[ecryptfs-utils/f17] when ecryptfs-mount-fails, check if user is member of ecryptfs group

[Michal Hlavinka]

commit 922905a811f872404a65fdcb0a763c7939d2d20f
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Mon Apr 16 14:57:45 2012 +0200

    when ecryptfs-mount-fails, check if user is member of ecryptfs group

 ecryptfs-utils-96-groupcheck.patch |   21 +++++++++++++++++++++
 ecryptfs-utils.spec                |    9 ++++++++-
 2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/ecryptfs-utils-96-groupcheck.patch b/ecryptfs-utils-96-groupcheck.patch
new file mode 100644
index 0000000..ebbd6f0
--- /dev/null
+++ b/ecryptfs-utils-96-groupcheck.patch
@@ -0,0 +1,21 @@
+diff -up ecryptfs-utils-96/src/utils/ecryptfs-mount-private.groupcheck ecryptfs-utils-96/src/utils/ecryptfs-mount-private
+--- ecryptfs-utils-96/src/utils/ecryptfs-mount-private.groupcheck	2012-04-16 14:42:56.386317997 +0200
++++ ecryptfs-utils-96/src/utils/ecryptfs-mount-private	2012-04-16 14:49:13.637431764 +0200
+@@ -69,7 +69,16 @@ if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f
+ 		echo `gettext "ERROR:"` `gettext "Too many incorrect password attempts, exiting"`
+ 		exit 1
+ 	fi
+-	/sbin/mount.ecryptfs_private
++	if ! /sbin/mount.ecryptfs_private;
++	then
++		# Check if the ecryptfs group exists, and user is member of ecryptfs group
++		if grep -qs "^ecryptfs:" /etc/group; then
++		        if ! id "$USER" | grep -qs "\(ecryptfs\)"; then
++	                       echo $(gettext 'ERROR: ') $(gettext 'User needs to be a member of ecryptfs group')
++                               exit 1
++		        fi
++		fi
++	fi
+ else
+ 	echo `gettext "ERROR:"` `gettext "Encrypted private directory is not setup properly"`
+ 	exit 1
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index e0f96e0..ad78818 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -5,7 +5,7 @@
 
 Name: ecryptfs-utils
 Version: 96
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: The eCryptfs mount helper and support libraries
 Group: System Environment/Base
 License: GPLv2+
@@ -62,6 +62,9 @@ Patch19: ecryptfs-utils-87-syslog.patch
 
 Patch20: ecryptfs-utils-93-fixcrypto.patch
 
+# if e-m-p fails, check if user is member of ecryptfs group
+Patch21: ecryptfs-utils-96-groupcheck.patch
+
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires: keyutils, cryptsetup-luks, util-linux, gettext
 BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel
@@ -116,6 +119,7 @@ the interface supplied by the ecryptfs-utils library.
 %patch18 -p1 -b .fixconst
 %patch19 -p1 -b .syslog
 %patch20 -p1 -b .fixcrypto
+%patch21 -p1 -b .groupcheck
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits"
@@ -256,6 +260,9 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so
 
 %changelog
+* Mon Apr 16 2012 Michal Hlavinka <mhlavink at redhat.com> - 96-2
+- when ecryptfs-mount-fails, check if user is member of ecryptfs group
+
 * Mon Feb 20 2012 Michal Hlavinka <mhlavink at redhat.com> - 96-1
 - ecryptfs-utils updated to 96