From c9c211a6088d413efc1a32dce28489a1b1dea304839a503e13276e78a4b91397 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 20 Feb 2009 00:02:26 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_mount?expand=0&rev=27 --- convert_keyhash.pl | 184 ++++++++ convert_pam_mount_conf.pl | 441 ++++++++++++++++++ mount.crypt | 21 + mount.encfs13 | 21 + pam_mount-0.45-umount-home-dir.dif | 25 - pam_mount-0.47-convert-add-logout.dif | 44 -- pam_mount-0.47-fix-decrypt-key.dif | 58 --- pam_mount-0.47-fix-deny_ok.dif | 11 - pam_mount-0.47-fix-logout.dif | 11 - pam_mount-0.47-fix-replace-options.dif | 32 -- ...quired-and-deny-option-for-luserconfig.dif | 18 - pam_mount-0.47-remove-lsof-convert.dif | 14 - pam_mount-0.47.tar.lzma | 3 - pam_mount-1.18-rpmlintrc | 3 + pam_mount-1.18.tar.bz2 | 3 + pam_mount.changes | 12 +- pam_mount.spec | 97 ++-- 17 files changed, 736 insertions(+), 262 deletions(-) create mode 100644 convert_keyhash.pl create mode 100644 convert_pam_mount_conf.pl create mode 100644 mount.crypt create mode 100644 mount.encfs13 delete mode 100644 pam_mount-0.45-umount-home-dir.dif delete mode 100644 pam_mount-0.47-convert-add-logout.dif delete mode 100644 pam_mount-0.47-fix-decrypt-key.dif delete mode 100644 pam_mount-0.47-fix-deny_ok.dif delete mode 100644 pam_mount-0.47-fix-logout.dif delete mode 100644 pam_mount-0.47-fix-replace-options.dif delete mode 100644 pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif delete mode 100644 pam_mount-0.47-remove-lsof-convert.dif delete mode 100644 pam_mount-0.47.tar.lzma create mode 100644 pam_mount-1.18-rpmlintrc create mode 100644 pam_mount-1.18.tar.bz2 diff --git a/convert_keyhash.pl b/convert_keyhash.pl new file mode 100644 index 0000000..b9442d4 --- /dev/null +++ b/convert_keyhash.pl @@ -0,0 +1,184 @@ +#!/usr/bin/perl -w +# +# convert tool for pam_mount.conf.xml +# +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file is under the same license as pam_mount itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# +use Data::Dumper; +use Getopt::Long; +use IO::File; +use XML::Writer; +use XML::Parser; +use File::Temp qw/ tempfile /; +use File::Copy; +use strict; + +my $OLD_CONF = "/etc/security/pam_mount.conf.xml"; +my ($TMPFH, $TEMPNAME) = tempfile("pam_mount_conf.XXXXXXXX", DIR => "/tmp/", UNLINK => 1); +my $BAK = ""; +my $debug = 0; +my $hasChanges = 0; +my $node = {}; +$node->{element} = ""; +$node->{attrs} = {}; +$node->{chars} = ""; +$node->{isEmpty} = 1; + + +Getopt::Long::Configure(qw(bundling)); +GetOptions( + "i=s" => \$OLD_CONF, + "d" => \$debug, +); + +if( ! -e "$OLD_CONF" ) +{ + print STDERR "$OLD_CONF: file not found.\n"; + exit 1; +} + +$BAK = "$OLD_CONF"; +my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); +$mon += 1; +$year += 1900; +$BAK .= ".$year-$mon-$mday"; + + +sub handle_decl_tag +{ + my $wrt = shift; + my( $expat, $version, $encoding, $standalone ) = @_; + + $wrt->xmlDecl($encoding, $standalone); + $wrt->raw("\n\n"); + print "write xmlDecl with $encoding\n" if($debug); +} + +sub handle_start_tag +{ + my $wrt = shift; + my( $expat, $element, %attrs ) = @_; + + if($node->{element} ne "" && !$node->{drop}) + { + # subnode write the old one first + $wrt->startTag($node->{element}, %{$node->{attrs}}); + print "write starttag of $node->{element}\n" if($debug); + if($node->{chars} ne "") + { + $wrt->characters($node->{chars}); + print "write characters\n" if($debug); + } + $wrt->raw("\n"); + $node->{element} = ""; + $node->{attrs} = {}; + $node->{chars} = ""; + $node->{isEmpty} = 1; + } + + if(lc($element) eq "volume" && ! exists $attrs{fskeyhash}) + { + print "!!! set fskeyhash to MD5\n" if($debug); + $attrs{fskeyhash} = "md5"; + $hasChanges = 1; + } + + if(lc($element) eq "volume" || + lc($element) eq "pam_mount" || + lc($element) eq "debug" || + lc($element) eq "luserconf" || + lc($element) eq "mntoptions" || + lc($element) eq "path" || + lc($element) eq "logout" || + lc($element) eq "mkmountpoint" + ) + { + $node->{drop} = 0; + } + else + { + $node->{drop} = 1; + } + + $node->{element} = $element; + $node->{attrs} = \%attrs; + $node->{chars} = ""; + $node->{isEmpty} = 1; +} + +sub handle_char_tag +{ + my $wrt = shift; + my( $expat, $string ) = @_; + + $node->{chars} .= $string; + $node->{isEmpty} = 0; +} + +sub handle_end_tag +{ + my $wrt = shift; + my( $expat, $element ) = @_; + + if(!$node->{drop} && $element eq $node->{element}) + { + if($node->{isEmpty}) + { + $wrt->emptyTag($node->{element}, %{$node->{attrs}}); + $wrt->raw("\n"); + print "write emptytag of $node->{element}\n" if($debug); + } + else + { + $wrt->startTag($node->{element}, %{$node->{attrs}}); + print "write starttag of $node->{element}\n" if($debug); + if($node->{chars} ne "") + { + $wrt->characters($node->{chars}); + print "write characters\n" if($debug); + } + $wrt->endTag($node->{element}); + $wrt->raw("\n"); + print "write endtag of $node->{element}\n" if($debug); + } + } + elsif($element ne $node->{element}) + { + $wrt->endTag($element); + print "write endtag of $element\n" if($debug); + } + $node->{element} = ""; + $node->{attrs} = {}; + $node->{chars} = ""; + $node->{isEmpty} = 1; +} + + +my $writer = new XML::Writer(OUTPUT => $TMPFH, UNSAFE => 1); +my $parser = XML::Parser->new( Handlers => + { XMLDecl => sub { handle_decl_tag($writer, @_) }, + Start => sub { handle_start_tag($writer, @_) }, + Char => sub { handle_char_tag($writer, @_) }, + End => sub { handle_end_tag($writer, @_) }, + }); +$parser->parsefile( $OLD_CONF ); + +$TMPFH->close(); + +if($hasChanges) +{ + print "Changes made. $OLD_CONF => $BAK\n" if($debug); + copy( $OLD_CONF, $BAK ); + print "$TEMPNAME => $OLD_CONF \n" if($debug); + copy( $TEMPNAME, $OLD_CONF ); +} +else +{ + print "No changes made. Keeping $OLD_CONF.\n" if($debug); +} + +exit 0; + diff --git a/convert_pam_mount_conf.pl b/convert_pam_mount_conf.pl new file mode 100644 index 0000000..8d88878 --- /dev/null +++ b/convert_pam_mount_conf.pl @@ -0,0 +1,441 @@ +#!/usr/bin/perl -w +# +# convert tool for pam_mount.conf +# +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file is under the same license as pam_mount itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# +use Data::Dumper; +use Getopt::Long; +use IO::File; +use XML::Writer; +use strict; + +my $OLD_CONF = "-"; +my $NEW_CONF = "-"; +my $debug = 0; + +Getopt::Long::Configure(qw(bundling)); +GetOptions( + "i=s" => \$OLD_CONF, + "o=s" => \$NEW_CONF, + "d" => \$debug, +); + +my %callbacks = ( + "debug" => \&callback_debug, + "logout" => \&callback_logout, + "mkmountpoint" => \&callback_mkmountpoint, + "fsckloop" => \&callback_fsckloop, + "luserconf" => \&callback_luserconf, + "options_allow" => \&callback_options_allow, + "options_deny" => \&callback_options_deny, + "options_require" => \&callback_options_require, + "lsof" => \&callback_lsof, + "fsck" => \&callback_fsck, + "losetup" => \&callback_losetup, + "unlosetup" => \&callback_unlosetup, + "cifsmount" => \&callback_cifsmount, + "smbmount" => \&callback_smbmount, + "ncpmount" => \&callback_ncpmount, + "smbumount" => \&callback_smbumount, + "ncpumount" => \&callback_ncpumount, + "fusemount" => \&callback_fusemount, + "fuseumount" => \&callback_fuseumount, + "umount" => \&callback_umount, + "lclmount" => \&callback_lclmount, + "cryptmount" => \&callback_cryptmount, + "nfsmount" => \&callback_nfsmount, + "mntagain" => \&callback_mntagain, + "mntcheck" => \&callback_mntcheck, + "pmvarrun" => \&callback_pmvarrun, + "volume" => \&callback_volume, +); + +my $output = new IO::File("> $NEW_CONF"); +my $writer = new XML::Writer(OUTPUT => $output, UNSAFE => 1); + +$writer->xmlDecl("UTF-8"); +$writer->startTag("pam_mount"); +$writer->raw("\n\n"); + +sub callback_debug +{ + my @fields = @_; + + $writer->emptyTag("debug", "enable" => $fields[1]); +} + +sub callback_logout +{ + my @fields = @_; + + # we create a default entry here, fields are not evaluated + $writer->emptyTag("logout", "wait" => "2000", "hup" => "0", "term" => "1", "kill" => "1"); +} + +sub callback_mkmountpoint +{ + my @fields = @_; + + $writer->emptyTag("mkmountpoint", "enable" => $fields[1]); +} + +sub callback_fsckloop +{ + my @fields = @_; + + $writer->emptyTag("fsckloop", "device" => $fields[1]); +} + +sub callback_luserconf +{ + my @fields = @_; + + $writer->emptyTag("luserconf", "name" => $fields[1].".xml"); + print STDERR "Please note that you will also probably have to convert", + $fields[1], "\n"; +} + +sub callback_options_allow +{ + my @fields = @_; + + $writer->emptyTag("mntoptions", "allow" => $fields[1]); +} + +sub callback_options_deny +{ + my @fields = @_; + + $writer->emptyTag("mntoptions", "deny" => $fields[1]); +} + +sub callback_options_require +{ + my @fields = @_; + + $writer->emptyTag("mntoptions", "require" => $fields[1]); +} + +sub callback_fsck +{ + my @fields = @_; + + shift @fields; + $writer->startTag("fsck"); + $writer->characters(join(" ", @fields)); + $writer->endTag("fsck"); +} + +sub callback_losetup +{ + my @fields = @_; + + shift @fields; + $writer->startTag("losetup"); + $writer->characters(join(" ", @fields)); + $writer->endTag("losetup"); +} + +sub callback_unlosetup +{ + my @fields = @_; + + shift @fields; + $writer->startTag("unlosetup"); + $writer->characters(join(" ", @fields)); + $writer->endTag("unlosetup"); +} + +sub callback_cifsmount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("cifsmount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("cifsmount"); +} + +sub callback_smbmount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("smbmount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("smbmount"); +} + +sub callback_ncpmount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("ncpmount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("ncpmount"); +} + +sub callback_smbumount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("smbumount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("smbumount"); +} + +sub callback_ncpumount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("ncpumount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("ncpumount"); +} + +sub callback_fusemount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("fusemount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("fusemount"); +} + +sub callback_fuseumount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("fuseumount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("fuseumount"); +} + +sub callback_umount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("umount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("umount"); +} + +sub callback_lclmount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("lclmount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("lclmount"); +} + +sub callback_cryptmount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("cryptmount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("cryptmount"); +} + +sub callback_nfsmount +{ + my @fields = @_; + + shift @fields; + $writer->startTag("nfsmount"); + $writer->characters(join(" ", @fields)); + $writer->endTag("nfsmount"); +} + +sub callback_mntagain +{ + # not translated - removed in pam_mount 0.32 +} + +sub callback_lsof +{ + # not translated - removed +} + +sub callback_mntcheck +{ + my @fields = @_; + + shift @fields; + $writer->startTag("mntcheck"); + $writer->characters(join(" ", @fields)); + $writer->endTag("mntcheck"); +} + +sub callback_pmvarrun +{ + my @fields = @_; + + shift @fields; + $writer->startTag("pmvarrun"); + $writer->characters(join(" ", @fields)); + $writer->endTag("pmvarrun"); +} + +sub callback_volume +{ + my @fields = @_; + + shift @fields; + + my %attr = ( + "fstype" => "auto", + ); + + # search for wrong splits + # happens at 'a value' or "a value" + # and remove quotes around a single value. "value" or 'value' + my @new_fields; + my($nf, $char); + + foreach my $f (@fields) { + if (!defined($nf) && $f =~ /^'(.+)'$/) { + push(@new_fields, $1); + } elsif (!defined($nf) && $f =~ /^"(.+)"$/) { + push(@new_fields, $1); + } elsif (!defined($nf) && $f =~ /^'([^']+)$/) { + $nf = $1; + $char = "'"; + } elsif (!defined($nf) && $f =~ /^"([^"]+)$/) { + $nf = $1; + $char = "\""; + } elsif (defined($nf) && $f =~ /^([^$char]+)$char$/) { + $nf .= " $1"; + push(@new_fields, $nf); + $nf = undef; + $char = undef; + } elsif(defined($nf)) { + $nf .= " $f"; + } else { + push(@new_fields, $f); + } + } + @fields = @new_fields; + if ($debug) { + print STDERR Data::Dumper->Dump([@new_fields]) + } + + foreach my $i (2..7) { + $fields[$i] =~ s/&/\%(USER)/g; + $fields[$i] =~ s/\\\s/ /g; + } + + if ($fields[0] =~ /^\@\@(.*)/) { + $attr{sgrp} = "$1"; + } elsif ($fields[0] =~ /^\@(.*)/) { + $attr{pgrp} = "$1"; + } else { + $attr{user} = "$fields[0]"; + } + + if (defined($fields[1]) && $fields[1] ne "local") { + $attr{fstype} = $fields[1]; + } + if (defined($fields[2]) && $fields[2] ne "-") { + $attr{server} = $fields[2]; + } + if (defined($fields[3])) { + $attr{path} = $fields[3]; + } + if (defined($fields[4]) && $fields[4] ne "-") { + $attr{mountpoint} = $fields[4]; + } + if (defined($fields[5]) && $fields[5] ne "-") { + $attr{options} = $fields[5]; + } + if (defined($fields[6]) && $fields[6] ne "-") { + $attr{fskeycipher}= $fields[6]; + } + if (defined($fields[7]) && $fields[7] ne "-") { + $attr{fskeypath} = $fields[7]; + } + + $writer->emptyTag("volume", %attr ); +} + +sub parse_conf +{ + my @file; + open(OUT, "< $OLD_CONF") || die "Cannot open $OLD_CONF: $!\n"; + @file = ; + close OUT; + + foreach my $line (@file) { + ++$.; + chomp $line; + $line =~ s/^\s+//s; + + if (length($line) == 0 || substr($line, 0, 1) eq "#") { + next; + } + + my @fields = split(/(?(@fields); + $writer->raw("\n\n"); + } else { + print STDERR "-" x 40, "\n", + "Unknown command: \"$fields[0]\" near ", + "line $.:\n", + $line, "\n", + "-" x 40, "\n"; + return 1; + } + + # insert new field after debug + + if( $fields[0] eq "debug" ) + { + if ($debug) { + print STDERR "callback_logout called: (default)\n"; + } + + $callbacks{"logout"}->(); + $writer->raw("\n\n"); + } + } + + return 0; +} + +my $ret = parse_conf(); + +$writer->endTag("pam_mount"); +$writer->end(); +$output->close(); + +exit $ret; diff --git a/mount.crypt b/mount.crypt new file mode 100644 index 0000000..0dcb9ca --- /dev/null +++ b/mount.crypt @@ -0,0 +1,21 @@ +#!/bin/sh + +CMD=`basename $0` + +if [[ "$CMD" =~ "umount" ]]; then + if [ ! -x ../usr/sbin/umount.crypt ]; then + logger -t "mount.crypt" -p user.err -i "/usr/sbin/umount.crypt: File not found." + exit 1 + fi + ../usr/sbin/umount.crypt $@ +elif [[ "$CMD" =~ "mount" ]]; then + if [ ! -x ../usr/sbin/mount.crypt ]; then + logger -t "mount.crypt" -p user.err -i "/usr/sbin/mount.crypt: File not found." + exit 1 + fi + ../usr/sbin/mount.crypt $@ +else + logger -t "mount.crypt" -p user.err -i "Unknown command: $0" + exit 1 +fi + diff --git a/mount.encfs13 b/mount.encfs13 new file mode 100644 index 0000000..9e38c0d --- /dev/null +++ b/mount.encfs13 @@ -0,0 +1,21 @@ +#!/bin/sh + +CMD=`basename $0` + +if [[ "$CMD" =~ "umount" ]]; then + if [ ! -x ../usr/sbin/umount.encfs13 ]; then + logger -t "mount.encfs13" -p user.err -i "/usr/sbin/umount.encfs13: File not found." + exit 1 + fi + ../usr/sbin/umount.encfs13 $@ +elif [[ "$CMD" =~ "mount" ]]; then + if [ ! -x ../usr/sbin/mount.encfs13 ]; then + logger -t "mount.encfs13" -p user.err -i "/usr/sbin/mount.encfs13: File not found." + exit 1 + fi + ../usr/sbin/mount.encfs13 $@ +else + logger -t "mount.encfs13" -p user.err -i "Unknown command: $0" + exit 1 +fi + diff --git a/pam_mount-0.45-umount-home-dir.dif b/pam_mount-0.45-umount-home-dir.dif deleted file mode 100644 index 48a7329..0000000 --- a/pam_mount-0.45-umount-home-dir.dif +++ /dev/null @@ -1,25 +0,0 @@ -Index: scripts/umount.crypt -=================================================================== ---- scripts/umount.crypt.orig -+++ scripts/umount.crypt -@@ -46,6 +46,7 @@ fi; - # ask cryptsetup about the underlying device - # - REALDEVICE=`cryptsetup status "$DMDEVICE" | sed -n '/device/s/[ ]*device:[ ]*//p'`; -+IMGDEVICE=`losetup -a | grep "$REALDEVICE" | awk -F\( '{ print $2 }' | sed 's/)//'` - - for ((x = 5; x >= 0; --x)); do - fuser -m "$1" || break; -@@ -73,3 +83,12 @@ if echo "$REALDEVICE" | grep ^/dev/loop - exit 1 - fi - fi -+ -+if echo "$IMGDEVICE" | grep ^/dev/loop >/dev/null; then -+ losetup -d "$IMGDEVICE"; -+ if [ $? -ne 0 ]; then -+ echo "${0##*/}: error removing $IMGDEVICE" >&2 -+ exit 1 -+ fi -+fi -+ diff --git a/pam_mount-0.47-convert-add-logout.dif b/pam_mount-0.47-convert-add-logout.dif deleted file mode 100644 index 03d27ab..0000000 --- a/pam_mount-0.47-convert-add-logout.dif +++ /dev/null @@ -1,44 +0,0 @@ ---- orig/pam_mount-0.47/scripts/convert_pam_mount_conf.pl 2008-09-05 05:28:34.000000000 +0200 -+++ pam_mount-0.47/scripts/convert_pam_mount_conf.pl 2009-01-10 18:07:15.000000000 +0100 -@@ -26,6 +26,7 @@ - - my %callbacks = ( - "debug" => \&callback_debug, -+ "logout" => \&callback_logout, - "mkmountpoint" => \&callback_mkmountpoint, - "fsckloop" => \&callback_fsckloop, - "luserconf" => \&callback_luserconf, -@@ -67,6 +68,14 @@ - $writer->emptyTag("debug", "enable" => $fields[1]); - } - -+sub callback_logout -+{ -+ my @fields = @_; -+ -+ # we create a default entry here, fields are not evaluated -+ $writer->emptyTag("logout", "wait" => "2000", "hup" => "0", "term" => "1", "kill" => "1"); -+} -+ - sub callback_mkmountpoint - { - my @fields = @_; -@@ -401,6 +415,18 @@ - "-" x 40, "\n"; - return 1; - } -+ -+ # insert new field after debug -+ -+ if( $fields[0] eq "debug" ) -+ { -+ if ($debug) { -+ print STDERR "callback_logout called: (default)\n"; -+ } -+ -+ $callbacks{"logout"}->(); -+ $writer->raw("\n\n"); -+ } - } - - return 0; diff --git a/pam_mount-0.47-fix-decrypt-key.dif b/pam_mount-0.47-fix-decrypt-key.dif deleted file mode 100644 index 53fac3f..0000000 --- a/pam_mount-0.47-fix-decrypt-key.dif +++ /dev/null @@ -1,58 +0,0 @@ ---- src/crypto.c -+++ src/crypto.c 2008/09/25 12:40:16 -@@ -35,6 +35,7 @@ - #include "crypto.h" - #include "misc.h" - #include "pam_mount.h" -+#include - - /* Functions */ - #if defined(HAVE_LIBCRYPTO) && defined(HAVE_LIBSSL) -@@ -123,7 +124,7 @@ - int decrypted_key(hmc_t **pt_fs_key, const char *fs_key_path, - const char *fs_key_cipher, const char *authtok) - { -- hmc_t *ct_fs_key = NULL, *line = NULL; -+ hmc_t *ct_fs_key = NULL; - int segment_len, pt_fs_key_len, ret = 1; - unsigned char hashed_authtok[EVP_MAX_KEY_LENGTH]; /* hash(system authtok) */ - unsigned char iv[EVP_MAX_IV_LENGTH]; -@@ -156,10 +157,26 @@ - } - - ct_fs_key = hmc_minit(NULL, 0); -- while (HX_getl(&line, fs_key_fp) != NULL) -- hmc_memcat(&ct_fs_key, line, hmc_length(line)); -- hmc_free(line); - -+ while (1) -+ { -+ unsigned char line[EVP_MAX_BLOCK_LENGTH]; -+ size_t n = fread(&line, 1, EVP_MAX_BLOCK_LENGTH, fs_key_fp); -+ if (ferror(fs_key_fp)) -+ { -+ l0g("failed to read the key(%d)", ferror(fs_key_fp)); -+ goto out2; -+ } -+ -+ if(n > 0) -+ { -+ hmc_memcat(&ct_fs_key, line, n); -+ } -+ -+ if (feof(fs_key_fp)) -+ break; -+ } -+ - if (hmc_length(ct_fs_key) == 0) { - l0g("failed to read encrypted filesystem key from %s, " - "or file empty.\n", fs_key_path); -@@ -210,7 +227,7 @@ - - ERR_free_strings(); - /* pt_fs_key_len is unsigned */ -- assert(ret == 0); -+ assert(ret != 0); - return ret; - } - diff --git a/pam_mount-0.47-fix-deny_ok.dif b/pam_mount-0.47-fix-deny_ok.dif deleted file mode 100644 index 26f42bb..0000000 --- a/pam_mount-0.47-fix-deny_ok.dif +++ /dev/null @@ -1,11 +0,0 @@ ---- src/rdconf2.c -+++ src/rdconf2.c 2008/10/14 10:35:21 -@@ -102,7 +102,7 @@ - return false; - - while ((e = HXbtraverse(t)) != NULL) -- if (!kvplist_contains(options, e->key)) { -+ if (kvplist_contains(options, e->key)) { - l0g("option \"%s\" denied\n", - static_cast(const char *, e->key)); - HXbtrav_free(t); diff --git a/pam_mount-0.47-fix-logout.dif b/pam_mount-0.47-fix-logout.dif deleted file mode 100644 index a2388da..0000000 --- a/pam_mount-0.47-fix-logout.dif +++ /dev/null @@ -1,11 +0,0 @@ ---- src/ofl-lib.c -+++ src/ofl-lib.c 2009/01/12 09:29:20 -@@ -206,7 +206,7 @@ - while ((de = HXdir_read(dir)) != NULL) { - if (*de == '.') - continue; -- snprintf(tmp, sizeof(tmp), "%s/%s", path, de); -+ snprintf(tmp, sizeof(tmp), "%s/%s/fd", path, de); - if (lstat(tmp, &data->sb) < 0 || !S_ISDIR(data->sb.st_mode)) - continue; - ofl_taskfd(mnt, tmp, data); diff --git a/pam_mount-0.47-fix-replace-options.dif b/pam_mount-0.47-fix-replace-options.dif deleted file mode 100644 index a4ec8a3..0000000 --- a/pam_mount-0.47-fix-replace-options.dif +++ /dev/null @@ -1,32 +0,0 @@ ---- src/mount.c -+++ src/mount.c 2008/10/13 14:19:40 -@@ -785,6 +785,7 @@ - { - const struct HXdeque_node *n; - struct HXdeque *argv; -+ struct HXdeque *argv2; - hmc_t *ll_password = NULL; - int child_exit = 0, cstdin = -1, cstderr = -1; - const char *mount_user; -@@ -847,13 +848,20 @@ - - if ((argv = HXdeque_init()) == NULL) - misc_log("malloc: %s\n", strerror(errno)); -+ if ((argv2 = HXdeque_init()) == NULL) -+ misc_log("malloc: %s\n", strerror(errno)); - if (vpt->uses_ssh) - for (n = config->command[CMD_FD0SSH]->first; - n != NULL; n = n->next) - arglist_add(argv, n->ptr, vinfo); - - for (n = config->command[vpt->type]->first; n != NULL; n = n->next) -- arglist_add(argv, n->ptr, vinfo); -+ arglist_add(argv2, n->ptr, vinfo); -+ /* -+ * do a replacement a second time to catch also variables -+ * specified in the options of a volume -+ */ -+ argv = arglist_build(argv2, vinfo); - - if (vpt->type == CMD_LCLMOUNT && - !check_filesystem(config, vpt, vinfo, ll_password)) diff --git a/pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif b/pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif deleted file mode 100644 index 972ecc0..0000000 --- a/pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif +++ /dev/null @@ -1,18 +0,0 @@ ---- src/rdconf2.c -+++ src/rdconf2.c 2009/01/12 12:16:30 -@@ -158,6 +158,7 @@ - misc_log("Luser volume for %s is missing options that " - "are required by global \n", - vol->mountpoint); -+ return false; - } - if (config->options_allow->items != 0 && - !allow_ok(config->options_allow, &vol->options)) { -@@ -171,6 +172,7 @@ - misc_log("Luser volume for %s has options that are " - "denied by global \n", - vol->mountpoint); -+ return false; - } - } - diff --git a/pam_mount-0.47-remove-lsof-convert.dif b/pam_mount-0.47-remove-lsof-convert.dif deleted file mode 100644 index b0bcb0d..0000000 --- a/pam_mount-0.47-remove-lsof-convert.dif +++ /dev/null @@ -1,14 +0,0 @@ ---- scripts/convert_pam_mount_conf.pl -+++ scripts/convert_pam_mount_conf.pl 2008/11/04 12:47:05 -@@ -256,6 +256,11 @@ - # not translated - removed in pam_mount 0.32 - } - -+sub callback_lsof -+{ -+ # not translated - removed -+} -+ - sub callback_mntcheck - { - my @fields = @_; diff --git a/pam_mount-0.47.tar.lzma b/pam_mount-0.47.tar.lzma deleted file mode 100644 index c960070..0000000 --- a/pam_mount-0.47.tar.lzma +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ec545cfebca827f5d3065698974ef1d0913f113c129ac216192a3e61f8937d3c -size 250337 diff --git a/pam_mount-1.18-rpmlintrc b/pam_mount-1.18-rpmlintrc new file mode 100644 index 0000000..17acb3c --- /dev/null +++ b/pam_mount-1.18-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("percent-in-%post") +addFilter("files-duplicate.*crypt.*8.gz") + diff --git a/pam_mount-1.18.tar.bz2 b/pam_mount-1.18.tar.bz2 new file mode 100644 index 0000000..600b1e2 --- /dev/null +++ b/pam_mount-1.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fce9ae6889f8cce6369ee5694e07694f46c577f0a77d8065fedb3d9d359defd3 +size 323607 diff --git a/pam_mount.changes b/pam_mount.changes index 5d03c57..88820dd 100644 --- a/pam_mount.changes +++ b/pam_mount.changes @@ -1,9 +1,17 @@ +------------------------------------------------------------------- +Wed Feb 18 12:46:10 CET 2009 - mc@suse.de + +- update to version 1.18 + * lot of fixes and new Features. + see /usr/share/doc/packages/pam_mount/changelog.txt + for details + ------------------------------------------------------------------- Thu Jan 29 16:00:36 CET 2009 - crrodriguez@suse.de -- reduce buildRequires after libHX changes +- reduce buildRequires after libHX changes -------------------------------------------------------------------- +-------------------------------------------------------------------- Mon Jan 12 11:23:15 CET 2009 - mc@suse.de - fix feature (bnc#461333) diff --git a/pam_mount.spec b/pam_mount.spec index a79b541..a6f8f5f 100644 --- a/pam_mount.spec +++ b/pam_mount.spec @@ -1,5 +1,5 @@ # -# spec file for package pam_mount (Version 0.47) +# spec file for package pam_mount (Version 1.18) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,11 +19,12 @@ Name: pam_mount -BuildRequires: libHX-devel lzma openssl-devel pam-devel perl-XML-Writer pkg-config +BuildRequires: libHX-devel libxml2-devel openssl-devel pam-devel pkg-config +BuildRequires: perl-XML-Parser perl-XML-Writer BuildRequires: linux-kernel-headers Summary: A PAM Module that can Mount Volumes for a User Session -Version: 0.47 -Release: 15 +Version: 1.18 +Release: 1 # psmisc: /bin/fuser Recommends: cifs-mount psmisc Recommends: cryptsetup @@ -31,19 +32,16 @@ Requires: util-linux License: LGPL v2.1 or later Prefix: /usr Group: System/Libraries -Source: %{name}-%{version}.tar.lzma -Patch1: pam_mount-0.45-umount-home-dir.dif -Patch2: pam_mount-0.47-fix-decrypt-key.dif -Patch3: pam_mount-0.47-fix-replace-options.dif -Patch4: pam_mount-0.47-fix-deny_ok.dif -Patch5: pam_mount-0.47-remove-lsof-convert.dif -Patch6: pam_mount-0.47-fix-logout.dif -Patch7: pam_mount-0.47-enable-logout-kill.dif -Patch8: pam_mount-0.47-convert-add-logout.dif -Patch9: pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif +Source: %{name}-%{version}.tar.bz2 +Source1: convert_pam_mount_conf.pl +Source2: convert_keyhash.pl +Source3: mount.crypt +Source4: mount.encfs13 +Source5: pam_mount-1.18-rpmlintrc +Patch1: pam_mount-0.47-enable-logout-kill.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://pam-mount.sourceforge.net/ -PreReq: coreutils, perl-XML-Writer +PreReq: coreutils, perl-XML-Writer, perl-XML-Parser %description This module is aimed at environments with SMB (Samba or Windows NT) or @@ -76,15 +74,7 @@ include it and send me patches. %prep %setup -q -%patch1 -%patch2 -%patch3 -%patch4 -%patch5 -%patch6 -%patch7 -p1 -%patch8 -p1 -%patch9 +%patch1 -p1 %build %{suse_update_config -f} @@ -96,17 +86,23 @@ CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %install make install DESTDIR=${RPM_BUILD_ROOT} # Remove static and libtool version -rm -vf ${RPM_BUILD_ROOT}/%{_lib}/security/pam_mount.{a,la} -mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/security -# remove mount_ehd, it's only for OpenBSD -rm $RPM_BUILD_ROOT%{_prefix}/bin/mount_ehd -rm $RPM_BUILD_ROOT%{_mandir}/man8/mount_ehd.8 -rm $RPM_BUILD_ROOT%{_prefix}/bin/passwdehd -rm $RPM_BUILD_ROOT%{_mandir}/man8/passwdehd.8 +rm -f ${RPM_BUILD_ROOT}/%{_lib}/security/pam_mount.{a,la} #install the docs mkdir -p ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples cp doc/bugs.txt doc/changelog.txt LICENSE* doc/faq.txt doc/todo.txt doc/options.txt doc/pam_mount.txt ${RPM_BUILD_ROOT}/%_docdir/%name/ -install -m 755 scripts/convert_pam_mount_conf.pl ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples/ +install -m 755 %{SOURCE1} ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples/ +install -m 755 %{SOURCE2} ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples/ +# +# move /sbin/mount.crypt to /usr/sbin/mount.crypt and put a wrapper script to /sbin/mount.crypt +# The same for mount.encfs13 +# +mkdir -p ${RPM_BUILD_ROOT}/usr/sbin/ +mv ${RPM_BUILD_ROOT}/sbin/mount.crypt ${RPM_BUILD_ROOT}/usr/sbin/ +mv ${RPM_BUILD_ROOT}/sbin/mount.encfs13 ${RPM_BUILD_ROOT}/usr/sbin/ +ln -s /usr/sbin/mount.crypt ${RPM_BUILD_ROOT}/usr/sbin/umount.crypt +ln -s /usr/sbin/mount.encfs13 ${RPM_BUILD_ROOT}/usr/sbin/umount.encfs13 +install -m755 %{SOURCE3} ${RPM_BUILD_ROOT}/sbin/ +install -m755 %{SOURCE4} ${RPM_BUILD_ROOT}/sbin/ %post if [ -e etc/security/pam_mount.conf ] @@ -115,6 +111,16 @@ then %_docdir/%{name}/examples/convert_pam_mount_conf.pl \ -i etc/security/pam_mount.conf -o etc/security/pam_mount.conf.xml fi +if [ $1 -gt 1 ] +then + for v in `rpm -q --queryformat "%{VERSION} " %{name}`; do + if echo "$v" | grep -E "^0\." - ; then + %_docdir/%{name}/examples/convert_keyhash.pl \ + -i etc/security/pam_mount.conf.xml + break; + fi + done +fi %clean rm -rf $RPM_BUILD_ROOT @@ -124,25 +130,28 @@ rm -rf $RPM_BUILD_ROOT %docdir %_docdir/%name %_docdir/%name /%{_lib}/security/pam_mount*.so -%{_prefix}/bin/mkehd -%{_prefix}/bin/autoehd -%{_prefix}/bin/pmt-fd0ssh -%{_prefix}/bin/pmt-ofl -/sbin/mount.crypt -/sbin/umount.crypt +%{_bindir}/pmt-fd0ssh +%{_bindir}/pmt-ofl +/sbin/mount.crypt* +/sbin/umount.crypt* /sbin/mount.encfs13 +%{_sbindir}/mount.crypt +%{_sbindir}/umount.crypt +%{_sbindir}/mount.encfs13 +%{_sbindir}/umount.encfs13 %{_sbindir}/pmvarrun +%{_sbindir}/pmt-ehd %config(noreplace) %{_sysconfdir}/security/pam_mount.conf.xml -%doc %{_mandir}/man1/mkehd.1.gz %doc %{_mandir}/man1/pmt-fd0ssh.1.gz %doc %{_mandir}/man5/pam_mount.conf.5.gz -%doc %{_mandir}/man8/autoehd.8.gz -%doc %{_mandir}/man8/mount.crypt.8.gz -%doc %{_mandir}/man8/pam_mount.8.gz -%doc %{_mandir}/man8/pmvarrun.8.gz -%doc %{_mandir}/man8/umount.crypt.8.gz +%doc %{_mandir}/man8/*.8.gz %changelog +* Wed Feb 18 2009 mc@suse.de +- update to version 1.18 + * lot of fixes and new Features. + see /usr/share/doc/packages/pam_mount/changelog.txt + for details * Thu Jan 29 2009 crrodriguez@suse.de - reduce buildRequires after libHX changes * Mon Jan 12 2009 mc@suse.de