c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-22 02:27:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

pam: implement a zfs_key pam module

Browse Source 
Implements a pam module for automatically loading zfs encryption keys 
for home datasets. The pam module:

  - loads a zfs key and mounts the dataset when a session opens.
  - unmounts the dataset and unloads the key when the session closes.
  - when the user is logged on and changes the password, the module
    changes the encryption key.

Reviewed-by: Richard Laager <rlaager@wiktel.com>
Reviewed-by: @jengelh <jengelh@inai.de>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes #9886
Closes #9903
This commit is contained in:
felixdoerre
2020-06-25 03:45:44 +02:00
committed by GitHub
parent 7513807320
commit 221e67040f
19 changed files with 1058 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/user-pam.m4
+37
View File
@@ -0,0 +1,37 @@
AC_DEFUN([ZFS_AC_CONFIG_USER_PAM], [
AC_ARG_ENABLE([pam],
AS_HELP_STRING([--enable-pam],
[install pam_zfs_key module [[default: check]]]),
[enable_pam=$enableval],
[enable_pam=check])
AC_ARG_WITH(pammoduledir,
AS_HELP_STRING([--with-pammoduledir=DIR],
[install pam module in dir [[$libdir/security]]]),
[pammoduledir="$withval"],[pammoduledir=$libdir/security])
AC_ARG_WITH(pamconfigsdir,
AS_HELP_STRING([--with-pamconfigsdir=DIR],
[install pam-config files in dir [[/usr/share/pamconfigs]]]),
[pamconfigsdir="$withval"],[pamconfigsdir=/usr/share/pam-configs])
AS_IF([test "x$enable_pam" != "xno"], [
AC_CHECK_HEADERS([security/pam_modules.h], [
enable_pam=yes
], [
AS_IF([test "x$enable_pam" == "xyes"], [
AC_MSG_FAILURE([
*** security/pam_modules.h missing, libpam0g-dev package required
])
],[
enable_pam=no
])
])
])
AS_IF([test "x$enable_pam" == "xyes"], [
DEFINE_PAM='--with "pam" --define "_pamconfigsdir $(pamconfigsdir)"'
])
AC_SUBST(DEFINE_PAM)
AC_SUBST(pammoduledir)
AC_SUBST(pamconfigsdir)
])
config/user.m4
+1
View File
@@ -17,6 +17,7 @@ AC_DEFUN([ZFS_AC_CONFIG_USER], [
ZFS_AC_CONFIG_USER_LIBUDEV
ZFS_AC_CONFIG_USER_LIBSSL
ZFS_AC_CONFIG_USER_LIBAIO
ZFS_AC_CONFIG_USER_PAM
ZFS_AC_CONFIG_USER_RUNSTATEDIR
ZFS_AC_CONFIG_USER_MAKEDEV_IN_SYSMACROS
ZFS_AC_CONFIG_USER_MAKEDEV_IN_MKDEV
config/zfs-build.m4
+2
View File
@@ -223,6 +223,7 @@ AC_DEFUN([ZFS_AC_CONFIG], [
[test "x$qatsrc" != x ])
AM_CONDITIONAL([WANT_DEVNAME2DEVID], [test "x$user_libudev" = xyes ])
AM_CONDITIONAL([WANT_MMAP_LIBAIO], [test "x$user_libaio" = xyes ])
AM_CONDITIONAL([PAM_ZFS_ENABLED], [test "x$enable_pam" = xyes])
])
dnl #
@@ -284,6 +285,7 @@ AC_DEFUN([ZFS_AC_RPM], [
RPM_DEFINE_UTIL+=' $(DEFINE_INITRAMFS)'
RPM_DEFINE_UTIL+=' $(DEFINE_SYSTEMD)'
RPM_DEFINE_UTIL+=' $(DEFINE_PYZFS)'
RPM_DEFINE_UTIL+=' $(DEFINE_PAM)'
RPM_DEFINE_UTIL+=' $(DEFINE_PYTHON_VERSION)'
RPM_DEFINE_UTIL+=' $(DEFINE_PYTHON_PKG_VERSION)'