From: | ibotty <bsd@xxxxxxxxxx> |
Date: | Thu, 25 Sep 2003 15:39:35 +0200 |
now, a preliminary patch, that works on my system. preliminary, in that it currently does not fulfill requirement a), and that it has no manpage, and the comments in mount.h should be updated. additionally, to ease linux->dragonFlyBSD transition, i should modify mount(8) to call usermount, if a 'user' filesystem is to be mounted. i am open if this is desired. in short, everything else is implemented. now to the detailed description: > :a) only let LOCAL users (owning the system console) mount currently not implemented. > :b) only mounting of fstab entries with 'user' option are allowed. implemented. > :c) user does not need rw-access to device > :regarding c), ro-access should still be required > : > > I don't see a problem with rw-access. e.g. removable media needs rw > access. It would be controlled by the fstab. i currently allow every user to mount a fs with 'user' option, but a check, if this user may read/write the device should be fairly easy to implement. (in usermount.c: usermount().) > :d) user should mount on specified mountpoint (e.g. on /cdrom, not own > :file) > :if i should not implement d), we should still force the user to mount the > :cdrom at ~/cdrom (or ~/Volumes/cdrom, just prepending $HOME before the > :fstab mount point). > > This is too dangerous, generally speaking. ifdef MOUNT_IN_HOME, the fs is mounted at ~/mount_point, on /mount_point otherwise. the default is mounting on /mount_point. btw: i have to cleanup the MOUNT_IN_HOME option still. it works, but can be easily fooled, i guess. > :this all could be safely in one mount(2), all it would require is an > :additional flag (say MNT_SETUID) in mount.h. > > The flag idea is fine. I don't think we should be renaming system > calls. there already was the MNT_USER flag (in /usr/include/sys/mount.h), so i just used this one. > :usermount should be fairly easy to secure. > :it would only take ONE parameter ;). it still takes on parameter, if this parameter is "-p", it prints every fsentry, which has a 'user' mountoption. every other parameter is checked to be either a special device or a mountpoint (of an fsent with 'user' option). if it is not, nothing is done. else, mount /mount_point is called. there should be no big security holes ;) (if MOUNT_IN_HOME is set, there may be one i need to investigate) btw: i do not mind, if you discard MOUNT_IN_HOME, i do not like this option. ~ibotty
Index: sbin/mount/extern.h =================================================================== RCS file: /home/src/dcvs/src/sbin/mount/extern.h,v retrieving revision 1.2 diff -u -3 -p -r1.2 extern.h --- sbin/mount/extern.h 17 Jun 2003 04:27:33 -0000 1.2 +++ sbin/mount/extern.h 25 Sep 2003 11:24:27 -0000 @@ -28,8 +28,8 @@ */ /* vfslist.c */ -int checkvfsname __P((const char *, const char **)); -const char **makevfslist __P((char *)); +int checkvfsname (const char *, const char **); +const char **makevfslist (char *); /* mount_ufs.c */ -int mount_ufs __P((int, char *const *)); +int mount_ufs (int, char *const *); Index: sbin/mount/getmntopts.c =================================================================== RCS file: /home/src/dcvs/src/sbin/mount/getmntopts.c,v retrieving revision 1.2 diff -u -3 -p -r1.2 getmntopts.c --- sbin/mount/getmntopts.c 17 Jun 2003 04:27:33 -0000 1.2 +++ sbin/mount/getmntopts.c 25 Sep 2003 12:18:47 -0000 @@ -49,11 +49,10 @@ int getmnt_silent = 0; void -getmntopts(options, m0, flagp, altflagp) - const char *options; - const struct mntopt *m0; - int *flagp; - int *altflagp; +getmntopts(const char *options, + const struct mntopt *m0, + int *flagp, + int *altflagp) { const struct mntopt *m; int negative, len; @@ -106,9 +105,7 @@ getmntopts(options, m0, flagp, altflagp) } void -rmslashes(rrpin, rrpout) - char *rrpin; - char *rrpout; +rmslashes(char *rrpin, char *rrpout) { char *rrpoutstart; @@ -128,9 +125,7 @@ rmslashes(rrpin, rrpout) } void -checkpath(path, resolved) - const char *path; - char *resolved; +checkpath(const char *path, char *resolved) { struct stat sb; Index: sbin/mount/mntopts.h =================================================================== RCS file: /home/src/dcvs/src/sbin/mount/mntopts.h,v retrieving revision 1.2 diff -u -3 -p -r1.2 mntopts.h --- sbin/mount/mntopts.h 17 Jun 2003 04:27:33 -0000 1.2 +++ sbin/mount/mntopts.h 25 Sep 2003 11:34:38 -0000 @@ -57,6 +57,7 @@ struct mntopt { #define MOPT_NOCLUSTERR { "clusterr", 1, MNT_NOCLUSTERR, 0 } #define MOPT_NOCLUSTERW { "clusterw", 1, MNT_NOCLUSTERW, 0 } #define MOPT_SUIDDIR { "suiddir", 0, MNT_SUIDDIR, 0 } +#define MOPT_USER { "user", 0, MNT_USER, 0 } /* Control flags. */ #define MOPT_FORCE { "force", 0, MNT_FORCE, 0 } @@ -70,7 +71,8 @@ struct mntopt { #define MOPT_FSTAB_COMPAT \ MOPT_RO, \ MOPT_RW, \ - MOPT_AUTO + MOPT_AUTO, \ + MOPT_USER /* Standard options which all mounts can understand. */ #define MOPT_STDOPTS \ @@ -88,7 +90,7 @@ struct mntopt { MOPT_NOCLUSTERR, \ MOPT_NOCLUSTERW -void getmntopts __P((const char *, const struct mntopt *, int *, int *)); -void rmslashes __P((char *, char *)); -void checkpath __P((const char *, char resolved_path[])); +void getmntopts (const char *, const struct mntopt *, int *, int *); +void rmslashes (char *, char *); +void checkpath (const char *, char resolved_path[]); extern int getmnt_silent; Index: sbin/mount/mount.8 =================================================================== RCS file: /home/src/dcvs/src/sbin/mount/mount.8,v retrieving revision 1.2 diff -u -3 -p -r1.2 mount.8 --- sbin/mount/mount.8 17 Jun 2003 04:27:33 -0000 1.2 +++ sbin/mount/mount.8 25 Sep 2003 11:43:32 -0000 @@ -213,6 +213,8 @@ Lookups will be done in the mounted file If those operations fail due to a non-existent file the underlying directory is then accessed. All creates are done in the mounted filesystem. +.It Cm user +Allow any user to mount this filesystem. .El .Pp Any additional options specific to a filesystem type that is not Index: sbin/mount/mount.c =================================================================== RCS file: /home/src/dcvs/src/sbin/mount/mount.c,v retrieving revision 1.2 diff -u -3 -p -r1.2 mount.c --- sbin/mount/mount.c 17 Jun 2003 04:27:33 -0000 1.2 +++ sbin/mount/mount.c 25 Sep 2003 13:26:20 -0000 @@ -61,21 +61,21 @@ int debug, fstab_style, verbose; -char *catopt __P((char *, const char *)); +char *catopt (char *, const char *); struct statfs - *getmntpt __P((const char *)); -int hasopt __P((const char *, const char *)); -int ismounted __P((struct fstab *, struct statfs *, int)); -int isremountable __P((const char *)); -void mangle __P((char *, int *, const char **)); -char *update_options __P((char *, char *, int)); -int mountfs __P((const char *, const char *, const char *, - int, const char *, const char *)); -void remopt __P((char *, const char *)); -void prmount __P((struct statfs *)); -void putfsent __P((const struct statfs *)); -void usage __P((void)); -char *flags2opts __P((int)); + *getmntpt (const char *); +int hasopt (const char *, const char *); +int ismounted (struct fstab *, struct statfs *, int); +int isremountable (const char *); +void mangle (char *, int *, const char **); +char *update_options (char *, char *, int); +int mountfs (const char *, const char *, const char *, + int, const char *, const char *); +void remopt (char *, const char *); +void prmount (struct statfs *); +void putfsent (const struct statfs *); +void usage (void); +char *flags2opts (int); /* Map from mount options to printable formats. */ static struct opt { @@ -113,9 +113,7 @@ remountable_fs_names[] = { }; int -main(argc, argv) - int argc; - char * const argv[]; +main(int argc, char * const argv[]) { const char *mntfromname, **vfslist, *vfstype; struct fstab *fs; @@ -129,6 +127,8 @@ main(argc, argv) options = NULL; vfslist = NULL; vfstype = "ufs"; + + /* iterate over options */ while ((ch = getopt(argc, argv, "adfo:prwt:uv")) != -1) switch (ch) { case 'a': @@ -176,7 +176,8 @@ main(argc, argv) #define BADTYPE(type) \ (strcmp(type, FSTAB_RO) && \ - strcmp(type, FSTAB_RW) && strcmp(type, FSTAB_RQ)) + strcmp(type, FSTAB_RW) && \ + strcmp(type, FSTAB_RQ)) rval = 0; switch (argc) { @@ -194,18 +195,21 @@ main(argc, argv) if (!(init_flags & MNT_UPDATE) && ismounted(fs, mntbuf, mntsize)) continue; + if (mountfs(fs->fs_vfstype, fs->fs_spec, fs->fs_file, init_flags, options, fs->fs_mntops)) rval = 1; } - } else if (fstab_style) { + } else if (fstab_style) /* only print */ + { for (i = 0; i < mntsize; i++) { if (checkvfsname(mntbuf[i].f_fstypename, vfslist)) continue; putfsent(&mntbuf[i]); } - } else { + } else /* print currently mounted filesystems */ + { for (i = 0; i < mntsize; i++) { if (checkvfsname(mntbuf[i].f_fstypename, vfslist)) @@ -219,6 +223,7 @@ main(argc, argv) usage(); if (init_flags & MNT_UPDATE) { + mntfromname = NULL; have_fstab = 0; if ((mntbuf = getmntpt(*argv)) == NULL) @@ -253,7 +258,7 @@ main(argc, argv) mntbuf->f_flags); } rval = mountfs(mntbuf->f_fstypename, mntfromname, - mntbuf->f_mntonname, init_flags, options, 0); + mntbuf->f_mntonname, init_flags, options, NULL); break; } rmslashes(*argv, *argv); @@ -264,6 +269,7 @@ main(argc, argv) if (BADTYPE(fs->fs_type)) errx(1, "%s has unknown file system type", *argv); + rval = mountfs(fs->fs_vfstype, fs->fs_spec, fs->fs_file, init_flags, options, fs->fs_mntops); break; @@ -287,7 +293,8 @@ main(argc, argv) /* * If the mount was successfully, and done by root, tell mountd the - * good news. Pid checks are probably unnecessary, but don't hurt. + * good news. + * Do not tell mountd, if mounted by non-root user. */ if (rval == 0 && getuid() == 0 && (mountdfp = fopen(_PATH_MOUNTDPID, "r")) != NULL) { @@ -301,10 +308,7 @@ main(argc, argv) } int -ismounted(fs, mntbuf, mntsize) - struct fstab *fs; - struct statfs *mntbuf; - int mntsize; +ismounted(struct fstab *fs, struct statfs *mntbuf, int mntsize) { int i; @@ -321,8 +325,8 @@ ismounted(fs, mntbuf, mntsize) } int -isremountable(vfsname) - const char *vfsname; +isremountable(const char *vfsname) + { const char **cp; @@ -333,8 +337,7 @@ isremountable(vfsname) } int -hasopt(mntopts, option) - const char *mntopts, *option; +hasopt(const char *mntopts, const char *option) { int negative, found; char *opt, *optbuf; @@ -357,10 +360,17 @@ hasopt(mntopts, option) return (found); } + +/* + * Mount the filesystem using mount_<type>. + */ int -mountfs(vfstype, spec, name, flags, options, mntopts) - const char *vfstype, *spec, *name, *options, *mntopts; - int flags; +mountfs(const char *vfstype, + const char *spec, + const char *name, + int flags, + const char *options, + const char *mntopts ) { /* List of directories containing mount_xxx subcommands. */ static const char *edirs[] = { @@ -379,6 +389,7 @@ mountfs(vfstype, spec, name, flags, opti (void)&name; #endif + /* resolve the mountpoint with realpath(3) */ (void)checkpath(name, mntpath); name = mntpath; @@ -490,8 +501,7 @@ mountfs(vfstype, spec, name, flags, opti } void -prmount(sfp) - struct statfs *sfp; +prmount(struct statfs *sfp) { int flags; struct opt *o; @@ -525,8 +535,7 @@ prmount(sfp) } struct statfs * -getmntpt(name) - const char *name; +getmntpt(const char *name) { struct statfs *mntbuf; int i, mntsize; @@ -541,9 +550,7 @@ getmntpt(name) } char * -catopt(s0, s1) - char *s0; - const char *s1; +catopt(char *s0, const char *s1) { size_t i; char *cp; @@ -565,10 +572,7 @@ catopt(s0, s1) } void -mangle(options, argcp, argv) - char *options; - int *argcp; - const char **argv; +mangle(char *options, int *argcp, const char **argv) { char *p, *s; int argc; @@ -594,10 +598,7 @@ mangle(options, argcp, argv) char * -update_options(opts, fstab, curflags) - char *opts; - char *fstab; - int curflags; +update_options(char *opts, char *fstab, int curflags) { char *o, *p; char *cur; @@ -652,9 +653,7 @@ update_options(opts, fstab, curflags) } void -remopt(string, opt) - char *string; - const char *opt; +remopt(char *string, const char *opt) { char *o, *p, *r; @@ -687,8 +686,7 @@ usage() } void -putfsent(ent) - const struct statfs *ent; +putfsent(const struct statfs *ent) { struct fstab *fst; char *opts; @@ -713,8 +711,7 @@ putfsent(ent) char * -flags2opts(flags) - int flags; +flags2opts(int flags) { char *res; Index: sbin/mount/mount_ufs.c =================================================================== RCS file: /home/src/dcvs/src/sbin/mount/mount_ufs.c,v retrieving revision 1.3 diff -u -3 -p -r1.3 mount_ufs.c --- sbin/mount/mount_ufs.c 8 Aug 2003 04:18:39 -0000 1.3 +++ sbin/mount/mount_ufs.c 25 Sep 2003 13:28:49 -0000 @@ -50,7 +50,7 @@ #include "extern.h" #include "mntopts.h" -static void ufs_usage __P((void)); +static void ufs_usage (void); static struct mntopt mopts[] = { MOPT_STDOPTS, @@ -58,13 +58,12 @@ static struct mntopt mopts[] = { MOPT_FORCE, MOPT_SYNC, MOPT_UPDATE, { NULL } }; int -mount_ufs(argc, argv) - int argc; - char * const argv[]; +mount_ufs(int argc, char * const argv[]) { struct ufs_args args; int ch, mntflags; Index: sbin/mount/vfslist.c =================================================================== RCS file: /home/src/dcvs/src/sbin/mount/vfslist.c,v retrieving revision 1.2 diff -u -3 -p -r1.2 vfslist.c --- sbin/mount/vfslist.c 17 Jun 2003 04:27:33 -0000 1.2 +++ sbin/mount/vfslist.c 25 Sep 2003 11:24:27 -0000 @@ -44,9 +44,7 @@ static int skipvfs; int -checkvfsname(vfsname, vfslist) - const char *vfsname; - const char **vfslist; +checkvfsname(const char *vfsname, const char **vfslist) { if (vfslist == NULL) @@ -60,8 +58,7 @@ checkvfsname(vfsname, vfslist) } const char ** -makevfslist(fslist) - char *fslist; +makevfslist(char *fslist) { const char **av; int i; Index: sbin/mount_cd9660/mount_cd9660.c =================================================================== RCS file: /home/src/dcvs/src/sbin/mount_cd9660/mount_cd9660.c,v retrieving revision 1.3 diff -u -3 -p -r1.3 mount_cd9660.c --- sbin/mount_cd9660/mount_cd9660.c 8 Aug 2003 04:18:39 -0000 1.3 +++ sbin/mount_cd9660/mount_cd9660.c 25 Sep 2003 12:19:18 -0000 @@ -62,6 +62,7 @@ struct mntopt mopts[] = { MOPT_STDOPTS, MOPT_UPDATE, + MOPT_USER, { "extatt", 0, ISOFSMNT_EXTATT, 1 }, { "gens", 0, ISOFSMNT_GENS, 1 }, { "rrip", 1, ISOFSMNT_NORRIP, 1 }, Index: sbin/mount_msdos/mount_msdos.c =================================================================== RCS file: /home/src/dcvs/src/sbin/mount_msdos/mount_msdos.c,v retrieving revision 1.3 diff -u -3 -p -r1.3 mount_msdos.c --- sbin/mount_msdos/mount_msdos.c 8 Aug 2003 04:18:39 -0000 1.3 +++ sbin/mount_msdos/mount_msdos.c 25 Sep 2003 12:58:21 -0000 @@ -63,6 +63,7 @@ static struct mntopt mopts[] = { MOPT_FORCE, MOPT_SYNC, MOPT_UPDATE, + MOPT_USER, #ifdef MSDOSFSMNT_GEMDOSFS { "gemdosfs", 0, MSDOSFSMNT_GEMDOSFS, 1 }, #endif Index: sys/kern/vfs_syscalls.c =================================================================== RCS file: /home/src/dcvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.17 diff -u -3 -p -r1.17 vfs_syscalls.c --- sys/kern/vfs_syscalls.c 23 Sep 2003 05:03:51 -0000 1.17 +++ sys/kern/vfs_syscalls.c 24 Sep 2003 11:11:00 -0000 @@ -280,7 +280,16 @@ mount(struct mount_args *uap) mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK; strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); mp->mnt_vnodecovered = vp; + +#ifndef NO_MOPT_USER + /* set the real-uid if MNT_USER is set, euid otherwise */ + if ( SCARG(uap, flags) & MNT_USER ) + mp->mnt_stat.f_owner = p->p_ucred->cr_ruid; + else + mp->mnt_stat.f_owner = p->p_ucred->cr_uid; +#else mp->mnt_stat.f_owner = p->p_ucred->cr_uid; +#endif mp->mnt_iosize_max = DFLTPHYS; VOP_UNLOCK(vp, 0, td); update:
Attachment:
usermount.tar.gz
Description: GNU Zip compressed data