diff -u ecryptfs-utils-53/debian/rules ecryptfs-utils-53/debian/rules --- ecryptfs-utils-53/debian/rules +++ ecryptfs-utils-53/debian/rules @@ -55,6 +55,8 @@ $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install install -m 644 -D $(CURDIR)/debian/ecryptfs-utils.pam-auth-update $(CURDIR)/debian/tmp/usr/share/pam-configs/ecryptfs-utils + install -m 644 -D $(CURDIR)/debian/ecryptfs-mount-private.desktop $(CURDIR)/debian/tmp/usr/share/app-install/desktop/ecryptfs-mount-private.desktop + install -m 644 -D $(CURDIR)/debian/ecryptfs-mount-private.txt $(CURDIR)/debian/tmp/usr/share/doc/ecryptfs-utils/ecryptfs-mount-private.txt chmod 4755 debian/tmp/sbin/mount.ecryptfs_private diff -u ecryptfs-utils-53/debian/ecryptfs-utils.dirs ecryptfs-utils-53/debian/ecryptfs-utils.dirs --- ecryptfs-utils-53/debian/ecryptfs-utils.dirs +++ ecryptfs-utils-53/debian/ecryptfs-utils.dirs @@ -1,0 +2,2 @@ +usr/share/app-install/desktop +usr/share/doc/ecryptfs-utils diff -u ecryptfs-utils-53/debian/changelog ecryptfs-utils-53/debian/changelog --- ecryptfs-utils-53/debian/changelog +++ ecryptfs-utils-53/debian/changelog @@ -1,3 +1,16 @@ +ecryptfs-utils (53-1ubuntu13) intrepid; urgency=low + + Fixes for LP: #259631, add interactive mounting capability + * debian/rules, debian/ecryptfs-utils.dirs, + debian/ecryptfs-utils.install, debian/ecryptfs-mount-private.desktop, + debian/ecryptfs-mount-private.txt: install the new desktop shortcut + file and readme.txt to /usr/share + * debian/patches/60_interactive_mount.dpatch: modify ecryptfs-mount-private + utility to interactively prompt for password + * debian/patches/00list: updated accordingly + + -- Dustin Kirkland Mon, 03 Nov 2008 19:19:18 -0600 + ecryptfs-utils (53-1ubuntu12) intrepid-proposed; urgency=low * debian/patches/55_check_password_and_remove_from_proc.dpatch: diff -u ecryptfs-utils-53/debian/ecryptfs-utils.install ecryptfs-utils-53/debian/ecryptfs-utils.install --- ecryptfs-utils-53/debian/ecryptfs-utils.install +++ ecryptfs-utils-53/debian/ecryptfs-utils.install @@ -7,0 +8,2 @@ +/usr/share/app-install/desktop/ecryptfs-mount-private.desktop +/usr/share/doc/ecryptfs-utils/ecryptfs-mount-private.txt diff -u ecryptfs-utils-53/debian/patches/00list ecryptfs-utils-53/debian/patches/00list --- ecryptfs-utils-53/debian/patches/00list +++ ecryptfs-utils-53/debian/patches/00list @@ -10,0 +11 @@ +60_interactive_mount.dpatch only in patch2: unchanged: --- ecryptfs-utils-53.orig/debian/ecryptfs-mount-private.desktop +++ ecryptfs-utils-53/debian/ecryptfs-mount-private.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Access Your Private Data +GenericName=Access Your Private Data +Exec=/usr/bin/ecryptfs-mount-private +Terminal=true +Type=Application +Categories=System; only in patch2: unchanged: --- ecryptfs-utils-53.orig/debian/ecryptfs-mount-private.txt +++ ecryptfs-utils-53/debian/ecryptfs-mount-private.txt @@ -0,0 +1,9 @@ +THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA. + +From the graphical desktop, click on: + "Access Your Private Data" + +or + +From the command line, run: + $ ecryptfs-mount-private only in patch2: unchanged: --- ecryptfs-utils-53.orig/debian/patches/60_interactive_mount.dpatch +++ ecryptfs-utils-53/debian/patches/60_interactive_mount.dpatch @@ -0,0 +1,176 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +# 60_interactive_mount.dpatch +# Dustin Kirkland +# +# - Backport the password-on-stdin functionality from upstream into the +# ecryptfs-insert-wrapped-passphrase-into-keyring utility +# - Modify the unused ecryptfs-mount-private utility to interactively prompt +# for the login password and then mount the private directory. +# - Modify the unused ecryptfs-umount-private utility to simply call +# umount.ecryptfs_private, since the counter functionality has been added +# there +# - Have ecryptfs-setup-private link the new readme and desktop files into +# the unmounted Private directory +# - Add a "hint" in mount.ecryptfs_private that if the key isn't found, +# the user should perhaps try the interactive mode + +@DPATCH@ + +diff -uprN 1/ecryptfs-utils-53/src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c 2/ecryptfs-utils-53/src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c +--- ecryptfs-utils-53/src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c 2008-01-18 22:58:42.000000000 -0600 ++++ ecryptfs-utils-53/src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c 2008-11-03 10:38:29.254561920 -0600 +@@ -39,13 +39,30 @@ int main(int argc, char *argv[]) + char salt[ECRYPTFS_SALT_SIZE]; + char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; + int rc = 0; ++ char *p; + + if (argc != 3) { + usage(); + goto out; + } ++ if (strlen(argv[2]) == 1 && strncmp(argv[2], "-", 1) == 0) { ++ if ((wrapping_passphrase = ++ (char *)malloc(ECRYPTFS_MAX_PASSWORD_LENGTH+1)) == NULL) { ++ perror("malloc"); ++ goto out; ++ } ++ if (fgets(wrapping_passphrase, ++ ECRYPTFS_MAX_PASSWORD_LENGTH, stdin) == NULL) { ++ usage(); ++ goto out; ++ } ++ p = strrchr(wrapping_passphrase, '\n'); ++ if (p) *p = '\0'; ++ } else { ++ wrapping_passphrase = argv[2]; ++ } ++ + file = argv[1]; +- wrapping_passphrase = argv[2]; + rc = ecryptfs_read_salt_hex_from_rc(salt_hex); + if (rc) { + printf("Unable to read salt value from user's " +diff -uprN 1/ecryptfs-utils-53/src/utils/ecryptfs-mount-private 2/ecryptfs-utils-53/src/utils/ecryptfs-mount-private +--- ecryptfs-utils-53/src/utils/ecryptfs-mount-private 2008-06-27 10:05:37.000000000 -0500 ++++ ecryptfs-utils-53/src/utils/ecryptfs-mount-private 2008-11-03 19:46:13.702529819 -0600 +@@ -1,18 +1,55 @@ +-#!/bin/sh +-# This script mounts a user's confidential private folder, and ensures that +-# the permissions on the underlying encrypted directories are +-# private, and readable/writable/executable. ++#!/bin/sh -e ++# This script mounts a user's confidential private folder + # + # Original by Michael Halcrow, IBM + # Extracted to a stand-alone script by Dustin Kirkland ++# ++# This script: ++# * interactively prompts for a user's login passphrase ++# * checks it for validity ++# * unwraps a users mount passphrase with their supplied login passphrase ++# * inserts the mount passphrase into the keyring ++# * and mounts a user's encrypted private folder + + PRIVATE_DIR="Private" +-if [ -f "$HOME/.ecryptfs/auto-mount" -a -f "$HOME/.ecryptfs/$PRIVATE_DIR.sig" ]; then +- if ! egrep -qs "$HOME/[\.]{0,1}$PRIVATE_DIR " /proc/mounts; then +- chmod 500 "$HOME/$PRIVATE_DIR" +- chmod 700 "$HOME/.$PRIVATE_DIR" +- mount.ecryptfs_private +- fi ++WRAPPED_PASSPHRASE_FILE="$HOME/.ecryptfs/wrapped-passphrase" ++MOUNT_PASSPHRASE_SIG_FILE="$HOME/.ecryptfs/$PRIVATE_DIR.sig" ++MESSAGE="Enter your login passphrase: " ++DESKTOP_FILE="/usr/share/app-install/desktop/ecryptfs-mount-private.desktop" ++SHORTCUT_NAME="Access-Your-Private-Data.desktop" ++README_FILE="/usr/share/doc/ecryptfs-utils/ecryptfs-mount-private.txt" ++PW_ATTEMPTS=3 ++ ++# First, silently try to perform the mount, which would succeed if the appropriate ++# key is available in the keyring ++if /sbin/mount.ecryptfs_private >/dev/null 2>&1; then ++ exit 0 + fi + +-ecryptfs-zombie-kill ++# Otherwise, interactively prompt for the user's password ++if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f "$MOUNT_PASSPHRASE_SIG_FILE" ]; then ++ tries=0 ++ stty_orig=`stty -g` ++ while [ $tries -lt $PW_ATTEMPTS ]; do ++ stty -echo ++ read -p "$MESSAGE" -r LOGINPASS ++ stty $stty_orig ++ echo ++ if printf "%s\0" "$LOGINPASS" | /sbin/unix_chkpwd "$USER" nullok; then ++ break ++ else ++ echo "ERROR: Your login passphrase is incorrect." ++ tries=$(($tries + 1)) ++ fi ++ done ++ if [ $tries -ge $PW_ATTEMPTS ]; then ++ echo "ERROR: Too many incorrect password attempts, exiting" ++ exit 1 ++ fi ++ echo "$LOGINPASS" | ecryptfs-insert-wrapped-passphrase-into-keyring "$WRAPPED_PASSPHRASE_FILE" - ++ /sbin/mount.ecryptfs_private ++else ++ echo "ERROR: Encrypted $PRIVATE_DIR is not setup properly" ++ exit 1 ++fi ++exit 0 +diff -uprN 1/ecryptfs-utils-53/src/utils/ecryptfs-setup-private 2/ecryptfs-utils-53/src/utils/ecryptfs-setup-private +--- ecryptfs-utils-53/src/utils/ecryptfs-setup-private 2008-11-03 10:33:27.806526765 -0600 ++++ ecryptfs-utils-53/src/utils/ecryptfs-setup-private 2008-11-03 16:49:00.750563787 -0600 +@@ -210,7 +210,8 @@ echo + # Setup private directory in home + mkdir -m 700 -p "$CRYPTDIR" || error "Could not create crypt directory [$CRYPTDIR]" + mkdir -m 700 -p "$MOUNTPOINT" || error "Could not create mount directory [$MOUNTPOINT]" +-ln -s /sbin/mount.ecryptfs_private "$MOUNTPOINT"/"THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA -- Run mount.ecryptfs_private to mount again" ++ln -s /usr/share/doc/ecryptfs-utils/ecryptfs-mount-private.txt "$MOUNTPOINT"/README.txt ++ln -s /usr/share/app-install/desktop/ecryptfs-mount-private.desktop "$MOUNTPOINT"/Access-Your-Private-Data.desktop + chmod 500 "$MOUNTPOINT" + + # Setup ~/.ecryptfs directory +diff -uprN 1/ecryptfs-utils-53/src/utils/ecryptfs-umount-private 2/ecryptfs-utils-53/src/utils/ecryptfs-umount-private +--- ecryptfs-utils-53/src/utils/ecryptfs-umount-private 2008-07-23 15:00:12.000000000 -0500 ++++ ecryptfs-utils-53/src/utils/ecryptfs-umount-private 2008-11-03 19:47:06.562527179 -0600 +@@ -1,21 +1,7 @@ +-#!/bin/sh +-# This script unmounts a user's private ecryptfs folder, and makes +-# both the mountpoint and underlying encrypted directories read-only, ONLY IF +-# there are 1 or fewer instances of this user left on the system. ++#!/bin/sh -e ++# This script unmounts a user's private ecryptfs folder + # + # Original by Michael Halcrow, IBM + # Extracted to a stand-alone script by Dustin Kirkland + +-PRIVATE_DIR="Private" +-if [ -f "$HOME/.ecryptfs/auto-umount" -a -f "$HOME/.ecryptfs/$PRIVATE_DIR.sig" ]; then +- if egrep -qs "$HOME/[\.]{0,1}$PRIVATE_DIR " /proc/mounts; then +- username=`whoami` +- count=`who | grep "^$username " | wc -l` +- if [ $count -le 1 ]; then +- chmod 500 "$HOME/$PRIVATE_DIR" "$HOME/.$PRIVATE_DIR" +- umount.ecryptfs_private +- fi +- fi +-fi +- +-ecryptfs-zombie-kill ++/sbin/umount.ecryptfs_private +diff -uprN 1/ecryptfs-utils-53/src/utils/mount.ecryptfs_private.c 2/ecryptfs-utils-53/src/utils/mount.ecryptfs_private.c +--- ecryptfs-utils-53/src/utils/mount.ecryptfs_private.c 2008-11-03 10:33:27.790526198 -0600 ++++ ecryptfs-utils-53/src/utils/mount.ecryptfs_private.c 2008-11-03 18:40:12.450563158 -0600 +@@ -129,6 +129,8 @@ char *fetch_sig(char *pw_dir) { + */ + if ((int)keyctl_search(KEY_SPEC_USER_KEYRING, "user", sig, 0) == -1) { + perror("keyctl_search"); ++ fputs("Perhaps try the interactive 'ecryptfs-mount-private'\n", ++ stderr); + return NULL; + } + return sig;