4 files changed, 464 insertions, 0 deletions
diff --git a/usr.sbin/extattrctl/Makefile b/usr.sbin/extattrctl/Makefile
new file mode 100644
index 000000000000..9d6ecde2b179
--- /dev/null
+++ b/usr.sbin/extattrctl/Makefile
@@ -0,0 +1,4 @@
+PROG=	extattrctl
+MAN=	extattrctl.8
+
+.include <bsd.prog.mk>
diff --git a/usr.sbin/extattrctl/Makefile.depend b/usr.sbin/extattrctl/Makefile.depend
new file mode 100644
index 000000000000..678747db6f2c
--- /dev/null
+++ b/usr.sbin/extattrctl/Makefile.depend
@@ -0,0 +1,16 @@
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+	include \
+	include/xlocale \
+	lib/${CSU_DIR} \
+	lib/libc \
+	lib/libcompiler_rt \
+	lib/libutil \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif
diff --git a/usr.sbin/extattrctl/extattrctl.8 b/usr.sbin/extattrctl/extattrctl.8
new file mode 100644
index 000000000000..ea5f69c61126
--- /dev/null
+++ b/usr.sbin/extattrctl/extattrctl.8
@@ -0,0 +1,179 @@
+.\"-
+.\" Copyright (c) 2000-2001 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" Developed by the TrustedBSD Project.
+.\" Support for file system extended attribute.
+.\"
+.Dd March 30, 2000
+.Dt EXTATTRCTL 8
+.Os
+.Sh NAME
+.Nm extattrctl
+.Nd manage UFS1 extended attributes
+.Sh SYNOPSIS
+.Nm
+.Cm start
+.Ar path
+.Nm
+.Cm stop
+.Ar path
+.Nm
+.Cm initattr
+.Op Fl f
+.Op Fl p Ar path
+.Ar attrsize
+.Ar attrfile
+.Nm
+.Cm showattr
+.Ar attrfile
+.Nm
+.Cm enable
+.Ar path
+.Ar attrnamespace
+.Ar attrname
+.Ar attrfile
+.Nm
+.Cm disable
+.Ar path
+.Ar attrnamespace
+.Ar attrname
+.Sh DESCRIPTION
+The
+.Nm
+utility
+is the management utility for extended attributes over the UFS1 file system.
+It allows the starting and stopping of extended attributes on a file system,
+as well as initialization of attribute backing files, and enabling and
+disabling of specific extended attributes on a file system.
+.Pp
+The first argument on the command line indicates the operation to be
+performed.
+Operation must be one of the following:
+.Bl -tag -width indent
+.It Cm start Ar path
+Start extended attribute support on the file system named using
+.Ar path .
+The file system must be an UFS1 file system, and the UFS_EXTATTR kernel
+option must have been enabled.
+.It Cm stop Ar path
+Stop extended attribute support on the file system named using
+.Ar path .
+Extended attribute support must previously have been started.
+.It Xo
+.Cm initattr
+.Op Fl f
+.Op Fl p Ar path
+.Ar attrsize attrfile
+.Xc
+Create and initialize a file to use as an attribute backing file.
+You must specify a maximum per-inode size for the attribute in bytes in
+.Ar attrsize ,
+as well as the file where the attribute will be stored, using
+.Ar attrfile .
+.Pp
+The
+.Fl f
+argument may be used to indicate that it is alright to overwrite an
+existing attribute backing file; otherwise, if the target file exists,
+an error will be returned.
+.Pp
+The
+.Fl p Ar path
+argument may be used to preallocate space for all attributes rather than
+relying on sparse files to conserve space.
+This has the advantage of guaranteeing that space will be available
+for attributes when they are written, preventing low disk space conditions
+from denying attribute service.
+.Pp
+This file should not exist before running
+.Cm initattr .
+.It Cm showattr Ar attrfile
+Show the attribute header values in the attribute file named by
+.Ar attrfile .
+.It Cm enable Ar path attrnamespace attrname attrfile
+Enable an attribute named
+.Ar attrname
+in the namespace
+.Ar attrnamespace
+on the file system identified using
+.Ar path ,
+and backed by initialized attribute file
+.Ar attrfile .
+Available namespaces are "user" and "system".
+The backing file must have been initialized using
+.Cm initattr
+before its first use.
+Attributes must have been started on the file system prior to the
+enabling of any attributes.
+.It Cm disable Ar path attrnamespace attrname
+Disable the attributed named
+.Ar attrname
+in namespace
+.Ar attrnamespace
+on the file system identified by
+.Ar path .
+Available namespaces are "user" and "system".
+The file system must have attributes started on it, and the attribute
+most have been enabled using
+.Cm enable .
+.El
+.Sh EXAMPLES
+.Dl extattrctl start /
+.Pp
+Start extended attributes on the root file system.
+.Pp
+.Dl extattrctl initattr 17 /.attribute/system/md5
+.Pp
+Create an attribute backing file in /.attribute/system/md5, and set the maximum
+size of each attribute to 17 bytes, with a sparse file used for storing
+the attributes.
+.Pp
+.Dl extattrctl enable / system md5 /.attribute/system/md5
+.Pp
+Enable an attribute named md5 on the root file system, backed from the file
+/.attribute/system/md5.
+.Pp
+.Dl extattrctl disable / md5
+.Pp
+Disable the attribute named md5 on the root file system.
+.Pp
+.Dl extattrctl stop /
+.Pp
+Stop extended attributes on the root file system.
+.Sh SEE ALSO
+.Xr ffs 4 ,
+.Xr getextattr 8 ,
+.Xr setextattr 8 ,
+.Xr extattr 9
+.Sh HISTORY
+Extended attribute support was developed as part of the TrustedBSD Project,
+and introduced in
+.Fx 5.0 .
+It was developed to support security extensions requiring additional labels
+to be associated with each file or directory.
+.Sh AUTHORS
+.An Robert N M Watson
diff --git a/usr.sbin/extattrctl/extattrctl.c b/usr.sbin/extattrctl/extattrctl.c
new file mode 100644
index 000000000000..3243f1ad3f45
--- /dev/null
+++ b/usr.sbin/extattrctl/extattrctl.c
@@ -0,0 +1,265 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 1999-2002 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Developed by the TrustedBSD Project.
+ * Support for file system extended attribute.
+ */
+
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <sys/extattr.h>
+#include <sys/param.h>
+#include <sys/mount.h>
+
+#include <ufs/ufs/extattr.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <libutil.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int initattr(int argc, char *argv[]);
+int showattr(int argc, char *argv[]);
+long num_inodes_by_path(char *path);
+void usage(void);
+
+void
+usage(void)
+{
+
+	fprintf(stderr,
+	    "usage:\n"
+	    "  extattrctl start path\n"
+	    "  extattrctl stop path\n"
+	    "  extattrctl initattr [-f] [-p path] attrsize attrfile\n"
+	    "  extattrctl showattr attrfile\n"
+	    "  extattrctl enable path attrnamespace attrname attrfile\n"
+	    "  extattrctl disable path attrnamespace attrname\n");
+	exit(-1);
+}
+
+long
+num_inodes_by_path(char *path)
+{
+	struct statfs	buf;
+	int	error;
+
+	error = statfs(path, &buf);
+	if (error) {
+		perror("statfs");
+		return (-1);
+	}
+
+	return (buf.f_files);
+}
+
+static const char zero_buf[8192];
+
+int
+initattr(int argc, char *argv[])
+{
+	struct ufs_extattr_fileheader	uef;
+	char	*fs_path = NULL;
+	int	ch, i, error, flags;
+	ssize_t	wlen;
+	size_t	easize;
+
+	flags = O_CREAT | O_WRONLY | O_TRUNC | O_EXCL;
+	optind = 0;
+	while ((ch = getopt(argc, argv, "fp:r:w:")) != -1)
+		switch (ch) {
+		case 'f':
+			flags &= ~O_EXCL;
+			break;
+		case 'p':
+			fs_path = optarg;
+			break;
+		case '?':
+		default:
+			usage();
+		}
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc != 2)
+		usage();
+
+	error = 0;
+	if ((i = open(argv[1], flags, 0600)) == -1) {
+		/* unable to open file */
+		perror(argv[1]);
+		return (-1);
+	}
+	uef.uef_magic = UFS_EXTATTR_MAGIC;
+	uef.uef_version = UFS_EXTATTR_VERSION;
+	uef.uef_size = atoi(argv[0]);
+	if (write(i, &uef, sizeof(uef)) == -1)
+		error = -1;
+	else if (fs_path != NULL) {
+		easize = (sizeof uef + uef.uef_size) *
+		    num_inodes_by_path(fs_path);
+		while (easize > 0) {
+			if (easize > sizeof zero_buf)
+				wlen = write(i, zero_buf, sizeof zero_buf);
+			else
+				wlen = write(i, zero_buf, easize);
+			if (wlen == -1) {
+				error = -1;
+				break;
+			}
+			easize -= wlen;
+		}
+	}
+	if (error == -1) {
+		perror(argv[1]);
+		unlink(argv[1]);
+		close(i);
+		return (-1);
+	}
+
+	close(i);
+	return (0);
+}
+
+int
+showattr(int argc, char *argv[])
+{
+	struct ufs_extattr_fileheader	uef;
+	int i, fd;
+
+	if (argc != 1)
+		usage();
+
+	fd = open(argv[0], O_RDONLY);
+	if (fd == -1) {
+		perror(argv[0]);
+		return (-1);
+	}
+
+	i = read(fd, &uef, sizeof(uef));
+	if (i == -1) {
+		perror(argv[0]);
+		close(fd);
+		return (-1);
+	}
+	if (i != sizeof(uef)) {
+		fprintf(stderr, "%s: invalid file header\n", argv[0]);
+		close(fd);
+		return (-1);
+	}
+
+	if (uef.uef_magic != UFS_EXTATTR_MAGIC) {
+		fprintf(stderr, "%s: bad magic\n", argv[0]);
+		close(fd);
+		return (-1);
+	}
+
+	printf("%s: version %d, size %d\n", argv[0], uef.uef_version,
+	    uef.uef_size);
+
+	close(fd);
+	return (0);
+}
+
+int
+main(int argc, char *argv[])
+{
+	int	error = 0, attrnamespace;
+
+	if (argc < 2)
+		usage();
+
+	if (!strcmp(argv[1], "start")) {
+		if (argc != 3)
+			usage();
+		error = extattrctl(argv[2], UFS_EXTATTR_CMD_START, NULL, 0,
+		    NULL);
+		if (error) {
+			perror("extattrctl start");
+			return (-1);
+		}
+	} else if (!strcmp(argv[1], "stop")) {
+		if (argc != 3)
+			usage();
+		error = extattrctl(argv[2], UFS_EXTATTR_CMD_STOP, NULL, 0,
+		   NULL);
+		if (error) {
+			perror("extattrctl stop");
+			return (-1);
+		}
+	} else if (!strcmp(argv[1], "enable")) {
+		if (argc != 6)
+			usage();
+		error = extattr_string_to_namespace(argv[3], &attrnamespace);
+		if (error) {
+			perror("extattrctl enable");
+			return (-1);
+		}
+		error = extattrctl(argv[2], UFS_EXTATTR_CMD_ENABLE, argv[5],
+		    attrnamespace, argv[4]);
+		if (error) {
+			perror("extattrctl enable");
+			return (-1);
+		}
+	} else if (!strcmp(argv[1], "disable")) {
+		if (argc != 5)
+			usage();
+		error = extattr_string_to_namespace(argv[3], &attrnamespace);
+		if (error) {
+			perror("extattrctl disable");
+			return (-1);
+		}
+		error = extattrctl(argv[2], UFS_EXTATTR_CMD_DISABLE, NULL,
+		    attrnamespace, argv[4]);
+		if (error) {
+			perror("extattrctl disable");
+			return (-1);
+		}
+	} else if (!strcmp(argv[1], "initattr")) {
+		argc -= 2;
+		argv += 2;
+		error = initattr(argc, argv);
+		if (error)
+			return (-1);
+	} else if (!strcmp(argv[1], "showattr")) {
+		argc -= 2;
+		argv += 2;
+		error = showattr(argc, argv);
+		if (error)
+			return (-1);
+	} else
+		usage();
+
+	return (0);
+}