From 2cf9103145ceae1cd86e7379f0667b6f94f20cc22966573d0fd7aee9ec2aaf5b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 21 Jun 2012 15:31:34 +0000 Subject: [PATCH] sys/fsuid.h OBS-URL: https://build.opensuse.org/package/show/security/ecryptfs-utils?expand=0&rev=33 --- ecryptfs-utils.security.patch | 56 +++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/ecryptfs-utils.security.patch b/ecryptfs-utils.security.patch index 7a1a145..c876726 100644 --- a/ecryptfs-utils.security.patch +++ b/ecryptfs-utils.security.patch @@ -1,7 +1,16 @@ -diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ---- ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c 2011-12-14 00:01:38.000000000 +0100 -+++ ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c 2012-06-20 14:18:22.124559899 +0200 -@@ -119,7 +119,8 @@ +Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c +=================================================================== +--- ecryptfs-utils-96.orig/src/pam_ecryptfs/pam_ecryptfs.c ++++ ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + #include + #include + #include "../include/ecryptfs.h" +@@ -119,7 +120,8 @@ static int wrap_passphrase_if_necessary( PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -11,7 +20,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// char *homedir = NULL; uid_t saved_uid = 0; const char *username; -@@ -139,12 +140,24 @@ +@@ -139,12 +141,24 @@ PAM_EXTERN int pam_sm_authenticate(pam_h pwd = getpwnam(username); if (pwd) { uid = pwd->pw_uid; @@ -36,7 +45,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// if (!file_exists_dotecryptfs(homedir, "auto-mount")) goto out; private_mnt = ecryptfs_fetch_private_mnt(homedir); -@@ -158,13 +171,10 @@ +@@ -158,13 +172,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h load ecryptfs module if not loaded already */ if (ecryptfs_get_version(&version) != 0) syslog(LOG_WARNING, "pam_ecryptfs: Can't check if kernel supports ecryptfs\n"); @@ -50,7 +59,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// if (rc != PAM_SUCCESS) { syslog(LOG_ERR, "pam_ecryptfs: Error retrieving passphrase; rc = [%ld]\n", rc); -@@ -182,7 +192,11 @@ +@@ -182,7 +193,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_h } else from_hex(salt, salt_hex, ECRYPTFS_SALT_SIZE); if ((child_pid = fork()) == 0) { @@ -63,7 +72,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// if (passphrase == NULL) { syslog(LOG_ERR, "pam_ecryptfs: NULL passphrase; aborting\n"); rc = -EINVAL; -@@ -240,6 +254,11 @@ +@@ -240,6 +255,11 @@ out_child: if (tmp_pid == -1) syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n"); out: @@ -75,7 +84,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// if (private_mnt != NULL) free(private_mnt); return PAM_SUCCESS; -@@ -338,8 +357,12 @@ +@@ -338,8 +358,12 @@ static int private_dir(pam_handle_t *pam syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs mount"); return 0; } @@ -89,7 +98,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// execl("/sbin/mount.ecryptfs_private", "mount.ecryptfs_private", NULL); } else { -@@ -348,8 +371,12 @@ +@@ -348,8 +372,12 @@ static int private_dir(pam_handle_t *pam syslog(LOG_DEBUG, "pam_ecryptfs: Skipping automatic eCryptfs unmount"); return 0; } @@ -103,7 +112,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// execl("/sbin/umount.ecryptfs_private", "umount.ecryptfs_private", NULL); } -@@ -391,7 +418,8 @@ +@@ -391,7 +419,8 @@ pam_sm_close_session(pam_handle_t *pamh, PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) { @@ -113,7 +122,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// char *homedir = NULL; uid_t saved_uid = 0; const char *username; -@@ -411,6 +439,7 @@ +@@ -411,6 +440,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand pwd = getpwnam(username); if (pwd) { uid = pwd->pw_uid; @@ -121,7 +130,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// homedir = pwd->pw_dir; name = pwd->pw_name; } -@@ -418,13 +447,21 @@ +@@ -418,13 +448,21 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n", username, rc); goto out; } @@ -146,7 +155,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// goto out; } /* On the first pass, do nothing except check that we have a password */ -@@ -434,14 +471,12 @@ +@@ -434,14 +472,12 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved a NULL passphrase; nothing to do\n"); rc = PAM_AUTHTOK_RECOVER_ERR; } @@ -161,7 +170,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// goto out; } if ((rc = asprintf(&wrapped_pw_filename, "%s/.ecryptfs/%s", homedir, -@@ -462,7 +497,6 @@ +@@ -462,7 +498,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand goto out; } @@ -169,7 +178,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// if (!old_passphrase || !new_passphrase || *new_passphrase == '\0') { syslog(LOG_WARNING, "pam_ecryptfs: PAM passphrase change module retrieved at least one NULL passphrase; nothing to do\n"); rc = PAM_AUTHTOK_RECOVER_ERR; -@@ -472,7 +506,10 @@ +@@ -472,7 +507,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand if ((child_pid = fork()) == 0) { char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH + 1]; @@ -181,7 +190,7 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// if ((rc = ecryptfs_unwrap_passphrase(passphrase, wrapped_pw_filename, old_passphrase, salt))) { -@@ -492,5 +529,10 @@ +@@ -492,5 +530,10 @@ out_child: syslog(LOG_WARNING, "pam_ecryptfs: waitpid() returned with error condition\n"); free(wrapped_pw_filename); out: @@ -192,10 +201,11 @@ diff -ruN ecryptfs-utils-96//src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-96// +outnouid: return rc; } -diff -ruN ecryptfs-utils-96//src/utils/mount.ecryptfs_private.c ecryptfs-utils-96//src/utils/mount.ecryptfs_private.c ---- ecryptfs-utils-96//src/utils/mount.ecryptfs_private.c 2011-12-14 19:59:24.000000000 +0100 -+++ ecryptfs-utils-96//src/utils/mount.ecryptfs_private.c 2012-06-20 14:34:54.694561382 +0200 -@@ -535,6 +535,11 @@ +Index: ecryptfs-utils-96/src/utils/mount.ecryptfs_private.c +=================================================================== +--- ecryptfs-utils-96.orig/src/utils/mount.ecryptfs_private.c ++++ ecryptfs-utils-96/src/utils/mount.ecryptfs_private.c +@@ -535,6 +535,11 @@ int main(int argc, char *argv[]) { exit(1); } @@ -207,7 +217,7 @@ diff -ruN ecryptfs-utils-96//src/utils/mount.ecryptfs_private.c ecryptfs-utils-9 /* Lock the counter through the rest of the program */ fh_counter = lock_counter(pwd->pw_name, uid, alias); if (fh_counter == NULL) { -@@ -627,7 +632,7 @@ +@@ -627,7 +632,7 @@ int main(int argc, char *argv[]) { goto fail; } /* Perform mount */ @@ -216,7 +226,7 @@ diff -ruN ecryptfs-utils-96//src/utils/mount.ecryptfs_private.c ecryptfs-utils-9 if (update_mtab(src, dest, opt) != 0) { goto fail; } -@@ -676,6 +681,7 @@ +@@ -676,6 +681,7 @@ int main(int argc, char *argv[]) { */ setresuid(0,0,0); setresgid(0,0,0);