2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21 # Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
22 #
23
24 #
25 # Send the error message to the screen and to the logfile.
26 #
27 error()
28 {
29 typeset fmt="$1"
30 shift
31
32 printf "${MSG_PREFIX}ERROR: ${fmt}\n" "$@"
33 [[ -n $LOGFILE ]] && printf "[$(date)] ERROR: ${fmt}\n" "$@" >&2
34 }
35
36 fatal()
37 {
38 typeset fmt="$1"
39 shift
40
41 error "$fmt" "$@"
79 # Validate that the directory is safe.
80 #
81 # It is possible for a malicious zone root user to modify a zone's filesystem
82 # so that modifications made to the zone's filesystem by administrators in the
83 # global zone modify the global zone's filesystem. We can prevent this by
84 # ensuring that all components of paths accessed by scripts are real (i.e.,
85 # non-symlink) directories.
86 #
87 # NOTE: The specified path should be an absolute path as would be seen from
88 # within the zone. Also, this function does not check parent directories.
89 # If, for example, you need to ensure that every component of the path
90 # '/foo/bar/baz' is a directory and not a symlink, then do the following:
91 #
92 # safe_dir /foo
93 # safe_dir /foo/bar
94 # safe_dir /foo/bar/baz
95 #
96 safe_dir()
97 {
98 typeset dir="$1"
99
100 if [[ -h $ZONEROOT/$dir || ! -d $ZONEROOT/$dir ]]; then
101 fatal "$e_baddir" "$dir"
102 fi
103 }
104
105 # Like safe_dir except the dir doesn't have to exist.
106 safe_opt_dir()
107 {
108 typeset dir="$1"
109
110 [[ ! -e $ZONEROOT/$dir ]] && return
111
112 if [[ -h $ZONEROOT/$dir || ! -d $ZONEROOT/$dir ]]; then
113 fatal "$e_baddir" "$dir"
114 fi
115 }
116
117 # Only make a copy if we haven't already done so.
118 safe_backup()
119 {
120 typeset src="$1"
121 typeset dst="$2"
122
123 if [[ ! -h $src && ! -h $dst && ! -d $dst && ! -f $dst ]]; then
124 /usr/bin/cp -p $src $dst || fatal "$e_badfile" "$src"
125 fi
126 }
127
128 # Make a copy even if the destination already exists.
129 safe_copy()
130 {
131 typeset src="$1"
132 typeset dst="$2"
133
134 if [[ ! -h $src && ! -h $dst && ! -d $dst ]]; then
170 typeset runname="$2"
171 typeset mode="$3"
172 typeset own="$4"
173 typeset rem="$5"
174
175 if [ -h $filename -o ! -f $filename ]; then
176 return
177 fi
178
179 egrep -s "Solaris Brand Replacement" $filename
180 if [ $? -eq 0 ]; then
181 return
182 fi
183
184 safe_backup $filename $filename.pre_p2v
185 if [ $rem = "remove" ]; then
186 rm -f $filename
187 fi
188
189 cat <<-END >$filename || exit 1
190 #!/bin/sh -p
191 #
192 # Solaris Brand Replacement
193 #
194 # Attention. This file has been replaced with a new version for
195 # use in a virtualized environment. Modification of this script is not
196 # supported and all changes will be lost upon reboot. The
197 # {name}.pre_p2v version of this file is a backup copy of the
198 # original and should not be deleted.
199 #
200 END
201
202 echo ". $runname \"\$@\"" >>$filename || exit 1
203
204 chmod $mode $filename
205 chown $own $filename
206 }
207
208 safe_wrap()
209 {
210 typeset filename="$1"
|
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21 # Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
22 # Copyright 2014, Joyent, Inc. All rights reserved.
23 #
24
25 #
26 # Send the error message to the screen and to the logfile.
27 #
28 error()
29 {
30 typeset fmt="$1"
31 shift
32
33 printf "${MSG_PREFIX}ERROR: ${fmt}\n" "$@"
34 [[ -n $LOGFILE ]] && printf "[$(date)] ERROR: ${fmt}\n" "$@" >&2
35 }
36
37 fatal()
38 {
39 typeset fmt="$1"
40 shift
41
42 error "$fmt" "$@"
80 # Validate that the directory is safe.
81 #
82 # It is possible for a malicious zone root user to modify a zone's filesystem
83 # so that modifications made to the zone's filesystem by administrators in the
84 # global zone modify the global zone's filesystem. We can prevent this by
85 # ensuring that all components of paths accessed by scripts are real (i.e.,
86 # non-symlink) directories.
87 #
88 # NOTE: The specified path should be an absolute path as would be seen from
89 # within the zone. Also, this function does not check parent directories.
90 # If, for example, you need to ensure that every component of the path
91 # '/foo/bar/baz' is a directory and not a symlink, then do the following:
92 #
93 # safe_dir /foo
94 # safe_dir /foo/bar
95 # safe_dir /foo/bar/baz
96 #
97 safe_dir()
98 {
99 typeset dir="$1"
100 typeset pwd_dir=""
101
102 if [[ -d $ZONEROOT/$dir ]]; then
103 if [[ -h $ZONEROOT/$dir ]]; then
104 #
105 # When dir is a symlink to a directory, we 'cd' to that
106 # directory to ensure that's under $ZONEROOT. We use pwd
107 # from /usr/bin instead of built-in because they give
108 # different results.
109 #
110 pwd_dir=$(cd $ZONEROOT/$dir && /usr/bin/pwd)
111 if [[ $pwd_dir =~ "^$ZONEROOT" ]]; then
112 return;
113 else
114 fatal \
115 "$e_baddir: symlink out of zoneroot" "$dir"
116 fi
117 else
118 # it's a dir and not a symlink, so that's ok.
119 return
120 fi
121 fi
122 }
123
124 # Like safe_dir except the dir doesn't have to exist.
125 safe_opt_dir()
126 {
127 typeset dir="$1"
128
129 [[ ! -e $ZONEROOT/$dir ]] && return
130
131 safe_dir $dir
132 }
133
134 # Only make a copy if we haven't already done so.
135 safe_backup()
136 {
137 typeset src="$1"
138 typeset dst="$2"
139
140 if [[ ! -h $src && ! -h $dst && ! -d $dst && ! -f $dst ]]; then
141 /usr/bin/cp -p $src $dst || fatal "$e_badfile" "$src"
142 fi
143 }
144
145 # Make a copy even if the destination already exists.
146 safe_copy()
147 {
148 typeset src="$1"
149 typeset dst="$2"
150
151 if [[ ! -h $src && ! -h $dst && ! -d $dst ]]; then
187 typeset runname="$2"
188 typeset mode="$3"
189 typeset own="$4"
190 typeset rem="$5"
191
192 if [ -h $filename -o ! -f $filename ]; then
193 return
194 fi
195
196 egrep -s "Solaris Brand Replacement" $filename
197 if [ $? -eq 0 ]; then
198 return
199 fi
200
201 safe_backup $filename $filename.pre_p2v
202 if [ $rem = "remove" ]; then
203 rm -f $filename
204 fi
205
206 cat <<-END >$filename || exit 1
207 #!/bin/sh
208 #
209 # Solaris Brand Replacement
210 #
211 # Attention. This file has been replaced with a new version for
212 # use in a virtualized environment. Modification of this script is not
213 # supported and all changes will be lost upon reboot. The
214 # {name}.pre_p2v version of this file is a backup copy of the
215 # original and should not be deleted.
216 #
217 END
218
219 echo ". $runname \"\$@\"" >>$filename || exit 1
220
221 chmod $mode $filename
222 chown $own $filename
223 }
224
225 safe_wrap()
226 {
227 typeset filename="$1"
|