← Back to branch summary

~ecryptfs/ecryptfs/trunk

« back to all changes in this revision

Viewing changes to src/pam_ecryptfs/pam_ecryptfs.c

  • Committer: Tyler Hicks
  • Date: 2015-03-10 16:58:50 UTC
  • mfrom: (837.2.19 salt)
  • Revision ID: tyhicks@canonical.com-20150310165850-lmkhbjwcz3jfq9c4
https://launchpad.net/bugs/1020902
* Introduce the version 2 wrapped-passphrase file format. It adds the
  ability to combine a randomly generated salt with the wrapping password
  (typically, a user's login password) prior to performing key
  strengthening. The version 2 file format is considered to be a
  intermediate step in strengthening the wrapped-passphrase files of
  existing encrypted home/private users. Support for reading/writing version
  2 wrapped-passphrase files and transparent migration, through
  pam_ecryptfs, from version 1 to version 2 files is considered safe enough
  to backport to stable distro releases. The libecryptfs ABI around
  wrapped-passphrase file handling is not broken.
  - CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable
  for the make check target and verifies v1 to v2 wrapped-passphrase file
  migration.
* Create a temporary file when creating a new wrapped-passphrase file and
  copy it to its final destination after the file has been fully synced to
  disk (LP: #1020902)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/pam_ecryptfs/pam_ecryptfs.c
94
94
        return 0;
95
95
}
96
96
 
 
97
static int rewrap_passphrase_if_necessary(char *wrapped_pw_filename,
 
98
                                          char *wrapping_passphrase, char *salt)
 
99
{
 
100
        char passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
 
101
        uint8_t version;
 
102
        int rc;
 
103
 
 
104
        memset(passphrase, 0, sizeof(passphrase));
 
105
 
 
106
        rc = __ecryptfs_detect_wrapped_passphrase_file_version(
 
107
                                                        wrapped_pw_filename,
 
108
                                                        &version);
 
109
        if (rc)
 
110
                return rc;
 
111
 
 
112
        /* Only rewrap version 1 files */
 
113
        if (version > 1)
 
114
                return 0;
 
115
 
 
116
        rc = ecryptfs_unwrap_passphrase(passphrase, wrapped_pw_filename,
 
117
                                        wrapping_passphrase, salt);
 
118
        if (rc)
 
119
                return rc;
 
120
 
 
121
        return ecryptfs_wrap_passphrase(wrapped_pw_filename,
 
122
                                        wrapping_passphrase, NULL, passphrase);
 
123
}
 
124
 
97
125
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
98
126
                                   const char **argv)
99
127
{
201
229
                        } else {
202
230
                                goto out_child;
203
231
                        }
 
232
                        if (rewrap_passphrase_if_necessary(wrapped_pw_filename, passphrase, salt)) {
 
233
                                /* Non fatal condition. Log a warning. */
 
234
                                syslog(LOG_WARNING, "pam_ecryptfs: Unable to rewrap passphrase file\n");
 
235
                        }
204
236
                        rc = ecryptfs_insert_wrapped_passphrase_into_keyring(
205
237
                                auth_tok_sig, wrapped_pw_filename, passphrase,
206
238
                                salt);