pam_ext

OBS-URL: https://build.opensuse.org/package/show/security/ecryptfs-utils?expand=0&rev=35
2012-06-21 15:54:40 +00:00 · 2012-06-21 15:54:40 +00:00 · 0300f80457
commit 0300f80457
parent d76124b461
1 changed files with 27 additions and 11 deletions
--- a/ecryptfs-utils.security.patch
+++ b/ecryptfs-utils.security.patch
@ -2,7 +2,7 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 ===================================================================
 --- ecryptfs-utils-96.orig/src/pam_ecryptfs/pam_ecryptfs.c
 +++ ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
-@@ -37,6 +37,8 @@
+@@ -37,8 +37,11 @@
 #include <sys/wait.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@ -10,8 +10,11 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 +#include <grp.h>
 #include <fcntl.h>
 #include <security/pam_modules.h>
+#include <security/pam_ext.h>
 #include "../include/ecryptfs.h"
-@@ -119,7 +120,8 @@ static int wrap_passphrase_if_necessary(
+ 
+ #define PRIVATE_DIR "Private"
+@@ -119,9 +122,9 @@ static int wrap_passphrase_if_necessary(
 PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
 				   const char **argv)
 {
@ -19,9 +22,11 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 +	uid_t uid = 0, oeuid = 0;
 +	gid_t gid = 0, oegid = 0;
 	char *homedir = NULL;
- 	uid_t saved_uid = 0;
+-	uid_t saved_uid = 0;
 	const char *username;
-@@ -139,12 +141,24 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	char *passphrase = NULL;
+ 	char salt[ECRYPTFS_SALT_SIZE];
+@@ -139,12 +142,24 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 		pwd = getpwnam(username);
 		if (pwd) {
 			uid = pwd->pw_uid;
@ -46,7 +51,7 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 	if (!file_exists_dotecryptfs(homedir, "auto-mount"))
 		goto out;
 	private_mnt = ecryptfs_fetch_private_mnt(homedir);
-@@ -158,13 +172,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -158,13 +173,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 	   load ecryptfs module if not loaded already */
 	if (ecryptfs_get_version(&version) != 0)
 		syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n");
@ -60,7 +65,7 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 	if (rc != PAM_SUCCESS) {
 		syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n",
 		       rc);
-@@ -182,7 +193,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -182,7 +194,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 	} else
 		from_hex(salt, salt_hex, ECRYPTFS_SALT_SIZE);
 	if ((child_pid = fork()) == 0) {
@ -73,7 +78,7 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 		if (passphrase == NULL) {
 			syslog(LOG_ERR, "pam_ecryptfs: NULL passphrase; aborting\n");
 			rc = -EINVAL;
-@@ -240,6 +255,11 @@ out_child:
+@@ -240,6 +256,11 @@ out_child:
 	if (tmp_pid == -1)
 		syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n");
 out:
@ -85,7 +90,7 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 	if (private_mnt != NULL)
 		free(private_mnt);
 	return PAM_SUCCESS;
-@@ -338,8 +358,12 @@ static int private_dir(pam_handle_t *pam
+@@ -338,8 +359,12 @@ static int private_dir(pam_handle_t *pam
 				syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount");
 				return 0;
 			}
@ -99,7 +104,7 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 			execl("/sbin/mount.ecryptfs_private",
 			      "mount.ecryptfs_private", NULL);
 		} else {
-@@ -348,8 +372,12 @@ static int private_dir(pam_handle_t *pam
+@@ -348,8 +373,12 @@ static int private_dir(pam_handle_t *pam
 				syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount");
 				return 0;
 			}
@ -113,7 +118,7 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 			execl("/sbin/umount.ecryptfs_private",
  			      "umount.ecryptfs_private", NULL);
 		}
-@@ -391,7 +419,8 @@ pam_sm_close_session(pam_handle_t *pamh,
+@@ -391,9 +420,9 @@ pam_sm_close_session(pam_handle_t *pamh,
 PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
                                 int argc, const char **argv)
 {
@ -121,8 +126,10 @@ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
 +	uid_t uid = 0, oeuid = 0;
 +	gid_t gid = 0, oegid = 0;
 	char *homedir = NULL;
- 	uid_t saved_uid = 0;
+-	uid_t saved_uid = 0;
 	const char *username;
+ 	char *old_passphrase = NULL;
+ 	char *new_passphrase = NULL;
@@ -411,6 +440,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
 		pwd = getpwnam(username);
 		if (pwd) {
@ -206,6 +213,15 @@ Index: ecryptfs-utils-96/src/utils/mount.ecryptfs_private.c
 ===================================================================
 --- ecryptfs-utils-96.orig/src/utils/mount.ecryptfs_private.c
 +++ ecryptfs-utils-96/src/utils/mount.ecryptfs_private.c
+@@ -302,7 +302,7 @@ int update_mtab(char *dev, char *mnt, ch
+ 		goto fail_early;
+ 	}
+ 
+-	while (old_ent = getmntent(old_mtab)) {
+	while ((old_ent = getmntent(old_mtab))) {
+ 		if (addmntent(new_mtab, old_ent) != 0) {
+ 			perror("addmntent");
+ 			goto fail;
@@ -535,6 +535,11 @@ int main(int argc, char *argv[]) {
 		exit(1);
 	}