1 /* 2 * Copyright (c) 2003 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by Marshall 6 * Kirk McKusick and Network Associates Laboratories, the Security 7 * Research Division of Network Associates, Inc. under DARPA/SPAWAR 8 * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 9 * research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The names of the authors may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * $FreeBSD$ 36 */ 37 38 #include <sys/param.h> 39 #include <sys/mount.h> 40 #include <sys/stat.h> 41 #include <ufs/ufs/ufsmount.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <grp.h> 46 #include <limits.h> 47 #include <mntopts.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <sysexits.h> 52 #include <unistd.h> 53 54 static void 55 usage(void) 56 { 57 58 errx(EX_USAGE, "usage: mksnap_ffs snapshot_name"); 59 } 60 61 static int 62 isdir(const char *path, struct stat *stbufp) 63 { 64 65 if (stat(path, stbufp) < 0) 66 return (-1); 67 if (!S_ISDIR(stbufp->st_mode)) 68 return (0); 69 return (1); 70 } 71 72 static int 73 issamefs(const char *path, struct statfs *stfsp) 74 { 75 struct statfs stfsbuf; 76 struct stat stbuf; 77 78 if (isdir(path, &stbuf) != 1) 79 return (-1); 80 if (statfs(path, &stfsbuf) < 0) 81 return (-1); 82 if ((stfsbuf.f_fsid.val[0] != stfsp->f_fsid.val[0]) || 83 (stfsbuf.f_fsid.val[1] != stfsp->f_fsid.val[1])) 84 return (0); 85 return (1); 86 } 87 88 int 89 main(int argc, char **argv) 90 { 91 char errmsg[255], path[PATH_MAX]; 92 char *cp, *snapname; 93 struct statfs stfsbuf; 94 struct group *grp; 95 struct stat stbuf; 96 struct iovec *iov; 97 int fd, iovlen; 98 99 if (argc == 2) 100 snapname = argv[1]; 101 else if (argc == 3) 102 snapname = argv[2]; /* Old usage. */ 103 else 104 usage(); 105 106 /* 107 * Check that the user running this program has permission 108 * to create and remove a snapshot file from the directory 109 * in which they have requested to have it made. If the 110 * directory is sticky and not owned by the user, then they 111 * will not be able to remove the snapshot when they are 112 * done with it. 113 */ 114 if (strlen(snapname) >= PATH_MAX) 115 errx(1, "pathname too long %s", snapname); 116 cp = strrchr(snapname, '/'); 117 if (cp == NULL) { 118 strlcpy(path, ".", PATH_MAX); 119 } else if (cp == snapname) { 120 strlcpy(path, "/", PATH_MAX); 121 } else { 122 strlcpy(path, snapname, cp - snapname + 1); 123 } 124 if (statfs(path, &stfsbuf) < 0) 125 err(1, "%s", path); 126 switch (isdir(path, &stbuf)) { 127 case -1: 128 err(1, "%s", path); 129 case 0: 130 errx(1, "%s: Not a directory", path); 131 default: 132 break; 133 } 134 if (access(path, W_OK) < 0) 135 err(1, "Lack write permission in %s", path); 136 if ((stbuf.st_mode & S_ISTXT) && stbuf.st_uid != getuid()) 137 errx(1, "Lack write permission in %s: Sticky bit set", path); 138 139 /* 140 * Work around an issue when mksnap_ffs is started in chroot'ed 141 * environment and f_mntonname contains absolute path within 142 * real root. 143 */ 144 for (cp = stfsbuf.f_mntonname; issamefs(cp, &stfsbuf) != 1; 145 cp = strchrnul(cp + 1, '/')) { 146 if (cp[0] == '\0') 147 errx(1, "%s: Not a mount point", stfsbuf.f_mntonname); 148 } 149 if (cp != stfsbuf.f_mntonname) 150 strlcpy(stfsbuf.f_mntonname, cp, sizeof(stfsbuf.f_mntonname)); 151 152 /* 153 * Having verified access to the directory in which the 154 * snapshot is to be built, proceed with creating it. 155 */ 156 if ((grp = getgrnam("operator")) == NULL) 157 errx(1, "Cannot retrieve operator gid"); 158 159 iov = NULL; 160 iovlen = 0; 161 build_iovec(&iov, &iovlen, "fstype", "ffs", 4); 162 build_iovec(&iov, &iovlen, "from", snapname, (size_t)-1); 163 build_iovec(&iov, &iovlen, "fspath", stfsbuf.f_mntonname, (size_t)-1); 164 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); 165 build_iovec(&iov, &iovlen, "update", NULL, 0); 166 build_iovec(&iov, &iovlen, "snapshot", NULL, 0); 167 168 *errmsg = '\0'; 169 if (nmount(iov, iovlen, stfsbuf.f_flags) < 0) { 170 errmsg[sizeof(errmsg) - 1] = '\0'; 171 err(1, "Cannot create snapshot %s%s%s", snapname, 172 *errmsg != '\0' ? ": " : "", errmsg); 173 } 174 if ((fd = open(snapname, O_RDONLY)) < 0) 175 err(1, "Cannot open %s", snapname); 176 if (fstat(fd, &stbuf) != 0) 177 err(1, "Cannot stat %s", snapname); 178 if ((stbuf.st_flags & SF_SNAPSHOT) == 0) 179 errx(1, "File %s is not a snapshot", snapname); 180 if (fchown(fd, -1, grp->gr_gid) != 0) 181 err(1, "Cannot chown %s", snapname); 182 if (fchmod(fd, S_IRUSR | S_IRGRP) != 0) 183 err(1, "Cannot chmod %s", snapname); 184 185 exit(EXIT_SUCCESS); 186 } 187