From 7731a01ed191639a0e7d52795c39e696699d6854 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Oct 31 2011 13:29:23 +0000 Subject: updated to v. 93 --- diff --git a/.gitignore b/.gitignore index e927580..864694a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ ecryptfs-mount-private.png /ecryptfs-utils_86.orig.tar.gz /ecryptfs-utils_87.orig.tar.gz /ecryptfs-utils_90.orig.tar.gz +/ecryptfs-utils_93.orig.tar.gz diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch index fddf477..fa58946 100644 --- a/ecryptfs-utils-75-werror.patch +++ b/ecryptfs-utils-75-werror.patch @@ -1,6 +1,6 @@ -diff -up ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c ---- ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2011-08-11 10:26:55.453235671 +0200 -+++ ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-08-11 10:26:55.471235788 +0200 +diff -up ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c +--- ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2011-10-31 14:18:18.136758412 +0100 ++++ ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-10-31 14:18:18.156758569 +0100 @@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize( pkcs11h_data->serialized_id = NULL; } @@ -150,9 +150,9 @@ diff -up ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror e subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo); -diff -up ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c ---- ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror 2010-12-17 18:34:04.000000000 +0100 -+++ ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c 2011-08-11 10:26:55.472235795 +0200 +diff -up ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c +--- ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c.werror 2011-10-27 17:53:07.000000000 +0200 ++++ ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c 2011-10-31 14:18:18.157758576 +0100 @@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_ if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES @@ -162,9 +162,9 @@ diff -up ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils "bytes; there are only [%zu] bytes\n", __FUNCTION__, (ECRYPTFS_FILE_SIZE_BYTES + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES -diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror 2011-02-06 03:44:30.000000000 +0100 -+++ ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-11 10:26:55.472235795 +0200 +diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.werror 2011-10-27 17:53:07.000000000 +0200 ++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 14:18:29.644847653 +0100 @@ -39,35 +39,11 @@ #include #include @@ -176,25 +176,25 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils -static void error(const char *msg) -{ -- syslog(LOG_ERR, "errno = [%i]; strerror = [%m]\n", errno); +- syslog(LOG_ERR, "pam_ecryptfs: errno = [%i]; strerror = [%m]\n", errno); - switch (errno) { - case ENOKEY: -- syslog(LOG_ERR, "%s: Requested key not available\n", msg); +- syslog(LOG_ERR, "pam_ecryptfs: %s: Requested key not available\n", msg); - return; - - case EKEYEXPIRED: -- syslog(LOG_ERR, "%s: Key has expired\n", msg); +- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has expired\n", msg); - return; - - case EKEYREVOKED: -- syslog(LOG_ERR, "%s: Key has been revoked\n", msg); +- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has been revoked\n", msg); - return; - - case EKEYREJECTED: -- syslog(LOG_ERR, "%s: Key was rejected by service\n", msg); +- syslog(LOG_ERR, "pam_ecryptfs: %s: Key was rejected by service\n", msg); - return; - default: -- syslog(LOG_ERR, "%s: Unknown key error\n", msg); +- syslog(LOG_ERR, "pam_ecryptfs: %s: Unknown key error\n", msg); - return; - } -} @@ -211,7 +211,7 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils { char *unwrapped_pw_filename = NULL; struct stat s; -@@ -201,8 +177,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h +@@ -195,8 +171,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h if ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0)) { char *wrapped_pw_filename; @@ -220,7 +220,7 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils rc = asprintf( &wrapped_pw_filename, "%s/.ecryptfs/%s", -@@ -294,8 +268,6 @@ static int private_dir(pam_handle_t *pam +@@ -282,8 +256,6 @@ static int private_dir(pam_handle_t *pam char *autoumount = "auto-umount"; struct stat s; pid_t pid; @@ -229,7 +229,7 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils if ((pwd = fetch_pwd(pamh)) == NULL) { /* fetch_pwd() logged a message */ -@@ -342,7 +314,7 @@ static int private_dir(pam_handle_t *pam +@@ -329,7 +301,7 @@ static int private_dir(pam_handle_t *pam if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) { /* User has not recorded their passphrase */ unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); @@ -238,32 +238,29 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666); close(fd); } -@@ -413,7 +385,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand +@@ -398,7 +370,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand char *old_passphrase = NULL; char *new_passphrase = NULL; char *wrapped_pw_filename; - char *name = NULL; -+// char *name = NULL; char salt[ECRYPTFS_SALT_SIZE]; char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; pid_t child_pid, tmp_pid; -@@ -427,11 +399,11 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand +@@ -412,10 +383,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand if (pwd) { uid = pwd->pw_uid; homedir = pwd->pw_dir; - name = pwd->pw_name; -+// name = pwd->pw_name; } } else { - syslog(LOG_ERR, "Error getting passwd info for user [%s]; " -- "rc = [%ld]\n", username, rc); -+ "rc = [%d]\n", username, rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); ++ syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc); goto out; } saved_uid = geteuid(); -diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs.c ---- ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror 2011-08-11 10:26:55.468235767 +0200 -+++ ecryptfs-utils-90/src/utils/mount.ecryptfs.c 2011-08-11 10:26:55.473235801 +0200 +diff -up ecryptfs-utils-93/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-93/src/utils/mount.ecryptfs.c +--- ecryptfs-utils-93/src/utils/mount.ecryptfs.c.werror 2011-10-31 14:18:18.153758546 +0100 ++++ ecryptfs-utils-93/src/utils/mount.ecryptfs.c 2011-10-31 14:18:18.158758583 +0100 @@ -461,7 +461,7 @@ static int ecryptfs_do_mount(int argc, c { int rc; @@ -282,9 +279,9 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-90/s if (!(temp = strdup("ecryptfs_unlink_sigs"))) { rc = -ENOMEM; goto out; -diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c ---- ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror 2011-08-11 10:26:55.461235723 +0200 -+++ ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c 2011-08-11 10:27:23.264417014 +0200 +diff -up ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c +--- ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.werror 2011-10-31 14:18:18.146758491 +0100 ++++ ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c 2011-10-31 14:18:18.158758583 +0100 @@ -95,7 +95,6 @@ int read_config(char *pw_dir, int uid, c *s = strdup(e->mnt_fsname); if (!*s) @@ -293,7 +290,7 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-ut return 0; } -@@ -300,7 +299,7 @@ int update_mtab(char *dev, char *mnt, ch +@@ -302,7 +301,7 @@ int update_mtab(char *dev, char *mnt, ch goto fail_early; } @@ -302,9 +299,9 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-ut if (addmntent(new_mtab, old_ent) != 0) { perror("addmntent"); goto fail; -diff -up ecryptfs-utils-90/src/utils/test.c.werror ecryptfs-utils-90/src/utils/test.c ---- ecryptfs-utils-90/src/utils/test.c.werror 2010-12-17 18:34:04.000000000 +0100 -+++ ecryptfs-utils-90/src/utils/test.c 2011-08-11 10:26:55.474235807 +0200 +diff -up ecryptfs-utils-93/src/utils/test.c.werror ecryptfs-utils-93/src/utils/test.c +--- ecryptfs-utils-93/src/utils/test.c.werror 2011-10-27 17:53:07.000000000 +0200 ++++ ecryptfs-utils-93/src/utils/test.c 2011-10-31 14:18:18.159758591 +0100 @@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache struct inode *lower_inode; struct ecryptfs_crypt_stat *crypt_stat; diff --git a/ecryptfs-utils-87-autoload.patch b/ecryptfs-utils-87-autoload.patch index 344c9be..6d491f9 100644 --- a/ecryptfs-utils-87-autoload.patch +++ b/ecryptfs-utils-87-autoload.patch @@ -1,6 +1,6 @@ -diff -up ecryptfs-utils-90/src/utils/ecryptfs-mount-private.autoload ecryptfs-utils-90/src/utils/ecryptfs-mount-private ---- ecryptfs-utils-90/src/utils/ecryptfs-mount-private.autoload 2011-08-31 12:06:39.561319897 +0200 -+++ ecryptfs-utils-90/src/utils/ecryptfs-mount-private 2011-08-31 12:06:39.589319941 +0200 +diff -up ecryptfs-utils-93/src/utils/ecryptfs-mount-private.autoload ecryptfs-utils-93/src/utils/ecryptfs-mount-private +--- ecryptfs-utils-93/src/utils/ecryptfs-mount-private.autoload 2011-10-27 17:53:07.000000000 +0200 ++++ ecryptfs-utils-93/src/utils/ecryptfs-mount-private 2011-10-31 12:40:46.066315002 +0100 @@ -33,6 +33,9 @@ if /sbin/mount.ecryptfs_private >/dev/nu exit 0 fi @@ -11,9 +11,9 @@ diff -up ecryptfs-utils-90/src/utils/ecryptfs-mount-private.autoload ecryptfs-ut # Otherwise, interactively prompt for the user's password if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f "$MOUNT_PASSPHRASE_SIG_FILE" ]; then tries=0 -diff -up ecryptfs-utils-90/src/utils/ecryptfs-setup-private.autoload ecryptfs-utils-90/src/utils/ecryptfs-setup-private ---- ecryptfs-utils-90/src/utils/ecryptfs-setup-private.autoload 2011-08-10 15:35:11.000000000 +0200 -+++ ecryptfs-utils-90/src/utils/ecryptfs-setup-private 2011-08-31 12:04:57.344158953 +0200 +diff -up ecryptfs-utils-93/src/utils/ecryptfs-setup-private.autoload ecryptfs-utils-93/src/utils/ecryptfs-setup-private +--- ecryptfs-utils-93/src/utils/ecryptfs-setup-private.autoload 2011-10-27 17:53:07.000000000 +0200 ++++ ecryptfs-utils-93/src/utils/ecryptfs-setup-private 2011-10-31 12:40:46.066315002 +0100 @@ -101,6 +101,7 @@ random_passphrase () { } @@ -22,10 +22,10 @@ diff -up ecryptfs-utils-90/src/utils/ecryptfs-setup-private.autoload ecryptfs-ut version=$(cat /sys/fs/ecryptfs/version 2>/dev/null) [ -z "$version" ] && error "$(gettext 'Cannot get ecryptfs version, ecryptfs kernel module not loaded?')" [ $(($version & 0x100)) -eq 0 ] && return 1 -diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.autoload ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c ---- ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.autoload 2011-08-31 12:00:46.109786923 +0200 -+++ ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c 2011-08-31 12:00:46.116786934 +0200 -@@ -484,6 +484,13 @@ int main(int argc, char *argv[]) { +diff -up ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.autoload ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c +--- ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.autoload 2011-10-31 12:40:46.000000000 +0100 ++++ ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c 2011-10-31 13:40:14.990679286 +0100 +@@ -489,6 +489,13 @@ int main(int argc, char *argv[]) { char *sig, *sig_fnek; FILE *fh_counter = NULL; @@ -37,5 +37,5 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.autoload ecryptfs- + } + uid = getuid(); + gid = getgid(); /* Non-privileged effective uid is sufficient for all but the code - * that mounts, unmounts, and updates /etc/mtab. diff --git a/ecryptfs-utils-87-fixpamfork.patch b/ecryptfs-utils-87-fixpamfork.patch index fe1d85d..3c9749c 100644 --- a/ecryptfs-utils-87-fixpamfork.patch +++ b/ecryptfs-utils-87-fixpamfork.patch @@ -1,7 +1,7 @@ -diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid 2011-07-21 13:35:47.968581526 +0200 -+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-21 13:37:08.411188936 +0200 -@@ -217,7 +217,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h +diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.fixpamfork ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.fixpamfork 2011-10-31 13:44:28.643925611 +0100 ++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:46:48.627152400 +0100 +@@ -207,7 +207,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h } out_child: free(auth_tok_sig); @@ -10,19 +10,19 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils } tmp_pid = waitpid(child_pid, NULL, 0); if (tmp_pid == -1) -@@ -309,7 +309,7 @@ static int private_dir(pam_handle_t *pam +@@ -295,7 +295,7 @@ static int private_dir(pam_handle_t *pam + "%s/.ecryptfs/.wrapped-passphrase.recorded", pwd->pw_dir) < 0) || recorded == NULL) { - syslog(LOG_ERR, - "Error allocating memory for recorded name"); + syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for recorded name"); - return 1; + _exit(255); } if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) { /* User has not recorded their passphrase */ -@@ -322,25 +322,27 @@ static int private_dir(pam_handle_t *pam +@@ -307,24 +307,26 @@ static int private_dir(pam_handle_t *pam + if (stat(autofile, &s) != 0) { /* User does not want to auto-mount */ - syslog(LOG_INFO, - "Skipping automatic eCryptfs mount"); + syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount"); - return 0; + _exit(0); } @@ -34,8 +34,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils } else { if (stat(autofile, &s) != 0) { /* User does not want to auto-unmount */ - syslog(LOG_INFO, - "Skipping automatic eCryptfs unmount"); + syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount"); - return 0; + _exit(0); } @@ -50,7 +49,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils } else { waitpid(pid, &rc, 0); goto out; -@@ -482,7 +484,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand +@@ -455,7 +457,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand goto out_child; } out_child: @@ -58,4 +57,4 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils + _exit(0); } if ((tmp_pid = waitpid(child_pid, NULL, 0)) == -1) - syslog(LOG_WARNING, + syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n"); diff --git a/ecryptfs-utils-87-nozombies.patch b/ecryptfs-utils-87-nozombies.patch index 32b0147..94f1c6c 100644 --- a/ecryptfs-utils-87-nozombies.patch +++ b/ecryptfs-utils-87-nozombies.patch @@ -1,6 +1,6 @@ -diff -up ecryptfs-utils-87/src/include/ecryptfs.h.nozombies ecryptfs-utils-87/src/include/ecryptfs.h ---- ecryptfs-utils-87/src/include/ecryptfs.h.nozombies 2011-03-09 14:30:32.000000000 +0100 -+++ ecryptfs-utils-87/src/include/ecryptfs.h 2011-07-21 14:17:33.539120662 +0200 +diff -up ecryptfs-utils-93/src/include/ecryptfs.h.nozombies ecryptfs-utils-93/src/include/ecryptfs.h +--- ecryptfs-utils-93/src/include/ecryptfs.h.nozombies 2011-10-27 17:53:07.000000000 +0200 ++++ ecryptfs-utils-93/src/include/ecryptfs.h 2011-10-31 13:47:05.151296631 +0100 @@ -588,10 +588,6 @@ int ecryptfs_validate_keyring(void); #define ECRYPTFS_SHM_KEY 0x3c81b7f5 #define ECRYPTFS_SEM_KEY 0x3c81b7f6 @@ -12,10 +12,10 @@ diff -up ecryptfs-utils-87/src/include/ecryptfs.h.nozombies ecryptfs-utils-87/sr int ecryptfs_build_linear_subgraph_from_nvp(struct transition_node **trans_node, struct ecryptfs_key_mod *key_mod); int ecryptfs_build_linear_subgraph(struct transition_node **trans_node, -diff -up ecryptfs-utils-87/src/libecryptfs/main.c.nozombies ecryptfs-utils-87/src/libecryptfs/main.c ---- ecryptfs-utils-87/src/libecryptfs/main.c.nozombies 2011-03-09 14:30:32.000000000 +0100 -+++ ecryptfs-utils-87/src/libecryptfs/main.c 2011-07-21 14:19:02.384364121 +0200 -@@ -480,487 +480,6 @@ out: +diff -up ecryptfs-utils-93/src/libecryptfs/main.c.nozombies ecryptfs-utils-93/src/libecryptfs/main.c +--- ecryptfs-utils-93/src/libecryptfs/main.c.nozombies 2011-10-31 13:47:05.098296169 +0100 ++++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-10-31 13:47:05.151296631 +0100 +@@ -484,487 +484,6 @@ out: return rc; } @@ -503,18 +503,16 @@ diff -up ecryptfs-utils-87/src/libecryptfs/main.c.nozombies ecryptfs-utils-87/sr static struct ecryptfs_ctx_ops ctx_ops; struct ecryptfs_ctx_ops *cryptfs_get_ctx_opts (void) -diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.nozombies ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.nozombies 2011-07-21 14:17:33.525120467 +0200 -+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-21 14:17:33.541120690 +0200 -@@ -208,13 +208,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h - "user session keyring; rc = [%ld]\n", rc); +diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.nozombies ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.nozombies 2011-10-31 13:47:05.000000000 +0100 ++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:47:30.931521410 +0100 +@@ -201,11 +201,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h + syslog(LOG_ERR, "pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [%ld]\n", rc); goto out_child; } - if (fork() == 0) { - if ((rc = ecryptfs_set_zombie_session_placeholder())) { -- syslog(LOG_ERR, "Error attempting to create " -- "and register zombie process; " -- "rc = [%ld]\n", rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error attempting to create and register zombie process; rc = [%ld]\n", rc); - } - } out_child: diff --git a/ecryptfs-utils-87-pamdata.patch b/ecryptfs-utils-87-pamdata.patch index 127499c..366d8b7 100644 --- a/ecryptfs-utils-87-pamdata.patch +++ b/ecryptfs-utils-87-pamdata.patch @@ -1,7 +1,7 @@ -diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata 2011-08-03 15:40:01.743949759 +0200 -+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-03 15:52:05.676388743 +0200 -@@ -45,6 +45,25 @@ +diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.pamdata 2011-10-31 13:47:57.282750862 +0100 ++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:56:28.601144959 +0100 +@@ -44,6 +44,25 @@ #define PRIVATE_DIR "Private" @@ -27,7 +27,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util /* returns: 0 if file does not exist, 1 if it exists, <0 for error */ static int file_exists_dotecryptfs(const char *homedir, char *filename) { -@@ -64,7 +83,7 @@ out: +@@ -63,7 +82,7 @@ out: return rc; } @@ -36,7 +36,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util { char *unwrapped_pw_filename = NULL; struct stat s; -@@ -96,42 +115,43 @@ static int wrap_passphrase_if_necessary( +@@ -95,37 +114,37 @@ static int wrap_passphrase_if_necessary( PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -55,9 +55,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util uint32_t version; + struct ecryptfs_pam_data *epd = {0,}; - syslog(LOG_INFO, "%s: Called\n", __FUNCTION__); - rc = pam_get_user(pamh, &username, NULL); -+ + if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) { + syslog(LOG_ERR,"Memory allocation failed"); + rc = -ENOMEM; @@ -68,10 +66,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util if (rc == PAM_SUCCESS) { struct passwd *pwd; - syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__, -- username); - pwd = getpwnam(username); -+ epd->username); + pwd = getpwnam(epd->username); if (pwd) { - uid = pwd->pw_uid; @@ -80,9 +75,8 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util + epd->homedir = pwd->pw_dir; } } else { - syslog(LOG_ERR, "Error getting passwd info for user [%s]; " -- "rc = [%ld]\n", username, rc); -+ "rc = [%ld]\n", epd->username, rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); ++ syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", epd->username, rc); goto out; } - if (!file_exists_dotecryptfs(homedir, "auto-mount")) @@ -91,15 +85,14 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util - private_mnt = ecryptfs_fetch_private_mnt(homedir); + private_mnt = ecryptfs_fetch_private_mnt(epd->homedir); if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) { - syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__, -- homedir); -+ epd->homedir); +- syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, homedir); ++ syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, epd->homedir); /* If private/home is already mounted, then we can skip costly loading of keys */ goto out; -@@ -141,82 +161,32 @@ PAM_EXTERN int pam_sm_authenticate(pam_h +@@ -135,79 +154,29 @@ PAM_EXTERN int pam_sm_authenticate(pam_h if (ecryptfs_get_version(&version) != 0) - syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n"); + syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n"); saved_uid = geteuid(); - seteuid(uid); - if(file_exists_dotecryptfs(homedir, "wrapping-independent") == 1) @@ -113,17 +106,16 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util + epd->passphrase = strdup(epd->passphrase); seteuid(saved_uid); if (rc != PAM_SUCCESS) { - syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n", + syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n", rc); goto out; } - auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1); - if (!auth_tok_sig) { - rc = -ENOMEM; -- syslog(LOG_ERR, "Out of memory\n"); +- syslog(LOG_ERR, "pam_ecryptfs: Out of memory\n"); - goto out; - } -+ rc = ecryptfs_read_salt_hex_from_rc(salt_hex); if (rc) { - from_hex(salt, ECRYPTFS_DEFAULT_SALT_HEX, ECRYPTFS_SALT_SIZE); @@ -133,31 +125,29 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util - if ((child_pid = fork()) == 0) { - setuid(uid); - if (passphrase == NULL) { -- syslog(LOG_ERR, "NULL passphrase; aborting\n"); +- syslog(LOG_ERR, "pam_ecryptfs: NULL passphrase; aborting\n"); - rc = -EINVAL; - goto out_child; - } - if ((rc = ecryptfs_validate_keyring())) { -- syslog(LOG_WARNING, -- "Cannot validate keyring integrity\n"); +- syslog(LOG_WARNING, "pam_ecryptfs: Cannot validate keyring integrity\n"); - } - rc = 0; - if ((argc == 1) - && (memcmp(argv[0], "unwrap\0", 7) == 0)) { - char *wrapped_pw_filename; -+ from_hex(epd->salt, salt_hex, ECRYPTFS_SALT_SIZE); - +- - rc = asprintf( - &wrapped_pw_filename, "%s/.ecryptfs/%s", - homedir, - ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME); - if (rc == -1) { -- syslog(LOG_ERR, "Unable to allocate memory\n"); +- syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n"); - rc = -ENOMEM; - goto out_child; - } - if (wrap_passphrase_if_necessary(username, uid, wrapped_pw_filename, passphrase, salt) == 0) { -- syslog(LOG_INFO, "Passphrase file wrapped"); +- syslog(LOG_DEBUG, "pam_ecryptfs: Passphrase file wrapped"); - } else { - goto out_child; - } @@ -173,13 +163,13 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util - goto out_child; - } - if (rc) { -- syslog(LOG_ERR, "Error adding passphrase key token to " -- "user session keyring; rc = [%ld]\n", rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [%ld]\n", rc); - goto out_child; - } -out_child: - free(auth_tok_sig); - _exit(0); ++ from_hex(epd->salt, salt_hex, ECRYPTFS_SALT_SIZE); + epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0)); + if ((rc=pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata)) != PAM_SUCCESS) { + @@ -188,13 +178,11 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util } - tmp_pid = waitpid(child_pid, NULL, 0); - if (tmp_pid == -1) -- syslog(LOG_WARNING, -- "waitpid() returned with error condition\n"); -+ +- syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n"); out: if (private_mnt != NULL) free(private_mnt); -@@ -361,10 +331,88 @@ static int umount_private_dir(pam_handle +@@ -347,10 +316,88 @@ static int umount_private_dir(pam_handle return private_dir(pamh, 0); } diff --git a/ecryptfs-utils-87-syslog.patch b/ecryptfs-utils-87-syslog.patch index b1d2382..d27fab8 100644 --- a/ecryptfs-utils-87-syslog.patch +++ b/ecryptfs-utils-87-syslog.patch @@ -1,6 +1,6 @@ -diff -up ecryptfs-utils-87/src/include/ecryptfs.h.syslog ecryptfs-utils-87/src/include/ecryptfs.h ---- ecryptfs-utils-87/src/include/ecryptfs.h.syslog 2011-08-09 14:38:08.941531270 +0200 -+++ ecryptfs-utils-87/src/include/ecryptfs.h 2011-08-09 14:38:08.951531067 +0200 +diff -up ecryptfs-utils-93/src/include/ecryptfs.h.syslog ecryptfs-utils-93/src/include/ecryptfs.h +--- ecryptfs-utils-93/src/include/ecryptfs.h.syslog 2011-10-31 13:57:01.132420947 +0100 ++++ ecryptfs-utils-93/src/include/ecryptfs.h 2011-10-31 13:57:01.135420971 +0100 @@ -143,7 +143,7 @@ #define ECRYPTFS_TAG_67_PACKET 0x43 @@ -10,86 +10,72 @@ diff -up ecryptfs-utils-87/src/include/ecryptfs.h.syslog ecryptfs-utils-87/src/i #define ECRYPTFS_MAX_NUM_CIPHERS 64 #define ECRYPTFS_ECHO_ON 1 -diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog 2011-08-09 14:38:08.933531435 +0200 -+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-09 14:38:08.955530985 +0200 -@@ -91,7 +91,7 @@ static int wrap_passphrase_if_necessary( +diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.syslog 2011-10-31 13:57:01.129420920 +0100 ++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:59:35.090721614 +0100 +@@ -90,7 +90,7 @@ static int wrap_passphrase_if_necessary( rc = asprintf(&unwrapped_pw_filename, "/dev/shm/.ecryptfs-%s", username); if (rc == -1) { -- syslog(LOG_ERR, "Unable to allocate memory\n"); -+ ecryptfs_syslog(LOG_ERR, "Unable to allocate memory\n"); +- syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n"); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n"); return -ENOMEM; } /* If /dev/shm/.ecryptfs-$USER exists and owned by the user -@@ -105,7 +105,7 @@ static int wrap_passphrase_if_necessary( +@@ -104,7 +104,7 @@ static int wrap_passphrase_if_necessary( setuid(uid); rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename); if (rc != 0) { -- syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc); -+ ecryptfs_syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc); } return rc; } -@@ -122,10 +122,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h - uint32_t version; +@@ -122,7 +122,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h struct ecryptfs_pam_data *epd = {0,}; -- syslog(LOG_INFO, "%s: Called\n", __FUNCTION__); -+ ecryptfs_syslog(LOG_INFO, "pam auth stack calls pam_ecryptfs module"); - if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) { - syslog(LOG_ERR,"Memory allocation failed"); + ecryptfs_syslog(LOG_ERR,"Memory allocation failed"); rc = -ENOMEM; goto out; } -@@ -134,7 +134,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h - if (rc == PAM_SUCCESS) { - struct passwd *pwd; - -- syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__, -+ ecryptfs_syslog(LOG_INFO, "pam_ecryptfs: username = [%s]\n", - epd->username); - pwd = getpwnam(epd->username); - if (pwd) { -@@ -142,7 +142,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h +@@ -137,14 +137,14 @@ PAM_EXTERN int pam_sm_authenticate(pam_h epd->homedir = pwd->pw_dir; } } else { -- syslog(LOG_ERR, "Error getting passwd info for user [%s]; " -+ ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; " - "rc = [%ld]\n", epd->username, rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", epd->username, rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", epd->username, rc); goto out; } -@@ -150,7 +150,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h + if (!file_exists_dotecryptfs(epd->homedir, "auto-mount")) goto out; private_mnt = ecryptfs_fetch_private_mnt(epd->homedir); if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) { -- syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__, -+ ecryptfs_syslog(LOG_INFO, "%s is already mounted", - epd->homedir); +- syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, epd->homedir); ++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, epd->homedir); /* If private/home is already mounted, then we can skip costly loading of keys */ -@@ -159,7 +159,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h + goto out; +@@ -152,7 +152,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h /* we need side effect of this check: load ecryptfs module if not loaded already */ if (ecryptfs_get_version(&version) != 0) -- syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n"); -+ ecryptfs_syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n"); +- syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n"); ++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n"); saved_uid = geteuid(); seteuid(epd->uid); if(file_exists_dotecryptfs(epd->homedir, "wrapping-independent") == 1) -@@ -169,7 +169,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h +@@ -162,7 +162,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h epd->passphrase = strdup(epd->passphrase); seteuid(saved_uid); if (rc != PAM_SUCCESS) { -- syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n", -+ ecryptfs_syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n", +- syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n", ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n", rc); goto out; } -@@ -183,7 +183,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h +@@ -174,7 +174,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0)); if ((rc=pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata)) != PAM_SUCCESS) { @@ -97,45 +83,44 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils + ecryptfs_syslog(LOG_ERR, "Unable to store ecryptfs pam data : %s", pam_strerror(pamh, rc)); goto out; } - -@@ -207,13 +207,13 @@ static struct passwd *fetch_pwd(pam_hand + out: +@@ -197,12 +197,12 @@ static struct passwd *fetch_pwd(pam_hand rc = pam_get_user(pamh, &username, NULL); if (rc != PAM_SUCCESS || username == NULL) { -- syslog(LOG_ERR, "Error getting passwd info for user [%s]; " -+ ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; " - "rc = [%ld]\n", username, rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); return NULL; } pwd = getpwnam(username); if (pwd == NULL) { -- syslog(LOG_ERR, "Error getting passwd info for user [%s]; " -+ ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; " - "rc = [%ld]\n", username, rc); +- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); return NULL; } -@@ -245,13 +245,13 @@ static int private_dir(pam_handle_t *pam + return pwd; +@@ -233,13 +233,13 @@ static int private_dir(pam_handle_t *pam if ( (asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0) || autofile == NULL) { -- syslog(LOG_ERR, "Error allocating memory for autofile name"); -+ ecryptfs_syslog(LOG_ERR, "Error allocating memory for autofile name"); +- syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for autofile name"); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for autofile name"); return 1; } if ( (asprintf(&sigfile, "%s/.ecryptfs/%s.sig", pwd->pw_dir, PRIVATE_DIR) < 0) || sigfile == NULL) { -- syslog(LOG_ERR, "Error allocating memory for sigfile name"); -+ ecryptfs_syslog(LOG_ERR, "Error allocating memory for sigfile name"); +- syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for sigfile name"); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for sigfile name"); return 1; } if (stat(sigfile, &s) != 0) { -@@ -263,13 +263,13 @@ static int private_dir(pam_handle_t *pam +@@ -251,13 +251,13 @@ static int private_dir(pam_handle_t *pam goto out; } if ((pid = fork()) < 0) { -- syslog(LOG_ERR, "Error setting up private mount"); -+ ecryptfs_syslog(LOG_ERR, "Error setting up private mount"); +- syslog(LOG_ERR, "pam_ecryptfs: Error setting up private mount"); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error setting up private mount"); return 1; } if (pid == 0) { @@ -146,25 +131,24 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils _exit(255); } -@@ -277,7 +277,7 @@ static int private_dir(pam_handle_t *pam +@@ -265,7 +265,7 @@ static int private_dir(pam_handle_t *pam if ((asprintf(&recorded, "%s/.ecryptfs/.wrapped-passphrase.recorded", pwd->pw_dir) < 0) || recorded == NULL) { -- syslog(LOG_ERR, -+ ecryptfs_syslog(LOG_ERR, - "Error allocating memory for recorded name"); +- syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for recorded name"); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for recorded name"); _exit(255); } -@@ -290,7 +290,7 @@ static int private_dir(pam_handle_t *pam + if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) { +@@ -277,25 +277,25 @@ static int private_dir(pam_handle_t *pam } if (stat(autofile, &s) != 0) { /* User does not want to auto-mount */ -- syslog(LOG_INFO, -+ ecryptfs_syslog(LOG_INFO, - "Skipping automatic eCryptfs mount"); +- syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount"); ++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount"); _exit(0); } -@@ -298,11 +298,11 @@ static int private_dir(pam_handle_t *pam + /* run mount.ecryptfs_private as the user */ setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid); execl("/sbin/mount.ecryptfs_private", "mount.ecryptfs_private", NULL); @@ -173,12 +157,11 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils } else { if (stat(autofile, &s) != 0) { /* User does not want to auto-unmount */ -- syslog(LOG_INFO, -+ ecryptfs_syslog(LOG_INFO, - "Skipping automatic eCryptfs unmount"); +- syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount"); ++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount"); _exit(0); } -@@ -310,7 +310,7 @@ static int private_dir(pam_handle_t *pam + /* run umount.ecryptfs_private as the user */ setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid); execl("/sbin/umount.ecryptfs_private", "umount.ecryptfs_private", NULL); @@ -187,7 +170,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils } _exit(255); } else { -@@ -339,25 +339,25 @@ static int fill_keyring(pam_handle_t *pa +@@ -324,25 +324,25 @@ static int fill_keyring(pam_handle_t *pa char *auth_tok_sig; auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1); if (!auth_tok_sig) { @@ -217,7 +200,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils "Cannot validate keyring integrity\n"); } rc = 0; -@@ -369,12 +369,12 @@ static int fill_keyring(pam_handle_t *pa +@@ -354,12 +354,12 @@ static int fill_keyring(pam_handle_t *pa epd->homedir, ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME); if (rc == -1) { @@ -232,7 +215,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils } else { goto out_child; } -@@ -390,7 +390,7 @@ static int fill_keyring(pam_handle_t *pa +@@ -375,7 +375,7 @@ static int fill_keyring(pam_handle_t *pa goto out_child; } if (rc) { @@ -241,7 +224,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils "user session keyring; rc = [%d]\n", rc); goto out_child; } -@@ -400,7 +400,7 @@ out_child: +@@ -385,7 +385,7 @@ out_child: } tmp_pid = waitpid(child_pid, NULL, 0); if (tmp_pid == -1) @@ -250,3 +233,88 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils "waitpid() returned with error condition\n"); +@@ -435,7 +435,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + homedir = pwd->pw_dir; + } + } else { +- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc); + goto out; + } + saved_uid = geteuid(); +@@ -443,7 +443,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + if ((rc = pam_get_item(pamh, PAM_OLDAUTHTOK, + (const void **)&old_passphrase)) + != PAM_SUCCESS) { +- syslog(LOG_ERR, "pam_ecryptfs: Error retrieving old passphrase; rc = [%d]\n", rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error retrieving old passphrase; rc = [%d]\n", rc); + seteuid(saved_uid); + goto out; + } +@@ -451,7 +451,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + if ((flags & PAM_PRELIM_CHECK)) { + if (!old_passphrase) + { +- syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved a NULL passphrase; nothing to do\n"); ++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved a NULL passphrase; nothing to do\n"); + rc = PAM_AUTHTOK_RECOVER_ERR; + } + seteuid(saved_uid); +@@ -460,14 +460,14 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + if ((rc = pam_get_item(pamh, PAM_AUTHTOK, + (const void **)&new_passphrase)) + != PAM_SUCCESS) { +- syslog(LOG_ERR, "pam_ecryptfs: Error retrieving new passphrase; rc = [%d]\n", rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error retrieving new passphrase; rc = [%d]\n", rc); + seteuid(saved_uid); + goto out; + } + if ((rc = asprintf(&wrapped_pw_filename, "%s/.ecryptfs/%s", homedir, + ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME)) + == -1) { +- syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n"); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n"); + rc = -ENOMEM; + goto out; + } +@@ -477,14 +477,14 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + from_hex(salt, salt_hex, ECRYPTFS_SALT_SIZE); + } + if (wrap_passphrase_if_necessary(username, uid, wrapped_pw_filename, new_passphrase, salt) == 0) { +- syslog(LOG_DEBUG, "pam_ecryptfs: Passphrase file wrapped"); ++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: Passphrase file wrapped"); + } else { + goto out; + } + + seteuid(saved_uid); + if (!old_passphrase || !new_passphrase || *new_passphrase == '\0') { +- syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved at least one NULL passphrase; nothing to do\n"); ++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved at least one NULL passphrase; nothing to do\n"); + rc = PAM_AUTHTOK_RECOVER_ERR; + goto out; + } +@@ -496,20 +496,20 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + if ((rc = ecryptfs_unwrap_passphrase(passphrase, + wrapped_pw_filename, + old_passphrase, salt))) { +- syslog(LOG_ERR, "pam_ecryptfs: Error attempting to unwrap passphrase; rc = [%d]\n", rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error attempting to unwrap passphrase; rc = [%d]\n", rc); + goto out_child; + } + if ((rc = ecryptfs_wrap_passphrase(wrapped_pw_filename, + new_passphrase, salt, + passphrase))) { +- syslog(LOG_ERR, "pam_ecryptfs: Error attempting to wrap passphrase; rc = [%d]", rc); ++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error attempting to wrap passphrase; rc = [%d]", rc); + goto out_child; + } + out_child: + _exit(0); + } + if ((tmp_pid = waitpid(child_pid, NULL, 0)) == -1) +- syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n"); ++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n"); + free(wrapped_pw_filename); + out: + return rc; diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index b17d650..56f720a 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -4,8 +4,8 @@ %global _sbindir /sbin Name: ecryptfs-utils -Version: 90 -Release: 2%{?dist} +Version: 93 +Release: 1%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base License: GPLv2+ @@ -47,8 +47,6 @@ Patch12: ecryptfs-utils-87-memcpyfix.patch # allow building with -Werror Patch999: ecryptfs-utils-75-werror.patch -Patch13: ecryptfs-utils-90-CVE-2011-3145.patch - # using return after fork() in pam module has some nasty side effects, rhbz#722445 Patch14: ecryptfs-utils-87-fixpamfork.patch @@ -114,7 +112,6 @@ the interface supplied by the ecryptfs-utils library. %patch11 -p1 -b .authconfig %patch12 -p1 -b .memcpyfix %patch999 -p1 -b .werror -%patch13 -p1 -b .CVE-2011-3145 %patch14 -p1 -b .fixpamfork %patch15 -p1 -b .fixexecgid %patch16 -p1 -b .nozombies @@ -198,6 +195,7 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/ecryptfs-stat %{_bindir}/ecryptfs-umount-private %{_bindir}/ecryptfs-unwrap-passphrase +%{_bindir}/ecryptfs-verify %{_bindir}/ecryptfs-wrap-passphrase %{_bindir}/ecryptfsd %{_libdir}/ecryptfs @@ -249,6 +247,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Mon Oct 31 2011 Michal Hlavinka - 93-1 +- updated to v. 93 + * Wed Aug 31 2011 Michal Hlavinka - 90-2 - set the group id in mount.ecryptfs_private (CVE-2011-3145) @@ -290,7 +291,7 @@ rm -rf $RPM_BUILD_ROOT - auto-load ecryptfs module in ecryptfs-setup-private * Tue May 24 2011 Michal Hlavinka - 87-1 -- updated tp v. 87 +- updated to v. 87 * Fri Mar 11 2011 Michal Hlavinka - 86-3 - fix man pages diff --git a/sources b/sources index c36fcea..ab082b6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ e612ddb9ccb17f8fec79df26e626a8c6 ecryptfs-mount-private.png -a81621fb2f7ab4b81f9bffc020b181e2 ecryptfs-utils_90.orig.tar.gz +7a162a2102a2c1701a156498d9218685 ecryptfs-utils_93.orig.tar.gz