summaryrefslogtreecommitdiff
path: root/src/utils/ecryptfs-mount-private
diff options
context:
space:
mode:
authorJussi Laako <jussi.laako@linux.intel.com>2014-03-25 15:25:44 +0200
committerJussi Laako <jussi.laako@linux.intel.com>2014-03-25 15:26:50 +0200
commitbb0ada3bddfeeb4e98d3415c37266061c865005f (patch)
treef644444272c1a5f01b333977a94677bdc80f2184 /src/utils/ecryptfs-mount-private
downloadecryptfs-utils-bb0ada3bddfeeb4e98d3415c37266061c865005f.tar.gz
ecryptfs-utils-bb0ada3bddfeeb4e98d3415c37266061c865005f.tar.bz2
ecryptfs-utils-bb0ada3bddfeeb4e98d3415c37266061c865005f.zip
Change-Id: I5f609bdfdf73bda344b01c41519f6cd65ea76f55
Diffstat (limited to 'src/utils/ecryptfs-mount-private')
-rwxr-xr-xsrc/utils/ecryptfs-mount-private81
1 files changed, 81 insertions, 0 deletions
diff --git a/src/utils/ecryptfs-mount-private b/src/utils/ecryptfs-mount-private
new file mode 100755
index 0000000..c32708f
--- /dev/null
+++ b/src/utils/ecryptfs-mount-private
@@ -0,0 +1,81 @@
+#!/bin/sh -e
+# This script mounts a user's confidential private folder
+#
+# Original by Michael Halcrow, IBM
+# Extracted to a stand-alone script by Dustin Kirkland <kirkland@ubuntu.com>
+#
+# This script:
+# * interactively prompts for a user's wrapping passphrase (defaults to their
+# login passphrase)
+# * checks it for validity
+# * unwraps a users mount passphrase with their supplied wrapping passphrase
+# * inserts the mount passphrase into the keyring
+# * and mounts a user's encrypted private folder
+
+PRIVATE_DIR="Private"
+WRAPPING_PASS="LOGIN"
+PW_ATTEMPTS=3
+TEXTDOMAIN="ecryptfs-utils"
+MESSAGE=`gettext "Enter your login passphrase:"`
+
+if [ -f $HOME/.ecryptfs/wrapping-independent ]; then
+ # use a wrapping passphrase different from the login passphrase
+ WRAPPING_PASS="INDEPENDENT"
+ MESSAGE=`gettext "Enter your wrapping passphrase:"`
+fi
+
+WRAPPED_PASSPHRASE_FILE="$HOME/.ecryptfs/wrapped-passphrase"
+MOUNT_PASSPHRASE_SIG_FILE="$HOME/.ecryptfs/$PRIVATE_DIR.sig"
+
+# First, silently try to perform the mount, which would succeed if the appropriate
+# key is available in the keyring
+if /sbin/mount.ecryptfs_private >/dev/null 2>&1; then
+ exit 0
+fi
+
+# Otherwise, interactively prompt for the user's password
+if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f "$MOUNT_PASSPHRASE_SIG_FILE" ]; then
+ tries=0
+ stty_orig=`stty -g`
+ while [ $tries -lt $PW_ATTEMPTS ]; do
+ echo -n "$MESSAGE"
+ stty -echo
+ LOGINPASS=`head -n1`
+ stty $stty_orig
+ echo
+ if [ $(wc -l < "$MOUNT_PASSPHRASE_SIG_FILE") = "1" ]; then
+ # No filename encryption; only insert fek
+ if printf "%s\0" "$LOGINPASS" | ecryptfs-unwrap-passphrase "$WRAPPED_PASSPHRASE_FILE" - | ecryptfs-add-passphrase -; then
+ break
+ else
+ echo `gettext "ERROR:"` `gettext "Your passphrase is incorrect"`
+ tries=$(($tries + 1))
+ continue
+ fi
+ else
+ if printf "%s\0" "$LOGINPASS" | ecryptfs-insert-wrapped-passphrase-into-keyring "$WRAPPED_PASSPHRASE_FILE" - ; then
+ break
+ else
+ echo `gettext "ERROR:"` `gettext "Your passphrase is incorrect"`
+ tries=$(($tries + 1))
+ continue
+ fi
+ fi
+ done
+ if [ $tries -ge $PW_ATTEMPTS ]; then
+ echo `gettext "ERROR:"` `gettext "Too many incorrect password attempts, exiting"`
+ exit 1
+ fi
+ /sbin/mount.ecryptfs_private
+else
+ echo `gettext "ERROR:"` `gettext "Encrypted private directory is not setup properly"`
+ exit 1
+fi
+if grep -qs "$HOME/.Private $PWD ecryptfs " /proc/mounts 2>/dev/null; then
+ echo
+ echo `gettext "INFO:"` `gettext "Your private directory has been mounted."`
+ echo `gettext "INFO:"` `gettext "To see this change in your current shell:"`
+ echo " cd $PWD"
+ echo
+fi
+exit 0