diff options
| author | Miklos Szeredi <miklos@szeredi.hu> | 2005-01-17 09:46:28 +0000 |
|---|---|---|
| committer | Miklos Szeredi <miklos@szeredi.hu> | 2005-01-17 09:46:28 +0000 |
| commit | 7db35c06de2b6803b79bf9012b9cea5a939d2d18 (patch) | |
| tree | 1cc159fde38a2b1bc96885009ff8bb54ae69f16b | |
| parent | dbe0f6584164fe60b6eac6ffc4cd097b978e33a0 (diff) | |
| download | fuse-7db35c06de2b6803b79bf9012b9cea5a939d2d18.tar.gz | |
fix
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | kernel/dev.c | 4 | ||||
| -rw-r--r-- | util/Makefile.am | 3 | ||||
| -rw-r--r-- | util/fusermount.c | 162 | ||||
| -rw-r--r-- | util/mount.fuse | 85 |
5 files changed, 64 insertions, 196 deletions
@@ -1,3 +1,9 @@ +2005-01-17 Miklos Szeredi <miklos@szeredi.hu> + + * fusermount: remove capability setting, which was the cause of + problems for some users. It seems that FS related capabilities + are removed by setfsuid(), so this isn't even needed. + 2005-01-15 Miklos Szeredi <miklos@szeredi.hu> * fix compilation on 2.4 kernels (reported by Valient Gough) diff --git a/kernel/dev.c b/kernel/dev.c index f7ea7a2..3cfe1e7 100644 --- a/kernel/dev.c +++ b/kernel/dev.c @@ -138,7 +138,7 @@ struct fuse_req *fuse_get_request_nonint(struct fuse_conn *fc) return intr ? NULL : do_get_request(fc); } -void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req) +static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req) { if (!req->preallocated) fuse_request_free(req); @@ -312,7 +312,7 @@ void request_send_nonint(struct fuse_conn *fc, struct fuse_req *req) request_send_wait(fc, req, 0); } -void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) +static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) { spin_lock(&fuse_lock); if (fc->file) { diff --git a/util/Makefile.am b/util/Makefile.am index bce6a4a..48f9957 100644 --- a/util/Makefile.am +++ b/util/Makefile.am @@ -7,6 +7,3 @@ fusermount_SOURCES = fusermount.c install-exec-hook: -chown root $(DESTDIR)$(bindir)/fusermount -chmod u+s $(DESTDIR)$(bindir)/fusermount - -EXTRA_DIST = \ - mount.fuse diff --git a/util/fusermount.c b/util/fusermount.c index d1568d5..73893a1 100644 --- a/util/fusermount.c +++ b/util/fusermount.c @@ -61,92 +61,32 @@ static const char *get_user_name() } } -#ifndef USE_UCLIBC -/* Until there is a nice interface for capabilities in _libc_, this will -remain here. I don't think it is fair to expect users to compile libcap -for this program. And anyway what's all this fuss about versioning the -kernel interface? It is quite good as is. */ -#define _LINUX_CAPABILITY_VERSION 0x19980330 - -typedef struct user_cap_header_struct { - unsigned int version; - int pid; -} *cap_user_header_t; - -typedef struct user_cap_data_struct { - unsigned int effective; - unsigned int permitted; - unsigned int inheritable; -} *cap_user_data_t; - -int capget(cap_user_header_t header, cap_user_data_t data); -int capset(cap_user_header_t header, cap_user_data_t data); - -#define CAP_SYS_ADMIN 21 - static uid_t oldfsuid; static gid_t oldfsgid; -static struct user_cap_data_struct oldcaps; static int drop_privs(void) { - int res; - struct user_cap_header_struct head; - struct user_cap_data_struct newcaps; - - head.version = _LINUX_CAPABILITY_VERSION; - head.pid = 0; - res = capget(&head, &oldcaps); - if (res == -1) { - fprintf(stderr, "%s: failed to get capabilities: %s\n", progname, - strerror(errno)); - return -1; - } - oldfsuid = setfsuid(getuid()); oldfsgid = setfsgid(getgid()); - newcaps = oldcaps; - /* Keep CAP_SYS_ADMIN for mount */ - newcaps.effective &= (1 << CAP_SYS_ADMIN); - - head.version = _LINUX_CAPABILITY_VERSION; - head.pid = 0; - res = capset(&head, &newcaps); - if (res == -1) { - setfsuid(oldfsuid); - setfsgid(oldfsgid); - fprintf(stderr, "%s: failed to set capabilities: %s\n", progname, - strerror(errno)); - return -1; - } return 0; } static void restore_privs(void) { - struct user_cap_header_struct head; - int res; - - head.version = _LINUX_CAPABILITY_VERSION; - head.pid = 0; - res = capset(&head, &oldcaps); - if (res == -1) - fprintf(stderr, "%s: failed to restore capabilities: %s\n", progname, - strerror(errno)); - setfsuid(oldfsuid); setfsgid(oldfsgid); } -#else /* USE_UCLIBC */ -static int drop_privs(void) -{ - return 0; -} -static void restore_privs(void) + +static int do_unmount(const char *mnt, int quiet, int lazy) { + int res = umount2(mnt, lazy ? 2 : 0); + if (res == -1) { + if (!quiet) + fprintf(stderr, "%s: failed to unmount %s: %s\n", + progname, mnt, strerror(errno)); + } + return res; } -#endif /* USE_UCLIBC */ - #ifndef USE_UCLIBC /* use a lock file so that multiple fusermount processes don't try and @@ -296,8 +236,8 @@ static int count_fuse_fs() return count; } -static int do_unmount(const char *mnt, int quiet, int lazy, const char *mtab, - const char *mtab_new) +static int unmount_rename(const char *mnt, int quiet, int lazy, + const char *mtab, const char *mtab_new) { int res; @@ -306,13 +246,10 @@ static int do_unmount(const char *mnt, int quiet, int lazy, const char *mtab, if (res == -1) return -1; } - res = umount2(mnt, lazy ? 2 : 0); - if (res == -1) { - if (!quiet) - fprintf(stderr, "%s: failed to unmount %s: %s\n", - progname, mnt, strerror(errno)); + res = do_unmount(mnt, quiet, lazy); + if (res == -1) return -1; - } + if (getuid() != 0) restore_privs(); @@ -335,14 +272,44 @@ static int unmount_fuse(const char *mnt, int quiet, int lazy) if (res == -1) return -1; - res = do_unmount(mnt, quiet, lazy, mtab, mtab_new); + res = unmount_rename(mnt, quiet, lazy, mtab, mtab_new); if (res == -1) { unlink(mtab_new); return -1; } return 0; } -#endif /* USE_UCLIBC */ +#else /* USE_UCLIBC */ +static int lock_mtab() +{ + return 0; +} + +static void unlock_mtab(int mtablock) +{ + (void) mtablock; +} + +static int count_fuse_fs() +{ + return 0; +} + +static int add_mount(const char *fsname, const char *mnt, const char *type, + const char *opts) +{ + (void) fsname; + (void) mnt; + (void) type; + (void) opts; + return 0; +} + +static int unmount_fuse(const char *mnt, int quiet, int lazy) +{ + return do_unmount(mnt, quiet, lazy); +} +#endif static void strip_line(char *line) { @@ -644,6 +611,7 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *currdir_fd) { int res; const char *mnt = *mntp; + const char *origmnt; res = lstat(mnt, stbuf); if (res == -1) { @@ -674,24 +642,25 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *currdir_fd) progname, strerror(errno)); return -1; } + origmnt = mnt; mnt = *mntp = "."; res = lstat(mnt, stbuf); if (res == -1) { fprintf(stderr, "%s: failed to access mountpoint %s: %s\n", - progname, mnt, strerror(errno)); + progname, origmnt, strerror(errno)); return -1; } if ((stbuf->st_mode & S_ISVTX) && stbuf->st_uid != getuid()) { fprintf(stderr, "%s: mountpoint %s not owned by user\n", - progname, mnt); + progname, origmnt); return -1; } res = access(mnt, W_OK); if (res == -1) { fprintf(stderr, "%s: user has no write access to mountpoint %s\n", - progname, mnt); + progname, origmnt); return -1; } @@ -821,7 +790,6 @@ static int mount_fuse(const char *mnt, const char *opts) if (fd == -1) return -1; -#ifndef USE_UCLIBC if (geteuid() == 0) { mtablock = lock_mtab(); if (mtablock < 0) { @@ -829,15 +797,12 @@ static int mount_fuse(const char *mnt, const char *opts) return -1; } } -#endif if (getuid() != 0) { res = drop_privs(); if (res == -1) { close(fd); -#ifndef USE_UCLIBC unlock_mtab(mtablock); -#endif return -1; } } @@ -849,9 +814,7 @@ static int mount_fuse(const char *mnt, const char *opts) if (mount_count >= mount_max) { fprintf(stderr, "%s: too many FUSE filesystems mounted; mount_max=N can be set in /etc/fuse.conf\n", progname); close(fd); -#ifndef USE_UCLIBC unlock_mtab(mtablock); -#endif return -1; } } @@ -869,9 +832,7 @@ static int mount_fuse(const char *mnt, const char *opts) if (res == -1) { close(fd); -#ifndef USE_UCLIBC unlock_mtab(mtablock); -#endif return -1; } @@ -880,7 +841,6 @@ static int mount_fuse(const char *mnt, const char *opts) close(currdir_fd); } -#ifndef USE_UCLIBC if (geteuid() == 0) { res = add_mount(fsname, mnt, type, mnt_opts); unlock_mtab(mtablock); @@ -890,7 +850,6 @@ static int mount_fuse(const char *mnt, const char *opts) return -1; } } -#endif free(fsname); free(mnt_opts); @@ -937,7 +896,7 @@ static char *resolve_path(const char *orig) tmp[0] = '\0'; } if (realpath(toresolv, buf) == NULL) { - fprintf(stderr, "%s: Bad mount point %s: %s\n", progname, orig, + fprintf(stderr, "%s: bad mount point %s: %s\n", progname, orig, strerror(errno)); free(copy); return NULL; @@ -1038,7 +997,7 @@ int main(int argc, char *argv[]) case 'o': a++; if (a == argc) { - fprintf(stderr, "%s: Missing argument to -o\n", progname); + fprintf(stderr, "%s: missing argument to -o\n", progname); exit(1); } opts = argv[a]; @@ -1057,14 +1016,14 @@ int main(int argc, char *argv[]) break; default: - fprintf(stderr, "%s: Unknown option %s\n", progname, argv[a]); + fprintf(stderr, "%s: unknown option %s\n", progname, argv[a]); fprintf(stderr, "Try `%s -h' for more information\n", progname); exit(1); } } if (a == argc) { - fprintf(stderr, "%s: Missing mountpoint argument\n", progname); + fprintf(stderr, "%s: missing mountpoint argument\n", progname); exit(1); } @@ -1084,21 +1043,12 @@ int main(int argc, char *argv[]) restore_privs(); if (unmount) { -#ifndef USE_UCLIBC if (geteuid() == 0) { int mtablock = lock_mtab(); res = unmount_fuse(mnt, quiet, lazy); unlock_mtab(mtablock); } else -#endif - { - res = umount2(mnt, lazy ? 2 : 0); - if (res == -1) { - if (!quiet) - fprintf(stderr, "%s: failed to unmount %s: %s\n", - progname, mnt, strerror(errno)); - } - } + res = do_unmount(mnt, quiet, lazy); if (res == -1) exit(1); return 0; diff --git a/util/mount.fuse b/util/mount.fuse deleted file mode 100644 index 4ec1409..0000000 --- a/util/mount.fuse +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/env python -#@+leo-ver=4 -#@+node:@file mount.fuse -#@@first #!/usr/bin/env python - -""" -This utility allows FUSE filesystems to be mounted with the regular *nix -'mount' command, or even be listed in /etc/fstab - -To enable this, you need to: - 1. set execute-permission on this script - 2. symlink this script into /sbin/mount.fuse - -Usage: - - You can use this in 3 ways: - 1. mount -t fuse /path/to/script/or/program /path/of/mount/point [options] - 2. mount -t fuse none /path/of/mount/point -o fs=/path/to/script/or/prog[,opt=val...] - 3. in /etc/fstab, add: - /path/to/script/or/prog /path/of/mount/point fuse noauto[,...] -""" - -import sys, os, time - -progname = sys.argv[0] - -def usage(ret): - print "Usage: %s /path/to/fuse/fs /path/of/mountpoint [-o options]" % progname - print "or: %s none /path/of/mountpoint [-o fs=/path/to/fuse/fs[,...]]" % progname - sys.exit(ret) - -def main(): - - # initial sanity check - argc = len(sys.argv) - if argc < 3 or sys.argv[3] != "-o": - usage(1) - - dev = sys.argv[1] - mountpoint = sys.argv[2] - - # grab options, if any - optdict = {} - optlist = [] - if argc > 4: - odata = sys.argv[4] - opts = odata.split(",") - #print opts - for o in opts: - try: - k, v = o.split("=", 1) - optdict[k] = v - except: - optlist.append(o) - else: - odata = "" - - #print sys.argv - if dev == 'none': - if not optdict.has_key("fs"): - print "%s: Must specify python file with 'fs' option\n" % progname - usage(1) - pyfile = optdict['fs'] - else: - pyfile = dev - - if not os.path.isfile(pyfile): - print "%s: file %s doesn't exist, or is not a file" % (progname, pyfile) - sys.exit(1) - pypath = os.path.abspath(pyfile) - - #print optdict, optlist - - # all seems ok - run our fuse fs as a child - if os.fork() == 0: - os.system("fusermount -c -x %s %s %s %s" % (mountpoint, pypath, mountpoint, odata)) - else: - #print "parent exiting..." - pass - -if __name__ == '__main__': - main() - -#@-node:@file mount.fuse -#@-leo |