Hello community, here is the log from the commit of package cryptconfig checked in at Mon Nov 12 21:44:02 CET 2007. -------- --- cryptconfig/cryptconfig.changes 2007-11-02 17:22:49.000000000 +0100 +++ /mounts/work_src_done/STABLE/cryptconfig/cryptconfig.changes 2007-11-12 19:34:34.698847000 +0100 @@ -1,0 +2,6 @@ +Mon Nov 12 19:34:00 CET 2007 - crivera@suse.de + +- Update cryptconfig to use new pam_mount xml config format. +- Use pam-config to modify PAM service files. + +------------------------------------------------------------------- Old: ---- cryptconfig-0.1.0.tar.gz New: ---- cryptconfig-0.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cryptconfig.spec ++++++ --- /var/tmp/diff_new_pack.Q18213/_old 2007-11-12 21:43:40.000000000 +0100 +++ /var/tmp/diff_new_pack.Q18213/_new 2007-11-12 21:43:40.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package cryptconfig (Version 0.1.0) +# spec file for package cryptconfig (Version 0.2) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -11,15 +11,15 @@ # norootforbuild Name: cryptconfig -Version: 0.1.0 -Release: 79 +Version: 0.2 +Release: 1 Group: System/Base License: GPL v2 or later Summary: A Utility to Configure Encrypted Home Directories and LUKS Partitions AutoReqProv: on BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires: util-linux cryptsetup pam_mount >= 0.18-32 glib2 >= 2.8 openssl >= 0.9.7 -BuildRequires: cryptsetup glib2-devel >= 2.8 intltool openssl-devel >= 0.9.7 pam-devel util-linux +Requires: util-linux cryptsetup pam_mount >= 0.20 glib2 >= 2.8 openssl >= 0.9.7 libxml2 pam-config >= 0.21 +BuildRequires: cryptsetup glib2-devel >= 2.8 intltool libxml2-devel openssl-devel >= 0.9.7 pam-config >= 0.21 pam-devel util-linux Source: %{name}-%{version}.tar.gz %description @@ -61,6 +61,9 @@ %{_sysconfdir}/cryptconfig.conf %doc %{_mandir}/man8/cryptconfig.8.gz %changelog +* Mon Nov 12 2007 - crivera@suse.de +- Update cryptconfig to use new pam_mount xml config format. +- Use pam-config to modify PAM service files. * Fri Nov 02 2007 - crivera@suse.de - Don't fail if some pam service files don't exist. This fixes 326794. ++++++ cryptconfig-0.1.0.tar.gz -> cryptconfig-0.2.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/ChangeLog new/cryptconfig-0.2/ChangeLog --- old/cryptconfig-0.1.0/ChangeLog 2007-11-02 17:15:39.000000000 +0100 +++ new/cryptconfig-0.2/ChangeLog 2007-11-12 20:33:22.000000000 +0100 @@ -1,3 +1,16 @@ +2007-11-08 Chris Rivera <crivera@novell.com> + + * src/cryptconfig-lib.c: + + Add support for parsing the new pam_mount xml + config file. + + Use pam-config to add pam_mount and pam_cryptpass + to the pam service files instead of doing it + myself. + + Update the unit tests. + 2007-11-02 Chris Rivera <crivera@novell.com> * src/cryptconfig-lib.c: Don't fail if diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/configure new/cryptconfig-0.2/configure --- old/cryptconfig-0.1.0/configure 2007-11-02 17:15:56.000000000 +0100 +++ new/cryptconfig-0.2/configure 2007-11-07 18:54:08.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for cryptconfig 0.1.0. +# Generated by GNU Autoconf 2.61 for cryptconfig 0.2. # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. @@ -726,8 +726,8 @@ # Identity of this package. PACKAGE_NAME='cryptconfig' PACKAGE_TARNAME='cryptconfig' -PACKAGE_VERSION='0.1.0' -PACKAGE_STRING='cryptconfig 0.1.0' +PACKAGE_VERSION='0.2' +PACKAGE_STRING='cryptconfig 0.2' PACKAGE_BUGREPORT='' # Factoring default headers for most tests. @@ -919,9 +919,12 @@ PKG_CONFIG GLIB_CFLAGS GLIB_LIBS +LIBXML_CFLAGS +LIBXML_LIBS DU_BIN_PATH MKFS_BIN_PATH CRYPTSETUP_BIN_PATH +PAMCONFIG_BIN_PATH PAM_MODDIR LTLIBOBJS' ac_subst_files='' @@ -942,7 +945,9 @@ FFLAGS PKG_CONFIG GLIB_CFLAGS -GLIB_LIBS' +GLIB_LIBS +LIBXML_CFLAGS +LIBXML_LIBS' # Initialize some variables set by options. @@ -1445,7 +1450,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -`configure' configures cryptconfig 0.1.0 to adapt to many kinds of systems. +`configure' configures cryptconfig 0.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1515,7 +1520,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of cryptconfig 0.1.0:";; + short | recursive ) echo "Configuration of cryptconfig 0.2:";; esac cat <<_ACEOF @@ -1558,6 +1563,9 @@ PKG_CONFIG path to pkg-config utility GLIB_CFLAGS C compiler flags for GLIB, overriding pkg-config GLIB_LIBS linker flags for GLIB, overriding pkg-config + LIBXML_CFLAGS + C compiler flags for LIBXML, overriding pkg-config + LIBXML_LIBS linker flags for LIBXML, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1622,7 +1630,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<_ACEOF -cryptconfig configure 0.1.0 +cryptconfig configure 0.2 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1636,7 +1644,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by cryptconfig $as_me 0.1.0, which was +It was created by cryptconfig $as_me 0.2, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2326,7 +2334,7 @@ # Define the identity of the package. PACKAGE=cryptconfig - VERSION=0.1.0 + VERSION=0.2 cat >>confdefs.h <<_ACEOF @@ -4485,7 +4493,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4488 "configure"' > conftest.$ac_ext + echo '#line 4496 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: "$ac_compile"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -7222,11 +7230,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:7225: $lt_compile"" >&5) + (eval echo ""$as_me:7233: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7229: $? = $ac_status" >&5 + echo "$as_me:7237: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7512,11 +7520,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:7515: $lt_compile"" >&5) + (eval echo ""$as_me:7523: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7519: $? = $ac_status" >&5 + echo "$as_me:7527: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7616,11 +7624,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:7619: $lt_compile"" >&5) + (eval echo ""$as_me:7627: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7623: $? = $ac_status" >&5 + echo "$as_me:7631: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9965,7 +9973,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9968 "configure" +#line 9976 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10065,7 +10073,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 10068 "configure" +#line 10076 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12485,11 +12493,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:12488: $lt_compile"" >&5) + (eval echo ""$as_me:12496: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12492: $? = $ac_status" >&5 + echo "$as_me:12500: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -12589,11 +12597,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:12592: $lt_compile"" >&5) + (eval echo ""$as_me:12600: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:12596: $? = $ac_status" >&5 + echo "$as_me:12604: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14151,11 +14159,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:14154: $lt_compile"" >&5) + (eval echo ""$as_me:14162: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:14158: $? = $ac_status" >&5 + echo "$as_me:14166: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -14255,11 +14263,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:14258: $lt_compile"" >&5) + (eval echo ""$as_me:14266: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14262: $? = $ac_status" >&5 + echo "$as_me:14270: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -16442,11 +16450,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:16445: $lt_compile"" >&5) + (eval echo ""$as_me:16453: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16449: $? = $ac_status" >&5 + echo "$as_me:16457: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16732,11 +16740,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:16735: $lt_compile"" >&5) + (eval echo ""$as_me:16743: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16739: $? = $ac_status" >&5 + echo "$as_me:16747: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16836,11 +16844,11 @@ -e 's:.*FLAGS}{0,1} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:16839: $lt_compile"" >&5) + (eval echo ""$as_me:16847: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16843: $? = $ac_status" >&5 + echo "$as_me:16851: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -22475,6 +22483,120 @@ + +pkg_failed=no +{ echo "$as_me:$LINENO: checking for LIBXML" >&5 +echo $ECHO_N "checking for LIBXML... $ECHO_C" >&6; } + +if test -n "$PKG_CONFIG"; then + if test -n "$LIBXML_CFLAGS"; then + pkg_cv_LIBXML_CFLAGS="$LIBXML_CFLAGS" + else + if test -n "$PKG_CONFIG" && \ + { (echo "$as_me:$LINENO: $PKG_CONFIG --exists --print-errors "libxml-2.0"") >&5 + ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: $? = $ac_status" >&5 + (exit $ac_status); }; then + pkg_cv_LIBXML_CFLAGS=`$PKG_CONFIG --cflags "libxml-2.0" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi +if test -n "$PKG_CONFIG"; then + if test -n "$LIBXML_LIBS"; then + pkg_cv_LIBXML_LIBS="$LIBXML_LIBS" + else + if test -n "$PKG_CONFIG" && \ + { (echo "$as_me:$LINENO: $PKG_CONFIG --exists --print-errors "libxml-2.0"") >&5 + ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: $? = $ac_status" >&5 + (exit $ac_status); }; then + pkg_cv_LIBXML_LIBS=`$PKG_CONFIG --libs "libxml-2.0" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBXML_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libxml-2.0"` + else + LIBXML_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libxml-2.0"` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBXML_PKG_ERRORS" >&5 + + { { echo "$as_me:$LINENO: error: Package requirements (libxml-2.0) were not met: + +$LIBXML_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables LIBXML_CFLAGS +and LIBXML_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. +" >&5 +echo "$as_me: error: Package requirements (libxml-2.0) were not met: + +$LIBXML_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables LIBXML_CFLAGS +and LIBXML_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. +" >&2;} + { (exit 1); exit 1; }; } +elif test $pkg_failed = untried; then + { { echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables LIBXML_CFLAGS +and LIBXML_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see http://www.freedesktop.org/software/pkgconfig. +See `config.log' for more details." >&5 +echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables LIBXML_CFLAGS +and LIBXML_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see http://www.freedesktop.org/software/pkgconfig. +See `config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +else + LIBXML_CFLAGS=$pkg_cv_LIBXML_CFLAGS + LIBXML_LIBS=$pkg_cv_LIBXML_LIBS + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + : +fi + + + # Extract the first word of "du", so it can be a program name with args. set dummy du; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 @@ -22615,6 +22737,53 @@ { (exit 1); exit 1; }; } fi +# Extract the first word of "pam-config", so it can be a program name with args. +set dummy pam-config; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_path_PAMCONFIG_BIN_PATH+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PAMCONFIG_BIN_PATH in + [\/]* | ?:[\/]*) + ac_cv_path_PAMCONFIG_BIN_PATH="$PAMCONFIG_BIN_PATH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/sbin:/usr/sbin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PAMCONFIG_BIN_PATH="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + ;; +esac +fi +PAMCONFIG_BIN_PATH=$ac_cv_path_PAMCONFIG_BIN_PATH +if test -n "$PAMCONFIG_BIN_PATH"; then + { echo "$as_me:$LINENO: result: $PAMCONFIG_BIN_PATH" >&5 +echo "${ECHO_T}$PAMCONFIG_BIN_PATH" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +if ! test -x "$PAMCONFIG_BIN_PATH"; then + { { echo "$as_me:$LINENO: error: pam-config is not installed." >&5 +echo "$as_me: error: pam-config is not installed." >&2;} + { (exit 1); exit 1; }; } +fi + case "$host" in *-*-linux*) # See also <configure-flags> in pam_mount.xml. @@ -23059,7 +23228,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by cryptconfig $as_me 0.1.0, which was +This file was extended by cryptconfig $as_me 0.2, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23112,7 +23281,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\ -cryptconfig config.status 0.1.0 +cryptconfig config.status 0.2 configured by $0, generated by GNU Autoconf 2.61, with options \"`echo "$ac_configure_args" | sed 's/^ //; s/[\""`$]/\\&/g'`\" @@ -23497,14 +23666,17 @@ PKG_CONFIG!$PKG_CONFIG$ac_delim GLIB_CFLAGS!$GLIB_CFLAGS$ac_delim GLIB_LIBS!$GLIB_LIBS$ac_delim +LIBXML_CFLAGS!$LIBXML_CFLAGS$ac_delim +LIBXML_LIBS!$LIBXML_LIBS$ac_delim DU_BIN_PATH!$DU_BIN_PATH$ac_delim MKFS_BIN_PATH!$MKFS_BIN_PATH$ac_delim CRYPTSETUP_BIN_PATH!$CRYPTSETUP_BIN_PATH$ac_delim +PAMCONFIG_BIN_PATH!$PAMCONFIG_BIN_PATH$ac_delim PAM_MODDIR!$PAM_MODDIR$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim$/X/p" conf$$subs.sed | grep -c X` = 61; then + if test `sed -n "s/.*$ac_delim$/X/p" conf$$subs.sed | grep -c X` = 64; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/configure.in new/cryptconfig-0.2/configure.in --- old/cryptconfig-0.1.0/configure.in 2007-07-06 23:03:54.000000000 +0200 +++ new/cryptconfig-0.2/configure.in 2007-11-06 22:53:46.000000000 +0100 @@ -1,7 +1,7 @@ AC_PREREQ(2.52) -AC_INIT(cryptconfig, 0.1.0) -AM_INIT_AUTOMAKE(cryptconfig, 0.1.0) +AC_INIT(cryptconfig, 0.2) +AM_INIT_AUTOMAKE(cryptconfig, 0.2) AM_MAINTAINER_MODE AM_CONFIG_HEADER(config.h) @@ -69,6 +69,13 @@ AC_SUBST(GLIB_LIBS) dnl +dnl Check for libxml2 +dnl +PKG_CHECK_MODULES(LIBXML, libxml-2.0) +AC_SUBST(LIBXML_CFLAGS) +AC_SUBST(LIBXML_LIBS) + +dnl dnl Checks for required binaries dnl AC_PATH_PROG(DU_BIN_PATH, du) @@ -86,6 +93,11 @@ AC_MSG_ERROR(cryptsetup is not installed.) fi +AC_PATH_PROG(PAMCONFIG_BIN_PATH, pam-config, [], [$PATH:/sbin:/usr/sbin]) +if ! test -x "$PAMCONFIG_BIN_PATH"; then + AC_MSG_ERROR(pam-config is not installed.) +fi + case "$host" in *-*-linux*) # See also <configure-flags> in pam_mount.xml. diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/Makefile.in new/cryptconfig-0.2/Makefile.in --- old/cryptconfig-0.1.0/Makefile.in 2007-11-02 17:15:55.000000000 +0100 +++ new/cryptconfig-0.2/Makefile.in 2007-11-07 18:54:07.000000000 +0100 @@ -156,6 +156,8 @@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ +LIBXML_CFLAGS = @LIBXML_CFLAGS@ +LIBXML_LIBS = @LIBXML_LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ @@ -171,6 +173,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PAMCONFIG_BIN_PATH = @PAMCONFIG_BIN_PATH@ PAM_MODDIR = @PAM_MODDIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/man/Makefile.in new/cryptconfig-0.2/man/Makefile.in --- old/cryptconfig-0.1.0/man/Makefile.in 2007-11-02 17:15:54.000000000 +0100 +++ new/cryptconfig-0.2/man/Makefile.in 2007-11-07 18:54:07.000000000 +0100 @@ -123,6 +123,8 @@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ +LIBXML_CFLAGS = @LIBXML_CFLAGS@ +LIBXML_LIBS = @LIBXML_LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ @@ -138,6 +140,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PAMCONFIG_BIN_PATH = @PAMCONFIG_BIN_PATH@ PAM_MODDIR = @PAM_MODDIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/cryptconfig.c new/cryptconfig-0.2/src/cryptconfig.c --- old/cryptconfig-0.1.0/src/cryptconfig.c 2007-11-02 17:12:48.000000000 +0100 +++ new/cryptconfig-0.2/src/cryptconfig.c 2007-11-06 21:17:19.000000000 +0100 @@ -1058,7 +1058,7 @@ g_option_context_free (ctx); if (remove_all) { - ret = disable_pam_mount_all (); + ret = disable_pam_mount (NULL); } else { pent = getpwnam (argv[2]); if (!pent) { diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/cryptconfig.h new/cryptconfig-0.2/src/cryptconfig.h --- old/cryptconfig-0.1.0/src/cryptconfig.h 2007-11-02 17:12:48.000000000 +0100 +++ new/cryptconfig-0.2/src/cryptconfig.h 2007-11-06 21:16:39.000000000 +0100 @@ -14,7 +14,7 @@ #define BUFF_SIZE 256 #define KEY_FILE_SIZE_THRESHOLD 1048576 #define PAM_SERVICES_DIR "/etc/pam.d" -#define PAM_MOUNT_CONF "/etc/security/pam_mount.conf" +#define PAM_MOUNT_CONF "/etc/security/pam_mount.conf.xml" #define CRYPTCONFIG_CONF SYSCONFDIR "/cryptconfig.conf" gboolean luks_close (char *map_name); @@ -50,7 +50,6 @@ gboolean pam_mount_is_setup_for_user (const char * user, char **image, char **key); gboolean enable_pam_mount (const char *user, const char *image_file, const char *key_file); gboolean disable_pam_mount (const char *user); -gboolean disable_pam_mount_all (void); gchar *path_to_map_name (const char *path); gboolean unlock_image (const char *image_file, const char *key_file, char **map_device, char **loop_dev); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/cryptconfig-lib.c new/cryptconfig-0.2/src/cryptconfig-lib.c --- old/cryptconfig-0.1.0/src/cryptconfig-lib.c 2007-11-02 17:14:29.000000000 +0100 +++ new/cryptconfig-0.2/src/cryptconfig-lib.c 2007-11-07 21:58:28.000000000 +0100 @@ -37,9 +37,21 @@ #include <sys/types.h> #include <sys/wait.h> #include <sys/mman.h> +#include <libxml/tree.h> #include "cryptconfig.h" +typedef enum { + PAM_CONFIG_TYPE_MOUNT, + PAM_CONFIG_TYPE_CRYPTPASS, + PAM_CONFIG_TYPE_CRYPTPASS_PASSWD +} PamConfigType; + +typedef enum { + PAM_CONFIG_OP_ADD, + PAM_CONFIG_OP_REMOVE +} PamConfigOp; + typedef gboolean (*LineMatchFunc) (char *, void *); static long fs_min_sizes[] = { 10, 10, 40 }; @@ -114,7 +126,9 @@ retval = rename (old, new); if (retval == -1 && errno == EXDEV) { retval = crappy_rename (old, new); - unlink (old); + + if (retval) + unlink (old); } if (retval) @@ -143,69 +157,6 @@ } /* - * Open file, write it's contents to a temp file and filter based on the match_cb, - * and then replace file with the temp file. The match_cb should return - * TRUE if the line should be written to the new file and FALSE otherwise. - */ -static gboolean filter_file (const char *file, const char *template, - LineMatchFunc match_func, void *data) -{ - FILE *old, *new; - gchar *tmp_name; - int new_fd, old_fd; - char buff[BUFF_SIZE]; - - old_fd = open (file, O_RDONLY | O_NOFOLLOW); - if (old_fd == -1) { - g_printerr (_("Failed to open %s: %s\n"), file, strerror (errno)); - return FALSE; - } - - if (flock (old_fd, LOCK_EX)) { - g_printerr (_("flock: %s\n"), strerror (errno)); - close (old_fd); - return FALSE; - } - - old = fdopen (old_fd, "r"); - if (!old) { - g_printerr (_("Failed to open %s: %s\n"), file, strerror (errno)); - close (old_fd); - return FALSE; - } - - new_fd = g_file_open_tmp (template, &tmp_name, NULL); - if (new_fd == -1) { - g_printerr (_("Failed to create temp file\n")); - fclose (old); - return FALSE; - } - - new = fdopen (new_fd, "a+"); - if (!new) { - g_free (tmp_name); - fclose (old); - return FALSE; - } - - buff[BUFF_SIZE - 1] = '\0'; - while (fgets (buff, BUFF_SIZE, old)) { - if (match_func (buff, data)) - fprintf (new, buff); - } - - fclose (new); - fflush (old); - - if (!rename_file (tmp_name, file)) - fprintf (stderr, "Failed to update %s\n", file); - - fclose (old); - g_free (tmp_name); - return TRUE; -} - -/* * Create a new loop device. The device string must be freed by * the caller. */ @@ -255,8 +206,7 @@ continue; /* This fails with errno set to ENXIO if the device isn't used */ - if (ioctl (fd, LOOP_GET_STATUS, &loopinfo) == -1 && - errno == ENXIO) { + if (ioctl (fd, LOOP_GET_STATUS, &loopinfo) == -1 && errno == ENXIO) { close (fd); *device = g_strdup_printf ("/dev/loop%d", i); return TRUE; @@ -324,7 +274,7 @@ *size = len; for (i = 0; i < len && list; i++) { - ret[i] = g_build_filename (PAM_SERVICES_DIR, list[i], NULL); + ret[i] = g_strdup (list[i]); } g_strfreev (list); @@ -363,7 +313,7 @@ *size = len; for (i = 0; i < len && list; i++) { - ret[i] = g_build_filename (PAM_SERVICES_DIR, list[i], NULL); + ret[i] = g_strdup (list[i]); } g_strfreev (list); @@ -372,276 +322,118 @@ } /* - * Add pam_cryptpass to the passwd service stack - */ -static gboolean modify_pam_passwd_stacks (void) -{ - int i; - gchar **list; - gsize size; - - list = get_pam_passwd_services (&size); - if (!list) { - g_printerr (_("Failed to get passwd services list\n")); - return FALSE; - } - - for (i = 0; i < size; i++) { - FILE *fp; - int fd; - char buff[BUFF_SIZE]; - - if (!list[i]) - break; - - if (!g_file_test (list[i], G_FILE_TEST_EXISTS)) - continue; - - fd = open (list[i], O_RDWR | O_APPEND); - if (fd == -1) { - g_printerr (_("open: %s\n"), strerror (errno)); - return FALSE; - } - - if (flock (fd, LOCK_EX)) { - g_printerr (_("flock: %s\n"), strerror (errno)); - close (fd); - return FALSE; - } - - fp = fdopen (fd, "a+"); - if (!fp) { - g_printerr (_("Failed to open pam")); - close (fd); - return FALSE; - } - - while (fgets (buff, BUFF_SIZE, fp)) { - if (buff[0] != '#' && strstr (buff, "pam_cryptpass.so")) { - fclose (fp); - return TRUE; - } - } - - fprintf (fp, "password optional\tpam_cryptpass.so use_first_pass\n"); - fclose (fp); - } - - return TRUE; -} - -/* - * The match_cb for removing cryptpass entries. - */ -static gboolean restore_pam_passwd_stacks_cb (char *line, void *data) -{ - return strstr (line, "pam_cryptpass.so") ? FALSE : TRUE; -} - -/* - * Remove pam_cryptpass from the passwd service stack + * Run pam-config to add/remove pam_mount to/from the service configs. */ -static gboolean restore_pam_passwd_stacks (void) +static gboolean run_pam_config (PamConfigType type, PamConfigOp op) { - int i; + char *flags[] = { "--mount", "--cryptpass", "--cryptpass-password" }; + char *operation = op == PAM_CONFIG_OP_ADD ? "-a" : "-d"; gboolean ret = TRUE; gchar **list; gsize size; + int i, j; - list = get_pam_passwd_services (&size); - if (!list) { - g_printerr (_("Failed to get passwd services list\n")); - return FALSE; - } - - for (i = 0; i < size; i++) { - if (g_file_test (list[i], G_FILE_TEST_EXISTS) && - !filter_file (list[i], "passwd-XXXXXX", - restore_pam_passwd_stacks_cb, NULL)) { - ret = FALSE; - } - } - - return ret; -} - -/* - * Enable pam_mount in each of pam service configs. - */ -static gboolean modify_pam_session_stacks (void) -{ - gchar **list = NULL; - gboolean ret = TRUE; - gsize size; - int i; - - list = get_pam_services (&size); + list = type == PAM_CONFIG_TYPE_CRYPTPASS_PASSWD ? + get_pam_passwd_services (&size) : get_pam_services (&size); + if (!list) { g_printerr (_("Failed to get pam services list\n")); return FALSE; } - + for (i = 0; i < size; i++) { - FILE *config; - int n, fd, found = 0; - char buff[BUFF_SIZE]; - + char *argv[] = { PAMCONFIG_BIN_PATH, "--service", list[i], operation, flags[type], NULL }; + GError *err = NULL; + gint status; + gchar *fn; + gboolean r; + if (!list[i]) break; - - if (!g_file_test (list[i], G_FILE_TEST_EXISTS)) - continue; - fd = open (list[i], O_RDWR | O_APPEND); - if (fd == -1) { - continue; - } - - if (flock (fd, LOCK_EX)) { - g_printerr ("flock: %s\n", strerror (errno)); - close (fd); - continue; - } - - config = fdopen (fd, "a+"); - if (!config) { - g_printerr ("fdopen: %s\n", strerror (errno)); - close (fd); + fn = g_build_filename (PAM_SERVICES_DIR, list[i], NULL); + r = g_file_test (fn, G_FILE_TEST_EXISTS); + g_free (fn); + if (!r) continue; - } - buff[BUFF_SIZE - 1] = '\0'; - while (fgets (buff, BUFF_SIZE, config)) { - if (strstr (buff, "pam_mount.so")) { - found = 1; - break; - } - } - - if (found) { - fclose (config); + if (!g_spawn_sync (NULL, argv, NULL, + G_SPAWN_STDOUT_TO_DEV_NULL, + NULL, NULL, NULL, NULL, &status, &err)) { + g_printerr ("Failed to execute %s: %s\n", PAMCONFIG_BIN_PATH, err->message); + g_error_free (err); continue; } - - n = fprintf (config, "auth optional pam_mount.so use_first_pass\n" - "session optional pam_cryptpass.so\n" - "session required pam_mount.so\n"); - if (n < 1) + + if (WEXITSTATUS (status)) { + g_printerr ("Failed to modify %s\n", list[i]); ret = FALSE; - - fclose (config); + } } g_strfreev (list); - return ret ? modify_pam_passwd_stacks () : FALSE; + return ret; } /* - * Parse the pam_mount config to see if pam_mount is setup. + * Return TRUE is user has an entry in pam_mount.conf. The image and key + * arguments should be freed by the caller if the function returns true. */ -static gboolean pam_mount_is_setup (void) +gboolean pam_mount_is_setup_for_user (const char *user, char **image, char **key) { - FILE *fs; - char line[BUFF_SIZE]; + xmlDocPtr doc; + xmlNodePtr root_node, node; + int ret = FALSE; - fs = fopen (PAM_MOUNT_CONF, "r"); - if (!fs) + doc = xmlParseFile (PAM_MOUNT_CONF); + if (!doc) { + g_printerr ("Failed to read %s\n", PAM_MOUNT_CONF); return FALSE; - - while (fgets (line, BUFF_SIZE, fs)) { - if (line[0] != '#' && strstr (line, "volume") && - strstr (line, "crypt") && strstr (line, ".key")) { - fclose (fs); - return TRUE; - } } - - fclose (fs); - return FALSE; -} - -/* - * Return TRUE is user has an entry in pam_mount.conf - */ -gboolean pam_mount_is_setup_for_user (const char *user, char **image, char **key) -{ - FILE *fs; - char line[BUFF_SIZE]; - char needle[BUFF_SIZE]; - fs = fopen (PAM_MOUNT_CONF, "r"); - if (!fs) + root_node = xmlDocGetRootElement (doc); + if (!root_node) { + g_printerr ("Failed to get root element from %s\n", PAM_MOUNT_CONF); return FALSE; - - needle[BUFF_SIZE - 1] = '\0'; - snprintf (needle, BUFF_SIZE - 1, "volume %s crypt", user); + } + + for (node = root_node->children; node; node = node->next) { + xmlChar *fstype, *usr, *fskeypath, *path; - while (fgets (line, BUFF_SIZE, fs)) { - if (line[0] != '#' && strstr (line, needle)) { - int n = 0; - gchar **fields = g_strsplit (line, " ", 0); - - fclose (fs); - for (; fields[n]; n++); + if (node->type != XML_ELEMENT_NODE) + continue; - if (n < 9) { - g_strfreev (fields); - g_printerr ("invalid line in " PAM_MOUNT_CONF "\n"); - return FALSE; - } + if (xmlStrcasecmp ((xmlChar *) "volume", node->name)) + continue; + fstype = xmlGetProp (node, (xmlChar *) "fstype"); + usr = xmlGetProp (node, (xmlChar *) "user"); + path = xmlGetProp (node, (xmlChar *) "path"); + fskeypath = xmlGetProp (node, (xmlChar *) "fskeypath"); + + if (fstype && usr && path && fskeypath && + !xmlStrcasecmp ((xmlChar *) fstype, (xmlChar *) "crypt") && + !xmlStrcasecmp (usr, (xmlChar *) user)) { if (image) - *image = g_strdup (fields[4]); - + *image = g_strchomp (strdup ((char *) path)); + if (key) - *key = g_strchomp (g_strdup (fields[8])); + *key = g_strchomp (strdup ((char *) fskeypath)); - g_strfreev (fields); - return TRUE; + ret = TRUE; } - } - - fclose (fs); - return FALSE; -} -/* - * The match_cb for removing pam_mount.so entries. - */ -static gboolean restore_pam_session_stacks_cb (char *line, void *data) -{ - return strstr (line, "pam_mount.so") || - strstr (line, "pam_cryptpass.so") ? FALSE : TRUE; -} + xmlFree (fstype); + xmlFree (usr); + xmlFree (path); + xmlFree (fskeypath); -/* - * Remove pam_mount from our pam service configs. - */ -static gboolean restore_pam_session_stacks (void) -{ - gchar **list; - gsize size; - int i; - - list = get_pam_services (&size); - if (!list) { - g_printerr (_("Failed to get pam services list\n")); - return FALSE; - } - - for (i = 0; i < size; i++) { - if (!list[i]) + if (ret) break; - - if (g_file_test (list[i], G_FILE_TEST_EXISTS) && - !filter_file (list[i], "pam-service-XXXXXX", - restore_pam_session_stacks_cb, NULL)) { - g_printerr (_("Failed to replace %s\n"), list[i]); - } } - g_strfreev (list); - return restore_pam_passwd_stacks (); + xmlFreeDoc (doc); + return ret; } /* @@ -1077,7 +869,7 @@ { int loop_fd = open (loop_device, O_RDONLY); if (loop_fd == -1) { - perror ("read"); + perror ("open"); return FALSE; } @@ -1098,7 +890,7 @@ guint64 bytes = size_in_mb * 1048576; int fd = open (image, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW | O_LARGEFILE, 0600); if (fd == -1) { - g_printerr ("open: %s\n", strerror (errno)); + perror ("open"); return FALSE; } @@ -1108,7 +900,7 @@ } if (write (fd, "\0", 1) == -1) { - g_printerr ("write: %s\n", strerror (errno)); + perror ("write"); close (fd); return FALSE; } @@ -1129,7 +921,7 @@ fd = open (image, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW | O_LARGEFILE, 0600); if (fd == -1) { - g_printerr ("open: %s\n", strerror (errno)); + perror ("open"); return FALSE; } @@ -1290,41 +1082,140 @@ return free_space > *home_size ? TRUE : FALSE; } +/* + * Write our changes to a temp file and, if everything went ok, + * overwrite the pam_mount conf. + */ +static int write_xml_config (xmlDocPtr doc) +{ + gchar *tmp_name; + int ret; + + int fd = g_file_open_tmp ("pam-mount-conf-XXXXXX", &tmp_name, NULL); + if (fd == -1) { + g_printerr (_("Failed to create temp file\n")); + return -1; + } + + ret = xmlSaveFormatFileEnc (tmp_name, doc, "UTF-8", 1); + if (ret != -1) + ret = rename_file (tmp_name, PAM_MOUNT_CONF) == TRUE ? 0 : -1; + + close (fd); + return ret; +} + +/* + * Remove the crypt home directory entries for user in + * the pam_mount conf file. If user is NULL then we + * remove all encrypted home entries. + */ +gboolean disable_pam_mount (const char *user) +{ + xmlDocPtr doc; + xmlNodePtr root_node, node; + struct passwd *pent; + int ok; + + if (user) { + pent = getpwnam (user); + if (!pent) { + g_printerr (_("Failed to lookup user %s\n"), user); + return FALSE; + } + } + + doc = xmlParseFile (PAM_MOUNT_CONF); + if (!doc) { + g_printerr ("Failed to read %s\n", PAM_MOUNT_CONF); + return FALSE; + } + + root_node = xmlDocGetRootElement (doc); + if (!root_node) { + g_printerr ("Failed to get root element from %s\n", PAM_MOUNT_CONF); + return FALSE; + } + + node = root_node->children; + while (node) { + xmlChar *u, *t; + gboolean remove_node = FALSE; + + if (node->type != XML_ELEMENT_NODE || + xmlStrcasecmp ((xmlChar *) "volume", node->name)) { + node = node->next; + continue; + } + + u = xmlGetProp (node, (xmlChar *) "user"); + t = xmlGetProp (node, (xmlChar *) "fstype"); + if (!u || !t || !xmlHasProp (node, (xmlChar *) "fskeypath") || + xmlStrcasecmp ((xmlChar *) "crypt", t)) { + xmlFree (u); + xmlFree (t); + node = node->next; + continue; + } + + if (!user || (user && !xmlStrcasecmp ((xmlChar *) user, u))) + remove_node = TRUE; + + xmlFree (u); + xmlFree (t); + + if (remove_node) { + xmlUnlinkNode (node); + xmlFreeNode (node); + } + + node = node->next; + } + + ok = write_xml_config (doc); + xmlFreeDoc (doc); + + if (ok == -1) + return FALSE; + else + return run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS_PASSWD, PAM_CONFIG_OP_REMOVE) && + run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS, PAM_CONFIG_OP_REMOVE) && + run_pam_config (PAM_CONFIG_TYPE_MOUNT, PAM_CONFIG_OP_REMOVE); +} + /* * Add an entry to the pam_mount conf to enable mounting of encrypted home * dirs during login. */ -gboolean enable_pam_mount (const char *user, const char *image_file, const char *key_file) +gboolean enable_pam_mount (const char *user, const char *image, const char *key_file) { - struct passwd *pent; - FILE *fs; + struct passwd *ent; const char *up; - int n, fd; - char haystack[BUFF_SIZE]; - char needle[BUFF_SIZE]; + char *curr_image, *curr_key; + xmlDocPtr doc; + xmlNodePtr root_node, node; + int ok; char esc_user[BUFF_SIZE]; - - if (!g_file_test (image_file, G_FILE_TEST_EXISTS) || + + if (!g_file_test (image, G_FILE_TEST_EXISTS) || !g_file_test (key_file, G_FILE_TEST_EXISTS)) { g_printerr ("access: %s\n", strerror (errno)); return FALSE; } - pent = getpwnam (user); - if (!pent) { - g_printerr (_("Failed to lookup user %s\n"), user); + ent = getpwnam (user); + if (!ent) { + fprintf (stderr, "Failed to lookup user '%s'\n", user); return FALSE; } - needle[BUFF_SIZE - 1] = '\0'; - haystack[BUFF_SIZE - 1] = '\0'; up = user; /* escaping '' for AD users is required by pam_mount */ if (strchr (user, '\')) { int ui = 0, ei = 0; - for (;user[ui] != '\0'; ui++, ei++) { + for (; user[ui] != '\0'; ui++, ei++) { if (user[ui] == '\') { esc_user[ei] = '\'; ei++; @@ -1336,102 +1227,54 @@ up = esc_user; } - n = snprintf (needle, BUFF_SIZE - 1, - "volume %s crypt - %s %s loop aes-256-cbc %s", - up, image_file, pent->pw_dir, key_file); - if (n == -1) - return FALSE; - - fd = open (PAM_MOUNT_CONF, O_RDWR | O_APPEND); - if (!fd) { - g_printerr ("open: %s\n", strerror (errno)); - return FALSE; - } - - if (flock (fd, LOCK_EX)) { - g_printerr ("flock: %s\n", strerror (errno)); - close (fd); - return FALSE; - } - - fs = fdopen (fd, "a+"); - if (!fs) { - g_printerr ("fdopen: %s\n", strerror (errno)); - close (fd); - return FALSE; - } - - while (fgets (haystack, BUFF_SIZE, fs)) { - if (strstr (haystack, needle)) { - fclose (fs); + /* see if we're already setup for this {user, image, key} */ + if (pam_mount_is_setup_for_user (up, &curr_image, &curr_key)) { + if (!strcmp (image, curr_image) && !strcmp (key_file, curr_key)) { + g_free (curr_image); + g_free (curr_key); return TRUE; + } else { + g_free (curr_image); + g_free (curr_key); + + /* The current entry is different. Replace it */ + if (!disable_pam_mount (up)) { + g_printerr ("Failed to change pam_mount entry for %s\n", up); + return FALSE; + } } } - n = fprintf (fs, "%s\n", needle); - fclose (fs); - - if (n > 0) - return modify_pam_session_stacks (); - else + doc = xmlParseFile (PAM_MOUNT_CONF); + if (!doc) { + g_printerr ("Failed to read %s\n", PAM_MOUNT_CONF); return FALSE; -} - -/* - * The match_cb for pam_mount.conf entries. - */ -static gboolean disable_pam_mount_cb (char *line, void *data) -{ - return line[0] != '#' && strstr (line, data) ? FALSE : TRUE; -} - -/* - * Remove any crypt home directory entries in the - * pam_mount conf file. - */ -gboolean disable_pam_mount (const char *user) -{ - struct passwd *pent; - gboolean ret; - char needle[BUFF_SIZE]; + } - pent = getpwnam (user); - if (!pent) { - g_printerr (_("Failed to lookup user %s\n"), user); + root_node = xmlDocGetRootElement (doc); + if (!root_node) { + g_printerr ("Failed to get root element from %s\n", PAM_MOUNT_CONF); return FALSE; } - needle[BUFF_SIZE - 1] = '\0'; - snprintf (needle, BUFF_SIZE - 1, "volume %s crypt", user); - - ret = filter_file (PAM_MOUNT_CONF, "pam-mount-conf-XXXXXX", - disable_pam_mount_cb, needle); - if (ret && !pam_mount_is_setup ()) - return restore_pam_session_stacks (); - else - return ret; -} + node = xmlNewChild (root_node, NULL, (xmlChar *) "volume", NULL); + xmlNewProp (node, (xmlChar *) "fstype", (xmlChar *) "crypt"); + xmlNewProp (node, (xmlChar *) "user", (xmlChar *) up); + xmlNewProp (node, (xmlChar *) "path", (xmlChar *) image); + xmlNewProp (node, (xmlChar *) "fskeypath", (xmlChar *) key_file); + xmlNewProp (node, (xmlChar *) "fskeycipher", (xmlChar *) "aes-256-cbc"); + xmlNewProp (node, (xmlChar *) "options", (xmlChar *) "loop"); + xmlNewProp (node, (xmlChar *) "mountpoint", (xmlChar *) ent->pw_dir); + xmlAddChild (root_node, node); + ok = write_xml_config (doc); + xmlFreeDoc (doc); -/* - * The match_cb for any pam_mount.conf line. - */ -static gboolean disable_pam_mount_all_cb (char *line, void *data) -{ - return line[0] != '#' && !strncmp (line, "volume", 6) && - strstr (line, "crypt") && strstr (line, ".key") ? FALSE : TRUE; -} - -/* - * Remove all entries from pam_mount.conf. - */ -gboolean disable_pam_mount_all (void) -{ - if (filter_file (PAM_MOUNT_CONF, "pam-mount-conf-XXXXXX", - disable_pam_mount_all_cb, NULL)) { - return restore_pam_session_stacks (); - } else { + if (ok == -1) return FALSE; - } + else + return run_pam_config (PAM_CONFIG_TYPE_MOUNT, PAM_CONFIG_OP_ADD) && + run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS, PAM_CONFIG_OP_ADD) && + run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS_PASSWD, PAM_CONFIG_OP_ADD); } /* diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/Makefile.am new/cryptconfig-0.2/src/Makefile.am --- old/cryptconfig-0.1.0/src/Makefile.am 2007-07-06 23:13:43.000000000 +0200 +++ new/cryptconfig-0.2/src/Makefile.am 2007-11-06 22:54:11.000000000 +0100 @@ -5,12 +5,13 @@ PROG_CFLAGS = -DDU_BIN_PATH="$(DU_BIN_PATH)" \ -DMKFS_BIN_PATH="$(MKFS_BIN_PATH)" \ -DCRYPTSETUP_BIN_PATH="$(CRYPTSETUP_BIN_PATH)" \ + -DPAMCONFIG_BIN_PATH="$(PAMCONFIG_BIN_PATH)" \ -DSYSCONFDIR="$(sysconfdir)" sbin_PROGRAMS = cryptconfig cryptconfig_SOURCES = cryptconfig.c cryptconfig.h cryptconfig-lib.c -cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto` -cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) +cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto` $(LIBXML_LIBS) +cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) $(LIBXML_CFLAGS) moduledir = @PAM_MODDIR@ module_LTLIBRARIES = pam_cryptpass.la diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/Makefile.in new/cryptconfig-0.2/src/Makefile.in --- old/cryptconfig-0.1.0/src/Makefile.in 2007-11-02 17:15:55.000000000 +0100 +++ new/cryptconfig-0.2/src/Makefile.in 2007-11-07 18:54:07.000000000 +0100 @@ -161,6 +161,8 @@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ +LIBXML_CFLAGS = @LIBXML_CFLAGS@ +LIBXML_LIBS = @LIBXML_LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ @@ -176,6 +178,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PAMCONFIG_BIN_PATH = @PAMCONFIG_BIN_PATH@ PAM_MODDIR = @PAM_MODDIR@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ @@ -250,11 +253,12 @@ PROG_CFLAGS = -DDU_BIN_PATH="$(DU_BIN_PATH)" \ -DMKFS_BIN_PATH="$(MKFS_BIN_PATH)" \ -DCRYPTSETUP_BIN_PATH="$(CRYPTSETUP_BIN_PATH)" \ + -DPAMCONFIG_BIN_PATH="$(PAMCONFIG_BIN_PATH)" \ -DSYSCONFDIR="$(sysconfdir)" cryptconfig_SOURCES = cryptconfig.c cryptconfig.h cryptconfig-lib.c -cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto` -cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) +cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto` $(LIBXML_LIBS) +cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) $(LIBXML_CFLAGS) moduledir = @PAM_MODDIR@ module_LTLIBRARIES = pam_cryptpass.la pam_cryptpass_la_SOURCES = cryptconfig.h cryptconfig-lib.c pam_cryptpass.c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org