1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed for the FreeBSD Project by Marshall 8 * Kirk McKusick and Network Associates Laboratories, the Security 9 * Research Division of Network Associates, Inc. under DARPA/SPAWAR 10 * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 11 * research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD$ 38 */ 39 40 #include <sys/param.h> 41 #include <sys/mount.h> 42 #include <sys/stat.h> 43 #include <ufs/ufs/ufsmount.h> 44 #include <err.h> 45 #include <errno.h> 46 #include <fcntl.h> 47 #include <grp.h> 48 #include <limits.h> 49 #include <mntopts.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <sysexits.h> 54 #include <unistd.h> 55 56 static void 57 usage(void) 58 { 59 60 errx(EX_USAGE, "usage: mksnap_ffs snapshot_name"); 61 } 62 63 static int 64 isdir(const char *path, struct stat *stbufp) 65 { 66 67 if (stat(path, stbufp) < 0) 68 return (-1); 69 if (!S_ISDIR(stbufp->st_mode)) 70 return (0); 71 return (1); 72 } 73 74 static int 75 issamefs(const char *path, struct statfs *stfsp) 76 { 77 struct statfs stfsbuf; 78 struct stat stbuf; 79 80 if (isdir(path, &stbuf) != 1) 81 return (-1); 82 if (statfs(path, &stfsbuf) < 0) 83 return (-1); 84 if (fsidcmp(&stfsbuf.f_fsid, &stfsp->f_fsid) != 0) 85 return (0); 86 return (1); 87 } 88 89 int 90 main(int argc, char **argv) 91 { 92 char errmsg[255], path[PATH_MAX]; 93 char *cp, *snapname; 94 struct statfs stfsbuf; 95 struct group *grp; 96 struct stat stbuf; 97 struct iovec *iov; 98 int fd, iovlen; 99 100 if (argc == 2) 101 snapname = argv[1]; 102 else if (argc == 3) 103 snapname = argv[2]; /* Old usage. */ 104 else 105 usage(); 106 107 /* 108 * Check that the user running this program has permission 109 * to create and remove a snapshot file from the directory 110 * in which they have requested to have it made. If the 111 * directory is sticky and not owned by the user, then they 112 * will not be able to remove the snapshot when they are 113 * done with it. 114 */ 115 if (strlen(snapname) >= PATH_MAX) 116 errx(1, "pathname too long %s", snapname); 117 cp = strrchr(snapname, '/'); 118 if (cp == NULL) { 119 strlcpy(path, ".", PATH_MAX); 120 } else if (cp == snapname) { 121 strlcpy(path, "/", PATH_MAX); 122 } else { 123 strlcpy(path, snapname, cp - snapname + 1); 124 } 125 if (statfs(path, &stfsbuf) < 0) 126 err(1, "%s", path); 127 switch (isdir(path, &stbuf)) { 128 case -1: 129 err(1, "%s", path); 130 case 0: 131 errx(1, "%s: Not a directory", path); 132 default: 133 break; 134 } 135 if (access(path, W_OK) < 0) 136 err(1, "Lack write permission in %s", path); 137 if ((stbuf.st_mode & S_ISTXT) && stbuf.st_uid != getuid()) 138 errx(1, "Lack write permission in %s: Sticky bit set", path); 139 140 /* 141 * Work around an issue when mksnap_ffs is started in chroot'ed 142 * environment and f_mntonname contains absolute path within 143 * real root. 144 */ 145 for (cp = stfsbuf.f_mntonname; issamefs(cp, &stfsbuf) != 1; 146 cp = strchrnul(cp + 1, '/')) { 147 if (cp[0] == '\0') 148 errx(1, "%s: Not a mount point", stfsbuf.f_mntonname); 149 } 150 if (cp != stfsbuf.f_mntonname) 151 strlcpy(stfsbuf.f_mntonname, cp, sizeof(stfsbuf.f_mntonname)); 152 153 /* 154 * Having verified access to the directory in which the 155 * snapshot is to be built, proceed with creating it. 156 */ 157 if ((grp = getgrnam("operator")) == NULL) 158 errx(1, "Cannot retrieve operator gid"); 159 160 iov = NULL; 161 iovlen = 0; 162 build_iovec(&iov, &iovlen, "fstype", "ffs", 4); 163 build_iovec(&iov, &iovlen, "from", snapname, (size_t)-1); 164 build_iovec(&iov, &iovlen, "fspath", stfsbuf.f_mntonname, (size_t)-1); 165 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); 166 build_iovec(&iov, &iovlen, "update", NULL, 0); 167 build_iovec(&iov, &iovlen, "snapshot", NULL, 0); 168 169 *errmsg = '\0'; 170 if (nmount(iov, iovlen, stfsbuf.f_flags) < 0) { 171 errmsg[sizeof(errmsg) - 1] = '\0'; 172 err(1, "Cannot create snapshot %s%s%s", snapname, 173 *errmsg != '\0' ? ": " : "", errmsg); 174 } 175 if ((fd = open(snapname, O_RDONLY)) < 0) 176 err(1, "Cannot open %s", snapname); 177 if (fstat(fd, &stbuf) != 0) 178 err(1, "Cannot stat %s", snapname); 179 if ((stbuf.st_flags & SF_SNAPSHOT) == 0) 180 errx(1, "File %s is not a snapshot", snapname); 181 if (fchown(fd, -1, grp->gr_gid) != 0) 182 err(1, "Cannot chown %s", snapname); 183 if (fchmod(fd, S_IRUSR | S_IRGRP) != 0) 184 err(1, "Cannot chmod %s", snapname); 185 186 exit(EXIT_SUCCESS); 187 } 188