Package: libpam-encfs Version: 0.1.4.1-2 Severity: normal Tags: patch --- Please enter the report below this line. ---
I use libpam-encfs with a special configuration file for (currently) only one user that mounts a subdirectory of the home-dir for security-specific files. Config file /etc/security/pam_encfs.conf contains the line hmarkert /home/hmarkert/.sync /home/hmarkert/sync -v - where sync is the encrypted directory. I disabled the auto-unmont, because obviously the active session will not always keep files open and hence unmounts the directory every few minutes, which is very annoying. So I configured session required pam_encfs.so in /etc/pam.d/common-session. However, unmounting on session end does not relieably work. I looked into the source code of pam_encfs.c and did not find anything looking relevant. However, for me it works if I add a wait()-call in the parent after the fork that executes fusermount -u on the home directory. I attached a diff with the changes. I would further suggest to add a session counter in pam_encfs.c if there is any possibility to have something like static variables in a pam-plugin (I am not experienced with pam). This would avoid unmounting of the file system if on another console another session of the same user is running. Best, Heiner --- System information. --- Architecture: i386 Kernel: Linux 2.6.22-3-686 Debian Release: lenny/sid 700 testing security.debian.org 700 testing ftp.de.debian.org 700 testing debian-multimedia.informatik.uni-erlangen.de 700 testing deb.opera.com 1 experimental ftp.de.debian.org --- Package information. --- Depends (Version) | Installed ==========================-+-============== encfs | 1.3.2-1-1 libpam0g (>= 0.99.7.1) | 0.99.7.1-5
--- pam_encfs.c 2008-02-12 23:09:16.000000000 +0100 +++ ../pam_encfs.c.orig 2008-02-12 22:35:18.000000000 +0100 @@ -623,8 +623,7 @@ int retval; pid_t pid; char *targetpath; - char *args[5]; - int t; + char *args[4]; // _pam_log(LOG_ERR,"Geteuid : %d",geteuid()); @@ -641,10 +640,8 @@ args[0] = "fusermount"; args[1] = "-u"; - //args[2] = "-z"; args[2] = targetpath; args[3] = NULL; - _pam_log(LOG_ERR, "Unmounting %s",targetpath); switch (pid = fork()) { @@ -660,8 +657,6 @@ exit(127); } - wait(&t); - /*We'll get this error every single time we have more than one session active, todo fix this with some better checks + support fuser -km if no more session connected. if (checkmnt(targetpath)) { _pam_log(LOG_ERR,"Failed to unmount %s",targetpath);