encryptfs-utils porting on SailfishOS

ecryptfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* encryptfs-utils porting on SailfishOS
@ 2016-08-10 16:12 Filin Ilya
  0 siblings, 0 replies; only message in thread
From: Filin Ilya @ 2016-08-10 16:12 UTC (permalink / raw)
  To: ecryptfs

[-- Attachment #1: Type: text/plain, Size: 479 bytes --]

Hi, Thanks for your work. Very useful utils.

Now i porting ecryptfs-utils (version 111 from sources) & keyutils (version 1.5.9 from sources) to SailfishOS.
While preparing rpm build, i change some files and compilers flags for correct build.

So this text in attached file, the part of git diff.

My project:
https://git.merproject.org/ifilin

I hope, this mail is right way to tell about problems in ercyptfs porting. 
-- 
С уважением,
Filin Ilya
ifilin88@yandex.ru

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: commit-5f0da97 --]
[-- Type: text/x-diff; name="commit-5f0da97", Size: 4032 bytes --]

From 5f0da97b004ccaaee66d0f708f51cc9cb24dfa14 Mon Sep 17 00:00:00 2001
From: ifilin <ifilin88@yandex.ru>
Date: Mon, 8 Aug 2016 15:49:00 +0300
Subject: add&edit specs from Fedora

WARN!!!
Need Wno flags, in rpm build specs files!!!

#orig export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits -Wno-unused"
export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits -Wno-unused -Wno-pointer-sign -Wno-unused-result"


diff --git a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
index 39cae0d..7180bbc 100644
--- a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
+++ b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
@@ -51,10 +51,11 @@
 #include "../include/decision_graph.h"
 
 struct pkcs11h_data {
	char *serialized_id;	
 	unsigned char *certificate_blob;
 	size_t certificate_blob_size;
 	char *passphrase;
+	
 };
 
 struct pkcs11h_subgraph_key_ctx {
@@ -1157,11 +1158,26 @@ static int tf_pkcs11h_key_x509file(struct ecryptfs_ctx *ctx, struct param_node *
 			goto out;
 		}
 
-		if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, NULL)) < 0	) {
+// ifilin 2016-08-04 begin
+//		if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, NULL)) < 0	) {
+//			syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
+//			rc = -EIO;
+//			goto out;
+//		}
+// ifilin 2016-08-04 orig end
+		
+		if ((rc = i2d_X509 (x509, NULL)) < 0	) {
 			syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
 			rc = -EIO;
 			goto out;
 		}
+		else
+		{
+			subgraph_key_ctx->pkcs11h_data.certificate_blob_size = rc;
+			rc = -errno;
+		}
+		
+// ifilin 2016-08-04 end
 
 		if (
 			(subgraph_key_ctx->pkcs11h_data.certificate_blob = (unsigned char *)malloc (
@@ -1178,11 +1194,24 @@ static int tf_pkcs11h_key_x509file(struct ecryptfs_ctx *ctx, struct param_node *
 		 */
 		p = subgraph_key_ctx->pkcs11h_data.certificate_blob;
 
-		if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, &p)) < 0) {
+// ifilin 2016-08-04 begin
+//		if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, &p)) < 0) {
+//			syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
+//			goto out;
+//		}
+//	}
+// ifilin 2016-08-04 orig end
+		if ((rc = i2d_X509 (x509, &p)) < 0) {
 			syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
 			goto out;
 		}
+		else
+		{
+			 subgraph_key_ctx->pkcs11h_data.certificate_blob_size = rc;
+			 rc = -errno;
+		}
 	}
+// ifilin 2016-08-04 end
 
 	node->val = NULL;
 	if ((rc = ecryptfs_pkcs11h_process_key(subgraph_key_ctx, mnt_params))) {
diff --git a/src/utils/ecryptfs_generate_tpm_key.c b/src/utils/ecryptfs_generate_tpm_key.c
index 002ae70..46d290d 100644
--- a/src/utils/ecryptfs_generate_tpm_key.c
+++ b/src/utils/ecryptfs_generate_tpm_key.c
@@ -108,7 +108,9 @@ int main(int argc, char **argv)
 					free(pcrsSelected);
 					return -1;
 				}
-				pcrsSelected = tmp_pcrs;
+				//ifilin 2016-08-04 - next orig line
+				//pcrsSelected = tmp_pcrs;
+				pcrsSelected = (int *)tmp_pcrs;// safe couse realloc sizeof(int) in line 101
 				pcrsSelected[numPcrsSelected - 1] =
 					atoi(optarg);
 				break;
diff --git a/src/utils/mount.ecryptfs_private.c b/src/utils/mount.ecryptfs_private.c
index 1a63d1d..9617948 100644
--- a/src/utils/mount.ecryptfs_private.c
+++ b/src/utils/mount.ecryptfs_private.c
@@ -232,7 +232,8 @@ static int check_cwd_f_type()
 	 *
 	 * This whitelist is to prevent malicious mount.ecryptfs_private users
 	 * from mounting over filesystem types such as PROC_SUPER_MAGIC to
-	 * deceive other programs with a crafted /proc/self/*. See
+	 //ifilin 2016-08-04 remove star char after self/
+	 * deceive other programs with a crafted /proc/self/. See
 	 * https://launchpad.net/bugs/1530566 for more details.
 	 */
 	__SWORD_TYPE f_type_whitelist[] = {
@@ -276,7 +277,7 @@ static int check_cwd_f_type()
 
 	fprintf(stderr,
 		"Refusing to mount over an unapproved filesystem type: %#lx\n",
-		buf.f_type);
+		(long unsigned int)buf.f_type);
 	return 1;
 }
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2016-08-10 18:18 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-10 16:12 encryptfs-utils porting on SailfishOS Filin Ilya

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).