Sudo loopback improve (#435)

* small improvements to loopback setup and --sudo

* support reading hostname from file

also tolerate not finding the hostname (fill localhost)

address #428

* cleanup and support sup,sud,pkexec
This commit is contained in:
Jaromil 2022-02-20 21:57:05 +01:00 committed by GitHub
parent 5a5eb6ddcf
commit 03c93ef976
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

85
tomb
View File

@ -113,9 +113,35 @@ export TEXTDOMAIN=tomb
# Wrap sudo with a more visible message or apply user-supplied alternative to sudo
_sudo() {
_verbose "Enter password for user ::1 user:: to gain superuser privileges" $USER
_verbose "Using ::1 exec:: for privilege escalation" $SUDO
${=SUDO} ${@}
if option_is_set --sudo; then
pescmd=`option_value --sudo`
case `basename $pescmd` in
"doas"|"sup"|"sud"|"pkexec")
command -v $pescmd > /dev/null || _failure "$pescmd executable not found"
_verbose "Super user execution using $pescmd"
${pescmd} ${@}
return $?
;;
"skip"|"none")
_verbose "Super user execution skipped (SUID caller)"
${@}
return $?
;;
*)
_failure "Super user execution not supported: ::1 sudo::" "`option_value --sudo`"
;;
esac
else
local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
msg=${(S)msg//::1*::/$USER}
sudo -p "
$msg
" ${@}
return $?
fi
}
# Cleanup anything sensitive before exiting.
@ -557,7 +583,7 @@ is_valid_tomb() {
# Tomb file may be a LUKS FS (or we are creating it)
[[ "`file $1`" =~ "luks encrypted file" ]] || {
_warning "File is not yet a tomb: ::1 tomb file::" $1 }
_message "File is not yet a tomb: ::1 tomb file::" $1 }
# We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME TOMBMAPPER
@ -581,8 +607,8 @@ is_valid_tomb() {
# checks if Tomb already mounted (or we cannot alter it)
local maphash=`realpath $TOMBPATH | sha256sum -z`
local nextloop=`_sudo losetup -f`
TOMBMAPPER="tomb.$TOMBNAME.${maphash[(w)1]}.`basename $nextloop`"
lo_mount # fills TOMBLOOP with next loop
TOMBMAPPER="tomb.$TOMBNAME.${maphash[(w)1]}.`basename $TOMBLOOP`"
local mounted_tombs=(`list_tomb_mounts`)
local usedmapper
for t in ${mounted_tombs}; do
@ -604,7 +630,7 @@ lo_mount() {
tpath="$1"
# check if we have support for loop mounting
TOMBLOOP=`_sudo losetup -f`
TOMBLOOP=`losetup -f`
[[ $? = 0 ]] || {
_warning "Loop mount of volumes is not possible on this machine, this error"
_warning "often occurs on VPS and kernels that don't provide the loop module."
@ -612,9 +638,14 @@ lo_mount() {
_failure "Operation aborted."
}
_sudo losetup -f "$tpath" # allocates the next loopback for our file
[[ "$tpath" == "" ]] && return 0
# allocates the next loopback for our file
_sudo losetup -f "$tpath" || _failure "Loopback mount failed: ::1 path:: on ::2 loop::" "$tpath" $TOMBLOOP
TOMBLOOPDEVS+=("$TOMBLOOP") # add to array of lodevs used
return 0
}
@ -702,7 +733,7 @@ usage() {
_print " -g use a GnuPG key to encrypt a tomb key"
_print " -r provide GnuPG recipients (separated by comma)"
_print " -R provide GnuPG hidden recipients (separated by comma)"
_print " --sudo alternative to sudo such as doas (command or absolute path)"
_print " --sudo super user exec alternative to sudo (doas or none)"
[[ $SPHINX == 1 ]] && {
_print " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
@ -2023,11 +2054,10 @@ lock_tomb_with_key() {
return 1
;;
esac
# TODO: check validity, only ext3 or 4 or btrfs support
_success "Selected filesystem type $filesystem."
}
lo_mount $TOMBPATH
lo_mount "$TOMBPATH"
_verbose "Loop mounted on ::1 mount point::" $TOMBLOOP
@ -2114,7 +2144,7 @@ change_tomb_key() {
is_valid_tomb $tombpath
lo_mount $TOMBPATH
lo_mount "$TOMBPATH"
_sudo cryptsetup isLuks ${TOMBLOOP}
# is it a LUKS encrypted nest? we check one more time
@ -2236,7 +2266,7 @@ mount_tomb() {
_failure "Mountpoint already in use: ::1 mount point::" "$tombmount"
done
lo_mount $TOMBPATH
lo_mount "$TOMBPATH"
_sudo cryptsetup isLuks ${TOMBLOOP} || {
# is it a LUKS encrypted nest? see cryptsetup(1)
@ -2360,7 +2390,13 @@ mount_tomb() {
_update_control_file "${tombmount}/.uid" $_UID
_update_control_file "${tombmount}/.tty" $_TTY
# also the hostname
if command -v hostname >/dev/null; then
_update_control_file "${tombmount}/.host" `hostname`
elif [[ -r /etc/hostname ]]; then
_update_control_file "${tombmount}/.host" $(_cat /etc/hostname)
else
_update_control_file "${tombmount}/.host" localhost
fi
# and the "last time opened" information
# in minutes since 1970, this is printed at next open
_update_control_file "${tombmount}/.last" `date +%s`
@ -3255,27 +3291,8 @@ main() {
option_is_set --tmp && TMPDIR=$(option_value --tmp)
option_is_set --sudo && {
local _opt=`option_value --sudo`
case $_opt in
"sudo") # the worst default ever
SUDO=sudo
;;
"doas") # openbsd
SUDO=doas
;;
"pkexec") # policykit
SUDO=pkexec
;;
"sup") # https://sup.dyne.org
SUDO=sup
;;
"sud") # https://sud.dyne.org
SUDO=sud
;;
*)
_failure "Invalid privilege escalation tool: ::1 exec::" $_opt
;;
esac
local _opt=`basename $(option_value --sudo)`
_message "Privilege escalation tool configured: ::1 exec::" $_opt
}
# When we run as root, we remember the original uid:gid to set