Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-22 20:45:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

TEST: kdf=null, passwd added

Browse Source 
some cleanup: first usage of try-always block, which makes cleanup actions
much cleaner
This commit is contained in:
boyska 2012-09-08 14:00:32 +02:00 committed by Jaromil
parent 48f8bf28fc
commit 42f239a8d6
5 changed files with 103 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/test/kdf_null.test.sh Normal file
View File

@ -0,0 +1,9 @@
rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3
sudo -k
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 --kdf null >&4 2>&4 || echo "error creating (with --kdf null): $?" >&3
egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (--kdf=null), shouldn't" >&3
sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3
rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 >&4 2>&4 || echo "error creating (without --kdf): $?" >&3
egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (no --kdf), shouldn't" >&3
sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3

27
src/test/passwd.test.sh Normal file
View File

@ -0,0 +1,27 @@
rm /tmp/asd.tomb{,.key} -f || exit 1
{
sudo -k
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
#checking wrong&correct password
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing1 $? >&3
#now changing password
../tomb --no-color --unsecure-dev-mode --tomb-old-pwd f00za --tomb-pwd n3w passwd /tmp/asd.tomb.key >&4 2>&4 || echo error changing password: $? >&3
#checking it all
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful after passwd >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 && echo error: open with old password is successful >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd n3w open /tmp/asd.tomb >&4 2>&4 || echo error opening after new password: $? >&3
../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
mountpoint=`../tomb --no-color list --get-mountpoint asd`
df $mountpoint >&4 || echo error df: $? >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing2: $? >&3
} always {
rm /tmp/asd.tomb{,.key} -f
}

3
src/test/simple.test.sh
View File

@ -2,7 +2,8 @@ rm /tmp/asd.tomb{,.key} -f || exit 1
sudo -k sudo -k
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3 ../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3 sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error creating: $? >&3 ../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3 ../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3 ../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
mountpoint=`../tomb --no-color list --get-mountpoint asd` mountpoint=`../tomb --no-color list --get-mountpoint asd`

40
src/test/testall.sh
View File

@ -1,14 +1,7 @@
#!/usr/bin/env zsh #!/usr/bin/env zsh
source utils.sh test_file() {
if [[ -z $sudo_pwd ]]; then t=$1
echo "WARNING: sudo_pwd is probably needed by some test"
fi
rm /tmp/tomb_test_errorlog -f &> /dev/null
has_err=0
autoload colors
colors
for t in *.test.sh; do
echo -n "$fg[yellow]$t start test... $fg[default]" echo -n "$fg[yellow]$t start test... $fg[default]"
sudo_pwd=$sudo_pwd source $t 3> /tmp/tomb_test_errorlog 4> /tmp/tomb_test_fulllog sudo_pwd=$sudo_pwd source $t 3> /tmp/tomb_test_errorlog 4> /tmp/tomb_test_fulllog
ret=$? ret=$?
@ -22,9 +15,34 @@ for t in *.test.sh; do
echo "\n--- Full log (for $t) ---\n" echo "\n--- Full log (for $t) ---\n"
< /tmp/tomb_test_fulllog < /tmp/tomb_test_fulllog
rm /tmp/tomb_test_fulllog rm /tmp/tomb_test_fulllog
has_err=1 return 1
fi fi
done return 0
}
source utils.sh
if [[ -z $sudo_pwd ]]; then
echo "WARNING: sudo_pwd is probably needed by some test"
fi
rm /tmp/tomb_test_errorlog -f &> /dev/null
has_err=0
autoload colors
colors
if [[ $# == 0 ]]; then
for t in *.test.sh; do
test_file $t
if [[ $? != 0 ]]; then
has_err=$?
fi
done
else
for t in "$@"; do
test_file $t
if [[ $? != 0 ]]; then
has_err=$?
fi
done
fi
exit $has_err exit $has_err

40
src/tomb
View File

@ -1042,6 +1042,9 @@ mount_tomb() {
local ret=$? local ret=$?
unset tombpass unset tombpass
if [[ $ret != 0 ]]; then if [[ $ret != 0 ]]; then
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
die "Wrong password: aborting"
fi
continue continue
fi fi
@ -1292,11 +1295,12 @@ change_passwd() {
local tmpnewkey lukskey c tombpass tombpasstmp local tmpnewkey lukskey c tombpass tombpasstmp
tmpnewkey=`safe_filename tomb` tmpnewkey=`safe_filename tombnew`
lukskey=`safe_filename tomb` lukskey=`safe_filename tombluks`
_success "Changing password for $keyfile" _success "Changing password for $keyfile"
keyname=`basename $keyfile` keyname=`basename $keyfile`
if ! option_is_set --tomb-old-pwd; then
while true; do while true; do
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
if [[ $? == 1 ]]; then if [[ $? == 1 ]]; then
@ -1306,21 +1310,31 @@ change_passwd() {
break break
fi fi
done done
else
gen_key $lukskey > $tmpnewkey tombpass=`option_value --tomb-old-pwd`
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
if ! is_valid_key $tmpnewkey; then die "Invalid old password"
# wipe all temp file fi
${=WIPE} "${tmpnewkey}"
${=WIPE} "${lukskey}"
die "Error: the newly generated keyfile does not seem valid"
fi fi
{
gen_key $lukskey > ${tmpnewkey}
if ! is_valid_key $tmpnewkey; then
die "Error: the newly generated keyfile does not seem valid"
else
# copy the new key as the original keyfile name # copy the new key as the original keyfile name
cp "${tmpnewkey}" "${keyfile}" cp "${tmpnewkey}" "${keyfile}"
_success "Your passphrase was successfully updated." _success "Your passphrase was successfully updated."
fi
} always {
_verbose "cleanup: $tmpnewkey $lukskey"
# wipe all temp file
${=WIPE} "${tmpnewkey}"
${=WIPE} "${lukskey}"
}
return 0 return $?
} }
# }}} # }}}
@ -1745,7 +1759,7 @@ main() {
subcommands_opts[open]="f n -nohook=n k: -key=k U: -uid=U G: -gid=G o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:" subcommands_opts[open]="f n -nohook=n k: -key=k U: -uid=U G: -gid=G o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:"
subcommands_opts[mount]=${subcommands_opts[open]} subcommands_opts[mount]=${subcommands_opts[open]}
subcommands_opts[create]="f s: -size=s -force k: -key=k U: -uid=U G: -gid=G -ignore-swap -kdf: -sudo-pwd: -tomb-pwd: -use-urandom" subcommands_opts[create]="f s: -size=s -force k: -key=k U: -uid=U G: -gid=G -ignore-swap -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
subcommands_opts[passwd]="f -ignore-swap -kdf: " subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
subcommands_opts[close]="-sudo-pwd: U: -uid=U G: -gid=G" subcommands_opts[close]="-sudo-pwd: U: -uid=U G: -gid=G"
subcommands_opts[help]="" subcommands_opts[help]=""
subcommands_opts[slam]="" subcommands_opts[slam]=""
@ -1836,7 +1850,7 @@ main() {
autoload colors; colors autoload colors; colors
fi fi
if ! option_is_set --unsecure-dev-mode; then if ! option_is_set --unsecure-dev-mode; then
for opt in --sudo-pwd --tomb-pwd --use-urandom; do for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
if option_is_set $opt; then if option_is_set $opt; then
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127 die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
fi fi