2011-02-10 11:22:11 +00:00
#!/bin/zsh
2010-08-22 13:04:19 +00:00
#
2011-01-13 13:37:52 +00:00
# Tomb, the Crypto Undertaker
2010-08-22 13:04:19 +00:00
#
2013-05-28 09:57:58 +00:00
# A commandline tool to easily operate encryption of secret data
2013-05-28 10:53:26 +00:00
#
# Homepage on: [tomb.dyne.org](http://tomb.dyne.org)
2013-05-28 09:57:58 +00:00
# {{{ License
2011-12-01 19:04:56 +00:00
2014-02-20 10:12:21 +00:00
# Copyright (C) 2007-2014 Dyne.org Foundation
2013-05-29 15:21:36 +00:00
#
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
2010-08-22 13:04:19 +00:00
#
2013-05-28 09:57:58 +00:00
# With contributions by Anathema, Boyska and Hellekin O. Wolf.
2010-08-22 13:04:19 +00:00
#
2013-05-29 15:21:36 +00:00
# Testing and reviews are contributed by Dreamer, Shining,
# Mancausoft, Asbesto Molesto and Nignux.
#
# Tomb's artwork is contributed by Jordi aka Mon Mort.
#This source code is free software; you can redistribute it
#and/or modify it under the terms of the GNU Public License
#as published by the Free Software Foundation; either
#version 3 of the License, or (at your option) any later
#version.
2010-08-22 13:04:19 +00:00
#
2013-05-29 15:21:36 +00:00
#This source code is distributed in the hope that it will be
#useful, but WITHOUT ANY WARRANTY; without even the implied
#warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#PURPOSE. Please refer to the GNU Public License for more
#details.
2013-05-28 09:57:58 +00:00
#
2013-05-29 15:21:36 +00:00
#You should have received a copy of the GNU Public License
#along with this source code; if not, write to: Free
#Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
#02139, USA.
2013-05-28 09:57:58 +00:00
# }}} - License
# {{{ Global variables
2011-12-01 19:04:56 +00:00
2014-08-29 21:23:08 +00:00
VERSION=1.6
DATE="Sept/2014"
2011-03-31 17:42:05 +00:00
TOMBEXEC=$0
2011-08-02 00:10:31 +00:00
typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done
2013-05-27 19:22:24 +00:00
DD="dd"
WIPE="rm -f"
MKFS="mkfs.ext3 -q -F -j -L"
2013-06-12 11:33:54 +00:00
KDF=1
2011-04-10 19:38:01 +00:00
STEGHIDE=1
2013-05-25 13:04:16 +00:00
RESIZER=1
2013-06-12 16:15:55 +00:00
SWISH=1
2013-06-19 18:52:21 +00:00
QRENCODE=1
2011-05-24 10:04:18 +00:00
MOUNTOPTS="rw,noatime,nodev"
2010-08-22 13:04:19 +00:00
2014-08-25 19:01:50 +00:00
# prefix for temporary files
TMPPREFIX="/dev/shm/$$.$RANDOM."
2014-08-25 22:54:41 +00:00
# makes glob matching case insensitive
unsetopt CASE_MATCH
2014-08-27 10:28:15 +00:00
typeset -AH global_opts
typeset -AH opts
typeset -H username
2013-03-29 11:51:43 +00:00
2014-08-27 10:28:15 +00:00
typeset -H _uid
typeset -H _gid
typeset -H _tty
2011-07-14 13:47:20 +00:00
2014-08-27 10:28:15 +00:00
typeset -H tomb_file
2014-08-25 19:01:50 +00:00
2014-08-27 10:28:15 +00:00
typeset -H tomb_key
typeset -H tomb_key_file
typeset -H tomb_secret
typeset -H tomb_password
2014-08-25 19:01:50 +00:00
2014-08-27 10:28:15 +00:00
typeset -aH tomb_tempfiles
typeset -aH tomb_loopdevs
2014-08-06 05:43:25 +00:00
2014-06-01 20:19:03 +00:00
# Make sure sbin is in PATH
PATH+=:/sbin:/usr/sbin
2013-06-12 11:33:54 +00:00
2014-08-11 20:56:26 +00:00
# For gettext
export TEXTDOMAIN=tomb
2011-12-01 17:53:12 +00:00
# }}}
2012-08-04 16:34:10 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Safety functions
2011-12-01 19:41:04 +00:00
2014-08-14 07:58:15 +00:00
endgame() {
# here clear all temp files and flush all pipes
2014-08-25 19:01:50 +00:00
2014-08-27 10:28:15 +00:00
# prepare some random material to overwrite vars
rr="$RANDOM"
while [[ ${#rr} -lt 500 ]]; do
rr+="$RANDOM"; done
# we make sure no info is left in unallocated mem
tomb_file="$rr"; unset tomb_file
tomb_key="$rr"; unset tomb_key
tomb_key_file="$rr"; unset tomb_key_file
tomb_secret="$rr"; unset tomb_secret
tomb_password="$rr"; unset tomb_password
2014-08-25 19:01:50 +00:00
for f in $tomb_tempfiles; do
2014-08-27 10:28:15 +00:00
${=WIPE} "$f"; done
2014-08-25 19:01:50 +00:00
unset tomb_tempfiles
for l in $tomb_loopdevs; do
losetup -d "$l"; done
unset tomb_loopdevs
2014-08-14 07:58:15 +00:00
}
# trap functions for the endgame event
TRAPINT() { endgame INT }
TRAPEXIT() { endgame EXIT }
TRAPHUP() { endgame HUP }
TRAPQUIT() { endgame QUIT }
TRAPABRT() { endgame ABORT }
TRAPKILL() { endgame KILL }
TRAPPIPE() { endgame PIPE }
TRAPTERM() { endgame TERM }
TRAPSTOP() { endgame STOP }
2014-08-25 19:01:50 +00:00
check_shm() {
# TODO: configure which tmp dir to use from a cli flag
SHMPREFIX=/dev/shm
2011-12-01 19:41:04 +00:00
2014-08-25 19:01:50 +00:00
[[ -k /dev/shm ]] || [[ -k /run/shm ]] && { SHMPREFIX=/run/shm } \
|| {
# mount the tmpfs if the SO doesn't already
mkdir /run/shm
[[ $? = 0 ]] || {
fatal "Fatal error creating a directory for temporary files"
return 1 }
mount -t tmpfs tmpfs /run/shm \
-o nosuid,noexec,nodev,mode=0600,uid="$_uid",gid="$_gid"
[[ $? = 0 ]] || {
fatal "Fatal error mounting tmpfs in /run/shm for temporary files"
return 1 }
2011-12-01 19:41:04 +00:00
2014-08-25 19:01:50 +00:00
SHMPREFIX=/run/shm
}
2011-12-01 19:41:04 +00:00
2014-08-25 19:01:50 +00:00
# setup a special env var for zsh to create temp files that will
# then be deleted at the exit of each function using them.
TMPPREFIX="$SHMPREFIX/$$.$RANDOM."
return 0
2011-03-31 17:42:05 +00:00
}
2013-05-28 09:57:58 +00:00
# Provide a random filename in shared memory
2014-08-25 19:01:50 +00:00
tmp_create() {
local tfile="${TMPPREFIX}${RANDOM}"
touch "$tfile"
[[ $? = 0 ]] || {
fatal "Fatal error creating a temporary file: $tfile"
return 1 }
chown "$_uid":"$_gid" "$tfile"
chmod 0600 "$tfile"
[[ $? = 0 ]] || {
fatal "Fatal error setting permissions on temporary file: $tfile"
return 1 }
_verbose "created tempfile: $tfile"
tomb_tempfiles+=($tfile)
return 0
}
tmp_new() {
# print out the latest tempfile
2014-08-25 21:32:32 +00:00
print - "${tomb_tempfiles[${#tomb_tempfiles}]}"
2011-11-03 14:13:49 +00:00
}
2013-05-28 09:57:58 +00:00
# Check if swap is activated
2011-07-10 20:11:10 +00:00
check_swap() {
# Return 0 if NO swap is used, 1 if swap is used
2011-12-01 19:41:04 +00:00
# Return 2 if swap(s) is(are) used, but ALL encrypted
2014-08-12 19:10:48 +00:00
local swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>-)"
2011-12-01 19:41:04 +00:00
[[ -z "$swaps" ]] && return 0 # No swap partition is active
2013-12-16 20:41:49 +00:00
# Check whether all swaps are encrypted, and return 2
# If any of the swaps is not encrypted, we bail out and return 1.
ret=1
for s in $=swaps; do
2014-07-13 15:35:28 +00:00
bone=`sudo file $s`
2014-08-12 19:10:48 +00:00
if `echo "$bone" | grep 'swap file' &>-`; then
2014-07-13 15:35:28 +00:00
# It's a regular (unencrypted) swap file
ret=1
break
2014-08-12 19:10:48 +00:00
elif `echo "$bone" | grep 'symbolic link' &>-`; then
2014-07-13 15:35:28 +00:00
# Might link to a block
ret=1
if [ "/dev/mapper" = "${s%/*}" ]; then
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
if [ "crypt" = "$is_crypt" ]; then
ret=2
fi
else
break
fi
2014-08-12 19:10:48 +00:00
elif `echo "$bone" | grep 'block special' &>-`; then
2014-07-13 15:35:28 +00:00
# Is a block
ret=1
2013-12-16 20:41:49 +00:00
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
2014-07-13 15:35:28 +00:00
if [ "crypt" = "$is_crypt" ]; then
ret=2
else
break
fi
fi
2013-12-16 20:41:49 +00:00
done
2014-04-30 15:31:28 +00:00
_warning "An active swap partition is detected, this poses security risks."
2013-12-16 20:41:49 +00:00
if [[ $ret -eq 2 ]]; then
2014-07-13 15:35:28 +00:00
_success "All your swaps are belong to crypt. Good."
2013-12-16 20:41:49 +00:00
else
2014-07-13 15:35:28 +00:00
_warning "You can deactivate all swap partitions using the command:"
_warning " swapoff -a"
_warning "But if you want to proceed like this, use the -f (force) flag."
_failure "Operation aborted."
2013-12-16 20:41:49 +00:00
fi
return $ret
2011-07-10 20:11:10 +00:00
}
2012-01-17 13:00:20 +00:00
2013-12-16 21:23:10 +00:00
# Wrapper to allow encrypted swap and remind the user about
# possible data leaks to disk if swap is on, and not to be ignored
_check_swap() {
if ! option_is_set -f && ! option_is_set --ignore-swap; then
2014-07-13 15:35:28 +00:00
check_swap
case $? in
0|2) # No, or encrypted swap
return 0
;;
*) # Unencrypted swap
return 1
;;
esac
2013-12-16 21:23:10 +00:00
fi
2011-07-10 20:11:10 +00:00
}
2012-01-17 13:00:20 +00:00
2013-05-28 09:57:58 +00:00
# Ask user for a password
ask_password() {
2011-02-14 09:24:31 +00:00
# we use pinentry now
# comes from gpg project and is much more secure
# it also conveniently uses the right toolkit
2010-08-22 13:04:19 +00:00
2011-02-14 09:24:31 +00:00
# pinentry has no custom icon setting
# so we need to temporary modify the gtk theme
2011-02-24 23:10:09 +00:00
if [ -r /usr/local/share/themes/tomb/gtk-2.0-key/gtkrc ]; then
2014-07-13 15:35:28 +00:00
GTK2_RC=/usr/local/share/themes/tomb/gtk-2.0-key/gtkrc
2011-02-24 23:10:09 +00:00
elif [ -r /usr/share/themes/tomb/gtk-2.0-key/gtkrc ]; then
2014-07-13 15:35:28 +00:00
GTK2_RC=/usr/share/themes/tomb/gtk-2.0-key/gtkrc
2011-02-14 23:19:45 +00:00
fi
2011-02-20 13:59:30 +00:00
2014-04-30 15:31:28 +00:00
title="Insert tomb password."
2011-11-03 14:13:49 +00:00
if [ $2 ]; then title="$2"; fi
2014-08-12 19:10:48 +00:00
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} pinentry 2>- | tail -n +7
2011-04-13 14:56:57 +00:00
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
2011-11-03 14:13:49 +00:00
SETTITLE $title
SETDESC $1
2011-02-14 09:24:31 +00:00
SETPROMPT Password:
GETPIN
2012-09-05 15:47:00 +00:00
EOF`
if [[ `tail -n1 <<<$output` =~ ERR ]]; then
2014-07-13 15:35:28 +00:00
return 1
2012-09-05 15:47:00 +00:00
fi
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
return 0
2011-01-19 11:38:19 +00:00
}
2013-05-28 09:57:58 +00:00
# Drop privileges
2011-01-12 10:38:03 +00:00
exec_as_user() {
2011-02-03 16:11:08 +00:00
if ! [ $SUDO_USER ]; then
2014-07-13 15:35:28 +00:00
exec $@[@]
return $?
2011-02-03 16:11:08 +00:00
fi
2014-04-30 15:31:28 +00:00
_verbose "exec_as_user '$SUDO_USER': ${(f)@}"
2011-03-31 17:42:05 +00:00
sudo -u $SUDO_USER "${@[@]}"
return $?
2011-02-03 16:11:08 +00:00
}
2013-05-28 09:57:58 +00:00
#Escalate privileges
2011-02-03 16:11:08 +00:00
check_priv() {
2012-07-09 18:53:14 +00:00
# save original user
username=$USER
2011-04-10 19:38:01 +00:00
if [ $UID != 0 ]; then
2014-07-13 15:35:28 +00:00
_verbose "Using sudo for root execution of '${TOMBEXEC} ${(f)OLDARGS}'."
# check if sudo has a timestamp active
sudok=false
2013-05-28 09:57:58 +00:00
2014-07-13 15:35:28 +00:00
if ! option_is_set --sudo-pwd; then
if [ $? != 0 ]; then # if not then ask a password
2014-08-12 19:10:48 +00:00
cat <<EOF | pinentry 2>- | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
2011-04-13 14:56:57 +00:00
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
2011-02-14 09:24:31 +00:00
SETTITLE Super user privileges required
2011-07-14 13:47:20 +00:00
SETDESC Sudo execution of Tomb ${OLDARGS[@]}
2011-02-13 11:29:07 +00:00
SETPROMPT Insert your USER password:
2011-02-14 09:24:31 +00:00
GETPIN
EOF
2014-07-13 15:35:28 +00:00
fi
else
_verbose "Escalating privileges using sudo-pwd."
sudo -S -v <<<`option_value --sudo-pwd`
fi
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
exit $?
2011-02-14 09:24:31 +00:00
fi # are we root already
2013-05-25 13:04:16 +00:00
# make sure necessary kernel modules are loaded
2014-08-25 19:01:50 +00:00
modprobe dm_mod
modprobe dm_crypt
2013-05-25 13:05:21 +00:00
2011-02-03 19:42:46 +00:00
return 0
2011-01-12 10:38:03 +00:00
}
2013-05-28 09:57:58 +00:00
2013-06-19 18:20:17 +00:00
# check if a filename is a valid tomb
is_valid_tomb() {
2014-04-30 15:31:28 +00:00
_verbose "is_valid_tomb $1"
2013-06-19 18:20:17 +00:00
# argument check
{ test "$1" = "" } && {
2014-07-13 15:35:28 +00:00
_warning "Tomb file is missing from arguments."; return 1 }
2013-06-19 18:20:17 +00:00
# file checks
{ test -r "$1" } || {
2014-07-13 15:35:28 +00:00
_warning "Tomb file not found: $1"; return 1 }
2013-06-19 18:20:17 +00:00
{ test -f "$1" } || {
2014-07-13 15:35:28 +00:00
_warning "Tomb file is not a regular file: $1"; return 1 }
2014-08-27 10:28:15 +00:00
{ test -s "$1" } || {
_warning "Tomb file is empty (zero length): $1"; return 1 }
{ test -w "$1" } || {
_warning "Tomb file is not writable: $1"; return 1 }
2014-08-25 19:01:50 +00:00
2014-08-27 10:28:15 +00:00
# check file type (if its a Luks fs)
2014-08-25 19:01:50 +00:00
file "$1" | grep -i "luks encrypted file" > /dev/null || {
_warning "File is not yet a tomb: $1" }
2013-06-19 18:20:17 +00:00
# check if its already open
tombfile=`basename $1`
tombname=${tombfile%%\.*}
2014-08-25 19:01:50 +00:00
mount -l | grep "${tombfile}.*\[$tombname\]$" > /dev/null
2013-06-19 18:20:17 +00:00
{ test $? = 0 } && {
2014-07-13 15:35:28 +00:00
_warning "Tomb is currently in use: $tombname"; return 1 }
2013-06-19 18:20:17 +00:00
_message "Valid tomb file found: $1"
return 0
}
2014-02-19 11:08:26 +00:00
2014-08-25 19:01:50 +00:00
# $1 is the tomb file to be lomounted
lo_mount() {
tpath="$1"
is_valid_tomb "$tpath" || {
_failure "Loopback mount called on invalid tomb: $tpath" }
2014-08-27 10:28:15 +00:00
# check if we have support for loop mounting
2014-08-25 19:01:50 +00:00
losetup -f >& -
[[ $? = 0 ]] || {
2014-08-27 10:28:15 +00:00
_warning "Loop mount of volumes is not possible on this machine, this error"
_warning "often occurs on VPS and kernels that don't provide the loop module."
_warning "It is impossible to use Tomb on this machine at this conditions."
_failure "Operation aborted."
}
2014-08-25 19:01:50 +00:00
_nstloop=`losetup -f` # get the number for next loopback device
losetup -f "$tpath" >& - # allocates the next loopback for our file
tomb_loopdevs+=("$_nstloop") # add to array of lodevs used
return 0
}
# print out latest loopback mounted
2014-08-25 21:32:32 +00:00
lo_new() { print - "${tomb_loopdevs[${#tomb_loopdevs}]}" }
2014-08-25 19:01:50 +00:00
# $1 is the path to the lodev to be preserved after quit
lo_preserve() {
_verbose "lo_preserve on $1"
# remove the lodev from the tomb_lodevs array
tomb_loopdevs=("${(@)tomb_loopdevs:#$1}")
}
2014-08-25 21:32:32 +00:00
# eventually used for debugging
2014-08-25 19:01:50 +00:00
dump_secrets() {
_verbose "tomb_file: $tomb_file"
_verbose "tomb_key: ${#tomb_key} chars long"
_verbose "tomb_key_file: $tomb_key_file"
_verbose "tomb_secret: ${#tomb_secret} chars long"
_verbose "tomb_password: $tomb_password"
_verbose "tomb_tempfiles: ${(@)tomb_tempfiles}"
_verbose "tomb_loopdevs: ${(@)tomb_loopdevs}"
}
2011-12-01 17:53:12 +00:00
# }}}
2011-10-31 23:36:14 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Commandline interaction
2013-05-28 10:58:05 +00:00
2011-03-31 17:42:05 +00:00
usage() {
2011-12-01 17:53:12 +00:00
cat <<EOF
2011-02-20 13:59:30 +00:00
2013-06-20 08:26:12 +00:00
Syntax: tomb [options] command [arguments]
2011-02-20 13:59:30 +00:00
Commands:
2013-06-20 08:26:12 +00:00
// Creation:
2014-01-12 22:39:59 +00:00
dig create a new empty TOMB file of size -s in MB
2013-03-22 21:31:29 +00:00
forge create a new KEY file and set its password
lock installs a lock on a TOMB to use it with KEY
2013-06-20 08:26:12 +00:00
// Operations on tombs:
2013-03-22 21:31:29 +00:00
open open an existing TOMB
2013-03-30 16:29:51 +00:00
index update the search indexes of tombs
search looks for filenames matching text patterns
2013-06-20 08:26:12 +00:00
list list of open TOMBs and information on them
close close a specific TOMB (or 'all')
2013-03-22 21:31:29 +00:00
slam slam a TOMB killing all programs using it
2011-05-09 09:00:47 +00:00
EOF
2013-06-20 08:26:12 +00:00
if [ "$RESIZER" = 1 ]; then
2014-07-13 15:35:28 +00:00
cat <<EOF
2014-01-12 22:39:59 +00:00
resize resize a TOMB to a new size -s (can only grow)
2013-06-20 08:26:12 +00:00
EOF
fi
2013-06-20 10:46:20 +00:00
cat <<EOF
// Operations on keys:
passwd change the password of a KEY
setkey change the KEY locking a TOMB (needs old one)
EOF
2013-06-19 18:52:21 +00:00
{ test "$QRENCODE" = "1" } && {
2014-07-13 15:35:28 +00:00
cat <<EOF
2013-06-20 08:26:12 +00:00
engrave makes a QR code of a KEY to be saved on paper
2013-06-19 18:52:21 +00:00
EOF
}
2011-12-01 17:53:12 +00:00
if [ "$STEGHIDE" = 1 ]; then
2014-07-13 15:35:28 +00:00
cat <<EOF
2013-06-20 08:26:12 +00:00
bury hide a KEY inside a JPEG image
exhume extract a KEY from a JPEG image
2011-05-09 09:00:47 +00:00
EOF
2011-12-01 17:53:12 +00:00
fi
cat <<EOF
2011-02-20 13:59:30 +00:00
Options:
2012-01-07 23:23:49 +00:00
-s size of the tomb file when creating/resizing one (in MB)
2013-05-28 10:58:05 +00:00
-k path to the key to be used ('-k -' to read from stdin)
2011-02-20 13:59:30 +00:00
-n don't process the hooks found in tomb
2011-05-24 10:04:18 +00:00
-o mount options used to open (default: rw,noatime,nodev)
2012-01-17 13:00:20 +00:00
-f force operation (i.e. even if swap is active)
2013-06-12 11:33:54 +00:00
EOF
{ test "$KDF" = 1 } && {
2014-07-13 15:35:28 +00:00
cat <<EOF
2013-06-20 08:26:12 +00:00
--kdf generate passwords armored against dictionary attacks
2013-06-12 11:33:54 +00:00
EOF
}
2013-06-12 16:15:55 +00:00
2013-06-12 11:33:54 +00:00
cat <<EOF
2011-02-20 13:59:30 +00:00
-h print this help
2012-01-17 16:28:40 +00:00
-v print version, license and list of available ciphers
2011-02-20 13:59:30 +00:00
-q run quietly without printing informations
-D print debugging information at runtime
For more informations on Tomb read the manual: man tomb
2012-02-07 20:05:09 +00:00
Please report bugs on <http://github.com/dyne/tomb/issues>.
2011-02-20 13:59:30 +00:00
EOF
2011-03-31 17:42:05 +00:00
}
2011-05-09 11:26:36 +00:00
2013-05-28 09:57:58 +00:00
# Check an option
option_is_set() {
# First argument, the commandline flag (i.e. "-s").
# Second (optional) argument: if "out", command will print it out 'set'/'unset'
# (useful for if conditions).
# Return 0 if is set, 1 otherwise
[[ -n ${(k)opts[$1]} ]];
r=$?
if [[ $2 == out ]]; then
2014-07-13 15:35:28 +00:00
if [[ $r == 0 ]]; then
echo 'set'
else
echo 'unset'
fi
2013-05-28 09:57:58 +00:00
fi
return $r;
}
2011-05-09 11:26:36 +00:00
2013-05-28 09:57:58 +00:00
# Get an option value
option_value() {
# First argument, the commandline flag (i.e. "-s").
2014-08-25 21:32:32 +00:00
print -n - "${opts[$1]}"
2013-05-28 09:57:58 +00:00
}
2011-05-09 11:26:36 +00:00
2013-05-28 09:57:58 +00:00
# Messaging function with pretty coloring
function _msg() {
2014-08-29 09:16:00 +00:00
local tmp_msg="$(gettext -s - "$2")"
local msg="${(S)${(S)${(S)tmp_msg//::3*::/$5}//::2*::/$4}//::1*::/$3}"
2013-05-28 09:57:58 +00:00
local command="print -P"
local progname="$fg[magenta]${TOMBEXEC##*/}$reset_color"
2014-08-11 20:56:26 +00:00
local message="$fg_bold[normal]$fg_no_bold[normal]$msg$reset_color"
2013-05-28 09:57:58 +00:00
local -i returncode
2011-05-09 11:26:36 +00:00
2013-05-28 09:57:58 +00:00
case "$1" in
2014-07-13 15:35:28 +00:00
inline)
command+=" -n"; pchars=" > "; pcolor="yellow"
;;
message)
2014-08-11 20:56:26 +00:00
pchars=" . "; pcolor="white"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
;;
verbose)
pchars="[D]"; pcolor="blue"
;;
success)
2014-08-11 20:56:26 +00:00
pchars="(*)"; pcolor="green"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
;;
warning)
2014-08-11 20:56:26 +00:00
pchars="[W]"; pcolor="yellow"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
;;
failure)
2014-08-11 20:56:26 +00:00
pchars="[E]"; pcolor="red"; message="$fg_no_bold[$pcolor]$msg$reset_color"
2014-07-13 15:35:28 +00:00
returncode=1
;;
*)
pchars="[F]"; pcolor="red"
message="Developer oops! Usage: _msg MESSAGE_TYPE \"MESSAGE_CONTENT\""
returncode=127
;;
2013-05-28 09:57:58 +00:00
esac
${=command} "${progname} $fg_bold[$pcolor]$pchars$reset_color ${message}$color[reset_color]" >&2
return $returncode
}
2011-05-09 11:26:36 +00:00
2013-05-28 09:57:58 +00:00
function _message say() {
local notice="message"
[[ "$1" = "-n" ]] && shift && notice="inline"
option_is_set -q || _msg "$notice" "$1"
return 0
}
2011-12-01 19:04:56 +00:00
2013-05-28 09:57:58 +00:00
function _verbose xxx() {
option_is_set -D && _msg verbose "$1"
return 0
}
2011-12-01 19:04:56 +00:00
2013-05-28 09:57:58 +00:00
function _success yes() {
option_is_set -q || _msg success "$1"
return 0
}
2011-12-01 19:04:56 +00:00
2013-05-28 09:57:58 +00:00
function _warning no() {
option_is_set -q || _msg warning "$1"
return 1
}
2011-12-01 19:04:56 +00:00
2013-05-28 09:57:58 +00:00
function _failure die() {
typeset -i exitcode=${2:-1}
option_is_set -q || _msg failure "$1"
2014-08-06 05:43:25 +00:00
# be sure we forget the secrets we were told
2013-05-28 09:57:58 +00:00
exit $exitcode
2011-05-09 11:26:36 +00:00
}
2011-12-01 17:53:12 +00:00
2013-05-28 09:57:58 +00:00
# Print out progress to inform GUI caller applications (--batch mode)
progress() {
# $1 is "what is progressing"
# $2 is "percentage"
# $3 is (eventually blank) status
# Example: if creating a tomb, it could be sth like
# progress create 0 filling with random data
# progress create 40 generating key
# progress keygen 0 please move the mouse
# progress keygen 30 please move the mouse
# progress keygen 60 please move the mouse
# progress keygen 100 key generated
# progress create 80 please enter password
# progress create 90 formatting the tomb
# progress create 100 tomb created successfully
if ! option_is_set --batch; then
2014-07-13 15:35:28 +00:00
return
2013-05-28 09:57:58 +00:00
fi
print "[m][P][$1][$2][$3]" >&2
}
# Check what's installed
check_bin() {
# check for required programs
for req in cryptsetup pinentry sudo gpg; do
2014-08-25 19:01:50 +00:00
command -v $req >& - || _failure "Cannot find $req. It's a requirement to use Tomb, please install it." 1
2013-05-28 09:57:58 +00:00
done
export PATH=/sbin:/usr/sbin:$PATH
# which dd command to use
2014-08-25 19:01:50 +00:00
command -v dcfldd >& -
2013-05-28 09:57:58 +00:00
{ test $? = 0 } && { DD="dcfldd statusinterval=1" }
# which wipe command to use
2014-08-25 19:01:50 +00:00
command -v wipe >& - && WIPE="wipe -f -s" || WIPE="rm -f"
2013-05-28 09:57:58 +00:00
# check for filesystem creation progs
2014-08-25 19:01:50 +00:00
command -v mkfs.ext4 >& - && \
2014-07-13 15:35:28 +00:00
MKFS="mkfs.ext4 -q -F -j -L" || \
MKFS="mkfs.ext3 -q -F -j -L"
2013-05-28 09:57:58 +00:00
# check for steghide
2014-08-25 19:01:50 +00:00
command -v steghide >& - || STEGHIDE=0
2013-05-28 09:57:58 +00:00
# check for resize
2014-08-25 19:01:50 +00:00
command -v e2fsck resize2fs >& - || RESIZER=0
2013-06-12 11:33:54 +00:00
# check for KDF auxiliary tools
2014-08-25 19:01:50 +00:00
command -v tomb-kdb-pbkdf2 >& - || KDF=0
2013-06-12 16:15:55 +00:00
# check for Swish-E file content indexer
2014-08-25 19:01:50 +00:00
command -v swish-e >& - || SWISH=0
2013-06-19 18:52:21 +00:00
# check for QREncode for paper backups of keys
2014-08-25 19:01:50 +00:00
command -v qrencode >& - || QRENCODE=0
2013-05-28 09:57:58 +00:00
}
# }}} - Commandline interaction
# {{{ Key operations
2014-08-25 22:54:41 +00:00
# $1 is the encrypted key contents we are checking
is_valid_key() {
_verbose "is_valid_key"
_key="$1"
# argument check
{ test "$_key" = "" } && { _key="$tomb_key" }
{ test "$_key" = "" } && {
_warning "is_valid_key() called without argument."; return 1 }
# if the key file is an image don't check file header
{ test -r "$tomb_key_file" } \
&& [[ `file "$tomb_key_file"` =~ "JP.G" ]] \
&& {
_message "Key is an image, it might be valid."; return 0 }
[[ "$_key" =~ "BEGIN PGP" ]] && {
_message "Key is valid."; return 0 }
return 1
}
# $1 is a string containing an encrypted key
recover_key() {
_warning "Attempting key recovery."
_key="$tomb_key"
tomb_key=""
[[ "$_key" =~ "_KDF_" ]] && {
tomb_key+="`print - $_key | $head -n 1`\n" }
tomb_key+="-----BEGIN PGP MESSAGE-----\n"
tomb_key+="$_key\n"
tomb_key+="-----END PGP MESSAGE-----\n"
return 0
}
2014-06-08 17:33:35 +00:00
# This function retrieves a tomb key specified on commandline or from
# stdin if -k - was selected. It also runs validity checks on the
2014-08-25 21:32:32 +00:00
# file. On success returns 0 and prints out the full path to
# the key, setting globals: $tomb_key_file and $tomb_key
2013-05-28 09:57:58 +00:00
load_key() {
2014-08-05 15:05:49 +00:00
# take the name of a tomb file as argument to option -k
# if no argument is given, tomb{key|dir|file} are set by caller
2014-08-27 10:28:15 +00:00
local keyopt
[[ "$1" = "" ]] || { keyopt="$1" }
[[ "$keyopt" = "" ]] && { keyopt="`option_value -k`" }
[[ "$keyopt" = "" ]] && {
_failure "This operation requires a key file to be specified using the -k option." }
2014-08-05 15:05:49 +00:00
if [[ "$keyopt" == "-" ]]; then
_verbose "load_key reading from stdin."
# take key from stdin
2014-08-25 19:01:50 +00:00
_message "Waiting for the key to be piped from stdin... "
tomb_key_file=stdin
tomb_key=`cat`
2014-08-27 10:28:15 +00:00
else
_verbose "load_key argument: $keyopt"
2014-08-05 15:05:49 +00:00
# take key from a file
2014-08-25 19:01:50 +00:00
tomb_key_file="$keyopt"
{ test -r "${tomb_key_file}" } || {
_warning "Key not found, specify one using -k."
return 1}
tomb_key=`cat $tomb_key_file`
2013-05-28 09:57:58 +00:00
fi
2013-06-11 21:37:20 +00:00
2014-08-25 19:01:50 +00:00
_verbose "load_key: ${tomb_key_file}"
2013-05-28 09:57:58 +00:00
2014-08-25 22:54:41 +00:00
is_valid_key "${tomb_key}" || {
_warning "The key seems invalid or its format is not known by this version of Tomb."
2014-08-27 10:28:15 +00:00
# try recovering the key
2014-08-25 22:54:41 +00:00
recover_key "$tomb_key"
2014-08-05 15:05:49 +00:00
}
2014-08-25 22:54:41 +00:00
# declared tomb_key (contents)
# declared tomb_key_file (path)
2013-05-28 09:57:58 +00:00
return 0
}
2014-08-05 15:05:49 +00:00
# takes two args just like get_lukskey
# prints out the decrypted content
# contains tweaks for different gpg versions
gpg_decrypt() {
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
gpgver=`gpg --version --no-permission-warning | awk '/^gpg/ {print $3}'`
2014-08-25 21:32:32 +00:00
gpgpass="$1\n$tomb_key"
2014-08-05 15:05:49 +00:00
if [ "$gpgver" = "1.4.11" ]; then
_verbose "GnuPG is version 1.4.11 - adopting status fix."
2014-08-25 21:32:32 +00:00
tomb_secret=`print - "$gpgpass" | \
2014-08-25 19:01:50 +00:00
gpg --batch --passphrase-fd 0 --no-tty --no-options"`
2014-08-05 15:05:49 +00:00
ret=$?
2014-08-25 21:32:32 +00:00
unset gpgpass
2014-08-05 15:05:49 +00:00
else # using status-file in gpg != 1.4.11
2014-08-25 22:54:41 +00:00
# TODO: use mkfifo
2014-08-25 19:01:50 +00:00
tmp_create
_status=`tmp_new`
2014-08-05 15:05:49 +00:00
2014-08-25 21:32:32 +00:00
tomb_secret=`print - "$gpgpass" | \
2014-08-05 15:05:49 +00:00
gpg --batch --passphrase-fd 0 --no-tty --no-options \
--status-fd 2 --no-mdc-warning --no-permission-warning \
2014-08-25 19:01:50 +00:00
--no-secmem-warning 2> $_status`
2014-08-05 15:05:49 +00:00
2014-08-25 19:01:50 +00:00
unset gpgpass
grep 'DECRYPTION_OKAY' $_status > /dev/null
ret=$?
2014-08-05 15:05:49 +00:00
fi
return $ret
}
2014-08-06 09:21:08 +00:00
# Gets a key file and a password, prints out the decoded contents to
# be used directly by Luks as a cryptographic key
get_lukskey() {
2014-08-25 21:32:32 +00:00
# $1 is the password
2014-08-25 19:01:50 +00:00
_verbose "get_lukskey"
_password="$1"
2014-08-06 09:21:08 +00:00
2014-08-25 19:01:50 +00:00
exhumedkey=""
2014-08-06 09:21:08 +00:00
2014-08-25 21:32:32 +00:00
firstline=`head -n1 <<< "$tomb_key"`
2014-08-06 09:21:08 +00:00
# key is KDF encoded
if [[ $firstline =~ '^_KDF_' ]]; then
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
case `cut -d_ -f 3 <<<$firstline` in
pbkdf2sha1)
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
2014-08-25 19:01:50 +00:00
_password=$(tomb-kdb-pbkdf2 ${=pbkdf2_param} 2>- <<<$_password)
2014-08-06 09:21:08 +00:00
;;
*)
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`."
2014-08-25 19:01:50 +00:00
unset _password
2014-08-06 09:21:08 +00:00
return 1
;;
esac
# key needs to be exhumed from an image
2014-08-25 22:54:41 +00:00
elif [ -r "$tomb_key_file" ] \
&& [[ `file "$tomb_key_file"` =~ "JP.G" ]]; then
exhume_key "$tomb_key_file" "$_password"
2014-08-06 09:21:08 +00:00
2014-08-25 22:54:41 +00:00
fi
2014-08-06 09:21:08 +00:00
2014-08-25 21:32:32 +00:00
gpg_decrypt "$_password" # saves decrypted content into $tomb_secret
2014-08-06 09:21:08 +00:00
2014-08-25 19:01:50 +00:00
ret="$?"
2014-08-06 09:21:08 +00:00
_verbose "get_lukskey returns $ret"
return $ret
}
2013-05-28 09:57:58 +00:00
# This function asks the user for the password to use the key it tests
2014-08-25 21:32:32 +00:00
# it against the return code of gpg on success returns 0 and saves
# the password in the global variable $tomb_password
2013-05-28 09:57:58 +00:00
ask_key_password() {
2014-08-25 21:32:32 +00:00
[[ "$tomb_key_file" = "" ]] && {
_failure "Internal error: ask_key_password() called before load_key()." }
2014-08-25 19:01:50 +00:00
keyname="$tomb_key_file"
2014-04-30 15:31:28 +00:00
_message "A password is required to use key ${keyname}"
2014-08-25 19:01:50 +00:00
passok=0
tombpass=""
2014-08-25 21:32:32 +00:00
if [[ "$1" = "" ]]; then
2014-07-13 15:35:28 +00:00
for c in 1 2 3; do
2014-08-25 21:32:32 +00:00
if [[ $c = 1 ]]; then
2014-07-13 15:35:28 +00:00
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
else
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
fi
if [[ $? != 0 ]]; then
_warning "User aborted password dialog."
return 1
fi
2014-08-25 19:01:50 +00:00
get_lukskey "$tombpass"
2014-07-13 15:35:28 +00:00
if [ $? = 0 ]; then
passok=1; _message "Password OK."
break;
fi
done
2014-06-08 17:33:35 +00:00
else
2014-07-13 15:35:28 +00:00
# if a second argument is present then the password is already known
2014-08-25 21:32:32 +00:00
tombpass="$1"
2014-07-13 15:35:28 +00:00
_verbose "ask_key_password with tombpass: $tombpass"
2014-07-13 14:51:13 +00:00
2014-08-25 21:32:32 +00:00
get_lukskey "$tombpass"
2014-07-13 14:51:13 +00:00
2014-07-13 15:35:28 +00:00
if [ $? = 0 ]; then
passok=1; _message "Password OK."; fi
2014-07-13 14:51:13 +00:00
2013-05-28 09:57:58 +00:00
fi
2014-08-06 05:43:25 +00:00
# print the password out in case caller needs to know it
{ test "$passok" = "1" } || { return 1 }
2014-08-25 19:01:50 +00:00
tomb_password="$tombpass"
2013-05-28 09:57:58 +00:00
return 0
}
# change tomb key password
change_passwd() {
_message "Commanded to change password for tomb key $1"
2013-12-16 21:23:10 +00:00
_check_swap
2013-05-28 09:57:58 +00:00
2014-08-25 19:01:50 +00:00
load_key
keyfile="$tomb_key_file"
2013-05-28 09:57:58 +00:00
local tmpnewkey lukskey c tombpass tombpasstmp
2014-08-25 19:01:50 +00:00
tmp_create
tmpnewkey=`tmp_new`
2013-05-28 09:57:58 +00:00
_success "Changing password for $keyfile"
2014-07-13 14:51:13 +00:00
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-old-pwd; then
2014-07-13 15:35:28 +00:00
tomb_old_pwd="`option_value --tomb-old-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-old-pwd = $tomb_old_pwd"
ask_key_password "$tomb_old_pwd"
2014-06-08 17:33:35 +00:00
else
2014-08-25 21:32:32 +00:00
ask_key_password
2014-06-08 17:33:35 +00:00
fi
2013-05-28 09:57:58 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "No valid password supplied." }
2013-05-28 09:57:58 +00:00
2014-08-25 21:32:32 +00:00
# here $tomb_secret contains the key material in clear
2014-07-13 14:51:13 +00:00
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tomb_new_pwd="`option_value --tomb-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-pwd = $tomb_new_pwd"
2014-08-25 19:01:50 +00:00
gen_key "$tomb_new_pwd" >> "$tmpnewkey"
2014-06-08 17:33:35 +00:00
else
2014-08-25 19:01:50 +00:00
gen_key >> "$tmpnewkey"
2014-06-08 17:33:35 +00:00
fi
2014-07-13 14:51:13 +00:00
2014-08-25 19:01:50 +00:00
if ! is_valid_key "`cat $tmpnewkey`"; then
2014-07-13 15:35:28 +00:00
_failure "Error: the newly generated keyfile does not seem valid."
2014-06-08 17:33:35 +00:00
else
2014-07-13 15:35:28 +00:00
# copy the new key as the original keyfile name
cp -f "${tmpnewkey}" "${keyfile}"
_success "Your passphrase was successfully updated."
2013-05-28 09:57:58 +00:00
2014-06-08 17:33:35 +00:00
fi
2014-08-25 21:32:32 +00:00
return 0
2013-05-28 09:57:58 +00:00
}
# takes care to encrypt a key
2014-08-25 19:01:50 +00:00
# honored options: --kdf --tomb-pwd -o
2013-05-28 09:57:58 +00:00
gen_key() {
2014-08-25 19:01:50 +00:00
# $1 the password to use, if not set then ask user
# -o is the --cipher-algo to use (string taken by GnuPG)
2014-06-08 17:33:35 +00:00
local algopt="`option_value -o`"
local algo="${algopt:-AES256}"
2013-05-28 09:57:58 +00:00
# here user is prompted for key password
2014-08-25 19:01:50 +00:00
tombpass=""
tombpasstmp=""
if [ "$1" = "" ]; then
2014-07-13 15:35:28 +00:00
while true; do
# 3 tries to write two times a matching password
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key"`
if [[ $? != 0 ]]; then
_failure "User aborted."
fi
if [ -z $tombpass ]; then
_warning "You set empty password, which is not possible."
continue
fi
tombpasstmp=$tombpass
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key (again)"`
if [[ $? != 0 ]]; then
_failure "User aborted."
fi
if [ "$tombpasstmp" = "$tombpass" ]; then
break;
fi
unset tombpasstmp
unset tombpass
done
2013-05-28 09:57:58 +00:00
else
2014-08-25 19:01:50 +00:00
tombpass="$1"
2014-07-13 15:35:28 +00:00
_verbose "gen_key takes tombpass from CLI argument: $tombpass"
2013-05-28 09:57:58 +00:00
fi
2013-06-12 11:33:54 +00:00
header=""
2013-06-20 10:46:20 +00:00
{ test "$KDF" = 1 } && {
2014-07-13 15:35:28 +00:00
{ option_is_set --kdf } && {
2013-05-28 09:57:58 +00:00
# KDF is a new key strenghtening technique against brute forcing
# see: https://github.com/dyne/Tomb/issues/82
2014-07-13 15:35:28 +00:00
itertime="`option_value --kdf`"
# removing support of floating points because they can't be type checked well
if [[ "$itertime" != <-> ]]; then
unset tombpass
unset tombpasstmp
_failure "Wrong argument for --kdf: must be an integer number (iteration seconds)."
fi
# --kdf takes one parameter: iter time (on present machine) in seconds
local -i microseconds
2014-08-05 15:05:49 +00:00
microseconds=$(( itertime * 10000 ))
2014-07-13 15:35:28 +00:00
_success "Using KDF, iterations: $microseconds"
2014-08-05 15:05:49 +00:00
_message "generating salt"
2014-07-13 15:35:28 +00:00
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
2014-08-05 15:05:49 +00:00
_message "calculating iterations"
2014-07-13 15:35:28 +00:00
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
2014-08-05 15:05:49 +00:00
_message "encoding the password"
2014-07-13 15:35:28 +00:00
# We use a length of 64bytes = 512bits (more than needed!?)
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
}
2013-06-12 11:33:54 +00:00
}
2013-05-28 09:57:58 +00:00
2013-06-19 18:20:17 +00:00
2014-08-27 10:28:15 +00:00
print $header
2013-05-28 09:57:58 +00:00
2014-08-27 10:28:15 +00:00
# TODO: check result of gpg operation
2014-08-25 19:01:50 +00:00
cat <<EOF | gpg --openpgp --force-mdc --cipher-algo ${algo} \
2014-07-13 15:35:28 +00:00
--batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
2014-08-25 19:01:50 +00:00
-o - -c -a
${tombpass}
${tomb_secret}
EOF
# print -n "${tombpass}" \
# | gpg --openpgp --force-mdc --cipher-algo ${algo} \
# --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
# -o - -c -a ${lukskey}
2013-05-28 09:57:58 +00:00
2014-08-25 21:32:32 +00:00
# update global var
tomb_password="$tombpass"
2013-05-28 09:57:58 +00:00
unset tombpass
2013-06-20 10:46:20 +00:00
unset tombpasstmp
2013-05-28 09:57:58 +00:00
}
# prints an array of ciphers available in gnupg (to encrypt keys)
list_gnupg_ciphers() {
# prints an error if GnuPG is not found
2014-08-25 19:01:50 +00:00
which gpg >& - || _failure "gpg (GnuPG) is not found, Tomb cannot function without it."
2013-05-28 09:57:58 +00:00
ciphers=(`gpg --version | awk '
BEGIN { ciphers=0 }
/^Cipher:/ { gsub(/,/,""); sub(/^Cipher:/,""); print; ciphers=1; next }
/^Hash:/ { ciphers=0 }
{ if(ciphers==0) { next } else { gsub(/,/,""); print; } }
'`)
echo " ${ciphers}"
return 1
}
# Steganographic function to bury a key inside an image.
2013-06-12 11:33:54 +00:00
# Requires steghide(1) to be installed
2013-05-28 09:57:58 +00:00
bury_key() {
2014-08-25 19:01:50 +00:00
load_key
2014-08-25 21:32:32 +00:00
[[ $? = 0 ]] || {
_failure "Bury failed for invalid key: $tomb_key_file" }
2013-06-12 11:33:54 +00:00
2014-06-08 17:33:35 +00:00
imagefile=$1
2013-05-28 09:57:58 +00:00
2014-08-25 19:01:50 +00:00
file $imagefile | grep -i JPEG > /dev/null
2013-05-28 09:57:58 +00:00
if [ $? != 0 ]; then
2014-06-08 17:33:35 +00:00
_warning "Encode failed: $imagefile is not a jpeg image."
return 1
2013-05-28 09:57:58 +00:00
fi
2014-07-13 14:51:13 +00:00
2011-12-01 19:04:56 +00:00
_success "Encoding key $tombkey inside image $imagefile"
2014-04-30 15:31:28 +00:00
_message "Please confirm the key password for the encoding"
2014-08-05 15:05:49 +00:00
# We ask the password and test if it is the same encoding the
# base key, to insure that the same password is used for the
# encryption and the steganography. This is a standard enforced
# by Tomb, but its not strictly necessary (and having different
# password would enhance security). Nevertheless here we prefer
# usability.
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tomb_pwd="`option_value --tomb-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-pwd = $tomb_pwd"
ask_key_password "$tomb_pwd"
2014-06-08 17:33:35 +00:00
else
2014-08-25 21:32:32 +00:00
ask_key_password
2014-06-08 17:33:35 +00:00
fi
2013-06-12 11:33:54 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_warning "Wrong password supplied."
_failure "You shall not bury a key whose password is unknown to you."
2013-06-12 11:33:54 +00:00
}
2011-12-01 17:53:12 +00:00
2013-06-12 11:33:54 +00:00
# we omit armor strings since having them as constants can give
# ground to effective attacks on steganography
2014-08-25 21:32:32 +00:00
print - "$tomb_key" | awk '
2011-12-01 17:53:12 +00:00
/^-----/ {next}
/^Version/ {next}
2014-08-25 21:32:32 +00:00
{print $0}' \
2011-12-01 17:53:12 +00:00
| steghide embed --embedfile - --coverfile ${imagefile} \
2014-08-25 21:32:32 +00:00
-p ${tomb_password} -z 9 -e serpent cbc
2011-12-01 17:53:12 +00:00
if [ $? != 0 ]; then
2014-06-08 17:33:35 +00:00
_warning "Encoding error: steghide reports problems."
res=1
2011-12-01 17:53:12 +00:00
else
2014-06-08 17:33:35 +00:00
_success "Tomb key encoded succesfully into image ${imagefile}"
res=0
2011-12-01 17:53:12 +00:00
fi
return $res
}
2014-08-05 15:05:49 +00:00
# mandatory 1st arg: the image file where key is supposed to be
# optional 2nd arg: the password to use (same as key, internal use)
# optional 3rd arg: the key where to save the result (- for stdout)
2013-05-28 09:57:58 +00:00
exhume_key() {
2014-06-08 17:33:35 +00:00
imagefile="$1"
2011-12-01 17:53:12 +00:00
res=1
2011-05-09 11:26:36 +00:00
2014-08-05 15:05:49 +00:00
knownpass="$2"
2014-08-27 10:28:15 +00:00
destkey="$3"
[[ "$destkey" = "" ]] && {
destkey="`option_value -k`"
{ test "$destkey" = "" } && {
2014-08-05 15:05:49 +00:00
# no key output specified: fallback to stdout
2014-08-27 10:28:15 +00:00
destkey="-"
2014-08-05 15:05:49 +00:00
_message "printing exhumed key on stdout" }
}
2014-08-25 22:54:41 +00:00
{ test -r "$imagefile" } || {
_failure "Exhume failed, image file not found: $imagefile" }
2014-08-05 15:05:49 +00:00
[[ `file "$imagefile"` =~ "JP.G" ]] || {
2014-08-25 22:54:41 +00:00
_failure "Exhume failed: $imagefile is not a jpeg image." }
2014-08-05 15:05:49 +00:00
# when a password is passed as argument then always print out
# the exhumed key on stdout without further checks (internal use)
{ test "$knownpass" = "" } || {
2014-08-25 22:54:41 +00:00
tomb_key=`steghide extract -sf "$imagefile" -p "$knownpass" -xf -`
2014-08-05 15:05:49 +00:00
{ test $? = 0 } || {
_failure "Wrong password or no steganographic key found" }
2014-08-25 22:54:41 +00:00
recover_key "$tomb_key"
return 0
2014-08-05 15:05:49 +00:00
}
2011-12-01 17:53:12 +00:00
2014-08-27 10:28:15 +00:00
{ test "$destkey" = "-" } || {
if [[ -s "$destkey" ]]; then
_warning "File exists: $destkey"
2014-08-03 17:54:43 +00:00
{ option_is_set -f } || {
_warning "Make explicit use of --force to overwrite."
_failure "Refusing to overwrite file. Operation aborted." }
_warning "Use of --force selected: overwriting."
2014-08-27 10:28:15 +00:00
rm -f ${destkey}
2014-08-03 17:54:43 +00:00
fi
}
2013-05-28 09:57:58 +00:00
2013-06-12 11:33:54 +00:00
_message "Trying to exhume a key out of image $imagefile"
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tombpass="`option_value --tomb-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-pwd = $tombpass"
elif [[ "$tomb_password" != "" ]]; then
# password is known already
tombpass="$tomb_password"
2013-06-12 11:33:54 +00:00
else
2014-07-13 15:35:28 +00:00
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
if [[ $? != 0 ]]; then
_warning "User aborted password dialog."
return 1
fi
2013-06-12 11:33:54 +00:00
fi
2014-06-08 17:33:35 +00:00
# always steghide required
2014-08-27 10:28:15 +00:00
steghide extract -sf ${imagefile} -p ${tombpass} -xf ${destkey}
2013-06-12 11:33:54 +00:00
res=$?
2011-12-01 17:53:12 +00:00
unset tombpass
2013-06-12 16:15:55 +00:00
2014-08-27 10:28:15 +00:00
[[ "$destkey" = "-" ]] && { destkey="stdout" }
2013-06-12 11:33:54 +00:00
if [ $res = 0 ]; then
2014-08-27 10:28:15 +00:00
_success "Key succesfully exhumed to ${destkey}."
2014-06-08 17:33:35 +00:00
else
2014-08-27 10:28:15 +00:00
_warning "Nothing found in ${imagefile}."
2011-12-01 17:53:12 +00:00
fi
2014-06-08 17:33:35 +00:00
return $res
2011-12-01 17:53:12 +00:00
}
2012-01-17 16:28:40 +00:00
2013-06-19 18:52:21 +00:00
# Produces a printable image of the key contents so that it can be
# backuped on paper and hidden in books etc.
2013-06-20 08:26:12 +00:00
engrave_key() {
2013-06-19 18:52:21 +00:00
# load key from options
2014-08-25 19:01:50 +00:00
load_key
tombkey="$tomb_key_file"
2014-04-30 15:31:28 +00:00
{ test $? = 0 } || { _failure "No key specified." }
2013-06-19 18:52:21 +00:00
keyname=`basename $tombkey`
pngname="$keyname.qr.png"
2014-04-30 15:31:28 +00:00
_success "Rendering a printable QRCode for key: $tombkey"
2013-06-19 18:52:21 +00:00
# we omit armor strings to save space
awk '
/^-----/ {next}
/^Version/ {next}
2013-09-18 00:19:04 +00:00
{print $0}' ${tombkey} | qrencode --size 4 --level H \
2013-06-19 18:52:21 +00:00
--casesensitive -o "$pngname"
2014-04-30 15:31:28 +00:00
{ test $? = 0 } || { _failure "QREncode reported an error." }
_success "Operation successful:"
2014-08-27 10:28:15 +00:00
ls -lh $pngname
file $pngname
2013-06-19 18:52:21 +00:00
}
2013-05-28 09:57:58 +00:00
# }}} - Key handling
2011-12-01 19:27:05 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Create
2011-12-01 19:04:56 +00:00
2013-03-22 20:13:59 +00:00
# This is a new way to create tombs which dissects the whole create_tomb() into 3 clear steps:
2013-05-28 09:57:58 +00:00
#
2014-04-28 12:56:21 +00:00
# * dig a .tomb (the large file) using /dev/urandom (takes some minutes at least)
2013-05-28 09:57:58 +00:00
#
2014-04-28 12:56:21 +00:00
# * forge a .key (the small file) using /dev/random (good entropy needed)
2013-05-28 09:57:58 +00:00
#
# * lock the .tomb file with the key, binding the key to the tomb (requires dm_crypt format)
2013-03-22 20:13:59 +00:00
forge_key() {
2013-06-19 18:20:17 +00:00
# can be specified both as simple argument or using -k
2014-08-25 19:01:50 +00:00
destkey="$1"
2013-06-19 18:20:17 +00:00
{ option_is_set -k } && { destkey="`option_value -k`" }
2013-03-22 20:13:59 +00:00
2013-06-19 18:20:17 +00:00
{ test "$destkey" = "" } && {
2014-07-13 15:35:28 +00:00
_warning "A filename needs to be specified using -k to forge a new key."
return 1 }
2013-06-11 21:37:20 +00:00
2014-06-08 18:30:35 +00:00
_message "Commanded to forge key $destkey"
_check_swap
2014-04-04 12:52:15 +00:00
# make sure that gnupg doesn't quits with an error before first run
2014-04-25 21:00:00 +00:00
{ test -r $HOME/.gnupg/pubring.gpg } || {
2014-07-13 15:35:28 +00:00
mkdir $HOME/.gnupg
touch $HOME/.gnupg/pubring.gpg }
2014-04-04 12:52:15 +00:00
2013-06-19 18:20:17 +00:00
{ test -r "$destkey" } && {
2014-07-13 15:35:28 +00:00
_warning "Forging this key would overwrite an existing file. Operation aborted."
_failure "`ls -lh $destkey`" }
2013-03-22 20:13:59 +00:00
2013-06-19 18:20:17 +00:00
{ option_is_set -o } && { algopt="`option_value -o`" }
algo=${algopt:-AES256}
_message "Commanded to forge key $destkey with cipher algorithm $algo"
2014-08-25 19:01:50 +00:00
tomb_key_file="$destkey"
2013-03-22 20:13:59 +00:00
2014-04-30 15:31:28 +00:00
_message "This operation takes time, keep using this computer on other tasks,"
2013-03-22 20:13:59 +00:00
_message "once done you will be asked to choose a password for your tomb."
_message "To make it faster you can move the mouse around."
_message "If you are on a server, you can use an Entropy Generation Daemon."
2013-06-19 18:20:17 +00:00
local random_source=/dev/random
2013-03-22 20:13:59 +00:00
if option_is_set --use-urandom; then
2014-07-13 15:35:28 +00:00
random_source=/dev/urandom
2013-03-22 20:13:59 +00:00
fi
2014-04-30 15:31:28 +00:00
_verbose "Data dump using ${DD[1]} from $random_source"
2014-08-25 19:01:50 +00:00
tomb_secret=`${=DD} bs=1 count=256 if=$random_source`
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_warning "Cannot generate encryption key."
2014-08-25 19:01:50 +00:00
_failure "Operation aborted." }
2013-03-22 20:13:59 +00:00
2014-08-25 19:01:50 +00:00
# here the global var tomb_secret contains the nude secret
_success "Choose the password of your key: ${tomb_key_file}"
2014-05-06 06:12:19 +00:00
_message "(You can also change it later using 'tomb passwd'.)"
2014-08-25 19:01:50 +00:00
touch ${tomb_key_file}
chown ${_uid}:${_gid} ${tomb_key_file}
chmod 0600 ${tomb_key_file}
2013-03-22 20:13:59 +00:00
2014-08-25 19:01:50 +00:00
tombname="$tomb_key_file"
2013-03-22 20:13:59 +00:00
# the gen_key() function takes care of the new key's encryption
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tomb_new_pwd="`option_value --tomb-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-pwd = $tomb_new_pwd"
2014-08-25 19:01:50 +00:00
gen_key "$tomb_new_pwd" >> "$tomb_key_file"
2014-06-08 17:33:35 +00:00
else
2014-08-25 19:01:50 +00:00
gen_key >> "$tomb_key_file"
2014-06-08 17:33:35 +00:00
fi
2014-08-25 19:01:50 +00:00
# load the key contents
tomb_key=`cat "$tomb_key_file"`
2013-05-28 09:57:58 +00:00
# this does a check on the file header
2014-08-25 19:01:50 +00:00
is_valid_key "${tomb_key}" || {
2014-07-13 15:35:28 +00:00
_warning "The key does not seem to be valid."
_warning "Dumping contents to screen:"
cat ${tombkey}
_warning "--"
umount ${keytmp}
rm -r $keytmp
_failure "Operation aborted."
2014-08-25 19:01:50 +00:00
}
2013-03-22 20:13:59 +00:00
2014-08-25 19:01:50 +00:00
_message "Done forging $tomb_key_file"
2013-03-22 20:13:59 +00:00
_success "Your key is ready:"
2014-08-25 19:01:50 +00:00
ls -lh ${tomb_key_file}
2013-03-22 20:13:59 +00:00
}
2013-05-25 13:04:16 +00:00
# Dig a tomb, means that it will create an empty file to be formatted
# as a loopback filesystem. Initially the file is filled with random data
# taken from /dev/urandom which improves the tomb's overall security
2013-03-22 20:13:59 +00:00
dig_tomb() {
_message "Commanded to dig tomb $1"
2014-06-08 18:30:35 +00:00
if [ "$1" = "" ]; then
2014-07-13 15:35:28 +00:00
_warning "No tomb name specified for creation."
return 1
2013-03-22 20:13:59 +00:00
fi
2014-06-08 18:30:35 +00:00
_check_swap
2013-03-22 20:13:59 +00:00
tombfile=`basename $1`
tombdir=`dirname $1`
# make sure the file has a .tomb extension
tombname=${tombfile%%\.*}
tombfile=${tombname}.tomb
# require the specification of the size of the tomb (-s) in MB
tombsize="`option_value -s`"
2014-04-30 15:31:28 +00:00
[ $tombsize ] || _failure "Size argument missing, use -s"
2013-03-22 20:13:59 +00:00
2014-04-30 15:31:28 +00:00
[[ $tombsize != <-> ]] && _failure "Size argument is not an integer."
2013-03-22 20:13:59 +00:00
2014-04-30 15:31:28 +00:00
[[ $tombsize -lt 10 ]] && _failure "Tombs can't be smaller than 10 megabytes."
2013-05-27 19:35:28 +00:00
2013-03-22 20:13:59 +00:00
if [ -e ${tombdir}/${tombfile} ]; then
2014-07-13 15:35:28 +00:00
_warning "A tomb exists already. I'm not digging here:"
_warning " `ls -lh ${tombdir}/${tombfile}`"
return 1
2013-03-22 20:13:59 +00:00
fi
2013-05-25 13:05:21 +00:00
2013-03-22 20:13:59 +00:00
_success "Creating a new tomb in ${tombdir}/${tombfile}"
2013-05-27 19:22:24 +00:00
_message "Generating ${tombfile} of ${tombsize}MiB"
2013-03-22 20:13:59 +00:00
# we will first touch the file and set permissions: this way, even if interrupted, permissions are right
touch ${tombdir}/${tombfile}
chmod 0600 "${tombdir}/${tombfile}"
2013-03-30 17:59:34 +00:00
chown $_uid:$_gid "${tombdir}/${tombfile}"
2013-05-27 19:22:24 +00:00
2014-04-30 15:31:28 +00:00
_verbose "Data dump using ${DD[1]} from /dev/urandom"
2014-08-14 07:58:15 +00:00
2013-05-27 19:22:24 +00:00
${=DD} if=/dev/urandom bs=1048576 count=${tombsize} of=${tombdir}/${tombfile}
2013-03-22 20:13:59 +00:00
if [ $? = 0 -a -e ${tombdir}/${tombfile} ]; then
2014-07-13 15:35:28 +00:00
_message " `ls -lh ${tombdir}/${tombfile}`"
2013-03-22 20:13:59 +00:00
else
2014-07-13 15:35:28 +00:00
_failure "Error creating the tomb ${tombdir}/${tombfile}, operation aborted."
2013-03-22 20:13:59 +00:00
fi
_success "Done digging $tombname"
2014-04-30 15:31:28 +00:00
_message "Your tomb is not yet ready, you need to forge a key and lock it:"
2013-03-22 20:13:59 +00:00
_message "tomb forge ${tombname}.tomb.key"
2014-05-05 16:12:42 +00:00
_message "tomb lock ${tombname}.tomb -k ${tombname}.tomb.key"
2013-03-22 20:13:59 +00:00
}
2013-05-27 20:49:44 +00:00
2013-03-22 21:22:55 +00:00
# this function locks a tomb with a key file
# in fact LUKS formatting the loopback volume
# it take arguments as the LUKS cipher to be used
lock_tomb_with_key() {
if ! [ $1 ]; then
2014-07-13 15:35:28 +00:00
_warning "No tomb specified for locking."
_warning "Usage: tomb lock file.tomb file.tomb.key"
return 1
2013-03-22 21:22:55 +00:00
fi
2014-06-08 17:33:35 +00:00
tombpath="$1"
2013-03-29 11:51:43 +00:00
_message "Commanded to lock tomb ${tombfile}"
2014-06-08 17:33:35 +00:00
tombdir=`dirname "$tombpath"`
tombfile=`basename "$tombpath"`
tombname="${tombfile%%\.*}"
2013-03-22 21:22:55 +00:00
2013-05-29 21:05:30 +00:00
{ test -f ${tombdir}/${tombfile} } || {
2014-07-13 15:35:28 +00:00
_failure "There is no tomb here. You have to it dig first."
return 1 }
2013-03-22 21:22:55 +00:00
2014-04-30 15:31:28 +00:00
_verbose "Tomb found: ${tombdir}/${tombfile}"
2013-03-22 21:22:55 +00:00
2014-08-25 19:01:50 +00:00
lo_mount "${tombdir}/${tombfile}"
nstloop=`lo_new`
2013-03-22 21:22:55 +00:00
2014-04-30 15:31:28 +00:00
_verbose "Loop mounted on ${nstloop}"
2013-03-22 21:22:55 +00:00
2014-04-30 15:31:28 +00:00
_message "Checking if the tomb is empty (we never step on somebody else's bones)."
2013-05-27 20:49:44 +00:00
cryptsetup isLuks ${nstloop}
2013-03-22 21:22:55 +00:00
if [ $? = 0 ]; then
2014-07-13 15:35:28 +00:00
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
_warning "The tomb was already locked with another key."
_failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
2013-03-22 21:22:55 +00:00
else
2014-07-13 15:35:28 +00:00
_message "Fine, this tomb seems empty."
2013-03-22 21:22:55 +00:00
fi
2013-05-27 20:49:44 +00:00
# load key from options or file
2014-08-25 19:01:50 +00:00
load_key
2013-05-27 20:49:44 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "Aborting operations: error loading key." }
# make sure to call drop_key later
2013-03-22 21:22:55 +00:00
2013-06-19 18:20:17 +00:00
# the encryption cipher for a tomb can be set when locking using -o
2013-05-25 13:05:21 +00:00
if option_is_set -o; then
2014-07-13 15:35:28 +00:00
cipher="`option_value -o`"
2013-03-22 21:22:55 +00:00
else
2014-07-13 15:35:28 +00:00
cipher="aes-xts-plain64:sha256"
# old default was aes-cbc-essiv:sha256
# for more alternatives refer to cryptsetup(8)
2013-03-22 21:22:55 +00:00
fi
2014-04-30 15:31:28 +00:00
_message "Locking using cipher: $cipher"
2013-03-22 21:22:55 +00:00
2013-05-27 20:49:44 +00:00
# get the pass from the user and check it
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tomb_pwd="`option_value --tomb-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-pwd = $tomb_pwd"
ask_key_password "$tomb_pwd"
2014-06-08 17:33:35 +00:00
else
2014-08-25 21:32:32 +00:00
ask_key_password
2014-06-08 17:33:35 +00:00
fi
2013-05-27 20:49:44 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "No valid password supplied." }
2013-03-22 21:22:55 +00:00
_success "Locking ${tombfile} with ${tombkey}"
2014-04-30 15:31:28 +00:00
_message "Formatting Luks mapped device."
2014-08-25 21:32:32 +00:00
print -n - "$tomb_secret" | \
2014-07-13 15:35:28 +00:00
cryptsetup --key-file - --batch-mode \
--cipher ${cipher} --key-size 256 --key-slot 0 \
luksFormat ${nstloop}
2013-03-22 21:22:55 +00:00
if ! [ $? = 0 ]; then
2014-07-13 15:35:28 +00:00
_warning "cryptsetup luksFormat returned an error."
_failure "Operation aborted."
2013-03-22 21:22:55 +00:00
fi
2013-05-25 13:05:21 +00:00
2014-08-25 21:32:32 +00:00
print -n - "$tomb_secret" | \
2014-07-13 15:35:28 +00:00
cryptsetup --key-file - \
--cipher ${cipher} luksOpen ${nstloop} tomb.tmp
2013-03-22 21:22:55 +00:00
if ! [ $? = 0 ]; then
2014-07-13 15:35:28 +00:00
_warning "cryptsetup luksOpen returned an error."
_failure "Operation aborted."
2013-03-22 21:22:55 +00:00
fi
2014-04-30 15:31:28 +00:00
_message "Formatting your Tomb with Ext3/Ext4 filesystem."
2013-03-22 21:22:55 +00:00
${=MKFS} ${tombname} /dev/mapper/tomb.tmp
if [ $? != 0 ]; then
2014-07-13 15:35:28 +00:00
_warning "Tomb format returned an error."
_warning "Your tomb ${tombfile} may be corrupted."
2012-09-05 15:47:00 +00:00
fi
2013-05-28 09:57:58 +00:00
2014-08-25 19:01:50 +00:00
# sync
2013-05-28 09:57:58 +00:00
cryptsetup luksClose tomb.tmp
2014-04-30 15:31:28 +00:00
_message "Done locking $tombname using Luks dm-crypt ${create_cipher}"
2013-05-28 09:57:58 +00:00
_success "Your tomb is ready in ${tombdir}/${tombfile} and secured with key ${tombkey}"
2012-09-05 15:47:00 +00:00
}
2013-06-19 18:20:17 +00:00
# This function changes the key that locks a tomb
change_tomb_key() {
2014-06-08 18:30:35 +00:00
_message "Commanded to reset key for tomb $2"
2013-06-19 18:20:17 +00:00
2014-08-27 10:28:15 +00:00
_check_swap
2013-06-19 18:20:17 +00:00
2014-08-27 10:28:15 +00:00
[[ "$2" = "" ]] && {
_warning "Command 'setkey' needs two arguments: the old key file and the tomb."
_warning "I.e: tomb -k new.tomb.key old.tomb.key secret.tomb"
_failure "Execution aborted."
}
2013-06-19 18:20:17 +00:00
2014-08-25 19:01:50 +00:00
lo_mount "$2"
nstloop=`lo_new`
2013-06-19 18:20:17 +00:00
cryptsetup isLuks ${nstloop}
2014-08-27 10:28:15 +00:00
# is it a LUKS encrypted nest? we check one more time
2013-06-19 18:52:21 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "Not a valid LUKS encrypted volume: $2" }
2013-06-19 18:20:17 +00:00
2014-08-27 10:28:15 +00:00
load_key "$1"
{ test $? = 0 } || {
_failure "Aborting operations: error loading old key from arguments" }
old_key="$tomb_key"
old_key_file="$tomb_key_file"
2013-06-19 18:20:17 +00:00
# we have everything, prepare to mount
2014-04-30 15:31:28 +00:00
_success "Changing lock on tomb $tombname"
2014-08-27 10:28:15 +00:00
_message "Old key: $old_key_file"
2013-06-19 18:20:17 +00:00
# render the mapper
mapdate=`date +%s`
# save date of mount in minutes since 1970
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
2014-06-08 17:33:35 +00:00
2013-06-19 18:20:17 +00:00
# load the old key
2014-06-08 18:30:35 +00:00
if option_is_set --tomb-old-pwd; then
2014-07-13 15:35:28 +00:00
tomb_old_pwd="`option_value --tomb-old-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-old-pwd = $tomb_old_pwd"
2014-08-27 10:28:15 +00:00
ask_key_password "$tomb_old_pwd"
2014-06-08 18:30:35 +00:00
else
2014-08-27 10:28:15 +00:00
ask_key_password
2014-06-08 18:30:35 +00:00
fi
2013-06-19 18:20:17 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "No valid password supplied for the old key." }
2014-08-27 10:28:15 +00:00
old_secret="$tomb_secret"
2013-06-19 18:20:17 +00:00
# luksOpen the tomb (not really mounting, just on the loopback)
2014-08-27 10:28:15 +00:00
print -n - "$old_secret" | \
2014-07-13 15:35:28 +00:00
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
2013-06-19 18:20:17 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "Unexpected error in luksOpen." }
2013-06-19 18:20:17 +00:00
2014-08-27 10:28:15 +00:00
load_key
{ test $? = 0 } || {
_failure "Aborting operations: error loading new key from -k" }
new_key="$tomb_key"
new_key_file="$tomb_key_file"
_message "New key: $new_key_file"
if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = $tomb_new_pwd"
ask_key_password "$tomb_new_pwd"
else
ask_key_password
fi
{ test $? = 0 } || {
_failure "No valid password supplied for the new key." }
new_secret="$tomb_secret"
# danger zone: due to cryptsetup limitations, in setkey we need
# to write the bare unencrypted key on the tmpfs.
tmp_create
new_secret_file=`tmp_new`
print -n - "$new_secret" >> $new_secret_file
print -n - "$old_secret"| \
cryptsetup --key-file - luksChangeKey "$nstloop" "$new_secret_file"
2013-06-19 18:20:17 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "Unexpected error in luksChangeKey." }
2013-06-19 18:20:17 +00:00
2014-08-27 10:28:15 +00:00
unset old_key
unset new_key
2014-06-08 18:30:35 +00:00
2013-06-19 18:20:17 +00:00
cryptsetup luksClose "${mapper}"
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "Unexpected error in luksClose." }
2013-06-19 18:20:17 +00:00
2014-04-30 15:31:28 +00:00
_success "Succesfully changed key for tomb: $2"
2014-08-27 10:28:15 +00:00
_message "The new key is: $new_key_file"
2013-06-19 18:20:17 +00:00
return 0
}
2013-05-28 09:57:58 +00:00
# backward compatibility
create_tomb() {
2014-04-30 15:31:28 +00:00
_verbose "create_tomb(): ${=@} ${=OLDARGS}"
2014-08-29 21:23:08 +00:00
[[ "$1" = "" ]] && {
2014-07-13 15:35:28 +00:00
_warning "No tomb name specified for creation."
2014-08-29 21:23:08 +00:00
return 1 }
2012-09-05 15:47:00 +00:00
2014-08-29 21:23:08 +00:00
{ test -s "$1" } && {
_warning "Creating this tomb would overwrite an existing file."
ls -lh "$1"
_failure " Operation aborted." }
2013-06-11 22:03:36 +00:00
2013-05-28 09:57:58 +00:00
tombfile=`basename $1`
tombdir=`dirname $1`
# make sure the file has a .tomb extension
tombname=${tombfile%%\.*}
tombfile=${tombname}.tomb
2013-05-25 13:05:21 +00:00
2013-06-11 22:03:36 +00:00
${TOMBEXEC} dig ${=PARAM}
${TOMBEXEC} forge ${tombdir}/${tombfile}.key
2014-04-30 15:31:28 +00:00
{ test $? = 0 } || { _failure "Failed to forge key, operation aborted." }
2013-05-25 13:04:16 +00:00
2013-06-11 22:03:36 +00:00
${TOMBEXEC} lock ${tombdir}/${tombfile} -k ${tombdir}/${tombfile}.key
2014-04-30 15:31:28 +00:00
{ test $? = 0 } || { _failure "Failed to lock tomb with key, operation aborted." }
2010-08-22 13:04:19 +00:00
2014-04-30 15:31:28 +00:00
_success "Tomb $tombname succesfully created."
2013-05-28 09:57:58 +00:00
ls -l ${tombfile}*
2010-08-22 13:04:19 +00:00
}
2014-02-19 11:08:26 +00:00
2013-05-28 09:57:58 +00:00
# }}} - Creation
2011-12-01 19:04:56 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Open
2011-12-01 19:04:56 +00:00
2012-01-17 15:49:03 +00:00
# $1 = tombfile $2(optional) = mountpoint
2010-08-22 14:44:35 +00:00
mount_tomb() {
2012-01-17 15:49:03 +00:00
_message "Commanded to open tomb $1"
2014-06-08 18:30:35 +00:00
if [ "$1" = "" ]; then
2014-08-11 18:46:58 +00:00
_warning "No tomb name specified for opening."
2014-07-13 15:35:28 +00:00
return 1
2011-07-10 20:11:10 +00:00
fi
2011-08-28 17:28:47 +00:00
2014-06-08 18:30:35 +00:00
_check_swap
2012-07-09 18:53:14 +00:00
2011-09-26 09:33:07 +00:00
# set up variables to be used
# the full path is made with $tombdir/$tombfile
2011-08-20 17:00:10 +00:00
2012-01-17 15:49:03 +00:00
tombfile=`basename ${1}`
tombdir=`dirname ${1}`
2011-09-26 09:33:07 +00:00
# check file type (if its a Luks fs)
2014-08-25 19:01:50 +00:00
file ${tombdir}/${tombfile} | \
grep -i 'luks encrypted file' 2>&1 > /dev/null
2011-09-26 09:33:07 +00:00
if [ $? != 0 ]; then
2014-07-13 15:35:28 +00:00
_warning "$1 is not a valid tomb file, operation aborted."
return 1
2011-09-26 09:33:07 +00:00
fi
tombname=${tombfile%%\.*}
2014-04-30 15:31:28 +00:00
_verbose "Tomb found: ${tombdir}/${tombfile}"
2011-09-26 09:33:07 +00:00
2013-06-11 15:04:10 +00:00
# load_key called here
2014-08-25 19:01:50 +00:00
load_key
2014-08-27 10:28:15 +00:00
########
2014-08-25 19:01:50 +00:00
2013-05-27 20:49:44 +00:00
{ test $? = 0 } || {
2014-08-27 10:28:15 +00:00
_failure "Aborting operations: error loading key $tomb_key_file" }
2013-05-27 20:49:44 +00:00
if [ "$2" = "" ]; then
2014-07-13 15:35:28 +00:00
tombmount=/media/${tombfile}
_message "Mountpoint not specified, using default: $tombmount"
2011-02-03 19:42:46 +00:00
else
2014-07-13 15:35:28 +00:00
tombmount=$2
2011-02-03 19:42:46 +00:00
fi
2011-12-01 17:53:12 +00:00
2011-05-26 11:15:03 +00:00
# check if its already open
2014-08-25 19:01:50 +00:00
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
2011-05-26 11:15:03 +00:00
if [ $? = 0 ]; then
2014-07-13 15:35:28 +00:00
_warning "$tombname is already open."
_message "Here below its status is reported:"
list_tombs ${tombname}
return 0
2011-05-26 11:15:03 +00:00
fi
2011-12-01 17:53:12 +00:00
2012-01-17 16:28:40 +00:00
_success "Opening $tombfile on $tombmount"
2011-02-03 19:42:46 +00:00
2014-08-25 19:01:50 +00:00
lo_mount "${tombdir}/${tombfile}"
nstloop=`lo_new`
2011-04-28 10:14:37 +00:00
2010-08-22 13:04:19 +00:00
cryptsetup isLuks ${nstloop}
2011-01-11 09:49:44 +00:00
if [ $? != 0 ]; then
2014-07-13 15:35:28 +00:00
# is it a LUKS encrypted nest? see cryptsetup(1)
_warning "$tombfile is not a valid Luks encrypted storage file."
return 1
2011-01-11 09:49:44 +00:00
fi
2014-04-30 15:31:28 +00:00
_message "This tomb is a valid LUKS encrypted device."
2011-02-22 17:30:42 +00:00
2013-03-30 17:44:05 +00:00
luksdump="`cryptsetup luksDump ${nstloop}`"
tombdump=(`print $luksdump | awk '
2014-07-13 15:35:28 +00:00
/^Cipher name/ {print $3}
/^Cipher mode/ {print $3}
/^Hash spec/ {print $3}'`)
2014-04-30 15:31:28 +00:00
_message "Cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
2012-01-17 16:28:40 +00:00
2013-03-30 17:44:05 +00:00
slotwarn=`print $luksdump | awk '
2014-07-13 15:35:28 +00:00
BEGIN { zero=0 }
/^Key slot 0/ { zero=1 }
/^Key slot.*ENABLED/ { if(zero==1) print "WARN" }'`
2013-03-30 17:44:05 +00:00
{ test "$slotwarn" = "WARN" } && {
2014-07-13 15:35:28 +00:00
_warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
2012-01-17 16:28:40 +00:00
2011-01-11 09:49:44 +00:00
# save date of mount in minutes since 1970
2011-04-28 18:42:45 +00:00
mapdate=`date +%s`
2013-05-25 13:05:21 +00:00
2011-02-11 23:36:21 +00:00
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
2014-04-30 15:31:28 +00:00
_verbose "dev mapper device: $mapper"
2014-08-27 10:28:15 +00:00
_verbose "Tomb key: $tomb_key_file"
2014-08-05 15:05:49 +00:00
# take the name only, strip extensions
2014-08-25 19:01:50 +00:00
_verbose "Tomb name: $tombname (to be engraved)"
2011-02-22 17:30:42 +00:00
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tomb_pwd="`option_value --tomb-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-pwd = $tomb_pwd"
ask_key_password "$tomb_pwd"
2014-06-08 17:33:35 +00:00
else
2014-08-25 21:32:32 +00:00
ask_key_password
2014-06-08 17:33:35 +00:00
fi
2013-05-27 20:49:44 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "No valid password supplied." }
2013-05-25 13:05:21 +00:00
2014-08-25 21:32:32 +00:00
print -n - "$tomb_secret" | \
2014-07-13 15:35:28 +00:00
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
2013-05-25 13:05:21 +00:00
2011-01-11 09:49:44 +00:00
if ! [ -r /dev/mapper/${mapper} ]; then
2014-07-13 15:35:28 +00:00
_failure "Failure mounting the encrypted file."
2011-01-11 09:49:44 +00:00
fi
2011-04-28 10:14:37 +00:00
2014-08-25 19:01:50 +00:00
# preserve the loopdev after exit
lo_preserve "$nstloop"
2012-01-17 16:28:40 +00:00
# array: [ cipher, keysize, loopdevice ]
tombstat=(`cryptsetup status ${mapper} | awk '
/cipher:/ {print $2}
/keysize:/ {print $2}
/device:/ {print $2}'`)
2014-04-30 15:31:28 +00:00
_success "Success unlocking tomb $tombname"
_verbose "Key size is $tombstat[2] for cipher $tombstat[1]"
2012-01-17 16:28:40 +00:00
2014-04-30 15:31:28 +00:00
_message "Checking filesystem via $tombstat[3]"
2011-01-13 21:35:32 +00:00
fsck -p -C0 /dev/mapper/${mapper}
2014-04-30 15:31:28 +00:00
_verbose "Tomb engraved as $tombname"
2014-08-25 19:01:50 +00:00
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
2011-02-11 23:36:21 +00:00
2013-05-27 20:49:44 +00:00
# we need root from here on
mkdir -p $tombmount
2011-05-24 10:04:18 +00:00
mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount}
2011-01-30 22:25:01 +00:00
2012-07-09 18:53:14 +00:00
chown ${_uid}:${_gid} ${tombmount}
2014-07-14 16:58:09 +00:00
chmod 0711 ${tombmount}
2011-04-28 10:14:37 +00:00
2013-03-29 11:51:43 +00:00
_success "Success opening $tombfile on $fg_bold[white]$tombmount$fg_no_bold[white]"
2013-05-28 09:57:58 +00:00
# print out when was opened the last time, by whom and where
{ test -r ${tombmount}/.last } && {
2014-07-13 15:35:28 +00:00
tombtty="`cat ${tombmount}/.tty`"
tombhost="`cat ${tombmount}/.host`"
tombuid="`cat ${tombmount}/.uid`"
tomblast="`cat ${tombmount}/.last`"
tombuser=`awk -F: '/:'"$tombuid"':/ {print $1}' /etc/passwd`
_message "Last visit by $fg_bold[white]$tombuser($tombuid)$fg_no_bold[white] from $fg_bold[white]$tombtty$fg_no_bold[white] on $fg_bold[white]$tombhost$fg_no_bold[white]"
_message "on date $fg_bold[white]`date --date @${tomblast} +%c`$fg_no_bold[white]"
2013-05-28 09:57:58 +00:00
}
# write down the UID and TTY that opened the tomb
rm -f ${tombmount}/.uid
echo ${_uid} > ${tombmount}/.uid
rm -f ${tombmount}/.tty
echo ${_tty} > ${tombmount}/.tty
# also the hostname
rm -f ${tombmount}/.host
echo `hostname` > ${tombmount}/.host
# and the "last time opened" information
# in minutes since 1970, this is printed at next open
rm -f ${tombmount}/.last
echo "`date +%s`" > ${tombmount}/.last
# human readable: date --date=@"`cat .last`" +%c
# process bind-hooks (mount -o bind of directories)
# and post-hooks (execute on open)
if ! option_is_set -n ; then
2014-07-13 15:35:28 +00:00
exec_safe_bind_hooks ${tombmount}
exec_safe_post_hooks ${tombmount} open
2013-05-28 09:57:58 +00:00
fi
return 0
}
# ## Hooks execution
exec_safe_bind_hooks() {
if [[ -n ${(k)opts[-o]} ]]; then
2014-07-13 15:35:28 +00:00
MOUNTOPTS=${opts[-o]}
2013-05-28 09:57:58 +00:00
fi
local MOUNTPOINT="${1}"
local ME=${SUDO_USER:-$(whoami)}
2014-08-12 19:10:48 +00:00
local HOME=$(awk -v a="$ME" -F ':' '{if ($1 == a) print $6}' /etc/passwd 2>-)
2013-05-28 09:57:58 +00:00
if [ $? -ne 0 ]; then
2014-07-13 15:35:28 +00:00
_warning "How pitiful! A tomb, and no HOME."
return 1
2013-05-28 09:57:58 +00:00
fi
if [ -z "$MOUNTPOINT" -o ! -d "$MOUNTPOINT" ]; then
2014-07-13 15:35:28 +00:00
_warning "Cannot exec bind hooks without a mounted tomb."
return 1
2013-05-28 09:57:58 +00:00
fi
if ! [ -r "$MOUNTPOINT/bind-hooks" ]; then
2014-07-13 15:35:28 +00:00
_verbose "bind-hooks not found in $MOUNTPOINT"
return 1
2013-05-28 09:57:58 +00:00
fi
typeset -al mounted
typeset -Al maps
maps=($(<"$MOUNTPOINT/bind-hooks"))
for dir in ${(k)maps}; do
2014-07-13 15:35:28 +00:00
if [ "${dir[1]}" = "/" -o "${dir[1,2]}" = ".." ]; then
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME"
continue
fi
if [ "${${maps[$dir]}[1]}" = "/" -o "${${maps[$dir]}[1,2]}" = ".." ]; then
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
for dir in ${mounted}; do umount $dir; done
return 1
fi
if [ ! -r "$HOME/${maps[$dir]}" ]; then
_warning "bind-hook target not existent, skipping $HOME/${maps[$dir]}"
elif [ ! -r "$MOUNTPOINT/$dir" ]; then
_warning "bind-hook source not found in tomb, skipping ${MOUNTPOINT}/${dir}"
else
mount -o bind,$MOUNTOPTS $MOUNTPOINT/$dir $HOME/${maps[$dir]}
mounted+=("$HOME/${maps[$dir]}")
fi
2013-05-28 09:57:58 +00:00
done
}
# Post mount hooks
exec_safe_post_hooks() {
local mnt=$1 # first argument is where the tomb is mounted
local ME=${SUDO_USER:-$(whoami)}
if ! [ -x ${mnt}/post-hooks ]; then return; fi
# if 'post-hooks' is found inside the tomb, check it: if it is an
# executable, launch it as a user this might need a dialog for
# security on what is being run, however we expect you know well
# what is inside your tomb. this feature opens the possibility to
# make encrypted executables.
cat ${mnt}/post-hooks | head -n1 | grep '^#!/'
if [ $? = 0 ]; then
2014-07-13 15:35:28 +00:00
_success "Post hooks found, executing as user $SUDO_USER."
exec_as_user ${mnt}/post-hooks "$2" "$1"
2013-05-28 09:57:58 +00:00
fi
}
# }}} - Tomb open
# {{{ List
# list all tombs mounted in a readable format
# $1 is optional, to specify a tomb
list_tombs() {
# list all open tombs
mounted_tombs=(`list_tomb_mounts $1`)
{ test ${#mounted_tombs} = 0 } && {
2014-07-13 15:35:28 +00:00
_failure "I can't see any ${1:-open} tomb, may they all rest in peace." }
2013-05-28 09:57:58 +00:00
for t in ${mounted_tombs}; do
2014-07-13 15:35:28 +00:00
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
tombfs=${t[(ws:;:)3]}
tombfsopts=${t[(ws:;:)4]}
tombloop=${mapper[(ws:.:)4]}
# calculate tomb size
ts=`df -hP /dev/mapper/$mapper |
2013-05-28 09:57:58 +00:00
awk "/mapper/"' { print $2 ";" $3 ";" $4 ";" $5 }'`
2014-07-13 15:35:28 +00:00
tombtot=${ts[(ws:;:)1]}
tombused=${ts[(ws:;:)2]}
tombavail=${ts[(ws:;:)3]}
tombpercent=${ts[(ws:;:)4]}
tombp=${tombpercent%%%}
tombsince=`date --date=@${mapper[(ws:.:)3]} +%c`
# find out who opens it from where
{ test -r ${tombmount}/.tty } && {
tombtty="`cat ${tombmount}/.tty`"
tombhost="`cat ${tombmount}/.host`"
tombuid="`cat ${tombmount}/.uid`"
tombuser=`awk -F: '/:'"$tombuid"':/ {print $1}' /etc/passwd`
}
2013-05-28 09:57:58 +00:00
if option_is_set --get-mountpoint; then
2014-07-13 15:35:28 +00:00
echo $tombmount
continue
fi
# breaking up such strings is good for translation
print -n "$fg[green]$tombname"
print -n "$fg[white] open on "
print -n "$fg_bold[white]$tombmount"
print -n "$fg_no_bold[white] using "
print "$fg_bold[white]$tombfs $tombfsopts"
print -n "$fg_no_bold[green]$tombname"
print -n "$fg_no_bold[white] open since "
print "$fg_bold[white]$tombsince$fg_no_bold[white]"
{ test "$tombtty" = "" } || {
print -n "$fg_no_bold[green]$tombname"
print -n "$fg_no_bold[white] open by "
print -n "$fg_bold[white]$tombuser"
print -n "$fg_no_bold[white] from "
print -n "$fg_bold[white]$tombtty"
print -n "$fg_no_bold[white] on "
print "$fg_bold[white]$tombhost"
}
print -n "$fg_no_bold[green]$tombname"
print -n "$fg[white] size "
print -n "$fg_bold[white]$tombtot"
print -n "$fg_no_bold[white] of which "
print -n "$fg_bold[white]$tombused"
print -n "$fg_no_bold[white] used: "
print -n "$fg_bold[white]$tombavail"
print -n "$fg_no_bold[white] free ("
print -n "$fg_bold[white]$tombpercent"
print "$fg_no_bold[white] full)"
if [[ ${tombp} -ge 90 ]]; then
print -n "$fg_no_bold[green]$tombname"
print "$fg_bold[red] Your tomb is almost full!"
fi
# now check hooks
mounted_hooks=(`list_tomb_binds $tombname`)
for h in ${mounted_hooks}; do
print -n "$fg_no_bold[green]$tombname"
print -n "$fg_no_bold[white] hooks "
2014-08-05 15:05:49 +00:00
# print -n "$fg_bold[white]`basename ${h[(ws:;:)1]}`"
# print -n "$fg_no_bold[white] on "
2014-07-13 15:35:28 +00:00
print "$fg_bold[white]${h[(ws:;:)2]}$fg_no_bold[white]"
done
2013-05-28 09:57:58 +00:00
done
2010-08-22 13:04:19 +00:00
}
2011-12-01 19:04:56 +00:00
2013-05-15 11:53:28 +00:00
# print out an array of mounted tombs (internal use)
# format is semi-colon separated list of attributes
# if 1st arg is supplied, then list only that tomb
2013-05-28 09:57:58 +00:00
#
# String positions in the semicolon separated array:
#
# 1. full mapper path
#
# 2. mountpoint
#
# 3. filesystem type
#
# 4. mount options
#
# 5. tomb name
2013-05-15 11:53:28 +00:00
list_tomb_mounts() {
if [ "$1" = "" ]; then
2014-07-13 15:35:28 +00:00
# list all open tombs
mount -l \
| awk '
2013-05-15 11:53:28 +00:00
BEGIN { main="" }
2013-05-25 13:05:21 +00:00
/^\/dev\/mapper\/tomb/ {
2013-05-15 11:53:28 +00:00
if(main==$1) next;
print $1 ";" $3 ";" $5 ";" $6 ";" $7
main=$1
}
'
else
2014-07-13 15:35:28 +00:00
# list a specific tomb
mount -l \
| awk -vtomb="[$1]" '
2013-05-15 11:53:28 +00:00
BEGIN { main="" }
/^\/dev\/mapper\/tomb/ {
if($7!=tomb) next;
if(main==$1) next;
print $1 ";" $3 ";" $5 ";" $6 ";" $7
main=$1
}
'
fi
}
# list_tomb_binds
# print out an array of mounted bind hooks (internal use)
# format is semi-colon separated list of attributes
# needs an argument: name of tomb whose hooks belong
list_tomb_binds() {
if [ "$1" = "" ]; then
2014-07-13 15:35:28 +00:00
_failure "Internal error: list_tomb_binds called without argument."; fi
2013-05-25 13:05:21 +00:00
2013-05-15 11:53:28 +00:00
# list bind hooks on util-linux 2.20 (Debian 7)
mount -l \
2014-07-13 15:35:28 +00:00
| awk -vtomb="$1" '
2013-05-15 11:53:28 +00:00
BEGIN { main="" }
/^\/dev\/mapper\/tomb/ {
if($7!=tomb) next;
if(main=="") { main=$1; next; }
if(main==$1)
2013-05-25 13:05:21 +00:00
print $1 ";" $3 ";" $5 ";" $6 ";" $7
2013-05-15 11:53:28 +00:00
}
'
2013-05-25 13:05:21 +00:00
2013-05-15 11:53:28 +00:00
# list bind hooks on util-linux 2.17 (Debian 6)
tombmount=`mount -l \
| awk -vtomb="$1" '
/^\/dev\/mapper\/tomb/ { if($7!=tomb) next; print $3; exit; }'`
2013-05-25 13:05:21 +00:00
2013-05-15 11:53:28 +00:00
mount -l | grep "^$tombmount" \
2014-07-13 15:35:28 +00:00
| awk -vtomb="$1" '
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
2013-05-15 11:53:28 +00:00
}
2013-05-28 09:57:58 +00:00
# }}} - Tomb list
2013-05-15 11:53:28 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Index and search
2010-08-22 13:04:19 +00:00
2013-05-28 09:57:58 +00:00
# index files in all tombs for search
# $1 is optional, to specify a tomb
index_tombs() {
2014-08-25 19:01:50 +00:00
{ command -v updatedb >& - } || {
2014-07-13 15:35:28 +00:00
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
2013-06-11 16:49:58 +00:00
updatedbver=`updatedb --version | grep '^updatedb'`
[[ "$updatedbver" =~ "GNU findutils" ]] && {
2014-07-13 15:35:28 +00:00
_warning "Cannot use GNU findutils for index/search commands." }
2013-06-11 16:49:58 +00:00
[[ "$updatedbver" =~ "mlocate" ]] || {
2014-07-13 15:35:28 +00:00
_failure "Index command needs 'mlocate' to be installed." }
2013-06-11 16:49:58 +00:00
2014-04-30 15:31:28 +00:00
_verbose "$updatedbver"
2011-04-28 10:14:37 +00:00
2013-05-28 09:57:58 +00:00
mounted_tombs=(`list_tomb_mounts $1`)
2013-05-15 11:53:28 +00:00
{ test ${#mounted_tombs} = 0 } && {
2014-07-13 15:35:28 +00:00
if [ $1 ]; then _failure "There seems to be no open tomb engraved as [$1]"
else _failure "I can't see any open tomb, may they all rest in peace."
fi
2013-05-28 09:57:58 +00:00
}
2011-02-07 08:42:50 +00:00
2013-06-12 16:15:55 +00:00
2014-04-30 15:31:28 +00:00
_success "Creating and updating search indexes."
2013-06-12 16:15:55 +00:00
# start the LibreOffice document converter if installed
2014-08-25 19:01:50 +00:00
{ command -v unoconv >& - } && {
2014-08-12 19:10:48 +00:00
unoconv -l 2>- &
2014-07-13 15:35:28 +00:00
_verbose "unoconv listener launched."
sleep 1 }
2013-06-12 16:15:55 +00:00
2013-05-15 11:53:28 +00:00
for t in ${mounted_tombs}; do
2014-07-13 15:35:28 +00:00
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
{ test -r ${tombmount}/.noindex } && {
_message "Skipping $tombname (.noindex found)."
continue }
_message "Indexing $tombname filenames..."
updatedb -l 0 -o ${tombmount}/.updatedb -U ${tombmount}
# here we use swish to index file contents
{ test $SWISH = 1 } && {
_message "Indexing $tombname contents..."
2014-08-25 19:01:50 +00:00
tmp_create
swishrc=`tmp_new`
2014-07-13 15:35:28 +00:00
cat <<EOF > $swishrc
2013-06-20 08:26:12 +00:00
# index directives
2013-06-12 16:15:55 +00:00
DefaultContents TXT*
2013-06-20 08:26:12 +00:00
IndexDir $tombmount
IndexFile $tombmount/.swish
# exclude images
FileRules filename regex /\.jp.?g/i
FileRules filename regex /\.png/i
FileRules filename regex /\.gif/i
FileRules filename regex /\.tiff/i
FileRules filename regex /\.svg/i
FileRules filename regex /\.xcf/i
FileRules filename regex /\.eps/i
FileRules filename regex /\.ttf/i
# exclude audio
FileRules filename regex /\.mp3/i
FileRules filename regex /\.ogg/i
FileRules filename regex /\.wav/i
FileRules filename regex /\.mod/i
FileRules filename regex /\.xm/i
# exclude video
FileRules filename regex /\.mp4/i
FileRules filename regex /\.avi/i
FileRules filename regex /\.ogv/i
FileRules filename regex /\.ogm/i
FileRules filename regex /\.mkv/i
FileRules filename regex /\.mov/i
# exclude system
FileRules filename is ok
FileRules filename is lock
FileRules filename is control
FileRules filename is status
FileRules filename is proc
FileRules filename is sys
FileRules filename is supervise
FileRules filename regex /\.asc$/i
FileRules filename regex /\.gpg$/i
# pdf and postscript
2013-06-12 16:15:55 +00:00
FileFilter .pdf pdftotext "'%p' -"
2013-06-20 08:26:12 +00:00
FileFilter .ps ps2txt "'%p' -"
# compressed files
FileFilterMatch lesspipe "%p" /\.tgz$/i
FileFilterMatch lesspipe "%p" /\.zip$/i
FileFilterMatch lesspipe "%p" /\.gz$/i
FileFilterMatch lesspipe "%p" /\.bz2$/i
FileFilterMatch lesspipe "%p" /\.Z$/
# spreadsheets
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xls.*/i
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xlt.*/i
2013-06-12 16:15:55 +00:00
FileFilter .ods unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .ots unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .dbf unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .dif unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .uos unoconv "-d spreadsheet -f csv --stdout %P"
FileFilter .sxc unoconv "-d spreadsheet -f csv --stdout %P"
2013-06-20 08:26:12 +00:00
# word documents
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.doc.*/i
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.odt.*/i
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.rtf.*/i
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i
# native html support
2013-06-12 16:15:55 +00:00
IndexContents HTML* .htm .html .shtml
IndexContents XML* .xml
EOF
2013-06-20 08:26:12 +00:00
2014-07-13 15:35:28 +00:00
_verbose "Using swish-e to create index."
swish-e -c $swishrc -S fs -v3
rm -f $swishrc
}
2013-06-20 08:26:12 +00:00
2014-07-13 15:35:28 +00:00
_message "Search index updated."
2013-05-28 09:57:58 +00:00
done
2010-08-22 13:04:19 +00:00
}
2013-05-28 09:57:58 +00:00
search_tombs() {
2014-08-25 19:01:50 +00:00
{ command -v locate >& - } || {
2014-07-13 15:35:28 +00:00
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
2013-06-11 16:49:58 +00:00
updatedbver=`updatedb --version | grep '^updatedb'`
[[ "$updatedbver" =~ "GNU findutils" ]] && {
2014-07-13 15:35:28 +00:00
_warning "Cannot use GNU findutils for index/search commands." }
2013-06-11 16:49:58 +00:00
[[ "$updatedbver" =~ "mlocate" ]] || {
2014-07-13 15:35:28 +00:00
_failure "Index command needs 'mlocate' to be installed." }
2013-06-11 16:49:58 +00:00
2014-04-30 15:31:28 +00:00
_verbose "$updatedbver"
2013-05-25 13:05:21 +00:00
2013-05-28 09:57:58 +00:00
# list all open tombs
2013-06-11 16:49:58 +00:00
mounted_tombs=(`list_tomb_mounts`)
if [ ${#mounted_tombs} = 0 ]; then
2014-07-13 15:35:28 +00:00
_failure "I can't see any open tomb, may they all rest in peace."; fi
2013-06-11 16:49:58 +00:00
2014-04-30 15:31:28 +00:00
_success "Searching for: $fg_bold[white]${(f)@}$fg_no_bold[white]"
2013-05-28 09:57:58 +00:00
for t in ${mounted_tombs}; do
2014-07-13 15:35:28 +00:00
_verbose "Checking for index: ${t}"
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
if [ -r ${tombmount}/.updatedb ]; then
# use mlocate to search hits on filenames
_message "Searching filenames in tomb $tombname"
locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
_message "Matches found: `locate -d ${tombmount}/.updatedb -e -i -c ${(f)@}`"
# use swish-e to search over contents
{ test $SWISH = 1 } && { test -r $tombmount/.swish } && {
_message "Searching contents in tomb $tombname"
swish-search -w ${=@} -f $tombmount/.swish -H0 }
else
_warning "Skipping tomb $tombname: not indexed."
_warning "Run 'tomb index' to create indexes."
fi
2013-05-28 09:57:58 +00:00
done
2014-04-30 15:31:28 +00:00
_message "Search completed."
2011-11-03 14:13:49 +00:00
}
2011-12-01 19:27:05 +00:00
2013-05-28 09:57:58 +00:00
# }}} - Index and search
# {{{ Resize
2012-01-07 23:23:49 +00:00
# resize tomb file size
resize_tomb() {
2014-04-30 15:31:28 +00:00
_message "Commanded to resize tomb $1 to $opts[-s] megabytes."
2012-01-20 00:47:07 +00:00
if ! [ $1 ]; then
2014-07-13 15:35:28 +00:00
_failure "No tomb name specified for resizing."
2012-01-20 00:47:07 +00:00
elif ! [ -r "$1" ]; then
2014-07-13 15:35:28 +00:00
_failure "Cannot find $1"
2012-01-07 23:23:49 +00:00
fi
2013-05-28 09:57:58 +00:00
# $1 is the tomb file path
2012-01-07 23:23:49 +00:00
2014-08-27 10:28:15 +00:00
newtombsize="`option_value -s`"
2014-01-12 23:09:37 +00:00
{ test "$newtombsize" = "" } && {
2014-07-13 15:35:28 +00:00
_failure "Aborting operations: new size was not specified, use -s" }
2014-01-12 23:09:37 +00:00
2013-06-11 18:34:17 +00:00
tombdir=`dirname $1`
tombfile=`basename $1`
tombname=${tombfile%%\.*}
2012-01-07 23:23:49 +00:00
2013-05-27 20:49:44 +00:00
# load key from options or file
2014-08-25 19:01:50 +00:00
load_key
2014-08-27 10:28:15 +00:00
########
2012-01-07 23:23:49 +00:00
2014-08-12 19:10:48 +00:00
local oldtombsize=$(( `stat -c %s "$1" 2>-` / 1048576 ))
2012-01-17 11:36:41 +00:00
local mounted_tomb=`mount -l |
2014-07-13 15:35:28 +00:00
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
2012-01-07 23:23:49 +00:00
if [ "$mounted_tomb" ]; then
2014-07-13 15:35:28 +00:00
_failure "The tomb $tombname is open, to resize it it needs to be closed."
2012-01-07 23:23:49 +00:00
fi
if ! [ "$newtombsize" ] ; then
2014-07-13 15:35:28 +00:00
_failure "You must specify the new size of $tombname"
2012-01-07 23:23:49 +00:00
elif [[ $newtombsize != <-> ]]; then
2014-07-13 15:35:28 +00:00
_failure "Size is not an integer."
2012-01-07 23:23:49 +00:00
elif [ "$newtombsize" -le "$oldtombsize" ]; then
2014-07-13 15:35:28 +00:00
_failure "The new size must be greater then old tomb size."
2012-01-07 23:23:49 +00:00
fi
2013-06-12 01:01:28 +00:00
delta="$(( $newtombsize - $oldtombsize ))"
2013-05-25 13:05:21 +00:00
2014-08-25 19:01:50 +00:00
_message "Generating ${tombfile} of ${newtombsize}MiB"
2013-05-25 13:05:21 +00:00
2014-04-30 15:31:28 +00:00
_verbose "Data dump using ${DD[1]} from /dev/urandom"
2014-01-12 23:17:24 +00:00
${=DD} if=/dev/urandom bs=1048576 count=${delta} >> ${tombdir}/${tombfile}
2013-05-25 13:05:21 +00:00
2014-01-12 23:17:24 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "Error creating the extra resize $tmp_resize, operation aborted." }
2013-05-27 20:49:44 +00:00
2014-06-08 17:33:35 +00:00
if option_is_set --tomb-pwd; then
2014-07-13 15:35:28 +00:00
tomb_pwd="`option_value --tomb-pwd`"
2014-08-25 21:32:32 +00:00
_verbose "tomb-pwd = $tomb_pwd"
ask_key_password "$tomb_pwd"
2014-06-08 17:33:35 +00:00
else
2014-08-25 21:32:32 +00:00
ask_key_password
2014-06-08 17:33:35 +00:00
fi
2013-05-27 20:49:44 +00:00
{ test $? = 0 } || {
2014-07-13 15:35:28 +00:00
_failure "No valid password supplied." }
2013-05-27 20:49:44 +00:00
2014-08-25 19:01:50 +00:00
lo_mount "${tombdir}/${tombfile}"
nstloop=`lo_new`
2013-05-25 13:05:21 +00:00
2014-08-25 19:01:50 +00:00
mapdate=`date +%s`
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
2013-05-25 13:05:21 +00:00
2014-08-25 21:32:32 +00:00
print -n - "$tomb_secret" | \
2014-07-13 15:35:28 +00:00
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
2013-05-25 13:05:21 +00:00
2012-01-07 23:23:49 +00:00
if ! [ -r /dev/mapper/${mapper} ]; then
2014-07-13 15:35:28 +00:00
_failure "Failure mounting the encrypted file."
2012-01-07 23:23:49 +00:00
fi
cryptsetup resize "${mapper}"
if [ $? != 0 ]; then
2014-07-13 15:35:28 +00:00
_failure "cryptsetup failed to resize $mapper"
2012-01-07 23:23:49 +00:00
fi
2014-06-08 18:05:25 +00:00
e2fsck -p -f /dev/mapper/${mapper}
2012-01-07 23:23:49 +00:00
if [ $? != 0 ]; then
2014-07-13 15:35:28 +00:00
_failure "e2fsck failed to check $mapper"
2012-01-07 23:23:49 +00:00
fi
resize2fs /dev/mapper/${mapper}
if [ $? != 0 ]; then
2014-07-13 15:35:28 +00:00
_failure "resize2fs failed to resize $mapper"
2012-01-07 23:23:49 +00:00
fi
2012-01-17 11:36:41 +00:00
sleep 1 # needs to settle a bit
2012-01-07 23:23:49 +00:00
# close and free the loop device
cryptsetup luksClose "${mapper}"
return 0
}
2011-12-01 17:53:12 +00:00
# }}}
2013-03-30 16:29:51 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Close
2013-05-15 10:00:23 +00:00
2013-05-28 09:57:58 +00:00
umount_tomb() {
local tombs how_many_tombs
local pathmap mapper tombname tombmount loopdev
local ans pidk pname
2013-05-15 10:00:23 +00:00
2013-05-28 09:57:58 +00:00
if [ "$1" = "all" ]; then
2014-07-13 15:35:28 +00:00
mounted_tombs=(`list_tomb_mounts`)
2013-05-28 09:57:58 +00:00
else
2014-07-13 15:35:28 +00:00
mounted_tombs=(`list_tomb_mounts $1`)
2013-05-28 09:57:58 +00:00
fi
2013-03-30 16:29:51 +00:00
{ test ${#mounted_tombs} = 0 } && {
2014-07-13 15:35:28 +00:00
_warning "There is no open tomb to be closed."
return 1 }
2013-03-30 16:29:51 +00:00
2013-05-28 09:57:58 +00:00
{ test ${#mounted_tombs} -gt 1 } && { test "$1" = "" } && {
2014-07-13 15:35:28 +00:00
_warning "Too many tombs mounted, please specify one (see tomb list)"
_warning "or issue the command 'tomb close all' to close them all."
return 1 }
2011-05-09 07:11:18 +00:00
2014-04-30 15:31:28 +00:00
_message "Tomb close $1"
2013-05-15 10:00:23 +00:00
for t in ${mounted_tombs}; do
2014-07-13 15:35:28 +00:00
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
tombmount=${t[(ws:;:)2]}
tombfs=${t[(ws:;:)3]}
tombfsopts=${t[(ws:;:)4]}
tombloop=${mapper[(ws:.:)4]}
_verbose "Name: $tombname"
_verbose "Mount: $tombmount"
_verbose "Mapper: $mapper"
{ test -e "$mapper" } && {
_warning "Tomb not found: $1"
_warning "Please specify an existing tomb."
return 0 }
if [ $SLAM ]; then
_success "Slamming tomb $tombname mounted on $tombmount"
_message "Kill all processes busy inside the tomb."
if ! slam_tomb "$tombmount"; then
_warning "Cannot slam the tomb $tombname"
return 1
fi
else
_message "Closing tomb $tombname mounted on $tombmount"
fi
2011-09-26 09:33:07 +00:00
2013-05-28 09:57:58 +00:00
# check if there are binded dirs and close them
2014-07-13 15:35:28 +00:00
bind_tombs=(`list_tomb_binds $tombname`)
for b in ${bind_tombs}; do
bind_mapper="${b[(ws:;:)1]}"
bind_mount="${b[(ws:;:)2]}"
_message "Closing tomb bind hook: $bind_mount"
umount $bind_mount
if [[ $? != 0 ]]; then
if [ $SLAM ]; then
_success "Slamming tomb: killing all processes using this hook."
slam_tomb "$bind_mount"
if [[ $? == 1 ]]; then
_warning "Cannot slam the bind hook $bind_mount"
return 1
fi
umount $bind_mount
else
_warning "Tomb bind hook $bind_mount is busy, cannot close tomb."
fi
fi
done
2013-03-29 11:51:43 +00:00
2013-05-28 09:57:58 +00:00
# Execute post-hooks for eventual cleanup
2014-07-13 15:35:28 +00:00
if ! option_is_set -n ; then
exec_safe_post_hooks ${tombmount%%/} close
fi
2011-12-01 17:53:12 +00:00
2014-07-13 15:35:28 +00:00
_verbose "Performing umount of $tombmount"
umount ${tombmount}
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
else
# this means we used a "default" mount point
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
rmdir ${tombmount} }
fi
2013-05-15 10:00:23 +00:00
2014-07-13 15:35:28 +00:00
cryptsetup luksClose $mapper
{ test $? = 0 } || {
_warning "Error occurred in cryptsetup luksClose ${mapper}"
return 1 }
2011-09-04 07:36:40 +00:00
2014-07-13 15:35:28 +00:00
losetup -d "/dev/$tombloop"
2011-09-04 07:36:40 +00:00
2014-07-13 15:35:28 +00:00
_success "Tomb $tombname closed: your bones will rest in peace."
2011-09-04 07:36:40 +00:00
2013-05-28 09:57:58 +00:00
done # loop across mounted tombs
return 0
}
# Kill all processes using the tomb
slam_tomb() {
# $1 = tomb mount point
2014-08-12 19:10:48 +00:00
if [[ -z `fuser -m "$1" 2>-` ]]; then
2014-07-13 15:35:28 +00:00
return 0
2013-05-28 09:57:58 +00:00
fi
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
for s in TERM HUP KILL; do
2014-07-13 15:35:28 +00:00
_verbose "Sending $s to processes inside the tomb:"
if option_is_set -D; then
2014-08-12 19:10:48 +00:00
ps -fp `fuser -m /media/a.tomb 2>-`|
2014-07-13 15:35:28 +00:00
while read line; do
_verbose $line
done
fi
fuser -s -m "$1" -k -M -$s
2014-08-12 19:10:48 +00:00
if [[ -z `fuser -m "$1" 2>-` ]]; then
2014-07-13 15:35:28 +00:00
return 0
fi
if ! option_is_set -f; then
sleep 3
fi
2013-05-28 09:57:58 +00:00
done
return 1
2011-09-04 07:36:40 +00:00
}
2011-01-12 16:02:19 +00:00
2013-05-28 09:57:58 +00:00
# }}} - Tomb close
# {{{ Main routine
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
main() {
2014-08-14 07:58:15 +00:00
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
local -A subcommands_opts
2011-07-19 13:42:49 +00:00
### Options configuration
2012-01-17 13:00:20 +00:00
# Hi, dear developer! Are you trying to add a new subcommand, or
# to add some options? Well, keep in mind that an option CAN'T
# have differente meanings/behaviour in different subcommands.
2012-01-23 02:34:25 +00:00
# For example, "-s" means "size" and accept an argument. If you are tempted to add
# an option "-s" (that means, for example "silent", and doesn't accept an argument)
# DON'T DO IT!
2012-01-17 13:00:20 +00:00
2012-01-23 02:34:25 +00:00
# There are two reasons for that:
2012-01-17 13:00:20 +00:00
# I. usability; user expect that "-s" is "size"
2012-01-23 02:34:25 +00:00
# II. Option parsing WILL EXPLODE if you do this kind of bad things
# (it will say "option defined more than once, and he's right")
2012-01-17 13:00:20 +00:00
#
# If you want to use the same option in multiple commands then
# you can only use the non-abbreviated long-option version like:
# -force and NOT -f
2013-05-28 09:57:58 +00:00
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v U: -uid=U G: -gid=G T: -tty=T -no-color -unsecure-dev-mode)
2011-08-16 18:44:18 +00:00
subcommands_opts[__default]=""
2014-06-08 18:30:35 +00:00
subcommands_opts[open]="f -force n -nohook=n k: -key=k -kdf: o: -ignore-swap -sudo-pwd: -tomb-pwd: "
2011-07-19 23:15:31 +00:00
subcommands_opts[mount]=${subcommands_opts[open]}
2013-03-22 20:13:59 +00:00
2013-06-12 11:33:54 +00:00
subcommands_opts[create]="" # deprecated, will issue warning
2013-03-22 20:13:59 +00:00
2013-06-19 18:20:17 +00:00
subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: o: -tomb-pwd: -use-urandom "
subcommands_opts[dig]="f -force -ignore-swap s: -size=s "
2014-06-08 18:30:35 +00:00
subcommands_opts[lock]="f -force -ignore-swap k: -key=k -kdf: o: -sudo-pwd: -tomb-pwd: "
2014-06-08 17:33:35 +00:00
subcommands_opts[setkey]="k: -key=k f -force -ignore-swap -kdf: -sudo-pwd: -tomb-old-pwd: -tomb-pwd: "
2014-06-08 18:30:35 +00:00
subcommands_opts[engrave]="k: -key=k "
2013-03-22 20:13:59 +00:00
2014-06-08 17:33:35 +00:00
subcommands_opts[passwd]="k: -key=k f -force -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
2013-06-19 18:20:17 +00:00
subcommands_opts[close]="-sudo-pwd: "
2011-07-19 13:42:49 +00:00
subcommands_opts[help]=""
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
subcommands_opts[slam]=""
2013-06-19 18:20:17 +00:00
subcommands_opts[list]="-get-mountpoint "
2013-03-30 16:29:51 +00:00
subcommands_opts[index]=""
subcommands_opts[search]=""
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
subcommands_opts[help]=""
2013-06-19 18:20:17 +00:00
subcommands_opts[bury]="f -force k: -key=k -tomb-pwd: "
subcommands_opts[exhume]="f -force k: -key=k -tomb-pwd: "
# subcommands_opts[decompose]=""
# subcommands_opts[recompose]=""
# subcommands_opts[install]=""
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
subcommands_opts[askpass]=""
2011-08-20 16:45:00 +00:00
subcommands_opts[source]=""
2013-06-19 18:20:17 +00:00
subcommands_opts[resize]="f -force -ignore-swap s: -size=s k: -key=k -tomb-pwd: "
subcommands_opts[check]="-ignore-swap "
2011-12-01 19:04:56 +00:00
# subcommands_opts[translate]=""
2013-05-25 13:05:21 +00:00
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
### Detect subcommand
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
for optspec in $subcommands_opts$main_opts; do
2014-07-13 15:35:28 +00:00
for opt in ${=optspec}; do
every_opts+=${opt}
done
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
done
local -a oldstar
oldstar=($argv)
2014-07-13 15:35:28 +00:00
#### detect early: useful for --optiion-parsing
2012-01-23 02:34:25 +00:00
zparseopts -M -D -Adiscardme ${every_opts}
2014-07-13 15:35:28 +00:00
if [[ -n ${(k)discardme[--option-parsing]} ]]; then
echo $1
if [[ -n "$1" ]]; then
return 1
fi
return 0
fi
unset discardme
2012-01-23 02:34:25 +00:00
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
2014-07-13 15:35:28 +00:00
_failure "Error parsing."
return 127
fi
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
unset discardme
subcommand=$1
2011-08-16 18:44:18 +00:00
if [[ -z $subcommand ]]; then
2014-07-13 15:35:28 +00:00
subcommand="__default"
2011-08-16 18:44:18 +00:00
fi
2011-12-01 19:04:56 +00:00
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
2014-07-13 15:35:28 +00:00
_warning "There's no such command \"$subcommand\"."
_failure "Please try -h for help." 127
2014-04-30 15:31:28 +00:00
# _failure "Subcommand '$subcommand' doesn't exist" 127
2011-04-10 19:38:01 +00:00
fi
[Optparsing] Support options in whatever position
However, it has a precondition that developers MUST respect:
An option CAN'T have differente meanings/behaviour in different subcommands.
For example, "-s" means "size" and accept an argument. If you are tempted to add
an option "-s" (that means, for example "silent", and doesn't accept an argument)
This, however, make sense even from an usability point of view.
Also, option with optional argument are prohibited.
The technique is a "double scan": first, we scan options passing
_every_ possible subcommand options to zparseopts.
This way, we can distinguish between option argument and parameters.
So, we recognize which is the subcommand.
Then, parse again
2011-07-24 23:00:25 +00:00
argv=(${oldstar})
unset oldstar
2011-02-14 14:57:37 +00:00
2011-12-01 17:53:12 +00:00
### Parsing global + command-specific options
# zsh magic: ${=string} will split to multiple arguments when spaces occur
set -A cmd_opts ${main_opts} ${=subcommands_opts[$subcommand]}
# if there is no option, we don't need parsing
2013-05-25 13:05:21 +00:00
if [[ -n $cmd_opts ]]; then
2014-07-13 15:35:28 +00:00
zparseopts -M -E -D -Aopts ${cmd_opts}
if [[ $? != 0 ]]; then
_warning "Some error occurred during option processing."
_failure "See \"tomb help\" for more info." 127
fi
2011-12-01 17:53:12 +00:00
fi
#build PARAM (array of arguments) and check if there are unrecognized options
ok=0
PARAM=()
for arg in $*; do
2014-07-13 15:35:28 +00:00
if [[ $arg == '--' || $arg == '-' ]]; then
ok=1
continue #it shouldnt be appended to PARAM
elif [[ $arg[1] == '-' ]]; then
if [[ $ok == 0 ]]; then
_failure "Unrecognized option $arg for subcommand $subcommand" 127
fi
fi
PARAM+=$arg
2011-12-01 17:53:12 +00:00
done
#first parameter actually is the subcommand: delete it and shift
if [[ $subcommand != '__default' ]]; then
2014-07-13 15:35:28 +00:00
PARAM[1]=()
shift
2011-12-01 17:53:12 +00:00
fi
### End parsing command-specific options
2011-10-31 22:34:21 +00:00
if ! option_is_set --no-color; then
2014-07-13 15:35:28 +00:00
autoload colors; colors
2011-10-31 22:34:21 +00:00
fi
2012-08-30 23:50:53 +00:00
if ! option_is_set --unsecure-dev-mode; then
2014-07-13 15:35:28 +00:00
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
if option_is_set $opt; then
_failure "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
fi
done
2012-08-30 23:50:53 +00:00
fi
2011-10-31 22:34:21 +00:00
2013-03-29 11:51:43 +00:00
# when we run as root, we remember the original uid:gid
2013-05-25 13:05:21 +00:00
# to set permissions for the calling user and drop privileges
2013-03-29 11:51:43 +00:00
if option_is_set -U; then _uid="`option_value -U`"; fi
if option_is_set -G; then _gid="`option_value -G`"; fi
if option_is_set -T; then _tty="`option_value -T`"; fi
2014-04-30 15:31:28 +00:00
_verbose "Tomb command: $subcommand ${PARAM}"
2014-05-06 06:12:19 +00:00
_verbose "Caller: uid[$_uid], gid[$_gid], tty[$_tty]."
2011-04-28 10:14:37 +00:00
2011-07-14 13:47:20 +00:00
case "$subcommand" in
2013-03-22 20:13:59 +00:00
2014-07-13 15:35:28 +00:00
# new creation in three steps
forge)
check_priv
forge_key ${=PARAM}
;;
dig)
dig_tomb ${=PARAM}
;;
lock)
check_priv
lock_tomb_with_key ${=PARAM}
;;
setkey)
check_priv
change_tomb_key ${=PARAM}
;;
engrave)
{ test "$QRENCODE" = 0 } && {
_failure "QREncode not installed: cannot engrave keys on paper." }
engrave_key ${=PARAM}
;;
# backward compat
create)
_warning "The create command is deprecated, please use dig, forge and lock instead."
_warning "For more informations see Tomb's manual page (man tomb)."
;;
mount|open)
check_priv
mount_tomb $PARAM[1] $PARAM[2]
;;
umount|close|slam)
check_priv
[ "$subcommand" = "slam" ] && SLAM=1
umount_tomb $PARAM[1]
;;
passwd)
change_passwd $PARAM[1]
;;
list)
list_tombs $PARAM[1]
;;
index)
index_tombs $PARAM[1]
;;
search)
search_tombs ${=PARAM}
;;
help)
usage
;;
bury)
{ test "$STEGHIDE" = 0 } && {
_failure "Steghide not installed: cannot bury keys into images." }
bury_key $PARAM[1]
;;
exhume)
{ test "$STEGHIDE" = 0 } && {
_failure "Steghide not installed: cannot exhume keys from images." }
exhume_key $PARAM[1]
;;
resize)
{ test "$RESIZER" = 0 } && {
_failure "Resize2fs not installed: cannot resize tombs." }
check_priv
resize_tomb $PARAM[1]
;;
# internal commands useful to developers
'source') return 0 ;;
askpass) ask_password $PARAM[1] $PARAM[2] ;;
__default)
cat <<EOF
2012-01-17 16:28:40 +00:00
Tomb $VERSION - a strong and gentle undertaker for your secrets
2014-02-20 10:12:21 +00:00
Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+
2012-01-17 16:28:40 +00:00
This is free software: you are free to change and redistribute it
The latest Tomb sourcecode is published on <http://tomb.dyne.org>
2012-02-07 20:05:09 +00:00
EOF
2014-07-13 15:35:28 +00:00
option_is_set -v && {
cat <<EOF
2013-06-20 08:26:12 +00:00
This source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Please refer to the GNU Public License for more details.
System utils:
2012-01-17 16:28:40 +00:00
2013-06-20 08:26:12 +00:00
`sudo -V | head -n1`
`cryptsetup --version`
`pinentry --version`
`gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
2012-01-17 16:28:40 +00:00
`list_gnupg_ciphers`
EOF
2014-07-13 15:35:28 +00:00
return 0
}
usage
;;
*)
_warning "Command \"$subcommand\" not recognized."
_message "Try -h for help."
return 1
;;
2011-04-10 19:38:01 +00:00
esac
2011-10-24 19:30:10 +00:00
return $?
2011-04-10 19:38:01 +00:00
}
2011-12-01 19:04:56 +00:00
2011-12-01 17:53:12 +00:00
# }}}
2013-03-29 11:51:43 +00:00
2013-05-28 09:57:58 +00:00
# {{{ Run
check_bin
2013-03-29 11:51:43 +00:00
2014-08-25 19:01:50 +00:00
check_shm
2014-08-14 07:58:15 +00:00
2011-04-10 19:38:01 +00:00
main $@
2012-01-23 02:34:25 +00:00
ret=$?
if [[ $ret != 0 ]]; then #this "if" seems useless, but avoid source tomb source from exiting
exit $ret
2011-10-30 18:50:33 +00:00
fi
2011-12-01 17:53:12 +00:00
# }}}
2011-12-01 19:27:05 +00:00
2012-01-20 01:14:39 +00:00
# -*- tab-width: 4; indent-tabs-mode:nil; -*-
# vim: set shiftwidth=4 expandtab: