Bug#465558: libpam-encfs does not always unmount on logout

[Agustin Martin]

On Wed, Feb 13, 2008 at 10:17:36AM +0100, Heiner Markert wrote:
 Package: libpam-encfs
 Version: 0.1.4.1-2
 Severity: normal
 Tags: patch
 
 --- Please enter the report below this line. ---
 
 I use libpam-encfs with a special configuration file for (currently) only one 
 user that mounts a subdirectory of the home-dir for security-specific files.
 Config file /etc/security/pam_encfs.conf contains the line
 hmarkert/home/hmarkert/.sync/home/hmarkert/sync -v  -
 where sync is the encrypted directory. I disabled the auto-unmont, because 
 obviously the active session will not always keep files open and hence 
 unmounts the directory every few minutes, which is very annoying. So I 
 configured
 session requiredpam_encfs.so
 in /etc/pam.d/common-session.
 However, unmounting on session end does not relieably work. I looked into the 
 source code of pam_encfs.c and did not find anything looking relevant. 
 However, for me it works if I add a wait()-call in the parent after the fork 
 that executes fusermount -u on the home directory. I attached a diff with the 
 changes.

Hi,

I was recently looking at some issues with libpam-encfs amd noticed that
there were some newer upstream versions available (and that upstream
is no longer actively maintaining it), and in last one I noticed a change
that may be related to your bug report, use fuse lazy umount by default (see
attached patch). 

I wonder if that may also deal with your problem.

Cheers,

-- 
Agustin
diff --git a/pam_encfs.c b/pam_encfs.c
index e5e6aaf..6686467 100755
--- a/pam_encfs.c
+++ b/pam_encfs.c
@@ -676,7 +676,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh,
 }
 
 args[0] = fusermount;
-args[1] = -u;
+args[1] = -uz;
 args[2] = targetpath;
 args[3] = NULL;
 

Bug#465558: libpam-encfs does not always unmount on logout

[Heiner Markert]

Package: libpam-encfs
Version: 0.1.4.1-2
Severity: normal
Tags: patch

--- Please enter the report below this line. ---

I use libpam-encfs with a special configuration file for (currently) only one 
user that mounts a subdirectory of the home-dir for security-specific files.
Config file /etc/security/pam_encfs.conf contains the line
hmarkert/home/hmarkert/.sync/home/hmarkert/sync -v  -
where sync is the encrypted directory. I disabled the auto-unmont, because 
obviously the active session will not always keep files open and hence 
unmounts the directory every few minutes, which is very annoying. So I 
configured
session requiredpam_encfs.so
in /etc/pam.d/common-session.
However, unmounting on session end does not relieably work. I looked into the 
source code of pam_encfs.c and did not find anything looking relevant. 
However, for me it works if I add a wait()-call in the parent after the fork 
that executes fusermount -u on the home directory. I attached a diff with the 
changes.
I would further suggest to add a session counter in pam_encfs.c if there is 
any possibility to have something like static variables in a pam-plugin (I am 
not experienced with pam). This would avoid unmounting of the file system if 
on another console another session of the same user is running.

Best,
Heiner

--- System information. ---
Architecture: i386
Kernel:   Linux 2.6.22-3-686

Debian Release: lenny/sid
  700 testing security.debian.org 
  700 testing ftp.de.debian.org 
  700 testing debian-multimedia.informatik.uni-erlangen.de 
  700 testing deb.opera.com 
1 experimentalftp.de.debian.org 

--- Package information. ---
Depends  (Version) | Installed
==-+-==
encfs  | 1.3.2-1-1
libpam0g (= 0.99.7.1) | 0.99.7.1-5

--- pam_encfs.c 2008-02-12 23:09:16.0 +0100
+++ ../pam_encfs.c.orig 2008-02-12 22:35:18.0 +0100
@@ -623,8 +623,7 @@
 int retval;
 pid_t pid;
 char *targetpath;
-char *args[5];
-int t;
+char *args[4];
 
 //  _pam_log(LOG_ERR,Geteuid : %d,geteuid());
 
@@ -641,10 +640,8 @@
 
 args[0] = fusermount;
 args[1] = -u;
-//args[2] = -z;
 args[2] = targetpath;
 args[3] = NULL;
-_pam_log(LOG_ERR, Unmounting %s,targetpath);
 
 switch (pid = fork())
 {
@@ -660,8 +657,6 @@
 exit(127);
 }
 
-wait(t);
-
 /*We'll get this error every single time we have more than one session 
active, todo fix this with some better checks + support fuser -km if no more 
session connected.  
if (checkmnt(targetpath)) {
_pam_log(LOG_ERR,Failed to unmount %s,targetpath);