xref: /freebsd/lib/libutil/quotafile.c (revision 389e4940069316fe667ffa263fa7d6390d0a960f)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2008 Dag-Erling Coïdan Smørgrav
5  * Copyright (c) 2008 Marshall Kirk McKusick
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer
13  *    in this position and unchanged.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  * $FreeBSD$
31  */
32 
33 #include <sys/types.h>
34 #include <sys/endian.h>
35 #include <sys/mount.h>
36 #include <sys/stat.h>
37 
38 #include <ufs/ufs/quota.h>
39 
40 #include <errno.h>
41 #include <fcntl.h>
42 #include <fstab.h>
43 #include <grp.h>
44 #include <pwd.h>
45 #include <libutil.h>
46 #include <stdint.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <unistd.h>
51 
52 struct quotafile {
53 	int fd;				/* -1 means using quotactl for access */
54 	int accmode;			/* access mode */
55 	int wordsize;			/* 32-bit or 64-bit limits */
56 	int quotatype;			/* USRQUOTA or GRPQUOTA */
57 	dev_t dev;			/* device */
58 	char fsname[MAXPATHLEN + 1];	/* mount point of filesystem */
59 	char qfname[MAXPATHLEN + 1];	/* quota file if not using quotactl */
60 };
61 
62 static const char *qfextension[] = INITQFNAMES;
63 
64 /*
65  * Check to see if a particular quota is to be enabled.
66  */
67 static int
68 hasquota(struct fstab *fs, int type, char *qfnamep, int qfbufsize)
69 {
70 	char *opt;
71 	char *cp;
72 	struct statfs sfb;
73 	char buf[BUFSIZ];
74 	static char initname, usrname[100], grpname[100];
75 
76 	/*
77 	 * 1) we only need one of these
78 	 * 2) fstab may specify a different filename
79 	 */
80 	if (!initname) {
81 		(void)snprintf(usrname, sizeof(usrname), "%s%s",
82 		    qfextension[USRQUOTA], QUOTAFILENAME);
83 		(void)snprintf(grpname, sizeof(grpname), "%s%s",
84 		    qfextension[GRPQUOTA], QUOTAFILENAME);
85 		initname = 1;
86 	}
87 	strcpy(buf, fs->fs_mntops);
88 	for (opt = strtok(buf, ","); opt; opt = strtok(NULL, ",")) {
89 		if ((cp = strchr(opt, '=')))
90 			*cp++ = '\0';
91 		if (type == USRQUOTA && strcmp(opt, usrname) == 0)
92 			break;
93 		if (type == GRPQUOTA && strcmp(opt, grpname) == 0)
94 			break;
95 	}
96 	if (!opt)
97 		return (0);
98 	/*
99 	 * Ensure that the filesystem is mounted.
100 	 */
101 	if (statfs(fs->fs_file, &sfb) != 0 ||
102 	    strcmp(fs->fs_file, sfb.f_mntonname)) {
103 		return (0);
104 	}
105 	if (cp) {
106 		strncpy(qfnamep, cp, qfbufsize);
107 	} else {
108 		(void)snprintf(qfnamep, qfbufsize, "%s/%s.%s", fs->fs_file,
109 		    QUOTAFILENAME, qfextension[type]);
110 	}
111 	return (1);
112 }
113 
114 struct quotafile *
115 quota_open(struct fstab *fs, int quotatype, int openflags)
116 {
117 	struct quotafile *qf;
118 	struct dqhdr64 dqh;
119 	struct group *grp;
120 	struct stat st;
121 	int qcmd, serrno;
122 
123 	if (strcmp(fs->fs_vfstype, "ufs"))
124 		return (NULL);
125 	if ((qf = calloc(1, sizeof(*qf))) == NULL)
126 		return (NULL);
127 	qf->fd = -1;
128 	qf->quotatype = quotatype;
129 	strlcpy(qf->fsname, fs->fs_file, sizeof(qf->fsname));
130 	if (stat(qf->fsname, &st) != 0)
131 		goto error;
132 	qf->dev = st.st_dev;
133 	serrno = hasquota(fs, quotatype, qf->qfname, sizeof(qf->qfname));
134 	qcmd = QCMD(Q_GETQUOTASIZE, quotatype);
135 	if (quotactl(qf->fsname, qcmd, 0, &qf->wordsize) == 0)
136 		return (qf);
137 	if (serrno == 0) {
138 		errno = EOPNOTSUPP;
139 		goto error;
140 	}
141 	qf->accmode = openflags & O_ACCMODE;
142 	if ((qf->fd = open(qf->qfname, qf->accmode|O_CLOEXEC)) < 0 &&
143 	    (openflags & O_CREAT) != O_CREAT)
144 		goto error;
145 	/* File open worked, so process it */
146 	if (qf->fd != -1) {
147 		qf->wordsize = 32;
148 		switch (read(qf->fd, &dqh, sizeof(dqh))) {
149 		case -1:
150 			goto error;
151 		case sizeof(dqh):
152 			if (strcmp(dqh.dqh_magic, Q_DQHDR64_MAGIC) != 0) {
153 				/* no magic, assume 32 bits */
154 				qf->wordsize = 32;
155 				return (qf);
156 			}
157 			if (be32toh(dqh.dqh_version) != Q_DQHDR64_VERSION ||
158 			    be32toh(dqh.dqh_hdrlen) != sizeof(struct dqhdr64) ||
159 			    be32toh(dqh.dqh_reclen) != sizeof(struct dqblk64)) {
160 				/* correct magic, wrong version / lengths */
161 				errno = EINVAL;
162 				goto error;
163 			}
164 			qf->wordsize = 64;
165 			return (qf);
166 		default:
167 			qf->wordsize = 32;
168 			return (qf);
169 		}
170 		/* not reached */
171 	}
172 	/* open failed, but O_CREAT was specified, so create a new file */
173 	if ((qf->fd = open(qf->qfname, O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0)) <
174 	    0)
175 		goto error;
176 	qf->wordsize = 64;
177 	memset(&dqh, 0, sizeof(dqh));
178 	memcpy(dqh.dqh_magic, Q_DQHDR64_MAGIC, sizeof(dqh.dqh_magic));
179 	dqh.dqh_version = htobe32(Q_DQHDR64_VERSION);
180 	dqh.dqh_hdrlen = htobe32(sizeof(struct dqhdr64));
181 	dqh.dqh_reclen = htobe32(sizeof(struct dqblk64));
182 	if (write(qf->fd, &dqh, sizeof(dqh)) != sizeof(dqh)) {
183 		/* it was one we created ourselves */
184 		unlink(qf->qfname);
185 		goto error;
186 	}
187 	grp = getgrnam(QUOTAGROUP);
188 	fchown(qf->fd, 0, grp ? grp->gr_gid : 0);
189 	fchmod(qf->fd, 0640);
190 	return (qf);
191 error:
192 	serrno = errno;
193 	/* did we have an open file? */
194 	if (qf->fd != -1)
195 		close(qf->fd);
196 	free(qf);
197 	errno = serrno;
198 	return (NULL);
199 }
200 
201 void
202 quota_close(struct quotafile *qf)
203 {
204 
205 	if (qf->fd != -1)
206 		close(qf->fd);
207 	free(qf);
208 }
209 
210 int
211 quota_on(struct quotafile *qf)
212 {
213 	int qcmd;
214 
215 	qcmd = QCMD(Q_QUOTAON, qf->quotatype);
216 	return (quotactl(qf->fsname, qcmd, 0, qf->qfname));
217 }
218 
219 int
220 quota_off(struct quotafile *qf)
221 {
222 
223 	return (quotactl(qf->fsname, QCMD(Q_QUOTAOFF, qf->quotatype), 0, 0));
224 }
225 
226 const char *
227 quota_fsname(const struct quotafile *qf)
228 {
229 
230 	return (qf->fsname);
231 }
232 
233 const char *
234 quota_qfname(const struct quotafile *qf)
235 {
236 
237 	return (qf->qfname);
238 }
239 
240 int
241 quota_check_path(const struct quotafile *qf, const char *path)
242 {
243 	struct stat st;
244 
245 	if (stat(path, &st) == -1)
246 		return (-1);
247 	return (st.st_dev == qf->dev);
248 }
249 
250 int
251 quota_maxid(struct quotafile *qf)
252 {
253 	struct stat st;
254 	int maxid;
255 
256 	if (stat(qf->qfname, &st) < 0)
257 		return (0);
258 	switch (qf->wordsize) {
259 	case 32:
260 		maxid = st.st_size / sizeof(struct dqblk32) - 1;
261 		break;
262 	case 64:
263 		maxid = st.st_size / sizeof(struct dqblk64) - 2;
264 		break;
265 	default:
266 		maxid = 0;
267 		break;
268 	}
269 	return (maxid > 0 ? maxid : 0);
270 }
271 
272 static int
273 quota_read32(struct quotafile *qf, struct dqblk *dqb, int id)
274 {
275 	struct dqblk32 dqb32;
276 	off_t off;
277 
278 	off = id * sizeof(struct dqblk32);
279 	if (lseek(qf->fd, off, SEEK_SET) == -1)
280 		return (-1);
281 	switch (read(qf->fd, &dqb32, sizeof(dqb32))) {
282 	case 0:
283 		memset(dqb, 0, sizeof(*dqb));
284 		return (0);
285 	case sizeof(dqb32):
286 		dqb->dqb_bhardlimit = dqb32.dqb_bhardlimit;
287 		dqb->dqb_bsoftlimit = dqb32.dqb_bsoftlimit;
288 		dqb->dqb_curblocks = dqb32.dqb_curblocks;
289 		dqb->dqb_ihardlimit = dqb32.dqb_ihardlimit;
290 		dqb->dqb_isoftlimit = dqb32.dqb_isoftlimit;
291 		dqb->dqb_curinodes = dqb32.dqb_curinodes;
292 		dqb->dqb_btime = dqb32.dqb_btime;
293 		dqb->dqb_itime = dqb32.dqb_itime;
294 		return (0);
295 	default:
296 		return (-1);
297 	}
298 }
299 
300 static int
301 quota_read64(struct quotafile *qf, struct dqblk *dqb, int id)
302 {
303 	struct dqblk64 dqb64;
304 	off_t off;
305 
306 	off = sizeof(struct dqhdr64) + id * sizeof(struct dqblk64);
307 	if (lseek(qf->fd, off, SEEK_SET) == -1)
308 		return (-1);
309 	switch (read(qf->fd, &dqb64, sizeof(dqb64))) {
310 	case 0:
311 		memset(dqb, 0, sizeof(*dqb));
312 		return (0);
313 	case sizeof(dqb64):
314 		dqb->dqb_bhardlimit = be64toh(dqb64.dqb_bhardlimit);
315 		dqb->dqb_bsoftlimit = be64toh(dqb64.dqb_bsoftlimit);
316 		dqb->dqb_curblocks = be64toh(dqb64.dqb_curblocks);
317 		dqb->dqb_ihardlimit = be64toh(dqb64.dqb_ihardlimit);
318 		dqb->dqb_isoftlimit = be64toh(dqb64.dqb_isoftlimit);
319 		dqb->dqb_curinodes = be64toh(dqb64.dqb_curinodes);
320 		dqb->dqb_btime = be64toh(dqb64.dqb_btime);
321 		dqb->dqb_itime = be64toh(dqb64.dqb_itime);
322 		return (0);
323 	default:
324 		return (-1);
325 	}
326 }
327 
328 int
329 quota_read(struct quotafile *qf, struct dqblk *dqb, int id)
330 {
331 	int qcmd;
332 
333 	if (qf->fd == -1) {
334 		qcmd = QCMD(Q_GETQUOTA, qf->quotatype);
335 		return (quotactl(qf->fsname, qcmd, id, dqb));
336 	}
337 	switch (qf->wordsize) {
338 	case 32:
339 		return (quota_read32(qf, dqb, id));
340 	case 64:
341 		return (quota_read64(qf, dqb, id));
342 	default:
343 		errno = EINVAL;
344 		return (-1);
345 	}
346 	/* not reached */
347 }
348 
349 #define CLIP32(u64) ((u64) > UINT32_MAX ? UINT32_MAX : (uint32_t)(u64))
350 
351 static int
352 quota_write32(struct quotafile *qf, const struct dqblk *dqb, int id)
353 {
354 	struct dqblk32 dqb32;
355 	off_t off;
356 
357 	dqb32.dqb_bhardlimit = CLIP32(dqb->dqb_bhardlimit);
358 	dqb32.dqb_bsoftlimit = CLIP32(dqb->dqb_bsoftlimit);
359 	dqb32.dqb_curblocks = CLIP32(dqb->dqb_curblocks);
360 	dqb32.dqb_ihardlimit = CLIP32(dqb->dqb_ihardlimit);
361 	dqb32.dqb_isoftlimit = CLIP32(dqb->dqb_isoftlimit);
362 	dqb32.dqb_curinodes = CLIP32(dqb->dqb_curinodes);
363 	dqb32.dqb_btime = CLIP32(dqb->dqb_btime);
364 	dqb32.dqb_itime = CLIP32(dqb->dqb_itime);
365 
366 	off = id * sizeof(struct dqblk32);
367 	if (lseek(qf->fd, off, SEEK_SET) == -1)
368 		return (-1);
369 	if (write(qf->fd, &dqb32, sizeof(dqb32)) == sizeof(dqb32))
370 		return (0);
371 	return (-1);
372 }
373 
374 static int
375 quota_write64(struct quotafile *qf, const struct dqblk *dqb, int id)
376 {
377 	struct dqblk64 dqb64;
378 	off_t off;
379 
380 	dqb64.dqb_bhardlimit = htobe64(dqb->dqb_bhardlimit);
381 	dqb64.dqb_bsoftlimit = htobe64(dqb->dqb_bsoftlimit);
382 	dqb64.dqb_curblocks = htobe64(dqb->dqb_curblocks);
383 	dqb64.dqb_ihardlimit = htobe64(dqb->dqb_ihardlimit);
384 	dqb64.dqb_isoftlimit = htobe64(dqb->dqb_isoftlimit);
385 	dqb64.dqb_curinodes = htobe64(dqb->dqb_curinodes);
386 	dqb64.dqb_btime = htobe64(dqb->dqb_btime);
387 	dqb64.dqb_itime = htobe64(dqb->dqb_itime);
388 
389 	off = sizeof(struct dqhdr64) + id * sizeof(struct dqblk64);
390 	if (lseek(qf->fd, off, SEEK_SET) == -1)
391 		return (-1);
392 	if (write(qf->fd, &dqb64, sizeof(dqb64)) == sizeof(dqb64))
393 		return (0);
394 	return (-1);
395 }
396 
397 int
398 quota_write_usage(struct quotafile *qf, struct dqblk *dqb, int id)
399 {
400 	struct dqblk dqbuf;
401 	int qcmd;
402 
403 	if (qf->fd == -1) {
404 		qcmd = QCMD(Q_SETUSE, qf->quotatype);
405 		return (quotactl(qf->fsname, qcmd, id, dqb));
406 	}
407 	/*
408 	 * Have to do read-modify-write of quota in file.
409 	 */
410 	if ((qf->accmode & O_RDWR) != O_RDWR) {
411 		errno = EBADF;
412 		return (-1);
413 	}
414 	if (quota_read(qf, &dqbuf, id) != 0)
415 		return (-1);
416 	/*
417 	 * Reset time limit if have a soft limit and were
418 	 * previously under it, but are now over it.
419 	 */
420 	if (dqbuf.dqb_bsoftlimit && id != 0 &&
421 	    dqbuf.dqb_curblocks < dqbuf.dqb_bsoftlimit &&
422 	    dqb->dqb_curblocks >= dqbuf.dqb_bsoftlimit)
423 		dqbuf.dqb_btime = 0;
424 	if (dqbuf.dqb_isoftlimit && id != 0 &&
425 	    dqbuf.dqb_curinodes < dqbuf.dqb_isoftlimit &&
426 	    dqb->dqb_curinodes >= dqbuf.dqb_isoftlimit)
427 		dqbuf.dqb_itime = 0;
428 	dqbuf.dqb_curinodes = dqb->dqb_curinodes;
429 	dqbuf.dqb_curblocks = dqb->dqb_curblocks;
430 	/*
431 	 * Write it back.
432 	 */
433 	switch (qf->wordsize) {
434 	case 32:
435 		return (quota_write32(qf, &dqbuf, id));
436 	case 64:
437 		return (quota_write64(qf, &dqbuf, id));
438 	default:
439 		errno = EINVAL;
440 		return (-1);
441 	}
442 	/* not reached */
443 }
444 
445 int
446 quota_write_limits(struct quotafile *qf, struct dqblk *dqb, int id)
447 {
448 	struct dqblk dqbuf;
449 	int qcmd;
450 
451 	if (qf->fd == -1) {
452 		qcmd = QCMD(Q_SETQUOTA, qf->quotatype);
453 		return (quotactl(qf->fsname, qcmd, id, dqb));
454 	}
455 	/*
456 	 * Have to do read-modify-write of quota in file.
457 	 */
458 	if ((qf->accmode & O_RDWR) != O_RDWR) {
459 		errno = EBADF;
460 		return (-1);
461 	}
462 	if (quota_read(qf, &dqbuf, id) != 0)
463 		return (-1);
464 	/*
465 	 * Reset time limit if have a soft limit and were
466 	 * previously under it, but are now over it
467 	 * or if there previously was no soft limit, but
468 	 * now have one and are over it.
469 	 */
470 	if (dqbuf.dqb_bsoftlimit && id != 0 &&
471 	    dqbuf.dqb_curblocks < dqbuf.dqb_bsoftlimit &&
472 	    dqbuf.dqb_curblocks >= dqb->dqb_bsoftlimit)
473 		dqb->dqb_btime = 0;
474 	if (dqbuf.dqb_bsoftlimit == 0 && id != 0 &&
475 	    dqb->dqb_bsoftlimit > 0 &&
476 	    dqbuf.dqb_curblocks >= dqb->dqb_bsoftlimit)
477 		dqb->dqb_btime = 0;
478 	if (dqbuf.dqb_isoftlimit && id != 0 &&
479 	    dqbuf.dqb_curinodes < dqbuf.dqb_isoftlimit &&
480 	    dqbuf.dqb_curinodes >= dqb->dqb_isoftlimit)
481 		dqb->dqb_itime = 0;
482 	if (dqbuf.dqb_isoftlimit == 0 && id !=0 &&
483 	    dqb->dqb_isoftlimit > 0 &&
484 	    dqbuf.dqb_curinodes >= dqb->dqb_isoftlimit)
485 		dqb->dqb_itime = 0;
486 	dqb->dqb_curinodes = dqbuf.dqb_curinodes;
487 	dqb->dqb_curblocks = dqbuf.dqb_curblocks;
488 	/*
489 	 * Write it back.
490 	 */
491 	switch (qf->wordsize) {
492 	case 32:
493 		return (quota_write32(qf, dqb, id));
494 	case 64:
495 		return (quota_write64(qf, dqb, id));
496 	default:
497 		errno = EINVAL;
498 		return (-1);
499 	}
500 	/* not reached */
501 }
502 
503 /*
504  * Convert a quota file from one format to another.
505  */
506 int
507 quota_convert(struct quotafile *qf, int wordsize)
508 {
509 	struct quotafile *newqf;
510 	struct dqhdr64 dqh;
511 	struct dqblk dqblk;
512 	struct group *grp;
513 	int serrno, maxid, id, fd;
514 
515 	/*
516 	 * Quotas must not be active and quotafile must be open
517 	 * for reading and writing.
518 	 */
519 	if ((qf->accmode & O_RDWR) != O_RDWR || qf->fd == -1) {
520 		errno = EBADF;
521 		return (-1);
522 	}
523 	if ((wordsize != 32 && wordsize != 64) ||
524 	     wordsize == qf->wordsize) {
525 		errno = EINVAL;
526 		return (-1);
527 	}
528 	maxid = quota_maxid(qf);
529 	if ((newqf = calloc(1, sizeof(*qf))) == NULL) {
530 		errno = ENOMEM;
531 		return (-1);
532 	}
533 	*newqf = *qf;
534 	snprintf(newqf->qfname, MAXPATHLEN + 1, "%s_%d.orig", qf->qfname,
535 	    qf->wordsize);
536 	if (rename(qf->qfname, newqf->qfname) < 0) {
537 		free(newqf);
538 		return (-1);
539 	}
540 	if ((newqf->fd = open(qf->qfname, O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC,
541 	    0)) < 0) {
542 		serrno = errno;
543 		goto error;
544 	}
545 	newqf->wordsize = wordsize;
546 	if (wordsize == 64) {
547 		memset(&dqh, 0, sizeof(dqh));
548 		memcpy(dqh.dqh_magic, Q_DQHDR64_MAGIC, sizeof(dqh.dqh_magic));
549 		dqh.dqh_version = htobe32(Q_DQHDR64_VERSION);
550 		dqh.dqh_hdrlen = htobe32(sizeof(struct dqhdr64));
551 		dqh.dqh_reclen = htobe32(sizeof(struct dqblk64));
552 		if (write(newqf->fd, &dqh, sizeof(dqh)) != sizeof(dqh)) {
553 			serrno = errno;
554 			goto error;
555 		}
556 	}
557 	grp = getgrnam(QUOTAGROUP);
558 	fchown(newqf->fd, 0, grp ? grp->gr_gid : 0);
559 	fchmod(newqf->fd, 0640);
560 	for (id = 0; id <= maxid; id++) {
561 		if ((quota_read(qf, &dqblk, id)) < 0)
562 			break;
563 		switch (newqf->wordsize) {
564 		case 32:
565 			if ((quota_write32(newqf, &dqblk, id)) < 0)
566 				break;
567 			continue;
568 		case 64:
569 			if ((quota_write64(newqf, &dqblk, id)) < 0)
570 				break;
571 			continue;
572 		default:
573 			errno = EINVAL;
574 			break;
575 		}
576 	}
577 	if (id < maxid) {
578 		serrno = errno;
579 		goto error;
580 	}
581 	/*
582 	 * Update the passed in quotafile to reference the new file
583 	 * of the converted format size.
584 	 */
585 	fd = qf->fd;
586 	qf->fd = newqf->fd;
587 	newqf->fd = fd;
588 	qf->wordsize = newqf->wordsize;
589 	quota_close(newqf);
590 	return (0);
591 error:
592 	/* put back the original file */
593 	(void) rename(newqf->qfname, qf->qfname);
594 	quota_close(newqf);
595 	errno = serrno;
596 	return (-1);
597 }
598