[Ecryptfs-devel] [PATCH] pam_ecryptfs.c: add hooks to mount/umount private directory

Fri, 27 Jun 2008 14:11:00 -0700 

[PATCH] pam_ecryptfs.c: add hooks to mount/umount private directory

This patch contains the code to mount/unmount automatically on PAM
login/logout.

Changes:

 * #define of PRIVATE_DIR ...  I know, I know, this needs to go to a
header file included by all references to it.  A followup patch should
fix this comprehensively.

 * Create a helper function to fetch_pwd()

 * Create a helper function to mount/unmount private_dir(), switching on
a binary 1/0 flag passed in.  All of the setup is identical.  Only thing
that changes is the binary that is exec'd.  Check for existence of an
appropriate .sig file and perform the mount/umount based on that.  Fork
to run the mount.ecryptfs_private or unmount.ecryptfs_private with real
and effective uid's set to the non-privileged user.  VERY VERY
IMPORTANT!

 * Create two helper functions, mount_private_dir() and
umount_private_dir().

 * Keep pam_sm_open_session() and pam_sm_close_session() by calling the
helper functions mount_private_dir() and umount_private_dir().

 * One inconvenient side effect of all of this is that the Private
directory will be unmounted on every session logout.  This might occur
while the user has other sessions open using ssh, or gdm, perhaps.  In
this case, we have a temporary solution.  The last bit of the patch
affects ecryptfs-setup-confidential.  There, I have changed the text of
the file that exists in the ~/Private directory when not mounted.  I
have also made this a symlink to the mount.ecryptfs_private program
which can solve this problem for the user.  This isn't a permanent
solution, but does provide the user some useful information as well as a
viable path to remount the directory.



Signed-off-by: Dustin Kirkland <[EMAIL PROTECTED]>
-- 
:-Dustin

Dustin Kirkland
Ubuntu Server Developer
Canonical, LTD
[EMAIL PROTECTED]
GPG: 1024D/83A61194

Attachment: signature.asc
Description: This is a digitally signed message part

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
eCryptfs-devel mailing list
eCryptfs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel

Reply via email to