Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- pam_ecryptfs: Respect ~/.ecryptfs/wrapping-independent
- Quoting man ecryptfs-mount-private:
- > ~/.ecryptfs/wrapping-independent - this file exists if the
- > wrapping passphrase is independent from login passphrase
- This patch makes pam_ecryptfs check if this file exists and ask the
- user for the wrapping passphrase if it does.
- ---
- src/pam_ecryptfs/pam_ecryptfs.c | 13 ++++++++-----
- 1 files changed, 8 insertions(+), 5 deletions(-)
- diff --git a/src/pam_ecryptfs/pam_ecryptfs.c b/src/pam_ecryptfs/pam_ecryptfs.c
- index 2209ac8..2d64587 100644
- --- a/src/pam_ecryptfs/pam_ecryptfs.c
- +++ b/src/pam_ecryptfs/pam_ecryptfs.c
- @@ -68,13 +68,13 @@ static void error(const char *msg)
- }
- }
- -/* returns: 0 for pam automounting not set, 1 for set, <0 for error */
- -static int ecryptfs_pam_automount_set(const char *homedir)
- +/* returns: 0 if file does not exist, 1 if it exists, <0 for error */
- +static int file_exists_dotecryptfs(const char *homedir, char *filename)
- {
- char *file_path;
- int rc = 0;
- struct stat s;
- - if (asprintf(&file_path, "%s/.ecryptfs/auto-mount", homedir) == -1)
- + if (asprintf(&file_path, "%s/.ecryptfs/%s", homedir, filename) == -1)
- return -ENOMEM;
- if (stat(file_path, &s) != 0) {
- if (errno != ENOENT)
- @@ -149,7 +149,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
- "rc = [%ld]\n", username, rc);
- goto out;
- }
- - if (!ecryptfs_pam_automount_set(homedir))
- + if (!file_exists_dotecryptfs(homedir, "auto-mount"))
- goto out;
- private_mnt = ecryptfs_fetch_private_mnt(homedir);
- if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) {
- @@ -165,7 +165,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
- syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
- saved_uid = geteuid();
- seteuid(uid);
- - rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase);
- + if(file_exists_dotecryptfs(homedir, "wrapping-independent") == 1)
- + rc = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &passphrase, "Encryption passphrase: ");
- + else
- + rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase);
- seteuid(saved_uid);
- if (rc != PAM_SUCCESS) {
- syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
- --
- 1.7.0.4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement