使用C语言的syscall挂载ecryptfs
[英]mount ecryptfs with syscall in C language
问题描述
I am trying to mount an fs with ecryptfs in a program in C. But I don't manage to give to the kernel part the key 
我试图在C程序中使用ecryptfs挂载fs但是我没有设法给内核部分提供密钥
int mount_crypt(char* source)
{
int r = -1;
char opt[1024] = "ecryptfs_sig=f83de0de4ecccbb1,ecryptfs_cipher=aes,ecryptfs_key_bytes=16";
r = mount(source, source, "ecryptfs", MS_MGC_VAL, opt);
if (r != 0)
{
perror("EErrr mount cry");
printf("Error mount cry: %d\n", r);
}
return (r);
}
In /var/log/messages : 在/ var / log / messages中:
process_request_key_err: No key
One or more global auth toks could not properly register; rc = [-2]
I try with this in the opt string : 我在opt字符串中尝试使用它:
key=passphrase:passphrase_passwd=MYPASSS
but It doesn't work 但它不起作用
with : 用:
int icloud_mount_crypt(char* source)
{
int r = -1;
char opt[1024] = "key=passphrase:passphrase_passwd=XXXXXX,ecryptfs_sig=f83de0de4ecccbb1,ecryptfs_cipher=aes,ecryptfs_key_bytes=16";
r = mount(source, source, "ecryptfs", MS_MGC_VAL, opt);
if (r != 0)
{
perror("EErrr mount cry");
printf("Error mount cry: %d\n", r);
}
return (r);
}
Here the log : 这里的日志:
Feb 15 11:15:41 nightmare kernel: [2847133.493005] ecryptfs_parse_options: eCryptfs: unrecognized option [key=passphrase:passphrase_passwd=XXXXXX]
Feb 15 11:15:41 nightmare kernel: [2847133.493022] Could not find key with description: [f83de0de4ecccbb1]
Feb 15 11:15:41 nightmare kernel: [2847133.493028] process_request_key_err: No key
Feb 15 11:15:41 nightmare kernel: [2847133.493032] Could not find valid key in user session keyring for sig specified in mount option: [f83de0de4ecccbb1]
Feb 15 11:15:41 nightmare kernel: [2847133.493035] One or more global auth toks could not properly register; rc = [-2]
Feb 15 11:15:41 nightmare kernel: [2847133.493039] Error parsing options; rc = [-2]
Thanks for help 感谢帮助
2 个解决方案
解决方案1
1 2015-02-12 15:17:10
You might find the source code of mount.ecryptfs_private.c useful, as it builds the mount string, and then performs the mount. 您可能会发现mount.ecryptfs_private.c的源代码很有用,因为它构建了挂载字符串,然后执行挂载。 This is the setuid binary used by pam_ecryptfs in Ubuntu to mount a user's encrypted home directory. 这是Ubuntu中pam_ecryptfs用来挂载用户加密主目录的setuid二进制文件。
- https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/mount.ecryptfs_private.c https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/mount.ecryptfs_private.c
Full disclosure: I am the author of mount.ecryptfs_private.c and maintainer of eCryptfs . 完全披露:我是mount.ecryptfs_private.c的作者和eCryptfs的维护者。
解决方案2
1 2015-02-18 09:29:32
In fact, the key must be provide to the kernel before using mount syscall with the Key management facility (see man keyctl) 实际上,在将key syscall与密钥管理工具一起使用之前,必须向内核提供密钥(请参阅man keyctl)
see : https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/ecryptfs_add_passphrase.c 请参阅: https : //bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head : /src/utils/ecryptfs_add_passphrase.c
and 和
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/libecryptfs/key_management.c https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/libecryptfs/key_management.c
code sample : 代码示例:
[...] [...]
from_hex(salt, ECRYPTFS_DEFAULT_SALT_HEX, ECRYPTFS_SALT_SIZE);
r = ecryptfs_generate_passphrase_auth_tok(&auth_tok, auth_tok_sig_hex,
fekek, salt, passphrase);
r = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig_hex,
passphrase,
salt);
auth_tok_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
if ((rc_long = keyctl(KEYCTL_LINK, KEY_SPEC_USER_KEYRING,
KEY_SPEC_SESSION_KEYRING)))
{
syslog(LOG_ERR, "Error attempting to link the user session "
"keyring into the session keyring\n");
}
[...] [...]
r = mount(source, source, "ecryptfs", MS_MGC_VAL, opt);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.