Hello community,
here is the log from the commit of package pam_mount
checked in at Fri Apr 4 01:39:32 CEST 2008.
--------
--- pam_mount/pam_mount.changes 2007-10-08 13:51:50.000000000 +0200
+++ /mounts/work_src_done/STABLE/pam_mount/pam_mount.changes 2008-04-03 12:08:04.817859000 +0200
@@ -1,0 +2,17 @@
+Wed Apr 2 18:02:12 CEST 2008 - mc@suse.de
+
+- update to version 0.32
+- notify about unknown options in /etc/pam.d/*
+- support "debug" option for pam_mount in /etc/pam.d/*
+- mount.crypt: detect loop devices by major number
+- Fixed parsing of old-style pam_mount.conf with spaces in group names,
+ copy-and-paste typos and a missing return value. Added workaround for
+ CIFS volumes within NFS mounts with "root_squash" option.
+- allow --keyfile to be used for non-LUKS too
+- luksClose is the same as Remove (in umount.crypt)
+- convert "local" fstype entries from old configuration format correctly.
+- fixed parsing of old pam_mount.conf with spaces in group names
+- fixed: When no volumes were to be mounted, return value
+ was not PAM_SUCCESS.
+
+-------------------------------------------------------------------
Old:
----
pam_mount-0.29.tar.bz2
New:
----
pam_mount-0.32-post.dif
pam_mount-0.32.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_mount.spec ++++++
--- /var/tmp/diff_new_pack.W11286/_old 2008-04-04 01:39:22.000000000 +0200
+++ /var/tmp/diff_new_pack.W11286/_new 2008-04-04 01:39:22.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package pam_mount (Version 0.29)
+# spec file for package pam_mount (Version 0.32)
#
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -10,17 +10,19 @@
# norootforbuild
+
Name: pam_mount
BuildRequires: glib2-devel libHX10-devel libxml2-devel openssl-devel pam-devel perl-XML-Writer zlib-devel
Summary: A PAM Module that can Mount Volumes for a User Session
-Version: 0.29
+Version: 0.32
Release: 1
-Requires: lsof coreutils util-linux
+Requires: lsof util-linux
Recommends: cryptsetup
-License: LGPL v2 or later
+License: LGPL v2.1 or later
Prefix: /usr
Group: System/Libraries
Source: %{name}-%{version}.tar.bz2
+Patch0: pam_mount-0.32-post.dif
Patch1: pam_mount-0.18-umount-home-dir.dif
Patch2: pam_mount-0.18-bump-max-par.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -58,6 +60,7 @@
%prep
%setup -q
+%patch0 -p2
%patch1
%patch2
@@ -110,8 +113,23 @@
%doc %{_mandir}/man8/passwdehd.8.gz
%doc %{_mandir}/man8/pmvarrun.8.gz
%doc %{_mandir}/man8/umount.crypt.8.gz
+
%changelog
-* Mon Oct 08 2007 - mc@suse.de
+* Wed Apr 02 2008 mc@suse.de
+- update to version 0.32
+- notify about unknown options in /etc/pam.d/*
+- support "debug" option for pam_mount in /etc/pam.d/*
+- mount.crypt: detect loop devices by major number
+- Fixed parsing of old-style pam_mount.conf with spaces in group names,
+ copy-and-paste typos and a missing return value. Added workaround for
+ CIFS volumes within NFS mounts with "root_squash" option.
+- allow --keyfile to be used for non-LUKS too
+- luksClose is the same as Remove (in umount.crypt)
+- convert "local" fstype entries from old configuration format correctly.
+- fixed parsing of old pam_mount.conf with spaces in group names
+- fixed: When no volumes were to be mounted, return value
+ was not PAM_SUCCESS.
+* Mon Oct 08 2007 mc@suse.de
- update to version 0.29
* pam_mount switched to an XML configuration.
* added truecrypt support
@@ -122,56 +140,56 @@
* Implement the "soft_try_pass" option
* add "nullok" option
* --keyfile option added to mount.crypt
-* Fri Sep 21 2007 - mc@suse.de
+* Fri Sep 21 2007 mc@suse.de
- remove the loopdevice for the image too
[#326802]
-* Thu Sep 20 2007 - mc@suse.de
+* Thu Sep 20 2007 mc@suse.de
- add required dependencies [#326802]
-* Wed Apr 04 2007 - crivera@suse.de
+* Wed Apr 04 2007 crivera@suse.de
- Don't package mount_ehd, it's only for
OpenBSD. Fixes 256214.
-* Thu Mar 29 2007 - mc@suse.de
+* Thu Mar 29 2007 mc@suse.de
- add zlib-devel to BuildRequires
-* Tue Mar 13 2007 - mc@suse.de
+* Tue Mar 13 2007 mc@suse.de
- fix reference counting of pmvarrun app
[#252243]
-* Tue Jan 23 2007 - mc@suse.de
+* Tue Jan 23 2007 mc@suse.de
- fix umount encrypted homedirectories
[#237793]
-* Thu Jan 18 2007 - mc@suse.de
+* Thu Jan 18 2007 mc@suse.de
- disable debug
- increase MAX_PAR to be able to read longer keys
-* Fri Jan 12 2007 - mc@suse.de
+* Fri Jan 12 2007 mc@suse.de
- add patch to kill all remaining user processes before
unmounting crypted partition
(pam_mount-0.18-umount-home-dir.dif)
-* Fri Dec 08 2006 - dgollub@suse.de
+* Fri Dec 08 2006 dgollub@suse.de
- use UID of specified user for owner change of mount point
(pam_mount-chownuid-fix.diff)
-* Tue Sep 12 2006 - mc@suse.de
+* Tue Sep 12 2006 mc@suse.de
- Update to 0.18
* fixes memory corruptions, zero termination, segfaults
* A crash on x86_64 has been fixed. pam_mount now changes
to the root directory before attempting to (un)mount
-* Mon Jul 31 2006 - kukuk@suse.de
+* Mon Jul 31 2006 kukuk@suse.de
- Update to version 0.16
bugfix release
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
-* Thu Dec 22 2005 - varkoly@suse.de
+* Thu Dec 22 2005 varkoly@suse.de
- Update to version 0.10.0
-* Mon Dec 19 2005 - ro@suse.de
+* Mon Dec 19 2005 ro@suse.de
- added symlinks to package
-* Mon Jul 11 2005 - schubi@suse.de
+* Mon Jul 11 2005 schubi@suse.de
- Update to version 0.9.25
-* Mon Apr 11 2005 - kukuk@suse.de
+* Mon Apr 11 2005 kukuk@suse.de
- Update to version 0.9.22 [Bug #65110]
-* Thu Jan 15 2004 - kukuk@suse.de
+* Fri Jan 16 2004 kukuk@suse.de
- Build as user
- Add pam-devel to neededforbuild
-* Mon Jan 12 2004 - kukuk@suse.de
+* Mon Jan 12 2004 kukuk@suse.de
- Update to version 0.9.9
-* Mon Oct 27 2003 - kukuk@suse.de
+* Mon Oct 27 2003 kukuk@suse.de
- Update to version 0.9.6 [Bug #32216]
-* Wed May 28 2003 - kukuk@suse.de
+* Wed May 28 2003 kukuk@suse.de
- Initial package
++++++ pam_mount-0.18-umount-home-dir.dif ++++++
--- /var/tmp/diff_new_pack.W11286/_old 2008-04-04 01:39:22.000000000 +0200
+++ /var/tmp/diff_new_pack.W11286/_new 2008-04-04 01:39:22.000000000 +0200
@@ -23,15 +23,6 @@
for ((x = 5; x >= 0; --x)); do
fuser -m "$1" || break;
-@@ -72,7 +83,7 @@ fi
-
- # Check for LUKS
- #
--if cryptsetup isLuks "$DEVICE" 2>/dev/null; then
-+if cryptsetup isLuks "$REALDEVICE" 2>/dev/null; then
- cryptsetup luksClose "$DMDEVICE";
- else
- cryptsetup remove "$DMDEVICE";
@@ -90,3 +101,12 @@ if echo "$REALDEVICE" | grep ^/dev/loop
exit 1
fi
++++++ pam_mount-0.32-post.dif ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_mount-0.32/doc/pam_mount.8 new/pam_mount-0.33/doc/pam_mount.8
--- old/pam_mount-0.32/doc/pam_mount.8 2007-09-09 14:10:23.000000000 +0200
+++ new/pam_mount-0.33/doc/pam_mount.8 2008-02-06 00:46:20.000000000 +0100
@@ -24,9 +24,8 @@
in an automount/supermount config file. This is also necessary for securing
encrypted filesystems.
.PP
-pam_mount "understands" SMB, NCP, and any type of filesystem that can be
-mounted using the standard mount command. If someone has a particular need for
-a different filesystem, feel free to ask me to include it and send me patches.
+pam_mount can mount any filesystem the kernel supports, and has supports the
+userspace helpers for SMB, CIFS, NCP, davfs, FUSE, and crypto mounts.
.PP
If you intend to use pam_mount to protect volumes on your computer using an
encrypted filesystem system, please know that there are many other issues you
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_mount-0.32/doc/pam_mount.txt new/pam_mount-0.33/doc/pam_mount.txt
--- old/pam_mount-0.32/doc/pam_mount.txt 2007-09-09 14:10:23.000000000 +0200
+++ new/pam_mount-0.33/doc/pam_mount.txt 2008-02-06 00:46:20.000000000 +0100
@@ -27,26 +27,25 @@
remote volume in /etc/fstab or in an automount/supermount config
file. This is also necessary for securing encrypted filesystems.
- pam_mount "understands" SMB, NCP, and any type of filesystem that can
- be mounted using the standard mount command. If someone has a particu‐
- lar need for a different filesystem, feel free to ask me to include it
- and send me patches.
-
- If you intend to use pam_mount to protect volumes on your computer
- using an encrypted filesystem system, please know that there are many
- other issues you need to consider in order to protect your data. For
- example, you probably want to disable or encrypt your swap partition
+ pam_mount can mount any filesystem the kernel supports, and has sup‐
+ ports the userspace helpers for SMB, CIFS, NCP, davfs, FUSE, and crypto
+ mounts.
+
+ If you intend to use pam_mount to protect volumes on your computer
+ using an encrypted filesystem system, please know that there are many
+ other issues you need to consider in order to protect your data. For
+ example, you probably want to disable or encrypt your swap partition
(the cryptoswap can help you do this). Do not assume a system is secure
without carefully considering potential threats.
NASTY DETAILS
- The primary configuration file for the pam_mount module is
- pam_mount.conf.xml. On most platforms this file is read from
- /etc/security/pam_mount.conf.xml. On OpenBSD pam_mount reads its con‐
- figuration file from /etc/pam_mount.conf.xml. pam_mount.conf.xml con‐
+ The primary configuration file for the pam_mount module is
+ pam_mount.conf.xml. On most platforms this file is read from
+ /etc/security/pam_mount.conf.xml. On OpenBSD pam_mount reads its con‐
+ figuration file from /etc/pam_mount.conf.xml. pam_mount.conf.xml con‐
tains many comments documenting its use.
- In addition, you must include two entries in the system's applicable
+ In addition, you must include two entries in the system's applicable
/etc/pam.d/SERVICE config files, as the following example shows:
auth required pam_securetty.so
@@ -61,14 +60,14 @@
+++ session optional pam_mount.so
When "sufficient" is used in the second column, you must make sure that
- pam_mount is added before this entry. Otherwise pam_mount will not get
- executed should a previous PAM module succeed. Also be aware of the
- "include" statements. These make PAM look into the specified file. If
+ pam_mount is added before this entry. Otherwise pam_mount will not get
+ executed should a previous PAM module succeed. Also be aware of the
+ "include" statements. These make PAM look into the specified file. If
there is a "sufficient" statement, then the pam_mount entry must either
be in the included file before the "sufficient" statement or before the
"include" statement.
- If you use pam_ldap, pam_winbind, or any other authentication services
+ If you use pam_ldap, pam_winbind, or any other authentication services
that make use of PAM's sufficient keyword then model your configuration
on the following:
@@ -81,17 +80,17 @@
This allows the following:
- 1. pam_mount will prompt for a password and export it to the PAM sys‐
+ 1. pam_mount will prompt for a password and export it to the PAM sys‐
tem.
- 2. pam_ldap will use the password from the PAM system to try and
+ 2. pam_ldap will use the password from the PAM system to try and
authenticate the user. If this succedes, the user will be authenti‐
cated. If it fails, pam_unix will try to authenticate.
- 3. pam_unix will try to authenticate the user if pam_ldap fails. If
+ 3. pam_unix will try to authenticate the user if pam_ldap fails. If
pam_unix fails, then the authentication will be refused.
- Alternatively, the following is possible (thanks to Andrew Morgan for
+ Alternatively, the following is possible (thanks to Andrew Morgan for
the hint!):
auth [success=2 default=ignore] pam_unix2.so
@@ -99,20 +98,20 @@
auth requisite pam_deny.so
auth optional pam_mount.so use_first_pass
- It may seem odd, but the first three lines will make it so that at
- least one of pam_unix2 or pam_ldap has to succeed. As you can see,
- pam_mount will be run after successful authentification with theses
+ It may seem odd, but the first three lines will make it so that at
+ least one of pam_unix2 or pam_ldap has to succeed. As you can see,
+ pam_mount will be run after successful authentification with theses
subsystems.
- If your volume has a different password than your system account, then
- encrypt the password to the volume you wish mounted using your system
- password as the key and store it somewhere on your system's local
+ If your volume has a different password than your system account, then
+ encrypt the password to the volume you wish mounted using your system
+ password as the key and store it somewhere on your system's local
filesystem. pam_mount supports transparently decrypting this filesystem
key, as long as the cipher used is supported by openssl. Given:
sk system key, the key or password used to log into the system
- fsk filesystem key, the key that allows you to use the filesystem
+ fsk filesystem key, the key that allows you to use the filesystem
you wish pam_mount to mount for you
E and D
@@ -121,48 +120,48 @@
efsk encrypted filesystem key, efsk = E_sk (fsk), stored somewhere on
the local filesystem (ie: /home/user.key)
- pam_mount will read efsk from the local filesystem, perform fsk = D_sk
- (efsk) and use fsk to mount the filesystem. If you change your system
- password, simply regenerate efsk using efsk = E_sk (fsk). If you want
- to mount this volume by hand, use something like openssl enc -d
- -aes-256-ecb -in /home/user.key | mount -p0 /home/user. More informa‐
+ pam_mount will read efsk from the local filesystem, perform fsk = D_sk
+ (efsk) and use fsk to mount the filesystem. If you change your system
+ password, simply regenerate efsk using efsk = E_sk (fsk). If you want
+ to mount this volume by hand, use something like openssl enc -d
+ -aes-256-ecb -in /home/user.key | mount -p0 /home/user. More informa‐
tion about this technique is included in pam_mount.conf.xml.
- A script named mkehd is provided with pam_mount to help create
- encrypted home directories. If you have an entry for a user using
- encrypted home directories in pam_mount.conf.xml, mkehd will create
+ A script named mkehd is provided with pam_mount to help create
+ encrypted home directories. If you have an entry for a user using
+ encrypted home directories in pam_mount.conf.xml, mkehd will create
necessary filesystem images and possibly encrypted filesystem keys.
- Individual users may define additional volumes to mount if allowed by
- pam_mount.conf.xml (usually ~/.pam_mount.conf.xml). The volume keyword
+ Individual users may define additional volumes to mount if allowed by
+ pam_mount.conf.xml (usually ~/.pam_mount.conf.xml). The volume keyword
is the only valid keyword in these per-user configuration files. If the
luserconf parameter is set in pam_mount.conf.xml, allowing user-defined
- volume, then users may mount and unmount any volume they own at any
- mount point they own. On some filesystem configurations this may be a
- security flaw so user-defined volumes are not allowed by the example
+ volume, then users may mount and unmount any volume they own at any
+ mount point they own. On some filesystem configurations this may be a
+ security flaw so user-defined volumes are not allowed by the example
pam_mount.conf.xml distributed with pam_mount.
- In general, you will leave all the first (general) parameters as pro‐
- vided by default. You only have to provide the user/volume list in the
+ In general, you will leave all the first (general) parameters as pro‐
+ vided by default. You only have to provide the user/volume list in the
end of the file, following the examples.
- To ensure that your system and, possibly, the remote server are all
+ To ensure that your system and, possibly, the remote server are all
properly configured, you should try to mount all or some of the volumes
by hand, using the same commands and mount points provided in
pam_mount.conf.xml. This will save you a lot of grief, since it is more
difficult to debug the mounting process via pam_mount.
- If you can mount the volumes by hand but it is not happening via
- pam_mount, you may want to enable the "debug" option in
+ If you can mount the volumes by hand but it is not happening via
+ pam_mount, you may want to enable the "debug" option in
pam_mount.conf.xml to see what is happening.
- Verify if the user owns the mount point and has sufficient permissions
- over that. pam_mount will verify this and will refuse to mount the
+ Verify if the user owns the mount point and has sufficient permissions
+ over that. pam_mount will verify this and will refuse to mount the
remote volume if the user does not own that directory.
- If pam_mount is having trouble unmounting volumes upon logging out,
- enable the debug variable and check the lsof variable in
- pam_mount.conf.xml. This causes pam_mount to run lsof upon logging out
+ If pam_mount is having trouble unmounting volumes upon logging out,
+ enable the debug variable and check the lsof variable in
+ pam_mount.conf.xml. This causes pam_mount to run lsof upon logging out
and write lsof's output to the system's logs.
AUTHORS
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_mount-0.32/Makefile.am new/pam_mount-0.33/Makefile.am
--- old/pam_mount-0.32/Makefile.am 2007-09-26 18:36:28.000000000 +0200
+++ new/pam_mount-0.33/Makefile.am 2008-02-06 00:46:20.000000000 +0100
@@ -23,3 +23,6 @@
AUTOMAKE_OPTIONS = foreign subdir-objects
SUBDIRS = config doc scripts src
+
+install-data-hook:
+ mkdir -p ${DESTDIR}${localstatedir}/run/pam_mount;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_mount-0.32/scripts/mount.crypt new/pam_mount-0.33/scripts/mount.crypt
--- old/pam_mount-0.32/scripts/mount.crypt 2007-10-20 16:57:03.000000000 +0200
+++ new/pam_mount-0.33/scripts/mount.crypt 2008-02-06 00:46:20.000000000 +0100
@@ -111,7 +111,7 @@
(keyfile)
keyfile="$VAL";;
(loop)
- if ! losetup "$DEVICE" &>/dev/null; then
+ if [ "`stat --format=\"%t\" \"$DEVICE\"`" == 7 ]; then
LOOP="true";
fi;
;;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_mount-0.32/src/mount.c new/pam_mount-0.33/src/mount.c
--- old/pam_mount-0.32/src/mount.c 2007-12-06 23:05:08.000000000 +0100
+++ new/pam_mount-0.33/src/mount.c 2008-02-06 02:13:15.000000000 +0100
@@ -397,6 +397,13 @@
}
hmc_strcat(&ret, ",");
}
+
+ if (*ret != '\0')
+ /*
+ * When string is not empty, there is always at least one
+ * comma -- nuke it. */
+ ret[hmc_length(ret)-1] = '\0';
+
return ret;
}
static void log_pm_input(const struct config *const config,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_mount-0.32/src/pam_mount.c new/pam_mount-0.33/src/pam_mount.c
--- old/pam_mount-0.32/src/pam_mount.c 2007-12-01 13:34:59.000000000 +0100
+++ new/pam_mount-0.33/src/pam_mount.c 2008-02-06 00:45:50.000000000 +0100
@@ -96,8 +96,10 @@
Args.auth_type = SOFT_TRY_PASS;
else if (strcmp("nullok", argv[i]) == 0)
Args.nullok = true;
+ else if (strcmp("debug", argv[i]) == 0)
+ Debug = true;
else
- w4rn("bad pam_mount option\n");
+ w4rn("bad pam_mount option \"%s\"\n", argv[i]);
}
return;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_mount-0.32/src/rdconf1.c new/pam_mount-0.33/src/rdconf1.c
--- old/pam_mount-0.32/src/rdconf1.c 2007-12-06 23:05:08.000000000 +0100
+++ new/pam_mount-0.33/src/rdconf1.c 2008-02-06 00:45:50.000000000 +0100
@@ -727,9 +727,13 @@
}
/* realloc */
- config->volume = xrealloc(config->volume,
- sizeof(struct vol) * (config->volcount + 1));
- vpt = &config->volume[config->volcount++];
+ vpt = xrealloc(config->volume, sizeof(struct vol) *
+ (config->volcount + 1));
+ if (vpt == NULL)
+ return strerror(errno);
+
+ config->volume = vpt;
+ vpt = &config->volume[config->volcount];
memset(vpt, 0, sizeof(*vpt));
vpt->globalconf = config->level == CONTEXT_GLOBAL;
@@ -737,6 +741,8 @@
vpt->type = CMD_LCLMOUNT;
vpt->options = HXbtree_init(HXBT_MAP | HXBT_CKEY | HXBT_CDATA |
HXBT_SCMP | HXBT_CID);
+ if (vpt->options == NULL)
+ return strerror(errno);
/* [1] */
strncpy(vpt->fstype, attr->fstype, sizeof(vpt->fstype));
@@ -793,6 +799,7 @@
/* expandconfig() will set this later */
vpt->used_wildcard = 0;
+ ++config->volcount;
return NULL;
notforme:
++++++ pam_mount-0.29.tar.bz2 -> pam_mount-0.32.tar.bz2 ++++++
++++ 11520 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/compile new/pam_mount-0.32/compile
--- old/pam_mount-0.29/compile 1970-01-01 01:00:00.000000000 +0100
+++ new/pam_mount-0.32/compile 2007-12-06 23:14:39.000000000 +0100
@@ -0,0 +1,142 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand `-c -o'.
+
+scriptversion=2005-05-14.22
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
+# Written by Tom Tromey .
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to or send patches to
+# .
+
+case $1 in
+ '')
+ echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand `-c -o'.
+Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file `INSTALL'.
+
+Report bugs to .
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "compile $scriptversion"
+ exit $?
+ ;;
+esac
+
+ofile=
+cfile=
+eat=
+
+for arg
+do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as `compile cc -o foo foo.c'.
+ # So we strip `-o arg' only if arg is an object.
+ eat=1
+ case $2 in
+ *.o | *.obj)
+ ofile=$2
+ ;;
+ *)
+ set x "$@" -o "$2"
+ shift
+ ;;
+ esac
+ ;;
+ *.c)
+ cfile=$1
+ set x "$@" "$1"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+ # If no `-o' option was seen then we might have been invoked from a
+ # pattern rule where we don't need one. That is ok -- this is a
+ # normal compilation that the losing compiler can handle. If no
+ # `.c' file was seen then we are probably linking. That is also
+ # ok.
+ exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use `[/.-]' here to ensure that we don't use the same name
+# that we are using for the .o file. Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
+while true; do
+ if mkdir "$lockdir" >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+ mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+ mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/config/pam_mount.conf.xml new/pam_mount-0.32/config/pam_mount.conf.xml
--- old/pam_mount-0.29/config/pam_mount.conf.xml 2007-09-26 10:55:06.000000000 +0200
+++ new/pam_mount-0.32/config/pam_mount.conf.xml 2007-12-06 23:05:08.000000000 +0100
@@ -153,16 +153,6 @@
<nfsmount>mount %(SERVER):%(VOLUME) %(MNTPT)
"%(before=\"-o\" OPTIONS)"</nfsmount>
-<mntagain>mount --bind %(PREVMNTPT) %(MNTPT)</mntagain>
-
-
-
-
-
<!-- mntcheck utility for BSDs which lack /etc/mtab -->
<mntcheck>mount</mntcheck>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/configure.ac new/pam_mount-0.32/configure.ac
--- old/pam_mount-0.29/configure.ac 2007-09-27 18:03:58.000000000 +0200
+++ new/pam_mount-0.32/configure.ac 2007-12-06 23:10:59.000000000 +0100
@@ -3,7 +3,8 @@
# DATE: 03 August 2002
#
# Copyright (C) 2002 W. Michael Petullo
-# Copyright © Jan Engelhardt , 2005 - 2007
+# Copyright © CC Computer Consultants GmbH, 2005 - 2007
+# Contact: Jan Engelhardt
# All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
@@ -20,7 +21,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-AC_INIT(pam_mount, 0.29)
+AC_INIT(pam_mount, 0.32)
AC_CONFIG_HEADERS(config.h)
AC_PROG_INSTALL
AM_INIT_AUTOMAKE
@@ -57,14 +58,7 @@
AC_CHECK_MEMBERS([struct loop_info64.lo_file_name], [], [],
[#include ])
-AC_CHECK_HEADER([libHX.h], [],
- AC_MSG_ERROR([Need at least libHX 1.10 (http://jengelh.hopto.org/p/libHX/)]),
- [
-#include
-#if !defined(_LIBHX_H) || _LIBHX_H < 20070701
-# error You need a newer version of libHX (at least 1.10.0)
-#endif
-])
+PKG_CHECK_MODULES([libHX], [libHX >= 1.10.2])
AC_CHECK_HEADER(security/pam_modules.h, [have_pamheader="yes"])
# Mac OS X 10.3 puts PAM headers in /usr/include/pam.
AC_CHECK_HEADER(pam/pam_modules.h, [have_pamheader="yes"])
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/doc/changelog.txt new/pam_mount-0.32/doc/changelog.txt
--- old/pam_mount-0.29/doc/changelog.txt 2007-09-27 18:03:58.000000000 +0200
+++ new/pam_mount-0.32/doc/changelog.txt 2007-12-06 23:10:59.000000000 +0100
@@ -1,18 +1,44 @@
-(This only contains the more interesting changes.)
-
SVN /trunk
==========
+v0.32 (December 06 2007)
+========================
+- [r397]: remove unintended zeroing of variable
+- [r399]: rip out mntagain hack
+
+
+v0.31 (December 01 2007)
+========================
+Fixed parsing of old-style pam_mount.conf with spaces in group names,
+copy-and-paste typos and a missing return value. Added workaround for
+CIFS volumes within NFS mounts with "root_squash" option.
+
+- [r366]: Allow --keyfile to be used for non-LUKS too
+- [r368]: Add workaround for CIFS mounts within root_squashed NFS
+- [r377]: luksClose is the same as Remove (in umount.crypt)
+- [r380]: Fix copy-and-paste error in converter script
+- [r386]: Convert "local" fstype entries from old configuration
+ format correctly.
+- [r387]: Fixed parsing of old pam_mount.conf with spaces in group names
+- [r390]: Fixed: When no volumes were to be mounted, return value
+ was not PAM_SUCCESS.
+
v0.29 (September 27 2007)
=========================
+An uninitialized array and a copy-and-paste error were corrected in
+the recently introduced process spawn code.
+
- [r353]: Explicitly initialize fd array (spawn.c)
- [r354]: Fix a copy-and-paste typo during dup2() (spawn.c)
v0.28 (September 27 2007)
=========================
+A hotfix for an incorrect printf format specification in pmvarrun.
+Also installs config files by default now.
+
- [r341]: Install pam_mount.conf.xml by default
- [r343]: Add --with-selinux configure option to install selinux files
- [r348]: Fix crash due to printf arguments in pmvarrun.c
@@ -20,6 +46,10 @@
v0.27 (September 26 2007)
=========================
+This release fixes a crash on logout with su by using a fixed $PATH
+to work around broken login programs. MSAD usernames are now accepted
+in pmvarrun. The libglib dependency has been dropped.
+
- [r312]: add luserconf conversion note to convert_pam_mount_conf.pl
- [r313]: do not print "mount errors" if there won't be any
- [r318]: allow MSAD usernames (with spaces and backslash) in pmvarrun
@@ -31,6 +61,10 @@
v0.26 (September 20 2007)
=========================
+Luks argument ordering, mountpoint creation as user, and the
+converter script were corrected. The "nullok" and --keyfile options
+were added.
+
- [r293]: revert r290 which incorrectly changed the luks argument order
- [r294]: --keyfile option added to mount.crypt
- [r296]: improved error reporting in the config converter script
@@ -43,6 +77,12 @@
v0.21 (September 17 2007)
=========================
+ Some mount helpers needed a different option passing method.
+Stacking of loop devices is now avoided, and pam_mount will not ask
+for a password if no volumes are to be mounted. The documentation has
+been updated to include PAM module stacking (e.g. when using pam_ldap
+with pam_mount).
+
- [r264]: Silence unwanted error message (fallout from r240)
- [r270]: Add "Known Bugs and Issues" documentation
- [r274]: More documentation - How to stack PAM modules without pam_stack
@@ -53,6 +93,9 @@
v0.20 (September 05 2007)
=========================
+This release adds extra options regarding pam_mount behavior
+(messages and mount points).
+
- [r209]: Do not use absolute paths, search $PATH instead for programs
- [r210]: Add pam_mount.conf to .conf.xml converter
- [r223]: "sufficient" keyword documentation
@@ -69,6 +112,9 @@
v0.19 (July 04 2007)
====================
+pam_mount now uses an XML config file, which also has a few new
+variables and options. Support for truecrypt was added.
+
- [r126]: pam_mount switched to an XML configuration.
- [r160]: NT domain placeholders
- [r164]: properly detect loop64 support
@@ -77,3 +123,123 @@
- [r183]: remove pam_mount.la from `make install`ed directory
- [r189]: partial davfs support
- [r203]: added truecrypt support
+
+
+v0.18 (September 07 2006)
+=========================
+A crash on x86_64 has been fixed. pam_mount now changes to the root
+directory before attempting to (un)mount.
+
+- [r109]: Change to / before attempting mount
+- [r112]: Check return value in xmemdup()
+- [r113]: Fix segfault on x64: Do not reuse va_lists (found by Celestar)
+
+
+v0.17 (August 06 2006)
+======================
+This release fixes memory corruption issues and improper zeroing.
+
+- [r99]: Use standard allocators
+- [r100]: Fix memory corruption issue
+- [r102]: Enhance debugging messages with file/line
+- [r103]: Fix improper zeroing (deceived as memory corruption)
+
+
+v0.16 (July 30 2006)
+====================
+The GDM SIGCHLD workaround handling has been improved, essential
+environment variables for FUSE daemons are now set, and configure has
+two new options (--slibdir and --sbindir).
+
+- SIGCHLD handling updated
+- [r70]: set important environment variables for fuse daemons
+- [r72]: added new --slibdir and --ssbindir options to configure
+- documentation updates
+
+
+v0.15 (July 26 2006)
+====================
+- [r3]: mount.crypt and umount.crypt are installed to /sbin rather
+ than /usr/sbin; /bin/mount only looks into /sbin
+- [r4]: KRB5 credentials are now set in the environment
+- [r48]: Fix XDM crash, for GCC >= 4.x
+- [r52]: Disable debug output by default (confused gksu) [sf bug #1524325]
+- [r63]: Do FUSE mounts done unprivileged [sf bug #1489657 and ML]
+- [r63]: Fixed: /bin/login sends SIGHUP/SIGTERM to outstanding session
+ processes after PAM completed; this killed fuse daemons
+- [r65]: Work around XDM crash (symbol clash), for GCC <= 3.x;
+ the proper solution would be that XDM be NOT compiled with -rdynamic
+- Properly truncate /var/run/pam_mount/YOURNAME files [sf bug #1503246]
+
+
+v0.13 (April 01 2006)
+=====================
+Before SVN, patchsets were used.
+
+[patch 01/11] January 28 2006
+- src/readconfig.c, mount.c: mount volumes with user credentials,
+ not as root
+- src/mount.c: add a swift error message for people using broken distros
+
+[patch 02/11] January 28 2006
+- config/pam_mount.conf, readconfig.c: lsof is in /usr/bin
+
+[patch 03/11] February 23 2006
+- dry/pam_mount.spec: fixed: forgot to clean out unpackaged files
+
+[patch 04/11] February 27 2006
+- config/pam_mount.conf: update some examples
+
+[patch 05/11] Februrary 27 2006
+- scripts/mount.crypt: fix SED expression
+
+[patch 06/11] March 04 2006
+- src/mount.c: add an extra hint for old distros
+
+[patch 07/11] March 19 2006
+- src/*.h: fix position of #include's, they need to be before extern "C".
+
+[patch 08/11] March 19 2006
+- config/pam_mount.conf: fix examples for shares with spaces
+
+[patch 09/11] March 19 2006
+- src/pam_mount.c: relookup user (for LDAP)
+
+[patch 10/11] April 01 2006
+- use own SIGCHLD handler during pam_mount operations (try to fix a
+ quirk with GDM)
+
+[patch 11/11] April 01 2006
+- configure: enforce straight /lib position for pam_mount Linux
+
+
+v0.12.2 (January 31 2006)
+=========================
+Mount smbfs and cifs mounts with ownership belonging to the user
+rather than root.
+
+
+v0.12.0 (January 11 2006)
+=========================
+This version fixes an fd leak, expansion problems with @group and a
+wrong inversion. The smb/ncp filesystem types have been superseded by
+smbfs/ncpfs. Support for secondary "@@groups" was added.
+
+
+v0.11 (December 28 2005)
+========================
+- fix some memory leaks, unterminated strings, extra trailing
+ slashes, double frees
+- fixed: wildcards were not expanded for "@group"s
+- account for trailing slashes and path resolution in umount.crypt
+
+
+v0.10 (November 18 2005)
+========================
+- support ANY [kernel] filesystem (yes, finally) -- includes tmpfs,
+ fuse mounts and --bind operations.
+- merged various patches and fixes by Bastian Kleineidam
+- handle symlinks better (read: resolve them, so that the result
+ matches /bin/mount's resolving behavior)
+- implemented group volumes, to be used by "volume @xyz ..."
+- cleaned the code up here and there
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/doc/todo.txt new/pam_mount-0.32/doc/todo.txt
--- old/pam_mount-0.29/doc/todo.txt 2007-09-09 13:59:52.000000000 +0200
+++ new/pam_mount-0.32/doc/todo.txt 2007-09-27 21:37:46.000000000 +0200
@@ -34,31 +34,10 @@
o need progress feedback from fsck, especially for gdm.
-o once mount supports cryptsetup natively remove hacks from (search for "some day"):
- misc.c
- pam_mount.h
- mount.c
- readconfig.c
- pam_mount_macros.te
-
-o replace vol_t fields with one fmt_ptrn and add value_query fn to
-fmt_ptrn lib?
-
o regression tests:
options = '-', do not use fstab
options = '-', use fstab (mnt pt not defined either)
-o ????? return to using user owned /var/run/pam_mount/test -- document
-in code that this is a good idea to allow an option to ssh users besides
-turning of priv. sep code. Also, it renders the benefits of /etc/fstab
-use. BUT CAN SSH CREATE /var/run/ ENTRIES WHEN PRIV SEP ENABLED?
- => No, not with privsep, one would have to patch sshd heavily.
-
-o fix detecting of previously mounted volumes that used --bind.
-
-o test new "no --bind with remote mount" code. (and ensure --bind is
-used for local mounts)
-
o Should -N go in pam_mount.conf like it is now? Shall I put this in
conf/pam_mount.conf? How does hashing/not hashing effect scripts?
@@ -90,9 +69,6 @@
would pass the daemon volumes to unmount and cancel things if the user
logs back in. HOW WOULD ALL OF THIS BE AUTHENTICATED?
-o share configuration reading and sanity checks with authconfig using
-a shared library.
-
o Break into multiple (root priveleged and user priv.) processes?
- See /* This code needs root priv. */
- root "exec program" process (or user + "mount" POSIX capability? CAP_SYS_ADMIN (not very fine-grained)) use shared memory (see shmget) to pass argv to root process.
@@ -111,9 +87,6 @@
o Make pam_mount.c and mount.c completely binary passwd safe.
-o Does auth code still work with null password?
- => Currently not :(
-
o Why does pam_mount not work with RH 9.0's gdm? Socket issue?
I HAVE REPORTS THAT IT WORKS NOW. DOES IT?
@@ -126,8 +99,6 @@
out? What if a user uses nohup?
=> pam_mount is just not the thing to do non-interactive sessions. Period.
-o Remove pmhelper code completely from readconfig.c.
-
o Get smbmount and ncpmount to support mount-like -p0 option to simplify
pmhelper's code (Or ncpmount and mount to support PASSWD like smbmount).
=> CHECK IT NOW, it's almost working, if not entirely.
@@ -141,11 +112,6 @@
o Modify passwd to update /home/mike.key. Add -p, --post-script option
to run passwdehd? (See passwdehd script)
-o Get supported by Red Hat.
- - Need upstream linux-utils/kernel to support encr.
-
-o Make home directory images scalable in size (resize.*fs?).
-
o From Roman Sliva : pam_mount doesn't mount ncp
filesystems of Novell servers using NDS - full context username must be
provided to ncpmount -U option (not just short unix name). I solve this
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/missing new/pam_mount-0.32/missing
--- old/pam_mount-0.29/missing 2007-09-27 18:05:06.000000000 +0200
+++ new/pam_mount-0.32/missing 2007-12-06 23:14:39.000000000 +0100
@@ -1,9 +1,9 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
-scriptversion=2005-06-08.21
+scriptversion=2006-05-10.23
-# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
# Free Software Foundation, Inc.
# Originally by Fran,cois Pinard , 1996.
@@ -33,6 +33,8 @@
fi
run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
# In the cases where this matters, `missing' is being run in the
# srcdir already.
@@ -44,7 +46,7 @@
msg="missing on your system"
-case "$1" in
+case $1 in
--run)
# Try to run requested program, and just exit if it succeeds.
run=
@@ -77,6 +79,7 @@
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
+ autom4te touch the output file, or create a stub one
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
@@ -106,7 +109,7 @@
# Now exit if we have it, but it failed. Also exit now if we
# don't have it and --version was passed (most likely to detect
# the program).
-case "$1" in
+case $1 in
lex|yacc)
# Not GNU programs, they don't have --version.
;;
@@ -135,7 +138,7 @@
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
-case "$1" in
+case $1 in
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
@@ -164,7 +167,7 @@
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
- case "$f" in
+ case $f in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
@@ -192,8 +195,8 @@
You can get \`$1' as part of \`Autoconf' from any GNU
archive site."
- file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
- test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -f "$file"; then
touch $file
else
@@ -214,25 +217,25 @@
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
- if [ $# -ne 1 ]; then
+ if test $# -ne 1; then
eval LASTARG="\${$#}"
- case "$LASTARG" in
+ case $LASTARG in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
- if [ -f "$SRCFILE" ]; then
+ if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
- if [ -f "$SRCFILE" ]; then
+ if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.h
fi
;;
esac
fi
- if [ ! -f y.tab.h ]; then
+ if test ! -f y.tab.h; then
echo >y.tab.h
fi
- if [ ! -f y.tab.c ]; then
+ if test ! -f y.tab.c; then
echo 'main() { return 0; }' >y.tab.c
fi
;;
@@ -244,18 +247,18 @@
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
- if [ $# -ne 1 ]; then
+ if test $# -ne 1; then
eval LASTARG="\${$#}"
- case "$LASTARG" in
+ case $LASTARG in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
- if [ -f "$SRCFILE" ]; then
+ if test -f "$SRCFILE"; then
cp "$SRCFILE" lex.yy.c
fi
;;
esac
fi
- if [ ! -f lex.yy.c ]; then
+ if test ! -f lex.yy.c; then
echo 'main() { return 0; }' >lex.yy.c
fi
;;
@@ -267,11 +270,9 @@
\`Help2man' package in order for those modifications to take
effect. You can get \`Help2man' from any GNU archive site."
- file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
- if test -z "$file"; then
- file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
- fi
- if [ -f "$file" ]; then
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
@@ -289,11 +290,17 @@
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
# The file to touch is that specified with -o ...
- file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -z "$file"; then
# ... or it is the one specified with @setfilename ...
infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
- file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile`
+ file=`sed -n '
+ /^@setfilename/{
+ s/.* \([^ ]*\) *$/\1/
+ p
+ q
+ }' $infile`
# ... or it is derived from the source name (dir/f.texi becomes f.info)
test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
fi
@@ -317,13 +324,13 @@
fi
firstarg="$1"
if shift; then
- case "$firstarg" in
+ case $firstarg in
*o*)
firstarg=`echo "$firstarg" | sed s/o//`
tar "$firstarg" "$@" && exit 0
;;
esac
- case "$firstarg" in
+ case $firstarg in
*h*)
firstarg=`echo "$firstarg" | sed s/h//`
tar "$firstarg" "$@" && exit 0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/pam_mount.spec new/pam_mount-0.32/pam_mount.spec
--- old/pam_mount-0.29/pam_mount.spec 2007-09-27 18:03:58.000000000 +0200
+++ new/pam_mount-0.32/pam_mount.spec 2007-12-06 23:10:59.000000000 +0100
@@ -1,6 +1,6 @@
Name: pam_mount
-Version: 0.29
+Version: 0.32
Release: 0
Group: System/Libraries
Summary: A PAM module that can mount volumes for a user session
@@ -8,10 +8,23 @@
URL: http://pam-mount.sf.net/
Source: http://heanet.dl.sf.net/sourceforge/pam-mount/%name-%version.tar.bz2
+BuildRequires: libtool pam-devel
+BuildRequires: openssl-devel libxml2-devel libHX-devel >= 1.10.2
+%if "%_vendor" == "suse"
+BuildRequires: linux-kernel-headers
# psmisc: /bin/fuser
-Recommends: cryptsetup lsof psmisc
-BuildRequires: libtool linux-kernel-headers pam-devel
-BuildRequires: openssl-devel libxml2-devel libHX-devel >= 1.10
+Recommends: cifs-mount lsof psmisc
+%if %suse_version < 1030
+Recommends: util-linux-crypto
+%else
+Recommends: cryptsetup
+%endif
+%endif
+%if "%_vendor" == "redhat"
+BuildRequires: kernel-headers
+Requires: cryptsetup-luks lsof psmisc samba-client
+%endif
+Requires(post): perl(XML::Writer)
BuildRoot: %_tmppath/%name-%version-build
Prefix: %_prefix
@@ -22,24 +35,53 @@
pam_mount supports SMB, NCP, and any type of filesystem that can
be mounted using the standard mount command.
-## Remove the debug_package line to compile under FedoraCore
+%if "%_vendor" != "redhat"
%debug_package
+%endif
+
%prep
%setup
%build
-%configure --with-slibdir=/%_lib
+%configure --with-slibdir=/%_lib %{?_with_selinux:--with-selinux}
make %{?jobs:-j%jobs};
%install
b="%buildroot";
rm -Rf "$b";
make -i install DESTDIR="$b";
-mkdir -p "$b/%_sysconfdir/security";
+mkdir -p "$b/%_sysconfdir/security" "$b/%_sbindir";
+install -pm0755 scripts/convert_pam_mount_conf.pl "$b/%_sbindir/";
%clean
rm -Rf "%buildroot";
+%pre
+#
+# On upgrade, when pmt.conf exists and pmt.conf.xml does not,
+# create pmt.conf.xml with size 0 to signal conversion.
+#
+f="%_sysconfdir/security/pam_mount.conf";
+if [ "$1" -eq 2 -a -e "$f" ]; then
+ touch -a "$f.xml";
+fi;
+
+%post
+#
+# pmt.conf.xml always exists now.
+#
+f="%_sysconfdir/security/pam_mount.conf";
+if [ -e "$f" -a ! -s "$f.xml" ]; then
+ "%_sbindir/convert_pam_mount_conf.pl" \
+ <"$f" >"$f.xml";
+ echo -en "Configuration migration from pam_mount.conf to pam_mount.conf.xml ";
+ if [ "$?" -eq 0 ]; then
+ echo "successful - also please check any ~/.pam_mount.conf files.";
+ else
+ echo "failed";
+ fi;
+fi;
+
%files
%defattr(-,root,root)
%config(noreplace) %_sysconfdir/security/%name.conf.xml
@@ -49,9 +91,12 @@
%_bindir/autoehd
%_bindir/passwdehd
%_bindir/mount_ehd
+%_sbindir/*
/sbin/mount.crypt
/sbin/umount.crypt
%_mandir/*/*
-%doc doc/*.txt scripts/convert_pam_mount_conf.pl
-
-%changelog -n pam_mount
+%doc doc/*.txt
+%if 0%{?_with_selinux:1}
+%policy %_sysconfdir/selinux/strict/src/policy/macros/%{name}_macros.te
+%policy %_sysconfdir/selinux/strict/src/policy/file_contexts/misc/%name.fc
+%endif
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/autoehd new/pam_mount-0.32/scripts/autoehd
--- old/pam_mount-0.29/scripts/autoehd 2007-09-21 20:17:03.000000000 +0200
+++ new/pam_mount-0.32/scripts/autoehd 2007-10-20 16:57:03.000000000 +0200
@@ -2,7 +2,8 @@
#==============================================================================
# autoehd
# Copyright © W. Michael Petullo , 2002
-# Copyright © Jan Engelhardt , 2005 - 2006
+# Copyright © CC Computer Consultants GmbH, 2005 - 2006
+# Contact: Jan Engelhardt
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/convert_pam_mount_conf.pl new/pam_mount-0.32/scripts/convert_pam_mount_conf.pl
--- old/pam_mount-0.29/scripts/convert_pam_mount_conf.pl 2007-09-25 00:26:15.000000000 +0200
+++ new/pam_mount-0.32/scripts/convert_pam_mount_conf.pl 2007-12-06 23:05:08.000000000 +0100
@@ -264,12 +264,7 @@
sub callback_mntagain(@)
{
- my @fields = @_;
-
- shift @fields;
- $writer->startTag("mntagain");
- $writer->characters(join(" ", @fields));
- $writer->endTag("mntagain");
+ # not translated - removed in pam_mount 0.32
}
sub callback_mntcheck(@)
@@ -302,14 +297,6 @@
"fstype" => "auto",
);
- if ($fields[0] =~ /^\@\@(.*)/) {
- $attr{sgrp} = "$1";
- } elsif ($fields[0] =~ /^\@(.*)/) {
- $attr{pgrp} = "$1";
- } else {
- $attr{user} = "$fields[0]";
- }
-
# search for wrong splits
# happens at 'a value' or "a value"
# and remove quotes around a single value. "value" or 'value'
@@ -348,7 +335,15 @@
$fields[$i] =~ s/\\\s/ /g;
}
- if (defined($fields[1])) {
+ if ($fields[0] =~ /^\@\@(.*)/) {
+ $attr{sgrp} = "$1";
+ } elsif ($fields[0] =~ /^\@(.*)/) {
+ $attr{pgrp} = "$1";
+ } else {
+ $attr{user} = "$fields[0]";
+ }
+
+ if (defined($fields[1]) && $fields[1] ne "local") {
$attr{fstype} = $fields[1];
}
if (defined($fields[2]) && $fields[2] ne "-") {
@@ -360,13 +355,13 @@
if (defined($fields[4]) && $fields[4] ne "-") {
$attr{mountpoint} = $fields[4];
}
- if (defined($fields[5]) && $fields[4] ne "-") {
+ if (defined($fields[5]) && $fields[5] ne "-") {
$attr{options} = $fields[5];
}
- if (defined($fields[6]) && $fields[4] ne "-") {
+ if (defined($fields[6]) && $fields[6] ne "-") {
$attr{fskeycipher}= $fields[6];
}
- if (defined($fields[7]) && $fields[4] ne "-") {
+ if (defined($fields[7]) && $fields[7] ne "-") {
$attr{fskeypath} = $fields[7];
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/mkehd new/pam_mount-0.32/scripts/mkehd
--- old/pam_mount-0.29/scripts/mkehd 2007-09-21 20:17:03.000000000 +0200
+++ new/pam_mount-0.32/scripts/mkehd 2007-10-20 16:57:03.000000000 +0200
@@ -2,7 +2,8 @@
#==============================================================================
# mkehd
# Copyright © W. Michael Petullo , 2002
-# Copyright © Jan Engelhardt , 2005 - 2006
+# Copyright © CC Computer Consultants GmbH, 2005 - 2006
+# Contact: Jan Engelhardt
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/mount.crypt new/pam_mount-0.32/scripts/mount.crypt
--- old/pam_mount-0.29/scripts/mount.crypt 2007-09-22 22:29:18.000000000 +0200
+++ new/pam_mount-0.32/scripts/mount.crypt 2007-10-20 16:57:03.000000000 +0200
@@ -2,7 +2,8 @@
#==============================================================================
# mount.crypt
# Copyright © W. Michael Petullo , 2004
-# Copyright © Jan Engelhardt , 2005 - 2006
+# Copyright © CC Computer Consultants GmbH, 2005 - 2006
+# Contact: Jan Engelhardt
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -155,8 +156,14 @@
fi;
else
LUKS=false;
- cryptsetup -c "${CIPHER:-aes}" -h "${HASH:-ripemd160}" \
- -s ${KEYSIZE:-256} create "$DMDEVICE" "$DEVICE";
+ if [ -z "$keyfile" ]; then
+ cryptsetup -c "${CIPHER:-aes}" -h "${HASH:-ripemd160}" \
+ -s ${KEYSIZE:-256} create "$DMDEVICE" "$DEVICE";
+ else
+ cryptsetup -c "${CIPHER:-aes}" -h "${HASH:-ripemd160}" \
+ -s ${KEYSIZE:-256} -d "$keyfile" \
+ create "$DMDEVICE" "$DEVICE";
+ fi;
fi;
if [ $? -ne 0 ]; then
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/mount_ehd new/pam_mount-0.32/scripts/mount_ehd
--- old/pam_mount-0.29/scripts/mount_ehd 2007-09-21 20:17:03.000000000 +0200
+++ new/pam_mount-0.32/scripts/mount_ehd 2007-10-20 16:57:03.000000000 +0200
@@ -2,7 +2,8 @@
#==============================================================================
# mount_ehd
# Copyright © W. Michael Petullo , 2003
-# Copyright © Jan Engelhardt , 2005 - 2006
+# Copyright © CC Computer Consultants GmbH, 2005 - 2006
+# Contact: Jan Engelhardt
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/mount_ehd2 new/pam_mount-0.32/scripts/mount_ehd2
--- old/pam_mount-0.29/scripts/mount_ehd2 2007-03-22 00:13:17.000000000 +0100
+++ new/pam_mount-0.32/scripts/mount_ehd2 2007-10-20 16:57:03.000000000 +0200
@@ -1,7 +1,8 @@
#!/bin/bash -ex
#==============================================================================
# mount_ehd2
-# Copyright © Jan Engelhardt , 2005 - 2006
+# Copyright © CC Computer Consultants GmbH, 2005 - 2006
+# Contact: Jan Engelhardt
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/passwdehd new/pam_mount-0.32/scripts/passwdehd
--- old/pam_mount-0.29/scripts/passwdehd 2007-09-21 20:17:03.000000000 +0200
+++ new/pam_mount-0.32/scripts/passwdehd 2007-10-20 16:57:03.000000000 +0200
@@ -2,7 +2,8 @@
#==============================================================================
# passwdehd
# Copyright © W. Michael Petullo , 2002
-# Copyright © Jan Engelhardt , 2005 - 2006
+# Copyright © CC Computer Consultants GmbH, 2005 - 2006
+# Contact: Jan Engelhardt
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/scripts/umount.crypt new/pam_mount-0.32/scripts/umount.crypt
--- old/pam_mount-0.29/scripts/umount.crypt 2007-09-21 20:17:03.000000000 +0200
+++ new/pam_mount-0.32/scripts/umount.crypt 2007-10-20 16:57:03.000000000 +0200
@@ -2,7 +2,8 @@
#==============================================================================
# umount.crypt
# Copyright © W. Michael Petullo , 2004
-# Copyright © Jan Engelhardt , 2005 - 2006
+# Copyright © CC Computer Consultants GmbH, 2005 - 2006
+# Contact: Jan Engelhardt
# Copyright © Bastian Kleineidam , 2005
#
# This program is free software; you can redistribute it and/or
@@ -70,13 +71,7 @@
exit 1
fi
-# Check for LUKS
-#
-if cryptsetup isLuks "$DEVICE" 2>/dev/null; then
- cryptsetup luksClose "$DMDEVICE";
-else
- cryptsetup remove "$DMDEVICE";
-fi;
+cryptsetup remove "$DMDEVICE";
if [ $? -ne 0 ]; then
echo "${0##*/}: error removing $DMDEVICE" >&2
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/crypto.c new/pam_mount-0.32/src/crypto.c
--- old/pam_mount-0.29/src/crypto.c 2007-09-21 20:17:03.000000000 +0200
+++ new/pam_mount-0.32/src/crypto.c 2007-10-20 16:57:03.000000000 +0200
@@ -1,7 +1,8 @@
/*=============================================================================
pam_mount - crypto.c
Copyright © W. Michael Petullo , 2002
- Copyright © Jan Engelhardt , 2005 - 2007
+ Copyright © CC Computer Consultants GmbH, 2005 - 2007
+ Contact: Jan Engelhardt
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/misc.c new/pam_mount-0.32/src/misc.c
--- old/pam_mount-0.29/src/misc.c 2007-09-25 22:14:46.000000000 +0200
+++ new/pam_mount-0.32/src/misc.c 2007-10-20 16:57:03.000000000 +0200
@@ -1,7 +1,8 @@
/*=============================================================================
pam_mount - misc.c
Copyright (C) Elvis Pfützenreuter , 2000
- Copyright © Jan Engelhardt , 2005 - 2007
+ Copyright © CC Computer Consultants GmbH, 2005 - 2007
+ Contact: Jan Engelhardt
Copyright © Bastian Kleineidam , 2005
This program is free software; you can redistribute it and/or modify
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/mount.c new/pam_mount-0.32/src/mount.c
--- old/pam_mount-0.29/src/mount.c 2007-09-25 22:14:46.000000000 +0200
+++ new/pam_mount-0.32/src/mount.c 2007-12-06 23:05:08.000000000 +0100
@@ -1,7 +1,8 @@
/*=============================================================================
pam_mount - mount.c
Copyright (C) Elvis Pfützenreuter , 2000
- Copyright © Jan Engelhardt , 2005 - 2007
+ Copyright © CC Computer Consultants GmbH, 2005 - 2007
+ Contact: Jan Engelhardt
Copyright © Bastian Kleineidam , 2005
This program is free software; you can redistribute it and/or modify
@@ -54,9 +55,12 @@
# include
# include
#endif
+#ifndef S_IXUGO
+# define S_IXUGO (S_IXUSR | S_IXGRP | S_IXOTH)
+#endif
/* Functions */
-static int already_mounted(const struct config * const, const unsigned int, char * const, struct HXbtree *);
+static int already_mounted(const struct config * const, const unsigned int, struct HXbtree *);
static int check_filesystem(const struct config *, const unsigned int, struct HXbtree *, const unsigned char *, size_t);
static int do_losetup(const struct config *, const unsigned int, struct HXbtree *, const unsigned char *, size_t);
static int do_unlosetup(const struct config *, struct HXbtree *);
@@ -144,21 +148,18 @@
/* already_mounted
* @config: current config
* @vol: volume index into @config->volume[]
- * @mntpt: destination buffer for current mountpoint
* @vinfo:
*
- * Checks if @config->volume[@vol] is already mounted, and if so, writes the
- * mountpoint into @mntpt (which must be at least of size %PATH_MAX+1) and
- * returns 1. If the volume is not mounted, returns zero and @mntpt is
- * cleared. Returns -1 on error.
+ * Checks if @config->volume[@vol] is already mounted, and returns 1 if this
+ * the case, 0 if not and -1 on error.
*/
static int already_mounted(const struct config *const config,
- const unsigned int vol, char *const mntpt, struct HXbtree *vinfo)
+ const unsigned int vol, struct HXbtree *vinfo)
#if defined(__linux__)
{
char dev[PATH_MAX+1] = {}, real_mpt[PATH_MAX+1];
struct mntent *mtab_record;
- int mounted = 0;
+ bool mounted = false;
FILE *mtab;
struct vol *vpt;
@@ -181,7 +182,6 @@
vpt->mountpoint, real_mpt);
}
- *mntpt = '\0';
w4rn("checking to see if %s is already mounted at %s\n",
dev, vpt->mountpoint);
@@ -211,9 +211,7 @@
if (xcmp(fsname, dev) == 0 &&
(strcmp(fspt, vpt->mountpoint) == 0 ||
strcmp(fspt, real_mpt) == 0)) {
- mounted = 1;
- strncpy(mntpt, fspt, PATH_MAX);
- mntpt[PATH_MAX] = '\0';
+ mounted = true;
break;
}
}
@@ -277,8 +275,6 @@
if (xcmp(fsname, dev) == 0 &&
strcmp(fspt, vpt->mountpoint) == 0) {
mounted = 1;
- strncpy(mntpt, fspt, PATH_MAX);
- mntpt[PATH_MAX] = '\0';
break;
}
}
@@ -459,8 +455,10 @@
* The directory will be created in a restricted mode S_IRWXU here.
* When mounted, the root directory of the new vfsmount will override
* it, so there is no need to use S_IRWXUGO or S_IRWXU | S_IXUGO here.
+ *
+ * Workaround for CIFS on root_squashed NFS: +S_IXUGO
*/
- if (mkdir(d, S_IRWXU) < 0) {
+ if (mkdir(d, S_IRWXU | S_IXUGO) < 0) {
ret = false;
goto out;
}
@@ -831,45 +829,29 @@
struct HXbtree *vinfo, const char *password)
{
const char *_argv[MAX_PAR + 1];
- char prev_mntpt[PATH_MAX + 1];
size_t _password_len;
- int mount_again = 0;
unsigned char _password[MAX_PAR + EVP_MAX_BLOCK_LENGTH];
int _argc = 0, child_exit = 0, cstdin = -1, cstderr = -1;
+ char *mount_user;
pid_t pid = -1;
struct vol *vpt;
unsigned int i;
+ int ret;
assert(config_valid(config));
assert(vinfo != NULL);
assert(password != NULL);
vpt = &config->volume[vol];
-
- /* FIXME: This is a little ugly, especially check for != LCLMOUNT */
- mount_again = already_mounted(config, vol, prev_mntpt, vinfo);
- if (mount_again != 0) {
- if (mount_again == -1) {
- l0g("could not determine if %s is already mounted, "
- "failing\n", config->volume[vol].volume);
- return 0;
- } else if (strcmp(prev_mntpt, vpt->mountpoint) == 0) {
- w4rn("%s already seems to be mounted at %s, "
- "skipping\n", config->volume[vol].volume,
- prev_mntpt);
- return 1;
- } else {
- w4rn("%s already mounted elsewhere at %s\n",
- config->volume[vol].volume, prev_mntpt);
- /*
- * FIXME: ugly hack to support umount.crypt script. I
- * hope that util-linux will have native dm_crypt
- * support some day.
- */
- if (vpt->type != CMD_LCLMOUNT &&
- vpt->type != CMD_CRYPTMOUNT)
- mount_again = 0;
- }
+ ret = already_mounted(config, vol, vinfo);
+ if (ret == -1) {
+ l0g("could not determine if %s is already mounted, "
+ "failing\n", vpt->volume);
+ return 0;
+ } else if (ret == 1) {
+ w4rn("%s already seems to be mounted at %s, "
+ "skipping\n", vpt->volume, vpt->mountpoint);
+ return 1;
}
if (!exists(vpt->mountpoint)) {
if (config->mkmntpoint) {
@@ -878,88 +860,72 @@
} else {
l0g("mount point %s does not exist (pam_mount not "
"configured to make it)\n",
- config->volume[vol].mountpoint);
+ vpt->mountpoint);
return 0;
}
}
- if (mount_again) {
- if (config->command[CMD_MNTAGAIN][0] == NULL) {
- l0g("mntagain not defined in pam_mount.conf.xml\n");
- return 0;
- }
- /* FIXME: NEW */
- format_add(vinfo, "PREVMNTPT", prev_mntpt);
- for (i = 0; config->command[CMD_MNTAGAIN][i] != NULL; ++i)
- add_to_argv(_argv, &_argc,
- config->command[CMD_MNTAGAIN][i], vinfo);
- log_argv(_argv);
- if (!spawn_start(_argv, &pid, NULL, NULL, &cstderr,
- set_myuid, NULL))
+
+ if (config->command[vpt->type][0] == NULL) {
+ l0g("proper mount command not defined in "
+ "pam_mount.conf.xml\n");
+ return 0;
+ }
+ w4rn("checking for encrypted filesystem key configuration\n");
+
+ /* FIXME: better done elsewhere? */
+ password = (password != NULL) ? password : "";
+ if (strlen(vpt->fs_key_cipher) > 0) {
+ /*
+ * _password is binary data -- no strlen(), strcpy(), etc.!
+ */
+ w4rn("decrypting FS key using system auth. token and "
+ "%s\n", vpt->fs_key_cipher);
+ /*
+ * vpt->fs_key_path contains real filesystem key.
+ */
+ if (!decrypted_key(_password, &_password_len,
+ vpt->fs_key_path, vpt->fs_key_cipher, password))
return 0;
} else {
- char *mount_user;
- if (config->command[vpt->type][0] == NULL) {
- l0g("proper mount command not defined in "
- "pam_mount.conf.xml\n");
- return 0;
- }
- w4rn("checking for encrypted filesystem key configuration\n");
- /* FIXME: better done elsewhere? */
- password = (password != NULL) ? password : "";
- if (strlen(vpt->fs_key_cipher) > 0) {
- /*
- * _password is binary data -- no strlen(), strcpy(),
- * etc.!
- */
- w4rn("decrypting FS key using system auth. token and "
- "%s\n", config->volume[vol].fs_key_cipher);
- /*
- * config->volume[vol].fs_key_path contains real
- * filesystem key.
- */
- if (!decrypted_key(_password, &_password_len,
- vpt->fs_key_path, vpt->fs_key_cipher, password))
- return 0;
- } else {
- /*
- * _password is an ASCII string in this case -- we'll
- * treat its MAX_PAR + EVP_MAX_BLOCK_LENGTH size as the
- * standard string MAX_PAR + 1 in this case
- */
- strncpy(signed_cast(char *, _password), password, MAX_PAR);
- _password[MAX_PAR] = '\0';
- _password_len = strlen(password);
- }
- w4rn("about to start building mount command\n");
- /* FIXME: NEW */
- /* FIXME:
- l0g("volume type (%d) is unknown\n", vpt->type);
- return 0;
+ /*
+ * _password is an ASCII string in this case -- we'll
+ * treat its MAX_PAR + EVP_MAX_BLOCK_LENGTH size as the
+ * standard string MAX_PAR + 1 in this case
*/
- for (i = 0; config->command[vpt->type][i] != NULL; ++i)
- add_to_argv(_argv, &_argc,
- config->command[vpt->type][i], vinfo);
-
- if (vpt->type == CMD_LCLMOUNT &&
- !check_filesystem(config, vol, vinfo, _password, _password_len))
- l0g("error checking filesystem but will continue\n");
- /* send password down pipe to mount process */
- if (vpt->type == CMD_SMBMOUNT || vpt->type == CMD_CIFSMOUNT)
- setenv("PASSWD_FD", "0", 1);
- log_argv(_argv);
- mount_user = strcmp(vpt->fstype, "fuse") == 0 ?
- vpt->user : NULL;
- if (!spawn_start(_argv, &pid, &cstdin, NULL, &cstderr,
- set_myuid, mount_user))
- return 0;
-
- if (vpt->type != CMD_NFSMOUNT)
- if (pipewrite(cstdin, _password, _password_len) !=
- _password_len)
- /* FIXME: clean: returns value of exit below */
- l0g("error sending password to mount\n");
- close(cstdin);
+ strncpy(signed_cast(char *, _password), password, MAX_PAR);
+ _password[MAX_PAR] = '\0';
+ _password_len = strlen(password);
}
+ w4rn("about to start building mount command\n");
+ /* FIXME: NEW */
+ /* FIXME:
+ l0g("volume type (%d) is unknown\n", vpt->type);
+ return 0;
+ */
+ for (i = 0; config->command[vpt->type][i] != NULL; ++i)
+ add_to_argv(_argv, &_argc,
+ config->command[vpt->type][i], vinfo);
+
+ if (vpt->type == CMD_LCLMOUNT &&
+ !check_filesystem(config, vol, vinfo, _password, _password_len))
+ l0g("error checking filesystem but will continue\n");
+ /* send password down pipe to mount process */
+ if (vpt->type == CMD_SMBMOUNT || vpt->type == CMD_CIFSMOUNT)
+ setenv("PASSWD_FD", "0", 1);
+ log_argv(_argv);
+ mount_user = strcmp(vpt->fstype, "fuse") == 0 ?
+ vpt->user : NULL;
+ if (!spawn_start(_argv, &pid, &cstdin, NULL, &cstderr,
+ set_myuid, mount_user))
+ return 0;
+
+ if (vpt->type != CMD_NFSMOUNT)
+ if (pipewrite(cstdin, _password, _password_len) !=
+ _password_len)
+ /* FIXME: clean: returns value of exit below */
+ l0g("error sending password to mount\n");
+ close(cstdin);
+
/* Paranoia? */
memset(_password, 0, sizeof(_password));
log_output(cstderr, "mount errors:\n");
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/pam_mount.c new/pam_mount-0.32/src/pam_mount.c
--- old/pam_mount-0.29/src/pam_mount.c 2007-09-26 14:29:29.000000000 +0200
+++ new/pam_mount-0.32/src/pam_mount.c 2007-12-01 13:34:59.000000000 +0100
@@ -1,7 +1,8 @@
/*=============================================================================
pam_mount - pam_mount.c
Copyright (C) Elvis Pfützenreuter , 2000
- Copyright © Jan Engelhardt , 2005 - 2007
+ Copyright © CC Computer Consultants GmbH, 2005 - 2007
+ Contact: Jan Engelhardt
Copyright © Bastian Kleineidam , 2005
This program is free software; you can redistribute it and/or modify
@@ -445,18 +446,19 @@
int argc, const char **argv)
{
unsigned int vol;
- int ret = PAM_SUCCESS;
+ int ret;
unsigned int krb5_set;
char *system_authtok;
const void *tmp;
int getval;
assert(pamh != NULL);
- w4rn("Entered pam_mount session stage\n");
if ((ret = common_init(pamh, argc, argv)) != -1)
return ret;
+ w4rn("Entered pam_mount session stage\n");
+
/*
* Get the Kerberos CCNAME so we can make it available to the
* mount command later on.
@@ -491,6 +493,7 @@
Config.luserconf);
if (Config.volcount <= 0) {
w4rn("no volumes to mount\n");
+ ret = PAM_SUCCESS;
goto out;
}
if (!expandconfig(&Config)) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/pmvarrun.c new/pam_mount-0.32/src/pmvarrun.c
--- old/pam_mount-0.29/src/pmvarrun.c 2007-09-27 11:37:42.000000000 +0200
+++ new/pam_mount-0.32/src/pmvarrun.c 2007-10-20 16:57:03.000000000 +0200
@@ -1,7 +1,8 @@
/*=============================================================================
pam_mount - pmvarrun.c
Copyright © W. Michael Petullo , 2004
- Copyright © Jan Engelhardt , 2005 - 2007
+ Copyright © CC Computer Consultants GmbH, 2005 - 2007
+ Contact: Jan Engelhardt
Copyright © Bastian Kleineidam , 2005
This program is free software; you can redistribute it and/or modify
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/private.h new/pam_mount-0.32/src/private.h
--- old/pam_mount-0.29/src/private.h 2007-09-26 10:55:06.000000000 +0200
+++ new/pam_mount-0.32/src/private.h 2007-12-06 23:05:08.000000000 +0100
@@ -33,7 +33,6 @@
CMD_UMOUNT,
CMD_PMHELPER,
CMD_LSOF,
- CMD_MNTAGAIN,
CMD_MNTCHECK,
CMD_FSCK,
CMD_LOSETUP,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/rdconf1.c new/pam_mount-0.32/src/rdconf1.c
--- old/pam_mount-0.29/src/rdconf1.c 2007-09-26 14:18:57.000000000 +0200
+++ new/pam_mount-0.32/src/rdconf1.c 2007-12-06 23:05:08.000000000 +0100
@@ -1,6 +1,7 @@
/*=============================================================================
pam_mount - rdconf1.c
- Copyright © Jan Engelhardt , 2006 - 2007
+ Copyright © CC Computer Consultants GmbH, 2006 - 2007
+ Contact: Jan Engelhardt
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as
@@ -142,6 +143,9 @@
config->command[i][j] = NULL;
}
+ for (i = 0; i < config->volcount; ++i)
+ HXbtree_free(config->volume[i].options);
+
HXbtree_free(config->options_allow);
HXbtree_free(config->options_require);
HXbtree_free(config->options_deny);
@@ -775,8 +779,6 @@
return "could not determine options";
if (!str_to_optlist(vpt->options, options))
return "error parsing mount options";
- } else {
- vpt->options = NULL;
}
} else if (!str_to_optlist(vpt->options, attr->options)) {
return "error parsing mount options";
@@ -861,7 +863,6 @@
{CMD_CRYPTMOUNT, "crypt", "cryptmount", {"mount", "-t", "crypt", "%(before=\"-o \" OPTIONS)", "%(VOLUME)", "%(MNTPT)", NULL}},
{CMD_UMOUNT, NULL, "umount", {"umount", "%(MNTPT)", NULL}},
{CMD_LSOF, NULL, "lsof", {"lsof", "%(MNTPT)", NULL}},
- {CMD_MNTAGAIN, NULL, "mntagain", {"mount", "--bind", "%(PREVMNTPT)", "%(MNTPT)", NULL}},
/*
* Leave mntcheck available on GNU/Linux so I can ship one
* config file example
@@ -892,7 +893,6 @@
{"lsof", rc_command, CMD_LSOF},
{"luserconf", rc_luserconf, CMD_NONE},
{"mkmountpoint", rc_mkmountpoint, CMD_NONE},
- {"mntagain", rc_command, CMD_MNTAGAIN},
{"mntcheck", rc_command, CMD_MNTCHECK},
{"mntoptions", rc_mntoptions, CMD_NONE},
{"msg-authpw", rc_string, CMDA_AUTHPW},
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/rdconf2.c new/pam_mount-0.32/src/rdconf2.c
--- old/pam_mount-0.29/src/rdconf2.c 2007-09-09 20:13:01.000000000 +0200
+++ new/pam_mount-0.32/src/rdconf2.c 2007-10-20 16:57:03.000000000 +0200
@@ -1,7 +1,8 @@
/*=============================================================================
pam_mount - rdconf2.c
Copyright (C) Elvis Pfützenreuter , 2000
- Copyright © Jan Engelhardt , 2005 - 2007
+ Copyright © CC Computer Consultants GmbH, 2005 - 2007
+ Contact: Jan Engelhardt
Copyright © Bastian Kleineidam , 2005
This program is free software; you can redistribute it and/or modify
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/spawn.c new/pam_mount-0.32/src/spawn.c
--- old/pam_mount-0.29/src/spawn.c 2007-09-27 15:21:59.000000000 +0200
+++ new/pam_mount-0.32/src/spawn.c 2007-10-20 16:57:03.000000000 +0200
@@ -1,6 +1,7 @@
/*=============================================================================
pam_mount - spawn.c
- Copyright © Jan Engelhardt , 2006 - 2007
+ Copyright © CC Computer Consultants GmbH, 2006 - 2007
+ Contact: Jan Engelhardt
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.29/src/xstdlib.c new/pam_mount-0.32/src/xstdlib.c
--- old/pam_mount-0.29/src/xstdlib.c 2007-06-24 20:46:37.000000000 +0200
+++ new/pam_mount-0.32/src/xstdlib.c 2007-10-20 16:57:03.000000000 +0200
@@ -1,6 +1,7 @@
/*=============================================================================
pam_mount - xstdlib.c
- Copyright © Jan Engelhardt , 2006 - 2007
+ Copyright © CC Computer Consultants GmbH, 2006 - 2007
+ Contact: Jan Engelhardt
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org