2011-02-10 11:22:11 +00:00
|
|
|
#!/bin/zsh
|
2010-08-22 13:04:19 +00:00
|
|
|
#
|
2011-01-13 13:37:52 +00:00
|
|
|
# Tomb, the Crypto Undertaker
|
2010-08-22 13:04:19 +00:00
|
|
|
#
|
2011-01-13 13:37:52 +00:00
|
|
|
# a tool to easily operate file encryption of private and secret data
|
2010-08-22 13:04:19 +00:00
|
|
|
#
|
2011-01-11 18:30:34 +00:00
|
|
|
# Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
|
2010-08-22 13:04:19 +00:00
|
|
|
#
|
|
|
|
# This source code is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU Public License as published by
|
|
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This source code is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
# Please refer to the GNU Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Public License along with
|
|
|
|
# this source code; if not, write to:
|
|
|
|
# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
|
2011-02-07 10:27:53 +00:00
|
|
|
VERSION=0.9.2
|
2011-02-03 16:11:08 +00:00
|
|
|
DATE=Feb/2011
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-01-12 10:38:03 +00:00
|
|
|
# PATH=/usr/bin:/usr/sbin:/bin:/sbin
|
2010-08-29 12:56:53 +00:00
|
|
|
|
2010-08-22 13:04:19 +00:00
|
|
|
# standard output message routines
|
|
|
|
# it's always useful to wrap them, in case we change behaviour later
|
2011-02-14 09:24:31 +00:00
|
|
|
notice() { if ! [ $QUIET ]; then echo "[*] $1" >&2; fi }
|
|
|
|
act() { if ! [ $QUIET ]; then echo " . $1" >&2; fi }
|
|
|
|
error() { if ! [ $QUIET ]; then echo "[!] $1" >&2; fi }
|
|
|
|
func() { if [ $DEBUG ]; then echo "[D] $1" >&2; fi }
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2010-08-29 12:56:53 +00:00
|
|
|
# which dd command to use
|
|
|
|
which dcfldd > /dev/null
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
DD="dcfldd"
|
|
|
|
else
|
|
|
|
DD=dd
|
|
|
|
fi
|
|
|
|
|
2011-01-11 18:27:30 +00:00
|
|
|
# which wipe command to use
|
|
|
|
which wipe > /dev/null
|
|
|
|
if [ $? = 0 ]; then
|
2011-01-16 22:43:45 +00:00
|
|
|
WIPE=(wipe -f -s -q)
|
2011-01-11 18:27:30 +00:00
|
|
|
else
|
2011-01-16 22:43:45 +00:00
|
|
|
WIPE=(rm -f)
|
2011-01-11 18:27:30 +00:00
|
|
|
fi
|
|
|
|
|
2011-01-12 16:02:19 +00:00
|
|
|
# usb auto detect using dmesg
|
2011-01-10 19:41:28 +00:00
|
|
|
# tested on ubuntu 10.04 - please test and patch on other systems if you can
|
2011-02-03 16:11:08 +00:00
|
|
|
# TODO: use udev rules, see how archlinux folks document it - arch rox 8)
|
|
|
|
# https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
|
|
|
|
# here we could modularize the choice of methods using function pointers,
|
|
|
|
# so that they are configurable when calling tomb.
|
2011-01-10 19:41:28 +00:00
|
|
|
ask_usbkey() {
|
2011-01-28 11:26:35 +00:00
|
|
|
notice "Waiting 1 minute for a usb key to connect"
|
2011-01-11 13:55:31 +00:00
|
|
|
echo -n " . please insert your usb key "
|
2011-01-28 11:26:35 +00:00
|
|
|
|
|
|
|
exec_as_user notify-send -i monmort \
|
|
|
|
-u normal -h string:App:Tomb \
|
|
|
|
-h double:Version:${VERSION} \
|
|
|
|
-t 60 \
|
|
|
|
"Insert your USB KEY" \
|
|
|
|
"Tomb is waiting 1 minute for you to insert an external key."
|
2011-01-10 19:41:28 +00:00
|
|
|
|
|
|
|
plugged=false
|
2011-01-28 11:26:35 +00:00
|
|
|
c=0
|
2011-01-10 19:41:28 +00:00
|
|
|
while [ "$plugged" != "true" ]; do
|
|
|
|
dmesg | tail -n 12 | grep -q 'new.*USB device'
|
|
|
|
if [ $? = 0 ]; then plugged=true; fi
|
|
|
|
echo -n "."
|
2011-02-09 19:22:39 +00:00
|
|
|
sleep .5
|
2011-01-28 11:26:35 +00:00
|
|
|
c=`expr $c + 1`
|
2011-02-09 19:22:39 +00:00
|
|
|
if [ $c -gt 15 ]; then
|
2011-01-28 11:26:35 +00:00
|
|
|
echo
|
|
|
|
error "timeout."
|
|
|
|
export usbkey_mount=none
|
|
|
|
return 1;
|
|
|
|
fi
|
2011-01-10 19:41:28 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
echo
|
2011-02-09 19:22:39 +00:00
|
|
|
echo -n " . usb key inserted, attaching "
|
2011-01-10 19:41:28 +00:00
|
|
|
|
2011-01-28 11:26:35 +00:00
|
|
|
c=0
|
2011-01-10 19:41:28 +00:00
|
|
|
attached=false
|
|
|
|
while [ "$attached" != "true" ]; do
|
2011-02-09 19:22:39 +00:00
|
|
|
dmesg | tail -n 12| grep -q 'Attached.*removable disk'
|
2011-01-10 19:41:28 +00:00
|
|
|
if [ $? = 0 ]; then attached=true; fi
|
|
|
|
echo -n "."
|
2011-01-28 11:26:35 +00:00
|
|
|
sleep 1
|
|
|
|
c=`expr $c + 1`
|
|
|
|
if [ $c -gt 15 ]; then
|
|
|
|
echo
|
|
|
|
error "timeout."
|
|
|
|
export usbkey_mount=none
|
|
|
|
return 1;
|
|
|
|
fi
|
2011-01-10 19:41:28 +00:00
|
|
|
done
|
|
|
|
|
2011-02-09 19:22:39 +00:00
|
|
|
echo
|
|
|
|
echo -n " . usb attached, opening "
|
|
|
|
|
2011-01-10 19:41:28 +00:00
|
|
|
# get the first partition
|
2011-02-11 02:56:09 +00:00
|
|
|
# usbpart=`dmesg |tail -n 12 | grep ' sd.:' |cut -d: -f2 |tr -d ' '`
|
|
|
|
for i in $(seq 1 10); do
|
|
|
|
usbpart=$(dmesg | tail -n 12 | sed '/ sd.:/!d;s/^.*: \(sd.[0-9]*\)/\1/')
|
|
|
|
if [ -n "$usbpart" ]; then
|
|
|
|
break
|
|
|
|
elif [ $i -eq 10 ]; then
|
|
|
|
error "timeout."
|
|
|
|
return 1
|
|
|
|
else
|
|
|
|
echo -n .
|
|
|
|
sleep 1
|
|
|
|
fi
|
|
|
|
done
|
2011-02-09 19:22:39 +00:00
|
|
|
|
|
|
|
# # wait that is mounted (it automount is on)
|
|
|
|
# c=0
|
|
|
|
# mounted=false
|
|
|
|
# while [ "$mounted" != "true" ]; do
|
|
|
|
# cat /proc/mounts | tail -n 2 | grep -q $usbpart
|
|
|
|
# if [ $? = 0 ]; then mounted=true; fi
|
|
|
|
# echo -n "."
|
|
|
|
# sleep .5
|
|
|
|
# c=`expr $c + 1`
|
|
|
|
# if [ $c -gt 30 ]; then
|
|
|
|
# echo
|
|
|
|
# error "timeout."
|
|
|
|
# export usbkey_mount=none
|
|
|
|
# return 1;
|
|
|
|
# fi
|
|
|
|
# done
|
|
|
|
# # check where it is mounted
|
|
|
|
# usbmount=`cat /proc/mounts | awk -v p=$usbpart '{ if( $1 == "/dev/" p) print $2 }'`
|
|
|
|
|
2011-02-11 03:02:40 +00:00
|
|
|
# sleep 1
|
2011-02-09 19:22:39 +00:00
|
|
|
# mount the first partition on the usb key
|
2011-02-11 03:02:40 +00:00
|
|
|
# mtmp=`tempfile -p tomb`
|
|
|
|
# rm -f $mtmp
|
|
|
|
# mkdir -p $mtmp
|
|
|
|
mtmp=$(/bin/mktemp -d --tmpdir tomb.XXXXXXXXXXXX)
|
2011-02-09 19:22:39 +00:00
|
|
|
mount /dev/$usbpart $mtmp
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
usbmount=$mtmp
|
|
|
|
else
|
|
|
|
error "cannot mount usbkey partition $usbmount"
|
|
|
|
return 1
|
|
|
|
fi
|
2011-01-10 19:41:28 +00:00
|
|
|
|
|
|
|
echo
|
2011-01-11 13:55:31 +00:00
|
|
|
act "usb key mounted on $usbmount"
|
|
|
|
export usbkey_mount=$usbmount
|
2011-01-11 11:57:44 +00:00
|
|
|
return 0
|
2011-01-10 19:41:28 +00:00
|
|
|
}
|
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
# we use pinentry now
|
|
|
|
# comes from gpg project and is much more secure
|
|
|
|
# it also conveniently uses the right toolkit
|
2010-08-22 13:04:19 +00:00
|
|
|
ask_password() {
|
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
# pinentry has no custom icon setting
|
|
|
|
# so we need to temporary modify the gtk theme
|
|
|
|
cp ~/.gtkrc-2.0 ~/.gtkrc-2.0.bak
|
|
|
|
cat <<EOF >> ~/.gtkrc-2.0
|
|
|
|
pixmap_path "/usr/local/share/pixmaps"
|
|
|
|
style "normal" { stock["gtk-dialog-authentication"] = {{"monmort.xpm"}} }
|
|
|
|
widget "*" style "normal"
|
|
|
|
EOF
|
2011-02-03 16:11:08 +00:00
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
cat <<EOF | pinentry | awk '/^D/ { print $2 }'
|
|
|
|
SETTITLE Opening Tomb $1
|
|
|
|
SETDESC You need a password to use its key
|
|
|
|
SETPROMPT Password:
|
|
|
|
GETPIN
|
|
|
|
EOF
|
|
|
|
|
|
|
|
# restore gtk as it was
|
|
|
|
cp ~/.gtkrc-2.0.bak ~/.gtkrc-2.0
|
|
|
|
rm ~/.gtkrc-2.0.bak
|
2010-08-22 13:04:19 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2011-01-19 11:38:19 +00:00
|
|
|
# popup notification
|
|
|
|
tomb-notify() {
|
2011-02-03 16:11:08 +00:00
|
|
|
# look for our icon in common prefixes
|
|
|
|
if [ -r /usr/share/pixmaps/monmort.xpm ]; then icon=/usr/share/pixmaps/monmort.xpm
|
|
|
|
elif [ -r /usr/share/icons/monmort.xpm ]; then icon=/usr/share/icons/monmort.xpm
|
|
|
|
elif [ -r /usr/local/share/pixmaps/monmort.xpm ]; then icon=/usr/local/share/pixmaps/monmort.xpm
|
|
|
|
elif [ -r /usr/local/share/icons/monmort.xpm ]; then icon=/usr/local/share/icons/monmort.xpm
|
|
|
|
elif [ -r /opt/share/pixmaps/monmort.xpm ]; then icon=/opt/share/pixmaps/monmort.xpm
|
|
|
|
elif [ -r /sw/share/pixmaps/monmort.xpm ]; then icon=/sw/share/pixmaps/monmort.xpm
|
|
|
|
fi
|
|
|
|
|
2011-01-19 11:38:19 +00:00
|
|
|
if [ -z $1 ]; then
|
2011-02-03 16:11:08 +00:00
|
|
|
exec_as_user notify-send -i $icon \
|
2011-01-19 11:38:19 +00:00
|
|
|
-u low -h string:App:Tomb \
|
|
|
|
-h double:Version:${VERSION} \
|
|
|
|
"Tomb version $VERSION" \
|
|
|
|
"Hi, I'm the Undertaker.
|
|
|
|
Let's start setting your Crypt?"
|
|
|
|
else
|
2011-02-03 16:11:08 +00:00
|
|
|
exec_as_user notify-send -i $icon ${@}
|
2011-01-19 11:38:19 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2011-01-12 10:38:03 +00:00
|
|
|
# drop privileges
|
|
|
|
exec_as_user() {
|
2011-02-03 16:11:08 +00:00
|
|
|
|
|
|
|
if ! [ $SUDO_USER ]; then
|
|
|
|
exec $@[@]
|
|
|
|
return $?
|
|
|
|
fi
|
|
|
|
|
2011-02-07 10:27:53 +00:00
|
|
|
func "exec_as_user '$SUDO_USER': ${(f)@}"
|
2011-02-03 16:11:08 +00:00
|
|
|
which sudo > /dev/null
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
sudo -u $SUDO_USER "${@[@]}"
|
|
|
|
return $?
|
2011-02-03 19:42:46 +00:00
|
|
|
else
|
|
|
|
error "Tomb requires sudo. please install it."
|
|
|
|
return 1
|
2011-02-03 16:11:08 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# escalate privileges
|
|
|
|
check_priv() {
|
|
|
|
id | grep root > /dev/null
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
which gksu > /dev/null
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
func "Using gksu for root execution of 'tomb ${(f)ARGS}'"
|
2011-02-09 19:22:39 +00:00
|
|
|
gksudo "tomb ${ARGS[@]}"
|
2011-02-07 10:27:53 +00:00
|
|
|
exit $?
|
2011-02-03 16:11:08 +00:00
|
|
|
fi
|
|
|
|
which sudo > /dev/null
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
func "Using sudo for root execution of 'tomb ${(f)ARGS}'"
|
2011-02-13 11:29:07 +00:00
|
|
|
# check if sudo has a timestamp active
|
2011-02-14 09:24:31 +00:00
|
|
|
sudok=false
|
|
|
|
sudo -n tomb 2> /dev/null
|
|
|
|
if [ $? != 0 ]; then # if not then ask a password
|
|
|
|
cat <<EOF | pinentry | awk '/^D/ { print $2 }' | sudo -S -v
|
|
|
|
SETTITLE Super user privileges required
|
|
|
|
SETDESC Sudo execution of Tomb ${ARGS[@]}
|
2011-02-13 11:29:07 +00:00
|
|
|
SETPROMPT Insert your USER password:
|
2011-02-14 09:24:31 +00:00
|
|
|
GETPIN
|
|
|
|
EOF
|
2011-02-13 11:29:07 +00:00
|
|
|
fi
|
|
|
|
sudo "tomb" ${(s: :)ARGS}
|
2011-02-07 10:27:53 +00:00
|
|
|
exit $?
|
2011-02-14 09:24:31 +00:00
|
|
|
fi # have sudo
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
2011-02-14 09:24:31 +00:00
|
|
|
fi # are we root already
|
2011-02-03 19:42:46 +00:00
|
|
|
return 0
|
2011-01-12 10:38:03 +00:00
|
|
|
}
|
2010-08-22 13:04:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
############################
|
|
|
|
### main()
|
|
|
|
###
|
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
echo $@ | grep '\-q' 2>&1 > /dev/null
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
notice "Tomb - simple commandline tool for encrypted storage"
|
|
|
|
act "version $VERSION ($DATE) by Jaromil @ dyne.org"
|
|
|
|
fi
|
2011-02-07 10:27:53 +00:00
|
|
|
echo $@ | grep '\-D' 2>&1 > /dev/null
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
echo "[D] invoked with args \"${(f)@}\" "
|
|
|
|
echo "[D] running on `date`"
|
|
|
|
fi
|
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
ARGS=$@[@]
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
OPTS=`getopt -o hvqDs:k: -n 'tomb' -- "$@"`
|
2010-08-22 13:04:19 +00:00
|
|
|
while true; do
|
|
|
|
case "$1" in
|
|
|
|
-h)
|
2011-01-12 10:38:03 +00:00
|
|
|
act ""
|
2011-01-30 22:25:01 +00:00
|
|
|
notice "Syntax: tomb [options] command [file] [mountpoint]"
|
2010-08-23 09:48:21 +00:00
|
|
|
act ""
|
|
|
|
notice "Commands:"
|
2010-08-22 13:04:19 +00:00
|
|
|
act "create create a new encrypted storage FILE and keys"
|
2011-01-28 11:26:35 +00:00
|
|
|
act "open open an existing tomb FILE on MOUNTPOINT"
|
|
|
|
act "close closes the tomb on MOUNTPOINT"
|
2011-02-13 11:29:07 +00:00
|
|
|
act "bury hide a tomb key inside a jpeg image"
|
2011-02-12 16:54:53 +00:00
|
|
|
act "exhume extract an hidden tomb key from a jpeg image"
|
|
|
|
|
2011-02-07 10:46:22 +00:00
|
|
|
act ""
|
|
|
|
notice "Options:"
|
|
|
|
act "-s size of the storage file when creating one (MB)"
|
|
|
|
act "-k path to the key to use for decryption"
|
|
|
|
act ""
|
|
|
|
act "-h print this help"
|
|
|
|
act "-v version information for this tool"
|
|
|
|
act "-q run quietly without printing informations"
|
|
|
|
act "-D print debugging information at runtime"
|
2010-08-22 13:04:19 +00:00
|
|
|
echo; exit 2 ;;
|
|
|
|
-v)
|
2010-08-23 09:48:21 +00:00
|
|
|
# print out the GPL license in this file
|
2011-01-12 10:38:03 +00:00
|
|
|
act ""
|
2010-08-23 09:48:21 +00:00
|
|
|
cat $0 | awk '
|
|
|
|
BEGIN { license=0 }
|
|
|
|
/^# This source/ { license=1 }
|
|
|
|
{ if(license==1) print " " $0 }
|
|
|
|
/MA 02139, USA.$/ { license=0 }
|
|
|
|
'
|
|
|
|
act ""
|
|
|
|
exit 0 ;;
|
2011-02-03 21:17:06 +00:00
|
|
|
-q) QUIET=1; shift 1 ;;
|
2011-02-03 16:11:08 +00:00
|
|
|
-D) DEBUG=1; shift 1 ;;
|
2010-08-22 13:04:19 +00:00
|
|
|
-s) SIZE=$2; shift 2 ;;
|
|
|
|
-k) KEY=$2; shift 2 ;;
|
|
|
|
--) shift; break ;;
|
2011-01-19 11:54:43 +00:00
|
|
|
*) CMD=$1;
|
|
|
|
FILE=$2; MOUNT=$3; # compat with old args
|
|
|
|
CMD2=${2}; CMD3=${3}; break ;;
|
2010-08-22 13:04:19 +00:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
2010-09-16 12:51:06 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
if ! [ $CMD ]; then
|
2010-08-22 13:04:19 +00:00
|
|
|
error "first argument missing, use -h for help"
|
2011-01-19 11:54:43 +00:00
|
|
|
tomb-notify
|
2010-08-22 13:04:19 +00:00
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
2011-01-12 10:38:03 +00:00
|
|
|
|
2010-09-16 12:51:06 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
func "Tomb called: $CMD $CMD2 $CMD3"
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
|
2010-08-22 14:44:35 +00:00
|
|
|
create_tomb() {
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
# make sure the file has a .tomb extension
|
|
|
|
FILE="${FILE%\.*}.tomb"
|
|
|
|
|
2011-01-30 22:25:01 +00:00
|
|
|
if [ -e "$FILE" ]; then
|
|
|
|
error "$FILE exists already. I'm not digging here."
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
2011-01-30 22:25:01 +00:00
|
|
|
fi
|
2011-02-03 16:11:08 +00:00
|
|
|
|
2011-01-28 11:26:35 +00:00
|
|
|
notice "Creating a new tomb"
|
2010-08-22 13:04:19 +00:00
|
|
|
if [ -z $SIZE ]; then
|
2010-08-29 12:56:53 +00:00
|
|
|
if [ $MOUNT ]; then
|
|
|
|
SIZE=$MOUNT
|
|
|
|
else
|
2011-01-28 11:26:35 +00:00
|
|
|
act "No size specified, summoning the Tomb Undertaker to guide us in the creation."
|
2011-02-03 19:42:46 +00:00
|
|
|
tomb-open &!
|
|
|
|
return 0
|
2010-08-29 12:56:53 +00:00
|
|
|
fi
|
2010-08-22 13:04:19 +00:00
|
|
|
fi
|
2011-01-28 11:26:35 +00:00
|
|
|
|
2011-01-30 22:25:01 +00:00
|
|
|
SIZE_4k=`expr $SIZE \* 1000 / 4`
|
2011-01-28 11:26:35 +00:00
|
|
|
act "Generating ${FILE} of ${SIZE}Mb (${SIZE_4k} blocks of 4Kb)"
|
2010-08-29 12:56:53 +00:00
|
|
|
$DD if=/dev/urandom bs=4k count=${SIZE_4k} of=${FILE}
|
2010-08-22 13:04:19 +00:00
|
|
|
|
|
|
|
if [ $? = 0 -a -e ${FILE} ]; then
|
2010-08-29 12:56:53 +00:00
|
|
|
act "OK: `ls -lh ${FILE}`"
|
2010-08-22 13:04:19 +00:00
|
|
|
else
|
2011-01-28 11:26:35 +00:00
|
|
|
error "Error creating the tomb ${FILE}, operation aborted."
|
|
|
|
exit 1
|
2010-08-22 13:04:19 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
modprobe dm-crypt
|
|
|
|
modprobe aes-i586
|
|
|
|
|
|
|
|
nstloop=`losetup -f` # get the number for next loopback device
|
|
|
|
losetup -f ${FILE} # allocates the next loopback for our file
|
2011-02-03 16:11:08 +00:00
|
|
|
|
|
|
|
# create the keyfile in tmpfs so that we leave less traces in RAM
|
|
|
|
keytmp=`tempfile -p tomb`
|
|
|
|
rm -f $keytmp
|
|
|
|
mkdir -p $keytmp
|
|
|
|
mount tmpfs ${keytmp} -t tmpfs -o size=1m
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "cannot mount tmpfs filesystem in volatile memory"
|
|
|
|
error "operation aborted."
|
|
|
|
losetup -d $nstloop
|
|
|
|
rm -r $keytmp
|
|
|
|
exit 1
|
|
|
|
fi
|
2010-08-22 13:04:19 +00:00
|
|
|
act "Generating secret key..."
|
2011-01-13 13:37:52 +00:00
|
|
|
act "this operation takes time, keep using this computer on other tasks,"
|
|
|
|
act "once done you will be asked to choose a password for your tomb."
|
2011-02-03 16:11:08 +00:00
|
|
|
touch ${keytmp}/tomb.tmp
|
|
|
|
chmod 0600 ${keytmp}/tomb.tmp
|
2011-02-10 11:22:11 +00:00
|
|
|
$DD bs=1 count=256 if=/dev/random of=${keytmp}/tomb.tmp
|
2011-02-03 16:11:08 +00:00
|
|
|
if ! [ -r ${keytmp}/tomb.tmp ]; then
|
|
|
|
error "cannot generate encryption key, operation aborted."
|
|
|
|
umount ${keytmp}
|
|
|
|
losetup -d $nstloop
|
|
|
|
rm -r $keytmp
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2010-08-22 13:04:19 +00:00
|
|
|
notice "Setup your secret key file ${FILE}.gpg"
|
2011-01-19 11:38:19 +00:00
|
|
|
tomb-notify "The Tomb key is being forged:" "please set your password."
|
2011-02-03 16:11:08 +00:00
|
|
|
|
2010-08-29 12:56:53 +00:00
|
|
|
# here user is prompted for key password
|
2011-02-03 16:11:08 +00:00
|
|
|
for c in 1 2 3; do
|
|
|
|
# 3 tries to write two times a matching password
|
2011-02-14 09:24:31 +00:00
|
|
|
tombpass=`exec_as_user tomb -q askpass ${FILE}`
|
|
|
|
tombpasstmp=$tombpass
|
|
|
|
tombpass=`exec_as_user tomb -q askpass "${FILE} (again)"`
|
|
|
|
if [ "$tombpasstmp" = "$tombpass" ]; then
|
2011-02-03 16:11:08 +00:00
|
|
|
break;
|
|
|
|
fi
|
2011-02-14 09:24:31 +00:00
|
|
|
unset tombpasstmp
|
|
|
|
unset tombpass
|
2010-08-22 13:04:19 +00:00
|
|
|
done
|
2011-02-03 16:11:08 +00:00
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
if [ -z $tombpass ]; then
|
2011-02-03 16:11:08 +00:00
|
|
|
error "passwords don't match, aborting operation"
|
|
|
|
umount ${keytmp}
|
|
|
|
losetup -d $nstloop
|
|
|
|
rm -r $keytmp
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
echo "${tombpass}" | gpg --batch --no-options --no-tty --passphrase-fd 0 \
|
2011-02-03 16:11:08 +00:00
|
|
|
-o "${FILE}.gpg" -c -a ${keytmp}/tomb.tmp
|
2011-02-14 09:24:31 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
if [ $? = 2 ]; then
|
|
|
|
error "setting password failed: gnupg returns 2"
|
|
|
|
umount ${keytmp}
|
|
|
|
losetup -d $nstloop
|
|
|
|
rm -r $keytmp
|
|
|
|
exit 1
|
|
|
|
fi
|
2010-08-22 13:04:19 +00:00
|
|
|
|
|
|
|
act "formatting Luks mapped device"
|
2011-02-03 16:11:08 +00:00
|
|
|
# we use aes-cbc-essiv with sha256
|
|
|
|
# for security, performance and compatibility
|
2010-08-29 12:56:53 +00:00
|
|
|
cryptsetup --batch-mode \
|
|
|
|
--cipher aes-cbc-essiv:sha256 --key-size 256 \
|
2011-02-03 16:11:08 +00:00
|
|
|
luksFormat ${nstloop} ${keytmp}/tomb.tmp
|
2010-08-29 12:56:53 +00:00
|
|
|
|
2010-08-22 13:04:19 +00:00
|
|
|
if ! [ $? = 0 ]; then
|
|
|
|
act "operation aborted."
|
|
|
|
exit 0
|
|
|
|
fi
|
2011-02-09 19:22:39 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
cryptsetup --key-file ${keytmp}/tomb.tmp --cipher aes luksOpen ${nstloop} tomb.tmp
|
|
|
|
${WIPE[@]} ${keytmp}/tomb.tmp
|
|
|
|
umount ${keytmp}
|
|
|
|
rm -r ${keytmp}
|
2011-01-13 13:37:52 +00:00
|
|
|
|
2011-02-09 19:22:39 +00:00
|
|
|
# cryptsetup luksDump ${nstloop}
|
|
|
|
|
|
|
|
act "formatting your Tomb with Ext4 filesystem"
|
|
|
|
|
|
|
|
mkfs.ext4 -q -F -j -L "${FILE%%.*}" /dev/mapper/tomb.tmp
|
|
|
|
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
act "OK, encrypted storage succesfully formatted"
|
|
|
|
else
|
|
|
|
act "error formatting Tomb"
|
|
|
|
fi
|
|
|
|
|
|
|
|
sync
|
|
|
|
|
|
|
|
cryptsetup luksClose tomb.tmp
|
|
|
|
losetup -d ${nstloop}
|
|
|
|
|
|
|
|
notice "done creating $FILE encrypted storage (using Luks dm-crypt AES/SHA256)"
|
|
|
|
tomb-notify "The Tomb is ready!" "We will now open your new Tomb for the first time."
|
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
notice "Your tomb is ready on ${FILE} and secured with key ${FILE}.gpg"
|
|
|
|
act "Would you like to save the key on an external usb device?"
|
|
|
|
act "This is recommended for safety:"
|
2011-02-10 13:59:20 +00:00
|
|
|
act "Always keep the key in a different place than the door!"
|
2011-01-29 13:26:44 +00:00
|
|
|
act "If you answer yes, you'll need a USB KEY now: (y/n)"
|
2011-01-19 11:38:19 +00:00
|
|
|
tomb-notify "Tomb has forged a key." "Would you like to save it on USB?"
|
2011-01-13 13:37:52 +00:00
|
|
|
echo -n " > "
|
|
|
|
read -q
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
ask_usbkey
|
2011-01-28 11:26:35 +00:00
|
|
|
if ! [ -e ${usbkey_mount} ]; then
|
2011-01-13 13:37:52 +00:00
|
|
|
error "cannot save the key in a separate place, move it yourself later."
|
|
|
|
else
|
2011-01-30 22:25:01 +00:00
|
|
|
mkdir -m 0700 -p ${usbkey_mount}/.tomb
|
2011-01-13 13:37:52 +00:00
|
|
|
cp -v ${FILE}.gpg ${usbkey_mount}/.tomb/
|
|
|
|
chmod -R go-rwx ${usbkey_mount}/.tomb
|
2011-02-09 19:22:39 +00:00
|
|
|
umount ${usbkey_mount}
|
2011-02-14 09:24:31 +00:00
|
|
|
unset usbkey_mount
|
2011-02-10 13:59:20 +00:00
|
|
|
notice "Key ${FILE}.gpg succesfully saved on your USB"
|
|
|
|
act "now we proceed opening your new tomb"
|
|
|
|
KEY=${FILE}.gpg
|
|
|
|
CMD2=${FILE}
|
|
|
|
CMD3=/media/${FILE}
|
|
|
|
mount_tomb ${FILE}
|
2011-01-16 22:43:45 +00:00
|
|
|
${WIPE[@]} ${FILE}.gpg
|
2011-01-13 13:37:52 +00:00
|
|
|
fi
|
2011-02-10 13:59:20 +00:00
|
|
|
else # kept besides (deprecated behaviour)
|
|
|
|
act "now we proceed opening your new tomb"
|
|
|
|
KEY=${FILE}.gpg
|
2011-02-14 09:24:31 +00:00
|
|
|
unset CMD2
|
|
|
|
unset CMD3
|
2011-02-10 13:59:20 +00:00
|
|
|
mount_tomb ${FILE}
|
2011-01-11 11:57:44 +00:00
|
|
|
fi
|
2010-08-22 13:04:19 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2010-08-22 14:44:35 +00:00
|
|
|
|
|
|
|
mount_tomb() {
|
2011-02-03 19:42:46 +00:00
|
|
|
if ! [ $CMD2 ]; then
|
|
|
|
error "need an argument, operation aborted."
|
|
|
|
return 1
|
|
|
|
elif [ -r $CMD2 ]; then
|
2011-02-11 23:36:21 +00:00
|
|
|
tombfile=`basename $CMD2`
|
2011-02-03 19:42:46 +00:00
|
|
|
else
|
|
|
|
# try also adding a .tomb extension
|
2011-02-11 23:36:21 +00:00
|
|
|
tombfile=${tombfile%%\.*}.tomb
|
2011-02-03 19:42:46 +00:00
|
|
|
if ! [ -r $tombfile ]; then
|
2011-02-11 16:10:56 +00:00
|
|
|
error "cannot find a tomb named $CMD2"
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
2011-02-03 16:11:08 +00:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
tombdir=`dirname $CMD2`
|
|
|
|
|
2011-02-11 23:36:21 +00:00
|
|
|
file ${tombdir}/${tombfile} | grep -i 'luks encrypted.*cbc-essiv' 2>&1 >/dev/null
|
2011-02-03 19:42:46 +00:00
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "$CMD2 is not a valid tomb file, operation aborted"
|
|
|
|
tomb-notify "Not a tomb." "$CMD2 doesn't seems a real tomb."
|
|
|
|
return 1
|
2010-08-22 13:04:19 +00:00
|
|
|
fi
|
|
|
|
|
2011-02-11 23:36:21 +00:00
|
|
|
tombname=${tombfile%%\.*}
|
2011-02-14 09:24:31 +00:00
|
|
|
act "mounting tomb named $tombname"
|
2011-02-03 16:11:08 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
if [ $KEY ]; then
|
|
|
|
tombkey="`basename $KEY`"
|
|
|
|
tombkeypath="$KEY"
|
2011-02-13 11:29:07 +00:00
|
|
|
act "tomb key specified manually, using: $tombkeypath"
|
2011-02-03 19:42:46 +00:00
|
|
|
else
|
2011-02-11 23:36:21 +00:00
|
|
|
tombkey=${tombfile}.gpg
|
2011-02-03 19:42:46 +00:00
|
|
|
if [ -r $tombkey ]; then
|
|
|
|
tombkeypath=$tombkey
|
|
|
|
elif [ -r "$tombdir/$tombkey" ]; then
|
|
|
|
tombkeypath="$tombdir/$tombkey"
|
2011-01-11 11:57:44 +00:00
|
|
|
else
|
2011-02-03 19:42:46 +00:00
|
|
|
error "encryption key ${enc_key} not found on disk"
|
|
|
|
error "use -k option to specify which key to use"
|
2011-02-12 07:26:42 +00:00
|
|
|
error "provide a usb key now, or press ctrl-c to abort"
|
|
|
|
notice "please insert your USB KEY"
|
2011-02-03 19:42:46 +00:00
|
|
|
ask_usbkey
|
|
|
|
# returns usbkey_mount, now check if the key is there
|
|
|
|
if [ -r ${usbkey_mount}/.tomb/${tombkey} ]; then
|
|
|
|
tombkeypath=${usbkey_mount}/.tomb/${tombkey}
|
|
|
|
notice "key found on ${tombkeypath}"
|
|
|
|
else
|
|
|
|
error "key is missing, try to locate $tombkey in your files."
|
|
|
|
error "operation aborted"
|
|
|
|
return 1
|
|
|
|
fi
|
2011-01-11 09:49:44 +00:00
|
|
|
fi
|
|
|
|
fi
|
2011-02-03 19:42:46 +00:00
|
|
|
|
|
|
|
if ! [ $CMD3 ]; then
|
2011-02-14 09:24:31 +00:00
|
|
|
tombmount=/media/${tombfile}
|
2011-02-03 19:42:46 +00:00
|
|
|
act "mountpoint not specified, using default: $tombmount"
|
|
|
|
elif ! [ -x $CMD3 ]; then
|
2011-02-11 16:10:56 +00:00
|
|
|
error "mountpoint $CMD3 doesn't exist, operation aborted."
|
2011-02-11 16:45:54 +00:00
|
|
|
if [ -n "$usbkey_mount" ]; then
|
|
|
|
umount $usbkey_mount
|
|
|
|
rmdir $usbkey_mount
|
2011-02-14 09:24:31 +00:00
|
|
|
unset usbkey_mount
|
2011-02-11 16:45:54 +00:00
|
|
|
fi
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
|
|
|
else
|
|
|
|
tombmount=$CMD3
|
|
|
|
fi
|
|
|
|
|
|
|
|
notice "mounting $tombfile on mountpoint $tombmount"
|
|
|
|
|
|
|
|
# we need root from here on
|
2011-02-12 07:30:37 +00:00
|
|
|
|
|
|
|
local norm=$(test -d $tombmount)
|
|
|
|
$norm || mkdir -p $tombmount
|
2011-01-11 09:49:44 +00:00
|
|
|
|
2010-08-22 13:04:19 +00:00
|
|
|
nstloop=`losetup -f`
|
2011-02-11 23:36:21 +00:00
|
|
|
losetup -f ${tombdir}/${tombfile}
|
2010-08-22 13:04:19 +00:00
|
|
|
|
|
|
|
act "check for a valid LUKS encrypted device"
|
|
|
|
cryptsetup isLuks ${nstloop}
|
2011-01-11 09:49:44 +00:00
|
|
|
if [ $? != 0 ]; then
|
|
|
|
# is it a LUKS encrypted nest? see cryptsetup(1)
|
2011-02-03 19:42:46 +00:00
|
|
|
error "$tombfile is not a valid Luks encrypted storage file"
|
2011-02-12 07:30:37 +00:00
|
|
|
$norm || rmdir $tombmount 2>/dev/null
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
2011-01-11 09:49:44 +00:00
|
|
|
fi
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-01-11 09:49:44 +00:00
|
|
|
modprobe dm-crypt
|
|
|
|
modprobe aes-i586
|
|
|
|
|
|
|
|
# save date of mount in minutes since 1970
|
|
|
|
mapdate="`date +%s`"
|
|
|
|
mapdate="`echo ${mapdate}/60 | bc -l | cut -d. -f1`"
|
|
|
|
|
2011-02-11 23:36:21 +00:00
|
|
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
2011-01-11 09:49:44 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
notice "Password is required for key ${tombkey}"
|
|
|
|
keyname=`basename $tombkey | cut -d. -f1`
|
2011-01-11 09:49:44 +00:00
|
|
|
for c in 1 2 3; do
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
if [ $c = 1 ]; then
|
2011-02-14 09:24:31 +00:00
|
|
|
tombpass=`exec_as_user tomb -q askpass ${keyname}`
|
2011-02-03 16:11:08 +00:00
|
|
|
else
|
2011-02-14 09:24:31 +00:00
|
|
|
tombpass=`exec_as_user tomb -q askpass "$keyname (retry $c)"`
|
2011-02-03 16:11:08 +00:00
|
|
|
fi
|
2011-02-14 09:24:31 +00:00
|
|
|
echo "${tombpass}" \
|
2011-02-03 16:11:08 +00:00
|
|
|
| gpg --batch --passphrase-fd 0 --no-tty --no-options \
|
2011-02-14 09:24:31 +00:00
|
|
|
-d "${tombkeypath}" \
|
2011-01-11 09:49:44 +00:00
|
|
|
| cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
unset tombpass
|
2011-01-11 09:49:44 +00:00
|
|
|
|
|
|
|
if [ -r /dev/mapper/${mapper} ]; then
|
|
|
|
break; # password was correct
|
2010-08-22 13:04:19 +00:00
|
|
|
fi
|
|
|
|
|
2011-01-11 09:49:44 +00:00
|
|
|
done
|
2011-02-09 19:22:39 +00:00
|
|
|
|
|
|
|
if [ -r ${usbkey_mount}/.tomb/${tombkey} ]; then
|
|
|
|
umount ${usbkey_mount}
|
2011-02-11 03:10:16 +00:00
|
|
|
rmdir ${usbkey_mount}
|
2011-02-14 09:24:31 +00:00
|
|
|
unset usbkey_mount
|
2011-02-09 19:22:39 +00:00
|
|
|
fi
|
2011-01-11 09:49:44 +00:00
|
|
|
|
|
|
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
|
|
|
error "failure mounting the encrypted file"
|
|
|
|
losetup -d ${nstloop}
|
2011-02-12 07:30:37 +00:00
|
|
|
$norm || rmdir ${tombmount} 2>/dev/null
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
2011-01-11 09:49:44 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
act "encrypted storage filesystem check"
|
2011-01-13 21:35:32 +00:00
|
|
|
fsck -p -C0 /dev/mapper/${mapper}
|
2011-02-11 23:36:21 +00:00
|
|
|
act "tomb engraved as $tombname"
|
2011-02-14 09:24:31 +00:00
|
|
|
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
|
2011-02-11 23:36:21 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
mount -o rw,noatime,nodev /dev/mapper/${mapper} ${tombmount}
|
2011-01-30 22:25:01 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
# Ensure the user can write the disk - 10x Hellekin :)
|
2011-01-30 22:25:01 +00:00
|
|
|
ME=${SUDO_USER:-$(whoami)}
|
2011-02-03 19:42:46 +00:00
|
|
|
chmod 0750 ${tombmount}
|
|
|
|
chown $(id -u $ME):$(id -g $ME) ${tombmount}
|
2011-01-11 09:49:44 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
notice "encrypted storage $tombfile succesfully mounted on $tombmount"
|
2011-02-12 11:38:59 +00:00
|
|
|
# exec_bind_hooks ${tombmount}
|
|
|
|
exec_safe_bind_hooks ${tombmount}
|
|
|
|
exec_post_hooks ${tombmount} open
|
2011-02-03 19:42:46 +00:00
|
|
|
return 0
|
2010-08-22 13:04:19 +00:00
|
|
|
}
|
|
|
|
|
2011-02-11 23:36:21 +00:00
|
|
|
encode_key() {
|
|
|
|
tombkey=$CMD2
|
|
|
|
imagefile=$CMD3
|
|
|
|
|
|
|
|
file $tombkey | grep PGP > /dev/null
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "encode failed: $tombkey is not a tomb key"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
file $imagefile | grep JPEG > /dev/null
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "encode failed: $imagefile is not a jpeg image"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
notice "Encoding key $tombkey inside image $imagefile"
|
|
|
|
act "please choose a password for the encoding"
|
|
|
|
|
|
|
|
# here user is prompted for key password
|
|
|
|
for c in 1 2 3; do
|
|
|
|
# 3 tries to write two times a matching password
|
2011-02-14 09:24:31 +00:00
|
|
|
tombpass=`exec_as_user tomb -q askpass ${FILE}`
|
|
|
|
tombpasstmp=$tombpass
|
|
|
|
tombpass=`exec_as_user tomb -q askpass "${FILE} (again)"`
|
|
|
|
if [ "$tombpasstmp" = "$tombpass" ]; then
|
2011-02-11 23:36:21 +00:00
|
|
|
break;
|
|
|
|
fi
|
2011-02-14 09:24:31 +00:00
|
|
|
unset tombpasstmp
|
|
|
|
unset tombpass
|
2011-02-11 23:36:21 +00:00
|
|
|
done
|
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
if [ -z $tombpass ]; then
|
2011-02-11 23:36:21 +00:00
|
|
|
error "passwords don't match, aborting operation."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
awk '
|
|
|
|
/^-----/ {next}
|
|
|
|
/^Version/ {next}
|
|
|
|
/^Comment/ {next}
|
|
|
|
{print $0}' ${tombkey} \
|
|
|
|
| steghide embed --embedfile - --coverfile ${imagefile} \
|
2011-02-14 09:24:31 +00:00
|
|
|
-p ${tombpass} -z 9 -e serpent cbc
|
2011-02-11 23:36:21 +00:00
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "encoding error: steghide reports problems"
|
|
|
|
res=1
|
|
|
|
else
|
|
|
|
notice "tomb key encoded succesfully into image ${imagefile}"
|
|
|
|
res=0
|
|
|
|
fi
|
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
unset tombpass
|
2011-02-11 23:36:21 +00:00
|
|
|
|
|
|
|
return $res
|
|
|
|
}
|
|
|
|
|
|
|
|
decode_key() {
|
|
|
|
tombname=$CMD2
|
|
|
|
imagefile=$CMD3
|
|
|
|
res=1
|
|
|
|
|
|
|
|
file $imagefile | grep JPEG > /dev/null
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "encode failed: $imagefile is not a jpeg image"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
tombfile=${tombname%%\.*}.tomb.gpg
|
|
|
|
notice "Decoding a key out of image $imagefile"
|
|
|
|
for c in 1 2 3; do
|
|
|
|
if [ $c = 1 ]; then
|
2011-02-14 09:24:31 +00:00
|
|
|
tombpass=`exec_as_user tomb -q askpass ${keyname}`
|
2011-02-11 23:36:21 +00:00
|
|
|
else
|
2011-02-14 09:24:31 +00:00
|
|
|
tombpass=`exec_as_user tomb -q askpass "$keyname (retry $c)"`
|
2011-02-11 23:36:21 +00:00
|
|
|
fi
|
2011-02-14 09:24:31 +00:00
|
|
|
steghide extract -sf ${imagefile} -p ${tombpass} -xf - \
|
2011-02-11 23:36:21 +00:00
|
|
|
| awk '
|
|
|
|
BEGIN {
|
|
|
|
print "-----BEGIN PGP MESSAGE-----"
|
|
|
|
print "Version: GnuPG v1.4.10 (GNU/Linux)"
|
|
|
|
}
|
|
|
|
{ print $0 }
|
|
|
|
END {
|
|
|
|
print "-----END PGP MESSAGE-----"
|
|
|
|
}' > ${tombfile}
|
|
|
|
|
|
|
|
if [ "`cat ${tombfile} | wc -l`" != "3" ]; then
|
|
|
|
act "${tombfile} succesfully decoded"
|
|
|
|
res=0
|
|
|
|
break;
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
unset tombpass
|
2011-02-11 23:36:21 +00:00
|
|
|
|
|
|
|
if [ $res != 0 ]; then
|
|
|
|
error "nothing found."
|
|
|
|
fi
|
|
|
|
|
|
|
|
return $res
|
|
|
|
}
|
|
|
|
|
2011-02-07 08:42:50 +00:00
|
|
|
exec_bind_hooks() {
|
|
|
|
mnt=$1 # first argument is where the tomb is mounted
|
|
|
|
if ! [ -r ${mnt}/bind-hooks ]; then return; fi
|
|
|
|
|
|
|
|
# if 'bind-hooks' is found inside the tomb, parse it
|
|
|
|
# every line contains two strings:
|
|
|
|
# the first is a directory existing inside the tomb
|
|
|
|
# the second is the place where it should be mounted (-o bind)
|
|
|
|
hook=`cat ${mnt}/bind-hooks | awk '
|
|
|
|
/^#/ { next }
|
|
|
|
{ if($1 && $2) print "mount -o bind \${mnt}/" $1 " " $2 "; " }
|
|
|
|
'`
|
|
|
|
# restore $HOME for the calling user
|
|
|
|
HOME=/home/${SUDO_USER}
|
|
|
|
|
2011-02-11 16:10:56 +00:00
|
|
|
act "bind hooks found, mounting directories as requested"
|
2011-02-07 08:42:50 +00:00
|
|
|
# execute the mount commands
|
|
|
|
eval $hook
|
|
|
|
}
|
|
|
|
|
2011-02-12 11:38:59 +00:00
|
|
|
# FIXME: this should sanitize pathes!
|
|
|
|
exec_safe_bind_hooks() {
|
|
|
|
local MOUNTPOINT="${1}"
|
|
|
|
local ME=${SUDO_USER:-$(whoami)}
|
|
|
|
local HOME=$(grep $ME /etc/passwd | sed "s/^${ME}:.*:.*:.*:.*:\([\/a-z]*\):.*$/\1/" 2>/dev/null)
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
error "how pitiful! A tomb, and no HOME"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
if [ -z "$MOUNTPOINT" -o ! -d "$MOUNTPOINT" ]; then
|
|
|
|
error "cannot exec bind hooks without a mounted tomb."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
if [ ! -r "$MOUNTPOINT/bind-hooks" ]; then
|
|
|
|
func "cannot read bind-hooks."
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
typeset -al created
|
|
|
|
typeset -al mounted
|
|
|
|
typeset -Al maps
|
|
|
|
maps=($(<"$MOUNTPOINT/bind-hooks"))
|
|
|
|
for dir in ${(k)maps}; do
|
|
|
|
if [ "${dir[1]}" = "/" -o "${dir[1,2]}" = ".." ]; then
|
|
|
|
error "bind-hooks map format: local/to/tomb local/to/\$HOME"
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
if [ "${${maps[$dir]}[1]}" = "/" -o "${${maps[$dir]}[1,2]}" = ".." ]; then
|
|
|
|
error "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
|
|
|
|
for dir in ${mounted}; do umount $dir; done
|
|
|
|
for dir in ${created}; do rmdir $dir; done
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
if [ ! -d "$HOME/${maps[$dir]}" ]; then
|
|
|
|
notice "creating $HOME/${maps[$dir]}"
|
|
|
|
mkdir -p $HOME/${maps[$dir]}
|
|
|
|
created+=("$HOME/${maps[$dir]}")
|
|
|
|
fi
|
|
|
|
mount --bind $MOUNTPOINT/$dir $HOME/${maps[$dir]}
|
|
|
|
mounted+=("$HOME/${maps[$dir]}")
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2011-02-07 10:56:11 +00:00
|
|
|
exec_post_hooks() {
|
|
|
|
mnt=$1 # first argument is where the tomb is mounted
|
|
|
|
if ! [ -x ${mnt}/post-hooks ]; then return; fi
|
|
|
|
# if 'post-hooks' is found inside the tomb, check it: if it is an
|
|
|
|
# executable, launch it as a user this might need a dialog for
|
|
|
|
# security on what is being run, however we expect you know well
|
|
|
|
# what is inside your tomb. this feature opens the possibility to
|
|
|
|
# make encrypted executables.
|
|
|
|
cat ${mnt}/post-hooks | head -n1 | grep '^#!/'
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
act "post hooks found, executing as user $SUDO_USER"
|
2011-02-12 11:38:59 +00:00
|
|
|
exec_as_user ${mnt}/post-hooks $2
|
2011-02-07 10:56:11 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2011-02-14 14:57:37 +00:00
|
|
|
get_arg_tomb() {
|
|
|
|
# set up variables to be used by caller:
|
|
|
|
# tombfile - filename without path
|
|
|
|
# tombdir - directory where the tomb is
|
|
|
|
# tombname - name of the tomb (filename without extension)
|
|
|
|
# the full path is made with $tombdir/$tombfile
|
|
|
|
if [ -z $1 ]; then
|
|
|
|
error "internal: get_arg_tomb called without argument"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# make sure there is a .tomb extension
|
|
|
|
arg=${1%%\.*}.tomb
|
|
|
|
|
|
|
|
if ! [ -r ${arg} ]; then
|
|
|
|
error "file not found: $arg"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
tombfile=`basename $arg`
|
|
|
|
tombdir=`dirname $arg`
|
|
|
|
|
|
|
|
file ${tombdir}/${tombfile} | grep -i 'luks encrypted file' 2>&1 >/dev/null
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "$arg is not a valid tomb file, operation aborted"
|
|
|
|
tomb-notify "Not a tomb." "$arg doesn't seems a real tomb."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
tombname=${tombfile%%\.*}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
backup_tomb() { # FIXME - duplicity asks passwords too often
|
|
|
|
# using duplicity
|
|
|
|
which duplicity > /dev/null
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "duplicity not found, can't operate backup"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
if [ -z $CMD3 ]; then
|
|
|
|
error "backup command needs 2 arguments: tomb and destination url"
|
|
|
|
error "please refer to tomb(1) and duplicity(1) manuals for more information"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# is it a tomb?
|
|
|
|
get_arg_tomb ${CMD2}
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "there is no tomb to backup, operation aborted."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# is it a url?
|
|
|
|
echo "${CMD3}" | grep -i -e '^.*:\/\/.*' 2>&1 > /dev/null
|
|
|
|
if ! [ $? = 0 ]; then
|
|
|
|
error "second argument is not a valid duplicity url."
|
|
|
|
error "read the tomb(1) and duplicity(1) manual for more information"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
bckurl=${CMD3}
|
|
|
|
|
|
|
|
# is it ssh?
|
|
|
|
protocol="`expr substr $bckurl 1 3`"
|
|
|
|
act "backup over protocol $protocol"
|
|
|
|
if [ "$protocol" = "ssh" ]; then
|
|
|
|
act "ssh connection requires a password"
|
|
|
|
FTP_PASSWORD="`exec_as_user tomb askpass $bckurl`"
|
|
|
|
dupopts="--ssh-askpass"
|
|
|
|
# TODO verify ssh access before duplicity does
|
|
|
|
# since it blocks the thing retrying 5 times and such crap
|
|
|
|
# i.e. try ssh true to sshurl="`echo $bckurl | sed -e 's/ssh:\/\///'`"
|
|
|
|
# --no-print-statistics
|
|
|
|
fi
|
|
|
|
|
|
|
|
# duplicity works only on directories
|
|
|
|
# so we create a directory in tmpfs and bind the tomb inside it
|
|
|
|
# during backup the encrypted tomb will be exposed
|
|
|
|
# TODO: check that the tomb is not mounted and, if mounted
|
|
|
|
# remount it read-only so it doesn't gets modified during bck
|
|
|
|
bckname=${tombname}.bck
|
|
|
|
mkdir -p /dev/shm/${bckname}
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "cannot generate a temporary backup directory in /dev/shm, operation aborted."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
bcktmpdir=/dev/shm/${bckname}
|
|
|
|
# mmm, maybe we should mount our own tmpfs? we need root anyway for mount -o bind
|
|
|
|
# if we reach to eliminate this mount trick and upload only one file with duplicity
|
|
|
|
# then this function doesn't needs to be root to work.
|
|
|
|
touch ${bcktmpdir}/${tombfile}
|
|
|
|
mount -o bind ${tombdir}/${tombfile} ${bcktmpdir}/${tombfile}
|
|
|
|
bcklast=`exec_as_user duplicity \
|
|
|
|
${(s: :)dupopts} \
|
|
|
|
collection-status ${bckurl} \
|
|
|
|
| awk '/^Last full backup date:/ { print $5 }'`
|
|
|
|
# we detect if backup already exists or not so we can handle
|
|
|
|
# password prompt (choosing a password for full, inserting for incr)
|
|
|
|
if [ "$bcklast" = "none" ]; then
|
|
|
|
notice "Creating a backup of tomb $tombname on url $bckurl"
|
|
|
|
exec_as_user FTP_PASSWORD="$FTP_PASSWORD" duplicity ${(s: :)dupopts} \
|
|
|
|
full ${bcktmpdir} ${bckurl}
|
|
|
|
else
|
|
|
|
notice "Updating a backup of tomb $tombname on url $bckurl"
|
|
|
|
exec_as_user FTP_PASSWORD="$FTP_PASSWORD" duplicity ${(s: :)dupopts} \
|
|
|
|
incr ${bcktmpdir} ${bckurl}
|
|
|
|
fi
|
|
|
|
unset FTP_PASSWORD
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
error "duplicity reported error, operation aborted"
|
|
|
|
umount ${bcktmpdir}/${tombfile}
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
notice "Operation successful."
|
|
|
|
umount ${bcktmpdir}/${tombfile}
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
2010-08-22 14:44:35 +00:00
|
|
|
umount_tomb() {
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
if ! [ $1 ]; then
|
|
|
|
|
|
|
|
how_many_tombs="`find /dev/mapper -name 'tomb.*' | wc -w`"
|
|
|
|
if [ "$how_many_tombs" = "0" ]; then
|
2011-01-12 10:38:03 +00:00
|
|
|
error "there is no open tomb to be closed"
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
|
|
|
elif [ "$how_many_tombs" = "1" ]; then
|
|
|
|
mapper=`find /dev/mapper -name 'tomb.*'`
|
2010-08-25 18:17:53 +00:00
|
|
|
else
|
|
|
|
error "too many tombs mounted, please specify which to unmount:"
|
2011-01-30 22:25:01 +00:00
|
|
|
ls /dev/mapper/tomb.*
|
2011-02-03 19:42:46 +00:00
|
|
|
error "or issue the command 'tomb close all' to clos'em all."
|
|
|
|
return 1
|
2010-08-22 13:04:19 +00:00
|
|
|
fi
|
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
fi
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
if [ "$1" = "all" ]; then
|
|
|
|
tombs=`find /dev/mapper -name 'tomb.*'`
|
|
|
|
if ! [ $tombs ]; then
|
|
|
|
error "Tombs are all closed, cemetery is quiet."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
for t in ${(f)tombs}; do
|
|
|
|
umount_tomb ${t}
|
|
|
|
done
|
|
|
|
return 0
|
2010-08-22 13:04:19 +00:00
|
|
|
fi
|
2011-02-03 19:42:46 +00:00
|
|
|
|
|
|
|
if [ -r "$1" ]; then # accepts relative and absolute path
|
|
|
|
mapper="$1"
|
|
|
|
elif [ -r /dev/mapper/${1} ]; then
|
|
|
|
mapper=/dev/mapper/${1}
|
|
|
|
else
|
|
|
|
error "tomb not found: $1"
|
2011-02-03 16:11:08 +00:00
|
|
|
error "please specify an existing /dev/mapper/tomb.*"
|
2011-02-07 08:42:50 +00:00
|
|
|
tomb-notify "Tomb was already closed." "Undertaker will rest in peace."
|
2011-02-03 19:42:46 +00:00
|
|
|
return 0
|
2011-02-03 16:11:08 +00:00
|
|
|
fi
|
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
basemap=`basename $mapper`
|
2011-01-13 21:35:32 +00:00
|
|
|
tombname=`echo ${basemap} | cut -d. -f2`
|
2011-02-07 08:42:50 +00:00
|
|
|
tombmount=`mount | grep $mapper | awk '{print $3}'`
|
|
|
|
|
|
|
|
# check if there are binded dirs and close them first
|
2011-02-12 11:48:16 +00:00
|
|
|
mount | grep "${tombmount}" 2>/dev/null | grep -v loop 2>&1 > /dev/null
|
2011-02-07 08:42:50 +00:00
|
|
|
if [ $? = 0 ]; then
|
2011-02-07 10:27:53 +00:00
|
|
|
act "closing bind hooks for tomb $tombname "
|
2011-02-07 08:42:50 +00:00
|
|
|
unbind=`mount | grep ${tombmount} | grep -v loop | awk '
|
|
|
|
{ print "umount " $3 "; " }
|
|
|
|
'`
|
|
|
|
eval $unbind
|
|
|
|
func "umount binded dirs:"
|
|
|
|
func "$unbind"
|
|
|
|
fi
|
2011-01-13 21:35:32 +00:00
|
|
|
|
2011-02-12 11:38:59 +00:00
|
|
|
# Execute post-hooks for eventual cleanup
|
|
|
|
exec_post_hooks ${tombmount} close
|
2011-02-03 16:11:08 +00:00
|
|
|
|
2011-02-07 08:42:50 +00:00
|
|
|
act "closing tomb $tombname on dm-crypt $basemap"
|
2011-02-03 19:42:46 +00:00
|
|
|
mount | grep $mapper 2>&1 >/dev/null
|
2011-02-03 16:11:08 +00:00
|
|
|
if [ $? = 0 ]; then # still mounted
|
2011-02-07 10:27:53 +00:00
|
|
|
umount ${mapper}
|
2011-02-03 16:11:08 +00:00
|
|
|
if ! [ $? = 0 ]; then
|
|
|
|
tomb-notify "Tomb '$tombname' is too busy." \
|
|
|
|
"Close all applications and file managers, then try again."
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
2011-02-03 16:11:08 +00:00
|
|
|
fi
|
2011-01-13 21:35:32 +00:00
|
|
|
fi
|
2010-08-22 13:04:19 +00:00
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
cryptsetup luksClose $basemap
|
2010-08-22 13:04:19 +00:00
|
|
|
if ! [ $? = 0 ]; then
|
2011-01-13 13:37:52 +00:00
|
|
|
error "error occurred in cryptsetup luksClose ${basemap}"
|
2011-02-03 19:42:46 +00:00
|
|
|
return 1
|
2010-08-22 13:04:19 +00:00
|
|
|
fi
|
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
losetup -d "/dev/`echo $basemap | cut -d. -f4`"
|
2010-08-22 14:44:35 +00:00
|
|
|
|
2010-08-23 09:48:21 +00:00
|
|
|
notice "crypt storage ${mapper} unmounted"
|
2011-01-19 11:38:19 +00:00
|
|
|
tomb-notify "Tomb closed: $tombname" "Your bones will Rest In Peace."
|
2011-02-03 19:42:46 +00:00
|
|
|
return 0
|
2010-08-22 13:04:19 +00:00
|
|
|
}
|
2011-01-12 16:02:19 +00:00
|
|
|
|
|
|
|
# install mime-types, bells and whistles for the desktop
|
|
|
|
# see http://developers.sun.com/solaris/articles/integrating_gnome.html
|
|
|
|
# and freedesktop specs
|
2011-02-03 16:11:08 +00:00
|
|
|
install_tomb() {
|
2011-01-19 11:38:19 +00:00
|
|
|
|
|
|
|
# TODO: distro package deps (for binary)
|
|
|
|
# debian: zsh, cryptsetup, libgtk2.0-0, libnotify-bin
|
2011-01-12 16:02:19 +00:00
|
|
|
act "updating mimetypes..."
|
|
|
|
cat <<EOF > /tmp/dyne-tomb.xml
|
|
|
|
<?xml version="1.0"?>
|
|
|
|
<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'>
|
|
|
|
<mime-type type="application/x-tomb-volume">
|
|
|
|
<comment>Tomb encrypted volume</comment>
|
|
|
|
<glob pattern="*.tomb"/>
|
|
|
|
</mime-type>
|
|
|
|
<mime-type type="application/x-tomb-key">
|
|
|
|
<comment>Tomb crypto key</comment>
|
|
|
|
<glob pattern="*.tomb.gpg"/>
|
|
|
|
</mime-type>
|
|
|
|
</mime-info>
|
|
|
|
EOF
|
|
|
|
xdg-mime install /tmp/dyne-tomb.xml
|
|
|
|
xdg-icon-resource install --context mimetypes --size 32 monmort.xpm monmort
|
|
|
|
xdg-icon-resource install --size 32 monmort.xpm dyne-monmort
|
2011-01-13 13:37:52 +00:00
|
|
|
|
2011-01-12 16:02:19 +00:00
|
|
|
rm /tmp/dyne-tomb.xml
|
2011-01-13 13:37:52 +00:00
|
|
|
|
2011-01-12 16:02:19 +00:00
|
|
|
act "updating desktop..."
|
|
|
|
cat <<EOF > /usr/share/applications/tomb.desktop
|
|
|
|
[Desktop Entry]
|
|
|
|
Version=1.0
|
|
|
|
Type=Application
|
|
|
|
Name=Tomb crypto undertaker
|
|
|
|
GenericName=Crypto undertaker
|
|
|
|
Comment=Keep your bones safe
|
|
|
|
Exec=tomb-open %U
|
|
|
|
TryExec=tomb-open
|
|
|
|
Icon=monmort.xpm
|
2011-01-13 13:37:52 +00:00
|
|
|
Terminal=false
|
2011-01-12 16:02:19 +00:00
|
|
|
Categories=Utility;Security;Archiving;Filesystem;
|
|
|
|
MimeType=application/x-tomb-volume;
|
2011-01-29 13:45:03 +00:00
|
|
|
X-AppInstall-Package=tomb
|
2011-01-12 16:02:19 +00:00
|
|
|
EOF
|
2011-01-13 13:37:52 +00:00
|
|
|
update-desktop-database
|
2011-01-12 16:02:19 +00:00
|
|
|
|
|
|
|
act "updating menus..."
|
|
|
|
cat <<EOF > /etc/menu/tomb
|
|
|
|
?package(tomb):command="tomb" icon="/usr/share/pixmaps/monmort.xpm" needs="cryptsetup" \
|
|
|
|
section="Applications/Accessories" title="Tomb" hints="Crypto" \
|
|
|
|
hotkey="Tomb"
|
|
|
|
EOF
|
|
|
|
update-menus
|
|
|
|
|
|
|
|
act "updating mime info..."
|
|
|
|
cat <<EOF > /usr/share/mime-info/tomb.keys
|
|
|
|
# actions for encrypted tomb storage
|
|
|
|
application/x-tomb-volume:
|
|
|
|
open=tomb-open %f
|
|
|
|
view=tomb-open %f
|
|
|
|
icon-filename=monmort.xpm
|
|
|
|
short_list_application_ids_for_novice_user_level=tomb
|
|
|
|
EOF
|
|
|
|
cat <<EOF > /usr/share/mime-info/tomb.mime
|
|
|
|
# mime type for encrypted tomb storage
|
|
|
|
application/x-tomb-volume
|
|
|
|
ext: tomb
|
|
|
|
|
|
|
|
application/x-tomb-key
|
|
|
|
ext: tomb.gpg
|
|
|
|
EOF
|
|
|
|
cat <<EOF > /usr/lib/mime/packages/tomb
|
2011-01-13 13:37:52 +00:00
|
|
|
application/x-tomb-volume; tomb-open '%s'; priority=8
|
2011-01-12 16:02:19 +00:00
|
|
|
EOF
|
|
|
|
update-mime
|
|
|
|
|
|
|
|
act "updating application entry..."
|
|
|
|
|
|
|
|
cat <<EOF > /usr/share/application-registry/tomb.applications
|
|
|
|
tomb
|
|
|
|
command=tomb-open
|
|
|
|
name=Tomb - Crypto Undertaker
|
|
|
|
can_open_multiple_files=false
|
|
|
|
expects_uris=false
|
2011-01-13 13:37:52 +00:00
|
|
|
requires_terminal=false
|
2011-01-12 16:02:19 +00:00
|
|
|
mime-types=application/x-tomb-volume,application/x-tomb-key
|
|
|
|
EOF
|
2011-01-13 13:37:52 +00:00
|
|
|
act "Tomb is now installed."
|
2011-01-12 16:02:19 +00:00
|
|
|
}
|
2011-02-03 16:11:08 +00:00
|
|
|
|
|
|
|
|
2010-08-22 13:04:19 +00:00
|
|
|
|
|
|
|
case "$CMD" in
|
2011-02-03 16:11:08 +00:00
|
|
|
create) check_priv ; create_tomb ;;
|
2011-01-12 16:02:19 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
mount) check_priv ; mount_tomb ;;
|
|
|
|
open) check_priv ; mount_tomb ;;
|
2011-01-12 16:02:19 +00:00
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
umount) check_priv ; umount_tomb ${CMD2} ;;
|
|
|
|
unmount) check_priv ; umount_tomb ${CMD2} ;;
|
|
|
|
close) check_priv ; umount_tomb ${CMD2} ;;
|
2011-01-12 16:02:19 +00:00
|
|
|
|
2011-02-12 16:54:53 +00:00
|
|
|
bury) encode_key ${CMD2} ${CMD3} ;;
|
|
|
|
exhume) decode_key ${CMD2} ;;
|
2011-02-11 23:36:21 +00:00
|
|
|
|
2011-02-14 14:57:37 +00:00
|
|
|
backup) check_priv ; backup_tomb ${CMD2} ${CMD3} ;;
|
|
|
|
|
2011-02-03 19:42:46 +00:00
|
|
|
install) check_priv ; install_tomb ;;
|
2011-01-12 16:02:19 +00:00
|
|
|
|
2011-02-14 09:24:31 +00:00
|
|
|
askpass) ask_password $CMD2 $CMD3 ;;
|
2011-01-12 16:02:19 +00:00
|
|
|
status) tomb-status ;;
|
2011-01-19 11:54:43 +00:00
|
|
|
notify) tomb-notify $CMD2 $CMD3 ;;
|
2011-01-12 16:02:19 +00:00
|
|
|
|
2010-08-22 13:04:19 +00:00
|
|
|
*) error "command \"$CMD\" not recognized"
|
|
|
|
act "try -h for help"
|
2011-02-07 10:27:53 +00:00
|
|
|
return 1
|
2010-08-22 13:04:19 +00:00
|
|
|
;;
|
|
|
|
esac
|
2011-02-03 19:42:46 +00:00
|
|
|
# return codes from called functions
|
2011-02-14 09:24:31 +00:00
|
|
|
# return $?
|