1 /*
2  * Amanda, The Advanced Maryland Automatic Network Disk Archiver
3  * Copyright (c) 1991-1998 University of Maryland at College Park
4  * Copyright (c) 2007-2013 Zmanda, Inc.  All Rights Reserved.
5  * All Rights Reserved.
6  *
7  * Permission to use, copy, modify, distribute, and sell this software and its
8  * documentation for any purpose is hereby granted without fee, provided that
9  * the above copyright notice appear in all copies and that both that
10  * copyright notice and this permission notice appear in supporting
11  * documentation, and that the name of U.M. not be used in advertising or
12  * publicity pertaining to distribution of the software without specific,
13  * written prior permission.  U.M. makes no representations about the
14  * suitability of this software for any purpose.  It is provided "as is"
15  * without express or implied warranty.
16  *
17  * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
19  * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
20  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
21  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
22  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23  *
24  * Authors: the Amanda Development Team.  Its members are listed in a
25  * file named AUTHORS, in the root directory of this distribution.
26  */
27 /*
28  * $Id: runtar.c,v 1.24 2006/08/25 11:41:31 martinea Exp $
29  *
30  * runs GNUTAR program as root
31  *
32  * argv[0] is the runtar program name
33  * argv[1] is the config name or NOCONFIG
34  * argv[2] will be argv[0] of the gtar program
35  * ...
36  */
37 #include "amanda.h"
38 #include "util.h"
39 #include "conffile.h"
40 #include "client_util.h"
41 
42 int main(int argc, char **argv);
43 
44 int
main(int argc,char ** argv)45 main(
46     int		argc,
47     char **	argv)
48 {
49 #ifdef GNUTAR
50     int i;
51     char *e;
52     char *dbf;
53     char *cmdline;
54     char *my_realpath = NULL;
55 #endif
56     int good_option;
57 
58     if (argc > 1 && argv && argv[1] && g_str_equal(argv[1], "--version")) {
59 	printf("runtar-%s\n", VERSION);
60 	return (0);
61     }
62 
63     /*
64      * Configure program for internationalization:
65      *   1) Only set the message locale for now.
66      *   2) Set textdomain for all amanda related programs to "amanda"
67      *      We don't want to be forced to support dozens of message catalogs.
68      */
69     setlocale(LC_MESSAGES, "C");
70     textdomain("amanda");
71 
72     safe_fd(-1, 0);
73     safe_cd();
74 
75     set_pname("runtar");
76 
77     /* Don't die when child closes pipe */
78     signal(SIGPIPE, SIG_IGN);
79 
80     dbopen(DBG_SUBDIR_CLIENT);
81     config_init(CONFIG_INIT_CLIENT, NULL);
82 
83     if (argc < 3) {
84 	error(_("Need at least 3 arguments\n"));
85 	/*NOTREACHED*/
86     }
87 
88     dbprintf(_("version %s\n"), VERSION);
89 
90     if (strcmp(argv[3], "--create") != 0) {
91 	error(_("Can only be used to create tar archives\n"));
92 	/*NOTREACHED*/
93     }
94 
95 #ifndef GNUTAR
96 
97     g_fprintf(stderr,_("gnutar not available on this system.\n"));
98     dbprintf(_("%s: gnutar not available on this system.\n"), argv[0]);
99     dbclose();
100     return 1;
101 
102 #else
103 
104     /*
105      * Print out version information for tar.
106      */
107     do {
108 	FILE *	version_file;
109 	char	version_buf[80];
110 
111 	if ((version_file = popen(GNUTAR " --version 2>&1", "r")) != NULL) {
112 	    if (fgets(version_buf, (int)sizeof(version_buf), version_file) != NULL) {
113 		dbprintf(_(GNUTAR " version: %s\n"), version_buf);
114 	    } else {
115 		if (ferror(version_file)) {
116 		    dbprintf(_(GNUTAR " version: Read failure: %s\n"), strerror(errno));
117 		} else {
118 		    dbprintf(_(GNUTAR " version: Read failure; EOF\n"));
119 		}
120 	    }
121 	} else {
122 	    dbprintf(_(GNUTAR " version: unavailable: %s\n"), strerror(errno));
123 	}
124     } while(0);
125 
126 #ifdef WANT_SETUID_CLIENT
127     check_running_as(RUNNING_AS_CLIENT_LOGIN | RUNNING_AS_UID_ONLY);
128     if (!become_root()) {
129 	error(_("error [%s could not become root (is the setuid bit set?)]\n"), get_pname());
130 	/*NOTREACHED*/
131     }
132 #else
133     check_running_as(RUNNING_AS_CLIENT_LOGIN);
134 #endif
135 
136     /* skip argv[0] */
137     argc--;
138     argv++;
139 
140     dbprintf(_("config: %s\n"), argv[0]);
141     if (strcmp(argv[0], "NOCONFIG") != 0)
142 	dbrename(argv[0], DBG_SUBDIR_CLIENT);
143     argc--;
144     argv++;
145 
146     if (!check_exec_for_suid("GNUTAR_PATH", GNUTAR, stderr, &my_realpath)) {
147 	dbclose();
148 	exit(1);
149     }
150 
151     cmdline = stralloc(my_realpath);
152     good_option = 0;
153     for (i = 1; argv[i]; i++) {
154 	char *quoted;
155 
156 	if (good_option <= 0) {
157 	    if (g_str_has_prefix(argv[i],"--rsh-command") ||
158 		g_str_has_prefix(argv[i],"--to-command") ||
159 		g_str_has_prefix(argv[i],"--info-script") ||
160 		g_str_has_prefix(argv[i],"--new-volume-script") ||
161 		g_str_has_prefix(argv[i],"--rmt-command") ||
162 		g_str_has_prefix(argv[i],"--use-compress-program")) {
163 		/* Filter potential malicious option */
164 		good_option = 0;
165 	    } else if (g_str_has_prefix(argv[i],"--create") ||
166 		g_str_has_prefix(argv[i],"--totals") ||
167 		g_str_has_prefix(argv[i],"--dereference") ||
168 		g_str_has_prefix(argv[i],"--no-recursion") ||
169 		g_str_has_prefix(argv[i],"--one-file-system") ||
170 		g_str_has_prefix(argv[i],"--incremental") ||
171 		g_str_has_prefix(argv[i],"--atime-preserve") ||
172 		g_str_has_prefix(argv[i],"--sparse") ||
173 		g_str_has_prefix(argv[i],"--ignore-failed-read") ||
174 		g_str_has_prefix(argv[i],"--numeric-owner")) {
175 		/* Accept theses options */
176 		good_option++;
177 	    } else if (g_str_has_prefix(argv[i],"--blocking-factor") ||
178 		g_str_has_prefix(argv[i],"--file") ||
179 		g_str_has_prefix(argv[i],"--directory") ||
180 		g_str_has_prefix(argv[i],"--exclude") ||
181 		g_str_has_prefix(argv[i],"--transform") ||
182 		g_str_has_prefix(argv[i],"--listed-incremental") ||
183 		g_str_has_prefix(argv[i],"--newer") ||
184 		g_str_has_prefix(argv[i],"--exclude-from") ||
185 		g_str_has_prefix(argv[i],"--files-from")) {
186 		/* Accept theses options with the following argument */
187 		good_option += 2;
188 	    } else if (argv[i][0] != '-') {
189 		good_option++;
190 	    }
191 	}
192 	if (good_option <= 0) {
193 	    error("error [%s invalid option: %s]", get_pname(), argv[i]);
194 	}
195 	good_option--;
196 
197 	quoted = quote_string(argv[i]);
198 	cmdline = vstrextend(&cmdline, " ", quoted, NULL);
199 	amfree(quoted);
200     }
201     dbprintf(_("running: %s\n"), cmdline);
202     amfree(cmdline);
203 
204     dbf = dbfn();
205     if (dbf) {
206 	dbf = stralloc(dbf);
207     }
208     dbclose();
209 
210     execve(my_realpath, argv, safe_env());
211 
212     e = strerror(errno);
213     dbreopen(dbf, "more");
214     amfree(dbf);
215     dbprintf(_("execve of %s failed (%s)\n"), my_realpath, e);
216     dbclose();
217 
218     g_fprintf(stderr, _("runtar: could not exec %s: %s\n"), my_realpath, e);
219     return 1;
220 #endif
221 }
222