Merge lp:~mhlavink/ecryptfs/rhbugs1 into lp:~ecryptfs/ecryptfs/ecryptfs-utils
- rhbugs1
- Merge into ecryptfs-utils
Proposed by
Michal Hlavinka
Status: | Merged |
---|---|
Merge reported by: | Dustin Kirkland |
Merged at revision: | not available |
Proposed branch: | lp:~mhlavink/ecryptfs/rhbugs1 |
Merge into: | lp:~ecryptfs/ecryptfs/ecryptfs-utils |
Diff against target: | None lines |
To merge this branch: | bzr merge lp:~mhlavink/ecryptfs/rhbugs1 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Dustin Kirkland | Approve | ||
Tyler Hicks | Approve | ||
Review via email: mp+5757@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
lp:~mhlavink/ecryptfs/rhbugs1
updated
- 387. By Michal Hlavinka
-
check and fix asprintf's error codes
Change all MOUNT_ERROR return codes for asprintf failure to -ENOMEM.
Make sure all return codes are reset to zero or overwritten,
because asprintf doesn't return zero for success.Signed-off-by: Michal Hlavinka <email address hidden>
- 388. By Michal Hlavinka
-
key_management.c: if key is already in keyring don't report it as error
ecryptfs_
add_passphrase_ key_to_ keyring gets return code 1 if key,
it is trying to add to keyring, already exists in keyring.
Return code remains 1, just don't report it as error.Signed-off-by: Michal Hlavinka <email address hidden>
Revision history for this message
Tyler Hicks (tyhicks) : | # |
review:
Approve
Revision history for this message
Dustin Kirkland (kirkland) : | # |
review:
Approve
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'doc/manpage/ecryptfs.7' |
2 | --- doc/manpage/ecryptfs.7 2009-03-24 20:06:33 +0000 |
3 | +++ doc/manpage/ecryptfs.7 2009-04-21 17:37:16 +0000 |
4 | @@ -54,6 +54,9 @@ |
5 | .B ecryptfs_enable_filename_crypto=(y/N) |
6 | Specify whether filename encryption should be enabled. If not, the mount helper will not prompt the user for the filename encryption key signature. |
7 | .TP |
8 | +.B verbosity=0/1 |
9 | +Specify if the mount helper can ask you for missing values (default) or If should not ask and fail (for verbosity=0). |
10 | +.TP |
11 | |
12 | KEY MODULE OPTIONS |
13 | |
14 | |
15 | === modified file 'src/include/decision_graph.h' |
16 | --- src/include/decision_graph.h 2009-02-03 08:50:36 +0000 |
17 | +++ src/include/decision_graph.h 2009-04-21 19:23:03 +0000 |
18 | @@ -75,9 +75,10 @@ |
19 | }; |
20 | |
21 | struct param_node { |
22 | -#define MOUNT_ERROR -3 |
23 | -#define NULL_TOK -1 |
24 | -#define DEFAULT_TOK -2 |
25 | +#define MOUNT_ERROR 3 |
26 | +#define NULL_TOK 1 |
27 | +#define DEFAULT_TOK 2 |
28 | +#define WRONG_VALUE 4 |
29 | int num_mnt_opt_names; |
30 | #define MAX_NUM_MNT_OPT_NAMES 8 |
31 | char *mnt_opt_names[MAX_NUM_MNT_OPT_NAMES]; |
32 | @@ -102,6 +103,7 @@ |
33 | #define ECRYPTFS_DISPLAY_PRETTY_VALS 0x00000400 |
34 | #define ECRYPTFS_NO_AUTO_TRANSITION 0x00000800 |
35 | #define ECRYPTFS_IMPLICIT_OVERRIDE_DEFAULT 0x00001000 |
36 | +#define ECRYPTFS_NONEMPTY_VALUE_REQUIRED 0x00002000 |
37 | uint32_t flags; |
38 | int num_transitions; |
39 | #define MAX_NUM_TRANSITIONS 64 |
40 | |
41 | === modified file 'src/key_mod/ecryptfs_key_mod_openssl.c' |
42 | --- src/key_mod/ecryptfs_key_mod_openssl.c 2009-02-17 15:16:28 +0000 |
43 | +++ src/key_mod/ecryptfs_key_mod_openssl.c 2009-04-21 19:50:44 +0000 |
44 | @@ -294,7 +294,7 @@ |
45 | syslog(LOG_ERR, |
46 | "%s: Unable to read private key from file [%s]\n", |
47 | __FUNCTION__, openssl_data->path); |
48 | - rc = -EIO; |
49 | + rc = -ENOKEY; |
50 | goto out; |
51 | } |
52 | rc = 0; |
53 | @@ -487,10 +487,11 @@ |
54 | subgraph_ctx = (struct ecryptfs_subgraph_ctx *)(*foo); |
55 | if ((rc = asprintf(&subgraph_ctx->openssl_data.path, "%s", node->val)) |
56 | == -1) { |
57 | - rc = MOUNT_ERROR; |
58 | + rc = -ENOMEM; |
59 | goto out; |
60 | } |
61 | rc = DEFAULT_TOK; |
62 | + free(node->val); |
63 | node->val = NULL; |
64 | out: |
65 | return rc; |
66 | @@ -518,7 +519,7 @@ |
67 | } |
68 | if ((subgraph_ctx->key_mod->blob = malloc(blob_size)) == NULL) { |
69 | syslog(LOG_ERR, "Out of memory\n"); |
70 | - rc = MOUNT_ERROR; |
71 | + rc = -ENOMEM; |
72 | goto out; |
73 | } |
74 | if ((rc = ecryptfs_openssl_serialize((unsigned char *) |
75 | @@ -538,15 +539,13 @@ |
76 | syslog(LOG_ERR, "Error attempting to add key to keyring for " |
77 | "key module [%s]; rc = [%d]\n", |
78 | subgraph_ctx->key_mod->alias, rc); |
79 | - rc = MOUNT_ERROR; |
80 | goto out; |
81 | } |
82 | if ((rc = asprintf(&sig_mnt_opt, "ecryptfs_sig=%s", sig)) == -1) { |
83 | - rc = MOUNT_ERROR; |
84 | + rc = -ENOMEM; |
85 | goto out; |
86 | } |
87 | - rc = 0; |
88 | - stack_push(mnt_params, sig_mnt_opt); |
89 | + rc = stack_push(mnt_params, sig_mnt_opt); |
90 | out: |
91 | return rc; |
92 | } |
93 | @@ -609,20 +608,20 @@ |
94 | rc = MOUNT_ERROR; |
95 | goto out; |
96 | } |
97 | - if ((rc = parse_options_file(fd, &file_head))) { |
98 | + rc = parse_options_file(fd, &file_head); |
99 | + close(fd); |
100 | + if (rc) { |
101 | syslog(LOG_ERR, "%s: Error attempting to parse options out " |
102 | "of file\n", __FUNCTION__); |
103 | - rc = MOUNT_ERROR; |
104 | goto out; |
105 | } |
106 | - close(fd); |
107 | walker = file_head.next; |
108 | while (walker) { |
109 | if (strcmp(walker->name, "openssl_passwd") == 0) { |
110 | if ((rc = |
111 | asprintf(&subgraph_ctx->openssl_data.passphrase, |
112 | "%s", walker->value)) == -1) { |
113 | - rc = MOUNT_ERROR; |
114 | + rc = -ENOMEM; |
115 | goto out; |
116 | } |
117 | break; |
118 | @@ -635,7 +634,6 @@ |
119 | rc = MOUNT_ERROR; |
120 | goto out; |
121 | } |
122 | -// #warning MEMORY LEAK: something is wrong with freeing file_head |
123 | walker = NULL; |
124 | if ((rc = ecryptfs_openssl_process_key(subgraph_ctx, mnt_params))) { |
125 | syslog(LOG_ERR, "Error processing OpenSSL key; rc = [%d]", rc); |
126 | @@ -658,7 +656,7 @@ |
127 | static int tf_ssl_passwd_fd(struct ecryptfs_ctx *ctx, struct param_node *node, |
128 | struct val_node **mnt_params, void **foo) |
129 | { |
130 | - return 0; |
131 | + return ENOSYS; |
132 | } |
133 | |
134 | static int tf_ecryptfs_openssl_gen_key_param_node_keyfile( |
135 | @@ -826,7 +824,8 @@ |
136 | .val = NULL, |
137 | .display_opts = NULL, |
138 | .default_val = NULL, |
139 | - .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT, |
140 | + .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT |
141 | + | ECRYPTFS_NONEMPTY_VALUE_REQUIRED, |
142 | .num_transitions = 1, |
143 | .tl = {{.val = NULL, |
144 | .pretty_val = NULL, |
145 | @@ -840,7 +839,8 @@ |
146 | .val = NULL, |
147 | .display_opts = NULL, |
148 | .default_val = NULL, |
149 | - .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT, |
150 | + .flags = STDIN_REQUIRED | ECRYPTFS_PARAM_FLAG_ECHO_INPUT |
151 | + | ECRYPTFS_NONEMPTY_VALUE_REQUIRED, |
152 | .num_transitions = 1, |
153 | .tl = {{.val = NULL, |
154 | .pretty_val = NULL, |
155 | |
156 | === modified file 'src/key_mod/ecryptfs_key_mod_passphrase.c' |
157 | --- src/key_mod/ecryptfs_key_mod_passphrase.c 2009-02-17 15:16:28 +0000 |
158 | +++ src/key_mod/ecryptfs_key_mod_passphrase.c 2009-04-21 19:50:44 +0000 |
159 | @@ -35,9 +35,9 @@ |
160 | { |
161 | int rc; |
162 | if (!node->val) |
163 | - return EINVAL; |
164 | + return -EINVAL; |
165 | if ((rc = stack_push(head, node->val))) |
166 | - return -rc; |
167 | + return rc; |
168 | node->val = NULL; |
169 | return DEFAULT_TOK; |
170 | } |
171 | @@ -53,16 +53,16 @@ |
172 | |
173 | file_head = malloc(sizeof(struct ecryptfs_name_val_pair)); |
174 | if (!file_head) { |
175 | - rc = ENOMEM; |
176 | + rc = -ENOMEM; |
177 | goto out; |
178 | } |
179 | memset(file_head, 0, sizeof(struct ecryptfs_name_val_pair)); |
180 | if (strcmp(node->mnt_opt_names[0], "passphrase_passwd_file") == 0) { |
181 | fd = open(node->val, O_RDONLY); |
182 | if (fd == -1) { |
183 | + rc = -errno; |
184 | syslog(LOG_ERR, "%s: Error whilst attempting to open " |
185 | "[%s]; errno = [%m]\n", __FUNCTION__, node->val); |
186 | - rc = MOUNT_ERROR; |
187 | goto out; |
188 | } |
189 | } else if (strcmp(node->mnt_opt_names[0], "passphrase_passwd_fd") == 0) { |
190 | @@ -74,19 +74,18 @@ |
191 | goto out; |
192 | } |
193 | rc = parse_options_file(fd, file_head); |
194 | + close(fd); |
195 | if (rc) { |
196 | syslog(LOG_ERR, "%s: Error parsing file for passwd; " |
197 | "rc = [%d]\n", __FUNCTION__, rc); |
198 | - rc = MOUNT_ERROR; |
199 | goto out; |
200 | } |
201 | - close(fd); |
202 | walker = file_head->next; |
203 | while (walker) { |
204 | if (strcmp(walker->name, "passphrase_passwd") == 0 |
205 | || strcmp(walker->name, "passwd") == 0) { |
206 | if (asprintf(&tmp_val, "%s", walker->value) < 0) { |
207 | - rc = ENOMEM; |
208 | + rc = -ENOMEM; |
209 | goto out; |
210 | } |
211 | stack_push(head, tmp_val); |
212 | @@ -122,27 +121,26 @@ |
213 | if (!node->val) |
214 | rc = asprintf(&node->val, "%s", node->default_val); |
215 | if (rc == -1) |
216 | - return MOUNT_ERROR; |
217 | + return -ENOMEM; |
218 | stack_push(head, node->val); |
219 | node->val = NULL; |
220 | stack_pop_val(head, (void *)&salt_hex); |
221 | stack_pop_val(head, (void *)&passwd); |
222 | auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1); |
223 | if (!auth_tok_sig) { |
224 | - rc = ENOMEM; |
225 | + rc = -ENOMEM; |
226 | goto out; |
227 | } |
228 | from_hex(salt, salt_hex, ECRYPTFS_SIG_SIZE); |
229 | rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig, passwd, salt); |
230 | if (rc < 0) { |
231 | free(auth_tok_sig); |
232 | - rc = -rc; |
233 | goto out; |
234 | } |
235 | rc = asprintf(¶m, "ecryptfs_sig=%s", auth_tok_sig); |
236 | if (rc == -1) { |
237 | free(auth_tok_sig); |
238 | - rc = ENOMEM; |
239 | + rc = -ENOMEM; |
240 | goto out; |
241 | } |
242 | free(auth_tok_sig); |
243 | @@ -195,7 +193,8 @@ |
244 | .val = NULL, |
245 | .display_opts = NULL, |
246 | .default_val = NULL, |
247 | - .flags = ECRYPTFS_PARAM_FLAG_MASK_OUTPUT, |
248 | + .flags = (ECRYPTFS_PARAM_FLAG_MASK_OUTPUT |
249 | + | ECRYPTFS_NONEMPTY_VALUE_REQUIRED), |
250 | .num_transitions = 2, |
251 | .tl = {{.val = "passphrase_salt", |
252 | .pretty_val = "salt", |
253 | @@ -214,7 +213,8 @@ |
254 | .val = NULL, |
255 | .display_opts = NULL, |
256 | .default_val = NULL, |
257 | - .flags = ECRYPTFS_PARAM_FLAG_MASK_OUTPUT, |
258 | + .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT |
259 | + | ECRYPTFS_NONEMPTY_VALUE_REQUIRED, |
260 | .num_transitions = 2, |
261 | .tl = {{.val = "passphrase_salt", |
262 | .pretty_val = "salt", |
263 | @@ -233,7 +233,8 @@ |
264 | .val = NULL, |
265 | .display_opts = NULL, |
266 | .default_val = NULL, |
267 | - .flags = ECRYPTFS_PARAM_FLAG_MASK_OUTPUT, |
268 | + .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT |
269 | + | ECRYPTFS_NONEMPTY_VALUE_REQUIRED, |
270 | .num_transitions = 2, |
271 | .tl = {{.val = "salt", |
272 | .pretty_val = "salt", |
273 | @@ -282,7 +283,7 @@ |
274 | |
275 | if (asprintf(alias, "passphrase") == -1) { |
276 | syslog(LOG_ERR, "Out of memory\n"); |
277 | - rc = ENOMEM; |
278 | + rc = -ENOMEM; |
279 | goto out; |
280 | } |
281 | out: |
282 | |
283 | === modified file 'src/libecryptfs/cmd_ln_parser.c' |
284 | --- src/libecryptfs/cmd_ln_parser.c 2009-02-17 15:16:28 +0000 |
285 | +++ src/libecryptfs/cmd_ln_parser.c 2009-04-21 19:50:44 +0000 |
286 | @@ -382,11 +382,15 @@ |
287 | __FUNCTION__, rc, fd); |
288 | goto out; |
289 | } |
290 | + if (S_ISDIR(filestat.st_mode)) { |
291 | + rc = -EISDIR; |
292 | + goto out; |
293 | + } |
294 | pagesize = getpagesize(); |
295 | file_size = filestat.st_size; |
296 | if (file_size > MAX_FILE_SIZE) { |
297 | syslog(LOG_ERR, "File size too large\n"); |
298 | - rc = -1; |
299 | + rc = -EFBIG; |
300 | goto out; |
301 | } |
302 | if (file_size % pagesize) { |
303 | @@ -395,7 +399,7 @@ |
304 | } |
305 | data = mmap((caddr_t)0, file_size, PROT_READ, MAP_PRIVATE, fd, 0); |
306 | if (data == MAP_FAILED) { |
307 | - rc = errno; |
308 | + rc = -errno; |
309 | syslog(LOG_ERR, "%s: mmap failed on fd [%d]; rc = [%d]\n", |
310 | __FUNCTION__, fd, rc); |
311 | goto out; |
312 | |
313 | === modified file 'src/libecryptfs/decision_graph.c' |
314 | --- src/libecryptfs/decision_graph.c 2009-02-17 15:16:28 +0000 |
315 | +++ src/libecryptfs/decision_graph.c 2009-04-21 19:50:44 +0000 |
316 | @@ -255,12 +255,12 @@ |
317 | if ((*next = tn->next_token)) |
318 | return 0; |
319 | else |
320 | - return EINVAL; |
321 | + return -EINVAL; |
322 | } else if (trans_func_tok_id == NULL_TOK) { |
323 | if ((*next = tn->next_token)) |
324 | return 0; |
325 | else |
326 | - return EINVAL; |
327 | + return -EINVAL; |
328 | } |
329 | nvp = nvp->next; |
330 | } |
331 | @@ -275,12 +275,18 @@ |
332 | trans_func_tok_id = |
333 | tn->trans_func(ctx, current, |
334 | mnt_params, foo); |
335 | + if (trans_func_tok_id == WRONG_VALUE && |
336 | + (ctx->verbosity || |
337 | + (current->flags & STDIN_REQUIRED))) { |
338 | + *next = current; |
339 | + return 0; |
340 | + } |
341 | if (trans_func_tok_id == MOUNT_ERROR || |
342 | - trans_func_tok_id > 0) |
343 | + trans_func_tok_id < 0) |
344 | return trans_func_tok_id; |
345 | if ((*next = tn->next_token)) |
346 | return 0; |
347 | - else return EINVAL; |
348 | + else return -EINVAL; |
349 | } |
350 | } |
351 | return NULL_TOK; |
352 | @@ -367,6 +373,7 @@ |
353 | int value_retrieved; |
354 | int i; |
355 | int rc; |
356 | + int tries = 0; |
357 | |
358 | if (ecryptfs_verbosity) |
359 | syslog(LOG_INFO, "%s: Called on node->mnt_opt_names[0] = [%s]", |
360 | @@ -599,6 +606,7 @@ |
361 | syslog(LOG_INFO, "%s: DISPLAY_TRANSITION_NODE_" |
362 | "VALS not set\n", __FUNCTION__); |
363 | obtain_value: |
364 | + if (++tries > 3) return EINVAL; |
365 | if (node->suggested_val) |
366 | rc = asprintf(&prompt, "%s [%s]", node->prompt, |
367 | node->suggested_val); |
368 | @@ -619,6 +627,12 @@ |
369 | (&(node->val), prompt, |
370 | (node->flags |
371 | & ECRYPTFS_PARAM_FLAG_ECHO_INPUT)); |
372 | + if (node->val[0] == '\0' && |
373 | + (node->flags & ECRYPTFS_NONEMPTY_VALUE_REQUIRED)) { |
374 | + fprintf(stderr,"Wrong input, non-empty value " |
375 | + "required!\n"); |
376 | + goto obtain_value; |
377 | + } |
378 | free(prompt); |
379 | if (node->flags & VERIFY_VALUE) { |
380 | rc = asprintf(&verify_prompt, "Verify %s", |
381 | @@ -702,9 +716,7 @@ |
382 | |
383 | memset(*mnt_params, 0, sizeof(struct val_node)); |
384 | rc = eval_param_tree(ctx, root_node, nvp_head, mnt_params); |
385 | - if (rc > 0) |
386 | - return -rc; |
387 | - if (rc != MOUNT_ERROR) |
388 | + if ((rc > 0) && (rc != MOUNT_ERROR)) |
389 | return 0; |
390 | return rc; |
391 | } |
392 | @@ -949,6 +961,7 @@ |
393 | rc = -ENOMEM; |
394 | goto out; |
395 | } |
396 | + rc = 0; |
397 | subgraph_ctx = (struct ecryptfs_subgraph_ctx *)(*foo); |
398 | walker = &subgraph_ctx->head_val_node; |
399 | while (walker->next) |
400 | @@ -1023,8 +1036,7 @@ |
401 | rc = -ENOMEM; |
402 | goto out_free_list_and_subgraph_ctx; |
403 | } |
404 | - rc = 0; |
405 | - stack_push(mnt_params, sig_mnt_opt); |
406 | + rc = stack_push(mnt_params, sig_mnt_opt); |
407 | out_free_list_and_subgraph_ctx: |
408 | curr = subgraph_ctx->head_val_node.next; |
409 | while (curr) { |
410 | |
411 | === modified file 'src/libecryptfs/module_mgr.c' |
412 | --- src/libecryptfs/module_mgr.c 2009-03-18 23:14:52 +0000 |
413 | +++ src/libecryptfs/module_mgr.c 2009-04-21 17:59:16 +0000 |
414 | @@ -97,57 +97,61 @@ |
415 | .trans_func = sig_param_node_callback}} |
416 | }; |
417 | |
418 | +/* returns: 1 for str=="yes" or "y", 0 for "no" or "n", -1 elsewhere */ |
419 | +static int is_yes(const char *str) |
420 | +{ |
421 | + if (str) { |
422 | + if (!strcmp(str,"y") || !strcmp(str,"yes")) |
423 | + return 1; |
424 | + if (!strcmp(str,"no") || !strcmp(str,"n")) |
425 | + return 0; |
426 | + } |
427 | + |
428 | + return -1; |
429 | +} |
430 | + |
431 | + |
432 | +/* returns: 0 for success |
433 | + * WRONG_VALUE if node->val is none of 'yes','y','no','n' |
434 | + * <0 for error |
435 | + */ |
436 | +static int stack_push_if_yes(struct param_node *node, struct val_node **head, |
437 | + char *opt_name) |
438 | +{ |
439 | + int rc; |
440 | + |
441 | + if (((rc=is_yes(node->val)) == 1) || (node->flags & PARAMETER_SET)) { |
442 | + rc = stack_push(head, opt_name); |
443 | + } else if (rc == -1) |
444 | + rc = WRONG_VALUE; |
445 | + free(node->val); |
446 | + node->val = NULL; |
447 | + return rc; |
448 | +} |
449 | + |
450 | static int get_hmac(struct ecryptfs_ctx *ctx, struct param_node *node, |
451 | struct val_node **head, void **foo) |
452 | { |
453 | - if (node->val && (*(node->val) == 'y')) { |
454 | - stack_push(head, "ecryptfs_hmac"); |
455 | - } else if (node->flags & PARAMETER_SET) { |
456 | - stack_push(head, "ecryptfs_hmac"); |
457 | - return 0; |
458 | - } |
459 | - free(node->val); |
460 | - return 0; |
461 | + return stack_push_if_yes(node, head, "ecryptfs_hmac"); |
462 | } |
463 | |
464 | static int get_passthrough(struct ecryptfs_ctx *ctx, struct param_node *node, |
465 | struct val_node **head, void **foo) |
466 | { |
467 | - if (node->val && (*(node->val) == 'y')) { |
468 | - stack_push(head, "ecryptfs_passthrough"); |
469 | - } else if (node->flags & PARAMETER_SET) { |
470 | - stack_push(head, "ecryptfs_passthrough"); |
471 | - return 0; |
472 | - } |
473 | - free(node->val); |
474 | - return 0; |
475 | + return stack_push_if_yes(node, head, "ecryptfs_passthrough"); |
476 | } |
477 | |
478 | static int get_xattr(struct ecryptfs_ctx *ctx, struct param_node *node, |
479 | struct val_node **head, void **foo) |
480 | { |
481 | - if (node->val && (*(node->val) == 'y')) { |
482 | - stack_push(head, "ecryptfs_xattr_metadata"); |
483 | - } else if (node->flags & PARAMETER_SET) { |
484 | - stack_push(head, "ecryptfs_xattr_metadata"); |
485 | - return 0; |
486 | - } |
487 | - free(node->val); |
488 | - return 0; |
489 | + return stack_push_if_yes(node, head, "ecryptfs_xattr_metadata"); |
490 | } |
491 | |
492 | static int get_encrypted_passthrough(struct ecryptfs_ctx *ctx, |
493 | struct param_node *node, |
494 | struct val_node **head, void **foo) |
495 | { |
496 | - if (node->val && (*(node->val) == 'y')) { |
497 | - stack_push(head, "ecryptfs_encrypted_view"); |
498 | - } else if (node->flags & PARAMETER_SET) { |
499 | - stack_push(head, "ecryptfs_encrypted_view"); |
500 | - return 0; |
501 | - } |
502 | - free(node->val); |
503 | - return 0; |
504 | + return stack_push_if_yes(node, head, "ecryptfs_encrypted_view"); |
505 | } |
506 | |
507 | static struct param_node end_param_node = { |
508 | @@ -221,9 +225,9 @@ |
509 | struct param_node *node, |
510 | struct val_node **head, void **foo) |
511 | { |
512 | - int rc = 0; |
513 | + int yn, rc = 0; |
514 | |
515 | - if ((node->val && (*(node->val) == 'y')) |
516 | + if (((yn=is_yes(node->val)) > 0) |
517 | || (node->flags & PARAMETER_SET)) { |
518 | int i; |
519 | struct val_node *val_node; |
520 | @@ -254,10 +258,16 @@ |
521 | } |
522 | val_node = val_node->next; |
523 | } |
524 | - } |
525 | + } else if (node->val) { |
526 | + if (yn < 0) |
527 | + rc = WRONG_VALUE; |
528 | + } else |
529 | + /* default: no */; |
530 | out_free: |
531 | - if (node->val) |
532 | + if (node->val) { |
533 | free(node->val); |
534 | + node->val = NULL; |
535 | + } |
536 | return rc; |
537 | } |
538 | |
539 | |
540 | === modified file 'src/pam_ecryptfs/pam_ecryptfs.c' |
541 | --- src/pam_ecryptfs/pam_ecryptfs.c 2009-04-07 22:33:58 +0000 |
542 | +++ src/pam_ecryptfs/pam_ecryptfs.c 2009-04-21 17:42:24 +0000 |
543 | @@ -67,6 +67,36 @@ |
544 | } |
545 | } |
546 | |
547 | +/* returns: 0 for pam automounting not set, 1 for set, <0 for error */ |
548 | +static int ecryptfs_pam_automount_set(const char *homedir) |
549 | +{ |
550 | + char *file_path; |
551 | + int rc = 0; |
552 | + struct stat s; |
553 | + if (asprintf( |
554 | + &file_path, "%s/.ecryptfs/%s", |
555 | + homedir, |
556 | + ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME) == -1) |
557 | + return -ENOMEM; |
558 | + if (stat(file_path, &s) != 0) { |
559 | + if (errno != ENOENT) |
560 | + rc = -errno; |
561 | + goto out; |
562 | + } |
563 | + free(file_path); |
564 | + if (asprintf(&file_path, "%s/.ecryptfs/auto-mount", homedir) == -1) |
565 | + return -ENOMEM; |
566 | + if (stat(file_path, &s) != 0) { |
567 | + if (errno != ENOENT) |
568 | + rc = -errno; |
569 | + goto out; |
570 | + } |
571 | + rc = 1; |
572 | +out: |
573 | + free(file_path); |
574 | + return rc; |
575 | +} |
576 | + |
577 | PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, |
578 | const char **argv) |
579 | { |
580 | @@ -98,6 +128,8 @@ |
581 | "rc = [%ld]\n", username, rc); |
582 | goto out; |
583 | } |
584 | + if (!ecryptfs_pam_automount_set(homedir)) |
585 | + return PAM_SUCCESS; |
586 | saved_uid = geteuid(); |
587 | seteuid(uid); |
588 | rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase); |
589 | @@ -365,6 +397,8 @@ |
590 | "rc = [%ld]\n", username, rc); |
591 | goto out; |
592 | } |
593 | + if (!ecryptfs_pam_automount_set(homedir)) |
594 | + return PAM_SUCCESS; |
595 | saved_uid = geteuid(); |
596 | seteuid(uid); |
597 | if ((rc = pam_get_item(pamh, PAM_OLDAUTHTOK, |
598 | |
599 | === modified file 'src/utils/mount.ecryptfs.c' |
600 | --- src/utils/mount.ecryptfs.c 2009-02-27 23:10:56 +0000 |
601 | +++ src/utils/mount.ecryptfs.c 2009-04-21 19:23:03 +0000 |
602 | @@ -301,6 +301,7 @@ |
603 | char yesno[4]; |
604 | int i; |
605 | int rc; |
606 | + int tries; |
607 | |
608 | home = pw->pw_dir; |
609 | rc = asprintf(&dot_ecryptfs_dir, "%s/.ecryptfs", home); |
610 | @@ -328,41 +329,65 @@ |
611 | "it looks like you have never mounted with this key \n" |
612 | "before. This could mean that you have typed your \n" |
613 | "passphrase wrong.\n\n", sig_cache_filename); |
614 | - printf("Would you like to proceed with the mount (yes/no)? "); |
615 | - i = 0; |
616 | + tries = 0; |
617 | do { |
618 | - yesno[i++] = mygetchar(); |
619 | - } while (yesno[i-1] != '\n' && i < 3); |
620 | - yesno[i] = '\0'; |
621 | - if (yesno[i-1] != '\n') |
622 | - while (mygetchar() != '\n'); |
623 | - if (memcmp(yesno, "yes", 3) == 0) { |
624 | - printf("Would you like to append sig [%s] to\n" |
625 | - "[%s] \n" |
626 | - "in order to avoid this warning in the future " |
627 | - "(yes/no)? ", auth_tok_sig, sig_cache_filename); |
628 | + rc = 0; |
629 | + printf("Would you like to proceed " |
630 | + "with the mount (yes/no)? "); |
631 | i = 0; |
632 | do { |
633 | yesno[i++] = mygetchar(); |
634 | - } while (yesno[i-1] != '\n' && i < 3); |
635 | - yesno[i] = '\0'; |
636 | - if (yesno[i-1] != '\n') |
637 | + } while (yesno[i-1] != '\n' && i < 4); |
638 | + if (yesno[i-1] != '\n') { |
639 | while (mygetchar() != '\n'); |
640 | - if (memcmp(yesno, "yes", 3) == 0) { |
641 | + yesno[0] = '\0'; |
642 | + } |
643 | + yesno[i-1] = '\0'; |
644 | + } while ((rc = strcmp(yesno, "yes")) && strcmp(yesno, "no") |
645 | + && (++tries < 5)); |
646 | + if (rc == 0) { |
647 | + tries = 0; |
648 | + do { |
649 | + printf("Would you like to append sig [%s] to\n" |
650 | + "[%s] \nin order to avoid this warning " |
651 | + "in the future (yes/no)? ", auth_tok_sig, |
652 | + sig_cache_filename); |
653 | + i = 0; |
654 | + do { |
655 | + yesno[i++] = mygetchar(); |
656 | + } while (yesno[i-1] != '\n' && i < 4); |
657 | + if (yesno[i-1] != '\n') { |
658 | + while (mygetchar() != '\n'); |
659 | + yesno[0] = '\0'; |
660 | + } |
661 | + yesno[i-1] = '\0'; |
662 | + } while ((rc = strcmp(yesno, "yes")) |
663 | + && strcmp(yesno, "no") && (++tries < 5)); |
664 | + |
665 | + if (rc == 0) { |
666 | if ((rc = ecryptfs_append_sig( |
667 | - auth_tok_sig, |
668 | - sig_cache_filename))) { |
669 | + auth_tok_sig, |
670 | + sig_cache_filename))) { |
671 | printf("Error appending to [%s]; rc = " |
672 | - "[%d]. Aborting mount.\n", |
673 | - sig_cache_filename, rc); |
674 | + "[%d]. Aborting mount.\n", |
675 | + sig_cache_filename, rc); |
676 | goto out; |
677 | } |
678 | printf("Successfully appended new sig to user " |
679 | - "sig cache file\n"); |
680 | - } else |
681 | - printf("Not adding sig to user sig cache " |
682 | - "file; continuing with mount.\n"); |
683 | + "sig cache file\n"); |
684 | + } else { |
685 | + if (strcmp(yesno,"no")) |
686 | + rc = -EINVAL; |
687 | + else { |
688 | + printf("Not adding sig to user sig " |
689 | + "cache file; continuing with " |
690 | + "mount.\n"); |
691 | + rc = 0; |
692 | + } |
693 | + } |
694 | } else { |
695 | + if (strcmp(yesno,"no")) |
696 | + rc = -EINVAL; |
697 | printf("Aborting mount.\n"); |
698 | rc = ECANCELED; |
699 | goto out; |
700 | @@ -600,6 +625,8 @@ |
701 | &ctx, &mnt_params, version, opts_str, |
702 | ECRYPTFS_ASK_FOR_ALL_MOUNT_OPTIONS); |
703 | if (rc) { |
704 | + if (rc > 0) |
705 | + rc = -EINVAL; |
706 | printf("Error attempting to evaluate mount options: " |
707 | "[%d] %s\nCheck your system logs for details " |
708 | "on why this happened.\nTry updating your " |
709 | |
710 | === modified file 'src/utils/umount.ecryptfs.c' |
711 | --- src/utils/umount.ecryptfs.c 2009-03-20 16:29:31 +0000 |
712 | +++ src/utils/umount.ecryptfs.c 2009-04-21 18:08:22 +0000 |
713 | @@ -109,7 +109,8 @@ |
714 | fekek_fail = ecryptfs_remove_auth_tok_from_keyring(fekek_sig); |
715 | if (fekek_fail) |
716 | fprintf(stderr, "Failed to remove fekek with sig [%s] " |
717 | - "from keyring: %s\n", fekek_sig, strerror(rc)); |
718 | + "from keyring: %s\n", fekek_sig, |
719 | + strerror(fekek_fail)); |
720 | } else { |
721 | fekek_fail = rc; |
722 | } |
723 | @@ -117,9 +118,10 @@ |
724 | "ecryptfs_fnek_sig=", &fnek_sig) |
725 | && strcmp(fekek_sig, fnek_sig)) { |
726 | fnek_fail = ecryptfs_remove_auth_tok_from_keyring(fnek_sig); |
727 | - if (fekek_fail) { |
728 | + if (fnek_fail) { |
729 | fprintf(stderr, "Failed to remove fnek with sig [%s] " |
730 | - "from keyring: %s\n", fekek_sig, strerror(rc)); |
731 | + "from keyring: %s\n", fnek_sig, |
732 | + strerror(fnek_fail)); |
733 | } |
734 | } |
735 | free(fekek_sig); |