#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ecryptfs-utils 106.
+# Generated by GNU Autoconf 2.69 for ecryptfs-utils 108.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
# Identity of this package.
PACKAGE_NAME='ecryptfs-utils'
PACKAGE_TARNAME='ecryptfs-utils'
-PACKAGE_VERSION='106'
-PACKAGE_STRING='ecryptfs-utils 106'
+PACKAGE_VERSION='108'
+PACKAGE_STRING='ecryptfs-utils 108'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ecryptfs-utils 106 to adapt to many kinds of systems.
+\`configure' configures ecryptfs-utils 108 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ecryptfs-utils 106:";;
+ short | recursive ) echo "Configuration of ecryptfs-utils 108:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ecryptfs-utils configure 106
+ecryptfs-utils configure 108
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ecryptfs-utils $as_me 106, which was
+It was created by ecryptfs-utils $as_me 108, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
# Substitute ALL_LINGUAS so we can use it in po/Makefile
-# Set DATADIRNAME correctly if it is not set yet
-# (copied from glib-gettext.m4)
-if test -z "$DATADIRNAME"; then
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-extern int _nl_msg_cat_cntr;
- return _nl_msg_cat_cntr
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- DATADIRNAME=share
-else
- case $host in
- *-*-solaris*)
- ac_fn_c_check_func "$LINENO" "bind_textdomain_codeset" "ac_cv_func_bind_textdomain_codeset"
-if test "x$ac_cv_func_bind_textdomain_codeset" = xyes; then :
- DATADIRNAME=share
-else
- DATADIRNAME=lib
-fi
-
- ;;
- *)
- DATADIRNAME=lib
- ;;
- esac
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-
-
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ecryptfs-utils $as_me 106, which was
+This file was extended by ecryptfs-utils $as_me 108, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ecryptfs-utils config.status 106
+ecryptfs-utils config.status 108
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
AC_PREREQ(2.59)
-AC_INIT([ecryptfs-utils],[106])
+AC_INIT([ecryptfs-utils],[108])
AC_CANONICAL_HOST
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([${PACKAGE_NAME}], [${PACKAGE_VERSION}])
# compiler: $LTCC
# compiler flags: $LTCFLAGS
# linker: $LD (gnu? $with_gnu_ld)
-# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.10ubuntu1
+# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.11
# automake: $automake_version
# autoconf: $autoconf_version
#
PROGRAM=libtool
PACKAGE=libtool
-VERSION="2.4.2 Debian-2.4.2-1.10ubuntu1"
+VERSION="2.4.2 Debian-2.4.2-1.11"
TIMESTAMP=""
package_revision=1.3337
# Substitute ALL_LINGUAS so we can use it in po/Makefile
AC_SUBST(ALL_LINGUAS)
-# Set DATADIRNAME correctly if it is not set yet
-# (copied from glib-gettext.m4)
-if test -z "$DATADIRNAME"; then
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM([[]],
- [[extern int _nl_msg_cat_cntr;
- return _nl_msg_cat_cntr]])],
- [DATADIRNAME=share],
- [case $host in
- *-*-solaris*)
- dnl On Solaris, if bind_textdomain_codeset is in libc,
- dnl GNU format message catalog is always supported,
- dnl since both are added to the libc all together.
- dnl Hence, we'd like to go with DATADIRNAME=share
- dnl in this case.
- AC_CHECK_FUNC(bind_textdomain_codeset,
- [DATADIRNAME=share], [DATADIRNAME=lib])
- ;;
- *)
- [DATADIRNAME=lib]
- ;;
- esac])
-fi
-AC_SUBST(DATADIRNAME)
-
IT_PO_SUBDIR([po])
])
datadir = @datadir@
datarootdir = @datarootdir@
libdir = @libdir@
-DATADIRNAME = @DATADIRNAME@
-itlocaledir = $(prefix)/$(DATADIRNAME)/locale
+localedir = @localedir@
subdir = po
install_sh = @install_sh@
# Automake >= 1.8 provides @mkdir_p@.
.po.pox:
$(MAKE) $(GETTEXT_PACKAGE).pot
- $(MSGMERGE) $< $(GETTEXT_PACKAGE).pot -o $*.pox
+ $(MSGMERGE) $* $(GETTEXT_PACKAGE).pot -o $*.pox
.po.mo:
$(INTLTOOL_V_MSGFMT)$(MSGFMT) -o $@ $<
install-data-yes: all
linguas="$(USE_LINGUAS)"; \
for lang in $$linguas; do \
- dir=$(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES; \
+ dir=$(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \
$(mkdir_p) $$dir; \
if test -r $$lang.gmo; then \
$(INSTALL_DATA) $$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \
uninstall:
linguas="$(USE_LINGUAS)"; \
for lang in $$linguas; do \
- rm -f $(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo; \
- rm -f $(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo.m; \
+ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo; \
+ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo.m; \
done
check: all $(GETTEXT_PACKAGE).pot
int rc;
decrypted_passphrase_bytes = strlen(decrypted_passphrase);
- if (decrypted_passphrase_bytes > ECRYPTFS_MAX_PASSPHRASE_BYTES) {
- syslog(LOG_ERR, "Decrypted passphrase is [%d] bytes long; "
- "[%d] is the max\n", decrypted_passphrase_bytes,
+ if (decrypted_passphrase_bytes < 1 ||
+ decrypted_passphrase_bytes > ECRYPTFS_MAX_PASSPHRASE_BYTES) {
+ syslog(LOG_ERR, "Decrypted passphrase size is invalid; [1] to [%d] is the valid range\n",
ECRYPTFS_MAX_PASSPHRASE_BYTES);
rc = -EIO;
goto out;
if (fd != -1)
close(fd);
- return 0;
+ return rc;
}
/**
int rc = 0;
passphrase_size = strlen(passphrase);
- if (passphrase_size > ECRYPTFS_MAX_PASSPHRASE_BYTES) {
+ if (passphrase_size < 1 ||
+ passphrase_size > ECRYPTFS_MAX_PASSPHRASE_BYTES) {
passphrase_sig = NULL;
- syslog(LOG_ERR, "Passphrase too large (%d bytes)\n",
- passphrase_size);
+ syslog(LOG_ERR, "Passphrase size is invalid; [1] to [%d] is the valid range\n",
+ ECRYPTFS_MAX_PASSPHRASE_BYTES);
return -EINVAL;
}
memcpy(salt_and_passphrase, salt, ECRYPTFS_SALT_SIZE);
if (setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid) < 0)
exit(-1);
execl("/sbin/umount.ecryptfs_private",
- "umount.ecryptfs_private", NULL);
+ "umount.ecryptfs_private", "-d", NULL);
exit(1);
}
exit(1);
for swap in $swaps; do
info `gettext "Setting up swap:"` "[$swap]"
uuid=$(blkid -o value -s UUID $swap)
- for target in "UUID=$uuid" $swap; do
+ # /etc/fstab might use a symlink like /dev/mapper/ubuntu--vg-swap_1
+ links=$(for d in $(udevadm info --query=symlink -n $swap); do echo /dev/$d; done)
+ for target in "UUID=$uuid" $swap $links; do
if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then
sed -i "s:^$target\s\+:\#$target :" /etc/fstab
warn "Commented out your unencrypted swap from /etc/fstab"
i=$((i+1))
[ -e "/dev/mapper/cryptswap$i" ] || break
done
+
+ # If this is a GPT partition, mark it as no-auto mounting, to avoid
+ # auto-activating it on boot
+ if [ "$(blkid -p -s PART_ENTRY_SCHEME -o value "$swap")" = "gpt" ]; then
+ drive="${swap%[0-9]*}"
+ partno="${swap#$drive}"
+ if [ -b "$drive" ]; then
+ if printf "x\np\n" | fdisk "$drive" | grep -q "^$swap .* GUID:.*\b63\b"; then
+ echo "$swap is already marked as no-auto"
+ else
+ # toggle flag 63 ("no auto")
+ echo "marking GPT swap partition $swap as no-auto..."
+ # unfortunately fdisk fails on "cannot re-read part table" and is very verbose
+ printf "x\nS\n$partno\n63\nr\nw\n" | fdisk "$drive" >/dev/null 2>&1 || true
+ fi
+ fi
+ fi
+
# Add crypttab entry
# Use /dev/urandom, since this is not a long lived key (generated each boot),
# and so that we don't block booting while waiting for entropy
echo " cd $PWD"
echo
fi
+ exit 0
fi
+exit 1
return bump_counter(fh, -MAXINT+1);
}
+/* Returns -1 on error, 0 on success, and 1 if the program should exit with 0 */
+static int parse_options(int argc, char *argv[], int *mounting, int *force,
+ int *nonzero_decrement_is_error, char **alias)
+{
+ const char *optstr, *usagestr;
+ int opt, usage = 0, rc = -1;
+
+ *force = 0;
+ *nonzero_decrement_is_error = 1;
+ *alias = NULL;
+
+ /* Determine if mounting or unmounting by looking at the invocation */
+ if (strstr(argv[0], "umount") == NULL) {
+ *mounting = 1;
+ optstr = "h";
+ usagestr = "[ALIAS]\n"
+ "Mount the default private directory or ALIAS, if specified.\n"
+ "\n"
+ " -h display this help and exit\n";
+ } else {
+ *mounting = 0;
+ optstr = "hfd";
+ usagestr = "[-f] [-d] [ALIAS]\n"
+ "Unmount the default private directory or ALIAS, if specified.\n"
+ "\n"
+ " -h display this help and exit\n"
+ " -f forcibly unmount\n"
+ " -d don't treat a non-zero session counter as an error\n";
+ }
+
+ while ((opt = getopt(argc, argv, optstr)) != -1) {
+ switch (opt) {
+ case 'h':
+ rc = 1;
+ usage = 1;
+ goto out;
+ case 'f':
+ *force = 1;
+ break;
+ case 'd':
+ *nonzero_decrement_is_error = 0;
+ break;
+ default:
+ usage = 1;
+ goto out;
+ }
+ }
+
+ if (optind < (argc - 1)) {
+ usage = 1;
+ goto out;
+ } else if (optind == (argc - 1)) {
+ *alias = argv[optind];
+ }
+
+ rc = 0;
+out:
+ if (usage)
+ fprintf(stderr, "Usage: %s %s", argv[0], usagestr);
+ return rc;
+}
/* This program is a setuid-executable allowing a non-privileged user to mount
* and unmount an ecryptfs private directory. This program is necessary to
int main(int argc, char *argv[]) {
uid_t uid;
gid_t gid;
- int mounting;
- int force = 0;
+ int mounting, force, nonzero_decrement_is_error;
struct passwd *pwd;
char *alias, *src, *dest, *opt, *opts2;
char *sig_fekek = NULL, *sig_fnek = NULL;
goto fail;
}
+ switch (parse_options(argc, argv, &mounting, &force,
+ &nonzero_decrement_is_error, &alias)) {
+ case -1:
+ goto fail;
+ case 1:
+ goto success;
+ default:
+ break; /* proceed */
+ }
+
/* If no arguments, default to private dir; but accept at most one
argument, an alias for the configuration to read and use.
*/
- if (argc == 1) {
+ if (alias == NULL) {
/* Use default source and destination dirs */
alias = ECRYPTFS_PRIVATE_DIR;
if ((asprintf(&src, "%s/.%s", pwd->pw_dir, alias) < 0) || src == NULL) {
perror("asprintf (dest)");
goto fail;
}
- } else if (argc == 2) {
- alias = argv[1];
+ } else {
/* Read the source and destination dirs from .conf file */
if (read_config(pwd->pw_dir, uid, alias, &src, &dest, &opts2) < 0) {
fputs("Error reading configuration file\n", stderr);
fputs("Mount options are not supported here\n", stderr);
exit(1);
}
- } else {
- fputs("Too many arguments\n", stderr);
- exit(1);
}
if (strstr(alias, "..")) {
goto fail;
}
- /* Determine if mounting or unmounting by looking at the invocation */
- if (strstr(argv[0], "umount") == NULL) {
- mounting = 1;
- } else {
- mounting = 0;
- /* Determine if unmounting is forced */
- if (argv[1] != NULL && strncmp(argv[1], "-f", 2) == 0) {
- force = 1;
- } else {
- force = 0;
- }
- }
-
/* Fetch signatures from file */
/* First line is the file content encryption key signature */
/* Second line, if present, is the filename encryption key signature */
if (force == 1) {
zero(fh_counter);
} else if (decrement(fh_counter) > 0) {
+ if (!nonzero_decrement_is_error)
+ goto success;
fputs("Sessions still open, not unmounting\n", stderr);
goto fail;
}
rc = 1;
goto out;
}
+
+ /* Ensure that an empty passphrase is rejected */
+ if ((rc = ecryptfs_wrap_passphrase(path, "testwrappw", salt, "")) == 0) {
+ fprintf(stderr, "ecryptfs_wrap_passphrase() wrapped an empty passphrase\n");
+ rc = 1;
+ goto out;
+ }
+
+ /* Ensure that an empty wrapping passphrase is rejected */
+ if ((rc = ecryptfs_wrap_passphrase(path, "", salt, "testpassphrase")) == 0) {
+ fprintf(stderr, "ecryptfs_wrap_passphrase() used an empty wrapping passphrase\n");
+ rc = 1;
+ goto out;
+ }
+
rc = 0;
out:
return rc;