[ecryptfs-utils] updated to v. 93
Michal Hlavinka
mhlavink at fedoraproject.org
Mon Oct 31 13:29:28 UTC 2011
commit 7731a01ed191639a0e7d52795c39e696699d6854
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Mon Oct 31 14:29:23 2011 +0100
updated to v. 93
.gitignore | 1 +
ecryptfs-utils-75-werror.patch | 67 ++++++------
ecryptfs-utils-87-autoload.patch | 22 ++--
ecryptfs-utils-87-fixpamfork.patch | 27 ++---
ecryptfs-utils-87-nozombies.patch | 28 ++---
ecryptfs-utils-87-pamdata.patch | 58 ++++------
ecryptfs-utils-87-syslog.patch | 216 +++++++++++++++++++++++------------
ecryptfs-utils.spec | 13 +-
sources | 2 +-
9 files changed, 243 insertions(+), 191 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e927580..864694a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ ecryptfs-mount-private.png
/ecryptfs-utils_86.orig.tar.gz
/ecryptfs-utils_87.orig.tar.gz
/ecryptfs-utils_90.orig.tar.gz
+/ecryptfs-utils_93.orig.tar.gz
diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch
index fddf477..fa58946 100644
--- a/ecryptfs-utils-75-werror.patch
+++ b/ecryptfs-utils-75-werror.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
---- ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2011-08-11 10:26:55.453235671 +0200
-+++ ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-08-11 10:26:55.471235788 +0200
+diff -up ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
+--- ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2011-10-31 14:18:18.136758412 +0100
++++ ecryptfs-utils-93/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-10-31 14:18:18.156758569 +0100
@@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize(
pkcs11h_data->serialized_id = NULL;
}
@@ -150,9 +150,9 @@ diff -up ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror e
subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
-diff -up ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c
---- ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror 2010-12-17 18:34:04.000000000 +0100
-+++ ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c 2011-08-11 10:26:55.472235795 +0200
+diff -up ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c
+--- ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c.werror 2011-10-27 17:53:07.000000000 +0200
++++ ecryptfs-utils-93/src/libecryptfs/ecryptfs-stat.c 2011-10-31 14:18:18.157758576 +0100
@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
@@ -162,9 +162,9 @@ diff -up ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils
"bytes; there are only [%zu] bytes\n", __FUNCTION__,
(ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
-diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror 2011-02-06 03:44:30.000000000 +0100
-+++ ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-11 10:26:55.472235795 +0200
+diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.werror 2011-10-27 17:53:07.000000000 +0200
++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 14:18:29.644847653 +0100
@@ -39,35 +39,11 @@
#include <sys/stat.h>
#include <fcntl.h>
@@ -176,25 +176,25 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
-static void error(const char *msg)
-{
-- syslog(LOG_ERR, "errno = [%i]; strerror = [%m]\n", errno);
+- syslog(LOG_ERR, "pam_ecryptfs: errno = [%i]; strerror = [%m]\n", errno);
- switch (errno) {
- case ENOKEY:
-- syslog(LOG_ERR, "%s: Requested key not available\n", msg);
+- syslog(LOG_ERR, "pam_ecryptfs: %s: Requested key not available\n", msg);
- return;
-
- case EKEYEXPIRED:
-- syslog(LOG_ERR, "%s: Key has expired\n", msg);
+- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has expired\n", msg);
- return;
-
- case EKEYREVOKED:
-- syslog(LOG_ERR, "%s: Key has been revoked\n", msg);
+- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has been revoked\n", msg);
- return;
-
- case EKEYREJECTED:
-- syslog(LOG_ERR, "%s: Key was rejected by service\n", msg);
+- syslog(LOG_ERR, "pam_ecryptfs: %s: Key was rejected by service\n", msg);
- return;
- default:
-- syslog(LOG_ERR, "%s: Unknown key error\n", msg);
+- syslog(LOG_ERR, "pam_ecryptfs: %s: Unknown key error\n", msg);
- return;
- }
-}
@@ -211,7 +211,7 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
{
char *unwrapped_pw_filename = NULL;
struct stat s;
-@@ -201,8 +177,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -195,8 +171,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
if ((argc == 1)
&& (memcmp(argv[0], "unwrap\0", 7) == 0)) {
char *wrapped_pw_filename;
@@ -220,7 +220,7 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
rc = asprintf(
&wrapped_pw_filename, "%s/.ecryptfs/%s",
-@@ -294,8 +268,6 @@ static int private_dir(pam_handle_t *pam
+@@ -282,8 +256,6 @@ static int private_dir(pam_handle_t *pam
char *autoumount = "auto-umount";
struct stat s;
pid_t pid;
@@ -229,7 +229,7 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
if ((pwd = fetch_pwd(pamh)) == NULL) {
/* fetch_pwd() logged a message */
-@@ -342,7 +314,7 @@ static int private_dir(pam_handle_t *pam
+@@ -329,7 +301,7 @@ static int private_dir(pam_handle_t *pam
if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
/* User has not recorded their passphrase */
unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
@@ -238,32 +238,29 @@ diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
close(fd);
}
-@@ -413,7 +385,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+@@ -398,7 +370,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
char *old_passphrase = NULL;
char *new_passphrase = NULL;
char *wrapped_pw_filename;
- char *name = NULL;
-+// char *name = NULL;
char salt[ECRYPTFS_SALT_SIZE];
char salt_hex[ECRYPTFS_SALT_SIZE_HEX];
pid_t child_pid, tmp_pid;
-@@ -427,11 +399,11 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+@@ -412,10 +383,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
if (pwd) {
uid = pwd->pw_uid;
homedir = pwd->pw_dir;
- name = pwd->pw_name;
-+// name = pwd->pw_name;
}
} else {
- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
-- "rc = [%ld]\n", username, rc);
-+ "rc = [%d]\n", username, rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
++ syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc);
goto out;
}
saved_uid = geteuid();
-diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs.c
---- ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror 2011-08-11 10:26:55.468235767 +0200
-+++ ecryptfs-utils-90/src/utils/mount.ecryptfs.c 2011-08-11 10:26:55.473235801 +0200
+diff -up ecryptfs-utils-93/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-93/src/utils/mount.ecryptfs.c
+--- ecryptfs-utils-93/src/utils/mount.ecryptfs.c.werror 2011-10-31 14:18:18.153758546 +0100
++++ ecryptfs-utils-93/src/utils/mount.ecryptfs.c 2011-10-31 14:18:18.158758583 +0100
@@ -461,7 +461,7 @@ static int ecryptfs_do_mount(int argc, c
{
int rc;
@@ -282,9 +279,9 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-90/s
if (!(temp = strdup("ecryptfs_unlink_sigs"))) {
rc = -ENOMEM;
goto out;
-diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c
---- ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror 2011-08-11 10:26:55.461235723 +0200
-+++ ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c 2011-08-11 10:27:23.264417014 +0200
+diff -up ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c
+--- ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.werror 2011-10-31 14:18:18.146758491 +0100
++++ ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c 2011-10-31 14:18:18.158758583 +0100
@@ -95,7 +95,6 @@ int read_config(char *pw_dir, int uid, c
*s = strdup(e->mnt_fsname);
if (!*s)
@@ -293,7 +290,7 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-ut
return 0;
}
-@@ -300,7 +299,7 @@ int update_mtab(char *dev, char *mnt, ch
+@@ -302,7 +301,7 @@ int update_mtab(char *dev, char *mnt, ch
goto fail_early;
}
@@ -302,9 +299,9 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-ut
if (addmntent(new_mtab, old_ent) != 0) {
perror("addmntent");
goto fail;
-diff -up ecryptfs-utils-90/src/utils/test.c.werror ecryptfs-utils-90/src/utils/test.c
---- ecryptfs-utils-90/src/utils/test.c.werror 2010-12-17 18:34:04.000000000 +0100
-+++ ecryptfs-utils-90/src/utils/test.c 2011-08-11 10:26:55.474235807 +0200
+diff -up ecryptfs-utils-93/src/utils/test.c.werror ecryptfs-utils-93/src/utils/test.c
+--- ecryptfs-utils-93/src/utils/test.c.werror 2011-10-27 17:53:07.000000000 +0200
++++ ecryptfs-utils-93/src/utils/test.c 2011-10-31 14:18:18.159758591 +0100
@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache
struct inode *lower_inode;
struct ecryptfs_crypt_stat *crypt_stat;
diff --git a/ecryptfs-utils-87-autoload.patch b/ecryptfs-utils-87-autoload.patch
index 344c9be..6d491f9 100644
--- a/ecryptfs-utils-87-autoload.patch
+++ b/ecryptfs-utils-87-autoload.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-90/src/utils/ecryptfs-mount-private.autoload ecryptfs-utils-90/src/utils/ecryptfs-mount-private
---- ecryptfs-utils-90/src/utils/ecryptfs-mount-private.autoload 2011-08-31 12:06:39.561319897 +0200
-+++ ecryptfs-utils-90/src/utils/ecryptfs-mount-private 2011-08-31 12:06:39.589319941 +0200
+diff -up ecryptfs-utils-93/src/utils/ecryptfs-mount-private.autoload ecryptfs-utils-93/src/utils/ecryptfs-mount-private
+--- ecryptfs-utils-93/src/utils/ecryptfs-mount-private.autoload 2011-10-27 17:53:07.000000000 +0200
++++ ecryptfs-utils-93/src/utils/ecryptfs-mount-private 2011-10-31 12:40:46.066315002 +0100
@@ -33,6 +33,9 @@ if /sbin/mount.ecryptfs_private >/dev/nu
exit 0
fi
@@ -11,9 +11,9 @@ diff -up ecryptfs-utils-90/src/utils/ecryptfs-mount-private.autoload ecryptfs-ut
# Otherwise, interactively prompt for the user's password
if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f "$MOUNT_PASSPHRASE_SIG_FILE" ]; then
tries=0
-diff -up ecryptfs-utils-90/src/utils/ecryptfs-setup-private.autoload ecryptfs-utils-90/src/utils/ecryptfs-setup-private
---- ecryptfs-utils-90/src/utils/ecryptfs-setup-private.autoload 2011-08-10 15:35:11.000000000 +0200
-+++ ecryptfs-utils-90/src/utils/ecryptfs-setup-private 2011-08-31 12:04:57.344158953 +0200
+diff -up ecryptfs-utils-93/src/utils/ecryptfs-setup-private.autoload ecryptfs-utils-93/src/utils/ecryptfs-setup-private
+--- ecryptfs-utils-93/src/utils/ecryptfs-setup-private.autoload 2011-10-27 17:53:07.000000000 +0200
++++ ecryptfs-utils-93/src/utils/ecryptfs-setup-private 2011-10-31 12:40:46.066315002 +0100
@@ -101,6 +101,7 @@ random_passphrase () {
}
@@ -22,10 +22,10 @@ diff -up ecryptfs-utils-90/src/utils/ecryptfs-setup-private.autoload ecryptfs-ut
version=$(cat /sys/fs/ecryptfs/version 2>/dev/null)
[ -z "$version" ] && error "$(gettext 'Cannot get ecryptfs version, ecryptfs kernel module not loaded?')"
[ $(($version & 0x100)) -eq 0 ] && return 1
-diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.autoload ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c
---- ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.autoload 2011-08-31 12:00:46.109786923 +0200
-+++ ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c 2011-08-31 12:00:46.116786934 +0200
-@@ -484,6 +484,13 @@ int main(int argc, char *argv[]) {
+diff -up ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.autoload ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c
+--- ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c.autoload 2011-10-31 12:40:46.000000000 +0100
++++ ecryptfs-utils-93/src/utils/mount.ecryptfs_private.c 2011-10-31 13:40:14.990679286 +0100
+@@ -489,6 +489,13 @@ int main(int argc, char *argv[]) {
char *sig, *sig_fnek;
FILE *fh_counter = NULL;
@@ -37,5 +37,5 @@ diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.autoload ecryptfs-
+ }
+
uid = getuid();
+ gid = getgid();
/* Non-privileged effective uid is sufficient for all but the code
- * that mounts, unmounts, and updates /etc/mtab.
diff --git a/ecryptfs-utils-87-fixpamfork.patch b/ecryptfs-utils-87-fixpamfork.patch
index fe1d85d..3c9749c 100644
--- a/ecryptfs-utils-87-fixpamfork.patch
+++ b/ecryptfs-utils-87-fixpamfork.patch
@@ -1,7 +1,7 @@
-diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid 2011-07-21 13:35:47.968581526 +0200
-+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-21 13:37:08.411188936 +0200
-@@ -217,7 +217,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.fixpamfork ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.fixpamfork 2011-10-31 13:44:28.643925611 +0100
++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:46:48.627152400 +0100
+@@ -207,7 +207,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
}
out_child:
free(auth_tok_sig);
@@ -10,19 +10,19 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils
}
tmp_pid = waitpid(child_pid, NULL, 0);
if (tmp_pid == -1)
-@@ -309,7 +309,7 @@ static int private_dir(pam_handle_t *pam
+@@ -295,7 +295,7 @@ static int private_dir(pam_handle_t *pam
+ "%s/.ecryptfs/.wrapped-passphrase.recorded",
pwd->pw_dir) < 0) || recorded == NULL) {
- syslog(LOG_ERR,
- "Error allocating memory for recorded name");
+ syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for recorded name");
- return 1;
+ _exit(255);
}
if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
/* User has not recorded their passphrase */
-@@ -322,25 +322,27 @@ static int private_dir(pam_handle_t *pam
+@@ -307,24 +307,26 @@ static int private_dir(pam_handle_t *pam
+ if (stat(autofile, &s) != 0) {
/* User does not want to auto-mount */
- syslog(LOG_INFO,
- "Skipping automatic eCryptfs mount");
+ syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount");
- return 0;
+ _exit(0);
}
@@ -34,8 +34,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils
} else {
if (stat(autofile, &s) != 0) {
/* User does not want to auto-unmount */
- syslog(LOG_INFO,
- "Skipping automatic eCryptfs unmount");
+ syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount");
- return 0;
+ _exit(0);
}
@@ -50,7 +49,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils
} else {
waitpid(pid, &rc, 0);
goto out;
-@@ -482,7 +484,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+@@ -455,7 +457,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
goto out_child;
}
out_child:
@@ -58,4 +57,4 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixgid ecryptfs-utils
+ _exit(0);
}
if ((tmp_pid = waitpid(child_pid, NULL, 0)) == -1)
- syslog(LOG_WARNING,
+ syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n");
diff --git a/ecryptfs-utils-87-nozombies.patch b/ecryptfs-utils-87-nozombies.patch
index 32b0147..94f1c6c 100644
--- a/ecryptfs-utils-87-nozombies.patch
+++ b/ecryptfs-utils-87-nozombies.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-87/src/include/ecryptfs.h.nozombies ecryptfs-utils-87/src/include/ecryptfs.h
---- ecryptfs-utils-87/src/include/ecryptfs.h.nozombies 2011-03-09 14:30:32.000000000 +0100
-+++ ecryptfs-utils-87/src/include/ecryptfs.h 2011-07-21 14:17:33.539120662 +0200
+diff -up ecryptfs-utils-93/src/include/ecryptfs.h.nozombies ecryptfs-utils-93/src/include/ecryptfs.h
+--- ecryptfs-utils-93/src/include/ecryptfs.h.nozombies 2011-10-27 17:53:07.000000000 +0200
++++ ecryptfs-utils-93/src/include/ecryptfs.h 2011-10-31 13:47:05.151296631 +0100
@@ -588,10 +588,6 @@ int ecryptfs_validate_keyring(void);
#define ECRYPTFS_SHM_KEY 0x3c81b7f5
#define ECRYPTFS_SEM_KEY 0x3c81b7f6
@@ -12,10 +12,10 @@ diff -up ecryptfs-utils-87/src/include/ecryptfs.h.nozombies ecryptfs-utils-87/sr
int ecryptfs_build_linear_subgraph_from_nvp(struct transition_node **trans_node,
struct ecryptfs_key_mod *key_mod);
int ecryptfs_build_linear_subgraph(struct transition_node **trans_node,
-diff -up ecryptfs-utils-87/src/libecryptfs/main.c.nozombies ecryptfs-utils-87/src/libecryptfs/main.c
---- ecryptfs-utils-87/src/libecryptfs/main.c.nozombies 2011-03-09 14:30:32.000000000 +0100
-+++ ecryptfs-utils-87/src/libecryptfs/main.c 2011-07-21 14:19:02.384364121 +0200
-@@ -480,487 +480,6 @@ out:
+diff -up ecryptfs-utils-93/src/libecryptfs/main.c.nozombies ecryptfs-utils-93/src/libecryptfs/main.c
+--- ecryptfs-utils-93/src/libecryptfs/main.c.nozombies 2011-10-31 13:47:05.098296169 +0100
++++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-10-31 13:47:05.151296631 +0100
+@@ -484,487 +484,6 @@ out:
return rc;
}
@@ -503,18 +503,16 @@ diff -up ecryptfs-utils-87/src/libecryptfs/main.c.nozombies ecryptfs-utils-87/sr
static struct ecryptfs_ctx_ops ctx_ops;
struct ecryptfs_ctx_ops *cryptfs_get_ctx_opts (void)
-diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.nozombies ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.nozombies 2011-07-21 14:17:33.525120467 +0200
-+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-21 14:17:33.541120690 +0200
-@@ -208,13 +208,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
- "user session keyring; rc = [%ld]\n", rc);
+diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.nozombies ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.nozombies 2011-10-31 13:47:05.000000000 +0100
++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:47:30.931521410 +0100
+@@ -201,11 +201,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ syslog(LOG_ERR, "pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [%ld]\n", rc);
goto out_child;
}
- if (fork() == 0) {
- if ((rc = ecryptfs_set_zombie_session_placeholder())) {
-- syslog(LOG_ERR, "Error attempting to create "
-- "and register zombie process; "
-- "rc = [%ld]\n", rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error attempting to create and register zombie process; rc = [%ld]\n", rc);
- }
- }
out_child:
diff --git a/ecryptfs-utils-87-pamdata.patch b/ecryptfs-utils-87-pamdata.patch
index 127499c..366d8b7 100644
--- a/ecryptfs-utils-87-pamdata.patch
+++ b/ecryptfs-utils-87-pamdata.patch
@@ -1,7 +1,7 @@
-diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata 2011-08-03 15:40:01.743949759 +0200
-+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-03 15:52:05.676388743 +0200
-@@ -45,6 +45,25 @@
+diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.pamdata 2011-10-31 13:47:57.282750862 +0100
++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:56:28.601144959 +0100
+@@ -44,6 +44,25 @@
#define PRIVATE_DIR "Private"
@@ -27,7 +27,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
/* returns: 0 if file does not exist, 1 if it exists, <0 for error */
static int file_exists_dotecryptfs(const char *homedir, char *filename)
{
-@@ -64,7 +83,7 @@ out:
+@@ -63,7 +82,7 @@ out:
return rc;
}
@@ -36,7 +36,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
{
char *unwrapped_pw_filename = NULL;
struct stat s;
-@@ -96,42 +115,43 @@ static int wrap_passphrase_if_necessary(
+@@ -95,37 +114,37 @@ static int wrap_passphrase_if_necessary(
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
@@ -55,9 +55,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
uint32_t version;
+ struct ecryptfs_pam_data *epd = {0,};
- syslog(LOG_INFO, "%s: Called\n", __FUNCTION__);
- rc = pam_get_user(pamh, &username, NULL);
-+
+ if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) {
+ syslog(LOG_ERR,"Memory allocation failed");
+ rc = -ENOMEM;
@@ -68,10 +66,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
if (rc == PAM_SUCCESS) {
struct passwd *pwd;
- syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__,
-- username);
- pwd = getpwnam(username);
-+ epd->username);
+ pwd = getpwnam(epd->username);
if (pwd) {
- uid = pwd->pw_uid;
@@ -80,9 +75,8 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
+ epd->homedir = pwd->pw_dir;
}
} else {
- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
-- "rc = [%ld]\n", username, rc);
-+ "rc = [%ld]\n", epd->username, rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
++ syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", epd->username, rc);
goto out;
}
- if (!file_exists_dotecryptfs(homedir, "auto-mount"))
@@ -91,15 +85,14 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
- private_mnt = ecryptfs_fetch_private_mnt(homedir);
+ private_mnt = ecryptfs_fetch_private_mnt(epd->homedir);
if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) {
- syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__,
-- homedir);
-+ epd->homedir);
+- syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, homedir);
++ syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, epd->homedir);
/* If private/home is already mounted, then we can skip
costly loading of keys */
goto out;
-@@ -141,82 +161,32 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -135,79 +154,29 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
if (ecryptfs_get_version(&version) != 0)
- syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
+ syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n");
saved_uid = geteuid();
- seteuid(uid);
- if(file_exists_dotecryptfs(homedir, "wrapping-independent") == 1)
@@ -113,17 +106,16 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
+ epd->passphrase = strdup(epd->passphrase);
seteuid(saved_uid);
if (rc != PAM_SUCCESS) {
- syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
+ syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n",
rc);
goto out;
}
- auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
- if (!auth_tok_sig) {
- rc = -ENOMEM;
-- syslog(LOG_ERR, "Out of memory\n");
+- syslog(LOG_ERR, "pam_ecryptfs: Out of memory\n");
- goto out;
- }
-+
rc = ecryptfs_read_salt_hex_from_rc(salt_hex);
if (rc) {
- from_hex(salt, ECRYPTFS_DEFAULT_SALT_HEX, ECRYPTFS_SALT_SIZE);
@@ -133,31 +125,29 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
- if ((child_pid = fork()) == 0) {
- setuid(uid);
- if (passphrase == NULL) {
-- syslog(LOG_ERR, "NULL passphrase; aborting\n");
+- syslog(LOG_ERR, "pam_ecryptfs: NULL passphrase; aborting\n");
- rc = -EINVAL;
- goto out_child;
- }
- if ((rc = ecryptfs_validate_keyring())) {
-- syslog(LOG_WARNING,
-- "Cannot validate keyring integrity\n");
+- syslog(LOG_WARNING, "pam_ecryptfs: Cannot validate keyring integrity\n");
- }
- rc = 0;
- if ((argc == 1)
- && (memcmp(argv[0], "unwrap\0", 7) == 0)) {
- char *wrapped_pw_filename;
-+ from_hex(epd->salt, salt_hex, ECRYPTFS_SALT_SIZE);
-
+-
- rc = asprintf(
- &wrapped_pw_filename, "%s/.ecryptfs/%s",
- homedir,
- ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME);
- if (rc == -1) {
-- syslog(LOG_ERR, "Unable to allocate memory\n");
+- syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n");
- rc = -ENOMEM;
- goto out_child;
- }
- if (wrap_passphrase_if_necessary(username, uid, wrapped_pw_filename, passphrase, salt) == 0) {
-- syslog(LOG_INFO, "Passphrase file wrapped");
+- syslog(LOG_DEBUG, "pam_ecryptfs: Passphrase file wrapped");
- } else {
- goto out_child;
- }
@@ -173,13 +163,13 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
- goto out_child;
- }
- if (rc) {
-- syslog(LOG_ERR, "Error adding passphrase key token to "
-- "user session keyring; rc = [%ld]\n", rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [%ld]\n", rc);
- goto out_child;
- }
-out_child:
- free(auth_tok_sig);
- _exit(0);
++ from_hex(epd->salt, salt_hex, ECRYPTFS_SALT_SIZE);
+ epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0));
+ if ((rc=pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata)) != PAM_SUCCESS) {
+
@@ -188,13 +178,11 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
}
- tmp_pid = waitpid(child_pid, NULL, 0);
- if (tmp_pid == -1)
-- syslog(LOG_WARNING,
-- "waitpid() returned with error condition\n");
-+
+- syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n");
out:
if (private_mnt != NULL)
free(private_mnt);
-@@ -361,10 +331,88 @@ static int umount_private_dir(pam_handle
+@@ -347,10 +316,88 @@ static int umount_private_dir(pam_handle
return private_dir(pamh, 0);
}
diff --git a/ecryptfs-utils-87-syslog.patch b/ecryptfs-utils-87-syslog.patch
index b1d2382..d27fab8 100644
--- a/ecryptfs-utils-87-syslog.patch
+++ b/ecryptfs-utils-87-syslog.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-87/src/include/ecryptfs.h.syslog ecryptfs-utils-87/src/include/ecryptfs.h
---- ecryptfs-utils-87/src/include/ecryptfs.h.syslog 2011-08-09 14:38:08.941531270 +0200
-+++ ecryptfs-utils-87/src/include/ecryptfs.h 2011-08-09 14:38:08.951531067 +0200
+diff -up ecryptfs-utils-93/src/include/ecryptfs.h.syslog ecryptfs-utils-93/src/include/ecryptfs.h
+--- ecryptfs-utils-93/src/include/ecryptfs.h.syslog 2011-10-31 13:57:01.132420947 +0100
++++ ecryptfs-utils-93/src/include/ecryptfs.h 2011-10-31 13:57:01.135420971 +0100
@@ -143,7 +143,7 @@
#define ECRYPTFS_TAG_67_PACKET 0x43
@@ -10,86 +10,72 @@ diff -up ecryptfs-utils-87/src/include/ecryptfs.h.syslog ecryptfs-utils-87/src/i
#define ECRYPTFS_MAX_NUM_CIPHERS 64
#define ECRYPTFS_ECHO_ON 1
-diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog 2011-08-09 14:38:08.933531435 +0200
-+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-09 14:38:08.955530985 +0200
-@@ -91,7 +91,7 @@ static int wrap_passphrase_if_necessary(
+diff -up ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c.syslog 2011-10-31 13:57:01.129420920 +0100
++++ ecryptfs-utils-93/src/pam_ecryptfs/pam_ecryptfs.c 2011-10-31 13:59:35.090721614 +0100
+@@ -90,7 +90,7 @@ static int wrap_passphrase_if_necessary(
rc = asprintf(&unwrapped_pw_filename, "/dev/shm/.ecryptfs-%s", username);
if (rc == -1) {
-- syslog(LOG_ERR, "Unable to allocate memory\n");
-+ ecryptfs_syslog(LOG_ERR, "Unable to allocate memory\n");
+- syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n");
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n");
return -ENOMEM;
}
/* If /dev/shm/.ecryptfs-$USER exists and owned by the user
-@@ -105,7 +105,7 @@ static int wrap_passphrase_if_necessary(
+@@ -104,7 +104,7 @@ static int wrap_passphrase_if_necessary(
setuid(uid);
rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
if (rc != 0) {
-- syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
-+ ecryptfs_syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
}
return rc;
}
-@@ -122,10 +122,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
- uint32_t version;
+@@ -122,7 +122,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
struct ecryptfs_pam_data *epd = {0,};
-- syslog(LOG_INFO, "%s: Called\n", __FUNCTION__);
-+ ecryptfs_syslog(LOG_INFO, "pam auth stack calls pam_ecryptfs module");
-
if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) {
- syslog(LOG_ERR,"Memory allocation failed");
+ ecryptfs_syslog(LOG_ERR,"Memory allocation failed");
rc = -ENOMEM;
goto out;
}
-@@ -134,7 +134,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
- if (rc == PAM_SUCCESS) {
- struct passwd *pwd;
-
-- syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__,
-+ ecryptfs_syslog(LOG_INFO, "pam_ecryptfs: username = [%s]\n",
- epd->username);
- pwd = getpwnam(epd->username);
- if (pwd) {
-@@ -142,7 +142,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -137,14 +137,14 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
epd->homedir = pwd->pw_dir;
}
} else {
-- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
-+ ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
- "rc = [%ld]\n", epd->username, rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", epd->username, rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", epd->username, rc);
goto out;
}
-@@ -150,7 +150,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ if (!file_exists_dotecryptfs(epd->homedir, "auto-mount"))
goto out;
private_mnt = ecryptfs_fetch_private_mnt(epd->homedir);
if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) {
-- syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__,
-+ ecryptfs_syslog(LOG_INFO, "%s is already mounted",
- epd->homedir);
+- syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, epd->homedir);
++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: %s: %s is already mounted\n", __FUNCTION__, epd->homedir);
/* If private/home is already mounted, then we can skip
costly loading of keys */
-@@ -159,7 +159,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ goto out;
+@@ -152,7 +152,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
/* we need side effect of this check:
load ecryptfs module if not loaded already */
if (ecryptfs_get_version(&version) != 0)
-- syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
-+ ecryptfs_syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
+- syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n");
++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n");
saved_uid = geteuid();
seteuid(epd->uid);
if(file_exists_dotecryptfs(epd->homedir, "wrapping-independent") == 1)
-@@ -169,7 +169,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -162,7 +162,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
epd->passphrase = strdup(epd->passphrase);
seteuid(saved_uid);
if (rc != PAM_SUCCESS) {
-- syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
-+ ecryptfs_syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
+- syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n",
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n",
rc);
goto out;
}
-@@ -183,7 +183,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -174,7 +174,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0));
if ((rc=pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata)) != PAM_SUCCESS) {
@@ -97,45 +83,44 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
+ ecryptfs_syslog(LOG_ERR, "Unable to store ecryptfs pam data : %s", pam_strerror(pamh, rc));
goto out;
}
-
-@@ -207,13 +207,13 @@ static struct passwd *fetch_pwd(pam_hand
+ out:
+@@ -197,12 +197,12 @@ static struct passwd *fetch_pwd(pam_hand
rc = pam_get_user(pamh, &username, NULL);
if (rc != PAM_SUCCESS || username == NULL) {
-- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
-+ ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
- "rc = [%ld]\n", username, rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
return NULL;
}
pwd = getpwnam(username);
if (pwd == NULL) {
-- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
-+ ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
- "rc = [%ld]\n", username, rc);
+- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc);
return NULL;
}
-@@ -245,13 +245,13 @@ static int private_dir(pam_handle_t *pam
+ return pwd;
+@@ -233,13 +233,13 @@ static int private_dir(pam_handle_t *pam
if (
(asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0)
|| autofile == NULL) {
-- syslog(LOG_ERR, "Error allocating memory for autofile name");
-+ ecryptfs_syslog(LOG_ERR, "Error allocating memory for autofile name");
+- syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for autofile name");
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for autofile name");
return 1;
}
if (
(asprintf(&sigfile, "%s/.ecryptfs/%s.sig", pwd->pw_dir,
PRIVATE_DIR) < 0) || sigfile == NULL) {
-- syslog(LOG_ERR, "Error allocating memory for sigfile name");
-+ ecryptfs_syslog(LOG_ERR, "Error allocating memory for sigfile name");
+- syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for sigfile name");
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for sigfile name");
return 1;
}
if (stat(sigfile, &s) != 0) {
-@@ -263,13 +263,13 @@ static int private_dir(pam_handle_t *pam
+@@ -251,13 +251,13 @@ static int private_dir(pam_handle_t *pam
goto out;
}
if ((pid = fork()) < 0) {
-- syslog(LOG_ERR, "Error setting up private mount");
-+ ecryptfs_syslog(LOG_ERR, "Error setting up private mount");
+- syslog(LOG_ERR, "pam_ecryptfs: Error setting up private mount");
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error setting up private mount");
return 1;
}
if (pid == 0) {
@@ -146,25 +131,24 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
_exit(255);
}
-@@ -277,7 +277,7 @@ static int private_dir(pam_handle_t *pam
+@@ -265,7 +265,7 @@ static int private_dir(pam_handle_t *pam
if ((asprintf(&recorded,
"%s/.ecryptfs/.wrapped-passphrase.recorded",
pwd->pw_dir) < 0) || recorded == NULL) {
-- syslog(LOG_ERR,
-+ ecryptfs_syslog(LOG_ERR,
- "Error allocating memory for recorded name");
+- syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for recorded name");
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error allocating memory for recorded name");
_exit(255);
}
-@@ -290,7 +290,7 @@ static int private_dir(pam_handle_t *pam
+ if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
+@@ -277,25 +277,25 @@ static int private_dir(pam_handle_t *pam
}
if (stat(autofile, &s) != 0) {
/* User does not want to auto-mount */
-- syslog(LOG_INFO,
-+ ecryptfs_syslog(LOG_INFO,
- "Skipping automatic eCryptfs mount");
+- syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount");
++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount");
_exit(0);
}
-@@ -298,11 +298,11 @@ static int private_dir(pam_handle_t *pam
+ /* run mount.ecryptfs_private as the user */
setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
execl("/sbin/mount.ecryptfs_private",
"mount.ecryptfs_private", NULL);
@@ -173,12 +157,11 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
} else {
if (stat(autofile, &s) != 0) {
/* User does not want to auto-unmount */
-- syslog(LOG_INFO,
-+ ecryptfs_syslog(LOG_INFO,
- "Skipping automatic eCryptfs unmount");
+- syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount");
++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount");
_exit(0);
}
-@@ -310,7 +310,7 @@ static int private_dir(pam_handle_t *pam
+ /* run umount.ecryptfs_private as the user */
setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
execl("/sbin/umount.ecryptfs_private",
"umount.ecryptfs_private", NULL);
@@ -187,7 +170,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
}
_exit(255);
} else {
-@@ -339,25 +339,25 @@ static int fill_keyring(pam_handle_t *pa
+@@ -324,25 +324,25 @@ static int fill_keyring(pam_handle_t *pa
char *auth_tok_sig;
auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
if (!auth_tok_sig) {
@@ -217,7 +200,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
"Cannot validate keyring integrity\n");
}
rc = 0;
-@@ -369,12 +369,12 @@ static int fill_keyring(pam_handle_t *pa
+@@ -354,12 +354,12 @@ static int fill_keyring(pam_handle_t *pa
epd->homedir,
ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME);
if (rc == -1) {
@@ -232,7 +215,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
} else {
goto out_child;
}
-@@ -390,7 +390,7 @@ static int fill_keyring(pam_handle_t *pa
+@@ -375,7 +375,7 @@ static int fill_keyring(pam_handle_t *pa
goto out_child;
}
if (rc) {
@@ -241,7 +224,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
"user session keyring; rc = [%d]\n", rc);
goto out_child;
}
-@@ -400,7 +400,7 @@ out_child:
+@@ -385,7 +385,7 @@ out_child:
}
tmp_pid = waitpid(child_pid, NULL, 0);
if (tmp_pid == -1)
@@ -250,3 +233,88 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils
"waitpid() returned with error condition\n");
+@@ -435,7 +435,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ homedir = pwd->pw_dir;
+ }
+ } else {
+- syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc);
+ goto out;
+ }
+ saved_uid = geteuid();
+@@ -443,7 +443,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ if ((rc = pam_get_item(pamh, PAM_OLDAUTHTOK,
+ (const void **)&old_passphrase))
+ != PAM_SUCCESS) {
+- syslog(LOG_ERR, "pam_ecryptfs: Error retrieving old passphrase; rc = [%d]\n", rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error retrieving old passphrase; rc = [%d]\n", rc);
+ seteuid(saved_uid);
+ goto out;
+ }
+@@ -451,7 +451,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ if ((flags & PAM_PRELIM_CHECK)) {
+ if (!old_passphrase)
+ {
+- syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved a NULL passphrase; nothing to do\n");
++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved a NULL passphrase; nothing to do\n");
+ rc = PAM_AUTHTOK_RECOVER_ERR;
+ }
+ seteuid(saved_uid);
+@@ -460,14 +460,14 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ if ((rc = pam_get_item(pamh, PAM_AUTHTOK,
+ (const void **)&new_passphrase))
+ != PAM_SUCCESS) {
+- syslog(LOG_ERR, "pam_ecryptfs: Error retrieving new passphrase; rc = [%d]\n", rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error retrieving new passphrase; rc = [%d]\n", rc);
+ seteuid(saved_uid);
+ goto out;
+ }
+ if ((rc = asprintf(&wrapped_pw_filename, "%s/.ecryptfs/%s", homedir,
+ ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME))
+ == -1) {
+- syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n");
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Unable to allocate memory\n");
+ rc = -ENOMEM;
+ goto out;
+ }
+@@ -477,14 +477,14 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ from_hex(salt, salt_hex, ECRYPTFS_SALT_SIZE);
+ }
+ if (wrap_passphrase_if_necessary(username, uid, wrapped_pw_filename, new_passphrase, salt) == 0) {
+- syslog(LOG_DEBUG, "pam_ecryptfs: Passphrase file wrapped");
++ ecryptfs_syslog(LOG_DEBUG, "pam_ecryptfs: Passphrase file wrapped");
+ } else {
+ goto out;
+ }
+
+ seteuid(saved_uid);
+ if (!old_passphrase || !new_passphrase || *new_passphrase == '\0') {
+- syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved at least one NULL passphrase; nothing to do\n");
++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved at least one NULL passphrase; nothing to do\n");
+ rc = PAM_AUTHTOK_RECOVER_ERR;
+ goto out;
+ }
+@@ -496,20 +496,20 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ if ((rc = ecryptfs_unwrap_passphrase(passphrase,
+ wrapped_pw_filename,
+ old_passphrase, salt))) {
+- syslog(LOG_ERR, "pam_ecryptfs: Error attempting to unwrap passphrase; rc = [%d]\n", rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error attempting to unwrap passphrase; rc = [%d]\n", rc);
+ goto out_child;
+ }
+ if ((rc = ecryptfs_wrap_passphrase(wrapped_pw_filename,
+ new_passphrase, salt,
+ passphrase))) {
+- syslog(LOG_ERR, "pam_ecryptfs: Error attempting to wrap passphrase; rc = [%d]", rc);
++ ecryptfs_syslog(LOG_ERR, "pam_ecryptfs: Error attempting to wrap passphrase; rc = [%d]", rc);
+ goto out_child;
+ }
+ out_child:
+ _exit(0);
+ }
+ if ((tmp_pid = waitpid(child_pid, NULL, 0)) == -1)
+- syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n");
++ ecryptfs_syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n");
+ free(wrapped_pw_filename);
+ out:
+ return rc;
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index b17d650..56f720a 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -4,8 +4,8 @@
%global _sbindir /sbin
Name: ecryptfs-utils
-Version: 90
-Release: 2%{?dist}
+Version: 93
+Release: 1%{?dist}
Summary: The eCryptfs mount helper and support libraries
Group: System Environment/Base
License: GPLv2+
@@ -47,8 +47,6 @@ Patch12: ecryptfs-utils-87-memcpyfix.patch
# allow building with -Werror
Patch999: ecryptfs-utils-75-werror.patch
-Patch13: ecryptfs-utils-90-CVE-2011-3145.patch
-
# using return after fork() in pam module has some nasty side effects, rhbz#722445
Patch14: ecryptfs-utils-87-fixpamfork.patch
@@ -114,7 +112,6 @@ the interface supplied by the ecryptfs-utils library.
%patch11 -p1 -b .authconfig
%patch12 -p1 -b .memcpyfix
%patch999 -p1 -b .werror
-%patch13 -p1 -b .CVE-2011-3145
%patch14 -p1 -b .fixpamfork
%patch15 -p1 -b .fixexecgid
%patch16 -p1 -b .nozombies
@@ -198,6 +195,7 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/ecryptfs-stat
%{_bindir}/ecryptfs-umount-private
%{_bindir}/ecryptfs-unwrap-passphrase
+%{_bindir}/ecryptfs-verify
%{_bindir}/ecryptfs-wrap-passphrase
%{_bindir}/ecryptfsd
%{_libdir}/ecryptfs
@@ -249,6 +247,9 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/ecryptfs-utils/_libecryptfs.so
%changelog
+* Mon Oct 31 2011 Michal Hlavinka <mhlavink at redhat.com> - 93-1
+- updated to v. 93
+
* Wed Aug 31 2011 Michal Hlavinka <mhlavink at redhat.com> - 90-2
- set the group id in mount.ecryptfs_private (CVE-2011-3145)
@@ -290,7 +291,7 @@ rm -rf $RPM_BUILD_ROOT
- auto-load ecryptfs module in ecryptfs-setup-private
* Tue May 24 2011 Michal Hlavinka <mhlavink at redhat.com> - 87-1
-- updated tp v. 87
+- updated to v. 87
* Fri Mar 11 2011 Michal Hlavinka <mhlavink at redhat.com> - 86-3
- fix man pages
diff --git a/sources b/sources
index c36fcea..ab082b6 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
e612ddb9ccb17f8fec79df26e626a8c6 ecryptfs-mount-private.png
-a81621fb2f7ab4b81f9bffc020b181e2 ecryptfs-utils_90.orig.tar.gz
+7a162a2102a2c1701a156498d9218685 ecryptfs-utils_93.orig.tar.gz
More information about the scm-commits
mailing list