support for ecryptfs

6 files changed, 92 insertions, 6 deletions

diff --git a/ChangeLog b/ChangeLog
index 2d6ae81..988464a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+
+		new : support for ecryptfs by Magic-function
+
+
 0.3.0		switch to BETA status
 		Some minor bugs been fixed. compiler warnings eliminated
 
diff --git a/NEWS b/NEWS
index 984d388..cc3dd24 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,5 @@
+			new : support for ecryptfs by Magic-function
+
 ext4magic 0.3.0		switch to BETA status
 			Some minor bugs been fixed. compiler warnings eliminated
 			English documentation translation is started
diff --git a/TODO b/TODO
index 2dd4117..6ba0ee1 100644
--- a/TODO
+++ b/TODO
@@ -3,16 +3,19 @@ TODO over of the next year ;-)
 - English documentation
 	we working on it, but we need help !!!!!!!
 	http://openfacts2.berlios.de/wikien/index.php/BerliosProject:Ext4magic
+  Current stat 04.2012: not ready but looks good  
 
 	
 - support for ecrypfs in the Magic-function
 	is particularly interesting for Ubuntu user
+  Current stat 04.2012: ready for test
 
 
 - the new Magic-function for ext3
 	old 0.2.x function is very slow and inaccurate
 	and is not compatible with the Magic-functions of the ext4 in 0.3.x
 	a support for both file systems is planned with 0.4.x
+  Current stat 04.2012: open
 
 
 - better support for source code and other text files
@@ -25,6 +28,8 @@ TODO over of the next year ;-)
 
 	# sed '1,/^$/d' ext4magic.c | file -i -
 	/dev/stdin: text/x-c; charset=us-ascii
+  Current stat 04.2012: The current libmagic-5.11 eliminated the problem.
+			Changes within ext4magic therefore, not required
 
 
 - ext4 : with the Magic-function it should be possible to recover also some file types
@@ -32,7 +37,7 @@ TODO over of the next year ;-)
 	the conditions and preparations are already included
 	the possible individual extents are already collected in the database
 	a function is needed to find out and check the correct order
-
+  Current stat 04.2012: open
 
 
 Currently known issues
diff --git a/src/ext4magic.c b/src/ext4magic.c
index 96792c8..e084375 100644
--- a/src/ext4magic.c
+++ b/src/ext4magic.c
@@ -340,7 +340,7 @@ char		defaultdir[] = "RECOVERDIR" ;
 const char      *usage = "\next4magic -M [-j <journal_file>] [-d <target_dir>] <filesystem> \n\
 ext4magic -m [-j <journal_file>] [-d <target_dir>] <filesystem> \n\
 ext4magic [-S|-J|-H|-V|-T] [-x] [-j <journal_file>] [-B n|-I n|-f <file_name>|-i <input_list>] [-t n|[[-a n][-b n]]] [-d <target_dir>] [-R|-r|-L|-l] [-Q] <filesystem>";
-int             c;
+int             l,c ;
 int             open_flags = EXT2_FLAG_SOFTSUPP_FEATURES;
 int		recovermodus = 0 ;
 int 		disaster = 0;
@@ -584,7 +584,8 @@ while ((c = getopt (argc, argv, "TJRMLlmrSxi:t:j:f:Vd:B:b:a:I:H")) != EOF) {
 			}				
 			mode |= COMMAND_INODE ;
 			mode |= COMMAND_PATHNAME ;
-			pathname = malloc(512);
+			l = strlen(optarg);
+			pathname = malloc( l+1 );
 			strcpy(pathname,optarg);
 			break;
 
diff --git a/src/file_type.c b/src/file_type.c
index a695ca0..67f1de2 100644
--- a/src/file_type.c
+++ b/src/file_type.c
@@ -55,7 +55,7 @@ int ident_file(struct found_data_t *new, __u32 *scan, char *magic_buf, void *buf
 	char	applistr[] ="dicom mac-binhex40 msword octet-stream ogg pdf pgp pgp-encrypted pgp-keys pgp-signature postscript unknown+zip vnd.google-earth.kml+xml vnd.google-earth.kmz vnd.lotus-wordpro vnd.ms-cab-compressed vnd.ms-excel vnd.ms-tnef vnd.oasis.opendocument. vnd.rn-realmedia vnd.symbian.install x-123 x-adrift x-archive x-arc x-arj x-bittorrent x-bzip2 x-compress x-coredump x-cpio x-dbf x-dbm x-debian-package x-dosexec x-dvi x-eet x-elc x-executable x-gdbm x-gnucash x-gnumeric x-gnupg-keyring x-gzip x-hdf x-hwp x-ichitaro4 x-ichitaro5 x-ichitaro6 x-iso9660-image x-java-applet x-java-jce-keystore x-java-keystore x-java-pack200 x-kdelnk x-lha x-lharc x-lzip x-mif xml xml-sitemap x-msaccess x-ms-reader x-object x-pgp-keyring x-quark-xpress-3 x-quicktime-player x-rar x-rpm x-sc x-setupscript x-sharedlib x-shockwave-flash x-stuffit x-svr4-package x-tar x-tex-tfm x-tokyocabinet-btree x-tokyocabinet-fixed x-tokyocabinet-hash x-tokyocabinet-table x-xz x-zoo zip x-font-ttf x-7z-compressed ";
 	char	textstr[] = "html PGP rtf texmacs troff vnd.graphviz x-awk x-diff x-fortran x-gawk x-info x-lisp x-lua x-msdos-batch x-nawk x-perl x-php x-shellscript x-texinfo x-tex x-vcard x-xmcd plain x-pascal x-c++ x-c x-mail x-makefile x-asm x-python x-java PEM SGML libtool M3U tcl POD PPD configure ruby sed expect ssh text ";
 //Files not found as mime-type
-	char	undefstr[] ="MPEG Targa 7-zip cpio CD-ROM DVD 9660 Kernel boot ext2 ext3 ext4 Image Composite SQLite OpenOffice.org Microsoft VMWare3 VMware4 JPEG ART PCX RIFF DIF IFF ATSC ScreamTracker EBML LZMA Audio=Visual Sample=Vision ISO=Media Linux filesystem x86 LUKS python ESRI=Shape CDF ";
+	char	undefstr[] ="MPEG Targa 7-zip cpio CD-ROM DVD 9660 Kernel boot ext2 ext3 ext4 Image Composite SQLite OpenOffice.org Microsoft VMWare3 VMware4 JPEG ART PCX RIFF DIF IFF ATSC ScreamTracker EBML LZMA Audio=Visual Sample=Vision ISO=Media Linux filesystem x86 LUKS python ESRI=Shape CDF ecryptfs ";
 //-----------------------------------------------------------------------------------
 	char* 		p_search;
 	char		token[30];
@@ -7005,6 +7005,63 @@ int file_fli(unsigned char *buf, int *size, __u32 scan , int flag, struct found_
 	return ret;
 }
 
+//file_ecryptfs
+int file_ecryptfs(unsigned char *buf, int *size, __u32 scan , int flag, struct found_data_t* f_data){
+	int 		ret = 0;
+	__u32		blz,count;
+	__u64		lsize,ssize;
+	
+
+	switch (flag){
+		case 0: 
+			if (f_data->size || f_data->h_size) {
+				if (f_data->scantype & DATA_METABLOCK){
+					f_data->inode->i_size_high = f_data->h_size;
+					f_data->inode->i_size = f_data->size;
+					*size = current_fs->blocksize;
+					ret = 1;
+				}
+				else { 
+					lsize = (__u64)f_data->h_size << 32;
+					lsize += f_data->size;
+					ssize = (__u64)f_data->inode->i_size_high << 32;
+					ssize += f_data->inode->i_size;
+					if (lsize > ssize)
+						ret = 0;
+					else{
+						f_data->inode->i_size = f_data->size;
+						*size = current_fs->blocksize;
+						ret = 1;
+					}
+				}
+			}
+		break;
+		case 1:
+			return (scan & (M_IS_META | M_CLASS_1 | M_BLANK | M_TXT)) ? 0 : 1 ;
+		break;
+		case 2:
+			lsize = ((__u64)buf[0]<<56)+((__u64)buf[1]<<48)+((__u64)buf[2]<<40)+((__u64)buf[3]<<32)+
+			        (buf[4]<<24)+(buf[5]<<16)+(buf[6]<<8)+buf[7];
+			blz = (buf[20]<<24)+(buf[21]<<16)+(buf[22]<<8)+buf[23];
+			count = (buf[24]<<8)+buf[25];
+			if (!(blz & 0x3ff)){
+		//		if (!lsize) lsize++;
+				lsize += (blz *count);
+
+				f_data->size = lsize & 0xFFFFFFFF;
+				f_data->size = (f_data->size + (blz-1)) & (~(blz-1)); 
+				f_data->h_size = lsize >> 32;
+				f_data->scantype = DATA_LENGTH;
+				ret =1;
+			}
+		break;
+	}
+	return ret;
+}
+
+
+
+
 
 static int follow_ac3(unsigned char *buf, __u16 blockcount, __u32 *offset, __u32 *last_match,  int flag){
 	static const __u16	tab[38][3] = {
@@ -8691,6 +8748,11 @@ void get_file_property(struct found_data_t* this){
 	              this->func = file_CDF ;
 	              strncat(this->name,".doc",7);
 		break;
+
+		case 0x0828     :               //ecryptfs
+	              this->func = file_ecryptfs ;
+	              strncat(this->name,".ecrypt",8);
+		break;
 	//----------------------------------------------------------------
 		default:
 			this->func = file_default ;
diff --git a/src/magic_block_scan.c b/src/magic_block_scan.c
index 5e75905..3613ede 100644
--- a/src/magic_block_scan.c
+++ b/src/magic_block_scan.c
@@ -509,6 +509,15 @@ return flag;
 } 
 
 
+static int is_ecryptfs(unsigned char* buf){
+	int ret = 0;
+	if ((!buf[0]) && (!buf[20]) && (!buf[21]) && (buf[22]) && (!buf[23]) && (!buf[24]) &&  
+	    ((buf[8] ^ buf[12]) == 0x3c) && ((buf[9] ^ buf[13]) == 0x81) && ((buf[10] ^ buf[14]) == 0xb7) && ((buf[11] ^ buf[15]) == 0xf5))
+		ret =1;
+	return ret;
+}
+
+
 //magic scanner 
 //FIXME 
 static int magic_check_block(unsigned char* buf,magic_t cookie , magic_t cookie_f, char *magic_buf, __u32 size, blk_t blk, int deep){
@@ -647,7 +656,10 @@ static int magic_check_block(unsigned char* buf,magic_t cookie , magic_t cookie_
 	}
 	else{
 		if ((strstr(magic_buf,"application/octet-stream")) && (!(strncmp(text,"data",4)))){
-			retval |= M_DATA;
+			if (is_ecryptfs (buf))
+				strncpy(text,"ecryptfs ",9);
+			else
+				retval |= M_DATA;
 		}
 	}
 
@@ -693,7 +705,7 @@ static int magic_check_block(unsigned char* buf,magic_t cookie , magic_t cookie_
 	}
 
 	if (strstr(magic_buf,"application/octet-stream")){
-		char	searchstr[] = "7-zip cpio CD-ROM MPEG 9660 Targa Kernel boot SQLite OpenOffice.org VMWare3 VMware4 JPEG ART PCX IFF DIF RIFF ATSC ScreamTracker matroska LZMA Audio=Visual Sample=Vision ISO=Media ext2 ext3 ext4 LUKS python ESRI=Shape ";
+		char	searchstr[] = "7-zip cpio CD-ROM MPEG 9660 Targa Kernel boot SQLite OpenOffice.org VMWare3 VMware4 JPEG ART PCX IFF DIF RIFF ATSC ScreamTracker matroska LZMA Audio=Visual Sample=Vision ISO=Media ext2 ext3 ext4 LUKS python ESRI=Shape ecryptfs ";
 		p_search = searchstr;
 		while (*p_search){
 			len=0;