HardenedBSD/sbin/mount_ifs/mount.c
Julian Elischer 52bf64c787 Reviewed by: hackers@freebsd.org in general
Obtained from: Whistle Communications tree

Add an option to the way UFS works dependent on the SUID bit of directories
This changes makes things a whole lot simpler on systems running as
fileservers for PCs and MACS. to enable the new code you must
1/ enable option SUIDDIR on the kernel.
2/ mount the filesystem with option suiddir.
hopefully this makes it difficult enough for people to
do this accidentally.
see the new chmod(2) man page for detailed info.
1997-11-13 00:28:51 +00:00

615 lines
14 KiB
C

/*-
* Copyright (c) 1980, 1989, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static const char copyright[] =
"@(#) Copyright (c) 1980, 1989, 1993, 1994\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
#if 0
static char sccsid[] = "@(#)mount.c 8.25 (Berkeley) 5/8/95";
#else
static const char rcsid[] =
"$Id: mount.c,v 1.20 1997/09/27 13:44:17 kato Exp $";
#endif
#endif /* not lint */
#include <sys/param.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <err.h>
#include <errno.h>
#include <fstab.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "extern.h"
#include "pathnames.h"
int debug, fstab_style, verbose;
char *catopt __P((char *, const char *));
struct statfs
*getmntpt __P((const char *));
int hasopt __P((const char *, const char *));
int ismounted __P((struct fstab *, struct statfs *, int));
int isremountable __P((const char *));
void mangle __P((char *, int *, const char **));
int mountfs __P((const char *, const char *, const char *,
int, const char *, const char *));
void prmount __P((struct statfs *));
void putfsent __P((const struct statfs *));
void usage __P((void));
/* Map from mount otions to printable formats. */
static struct opt {
int o_opt;
const char *o_name;
} optnames[] = {
{ MNT_ASYNC, "asynchronous" },
{ MNT_EXPORTED, "NFS exported" },
{ MNT_LOCAL, "local" },
{ MNT_NOATIME, "noatime" },
{ MNT_NODEV, "nodev" },
{ MNT_NOEXEC, "noexec" },
{ MNT_NOSUID, "nosuid" },
{ MNT_QUOTA, "with quotas" },
{ MNT_RDONLY, "read-only" },
{ MNT_SYNCHRONOUS, "synchronous" },
{ MNT_UNION, "union" },
{ MNT_NOCLUSTERR, "noclusterr" },
{ MNT_NOCLUSTERW, "noclusterw" },
{ MNT_SUIDDIR, "suiddir" },
{ NULL }
};
/*
* List of VFS types that can be remounted without becoming mounted on top
* of each other.
* XXX Is this list correct?
*/
static const char *
remountable_fs_names[] = {
"ufs", "ffs", "lfs", "ext2fs",
0
};
int
main(argc, argv)
int argc;
char * const argv[];
{
const char *mntfromname, **vfslist, *vfstype;
struct fstab *fs;
struct statfs *mntbuf;
FILE *mountdfp;
pid_t pid;
int all, ch, i, init_flags, mntsize, rval;
char *options;
all = init_flags = 0;
options = NULL;
vfslist = NULL;
vfstype = "ufs";
while ((ch = getopt(argc, argv, "adfo:prwt:uv")) != -1)
switch (ch) {
case 'a':
all = 1;
break;
case 'd':
debug = 1;
break;
case 'f':
init_flags |= MNT_FORCE;
break;
case 'o':
if (*optarg)
options = catopt(options, optarg);
break;
case 'p':
fstab_style = 1;
verbose = 1;
break;
case 'r':
init_flags |= MNT_RDONLY;
break;
case 't':
if (vfslist != NULL)
errx(1, "only one -t option may be specified.");
vfslist = makevfslist(optarg);
vfstype = optarg;
break;
case 'u':
init_flags |= MNT_UPDATE;
break;
case 'v':
verbose = 1;
break;
case 'w':
init_flags &= ~MNT_RDONLY;
break;
case '?':
default:
usage();
/* NOTREACHED */
}
argc -= optind;
argv += optind;
#define BADTYPE(type) \
(strcmp(type, FSTAB_RO) && \
strcmp(type, FSTAB_RW) && strcmp(type, FSTAB_RQ))
rval = 0;
switch (argc) {
case 0:
if ((mntsize = getmntinfo(&mntbuf, MNT_NOWAIT)) == 0)
err(1, "getmntinfo");
if (all) {
while ((fs = getfsent()) != NULL) {
if (BADTYPE(fs->fs_type))
continue;
if (checkvfsname(fs->fs_vfstype, vfslist))
continue;
if (hasopt(fs->fs_mntops, "noauto"))
continue;
if (ismounted(fs, mntbuf, mntsize))
continue;
if (mountfs(fs->fs_vfstype, fs->fs_spec,
fs->fs_file, init_flags, options,
fs->fs_mntops))
rval = 1;
}
} else if (fstab_style) {
for (i = 0; i < mntsize; i++) {
if (checkvfsname(mntbuf[i].f_fstypename, vfslist))
continue;
putfsent(&mntbuf[i]);
}
} else {
for (i = 0; i < mntsize; i++) {
if (checkvfsname(mntbuf[i].f_fstypename,
vfslist))
continue;
prmount(&mntbuf[i]);
}
}
exit(rval);
case 1:
if (vfslist != NULL)
usage();
if (init_flags & MNT_UPDATE) {
if ((mntbuf = getmntpt(*argv)) == NULL)
errx(1,
"unknown special file or file system %s.",
*argv);
if ((fs = getfsfile(mntbuf->f_mntonname)) != NULL)
mntfromname = fs->fs_spec;
else
mntfromname = mntbuf->f_mntfromname;
rval = mountfs(mntbuf->f_fstypename, mntfromname,
mntbuf->f_mntonname, init_flags, options, 0);
break;
}
if ((fs = getfsfile(*argv)) == NULL &&
(fs = getfsspec(*argv)) == NULL)
errx(1, "%s: unknown special file or file system.",
*argv);
if (BADTYPE(fs->fs_type))
errx(1, "%s has unknown file system type.",
*argv);
rval = mountfs(fs->fs_vfstype, fs->fs_spec, fs->fs_file,
init_flags, options, fs->fs_mntops);
break;
case 2:
/*
* If -t flag has not been specified, and spec contains either
* a ':' or a '@' then assume that an NFS filesystem is being
* specified ala Sun.
*/
if (vfslist == NULL && strpbrk(argv[0], ":@") != NULL)
vfstype = "nfs";
rval = mountfs(vfstype,
argv[0], argv[1], init_flags, options, NULL);
break;
default:
usage();
/* NOTREACHED */
}
/*
* If the mount was successfully, and done by root, tell mountd the
* good news. Pid checks are probably unnecessary, but don't hurt.
*/
if (rval == 0 && getuid() == 0 &&
(mountdfp = fopen(_PATH_MOUNTDPID, "r")) != NULL) {
if (fscanf(mountdfp, "%d", &pid) == 1 &&
pid > 0 && kill(pid, SIGHUP) == -1 && errno != ESRCH)
err(1, "signal mountd");
(void)fclose(mountdfp);
}
exit(rval);
}
int
ismounted(fs, mntbuf, mntsize)
struct fstab *fs;
struct statfs *mntbuf;
int mntsize;
{
int i;
if (fs->fs_file[0] == '/' && fs->fs_file[1] == '\0')
/* the root file system can always be remounted */
return (0);
for (i = mntsize - 1; i >= 0; --i)
if (strcmp(fs->fs_file, mntbuf[i].f_mntonname) == 0 &&
(!isremountable(fs->fs_vfstype) ||
strcmp(fs->fs_spec, mntbuf[i].f_mntfromname) == 0))
return (1);
return (0);
}
int
isremountable(vfsname)
const char *vfsname;
{
const char **cp;
for (cp = remountable_fs_names; *cp; cp++)
if (strcmp(*cp, vfsname) == 0)
return (1);
return (0);
}
int
hasopt(mntopts, option)
const char *mntopts, *option;
{
int negative, found;
char *opt, *optbuf;
if (option[0] == 'n' && option[1] == 'o') {
negative = 1;
option += 2;
} else
negative = 0;
optbuf = strdup(mntopts);
found = 0;
for (opt = optbuf; (opt = strtok(opt, ",")) != NULL; opt = NULL) {
if (opt[0] == 'n' && opt[1] == 'o') {
if (!strcasecmp(opt + 2, option))
found = negative;
} else if (!strcasecmp(opt, option))
found = !negative;
}
free(optbuf);
return (found);
}
int
mountfs(vfstype, spec, name, flags, options, mntopts)
const char *vfstype, *spec, *name, *options, *mntopts;
int flags;
{
/* List of directories containing mount_xxx subcommands. */
static const char *edirs[] = {
_PATH_SBIN,
_PATH_USRSBIN,
NULL
};
const char *argv[100], **edir;
struct stat sb;
struct statfs sf;
pid_t pid;
int argc, i, status;
char *optbuf, execname[MAXPATHLEN + 1], mntpath[MAXPATHLEN];
#if __GNUC__
(void)&optbuf;
(void)&name;
#endif
if (realpath(name, mntpath) != NULL && stat(mntpath, &sb) == 0) {
if (!S_ISDIR(sb.st_mode)) {
warnx("%s: Not a directory", mntpath);
return (1);
}
} else {
warn("%s", mntpath);
return (1);
}
name = mntpath;
if (mntopts == NULL)
mntopts = "";
if (options == NULL) {
if (*mntopts == '\0') {
options = "rw";
} else {
options = mntopts;
mntopts = "";
}
}
optbuf = catopt(strdup(mntopts), options);
if (strcmp(name, "/") == 0)
flags |= MNT_UPDATE;
if (flags & MNT_FORCE)
optbuf = catopt(optbuf, "force");
if (flags & MNT_RDONLY)
optbuf = catopt(optbuf, "ro");
/*
* XXX
* The mount_mfs (newfs) command uses -o to select the
* optimisation mode. We don't pass the default "-o rw"
* for that reason.
*/
if (flags & MNT_UPDATE)
optbuf = catopt(optbuf, "update");
argc = 0;
argv[argc++] = vfstype;
mangle(optbuf, &argc, argv);
argv[argc++] = spec;
argv[argc++] = name;
argv[argc] = NULL;
if (debug) {
(void)printf("exec: mount_%s", vfstype);
for (i = 1; i < argc; i++)
(void)printf(" %s", argv[i]);
(void)printf("\n");
return (0);
}
switch (pid = fork()) {
case -1: /* Error. */
warn("fork");
free(optbuf);
return (1);
case 0: /* Child. */
if (strcmp(vfstype, "ufs") == 0)
exit(mount_ufs(argc, (char * const *) argv));
/* Go find an executable. */
for (edir = edirs; *edir; edir++) {
(void)snprintf(execname,
sizeof(execname), "%s/mount_%s", *edir, vfstype);
execv(execname, (char * const *)argv);
}
if (errno == ENOENT) {
int len = 0;
char *cp;
for (edir = edirs; *edir; edir++)
len += strlen(*edir) + 2; /* ", " */
if ((cp = malloc(len)) == NULL) {
warn(NULL);
exit(1);
}
cp[0] = '\0';
for (edir = edirs; *edir; edir++) {
strcat(cp, *edir);
if (edir[1] != NULL)
strcat(cp, ", ");
}
warn("exec mount_%s not found in %s", vfstype, cp);
}
exit(1);
/* NOTREACHED */
default: /* Parent. */
free(optbuf);
if (waitpid(pid, &status, 0) < 0) {
warn("waitpid");
return (1);
}
if (WIFEXITED(status)) {
if (WEXITSTATUS(status) != 0)
return (WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
warnx("%s: %s", name, sys_siglist[WTERMSIG(status)]);
return (1);
}
if (verbose) {
if (statfs(name, &sf) < 0) {
warn("statfs %s", name);
return (1);
}
if (fstab_style)
putfsent(&sf);
else
prmount(&sf);
}
break;
}
return (0);
}
void
prmount(sfp)
struct statfs *sfp;
{
int flags;
struct opt *o;
struct passwd *pw;
int f;
(void)printf("%s on %s", sfp->f_mntfromname, sfp->f_mntonname);
flags = sfp->f_flags & MNT_VISFLAGMASK;
for (f = 0, o = optnames; flags && o->o_opt; o++)
if (flags & o->o_opt) {
(void)printf("%s%s", !f++ ? " (" : ", ", o->o_name);
flags &= ~o->o_opt;
}
if (sfp->f_owner) {
(void)printf("%smounted by ", !f++ ? " (" : ", ");
if ((pw = getpwuid(sfp->f_owner)) != NULL)
(void)printf("%s", pw->pw_name);
else
(void)printf("%d", sfp->f_owner);
}
(void)printf(f ? ")\n" : "\n");
}
struct statfs *
getmntpt(name)
const char *name;
{
struct statfs *mntbuf;
int i, mntsize;
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++)
if (strcmp(mntbuf[i].f_mntfromname, name) == 0 ||
strcmp(mntbuf[i].f_mntonname, name) == 0)
return (&mntbuf[i]);
return (NULL);
}
char *
catopt(s0, s1)
char *s0;
const char *s1;
{
size_t i;
char *cp;
if (s0 && *s0) {
i = strlen(s0) + strlen(s1) + 1 + 1;
if ((cp = malloc(i)) == NULL)
err(1, NULL);
(void)snprintf(cp, i, "%s,%s", s0, s1);
} else
cp = strdup(s1);
if (s0)
free(s0);
return (cp);
}
void
mangle(options, argcp, argv)
char *options;
int *argcp;
const char **argv;
{
char *p, *s;
int argc;
argc = *argcp;
for (s = options; (p = strsep(&s, ",")) != NULL;)
if (*p != '\0')
if (*p == '-') {
argv[argc++] = p;
p = strchr(p, '=');
if (p) {
*p = '\0';
argv[argc++] = p+1;
}
} else if (strcmp(p, "rw") != 0) {
argv[argc++] = "-o";
argv[argc++] = p;
}
*argcp = argc;
}
void
usage()
{
(void)fprintf(stderr,
"usage: mount %s %s\n mount %s\n mount %s\n",
"[-dfpruvw] [-o options] [-t ufs | external_type]",
"special node",
"[-adfpruvw] [-t ufs | external_type]",
"[-dfpruvw] special | node");
exit(1);
}
void
putfsent(ent)
const struct statfs *ent;
{
struct fstab *fst;
printf("%s\t%s\t%s %s", ent->f_mntfromname, ent->f_mntonname,
ent->f_fstypename, (ent->f_flags & MNT_RDONLY) ? "ro" : "rw");
/* XXX should use optnames[] - put shorter names in it. */
if (ent->f_flags & MNT_SYNCHRONOUS)
printf(",sync");
if (ent->f_flags & MNT_NOEXEC)
printf(",noexec");
if (ent->f_flags & MNT_NOSUID)
printf(",nosuid");
if (ent->f_flags & MNT_NODEV)
printf(",nodev");
if (ent->f_flags & MNT_UNION)
printf(",union");
if (ent->f_flags & MNT_ASYNC)
printf(",async");
if (ent->f_flags & MNT_NOATIME)
printf(",noatime");
if (ent->f_flags & MNT_NOCLUSTERR)
printf(",noclusterr");
if (ent->f_flags & MNT_NOCLUSTERW)
printf(",noclusterw");
if ((fst = getfsspec(ent->f_mntfromname)))
printf("\t%u %u\n", fst->fs_freq, fst->fs_passno);
else if ((fst = getfsfile(ent->f_mntonname)))
printf("\t%u %u\n", fst->fs_freq, fst->fs_passno);
else if (ent->f_type == MOUNT_UFS)
printf("\t1 1\n");
else
printf("\t0 0\n");
}