| 1 | /* |
| 2 | * Copyright (c) 1992, 1993, 1994 |
| 3 | * The Regents of the University of California. All rights reserved. |
| 4 | * |
| 5 | * This code is derived from software donated to Berkeley by |
| 6 | * Jan-Simon Pendry. |
| 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: |
| 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer in the |
| 15 | * documentation and/or other materials provided with the distribution. |
| 16 | * 3. All advertising materials mentioning features or use of this software |
| 17 | * must display the following acknowledgement: |
| 18 | * This product includes software developed by the University of |
| 19 | * California, Berkeley and its contributors. |
| 20 | * 4. Neither the name of the University nor the names of its contributors |
| 21 | * may be used to endorse or promote products derived from this software |
| 22 | * without specific prior written permission. |
| 23 | * |
| 24 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 34 | * SUCH DAMAGE. |
| 35 | * |
| 36 | * @(#) Copyright (c) 1992, 1993, 1994 The Regents of the University of California. All rights reserved. |
| 37 | * @(#)mount_umap.c 8.5 (Berkeley) 4/26/95 |
| 38 | * $FreeBSD: src/sbin/mount_umap/mount_umap.c,v 1.15 1999/10/09 11:54:13 phk Exp $ |
| 39 | * $DragonFly: src/sbin/mount_umap/Attic/mount_umap.c,v 1.7 2004/12/18 21:43:39 swildner Exp $ |
| 40 | */ |
| 41 | |
| 42 | #include <sys/param.h> |
| 43 | #include <sys/mount.h> |
| 44 | #include <sys/stat.h> |
| 45 | |
| 46 | #include <vfs/umapfs/umap.h> |
| 47 | |
| 48 | #include <err.h> |
| 49 | #include <stdio.h> |
| 50 | #include <stdlib.h> |
| 51 | #include <string.h> |
| 52 | #include <sysexits.h> |
| 53 | #include <unistd.h> |
| 54 | |
| 55 | #include "mntopts.h" |
| 56 | |
| 57 | #define ROOTUSER 0 |
| 58 | /* |
| 59 | * This define controls whether any user but the superuser can own and |
| 60 | * write mapfiles. If other users can, system security can be gravely |
| 61 | * compromised. If this is not a concern, undefine SECURITY. |
| 62 | */ |
| 63 | #define MAPSECURITY 1 |
| 64 | |
| 65 | /* |
| 66 | * This routine provides the user interface to mounting a umap layer. |
| 67 | * It takes 4 mandatory parameters. The mandatory arguments are the place |
| 68 | * where the next lower level is mounted, the place where the umap layer is to |
| 69 | * be mounted, the name of the user mapfile, and the name of the group |
| 70 | * mapfile. The routine checks the ownerships and permissions on the |
| 71 | * mapfiles, then opens and reads them. Then it calls mount(), which |
| 72 | * will, in turn, call the umap version of mount. |
| 73 | */ |
| 74 | |
| 75 | static struct mntopt mopts[] = { |
| 76 | MOPT_STDOPTS, |
| 77 | { NULL } |
| 78 | }; |
| 79 | |
| 80 | static void usage(void) __dead2; |
| 81 | |
| 82 | int |
| 83 | main(int argc, char **argv) |
| 84 | { |
| 85 | static char not[] = "; not mounted"; |
| 86 | struct stat statbuf; |
| 87 | struct umap_args args; |
| 88 | FILE *fp, *gfp; |
| 89 | u_long gmapdata[GMAPFILEENTRIES][2], mapdata[MAPFILEENTRIES][2]; |
| 90 | int ch, count, gnentries, mntflags, nentries; |
| 91 | char *gmapfile, *mapfile, buf[20]; |
| 92 | char source[MAXPATHLEN], target[MAXPATHLEN]; |
| 93 | struct vfsconf vfc; |
| 94 | int error; |
| 95 | |
| 96 | mntflags = 0; |
| 97 | mapfile = gmapfile = NULL; |
| 98 | while ((ch = getopt(argc, argv, "g:o:u:")) != -1) |
| 99 | switch (ch) { |
| 100 | case 'g': |
| 101 | gmapfile = optarg; |
| 102 | break; |
| 103 | case 'o': |
| 104 | getmntopts(optarg, mopts, &mntflags, 0); |
| 105 | break; |
| 106 | case 'u': |
| 107 | mapfile = optarg; |
| 108 | break; |
| 109 | case '?': |
| 110 | default: |
| 111 | usage(); |
| 112 | } |
| 113 | argc -= optind; |
| 114 | argv += optind; |
| 115 | |
| 116 | if (argc != 2 || mapfile == NULL || gmapfile == NULL) |
| 117 | usage(); |
| 118 | |
| 119 | /* resolve both target and source with realpath(3) */ |
| 120 | checkpath(argv[0], source); |
| 121 | checkpath(argv[1], target); |
| 122 | |
| 123 | /* Read in uid mapping data. */ |
| 124 | if ((fp = fopen(mapfile, "r")) == NULL) |
| 125 | err(EX_NOINPUT, "%s%s", mapfile, not); |
| 126 | |
| 127 | #ifdef MAPSECURITY |
| 128 | /* |
| 129 | * Check that group and other don't have write permissions on |
| 130 | * this mapfile, and that the mapfile belongs to root. |
| 131 | */ |
| 132 | if (fstat(fileno(fp), &statbuf)) |
| 133 | err(EX_OSERR, "%s%s", mapfile, not); |
| 134 | if (statbuf.st_mode & S_IWGRP || statbuf.st_mode & S_IWOTH) { |
| 135 | strmode(statbuf.st_mode, buf); |
| 136 | err(EX_NOPERM, "%s: improper write permissions (%s)%s", |
| 137 | mapfile, buf, not); |
| 138 | } |
| 139 | if (statbuf.st_uid != ROOTUSER) |
| 140 | errx(EX_NOPERM, "%s does not belong to root%s", mapfile, not); |
| 141 | #endif /* MAPSECURITY */ |
| 142 | |
| 143 | if ((fscanf(fp, "%d\n", &nentries)) != 1) |
| 144 | errx(EX_DATAERR, "%s: nentries not found%s", mapfile, not); |
| 145 | if (nentries > MAPFILEENTRIES) |
| 146 | errx(EX_DATAERR, |
| 147 | "maximum number of entries is %d%s", MAPFILEENTRIES, not); |
| 148 | #if 0 |
| 149 | printf("reading %d entries\n", nentries); |
| 150 | #endif |
| 151 | for (count = 0; count < nentries; ++count) { |
| 152 | if ((fscanf(fp, "%lu %lu\n", |
| 153 | &(mapdata[count][0]), &(mapdata[count][1]))) != 2) { |
| 154 | if (ferror(fp)) |
| 155 | err(EX_OSERR, "%s%s", mapfile, not); |
| 156 | if (feof(fp)) |
| 157 | errx(EX_DATAERR, "%s: unexpected end-of-file%s", |
| 158 | mapfile, not); |
| 159 | errx(EX_DATAERR, "%s: illegal format (line %d)%s", |
| 160 | mapfile, count + 2, not); |
| 161 | } |
| 162 | #if 0 |
| 163 | /* Fix a security hole. */ |
| 164 | if (mapdata[count][1] == 0) |
| 165 | errx(1, "mapping id 0 not permitted (line %d)%s", |
| 166 | count + 2, not); |
| 167 | #endif |
| 168 | } |
| 169 | |
| 170 | /* Read in gid mapping data. */ |
| 171 | if ((gfp = fopen(gmapfile, "r")) == NULL) |
| 172 | err(EX_NOINPUT, "%s%s", gmapfile, not); |
| 173 | |
| 174 | #ifdef MAPSECURITY |
| 175 | /* |
| 176 | * Check that group and other don't have write permissions on |
| 177 | * this group mapfile, and that the file belongs to root. |
| 178 | */ |
| 179 | if (fstat(fileno(gfp), &statbuf)) |
| 180 | err(EX_OSERR, "%s%s", gmapfile, not); |
| 181 | if (statbuf.st_mode & S_IWGRP || statbuf.st_mode & S_IWOTH) { |
| 182 | strmode(statbuf.st_mode, buf); |
| 183 | err(EX_NOPERM, "%s: improper write permissions (%s)%s", |
| 184 | gmapfile, buf, not); |
| 185 | } |
| 186 | if (statbuf.st_uid != ROOTUSER) |
| 187 | errx(EX_NOPERM, "%s does not belong to root%s", gmapfile, not); |
| 188 | #endif /* MAPSECURITY */ |
| 189 | |
| 190 | if ((fscanf(gfp, "%d\n", &gnentries)) != 1) |
| 191 | errx(EX_DATAERR, "%s: nentries not found%s", gmapfile, not); |
| 192 | if (gnentries > MAPFILEENTRIES) |
| 193 | errx(EX_DATAERR, |
| 194 | "maximum number of entries is %d%s", GMAPFILEENTRIES, not); |
| 195 | #if 0 |
| 196 | printf("reading %d group entries\n", gnentries); |
| 197 | #endif |
| 198 | |
| 199 | for (count = 0; count < gnentries; ++count) |
| 200 | if ((fscanf(gfp, "%lu %lu\n", |
| 201 | &(gmapdata[count][0]), &(gmapdata[count][1]))) != 2) { |
| 202 | if (ferror(gfp)) |
| 203 | err(EX_OSERR, "%s%s", gmapfile, not); |
| 204 | if (feof(gfp)) |
| 205 | errx(EX_DATAERR, "%s: unexpected end-of-file%s", |
| 206 | gmapfile, not); |
| 207 | errx(EX_DATAERR, "%s: illegal format (line %d)%s", |
| 208 | gmapfile, count + 2, not); |
| 209 | } |
| 210 | |
| 211 | |
| 212 | /* Setup mount call args. */ |
| 213 | args.target = source; |
| 214 | args.nentries = nentries; |
| 215 | args.mapdata = mapdata; |
| 216 | args.gnentries = gnentries; |
| 217 | args.gmapdata = gmapdata; |
| 218 | |
| 219 | error = getvfsbyname("umap", &vfc); |
| 220 | if (error && vfsisloadable("umap")) { |
| 221 | if(vfsload("umap")) |
| 222 | err(1, "vfsload(umap)"); |
| 223 | endvfsent(); |
| 224 | error = getvfsbyname("umap", &vfc); |
| 225 | } |
| 226 | if (error) |
| 227 | errx(1, "umap filesystem is not available"); |
| 228 | |
| 229 | if (mount(vfc.vfc_name, argv[1], mntflags, &args)) |
| 230 | err(1, NULL); |
| 231 | exit(0); |
| 232 | } |
| 233 | |
| 234 | void |
| 235 | usage(void) |
| 236 | { |
| 237 | fprintf(stderr, |
| 238 | "usage: mount_umap [-o options] -u usermap -g groupmap target_fs mount_point\n"); |
| 239 | exit(EX_USAGE); |
| 240 | } |