eCryptfs

ecryptfs-migrate-home lacks networked passwd database support

Bug #627506 reported by Pres-Gas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eCryptfs
Fix Released
Low
Dustin Kirkland 
ecryptfs-utils (Ubuntu)
Fix Released
Low
Dustin Kirkland 

Bug Description

ecryptfs-migrate-home is hard coded to look at "/etc/passwd" only for home directories. The function starts at line 81 and is called "get_user_home ()". It is possible to use in the function "getent" to also find homes in "/etc/passwd" and other databases that can be listed in "/etc/nsswitch.conf".

I modified line 84 from:
 local USER_HOME=$(grep "^$USER_NAME:" /etc/passwd | cut -d":" -f 6)
to
 local USER_HOME=$(getent passwd $USER_NAME | cut -d":" -f 6)

and tested on a machine joined to an active directory domain. In my testing, it successfully found/encrypted the home directory of a username not listed in /etc/passwd, but in active directory. Additionally, I was able to log in with that username and the directory successfully decrypted and mounted.

I am attaching the modified script, called "ecryptfs-migrate-home-enhanced", but figured the simple modification of line 84 would suffice.

Revision history for this message
Pres-Gas (presgas) wrote :
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Dustin, would you mind ack'ing this?

Changed in ecryptfs:
assignee: nobody → Dustin Kirkland (kirkland)
Revision history for this message
Yan Li (yanli) wrote :

I'm the original author of ecryptfs-migrate-home, I think this change looks good. I'll test it here.

Revision history for this message
Dustin Kirkland  (kirkland) wrote : Re: [Bug 627506] Re: ecryptfs-migrate-home lacks networked passwd database support

On Wed, Sep 8, 2010 at 11:33 PM, Yan Li <email address hidden> wrote:
> I'm the original author of ecryptfs-migrate-home, I think this change
> looks good. I'll test it here.

Thanks for following, Yan Li ;-)

Yeah, if it works for you, I'll gladly merge it in.

Revision history for this message
Pres-Gas (presgas) wrote :

I thought I would check in to see if this was confirmed. It would be
nice if it was to make it in to 10.10. Is it too late for that?

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

I think it's probably too late for 10.10's GA.

However, if the fix is simple enough, and this is really important to
you, we probably can get it into an SRU.

Revision history for this message
Pres-Gas (presgas) wrote :

You know I just realized, Dustin that your last post may have been a question. So the answer is:

Sure, it is important to me, but not urgent. If there is a way to merge it in to 84 so that it begins to flow downstream, that would be good.

Revision history for this message
Pres-Gas (presgas) wrote :

I thought I would check in on this. I went to the bazaar trunk, and saw the ecryptfs-migrate-home is still the same. Thanks, guys!

Dustin Kirkland  (kirkland)
Changed in ecryptfs:
status: New → In Progress
importance: Undecided → Low
Changed in ecryptfs-utils (Ubuntu):
assignee: nobody → Dustin Kirkland (kirkland)
importance: Undecided → Low
status: New → In Progress
Dustin Kirkland  (kirkland)
Changed in ecryptfs:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ecryptfs-utils - 85-0ubuntu1

---------------
ecryptfs-utils (85-0ubuntu1) natty; urgency=low

  [ Dustin Kirkland ]
  * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
  * src/utils/mount.ecryptfs_private.c:
    - fix bug LP: #313812, clear used keys on unmount
    - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
      umount.ecryptfs behave similarly
    - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek

  [ <email address hidden> ]
  * src/utils/ecryptfs-migrate-home:
    - support user databases outside of /etc/passwd, LP: #627506
 -- Dustin Kirkland <email address hidden> Sun, 19 Dec 2010 10:50:52 -0600

Changed in ecryptfs-utils (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.