~ecryptfs/ecryptfs/trunk

« back to all changes in this revision

Viewing changes to src/utils/ecryptfs-recover-private

Committer: Dustin Kirkland
Date: 2016-02-27 00:00:23 UTC
Revision ID: kirkland@ubuntu.com-20160227000023-h0e4oui5y1vbaurd

opening 112

files added:
CONTRIBUTING

autogen.sh

debian/ecryptfs-utils.lintian-overrides

debian/libecryptfs1.install

debian/libecryptfs1.links

debian/libecryptfs1.shlibs

debian/python-ecryptfs.install

debian/source/options

doc/manpage/ecryptfs-find.1

doc/manpage/ecryptfs-migrate-home.8

doc/manpage/ecryptfs-verify.1

img/COPYING

img/eCryptfs-badger-full-body.png

img/eCryptfs-badger-icon.png

img/eCryptfs-logo-final.png

img/eCryptfs-logos+palette.pdf

img/ecryptfs_14.png

img/ecryptfs_192.png

img/ecryptfs_64.png

img/old

img/old/ecryptfs_14.png

img/old/ecryptfs_192.png

img/old/ecryptfs_64.png

src/utils/ecryptfs-find

src/utils/ecryptfs-verify

tests

tests/Makefile.am

tests/README

tests/kernel

tests/kernel/Makefile.am

tests/kernel/directory-concurrent

tests/kernel/directory-concurrent.sh

tests/kernel/directory-concurrent/test.c

tests/kernel/enospc

tests/kernel/enospc.sh

tests/kernel/enospc/test.c

tests/kernel/extend-file-random

tests/kernel/extend-file-random.sh

tests/kernel/extend-file-random/test.c

tests/kernel/file-concurrent

tests/kernel/file-concurrent.sh

tests/kernel/file-concurrent/test.c

tests/kernel/inode-race-stat

tests/kernel/inode-race-stat.sh

tests/kernel/inode-race-stat/test.c

tests/kernel/inotify

tests/kernel/inotify.sh

tests/kernel/inotify/test.c

tests/kernel/link.sh

tests/kernel/llseek

tests/kernel/llseek.sh

tests/kernel/lp-1009207.sh

tests/kernel/lp-469664.sh

tests/kernel/lp-509180

tests/kernel/lp-509180.sh

tests/kernel/lp-509180/test.c

tests/kernel/lp-524919

tests/kernel/lp-524919.sh

tests/kernel/lp-524919/test.c

tests/kernel/lp-561129.sh

tests/kernel/lp-613873.sh

tests/kernel/lp-745836.sh

tests/kernel/lp-870326

tests/kernel/lp-870326.sh

tests/kernel/lp-870326/test.c

tests/kernel/lp-872905.sh

tests/kernel/lp-885744.sh

tests/kernel/lp-911507.sh

tests/kernel/lp-926292.sh

tests/kernel/lp-994247

tests/kernel/lp-994247.sh

tests/kernel/lp-994247/test.c

tests/kernel/miscdev-bad-count

tests/kernel/miscdev-bad-count.sh

tests/kernel/miscdev-bad-count/test.c

tests/kernel/mknod.sh

tests/kernel/mmap-bmap

tests/kernel/mmap-bmap.sh

tests/kernel/mmap-bmap/test.c

tests/kernel/mmap-close

tests/kernel/mmap-close.sh

tests/kernel/mmap-close/test.c

tests/kernel/mmap-dir

tests/kernel/mmap-dir.sh

tests/kernel/mmap-dir/test.c

tests/kernel/namelen.sh

tests/kernel/read-dir

tests/kernel/read-dir.sh

tests/kernel/read-dir/test.c

tests/kernel/setattr-flush-dirty.sh

tests/kernel/tests.rc

tests/kernel/trunc-file

tests/kernel/trunc-file.sh

tests/kernel/trunc-file/test.c

tests/kernel/xattr

tests/kernel/xattr.sh

tests/kernel/xattr/test.c

tests/lib

tests/lib/Makefile.am

tests/lib/etl_add_passphrase_key_to_keyring.c

tests/lib/etl_funcs.sh

tests/new.sh

tests/run_tests.sh

tests/userspace

tests/userspace/Makefile.am

tests/userspace/lfs

tests/userspace/lfs.sh

tests/userspace/lfs/test.c

tests/userspace/tests.rc

tests/userspace/v1-to-v2-wrapped-passphrase

tests/userspace/v1-to-v2-wrapped-passphrase.sh

tests/userspace/v1-to-v2-wrapped-passphrase/test.c

tests/userspace/v1-to-v2-wrapped-passphrase/wp01

tests/userspace/v1-to-v2-wrapped-passphrase/wp02

tests/userspace/v1-to-v2-wrapped-passphrase/wp03

tests/userspace/v1-to-v2-wrapped-passphrase/wp04

tests/userspace/v1-to-v2-wrapped-passphrase/wp05

tests/userspace/verify-passphrase-sig

tests/userspace/verify-passphrase-sig.sh

tests/userspace/verify-passphrase-sig/test.c

tests/userspace/wrap-unwrap

tests/userspace/wrap-unwrap.sh

files removed:
debian/ecryptfs-utils.ecryptfs-utils-restore.upstart

debian/ecryptfs-utils.ecryptfs-utils-save.upstart

debian/libecryptfs0.install

debian/libecryptfs0.links

debian/libecryptfs0.shlibs

debian/lintian

debian/lintian/ecryptfs-utils

doc/ecryptfs-pam-doc.txt

doc/manpage/fr

doc/manpage/fr/ecryptfs-add-passphrase.1

doc/manpage/fr/ecryptfs-generate-tpm-key.1

doc/manpage/fr/ecryptfs-insert-wrapped-passphrase-into-keyring.1

doc/manpage/fr/ecryptfs-mount-private.1

doc/manpage/fr/ecryptfs-rewrap-passphrase.1

doc/manpage/fr/ecryptfs-setup-private.1

doc/manpage/fr/ecryptfs-umount-private.1

doc/manpage/fr/ecryptfs-unwrap-passphrase.1

doc/manpage/fr/ecryptfs-wrap-passphrase.1

doc/manpage/fr/ecryptfs-zombie-kill.1

doc/manpage/fr/ecryptfs-zombie-list.1

doc/sourceforge_webpage

doc/sourceforge_webpage/README

doc/sourceforge_webpage/ecryptfs-article.pdf

doc/sourceforge_webpage/ecryptfs-faq.html

doc/sourceforge_webpage/ecryptfs-key-diagram-356.png

doc/sourceforge_webpage/ecryptfs-key-diagram-640.png

doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png

doc/sourceforge_webpage/ecryptfs-pam-doc.txt

doc/sourceforge_webpage/ecryptfs.pdf

doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf

doc/sourceforge_webpage/index.html

lintian/ecryptfs-utils

src/escrow

src/escrow/escrow-passphrase.py

src/escrow/key-escrow-server

src/escrow/retrieve-passphrase.py

src/jprobes

src/jprobes/Makefile

src/jprobes/capture_lower_ops.c

src/jprobes/ecryptfs_kernel.h

src/jprobes/jprobe-create.c

src/jprobes/jprobe-mount.c

src/jprobes/jprobe-release.c

src/jprobes/test-jprobe.c

src/libecryptfs/cipher_list.c

src/libecryptfs/netlink.c

src/testcases

src/testcases/README

src/testcases/directio.c

src/testcases/ecryptfs-noninteractive-tests.sh

src/testcases/filename-encryption.c

src/testcases/mkdir_rmdir.c

src/testcases/multi-key-tests.py

src/testcases/noninteractive.sh

src/testcases/open_close.c

src/testcases/runtests.wrk

src/testcases/stat_symlink.c

src/testcases/test-ecryptfs.py

src/testcases/test-procfs.c

src/testcases/tests.init

src/testcases/time-tmp.sh

src/testcases/truncate.c

src/testcases/truncate_no_open.c

src/testcases/zombie.c

files renamed:
src/testcases/llseek.c => tests/kernel/llseek/test.c

src/testcases/wrap_unwrap.c => tests/userspace/wrap-unwrap/test.c

files modified:
Makefile.am

README

THANKS

configure.ac

debian/changelog

debian/compat

debian/control

debian/copyright

debian/ecryptfs-utils.install

debian/ecryptfs-utils.postinst

debian/ecryptfs-utils.prerm

debian/libecryptfs-dev.install

debian/rules

doc/Makefile.am

doc/beginners_guide/ecryptfs_beginners_guide.tex

doc/design_doc/ecryptfs_design_doc_v0_1.tex

doc/design_doc/ecryptfs_design_doc_v0_2.tex

doc/ecryptfs-faq.html

doc/ecryptfs-pkcs11-helper-doc.txt

doc/manpage/Makefile.am

doc/manpage/ecryptfs-add-passphrase.1

doc/manpage/ecryptfs-generate-tpm-key.1

doc/manpage/ecryptfs-insert-wrapped-passphrase-into-keyring.1

doc/manpage/ecryptfs-manager.8

doc/manpage/ecryptfs-mount-private.1

doc/manpage/ecryptfs-recover-private.1

doc/manpage/ecryptfs-rewrap-passphrase.1

doc/manpage/ecryptfs-rewrite-file.1

doc/manpage/ecryptfs-setup-private.1

doc/manpage/ecryptfs-setup-swap.1

doc/manpage/ecryptfs-stat.1

doc/manpage/ecryptfs-umount-private.1

doc/manpage/ecryptfs-unwrap-passphrase.1

doc/manpage/ecryptfs-wrap-passphrase.1

doc/manpage/ecryptfs.7

doc/manpage/ecryptfsd.8

doc/manpage/mount.ecryptfs.8

doc/manpage/mount.ecryptfs_private.1

doc/manpage/pam_ecryptfs.8

doc/manpage/umount.ecryptfs.8

doc/manpage/umount.ecryptfs_private.1

m4/ac_python_devel.m4

rpm/ecryptfs-utils.spec

scripts/build-ubuntu.sh

scripts/delete-cruft.sh

scripts/release.sh

src/daemon/main.c

src/desktop/ecryptfs-mount-private.desktop.in *

src/desktop/ecryptfs-record-passphrase

src/desktop/ecryptfs-setup-private.desktop.in *

src/include/ecryptfs.h

src/key_mod/ecryptfs_key_mod_gpg.c

src/key_mod/ecryptfs_key_mod_openssl.c

src/key_mod/ecryptfs_key_mod_passphrase.c

src/key_mod/ecryptfs_key_mod_pkcs11_helper.c

src/key_mod/ecryptfs_key_mod_tspi.c

src/libecryptfs/Makefile.am

src/libecryptfs/cmd_ln_parser.c

src/libecryptfs/decision_graph.c

src/libecryptfs/ecryptfs-stat.c

src/libecryptfs/key_management.c

src/libecryptfs/key_mod.c

src/libecryptfs/main.c

src/libecryptfs/messaging.c

src/libecryptfs/miscdev.c

src/libecryptfs/module_mgr.c

src/libecryptfs/packets.c

src/libecryptfs/sysfs.c

src/pam_ecryptfs/pam_ecryptfs.c

src/utils/Makefile.am

src/utils/ecryptfs-migrate-home *

src/utils/ecryptfs-mount-private

src/utils/ecryptfs-recover-private

src/utils/ecryptfs-rewrite-file

src/utils/ecryptfs-setup-private

src/utils/ecryptfs-setup-swap

src/utils/ecryptfs-umount-private

src/utils/ecryptfs_add_passphrase.c

src/utils/ecryptfs_generate_tpm_key.c

src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c

src/utils/ecryptfs_rewrap_passphrase.c

src/utils/ecryptfs_unwrap_passphrase.c

src/utils/ecryptfs_wrap_passphrase.c

src/utils/gen_key.c

src/utils/io.c

src/utils/io.h

src/utils/manager.c

src/utils/mount.ecryptfs.c

src/utils/mount.ecryptfs_private.c

src/utils/plaintext_decision_graph.c

src/utils/test.c

src/utils/umount.ecryptfs.c

Show diffs side-by-side

added added

removed removed

src/utils/ecryptfs-recover-private

# ecryptfs-recover-private

# Authors: Dustin Kirkland <kirkland@canonical.com>

# Authors: Dustin Kirkland <kirkland@ubuntu.com>

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

[ "$(id -u)" = "0" ] || error "This program must be run as root."

# Handle parameters

opts="ro"

if [ "$1" = "--rw" ]; then

opts="rw"

shift

if [ -d "$1" ]; then

# Allow for target directories on the command line

dirs="$@"

# Determine if filename encryption is on

ls "$d/ECRYPTFS_FNEK_ENCRYPTED"* >/dev/null 2>&1 && fnek="--fnek" || fnek=

if [ -f "$d/../.ecryptfs/wrapped-passphrase" ]; then

# Use the wrapped-passphrase, if available

info "Enter your LOGIN passphrase..."

ecryptfs-insert-wrapped-passphrase-into-keyring "$d/../.ecryptfs/wrapped-passphrase"

sigs=$(sed -e "s/[^0-9a-f]//g" "$d/../.ecryptfs/Private.sig")

info "Found your wrapped-passphrase"

echo -n "Do you know your LOGIN passphrase? [Y/n] "

lpw=$(head -n1)

case "$lpw" in

y|Y|"")

# Use the wrapped-passphrase, if available

info "Enter your LOGIN passphrase..."

ecryptfs-insert-wrapped-passphrase-into-keyring "$d/../.ecryptfs/wrapped-passphrase"

sigs=$(sed -e "s/[^0-9a-f]//g" "$d/../.ecryptfs/Private.sig")

use_mount_passphrase=0

;;

use_mount_passphrase=1

;;

esac

else

# Fall back to mount passphrase

echo

info "Could not find your wrapped passphrase file."

use_mount_passphrase=1

if [ "$use_mount_passphrase" = "1" ]; then

info "To recover this directory, you MUST have your original MOUNT passphrase."

info "When you first setup your encrypted private directory, you were told to record"

info "your MOUNT passphrase."

101

102

mount_sig=$(echo "$sigs" | head -n1)

103

fnek_sig=

mount_opts="ro,ecryptfs_sig=$mount_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16"

104

mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16"

105

;;

106

107

mount_sig=$(echo "$sigs" | head -n1)

108

fnek_sig=$(echo "$sigs" | tail -n1)

mount_opts="ro,ecryptfs_sig=$mount_sig,ecryptfs_fnek_sig=$fnek_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16"

109

mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_fnek_sig=$fnek_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16"

110

;;

111

112

continue

115

(keyctl list @u | grep -qs "$mount_sig") || error "The key required to access this private data is not available."

116

(keyctl list @u | grep -qs "$fnek_sig") || error "The key required to access this private data is not available."

117

tmpdir=$(mktemp -d /tmp/ecryptfs.XXXXXXXX)

mount -i -t ecryptfs -o "$mount_opts" "$d" "$tmpdir"

info "Success! Private data mounted read-only at [$tmpdir]."

118

if mount -i -t ecryptfs -o "$mount_opts" "$d" "$tmpdir"; then

119

info "Success! Private data mounted at [$tmpdir]."

120

else

121

error "Failed to mount private data at [$tmpdir]."

122

100

123

done

Older »