~ubuntu-branches/ubuntu/trusty/libpam-mount/trusty-proposed

Committer: Bazaar Package Importer
Author(s): Bastian Kleineidam
Date: 2010-05-09 10:46:01 UTC
mfrom: (1.4.4 upstream) (27.2.7 maverick)
Revision ID: james.westby@ubuntu.com-20100509104601-cip885tmppv2tc52

Tags: 2.1+git20100509-1

http://bugs.debian.org/580636

http://bugs.debian.org/484122

http://bugs.debian.org/580430

* New upstream release, plus git changes until 9.5.2010
  + Works now with other password slots than zero on crypted mounts
    (Closes: #580636)
  + Certainly includes old patch fixing the cron segfaults
    (Closes: #484122)
* Only warn about missing fskey hash when an fskey path has been given.
  (Closes: #580430)

files added:
.pc/warn-fskeyhash-only-when-needed.patch

.pc/warn-fskeyhash-only-when-needed.patch/src

.pc/warn-fskeyhash-only-when-needed.patch/src/rdconf1.c

debian/patches/warn-fskeyhash-only-when-needed.patch

files removed:
.pc/var_run_cmtab

.pc/var_run_cmtab/src

.pc/var_run_cmtab/src/mtab.c

debian/patches/var_run_cmtab

files modified:
.pc/applied-patches

.pc/mnt_fallback/src/mtab.c

.pc/mnt_fallback/src/mtcrypt.c

.pc/mnt_fallback/src/pam_mount.h

Makefile.am

Makefile.in

aclocal.m4

compile

config.guess

config.h.in

config.sub

config/Makefile.in

configure

configure.ac

debian/changelog

debian/control

debian/patches/series

dist/pam_mount.spec

doc/Makefile.in

doc/changelog.txt

doc/install.txt

doc/pam_mount.conf.5.in

doc/pam_mount.txt

ltmain.sh

m4/libtool.m4

m4/ltversion.m4

src/Makefile.am

src/Makefile.in

src/crypto-dmc.c

src/crypto.c

src/misc.c

src/mount.c

src/mtab.c

src/mtcrypt.c

src/pam_mount.h

src/rdconf1.c

src/t-crypt

Show diffs side-by-side

added added

removed removed

src/crypto-dmc.c

* This file is part of pam_mount; you can redistribute it and/or

* modify it under the terms of the GNU Lesser General Public License

* as published by the Free Software Foundation; either version 2.1

* of the License, or (at your option) any later version.

#ifdef __linux__

#include "config.h"

#ifdef HAVE_LIBCRYPTSETUP

#include <assert.h>

#include <errno.h>

#include <stdbool.h>

#include <libHX/defs.h>

#include <libHX/proc.h>

#include <libHX/string.h>

#include <libcryptsetup.h>

#include "pam_mount.h"

/**

int dmc_is_luks(const char *path, bool blkdev)

{

const char *lukscheck_args[] = {

"cryptsetup", "isLuks", path, NULL,

};

struct crypt_device *cd;

const char *device = path;

char *loop_device;

int ret;

__func__, strerror(-ret));

return ret;

}

lukscheck_args[2] = loop_device;

}

if ((ret = HXproc_run_sync(lukscheck_args, HXPROC_VERBOSE)) < 0)

fprintf(stderr, "run_sync: %s\n", strerror(-ret));

else if (ret > 0xFFFF)

/* terminated */

ret = -1;

else

/* exited, and we need success or fail */

ret = ret == 0;

device = loop_device;

}

ret = crypt_init(&cd, device);

if (ret == 0) {

ret = crypt_load(cd, CRYPT_LUKS1, NULL);

if (ret == -EINVAL)

ret = false;

else if (ret == 0)

ret = true;

/* else keep ret as-is */

crypt_free(cd);

}

if (!blkdev)

pmt_loop_release(loop_device);

return ret;

static bool dmc_run(const struct ehd_mtreq *req, struct ehd_mount *mt)

{

int ret, argk;

bool is_luks = false;

const char *start_args[12];

struct HXproc proc;

char key_size[HXSIZEOF_Z32+2];

struct crypt_device *cd;

unsigned int flags = 0;

char *cipher = NULL, *mode;

int ret;

ret = dmc_is_luks(mt->lower_device, true);

ret = crypt_init(&cd, mt->lower_device);

if (ret < 0) {

l0g("cryptsetup isLuks got terminated\n");

fprintf(stderr, "crypt_init: %s\n", strerror(-ret));

return false;

}

argk = 0;

is_luks = ret == 1;

start_args[argk++] = "cryptsetup";

if (req->readonly)

start_args[argk++] = "--readonly";

if (req->fs_cipher != NULL) {

start_args[argk++] = "-c";

start_args[argk++] = req->fs_cipher;

}

if (is_luks) {

start_args[argk++] = "luksOpen";

start_args[argk++] = mt->lower_device;

100

start_args[argk++] = mt->crypto_name;

flags |= CRYPT_ACTIVATE_READONLY;

ret = crypt_load(cd, CRYPT_LUKS1, NULL);

if (ret == 0) {

ret = crypt_activate_by_passphrase(cd, mt->crypto_name,

CRYPT_ANY_SLOT, req->key_data, req->key_size, flags);

if (ret < 0) {

fprintf(stderr, "crypt_activate_by_passphrase: %s\n",

strerror(-ret));

goto out;

}

101

100

} else {

102

start_args[argk++] = "--key-file=-";

103

start_args[argk++] = "-h";

104

start_args[argk++] = req->fs_hash;

105

if (req->trunc_keysize != 0) {

106

snprintf(key_size, sizeof(key_size), "-s%u",

107

req->trunc_keysize);

108

start_args[argk++] = key_size;

109

}

110

start_args[argk++] = "create";

111

start_args[argk++] = mt->crypto_name;

112

start_args[argk++] = mt->lower_device;

113

}

114

start_args[argk] = NULL;

115

assert(argk < ARRAY_SIZE(start_args));

116

117

if (Debug)

118

arglist_llog(start_args);

119

120

memset(&proc, 0, sizeof(proc));

121

proc.p_flags = HXPROC_VERBOSE | HXPROC_STDIN;

122

if ((ret = HXproc_run_async(start_args, &proc)) <= 0) {

123

l0g("Error setting up crypto device: %s\n", strerror(-ret));

124

return false;

125

}

126

127

/* Ignore return value, we can't do much in case it fails */

128

if (write(proc.p_stdin, req->key_data, req->key_size) < 0)

129

w4rn("%s: password send erro: %s\n", __func__, strerror(errno));

130

close(proc.p_stdin);

131

if ((ret = HXproc_wait(&proc)) != 0) {

132

w4rn("cryptsetup exited with non-zero status %d\n", ret);

133

return false;

134

}

135

136

return true;

101

struct crypt_params_plain params = {.hash = req->fs_hash};

102

103

cipher = HX_strdup(req->fs_cipher);

104

if (cipher == NULL) {

105

ret = -errno;

106

goto out;

107

}

108

/* stuff like aes-cbc-essiv:sha256 => aes, cbc-essiv:sha256 */

109

mode = strchr(cipher, '-');

110

if (mode != NULL)

111

*mode++ = '\0';

112

else

113

mode = "plain";

114

115

ret = crypt_format(cd, CRYPT_PLAIN, cipher, mode, NULL, NULL,

116

req->trunc_keysize, &params);

117

if (ret < 0) {

118

fprintf(stderr, "crypt_format: %s\n", strerror(-ret));

119

goto out;

120

}

121

122

if (strcmp(req->fs_hash, "plain") == 0)

123

ret = crypt_activate_by_volume_key(cd, mt->crypto_name,

124

req->key_data, req->key_size, flags);

125

else

126

ret = crypt_activate_by_passphrase(cd, mt->crypto_name,

127

CRYPT_ANY_SLOT, req->key_data, req->key_size,

128

flags);

129

if (ret < 0) {

130

fprintf(stderr, "crypt_activate: %s\n", strerror(-ret));

131

goto out;

132

}

133

}

134

135

out:

136

free(cipher);

137

crypt_free(cd);

138

return ret >= 0 ? true : false;

137

139

}

138

140

139

141

static int dmc_load(const struct ehd_mtreq *req, struct ehd_mount *mt)

148

150

149

151

static int dmc_unload(const struct ehd_mount *mt)

150

152

{

151

const char *args[] = {

152

"cryptsetup", "remove", NULL, NULL,

153

};

154

int ret = 1;

155

156

if (mt->crypto_name != NULL)

157

args[2] = mt->crypto_name;

158

else if (mt->crypto_device != NULL)

159

args[2] = mt->crypto_device;

160

if (args[2] != NULL) {

161

ret = HXproc_run_sync(args, HXPROC_VERBOSE);

162

if (ret != 0)

163

l0g("Could not unload dm-crypt device \"%s\", "

164

"cryptsetup returned HXproc status %d\n",

165

mt->crypto_device, ret);

166

ret = !ret;

167

}

168

169

return ret;

153

struct crypt_device *cd;

154

const char *cname;

155

int ret;

156

157

ret = crypt_init(&cd, mt->crypto_device);

158

if (ret < 0)

159

return ret;

160

161

cname = (mt->crypto_name != NULL) ? mt->crypto_name :

162

HX_basename(mt->crypto_device);

163

ret = crypt_deactivate(cd, cname);

164

crypt_free(cd);

165

return (ret < 0) ? ret : 1;

170

166

}

171

167

172

168

const struct ehd_crypto_ops ehd_dmcrypt_ops = {

174

170

.unload = dmc_unload,

175

171

};

176

172

177

#endif /* __linux__ */

173

#endif /* HAVE_LIBCRYPTSETUP */

Older »