From 61386ca64659af44eaefb645b4d0a7db4f03b667 Mon Sep 17 00:00:00 2001
From: heat-wave <allpicksucks@gmail.com>
Date: Wed, 7 Apr 2021 18:20:12 +0100
Subject: [PATCH] Support for sudo alternatives such as doas

---
 extras/test/00_create.sh     | 26 +++++++++++++++++++-------
 extras/test/10_operations.sh |  7 +++++++
 extras/test/Dockerfile       |  4 +++-
 extras/test/doas.conf        | 19 +++++++++++++++++++
 extras/test/setup            |  1 +
 tomb                         | 21 +++++++++++++--------
 6 files changed, 62 insertions(+), 16 deletions(-)
 create mode 100644 extras/test/doas.conf

diff --git a/extras/test/00_create.sh b/extras/test/00_create.sh
index 85b9111..b610300 100644
--- a/extras/test/00_create.sh
+++ b/extras/test/00_create.sh
@@ -18,13 +18,25 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' '
 if test_have_prereq SPHINX ORACLE; then
 	test_export "sphinx_test"
 	test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' '
-    tt_dig -s 20 &&
-    tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
-    print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
-        | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
-        | hexdump -C &&
-    tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
-    '
+        tt_dig -s 20 &&
+        tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
+        print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
+            | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
+            | hexdump -C &&
+        tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
+        '
+fi
+
+if test_have_prereq DOAS; then
+    test_export "doas_test"
+    test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' '
+        tt_dig --sudo doas -s 20 &&
+        tt_forge --sudo doas --tomb-pwd $DUMMYPASS &&
+        print $DUMMYPASS \
+            | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
+            | hexdump -C &&
+        tt_lock --sudo doas --tomb-pwd $DUMMYPASS
+        '
 fi
 
 test_done
diff --git a/extras/test/10_operations.sh b/extras/test/10_operations.sh
index 7655b86..a5ce560 100644
--- a/extras/test/10_operations.sh
+++ b/extras/test/10_operations.sh
@@ -52,5 +52,12 @@ if test_have_prereq SPHINX ORACLE; then
         '
 fi
 
+if test_have_prereq DOAS; then
+    test_export "doas_test" # Using already generated tomb
+    test_expect_success 'Testing open with good password (using doas instead of sudo)' '
+        tt_open --sudo doas --tomb-pwd $DUMMYPASS &&
+        tt_close
+        '
+fi
 
 test_done
diff --git a/extras/test/Dockerfile b/extras/test/Dockerfile
index f272e6a..abbca45 100644
--- a/extras/test/Dockerfile
+++ b/extras/test/Dockerfile
@@ -3,7 +3,7 @@ FROM dyne/devuan:beowulf
 RUN echo "deb http://deb.devuan.org/merged chimaera main" >> /etc/apt/sources.list
 RUN apt-get update -y -q --allow-releaseinfo-change
 RUN apt-get install -y -q -t beowulf zsh cryptsetup gawk libgcrypt20-dev steghide qrencode python python2.7 python3-pip python3-dev libssl-dev make gcc g++ sudo gettext file bsdmainutils
-RUN apt-get install -y -q -t chimaera libsodium23 libsodium-dev
+RUN apt-get install -y -q -t chimaera libsodium23 libsodium-dev doas
 RUN pip3 install setuptools wheel
 
 COPY . /Tomb/
@@ -11,6 +11,8 @@ COPY . /Tomb/
 WORKDIR /Tomb/extras
 RUN ./install_sphinx.sh
 
+COPY extras/test/doas.conf /etc/doas.conf
+
 WORKDIR /Tomb
 RUN make --directory=extras/kdf-keys
 RUN make --directory=extras/kdf-keys install
diff --git a/extras/test/doas.conf b/extras/test/doas.conf
new file mode 100644
index 0000000..51bf31a
--- /dev/null
+++ b/extras/test/doas.conf
@@ -0,0 +1,19 @@
+permit nopass root cmd losetup
+permit nopass root cmd lsblk
+permit nopass root cmd mkfs.ext3
+permit nopass root cmd mkfs.ext4
+permit nopass root cmd mkfs.btrfs
+permit nopass root cmd touch
+permit nopass root cmd fsck
+permit nopass root cmd btrfs
+permit nopass root cmd tune2fs
+permit nopass root cmd mkdir
+permit nopass root cmd mount
+permit nopass root cmd rmdir
+permit nopass root cmd chown
+permit nopass root cmd umount
+permit nopass root cmd findmnd
+permit nopass root cmd e2fsck
+permit nopass root cmd resize2fs
+permit nopass root cmd lsof
+permit nopass root cmd kill
\ No newline at end of file
diff --git a/extras/test/setup b/extras/test/setup
index ef43fd8..ba03251 100755
--- a/extras/test/setup
+++ b/extras/test/setup
@@ -57,6 +57,7 @@ command -v cloakify > /dev/null && test_set_prereq CLOAKIFY
 command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY
 command -v sphinx > /dev/null && test_set_prereq SPHINX
 command -v oracle > /dev/null && test_set_prereq ORACLE
+command -v doas > /dev/null && test_set_prereq DOAS
 
 
 # GnuPG config
diff --git a/tomb b/tomb
index 2546e51..55e08ee 100755
--- a/tomb
+++ b/tomb
@@ -110,16 +110,20 @@ export TEXTDOMAIN=tomb
 
 # {{{ Safety functions
 
-# Wrap sudo with a more visible message
+# Wrap sudo with a more visible message or apply user-supplied alternative to sudo
 _sudo() {
-	local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
-	command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
-	msg=${(S)msg//::1*::/$USER}
-	sudo -p "
+	if option_is_set --sudo; then
+		$(option_value --sudo) ${@};
+	else
+		local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
+		command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
+		msg=${(S)msg//::1*::/$USER}
+		sudo -p "
 $msg
 
 " ${@}
-}
+	fi
+	}
 
 # Cleanup anything sensitive before exiting.
 _endgame() {
@@ -287,7 +291,7 @@ _is_encrypted_block() {
 	lsblk --help | grep -Fq -- --inverse
 	[[ $? -eq 0 ]] && s="--inverse"
 
-	sudo lsblk $s -o type -n $b 2>/dev/null \
+	_sudo lsblk $s -o type -n $b 2>/dev/null \
 		| egrep -q '^crypt$'
 
 	return $?
@@ -710,6 +714,7 @@ usage() {
 	_print " -g           use a GnuPG key to encrypt a tomb key"
 	_print " -r           provide GnuPG recipients (separated by comma)"
 	_print " -R           provide GnuPG hidden recipients (separated by comma)"
+	_print " --sudo       alternative to sudo such as doas (command or absolute path)"
 
 	[[ $SPHINX == 1 ]] && {
 		_print " --sphx-user  user associated with the key (for use with pitchforkedsphinx)"
@@ -3127,7 +3132,7 @@ main() {
 	# can only use the non-abbreviated long-option version like:
 	# -force and NOT -f
 	#
-	main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
+	main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g -sudo)
 	subcommands_opts[__default]=""
 	# -o in open and mount is used to pass alternate mount options
 	subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: R: -sphx-host: -sphx-user: p -preserve-ownership=p"