debian/0000755000000000000000000000000012210434120007153 5ustar debian/libpam-mount.lintian-overrides0000644000000000000000000000012711674153324015160 0ustar # libcryptmount is an internal library libpam-mount: package-name-doesnt-match-sonames debian/control0000644000000000000000000000245312210432322010564 0ustar Source: libpam-mount Section: admin Priority: extra Maintainer: Bastian Kleineidam Build-Depends: debhelper (>= 9), libpam0g-dev, libssl-dev, libhx-dev (>= 3.12.1), libxml2-dev, pkg-config (>= 0.19), autotools-dev, libcryptsetup-dev (>= 1.1.2), automake, libtool, hardening-wrapper, libmount-dev (>= 2.20), libblkid-dev, libpcre3-dev Standards-Version: 3.9.4 Homepage: http://pam-mount.sourceforge.net/ Package: libpam-mount Section: admin Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, mount (>= 2.12-3) [linux-any], libpam-runtime (>= 1.0.1-6), base-files (>= 6.4) Suggests: ncpfs, cifs-utils, openssl, fuse, davfs2, lsof, psmisc, xfsprogs, sshfs, tc-utils Conflicts: libncp (<< 2.2.0.19.10), dmsetup (<< 2:1.02.48-1) Description: PAM module that can mount volumes for a user session This module is aimed at environments with central file servers that a user wishes to mount on login and unmount on logout, such as (semi-)diskless stations where many users can logon. . The module also supports mounting local filesystems of any kind the normal mount utility supports, with extra code to make sure certain volumes are set up properly because often they need more than just a mount call, such as encrypted volumes. This includes SMB/CIFS, FUSE, dm-crypt and LUKS. debian/source.lintian-overrides0000644000000000000000000000017211166476463014064 0ustar # pam_mount.txt is generated from pam_mount.8 which we modified patch-system-but-direct-changes-in-diff doc/pam_mount.txt debian/libpam-mount.postrm0000644000000000000000000000220011166476463013050 0ustar #!/bin/sh # postrm script for libpam-mount # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package OLDCONF=/etc/security/pam_mount.conf NEWCONF=${OLDCONF}.xml case "$1" in purge) # remove old config files from previous versions [ -f $OLDCONF ] && rm -f $OLDCONF [ -f $NEWCONF.default ] && rm -f $NEWCONF.default ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/libpam-mount.prerm0000644000000000000000000000126111242610657012645 0ustar #! /bin/sh set -e # pam-auth-update --remove removes the named profile from the active # config. It arguably should be called during deconfigure as well, # but deconfigure can happen in some cases during a dist-upgrade and # we don't want to deconfigure all PAM modules in the middle of a # dist-upgrade by accident. # # More importantly, with the current implementation, --remove also # removes all local preferences for the named config (such as whether # it's enabled or disabled), which we don't want to do on deconfigure. # This may need to change later as pam-auth-update evolves. if [ "$1" = "remove" ] ; then pam-auth-update --package --remove libpam-mount fi #DEBHELPER# debian/pmt-ofl.10000644000000000000000000000124211243051513010620 0ustar .TH pmt\-ofl 1 "2009\-08\-19" "pam_mount" "pam_mount" .SH Name .PP pmt\-ofl - Show processes using directories/files/mountpoints .SH Syntax .PP \fBpmt\-ofl\fP [\fIoptions\fP] \fIpath\fP... .SH Options .TP \fB\-k\fP \fINUM/NAME\fP Signal to send (if any). .TP \fB\-\-help\fP Show help message. .TP \fB\-\-usage\fP Display brief usage message. .SH Description .PP All processes are listed that access the given directories, files or mountpoints. The process information is read from the \fB/proc\fP filesystem. .SH Author .PP This manpage was originally written by Bastian Kleineidam for the Debian distribution of libpam\-mount but may be used by others. debian/NEWS0000644000000000000000000000502612106454374007676 0ustar libpam-mount (1.27-3) unstable; urgency=low The file inclusion of /etc/pam.d/common-pammount is now deprecated. It has been replaced with pam-auth-update(8). Read the pam-auth-update(8) manpage for more information. . As a result, all manually added inclusions of common-pammount of files in /etc/pam.d should be removed or commented out. A note will be printed on the console if such inclusions are detected on upgrade. -- Bastian Kleineidam Tue, 18 Aug 2009 22:29:29 +0200 libpam-mount (1.2+gitaa4791f-1) unstable; urgency=low Upgrading from version << 0.20 is not supported anymore. Please install an intermediate version 0.49 for upgrading. -- Bastian Kleineidam Wed, 12 Nov 2008 17:48:27 +0100 libpam-mount (0.21-2) unstable; urgency=low When upgrading from versions << 0.20 the old configuration will automatically be converted to the new format and stored at /etc/security/pam_mount.conf.xml. The default configuration will be available at /etc/security/pam_mount.conf.xml.default. . Note that per-user configuration files ($HOME/.pam_mount.conf) have still to be converted manually. . IMPORTANT: please check the validity of the converted file /etc/security/pam_mount.conf.xml, since the converter might have introduced bugs. -- Bastian Kleineidam Tue, 18 Sep 2007 19:31:13 +0200 libpam-mount (0.20-1) unstable; urgency=low The pam_mount.conf syntax changed in version 0.20.0. It is now in an XML format and stored in /etc/security/pam_mount.conf.xml. . You can convert your old pam_mount.conf file to the new XML syntax with the script /usr/share/doc/libpam-mount/examples/convert_pam_mount_conf.pl. . Note that this script needs the libxml-writer-perl package installed. -- Bastian Kleineidam Wed, 05 Sep 2007 20:02:46 +0200 libpam-mount (0.10.0-2) unstable; urgency=low The pam_mount.conf syntax changed in version 0.10.0. Old 'local' filesystem types are now invalid. Replace them with the actual filesystem type of the partition you are mounting. For example a line: volume user local - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - - now must be: volume user ext3 - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - - Furthermore, the old "smb" filesystem type must be renamed to "smbfs". -- Bastian Kleineidam Sun, 4 Dec 2005 20:09:04 +0100 debian/libpam-mount.docs0000644000000000000000000000011011166476463012452 0ustar doc/pam_mount.txt doc/faq.txt doc/todo.txt doc/options.txt doc/bugs.txt debian/compat0000644000000000000000000000000212047167450010372 0ustar 9 debian/rules0000755000000000000000000000255312210434036010246 0ustar #!/usr/bin/make -f export DEB_BUILD_HARDENING=1 %: dh $@ # helper var BASE:=$(CURDIR)/debian/libpam-mount # Only use libcrypt on Linux systems DEB_HOST_ARCH_OS:=$(shell dpkg-architecture -qDEB_HOST_ARCH_OS) ifeq ($(DEB_HOST_ARCH_OS),linux) EXTRACONF:=--with-cryptsetup else EXTRACONF:=--without-cryptsetup endif override_dh_auto_configure: # regenerate autotool files since we patched Makefile.am ./autogen.sh # install pam_mount.so in /lib/security; enable selinux install; # install DTD for XML configuration dh_auto_configure -- --libdir=/lib --with-selinux --with-dtd $(EXTRACONF) override_dh_installchangelogs: # install custom changelog dh_installchangelogs doc/news.txt override_dh_auto_install: dh_auto_install # install configuration install -m 0644 config/pam_mount.conf.xml $(BASE)/etc/security # remove unused encfs 1.3 helper rm -f $(BASE)/sbin/mount.encfs13 # install pam-auth-update script install -m 0644 debian/pam-auth-update $(BASE)/usr/share/pam-configs/libpam-mount # remove var/run directory as it gets created automatically when missing rmdir $(BASE)/var/run/pam_mount # remove unneeded libcryptmount.so and libcryptmount.la rm $(BASE)/lib/libcryptmount.so $(BASE)/lib/libcryptmount.la override_dh_clean: # remove generated file dh_clean src/umount.crypt # use xz for debian binary package compression override_dh_builddeb: dh_builddeb -- -Zxz debian/libpam-mount.dirs0000644000000000000000000000005011242612623012447 0ustar sbin etc/security usr/share/pam-configs debian/libpam-mount.manpages0000644000000000000000000000035111243051145013302 0ustar doc/mount.crypt.8 doc/mount.crypt_LUKS.8 doc/mount.crypto_LUKS.8 doc/pam_mount.8 doc/pam_mount.conf.5 doc/pmt-ehd.8 doc/pmt-fd0ssh.1 doc/pmvarrun.8 doc/umount.crypt.8 doc/umount.crypt_LUKS.8 doc/umount.crypto_LUKS.8 debian/pmt-ofl.1 debian/pam-auth-update0000644000000000000000000000030211657230366012111 0ustar Name: Mount volumes for user Default: yes Priority: 128 Auth-Type: Additional Auth: optional pam_mount.so Session-Interactive-Only: yes Session-Type: Additional Session: optional pam_mount.so debian/watch0000644000000000000000000000013111430312021010175 0ustar # watch control file for uscan version=3 http://sf.net/pam-mount/pam_mount-(.*)\.tar\.xz debian/libpam-mount.postinst0000644000000000000000000000310711300416325013373 0ustar #!/bin/sh # postinst script for libpam-mount # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) # check for deprecated common-pammount usage files=`grep -l --null "^@include common-pammount" /etc/pam.d/* | xargs -0 echo 2>/dev/null` if [ -n "$files" ]; then echo "NOTE: deprecated common-pammount includes have been detected in the" echo "following files: $files" echo "Please remove or comment out the line '@include common-pammount'" echo "in those files." echo "See /usr/share/doc/libpam-mount/NEWS.Debian.gz for more info." fi # move cmtab to /var/run if [ -f /etc/cmtab ]; then if [ ! -f /var/run/cmtab ]; then mv /etc/cmtab /var/run/cmtab fi fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac pam-auth-update --package # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/README.Debian0000644000000000000000000000476212174042574011246 0ustar Installation on a Debian system =============================== Edit the global configuration file /etc/security/pam_mount.conf.xml and add the volumes you want to mount upon login. If you enable the "luserconf" entry, every user can specify their own mounts in $HOME/.pam_mount.conf.xml. Note that user-specified volumes are mounted under the logged in user, not as root. See the pam_mount(8) and pam_mount.conf(5) man pages for more information. All changes to the file /etc/security/pam_mount.conf.xml take effect on the next login, so the next time a login shell is started, any new configured volumes will be read and mounted. If xmllint is installed, the configuration file can be validated with the following command: xmllint --nonet --noout --loaddtd --valid --path /usr/share/xml/pam_mount/dtd/pam_mount.conf.xml.dtd /etc/security/pam_mount.conf.xml Configuration of PAM applications ================================== This package uses pam-auth-update(8) to configure itself for all PAM applications. See the pam-auth-update(8) manpage for more info. Required packages for specific mount types ========================================== All the packages below are suggested, since you do not need all of them to successfully use libpam-mount. Mount type Required packages ------------------------------------------------- Samba (cifs) cifs-utils NetWare (ncpfs) ncpfs LUKS or Dm-crypt (crypt) cryptsetup, openssl, psmisc, fuser cryptoloop openssl, cryptoloop-source (for 2.4 kernels) Fuse (fuser) fuse, sshfs Truecrypt (truecrypt) no official package available WebDAV (davfs) davfs2 XFS (xfs) xfsprogs All filesystems also require the appropriate kernel support. See /proc/filesystems for a list of supported filesystems of the current kernel. Notes and bugs -------------- - If you use SSH, you have to adjust /etc/ssh/sshd_config like this: UsePAM yes UsePrivilegeSeparation no ChallengeResponseAuthentication no PasswordAuthentication yes - Does not work properly with most (all?) ssh implementations + openssh-server and the old ssh-krb5 mount ok, but do not unmount see bug: http://bugs.debian.org/372680 + lsh-server does not work at all; it does not use PAM - Only works with gksu when debugging is disabled. Be sure to set "debug 0" in /etc/security/pam_mount.conf.xml if you use gksu. Some PAM modules require a mounted home directory (eg. pam_gnome_keyring used in gdm). These modules have to be moved after the common-pammount include if home directories are mounted. debian/changelog0000644000000000000000000017537412210403707011055 0ustar libpam-mount (2.14-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Sat, 31 Aug 2013 17:12:07 +0200 libpam-mount (2.14~zgit3+966c6bea-3) unstable; urgency=low * New patch 012-groups-malloc-check Fixes the groups malloc error check. * Updated README.Debian (Closes: #705710) -- Bastian Kleineidam Wed, 24 Jul 2013 23:25:11 +0200 libpam-mount (2.14~zgit3+966c6bea-2) unstable; urgency=low * New patch 011-pmvarrun-no-l0g: Do not use l0g() function in pmvarrun, it segfaults. -- Bastian Kleineidam Thu, 27 Jun 2013 18:36:29 +0100 libpam-mount (2.14~zgit3+966c6bea-1) unstable; urgency=low * New upstream git snapshot. * Add missing crypto libs to mount.crypt (Closes: #713621) -- Bastian Kleineidam Tue, 25 Jun 2013 21:52:50 +0200 libpam-mount (2.14~zgit2+aa0d624e-2) unstable; urgency=low * Suggest fuse instead of fuse-utils. Closes: #698182 -- Bastian Kleineidam Tue, 15 Jan 2013 07:27:27 +0100 libpam-mount (2.14~zgit2+aa0d624e-1) unstable; urgency=low * New git upstream snapshot. -- Bastian Kleineidam Fri, 09 Nov 2012 12:56:05 +0100 libpam-mount (2.14~zgit1+ad53f3559-1) unstable; urgency=low * New git upstream snapshot. * Added patch disallow-luserconf-path: do not allow setting of PATH in user-owned configuration files. -- Bastian Kleineidam Thu, 09 Aug 2012 12:00:05 +0200 libpam-mount (2.14~git+d1d6f871-1) unstable; urgency=low * New git upstream snapshot. * New Standards version 3.9.3. -- Bastian Kleineidam Sat, 31 Mar 2012 14:25:04 +0200 libpam-mount (2.14~gited542159-2) unstable; urgency=low * Added patch fix-mount-crypt-fork-bomb: specifying "fstype=crypt" to mount.crypt is now ignored. (Closes: #649126) -- Bastian Kleineidam Mon, 16 Jan 2012 19:48:56 +0100 libpam-mount (2.14~gited542159-1) unstable; urgency=low * Upstream git snapshot from commit ed542159. + fixes "ehd_logctl: feature 1 is already zero" messages (Closes: #655921) * Make the package build only on Linux systems. Other systems like kfreebsd or hurd are not supported upstream. (Closes: #655083) * Use debhelper compatibility level 8. -- Bastian Kleineidam Mon, 16 Jan 2012 17:39:39 +0100 libpam-mount (2.13-1) unstable; urgency=low * New upstream release. (Closes: #652474, #622693) * Depend on libhx >= 3.12.1 (Closes: #652762) * Configure pam_mount for interactive sessions only. Prevents errors when using non-interactive sudo with pam_mount. I might re-enable it once #648066 is fixed, or when users start complaining. I would be interested which scripts really need pam_mount in non-interactive mode. * Updated patches for fd0ssh and ofl from hxtools package. * Updated build-depends: add libmount-dev and libblkid-dev * Add patch to fix pmt-ehd compilation. -- Bastian Kleineidam Tue, 20 Dec 2011 20:10:14 +0100 libpam-mount (2.11-1) unstable; urgency=low * New upstream release. * Removed Vcs-Git and Vcs-Browser from debian/control since they are supposed to include the debian/ files and not only upstream. (Closes: #635083) * Suggest cifs-utils instead of smbfs. (Closes: #638155) * Require base-files >= 6.4 since /run is used now. -- Bastian Kleineidam Thu, 08 Sep 2011 20:10:29 +0200 libpam-mount (2.10-2) unstable; urgency=low * Remove unused cdbs from build-depends. * Use hardening-wrapper for security flags. -- Bastian Kleineidam Sun, 01 May 2011 08:35:01 +0200 libpam-mount (2.10-1) unstable; urgency=low * New upstream release. + Properly umounts partitions (Closes: #610232) + Print warning about read-only /etc/mtab, which addresses #622693 * Depend on libhx >= 3.10.1 * Standards version 3.9.2 (no changes required) -- Bastian Kleineidam Sun, 17 Apr 2011 07:36:22 +0200 libpam-mount (2.9-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Thu, 07 Apr 2011 06:48:37 +0200 libpam-mount (2.8-2) unstable; urgency=low * Updated Vcs-Git and Vcs-Browser URLs. * Do not report EACCES in pmvarrun when unlinking login count file. Solves half of #615874. * Updated README.Debian to use pmt-ehd in the examples. -- Bastian Kleineidam Mon, 21 Mar 2011 09:09:36 +0100 libpam-mount (2.8-1) unstable; urgency=low * New upstream release. * Add libtool to build depends. -- Bastian Kleineidam Sat, 25 Dec 2010 11:24:23 +0100 libpam-mount (2.7-2) unstable; urgency=low * Fix build on kfreebsd-* (Closes: #606343) -- Bastian Kleineidam Wed, 08 Dec 2010 21:08:36 +0100 libpam-mount (2.7-1) unstable; urgency=low * New upstream release. + Remove mnt_fallback patch since squeeze will have 2.5 and upgrading from 0.4x versions is not needed anymore. + Readd copy of ofl and fd0ssh to avoid installing a complete new package. -- Bastian Kleineidam Fri, 03 Dec 2010 20:27:54 +0100 libpam-mount (2.5-4) unstable; urgency=low * Added patch hurd-path-max-define fixing build errors on HURD. -- Bastian Kleineidam Wed, 01 Sep 2010 21:13:40 +0200 libpam-mount (2.5-3) unstable; urgency=medium * Depend on mount only on linux. Other architectures have the mount binary in other packages. This makes the package installable on kfreebsd-*. (Closes: #594640) * Urgency medium due to RC bugfix. -- Bastian Kleineidam Mon, 30 Aug 2010 19:37:31 +0200 libpam-mount (2.5-2) unstable; urgency=medium * Improved arch detection in debian/rules. * Fix configure flag to disable libcryptsetup on non-linux systems. (Closes: #592492) * Urgency medium due to RC bugfix. -- Bastian Kleineidam Wed, 25 Aug 2010 21:26:53 +0200 libpam-mount (2.5-1) unstable; urgency=low * New upstream release. * Fixed debian/watch regex. * debian/control: use Standards version 3.9.1 * Build libcryptsetup support only on Linux systems (Closes: #592492) -- Bastian Kleineidam Tue, 10 Aug 2010 21:39:59 +0200 libpam-mount (2.4-1) unstable; urgency=low * New upstream release. * debian/control: use Standards version 3.9.0 -- Bastian Kleineidam Fri, 23 Jul 2010 23:00:05 +0200 libpam-mount (2.3-1) unstable; urgency=low * New upstream release. + mount.crypt passes keyfile info to open LUKS volumes (Closes: #528366) + umount.crypt works again (Closes: #581713) -- Bastian Kleineidam Wed, 19 May 2010 04:05:25 +0200 libpam-mount (2.1+git20100509-1) unstable; urgency=low * New upstream release, plus git changes until 9.5.2010 + Works now with other password slots than zero on crypted mounts (Closes: #580636) + Certainly includes old patch fixing the cron segfaults (Closes: #484122) * Only warn about missing fskey hash when an fskey path has been given. (Closes: #580430) -- Bastian Kleineidam Sun, 09 May 2010 10:46:01 +0200 libpam-mount (2.0-1) unstable; urgency=low * New upstream release. * Build-Depend on libcryptsetup-dev, and remove cryptsetup from the suggested packages. * Remove patch var_run_cmtab, which was applied upstream. * Add upstream git commit b4dbbfe to fix command line expansion. -- Bastian Kleineidam Wed, 28 Apr 2010 02:54:45 +0200 libpam-mount (1.36-1) unstable; urgency=low * New upstream release. * Build-Depend on libhx >= 3.4 * Replace suggestion of truecrypt | truecrypt-util with tc-utils, which actually exists. Closes: #577588 -- Bastian Kleineidam Tue, 13 Apr 2010 23:00:12 +0200 libpam-mount (1.33-2) unstable; urgency=low * Added patch grab_authtok_retcode: Fix regression in authentication token handling. -- Bastian Kleineidam Fri, 05 Mar 2010 22:42:52 +0100 libpam-mount (1.33-1) unstable; urgency=low * New upstream release. (Closes: #551976) * Use Standards version 3.8.4 -- Bastian Kleineidam Fri, 05 Mar 2010 00:25:56 +0100 libpam-mount (1.32-2) unstable; urgency=low * Use /var/run/cmtab instead of /etc/cmtab to store dynamic mount information. Complies with FHS standard. (Closes: #551327) * Switch to 3.0 (quilt) source format. * Switch to quilt patch management from dpatch * Remove old checks for <<0.22 versions since 0.44 is in stable -- Bastian Kleineidam Tue, 17 Nov 2009 04:48:00 +0100 libpam-mount (1.32-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Wed, 23 Sep 2009 07:18:19 +0200 libpam-mount (1.31-1) unstable; urgency=low * New upstream release. + patch 01_check_authtok_null: dropped, applied upstream * Add deprecation comment to common-pammount (Closes: #546188) -- Bastian Kleineidam Sun, 13 Sep 2009 21:55:19 +0200 libpam-mount (1.30-2) unstable; urgency=medium * New patch 01_check_authtok_null: Fixes segfault when running /bin/su and logging in from console as root. Urgency medium since this could lock out users from the system. (Closes: #545846) -- Bastian Kleineidam Wed, 09 Sep 2009 20:28:26 +0200 libpam-mount (1.30-1) unstable; urgency=low * New upstream release. + patch 14_no_double_mtab_removal: dropped, applied upstream + patch 13_avoid_sudo_crash: dropped, applied upstream + patch 07_correct_default_hash: dropped; there is no default hash or digest for openssl documented, so don't claim there is one. * The new version depends on an updated libHX library, so the FTBFS occuring with an older libHX library is fixed. (Closes: #545589) * Documented the pam-auth-update(8) usage as replacement of the old common-pammount file in debian/NEWS, the postinstall script, and debian/README.Debian. (Closes: #542787) -- Bastian Kleineidam Sat, 29 Aug 2009 08:03:43 +0200 libpam-mount (1.27-4) unstable; urgency=low * Remove old use_first_pass option from debian/pam-auth-update to avoid warnings. * Added pmt-ofl(1) manpage. -- Bastian Kleineidam Wed, 19 Aug 2009 21:05:32 +0200 libpam-mount (1.27-3) unstable; urgency=low * Install DTD for the XML configuration file so that it can be validated with xmllint. * Updated README.Debian: - added note about configuration validation - remove old notes about common-pammount * Added sshfs to the suggested packages. * Use Standards version 3.8.3 (no further changes required) * Updated 15_kfreebsd_defines patch: don't compile src/mount-sysv.c on kfreebsd systems. * Use pam-auth-update instead of a custom common-pammount file. Thanks to Steve Langasek for the patch. (Closes: #519956) -- Bastian Kleineidam Tue, 18 Aug 2009 22:29:29 +0200 libpam-mount (1.27-2) unstable; urgency=low * Build-depend on autotools-dev to be sure current config.guess and config.sub are used when compiling. * Add patch 15_kfreebsd_defines: Should fix compile error on GNU/k*BSD systems -- Bastian Kleineidam Wed, 12 Aug 2009 20:36:01 +0200 libpam-mount (1.27-1) unstable; urgency=low * New upstream release. - new patch 12_mnt_fallback: For upgrading, fall back to mtab parsing on unmount. - new patch 13_avoid_sudo_crash: Avoid sudo crashing; picked from upstream git. - new patch 14_no_double_mtab_removal: Avoid double mtab removal; picked from upstream git. - fixed interactive password input (Closes: #509234) - fixed SGRP matching (Closes: #512030) - does not ignore XML syntax errors (Closes: #532877) - added NFS4 recognition (Closes: #532875) -- Bastian Kleineidam Sun, 09 Aug 2009 10:47:41 +0200 libpam-mount (1.10-1) unstable; urgency=low * New upstream release. * Remove outdated FAQ entry (Closes: #514855) -- Bastian Kleineidam Wed, 11 Feb 2009 15:39:00 +0100 libpam-mount (1.9-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Fri, 16 Jan 2009 19:25:05 +0100 libpam-mount (1.8-1) unstable; urgency=low * New upstream release. - Fixes segfault when used in cron environments (Closes: #510990) * Removed use_first_pass from common-pammount (Closes: #509233) -- Bastian Kleineidam Wed, 07 Jan 2009 10:12:37 +0100 libpam-mount (1.7-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Fri, 02 Jan 2009 17:58:18 +0100 libpam-mount (1.6-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Sun, 28 Dec 2008 10:17:39 +0100 libpam-mount (1.5-2) unstable; urgency=low * Remove use_first_pass from common-pammount (Closes: #509233) -- Bastian Kleineidam Mon, 22 Dec 2008 14:08:21 +0100 libpam-mount (1.5-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Sun, 14 Dec 2008 08:52:03 +0100 libpam-mount (1.4-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Tue, 25 Nov 2008 00:31:21 +0100 libpam-mount (1.2+gitaa4791f-2) unstable; urgency=low * Replace try_first_pass in common-pammount with use_first_pass. * Remove old PAM keyword try_first_pass from manpage documentation (Closes: #505933) * Adjusted README.Debian to use '~' instead of '/home/user' in examples. * Add manpage aliases (u)mount.crypt_LUKS.8 to the (u)mount.crypt.8 pages. -- Bastian Kleineidam Tue, 18 Nov 2008 10:49:13 +0100 libpam-mount (1.2+gitaa4791f-1) unstable; urgency=low * New upstream release (with some patches still in the git repo). + Fixes cryptoloop bug (Closes: #502357, #502355) + Fixes unmounting folders ending in a slash (Closes: #495177) + Replaces old mount_ehd script (Closes: #494108) + Fixes mount.crypt option error (Closes: #502956) * Updated package description. * Suggest xfsprogs for XFS volume mounting. * Added patch from Michael Bramer to allow usernames to start with digits. Thanks! (Closes: #505258) * Do not support upgrading from old versions << 0.20 anymore. This means debconf templates are not needed anymore, including the new swedish one from Martin Bagge. Thanks anyway! (Closes: #503873) * New patch 11_correct_device_for_luks_test: + fix mounting of LUKS devices with mount.crypt * New patch 12_init_crypto_device_name: + Initialize crypto device name with NULL -- Bastian Kleineidam Wed, 12 Nov 2008 17:48:27 +0100 libpam-mount (0.48-1) unstable; urgency=high * New upstream release, using libhx >= 0.25. - Prevents security flaw CVE-2008-3970 (thus urgency high) (Closes: #499841) - Prevents double free in "su" usage (Closes: #493234) - Does "~" expanding in paths again (Closes: #497813) - Print names of blocking processes on umount (Closes: #494107) -- Bastian Kleineidam Sun, 28 Sep 2008 19:50:41 +0200 libpam-mount (0.44-1) unstable; urgency=low * New upstream release. (Closes: #492559, #493497, #493234, #494107) -- Bastian Kleineidam Mon, 25 Aug 2008 22:47:56 +0200 libpam-mount (0.43-1) unstable; urgency=low * New upstream release (Closes: #491222). -- Bastian Kleineidam Sat, 19 Jul 2008 21:11:42 +0200 libpam-mount (0.41-1) unstable; urgency=low * New upstream release. + Fixes wrong mount.crypt options in pam_mount.conf.xml. (Closes: #486599) -- Bastian Kleineidam Tue, 17 Jun 2008 09:59:01 +0200 libpam-mount (0.40-1) unstable; urgency=medium * New upstream release. + Fixes segfault when more than one volume was defined, thus urgency medium. (Closes: #485620) * New patch 07_use_fsck_conf: Make configured fsck options available to mount.crypt via the FSCK environment variable. (Closes: #481366) * New patch 08_check_return_codes: Check error conditions of some init functions. * New patch 09_fix_umount_crypt Fix conditional expression syntax of umount.crypt. * Use Standards version 3.8.0 * (Build-)Depend on libhx >= 0.18 * Install pam_mount(8) and pam_mount.conf(5) manpages. -- Bastian Kleineidam Tue, 10 Jun 2008 21:33:46 +0200 libpam-mount (0.39-1) unstable; urgency=low * New upstream release. * Use debhelper v7 * Updated build dependencies to use libhx-dev >= 1.17 -- Bastian Kleineidam Wed, 28 May 2008 20:37:06 +0200 libpam-mount (0.38-1) unstable; urgency=low * New upstream release. * Updated README.Debian file. + mention ordering of PAM modules using a mounted home directory (Closes: #481527) -- Bastian Kleineidam Sun, 18 May 2008 21:01:10 +0200 libpam-mount (0.35.1-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Fri, 11 Apr 2008 17:24:16 +0200 libpam-mount (0.35-2) unstable; urgency=low * Pull upstream patch to fix autodetection of ssl support. (Closes: #475256) -- Bastian Kleineidam Thu, 10 Apr 2008 11:10:16 +0200 libpam-mount (0.35-1) unstable; urgency=low * New upstream release. * Build-Depend on libhx >= 1.15, needed for the new %(ifnempty...) configuration magic. * Remove unneeded zlib development library from build dependencies. * Added pmt-fd0ssh(1) manpage. -- Bastian Kleineidam Sun, 06 Apr 2008 18:13:59 +0200 libpam-mount (0.33-3) unstable; urgency=low * Properly escape minus signs in pam_mount(8) manpage. Fixes lintian warnings. * Override lintian warning patch-system-but-direct-changes-in-diff since pam_mount.txt is generated from pam_mount.8 which we modified. * Use debhelper v6 and dh_lintian. * New patch 11_check_ftruncate_err: check ftruncate() return value. * Avoid linking pmvarrun against unused libraries -lssl -lcrypto. -- Bastian Kleineidam Fri, 14 Mar 2008 09:39:57 +0100 libpam-mount (0.33-2) unstable; urgency=low * Fix loop mount logic error. Thanks Holger Brunn for the patch. (Closes: #470081) -- Bastian Kleineidam Mon, 10 Mar 2008 00:37:31 +0100 libpam-mount (0.33-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Sat, 23 Feb 2008 08:48:31 +0100 libpam-mount (0.32-5) unstable; urgency=low * Use security flags for gcc invocations. * Upstream vcs is now git, so use Vcs-Git and adjust Vcs-Browser variables in debian/control. * Clarify that src/* files are LGPL licensed, all other files are GPL. -- Bastian Kleineidam Fri, 15 Feb 2008 18:43:20 +0100 libpam-mount (0.32-4) unstable; urgency=low * Update package description and Debconf templates as reviewed by the debian-l10n-english team as part of the Smith review project. (Closes: #459227) * Debconf translation updates: + Portuguese (Closes: #459967) + German (Closes: #462491) + Galician (Closes: #459988) + Vietnamese (Closes: #460032) + Basque (Closes: #460046, #462023) + Finnish (Closes: #460285) + Czech (Closes: #460950) + Italian (Closes: #461562) + Russian (Closes: #462133) + Dutch (Closes: #462436) + French (Closes: #462771) * Thanks to all the translators and the debian l10n team! -- Bastian Kleineidam Mon, 14 Jan 2008 14:37:36 +0100 libpam-mount (0.32-3) unstable; urgency=high * Build-depend on pkg-config. This should really fix the FTBFS errors (Closes: #454967, #454971), thus urgency high. * Make sure to remove old config files on purge. (Closes: #455032) -- Bastian Kleineidam Mon, 10 Dec 2007 07:53:06 +0100 libpam-mount (0.32-2) unstable; urgency=high * Fixed typo in versioned build dependencies for libhx-dev. This fixes FTBFS (Closes: #454967, #454971), thus urgency high. -- Bastian Kleineidam Sat, 08 Dec 2007 18:44:50 +0100 libpam-mount (0.32-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Fri, 07 Dec 2007 01:54:11 +0100 libpam-mount (0.31-3) unstable; urgency=low * Forgot to apply updated patch 02_check_null_options * Update Standards Version to 3.7.3, no changes required -- Bastian Kleineidam Tue, 04 Dec 2007 04:41:00 +0100 libpam-mount (0.31-2) unstable; urgency=low * Add portugese debconf translations, thanks Américo Monteiro. (Closes: #453917) * Updated patches: + 02_check_null_options, add upstream SVN patch to prevent segfault caused by a NULL options value, and check the return value of HXbtree_init(). -- Bastian Kleineidam Mon, 03 Dec 2007 12:59:23 +0100 libpam-mount (0.31-1) unstable; urgency=low * New upstream release. * Patches applied upstream: + 01_pam_mount_conf_fix + 04_convert_local_fstype_fix + 08_convert_attrs_after_splice_fix * Updated patches: + 02_check_null_options, fixed another segfault when logging out -- Bastian Kleineidam Sun, 02 Dec 2007 12:20:23 +0100 libpam-mount (0.29-5) unstable; urgency=low * Let the user decide wether to automatically convert the configuration to the new XML format or not. Also display a note to check the converted configuration, in case something goes wrong. (Downgrades: #452901) -- Bastian Kleineidam Mon, 26 Nov 2007 08:20:10 +0000 libpam-mount (0.29-4) unstable; urgency=low * New patch 04_convert_local_fstype_fix: convert 'local' fstype entries from old configuration format correctly. * New patch 07_already_mounted_no_fspt_test: The check if a volume is already mounted must ignore the target mount point. Else the case where a device is already mounted elsewhere is never detected. (Closes: #451156) * Add Vcs-Svn and Vcs-Browser fields to debian/control * New patch 08_convert_attrs_after_splice_fix: The sgrp, pgrp and user attributes must be filled after checking wrong splits, not before. Else user entries with spaces won't be converted correctly. (Closes: #452504) -- Bastian Kleineidam Fri, 23 Nov 2007 14:35:59 +0100 libpam-mount (0.29-3) unstable; urgency=low * New patch 02_check_null_options: check if options are NULL before using them. (Closes: #448417) -- Bastian Kleineidam Mon, 29 Oct 2007 09:01:39 +0100 libpam-mount (0.29-2) unstable; urgency=low * Fix Suggestion typo psmis -> psmisc. * Fixed copy-and-paste error in pam_mount.conf converter script, patch from SVN r380. (Closes: #446382) -- Bastian Kleineidam Fri, 12 Oct 2007 23:38:33 +0200 libpam-mount (0.29-1) unstable; urgency=low * New upstream release. * Dropped patches: + 04_spawn_pipes, applied upstream * First release with only Debian specific patches. Yay! * Added bugs.txt to documentation, which also lists PAM applications that drop root privileges, and thus fail to unmount properly on logout. Closes: #444419 -- Bastian Kleineidam Mon, 01 Oct 2007 15:55:23 +0200 libpam-mount (0.28-1) unstable; urgency=low * New upstream release. * Dropped patches: + 07_mount_option_space uneeded, mount and nfsmount support -o without a space + 09_password_prompt unneeded, the password prompt is configurable through the config + 14_convert_luserconf applied upstream + 15_pmvarrun_abspath unneeded, the bug is fixed via setting PATH manually + 16_close_session_no_volumes applied upstream * Add patch 04_spawn_pipes from upstream SVN: Fix file descriptor initialization and out-of-bounds array access. * Remove uneeded glib from Build-Depends. * Cleanup and updates for README.Debian: + put package requirements into separate paragraph + updated the examples for the new XML configuration format * Add psmisc and fuser packages to the Suggests since the umount.crypt uses them. -- Bastian Kleineidam Tue, 25 Sep 2007 14:24:49 +0200 libpam-mount (0.26-1) unstable; urgency=low * New upstream release. + Adds a "nullok" option for passwordless users. (Closes: #438186) * Dropped patches applied upstream: 08_mount_crypt_luksopen_args, 10_mount_crypt_syntax, 11_convert_empty_fields, 12_convert_error_msg, 13_convert_leading_whitespace * Mention that user-specified configuration files ($HOME/.pam_mount.conf) have to be manually converted in NEWS.Debian. (Closes: #443317) * Converter should write luserconf file with ".xml" appended. (Closes: #443316) * Ensure pmvarrun is an absolute path in the default configuration. * Move Homepage from description into control field. * Don't run pmvarrun or lookup user credentials when no volumes are configured. Fixes segfault when pam_mount is configured with su. (Closes: #443704) -- Bastian Kleineidam Mon, 24 Sep 2007 01:53:45 +0200 libpam-mount (0.21-3) unstable; urgency=medium * Fix order of argument in luksOpen call in mount.crypt. Without this, the cryptsetup call could segfault as outlined in http://bugs.debian.org/438198 Set urgency medium for this. Closes: #443192 -- Bastian Kleineidam Wed, 19 Sep 2007 13:55:42 +0200 libpam-mount (0.21-2) unstable; urgency=low * Fixes for convert_pam_mount_conf.pl: + Don't write empty fields as '-' when converting old config files with the convert script. (Closes: #442014) + Strip leading whitespace. (Closes: #442019) * When upgrading from versions << 0.20 run convert_pam_mount_conf.pl automatically. (Closes: #442017) -- Bastian Kleineidam Tue, 18 Sep 2007 19:31:13 +0200 libpam-mount (0.21-1) unstable; urgency=high * New upstream version. * Dropped patches applied upstream: 04_largefile64_macro, 10_mount_crypt_loop_check, 21_delay_system_auth * Updated patches: 03_debian_docs, 06_debian_manpages, 07_mount_option_space * Removed patches: 14_faq_debian (the CLOSE_SESSION param has been removed in current releases) * Install upstream changelog. * Add libxml2-dev to the build depends; RC bug, thus urgency high. Closes: #442986, #441922 * Rename debian/NEWS.Debian to debian/NEWS, so it really gets installed as /usr/share/doc/libpam-mount/NEWS.Debian :-o (References: #442017) -- Bastian Kleineidam Tue, 18 Sep 2007 14:50:13 +0200 libpam-mount (0.20-1) unstable; urgency=low * New upstream version. + Waits for up to 5 seconds when umounting a busy mount point. That and using lazy unmounting ("umount -l") should be enough workarounds for buggy applications that leave processes using the device after a session close. (Closes: #370526) + Uses new configuration file syntax; see NEWS.Debian for more info. * Dropped patches applied upstream: 02_hide_debug, 05_mount_crypt_break, 08_mount_crypt_readonly_luksopen, 11_no_debug, 17_readlink_path, 18_clear_krb5_env * Updated patches: 03_debian_docs, 04_largefile64_macro, 06_debian_manpages, 07_mount_option_space, 09_password_prompt, 10_mount_crypt_loop_check 14_faq_debian, 21_delay_system_auth * Add fuse-utils to suggested packages. * Add truecrypt-utils to suggested packages. The truecrypt license is non-free but the user could have a private package for it. * Add davfs2 to suggested packages. * Mention new filesystem types in README.Debian. * Remove the "send patches" line of the description. It is sufficient to have it in the README and manpage. -- Bastian Kleineidam Wed, 05 Sep 2007 20:02:46 +0200 libpam-mount (0.18-7) unstable; urgency=low * Adjust debian/watch file to use tar.bz2 instead of the older .tbz2 extension. * Use "Password:" as default password prompt, just like login(1) and other text-based login programs. (Closes: #439611) * Don't build a loop device on top of a loop device. This happens when the "loop" option is used. (Closes: #439703) -- Bastian Kleineidam Thu, 09 Aug 2007 12:19:45 +0200 libpam-mount (0.18-6) unstable; urgency=medium * Define _LARGEFILE64_SOURCE to enable 64 bit gzopen() on 32 bit systems. Fixes a compiler warning and possible segfaults on some architectures; thus urgency medium. (Closes: #435424) -- Bastian Kleineidam Tue, 31 Jul 2007 19:29:26 +0200 libpam-mount (0.18-5) unstable; urgency=low * Clear Kerberos environment setting after login. * Improved detection when to avoid an xdm crash * Add space before mount -o options (Closes: #434707) * Use luksOpen --readonly option for read-only LUKS mounts in mount.crypt. * Verified that openssh-server now works somewhat - mounts ok, but does not unmount. But at least it is usable. Thanks Margarita Manterola for testing. (Closes: #254679) -- Bastian Kleineidam Tue, 12 Dec 2006 09:39:23 +0100 libpam-mount (0.18-4) unstable; urgency=low * Added patch 21_delay_system_auth, fixing su and cron when configured with pam_mount. -- Bastian Kleineidam Sun, 3 Dec 2006 21:54:59 +0100 libpam-mount (0.18-3) unstable; urgency=medium * Remove the default debug option from pmvarrun (Closes: #390946) * Urgency medium, since the debug option enabled local attackers to verify valid usernames. -- Bastian Kleineidam Wed, 4 Oct 2006 12:11:27 +0200 libpam-mount (0.18-2) unstable; urgency=low * Document in NEWS.Debian that smb must be renamed to smbfs in releases >= 0.10. Thanks to Hubert Krause for the note. (Closes: #385555) -- Bastian Kleineidam Thu, 14 Sep 2006 19:55:10 +0200 libpam-mount (0.18-1) unstable; urgency=low * New upstream release. + Dropped 12_check_xmemdup, applied upstream + Dropped 15_va_args_reuse, applied upstream + Dropped 16_fusemount_chdir, applied upstream -- Bastian Kleineidam Thu, 7 Sep 2006 20:07:50 +0200 libpam-mount (0.17-3) unstable; urgency=medium * Patch 17_readlink_path: fix the path to readlink in umount.crypt * Urgency medium, since the 15_va_args_reuse patch fixes a segfault on AMD64 systems, which makes the package mostly unusable there. -- Bastian Kleineidam Wed, 9 Aug 2006 19:23:28 +0200 libpam-mount (0.17-2) unstable; urgency=low * Dropped 13_cifsmount_user patch: not necessary * Patch 14_faq_debian: update FAQ entry about Debian login package and CLOSE_SESSIONS * Patch 15_va_args_reuse pulled from SVN: avoid reusing va_list variables, fixes segfault on AMD64 * Patch 16_fusemount_chdir pulled from SVN: chdir to / for fusermount to work -- Bastian Kleineidam Tue, 8 Aug 2006 22:52:33 +0200 libpam-mount (0.17-1) unstable; urgency=low * New upstream release. * Updated README.Debian wrt to bugs in ssh servers * 04_sbin_umount dropped, applied upstream * Added patch 12_check_xmemdup: check return value of the xmemdup function * Added patch 11_no_debug: disable debug per default, since gksu is not working with debug enabled * Added patch 13_cifsmount_user: fix cifs user mount option -- Bastian Kleineidam Mon, 7 Aug 2006 19:57:44 +0200 libpam-mount (0.15-1) unstable; urgency=low * New upstream release (there was no 0.14 release). * Disable debugging per default, since the gksu program does not work with pam_mount debugging enabled * Disable patch 07_local_vol_user for now, this has to be tested more. * Disable the renaming of the debug variable (aka the XDM crasher), since upstream has fixed/worked around that. -- Bastian Kleineidam Fri, 28 Jul 2006 21:08:41 +0200 libpam-mount (0.13-4) unstable; urgency=low * Add LUKS example to README.Debian * New patch 09_spawn_set_sigchld Always set SIGCHLD signal handler to prevent gdm from destroying the pam_mount thread. * New patch 10_waitpid_check Added missing waitpid error checks, improved error message. -- Bastian Kleineidam Thu, 1 Jun 2006 23:47:41 +0200 libpam-mount (0.13-3) unstable; urgency=low * New patch 08_ehd_grep: Support wildcard entries in passwdehd and autoehd scripts. Improved error message when copying failed in passwdehd * Added command descriptions to passwdehd.1 and autoehd.1 manpages. * Standards version 3.7.2.0 (no changes required) -- Bastian Kleineidam Tue, 30 May 2006 21:05:38 +0200 libpam-mount (0.13-2) unstable; urgency=low * New patch 04_sbin_umount: Since umount.crypt moved to /sbin, also adjust the hard coded path when unmounting crypt devices. -- Bastian Kleineidam Fri, 21 Apr 2006 00:37:10 +0200 libpam-mount (0.13-1) unstable; urgency=low * New upstream release. * Dropped 22_loop_dev_sed.dpatch, applied upstream with modifications * Move (u)mount.crypt to /sbin which removes the symlink kludge * Drop 06_debian_install_prefix patch in favor of --libdir configure option -- Bastian Kleineidam Wed, 12 Apr 2006 23:37:05 +0200 libpam-mount (0.12.2-3) unstable; urgency=low * Fix device name for loopback crypt mounts. Patch by Johannes Lehtinen. (Closes: #358916) -- Bastian Kleineidam Sun, 26 Mar 2006 23:36:25 +0200 libpam-mount (0.12.2-2) unstable; urgency=low * Allow local .pam_mount.conf entries to have another username than the user logging in. Useful for example when the samba username is not equal to the unix username -- Bastian Kleineidam Thu, 2 Feb 2006 19:44:58 +0100 libpam-mount (0.12.2-1) unstable; urgency=low * New upstream release. * README.Debian: remove paragraph about the deprececated CLOSE_SESSIONS option. -- Bastian Kleineidam Tue, 31 Jan 2006 17:47:44 +0100 libpam-mount (0.12.0-1) unstable; urgency=low * New upstream release. Dropped patches applies upstream: 22_fstype_nodev 23_log_argv_close_cstdin 24_local_config 25_volume_record_asserts -- Bastian Kleineidam Wed, 11 Jan 2006 22:29:46 +0100 libpam-mount (0.11.0-1) unstable; urgency=low * New upstream version. Dropped patches applied upstream: 05_warnings 15_config_pam_mount_item 18_umount_crypt_errors 19_match_null 20_session_error * Remove suggestion of the realpath package since readlink -f is now used instead, which is in coreutils. * Remove build-depends on 'check', since it is not used. -- Bastian Kleineidam Fri, 30 Dec 2005 22:15:39 +0100 libpam-mount (0.10.0-3) unstable; urgency=low * updated debian/watch file to use new download URL * updated patch 18_umount_crypt_errors to accept a trailing slash in the umount path argument in case no /usr/bin/realpath is installed. -- Bastian Kleineidam Thu, 8 Dec 2005 20:14:41 +0100 libpam-mount (0.10.0-2) unstable; urgency=low * Replace old 'local' fstype config examples with 'ext3', in README.Debian and pam_mount.conf. Add an appropriate note to NEWS.Debian. * Fixed fstype_nodev() so that the check_filesystem() fsck routine is actually run. -- Bastian Kleineidam Mon, 5 Dec 2005 00:26:15 +0100 libpam-mount (0.10.0-1) unstable; urgency=low * New upstream release. The original bzipped tarball has been repackaged to an orig.tar.gz, no changes were made. * updated debian/copyright due to new upstream maintainer * updated README.Debian for new upstream changes * Use debhelper v5 -- Bastian Kleineidam Fri, 18 Nov 2005 22:31:56 +0100 libpam-mount (0.9.27.62-2) unstable; urgency=low * Update 17_mount_crypt_stdin again by not using the -d option of cryptsetup which disables the hashing. (Closes: #334694, #335208) -- Bastian Kleineidam Mon, 24 Oct 2005 23:17:47 +0200 libpam-mount (0.9.27.62-1) unstable; urgency=low * New upstream version, again via private mail from the new maintainer Jan Engelhardt. And the patch list changelog: - 01_init_sigmask dropped, applied upstream - 02_command_args dropped, applied upstream - 04_g_ascii_strup dropped, applied upstream - 07_mount_crypt_luks dropped, applied upstream - 08_user_groups dropped, applied upstream - 09_umount_crypt_realpath dropped, applied upstream - 10_mount_links dropped, applied upstream - 11_config_examples dropped, applied upstream - 12_pmvarrun_debug dropped, applied upstream - 13_symbol_clash_fix replaced with 21_pmdebug - 14_mount_crypt_quoting dropped, applied upstream (a little modified) - 16_vol_to_dev_cpy dropped, applied upstream - 17_mount_crypt_stdin updated, use test -t 0 for interactivity test (Closes: #334694) - 18_umount_crypt_errors new: Add REALPATH var, and check if it exists. - 19_string_index new: Fix off-by-one index errors, and make sure that the volume device is delimited with \0. - 20_session_error new: When mounts fail the session should indicate error. Otherwise a $HOME volume mount with a "required" entry in the PAM config is not working, ie. the user logs in even if the partition could not be mounted. - 21_pmdebug new: Rename Debug -> PMDebug to avoid crash when using with xdm. -- Bastian Kleineidam Wed, 19 Oct 2005 18:34:03 +0200 libpam-mount (0.9.27.49-2) unstable; urgency=low * Add exec and fsck to the mount options in the README.Debian examples. * Avoid conflicting symbols with other libraries and/or programs by using a unique prefix for global variables and methods. Thanks Paul Hampson for the note. (Closes: #324735) * Fix quoting of mount.crypt options, thanks Mattia Monga for the patch. (Closes: #332869, #334115) * Fix double free of config items if pam_close_session is called twice. Thanks Paul Hampson for the patch. (Closes: #302024) * Fix some string copy lengths in vol_to_dev(), could garble the device name display. * Make sure that crypsetup password is read from stdin in mount.crypt. -- Bastian Kleineidam Mon, 17 Oct 2005 23:21:29 +0200 libpam-mount (0.9.27.49-1) unstable; urgency=low * New upstream release from Jan Engelhardt (via private mail) with lots of our patches and more included. Here is the complete list: - 02_setuid_helper dropped, applied to upstream - 03_mkehd_bash_script dropped, applied to upstream - 04_debian_install_prefix renamed to 06_debian_install_prefix - 05_disable_mntcheck dropped, unnecessary - 06_user_mount_tools dropped, applied upstream - 07_setuid_user dropped, applied upstream - 10_chown_user_mount_count dropped, applied upstream - 11_crypt_types dropped, applied upstream - 12_dont_free_dirname dropped, the new g_dirname() function uses malloc()ed memory and it definitely must be freed. - 13_empty_options dropped, applied upstream - 15_no_error_warnings dropped, applied upstream - 16_compiler_warnings dropped, applied upstream - 18_more_err_msgs dropped, applied upstream - 20_loop_in_mtab_symlink dropped, applied upstream - 22_example_docs applied upstream in parts, rest is in 03_debian_docs - 26_unmount_wrong_directory dropped, applied upstream - 27_fix_dmdevice_name dropped, applied upstream - 28_converse_resp_check dropped, applied upstream - 29_crypto_compile_fix dropped, applied upstream - 31_no_ws_arg_split dropped, applied upstream - 32_mount_crypt_options dropped, applied upstream - 33_pmvarrun_errors dropped, applied upstream - 34_losetup_password dropped, applied upstream - 35_mount_crypt_luks renamed to 07_mount_crypt_luks - 36_user_groups renamed to 08_user_groups - 37_umount_crypt_realpath renamed to 09_umount_crypt_realpath and adjusted (see below) - 38_mount_links partly applied upstream, renamed to 10_mount_links and updated * Initialize signal mask before setting signal handlers (patch 01_init_sigmask). * Fixed all hyphen quoting in the manpages: "\-" is a minus and "-" is a hyphen (weird but true). * Improve the documentation in README.Debian and the comment in common-pammount to make clear there is only one include per PAM application, not two. Also, adjust the original README to mention common-pammount. (Closes: #302024) - Fails to unmount on session close and crash * Only call realpath when it exists and is executable. This is due to the fact that a) /usr might not be mounted or b) the realpath package is not installed. Add a Suggests: realpath in debian/control. (Closes: #332325) - should depend on realpath * NULL-terminate command arguments, thanks Paul Hampson for the patch. (Closes: #324735) - does not mount with xdm * Patches 04_g_ascii_strup and 05_warnings: fix deprecated functions and some compiler warnings. -- Bastian Kleineidam Thu, 6 Oct 2005 02:35:15 +0200 libpam-mount (0.9.25-4) unstable; urgency=low * Added fsck to the default allowed options. Also add it to one of the example mount configs to give users a hint that this option is useful for home directory mounts. * Allow to specify a group name as user for volume mounts with '@group'. This lets all users in the given group mount a volume. This option is only allowed in the global config. (Closes: #276322) * Allow relative pathnames with umount.crypt (Closes: #327614) * New patch 38_mount_links thanks to Julien Soula. (Closes: #329094) - fails to check already mounted volume when links are used -- Bastian Kleineidam Fri, 23 Sep 2005 14:52:38 +0200 libpam-mount (0.9.25-3) unstable; urgency=low * Added option to mount.crypt to specify filesystem type. Use like this: $ mount.crypt -o fstype=ext3 Or in pam_mount.conf add "fstype=ext3" to the crypt mount options. Note that you only need this if mount(8) does not detect the file system type automatically. (Closes: #324871) * Add cryptsetup LUKS support to (u)mount.crypt. Thanks Florian Frank for the patch (Closes: #325028) -- Bastian Kleineidam Fri, 26 Aug 2005 12:09:20 +0200 libpam-mount (0.9.25-2) unstable; urgency=low * Added FSCK definition to mount.crypt. Thanks Ruediger Otte (Closes: #324287) * Add build dependency on 'check', a C unit testing framework. Right now it is not used, but we don't want to get errors if upstream decides to use it. -- Bastian Kleineidam Sun, 21 Aug 2005 15:59:18 +0200 libpam-mount (0.9.25-1) unstable; urgency=low * New upstream release. * Updated standards version to 3.6.2.1 -- Bastian Kleineidam Wed, 6 Jul 2005 01:12:30 +0200 libpam-mount (0.9.24-1) unstable; urgency=low * New upstream release. * Remove bug note about CLOSE_SESSIONS since the default is now "yes". -- Bastian Kleineidam Mon, 30 May 2005 15:47:52 +0200 libpam-mount (0.9.23-1) unstable; urgency=low * New upstream release. * Improved documentation in README.Debian and pam_mount.conf for encrypted loopback mounts. -- Bastian Kleineidam Tue, 10 May 2005 18:37:19 +0200 libpam-mount (0.9.22-7) unstable; urgency=low * added better error reporting when calling pmvarrun * on losetup call pipe password to stdin (Closes: #306594) * fix example pam_mount.conf line in README.Debian for local loopback encrypted volume -- Bastian Kleineidam Thu, 28 Apr 2005 17:59:44 +0200 libpam-mount (0.9.22-6) unstable; urgency=high * Fix IFS setting in mount.crypt and umount.crypt (Closes: #302006) -- Bastian Kleineidam Tue, 29 Mar 2005 22:18:43 +0200 libpam-mount (0.9.22-5) unstable; urgency=high * README.Debian: - Improved the dm-crypt mount point example using a random password keyfile, not a simple password string. - Clarified the mystic keysize calculation (bits vs. bytes). - Added note about how important the .key files are for crypted partitions * Added space to IFS in mount.crypt when splitting options, thanks to Jörg Sommer for the patch. (Closes: #301233). * added more improvements from Jörg Sommer to mount.crypt (Closes: #301234) * Added fsck option to mount.crypt to execute fsck before mounting (Closes: #301232) * urgency still high -- Bastian Kleineidam Mon, 28 Mar 2005 15:03:23 +0200 libpam-mount (0.9.22-4) unstable; urgency=high * Incorporated the lost mount.crypt patches from the 0.9.20 release, and added some more improvements from Jörg Sommer (Closes: #298141) This also (Closes: #297494). * Urgency high, this fix must get into sarge. -- Bastian Kleineidam Mon, 7 Mar 2005 16:51:02 +0100 libpam-mount (0.9.22-3) unstable; urgency=medium * fix mount.crypt options (Closes: #298074) Thanks to Sören Köpping for the patch. * Urgency still medium. -- Bastian Kleineidam Fri, 4 Mar 2005 16:16:43 +0100 libpam-mount (0.9.22-2) unstable; urgency=medium * Fix nfsmount configuration entry to split off the %(MNTPT) before the options. * Fix all -o options to not include a space that will not be split off before calling exec(3). (Closes: #297200) - libpam-mount doesn't work after the last update (Closes: #297494) - mount.crypt doesn't seem to work * Urgency medium since without this fix some mount types will not work. -- Bastian Kleineidam Tue, 1 Mar 2005 00:05:27 +0100 libpam-mount (0.9.22-1) unstable; urgency=low * New upstream release. * Dropped patches applied upstream, and updated all others. * New patches: - 29_crypto_compile_fix: add missing includes - 31_no_ws_arg_split: support whitespace in command arguments (Closes: #296417) - does not mount smb shares with whitespace -- Bastian Kleineidam Tue, 22 Feb 2005 18:32:45 +0100 libpam-mount (0.9.20-11) unstable; urgency=low * New patch 28_converse_resp_check: - Detect invalid converse responses and set retval accordingly. Prevents triggered assertion in smbd PAM usage (Closes: #288780) -- Bastian Kleineidam Wed, 26 Jan 2005 23:40:44 +0100 libpam-mount (0.9.20-10) unstable; urgency=low * new patch 26_unmount_wrong_directory: - fix grep pattern for mount point. (Closes: #286705) Thanks to Brian Rolfe for the patch. * new patch 27_fix_dmdevice_name: - search for correct crypted device (Closes: #286707) Thanks to Brian Rolfe for the patch. * Adjusted all patch descriptions. -- Bastian Kleineidam Tue, 21 Dec 2004 23:19:49 +0100 libpam-mount (0.9.20-9) unstable; urgency=high * Updated (u)mount.crypt patches. * New patch 25_set_pam_error: set pam error return code in case of a successful but with a NULL result get_password call (Closes: #284234), and thus urgency high * Note in REAMDE.Debian that common-pammount should be included after common-auth and after common-session. -- Bastian Kleineidam Thu, 9 Dec 2004 14:17:32 +0100 libpam-mount (0.9.20-8) unstable; urgency=low * replace note about ssh in common-pammount with a pointer to README.Debian * new patch 24_ssl_string_error: print human readable SSL error messages -- Bastian Kleineidam Tue, 9 Nov 2004 23:44:53 +0100 libpam-mount (0.9.20-7) unstable; urgency=low * improved tmpfs example (patch again from Mike Hommey) (Closes: #275746) -- Bastian Kleineidam Wed, 13 Oct 2004 10:49:15 +0200 libpam-mount (0.9.20-6) unstable; urgency=medium * fixed typos and wording in package description * added encrypted loopback mount initialization docs to README.Debian * updated the bugs list in README.Debian, noting that libpam-mount does not work with ssh, only with ssh-krb5 With this documentation the severity of bug #254679 can be lowered from "important" to "normal". * urgency medium since the ssh incompatibility documentation is important -- Bastian Kleineidam Wed, 6 Oct 2004 18:54:32 +0200 libpam-mount (0.9.20-5) unstable; urgency=low * New patch 23_fix_fsck_target: the fsck target was hardcoded to /dev/loop7, the patch fixes this to use the correct volume name. (Closes: #273853) * Added interesting tmpfs example from Mike Hommey to the config docs. * Added the cryptsetup and openssl packages to the suggestions. They are used for dm-crypt and cryptoloop mounts. * Added more documentation for the dm-crypt mount type to the configuration file and to README.Debian. * Fixed the cryptsetup option processing for mount.crypt. (Closes: #270281) -- Bastian Kleineidam Sat, 2 Oct 2004 14:04:16 +0200 libpam-mount (0.9.20-4) unstable; urgency=medium * Make log_argv function non-static (Closes: #271604) Urgency medium since this is grave. * More documentation cleanup wrt. root versus user permissions. Thanks to Ariel for clarifying the problems. -- Bastian Kleineidam Tue, 14 Sep 2004 14:10:44 +0200 libpam-mount (0.9.20-3) unstable; urgency=low * More debug messages, now the executed mount commands are actually printed out when debugging is on :) (Closes: #271447) * Better documentation of what mounts can be executed as user and what mounts need root permissions, ie. either an fstab entry or an entry in the global configuration. (Closes: #259032) * Better document the fact that specified mount parameters should match the given parameters in the mount commands. (Closes: #271431) -- Bastian Kleineidam Mon, 6 Sep 2004 16:50:45 +0200 libpam-mount (0.9.20-2) unstable; urgency=low * Added a keysize option to mount.crypt. (Closes: #268261) * fix a typo in mount.crypt script and make the call to cryptsetup use an absolute path * added symlink /sbin/mount.crypt -> /usr/bin/mount.crypt so that mount -t crypt actually works (Closes: #267285) * All of the above patches are the work of Vance Lankhaar. Thanks! * fix mount.crypt to accept options after the device and directory name, since /bin/mount uses this ordering. -- Bastian Kleineidam Sun, 5 Sep 2004 14:05:12 +0200 libpam-mount (0.9.20-1) unstable; urgency=low * New upstream release. - fixes cifs mount problems (Closes: #259028) * use cdbs to build the package * update and correct the pmvarrun.8 man page * unfuzzed and/or renamed patches: 01_zlib_compile_fix 03_mkehd_bash_script 04_debian_install_prefix 05_disable_mntcheck 08_pam_acct_mgmt 09_enable_static_compile 10_chown_user_mount_count 11_crypt_types 12_dont_free_dirname 13_empty_options 14_include_fsuid 15_no_error_warnings * patches updated to use g_spawn_async_with_pipes(): 02_setuid_helper 06_user_mount_tools 07_setuid_user * fix more warnings by adding -fno-strict-aliasing to the compile options (updated patch 16_compiler_warnings) * use LOG_AUTHPRIV as syslog level (new patch 17_auth_log_level) * print error messages of failed PAM calls with pam_strerror() (new patch 18_more_err_msgs) * Re-read the PAM user if it is not there. Needed for ssh since all ssh PAM functions are called in a separate forked process. (new patch 19_reread_user) * get mount name from loop device (eg if mtab is a symlink) (new patch 20_loop_in_mtab_symlink) Thanks to Jörg Sommer for the patch (Closes: #259228) -- Bastian Kleineidam Mon, 19 Jul 2004 15:01:48 +0200 libpam-mount (0.9.18-2) unstable; urgency=high * get rid of automake stuff, put patches into Makefile.in's intead of Makefile.am (Closes: #256029) * update patch 02_setuid_helper: move set_uid helper function in misc*.c before usage * new patch 14_include_fsuid: include sys/fsuid.h when HAVE_SETFSUID is defined * the two previous changes above fix a compile error on powerpc; thanks to J¶rg Sommer for the patches (Closes: #256032) * new patch 15_no_error_warnings: soften -Werror to -Wall, I don't want every warning to be a compile error, esp. since new versions of gcc tend to spew out a lot or warnings * new patch 16_fix_warnings: Fix various compiler warnings like unused variables and missing braces. Thanks to J¶rg Sommer for the patches. (Closes: #256042) * urgency high since this release fixes FTBFS errors -- Bastian Kleineidam Thu, 24 Jun 2004 16:54:46 +0200 libpam-mount (0.9.18-1) unstable; urgency=low * New upstream release (Closes: #253996) - adjust all patches to upstream code reworks * added manpages mount.crypt(1), umount.crypt(1), pmvarrun(8) -- Bastian Kleineidam Tue, 15 Jun 2004 13:50:33 +0200 libpam-mount (0.9.17-1) unstable; urgency=low * New upstream release * patch 01_zlib_compile_fix removed, applied upstream * patch 06_fix_config updated * patch 07_use_user_mount updated * patch 10_chown_user_mount_count updated * patch 11_crypt_types updated * patch 12_dont_free_dirname updated * patch 13_empty_options new; set OPTIONS config value to empty string if it is not supplied in pam_mount.conf. (Closes #241370) * use and build-depend on automake 1.8 -- Bastian Kleineidam Mon, 26 Apr 2004 14:14:16 +0200 libpam-mount (0.9.13-2) unstable; urgency=low * 11_crypt_types patch updated: more ia64 warnings fixed, hopefully I got them all -- Bastian Kleineidam Mon, 9 Feb 2004 00:31:38 +0100 libpam-mount (0.9.13-1) unstable; urgency=low * New upstream release. -- Bastian Kleineidam Fri, 6 Feb 2004 13:47:37 +0100 libpam-mount (0.9.11-3) unstable; urgency=low * New patches - 11_crypt_types fix warnings on ia64 build (Closes: #230946) - 12_dont_free_dirname dont free dirname() return argument (Closes: #230429), thanks Andrew Ruder for detecting this -- Bastian Kleineidam Tue, 3 Feb 2004 23:44:55 +0100 libpam-mount (0.9.11-2) unstable; urgency=low * added libglib2.0-dev build dependency -- Bastian Kleineidam Mon, 12 Jan 2004 16:12:42 +0100 libpam-mount (0.9.11-1) unstable; urgency=low * New upstream release. * updated patches: - 06_fix_config - 07_use_user_mount - 10_chown_user_mount_count * updated README.Debian for cryptoloop stuff -- Bastian Kleineidam Thu, 8 Jan 2004 19:35:40 +0100 libpam-mount (0.9.10-1) unstable; urgency=low * New upstream release (Closes: #225320) attention: pam_mount.conf syntax has changed, please update your configuration files! * removed patches - 01_fix_functions applied upstream * new patches - 01_zlib_compile_fix added -lz to linker flags - 02_setuid_helper helper function to set uid of current process to given username this function uses w4rn instead of l0g now (Closes: #218375) - 03_mkehd_bash_script the script uses array variables which are only provided by bash, so use #!/bin/bash - 06_fix_config disable BSD mount check and escape quotes in OPTION var * updated patches - 05_setuid_user use the set_uid helper function and make sure all commands call setuid if defined by a user-specified config file - 07_use_user_mount use user-callable mount commands smb(u)mount,ncp(u)mount - 08_pam_acct_mgmt add PAM account management stub - 09_enable_static_compile enable static compilation - 10_chown_user_mount_count make user count file owned by the logged in user * added libz build dependency -- Bastian Kleineidam Wed, 7 Jan 2004 19:19:36 +0100 libpam-mount (0.9.5-2) unstable; urgency=low * Added note about cryptoloop patch for 2.4.22 kernels in README.Debian -- Bastian Kleineidam Wed, 1 Oct 2003 19:13:44 +0200 libpam-mount (0.9.5-1) unstable; urgency=low * New upstream release. - fixes smb volume name expansion (Closes: #212820) (Closes: #210728) (Closes: #213565) * doh, use *UMOUNT constants instead of *MOUNT in do_unmount * add dependency on mount (>= 2.12-3) to be able to mount encrypted home volumes with 2.6 kernels, kernels from www.kerneli.org, and vanilla 2.4.22 kernels with the cryptoloop patch found at http://www.kernel.org/pub/linux/kernel/crypto/v2.4/testing/patch-cryptoloop-jari-2.4.22.0 -- Bastian Kleineidam Mon, 29 Sep 2003 08:17:25 +0200 libpam-mount (0.9.4-1) unstable; urgency=low * New upstream release. (Closes: #208052) * removed 10_fix_key_decryption applied upstream * updated all other patches * updated README.Debian with installation instructions * added /etc/pam.d/common-pammount for inclusion in PAM configs * Standards version 3.6.1, no changes * rerun debian/autogen.sh with new automake 1.7.7 -- Bastian Kleineidam Tue, 9 Sep 2003 09:22:10 +0200 libpam-mount (0.9.2-3) unstable; urgency=low * conflict with old libncp versions * new patch 10_fix_key_decryption; patch from nokos@gmx.net to fix decryption of filesystem keys. Thanks, nokos. (Closes: #200305) -- Bastian Kleineidam Mon, 7 Jul 2003 17:56:45 +0200 libpam-mount (0.9.2-2) unstable; urgency=low * added README_SSHD to documentation -- Bastian Kleineidam Sat, 5 Jul 2003 12:58:45 +0200 libpam-mount (0.9.2-1) unstable; urgency=low * New upstream release. - does not bail out on failed close() in error path, which seemed to confuse xdm and gdm. Tested only with xdm, but this Closes: #192520 * updated/unfuzzed patches - 01_fix_functions - 04_debian_install_prefix (renamed) - 05_setuid_user - 06_use_user_mount - 07_disable_mntcheck - 08_pam_acct_mgmt - 09_enable_static_compile * removed patches applied upstream - 02_remove_int_pointer_casts - 10_fix_dotconf_realloc -- Bastian Kleineidam Wed, 25 Jun 2003 00:41:06 +0200 libpam-mount (0.5.16-2) unstable; urgency=low * new patch 10_fix_dotconf_realloc fixing off-by-one error in realloc * Standards version 2.5.10 (no changes) -- Bastian Kleineidam Tue, 27 May 2003 16:37:06 +0200 libpam-mount (0.5.16-1) unstable; urgency=low * New upstream release: - fixed libcrypto detection (Closes: #193996) * removed all patches applied upstream, remaining are: - 02_remove_int_pointer_casts - 04_debian_use_prefix_on_install - 05_setuid_user - 06_use_user_mount - 07_disable_mntcheck - 08_pam_acct_mgmt - 09_enable_static_compilation * new patches: - 01_fix_functions: rename log() to pm_log() to avoid conflict with the math log() logarithm function, and fix the read_password definition -- Bastian Kleineidam Tue, 20 May 2003 15:22:52 +0200 libpam-mount (0.5.14-2) unstable; urgency=low * 11_pam_acct_mgmt - add account management routine * 12_enable_static_compilation - add module structure for static compile -- Bastian Kleineidam Fri, 9 May 2003 10:45:06 +0200 libpam-mount (0.5.14-1) unstable; urgency=low * New upstream release. * Updated patch 07_setuid_user: only setuid(user) on luserconf entries (Closes: #190267) * New patch 10_disable_mntcheck: disable the BSD mntcheck config entry, it crashes on Linux systems * add note about current Debian mount(8) bugs in README.Debian -- Bastian Kleineidam Thu, 8 May 2003 21:50:39 +0200 libpam-mount (0.5.13-2) unstable; urgency=low * execute debian/autogen.sh with /bin/sh (Closes: #190196) -- Bastian Kleineidam Tue, 22 Apr 2003 20:56:26 +0200 libpam-mount (0.5.13-1) unstable; urgency=low * New upstream release. * The following patches are applied: - 01_add_log_vargs make a log function with variable arguments - 02_remove_int_pointer_casts fix compile on 64bit platforms - 03_catch_errors Catch return values in close() and asprintf(). - 04_debian_use_prefix_on_install Install files into debian/$package, not root dir This requires running debian/autogen.sh to regenerate the Makefiles - 05_fix_buffer_overflow Fix some potential buffer overflows in option handling - 06_fix_mount_options Fix ncpfs mount options (Closes: #187412) - 07_setuid_user originally, mounts and umounts got executed as root; now, they get executed as the user requesting the service. umount as root was a security hole allowing any user to umount any volume. the drawback is we cannot use mount(8) anymore, see patch 08 - 08_use_user_mount mount cannot be executed as a normal user, so be sure to use smbmount resp. ncpmount for this. Likewise for umount. - 09_fix_memleak_on_exit free config on exit -- Bastian Kleineidam Sun, 13 Apr 2003 13:39:21 +0200 libpam-mount (0.5.10-6) unstable; urgency=low * fix option order for mount.ncp (Closes: #187412) * 04_set_gid_uid.dpatch: set effective gid and uid to the logged in user before mounting Thanks to Daniel Dehennin for the patch. * 05_typos.dpatch: fix some typos in source Thanks to Daniel Dehennin for the patch. -- Bastian Kleineidam Sat, 12 Apr 2003 18:02:05 +0200 libpam-mount (0.5.10-5) unstable; urgency=low * fix typos in description * pass options to ncpmount (Closes: #184266) Thanks to Daniel Dehennin for the patch * use dpatch for those patches * use debian/compat instead of DH_COMPAT -- Bastian Kleineidam Wed, 2 Apr 2003 15:32:47 +0200 libpam-mount (0.5.10-4) unstable; urgency=low * Remove casts failing on 64bit platforms (Closes: #186874) * Suggest ncpfs and smbfs * Standards version 3.5.9 (no changes) -- Bastian Kleineidam Mon, 31 Mar 2003 02:28:26 +0200 libpam-mount (0.5.10-3) unstable; urgency=low * move ncpmount -V volume option to correct position -- Bastian Kleineidam Mon, 3 Mar 2003 21:59:50 +0100 libpam-mount (0.5.10-2) unstable; urgency=low * fix memory corruption in pmhelper argument parsing (Closes: #180586) -- Bastian Kleineidam Tue, 11 Feb 2003 20:00:31 +0100 libpam-mount (0.5.10-1) unstable; urgency=low * Initial release. (Closes: #177079). * Reupload: Copyright is LGPL, not GPL as stated in the first upload -- Bastian Kleineidam Wed, 22 Jan 2003 02:08:28 +0100 debian/common-pammount0000644000000000000000000000065111253246244012244 0ustar # The file inclusion of /etc/pam.d/common-pammount is now deprecated. # It has been replaced with pam-auth-update(8). Read the # pam-auth-update(8) manpage for more information. # # As a result, all manually added inclusions of common-pammount of # files in /etc/pam.d should be removed or commented out. # These lines exist for backward compatibility. auth optional pam_mount.so session optional pam_mount.so debian/source/0000755000000000000000000000000011300366143010463 5ustar debian/source/format0000644000000000000000000000001411300366143011671 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012210403263010606 5ustar debian/patches/011-pmvarrun-no-l0g0000644000000000000000000001145412163035446014014 0ustar Index: libpam-mount-2.14~zgit3+966c6bea/src/pmvarrun.c =================================================================== --- libpam-mount-2.14~zgit3+966c6bea.orig/src/pmvarrun.c 2013-06-27 15:15:39.249980587 +0200 +++ libpam-mount-2.14~zgit3+966c6bea/src/pmvarrun.c 2013-06-27 15:16:12.817382328 +0200 @@ -151,12 +151,12 @@ long str_to_long(const char *n) long val; char *endptr = NULL; if (n == NULL) { - l0g("count string is NULL\n"); + fprintf(stderr, "count string is NULL\n"); return LONG_MAX; } val = strtol(n, &endptr, 10); if (*endptr != '\0') { - l0g("count string is not valid\n"); + fprintf(stderr, "count string is not valid\n"); return LONG_MAX; } return val; @@ -229,14 +229,14 @@ static int modify_pm_count(const char *u if ((pent = getpwnam(user)) == NULL) { ret = -errno; - l0g("could not resolve user %s\n", user); + fprintf(stderr, "could not resolve user %s\n", user); return ret; } if (stat(VAR_RUN_PMT, &sb) < 0) { if (errno != ENOENT) { ret = -errno; - l0g("unable to stat " VAR_RUN_PMT ": %s\n", + fprintf(stderr, "unable to stat " VAR_RUN_PMT ": %s\n", strerror(errno)); return ret; } @@ -307,12 +307,12 @@ static int create_var_run(void) w4rn("creating " VAR_RUN_PMT); if (HX_mkdir(VAR_RUN_PMT, mode) < 0) { ret = -errno; - l0g("unable to create " VAR_RUN_PMT ": %s\n", strerror(errno)); + fprintf(stderr, "unable to create " VAR_RUN_PMT ": %s\n", strerror(errno)); return ret; } if (chown(VAR_RUN_PMT, 0, 0) < 0) { ret = -errno; - l0g("unable to chown " VAR_RUN_PMT ": %s\n", strerror(errno)); + fprintf(stderr, "unable to chown " VAR_RUN_PMT ": %s\n", strerror(errno)); return ret; } @@ -322,7 +322,7 @@ static int create_var_run(void) */ if (chmod(VAR_RUN_PMT, mode) < 0) { ret = -errno; - l0g("unable to chmod " VAR_RUN_PMT ": %s\n", strerror(errno)); + fprintf(stderr, "unable to chmod " VAR_RUN_PMT ": %s\n", strerror(errno)); return ret; } @@ -350,12 +350,12 @@ static int open_and_lock(const char *fil if ((fd = open(filename, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR)) < 0) { ret = -errno; - l0g("unable to open %s: %s\n", filename, strerror(errno)); + fprintf(stderr, "unable to open %s: %s\n", filename, strerror(errno)); return ret; } if (fchown(fd, uid, 0) < 0) { ret = -errno; - l0g("unable to chown %s: %s\n", filename, strerror(errno)); + fprintf(stderr, "unable to chown %s: %s\n", filename, strerror(errno)); return ret; } @@ -419,7 +419,7 @@ static long read_current_count(int fd, c if ((ret = read(fd, buf, sizeof(buf))) < 0) { ret = -errno; - l0g("read error on %s: %s\n", filename, strerror(errno)); + fprintf(stderr, "read error on %s: %s\n", filename, strerror(errno)); close(fd); return ret; } else if (ret == 0) { @@ -427,12 +427,12 @@ static long read_current_count(int fd, c } else if (ret < sizeof(buf)) { char *p; if ((ret = strtol(buf, &p, 0)) >= LONG_MAX || p == buf) { - l0g("parse problem / session count corrupt " + fprintf(stderr, "parse problem / session count corrupt " "(overflow), check your refcount file\n"); return -EOVERFLOW; } } else if (ret >= sizeof(buf)) { - l0g("session count corrupt (overflow)\n"); + fprintf(stderr, "session count corrupt (overflow)\n"); return -EOVERFLOW; } @@ -443,7 +443,7 @@ static long read_current_count(int fd, c * write_count - * @fd: file descriptor to write to * @nv: new value to write - * @filename: filename, only used for l0g() + * @filename: filename, only used for frpintf() * * Writes @nv as a number in hexadecimal to the start of the file @fd and * truncates the file to the written length. @@ -456,7 +456,7 @@ static int write_count(int fd, long nv, if (unlink(filename) >= 0) return true; if (errno != EPERM && errno != EACCES) - l0g("could not unlink %s: %s\n", filename, strerror(errno)); + fprintf(stderr, "could not unlink %s: %s\n", filename, strerror(errno)); /* * Fallback to just blanking the file. This can happen when * pmvarrun is called as unprivileged user. @@ -468,21 +468,21 @@ static int write_count(int fd, long nv, if ((ret = lseek(fd, 0, SEEK_SET)) != 0) { ret = -errno; - l0g("failed to seek in %s: %s\n", filename, strerror(errno)); + fprintf(stderr, "failed to seek in %s: %s\n", filename, strerror(errno)); return ret; } len = snprintf(buf, sizeof(buf), "0x%lX", nv); if ((wrt = write(fd, buf, len)) != len) { ret = -errno; - l0g("wrote %d of %d bytes; write error on %s: %s\n", + fprintf(stderr, "wrote %d of %d bytes; write error on %s: %s\n", (wrt < 0) ? 0 : wrt, len, filename, strerror(errno)); return ret; } if (ftruncate(fd, len) < 0) { ret = -errno; - l0g("truncate failed: %s\n", strerror(errno)); + fprintf(stderr, "truncate failed: %s\n", strerror(errno)); return ret; } debian/patches/009-manpage-typos0000640000000000000000000001027112210403227013620 0ustar Index: libpam-mount-2.14/doc/pam_mount.8.in =================================================================== --- libpam-mount-2.14.orig/doc/pam_mount.8.in 2013-08-27 12:16:34.000000000 +0200 +++ libpam-mount-2.14/doc/pam_mount.8.in 2013-08-31 17:07:01.823373229 +0200 @@ -112,7 +112,7 @@ auth optional pam_mount.so .PP It may seem odd, but the first three lines will make it so that at least one of pam_unix2 or pam_ldap has to succeed. As you can see, pam_mount will be run -\fBafter\fR successful authentification with these subsystems. +\fBafter\fR successful authentication with these subsystems. .SH Encrypted disks .PP pam_mount supports a few types of crypto. The most common are encfs, dm\-crypt Index: libpam-mount-2.14/doc/pam_mount.conf.5.in =================================================================== --- libpam-mount-2.14.orig/doc/pam_mount.conf.5.in 2013-08-27 12:16:34.000000000 +0200 +++ libpam-mount-2.14/doc/pam_mount.conf.5.in 2013-08-31 17:07:01.823373229 +0200 @@ -68,7 +68,7 @@ may fail if the filesystem kernel module will check /proc/partitions. .IP "" The fstypes \fBcifs\fP, \fBsmbfs\fP, \fBncpfs\fP, \fBfuse\fP, -\fBnfs\fP and \fBnfs\fP are overriden by pam_mount and we run the respective +\fBnfs\fP and \fBnfs\fP are overridden by pam_mount and we run the respective helper programs directly instead of invoking \fBmount\fP(8) with the basic default set of arguments which are often insufficient for networked filesystems. See this manpage's section "Examples" below for more details. @@ -183,18 +183,18 @@ and then mounting further volumes from l .TP \fB\fP The elements determine which options may be specified in -in per-user configuration files (see ). It does not apply to the -master file. Specifying is forbidden and ignored in per-user +in per\-user configuration files (see ). It does not apply to the +master file. Specifying is forbidden and ignored in per\-user configs. The default allowed list consists of "\fInosuid,nodev\fP", and this default is cleared when the first allow="..." attribute is seen by the config parser. All further allow="..." are additive, though. .TP \fB\fP -Any options listed in deny may not appear in the option list of per-user +Any options listed in deny may not appear in the option list of per\-user mounts. The default deny list is empty. .TP \fB\fP -All options listed in require must appear in the option list of per-user +All options listed in require must appear in the option list of per\-user mounts. The default require list consists of "\fInosuid,nodev\fP", and like allow="", is cleared when first encountered by the parser, and is otherwise additive. @@ -223,10 +223,10 @@ logging in. fd0ssh is a hack around OpenSSH that essentially makes it read passwords from stdin even though OpenSSH normally does not do that. .TP -\fB\fP\fIfsck -p %(FSCKTARGET)\fP\fB\fP +\fB\fP\fIfsck \-p %(FSCKTARGET)\fP\fB\fP Local volumes will be checked before mounting if this program is set. .TP -\fB\fP\fIofl -k%(SIGNAL) %(MNTPT)\fP\fB\fP +\fB\fP\fIofl \-k%(SIGNAL) %(MNTPT)\fP\fB\fP The Open File Lister is used to identify processes using files within the given subdirectory, and optionally send a signal to those processes. .TP @@ -386,7 +386,7 @@ example): .PP -.SS dm-crypt volumes +.SS dm\-crypt volumes .PP Crypt mounts require a kernel with CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT enabled, as well as all the ciphers that are going to be used, e.g. @@ -403,7 +403,7 @@ cipher="aes\-cbc\-essiv:sha256" /> .PP cryptoloop is not explicitly supported by pam_mount. Citing the Linux kernel config help text: "WARNING: This device [cryptoloop] is not safe for -journal[l]ed filesystems[...]. Please use the Device Mapper [dm-crypt] module +journal[l]ed filesystems[...]. Please use the Device Mapper [dm\-crypt] module instead." .SS OpenBSD encrypted home OpenBSD encrypted home directory example: debian/patches/series0000644000000000000000000000040212210403265012021 0ustar 001-add-fd0ssh 002-add-ofl 003-hurd-path-max-define 004-allow-usernames-beginning-with-numbers 005-debian-manpages 006-pmvarrun-allow-eacces 007-fix-mount-crypt-fork-bomb 008-disallow-luserconf-path 009-manpage-typos 010-mount-crypt-libs 011-pmvarrun-no-l0g debian/patches/003-hurd-path-max-define0000644000000000000000000000224112010704744014745 0ustar Index: libpam-mount-2.14~git2+ad53f3559/src/mount.c =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/src/mount.c 2012-07-30 17:53:51.000000000 +0200 +++ libpam-mount-2.14~git2+ad53f3559/src/mount.c 2012-08-09 11:54:50.483436663 +0200 @@ -33,6 +33,10 @@ #include "libcryptmount.h" #include "pam_mount.h" +#ifndef PATH_MAX +#define PATH_MAX 4096 /* Hurd does not define PATH_MAX in limits.h */ +#endif + /* Functions */ static inline bool mkmountpoint(struct vol *, const char *); Index: libpam-mount-2.14~git2+ad53f3559/src/pmvarrun.c =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/src/pmvarrun.c 2012-07-30 17:53:51.000000000 +0200 +++ libpam-mount-2.14~git2+ad53f3559/src/pmvarrun.c 2012-08-09 11:58:58.729945346 +0200 @@ -35,6 +35,10 @@ pmvarrun.c -- Updates /run/pam_mount/msg_sessionpw = xstrdup(signed_cast(const char *, node->content)); break; case CMDA_PATH: + if (config->level != CONTEXT_GLOBAL) + return "Tried to set path from user config: " + "not permitted\n"; free(config->path); config->path = xstrdup(signed_cast(const char *, node->content)); break; debian/patches/007-fix-mount-crypt-fork-bomb0000640000000000000000000000173612210403221015773 0ustar Ignore "fstype=crypt" for mount.crypt. Index: libpam-mount-2.14/src/mtcrypt.c =================================================================== --- libpam-mount-2.14.orig/src/mtcrypt.c 2013-08-27 12:16:34.000000000 +0200 +++ libpam-mount-2.14/src/mtcrypt.c 2013-08-31 17:06:55.495486009 +0200 @@ -121,8 +121,14 @@ static void mtcr_parse_suboptions(const else if (ret < EHD_SECURITY_UNSPEC) fprintf(stderr, "Hash \"%s\" is considered " "insecure.\n", value); - } else if (strcmp(key, "fstype") == 0) - mo->fstype = value; + } else if (strcmp(key, "fstype") == 0) { + if (strcmp(value, "crypt") == 0) { + fprintf(stderr, "Option \"fstype=crypt\" to mount.crypt ignored.\n"); + } + else { + mo->fstype = value; + } + } else if (strcmp(key, "keyfile") == 0) mo->fsk_file = value; else if (strcmp(key, "keysize") == 0) debian/patches/006-pmvarrun-allow-eacces0000644000000000000000000000125512010704736015255 0ustar Do not complain if pmvarrun had no permission to unlink. Index: libpam-mount-2.14~git2+ad53f3559/src/pmvarrun.c =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/src/pmvarrun.c 2012-08-09 11:54:52.211398439 +0200 +++ libpam-mount-2.14~git2+ad53f3559/src/pmvarrun.c 2012-08-09 11:54:54.643344645 +0200 @@ -455,7 +455,7 @@ static int write_count(int fd, long nv, if (nv <= 0) { if (unlink(filename) >= 0) return true; - if (errno != EPERM) + if (errno != EPERM && errno != EACCES) l0g("could not unlink %s: %s\n", filename, strerror(errno)); /* * Fallback to just blanking the file. This can happen when debian/patches/004-allow-usernames-beginning-with-numbers0000644000000000000000000000130312010704742020531 0ustar Allow numbers at the beginning of user names in pmvarrun. Note that this patch is Debian-specific; other distributions might not support this. Index: libpam-mount-2.14~git2+ad53f3559/src/pmvarrun.c =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/src/pmvarrun.c 2012-08-09 11:54:50.483436663 +0200 +++ libpam-mount-2.14~git2+ad53f3559/src/pmvarrun.c 2012-08-09 11:58:55.258022146 +0200 @@ -117,7 +117,7 @@ static bool valid_username(const char *n * more characters. */ if (!((*n >= 'A' && *n <= 'Z') || (*n >= 'a' && *n <= 'z') || - *n == '_')) + (*n >= '0' && *n <= '9') || *n == '_')) return false; while (*n != '\0') { debian/patches/002-add-ofl0000640000000000000000000004105012210403210012322 0ustar Index: libpam-mount-2.14/COPYING =================================================================== --- libpam-mount-2.14.orig/COPYING 2013-08-31 17:06:41.235740155 +0200 +++ libpam-mount-2.14/COPYING 2013-08-31 17:06:43.231704583 +0200 @@ -17,6 +17,9 @@ and/or modified under the terms of the G published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. +The program "pmt-ofl" and its source (from the "hxtools" software +package) are released in the Public Domain. + The program "pmt-fd0ssh" and its source (from the "hxtools" software package) are free software; you can redistribute them and/or modify it under the terms of the GNU General Public License as published by Index: libpam-mount-2.14/config/pam_mount.conf.xml =================================================================== --- libpam-mount-2.14.orig/config/pam_mount.conf.xml 2013-08-27 12:16:34.000000000 +0200 +++ libpam-mount-2.14/config/pam_mount.conf.xml 2013-08-31 17:06:43.231704583 +0200 @@ -32,7 +32,6 @@ --> - Index: libpam-mount-2.14/src/ofl-lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ libpam-mount-2.14/src/ofl-lib.c 2013-08-31 17:06:43.231704583 +0200 @@ -0,0 +1,267 @@ +/* + * Show processes using directories/files/mountpoints + * + * (While it says mountpoint in the source, any directory is acceptable, + * as are files.) + * + * written by Jan Engelhardt, 2008 + * Released in the Public Domain. + * (Imported from the hxtools program suite.) + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "pam_mount.h" + +int (*ofl_printf)(const char *, ...) = printf; + +/** + * @sb: just space + * @pid: pid for current process + * @signal: signal to send + * @check: check for symlink + * @found: found something (used for exit value) + */ +struct ofl_compound { + struct stat sb; + pid_t pid; + unsigned char signal; + bool check, found; +}; + +static const char *ofl_comm(pid_t pid, char *buf, size_t size) +{ + char src[64], dst[512]; + const char *p; + ssize_t ret; + + snprintf(src, sizeof(src), "/proc/%u/exe", (unsigned int)pid); + ret = readlink(src, dst, sizeof(dst) - 1); + if (ret < 0) { + *buf = '\0'; + return buf; + } + dst[ret] = '\0'; + p = HX_basename(dst); + strncpy(buf, p, size); + return buf; +} + +/** + * ofl_file - check if file is within directory + * @mnt: mountpoint + * @file: file that is supposed to be within @mnt + * + * Returns true if that seems so. + * We do not check for the existence of @file using lstat() or so - it is + * assumed this exists if it is found through procfs. In fact, + * /proc//task//fd/ might point to the ominous + * "/foo/bar (deleted)" which almost never exists, but it shows us anyway that + * the file is still in use. + */ +static bool ofl_file(const char *mnt, const char *file, const char *ll_entry, + struct ofl_compound *data) +{ + ssize_t mnt_len; + const char *p; + + /* Strip extra slashes at the end */ + mnt_len = strlen(mnt); + for (p = mnt + mnt_len - 1; p >= mnt && *p == '/'; --p) + --mnt_len; + + if (strncmp(file, mnt, mnt_len) != 0) + return false; + if (file[mnt_len] != '\0' && file[mnt_len] != '/') + return false; + + data->found = true; + if (data->signal == 0) { + char buf[24]; + (*ofl_printf)("%u(%s): %s -> %s\n", data->pid, + ofl_comm(data->pid, buf, sizeof(buf)), ll_entry, file); + return false; /* so that more FDs will be inspected */ + } + + if (kill(data->pid, data->signal) < 0) { + if (errno == ESRCH) + return true; + return false; + } + return true; +} + +/** + * ofl_pmap - read process mappings + * @mnt: mountpoint + * @map_file: /proc//maps + */ +static bool ofl_pmap(const char *mnt, const char *map_file, + struct ofl_compound *data) +{ + hxmc_t *line = NULL; + bool ret = false; + unsigned int i; + const char *p; + FILE *fp; + + if ((fp = fopen(map_file, "r")) == NULL) + return false; + + while (HX_getl(&line, fp) != NULL) { + HX_chomp(line); + p = line; + for (i = 0; i < 5; ++i) { + while (!HX_isspace(*p) && *p != '\0') + ++p; + while (HX_isspace(*p)) + ++p; + } + if (*p == '\0') + continue; + ret = ofl_file(mnt, p, map_file, data); + if (ret) + break; + } + + HXmc_free(line); + fclose(fp); + return ret; +} + +/** + * ofl_one - check a symlink + * @mnt: Mountpoint that is to be removed. + * @entry: Path to a symlink. + * + * Returns true if the process does not exist anymore or has been signalled. + */ +static bool ofl_one(const char *mnt, const char *entry, + struct ofl_compound *data) +{ + ssize_t lnk_len; + char tmp[512]; + + if (data->check) + if (lstat(entry, &data->sb) < 0 || !S_ISLNK(data->sb.st_mode)) + return false; + + lnk_len = readlink(entry, tmp, sizeof(tmp) - 1); + if (lnk_len < 0) + return false; + tmp[lnk_len] = '\0'; + + return ofl_file(mnt, tmp, entry, data); +} + +/** + * ofl_taskfd - iterate through /proc//task//fd/ + */ +static bool ofl_taskfd(const char *mnt, const char *path, + struct ofl_compound *data) +{ + const char *de; + char tmp[256]; + struct HXdir *dir; + bool ret = false; + + dir = HXdir_open(path); + if (dir == NULL) + return false; + while ((de = HXdir_read(dir)) != NULL) { + if (*de == '.') + continue; + snprintf(tmp, sizeof(tmp), "%s/%s", path, de); + if (lstat(tmp, &data->sb) < 0 || !S_ISLNK(data->sb.st_mode)) + continue; + ret = ofl_one(mnt, tmp, data); + if (ret) + break; + } + HXdir_close(dir); + return ret; +} + +/** + * ofl_task - iterate through /proc//task/ + */ +static void ofl_task(const char *mnt, const char *path, + struct ofl_compound *data) +{ + const char *de; + char tmp[256]; + struct HXdir *dir; + + dir = HXdir_open(path); + if (dir == NULL) + return; + while ((de = HXdir_read(dir)) != NULL) { + if (*de == '.') + continue; + snprintf(tmp, sizeof(tmp), "%s/%s/fd", path, de); + if (lstat(tmp, &data->sb) < 0 || !S_ISDIR(data->sb.st_mode)) + continue; + ofl_taskfd(mnt, tmp, data); + } + HXdir_close(dir); +} + +/** + * ofl - filesystem use checker + * @mnt: mountpoint to search for + * @action: action to take + */ +bool ofl(const char *mnt, unsigned int signum) +{ + struct ofl_compound data = {.signal = signum}; + const char *de; + char tmp[256]; + struct HXdir *dir; + + dir = HXdir_open("/proc"); + if (dir == NULL) + return false; + while ((de = HXdir_read(dir)) != NULL) { + if (*de == '.') + continue; + data.pid = strtoul(de, NULL, 0); + if (data.pid == 0) + continue; + snprintf(tmp, sizeof(tmp), "/proc/%s", de); + if (lstat(tmp, &data.sb) < 0 || !S_ISDIR(data.sb.st_mode)) + continue; + + /* Program map */ + snprintf(tmp, sizeof(tmp), "/proc/%s/maps", de); + if (ofl_pmap(mnt, tmp, &data)) + continue; + + /* Basic links */ + data.check = true; + snprintf(tmp, sizeof(tmp), "/proc/%s/root", de); + if (ofl_one(mnt, tmp, &data)) + continue; + snprintf(tmp, sizeof(tmp), "/proc/%s/cwd", de); + if (ofl_one(mnt, tmp, &data)) + continue; + snprintf(tmp, sizeof(tmp), "/proc/%s/exe", de); + if (ofl_one(mnt, tmp, &data)) + continue; + + /* All file descriptors */ + data.check = false; + snprintf(tmp, sizeof(tmp), "/proc/%s/task", de); + ofl_task(mnt, tmp, &data); + } + + return data.found; +} Index: libpam-mount-2.14/src/ofl.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ libpam-mount-2.14/src/ofl.c 2013-08-31 17:06:43.231704583 +0200 @@ -0,0 +1,330 @@ +/* + * Show processes using directories/files/mountpoints + * + * (While it says mountpoint in the source, any directory is acceptable, + * as are files.) + * + * written by Jan Engelhardt, 2008 - 2010 + * Released in the Public Domain. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * @sb: just space + * @pid: pid for current process + * @signal: signal to send + * @check: check for symlink + * @found: found something (used for exit value) + */ +struct ofl_compound { + struct stat sb; + pid_t pid; + unsigned char signal; + bool check, found; +}; + +static bool pids_only; + +static const char *ofl_comm(pid_t pid, char *buf, size_t size) +{ + char src[64], dst[512]; + const char *p; + ssize_t ret; + + snprintf(src, sizeof(src), "/proc/%u/exe", (unsigned int)pid); + ret = readlink(src, dst, sizeof(dst) - 1); + if (ret < 0) { + *buf = '\0'; + return buf; + } + dst[ret] = '\0'; + p = HX_basename(dst); + strncpy(buf, p, size); + return buf; +} + +/** + * ofl_file - check if file is within directory + * @mnt: mountpoint + * @file: file that is supposed to be within @mnt + * + * Returns true if that seems so. + * We do not check for the existence of @file using lstat() or so - it is + * assumed this exists if it is found through procfs. In fact, + * /proc//task//fd/ might point to the ominous + * "/foo/bar (deleted)" which almost never exists, but it shows us anyway that + * the file is still in use. + */ +static bool ofl_file(const char *mnt, const char *file, const char *ll_entry, + struct ofl_compound *data) +{ + ssize_t mnt_len; + const char *p; + + /* Strip extra slashes at the end */ + mnt_len = strlen(mnt); + for (p = mnt + mnt_len - 1; p >= mnt && *p == '/'; --p) + --mnt_len; + + if (strncmp(file, mnt, mnt_len) != 0) + return false; + if (file[mnt_len] != '\0' && file[mnt_len] != '/') + return false; + + data->found = true; + if (pids_only) { + printf("%u ", data->pid); + } else if (data->signal == 0) { + char buf[24]; + printf("%u(%s): %s -> %s\n", data->pid, + ofl_comm(data->pid, buf, sizeof(buf)), ll_entry, file); + return false; /* so that more FDs will be inspected */ + } + + if (kill(data->pid, data->signal) < 0) { + if (errno == ESRCH) + return true; + return false; + } + return true; +} + +/** + * ofl_pmap - read process mappings + * @mnt: mountpoint + * @map_file: /proc//maps + */ +static bool ofl_pmap(const char *mnt, const char *map_file, + struct ofl_compound *data) +{ + hxmc_t *line = NULL; + bool ret = false; + unsigned int i; + const char *p; + FILE *fp; + + if ((fp = fopen(map_file, "r")) == NULL) + return false; + + while (HX_getl(&line, fp) != NULL) { + HX_chomp(line); + p = line; + for (i = 0; i < 5; ++i) { + while (!HX_isspace(*p) && *p != '\0') + ++p; + while (HX_isspace(*p)) + ++p; + } + if (*p == '\0') + continue; + ret = ofl_file(mnt, p, map_file, data); + if (ret) + break; + } + + HXmc_free(line); + fclose(fp); + return ret; +} + +/** + * ofl_one - check a symlink + * @mnt: Mountpoint that is to be removed. + * @entry: Path to a symlink. + * + * Returns true if the process does not exist anymore or has been signalled. + */ +static bool ofl_one(const char *mnt, const char *entry, + struct ofl_compound *data) +{ + ssize_t lnk_len; + char tmp[512]; + + if (data->check) + if (lstat(entry, &data->sb) < 0 || !S_ISLNK(data->sb.st_mode)) + return false; + + lnk_len = readlink(entry, tmp, sizeof(tmp) - 1); + if (lnk_len < 0) + return false; + tmp[lnk_len] = '\0'; + + return ofl_file(mnt, tmp, entry, data); +} + +/** + * ofl_taskfd - iterate through /proc//task//fd/ + */ +static bool ofl_taskfd(const char *mnt, const char *path, + struct ofl_compound *data) +{ + const char *de; + char tmp[256]; + struct HXdir *dir; + bool ret = false; + + dir = HXdir_open(path); + if (dir == NULL) + return false; + while ((de = HXdir_read(dir)) != NULL) { + if (*de == '.') + continue; + snprintf(tmp, sizeof(tmp), "%s/%s", path, de); + if (lstat(tmp, &data->sb) < 0 || !S_ISLNK(data->sb.st_mode)) + continue; + ret = ofl_one(mnt, tmp, data); + if (ret) + break; + } + HXdir_close(dir); + return ret; +} + +/** + * ofl_task - iterate through /proc//task/ + */ +static void ofl_task(const char *mnt, const char *path, + struct ofl_compound *data) +{ + const char *de; + char tmp[256]; + struct HXdir *dir; + + dir = HXdir_open(path); + if (dir == NULL) + return; + while ((de = HXdir_read(dir)) != NULL) { + if (*de == '.') + continue; + snprintf(tmp, sizeof(tmp), "%s/%s/fd", path, de); + if (lstat(tmp, &data->sb) < 0 || !S_ISDIR(data->sb.st_mode)) + continue; + ofl_taskfd(mnt, tmp, data); + } + HXdir_close(dir); +} + +/** + * ofl - filesystem use checker + * @mnt: mountpoint to search for + * @action: action to take + */ +static bool ofl(const char *mnt, unsigned int signum) +{ + struct ofl_compound data = {.signal = signum}; + const char *de; + char tmp[256]; + struct HXdir *dir; + + dir = HXdir_open("/proc"); + if (dir == NULL) + return false; + while ((de = HXdir_read(dir)) != NULL) { + if (*de == '.') + continue; + data.pid = strtoul(de, NULL, 0); + if (data.pid == 0) + continue; + snprintf(tmp, sizeof(tmp), "/proc/%s", de); + if (lstat(tmp, &data.sb) < 0 || !S_ISDIR(data.sb.st_mode)) + continue; + + /* Program map */ + snprintf(tmp, sizeof(tmp), "/proc/%s/maps", de); + if (ofl_pmap(mnt, tmp, &data)) + continue; + + /* Basic links */ + data.check = true; + snprintf(tmp, sizeof(tmp), "/proc/%s/root", de); + if (ofl_one(mnt, tmp, &data)) + continue; + snprintf(tmp, sizeof(tmp), "/proc/%s/cwd", de); + if (ofl_one(mnt, tmp, &data)) + continue; + snprintf(tmp, sizeof(tmp), "/proc/%s/exe", de); + if (ofl_one(mnt, tmp, &data)) + continue; + + /* All file descriptors */ + data.check = false; + snprintf(tmp, sizeof(tmp), "/proc/%s/task", de); + ofl_task(mnt, tmp, &data); + } + + return data.found; +} + +static unsigned int parse_signal(const char *str) +{ + static const char *signames[] = { + [SIGHUP] = "HUP", [SIGINT] = "INT", + [SIGQUIT] = "QUIT", [SIGKILL] = "KILL", + [SIGTERM] = "TERM", [SIGALRM] = "ALRM", + [SIGPIPE] = "PIPE", + }; + unsigned int ret; + char *end; + + if (HX_isdigit(*str)) { + ret = strtoul(str, &end, 10); + if (*end == '\0') + return ret; + } + + for (ret = 0; ret < ARRAY_SIZE(signames); ++ret) + if (signames[ret] != NULL && strcmp(str, signames[ret]) == 0) + return ret; + return 0; +} + +int main(int argc, const char **argv) +{ + unsigned int signum = 0; + char *signum_str = NULL; + struct HXoption options_table[] = { + {.sh = 'P', .type = HXTYPE_NONE, .ptr = &pids_only, + .help = "Show only PIDs"}, + {.sh = 'k', .type = HXTYPE_STRING, .ptr = &signum_str, + .help = "Signal to send (if any)", .htyp = "NUM/NAME"}, + HXOPT_AUTOHELP, + HXOPT_TABLEEND, + }; + int ret; + + if ((ret = HX_init()) <= 0) { + fprintf(stderr, "HX_init: %s\n", strerror(-ret)); + abort(); + } + if (HX_getopt(options_table, &argc, &argv, HXOPT_USAGEONERR) != + HXOPT_ERR_SUCCESS) + goto out; + if (argc == 1) { + fprintf(stderr, "You need to supply at least a path\n"); + goto out; + } + + if (signum_str != NULL) + signum = parse_signal(signum_str); + ret = false; + while (*++argv != NULL) + ret |= ofl(*argv, signum); + + if (pids_only) + printf("\n"); + + HX_exit(); + return ret ? EXIT_SUCCESS : EXIT_FAILURE; + out: + HX_exit(); + return EXIT_FAILURE + 1; +} Index: libpam-mount-2.14/src/rdconf1.c =================================================================== --- libpam-mount-2.14.orig/src/rdconf1.c 2013-08-27 12:16:34.000000000 +0200 +++ libpam-mount-2.14/src/rdconf1.c 2013-08-31 17:06:43.231704583 +0200 @@ -1437,7 +1437,7 @@ static const struct pmt_command default_ {CMD_FSCK, NULL, {"fsck", "-p", "%(FSCKTARGET)", NULL}}, {CMD_PMVARRUN, NULL, {"pmvarrun", "-u", "%(USER)", "-o", "%(OPERATION)", NULL}}, {CMD_FD0SSH, NULL, {"pmt-fd0ssh", NULL}}, - {CMD_OFL, NULL, {"ofl", "-k%(SIGNAL)", "%(MNTPT)", NULL}}, + {CMD_OFL, NULL, {"pmt-ofl", "-k%(SIGNAL)", "%(MNTPT)", NULL}}, {-1}, }; Index: libpam-mount-2.14/src/Makefile.am =================================================================== --- libpam-mount-2.14.orig/src/Makefile.am 2013-08-31 17:06:41.235740155 +0200 +++ libpam-mount-2.14/src/Makefile.am 2013-08-31 17:06:43.235704512 +0200 @@ -7,7 +7,7 @@ AM_CFLAGS = ${regular_CFLAGS} ${GCC_FVIS moduledir = @PAM_MODDIR@ module_LTLIBRARIES = pam_mount.la -bin_PROGRAMS = pmt-fd0ssh +bin_PROGRAMS = pmt-fd0ssh pmt-ofl sbin_PROGRAMS = pmvarrun if HAVE_LIBCRYPTSETUP sbin_PROGRAMS += pmt-ehd @@ -78,6 +78,9 @@ pmt_ehd_LDADD = libcryptmount.la ${libH pmt_fd0ssh_SOURCES = fd0ssh.c +pmt_ofl_SOURCES = ofl.c +pmt_ofl_LDADD = ${libHX_LIBS} + # # runtime helpers # debian/patches/001-add-fd0ssh0000644000000000000000000002003112010704750012743 0ustar Index: libpam-mount-2.14~git2+ad53f3559/COPYING =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/COPYING 2012-07-30 17:53:51.000000000 +0200 +++ libpam-mount-2.14~git2+ad53f3559/COPYING 2012-08-09 11:59:03.213846161 +0200 @@ -17,6 +17,11 @@ and/or modified under the terms of the G published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. +The program "pmt-fd0ssh" and its source (from the "hxtools" software +package) are free software; you can redistribute them and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 or 3 of the License. + The license texts are available in the file "LICENSE.LGPL2" and "LICENSE.LGPL3". The GNU GPL as mentioned in the LGPL3 text is available in the file "LICENSE.GPL3". Index: libpam-mount-2.14~git2+ad53f3559/doc/Makefile.am =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/doc/Makefile.am 2012-07-30 17:53:51.000000000 +0200 +++ libpam-mount-2.14~git2+ad53f3559/doc/Makefile.am 2012-08-09 11:54:45.763541070 +0200 @@ -3,7 +3,7 @@ man_MANS = pam_mount.8 pam_mount.conf.5 dist_man_MANS = mount.crypt.8 mount.crypt_LUKS.8 mount.crypto_LUKS.8 \ pmvarrun.8 pmt-ehd.8 \ - umount.crypt.8 umount.crypt_LUKS.8 \ + pmt-fd0ssh.1 umount.crypt.8 umount.crypt_LUKS.8 \ umount.crypto_LUKS.8 EXTRA_DIST = bugs.txt changelog.txt faq.txt install.txt options.txt todo.txt \ pam_mount.8.in pam_mount.conf.5.in Index: libpam-mount-2.14~git2+ad53f3559/doc/pmt-fd0ssh.1 =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ libpam-mount-2.14~git2+ad53f3559/doc/pmt-fd0ssh.1 2012-08-09 11:54:45.763541070 +0200 @@ -0,0 +1,24 @@ +.TH pmt\-fd0ssh 1 "2008\-04\-06" "pam_mount" "pam_mount" +.SH Name +.PP +pmt\-fd0ssh - pipe for password\-over\-stdin support to ssh +.SH Syntax +.PP +\fBpmt\-fd0ssh\fP \fImount_command\fP +.SH Description +.PP +This is a wrapper for ssh which reads the password from stdin +and sets things up so that ssh will recall the wrapper to get the password, +which will be read from the parent process using a pipe. +.PP +It is used by pam_mount(8) to mount SSH\-based filesystems, such as +ccgfs and sshfs. +.SH "See also" +.PP +This program is imported from hxtools, a tool suite by Jan Engelhardt. +Idea by John S. Skogtvedt, http://www.debian\-administration.org/articles/587 +.SH Author +.PP +This manpage was originally written by Bastian Kleineidam + for the Debian distribution of libpam\-mount but +may be used by others. Index: libpam-mount-2.14~git2+ad53f3559/src/fd0ssh.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ libpam-mount-2.14~git2+ad53f3559/src/fd0ssh.c 2012-08-09 11:54:45.763541070 +0200 @@ -0,0 +1,193 @@ +/* + * fd0ssh - + * hand stdin (fd 0) passwords to ssh via ssh-askpass mechanism + * + * Copyright © CC Computer Consultants GmbH, 2008 + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 or 3 of the License. + * + * (Program imported from the hxtools program suite.) + */ +#include +#include +#ifdef __sun__ +# include +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +static const char zerossh_exchange_fd[] = "7"; + +static void zerossh_detach_tty(void) +{ + int fd; + + fd = open("/dev/tty", O_RDWR); + if (fd < 0 && errno != ENXIO) { + perror("open /dev/tty"); + abort(); + } + ioctl(fd, TIOCNOTTY); + close(fd); +} + +static int zerossh_pipe_writer(const int *pipe_fd, const char *password) +{ + unsigned int pw_len = strlen(password); + + close(pipe_fd[0]); + while (write(pipe_fd[1], password, pw_len) == pw_len) + ; + + return EXIT_SUCCESS; +} + +static int zerossh_exec(const int *pipe_fd, const char **argv) +{ + if (dup2(pipe_fd[0], strtol(zerossh_exchange_fd, NULL, 0)) < 0) { + perror("dup2"); + abort(); + } + close(pipe_fd[0]); + close(pipe_fd[1]); + zerossh_detach_tty(); + + if (isatty(4)) { + dup2(4, STDIN_FILENO); + close(4); + } + + return execvp(*argv, (char *const *)argv); +} + +static int zerossh_setup(int argc, const char **argv) +{ + char password[256], *p; + int pipe_fd[2], fd; + pid_t pid; + + setenv("DISPLAY", "-:0", false); + setenv("SSH_ASKPASS", *argv, true); + setenv("SSH_ASKPASS_FD", zerossh_exchange_fd, true); + + if (fgets(password, sizeof(password)-1, stdin) == NULL) + *password = '\0'; + p = password + strlen(password); + *p++ = '\n'; + *p++ = '\0'; + fclose(stdin); + + /* + * STDIN_FILENO and STDERR_FILENO must be open, otherwise fuse/ssh + * and -- for some reason, the pipe writer -- feels very upset. + */ + fd = open("/dev/null", O_RDONLY); + if (fd < 0) { + perror("open /dev/null"); + abort(); + } + if (fd != STDIN_FILENO) { + if (dup2(fd, STDIN_FILENO) < 0) { + perror("dup"); + abort(); + } + close(fd); + } + if (dup2(fd, STDERR_FILENO) < 0) { + perror("dup"); + abort(); + } + + if (pipe(pipe_fd) < 0) { + perror("pipe"); + abort(); + } + + /* + * Making the writer a subprocess makes for a very compact memory + * usage, allows to use no special signal setup, and even both + * interactive and non-interactive work as expected, that is, if + * mount.fuse detaches, so does the pipe writer with it. + */ + if ((pid = fork()) < 0) { + perror("fork"); + abort(); + } else if (pid == 0) { + return zerossh_pipe_writer(pipe_fd, password); + } + + return zerossh_exec(pipe_fd, &argv[1]); +} + +/** + * zerossh_askpass - askpass part of the program + * @in_fd: inherited pipe (from zerossh_exec) to read password from + * @out_fd: pipe to the ssh parent process wanting our password + */ +static int zerossh_askpass(int in_fd, int out_fd) +{ + ssize_t ret __attribute__((unused)); + char *buf, *p; + + buf = malloc(4096); + if (buf == NULL) { + perror("malloc"); + abort(); + } + + ret = read(in_fd, buf, 4096); + if (ret < 0) { + perror("read"); + abort(); + } + + close(in_fd); + p = memchr(buf, '\n', ret); + /* ignore return values of write() */ + if (p == NULL) + ret = write(out_fd, buf, ret); + else + ret = write(out_fd, buf, p - buf + 1); + + close(out_fd); + return EXIT_SUCCESS; +} + +int main(int argc, const char **argv) +{ + const char *s; + + if (**argv != '/' && strchr(argv[0], '/') != NULL) + /* + * We either need an absolute path or something that is + * reachable through $PATH -- warn on everything else. + */ + fprintf(stderr, "You used a relative path -- ssh might not " + "locate the fd0ssh binary.\n"); + + s = getenv("SSH_ASKPASS_FD"); + if (s != NULL) + return zerossh_askpass(strtoul(s, NULL, 0), STDOUT_FILENO); + + if (argc == 1) { + fprintf(stderr, + "This program is not run from an interactive prompt, " + "but rather from a script which utilizes it.\n" + "Semantic call syntax:\n" + "\t""echo $password | %s [options...]\n", + *argv); + return EXIT_FAILURE; + } + + close(STDERR_FILENO); + return zerossh_setup(argc, argv); +} Index: libpam-mount-2.14~git2+ad53f3559/src/Makefile.am =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/src/Makefile.am 2012-07-30 17:53:51.000000000 +0200 +++ libpam-mount-2.14~git2+ad53f3559/src/Makefile.am 2012-08-09 11:59:03.213846161 +0200 @@ -7,6 +7,7 @@ AM_CFLAGS = ${regular_CFLAGS} ${GCC_FVIS moduledir = @PAM_MODDIR@ module_LTLIBRARIES = pam_mount.la +bin_PROGRAMS = pmt-fd0ssh sbin_PROGRAMS = pmvarrun if HAVE_LIBCRYPTSETUP sbin_PROGRAMS += pmt-ehd @@ -75,6 +76,8 @@ mount_crypt_LDADD = libcryptmount.la lib pmt_ehd_SOURCES = ehd.c bdev.c misc.c spawn.c pmt_ehd_LDADD = libcryptmount.la ${libHX_LIBS} ${libcryptsetup_LIBS} +pmt_fd0ssh_SOURCES = fd0ssh.c + # # runtime helpers # debian/patches/005-debian-manpages0000644000000000000000000000125212010704740014050 0ustar Correct path to original author info. Index: libpam-mount-2.14~git2+ad53f3559/doc/pmvarrun.8 =================================================================== --- libpam-mount-2.14~git2+ad53f3559.orig/doc/pmvarrun.8 2012-07-30 17:53:51.000000000 +0200 +++ libpam-mount-2.14~git2+ad53f3559/doc/pmvarrun.8 2012-08-09 11:54:53.555368711 +0200 @@ -55,5 +55,5 @@ This manpage was originally written by B for the Debian distribution of libpam\-mount but may be used by others. .PP -See /usr/share/doc/packages/pam_mount/AUTHORS for the list of original authors +See /usr/share/doc/packages/libpam\-mount/copyright for the list of original authors of pam_mount. debian/patches/010-mount-crypt-libs0000644000000000000000000000127412162371406014274 0ustar Index: libpam-mount-2.14~zgit2+aa0d624e/src/Makefile.am =================================================================== --- libpam-mount-2.14~zgit2+aa0d624e.orig/src/Makefile.am 2013-06-25 21:42:50.159694738 +0200 +++ libpam-mount-2.14~zgit2+aa0d624e/src/Makefile.am 2013-06-25 21:44:00.806435651 +0200 @@ -71,7 +71,7 @@ autoloop_LDADD = libcryptmount.la ${lib # mount helpers # mount_crypt_SOURCES = mtcrypt.c spawn.c -mount_crypt_LDADD = libcryptmount.la libpmt_mtab.la ${libHX_LIBS} +mount_crypt_LDADD = libcryptmount.la libpmt_mtab.la ${libHX_LIBS} ${libcrypto_LIBS} pmt_ehd_SOURCES = ehd.c bdev.c misc.c spawn.c pmt_ehd_LDADD = libcryptmount.la ${libHX_LIBS} ${libcryptsetup_LIBS} debian/copyright0000644000000000000000000000404711321340517011123 0ustar This package was debianized by Bastian Kleineidam on Sat, 10 Aug 2002 20:46:10 +0200. It was downloaded from http://sourceforge.net/projects/pam-mount Upstream Authors: W. Michael Petullo Jan Engelhardt Bastian Kleineidam Copyright: All source files have appropriate copyright notices in them. Basically these copyrights are given: Copyright (c) W. Michael Petullo , 2004 Copyright (c) Jan Engelhardt , 2005 - 2009 Copyright (c) Bastian Kleineidam , 2005 License: The "pam_mount.so" library and the .c source files to build it are free software; you can redistribute it/them and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The "pmvarrun", "mount.crypt", "mount.encfs13" programs, especially their .c file which has the "main" function it, can be redistributed and/or modified under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The program "pmt-ofl" and its source (from the "hxtools" software package) are released in the Public Domain. The program "pmt-fd0ssh" and its source (from the "hxtools" software package) are free software; you can redistribute them and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 or 3 of the License. The license texts are available in the file "/usr/share/common-licenses/LGPL-2.1" and "/usr/share/common-licenses/LGPL-3". The GNU GPL as mentioned in the LGPL3 text is available in the file "/usr/share/common-licenses/GPL-3". The Debian packaging files debian/* are free software; you can redistribute them and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 or 3 of the License.