zuluCrypt  5.7.1
About: zuluCrypt is a simple but feature rich solution for hard drives encryption. It can manage PLAIN dm-crypt, LUKS, TrueCrypt and VeraCrypt encrypted volumes.
  Fossies Dox: zuluCrypt-5.7.1.tar.xz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

mount_fs_options.c
Go to the documentation of this file.
1 /*
2  *
3  * Copyright (c) 2013-2015
4  * name : Francis Banyikwa
5  * email: mhogomchungu@gmail.com
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "../bin/includes.h"
21 
22 #include <sys/types.h>
23 #include <pwd.h>
24 #include <grp.h>
25 
26 static int _fileSystemIsSupported( const char * fs )
27 {
28  string_t xt = StringGetFromVirtualFile( "/proc/filesystems" ) ;
29 
30  stringList_t stl = StringListStringSplit( xt,'\n' ) ;
31 
33 
34  StringListIterator end ;
35 
36  int r = 0 ;
37 
38  StringDelete( &xt ) ;
39 
40  StringListGetIterators( stl,&it,&end ) ;
41 
42  while( it != end ){
43 
44  xt = *it ;
45 
46  it++ ;
47 
48  if( !StringStartsWith( xt,"nodev" ) ){
49 
50  if( StringContains( xt,fs ) ){
51 
52  r = 1 ;
53 
54  break ;
55  }
56  }
57  }
58 
59  StringListDelete( &stl ) ;
60 
61  return r ;
62 }
63 
64 int zulucryptFileSystemIsSupported( const char * fs )
65 {
66  const char * f[] = { "none","xfs","ntfs","vfat","exfat","msdos","umsdos","affs","hfs","iso9660","jfs","jfs",
67  "romfs","udf","ext2","ext3","ext4","reiserfs","reiser4","btrfs","squashfs","btrfs",NULL } ;
68 
69  const char ** e = f ;
70 
71  if( fs == NULL ){
72  return 0 ;
73  }else{
74  while( 1 ){
75 
76  if( *e == NULL ){
77 
78  return _fileSystemIsSupported( fs ) ;
79 
80  }else if( StringsAreEqual( fs,*e ) ){
81 
82  return 1 ;
83  }else{
84  e++ ;
85  }
86  }
87  }
88 }
89 
90 static inline int _check_options( const char ** e,stringList_t stl )
91 {
92  while( *e != NULL ){
93 
95 
96  e++ ;
97  }
98  return StringListSize( stl ) > 0 ;
99 }
100 
101 static inline int allowed_vfat( stringList_t stl )
102 {
103  /*
104  * is it ok to allow one user to mount a volume with another user as owner of files and folders?
105  */
106  const char * f[] = { "uid=","gid=","shortname=","dmask=","umask=","fmask=","utf8","iocharset=",NULL } ;
107  return _check_options( f,stl ) ;
108 }
109 
110 static inline int allowed_ntfs( stringList_t stl )
111 {
112  const char * f[] = { "uid=","gui=","umask=","dmask=","fmask=","dmask=","locale=","norecover",
113  "ignore_case","windows_names","compression","nocompression","ignore_case","windows_names",NULL } ;
114  return _check_options( f,stl ) ;
115 }
116 
117 static inline int allowed_iso9660( stringList_t stl )
118 {
119  const char * f[] = { "norock","nojoliet","fmask=","iocharset=","mode=","dmode=",NULL } ;
120  return _check_options( f,stl ) ;
121 }
122 
123 static inline int allowed_udf( stringList_t stl )
124 {
125  const char * f[] = { "iocharset=","umask=",NULL } ;
126  return _check_options( f,stl ) ;
127 }
128 
129 static inline int allowed_btrfs( stringList_t stl )
130 {
131  const char * f[] = { "subvol=","subvolid=",NULL } ;
132  return _check_options( f,stl ) ;
133 }
134 
135 static inline int _option_contain_not_allowed( const char * fs,const char * fs_opts )
136 {
137  stringList_t stl = StringListSplit( fs_opts,',' ) ;
138 
139  int r = 1 ;
140 
141  if( stl != StringListVoid ){
142  if( StringHasAtLeastOneComponent_1( fs,"fat","dos",NULL ) ){
143 
144  r = allowed_vfat( stl ) ;
145 
146  }else if( StringsAreEqual( fs,"ntfs" ) ){
147 
148  r = allowed_ntfs( stl ) ;
149 
150  }else if( StringsAreEqual( fs,"udf" ) ){
151 
152  r = allowed_udf( stl ) ;
153 
154  }else if( StringsAreEqual( fs,"iso9660" ) ){
155 
156  r = allowed_iso9660( stl ) ;
157 
158  }else if( StringsAreEqual( fs,"btrfs" ) ){
159 
160  r = allowed_btrfs( stl ) ;
161  }else{
162  r = 1 ;
163  }
164  StringListDelete( &stl ) ;
165  }else{
166  r = 1 ;
167  }
168 
169  return r ;
170 }
171 
172 int zuluCryptUserIsAMemberOfAGroup( uid_t uid,const char * groupname )
173 {
174  int i ;
175 
176  struct group * grp ;
177  struct passwd * pass ;
178 
179  const char * e ;
180 
181  if( groupname == NULL ){
182 
183  return 0 ;
184 
185  }else if( uid == 0 ){
186 
187  return 1 ;
188  }else{
189  pass = getpwuid( uid ) ;
190 
191  if( pass == NULL ){
192 
193  return 0 ;
194  }else{
195  grp = getgrnam( groupname ) ;
196 
197  if( grp == NULL ){
198 
199  return 0 ;
200  }else{
201  for( i = 0 ; ; i++ ){
202 
203  e = *( grp->gr_mem + i ) ;
204 
205  if( e == NULL ){
206 
207  return 0 ;
208  }else{
209  if( StringsAreEqual( e,pass->pw_name ) ){
210 
211  return 1 ;
212  }
213  }
214  }
215 
216  return 0 ;
217  }
218  }
219  }
220 }
221 
222 static inline int _userIsAllowed( uid_t uid,const char * fs )
223 {
224  if( fs ){;}
225 
226  if( uid == 0 ){
227  /*
228  * cant say No to root
229  */
230  return 1 ;
231  }else{
232  /*
233  * user is attempting to use not supported file system options.Allow them only if
234  * they are a member of a supported group
235  */
236  return zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ;
237  }
238 }
239 
240 int zuluCryptMountHasNotAllowedFileSystemOptions( uid_t uid,const char * fs_opts,string_t s )
241 {
242  const char * fs = StringContent( s ) ;
243 
244  if( fs == NULL ){
245  /*
246  * cant mount a volume with no file system,shouldnt even get here
247  */
248  return 1 ;
249  }
250 
251  if( zulucryptFileSystemIsSupported( fs ) ){
252  /*
253  * file system is supported
254  */
255  if( fs_opts == NULL ){
256  /*
257  * file system is supported and user did not change default fs option.
258  * return early with success
259  */
260  return 0 ;
261  }
262 
263  if( _option_contain_not_allowed( fs,fs_opts ) ){
264  /*
265  * file system options are not supported,only privileged users should be allowed to mount
266  */
267  if( _userIsAllowed( uid,fs ) ){
268  /*
269  * user is allowed to use non default fs options
270  */
271  return 0 ;
272  }else{
273  /*
274  * user not allowed to use non default fs options
275  */
276  return 1 ;
277  }
278  }else{
279  /*
280  * supported file system with default options,allow it
281  */
282  return 0 ;
283  }
284  }else{
285  /*
286  * not supported file system
287  */
288  if( _userIsAllowed( uid,fs ) ){
289  /*
290  * user is allowed to use a not supported file system.
291  * We cant check for supported fs options in a non supported file system so just return
292  * with success.
293  */
294  return 0 ;
295  }else{
296  /*
297  * user not allowed to use the file system,return early with error since we cant support
298  * file system options in a not supported file system
299  */
300  return 1 ;
301  }
302  }
303 }
StringListVoid
#define StringListVoid
Definition: StringList.h:41
allowed_vfat
static int allowed_vfat(stringList_t stl)
Definition: mount_fs_options.c:101
StringGetFromVirtualFile
string_t StringGetFromVirtualFile(const char *path)
Definition: String.c:2050
_fileSystemIsSupported
static int _fileSystemIsSupported(const char *fs)
Definition: mount_fs_options.c:26
zuluCryptUserIsAMemberOfAGroup
int zuluCryptUserIsAMemberOfAGroup(uid_t uid, const char *groupname)
Definition: mount_fs_options.c:172
_option_contain_not_allowed
static int _option_contain_not_allowed(const char *fs, const char *fs_opts)
Definition: mount_fs_options.c:135
zulucryptFileSystemIsSupported
int zulucryptFileSystemIsSupported(const char *fs)
Definition: mount_fs_options.c:64
StringStartsWith
int StringStartsWith(string_t st, const char *s)
Definition: String.c:821
StringListSize
size_t StringListSize(stringList_t stl)
Definition: StringList.c:492
StringListGetIterators
void StringListGetIterators(stringList_t stl, StringListIterator *begin, StringListIterator *end)
Definition: StringList.c:210
allowed_udf
static int allowed_udf(stringList_t stl)
Definition: mount_fs_options.c:123
StringListDelete
void StringListDelete(stringList_t *stl)
Definition: StringList.c:1184
StringListStringSplit
stringList_t StringListStringSplit(string_t st, char splitter)
Definition: StringList.c:483
StringsAreEqual
#define StringsAreEqual(x, y)
Definition: zuluSafe.c:46
StringContains
int StringContains(string_t st, const char *str)
Definition: String.c:420
StringContent
static const __inline__ char * StringContent(string_t st)
Definition: String.h:1011
StringType
Definition: String.c:49
zuluCryptMountHasNotAllowedFileSystemOptions
int zuluCryptMountHasNotAllowedFileSystemOptions(uid_t uid, const char *fs_opts, string_t s)
Definition: mount_fs_options.c:240
_check_options
static int _check_options(const char **e, stringList_t stl)
Definition: mount_fs_options.c:90
allowed_btrfs
static int allowed_btrfs(stringList_t stl)
Definition: mount_fs_options.c:129
allowed_ntfs
static int allowed_ntfs(stringList_t stl)
Definition: mount_fs_options.c:110
StringListType
Definition: StringList.c:33
e
static QString e
Definition: about.cpp:31
allowed_iso9660
static int allowed_iso9660(stringList_t stl)
Definition: mount_fs_options.c:117
StringListSplit
stringList_t StringListSplit(const char *cstring, char splitter)
Definition: StringList.c:428
StringHasAtLeastOneComponent_1
int StringHasAtLeastOneComponent_1(const char *x,...)
Definition: String.c:1528
StringDelete
void StringDelete(string_t *st)
Definition: String.c:162
_userIsAllowed
static int _userIsAllowed(uid_t uid, const char *fs)
Definition: mount_fs_options.c:222
StringListRemoveIfStringContains
size_t StringListRemoveIfStringContains(stringList_t stl, const char *str)
Definition: StringList.c:1070