1 /*
2 * Amanda, The Advanced Maryland Automatic Network Disk Archiver
3 * Copyright (c) 1991-1998 University of Maryland at College Park
4 * Copyright (c) 2007-2013 Zmanda, Inc. All Rights Reserved.
5 * All Rights Reserved.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software and its
8 * documentation for any purpose is hereby granted without fee, provided that
9 * the above copyright notice appear in all copies and that both that
10 * copyright notice and this permission notice appear in supporting
11 * documentation, and that the name of U.M. not be used in advertising or
12 * publicity pertaining to distribution of the software without specific,
13 * written prior permission. U.M. makes no representations about the
14 * suitability of this software for any purpose. It is provided "as is"
15 * without express or implied warranty.
16 *
17 * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
19 * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
20 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
21 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
22 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 *
24 * Authors: the Amanda Development Team. Its members are listed in a
25 * file named AUTHORS, in the root directory of this distribution.
26 */
27 /*
28 * $Id: runtar.c,v 1.24 2006/08/25 11:41:31 martinea Exp $
29 *
30 * runs GNUTAR program as root
31 *
32 * argv[0] is the runtar program name
33 * argv[1] is the config name or NOCONFIG
34 * argv[2] will be argv[0] of the gtar program
35 * ...
36 */
37 #include "amanda.h"
38 #include "util.h"
39 #include "conffile.h"
40 #include "client_util.h"
41
42 int main(int argc, char **argv);
43
44 int
main(int argc,char ** argv)45 main(
46 int argc,
47 char ** argv)
48 {
49 #ifdef GNUTAR
50 int i;
51 char *e;
52 char *dbf;
53 char *cmdline;
54 char *my_realpath = NULL;
55 #endif
56 int good_option;
57
58 if (argc > 1 && argv && argv[1] && g_str_equal(argv[1], "--version")) {
59 printf("runtar-%s\n", VERSION);
60 return (0);
61 }
62
63 /*
64 * Configure program for internationalization:
65 * 1) Only set the message locale for now.
66 * 2) Set textdomain for all amanda related programs to "amanda"
67 * We don't want to be forced to support dozens of message catalogs.
68 */
69 setlocale(LC_MESSAGES, "C");
70 textdomain("amanda");
71
72 safe_fd(-1, 0);
73 safe_cd();
74
75 set_pname("runtar");
76
77 /* Don't die when child closes pipe */
78 signal(SIGPIPE, SIG_IGN);
79
80 dbopen(DBG_SUBDIR_CLIENT);
81 config_init(CONFIG_INIT_CLIENT, NULL);
82
83 if (argc < 3) {
84 error(_("Need at least 3 arguments\n"));
85 /*NOTREACHED*/
86 }
87
88 dbprintf(_("version %s\n"), VERSION);
89
90 if (strcmp(argv[3], "--create") != 0) {
91 error(_("Can only be used to create tar archives\n"));
92 /*NOTREACHED*/
93 }
94
95 #ifndef GNUTAR
96
97 g_fprintf(stderr,_("gnutar not available on this system.\n"));
98 dbprintf(_("%s: gnutar not available on this system.\n"), argv[0]);
99 dbclose();
100 return 1;
101
102 #else
103
104 /*
105 * Print out version information for tar.
106 */
107 do {
108 FILE * version_file;
109 char version_buf[80];
110
111 if ((version_file = popen(GNUTAR " --version 2>&1", "r")) != NULL) {
112 if (fgets(version_buf, (int)sizeof(version_buf), version_file) != NULL) {
113 dbprintf(_(GNUTAR " version: %s\n"), version_buf);
114 } else {
115 if (ferror(version_file)) {
116 dbprintf(_(GNUTAR " version: Read failure: %s\n"), strerror(errno));
117 } else {
118 dbprintf(_(GNUTAR " version: Read failure; EOF\n"));
119 }
120 }
121 } else {
122 dbprintf(_(GNUTAR " version: unavailable: %s\n"), strerror(errno));
123 }
124 } while(0);
125
126 #ifdef WANT_SETUID_CLIENT
127 check_running_as(RUNNING_AS_CLIENT_LOGIN | RUNNING_AS_UID_ONLY);
128 if (!become_root()) {
129 error(_("error [%s could not become root (is the setuid bit set?)]\n"), get_pname());
130 /*NOTREACHED*/
131 }
132 #else
133 check_running_as(RUNNING_AS_CLIENT_LOGIN);
134 #endif
135
136 /* skip argv[0] */
137 argc--;
138 argv++;
139
140 dbprintf(_("config: %s\n"), argv[0]);
141 if (strcmp(argv[0], "NOCONFIG") != 0)
142 dbrename(argv[0], DBG_SUBDIR_CLIENT);
143 argc--;
144 argv++;
145
146 if (!check_exec_for_suid("GNUTAR_PATH", GNUTAR, stderr, &my_realpath)) {
147 dbclose();
148 exit(1);
149 }
150
151 cmdline = stralloc(my_realpath);
152 good_option = 0;
153 for (i = 1; argv[i]; i++) {
154 char *quoted;
155
156 if (good_option <= 0) {
157 if (g_str_has_prefix(argv[i],"--rsh-command") ||
158 g_str_has_prefix(argv[i],"--to-command") ||
159 g_str_has_prefix(argv[i],"--info-script") ||
160 g_str_has_prefix(argv[i],"--new-volume-script") ||
161 g_str_has_prefix(argv[i],"--rmt-command") ||
162 g_str_has_prefix(argv[i],"--use-compress-program")) {
163 /* Filter potential malicious option */
164 good_option = 0;
165 } else if (g_str_has_prefix(argv[i],"--create") ||
166 g_str_has_prefix(argv[i],"--totals") ||
167 g_str_has_prefix(argv[i],"--dereference") ||
168 g_str_has_prefix(argv[i],"--no-recursion") ||
169 g_str_has_prefix(argv[i],"--one-file-system") ||
170 g_str_has_prefix(argv[i],"--incremental") ||
171 g_str_has_prefix(argv[i],"--atime-preserve") ||
172 g_str_has_prefix(argv[i],"--sparse") ||
173 g_str_has_prefix(argv[i],"--ignore-failed-read") ||
174 g_str_has_prefix(argv[i],"--numeric-owner")) {
175 /* Accept theses options */
176 good_option++;
177 } else if (g_str_has_prefix(argv[i],"--blocking-factor") ||
178 g_str_has_prefix(argv[i],"--file") ||
179 g_str_has_prefix(argv[i],"--directory") ||
180 g_str_has_prefix(argv[i],"--exclude") ||
181 g_str_has_prefix(argv[i],"--transform") ||
182 g_str_has_prefix(argv[i],"--listed-incremental") ||
183 g_str_has_prefix(argv[i],"--newer") ||
184 g_str_has_prefix(argv[i],"--exclude-from") ||
185 g_str_has_prefix(argv[i],"--files-from")) {
186 /* Accept theses options with the following argument */
187 good_option += 2;
188 } else if (argv[i][0] != '-') {
189 good_option++;
190 }
191 }
192 if (good_option <= 0) {
193 error("error [%s invalid option: %s]", get_pname(), argv[i]);
194 }
195 good_option--;
196
197 quoted = quote_string(argv[i]);
198 cmdline = vstrextend(&cmdline, " ", quoted, NULL);
199 amfree(quoted);
200 }
201 dbprintf(_("running: %s\n"), cmdline);
202 amfree(cmdline);
203
204 dbf = dbfn();
205 if (dbf) {
206 dbf = stralloc(dbf);
207 }
208 dbclose();
209
210 execve(my_realpath, argv, safe_env());
211
212 e = strerror(errno);
213 dbreopen(dbf, "more");
214 amfree(dbf);
215 dbprintf(_("execve of %s failed (%s)\n"), my_realpath, e);
216 dbclose();
217
218 g_fprintf(stderr, _("runtar: could not exec %s: %s\n"), my_realpath, e);
219 return 1;
220 #endif
221 }
222