From 523e38728f589490d97ba67b5e6715637ceea05e Mon Sep 17 00:00:00 2001
From: Victor Mocelin <vm13@inf.ufpr.br>
Date: Wed, 8 Jun 2016 11:49:43 -0300
Subject: [PATCH] Update script that creates ecryptfs files

Create the folders and files needed to ecryptfs.
---
 .../opt/ecryptfs/makesigphrase.sh             | 32 ++++++++++++++++---
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/server/modules/local-accounts-ecrypt/opt/ecryptfs/makesigphrase.sh b/server/modules/local-accounts-ecrypt/opt/ecryptfs/makesigphrase.sh
index 5a914401..82a54b9b 100755
--- a/server/modules/local-accounts-ecrypt/opt/ecryptfs/makesigphrase.sh
+++ b/server/modules/local-accounts-ecrypt/opt/ecryptfs/makesigphrase.sh
@@ -1,16 +1,40 @@
 #!/bin/bash
 username=$1
 password=$2
-path="$3"
+path=$3
 
-sigpath=$(printf "%s%s.sig" "$path" "$username")
+user_home="$path/$username"
+ecryptfs_path="$path/.ecryptfs"
+user_ecrypt_path="$ecryptfs_path/$username"
+
+if [ ! -d "$ecryptfs_path" ]; then
+	mkdir $ecryptfs_path
+fi
+
+mkdir -p $user_ecrypt_path
+mkdir -m 700 "$user_ecrypt_path/.ecryptfs"
+mkdir -m 700 "$user_ecrypt_path/.Private"
+
+touch "$user_ecrypt_path/.ecryptfs/auto-mount"
+touch "$user_ecrypt_path/.ecryptfs/auto-umount"
+
+echo "/home/$username" > "$user_ecrypt_path/.ecryptfs/Private.mnt"
+
+sigpath="$user_ecrypt_path/.ecryptfs/Private.sig"
+wrapped="$user_ecrypt_path/.ecryptfs/wrapped-passphrase"
 
 mountpass=$(openssl rand -base64 32)
 
-printf "%s\n%s" "$mountpass" "$password" | ecryptfs-wrap-passphrase "${path}${username}"
-printf "%s" "$password" | ecryptfs-insert-wrapped-passphrase-into-keyring "${path}${username}"
+printf "%s\n%s" "$mountpass" "$password" | ecryptfs-wrap-passphrase "$wrapped"
+printf "%s" "$password" | ecryptfs-insert-wrapped-passphrase-into-keyring "$wrapped"
 response=`printf "%s" "$mountpass" | ecryptfs-add-passphrase --fnek -`
 sig=`echo "$response" | grep "Inserted auth tok" | sed "s/^.*\[//" | sed "s/\].*$//"`
 echo "$sig" > "$sigpath"
 
+chmod 600 "$user_ecrypt_path/.ecryptfs/Private.sig"
+chmod 600 "$user_ecrypt_path/.ecryptfs/Private.mnt"
+chmod 600 "$user_ecrypt_path/.ecryptfs/wrapped-passphrase"
+chmod 644 "$user_ecrypt_path/.ecryptfs/auto-mount"
+chmod 644 "$user_ecrypt_path/.ecryptfs/auto-umount"
+
 keyctl clear @u
-- 
GitLab