Yum broken & PAM-mount broken

Casimiro de Almeida Barreto casimiro.barreto at gmail.com
Sat Sep 13 15:45:47 UTC 2008 

Till Maas escreveu:
> On Sat September 13 2008, Casimiro de Almeida Barreto wrote:
>   
>> Till Maas escreveu:
>>     
>>> On Sat September 13 2008, Casimiro de Almeida Barreto wrote:
>>> [nothing about pam_mount]
>>>
>>> Regarding the subject, what is in which version of pam_mount for you
>>> broken? And please create a bug report for this, if it is not fixed in
>>> pam_mount 0.48.
>>>       
>
>   
>> I'll fill bugzilla. Anyways the "official pam_mount" for fc9 is 0.47 as
>> shown:
>>     
>
> With the next push, pam_mount should be updated to 0.48 in Fedora 8 and 9:
> https://admin.fedoraproject.org/updates/pam_mount-0.48-2.fc9,libHX-1.25-1.fc9
>
> Regards,
> Till
>   
Ok,

I'm transcripting the debugging information. First of all I have an
encripted "partition" for /home/casimiro that is mount via loop0. It was
working well until last update. It is still mounting when I use input lile:

# openssl aes-256-cbc -d -in /etc/pki/cryptofs/mykey.key | mount -p0 -o
loop,encryption=aes-cbc-256,rw /xxx/yyy.img /home/casimiro

But, when it goes to PAM... that's what happen:

Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:259)
pam_mount 0.47: entering auth stage
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:269) could
not get password from PAM system
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:191) enter
read_password
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:294) saving
authtok for session code (authtok=0x8e0d630)
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:437)
pam_mount 0.47: entering session stage
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:458) back
from global readconfig
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:460) per-user
configurations not allowed by pam_mount.conf.xml
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(misc.c:45) Session open:
(uid=0, euid=0, gid=501, egid=501)
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(rdconf2.c:190) checking
sanity of volume record (/home/.casimiro.img)
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:512) about to
perform mount operations
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:364) information
for mount:
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:365)
----------------------
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:366) (defined by
globalconf)
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:367)
user:          casimiro
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:368)
server:        (null)
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:369)
volume:        /xxx/yyy.img
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:370)
mountpoint:    /home/casimiro
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:371)
options:       loop,encryption=aes-cbc-256,rw
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:372)
fs_key_cipher: aes-256-cbc
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:373)
fs_key_path:   /etc/pki/cryptofs/mykey.key
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:374) use_fstab:     0
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:375)
----------------------
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:151) realpath of
volume "/home/casimiro" is "/home/casimiro"
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:155) checking to
see if /xxx/yyy.img is already mounted at /home/casimiro
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:824) checking for
encrypted filesystem key configuration
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:831) decrypting
FS key using system auth. token and aes-256-cbc
Sep 13 12:14:28 terra kdm[3019]: Unknown session exit code 0 (sig 6)
from manager process
Sep 13 12:14:28 terra kdm_greet[3072]: Cannot read from core
Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:259) pam_mount 0.47:
entering auth stage
Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:269) could not get
password from PAM system
Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:191) enter read_password
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:294) saving authtok
for session code (authtok=0x94f04d8)
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:437) pam_mount 0.47:
entering session stage
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:458) back from global
readconfig
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:460) per-user
configurations not allowed by pam_mount.conf.xml
Sep 13 12:14:42 terra login: pam_mount(misc.c:45) Session open: (uid=0,
euid=0, gid=0, egid=0)
Sep 13 12:14:42 terra login: pam_mount(rdconf2.c:190) checking sanity of
volume record (/xxx/yyy.img)
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:512) about to perform
mount operations
Sep 13 12:14:42 terra login: pam_mount(mount.c:364) information for mount:
Sep 13 12:14:42 terra login: pam_mount(mount.c:365) ----------------------
Sep 13 12:14:42 terra login: pam_mount(mount.c:366) (defined by globalconf)
Sep 13 12:14:42 terra login: pam_mount(mount.c:367) user:          casimiro
Sep 13 12:14:42 terra login: pam_mount(mount.c:368) server:        (null)
Sep 13 12:14:42 terra login: pam_mount(mount.c:369) volume:       
/xxx/yyy.img
Sep 13 12:14:42 terra login: pam_mount(mount.c:370) mountpoint:   
/home/casimiro
Sep 13 12:14:42 terra login: pam_mount(mount.c:371) options:      
loop,encryption=aes-cbc-256,rw
Sep 13 12:14:42 terra login: pam_mount(mount.c:372) fs_key_cipher:
aes-256-cbc
Sep 13 12:14:42 terra login: pam_mount(mount.c:373) fs_key_path:  
/etc/pki/cryptofs/mykey.key
Sep 13 12:14:42 terra login: pam_mount(mount.c:374) use_fstab:     0
Sep 13 12:14:42 terra login: pam_mount(mount.c:375) ----------------------
Sep 13 12:14:42 terra login: pam_mount(mount.c:151) realpath of volume
"/home/casimiro" is "/home/casimiro"
Sep 13 12:14:42 terra login: pam_mount(mount.c:155) checking to see if
/xxx/yyy.img is already mounted at /home/casimiro
Sep 13 12:14:42 terra login: pam_mount(mount.c:824) checking for
encrypted filesystem key configuration
Sep 13 12:14:42 terra login: pam_mount(mount.c:831) decrypting FS key
using system auth. token and aes-256-cbc
Sep 13 12:14:42 terra init: tty1 main process (3034) killed by ABRT signal
Sep 13 12:14:42 terra init: tty1 main process ended, respawning

And them, back to /etc/security/pam_mount.conf.xml:

<?xml version="1.0" encoding="UTF-8"?>
<pam_mount>

<debug enable="1" />

<mkmountpoint enable="1" />

<fsckloop device="/dev/loop7" />

<mntoptions allow="nosuid,nodev,loop,encryption,fsck" />

<mntoptions require="nosuid,nodev" />

<lsof>/usr/sbin/lsof %(MNTPT)</lsof>

<fsck>/sbin/fsck -p %(FSCKTARGET)</fsck>

<losetup>/sbin/losetup -p0 "%(before=\"-e\" CIPHER)" "%(before=\"-k\"
KEYBITS)" %(FSCKLOOP) %(VOLUME)</losetup>

<unlosetup>/sbin/losetup -d %(FSCKLOOP)</unlosetup>

<cifsmount>/bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o
"user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\"
OPTIONS)"</cifsmount>

<smbmount>/usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o
"username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\"
OPTIONS)"</smbmount>

<ncpmount>/usr/bin/ncpmount %(SERVER)/%(USER) %(MNTPT) -o
"pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"</ncpmount>

<smbumount>/usr/bin/smbumount %(MNTPT)</smbumount>

<ncpumount>/usr/bin/ncpumount %(MNTPT)</ncpumount>

<fusemount>/sbin/mount.fuse %(VOLUME) %(MNTPT) "%(before=\"-o\"
OPTIONS)"</fusemount>

<fuseumount>/usr/bin/fusermount -u %(MNTPT)</fuseumount>

<umount>/bin/umount %(MNTPT)</umount>

<lclmount>/bin/mount -p0 -t %(FSTYPE) %(VOLUME) %(MNTPT)
"%(before=\"-o\" OPTIONS)"</lclmount>

<cryptmount>/bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME)
%(MNTPT)</cryptmount>

<nfsmount>/bin/mount %(SERVER):%(VOLUME) %(MNTPT) "%(before=\"-o\"
OPTIONS)"</nfsmount>



<mntcheck>/bin/mount</mntcheck>

<pmvarrun>/usr/sbin/pmvarrun -u %(USER) -o %(OPERATION)</pmvarrun>

<volume fskeycipher="aes-256-cbc"
options="loop,encryption=aes-cbc-256,rw"
fskeypath="/etc/pki/cryptofs/mykey.key" user="casimiro"
mountpoint="/home/casimiro" path="/xxx/yyy.img" fstype="ext3" />

<volume fskeycipher="aes-256-cbc"
options="loop,encryption=aes-cbc-256,rw"
fskeypath="/media/disk/.developer.key" user="developer"
mountpoint="/home/developer" path="/media/disk/.developer.img"
fstype="ext3" />

</pam_mount>


note that developer is in a flash memory...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080913/b36871fe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080913/b36871fe/attachment.sig>

More information about the fedora-devel-list mailing list