Skip to content

Commit f44bdfe

Browse files
felixdoerrefelixdoerre
committed
pam: implement a zfs_key pam module
currently the pam module does: * load a zfs key and mounts the dataset when a session opens * unmounts the dataset and unloads the key when the session closes * when the user is logged on and changes the password, the modules changes the encryption key. Signed-off-by: Felix Dörre <[email protected]> Closes #9886
1 parent 25df8fb commit f44bdfe

File tree

5 files changed

+646
-2
lines changed

5 files changed

+646
-2
lines changed

configure.ac

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ AC_CONFIG_FILES([
9494
contrib/initramfs/hooks/Makefile
9595
contrib/initramfs/scripts/Makefile
9696
contrib/initramfs/scripts/local-top/Makefile
97+
contrib/pam_zfs_key/Makefile
9798
contrib/pyzfs/Makefile
9899
contrib/pyzfs/setup.py
99100
contrib/zcp/Makefile

contrib/Makefile.am

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
SUBDIRS = bash_completion.d bpftrace dracut initramfs pyzfs zcp
2-
DIST_SUBDIRS = bash_completion.d bpftrace dracut initramfs pyzfs zcp
1+
SUBDIRS = bash_completion.d bpftrace dracut initramfs pyzfs pam_zfs_key zcp
2+
DIST_SUBDIRS = bash_completion.d bpftrace dracut initramfs pyzfs pam_zfs_key zcp

contrib/pam_zfs_key/Makefile.am

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
include $(top_srcdir)/config/Rules.am
2+
3+
VPATH = \
4+
$(top_srcdir)/module/icp \
5+
$(top_srcdir)/module/zcommon \
6+
$(top_srcdir)/lib/libzfs
7+
8+
# Suppress unused but set variable warnings often due to ASSERTs
9+
AM_CFLAGS += $(NO_UNUSED_BUT_SET_VARIABLE)
10+
11+
lib_LTLIBRARIES = libpam_zfs_key.la
12+
13+
USER_C = pam_zfs_key.c
14+
15+
libpam_zfs_key_la_SOURCES = \
16+
$(USER_C) \
17+
$(KERNEL_C)
18+
libzfsdir = $(includedir)/libzfs
19+
20+
libpam_zfs_key_la_LIBADD = \
21+
$(top_builddir)/lib/libnvpair/libnvpair.la \
22+
$(top_builddir)/lib/libuutil/libuutil.la \
23+
$(top_builddir)/lib/libzfs/libzfs.la \
24+
$(top_builddir)/lib/libzfs_core/libzfs_core.la
25+
26+
libpam_zfs_key_la_LDFLAGS = -version-info 1:0:0
27+
28+
libpam_zfs_key_la_LIBADD += -lm $(LIBSSL)
29+
30+
EXTRA_DIST = $(USER_C)

contrib/pam_zfs_key/pam-config-zfs_key

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
Name: Unlock zfs datasets for user
2+
Default: yes
3+
Priority: 128
4+
Auth-Type: Additional
5+
Auth:
6+
optional pam_zfs_key.so
7+
Session-Interactive-Only: yes
8+
Session-Type: Additional
9+
Session:
10+
optional pam_zfs_key.so
11+
Password-Type: Additional
12+
Password:
13+
optional pam_zfs_key.so

0 commit comments

Comments
 (0)