2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * zfs_key - pam_sm_setcred 2N/A * Entry flags = PAM_ESTABLISH_CRED, load key 2N/A * PAM_DELETE_CRED, unload key 2N/A * PAM_REINITIALIZE_CRED NOOP 2N/A * PAM_REFRESH_CRED NOOP 2N/A * PAM_SILENT, print no messages to user. 2N/A * Returns PAM_SUCCESS, if all successful. 2N/A * PAM_CRED_ERR, if unable to set credentials. 2N/A * PAM_USER_UNKNOWN, if PAM_USER not set, or unable to find 2N/A * user in databases. 2N/A * PAM_SYSTEM_ERR, if no valid flag, or unable to get/set 2N/A * user's audit state. 2N/A "pam_zfs_key invalid configuration 'homes='" 2N/A " can not be empty"));
2N/A "pam_zfs_key unknown option '%s'"),
argv[i]);
2N/A "pam_zfs_key: pam_sm_setcred(flags = %x, argc= %d)",
2N/A "pam_zfs_key: USER NULL or empty!\n");
2N/A /* validate flags */ 2N/A /* set default flag */ 2N/A "pam_zfs_key: invalid flags %x",
flags);
2N/A "Creating home directory with encryption=%s.\n" 2N/A "Your login password will be used as the " 2N/A "passphrase,prompt");
2N/A "creating home directory failed: %s"),
2N/A * Checking keystatus of none means we don't need to 2N/A * check the value of the encryption property since 2N/A * datasets with encryption=off always have an undefined 2N/A "home dir %s for %s has incompatible keysource %s",
2N/A * First try an unmount of pw_dir if it is autofs 2N/A * in case automounter already attempted to 2N/A * mount up the pw_dir. 2N/A "pam_zfs_key strdup failed: %m"));
2N/A "ZFS Key load failed for %s: %s"),
2N/A "ZFS Key load failed for %s: %s"),
2N/A * Don't fail on the unmount just in case the module 2N/A * isn't running with all privs. If this is 2N/A * the automount point it will just end up stale and timeout, 2N/A * if the underlying real home dir does end up unmounted. 2N/A "ZFS Key unload for %s failed: %s "),
2N/A /* Try again to remove the possibly automounted dir */ 2N/A "pam_zfs_key: USER NULL or empty!\n");
2N/A * Checking keystatus for undefined means we don't need to 2N/A * check the value of the encryption property since 2N/A * datasets with encryption=off always have an undefined 2N/A " for %s: old passphrase required"),
2N/A "ZFS Key load failed for %s: %s"),
2N/A * Temporarily switch over euid to ruid so that the kernel 2N/A * side of ZFS checks the 'keychange' delgation of the real user 2N/A * changing their password and it isn't bypassed because 2N/A * passwd(1) is setuid.