Hello community,
here is the log from the commit of package cryptconfig
checked in at Thu Mar 6 00:30:57 CET 2008.
--------
--- cryptconfig/cryptconfig.changes 2008-01-21 21:22:46.000000000 +0100
+++ cryptconfig/cryptconfig.changes 2008-03-05 20:07:31.847724000 +0100
@@ -1,0 +2,18 @@
+Wed Mar 5 20:10:17 CET 2008 - crivera@suse.de
+
+- Add a fix for bnc 367255.
+
+-------------------------------------------------------------------
+Tue Mar 4 19:32:59 CET 2008 - crivera@suse.de
+
+- Add public data support. We use a very simple approach. We create a
+ public directory, /home/.$USER. Any public data is moved from the
+ encrypted home directory to the public directory. We then place symlinks
+ in the encrypted home directory and the unencrypted home directory that
+ point to the public data. The public data is available whether the
+ encrypted home directory is mounted or not.
+
+ This is adds two new commands pd-add and pd-remove. They each take a
+ list of relative or absolute paths rooted in the encrypted home directory.
+
+-------------------------------------------------------------------
Old:
----
cryptconfig-0.2.dif
cryptconfig-0.2.tar.gz
New:
----
cryptconfig-0.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cryptconfig.spec ++++++
--- /var/tmp/diff_new_pack.G18416/_old 2008-03-06 00:26:57.000000000 +0100
+++ /var/tmp/diff_new_pack.G18416/_new 2008-03-06 00:26:57.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package cryptconfig (Version 0.2)
+# spec file for package cryptconfig (Version 0.3)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -10,9 +10,10 @@
# norootforbuild
+
Name: cryptconfig
-Version: 0.2
-Release: 17
+Version: 0.3
+Release: 1
Group: System/Base
License: GPL v2 or later
Summary: A Utility to Configure Encrypted Home Directories and LUKS Partitions
@@ -21,7 +22,6 @@
Requires: util-linux cryptsetup pam_mount >= 0.20 glib2 >= 2.8 openssl >= 0.9.7 pam-config >= 0.21
BuildRequires: cryptsetup glib2-devel >= 2.8 intltool libxml2-devel openssl-devel >= 0.9.7 pam-config >= 0.21 pam-devel util-linux
Source: %{name}-%{version}.tar.gz
-Patch: %{name}-%{version}.dif
%description
This package contains a utility for configuring encrypted home
@@ -39,7 +39,6 @@
%prep
%setup
-%patch
%build
#CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%{_prefix} \
@@ -64,6 +63,17 @@
%doc %{_mandir}/man8/cryptconfig.8.gz
%changelog
+* Wed Mar 05 2008 crivera@suse.de
+- Add a fix for bnc 367255.
+* Tue Mar 04 2008 crivera@suse.de
+- Add public data support. We use a very simple approach. We create a
+ public directory, /home/.$USER. Any public data is moved from the
+ encrypted home directory to the public directory. We then place symlinks
+ in the encrypted home directory and the unencrypted home directory that
+ point to the public data. The public data is available whether the
+ encrypted home directory is mounted or not.
+ This is adds two new commands pd-add and pd-remove. They each take a
+ list of relative or absolute paths rooted in the encrypted home directory.
* Mon Jan 21 2008 aj@suse.de
- Fix open call.
- Cleanup rpmlint warnings.
@@ -140,11 +150,11 @@
This is why we depend on pam_mount-0.18-32.
* Tue Jan 16 2007 crivera@suse.de
- Fix a small automake build issue.
-* Fri Jan 12 2007 maw@suse.de
+* Sat Jan 13 2007 maw@suse.de
- Feature update (more fate #253)
- Remove cryptconfig-pam_moddir.patch which is now upstream.
* Tue Jan 09 2007 ro@suse.de
- fix lib64 issue: teach configure about PAM_MODDIR
- work around automake problem
-* Mon Jan 08 2007 maw@suse.de
+* Tue Jan 09 2007 maw@suse.de
- Initial import into autobuild (fate #253).
++++++ cryptconfig-0.2.tar.gz -> cryptconfig-0.3.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/ChangeLog new/cryptconfig-0.3/ChangeLog
--- old/cryptconfig-0.2/ChangeLog 2007-11-12 20:33:22.000000000 +0100
+++ new/cryptconfig-0.3/ChangeLog 2008-03-05 14:19:21.000000000 +0100
@@ -1,3 +1,35 @@
+2008-03-05 Chris Rivera
+
+ * src/cryptconfig-lib.c:
+
+ Fix two bugs in disable_pam_mount (). Both of them caused 367255.
+
+2008-03-04 Chris Rivera
+
+ * src/cryptconfig-lib.c:
+
+ Specify the permissions when using open with O_CREAT.
+
+2008-03-04 Chris Rivera
+
+ * src/cryptconfig.h:
+ * src/cryptconfig.c:
+ * src/cryptconfig-lib.c:
+
+ Add public data support. We use a very simple approach. We create a
+ public directory, /home/.$USER. Any public data is moved from the
+ encrypted home directory to the public directory. We then place symlinks
+ in the encrypted home directory and the unencrypted home directory that
+ point to the public data. The public data is available whether the
+ encrypted home directory is mounted or not.
+
+ This is adds two new commands pd-add and pd-remove. They each take a
+ list of relative or absolute paths rooted in the encrypted home directory.
+
+ * run-cc-tests.py:
+
+ Add public data tests.
+
2007-11-08 Chris Rivera
* src/cryptconfig-lib.c:
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/configure new/cryptconfig-0.3/configure
--- old/cryptconfig-0.2/configure 2007-11-07 18:54:08.000000000 +0100
+++ new/cryptconfig-0.3/configure 2008-03-05 13:31:11.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for cryptconfig 0.2.
+# Generated by GNU Autoconf 2.61 for cryptconfig 0.3.
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
@@ -726,8 +726,8 @@
# Identity of this package.
PACKAGE_NAME='cryptconfig'
PACKAGE_TARNAME='cryptconfig'
-PACKAGE_VERSION='0.2'
-PACKAGE_STRING='cryptconfig 0.2'
+PACKAGE_VERSION='0.3'
+PACKAGE_STRING='cryptconfig 0.3'
PACKAGE_BUGREPORT=''
# Factoring default headers for most tests.
@@ -1450,7 +1450,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cryptconfig 0.2 to adapt to many kinds of systems.
+\`configure' configures cryptconfig 0.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1520,7 +1520,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cryptconfig 0.2:";;
+ short | recursive ) echo "Configuration of cryptconfig 0.3:";;
esac
cat <<\_ACEOF
@@ -1630,7 +1630,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cryptconfig configure 0.2
+cryptconfig configure 0.3
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1644,7 +1644,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cryptconfig $as_me 0.2, which was
+It was created by cryptconfig $as_me 0.3, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2334,7 +2334,7 @@
# Define the identity of the package.
PACKAGE=cryptconfig
- VERSION=0.2
+ VERSION=0.3
cat >>confdefs.h <<_ACEOF
@@ -23228,7 +23228,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cryptconfig $as_me 0.2, which was
+This file was extended by cryptconfig $as_me 0.3, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23281,7 +23281,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-cryptconfig config.status 0.2
+cryptconfig config.status 0.3
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/configure.in new/cryptconfig-0.3/configure.in
--- old/cryptconfig-0.2/configure.in 2007-11-06 22:53:46.000000000 +0100
+++ new/cryptconfig-0.3/configure.in 2008-03-03 04:52:10.000000000 +0100
@@ -1,7 +1,7 @@
AC_PREREQ(2.52)
-AC_INIT(cryptconfig, 0.2)
-AM_INIT_AUTOMAKE(cryptconfig, 0.2)
+AC_INIT(cryptconfig, 0.3)
+AM_INIT_AUTOMAKE(cryptconfig, 0.3)
AM_MAINTAINER_MODE
AM_CONFIG_HEADER(config.h)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/src/cryptconfig.c new/cryptconfig-0.3/src/cryptconfig.c
--- old/cryptconfig-0.2/src/cryptconfig.c 2007-11-06 21:17:19.000000000 +0100
+++ new/cryptconfig-0.3/src/cryptconfig.c 2008-03-03 04:37:19.000000000 +0100
@@ -148,7 +148,7 @@
}
/* make sure pam_mount is not configured for this user already */
- if (pam_mount_is_setup_for_user (user_field, NULL, NULL)) {
+ if (pam_mount_is_setup_for_user (user_field, NULL, NULL, NULL)) {
if (!replace) {
g_printerr (_("pam_mount is already setup for %s. "
"Use --replace to replace the existing entry\n"), user_field);
@@ -972,7 +972,7 @@
}
/* make sure pam_mount is not configured for this user already */
- if (pam_mount_is_setup_for_user (argv[2], NULL, NULL)) {
+ if (pam_mount_is_setup_for_user (argv[2], NULL, NULL, NULL)) {
if (!replace) {
g_printerr (_("pam_mount is already setup for %s. "
"Use --replace to replace the existing entry\n"), argv[2]);
@@ -1289,12 +1289,127 @@
}
/*
+ * Add/remove data from a user's public directory
+ */
+static gboolean command_public_data (char *cmd, int argc, char *argv[], gboolean add_data)
+{
+ struct passwd *pent;
+ GOptionContext *ctx;
+ GError *err = NULL;
+ gchar *map_device = NULL, *loop_device = NULL, *mount_point = NULL;
+ gchar *pm_im = NULL, *pm_kf = NULL, *pm_fs = NULL;
+ gchar *fs_type = NULL;
+ gboolean ret, retval = FALSE;
+ int i;
+
+ GOptionEntry entries[] = {
+ { "fs-type", 0, 0, G_OPTION_ARG_STRING, &fs_type, N_("The filesystem type. The default is ext3."), NULL },
+ { NULL, 0, 0, 0, NULL, NULL, NULL }
+ };
+
+ ctx = g_option_context_new ("user path [path1 path2 ...]");
+ g_option_context_add_main_entries (ctx, entries, NULL);
+ ret = g_option_context_parse (ctx, &argc, &argv, &err);
+ if (!ret) {
+ g_printerr (_("parsing failed: %s\n"), err->message);
+ g_error_free (err);
+ g_option_context_free (ctx);
+ return FALSE;
+ }
+
+ if (argc < 4)
+ show_command_help (ctx, cmd, argv);
+
+ pent = getpwnam (argv[2]);
+ if (!pent) {
+ g_printerr (_("Failed to lookup user '%s'\n"), argv[2]);
+ return FALSE;
+ }
+
+ /* make sure we're using a valid fs_type */
+ if (fs_type && !is_filesystem_supported (fs_type)) {
+ gchar *fs = get_supported_filesystems ();
+ g_printerr (_("%s is not a supported file system\nSupported file "
+ "systems are: %s\n"), fs_type, fs);
+ g_free (fs);
+ return FALSE;
+ }
+
+ /*
+ * Get the image, key file, and fs info from pam_mount.conf
+ */
+ if (!pam_mount_is_setup_for_user (argv[2], &pm_im, &pm_kf, &pm_fs)) {
+ g_printerr (_("Pam mount is not setup for '%s'\n"), argv[2]);
+ return FALSE;
+ }
+
+ if (loop_find_devs_from_image (pm_im, NULL, NULL)) {
+ g_printerr (_("%s is currently in use. Unable to continue.\n"), pm_im);
+ goto cleanup;
+ }
+
+ if (!unlock_image (pm_im, pm_kf, &map_device, &loop_device)) {
+ g_printerr (_("Failed to unlock image\n"));
+ goto cleanup;
+ }
+
+ if (!temp_mount (fs_type ? fs_type : "ext3", map_device, &mount_point)) {
+ g_printerr (_("Failed to mount image\n"));
+ goto cleanup;
+ }
+
+ for (i = 3; i < argc; i++) {
+ if (add_data) {
+ if (!add_public_data (argv[2], pent->pw_dir, mount_point, argv[i])) {
+ g_printerr (_("Failed to add %s\n"), argv[i]);
+ goto cleanup;
+ }
+ } else {
+ if (!remove_public_data (argv[2], pent->pw_dir, mount_point, argv[i])) {
+ g_printerr (_("Failed to remove %s\n"), argv[i]);
+ goto cleanup;
+ }
+ }
+ }
+
+ g_print (_("Done.\n"));
+ retval = TRUE;
+
+cleanup:
+ if (mount_point)
+ umount (mount_point);
+ if (loop_device && g_file_test (map_device, G_FILE_TEST_EXISTS))
+ luks_close (map_device);
+ if (loop_device)
+ loop_close (loop_device);
+
+ g_free (loop_device);
+ g_free (map_device);
+ g_free (mount_point);
+ g_free (pm_im);
+ g_free (pm_kf);
+ g_free (pm_fs);
+ return retval;
+}
+
+static gboolean command_add_public_data (char *cmd, int argc, char *argv[])
+{
+
+ return command_public_data (cmd, argc, argv, TRUE);
+}
+
+static gboolean command_remove_public_data (char *cmd, int argc, char *argv[])
+{
+ return command_public_data (cmd, argc, argv, FALSE);
+}
+
+/*
* Print individual command descriptions.
*/
static void print_command_description (gpointer key, gpointer value, gpointer user_data)
{
Command *cmd = value;
- g_printerr ("%s: %s\n", cmd->name, cmd->description);
+ g_printerr ("%-15s %s\n", cmd->name, cmd->description);
}
/*
@@ -1380,6 +1495,12 @@
register_command ("close", "image",
_("Close devices using a LUKS image"),
TRUE, command_close_luks_image);
+ register_command ("pd-add", "user image_file fs_type",
+ _("Add public data"),
+ TRUE, command_add_public_data);
+ register_command ("pd-remove", "user image_file fs_type",
+ _("Remove public data"),
+ TRUE, command_remove_public_data);
if (argc < 2 || !strncmp (argv[1], "--help", 6))
usage (argv[0]);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/src/cryptconfig.h new/cryptconfig-0.3/src/cryptconfig.h
--- old/cryptconfig-0.2/src/cryptconfig.h 2007-11-06 21:16:39.000000000 +0100
+++ new/cryptconfig-0.3/src/cryptconfig.h 2008-02-04 19:29:25.000000000 +0100
@@ -13,8 +13,8 @@
#define KEY_DATA_SIZE 256
#define BUFF_SIZE 256
#define KEY_FILE_SIZE_THRESHOLD 1048576
-#define PAM_SERVICES_DIR "/etc/pam.d"
-#define PAM_MOUNT_CONF "/etc/security/pam_mount.conf.xml"
+#define PAM_SERVICES_DIR SYSCONFDIR "/pam.d"
+#define PAM_MOUNT_CONF SYSCONFDIR "/security/pam_mount.conf.xml"
#define CRYPTCONFIG_CONF SYSCONFDIR "/cryptconfig.conf"
gboolean luks_close (char *map_name);
@@ -47,7 +47,7 @@
gboolean resize_filesystem (char *device);
gboolean check_min_fs_size (const char *fs_type, gint64 image_size, gint64 *req_size);
-gboolean pam_mount_is_setup_for_user (const char * user, char **image, char **key);
+gboolean pam_mount_is_setup_for_user (const char * user, char **image, char **key, char **fs_type);
gboolean enable_pam_mount (const char *user, const char *image_file, const char *key_file);
gboolean disable_pam_mount (const char *user);
@@ -64,4 +64,9 @@
gboolean remove_home_directory (struct passwd *pent);
gboolean parse_size (const char *arg, gint64 *size_in_mb);
+gboolean add_public_data (const char *user, const char *normal_hd,
+ const char *enc_hd, const char *path);
+gboolean remove_public_data (const char *user, const char *normal_hd,
+ const char *enc_hd, const char *path);
+
#endif
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/src/cryptconfig-lib.c new/cryptconfig-0.3/src/cryptconfig-lib.c
--- old/cryptconfig-0.2/src/cryptconfig-lib.c 2007-11-07 21:58:28.000000000 +0100
+++ new/cryptconfig-0.3/src/cryptconfig-lib.c 2008-03-05 14:16:23.000000000 +0100
@@ -62,7 +62,7 @@
/*
* Manually copy the contents of old to new
*/
-static int crappy_rename (const char *old, const char *new)
+static int copy_file (const char *old, const char *new)
{
ssize_t br, bw;
int old_fd, new_fd, ret = 0;
@@ -74,7 +74,7 @@
return -1;
}
- new_fd = open (new, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW);
+ new_fd = open (new, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0600);
if (new_fd == -1) {
close (old_fd);
g_printerr ("open: %s\n", strerror (errno));
@@ -100,10 +100,28 @@
return ret;
}
+static gboolean move_file (char *old, char *new)
+{
+ gchar *argv[] = { "/bin/mv", "-f", old, new, NULL };
+ GError *err = NULL;
+ gint status;
+
+ gboolean ret = g_spawn_sync (NULL, argv, NULL,
+ G_SPAWN_STDOUT_TO_DEV_NULL,
+ NULL, NULL, NULL, NULL, &status, &err);
+ if (!ret || WEXITSTATUS (status) != 0) {
+ g_printerr (_("move failed: %s\n"), err->message);
+ g_error_free (err);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
/*
* Rename old to new, but keep new's permissions, uid, and guid.
*/
-static gboolean rename_file (const char *old, const char *new)
+static gboolean overwrite_file (const char *old, const char *new)
{
int retval, new_fd;
struct stat info;
@@ -125,7 +143,7 @@
*/
retval = rename (old, new);
if (retval == -1 && errno == EXDEV) {
- retval = crappy_rename (old, new);
+ retval = copy_file (old, new);
if (retval)
unlink (old);
@@ -331,7 +349,7 @@
gboolean ret = TRUE;
gchar **list;
gsize size;
- int i, j;
+ int i;
list = type == PAM_CONFIG_TYPE_CRYPTPASS_PASSWD ?
get_pam_passwd_services (&size) : get_pam_services (&size);
@@ -376,10 +394,10 @@
}
/*
- * Return TRUE is user has an entry in pam_mount.conf. The image and key
+ * Return TRUE is user has an entry in pam_mount.conf. The image, key, and fs_type
* arguments should be freed by the caller if the function returns true.
*/
-gboolean pam_mount_is_setup_for_user (const char *user, char **image, char **key)
+gboolean pam_mount_is_setup_for_user (const char *user, char **image, char **key, char **fs_type)
{
xmlDocPtr doc;
xmlNodePtr root_node, node;
@@ -420,6 +438,9 @@
if (key)
*key = g_strchomp (strdup ((char *) fskeypath));
+ if (fs_type)
+ *fs_type = g_strchomp (strdup ((char *) fstype));
+
ret = TRUE;
}
@@ -738,7 +759,7 @@
retval = rename (tmp_name, key_file);
if (retval)
- retval = crappy_rename (tmp_name, key_file);
+ retval = copy_file (tmp_name, key_file);
error:
close (fd);
@@ -821,10 +842,11 @@
md = g_build_filename ("/dev/mapper", map_name, NULL);
if (!g_file_test (md, G_FILE_TEST_EXISTS)) {
- g_free (md);
- *map_dev = NULL;
+ if (map_dev)
+ *map_dev = NULL;
} else {
- *map_dev = md;
+ if (map_dev)
+ *map_dev = g_strdup (md);
}
/* try and find the loop device that image is using */
@@ -845,7 +867,8 @@
if (!io_ret) {
if (!strcmp (image, (char *) info.lo_file_name)) {
- *loop_dev = g_strdup (ld);
+ if (loop_dev)
+ *loop_dev = g_strdup (ld);
ret = TRUE;
goto cleanup;
}
@@ -854,10 +877,11 @@
cleanup:
if (!ret) {
- *map_dev = NULL;
- g_free (md);
+ if (map_dev)
+ *map_dev = NULL;
}
+ g_free (md);
g_free (map_name);
return ret;
}
@@ -1099,7 +1123,7 @@
ret = xmlSaveFormatFileEnc (tmp_name, doc, "UTF-8", 1);
if (ret != -1)
- ret = rename_file (tmp_name, PAM_MOUNT_CONF) == TRUE ? 0 : -1;
+ ret = overwrite_file (tmp_name, PAM_MOUNT_CONF) == TRUE ? 0 : -1;
close (fd);
return ret;
@@ -1113,8 +1137,9 @@
gboolean disable_pam_mount (const char *user)
{
xmlDocPtr doc;
- xmlNodePtr root_node, node;
+ xmlNodePtr root_node, node, next_node;
struct passwd *pent;
+ gboolean other_entries = FALSE;
int ok;
if (user) {
@@ -1150,6 +1175,7 @@
u = xmlGetProp (node, (xmlChar *) "user");
t = xmlGetProp (node, (xmlChar *) "fstype");
+
if (!u || !t || !xmlHasProp (node, (xmlChar *) "fskeypath") ||
xmlStrcasecmp ((xmlChar *) "crypt", t)) {
xmlFree (u);
@@ -1158,29 +1184,38 @@
continue;
}
- if (!user || (user && !xmlStrcasecmp ((xmlChar *) user, u)))
+ if (!user) {
+ remove_node = TRUE;
+ } else if (!xmlStrcasecmp ((xmlChar *) user, u)) {
remove_node = TRUE;
+ } else {
+ other_entries = TRUE;
+ }
xmlFree (u);
xmlFree (t);
-
+ next_node = node->next;
+
if (remove_node) {
xmlUnlinkNode (node);
xmlFreeNode (node);
}
- node = node->next;
+ node = next_node;
}
ok = write_xml_config (doc);
xmlFreeDoc (doc);
- if (ok == -1)
+ if (ok == -1) {
return FALSE;
- else
+ } else if (other_entries) {
+ return TRUE;
+ } else {
return run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS_PASSWD, PAM_CONFIG_OP_REMOVE) &&
run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS, PAM_CONFIG_OP_REMOVE) &&
run_pam_config (PAM_CONFIG_TYPE_MOUNT, PAM_CONFIG_OP_REMOVE);
+ }
}
/*
@@ -1228,7 +1263,7 @@
}
/* see if we're already setup for this {user, image, key} */
- if (pam_mount_is_setup_for_user (up, &curr_image, &curr_key)) {
+ if (pam_mount_is_setup_for_user (up, &curr_image, &curr_key, NULL)) {
if (!strcmp (image, curr_image) && !strcmp (key_file, curr_key)) {
g_free (curr_image);
g_free (curr_key);
@@ -1358,7 +1393,9 @@
if (tty)
tcsetattr (STDIN_FILENO, TCSAFLUSH, &normal);
- write (STDOUT_FILENO, "\n", 1);
+ if (write (STDOUT_FILENO, "\n", 1) == -1)
+ goto error;
+
return TRUE;
error:
@@ -1507,7 +1544,7 @@
char *argv[] = { "/bin/mount", "-n", "-t", fs_type, "-o", "user_xattr", "--",
device, mount_point, NULL};
return g_spawn_sync (NULL, argv, NULL,
- G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL,
+ G_SPAWN_STDOUT_TO_DEV_NULL,
NULL, NULL, NULL, NULL, &status, NULL);
}
@@ -1809,6 +1846,28 @@
}
/*
+ * Remove a directory tree.
+ */
+static gboolean remove_tree (char *tree)
+{
+ gchar *argv[] = { "/bin/rm", "-rf", tree, NULL };
+ GError *err;
+ gint status;
+ gboolean ret;
+
+ ret = g_spawn_sync (NULL, argv, NULL,
+ G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL,
+ NULL, NULL, NULL, NULL, &status, &err);
+ if (!ret) {
+ g_printerr ("%s\n", err->message);
+ g_error_free (err);
+ return FALSE;
+ }
+
+ return WEXITSTATUS (status) ? FALSE : TRUE;
+}
+
+/*
* Parse arg and set size to arg in MB.
*/
gboolean parse_size (const char *arg, gint64 *size)
@@ -1837,3 +1896,332 @@
return TRUE;
}
+
+/*
+ * Create a directory to store data that will be publicly available.
+ * The result parameter will point to the public data root and should
+ * be freed by the caller.
+ */
+static gboolean create_public_directory (const char *user, gchar **result)
+{
+ struct passwd *pent;
+ gchar *pub_dir = NULL, *dir = NULL, *base = NULL;
+ gboolean ret = FALSE;
+
+ pent = getpwnam (user);
+ if (!pent) {
+ g_printerr ("Failed to look up '%s'\n", user);
+ return FALSE;
+ }
+
+ dir = g_path_get_dirname (pent->pw_dir);
+ base = g_path_get_basename (pent->pw_dir);
+ pub_dir = g_strdup_printf ("%s%s.%s", dir, G_DIR_SEPARATOR_S, base);
+
+ if (g_mkdir_with_parents (pub_dir, 0755)) {
+ g_printerr ("Failed to create public directory '%s'\n", pub_dir);
+ goto cleanup;
+ }
+
+ if (chown (pub_dir, pent->pw_uid, pent->pw_gid)) {
+ g_printerr ("Failed to chown public directory for %s\n", user);
+ goto cleanup;
+ }
+
+ if (chmod (pub_dir, 0755)) {
+ g_printerr ("Failed to chmod public directory for %s\n", user);
+ goto cleanup;
+ }
+
+ if (result)
+ *result = g_strdup (pub_dir);
+
+ ret = TRUE;
+
+cleanup:
+ g_free (pub_dir);
+ g_free (dir);
+ g_free (base);
+ return ret;
+}
+
+/*
+ * Adjust the permissions of the components in target to match the ones in source.
+ */
+static gboolean adjust_path_permissions (const char *source_root, const char *target_root, const char *path)
+{
+ int i;
+ gchar **parts = g_strsplit (path, "/", -1);
+ gchar *source_path = g_strdup (source_root);
+ gchar *target_path = g_strdup (target_root);
+ gboolean ret = FALSE;
+
+ for (i = 0; parts[i]; i++) {
+ struct stat s_info;
+ gchar *s_tmp = g_build_filename (source_path, parts[i], NULL);
+ gchar *t_tmp = g_build_filename (target_path, parts[i], NULL);
+
+ g_free (source_path);
+ g_free (target_path);
+ source_path = s_tmp;
+ target_path = t_tmp;
+
+ if (stat (source_path, &s_info)) {
+ g_printerr ("Failed to stat %s: %s\n", source_path, strerror (errno));
+ goto cleanup;
+ }
+
+ if (chmod (target_path, s_info.st_mode) ||
+ chown (target_path, s_info.st_uid, s_info.st_gid)) {
+ g_printerr ("Failed to modify %s: %s\n", target_path, strerror (errno));
+ goto cleanup;
+ }
+ }
+
+ ret = TRUE;
+
+cleanup:
+ g_free (source_path);
+ g_free (target_path);
+ g_strfreev (parts);
+ return ret;
+}
+
+/*
+ * Return a relative path rooted in 'root'. rel_path needs to be freed by the caller.
+ */
+static gboolean get_relative_path_with_root (const char *path, const char *root, gchar **rel_path)
+{
+ size_t len;
+
+ if (g_path_is_absolute (path)) {
+ len = strlen (root);
+ if (len + 1 >= strlen (path))
+ return FALSE;
+
+ if (!strncmp (path, root, len)) {
+ *rel_path = g_strdup (path + len + 1);
+ } else {
+ return FALSE;
+ }
+ } else {
+ *rel_path = g_strdup (path);
+ }
+
+ return TRUE;
+}
+
+/*
+ * Add data to a user's public directory. path can be absolute
+ * or relative to the user's encrypted home directory.
+ */
+gboolean add_public_data (const char *user, const char *normal_hd,
+ const char *enc_hd, const char *path)
+{
+ gchar *pub_dir = NULL, *pub_base_dir = NULL, *pub_file = NULL;
+ gchar *normal_link = NULL, *normal_base_dir = NULL;
+ gchar *src_file = NULL, *src_base_dir = NULL, *rel_path = NULL;
+ struct stat info;
+ gboolean ret = FALSE;
+
+ /* create public directory */
+ if (!create_public_directory (user, &pub_dir)) {
+ g_printerr ("Failed to create public directory for user %s\n", user);
+ goto cleanup;
+ }
+
+ if (!get_relative_path_with_root (path, normal_hd, &rel_path)) {
+ g_printerr ("%s is an invalid path\n", path);
+ goto cleanup;
+ }
+
+ src_file = g_build_filename (enc_hd, rel_path, NULL);
+ src_base_dir = g_path_get_dirname (src_file);
+ pub_file = g_build_filename (pub_dir, rel_path, NULL);
+ pub_base_dir = g_path_get_dirname (pub_file);
+ normal_link = g_build_filename (normal_hd, rel_path, NULL);
+ normal_base_dir = g_path_get_dirname (normal_link);
+
+ /* see if the public file exists already */
+ if (g_file_test (pub_file, G_FILE_TEST_EXISTS)) {
+ g_printerr ("The public file %s already exists.\n", pub_file);
+ goto cleanup;
+ }
+
+ /* make sure the file exists in the encrypted directory */
+ if (stat (src_file, &info)) {
+ g_printerr ("Failed to stat %s: %s\n", src_file, strerror (errno));
+ goto cleanup;
+ }
+
+ /* make sure that the file doesn't exist in the unencrypted home */
+ if (g_file_test (normal_link, G_FILE_TEST_EXISTS)) {
+ g_printerr ("%s already exists, unlinking...\n", normal_link);
+ if (g_remove (normal_link)) {
+ g_printerr ("Failed to unlink %s\n", normal_link);
+ goto cleanup;
+ }
+ }
+
+ /* make sure the file isn't a symlink */
+ if (g_file_test (src_file, G_FILE_TEST_IS_SYMLINK)) {
+ gchar *link_target = NULL;
+
+ if ((link_target = g_file_read_link (src_file, NULL)) &&
+ !strcmp (link_target, pub_file)) {
+ g_printerr ("%s is a symlink that already points to %s\n", src_file, pub_file);
+ } else {
+ g_printerr ("%s is a symlink\n", src_file);
+ }
+
+ g_free (link_target);
+ goto cleanup;
+ }
+
+ /* create the directory structure in the public and normal directories */
+ if (g_mkdir_with_parents (pub_base_dir, 0755)) {
+ g_printerr ("Failed to create %s\n", pub_base_dir);
+ goto cleanup;
+ }
+
+ if (g_mkdir_with_parents (normal_base_dir, 0755)) {
+ g_printerr ("Failed to create %s\n", normal_base_dir);
+ goto cleanup;
+ }
+
+ /* move the file to the public directory */
+ if (!move_file (src_file, pub_file)) {
+ g_printerr ("Failed to move %s to %s\n", src_file, pub_file);
+ goto cleanup;
+ }
+
+ if (chmod (pub_file, info.st_mode) ||
+ chown (pub_file, info.st_uid, info.st_gid)) {
+ g_printerr ("Failed to modify permissions for %s: %s\n", pub_file, strerror (errno));
+ goto cleanup;
+ }
+
+ /* create the symlinks */
+ if (symlink (pub_file, src_file)) {
+ g_printerr ("Failed to create symlink '%s': %s\n", src_file, strerror (errno));
+ goto cleanup;
+ }
+
+ if (symlink (pub_file, normal_link)) {
+ g_printerr ("Failed to create symlink '%s': %s\n", normal_link, strerror (errno));
+ goto cleanup;
+ }
+
+ if (chown (src_file, info.st_uid, info.st_gid) ||
+ chown (pub_file, info.st_uid, info.st_gid))
+ g_printerr ("Failed to chown symlinks\n");
+
+ if (!adjust_path_permissions (enc_hd, pub_dir, rel_path)) {
+ g_printerr ("Failed to adjust path permissions\n");
+ goto cleanup;
+ }
+
+ if (!adjust_path_permissions (enc_hd, normal_hd, rel_path)) {
+ g_printerr ("Failed to adjust path permissions\n");
+ goto cleanup;
+ }
+
+ ret = TRUE;
+
+cleanup:
+ g_free (rel_path);
+ g_free (pub_dir);
+ g_free (src_file);
+ g_free (src_base_dir);
+ g_free (pub_file);
+ g_free (pub_base_dir);
+ g_free (normal_link);
+ g_free (normal_base_dir);
+ return ret;
+}
+
+/*
+ * Moves path from the user's public directory back to their
+ * encrypted home directory.
+ */
+gboolean remove_public_data (const char *user, const char *normal_hd,
+ const char *enc_hd, const char *path)
+{
+ gchar *pub_dir = NULL, *pub_file = NULL, *dir = NULL, *base = NULL;
+ gchar *normal_link = NULL, *enc_link = NULL, *rel_path = NULL;
+ gchar *normal_tree = NULL, *pub_tree = NULL;
+ gchar **pub_parts = NULL, **normal_parts = NULL;
+ gboolean ret = FALSE;
+
+ /* build the public directory name */
+ dir = g_path_get_dirname (normal_hd);
+ base = g_path_get_basename (normal_hd);
+ pub_dir = g_strdup_printf ("%s/.%s", dir, base);
+ g_free (dir);
+ g_free (base);
+
+ if (!get_relative_path_with_root (path, pub_dir, &rel_path)) {
+ g_printerr ("%s is an invalid path\n", path);
+ goto cleanup;
+ }
+
+ enc_link = g_build_filename (enc_hd, rel_path, NULL);
+ pub_file = g_build_filename (pub_dir, rel_path, NULL);
+ normal_link = g_build_filename (normal_hd, rel_path, NULL);
+
+ /* make sure the public file exists */
+ if (!g_file_test (pub_file, G_FILE_TEST_EXISTS)) {
+ g_printerr ("The public file %s does not exist.\n", pub_file);
+ goto cleanup;
+ }
+
+ /* remove the symlinks */
+ if (g_file_test (normal_link, G_FILE_TEST_IS_SYMLINK) &&
+ g_remove (normal_link)) {
+ g_printerr ("Failed to remove %s\n", normal_link);
+ goto cleanup;
+ }
+
+ if (g_file_test (enc_link, G_FILE_TEST_IS_SYMLINK) &&
+ g_remove (enc_link)) {
+ g_printerr ("Failed to remove %s\n", normal_link);
+ goto cleanup;
+ }
+
+ /* move the public file to the encrypted home */
+ if (!move_file (pub_file, enc_link)) {
+ g_printerr ("Failed to move %s to %s\n", pub_file, enc_link);
+ goto cleanup;
+ }
+
+ /* remove public and normal trees */
+ dir = g_path_get_dirname (pub_file);
+ if (strcmp (dir, pub_dir)) {
+ /* directories need to be removed */
+ pub_parts = g_strsplit (pub_file + strlen (pub_dir) + 1, "/", -1);
+ pub_tree = g_build_filename (pub_dir, pub_parts[0], NULL);
+ normal_parts = g_strsplit (normal_link + strlen (normal_hd) + 1, "/", -1);
+ normal_tree = g_build_filename (normal_hd, normal_parts[0], NULL);
+
+ if (!remove_tree (pub_tree))
+ g_printerr ("Failed to remove %s\n", pub_tree);
+
+ if (!remove_tree (normal_tree))
+ g_printerr ("Failed to remove %s\n", normal_tree);
+ }
+
+ g_free (dir);
+ ret = TRUE;
+
+cleanup:
+ g_free (rel_path);
+ g_free (enc_link);
+ g_free (pub_dir);
+ g_free (pub_file);
+ g_free (normal_link);
+ g_free (pub_tree);
+ g_free (normal_tree);
+ g_strfreev (pub_parts);
+ g_strfreev (normal_parts);
+ return ret;
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/src/Makefile.am new/cryptconfig-0.3/src/Makefile.am
--- old/cryptconfig-0.2/src/Makefile.am 2007-11-06 22:54:11.000000000 +0100
+++ new/cryptconfig-0.3/src/Makefile.am 2008-03-05 13:30:50.000000000 +0100
@@ -16,7 +16,7 @@
moduledir = @PAM_MODDIR@
module_LTLIBRARIES = pam_cryptpass.la
pam_cryptpass_la_SOURCES = cryptconfig.h cryptconfig-lib.c pam_cryptpass.c
-pam_cryptpass_la_LDFLAGS = -module -avoid-version -lpam $(GLIB_LIBS) `pkg-config --libs libcrypto`
-pam_cryptpass_la_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS)
+pam_cryptpass_la_LDFLAGS = -module -avoid-version -lpam $(GLIB_LIBS) `pkg-config --libs libcrypto` $(LIBXML_LIBS)
+pam_cryptpass_la_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) $(LIBXML_CFLAGS)
CLEANFILES = $(sbin_PROGRAMS) $(module_LT_LIBRARIES)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/src/Makefile.in new/cryptconfig-0.3/src/Makefile.in
--- old/cryptconfig-0.2/src/Makefile.in 2007-11-07 18:54:07.000000000 +0100
+++ new/cryptconfig-0.3/src/Makefile.in 2008-03-05 13:31:10.000000000 +0100
@@ -262,8 +262,8 @@
moduledir = @PAM_MODDIR@
module_LTLIBRARIES = pam_cryptpass.la
pam_cryptpass_la_SOURCES = cryptconfig.h cryptconfig-lib.c pam_cryptpass.c
-pam_cryptpass_la_LDFLAGS = -module -avoid-version -lpam $(GLIB_LIBS) `pkg-config --libs libcrypto`
-pam_cryptpass_la_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS)
+pam_cryptpass_la_LDFLAGS = -module -avoid-version -lpam $(GLIB_LIBS) `pkg-config --libs libcrypto` $(LIBXML_LIBS)
+pam_cryptpass_la_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) $(LIBXML_CFLAGS)
CLEANFILES = $(sbin_PROGRAMS) $(module_LT_LIBRARIES)
all: all-am
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.2/src/pam_cryptpass.c new/cryptconfig-0.3/src/pam_cryptpass.c
--- old/cryptconfig-0.2/src/pam_cryptpass.c 2007-07-10 20:56:57.000000000 +0200
+++ new/cryptconfig-0.3/src/pam_cryptpass.c 2008-02-04 19:17:39.000000000 +0100
@@ -59,7 +59,7 @@
if (!pent)
return -1;
- if (!pam_mount_is_setup_for_user (user, &image_f, &key_f))
+ if (!pam_mount_is_setup_for_user (user, &image_f, &key_f, NULL))
return -1;
/* make sure the key exists and user is the owner */
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org