[ecryptfs-utils/f17] do not crash in pam module when non-existent user name is used (#859766)
Michal Hlavinka
mhlavink at fedoraproject.org
Thu Sep 27 14:04:32 UTC 2012
commit 5bddbb0b281ab6a938534bea8f5768c5eab02707
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Thu Sep 27 16:04:27 2012 +0200
do not crash in pam module when non-existent user name is used (#859766)
ecryptfs-utils-75-werror.patch | 167 +++++++++++++++++++++++++--------------
ecryptfs-utils-87-pamdata.patch | 47 ++++++-----
ecryptfs-utils-87-syslog.patch | 56 +++++++-------
ecryptfs-utils.spec | 8 ++-
4 files changed, 169 insertions(+), 109 deletions(-)
---
diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch
index e60f5b4..63a4f0f 100644
--- a/ecryptfs-utils-75-werror.patch
+++ b/ecryptfs-utils-75-werror.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-99/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-99/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
---- ecryptfs-utils-99/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2012-07-23 18:59:05.223406369 +0200
-+++ ecryptfs-utils-99/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2012-07-23 18:59:05.237406445 +0200
+diff -up ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
+--- ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2012-08-20 15:46:19.795460481 +0200
++++ ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2012-08-20 15:46:19.844460878 +0200
@@ -99,7 +99,7 @@ static int ecryptfs_pkcs11h_deserialize(
pkcs11h_data->serialized_id = NULL;
}
@@ -150,9 +150,9 @@ diff -up ecryptfs-utils-99/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror e
subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
-diff -up ecryptfs-utils-99/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-99/src/libecryptfs/ecryptfs-stat.c
---- ecryptfs-utils-99/src/libecryptfs/ecryptfs-stat.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/src/libecryptfs/ecryptfs-stat.c 2012-07-23 18:59:05.238406451 +0200
+diff -up ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c
+--- ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c.werror 2012-05-18 21:06:17.000000000 +0200
++++ ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c 2012-08-20 15:46:19.845460886 +0200
@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
@@ -162,9 +162,9 @@ diff -up ecryptfs-utils-99/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils
"bytes; there are only [%zu] bytes\n", __FUNCTION__,
(ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
-diff -up ecryptfs-utils-99/src/libecryptfs/key_management.c.werror ecryptfs-utils-99/src/libecryptfs/key_management.c
---- ecryptfs-utils-99/src/libecryptfs/key_management.c.werror 2012-07-23 18:59:05.219406346 +0200
-+++ ecryptfs-utils-99/src/libecryptfs/key_management.c 2012-07-23 18:59:05.238406451 +0200
+diff -up ecryptfs-utils-100/src/libecryptfs/key_management.c.werror ecryptfs-utils-100/src/libecryptfs/key_management.c
+--- ecryptfs-utils-100/src/libecryptfs/key_management.c.werror 2012-08-20 15:46:19.791460449 +0200
++++ ecryptfs-utils-100/src/libecryptfs/key_management.c 2012-08-20 15:46:19.845460886 +0200
@@ -228,7 +228,6 @@ int ecryptfs_wrap_passphrase_file(char *
int rc = 0;
ssize_t size;
@@ -173,9 +173,9 @@ diff -up ecryptfs-utils-99/src/libecryptfs/key_management.c.werror ecryptfs-util
char *p = NULL;
char decrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
-diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror 2012-07-11 16:03:17.000000000 +0200
-+++ ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c 2012-07-23 18:59:38.714596789 +0200
+diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.werror 2012-08-02 15:20:17.000000000 +0200
++++ ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c 2012-08-20 15:48:15.233393985 +0200
@@ -47,31 +47,6 @@
#define PRIVATE_DIR "Private"
@@ -208,7 +208,20 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
/* returns: 0 if file does not exist, 1 if it exists, <0 for error */
static int file_exists_dotecryptfs(const char *homedir, char *filename)
{
-@@ -216,8 +191,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -110,10 +85,8 @@ static int wrap_passphrase_if_necessary(
+ stat(wrapped_pw_filename, &s) != 0 &&
+ passphrase != NULL && *passphrase != '\0' &&
+ username != NULL && *username != '\0') {
+- setuid(uid);
+- rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
+- if (rc != 0) {
+- syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
++ if ((rc = setuid(uid))<0 || ((rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename)) != 0)) {
++ syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
+ }
+ return rc;
+ }
+@@ -211,8 +184,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
if ((argc == 1)
&& (memcmp(argv[0], "unwrap\0", 7) == 0)) {
char *wrapped_pw_filename;
@@ -217,7 +230,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
rc = asprintf(
&wrapped_pw_filename, "%s/.ecryptfs/%s",
-@@ -309,8 +282,6 @@ static int private_dir(pam_handle_t *pam
+@@ -304,8 +275,6 @@ static int private_dir(pam_handle_t *pam
char *autoumount = "auto-umount";
struct stat s;
pid_t pid;
@@ -226,7 +239,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
if ((pwd = fetch_pwd(pamh)) == NULL) {
/* fetch_pwd() logged a message */
-@@ -356,7 +327,7 @@ static int private_dir(pam_handle_t *pam
+@@ -351,7 +320,7 @@ static int private_dir(pam_handle_t *pam
if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
/* User has not recorded their passphrase */
unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
@@ -235,7 +248,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
close(fd);
}
-@@ -435,7 +406,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+@@ -430,7 +399,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
char *old_passphrase = NULL;
char *new_passphrase = NULL;
char *wrapped_pw_filename;
@@ -243,7 +256,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
char salt[ECRYPTFS_SALT_SIZE];
char salt_hex[ECRYPTFS_SALT_SIZE_HEX];
pid_t child_pid, tmp_pid;
-@@ -450,15 +420,15 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+@@ -445,15 +413,15 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
uid = pwd->pw_uid;
gid = pwd->pw_gid;
homedir = pwd->pw_dir;
@@ -262,9 +275,34 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
syslog(LOG_ERR, "pam_ecryptfs: geteuid error");
goto outnouid;
}
-diff -up ecryptfs-utils-99/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-99/src/utils/mount.ecryptfs.c
---- ecryptfs-utils-99/src/utils/mount.ecryptfs.c.werror 2012-07-23 18:59:05.234406430 +0200
-+++ ecryptfs-utils-99/src/utils/mount.ecryptfs.c 2012-07-23 18:59:05.239406457 +0200
+@@ -512,7 +480,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH + 1];
+
+ /* temp regain uid 0 to drop privs */
+- seteuid(oeuid);
++ if (seteuid(oeuid) < 0) {
++ syslog(LOG_ERR, "pam_ecryptfs: seteuid error");
++ goto out_child;
++ }
+ /* setgroups() already called */
+ if (setgid(gid) < 0 || setuid(uid) < 0)
+ goto out_child;
+@@ -537,9 +508,9 @@ out_child:
+ free(wrapped_pw_filename);
+ out:
+
+- seteuid(oeuid);
+- setegid(oegid);
+- setgroups(ngids, groups);
++ rc = seteuid(oeuid);
++ rc = setegid(oegid);
++ rc = setgroups(ngids, groups);
+
+ outnouid:
+ return rc;
+diff -up ecryptfs-utils-100/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-100/src/utils/mount.ecryptfs.c
+--- ecryptfs-utils-100/src/utils/mount.ecryptfs.c.werror 2012-08-20 15:46:19.805460562 +0200
++++ ecryptfs-utils-100/src/utils/mount.ecryptfs.c 2012-08-20 15:46:19.847460902 +0200
@@ -34,6 +34,7 @@
#include <sys/mount.h>
#include <sys/stat.h>
@@ -273,9 +311,9 @@ diff -up ecryptfs-utils-99/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-99/s
#include "config.h"
#include "ecryptfs.h"
#include "decision_graph.h"
-diff -up ecryptfs-utils-99/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-99/src/utils/mount.ecryptfs_private.c
---- ecryptfs-utils-99/src/utils/mount.ecryptfs_private.c.werror 2012-07-23 18:59:05.229406400 +0200
-+++ ecryptfs-utils-99/src/utils/mount.ecryptfs_private.c 2012-07-23 18:59:05.240406463 +0200
+diff -up ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c
+--- ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c.werror 2012-08-20 15:46:19.801460530 +0200
++++ ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c 2012-08-20 15:46:19.847460902 +0200
@@ -95,7 +95,7 @@ int read_config(char *pw_dir, int uid, c
*s = strdup(e->mnt_fsname);
if (!*s)
@@ -285,9 +323,20 @@ diff -up ecryptfs-utils-99/src/utils/mount.ecryptfs_private.c.werror ecryptfs-ut
return 0;
}
-diff -up ecryptfs-utils-99/src/utils/test.c.werror ecryptfs-utils-99/src/utils/test.c
---- ecryptfs-utils-99/src/utils/test.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/src/utils/test.c 2012-07-23 18:59:05.240406463 +0200
+@@ -686,8 +686,8 @@ int main(int argc, char *argv[]) {
+ * update mtab for us, and replace the current process.
+ * Do not use the umount.ecryptfs helper (-i).
+ */
+- setresuid(0,0,0);
+- setresgid(0,0,0);
++ rc=setresuid(0,0,0);
++ rc=setresgid(0,0,0);
+ clearenv();
+
+ /* Since we're doing a lazy unmount anyway, just unmount the current
+diff -up ecryptfs-utils-100/src/utils/test.c.werror ecryptfs-utils-100/src/utils/test.c
+--- ecryptfs-utils-100/src/utils/test.c.werror 2012-05-18 21:06:17.000000000 +0200
++++ ecryptfs-utils-100/src/utils/test.c 2012-08-20 15:46:19.847460902 +0200
@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache
struct inode *lower_inode;
struct ecryptfs_crypt_stat *crypt_stat;
@@ -297,9 +346,9 @@ diff -up ecryptfs-utils-99/src/utils/test.c.werror ecryptfs-utils-99/src/utils/t
int orig_byte_offset = 0;
int num_extents_per_page;
#define ECRYPTFS_PAGE_STATE_UNREAD 0
-diff -up ecryptfs-utils-99/tests/kernel/directory-concurrent/test.c.werror ecryptfs-utils-99/tests/kernel/directory-concurrent/test.c
---- ecryptfs-utils-99/tests/kernel/directory-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/tests/kernel/directory-concurrent/test.c 2012-07-23 18:59:05.240406463 +0200
+diff -up ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c.werror ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c
+--- ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
++++ ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c 2012-08-20 15:46:19.848460910 +0200
@@ -149,7 +149,7 @@ int hang_check(int option, const char *f
int test_dirs(const char *path, const int max_dirs)
@@ -309,9 +358,22 @@ diff -up ecryptfs-utils-99/tests/kernel/directory-concurrent/test.c.werror ecryp
char *filename;
size_t len = strlen(path) + 32;
int ret = TEST_PASSED;
-diff -up ecryptfs-utils-99/tests/kernel/extend-file-random/test.c.werror ecryptfs-utils-99/tests/kernel/extend-file-random/test.c
---- ecryptfs-utils-99/tests/kernel/extend-file-random/test.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/tests/kernel/extend-file-random/test.c 2012-07-23 18:59:05.241406469 +0200
+diff -up ecryptfs-utils-100/tests/kernel/enospc/test.c.werror ecryptfs-utils-100/tests/kernel/enospc/test.c
+--- ecryptfs-utils-100/tests/kernel/enospc/test.c.werror 2012-08-02 15:20:17.000000000 +0200
++++ ecryptfs-utils-100/tests/kernel/enospc/test.c 2012-08-20 15:46:19.848460910 +0200
+@@ -37,9 +37,6 @@
+ int test_exercise(char *filename, ssize_t size)
+ {
+ int fd;
+- ssize_t i;
+- ssize_t n;
+- struct stat statbuf;
+ ssize_t nbytes = size;
+ int ret = TEST_FAILED;
+
+diff -up ecryptfs-utils-100/tests/kernel/extend-file-random/test.c.werror ecryptfs-utils-100/tests/kernel/extend-file-random/test.c
+--- ecryptfs-utils-100/tests/kernel/extend-file-random/test.c.werror 2012-05-18 21:06:17.000000000 +0200
++++ ecryptfs-utils-100/tests/kernel/extend-file-random/test.c 2012-08-20 15:46:19.848460910 +0200
@@ -48,7 +48,7 @@ int test_write(int fd, char *buffer, siz
}
@@ -337,9 +399,9 @@ diff -up ecryptfs-utils-99/tests/kernel/extend-file-random/test.c.werror ecryptf
len, offset, strerror(errno));
return TEST_FAILED;
}
-diff -up ecryptfs-utils-99/tests/kernel/file-concurrent/test.c.werror ecryptfs-utils-99/tests/kernel/file-concurrent/test.c
---- ecryptfs-utils-99/tests/kernel/file-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/tests/kernel/file-concurrent/test.c 2012-07-23 18:59:05.241406469 +0200
+diff -up ecryptfs-utils-100/tests/kernel/file-concurrent/test.c.werror ecryptfs-utils-100/tests/kernel/file-concurrent/test.c
+--- ecryptfs-utils-100/tests/kernel/file-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
++++ ecryptfs-utils-100/tests/kernel/file-concurrent/test.c 2012-08-20 15:46:19.849460918 +0200
@@ -177,7 +177,7 @@ int hang_check(int option, const char *f
int test_files(const char *path, const int max_files)
@@ -349,9 +411,9 @@ diff -up ecryptfs-utils-99/tests/kernel/file-concurrent/test.c.werror ecryptfs-u
char *filename;
size_t len = strlen(path) + 32;
int ret = TEST_PASSED;
-diff -up ecryptfs-utils-99/tests/kernel/inode-race-stat/test.c.werror ecryptfs-utils-99/tests/kernel/inode-race-stat/test.c
---- ecryptfs-utils-99/tests/kernel/inode-race-stat/test.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/tests/kernel/inode-race-stat/test.c 2012-07-23 18:59:05.241406469 +0200
+diff -up ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c.werror ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c
+--- ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c.werror 2012-08-02 15:20:17.000000000 +0200
++++ ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c 2012-08-20 15:46:19.849460918 +0200
@@ -106,7 +106,6 @@ static void do_test(const int fdin, cons
{
for (;;) {
@@ -369,7 +431,7 @@ diff -up ecryptfs-utils-99/tests/kernel/inode-race-stat/test.c.werror ecryptfs-u
ret = check_size(filename, sz);
switch (ret) {
-@@ -290,7 +289,7 @@ int main(int argc, char **argv)
+@@ -307,7 +306,7 @@ int main(int argc, char **argv)
}
/* Now tell children to stat the file */
@@ -378,7 +440,7 @@ diff -up ecryptfs-utils-99/tests/kernel/inode-race-stat/test.c.werror ecryptfs-u
for (i = 0; i < threads; i++) {
if (write(pipe_to[i][1], cmd, strlen(cmd)+1) < 0) {
fprintf(stderr, "write to pipe failed: %s\n",
-@@ -347,6 +346,7 @@ abort:
+@@ -364,6 +363,7 @@ abort:
int ret;
ret = write(pipe_to[i][1], cmd, 1);
@@ -386,9 +448,9 @@ diff -up ecryptfs-utils-99/tests/kernel/inode-race-stat/test.c.werror ecryptfs-u
(void)waitpid(pids[i], &status, 0);
(void)close(pipe_to[i][1]);
-diff -up ecryptfs-utils-99/tests/kernel/lp-509180/test.c.werror ecryptfs-utils-99/tests/kernel/lp-509180/test.c
---- ecryptfs-utils-99/tests/kernel/lp-509180/test.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/tests/kernel/lp-509180/test.c 2012-07-23 18:59:05.242406474 +0200
+diff -up ecryptfs-utils-100/tests/kernel/lp-509180/test.c.werror ecryptfs-utils-100/tests/kernel/lp-509180/test.c
+--- ecryptfs-utils-100/tests/kernel/lp-509180/test.c.werror 2012-05-18 21:06:17.000000000 +0200
++++ ecryptfs-utils-100/tests/kernel/lp-509180/test.c 2012-08-20 15:46:19.850460926 +0200
@@ -48,7 +48,6 @@ int main(int argc, char **argv)
int fd;
int opt, flags = 0;
@@ -397,9 +459,9 @@ diff -up ecryptfs-utils-99/tests/kernel/lp-509180/test.c.werror ecryptfs-utils-9
char *file;
unsigned char buffer[1];
-diff -up ecryptfs-utils-99/tests/kernel/trunc-file/test.c.werror ecryptfs-utils-99/tests/kernel/trunc-file/test.c
---- ecryptfs-utils-99/tests/kernel/trunc-file/test.c.werror 2012-05-18 21:06:17.000000000 +0200
-+++ ecryptfs-utils-99/tests/kernel/trunc-file/test.c 2012-07-23 18:59:05.242406474 +0200
+diff -up ecryptfs-utils-100/tests/kernel/trunc-file/test.c.werror ecryptfs-utils-100/tests/kernel/trunc-file/test.c
+--- ecryptfs-utils-100/tests/kernel/trunc-file/test.c.werror 2012-05-18 21:06:17.000000000 +0200
++++ ecryptfs-utils-100/tests/kernel/trunc-file/test.c 2012-08-20 15:46:19.850460926 +0200
@@ -39,7 +39,7 @@
int write_buff(int fd, unsigned char *data, ssize_t size)
@@ -454,16 +516,3 @@ diff -up ecryptfs-utils-99/tests/kernel/trunc-file/test.c.werror ecryptfs-utils-
exit(TEST_ERROR);
}
-diff -up ecryptfs-utils-100/tests/kernel/enospc/test.c.newfix ecryptfs-utils-100/tests/kernel/enospc/test.c
---- ecryptfs-utils-100/tests/kernel/enospc/test.c.newfix 2012-08-03 11:08:28.121411674 +0200
-+++ ecryptfs-utils-100/tests/kernel/enospc/test.c 2012-08-03 11:08:28.139411811 +0200
-@@ -37,9 +37,6 @@
- int test_exercise(char *filename, ssize_t size)
- {
- int fd;
-- ssize_t i;
-- ssize_t n;
-- struct stat statbuf;
- ssize_t nbytes = size;
- int ret = TEST_FAILED;
-
diff --git a/ecryptfs-utils-87-pamdata.patch b/ecryptfs-utils-87-pamdata.patch
index 8a46a85..bc8319d 100644
--- a/ecryptfs-utils-87-pamdata.patch
+++ b/ecryptfs-utils-87-pamdata.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata 2012-07-23 20:16:39.161357208 +0200
-+++ ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c 2012-07-23 20:16:49.952442084 +0200
+diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.pamdata 2012-09-27 15:00:56.127148058 +0200
++++ ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c 2012-09-27 15:03:45.105625179 +0200
@@ -47,6 +47,26 @@
#define PRIVATE_DIR "Private"
@@ -37,7 +37,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
{
char *unwrapped_pw_filename = NULL;
struct stat s;
-@@ -98,51 +118,37 @@ static int wrap_passphrase_if_necessary(
+@@ -96,138 +116,66 @@ static int wrap_passphrase_if_necessary(
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
@@ -54,10 +54,10 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
char *private_mnt = NULL;
- pid_t child_pid, tmp_pid;
long rc;
-+ struct ecryptfs_pam_data *epd = {0,};
++ struct ecryptfs_pam_data *epd;
- rc = pam_get_user(pamh, &username, NULL);
-+ if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) {
++ if ((epd = calloc(1, sizeof(struct ecryptfs_pam_data))) == NULL) {
+ syslog(LOG_ERR,"Memory allocation failed");
+ rc = -ENOMEM;
+ goto out;
@@ -68,19 +68,22 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
struct passwd *pwd;
- pwd = getpwnam(username);
++ errno = 0;
+ pwd = getpwnam(epd->username);
if (pwd) {
- uid = pwd->pw_uid;
- gid = pwd->pw_gid;
- homedir = pwd->pw_dir;
+- }
+- } else {
+- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
+- goto out;
+ epd->uid = pwd->pw_uid;
+ epd->gid = pwd->pw_gid;
+ epd->homedir = pwd->pw_dir;
- }
- } else {
-- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
-- goto out;
-- }
++ rc = 0;
++ } else rc = errno;
+ }
-
- if ((oeuid = geteuid()) < 0 || (oegid = getegid()) < 0 ||
- (ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) {
@@ -90,6 +93,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
-
- if (setegid(gid) < 0 || setgroups(1, &gid) < 0 || seteuid(uid) < 0) {
- syslog(LOG_ERR, "pam_ecryptfs: seteuid error");
++ if (!epd->homedir) {
+ syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user; rc = [%ld]\n", rc);
goto out;
}
@@ -105,9 +109,6 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
/* If private/home is already mounted, then we can skip
costly loading of keys */
goto out;
-@@ -152,89 +158,28 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
- costly loading of keys */
- goto out;
}
- if(file_exists_dotecryptfs(homedir, "wrapping-independent") == 1)
- rc = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &passphrase, "Encryption passphrase: ");
@@ -196,17 +197,17 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
- if (tmp_pid == -1)
- syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n");
-out:
-
+-
- seteuid(oeuid);
- setegid(oegid);
- setgroups(ngids, groups);
--
+
-outnouid:
+out:
if (private_mnt != NULL)
free(private_mnt);
return PAM_SUCCESS;
-@@ -381,10 +326,115 @@ static int umount_private_dir(pam_handle
+@@ -372,10 +320,119 @@ static int umount_private_dir(pam_handle
return private_dir(pamh, 0);
}
@@ -247,7 +248,11 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
+
+ if ((child_pid = fork()) == 0) {
+ /* temp regain uid 0 to drop privs */
-+ seteuid(oeuid);
++ if (seteuid(oeuid) < 0)
++ {
++ syslog(LOG_ERR, "pam_ecryptfs: seteuid error");
++ goto out_child;
++ }
+ /* setgroups() already called */
+ if (setgid(epd->gid) < 0 || setuid(epd->uid) < 0)
+ goto out_child;
@@ -304,9 +309,9 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
+ syslog(LOG_WARNING,
+ "waitpid() returned with error condition\n");
+out:
-+ seteuid(oeuid);
-+ setegid(oegid);
-+ setgroups(ngids, groups);
++ rc = seteuid(oeuid);
++ rc = setegid(oegid);
++ rc = setgroups(ngids, groups);
+
+outnouid:
+
diff --git a/ecryptfs-utils-87-syslog.patch b/ecryptfs-utils-87-syslog.patch
index 91438c6..5024953 100644
--- a/ecryptfs-utils-87-syslog.patch
+++ b/ecryptfs-utils-87-syslog.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-99/src/include/ecryptfs.h.syslog ecryptfs-utils-99/src/include/ecryptfs.h
---- ecryptfs-utils-99/src/include/ecryptfs.h.syslog 2012-07-24 13:22:22.225044430 +0200
-+++ ecryptfs-utils-99/src/include/ecryptfs.h 2012-07-24 13:22:22.228044457 +0200
+diff -up ecryptfs-utils-100/src/include/ecryptfs.h.syslog ecryptfs-utils-100/src/include/ecryptfs.h
+--- ecryptfs-utils-100/src/include/ecryptfs.h.syslog 2012-09-27 15:04:15.639901578 +0200
++++ ecryptfs-utils-100/src/include/ecryptfs.h 2012-09-27 15:04:15.659901767 +0200
@@ -143,7 +143,7 @@
#define ECRYPTFS_TAG_67_PACKET 0x43
@@ -10,9 +10,9 @@ diff -up ecryptfs-utils-99/src/include/ecryptfs.h.syslog ecryptfs-utils-99/src/i
#define ECRYPTFS_MAX_NUM_CIPHERS 64
#define ECRYPTFS_ECHO_ON 1
-diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog 2012-07-24 13:22:22.222044403 +0200
-+++ ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c 2012-07-24 13:23:02.726405147 +0200
+diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.syslog 2012-09-27 15:04:15.626901456 +0200
++++ ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c 2012-09-27 15:04:59.003302383 +0200
@@ -94,7 +94,7 @@ static int wrap_passphrase_if_necessary(
rc = asprintf(&unwrapped_pw_filename, "/dev/shm/.ecryptfs-%s", username);
@@ -22,28 +22,28 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
return -ENOMEM;
}
/* If /dev/shm/.ecryptfs-$USER exists and owned by the user
-@@ -108,7 +108,7 @@ static int wrap_passphrase_if_necessary(
- setuid(uid);
- rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
- if (rc != 0) {
+@@ -106,7 +106,7 @@ static int wrap_passphrase_if_necessary(
+ passphrase != NULL && *passphrase != '\0' &&
+ username != NULL && *username != '\0') {
+ if ((rc = setuid(uid))<0 || ((rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename)) != 0)) {
- syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
+ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
}
return rc;
}
-@@ -125,7 +125,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
- struct ecryptfs_pam_data *epd = {0,};
+@@ -122,7 +122,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ struct ecryptfs_pam_data *epd;
- if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) {
+ if ((epd = calloc(1, sizeof(struct ecryptfs_pam_data))) == NULL) {
- syslog(LOG_ERR,"Memory allocation failed");
+ ecryptfs_syslog(LOG_ERR,"Memory allocation failed");
rc = -ENOMEM;
goto out;
}
@@ -141,7 +141,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
- epd->homedir = pwd->pw_dir;
- }
- } else {
+ } else rc = errno;
+ }
+ if (!epd->homedir) {
- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user; rc = [%ld]\n", rc);
+ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user; rc = [%ld]\n", rc);
goto out;
@@ -58,7 +58,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
/* If private/home is already mounted, then we can skip
costly loading of keys */
goto out;
-@@ -164,7 +164,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -160,7 +160,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&epd->passphrase);
epd->passphrase = strdup(epd->passphrase);
if (rc != PAM_SUCCESS) {
@@ -67,7 +67,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
rc);
goto out;
}
-@@ -175,7 +175,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -171,7 +171,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
from_hex(epd->salt, salt_hex, ECRYPTFS_SALT_SIZE);
epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0));
if ((rc=pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata)) != PAM_SUCCESS) {
@@ -76,7 +76,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
goto out;
}
-@@ -199,12 +199,12 @@ static struct passwd *fetch_pwd(pam_hand
+@@ -195,12 +195,12 @@ static struct passwd *fetch_pwd(pam_hand
rc = pam_get_user(pamh, &username, NULL);
if (rc != PAM_SUCCESS || username == NULL) {
@@ -91,7 +91,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
return NULL;
}
return pwd;
-@@ -235,13 +235,13 @@ static int private_dir(pam_handle_t *pam
+@@ -231,13 +231,13 @@ static int private_dir(pam_handle_t *pam
if (
(asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0)
|| autofile == NULL) {
@@ -107,7 +107,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
return 1;
}
if (stat(sigfile, &s) != 0) {
-@@ -253,7 +253,7 @@ static int private_dir(pam_handle_t *pam
+@@ -249,7 +249,7 @@ static int private_dir(pam_handle_t *pam
goto out;
}
if ((pid = fork()) < 0) {
@@ -116,7 +116,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
return 1;
}
if (pid == 0) {
-@@ -261,7 +261,7 @@ static int private_dir(pam_handle_t *pam
+@@ -257,7 +257,7 @@ static int private_dir(pam_handle_t *pam
if ((asprintf(&recorded,
"%s/.ecryptfs/.wrapped-passphrase.recorded",
pwd->pw_dir) < 0) || recorded == NULL) {
@@ -125,7 +125,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
_exit(255);
}
if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
-@@ -273,12 +273,12 @@ static int private_dir(pam_handle_t *pam
+@@ -269,12 +269,12 @@ static int private_dir(pam_handle_t *pam
}
if (stat(autofile, &s) != 0) {
/* User does not want to auto-mount */
@@ -140,7 +140,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
_exit(255);
}
/* run mount.ecryptfs_private as the user */
-@@ -286,16 +286,16 @@ static int private_dir(pam_handle_t *pam
+@@ -282,16 +282,16 @@ static int private_dir(pam_handle_t *pam
_exit(255);
execl("/sbin/mount.ecryptfs_private",
"mount.ecryptfs_private", NULL);
@@ -160,7 +160,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
_exit(255);
}
/* run umount.ecryptfs_private as the user */
-@@ -303,7 +303,7 @@ static int private_dir(pam_handle_t *pam
+@@ -299,7 +299,7 @@ static int private_dir(pam_handle_t *pam
_exit(255);
execl("/sbin/umount.ecryptfs_private",
"umount.ecryptfs_private", NULL);
@@ -169,7 +169,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
_exit(255);
}
_exit(255);
-@@ -338,24 +338,24 @@ static int fill_keyring(pam_handle_t *pa
+@@ -334,24 +334,24 @@ static int fill_keyring(pam_handle_t *pa
if ((rc=pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd)) != PAM_SUCCESS)
{
@@ -245,7 +245,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
+ ecryptfs_syslog(LOG_WARNING,
"waitpid() returned with error condition\n");
out:
- seteuid(oeuid);
+ rc = seteuid(oeuid);
@@ -473,33 +473,33 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
homedir = pwd->pw_dir;
}
@@ -317,7 +317,7 @@ diff -up ecryptfs-utils-99/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
rc = PAM_AUTHTOK_RECOVER_ERR;
goto out;
}
-@@ -546,20 +546,20 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+@@ -549,20 +549,20 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
if ((rc = ecryptfs_unwrap_passphrase(passphrase,
wrapped_pw_filename,
old_passphrase, salt))) {
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index 71550d0..f6ff55b 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -5,7 +5,7 @@
Name: ecryptfs-utils
Version: 100
-Release: 1%{?dist}
+Release: 3%{?dist}
Summary: The eCryptfs mount helper and support libraries
Group: System Environment/Base
License: GPLv2+
@@ -262,6 +262,12 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/ecryptfs-utils/_libecryptfs.so
%changelog
+* Thu Sep 27 2012 Michal Hlavinka <mhlavink at redhat.com> - 100-3
+- do not crash in pam module when non-existent user name is used (#859766)
+
+* Mon Aug 20 2012 Michal Hlavinka <mhlavink at redhat.com> - 100-2
+- fix Werror messages in new build environment
+
* Fri Aug 03 2012 Michal Hlavinka <mhlavink at redhat.com> - 100-1
- ecryptfs-utils updated to 100
More information about the scm-commits
mailing list