- 论坛徽章:
- 0
|
/********************************************
*Created By: 陶治江
*Date: 2009年5月3日21:35:49
********************************************/
#include
#include
#include
#include
#include
#include
#include
//获得权限的宏,例如
//"\000\004\002\006";事实上是一个匿名常量字符串或(常量字符数组)
//cout
/*
* In order to reduce some races, while at the same time doing additional
* checking and hopefully speeding things up, we copy filenames to the
* kernel data space before using them..
*
* POSIX.1 2.4: an empty pathname is invalid (ENOENT).
*/
//将filename处的用户空间的文件名拷贝到result内核空间中
//文件名最多只能占一个页面大小
int getname(const char * filename, char **result)
{
int error;
unsigned long i, page;
char * tmp, c;
i = (unsigned long) filename;
if (!i || i >= TASK_SIZE) //TASK_SIZE=0xc0000000,表示filename地址应该是用户空间的地址
return -EFAULT;
i = TASK_SIZE - i;
error = -EFAULT;
if (i > PAGE_SIZE) {
i = PAGE_SIZE;
error = -ENAMETOOLONG;
}
c = get_fs_byte(filename++);
if (!c) //POSIX.1 2.4: an empty pathname is invalid (ENOENT)
return -ENOENT;
if(!(page = __get_free_page(GFP_KERNEL)))
return -ENOMEM;
*result = tmp = (char *) page;
while (--i) {
*(tmp++) = c;
c = get_fs_byte(filename++); //检测文件名'\0'结束
if (!c) {
*tmp = '\0';
return 0;
}
}
free_page(page);
return error;
}
void putname(char * name)
{
free_page((unsigned long) name);
}
//权限的检查,可见权限检查的检查操作也可以被封装到了底层了
//返回1表示OK
int permission(struct inode * inode,int mask)
{
int mode = inode->i_mode;
if (inode->i_op && inode->i_op->permission)
return inode->i_op->permission(inode, mask);
//表示节点结构中没有权限检查操作,下面进行常规的实现
else if (current->euid == inode->i_uid) /*当前进程用户就是节点的拥有者*/
mode >>= 6;
else if (in_group_p(inode->i_gid))
mode >>= 3;
/*表明mode&0007操作的结果能够提供mask操作,成功了*/
if (((mode & mask & 0007) == mask) || suser())
return 1;
return 0;
}
/*
* lookup() looks up one part of a pathname, using the fs-dependent
* routines (currently minix_lookup) for it. It also checks for
* fathers (pseudo-roots, mount-points)
*/
int lookup(struct inode * dir,const char * name, int len,
struct inode ** result)
{
struct super_block * sb;
int perm;
*result = NULL;
if (!dir)
return -ENOENT;
/* check permissions before traversing mount-points */
perm = permission(dir,MAY_EXEC); //这里告诉我们目录的遍历查找需要执行的权限!!
/* -bash-3.00$ pwd
/home/f/o/taozhijiang/mydocument
-bash-3.00$ cd /home/f/o/taozhijiang/mydocument/..
-bash-3.00$ pwd
/home/f/o/taozhijiang
*/
if (len==2 && name[0] == '.' && name[1] == '.') { /*'..',查找父目录*/
if (dir == current->root) { /*如果已经是根设备了,就返回根设备*/
*result = dir;
return 0;
} else if ((sb = dir->i_sb) && (dir == sb->s_mounted)) {
sb = dir->i_sb; //why special for ..???
iput(dir);
dir = sb->s_covered;
if (!dir)
return -ENOENT;
dir->i_count++;
}
}
if (!dir->i_op || !dir->i_op->lookup) {
iput(dir);
return -ENOTDIR;
}
if (!perm) {
iput(dir);
return -EACCES;
}
if (!len) { // '/usr/'这类了
*result = dir;
return 0;
}
return dir->i_op->lookup(dir,name,len,result);
}
int follow_link(struct inode * dir, struct inode * inode,
int flag, int mode, struct inode ** res_inode)
{
if (!dir || !inode) {
iput(dir);
iput(inode);
*res_inode = NULL;
return -ENOENT;
}
if (!inode->i_op || !inode->i_op->follow_link) {
iput(dir);
*res_inode = inode;
return 0;
}
return inode->i_op->follow_link(dir,inode,flag,mode,res_inode);
}
/////
//这个文件中理解dir_namei namei的区别是很重要的
//dir_namei返回的是最底层的"目录"的节点信息,而其他的
//参数输出是该目录下的文件信息,而namei就是最底层的文件的信息了
////
//下面是论坛中的解释
/*
那么比如说 有一个pathname为 abc/def/ghi/jk
dir_namei返回的是ghi节点,文件名jk(不管jk是目录还是文件)和jk的长度.
namei 返回的是jk节点*/
/*
* dir_namei()
*
* dir_namei() returns the inode of the directory of the
* specified name, and the name within that directory.
*/
//返回指定目录的inode,并且返回该目录下的文件的长度和名字,而
//不管这个文件的类型(当然'/usr/')这样的路径参数就需要注意了!
static int dir_namei(const char * pathname, int * namelen, const char ** name,
struct inode * base, struct inode ** res_inode)
{
char c;
const char * thisname;
int len,error;
struct inode * inode;
*res_inode = NULL;
if (!base) {
base = current->pwd;
base->i_count++;
}
if ((c = *pathname) == '/') { //从根目录开始遍寻
iput(base);
base = current->root;
pathname++; //移过 /
base->i_count++;
}
while (1)
{
thisname = pathname; //提取单个目录名
for(len=0;(c = *(pathname++))&&(c != '/');len++)
/* nothing */ ;
if (!c) //此时len和pathname(thisname)的数据在参数返回
break;
base->i_count++;
error = lookup(base,thisname,len,&inode);
if (error) {
iput(base);
return error;
}
//估计的作用就是更新base节点
error = follow_link(base,inode,0,0,&base);
if (error)
return error;
}
if (!base->i_op || !base->i_op->lookup) {
iput(base);
return -ENOTDIR;
}
*name = thisname;
*namelen = len;
*res_inode = base;
return 0;
}
static int _namei(const char * pathname, struct inode * base,
int follow_links, struct inode ** res_inode)
{
const char * basename;
int namelen,error;
struct inode * inode;
*res_inode = NULL;
error = dir_namei(pathname,&namelen,&basename,base,&base);
if (error)
return error;
base->i_count++; /* lookup uses up base */
error = lookup(base,basename,namelen,&inode);
if (error) {
iput(base);
return error;
}
if (follow_links) {
error = follow_link(base,inode,0,0,&inode);
if (error)
return error;
} else
iput(base);
*res_inode = inode;
return 0;
}
//区别就是follow_link标志了
int lnamei(const char * pathname, struct inode ** res_inode)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
error = _namei(tmp,NULL,0,res_inode);
putname(tmp); //free_page释放空间
}
return error;
}
/*
* namei()
*
* is used by most simple commands to get the inode of a specified name.
* Open, link etc use their own routines, but this is enough for things
* like 'chmod' etc.
*/
//follow a pathname until a terminal point is found
int namei(const char * pathname, struct inode ** res_inode)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
error = _namei(tmp,NULL,1,res_inode);
putname(tmp);
}
return error;
}
/*
* open_namei()
*
* namei for open - this is in fact almost the whole open-routine.
*
* Note that the low bits of "flag" aren't the same as in the open
* system call - they are 00 - no permissions needed
* 01 - read permission needed
* 10 - write permission needed
* 11 - read/write permissions needed
* which is a lot more logical, and also allows the "no perm" needed
* for symlinks (where the permissions are checked later).
*/
int open_namei(const char * pathname, int flag, int mode,
struct inode ** res_inode, struct inode * base)
{
const char * basename;
int namelen,error;
struct inode * dir, *inode;
struct task_struct ** p;
mode &= S_IALLUGO & ~current->umask;
mode |= S_IFREG; //Regular file
error = dir_namei(pathname,&namelen,&basename,base,&dir);
if (error)
return error;
if (!namelen) { /* special case: '/usr/' etc */
if (flag & 2) { //要检查写权限?
iput(dir);
return -EISDIR;
}
/* thanks to Paul Pluzhnikov for noticing this was missing.. */
if (!permission(dir,ACC_MODE(flag))) {
iput(dir);
return -EACCES;
}
*res_inode=dir;
return 0;
}
dir->i_count++; /* lookup eats the dir */
//是否创建
if (flag & O_CREAT) {
down(&dir->i_sem);
error = lookup(dir,basename,namelen,&inode);
if (!error) { //原来的文件存在
if (flag & O_EXCL) { //在创建文件时把它设置为独占(O_EXCL)模式
//(O_EXCL模式在文件已存在的情况下通常会失败)
//或许已经存在就不创建了吧
iput(inode);
error = -EEXIST;
}
} else if (!permission(dir,MAY_WRITE | MAY_EXEC))
error = -EACCES;
else if (!dir->i_op || !dir->i_op->create)
error = -EACCES;
else if (IS_RDONLY(dir))
error = -EROFS;
else {
dir->i_count++; /* create eats the dir */
error = dir->i_op->create(dir,basename,namelen,mode,res_inode);
up(&dir->i_sem);
iput(dir);
return error;
}
up(&dir->i_sem);
} else //不创建
error = lookup(dir,basename,namelen,&inode);
if (error) {
iput(dir);
return error;
}
error = follow_link(dir,inode,flag,mode,&inode);
if (error)
return error;
if (S_ISDIR(inode->i_mode) && (flag & 2)) { //当pathname指向的是目录时候,是不允许写的
iput(inode);
return -EISDIR;
}
if (!permission(inode,ACC_MODE(flag))) {
iput(inode);
return -EACCES;
}
if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
if (IS_NODEV(inode)) { //device special file
iput(inode);
return -EACCES;
}
} else {
if (IS_RDONLY(inode) && (flag & 2)) {
iput(inode);
return -EROFS;
}
}
if ((inode->i_count > 1) && (flag & 2)) {
for (p = &LAST_TASK ; p > &FIRST_TASK ; --p)
{
struct vm_area_struct * mpnt;
if (!*p)
continue;
// pathname refers to an executable image which is currently being
// executed and write access was requested.
if (inode == (*p)->executable) { //被执行的镜像
iput(inode);
return -ETXTBSY;
}
for(mpnt = (*p)->mmap; mpnt; mpnt = mpnt->vm_next) {
if (mpnt->vm_page_prot & PAGE_RW) //可写
continue;
//不可写的内存
if (inode == mpnt->vm_inode) {
iput(inode);
return -ETXTBSY;
}
}
}
}
if (flag & O_TRUNC) {
inode->i_size = 0; //截断文件
if (inode->i_op && inode->i_op->truncate)
inode->i_op->truncate(inode);
if ((error = notify_change(NOTIFY_SIZE, inode))) {
iput(inode);
return error;
}
inode->i_dirt = 1;
}
*res_inode = inode;
return 0;
}
int do_mknod(const char * filename, int mode, dev_t dev)
{
const char * basename;
int namelen, error;
struct inode * dir;
mode &= ~current->umask;
error = dir_namei(filename,&namelen,&basename, NULL, &dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if (!permission(dir,MAY_WRITE | MAY_EXEC)) { //目录的写和执行权限
iput(dir);
return -EACCES;
}
if (!dir->i_op || !dir->i_op->mknod) {
iput(dir);
return -EPERM;
}
//原子操作,信号量,目前不是很懂
//POSIX有信号量,SysV IPC有信号量,核内也有信号量,接口很简单,一个down(),一个up(),
//分别对应P操作和V操作,down()调用可能引起线程挂起,因此和sleep_on类似,
//也有interruptible系列接口。down意味着信号量减1,up意味着信号量加1,这两个操作显然需要互斥
down(&dir->i_sem);
error = dir->i_op->mknod(dir,basename,namelen,mode,dev);
up(&dir->i_sem);
return error;
}
//mknod makes a directory entry for a special file
//一般是为字符设备,块设备或者是管道进行创建的
asmlinkage int sys_mknod(const char * filename, int mode, dev_t dev)
{
int error;
char * tmp;
if (S_ISDIR(mode) || (!S_ISFIFO(mode) && !suser())) //不能是目录
return -EPERM;
switch (mode & S_IFMT) { //文件类型掩码,下面进行检验,可见S_IFREG常规文件标志是必须得
case 0:
mode |= S_IFREG;
break;
case S_IFREG: case S_IFCHR: case S_IFBLK: case S_IFIFO:
break;
default:
return -EINVAL;
}
error = getname(filename,&tmp);
if (!error) {
error = do_mknod(tmp,mode,dev);
putname(tmp);
}
return error;
}
static int do_mkdir(const char * pathname, int mode)
{
const char * basename;
int namelen, error;
struct inode * dir;
error = dir_namei(pathname,&namelen,&basename,NULL,&dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if (!permission(dir,MAY_WRITE | MAY_EXEC)) { //记住,创建目录就需要有目录的写和执行权限
iput(dir);
return -EACCES;
}
if (!dir->i_op || !dir->i_op->mkdir) {
iput(dir);
return -EPERM;
}
down(&dir->i_sem);
error = dir->i_op->mkdir(dir,basename,namelen,mode);
up(&dir->i_sem);
return error;
}
asmlinkage int sys_mkdir(const char * pathname, int mode)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
error = do_mkdir(tmp,mode);
putname(tmp);
}
return error;
}
static int do_rmdir(const char * name)
{
const char * basename;
int namelen, error;
struct inode * dir;
error = dir_namei(name,&namelen,&basename,NULL,&dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if (!permission(dir,MAY_WRITE | MAY_EXEC)) {
iput(dir);
return -EACCES;
}
if (!dir->i_op || !dir->i_op->rmdir) {
iput(dir);
return -EPERM;
}
return dir->i_op->rmdir(dir,basename,namelen);
}
asmlinkage int sys_rmdir(const char * pathname)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
error = do_rmdir(tmp);
putname(tmp);
}
return error;
}
static int do_unlink(const char * name)
{
const char * basename;
int namelen, error;
struct inode * dir;
error = dir_namei(name,&namelen,&basename,NULL,&dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -EPERM;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if (!permission(dir,MAY_WRITE | MAY_EXEC)) {
iput(dir);
return -EACCES;
}
if (!dir->i_op || !dir->i_op->unlink) {
iput(dir);
return -EPERM;
}
return dir->i_op->unlink(dir,basename,namelen);
}
asmlinkage int sys_unlink(const char * pathname)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
error = do_unlink(tmp);
putname(tmp);
}
return error;
}
//符号连接(软连接)
static int do_symlink(const char * oldname, const char * newname)
{
struct inode * dir;
const char * basename;
int namelen, error;
error = dir_namei(newname,&namelen,&basename,NULL,&dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if (!permission(dir,MAY_WRITE | MAY_EXEC)) {
iput(dir);
return -EACCES;
}
if (!dir->i_op || !dir->i_op->symlink) {
iput(dir);
return -EPERM;
}
down(&dir->i_sem);
error = dir->i_op->symlink(dir,basename,namelen,oldname);
up(&dir->i_sem);
return error;
}
asmlinkage int sys_symlink(const char * oldname, const char * newname)
{
int error;
char * from, * to;
//原目录和目的目录都要能被索引到
error = getname(oldname,&from);
if (!error) {
error = getname(newname,&to);
if (!error) {
error = do_symlink(from,to);
putname(to);
}
putname(from);
}
return error;
}
//硬链接
static int do_link(struct inode * oldinode, const char * newname)
{
struct inode * dir;
const char * basename;
int namelen, error;
error = dir_namei(newname,&namelen,&basename,NULL,&dir);
if (error) {
iput(oldinode);
return error;
}
if (!namelen) {
iput(oldinode);
iput(dir);
return -EPERM;
}
if (IS_RDONLY(dir)) {
iput(oldinode);
iput(dir);
return -EROFS;
}
//呃,硬链接的限制了,同一个设备(文件系统?)
if (dir->i_dev != oldinode->i_dev) {
iput(dir);
iput(oldinode);
return -EXDEV;
}
if (!permission(dir,MAY_WRITE | MAY_EXEC)) {
iput(dir);
iput(oldinode);
return -EACCES;
}
if (!dir->i_op || !dir->i_op->link) {
iput(dir);
iput(oldinode);
return -EPERM;
}
down(&dir->i_sem);
error = dir->i_op->link(oldinode, dir, basename, namelen);
up(&dir->i_sem);
return error;
}
asmlinkage int sys_link(const char * oldname, const char * newname)
{
int error;
char * to;
struct inode * oldinode;
error = namei(oldname, &oldinode);
if (error)
return error;
error = getname(newname,&to);
if (error) {
iput(oldinode);
return error;
}
error = do_link(oldinode,to);
putname(to);
return error;
}
static int do_rename(const char * oldname, const char * newname)
{
struct inode * old_dir, * new_dir;
const char * old_base, * new_base;
int old_len, new_len, error;
error = dir_namei(oldname,&old_len,&old_base,NULL,&old_dir);
if (error)
return error;
if (!permission(old_dir,MAY_WRITE | MAY_EXEC)) {
iput(old_dir);
return -EACCES;
}
//特殊的,就是. 和 .. 不能被重新命令的
if (!old_len || (old_base[0] == '.' &&
(old_len == 1 || (old_base[1] == '.' &&
old_len == 2)))) {
iput(old_dir);
return -EPERM;
}
error = dir_namei(newname,&new_len,&new_base,NULL,&new_dir);
if (error) {
iput(old_dir);
return error;
}
if (!permission(new_dir,MAY_WRITE | MAY_EXEC)) {
iput(old_dir);
iput(new_dir);
return -EACCES;
}
if (!new_len || (new_base[0] == '.' &&
(new_len == 1 || (new_base[1] == '.' &&
new_len == 2)))) {
iput(old_dir);
iput(new_dir);
return -EPERM;
}
if (new_dir->i_dev != old_dir->i_dev) { //这个是肯定的
iput(old_dir);
iput(new_dir);
return -EXDEV;
}
if (IS_RDONLY(new_dir) || IS_RDONLY(old_dir)) {
iput(old_dir);
iput(new_dir);
return -EROFS;
}
if (!old_dir->i_op || !old_dir->i_op->rename) {
iput(old_dir);
iput(new_dir);
return -EPERM;
}
down(&new_dir->i_sem); //调用原先节点的rename函数
error = old_dir->i_op->rename(old_dir, old_base, old_len,
new_dir, new_base, new_len);
up(&new_dir->i_sem);
return error;
}
asmlinkage int sys_rename(const char * oldname, const char * newname)
{
int error;
char * from, * to;
error = getname(oldname,&from);
if (!error) {
error = getname(newname,&to);
if (!error) {
error = do_rename(from,to);
putname(to);
}
putname(from);
}
return error;
}
文档地址:
http://blogimg.chinaunix.net/blog/upfile2/090503233213.pdf
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/90306/showart_1921144.html |
|
免费注册
发表于 2009-05-07 13:26