrcforkhdr; |
2937 | |
2938 | /* Do we have enough space in the header buffer for empty resource fork */ |
2939 | if (filehdr->entries[1].offset + delta + sizeof(rsrcfork_header_t) > ainfop->iosize) { |
2940 | /* we do not have space, bail for now */ |
2941 | error = ENOATTR; |
2942 | goto bail; |
2943 | } |
2944 | |
2945 | vnode_setsize(xvp, filehdr->entries[1].offset + delta, ioflag: 0, context); |
2946 | |
2947 | /* Steal some space for an empty RF header. */ |
2948 | delta -= sizeof(rsrcfork_header_t); |
2949 | |
2950 | bzero(s: &attrhdr->appledouble.pad[0], n: delta); |
2951 | rsrcforkhdr = (rsrcfork_header_t *)((char *)filehdr + filehdr->entries[1].offset + delta); |
2952 | |
2953 | /* Fill in Empty Resource Fork Header. */ |
2954 | init_empty_resource_fork(rsrcforkhdr); |
2955 | |
2956 | filehdr->entries[1].length = sizeof(rsrcfork_header_t); |
2957 | writesize = ATTR_BUF_SIZE; |
2958 | } |
2959 | filehdr->entries[0].length += delta; |
2960 | filehdr->entries[1].offset += delta; |
2961 | |
2962 | /* Fill in Attribute Header. */ |
2963 | attrhdr->magic = ATTR_HDR_MAGIC; |
2964 | attrhdr->debug_tag = (u_int32_t)va.va_fileid; |
2965 | attrhdr->total_size = filehdr->entries[1].offset; |
2966 | attrhdr->data_start = sizeof(attr_header_t); |
2967 | attrhdr->data_length = 0; |
2968 | attrhdr->reserved[0] = 0; |
2969 | attrhdr->reserved[1] = 0; |
2970 | attrhdr->reserved[2] = 0; |
2971 | attrhdr->flags = 0; |
2972 | attrhdr->num_attrs = 0; |
2973 | |
2974 | /* Push out new header */ |
2975 | uio_reset(a_uio: auio, a_offset: 0, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_WRITE); |
2976 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)filehdr, a_length: writesize); |
2977 | |
2978 | swap_adhdr(adh: filehdr); /* to big endian */ |
2979 | swap_attrhdr(ah: attrhdr, info: ainfop); /* to big endian */ |
2980 | error = VNOP_WRITE(vp: xvp, uio: auio, ioflag: 0, ctx: context); |
2981 | swap_adhdr(adh: filehdr); /* back to native */ |
2982 | /* The attribute header gets swapped below. */ |
2983 | } |
2984 | } |
2985 | /* |
2986 | * Swap and sanity check the extended attribute header and |
2987 | * entries (if any). The Finder Info content must be big enough |
2988 | * to include the extended attribute header; if not, we just |
2989 | * ignore it. |
2990 | * |
2991 | * Note that we're passing the offset + length (i.e. the end) |
2992 | * of the Finder Info instead of rawsize to validate_attrhdr. |
2993 | * This ensures that all extended attributes lie within the |
2994 | * Finder Info content according to the AppleDouble entry. |
2995 | * |
2996 | * Sets ainfop->attrhdr and ainfop->attr_entry if a valid |
2997 | * header was found. |
2998 | */ |
2999 | if (ainfop->finderinfo && |
3000 | ainfop->finderinfo == &filehdr->entries[0] && |
3001 | ainfop->finderinfo->length >= (sizeof(attr_header_t) - sizeof(apple_double_header_t))) { |
3002 | attr_header_t *attrhdr = (attr_header_t*)filehdr; |
3003 | |
3004 | if (ainfop->finderinfo->offset != offsetof(apple_double_header_t, finfo)) { |
3005 | error = ENOATTR; |
3006 | goto bail; |
3007 | } |
3008 | |
3009 | if ((error = check_and_swap_attrhdr(ah: attrhdr, ainfop)) == 0) { |
3010 | ainfop->attrhdr = attrhdr; /* valid attribute header */ |
3011 | /* First attr_entry starts immediately following attribute header */ |
3012 | ainfop->attr_entry = (attr_entry_t *)&attrhdr[1]; |
3013 | } |
3014 | } |
3015 | |
3016 | error = 0; |
3017 | bail: |
3018 | if (auio != NULL) { |
3019 | uio_free(a_uio: auio); |
3020 | } |
3021 | kfree_data(buffer, iosize); |
3022 | return error; |
3023 | } |
3024 | |
3025 | |
3026 | static int |
3027 | create_xattrfile(vnode_t xvp, u_int32_t fileid, vfs_context_t context) |
3028 | { |
3029 | attr_header_t *xah; |
3030 | rsrcfork_header_t *rsrcforkhdr; |
3031 | void * buffer; |
3032 | uio_t auio; |
3033 | int rsrcforksize; |
3034 | int error; |
3035 | |
3036 | buffer = kalloc_data(ATTR_BUF_SIZE, Z_WAITOK | Z_ZERO); |
3037 | |
3038 | xah = (attr_header_t *)buffer; |
3039 | auio = uio_create(a_iovcount: 1, a_offset: 0, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_WRITE); |
3040 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)buffer, ATTR_BUF_SIZE); |
3041 | rsrcforksize = sizeof(rsrcfork_header_t); |
3042 | rsrcforkhdr = (rsrcfork_header_t *) ((char *)buffer + ATTR_BUF_SIZE - rsrcforksize); |
3043 | |
3044 | /* Fill in Apple Double Header. */ |
3045 | xah->appledouble.magic = SWAP32(ADH_MAGIC); |
3046 | xah->appledouble.version = SWAP32(ADH_VERSION); |
3047 | xah->appledouble.numEntries = SWAP16(2); |
3048 | xah->appledouble.entries[0].type = SWAP32(AD_FINDERINFO); |
3049 | xah->appledouble.entries[0].offset = SWAP32(offsetof(apple_double_header_t, finfo)); |
3050 | xah->appledouble.entries[0].length = SWAP32(ATTR_BUF_SIZE - offsetof(apple_double_header_t, finfo) - rsrcforksize); |
3051 | xah->appledouble.entries[1].type = SWAP32(AD_RESOURCE); |
3052 | xah->appledouble.entries[1].offset = SWAP32(ATTR_BUF_SIZE - rsrcforksize); |
3053 | xah->appledouble.entries[1].length = SWAP32(rsrcforksize); |
3054 | bcopy(ADH_MACOSX, dst: xah->appledouble.filler, n: sizeof(xah->appledouble.filler)); |
3055 | |
3056 | /* Fill in Attribute Header. */ |
3057 | xah->magic = SWAP32(ATTR_HDR_MAGIC); |
3058 | xah->debug_tag = SWAP32(fileid); |
3059 | xah->total_size = SWAP32(ATTR_BUF_SIZE - rsrcforksize); |
3060 | xah->data_start = SWAP32(sizeof(attr_header_t)); |
3061 | |
3062 | /* Fill in Empty Resource Fork Header. */ |
3063 | init_empty_resource_fork(rsrcforkhdr); |
3064 | |
3065 | /* Push it out. */ |
3066 | error = VNOP_WRITE(vp: xvp, uio: auio, IO_UNIT, ctx: context); |
3067 | |
3068 | /* Did we write out the full uio? */ |
3069 | if (uio_resid(a_uio: auio) > 0) { |
3070 | error = ENOSPC; |
3071 | } |
3072 | |
3073 | uio_free(a_uio: auio); |
3074 | kfree_data(buffer, ATTR_BUF_SIZE); |
3075 | |
3076 | return error; |
3077 | } |
3078 | |
3079 | static void |
3080 | init_empty_resource_fork(rsrcfork_header_t * rsrcforkhdr) |
3081 | { |
3082 | bzero(s: rsrcforkhdr, n: sizeof(rsrcfork_header_t)); |
3083 | rsrcforkhdr->fh_DataOffset = SWAP32(RF_FIRST_RESOURCE); |
3084 | rsrcforkhdr->fh_MapOffset = SWAP32(RF_FIRST_RESOURCE); |
3085 | rsrcforkhdr->fh_MapLength = SWAP32(RF_NULL_MAP_LENGTH); |
3086 | rsrcforkhdr->mh_DataOffset = SWAP32(RF_FIRST_RESOURCE); |
3087 | rsrcforkhdr->mh_MapOffset = SWAP32(RF_FIRST_RESOURCE); |
3088 | rsrcforkhdr->mh_MapLength = SWAP32(RF_NULL_MAP_LENGTH); |
3089 | rsrcforkhdr->mh_Types = SWAP16(RF_NULL_MAP_LENGTH - 2 ); |
3090 | rsrcforkhdr->mh_Names = SWAP16(RF_NULL_MAP_LENGTH); |
3091 | rsrcforkhdr->typeCount = SWAP16(-1); |
3092 | bcopy(RF_EMPTY_TAG, dst: rsrcforkhdr->systemData, n: sizeof(RF_EMPTY_TAG)); |
3093 | } |
3094 | |
3095 | static void |
3096 | rel_xattrinfo(attr_info_t *ainfop) |
3097 | { |
3098 | kfree_data_addr(ainfop->filehdr); |
3099 | bzero(s: ainfop, n: sizeof(attr_info_t)); |
3100 | } |
3101 | |
3102 | static int |
3103 | write_xattrinfo(attr_info_t *ainfop) |
3104 | { |
3105 | uio_t auio; |
3106 | int error; |
3107 | |
3108 | auio = uio_create(a_iovcount: 1, a_offset: 0, a_spacetype: UIO_SYSSPACE, a_iodirection: UIO_WRITE); |
3109 | uio_addiov(a_uio: auio, a_baseaddr: (uintptr_t)ainfop->filehdr, a_length: ainfop->iosize); |
3110 | |
3111 | swap_adhdr(adh: ainfop->filehdr); |
3112 | if (ainfop->attrhdr != NULL) { |
3113 | swap_attrhdr(ah: ainfop->attrhdr, info: ainfop); |
3114 | } |
3115 | |
3116 | error = VNOP_WRITE(vp: ainfop->filevp, uio: auio, ioflag: 0, ctx: ainfop->context); |
3117 | |
3118 | swap_adhdr(adh: ainfop->filehdr); |
3119 | if (ainfop->attrhdr != NULL) { |
3120 | swap_attrhdr(ah: ainfop->attrhdr, info: ainfop); |
3121 | } |
3122 | uio_free(a_uio: auio); |
3123 | |
3124 | return error; |
3125 | } |
3126 | |
3127 | #if BYTE_ORDER == LITTLE_ENDIAN |
3128 | /* |
3129 | * Endian swap apple double header |
3130 | */ |
3131 | static void |
3132 | swap_adhdr(apple_double_header_t *adh) |
3133 | { |
3134 | int count; |
3135 | int i; |
3136 | |
3137 | count = (adh->magic == ADH_MAGIC) ? adh->numEntries : SWAP16(adh->numEntries); |
3138 | |
3139 | adh->magic = SWAP32(adh->magic); |
3140 | adh->version = SWAP32(adh->version); |
3141 | adh->numEntries = SWAP16(adh->numEntries); |
3142 | |
3143 | for (i = 0; i < count; i++) { |
3144 | adh->entries[i].type = SWAP32(adh->entries[i].type); |
3145 | adh->entries[i].offset = SWAP32(adh->entries[i].offset); |
3146 | adh->entries[i].length = SWAP32(adh->entries[i].length); |
3147 | } |
3148 | } |
3149 | |
3150 | /* |
3151 | * Endian swap extended attributes header |
3152 | */ |
3153 | static void |
3154 | swap_attrhdr(attr_header_t *ah, attr_info_t* info) |
3155 | { |
3156 | attr_entry_t *ae; |
3157 | int count; |
3158 | int i; |
3159 | |
3160 | count = (ah->magic == ATTR_HDR_MAGIC) ? ah->num_attrs : SWAP16(ah->num_attrs); |
3161 | |
3162 | ah->magic = SWAP32(ah->magic); |
3163 | ah->debug_tag = SWAP32(ah->debug_tag); |
3164 | ah->total_size = SWAP32(ah->total_size); |
3165 | ah->data_start = SWAP32(ah->data_start); |
3166 | ah->data_length = SWAP32(ah->data_length); |
3167 | ah->flags = SWAP16(ah->flags); |
3168 | ah->num_attrs = SWAP16(ah->num_attrs); |
3169 | |
3170 | ae = (attr_entry_t *)(&ah[1]); |
3171 | for (i = 0; i < count && ATTR_VALID(ae, *info); i++, ae = ATTR_NEXT(ae)) { |
3172 | ae->offset = SWAP32(ae->offset); |
3173 | ae->length = SWAP32(ae->length); |
3174 | ae->flags = SWAP16(ae->flags); |
3175 | } |
3176 | } |
3177 | #endif |
3178 | |
3179 | /* |
3180 | * Validate and swap the attributes header contents, and each attribute's |
3181 | * attr_entry_t. |
3182 | * |
3183 | * Note: Assumes the caller has verified that the Finder Info content is large |
3184 | * enough to contain the attr_header structure itself. Therefore, we can |
3185 | * swap the header fields before sanity checking them. |
3186 | */ |
3187 | static int |
3188 | check_and_swap_attrhdr(attr_header_t *ah, attr_info_t *ainfop) |
3189 | { |
3190 | attr_entry_t *ae; |
3191 | u_int8_t *buf_end; |
3192 | u_int32_t end; |
3193 | int count; |
3194 | int i; |
3195 | uint32_t ; |
3196 | uint32_t total_data_size; |
3197 | |
3198 | if (ah == NULL) { |
3199 | return EINVAL; |
3200 | } |
3201 | |
3202 | if (SWAP32(ah->magic) != ATTR_HDR_MAGIC) { |
3203 | return EINVAL; |
3204 | } |
3205 | |
3206 | /* Swap the basic header fields */ |
3207 | ah->magic = SWAP32(ah->magic); |
3208 | ah->debug_tag = SWAP32(ah->debug_tag); |
3209 | ah->total_size = SWAP32(ah->total_size); |
3210 | ah->data_start = SWAP32(ah->data_start); |
3211 | ah->data_length = SWAP32(ah->data_length); |
3212 | ah->flags = SWAP16(ah->flags); |
3213 | ah->num_attrs = SWAP16(ah->num_attrs); |
3214 | |
3215 | /* |
3216 | * Make sure the total_size fits within the Finder Info area, and the |
3217 | * extended attribute data area fits within total_size. |
3218 | */ |
3219 | end = ah->data_start + ah->data_length; |
3220 | if (ah->total_size > ainfop->finderinfo->offset + ainfop->finderinfo->length || |
3221 | ah->data_start < sizeof(attr_header_t) || |
3222 | end < ah->data_start || |
3223 | end > ah->total_size) { |
3224 | return EINVAL; |
3225 | } |
3226 | |
3227 | /* |
3228 | * Make sure each of the attr_entry_t's fits within total_size. |
3229 | */ |
3230 | buf_end = ainfop->rawdata + ah->data_start; |
3231 | if (buf_end > ainfop->rawdata + ainfop->rawsize) { |
3232 | return EINVAL; |
3233 | } |
3234 | count = ah->num_attrs; |
3235 | if (count > 256) { |
3236 | return EINVAL; |
3237 | } |
3238 | ae = (attr_entry_t *)(&ah[1]); |
3239 | |
3240 | total_header_size = sizeof(attr_header_t); |
3241 | total_data_size = 0; |
3242 | for (i = 0; i < count; i++) { |
3243 | /* Make sure the fixed-size part of this attr_entry_t fits. */ |
3244 | if ((u_int8_t *) &ae[1] > buf_end) { |
3245 | return EINVAL; |
3246 | } |
3247 | |
3248 | /* Make sure the variable-length name fits */ |
3249 | if (&ae->name[ae->namelen] > buf_end) { |
3250 | return EINVAL; |
3251 | } |
3252 | |
3253 | /* Make sure that namelen is matching name's real length, namelen included NUL */ |
3254 | if (strnlen(s: (const char *)ae->name, n: ae->namelen) != ae->namelen - 1) { |
3255 | return EINVAL; |
3256 | } |
3257 | |
3258 | /* Swap the attribute entry fields */ |
3259 | ae->offset = SWAP32(ae->offset); |
3260 | ae->length = SWAP32(ae->length); |
3261 | ae->flags = SWAP16(ae->flags); |
3262 | |
3263 | /* Make sure the attribute content fits and points to the data part */ |
3264 | end = ae->offset + ae->length; |
3265 | if (end < ae->offset || end > ah->total_size) { |
3266 | return EINVAL; |
3267 | } |
3268 | |
3269 | /* Make sure entry points to data section and not header */ |
3270 | if (ae->offset < ah->data_start || end > ah->data_start + ah->data_length) { |
3271 | return EINVAL; |
3272 | } |
3273 | |
3274 | /* We verified namelen is ok above, so add this entry's size to a total */ |
3275 | if (os_add_overflow(total_header_size, ATTR_ENTRY_LENGTH(ae->namelen), &total_header_size)) { |
3276 | return EINVAL; |
3277 | } |
3278 | |
3279 | /* We verified that entry's length is within data section, so add it to running size total */ |
3280 | if (os_add_overflow(total_data_size, ae->length, &total_data_size)) { |
3281 | return EINVAL; |
3282 | } |
3283 | |
3284 | ae = ATTR_NEXT(ae); |
3285 | } |
3286 | |
3287 | |
3288 | /* make sure data_start is actually after all the xattr key entries */ |
3289 | if (ah->data_start < total_header_size) { |
3290 | return EINVAL; |
3291 | } |
3292 | |
3293 | /* make sure all entries' data length add to header's idea of data length */ |
3294 | if (total_data_size != ah->data_length) { |
3295 | return EINVAL; |
3296 | } |
3297 | |
3298 | return 0; |
3299 | } |
3300 | |
3301 | // |
3302 | // "start" & "end" are byte offsets in the file. |
3303 | // "to" is the byte offset we want to move the |
3304 | // data to. "to" should be > "start". |
3305 | // |
3306 | // we do the copy backwards to avoid problems if |
3307 | // there's an overlap. |
3308 | // |
3309 | static int |
3310 | shift_data_down(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context) |
3311 | { |
3312 | int ret, iolen; |
3313 | size_t chunk, orig_chunk; |
3314 | char *buff; |
3315 | off_t pos; |
3316 | kauth_cred_t ucred = vfs_context_ucred(ctx: context); |
3317 | proc_t p = vfs_context_proc(ctx: context); |
3318 | |
3319 | if (delta == 0 || len == 0) { |
3320 | return 0; |
3321 | } |
3322 | |
3323 | chunk = 4096; |
3324 | if (len < chunk) { |
3325 | chunk = len; |
3326 | } |
3327 | orig_chunk = chunk; |
3328 | |
3329 | buff = kalloc_data(chunk, Z_WAITOK); |
3330 | if (buff == NULL) { |
3331 | return ENOMEM; |
3332 | } |
3333 | |
3334 | for (pos = start + len - chunk; pos >= start; pos -= chunk) { |
3335 | ret = vn_rdwr(rw: UIO_READ, vp: xvp, base: buff, len: (int)chunk, offset: pos, segflg: UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, cred: ucred, aresid: &iolen, p); |
3336 | if (iolen != 0) { |
3337 | printf("xattr:shift_data: error reading data @ %lld (read %d of %lu) (%d)\n" , |
3338 | pos, ret, chunk, ret); |
3339 | break; |
3340 | } |
3341 | |
3342 | ret = vn_rdwr(rw: UIO_WRITE, vp: xvp, base: buff, len: (int)chunk, offset: pos + delta, segflg: UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, cred: ucred, aresid: &iolen, p); |
3343 | if (iolen != 0) { |
3344 | printf("xattr:shift_data: error writing data @ %lld (wrote %d of %lu) (%d)\n" , |
3345 | pos + delta, ret, chunk, ret); |
3346 | break; |
3347 | } |
3348 | |
3349 | if ((pos - (off_t)chunk) < start) { |
3350 | chunk = pos - start; |
3351 | |
3352 | if (chunk == 0) { // we're all done |
3353 | break; |
3354 | } |
3355 | } |
3356 | } |
3357 | |
3358 | kfree_data(buff, orig_chunk); |
3359 | return 0; |
3360 | } |
3361 | |
3362 | |
3363 | static int |
3364 | shift_data_up(vnode_t xvp, off_t start, size_t len, off_t delta, vfs_context_t context) |
3365 | { |
3366 | int ret, iolen; |
3367 | size_t chunk, orig_chunk; |
3368 | char *buff; |
3369 | off_t pos; |
3370 | off_t end; |
3371 | kauth_cred_t ucred = vfs_context_ucred(ctx: context); |
3372 | proc_t p = vfs_context_proc(ctx: context); |
3373 | |
3374 | if (delta == 0 || len == 0) { |
3375 | return 0; |
3376 | } |
3377 | |
3378 | chunk = 4096; |
3379 | if (len < chunk) { |
3380 | chunk = len; |
3381 | } |
3382 | orig_chunk = chunk; |
3383 | end = start + len; |
3384 | |
3385 | buff = kalloc_data(chunk, Z_WAITOK); |
3386 | if (buff == NULL) { |
3387 | return ENOMEM; |
3388 | } |
3389 | |
3390 | for (pos = start; pos < end; pos += chunk) { |
3391 | ret = vn_rdwr(rw: UIO_READ, vp: xvp, base: buff, len: (int)chunk, offset: pos, segflg: UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, cred: ucred, aresid: &iolen, p); |
3392 | if (iolen != 0) { |
3393 | printf("xattr:shift_data: error reading data @ %lld (read %d of %lu) (%d)\n" , |
3394 | pos, ret, chunk, ret); |
3395 | break; |
3396 | } |
3397 | |
3398 | ret = vn_rdwr(rw: UIO_WRITE, vp: xvp, base: buff, len: (int)chunk, offset: pos - delta, segflg: UIO_SYSSPACE, IO_NODELOCKED | IO_NOAUTH, cred: ucred, aresid: &iolen, p); |
3399 | if (iolen != 0) { |
3400 | printf("xattr:shift_data: error writing data @ %lld (wrote %d of %lu) (%d)\n" , |
3401 | pos + delta, ret, chunk, ret); |
3402 | break; |
3403 | } |
3404 | |
3405 | if ((pos + (off_t)chunk) > end) { |
3406 | chunk = end - pos; |
3407 | |
3408 | if (chunk == 0) { // we're all done |
3409 | break; |
3410 | } |
3411 | } |
3412 | } |
3413 | |
3414 | kfree_data(buff, orig_chunk); |
3415 | return 0; |
3416 | } |
3417 | |
3418 | static int |
3419 | lock_xattrfile(vnode_t xvp, short locktype, vfs_context_t context) |
3420 | { |
3421 | struct flock lf; |
3422 | int error; |
3423 | |
3424 | lf.l_whence = SEEK_SET; |
3425 | lf.l_start = 0; |
3426 | lf.l_len = 0; |
3427 | lf.l_type = locktype; /* F_WRLCK or F_RDLCK */ |
3428 | /* Note: id is just a kernel address that's not a proc */ |
3429 | error = VNOP_ADVLOCK(xvp, (caddr_t)xvp, F_SETLK, &lf, F_FLOCK | F_WAIT, context, NULL); |
3430 | return error == ENOTSUP ? 0 : error; |
3431 | } |
3432 | |
3433 | int |
3434 | unlock_xattrfile(vnode_t xvp, vfs_context_t context) |
3435 | { |
3436 | struct flock lf; |
3437 | int error; |
3438 | |
3439 | lf.l_whence = SEEK_SET; |
3440 | lf.l_start = 0; |
3441 | lf.l_len = 0; |
3442 | lf.l_type = F_UNLCK; |
3443 | /* Note: id is just a kernel address that's not a proc */ |
3444 | error = VNOP_ADVLOCK(xvp, (caddr_t)xvp, F_UNLCK, &lf, F_FLOCK, context, NULL); |
3445 | return error == ENOTSUP ? 0 : error; |
3446 | } |
3447 | |
3448 | #else /* CONFIG_APPLEDOUBLE */ |
3449 | |
3450 | |
3451 | static int |
3452 | default_getxattr(__unused vnode_t vp, __unused const char *name, |
3453 | __unused uio_t uio, __unused size_t *size, __unused int options, |
3454 | __unused vfs_context_t context) |
3455 | { |
3456 | return ENOTSUP; |
3457 | } |
3458 | |
3459 | static int |
3460 | default_setxattr(__unused vnode_t vp, __unused const char *name, |
3461 | __unused uio_t uio, __unused int options, __unused vfs_context_t context) |
3462 | { |
3463 | return ENOTSUP; |
3464 | } |
3465 | |
3466 | static int |
3467 | default_listxattr(__unused vnode_t vp, |
3468 | __unused uio_t uio, __unused size_t *size, __unused int options, |
3469 | __unused vfs_context_t context) |
3470 | { |
3471 | return ENOTSUP; |
3472 | } |
3473 | |
3474 | static int |
3475 | default_removexattr(__unused vnode_t vp, __unused const char *name, |
3476 | __unused int options, __unused vfs_context_t context) |
3477 | { |
3478 | return ENOTSUP; |
3479 | } |
3480 | |
3481 | #endif /* CONFIG_APPLEDOUBLE */ |
3482 | |