3
# Copyright (C) 2011 Dustin Kirkland <kirkland@ubuntu.com>
5
# Authors: Dustin Kirkland <kirkland@ubuntu.com>
7
# This program is free software; you can redistribute it and/or modify
8
# it under the terms of the GNU General Public License as published by
9
# the Free Software Foundation; version 2 of the License.
11
# This program is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
# GNU General Public License for more details.
16
# You should have received a copy of the GNU General Public License
17
# along with this program. If not, see <http://www.gnu.org/licenses/>.
20
echo `gettext "ERROR:"` "$@" 1>&2
21
echo `gettext "ERROR:"` "Configuration invalid" 1>&2
26
echo `gettext "INFO:"` "$@"
32
ecryptfs-verify [-h|--home] [-p|--private] [-e|--filenames-encrypted] [-n|--filenames-not-encrypted] [-u|--user USER] [--help]
34
-h|--home True if HOME is correctly configured for
35
encryption, False otherwise
37
-p|--private True if a non-HOME directory is correctly
38
configured for encryption, False otherwise
40
-e|--filenames-encrypted True if filenames are set for encryption,
43
-n|--filenames-not-encrypted True if filenames are not encrypted,
46
-u|--user USER By default, the current user's configuration
47
is checked, override with this option
49
--help This usage information
51
Note that options are additive. ALL checks must pass in order for this
52
program to exit 0. Any failing check will cause this program to exit
60
local dotecryptfs="$1/.ecryptfs"
61
if [ -d "$dotecryptfs" ]; then
62
info "[$dotecryptfs] exists"
64
error "[$dotecryptfs] does not exist"
70
local sigfile="$1/.ecryptfs/Private.sig"
71
if [ -f "$sigfile" ]; then
72
info "[$sigfile] exists"
74
error "[$sigfile] does not exist"
76
local c=$(wc -l "$sigfile" | awk '{print $1}')
77
if [ "$c" = "1" ] || [ "$c" = "2" ]; then
78
info "[$sigfile] contains [$c] signatures"
80
error "[$sigfile] does not contain exactly 1 or 2 lines"
86
local mountfile="$1/.ecryptfs/Private.mnt"
87
if [ -f "$mountfile" ]; then
88
info "[$mountfile] exists"
90
error "[$mountfile] does not exist"
92
local m=$(cat "$mountfile")
94
info "[$m] is a directory"
96
error "[$m] is not a directory"
103
local automount="$1/.ecryptfs/auto-mount"
104
if [ -f "$automount" ]; then
105
info "[$automount] Automount is set"
107
error "[$home/.ecryptfs/auto-mount] does not exist"
113
local owner=$(stat -c "%U" "$2")
114
if [ "$owner" = "$1" ]; then
115
info "Ownership [$owner] of mount point [$2] is correct"
117
error "Invalid owner [$owner] of mount point [$2]"
123
local mountfile="$home/.ecryptfs/Private.mnt"
124
local m=$(cat "$mountfile")
125
if [ "$m" = "$home" ]; then
126
info "Mount point [$m] is the user's home"
128
error "Mount point [$m] is not the user's home [$home]"
130
owns_mountpoint "$user" "$m"
136
local mountfile="$home/.ecryptfs/Private.mnt"
137
local m=$(cat "$mountfile")
138
if [ "$m" != "$home" ]; then
139
info "Mount point [$m] is not the user's home [$home]"
141
error "Mount point [$m] is the user's home"
144
info "Mount point [$m] is a valid directory"
146
error "[$m] is not a valid mount point"
148
owns_mountpoint "$user" "$m"
152
filenames_encrypted() {
153
local sigfile="$1/.ecryptfs/Private.sig"
154
local c=$(wc -l "$sigfile" | awk '{print $1}')
155
if [ "$c" = "2" ]; then
156
info "Filenames are encrypted"
158
error "Filenames are not encrypted"
163
filenames_not_encrypted() {
164
local sigfile="$1/.ecryptfs/Private.sig"
165
local c=$(wc -l "$sigfile" | awk '{print $1}')
166
if [ "$c" = "1" ]; then
167
info "Filenames are not encrypted"
169
error "Filenames are encrypted"
177
while [ ! -z "$1" ]; do
180
checks="$checks check_home"
184
checks="$checks check_private"
187
-e|--filenames-encrypted)
188
checks="$checks check_filenames_encrypted"
191
-n|--filenames-not-encrypted)
192
checks="$checks check_filenames_not_encrypted"
200
home=$(getent passwd "$user" | awk -F: '{print $6}')
201
if [ ! -d "$home" ]; then
202
error "Invalid home directory [$home] of [$user]"
209
if [ -z "$checks" ]; then
210
error "No checks given"
216
ecryptfs_exists "$home"
217
sigfile_valid "$home"
218
mountfile_valid "$home"
219
automount_true "$home"
220
mount_is_home "$home"
223
ecryptfs_exists "$home"
224
sigfile_valid "$home"
225
mountfile_valid "$home"
226
mount_is_private "$home"
228
check_filenames_encrypted)
229
ecryptfs_exists "$home"
230
sigfile_valid "$home"
231
filenames_encrypted "$home"
233
check_filenames_not_encrypted)
234
ecryptfs_exists "$home"
235
sigfile_valid "$home"
236
filenames_not_encrypted "$home"
239
error "Invalid check [$i]"
244
info "Configuration valid"