summaryrefslogtreecommitdiff
path: root/usr/src
diff options
context:
space:
mode:
authorGordon Ross <gwr@nexenta.com>2019-08-24 14:16:06 -0400
committerGordon Ross <gwr@nexenta.com>2019-08-27 15:49:40 -0400
commit0463c8009260e445fd1885cfaf98e04a586d495b (patch)
tree7d111c1498e5edada5df8b7f30f053221548f9e5 /usr/src
parentefe44a0312f417787c2d6992582ad06b1b98cd8d (diff)
downloadillumos-joyent-0463c8009260e445fd1885cfaf98e04a586d495b.tar.gz
11618 Use exec_attr instead of suid for smbfs mount and unmount
Reviewed by: Jason King <jason.king@joyent.com> Reviewed by: Joshua M. Clulow <josh@sysmgr.org> Approved by: Garrett D'Amore <garrett@damore.org>
Diffstat (limited to 'usr/src')
-rw-r--r--usr/src/cmd/fs.d/mount.c19
-rw-r--r--usr/src/cmd/fs.d/smbclnt/mount/Makefile4
-rw-r--r--usr/src/cmd/fs.d/smbclnt/mount/mount.c23
-rw-r--r--usr/src/cmd/fs.d/smbclnt/svc/Makefile13
-rw-r--r--usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs2
-rw-r--r--usr/src/cmd/fs.d/smbclnt/umount/Makefile6
-rw-r--r--usr/src/cmd/fs.d/smbclnt/umount/umount.c32
-rw-r--r--usr/src/cmd/fs.d/umount.c37
-rw-r--r--usr/src/pkg/manifests/system-file-system-smb.mf8
-rwxr-xr-xusr/src/tools/quick/make-smbclnt1
10 files changed, 98 insertions, 47 deletions
diff --git a/usr/src/cmd/fs.d/mount.c b/usr/src/cmd/fs.d/mount.c
index 3fdb498f2c..8c8d7034fe 100644
--- a/usr/src/cmd/fs.d/mount.c
+++ b/usr/src/cmd/fs.d/mount.c
@@ -18,11 +18,6 @@
*
* CDDL HEADER END
*/
-
-/*
- * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
- */
-
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
@@ -30,6 +25,8 @@
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
+ *
+ * Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
*/
#include <stdio.h>
@@ -55,6 +52,7 @@
#include <stropts.h>
#include <sys/conf.h>
#include <locale.h>
+#include <priv.h>
#include "fslib.h"
#define VFS_PATH "/usr/lib/fs"
@@ -822,6 +820,17 @@ doexec(char *fstype, char *newargv[])
}
/*
+ * Some file system types need pfexec.
+ */
+ if (strcmp(fstype, "smbfs") == 0 &&
+ setpflags(PRIV_PFEXEC, 1) != 0) {
+ (void) fprintf(stderr,
+ gettext("mount: unable to set PFEXEC flag: %s\n"),
+ strerror(errno));
+ exit(1);
+ }
+
+ /*
* Try to exec the fstype dependent portion of the mount.
* See if the directory is there before trying to exec dependent
* portion. This is only useful for eliminating the
diff --git a/usr/src/cmd/fs.d/smbclnt/mount/Makefile b/usr/src/cmd/fs.d/smbclnt/mount/Makefile
index 20435bcf08..0820b4f618 100644
--- a/usr/src/cmd/fs.d/smbclnt/mount/Makefile
+++ b/usr/src/cmd/fs.d/smbclnt/mount/Makefile
@@ -22,6 +22,8 @@
# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
+# Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
+#
#
# cmd/fs.d/smbclnt/mount/Makefile
@@ -38,7 +40,7 @@ SRCS= $(LIBPROG).c
POFILE= $(LIBPROG).po
CLOBBERFILES += $(LIBPROG)
-$(ROOTLIBFSTYPE)/mount := FILEMODE= 04555
+$(ROOTLIBFSTYPE)/mount := FILEMODE= 0555
CFLAGS += $(CCVERBOSE)
CERRWARN += -_gcc=-Wno-parentheses
diff --git a/usr/src/cmd/fs.d/smbclnt/mount/mount.c b/usr/src/cmd/fs.d/smbclnt/mount/mount.c
index d8a5a9853e..fbb71373ae 100644
--- a/usr/src/cmd/fs.d/smbclnt/mount/mount.c
+++ b/usr/src/cmd/fs.d/smbclnt/mount/mount.c
@@ -36,7 +36,7 @@
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
- * Copyright 2012 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
*/
#include <stdio.h>
@@ -80,9 +80,9 @@ const char * const optlist[] = {
MNTOPT_RO,
#define OPT_RW 1
MNTOPT_RW,
-#define OPT_SUID 2
+#define OPT_SUID 2
MNTOPT_SUID,
-#define OPT_NOSUID 3
+#define OPT_NOSUID 3
MNTOPT_NOSUID,
#define OPT_DEVICES 4
MNTOPT_DEVICES,
@@ -182,16 +182,25 @@ main(int argc, char *argv[])
/*
* Normal users are allowed to run "mount -F smbfs ..."
* to mount on a directory they own. To allow that, this
- * program is installed setuid root, and it adds SYS_MOUNT
- * privilege here (if needed), and then restores the user's
- * normal privileges. When root runs this, it's a no-op.
+ * program has an exec_attr that adds SYS_MOUNT priv.
+ *
+ * The __init_suid_priv call was designed for SUID programs,
+ * but also works for privileges granted via exec_attr with
+ * one difference: the added privileges are already effective
+ * when the program starts, and remain effective after the call.
+ * To make this work more like the SUID case we'll turn off the
+ * additional privileges with a __priv_bracket() call here.
+ * Later calls to __priv_bracket() make the extra privileges
+ * effective only when we need them.
*/
if (__init_suid_priv(0, PRIV_SYS_MOUNT, (char *)NULL) < 0) {
(void) fprintf(stderr,
gettext("Insufficient privileges, "
- "%s must be set-uid root\n"), argv[0]);
+ "%s should have sys_mount privilege via exec_attr\n"),
+ argv[0]);
exit(RET_ERR);
}
+ (void) __priv_bracket(PRIV_OFF);
if (argc == 2) {
if (strcmp(argv[1], "-h") == 0) {
diff --git a/usr/src/cmd/fs.d/smbclnt/svc/Makefile b/usr/src/cmd/fs.d/smbclnt/svc/Makefile
index 4a63cc9793..856e6f5b8e 100644
--- a/usr/src/cmd/fs.d/smbclnt/svc/Makefile
+++ b/usr/src/cmd/fs.d/smbclnt/svc/Makefile
@@ -22,7 +22,7 @@
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
-# ident "%Z%%M% %I% %E% SMI"
+# Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
#
MANIFEST= client.xml
@@ -30,11 +30,20 @@ SVCMETHOD= smb-client
include $(SRC)/cmd/Makefile.cmd
+ETCSECURITYFILES = exec_attr.d/SUNWsmbfs
+ROOTETCSECURITY = $(ROOT)/etc/security
+$(ROOTETCSECURITY) := DIRMODE = 0755
+ROOTETCSECURITYFILES = $(ETCSECURITYFILES:%=$(ROOTETCSECURITY)/%)
+$(ROOTETCSECURITYFILES) := FILEMODE = 0644
+
ROOTMANIFESTDIR= $(ROOTSVCNETWORKSMB)
all lint:
-install: $(ROOTMANIFEST) $(ROOTSVCMETHOD)
+install: $(ROOTMANIFEST) $(ROOTSVCMETHOD) $(ROOTETCSECURITYFILES)
+
+$(ROOTETCSECURITY)/exec_attr.d/%:%
+ $(INS.file)
clean:
diff --git a/usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs b/usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs
new file mode 100644
index 0000000000..6f673c2fcb
--- /dev/null
+++ b/usr/src/cmd/fs.d/smbclnt/svc/SUNWsmbfs
@@ -0,0 +1,2 @@
+Basic Solaris User:solaris:cmd:::/usr/lib/fs/smbfs/mount:privs=sys_mount
+Basic Solaris User:solaris:cmd:::/usr/lib/fs/smbfs/umount:privs=sys_mount
diff --git a/usr/src/cmd/fs.d/smbclnt/umount/Makefile b/usr/src/cmd/fs.d/smbclnt/umount/Makefile
index 09a11ce9fb..620384780e 100644
--- a/usr/src/cmd/fs.d/smbclnt/umount/Makefile
+++ b/usr/src/cmd/fs.d/smbclnt/umount/Makefile
@@ -22,6 +22,8 @@
# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
+# Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
+#
#
# cmd/fs.d/smbclnt/umount/Makefile
@@ -37,7 +39,7 @@ COMMON= $(FSLIB)
OBJS= $(LIBPROG).o $(COMMON)
SRCS= $(LIBPROG).c $(FSLIBSRC)
-$(ROOTLIBFSTYPE)/umount := FILEMODE= 04555
+$(ROOTLIBFSTYPE)/umount := FILEMODE= 0555
CPPFLAGS += -I../.. -I../lib
CFLAGS += $(CCVERBOSE)
@@ -61,5 +63,5 @@ $(LIBPROG): $(OBJS)
lint: lint_SRCS
-clean:
+clean:
$(RM) $(LIBPROG).o
diff --git a/usr/src/cmd/fs.d/smbclnt/umount/umount.c b/usr/src/cmd/fs.d/smbclnt/umount/umount.c
index 412557e567..a4e14b75f2 100644
--- a/usr/src/cmd/fs.d/smbclnt/umount/umount.c
+++ b/usr/src/cmd/fs.d/smbclnt/umount/umount.c
@@ -25,6 +25,7 @@
/*
* Copyright (c) 2018, Joyent, Inc.
+ * Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
*/
/*
@@ -55,9 +56,6 @@ static void usage();
static int smbfs_unmount(char *, int);
static struct extmnttab *mnttab_find();
-static char *myname;
-static char typename[64];
-
int
main(int argc, char *argv[])
{
@@ -74,21 +72,26 @@ main(int argc, char *argv[])
/*
* Normal users are allowed to umount smbfs mounts they own.
- * To allow that, this program is installed setuid root, and
- * it adds SYS_MOUNT privilege here (if needed), and then
- * restores the user's normal privileges.
+ * To allow that, this program has an exec_attr that adds
+ * SYS_MOUNT privilege.
+ *
+ * The __init_suid_priv call was designed for SUID programs,
+ * but also works for privileges granted via exec_attr with
+ * one difference: the added privileges are already effective
+ * when the program starts, and remain effective after the call.
+ * To make this work more like the SUID case we'll turn off the
+ * additional privileges with a __priv_bracket() call here.
+ * Later calls to __priv_bracket() make the extra privileges
+ * effective only when we need them.
*/
if (__init_suid_priv(0, PRIV_SYS_MOUNT, (char *)NULL) < 0) {
(void) fprintf(stderr,
gettext("Insufficient privileges, "
- "%s must be set-uid root\n"), argv[0]);
+ "%s should have sys_mount privilege via exec_attr\n"),
+ argv[0]);
exit(RET_ERR);
}
-
- myname = strrchr(argv[0], '/');
- myname = myname ? myname+1 : argv[0];
- (void) sprintf(typename, "smbfs %s", myname);
- argv[0] = typename;
+ (void) __priv_bracket(PRIV_OFF);
/*
* Set options
@@ -117,7 +120,7 @@ pr_err(const char *fmt, ...)
va_list ap;
va_start(ap, fmt);
- (void) fprintf(stderr, "%s: ", typename);
+ (void) fprintf(stderr, "smbfs/umount: ");
(void) vfprintf(stderr, fmt, ap);
(void) fflush(stderr);
va_end(ap);
@@ -162,8 +165,7 @@ smbfs_unmount(char *pathname, int umnt_flag)
* Return the last entry in the file that matches.
*/
static struct extmnttab *
-mnttab_find(dirname)
- char *dirname;
+mnttab_find(char *dirname)
{
FILE *fp;
struct extmnttab mnt;
diff --git a/usr/src/cmd/fs.d/umount.c b/usr/src/cmd/fs.d/umount.c
index a50665c9a0..e892d60728 100644
--- a/usr/src/cmd/fs.d/umount.c
+++ b/usr/src/cmd/fs.d/umount.c
@@ -21,11 +21,12 @@
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
- * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+ *
+ * Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
*/
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
-/* All Rights Reserved */
+/* All Rights Reserved */
#include <stdio.h>
@@ -47,6 +48,7 @@
#include <sys/mntent.h>
#include <sys/ctfs.h>
#include <locale.h>
+#include <priv.h>
#include <stdarg.h>
#include <sys/mount.h>
#include <sys/objfs.h>
@@ -138,15 +140,15 @@ static void cleanup(int);
static mountent_t **make_mntarray(char **, int);
static mountent_t *getmntall();
-static mountent_t *new_mountent(struct mnttab *);
+static mountent_t *new_mountent(struct mnttab *);
static mountent_t *getmntlast(mountent_t *, char *, char *);
int
main(int argc, char **argv)
{
- int cc;
+ int cc;
struct mnttab mget;
- char *mname, *is_special;
+ char *mname, *is_special;
int fscnt;
mountent_t *mp;
@@ -329,7 +331,7 @@ main(int argc, char **argv)
void
doexec(struct mnttab *ment)
{
- int ret;
+ int ret;
#ifdef DEBUG
if (dflg)
@@ -342,7 +344,7 @@ doexec(struct mnttab *ment)
char full_path[FULLPATH_MAX];
char alter_path[FULLPATH_MAX];
char *newargv[ARGV_MAX];
- int ii;
+ int ii;
if (strlen(ment->mnt_fstype) > (size_t)FSTYPE_MAX) {
fprintf(stderr, gettext(
@@ -388,6 +390,17 @@ doexec(struct mnttab *ment)
exit(0);
}
+ /*
+ * Some file system types need pfexec.
+ */
+ if (strcmp(ment->mnt_fstype, "smbfs") == 0 &&
+ setpflags(PRIV_PFEXEC, 1) != 0) {
+ (void) fprintf(stderr,
+ gettext("umount: unable to set PFEXEC flag: %s\n"),
+ strerror(errno));
+ /* Keep going as best we can */
+ }
+
/* Try to exec the fstype dependent umount. */
execv(full_path, &newargv[1]);
if (errno == ENOEXEC) {
@@ -559,8 +572,8 @@ getmntlast(mountent_t *mlist, char *specp, char *mntp)
int
parumount(char **mntlist, int count)
{
- int maxfd = OPEN_MAX;
- struct rlimit rl;
+ int maxfd = OPEN_MAX;
+ struct rlimit rl;
mountent_t **mntarray, **ml, *mp;
/*
@@ -648,8 +661,8 @@ parumount(char **mntlist, int count)
mountent_t **
make_mntarray(char **mntlist, int count)
{
- mountent_t *mp, **mpp;
- int ndx;
+ mountent_t *mp, **mpp;
+ int ndx;
char *cp;
if (count > 0)
@@ -867,7 +880,7 @@ int
dowait(void)
{
int wstat, child, ret;
- mountent_t *mp, *prevp;
+ mountent_t *mp, *prevp;
if ((child = wait(&wstat)) == -1)
return (-1);
diff --git a/usr/src/pkg/manifests/system-file-system-smb.mf b/usr/src/pkg/manifests/system-file-system-smb.mf
index b5ff30e5ad..a5af1de4d3 100644
--- a/usr/src/pkg/manifests/system-file-system-smb.mf
+++ b/usr/src/pkg/manifests/system-file-system-smb.mf
@@ -21,7 +21,7 @@
#
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
-# Copyright 2012 Nexenta Systems, Inc. All rights reserved.
+# Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
#
set name=pkg.fmri value=pkg:/system/file-system/smb@$(PKGVERS)
@@ -63,6 +63,8 @@ dir path=usr/share/man/man4
dir path=usr/share/man/man5
dir path=usr/share/man/man7fs
driver name=nsmb perms="* 0666 root sys"
+file path=etc/security/exec_attr.d/SUNWsmbfs mode=0644 \
+ restart_fmri=svc:/system/rbac:default
file path=lib/svc/manifest/network/smb/client.xml group=sys mode=0444
file path=lib/svc/method/smb-client mode=0555
file path=usr/bin/smbutil mode=0555
@@ -75,9 +77,9 @@ file path=usr/lib/$(ARCH64)/libsmbfs.so.1
file path=usr/lib/fs/smbfs/$(ARCH64)/libshare_smbfs.so.1
file path=usr/lib/fs/smbfs/dfshares mode=0555
file path=usr/lib/fs/smbfs/libshare_smbfs.so.1
-file path=usr/lib/fs/smbfs/mount mode=4555
+file path=usr/lib/fs/smbfs/mount mode=0555
file path=usr/lib/fs/smbfs/share mode=0555
-file path=usr/lib/fs/smbfs/umount mode=4555
+file path=usr/lib/fs/smbfs/umount mode=0555
file path=usr/lib/fs/smbfs/unshare mode=0555
file path=usr/lib/libmlrpc.so.2
file path=usr/lib/libsmbfs.so.1
diff --git a/usr/src/tools/quick/make-smbclnt b/usr/src/tools/quick/make-smbclnt
index e8c6bfeabc..1c5b1fb6ff 100755
--- a/usr/src/tools/quick/make-smbclnt
+++ b/usr/src/tools/quick/make-smbclnt
@@ -239,6 +239,7 @@ do_tags() {
do_tar() {
git_rev=`git rev-parse --short=8 HEAD`
files="
+etc/security/exec_attr.d/SUNWsmbfs
lib/svc/manifest/network/smb/client.xml
lib/svc/method/smb-client
usr/bin/smbutil