API tools faq
paste
Advertisement
Guest User

pam_ecryptfs: Respect ~/.ecryptfs/wrapping-independent

a guest
Nov 9th, 2010
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Diff 2.26 KB | None | 0 0
raw download clone embed print report
  1. pam_ecryptfs: Respect ~/.ecryptfs/wrapping-independent
  2.  
  3. Quoting man ecryptfs-mount-private:
  4. >    ~/.ecryptfs/wrapping-independent  -  this  file  exists  if the
  5. >           wrapping passphrase is independent from login passphrase
  6.  
  7. This patch makes pam_ecryptfs check if this file exists and ask the
  8. user for the wrapping passphrase if it does.
  9. ---
  10. src/pam_ecryptfs/pam_ecryptfs.c |   13 ++++++++-----
  11.  1 files changed, 8 insertions(+), 5 deletions(-)
  12.  
  13. diff --git a/src/pam_ecryptfs/pam_ecryptfs.c b/src/pam_ecryptfs/pam_ecryptfs.c
  14. index 2209ac8..2d64587 100644
  15. --- a/src/pam_ecryptfs/pam_ecryptfs.c
  16. +++ b/src/pam_ecryptfs/pam_ecryptfs.c
  17. @@ -68,13 +68,13 @@ static void error(const char *msg)
  18.     }
  19.  }
  20.  
  21. -/* returns: 0 for pam automounting not set, 1 for set, <0 for error */
  22. -static int ecryptfs_pam_automount_set(const char *homedir)
  23. +/* returns: 0 if file does not exist, 1 if it exists, <0 for error */
  24. +static int file_exists_dotecryptfs(const char *homedir, char *filename)
  25.  {
  26.     char *file_path;
  27.     int rc = 0;
  28.     struct stat s;
  29. -   if (asprintf(&file_path, "%s/.ecryptfs/auto-mount", homedir) == -1)
  30. +   if (asprintf(&file_path, "%s/.ecryptfs/%s", homedir, filename) == -1)
  31.         return -ENOMEM;
  32.     if (stat(file_path, &s) != 0) {
  33.         if (errno != ENOENT)
  34. @@ -149,7 +149,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
  35.                "rc = [%ld]\n", username, rc);
  36.         goto out;
  37.     }
  38. -   if (!ecryptfs_pam_automount_set(homedir))
  39. +   if (!file_exists_dotecryptfs(homedir, "auto-mount"))
  40.         goto out;
  41.     private_mnt = ecryptfs_fetch_private_mnt(homedir);
  42.     if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) {
  43. @@ -165,7 +165,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
  44.         syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
  45.     saved_uid = geteuid();
  46.     seteuid(uid);
  47. -   rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase);
  48. +   if(file_exists_dotecryptfs(homedir, "wrapping-independent") == 1)
  49. +       rc = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &passphrase, "Encryption passphrase: ");
  50. +   else
  51. +       rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase);
  52.     seteuid(saved_uid);
  53.     if (rc != PAM_SUCCESS) {
  54.         syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
  55. --
  56. 1.7.0.4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!