[PATCH] Add support for quoted mount options

[PATCH] Add support for quoted mount options

[Karel Zak]

The patch avoid the collision between commas in security contexts and the
delimiter between mount options.

Try:
	mount.nfs foo://mnt/bar /mnt/bar -o context=\"aaa,bbb,ccc\",ro

Signed-off-by: Cory Olmo <colmo@TrustedCS.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 utils/mount/mount.c    |   24 ++++++++++++++++++------
 utils/mount/nfsmount.c |   44 +++++++++++++++++++++++++++++++++++---------
 2 files changed, 53 insertions(+), 15 deletions(-)

diff --git a/utils/mount/mount.c b/utils/mount/mount.c
index 55d60aa..592bc7d 100644
--- a/utils/mount/mount.c
+++ b/utils/mount/mount.c
@@ -256,18 +256,30 @@ static void parse_opts (const char *options, int *flags, char **extra_opts)
 {
 	if (options != NULL) {
 		char *opts = xstrdup(options);
-		char *opt;
-		int len = strlen(opts) + 20;
+		char *opt, *p;
+		int len = strlen(opts);
+		int open_quote = 0;
 
 		*extra_opts = xmalloc(len);
 		**extra_opts = '\0';
 
-		for (opt = strtok(opts, ","); opt; opt = strtok(NULL, ","))
-			parse_opt(opt, flags, *extra_opts, len);
-
+		for (p=opts, opt=NULL; p && *p; p++) {
+			if (!opt)
+				opt = p;		/* begin of the option item */
+			if (*p == '"')
+				open_quote ^= 1;	/* reverse the status */
+			if (open_quote)
+				continue;		/* still in a quoted block */
+			if (*p == ',')
+				*p = '\0';		/* terminate the option item */
+			/* end of option item or last item */
+			if (*p == '\0' || *(p+1) == '\0') {
+				parse_opt(opt, flags, *extra_opts, len);
+				opt = NULL;
+			}
+		}
 		free(opts);
 	}
-
 }
 
 static void mount_error(char *node)
diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c
index eac9590..4049e66 100644
--- a/utils/mount/nfsmount.c
+++ b/utils/mount/nfsmount.c
@@ -548,15 +548,31 @@ parse_options(char *old_opts, struct nfs_mount_data *data,
 	struct pmap *mnt_pmap = &mnt_server->pmap;
 	struct pmap *nfs_pmap = &nfs_server->pmap;
 	int len;
-	char *opt, *opteq;
+	char *opt, *opteq, *p, *opt_b;
 	char *mounthost = NULL;
 	char cbuf[128];
+	int open_quote = 0;
 
 	data->flags = 0;
 	*bg = 0;
 
 	len = strlen(new_opts);
-	for (opt = strtok(old_opts, ","); opt; opt = strtok(NULL, ",")) {
+	for (p=old_opts, opt_b=NULL; p && *p; p++) {
+		if (!opt_b)
+			opt_b = p;		/* begin of the option item */
+		if (*p == '"')
+			open_quote ^= 1;	/* reverse the status */
+		if (open_quote)
+			continue;		/* still in a quoted block */
+		if (*p == ',')
+			*p = '\0';		/* terminate the option item */
+		if (*p == '\0' || *(p+1) == '\0') {
+			opt = opt_b;		/* opt is useful now */
+			opt_b = NULL;
+		}
+		else
+			continue;		/* still somewhere in the option item */
+
 		if (strlen(opt) >= sizeof(cbuf))
 			goto bad_parameter;
 		if ((opteq = strchr(opt, '=')) && isdigit(opteq[1])) {
@@ -680,14 +696,24 @@ parse_options(char *old_opts, struct nfs_mount_data *data,
 			        mounthost=xstrndup(opteq+1,
 						   strcspn(opteq+1," \t\n\r,"));
 			 else if (!strcmp(opt, "context")) {
- 				char *context = opteq + 1;
- 				
- 				if (strlen(context) > NFS_MAX_CONTEXT_LEN) {
- 					printf(_("context parameter exceeds limit of %d\n"),
- 						 NFS_MAX_CONTEXT_LEN);
+				char *context = opteq + 1;
+				int ctxlen = strlen(context);
+
+				if (ctxlen > NFS_MAX_CONTEXT_LEN) {
+					printf(_("context parameter exceeds limit of %d\n"),
+						 NFS_MAX_CONTEXT_LEN);
 					goto bad_parameter;
- 				}
- 				strncpy(data->context, context, NFS_MAX_CONTEXT_LEN);
+				}
+				/* The context string is in the format of
+				 * "system_u:object_r:...".  We only want
+				 * the context str between the quotes.
+				 */
+				if (*context == '"')
+					strncpy(data->context, context+1,
+							ctxlen-2);
+				else
+					strncpy(data->context, context,
+							NFS_MAX_CONTEXT_LEN);
  			} else if (sloppy)
 				continue;
 			else
-- 
1.4.4.2

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [PATCH] Add support for quoted mount options

[Neil Brown]

On Monday March 19, kzak@redhat.com wrote:
> The patch avoid the collision between commas in security contexts and the
> delimiter between mount options.
> 
> Try:
> 	mount.nfs foo://mnt/bar /mnt/bar -o context=\"aaa,bbb,ccc\",ro

Hmmm..... I'm feeling a bit uncomfortable about this.
Lots of code (well, some at least) relies on 'hasmntopt' which does
simple parsing of the option string looking for commas.  If we allow
commas to be embedded in options, that code can potentially get
confused.

Also, this code does not allow a double-quote to appear in the context
string.  You can have two (or 4 or any even number) but not one.
Could that ever be a problem?

What exactly is this context string anyway?  Current kernels don't
seem to use it at all.  Presumably the code to use it is still in
development?   Is it some sort of security token?  How often would it
have commas?  How often would it have double-quote?  Would it be
possible to use a different character than ',' - maybe ':' ???

If it has to have commas, I would much rather use some other encoding,
e.g.
  \054
  =2c
  %2c
  \c
  :Comma:   :-)

But if we can avoid commas altogether, that would be best.
Can the context string even need to have a space in it?  That would be
rather awkward to put in /etc/fstab etc I think.

NeilBrown


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [PATCH] Add support for quoted mount options

[Karel Zak]

On Tue, Mar 20, 2007 at 08:59:30AM +1100, Neil Brown wrote:
> On Monday March 19, kzak@redhat.com wrote:
> > The patch avoid the collision between commas in security contexts and the
> > delimiter between mount options.

 The patch has been already sent by Steve Dickson and we already
 talked about it few weeks ago. There was problem with some extra
 space allocated for extra_opts. This version of the patch is more
 clean from nfs-utils point of view.

> > Try:
> > 	mount.nfs foo://mnt/bar /mnt/bar -o context=\"aaa,bbb,ccc\",ro
> 
> Hmmm..... I'm feeling a bit uncomfortable about this.
> Lots of code (well, some at least) relies on 'hasmntopt' which does
> simple parsing of the option string looking for commas.  If we allow
> commas to be embedded in options, that code can potentially get
> confused.
> 
> Also, this code does not allow a double-quote to appear in the context
> string.  You can have two (or 4 or any even number) but not one.
> Could that ever be a problem?

 I don't think so. The linux kernel supports quotes *only* for SELinux
 contexts and there is not possible use any nested quotes or anything
 more creative. It's always something like:

    context="system_u:object_r:iso9660_t:s0:c1,c3,c4"

 It's kernel who has care about exact format. We need to push
 the context string through mount.nfs to kernel only.

> What exactly is this context string anyway?  Current kernels don't
> seem to use it at all.  Presumably the code to use it is still in
> development?   Is it some sort of security token? 

 That's already in Linus's tree, released in 2.6.19. See:

 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3528a95322b5c1ce882ab723f175a1845430cd89

> How often would it have commas?

 Unfortunately often in Multi-Category Security (MCS) SELinux:

 http://www.nsa.gov/selinux/list-archive/0609/17224.cfm


> How often would it have double-quote?  Would it be
> possible to use a different character than ',' - maybe ':' ???

 No, the format is exact.

> But if we can avoid commas altogether, that would be best.

 Probably to late... the format of selinux context string is generic,
 it's nothing specific for a mount process. There are libs, kernel
 and many utils that use this format.

> Can the context string even need to have a space in it?  That would be
> rather awkward to put in /etc/fstab etc I think.

 IMHO it's always without a space (I hope selinux guys aren't on crack ;-)

    Karel

-- 
 Karel Zak  <kzak@redhat.com>

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [PATCH] Add support for quoted mount options

[Neil Brown]

On Tuesday March 20, kzak@redhat.com wrote:
> On Tue, Mar 20, 2007 at 08:59:30AM +1100, Neil Brown wrote:
> > On Monday March 19, kzak@redhat.com wrote:
> > > The patch avoid the collision between commas in security contexts and the
> > > delimiter between mount options.
> 
>  The patch has been already sent by Steve Dickson and we already
>  talked about it few weeks ago. There was problem with some extra
>  space allocated for extra_opts. This version of the patch is more
>  clean from nfs-utils point of view.

Yes, the code is cleaner, thanks for that.

> 
> > > Try:
> > > 	mount.nfs foo://mnt/bar /mnt/bar -o context=\"aaa,bbb,ccc\",ro
> > 
> > Hmmm..... I'm feeling a bit uncomfortable about this.
> > Lots of code (well, some at least) relies on 'hasmntopt' which does
> > simple parsing of the option string looking for commas.  If we allow
> > commas to be embedded in options, that code can potentially get
> > confused.
> > 
> > Also, this code does not allow a double-quote to appear in the context
> > string.  You can have two (or 4 or any even number) but not one.
> > Could that ever be a problem?
> 
>  I don't think so. The linux kernel supports quotes *only* for SELinux
>  contexts and there is not possible use any nested quotes or anything
>  more creative. It's always something like:
> 
>     context="system_u:object_r:iso9660_t:s0:c1,c3,c4"
> 
>  It's kernel who has care about exact format. We need to push
>  the context string through mount.nfs to kernel only.

Of course when it comes through mount.nfs all the kernel sees is

           system_u:object_r:iso9660_t:s0:c1,c3,c4

> 
> > What exactly is this context string anyway?  Current kernels don't
> > seem to use it at all.  Presumably the code to use it is still in
> > development?   Is it some sort of security token? 
> 
>  That's already in Linus's tree, released in 2.6.19. See:
> 
>  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3528a95322b5c1ce882ab723f175a1845430cd89

That patch seems fairly separate to this issues as it is stripping
quotes, and when the string comes via nfs, the quotes are already
stripped.

However it does seem to imply a precedent that commas within mount
options are to be accepted, and while I still that is a very dumb
idea, it isn't something worth fighting very hard for.

If it gets widely used and becomes a problem, maybe hasmntopt with get
"enhanced" to understand quotes ... though I suspect it would end up
just being a hack in util-linux that no-one else would benefit from.

I don't suppose I could convince you to write a 'hasmntopt'
replacement which works properly when there are quotes in the option
list, and get it into glibc :-?

> 
> > But if we can avoid commas altogether, that would be best.
> 
>  Probably to late... the format of selinux context string is generic,
>  it's nothing specific for a mount process. There are libs, kernel
>  and many utils that use this format.

We could still quote commas as \054 when they appear in mount options,
but I suspect I'm fighting a loosing battle.

I'll apply the patch.

NeilBrown

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs