The suid sets the ~/.ecryptfs to owner root, so user don't have access to this
directory.
Anyway... It is safer to recursive create the directories as the filename
already contain
required directory, so if users specify differnet directory the ~/.ecryptfs is
not created.
Signed-off-by: Alon Bar-Lev <[EMAIL PROTECTED]>
---
diff --git a/src/key_mod/ecryptfs_key_mod_openssl.c
b/src/key_mod/ecryptfs_key_mod_openssl.c
index e0cc4ed..941e6c0 100644
--- a/src/key_mod/ecryptfs_key_mod_openssl.c
+++ b/src/key_mod/ecryptfs_key_mod_openssl.c
@@ -27,6 +27,7 @@
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
+#include <libgen.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
@@ -182,56 +183,58 @@ out:
}
static int
+ecryptfs_openssl_mkdir_recursive(char *dir, mode_t mode)
+{
+ char *temp = NULL;
+ char *parent = NULL;
+ int rc;
+
+ if (!strcmp(dir, ".") || !strcmp(dir, "/"))
+ return 0;
+
+ temp = strdup(dir);
+ if (temp == NULL) {
+ rc = -ENOMEM;
+ goto out;
+ }
+
+ parent = dirname(temp);
+
+ rc = ecryptfs_openssl_mkdir_recursive(parent, mode);
+ if (rc)
+ goto out;
+
+ if (mkdir(dir, mode) == -1) {
+ if (errno != EEXIST) {
+ rc = -errno;
+ goto out;
+ }
+ }
+
+ rc = 0;
+
+out:
+ free(temp);
+ return rc;
+}
+
+static int
ecryptfs_openssl_write_key_to_file(RSA *rsa, char *filename, char *passphrase)
{
- uid_t id;
- struct passwd *pw;
- char *ecryptfs_dir = NULL;
- char *pki_dir = NULL;
- char *openssl_dir = NULL;
+ char *dir = NULL;
BIO *out;
const EVP_CIPHER *enc = EVP_aes_256_cbc();
int rc = 0;
- id = getuid();
- pw = getpwuid(id);
- if (!pw) {
- syslog(LOG_ERR, "%s: Unable to get the current directory from "
- "the passwd file on this system\n", __FUNCTION__);
- rc = -EIO;
- goto out_free_paths;
- }
- rc = asprintf(&ecryptfs_dir, "%s/.ecryptfs", pw->pw_dir);
- if (rc == -1) {
+ dir = strdup(filename);
+ if (dir == NULL) {
rc = -ENOMEM;
goto out_free_paths;
}
- rc = asprintf(&pki_dir, "%s/.ecryptfs/pki", pw->pw_dir);
- if (rc == -1) {
- rc = -ENOMEM;
- goto out_free_paths;
- }
- rc = asprintf(&openssl_dir, "%s/.ecryptfs/pki/openssl", pw->pw_dir);
- if (rc == -1) {
- rc = -ENOMEM;
- goto out_free_paths;
- }
- rc = mkdir(ecryptfs_dir, 0700);
- if (rc && rc != EEXIST) {
- syslog(LOG_ERR, "%s: Error attempting to mkdir [%s]; "
- "rc = [%d]\n", __FUNCTION__, ecryptfs_dir, rc);
- goto out_free_paths;
- }
- rc = mkdir(pki_dir, 0700);
- if (rc && rc != EEXIST) {
- syslog(LOG_ERR, "%s: Error attempting to mkdir [%s]; "
- "rc = [%d]\n", __FUNCTION__, pki_dir, rc);
- goto out_free_paths;
- }
- rc = mkdir(openssl_dir, 0700);
- if (rc && rc != EEXIST) {
+ rc = ecryptfs_openssl_mkdir_recursive(dirname(dir), 0700);
+ if (rc) {
syslog(LOG_ERR, "%s: Error attempting to mkdir [%s]; "
- "rc = [%d]\n", __FUNCTION__, openssl_dir, rc);
+ "rc = [%d]\n", __FUNCTION__, dir, rc);
goto out_free_paths;
}
if ((out = BIO_new(BIO_s_file())) == NULL) {
@@ -253,9 +256,7 @@ ecryptfs_openssl_write_key_to_file(RSA *rsa, char
*filename, char *passphrase)
out_free_bio:
BIO_free_all(out);
out_free_paths:
- free(ecryptfs_dir);
- free(pki_dir);
- free(openssl_dir);
+ free(dir);
return rc;
}
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
eCryptfs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
