mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-10 23:20:57 +00:00
Removed old privilege escalation model
This commit refactors the handling of password input by eliminating all intermediary programs and relying only on ZSh, hence improving overall security against rootkits and such. Also the way sudo is used is now greatly simplified and there is no privilege escalation at boot: sudo is executed inside Tomb by being prefixed in front of those programs needing it. All tests passed.
This commit is contained in:
parent
e6075d08ce
commit
5dbcabdf26
@ -13,7 +13,7 @@ German translation by x3nu.
|
|||||||
|
|
||||||
Testing, reviews and documentation are contributed by Dreamer, Shining
|
Testing, reviews and documentation are contributed by Dreamer, Shining
|
||||||
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
|
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
|
||||||
Reiven, GDrooid, Alphazo, Brian May and the Linux Action Show!
|
Reiven, GDrooid, Alphazo, Brian May, TheJH and the Linux Action Show!
|
||||||
|
|
||||||
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
|
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
|
||||||
|
|
||||||
|
262
tomb
262
tomb
@ -57,7 +57,7 @@ for arg in "${(@)argv}"; do OLDARGS+=("$arg"); done
|
|||||||
typeset -a DD WIPE MKFS PINENTRY
|
typeset -a DD WIPE MKFS PINENTRY
|
||||||
DD=(dd)
|
DD=(dd)
|
||||||
WIPE=(rm -f)
|
WIPE=(rm -f)
|
||||||
MKFS=(mkfs.ext3 -q -F -j -L)
|
MKFS=(sudo mkfs.ext3 -q -F -j -L)
|
||||||
PINENTRY=(pinentry)
|
PINENTRY=(pinentry)
|
||||||
|
|
||||||
# load zsh regex module
|
# load zsh regex module
|
||||||
@ -141,7 +141,7 @@ _endgame() {
|
|||||||
|
|
||||||
# Detach loop devices
|
# Detach loop devices
|
||||||
for l in $TOMBLOOPDEVS; do
|
for l in $TOMBLOOPDEVS; do
|
||||||
losetup -d "$l"
|
sudo losetup -d "$l"
|
||||||
done
|
done
|
||||||
unset TOMBLOOPDEVS
|
unset TOMBLOOPDEVS
|
||||||
|
|
||||||
@ -234,10 +234,10 @@ _plot() {
|
|||||||
# Provide a random filename in shared memory
|
# Provide a random filename in shared memory
|
||||||
_tmp_create() {
|
_tmp_create() {
|
||||||
[[ -d "$TMPPREFIX" ]] || {
|
[[ -d "$TMPPREFIX" ]] || {
|
||||||
mkdir -m 777 "$TMPPREFIX"
|
sudo mkdir -m 777 "$TMPPREFIX"
|
||||||
[[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
|
[[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
|
||||||
# we create the tempdir with the sticky bit on
|
# we create the tempdir with the sticky bit on
|
||||||
chmod o+t "$TMPPREFIX"
|
sudo chmod o+t "$TMPPREFIX"
|
||||||
}
|
}
|
||||||
|
|
||||||
# We're going to add one more $RANDOM for each time someone complain
|
# We're going to add one more $RANDOM for each time someone complain
|
||||||
@ -254,7 +254,6 @@ _tmp_create() {
|
|||||||
[[ $? == 0 ]] || {
|
[[ $? == 0 ]] || {
|
||||||
_failure "Fatal error creating a temporary file: ::1 temp file::" "$tfile" }
|
_failure "Fatal error creating a temporary file: ::1 temp file::" "$tfile" }
|
||||||
|
|
||||||
chown $_UID:$_GID "$tfile"
|
|
||||||
[[ $? == 0 ]] || {
|
[[ $? == 0 ]] || {
|
||||||
_failure "Fatal error setting ownership on temporary file: ::1 temp file::" "$tfile" }
|
_failure "Fatal error setting ownership on temporary file: ::1 temp file::" "$tfile" }
|
||||||
|
|
||||||
@ -338,21 +337,22 @@ _check_swap() {
|
|||||||
# provides better security and conveniently use the right toolkit.
|
# provides better security and conveniently use the right toolkit.
|
||||||
ask_password() {
|
ask_password() {
|
||||||
|
|
||||||
local description=$1
|
local description="$1"
|
||||||
local title=${2:-Enter tomb password.}
|
local title="${2:-Enter tomb password.}"
|
||||||
local gtkrc="share/themes/tomb/gtk-2.0-key/gtkrc"
|
local _output
|
||||||
local output
|
local _password
|
||||||
|
local _gtkrc
|
||||||
|
local _theme
|
||||||
|
|
||||||
# Force pinentry to use a custom icon by overriding the GTK theme
|
[[ "$DISPLAY" = "" ]] || {
|
||||||
# temporarily.
|
_theme=/share/themes/tomb/gtk-2.0-key/gtkrc
|
||||||
for prefix in /usr/local /usr; do
|
for i in /usr/local /usr; do
|
||||||
[[ -r "$prefix/$gtkrc" ]] && {
|
[[ -r $i/$_theme ]] && {
|
||||||
GTK2_RC="$prefix/$gtkrc"
|
_gtkrc=$i/$_theme
|
||||||
break
|
break }
|
||||||
}
|
done }
|
||||||
done
|
|
||||||
|
|
||||||
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} ${PINENTRY} 2>/dev/null | tail -n +7
|
_output=`cat <<EOF | GTK2_RC_FILES="$_gtkrc" pinentry-gtk-2
|
||||||
OPTION ttyname=$TTY
|
OPTION ttyname=$TTY
|
||||||
OPTION lc-ctype=$LANG
|
OPTION lc-ctype=$LANG
|
||||||
SETTITLE $title
|
SETTITLE $title
|
||||||
@ -360,58 +360,28 @@ SETDESC $description
|
|||||||
SETPROMPT Password:
|
SETPROMPT Password:
|
||||||
GETPIN
|
GETPIN
|
||||||
EOF`
|
EOF`
|
||||||
|
|
||||||
|
# parse the pinentry output
|
||||||
|
for i in ${(f)_output}; do
|
||||||
|
[[ "$i" =~ "^ERR.*" ]] && {
|
||||||
|
_warning "Pinentry error: ${i[(w)3]};"
|
||||||
|
print "canceled"
|
||||||
|
return 1 }
|
||||||
|
|
||||||
# Return 1 on error
|
# here the password is found
|
||||||
[[ `tail -n1 <<<$output` =~ ERR ]] && return 1
|
[[ "$i" =~ "^D .*" ]] && _password="${i##D }"
|
||||||
|
done
|
||||||
|
|
||||||
# Print out the typed password and return 0
|
[[ "$_password" = "" ]] && {
|
||||||
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
|
_warning "Empty password"
|
||||||
|
print "empty"
|
||||||
|
return 1 }
|
||||||
|
|
||||||
|
print "$_password"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
# Drop privileges
|
|
||||||
exec_as_user() {
|
|
||||||
if ! [ $SUDO_USER ]; then
|
|
||||||
exec ${@[@]}
|
|
||||||
return $?
|
|
||||||
fi
|
|
||||||
_verbose "exec_as_user '::1 user::': ::2::" $SUDO_USER ${(f)@}
|
|
||||||
sudo -u $SUDO_USER "${@[@]}"
|
|
||||||
return $?
|
|
||||||
}
|
|
||||||
|
|
||||||
# Escalate privileges
|
|
||||||
check_priv() {
|
|
||||||
if [ $UID != 0 ]; then
|
|
||||||
_verbose "Using sudo for root execution of '::1 exec:: ::2 args::'." $TOMBEXEC ${(f)OLDARGS}
|
|
||||||
# check if sudo has a timestamp active
|
|
||||||
sudok=false
|
|
||||||
|
|
||||||
if ! option_is_set --sudo-pwd; then
|
|
||||||
if [ $? != 0 ]; then # if not then ask a password
|
|
||||||
cat <<EOF | ${PINENTRY} 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
|
|
||||||
OPTION ttyname=$TTY
|
|
||||||
OPTION lc-ctype=$LANG
|
|
||||||
SETTITLE Super user privileges required
|
|
||||||
SETDESC Sudo execution of Tomb ${OLDARGS[@]}
|
|
||||||
SETPROMPT Insert your USER password:
|
|
||||||
GETPIN
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
_verbose "Escalating privileges using sudo-pwd."
|
|
||||||
sudo -S -v <<<`option_value --sudo-pwd`
|
|
||||||
fi
|
|
||||||
sudo "${TOMBEXEC}" -U "${UID}" -G "${GID}" -T "${TTY:-SSH_TTY}" "${(@)OLDARGS}"
|
|
||||||
exit $?
|
|
||||||
fi # are we root already
|
|
||||||
|
|
||||||
# make sure necessary kernel modules are loaded
|
|
||||||
modprobe dm_mod
|
|
||||||
modprobe dm_crypt
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check if a filename is a valid tomb
|
# Check if a filename is a valid tomb
|
||||||
is_valid_tomb() {
|
is_valid_tomb() {
|
||||||
@ -456,7 +426,7 @@ lo_mount() {
|
|||||||
tpath="$1"
|
tpath="$1"
|
||||||
|
|
||||||
# check if we have support for loop mounting
|
# check if we have support for loop mounting
|
||||||
_nstloop=`losetup -f`
|
_nstloop=`sudo losetup -f`
|
||||||
[[ $? = 0 ]] || {
|
[[ $? = 0 ]] || {
|
||||||
_warning "Loop mount of volumes is not possible on this machine, this error"
|
_warning "Loop mount of volumes is not possible on this machine, this error"
|
||||||
_warning "often occurs on VPS and kernels that don't provide the loop module."
|
_warning "often occurs on VPS and kernels that don't provide the loop module."
|
||||||
@ -464,7 +434,7 @@ lo_mount() {
|
|||||||
_failure "Operation aborted."
|
_failure "Operation aborted."
|
||||||
}
|
}
|
||||||
|
|
||||||
losetup -f "$tpath" # allocates the next loopback for our file
|
sudo losetup -f "$tpath" # allocates the next loopback for our file
|
||||||
|
|
||||||
TOMBLOOPDEVS+=("$_nstloop") # add to array of lodevs used
|
TOMBLOOPDEVS+=("$_nstloop") # add to array of lodevs used
|
||||||
|
|
||||||
@ -666,31 +636,9 @@ function _print() {
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
# Print out progress to inform GUI caller applications (--batch mode)
|
|
||||||
progress() {
|
|
||||||
# $1 is "what is progressing"
|
|
||||||
# $2 is "percentage"
|
|
||||||
# $3 is (eventually blank) status
|
|
||||||
# Example: if creating a tomb, it could be sth like
|
|
||||||
# progress create 0 filling with random data
|
|
||||||
# progress create 40 generating key
|
|
||||||
# progress keygen 0 please move the mouse
|
|
||||||
# progress keygen 30 please move the mouse
|
|
||||||
# progress keygen 60 please move the mouse
|
|
||||||
# progress keygen 100 key generated
|
|
||||||
# progress create 80 please enter password
|
|
||||||
# progress create 90 formatting the tomb
|
|
||||||
# progress create 100 tomb created successfully
|
|
||||||
if ! option_is_set --batch; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
print "[m][P][$1][$2][$3]" >&2
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
_list_optional_tools() {
|
_list_optional_tools() {
|
||||||
typeset -a _deps
|
typeset -a _deps
|
||||||
_deps=(gettext dcfldd wipe mkfs.ext4 steghide e2fsck)
|
_deps=(gettext dcfldd wipe steghide)
|
||||||
_deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv)
|
_deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv)
|
||||||
for d in $_deps; do
|
for d in $_deps; do
|
||||||
_print "`which $d`"
|
_print "`which $d`"
|
||||||
@ -708,7 +656,7 @@ _list_optional_tools() {
|
|||||||
_ensure_dependencies() {
|
_ensure_dependencies() {
|
||||||
|
|
||||||
# Check for required programs
|
# Check for required programs
|
||||||
for req in cryptsetup pinentry sudo gpg; do
|
for req in cryptsetup pinentry sudo gpg mkfs.ext4 e2fsck; do
|
||||||
command -v $req 1>/dev/null 2>/dev/null || {
|
command -v $req 1>/dev/null 2>/dev/null || {
|
||||||
_failure "Missing required dependency ::1 command::. Please install it." $req }
|
_failure "Missing required dependency ::1 command::. Please install it." $req }
|
||||||
done
|
done
|
||||||
@ -722,21 +670,10 @@ _ensure_dependencies() {
|
|||||||
# Which wipe command to use
|
# Which wipe command to use
|
||||||
command -v wipe 1>/dev/null 2>/dev/null && WIPE=(wipe -f -s)
|
command -v wipe 1>/dev/null 2>/dev/null && WIPE=(wipe -f -s)
|
||||||
|
|
||||||
# Read pinentry config from gpg-agent if present
|
|
||||||
[[ -r "$HOME/.gnupg/gpg-agent.conf" ]] && {
|
|
||||||
_verbose "gpg-agent configuration found"
|
|
||||||
PINENTRY=(`awk '
|
|
||||||
/^pinentry-program/ { for(c=2;c<=NF;c++) printf("%s ", $c) }
|
|
||||||
' $HOME/.gnupg/gpg-agent.conf`)
|
|
||||||
_verbose "gpg-agent choice of pinentry: ::1 pinentry::" "${PINENTRY}" }
|
|
||||||
|
|
||||||
# Check for filesystem creation programs
|
|
||||||
command -v mkfs.ext4 1>/dev/null 2>/dev/null && MKFS=(mkfs.ext4 -q -F -j -L)
|
|
||||||
|
|
||||||
# Check for steghide
|
# Check for steghide
|
||||||
command -v steghide 1>/dev/null 2>/dev/null || STEGHIDE=0
|
command -v steghide 1>/dev/null 2>/dev/null || STEGHIDE=0
|
||||||
# Check for resize
|
# Check for resize
|
||||||
command -v e2fsck resize2fs 1>/dev/null 2>/dev/null || RESIZER=0
|
command -v resize2fs 1>/dev/null 2>/dev/null || RESIZER=0
|
||||||
# Check for KDF auxiliary tools
|
# Check for KDF auxiliary tools
|
||||||
command -v tomb-kdb-pbkdf2 1>/dev/null 2>/dev/null || KDF=0
|
command -v tomb-kdb-pbkdf2 1>/dev/null 2>/dev/null || KDF=0
|
||||||
# Check for Swish-E file content indexer
|
# Check for Swish-E file content indexer
|
||||||
@ -926,7 +863,7 @@ get_lukskey() {
|
|||||||
# it against the return code of gpg on success returns 0 and saves
|
# it against the return code of gpg on success returns 0 and saves
|
||||||
# the password in the global variable $TOMBPASSWORD
|
# the password in the global variable $TOMBPASSWORD
|
||||||
ask_key_password() {
|
ask_key_password() {
|
||||||
[[ -z $TOMBKEYFILE ]] && {
|
[[ -z "$TOMBKEYFILE" ]] && {
|
||||||
_failure "Internal error: ask_key_password() called before _load_key()." }
|
_failure "Internal error: ask_key_password() called before _load_key()." }
|
||||||
|
|
||||||
[[ "$TOMBKEYFILE" = "cleartext" ]] && {
|
[[ "$TOMBKEYFILE" = "cleartext" ]] && {
|
||||||
@ -937,25 +874,24 @@ ask_key_password() {
|
|||||||
passok=0
|
passok=0
|
||||||
tombpass=""
|
tombpass=""
|
||||||
if [[ "$1" = "" ]]; then
|
if [[ "$1" = "" ]]; then
|
||||||
|
|
||||||
for c in 1 2 3; do
|
for c in 1 2 3; do
|
||||||
if [[ $c == 1 ]]; then
|
if [[ $c == 1 ]]; then
|
||||||
tombpass=$(exec_as_user ${TOMBEXEC} askpass \
|
tombpass=$(ask_password "Insert password to: $TOMBKEYFILE")
|
||||||
"Insert password to use key: $TOMBKEYFILE")
|
|
||||||
else
|
else
|
||||||
tombpass=$(exec_as_user ${TOMBEXEC} askpass \
|
tombpass=$(ask_password "Insert password to: $TOMBKEYFILE (attempt $c)")
|
||||||
"Insert password to use key: $TOMBKEYFILE (attempt $c)")
|
|
||||||
fi
|
fi
|
||||||
if [[ $? != 0 ]]; then
|
[[ $? = 0 ]] || {
|
||||||
_warning "User aborted password dialog."
|
_warning "User aborted password dialog."
|
||||||
return 1
|
return 1
|
||||||
fi
|
}
|
||||||
|
|
||||||
get_lukskey "$tombpass"
|
get_lukskey "$tombpass"
|
||||||
|
|
||||||
if [ $? = 0 ]; then
|
[[ $? = 0 ]] && {
|
||||||
passok=1; _message "Password OK."
|
passok=1; _message "Password OK."
|
||||||
break;
|
break;
|
||||||
fi
|
}
|
||||||
done
|
done
|
||||||
|
|
||||||
else
|
else
|
||||||
@ -965,8 +901,9 @@ ask_key_password() {
|
|||||||
|
|
||||||
get_lukskey "$tombpass"
|
get_lukskey "$tombpass"
|
||||||
|
|
||||||
if [ $? = 0 ]; then
|
[[ $? = 0 ]] && {
|
||||||
passok=1; _message "Password OK."; fi
|
passok=1; _message "Password OK."
|
||||||
|
}
|
||||||
|
|
||||||
fi
|
fi
|
||||||
# print the password out in case caller needs to know it
|
# print the password out in case caller needs to know it
|
||||||
@ -979,7 +916,7 @@ ask_key_password() {
|
|||||||
# call cryptsetup with arguments using the currently known secret
|
# call cryptsetup with arguments using the currently known secret
|
||||||
# echo flags eliminate newline and disable escape (BSD_ECHO)
|
# echo flags eliminate newline and disable escape (BSD_ECHO)
|
||||||
_cryptsetup() {
|
_cryptsetup() {
|
||||||
print -R -n - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
|
print -R -n - "$TOMBSECRET" | sudo cryptsetup --key-file - ${=@}
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1041,7 +978,7 @@ gen_key() {
|
|||||||
if [ "$1" = "" ]; then
|
if [ "$1" = "" ]; then
|
||||||
while true; do
|
while true; do
|
||||||
# 3 tries to write two times a matching password
|
# 3 tries to write two times a matching password
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key"`
|
tombpass=`ask_password "Type the new password to secure your key"`
|
||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
_failure "User aborted."
|
_failure "User aborted."
|
||||||
fi
|
fi
|
||||||
@ -1049,7 +986,7 @@ gen_key() {
|
|||||||
_failure "You set empty password, which is not possible."
|
_failure "You set empty password, which is not possible."
|
||||||
fi
|
fi
|
||||||
tombpasstmp=$tombpass
|
tombpasstmp=$tombpass
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key (again)"`
|
tombpass=`ask_password "Type the new password to secure your key (again)"`
|
||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
_failure "User aborted."
|
_failure "User aborted."
|
||||||
fi
|
fi
|
||||||
@ -1234,8 +1171,7 @@ exhume_key() {
|
|||||||
} || {
|
} || {
|
||||||
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
|
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
|
||||||
} || {
|
} || {
|
||||||
tombpass=$(exec_as_user ${TOMBEXEC} askpass \
|
tombpass=$(ask_password "Insert password to exhume key from $imagefile")
|
||||||
"Insert password to exhume key from $imagefile")
|
|
||||||
[[ $? != 0 ]] && {
|
[[ $? != 0 ]] && {
|
||||||
_warning "User aborted password dialog."
|
_warning "User aborted password dialog."
|
||||||
return 1
|
return 1
|
||||||
@ -1328,7 +1264,6 @@ dig_tomb() {
|
|||||||
# Ensure that file permissions are safe even if interrupted
|
# Ensure that file permissions are safe even if interrupted
|
||||||
touch $TOMBPATH
|
touch $TOMBPATH
|
||||||
chmod 0600 $TOMBPATH
|
chmod 0600 $TOMBPATH
|
||||||
chown $_UID:$_GID $TOMBPATH
|
|
||||||
|
|
||||||
_verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
|
_verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
|
||||||
${=DD} if=/dev/urandom bs=1048576 count=$tombsize of=$TOMBPATH
|
${=DD} if=/dev/urandom bs=1048576 count=$tombsize of=$TOMBPATH
|
||||||
@ -1403,7 +1338,6 @@ forge_key() {
|
|||||||
_message "(You can also change it later using 'tomb passwd'.)"
|
_message "(You can also change it later using 'tomb passwd'.)"
|
||||||
# _user_file $TOMBKEYFILE
|
# _user_file $TOMBKEYFILE
|
||||||
touch $TOMBKEYFILE
|
touch $TOMBKEYFILE
|
||||||
chown $_UID:$_GID $TOMBKEYFILE
|
|
||||||
chmod 0600 $TOMBKEYFILE
|
chmod 0600 $TOMBKEYFILE
|
||||||
|
|
||||||
tombname="$TOMBKEYFILE" # XXX ???
|
tombname="$TOMBKEYFILE" # XXX ???
|
||||||
@ -1425,7 +1359,7 @@ forge_key() {
|
|||||||
_warning "Dumping contents to screen:"
|
_warning "Dumping contents to screen:"
|
||||||
print "${mapfile[$TOMBKEY]}"
|
print "${mapfile[$TOMBKEY]}"
|
||||||
_warning "--"
|
_warning "--"
|
||||||
umount ${keytmp}
|
sudo umount ${keytmp}
|
||||||
rm -r $keytmp
|
rm -r $keytmp
|
||||||
_failure "Operation aborted."
|
_failure "Operation aborted."
|
||||||
}
|
}
|
||||||
@ -1467,7 +1401,7 @@ lock_tomb_with_key() {
|
|||||||
_verbose "Loop mounted on ::1 mount point::" $nstloop
|
_verbose "Loop mounted on ::1 mount point::" $nstloop
|
||||||
|
|
||||||
_message "Checking if the tomb is empty (we never step on somebody else's bones)."
|
_message "Checking if the tomb is empty (we never step on somebody else's bones)."
|
||||||
cryptsetup isLuks ${nstloop}
|
sudo cryptsetup isLuks ${nstloop}
|
||||||
if [ $? = 0 ]; then
|
if [ $? = 0 ]; then
|
||||||
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
||||||
_warning "The tomb was already locked with another key."
|
_warning "The tomb was already locked with another key."
|
||||||
@ -1521,7 +1455,7 @@ lock_tomb_with_key() {
|
|||||||
_warning "Your tomb ::1 tomb file:: may be corrupted." $TOMBFILE }
|
_warning "Your tomb ::1 tomb file:: may be corrupted." $TOMBFILE }
|
||||||
|
|
||||||
# Sync
|
# Sync
|
||||||
cryptsetup luksClose tomb.tmp
|
sudo cryptsetup luksClose tomb.tmp
|
||||||
|
|
||||||
_message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher
|
_message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher
|
||||||
_success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \
|
_success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \
|
||||||
@ -1547,7 +1481,7 @@ change_tomb_key() {
|
|||||||
|
|
||||||
lo_mount $TOMBPATH
|
lo_mount $TOMBPATH
|
||||||
nstloop=`lo_new`
|
nstloop=`lo_new`
|
||||||
cryptsetup isLuks ${nstloop}
|
sudo cryptsetup isLuks ${nstloop}
|
||||||
# is it a LUKS encrypted nest? we check one more time
|
# is it a LUKS encrypted nest? we check one more time
|
||||||
[[ $? == 0 ]] || {
|
[[ $? == 0 ]] || {
|
||||||
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
|
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
|
||||||
@ -1579,7 +1513,7 @@ change_tomb_key() {
|
|||||||
old_secret=$TOMBSECRET
|
old_secret=$TOMBSECRET
|
||||||
|
|
||||||
# luksOpen the tomb (not really mounting, just on the loopback)
|
# luksOpen the tomb (not really mounting, just on the loopback)
|
||||||
cryptsetup --key-file <(print -R -n - "$old_secret") \
|
print -R -n - "$old_secret" | sudo cryptsetup --key-file - \
|
||||||
luksOpen ${nstloop} ${mapper}
|
luksOpen ${nstloop} ${mapper}
|
||||||
[[ $? == 0 ]] || _failure "Unexpected error in luksOpen."
|
[[ $? == 0 ]] || _failure "Unexpected error in luksOpen."
|
||||||
|
|
||||||
@ -1596,14 +1530,17 @@ change_tomb_key() {
|
|||||||
fi
|
fi
|
||||||
[[ $? == 0 ]] || {
|
[[ $? == 0 ]] || {
|
||||||
_failure "No valid password supplied for the new key." }
|
_failure "No valid password supplied for the new key." }
|
||||||
new_secret=$TOMBSECRET
|
|
||||||
|
|
||||||
cryptsetup --key-file <(print -R -n - "$old_secret") \
|
_tmp_create
|
||||||
luksChangeKey "$nstloop" <(print -R -n - "$new_secret")
|
tmpnewkey=$TOMBTMP
|
||||||
|
print -R -n - "$TOMBSECRET" >> $tmpnewkey
|
||||||
|
|
||||||
|
print -R -n - "$old_secret" | sudo cryptsetup --key-file - \
|
||||||
|
luksChangeKey "$nstloop" "$tmpnewkey"
|
||||||
|
|
||||||
[[ $? == 0 ]] || _failure "Unexpected error in luksChangeKey."
|
[[ $? == 0 ]] || _failure "Unexpected error in luksChangeKey."
|
||||||
|
|
||||||
cryptsetup luksClose "${mapper}" || _failure "Unexpected error in luksClose."
|
sudo cryptsetup luksClose "${mapper}" || _failure "Unexpected error in luksClose."
|
||||||
|
|
||||||
_success "Succesfully changed key for tomb: ::1 tomb file::" $TOMBFILE
|
_success "Succesfully changed key for tomb: ::1 tomb file::" $TOMBFILE
|
||||||
_message "The new key is: ::1 new key::" $TOMBKEYFILE
|
_message "The new key is: ::1 new key::" $TOMBKEYFILE
|
||||||
@ -1651,13 +1588,13 @@ mount_tomb() {
|
|||||||
lo_mount $TOMBPATH
|
lo_mount $TOMBPATH
|
||||||
nstloop=`lo_new`
|
nstloop=`lo_new`
|
||||||
|
|
||||||
cryptsetup isLuks ${nstloop} || {
|
sudo cryptsetup isLuks ${nstloop} || {
|
||||||
# is it a LUKS encrypted nest? see cryptsetup(1)
|
# is it a LUKS encrypted nest? see cryptsetup(1)
|
||||||
_failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
|
_failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
|
||||||
|
|
||||||
_message "This tomb is a valid LUKS encrypted device."
|
_message "This tomb is a valid LUKS encrypted device."
|
||||||
|
|
||||||
luksdump="`cryptsetup luksDump ${nstloop}`"
|
luksdump="`sudo cryptsetup luksDump ${nstloop}`"
|
||||||
tombdump=(`print $luksdump | awk '
|
tombdump=(`print $luksdump | awk '
|
||||||
/^Cipher name/ {print $3}
|
/^Cipher name/ {print $3}
|
||||||
/^Cipher mode/ {print $3}
|
/^Cipher mode/ {print $3}
|
||||||
@ -1692,15 +1629,14 @@ mount_tomb() {
|
|||||||
[[ $? == 0 ]] || _failure "No valid password supplied."
|
[[ $? == 0 ]] || _failure "No valid password supplied."
|
||||||
|
|
||||||
_cryptsetup luksOpen ${nstloop} ${mapper}
|
_cryptsetup luksOpen ${nstloop} ${mapper}
|
||||||
|
[[ $? = 0 ]] || {
|
||||||
[[ -r /dev/mapper/${mapper} ]] || {
|
|
||||||
_failure "Failure mounting the encrypted file." }
|
_failure "Failure mounting the encrypted file." }
|
||||||
|
|
||||||
# preserve the loopdev after exit
|
# preserve the loopdev after exit
|
||||||
lo_preserve "$nstloop"
|
lo_preserve "$nstloop"
|
||||||
|
|
||||||
# array: [ cipher, keysize, loopdevice ]
|
# array: [ cipher, keysize, loopdevice ]
|
||||||
tombstat=(`cryptsetup status ${mapper} | awk '
|
tombstat=(`sudo cryptsetup status ${mapper} | awk '
|
||||||
/cipher:/ {print $2}
|
/cipher:/ {print $2}
|
||||||
/keysize:/ {print $2}
|
/keysize:/ {print $2}
|
||||||
/device:/ {print $2}'`)
|
/device:/ {print $2}'`)
|
||||||
@ -1708,17 +1644,17 @@ mount_tomb() {
|
|||||||
_verbose "Key size is ::1 size:: for cipher ::2 cipher::" $tombstat[2] $tombstat[1]
|
_verbose "Key size is ::1 size:: for cipher ::2 cipher::" $tombstat[2] $tombstat[1]
|
||||||
|
|
||||||
_message "Checking filesystem via ::1::" $tombstat[3]
|
_message "Checking filesystem via ::1::" $tombstat[3]
|
||||||
fsck -p -C0 /dev/mapper/${mapper}
|
sudo fsck -p -C0 /dev/mapper/${mapper}
|
||||||
_verbose "Tomb engraved as ::1 tomb name::" $TOMBNAME
|
_verbose "Tomb engraved as ::1 tomb name::" $TOMBNAME
|
||||||
tune2fs -L $TOMBNAME /dev/mapper/${mapper} > /dev/null
|
sudo tune2fs -L $TOMBNAME /dev/mapper/${mapper} > /dev/null
|
||||||
|
|
||||||
# we need root from here on
|
# we need root from here on
|
||||||
mkdir -p $tombmount
|
sudo mkdir -p $tombmount
|
||||||
|
|
||||||
mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount}
|
sudo mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount}
|
||||||
|
|
||||||
chown $_UID:$_GID ${tombmount}
|
sudo chown $UID:$GID ${tombmount}
|
||||||
chmod 0711 ${tombmount}
|
sudo chmod 0711 ${tombmount}
|
||||||
|
|
||||||
_success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount
|
_success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount
|
||||||
|
|
||||||
@ -1817,7 +1753,7 @@ exec_safe_bind_hooks() {
|
|||||||
|
|
||||||
[[ "${${maps[$dir]}[1]}" == "/" || "${${maps[$dir]}[1,2]}" == ".." ]] && {
|
[[ "${${maps[$dir]}[1]}" == "/" || "${${maps[$dir]}[1,2]}" == ".." ]] && {
|
||||||
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
|
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
|
||||||
for dir in ${mounted}; do umount $dir; done
|
for dir in ${mounted}; do sudo umount $dir; done
|
||||||
return 1 }
|
return 1 }
|
||||||
|
|
||||||
if [[ ! -r "$HOME/${maps[$dir]}" ]]; then
|
if [[ ! -r "$HOME/${maps[$dir]}" ]]; then
|
||||||
@ -1825,7 +1761,7 @@ exec_safe_bind_hooks() {
|
|||||||
elif [[ ! -r "$mnt/$dir" ]]; then
|
elif [[ ! -r "$mnt/$dir" ]]; then
|
||||||
_warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir
|
_warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir
|
||||||
else
|
else
|
||||||
mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \
|
sudo mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \
|
||||||
&& mounted+=("$HOME/${maps[$dir]}")
|
&& mounted+=("$HOME/${maps[$dir]}")
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@ -1852,7 +1788,7 @@ exec_safe_post_hooks() {
|
|||||||
cat $mnt/post-hooks | head -n1 | grep '^#!\s*/' &> /dev/null
|
cat $mnt/post-hooks | head -n1 | grep '^#!\s*/' &> /dev/null
|
||||||
[[ $? == 0 ]] && {
|
[[ $? == 0 ]] && {
|
||||||
_success "Post hooks found, executing as user ::1 user name::." $USERNAME
|
_success "Post hooks found, executing as user ::1 user name::." $USERNAME
|
||||||
exec_as_user $mnt/post-hooks $act $mnt
|
$mnt/post-hooks $act $mnt
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2230,24 +2166,20 @@ resize_tomb() {
|
|||||||
mapdate=`date +%s`
|
mapdate=`date +%s`
|
||||||
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
|
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
|
||||||
|
|
||||||
_cryptsetup luksOpen ${nstloop} ${mapper}
|
_cryptsetup luksOpen ${nstloop} ${mapper} || {
|
||||||
|
|
||||||
[[ -r /dev/mapper/${mapper} ]] || {
|
|
||||||
_failure "Failure mounting the encrypted file." }
|
_failure "Failure mounting the encrypted file." }
|
||||||
|
|
||||||
cryptsetup resize "${mapper}" || {
|
sudo cryptsetup resize "${mapper}" || {
|
||||||
_failure "cryptsetup failed to resize ::1 mapper::" $mapper }
|
_failure "cryptsetup failed to resize ::1 mapper::" $mapper }
|
||||||
|
|
||||||
e2fsck -p -f /dev/mapper/${mapper} || {
|
sudo e2fsck -p -f /dev/mapper/${mapper} || {
|
||||||
_failure "e2fsck failed to check ::1 mapper::" $mapper }
|
_failure "e2fsck failed to check ::1 mapper::" $mapper }
|
||||||
|
|
||||||
resize2fs /dev/mapper/${mapper} || {
|
sudo resize2fs /dev/mapper/${mapper} || {
|
||||||
_failure "resize2fs failed to resize ::1 mapper::" $mapper }
|
_failure "resize2fs failed to resize ::1 mapper::" $mapper }
|
||||||
|
|
||||||
sleep 1 # needs to settle a bit
|
|
||||||
|
|
||||||
# close and free the loop device
|
# close and free the loop device
|
||||||
cryptsetup luksClose "${mapper}"
|
sudo cryptsetup luksClose "${mapper}"
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -2308,7 +2240,7 @@ umount_tomb() {
|
|||||||
bind_mapper="${b[(ws:;:)1]}"
|
bind_mapper="${b[(ws:;:)1]}"
|
||||||
bind_mount="${b[(ws:;:)2]}"
|
bind_mount="${b[(ws:;:)2]}"
|
||||||
_message "Closing tomb bind hook: ::1 hook::" $bind_mount
|
_message "Closing tomb bind hook: ::1 hook::" $bind_mount
|
||||||
umount $bind_mount || {
|
sudo umount $bind_mount || {
|
||||||
[[ -n $SLAM ]] && {
|
[[ -n $SLAM ]] && {
|
||||||
_success "Slamming tomb: killing all processes using this hook."
|
_success "Slamming tomb: killing all processes using this hook."
|
||||||
slam_tomb "$bind_mount"
|
slam_tomb "$bind_mount"
|
||||||
@ -2325,18 +2257,18 @@ umount_tomb() {
|
|||||||
exec_safe_post_hooks ${tombmount%%/} close }
|
exec_safe_post_hooks ${tombmount%%/} close }
|
||||||
|
|
||||||
_verbose "Performing umount of ::1 mount point::" $tombmount
|
_verbose "Performing umount of ::1 mount point::" $tombmount
|
||||||
umount ${tombmount}
|
sudo umount ${tombmount}
|
||||||
[[ $? = 0 ]] || { _warning "Tomb is busy, cannot umount!"; return 1 }
|
[[ $? = 0 ]] || { _warning "Tomb is busy, cannot umount!"; return 1 }
|
||||||
|
|
||||||
# If we used a default mountpoint and is now empty, delete it
|
# If we used a default mountpoint and is now empty, delete it
|
||||||
[[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount }
|
[[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount }
|
||||||
|
|
||||||
cryptsetup luksClose $mapper
|
sudo cryptsetup luksClose $mapper
|
||||||
[[ $? == 0 ]] || {
|
[[ $? == 0 ]] || {
|
||||||
_failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
|
_failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
|
||||||
|
|
||||||
# Normally the loopback device is detached when unused
|
# Normally the loopback device is detached when unused
|
||||||
[[ -e "/dev/$tombloop" ]] && losetup -d "/dev/$tombloop"
|
[[ -e "/dev/$tombloop" ]] && sudo losetup -d "/dev/$tombloop"
|
||||||
[[ $? = 0 ]] || {
|
[[ $? = 0 ]] || {
|
||||||
_verbose "/dev/$tombloop was already closed." }
|
_verbose "/dev/$tombloop was already closed." }
|
||||||
|
|
||||||
@ -2404,19 +2336,19 @@ main() {
|
|||||||
#
|
#
|
||||||
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe)
|
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe)
|
||||||
subcommands_opts[__default]=""
|
subcommands_opts[__default]=""
|
||||||
subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -sudo-pwd: -tomb-pwd: "
|
subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: "
|
||||||
subcommands_opts[mount]=${subcommands_opts[open]}
|
subcommands_opts[mount]=${subcommands_opts[open]}
|
||||||
|
|
||||||
subcommands_opts[create]="" # deprecated, will issue warning
|
subcommands_opts[create]="" # deprecated, will issue warning
|
||||||
|
|
||||||
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom "
|
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom "
|
||||||
subcommands_opts[dig]="-ignore-swap s: -size=s "
|
subcommands_opts[dig]="-ignore-swap s: -size=s "
|
||||||
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -sudo-pwd: -tomb-pwd: "
|
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: "
|
||||||
subcommands_opts[setkey]="k: -ignore-swap -kdf: -sudo-pwd: -tomb-old-pwd: -tomb-pwd: "
|
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
||||||
subcommands_opts[engrave]="k: "
|
subcommands_opts[engrave]="k: "
|
||||||
|
|
||||||
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
||||||
subcommands_opts[close]="-sudo-pwd: "
|
subcommands_opts[close]=""
|
||||||
subcommands_opts[help]=""
|
subcommands_opts[help]=""
|
||||||
subcommands_opts[slam]=""
|
subcommands_opts[slam]=""
|
||||||
subcommands_opts[list]="-get-mountpoint "
|
subcommands_opts[list]="-get-mountpoint "
|
||||||
@ -2506,7 +2438,7 @@ main() {
|
|||||||
{ ! option_is_set --no-color } && { autoload -Uz colors && colors }
|
{ ! option_is_set --no-color } && { autoload -Uz colors && colors }
|
||||||
# Some options are only available during insecure mode
|
# Some options are only available during insecure mode
|
||||||
{ ! option_is_set --unsafe } && {
|
{ ! option_is_set --unsafe } && {
|
||||||
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
for opt in --tomb-pwd --use-urandom --tomb-old-pwd; do
|
||||||
{ option_is_set $opt } && {
|
{ option_is_set $opt } && {
|
||||||
exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt }
|
exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt }
|
||||||
done
|
done
|
||||||
@ -2549,32 +2481,27 @@ main() {
|
|||||||
|
|
||||||
# CREATE Step 1: dig -s NN file.tomb
|
# CREATE Step 1: dig -s NN file.tomb
|
||||||
dig)
|
dig)
|
||||||
check_priv
|
|
||||||
dig_tomb ${=PARAM}
|
dig_tomb ${=PARAM}
|
||||||
;;
|
;;
|
||||||
|
|
||||||
# CREATE Step 2: forge file.tomb.key
|
# CREATE Step 2: forge file.tomb.key
|
||||||
forge)
|
forge)
|
||||||
check_priv
|
|
||||||
forge_key ${=PARAM}
|
forge_key ${=PARAM}
|
||||||
;;
|
;;
|
||||||
|
|
||||||
# CREATE Step 2: lock -k file.tomb.key file.tomb
|
# CREATE Step 2: lock -k file.tomb.key file.tomb
|
||||||
lock)
|
lock)
|
||||||
check_priv
|
|
||||||
lock_tomb_with_key ${=PARAM}
|
lock_tomb_with_key ${=PARAM}
|
||||||
;;
|
;;
|
||||||
|
|
||||||
# Open the tomb
|
# Open the tomb
|
||||||
mount|open)
|
mount|open)
|
||||||
check_priv
|
|
||||||
mount_tomb $PARAM[1] $PARAM[2]
|
mount_tomb $PARAM[1] $PARAM[2]
|
||||||
;;
|
;;
|
||||||
|
|
||||||
# Close the tomb
|
# Close the tomb
|
||||||
# `slam` is used to force closing.
|
# `slam` is used to force closing.
|
||||||
umount|close|slam)
|
umount|close|slam)
|
||||||
check_priv
|
|
||||||
[[ "$subcommand" == "slam" ]] && SLAM=1
|
[[ "$subcommand" == "slam" ]] && SLAM=1
|
||||||
umount_tomb $PARAM[1]
|
umount_tomb $PARAM[1]
|
||||||
;;
|
;;
|
||||||
@ -2583,7 +2510,6 @@ main() {
|
|||||||
resize)
|
resize)
|
||||||
[[ $RESIZER == 0 ]] && {
|
[[ $RESIZER == 0 ]] && {
|
||||||
_failure "Resize2fs not installed: cannot resize tombs." }
|
_failure "Resize2fs not installed: cannot resize tombs." }
|
||||||
check_priv
|
|
||||||
resize_tomb $PARAM[1]
|
resize_tomb $PARAM[1]
|
||||||
;;
|
;;
|
||||||
|
|
||||||
@ -2615,13 +2541,11 @@ main() {
|
|||||||
|
|
||||||
# Change password on existing key
|
# Change password on existing key
|
||||||
passwd)
|
passwd)
|
||||||
check_priv
|
|
||||||
change_passwd $PARAM[1]
|
change_passwd $PARAM[1]
|
||||||
;;
|
;;
|
||||||
|
|
||||||
# Change tomb key
|
# Change tomb key
|
||||||
setkey)
|
setkey)
|
||||||
check_priv
|
|
||||||
change_tomb_key ${=PARAM}
|
change_tomb_key ${=PARAM}
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user