1111716Smckusick/* 2111716Smckusick * Copyright (c) 2003 Networks Associates Technology, Inc. 3111716Smckusick * All rights reserved. 4111716Smckusick * 5111716Smckusick * This software was developed for the FreeBSD Project by Marshall 6111716Smckusick * Kirk McKusick and Network Associates Laboratories, the Security 7111716Smckusick * Research Division of Network Associates, Inc. under DARPA/SPAWAR 8111716Smckusick * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 9111716Smckusick * research program. 10111716Smckusick * 11111716Smckusick * Redistribution and use in source and binary forms, with or without 12111716Smckusick * modification, are permitted provided that the following conditions 13111716Smckusick * are met: 14111716Smckusick * 1. Redistributions of source code must retain the above copyright 15111716Smckusick * notice, this list of conditions and the following disclaimer. 16111716Smckusick * 2. Redistributions in binary form must reproduce the above copyright 17111716Smckusick * notice, this list of conditions and the following disclaimer in the 18111716Smckusick * documentation and/or other materials provided with the distribution. 19111716Smckusick * 3. The names of the authors may not be used to endorse or promote 20111716Smckusick * products derived from this software without specific prior written 21111716Smckusick * permission. 22111716Smckusick * 23111716Smckusick * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24111716Smckusick * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25111716Smckusick * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26111716Smckusick * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27111716Smckusick * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28111716Smckusick * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29111716Smckusick * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30111716Smckusick * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31111716Smckusick * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32111716Smckusick * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33111716Smckusick * SUCH DAMAGE. 34111716Smckusick * 35111716Smckusick * $FreeBSD$ 36111716Smckusick */ 37111716Smckusick 38111716Smckusick#include <sys/param.h> 39111716Smckusick#include <sys/mount.h> 40111716Smckusick#include <sys/stat.h> 41111716Smckusick#include <ufs/ufs/ufsmount.h> 42111716Smckusick#include <err.h> 43111716Smckusick#include <errno.h> 44111725Smckusick#include <fcntl.h> 45111716Smckusick#include <grp.h> 46122035Smckusick#include <limits.h> 47193051Spjd#include <mntopts.h> 48111716Smckusick#include <stdio.h> 49111716Smckusick#include <stdlib.h> 50111716Smckusick#include <string.h> 51111716Smckusick#include <sysexits.h> 52111716Smckusick#include <unistd.h> 53111716Smckusick 54193051Spjdstatic void 55193051Spjdusage(void) 56193051Spjd{ 57121706Strhodes 58193051Spjd errx(EX_USAGE, "usage: mksnap_ffs snapshot_name"); 59193051Spjd} 60193051Spjd 61111716Smckusickint 62111716Smckusickmain(int argc, char **argv) 63111716Smckusick{ 64193051Spjd char errmsg[255], path[PATH_MAX]; 65193051Spjd char *cp, *snapname; 66125103Smckusick struct statfs stfsbuf; 67111716Smckusick struct group *grp; 68111725Smckusick struct stat stbuf; 69193051Spjd struct iovec *iov; 70193051Spjd int fd, iovlen; 71111716Smckusick 72193051Spjd if (argc == 2) 73193051Spjd snapname = argv[1]; 74193051Spjd else if (argc == 3) 75193051Spjd snapname = argv[2]; /* Old usage. */ 76193051Spjd else 77111716Smckusick usage(); 78111716Smckusick 79122035Smckusick /* 80122035Smckusick * Check that the user running this program has permission 81122035Smckusick * to create and remove a snapshot file from the directory 82122035Smckusick * in which they have requested to have it made. If the 83122035Smckusick * directory is sticky and not owned by the user, then they 84122035Smckusick * will not be able to remove the snapshot when they are 85122035Smckusick * done with it. 86122035Smckusick */ 87193051Spjd if (strlen(snapname) >= PATH_MAX) 88193051Spjd errx(1, "pathname too long %s", snapname); 89193051Spjd cp = strrchr(snapname, '/'); 90122035Smckusick if (cp == NULL) { 91122035Smckusick strlcpy(path, ".", PATH_MAX); 92193051Spjd } else if (cp == snapname) { 93122035Smckusick strlcpy(path, "/", PATH_MAX); 94122035Smckusick } else { 95193051Spjd strlcpy(path, snapname, cp - snapname + 1); 96122035Smckusick } 97125107Sdes if (statfs(path, &stfsbuf) < 0) 98125103Smckusick err(1, "%s", path); 99122035Smckusick if (stat(path, &stbuf) < 0) 100122035Smckusick err(1, "%s", path); 101122035Smckusick if (!S_ISDIR(stbuf.st_mode)) 102122035Smckusick errx(1, "%s: Not a directory", path); 103122035Smckusick if (access(path, W_OK) < 0) 104122035Smckusick err(1, "Lack write permission in %s", path); 105122035Smckusick if ((stbuf.st_mode & S_ISTXT) && stbuf.st_uid != getuid()) 106122035Smckusick errx(1, "Lack write permission in %s: Sticky bit set", path); 107122035Smckusick 108122035Smckusick /* 109122035Smckusick * Having verified access to the directory in which the 110122035Smckusick * snapshot is to be built, proceed with creating it. 111122035Smckusick */ 112111716Smckusick if ((grp = getgrnam("operator")) == NULL) 113111716Smckusick errx(1, "Cannot retrieve operator gid"); 114193051Spjd 115193333Spjd iov = NULL; 116193333Spjd iovlen = 0; 117193051Spjd build_iovec(&iov, &iovlen, "fstype", "ffs", 4); 118193051Spjd build_iovec(&iov, &iovlen, "from", snapname, (size_t)-1); 119193051Spjd build_iovec(&iov, &iovlen, "fspath", stfsbuf.f_mntonname, (size_t)-1); 120193051Spjd build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); 121193051Spjd build_iovec(&iov, &iovlen, "update", NULL, 0); 122193051Spjd build_iovec(&iov, &iovlen, "snapshot", NULL, 0); 123193051Spjd 124213668Sjh *errmsg = '\0'; 125213668Sjh if (nmount(iov, iovlen, stfsbuf.f_flags) < 0) { 126213668Sjh errmsg[sizeof(errmsg) - 1] = '\0'; 127213668Sjh err(1, "Cannot create snapshot %s%s%s", snapname, 128213668Sjh *errmsg != '\0' ? ": " : "", errmsg); 129213668Sjh } 130193051Spjd if ((fd = open(snapname, O_RDONLY)) < 0) 131193051Spjd err(1, "Cannot open %s", snapname); 132111725Smckusick if (fstat(fd, &stbuf) != 0) 133193051Spjd err(1, "Cannot stat %s", snapname); 134111725Smckusick if ((stbuf.st_flags & SF_SNAPSHOT) == 0) 135193051Spjd errx(1, "File %s is not a snapshot", snapname); 136111725Smckusick if (fchown(fd, -1, grp->gr_gid) != 0) 137193051Spjd err(1, "Cannot chown %s", snapname); 138111725Smckusick if (fchmod(fd, S_IRUSR | S_IRGRP) != 0) 139193051Spjd err(1, "Cannot chmod %s", snapname); 140111716Smckusick 141111716Smckusick exit(EXIT_SUCCESS); 142111716Smckusick} 143