Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 70873 | Differences between
and this patch

Collapse All | Expand All

(-)util-linux-2.12a/mount/mount.c.orig (-3 / +31 lines)
Lines 130-143 Link Here
130
#define MS_USERS	0x40000000
130
#define MS_USERS	0x40000000
131
#define MS_USER		0x20000000
131
#define MS_USER		0x20000000
132
#define MS_OWNER	0x10000000
132
#define MS_OWNER	0x10000000
133
#define MS_PAMCONSOLE   0x08000000
133
#define MS_NETDEV	0x00020000
134
#define MS_NETDEV	0x00020000
134
#define MS_LOOP		0x00010000
135
#define MS_LOOP		0x00010000
135
136
136
/* Options that we keep the mount system call from seeing.  */
137
/* Options that we keep the mount system call from seeing.  */
137
#define MS_NOSYS	(MS_NOAUTO|MS_USERS|MS_USER|MS_NETDEV|MS_LOOP)
138
#define MS_NOSYS	(MS_NOAUTO|MS_USERS|MS_USER|MS_NETDEV|MS_LOOP|MS_PAMCONSOLE)
138
139
139
/* Options that we keep from appearing in the options field in the mtab.  */
140
/* Options that we keep from appearing in the options field in the mtab.  */
140
#define MS_NOMTAB	(MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER)
141
#define MS_NOMTAB	(MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER|MS_PAMCONSOLE)
141
142
142
/* Options that we make ordinary users have by default.  */
143
/* Options that we make ordinary users have by default.  */
143
#define MS_SECURE	(MS_NOEXEC|MS_NOSUID|MS_NODEV)
144
#define MS_SECURE	(MS_NOEXEC|MS_NOSUID|MS_NODEV)
Lines 170-175 Link Here
170
  { "noowner",	0, 1, MS_OWNER  },	/* Device owner has no special privs */
171
  { "noowner",	0, 1, MS_OWNER  },	/* Device owner has no special privs */
171
  { "_netdev",	0, 0, MS_NETDEV },	/* Device accessible only via network */
172
  { "_netdev",	0, 0, MS_NETDEV },	/* Device accessible only via network */
172
  /* add new options here */
173
  /* add new options here */
174
  { "pamconsole",   0, 0, MS_PAMCONSOLE }, /* Allow users at console to mount */
175
  { "nopamconsole", 0, 1, MS_PAMCONSOLE }, /* Console user has no special privs */
173
#ifdef MS_NOSUB
176
#ifdef MS_NOSUB
174
  { "sub",	0, 1, MS_NOSUB	},	/* allow submounts */
177
  { "sub",	0, 1, MS_NOSUB	},	/* allow submounts */
175
  { "nosub",	0, 0, MS_NOSUB	},	/* don't allow submounts */
178
  { "nosub",	0, 0, MS_NOSUB	},	/* don't allow submounts */
Lines 283-293 Link Here
283
				*mask &= ~om->mask;
286
				*mask &= ~om->mask;
284
			else
287
			else
285
				*mask |= om->mask;
288
				*mask |= om->mask;
286
			if ((om->mask == MS_USER || om->mask == MS_USERS)
289
			if ((om->mask == MS_USER || om->mask == MS_USERS || om->mask == MS_PAMCONSOLE)
287
			    && !om->inv)
290
			    && !om->inv)
288
				*mask |= MS_SECURE;
291
				*mask |= MS_SECURE;
289
			if ((om->mask == MS_OWNER) && !om->inv)
292
			if ((om->mask == MS_OWNER) && !om->inv)
290
				*mask |= MS_OWNERSECURE;
293
				*mask |= MS_OWNERSECURE;
294
291
#ifdef MS_SILENT
295
#ifdef MS_SILENT
292
			if (om->mask == MS_SILENT && om->inv)  {
296
			if (om->mask == MS_SILENT && om->inv)  {
293
				mount_quiet = 1;
297
				mount_quiet = 1;
Lines 538-543 Link Here
538
	      }
542
	      }
539
	  }
543
	  }
540
      }
544
      }
545
      /* Red Hat patch: allow users at console to mount when fstab
546
	 contains the console option. This option should not be used
547
         in a high security environment but is useful to give console
548
	 users the possibility of using locally attached devices
549
         such as USB keychains and USB harddisks where it is now suitable
550
         to give the console owner write access to the device node */
551
      if (*flags & MS_PAMCONSOLE) {
552
	  char *username;
553
	  char pamconsole_file_name[256];
554
	  struct stat sb;
555
556
	  username = getusername ();
557
558
	  if (username != NULL) {
559
	      snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), 
560
			"/var/run/console/%s", username);
561
	      if (stat (pamconsole_file_name, &sb) == 0) {
562
		  *flags |= MS_USER;
563
	      }
564
	  }
565
      }
541
      /* James Kehl <mkehl@gil.com.au> came with a similar patch:
566
      /* James Kehl <mkehl@gil.com.au> came with a similar patch:
542
	 allow an arbitrary user to mount when he is the owner of
567
	 allow an arbitrary user to mount when he is the owner of
543
	 the mount-point and has write-access to the device.
568
	 the mount-point and has write-access to the device.
Lines 556-561 Link Here
556
581
557
  if (*flags & MS_OWNER)
582
  if (*flags & MS_OWNER)
558
      *flags &= ~MS_OWNER;
583
      *flags &= ~MS_OWNER;
584
585
  if (*flags & MS_PAMCONSOLE)
586
      *flags &= ~MS_PAMCONSOLE;
559
}
587
}
560
588
561
static int
589
static int
(-)util-linux-2.12a/mount/umount.c.orig (-2 / +13 lines)
Lines 541-547 Link Here
541
	struct mntentchn *mc, *fs;
541
	struct mntentchn *mc, *fs;
542
	char *file;
542
	char *file;
543
	string_list options;
543
	string_list options;
544
	int fstab_has_user, fstab_has_users, fstab_has_owner, ok;
544
	int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_pamconsole, ok;
545
545
546
	file = canonicalize(arg); /* mtab paths are canonicalized */
546
	file = canonicalize(arg); /* mtab paths are canonicalized */
547
	if (verbose > 1)
547
	if (verbose > 1)
Lines 598-609 Link Here
598
		fstab_has_user = contains(options, "user");
598
		fstab_has_user = contains(options, "user");
599
		fstab_has_users = contains(options, "users");
599
		fstab_has_users = contains(options, "users");
600
		fstab_has_owner = contains(options, "owner");
600
		fstab_has_owner = contains(options, "owner");
601
		fstab_has_pamconsole = contains(options, "pamconsole");
601
		ok = 0;
602
		ok = 0;
602
603
603
		if (fstab_has_users)
604
		if (fstab_has_users)
604
			ok = 1;
605
			ok = 1;
605
606
606
		if (!ok && (fstab_has_user || fstab_has_owner)) {
607
		if (!ok && (fstab_has_user || fstab_has_owner || fstab_has_pamconsole)) {
608
			char pamconsole_file_name[256];
609
			struct stat sb;
607
			char *user = getusername();
610
			char *user = getusername();
608
611
609
			options = parse_list (mc->m.mnt_opts);
612
			options = parse_list (mc->m.mnt_opts);
Lines 611-616 Link Here
611
614
612
			if (user && mtab_user && streq (user, mtab_user))
615
			if (user && mtab_user && streq (user, mtab_user))
613
				ok = 1;
616
				ok = 1;
617
618
			/*pam_console user check*/
619
			if (user && fstab_has_pamconsole) {
620
				snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), "/var/run/console/%s", user);
621
	      			if (stat (pamconsole_file_name, &sb) == 0) {
622
					ok = 1;
623
	      			}
624
			}
614
		}
625
		}
615
		if (!ok)
626
		if (!ok)
616
			die (2, _("umount: only %s can unmount %s from %s"),
627
			die (2, _("umount: only %s can unmount %s from %s"),
(-)util-linux-2.12a/mount/fstab.5.orig (-3 / +4 lines)
Lines 156-165 Link Here
156
.BR nfs (5).
156
.BR nfs (5).
157
Common for all types of file system are the options ``noauto''
157
Common for all types of file system are the options ``noauto''
158
(do not mount when "mount -a" is given, e.g., at boot time), ``user''
158
(do not mount when "mount -a" is given, e.g., at boot time), ``user''
159
(allow a user to mount), and ``owner''
159
(allow a user to mount), ``owner''
160
(allow device owner to mount), and ``_netdev'' (device requires network
160
(allow device owner to mount), and ``pamconsole''
161
(allow a user at the console to mount), and ``_netdev'' (device requires network
161
to be available).
162
to be available).
162
The ``owner'' and ``_netdev'' options are Linux-specific.
163
The ``owner'', ``pamconsole'' and ``_netdev'' options are Linux-specific.
163
For more details, see
164
For more details, see
164
.BR mount (8).
165
.BR mount (8).
165
166

Return to bug 70873