[ecryptfs-utils/f17] when ecryptfs-mount-fails, check if user is member of ecryptfs group
Michal Hlavinka
mhlavink at fedoraproject.org
Mon Apr 16 12:57:49 UTC 2012
commit 922905a811f872404a65fdcb0a763c7939d2d20f
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Mon Apr 16 14:57:45 2012 +0200
when ecryptfs-mount-fails, check if user is member of ecryptfs group
ecryptfs-utils-96-groupcheck.patch | 21 +++++++++++++++++++++
ecryptfs-utils.spec | 9 ++++++++-
2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/ecryptfs-utils-96-groupcheck.patch b/ecryptfs-utils-96-groupcheck.patch
new file mode 100644
index 0000000..ebbd6f0
--- /dev/null
+++ b/ecryptfs-utils-96-groupcheck.patch
@@ -0,0 +1,21 @@
+diff -up ecryptfs-utils-96/src/utils/ecryptfs-mount-private.groupcheck ecryptfs-utils-96/src/utils/ecryptfs-mount-private
+--- ecryptfs-utils-96/src/utils/ecryptfs-mount-private.groupcheck 2012-04-16 14:42:56.386317997 +0200
++++ ecryptfs-utils-96/src/utils/ecryptfs-mount-private 2012-04-16 14:49:13.637431764 +0200
+@@ -69,7 +69,16 @@ if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f
+ echo `gettext "ERROR:"` `gettext "Too many incorrect password attempts, exiting"`
+ exit 1
+ fi
+- /sbin/mount.ecryptfs_private
++ if ! /sbin/mount.ecryptfs_private;
++ then
++ # Check if the ecryptfs group exists, and user is member of ecryptfs group
++ if grep -qs "^ecryptfs:" /etc/group; then
++ if ! id "$USER" | grep -qs "\(ecryptfs\)"; then
++ echo $(gettext 'ERROR: ') $(gettext 'User needs to be a member of ecryptfs group')
++ exit 1
++ fi
++ fi
++ fi
+ else
+ echo `gettext "ERROR:"` `gettext "Encrypted private directory is not setup properly"`
+ exit 1
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index e0f96e0..ad78818 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -5,7 +5,7 @@
Name: ecryptfs-utils
Version: 96
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The eCryptfs mount helper and support libraries
Group: System Environment/Base
License: GPLv2+
@@ -62,6 +62,9 @@ Patch19: ecryptfs-utils-87-syslog.patch
Patch20: ecryptfs-utils-93-fixcrypto.patch
+# if e-m-p fails, check if user is member of ecryptfs group
+Patch21: ecryptfs-utils-96-groupcheck.patch
+
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires: keyutils, cryptsetup-luks, util-linux, gettext
BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel
@@ -116,6 +119,7 @@ the interface supplied by the ecryptfs-utils library.
%patch18 -p1 -b .fixconst
%patch19 -p1 -b .syslog
%patch20 -p1 -b .fixcrypto
+%patch21 -p1 -b .groupcheck
%build
export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits"
@@ -256,6 +260,9 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/ecryptfs-utils/_libecryptfs.so
%changelog
+* Mon Apr 16 2012 Michal Hlavinka <mhlavink at redhat.com> - 96-2
+- when ecryptfs-mount-fails, check if user is member of ecryptfs group
+
* Mon Feb 20 2012 Michal Hlavinka <mhlavink at redhat.com> - 96-1
- ecryptfs-utils updated to 96
More information about the scm-commits
mailing list