|
 |
7a13e78 |
diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamsyslog ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
|
|
|
7a13e78 |
--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamsyslog 2011-08-09 11:39:28.404766037 +0200
|
|
|
7a13e78 |
+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-09 11:39:28.428765549 +0200
|
|
|
7a13e78 |
@@ -91,7 +91,7 @@ static int wrap_passphrase_if_necessary(
|
|
|
7a13e78 |
|
|
|
7a13e78 |
rc = asprintf(&unwrapped_pw_filename, "/dev/shm/.ecryptfs-%s", username);
|
|
|
7a13e78 |
if (rc == -1) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Unable to allocate memory\n");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Unable to allocate memory\n");
|
|
|
7a13e78 |
return -ENOMEM;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
/* If /dev/shm/.ecryptfs-$USER exists and owned by the user
|
|
|
7a13e78 |
@@ -105,7 +105,7 @@ static int wrap_passphrase_if_necessary(
|
|
|
7a13e78 |
setuid(uid);
|
|
|
7a13e78 |
rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
|
|
|
7a13e78 |
if (rc != 0) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
return rc;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -122,10 +122,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
7a13e78 |
uint32_t version;
|
|
|
7a13e78 |
struct ecryptfs_pam_data *epd = {0,};
|
|
|
7a13e78 |
|
|
|
7a13e78 |
- syslog(LOG_INFO, "%s: Called\n", __FUNCTION__);
|
|
|
7a13e78 |
+ pamsyslog(LOG_INFO, "%s: Called\n", __FUNCTION__);
|
|
|
7a13e78 |
|
|
|
7a13e78 |
if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) {
|
|
|
7a13e78 |
- syslog(LOG_ERR,"Memory allocation failed");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR,"Memory allocation failed");
|
|
|
7a13e78 |
rc = -ENOMEM;
|
|
|
7a13e78 |
goto out;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -134,7 +134,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
7a13e78 |
if (rc == PAM_SUCCESS) {
|
|
|
7a13e78 |
struct passwd *pwd;
|
|
|
7a13e78 |
|
|
|
7a13e78 |
- syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__,
|
|
|
7a13e78 |
+ pamsyslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__,
|
|
|
7a13e78 |
epd->username);
|
|
|
7a13e78 |
pwd = getpwnam(epd->username);
|
|
|
7a13e78 |
if (pwd) {
|
|
|
7a13e78 |
@@ -142,7 +142,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
7a13e78 |
epd->homedir = pwd->pw_dir;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
} else {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; "
|
|
|
7a13e78 |
"rc = [%ld]\n", epd->username, rc);
|
|
|
7a13e78 |
goto out;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -150,7 +150,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
7a13e78 |
goto out;
|
|
|
7a13e78 |
private_mnt = ecryptfs_fetch_private_mnt(epd->homedir);
|
|
|
7a13e78 |
if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) {
|
|
|
7a13e78 |
- syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__,
|
|
|
7a13e78 |
+ pamsyslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__,
|
|
|
7a13e78 |
epd->homedir);
|
|
|
7a13e78 |
/* If private/home is already mounted, then we can skip
|
|
|
7a13e78 |
costly loading of keys */
|
|
|
7a13e78 |
@@ -159,7 +159,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
7a13e78 |
/* we need side effect of this check:
|
|
|
7a13e78 |
load ecryptfs module if not loaded already */
|
|
|
7a13e78 |
if (ecryptfs_get_version(&version) != 0)
|
|
|
7a13e78 |
- syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
|
|
|
7a13e78 |
+ pamsyslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
|
|
|
7a13e78 |
saved_uid = geteuid();
|
|
|
7a13e78 |
seteuid(epd->uid);
|
|
|
7a13e78 |
if(file_exists_dotecryptfs(epd->homedir, "wrapping-independent") == 1)
|
|
|
7a13e78 |
@@ -168,7 +168,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
7a13e78 |
rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&epd->passphrase);
|
|
|
7a13e78 |
seteuid(saved_uid);
|
|
|
7a13e78 |
if (rc != PAM_SUCCESS) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
|
|
|
7a13e78 |
rc);
|
|
|
7a13e78 |
goto out;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -182,7 +182,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
7a13e78 |
epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0));
|
|
|
7a13e78 |
if (pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata) != PAM_SUCCESS) {
|
|
|
7a13e78 |
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Unable to store ecryptfs pam data : %m");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Unable to store ecryptfs pam data : %m");
|
|
|
7a13e78 |
goto out;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
|
|
|
7a13e78 |
@@ -206,13 +206,13 @@ static struct passwd *fetch_pwd(pam_hand
|
|
|
7a13e78 |
|
|
|
7a13e78 |
rc = pam_get_user(pamh, &username, NULL);
|
|
|
7a13e78 |
if (rc != PAM_SUCCESS || username == NULL) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; "
|
|
|
7a13e78 |
"rc = [%ld]\n", username, rc);
|
|
|
7a13e78 |
return NULL;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
pwd = getpwnam(username);
|
|
|
7a13e78 |
if (pwd == NULL) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; "
|
|
|
7a13e78 |
"rc = [%ld]\n", username, rc);
|
|
|
7a13e78 |
return NULL;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -244,13 +244,13 @@ static int private_dir(pam_handle_t *pam
|
|
|
7a13e78 |
if (
|
|
|
7a13e78 |
(asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0)
|
|
|
7a13e78 |
|| autofile == NULL) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error allocating memory for autofile name");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error allocating memory for autofile name");
|
|
|
7a13e78 |
return 1;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if (
|
|
|
7a13e78 |
(asprintf(&sigfile, "%s/.ecryptfs/%s.sig", pwd->pw_dir,
|
|
|
7a13e78 |
PRIVATE_DIR) < 0) || sigfile == NULL) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error allocating memory for sigfile name");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error allocating memory for sigfile name");
|
|
|
7a13e78 |
return 1;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if (stat(sigfile, &s) != 0) {
|
|
|
7a13e78 |
@@ -262,13 +262,13 @@ static int private_dir(pam_handle_t *pam
|
|
|
7a13e78 |
goto out;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if ((pid = fork()) < 0) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error setting up private mount");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error setting up private mount");
|
|
|
7a13e78 |
return 1;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if (pid == 0) {
|
|
|
7a13e78 |
/* set user's groups, we may need ecryptfs group for (u)mount */
|
|
|
7a13e78 |
if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Unable to set user's groups : %m");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Unable to set user's groups : %m");
|
|
|
7a13e78 |
_exit(255);
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
|
|
|
7a13e78 |
@@ -276,7 +276,7 @@ static int private_dir(pam_handle_t *pam
|
|
|
7a13e78 |
if ((asprintf(&recorded,
|
|
|
7a13e78 |
"%s/.ecryptfs/.wrapped-passphrase.recorded",
|
|
|
7a13e78 |
pwd->pw_dir) < 0) || recorded == NULL) {
|
|
|
7a13e78 |
- syslog(LOG_ERR,
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR,
|
|
|
7a13e78 |
"Error allocating memory for recorded name");
|
|
|
7a13e78 |
_exit(255);
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -289,7 +289,7 @@ static int private_dir(pam_handle_t *pam
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if (stat(autofile, &s) != 0) {
|
|
|
7a13e78 |
/* User does not want to auto-mount */
|
|
|
7a13e78 |
- syslog(LOG_INFO,
|
|
|
7a13e78 |
+ pamsyslog(LOG_INFO,
|
|
|
7a13e78 |
"Skipping automatic eCryptfs mount");
|
|
|
7a13e78 |
_exit(0);
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -297,11 +297,11 @@ static int private_dir(pam_handle_t *pam
|
|
|
7a13e78 |
setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
|
|
|
7a13e78 |
execl("/sbin/mount.ecryptfs_private",
|
|
|
7a13e78 |
"mount.ecryptfs_private", NULL);
|
|
|
7a13e78 |
- syslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m");
|
|
|
7a13e78 |
} else {
|
|
|
7a13e78 |
if (stat(autofile, &s) != 0) {
|
|
|
7a13e78 |
/* User does not want to auto-unmount */
|
|
|
7a13e78 |
- syslog(LOG_INFO,
|
|
|
7a13e78 |
+ pamsyslog(LOG_INFO,
|
|
|
7a13e78 |
"Skipping automatic eCryptfs unmount");
|
|
|
7a13e78 |
_exit(0);
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -309,7 +309,7 @@ static int private_dir(pam_handle_t *pam
|
|
|
7a13e78 |
setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
|
|
|
7a13e78 |
execl("/sbin/umount.ecryptfs_private",
|
|
|
7a13e78 |
"umount.ecryptfs_private", NULL);
|
|
|
7a13e78 |
- syslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m");
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
_exit(255);
|
|
|
7a13e78 |
} else {
|
|
|
7a13e78 |
@@ -338,25 +338,25 @@ static int fill_keyring(pam_handle_t *pa
|
|
|
7a13e78 |
char *auth_tok_sig;
|
|
|
7a13e78 |
auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
|
|
|
7a13e78 |
if (!auth_tok_sig) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Out of memory\n");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Out of memory\n");
|
|
|
7a13e78 |
return -ENOMEM;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
|
|
|
7a13e78 |
if (pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd) != PAM_SUCCESS)
|
|
|
7a13e78 |
{
|
|
|
7a13e78 |
- syslog(LOG_ERR,"Unable to get ecryptfs pam data : %m");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR,"Unable to get ecryptfs pam data : %m");
|
|
|
7a13e78 |
return -EINVAL;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
|
|
|
7a13e78 |
if ((child_pid = fork()) == 0) {
|
|
|
7a13e78 |
setuid(epd->uid);
|
|
|
7a13e78 |
if (epd->passphrase == NULL) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "NULL passphrase; aborting\n");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "NULL passphrase; aborting\n");
|
|
|
7a13e78 |
rc = -EINVAL;
|
|
|
7a13e78 |
goto out_child;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if ((rc = ecryptfs_validate_keyring())) {
|
|
|
7a13e78 |
- syslog(LOG_WARNING,
|
|
|
7a13e78 |
+ pamsyslog(LOG_WARNING,
|
|
|
7a13e78 |
"Cannot validate keyring integrity\n");
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
rc = 0;
|
|
|
7a13e78 |
@@ -368,12 +368,12 @@ static int fill_keyring(pam_handle_t *pa
|
|
|
7a13e78 |
epd->homedir,
|
|
|
7a13e78 |
ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME);
|
|
|
7a13e78 |
if (rc == -1) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Unable to allocate memory\n");
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Unable to allocate memory\n");
|
|
|
7a13e78 |
rc = -ENOMEM;
|
|
|
7a13e78 |
goto out_child;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if (wrap_passphrase_if_necessary(epd->username, epd->uid, wrapped_pw_filename, epd->passphrase, epd->salt) == 0) {
|
|
|
7a13e78 |
- syslog(LOG_INFO, "Passphrase file wrapped");
|
|
|
7a13e78 |
+ pamsyslog(LOG_INFO, "Passphrase file wrapped");
|
|
|
7a13e78 |
} else {
|
|
|
7a13e78 |
goto out_child;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -389,7 +389,7 @@ static int fill_keyring(pam_handle_t *pa
|
|
|
7a13e78 |
goto out_child;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
if (rc) {
|
|
|
7a13e78 |
- syslog(LOG_ERR, "Error adding passphrase key token to "
|
|
|
7a13e78 |
+ pamsyslog(LOG_ERR, "Error adding passphrase key token to "
|
|
|
7a13e78 |
"user session keyring; rc = [%d]\n", rc);
|
|
|
7a13e78 |
goto out_child;
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
@@ -399,7 +399,7 @@ out_child:
|
|
|
7a13e78 |
}
|
|
|
7a13e78 |
tmp_pid = waitpid(child_pid, NULL, 0);
|
|
|
7a13e78 |
if (tmp_pid == -1)
|
|
|
7a13e78 |
- syslog(LOG_WARNING,
|
|
|
7a13e78 |
+ pamsyslog(LOG_WARNING,
|
|
|
7a13e78 |
"waitpid() returned with error condition\n");
|
|
|
7a13e78 |
|
|
|
7a13e78 |
|