2016-12-29 12:49:03 +00:00
#!/usr/bin/env zsh
2010-08-22 13:04:19 +00:00
#
2011-01-13 13:37:52 +00:00
# Tomb, the Crypto Undertaker
2010-08-22 13:04:19 +00:00
#
2013-05-28 09:57:58 +00:00
# A commandline tool to easily operate encryption of secret data
2013-05-28 10:53:26 +00:00
#
2013-05-28 09:57:58 +00:00
# {{{ License
2011-12-01 19:04:56 +00:00
2016-12-29 18:20:48 +00:00
# Copyright (C) 2007-2017 Dyne.org Foundation
2013-05-29 15:21:36 +00:00
#
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
2010-08-22 13:04:19 +00:00
#
2014-11-15 02:14:03 +00:00
# With contributions by Anathema, Boyska, Hellekin O. Wolf and GDrooid
2010-08-22 13:04:19 +00:00
#
2014-11-26 19:28:06 +00:00
# Gettext internationalization and Spanish translation is contributed by
# GDrooid, French translation by Hellekin, Russian translation by fsLeg,
# German translation by x3nu.
#
# Testing, reviews and documentation are contributed by Dreamer, Shining
# the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
# Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
# Linux Action Show!
#
# Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
2013-05-29 15:21:36 +00:00
#
2014-11-26 19:28:06 +00:00
# Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
2013-05-29 15:21:36 +00:00
2014-10-21 16:19:57 +00:00
# This source code is free software; you can redistribute it and/or
# modify it under the terms of the GNU Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
2014-11-23 17:25:42 +00:00
#
2014-10-21 16:19:57 +00:00
# This source code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Please refer
# to the GNU Public License for more details.
2014-11-23 17:25:42 +00:00
#
2014-10-21 16:19:57 +00:00
# You should have received a copy of the GNU Public License along with
# this source code; if not, write to: Free Software Foundation, Inc.,
# 675 Mass Ave, Cambridge, MA 02139, USA.
2013-05-28 09:57:58 +00:00
# }}} - License
# {{{ Global variables
2011-12-01 19:04:56 +00:00
2016-12-29 18:20:48 +00:00
typeset VERSION="2.3"
2017-01-02 10:04:08 +00:00
typeset DATE="Jan/2017"
2014-11-14 16:42:49 +00:00
typeset TOMBEXEC=$0
2014-11-23 13:49:41 +00:00
typeset TMPPREFIX=${TMPPREFIX:-/tmp}
# TODO: configure which tmp dir to use from a cli flag
2014-10-24 01:48:05 +00:00
# Tomb is using some global variables set by the shell:
# TMPPREFIX, UID, GID, PATH, TTY, USERNAME
# You can grep 'global variable' to see where they are used.
# Keep a reference of the original command line arguments
2011-08-02 00:10:31 +00:00
typeset -a OLDARGS
2014-11-14 19:12:30 +00:00
for arg in "${(@)argv}"; do OLDARGS+=("$arg"); done
2014-10-21 16:24:47 +00:00
# Special command requirements
2015-02-08 17:33:10 +00:00
typeset -a DD WIPE PINENTRY
2014-10-21 16:24:47 +00:00
DD=(dd)
WIPE=(rm -f)
2014-11-21 23:23:57 +00:00
PINENTRY=(pinentry)
2014-10-21 16:24:47 +00:00
2014-11-15 01:36:31 +00:00
# load zsh regex module
zmodload zsh/regex
zmodload zsh/mapfile
2015-01-17 01:14:38 +00:00
zmodload -F zsh/stat b:zstat
2014-11-15 01:36:31 +00:00
2014-11-23 17:26:06 +00:00
# make sure variables aren't exported
unsetopt allexport
2014-10-24 01:48:05 +00:00
# Flag optional commands if available (see _ensure_dependencies())
2014-10-29 13:26:43 +00:00
typeset -i KDF=1
typeset -i STEGHIDE=1
typeset -i RESIZER=1
typeset -i SWISH=1
typeset -i QRENCODE=1
2014-10-21 16:33:59 +00:00
# Default mount options
2014-10-24 01:48:05 +00:00
typeset MOUNTOPTS="rw,noatime,nodev"
2014-08-25 19:01:50 +00:00
2014-10-22 22:39:47 +00:00
# Makes glob matching case insensitive
2014-08-25 22:54:41 +00:00
unsetopt CASE_MATCH
2014-10-24 01:48:05 +00:00
typeset -AH OPTS # Command line options (see main())
2013-03-29 11:51:43 +00:00
2014-10-24 01:48:05 +00:00
# Command context (see _whoami())
typeset -H _USER # Running username
typeset -Hi _UID # Running user identifier
typeset -Hi _GID # Running user group identifier
typeset -H _TTY # Connected input terminal
2011-07-14 13:47:20 +00:00
2014-10-23 05:10:24 +00:00
# Tomb context (see _plot())
typeset -H TOMBPATH # Full path to the tomb
typeset -H TOMBDIR # Directory where the tomb is
typeset -H TOMBFILE # File name of the tomb
typeset -H TOMBNAME # Name of the tomb
2014-08-25 19:01:50 +00:00
2014-10-23 06:30:02 +00:00
# Tomb secrets
2014-10-23 06:44:45 +00:00
typeset -H TOMBKEY # Encrypted key contents (see forge_key(), recover_key())
typeset -H TOMBKEYFILE # Key file (ditto)
typeset -H TOMBSECRET # Raw deciphered key (see forge_key(), gpg_decrypt())
typeset -H TOMBPASSWORD # Raw tomb passphrase (see gen_key(), ask_key_password())
2014-11-14 17:42:11 +00:00
typeset -H TOMBTMP # Filename of secure temp just created (see _tmp_create())
2014-08-25 19:01:50 +00:00
2014-10-23 06:48:35 +00:00
typeset -aH TOMBTMPFILES # Keep track of temporary files
2014-10-23 06:53:28 +00:00
typeset -aH TOMBLOOPDEVS # Keep track of used loop devices
2014-08-06 05:43:25 +00:00
2014-10-24 01:48:05 +00:00
# Make sure sbin is in PATH (man zshparam)
path+=( /sbin /usr/sbin )
2013-06-12 11:33:54 +00:00
2014-08-11 20:56:26 +00:00
# For gettext
export TEXTDOMAIN=tomb
2011-12-01 17:53:12 +00:00
# }}}
2012-08-04 16:34:10 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Safety functions
2011-12-01 19:41:04 +00:00
2015-02-08 17:33:10 +00:00
# Wrap sudo with a more visible message
_sudo() {
local sudo_eng="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
local msg="$(gettext -s "$sudo_eng")"
msg=${(S)msg//::1*::/$USER}
sudo -p "
$msg
" ${@}
}
2014-10-23 06:58:35 +00:00
# Cleanup anything sensitive before exiting.
_endgame() {
2014-08-25 19:01:50 +00:00
2014-10-23 06:58:35 +00:00
# Prepare some random material to overwrite vars
local rr="$RANDOM"
2014-08-27 10:28:15 +00:00
while [[ ${#rr} -lt 500 ]]; do
2014-10-23 06:58:35 +00:00
rr+="$RANDOM"
done
# Ensure no information is left in unallocated memory
2014-10-23 05:10:24 +00:00
TOMBPATH="$rr"; unset TOMBPATH
TOMBDIR="$rr"; unset TOMBDIR
TOMBFILE="$rr"; unset TOMBFILE
TOMBNAME="$rr"; unset TOMBNAME
2014-10-23 06:30:02 +00:00
TOMBKEY="$rr"; unset TOMBKEY
TOMBKEYFILE="$rr"; unset TOMBKEYFILE
2014-10-23 06:44:45 +00:00
TOMBSECRET="$rr"; unset TOMBSECRET
TOMBPASSWORD="$rr"; unset TOMBPASSWORD
2014-08-25 19:01:50 +00:00
2014-10-24 01:48:05 +00:00
# Clear temporary files
2014-10-23 06:48:35 +00:00
for f in $TOMBTMPFILES; do
2014-10-23 06:58:35 +00:00
${=WIPE} "$f"
done
2014-10-23 06:48:35 +00:00
unset TOMBTMPFILES
2014-08-25 19:01:50 +00:00
2014-10-24 01:48:05 +00:00
# Detach loop devices
2014-10-23 06:53:28 +00:00
for l in $TOMBLOOPDEVS; do
2015-02-08 17:33:10 +00:00
_sudo losetup -d "$l"
2014-10-23 06:58:35 +00:00
done
2014-10-23 06:53:28 +00:00
unset TOMBLOOPDEVS
2014-10-24 01:48:05 +00:00
2014-08-14 07:58:15 +00:00
}
2014-10-23 06:58:35 +00:00
# Trap functions for the _endgame event
TRAPINT() { _endgame INT }
TRAPEXIT() { _endgame EXIT }
TRAPHUP() { _endgame HUP }
TRAPQUIT() { _endgame QUIT }
TRAPABRT() { _endgame ABORT }
TRAPKILL() { _endgame KILL }
TRAPPIPE() { _endgame PIPE }
TRAPTERM() { _endgame TERM }
TRAPSTOP() { _endgame STOP }
2014-08-14 07:58:15 +00:00
2014-11-15 01:36:31 +00:00
_cat() { local -a _arr;
# read file using mapfile, newline fix
2017-01-02 05:02:50 +00:00
_arr=("${(f@)${mapfile[${1}]%$'\n'}}"); print "$_arr"
2014-11-26 16:44:23 +00:00
}
_is_found() {
2015-09-20 21:32:00 +00:00
# returns 0 if binary is found in path
2014-11-26 16:44:23 +00:00
[[ "$1" = "" ]] && return 1
2014-11-26 19:28:06 +00:00
command -v "$1" 1>/dev/null 2>/dev/null
return $?
2014-11-26 16:44:23 +00:00
}
2014-11-15 01:36:31 +00:00
2014-10-24 01:48:05 +00:00
# Identify the running user
# Set global variables _UID, _GID, _TTY, and _USER, either from the
# command line, -U, -G, -T, respectively, or from the environment.
# Also update USERNAME and HOME to maintain consistency.
_whoami() {
2014-10-24 04:37:58 +00:00
2014-11-03 20:36:52 +00:00
# Set username from UID or environment
2014-11-23 20:53:44 +00:00
_USER=$SUDO_USER
[[ "$_USER" = "" ]] && { _USER=$USERNAME }
[[ "$_USER" = "" ]] && { _USER=$(id -u) }
[[ "$_USER" = "" ]] && {
_failure "Failing to identify the user who is calling us" }
2014-11-03 20:36:52 +00:00
2014-10-24 01:48:05 +00:00
# Get GID from option -G or the environment
option_is_set -G \
2014-11-23 17:25:42 +00:00
&& _GID=$(option_value -G) || _GID=$(id -g $_USER)
2014-10-24 01:48:05 +00:00
# Get UID from option -U or the environment
option_is_set -U \
2014-11-23 17:25:42 +00:00
&& _UID=$(option_value -U) || _UID=$(id -u $_USER)
2014-10-24 01:48:05 +00:00
2014-11-23 13:49:41 +00:00
_verbose "Identified caller: ::1 username:: (::2 UID:::::3 GID::)" $_USER $_UID $_GID
2014-10-24 01:48:05 +00:00
2015-09-20 21:32:00 +00:00
# Update USERNAME accordingly if possible
2016-11-18 18:00:47 +00:00
# [[ $EUID == 0 && $_USER != $USERNAME ]] && {
# _verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER
# USERNAME=$_USER
# }
2014-10-24 01:48:05 +00:00
# Force HOME to _USER's HOME if necessary
2014-11-24 16:02:30 +00:00
local home=$(awk -F: "/^$_USER:/ { print \$6 }" /etc/passwd 2>/dev/null)
2014-10-24 01:48:05 +00:00
[[ $home == $HOME ]] || {
2014-11-23 17:25:42 +00:00
_verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \
$home $HOME
HOME=$home }
2014-10-24 01:48:05 +00:00
# Get connecting TTY from option -T or the environment
option_is_set -T && _TTY=$(option_value -T)
2014-10-24 04:37:58 +00:00
[[ -z $_TTY ]] && _TTY=$TTY
2014-10-24 01:48:05 +00:00
}
2011-12-01 19:41:04 +00:00
2014-10-23 05:10:24 +00:00
# Define sepulture's plot (setup tomb-related arguments)
2014-10-24 01:48:05 +00:00
# Synopsis: _plot /path/to/the.tomb
2015-06-26 09:47:19 +00:00
# Set TOMB{PATH,DIR,FILE,NAME}
2014-10-23 05:10:24 +00:00
_plot() {
2014-10-24 04:37:58 +00:00
2014-10-23 05:10:24 +00:00
# We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME
2014-11-23 17:25:42 +00:00
2014-10-23 05:10:24 +00:00
TOMBPATH="$1"
TOMBDIR=$(dirname $TOMBPATH)
TOMBFILE=$(basename $TOMBPATH)
2017-02-05 19:29:22 +00:00
# The tomb name is TOMBFILE without an extension and underscores instead of spaces (for mount and cryptsetup)
# It can start with dots: ..foo bar baz.tomb -> ..foo_bar_baz
TOMBNAME=${${TOMBFILE// /_}%.*}
2014-10-26 17:55:53 +00:00
[[ -z $TOMBNAME ]] && {
2014-11-23 17:25:42 +00:00
_failure "Tomb won't work without a TOMBNAME." }
2014-10-23 05:10:24 +00:00
}
2013-05-28 09:57:58 +00:00
# Provide a random filename in shared memory
2014-11-14 17:42:11 +00:00
_tmp_create() {
2014-11-23 13:49:41 +00:00
[[ -d "$TMPPREFIX" ]] || {
2014-11-23 17:25:42 +00:00
# we create the tempdir with the sticky bit on
2015-02-08 17:33:10 +00:00
_sudo mkdir -m 1777 "$TMPPREFIX"
2014-11-26 16:24:11 +00:00
[[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
2014-11-23 13:49:41 +00:00
}
2014-10-20 15:52:21 +00:00
2015-09-20 21:32:00 +00:00
# We're going to add one more $RANDOM for each time someone complains
2014-11-23 13:49:41 +00:00
# about this being too weak of a random.
tfile="${TMPPREFIX}/$RANDOM$RANDOM$RANDOM$RANDOM" # Temporary file
2014-11-22 00:40:26 +00:00
umask 066
[[ $? == 0 ]] || {
_failure "Fatal error setting the permission umask for temporary files" }
2014-10-24 04:37:58 +00:00
2014-11-23 13:49:41 +00:00
[[ -r "$tfile" ]] && {
2014-11-23 17:25:42 +00:00
_failure "Someone is messing up with us trying to hijack temporary files." }
2014-11-23 13:49:41 +00:00
touch "$tfile"
2014-10-24 04:37:58 +00:00
[[ $? == 0 ]] || {
2014-11-23 13:49:41 +00:00
_failure "Fatal error creating a temporary file: ::1 temp file::" "$tfile" }
2014-10-20 15:52:21 +00:00
2014-11-23 13:49:41 +00:00
_verbose "Created tempfile: ::1 temp file::" "$tfile"
2014-11-14 17:42:11 +00:00
TOMBTMP="$tfile"
TOMBTMPFILES+=("$tfile")
2014-10-24 04:37:58 +00:00
2014-10-28 12:46:23 +00:00
return 0
2011-11-03 14:13:49 +00:00
}
2013-05-28 09:57:58 +00:00
2015-02-22 02:03:29 +00:00
# Check if a *block* device is encrypted
2015-02-08 17:54:27 +00:00
# Synopsis: _is_encrypted_block /path/to/block/device
# Return 0 if it is an encrypted block device
_is_encrypted_block() {
local b=$1 # Path to a block device
2015-02-08 22:50:52 +00:00
local s="" # lsblk option -s (if available)
2015-02-08 17:54:27 +00:00
2015-02-08 22:50:52 +00:00
# Issue #163
# lsblk --inverse appeared in util-linux 2.22
# but --version is not consistent...
2015-02-22 02:03:29 +00:00
lsblk --help | grep -Fq -- --inverse
2015-02-08 22:50:52 +00:00
[[ $? -eq 0 ]] && s="--inverse"
sudo lsblk $s -o type -n $b 2>/dev/null \
2015-02-08 23:06:53 +00:00
| egrep -q '^crypt$'
2015-02-08 17:54:27 +00:00
return $?
}
2013-05-28 09:57:58 +00:00
# Check if swap is activated
2014-10-24 04:37:58 +00:00
# Return 0 if NO swap is used, 1 if swap is used.
# Return 1 if any of the swaps is not encrypted.
# Return 2 if swap(s) is(are) used, but ALL encrypted.
2015-09-20 21:32:00 +00:00
# Use _check_swap in functions. It will call this function and
2014-10-24 04:37:58 +00:00
# exit if unsafe swap is present.
_ensure_safe_swap() {
local -i r=1 # Return code: 0 no swap, 1 unsafe swap, 2 encrypted
local -a swaps # List of swap partitions
local bone is_crypt
swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
[[ -z "$swaps" ]] && return 0 # No swap partition is active
2015-02-08 17:54:27 +00:00
_message "An active swap partition is detected..."
2015-02-08 23:01:01 +00:00
for s in $=swaps; do
2017-01-02 05:03:29 +00:00
if _is_encrypted_block $s; then
r=2;
else
2015-09-20 21:32:00 +00:00
# We're dealing with unencrypted stuff.
# Maybe it lives on an encrypted filesystem anyway.
# @todo: verify it's actually on an encrypted FS (see #163 and !189)
# Well, no: bail out.
2017-01-02 05:03:29 +00:00
r=1; break;
fi
2015-02-08 23:01:01 +00:00
done
2015-02-08 17:54:27 +00:00
2014-10-24 04:37:58 +00:00
if [[ $r -eq 2 ]]; then
2016-10-11 13:30:32 +00:00
_success "The undertaker found that all swap partitions are encrypted. Good."
2013-12-16 20:41:49 +00:00
else
2014-11-27 16:01:35 +00:00
_warning "This poses a security risk."
2014-10-24 04:37:58 +00:00
_warning "You can deactivate all swap partitions using the command:"
_warning " swapoff -a"
2015-02-08 23:06:53 +00:00
_warning "[#163] I may not detect plain swaps on an encrypted volume."
2014-10-24 04:37:58 +00:00
_warning "But if you want to proceed like this, use the -f (force) flag."
2013-12-16 20:41:49 +00:00
fi
2014-10-24 04:37:58 +00:00
return $r
2011-07-10 20:11:10 +00:00
}
2012-01-17 13:00:20 +00:00
2014-10-24 04:37:58 +00:00
# Wrapper to allow encrypted swap and remind the user about possible
2015-09-20 21:32:00 +00:00
# data leaks to disk if swap is on, which shouldn't be ignored. It could
2014-10-24 04:37:58 +00:00
# be run once in main(), but as swap evolves, it's better to run it
# whenever swap may be needed.
# Exit if unencrypted swap is active on the system.
2013-12-16 21:23:10 +00:00
_check_swap() {
if ! option_is_set -f && ! option_is_set --ignore-swap; then
2014-10-24 04:37:58 +00:00
_ensure_safe_swap
2014-07-13 15:35:28 +00:00
case $? in
0|2) # No, or encrypted swap
return 0
;;
*) # Unencrypted swap
2014-11-23 17:25:42 +00:00
_failure "Operation aborted."
2014-07-13 15:35:28 +00:00
;;
esac
2013-12-16 21:23:10 +00:00
fi
2011-07-10 20:11:10 +00:00
}
2012-01-17 13:00:20 +00:00
2013-05-28 09:57:58 +00:00
# Ask user for a password
2014-11-03 00:55:19 +00:00
# Wraps around the pinentry command, from the GnuPG project, as it
# provides better security and conveniently use the right toolkit.
2013-05-28 09:57:58 +00:00
ask_password() {
2011-02-20 13:59:30 +00:00
2014-11-25 01:37:05 +00:00
local description="$1"
local title="${2:-Enter tomb password.}"
2014-11-26 16:24:11 +00:00
local output
local password
local gtkrc
local theme
2014-11-25 01:37:05 +00:00
2014-11-26 16:44:23 +00:00
# Distributions have broken wrappers for pinentry: they do
# implement fallback, but they disrupt the output somehow. We are
# better off relying on less intermediaries, so we implement our
# own fallback mechanisms. Pinentry supported: curses, gtk-2, qt4
# and x11.
2015-01-29 17:11:25 +00:00
# make sure LANG is set, default to C
LANG=${LANG:-C}
2015-07-04 09:28:37 +00:00
_verbose "asking password with tty=$TTY lc-ctype=$LANG"
2014-11-26 16:44:23 +00:00
if [[ "$DISPLAY" = "" ]]; then
if _is_found "pinentry-curses"; then
2015-07-04 09:28:37 +00:00
_verbose "using pinentry-curses"
2014-11-26 16:44:23 +00:00
output=`cat <<EOF | pinentry-curses
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
SETTITLE $title
SETDESC $description
SETPROMPT Password:
GETPIN
EOF`
else
_failure "Cannot find pinentry-curses and no DISPLAY detected."
fi
else # a DISPLAY is found to be active
# customized gtk2 dialog with a skull (if extras are installed)
if _is_found "pinentry-gtk-2"; then
2015-07-04 09:28:37 +00:00
_verbose "using pinentry-gtk2"
2014-11-26 16:44:23 +00:00
2015-01-13 09:42:38 +00:00
gtkrc=""
2015-02-18 04:01:46 +00:00
theme=/share/themes/tomb/gtk-2.0-key/gtkrc
for i in /usr/local /usr; do
[[ -r $i/$theme ]] && {
gtkrc="$i/$theme"
break
}
done
2015-01-13 09:42:38 +00:00
[[ "$gtkrc" = "" ]] || {
gtkrc_old="$GTK2_RC_FILES"
export GTK2_RC_FILES="$gtkrc"
}
output=`cat <<EOF | pinentry-gtk-2
2014-11-26 16:44:23 +00:00
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
SETTITLE $title
SETDESC $description
SETPROMPT Password:
GETPIN
EOF`
2015-01-13 09:42:38 +00:00
[[ "$gtkrc" = "" ]] || export GTK2_RC_FILES="$gtkrc_old"
2014-11-26 16:44:23 +00:00
# TODO QT4 customization of dialog
elif _is_found "pinentry-qt4"; then
2015-07-04 09:28:37 +00:00
_verbose "using pinentry-qt4"
2014-11-25 01:37:05 +00:00
2014-11-26 16:44:23 +00:00
output=`cat <<EOF | pinentry-qt4
2011-04-13 14:56:57 +00:00
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
2011-11-03 14:13:49 +00:00
SETTITLE $title
2014-11-03 00:55:19 +00:00
SETDESC $description
2011-02-14 09:24:31 +00:00
SETPROMPT Password:
GETPIN
2012-09-05 15:47:00 +00:00
EOF`
2014-11-26 16:44:23 +00:00
# TODO X11 customization of dialog
elif _is_found "pinentry-x11"; then
2015-07-04 09:28:37 +00:00
_verbose "using pinentry-x11"
2014-11-26 16:44:23 +00:00
output=`cat <<EOF | pinentry-x11
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
SETTITLE $title
SETDESC $description
SETPROMPT Password:
GETPIN
EOF`
else
if _is_found "pinentry-curses"; then
2015-07-04 09:28:37 +00:00
_verbose "using pinentry-curses"
2014-11-26 16:44:23 +00:00
_warning "Detected DISPLAY, but only pinentry-curses is found."
output=`cat <<EOF | pinentry-curses
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
SETTITLE $title
SETDESC $description
SETPROMPT Password:
GETPIN
EOF`
else
_failure "Cannot find any pinentry: impossible to ask for password."
fi
fi
fi # end of DISPLAY block
2014-11-25 01:37:05 +00:00
# parse the pinentry output
2014-11-26 16:24:11 +00:00
for i in ${(f)output}; do
2014-11-25 01:37:05 +00:00
[[ "$i" =~ "^ERR.*" ]] && {
2014-11-25 21:51:33 +00:00
_warning "Pinentry error: ::1 error::" ${i[(w)3]}
2014-11-25 01:37:05 +00:00
print "canceled"
2017-01-02 05:13:52 +00:00
return 1
}
2014-11-03 00:55:19 +00:00
2014-11-25 01:37:05 +00:00
# here the password is found
2017-01-02 05:03:29 +00:00
[[ "$i" =~ "^D .*" ]] && password="${i##D }";
2014-11-25 01:37:05 +00:00
done
2014-11-03 00:55:19 +00:00
2014-11-26 16:44:23 +00:00
[[ "$password" = "" ]] && {
2014-11-25 01:37:05 +00:00
_warning "Empty password"
print "empty"
2017-01-02 05:13:52 +00:00
return 1
}
2013-05-28 09:57:58 +00:00
2014-11-26 16:24:11 +00:00
print "$password"
2014-11-25 01:37:05 +00:00
return 0
2011-02-03 16:11:08 +00:00
}
2013-05-28 09:57:58 +00:00
2014-10-23 05:10:24 +00:00
# Check if a filename is a valid tomb
2013-06-19 18:20:17 +00:00
is_valid_tomb() {
2014-08-29 10:31:23 +00:00
_verbose "is_valid_tomb ::1 tomb file::" $1
2014-10-28 18:46:36 +00:00
# First argument must be the path to a tomb
[[ -z "$1" ]] && {
_failure "Tomb file is missing from arguments." }
2015-01-17 01:14:38 +00:00
_fail=0
2015-09-20 21:32:00 +00:00
# Tomb file must be a readable, writable, non-empty regular file.
2017-02-13 01:27:40 +00:00
# If passed the "ro" mount option, the writable check is skipped.
[[ ! -w "$1" ]] && [[ $(option_value -o) != *"ro"* ]] && {
2015-01-17 01:14:38 +00:00
_warning "Tomb file is not writable: ::1 tomb file::" $1
_fail=1
}
2016-12-26 19:40:23 +00:00
_verbose "tomb file is readable"
2014-10-28 18:46:36 +00:00
[[ ! -f "$1" ]] && {
2015-01-17 01:14:38 +00:00
_warning "Tomb file is not a regular file: ::1 tomb file::" $1
_fail=1
}
2016-12-26 19:40:23 +00:00
_verbose "tomb file is a regular file"
2014-10-28 18:46:36 +00:00
[[ ! -s "$1" ]] && {
2015-01-17 01:14:38 +00:00
_warning "Tomb file is empty (zero length): ::1 tomb file::" $1
_fail=1
}
2016-12-26 19:40:23 +00:00
_verbose "tomb file is not empty"
2015-01-17 01:14:38 +00:00
2017-01-02 10:04:08 +00:00
# no more checking on the uid
# _uid="`zstat +uid $1`"
# [[ "$_uid" = "$UID" ]] || {
# _user="`zstat -s +uid $1`"
# _warning "Tomb file is owned by another user: ::1 tomb owner::" $_user
# }
# _verbose "tomb is not owned by another user"
2016-12-26 19:40:23 +00:00
2015-01-17 01:14:38 +00:00
[[ $_fail = 1 ]] && {
_failure "Tomb command failed: ::1 command name::" $subcommand
}
2014-10-28 18:46:36 +00:00
# TODO: split the rest of that function out.
# We already have a valid tomb, now we're checking
# whether we can alter it.
# Tomb file may be a LUKS FS (or we are creating it)
2014-11-15 01:36:31 +00:00
[[ "`file $1`" =~ "luks encrypted file" ]] || {
2014-10-28 18:46:36 +00:00
_warning "File is not yet a tomb: ::1 tomb file::" $1 }
2014-08-25 19:01:50 +00:00
2014-10-23 05:10:24 +00:00
_plot $1 # Set TOMB{PATH,DIR,FILE,NAME}
2015-09-20 21:32:00 +00:00
# Tomb already mounted (or we cannot alter it)
2016-12-26 19:40:23 +00:00
[[ "`mount -l |
awk -vtomb="[$TOMBNAME]" '
/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`" = "" ]] || {
2014-11-15 01:36:31 +00:00
_failure "Tomb is currently in use: ::1 tomb name::" $TOMBNAME
}
2016-12-26 19:40:23 +00:00
_verbose "tomb file is not currently in use"
2014-10-28 18:46:36 +00:00
2014-10-23 05:10:24 +00:00
_message "Valid tomb file found: ::1 tomb path::" $TOMBPATH
2014-10-28 18:46:36 +00:00
2013-06-19 18:20:17 +00:00
return 0
}
2014-02-19 11:08:26 +00:00
2014-08-25 19:01:50 +00:00
# $1 is the tomb file to be lomounted
lo_mount() {
tpath="$1"
2014-08-27 10:28:15 +00:00
# check if we have support for loop mounting
2015-02-08 17:33:10 +00:00
_nstloop=`_sudo losetup -f`
2014-08-25 19:01:50 +00:00
[[ $? = 0 ]] || {
2014-08-27 10:28:15 +00:00
_warning "Loop mount of volumes is not possible on this machine, this error"
_warning "often occurs on VPS and kernels that don't provide the loop module."
_warning "It is impossible to use Tomb on this machine at this conditions."
_failure "Operation aborted."
}
2014-08-25 19:01:50 +00:00
2015-02-08 17:33:10 +00:00
_sudo losetup -f "$tpath" # allocates the next loopback for our file
2014-08-25 19:01:50 +00:00
2014-10-23 06:53:28 +00:00
TOMBLOOPDEVS+=("$_nstloop") # add to array of lodevs used
2014-08-25 19:01:50 +00:00
return 0
}
# print out latest loopback mounted
2014-10-23 06:53:28 +00:00
lo_new() { print - "${TOMBLOOPDEVS[${#TOMBLOOPDEVS}]}" }
2014-08-25 19:01:50 +00:00
# $1 is the path to the lodev to be preserved after quit
lo_preserve() {
2014-08-29 10:31:23 +00:00
_verbose "lo_preserve on ::1 path::" $1
2014-08-25 19:01:50 +00:00
# remove the lodev from the tomb_lodevs array
2014-10-23 06:53:28 +00:00
TOMBLOOPDEVS=("${(@)TOMBLOOPDEVS:#$1}")
2014-08-25 19:01:50 +00:00
}
2014-08-25 21:32:32 +00:00
# eventually used for debugging
2014-08-25 19:01:50 +00:00
dump_secrets() {
2014-11-14 17:42:11 +00:00
print "TOMBPATH: $TOMBPATH"
print "TOMBNAME: $TOMBNAME"
2014-10-24 01:48:05 +00:00
2014-11-14 17:42:11 +00:00
print "TOMBKEY len: ${#TOMBKEY}"
print "TOMBKEYFILE: $TOMBKEYFILE"
print "TOMBSECRET len: ${#TOMBSECRET}"
print "TOMBPASSWORD: $TOMBPASSWORD"
2014-08-29 10:31:23 +00:00
2014-11-14 17:42:11 +00:00
print "TOMBTMPFILES: ${(@)TOMBTMPFILES}"
print "TOMBLOOPDEVS: ${(@)TOMBLOOPDEVS}"
2014-08-25 19:01:50 +00:00
}
2014-10-28 18:46:36 +00:00
2011-12-01 17:53:12 +00:00
# }}}
2011-10-31 23:36:14 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Commandline interaction
2013-05-28 10:58:05 +00:00
2011-03-31 17:42:05 +00:00
usage() {
2014-11-23 17:25:42 +00:00
_print "Syntax: tomb [options] command [arguments]"
_print "\000"
_print "Commands:"
_print "\000"
_print " // Creation:"
2015-11-07 13:20:43 +00:00
_print " dig create a new empty TOMB file of size -s in MiB"
2014-11-23 17:25:42 +00:00
_print " forge create a new KEY file and set its password"
_print " lock installs a lock on a TOMB to use it with KEY"
_print "\000"
_print " // Operations on tombs:"
2015-12-02 15:34:22 +00:00
_print " open open an existing TOMB (-k KEY file or - for stdin)"
2014-11-23 17:25:42 +00:00
_print " index update the search indexes of tombs"
_print " search looks for filenames matching text patterns"
_print " list list of open TOMBs and information on them"
_print " close close a specific TOMB (or 'all')"
_print " slam slam a TOMB killing all programs using it"
2014-10-21 16:33:59 +00:00
[[ $RESIZER == 1 ]] && {
2014-11-23 17:25:42 +00:00
_print " resize resize a TOMB to a new size -s (can only grow)"
2014-10-21 16:33:59 +00:00
}
2014-11-23 17:25:42 +00:00
_print "\000"
_print " // Operations on keys:"
_print " passwd change the password of a KEY (needs old pass)"
_print " setkey change the KEY locking a TOMB (needs old key and pass)"
_print "\000"
2014-10-21 16:33:59 +00:00
[[ $QRENCODE == 1 ]] && {
2014-11-23 17:25:42 +00:00
_print " // Backup on paper:"
_print " engrave makes a QR code of a KEY to be saved on paper"
2013-06-19 18:52:21 +00:00
}
2014-11-23 17:25:42 +00:00
_print "\000"
2014-10-21 16:33:59 +00:00
[[ $STEGHIDE == 1 ]] && {
2014-11-23 17:25:42 +00:00
_print " // Steganography:"
_print " bury hide a KEY inside a JPEG image (for use with -k)"
_print " exhume extract a KEY from a JPEG image (prints to stdout)"
2014-10-21 16:33:59 +00:00
}
2014-11-23 17:25:42 +00:00
_print "\000"
_print "Options:"
_print "\000"
2015-11-07 13:20:43 +00:00
_print " -s size of the tomb file when creating/resizing one (in MiB)"
2014-11-23 17:25:42 +00:00
_print " -k path to the key to be used ('-k -' to read from stdin)"
_print " -n don't process the hooks found in tomb"
2015-01-30 01:00:07 +00:00
_print " -o options passed to commands: open, lock, forge (see man)"
2014-11-23 17:25:42 +00:00
_print " -f force operation (i.e. even if swap is active)"
2017-02-09 18:57:34 +00:00
_print " -g use a GnuPG key to encrypt a tomb key"
_print " -r provide GnuPG recipients (separated by coma)"
2017-03-03 21:19:04 +00:00
_print " -R provide GnuPG hidden recipients (separated by coma)"
2014-10-21 16:33:59 +00:00
[[ $KDF == 1 ]] && {
2015-01-30 01:00:07 +00:00
_print " --kdf forge keys armored against dictionary attacks"
2013-06-12 11:33:54 +00:00
}
2013-06-12 16:15:55 +00:00
2014-11-23 17:25:42 +00:00
_print "\000"
_print " -h print this help"
_print " -v print version, license and list of available ciphers"
_print " -q run quietly without printing informations"
_print " -D print debugging information at runtime"
_print "\000"
_print "For more informations on Tomb read the manual: man tomb"
_print "Please report bugs on <http://github.com/dyne/tomb/issues>."
2011-03-31 17:42:05 +00:00
}
2011-05-09 11:26:36 +00:00
2014-10-24 03:03:48 +00:00
# Check whether a commandline option is set.
#
# Synopsis: option_is_set -flag [out]
#
# First argument is the commandline flag (e.g., "-s").
# If the second argument is present and set to 'out', print out the
# result: either 'set' or 'unset' (useful for if conditions).
#
# Return 0 if is set, 1 otherwise
2013-05-28 09:57:58 +00:00
option_is_set() {
2014-10-24 03:03:48 +00:00
local -i r # the return code (0 = set, 1 = unset)
2014-10-22 21:52:01 +00:00
[[ -n ${(k)OPTS[$1]} ]];
2013-05-28 09:57:58 +00:00
r=$?
2014-10-24 03:03:48 +00:00
[[ $2 == "out" ]] && {
2014-11-15 01:36:31 +00:00
[[ $r == 0 ]] && { print 'set' } || { print 'unset' }
2014-10-24 03:03:48 +00:00
}
2013-05-28 09:57:58 +00:00
return $r;
}
2011-05-09 11:26:36 +00:00
2014-10-24 03:03:48 +00:00
# Print the option value matching the given flag
# Unique argument is the commandline flag (e.g., "-s").
2013-05-28 09:57:58 +00:00
option_value() {
2014-10-22 21:52:01 +00:00
print -n - "${OPTS[$1]}"
2013-05-28 09:57:58 +00:00
}
2011-05-09 11:26:36 +00:00
2013-05-28 09:57:58 +00:00
# Messaging function with pretty coloring
function _msg() {
2014-11-15 02:14:03 +00:00
local msg="$2"
2014-11-16 12:11:42 +00:00
command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$2")"
2014-09-09 11:15:31 +00:00
for i in $(seq 3 ${#});
do
msg=${(S)msg//::$(($i - 2))*::/$*[$i]}
done
2013-05-28 09:57:58 +00:00
local command="print -P"
local progname="$fg[magenta]${TOMBEXEC##*/}$reset_color"
2014-08-11 20:56:26 +00:00
local message="$fg_bold[normal]$fg_no_bold[normal]$msg$reset_color"
2013-05-28 09:57:58 +00:00
local -i returncode
2011-05-09 11:26:36 +00:00
2013-05-28 09:57:58 +00:00
case "$1" in
2014-07-13 15:35:28 +00:00
inline)
command+=" -n"; pchars=" > "; pcolor="yellow"
;;
message)
2014-08-11 20:56:26 +00:00
pchars=" . "; pcolor="white"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
;;
verbose)
pchars="[D]"; pcolor="blue"
;;
success)
2014-08-11 20:56:26 +00:00
pchars="(*)"; pcolor="green"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
;;
warning)
2014-08-11 20:56:26 +00:00
pchars="[W]"; pcolor="yellow"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
;;
failure)
2014-08-11 20:56:26 +00:00
pchars="[E]"; pcolor="red"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
returncode=1
;;
2014-09-13 14:55:03 +00:00
print)
progname=""
;;
2014-07-13 15:35:28 +00:00
*)
pchars="[F]"; pcolor="red"
message="Developer oops! Usage: _msg MESSAGE_TYPE \"MESSAGE_CONTENT\""
returncode=127
;;
2013-05-28 09:57:58 +00:00
esac
${=command} "${progname} $fg_bold[$pcolor]$pchars$reset_color ${message}$color[reset_color]" >&2
return $returncode
}
2011-05-09 11:26:36 +00:00
2017-01-02 05:03:29 +00:00
function _message() {
2013-05-28 09:57:58 +00:00
local notice="message"
[[ "$1" = "-n" ]] && shift && notice="inline"
2014-09-09 11:15:31 +00:00
option_is_set -q || _msg "$notice" $@
2013-05-28 09:57:58 +00:00
return 0
}
2011-12-01 19:04:56 +00:00
2017-01-02 05:03:29 +00:00
function _verbose() {
2014-09-09 11:15:31 +00:00
option_is_set -D && _msg verbose $@
2013-05-28 09:57:58 +00:00
return 0
}
2011-12-01 19:04:56 +00:00
2017-01-02 05:03:29 +00:00
function _success() {
2014-09-09 11:15:31 +00:00
option_is_set -q || _msg success $@
2013-05-28 09:57:58 +00:00
return 0
}
2011-12-01 19:04:56 +00:00
2017-01-02 05:03:29 +00:00
function _warning() {
2014-09-09 11:15:31 +00:00
option_is_set -q || _msg warning $@
2013-05-28 09:57:58 +00:00
return 1
}
2011-12-01 19:04:56 +00:00
2017-01-02 05:03:29 +00:00
function _failure() {
2014-08-30 15:33:29 +00:00
typeset -i exitcode=${exitv:-1}
2014-09-09 11:15:31 +00:00
option_is_set -q || _msg failure $@
2014-08-06 05:43:25 +00:00
# be sure we forget the secrets we were told
2013-05-28 09:57:58 +00:00
exit $exitcode
2011-05-09 11:26:36 +00:00
}
2011-12-01 17:53:12 +00:00
2014-09-13 14:55:03 +00:00
function _print() {
option_is_set -q || _msg print $@
return 0
}
2014-11-16 10:34:35 +00:00
_list_optional_tools() {
typeset -a _deps
2014-11-25 01:37:05 +00:00
_deps=(gettext dcfldd wipe steghide)
2014-11-16 10:34:35 +00:00
_deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv)
for d in $_deps; do
2014-11-23 17:25:42 +00:00
_print "`which $d`"
2014-11-16 10:34:35 +00:00
done
return 0
}
2014-10-24 01:48:05 +00:00
# Check program dependencies
#
# Tomb depends on system utilities that must be present, and other
# functionality that can be provided by various programs according to
# what's available on the system. If some required commands are
# missing, bail out.
2014-11-16 10:34:35 +00:00
_ensure_dependencies() {
2014-10-24 01:48:05 +00:00
# Check for required programs
2017-01-02 05:13:52 +00:00
for req in cryptsetup pinentry sudo gpg mkfs.ext4 e2fsck; do
2014-11-16 12:11:42 +00:00
command -v $req 1>/dev/null 2>/dev/null || {
2017-01-02 05:03:29 +00:00
_failure "Missing required dependency ::1 command::. Please install it." $req; }
2013-05-28 09:57:58 +00:00
done
2014-10-24 01:48:05 +00:00
# Ensure system binaries are available in the PATH
path+=(/sbin /usr/sbin) # zsh magic
2013-05-28 09:57:58 +00:00
2014-10-24 01:48:05 +00:00
# Which dd command to use
2014-11-16 12:11:42 +00:00
command -v dcfldd 1>/dev/null 2>/dev/null && DD=(dcfldd statusinterval=1)
2013-05-28 09:57:58 +00:00
2014-10-24 01:48:05 +00:00
# Which wipe command to use
2014-11-16 12:11:42 +00:00
command -v wipe 1>/dev/null 2>/dev/null && WIPE=(wipe -f -s)
2013-05-28 09:57:58 +00:00
2017-02-05 19:03:29 +00:00
# Check for lsof for slamming tombs
2017-02-07 02:30:25 +00:00
command -v lsof 1>/dev/null 2>/dev/null || LSOF=0
2014-10-24 01:48:05 +00:00
# Check for steghide
2014-11-16 12:11:42 +00:00
command -v steghide 1>/dev/null 2>/dev/null || STEGHIDE=0
2014-10-24 01:48:05 +00:00
# Check for resize
2014-11-25 01:37:05 +00:00
command -v resize2fs 1>/dev/null 2>/dev/null || RESIZER=0
2014-10-24 01:48:05 +00:00
# Check for KDF auxiliary tools
2014-11-16 12:11:42 +00:00
command -v tomb-kdb-pbkdf2 1>/dev/null 2>/dev/null || KDF=0
2014-10-24 01:48:05 +00:00
# Check for Swish-E file content indexer
2014-11-16 12:11:42 +00:00
command -v swish-e 1>/dev/null 2>/dev/null || SWISH=0
2014-10-24 01:48:05 +00:00
# Check for QREncode for paper backups of keys
2014-11-16 12:11:42 +00:00
command -v qrencode 1>/dev/null 2>/dev/null || QRENCODE=0
2013-05-28 09:57:58 +00:00
}
# }}} - Commandline interaction
# {{{ Key operations
2017-02-03 17:28:56 +00:00
# $@ is the list of all the recipient used to encrypt a tomb key
2017-01-31 15:11:50 +00:00
is_valid_recipients() {
2017-02-03 17:28:56 +00:00
typeset -a recipients
recipients=($@)
2017-01-31 15:11:50 +00:00
_verbose "is_valid_recipients"
2017-02-03 17:28:56 +00:00
# All the keys ID must be valid (the public keys must be present in the database)
for gpg_id in ${recipients[@]}; do
gpg --list-keys "$gpg_id" &> /dev/null
[[ $? != 0 ]] && {
2017-04-16 10:07:41 +00:00
_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
2017-02-03 17:28:56 +00:00
return 1
}
done
# At least one private key must be present
2017-02-09 19:18:02 +00:00
for gpg_id in ${recipients[@]}; do
2017-02-03 17:28:56 +00:00
gpg --list-secret-keys "$gpg_id" &> /dev/null
[[ $? = 0 ]] && {
return 0
}
done
return 1
}
# $@ is the list of all the recipient used to encrypt a tomb key
# Print the recipient arg to be used in gpg.
_recipients_arg() {
2017-02-09 20:59:10 +00:00
local arg="$1"; shift
2017-02-03 17:28:56 +00:00
typeset -a recipients
recipients=($@)
for gpg_id in ${recipients[@]}; do
2017-02-09 20:59:10 +00:00
print -R -n "$arg $gpg_id "
2017-02-03 17:28:56 +00:00
done
return 0
2017-01-31 15:11:50 +00:00
}
2017-02-03 17:55:06 +00:00
# $1 is a GPG key recipient
# Print the fingerprint of the GPG key
_fingerprint() {
local recipient="$1"
gpg --with-colons --fingerprint "$recipient" | grep fpr | head -1 | cut -d ':' -f 10 | sed 's/.\{4\}/& /g'
}
2014-08-25 22:54:41 +00:00
# $1 is the encrypted key contents we are checking
is_valid_key() {
2014-10-23 06:30:02 +00:00
local key="$1" # Unique argument is an encrypted key to test
2014-08-25 22:54:41 +00:00
_verbose "is_valid_key"
2014-10-23 06:30:02 +00:00
[[ -z $key ]] && key=$TOMBKEY
2014-11-21 21:25:43 +00:00
[[ "$key" = "cleartext" ]] && {
{ option_is_set --unsafe } || {
_warning "cleartext key from stdin selected: this is unsafe."
exitv=127 _failure "please use --unsafe if you really want to do this."
}
_warning "received key in cleartext from stdin (unsafe mode)"
return 0 }
2014-10-23 06:30:02 +00:00
[[ -z $key ]] && {
2014-11-23 17:25:42 +00:00
_warning "is_valid_key() called without an argument."
return 1
2014-10-23 06:30:02 +00:00
}
# If the key file is an image don't check file header
[[ -r $TOMBKEYFILE ]] \
2014-11-23 17:25:42 +00:00
&& [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \
2014-08-25 22:54:41 +00:00
&& {
2014-10-23 06:30:02 +00:00
_message "Key is an image, it might be valid."
2014-11-23 17:25:42 +00:00
return 0 }
2014-08-25 22:54:41 +00:00
2014-10-23 06:30:02 +00:00
[[ $key =~ "BEGIN PGP" ]] && {
_message "Key is valid."
2014-11-23 17:25:42 +00:00
return 0 }
2014-08-25 22:54:41 +00:00
return 1
}
# $1 is a string containing an encrypted key
2017-01-02 05:03:29 +00:00
recover_key() {
2014-11-25 02:25:27 +00:00
local key="${1}" # Unique argument is an encrypted key
2014-10-23 06:30:02 +00:00
2014-08-25 22:54:41 +00:00
_warning "Attempting key recovery."
2014-11-26 16:44:23 +00:00
2014-11-25 02:25:27 +00:00
_head="${key[(f)1]}" # take the first line
2014-08-25 22:54:41 +00:00
2014-10-23 06:30:02 +00:00
TOMBKEY="" # Reset global variable
2014-11-25 02:25:27 +00:00
[[ $_head =~ "^_KDF_" ]] && TOMBKEY+="$_head\n"
2014-10-23 06:30:02 +00:00
TOMBKEY+="-----BEGIN PGP MESSAGE-----\n"
TOMBKEY+="$key\n"
TOMBKEY+="-----END PGP MESSAGE-----\n"
2014-08-25 22:54:41 +00:00
return 0
}
2014-10-23 06:30:02 +00:00
# Retrieve the tomb key from the file specified from the command line,
# or from stdin if -k - was selected. Run validity checks on the
# file. On success, return 0 and print out the full path of the key.
# Set global variables TOMBKEY and TOMBKEYFILE.
2014-11-04 04:04:18 +00:00
_load_key() {
local keyfile="$1" # Unique argument is an optional keyfile
2014-10-23 06:30:02 +00:00
[[ -z $keyfile ]] && keyfile=$(option_value -k)
[[ -z $keyfile ]] && {
2014-08-27 10:28:15 +00:00
_failure "This operation requires a key file to be specified using the -k option." }
2014-08-05 15:05:49 +00:00
2017-04-05 13:52:47 +00:00
if [[ $keyfile == "-" ]]; then
2014-08-05 15:05:49 +00:00
_verbose "load_key reading from stdin."
2014-08-25 19:01:50 +00:00
_message "Waiting for the key to be piped from stdin... "
2014-10-23 06:30:02 +00:00
TOMBKEYFILE=stdin
TOMBKEY=$(cat)
2014-11-21 21:25:43 +00:00
elif [[ $keyfile == "cleartext" ]]; then
_verbose "load_key reading SECRET from stdin"
_message "Waiting for the key to be piped from stdin... "
TOMBKEYFILE=cleartext
TOMBKEY=cleartext
TOMBSECRET=$(cat)
else
2014-10-23 06:30:02 +00:00
_verbose "load_key argument: ::1 key file::" $keyfile
2014-11-23 17:25:42 +00:00
[[ -r $keyfile ]] || _failure "Key not found, specify one using -k."
2014-10-23 06:30:02 +00:00
TOMBKEYFILE=$keyfile
2014-11-15 01:36:31 +00:00
TOMBKEY="${mapfile[$TOMBKEYFILE]}"
2014-11-21 21:25:43 +00:00
fi
2013-06-11 21:37:20 +00:00
2014-10-23 06:30:02 +00:00
_verbose "load_key: ::1 key::" $TOMBKEYFILE
2014-11-21 21:32:38 +00:00
2015-01-27 16:31:09 +00:00
[[ "$TOMBKEY" = "" ]] && {
# something went wrong, there is no key to load
# this occurs especially when piping from stdin and aborted
_failure "Key not found, specify one using -k."
}
2014-10-23 06:30:02 +00:00
is_valid_key $TOMBKEY || {
2014-08-25 22:54:41 +00:00
_warning "The key seems invalid or its format is not known by this version of Tomb."
2017-01-02 05:03:29 +00:00
recover_key $TOMBKEY
2014-08-05 15:05:49 +00:00
}
2014-11-21 21:32:38 +00:00
2014-10-23 06:30:02 +00:00
# Declared TOMBKEYFILE (path)
# Declared TOMBKEY (contents)
2013-05-28 09:57:58 +00:00
return 0
}
2014-08-05 15:05:49 +00:00
# takes two args just like get_lukskey
# prints out the decrypted content
# contains tweaks for different gpg versions
2017-02-03 18:53:31 +00:00
# support both symmetric and asymmetric encryption
2014-08-05 15:05:49 +00:00
gpg_decrypt() {
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
2014-10-28 12:46:23 +00:00
local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}')
local gpgpass="$1\n$TOMBKEY"
2017-02-02 23:24:45 +00:00
local tmpres ret
typeset -a gpgopt
2017-04-03 12:24:25 +00:00
gpgpopt=(--batch --no-tty --passphrase-fd 0 --no-options)
2017-02-02 23:24:45 +00:00
2017-02-09 18:57:34 +00:00
{ option_is_set -g } && {
2017-02-02 23:24:45 +00:00
gpgpass="$TOMBKEY"
2017-03-20 19:07:04 +00:00
gpgpopt=(--yes)
2017-02-09 20:59:10 +00:00
# GPG option '--try-secret-key' exist since GPG 2.1
2017-03-03 21:19:04 +00:00
{ option_is_set -R } && [[ $gpgver =~ "2.1." ]] && {
2017-02-09 20:59:10 +00:00
typeset -a recipients
2017-03-03 21:19:04 +00:00
recipients=(${(s:,:)$(option_value -R)})
{ is_valid_recipients $recipients } || {
2017-02-09 20:59:10 +00:00
_failure "You set an invalid GPG ID."
}
2017-03-20 19:07:04 +00:00
gpgpopt+=(`_recipients_arg "--try-secret-key" $recipients`)
2017-02-09 20:59:10 +00:00
}
2017-02-02 23:24:45 +00:00
}
2014-10-28 12:46:23 +00:00
[[ $gpgver == "1.4.11" ]] && {
2014-08-05 15:05:49 +00:00
_verbose "GnuPG is version 1.4.11 - adopting status fix."
2014-10-23 06:44:45 +00:00
TOMBSECRET=`print - "$gpgpass" | \
2017-04-03 12:24:25 +00:00
gpg --decrypt ${gpgpopt[@]}`
2014-08-05 15:05:49 +00:00
ret=$?
2014-08-25 21:32:32 +00:00
unset gpgpass
2016-12-26 11:12:34 +00:00
return $ret
}
2014-08-05 15:05:49 +00:00
2016-12-26 11:12:34 +00:00
_tmp_create
tmpres=$TOMBTMP
2016-12-26 18:04:54 +00:00
TOMBSECRET=`print - "$gpgpass" | \
2017-04-03 12:24:25 +00:00
gpg --decrypt ${gpgpopt[@]} \
2014-08-05 15:05:49 +00:00
--status-fd 2 --no-mdc-warning --no-permission-warning \
2016-12-26 18:04:54 +00:00
--no-secmem-warning 2> $tmpres`
2016-12-26 11:12:34 +00:00
unset gpgpass
ret=1
for i in ${(f)"$(cat $tmpres)"}; do
_verbose "$i"
2017-01-02 05:03:29 +00:00
[[ "$i" =~ "DECRYPTION_OKAY" ]] && ret=0;
2016-12-26 11:12:34 +00:00
done
2014-08-05 15:05:49 +00:00
return $ret
}
2014-08-06 09:21:08 +00:00
# Gets a key file and a password, prints out the decoded contents to
# be used directly by Luks as a cryptographic key
get_lukskey() {
2014-11-23 17:25:42 +00:00
# $1 is the password
2014-08-25 19:01:50 +00:00
_verbose "get_lukskey"
_password="$1"
2014-08-06 09:21:08 +00:00
2014-11-25 02:25:27 +00:00
firstline="${TOMBKEY[(f)1]}"
2014-08-06 09:21:08 +00:00
# key is KDF encoded
if [[ $firstline =~ '^_KDF_' ]]; then
2014-11-25 02:25:27 +00:00
kdf_hash="${firstline[(ws:_:)2]}"
_verbose "KDF: ::1 kdf::" "$kdf_hash"
case "$kdf_hash" in
"pbkdf2sha1")
kdf_salt="${firstline[(ws:_:)3]}"
kdf_ic="${firstline[(ws:_:)4]}"
kdf_len="${firstline[(ws:_:)5]}"
2017-01-02 22:08:57 +00:00
_message "Unlocking KDF key protection (::1 kdf::)" $kdf_hash
2014-11-25 02:25:27 +00:00
_verbose "KDF salt: $kdf_salt"
_verbose "KDF ic: $kdf_ic"
_verbose "KDF len: $kdf_len"
_password=$(tomb-kdb-pbkdf2 $kdf_salt $kdf_ic $kdf_len 2>/dev/null <<<$_password)
2014-08-06 09:21:08 +00:00
;;
*)
2014-11-25 02:25:27 +00:00
_failure "No suitable program for KDF ::1 program::." $pbkdf_hash
2014-08-25 19:01:50 +00:00
unset _password
2014-08-06 09:21:08 +00:00
return 1
;;
esac
2014-11-23 17:25:42 +00:00
# key needs to be exhumed from an image
2014-10-23 06:30:02 +00:00
elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then
2017-02-09 18:57:34 +00:00
if option_is_set -g; then
2017-01-31 23:10:39 +00:00
# When using a GPG key, the tomb key is buried using a steganography password
if option_is_set --tomb-pwd; then
_password="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $_password
else
_password=$(ask_password "Insert password to exhume key from $imagefile")
[[ $? != 0 ]] && {
_warning "User aborted password dialog."
return 1
}
fi
exhume_key $TOMBKEYFILE "$_password"
2017-01-31 15:49:39 +00:00
unset _password
2017-01-31 23:10:39 +00:00
else
exhume_key $TOMBKEYFILE "$_password"
2017-01-31 15:49:39 +00:00
fi
2014-08-25 22:54:41 +00:00
fi
2014-08-06 09:21:08 +00:00
2014-10-23 06:44:45 +00:00
gpg_decrypt "$_password" # Save decrypted contents into $TOMBSECRET
2014-08-06 09:21:08 +00:00
2014-08-25 19:01:50 +00:00
ret="$?"
2014-08-06 09:21:08 +00:00
2014-08-29 10:31:23 +00:00
_verbose "get_lukskey returns ::1::" $ret
2014-08-06 09:21:08 +00:00
return $ret
}
2013-05-28 09:57:58 +00:00
# This function asks the user for the password to use the key it tests
2014-08-25 21:32:32 +00:00
# it against the return code of gpg on success returns 0 and saves
2014-10-23 06:44:45 +00:00
# the password in the global variable $TOMBPASSWORD
2013-05-28 09:57:58 +00:00
ask_key_password() {
2014-11-25 01:37:05 +00:00
[[ -z "$TOMBKEYFILE" ]] && {
2014-11-04 04:04:18 +00:00
_failure "Internal error: ask_key_password() called before _load_key()." }
2014-08-25 21:32:32 +00:00
2014-11-21 21:25:43 +00:00
[[ "$TOMBKEYFILE" = "cleartext" ]] && {
_verbose "no password needed, using secret bytes from stdin"
return 0 }
2017-02-09 18:57:34 +00:00
if option_is_set -g; then
2017-01-30 21:01:27 +00:00
_verbose "no password needed, using GPG key"
get_lukskey
return $?
fi
2014-10-23 06:30:02 +00:00
_message "A password is required to use key ::1 key::" $TOMBKEYFILE
2014-08-25 19:01:50 +00:00
passok=0
tombpass=""
2014-08-25 21:32:32 +00:00
if [[ "$1" = "" ]]; then
2014-11-25 01:37:05 +00:00
2014-07-13 15:35:28 +00:00
for c in 1 2 3; do
2014-10-23 06:30:02 +00:00
if [[ $c == 1 ]]; then
2014-11-25 01:37:05 +00:00
tombpass=$(ask_password "Insert password to: $TOMBKEYFILE")
2014-07-13 15:35:28 +00:00
else
2014-11-25 01:37:05 +00:00
tombpass=$(ask_password "Insert password to: $TOMBKEYFILE (attempt $c)")
2014-07-13 15:35:28 +00:00
fi
2014-11-25 01:37:05 +00:00
[[ $? = 0 ]] || {
2014-07-13 15:35:28 +00:00
_warning "User aborted password dialog."
return 1
2014-11-25 01:37:05 +00:00
}
2014-07-13 15:35:28 +00:00
2014-08-25 19:01:50 +00:00
get_lukskey "$tombpass"
2014-07-13 15:35:28 +00:00
2014-11-25 01:37:05 +00:00
[[ $? = 0 ]] && {
2014-07-13 15:35:28 +00:00
passok=1; _message "Password OK."
break;
2014-11-25 01:37:05 +00:00
}
2014-07-13 15:35:28 +00:00
done
2014-06-08 17:33:35 +00:00
else
2014-07-13 15:35:28 +00:00
# if a second argument is present then the password is already known
2014-08-25 21:32:32 +00:00
tombpass="$1"
2014-08-29 10:31:23 +00:00
_verbose "ask_key_password with tombpass: ::1 tomb pass::" $tombpass
2014-07-13 14:51:13 +00:00
2014-08-25 21:32:32 +00:00
get_lukskey "$tombpass"
2014-07-13 14:51:13 +00:00
2014-11-25 01:37:05 +00:00
[[ $? = 0 ]] && {
passok=1; _message "Password OK."
}
2014-07-13 14:51:13 +00:00
2013-05-28 09:57:58 +00:00
fi
2014-10-23 06:30:02 +00:00
[[ $passok == 1 ]] || return 1
2014-08-25 19:01:50 +00:00
2014-10-23 06:30:02 +00:00
TOMBPASSWORD=$tombpass
2013-05-28 09:57:58 +00:00
return 0
}
2014-11-20 08:59:11 +00:00
# call cryptsetup with arguments using the currently known secret
# echo flags eliminate newline and disable escape (BSD_ECHO)
_cryptsetup() {
2017-02-05 19:29:22 +00:00
print -R -n - "$TOMBSECRET" | _sudo cryptsetup --key-file - ${@}
2014-11-20 08:59:11 +00:00
return $?
}
2013-05-28 09:57:58 +00:00
# change tomb key password
change_passwd() {
2014-10-28 12:46:23 +00:00
local tmpnewkey lukskey c tombpass tombpasstmp
2013-05-28 09:57:58 +00:00
2014-11-04 04:04:18 +00:00
_check_swap # Ensure swap is secure, if any
_load_key # Try loading key from option -k and set TOMBKEYFILE
2013-05-28 09:57:58 +00:00
2017-02-09 18:57:34 +00:00
{ option_is_set -g } && {
2017-02-03 18:33:28 +00:00
_message "Commanded to change GnuPG key for tomb key ::1 key::" $TOMBKEYFILE
} || {
_message "Commanded to change password for tomb key ::1 key::" $TOMBKEYFILE
}
2014-10-09 22:05:00 +00:00
2014-11-14 17:42:11 +00:00
_tmp_create
tmpnewkey=$TOMBTMP
2013-05-28 09:57:58 +00:00
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-old-pwd; then
2014-10-28 12:46:23 +00:00
local tomboldpwd="`option_value --tomb-old-pwd`"
_verbose "tomb-old-pwd = ::1 old pass::" $tomboldpwd
ask_key_password "$tomboldpwd"
2014-06-08 17:33:35 +00:00
else
2014-08-25 21:32:32 +00:00
ask_key_password
2014-06-08 17:33:35 +00:00
fi
2014-10-28 12:46:23 +00:00
[[ $? == 0 ]] || _failure "No valid password supplied."
2013-05-28 09:57:58 +00:00
2017-02-09 18:57:34 +00:00
{ option_is_set -g } && {
2017-02-03 18:33:28 +00:00
_success "Changing GnuPG key for ::1 key file::" $TOMBKEYFILE
} || {
_success "Changing password for ::1 key file::" $TOMBKEYFILE
}
2014-10-09 22:05:00 +00:00
2014-10-23 06:44:45 +00:00
# Here $TOMBSECRET contains the key material in clear
2014-07-13 14:51:13 +00:00
2014-10-28 12:46:23 +00:00
{ option_is_set --tomb-pwd } && {
local tombpwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 new pass::" $tombpwd
gen_key "$tombpwd" >> "$tmpnewkey"
} || {
2014-08-25 19:01:50 +00:00
gen_key >> "$tmpnewkey"
2014-10-28 12:46:23 +00:00
}
2014-07-13 14:51:13 +00:00
2014-11-15 01:36:31 +00:00
{ is_valid_key "${mapfile[$tmpnewkey]}" } || {
2014-10-28 12:46:23 +00:00
_failure "Error: the newly generated keyfile does not seem valid." }
# Copy the new key as the original keyfile name
cp -f "${tmpnewkey}" $TOMBKEYFILE
2017-02-09 18:57:34 +00:00
{ option_is_set -g } && {
2017-02-03 18:33:28 +00:00
_success "Your GnuPG key was successfully changed"
} || {
_success "Your passphrase was successfully updated."
}
2013-05-28 09:57:58 +00:00
2014-08-25 21:32:32 +00:00
return 0
2013-05-28 09:57:58 +00:00
}
# takes care to encrypt a key
2017-02-09 20:59:10 +00:00
# honored options: --kdf --tomb-pwd -o -g -r
2013-05-28 09:57:58 +00:00
gen_key() {
2015-09-20 21:32:00 +00:00
# $1 the password to use; if not set ask user
2014-11-23 17:25:42 +00:00
# -o is the --cipher-algo to use (string taken by GnuPG)
2014-06-08 17:33:35 +00:00
local algopt="`option_value -o`"
local algo="${algopt:-AES256}"
2017-02-02 23:24:45 +00:00
local gpgpass opt
2017-03-03 21:19:04 +00:00
local recipients_opt
2017-02-02 23:24:45 +00:00
typeset -a gpgopt
2013-05-28 09:57:58 +00:00
# here user is prompted for key password
2014-08-25 19:01:50 +00:00
tombpass=""
tombpasstmp=""
2017-02-09 18:57:34 +00:00
{ option_is_set -g } && {
2017-03-03 20:36:50 +00:00
gpgopt=(--encrypt)
2017-03-03 21:19:04 +00:00
{ option_is_set -r || option_is_set -R } && {
2017-03-03 20:36:50 +00:00
typeset -a recipients
2017-03-03 21:19:04 +00:00
{ option_is_set -r } && {
recipients=(${(s:,:)$(option_value -r)})
recipients_opt="--recipient"
} || {
recipients=(${(s:,:)$(option_value -R)})
recipients_opt="--hidden-recipient"
}
2017-03-03 20:36:50 +00:00
{ is_valid_recipients $recipients } || {
_failure "You set an invalid GPG ID."
}
2017-03-24 20:08:33 +00:00
2017-04-16 10:07:41 +00:00
_warning "You are going to encrypt a tomb key with ::1 nrecipients:: recipient(s)." ${#recipients}
2017-03-24 20:08:33 +00:00
_warning "It is your responsibility to check these fingerprints."
_warning "The fingerprints are:"
for gpg_id in ${recipients[@]}; do
_warning " `_fingerprint "$gpg_id"`"
done
2017-03-03 20:36:50 +00:00
2017-03-03 21:19:04 +00:00
gpgopt+=(`_recipients_arg "$recipients_opt" $recipients`)
2017-03-03 20:36:50 +00:00
} || {
_message "No recipient specified, using default GPG key."
gpgopt+=("--default-recipient-self")
2017-02-02 23:24:45 +00:00
}
# Set gpg inputs and options
gpgpass="$TOMBSECRET"
opt=''
} || {
2017-01-31 13:45:11 +00:00
if [ "$1" = "" ]; then
while true; do
# 3 tries to write two times a matching password
tombpass=`ask_password "Type the new password to secure your key"`
if [[ $? != 0 ]]; then
_failure "User aborted."
fi
if [ -z $tombpass ]; then
_failure "You set empty password, which is not possible."
fi
tombpasstmp=$tombpass
tombpass=`ask_password "Type the new password to secure your key (again)"`
if [[ $? != 0 ]]; then
_failure "User aborted."
fi
if [ "$tombpasstmp" = "$tombpass" ]; then
break;
fi
2014-07-13 15:35:28 +00:00
unset tombpasstmp
2017-01-31 13:45:11 +00:00
unset tombpass
done
else
tombpass="$1"
_verbose "gen_key takes tombpass from CLI argument: ::1 tomb pass::" $tombpass
fi
header=""
[[ $KDF == 1 ]] && {
{ option_is_set --kdf } && {
# KDF is a new key strenghtening technique against brute forcing
# see: https://github.com/dyne/Tomb/issues/82
itertime="`option_value --kdf`"
# removing support of floating points because they can't be type checked well
if [[ "$itertime" != <-> ]]; then
unset tombpass
unset tombpasstmp
_warning "Wrong argument for --kdf: must be an integer number (iteration seconds)."
_failure "Depending on the speed of machines using this tomb, use 1 to 10, or more"
return 1
fi
# --kdf takes one parameter: iter time (on present machine) in seconds
local -i microseconds
microseconds=$(( itertime * 1000000 ))
_success "Using KDF, iteration time: ::1 microseconds::" $microseconds
_message "generating salt"
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
_message "calculating iterations"
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
_message "encoding the password"
# We use a length of 64bytes = 512bits (more than needed!?)
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
}
2014-07-13 15:35:28 +00:00
}
2017-01-31 13:45:11 +00:00
print $header
2013-05-28 09:57:58 +00:00
2017-02-02 23:24:45 +00:00
# Set gpg inputs and options
gpgpass="${tombpass}\n$TOMBSECRET"
2017-04-03 12:24:25 +00:00
gpgopt=(--passphrase-fd 0 --symmetric --no-options)
2017-02-02 23:24:45 +00:00
opt='-n'
}
2016-12-26 19:19:01 +00:00
2017-02-02 23:24:45 +00:00
_tmp_create
local tmpres=$TOMBTMP
print $opt - "$gpgpass" \
2017-04-03 12:24:25 +00:00
| gpg --openpgp --force-mdc --cipher-algo ${algo} \
--batch --no-tty ${gpgopt[@]} \
2017-02-02 23:24:45 +00:00
--status-fd 2 -o - --armor 2> $tmpres
unset gpgpass
2016-12-26 19:19:01 +00:00
# check result of gpg operation
for i in ${(f)"$(cat $tmpres)"}; do
_verbose "$i"
done
2014-08-25 19:01:50 +00:00
# print -n "${tombpass}" \
# | gpg --openpgp --force-mdc --cipher-algo ${algo} \
# --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
# -o - -c -a ${lukskey}
2013-05-28 09:57:58 +00:00
2014-10-23 06:44:45 +00:00
TOMBPASSWORD="$tombpass" # Set global variable
2013-05-28 09:57:58 +00:00
unset tombpass
2013-06-20 10:46:20 +00:00
unset tombpasstmp
2013-05-28 09:57:58 +00:00
}
# prints an array of ciphers available in gnupg (to encrypt keys)
list_gnupg_ciphers() {
# prints an error if GnuPG is not found
2014-11-16 10:37:30 +00:00
which gpg 2>/dev/null || _failure "gpg (GnuPG) is not found, Tomb cannot function without it."
2013-05-28 09:57:58 +00:00
ciphers=(`gpg --version | awk '
BEGIN { ciphers=0 }
/^Cipher:/ { gsub(/,/,""); sub(/^Cipher:/,""); print; ciphers=1; next }
/^Hash:/ { ciphers=0 }
{ if(ciphers==0) { next } else { gsub(/,/,""); print; } }
'`)
2014-11-15 01:36:31 +00:00
print " ${ciphers}"
2013-05-28 09:57:58 +00:00
return 1
}
# Steganographic function to bury a key inside an image.
2013-06-12 11:33:54 +00:00
# Requires steghide(1) to be installed
2013-05-28 09:57:58 +00:00
bury_key() {
2014-11-04 04:04:18 +00:00
_load_key # Try loading key from option -k and set TOMBKEY
2013-06-12 11:33:54 +00:00
2014-10-09 22:05:00 +00:00
imagefile=$PARAM
2013-05-28 09:57:58 +00:00
2014-11-15 01:36:31 +00:00
[[ "`file $imagefile`" =~ "JPEG" ]] || {
_warning "Encode failed: ::1 image file:: is not a jpeg image." $imagefile
return 1
}
2014-07-13 14:51:13 +00:00
2014-10-23 06:30:02 +00:00
_success "Encoding key ::1 tomb key:: inside image ::2 image file::" $TOMBKEY $imagefile
2017-02-09 18:57:34 +00:00
{ option_is_set -g } && {
2017-02-03 18:33:28 +00:00
_message "Using GnuPG Key ID"
} || {
_message "Please confirm the key password for the encoding"
}
2017-01-31 15:49:39 +00:00
2014-08-05 15:05:49 +00:00
# We ask the password and test if it is the same encoding the
# base key, to insure that the same password is used for the
# encryption and the steganography. This is a standard enforced
2015-09-20 21:32:00 +00:00
# by Tomb, but it isn't strictly necessary (and having different
2014-08-05 15:05:49 +00:00
# password would enhance security). Nevertheless here we prefer
# usability.
2017-01-31 15:49:39 +00:00
# However, steganography cannot be done with GPG key. Therefore,
# if using a GPG key, we test if the user can decrypt the tomb
2017-01-31 16:23:29 +00:00
# with its key and we ask for a steganography password.
2014-06-08 17:33:35 +00:00
2017-02-09 18:57:34 +00:00
{ option_is_set --tomb-pwd } && { ! option_is_set -g } && {
2014-10-28 18:46:36 +00:00
local tombpwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $tombpwd
ask_key_password "$tombpwd"
} || {
2014-08-25 21:32:32 +00:00
ask_key_password
2013-06-12 11:33:54 +00:00
}
2014-10-28 18:46:36 +00:00
[[ $? != 0 ]] && {
2017-02-03 18:33:28 +00:00
_warning "Wrong password/GnuPG ID supplied."
2014-10-28 18:46:36 +00:00
_failure "You shall not bury a key whose password is unknown to you." }
2011-12-01 17:53:12 +00:00
2017-02-09 18:57:34 +00:00
if option_is_set -g && option_is_set --tomb-pwd; then
2017-01-31 16:23:29 +00:00
TOMBPASSWORD="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $TOMBPASSWORD
2017-02-09 18:57:34 +00:00
elif option_is_set -g; then
2017-01-31 15:49:39 +00:00
tombpass=""
tombpasstmp=""
while true; do
# 3 tries to write two times a matching password
tombpass=`ask_password "Type a password to bury your key"`
if [[ $? != 0 ]]; then
_failure "User aborted."
fi
if [ -z $tombpass ]; then
_failure "You set empty password, which is not possible."
fi
tombpasstmp=$tombpass
tombpass=`ask_password "Type a password to bury your key (again)"`
if [[ $? != 0 ]]; then
_failure "User aborted."
fi
if [ "$tombpasstmp" = "$tombpass" ]; then
break;
fi
unset tombpasstmp
unset tombpass
done
TOMBPASSWORD="$tombpass"
fi
2014-10-28 18:46:36 +00:00
# We omit armor strings since having them as constants can give
2013-06-12 11:33:54 +00:00
# ground to effective attacks on steganography
2014-10-23 06:30:02 +00:00
print - "$TOMBKEY" | awk '
2011-12-01 17:53:12 +00:00
/^-----/ {next}
/^Version/ {next}
2014-08-25 21:32:32 +00:00
{print $0}' \
2011-12-01 17:53:12 +00:00
| steghide embed --embedfile - --coverfile ${imagefile} \
2014-10-23 06:44:45 +00:00
-p $TOMBPASSWORD -z 9 -e serpent cbc
2011-12-01 17:53:12 +00:00
if [ $? != 0 ]; then
2014-11-23 17:25:42 +00:00
_warning "Encoding error: steghide reports problems."
res=1
2011-12-01 17:53:12 +00:00
else
2014-11-23 17:25:42 +00:00
_success "Tomb key encoded succesfully into image ::1 image file::" $imagefile
res=0
2011-12-01 17:53:12 +00:00
fi
return $res
}
2014-08-05 15:05:49 +00:00
# mandatory 1st arg: the image file where key is supposed to be
# optional 2nd arg: the password to use (same as key, internal use)
# optional 3rd arg: the key where to save the result (- for stdout)
2013-05-28 09:57:58 +00:00
exhume_key() {
2014-11-15 03:14:40 +00:00
[[ "$1" = "" ]] && {
_failure "Exhume failed, no image specified" }
2014-10-28 18:46:36 +00:00
local imagefile="$1" # The image file where to look for the key
local tombpass="$2" # (Optional) the password to use (internal use)
local destkey="$3" # (Optional) the key file where to save the
2014-11-23 17:25:42 +00:00
# result (- for stdout)
2014-10-28 18:46:36 +00:00
local r=1 # Return code (default: fail)
# Ensure the image file is a readable JPEG
[[ ! -r $imagefile ]] && {
2014-11-15 03:14:40 +00:00
_failure "Exhume failed, image file not found: ::1 image file::" "${imagefile:-none}" }
2014-10-28 18:46:36 +00:00
[[ ! $(file "$imagefile") =~ "JP.G" ]] && {
2014-08-30 15:33:29 +00:00
_failure "Exhume failed: ::1 image file:: is not a jpeg image." $imagefile }
2014-08-05 15:05:49 +00:00
2014-10-28 18:46:36 +00:00
# When a password is passed as argument then always print out
2014-08-05 15:05:49 +00:00
# the exhumed key on stdout without further checks (internal use)
2014-10-28 18:46:36 +00:00
[[ -n "$tombpass" ]] && {
TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -)
2014-11-23 17:25:42 +00:00
[[ $? != 0 ]] && {
2014-08-05 15:05:49 +00:00
_failure "Wrong password or no steganographic key found" }
2014-08-25 22:54:41 +00:00
2014-10-23 06:30:02 +00:00
recover_key $TOMBKEY
2014-10-28 18:46:36 +00:00
2014-08-25 22:54:41 +00:00
return 0
2014-08-05 15:05:49 +00:00
}
2011-12-01 17:53:12 +00:00
2014-10-28 18:46:36 +00:00
# Ensure we have a valid destination for the key
[[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k)
[[ -z $destkey ]] && {
2014-11-23 17:25:42 +00:00
destkey="-" # No key was specified: fallback to stdout
_message "printing exhumed key on stdout" }
2014-10-28 18:46:36 +00:00
# Bail out if destination exists, unless -f (force) was passed
[[ $destkey != "-" && -s $destkey ]] && {
2014-11-23 17:25:42 +00:00
_warning "File exists: ::1 tomb key::" $destkey
2014-10-28 18:46:36 +00:00
{ option_is_set -f } && {
2014-08-03 17:54:43 +00:00
_warning "Use of --force selected: overwriting."
2014-10-28 18:46:36 +00:00
rm -f $destkey
2014-11-23 17:25:42 +00:00
} || {
2014-10-28 18:46:36 +00:00
_warning "Make explicit use of --force to overwrite."
_failure "Refusing to overwrite file. Operation aborted." }
2014-08-03 17:54:43 +00:00
}
2013-05-28 09:57:58 +00:00
2014-08-29 10:07:33 +00:00
_message "Trying to exhume a key out of image ::1 image file::" $imagefile
2014-10-28 18:46:36 +00:00
{ option_is_set --tomb-pwd } && {
tombpass=$(option_value --tomb-pwd)
2014-08-29 10:31:23 +00:00
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass
2014-10-28 18:46:36 +00:00
} || {
2014-11-23 17:25:42 +00:00
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
2014-10-28 18:46:36 +00:00
} || {
2014-11-25 01:37:05 +00:00
tombpass=$(ask_password "Insert password to exhume key from $imagefile")
2014-10-28 18:46:36 +00:00
[[ $? != 0 ]] && {
2014-11-23 17:25:42 +00:00
_warning "User aborted password dialog."
2014-07-13 15:35:28 +00:00
return 1
2014-10-28 18:46:36 +00:00
}
}
2011-12-01 17:53:12 +00:00
2014-10-28 18:46:36 +00:00
# Extract the key from the image
steghide extract -sf $imagefile -p ${tombpass} -xf $destkey
r=$?
2013-06-12 16:15:55 +00:00
2014-10-28 18:46:36 +00:00
# Report to the user
[[ "$destkey" = "-" ]] && destkey="stdout"
[[ $r == 0 ]] && {
2014-08-29 09:26:26 +00:00
_success "Key succesfully exhumed to ::1 key::." $destkey
2014-10-28 18:46:36 +00:00
} || {
2014-08-29 09:33:56 +00:00
_warning "Nothing found in ::1 image file::" $imagefile
2014-10-28 18:46:36 +00:00
}
2011-12-01 17:53:12 +00:00
2014-10-28 18:46:36 +00:00
return $r
2011-12-01 17:53:12 +00:00
}
2012-01-17 16:28:40 +00:00
2015-09-20 21:32:00 +00:00
# Produces a printable image of the key contents so a backup on paper
# can be made and hidden in books etc.
2013-06-20 08:26:12 +00:00
engrave_key() {
2014-11-04 04:04:18 +00:00
_load_key # Try loading key from option -k and set TOMBKEYFILE
2014-10-28 18:46:36 +00:00
2014-10-23 06:30:02 +00:00
local keyname=$(basename $TOMBKEYFILE)
2014-10-28 18:46:36 +00:00
local pngname="$keyname.qr.png"
2013-06-19 18:52:21 +00:00
2014-10-23 06:30:02 +00:00
_success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE
2013-06-19 18:52:21 +00:00
# we omit armor strings to save space
2014-10-28 18:46:36 +00:00
awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \
2014-11-23 17:25:42 +00:00
| qrencode --size 4 --level H --casesensitive -o $pngname
2014-10-28 18:46:36 +00:00
[[ $? != 0 ]] && {
2014-11-23 17:25:42 +00:00
_failure "QREncode reported an error." }
2014-10-28 18:46:36 +00:00
2014-04-30 15:31:28 +00:00
_success "Operation successful:"
2014-10-28 18:46:36 +00:00
# TODO: only if verbose and/or not silent
2014-08-27 10:28:15 +00:00
ls -lh $pngname
file $pngname
2013-06-19 18:52:21 +00:00
}
2013-05-28 09:57:58 +00:00
# }}} - Key handling
2011-12-01 19:27:05 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Create
2011-12-01 19:04:56 +00:00
2014-10-23 05:10:24 +00:00
# Since version 1.5.3, tomb creation is a three-step process that replaces create_tomb():
2013-05-28 09:57:58 +00:00
#
2014-04-28 12:56:21 +00:00
# * dig a .tomb (the large file) using /dev/urandom (takes some minutes at least)
2013-05-28 09:57:58 +00:00
#
2014-04-28 12:56:21 +00:00
# * forge a .key (the small file) using /dev/random (good entropy needed)
2013-05-28 09:57:58 +00:00
#
# * lock the .tomb file with the key, binding the key to the tomb (requires dm_crypt format)
2014-10-23 05:10:24 +00:00
# Step one - Dig a tomb
#
2015-11-07 13:20:43 +00:00
# Synopsis: dig_tomb /path/to/tomb -s sizemebibytes
2014-10-23 05:10:24 +00:00
#
# It will create an empty file to be formatted as a loopback
# filesystem. Initially the file is filled with random data taken
# from /dev/urandom to improve overall tomb's security and prevent
# some attacks aiming at detecting how much data is in the tomb, or
# which blocks in the filesystem contain that data.
dig_tomb() {
local tombpath="$1" # Path to tomb
2015-11-25 16:55:54 +00:00
# Require the specification of the size of the tomb (-s) in MiB
2014-10-23 05:10:24 +00:00
local -i tombsize=$(option_value -s)
_message "Commanded to dig tomb ::1 tomb path::" $tombpath
[[ -n "$tombpath" ]] || _failure "Missing path to tomb"
[[ -n "$tombsize" ]] || _failure "Size argument missing, use -s"
2015-11-07 13:20:43 +00:00
[[ $tombsize == <-> ]] || _failure "Size must be an integer (mebibytes)"
[[ $tombsize -ge 10 ]] || _failure "Tombs can't be smaller than 10 mebibytes"
2014-10-23 05:10:24 +00:00
2014-11-14 18:27:57 +00:00
_plot $tombpath # Set TOMB{PATH,DIR,FILE,NAME}
2014-10-23 05:10:24 +00:00
[[ -e $TOMBPATH ]] && {
_warning "A tomb exists already. I'm not digging here:"
2014-11-23 15:26:00 +00:00
ls -lh $TOMBPATH
2014-10-23 05:10:24 +00:00
return 1
}
_success "Creating a new tomb in ::1 tomb path::" $TOMBPATH
_message "Generating ::1 tomb file:: of ::2 size::MiB" $TOMBFILE $tombsize
# Ensure that file permissions are safe even if interrupted
touch $TOMBPATH
2015-01-04 20:02:27 +00:00
[[ $? = 0 ]] || {
_warning "Error creating the tomb ::1 tomb path::" $TOMBPATH
_failure "Operation aborted."
}
2014-10-23 05:10:24 +00:00
chmod 0600 $TOMBPATH
_verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
${=DD} if=/dev/urandom bs=1048576 count=$tombsize of=$TOMBPATH
[[ $? == 0 && -e $TOMBPATH ]] && {
2014-11-23 15:26:00 +00:00
ls -lh $TOMBPATH
2014-10-23 05:10:24 +00:00
} || {
_warning "Error creating the tomb ::1 tomb path::" $TOMBPATH
_failure "Operation aborted."
}
_success "Done digging ::1 tomb name::" $TOMBNAME
_message "Your tomb is not yet ready, you need to forge a key and lock it:"
_message "tomb forge ::1 tomb path::.key" $TOMBPATH
_message "tomb lock ::1 tomb path:: -k ::1 tomb path::.key" $TOMBPATH
return 0
}
2014-12-26 23:54:51 +00:00
# Step two -- Create a detached key to lock a tomb with
#
2017-03-24 20:08:33 +00:00
# Synopsis: forge_key [destkey|-k destkey] [-o cipher] [-r|-R gpgid]
2014-12-26 23:54:51 +00:00
#
# Arguments:
# -k path to destination keyfile
2014-12-27 02:42:39 +00:00
# -o Use an alternate algorithm
2017-02-03 18:53:31 +00:00
# -r GPG recipients to be used
2014-12-26 23:54:51 +00:00
#
2013-03-22 20:13:59 +00:00
forge_key() {
2013-06-19 18:20:17 +00:00
# can be specified both as simple argument or using -k
2014-10-28 18:46:36 +00:00
local destkey="$1"
{ option_is_set -k } && { destkey=$(option_value -k) }
local algo="AES256" # Default encryption algorithm
2013-03-22 20:13:59 +00:00
2014-10-28 18:46:36 +00:00
[[ -z "$destkey" ]] && {
_failure "A filename needs to be specified using -k to forge a new key." }
2013-06-11 21:37:20 +00:00
2016-01-09 09:16:42 +00:00
# _message "Commanded to forge key ::1 key::" $destkey
2014-06-08 18:30:35 +00:00
2014-10-28 18:46:36 +00:00
_check_swap # Ensure the available memory is safe to use
2014-06-08 18:30:35 +00:00
2014-10-28 18:46:36 +00:00
# Ensure GnuPG won't exit with an error before first run
[[ -r $HOME/.gnupg/pubring.gpg ]] || {
mkdir -m 0700 $HOME/.gnupg
2014-07-13 15:35:28 +00:00
touch $HOME/.gnupg/pubring.gpg }
2014-04-04 12:52:15 +00:00
2014-10-28 18:46:36 +00:00
# Do not overwrite any files accidentally
[[ -r "$destkey" ]] && {
2014-11-24 19:06:23 +00:00
ls -lh $destkey
_failure "Forging this key would overwrite an existing file. Operation aborted." }
2013-03-22 20:13:59 +00:00
2015-01-04 20:02:27 +00:00
touch $destkey
[[ $? == 0 ]] || {
_warning "Cannot generate encryption key."
_failure "Operation aborted." }
chmod 0600 $destkey
2014-12-27 02:42:39 +00:00
# Update algorithm if it was passed on the command line with -o
{ option_is_set -o } && algopt="$(option_value -o)"
2014-10-28 18:46:36 +00:00
[[ -n "$algopt" ]] && algo=$algopt
2013-06-19 18:20:17 +00:00
2014-10-28 18:46:36 +00:00
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
2014-11-23 17:25:42 +00:00
$destkey $algo
2013-06-19 18:20:17 +00:00
2017-02-09 18:57:34 +00:00
[[ $KDF == 1 ]] && { ! option_is_set -g } && {
2016-01-09 09:16:42 +00:00
_message "Using KDF to protect the key password (`option_value --kdf` rounds)"
}
2014-10-23 06:30:02 +00:00
TOMBKEYFILE="$destkey" # Set global variable
2013-03-22 20:13:59 +00:00
2016-01-09 09:16:42 +00:00
_warning "This operation takes time, keep using this computer on other tasks,"
_warning "once done you will be asked to choose a password for your tomb."
_warning "To make it faster you can move the mouse around."
_warning "If you are on a server, you can use an Entropy Generation Daemon."
2013-03-22 20:13:59 +00:00
2015-07-07 07:56:16 +00:00
# Use /dev/random as the entropy source, unless --use-urandom is specified
2013-06-19 18:20:17 +00:00
local random_source=/dev/random
2014-10-28 18:46:36 +00:00
{ option_is_set --use-urandom } && random_source=/dev/urandom
2013-03-22 20:13:59 +00:00
2014-08-29 10:31:23 +00:00
_verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
2017-01-21 22:47:16 +00:00
TOMBSECRET=$(${=DD} bs=1 count=512 if=$random_source)
2014-10-23 06:44:45 +00:00
[[ $? == 0 ]] || {
2014-07-13 15:35:28 +00:00
_warning "Cannot generate encryption key."
2014-08-25 19:01:50 +00:00
_failure "Operation aborted." }
2013-03-22 20:13:59 +00:00
2014-10-23 06:44:45 +00:00
# Here the global variable TOMBSECRET contains the naked secret
2014-08-25 19:01:50 +00:00
2017-02-09 18:57:34 +00:00
{ option_is_set -g } && {
2017-03-24 20:08:33 +00:00
_success "Using GnuPG key(s) to encrypt your key: ::1 tomb key::" $TOMBKEYFILE
2017-02-03 18:33:28 +00:00
} || {
_success "Choose the password of your key: ::1 tomb key::" $TOMBKEYFILE
}
2014-05-06 06:12:19 +00:00
_message "(You can also change it later using 'tomb passwd'.)"
2014-10-28 18:46:36 +00:00
# _user_file $TOMBKEYFILE
2013-03-22 20:13:59 +00:00
2014-10-23 06:30:02 +00:00
tombname="$TOMBKEYFILE" # XXX ???
2013-03-22 20:13:59 +00:00
# the gen_key() function takes care of the new key's encryption
2014-10-28 18:46:36 +00:00
{ option_is_set --tomb-pwd } && {
local tombpwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 new pass::" $tombpwd
gen_key "$tombpwd" >> $TOMBKEYFILE
} || {
2014-10-23 06:30:02 +00:00
gen_key >> $TOMBKEYFILE
2014-10-28 18:46:36 +00:00
}
2014-06-08 17:33:35 +00:00
2014-10-23 06:30:02 +00:00
# load the key contents (set global variable)
2014-11-15 01:36:31 +00:00
TOMBKEY="${mapfile[$TOMBKEYFILE]}"
2014-08-25 19:01:50 +00:00
2013-05-28 09:57:58 +00:00
# this does a check on the file header
2014-10-23 06:30:02 +00:00
is_valid_key $TOMBKEY || {
2014-07-13 15:35:28 +00:00
_warning "The key does not seem to be valid."
_warning "Dumping contents to screen:"
2014-11-15 01:36:31 +00:00
print "${mapfile[$TOMBKEY]}"
2014-07-13 15:35:28 +00:00
_warning "--"
2015-02-08 17:33:10 +00:00
_sudo umount ${keytmp}
2014-07-13 15:35:28 +00:00
rm -r $keytmp
_failure "Operation aborted."
2014-08-25 19:01:50 +00:00
}
2013-03-22 20:13:59 +00:00
2014-10-23 06:30:02 +00:00
_message "Done forging ::1 key file::" $TOMBKEYFILE
2013-03-22 20:13:59 +00:00
_success "Your key is ready:"
2014-10-23 06:30:02 +00:00
ls -lh $TOMBKEYFILE
2013-03-22 20:13:59 +00:00
}
2014-10-23 05:10:24 +00:00
# Step three -- Lock tomb
#
2017-02-03 18:53:31 +00:00
# Synopsis: tomb_lock file.tomb file.tomb.key [-o cipher] [-r gpgid]
2014-10-23 05:10:24 +00:00
#
# Lock the given tomb with the given key file, in fact formatting the
2014-12-26 23:54:51 +00:00
# loopback volume as a LUKS device.
2014-12-27 02:42:39 +00:00
# Default cipher 'aes-xts-plain64:sha256'can be overridden with -o
2013-03-22 21:22:55 +00:00
lock_tomb_with_key() {
2014-12-26 23:54:51 +00:00
# old default was aes-cbc-essiv:sha256
2014-12-27 02:42:39 +00:00
# Override with -o
2014-12-26 23:54:51 +00:00
# for more alternatives refer to cryptsetup(8)
local cipher="aes-xts-plain64:sha256"
2014-10-23 05:10:24 +00:00
local tombpath="$1" # First argument is the path to the tomb
[[ -n $tombpath ]] || {
2014-07-13 15:35:28 +00:00
_warning "No tomb specified for locking."
_warning "Usage: tomb lock file.tomb file.tomb.key"
return 1
2014-10-23 05:10:24 +00:00
}
2013-03-22 21:22:55 +00:00
2014-11-14 18:27:57 +00:00
_plot $tombpath
2013-03-22 21:22:55 +00:00
2014-10-23 05:10:24 +00:00
_message "Commanded to lock tomb ::1 tomb file::" $TOMBFILE
2014-10-09 22:05:00 +00:00
2014-10-23 05:10:24 +00:00
[[ -f $TOMBPATH ]] || {
2015-01-09 16:11:14 +00:00
_failure "There is no tomb here. You have to dig it first." }
2013-03-22 21:22:55 +00:00
2014-10-23 05:10:24 +00:00
_verbose "Tomb found: ::1 tomb path::" $TOMBPATH
2013-03-22 21:22:55 +00:00
2014-10-23 05:10:24 +00:00
lo_mount $TOMBPATH
2014-08-25 19:01:50 +00:00
nstloop=`lo_new`
2013-03-22 21:22:55 +00:00
2014-08-29 10:31:23 +00:00
_verbose "Loop mounted on ::1 mount point::" $nstloop
2013-03-22 21:22:55 +00:00
2014-04-30 15:31:28 +00:00
_message "Checking if the tomb is empty (we never step on somebody else's bones)."
2015-02-08 17:33:10 +00:00
_sudo cryptsetup isLuks ${nstloop}
2013-03-22 21:22:55 +00:00
if [ $? = 0 ]; then
2014-07-13 15:35:28 +00:00
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
_warning "The tomb was already locked with another key."
_failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
2013-03-22 21:22:55 +00:00
else
2014-07-13 15:35:28 +00:00
_message "Fine, this tomb seems empty."
2013-03-22 21:22:55 +00:00
fi
2014-11-04 04:04:18 +00:00
_load_key # Try loading key from option -k and set TOMBKEYFILE
2013-03-22 21:22:55 +00:00
2014-12-26 23:54:51 +00:00
# the encryption cipher for a tomb can be set when locking using -c
2014-12-27 02:42:39 +00:00
{ option_is_set -o } && algopt="$(option_value -o)"
2014-12-26 23:54:51 +00:00
[[ -n "$algopt" ]] && cipher=$algopt
2014-08-29 10:07:33 +00:00
_message "Locking using cipher: ::1 cipher::" $cipher
2013-03-22 21:22:55 +00:00
2013-05-27 20:49:44 +00:00
# get the pass from the user and check it
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tomb_pwd="`option_value --tomb-pwd`"
2014-08-29 10:31:23 +00:00
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
2014-08-25 21:32:32 +00:00
ask_key_password "$tomb_pwd"
2014-06-08 17:33:35 +00:00
else
2014-08-25 21:32:32 +00:00
ask_key_password
2014-06-08 17:33:35 +00:00
fi
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || _failure "No valid password supplied."
2013-03-22 21:22:55 +00:00
2014-10-23 06:30:02 +00:00
_success "Locking ::1 tomb file:: with ::2 tomb key file::" $TOMBFILE $TOMBKEYFILE
2013-03-22 21:22:55 +00:00
2014-04-30 15:31:28 +00:00
_message "Formatting Luks mapped device."
2014-11-20 08:59:11 +00:00
_cryptsetup --batch-mode \
2017-01-29 20:54:46 +00:00
--cipher ${cipher} --key-size 512 --key-slot 0 \
2014-07-13 15:35:28 +00:00
luksFormat ${nstloop}
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || {
2014-07-13 15:35:28 +00:00
_warning "cryptsetup luksFormat returned an error."
2014-11-04 05:20:26 +00:00
_failure "Operation aborted." }
2013-05-25 13:05:21 +00:00
2014-11-20 08:59:11 +00:00
_cryptsetup --cipher ${cipher} luksOpen ${nstloop} tomb.tmp
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || {
2014-07-13 15:35:28 +00:00
_warning "cryptsetup luksOpen returned an error."
2014-11-04 05:20:26 +00:00
_failure "Operation aborted." }
2013-03-22 21:22:55 +00:00
2014-04-30 15:31:28 +00:00
_message "Formatting your Tomb with Ext3/Ext4 filesystem."
2015-02-08 17:33:10 +00:00
_sudo mkfs.ext4 -q -F -j -L $TOMBNAME /dev/mapper/tomb.tmp
2013-03-22 21:22:55 +00:00
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || {
2014-07-13 15:35:28 +00:00
_warning "Tomb format returned an error."
2014-11-04 05:20:26 +00:00
_warning "Your tomb ::1 tomb file:: may be corrupted." $TOMBFILE }
2013-05-28 09:57:58 +00:00
2014-11-04 05:20:26 +00:00
# Sync
2015-02-08 17:33:10 +00:00
_sudo cryptsetup luksClose tomb.tmp
2013-05-28 09:57:58 +00:00
2014-10-23 05:10:24 +00:00
_message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher
2014-11-14 18:43:26 +00:00
_success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \
2014-11-23 17:25:42 +00:00
$TOMBPATH $TOMBKEYFILE
2013-05-28 09:57:58 +00:00
2012-09-05 15:47:00 +00:00
}
2013-06-19 18:20:17 +00:00
# This function changes the key that locks a tomb
change_tomb_key() {
2014-10-23 05:10:24 +00:00
local tombkey="$1" # Path to the tomb's key file
local tombpath="$2" # Path to the tomb
2013-06-19 18:20:17 +00:00
2014-10-23 05:10:24 +00:00
_message "Commanded to reset key for tomb ::1 tomb path::" $tombpath
2013-06-19 18:20:17 +00:00
2014-10-23 05:10:24 +00:00
[[ -z "$tombpath" ]] && {
2014-08-27 10:28:15 +00:00
_warning "Command 'setkey' needs two arguments: the old key file and the tomb."
_warning "I.e: tomb -k new.tomb.key old.tomb.key secret.tomb"
_failure "Execution aborted."
}
2013-06-19 18:20:17 +00:00
2014-10-23 05:10:24 +00:00
_check_swap
2015-06-26 09:47:19 +00:00
# this also calls _plot()
2014-11-14 18:13:48 +00:00
is_valid_tomb $tombpath
2014-10-23 05:10:24 +00:00
lo_mount $TOMBPATH
2014-08-25 19:01:50 +00:00
nstloop=`lo_new`
2015-02-08 17:33:10 +00:00
_sudo cryptsetup isLuks ${nstloop}
2014-08-27 10:28:15 +00:00
# is it a LUKS encrypted nest? we check one more time
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || {
2014-10-23 05:10:24 +00:00
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
2013-06-19 18:20:17 +00:00
2014-11-04 04:04:18 +00:00
_load_key $tombkey # Try loading given key and set TOMBKEY and
2014-11-23 17:25:42 +00:00
# TOMBKEYFILE
2014-10-23 06:30:02 +00:00
local oldkey=$TOMBKEY
local oldkeyfile=$TOMBKEYFILE
2014-08-27 10:28:15 +00:00
2013-06-19 18:20:17 +00:00
# we have everything, prepare to mount
2014-10-23 05:10:24 +00:00
_success "Changing lock on tomb ::1 tomb name::" $TOMBNAME
2014-11-14 17:42:11 +00:00
_message "Old key: ::1 old key::" $oldkeyfile
2013-06-19 18:20:17 +00:00
# render the mapper
mapdate=`date +%s`
# save date of mount in minutes since 1970
2014-10-23 05:10:24 +00:00
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
2013-06-19 18:20:17 +00:00
# load the old key
2014-06-08 18:30:35 +00:00
if option_is_set --tomb-old-pwd; then
2014-07-13 15:35:28 +00:00
tomb_old_pwd="`option_value --tomb-old-pwd`"
2014-08-29 10:31:23 +00:00
_verbose "tomb-old-pwd = ::1 old pass::" $tomb_old_pwd
2014-08-27 10:28:15 +00:00
ask_key_password "$tomb_old_pwd"
2014-06-08 18:30:35 +00:00
else
2014-08-27 10:28:15 +00:00
ask_key_password
2014-06-08 18:30:35 +00:00
fi
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || {
2014-07-13 15:35:28 +00:00
_failure "No valid password supplied for the old key." }
2014-10-23 06:44:45 +00:00
old_secret=$TOMBSECRET
2013-06-19 18:20:17 +00:00
# luksOpen the tomb (not really mounting, just on the loopback)
2015-02-08 17:33:10 +00:00
print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \
2014-11-22 00:40:26 +00:00
luksOpen ${nstloop} ${mapper}
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || _failure "Unexpected error in luksOpen."
2013-06-19 18:20:17 +00:00
2014-11-04 04:04:18 +00:00
_load_key # Try loading new key from option -k and set TOMBKEYFILE
2014-10-23 06:30:02 +00:00
_message "New key: ::1 key file::" $TOMBKEYFILE
2014-08-27 10:28:15 +00:00
if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`"
2014-09-01 08:09:33 +00:00
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_new_pwd
2014-08-27 10:28:15 +00:00
ask_key_password "$tomb_new_pwd"
else
ask_key_password
fi
2014-11-04 05:20:26 +00:00
[[ $? == 0 ]] || {
2014-08-27 10:28:15 +00:00
_failure "No valid password supplied for the new key." }
2014-11-25 01:37:05 +00:00
_tmp_create
tmpnewkey=$TOMBTMP
print -R -n - "$TOMBSECRET" >> $tmpnewkey
2015-02-08 17:33:10 +00:00
print -R -n - "$old_secret" | _sudo cryptsetup --key-file - \
2014-11-25 01:37:05 +00:00
luksChangeKey "$nstloop" "$tmpnewkey"
2013-06-19 18:20:17 +00:00
2014-10-28 12:46:23 +00:00
[[ $? == 0 ]] || _failure "Unexpected error in luksChangeKey."
2015-02-08 17:33:10 +00:00
_sudo cryptsetup luksClose "${mapper}" || _failure "Unexpected error in luksClose."
2013-06-19 18:20:17 +00:00
2014-10-23 05:10:24 +00:00
_success "Succesfully changed key for tomb: ::1 tomb file::" $TOMBFILE
2014-11-14 17:42:11 +00:00
_message "The new key is: ::1 new key::" $TOMBKEYFILE
2013-06-19 18:20:17 +00:00
return 0
}
2013-05-28 09:57:58 +00:00
# }}} - Creation
2011-12-01 19:04:56 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Open
2011-12-01 19:04:56 +00:00
2012-01-17 15:49:03 +00:00
# $1 = tombfile $2(optional) = mountpoint
2010-08-22 14:44:35 +00:00
mount_tomb() {
2014-10-23 05:10:24 +00:00
local tombpath="$1" # First argument is the path to the tomb
[[ -n "$tombpath" ]] || _failure "No tomb name specified for opening."
2015-01-21 11:17:09 +00:00
_message "Commanded to open tomb ::1 tomb name::" $tombpath
2011-08-28 17:28:47 +00:00
2014-06-08 18:30:35 +00:00
_check_swap
2012-07-09 18:53:14 +00:00
2015-06-26 09:47:19 +00:00
# this also calls _plot()
2015-01-21 11:17:09 +00:00
is_valid_tomb $tombpath
2011-09-26 09:33:07 +00:00
2014-11-04 04:04:18 +00:00
_load_key # Try loading new key from option -k and set TOMBKEYFILE
2013-05-27 20:49:44 +00:00
2015-01-21 11:17:09 +00:00
tombmount="$2"
[[ "$tombmount" = "" ]] && {
2015-06-26 09:47:19 +00:00
tombmount=/media/$TOMBNAME
2015-09-20 21:32:00 +00:00
[[ -d /media ]] || { # no /media found, adopting /run/media/$USER (udisks2 compat)
2015-06-26 09:47:19 +00:00
tombmount=/run/media/$_USER/$TOMBNAME
2015-01-21 11:17:09 +00:00
}
_message "Mountpoint not specified, using default: ::1 mount point::" $tombmount
}
2011-12-01 17:53:12 +00:00
2015-06-26 09:47:19 +00:00
_success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount
2011-02-03 19:42:46 +00:00
2014-10-23 05:10:24 +00:00
lo_mount $TOMBPATH
2014-08-25 19:01:50 +00:00
nstloop=`lo_new`
2011-04-28 10:14:37 +00:00
2015-02-08 17:33:10 +00:00
_sudo cryptsetup isLuks ${nstloop} || {
2014-07-13 15:35:28 +00:00
# is it a LUKS encrypted nest? see cryptsetup(1)
2014-11-04 05:20:26 +00:00
_failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
2014-04-30 15:31:28 +00:00
_message "This tomb is a valid LUKS encrypted device."
2011-02-22 17:30:42 +00:00
2015-02-08 17:33:10 +00:00
luksdump="`_sudo cryptsetup luksDump ${nstloop}`"
2013-03-30 17:44:05 +00:00
tombdump=(`print $luksdump | awk '
2014-07-13 15:35:28 +00:00
/^Cipher name/ {print $3}
/^Cipher mode/ {print $3}
/^Hash spec/ {print $3}'`)
2014-08-29 10:07:33 +00:00
_message "Cipher is \"::1 cipher::\" mode \"::2 mode::\" hash \"::3 hash::\"" $tombdump[1] $tombdump[2] $tombdump[3]
2012-01-17 16:28:40 +00:00
2013-03-30 17:44:05 +00:00
slotwarn=`print $luksdump | awk '
2014-07-13 15:35:28 +00:00
BEGIN { zero=0 }
/^Key slot 0/ { zero=1 }
/^Key slot.*ENABLED/ { if(zero==1) print "WARN" }'`
2014-11-04 05:20:26 +00:00
[[ "$slotwarn" == "WARN" ]] && {
2014-07-13 15:35:28 +00:00
_warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
2012-01-17 16:28:40 +00:00
2011-01-11 09:49:44 +00:00
# save date of mount in minutes since 1970
2011-04-28 18:42:45 +00:00
mapdate=`date +%s`
2013-05-25 13:05:21 +00:00
2014-11-14 18:13:48 +00:00
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
2014-08-29 10:31:23 +00:00
_verbose "dev mapper device: ::1 mapper::" $mapper
2014-10-23 06:30:02 +00:00
_verbose "Tomb key: ::1 key file::" $TOMBKEYFILE
2014-08-05 15:05:49 +00:00
# take the name only, strip extensions
2014-10-23 05:10:24 +00:00
_verbose "Tomb name: ::1 tomb name:: (to be engraved)" $TOMBNAME
2011-02-22 17:30:42 +00:00
2017-02-09 18:57:34 +00:00
{ option_is_set --tomb-pwd } && { ! option_is_set -g } && {
2014-07-13 15:35:28 +00:00
tomb_pwd="`option_value --tomb-pwd`"
2014-08-29 10:31:23 +00:00
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
2014-08-25 21:32:32 +00:00
ask_key_password "$tomb_pwd"
2014-11-04 05:20:26 +00:00
} || {
2014-08-25 21:32:32 +00:00
ask_key_password
2014-11-04 05:20:26 +00:00
}
[[ $? == 0 ]] || _failure "No valid password supplied."
2013-05-25 13:05:21 +00:00
2014-11-20 08:59:11 +00:00
_cryptsetup luksOpen ${nstloop} ${mapper}
2014-11-25 01:37:05 +00:00
[[ $? = 0 ]] || {
2014-11-23 17:25:42 +00:00
_failure "Failure mounting the encrypted file." }
2011-04-28 10:14:37 +00:00
2014-08-25 19:01:50 +00:00
# preserve the loopdev after exit
lo_preserve "$nstloop"
2012-01-17 16:28:40 +00:00
# array: [ cipher, keysize, loopdevice ]
2015-02-08 17:33:10 +00:00
tombstat=(`_sudo cryptsetup status ${mapper} | awk '
2012-01-17 16:28:40 +00:00
/cipher:/ {print $2}
/keysize:/ {print $2}
/device:/ {print $2}'`)
2014-10-23 05:10:24 +00:00
_success "Success unlocking tomb ::1 tomb name::" $TOMBNAME
2014-08-29 10:31:23 +00:00
_verbose "Key size is ::1 size:: for cipher ::2 cipher::" $tombstat[2] $tombstat[1]
2012-01-17 16:28:40 +00:00
2014-08-29 10:07:33 +00:00
_message "Checking filesystem via ::1::" $tombstat[3]
2015-02-08 17:33:10 +00:00
_sudo fsck -p -C0 /dev/mapper/${mapper}
2014-10-23 05:10:24 +00:00
_verbose "Tomb engraved as ::1 tomb name::" $TOMBNAME
2015-02-08 17:33:10 +00:00
_sudo tune2fs -L $TOMBNAME /dev/mapper/${mapper} > /dev/null
2011-02-11 23:36:21 +00:00
2013-05-27 20:49:44 +00:00
# we need root from here on
2015-02-08 17:33:10 +00:00
_sudo mkdir -p $tombmount
2013-05-27 20:49:44 +00:00
2014-12-26 23:54:51 +00:00
# Default mount options are overridden with the -o switch
2014-12-27 11:13:15 +00:00
{ option_is_set -o } && {
2015-01-09 16:33:07 +00:00
local oldmountopts=$MOUNTOPTS
MOUNTOPTS="$(option_value -o)" }
2014-12-26 23:54:51 +00:00
2014-12-27 11:13:15 +00:00
# TODO: safety check MOUNTOPTS
# safe_mount_options && \
2015-02-08 17:33:10 +00:00
_sudo mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount}
2014-12-27 11:13:15 +00:00
# Clean up if the mount failed
[[ $? == 0 ]] || {
2015-01-09 16:33:07 +00:00
_warning "Error mounting ::1 mapper:: on ::2 tombmount::" $mapper $tombmount
[[ $oldmountopts != $MOUNTOPTS ]] && \
_warning "Are mount options '::1 mount options::' valid?" $MOUNTOPTS
# TODO: move cleanup to _endgame()
2015-06-26 09:47:19 +00:00
[[ -d $tombmount ]] && _sudo rmdir $tombmount
2015-02-08 17:33:10 +00:00
[[ -e /dev/mapper/$mapper ]] && _sudo cryptsetup luksClose $mapper
2015-01-09 16:33:07 +00:00
# The loop is taken care of in _endgame()
_failure "Cannot mount ::1 tomb name::" $TOMBNAME
2014-12-27 11:13:15 +00:00
}
2011-01-30 22:25:01 +00:00
2017-01-02 10:04:08 +00:00
# we do not change ownership anymore when mounting tombs
# _sudo chown $UID:$GID ${tombmount}
# _sudo chmod 0711 ${tombmount}
2011-04-28 10:14:37 +00:00
2014-10-23 05:10:24 +00:00
_success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount
2013-03-29 11:51:43 +00:00
2014-11-23 17:25:42 +00:00
local tombtty tombhost tombuid tombuser
2014-11-21 21:25:43 +00:00
2015-09-20 21:32:00 +00:00
# print out when it was opened the last time, by whom and where
2014-11-04 05:20:26 +00:00
[[ -r ${tombmount}/.last ]] && {
2015-12-30 13:35:58 +00:00
tombsince=$(_cat ${tombmount}/.last)
tombsince=$(date --date=@$tombsince +%c)
2015-01-17 01:14:38 +00:00
tombtty=$(_cat ${tombmount}/.tty)
tombhost=$(_cat ${tombmount}/.host)
tomblast=$(_cat ${tombmount}/.last)
2014-11-15 01:36:31 +00:00
tombuid=$(_cat ${tombmount}/.uid | tr -d ' ')
2015-07-23 13:18:13 +00:00
tombuser=$(getent passwd $tombuid)
tombuser=${tombuser[(ws@:@)1]}
2014-09-09 11:16:10 +00:00
_message "Last visit by ::1 user::(::2 tomb build::) from ::3 tty:: on ::4 host::" $tombuser $tombuid $tombtty $tombhost
2015-12-30 13:35:58 +00:00
_message "on date ::1 date::" $tombsince
2013-05-28 09:57:58 +00:00
}
# write down the UID and TTY that opened the tomb
rm -f ${tombmount}/.uid
2014-11-15 01:36:31 +00:00
print $_UID > ${tombmount}/.uid
2013-05-28 09:57:58 +00:00
rm -f ${tombmount}/.tty
2014-11-15 01:36:31 +00:00
print $_TTY > ${tombmount}/.tty
2013-05-28 09:57:58 +00:00
# also the hostname
rm -f ${tombmount}/.host
2014-11-15 01:36:31 +00:00
hostname > ${tombmount}/.host
2013-05-28 09:57:58 +00:00
# and the "last time opened" information
# in minutes since 1970, this is printed at next open
rm -f ${tombmount}/.last
2014-11-15 01:36:31 +00:00
date +%s > ${tombmount}/.last
2013-05-28 09:57:58 +00:00
# human readable: date --date=@"`cat .last`" +%c
# process bind-hooks (mount -o bind of directories)
# and post-hooks (execute on open)
2014-11-04 05:20:26 +00:00
{ option_is_set -n } || {
2014-07-13 15:35:28 +00:00
exec_safe_bind_hooks ${tombmount}
2014-11-04 05:20:26 +00:00
exec_safe_post_hooks ${tombmount} open }
2013-05-28 09:57:58 +00:00
return 0
}
2014-10-24 01:48:05 +00:00
## HOOKS EXECUTION
#
# Execution of code inside a tomb may present a security risk, e.g.,
# if the tomb is shared or compromised, an attacker could embed
# malicious code. When in doubt, open the tomb with the -n switch in
# order to skip this feature and verify the files mount-hooks and
# bind-hooks inside the tomb yourself before letting them run.
# Mount files and directories from the tomb to the current user's HOME.
#
# Synopsis: exec_safe_bind_hooks /path/to/mounted/tomb
#
# This can be a security risk if you share tombs with untrusted people.
# In that case, use the -n switch to turn off this feature.
2013-05-28 09:57:58 +00:00
exec_safe_bind_hooks() {
2014-10-24 01:48:05 +00:00
local mnt="$1" # First argument is the mount point of the tomb
# Default mount options are overridden with the -o switch
[[ -n ${(k)OPTS[-o]} ]] && MOUNTOPTS=${OPTS[-o]}
# No HOME set? Note: this should never happen again.
[[ -z $HOME ]] && {
2014-11-23 17:25:42 +00:00
_warning "How pitiful! A tomb, and no HOME."
return 1 }
2014-10-24 01:48:05 +00:00
[[ -z $mnt || ! -d $mnt ]] && {
2014-11-23 17:25:42 +00:00
_warning "Cannot exec bind hooks without a mounted tomb."
2014-10-24 01:48:05 +00:00
return 1 }
2014-11-14 16:42:49 +00:00
[[ -r "$mnt/bind-hooks" ]] || {
2014-10-24 01:48:05 +00:00
_verbose "bind-hooks not found in ::1 mount point::" $mnt
2017-02-20 18:34:51 +00:00
return 0 }
2014-10-24 01:48:05 +00:00
typeset -Al maps # Maps of files and directories to mount
typeset -al mounted # Track already mounted files and directories
2014-11-14 16:42:49 +00:00
# better parsing for bind hooks checks for two separated words on
# each line, using zsh word separator array subscript
2014-11-15 01:36:31 +00:00
_bindhooks="${mapfile[${mnt}/bind-hooks]}"
2014-11-14 16:42:49 +00:00
for h in ${(f)_bindhooks}; do
s="${h[(w)1]}"
d="${h[(w)2]}"
[[ "$s" = "" ]] && { _warning "bind-hooks file is broken"; return 1 }
[[ "$d" = "" ]] && { _warning "bind-hooks file is broken"; return 1 }
maps+=($s $d)
_verbose "bind-hook found: $s -> $d"
done
unset _bindhooks
2013-05-28 09:57:58 +00:00
for dir in ${(k)maps}; do
2014-10-24 01:48:05 +00:00
[[ "${dir[1]}" == "/" || "${dir[1,2]}" == ".." ]] && {
2014-07-13 15:35:28 +00:00
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME"
2014-10-24 01:48:05 +00:00
continue }
[[ "${${maps[$dir]}[1]}" == "/" || "${${maps[$dir]}[1,2]}" == ".." ]] && {
2014-07-13 15:35:28 +00:00
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
2015-02-08 17:33:10 +00:00
for dir in ${mounted}; do _sudo umount $dir; done
2017-02-20 18:34:51 +00:00
return 0 }
2014-10-24 01:48:05 +00:00
2014-11-04 05:20:26 +00:00
if [[ ! -r "$HOME/${maps[$dir]}" ]]; then
2014-08-29 09:33:56 +00:00
_warning "bind-hook target not existent, skipping ::1 home::/::2 subdir::" $HOME ${maps[$dir]}
2014-11-04 05:20:26 +00:00
elif [[ ! -r "$mnt/$dir" ]]; then
2014-10-24 01:48:05 +00:00
_warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir
2014-07-13 15:35:28 +00:00
else
2015-02-08 17:33:10 +00:00
_sudo mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \
2014-11-23 17:25:42 +00:00
&& mounted+=("$HOME/${maps[$dir]}")
2014-07-13 15:35:28 +00:00
fi
2013-05-28 09:57:58 +00:00
done
}
2014-10-24 01:48:05 +00:00
# Execute automated actions configured in the tomb.
#
# Synopsis: exec_safe_post_hooks /path/to/mounted/tomb [open|close]
#
# If an executable file named 'post-hooks' is found inside the tomb,
# run it as a user. This might need a dialog for security on what is
# being run, however we expect you know well what is inside your tomb.
# If you're mounting an untrusted tomb, be safe and use the -n switch
# to verify what it would run if you let it. This feature opens the
# possibility to make encrypted executables.
2013-05-28 09:57:58 +00:00
exec_safe_post_hooks() {
2014-10-24 01:48:05 +00:00
local mnt=$1 # First argument is where the tomb is mounted
local act=$2 # Either 'open' or 'close'
# Only run if post-hooks has the executable bit set
[[ -x $mnt/post-hooks ]] || return
2014-11-23 17:25:42 +00:00
# If the file starts with a shebang, run it.
2016-11-18 12:55:48 +00:00
head -n1 $mnt/post-hooks | grep '^#!\s*/'
2014-10-24 01:48:05 +00:00
[[ $? == 0 ]] && {
_success "Post hooks found, executing as user ::1 user name::." $USERNAME
2014-11-25 01:37:05 +00:00
$mnt/post-hooks $act $mnt
2014-10-24 01:48:05 +00:00
}
2013-05-28 09:57:58 +00:00
}
# }}} - Tomb open
# {{{ List
# list all tombs mounted in a readable format
# $1 is optional, to specify a tomb
list_tombs() {
2014-11-15 01:36:31 +00:00
local tombname tombmount tombfs tombfsopts tombloop
local ts tombtot tombused tombavail tombpercent tombp tombsince
2014-11-23 17:25:42 +00:00
local tombtty tombhost tombuid tombuser
2013-05-28 09:57:58 +00:00
# list all open tombs
mounted_tombs=(`list_tomb_mounts $1`)
2014-11-04 05:20:26 +00:00
[[ ${#mounted_tombs} == 0 ]] && {
2014-08-30 15:33:29 +00:00
_failure "I can't see any ::1 status:: tomb, may they all rest in peace." ${1:-open} }
2013-05-28 09:57:58 +00:00
for t in ${mounted_tombs}; do
2014-07-13 15:35:28 +00:00
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
tombfs=${t[(ws:;:)3]}
tombfsopts=${t[(ws:;:)4]}
tombloop=${mapper[(ws:.:)4]}
# calculate tomb size
ts=`df -hP /dev/mapper/$mapper |
2014-11-04 05:20:26 +00:00
awk "/mapper/"' { print $2 ";" $3 ";" $4 ";" $5 }'`
2014-07-13 15:35:28 +00:00
tombtot=${ts[(ws:;:)1]}
tombused=${ts[(ws:;:)2]}
tombavail=${ts[(ws:;:)3]}
tombpercent=${ts[(ws:;:)4]}
tombp=${tombpercent%%%}
2015-12-30 13:35:58 +00:00
# obsolete way to get the last open date from /dev/mapper
# which doesn't work when tomb filename contain dots
# tombsince=`date --date=@${mapper[(ws:.:)3]} +%c`
2014-07-13 15:35:28 +00:00
# find out who opens it from where
2014-11-04 05:20:26 +00:00
[[ -r ${tombmount}/.tty ]] && {
2015-12-30 13:35:58 +00:00
tombsince=$(_cat ${tombmount}/.last)
tombsince=$(date --date=@$tombsince +%c)
2015-01-17 01:14:38 +00:00
tombtty=$(_cat ${tombmount}/.tty)
tombhost=$(_cat ${tombmount}/.host)
2014-11-15 01:36:31 +00:00
tombuid=$(_cat ${tombmount}/.uid | tr -d ' ')
2015-07-23 13:18:13 +00:00
tombuser=$(getent passwd $tombuid)
tombuser=${tombuser[(ws@:@)1]}
2014-07-13 15:35:28 +00:00
}
2013-05-28 09:57:58 +00:00
2014-11-15 01:36:31 +00:00
{ option_is_set --get-mountpoint } && { print $tombmount; continue }
2014-11-04 05:20:26 +00:00
2014-11-04 15:45:57 +00:00
_message "::1 tombname:: open on ::2 tombmount:: using ::3 tombfsopts::" \
$tombname $tombmount $tombfsopts
2014-11-04 05:20:26 +00:00
2015-01-30 01:00:07 +00:00
_verbose "::1 tombname:: /dev/::2 tombloop:: device mounted (detach with losetup -d)" $tombname $tombloop
2014-11-04 15:45:57 +00:00
_message "::1 tombname:: open since ::2 tombsince::" $tombname $tombsince
2014-07-13 15:35:28 +00:00
2014-11-04 05:20:26 +00:00
[[ -z "$tombtty" ]] || {
2014-11-04 15:45:57 +00:00
_message "::1 tombname:: open by ::2 tombuser:: from ::3 tombtty:: on ::4 tombhost::" \
$tombname $tombuser $tombtty $tombhost
2014-07-13 15:35:28 +00:00
}
2014-11-04 15:45:57 +00:00
_message "::1 tombname:: size ::2 tombtot:: of which ::3 tombused:: (::5 tombpercent::%) is used: ::4 tombavail:: free " \
$tombname $tombtot $tombused $tombavail $tombpercent
2014-07-13 15:35:28 +00:00
2014-11-04 05:20:26 +00:00
[[ ${tombp} -ge 90 ]] && {
2014-11-04 15:45:57 +00:00
_warning "::1 tombname:: warning: your tomb is almost full!" $tombname
}
2014-07-13 15:35:28 +00:00
2014-11-04 05:20:26 +00:00
# Now check hooks
2015-12-30 16:33:23 +00:00
mounted_hooks=(`list_tomb_binds $tombname $tombmount`)
2014-07-13 15:35:28 +00:00
for h in ${mounted_hooks}; do
2014-11-04 15:45:57 +00:00
_message "::1 tombname:: hooks ::2 hookname:: on ::3 hookdest::" \
$tombname "`basename ${h[(ws:;:)1]}`" ${h[(ws:;:)2]}
2014-07-13 15:35:28 +00:00
done
2013-05-28 09:57:58 +00:00
done
2010-08-22 13:04:19 +00:00
}
2011-12-01 19:04:56 +00:00
2013-05-15 11:53:28 +00:00
2014-11-04 05:20:26 +00:00
# Print out an array of mounted tombs (internal use)
# Format is semi-colon separated list of attributes
2013-05-15 11:53:28 +00:00
# if 1st arg is supplied, then list only that tomb
2013-05-28 09:57:58 +00:00
#
# String positions in the semicolon separated array:
#
# 1. full mapper path
#
# 2. mountpoint
#
# 3. filesystem type
#
# 4. mount options
#
# 5. tomb name
2013-05-15 11:53:28 +00:00
list_tomb_mounts() {
2014-11-04 05:20:26 +00:00
[[ -z "$1" ]] && {
2014-07-13 15:35:28 +00:00
# list all open tombs
mount -l \
| awk '
2013-05-15 11:53:28 +00:00
BEGIN { main="" }
2013-05-25 13:05:21 +00:00
/^\/dev\/mapper\/tomb/ {
2013-05-15 11:53:28 +00:00
if(main==$1) next;
print $1 ";" $3 ";" $5 ";" $6 ";" $7
main=$1
}
'
2014-11-04 05:20:26 +00:00
} || {
2014-07-13 15:35:28 +00:00
# list a specific tomb
mount -l \
2014-11-23 17:25:42 +00:00
| awk -vtomb="[$1]" '
2013-05-15 11:53:28 +00:00
BEGIN { main="" }
/^\/dev\/mapper\/tomb/ {
if($7!=tomb) next;
if(main==$1) next;
print $1 ";" $3 ";" $5 ";" $6 ";" $7
main=$1
}
'
2014-11-04 05:20:26 +00:00
}
2013-05-15 11:53:28 +00:00
}
# list_tomb_binds
# print out an array of mounted bind hooks (internal use)
# format is semi-colon separated list of attributes
2015-12-30 16:33:23 +00:00
# needs two arguments: name of tomb whose hooks belong
# mount tomb
2013-05-15 11:53:28 +00:00
list_tomb_binds() {
2015-12-30 16:33:23 +00:00
[[ -z "$2" ]] && {
2014-11-04 05:20:26 +00:00
_failure "Internal error: list_tomb_binds called without argument." }
2013-05-25 13:05:21 +00:00
2015-12-30 16:33:23 +00:00
# OK well, prepare for some insanity: parsing the mount table on GNU/Linux
# is like combing a Wookie while he is riding a speedbike down a valley.
typeset -A tombs
typeset -a binds
for t in "${(f)$(mount -l | grep '/dev/mapper/tomb.*]$')}"; do
len="${(w)#t}"
[[ "${t[(w)$len]}" = "$1" ]] || continue
tombs+=( ${t[(w)1]} ${t[(w)$len]} )
2013-05-25 13:05:21 +00:00
2015-12-30 16:33:23 +00:00
done
2013-05-25 13:05:21 +00:00
2015-12-30 16:33:23 +00:00
for m in ${(k)tombs}; do
for p in "${(f)$(cat /proc/mounts):s/\\040(deleted)/}"; do
# Debian's kernel appends a '\040(deleted)' to the mountpoint in /proc/mounts
# so if we parse the string as-is then this will break the parsing. How nice of them!
# Some bugs related to this are more than 10yrs old. Such Debian! Much stable! Very parsing!
# Bug #711183 umount parser for /proc/mounts broken on stale nfs mount (gets renamed to "/mnt/point (deleted)")
# Bug #711184 mount should not stat mountpoints on mount
# Bug #711187 linux-image-3.2.0-4-amd64: kernel should not rename mountpoint if nfs server is dead/unreachable
[[ "${p[(w)1]}" = "$m" ]] && {
[[ "${(q)p[(w)2]}" != "${(q)2}" ]] && {
# Our output format:
# mapper;mountpoint;fs;flags;name
binds+=("$m;${(q)p[(w)2]};${p[(w)3]};${p[(w)4]};${tombs[$m]}") }
}
done
done
# print the results out line by line
for b in $binds; do print - "$b"; done
2013-05-15 11:53:28 +00:00
}
2013-05-28 09:57:58 +00:00
# }}} - Tomb list
2013-05-15 11:53:28 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Index and search
2010-08-22 13:04:19 +00:00
2013-05-28 09:57:58 +00:00
# index files in all tombs for search
# $1 is optional, to specify a tomb
index_tombs() {
2014-11-16 12:11:42 +00:00
{ command -v updatedb 1>/dev/null 2>/dev/null } || {
2014-07-13 15:35:28 +00:00
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
2013-06-11 16:49:58 +00:00
updatedbver=`updatedb --version | grep '^updatedb'`
[[ "$updatedbver" =~ "GNU findutils" ]] && {
2014-07-13 15:35:28 +00:00
_warning "Cannot use GNU findutils for index/search commands." }
2013-06-11 16:49:58 +00:00
[[ "$updatedbver" =~ "mlocate" ]] || {
2014-07-13 15:35:28 +00:00
_failure "Index command needs 'mlocate' to be installed." }
2013-06-11 16:49:58 +00:00
2014-04-30 15:31:28 +00:00
_verbose "$updatedbver"
2011-04-28 10:14:37 +00:00
2013-05-28 09:57:58 +00:00
mounted_tombs=(`list_tomb_mounts $1`)
2014-11-04 05:20:26 +00:00
[[ ${#mounted_tombs} == 0 ]] && {
2014-11-23 17:25:42 +00:00
# Considering one tomb
2014-11-04 05:20:26 +00:00
[[ -n "$1" ]] && {
2014-11-23 17:25:42 +00:00
_failure "There seems to be no open tomb engraved as [::1::]" $1 }
# Or more
2014-11-04 05:20:26 +00:00
_failure "I can't see any open tomb, may they all rest in peace." }
2013-06-12 16:15:55 +00:00
2014-04-30 15:31:28 +00:00
_success "Creating and updating search indexes."
2013-06-12 16:15:55 +00:00
# start the LibreOffice document converter if installed
2014-11-16 12:11:42 +00:00
{ command -v unoconv 1>/dev/null 2>/dev/null } && {
2014-09-06 18:21:38 +00:00
unoconv -l 2>/dev/null &
2014-07-13 15:35:28 +00:00
_verbose "unoconv listener launched."
sleep 1 }
2013-06-12 16:15:55 +00:00
2013-05-15 11:53:28 +00:00
for t in ${mounted_tombs}; do
2014-07-13 15:35:28 +00:00
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
2014-11-04 05:20:26 +00:00
[[ -r ${tombmount}/.noindex ]] && {
2014-08-29 10:07:33 +00:00
_message "Skipping ::1 tomb name:: (.noindex found)." $tombname
2014-07-13 15:35:28 +00:00
continue }
2014-08-29 10:07:33 +00:00
_message "Indexing ::1 tomb name:: filenames..." $tombname
2014-07-13 15:35:28 +00:00
updatedb -l 0 -o ${tombmount}/.updatedb -U ${tombmount}
# here we use swish to index file contents
2014-10-21 16:33:59 +00:00
[[ $SWISH == 1 ]] && {
2014-08-29 10:07:33 +00:00
_message "Indexing ::1 tomb name:: contents..." $tombname
2015-07-06 11:03:32 +00:00
rm -f ${tombmount}/.swishrc
_message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc
cat <<EOF > ${tombmount}/.swishrc
2013-06-20 08:26:12 +00:00
# index directives
2013-06-12 16:15:55 +00:00
DefaultContents TXT*
2013-06-20 08:26:12 +00:00
IndexDir $tombmount
IndexFile $tombmount/.swish
# exclude images
FileRules filename regex /\.jp.?g/i
FileRules filename regex /\.png/i
FileRules filename regex /\.gif/i
FileRules filename regex /\.tiff/i
FileRules filename regex /\.svg/i
FileRules filename regex /\.xcf/i
FileRules filename regex /\.eps/i
FileRules filename regex /\.ttf/i
# exclude audio
FileRules filename regex /\.mp3/i
FileRules filename regex /\.ogg/i
FileRules filename regex /\.wav/i
FileRules filename regex /\.mod/i
FileRules filename regex /\.xm/i
# exclude video
FileRules filename regex /\.mp4/i
FileRules filename regex /\.avi/i
FileRules filename regex /\.ogv/i
FileRules filename regex /\.ogm/i
FileRules filename regex /\.mkv/i
FileRules filename regex /\.mov/i
2014-11-15 03:14:40 +00:00
FileRules filename regex /\.flv/i
FileRules filename regex /\.webm/i
2013-06-20 08:26:12 +00:00
# exclude system
FileRules filename is ok
FileRules filename is lock
FileRules filename is control
FileRules filename is status
FileRules filename is proc
FileRules filename is sys
FileRules filename is supervise
FileRules filename regex /\.asc$/i
FileRules filename regex /\.gpg$/i
# pdf and postscript
2013-06-12 16:15:55 +00:00
FileFilter .pdf pdftotext "'%p' -"
2013-06-20 08:26:12 +00:00
FileFilter .ps ps2txt "'%p' -"
# compressed files
FileFilterMatch lesspipe "%p" /\.tgz$/i
FileFilterMatch lesspipe "%p" /\.zip$/i
FileFilterMatch lesspipe "%p" /\.gz$/i
FileFilterMatch lesspipe "%p" /\.bz2$/i
FileFilterMatch lesspipe "%p" /\.Z$/
# spreadsheets
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xls.*/i
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xlt.*/i
2013-06-12 16:15:55 +00:00
FileFilter .ods unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .ots unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .dbf unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .dif unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .uos unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .sxc unoconv "-d spreadsheet -f csv --stdout %P"
2013-06-20 08:26:12 +00:00
# word documents
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.doc.*/i
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.odt.*/i
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.rtf.*/i
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i
# native html support
2013-06-12 16:15:55 +00:00
IndexContents HTML* .htm .html .shtml
IndexContents XML* .xml
EOF
2014-11-23 20:53:44 +00:00
swish-e -c ${tombmount}/.swishrc -S fs -v3
2014-07-13 15:35:28 +00:00
}
_message "Search index updated."
2013-05-28 09:57:58 +00:00
done
2010-08-22 13:04:19 +00:00
}
2015-07-06 11:03:32 +00:00
2013-05-28 09:57:58 +00:00
search_tombs() {
2014-11-16 12:11:42 +00:00
{ command -v locate 1>/dev/null 2>/dev/null } || {
2014-07-13 15:35:28 +00:00
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
2013-06-11 16:49:58 +00:00
updatedbver=`updatedb --version | grep '^updatedb'`
[[ "$updatedbver" =~ "GNU findutils" ]] && {
2014-07-13 15:35:28 +00:00
_warning "Cannot use GNU findutils for index/search commands." }
2013-06-11 16:49:58 +00:00
[[ "$updatedbver" =~ "mlocate" ]] || {
2014-07-13 15:35:28 +00:00
_failure "Index command needs 'mlocate' to be installed." }
2013-06-11 16:49:58 +00:00
2014-04-30 15:31:28 +00:00
_verbose "$updatedbver"
2013-05-25 13:05:21 +00:00
2013-05-28 09:57:58 +00:00
# list all open tombs
2013-06-11 16:49:58 +00:00
mounted_tombs=(`list_tomb_mounts`)
2014-11-04 05:20:26 +00:00
[[ ${#mounted_tombs} == 0 ]] && {
_failure "I can't see any open tomb, may they all rest in peace." }
2013-06-11 16:49:58 +00:00
2014-09-09 11:16:10 +00:00
_success "Searching for: ::1::" ${(f)@}
2013-05-28 09:57:58 +00:00
for t in ${mounted_tombs}; do
2014-08-29 10:31:23 +00:00
_verbose "Checking for index: ::1::" ${t}
2014-07-13 15:35:28 +00:00
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
2014-11-04 05:20:26 +00:00
[[ -r ${tombmount}/.updatedb ]] && {
# Use mlocate to search hits on filenames
_message "Searching filenames in tomb ::1 tomb name::" $tombname
locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
_message "Matches found: ::1 matches::" \
2014-11-23 17:25:42 +00:00
$(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@})
2014-11-04 05:20:26 +00:00
# Use swish-e to search over contents
[[ $SWISH == 1 && -r $tombmount/.swish ]] && {
2014-11-23 17:25:42 +00:00
_message "Searching contents in tomb ::1 tomb name::" $tombname
2017-02-05 19:29:22 +00:00
swish-e -w ${@} -f $tombmount/.swish -H0 }
2014-11-23 17:25:42 +00:00
} || {
2014-08-29 09:33:56 +00:00
_warning "Skipping tomb ::1 tomb name::: not indexed." $tombname
2014-11-04 05:20:26 +00:00
_warning "Run 'tomb index' to create indexes." }
2013-05-28 09:57:58 +00:00
done
2014-04-30 15:31:28 +00:00
_message "Search completed."
2011-11-03 14:13:49 +00:00
}
2011-12-01 19:27:05 +00:00
2013-05-28 09:57:58 +00:00
# }}} - Index and search
# {{{ Resize
2012-01-07 23:23:49 +00:00
# resize tomb file size
resize_tomb() {
2014-10-23 05:10:24 +00:00
local tombpath="$1" # First argument is the path to the tomb
2015-11-07 13:20:43 +00:00
_message "Commanded to resize tomb ::1 tomb name:: to ::2 size:: mebibytes." $1 $OPTS[-s]
2014-10-23 05:10:24 +00:00
[[ -z "$tombpath" ]] && _failure "No tomb name specified for resizing."
[[ ! -r $tombpath ]] && _failure "Cannot find ::1::" $tombpath
2012-01-07 23:23:49 +00:00
2014-08-27 10:28:15 +00:00
newtombsize="`option_value -s`"
2014-11-04 05:20:26 +00:00
[[ -z "$newtombsize" ]] && {
2014-07-13 15:35:28 +00:00
_failure "Aborting operations: new size was not specified, use -s" }
2014-01-12 23:09:37 +00:00
2015-06-26 09:47:19 +00:00
# this also calls _plot()
is_valid_tomb $tombpath
2012-01-07 23:23:49 +00:00
2014-11-04 04:04:18 +00:00
_load_key # Try loading new key from option -k and set TOMBKEYFILE
2012-01-07 23:23:49 +00:00
2014-10-23 05:10:24 +00:00
local oldtombsize=$(( `stat -c %s "$TOMBPATH" 2>/dev/null` / 1048576 ))
2012-01-17 11:36:41 +00:00
local mounted_tomb=`mount -l |
2014-10-23 05:10:24 +00:00
awk -vtomb="[$TOMBNAME]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
2012-01-07 23:23:49 +00:00
2014-11-04 05:20:26 +00:00
# Tomb must not be open
[[ -z "$mounted_tomb" ]] || {
_failure "Please close the tomb ::1 tomb name:: before trying to resize it." $TOMBNAME }
# New tomb size must be specified
[[ -n "$newtombsize" ]] || {
_failure "You must specify the new size of ::1 tomb name::" $TOMBNAME }
# New tomb size must be an integer
[[ $newtombsize == <-> ]] || _failure "Size is not an integer."
2013-05-25 13:05:21 +00:00
2015-11-07 13:20:43 +00:00
# Tombs can only grow in size
if [[ "$newtombsize" -gt "$oldtombsize" ]]; then
delta="$(( $newtombsize - $oldtombsize ))"
_message "Generating ::1 tomb file:: of ::2 size::MiB" $TOMBFILE $newtombsize
2015-12-30 13:35:58 +00:00
2015-11-07 13:20:43 +00:00
_verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
2015-12-30 13:35:58 +00:00
${=DD} if=/dev/urandom bs=1048576 count=${delta} >> $TOMBPATH
2015-11-07 13:20:43 +00:00
[[ $? == 0 ]] || {
_failure "Error creating the extra resize ::1 size::, operation aborted." \
$tmp_resize }
# If same size this allows to re-launch resize if pinentry expires
# so that it will continue resizing without appending more space.
# Resizing the partition to the file size cannot harm data anyway.
elif [[ "$newtombsize" = "$oldtombsize" ]]; then
_message "Tomb seems resized already, operating filesystem stretch"
else
_failure "The new size must be greater then old tomb size."
fi
2013-05-27 20:49:44 +00:00
2014-11-04 05:20:26 +00:00
{ option_is_set --tomb-pwd } && {
2014-07-13 15:35:28 +00:00
tomb_pwd="`option_value --tomb-pwd`"
2014-08-29 10:31:23 +00:00
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
2014-08-25 21:32:32 +00:00
ask_key_password "$tomb_pwd"
2014-11-04 05:20:26 +00:00
} || {
2014-08-25 21:32:32 +00:00
ask_key_password
2014-11-04 05:20:26 +00:00
}
[[ $? == 0 ]] || _failure "No valid password supplied."
2013-05-27 20:49:44 +00:00
2014-11-14 17:51:33 +00:00
lo_mount "$TOMBPATH"
2014-08-25 19:01:50 +00:00
nstloop=`lo_new`
2013-05-25 13:05:21 +00:00
2014-08-25 19:01:50 +00:00
mapdate=`date +%s`
2014-11-14 18:13:48 +00:00
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
2013-05-25 13:05:21 +00:00
2015-11-07 13:20:43 +00:00
_message "opening tomb"
2014-11-25 01:37:05 +00:00
_cryptsetup luksOpen ${nstloop} ${mapper} || {
2014-11-23 17:25:42 +00:00
_failure "Failure mounting the encrypted file." }
2012-01-07 23:23:49 +00:00
2015-02-08 17:33:10 +00:00
_sudo cryptsetup resize "${mapper}" || {
2014-11-04 05:20:26 +00:00
_failure "cryptsetup failed to resize ::1 mapper::" $mapper }
2012-01-07 23:23:49 +00:00
2015-02-08 17:33:10 +00:00
_sudo e2fsck -p -f /dev/mapper/${mapper} || {
2014-11-04 05:20:26 +00:00
_failure "e2fsck failed to check ::1 mapper::" $mapper }
2012-01-07 23:23:49 +00:00
2015-02-08 17:33:10 +00:00
_sudo resize2fs /dev/mapper/${mapper} || {
2014-11-04 05:20:26 +00:00
_failure "resize2fs failed to resize ::1 mapper::" $mapper }
2012-01-07 23:23:49 +00:00
# close and free the loop device
2015-02-08 17:33:10 +00:00
_sudo cryptsetup luksClose "${mapper}"
2012-01-07 23:23:49 +00:00
return 0
}
2011-12-01 17:53:12 +00:00
# }}}
2013-03-30 16:29:51 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Close
2013-05-15 10:00:23 +00:00
2013-05-28 09:57:58 +00:00
umount_tomb() {
local tombs how_many_tombs
local pathmap mapper tombname tombmount loopdev
local ans pidk pname
2013-05-15 10:00:23 +00:00
2013-05-28 09:57:58 +00:00
if [ "$1" = "all" ]; then
2014-07-13 15:35:28 +00:00
mounted_tombs=(`list_tomb_mounts`)
2013-05-28 09:57:58 +00:00
else
2014-07-13 15:35:28 +00:00
mounted_tombs=(`list_tomb_mounts $1`)
2013-05-28 09:57:58 +00:00
fi
2013-03-30 16:29:51 +00:00
2014-11-04 05:20:26 +00:00
[[ ${#mounted_tombs} == 0 ]] && {
2014-11-14 13:25:49 +00:00
_failure "There is no open tomb to be closed." }
2013-03-30 16:29:51 +00:00
2014-11-04 05:20:26 +00:00
[[ ${#mounted_tombs} -gt 1 && -z "$1" ]] && {
_warning "Too many tombs mounted, please specify one (see tomb list)"
_warning "or issue the command 'tomb close all' to close them all."
2014-11-23 17:25:42 +00:00
_failure "Operation aborted." }
2011-05-09 07:11:18 +00:00
2013-05-15 10:00:23 +00:00
for t in ${mounted_tombs}; do
2014-07-13 15:35:28 +00:00
mapper=`basename ${t[(ws:;:)1]}`
2015-12-30 16:33:23 +00:00
# strip square parens from tombname
2014-07-13 15:35:28 +00:00
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
tombfs=${t[(ws:;:)3]}
tombfsopts=${t[(ws:;:)4]}
tombloop=${mapper[(ws:.:)4]}
2014-08-29 10:31:23 +00:00
_verbose "Name: ::1 tomb name::" $tombname
_verbose "Mount: ::1 mount point::" $tombmount
2017-04-16 10:00:26 +00:00
_verbose "Loop: ::1 mount loop::" $tombloop
2014-08-29 10:31:23 +00:00
_verbose "Mapper: ::1 mapper::" $mapper
2014-07-13 15:35:28 +00:00
2014-11-04 05:20:26 +00:00
[[ -e "$mapper" ]] && {
2014-08-29 09:33:56 +00:00
_warning "Tomb not found: ::1 tomb file::" $1
2014-07-13 15:35:28 +00:00
_warning "Please specify an existing tomb."
return 0 }
2014-11-04 05:20:26 +00:00
[[ -n $SLAM ]] && {
_success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \
2014-11-23 17:25:42 +00:00
$tombname $tombmount
2014-07-13 15:35:28 +00:00
_message "Kill all processes busy inside the tomb."
2014-11-04 05:20:26 +00:00
{ slam_tomb "$tombmount" } || {
_failure "Cannot slam the tomb ::1 tomb name::" $tombname }
2014-11-23 17:25:42 +00:00
} || {
2014-11-04 05:20:26 +00:00
_message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" \
2014-11-23 17:25:42 +00:00
$tombname $tombmount }
2011-09-26 09:33:07 +00:00
2014-11-23 17:25:42 +00:00
# check if there are binded dirs and close them
2015-12-30 16:33:23 +00:00
bind_tombs=(`list_tomb_binds $tombname $tombmount`)
2014-07-13 15:35:28 +00:00
for b in ${bind_tombs}; do
bind_mapper="${b[(ws:;:)1]}"
bind_mount="${b[(ws:;:)2]}"
2014-08-29 10:07:33 +00:00
_message "Closing tomb bind hook: ::1 hook::" $bind_mount
2015-12-30 16:33:23 +00:00
_sudo umount "`print - ${bind_mount}`" || {
2014-11-04 05:20:26 +00:00
[[ -n $SLAM ]] && {
2014-07-13 15:35:28 +00:00
_success "Slamming tomb: killing all processes using this hook."
2015-12-30 16:33:23 +00:00
slam_tomb "`print - ${bind_mount}`" || _failure "Cannot slam the bind hook ::1 hook::" $bind_mount
umount "`print - ${bind_mount}`" || _failure "Cannot slam the bind hook ::1 hook::" $bind_mount
2014-11-23 17:25:42 +00:00
} || {
2015-01-17 01:29:57 +00:00
_failure "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount
}
2014-11-04 05:20:26 +00:00
}
2014-07-13 15:35:28 +00:00
done
2013-03-29 11:51:43 +00:00
2014-11-23 17:25:42 +00:00
# Execute post-hooks for eventual cleanup
2014-11-04 05:20:26 +00:00
{ option_is_set -n } || {
exec_safe_post_hooks ${tombmount%%/} close }
2011-12-01 17:53:12 +00:00
2014-08-29 10:31:23 +00:00
_verbose "Performing umount of ::1 mount point::" $tombmount
2015-02-08 17:33:10 +00:00
_sudo umount ${tombmount}
2015-01-21 11:17:09 +00:00
[[ $? = 0 ]] || { _failure "Tomb is busy, cannot umount!" }
2014-11-14 13:25:49 +00:00
2014-11-23 17:25:42 +00:00
# If we used a default mountpoint and is now empty, delete it
2015-12-30 16:33:23 +00:00
tombname_regex=${tombname//\[/}
tombname_regex=${tombname_regex//\]/}
[[ "$tombmount" -regex-match "[/run]?/media[/$_USER]?/$tombname_regex" ]] && {
2015-06-26 09:47:19 +00:00
_sudo rmdir $tombmount }
2013-05-15 10:00:23 +00:00
2015-02-08 17:33:10 +00:00
_sudo cryptsetup luksClose $mapper
2014-11-23 17:25:42 +00:00
[[ $? == 0 ]] || {
2014-11-04 05:20:26 +00:00
_failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
2011-09-04 07:36:40 +00:00
2014-11-23 17:25:42 +00:00
# Normally the loopback device is detached when unused
2015-02-08 17:33:10 +00:00
[[ -e "/dev/$tombloop" ]] && _sudo losetup -d "/dev/$tombloop"
2014-11-14 13:25:49 +00:00
[[ $? = 0 ]] || {
2014-11-23 17:25:42 +00:00
_verbose "/dev/$tombloop was already closed." }
2011-09-04 07:36:40 +00:00
2014-08-29 09:26:26 +00:00
_success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname
2011-09-04 07:36:40 +00:00
2013-05-28 09:57:58 +00:00
done # loop across mounted tombs
return 0
}
# Kill all processes using the tomb
slam_tomb() {
# $1 = tomb mount point
2017-02-03 16:39:09 +00:00
if [[ -z `lsof -t +D "$1" 2>/dev/null` ]]; then
2014-07-13 15:35:28 +00:00
return 0
2013-05-28 09:57:58 +00:00
fi
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
for s in TERM HUP KILL; do
2014-08-29 10:31:23 +00:00
_verbose "Sending ::1:: to processes inside the tomb:" $s
2014-07-13 15:35:28 +00:00
if option_is_set -D; then
2017-02-03 16:39:09 +00:00
ps -fp `lsof -t +D "$1" 2>/dev/null`|
2014-07-13 15:35:28 +00:00
while read line; do
_verbose $line
done
fi
2017-02-03 16:39:09 +00:00
kill -$s `lsof -t +D "$1"`
if [[ -z `lsof -t +D "$1" 2>/dev/null` ]]; then
2014-07-13 15:35:28 +00:00
return 0
fi
if ! option_is_set -f; then
sleep 3
fi
2013-05-28 09:57:58 +00:00
done
return 1
2011-09-04 07:36:40 +00:00
}
2011-01-12 16:02:19 +00:00
2013-05-28 09:57:58 +00:00
# }}} - Tomb close
# {{{ Main routine
2014-10-24 01:48:05 +00:00
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
main() {
2014-08-14 07:58:15 +00:00
2014-10-24 01:48:05 +00:00
_ensure_dependencies # Check dependencies are present or bail out
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
local -A subcommands_opts
2011-07-19 13:42:49 +00:00
### Options configuration
2012-01-17 13:00:20 +00:00
#
2014-10-05 16:40:08 +00:00
# Hi, dear developer! Are you trying to add a new subcommand, or
# to add some options? Well, keep in mind that option names are
# global: they cannot bear a different meaning or behaviour across
2014-12-27 02:42:39 +00:00
# subcommands. The only exception is "-o" which means: "options
# passed to the local subcommand", and thus can bear a different
# meaning for different subcommands.
2014-10-05 16:40:08 +00:00
#
# For example, "-s" means "size" and accepts one argument. If you
# are tempted to add an alternate option "-s" (e.g., to mean
# "silent", and that doesn't accept any argument) DON'T DO IT!
#
# There are two reasons for that:
# I. Usability; users expect that "-s" is "size"
# II. Option parsing WILL EXPLODE if you do this kind of bad
# things (it will complain: "option defined more than once")
#
# If you want to use the same option in multiple commands then you
# can only use the non-abbreviated long-option version like:
# -force and NOT -f
#
2017-02-09 18:57:34 +00:00
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
2011-08-16 18:44:18 +00:00
subcommands_opts[__default]=""
2014-12-27 02:42:39 +00:00
# -o in open and mount is used to pass alternate mount options
2017-03-03 21:19:04 +00:00
subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: R: "
2011-07-19 23:15:31 +00:00
subcommands_opts[mount]=${subcommands_opts[open]}
2013-03-22 20:13:59 +00:00
2013-06-12 11:33:54 +00:00
subcommands_opts[create]="" # deprecated, will issue warning
2013-03-22 20:13:59 +00:00
2014-12-27 02:42:39 +00:00
# -o in forge and lock is used to pass an alternate cipher.
2017-03-24 20:08:33 +00:00
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: R: "
2014-11-23 13:49:41 +00:00
subcommands_opts[dig]="-ignore-swap s: -size=s "
2017-03-03 21:19:04 +00:00
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: R: "
2017-03-24 20:08:33 +00:00
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
2014-11-23 13:49:41 +00:00
subcommands_opts[engrave]="k: "
2013-03-22 20:13:59 +00:00
2017-03-24 20:08:33 +00:00
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
2014-11-25 01:37:05 +00:00
subcommands_opts[close]=""
2011-07-19 13:42:49 +00:00
subcommands_opts[help]=""
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
subcommands_opts[slam]=""
2013-06-19 18:20:17 +00:00
subcommands_opts[list]="-get-mountpoint "
2013-03-30 16:29:51 +00:00
subcommands_opts[index]=""
subcommands_opts[search]=""
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
subcommands_opts[help]=""
2017-03-03 21:19:04 +00:00
subcommands_opts[bury]="k: -tomb-pwd: r: R: "
subcommands_opts[exhume]="k: -tomb-pwd: r: R: "
2013-06-19 18:20:17 +00:00
# subcommands_opts[decompose]=""
# subcommands_opts[recompose]=""
# subcommands_opts[install]=""
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
subcommands_opts[askpass]=""
2011-08-20 16:45:00 +00:00
subcommands_opts[source]=""
2017-03-03 21:19:04 +00:00
subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: r: R: "
2013-06-19 18:20:17 +00:00
subcommands_opts[check]="-ignore-swap "
2014-11-23 17:25:42 +00:00
# subcommands_opts[translate]=""
2013-05-25 13:05:21 +00:00
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
### Detect subcommand
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
for optspec in $subcommands_opts$main_opts; do
2014-07-13 15:35:28 +00:00
for opt in ${=optspec}; do
every_opts+=${opt}
done
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
done
local -a oldstar
2014-11-14 19:12:30 +00:00
oldstar=("${(@)argv}")
2014-12-26 23:54:51 +00:00
#### detect early: useful for --option-parsing
2012-01-23 02:34:25 +00:00
zparseopts -M -D -Adiscardme ${every_opts}
2014-11-23 17:25:42 +00:00
if [[ -n ${(k)discardme[--option-parsing]} ]]; then
print $1
if [[ -n "$1" ]]; then
return 1
2014-07-13 15:35:28 +00:00
fi
2014-11-23 17:25:42 +00:00
return 0
fi
unset discardme
2012-01-23 02:34:25 +00:00
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
2014-11-23 17:25:42 +00:00
_failure "Error parsing."
return 127
fi
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
unset discardme
subcommand=$1
2011-08-16 18:44:18 +00:00
if [[ -z $subcommand ]]; then
2014-07-13 15:35:28 +00:00
subcommand="__default"
2011-08-16 18:44:18 +00:00
fi
2011-12-01 19:04:56 +00:00
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
2014-08-29 09:33:56 +00:00
_warning "There's no such command \"::1 subcommand::\"." $subcommand
2014-08-30 15:33:29 +00:00
exitv=127 _failure "Please try -h for help."
2011-04-10 19:38:01 +00:00
fi
2014-11-14 19:12:30 +00:00
argv=("${(@)oldstar}")
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
unset oldstar
2011-02-14 14:57:37 +00:00
2011-12-01 17:53:12 +00:00
### Parsing global + command-specific options
# zsh magic: ${=string} will split to multiple arguments when spaces occur
set -A cmd_opts ${main_opts} ${=subcommands_opts[$subcommand]}
# if there is no option, we don't need parsing
2013-05-25 13:05:21 +00:00
if [[ -n $cmd_opts ]]; then
2014-10-22 21:52:01 +00:00
zparseopts -M -E -D -AOPTS ${cmd_opts}
2014-07-13 15:35:28 +00:00
if [[ $? != 0 ]]; then
_warning "Some error occurred during option processing."
2014-08-30 15:33:29 +00:00
exitv=127 _failure "See \"tomb help\" for more info."
2014-07-13 15:35:28 +00:00
fi
2011-12-01 17:53:12 +00:00
fi
#build PARAM (array of arguments) and check if there are unrecognized options
ok=0
PARAM=()
for arg in $*; do
2014-07-13 15:35:28 +00:00
if [[ $arg == '--' || $arg == '-' ]]; then
ok=1
2015-09-20 21:32:00 +00:00
continue #it shouldn't be appended to PARAM
2014-07-13 15:35:28 +00:00
elif [[ $arg[1] == '-' ]]; then
if [[ $ok == 0 ]]; then
2014-08-30 15:33:29 +00:00
exitv=127 _failure "Unrecognized option ::1 arg:: for subcommand ::2 subcommand::" $arg $subcommand
2014-07-13 15:35:28 +00:00
fi
fi
PARAM+=$arg
2011-12-01 17:53:12 +00:00
done
2014-11-04 05:20:26 +00:00
# First parameter actually is the subcommand: delete it and shift
[[ $subcommand != '__default' ]] && { PARAM[1]=(); shift }
2011-12-01 17:53:12 +00:00
### End parsing command-specific options
2014-11-04 05:20:26 +00:00
# Use colors unless told not to
{ ! option_is_set --no-color } && { autoload -Uz colors && colors }
# Some options are only available during insecure mode
2014-11-21 21:25:43 +00:00
{ ! option_is_set --unsafe } && {
2014-11-25 01:37:05 +00:00
for opt in --tomb-pwd --use-urandom --tomb-old-pwd; do
2014-11-04 05:20:26 +00:00
{ option_is_set $opt } && {
2014-11-21 21:25:43 +00:00
exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt }
2014-07-13 15:35:28 +00:00
done
2014-11-04 05:20:26 +00:00
}
2014-11-23 13:49:41 +00:00
# read -t or --tmp flags to set a custom temporary directory
option_is_set --tmp && TMPPREFIX=$(option_value --tmp)
2011-10-31 22:34:21 +00:00
2014-10-24 01:48:05 +00:00
# When we run as root, we remember the original uid:gid to set
# permissions for the calling user and drop privileges
_whoami # Reset _UID, _GID, _TTY
2013-03-29 11:51:43 +00:00
2014-10-09 22:05:00 +00:00
[[ "$PARAM" == "" ]] && {
_verbose "Tomb command: ::1 subcommand::" $subcommand
} || {
_verbose "Tomb command: ::1 subcommand:: ::2 param::" $subcommand $PARAM
}
2014-10-24 01:48:05 +00:00
[[ -z $_UID ]] || {
_verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." \
2014-11-23 17:25:42 +00:00
$_UID $_GID $_TTY
2014-10-09 22:05:00 +00:00
}
2011-04-28 10:14:37 +00:00
2014-11-23 13:49:41 +00:00
_verbose "Temporary directory: $TMPPREFIX"
2014-11-04 05:45:10 +00:00
# Process subcommand
2011-07-14 13:47:20 +00:00
case "$subcommand" in
2013-03-22 20:13:59 +00:00
2014-11-23 17:25:42 +00:00
# USAGE
2014-11-04 05:45:10 +00:00
help)
usage
;;
2014-11-23 17:25:42 +00:00
# DEPRECATION notice (leave here as 'create' is still present in old docs)
2014-11-04 05:45:10 +00:00
create)
_warning "The create command is deprecated, please use dig, forge and lock instead."
_warning "For more informations see Tomb's manual page (man tomb)."
2014-11-23 17:25:42 +00:00
_failure "Operation aborted."
2014-07-13 15:35:28 +00:00
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# CREATE Step 1: dig -s NN file.tomb
2014-07-13 15:35:28 +00:00
dig)
2017-02-05 19:29:22 +00:00
dig_tomb $PARAM
2014-07-13 15:35:28 +00:00
;;
2014-11-23 17:25:42 +00:00
# CREATE Step 2: forge file.tomb.key
2014-11-04 05:45:10 +00:00
forge)
2017-02-05 19:29:22 +00:00
forge_key $PARAM
2014-07-13 15:35:28 +00:00
;;
2014-11-23 17:25:42 +00:00
# CREATE Step 2: lock -k file.tomb.key file.tomb
2014-11-04 05:45:10 +00:00
lock)
2017-02-05 19:29:22 +00:00
lock_tomb_with_key $PARAM
2014-07-13 15:35:28 +00:00
;;
2014-11-23 17:25:42 +00:00
# Open the tomb
2014-07-13 15:35:28 +00:00
mount|open)
2017-02-05 19:29:22 +00:00
mount_tomb $PARAM
2014-07-13 15:35:28 +00:00
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Close the tomb
# `slam` is used to force closing.
2014-07-13 15:35:28 +00:00
umount|close|slam)
2017-02-05 19:03:29 +00:00
[[ "$subcommand" == "slam" ]] && {
SLAM=1
[[ $LSOF == 0 ]] && {
unset SLAM
_warning "lsof not installed: cannot slam tombs."
_warning "Trying a regular close." }}
2014-07-13 15:35:28 +00:00
umount_tomb $PARAM[1]
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Grow tomb's size
2014-11-04 05:45:10 +00:00
resize)
[[ $RESIZER == 0 ]] && {
_failure "Resize2fs not installed: cannot resize tombs." }
resize_tomb $PARAM[1]
2014-07-13 15:35:28 +00:00
;;
2014-11-23 17:25:42 +00:00
## Contents manipulation
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Index tomb contents
2014-07-13 15:35:28 +00:00
index)
index_tombs $PARAM[1]
2014-11-23 17:25:42 +00:00
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# List tombs
2014-11-04 05:45:10 +00:00
list)
list_tombs $PARAM[1]
2014-07-13 15:35:28 +00:00
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Search tomb contents
2014-07-13 15:35:28 +00:00
search)
2017-02-05 19:29:22 +00:00
search_tombs $PARAM
2014-07-13 15:35:28 +00:00
;;
2014-11-23 17:25:42 +00:00
## Locking operations
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Export key to QR Code
2014-11-04 05:45:10 +00:00
engrave)
[[ $QRENCODE == 0 ]] && {
_failure "QREncode not installed: cannot engrave keys on paper." }
2017-02-05 19:29:22 +00:00
engrave_key $PARAM
2014-07-13 15:35:28 +00:00
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Change password on existing key
2014-11-04 05:45:10 +00:00
passwd)
change_passwd $PARAM[1]
;;
2014-11-23 17:25:42 +00:00
# Change tomb key
2014-11-04 05:45:10 +00:00
setkey)
2017-02-05 19:29:22 +00:00
change_tomb_key $PARAM
2014-11-04 05:45:10 +00:00
;;
2014-11-23 17:25:42 +00:00
# STEGANOGRAPHY: hide key inside an image
2014-07-13 15:35:28 +00:00
bury)
2014-10-21 16:33:59 +00:00
[[ $STEGHIDE == 0 ]] && {
2014-07-13 15:35:28 +00:00
_failure "Steghide not installed: cannot bury keys into images." }
bury_key $PARAM[1]
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# STEGANOGRAPHY: read key hidden in an image
exhume)
2014-10-21 16:33:59 +00:00
[[ $STEGHIDE == 0 ]] && {
2014-07-13 15:35:28 +00:00
_failure "Steghide not installed: cannot exhume keys from images." }
exhume_key $PARAM[1]
;;
2014-11-04 05:45:10 +00:00
## Internal commands useful to developers
2014-11-23 17:25:42 +00:00
# Make tomb functions available to the calling shell or script
2014-07-13 15:35:28 +00:00
'source') return 0 ;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Ask user for a password interactively
2014-07-13 15:35:28 +00:00
askpass) ask_password $PARAM[1] $PARAM[2] ;;
2014-11-23 17:25:42 +00:00
# Default operation: presentation, or version information with -v
2014-07-13 15:35:28 +00:00
__default)
2014-11-23 17:25:42 +00:00
_print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION
_print "\000"
2016-12-29 18:20:48 +00:00
_print " Copyright (C) 2007-2017 Dyne.org Foundation, License GNU GPL v3+"
2014-11-23 17:25:42 +00:00
_print " This is free software: you are free to change and redistribute it"
_print " For the latest sourcecode go to <http://dyne.org/software/tomb>"
_print "\000"
2014-07-13 15:35:28 +00:00
option_is_set -v && {
2014-11-26 18:35:47 +00:00
local langwas=$LANG
LANG=en
2014-11-23 17:25:42 +00:00
_print " This source code is distributed in the hope that it will be useful,"
_print " but WITHOUT ANY WARRANTY; without even the implied warranty of"
_print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
2014-11-26 18:35:47 +00:00
LANG=$langwas
2014-11-23 17:25:42 +00:00
_print " When in need please refer to <http://dyne.org/support>."
_print "\000"
_print "System utils:"
_print "\000"
cat <<EOF
2014-11-16 10:34:35 +00:00
`sudo -V | head -n1`
`cryptsetup --version`
`pinentry --version`
`gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
`list_gnupg_ciphers`
2012-01-17 16:28:40 +00:00
EOF
2014-11-23 17:25:42 +00:00
_print "\000"
_print "Optional utils:"
_print "\000"
_list_optional_tools version
return 0
2014-07-13 15:35:28 +00:00
}
usage
;;
2014-11-04 05:45:10 +00:00
2014-11-23 17:25:42 +00:00
# Reject unknown command and suggest help
2014-07-13 15:35:28 +00:00
*)
2014-08-29 09:33:56 +00:00
_warning "Command \"::1 subcommand::\" not recognized." $subcommand
2014-07-13 15:35:28 +00:00
_message "Try -h for help."
return 1
;;
2011-04-10 19:38:01 +00:00
esac
2011-10-24 19:30:10 +00:00
return $?
2011-04-10 19:38:01 +00:00
}
2011-12-01 19:04:56 +00:00
2011-12-01 17:53:12 +00:00
# }}}
2013-03-29 11:51:43 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Run
2013-03-29 11:51:43 +00:00
2015-02-20 10:40:41 +00:00
main "$@" || exit $? # Prevent `source tomb source` from exiting
2014-08-14 07:58:15 +00:00
2011-12-01 17:53:12 +00:00
# }}}
2011-12-01 19:27:05 +00:00
2012-01-20 01:14:39 +00:00
# -*- tab-width: 4; indent-tabs-mode:nil; -*-
# vim: set shiftwidth=4 expandtab: