/* this is umount replacement to mnt_context_apply_fstab(), use
* mnt_context_tab_applied() to check result.
*/
static int lookup_umount_fs(struct libmnt_context *cxt)
{
const char *tgt;
struct stat st;
struct libmnt_fs *fs = NULL;
int rc = 0;
assert(cxt);
assert(cxt->fs);
tgt = mnt_fs_get_target(cxt->fs);
if (!tgt) {
DBG(CXT, ul_debugobj(cxt, "umount: undefined target"));
return -EINVAL;
}
/*
* Let's try to avoid mountinfo usage at all to minimize performance
* degradation. Don't forget that kernel has to compose *whole*
* mountinfo about all mountpoints although we look for only one entry.
*
* All we need is fstype and to check if there is no userspace mount
* options for the target (e.g. helper=udisks to call /sbin/umount.udisks).
*
* So, let's use statfs() if possible (it's bad idea for --lazy/--force
* umounts as target is probably unreachable NFS, also for --detach-loop
* as this additionally needs to know the name of the loop device).
*/
if (!mnt_context_is_restricted(cxt)
&& *tgt == '/'
&& !(cxt->flags & MNT_FL_HELPER)
&& !mnt_context_mtab_writable(cxt)
&& !mnt_context_is_force(cxt)
&& !mnt_context_is_lazy(cxt)
&& !mnt_context_is_loopdel(cxt)
&& mnt_stat_mountpoint(tgt, &st) == 0 && S_ISDIR(st.st_mode)
&& !has_utab_entry(cxt, tgt)) {
const char *type = mnt_fs_get_fstype(cxt->fs);
/* !mnt_context_mtab_writable(cxt) && has_utab_entry() verified that there
* is no stuff in utab, so disable all mtab/utab related actions */
mnt_context_disable_mtab(cxt, TRUE);
if (!type) {
struct statfs vfs;
if (statfs(tgt, &vfs) == 0)
type = mnt_statfs_get_fstype(&vfs);
if (type) {
rc = mnt_fs_set_fstype(cxt->fs, type);
if (rc)
return rc;
}
}
if (type) {
DBG(CXT, ul_debugobj(cxt,
"umount: mountinfo unnecessary [type=%s]", type));
return 0;
}
}
rc = mnt_context_find_umount_fs(cxt, tgt, &fs);
if (rc < 0)
return rc;
if (rc == 1 || !fs) {
DBG(CXT, ul_debugobj(cxt, "umount: cannot find '%s' in mtab", tgt));
return 0; /* this is correct! */
}
if (fs != cxt->fs) {
/* copy from mtab to our FS description
*/
mnt_fs_set_source(cxt->fs, NULL);
mnt_fs_set_target(cxt->fs, NULL);
if (!mnt_copy_fs(cxt->fs, fs)) {
DBG(CXT, ul_debugobj(cxt, "umount: failed to copy FS"));
return -errno;
}
DBG(CXT, ul_debugobj(cxt, "umount: mtab applied"));
}
cxt->flags |= MNT_FL_TAB_APPLIED;
return rc;
}
/*
* Note that cxt->fs contains relevant mtab entry!
*/
static int evaluate_permissions(struct libmnt_context *cxt)
{
struct libmnt_table *fstab;
unsigned long u_flags = 0;
const char *tgt, *src, *optstr;
int rc, ok = 0;
struct libmnt_fs *fs;
assert(cxt);
assert(cxt->fs);
assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED));
if (!cxt || !cxt->fs)
return -EINVAL;
if (!mnt_context_is_restricted(cxt))
return 0; /* superuser mount */
DBG(CXT, mnt_debug_h(cxt, "umount: evaluating permissions"));
if (!(cxt->flags & MNT_FL_TAB_APPLIED)) {
DBG(CXT, mnt_debug_h(cxt,
"cannot find %s in mtab and you are not root",
mnt_fs_get_target(cxt->fs)));
goto eperm;
}
if (cxt->user_mountflags & MNT_MS_UHELPER) {
/* on uhelper= mount option based helper */
rc = prepare_helper_from_options(cxt, "uhelper");
if (rc)
return rc;
if (cxt->helper)
return 0; /* we'll call /sbin/umount.<uhelper> */
}
/*
* User mounts has to be in /etc/fstab
*/
rc = mnt_context_get_fstab(cxt, &fstab);
if (rc)
return rc;
tgt = mnt_fs_get_target(cxt->fs);
src = mnt_fs_get_source(cxt->fs);
if (mnt_fs_get_bindsrc(cxt->fs)) {
src = mnt_fs_get_bindsrc(cxt->fs);
DBG(CXT, mnt_debug_h(cxt,
"umount: using bind source: %s", src));
}
/* If fstab contains the two lines
* /dev/sda1 /mnt/zip auto user,noauto 0 0
* /dev/sda4 /mnt/zip auto user,noauto 0 0
* then "mount /dev/sda4" followed by "umount /mnt/zip" used to fail.
* So, we must not look for file, but for the pair (dev,file) in fstab.
*/
fs = mnt_table_find_pair(fstab, src, tgt, MNT_ITER_FORWARD);
if (!fs) {
/*
* It's possible that there is /path/file.img in fstab and
* /dev/loop0 in mtab -- then we have to check releation
* between loopdev and the file.
*/
fs = mnt_table_find_target(fstab, tgt, MNT_ITER_FORWARD);
if (fs) {
const char *dev = mnt_fs_get_srcpath(cxt->fs); /* devname from mtab */
if (!dev || !is_associated_fs(dev, fs))
fs = NULL;
}
if (!fs) {
DBG(CXT, mnt_debug_h(cxt,
"umount %s: mtab disagrees with fstab",
tgt));
goto eperm;
}
}
/*
* User mounting and unmounting is allowed only if fstab contains one
* of the options `user', `users' or `owner' or `group'.
*
* The option `users' allows arbitrary users to mount and unmount -
* this may be a security risk.
*
* The options `user', `owner' and `group' only allow unmounting by the
* user that mounted (visible in mtab).
*/
optstr = mnt_fs_get_user_options(fs); /* FSTAB mount options! */
if (!optstr)
goto eperm;
if (mnt_optstr_get_flags(optstr, &u_flags,
mnt_get_builtin_optmap(MNT_USERSPACE_MAP)))
goto eperm;
if (u_flags & MNT_MS_USERS) {
DBG(CXT, mnt_debug_h(cxt,
"umount: promiscuous setting ('users') in fstab"));
return 0;
}
/*
* Check user=<username> setting from mtab if there is user, owner or
* group option in /etc/fstab
*/
if (u_flags & (MNT_MS_USER | MNT_MS_OWNER | MNT_MS_GROUP)) {
char *curr_user = NULL;
char *mtab_user = NULL;
size_t sz;
DBG(CXT, mnt_debug_h(cxt,
"umount: checking user=<username> from mtab"));
curr_user = mnt_get_username(getuid());
if (!curr_user) {
DBG(CXT, mnt_debug_h(cxt, "umount %s: cannot "
"convert %d to username", tgt, getuid()));
goto eperm;
}
/* get options from mtab */
optstr = mnt_fs_get_user_options(cxt->fs);
if (optstr && !mnt_optstr_get_option(optstr,
"user", &mtab_user, &sz) && sz)
ok = !strncmp(curr_user, mtab_user, sz);
}
if (ok) {
DBG(CXT, mnt_debug_h(cxt, "umount %s is allowed", tgt));
return 0;
}
eperm:
DBG(CXT, mnt_debug_h(cxt, "umount is not allowed for you"));
return -EPERM;
}
/*
* this has to be called before fix_optstr()
*/
static int evaluate_permissions(struct libmnt_context *cxt)
{
unsigned long u_flags = 0;
assert(cxt);
assert(cxt->fs);
assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED));
if (!cxt)
return -EINVAL;
if (!cxt->fs)
return 0;
DBG(CXT, mnt_debug_h(cxt, "mount: evaluating permissions"));
mnt_context_get_user_mflags(cxt, &u_flags);
if (!mnt_context_is_restricted(cxt)) {
/*
* superuser mount
*/
cxt->user_mountflags &= ~MNT_MS_OWNER;
cxt->user_mountflags &= ~MNT_MS_GROUP;
cxt->user_mountflags &= ~MNT_MS_USER;
cxt->user_mountflags &= ~MNT_MS_USERS;
} else {
/*
* user mount
*/
if (!(cxt->flags & MNT_FL_TAB_APPLIED))
{
DBG(CXT, mnt_debug_h(cxt, "perms: fstab not applied, ignore user mount"));
return -EPERM;
}
/*
* Note that MS_OWNERSECURE and MS_SECURE mount options
* are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags()
*/
/*
* MS_OWNER: Allow owners to mount when fstab contains the
* owner option. Note that this should never be used in a high
* security environment, but may be useful to give people at
* the console the possibility of mounting a floppy. MS_GROUP:
* Allow members of device group to mount. (Martin Dickopp)
*/
if (u_flags & (MNT_MS_OWNER | MNT_MS_GROUP)) {
struct stat sb;
struct libmnt_cache *cache = NULL;
char *xsrc = NULL;
const char *srcpath = mnt_fs_get_srcpath(cxt->fs);
if (!srcpath) { /* Ah... source is TAG */
cache = mnt_context_get_cache(cxt);
xsrc = mnt_resolve_spec(
mnt_context_get_source(cxt),
cache);
srcpath = xsrc;
}
if (!srcpath) {
DBG(CXT, mnt_debug_h(cxt, "perms: src undefined"));
return -EPERM;
}
if (strncmp(srcpath, "/dev/", 5) == 0 &&
stat(srcpath, &sb) == 0 &&
(((u_flags & MNT_MS_OWNER) && getuid() == sb.st_uid) ||
((u_flags & MNT_MS_GROUP) && mnt_in_group(sb.st_gid))))
cxt->user_mountflags |= MNT_MS_USER;
if (!cache)
free(xsrc);
}
if (!(cxt->user_mountflags & (MNT_MS_USER | MNT_MS_USERS))) {
DBG(CXT, mnt_debug_h(cxt, "permissions evaluation ends with -EPERMS"));
return -EPERM;
}
}
return 0;
}