freebsd-skq/contrib/cpio/lib/rtapelib.c
Peter Wemm c6acfe86c7 Merge gnu cpio 2.6 -> 2.8 changes. Unfortunately, we have massive
conflicts due to radically different approaches to security and bug fixes.
In some cases I re-started from the vendor version and reimplemented our
patches.  Fortunately, this is not enabled by default in -current.
2008-07-10 02:08:00 +00:00

741 lines
19 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* Functions for communicating with a remote tape drive.
Copyright (C) 1988, 1992, 1994, 1996, 1997, 1999, 2000, 2001, 2004,
2005, 2006 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
/* The man page rmt(8) for /etc/rmt documents the remote mag tape protocol
which rdump and rrestore use. Unfortunately, the man page is *WRONG*.
The author of the routines I'm including originally wrote his code just
based on the man page, and it didn't work, so he went to the rdump source
to figure out why. The only thing he had to change was to check for the
'F' return code in addition to the 'E', and to separate the various
arguments with \n instead of a space. I personally don't think that this
is much of a problem, but I wanted to point it out. -- Arnold Robbins
Originally written by Jeff Lee, modified some by Arnold Robbins. Redone
as a library that can replace open, read, write, etc., by Fred Fish, with
some additional work by Arnold Robbins. Modified to make all rmt* calls
into macros for speed by Jay Fenlason. Use -DWITH_REXEC for rexec
code, courtesy of Dan Kegel. */
#include "system.h"
#include "system-ioctl.h"
#include <safe-read.h>
#include <full-write.h>
/* Try hard to get EOPNOTSUPP defined. 486/ISC has it in net/errno.h,
3B2/SVR3 has it in sys/inet.h. Otherwise, like on MSDOS, use EINVAL. */
#ifndef EOPNOTSUPP
# if HAVE_NET_ERRNO_H
# include <net/errno.h>
# endif
# if HAVE_SYS_INET_H
# include <sys/inet.h>
# endif
# ifndef EOPNOTSUPP
# define EOPNOTSUPP EINVAL
# endif
#endif
#include <signal.h>
#if HAVE_NETDB_H
# include <netdb.h>
#endif
#include <rmt.h>
#include <rmt-command.h>
/* Exit status if exec errors. */
#define EXIT_ON_EXEC_ERROR 128
/* FIXME: Size of buffers for reading and writing commands to rmt. */
#define COMMAND_BUFFER_SIZE 64
#ifndef RETSIGTYPE
# define RETSIGTYPE void
#endif
/* FIXME: Maximum number of simultaneous remote tape connections. */
#define MAXUNIT 4
#define PREAD 0 /* read file descriptor from pipe() */
#define PWRITE 1 /* write file descriptor from pipe() */
/* Return the parent's read side of remote tape connection Fd. */
#define READ_SIDE(Fd) (from_remote[Fd][PREAD])
/* Return the parent's write side of remote tape connection Fd. */
#define WRITE_SIDE(Fd) (to_remote[Fd][PWRITE])
/* The pipes for receiving data from remote tape drives. */
static int from_remote[MAXUNIT][2] = {{-1, -1}, {-1, -1}, {-1, -1}, {-1, -1}};
/* The pipes for sending data to remote tape drives. */
static int to_remote[MAXUNIT][2] = {{-1, -1}, {-1, -1}, {-1, -1}, {-1, -1}};
char *rmt_command = DEFAULT_RMT_COMMAND;
/* Temporary variable used by macros in rmt.h. */
char *rmt_dev_name__;
/* If true, always consider file names to be local, even if they contain
colons */
bool force_local_option;
/* Close remote tape connection HANDLE, and reset errno to ERRNO_VALUE. */
static void
_rmt_shutdown (int handle, int errno_value)
{
close (READ_SIDE (handle));
close (WRITE_SIDE (handle));
READ_SIDE (handle) = -1;
WRITE_SIDE (handle) = -1;
errno = errno_value;
}
/* Attempt to perform the remote tape command specified in BUFFER on
remote tape connection HANDLE. Return 0 if successful, -1 on
error. */
static int
do_command (int handle, const char *buffer)
{
/* Save the current pipe handler and try to make the request. */
size_t length = strlen (buffer);
RETSIGTYPE (*pipe_handler) () = signal (SIGPIPE, SIG_IGN);
ssize_t written = full_write (WRITE_SIDE (handle), buffer, length);
signal (SIGPIPE, pipe_handler);
if (written == length)
return 0;
/* Something went wrong. Close down and go home. */
_rmt_shutdown (handle, EIO);
return -1;
}
static char *
get_status_string (int handle, char *command_buffer)
{
char *cursor;
int counter;
/* Read the reply command line. */
for (counter = 0, cursor = command_buffer;
counter < COMMAND_BUFFER_SIZE;
counter++, cursor++)
{
if (safe_read (READ_SIDE (handle), cursor, 1) != 1)
{
_rmt_shutdown (handle, EIO);
return 0;
}
if (*cursor == '\n')
{
*cursor = '\0';
break;
}
}
if (counter == COMMAND_BUFFER_SIZE)
{
_rmt_shutdown (handle, EIO);
return 0;
}
/* Check the return status. */
for (cursor = command_buffer; *cursor; cursor++)
if (*cursor != ' ')
break;
if (*cursor == 'E' || *cursor == 'F')
{
/* Skip the error message line. */
/* FIXME: there is better to do than merely ignoring error messages
coming from the remote end. Translate them, too... */
{
char character;
while (safe_read (READ_SIDE (handle), &character, 1) == 1)
if (character == '\n')
break;
}
errno = atoi (cursor + 1);
if (*cursor == 'F')
_rmt_shutdown (handle, errno);
return 0;
}
/* Check for mis-synced pipes. */
if (*cursor != 'A')
{
_rmt_shutdown (handle, EIO);
return 0;
}
/* Got an `A' (success) response. */
return cursor + 1;
}
/* Read and return the status from remote tape connection HANDLE. If
an error occurred, return -1 and set errno. */
static long int
get_status (int handle)
{
char command_buffer[COMMAND_BUFFER_SIZE];
const char *status = get_status_string (handle, command_buffer);
if (status)
{
long int result = atol (status);
if (0 <= result)
return result;
errno = EIO;
}
return -1;
}
static off_t
get_status_off (int handle)
{
char command_buffer[COMMAND_BUFFER_SIZE];
const char *status = get_status_string (handle, command_buffer);
if (! status)
return -1;
else
{
/* Parse status, taking care to check for overflow.
We can't use standard functions,
since off_t might be longer than long. */
off_t count = 0;
int negative;
for (; *status == ' ' || *status == '\t'; status++)
continue;
negative = *status == '-';
status += negative || *status == '+';
for (;;)
{
int digit = *status++ - '0';
if (9 < (unsigned) digit)
break;
else
{
off_t c10 = 10 * count;
off_t nc = negative ? c10 - digit : c10 + digit;
if (c10 / 10 != count || (negative ? c10 < nc : nc < c10))
return -1;
count = nc;
}
}
return count;
}
}
#if WITH_REXEC
/* Execute /etc/rmt as user USER on remote system HOST using rexec.
Return a file descriptor of a bidirectional socket for stdin and
stdout. If USER is zero, use the current username.
By default, this code is not used, since it requires that the user
have a .netrc file in his/her home directory, or that the
application designer be willing to have rexec prompt for login and
password info. This may be unacceptable, and .rhosts files for use
with rsh are much more common on BSD systems. */
static int
_rmt_rexec (char *host, char *user)
{
int saved_stdin = dup (STDIN_FILENO);
int saved_stdout = dup (STDOUT_FILENO);
struct servent *rexecserv;
int result;
/* When using cpio -o < filename, stdin is no longer the tty. But the
rexec subroutine reads the login and the passwd on stdin, to allow
remote execution of the command. So, reopen stdin and stdout on
/dev/tty before the rexec and give them back their original value
after. */
if (! freopen ("/dev/tty", "r", stdin))
freopen ("/dev/null", "r", stdin);
if (! freopen ("/dev/tty", "w", stdout))
freopen ("/dev/null", "w", stdout);
if (rexecserv = getservbyname ("exec", "tcp"), !rexecserv)
error (EXIT_ON_EXEC_ERROR, 0, _("exec/tcp: Service not available"));
result = rexec (&host, rexecserv->s_port, user, 0, rmt_command, 0);
if (fclose (stdin) == EOF)
error (0, errno, _("stdin"));
fdopen (saved_stdin, "r");
if (fclose (stdout) == EOF)
error (0, errno, _("stdout"));
fdopen (saved_stdout, "w");
return result;
}
#endif /* WITH_REXEC */
/* Place into BUF a string representing OFLAG, which must be suitable
as argument 2 of `open'. BUF must be large enough to hold the
result. This function should generate a string that decode_oflag
can parse. */
static void
encode_oflag (char *buf, int oflag)
{
sprintf (buf, "%d ", oflag);
switch (oflag & O_ACCMODE)
{
case O_RDONLY: strcat (buf, "O_RDONLY"); break;
case O_RDWR: strcat (buf, "O_RDWR"); break;
case O_WRONLY: strcat (buf, "O_WRONLY"); break;
default: abort ();
}
#ifdef O_APPEND
if (oflag & O_APPEND) strcat (buf, "|O_APPEND");
#endif
if (oflag & O_CREAT) strcat (buf, "|O_CREAT");
#ifdef O_DSYNC
if (oflag & O_DSYNC) strcat (buf, "|O_DSYNC");
#endif
if (oflag & O_EXCL) strcat (buf, "|O_EXCL");
#ifdef O_LARGEFILE
if (oflag & O_LARGEFILE) strcat (buf, "|O_LARGEFILE");
#endif
#ifdef O_NOCTTY
if (oflag & O_NOCTTY) strcat (buf, "|O_NOCTTY");
#endif
if (oflag & O_NONBLOCK) strcat (buf, "|O_NONBLOCK");
#ifdef O_RSYNC
if (oflag & O_RSYNC) strcat (buf, "|O_RSYNC");
#endif
#ifdef O_SYNC
if (oflag & O_SYNC) strcat (buf, "|O_SYNC");
#endif
if (oflag & O_TRUNC) strcat (buf, "|O_TRUNC");
}
/* Open a file (a magnetic tape device?) on the system specified in
FILE_NAME, as the given user. FILE_NAME has the form `[USER@]HOST:FILE'.
OPEN_MODE is O_RDONLY, O_WRONLY, etc. If successful, return the
remote pipe number plus BIAS. REMOTE_SHELL may be overridden. On
error, return -1. */
int
rmt_open__ (const char *file_name, int open_mode, int bias,
const char *remote_shell)
{
int remote_pipe_number; /* pseudo, biased file descriptor */
char *file_name_copy; /* copy of file_name string */
char *remote_host; /* remote host name */
char *remote_file; /* remote file name (often a device) */
char *remote_user; /* remote user name */
/* Find an unused pair of file descriptors. */
for (remote_pipe_number = 0;
remote_pipe_number < MAXUNIT;
remote_pipe_number++)
if (READ_SIDE (remote_pipe_number) == -1
&& WRITE_SIDE (remote_pipe_number) == -1)
break;
if (remote_pipe_number == MAXUNIT)
{
errno = EMFILE;
return -1;
}
/* Pull apart the system and device, and optional user. */
{
char *cursor;
file_name_copy = xstrdup (file_name);
remote_host = file_name_copy;
remote_user = 0;
remote_file = 0;
for (cursor = file_name_copy; *cursor; cursor++)
switch (*cursor)
{
default:
break;
case '\n':
/* Do not allow newlines in the file_name, since the protocol
uses newline delimiters. */
free (file_name_copy);
errno = ENOENT;
return -1;
case '@':
if (!remote_user)
{
remote_user = remote_host;
*cursor = '\0';
remote_host = cursor + 1;
}
break;
case ':':
if (!remote_file)
{
*cursor = '\0';
remote_file = cursor + 1;
}
break;
}
}
/* FIXME: Should somewhat validate the decoding, here. */
if (remote_user && *remote_user == '\0')
remote_user = 0;
#if WITH_REXEC
/* Execute the remote command using rexec. */
READ_SIDE (remote_pipe_number) = _rmt_rexec (remote_host, remote_user);
if (READ_SIDE (remote_pipe_number) < 0)
{
int e = errno;
free (file_name_copy);
errno = e;
return -1;
}
WRITE_SIDE (remote_pipe_number) = READ_SIDE (remote_pipe_number);
#else /* not WITH_REXEC */
{
const char *remote_shell_basename;
pid_t status;
/* Identify the remote command to be executed. */
if (!remote_shell)
{
#ifdef REMOTE_SHELL
remote_shell = REMOTE_SHELL;
#else
free (file_name_copy);
errno = EIO;
return -1;
#endif
}
remote_shell_basename = base_name (remote_shell);
/* Set up the pipes for the `rsh' command, and fork. */
if (pipe (to_remote[remote_pipe_number]) == -1
|| pipe (from_remote[remote_pipe_number]) == -1)
{
int e = errno;
free (file_name_copy);
errno = e;
return -1;
}
status = fork ();
if (status == -1)
{
int e = errno;
free (file_name_copy);
errno = e;
return -1;
}
if (status == 0)
{
/* Child. */
close (STDIN_FILENO);
dup (to_remote[remote_pipe_number][PREAD]);
close (to_remote[remote_pipe_number][PREAD]);
close (to_remote[remote_pipe_number][PWRITE]);
close (STDOUT_FILENO);
dup (from_remote[remote_pipe_number][PWRITE]);
close (from_remote[remote_pipe_number][PREAD]);
close (from_remote[remote_pipe_number][PWRITE]);
sys_reset_uid_gid ();
if (remote_user)
execl (remote_shell, remote_shell_basename, remote_host,
"-l", remote_user, rmt_command, (char *) 0);
else
execl (remote_shell, remote_shell_basename, remote_host,
rmt_command, (char *) 0);
/* Bad problems if we get here. */
/* In a previous version, _exit was used here instead of exit. */
error (EXIT_ON_EXEC_ERROR, errno, _("Cannot execute remote shell"));
}
/* Parent. */
close (from_remote[remote_pipe_number][PWRITE]);
close (to_remote[remote_pipe_number][PREAD]);
}
#endif /* not WITH_REXEC */
/* Attempt to open the tape device. */
{
size_t remote_file_len = strlen (remote_file);
char *command_buffer = xmalloc (remote_file_len + 1000);
sprintf (command_buffer, "O%s\n", remote_file);
encode_oflag (command_buffer + remote_file_len + 2, open_mode);
strcat (command_buffer, "\n");
if (do_command (remote_pipe_number, command_buffer) == -1
|| get_status (remote_pipe_number) == -1)
{
int e = errno;
free (command_buffer);
free (file_name_copy);
_rmt_shutdown (remote_pipe_number, e);
return -1;
}
free (command_buffer);
}
free (file_name_copy);
return remote_pipe_number + bias;
}
/* Close remote tape connection HANDLE and shut down. Return 0 if
successful, -1 on error. */
int
rmt_close__ (int handle)
{
long int status;
if (do_command (handle, "C\n") == -1)
return -1;
status = get_status (handle);
_rmt_shutdown (handle, errno);
return status;
}
/* Read up to LENGTH bytes into BUFFER from remote tape connection HANDLE.
Return the number of bytes read on success, SAFE_READ_ERROR on error. */
size_t
rmt_read__ (int handle, char *buffer, size_t length)
{
char command_buffer[COMMAND_BUFFER_SIZE];
size_t status;
size_t rlen;
size_t counter;
sprintf (command_buffer, "R%lu\n", (unsigned long) length);
if (do_command (handle, command_buffer) == -1
|| (status = get_status (handle)) == SAFE_READ_ERROR)
return SAFE_READ_ERROR;
for (counter = 0; counter < status; counter += rlen, buffer += rlen)
{
rlen = safe_read (READ_SIDE (handle), buffer, status - counter);
if (rlen == SAFE_READ_ERROR || rlen == 0)
{
_rmt_shutdown (handle, EIO);
return SAFE_READ_ERROR;
}
}
return status;
}
/* Write LENGTH bytes from BUFFER to remote tape connection HANDLE.
Return the number of bytes written. */
size_t
rmt_write__ (int handle, char *buffer, size_t length)
{
char command_buffer[COMMAND_BUFFER_SIZE];
RETSIGTYPE (*pipe_handler) ();
size_t written;
sprintf (command_buffer, "W%lu\n", (unsigned long) length);
if (do_command (handle, command_buffer) == -1)
return 0;
pipe_handler = signal (SIGPIPE, SIG_IGN);
written = full_write (WRITE_SIDE (handle), buffer, length);
signal (SIGPIPE, pipe_handler);
if (written == length)
{
long int r = get_status (handle);
if (r < 0)
return 0;
if (r == length)
return length;
written = r;
}
/* Write error. */
_rmt_shutdown (handle, EIO);
return written;
}
/* Perform an imitation lseek operation on remote tape connection
HANDLE. Return the new file offset if successful, -1 if on error. */
off_t
rmt_lseek__ (int handle, off_t offset, int whence)
{
char command_buffer[COMMAND_BUFFER_SIZE];
char operand_buffer[UINTMAX_STRSIZE_BOUND];
uintmax_t u = offset < 0 ? - (uintmax_t) offset : (uintmax_t) offset;
char *p = operand_buffer + sizeof operand_buffer;
*--p = 0;
do
*--p = '0' + (int) (u % 10);
while ((u /= 10) != 0);
if (offset < 0)
*--p = '-';
switch (whence)
{
case SEEK_SET: whence = 0; break;
case SEEK_CUR: whence = 1; break;
case SEEK_END: whence = 2; break;
default: abort ();
}
sprintf (command_buffer, "L%s\n%d\n", p, whence);
if (do_command (handle, command_buffer) == -1)
return -1;
return get_status_off (handle);
}
/* Perform a raw tape operation on remote tape connection HANDLE.
Return the results of the ioctl, or -1 on error. */
int
rmt_ioctl__ (int handle, int operation, char *argument)
{
switch (operation)
{
default:
errno = EOPNOTSUPP;
return -1;
#ifdef MTIOCTOP
case MTIOCTOP:
{
char command_buffer[COMMAND_BUFFER_SIZE];
char operand_buffer[UINTMAX_STRSIZE_BOUND];
uintmax_t u = (((struct mtop *) argument)->mt_count < 0
? - (uintmax_t) ((struct mtop *) argument)->mt_count
: (uintmax_t) ((struct mtop *) argument)->mt_count);
char *p = operand_buffer + sizeof operand_buffer;
*--p = 0;
do
*--p = '0' + (int) (u % 10);
while ((u /= 10) != 0);
if (((struct mtop *) argument)->mt_count < 0)
*--p = '-';
/* MTIOCTOP is the easy one. Nothing is transferred in binary. */
sprintf (command_buffer, "I%d\n%s\n",
((struct mtop *) argument)->mt_op, p);
if (do_command (handle, command_buffer) == -1)
return -1;
return get_status (handle);
}
#endif /* MTIOCTOP */
#ifdef MTIOCGET
case MTIOCGET:
{
ssize_t status;
size_t counter;
/* Grab the status and read it directly into the structure. This
assumes that the status buffer is not padded and that 2 shorts
fit in a long without any word alignment problems; i.e., the
whole struct is contiguous. NOTE - this is probably NOT a good
assumption. */
if (do_command (handle, "S") == -1
|| (status = get_status (handle), status == -1))
return -1;
for (; status > 0; status -= counter, argument += counter)
{
counter = safe_read (READ_SIDE (handle), argument, status);
if (counter == SAFE_READ_ERROR || counter == 0)
{
_rmt_shutdown (handle, EIO);
return -1;
}
}
/* Check for byte position. mt_type (or mt_model) is a small integer
field (normally) so we will check its magnitude. If it is larger
than 256, we will assume that the bytes are swapped and go through
and reverse all the bytes. */
if (((struct mtget *) argument)->MTIO_CHECK_FIELD < 256)
return 0;
for (counter = 0; counter < status; counter += 2)
{
char copy = argument[counter];
argument[counter] = argument[counter + 1];
argument[counter + 1] = copy;
}
return 0;
}
#endif /* MTIOCGET */
}
}