1 /* $NetBSD: mount_umap.c,v 1.27 2020/07/26 08:20:23 mlelstv Exp $ */
2
3 /*
4 * Copyright (c) 1992, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software donated to Berkeley by
8 * Jan-Simon Pendry.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35 #include <sys/cdefs.h>
36 #ifndef lint
37 __COPYRIGHT("@(#) Copyright (c) 1992, 1993, 1994\
38 The Regents of the University of California. All rights reserved.");
39 #endif /* not lint */
40
41 #ifndef lint
42 #if 0
43 static char sccsid[] = "@(#)mount_umap.c 8.5 (Berkeley) 4/26/95";
44 #else
45 __RCSID("$NetBSD: mount_umap.c,v 1.27 2020/07/26 08:20:23 mlelstv Exp $");
46 #endif
47 #endif /* not lint */
48
49 #include <sys/param.h>
50 #include <sys/mount.h>
51 #include <sys/stat.h>
52
53 #include <miscfs/umapfs/umap.h>
54
55 #include <err.h>
56 #include <stdio.h>
57 #include <stdlib.h>
58 #include <string.h>
59 #include <unistd.h>
60
61 #include <mntopts.h>
62
63 #include "mountprog.h"
64
65 #define ROOTUSER 0
66 /*
67 * This define controls whether any user but the superuser can own and
68 * write mapfiles. If other users can, system security can be gravely
69 * compromised. If this is not a concern, undefine SECURITY.
70 */
71 #define MAPSECURITY 1
72
73 /*
74 * This routine provides the user interface to mounting a umap layer.
75 * It takes 4 mandatory parameters. The mandatory arguments are the place
76 * where the next lower level is mounted, the place where the umap layer is to
77 * be mounted, the name of the user mapfile, and the name of the group
78 * mapfile. The routine checks the ownerships and permissions on the
79 * mapfiles, then opens and reads them. Then it calls mount(), which
80 * will, in turn, call the umap version of mount.
81 */
82
83 static const struct mntopt mopts[] = {
84 MOPT_STDOPTS,
85 MOPT_NULL,
86 };
87
88 int mount_umap(int argc, char **argv);
89 __dead static void usage(void);
90
91 #ifndef MOUNT_NOMAIN
92 int
main(int argc,char ** argv)93 main(int argc, char **argv)
94 {
95 return mount_umap(argc, argv);
96 }
97 #endif
98
99 int
mount_umap(int argc,char * argv[])100 mount_umap(int argc, char *argv[])
101 {
102 static char not[] = "; not mounted.";
103 struct stat statbuf;
104 struct umap_args args;
105 FILE *fp, *gfp;
106 long d1, d2;
107 u_long mapdata[MAPFILEENTRIES][2];
108 u_long gmapdata[GMAPFILEENTRIES][2];
109 u_long fsid;
110 int ch, count, gnentries, mntflags, nentries;
111 char *gmapfile, *mapfile, buf[20];
112 char source[MAXPATHLEN], target[MAXPATHLEN];
113 mntoptparse_t mp;
114
115 fsid = mntflags = 0;
116 mapfile = gmapfile = NULL;
117 while ((ch = getopt(argc, argv, "g:i:o:u:")) != -1)
118 switch (ch) {
119 case 'g':
120 gmapfile = optarg;
121 break;
122 case 'i':
123 fsid = strtoul(optarg, NULL, 16);
124 break;
125 case 'o':
126 mp = getmntopts(optarg, mopts, &mntflags, 0);
127 if (mp == NULL)
128 err(1, "getmntopts");
129 freemntopts(mp);
130 break;
131 case 'u':
132 mapfile = optarg;
133 break;
134 case '?':
135 default:
136 usage();
137 }
138 argc -= optind;
139 argv += optind;
140
141 if (argc != 2 || mapfile == NULL || gmapfile == NULL)
142 usage();
143
144 pathadj(argv[0], source);
145 pathadj(argv[1], target);
146
147 /* Read in uid mapping data. */
148 if ((fp = fopen(mapfile, "r")) == NULL)
149 err(1, "%s%s", mapfile, not);
150
151 #ifdef MAPSECURITY
152 /*
153 * Check that group and other don't have write permissions on
154 * this mapfile, and that the mapfile belongs to root.
155 */
156 if (fstat(fileno(fp), &statbuf))
157 err(1, "%s%s", mapfile, not);
158 if (statbuf.st_mode & S_IWGRP || statbuf.st_mode & S_IWOTH) {
159 strmode(statbuf.st_mode, buf);
160 err(1, "%s: improper write permissions (%s)%s",
161 mapfile, buf, not);
162 }
163 if (statbuf.st_uid != ROOTUSER)
164 errx(1, "%s does not belong to root%s", mapfile, not);
165 #endif /* MAPSECURITY */
166
167 if ((fscanf(fp, "%d\n", &nentries)) != 1)
168 errx(1, "%s: nentries not found%s", mapfile, not);
169 if (nentries > MAPFILEENTRIES)
170 errx(1,
171 "maximum number of entries is %d%s", MAPFILEENTRIES, not);
172 #if 0
173 (void)printf("reading %d entries\n", nentries);
174 #endif
175 for (count = 0; count < nentries; ++count) {
176 if ((fscanf(fp, "%lu %lu\n", &d1, &d2)) != 2) {
177 if (ferror(fp))
178 err(1, "%s%s", mapfile, not);
179 if (feof(fp))
180 errx(1, "%s: unexpected end-of-file%s",
181 mapfile, not);
182 errx(1, "%s: illegal format (line %d)%s",
183 mapfile, count + 2, not);
184 }
185 mapdata[count][0] = d1;
186 mapdata[count][1] = d2;
187 #if 0
188 /* Fix a security hole. */
189 if (mapdata[count][1] == 0)
190 errx(1, "mapping id 0 not permitted (line %d)%s",
191 count + 2, not);
192 #endif
193 }
194
195 /* Read in gid mapping data. */
196 if ((gfp = fopen(gmapfile, "r")) == NULL)
197 err(1, "%s%s", gmapfile, not);
198
199 #ifdef MAPSECURITY
200 /*
201 * Check that group and other don't have write permissions on
202 * this group mapfile, and that the file belongs to root.
203 */
204 if (fstat(fileno(gfp), &statbuf))
205 err(1, "%s%s", gmapfile, not);
206 if (statbuf.st_mode & S_IWGRP || statbuf.st_mode & S_IWOTH) {
207 strmode(statbuf.st_mode, buf);
208 err(1, "%s: improper write permissions (%s)%s",
209 gmapfile, buf, not);
210 }
211 if (statbuf.st_uid != ROOTUSER)
212 errx(1, "%s does not belong to root%s", gmapfile, not);
213 #endif /* MAPSECURITY */
214
215 if ((fscanf(gfp, "%d\n", &gnentries)) != 1)
216 errx(1, "nentries not found%s", not);
217 if (gnentries > MAPFILEENTRIES)
218 errx(1,
219 "maximum number of entries is %d%s", GMAPFILEENTRIES, not);
220 #if 0
221 (void)printf("reading %d group entries\n", gnentries);
222 #endif
223
224 for (count = 0; count < gnentries; ++count) {
225 if ((fscanf(gfp, "%lu %lu\n",
226 &(gmapdata[count][0]), &(gmapdata[count][1]))) != 2) {
227 if (ferror(gfp))
228 err(1, "%s%s", gmapfile, not);
229 if (feof(gfp))
230 errx(1, "%s: unexpected end-of-file%s",
231 gmapfile, not);
232 errx(1, "%s: illegal format (line %d)%s",
233 gmapfile, count + 2, not);
234 }
235 }
236
237
238 /* Setup mount call args. */
239 args.la.target = source;
240 args.nentries = nentries;
241 args.mapdata = mapdata;
242 args.gnentries = gnentries;
243 args.gmapdata = gmapdata;
244 args.fsid = fsid;
245
246 if (mount(MOUNT_UMAP, target, mntflags, &args, sizeof args) == -1)
247 err(1, "%s on %s", source, target);
248 if (mntflags & MNT_GETARGS) {
249 printf("nentries=%d, gnentries=%d\n", args.nentries,
250 args.gnentries);
251 }
252 exit(0);
253 }
254
255 static void
usage(void)256 usage(void)
257 {
258 (void)fprintf(stderr,
259 "usage: mount_umap [-i fsid] [-o options] -g groupmap -u usermap target_fs mount_point\n");
260 exit(1);
261 }
262