On Sun, Nov 7, 2010 at 4:28 PM, Jakob Unterwurzacher <[email protected]> wrote: > Quoting man ecryptfs-mount-private: >> ~/.ecryptfs/wrapping-independent - this file exists if the >> wrapping passphrase is independent from login passphrase > > This patch makes pam_ecryptfs check if this file exists and ask the > user for the wrapping passphrase if it does. > > Note that ecryptfs_pam_wrapping_independent_set() is a copy of > ecryptfs_pam_automount_set(), this will be cleaned up in a later patch. > --- > src/pam_ecryptfs/pam_ecryptfs.c | 24 +++++++++++++++++++++++- > 1 files changed, 23 insertions(+), 1 deletions(-) > > diff --git a/src/pam_ecryptfs/pam_ecryptfs.c b/src/pam_ecryptfs/pam_ecryptfs.c > index 2209ac8..2a821e8 100644 > --- a/src/pam_ecryptfs/pam_ecryptfs.c > +++ b/src/pam_ecryptfs/pam_ecryptfs.c > @@ -87,6 +87,25 @@ out: > return rc; > } > > +/* returns: 0 for independent wrapping passphrase not set, 1 for set, <0 for > error */ > +static int ecryptfs_pam_wrapping_independent_set(const char *homedir) > +{ > + char *file_path; > + int rc = 0; > + struct stat s; > + if (asprintf(&file_path, "%s/.ecryptfs/wrapping-independent", > homedir) == -1) > + return -ENOMEM; > + if (stat(file_path, &s) != 0) { > + if (errno != ENOENT) > + rc = -errno; > + goto out; > + } > + rc = 1; > +out: > + free(file_path); > + return rc; > +} > + > static int wrap_passphrase_if_necessary(char *username, uid_t uid, char > *wrapped_pw_filename, char *passphrase, char *salt) > { > char *unwrapped_pw_filename = NULL; > @@ -165,7 +184,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, > int flags, int argc, > syslog(LOG_WARNING, "Can't check if kernel supports > ecryptfs\n"); > saved_uid = geteuid(); > seteuid(uid); > - rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase); > + if(ecryptfs_pam_wrapping_independent_set(homedir) == 1) > + rc = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &passphrase, > "Encryption passphrase: "); > + else > + rc = pam_get_item(pamh, PAM_AUTHTOK, (const void > **)&passphrase); > seteuid(saved_uid); > if (rc != PAM_SUCCESS) { > syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n", > -- > 1.7.0.4
Thanks for the patch, and sorry for the delay. Your mails got caught up in a mail filter. Committed revision 524. Will be in -86 release. :-Dustin _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-devel More help : https://help.launchpad.net/ListHelp
