|
 |
bcbcca |
diff -up ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2012-08-20 15:46:19.795460481 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2012-08-20 15:46:19.844460878 +0200
|
|
|
6154d2 |
@@ -99,7 +99,7 @@ static int ecryptfs_pkcs11h_deserialize(
|
|
Michal Hlavinka |
79c27c |
pkcs11h_data->serialized_id = NULL;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
else {
|
|
Michal Hlavinka |
79c27c |
- pkcs11h_data->serialized_id = blob + i;
|
|
Michal Hlavinka |
79c27c |
+ pkcs11h_data->serialized_id = (char *)blob + i;
|
|
Michal Hlavinka |
79c27c |
i += serialized_id_length;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
pkcs11h_data->certificate_blob_size = blob[i++] % 256;
|
|
|
6154d2 |
@@ -117,12 +117,11 @@ static int ecryptfs_pkcs11h_deserialize(
|
|
Michal Hlavinka |
79c27c |
pkcs11h_data->passphrase = NULL;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
else {
|
|
Michal Hlavinka |
79c27c |
- pkcs11h_data->passphrase = blob + i;
|
|
Michal Hlavinka |
79c27c |
+ pkcs11h_data->passphrase = (char *)blob + i;
|
|
Michal Hlavinka |
79c27c |
i += passphrase_length;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
Michal Hlavinka |
79c27c |
rc = 0;
|
|
Michal Hlavinka |
79c27c |
-out:
|
|
Michal Hlavinka |
79c27c |
return rc;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -359,14 +358,14 @@ static int ecryptfs_pkcs11h_get_key_sig(
|
|
Michal Hlavinka |
79c27c |
data[i++] = '\02';
|
|
Michal Hlavinka |
79c27c |
data[i++] = (char)(nbits >> 8);
|
|
Michal Hlavinka |
79c27c |
data[i++] = (char)nbits;
|
|
Michal Hlavinka |
79c27c |
- BN_bn2bin(rsa->n, &(data[i]));
|
|
Michal Hlavinka |
79c27c |
+ BN_bn2bin(rsa->n, (unsigned char *)&(data[i]));
|
|
Michal Hlavinka |
79c27c |
i += nbytes;
|
|
Michal Hlavinka |
79c27c |
data[i++] = (char)(ebits >> 8);
|
|
Michal Hlavinka |
79c27c |
data[i++] = (char)ebits;
|
|
Michal Hlavinka |
79c27c |
- BN_bn2bin(rsa->e, &(data[i]));
|
|
Michal Hlavinka |
79c27c |
+ BN_bn2bin(rsa->e, (unsigned char *)&(data[i]));
|
|
Michal Hlavinka |
79c27c |
i += ebytes;
|
|
Michal Hlavinka |
79c27c |
- SHA1(data, len + 3, hash);
|
|
Michal Hlavinka |
79c27c |
- to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
|
|
Michal Hlavinka |
79c27c |
+ SHA1((unsigned char *)data, len + 3, (unsigned char *)hash);
|
|
Michal Hlavinka |
79c27c |
+ to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE);
|
|
Michal Hlavinka |
79c27c |
sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
|
|
Michal Hlavinka |
79c27c |
|
|
Michal Hlavinka |
79c27c |
rc = 0;
|
|
|
6154d2 |
@@ -424,8 +423,8 @@ static int ecryptfs_pkcs11h_encrypt(char
|
|
Michal Hlavinka |
79c27c |
if (
|
|
Michal Hlavinka |
79c27c |
(rc = RSA_public_encrypt(
|
|
Michal Hlavinka |
79c27c |
from_size,
|
|
Michal Hlavinka |
79c27c |
- from,
|
|
Michal Hlavinka |
79c27c |
- to,
|
|
Michal Hlavinka |
79c27c |
+ (unsigned char *)from,
|
|
Michal Hlavinka |
79c27c |
+ (unsigned char *)to,
|
|
Michal Hlavinka |
79c27c |
rsa,
|
|
Michal Hlavinka |
79c27c |
RSA_PKCS1_PADDING
|
|
Michal Hlavinka |
79c27c |
)) == -1
|
|
|
6154d2 |
@@ -519,9 +518,9 @@ static int ecryptfs_pkcs11h_decrypt(char
|
|
Michal Hlavinka |
79c27c |
(rv = pkcs11h_certificate_decryptAny (
|
|
Michal Hlavinka |
79c27c |
certificate,
|
|
Michal Hlavinka |
79c27c |
CKM_RSA_PKCS,
|
|
Michal Hlavinka |
79c27c |
- from,
|
|
Michal Hlavinka |
79c27c |
+ (unsigned char *)from,
|
|
Michal Hlavinka |
79c27c |
from_size,
|
|
Michal Hlavinka |
79c27c |
- to,
|
|
Michal Hlavinka |
79c27c |
+ (unsigned char *)to,
|
|
Michal Hlavinka |
79c27c |
to_size
|
|
Michal Hlavinka |
79c27c |
)) != CKR_OK
|
|
Michal Hlavinka |
79c27c |
) {
|
|
|
6154d2 |
@@ -547,9 +546,9 @@ static int ecryptfs_pkcs11h_decrypt(char
|
|
Michal Hlavinka |
79c27c |
pkcs11h_certificate_decryptAny (
|
|
Michal Hlavinka |
79c27c |
certificate,
|
|
Michal Hlavinka |
79c27c |
CKM_RSA_PKCS,
|
|
Michal Hlavinka |
79c27c |
- from,
|
|
Michal Hlavinka |
79c27c |
+ (unsigned char *)from,
|
|
Michal Hlavinka |
79c27c |
from_size,
|
|
Michal Hlavinka |
79c27c |
- tmp,
|
|
Michal Hlavinka |
79c27c |
+ (unsigned char *)tmp,
|
|
Michal Hlavinka |
79c27c |
to_size
|
|
Michal Hlavinka |
79c27c |
);
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -864,7 +863,7 @@ static int ecryptfs_pkcs11h_process_key(
|
|
Michal Hlavinka |
79c27c |
rc = MOUNT_ERROR;
|
|
Michal Hlavinka |
79c27c |
goto out;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
- if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob,
|
|
Michal Hlavinka |
79c27c |
+ if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob,
|
|
Michal Hlavinka |
79c27c |
&subgraph_key_ctx->key_mod->blob_size,
|
|
Michal Hlavinka |
79c27c |
pkcs11h_data))) {
|
|
Michal Hlavinka |
79c27c |
syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc);
|
|
|
6154d2 |
@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_loglevel(st
|
|
Michal Hlavinka |
79c27c |
|
|
Michal Hlavinka |
79c27c |
rc = DEFAULT_TOK;
|
|
Michal Hlavinka |
79c27c |
node->val = NULL;
|
|
Michal Hlavinka |
79c27c |
-out:
|
|
Michal Hlavinka |
79c27c |
+// out:
|
|
Michal Hlavinka |
79c27c |
return rc;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -956,7 +955,7 @@ static int tf_pkcs11h_global_pincache(st
|
|
Michal Hlavinka |
79c27c |
|
|
Michal Hlavinka |
79c27c |
rc = DEFAULT_TOK;
|
|
Michal Hlavinka |
79c27c |
node->val = NULL;
|
|
Michal Hlavinka |
79c27c |
-out:
|
|
Michal Hlavinka |
79c27c |
+// out:
|
|
Michal Hlavinka |
79c27c |
return rc;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -1026,7 +1025,7 @@ static int tf_pkcs11h_provider_prot_auth
|
|
Michal Hlavinka |
79c27c |
sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication);
|
|
Michal Hlavinka |
79c27c |
rc = DEFAULT_TOK;
|
|
Michal Hlavinka |
79c27c |
node->val = NULL;
|
|
Michal Hlavinka |
79c27c |
-out:
|
|
Michal Hlavinka |
79c27c |
+
|
|
Michal Hlavinka |
79c27c |
return rc;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -1040,7 +1039,7 @@ static int tf_pkcs11h_provider_cert_priv
|
|
Michal Hlavinka |
79c27c |
sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private);
|
|
Michal Hlavinka |
79c27c |
rc = DEFAULT_TOK;
|
|
Michal Hlavinka |
79c27c |
node->val = NULL;
|
|
Michal Hlavinka |
79c27c |
-out:
|
|
Michal Hlavinka |
79c27c |
+
|
|
Michal Hlavinka |
79c27c |
return rc;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -1055,7 +1054,7 @@ static int tf_pkcs11h_provider_private_m
|
|
Michal Hlavinka |
79c27c |
|
|
Michal Hlavinka |
79c27c |
rc = DEFAULT_TOK;
|
|
Michal Hlavinka |
79c27c |
node->val = NULL;
|
|
Michal Hlavinka |
79c27c |
-out:
|
|
Michal Hlavinka |
79c27c |
+
|
|
Michal Hlavinka |
79c27c |
return rc;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -1086,7 +1085,7 @@ static int tf_pkcs11h_provider_end(struc
|
|
Michal Hlavinka |
79c27c |
free(subgraph_provider_ctx);
|
|
Michal Hlavinka |
79c27c |
*foo = NULL;
|
|
Michal Hlavinka |
79c27c |
rc = DEFAULT_TOK;
|
|
Michal Hlavinka |
79c27c |
-out:
|
|
Michal Hlavinka |
79c27c |
+
|
|
Michal Hlavinka |
79c27c |
return rc;
|
|
Michal Hlavinka |
79c27c |
}
|
|
Michal Hlavinka |
79c27c |
|
|
|
6154d2 |
@@ -1133,7 +1132,7 @@ static int tf_pkcs11h_key_x509file(struc
|
|
|
9f5906 |
X509 *x509 = NULL;
|
|
|
9f5906 |
unsigned char *p = NULL;
|
|
|
9f5906 |
FILE *fp = NULL;
|
|
|
9f5906 |
- int rc;
|
|
|
9f5906 |
+ int rc = 0;
|
|
|
9f5906 |
|
|
|
9f5906 |
subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
|
|
|
9f5906 |
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c.werror 2012-05-18 21:06:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c 2012-08-20 15:46:19.845460886 +0200
|
|
Michal Hlavinka |
14f112 |
@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
|
|
Michal Hlavinka |
14f112 |
if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
|
|
Michal Hlavinka |
14f112 |
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
|
|
Michal Hlavinka |
14f112 |
+ 4)) {
|
|
Michal Hlavinka |
14f112 |
- printf("%s: Invalid metadata size; must have at least [%lu] "
|
|
Michal Hlavinka |
14f112 |
+ printf("%s: Invalid metadata size; must have at least [%zu] "
|
|
Michal Hlavinka |
14f112 |
"bytes; there are only [%zu] bytes\n", __FUNCTION__,
|
|
Michal Hlavinka |
14f112 |
(ECRYPTFS_FILE_SIZE_BYTES
|
|
Michal Hlavinka |
14f112 |
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/src/libecryptfs/key_management.c.werror ecryptfs-utils-100/src/libecryptfs/key_management.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/src/libecryptfs/key_management.c.werror 2012-08-20 15:46:19.791460449 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/src/libecryptfs/key_management.c 2012-08-20 15:46:19.845460886 +0200
|
|
|
538c2f |
@@ -228,7 +228,6 @@ int ecryptfs_wrap_passphrase_file(char *
|
|
|
538c2f |
int rc = 0;
|
|
|
538c2f |
ssize_t size;
|
|
|
538c2f |
int fd;
|
|
|
538c2f |
- int i;
|
|
|
538c2f |
char *p = NULL;
|
|
|
538c2f |
char decrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
|
|
|
538c2f |
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.werror 2012-08-02 15:20:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c 2012-08-20 15:48:15.233393985 +0200
|
|
|
538c2f |
@@ -47,31 +47,6 @@
|
|
Michal Hlavinka |
a225d8 |
|
|
Michal Hlavinka |
538613 |
#define PRIVATE_DIR "Private"
|
|
Michal Hlavinka |
a225d8 |
|
|
Michal Hlavinka |
538613 |
-static void error(const char *msg)
|
|
Michal Hlavinka |
538613 |
-{
|
|
|
7731a0 |
- syslog(LOG_ERR, "pam_ecryptfs: errno = [%i]; strerror = [%m]\n", errno);
|
|
Michal Hlavinka |
538613 |
- switch (errno) {
|
|
Michal Hlavinka |
538613 |
- case ENOKEY:
|
|
|
7731a0 |
- syslog(LOG_ERR, "pam_ecryptfs: %s: Requested key not available\n", msg);
|
|
Michal Hlavinka |
538613 |
- return;
|
|
Michal Hlavinka |
538613 |
-
|
|
Michal Hlavinka |
538613 |
- case EKEYEXPIRED:
|
|
|
7731a0 |
- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has expired\n", msg);
|
|
Michal Hlavinka |
538613 |
- return;
|
|
Michal Hlavinka |
538613 |
-
|
|
Michal Hlavinka |
538613 |
- case EKEYREVOKED:
|
|
|
7731a0 |
- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has been revoked\n", msg);
|
|
Michal Hlavinka |
538613 |
- return;
|
|
Michal Hlavinka |
538613 |
-
|
|
Michal Hlavinka |
538613 |
- case EKEYREJECTED:
|
|
|
7731a0 |
- syslog(LOG_ERR, "pam_ecryptfs: %s: Key was rejected by service\n", msg);
|
|
Michal Hlavinka |
538613 |
- return;
|
|
Michal Hlavinka |
538613 |
- default:
|
|
|
7731a0 |
- syslog(LOG_ERR, "pam_ecryptfs: %s: Unknown key error\n", msg);
|
|
Michal Hlavinka |
538613 |
- return;
|
|
Michal Hlavinka |
538613 |
- }
|
|
Michal Hlavinka |
538613 |
-}
|
|
Michal Hlavinka |
538613 |
-
|
|
|
8813d2 |
/* returns: 0 if file does not exist, 1 if it exists, <0 for error */
|
|
|
8813d2 |
static int file_exists_dotecryptfs(const char *homedir, char *filename)
|
|
Michal Hlavinka |
538613 |
{
|
|
|
bcbcca |
@@ -110,10 +85,8 @@ static int wrap_passphrase_if_necessary(
|
|
|
bcbcca |
stat(wrapped_pw_filename, &s) != 0 &&
|
|
|
bcbcca |
passphrase != NULL && *passphrase != '\0' &&
|
|
|
bcbcca |
username != NULL && *username != '\0') {
|
|
|
bcbcca |
- setuid(uid);
|
|
|
bcbcca |
- rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
|
|
|
bcbcca |
- if (rc != 0) {
|
|
|
bcbcca |
- syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
|
|
|
bcbcca |
+ if ((rc = setuid(uid))<0 || ((rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename)) != 0)) {
|
|
|
bcbcca |
+ syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
|
|
|
bcbcca |
}
|
|
|
bcbcca |
return rc;
|
|
|
bcbcca |
}
|
|
|
bcbcca |
@@ -211,8 +184,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
Michal Hlavinka |
c7231a |
if ((argc == 1)
|
|
Michal Hlavinka |
c7231a |
&& (memcmp(argv[0], "unwrap\0", 7) == 0)) {
|
|
Michal Hlavinka |
c7231a |
char *wrapped_pw_filename;
|
|
Michal Hlavinka |
c7231a |
- char *unwrapped_pw_filename;
|
|
Michal Hlavinka |
c7231a |
- struct stat s;
|
|
Michal Hlavinka |
c7231a |
|
|
Michal Hlavinka |
c7231a |
rc = asprintf(
|
|
Michal Hlavinka |
c7231a |
&wrapped_pw_filename, "%s/.ecryptfs/%s",
|
|
|
bcbcca |
@@ -304,8 +275,6 @@ static int private_dir(pam_handle_t *pam
|
|
Michal Hlavinka |
538613 |
char *autoumount = "auto-umount";
|
|
Michal Hlavinka |
538613 |
struct stat s;
|
|
Michal Hlavinka |
538613 |
pid_t pid;
|
|
Michal Hlavinka |
538613 |
- struct utmp *u;
|
|
Michal Hlavinka |
538613 |
- int count = 0;
|
|
Michal Hlavinka |
a225d8 |
|
|
Michal Hlavinka |
538613 |
if ((pwd = fetch_pwd(pamh)) == NULL) {
|
|
Michal Hlavinka |
538613 |
/* fetch_pwd() logged a message */
|
|
|
bcbcca |
@@ -351,7 +320,7 @@ static int private_dir(pam_handle_t *pam
|
|
Michal Hlavinka |
538613 |
if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
|
|
Michal Hlavinka |
538613 |
/* User has not recorded their passphrase */
|
|
Michal Hlavinka |
538613 |
unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
|
|
Michal Hlavinka |
538613 |
- symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
|
|
Michal Hlavinka |
538613 |
+ rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
|
|
Michal Hlavinka |
538613 |
fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
|
|
Michal Hlavinka |
538613 |
close(fd);
|
|
Michal Hlavinka |
538613 |
}
|
|
|
bcbcca |
@@ -430,7 +399,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
|
|
|
5d320b |
char *old_passphrase = NULL;
|
|
|
5d320b |
char *new_passphrase = NULL;
|
|
|
5d320b |
char *wrapped_pw_filename;
|
|
|
5d320b |
- char *name = NULL;
|
|
|
5d320b |
char salt[ECRYPTFS_SALT_SIZE];
|
|
|
5d320b |
char salt_hex[ECRYPTFS_SALT_SIZE_HEX];
|
|
|
5d320b |
pid_t child_pid, tmp_pid;
|
|
|
bcbcca |
@@ -445,15 +413,15 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
|
|
|
5d320b |
uid = pwd->pw_uid;
|
|
|
538c2f |
gid = pwd->pw_gid;
|
|
|
5d320b |
homedir = pwd->pw_dir;
|
|
|
5d320b |
- name = pwd->pw_name;
|
|
Michal Hlavinka |
538613 |
}
|
|
Michal Hlavinka |
538613 |
} else {
|
|
|
538c2f |
syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc);
|
|
Michal Hlavinka |
538613 |
goto out;
|
|
Michal Hlavinka |
538613 |
}
|
|
|
538c2f |
|
|
|
538c2f |
- if ((oeuid = geteuid()) < 0 || (oegid = getegid()) < 0 ||
|
|
|
538c2f |
- (ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) {
|
|
|
538c2f |
+ oeuid = geteuid();
|
|
|
538c2f |
+ oegid = getegid();
|
|
|
538c2f |
+ if ((ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) {
|
|
|
538c2f |
syslog(LOG_ERR, "pam_ecryptfs: geteuid error");
|
|
|
538c2f |
goto outnouid;
|
|
|
538c2f |
}
|
|
|
bcbcca |
@@ -512,7 +480,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
|
|
|
bcbcca |
char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH + 1];
|
|
|
bcbcca |
|
|
|
bcbcca |
/* temp regain uid 0 to drop privs */
|
|
|
bcbcca |
- seteuid(oeuid);
|
|
|
bcbcca |
+ if (seteuid(oeuid) < 0) {
|
|
|
bcbcca |
+ syslog(LOG_ERR, "pam_ecryptfs: seteuid error");
|
|
|
bcbcca |
+ goto out_child;
|
|
|
bcbcca |
+ }
|
|
|
bcbcca |
/* setgroups() already called */
|
|
|
bcbcca |
if (setgid(gid) < 0 || setuid(uid) < 0)
|
|
|
bcbcca |
goto out_child;
|
|
|
bcbcca |
@@ -537,9 +508,9 @@ out_child:
|
|
|
bcbcca |
free(wrapped_pw_filename);
|
|
|
bcbcca |
out:
|
|
|
bcbcca |
|
|
|
bcbcca |
- seteuid(oeuid);
|
|
|
bcbcca |
- setegid(oegid);
|
|
|
bcbcca |
- setgroups(ngids, groups);
|
|
|
bcbcca |
+ rc = seteuid(oeuid);
|
|
|
bcbcca |
+ rc = setegid(oegid);
|
|
|
bcbcca |
+ rc = setgroups(ngids, groups);
|
|
|
bcbcca |
|
|
|
bcbcca |
outnouid:
|
|
|
bcbcca |
return rc;
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-100/src/utils/mount.ecryptfs.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/src/utils/mount.ecryptfs.c.werror 2012-08-20 15:46:19.805460562 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/src/utils/mount.ecryptfs.c 2012-08-20 15:46:19.847460902 +0200
|
|
|
6154d2 |
@@ -34,6 +34,7 @@
|
|
|
6154d2 |
#include <sys/mount.h>
|
|
|
6154d2 |
#include <sys/stat.h>
|
|
|
6154d2 |
#include <sys/types.h>
|
|
|
6154d2 |
+#include <sys/wait.h>
|
|
|
6154d2 |
#include "config.h"
|
|
|
6154d2 |
#include "ecryptfs.h"
|
|
|
6154d2 |
#include "decision_graph.h"
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c.werror 2012-08-20 15:46:19.801460530 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c 2012-08-20 15:46:19.847460902 +0200
|
|
|
6154d2 |
@@ -95,7 +95,7 @@ int read_config(char *pw_dir, int uid, c
|
|
|
8813d2 |
*s = strdup(e->mnt_fsname);
|
|
|
8813d2 |
if (!*s)
|
|
|
8813d2 |
return -2;
|
|
|
8813d2 |
-out:
|
|
|
6154d2 |
+
|
|
|
8813d2 |
return 0;
|
|
|
8813d2 |
}
|
|
|
8813d2 |
|
|
|
bcbcca |
@@ -686,8 +686,8 @@ int main(int argc, char *argv[]) {
|
|
|
bcbcca |
* update mtab for us, and replace the current process.
|
|
|
bcbcca |
* Do not use the umount.ecryptfs helper (-i).
|
|
|
bcbcca |
*/
|
|
|
bcbcca |
- setresuid(0,0,0);
|
|
|
bcbcca |
- setresgid(0,0,0);
|
|
|
bcbcca |
+ rc=setresuid(0,0,0);
|
|
|
bcbcca |
+ rc=setresgid(0,0,0);
|
|
|
bcbcca |
clearenv();
|
|
|
bcbcca |
|
|
|
bcbcca |
/* Since we're doing a lazy unmount anyway, just unmount the current
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/src/utils/test.c.werror ecryptfs-utils-100/src/utils/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/src/utils/test.c.werror 2012-05-18 21:06:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/src/utils/test.c 2012-08-20 15:46:19.847460902 +0200
|
|
Michal Hlavinka |
beb646 |
@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache
|
|
Michal Hlavinka |
beb646 |
struct inode *lower_inode;
|
|
Michal Hlavinka |
beb646 |
struct ecryptfs_crypt_stat *crypt_stat;
|
|
Michal Hlavinka |
beb646 |
int rc = 0;
|
|
Michal Hlavinka |
beb646 |
- int lower_byte_offset;
|
|
Michal Hlavinka |
beb646 |
+ int lower_byte_offset = 0;
|
|
Michal Hlavinka |
beb646 |
int orig_byte_offset = 0;
|
|
Michal Hlavinka |
beb646 |
int num_extents_per_page;
|
|
Michal Hlavinka |
beb646 |
#define ECRYPTFS_PAGE_STATE_UNREAD 0
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c.werror ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c 2012-08-20 15:46:19.848460910 +0200
|
|
|
a7b4e2 |
@@ -149,7 +149,7 @@ int hang_check(int option, const char *f
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
int test_dirs(const char *path, const int max_dirs)
|
|
|
a7b4e2 |
{
|
|
|
a7b4e2 |
- int i, j;
|
|
|
a7b4e2 |
+ int i/*, j*/;
|
|
|
a7b4e2 |
char *filename;
|
|
|
a7b4e2 |
size_t len = strlen(path) + 32;
|
|
|
a7b4e2 |
int ret = TEST_PASSED;
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/tests/kernel/enospc/test.c.werror ecryptfs-utils-100/tests/kernel/enospc/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/tests/kernel/enospc/test.c.werror 2012-08-02 15:20:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/tests/kernel/enospc/test.c 2012-08-20 15:46:19.848460910 +0200
|
|
|
bcbcca |
@@ -37,9 +37,6 @@
|
|
|
bcbcca |
int test_exercise(char *filename, ssize_t size)
|
|
|
bcbcca |
{
|
|
|
bcbcca |
int fd;
|
|
|
bcbcca |
- ssize_t i;
|
|
|
bcbcca |
- ssize_t n;
|
|
|
bcbcca |
- struct stat statbuf;
|
|
|
bcbcca |
ssize_t nbytes = size;
|
|
|
bcbcca |
int ret = TEST_FAILED;
|
|
|
bcbcca |
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/tests/kernel/extend-file-random/test.c.werror ecryptfs-utils-100/tests/kernel/extend-file-random/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/tests/kernel/extend-file-random/test.c.werror 2012-05-18 21:06:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/tests/kernel/extend-file-random/test.c 2012-08-20 15:46:19.848460910 +0200
|
|
|
20a2a6 |
@@ -48,7 +48,7 @@ int test_write(int fd, char *buffer, siz
|
|
|
20a2a6 |
}
|
|
|
20a2a6 |
|
|
|
20a2a6 |
if (write(fd, buffer, len) != len) {
|
|
|
20a2a6 |
- fprintf(stderr, "Failed to write %lu bytes, position %lu: %s\n",
|
|
|
20a2a6 |
+ fprintf(stderr, "Failed to write %zu bytes, position %lu: %s\n",
|
|
|
20a2a6 |
len, offset, strerror(errno));
|
|
|
20a2a6 |
return TEST_FAILED;
|
|
|
20a2a6 |
}
|
|
|
20a2a6 |
@@ -58,13 +58,13 @@ int test_write(int fd, char *buffer, siz
|
|
|
20a2a6 |
int test_read(int fd, char *buffer, size_t len, off_t offset)
|
|
|
20a2a6 |
{
|
|
|
20a2a6 |
if (lseek(fd, offset, SEEK_SET) < 0) {
|
|
|
20a2a6 |
- fprintf(stderr, "Failed to seek to position %lu: %s\n",
|
|
|
20a2a6 |
+ fprintf(stderr, "Failed to seek to position %ld: %s\n",
|
|
|
20a2a6 |
offset, strerror(errno));
|
|
|
20a2a6 |
return TEST_FAILED;
|
|
|
20a2a6 |
}
|
|
|
20a2a6 |
|
|
|
20a2a6 |
if (read(fd, buffer, len) != len) {
|
|
|
20a2a6 |
- fprintf(stderr, "Failed to read %lu bytes, position %lu: %s\n",
|
|
|
20a2a6 |
+ fprintf(stderr, "Failed to read %zu bytes, position %lu: %s\n",
|
|
|
20a2a6 |
len, offset, strerror(errno));
|
|
|
20a2a6 |
return TEST_FAILED;
|
|
|
20a2a6 |
}
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/tests/kernel/file-concurrent/test.c.werror ecryptfs-utils-100/tests/kernel/file-concurrent/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/tests/kernel/file-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/tests/kernel/file-concurrent/test.c 2012-08-20 15:46:19.849460918 +0200
|
|
|
6154d2 |
@@ -177,7 +177,7 @@ int hang_check(int option, const char *f
|
|
|
a7b4e2 |
|
|
|
6154d2 |
int test_files(const char *path, const int max_files)
|
|
|
a7b4e2 |
{
|
|
|
a7b4e2 |
- int i, j;
|
|
|
a7b4e2 |
+ int i;
|
|
|
a7b4e2 |
char *filename;
|
|
|
a7b4e2 |
size_t len = strlen(path) + 32;
|
|
|
a7b4e2 |
int ret = TEST_PASSED;
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c.werror ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c.werror 2012-08-02 15:20:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c 2012-08-20 15:46:19.849460918 +0200
|
|
|
a7b4e2 |
@@ -106,7 +106,6 @@ static void do_test(const int fdin, cons
|
|
|
a7b4e2 |
{
|
|
|
a7b4e2 |
for (;;) {
|
|
|
a7b4e2 |
int n;
|
|
|
a7b4e2 |
- int ret;
|
|
|
a7b4e2 |
char cmd[32];
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
if ((n = read(fdin, cmd, sizeof(cmd))) < 1) {
|
|
|
20a2a6 |
@@ -122,7 +121,7 @@ static void do_test(const int fdin, cons
|
|
|
20a2a6 |
if (cmd[0] == CMD_TEST) {
|
|
|
20a2a6 |
int ret;
|
|
|
20a2a6 |
off_t sz;
|
|
|
20a2a6 |
- sscanf(cmd+1, "%zd", &sz);
|
|
|
20a2a6 |
+ sscanf(cmd+1, "%ld", &sz);
|
|
|
20a2a6 |
|
|
|
20a2a6 |
ret = check_size(filename, sz);
|
|
|
20a2a6 |
switch (ret) {
|
|
|
bcbcca |
@@ -307,7 +306,7 @@ int main(int argc, char **argv)
|
|
|
20a2a6 |
}
|
|
|
20a2a6 |
|
|
|
20a2a6 |
/* Now tell children to stat the file */
|
|
|
20a2a6 |
- snprintf(cmd, sizeof(cmd), "%c%zd", CMD_TEST, sz);
|
|
|
20a2a6 |
+ snprintf(cmd, sizeof(cmd), "%c%ld", CMD_TEST, sz);
|
|
|
20a2a6 |
for (i = 0; i < threads; i++) {
|
|
|
20a2a6 |
if (write(pipe_to[i][1], cmd, strlen(cmd)+1) < 0) {
|
|
|
20a2a6 |
fprintf(stderr, "write to pipe failed: %s\n",
|
|
|
bcbcca |
@@ -364,6 +363,7 @@ abort:
|
|
|
a7b4e2 |
int ret;
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
ret = write(pipe_to[i][1], cmd, 1);
|
|
|
a7b4e2 |
+ (void)ret;
|
|
|
a7b4e2 |
(void)waitpid(pids[i], &status, 0);
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
(void)close(pipe_to[i][1]);
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/tests/kernel/lp-509180/test.c.werror ecryptfs-utils-100/tests/kernel/lp-509180/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/tests/kernel/lp-509180/test.c.werror 2012-05-18 21:06:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/tests/kernel/lp-509180/test.c 2012-08-20 15:46:19.850460926 +0200
|
|
|
6154d2 |
@@ -48,7 +48,6 @@ int main(int argc, char **argv)
|
|
|
6154d2 |
int fd;
|
|
|
6154d2 |
int opt, flags = 0;
|
|
|
6154d2 |
int rc = 0;
|
|
|
6154d2 |
- unsigned int *ptr;
|
|
|
6154d2 |
char *file;
|
|
|
6154d2 |
unsigned char buffer[1];
|
|
|
6154d2 |
|
|
|
bcbcca |
diff -up ecryptfs-utils-100/tests/kernel/trunc-file/test.c.werror ecryptfs-utils-100/tests/kernel/trunc-file/test.c
|
|
|
bcbcca |
--- ecryptfs-utils-100/tests/kernel/trunc-file/test.c.werror 2012-05-18 21:06:17.000000000 +0200
|
|
|
bcbcca |
+++ ecryptfs-utils-100/tests/kernel/trunc-file/test.c 2012-08-20 15:46:19.850460926 +0200
|
|
|
a7b4e2 |
@@ -39,7 +39,7 @@
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
int write_buff(int fd, unsigned char *data, ssize_t size)
|
|
|
a7b4e2 |
{
|
|
|
a7b4e2 |
- char *ptr = data;
|
|
|
a7b4e2 |
+ unsigned char *ptr = data;
|
|
|
a7b4e2 |
ssize_t n;
|
|
|
a7b4e2 |
ssize_t sz = size;
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
@@ -55,7 +55,7 @@ int write_buff(int fd, unsigned char *da
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
int read_buff(int fd, unsigned char *data, ssize_t size)
|
|
|
a7b4e2 |
{
|
|
|
a7b4e2 |
- char *ptr = data;
|
|
|
a7b4e2 |
+ unsigned char *ptr = data;
|
|
|
a7b4e2 |
ssize_t n;
|
|
|
a7b4e2 |
ssize_t sz = size;
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
@@ -88,6 +88,7 @@ int test_write_random(char *filename, in
|
|
|
a7b4e2 |
}
|
|
|
a7b4e2 |
buflen -= n;
|
|
|
a7b4e2 |
}
|
|
|
a7b4e2 |
+ return TEST_PASSED;
|
|
|
a7b4e2 |
}
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
int test_read_random(char *filename, int fd, unsigned char *buff, ssize_t size)
|
|
|
a7b4e2 |
@@ -157,9 +158,6 @@ int test_read_rest(char *filename, int f
|
|
|
a7b4e2 |
int test_exercise(char *filename, ssize_t size)
|
|
|
a7b4e2 |
{
|
|
|
a7b4e2 |
int fd;
|
|
|
a7b4e2 |
- ssize_t i;
|
|
|
a7b4e2 |
- ssize_t n;
|
|
|
a7b4e2 |
- ssize_t buflen;
|
|
|
a7b4e2 |
int ret = TEST_FAILED;
|
|
|
a7b4e2 |
ssize_t trunc_size = size / 2;
|
|
|
a7b4e2 |
struct stat statbuf;
|
|
|
a7b4e2 |
@@ -254,8 +252,6 @@ void sighandler(int dummy)
|
|
|
a7b4e2 |
int main(int argc, char **argv)
|
|
|
a7b4e2 |
{
|
|
|
a7b4e2 |
off_t len = DEFAULT_SIZE;
|
|
|
a7b4e2 |
- int i;
|
|
|
a7b4e2 |
- int ret;
|
|
|
a7b4e2 |
|
|
|
a7b4e2 |
if (argc < 2) {
|
|
|
a7b4e2 |
fprintf(stderr, "Syntax: %s filename [size_in_K]\n", argv[0]);
|
|
|
20a2a6 |
@@ -272,7 +268,7 @@ int main(int argc, char **argv)
|
|
|
630323 |
|
|
|
630323 |
len *= 1024;
|
|
|
630323 |
if (len > SSIZE_MAX) {
|
|
|
630323 |
- fprintf(stderr, "size should be < %zd\n", SSIZE_MAX / 1024);
|
|
|
630323 |
+ fprintf(stderr, "size should be < %zd\n", (size_t)SSIZE_MAX / 1024);
|
|
|
630323 |
exit(TEST_ERROR);
|
|
|
630323 |
}
|
|
|
630323 |
|