~ubuntu-branches/ubuntu/raring/ecryptfs-utils/raring

Viewing changes to src/utils/ecryptfs-verify

Committer: Package Import Robot
Author(s): Dustin Kirkland
Date: 2011-10-27 10:55:04 UTC
mfrom: (1.1.38)
Revision ID: package-import@ubuntu.com-20111027105504-0e0sxt3m6mvcrs82

Tags: 93-0ubuntu1

* src/utils/ecryptfs-verify, src/utils/Makefile.am:
  - add an ecryptfs-verify utility, LP: #845738
* src/testcases/write-read.sh:
  - added a write/read test utility
* doc/manpage/ecryptfs-mount-private.1, doc/manpage/ecryptfs-setup-
  private.1, doc/manpage/mount.ecryptfs_private.1,
  doc/manpage/umount.ecryptfs_private.1: LP: #882267
  - remove inaccurate documentation about being a member of the ecryptfs
    group
* src/utils/ecryptfs-setup-private: LP: #882314
  - fix preseeded encrypted home Ubuntu installations (thanks Timo!)
* oneiric

Show diffs side-by-side

added added

removed removed

src/utils/ecryptfs-verify

#!/bin/sh -e

# ecryptfs-verify

# Authors: Dustin Kirkland <kirkland@ubuntu.com>

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; version 2 of the License.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

error() {

echo `gettext "ERROR:"` "$@" 1>&2

echo `gettext "ERROR:"` "Configuration invalid" 1>&2

exit 1

}

info() {

echo `gettext "INFO:"` "$@"

}

usage() {

echo "

Usage:

-h|--home True if HOME is correctly configured for

encryption, False otherwise

-p|--private True if a non-HOME directory is correctly

configured for encryption, False otherwise

-e|--filenames-encrypted True if filenames are set for encryption,

False otherwise

-n|--filenames-not-encrypted True if filenames are not encrypted,

False otherwise

-u|--user USER By default, the current user's configuration

is checked, override with this option

--help This usage information

Note that options are additive. ALL checks must pass in order for this

program to exit 0. Any failing check will cause this program to exit

non-zero.

return 1

}

ecryptfs_exists() {

local dotecryptfs="$1/.ecryptfs"

if [ -d "$dotecryptfs" ]; then

info "[$dotecryptfs] exists"

else

error "[$dotecryptfs] does not exist"

return 0

}

sigfile_valid() {

local sigfile="$1/.ecryptfs/Private.sig"

if [ -f "$sigfile" ]; then

info "[$sigfile] exists"

else

error "[$sigfile] does not exist"

local c=$(wc -l "$sigfile" | awk '{print $1}')

if [ "$c" = "1" ] || [ "$c" = "2" ]; then

info "[$sigfile] contains [$c] signatures"

else

error "[$sigfile] does not contain exactly 1 or 2 lines"

return 0

}

mountfile_valid() {

local mountfile="$1/.ecryptfs/Private.mnt"

if [ -f "$mountfile" ]; then

info "[$mountfile] exists"

else

error "[$mountfile] does not exist"

local m=$(cat "$mountfile")

if [ -d "$m" ]; then

info "[$m] is a directory"

else

error "[$m] is not a directory"

return 0

}

100

101

automount_true() {

102

local home="$1"

103

local automount="$1/.ecryptfs/auto-mount"

104

if [ -f "$automount" ]; then

105

info "[$automount] Automount is set"

106

else

107

error "[$home/.ecryptfs/auto-mount] does not exist"

108

109

return 0

110

}

111

112

owns_mountpoint() {

113

local owner=$(stat -c "%U" "$2")

114

if [ "$owner" = "$1" ]; then

115

info "Ownership [$owner] of mount point [$2] is correct"

116

else

117

error "Invalid owner [$owner] of mount point [$2]"

118

119

}

120

121

mount_is_home() {

122

local home="$1"

123

local mountfile="$home/.ecryptfs/Private.mnt"

124

local m=$(cat "$mountfile")

125

if [ "$m" = "$home" ]; then

126

info "Mount point [$m] is the user's home"

127

else

128

error "Mount point [$m] is not the user's home [$home]"

129

130

owns_mountpoint "$user" "$m"

131

return 0

132

}

133

134

mount_is_private() {

135

local home="$1"

136

local mountfile="$home/.ecryptfs/Private.mnt"

137

local m=$(cat "$mountfile")

138

if [ "$m" != "$home" ]; then

139

info "Mount point [$m] is not the user's home [$home]"

140

else

141

error "Mount point [$m] is the user's home"

142

143

if [ -d "$m" ]; then

144

info "Mount point [$m] is a valid directory"

145

else

146

error "[$m] is not a valid mount point"

147

148

owns_mountpoint "$user" "$m"

149

return 0

150

}

151

152

filenames_encrypted() {

153

local sigfile="$1/.ecryptfs/Private.sig"

154

local c=$(wc -l "$sigfile" | awk '{print $1}')

155

if [ "$c" = "2" ]; then

156

info "Filenames are encrypted"

157

else

158

error "Filenames are not encrypted"

159

160

return 0

161

}

162

163

filenames_not_encrypted() {

164

local sigfile="$1/.ecryptfs/Private.sig"

165

local c=$(wc -l "$sigfile" | awk '{print $1}')

166

if [ "$c" = "1" ]; then

167

info "Filenames are not encrypted"

168

else

169

error "Filenames are encrypted"

170

171

return 0

172

}

173

174

home="$HOME"

175

user="$USER"

176

checks=

177

while [ ! -z "$1" ]; do

178

case "$1" in

179

-h|--home)

180

checks="$checks check_home"

181

shift

182

;;

183

-p|--private)

184

checks="$checks check_private"

185

shift

186

;;

187

-e|--filenames-encrypted)

188

checks="$checks check_filenames_encrypted"

189

shift

190

;;

191

-n|--filenames-not-encrypted)

192

checks="$checks check_filenames_not_encrypted"

193

shift

194

;;

195

--help)

196

usage

197

;;

198

-u|--user)

199

user="$2"

200

home=$(getent passwd "$user" | awk -F: '{print $6}')

201

if [ ! -d "$home" ]; then

202

error "Invalid home directory [$home] of [$user]"

203

204

shift 2

205

;;

206

esac

207

done

208

209

if [ -z "$checks" ]; then

210

error "No checks given"

211

212

213

for i in $checks; do

214

case "$i" in

215

check_home)

216

ecryptfs_exists "$home"

217

sigfile_valid "$home"

218

mountfile_valid "$home"

219

automount_true "$home"

220

mount_is_home "$home"

221

;;

222

check_private)

223

ecryptfs_exists "$home"

224

sigfile_valid "$home"

225

mountfile_valid "$home"

226

mount_is_private "$home"

227

;;

228

check_filenames_encrypted)

229

ecryptfs_exists "$home"

230

sigfile_valid "$home"

231

filenames_encrypted "$home"

232

;;

233

check_filenames_not_encrypted)

234

ecryptfs_exists "$home"

235

sigfile_valid "$home"

236

filenames_not_encrypted "$home"

237

;;

238

239

error "Invalid check [$i]"

240

;;

241

esac

242

done

243

244

info "Configuration valid"

245

exit 0

Older »