Always try to read configuration from crypttab in handle_unlock

2017-12-04 14:57:27 +01:00 · 2017-12-04 14:57:27 +01:00 · ed422951e3
parent 163d991fc1
commit ed422951e3
2 changed files with 66 additions and 1 deletions
--- a/udisks-2.6.5-fix-crypttab-name-open.patch
+++ b/udisks-2.6.5-fix-crypttab-name-open.patch
@ -0,0 +1,60 @@
+From fe99b1f8e790e0f4c466ad027a9d1a017b842d01 Mon Sep 17 00:00:00 2001
+From: Vojtech Trefny <vtrefny@redhat.com>
+Date: Mon, 4 Dec 2017 14:53:14 +0100
+Subject: [PATCH] Always try to read configuration from crypttab in
+ handle_unlock
+
+Even if we have passphrase from user, we still need to check
+crypttab for name and options.
+---
+ src/udiskslinuxencrypted.c | 27 ++++++++++++++-------------
+ 1 file changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/src/udiskslinuxencrypted.c b/src/udiskslinuxencrypted.c
+index 5789eff..16a404d 100644
+--- a/src/udiskslinuxencrypted.c
+++ b/src/udiskslinuxencrypted.c
+@@ -325,6 +325,20 @@ handle_unlock (UDisksEncrypted        *encrypted,
+       goto out;
+     }
+ 
+  /* check if in crypttab file */
+  error = NULL;
+  if (!check_crypttab (block,
+                       TRUE,
+                       &is_in_crypttab,
+                       &crypttab_name,
+                       &crypttab_passphrase,
+                       &crypttab_options,
+                       &error))
+    {
+      g_dbus_method_invocation_take_error (invocation, error);
+      goto out;
+    }
+
+   /* we need the uid of the caller for the unlocked-luks file */
+   error = NULL;
+   if (!udisks_daemon_util_get_caller_uid_sync (daemon, invocation, NULL /* GCancellable */, &caller_uid, NULL, NULL, &error))
+@@ -345,19 +359,6 @@ handle_unlock (UDisksEncrypted        *encrypted,
+     }
+   else
+     {
+-      /* check if in crypttab file */
+-      error = NULL;
+-      if (!check_crypttab (block,
+-                           TRUE,
+-                           &is_in_crypttab,
+-                           &crypttab_name,
+-                           &crypttab_passphrase,
+-                           &crypttab_options,
+-                           &error))
+-        {
+-          g_dbus_method_invocation_take_error (invocation, error);
+-          goto out;
+-        }
+       if (is_in_crypttab && crypttab_passphrase != NULL && strlen (crypttab_passphrase) > 0)
+         {
+           effective_passphrase = g_string_new (crypttab_passphrase);
+-- 
+1.8.3.1
+
--- a/udisks2.spec
+++ b/udisks2.spec
@ -16,13 +16,14 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.6.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group:   System Environment/Libraries
 URL:     https://github.com/storaged-project/udisks
 Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
 Patch0:  udisks-2.6.5-fix-changed-signal-filtering.patch
 Patch1:  udisks-2.6.5-do-not-try-remove-changed_blacklist-hashtable.patch
+Patch2:  udisks-2.6.5-fix-crypttab-name-open.patch

 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@ -192,6 +193,7 @@ This package contains module for ZRAM configuration.
 %setup -q -n udisks-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 %build
 autoreconf -ivf
@ -333,6 +335,9 @@ systemctl try-restart udisks2
 %endif

 %changelog
+* Mon Dec 04 2017 Vojtech Trefny <vtrefny@redhat.com> - 2.6.5-4
+- Always try to read configuration from crypttab in handle_unlock
+
 * Tue Jun 20 2017 Vojtech Trefny <vtrefny@redhat.com> - 2.6.5-3
 - Do not try to remove changed_blacklist hash table in finalize