#96 crypto-container does not unmount

pam_mount
pending-later
pam_mount (94)
5
2014-09-28
2011-07-20
Anonymous
No

Using pam_mount 2.10 on Gentoo with followinf configuration:
/etc/pam.d/ftp:

account sufficient pam_ldap.so config=/etc/proftpd/ldap.conf

auth required pam_mount.so debug
auth required pam_ldap.so use_first_pass config=/etc/proftpd/ldap.conf

session optional pam_mount.so debug

Container is created using following commands:
losetup -f --show /var/spool/crypto-containers/TEST
cryptsetup luksFormat /dev/loop0
Containter is successfully mouting and dismounting using mount.crypt and umount.crypt

Then when I connect to ftp using information from LDAP all goest well, but when ftp connection is closed container is not unmounted.
In log file I see following:

Jul 20 14:55:35 albatros2 proftpd: pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
Jul 20 14:55:35 albatros2 proftpd: pam_mount(pam_mount.c:553): pam_mount 2.10: entering session stage
Jul 20 14:55:35 albatros2 proftpd: pam_mount(misc.c:38): Session open: (ruid/rgid=0/65533, e=0/0)
Jul 20 14:55:35 albatros2 proftpd: pam_mount(mount.c:214): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
Jul 20 14:55:35 albatros2 proftpd: command: 'mount' '-p0' '-tauto' '/var/spool/crypto-containers/TEST' '/mnt/TEST'
Jul 20 14:55:35 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65533, e=0/0)
Jul 20 14:55:35 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65533, e=0/0)
Jul 20 14:55:35 albatros2 proftpd: pam_mount(mount.c:65): Messages from underlying mount program:
Jul 20 14:55:35 albatros2 proftpd: pam_mount(mount.c:69): mount.crypto_LUKS(mtcrypt.c:165): loop mount option ignored
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 15 1 9:3 / / rw,noatime - ext3 /dev/root rw,errors=continue,data=writeback
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 16 15 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 17 15 0:0 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 18 15 0:15 / /dev rw,nosuid,relatime - tmpfs udev rw,size=10240k,mode=755
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 19 17 0:16 / /sys/fs/fuse/connections rw,relatime - fusectl fusectl rw
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 20 18 0:10 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 21 15 9:5 / /usr rw,noatime - ext3 /dev/md5 rw,errors=continue,data=writeback
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 22 15 9:6 / /tmp rw,noatime - ext3 /dev/md6 rw,errors=continue,data=writeback
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 23 15 9:7 / /var rw,noatime - ext3 /dev/md7 rw,errors=continue,user_xattr,data=writeback
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 24 18 0:17 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 25 17 0:6 / /sys/kernel/debug rw,relatime - debugfs none rw
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 26 17 0:18 / /sys/kernel/config rw,relatime - configfs configfs rw
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 27 23 253:2 / /var/tmp/backup rw,noatime - xfs /dev/mapper/vg--backup--main-BACKUP--MAIN rw,attr2,noquota
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 28 16 0:14 / /proc/bus/usb rw,nosuid,noexec,relatime - usbfs usbfs rw,devgid=85,devmode=664
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:380): 29 15 253:3 / /mnt/TEST rw,relatime - ext2 /dev/mapper/_dev_loop0 rw,errors=continue
Jul 20 14:55:36 albatros2 proftpd: command: 'pmvarrun' '-u' 'TEST' '-o' '1'
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65533, e=0/0)
Jul 20 14:55:36 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65533, e=0/0)
Jul 20 14:55:36 albatros2 proftpd: pam_mount(pam_mount.c:440): pmvarrun says login count is 1
Jul 20 14:55:36 albatros2 proftpd: pam_mount(pam_mount.c:645): done opening session (ret=0)
Jul 20 14:55:46 albatros2 proftpd: pam_mount(pam_mount.c:691): received order to close things
Jul 20 14:55:46 albatros2 proftpd: pam_mount(misc.c:38): Session close: (ruid/rgid=0/65534, e=65534/65534)
Jul 20 14:55:46 albatros2 proftpd: command: 'pmvarrun' '-u' 'TEST' '-o' '-1'
Jul 20 14:55:46 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=65534/65534)
Jul 20 14:55:46 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/65534)
Jul 20 14:55:46 albatros2 proftpd: pam_mount(pam_mount.c:438): error reading login count from pmvarrun
Jul 20 14:55:46 albatros2 proftpd: pam_mount(mount.c:745): going to unmount
Jul 20 14:55:46 albatros2 proftpd: pam_mount(mount.c:643): Could not get realpath of /mnt/TEST: Нет такого файла или каталога
Jul 20 14:55:46 albatros2 proftpd: pam_mount(mount.c:662): getpwnam("TEST") failed: Нет такого файла или каталога
Jul 20 14:55:46 albatros2 proftpd: pam_mount(mount.c:214): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
Jul 20 14:55:46 albatros2 proftpd: command: 'umount' '/mnt/TEST'
Jul 20 14:55:46 albatros2 proftpd: pam_mount(mount.c:54): error opening file: Неправильный дескриптор файла
Jul 20 14:55:46 albatros2 proftpd: pam_mount(pam_mount.c:728): pam_mount execution complete
Jul 20 14:55:46 albatros2 proftpd: pam_mount(pam_mount.c:115): Clean global config (0)
Jul 20 14:55:46 albatros2 proftpd: pam_mount(pam_mount.c:132): clean system authtok=0x74a830 (0)

Any ideas?

btw: when unmounting using umount.crypt loop-device is not destroyed.

albatros2 ~ # mount
/dev/md3 on / type ext3 (rw,noatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
udev on /dev type tmpfs (rw,nosuid,relatime,size=10240k,mode=755)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620)
/dev/md5 on /usr type ext3 (rw,noatime)
/dev/md6 on /tmp type ext3 (rw,noatime)
/dev/md7 on /var type ext3 (rw,noatime,user_xattr)
shm on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
configfs on /sys/kernel/config type configfs (rw)
/dev/mapper/vg--backup--main-BACKUP--MAIN on /var/tmp/backup type xfs (rw,noatime)
usbfs on /proc/bus/usb type usbfs (rw,noexec,nosuid,devmode=0664,devgid=85)
/dev/loop0 on /mnt/TEST type crypt (rw)
albatros2 ~ # umount.crypt /mnt/TEST
albatros2 ~ # mount
/dev/md3 on / type ext3 (rw,noatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
udev on /dev type tmpfs (rw,nosuid,relatime,size=10240k,mode=755)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620)
/dev/md5 on /usr type ext3 (rw,noatime)
/dev/md6 on /tmp type ext3 (rw,noatime)
/dev/md7 on /var type ext3 (rw,noatime,user_xattr)
shm on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
configfs on /sys/kernel/config type configfs (rw)
/dev/mapper/vg--backup--main-BACKUP--MAIN on /var/tmp/backup type xfs (rw,noatime)
usbfs on /proc/bus/usb type usbfs (rw,noexec,nosuid,devmode=0664,devgid=85)
albatros2 ~ # losetup -a
/dev/loop0: [0907]:417110 (/var/spool/crypto-containers/TEST)
albatros2 ~ #

Discussion

  • Jan Engelhardt
    Jan Engelhardt
    2011-07-20

    I suspect this is due to the ftpd doing a chroot, which is why you see all the "Нет такого файла" (No such file) - /usr/sbin/pmvarrun, /mnt/TEST and /bin/umount simply do not exist inside the chroot. pam_mount 2.10 is not able to deal with chroots, but there are plans underway to support this.

     
  • Jan Engelhardt
    Jan Engelhardt
    2011-07-20

    • status: open --> open-accepted
     

  • Anonymous
    2011-07-20

    Ok. After removing
    DefaultRoot ~ !wheel
    from proftpd.conf file all mounts/unmounts well.

    But loop device is still not deleted after unmounting. So on 2nd connect I have two loop devices and so on. (also in debug mode there are warning about mission ofl command).
    On 1st connect:
    albatros2 ~ # losetup -a
    /dev/loop0: [0907]:417110 (/var/spool/crypto-containers/TEST)
    On 2nd connect:
    albatros2 ~ # losetup -a
    /dev/loop0: [0907]:417110 (/var/spool/crypto-containers/TEST)
    /dev/loop1: [0907]:417110 (/var/spool/crypto-containers/TEST)

    pam_mount(pam_mount.c:691): received order to close things
    pam_mount(misc.c:38): Session close: (ruid/rgid=0/65534, e=0/0)
    command: 'pmvarrun' '-u' 'TEST' '-o' '-1'
    pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    pmvarrun(pmvarrun.c:248): parsed count value 1
    pam_mount(pam_mount.c:440): pmvarrun says login count is 0
    pam_mount(mount.c:745): going to unmount
    pam_mount(mount.c:214): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
    command: 'ofl' '-k0' '/mnt/TEST'
    HXproc_run_async: ofl: Нет такого файла или каталога
    command: 'umount' '/mnt/TEST'
    pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(pam_mount.c:728): pam_mount execution complete
    pam_mount(pam_mount.c:115): Clean global config (0)
    pam_mount(pam_mount.c:132): clean system authtok=0x74ac50 (0)

     
    Last edit: Anonymous 2013-11-26
  • Jan Engelhardt
    Jan Engelhardt
    2011-07-21

    • status: open-accepted --> pending-accepted
     
  • Jan Engelhardt
    Jan Engelhardt
    2011-07-21

    Can you try adding commit ab5f6366c2597fb89b0905a29e344403b67fe14d patch to your ebuild and see what it is that pmt_loop_release returns.

     

  • Anonymous
    2011-07-25

    • status: pending-accepted --> open-accepted
     

  • Anonymous
    2011-07-25

    Appended patch to ebuild (http://code.google.com/p/barzog-gentoo-overlay/source/browse/#svn%2Ftrunk%2Fsys-auth%2Fpam_mount). Patch applies ok:
    >>> Emerging (1 of 1) sys-auth/pam_mount-2.10-r1 from barzog-overlay
    * pam_mount-2.10.tar.xz RMD160 SHA1 SHA256 size ;-) ... [ ok ]
    * Package: sys-auth/pam_mount-2.10-r1
    * Repository: barzog-overlay
    * Maintainer: hanno@gentoo.org mattst88@gentoo.org
    * USE: amd64 crypt elibc_glibc kernel_linux ssl userland_GNU
    * FEATURES: ccache sandbox
    >>> Unpacking source...
    >>> Unpacking pam_mount-2.10.tar.xz to /var/tmp/portage/sys-auth/pam_mount-2.10-r1/work
    >>> Source unpacked in /var/tmp/portage/sys-auth/pam_mount-2.10-r1/work
    >>> Preparing source in /var/tmp/portage/sys-auth/pam_mount-2.10-r1/work/pam_mount-2.10 ...
    * Applying pam_mount-2.10-crypto-dmc.diff ... [ ok ]

    From command-line:
    albatros2 ~ # mount.crypt /var/spool/crypto-containers/TEST /mnt/TEST
    Password:
    albatros2 ~ # mount
    /var/spool/crypto-containers/TEST on /mnt/TEST type crypt (defaults)
    albatros2 ~ # losetup -a
    /dev/loop0: [0907]:417110 (/var/spool/crypto-containers/TEST)
    albatros2 ~ # umount.crypt /var/spool/crypto-containers/TEST
    albatros2 ~ # losetup -a
    albatros2 ~ #

    Here's seems ok.

    From proftpd through pam_mount no changes and no new log.
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(pam_mount.c:553): pam_mount 2.10: entering session stage
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(misc.c:38): Session open: (ruid/rgid=0/65533, e=0/0)
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(mount.c:214): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
    Jul 25 12:17:53 albatros2 proftpd: command: 'mount' '-p0' '-tauto' '/var/spool/crypto-containers/TEST' '/mnt/TEST'
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65533, e=0/0)
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65533, e=0/0)
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(mount.c:65): Messages from underlying mount program:
    Jul 25 12:17:53 albatros2 proftpd: pam_mount(mount.c:69): mount.crypto_LUKS(mtcrypt.c:165): loop mount option ignored
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 15 1 9:3 / / rw,noatime - ext3 /dev/root rw,errors=continue,data=writeback
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 16 15 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 17 15 0:0 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 18 15 0:15 / /dev rw,nosuid,relatime - tmpfs udev rw,size=10240k,mode=755
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 19 17 0:16 / /sys/fs/fuse/connections rw,relatime - fusectl fusectl rw
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 20 18 0:10 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 21 15 9:5 / /usr rw,noatime - ext3 /dev/md5 rw,errors=continue,data=writeback
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 22 15 9:6 / /tmp rw,noatime - ext3 /dev/md6 rw,errors=continue,data=writeback
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 23 15 9:7 / /var rw,noatime - ext3 /dev/md7 rw,errors=continue,user_xattr,data=writeback
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 24 18 0:17 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 25 17 0:6 / /sys/kernel/debug rw,relatime - debugfs none rw
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 26 17 0:18 / /sys/kernel/config rw,relatime - configfs configfs rw
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 27 23 253:2 / /var/tmp/backup rw,noatime - xfs /dev/mapper/vg--backup--main-BACKUP--MAIN rw,attr2,noquota
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 28 16 0:14 / /proc/bus/usb rw,nosuid,noexec,relatime - usbfs usbfs rw,devgid=85,devmode=664
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:380): 29 15 253:3 / /mnt/TEST rw,relatime - ext2 /dev/mapper/_dev_loop0 rw,errors=continue
    Jul 25 12:17:54 albatros2 proftpd: command: 'pmvarrun' '-u' 'TEST' '-o' '1'
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65533, e=0/0)
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65533, e=0/0)
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(pam_mount.c:440): pmvarrun says login count is 1
    Jul 25 12:17:54 albatros2 proftpd: pam_mount(pam_mount.c:645): done opening session (ret=0)
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(pam_mount.c:691): received order to close things
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(misc.c:38): Session close: (ruid/rgid=0/65534, e=0/0)
    Jul 25 12:17:57 albatros2 proftpd: command: 'pmvarrun' '-u' 'TEST' '-o' '-1'
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(pam_mount.c:440): pmvarrun says login count is 0
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(mount.c:745): going to unmount
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(mount.c:214): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
    Jul 25 12:17:57 albatros2 proftpd: command: 'ofl' '-k0' '/mnt/TEST'
    Jul 25 12:17:57 albatros2 proftpd: command: 'umount' '/mnt/TEST'
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(pam_mount.c:728): pam_mount execution complete
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(pam_mount.c:115): Clean global config (0)
    Jul 25 12:17:57 albatros2 proftpd: pam_mount(pam_mount.c:132): clean system authtok=0x751880 (0)

    pam_mount(pam_mount.c:691): received order to close things
    pam_mount(misc.c:38): Session close: (ruid/rgid=0/65534, e=0/0)
    command: 'pmvarrun' '-u' 'TEST' '-o' '-1'
    pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    pmvarrun(pmvarrun.c:248): parsed count value 1
    pam_mount(pam_mount.c:440): pmvarrun says login count is 0
    pam_mount(mount.c:745): going to unmount
    pam_mount(mount.c:214): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
    command: 'ofl' '-k0' '/mnt/TEST'
    HXproc_run_async: ofl: Нет такого файла или каталога
    command: 'umount' '/mnt/TEST'
    pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(pam_mount.c:728): pam_mount execution complete
    pam_mount(pam_mount.c:115): Clean global config (0)
    pam_mount(pam_mount.c:132): clean system authtok=0x751880 (0)
    172.16.2.55 (172.17.0.39[172.17.0.39]) - RELINQUISH PRIVS at mod_auth_pam.c:207
    172.16.2.55 (172.17.0.39[172.17.0.39]) - FTP session closed.

     

  • Anonymous
    2011-08-31

    With 2.11 nothing changes:
    from debug log of proftpd:

    172.16.2.55 (172.17.0.39[172.17.0.39]) - ROOT PRIVS at mod_auth_pam.c:173
    pam_mount(pam_mount.c:691): received order to close things
    pam_mount(misc.c:38): Session close: (ruid/rgid=0/65534, e=0/0)
    command: 'pmvarrun' '-u' 'TEST' '-o' '-1'
    pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    pmvarrun(pmvarrun.c:248): parsed count value 1
    pam_mount(pam_mount.c:440): pmvarrun says login count is 0
    pam_mount(mount.c:765): going to unmount
    pam_mount(mount.c:226): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
    command: 'ofl' '-k0' '/mnt/TEST'
    HXproc_run_async: ofl: Нет такого файла или каталога
    command: 'umount' '/mnt/TEST'
    pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    pam_mount(pam_mount.c:728): pam_mount execution complete
    pam_mount(pam_mount.c:115): Clean global config (0)
    pam_mount(pam_mount.c:132): clean system authtok=0x751a50 (0)
    172.16.2.55 (172.17.0.39[172.17.0.39]) - RELINQUISH PRIVS at mod_auth_pam.c:207
    172.16.2.55 (172.17.0.39[172.17.0.39]) - FTP session closed.

    albatros2 ~ # losetup -a
    /dev/loop0: [0907]:417110 (/var/spool/crypto-containers/TEST)

     
  • Jan Engelhardt
    Jan Engelhardt
    2011-08-31

    When the loop device is still active, is the crypto device also still there?

     

  • Anonymous
    2011-09-13

    No, only loop device.

    When connected:

    albatros2 ~ # losetup -a
    /dev/loop0: [0907]:417110 (/var/spool/crypto-containers/TEST)
    albatros2 ~ # mount
    /dev/mapper/_dev_loop0 on /mnt/TEST type ext2 (rw)
    /dev/loop0 on /mnt/TEST type crypt (rw)

    after disconnecting:
    mount is empty (also no symlink in /dev/mapper)

    albatros2 ~ # losetup -a
    /dev/loop0: [0907]:417110 (/var/spool/crypto-containers/TEST)

     
    Last edit: Anonymous 2014-09-07

  • Anonymous
    2011-10-18

    With 2.12 no changes:(

    Oct 18 15:25:34 albatros2 proftpd: pam_mount(pam_mount.c:691): received order to close things
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(misc.c:38): Session close: (ruid/rgid=0/65534, e=0/0)
    Oct 18 15:25:34 albatros2 proftpd: command: 'pmvarrun' '-u' 'TEST' '-o' '-1'
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(pam_mount.c:440): pmvarrun says login count is 0
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(mount.c:765): going to unmount
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(mount.c:226): Mount info: globalconf, user=TEST <volume fstype="auto" server="(null)" path="/var/spool/crypto-containers/TEST" mountpoint="/mnt/TEST" cipher="aes-cbc-essiv:sha256" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
    Oct 18 15:25:34 albatros2 proftpd: command: 'ofl' '-k0' '/mnt/TEST'
    Oct 18 15:25:34 albatros2 proftpd: command: 'umount' '/mnt/TEST'
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<pre>: (ruid/rgid=0/65534, e=0/0)
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(misc.c:38): set_myuid<post>: (ruid/rgid=0/65534, e=0/0)
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(pam_mount.c:728): pam_mount execution complete
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(pam_mount.c:115): Clean global config (0)
    Oct 18 15:25:34 albatros2 proftpd: pam_mount(pam_mount.c:132): clean system authtok=0x74ca90 (0)

     
  • Jan Engelhardt
    Jan Engelhardt
    2011-10-19

    In 2.12 (commit 2f8daad6ee71bade802f78e5072410e46bfd74c1), umount.crypt is directly called. This is not happening in your case. Maybe because you have an undefined umount line in pam_mount.conf.xml.

     

  • Anonymous
    2011-10-29

    Hmm. Yes, in pam_mount.conf.xml unmount and cryptunmount is undefined.
    According to pam_mount.conf manpage:

    <umount>umount %(MNTPT)</umount>
    Unless there is a dedicated umount program for a given filesystem type, the regular umount program will be used.

    Linux supports lazy unmounting using `/sbin/umount -l`. This may be dangerous for encrypted volumes because the underly-
    ing device is not unmapped. Loopback devices are also affected by this (not being unmapped when files are still open).
    Also, unmount on SMB volumes needs to be called on %(MNTPT) and not %(VOLUME).

    which one unmount and cryptunmount lines should I use for typical LUKS cryptocontainer?

    My pam_mount.conf.xml follows:
    <?xml version="1.0" encoding="utf-8" ?>
    <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
    <pam_mount>
    <debug enable="2" />
    <volume path="/var/spool/crypto-containers/%(USER)" mountpoint="~" cipher="aes-cbc-essiv:sha256" />
    <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
    <mntoptions require="nosuid,nodev" />
    <!-- requires ofl from hxtools to be present -->
    <logout wait="0" hup="0" term="0" kill="0" />
    <mkmountpoint enable="1" remove="true" />
    </pam_mount>

     
  • Jan Engelhardt
    Jan Engelhardt
    2011-10-29

    You should not normally use any of the program-defining tags (like <umount>, etc.).

     

  • Anonymous
    2011-11-23

    Hmm. I completely lost.
    In one message you say:
    "Maybe because you have an undefined umount line in pam_mount.conf.xml."
    In another:
    "You should not normally use any of the program-defining tags (like
    <umount>, etc.)."
    What should I do and what my attached pam_mount.conf.xml should looks like?

     
  • Jan Engelhardt
    Jan Engelhardt
    2011-11-24

    • milestone: --> pam_mount
     
  • Jan Engelhardt
    Jan Engelhardt
    2011-11-24

    The conf.xml looks ok, but there are no new ideas. I guess the point is reached where forth-and-back via support requests is not going to work.

     

  • Anonymous
    2011-11-25

    I can give you remote ssh shell if it helps.
    Pls Reach me via barzog at telecom.by

     
  • Jan Engelhardt
    Jan Engelhardt
    2012-01-18

    Mail was sent on 25 Nov 2011 already, but no response since then.

     
  • Jan Engelhardt
    Jan Engelhardt
    2012-01-18

    • status: open-accepted --> pending-later