1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed for the FreeBSD Project by Marshall 8 * Kirk McKusick and Network Associates Laboratories, the Security 9 * Research Division of Network Associates, Inc. under DARPA/SPAWAR 10 * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 11 * research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38 #include <sys/param.h> 39 #include <sys/mount.h> 40 #include <sys/stat.h> 41 42 #include <ufs/ufs/extattr.h> 43 #include <ufs/ufs/quota.h> 44 #include <ufs/ufs/ufsmount.h> 45 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <grp.h> 50 #include <limits.h> 51 #include <mntopts.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 #include <sysexits.h> 56 #include <unistd.h> 57 58 static void 59 usage(void) 60 { 61 62 errx(EX_USAGE, "usage: mksnap_ffs snapshot_name"); 63 } 64 65 static int 66 isdir(const char *path, struct stat *stbufp) 67 { 68 69 if (stat(path, stbufp) < 0) 70 return (-1); 71 if (!S_ISDIR(stbufp->st_mode)) 72 return (0); 73 return (1); 74 } 75 76 static int 77 issamefs(const char *path, struct statfs *stfsp) 78 { 79 struct statfs stfsbuf; 80 struct stat stbuf; 81 82 if (isdir(path, &stbuf) != 1) 83 return (-1); 84 if (statfs(path, &stfsbuf) < 0) 85 return (-1); 86 if (fsidcmp(&stfsbuf.f_fsid, &stfsp->f_fsid) != 0) 87 return (0); 88 return (1); 89 } 90 91 int 92 main(int argc, char **argv) 93 { 94 char errmsg[255], path[PATH_MAX]; 95 char *cp, *snapname; 96 struct statfs stfsbuf; 97 struct group *grp; 98 struct stat stbuf; 99 struct iovec *iov; 100 int fd, iovlen; 101 102 if (argc == 2) 103 snapname = argv[1]; 104 else if (argc == 3) 105 snapname = argv[2]; /* Old usage. */ 106 else 107 usage(); 108 109 /* 110 * Check that the user running this program has permission 111 * to create and remove a snapshot file from the directory 112 * in which they have requested to have it made. If the 113 * directory is sticky and not owned by the user, then they 114 * will not be able to remove the snapshot when they are 115 * done with it. 116 */ 117 if (strlen(snapname) >= PATH_MAX) 118 errx(1, "pathname too long %s", snapname); 119 cp = strrchr(snapname, '/'); 120 if (cp == NULL) { 121 strlcpy(path, ".", PATH_MAX); 122 } else if (cp == snapname) { 123 strlcpy(path, "/", PATH_MAX); 124 } else { 125 strlcpy(path, snapname, cp - snapname + 1); 126 } 127 if (statfs(path, &stfsbuf) < 0) 128 err(1, "%s", path); 129 switch (isdir(path, &stbuf)) { 130 case -1: 131 err(1, "%s", path); 132 case 0: 133 errx(1, "%s: Not a directory", path); 134 default: 135 break; 136 } 137 if (access(path, W_OK) < 0) 138 err(1, "Lack write permission in %s", path); 139 if ((stbuf.st_mode & S_ISTXT) && stbuf.st_uid != getuid()) 140 errx(1, "Lack write permission in %s: Sticky bit set", path); 141 142 /* 143 * Work around an issue when mksnap_ffs is started in chroot'ed 144 * environment and f_mntonname contains absolute path within 145 * real root. 146 */ 147 for (cp = stfsbuf.f_mntonname; issamefs(cp, &stfsbuf) != 1; 148 cp = strchrnul(cp + 1, '/')) { 149 if (cp[0] == '\0') 150 errx(1, "%s: Not a mount point", stfsbuf.f_mntonname); 151 } 152 if (cp != stfsbuf.f_mntonname) 153 strlcpy(stfsbuf.f_mntonname, cp, sizeof(stfsbuf.f_mntonname)); 154 155 /* 156 * Having verified access to the directory in which the 157 * snapshot is to be built, proceed with creating it. 158 */ 159 if ((grp = getgrnam("operator")) == NULL) 160 errx(1, "Cannot retrieve operator gid"); 161 162 iov = NULL; 163 iovlen = 0; 164 build_iovec(&iov, &iovlen, "fstype", "ffs", 4); 165 build_iovec(&iov, &iovlen, "from", snapname, (size_t)-1); 166 build_iovec(&iov, &iovlen, "fspath", stfsbuf.f_mntonname, (size_t)-1); 167 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); 168 build_iovec(&iov, &iovlen, "update", NULL, 0); 169 build_iovec(&iov, &iovlen, "snapshot", NULL, 0); 170 171 *errmsg = '\0'; 172 if (nmount(iov, iovlen, stfsbuf.f_flags) < 0) { 173 errmsg[sizeof(errmsg) - 1] = '\0'; 174 err(1, "Cannot create snapshot %s%s%s", snapname, 175 *errmsg != '\0' ? ": " : "", errmsg); 176 } 177 if ((fd = open(snapname, O_RDONLY)) < 0) 178 err(1, "Cannot open %s", snapname); 179 if (fstat(fd, &stbuf) != 0) 180 err(1, "Cannot stat %s", snapname); 181 if ((stbuf.st_flags & SF_SNAPSHOT) == 0) 182 errx(1, "File %s is not a snapshot", snapname); 183 if (fchown(fd, -1, grp->gr_gid) != 0) 184 err(1, "Cannot chown %s", snapname); 185 if (fchmod(fd, S_IRUSR | S_IRGRP) != 0) 186 err(1, "Cannot chmod %s", snapname); 187 188 exit(EXIT_SUCCESS); 189 } 190