1 /* $NetBSD: mount_umap.c,v 1.12 2002/09/21 18:43:38 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1992, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software donated to Berkeley by 8 * Jan-Simon Pendry. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 #ifndef lint 41 __COPYRIGHT("@(#) Copyright (c) 1992, 1993, 1994\n\ 42 The Regents of the University of California. All rights reserved.\n"); 43 #endif /* not lint */ 44 45 #ifndef lint 46 #if 0 47 static char sccsid[] = "@(#)mount_umap.c 8.5 (Berkeley) 4/26/95"; 48 #else 49 __RCSID("$NetBSD: mount_umap.c,v 1.12 2002/09/21 18:43:38 christos Exp $"); 50 #endif 51 #endif /* not lint */ 52 53 #include <sys/param.h> 54 #include <sys/mount.h> 55 #include <sys/stat.h> 56 57 #include <miscfs/umapfs/umap.h> 58 59 #include <err.h> 60 #include <stdio.h> 61 #include <stdlib.h> 62 #include <string.h> 63 #include <unistd.h> 64 65 #include "mntopts.h" 66 67 #define ROOTUSER 0 68 /* 69 * This define controls whether any user but the superuser can own and 70 * write mapfiles. If other users can, system security can be gravely 71 * compromised. If this is not a concern, undefine SECURITY. 72 */ 73 #define MAPSECURITY 1 74 75 /* 76 * This routine provides the user interface to mounting a umap layer. 77 * It takes 4 mandatory parameters. The mandatory arguments are the place 78 * where the next lower level is mounted, the place where the umap layer is to 79 * be mounted, the name of the user mapfile, and the name of the group 80 * mapfile. The routine checks the ownerships and permissions on the 81 * mapfiles, then opens and reads them. Then it calls mount(), which 82 * will, in turn, call the umap version of mount. 83 */ 84 85 static const struct mntopt mopts[] = { 86 MOPT_STDOPTS, 87 { NULL } 88 }; 89 90 int main __P((int, char *[])); 91 int mount_umap __P((int argc, char **argv)); 92 static void usage __P((void)); 93 94 #ifndef MOUNT_NOMAIN 95 int 96 main(argc, argv) 97 int argc; 98 char **argv; 99 { 100 return mount_umap(argc, argv); 101 } 102 #endif 103 104 int 105 mount_umap(argc, argv) 106 int argc; 107 char *argv[]; 108 { 109 static char not[] = "; not mounted."; 110 struct stat statbuf; 111 struct umap_args args; 112 FILE *fp, *gfp; 113 long d1, d2; 114 u_long mapdata[MAPFILEENTRIES][2]; 115 u_long gmapdata[GMAPFILEENTRIES][2]; 116 int ch, count, gnentries, mntflags, nentries; 117 char *gmapfile, *mapfile, *source, *target, buf[20]; 118 119 mntflags = 0; 120 mapfile = gmapfile = NULL; 121 while ((ch = getopt(argc, argv, "g:o:u:")) != -1) 122 switch (ch) { 123 case 'g': 124 gmapfile = optarg; 125 break; 126 case 'o': 127 getmntopts(optarg, mopts, &mntflags, 0); 128 break; 129 case 'u': 130 mapfile = optarg; 131 break; 132 case '?': 133 default: 134 usage(); 135 } 136 argc -= optind; 137 argv += optind; 138 139 if (argc != 2 || mapfile == NULL || gmapfile == NULL) 140 usage(); 141 142 source = argv[0]; 143 target = argv[1]; 144 145 /* Read in uid mapping data. */ 146 if ((fp = fopen(mapfile, "r")) == NULL) 147 err(1, "%s%s", mapfile, not); 148 149 #ifdef MAPSECURITY 150 /* 151 * Check that group and other don't have write permissions on 152 * this mapfile, and that the mapfile belongs to root. 153 */ 154 if (fstat(fileno(fp), &statbuf)) 155 err(1, "%s%s", mapfile, not); 156 if (statbuf.st_mode & S_IWGRP || statbuf.st_mode & S_IWOTH) { 157 strmode(statbuf.st_mode, buf); 158 err(1, "%s: improper write permissions (%s)%s", 159 mapfile, buf, not); 160 } 161 if (statbuf.st_uid != ROOTUSER) 162 errx(1, "%s does not belong to root%s", mapfile, not); 163 #endif /* MAPSECURITY */ 164 165 if ((fscanf(fp, "%d\n", &nentries)) != 1) 166 errx(1, "%s: nentries not found%s", mapfile, not); 167 if (nentries > MAPFILEENTRIES) 168 errx(1, 169 "maximum number of entries is %d%s", MAPFILEENTRIES, not); 170 #if 0 171 (void)printf("reading %d entries\n", nentries); 172 #endif 173 for (count = 0; count < nentries; ++count) { 174 if ((fscanf(fp, "%lu %lu\n", &d1, &d2)) != 2) { 175 if (ferror(fp)) 176 err(1, "%s%s", mapfile, not); 177 if (feof(fp)) 178 errx(1, "%s: unexpected end-of-file%s", 179 mapfile, not); 180 errx(1, "%s: illegal format (line %d)%s", 181 mapfile, count + 2, not); 182 } 183 mapdata[count][0] = d1; 184 mapdata[count][1] = d2; 185 #if 0 186 /* Fix a security hole. */ 187 if (mapdata[count][1] == 0) 188 errx(1, "mapping id 0 not permitted (line %d)%s", 189 count + 2, not); 190 #endif 191 } 192 193 /* Read in gid mapping data. */ 194 if ((gfp = fopen(gmapfile, "r")) == NULL) 195 err(1, "%s%s", gmapfile, not); 196 197 #ifdef MAPSECURITY 198 /* 199 * Check that group and other don't have write permissions on 200 * this group mapfile, and that the file belongs to root. 201 */ 202 if (fstat(fileno(gfp), &statbuf)) 203 err(1, "%s%s", gmapfile, not); 204 if (statbuf.st_mode & S_IWGRP || statbuf.st_mode & S_IWOTH) { 205 strmode(statbuf.st_mode, buf); 206 err(1, "%s: improper write permissions (%s)%s", 207 gmapfile, buf, not); 208 } 209 if (statbuf.st_uid != ROOTUSER) 210 errx(1, "%s does not belong to root%s", gmapfile, not); 211 #endif /* MAPSECURITY */ 212 213 if ((fscanf(gfp, "%d\n", &gnentries)) != 1) 214 errx(1, "nentries not found%s", not); 215 if (gnentries > MAPFILEENTRIES) 216 errx(1, 217 "maximum number of entries is %d%s", GMAPFILEENTRIES, not); 218 #if 0 219 (void)printf("reading %d group entries\n", gnentries); 220 #endif 221 222 for (count = 0; count < gnentries; ++count) { 223 if ((fscanf(gfp, "%lu %lu\n", 224 &(gmapdata[count][0]), &(gmapdata[count][1]))) != 2) { 225 if (ferror(gfp)) 226 err(1, "%s%s", gmapfile, not); 227 if (feof(gfp)) 228 errx(1, "%s: unexpected end-of-file%s", 229 gmapfile, not); 230 errx(1, "%s: illegal format (line %d)%s", 231 gmapfile, count + 2, not); 232 } 233 } 234 235 236 /* Setup mount call args. */ 237 args.la.target = source; 238 args.nentries = nentries; 239 args.mapdata = mapdata; 240 args.gnentries = gnentries; 241 args.gmapdata = gmapdata; 242 243 if (mount(MOUNT_UMAP, argv[1], mntflags, &args)) 244 err(1, "%s on %s", source, argv[1]); 245 if (mntflags & MNT_GETARGS) { 246 printf("nentries=%d, gnentries=%d\n", args.nentries, 247 args.gnentries); 248 } 249 exit(0); 250 } 251 252 static void 253 usage() 254 { 255 (void)fprintf(stderr, 256 "usage: mount_umap [-o options] -u usermap -g groupmap target_fs mount_point\n"); 257 exit(1); 258 } 259