fixes to --tomb-pwd and new test script

This commit is contained in:
Jaromil 2013-06-12 00:03:36 +02:00
parent 61362ce34e
commit 8f9e9f9d2a
3 changed files with 73 additions and 30 deletions

View File

@ -0,0 +1,48 @@
#/usr/bin/env zsh
T="../../tomb"
source utils.sh
rm /tmp/test.tomb{,.key} -f || exit 1
sudo -k
${T} dig -s 10 /tmp/test.tomb
sudo losetup -a
${T} --ignore-swap --unsecure-dev-mode --tomb-pwd f00za --use-urandom \
forge /tmp/test.tomb.key
sudo losetup -a
${T} --ignore-swap --unsecure-dev-mode --tomb-pwd f00za \
lock /tmp/test.tomb -k /tmp/test.tomb.key
sudo losetup -a
# sanity_tomb /tmp/asd.tomb
echo
echo trying to open with wrong password
echo
${T} --unsecure-dev-mode --tomb-pwd wrongpassword \
open /tmp/test.tomb
sudo losetup -a
echo
echo trying to open with good password
echo
${T} --unsecure-dev-mode --tomb-pwd f00za \
open /tmp/test.tomb
sudo losetup -a
${T} --unsecure-dev-mode close test
sudo losetup -a
rm /tmp/test.tomb{,.key} -f || exit 1

View File

@ -1,16 +0,0 @@
rm /tmp/asd.tomb{,.key} -f || exit 1
sudo -k
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
mountpoint=`../tomb --no-color list --get-mountpoint asd`
df $mountpoint >&4 || echo error df: $? >&3
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing: $? >&3
rm /tmp/asd.tomb{,.key} -f

39
tomb
View File

@ -40,10 +40,9 @@
# {{{ Global variables # {{{ Global variables
VERSION=1.3 VERSION=1.3.1
DATE="May/2013" DATE="Jun/2013"
TOMBEXEC=$0 TOMBEXEC=$0
TOMBOPENEXEC="${TOMBEXEC}-open"
typeset -a OLDARGS typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done for arg in ${argv}; do OLDARGS+=($arg); done
DD="dd" DD="dd"
@ -191,7 +190,7 @@ check_priv() {
# save original user # save original user
username=$USER username=$USER
if [ $UID != 0 ]; then if [ $UID != 0 ]; then
xxx "Using sudo for root execution of 'tomb ${(f)OLDARGS}'" xxx "Using sudo for root execution of '${TOMBEXEC} ${(f)OLDARGS}'"
# check if sudo has a timestamp active # check if sudo has a timestamp active
sudok=false sudok=false
@ -215,8 +214,8 @@ EOF
fi # are we root already fi # are we root already
# make sure necessary kernel modules are loaded # make sure necessary kernel modules are loaded
modprobe dm_mod modprobe dm_mod 2>/dev/null
modprobe dm_crypt modprobe dm_crypt 2>/dev/null
return 0 return 0
} }
@ -496,6 +495,13 @@ ask_key_password() {
local tombpass="" local tombpass=""
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd` tombpass=`option_value --tomb-pwd`
xxx "ask_key_password takes tombpass from CLI argument: $tombpass"
get_lukskey "$tombpass" ${tombkey} >/dev/null
if [ $? = 0 ]; then
passok=1; _message "Password OK."; fi
else else
for c in 1 2 3; do for c in 1 2 3; do
if [ $c = 1 ]; then if [ $c = 1 ]; then
@ -679,7 +685,8 @@ gen_key() {
unset tombpass unset tombpass
done done
else else
tombpass=`option_value --tomb-pwd` tombpass="`option_value --tomb-pwd`"
xxx "gen_key takes tombpass from CLI argument: $tombpass"
fi fi
@ -1046,7 +1053,7 @@ lock_tomb_with_key() {
fi fi
# load key from options or file # load key from options or file
tombkey=`load_key ${tombdir}/${tombfile}` tombkey=`load_key ${tombdir}/${tombfile}.key`
{ test $? = 0 } || { { test $? = 0 } || {
losetup -d $nstloop losetup -d $nstloop
die "Aborting operations: error loading key $tombkey" } die "Aborting operations: error loading key $tombkey" }
@ -1115,6 +1122,7 @@ lock_tomb_with_key() {
# backward compatibility # backward compatibility
create_tomb() { create_tomb() {
xxx "create_tomb(): ${=@} ${=OLDARGS}"
if ! [ $1 ]; then if ! [ $1 ]; then
_warning "no tomb name specified for creation" _warning "no tomb name specified for creation"
return 1 return 1
@ -1125,19 +1133,20 @@ create_tomb() {
_warning "Creating this tomb would overwrite an existing file. Operation aborted." _warning "Creating this tomb would overwrite an existing file. Operation aborted."
die "`ls -lh $1`" } die "`ls -lh $1`" }
dig_tomb ${=PARAM}
{ test $? = 0 } || { die "Failed to dig tomb, operation aborted." } { test $? = 0 } || { die "Failed to dig tomb, operation aborted." }
tombfile=`basename $1` tombfile=`basename $1`
tombdir=`dirname $1` tombdir=`dirname $1`
# make sure the file has a .tomb extension # make sure the file has a .tomb extension
tombname=${tombfile%%\.*} tombname=${tombfile%%\.*}
tombfile=${tombname}.tomb tombfile=${tombname}.tomb
forge_key ${tombfile}.key ${TOMBEXEC} dig ${=PARAM}
${TOMBEXEC} forge ${tombdir}/${tombfile}.key
{ test $? = 0 } || { die "Failed to forge key, operation aborted." } { test $? = 0 } || { die "Failed to forge key, operation aborted." }
lock_tomb_with_key ${tombfile} -l ${tombfile}.key ${TOMBEXEC} lock ${tombdir}/${tombfile} -k ${tombdir}/${tombfile}.key
{ test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." } { test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." }
yes "Tomb $tombname succesfully created" yes "Tomb $tombname succesfully created"
@ -1212,6 +1221,7 @@ mount_tomb() {
if [ $? != 0 ]; then if [ $? != 0 ]; then
# is it a LUKS encrypted nest? see cryptsetup(1) # is it a LUKS encrypted nest? see cryptsetup(1)
_warning "$tombfile is not a valid Luks encrypted storage file" _warning "$tombfile is not a valid Luks encrypted storage file"
losetup -d ${nstloop}
return 1 return 1
fi fi
say "this tomb is a valid LUKS encrypted device" say "this tomb is a valid LUKS encrypted device"
@ -1238,6 +1248,7 @@ mount_tomb() {
tombpass=`ask_key_password $tombkey` tombpass=`ask_key_password $tombkey`
{ test $? = 0 } || { { test $? = 0 } || {
losetup -d ${nstloop}
die "No valid password supplied" } die "No valid password supplied" }
get_lukskey "${tombpass}" ${tombkey} | \ get_lukskey "${tombpass}" ${tombkey} | \
@ -1884,10 +1895,10 @@ main() {
subcommands_opts[open]="f n -nohook=n k: -key=k o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:" subcommands_opts[open]="f n -nohook=n k: -key=k o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:"
subcommands_opts[mount]=${subcommands_opts[open]} subcommands_opts[mount]=${subcommands_opts[open]}
subcommands_opts[create]="f s: -size=s -force k: -key=k -ignore-swap -kdf: -sudo-pwd: -tomb-pwd: -use-urandom" subcommands_opts[create]="f -force -ignore-swap s: -size=s k: -key=k -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
subcommands_opts[forge]="f -ignore-swap k: -key=k -kdf: -use-urandom" subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: -tomb-pwd: -use-urandom"
subcommands_opts[dig]="f -ignore-swap s: -size=s" subcommands_opts[dig]="f -forge -ignore-swap s: -size=s"
subcommands_opts[lock]="f -force -ignore-swap s: -size=s k: -key=k -sudo-pwd: -tomb-pwd:" subcommands_opts[lock]="f -force -ignore-swap s: -size=s k: -key=k -sudo-pwd: -tomb-pwd:"
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: " subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "