1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2001 Dima Dorfman.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29/*
30 * mdmfs (md/MFS) is a wrapper around mdconfig(8),
31 * newfs(8), and mount(8) that mimics the command line option set of
32 * the deprecated mount_mfs(8).
33 */
34
35#include <sys/cdefs.h>
36__FBSDID("$FreeBSD$");
37
38#include <sys/param.h>
39#include <sys/linker.h>
40#include <sys/mdioctl.h>
41#include <sys/module.h>
42#include <sys/mount.h>
43#include <sys/stat.h>
44#include <sys/wait.h>
45
46#include <assert.h>
47#include <err.h>
48#include <errno.h>
49#include <fcntl.h>
50#include <grp.h>
51#include <inttypes.h>
52#include <paths.h>
53#include <pwd.h>
54#include <stdarg.h>
55#include <stdio.h>
56#include <stdlib.h>
57#include <string.h>
58#include <ctype.h>
59#include <unistd.h>
60
61typedef enum { false, true } bool;
62
63struct mtpt_info {
64	uid_t		 mi_uid;
65	bool		 mi_have_uid;
66	gid_t		 mi_gid;
67	bool		 mi_have_gid;
68	mode_t		 mi_mode;
69	bool		 mi_have_mode;
70	bool		 mi_forced_pw;
71};
72
73static	bool debug;		/* Emit debugging information? */
74static	bool loudsubs;		/* Suppress output from helper programs? */
75static	bool norun;		/* Actually run the helper programs? */
76static	int unit;      		/* The unit we're working with. */
77static	const char *mdname;	/* Name of memory disk device (e.g., "md"). */
78static	const char *mdsuffix;	/* Suffix of memory disk device (e.g., ".uzip"). */
79static	size_t mdnamelen;	/* Length of mdname. */
80static	const char *path_mdconfig =_PATH_MDCONFIG;
81
82static void	 argappend(char **, const char *, ...) __printflike(2, 3);
83static void	 debugprintf(const char *, ...) __printflike(1, 2);
84static void	 do_mdconfig_attach(const char *, const enum md_types);
85static void	 do_mdconfig_attach_au(const char *, const enum md_types);
86static void	 do_mdconfig_detach(void);
87static void	 do_mount_md(const char *, const char *);
88static void	 do_mount_tmpfs(const char *, const char *);
89static void	 do_mtptsetup(const char *, struct mtpt_info *);
90static void	 do_newfs(const char *);
91static void	 do_copy(const char *, const char *);
92static void	 extract_ugid(const char *, struct mtpt_info *);
93static int	 run(int *, const char *, ...) __printflike(2, 3);
94static const char *run_exitstr(int);
95static int	 run_exitnumber(int);
96static void	 usage(void);
97
98int
99main(int argc, char **argv)
100{
101	struct mtpt_info mi;		/* Mountpoint info. */
102	intmax_t mdsize;
103	char *mdconfig_arg, *newfs_arg,	/* Args to helper programs. */
104	    *mount_arg;
105	enum md_types mdtype;		/* The type of our memory disk. */
106	bool have_mdtype, mlmac;
107	bool detach, softdep, autounit, newfs;
108	const char *mtpoint, *size_arg, *skel, *unitstr;
109	char *p;
110	int ch, idx;
111	void *set;
112	unsigned long ul;
113
114	/* Misc. initialization. */
115	(void)memset(&mi, '\0', sizeof(mi));
116	detach = true;
117	softdep = true;
118	autounit = false;
119	mlmac = false;
120	newfs = true;
121	have_mdtype = false;
122	skel = NULL;
123	mdtype = MD_SWAP;
124	mdname = MD_NAME;
125	mdnamelen = strlen(mdname);
126	mdsize = 0;
127	/*
128	 * Can't set these to NULL.  They may be passed to the
129	 * respective programs without modification.  I.e., we may not
130	 * receive any command-line options which will caused them to
131	 * be modified.
132	 */
133	mdconfig_arg = strdup("");
134	newfs_arg = strdup("");
135	mount_arg = strdup("");
136	size_arg = NULL;
137
138	/* If we were started as mount_mfs or mfs, imply -C. */
139	if (strcmp(getprogname(), "mount_mfs") == 0 ||
140	    strcmp(getprogname(), "mfs") == 0) {
141		/* Make compatibility assumptions. */
142		mi.mi_mode = 01777;
143		mi.mi_have_mode = true;
144	}
145
146	while ((ch = getopt(argc, argv,
147	    "a:b:Cc:Dd:E:e:F:f:hi:k:LlMm:NnO:o:Pp:Ss:tT:Uv:w:X")) != -1)
148		switch (ch) {
149		case 'a':
150			argappend(&newfs_arg, "-a %s", optarg);
151			break;
152		case 'b':
153			argappend(&newfs_arg, "-b %s", optarg);
154			break;
155		case 'C':
156			/* Ignored for compatibility. */
157			break;
158		case 'c':
159			argappend(&newfs_arg, "-c %s", optarg);
160			break;
161		case 'D':
162			detach = false;
163			break;
164		case 'd':
165			argappend(&newfs_arg, "-d %s", optarg);
166			break;
167		case 'E':
168			path_mdconfig = optarg;
169			break;
170		case 'e':
171			argappend(&newfs_arg, "-e %s", optarg);
172			break;
173		case 'F':
174			if (have_mdtype)
175				usage();
176			mdtype = MD_VNODE;
177			have_mdtype = true;
178			argappend(&mdconfig_arg, "-f %s", optarg);
179			break;
180		case 'f':
181			argappend(&newfs_arg, "-f %s", optarg);
182			break;
183		case 'h':
184			usage();
185			break;
186		case 'i':
187			argappend(&newfs_arg, "-i %s", optarg);
188			break;
189		case 'k':
190			skel = optarg;
191			break;
192		case 'L':
193			loudsubs = true;
194			break;
195		case 'l':
196			mlmac = true;
197			argappend(&newfs_arg, "-l");
198			break;
199		case 'M':
200			if (have_mdtype)
201				usage();
202			mdtype = MD_MALLOC;
203			have_mdtype = true;
204			argappend(&mdconfig_arg, "-o reserve");
205			break;
206		case 'm':
207			argappend(&newfs_arg, "-m %s", optarg);
208			break;
209		case 'N':
210			norun = true;
211			break;
212		case 'n':
213			argappend(&newfs_arg, "-n");
214			break;
215		case 'O':
216			argappend(&newfs_arg, "-o %s", optarg);
217			break;
218		case 'o':
219			argappend(&mount_arg, "-o %s", optarg);
220			break;
221		case 'P':
222			newfs = false;
223			break;
224		case 'p':
225			if ((set = setmode(optarg)) == NULL)
226				usage();
227			mi.mi_mode = getmode(set, S_IRWXU | S_IRWXG | S_IRWXO);
228			mi.mi_have_mode = true;
229			mi.mi_forced_pw = true;
230			free(set);
231			break;
232		case 'S':
233			softdep = false;
234			break;
235		case 's':
236			size_arg = optarg;
237			break;
238		case 't':
239			argappend(&newfs_arg, "-t");
240			break;
241		case 'T':
242			argappend(&mount_arg, "-t %s", optarg);
243			break;
244		case 'U':
245			softdep = true;
246			break;
247		case 'v':
248			argappend(&newfs_arg, "-O %s", optarg);
249			break;
250		case 'w':
251			extract_ugid(optarg, &mi);
252			mi.mi_forced_pw = true;
253			break;
254		case 'X':
255			debug = true;
256			break;
257		default:
258			usage();
259		}
260	argc -= optind;
261	argv += optind;
262	if (argc < 2)
263		usage();
264
265	/*
266	 * Historically our size arg was passed directly to mdconfig, which
267	 * treats a number without a suffix as a count of 512-byte sectors;
268	 * tmpfs would treat it as a count of bytes.  To get predictable
269	 * behavior for 'auto' we document that the size always uses mdconfig
270	 * rules.  To make that work, decode the size here so it can be passed
271	 * to either tmpfs or mdconfig as a count of bytes.
272	 */
273	if (size_arg != NULL) {
274		mdsize = (intmax_t)strtoumax(size_arg, &p, 0);
275		if (p == size_arg || (p[0] != 0 && p[1] != 0) || mdsize < 0)
276			errx(1, "invalid size '%s'", size_arg);
277		switch (*p) {
278		case 'p':
279		case 'P':
280			mdsize *= 1024;
281		case 't':
282		case 'T':
283			mdsize *= 1024;
284		case 'g':
285		case 'G':
286			mdsize *= 1024;
287		case 'm':
288		case 'M':
289			mdsize *= 1024;
290		case 'k':
291		case 'K':
292			mdsize *= 1024;
293		case 'b':
294		case 'B':
295			break;
296		case '\0':
297			mdsize *= 512;
298			break;
299		default:
300			errx(1, "invalid size suffix on '%s'", size_arg);
301		}
302	}
303
304	/*
305	 * Based on the command line 'md-device' either mount a tmpfs filesystem
306	 * or configure the md device then format and mount a filesystem on it.
307	 * If the device is 'auto' use tmpfs if it is available and there is no
308	 * request for multilabel MAC (which tmpfs does not support).
309	 */
310	unitstr = argv[0];
311	mtpoint = argv[1];
312
313	if (strcmp(unitstr, "auto") == 0) {
314		if (mlmac)
315			idx = -1; /* Must use md for mlmac. */
316		else if ((idx = modfind("tmpfs")) == -1)
317			idx = kldload("tmpfs");
318		if (idx == -1)
319			unitstr = "md";
320		else
321			unitstr = "tmpfs";
322	}
323
324	if (strcmp(unitstr, "tmpfs") == 0) {
325		if (size_arg != NULL && mdsize != 0)
326			argappend(&mount_arg, "-o size=%jd", mdsize);
327		do_mount_tmpfs(mount_arg, mtpoint);
328	} else {
329		if (size_arg != NULL)
330			argappend(&mdconfig_arg, "-s %jdB", mdsize);
331		if (strncmp(unitstr, "/dev/", 5) == 0)
332			unitstr += 5;
333		if (strncmp(unitstr, mdname, mdnamelen) == 0)
334			unitstr += mdnamelen;
335		if (!isdigit(*unitstr)) {
336			autounit = true;
337			unit = -1;
338			mdsuffix = unitstr;
339		} else {
340			ul = strtoul(unitstr, &p, 10);
341			if (ul == ULONG_MAX)
342				errx(1, "bad device unit: %s", unitstr);
343			unit = ul;
344			mdsuffix = p;	/* can be empty */
345		}
346
347		if (!have_mdtype)
348			mdtype = MD_SWAP;
349		if (softdep)
350			argappend(&newfs_arg, "-U");
351		if (mdtype != MD_VNODE && !newfs)
352			errx(1, "-P requires a vnode-backed disk");
353
354		/* Do the work. */
355		if (detach && !autounit)
356			do_mdconfig_detach();
357		if (autounit)
358			do_mdconfig_attach_au(mdconfig_arg, mdtype);
359		else
360			do_mdconfig_attach(mdconfig_arg, mdtype);
361		if (newfs)
362			do_newfs(newfs_arg);
363		do_mount_md(mount_arg, mtpoint);
364	}
365
366	do_mtptsetup(mtpoint, &mi);
367	if (skel != NULL)
368		do_copy(mtpoint, skel);
369
370	return (0);
371}
372
373/*
374 * Append the expansion of 'fmt' to the buffer pointed to by '*dstp';
375 * reallocate as required.
376 */
377static void
378argappend(char **dstp, const char *fmt, ...)
379{
380	char *old, *new;
381	va_list ap;
382
383	old = *dstp;
384	assert(old != NULL);
385
386	va_start(ap, fmt);
387	if (vasprintf(&new, fmt,ap) == -1)
388		errx(1, "vasprintf");
389	va_end(ap);
390
391	*dstp = new;
392	if (asprintf(&new, "%s %s", old, new) == -1)
393		errx(1, "asprintf");
394	free(*dstp);
395	free(old);
396
397	*dstp = new;
398}
399
400/*
401 * If run-time debugging is enabled, print the expansion of 'fmt'.
402 * Otherwise, do nothing.
403 */
404static void
405debugprintf(const char *fmt, ...)
406{
407	va_list ap;
408
409	if (!debug)
410		return;
411	fprintf(stderr, "DEBUG: ");
412	va_start(ap, fmt);
413	vfprintf(stderr, fmt, ap);
414	va_end(ap);
415	fprintf(stderr, "\n");
416	fflush(stderr);
417}
418
419/*
420 * Attach a memory disk with a known unit.
421 */
422static void
423do_mdconfig_attach(const char *args, const enum md_types mdtype)
424{
425	int rv;
426	const char *ta;		/* Type arg. */
427
428	switch (mdtype) {
429	case MD_SWAP:
430		ta = "-t swap";
431		break;
432	case MD_VNODE:
433		ta = "-t vnode";
434		break;
435	case MD_MALLOC:
436		ta = "-t malloc";
437		break;
438	default:
439		abort();
440	}
441	rv = run(NULL, "%s -a %s%s -u %s%d", path_mdconfig, ta, args,
442	    mdname, unit);
443	if (rv)
444		errx(1, "mdconfig (attach) exited %s %d", run_exitstr(rv),
445		    run_exitnumber(rv));
446}
447
448/*
449 * Attach a memory disk with an unknown unit; use autounit.
450 */
451static void
452do_mdconfig_attach_au(const char *args, const enum md_types mdtype)
453{
454	const char *ta;		/* Type arg. */
455	char *linep;
456	char linebuf[12];	/* 32-bit unit (10) + '\n' (1) + '\0' (1) */
457	int fd;			/* Standard output of mdconfig invocation. */
458	FILE *sfd;
459	int rv;
460	char *p;
461	size_t linelen;
462	unsigned long ul;
463
464	switch (mdtype) {
465	case MD_SWAP:
466		ta = "-t swap";
467		break;
468	case MD_VNODE:
469		ta = "-t vnode";
470		break;
471	case MD_MALLOC:
472		ta = "-t malloc";
473		break;
474	default:
475		abort();
476	}
477	rv = run(&fd, "%s -a %s%s", path_mdconfig, ta, args);
478	if (rv)
479		errx(1, "mdconfig (attach) exited %s %d", run_exitstr(rv),
480		    run_exitnumber(rv));
481
482	/* Receive the unit number. */
483	if (norun) {	/* Since we didn't run, we can't read.  Fake it. */
484		unit = 0;
485		return;
486	}
487	sfd = fdopen(fd, "r");
488	if (sfd == NULL)
489		err(1, "fdopen");
490	linep = fgetln(sfd, &linelen);
491	/* If the output format changes, we want to know about it. */
492	if (linep == NULL || linelen <= mdnamelen + 1 ||
493	    linelen - mdnamelen >= sizeof(linebuf) ||
494	    strncmp(linep, mdname, mdnamelen) != 0)
495		errx(1, "unexpected output from mdconfig (attach)");
496	linep += mdnamelen;
497	linelen -= mdnamelen;
498	/* Can't use strlcpy because linep is not NULL-terminated. */
499	strncpy(linebuf, linep, linelen);
500	linebuf[linelen] = '\0';
501	ul = strtoul(linebuf, &p, 10);
502	if (ul == ULONG_MAX || *p != '\n')
503		errx(1, "unexpected output from mdconfig (attach)");
504	unit = ul;
505
506	fclose(sfd);
507}
508
509/*
510 * Detach a memory disk.
511 */
512static void
513do_mdconfig_detach(void)
514{
515	int rv;
516
517	rv = run(NULL, "%s -d -u %s%d", path_mdconfig, mdname, unit);
518	if (rv && debug)	/* This is allowed to fail. */
519		warnx("mdconfig (detach) exited %s %d (ignored)",
520		    run_exitstr(rv), run_exitnumber(rv));
521}
522
523/*
524 * Mount the configured memory disk.
525 */
526static void
527do_mount_md(const char *args, const char *mtpoint)
528{
529	int rv;
530
531	rv = run(NULL, "%s%s /dev/%s%d%s %s", _PATH_MOUNT, args,
532	    mdname, unit, mdsuffix, mtpoint);
533	if (rv)
534		errx(1, "mount exited %s %d", run_exitstr(rv),
535		    run_exitnumber(rv));
536}
537
538/*
539 * Mount the configured tmpfs.
540 */
541static void
542do_mount_tmpfs(const char *args, const char *mtpoint)
543{
544	int rv;
545
546	rv = run(NULL, "%s -t tmpfs %s tmp %s", _PATH_MOUNT, args, mtpoint);
547	if (rv)
548		errx(1, "tmpfs mount exited %s %d", run_exitstr(rv),
549		    run_exitnumber(rv));
550}
551
552/*
553 * Various configuration of the mountpoint.  Mostly, enact 'mip'.
554 */
555static void
556do_mtptsetup(const char *mtpoint, struct mtpt_info *mip)
557{
558	struct statfs sfs;
559
560	if (!mip->mi_have_mode && !mip->mi_have_uid && !mip->mi_have_gid)
561		return;
562
563	if (!norun) {
564		if (statfs(mtpoint, &sfs) == -1) {
565			warn("statfs: %s", mtpoint);
566			return;
567		}
568		if ((sfs.f_flags & MNT_RDONLY) != 0) {
569			if (mip->mi_forced_pw) {
570				warnx(
571	"Not changing mode/owner of %s since it is read-only",
572				    mtpoint);
573			} else {
574				debugprintf(
575	"Not changing mode/owner of %s since it is read-only",
576				    mtpoint);
577			}
578			return;
579		}
580	}
581
582	if (mip->mi_have_mode) {
583		debugprintf("changing mode of %s to %o.", mtpoint,
584		    mip->mi_mode);
585		if (!norun)
586			if (chmod(mtpoint, mip->mi_mode) == -1)
587				err(1, "chmod: %s", mtpoint);
588	}
589	/*
590	 * We have to do these separately because the user may have
591	 * only specified one of them.
592	 */
593	if (mip->mi_have_uid) {
594		debugprintf("changing owner (user) or %s to %u.", mtpoint,
595		    mip->mi_uid);
596		if (!norun)
597			if (chown(mtpoint, mip->mi_uid, -1) == -1)
598				err(1, "chown %s to %u (user)", mtpoint,
599				    mip->mi_uid);
600	}
601	if (mip->mi_have_gid) {
602		debugprintf("changing owner (group) or %s to %u.", mtpoint,
603		    mip->mi_gid);
604		if (!norun)
605			if (chown(mtpoint, -1, mip->mi_gid) == -1)
606				err(1, "chown %s to %u (group)", mtpoint,
607				    mip->mi_gid);
608	}
609}
610
611/*
612 * Put a file system on the memory disk.
613 */
614static void
615do_newfs(const char *args)
616{
617	int rv;
618
619	rv = run(NULL, "%s%s /dev/%s%d", _PATH_NEWFS, args, mdname, unit);
620	if (rv)
621		errx(1, "newfs exited %s %d", run_exitstr(rv),
622		    run_exitnumber(rv));
623}
624
625
626/*
627 * Copy skel into the mountpoint.
628 */
629static void
630do_copy(const char *mtpoint, const char *skel)
631{
632	int rv;
633
634	rv = chdir(skel);
635	if (rv != 0)
636		err(1, "chdir to %s", skel);
637	rv = run(NULL, "/bin/pax -rw -pe . %s", mtpoint);
638	if (rv != 0)
639		errx(1, "skel copy failed");
640}
641
642/*
643 * 'str' should be a user and group name similar to the last argument
644 * to chown(1); i.e., a user, followed by a colon, followed by a
645 * group.  The user and group in 'str' may be either a [ug]id or a
646 * name.  Upon return, the uid and gid fields in 'mip' will contain
647 * the uid and gid of the user and group name in 'str', respectively.
648 *
649 * In other words, this derives a user and group id from a string
650 * formatted like the last argument to chown(1).
651 *
652 * Notice: At this point we don't support only a username or only a
653 * group name. do_mtptsetup already does, so when this feature is
654 * desired, this is the only routine that needs to be changed.
655 */
656static void
657extract_ugid(const char *str, struct mtpt_info *mip)
658{
659	char *ug;			/* Writable 'str'. */
660	char *user, *group;		/* Result of extracton. */
661	struct passwd *pw;
662	struct group *gr;
663	char *p;
664	uid_t *uid;
665	gid_t *gid;
666
667	uid = &mip->mi_uid;
668	gid = &mip->mi_gid;
669	mip->mi_have_uid = mip->mi_have_gid = false;
670
671	/* Extract the user and group from 'str'.  Format above. */
672	ug = strdup(str);
673	assert(ug != NULL);
674	group = ug;
675	user = strsep(&group, ":");
676	if (user == NULL || group == NULL || *user == '\0' || *group == '\0')
677		usage();
678
679	/* Derive uid. */
680	*uid = strtoul(user, &p, 10);
681	if (*uid == (uid_t)ULONG_MAX)
682		usage();
683	if (*p != '\0') {
684		pw = getpwnam(user);
685		if (pw == NULL)
686			errx(1, "invalid user: %s", user);
687		*uid = pw->pw_uid;
688	}
689	mip->mi_have_uid = true;
690
691	/* Derive gid. */
692	*gid = strtoul(group, &p, 10);
693	if (*gid == (gid_t)ULONG_MAX)
694		usage();
695	if (*p != '\0') {
696		gr = getgrnam(group);
697		if (gr == NULL)
698			errx(1, "invalid group: %s", group);
699		*gid = gr->gr_gid;
700	}
701	mip->mi_have_gid = true;
702
703	free(ug);
704}
705
706/*
707 * Run a process with command name and arguments pointed to by the
708 * formatted string 'cmdline'.  Since system(3) is not used, the first
709 * space-delimited token of 'cmdline' must be the full pathname of the
710 * program to run.
711 *
712 * The return value is the return code of the process spawned, or a negative
713 * signal number if the process exited due to an uncaught signal.
714 *
715 * If 'ofd' is non-NULL, it is set to the standard output of
716 * the program spawned (i.e., you can read from ofd and get the output
717 * of the program).
718 */
719static int
720run(int *ofd, const char *cmdline, ...)
721{
722	char **argv, **argvp;		/* Result of splitting 'cmd'. */
723	int argc;
724	char *cmd;			/* Expansion of 'cmdline'. */
725	int pid, status;		/* Child info. */
726	int pfd[2];			/* Pipe to the child. */
727	int nfd;			/* Null (/dev/null) file descriptor. */
728	bool dup2dn;			/* Dup /dev/null to stdout? */
729	va_list ap;
730	char *p;
731	int rv, i;
732
733	dup2dn = true;
734	va_start(ap, cmdline);
735	rv = vasprintf(&cmd, cmdline, ap);
736	if (rv == -1)
737		err(1, "vasprintf");
738	va_end(ap);
739
740	/* Split up 'cmd' into 'argv' for use with execve. */
741	for (argc = 1, p = cmd; (p = strchr(p, ' ')) != NULL; p++)
742		argc++;		/* 'argc' generation loop. */
743	argv = (char **)malloc(sizeof(*argv) * (argc + 1));
744	assert(argv != NULL);
745	for (p = cmd, argvp = argv; (*argvp = strsep(&p, " ")) != NULL;)
746		if (**argvp != '\0')
747			if (++argvp >= &argv[argc]) {
748				*argvp = NULL;
749				break;
750			}
751	assert(*argv);
752	/* The argv array ends up NULL-terminated here. */
753
754	/* Make sure the above loop works as expected. */
755	if (debug) {
756		/*
757		 * We can't, but should, use debugprintf here.  First,
758		 * it appends a trailing newline to the output, and
759		 * second it prepends "DEBUG: " to the output.  The
760		 * former is a problem for this would-be first call,
761		 * and the latter for the would-be call inside the
762		 * loop.
763		 */
764		(void)fprintf(stderr, "DEBUG: running:");
765		/* Should be equivalent to 'cmd' (before strsep, of course). */
766		for (i = 0; argv[i] != NULL; i++)
767			(void)fprintf(stderr, " %s", argv[i]);
768		(void)fprintf(stderr, "\n");
769	}
770
771	/* Create a pipe if necessary and fork the helper program. */
772	if (ofd != NULL) {
773		if (pipe(&pfd[0]) == -1)
774			err(1, "pipe");
775		*ofd = pfd[0];
776		dup2dn = false;
777	}
778	pid = fork();
779	switch (pid) {
780	case 0:
781		/* XXX can we call err() in here? */
782		if (norun)
783			_exit(0);
784		if (ofd != NULL)
785			if (dup2(pfd[1], STDOUT_FILENO) < 0)
786				err(1, "dup2");
787		if (!loudsubs) {
788			nfd = open(_PATH_DEVNULL, O_RDWR);
789			if (nfd == -1)
790				err(1, "open: %s", _PATH_DEVNULL);
791			if (dup2(nfd, STDIN_FILENO) < 0)
792				err(1, "dup2");
793			if (dup2dn)
794				if (dup2(nfd, STDOUT_FILENO) < 0)
795				   err(1, "dup2");
796			if (dup2(nfd, STDERR_FILENO) < 0)
797				err(1, "dup2");
798		}
799
800		(void)execv(argv[0], argv);
801		warn("exec: %s", argv[0]);
802		_exit(-1);
803	case -1:
804		err(1, "fork");
805	}
806
807	free(cmd);
808	free(argv);
809	while (waitpid(pid, &status, 0) != pid)
810		;
811	if (WIFEXITED(status))
812		return (WEXITSTATUS(status));
813	if (WIFSIGNALED(status))
814		return (-WTERMSIG(status));
815	err(1, "unexpected waitpid status: 0x%x", status);
816}
817
818/*
819 * If run() returns non-zero, provide a string explaining why.
820 */
821static const char *
822run_exitstr(int rv)
823{
824	if (rv > 0)
825		return ("with error code");
826	if (rv < 0)
827		return ("with signal");
828	return (NULL);
829}
830
831/*
832 * If run returns non-zero, provide a relevant number.
833 */
834static int
835run_exitnumber(int rv)
836{
837	if (rv < 0)
838		return (-rv);
839	return (rv);
840}
841
842static void
843usage(void)
844{
845
846	fprintf(stderr,
847"usage: %s [-DLlMNnPStUX] [-a maxcontig] [-b block-size]\n"
848"\t[-c blocks-per-cylinder-group][-d max-extent-size] [-E path-mdconfig]\n"
849"\t[-e maxbpg] [-F file] [-f frag-size] [-i bytes] [-k skel]\n"
850"\t[-m percent-free] [-O optimization] [-o mount-options]\n"
851"\t[-p permissions] [-s size] [-v version] [-w user:group]\n"
852"\tmd-device mount-point\n", getprogname());
853	exit(1);
854}
855