zuluCrypt  5.7.1
About: zuluCrypt is a simple but feature rich solution for hard drives encryption. It can manage PLAIN dm-crypt, LUKS, TrueCrypt and VeraCrypt encrypted volumes.
  Fossies Dox: zuluCrypt-5.7.1.tar.xz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

mount_flags.c
Go to the documentation of this file.
1 /*
2  *
3  * Copyright (c) 2012-2015
4  * name : Francis Banyikwa
5  * email: mhogomchungu@gmail.com
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include <sys/mount.h>
21 #include <sys/types.h>
22 #include <unistd.h>
23 #include <string.h>
24 #include "includes.h"
25 
26 #define MOUNT_WITH_NOEXEC_BY_DEFAULT 0
27 
28 static int _user_has_no_access( uid_t uid )
29 {
30  if( uid == 0 ){
31 
32  return 0 ;
33  }else{
34  /*
35  * zuluCryptUserIsAMemberOfAGroup() is defined in security.c
36  */
37  return !zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ;
38  }
39 }
40 
41 int zuluCryptMountFlagsAreNotCorrect( const char * mode,uid_t uid,unsigned long * flags )
42 {
43  unsigned long flg = 0 ;
44 
45  if( mode == NULL ){
46 
47  flg |= MS_NODEV | MS_NOSUID | MS_NOEXEC | MS_RELATIME ;
48  *flags = flg ;
49  return 0 ;
50  }
51  if( StringHasComponent( mode,"ro" ) ){
52 
53  flg |= MS_RDONLY ;
54  }
55  if( StringHasComponent( mode,"dev" ) ){
56 
57  if( _user_has_no_access( uid ) ){
58 
59  return 1 ;
60  }
61  }else{
62  flg |= MS_NODEV ;
63  }
64 #if MOUNT_WITH_NOEXEC_BY_DEFAULT
65  if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount-exec" ) ){
66 
67  /*
68  * user is a member of a group,mount volume with exec option by default
69  */
70  if( StringHasComponent( mode,"noexec" ) ){
71  /*
72  * user with access wish to mount a volume without it
73  */
74  flg |= MS_NOEXEC ;
75  }
76  }else{
77  if( StringHasComponent( mode,"exec" ) ){
78 
79  if( _user_has_no_access( uid ) ){
80 
81  return 1 ;
82  }
83  }else{
84  flg |= MS_NOEXEC ;
85  }
86  }
87 #else
88  if( StringHasComponent( mode,"noexec" ) ){
89  /*
90  * user with access wish to mount a volume without it
91  */
92  flg |= MS_NOEXEC ;
93  }
94 #endif
95  if( StringHasComponent( mode,"suid" ) ){
96 
97  if( _user_has_no_access( uid ) ){
98 
99  return 1 ;
100  }
101  }else{
102  flg |= MS_NOSUID ;
103  }
104  if( StringHasComponent( mode,"bind" ) ){
105 
106  if( _user_has_no_access( uid ) ){
107 
108  return 1 ;
109  }
110  flg |= MS_BIND ;
111  }
112  if( StringHasComponent( mode,"mandlock" ) ){
113 
114  if( _user_has_no_access( uid ) ){
115 
116  return 1 ;
117  }
118  flg |= MS_MANDLOCK ;
119  }
120  if( StringHasComponent( mode,"move" ) ){
121 
122  if( _user_has_no_access( uid ) ){
123 
124  return 1 ;
125  }
126  flg |= MS_MOVE ;
127  }
128  if( StringHasComponent( mode,"noatime" ) ){
129 
130  if( _user_has_no_access( uid ) ){
131 
132  return 1 ;
133  }
134  flg |= MS_NOATIME ;
135  }
136  if( StringHasComponent( mode,"strictatime" ) ){
137 
138  if( _user_has_no_access( uid ) ){
139 
140  return 1 ;
141  }
142  flg |= MS_STRICTATIME ;
143  }
144  if( flg & MS_NOATIME ){
145  /*
146  * MS_NOATIME flag is set by user,use it instead of MS_RELATIME
147  */
148  ;
149  }else if( flg & MS_STRICTATIME ){
150  /*
151  * MS_STRICTATIME flag is set by user,use it instead of MS_RELATIME
152  */
153  ;
154  }else{
155  /*
156  * MS_NOATIME flag not set,autoset MS_RELATIME flag as the default flag
157  */
158  flg |= MS_RELATIME ;
159  }
160 #if 0
161  /*
162  * done check for this one since its a default option set above
163  */
164  if( StringHasComponent( mode,"relatime" ) ){
165 
166  if( _user_has_no_access( uid ) ){
167 
168  return 1 ;
169  }
170  flg |= MS_RELATIME ;
171  }
172 #endif
173  if( StringHasComponent( mode,"nodiratime" ) ){
174 
175  if( _user_has_no_access( uid ) ){
176 
177  return 1 ;
178  }
179  flg |= MS_NODIRATIME ;
180  }
181  if( StringHasComponent( mode,"remount" ) ){
182 
183  if( _user_has_no_access( uid ) ){
184 
185  return 1 ;
186  }
187  flg |= MS_REMOUNT ;
188  }
189  if( StringHasComponent( mode,"silent" ) ){
190 
191  if( _user_has_no_access( uid ) ){
192 
193  return 1 ;
194  }
195  flg |= MS_SILENT ;
196  }
197  if( StringHasComponent( mode,"synchronous" ) ){
198 
199  if( _user_has_no_access( uid ) ){
200 
201  return 1 ;
202  }
203  flg |= MS_SYNCHRONOUS ;
204  }
205  *flags = flg ;
206  return 0 ;
207 }
_user_has_no_access
static int _user_has_no_access(uid_t uid)
Definition: mount_flags.c:28
zuluCryptUserIsAMemberOfAGroup
int zuluCryptUserIsAMemberOfAGroup(uid_t uid, const char *groupname)
Definition: mount_fs_options.c:172
StringHasComponent
static __inline__ int StringHasComponent(const char *x, const char *y)
Definition: String.h:964
zuluCryptMountFlagsAreNotCorrect
int zuluCryptMountFlagsAreNotCorrect(const char *mode, uid_t uid, unsigned long *flags)
Definition: mount_flags.c:41
includes.h