[thirdparty/glibc.git] / hurd / lookup-retry.c

/* hairy bits of Hurd file name lookup
   Copyright (C) 1992-2019 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

#include <hurd.h>
#include <hurd/lookup.h>
#include <hurd/term.h>
#include <hurd/paths.h>
#include <limits.h>
#include <fcntl.h>
#include <string.h>
#include <_itoa.h>
#include <eloop-threshold.h>
#include <unistd.h>

/* Translate the error from dir_lookup into the error the user sees.  */
static inline error_t
lookup_error (error_t error)
{
  switch (error)
    {
    case EOPNOTSUPP:
    case MIG_BAD_ID:
      /* These indicate that the server does not understand dir_lookup
	 at all.  If it were a directory, it would, by definition.  */
      return ENOTDIR;
    default:
      return error;
    }
}

error_t
__hurd_file_name_lookup_retry (error_t (*use_init_port)
				 (int which, error_t (*operate) (file_t)),
			       file_t (*get_dtable_port) (int fd),
			       error_t (*lookup)
				 (file_t dir, const char *name,
				  int flags, mode_t mode,
				  retry_type *do_retry, string_t retry_name,
				  mach_port_t *result),
			       enum retry_type doretry,
			       char retryname[1024],
			       int flags, mode_t mode,
			       file_t *result)
{
  error_t err;
  char *file_name;
  int nloops;
  file_t lastdir = MACH_PORT_NULL;

  error_t lookup_op (file_t startdir)
    {
      if (file_name[0] == '/' && file_name[1] != '\0')
	{
	  while (file_name[1] == '/')
	    /* Remove double leading slash.  */
	    file_name++;
	  if (file_name[1] != '\0')
	    /* Remove leading slash when we have more than the slash.  */
	    file_name++;
	}

      return lookup_error ((*lookup) (startdir, file_name, flags, mode,
				      &doretry, retryname, result));
    }
  error_t reauthenticate (file_t unauth)
    {
      error_t err;
      mach_port_t ref = __mach_reply_port ();
      error_t reauth (auth_t auth)
	{
	  return __auth_user_authenticate (auth, ref,
					   MACH_MSG_TYPE_MAKE_SEND,
					   result);
	}
      err = __io_reauthenticate (unauth, ref, MACH_MSG_TYPE_MAKE_SEND);
      if (! err)
	err = (*use_init_port) (INIT_PORT_AUTH, &reauth);
      __mach_port_destroy (__mach_task_self (), ref);
      __mach_port_deallocate (__mach_task_self (), unauth);
      return err;
    }

  if (! lookup)
    lookup = __dir_lookup;

  nloops = 0;
  err = 0;
  do
    {
      file_t startdir = MACH_PORT_NULL;
      int dirport = INIT_PORT_CWDIR;

      switch (doretry)
	{
	case FS_RETRY_REAUTH:
	  if (err = reauthenticate (*result))
	    goto out;
	  /* Fall through.  */

	case FS_RETRY_NORMAL:
	  if (nloops++ >= __eloop_threshold ())
	    {
	      __mach_port_deallocate (__mach_task_self (), *result);
	      err = ELOOP;
	      goto out;
	    }

	  /* An empty RETRYNAME indicates we have the final port.  */
	  if (retryname[0] == '\0'
	      /* If reauth'd, we must do one more retry on "" to give the new
		 translator a chance to make a new port for us.  */
	      && doretry == FS_RETRY_NORMAL)
	    {
	      if (flags & O_NOFOLLOW)
		{
		  /* In Linux, O_NOFOLLOW means to reject symlinks.  If we
		     did an O_NOLINK lookup above and io_stat here to check
		     for S_IFLNK only, a translator like firmlink could easily
		     spoof this check by not showing S_IFLNK, but in fact
		     redirecting the lookup to some other name
		     (i.e. opening the very same holes a symlink would).

		     Instead we do an O_NOTRANS lookup above, and stat the
		     underlying node: if it has a translator set, and its
		     owner is not root (st_uid 0) then we reject it.
		     Since the motivation for this feature is security, and
		     that security presumes we trust the containing
		     directory, this check approximates the security of
		     refusing symlinks while accepting mount points.
		     Note that we actually permit something Linux doesn't:
		     we follow root-owned symlinks; if that is deemed
		     undesireable, we can add a final check for that
		     one exception to our general translator-based rule.  */
		  struct stat64 st;
		  err = __io_stat (*result, &st);
		  if (!err)
		    {
		      if (flags & O_DIRECTORY && !S_ISDIR (st.st_mode))
			err = ENOTDIR;
		      if (S_ISLNK (st.st_mode))
			err = ELOOP;
		      else if (st.st_mode & (S_IPTRANS|S_IATRANS))
			{
			  if (st.st_uid != 0)
			    err = ELOOP;
			  else if (st.st_mode & S_IPTRANS)
			    {
			      char buf[1024];
			      char *trans = buf;
			      size_t translen = sizeof buf;
			      err = __file_get_translator (*result,
							   &trans, &translen);
			      if (!err
				  && translen > sizeof _HURD_SYMLINK
				  && !memcmp (trans,
					      _HURD_SYMLINK, sizeof _HURD_SYMLINK))
				err = ELOOP;
			    }
			}
		    }
		}

	      /* We got a successful translation.  Now apply any open-time
		 action flags we were passed.  */

	      if (!err && (flags & O_TRUNC)) /* Asked to truncate the file.  */
		err = __file_set_size (*result, 0);

	      if (err)
		__mach_port_deallocate (__mach_task_self (), *result);
	      goto out;
	    }

	  startdir = *result;
	  file_name = retryname;
	  break;

	case FS_RETRY_MAGICAL:
	  switch (retryname[0])
	    {
	    case '/':
	      dirport = INIT_PORT_CRDIR;
	      if (*result != MACH_PORT_NULL)
		__mach_port_deallocate (__mach_task_self (), *result);
	      if (nloops++ >= __eloop_threshold ())
		{
		  err = ELOOP;
		  goto out;
		}
	      file_name = &retryname[1];
	      break;

	    case 'f':
	      if (retryname[1] == 'd' && retryname[2] == '/')
		{
		  int fd;
		  char *end;
		  int save = errno;
		  errno = 0;
		  fd = (int) __strtoul_internal (&retryname[3], &end, 10, 0);
		  if (end == NULL || errno /* Malformed number.  */
		      /* Check for excess text after the number.  A slash
			 is valid; it ends the component.  Anything else
			 does not name a numeric file descriptor.  */
		      || (*end != '/' && *end != '\0'))
		    {
		      errno = save;
		      err = ENOENT;
		      goto out;
		    }
		  if (! get_dtable_port)
		    err = EGRATUITOUS;
		  else
		    {
		      *result = (*get_dtable_port) (fd);
		      if (*result == MACH_PORT_NULL)
			{
			  /* If the name was a proper number, but the file
			     descriptor does not exist, we return EBADF instead
			     of ENOENT.  */
			  err = errno;
			  errno = save;
			}
		    }
		  errno = save;
		  if (err)
		    goto out;
		  if (*end == '\0')
		    {
		      err = 0;
		      goto out;
		    }
		  else
		    {
		      /* Do a normal retry on the remaining components.  */
		      startdir = *result;
		      file_name = end + 1; /* Skip the slash.  */
		      break;
		    }
		}
	      else
		goto bad_magic;
	      break;

	    case 'm':
	      if (retryname[1] == 'a' && retryname[2] == 'c'
		  && retryname[3] == 'h' && retryname[4] == 't'
		  && retryname[5] == 'y' && retryname[6] == 'p'
		  && retryname[7] == 'e')
		{
		  error_t err;
		  struct host_basic_info hostinfo;
		  mach_msg_type_number_t hostinfocnt = HOST_BASIC_INFO_COUNT;
		  char *p;
		  /* XXX want client's host */
		  if (err = __host_info (__mach_host_self (), HOST_BASIC_INFO,
					 (integer_t *) &hostinfo,
					 &hostinfocnt))
		    goto out;
		  if (hostinfocnt != HOST_BASIC_INFO_COUNT)
		    {
		      err = EGRATUITOUS;
		      goto out;
		    }
		  p = _itoa (hostinfo.cpu_subtype, &retryname[8], 10, 0);
		  *--p = '/';
		  p = _itoa (hostinfo.cpu_type, &retryname[8], 10, 0);
		  if (p < retryname)
		    abort ();	/* XXX write this right if this ever happens */
		  if (p > retryname)
		    strcpy (retryname, p);
		  startdir = *result;
		}
	      else
		goto bad_magic;
	      break;

	    case 't':
	      if (retryname[1] == 't' && retryname[2] == 'y')
		switch (retryname[3])
		  {
		    error_t opentty (file_t *result)
		      {
			error_t err;
			error_t ctty_open (file_t port)
			  {
			    if (port == MACH_PORT_NULL)
			      return ENXIO; /* No controlling terminal.  */
			    return __termctty_open_terminal (port,
							     flags,
							     result);
			  }
			err = (*use_init_port) (INIT_PORT_CTTYID, &ctty_open);
			if (! err)
			  err = reauthenticate (*result);
			return err;
		      }

		  case '\0':
		    err = opentty (result);
		    goto out;
		  case '/':
		    if (err = opentty (&startdir))
		      goto out;
		    strcpy (retryname, &retryname[4]);
		    break;
		  default:
		    goto bad_magic;
		  }
	      else
		goto bad_magic;
	      break;

	    case 'p':
	      if (retryname[1] == 'i' && retryname[2] == 'd'
		  && (retryname[3] == '/' || retryname[3] == 0))
		{
		  char *p, buf[1024];  /* XXX */
		  size_t len;
		  p = _itoa (__getpid (), &buf[sizeof buf], 10, 0);
		  len = &buf[sizeof buf] - p;
		  memcpy (buf, p, len);
		  strcpy (buf + len, &retryname[3]);
		  strcpy (retryname, buf);

		  /* Do a normal retry on the remaining components.  */
		  __mach_port_mod_refs (__mach_task_self (), lastdir,
					MACH_PORT_RIGHT_SEND, 1);
		  startdir = lastdir;
		  file_name = retryname;
		}
	      else
		goto bad_magic;
	      break;

	    default:
	    bad_magic:
	      err = EGRATUITOUS;
	      goto out;
	    }
	  break;

	default:
	  err = EGRATUITOUS;
	  goto out;
	}

      if (MACH_PORT_VALID (*result) && *result != lastdir)
	{
	  if (MACH_PORT_VALID (lastdir))
	    __mach_port_deallocate (__mach_task_self (), lastdir);

	  lastdir = *result;
	  __mach_port_mod_refs (__mach_task_self (), lastdir,
				MACH_PORT_RIGHT_SEND, 1);
	}

      if (startdir != MACH_PORT_NULL)
	{
	  err = lookup_op (startdir);
	  __mach_port_deallocate (__mach_task_self (), startdir);
	  startdir = MACH_PORT_NULL;
	}
      else
	err = (*use_init_port) (dirport, &lookup_op);
    } while (! err);

out:
  if (MACH_PORT_VALID (lastdir))
    __mach_port_deallocate (__mach_task_self (), lastdir);

  return err;
}
weak_alias (__hurd_file_name_lookup_retry, hurd_file_name_lookup_retry)
Commit	Line	Data
5fe915ee	1	/* hairy bits of Hurd file name lookup
04277e02	2	Copyright (C) 1992-2019 Free Software Foundation, Inc.
5fe915ee RM	3	This file is part of the GNU C Library.
	4
	5	The GNU C Library is free software; you can redistribute it and/or
41bdb6e2 AJ	6	modify it under the terms of the GNU Lesser General Public
	7	License as published by the Free Software Foundation; either
	8	version 2.1 of the License, or (at your option) any later version.
5fe915ee RM	9
	10	The GNU C Library is distributed in the hope that it will be useful,
	11	but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41bdb6e2	13	Lesser General Public License for more details.
5fe915ee	14
41bdb6e2	15	You should have received a copy of the GNU Lesser General Public
59ba27a6	16	License along with the GNU C Library; if not, see
5a82c748	17	<https://www.gnu.org/licenses/>. */
5fe915ee RM	18
	19	#include <hurd.h>
	20	#include <hurd/lookup.h>
	21	#include <hurd/term.h>
	22	#include <hurd/paths.h>
	23	#include <limits.h>
	24	#include <fcntl.h>
	25	#include <string.h>
eb96ffb0	26	#include <_itoa.h>
4f75b7a0	27	#include <eloop-threshold.h>
065957a3	28	#include <unistd.h>
5fe915ee RM	29
	30	/* Translate the error from dir_lookup into the error the user sees. */
	31	static inline error_t
	32	lookup_error (error_t error)
	33	{
	34	switch (error)
	35	{
	36	case EOPNOTSUPP:
	37	case MIG_BAD_ID:
	38	/* These indicate that the server does not understand dir_lookup
	39	at all. If it were a directory, it would, by definition. */
	40	return ENOTDIR;
	41	default:
	42	return error;
	43	}
	44	}
	45
	46	error_t
	47	__hurd_file_name_lookup_retry (error_t (*use_init_port)
10589b4a	48	(int which, error_t (*operate) (file_t)),
5fe915ee RM	49	file_t (*get_dtable_port) (int fd),
5fe915ee RM	50	error_t (*lookup)
f8bee46c	51	(file_t dir, const char *name,
5fe915ee RM	52	int flags, mode_t mode,
	53	retry_type *do_retry, string_t retry_name,
	54	mach_port_t *result),
	55	enum retry_type doretry,
	56	char retryname[1024],
	57	int flags, mode_t mode,
	58	file_t *result)
	59	{
	60	error_t err;
	61	char *file_name;
	62	int nloops;
065957a3	63	file_t lastdir = MACH_PORT_NULL;
5fe915ee RM	64
	65	error_t lookup_op (file_t startdir)
	66	{
e42ce0f4 FC	67	if (file_name[0] == '/' && file_name[1] != '\0')
	68	{
	69	while (file_name[1] == '/')
	70	/* Remove double leading slash. */
	71	file_name++;
	72	if (file_name[1] != '\0')
	73	/* Remove leading slash when we have more than the slash. */
	74	file_name++;
	75	}
5fe915ee RM	76
	77	return lookup_error ((*lookup) (startdir, file_name, flags, mode,
	78	&doretry, retryname, result));
	79	}
	80	error_t reauthenticate (file_t unauth)
	81	{
	82	error_t err;
	83	mach_port_t ref = __mach_reply_port ();
	84	error_t reauth (auth_t auth)
	85	{
	86	return __auth_user_authenticate (auth, ref,
	87	MACH_MSG_TYPE_MAKE_SEND,
	88	result);
	89	}
	90	err = __io_reauthenticate (unauth, ref, MACH_MSG_TYPE_MAKE_SEND);
	91	if (! err)
	92	err = (*use_init_port) (INIT_PORT_AUTH, &reauth);
	93	__mach_port_destroy (__mach_task_self (), ref);
	94	__mach_port_deallocate (__mach_task_self (), unauth);
	95	return err;
	96	}
	97
	98	if (! lookup)
	99	lookup = __dir_lookup;
	100
	101	nloops = 0;
	102	err = 0;
	103	do
	104	{
	105	file_t startdir = MACH_PORT_NULL;
	106	int dirport = INIT_PORT_CWDIR;
	107
	108	switch (doretry)
	109	{
	110	case FS_RETRY_REAUTH:
	111	if (err = reauthenticate (*result))
065957a3	112	goto out;
5fe915ee RM	113	/* Fall through. */
	114
	115	case FS_RETRY_NORMAL:
4f75b7a0	116	if (nloops++ >= __eloop_threshold ())
5fe915ee RM	117	{
5fe915ee RM	118	__mach_port_deallocate (__mach_task_self (), *result);
065957a3 JW	119	err = ELOOP;
065957a3 JW	120	goto out;
5fe915ee RM	121	}
	122
	123	/* An empty RETRYNAME indicates we have the final port. */
34a5a146	124	if (retryname[0] == '\0'
5fe915ee RM	125	/* If reauth'd, we must do one more retry on "" to give the new
5fe915ee RM	126	translator a chance to make a new port for us. */
34a5a146	127	&& doretry == FS_RETRY_NORMAL)
5fe915ee RM	128	{
	129	if (flags & O_NOFOLLOW)
	130	{
	131	/* In Linux, O_NOFOLLOW means to reject symlinks. If we
	132	did an O_NOLINK lookup above and io_stat here to check
489999cc	133	for S_IFLNK only, a translator like firmlink could easily
5fe915ee RM	134	spoof this check by not showing S_IFLNK, but in fact
	135	redirecting the lookup to some other name
	136	(i.e. opening the very same holes a symlink would).
	137
	138	Instead we do an O_NOTRANS lookup above, and stat the
	139	underlying node: if it has a translator set, and its
	140	owner is not root (st_uid 0) then we reject it.
	141	Since the motivation for this feature is security, and
	142	that security presumes we trust the containing
	143	directory, this check approximates the security of
	144	refusing symlinks while accepting mount points.
	145	Note that we actually permit something Linux doesn't:
	146	we follow root-owned symlinks; if that is deemed
	147	undesireable, we can add a final check for that
	148	one exception to our general translator-based rule. */
337738b7	149	struct stat64 st;
5fe915ee	150	err = __io_stat (*result, &st);
489999cc	151	if (!err)
5fe915ee	152	{
72103e73 ST	153	if (flags & O_DIRECTORY && !S_ISDIR (st.st_mode))
72103e73 ST	154	err = ENOTDIR;
489999cc ST	155	if (S_ISLNK (st.st_mode))
	156	err = ELOOP;
	157	else if (st.st_mode & (S_IPTRANS\|S_IATRANS))
5fe915ee	158	{
489999cc ST	159	if (st.st_uid != 0)
	160	err = ELOOP;
	161	else if (st.st_mode & S_IPTRANS)
	162	{
	163	char buf[1024];
	164	char *trans = buf;
	165	size_t translen = sizeof buf;
	166	err = __file_get_translator (*result,
	167	&trans, &translen);
	168	if (!err
	169	&& translen > sizeof _HURD_SYMLINK
	170	&& !memcmp (trans,
	171	_HURD_SYMLINK, sizeof _HURD_SYMLINK))
	172	err = ELOOP;
	173	}
5fe915ee RM	174	}
	175	}
	176	}
	177
	178	/* We got a successful translation. Now apply any open-time
	179	action flags we were passed. */
	180
	181	if (!err && (flags & O_TRUNC)) /* Asked to truncate the file. */
	182	err = __file_set_size (*result, 0);
	183
	184	if (err)
	185	__mach_port_deallocate (__mach_task_self (), *result);
065957a3	186	goto out;
5fe915ee RM	187	}
	188
	189	startdir = *result;
	190	file_name = retryname;
	191	break;
	192
	193	case FS_RETRY_MAGICAL:
	194	switch (retryname[0])
	195	{
	196	case '/':
	197	dirport = INIT_PORT_CRDIR;
	198	if (*result != MACH_PORT_NULL)
	199	__mach_port_deallocate (__mach_task_self (), *result);
4f75b7a0	200	if (nloops++ >= __eloop_threshold ())
065957a3 JW	201	{
	202	err = ELOOP;
	203	goto out;
	204	}
5fe915ee RM	205	file_name = &retryname[1];
	206	break;
	207
	208	case 'f':
	209	if (retryname[1] == 'd' && retryname[2] == '/')
	210	{
	211	int fd;
	212	char *end;
	213	int save = errno;
	214	errno = 0;
10589b4a	215	fd = (int) __strtoul_internal (&retryname[3], &end, 10, 0);
a04549c1	216	if (end == NULL \|\| errno /* Malformed number. */
5fe915ee RM	217	/* Check for excess text after the number. A slash
	218	is valid; it ends the component. Anything else
	219	does not name a numeric file descriptor. */
a04549c1	220	\|\| (end != '/' && end != '\0'))
5fe915ee RM	221	{
5fe915ee RM	222	errno = save;
065957a3 JW	223	err = ENOENT;
065957a3 JW	224	goto out;
5fe915ee RM	225	}
	226	if (! get_dtable_port)
	227	err = EGRATUITOUS;
	228	else
	229	{
	230	result = (get_dtable_port) (fd);
	231	if (*result == MACH_PORT_NULL)
	232	{
	233	/* If the name was a proper number, but the file
	234	descriptor does not exist, we return EBADF instead
	235	of ENOENT. */
	236	err = errno;
	237	errno = save;
	238	}
	239	}
	240	errno = save;
	241	if (err)
065957a3	242	goto out;
5fe915ee	243	if (*end == '\0')
065957a3 JW	244	{
	245	err = 0;
	246	goto out;
	247	}
5fe915ee RM	248	else
	249	{
	250	/* Do a normal retry on the remaining components. */
	251	startdir = *result;
	252	file_name = end + 1; /* Skip the slash. */
	253	break;
	254	}
	255	}
	256	else
	257	goto bad_magic;
	258	break;
	259
	260	case 'm':
34a5a146 JM	261	if (retryname[1] == 'a' && retryname[2] == 'c'
	262	&& retryname[3] == 'h' && retryname[4] == 't'
	263	&& retryname[5] == 'y' && retryname[6] == 'p'
	264	&& retryname[7] == 'e')
5fe915ee RM	265	{
	266	error_t err;
	267	struct host_basic_info hostinfo;
	268	mach_msg_type_number_t hostinfocnt = HOST_BASIC_INFO_COUNT;
	269	char *p;
	270	/* XXX want client's host */
	271	if (err = __host_info (__mach_host_self (), HOST_BASIC_INFO,
8ad684db	272	(integer_t *) &hostinfo,
5fe915ee	273	&hostinfocnt))
065957a3	274	goto out;
5fe915ee	275	if (hostinfocnt != HOST_BASIC_INFO_COUNT)
065957a3 JW	276	{
	277	err = EGRATUITOUS;
	278	goto out;
	279	}
5fe915ee RM	280	p = _itoa (hostinfo.cpu_subtype, &retryname[8], 10, 0);
	281	*--p = '/';
	282	p = _itoa (hostinfo.cpu_type, &retryname[8], 10, 0);
	283	if (p < retryname)
	284	abort (); /* XXX write this right if this ever happens */
	285	if (p > retryname)
	286	strcpy (retryname, p);
	287	startdir = *result;
	288	}
	289	else
	290	goto bad_magic;
	291	break;
	292
	293	case 't':
	294	if (retryname[1] == 't' && retryname[2] == 'y')
	295	switch (retryname[3])
	296	{
	297	error_t opentty (file_t *result)
	298	{
	299	error_t err;
	300	error_t ctty_open (file_t port)
	301	{
	302	if (port == MACH_PORT_NULL)
	303	return ENXIO; /* No controlling terminal. */
	304	return __termctty_open_terminal (port,
	305	flags,
	306	result);
	307	}
	308	err = (*use_init_port) (INIT_PORT_CTTYID, &ctty_open);
	309	if (! err)
	310	err = reauthenticate (*result);
	311	return err;
	312	}
	313
	314	case '\0':
065957a3 JW	315	err = opentty (result);
065957a3 JW	316	goto out;
5fe915ee RM	317	case '/':
5fe915ee RM	318	if (err = opentty (&startdir))
065957a3	319	goto out;
5fe915ee RM	320	strcpy (retryname, &retryname[4]);
	321	break;
	322	default:
	323	goto bad_magic;
	324	}
	325	else
	326	goto bad_magic;
	327	break;
	328
065957a3	329	case 'p':
a04549c1 JM	330	if (retryname[1] == 'i' && retryname[2] == 'd'
a04549c1 JM	331	&& (retryname[3] == '/' \|\| retryname[3] == 0))
065957a3 JW	332	{
	333	char p, buf[1024]; / XXX */
	334	size_t len;
	335	p = _itoa (__getpid (), &buf[sizeof buf], 10, 0);
	336	len = &buf[sizeof buf] - p;
	337	memcpy (buf, p, len);
	338	strcpy (buf + len, &retryname[3]);
	339	strcpy (retryname, buf);
	340
	341	/* Do a normal retry on the remaining components. */
	342	__mach_port_mod_refs (__mach_task_self (), lastdir,
	343	MACH_PORT_RIGHT_SEND, 1);
	344	startdir = lastdir;
	345	file_name = retryname;
	346	}
	347	else
	348	goto bad_magic;
	349	break;
	350
5fe915ee RM	351	default:
5fe915ee RM	352	bad_magic:
065957a3 JW	353	err = EGRATUITOUS;
065957a3 JW	354	goto out;
5fe915ee RM	355	}
	356	break;
	357
	358	default:
065957a3 JW	359	err = EGRATUITOUS;
	360	goto out;
	361	}
	362
	363	if (MACH_PORT_VALID (result) && result != lastdir)
	364	{
	365	if (MACH_PORT_VALID (lastdir))
	366	__mach_port_deallocate (__mach_task_self (), lastdir);
	367
	368	lastdir = *result;
	369	__mach_port_mod_refs (__mach_task_self (), lastdir,
	370	MACH_PORT_RIGHT_SEND, 1);
5fe915ee RM	371	}
	372
	373	if (startdir != MACH_PORT_NULL)
	374	{
	375	err = lookup_op (startdir);
	376	__mach_port_deallocate (__mach_task_self (), startdir);
	377	startdir = MACH_PORT_NULL;
	378	}
	379	else
	380	err = (*use_init_port) (dirport, &lookup_op);
	381	} while (! err);
	382
065957a3 JW	383	out:
	384	if (MACH_PORT_VALID (lastdir))
	385	__mach_port_deallocate (__mach_task_self (), lastdir);
	386
5fe915ee RM	387	return err;
	388	}
	389	weak_alias (__hurd_file_name_lookup_retry, hurd_file_name_lookup_retry)