Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-11 07:30:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactoring of exec-hooks

Browse Source 
Renamed file from "post-hooks" to more appropriate "exec-hooks".
Implemented and documented a more consistent call system made of 4
different stages: pre-open, post-open, pre-close, post-close.
Addresses issue #265
This commit is contained in:
Jaromil 2017-06-06 12:45:29 +02:00
parent 5f71b486df
commit 056d0174f4
2 changed files with 35 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/tomb.1
View File

@ -298,13 +298,14 @@ example:
.EE .EE
.B .B
.IP "post-hooks" .IP "exec-hooks"
This hook file gets executed as user by tomb right after opening it; This hook file gets executed as user by tomb with the first argument
it should be a regular shell script, starting with a shebang. Tomb determining the step of execution: "pre-open", "post-open",
executes this hook as user (dropping root privileges) and giving it "pre-close" or "post-close". The exec-hooks file should be an
two arguments: "$1" is "open" or "close" depending from the tomb executable (ELF or shell script). Tomb executes this hook as user
command given, "$2" is the full path to the mountpoint where the tomb supplying two or more arguments, the first being the step, followed by
is open. the mountpoint of the tomb and, on close events, its name, loopback
device and dev-mapper device paths.
.SH PRIVILEGE ESCALATION .SH PRIVILEGE ESCALATION

49
tomb
View File

@ -1940,6 +1940,10 @@ mount_tomb() {
_success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount _success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount
# execute pre-open hooks if present
option_is_set -n ||
exec_safe_func_hooks pre-open ${tombmount}
lo_mount $TOMBPATH lo_mount $TOMBPATH
nstloop=`lo_new` nstloop=`lo_new`
@ -2065,10 +2069,11 @@ mount_tomb() {
# process bind-hooks (mount -o bind of directories) # process bind-hooks (mount -o bind of directories)
# and post-hooks (execute on open) # and exec-hooks (execute on open)
{ option_is_set -n } || { option_is_set -n || {
exec_safe_bind_hooks ${tombmount} exec_safe_bind_hooks ${tombmount}
exec_safe_post_hooks ${tombmount} open } exec_safe_func_hooks post-open ${tombmount}
}
return 0 return 0
} }
@ -2145,7 +2150,7 @@ exec_safe_bind_hooks() {
# Execute automated actions configured in the tomb. # Execute automated actions configured in the tomb.
# #
# Synopsis: exec_safe_post_hooks /path/to/mounted/tomb [open|close] # Synopsis: exec_safe_func_hooks /path/to/mounted/tomb
# #
# If an executable file named 'post-hooks' is found inside the tomb, # If an executable file named 'post-hooks' is found inside the tomb,
# run it as a user. This might need a dialog for security on what is # run it as a user. This might need a dialog for security on what is
@ -2153,18 +2158,12 @@ exec_safe_bind_hooks() {
# If you're mounting an untrusted tomb, be safe and use the -n switch # If you're mounting an untrusted tomb, be safe and use the -n switch
# to verify what it would run if you let it. This feature opens the # to verify what it would run if you let it. This feature opens the
# possibility to make encrypted executables. # possibility to make encrypted executables.
exec_safe_post_hooks() { exec_safe_func_hooks() {
local mnt=$1 # First argument is where the tomb is mounted
local act=$2 # Either 'open' or 'close'
# Only run if post-hooks has the executable bit set # Only run if post-hooks has the executable bit set
[[ -x $mnt/post-hooks ]] || return [[ -x $mnt/exec-hooks ]] && {
_success "Exec hook: ::1 exec hook:: ::2 action:: ::3 argument::" \
# If the file starts with a shebang, run it. "${mnt}/exec-hooks" "$1" "$2"
head -n1 $mnt/post-hooks | grep '^#!\s*/' $mnt/exec-hooks "$1" "$2"
[[ $? == 0 ]] && {
_success "Post hooks found, executing as user ::1 user name::." $USERNAME
$mnt/post-hooks $act $mnt
} }
} }
@ -2629,6 +2628,10 @@ umount_tomb() {
_warning "Please specify an existing tomb." _warning "Please specify an existing tomb."
return 0 } return 0 }
option_is_set -n ||
exec_safe_func_hooks \
pre-close "$tombmount" "$tombname" "$tombloop" "$mapper"
[[ -n $SLAM ]] && { [[ -n $SLAM ]] && {
_success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \ _success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \
$tombname $tombmount $tombname $tombmount
@ -2656,10 +2659,6 @@ umount_tomb() {
} }
done done
# Execute post-hooks for eventual cleanup
{ option_is_set -n } || {
exec_safe_post_hooks ${tombmount%%/} close }
_verbose "Performing umount of ::1 mount point::" $tombmount _verbose "Performing umount of ::1 mount point::" $tombmount
_sudo umount ${tombmount} _sudo umount ${tombmount}
[[ $? = 0 ]] || { _failure "Tomb is busy, cannot umount!" } [[ $? = 0 ]] || { _failure "Tomb is busy, cannot umount!" }
@ -2676,9 +2675,15 @@ umount_tomb() {
_failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper } _failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
# Normally the loopback device is detached when unused # Normally the loopback device is detached when unused
[[ -e "/dev/$tombloop" ]] && _sudo losetup -d "/dev/$tombloop" [[ -e "/dev/$tombloop" ]] && {
[[ $? = 0 ]] || { _sudo losetup -d "/dev/$tombloop"
_verbose "/dev/$tombloop was already closed." } [[ $? = 0 ]] || _verbose "/dev/$tombloop was already closed."
}
# Execute post-hooks for eventual cleanup
option_is_set -n ||
exec_safe_func_hooks \
post-close "$tombmount" "$tombname" "$tombloop" "$mapper"
_success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname _success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname