diff options
| author | felixdoerre <[email protected]> | 2020-06-25 03:45:44 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2020-06-24 18:45:44 -0700 |
| commit | 221e67040fc47c15b3da2afb09bb48f1e9700fb9 (patch) | |
| tree | 4d06425fb5abb067990e8b936b2a909f39e08da5 /config | |
| parent | 75138073208674967d0fb238f1b6210da224db36 (diff) | |
pam: implement a zfs_key pam module
Implements a pam module for automatically loading zfs encryption keys
for home datasets. The pam module:
- loads a zfs key and mounts the dataset when a session opens.
- unmounts the dataset and unloads the key when the session closes.
- when the user is logged on and changes the password, the module
changes the encryption key.
Reviewed-by: Richard Laager <[email protected]>
Reviewed-by: @jengelh <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Felix Dörre <[email protected]>
Closes #9886
Closes #9903
Diffstat (limited to 'config')
| -rw-r--r-- | config/user-pam.m4 | 37 | ||||
| -rw-r--r-- | config/user.m4 | 1 | ||||
| -rw-r--r-- | config/zfs-build.m4 | 2 |
3 files changed, 40 insertions, 0 deletions
diff --git a/config/user-pam.m4 b/config/user-pam.m4 new file mode 100644 index 000000000..1d376681d --- /dev/null +++ b/config/user-pam.m4 @@ -0,0 +1,37 @@ +AC_DEFUN([ZFS_AC_CONFIG_USER_PAM], [ + AC_ARG_ENABLE([pam], + AS_HELP_STRING([--enable-pam], + [install pam_zfs_key module [[default: check]]]), + [enable_pam=$enableval], + [enable_pam=check]) + + AC_ARG_WITH(pammoduledir, + AS_HELP_STRING([--with-pammoduledir=DIR], + [install pam module in dir [[$libdir/security]]]), + [pammoduledir="$withval"],[pammoduledir=$libdir/security]) + + AC_ARG_WITH(pamconfigsdir, + AS_HELP_STRING([--with-pamconfigsdir=DIR], + [install pam-config files in dir [[/usr/share/pamconfigs]]]), + [pamconfigsdir="$withval"],[pamconfigsdir=/usr/share/pam-configs]) + + AS_IF([test "x$enable_pam" != "xno"], [ + AC_CHECK_HEADERS([security/pam_modules.h], [ + enable_pam=yes + ], [ + AS_IF([test "x$enable_pam" == "xyes"], [ + AC_MSG_FAILURE([ + *** security/pam_modules.h missing, libpam0g-dev package required + ]) + ],[ + enable_pam=no + ]) + ]) + ]) + AS_IF([test "x$enable_pam" == "xyes"], [ + DEFINE_PAM='--with "pam" --define "_pamconfigsdir $(pamconfigsdir)"' + ]) + AC_SUBST(DEFINE_PAM) + AC_SUBST(pammoduledir) + AC_SUBST(pamconfigsdir) +]) diff --git a/config/user.m4 b/config/user.m4 index b69412fda..c09705bde 100644 --- a/config/user.m4 +++ b/config/user.m4 @@ -17,6 +17,7 @@ AC_DEFUN([ZFS_AC_CONFIG_USER], [ ZFS_AC_CONFIG_USER_LIBUDEV ZFS_AC_CONFIG_USER_LIBSSL ZFS_AC_CONFIG_USER_LIBAIO + ZFS_AC_CONFIG_USER_PAM ZFS_AC_CONFIG_USER_RUNSTATEDIR ZFS_AC_CONFIG_USER_MAKEDEV_IN_SYSMACROS ZFS_AC_CONFIG_USER_MAKEDEV_IN_MKDEV diff --git a/config/zfs-build.m4 b/config/zfs-build.m4 index 016c0fc09..93bef19ff 100644 --- a/config/zfs-build.m4 +++ b/config/zfs-build.m4 @@ -223,6 +223,7 @@ AC_DEFUN([ZFS_AC_CONFIG], [ [test "x$qatsrc" != x ]) AM_CONDITIONAL([WANT_DEVNAME2DEVID], [test "x$user_libudev" = xyes ]) AM_CONDITIONAL([WANT_MMAP_LIBAIO], [test "x$user_libaio" = xyes ]) + AM_CONDITIONAL([PAM_ZFS_ENABLED], [test "x$enable_pam" = xyes]) ]) dnl # @@ -284,6 +285,7 @@ AC_DEFUN([ZFS_AC_RPM], [ RPM_DEFINE_UTIL+=' $(DEFINE_INITRAMFS)' RPM_DEFINE_UTIL+=' $(DEFINE_SYSTEMD)' RPM_DEFINE_UTIL+=' $(DEFINE_PYZFS)' + RPM_DEFINE_UTIL+=' $(DEFINE_PAM)' RPM_DEFINE_UTIL+=' $(DEFINE_PYTHON_VERSION)' RPM_DEFINE_UTIL+=' $(DEFINE_PYTHON_PKG_VERSION)' |