diff options
author | Gordon Ross <gwr@nexenta.com> | 2019-08-24 14:16:06 -0400 |
---|---|---|
committer | Gordon Ross <gwr@nexenta.com> | 2019-08-27 15:49:40 -0400 |
commit | 0463c8009260e445fd1885cfaf98e04a586d495b (patch) | |
tree | 7d111c1498e5edada5df8b7f30f053221548f9e5 /usr/src | |
parent | efe44a0312f417787c2d6992582ad06b1b98cd8d (diff) | |
download | illumos-joyent-0463c8009260e445fd1885cfaf98e04a586d495b.tar.gz |
11618 Use exec_attr instead of suid for smbfs mount and unmount
Reviewed by: Jason King <jason.king@joyent.com>
Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
Approved by: Garrett D'Amore <garrett@damore.org>
Diffstat (limited to 'usr/src')
-rw-r--r-- | usr/src/cmd/fs.d/mount.c | 19 | ||||
-rw-r--r-- | usr/src/cmd/fs.d/smbclnt/mount/Makefile | 4 | ||||
-rw-r--r-- | usr/src/cmd/fs.d/smbclnt/mount/mount.c | 23 | ||||
-rw-r--r-- | usr/src/cmd/fs.d/smbclnt/svc/Makefile | 13 | ||||
-rw-r--r-- | usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs | 2 | ||||
-rw-r--r-- | usr/src/cmd/fs.d/smbclnt/umount/Makefile | 6 | ||||
-rw-r--r-- | usr/src/cmd/fs.d/smbclnt/umount/umount.c | 32 | ||||
-rw-r--r-- | usr/src/cmd/fs.d/umount.c | 37 | ||||
-rw-r--r-- | usr/src/pkg/manifests/system-file-system-smb.mf | 8 | ||||
-rwxr-xr-x | usr/src/tools/quick/make-smbclnt | 1 |
10 files changed, 98 insertions, 47 deletions
diff --git a/usr/src/cmd/fs.d/mount.c b/usr/src/cmd/fs.d/mount.c index 3fdb498f2c..8c8d7034fe 100644 --- a/usr/src/cmd/fs.d/mount.c +++ b/usr/src/cmd/fs.d/mount.c @@ -18,11 +18,6 @@ * * CDDL HEADER END */ - -/* - * Copyright 2015 Nexenta Systems, Inc. All rights reserved. - */ - /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ /* All Rights Reserved */ @@ -30,6 +25,8 @@ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * + * Copyright 2019 Nexenta by DDN, Inc. All rights reserved. */ #include <stdio.h> @@ -55,6 +52,7 @@ #include <stropts.h> #include <sys/conf.h> #include <locale.h> +#include <priv.h> #include "fslib.h" #define VFS_PATH "/usr/lib/fs" @@ -822,6 +820,17 @@ doexec(char *fstype, char *newargv[]) } /* + * Some file system types need pfexec. + */ + if (strcmp(fstype, "smbfs") == 0 && + setpflags(PRIV_PFEXEC, 1) != 0) { + (void) fprintf(stderr, + gettext("mount: unable to set PFEXEC flag: %s\n"), + strerror(errno)); + exit(1); + } + + /* * Try to exec the fstype dependent portion of the mount. * See if the directory is there before trying to exec dependent * portion. This is only useful for eliminating the diff --git a/usr/src/cmd/fs.d/smbclnt/mount/Makefile b/usr/src/cmd/fs.d/smbclnt/mount/Makefile index 20435bcf08..0820b4f618 100644 --- a/usr/src/cmd/fs.d/smbclnt/mount/Makefile +++ b/usr/src/cmd/fs.d/smbclnt/mount/Makefile @@ -22,6 +22,8 @@ # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # +# Copyright 2019 Nexenta by DDN, Inc. All rights reserved. +# # # cmd/fs.d/smbclnt/mount/Makefile @@ -38,7 +40,7 @@ SRCS= $(LIBPROG).c POFILE= $(LIBPROG).po CLOBBERFILES += $(LIBPROG) -$(ROOTLIBFSTYPE)/mount := FILEMODE= 04555 +$(ROOTLIBFSTYPE)/mount := FILEMODE= 0555 CFLAGS += $(CCVERBOSE) CERRWARN += -_gcc=-Wno-parentheses diff --git a/usr/src/cmd/fs.d/smbclnt/mount/mount.c b/usr/src/cmd/fs.d/smbclnt/mount/mount.c index d8a5a9853e..fbb71373ae 100644 --- a/usr/src/cmd/fs.d/smbclnt/mount/mount.c +++ b/usr/src/cmd/fs.d/smbclnt/mount/mount.c @@ -36,7 +36,7 @@ * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * - * Copyright 2012 Nexenta Systems, Inc. All rights reserved. + * Copyright 2019 Nexenta by DDN, Inc. All rights reserved. */ #include <stdio.h> @@ -80,9 +80,9 @@ const char * const optlist[] = { MNTOPT_RO, #define OPT_RW 1 MNTOPT_RW, -#define OPT_SUID 2 +#define OPT_SUID 2 MNTOPT_SUID, -#define OPT_NOSUID 3 +#define OPT_NOSUID 3 MNTOPT_NOSUID, #define OPT_DEVICES 4 MNTOPT_DEVICES, @@ -182,16 +182,25 @@ main(int argc, char *argv[]) /* * Normal users are allowed to run "mount -F smbfs ..." * to mount on a directory they own. To allow that, this - * program is installed setuid root, and it adds SYS_MOUNT - * privilege here (if needed), and then restores the user's - * normal privileges. When root runs this, it's a no-op. + * program has an exec_attr that adds SYS_MOUNT priv. + * + * The __init_suid_priv call was designed for SUID programs, + * but also works for privileges granted via exec_attr with + * one difference: the added privileges are already effective + * when the program starts, and remain effective after the call. + * To make this work more like the SUID case we'll turn off the + * additional privileges with a __priv_bracket() call here. + * Later calls to __priv_bracket() make the extra privileges + * effective only when we need them. */ if (__init_suid_priv(0, PRIV_SYS_MOUNT, (char *)NULL) < 0) { (void) fprintf(stderr, gettext("Insufficient privileges, " - "%s must be set-uid root\n"), argv[0]); + "%s should have sys_mount privilege via exec_attr\n"), + argv[0]); exit(RET_ERR); } + (void) __priv_bracket(PRIV_OFF); if (argc == 2) { if (strcmp(argv[1], "-h") == 0) { diff --git a/usr/src/cmd/fs.d/smbclnt/svc/Makefile b/usr/src/cmd/fs.d/smbclnt/svc/Makefile index 4a63cc9793..856e6f5b8e 100644 --- a/usr/src/cmd/fs.d/smbclnt/svc/Makefile +++ b/usr/src/cmd/fs.d/smbclnt/svc/Makefile @@ -22,7 +22,7 @@ # Copyright 2008 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -# ident "%Z%%M% %I% %E% SMI" +# Copyright 2019 Nexenta by DDN, Inc. All rights reserved. # MANIFEST= client.xml @@ -30,11 +30,20 @@ SVCMETHOD= smb-client include $(SRC)/cmd/Makefile.cmd +ETCSECURITYFILES = exec_attr.d/SUNWsmbfs +ROOTETCSECURITY = $(ROOT)/etc/security +$(ROOTETCSECURITY) := DIRMODE = 0755 +ROOTETCSECURITYFILES = $(ETCSECURITYFILES:%=$(ROOTETCSECURITY)/%) +$(ROOTETCSECURITYFILES) := FILEMODE = 0644 + ROOTMANIFESTDIR= $(ROOTSVCNETWORKSMB) all lint: -install: $(ROOTMANIFEST) $(ROOTSVCMETHOD) +install: $(ROOTMANIFEST) $(ROOTSVCMETHOD) $(ROOTETCSECURITYFILES) + +$(ROOTETCSECURITY)/exec_attr.d/%:% + $(INS.file) clean: diff --git a/usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs b/usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs new file mode 100644 index 0000000000..6f673c2fcb --- /dev/null +++ b/usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs @@ -0,0 +1,2 @@ +Basic Solaris User:solaris:cmd:::/usr/lib/fs/smbfs/mount:privs=sys_mount +Basic Solaris User:solaris:cmd:::/usr/lib/fs/smbfs/umount:privs=sys_mount diff --git a/usr/src/cmd/fs.d/smbclnt/umount/Makefile b/usr/src/cmd/fs.d/smbclnt/umount/Makefile index 09a11ce9fb..620384780e 100644 --- a/usr/src/cmd/fs.d/smbclnt/umount/Makefile +++ b/usr/src/cmd/fs.d/smbclnt/umount/Makefile @@ -22,6 +22,8 @@ # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # +# Copyright 2019 Nexenta by DDN, Inc. All rights reserved. +# # # cmd/fs.d/smbclnt/umount/Makefile @@ -37,7 +39,7 @@ COMMON= $(FSLIB) OBJS= $(LIBPROG).o $(COMMON) SRCS= $(LIBPROG).c $(FSLIBSRC) -$(ROOTLIBFSTYPE)/umount := FILEMODE= 04555 +$(ROOTLIBFSTYPE)/umount := FILEMODE= 0555 CPPFLAGS += -I../.. -I../lib CFLAGS += $(CCVERBOSE) @@ -61,5 +63,5 @@ $(LIBPROG): $(OBJS) lint: lint_SRCS -clean: +clean: $(RM) $(LIBPROG).o diff --git a/usr/src/cmd/fs.d/smbclnt/umount/umount.c b/usr/src/cmd/fs.d/smbclnt/umount/umount.c index 412557e567..a4e14b75f2 100644 --- a/usr/src/cmd/fs.d/smbclnt/umount/umount.c +++ b/usr/src/cmd/fs.d/smbclnt/umount/umount.c @@ -25,6 +25,7 @@ /* * Copyright (c) 2018, Joyent, Inc. + * Copyright 2019 Nexenta by DDN, Inc. All rights reserved. */ /* @@ -55,9 +56,6 @@ static void usage(); static int smbfs_unmount(char *, int); static struct extmnttab *mnttab_find(); -static char *myname; -static char typename[64]; - int main(int argc, char *argv[]) { @@ -74,21 +72,26 @@ main(int argc, char *argv[]) /* * Normal users are allowed to umount smbfs mounts they own. - * To allow that, this program is installed setuid root, and - * it adds SYS_MOUNT privilege here (if needed), and then - * restores the user's normal privileges. + * To allow that, this program has an exec_attr that adds + * SYS_MOUNT privilege. + * + * The __init_suid_priv call was designed for SUID programs, + * but also works for privileges granted via exec_attr with + * one difference: the added privileges are already effective + * when the program starts, and remain effective after the call. + * To make this work more like the SUID case we'll turn off the + * additional privileges with a __priv_bracket() call here. + * Later calls to __priv_bracket() make the extra privileges + * effective only when we need them. */ if (__init_suid_priv(0, PRIV_SYS_MOUNT, (char *)NULL) < 0) { (void) fprintf(stderr, gettext("Insufficient privileges, " - "%s must be set-uid root\n"), argv[0]); + "%s should have sys_mount privilege via exec_attr\n"), + argv[0]); exit(RET_ERR); } - - myname = strrchr(argv[0], '/'); - myname = myname ? myname+1 : argv[0]; - (void) sprintf(typename, "smbfs %s", myname); - argv[0] = typename; + (void) __priv_bracket(PRIV_OFF); /* * Set options @@ -117,7 +120,7 @@ pr_err(const char *fmt, ...) va_list ap; va_start(ap, fmt); - (void) fprintf(stderr, "%s: ", typename); + (void) fprintf(stderr, "smbfs/umount: "); (void) vfprintf(stderr, fmt, ap); (void) fflush(stderr); va_end(ap); @@ -162,8 +165,7 @@ smbfs_unmount(char *pathname, int umnt_flag) * Return the last entry in the file that matches. */ static struct extmnttab * -mnttab_find(dirname) - char *dirname; +mnttab_find(char *dirname) { FILE *fp; struct extmnttab mnt; diff --git a/usr/src/cmd/fs.d/umount.c b/usr/src/cmd/fs.d/umount.c index a50665c9a0..e892d60728 100644 --- a/usr/src/cmd/fs.d/umount.c +++ b/usr/src/cmd/fs.d/umount.c @@ -21,11 +21,12 @@ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. - * Copyright 2015 Nexenta Systems, Inc. All rights reserved. + * + * Copyright 2019 Nexenta by DDN, Inc. All rights reserved. */ /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ -/* All Rights Reserved */ +/* All Rights Reserved */ #include <stdio.h> @@ -47,6 +48,7 @@ #include <sys/mntent.h> #include <sys/ctfs.h> #include <locale.h> +#include <priv.h> #include <stdarg.h> #include <sys/mount.h> #include <sys/objfs.h> @@ -138,15 +140,15 @@ static void cleanup(int); static mountent_t **make_mntarray(char **, int); static mountent_t *getmntall(); -static mountent_t *new_mountent(struct mnttab *); +static mountent_t *new_mountent(struct mnttab *); static mountent_t *getmntlast(mountent_t *, char *, char *); int main(int argc, char **argv) { - int cc; + int cc; struct mnttab mget; - char *mname, *is_special; + char *mname, *is_special; int fscnt; mountent_t *mp; @@ -329,7 +331,7 @@ main(int argc, char **argv) void doexec(struct mnttab *ment) { - int ret; + int ret; #ifdef DEBUG if (dflg) @@ -342,7 +344,7 @@ doexec(struct mnttab *ment) char full_path[FULLPATH_MAX]; char alter_path[FULLPATH_MAX]; char *newargv[ARGV_MAX]; - int ii; + int ii; if (strlen(ment->mnt_fstype) > (size_t)FSTYPE_MAX) { fprintf(stderr, gettext( @@ -388,6 +390,17 @@ doexec(struct mnttab *ment) exit(0); } + /* + * Some file system types need pfexec. + */ + if (strcmp(ment->mnt_fstype, "smbfs") == 0 && + setpflags(PRIV_PFEXEC, 1) != 0) { + (void) fprintf(stderr, + gettext("umount: unable to set PFEXEC flag: %s\n"), + strerror(errno)); + /* Keep going as best we can */ + } + /* Try to exec the fstype dependent umount. */ execv(full_path, &newargv[1]); if (errno == ENOEXEC) { @@ -559,8 +572,8 @@ getmntlast(mountent_t *mlist, char *specp, char *mntp) int parumount(char **mntlist, int count) { - int maxfd = OPEN_MAX; - struct rlimit rl; + int maxfd = OPEN_MAX; + struct rlimit rl; mountent_t **mntarray, **ml, *mp; /* @@ -648,8 +661,8 @@ parumount(char **mntlist, int count) mountent_t ** make_mntarray(char **mntlist, int count) { - mountent_t *mp, **mpp; - int ndx; + mountent_t *mp, **mpp; + int ndx; char *cp; if (count > 0) @@ -867,7 +880,7 @@ int dowait(void) { int wstat, child, ret; - mountent_t *mp, *prevp; + mountent_t *mp, *prevp; if ((child = wait(&wstat)) == -1) return (-1); diff --git a/usr/src/pkg/manifests/system-file-system-smb.mf b/usr/src/pkg/manifests/system-file-system-smb.mf index b5ff30e5ad..a5af1de4d3 100644 --- a/usr/src/pkg/manifests/system-file-system-smb.mf +++ b/usr/src/pkg/manifests/system-file-system-smb.mf @@ -21,7 +21,7 @@ # # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. -# Copyright 2012 Nexenta Systems, Inc. All rights reserved. +# Copyright 2019 Nexenta by DDN, Inc. All rights reserved. # set name=pkg.fmri value=pkg:/system/file-system/smb@$(PKGVERS) @@ -63,6 +63,8 @@ dir path=usr/share/man/man4 dir path=usr/share/man/man5 dir path=usr/share/man/man7fs driver name=nsmb perms="* 0666 root sys" +file path=etc/security/exec_attr.d/SUNWsmbfs mode=0644 \ + restart_fmri=svc:/system/rbac:default file path=lib/svc/manifest/network/smb/client.xml group=sys mode=0444 file path=lib/svc/method/smb-client mode=0555 file path=usr/bin/smbutil mode=0555 @@ -75,9 +77,9 @@ file path=usr/lib/$(ARCH64)/libsmbfs.so.1 file path=usr/lib/fs/smbfs/$(ARCH64)/libshare_smbfs.so.1 file path=usr/lib/fs/smbfs/dfshares mode=0555 file path=usr/lib/fs/smbfs/libshare_smbfs.so.1 -file path=usr/lib/fs/smbfs/mount mode=4555 +file path=usr/lib/fs/smbfs/mount mode=0555 file path=usr/lib/fs/smbfs/share mode=0555 -file path=usr/lib/fs/smbfs/umount mode=4555 +file path=usr/lib/fs/smbfs/umount mode=0555 file path=usr/lib/fs/smbfs/unshare mode=0555 file path=usr/lib/libmlrpc.so.2 file path=usr/lib/libsmbfs.so.1 diff --git a/usr/src/tools/quick/make-smbclnt b/usr/src/tools/quick/make-smbclnt index e8c6bfeabc..1c5b1fb6ff 100755 --- a/usr/src/tools/quick/make-smbclnt +++ b/usr/src/tools/quick/make-smbclnt @@ -239,6 +239,7 @@ do_tags() { do_tar() { git_rev=`git rev-parse --short=8 HEAD` files=" +etc/security/exec_attr.d/SUNWsmbfs lib/svc/manifest/network/smb/client.xml lib/svc/method/smb-client usr/bin/smbutil |