[PATCH] set required mount privileges via fdi file

Ludwig Nussel ludwig.nussel at suse.de
Wed Jul 19 01:16:01 PDT 2006 

Hi,

hal-storage-mount currently hardcodes the privileges required to
mount a volume. By storing the required privilege in hal instead
it's possible to set volume specific privileges via fdi file. So in
order to only allow Dave to mount "Dave's usb key" you just have to
create an fdi file that overwrites the default for this specifc
device.

I don't understand what the intention behind the "uid=" special case
was. "uid=" is not supposed to be included in the list of allowed
options if the fs doesn't support it anyways.

cu
Ludwig

Index: tools/hal-storage-mount.c
===================================================================
RCS file: /cvs/hal/hal/tools/hal-storage-mount.c,v
retrieving revision 1.7
diff -u -r1.7 hal-storage-mount.c
--- tools/hal-storage-mount.c	21 Jun 2006 00:44:03 -0000	1.7
+++ tools/hal-storage-mount.c	19 Jul 2006 07:56:44 -0000
@@ -139,12 +139,21 @@
 	exit (1);
 }
 
+static void
+permission_denied_privilege_missing ()
+{
+	fprintf (stderr, "org.freedesktop.Hal.Device.PermissionDeniedByPolicy\n");
+	fprintf (stderr, "required privilege unspecified");
+	exit (1);
+}
+
+
 
 static void
 permission_denied_privilege (const char *privilege, const char *uid)
 {
 	fprintf (stderr, "org.freedesktop.Hal.Device.PermissionDeniedByPolicy\n");
-	fprintf (stderr, "%s refused uid %s\n", privilege, uid);
+	fprintf (stderr, "privilege '%s' refused for uid %s\n", privilege, uid);
 	exit (1);
 }
 
@@ -447,7 +456,6 @@
 	char mount_options[1024];
 	char **allowed_options;
 	char **given_options;
-	gboolean wants_to_change_uid;
 	char *mount_dir;
 	char *cbh_path;
 	FILE *cbh;
@@ -458,8 +466,6 @@
 	char *args[10];
 	int na;
 	GString *mount_option_str;
-	gboolean pol_is_fixed;
-	gboolean pol_change_uid;
 	char *privilege;
 	gboolean allowed_by_privilege;
 	gboolean is_temporary_privilege;
@@ -619,8 +625,6 @@
 		printf ("allowed_options[%d] = '%s'\n", i, allowed_options[i]);
 #endif
 
-	wants_to_change_uid = FALSE;
-
 	/* check mount options */
 	for (i = 0; given_options[i] != NULL; i++) {
 		char *given = given_options[i];
@@ -640,25 +644,7 @@
 				/* option matched allowed ending in '=', e.g.
 				 * given == "umask=foobar" and allowed == "umask="
 				 */
-				if (strcmp (allow, "uid=") == 0) {
-					uid_t uid;
-					char *endp;
-					/* check for uid=, it requires special handling */
-					uid = (uid_t) strtol (given + allow_len, &endp, 10);
-					if (*endp != '\0') {
-						printf ("'%s' is not a number?\n", given);
-						unknown_error ();
-					}
-#ifdef DEBUG
-					printf ("%s with uid %d\n", allow, uid);
-#endif
-					wants_to_change_uid = TRUE;
-
-					goto option_ok;
-				} else {
-
-					goto option_ok;
-				}
+				goto option_ok;
 			}
 		}
 
@@ -669,38 +655,15 @@
 		;
 	}
 
-	/* Check privilege */
-	pol_is_fixed = TRUE;
-	if (libhal_drive_is_hotpluggable (drive) || libhal_drive_uses_removable_media (drive))
-		pol_is_fixed = FALSE;
-
-	pol_change_uid = FALSE;
-	/* don't consider uid= on non-pollable drives for the purpose of policy 
-	 * (since these drives normally use vfat)
-	 */
-	if (volume != NULL) {
-		/* don't consider uid= on vfat, iso9660, udf change-uid for the purpose of policy
-		 * (since these doesn't contain uid/gid bits) 
-		 */
-		if (strcmp (libhal_volume_get_fstype (volume), "vfat") != 0 &&
-		    strcmp (libhal_volume_get_fstype (volume), "iso9660") != 0 &&
-		    strcmp (libhal_volume_get_fstype (volume), "udf") != 0) {
-			pol_change_uid = wants_to_change_uid;
-		}
+	dbus_error_init (&error);
+	privilege = libhal_device_get_property_string (hal_ctx, udi, "volume.mount.required_privilege", &error);
+	if (dbus_error_is_set (&error)) {
+		unknown_error ();
 	}
 
-	if (pol_is_fixed) {
-		if (pol_change_uid) {
-			privilege = "hal-storage-fixed-mount-all-options";
-		} else {
-			privilege = "hal-storage-fixed-mount";
-		}
-	} else {
-		if (pol_change_uid) {
-			privilege = "hal-storage-removable-mount-all-options";
-		} else {
-			privilege = "hal-storage-removable-mount";
-		}
+	if (!privilege) {
+		printf ("missing privilege on %s\n", udi);
+		permission_denied_privilege_missing();
 	}
 
 #ifdef DEBUG
Index: fdi/policy/10osvendor/20-storage-methods.fdi
===================================================================
RCS file: /cvs/hal/hal/fdi/policy/10osvendor/20-storage-methods.fdi,v
retrieving revision 1.22
diff -u -r1.22 20-storage-methods.fdi
--- fdi/policy/10osvendor/20-storage-methods.fdi	21 Jun 2006 00:44:03 -0000	1.22
+++ fdi/policy/10osvendor/20-storage-methods.fdi	19 Jul 2006 07:56:44 -0000
@@ -75,7 +75,13 @@
       <!-- amd mount programs (e.g. Mount() on HAL) to respect volume.ignore -->
       <merge key="volume.ignore" type="bool">false</merge>
 
+      <match key="@block.storage_device:storage.removable" bool="true">
+        <merge key="volume.mount.required_privilege" type="string">hal-storage-removable-mount</merge>
+      </match>
+
       <match key="@block.storage_device:storage.removable" bool="false">
+	      
+        <merge key="volume.mount.required_privilege" type="string">hal-storage-fixed-mount</merge>
 
         <!-- Should always ignore Apple Bootstrap partitions (it would be -->
 	<!-- a security hole to mount it) - TODO: should use the bootable -->
-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/

More information about the hal mailing list