From 61386ca64659af44eaefb645b4d0a7db4f03b667 Mon Sep 17 00:00:00 2001 From: heat-wave Date: Wed, 7 Apr 2021 18:20:12 +0100 Subject: [PATCH] Support for sudo alternatives such as doas --- extras/test/00_create.sh | 26 +++++++++++++++++++------- extras/test/10_operations.sh | 7 +++++++ extras/test/Dockerfile | 4 +++- extras/test/doas.conf | 19 +++++++++++++++++++ extras/test/setup | 1 + tomb | 21 +++++++++++++-------- 6 files changed, 62 insertions(+), 16 deletions(-) create mode 100644 extras/test/doas.conf diff --git a/extras/test/00_create.sh b/extras/test/00_create.sh index 85b9111..b610300 100644 --- a/extras/test/00_create.sh +++ b/extras/test/00_create.sh @@ -18,13 +18,25 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' ' if test_have_prereq SPHINX ORACLE; then test_export "sphinx_test" test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' ' - tt_dig -s 20 && - tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && - print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \ - | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \ - | hexdump -C && - tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST - ' + tt_dig -s 20 && + tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && + print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \ + | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \ + | hexdump -C && + tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST + ' +fi + +if test_have_prereq DOAS; then + test_export "doas_test" + test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' ' + tt_dig --sudo doas -s 20 && + tt_forge --sudo doas --tomb-pwd $DUMMYPASS && + print $DUMMYPASS \ + | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \ + | hexdump -C && + tt_lock --sudo doas --tomb-pwd $DUMMYPASS + ' fi test_done diff --git a/extras/test/10_operations.sh b/extras/test/10_operations.sh index 7655b86..a5ce560 100644 --- a/extras/test/10_operations.sh +++ b/extras/test/10_operations.sh @@ -52,5 +52,12 @@ if test_have_prereq SPHINX ORACLE; then ' fi +if test_have_prereq DOAS; then + test_export "doas_test" # Using already generated tomb + test_expect_success 'Testing open with good password (using doas instead of sudo)' ' + tt_open --sudo doas --tomb-pwd $DUMMYPASS && + tt_close + ' +fi test_done diff --git a/extras/test/Dockerfile b/extras/test/Dockerfile index f272e6a..abbca45 100644 --- a/extras/test/Dockerfile +++ b/extras/test/Dockerfile @@ -3,7 +3,7 @@ FROM dyne/devuan:beowulf RUN echo "deb http://deb.devuan.org/merged chimaera main" >> /etc/apt/sources.list RUN apt-get update -y -q --allow-releaseinfo-change RUN apt-get install -y -q -t beowulf zsh cryptsetup gawk libgcrypt20-dev steghide qrencode python python2.7 python3-pip python3-dev libssl-dev make gcc g++ sudo gettext file bsdmainutils -RUN apt-get install -y -q -t chimaera libsodium23 libsodium-dev +RUN apt-get install -y -q -t chimaera libsodium23 libsodium-dev doas RUN pip3 install setuptools wheel COPY . /Tomb/ @@ -11,6 +11,8 @@ COPY . /Tomb/ WORKDIR /Tomb/extras RUN ./install_sphinx.sh +COPY extras/test/doas.conf /etc/doas.conf + WORKDIR /Tomb RUN make --directory=extras/kdf-keys RUN make --directory=extras/kdf-keys install diff --git a/extras/test/doas.conf b/extras/test/doas.conf new file mode 100644 index 0000000..51bf31a --- /dev/null +++ b/extras/test/doas.conf @@ -0,0 +1,19 @@ +permit nopass root cmd losetup +permit nopass root cmd lsblk +permit nopass root cmd mkfs.ext3 +permit nopass root cmd mkfs.ext4 +permit nopass root cmd mkfs.btrfs +permit nopass root cmd touch +permit nopass root cmd fsck +permit nopass root cmd btrfs +permit nopass root cmd tune2fs +permit nopass root cmd mkdir +permit nopass root cmd mount +permit nopass root cmd rmdir +permit nopass root cmd chown +permit nopass root cmd umount +permit nopass root cmd findmnd +permit nopass root cmd e2fsck +permit nopass root cmd resize2fs +permit nopass root cmd lsof +permit nopass root cmd kill \ No newline at end of file diff --git a/extras/test/setup b/extras/test/setup index ef43fd8..ba03251 100755 --- a/extras/test/setup +++ b/extras/test/setup @@ -57,6 +57,7 @@ command -v cloakify > /dev/null && test_set_prereq CLOAKIFY command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY command -v sphinx > /dev/null && test_set_prereq SPHINX command -v oracle > /dev/null && test_set_prereq ORACLE +command -v doas > /dev/null && test_set_prereq DOAS # GnuPG config diff --git a/tomb b/tomb index 2546e51..55e08ee 100755 --- a/tomb +++ b/tomb @@ -110,16 +110,20 @@ export TEXTDOMAIN=tomb # {{{ Safety functions -# Wrap sudo with a more visible message +# Wrap sudo with a more visible message or apply user-supplied alternative to sudo _sudo() { - local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges" - command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")" - msg=${(S)msg//::1*::/$USER} - sudo -p " + if option_is_set --sudo; then + $(option_value --sudo) ${@}; + else + local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges" + command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")" + msg=${(S)msg//::1*::/$USER} + sudo -p " $msg " ${@} -} + fi + } # Cleanup anything sensitive before exiting. _endgame() { @@ -287,7 +291,7 @@ _is_encrypted_block() { lsblk --help | grep -Fq -- --inverse [[ $? -eq 0 ]] && s="--inverse" - sudo lsblk $s -o type -n $b 2>/dev/null \ + _sudo lsblk $s -o type -n $b 2>/dev/null \ | egrep -q '^crypt$' return $? @@ -710,6 +714,7 @@ usage() { _print " -g use a GnuPG key to encrypt a tomb key" _print " -r provide GnuPG recipients (separated by comma)" _print " -R provide GnuPG hidden recipients (separated by comma)" + _print " --sudo alternative to sudo such as doas (command or absolute path)" [[ $SPHINX == 1 ]] && { _print " --sphx-user user associated with the key (for use with pitchforkedsphinx)" @@ -3127,7 +3132,7 @@ main() { # can only use the non-abbreviated long-option version like: # -force and NOT -f # - main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g) + main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g -sudo) subcommands_opts[__default]="" # -o in open and mount is used to pass alternate mount options subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: R: -sphx-host: -sphx-user: p -preserve-ownership=p"