From 16d05b9eb6a7f3237faecd85a40fbcd578b82875 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Apr 16 2012 12:55:20 +0000 Subject: when ecryptfs-mount-fails, check if user is member of ecryptfs group --- diff --git a/ecryptfs-utils-96-groupcheck.patch b/ecryptfs-utils-96-groupcheck.patch new file mode 100644 index 0000000..ebbd6f0 --- /dev/null +++ b/ecryptfs-utils-96-groupcheck.patch @@ -0,0 +1,21 @@ +diff -up ecryptfs-utils-96/src/utils/ecryptfs-mount-private.groupcheck ecryptfs-utils-96/src/utils/ecryptfs-mount-private +--- ecryptfs-utils-96/src/utils/ecryptfs-mount-private.groupcheck 2012-04-16 14:42:56.386317997 +0200 ++++ ecryptfs-utils-96/src/utils/ecryptfs-mount-private 2012-04-16 14:49:13.637431764 +0200 +@@ -69,7 +69,16 @@ if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f + echo `gettext "ERROR:"` `gettext "Too many incorrect password attempts, exiting"` + exit 1 + fi +- /sbin/mount.ecryptfs_private ++ if ! /sbin/mount.ecryptfs_private; ++ then ++ # Check if the ecryptfs group exists, and user is member of ecryptfs group ++ if grep -qs "^ecryptfs:" /etc/group; then ++ if ! id "$USER" | grep -qs "\(ecryptfs\)"; then ++ echo $(gettext 'ERROR: ') $(gettext 'User needs to be a member of ecryptfs group') ++ exit 1 ++ fi ++ fi ++ fi + else + echo `gettext "ERROR:"` `gettext "Encrypted private directory is not setup properly"` + exit 1 diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index e0f96e0..ad78818 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -5,7 +5,7 @@ Name: ecryptfs-utils Version: 96 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base License: GPLv2+ @@ -62,6 +62,9 @@ Patch19: ecryptfs-utils-87-syslog.patch Patch20: ecryptfs-utils-93-fixcrypto.patch +# if e-m-p fails, check if user is member of ecryptfs group +Patch21: ecryptfs-utils-96-groupcheck.patch + BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires: keyutils, cryptsetup-luks, util-linux, gettext BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel @@ -116,6 +119,7 @@ the interface supplied by the ecryptfs-utils library. %patch18 -p1 -b .fixconst %patch19 -p1 -b .syslog %patch20 -p1 -b .fixcrypto +%patch21 -p1 -b .groupcheck %build export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits" @@ -256,6 +260,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Mon Apr 16 2012 Michal Hlavinka - 96-2 +- when ecryptfs-mount-fails, check if user is member of ecryptfs group + * Mon Feb 20 2012 Michal Hlavinka - 96-1 - ecryptfs-utils updated to 96