1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed for the FreeBSD Project by Marshall 8 * Kirk McKusick and Network Associates Laboratories, the Security 9 * Research Division of Network Associates, Inc. under DARPA/SPAWAR 10 * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 11 * research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD$ 38 */ 39 40 #include <sys/param.h> 41 #include <sys/mount.h> 42 #include <sys/stat.h> 43 #include <ufs/ufs/ufsmount.h> 44 #include <err.h> 45 #include <errno.h> 46 #include <fcntl.h> 47 #include <grp.h> 48 #include <limits.h> 49 #include <mntopts.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <sysexits.h> 54 #include <unistd.h> 55 56 static void 57 usage(void) 58 { 59 60 errx(EX_USAGE, "usage: mksnap_ffs snapshot_name"); 61 } 62 63 static int 64 isdir(const char *path, struct stat *stbufp) 65 { 66 67 if (stat(path, stbufp) < 0) 68 return (-1); 69 if (!S_ISDIR(stbufp->st_mode)) 70 return (0); 71 return (1); 72 } 73 74 static int 75 issamefs(const char *path, struct statfs *stfsp) 76 { 77 struct statfs stfsbuf; 78 struct stat stbuf; 79 80 if (isdir(path, &stbuf) != 1) 81 return (-1); 82 if (statfs(path, &stfsbuf) < 0) 83 return (-1); 84 if ((stfsbuf.f_fsid.val[0] != stfsp->f_fsid.val[0]) || 85 (stfsbuf.f_fsid.val[1] != stfsp->f_fsid.val[1])) 86 return (0); 87 return (1); 88 } 89 90 int 91 main(int argc, char **argv) 92 { 93 char errmsg[255], path[PATH_MAX]; 94 char *cp, *snapname; 95 struct statfs stfsbuf; 96 struct group *grp; 97 struct stat stbuf; 98 struct iovec *iov; 99 int fd, iovlen; 100 101 if (argc == 2) 102 snapname = argv[1]; 103 else if (argc == 3) 104 snapname = argv[2]; /* Old usage. */ 105 else 106 usage(); 107 108 /* 109 * Check that the user running this program has permission 110 * to create and remove a snapshot file from the directory 111 * in which they have requested to have it made. If the 112 * directory is sticky and not owned by the user, then they 113 * will not be able to remove the snapshot when they are 114 * done with it. 115 */ 116 if (strlen(snapname) >= PATH_MAX) 117 errx(1, "pathname too long %s", snapname); 118 cp = strrchr(snapname, '/'); 119 if (cp == NULL) { 120 strlcpy(path, ".", PATH_MAX); 121 } else if (cp == snapname) { 122 strlcpy(path, "/", PATH_MAX); 123 } else { 124 strlcpy(path, snapname, cp - snapname + 1); 125 } 126 if (statfs(path, &stfsbuf) < 0) 127 err(1, "%s", path); 128 switch (isdir(path, &stbuf)) { 129 case -1: 130 err(1, "%s", path); 131 case 0: 132 errx(1, "%s: Not a directory", path); 133 default: 134 break; 135 } 136 if (access(path, W_OK) < 0) 137 err(1, "Lack write permission in %s", path); 138 if ((stbuf.st_mode & S_ISTXT) && stbuf.st_uid != getuid()) 139 errx(1, "Lack write permission in %s: Sticky bit set", path); 140 141 /* 142 * Work around an issue when mksnap_ffs is started in chroot'ed 143 * environment and f_mntonname contains absolute path within 144 * real root. 145 */ 146 for (cp = stfsbuf.f_mntonname; issamefs(cp, &stfsbuf) != 1; 147 cp = strchrnul(cp + 1, '/')) { 148 if (cp[0] == '\0') 149 errx(1, "%s: Not a mount point", stfsbuf.f_mntonname); 150 } 151 if (cp != stfsbuf.f_mntonname) 152 strlcpy(stfsbuf.f_mntonname, cp, sizeof(stfsbuf.f_mntonname)); 153 154 /* 155 * Having verified access to the directory in which the 156 * snapshot is to be built, proceed with creating it. 157 */ 158 if ((grp = getgrnam("operator")) == NULL) 159 errx(1, "Cannot retrieve operator gid"); 160 161 iov = NULL; 162 iovlen = 0; 163 build_iovec(&iov, &iovlen, "fstype", "ffs", 4); 164 build_iovec(&iov, &iovlen, "from", snapname, (size_t)-1); 165 build_iovec(&iov, &iovlen, "fspath", stfsbuf.f_mntonname, (size_t)-1); 166 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); 167 build_iovec(&iov, &iovlen, "update", NULL, 0); 168 build_iovec(&iov, &iovlen, "snapshot", NULL, 0); 169 170 *errmsg = '\0'; 171 if (nmount(iov, iovlen, stfsbuf.f_flags) < 0) { 172 errmsg[sizeof(errmsg) - 1] = '\0'; 173 err(1, "Cannot create snapshot %s%s%s", snapname, 174 *errmsg != '\0' ? ": " : "", errmsg); 175 } 176 if ((fd = open(snapname, O_RDONLY)) < 0) 177 err(1, "Cannot open %s", snapname); 178 if (fstat(fd, &stbuf) != 0) 179 err(1, "Cannot stat %s", snapname); 180 if ((stbuf.st_flags & SF_SNAPSHOT) == 0) 181 errx(1, "File %s is not a snapshot", snapname); 182 if (fchown(fd, -1, grp->gr_gid) != 0) 183 err(1, "Cannot chown %s", snapname); 184 if (fchmod(fd, S_IRUSR | S_IRGRP) != 0) 185 err(1, "Cannot chmod %s", snapname); 186 187 exit(EXIT_SUCCESS); 188 } 189