140 lines
5.0 KiB
Diff
140 lines
5.0 KiB
Diff
--- util-linux-2.12j/mount/mount.c.console 2004-12-10 12:32:57.887137495 -0500
|
|
+++ util-linux-2.12j/mount/mount.c 2004-12-10 12:43:06.136750656 -0500
|
|
@@ -97,14 +97,16 @@
|
|
#define MS_USER 0x20000000
|
|
#define MS_OWNER 0x10000000
|
|
#define MS_GROUP 0x08000000
|
|
+#define MS_PAMCONSOLE 0x04000000
|
|
#define MS_COMMENT 0x00020000
|
|
#define MS_LOOP 0x00010000
|
|
|
|
+
|
|
/* Options that we keep the mount system call from seeing. */
|
|
-#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP)
|
|
+#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP|MS_PAMCONSOLE)
|
|
|
|
/* Options that we keep from appearing in the options field in the mtab. */
|
|
-#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER)
|
|
+#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER|MS_PAMCONSOLE)
|
|
|
|
/* Options that we make ordinary users have by default. */
|
|
#define MS_SECURE (MS_NOEXEC|MS_NOSUID|MS_NODEV)
|
|
@@ -142,6 +144,8 @@
|
|
{ "comment", 0, 0, MS_COMMENT}, /* fstab comment only (kudzu,_netdev)*/
|
|
|
|
/* add new options here */
|
|
+ { "pamconsole", 0, 0, MS_PAMCONSOLE }, /* Allow users at console to mount */
|
|
+ { "nopamconsole", 0, 1, MS_PAMCONSOLE }, /* Console user has no special privs */
|
|
#ifdef MS_NOSUB
|
|
{ "sub", 0, 1, MS_NOSUB }, /* allow submounts */
|
|
{ "nosub", 0, 0, MS_NOSUB }, /* don't allow submounts */
|
|
@@ -265,7 +269,7 @@
|
|
*mask &= ~om->mask;
|
|
else
|
|
*mask |= om->mask;
|
|
- if ((om->mask == MS_USER || om->mask == MS_USERS)
|
|
+ if ((om->mask == MS_USER || om->mask == MS_USERS || om->mask == MS_PAMCONSOLE)
|
|
&& !om->inv)
|
|
*mask |= MS_SECURE;
|
|
if ((om->mask == MS_OWNER || om->mask == MS_GROUP)
|
|
@@ -554,7 +558,29 @@
|
|
}
|
|
}
|
|
|
|
- /* James Kehl <mkehl@gil.com.au> came with a similar patch:
|
|
+ /* Red Hat patch: allow users at console to mount when fstab
|
|
+ contains the console option. This option should not be used
|
|
+ in a high security environment but is useful to give console
|
|
+ users the possibility of using locally attached devices
|
|
+ such as USB keychains and USB harddisks where it is now suitable
|
|
+ to give the console owner write access to the device node */
|
|
+ if (*flags & MS_PAMCONSOLE) {
|
|
+ char *username;
|
|
+ char pamconsole_file_name[256];
|
|
+ struct stat sb;
|
|
+
|
|
+ username = getusername ();
|
|
+
|
|
+ if (username != NULL) {
|
|
+ snprintf (pamconsole_file_name, sizeof (pamconsole_file_name),
|
|
+ "/var/run/console/%s", username);
|
|
+ if (stat (pamconsole_file_name, &sb) == 0) {
|
|
+ *flags |= MS_USER;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* James Kehl <mkehl@gil.com.au> came with a similar patch:
|
|
allow an arbitrary user to mount when he is the owner of
|
|
the mount-point and has write-access to the device.
|
|
This is even less secure. Let me skip it for the time being;
|
|
@@ -570,7 +596,7 @@
|
|
*user = getusername();
|
|
}
|
|
|
|
- *flags &= ~(MS_OWNER | MS_GROUP);
|
|
+ *flags &= ~(MS_OWNER | MS_GROUP | MS_PAMCONSOLE);
|
|
}
|
|
|
|
static int
|
|
--- util-linux-2.12j/mount/umount.c.console 2004-12-10 12:32:57.885138115 -0500
|
|
+++ util-linux-2.12j/mount/umount.c 2004-12-10 12:44:51.494119742 -0500
|
|
@@ -546,7 +546,7 @@
|
|
umount_file (char *arg) {
|
|
struct mntentchn *mc, *fs;
|
|
const char *file, *options;
|
|
- int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_group;
|
|
+ int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_group, fstab_has_pamconsole;
|
|
int ok;
|
|
|
|
file = canonicalize(arg); /* mtab paths are canonicalized */
|
|
@@ -608,13 +608,16 @@
|
|
fstab_has_users = contains(options, "users");
|
|
fstab_has_owner = contains(options, "owner");
|
|
fstab_has_group = contains(options, "group");
|
|
+ fstab_has_pamconsole = contains(options, "pamconsole");
|
|
ok = 0;
|
|
|
|
if (fstab_has_users)
|
|
ok = 1;
|
|
|
|
if (!ok && (fstab_has_user || fstab_has_owner ||
|
|
- fstab_has_group)) {
|
|
+ fstab_has_group || fstab_has_pamconsole)) {
|
|
+ char pamconsole_file_name[256];
|
|
+ struct stat sb;
|
|
char *user = getusername();
|
|
|
|
options = mc->m.mnt_opts;
|
|
@@ -624,6 +627,14 @@
|
|
|
|
if (user && mtab_user && streq (user, mtab_user))
|
|
ok = 1;
|
|
+
|
|
+ /*pam_console user check*/
|
|
+ if (user && fstab_has_pamconsole) {
|
|
+ snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), "/var/run/console/%s", user);
|
|
+ if (stat (pamconsole_file_name, &sb) == 0) {
|
|
+ ok = 1;
|
|
+ }
|
|
+ }
|
|
}
|
|
if (!ok)
|
|
die (2, _("umount: only %s can unmount %s from %s"),
|
|
--- util-linux-2.12j/mount/fstab.5.console 2004-09-28 10:13:42.000000000 -0400
|
|
+++ util-linux-2.12j/mount/fstab.5 2004-12-10 12:59:05.088744506 -0500
|
|
@@ -156,10 +156,10 @@
|
|
.BR nfs (5).
|
|
Common for all types of file system are the options ``noauto''
|
|
(do not mount when "mount -a" is given, e.g., at boot time), ``user''
|
|
-(allow a user to mount), and ``owner''
|
|
-(allow device owner to mount), and ``comment''
|
|
+(allow a user to mount), ``owner''
|
|
+(allow device owner to mount), ``pamconsole'' (allow a user at the console to mount), and ``comment''
|
|
(e.g., for use by fstab-maintaining programs).
|
|
-The ``owner'' and ``comment'' options are Linux-specific.
|
|
+The ``owner'', ``pamconsole'' and ``comment'' options are Linux-specific.
|
|
For more details, see
|
|
.BR mount (8).
|
|
|