Hello community,
here is the log from the commit of package cryptconfig
checked in at Mon Nov 12 21:44:02 CET 2007.
--------
--- cryptconfig/cryptconfig.changes 2007-11-02 17:22:49.000000000 +0100
+++ /mounts/work_src_done/STABLE/cryptconfig/cryptconfig.changes 2007-11-12 19:34:34.698847000 +0100
@@ -1,0 +2,6 @@
+Mon Nov 12 19:34:00 CET 2007 - crivera@suse.de
+
+- Update cryptconfig to use new pam_mount xml config format.
+- Use pam-config to modify PAM service files.
+
+-------------------------------------------------------------------
Old:
----
cryptconfig-0.1.0.tar.gz
New:
----
cryptconfig-0.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cryptconfig.spec ++++++
--- /var/tmp/diff_new_pack.Q18213/_old 2007-11-12 21:43:40.000000000 +0100
+++ /var/tmp/diff_new_pack.Q18213/_new 2007-11-12 21:43:40.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package cryptconfig (Version 0.1.0)
+# spec file for package cryptconfig (Version 0.2)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,15 +11,15 @@
# norootforbuild
Name: cryptconfig
-Version: 0.1.0
-Release: 79
+Version: 0.2
+Release: 1
Group: System/Base
License: GPL v2 or later
Summary: A Utility to Configure Encrypted Home Directories and LUKS Partitions
AutoReqProv: on
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Requires: util-linux cryptsetup pam_mount >= 0.18-32 glib2 >= 2.8 openssl >= 0.9.7
-BuildRequires: cryptsetup glib2-devel >= 2.8 intltool openssl-devel >= 0.9.7 pam-devel util-linux
+Requires: util-linux cryptsetup pam_mount >= 0.20 glib2 >= 2.8 openssl >= 0.9.7 libxml2 pam-config >= 0.21
+BuildRequires: cryptsetup glib2-devel >= 2.8 intltool libxml2-devel openssl-devel >= 0.9.7 pam-config >= 0.21 pam-devel util-linux
Source: %{name}-%{version}.tar.gz
%description
@@ -61,6 +61,9 @@
%{_sysconfdir}/cryptconfig.conf
%doc %{_mandir}/man8/cryptconfig.8.gz
%changelog
+* Mon Nov 12 2007 - crivera@suse.de
+- Update cryptconfig to use new pam_mount xml config format.
+- Use pam-config to modify PAM service files.
* Fri Nov 02 2007 - crivera@suse.de
- Don't fail if some pam service files don't exist. This fixes
326794.
++++++ cryptconfig-0.1.0.tar.gz -> cryptconfig-0.2.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/ChangeLog new/cryptconfig-0.2/ChangeLog
--- old/cryptconfig-0.1.0/ChangeLog 2007-11-02 17:15:39.000000000 +0100
+++ new/cryptconfig-0.2/ChangeLog 2007-11-12 20:33:22.000000000 +0100
@@ -1,3 +1,16 @@
+2007-11-08 Chris Rivera
+
+ * src/cryptconfig-lib.c:
+
+ Add support for parsing the new pam_mount xml
+ config file.
+
+ Use pam-config to add pam_mount and pam_cryptpass
+ to the pam service files instead of doing it
+ myself.
+
+ Update the unit tests.
+
2007-11-02 Chris Rivera
* src/cryptconfig-lib.c: Don't fail if
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/configure new/cryptconfig-0.2/configure
--- old/cryptconfig-0.1.0/configure 2007-11-02 17:15:56.000000000 +0100
+++ new/cryptconfig-0.2/configure 2007-11-07 18:54:08.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for cryptconfig 0.1.0.
+# Generated by GNU Autoconf 2.61 for cryptconfig 0.2.
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
@@ -726,8 +726,8 @@
# Identity of this package.
PACKAGE_NAME='cryptconfig'
PACKAGE_TARNAME='cryptconfig'
-PACKAGE_VERSION='0.1.0'
-PACKAGE_STRING='cryptconfig 0.1.0'
+PACKAGE_VERSION='0.2'
+PACKAGE_STRING='cryptconfig 0.2'
PACKAGE_BUGREPORT=''
# Factoring default headers for most tests.
@@ -919,9 +919,12 @@
PKG_CONFIG
GLIB_CFLAGS
GLIB_LIBS
+LIBXML_CFLAGS
+LIBXML_LIBS
DU_BIN_PATH
MKFS_BIN_PATH
CRYPTSETUP_BIN_PATH
+PAMCONFIG_BIN_PATH
PAM_MODDIR
LTLIBOBJS'
ac_subst_files=''
@@ -942,7 +945,9 @@
FFLAGS
PKG_CONFIG
GLIB_CFLAGS
-GLIB_LIBS'
+GLIB_LIBS
+LIBXML_CFLAGS
+LIBXML_LIBS'
# Initialize some variables set by options.
@@ -1445,7 +1450,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cryptconfig 0.1.0 to adapt to many kinds of systems.
+\`configure' configures cryptconfig 0.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1515,7 +1520,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cryptconfig 0.1.0:";;
+ short | recursive ) echo "Configuration of cryptconfig 0.2:";;
esac
cat <<\_ACEOF
@@ -1558,6 +1563,9 @@
PKG_CONFIG path to pkg-config utility
GLIB_CFLAGS C compiler flags for GLIB, overriding pkg-config
GLIB_LIBS linker flags for GLIB, overriding pkg-config
+ LIBXML_CFLAGS
+ C compiler flags for LIBXML, overriding pkg-config
+ LIBXML_LIBS linker flags for LIBXML, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
@@ -1622,7 +1630,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cryptconfig configure 0.1.0
+cryptconfig configure 0.2
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1636,7 +1644,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cryptconfig $as_me 0.1.0, which was
+It was created by cryptconfig $as_me 0.2, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2326,7 +2334,7 @@
# Define the identity of the package.
PACKAGE=cryptconfig
- VERSION=0.1.0
+ VERSION=0.2
cat >>confdefs.h <<_ACEOF
@@ -4485,7 +4493,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 4488 "configure"' > conftest.$ac_ext
+ echo '#line 4496 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -7222,11 +7230,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7225: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7233: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7229: \$? = $ac_status" >&5
+ echo "$as_me:7237: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -7512,11 +7520,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7515: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7523: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7519: \$? = $ac_status" >&5
+ echo "$as_me:7527: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -7616,11 +7624,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7619: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7627: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7623: \$? = $ac_status" >&5
+ echo "$as_me:7631: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -9965,7 +9973,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+ (eval echo "\"\$as_me:12496: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:12492: \$? = $ac_status" >&5
+ echo "$as_me:12500: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -12589,11 +12597,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:12592: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:12600: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:12596: \$? = $ac_status" >&5
+ echo "$as_me:12604: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -14151,11 +14159,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14154: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:14162: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:14158: \$? = $ac_status" >&5
+ echo "$as_me:14166: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -14255,11 +14263,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14258: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:14266: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:14262: \$? = $ac_status" >&5
+ echo "$as_me:14270: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -16442,11 +16450,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16445: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16453: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:16449: \$? = $ac_status" >&5
+ echo "$as_me:16457: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -16732,11 +16740,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16735: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16743: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:16739: \$? = $ac_status" >&5
+ echo "$as_me:16747: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -16836,11 +16844,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16839: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16847: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:16843: \$? = $ac_status" >&5
+ echo "$as_me:16851: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -22475,6 +22483,120 @@
+
+pkg_failed=no
+{ echo "$as_me:$LINENO: checking for LIBXML" >&5
+echo $ECHO_N "checking for LIBXML... $ECHO_C" >&6; }
+
+if test -n "$PKG_CONFIG"; then
+ if test -n "$LIBXML_CFLAGS"; then
+ pkg_cv_LIBXML_CFLAGS="$LIBXML_CFLAGS"
+ else
+ if test -n "$PKG_CONFIG" && \
+ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\"") >&5
+ ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ pkg_cv_LIBXML_CFLAGS=`$PKG_CONFIG --cflags "libxml-2.0" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ fi
+else
+ pkg_failed=untried
+fi
+if test -n "$PKG_CONFIG"; then
+ if test -n "$LIBXML_LIBS"; then
+ pkg_cv_LIBXML_LIBS="$LIBXML_LIBS"
+ else
+ if test -n "$PKG_CONFIG" && \
+ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\"") >&5
+ ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ pkg_cv_LIBXML_LIBS=`$PKG_CONFIG --libs "libxml-2.0" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ fi
+else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ LIBXML_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libxml-2.0"`
+ else
+ LIBXML_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libxml-2.0"`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$LIBXML_PKG_ERRORS" >&5
+
+ { { echo "$as_me:$LINENO: error: Package requirements (libxml-2.0) were not met:
+
+$LIBXML_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables LIBXML_CFLAGS
+and LIBXML_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+" >&5
+echo "$as_me: error: Package requirements (libxml-2.0) were not met:
+
+$LIBXML_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables LIBXML_CFLAGS
+and LIBXML_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+" >&2;}
+ { (exit 1); exit 1; }; }
+elif test $pkg_failed = untried; then
+ { { echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables LIBXML_CFLAGS
+and LIBXML_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see http://www.freedesktop.org/software/pkgconfig.
+See \`config.log' for more details." >&5
+echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables LIBXML_CFLAGS
+and LIBXML_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see http://www.freedesktop.org/software/pkgconfig.
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ LIBXML_CFLAGS=$pkg_cv_LIBXML_CFLAGS
+ LIBXML_LIBS=$pkg_cv_LIBXML_LIBS
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ :
+fi
+
+
+
# Extract the first word of "du", so it can be a program name with args.
set dummy du; ac_word=$2
{ echo "$as_me:$LINENO: checking for $ac_word" >&5
@@ -22615,6 +22737,53 @@
{ (exit 1); exit 1; }; }
fi
+# Extract the first word of "pam-config", so it can be a program name with args.
+set dummy pam-config; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_PAMCONFIG_BIN_PATH+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $PAMCONFIG_BIN_PATH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PAMCONFIG_BIN_PATH="$PAMCONFIG_BIN_PATH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/sbin:/usr/sbin"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PAMCONFIG_BIN_PATH="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PAMCONFIG_BIN_PATH=$ac_cv_path_PAMCONFIG_BIN_PATH
+if test -n "$PAMCONFIG_BIN_PATH"; then
+ { echo "$as_me:$LINENO: result: $PAMCONFIG_BIN_PATH" >&5
+echo "${ECHO_T}$PAMCONFIG_BIN_PATH" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+if ! test -x "$PAMCONFIG_BIN_PATH"; then
+ { { echo "$as_me:$LINENO: error: pam-config is not installed." >&5
+echo "$as_me: error: pam-config is not installed." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
case "$host" in
*-*-linux*)
# See also <configure-flags> in pam_mount.xml.
@@ -23059,7 +23228,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cryptconfig $as_me 0.1.0, which was
+This file was extended by cryptconfig $as_me 0.2, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23112,7 +23281,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-cryptconfig config.status 0.1.0
+cryptconfig config.status 0.2
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
@@ -23497,14 +23666,17 @@
PKG_CONFIG!$PKG_CONFIG$ac_delim
GLIB_CFLAGS!$GLIB_CFLAGS$ac_delim
GLIB_LIBS!$GLIB_LIBS$ac_delim
+LIBXML_CFLAGS!$LIBXML_CFLAGS$ac_delim
+LIBXML_LIBS!$LIBXML_LIBS$ac_delim
DU_BIN_PATH!$DU_BIN_PATH$ac_delim
MKFS_BIN_PATH!$MKFS_BIN_PATH$ac_delim
CRYPTSETUP_BIN_PATH!$CRYPTSETUP_BIN_PATH$ac_delim
+PAMCONFIG_BIN_PATH!$PAMCONFIG_BIN_PATH$ac_delim
PAM_MODDIR!$PAM_MODDIR$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 61; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 64; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/configure.in new/cryptconfig-0.2/configure.in
--- old/cryptconfig-0.1.0/configure.in 2007-07-06 23:03:54.000000000 +0200
+++ new/cryptconfig-0.2/configure.in 2007-11-06 22:53:46.000000000 +0100
@@ -1,7 +1,7 @@
AC_PREREQ(2.52)
-AC_INIT(cryptconfig, 0.1.0)
-AM_INIT_AUTOMAKE(cryptconfig, 0.1.0)
+AC_INIT(cryptconfig, 0.2)
+AM_INIT_AUTOMAKE(cryptconfig, 0.2)
AM_MAINTAINER_MODE
AM_CONFIG_HEADER(config.h)
@@ -69,6 +69,13 @@
AC_SUBST(GLIB_LIBS)
dnl
+dnl Check for libxml2
+dnl
+PKG_CHECK_MODULES(LIBXML, libxml-2.0)
+AC_SUBST(LIBXML_CFLAGS)
+AC_SUBST(LIBXML_LIBS)
+
+dnl
dnl Checks for required binaries
dnl
AC_PATH_PROG(DU_BIN_PATH, du)
@@ -86,6 +93,11 @@
AC_MSG_ERROR(cryptsetup is not installed.)
fi
+AC_PATH_PROG(PAMCONFIG_BIN_PATH, pam-config, [], [$PATH:/sbin:/usr/sbin])
+if ! test -x "$PAMCONFIG_BIN_PATH"; then
+ AC_MSG_ERROR(pam-config is not installed.)
+fi
+
case "$host" in
*-*-linux*)
# See also <configure-flags> in pam_mount.xml.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/Makefile.in new/cryptconfig-0.2/Makefile.in
--- old/cryptconfig-0.1.0/Makefile.in 2007-11-02 17:15:55.000000000 +0100
+++ new/cryptconfig-0.2/Makefile.in 2007-11-07 18:54:07.000000000 +0100
@@ -156,6 +156,8 @@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_LIBS = @LIBXML_LIBS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
@@ -171,6 +173,7 @@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
+PAMCONFIG_BIN_PATH = @PAMCONFIG_BIN_PATH@
PAM_MODDIR = @PAM_MODDIR@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/man/Makefile.in new/cryptconfig-0.2/man/Makefile.in
--- old/cryptconfig-0.1.0/man/Makefile.in 2007-11-02 17:15:54.000000000 +0100
+++ new/cryptconfig-0.2/man/Makefile.in 2007-11-07 18:54:07.000000000 +0100
@@ -123,6 +123,8 @@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_LIBS = @LIBXML_LIBS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
@@ -138,6 +140,7 @@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
+PAMCONFIG_BIN_PATH = @PAMCONFIG_BIN_PATH@
PAM_MODDIR = @PAM_MODDIR@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/cryptconfig.c new/cryptconfig-0.2/src/cryptconfig.c
--- old/cryptconfig-0.1.0/src/cryptconfig.c 2007-11-02 17:12:48.000000000 +0100
+++ new/cryptconfig-0.2/src/cryptconfig.c 2007-11-06 21:17:19.000000000 +0100
@@ -1058,7 +1058,7 @@
g_option_context_free (ctx);
if (remove_all) {
- ret = disable_pam_mount_all ();
+ ret = disable_pam_mount (NULL);
} else {
pent = getpwnam (argv[2]);
if (!pent) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/cryptconfig.h new/cryptconfig-0.2/src/cryptconfig.h
--- old/cryptconfig-0.1.0/src/cryptconfig.h 2007-11-02 17:12:48.000000000 +0100
+++ new/cryptconfig-0.2/src/cryptconfig.h 2007-11-06 21:16:39.000000000 +0100
@@ -14,7 +14,7 @@
#define BUFF_SIZE 256
#define KEY_FILE_SIZE_THRESHOLD 1048576
#define PAM_SERVICES_DIR "/etc/pam.d"
-#define PAM_MOUNT_CONF "/etc/security/pam_mount.conf"
+#define PAM_MOUNT_CONF "/etc/security/pam_mount.conf.xml"
#define CRYPTCONFIG_CONF SYSCONFDIR "/cryptconfig.conf"
gboolean luks_close (char *map_name);
@@ -50,7 +50,6 @@
gboolean pam_mount_is_setup_for_user (const char * user, char **image, char **key);
gboolean enable_pam_mount (const char *user, const char *image_file, const char *key_file);
gboolean disable_pam_mount (const char *user);
-gboolean disable_pam_mount_all (void);
gchar *path_to_map_name (const char *path);
gboolean unlock_image (const char *image_file, const char *key_file, char **map_device, char **loop_dev);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/cryptconfig-lib.c new/cryptconfig-0.2/src/cryptconfig-lib.c
--- old/cryptconfig-0.1.0/src/cryptconfig-lib.c 2007-11-02 17:14:29.000000000 +0100
+++ new/cryptconfig-0.2/src/cryptconfig-lib.c 2007-11-07 21:58:28.000000000 +0100
@@ -37,9 +37,21 @@
#include
#include
#include
+#include
#include "cryptconfig.h"
+typedef enum {
+ PAM_CONFIG_TYPE_MOUNT,
+ PAM_CONFIG_TYPE_CRYPTPASS,
+ PAM_CONFIG_TYPE_CRYPTPASS_PASSWD
+} PamConfigType;
+
+typedef enum {
+ PAM_CONFIG_OP_ADD,
+ PAM_CONFIG_OP_REMOVE
+} PamConfigOp;
+
typedef gboolean (*LineMatchFunc) (char *, void *);
static long fs_min_sizes[] = { 10, 10, 40 };
@@ -114,7 +126,9 @@
retval = rename (old, new);
if (retval == -1 && errno == EXDEV) {
retval = crappy_rename (old, new);
- unlink (old);
+
+ if (retval)
+ unlink (old);
}
if (retval)
@@ -143,69 +157,6 @@
}
/*
- * Open file, write it's contents to a temp file and filter based on the match_cb,
- * and then replace file with the temp file. The match_cb should return
- * TRUE if the line should be written to the new file and FALSE otherwise.
- */
-static gboolean filter_file (const char *file, const char *template,
- LineMatchFunc match_func, void *data)
-{
- FILE *old, *new;
- gchar *tmp_name;
- int new_fd, old_fd;
- char buff[BUFF_SIZE];
-
- old_fd = open (file, O_RDONLY | O_NOFOLLOW);
- if (old_fd == -1) {
- g_printerr (_("Failed to open %s: %s\n"), file, strerror (errno));
- return FALSE;
- }
-
- if (flock (old_fd, LOCK_EX)) {
- g_printerr (_("flock: %s\n"), strerror (errno));
- close (old_fd);
- return FALSE;
- }
-
- old = fdopen (old_fd, "r");
- if (!old) {
- g_printerr (_("Failed to open %s: %s\n"), file, strerror (errno));
- close (old_fd);
- return FALSE;
- }
-
- new_fd = g_file_open_tmp (template, &tmp_name, NULL);
- if (new_fd == -1) {
- g_printerr (_("Failed to create temp file\n"));
- fclose (old);
- return FALSE;
- }
-
- new = fdopen (new_fd, "a+");
- if (!new) {
- g_free (tmp_name);
- fclose (old);
- return FALSE;
- }
-
- buff[BUFF_SIZE - 1] = '\0';
- while (fgets (buff, BUFF_SIZE, old)) {
- if (match_func (buff, data))
- fprintf (new, buff);
- }
-
- fclose (new);
- fflush (old);
-
- if (!rename_file (tmp_name, file))
- fprintf (stderr, "Failed to update %s\n", file);
-
- fclose (old);
- g_free (tmp_name);
- return TRUE;
-}
-
-/*
* Create a new loop device. The device string must be freed by
* the caller.
*/
@@ -255,8 +206,7 @@
continue;
/* This fails with errno set to ENXIO if the device isn't used */
- if (ioctl (fd, LOOP_GET_STATUS, &loopinfo) == -1 &&
- errno == ENXIO) {
+ if (ioctl (fd, LOOP_GET_STATUS, &loopinfo) == -1 && errno == ENXIO) {
close (fd);
*device = g_strdup_printf ("/dev/loop%d", i);
return TRUE;
@@ -324,7 +274,7 @@
*size = len;
for (i = 0; i < len && list; i++) {
- ret[i] = g_build_filename (PAM_SERVICES_DIR, list[i], NULL);
+ ret[i] = g_strdup (list[i]);
}
g_strfreev (list);
@@ -363,7 +313,7 @@
*size = len;
for (i = 0; i < len && list; i++) {
- ret[i] = g_build_filename (PAM_SERVICES_DIR, list[i], NULL);
+ ret[i] = g_strdup (list[i]);
}
g_strfreev (list);
@@ -372,276 +322,118 @@
}
/*
- * Add pam_cryptpass to the passwd service stack
- */
-static gboolean modify_pam_passwd_stacks (void)
-{
- int i;
- gchar **list;
- gsize size;
-
- list = get_pam_passwd_services (&size);
- if (!list) {
- g_printerr (_("Failed to get passwd services list\n"));
- return FALSE;
- }
-
- for (i = 0; i < size; i++) {
- FILE *fp;
- int fd;
- char buff[BUFF_SIZE];
-
- if (!list[i])
- break;
-
- if (!g_file_test (list[i], G_FILE_TEST_EXISTS))
- continue;
-
- fd = open (list[i], O_RDWR | O_APPEND);
- if (fd == -1) {
- g_printerr (_("open: %s\n"), strerror (errno));
- return FALSE;
- }
-
- if (flock (fd, LOCK_EX)) {
- g_printerr (_("flock: %s\n"), strerror (errno));
- close (fd);
- return FALSE;
- }
-
- fp = fdopen (fd, "a+");
- if (!fp) {
- g_printerr (_("Failed to open pam"));
- close (fd);
- return FALSE;
- }
-
- while (fgets (buff, BUFF_SIZE, fp)) {
- if (buff[0] != '#' && strstr (buff, "pam_cryptpass.so")) {
- fclose (fp);
- return TRUE;
- }
- }
-
- fprintf (fp, "password optional\tpam_cryptpass.so use_first_pass\n");
- fclose (fp);
- }
-
- return TRUE;
-}
-
-/*
- * The match_cb for removing cryptpass entries.
- */
-static gboolean restore_pam_passwd_stacks_cb (char *line, void *data)
-{
- return strstr (line, "pam_cryptpass.so") ? FALSE : TRUE;
-}
-
-/*
- * Remove pam_cryptpass from the passwd service stack
+ * Run pam-config to add/remove pam_mount to/from the service configs.
*/
-static gboolean restore_pam_passwd_stacks (void)
+static gboolean run_pam_config (PamConfigType type, PamConfigOp op)
{
- int i;
+ char *flags[] = { "--mount", "--cryptpass", "--cryptpass-password" };
+ char *operation = op == PAM_CONFIG_OP_ADD ? "-a" : "-d";
gboolean ret = TRUE;
gchar **list;
gsize size;
+ int i, j;
- list = get_pam_passwd_services (&size);
- if (!list) {
- g_printerr (_("Failed to get passwd services list\n"));
- return FALSE;
- }
-
- for (i = 0; i < size; i++) {
- if (g_file_test (list[i], G_FILE_TEST_EXISTS) &&
- !filter_file (list[i], "passwd-XXXXXX",
- restore_pam_passwd_stacks_cb, NULL)) {
- ret = FALSE;
- }
- }
-
- return ret;
-}
-
-/*
- * Enable pam_mount in each of pam service configs.
- */
-static gboolean modify_pam_session_stacks (void)
-{
- gchar **list = NULL;
- gboolean ret = TRUE;
- gsize size;
- int i;
-
- list = get_pam_services (&size);
+ list = type == PAM_CONFIG_TYPE_CRYPTPASS_PASSWD ?
+ get_pam_passwd_services (&size) : get_pam_services (&size);
+
if (!list) {
g_printerr (_("Failed to get pam services list\n"));
return FALSE;
}
-
+
for (i = 0; i < size; i++) {
- FILE *config;
- int n, fd, found = 0;
- char buff[BUFF_SIZE];
-
+ char *argv[] = { PAMCONFIG_BIN_PATH, "--service", list[i], operation, flags[type], NULL };
+ GError *err = NULL;
+ gint status;
+ gchar *fn;
+ gboolean r;
+
if (!list[i])
break;
-
- if (!g_file_test (list[i], G_FILE_TEST_EXISTS))
- continue;
- fd = open (list[i], O_RDWR | O_APPEND);
- if (fd == -1) {
- continue;
- }
-
- if (flock (fd, LOCK_EX)) {
- g_printerr ("flock: %s\n", strerror (errno));
- close (fd);
- continue;
- }
-
- config = fdopen (fd, "a+");
- if (!config) {
- g_printerr ("fdopen: %s\n", strerror (errno));
- close (fd);
+ fn = g_build_filename (PAM_SERVICES_DIR, list[i], NULL);
+ r = g_file_test (fn, G_FILE_TEST_EXISTS);
+ g_free (fn);
+ if (!r)
continue;
- }
- buff[BUFF_SIZE - 1] = '\0';
- while (fgets (buff, BUFF_SIZE, config)) {
- if (strstr (buff, "pam_mount.so")) {
- found = 1;
- break;
- }
- }
-
- if (found) {
- fclose (config);
+ if (!g_spawn_sync (NULL, argv, NULL,
+ G_SPAWN_STDOUT_TO_DEV_NULL,
+ NULL, NULL, NULL, NULL, &status, &err)) {
+ g_printerr ("Failed to execute %s: %s\n", PAMCONFIG_BIN_PATH, err->message);
+ g_error_free (err);
continue;
}
-
- n = fprintf (config, "auth optional pam_mount.so use_first_pass\n"
- "session optional pam_cryptpass.so\n"
- "session required pam_mount.so\n");
- if (n < 1)
+
+ if (WEXITSTATUS (status)) {
+ g_printerr ("Failed to modify %s\n", list[i]);
ret = FALSE;
-
- fclose (config);
+ }
}
g_strfreev (list);
- return ret ? modify_pam_passwd_stacks () : FALSE;
+ return ret;
}
/*
- * Parse the pam_mount config to see if pam_mount is setup.
+ * Return TRUE is user has an entry in pam_mount.conf. The image and key
+ * arguments should be freed by the caller if the function returns true.
*/
-static gboolean pam_mount_is_setup (void)
+gboolean pam_mount_is_setup_for_user (const char *user, char **image, char **key)
{
- FILE *fs;
- char line[BUFF_SIZE];
+ xmlDocPtr doc;
+ xmlNodePtr root_node, node;
+ int ret = FALSE;
- fs = fopen (PAM_MOUNT_CONF, "r");
- if (!fs)
+ doc = xmlParseFile (PAM_MOUNT_CONF);
+ if (!doc) {
+ g_printerr ("Failed to read %s\n", PAM_MOUNT_CONF);
return FALSE;
-
- while (fgets (line, BUFF_SIZE, fs)) {
- if (line[0] != '#' && strstr (line, "volume") &&
- strstr (line, "crypt") && strstr (line, ".key")) {
- fclose (fs);
- return TRUE;
- }
}
-
- fclose (fs);
- return FALSE;
-}
-
-/*
- * Return TRUE is user has an entry in pam_mount.conf
- */
-gboolean pam_mount_is_setup_for_user (const char *user, char **image, char **key)
-{
- FILE *fs;
- char line[BUFF_SIZE];
- char needle[BUFF_SIZE];
- fs = fopen (PAM_MOUNT_CONF, "r");
- if (!fs)
+ root_node = xmlDocGetRootElement (doc);
+ if (!root_node) {
+ g_printerr ("Failed to get root element from %s\n", PAM_MOUNT_CONF);
return FALSE;
-
- needle[BUFF_SIZE - 1] = '\0';
- snprintf (needle, BUFF_SIZE - 1, "volume %s crypt", user);
+ }
+
+ for (node = root_node->children; node; node = node->next) {
+ xmlChar *fstype, *usr, *fskeypath, *path;
- while (fgets (line, BUFF_SIZE, fs)) {
- if (line[0] != '#' && strstr (line, needle)) {
- int n = 0;
- gchar **fields = g_strsplit (line, " ", 0);
-
- fclose (fs);
- for (; fields[n]; n++);
+ if (node->type != XML_ELEMENT_NODE)
+ continue;
- if (n < 9) {
- g_strfreev (fields);
- g_printerr ("invalid line in " PAM_MOUNT_CONF "\n");
- return FALSE;
- }
+ if (xmlStrcasecmp ((xmlChar *) "volume", node->name))
+ continue;
+ fstype = xmlGetProp (node, (xmlChar *) "fstype");
+ usr = xmlGetProp (node, (xmlChar *) "user");
+ path = xmlGetProp (node, (xmlChar *) "path");
+ fskeypath = xmlGetProp (node, (xmlChar *) "fskeypath");
+
+ if (fstype && usr && path && fskeypath &&
+ !xmlStrcasecmp ((xmlChar *) fstype, (xmlChar *) "crypt") &&
+ !xmlStrcasecmp (usr, (xmlChar *) user)) {
if (image)
- *image = g_strdup (fields[4]);
-
+ *image = g_strchomp (strdup ((char *) path));
+
if (key)
- *key = g_strchomp (g_strdup (fields[8]));
+ *key = g_strchomp (strdup ((char *) fskeypath));
- g_strfreev (fields);
- return TRUE;
+ ret = TRUE;
}
- }
-
- fclose (fs);
- return FALSE;
-}
-/*
- * The match_cb for removing pam_mount.so entries.
- */
-static gboolean restore_pam_session_stacks_cb (char *line, void *data)
-{
- return strstr (line, "pam_mount.so") ||
- strstr (line, "pam_cryptpass.so") ? FALSE : TRUE;
-}
+ xmlFree (fstype);
+ xmlFree (usr);
+ xmlFree (path);
+ xmlFree (fskeypath);
-/*
- * Remove pam_mount from our pam service configs.
- */
-static gboolean restore_pam_session_stacks (void)
-{
- gchar **list;
- gsize size;
- int i;
-
- list = get_pam_services (&size);
- if (!list) {
- g_printerr (_("Failed to get pam services list\n"));
- return FALSE;
- }
-
- for (i = 0; i < size; i++) {
- if (!list[i])
+ if (ret)
break;
-
- if (g_file_test (list[i], G_FILE_TEST_EXISTS) &&
- !filter_file (list[i], "pam-service-XXXXXX",
- restore_pam_session_stacks_cb, NULL)) {
- g_printerr (_("Failed to replace %s\n"), list[i]);
- }
}
- g_strfreev (list);
- return restore_pam_passwd_stacks ();
+ xmlFreeDoc (doc);
+ return ret;
}
/*
@@ -1077,7 +869,7 @@
{
int loop_fd = open (loop_device, O_RDONLY);
if (loop_fd == -1) {
- perror ("read");
+ perror ("open");
return FALSE;
}
@@ -1098,7 +890,7 @@
guint64 bytes = size_in_mb * 1048576;
int fd = open (image, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW | O_LARGEFILE, 0600);
if (fd == -1) {
- g_printerr ("open: %s\n", strerror (errno));
+ perror ("open");
return FALSE;
}
@@ -1108,7 +900,7 @@
}
if (write (fd, "\0", 1) == -1) {
- g_printerr ("write: %s\n", strerror (errno));
+ perror ("write");
close (fd);
return FALSE;
}
@@ -1129,7 +921,7 @@
fd = open (image, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW | O_LARGEFILE, 0600);
if (fd == -1) {
- g_printerr ("open: %s\n", strerror (errno));
+ perror ("open");
return FALSE;
}
@@ -1290,41 +1082,140 @@
return free_space > *home_size ? TRUE : FALSE;
}
+/*
+ * Write our changes to a temp file and, if everything went ok,
+ * overwrite the pam_mount conf.
+ */
+static int write_xml_config (xmlDocPtr doc)
+{
+ gchar *tmp_name;
+ int ret;
+
+ int fd = g_file_open_tmp ("pam-mount-conf-XXXXXX", &tmp_name, NULL);
+ if (fd == -1) {
+ g_printerr (_("Failed to create temp file\n"));
+ return -1;
+ }
+
+ ret = xmlSaveFormatFileEnc (tmp_name, doc, "UTF-8", 1);
+ if (ret != -1)
+ ret = rename_file (tmp_name, PAM_MOUNT_CONF) == TRUE ? 0 : -1;
+
+ close (fd);
+ return ret;
+}
+
+/*
+ * Remove the crypt home directory entries for user in
+ * the pam_mount conf file. If user is NULL then we
+ * remove all encrypted home entries.
+ */
+gboolean disable_pam_mount (const char *user)
+{
+ xmlDocPtr doc;
+ xmlNodePtr root_node, node;
+ struct passwd *pent;
+ int ok;
+
+ if (user) {
+ pent = getpwnam (user);
+ if (!pent) {
+ g_printerr (_("Failed to lookup user %s\n"), user);
+ return FALSE;
+ }
+ }
+
+ doc = xmlParseFile (PAM_MOUNT_CONF);
+ if (!doc) {
+ g_printerr ("Failed to read %s\n", PAM_MOUNT_CONF);
+ return FALSE;
+ }
+
+ root_node = xmlDocGetRootElement (doc);
+ if (!root_node) {
+ g_printerr ("Failed to get root element from %s\n", PAM_MOUNT_CONF);
+ return FALSE;
+ }
+
+ node = root_node->children;
+ while (node) {
+ xmlChar *u, *t;
+ gboolean remove_node = FALSE;
+
+ if (node->type != XML_ELEMENT_NODE ||
+ xmlStrcasecmp ((xmlChar *) "volume", node->name)) {
+ node = node->next;
+ continue;
+ }
+
+ u = xmlGetProp (node, (xmlChar *) "user");
+ t = xmlGetProp (node, (xmlChar *) "fstype");
+ if (!u || !t || !xmlHasProp (node, (xmlChar *) "fskeypath") ||
+ xmlStrcasecmp ((xmlChar *) "crypt", t)) {
+ xmlFree (u);
+ xmlFree (t);
+ node = node->next;
+ continue;
+ }
+
+ if (!user || (user && !xmlStrcasecmp ((xmlChar *) user, u)))
+ remove_node = TRUE;
+
+ xmlFree (u);
+ xmlFree (t);
+
+ if (remove_node) {
+ xmlUnlinkNode (node);
+ xmlFreeNode (node);
+ }
+
+ node = node->next;
+ }
+
+ ok = write_xml_config (doc);
+ xmlFreeDoc (doc);
+
+ if (ok == -1)
+ return FALSE;
+ else
+ return run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS_PASSWD, PAM_CONFIG_OP_REMOVE) &&
+ run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS, PAM_CONFIG_OP_REMOVE) &&
+ run_pam_config (PAM_CONFIG_TYPE_MOUNT, PAM_CONFIG_OP_REMOVE);
+}
+
/*
* Add an entry to the pam_mount conf to enable mounting of encrypted home
* dirs during login.
*/
-gboolean enable_pam_mount (const char *user, const char *image_file, const char *key_file)
+gboolean enable_pam_mount (const char *user, const char *image, const char *key_file)
{
- struct passwd *pent;
- FILE *fs;
+ struct passwd *ent;
const char *up;
- int n, fd;
- char haystack[BUFF_SIZE];
- char needle[BUFF_SIZE];
+ char *curr_image, *curr_key;
+ xmlDocPtr doc;
+ xmlNodePtr root_node, node;
+ int ok;
char esc_user[BUFF_SIZE];
-
- if (!g_file_test (image_file, G_FILE_TEST_EXISTS) ||
+
+ if (!g_file_test (image, G_FILE_TEST_EXISTS) ||
!g_file_test (key_file, G_FILE_TEST_EXISTS)) {
g_printerr ("access: %s\n", strerror (errno));
return FALSE;
}
- pent = getpwnam (user);
- if (!pent) {
- g_printerr (_("Failed to lookup user %s\n"), user);
+ ent = getpwnam (user);
+ if (!ent) {
+ fprintf (stderr, "Failed to lookup user '%s'\n", user);
return FALSE;
}
- needle[BUFF_SIZE - 1] = '\0';
- haystack[BUFF_SIZE - 1] = '\0';
up = user;
/* escaping '\' for AD users is required by pam_mount */
if (strchr (user, '\\')) {
int ui = 0, ei = 0;
- for (;user[ui] != '\0'; ui++, ei++) {
+ for (; user[ui] != '\0'; ui++, ei++) {
if (user[ui] == '\\') {
esc_user[ei] = '\\';
ei++;
@@ -1336,102 +1227,54 @@
up = esc_user;
}
- n = snprintf (needle, BUFF_SIZE - 1,
- "volume %s crypt - %s %s loop aes-256-cbc %s",
- up, image_file, pent->pw_dir, key_file);
- if (n == -1)
- return FALSE;
-
- fd = open (PAM_MOUNT_CONF, O_RDWR | O_APPEND);
- if (!fd) {
- g_printerr ("open: %s\n", strerror (errno));
- return FALSE;
- }
-
- if (flock (fd, LOCK_EX)) {
- g_printerr ("flock: %s\n", strerror (errno));
- close (fd);
- return FALSE;
- }
-
- fs = fdopen (fd, "a+");
- if (!fs) {
- g_printerr ("fdopen: %s\n", strerror (errno));
- close (fd);
- return FALSE;
- }
-
- while (fgets (haystack, BUFF_SIZE, fs)) {
- if (strstr (haystack, needle)) {
- fclose (fs);
+ /* see if we're already setup for this {user, image, key} */
+ if (pam_mount_is_setup_for_user (up, &curr_image, &curr_key)) {
+ if (!strcmp (image, curr_image) && !strcmp (key_file, curr_key)) {
+ g_free (curr_image);
+ g_free (curr_key);
return TRUE;
+ } else {
+ g_free (curr_image);
+ g_free (curr_key);
+
+ /* The current entry is different. Replace it */
+ if (!disable_pam_mount (up)) {
+ g_printerr ("Failed to change pam_mount entry for %s\n", up);
+ return FALSE;
+ }
}
}
- n = fprintf (fs, "%s\n", needle);
- fclose (fs);
-
- if (n > 0)
- return modify_pam_session_stacks ();
- else
+ doc = xmlParseFile (PAM_MOUNT_CONF);
+ if (!doc) {
+ g_printerr ("Failed to read %s\n", PAM_MOUNT_CONF);
return FALSE;
-}
-
-/*
- * The match_cb for pam_mount.conf entries.
- */
-static gboolean disable_pam_mount_cb (char *line, void *data)
-{
- return line[0] != '#' && strstr (line, data) ? FALSE : TRUE;
-}
-
-/*
- * Remove any crypt home directory entries in the
- * pam_mount conf file.
- */
-gboolean disable_pam_mount (const char *user)
-{
- struct passwd *pent;
- gboolean ret;
- char needle[BUFF_SIZE];
+ }
- pent = getpwnam (user);
- if (!pent) {
- g_printerr (_("Failed to lookup user %s\n"), user);
+ root_node = xmlDocGetRootElement (doc);
+ if (!root_node) {
+ g_printerr ("Failed to get root element from %s\n", PAM_MOUNT_CONF);
return FALSE;
}
- needle[BUFF_SIZE - 1] = '\0';
- snprintf (needle, BUFF_SIZE - 1, "volume %s crypt", user);
-
- ret = filter_file (PAM_MOUNT_CONF, "pam-mount-conf-XXXXXX",
- disable_pam_mount_cb, needle);
- if (ret && !pam_mount_is_setup ())
- return restore_pam_session_stacks ();
- else
- return ret;
-}
+ node = xmlNewChild (root_node, NULL, (xmlChar *) "volume", NULL);
+ xmlNewProp (node, (xmlChar *) "fstype", (xmlChar *) "crypt");
+ xmlNewProp (node, (xmlChar *) "user", (xmlChar *) up);
+ xmlNewProp (node, (xmlChar *) "path", (xmlChar *) image);
+ xmlNewProp (node, (xmlChar *) "fskeypath", (xmlChar *) key_file);
+ xmlNewProp (node, (xmlChar *) "fskeycipher", (xmlChar *) "aes-256-cbc");
+ xmlNewProp (node, (xmlChar *) "options", (xmlChar *) "loop");
+ xmlNewProp (node, (xmlChar *) "mountpoint", (xmlChar *) ent->pw_dir);
+ xmlAddChild (root_node, node);
+ ok = write_xml_config (doc);
+ xmlFreeDoc (doc);
-/*
- * The match_cb for any pam_mount.conf line.
- */
-static gboolean disable_pam_mount_all_cb (char *line, void *data)
-{
- return line[0] != '#' && !strncmp (line, "volume", 6) &&
- strstr (line, "crypt") && strstr (line, ".key") ? FALSE : TRUE;
-}
-
-/*
- * Remove all entries from pam_mount.conf.
- */
-gboolean disable_pam_mount_all (void)
-{
- if (filter_file (PAM_MOUNT_CONF, "pam-mount-conf-XXXXXX",
- disable_pam_mount_all_cb, NULL)) {
- return restore_pam_session_stacks ();
- } else {
+ if (ok == -1)
return FALSE;
- }
+ else
+ return run_pam_config (PAM_CONFIG_TYPE_MOUNT, PAM_CONFIG_OP_ADD) &&
+ run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS, PAM_CONFIG_OP_ADD) &&
+ run_pam_config (PAM_CONFIG_TYPE_CRYPTPASS_PASSWD, PAM_CONFIG_OP_ADD);
}
/*
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/Makefile.am new/cryptconfig-0.2/src/Makefile.am
--- old/cryptconfig-0.1.0/src/Makefile.am 2007-07-06 23:13:43.000000000 +0200
+++ new/cryptconfig-0.2/src/Makefile.am 2007-11-06 22:54:11.000000000 +0100
@@ -5,12 +5,13 @@
PROG_CFLAGS = -DDU_BIN_PATH=\"$(DU_BIN_PATH)\" \
-DMKFS_BIN_PATH=\"$(MKFS_BIN_PATH)\" \
-DCRYPTSETUP_BIN_PATH=\"$(CRYPTSETUP_BIN_PATH)\" \
+ -DPAMCONFIG_BIN_PATH=\"$(PAMCONFIG_BIN_PATH)\" \
-DSYSCONFDIR=\"$(sysconfdir)\"
sbin_PROGRAMS = cryptconfig
cryptconfig_SOURCES = cryptconfig.c cryptconfig.h cryptconfig-lib.c
-cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto`
-cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS)
+cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto` $(LIBXML_LIBS)
+cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) $(LIBXML_CFLAGS)
moduledir = @PAM_MODDIR@
module_LTLIBRARIES = pam_cryptpass.la
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptconfig-0.1.0/src/Makefile.in new/cryptconfig-0.2/src/Makefile.in
--- old/cryptconfig-0.1.0/src/Makefile.in 2007-11-02 17:15:55.000000000 +0100
+++ new/cryptconfig-0.2/src/Makefile.in 2007-11-07 18:54:07.000000000 +0100
@@ -161,6 +161,8 @@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_LIBS = @LIBXML_LIBS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
@@ -176,6 +178,7 @@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
+PAMCONFIG_BIN_PATH = @PAMCONFIG_BIN_PATH@
PAM_MODDIR = @PAM_MODDIR@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
@@ -250,11 +253,12 @@
PROG_CFLAGS = -DDU_BIN_PATH=\"$(DU_BIN_PATH)\" \
-DMKFS_BIN_PATH=\"$(MKFS_BIN_PATH)\" \
-DCRYPTSETUP_BIN_PATH=\"$(CRYPTSETUP_BIN_PATH)\" \
+ -DPAMCONFIG_BIN_PATH=\"$(PAMCONFIG_BIN_PATH)\" \
-DSYSCONFDIR=\"$(sysconfdir)\"
cryptconfig_SOURCES = cryptconfig.c cryptconfig.h cryptconfig-lib.c
-cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto`
-cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS)
+cryptconfig_LDFLAGS = $(GLIB_LIBS) `pkg-config --libs libcrypto` $(LIBXML_LIBS)
+cryptconfig_CFLAGS = $(AM_CFLAGS) $(WARNING_FLAGS) $(PROG_CFLAGS) $(GLIB_CFLAGS) $(LIBXML_CFLAGS)
moduledir = @PAM_MODDIR@
module_LTLIBRARIES = pam_cryptpass.la
pam_cryptpass_la_SOURCES = cryptconfig.h cryptconfig-lib.c pam_cryptpass.c
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org