From 59d381066526b1df5d1591864f37b80a0bf25320 Mon Sep 17 00:00:00 2001 From: Jaromil Date: Fri, 13 Nov 2020 22:49:40 +0100 Subject: [PATCH] improve the check if a tomb file is in use Change the mapper path using a hash of the tomb file path, making it unique and reproducible to check if tomb is in use. Check happens inside the new render_mapper() function which is executed right after the key file opening. --- tomb | 57 ++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/tomb b/tomb index cdbeac1..1865b91 100755 --- a/tomb +++ b/tomb @@ -647,6 +647,26 @@ is_valid_tomb() { return 0 } +# render the path to the unique /dev/mapper using an hash of the path +# of the tombfile and its name. Checks for duplicates (tomb is in use) +render_mapper() { + [[ "$tombpath" == "" ]] && + _failure "cannot render mapper: missing \$tombpath" + [[ "$TOMBNAME" == "" ]] && + _failure "cannot render mapper: missing \$TOMBNAME" + local maphash=`print $tombpath | sha256sum -z` + mapper="tomb.$TOMBNAME.${maphash[(w)1]}" + local mounted_tombs=(`list_tomb_mounts`) + local usedmapper + for t in ${mounted_tombs}; do + usedmapper=`basename "${t[(ws:;:)1]}"` + [[ "$usedmapper" == "$mapper" ]] && + _failure "Tomb file already in use: ::1 tombname::" $TOMBNAME + done + _verbose "Mapper: ::1 mapper::" $mapper + print "$mapper" +} + # $1 is the tomb file to be lomounted lo_mount() { tpath="$1" @@ -2135,7 +2155,11 @@ change_tomb_key() { [[ $? == 0 ]] || { _failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH } - _load_key $tombkey # Try loading given key and set TOMBKEY and + _load_key $tombkey # Try loading given key and set TOMBKEY + + mapper=`render_mapper` + [[ "$mapper" == "" ]] && _failure "Operation aborted." + # TOMBKEYFILE local oldkey=$TOMBKEY local oldkeyfile=$TOMBKEYFILE @@ -2144,11 +2168,6 @@ change_tomb_key() { _success "Changing lock on tomb ::1 tomb name::" $TOMBNAME _message "Old key: ::1 old key::" $oldkeyfile - # render the mapper - mapdate=`date +%s` - # save date of mount in minutes since 1970 - mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)" - # load the old key if option_is_set --tomb-old-pwd; then tomb_old_pwd="`option_value --tomb-old-pwd`" @@ -2230,6 +2249,9 @@ mount_tomb() { _load_key # Try loading new key from option -k and set TOMBKEYFILE + mapper=`render_mapper` + [[ "$mapper" == "" ]] && _failure "Operation aborted." + tombmount="$2" [[ "$tombmount" = "" ]] && { tombmount=/media/$TOMBNAME @@ -2239,6 +2261,8 @@ mount_tomb() { _message "Mountpoint not specified, using default: ::1 mount point::" $tombmount } + _success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount + # check if the mountpoint is already used mounted_tombs=(`list_tomb_mounts`) for t in ${mounted_tombs}; do @@ -2247,8 +2271,6 @@ mount_tomb() { _failure "Mountpoint already in use: ::1 mount point::" $tombmount done - _success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount - lo_mount $TOMBPATH nstloop=`lo_new` @@ -2272,12 +2294,6 @@ mount_tomb() { [[ "$slotwarn" == "WARN" ]] && { _warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." } - # save date of mount in minutes since 1970 - mapdate=`date +%s` - - mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)" - - _verbose "dev mapper device: ::1 mapper::" $mapper _verbose "Tomb key: ::1 key file::" $TOMBKEYFILE # take the name only, strip extensions @@ -2814,13 +2830,11 @@ resize_tomb() { _load_key # Try loading new key from option -k and set TOMBKEYFILE - local oldtombsize=$(( `stat -c %s "$TOMBPATH" 2>/dev/null` / 1048576 )) - local mounted_tomb=`_sudo findmnt -rvo SOURCE,TARGET,FSTYPE,OPTIONS,LABEL | - awk -vtomb="[$TOMBNAME]" '/^\/dev\/mapper\/tomb/ { if($5==tomb) print $1 }'` + mapper=`render_mapper` + [[ "$mapper" == "" ]] && _failure "Operation aborted." + + local oldtombsize=$(( `stat -c %s "$TOMBPATH" 2>/dev/null` / 1048576 )) - # Tomb must not be open - [[ -z "$mounted_tomb" ]] || { - _failure "Please close the tomb ::1 tomb name:: before trying to resize it." $TOMBNAME } # New tomb size must be specified [[ -n "$newtombsize" ]] || { _failure "You must specify the new size of ::1 tomb name::" $TOMBNAME } @@ -2861,9 +2875,6 @@ resize_tomb() { lo_mount "$TOMBPATH" nstloop=`lo_new` - mapdate=`date +%s` - mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)" - _message "opening tomb" _cryptsetup luksOpen ${nstloop} ${mapper} || { _failure "Failure mounting the encrypted file." }