Hello community, here is the log from the commit of package pam_mount checked in at Mon Aug 11 23:27:38 CEST 2008. -------- --- pam_mount/pam_mount.changes 2008-06-23 13:47:39.000000000 +0200 +++ pam_mount/pam_mount.changes 2008-08-11 18:32:06.876959000 +0200 @@ -1,0 +2,10 @@ +Mon Aug 11 18:27:56 CEST 2008 - mc@suse.de + +- version 0.43 + - remove davfs support + - pass fsck definition from pam_mount.conf.xml to mount.crypt + - document pam_mount.conf.xml defaults + - do not call fsck from within pam_mount for encrypted devices, + let mount.crypt do it + +------------------------------------------------------------------- Old: ---- pam_mount-0.41.tar.bz2 New: ---- pam_mount-0.43.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_mount.spec ++++++ --- /var/tmp/diff_new_pack.q32487/_old 2008-08-11 23:26:10.000000000 +0200 +++ /var/tmp/diff_new_pack.q32487/_new 2008-08-11 23:26:10.000000000 +0200 @@ -1,10 +1,17 @@ # -# spec file for package pam_mount (Version 0.41) +# spec file for package pam_mount (Version 0.43) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -15,7 +22,7 @@ BuildRequires: libHX-devel libxml2-devel openssl-devel pam-devel perl-XML-Writer pkg-config BuildRequires: linux-kernel-headers Summary: A PAM Module that can Mount Volumes for a User Session -Version: 0.41 +Version: 0.43 Release: 1 # psmisc: /bin/fuser Recommends: cifs-mount psmisc @@ -121,6 +128,13 @@ %doc %{_mandir}/man8/umount.crypt.8.gz %changelog +* Mon Aug 11 2008 mc@suse.de +- version 0.43 + - remove davfs support + - pass fsck definition from pam_mount.conf.xml to mount.crypt + - document pam_mount.conf.xml defaults + - do not call fsck from within pam_mount for encrypted devices, + let mount.crypt do it * Mon Jun 23 2008 mc@suse.de - version 0.41 - add missing pgrp/sgrp attribute handling for simple user control ++++++ pam_mount-0.41.tar.bz2 -> pam_mount-0.43.tar.bz2 ++++++ ++++ 4996 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/config/pam_mount.conf.xml new/pam_mount-0.43/config/pam_mount.conf.xml --- old/pam_mount-0.41/config/pam_mount.conf.xml 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/config/pam_mount.conf.xml 2008-07-16 21:31:54.000000000 +0200 @@ -2,6 +2,14 @@ <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> <!-- See pam_mount.conf(5) for a description. + + pam_mount internally has a hardcoded set of options, so you + can clear this file between <pam_mount> and </pam_mount>. + + The tags you find below equal to the hardcoded options, + for your initial configuration convenience. + If you change or remove them, please remove this paragraph + to not mislead yourself ;-) --> <pam_mount> @@ -66,9 +74,7 @@ <cryptmount>mount.crypt "%(ifnempty=\"-o\" OPTIONS)" %(OPTIONS) %(VOLUME) %(MNTPT)</cryptmount> -<davmount>mount -t davfs %(SERVER)/%(VOLUME) %(MNTPT) -o - "username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" - OPTIONS)"</davmount> +<cryptumount>umount.crypt %(MNTPT)</cryptumount> <fusemount>mount.fuse %(VOLUME) %(MNTPT) "%(ifnempty=\"-o\" OPTIONS)" %(OPTIONS)</fusemount> diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/config/pam_mount.conf.xml.dtd new/pam_mount-0.43/config/pam_mount.conf.xml.dtd --- old/pam_mount-0.41/config/pam_mount.conf.xml.dtd 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/config/pam_mount.conf.xml.dtd 2008-07-16 21:31:54.000000000 +0200 @@ -1,6 +1,6 @@ <!ELEMENT pam-mount (debug?,mkmountpoint?,fsckloop?,luserconf?,mntoptions*, - path?,lsof?,fsck?,losetup?,unlosetup?,cifsmount?,davmount?, + path?,lsof?,fsck?,losetup?,unlosetup?,cifsmount?, smbmount?,smbumount?,ncpmount?,ncpumount?,fusemount?, fuseumount?,truecryptmount?,truecryptumount?,fd0ssh?,umount?, lclmount?,cryptmount?,nfsmount?,mntcheck?,pmvarrun?, @@ -33,7 +33,6 @@ <!ELEMENT losetup (#PCDATA)> <!ELEMENT unlosetup (#PCDATA)> <!ELEMENT cifsmount (#PCDATA)> -<!ELEMENT davmount (#PCDATA)> <!ELEMENT smbmount (#PCDATA)> <!ELEMENT smbumount (#PCDATA)> <!ELEMENT ncpmount (#PCDATA)> diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/configure.ac new/pam_mount-0.43/configure.ac --- old/pam_mount-0.41/configure.ac 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/configure.ac 2008-07-16 21:31:54.000000000 +0200 @@ -7,7 +7,7 @@ # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # -AC_INIT([pam_mount], [0.41]) +AC_INIT([pam_mount], [0.43]) AC_CONFIG_HEADERS([config.h]) AC_PROG_INSTALL AM_INIT_AUTOMAKE diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/doc/bugs.txt new/pam_mount-0.43/doc/bugs.txt --- old/pam_mount-0.41/doc/bugs.txt 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/doc/bugs.txt 2008-07-16 21:31:54.000000000 +0200 @@ -3,14 +3,6 @@ Known Issues with other programs ================================ -[ davfs2 - password passing ] - -The unmodified davfs mount program will not work with pam_mount because -it cannot be driven non-interactively. (/etc/davfs2.secrets is not -really an option since it would expose your password again, and in -plaintext at that.) - - [ gksu & kdesu ] gksu interprets any output on stderr as an error. pam_mount writes diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/doc/changelog.txt new/pam_mount-0.43/doc/changelog.txt --- old/pam_mount-0.41/doc/changelog.txt 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/doc/changelog.txt 2008-07-16 21:31:54.000000000 +0200 @@ -2,10 +2,23 @@ For details, see the history as recorded in the git repository. +v0.43 (July 16 2008) +==================== +A few accumulated patches, but no real new glaring features. +- remove davfs support +- pass fsck definition from pam_mount.conf.xml to mount.crypt +- document pam_mount.conf.xml defaults +- do not call fsck from within pam_mount for encrypted devices, + let mount.crypt do it + + v0.41 (June 17 2008) ==================== This is a stable release, no new features, bugfixes only. Fixes regressions found in 0.39 and 0.40. Most important changes: +- bypass /sbin/mount for mount.crypt +- umount.crypt: fix expression syntax for _PMT_DEBUG_LEVEL +- re-add support for user="*" wildcard - add missing pgrp/sgrp attribute handling for simple user control - mount.crypt: handle arbitrary argument order - correct extended sgrp handling diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/doc/faq.txt new/pam_mount-0.43/doc/faq.txt --- old/pam_mount-0.41/doc/faq.txt 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/doc/faq.txt 2008-07-16 21:31:54.000000000 +0200 @@ -107,47 +107,10 @@ A. As of version 3.3, sshd has a feature called privilege separation that is incompatible with PAM modules needing root privileges. In - addition, OpenSSH does not use PAM by default. Read the OpenSSH - documentation on privilege separation because messing with it may - have security implications. - - In order to cause sshd to use PAM, add the following to sshd_config: - - PAMAuthenticationViaKbdInt yes - - If you wish to use sshd with pam_mount either turn of privelege - separation in /etc/ssh/sshd_config (UsePrivilegeSeparation no) or - ensure that pam_mount can operate without root privileges. - Specifying volumes using /etc/fstab and allowing users to mount and - unmount them using the user option may help pam_mount to perform - without root privileges: - - # /etc/security/pam_mount.conf.xml: - <volume user="xyz" path="/home/user.img" /> - - # /etc/fstab: - /home/user.img /home/user ext2 user,loop,encryption=aes,keybits=256,noauto 0 0 - - Please let me know if you have a better idea allowing pam_mount to - work with privilege separation. - - In addition, Peter Astrand says: - - RedHat uses a patched version of OpenSSH, which always starts - off with calling PAM with bogus auth info. The idea is that - successful logins should take the same amount of time as - unsuccessful logins. See - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101157. - The problem is that pam_mount catches the first (empty) - password, and not the real one. Thus, the mount fails. - - I have found a solution to this problem: I have rearranged my - system-auth file like this: - - auth optional /lib/security/pam_mount.so - auth required /lib/security/pam_env.so - auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass - auth required /lib/security/pam_deny.so + addition, OpenSSH does not use PAM by default. OpenSSH before 4.9 + does not properly deal with PAM. See bugs.txt. + + [...] Finally, Darren Tucker has explained: diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/doc/install.txt new/pam_mount-0.43/doc/install.txt --- old/pam_mount-0.41/doc/install.txt 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/doc/install.txt 2008-07-16 21:31:54.000000000 +0200 @@ -28,4 +28,3 @@ * sshfs -- SFTP-over-SSH * ccgfs -- ccgfs-over-SSH (full operation support; mknod, acl, xattrs) * cifs-mount -- for CIFS and SMB shares - * davfs2 -- HTTP/WebDAV (needs pam_mount patch) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/doc/pam_mount.8 new/pam_mount-0.43/doc/pam_mount.8 --- old/pam_mount-0.41/doc/pam_mount.8 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/doc/pam_mount.8 2008-07-16 21:31:54.000000000 +0200 @@ -26,7 +26,7 @@ The module also supports mounting local filesystems of any kind the normal mount utility supports, with extra code to make sure certain volumes are set up properly because often they need more than just a mount call, such as encrypted -volumes. This includes SMB/CIFS, NCP, davfs2, FUSE, losetup crypto, +volumes. This includes SMB/CIFS, NCP, FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt-4.x. Truecrypt 5.x removed the CLI component that pam_mount requires. .PP diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/doc/pam_mount.conf.5 new/pam_mount-0.43/doc/pam_mount.conf.5 --- old/pam_mount-0.41/doc/pam_mount.conf.5 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/doc/pam_mount.conf.5 2008-07-16 21:31:54.000000000 +0200 @@ -10,7 +10,8 @@ to simplify the pam_mount code base while giving formatting freedom to the end\-user. Special characters like \fB<\fP, \fB>\fP and \fB&\fP that are used by XML itself must be encoded as \fB<\fP, \fB>\fP and \fB&\fP, -respectively, but these three symbols are unlikely to be seen often anyway. +respectively; additionally, \fB"\fP must be encoded as \fB"\fP within a +"" area, but these three/four symbols are unlikely to be seen often anyway. .PP Do not use comments inside elements taking verbatim text, like <lsof></lsof> - this is not handled by the pam_mount XML tree parser. @@ -65,7 +66,7 @@ may fail if the filesystem kernel module is not loaded yet, since \fBmount\fP(8) will check /proc/partitions. .IP "" -The fstypes \fBcifs\fP, \fBdavfs\fP, \fBsmbfs\fP, \fBncpfs\fP, \fBfuse\fP and +The fstypes \fBcifs\fP, \fBsmbfs\fP, \fBncpfs\fP, \fBfuse\fP and \fBtruecrypt\fP are overriden by pam_mount and we call the respective helpers directly without going thorugh \fBmount\fP(8), to have access to more options of the helper programs. @@ -152,7 +153,7 @@ Enables verbose output during login to stderr and syslog. Some programs do not cope with output sent on stderr, see doc/bugs.txt for a list. \fB0\fP disables debugging, \fB1\fP enables pam_mount tracing, and \fB2\fP additionally enables -tracing in mount.crypt. +tracing in mount.crypt. The default is \fB0\fP. .TP \fB<luserconf name="\fP\fI.pam_mount.conf.xml\fP\fB" />\fP Individual users may define additional volumes (usually in @@ -160,11 +161,15 @@ the presence of the \fB<luserconf>\fP element. With it, users may mount and unmount any volumes they specify. The mount operation is executed under the user account, not with root permissions. You also need at least an allow or -deny option list (see <mntoptions>). +deny option list (see <mntoptions>). Luserconfigs are disabled by default. .TP \fB<mntoptions allow="\fP\fIoptions,...\fP\fB" />\fP The <mntoptions> elements determine which options may be specified in per\-user configuration files (see <luserconf>). It does not apply to the master file. +Specifying <mntoptions> is forbidden and ignored in per\-user configs. +It defaults to \fIallow="nosuid,nodev"\fP, and the default is cleared when the +first <mntoptions allow="..."> tag is seen. All further <mntoptions> are +additive, though. .TP \fB<mntoptions deny="\fP\fIoptions,...\fP\fB" />\fP Any options listed in deny may not appear in the option list of per\-user @@ -173,6 +178,9 @@ \fB<mntoptions require="\fP\fIoptions,...\fP\fB" />\fP All options listed in require must appear in the option list of per\-user mounts. (Does not apply to the master file.) +It defaults to \fInosuid,nodev\fP, and the default is cleared when the +first <mntoptions require="..."> tag is seen. All further <mntoptions> are +additive, though. .TP \fB<path>\fP\fIdirectories...\fP\fB</path>\fP The default for the PATH environmental variable is not consistent across @@ -247,9 +255,9 @@ \fB<cifsmount>\fP\fImount.cifs ...\fP\fB</cifsmount>\fP .TP \fB<cryptmount>\fP\fImount.crypt ...\fP\fB</cryptmount>\fP -Mount helper for dm\-crypt and LUKS volumes. .TP -\fB<davmount>\fP\fImount.davfs ...\fP\fB</davmount>\fP +\fB<cryptumount>\fP\fIumount.crypt %(MNTPT)\fP\fB</cryptumount>\fP +Mount helpers for dm\-crypt and LUKS volumes. .TP \fB<fusemount>\fP\fImount.fuse ...\fP\fB</fusemount>\fP .TP @@ -354,10 +362,6 @@ .PP <volume user="user" fstype="ncpfs" server="krueger" path="public" mountpoint="/home/user/krueger" options="user=user.context" /> -.SS DAVFS -.PP -<volume fstype="davfs" server="https://inkscape.svn.sourceforge.net/" -path="/svnroot/inkscape/trunk" mountpoint="/projects/inkscape" /> .SS Bind mounts .PP This may come useful in conjunction with pam_chroot: diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/doc/pam_mount.txt new/pam_mount-0.43/doc/pam_mount.txt --- old/pam_mount-0.41/doc/pam_mount.txt 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/doc/pam_mount.txt 2008-07-16 21:31:54.000000000 +0200 @@ -29,8 +29,8 @@ normal mount utility supports, with extra code to make sure certain volumes are set up properly because often they need more than just a mount call, such as encrypted volumes. This includes SMB/CIFS, NCP, - davfs2, FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt-4.x. - Truecrypt 5.x removed the CLI component that pam_mount requires. + FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt-4.x. Truecrypt + 5.x removed the CLI component that pam_mount requires. If you intend to use pam_mount to protect volumes on your computer using an encrypted filesystem system, please know that there are many diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/Makefile.am new/pam_mount-0.43/Makefile.am --- old/pam_mount-0.41/Makefile.am 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/Makefile.am 2008-07-16 21:31:54.000000000 +0200 @@ -32,5 +32,5 @@ rm -Rf /tmp/${PACKAGE_NAME}-${PACKAGE_VERSION}; pushd ${top_srcdir} && git-archive --prefix=${PACKAGE_NAME}-${PACKAGE_VERSION}/ HEAD | tar -C /tmp -x && popd; pushd /tmp/${PACKAGE_NAME}-${PACKAGE_VERSION} && ./autogen.sh && popd; - tar -C /tmp -cjf ${PACKAGE_NAME}-${PACKAGE_VERSION}.tar.bz2 --owner=root --group=root ${PACKAGE_NAME}-${PACKAGE_VERSION}/; + tar --use=lzma -C /tmp -cf ${PACKAGE_NAME}-${PACKAGE_VERSION}.tar.lzma --owner=root --group=root ${PACKAGE_NAME}-${PACKAGE_VERSION}/; rm -Rf /tmp/${PACKAGE_NAME}-${PACKAGE_VERSION}; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/pam_mount.spec new/pam_mount-0.43/pam_mount.spec --- old/pam_mount-0.41/pam_mount.spec 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/pam_mount.spec 2008-07-16 21:31:54.000000000 +0200 @@ -1,15 +1,15 @@ -Name: pam_mount -Version: 0.41 -Release: 0 -Group: System/Libraries -Summary: A PAM module that can mount volumes for a user session -License: LGPL -URL: http://pam-mount.sf.net/ - -Source: http://heanet.dl.sf.net/sourceforge/pam-mount/%name-%version.tar.bz2 -BuildRequires: libtool pam-devel pkg-config -BuildRequires: openssl-devel >= 0.9.6, libxml2-devel >= 2.6 +Name: pam_mount +Version: 0.43 +Release: 0 +Group: System/Libraries +Summary: A PAM module that can mount volumes for a user session +License: LGPL +URL: http://pam-mount.sf.net/ + +Source: http://downloads.sf.net/pam-mount/%name-%version.tar.bz2 +BuildRequires: libtool pam-devel pkg-config +BuildRequires: openssl-devel >= 0.9.6, libxml2-devel >= 2.6 BuildRequires: libHX-devel >= 1.18 %if "%_vendor" == "suse" BuildRequires: linux-kernel-headers >= 2.6 @@ -26,8 +26,8 @@ Requires: cryptsetup-luks lsof psmisc samba-client %endif Requires(post): perl(XML::Writer) -BuildRoot: %_tmppath/%name-%version-build -Prefix: %_prefix +BuildRoot: %_tmppath/%name-%version-build +Prefix: %_prefix %description This module is aimed at environments with central file servers that a @@ -38,7 +38,7 @@ normal mount utility supports, with extra code to make sure certain volumes are set up properly because often they need more than just a mount call, such as encrypted volumes. This includes SMB/CIFS, NCP, -davfs2, FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt4. +FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt4. %if "%_vendor" != "redhat" %debug_package diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/scripts/convert_pam_mount_conf.pl new/pam_mount-0.43/scripts/convert_pam_mount_conf.pl --- old/pam_mount-0.41/scripts/convert_pam_mount_conf.pl 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/scripts/convert_pam_mount_conf.pl 2008-07-16 21:31:54.000000000 +0200 @@ -17,8 +17,8 @@ my $NEW_CONF = "-"; my $debug = 0; -&Getopt::Long::Configure(qw(bundling)); -&GetOptions( +Getopt::Long::Configure(qw(bundling)); +GetOptions( "i=s" => \$OLD_CONF, "o=s" => \$NEW_CONF, "d" => \$debug, @@ -60,28 +60,28 @@ $writer->startTag("pam_mount"); $writer->raw("\n\n"); -sub callback_debug(@) +sub callback_debug { my @fields = @_; $writer->emptyTag("debug", "enable" => $fields[1]); } -sub callback_mkmountpoint(@) +sub callback_mkmountpoint { my @fields = @_; $writer->emptyTag("mkmountpoint", "enable" => $fields[1]); } -sub callback_fsckloop(@) +sub callback_fsckloop { my @fields = @_; $writer->emptyTag("fsckloop", "device" => $fields[1]); } -sub callback_luserconf(@) +sub callback_luserconf { my @fields = @_; @@ -90,28 +90,28 @@ $fields[1], "\n"; } -sub callback_options_allow(@) +sub callback_options_allow { my @fields = @_; $writer->emptyTag("mntoptions", "allow" => $fields[1]); } -sub callback_options_deny(@) +sub callback_options_deny { my @fields = @_; $writer->emptyTag("mntoptions", "deny" => $fields[1]); } -sub callback_options_require(@) +sub callback_options_require { my @fields = @_; $writer->emptyTag("mntoptions", "require" => $fields[1]); } -sub callback_lsof(@) +sub callback_lsof { my @fields = @_; @@ -122,7 +122,7 @@ $writer->endTag("lsof"); } -sub callback_fsck(@) +sub callback_fsck { my @fields = @_; @@ -132,7 +132,7 @@ $writer->endTag("fsck"); } -sub callback_losetup(@) +sub callback_losetup { my @fields = @_; @@ -142,7 +142,7 @@ $writer->endTag("losetup"); } -sub callback_unlosetup(@) +sub callback_unlosetup { my @fields = @_; @@ -152,7 +152,7 @@ $writer->endTag("unlosetup"); } -sub callback_cifsmount(@) +sub callback_cifsmount { my @fields = @_; @@ -162,7 +162,7 @@ $writer->endTag("cifsmount"); } -sub callback_smbmount(@) +sub callback_smbmount { my @fields = @_; @@ -172,7 +172,7 @@ $writer->endTag("smbmount"); } -sub callback_ncpmount(@) +sub callback_ncpmount { my @fields = @_; @@ -182,7 +182,7 @@ $writer->endTag("ncpmount"); } -sub callback_smbumount(@) +sub callback_smbumount { my @fields = @_; @@ -192,7 +192,7 @@ $writer->endTag("smbumount"); } -sub callback_ncpumount(@) +sub callback_ncpumount { my @fields = @_; @@ -202,7 +202,7 @@ $writer->endTag("ncpumount"); } -sub callback_fusemount(@) +sub callback_fusemount { my @fields = @_; @@ -212,7 +212,7 @@ $writer->endTag("fusemount"); } -sub callback_fuseumount(@) +sub callback_fuseumount { my @fields = @_; @@ -222,7 +222,7 @@ $writer->endTag("fuseumount"); } -sub callback_umount(@) +sub callback_umount { my @fields = @_; @@ -232,7 +232,7 @@ $writer->endTag("umount"); } -sub callback_lclmount(@) +sub callback_lclmount { my @fields = @_; @@ -242,7 +242,7 @@ $writer->endTag("lclmount"); } -sub callback_cryptmount(@) +sub callback_cryptmount { my @fields = @_; @@ -252,7 +252,7 @@ $writer->endTag("cryptmount"); } -sub callback_nfsmount(@) +sub callback_nfsmount { my @fields = @_; @@ -262,12 +262,12 @@ $writer->endTag("nfsmount"); } -sub callback_mntagain(@) +sub callback_mntagain { # not translated - removed in pam_mount 0.32 } -sub callback_mntcheck(@) +sub callback_mntcheck { my @fields = @_; @@ -277,7 +277,7 @@ $writer->endTag("mntcheck"); } -sub callback_pmvarrun(@) +sub callback_pmvarrun { my @fields = @_; @@ -287,7 +287,7 @@ $writer->endTag("pmvarrun"); } -sub callback_volume(@) +sub callback_volume { my @fields = @_; @@ -368,7 +368,7 @@ $writer->emptyTag("volume", %attr ); } -sub parse_conf() +sub parse_conf { my @file; open(OUT, "< $OLD_CONF") || die "Cannot open $OLD_CONF: $!\n"; @@ -417,7 +417,7 @@ return 0; } -my $ret = &parse_conf(); +my $ret = parse_conf(); $writer->endTag("pam_mount"); $writer->end(); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/scripts/mount.crypt new/pam_mount-0.43/scripts/mount.crypt --- old/pam_mount-0.41/scripts/mount.crypt 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/scripts/mount.crypt 2008-07-16 21:31:54.000000000 +0200 @@ -183,7 +183,7 @@ fi; if [ "$DOFSCK" == "true" ]; then - fsck -p "/dev/mapper/$DMDEVICE"; + ${FSCK:-fsck -p} "/dev/mapper/$DMDEVICE"; if [ $? -gt 1 ]; then echo "${0##*/}: filesystem $DMDEVICE has errors" >&2; if [ "$LUKS" == true ]; then diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/crypto.c new/pam_mount-0.43/src/crypto.c --- old/pam_mount-0.41/src/crypto.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/crypto.c 2008-07-16 21:31:54.000000000 +0200 @@ -56,7 +56,6 @@ unsigned long err = ERR_get_error(); if (err != 0) l0g("%s: %s", msg, ERR_error_string(err, NULL)); - return; } /** diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/misc.c new/pam_mount-0.43/src/misc.c --- old/pam_mount-0.41/src/misc.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/misc.c 2008-07-16 21:31:54.000000000 +0200 @@ -41,7 +41,6 @@ static_cast(unsigned int, geteuid()), static_cast(unsigned int, getgid()), static_cast(unsigned int, getegid())); - return; } /** @@ -65,7 +64,6 @@ vsyslog(LOG_AUTH | LOG_ERR, format, arg2); va_end(args); va_end(arg2); - return; } /** @@ -89,7 +87,6 @@ vsyslog(LOG_AUTH | LOG_ERR, format, arg2); va_end(args); va_end(arg2); - return; } /** @@ -274,7 +271,6 @@ w4rn("command: %s\n", str); hmc_free(str); - return; } /** @@ -315,7 +311,6 @@ argv[*argc] = filled; argv[++*argc] = NULL; - return; } /** @@ -370,7 +365,6 @@ setenv("USER", real_user->pw_name, 1); } misc_dump_id("set_myuid<post>"); - return; } /** @@ -418,5 +412,4 @@ HXformat_add(v, "DOMAIN_NAME", domain, HXTYPE_STRING | HXFORMAT_IMMED); HXformat_add(v, "DOMAIN_USER", domain_user, HXTYPE_STRING); - return; } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/mount.c new/pam_mount-0.43/src/mount.c --- old/pam_mount-0.41/src/mount.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/mount.c 2008-07-16 21:31:54.000000000 +0200 @@ -94,7 +94,6 @@ } while (fgets(buf, sizeof(buf), fp) != NULL); } fclose(fp); - return; } /** @@ -132,7 +131,6 @@ if (waitpid(pid, NULL, 0) < 0) l0g("error waiting for child: %s\n", strerror(errno)); spawn_restore_sigchld(); - return; } @@ -322,7 +320,6 @@ match[s-1] = '\0'; break; } - return; } #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__APPLE__) @@ -379,7 +376,6 @@ w4rn("use_fstab: %d\n", vpt->use_fstab); w4rn("----------------------\n"); hmc_free(options); - return; } /** @@ -511,6 +507,9 @@ run_lsof(config, vinfo); switch (vpt->type) { + case CMD_CRYPTMOUNT: + type = CMD_CRYPTUMOUNT; + break; case CMD_SMBMOUNT: type = CMD_SMBUMOUNT; break; @@ -534,15 +533,6 @@ for (i = 0; config->command[type][i] != NULL; ++i) add_to_argv(_argv, &_argc, config->command[type][i], vinfo); - /* - * FIXME: ugly hack to support umount.crypt script. I hope that - * util-linux will have native dm_crypt support some day. - */ - if (vpt->type == CMD_CRYPTMOUNT) { - _argc = 0; - add_to_argv(_argv, &_argc, "/sbin/umount.crypt", vinfo); - add_to_argv(_argv, &_argc, "%(MNTPT)", vinfo); - } log_argv(_argv); if (!spawn_start(_argv, &pid, NULL, NULL, &cstderr, set_myuid, NULL)) { ret = 0; @@ -714,6 +704,15 @@ assert(password_len >= 0 && password_len <= MAX_PAR + EVP_MAX_BLOCK_LENGTH); + if (vpt->type == CMD_CRYPTMOUNT) + /* + * Cryptmount involves dm-crypt or LUKS, so using the raw + * device as fsck target is meaningless. + * So we do _not_ set FSCKTARGET in vinfo at all, and + * mount_set_fsck() depends on this behavior. + */ + return 0; + fsck_target = vpt->volume; if (config->command[CMD_FSCK][0] == NULL) { @@ -735,8 +734,6 @@ w4rn("volume not a loopback (options: %s)\n", options); hmc_free(options); } - /* FIXME: NEW */ - /* FIXME: need to fsck /dev/mapper/whatever... */ format_add(vinfo, "FSCKTARGET", fsck_target); for (i = 0; config->command[CMD_FSCK][i]; ++i) add_to_argv(_argv, &_argc, config->command[CMD_FSCK][i], vinfo); @@ -767,6 +764,36 @@ } /** + * mount_set_fsck - set the FSCK environment variable for mount.crypt + * @config: configuration + * @vol: current volume + * @vinfo: variable substituions + */ +static void mount_set_fsck(const struct config *config, + const struct vol *vol, struct HXbtree *vinfo) +{ + hmc_t *string, *current; + unsigned int i; + + if (vol->type != CMD_CRYPTMOUNT) + return; + + format_add(vinfo, "FSCKTARGET", ""); + string = hmc_sinit(""); + for (i = 0; config->command[CMD_FSCK][i] != NULL; ++i) { + if (HXformat_aprintf(vinfo, ¤t, + config->command[CMD_FSCK][i]) > 0) { + hmc_strcat(&string, current); + hmc_strcat(&string, " "); + } + hmc_free(current); + } + + setenv("FSCK", string, true); + hmc_free(string); +} + +/** * do_mount - * @config: current config * @vpt: volume descriptor @@ -866,6 +893,8 @@ /* send password down pipe to mount process */ if (vpt->type == CMD_SMBMOUNT || vpt->type == CMD_CIFSMOUNT) setenv("PASSWD_FD", "0", 1); + + mount_set_fsck(config, vpt, vinfo); log_argv(_argv); mount_user = strcmp(vpt->fstype, "fuse") == 0 ? vpt->user : NULL; @@ -892,8 +921,7 @@ spawn_restore_sigchld(); if (Debug) - if (system("df -Ta") < 0) - ; + spawn_synchronous((const char *const []){"df", "-Ta", NULL}); /* pass on through the result from the umount process */ return !WEXITSTATUS(child_exit); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/pam_mount.c new/pam_mount-0.43/src/pam_mount.c --- old/pam_mount-0.41/src/pam_mount.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/pam_mount.c 2008-07-16 21:31:54.000000000 +0200 @@ -14,6 +14,7 @@ #include <security/pam_appl.h> #include <security/pam_modules.h> +#include <sys/mman.h> #include <sys/types.h> #include <sys/wait.h> #include <assert.h> @@ -92,7 +93,6 @@ else w4rn("bad pam_mount option \"%s\"\n", argv[i]); } - return; } /** @@ -108,7 +108,6 @@ { w4rn("Clean global config (%d)\n", err); freeconfig(data); - return; } /** @@ -124,14 +123,14 @@ */ static void clean_system_authtok(pam_handle_t *pamh, void *data, int errcode) { - w4rn("clean system authtok (%d)\n", errcode); -/* + w4rn("clean system authtok=%p (%d)\n", data, errcode); + if (data != NULL) { - memset(data, 0, strlen(data)); + unsigned int len = strlen(data) + 1; + memset(data, 0, len); + munlock(data, len); free(data); } -*/ - return; } /** @@ -304,13 +303,15 @@ ret = PAM_AUTH_ERR; goto out; } - w4rn("saving authtok for session code\n"); + w4rn("saving authtok for session code (authtok=%p)\n", authtok); ret = pam_set_data(pamh, "pam_mount_system_authtok", authtok, clean_system_authtok); if (ret != PAM_SUCCESS) { l0g("error trying to save authtok for session code\n"); goto out; } + if (mlock(authtok, strlen(authtok) + 1) < 0) + w4rn("mlock authtok: %s\n", strerror(errno)); assert(ret != PAM_SUCCESS || pam_get_data(pamh, "pam_mount_system_authtok", &tmp) == PAM_SUCCESS); @@ -331,7 +332,6 @@ { envpath_saved = getenv("PATH"); setenv("PATH", new_path, true); - return; } static void envpath_restore(void) @@ -340,7 +340,6 @@ unsetenv("PATH"); else setenv("PATH", envpath_saved, true); - return; } /** diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/pam_mount.h new/pam_mount-0.43/src/pam_mount.h --- old/pam_mount-0.41/src/pam_mount.h 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/pam_mount.h 2008-07-16 21:31:54.000000000 +0200 @@ -34,4 +34,9 @@ extern struct config Config; extern struct pam_args Args; +/* + * SPAWN.C + */ +extern int spawn_synchronous(const char *const *); + #endif /* PMT_PAM_MOUNT_H */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/pmvarrun.c new/pam_mount-0.43/src/pmvarrun.c --- old/pam_mount-0.41/src/pmvarrun.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/pmvarrun.c 2008-07-16 21:31:54.000000000 +0200 @@ -84,7 +84,6 @@ { *settings->user = '\0'; settings->operation = 1; - return; } /* @@ -155,7 +154,6 @@ break; } } - return; } /** diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/private.h new/pam_mount-0.43/src/private.h --- old/pam_mount-0.41/src/private.h 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/private.h 2008-07-16 21:31:54.000000000 +0200 @@ -25,13 +25,13 @@ CMD_SMBMOUNT, CMD_SMBUMOUNT, CMD_CIFSMOUNT, - CMD_DAVMOUNT, CMD_NCPMOUNT, CMD_NCPUMOUNT, CMD_FUSEMOUNT, CMD_FUSEUMOUNT, CMD_LCLMOUNT, CMD_CRYPTMOUNT, + CMD_CRYPTUMOUNT, CMD_NFSMOUNT, CMD_UMOUNT, CMD_PMHELPER, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/rdconf1.c new/pam_mount-0.43/src/rdconf1.c --- old/pam_mount-0.41/src/rdconf1.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/rdconf1.c 2008-07-16 21:31:54.000000000 +0200 @@ -49,6 +49,11 @@ CMDA_PATH, }; +enum { + OPT_TREE_FLAGS = + HXBT_MAP | HXBT_CKEY | HXBT_SCMP | HXBT_CID, +}; + struct callbackmap { const char *name; const char *(*func)(xmlNode *, struct config *, unsigned int); @@ -69,6 +74,7 @@ /* Variables */ static const struct callbackmap cf_tags[]; static const struct pmt_command default_command[]; +static bool onetime_options_allow, onetime_options_require; //----------------------------------------------------------------------------- /** @@ -129,14 +135,80 @@ free(config->msg_authpw); free(config->msg_sessionpw); free(config->path); - return; +} + +/** + * str_to_optlist - + * @optlist: destination list + * @str: string to parse + * + * Break down @str into its option. This function modifies @str in-place. + * This is ok, since it is already an allocated string (i.e. does belong to + * pam_mount). Caller frees it anyway right away. + */ +static bool str_to_optkv(struct HXclist_head *optlist, char *str) +{ + char *value, *ptr; + struct kvp *kvp; + + if (str == NULL || *str == '\0') + return true; + + while ((ptr = HX_strsep(&str, ",")) != NULL) { + kvp = xmalloc(sizeof(struct kvp)); + if (kvp == NULL) + return false; + HXlist_init(&kvp->list); + value = strchr(ptr, '='); + if (value != NULL) { + *value++ = '\0'; + kvp->key = xstrdup(ptr); + kvp->value = xstrdup(value); + if (kvp->key == NULL || kvp->value == NULL) + goto out; + HXclist_push(optlist, &kvp->list); + } else { + kvp->key = xstrdup(ptr); + if (kvp->key == NULL) + goto out; + kvp->value = NULL; + HXclist_push(optlist, &kvp->list); + } + } + + return true; + out: + free(kvp->key); + free(kvp->value); + free(kvp); + return false; +} + +static bool str_to_optlist(struct HXbtree *optlist, char *str) +{ + char *value, *ptr; + + if (str == NULL || *str == '\0') + return true; + + while ((ptr = HX_strsep(&str, ",")) != NULL) { + value = strchr(ptr, '='); + if (value != NULL) { + *value++ = '\0'; + HXbtree_add(optlist, ptr, value); + } else { + HXbtree_add(optlist, ptr, NULL); + } + } + + return true; } void initconfig(struct config *config) { unsigned int i, j; - static const unsigned int flags = - HXBT_MAP | HXBT_CKEY | HXBT_SCMP | HXBT_CID; + char options_allow[] = "nosuid,nodev"; + char options_require[] = "nosuid,nodev";; memset(config, 0, sizeof(*config)); config->debug = true; @@ -154,12 +226,12 @@ config->command[default_command[i].type][j] = xstrdup(default_command[i].def[j]); - config->options_allow = HXbtree_init(flags); - config->options_require = HXbtree_init(flags); - config->options_deny = HXbtree_init(flags); - + config->options_allow = HXbtree_init(OPT_TREE_FLAGS); + config->options_require = HXbtree_init(OPT_TREE_FLAGS); + config->options_deny = HXbtree_init(OPT_TREE_FLAGS); + str_to_optlist(config->options_allow, options_allow); + str_to_optlist(config->options_require, options_require); HXclist_init(&config->volume_list); - return; } bool readconfig(const char *file, bool global_conf, struct config *config) @@ -559,73 +631,6 @@ return NULL; } -/** - * str_to_optlist - - * @optlist: destination list - * @str: string to parse - * - * Break down @str into its option. This function modifies @str in-place. - * This is ok, since it is already an allocated string (i.e. does not - * belong to libxml but to pam_mount). Caller frees it anyway right away. - */ -static bool str_to_optkv(struct HXclist_head *optlist, char *str) -{ - char *value, *ptr; - struct kvp *kvp; - - if (str == NULL || *str == '\0') - return true; - - while ((ptr = HX_strsep(&str, ",")) != NULL) { - kvp = xmalloc(sizeof(struct kvp)); - if (kvp == NULL) - return false; - HXlist_init(&kvp->list); - value = strchr(ptr, '='); - if (value != NULL) { - *value++ = '\0'; - kvp->key = xstrdup(ptr); - kvp->value = xstrdup(value); - if (kvp->key == NULL || kvp->value == NULL) - goto out; - HXclist_push(optlist, &kvp->list); - } else { - kvp->key = xstrdup(ptr); - if (kvp->key == NULL) - goto out; - kvp->value = NULL; - HXclist_push(optlist, &kvp->list); - } - } - - return true; - out: - free(kvp->key); - free(kvp->value); - free(kvp); - return false; -} - -static bool str_to_optlist(struct HXbtree *optlist, char *str) -{ - char *value, *ptr; - - if (str == NULL || *str == '\0') - return true; - - while ((ptr = HX_strsep(&str, ",")) != NULL) { - value = strchr(ptr, '='); - if (value != NULL) { - *value++ = '\0'; - HXbtree_add(optlist, ptr, value); - } else { - HXbtree_add(optlist, ptr, NULL); - } - } - - return true; -} - static const char *rc_mntoptions(xmlNode *node, struct config *config, unsigned int command) { @@ -636,6 +641,11 @@ return "Tried to set <mntoptions allow=...> from user config"; if ((options = xmlGetProp_2s(node, "allow")) != NULL) { + if (!onetime_options_allow) { + HXbtree_free(config->options_allow); + config->options_allow = HXbtree_init(OPT_TREE_FLAGS); + onetime_options_allow = true; + } ret = str_to_optlist(config->options_allow, options); free(options); if (!ret) @@ -650,6 +660,11 @@ } if ((options = xmlGetProp_2s(node, "require")) != NULL) { + if (!onetime_options_require) { + HXbtree_free(config->options_require); + config->options_require = HXbtree_init(OPT_TREE_FLAGS); + onetime_options_require = true; + } ret = str_to_optlist(config->options_require, options); free(options); if (!ret) @@ -729,7 +744,7 @@ */ static int rc_volume_cond_or(const struct passwd *pwd, xmlNode *node) { - unsigned int count; + unsigned int count = 0; int ret; for (node = node->children; node != NULL; node = node->next) { @@ -794,7 +809,7 @@ static int rc_volume_cond_not(const struct passwd *pwd, xmlNode *node) { unsigned int count = 0; - bool ret; + bool ret = true; for (node = node->children; node != NULL; node = node->next) { if (node->type != XML_ELEMENT_NODE) @@ -1231,7 +1246,6 @@ {CMD_SMBMOUNT, "smbfs", "smbmount", {"smbmount", "//%(SERVER)/%(VOLUME)", "%(MNTPT)", "-o", "username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)", NULL}}, {CMD_SMBUMOUNT, "smbfs", "smbumount", {"smbumount", "%(MNTPT)", NULL}}, {CMD_CIFSMOUNT, "cifs", "cifsmount", {"mount", "-t", "cifs", "//%(SERVER)/%(VOLUME)", "%(MNTPT)", "-o", "username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)", NULL}}, - {CMD_DAVMOUNT, "davfs", "davmount", {"mount", "-t", "davfs", "%(SERVER)/%(VOLUME)", "%(MNTPT)", "-o", "username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)", NULL}}, {CMD_NCPMOUNT, "ncpfs", "ncpmount", {"ncpmount", "%(SERVER)/%(USER)", "%(MNTPT)", "-o", "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)", NULL}}, {CMD_NCPUMOUNT, "ncpfs", "ncpumount", {"ncpumount", "%(MNTPT)", NULL}}, {CMD_FUSEMOUNT, "fuse", "fusemount", {"mount.fuse", "%(VOLUME)", "%(MNTPT)", "%(before=\"-o \" OPTIONS)", NULL}}, @@ -1241,6 +1255,7 @@ {CMD_LCLMOUNT, NULL, "lclmount", {"mount", "-p0", "-t", "%(FSTYPE)", "%(VOLUME)", "%(MNTPT)", "%(before=\"-o\" OPTIONS)", NULL}}, /* Hope to have this in util-linux (LCLMOUNT) some day: */ {CMD_CRYPTMOUNT, "crypt", "cryptmount", {"mount.crypt", "%(before=\"-o \" OPTIONS)", "%(VOLUME)", "%(MNTPT)", NULL}}, + {CMD_CRYPTUMOUNT, "crypt", "cryptumount", {"umount.crypt", "%(MNTPT)", NULL}}, {CMD_UMOUNT, NULL, "umount", {"umount", "%(MNTPT)", NULL}}, {CMD_LSOF, NULL, "lsof", {"lsof", "%(MNTPT)", NULL}}, /* @@ -1262,7 +1277,6 @@ static const struct callbackmap cf_tags[] = { {"cifsmount", rc_command, CMD_CIFSMOUNT}, {"cryptmount", rc_command, CMD_CRYPTMOUNT}, - {"davmount", rc_command, CMD_DAVMOUNT}, {"debug", rc_debug, CMD_NONE}, {"fd0ssh", rc_command, CMD_FD0SSH}, {"fsckloop", rc_fsckloop, CMD_NONE}, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/rdconf2.c new/pam_mount-0.43/src/rdconf2.c --- old/pam_mount-0.41/src/rdconf2.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/rdconf2.c 2008-07-16 21:31:54.000000000 +0200 @@ -184,8 +184,7 @@ return false; } if (vpt->type == CMD_SMBMOUNT || vpt->type == CMD_CIFSMOUNT || - vpt->type == CMD_NCPMOUNT || vpt->type == CMD_NFSMOUNT || - vpt->type == CMD_DAVMOUNT) + vpt->type == CMD_NCPMOUNT || vpt->type == CMD_NFSMOUNT) if (strlen(vpt->server) == 0) { l0g("remote mount type specified without server\n"); return false; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_mount-0.41/src/spawn.c new/pam_mount-0.43/src/spawn.c --- old/pam_mount-0.41/src/spawn.c 2008-06-17 11:20:07.000000000 +0200 +++ new/pam_mount-0.43/src/spawn.c 2008-07-16 21:31:54.000000000 +0200 @@ -1,26 +1,13 @@ -/*============================================================================= -pam_mount - spawn.c - Copyright © CC Computer Consultants GmbH, 2006 - 2007 - Contact: Jan Engelhardt <jengelh [at] computergmbh de> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this program; if not, write to: - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, - Boston, MA 02110-1301 USA - - -- For details, see the file named "LICENSE.LGPL2" -=============================================================================*/ +/* + * Copyright © Jan Engelhardt, 2006 - 2008 + * + * This file is part of pam_mount; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the License, or (at your option) any later version. + */ #include <sys/types.h> +#include <sys/wait.h> #include <errno.h> #include <signal.h> #include <stdbool.h> @@ -29,6 +16,7 @@ #include <string.h> #include <unistd.h> #include "misc.h" +#include "pam_mount.h" #include "spawn.h" /* Variables */ @@ -75,7 +63,6 @@ close(p[1][1]); close(p[2][0]); close(p[2][1]); - return; } /** @@ -152,6 +139,21 @@ } /** + * spawn_synchronous - like system(), but uses argz array + */ +int spawn_synchronous(const char *const *argv) +{ + pid_t pid; + int ret; + + if (!spawn_start(argv, &pid, NULL, NULL, NULL, NULL, NULL)) + return false; + waitpid(pid, &ret, 0); + spawn_restore_sigchld(); + return ret; +} + +/** * spawn_set_sigchld - * * Save the old SIGCHLD handler and then set SIGCHLD to SIG_DFL. This is used ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de