eCryptfs

Merge lp://staging/~mhlavink/ecryptfs/fix3 into lp://staging/~ecryptfs/ecryptfs/ecryptfs-utils

  1. fix3
  2. Merge into ecryptfs-utils
Proposed by Michal Hlavinka
Status: Merged
Merge reported by: Dustin Kirkland 
Merged at revision: not available
Proposed branch: lp://staging/~mhlavink/ecryptfs/fix3
Merge into: lp://staging/~ecryptfs/ecryptfs/ecryptfs-utils
Diff against target: None lines
To merge this branch: bzr merge lp://staging/~mhlavink/ecryptfs/fix3
Reviewer Review Type Date Requested Status
Dustin Kirkland  Approve
Review via email: mp+6307@code.staging.launchpad.net
To post a comment you must log in.
Revision history for this message
Michal Hlavinka (mhlavink) wrote :

only revs >= 388

lp://staging/~mhlavink/ecryptfs/fix3 updated
393. By Michal Hlavinka

libecryptfs-swig/libecryptfs.i: fix compiling with werror

This source produced warning for different signess. Add cast to
char *.

Signed-off-by: Michal Hlavinka <email address hidden>

394. By Michal Hlavinka

utils/ecryptfs-add-passphrase.c: fix return codes

ecryptfs-add-passphrase returned nonzero if key was already in keayring,
but key is in the keyring in the end, so return zero. When passphrase was
too long it produced error message, but returned zero.

Signed-off-by: Michal Hlavinka <email address hidden>

395. By Michal Hlavinka

refuse mounting with too small rsa key (key_mod_openssl)

We can't use small rsa keys. FEK is encrypted with RSA key.
RSA key allows encryption only rsa_key_bitsize/8. We use
41 B for padding and 3 B are used in message from kernel.
So we can encrypt only rsa_key_bitsize/8-41-3 B. But when
using 512 b rsa key, it gives us only 20 B, so we can't use
ecryptfs_key_bytes > 20. Don't allow mounting with
these values. See Red Hat bug #499175.

Signed-off-by: Michal Hlavinka <email address hidden>

396. By Michal Hlavinka

decision_graph.c : allow only sane values

Restrict input to sane values only (for example ecryptfs_key_bytes).
Do not allow something like ecryptfs_key_bytes=17. Produce error
if the value is not one of the allowed values for node transaction.
Decision graph usualy returns NULL_TOK for wrong value, but NULL_TOK
is also returned by end node, so these values are treated ok. After
this change decision graph returns error if node has transitions but
no transition is used (matches input).

Signed-off-by: Michal Hlavinka <email address hidden>

397. By Michal Hlavinka

module_mgr.c: don't print empty line for piped passphrase input

Don't print empty line when using pipe for passphrase input.
In this case prompt is empty and input is no echoed, so there
is nothing in the line.

Signed-off-by: Michal Hlavinka <email address hidden>

398. By Michal Hlavinka

ecryptfs-add-passphrase: return nonzero for --fnek when not supported

When user adds --fnek and fnek is not supported by kernel, error message
is produced and e-a-p terminates, but successfuly. Return non zero.

Signed-off-by: Michal Hlavinka <email address hidden>

399. By Michal Hlavinka

ecryptfs_insert_wrapped_passphrase_into_keyring: fix return codes

ecryptfs_insert_wrapped_passphrase_into_keyring returned nonzero
if key was already in keayring, but key is in the keyring in the end
and that's the only thing we care about, so return zero.

Signed-off-by: Michal Hlavinka <email address hidden>

400. By Michal Hlavinka

verify passphrase when generating new openssl key

When creating new openssl key using ecryptfs-manager,
password is typed without echo, so ask for confirmation.

Signed-off-by: Michal Hlavinka <email address hidden>

401. By Michal Hlavinka

fix typo in ecryptfs-rewrite-file man page

Fix typo in ecryptfs-rewrite-file man page.

Signed-off-by: Michal Hlavinka <email address hidden>

402. By Michal Hlavinka

ecryptfs-rewrite-file: polish output

Minor improvement of progress output. See Red Hat bug 500813.

Signed-off-by: Michal Hlavinka <email address hidden>

403. By Michal Hlavinka

key_management: inform about full keyring

When keyring is full, mount.ecryptfs returned just -1 (ENOPERM). Now,
it informs about full keyring and pass through correct error code.

Signed-off-by: Michal Hlavinka <email address hidden>

404. By Michal Hlavinka

ecryptfs-dot-private: remove execution bit

This file should be only sourced, not executed,
so execution bit is not necessary here.

Signed-off-by: Michal Hlavinka <email address hidden>

405. By Michal Hlavinka

pam_ecryptfs: check ecryptfs support for kernel module loading

When auto-mounting, ecryptfs kernel module does not have to be
in kernel yet. ecryptfs_insert_wrapped_passphrase_into_keyring
call checks if kernel supports file name encryption, but because
this module is not loaded and because it can't load kernel module
itself since called with uid of the user, file name encryption
is not used.

Signed-off-by: Michal Hlavinka <email address hidden>

406. By Michal Hlavinka

insert fnek sig into keyring if fnek support check fails

When mounting and ecryptfs version check fails, add fnek sig
into keyring too. This is harmless and prevents situations
where file names are not decrypted because check failed.
This affects only pam_ecryptfs and
ecryptfs-insert-wrapped-passphrase-into-keyring.

Signed-off-by: Michal Hlavinka <email address hidden>

407. By Michal Hlavinka

fix EOF handling

Input was read until '\n' was found, but EOF vaules were ignored.
This led to continuous reading (and memory consuming) when eof was
hit (for example in cron tasks). This fixes Red Hat bugzilla 499367.
Bug: #371587.

Signed-off-by: Michal Hlavinka <email address hidden>

408. By Michal Hlavinka

make desktop files trusted

Make desktop files to be trusted by nautilus. This requires +x permission
on them. This fixes Red Hat bz 500638. Bug: #371426.

Signed-off-by: Michal Hlavinka <email address hidden>

Revision history for this message
Michal Hlavinka (mhlavink) wrote :

ping, any update on this merge?

lp://staging/~mhlavink/ecryptfs/fix3 updated
409. By Michal Hlavinka

key_management.c: don't fail if key already exists in keyring

If adding key to keyring and key is already there, it doesn't
mean there is any problem, we need that key and we have it.

Signed-off-by: Michal Hlavinka <email address hidden>

Revision history for this message
Michal Hlavinka (mhlavink) wrote :

ping, any update on this merge? It's over two months now...

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

On Mon, Jul 13, 2009 at 1:48 AM, Michal Hlavinka<email address hidden> wrote:
> ping, any update on this merge? It's over two months now...

Sorry, Michal, I've been pulled off to other things. I'll get this
done by the end of the week.

Cheers,
:-Dustin

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Approved, with a few minor edits, per IRC.

Thanks a lot Michal for the fixes and testing!

:-Dustin

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'doc/manpage/ecryptfs-mount-private.1'
2--- doc/manpage/ecryptfs-mount-private.1 2009-02-03 08:50:36 +0000
3+++ doc/manpage/ecryptfs-mount-private.1 2009-05-04 15:23:03 +0000
4@@ -6,7 +6,7 @@
5 \fBecryptfs-mount-private\fP
6
7 .SH DESCRIPTION
8-\fBecryptfs-mount-private\fP is a wrapper script for the \fBmount.ecryptfs_private\fP utility that will interactively prompt for the user's login password, if necessary.
9+\fBecryptfs-mount-private\fP is a wrapper script for the \fBmount.ecryptfs_private\fP utility that will interactively prompt for the user's login password, if necessary. You need to be a member of \fBecryptfs\fB group to use this.
10
11 .SH FILES
12 \fI~/.Private\fP - underlying directory containing encrypted data
13
14=== modified file 'doc/manpage/ecryptfs-setup-private.1'
15--- doc/manpage/ecryptfs-setup-private.1 2009-03-18 22:00:04 +0000
16+++ doc/manpage/ecryptfs-setup-private.1 2009-05-04 15:23:03 +0000
17@@ -43,7 +43,7 @@
18
19
20 .SH DESCRIPTION
21-\fBecryptfs-setup-private\fP is a program that sets up a private cryptographic mountpoint for a non-root user.
22+\fBecryptfs-setup-private\fP is a program that sets up a private cryptographic mountpoint for a non-root user, who is a member of \fBecryptfs\fP group.
23
24 Be sure to properly escape your parameters according to your shell's special character nuances, and also surround the parameters by double quotes, if necessary. Any of the parameters may be:
25
26
27=== modified file 'doc/manpage/ecryptfs.7'
28--- doc/manpage/ecryptfs.7 2009-04-21 23:20:27 +0000
29+++ doc/manpage/ecryptfs.7 2009-05-05 11:34:41 +0000
30@@ -79,7 +79,7 @@
31 The filename should be the filename of a file containing an RSA SSL key.
32 .TP
33 .B openssl_passwd_file=(filename)
34-The password should be specified in a file with passwd=(openssl-password). It is highly reccomended that the file be stored on a secure medium such as a personal usb key.
35+The password should be specified in a file with openssl_passwd=(openssl-password). It is highly reccomended that the file be stored on a secure medium such as a personal usb key.
36 .TP
37 .B openssl_passwd_fd=(file descriptor)
38 The password is specified through the specified file descriptor.
39
40=== modified file 'doc/manpage/mount.ecryptfs_private.1'
41--- doc/manpage/mount.ecryptfs_private.1 2009-02-23 21:31:11 +0000
42+++ doc/manpage/mount.ecryptfs_private.1 2009-05-04 15:23:03 +0000
43@@ -8,7 +8,7 @@
44 \fBNOTE:\fP This program will \fBnot\fP dynamically load the relevant keys. For this reason, it is recommended that users use \fBecryptfs-mount-private\fP(1) instead!
45
46 .SH DESCRIPTION
47-\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users to cryptographically mount a private directory, ~/Private.
48+\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users, who are members of \fBecryptfs\fP group, to cryptographically mount a private directory, ~/Private.
49
50 If, and only if:
51 - the private mount passphrase is in their kernel keyring, and
52
53=== modified file 'doc/manpage/umount.ecryptfs_private.1'
54--- doc/manpage/umount.ecryptfs_private.1 2009-02-23 21:31:11 +0000
55+++ doc/manpage/umount.ecryptfs_private.1 2009-05-04 15:23:03 +0000
56@@ -14,7 +14,7 @@
57 Force the unmount, ignoring the value of the mount counter in \fI/tmp/ecryptfs-USERNAME-Private\fP
58
59 .SH DESCRIPTION
60-\fBumount.ecryptfs_private\fP is a mount helper utility for non-root users to unmount a cryptographically mounted private directory, ~/Private.
61+\fBumount.ecryptfs_private\fP is a mount helper utility for non-root users, who ares members of \fBecryptfs\fP group, to unmount a cryptographically mounted private directory, ~/Private.
62
63 If, and only if:
64 - the private mount passphrase is in their kernel keyring, and
65
66=== modified file 'src/key_mod/ecryptfs_key_mod_openssl.c'
67--- src/key_mod/ecryptfs_key_mod_openssl.c 2009-04-22 09:05:00 +0000
68+++ src/key_mod/ecryptfs_key_mod_openssl.c 2009-05-05 11:34:41 +0000
69@@ -629,7 +629,7 @@
70 walker = walker->next;
71 }
72 if (!walker) {
73- syslog(LOG_ERR, "%s: No passwd option found in file\n",
74+ syslog(LOG_ERR, "%s: No openssl_passwd option found in file\n",
75 __FUNCTION__);
76 rc = MOUNT_ERROR;
77 goto out;
78
79=== modified file 'src/libecryptfs/decision_graph.c'
80--- src/libecryptfs/decision_graph.c 2009-04-23 16:31:05 +0000
81+++ src/libecryptfs/decision_graph.c 2009-05-05 13:18:41 +0000
82@@ -209,8 +209,15 @@
83 struct ecryptfs_name_val_pair *nvp_head,
84 struct val_node **mnt_params, void **foo)
85 {
86+ static int repeated = 0;
87+ static struct param_node *lastnode = NULL;
88 int i, rc;
89
90+ if (current != lastnode)
91+ repeated = 0;
92+
93+ lastnode = current;
94+
95 for (i = 0; i < current->num_transitions; i++) {
96 struct transition_node *tn = &current->tl[i];
97 struct ecryptfs_name_val_pair *nvp = nvp_head->next;
98@@ -275,11 +282,17 @@
99 trans_func_tok_id =
100 tn->trans_func(ctx, current,
101 mnt_params, foo);
102- if (trans_func_tok_id == WRONG_VALUE &&
103- (ctx->verbosity ||
104- (current->flags & STDIN_REQUIRED))) {
105- *next = current;
106- return 0;
107+ if (trans_func_tok_id == WRONG_VALUE) {
108+ if (ctx->verbosity ||
109+ (current->flags & STDIN_REQUIRED)) {
110+ if (++repeated >= 5)
111+ return -EINVAL;
112+ else {
113+ *next = current;
114+ return 0;
115+ }
116+ } else
117+ return -EINVAL;
118 }
119 if (trans_func_tok_id == MOUNT_ERROR ||
120 trans_func_tok_id < 0)
121@@ -627,26 +640,32 @@
122 (&(node->val), prompt,
123 (node->flags
124 & ECRYPTFS_PARAM_FLAG_ECHO_INPUT));
125+ free(prompt);
126 if (node->val[0] == '\0' &&
127 (node->flags & ECRYPTFS_NONEMPTY_VALUE_REQUIRED)) {
128 fprintf(stderr,"Wrong input, non-empty value "
129 "required!\n");
130 goto obtain_value;
131 }
132- free(prompt);
133 if (node->flags & VERIFY_VALUE) {
134 rc = asprintf(&verify_prompt, "Verify %s",
135 node->prompt);
136 if (rc == -1)
137- return MOUNT_ERROR;
138+ return -ENOMEM;
139 rc = (ctx->get_string)
140 (&verify, verify_prompt,
141 (node->flags
142 & ECRYPTFS_PARAM_FLAG_ECHO_INPUT));
143+ free(verify_prompt);
144 if (rc)
145 return MOUNT_ERROR;
146- if (strcmp(verify, node->val))
147+ rc = strcmp(verify, node->val);
148+ free(verify);
149+ if (rc) {
150+ free(node->val);
151+ node->val = NULL;
152 goto obtain_value;
153+ }
154 }
155 if (node->val[0] == '\0') {
156 free(node->val);
157
158=== modified file 'src/libecryptfs/module_mgr.c'
159--- src/libecryptfs/module_mgr.c 2009-04-21 17:59:16 +0000
160+++ src/libecryptfs/module_mgr.c 2009-05-05 15:40:33 +0000
161@@ -97,15 +97,20 @@
162 .trans_func = sig_param_node_callback}}
163 };
164
165-/* returns: 1 for str=="yes" or "y", 0 for "no" or "n", -1 elsewhere */
166-static int is_yes(const char *str)
167+/* returns:
168+ * on_null for str == NULL
169+ * 1 for str=="yes" or "y"
170+ * 0 for str=="no" or "n"
171+ * -1 elsewhere */
172+static int is_yes(const char *str, int on_null)
173 {
174 if (str) {
175 if (!strcmp(str,"y") || !strcmp(str,"yes"))
176 return 1;
177 if (!strcmp(str,"no") || !strcmp(str,"n"))
178 return 0;
179- }
180+ } else
181+ return on_null;
182
183 return -1;
184 }
185@@ -120,7 +125,7 @@
186 {
187 int rc;
188
189- if (((rc=is_yes(node->val)) == 1) || (node->flags & PARAMETER_SET)) {
190+ if (((rc=is_yes(node->val, 0)) == 1) || (node->flags & PARAMETER_SET)) {
191 rc = stack_push(head, opt_name);
192 } else if (rc == -1)
193 rc = WRONG_VALUE;
194@@ -227,7 +232,7 @@
195 {
196 int yn, rc = 0;
197
198- if (((yn=is_yes(node->val)) > 0)
199+ if (((yn=is_yes(node->val, 0)) > 0)
200 || (node->flags & PARAMETER_SET)) {
201 int i;
202 struct val_node *val_node;
203
204=== modified file 'src/utils/ecryptfs-setup-private'
205--- src/utils/ecryptfs-setup-private 2009-03-24 19:38:23 +0000
206+++ src/utils/ecryptfs-setup-private 2009-05-04 15:23:03 +0000
207@@ -188,6 +188,11 @@
208 id "$USER" >/dev/null || error "User [$USER] does not exist"
209 fi
210
211+# Check if user is member of ecryptfs group
212+if ! groups "$USER" | sed -e 's| |\n|g' | grep -n 'ecryptfs$'; then
213+ error "User needs to be a member of ecryptfs group"
214+fi
215+
216 # Obtain the user's home directory
217 HOME=`getent passwd "$USER" | awk -F: '{print $6}'`
218 if [ ! -d "$HOME" ]; then

Subscribers

People subscribed via source and target branches