eCryptfs

Merge lp:~mhlavink/ecryptfs/rhbugs1 into lp:~ecryptfs/ecryptfs/ecryptfs-utils

  1. rhbugs1
  2. Merge into ecryptfs-utils
Proposed by Michal Hlavinka
Status: Merged
Merge reported by: Dustin Kirkland 
Merged at revision: not available
Proposed branch: lp:~mhlavink/ecryptfs/rhbugs1
Merge into: lp:~ecryptfs/ecryptfs/ecryptfs-utils
Diff against target: None lines
To merge this branch: bzr merge lp:~mhlavink/ecryptfs/rhbugs1
Reviewer Review Type Date Requested Status
Dustin Kirkland  Approve
Tyler Hicks Approve
Review via email: mp+5757@code.launchpad.net
To post a comment you must log in.
lp:~mhlavink/ecryptfs/rhbugs1 updated
387. By Michal Hlavinka

check and fix asprintf's error codes

Change all MOUNT_ERROR return codes for asprintf failure to -ENOMEM.
Make sure all return codes are reset to zero or overwritten,
because asprintf doesn't return zero for success.

Signed-off-by: Michal Hlavinka <email address hidden>

388. By Michal Hlavinka

key_management.c: if key is already in keyring don't report it as error

ecryptfs_add_passphrase_key_to_keyring gets return code 1 if key,
it is trying to add to keyring, already exists in keyring.
Return code remains 1, just don't report it as error.

Signed-off-by: Michal Hlavinka <email address hidden>

Revision history for this message
Tyler Hicks (tyhicks) :
review: Approve
Revision history for this message
Dustin Kirkland  (kirkland) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'doc/manpage/ecryptfs.7'
2--- doc/manpage/ecryptfs.7 2009-03-24 20:06:33 +0000
3+++ doc/manpage/ecryptfs.7 2009-04-21 17:37:16 +0000
4@@ -54,6 +54,9 @@
5 .B ecryptfs_enable_filename_crypto=(y/N)
6 Specify whether filename encryption should be enabled. If not, the mount helper will not prompt the user for the filename encryption key signature.
7 .TP
8+.B verbosity=0/1
9+Specify if the mount helper can ask you for missing values (default) or If should not ask and fail (for verbosity=0).
10+.TP
11
12 KEY MODULE OPTIONS
13
14
15=== modified file 'src/include/decision_graph.h'
16--- src/include/decision_graph.h 2009-02-03 08:50:36 +0000
17+++ src/include/decision_graph.h 2009-04-21 19:23:03 +0000
18@@ -75,9 +75,10 @@
19 };
20
21 struct param_node {
22-#define MOUNT_ERROR -3
23-#define NULL_TOK -1
24-#define DEFAULT_TOK -2
25+#define MOUNT_ERROR 3
26+#define NULL_TOK 1
27+#define DEFAULT_TOK 2
28+#define WRONG_VALUE 4
29 int num_mnt_opt_names;
30 #define MAX_NUM_MNT_OPT_NAMES 8
31 char *mnt_opt_names[MAX_NUM_MNT_OPT_NAMES];
32@@ -102,6 +103,7 @@
33 #define ECRYPTFS_DISPLAY_PRETTY_VALS 0x00000400
34 #define ECRYPTFS_NO_AUTO_TRANSITION 0x00000800
35 #define ECRYPTFS_IMPLICIT_OVERRIDE_DEFAULT 0x00001000
36+#define ECRYPTFS_NONEMPTY_VALUE_REQUIRED 0x00002000
37 uint32_t flags;
38 int num_transitions;
39 #define MAX_NUM_TRANSITIONS 64
40
41=== modified file 'src/key_mod/ecryptfs_key_mod_openssl.c'
42--- src/key_mod/ecryptfs_key_mod_openssl.c 2009-02-17 15:16:28 +0000
43+++ src/key_mod/ecryptfs_key_mod_openssl.c 2009-04-21 19:50:44 +0000
44@@ -294,7 +294,7 @@
45 syslog(LOG_ERR,
46 "%s: Unable to read private key from file [%s]\n",
47 __FUNCTION__, openssl_data->path);
48- rc = -EIO;
49+ rc = -ENOKEY;
50 goto out;
51 }
52 rc = 0;
53@@ -487,10 +487,11 @@
54 subgraph_ctx = (struct ecryptfs_subgraph_ctx *)(*foo);
55 if ((rc = asprintf(&subgraph_ctx->openssl_data.path, "%s", node->val))
56 == -1) {
57- rc = MOUNT_ERROR;
58+ rc = -ENOMEM;
59 goto out;
60 }
61 rc = DEFAULT_TOK;
62+ free(node->val);
63 node->val = NULL;
64 out:
65 return rc;
66@@ -518,7 +519,7 @@
67 }
68 if ((subgraph_ctx->key_mod->blob = malloc(blob_size)) == NULL) {
69 syslog(LOG_ERR, "Out of memory\n");
70- rc = MOUNT_ERROR;
71+ rc = -ENOMEM;
72 goto out;
73 }
74 if ((rc = ecryptfs_openssl_serialize((unsigned char *)
75@@ -538,15 +539,13 @@
76 syslog(LOG_ERR, "Error attempting to add key to keyring for "
77 "key module [%s]; rc = [%d]\n",
78 subgraph_ctx->key_mod->alias, rc);
79- rc = MOUNT_ERROR;
80 goto out;
81 }
82 if ((rc = asprintf(&sig_mnt_opt, "ecryptfs_sig=%s", sig)) == -1) {
83- rc = MOUNT_ERROR;
84+ rc = -ENOMEM;
85 goto out;
86 }
87- rc = 0;
88- stack_push(mnt_params, sig_mnt_opt);
89+ rc = stack_push(mnt_params, sig_mnt_opt);
90 out:
91 return rc;
92 }
93@@ -609,20 +608,20 @@
94 rc = MOUNT_ERROR;
95 goto out;
96 }
97- if ((rc = parse_options_file(fd, &file_head))) {
98+ rc = parse_options_file(fd, &file_head);
99+ close(fd);
100+ if (rc) {
101 syslog(LOG_ERR, "%s: Error attempting to parse options out "
102 "of file\n", __FUNCTION__);
103- rc = MOUNT_ERROR;
104 goto out;
105 }
106- close(fd);
107 walker = file_head.next;
108 while (walker) {
109 if (strcmp(walker->name, "openssl_passwd") == 0) {
110 if ((rc =
111 asprintf(&subgraph_ctx->openssl_data.passphrase,
112 "%s", walker->value)) == -1) {
113- rc = MOUNT_ERROR;
114+ rc = -ENOMEM;
115 goto out;
116 }
117 break;
118@@ -635,7 +634,6 @@
119 rc = MOUNT_ERROR;
120 goto out;
121 }
122-// #warning MEMORY LEAK: something is wrong with freeing file_head
123 walker = NULL;
124 if ((rc = ecryptfs_openssl_process_key(subgraph_ctx, mnt_params))) {
125 syslog(LOG_ERR, "Error processing OpenSSL key; rc = [%d]", rc);
126@@ -658,7 +656,7 @@
127 static int tf_ssl_passwd_fd(struct ecryptfs_ctx *ctx, struct param_node *node,
128 struct val_node **mnt_params, void **foo)
129 {
130- return 0;
131+ return ENOSYS;
132 }
133
134 static int tf_ecryptfs_openssl_gen_key_param_node_keyfile(
135@@ -826,7 +824,8 @@
136 .val = NULL,
137 .display_opts = NULL,
138 .default_val = NULL,
139- .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
140+ .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT
141+ | ECRYPTFS_NONEMPTY_VALUE_REQUIRED,
142 .num_transitions = 1,
143 .tl = {{.val = NULL,
144 .pretty_val = NULL,
145@@ -840,7 +839,8 @@
146 .val = NULL,
147 .display_opts = NULL,
148 .default_val = NULL,
149- .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
150+ .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT
151+ | ECRYPTFS_NONEMPTY_VALUE_REQUIRED,
152 .num_transitions = 1,
153 .tl = {{.val = NULL,
154 .pretty_val = NULL,
155
156=== modified file 'src/key_mod/ecryptfs_key_mod_passphrase.c'
157--- src/key_mod/ecryptfs_key_mod_passphrase.c 2009-02-17 15:16:28 +0000
158+++ src/key_mod/ecryptfs_key_mod_passphrase.c 2009-04-21 19:50:44 +0000
159@@ -35,9 +35,9 @@
160 {
161 int rc;
162 if (!node->val)
163- return EINVAL;
164+ return -EINVAL;
165 if ((rc = stack_push(head, node->val)))
166- return -rc;
167+ return rc;
168 node->val = NULL;
169 return DEFAULT_TOK;
170 }
171@@ -53,16 +53,16 @@
172
173 file_head = malloc(sizeof(struct ecryptfs_name_val_pair));
174 if (!file_head) {
175- rc = ENOMEM;
176+ rc = -ENOMEM;
177 goto out;
178 }
179 memset(file_head, 0, sizeof(struct ecryptfs_name_val_pair));
180 if (strcmp(node->mnt_opt_names[0], "passphrase_passwd_file") == 0) {
181 fd = open(node->val, O_RDONLY);
182 if (fd == -1) {
183+ rc = -errno;
184 syslog(LOG_ERR, "%s: Error whilst attempting to open "
185 "[%s]; errno = [%m]\n", __FUNCTION__, node->val);
186- rc = MOUNT_ERROR;
187 goto out;
188 }
189 } else if (strcmp(node->mnt_opt_names[0], "passphrase_passwd_fd") == 0) {
190@@ -74,19 +74,18 @@
191 goto out;
192 }
193 rc = parse_options_file(fd, file_head);
194+ close(fd);
195 if (rc) {
196 syslog(LOG_ERR, "%s: Error parsing file for passwd; "
197 "rc = [%d]\n", __FUNCTION__, rc);
198- rc = MOUNT_ERROR;
199 goto out;
200 }
201- close(fd);
202 walker = file_head->next;
203 while (walker) {
204 if (strcmp(walker->name, "passphrase_passwd") == 0
205 || strcmp(walker->name, "passwd") == 0) {
206 if (asprintf(&tmp_val, "%s", walker->value) < 0) {
207- rc = ENOMEM;
208+ rc = -ENOMEM;
209 goto out;
210 }
211 stack_push(head, tmp_val);
212@@ -122,27 +121,26 @@
213 if (!node->val)
214 rc = asprintf(&node->val, "%s", node->default_val);
215 if (rc == -1)
216- return MOUNT_ERROR;
217+ return -ENOMEM;
218 stack_push(head, node->val);
219 node->val = NULL;
220 stack_pop_val(head, (void *)&salt_hex);
221 stack_pop_val(head, (void *)&passwd);
222 auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
223 if (!auth_tok_sig) {
224- rc = ENOMEM;
225+ rc = -ENOMEM;
226 goto out;
227 }
228 from_hex(salt, salt_hex, ECRYPTFS_SIG_SIZE);
229 rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig, passwd, salt);
230 if (rc < 0) {
231 free(auth_tok_sig);
232- rc = -rc;
233 goto out;
234 }
235 rc = asprintf(&param, "ecryptfs_sig=%s", auth_tok_sig);
236 if (rc == -1) {
237 free(auth_tok_sig);
238- rc = ENOMEM;
239+ rc = -ENOMEM;
240 goto out;
241 }
242 free(auth_tok_sig);
243@@ -195,7 +193,8 @@
244 .val = NULL,
245 .display_opts = NULL,
246 .default_val = NULL,
247- .flags = ECRYPTFS_PARAM_FLAG_MASK_OUTPUT,
248+ .flags = (ECRYPTFS_PARAM_FLAG_MASK_OUTPUT
249+ | ECRYPTFS_NONEMPTY_VALUE_REQUIRED),
250 .num_transitions = 2,
251 .tl = {{.val = "passphrase_salt",
252 .pretty_val = "salt",
253@@ -214,7 +213,8 @@
254 .val = NULL,
255 .display_opts = NULL,
256 .default_val = NULL,
257- .flags = ECRYPTFS_PARAM_FLAG_MASK_OUTPUT,
258+ .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT
259+ | ECRYPTFS_NONEMPTY_VALUE_REQUIRED,
260 .num_transitions = 2,
261 .tl = {{.val = "passphrase_salt",
262 .pretty_val = "salt",
263@@ -233,7 +233,8 @@
264 .val = NULL,
265 .display_opts = NULL,
266 .default_val = NULL,
267- .flags = ECRYPTFS_PARAM_FLAG_MASK_OUTPUT,
268+ .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT
269+ | ECRYPTFS_NONEMPTY_VALUE_REQUIRED,
270 .num_transitions = 2,
271 .tl = {{.val = "salt",
272 .pretty_val = "salt",
273@@ -282,7 +283,7 @@
274
275 if (asprintf(alias, "passphrase") == -1) {
276 syslog(LOG_ERR, "Out of memory\n");
277- rc = ENOMEM;
278+ rc = -ENOMEM;
279 goto out;
280 }
281 out:
282
283=== modified file 'src/libecryptfs/cmd_ln_parser.c'
284--- src/libecryptfs/cmd_ln_parser.c 2009-02-17 15:16:28 +0000
285+++ src/libecryptfs/cmd_ln_parser.c 2009-04-21 19:50:44 +0000
286@@ -382,11 +382,15 @@
287 __FUNCTION__, rc, fd);
288 goto out;
289 }
290+ if (S_ISDIR(filestat.st_mode)) {
291+ rc = -EISDIR;
292+ goto out;
293+ }
294 pagesize = getpagesize();
295 file_size = filestat.st_size;
296 if (file_size > MAX_FILE_SIZE) {
297 syslog(LOG_ERR, "File size too large\n");
298- rc = -1;
299+ rc = -EFBIG;
300 goto out;
301 }
302 if (file_size % pagesize) {
303@@ -395,7 +399,7 @@
304 }
305 data = mmap((caddr_t)0, file_size, PROT_READ, MAP_PRIVATE, fd, 0);
306 if (data == MAP_FAILED) {
307- rc = errno;
308+ rc = -errno;
309 syslog(LOG_ERR, "%s: mmap failed on fd [%d]; rc = [%d]\n",
310 __FUNCTION__, fd, rc);
311 goto out;
312
313=== modified file 'src/libecryptfs/decision_graph.c'
314--- src/libecryptfs/decision_graph.c 2009-02-17 15:16:28 +0000
315+++ src/libecryptfs/decision_graph.c 2009-04-21 19:50:44 +0000
316@@ -255,12 +255,12 @@
317 if ((*next = tn->next_token))
318 return 0;
319 else
320- return EINVAL;
321+ return -EINVAL;
322 } else if (trans_func_tok_id == NULL_TOK) {
323 if ((*next = tn->next_token))
324 return 0;
325 else
326- return EINVAL;
327+ return -EINVAL;
328 }
329 nvp = nvp->next;
330 }
331@@ -275,12 +275,18 @@
332 trans_func_tok_id =
333 tn->trans_func(ctx, current,
334 mnt_params, foo);
335+ if (trans_func_tok_id == WRONG_VALUE &&
336+ (ctx->verbosity ||
337+ (current->flags & STDIN_REQUIRED))) {
338+ *next = current;
339+ return 0;
340+ }
341 if (trans_func_tok_id == MOUNT_ERROR ||
342- trans_func_tok_id > 0)
343+ trans_func_tok_id < 0)
344 return trans_func_tok_id;
345 if ((*next = tn->next_token))
346 return 0;
347- else return EINVAL;
348+ else return -EINVAL;
349 }
350 }
351 return NULL_TOK;
352@@ -367,6 +373,7 @@
353 int value_retrieved;
354 int i;
355 int rc;
356+ int tries = 0;
357
358 if (ecryptfs_verbosity)
359 syslog(LOG_INFO, "%s: Called on node->mnt_opt_names[0] = [%s]",
360@@ -599,6 +606,7 @@
361 syslog(LOG_INFO, "%s: DISPLAY_TRANSITION_NODE_"
362 "VALS not set\n", __FUNCTION__);
363 obtain_value:
364+ if (++tries > 3) return EINVAL;
365 if (node->suggested_val)
366 rc = asprintf(&prompt, "%s [%s]", node->prompt,
367 node->suggested_val);
368@@ -619,6 +627,12 @@
369 (&(node->val), prompt,
370 (node->flags
371 & ECRYPTFS_PARAM_FLAG_ECHO_INPUT));
372+ if (node->val[0] == '\0' &&
373+ (node->flags & ECRYPTFS_NONEMPTY_VALUE_REQUIRED)) {
374+ fprintf(stderr,"Wrong input, non-empty value "
375+ "required!\n");
376+ goto obtain_value;
377+ }
378 free(prompt);
379 if (node->flags & VERIFY_VALUE) {
380 rc = asprintf(&verify_prompt, "Verify %s",
381@@ -702,9 +716,7 @@
382
383 memset(*mnt_params, 0, sizeof(struct val_node));
384 rc = eval_param_tree(ctx, root_node, nvp_head, mnt_params);
385- if (rc > 0)
386- return -rc;
387- if (rc != MOUNT_ERROR)
388+ if ((rc > 0) && (rc != MOUNT_ERROR))
389 return 0;
390 return rc;
391 }
392@@ -949,6 +961,7 @@
393 rc = -ENOMEM;
394 goto out;
395 }
396+ rc = 0;
397 subgraph_ctx = (struct ecryptfs_subgraph_ctx *)(*foo);
398 walker = &subgraph_ctx->head_val_node;
399 while (walker->next)
400@@ -1023,8 +1036,7 @@
401 rc = -ENOMEM;
402 goto out_free_list_and_subgraph_ctx;
403 }
404- rc = 0;
405- stack_push(mnt_params, sig_mnt_opt);
406+ rc = stack_push(mnt_params, sig_mnt_opt);
407 out_free_list_and_subgraph_ctx:
408 curr = subgraph_ctx->head_val_node.next;
409 while (curr) {
410
411=== modified file 'src/libecryptfs/module_mgr.c'
412--- src/libecryptfs/module_mgr.c 2009-03-18 23:14:52 +0000
413+++ src/libecryptfs/module_mgr.c 2009-04-21 17:59:16 +0000
414@@ -97,57 +97,61 @@
415 .trans_func = sig_param_node_callback}}
416 };
417
418+/* returns: 1 for str=="yes" or "y", 0 for "no" or "n", -1 elsewhere */
419+static int is_yes(const char *str)
420+{
421+ if (str) {
422+ if (!strcmp(str,"y") || !strcmp(str,"yes"))
423+ return 1;
424+ if (!strcmp(str,"no") || !strcmp(str,"n"))
425+ return 0;
426+ }
427+
428+ return -1;
429+}
430+
431+
432+/* returns: 0 for success
433+ * WRONG_VALUE if node->val is none of 'yes','y','no','n'
434+ * <0 for error
435+ */
436+static int stack_push_if_yes(struct param_node *node, struct val_node **head,
437+ char *opt_name)
438+{
439+ int rc;
440+
441+ if (((rc=is_yes(node->val)) == 1) || (node->flags & PARAMETER_SET)) {
442+ rc = stack_push(head, opt_name);
443+ } else if (rc == -1)
444+ rc = WRONG_VALUE;
445+ free(node->val);
446+ node->val = NULL;
447+ return rc;
448+}
449+
450 static int get_hmac(struct ecryptfs_ctx *ctx, struct param_node *node,
451 struct val_node **head, void **foo)
452 {
453- if (node->val && (*(node->val) == 'y')) {
454- stack_push(head, "ecryptfs_hmac");
455- } else if (node->flags & PARAMETER_SET) {
456- stack_push(head, "ecryptfs_hmac");
457- return 0;
458- }
459- free(node->val);
460- return 0;
461+ return stack_push_if_yes(node, head, "ecryptfs_hmac");
462 }
463
464 static int get_passthrough(struct ecryptfs_ctx *ctx, struct param_node *node,
465 struct val_node **head, void **foo)
466 {
467- if (node->val && (*(node->val) == 'y')) {
468- stack_push(head, "ecryptfs_passthrough");
469- } else if (node->flags & PARAMETER_SET) {
470- stack_push(head, "ecryptfs_passthrough");
471- return 0;
472- }
473- free(node->val);
474- return 0;
475+ return stack_push_if_yes(node, head, "ecryptfs_passthrough");
476 }
477
478 static int get_xattr(struct ecryptfs_ctx *ctx, struct param_node *node,
479 struct val_node **head, void **foo)
480 {
481- if (node->val && (*(node->val) == 'y')) {
482- stack_push(head, "ecryptfs_xattr_metadata");
483- } else if (node->flags & PARAMETER_SET) {
484- stack_push(head, "ecryptfs_xattr_metadata");
485- return 0;
486- }
487- free(node->val);
488- return 0;
489+ return stack_push_if_yes(node, head, "ecryptfs_xattr_metadata");
490 }
491
492 static int get_encrypted_passthrough(struct ecryptfs_ctx *ctx,
493 struct param_node *node,
494 struct val_node **head, void **foo)
495 {
496- if (node->val && (*(node->val) == 'y')) {
497- stack_push(head, "ecryptfs_encrypted_view");
498- } else if (node->flags & PARAMETER_SET) {
499- stack_push(head, "ecryptfs_encrypted_view");
500- return 0;
501- }
502- free(node->val);
503- return 0;
504+ return stack_push_if_yes(node, head, "ecryptfs_encrypted_view");
505 }
506
507 static struct param_node end_param_node = {
508@@ -221,9 +225,9 @@
509 struct param_node *node,
510 struct val_node **head, void **foo)
511 {
512- int rc = 0;
513+ int yn, rc = 0;
514
515- if ((node->val && (*(node->val) == 'y'))
516+ if (((yn=is_yes(node->val)) > 0)
517 || (node->flags & PARAMETER_SET)) {
518 int i;
519 struct val_node *val_node;
520@@ -254,10 +258,16 @@
521 }
522 val_node = val_node->next;
523 }
524- }
525+ } else if (node->val) {
526+ if (yn < 0)
527+ rc = WRONG_VALUE;
528+ } else
529+ /* default: no */;
530 out_free:
531- if (node->val)
532+ if (node->val) {
533 free(node->val);
534+ node->val = NULL;
535+ }
536 return rc;
537 }
538
539
540=== modified file 'src/pam_ecryptfs/pam_ecryptfs.c'
541--- src/pam_ecryptfs/pam_ecryptfs.c 2009-04-07 22:33:58 +0000
542+++ src/pam_ecryptfs/pam_ecryptfs.c 2009-04-21 17:42:24 +0000
543@@ -67,6 +67,36 @@
544 }
545 }
546
547+/* returns: 0 for pam automounting not set, 1 for set, <0 for error */
548+static int ecryptfs_pam_automount_set(const char *homedir)
549+{
550+ char *file_path;
551+ int rc = 0;
552+ struct stat s;
553+ if (asprintf(
554+ &file_path, "%s/.ecryptfs/%s",
555+ homedir,
556+ ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME) == -1)
557+ return -ENOMEM;
558+ if (stat(file_path, &s) != 0) {
559+ if (errno != ENOENT)
560+ rc = -errno;
561+ goto out;
562+ }
563+ free(file_path);
564+ if (asprintf(&file_path, "%s/.ecryptfs/auto-mount", homedir) == -1)
565+ return -ENOMEM;
566+ if (stat(file_path, &s) != 0) {
567+ if (errno != ENOENT)
568+ rc = -errno;
569+ goto out;
570+ }
571+ rc = 1;
572+out:
573+ free(file_path);
574+ return rc;
575+}
576+
577 PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
578 const char **argv)
579 {
580@@ -98,6 +128,8 @@
581 "rc = [%ld]\n", username, rc);
582 goto out;
583 }
584+ if (!ecryptfs_pam_automount_set(homedir))
585+ return PAM_SUCCESS;
586 saved_uid = geteuid();
587 seteuid(uid);
588 rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase);
589@@ -365,6 +397,8 @@
590 "rc = [%ld]\n", username, rc);
591 goto out;
592 }
593+ if (!ecryptfs_pam_automount_set(homedir))
594+ return PAM_SUCCESS;
595 saved_uid = geteuid();
596 seteuid(uid);
597 if ((rc = pam_get_item(pamh, PAM_OLDAUTHTOK,
598
599=== modified file 'src/utils/mount.ecryptfs.c'
600--- src/utils/mount.ecryptfs.c 2009-02-27 23:10:56 +0000
601+++ src/utils/mount.ecryptfs.c 2009-04-21 19:23:03 +0000
602@@ -301,6 +301,7 @@
603 char yesno[4];
604 int i;
605 int rc;
606+ int tries;
607
608 home = pw->pw_dir;
609 rc = asprintf(&dot_ecryptfs_dir, "%s/.ecryptfs", home);
610@@ -328,41 +329,65 @@
611 "it looks like you have never mounted with this key \n"
612 "before. This could mean that you have typed your \n"
613 "passphrase wrong.\n\n", sig_cache_filename);
614- printf("Would you like to proceed with the mount (yes/no)? ");
615- i = 0;
616+ tries = 0;
617 do {
618- yesno[i++] = mygetchar();
619- } while (yesno[i-1] != '\n' && i < 3);
620- yesno[i] = '\0';
621- if (yesno[i-1] != '\n')
622- while (mygetchar() != '\n');
623- if (memcmp(yesno, "yes", 3) == 0) {
624- printf("Would you like to append sig [%s] to\n"
625- "[%s] \n"
626- "in order to avoid this warning in the future "
627- "(yes/no)? ", auth_tok_sig, sig_cache_filename);
628+ rc = 0;
629+ printf("Would you like to proceed "
630+ "with the mount (yes/no)? ");
631 i = 0;
632 do {
633 yesno[i++] = mygetchar();
634- } while (yesno[i-1] != '\n' && i < 3);
635- yesno[i] = '\0';
636- if (yesno[i-1] != '\n')
637+ } while (yesno[i-1] != '\n' && i < 4);
638+ if (yesno[i-1] != '\n') {
639 while (mygetchar() != '\n');
640- if (memcmp(yesno, "yes", 3) == 0) {
641+ yesno[0] = '\0';
642+ }
643+ yesno[i-1] = '\0';
644+ } while ((rc = strcmp(yesno, "yes")) && strcmp(yesno, "no")
645+ && (++tries < 5));
646+ if (rc == 0) {
647+ tries = 0;
648+ do {
649+ printf("Would you like to append sig [%s] to\n"
650+ "[%s] \nin order to avoid this warning "
651+ "in the future (yes/no)? ", auth_tok_sig,
652+ sig_cache_filename);
653+ i = 0;
654+ do {
655+ yesno[i++] = mygetchar();
656+ } while (yesno[i-1] != '\n' && i < 4);
657+ if (yesno[i-1] != '\n') {
658+ while (mygetchar() != '\n');
659+ yesno[0] = '\0';
660+ }
661+ yesno[i-1] = '\0';
662+ } while ((rc = strcmp(yesno, "yes"))
663+ && strcmp(yesno, "no") && (++tries < 5));
664+
665+ if (rc == 0) {
666 if ((rc = ecryptfs_append_sig(
667- auth_tok_sig,
668- sig_cache_filename))) {
669+ auth_tok_sig,
670+ sig_cache_filename))) {
671 printf("Error appending to [%s]; rc = "
672- "[%d]. Aborting mount.\n",
673- sig_cache_filename, rc);
674+ "[%d]. Aborting mount.\n",
675+ sig_cache_filename, rc);
676 goto out;
677 }
678 printf("Successfully appended new sig to user "
679- "sig cache file\n");
680- } else
681- printf("Not adding sig to user sig cache "
682- "file; continuing with mount.\n");
683+ "sig cache file\n");
684+ } else {
685+ if (strcmp(yesno,"no"))
686+ rc = -EINVAL;
687+ else {
688+ printf("Not adding sig to user sig "
689+ "cache file; continuing with "
690+ "mount.\n");
691+ rc = 0;
692+ }
693+ }
694 } else {
695+ if (strcmp(yesno,"no"))
696+ rc = -EINVAL;
697 printf("Aborting mount.\n");
698 rc = ECANCELED;
699 goto out;
700@@ -600,6 +625,8 @@
701 &ctx, &mnt_params, version, opts_str,
702 ECRYPTFS_ASK_FOR_ALL_MOUNT_OPTIONS);
703 if (rc) {
704+ if (rc > 0)
705+ rc = -EINVAL;
706 printf("Error attempting to evaluate mount options: "
707 "[%d] %s\nCheck your system logs for details "
708 "on why this happened.\nTry updating your "
709
710=== modified file 'src/utils/umount.ecryptfs.c'
711--- src/utils/umount.ecryptfs.c 2009-03-20 16:29:31 +0000
712+++ src/utils/umount.ecryptfs.c 2009-04-21 18:08:22 +0000
713@@ -109,7 +109,8 @@
714 fekek_fail = ecryptfs_remove_auth_tok_from_keyring(fekek_sig);
715 if (fekek_fail)
716 fprintf(stderr, "Failed to remove fekek with sig [%s] "
717- "from keyring: %s\n", fekek_sig, strerror(rc));
718+ "from keyring: %s\n", fekek_sig,
719+ strerror(fekek_fail));
720 } else {
721 fekek_fail = rc;
722 }
723@@ -117,9 +118,10 @@
724 "ecryptfs_fnek_sig=", &fnek_sig)
725 && strcmp(fekek_sig, fnek_sig)) {
726 fnek_fail = ecryptfs_remove_auth_tok_from_keyring(fnek_sig);
727- if (fekek_fail) {
728+ if (fnek_fail) {
729 fprintf(stderr, "Failed to remove fnek with sig [%s] "
730- "from keyring: %s\n", fekek_sig, strerror(rc));
731+ "from keyring: %s\n", fnek_sig,
732+ strerror(fnek_fail));
733 }
734 }
735 free(fekek_sig);

Subscribers

People subscribed via source and target branches