Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-10 23:20:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve the check if a tomb file is in use

Browse Source 
Change the mapper path using a hash of the tomb file path,
making it unique and reproducible to check if tomb is in use.
Check happens inside the new render_mapper() function which is
executed right after the key file opening.
This commit is contained in:
Jaromil 2020-11-13 22:49:40 +01:00
parent 763dbdb356
commit 59d3810665
1 changed files with 34 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
tomb
View File

@ -647,6 +647,26 @@ is_valid_tomb() {
return 0 return 0
} }
# render the path to the unique /dev/mapper using an hash of the path
# of the tombfile and its name. Checks for duplicates (tomb is in use)
render_mapper() {
[[ "$tombpath" == "" ]] &&
_failure "cannot render mapper: missing \$tombpath"
[[ "$TOMBNAME" == "" ]] &&
_failure "cannot render mapper: missing \$TOMBNAME"
local maphash=`print $tombpath | sha256sum -z`
mapper="tomb.$TOMBNAME.${maphash[(w)1]}"
local mounted_tombs=(`list_tomb_mounts`)
local usedmapper
for t in ${mounted_tombs}; do
usedmapper=`basename "${t[(ws:;:)1]}"`
[[ "$usedmapper" == "$mapper" ]] &&
_failure "Tomb file already in use: ::1 tombname::" $TOMBNAME
done
_verbose "Mapper: ::1 mapper::" $mapper
print "$mapper"
}
# $1 is the tomb file to be lomounted # $1 is the tomb file to be lomounted
lo_mount() { lo_mount() {
tpath="$1" tpath="$1"
@ -2135,7 +2155,11 @@ change_tomb_key() {
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH } _failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
_load_key $tombkey # Try loading given key and set TOMBKEY and _load_key $tombkey # Try loading given key and set TOMBKEY
mapper=`render_mapper`
[[ "$mapper" == "" ]] && _failure "Operation aborted."
# TOMBKEYFILE # TOMBKEYFILE
local oldkey=$TOMBKEY local oldkey=$TOMBKEY
local oldkeyfile=$TOMBKEYFILE local oldkeyfile=$TOMBKEYFILE
@ -2144,11 +2168,6 @@ change_tomb_key() {
_success "Changing lock on tomb ::1 tomb name::" $TOMBNAME _success "Changing lock on tomb ::1 tomb name::" $TOMBNAME
_message "Old key: ::1 old key::" $oldkeyfile _message "Old key: ::1 old key::" $oldkeyfile
# render the mapper
mapdate=`date +%s`
# save date of mount in minutes since 1970
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
# load the old key # load the old key
if option_is_set --tomb-old-pwd; then if option_is_set --tomb-old-pwd; then
tomb_old_pwd="`option_value --tomb-old-pwd`" tomb_old_pwd="`option_value --tomb-old-pwd`"
@ -2230,6 +2249,9 @@ mount_tomb() {
_load_key # Try loading new key from option -k and set TOMBKEYFILE _load_key # Try loading new key from option -k and set TOMBKEYFILE
mapper=`render_mapper`
[[ "$mapper" == "" ]] && _failure "Operation aborted."
tombmount="$2" tombmount="$2"
[[ "$tombmount" = "" ]] && { [[ "$tombmount" = "" ]] && {
tombmount=/media/$TOMBNAME tombmount=/media/$TOMBNAME
@ -2239,6 +2261,8 @@ mount_tomb() {
_message "Mountpoint not specified, using default: ::1 mount point::" $tombmount _message "Mountpoint not specified, using default: ::1 mount point::" $tombmount
} }
_success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount
# check if the mountpoint is already used # check if the mountpoint is already used
mounted_tombs=(`list_tomb_mounts`) mounted_tombs=(`list_tomb_mounts`)
for t in ${mounted_tombs}; do for t in ${mounted_tombs}; do
@ -2247,8 +2271,6 @@ mount_tomb() {
_failure "Mountpoint already in use: ::1 mount point::" $tombmount _failure "Mountpoint already in use: ::1 mount point::" $tombmount
done done
_success "Opening ::1 tomb file:: on ::2 mount point::" $TOMBNAME $tombmount
lo_mount $TOMBPATH lo_mount $TOMBPATH
nstloop=`lo_new` nstloop=`lo_new`
@ -2272,12 +2294,6 @@ mount_tomb() {
[[ "$slotwarn" == "WARN" ]] && { [[ "$slotwarn" == "WARN" ]] && {
_warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." } _warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
# save date of mount in minutes since 1970
mapdate=`date +%s`
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
_verbose "dev mapper device: ::1 mapper::" $mapper
_verbose "Tomb key: ::1 key file::" $TOMBKEYFILE _verbose "Tomb key: ::1 key file::" $TOMBKEYFILE
# take the name only, strip extensions # take the name only, strip extensions
@ -2814,13 +2830,11 @@ resize_tomb() {
_load_key # Try loading new key from option -k and set TOMBKEYFILE _load_key # Try loading new key from option -k and set TOMBKEYFILE
local oldtombsize=$(( `stat -c %s "$TOMBPATH" 2>/dev/null` / 1048576 )) mapper=`render_mapper`
local mounted_tomb=`_sudo findmnt -rvo SOURCE,TARGET,FSTYPE,OPTIONS,LABEL | [[ "$mapper" == "" ]] && _failure "Operation aborted."
awk -vtomb="[$TOMBNAME]" '/^\/dev\/mapper\/tomb/ { if($5==tomb) print $1 }'`
local oldtombsize=$(( `stat -c %s "$TOMBPATH" 2>/dev/null` / 1048576 ))
# Tomb must not be open
[[ -z "$mounted_tomb" ]] || {
_failure "Please close the tomb ::1 tomb name:: before trying to resize it." $TOMBNAME }
# New tomb size must be specified # New tomb size must be specified
[[ -n "$newtombsize" ]] || { [[ -n "$newtombsize" ]] || {
_failure "You must specify the new size of ::1 tomb name::" $TOMBNAME } _failure "You must specify the new size of ::1 tomb name::" $TOMBNAME }
@ -2861,9 +2875,6 @@ resize_tomb() {
lo_mount "$TOMBPATH" lo_mount "$TOMBPATH"
nstloop=`lo_new` nstloop=`lo_new`
mapdate=`date +%s`
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
_message "opening tomb" _message "opening tomb"
_cryptsetup luksOpen ${nstloop} ${mapper} || { _cryptsetup luksOpen ${nstloop} ${mapper} || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }