Репозитории ALT
S: | 2.39.2-alt1 |
5.1: | 2.16.1-alt1 |
4.1: | 2.13-alt8 |
4.0: | 2.12r-alt6 |
3.0: | 2.12q-alt1 |
Группа :: Система/Основа
Пакет: util-linux
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: util-linux-ng-2.19.1-mount-pamconsole.patch
Скачать
Скачать
--- util-linux-2.19.1/mount/fstab.5.fix2 2011-05-02 23:54:34.000000000 +0400
+++ util-linux-2.19.1/mount/fstab.5 2011-05-02 23:54:36.491372987 +0400
@@ -195,8 +195,11 @@ allow a user to mount
.TP
.B owner
allow device owner to mount
.TP
+.B pamconsole
+allow a user at the console to mount
+.TP
.B comment
for use by fstab-maintaining programs
.TP
.B nofail
--- util-linux-2.19.1/mount/mount.c.fix2 2011-05-02 23:54:34.000000000 +0400
+++ util-linux-2.19.1/mount/mount.c 2011-05-02 23:54:36.491372987 +0400
@@ -119,16 +119,17 @@ struct opt_map {
#define MS_USERS 0x40000000
#define MS_USER 0x20000000
#define MS_OWNER 0x10000000
#define MS_GROUP 0x08000000
+#define MS_PAMCONSOLE 0x04000000
#define MS_COMMENT 0x02000000
#define MS_LOOP 0x00010000
/* Options that we keep the mount system call from seeing. */
-#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP)
+#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP|MS_PAMCONSOLE)
/* Options that we keep from appearing in the options field in the mtab. */
-#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER)
+#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER|MS_PAMCONSOLE)
#define MS_PROPAGATION (MS_SHARED|MS_SLAVE|MS_UNBINDABLE|MS_PRIVATE)
/* Options that we make ordinary users have by default. */
@@ -166,8 +167,10 @@ static const struct opt_map opt_map[] =
{ "_netdev", 0, 0, MS_COMMENT}, /* Device requires network */
{ "comment", 0, 0, MS_COMMENT}, /* fstab comment only (kudzu,_netdev)*/
/* add new options here */
+ { "pamconsole", 0, 0, MS_PAMCONSOLE }, /* Allow users at console to mount */
+ { "nopamconsole", 0, 1, MS_PAMCONSOLE }, /* Console user has no special privs */
#ifdef MS_NOSUB
{ "sub", 0, 1, MS_NOSUB }, /* allow submounts */
{ "nosub", 0, 0, MS_NOSUB }, /* don't allow submounts */
#endif
@@ -480,9 +483,9 @@ parse_opt(char *opt, int *mask, char **e
if (om->inv)
*mask &= ~om->mask;
else
*mask |= om->mask;
- if ((om->mask == MS_USER || om->mask == MS_USERS)
+ if ((om->mask == MS_USER || om->mask == MS_USERS || om->mask == MS_PAMCONSOLE)
&& !om->inv)
*mask |= MS_SECURE;
if ((om->mask == MS_OWNER || om->mask == MS_GROUP)
&& !om->inv)
@@ -1115,9 +1118,31 @@ restricted_check(const char *spec, const
}
}
}
- /* James Kehl <mkehl@gil.com.au> came with a similar patch:
+ /* Red Hat patch: allow users at console to mount when fstab
+ contains the console option. This option should not be used
+ in a high security environment but is useful to give console
+ users the possibility of using locally attached devices
+ such as USB keychains and USB harddisks where it is now suitable
+ to give the console owner write access to the device node */
+ if (*flags & MS_PAMCONSOLE) {
+ char *username;
+ char pamconsole_file_name[256];
+ struct stat sb;
+
+ username = getusername ();
+
+ if (username != NULL) {
+ snprintf (pamconsole_file_name, sizeof (pamconsole_file_name),
+ "/var/run/console/%s", username);
+ if (stat (pamconsole_file_name, &sb) == 0) {
+ *flags |= MS_USER;
+ }
+ }
+ }
+
+ /* James Kehl <mkehl@gil.com.au> came with a similar patch:
allow an arbitrary user to mount when he is the owner of
the mount-point and has write-access to the device.
This is even less secure. Let me skip it for the time being;
there should be an explicit fstab line allowing such things. */
@@ -1131,9 +1156,9 @@ restricted_check(const char *spec, const
if (*flags & MS_USER)
*user = getusername();
}
- *flags &= ~(MS_OWNER | MS_GROUP);
+ *flags &= ~(MS_OWNER | MS_GROUP | MS_PAMCONSOLE);
}
/* Check, if there already exists a mounted loop device on the mountpoint node
* with the same parameters.
--- util-linux-2.19.1/mount/umount.c.fix2 2011-05-02 23:54:34.000000000 +0400
+++ util-linux-2.19.1/mount/umount.c 2011-05-03 00:10:04.891424731 +0400
@@ -596,9 +596,9 @@ static int check_helper_umountprog(const
static int
umount_file (char *arg) {
struct mntentchn *mc, *fs;
const char *file, *options;
- int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_group;
+ int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_group, fstab_has_pamconsole;
int ok, status = 0;
struct stat statbuf;
if (!*arg) { /* "" would be expanded to `pwd` */
@@ -729,15 +729,18 @@ umount_file (char *arg) {
fstab_has_user = contains(options, "user");
fstab_has_users = contains(options, "users");
fstab_has_owner = contains(options, "owner");
fstab_has_group = contains(options, "group");
+ fstab_has_pamconsole = contains(options, "pamconsole");
ok = 0;
if (fstab_has_users)
ok = 1;
if (!ok && (fstab_has_user || fstab_has_owner ||
- fstab_has_group)) {
+ fstab_has_group || fstab_has_pamconsole)) {
+ char pamconsole_file_name[256];
+ struct stat sb;
char *user = getusername();
options = mc->m.mnt_opts;
if (!options)
@@ -745,8 +748,16 @@ umount_file (char *arg) {
mtab_user = get_option_value(options, "user=");
if (user && mtab_user && streq (user, mtab_user))
ok = 1;
+
+ /*pam_console user check*/
+ if (user && fstab_has_pamconsole) {
+ snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), "/var/run/console/%s", user);
+ if (stat (pamconsole_file_name, &sb) == 0) {
+ ok = 1;
+ }
+ }
}
if (!ok)
die (2, _("umount: only %s can unmount %s from %s"),
mtab_user ? mtab_user : "root",