Attachment #43745 for bug #70873

Lines 130-143 Link Here

(-)util-linux-2.12a/mount/mount.c.orig (-3 / +31 lines)
130	#define MS_USERS 0x40000000	130	#define MS_USERS 0x40000000
131	#define MS_USER 0x20000000	131	#define MS_USER 0x20000000
132	#define MS_OWNER 0x10000000	132	#define MS_OWNER 0x10000000
		133	#define MS_PAMCONSOLE 0x08000000
133	#define MS_NETDEV 0x00020000	134	#define MS_NETDEV 0x00020000
134	#define MS_LOOP 0x00010000	135	#define MS_LOOP 0x00010000
135		136
136	/* Options that we keep the mount system call from seeing. */	137	/* Options that we keep the mount system call from seeing. */
137	#define MS_NOSYS (MS_NOAUTO\|MS_USERS\|MS_USER\|MS_NETDEV\|MS_LOOP)	138	#define MS_NOSYS (MS_NOAUTO\|MS_USERS\|MS_USER\|MS_NETDEV\|MS_LOOP\|MS_PAMCONSOLE)
138		139
139	/* Options that we keep from appearing in the options field in the mtab. */	140	/* Options that we keep from appearing in the options field in the mtab. */
140	#define MS_NOMTAB (MS_REMOUNT\|MS_NOAUTO\|MS_USERS\|MS_USER)	141	#define MS_NOMTAB (MS_REMOUNT\|MS_NOAUTO\|MS_USERS\|MS_USER\|MS_PAMCONSOLE)
141		142
142	/* Options that we make ordinary users have by default. */	143	/* Options that we make ordinary users have by default. */
143	#define MS_SECURE (MS_NOEXEC\|MS_NOSUID\|MS_NODEV)	144	#define MS_SECURE (MS_NOEXEC\|MS_NOSUID\|MS_NODEV)
Lines 170-175 Link Here
170	{ "noowner", 0, 1, MS_OWNER }, /* Device owner has no special privs */	171	{ "noowner", 0, 1, MS_OWNER }, /* Device owner has no special privs */
171	{ "_netdev", 0, 0, MS_NETDEV }, /* Device accessible only via network */	172	{ "_netdev", 0, 0, MS_NETDEV }, /* Device accessible only via network */
172	/* add new options here */	173	/* add new options here */
		174	{ "pamconsole", 0, 0, MS_PAMCONSOLE }, /* Allow users at console to mount */
		175	{ "nopamconsole", 0, 1, MS_PAMCONSOLE }, /* Console user has no special privs */
173	#ifdef MS_NOSUB	176	#ifdef MS_NOSUB
174	{ "sub", 0, 1, MS_NOSUB }, /* allow submounts */	177	{ "sub", 0, 1, MS_NOSUB }, /* allow submounts */
175	{ "nosub", 0, 0, MS_NOSUB }, /* don't allow submounts */	178	{ "nosub", 0, 0, MS_NOSUB }, /* don't allow submounts */
Lines 283-293 Link Here
283	*mask &= ~om->mask;	286	*mask &= ~om->mask;
284	else	287	else
285	*mask \|= om->mask;	288	*mask \|= om->mask;
286	if ((om->mask == MS_USER \|\| om->mask == MS_USERS)	289	if ((om->mask == MS_USER \|\| om->mask == MS_USERS \|\| om->mask == MS_PAMCONSOLE)
287	&& !om->inv)	290	&& !om->inv)
288	*mask \|= MS_SECURE;	291	*mask \|= MS_SECURE;
289	if ((om->mask == MS_OWNER) && !om->inv)	292	if ((om->mask == MS_OWNER) && !om->inv)
290	*mask \|= MS_OWNERSECURE;	293	*mask \|= MS_OWNERSECURE;
		294
291	#ifdef MS_SILENT	295	#ifdef MS_SILENT
292	if (om->mask == MS_SILENT && om->inv) {	296	if (om->mask == MS_SILENT && om->inv) {
293	mount_quiet = 1;	297	mount_quiet = 1;
Lines 538-543 Link Here
538	}	542	}
539	}	543	}
540	}	544	}
		545	/* Red Hat patch: allow users at console to mount when fstab
		546	contains the console option. This option should not be used
		547	in a high security environment but is useful to give console
		548	users the possibility of using locally attached devices
		549	such as USB keychains and USB harddisks where it is now suitable
		550	to give the console owner write access to the device node */
		551	if (*flags & MS_PAMCONSOLE) {
		552	char *username;
		553	char pamconsole_file_name[256];
		554	struct stat sb;
		555
		556	username = getusername ();
		557
		558	if (username != NULL) {
		559	snprintf (pamconsole_file_name, sizeof (pamconsole_file_name),
		560	"/var/run/console/%s", username);
		561	if (stat (pamconsole_file_name, &sb) == 0) {
		562	*flags \|= MS_USER;
		563	}
		564	}
		565	}
541	/* James Kehl <mkehl@gil.com.au> came with a similar patch:	566	/* James Kehl <mkehl@gil.com.au> came with a similar patch:
542	allow an arbitrary user to mount when he is the owner of	567	allow an arbitrary user to mount when he is the owner of
543	the mount-point and has write-access to the device.	568	the mount-point and has write-access to the device.
Lines 556-561 Link Here
556		581
557	if (*flags & MS_OWNER)	582	if (*flags & MS_OWNER)
558	*flags &= ~MS_OWNER;	583	*flags &= ~MS_OWNER;
		584
		585	if (*flags & MS_PAMCONSOLE)
		586	*flags &= ~MS_PAMCONSOLE;
559	}	587	}
560		588
561	static int	589	static int

Lines 541-547 Link Here

(-)util-linux-2.12a/mount/umount.c.orig (-2 / +13 lines)
541	struct mntentchn mc, fs;	541	struct mntentchn mc, fs;
542	char *file;	542	char *file;
543	string_list options;	543	string_list options;
544	int fstab_has_user, fstab_has_users, fstab_has_owner, ok;	544	int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_pamconsole, ok;
545		545
546	file = canonicalize(arg); /* mtab paths are canonicalized */	546	file = canonicalize(arg); /* mtab paths are canonicalized */
547	if (verbose > 1)	547	if (verbose > 1)
Lines 598-609 Link Here
598	fstab_has_user = contains(options, "user");	598	fstab_has_user = contains(options, "user");
599	fstab_has_users = contains(options, "users");	599	fstab_has_users = contains(options, "users");
600	fstab_has_owner = contains(options, "owner");	600	fstab_has_owner = contains(options, "owner");
		601	fstab_has_pamconsole = contains(options, "pamconsole");
601	ok = 0;	602	ok = 0;
602		603
603	if (fstab_has_users)	604	if (fstab_has_users)
604	ok = 1;	605	ok = 1;
605		606
606	if (!ok && (fstab_has_user \|\| fstab_has_owner)) {	607	if (!ok && (fstab_has_user \|\| fstab_has_owner \|\| fstab_has_pamconsole)) {
		608	char pamconsole_file_name[256];
		609	struct stat sb;
607	char *user = getusername();	610	char *user = getusername();
608		611
609	options = parse_list (mc->m.mnt_opts);	612	options = parse_list (mc->m.mnt_opts);
Lines 611-616 Link Here
611		614
612	if (user && mtab_user && streq (user, mtab_user))	615	if (user && mtab_user && streq (user, mtab_user))
613	ok = 1;	616	ok = 1;
		617
		618	/pam_console user check/
		619	if (user && fstab_has_pamconsole) {
		620	snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), "/var/run/console/%s", user);
		621	if (stat (pamconsole_file_name, &sb) == 0) {
		622	ok = 1;
		623	}
		624	}
614	}	625	}
615	if (!ok)	626	if (!ok)
616	die (2, _("umount: only %s can unmount %s from %s"),	627	die (2, _("umount: only %s can unmount %s from %s"),

Lines 156-165 Link Here

(-)util-linux-2.12a/mount/fstab.5.orig (-3 / +4 lines)
156	.BR nfs (5).	156	.BR nfs (5).
157	Common for all types of file system are the options ``noauto''	157	Common for all types of file system are the options ``noauto''
158	(do not mount when "mount -a" is given, e.g., at boot time), ``user''	158	(do not mount when "mount -a" is given, e.g., at boot time), ``user''
159	(allow a user to mount), and ``owner''	159	(allow a user to mount), ``owner''
160	(allow device owner to mount), and ``_netdev'' (device requires network	160	(allow device owner to mount), and ``pamconsole''
		161	(allow a user at the console to mount), and ``_netdev'' (device requires network
161	to be available).	162	to be available).
162	The ``owner'' and ``_netdev'' options are Linux-specific.	163	The ``owner'', ``pamconsole'' and ``_netdev'' options are Linux-specific.
163	For more details, see	164	For more details, see
164	.BR mount (8).	165	.BR mount (8).
165		166

Return to bug 70873