Blame ecryptfs-utils-87-fixexecgid.patch
|
 |
be2a3c |
diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
|
|
|
be2a3c |
--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid 2011-07-21 14:20:31.773602653 +0200
|
|
|
be2a3c |
+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-21 14:21:12.302160125 +0200
|
|
|
be2a3c |
@@ -33,6 +33,7 @@
|
|
|
be2a3c |
#include <errno.h>
|
|
|
be2a3c |
#include <syslog.h>
|
|
|
be2a3c |
#include <pwd.h>
|
|
|
be2a3c |
+#include <grp.h>
|
|
|
be2a3c |
#include <sys/types.h>
|
|
|
be2a3c |
#include <sys/wait.h>
|
|
|
be2a3c |
#include <sys/types.h>
|
|
|
be2a3c |
@@ -303,6 +304,23 @@ static int private_dir(pam_handle_t *pam
|
|
|
be2a3c |
return 1;
|
|
|
be2a3c |
}
|
|
|
be2a3c |
if (pid == 0) {
|
|
|
be2a3c |
+ /* explicitely change group to ecryptfs if user is member of that group, changing uid is not enough */
|
|
|
be2a3c |
+ errno=0;
|
|
|
be2a3c |
+ struct group *efsg = getgrnam("ecryptfs");
|
|
|
be2a3c |
+ if (efsg==NULL && errno) syslog(LOG_ERR, "unable to list members of ecryptfs group : %m");
|
|
|
be2a3c |
+ else
|
|
|
be2a3c |
+ {
|
|
|
be2a3c |
+ while (*efsg->gr_mem)
|
|
|
be2a3c |
+ {
|
|
|
be2a3c |
+ if (!strcmp(*efsg->gr_mem, pwd->pw_name))
|
|
|
be2a3c |
+ {
|
|
|
be2a3c |
+ if (setgid(efsg->gr_gid)<0) syslog(LOG_ERR, "Unable to change group to ecryptfs : %m");
|
|
|
be2a3c |
+ break;
|
|
|
be2a3c |
+ }
|
|
|
be2a3c |
+ efsg->gr_mem++;
|
|
|
be2a3c |
+ }
|
|
|
be2a3c |
+ }
|
|
|
be2a3c |
+
|
|
|
be2a3c |
if (mount == 1) {
|
|
|
be2a3c |
if ((asprintf(&recorded,
|
|
|
be2a3c |
"%s/.ecryptfs/.wrapped-passphrase.recorded",
|