audit_bsm_klib.c revision 181060
1155192Srwatson/* 2180701Srwatson * Copyright (c) 1999-2005 Apple Inc. 3155192Srwatson * Copyright (c) 2005 Robert N. M. Watson 4155192Srwatson * All rights reserved. 5155192Srwatson * 6155192Srwatson * Redistribution and use in source and binary forms, with or without 7155192Srwatson * modification, are permitted provided that the following conditions 8155192Srwatson * are met: 9155192Srwatson * 1. Redistributions of source code must retain the above copyright 10155192Srwatson * notice, this list of conditions and the following disclaimer. 11155192Srwatson * 2. Redistributions in binary form must reproduce the above copyright 12155192Srwatson * notice, this list of conditions and the following disclaimer in the 13155192Srwatson * documentation and/or other materials provided with the distribution. 14180701Srwatson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 15155192Srwatson * its contributors may be used to endorse or promote products derived 16155192Srwatson * from this software without specific prior written permission. 17155192Srwatson * 18155192Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 19155192Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20155192Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21155192Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 22155192Srwatson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23155192Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24155192Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25155192Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26155192Srwatson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27155192Srwatson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28155192Srwatson * POSSIBILITY OF SUCH DAMAGE. 29155192Srwatson */ 30155192Srwatson 31178186Srwatson#include <sys/cdefs.h> 32178186Srwatson__FBSDID("$FreeBSD: head/sys/security/audit/audit_bsm_klib.c 181060 2008-07-31 16:57:41Z csjp $"); 33178186Srwatson 34155192Srwatson#include <sys/param.h> 35155192Srwatson#include <sys/fcntl.h> 36155192Srwatson#include <sys/filedesc.h> 37155192Srwatson#include <sys/libkern.h> 38155192Srwatson#include <sys/malloc.h> 39155192Srwatson#include <sys/mount.h> 40155192Srwatson#include <sys/proc.h> 41155192Srwatson#include <sys/sem.h> 42181060Scsjp#include <sys/sbuf.h> 43155192Srwatson#include <sys/syscall.h> 44155192Srwatson#include <sys/sysctl.h> 45155192Srwatson#include <sys/sysent.h> 46155192Srwatson#include <sys/vnode.h> 47155192Srwatson 48155192Srwatson#include <bsm/audit.h> 49155192Srwatson#include <bsm/audit_kevents.h> 50155192Srwatson#include <security/audit/audit.h> 51155192Srwatson#include <security/audit/audit_private.h> 52155192Srwatson 53155192Srwatson/* 54155192Srwatson * Hash table functions for the audit event number to event class mask 55155192Srwatson * mapping. 56155192Srwatson */ 57180735Srwatson#define EVCLASSMAP_HASH_TABLE_SIZE 251 58155192Srwatsonstruct evclass_elem { 59155192Srwatson au_event_t event; 60155192Srwatson au_class_t class; 61155192Srwatson LIST_ENTRY(evclass_elem) entry; 62155192Srwatson}; 63155192Srwatsonstruct evclass_list { 64155192Srwatson LIST_HEAD(, evclass_elem) head; 65155192Srwatson}; 66155192Srwatson 67155192Srwatsonstatic MALLOC_DEFINE(M_AUDITEVCLASS, "audit_evclass", "Audit event class"); 68156889Srwatsonstatic struct mtx evclass_mtx; 69156889Srwatsonstatic struct evclass_list evclass_hash[EVCLASSMAP_HASH_TABLE_SIZE]; 70155192Srwatson 71155192Srwatson/* 72155192Srwatson * Look up the class for an audit event in the class mapping table. 73155192Srwatson */ 74155192Srwatsonau_class_t 75155192Srwatsonau_event_class(au_event_t event) 76155192Srwatson{ 77155192Srwatson struct evclass_list *evcl; 78155192Srwatson struct evclass_elem *evc; 79155192Srwatson au_class_t class; 80155192Srwatson 81155192Srwatson mtx_lock(&evclass_mtx); 82155192Srwatson evcl = &evclass_hash[event % EVCLASSMAP_HASH_TABLE_SIZE]; 83173142Srwatson class = 0; 84155192Srwatson LIST_FOREACH(evc, &evcl->head, entry) { 85155192Srwatson if (evc->event == event) { 86155192Srwatson class = evc->class; 87155192Srwatson goto out; 88155192Srwatson } 89155192Srwatson } 90155192Srwatsonout: 91155192Srwatson mtx_unlock(&evclass_mtx); 92155192Srwatson return (class); 93155192Srwatson} 94155192Srwatson 95156889Srwatson/* 96155192Srwatson * Insert a event to class mapping. If the event already exists in the 97155192Srwatson * mapping, then replace the mapping with the new one. 98156889Srwatson * 99155192Srwatson * XXX There is currently no constraints placed on the number of mappings. 100156889Srwatson * May want to either limit to a number, or in terms of memory usage. 101155192Srwatson */ 102155192Srwatsonvoid 103156889Srwatsonau_evclassmap_insert(au_event_t event, au_class_t class) 104155192Srwatson{ 105155192Srwatson struct evclass_list *evcl; 106155192Srwatson struct evclass_elem *evc, *evc_new; 107155192Srwatson 108155192Srwatson /* 109155192Srwatson * Pessimistically, always allocate storage before acquiring mutex. 110155192Srwatson * Free if there is already a mapping for this event. 111155192Srwatson */ 112155192Srwatson evc_new = malloc(sizeof(*evc), M_AUDITEVCLASS, M_WAITOK); 113155192Srwatson 114155192Srwatson mtx_lock(&evclass_mtx); 115155192Srwatson evcl = &evclass_hash[event % EVCLASSMAP_HASH_TABLE_SIZE]; 116155192Srwatson LIST_FOREACH(evc, &evcl->head, entry) { 117155192Srwatson if (evc->event == event) { 118155192Srwatson evc->class = class; 119155192Srwatson mtx_unlock(&evclass_mtx); 120155192Srwatson free(evc_new, M_AUDITEVCLASS); 121155192Srwatson return; 122155192Srwatson } 123155192Srwatson } 124155192Srwatson evc = evc_new; 125155192Srwatson evc->event = event; 126155192Srwatson evc->class = class; 127155192Srwatson LIST_INSERT_HEAD(&evcl->head, evc, entry); 128155192Srwatson mtx_unlock(&evclass_mtx); 129155192Srwatson} 130155192Srwatson 131155192Srwatsonvoid 132156889Srwatsonau_evclassmap_init(void) 133155192Srwatson{ 134155192Srwatson int i; 135155192Srwatson 136155192Srwatson mtx_init(&evclass_mtx, "evclass_mtx", NULL, MTX_DEF); 137155192Srwatson for (i = 0; i < EVCLASSMAP_HASH_TABLE_SIZE; i++) 138155192Srwatson LIST_INIT(&evclass_hash[i].head); 139155192Srwatson 140155192Srwatson /* 141155192Srwatson * Set up the initial event to class mapping for system calls. 142155192Srwatson * 143155192Srwatson * XXXRW: Really, this should walk all possible audit events, not all 144155192Srwatson * native ABI system calls, as there may be audit events reachable 145155192Srwatson * only through non-native system calls. It also seems a shame to 146155192Srwatson * frob the mutex this early. 147156889Srwatson */ 148155192Srwatson for (i = 0; i < SYS_MAXSYSCALL; i++) { 149155192Srwatson if (sysent[i].sy_auevent != AUE_NULL) 150173142Srwatson au_evclassmap_insert(sysent[i].sy_auevent, 0); 151155192Srwatson } 152155192Srwatson} 153155192Srwatson 154155192Srwatson/* 155155192Srwatson * Check whether an event is aditable by comparing the mask of classes this 156155192Srwatson * event is part of against the given mask. 157155192Srwatson */ 158155192Srwatsonint 159159269Srwatsonau_preselect(au_event_t event, au_class_t class, au_mask_t *mask_p, int sorf) 160155192Srwatson{ 161155192Srwatson au_class_t effmask = 0; 162155192Srwatson 163155192Srwatson if (mask_p == NULL) 164155192Srwatson return (-1); 165155192Srwatson 166156889Srwatson /* 167155192Srwatson * Perform the actual check of the masks against the event. 168155192Srwatson */ 169155192Srwatson if (sorf & AU_PRS_SUCCESS) 170159269Srwatson effmask |= (mask_p->am_success & class); 171156889Srwatson 172155192Srwatson if (sorf & AU_PRS_FAILURE) 173159269Srwatson effmask |= (mask_p->am_failure & class); 174156889Srwatson 175155192Srwatson if (effmask) 176155192Srwatson return (1); 177156889Srwatson else 178155192Srwatson return (0); 179155192Srwatson} 180155192Srwatson 181155192Srwatson/* 182156889Srwatson * Convert sysctl names and present arguments to events. 183155192Srwatson */ 184155192Srwatsonau_event_t 185176690Srwatsonaudit_ctlname_to_sysctlevent(int name[], uint64_t valid_arg) 186155192Srwatson{ 187155192Srwatson 188155192Srwatson /* can't parse it - so return the worst case */ 189156889Srwatson if ((valid_arg & (ARG_CTLNAME | ARG_LEN)) != (ARG_CTLNAME | ARG_LEN)) 190155192Srwatson return (AUE_SYSCTL); 191155192Srwatson 192155192Srwatson switch (name[0]) { 193155192Srwatson /* non-admin "lookups" treat them special */ 194155192Srwatson case KERN_OSTYPE: 195155192Srwatson case KERN_OSRELEASE: 196155192Srwatson case KERN_OSREV: 197155192Srwatson case KERN_VERSION: 198155192Srwatson case KERN_ARGMAX: 199155192Srwatson case KERN_CLOCKRATE: 200155192Srwatson case KERN_BOOTTIME: 201155192Srwatson case KERN_POSIX1: 202155192Srwatson case KERN_NGROUPS: 203155192Srwatson case KERN_JOB_CONTROL: 204155192Srwatson case KERN_SAVED_IDS: 205155192Srwatson case KERN_OSRELDATE: 206155192Srwatson case KERN_DUMMY: 207155192Srwatson return (AUE_SYSCTL_NONADMIN); 208155192Srwatson 209155192Srwatson /* only treat the changeable controls as admin */ 210155192Srwatson case KERN_MAXVNODES: 211155192Srwatson case KERN_MAXPROC: 212155192Srwatson case KERN_MAXFILES: 213155192Srwatson case KERN_MAXPROCPERUID: 214155192Srwatson case KERN_MAXFILESPERPROC: 215155192Srwatson case KERN_HOSTID: 216155192Srwatson case KERN_SECURELVL: 217155192Srwatson case KERN_HOSTNAME: 218155192Srwatson case KERN_VNODE: 219155192Srwatson case KERN_PROC: 220155192Srwatson case KERN_FILE: 221155192Srwatson case KERN_PROF: 222155192Srwatson case KERN_NISDOMAINNAME: 223155192Srwatson case KERN_UPDATEINTERVAL: 224155192Srwatson case KERN_NTP_PLL: 225155192Srwatson case KERN_BOOTFILE: 226155192Srwatson case KERN_DUMPDEV: 227155192Srwatson case KERN_IPC: 228155192Srwatson case KERN_PS_STRINGS: 229155192Srwatson case KERN_USRSTACK: 230155192Srwatson case KERN_LOGSIGEXIT: 231155192Srwatson case KERN_IOV_MAX: 232155192Srwatson case KERN_MAXID: 233155192Srwatson return ((valid_arg & ARG_VALUE) ? 234181053Srwatson AUE_SYSCTL : AUE_SYSCTL_NONADMIN); 235155192Srwatson 236155192Srwatson default: 237155192Srwatson return (AUE_SYSCTL); 238155192Srwatson } 239155192Srwatson /* NOTREACHED */ 240155192Srwatson} 241155192Srwatson 242155192Srwatson/* 243156889Srwatson * Convert an open flags specifier into a specific type of open event for 244155192Srwatson * auditing purposes. 245155192Srwatson */ 246155192Srwatsonau_event_t 247176690Srwatsonaudit_flags_and_error_to_openevent(int oflags, int error) 248156889Srwatson{ 249155192Srwatson au_event_t aevent; 250155192Srwatson 251156889Srwatson /* 252156889Srwatson * Need to check only those flags we care about. 253156889Srwatson */ 254155192Srwatson oflags = oflags & (O_RDONLY | O_CREAT | O_TRUNC | O_RDWR | O_WRONLY); 255155192Srwatson 256155192Srwatson /* 257155192Srwatson * These checks determine what flags are on with the condition that 258155192Srwatson * ONLY that combination is on, and no other flags are on. 259155192Srwatson */ 260155192Srwatson switch (oflags) { 261155192Srwatson case O_RDONLY: 262155192Srwatson aevent = AUE_OPEN_R; 263155192Srwatson break; 264155192Srwatson 265155192Srwatson case (O_RDONLY | O_CREAT): 266155192Srwatson aevent = AUE_OPEN_RC; 267155192Srwatson break; 268155192Srwatson 269155192Srwatson case (O_RDONLY | O_CREAT | O_TRUNC): 270155192Srwatson aevent = AUE_OPEN_RTC; 271155192Srwatson break; 272155192Srwatson 273155192Srwatson case (O_RDONLY | O_TRUNC): 274155192Srwatson aevent = AUE_OPEN_RT; 275155192Srwatson break; 276155192Srwatson 277155192Srwatson case O_RDWR: 278155192Srwatson aevent = AUE_OPEN_RW; 279155192Srwatson break; 280155192Srwatson 281155192Srwatson case (O_RDWR | O_CREAT): 282155192Srwatson aevent = AUE_OPEN_RWC; 283155192Srwatson break; 284155192Srwatson 285155192Srwatson case (O_RDWR | O_CREAT | O_TRUNC): 286155192Srwatson aevent = AUE_OPEN_RWTC; 287155192Srwatson break; 288155192Srwatson 289155192Srwatson case (O_RDWR | O_TRUNC): 290155192Srwatson aevent = AUE_OPEN_RWT; 291155192Srwatson break; 292155192Srwatson 293155192Srwatson case O_WRONLY: 294155192Srwatson aevent = AUE_OPEN_W; 295155192Srwatson break; 296155192Srwatson 297155192Srwatson case (O_WRONLY | O_CREAT): 298155192Srwatson aevent = AUE_OPEN_WC; 299155192Srwatson break; 300155192Srwatson 301155192Srwatson case (O_WRONLY | O_CREAT | O_TRUNC): 302155192Srwatson aevent = AUE_OPEN_WTC; 303155192Srwatson break; 304155192Srwatson 305155192Srwatson case (O_WRONLY | O_TRUNC): 306155192Srwatson aevent = AUE_OPEN_WT; 307155192Srwatson break; 308155192Srwatson 309155192Srwatson default: 310155192Srwatson aevent = AUE_OPEN; 311155192Srwatson break; 312155192Srwatson } 313155192Srwatson 314155192Srwatson#if 0 315156889Srwatson /* 316170196Srwatson * Convert chatty errors to better matching events. Failures to 317170196Srwatson * find a file are really just attribute events -- so recast them as 318170196Srwatson * such. 319155192Srwatson * 320155192Srwatson * XXXAUDIT: Solaris defines that AUE_OPEN will never be returned, it 321155192Srwatson * is just a placeholder. However, in Darwin we return that in 322155192Srwatson * preference to other events. For now, comment this out as we don't 323155192Srwatson * have a BSM conversion routine for AUE_OPEN. 324155192Srwatson */ 325155192Srwatson switch (aevent) { 326155192Srwatson case AUE_OPEN_R: 327155192Srwatson case AUE_OPEN_RT: 328155192Srwatson case AUE_OPEN_RW: 329155192Srwatson case AUE_OPEN_RWT: 330155192Srwatson case AUE_OPEN_W: 331155192Srwatson case AUE_OPEN_WT: 332155192Srwatson if (error == ENOENT) 333155192Srwatson aevent = AUE_OPEN; 334155192Srwatson } 335155192Srwatson#endif 336155192Srwatson return (aevent); 337155192Srwatson} 338155192Srwatson 339155192Srwatson/* 340155192Srwatson * Convert a MSGCTL command to a specific event. 341155192Srwatson */ 342155192Srwatsonint 343176565Srwatsonaudit_msgctl_to_event(int cmd) 344155192Srwatson{ 345155192Srwatson 346155192Srwatson switch (cmd) { 347155192Srwatson case IPC_RMID: 348155192Srwatson return (AUE_MSGCTL_RMID); 349155192Srwatson 350155192Srwatson case IPC_SET: 351155192Srwatson return (AUE_MSGCTL_SET); 352155192Srwatson 353155192Srwatson case IPC_STAT: 354155192Srwatson return (AUE_MSGCTL_STAT); 355155192Srwatson 356155192Srwatson default: 357170196Srwatson /* We will audit a bad command. */ 358155192Srwatson return (AUE_MSGCTL); 359155192Srwatson } 360155192Srwatson} 361155192Srwatson 362155192Srwatson/* 363155192Srwatson * Convert a SEMCTL command to a specific event. 364155192Srwatson */ 365155192Srwatsonint 366176565Srwatsonaudit_semctl_to_event(int cmd) 367155192Srwatson{ 368155192Srwatson 369155192Srwatson switch (cmd) { 370155192Srwatson case GETALL: 371155192Srwatson return (AUE_SEMCTL_GETALL); 372155192Srwatson 373155192Srwatson case GETNCNT: 374155192Srwatson return (AUE_SEMCTL_GETNCNT); 375155192Srwatson 376155192Srwatson case GETPID: 377155192Srwatson return (AUE_SEMCTL_GETPID); 378155192Srwatson 379155192Srwatson case GETVAL: 380155192Srwatson return (AUE_SEMCTL_GETVAL); 381155192Srwatson 382155192Srwatson case GETZCNT: 383155192Srwatson return (AUE_SEMCTL_GETZCNT); 384155192Srwatson 385155192Srwatson case IPC_RMID: 386155192Srwatson return (AUE_SEMCTL_RMID); 387155192Srwatson 388155192Srwatson case IPC_SET: 389155192Srwatson return (AUE_SEMCTL_SET); 390155192Srwatson 391155192Srwatson case SETALL: 392155192Srwatson return (AUE_SEMCTL_SETALL); 393155192Srwatson 394155192Srwatson case SETVAL: 395155192Srwatson return (AUE_SEMCTL_SETVAL); 396155192Srwatson 397155192Srwatson case IPC_STAT: 398155192Srwatson return (AUE_SEMCTL_STAT); 399155192Srwatson 400155192Srwatson default: 401181053Srwatson /* We will audit a bad command. */ 402155192Srwatson return (AUE_SEMCTL); 403155192Srwatson } 404155192Srwatson} 405155192Srwatson 406155192Srwatson/* 407155192Srwatson * Convert a command for the auditon() system call to a audit event. 408155192Srwatson */ 409155192Srwatsonint 410155192Srwatsonauditon_command_event(int cmd) 411155192Srwatson{ 412155192Srwatson 413155192Srwatson switch(cmd) { 414155192Srwatson case A_GETPOLICY: 415155192Srwatson return (AUE_AUDITON_GPOLICY); 416155192Srwatson 417155192Srwatson case A_SETPOLICY: 418155192Srwatson return (AUE_AUDITON_SPOLICY); 419155192Srwatson 420155192Srwatson case A_GETKMASK: 421155192Srwatson return (AUE_AUDITON_GETKMASK); 422155192Srwatson 423155192Srwatson case A_SETKMASK: 424155192Srwatson return (AUE_AUDITON_SETKMASK); 425155192Srwatson 426155192Srwatson case A_GETQCTRL: 427155192Srwatson return (AUE_AUDITON_GQCTRL); 428155192Srwatson 429155192Srwatson case A_SETQCTRL: 430155192Srwatson return (AUE_AUDITON_SQCTRL); 431155192Srwatson 432155192Srwatson case A_GETCWD: 433155192Srwatson return (AUE_AUDITON_GETCWD); 434155192Srwatson 435155192Srwatson case A_GETCAR: 436155192Srwatson return (AUE_AUDITON_GETCAR); 437155192Srwatson 438155192Srwatson case A_GETSTAT: 439155192Srwatson return (AUE_AUDITON_GETSTAT); 440155192Srwatson 441155192Srwatson case A_SETSTAT: 442155192Srwatson return (AUE_AUDITON_SETSTAT); 443155192Srwatson 444155192Srwatson case A_SETUMASK: 445155192Srwatson return (AUE_AUDITON_SETUMASK); 446155192Srwatson 447155192Srwatson case A_SETSMASK: 448155192Srwatson return (AUE_AUDITON_SETSMASK); 449155192Srwatson 450155192Srwatson case A_GETCOND: 451155192Srwatson return (AUE_AUDITON_GETCOND); 452155192Srwatson 453155192Srwatson case A_SETCOND: 454155192Srwatson return (AUE_AUDITON_SETCOND); 455155192Srwatson 456155192Srwatson case A_GETCLASS: 457155192Srwatson return (AUE_AUDITON_GETCLASS); 458155192Srwatson 459155192Srwatson case A_SETCLASS: 460155192Srwatson return (AUE_AUDITON_SETCLASS); 461155192Srwatson 462155192Srwatson case A_GETPINFO: 463155192Srwatson case A_SETPMASK: 464155192Srwatson case A_SETFSIZE: 465155192Srwatson case A_GETFSIZE: 466155192Srwatson case A_GETPINFO_ADDR: 467155192Srwatson case A_GETKAUDIT: 468155192Srwatson case A_SETKAUDIT: 469155192Srwatson default: 470155192Srwatson return (AUE_AUDITON); /* No special record */ 471155192Srwatson } 472155192Srwatson} 473155192Srwatson 474156889Srwatson/* 475156889Srwatson * Create a canonical path from given path by prefixing either the root 476156889Srwatson * directory, or the current working directory. If the process working 477170196Srwatson * directory is NULL, we could use 'rootvnode' to obtain the root directory, 478156889Srwatson * but this results in a volfs name written to the audit log. So we will 479156889Srwatson * leave the filename starting with '/' in the audit log in this case. 480155192Srwatson */ 481155192Srwatsonvoid 482176565Srwatsonaudit_canon_path(struct thread *td, char *path, char *cpath) 483155192Srwatson{ 484181060Scsjp struct vnode *cvnp, *rvnp; 485181060Scsjp char *rbuf, *fbuf, *copy; 486155192Srwatson struct filedesc *fdp; 487181060Scsjp struct sbuf sbf; 488181060Scsjp int error, cwir, locked; 489155192Srwatson 490181060Scsjp WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "%s: at %s:%d", 491181060Scsjp __func__, __FILE__, __LINE__); 492165621Srwatson 493181060Scsjp copy = path; 494181060Scsjp rvnp = cvnp = NULL; 495155192Srwatson fdp = td->td_proc->p_fd; 496168355Srwatson FILEDESC_SLOCK(fdp); 497181060Scsjp /* 498181060Scsjp * Make sure that we handle the chroot(2) case. If there is an 499181060Scsjp * alternate root directory, prepend it to the audited pathname. 500181060Scsjp */ 501181060Scsjp if (fdp->fd_rdir != NULL && fdp->fd_rdir != rootvnode) { 502181060Scsjp rvnp = fdp->fd_rdir; 503181060Scsjp vhold(rvnp); 504155192Srwatson } 505181060Scsjp /* 506181060Scsjp * If the supplied path is relative, make sure we capture the current 507181060Scsjp * working directory so we can prepend it to the supplied relative 508181060Scsjp * path. 509181060Scsjp */ 510181060Scsjp if (*path != '/') { 511181060Scsjp cvnp = fdp->fd_cdir; 512181060Scsjp vhold(cvnp); 513181060Scsjp } 514181060Scsjp cwir = (fdp->fd_rdir == fdp->fd_cdir); 515168355Srwatson FILEDESC_SUNLOCK(fdp); 516181060Scsjp /* 517181060Scsjp * NB: We require that the supplied array be at least MAXPATHLEN bytes 518181060Scsjp * long. If this is not the case, then we can run into serious trouble. 519181060Scsjp */ 520181060Scsjp (void) sbuf_new(&sbf, cpath, MAXPATHLEN, SBUF_FIXEDLEN); 521181060Scsjp /* 522181060Scsjp * Strip leading forward slashes. 523181060Scsjp */ 524181060Scsjp while (*copy == '/') 525181060Scsjp copy++; 526181060Scsjp /* 527181060Scsjp * Make sure we handle chroot(2) and prepend the global path to these 528181060Scsjp * environments. 529181060Scsjp * 530181060Scsjp * NB: vn_fullpath(9) on FreeBSD is less reliable than vn_getpath(9) 531181060Scsjp * on Darwin. As a result, this may need some additional attention 532181060Scsjp * in the future. 533181060Scsjp */ 534181060Scsjp if (rvnp != NULL) { 535155192Srwatson /* 536181060Scsjp * Although unlikely, it is possible for filesystems to define 537181060Scsjp * their own VOP_LOCK, so strictly speaking, we need to 538181060Scsjp * conditionally pickup Giant around calls to vn_lock(9) 539155192Srwatson */ 540181060Scsjp locked = VFS_LOCK_GIANT(rvnp->v_mount); 541181060Scsjp vn_lock(rvnp, LK_EXCLUSIVE | LK_RETRY); 542181060Scsjp vdrop(rvnp); 543181060Scsjp error = vn_fullpath_global(td, rvnp, &rbuf, &fbuf); 544181060Scsjp VOP_UNLOCK(rvnp, 0); 545181060Scsjp VFS_UNLOCK_GIANT(locked); 546181060Scsjp if (error) { 547155192Srwatson cpath[0] = '\0'; 548181060Scsjp if (cvnp != NULL) 549181060Scsjp vdrop(cvnp); 550181060Scsjp return; 551181060Scsjp } 552181060Scsjp (void) sbuf_cat(&sbf, rbuf); 553181060Scsjp free(fbuf, M_TEMP); 554181060Scsjp } 555181060Scsjp if (cvnp != NULL) { 556181060Scsjp locked = VFS_LOCK_GIANT(cvnp->v_mount); 557181060Scsjp vn_lock(cvnp, LK_EXCLUSIVE | LK_RETRY); 558181060Scsjp vdrop(cvnp); 559181060Scsjp error = vn_fullpath(td, cvnp, &rbuf, &fbuf); 560181060Scsjp VOP_UNLOCK(cvnp, 0); 561181060Scsjp VFS_UNLOCK_GIANT(locked); 562181060Scsjp if (error) { 563181060Scsjp cpath[0] = '\0'; 564181060Scsjp return; 565181060Scsjp } 566181060Scsjp (void) sbuf_cat(&sbf, rbuf); 567181060Scsjp free(fbuf, M_TEMP); 568181060Scsjp } 569181060Scsjp if (cwir == 0 || (cwir != 0 && cvnp == NULL)) 570181060Scsjp (void) sbuf_cat(&sbf, "/"); 571181060Scsjp /* 572181060Scsjp * Now that we have processed any alternate root and relative path 573181060Scsjp * names, add the supplied pathname. 574181060Scsjp */ 575181060Scsjp (void) sbuf_cat(&sbf, copy); 576181060Scsjp /* 577181060Scsjp * One or more of the previous sbuf operations could have resulted in 578181060Scsjp * the supplied buffer being overflowed. Check to see if this is the 579181060Scsjp * case. 580181060Scsjp */ 581181060Scsjp if (sbuf_overflowed(&sbf) != 0) { 582181060Scsjp cpath[0] = '\0'; 583181060Scsjp return; 584181060Scsjp } 585181060Scsjp sbuf_finish(&sbf); 586155192Srwatson} 587