Tomb/src/tomb-open

363 lines
10 KiB
Plaintext
Raw Normal View History

2011-02-10 11:22:11 +00:00
#!/bin/zsh
#
# Tomb, the Crypto Undertaker
#
# a tool to easily operate file encryption of private and secret data
#
# Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
#
# This source code is free software; you can redistribute it and/or
# modify it under the terms of the GNU Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This source code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# Please refer to the GNU Public License for more details.
#
# You should have received a copy of the GNU Public License along with
# this source code; if not, write to:
# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# startup wrapper to open tombs
try() {
which ${1} > /dev/null
if [ $? = 0 ]; then return 0;
else return -1; fi
}
# popup notification
tomb-notify() {
which notify-send > /dev/null
if [ $? != 0 ]; then return 1; fi
# look for our icon in common prefixes
if [ -r /usr/share/pixmaps/monmort.xpm ]; then icon=/usr/share/pixmaps/monmort.xpm
elif [ -r /usr/share/icons/monmort.xpm ]; then icon=/usr/share/icons/monmort.xpm
elif [ -r /usr/local/share/pixmaps/monmort.xpm ]; then icon=/usr/local/share/pixmaps/monmort.xpm
elif [ -r /usr/local/share/icons/monmort.xpm ]; then icon=/usr/local/share/icons/monmort.xpm
elif [ -r /opt/share/pixmaps/monmort.xpm ]; then icon=/opt/share/pixmaps/monmort.xpm
elif [ -r /sw/share/pixmaps/monmort.xpm ]; then icon=/sw/share/pixmaps/monmort.xpm
fi
if [ -z $1 ]; then
notify-send -i $icon \
-u low -h string:App:Tomb \
"Tomb version $VERSION" \
"Hi, I'm the Undertaker.
Let's start setting your Crypt?"
else
notify-send -i $icon ${@}
fi
}
# USB plug auto detect using dmesg
# tested on ubuntu 10.04 and debian 6.0
# please test and patch on other systems if you can.
# TODO: use udev rules, see how archlinux folks document it:
# https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
# here we could modularize the choice of methods using function pointers,
# so that they are configurable when calling tomb.
ask_usbkey() {
unset usbkey_mount
echo "Waiting 1 minute for a usb key to connect"
echo -n " . please insert your usb key "
tomb-notify "Insert your USB KEY" \
"Tomb is waiting 30 seconds for you to insert an external key."
plugged=false
c=0
while [ "$plugged" != "true" ]; do
dmesg | tail -n 12 | grep -q 'new.*USB device'
if [ $? = 0 ]; then plugged=true; fi
echo -n "."
sleep .5
c=`expr $c + 1`
if [ $c -gt 60 ]; then
echo
echo "[!] timeout."
return 1;
fi
done
echo
echo -n " . usb key inserted, attaching "
c=0
attached=false
while [ "$attached" != "true" ]; do
dmesg | tail -n 12| grep -q 'Attached.*removable disk'
if [ $? = 0 ]; then attached=true; fi
echo -n "."
sleep .5
c=`expr $c + 1`
if [ $c -gt 30 ]; then
echo
echo "[!] timeout."
export usbkey_mount=none
return 1;
fi
done
echo
echo -n " . usb attached, opening "
# get the first partition
# usbpart=`dmesg |tail -n 12 | grep ' sd.:' |cut -d: -f2 |tr -d ' '`
for i in $(seq 1 10); do
usbpart=$(dmesg | tail -n 12 | sed '/ sd.:/!d;s/^.*: \(sd.[0-9]*\)/\1/')
if [ -n "$usbpart" ]; then
break
elif [ $i -eq 10 ]; then
echo "[!] timeout."
return 1
else
echo -n .
sleep 1
fi
done
mtmp=$(/bin/mktemp -d --tmpdir tomb.XXXXXXXXXXXX)
sudo mount /dev/$usbpart $mtmp
if [ $? = 0 ]; then
usbmount=$mtmp
else
echo "[!] cannot mount usbkey partition $usbmount"
return 1
fi
echo
echo " . usb key mounted on $usbmount"
usbkey_mount=$usbmount
return 0
}
launch_status() {
# calculates the correct arguments to launch tomb-status tray
# applet; it takes the tomb name as an argument and should be
# launched after a successful tomb mount.
if ! [ $1 ]; then
echo "[!] cannot launch status tray applet: we don't even know the name of our tomb."
exit 1
fi
tombname=${1}
tombmap=`mount -l | awk "/\[${tombname}\]$/"' { print $1 } '`
tombmount=`mount -l | awk "/\[${tombname}\]$/"' { print $3 } '`
tomb-status $tombmap $tombname $tombmount &!
}
2011-02-09 19:35:11 +00:00
# got an argument
if [ $1 ]; then # is it a file?
2011-02-09 19:35:11 +00:00
tombdir=`dirname $1`
tombfile=`basename $1`
tombname=${tombfile%%\.*}
if [ -f ${tombdir}/${tombfile} ]; then
2011-02-09 19:35:11 +00:00
# is it a luks partition
file ${tombdir}/${tombfile} | grep -i LUKS > /dev/null
2011-02-09 19:35:11 +00:00
if [ $? = 0 ]; then # tomb is a valid LUKS file
if [ -r ${tombdir}/${tombname}.tomb.key ]; then
tombkey=${tombdir}/${tombname}.tomb.key
else
ask_usbkey
if ! [ $usbkey_mount ]; then # no usb key was mounted
echo "key not provided for tomb: $tombname"
echo "operation aborted." # TODO: dialog with pinentry
exit 1
else # usb mounted, check key presence
if [ -r ${usbkey_mount}/.tomb/${tombname}.tomb.key ]; then
tombkey=${usbkey_mount}/.tomb/${tombname}.tomb.key
elif [ -r ${usbkey_mount}/.tomb ]; then
echo "we can't find the right key, have a look yourself:"
ls -lha ${usbkey_mount}/.tomb
exit 1
else
echo "there are no keys stored in your usb"
exit 1
fi
fi
fi
if ! [ ${tombkey} ]; then # just to be sure
echo "key not found, operation aborted."
exit 1
else
tomb -k ${tombkey} mount ${tombdir}/${tombfile}
success=$?
fi
2011-02-09 19:35:11 +00:00
if [ $usbkey_mount ]; then
sudo umount ${usbkey_mount}
rmdir ${usbkey_mount}
unset usbkey_mount
fi
2011-02-09 19:35:11 +00:00
if [ $success = 0 ]; then # mount was succesfull (with password and all)
launch_status ${tombname}
2011-02-09 19:35:11 +00:00
exit 0
else
tomb-notify "Tomb cannot open." "Are you knocking the wrong door?"
2011-02-09 19:35:11 +00:00
exit 1
fi
else
tomb-notify "Not a real Tomb." "We found no real bones in there."
2011-02-09 19:35:11 +00:00
exit 1
fi
elif [ -d $1 ]; then # its a directory
2011-02-09 19:35:11 +00:00
# FIXME: somehow xdg-open loses mailcap mimes when executed by tomb-status
# try xdg-open; if [ $? = 0 ]; then xdg-open ${1}; exit 0; fi
2011-02-09 19:35:11 +00:00
try gnome-open; if [ $? = 0 ]; then gnome-open ${1}; exit 0; fi
try thunar; if [ $? = 0 ]; then thunar ${1}; exit 0; fi
try pcmanfm; if [ $? = 0 ]; then pcmanfm ${1}; exit 0; fi
try rox; if [ $? = 0 ]; then rox ${1}; exit 0; fi
try fsviewer; if [ $? = 0 ]; then fsviewer ${1}; exit 0; fi
# try xnc; if [ $? = 0 ]; then xnc ${1}; exit 0; fi
tomb-notify "File manager not found." "Tomb cannot guess which filemanager you are using"
exit 1
fi
fi
2011-02-09 19:35:11 +00:00
# no argument but on graphical display: creation dialog
if [ -z $DISPLAY ]; then
echo "[!] tomb-open is a wrapper for the command 'tomb'"
tomb -h
exit 1
fi
2011-02-09 19:35:11 +00:00
# no arguments: start guided tomb creation
tomb-notify
# we do it on the desktop by default
if [ -r $HOME/Desktop ]; then
cd $HOME/Desktop;
# or inside HOME
else cd $HOME; fi
cat <<EOF
Create a new Tomb
=================
A Tomb is a special folder that keeps files safe using a password:
it makes use of strong encryption and helps you keep the keys on a
separate USB storage for safer transports.
Inside a Tomb you can store private informations without fear that
other people possessing it will discover your secrets, unless they
have your USB key and your password.
If you choose to proceed now, we'll guide you through the creation
of a new Tomb.
If you will, I'll be your Crypto Undertaker.
Do you want to proceed, Master? (y/n)
EOF
echo -n "> "
read -q
if [ $? != 0 ]; then
echo "Operation aborted."
exit 1
fi
# let's proceed
echo " Please type in the name for your new tomb file:"
echo -n "> "
read tombname
echo " How big you want the Tomb to be?"
echo " Type a size number in Megabytes:"
echo -n "> "
read tombsize
clear
echo " You have commanded the creation of this Tomb:"
echo " $tombname ( $tombsize MBytes )";
echo
cat <<EOF
Please confirm if you want to proceed now:
You will need the super-user (sudo) password for the computer you
are using, as well time available: depending how big your tomb will
be, make sure you are not running low on batteries, or inside a
detachable screen if on a server. Considering 1GB takes usually
little less than an hour to be digged.
EOF
echo " "
echo " Digging will take quite some time! Should we start? (y/n)"
echo -n "> "
read -q
if [ $? != 0 ]; then
echo "Operation aborted."
exit 1
fi
cat <<EOF
Operation confirmed! we will now call the undertaker to do its
job, but in order to do so you will need to provide your sudo
password:
EOF
tombfile=${tombname}.tomb
tomb -s $tombsize create ${tombfile}
if [ $? != 0 ]; then
echo "An error occurred creating tomb, operation aborted."
exit 1
fi
tomb-notify "The Tomb is ready!" "We will now open your new Tomb for the first time."
cat <<EOF
Would you like to save the key on an external usb device?"
This is recommended for safety:"
Always keep the key in a different place than the door!"
If you answer yes, you'll need a USB KEY now: (y/n)"
EOF
# tomb-notify "Tomb has forged a key." "Would you like to save it on USB?"
echo -n " > "
read -q
if [ $? = 0 ]; then
ask_usbkey
if [ ${usbkey_mount} ]; then
sudo mkdir -m 0700 -p ${usbkey_mount}/.tomb
sudo cp -v ${tombname}.key ${usbkey_mount}/.tomb/
sudo chmod -R go-rwx ${usbkey_mount}/.tomb
echo "${tombname}.key succesfully saved on your USB"
echo "now we'll proceed opening your brand new tomb"
tomb -k ${tombname}.tomb.key open ${tombfile}
if [ $? = 0 ]; then
launch_status ${tombname}
fi
rm -f ${tombname}.tomb.key
sudo umount ${usbkey_mount}
rmdir ${usbkey_mount}
unset usbkey_mount
exit 0
fi
fi
cat <<EOF
Impossible to save the key on USB.
We recommend to preserve the key in a separate place!
You can move it yourself later, place it in a hidden directory
named .tomb inside the first partition of an usb key.
EOF
tomb -k ${tombname}.tomb.key open ${tombfile}
if [ $? = 0 ]; then
launch_status ${tombname}
fi
exit 0