add utimes call; protection fixes galore

[unix-history] / usr / src / sys / ufs / lfs / lfs_vnops.c
diff --git a/usr/src/sys/ufs/lfs/lfs_vnops.c b/usr/src/sys/ufs/lfs/lfs_vnops.c

index 0141aae..3265194 100644 (file)
--- a/usr/src/sys/ufs/lfs/lfs_vnops.c
+++ b/usr/src/sys/ufs/lfs/lfs_vnops.c
@@ -1,4 +1,4 @@
-/*     lfs_vnops.c     4.44    82/12/19        */
+/*     lfs_vnops.c     4.54    83/03/31        */
  
  #include "../h/param.h"
  #include "../h/systm.h"
  
  #include "../h/param.h"
  #include "../h/systm.h"
@@ -265,7 +265,7 @@ link()
                 u.u_error = EXDEV;
                 goto out;
         }
                 u.u_error = EXDEV;
                 goto out;
         }
-       direnter(ip);
+       u.u_error = direnter(ip);
  out:
         if (u.u_error) {
                 ip->i_nlink--;
  out:
         if (u.u_error) {
                 ip->i_nlink--;
@@ -496,8 +496,11 @@ stat1(ip, ub)
         ds.st_rdev = (dev_t)ip->i_rdev;
         ds.st_size = ip->i_size;
         ds.st_atime = ip->i_atime;
         ds.st_rdev = (dev_t)ip->i_rdev;
         ds.st_size = ip->i_size;
         ds.st_atime = ip->i_atime;
+       ds.st_spare1 = 0;
         ds.st_mtime = ip->i_mtime;
         ds.st_mtime = ip->i_mtime;
+       ds.st_spare2 = 0;
         ds.st_ctime = ip->i_ctime;
         ds.st_ctime = ip->i_ctime;
+       ds.st_spare3 = 0;
         /* this doesn't belong here */
         if ((ip->i_mode&IFMT) == IFBLK)
                 ds.st_blksize = BLKDEV_IOSIZE;
         /* this doesn't belong here */
         if ((ip->i_mode&IFMT) == IFBLK)
                 ds.st_blksize = BLKDEV_IOSIZE;
@@ -505,8 +508,8 @@ stat1(ip, ub)
                 ds.st_blksize = MAXBSIZE;
         else
                 ds.st_blksize = ip->i_fs->fs_bsize;
                 ds.st_blksize = MAXBSIZE;
         else
                 ds.st_blksize = ip->i_fs->fs_bsize;
-       if (copyout((caddr_t)&ds, (caddr_t)ub, sizeof(ds)) < 0)
-               u.u_error = EFAULT;
+       ds.st_spare4[0] = ds.st_spare4[1] = ds.st_spare4[2] = 0;
+       u.u_error = copyout((caddr_t)&ds, (caddr_t)ub, sizeof(ds));
  }
  
  /*
  }
  
  /*
@@ -594,14 +597,10 @@ chmod1(ip, mode)
         ip->i_mode &= ~07777;
         if (u.u_uid) {
                 mode &= ~ISVTX;
         ip->i_mode &= ~07777;
         if (u.u_uid) {
                 mode &= ~ISVTX;
-               for (gp = u.u_groups; gp < &u.u_groups[NGROUPS]; gp++)
-                       if (*gp == ip->i_gid)
-                               goto ok;
-               mode &= ~ISGID;
-ok:
-               ;
+               if (!groupmember(ip->i_gid))
+                       mode &= ~ISGID;
  #ifdef MUSH
  #ifdef MUSH
-               if (u.u_quota->q_syflags & QF_UMASK && u.u_uid != 0 &&
+               if (u.u_quota->q_syflags & QF_UMASK && 
                     (ip->i_mode & IFMT) != IFCHR)
                         mode &= ~u.u_cmask;
  #endif
                     (ip->i_mode & IFMT) != IFCHR)
                         mode &= ~u.u_cmask;
  #endif
@@ -625,9 +624,9 @@ chown()
         } *uap;
  
         uap = (struct a *)u.u_ap;
         } *uap;
  
         uap = (struct a *)u.u_ap;
-       if (!suser() || (ip = owner(0)) == NULL)
+       if ((ip = owner(0)) == NULL)
                 return;
                 return;
-       chown1(ip, uap->uid, uap->gid);
+       u.u_error = chown1(ip, uap->uid, uap->gid);
         iput(ip);
  }
  
         iput(ip);
  }
  
@@ -653,10 +652,10 @@ fchown()
                 return;
         }
         ip = fp->f_inode;
                 return;
         }
         ip = fp->f_inode;
-       if (!suser())
+       if (ip->i_uid != u.u_uid && !suser())
                 return;
         ilock(ip);
                 return;
         ilock(ip);
-       chown1(ip, uap->uid, uap->gid);
+       u.u_error = chown1(ip, uap->uid, uap->gid);
         iunlock(ip);
  }
  
         iunlock(ip);
  }
  
@@ -670,7 +669,15 @@ chown1(ip, uid, gid)
  {
  #ifdef QUOTA
         register long change;
  {
  #ifdef QUOTA
         register long change;
+#endif
  
  
+       if (uid == -1)
+               uid = ip->i_uid;
+       if (gid == -1)
+               gid = ip->i_gid;
+       if (u.u_uid && ip->i_gid != gid && !groupmember(gid))
+               return (EPERM);
+#ifdef QUOTA
         /*
          * This doesn't allow for holes in files (which hopefully don't
          * happen often in files that we chown), and is not accurate anyway
         /*
          * This doesn't allow for holes in files (which hopefully don't
          * happen often in files that we chown), and is not accurate anyway
@@ -699,14 +706,8 @@ chown1(ip, uid, gid)
         (void)chkiq(ip->i_dev, ip, ip->i_uid, 1);
         dqrele(ip->i_dquot);
  #endif
         (void)chkiq(ip->i_dev, ip, ip->i_uid, 1);
         dqrele(ip->i_dquot);
  #endif
-       /*
-        * keep uid/gid's in sane range -- no err,
-        * so chown(file, uid, -1) will do something useful
-        */
-       if (uid >= 0 && uid <= 32767)   /* should have a constant */
-               ip->i_uid = uid;
-       if (gid >= 0 && gid <= 32767)   /* same here */
-               ip->i_gid = gid;
+       ip->i_uid = uid;
+       ip->i_gid = gid;
         ip->i_flag |= ICHG;
         if (u.u_ruid != 0)
                 ip->i_mode &= ~(ISUID|ISGID);
         ip->i_flag |= ICHG;
         if (u.u_ruid != 0)
                 ip->i_mode &= ~(ISUID|ISGID);
@@ -714,9 +715,12 @@ chown1(ip, uid, gid)
         ip->i_dquot = inoquota(ip);
         (void)chkdq(ip, change, 1);
         (void)chkiq(ip->i_dev, (struct inode *)NULL, uid, 1);
         ip->i_dquot = inoquota(ip);
         (void)chkdq(ip, change, 1);
         (void)chkiq(ip->i_dev, (struct inode *)NULL, uid, 1);
+       return (u.u_error);
  #endif
  #endif
+       return (0);
  }
  
  }
  
+#ifndef NOCOMPAT
  /*
   * Set IUPD and IACC times on file.
   * Can't set ICHG.
  /*
   * Set IUPD and IACC times on file.
   * Can't set ICHG.
@@ -726,17 +730,15 @@ outime()
         register struct a {
                 char    *fname;
                 time_t  *tptr;
         register struct a {
                 char    *fname;
                 time_t  *tptr;
-       } *uap;
+       } *uap = (struct a *)u.u_ap;
         register struct inode *ip;
         time_t tv[2];
         struct timeval tv0, tv1;
  
         register struct inode *ip;
         time_t tv[2];
         struct timeval tv0, tv1;
  
-       uap = (struct a *)u.u_ap;
         if ((ip = owner(1)) == NULL)
                 return;
         if ((ip = owner(1)) == NULL)
                 return;
-       if (copyin((caddr_t)uap->tptr, (caddr_t)tv, sizeof(tv))) {
-               u.u_error = EFAULT;
-       } else {
+       u.u_error = copyin((caddr_t)uap->tptr, (caddr_t)tv, sizeof (tv));
+       if (u.u_error == 0) {
                 ip->i_flag |= IACC|IUPD|ICHG;
                 tv0.tv_sec = tv[0]; tv0.tv_usec = 0;
                 tv1.tv_sec = tv[1]; tv1.tv_usec = 0;
                 ip->i_flag |= IACC|IUPD|ICHG;
                 tv0.tv_sec = tv[0]; tv0.tv_usec = 0;
                 tv1.tv_sec = tv[1]; tv1.tv_usec = 0;
@@ -744,6 +746,26 @@ outime()
         }
         iput(ip);
  }
         }
         iput(ip);
  }
+#endif
+
+utimes()
+{
+       register struct a {
+               char    *fname;
+               struct  timeval *tptr;
+       } *uap = (struct a *)u.u_ap;
+       register struct inode *ip;
+       struct timeval tv[2];
+
+       if ((ip = owner(1)) == NULL)
+               return;
+       u.u_error = copyin((caddr_t)uap->tptr, (caddr_t)tv, sizeof (tv));
+       if (u.u_error == 0) {
+               ip->i_flag |= IACC|IUPD|ICHG;
+               iupdat(ip, &tv[0], &tv[1], 0);
+       }
+       iput(ip);
+}
  
  /*
   * Flush any pending I/O.
  
  /*
   * Flush any pending I/O.
@@ -907,9 +929,10 @@ rename()
         } *uap;
         register struct inode *ip, *xp, *dp;
         int oldparent, parentdifferent, doingdirectory;
         } *uap;
         register struct inode *ip, *xp, *dp;
         int oldparent, parentdifferent, doingdirectory;
+       int error = 0;
  
         uap = (struct a *)u.u_ap;
  
         uap = (struct a *)u.u_ap;
-       ip = namei(uchar, LOOKUP | LOCKPARENT, 0);
+       ip = namei(uchar, DELETE | LOCKPARENT, 0);
         if (ip == NULL)
                 return;
         dp = u.u_pdir;
         if (ip == NULL)
                 return;
         dp = u.u_pdir;
@@ -919,20 +942,23 @@ rename()
  
                 d = &u.u_dent;
                 /*
  
                 d = &u.u_dent;
                 /*
-                * Avoid "." and ".." for obvious reasons.
+                * Avoid ".", "..", and aliases of "." for obvious reasons.
                  */
                  */
-               if (d->d_name[0] == '.') {
-                       if (d->d_namlen == 1 ||
-                           (d->d_namlen == 2 && d->d_name[1] == '.')) {
-                               u.u_error = EINVAL;
+               if ((d->d_namlen == 1 && d->d_name[0] == '.') ||
+                   (d->d_namlen == 2 && bcmp(d->d_name, "..", 2) == 0) ||
+                   (dp == ip)) {
+                       iput(dp);
+                       if (dp == ip)
+                               irele(ip);
+                       else
                                 iput(ip);
                                 iput(ip);
-                               return;
-                       }
+                       u.u_error = EINVAL;
+                       return;
                 }
                 oldparent = dp->i_number;
                 doingdirectory++;
         }
                 }
                 oldparent = dp->i_number;
                 doingdirectory++;
         }
-       irele(dp);
+       iput(dp);
  
         /*
          * 1) Bump link count while we're moving stuff
  
         /*
          * 1) Bump link count while we're moving stuff
@@ -951,9 +977,18 @@ rename()
          */
         u.u_dirp = (caddr_t)uap->to;
         xp = namei(uchar, CREATE | LOCKPARENT, 0);
          */
         u.u_dirp = (caddr_t)uap->to;
         xp = namei(uchar, CREATE | LOCKPARENT, 0);
-       if (u.u_error)
+       if (u.u_error) {
+               error = u.u_error;
                 goto out;
                 goto out;
+       }
         dp = u.u_pdir;
         dp = u.u_pdir;
+       /*
+        * If ".." must be changed (ie the directory gets a new
+        * parent) then the user must have write permission.
+        */
+       parentdifferent = oldparent != dp->i_number;
+       if (doingdirectory && parentdifferent && access(ip, IWRITE))
+               goto bad;
         /*
          * 2) If target doesn't exist, link the target
          *    to the source and unlink the source. 
         /*
          * 2) If target doesn't exist, link the target
          *    to the source and unlink the source. 
@@ -961,10 +996,16 @@ rename()
          *    entry to reference the source inode and
          *    expunge the original entry's existence.
          */
          *    entry to reference the source inode and
          *    expunge the original entry's existence.
          */
-       parentdifferent = oldparent != dp->i_number;
         if (xp == NULL) {
                 if (dp->i_dev != ip->i_dev) {
         if (xp == NULL) {
                 if (dp->i_dev != ip->i_dev) {
-                       u.u_error = EXDEV;
+                       error = EXDEV;
+                       goto bad;
+               }
+               /*
+                * Disallow rename(foo, foo/bar).
+                */
+               if (dp->i_number == ip->i_number) {
+                       error = EEXIST;
                         goto bad;
                 }
                 /*
                         goto bad;
                 }
                 /*
@@ -979,50 +1020,64 @@ rename()
                         dp->i_flag |= ICHG;
                         iupdat(dp, &time, &time, 1);
                 }
                         dp->i_flag |= ICHG;
                         iupdat(dp, &time, &time, 1);
                 }
-               direnter(ip);
-               if (u.u_error)
+               error = direnter(ip);
+               if (error)
                         goto out;
         } else {
                 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev) {
                         goto out;
         } else {
                 if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev) {
-                       u.u_error = EXDEV;
+                       error = EXDEV;
                         goto bad;
                 }
                 /*
                         goto bad;
                 }
                 /*
-                * Target must be empty if a directory.
+                * Short circuit rename(foo, foo).
+                */
+               if (xp->i_number == ip->i_number)
+                       goto bad;
+               /*
+                * Target must be empty if a directory
+                * and have no links to it.
                  * Also, insure source and target are
                  * compatible (both directories, or both
                  * not directories).
                  */
                 if ((xp->i_mode&IFMT) == IFDIR) {
                  * Also, insure source and target are
                  * compatible (both directories, or both
                  * not directories).
                  */
                 if ((xp->i_mode&IFMT) == IFDIR) {
-                       if (!dirempty(xp)) {
-                               u.u_error = ENOTEMPTY;
+                       if (!dirempty(xp) || xp->i_nlink > 2) {
+                               error = ENOTEMPTY;
                                 goto bad;
                         }
                         if (!doingdirectory) {
                                 goto bad;
                         }
                         if (!doingdirectory) {
-                               u.u_error = ENOTDIR;
+                               error = ENOTDIR;
                                 goto bad;
                         }
                 } else if (doingdirectory) {
                                 goto bad;
                         }
                 } else if (doingdirectory) {
-                       u.u_error = EISDIR;
+                       error = EISDIR;
                         goto bad;
                 }
                 dirrewrite(dp, ip);
                         goto bad;
                 }
                 dirrewrite(dp, ip);
-               if (u.u_error)
+               if (u.u_error) {
+                       error = u.u_error;
                         goto bad1;
                         goto bad1;
+               }
                 /*
                 /*
-                * If this is a directory we know it is
-                * empty and we can squash the inode and
-                * any space associated with it.  Otherwise,
-                * we've got a plain file and the link count
-                * simply needs to be adjusted.
+                * Adjust the link count of the target to
+                * reflect the dirrewrite above.  If this is
+                * a directory it is empty and there are
+                * no links to it, so we can squash the inode and
+                * any space associated with it.  We disallowed
+                * renaming over top of a directory with links to
+                * it above, as we've no way to determine if
+                * we've got a link or the directory itself, and
+                * if we get a link, then ".." will be screwed up.
                  */
                  */
+               xp->i_nlink--;
                 if (doingdirectory) {
                 if (doingdirectory) {
-                       xp->i_nlink = 0;
+                       if (--xp->i_nlink != 0)
+                               panic("rename: linked directory");
                         itrunc(xp, (u_long)0);
                         itrunc(xp, (u_long)0);
-               } else
-                       xp->i_nlink--;
+               }
                 xp->i_flag |= ICHG;
                 iput(xp);
                 xp->i_flag |= ICHG;
                 iput(xp);
+               xp = NULL;
         }
  
         /*
         }
  
         /*
@@ -1059,6 +1114,8 @@ rename()
                         ip->i_nlink--;
                         ip->i_flag |= ICHG;
                 }
                         ip->i_nlink--;
                         ip->i_flag |= ICHG;
                 }
+               if (error == 0)         /* conservative */
+                       error = u.u_error;
         }
         irele(ip);
         if (dp)
         }
         irele(ip);
         if (dp)
@@ -1072,7 +1129,7 @@ rename()
          *    and a lot shorter than when it was done
          *    in a user process.
          */
          *    and a lot shorter than when it was done
          *    in a user process.
          */
-       if (doingdirectory && parentdifferent && u.u_error == 0) {
+       if (doingdirectory && parentdifferent && error == 0) {
                 struct dirtemplate dirbuf;
  
                 u.u_dirp = uap->to;
                 struct dirtemplate dirbuf;
  
                 u.u_dirp = uap->to;
@@ -1086,9 +1143,9 @@ rename()
                         printf("rename: .. not a directory\n");
                         goto stuck;
                 }
                         printf("rename: .. not a directory\n");
                         goto stuck;
                 }
-               u.u_error = rdwri(UIO_READ, ip, (caddr_t)&dirbuf,
+               error = rdwri(UIO_READ, ip, (caddr_t)&dirbuf,
                         sizeof (struct dirtemplate), (off_t)0, 1, (int *)0);
                         sizeof (struct dirtemplate), (off_t)0, 1, (int *)0);
-               if (u.u_error == 0) {
+               if (error == 0) {
                         dirbuf.dotdot_ino = dp->i_number;
                         (void) rdwri(UIO_WRITE, ip, (caddr_t)&dirbuf,
                           sizeof (struct dirtemplate), (off_t)0, 1, (int *)0);
                         dirbuf.dotdot_ino = dp->i_number;
                         (void) rdwri(UIO_WRITE, ip, (caddr_t)&dirbuf,
                           sizeof (struct dirtemplate), (off_t)0, 1, (int *)0);
@@ -1097,16 +1154,20 @@ stuck:
                 irele(dp);
                 iput(ip);
         }
                 irele(dp);
                 iput(ip);
         }
-       return;
+       goto done;
+
  bad:
  bad:
-       iput(u.u_pdir);
+       iput(dp);
  bad1:
         if (xp)
  bad1:
         if (xp)
-               irele(xp);
+               iput(xp);
  out:
         ip->i_nlink--;
         ip->i_flag |= ICHG;
         irele(ip);
  out:
         ip->i_nlink--;
         ip->i_flag |= ICHG;
         irele(ip);
+done:
+       if (error)
+               u.u_error = error;
  }
  
  /*
  }
  
  /*
@@ -1139,6 +1200,8 @@ maknode(mode)
         ip->i_nlink = 1;
         ip->i_uid = u.u_uid;
         ip->i_gid = u.u_pdir->i_gid;
         ip->i_nlink = 1;
         ip->i_uid = u.u_uid;
         ip->i_gid = u.u_pdir->i_gid;
+       if (ip->i_mode & ISGID && !groupmember(ip->i_gid))
+               ip->i_mode &= ~ISGID;
  #ifdef QUOTA
         ip->i_dquot = inoquota(ip);
  #endif
  #ifdef QUOTA
         ip->i_dquot = inoquota(ip);
  #endif
@@ -1147,11 +1210,11 @@ maknode(mode)
          * Make sure inode goes to disk before directory entry.
          */
         iupdat(ip, &time, &time, 1);
          * Make sure inode goes to disk before directory entry.
          */
         iupdat(ip, &time, &time, 1);
-       direnter(ip);
+       u.u_error = direnter(ip);
         if (u.u_error) {
                 /*
         if (u.u_error) {
                 /*
-                * write error occurred trying to update directory
-                * so must deallocate the inode
+                * Write error occurred trying to update directory
+                * so must deallocate the inode.
                  */
                 ip->i_nlink = 0;
                 ip->i_flag |= ICHG;
                  */
                 ip->i_nlink = 0;
                 ip->i_flag |= ICHG;