=== modified file 'debian/changelog' --- debian/changelog 2013-02-21 01:56:33 +0000 +++ debian/changelog 2015-01-01 14:45:10 +0000 @@ -1,3 +1,10 @@ +ecryptfs-utils (104-0ubuntu2) utopic; urgency=medium + + * Allow backslashes in usernames for domain users + * Include pam configuration and scripts + + -- Dominikus Gierlach Thu, 25 Dec 2014 20:15:10 +0100 + ecryptfs-utils (104-0ubuntu1) trusty; urgency=low [ Colin King ] === added file 'debian/local/ecryptfs-nonlocal.pam-auth-update' --- debian/local/ecryptfs-nonlocal.pam-auth-update 1970-01-01 00:00:00 +0000 +++ debian/local/ecryptfs-nonlocal.pam-auth-update 2015-01-01 14:45:10 +0000 @@ -0,0 +1,16 @@ +Name: Enable EcryptFS for users from remote directories such as LDAP. +Default: no +Priority: 0 +Conflicts: ecryptfs-utils +Auth-Type: Additional +Auth-Final: + required pam_exec.so expose_authtok /etc/security/ecryptfs + optional pam_ecryptfs.so unwrap +Session-Type: Additional +Session-Final: + optional pam_ecryptfs.so unwrap + optional pam_exec.so seteuid /etc/security/mkhome +Password-Type: Additional +Password-Final: + optional pam_ecryptfs.so + === added directory 'debian/local/etc' === added directory 'debian/local/etc/security' === added file 'debian/local/etc/security/ecryptfs' --- debian/local/etc/security/ecryptfs 1970-01-01 00:00:00 +0000 +++ debian/local/etc/security/ecryptfs 2015-01-01 14:45:10 +0000 @@ -0,0 +1,26 @@ +#!/bin/bash + +home=`eval echo ~$PAM_USER` +ecryptfs=/home/.ecryptfs/$PAM_USER/.ecryptfs + +read password + +if [ -d $ecryptfs ]; then + # ecryptfs is set + echo "Ecryptfs is already configured" + exit 0 +elif [ `id -u` == 0 ]; then + # Setup ecryptfs and make home + umask 077 + mkdir -p $home + group=`id -gn $PAM_USER` + chown $PAM_USER:$group $home + + ecryptfs-setup-private -u $PAM_USER -l "$password" -b --nopwcheck + exit 0 +else + # NOT ROOT + echo "Cannot login with 'su' for the first time" + exit 1 +fi + === added file 'debian/local/etc/security/mkhome' --- debian/local/etc/security/mkhome 1970-01-01 00:00:00 +0000 +++ debian/local/etc/security/mkhome 2015-01-01 14:45:10 +0000 @@ -0,0 +1,10 @@ +#!/bin/bash + +cd ~ + +if [ ! -f .donotremove ] ; then + echo Copying /etc/skel + cp -ra /etc/skel/* ~ + touch .donotremove +fi + === modified file 'debian/rules' --- debian/rules 2013-02-21 01:56:33 +0000 +++ debian/rules 2015-01-01 14:45:10 +0000 @@ -18,8 +18,11 @@ override_dh_auto_install: dh_auto_install + install -D -m 0644 debian/local/ecryptfs-nonlocal.pam-auth-update debian/ecryptfs-utils/usr/share/pam-configs/ecryptfs-nonlocal install -D -m 0644 debian/local/ecryptfs-utils.pam-auth-update debian/ecryptfs-utils/usr/share/pam-configs/ecryptfs-utils - + + install -D -m 0755 debian/local/etc/security/* -t debian/ecryptfs-utils/etc/security + # Removing useless files find debian/tmp -name "*.pyc" | xargs rm -f @@ -39,9 +42,9 @@ override_dh_install: # Removing translation markers to work as an update-notifier hook sed -i 's/^_//' debian/tmp/usr/share/ecryptfs-utils/ecryptfs-record-passphrase - dh_install --fail-missing --sourcedir=debian/tmp + override_dh_python2: dh_python2 --no-guessing-versions === modified file 'src/utils/mount.ecryptfs_private.c' --- src/utils/mount.ecryptfs_private.c 2013-02-21 01:56:33 +0000 +++ src/utils/mount.ecryptfs_private.c 2015-01-01 14:45:10 +0000 @@ -102,7 +102,8 @@ * adduser: To avoid problems, the username should consist only of * letters, digits, underscores, periods, at signs and dashes, and not start * with a dash (as defined by IEEE Std 1003.1-2001). For compatibility with - * Samba machine accounts $ is also supported at the end of the username + * Samba machine accounts $ is also supported at the end of the username. + * For compatibility with domain users, backslash is also supported. */ int i; char c; @@ -120,7 +121,8 @@ !(c>='0' && c<='9') && !(c=='_') && !(c=='.') && !(c=='@') && !(c=='-' && i!=0) && - !(c=='$' && i==(len-1)) + !(c=='$' && i==(len-1)) && + !(c=='\\') ) { fputs("Username has unsupported characters\n", stderr); return 1;