mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-22 12:35:13 +00:00
TEST: kdf=null, passwd added
some cleanup: first usage of try-always block, which makes cleanup actions much cleaner
This commit is contained in:
parent
48f8bf28fc
commit
42f239a8d6
9
src/test/kdf_null.test.sh
Normal file
9
src/test/kdf_null.test.sh
Normal file
@ -0,0 +1,9 @@
|
||||
rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3
|
||||
sudo -k
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 --kdf null >&4 2>&4 || echo "error creating (with --kdf null): $?" >&3
|
||||
egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (--kdf=null), shouldn't" >&3
|
||||
sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3
|
||||
rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 >&4 2>&4 || echo "error creating (without --kdf): $?" >&3
|
||||
egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (no --kdf), shouldn't" >&3
|
||||
sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3
|
27
src/test/passwd.test.sh
Normal file
27
src/test/passwd.test.sh
Normal file
@ -0,0 +1,27 @@
|
||||
rm /tmp/asd.tomb{,.key} -f || exit 1
|
||||
{
|
||||
sudo -k
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
|
||||
sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
|
||||
#checking wrong&correct password
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing1 $? >&3
|
||||
#now changing password
|
||||
../tomb --no-color --unsecure-dev-mode --tomb-old-pwd f00za --tomb-pwd n3w passwd /tmp/asd.tomb.key >&4 2>&4 || echo error changing password: $? >&3
|
||||
#checking it all
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful after passwd >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 && echo error: open with old password is successful >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd n3w open /tmp/asd.tomb >&4 2>&4 || echo error opening after new password: $? >&3
|
||||
|
||||
../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
|
||||
../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
|
||||
mountpoint=`../tomb --no-color list --get-mountpoint asd`
|
||||
df $mountpoint >&4 || echo error df: $? >&3
|
||||
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing2: $? >&3
|
||||
} always {
|
||||
rm /tmp/asd.tomb{,.key} -f
|
||||
}
|
||||
|
||||
|
@ -2,7 +2,8 @@ rm /tmp/asd.tomb{,.key} -f || exit 1
|
||||
sudo -k
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
|
||||
sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error creating: $? >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
|
||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
|
||||
../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
|
||||
../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
|
||||
mountpoint=`../tomb --no-color list --get-mountpoint asd`
|
||||
|
@ -1,14 +1,7 @@
|
||||
#!/usr/bin/env zsh
|
||||
|
||||
source utils.sh
|
||||
if [[ -z $sudo_pwd ]]; then
|
||||
echo "WARNING: sudo_pwd is probably needed by some test"
|
||||
fi
|
||||
rm /tmp/tomb_test_errorlog -f &> /dev/null
|
||||
has_err=0
|
||||
autoload colors
|
||||
colors
|
||||
for t in *.test.sh; do
|
||||
test_file() {
|
||||
t=$1
|
||||
echo -n "$fg[yellow]$t start test... $fg[default]"
|
||||
sudo_pwd=$sudo_pwd source $t 3> /tmp/tomb_test_errorlog 4> /tmp/tomb_test_fulllog
|
||||
ret=$?
|
||||
@ -22,9 +15,34 @@ for t in *.test.sh; do
|
||||
echo "\n--- Full log (for $t) ---\n"
|
||||
< /tmp/tomb_test_fulllog
|
||||
rm /tmp/tomb_test_fulllog
|
||||
has_err=1
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
source utils.sh
|
||||
if [[ -z $sudo_pwd ]]; then
|
||||
echo "WARNING: sudo_pwd is probably needed by some test"
|
||||
fi
|
||||
rm /tmp/tomb_test_errorlog -f &> /dev/null
|
||||
has_err=0
|
||||
autoload colors
|
||||
colors
|
||||
if [[ $# == 0 ]]; then
|
||||
for t in *.test.sh; do
|
||||
test_file $t
|
||||
if [[ $? != 0 ]]; then
|
||||
has_err=$?
|
||||
fi
|
||||
done
|
||||
else
|
||||
for t in "$@"; do
|
||||
test_file $t
|
||||
if [[ $? != 0 ]]; then
|
||||
has_err=$?
|
||||
fi
|
||||
done
|
||||
fi
|
||||
exit $has_err
|
||||
|
||||
|
||||
|
58
src/tomb
58
src/tomb
@ -1042,6 +1042,9 @@ mount_tomb() {
|
||||
local ret=$?
|
||||
unset tombpass
|
||||
if [[ $ret != 0 ]]; then
|
||||
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
|
||||
die "Wrong password: aborting"
|
||||
fi
|
||||
continue
|
||||
fi
|
||||
|
||||
@ -1292,35 +1295,46 @@ change_passwd() {
|
||||
|
||||
local tmpnewkey lukskey c tombpass tombpasstmp
|
||||
|
||||
tmpnewkey=`safe_filename tomb`
|
||||
lukskey=`safe_filename tomb`
|
||||
tmpnewkey=`safe_filename tombnew`
|
||||
lukskey=`safe_filename tombluks`
|
||||
|
||||
_success "Changing password for $keyfile"
|
||||
keyname=`basename $keyfile`
|
||||
while true; do
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
|
||||
if [[ $? == 1 ]]; then
|
||||
die "User aborted"
|
||||
if ! option_is_set --tomb-old-pwd; then
|
||||
while true; do
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
|
||||
if [[ $? == 1 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
else
|
||||
tombpass=`option_value --tomb-old-pwd`
|
||||
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||
die "Invalid old password"
|
||||
fi
|
||||
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||
break
|
||||
fi
|
||||
|
||||
{
|
||||
gen_key $lukskey > ${tmpnewkey}
|
||||
|
||||
if ! is_valid_key $tmpnewkey; then
|
||||
die "Error: the newly generated keyfile does not seem valid"
|
||||
else
|
||||
# copy the new key as the original keyfile name
|
||||
cp "${tmpnewkey}" "${keyfile}"
|
||||
_success "Your passphrase was successfully updated."
|
||||
fi
|
||||
done
|
||||
|
||||
gen_key $lukskey > $tmpnewkey
|
||||
|
||||
if ! is_valid_key $tmpnewkey; then
|
||||
} always {
|
||||
_verbose "cleanup: $tmpnewkey $lukskey"
|
||||
# wipe all temp file
|
||||
${=WIPE} "${tmpnewkey}"
|
||||
${=WIPE} "${lukskey}"
|
||||
die "Error: the newly generated keyfile does not seem valid"
|
||||
fi
|
||||
}
|
||||
|
||||
# copy the new key as the original keyfile name
|
||||
cp "${tmpnewkey}" "${keyfile}"
|
||||
_success "Your passphrase was successfully updated."
|
||||
|
||||
return 0
|
||||
return $?
|
||||
}
|
||||
|
||||
# }}}
|
||||
@ -1745,7 +1759,7 @@ main() {
|
||||
subcommands_opts[open]="f n -nohook=n k: -key=k U: -uid=U G: -gid=G o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:"
|
||||
subcommands_opts[mount]=${subcommands_opts[open]}
|
||||
subcommands_opts[create]="f s: -size=s -force k: -key=k U: -uid=U G: -gid=G -ignore-swap -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
|
||||
subcommands_opts[passwd]="f -ignore-swap -kdf: "
|
||||
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
||||
subcommands_opts[close]="-sudo-pwd: U: -uid=U G: -gid=G"
|
||||
subcommands_opts[help]=""
|
||||
subcommands_opts[slam]=""
|
||||
@ -1836,7 +1850,7 @@ main() {
|
||||
autoload colors; colors
|
||||
fi
|
||||
if ! option_is_set --unsecure-dev-mode; then
|
||||
for opt in --sudo-pwd --tomb-pwd --use-urandom; do
|
||||
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
||||
if option_is_set $opt; then
|
||||
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user