aboutsummaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
Diffstat (limited to 'sbin')
-rw-r--r--sbin/Makefile2
-rw-r--r--sbin/fsirand/Makefile8
-rw-r--r--sbin/fsirand/fsirand.8109
-rw-r--r--sbin/fsirand/fsirand.c292
-rw-r--r--sbin/newfs/Makefile2
-rw-r--r--sbin/newfs/mkfs.c43
6 files changed, 449 insertions, 7 deletions
diff --git a/sbin/Makefile b/sbin/Makefile
index 930798028ee5..dc06d5307391 100644
--- a/sbin/Makefile
+++ b/sbin/Makefile
@@ -3,7 +3,7 @@
# XXX MISSING: icheck ncheck
SUBDIR= adjkerntz badsect ccdconfig clri disklabel dmesg dset dump dumpfs \
- dumpon fsck fsdb ifconfig init ipfw md5 mknod modload \
+ dumpon fsck fsdb fsirand ifconfig init ipfw md5 mknod modload \
modunload mount mount_cd9660 mount_ext2fs \
mount_lfs mount_nfs mount_null mount_portal mount_std \
mount_umap mount_union mountd newfs nfsd nfsiod \
diff --git a/sbin/fsirand/Makefile b/sbin/fsirand/Makefile
new file mode 100644
index 000000000000..5f2446bb9e82
--- /dev/null
+++ b/sbin/fsirand/Makefile
@@ -0,0 +1,8 @@
+# $OpenBSD: Makefile,v 1.1 1997/01/26 02:23:20 millert Exp $
+
+PROG= fsirand
+MAN= fsirand.8
+DPADD= ${LIBUTIL}
+LDADD= -lutil
+
+.include <bsd.prog.mk>
diff --git a/sbin/fsirand/fsirand.8 b/sbin/fsirand/fsirand.8
new file mode 100644
index 000000000000..94a02e36c072
--- /dev/null
+++ b/sbin/fsirand/fsirand.8
@@ -0,0 +1,109 @@
+.\" Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by Todd C. Miller.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\" derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $OpenBSD: fsirand.8,v 1.6 1997/02/23 03:58:26 millert Exp $
+.\"
+.Dd January 25, 1997
+.Dt FSIRAND 8
+.Os
+.Sh NAME
+.Nm fsirand
+.Nd randomize inode generation numbers
+.Sh SYNOPSIS
+.Nm fsirand
+.Op Fl b
+.Op Fl f
+.Op Fl p
+.Ar special
+.Op Ar "special ..."
+.Sh DESCRIPTION
+The
+.Nm fsirand
+command installs random generation numbers on all the inodes for
+each filesystem specified on the command line by
+.Ar special .
+This increases the security of NFS-exported filesystems by making
+it difficult to ``guess'' filehandles.
+.Pp
+.Em Note:
+.Xr newfs 8
+now does the equivalent of
+.Nm
+itself so it is no longer necesary to
+run
+.Nm
+by hand on a new filesystem. It is only used to
+re-randomize or report on an existing filesystem.
+.Pp
+.Nm Fsirand
+should only be used on an unmounted filesystem that
+has been checked with
+.Xr fsck 8
+or a filesystem that is mounted read-only.
+.Nm Fsirand
+may be used on the root filesystem in single-user mode
+but the system should be rebooted via ``reboot -n'' afterwards.
+.Sh OPTIONS
+.Bl -tag -width indent
+The available options are as follows:
+.It Fl b
+Use the default block size (usuallyt 512 bytes) instead
+of the value gleaned from the disklabel.
+.It Fl f
+Force
+.Nm
+to run even if the filesystem on
+.Ar special
+is not marked as clean.
+.It Fl p
+Print the current generation numbers for all inodes instead of
+generating new ones.
+.Sh CAVEATS
+Since
+.Nm
+allocates enough memory to hold all the inodes in
+a given cylinder group it is may use a large amount
+of memory for large disks with few cylinder groups.
+.Sh SEE ALSO
+.Xr fs 5 ,
+.Xr fsck 8 ,
+.Xr newfs 8 .
+.Sh HISTORY
+The
+.Nm
+command appeared in SunOS 3.x.
+.br
+This version of
+.Nm
+first appeared in
+.Bx Open
+2.1.
+.Sh AUTHOR
+.nf
+Todd C. Miller <Todd.Miller@courtesan.com>
+.fi
diff --git a/sbin/fsirand/fsirand.c b/sbin/fsirand/fsirand.c
new file mode 100644
index 000000000000..4875ef59482d
--- /dev/null
+++ b/sbin/fsirand/fsirand.c
@@ -0,0 +1,292 @@
+/* $OpenBSD: fsirand.c,v 1.9 1997/02/28 00:46:33 millert Exp $ */
+
+/*
+ * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Todd C. Miller.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$OpenBSD: fsirand.c,v 1.9 1997/02/28 00:46:33 millert Exp $";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/disklabel.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include <ufs/ffs/fs.h>
+#include <ufs/ufs/dinode.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+void usage __P((int));
+int fsirand __P((char *));
+
+extern char *__progname;
+
+int printonly = 0, force = 0, ignorelabel = 0;
+
+int
+main(argc, argv)
+ int argc;
+ char *argv[];
+{
+ int n, ex = 0;
+ struct rlimit rl;
+
+ while ((n = getopt(argc, argv, "bfp")) != -1) {
+ switch (n) {
+ case 'b':
+ ignorelabel++;
+ break;
+ case 'p':
+ printonly++;
+ break;
+ case 'f':
+ force++;
+ break;
+ default:
+ usage(1);
+ }
+ }
+ if (argc - optind < 1)
+ usage(1);
+
+ /* Increase our data size to the max */
+ if (getrlimit(RLIMIT_DATA, &rl) == 0) {
+ rl.rlim_cur = rl.rlim_max;
+ if (setrlimit(RLIMIT_DATA, &rl) < 0)
+ warn("Can't get resource limit to max data size");
+ } else
+ warn("Can't get resource limit for data size");
+
+ for (n = optind; n < argc; n++) {
+ if (argc - optind != 1)
+ (void)puts(argv[n]);
+ ex += fsirand(argv[n]);
+ if (n < argc - 1)
+ putchar('\n');
+ }
+
+ exit(ex);
+}
+
+int
+fsirand(device)
+ char *device;
+{
+ static struct dinode *inodebuf;
+ static size_t oldibufsize;
+ size_t ibufsize;
+ struct fs *sblock;
+ ino_t inumber, maxino;
+ daddr_t dblk;
+ char sbuf[SBSIZE], sbuftmp[SBSIZE];
+ int devfd, n, cg;
+ u_int32_t bsize = DEV_BSIZE;
+ struct disklabel label;
+
+ if ((devfd = open(device, printonly ? O_RDONLY : O_RDWR)) < 0) {
+ warn("Can't open %s", device);
+ return (1);
+ }
+
+ /* Get block size (usually 512) from disklabel if possible */
+ if (!ignorelabel) {
+ if (ioctl(devfd, DIOCGDINFO, &label) < 0)
+ warn("Can't read disklabel, using sector size of %d",
+ bsize);
+ else
+ bsize = label.d_secsize;
+ }
+
+ /* Read in master superblock */
+ (void)memset(&sbuf, 0, sizeof(sbuf));
+ sblock = (struct fs *)&sbuf;
+ if (lseek(devfd, SBOFF, SEEK_SET) == -1) {
+ warn("Can't seek to superblock (%qd) on %s", SBOFF, device);
+ return (1);
+ }
+ if ((n = read(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warnx("Can't read superblock on %s: %s", device,
+ (n < SBSIZE) ? "short read" : strerror(errno));
+ return (1);
+ }
+ maxino = sblock->fs_ncg * sblock->fs_ipg;
+
+ /* Simple sanity checks on the superblock */
+ if (sblock->fs_magic != FS_MAGIC) {
+ warnx("Bad magic number in superblock");
+ return (1);
+ }
+ if (sblock->fs_sbsize > SBSIZE) {
+ warnx("Superblock size is preposterous");
+ return (1);
+ }
+ if (sblock->fs_postblformat == FS_42POSTBLFMT) {
+ warnx("Filesystem format is too old, sorry");
+ return (1);
+ }
+ if (!force && !printonly && sblock->fs_clean != 1) {
+ warnx("Filesystem is not clean, fsck %s first.", device);
+ return (1);
+ }
+
+ /* Make sure backup superblocks are sane. */
+ sblock = (struct fs *)&sbuftmp;
+ for (cg = 0; cg < sblock->fs_ncg; cg++) {
+ dblk = fsbtodb(sblock, cgsblock(sblock, cg));
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd", (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = write(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warn("Can't read backup superblock %d on %s: %s",
+ cg + 1, device, (n < SBSIZE) ? "short write"
+ : strerror(errno));
+ return (1);
+ }
+ if (sblock->fs_magic != FS_MAGIC) {
+ warnx("Bad magic number in backup superblock %d on %s",
+ cg + 1, device);
+ return (1);
+ }
+ if (sblock->fs_sbsize > SBSIZE) {
+ warnx("Size of backup superblock %d on %s is preposterous",
+ cg + 1, device);
+ return (1);
+ }
+ }
+ sblock = (struct fs *)&sbuf;
+
+ /* XXX - should really cap buffer at 512kb or so */
+ ibufsize = sizeof(struct dinode) * sblock->fs_ipg;
+ if (oldibufsize < ibufsize) {
+ if ((inodebuf = realloc(inodebuf, ibufsize)) == NULL)
+ errx(1, "Can't allocate memory for inode buffer");
+ oldibufsize = ibufsize;
+ }
+
+ if (printonly && (sblock->fs_id[0] || sblock->fs_id[1])) {
+ if (sblock->fs_inodefmt >= FS_44INODEFMT && sblock->fs_id[0])
+ (void)printf("%s was randomized on %s", device,
+ ctime((const time_t *)&(sblock->fs_id[0])));
+ (void)printf("fsid: %x %x\n", sblock->fs_id[0],
+ sblock->fs_id[1]);
+ }
+
+ /* Randomize fs_id unless old 4.2BSD filesystem */
+ if ((sblock->fs_inodefmt >= FS_44INODEFMT) && !printonly) {
+ /* Randomize fs_id and write out new sblock and backups */
+ sblock->fs_id[0] = (u_int32_t)time(NULL);
+ sblock->fs_id[1] = random();
+
+ if (lseek(devfd, SBOFF, SEEK_SET) == -1) {
+ warn("Can't seek to superblock (%qd) on %s", SBOFF,
+ device);
+ return (1);
+ }
+ if ((n = write(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warn("Can't read superblock on %s: %s", device,
+ (n < SBSIZE) ? "short write" : strerror(errno));
+ return (1);
+ }
+ }
+
+ /* For each cylinder group, randomize inodes and update backup sblock */
+ for (cg = 0, inumber = 0; cg < sblock->fs_ncg; cg++) {
+ /* Update superblock if appropriate */
+ if ((sblock->fs_inodefmt >= FS_44INODEFMT) && !printonly) {
+ dblk = fsbtodb(sblock, cgsblock(sblock, cg));
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd", (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = write(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warn("Can't read backup superblock %d on %s: %s",
+ cg + 1, device, (n < SBSIZE) ? "short write"
+ : strerror(errno));
+ return (1);
+ }
+ }
+
+ /* Read in inodes, then print or randomize generation nums */
+ dblk = fsbtodb(sblock, ino_to_fsba(sblock, inumber));
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd", (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = read(devfd, inodebuf, ibufsize)) != ibufsize) {
+ warnx("Can't read inodes: %s",
+ (n < ibufsize) ? "short read" : strerror(errno));
+ return (1);
+ }
+
+ for (n = 0; n < sblock->fs_ipg; n++, inumber++) {
+ if (inumber >= ROOTINO) {
+ if (printonly)
+ (void)printf("ino %d gen %x\n", inumber,
+ inodebuf[n].di_gen);
+ else
+ inodebuf[n].di_gen = random();
+ }
+ }
+
+ /* Write out modified inodes */
+ if (!printonly) {
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd",
+ (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = write(devfd, inodebuf, ibufsize)) !=
+ ibufsize) {
+ warnx("Can't write inodes: %s",
+ (n != ibufsize) ? "short write" :
+ strerror(errno));
+ return (1);
+ }
+ }
+ }
+ (void)close(devfd);
+
+ return(0);
+}
+
+void
+usage(ex)
+ int ex;
+{
+ (void)fprintf(stderr, "Usage: %s [ -b ] [ -f ] [ -p ] special [special ...]\n",
+ __progname);
+ exit(ex);
+}
diff --git a/sbin/newfs/Makefile b/sbin/newfs/Makefile
index ed9ad9d8d27c..d44fdbaa63fb 100644
--- a/sbin/newfs/Makefile
+++ b/sbin/newfs/Makefile
@@ -6,7 +6,7 @@ MAN8= newfs.8
MOUNT= ${.CURDIR}/../mount
CFLAGS+= -D_NEW_VFSCONF
-CFLAGS+=-DMFS -I${MOUNT}
+CFLAGS+=-DMFS -DFSIRAND -I${MOUNT}
.PATH: ${MOUNT} ${.CURDIR}/../disklabel
LINKS= ${BINDIR}/newfs ${BINDIR}/mount_mfs
diff --git a/sbin/newfs/mkfs.c b/sbin/newfs/mkfs.c
index ab4713da4b61..63ad1bf0bbc3 100644
--- a/sbin/newfs/mkfs.c
+++ b/sbin/newfs/mkfs.c
@@ -86,8 +86,6 @@ extern int realsectorsize; /* bytes/sector in hardware*/
extern int rpm; /* revolutions/minute of drive */
extern int interleave; /* hardware sector interleave */
extern int trackskew; /* sector 0 skew, per track */
-extern int headswitch; /* head switch time, usec */
-extern int trackseek; /* track-to-track seek, usec */
extern int fsize; /* fragment size */
extern int bsize; /* block size */
extern int cpg; /* cylinders/cylinder group */
@@ -121,6 +119,10 @@ union {
struct dinode zino[MAXBSIZE / sizeof(struct dinode)];
+#ifdef FSIRAND
+long fsi_random __P((void));
+#endif
+
int fsi, fso;
daddr_t alloc();
static int charsperline();
@@ -591,8 +593,6 @@ next:
sblock.fs_rotdelay = rotdelay;
sblock.fs_minfree = minfree;
sblock.fs_maxcontig = maxcontig;
- sblock.fs_headswitch = headswitch;
- sblock.fs_trkseek = trackseek;
sblock.fs_maxbpg = maxbpg;
sblock.fs_rps = rpm / 60;
sblock.fs_optim = opt;
@@ -604,6 +604,11 @@ next:
sblock.fs_fmod = 0;
sblock.fs_ronly = 0;
sblock.fs_clean = 1;
+#ifdef FSIRAND
+ sblock.fs_id[0] = (long)utime;
+ sblock.fs_id[1] = fsi_random();
+#endif
+
/*
* Dump out summary information about file system.
*/
@@ -751,9 +756,14 @@ initcg(cylno, utime)
setbit(cg_inosused(&acg), i);
acg.cg_cs.cs_nifree--;
}
- for (i = 0; i < sblock.fs_ipg / INOPF(&sblock); i += sblock.fs_frag)
+ for (i = 0; i < sblock.fs_ipg / INOPF(&sblock); i += sblock.fs_frag) {
+#ifdef FSIRAND
+ for (j = 0; j < sblock.fs_bsize / sizeof(struct dinode); j++)
+ zino[j].di_gen = fsi_random();
+#endif
wtfs(fsbtodb(&sblock, cgimin(&sblock, cylno) + i),
sblock.fs_bsize, (char *)zino);
+ }
if (cylno > 0) {
/*
* In cylno 0, beginning space is reserved
@@ -1057,6 +1067,9 @@ iput(ip, ino)
daddr_t d;
int c;
+#ifdef FSIRAND
+ ip->di_gen = fsi_random();
+#endif
c = ino_to_cg(&sblock, ino);
rdfs(fsbtodb(&sblock, cgtod(&sblock, 0)), sblock.fs_cgsize,
(char *)&acg);
@@ -1336,3 +1349,23 @@ charsperline()
columns = 80; /* last resort */
return columns;
}
+
+#ifdef FSIRAND
+long
+fsi_random(void) {
+ static int fd = -1;
+ long ret;
+
+ if (fd == -1) {
+ if ((fd = open("/dev/urandom", O_RDONLY)) == -1) {
+ perror("open /dev/urandom");
+ exit(1);
+ }
+ }
+ if (read(fd, &ret, sizeof(ret)) != sizeof(ret)) {
+ perror("read /dev/urandom");
+ exit(1);
+ }
+ return(ret);
+}
+#endif