Support for sudo alternatives such as doas

This commit is contained in:
heat-wave 2021-04-07 18:20:12 +01:00 committed by Denis Roio
parent ae21619d04
commit 61386ca646
6 changed files with 62 additions and 16 deletions

View File

@ -18,13 +18,25 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' '
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test"
test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' '
tt_dig -s 20 &&
tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
| hexdump -C &&
tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
tt_dig -s 20 &&
tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
| hexdump -C &&
tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
fi
if test_have_prereq DOAS; then
test_export "doas_test"
test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' '
tt_dig --sudo doas -s 20 &&
tt_forge --sudo doas --tomb-pwd $DUMMYPASS &&
print $DUMMYPASS \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
| hexdump -C &&
tt_lock --sudo doas --tomb-pwd $DUMMYPASS
'
fi
test_done

View File

@ -52,5 +52,12 @@ if test_have_prereq SPHINX ORACLE; then
'
fi
if test_have_prereq DOAS; then
test_export "doas_test" # Using already generated tomb
test_expect_success 'Testing open with good password (using doas instead of sudo)' '
tt_open --sudo doas --tomb-pwd $DUMMYPASS &&
tt_close
'
fi
test_done

View File

@ -3,7 +3,7 @@ FROM dyne/devuan:beowulf
RUN echo "deb http://deb.devuan.org/merged chimaera main" >> /etc/apt/sources.list
RUN apt-get update -y -q --allow-releaseinfo-change
RUN apt-get install -y -q -t beowulf zsh cryptsetup gawk libgcrypt20-dev steghide qrencode python python2.7 python3-pip python3-dev libssl-dev make gcc g++ sudo gettext file bsdmainutils
RUN apt-get install -y -q -t chimaera libsodium23 libsodium-dev
RUN apt-get install -y -q -t chimaera libsodium23 libsodium-dev doas
RUN pip3 install setuptools wheel
COPY . /Tomb/
@ -11,6 +11,8 @@ COPY . /Tomb/
WORKDIR /Tomb/extras
RUN ./install_sphinx.sh
COPY extras/test/doas.conf /etc/doas.conf
WORKDIR /Tomb
RUN make --directory=extras/kdf-keys
RUN make --directory=extras/kdf-keys install

19
extras/test/doas.conf Normal file
View File

@ -0,0 +1,19 @@
permit nopass root cmd losetup
permit nopass root cmd lsblk
permit nopass root cmd mkfs.ext3
permit nopass root cmd mkfs.ext4
permit nopass root cmd mkfs.btrfs
permit nopass root cmd touch
permit nopass root cmd fsck
permit nopass root cmd btrfs
permit nopass root cmd tune2fs
permit nopass root cmd mkdir
permit nopass root cmd mount
permit nopass root cmd rmdir
permit nopass root cmd chown
permit nopass root cmd umount
permit nopass root cmd findmnd
permit nopass root cmd e2fsck
permit nopass root cmd resize2fs
permit nopass root cmd lsof
permit nopass root cmd kill

View File

@ -57,6 +57,7 @@ command -v cloakify > /dev/null && test_set_prereq CLOAKIFY
command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY
command -v sphinx > /dev/null && test_set_prereq SPHINX
command -v oracle > /dev/null && test_set_prereq ORACLE
command -v doas > /dev/null && test_set_prereq DOAS
# GnuPG config

21
tomb
View File

@ -110,16 +110,20 @@ export TEXTDOMAIN=tomb
# {{{ Safety functions
# Wrap sudo with a more visible message
# Wrap sudo with a more visible message or apply user-supplied alternative to sudo
_sudo() {
local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
msg=${(S)msg//::1*::/$USER}
sudo -p "
if option_is_set --sudo; then
$(option_value --sudo) ${@};
else
local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
msg=${(S)msg//::1*::/$USER}
sudo -p "
$msg
" ${@}
}
fi
}
# Cleanup anything sensitive before exiting.
_endgame() {
@ -287,7 +291,7 @@ _is_encrypted_block() {
lsblk --help | grep -Fq -- --inverse
[[ $? -eq 0 ]] && s="--inverse"
sudo lsblk $s -o type -n $b 2>/dev/null \
_sudo lsblk $s -o type -n $b 2>/dev/null \
| egrep -q '^crypt$'
return $?
@ -710,6 +714,7 @@ usage() {
_print " -g use a GnuPG key to encrypt a tomb key"
_print " -r provide GnuPG recipients (separated by comma)"
_print " -R provide GnuPG hidden recipients (separated by comma)"
_print " --sudo alternative to sudo such as doas (command or absolute path)"
[[ $SPHINX == 1 ]] && {
_print " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
@ -3127,7 +3132,7 @@ main() {
# can only use the non-abbreviated long-option version like:
# -force and NOT -f
#
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g -sudo)
subcommands_opts[__default]=""
# -o in open and mount is used to pass alternate mount options
subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: R: -sphx-host: -sphx-user: p -preserve-ownership=p"