mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 02:28:58 +00:00
fixes to --tomb-pwd and new test script
This commit is contained in:
parent
61362ce34e
commit
8f9e9f9d2a
48
extras/test/dig_forge_lock_open_close.sh
Executable file
48
extras/test/dig_forge_lock_open_close.sh
Executable file
@ -0,0 +1,48 @@
|
|||||||
|
#/usr/bin/env zsh
|
||||||
|
|
||||||
|
T="../../tomb"
|
||||||
|
source utils.sh
|
||||||
|
|
||||||
|
rm /tmp/test.tomb{,.key} -f || exit 1
|
||||||
|
|
||||||
|
sudo -k
|
||||||
|
|
||||||
|
${T} dig -s 10 /tmp/test.tomb
|
||||||
|
|
||||||
|
sudo losetup -a
|
||||||
|
|
||||||
|
${T} --ignore-swap --unsecure-dev-mode --tomb-pwd f00za --use-urandom \
|
||||||
|
forge /tmp/test.tomb.key
|
||||||
|
|
||||||
|
sudo losetup -a
|
||||||
|
|
||||||
|
${T} --ignore-swap --unsecure-dev-mode --tomb-pwd f00za \
|
||||||
|
lock /tmp/test.tomb -k /tmp/test.tomb.key
|
||||||
|
|
||||||
|
sudo losetup -a
|
||||||
|
|
||||||
|
# sanity_tomb /tmp/asd.tomb
|
||||||
|
echo
|
||||||
|
echo trying to open with wrong password
|
||||||
|
echo
|
||||||
|
|
||||||
|
${T} --unsecure-dev-mode --tomb-pwd wrongpassword \
|
||||||
|
open /tmp/test.tomb
|
||||||
|
|
||||||
|
sudo losetup -a
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo trying to open with good password
|
||||||
|
echo
|
||||||
|
|
||||||
|
${T} --unsecure-dev-mode --tomb-pwd f00za \
|
||||||
|
open /tmp/test.tomb
|
||||||
|
|
||||||
|
sudo losetup -a
|
||||||
|
|
||||||
|
${T} --unsecure-dev-mode close test
|
||||||
|
|
||||||
|
sudo losetup -a
|
||||||
|
|
||||||
|
rm /tmp/test.tomb{,.key} -f || exit 1
|
||||||
|
|
@ -1,16 +0,0 @@
|
|||||||
rm /tmp/asd.tomb{,.key} -f || exit 1
|
|
||||||
sudo -k
|
|
||||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
|
|
||||||
sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
|
|
||||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
|
|
||||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
|
|
||||||
../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
|
|
||||||
../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
|
|
||||||
mountpoint=`../tomb --no-color list --get-mountpoint asd`
|
|
||||||
df $mountpoint >&4 || echo error df: $? >&3
|
|
||||||
|
|
||||||
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing: $? >&3
|
|
||||||
|
|
||||||
rm /tmp/asd.tomb{,.key} -f
|
|
||||||
|
|
||||||
|
|
39
tomb
39
tomb
@ -40,10 +40,9 @@
|
|||||||
|
|
||||||
# {{{ Global variables
|
# {{{ Global variables
|
||||||
|
|
||||||
VERSION=1.3
|
VERSION=1.3.1
|
||||||
DATE="May/2013"
|
DATE="Jun/2013"
|
||||||
TOMBEXEC=$0
|
TOMBEXEC=$0
|
||||||
TOMBOPENEXEC="${TOMBEXEC}-open"
|
|
||||||
typeset -a OLDARGS
|
typeset -a OLDARGS
|
||||||
for arg in ${argv}; do OLDARGS+=($arg); done
|
for arg in ${argv}; do OLDARGS+=($arg); done
|
||||||
DD="dd"
|
DD="dd"
|
||||||
@ -191,7 +190,7 @@ check_priv() {
|
|||||||
# save original user
|
# save original user
|
||||||
username=$USER
|
username=$USER
|
||||||
if [ $UID != 0 ]; then
|
if [ $UID != 0 ]; then
|
||||||
xxx "Using sudo for root execution of 'tomb ${(f)OLDARGS}'"
|
xxx "Using sudo for root execution of '${TOMBEXEC} ${(f)OLDARGS}'"
|
||||||
# check if sudo has a timestamp active
|
# check if sudo has a timestamp active
|
||||||
sudok=false
|
sudok=false
|
||||||
|
|
||||||
@ -215,8 +214,8 @@ EOF
|
|||||||
fi # are we root already
|
fi # are we root already
|
||||||
|
|
||||||
# make sure necessary kernel modules are loaded
|
# make sure necessary kernel modules are loaded
|
||||||
modprobe dm_mod
|
modprobe dm_mod 2>/dev/null
|
||||||
modprobe dm_crypt
|
modprobe dm_crypt 2>/dev/null
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -496,6 +495,13 @@ ask_key_password() {
|
|||||||
local tombpass=""
|
local tombpass=""
|
||||||
if option_is_set --tomb-pwd; then
|
if option_is_set --tomb-pwd; then
|
||||||
tombpass=`option_value --tomb-pwd`
|
tombpass=`option_value --tomb-pwd`
|
||||||
|
xxx "ask_key_password takes tombpass from CLI argument: $tombpass"
|
||||||
|
|
||||||
|
get_lukskey "$tombpass" ${tombkey} >/dev/null
|
||||||
|
|
||||||
|
if [ $? = 0 ]; then
|
||||||
|
passok=1; _message "Password OK."; fi
|
||||||
|
|
||||||
else
|
else
|
||||||
for c in 1 2 3; do
|
for c in 1 2 3; do
|
||||||
if [ $c = 1 ]; then
|
if [ $c = 1 ]; then
|
||||||
@ -679,7 +685,8 @@ gen_key() {
|
|||||||
unset tombpass
|
unset tombpass
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
tombpass=`option_value --tomb-pwd`
|
tombpass="`option_value --tomb-pwd`"
|
||||||
|
xxx "gen_key takes tombpass from CLI argument: $tombpass"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
@ -1046,7 +1053,7 @@ lock_tomb_with_key() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# load key from options or file
|
# load key from options or file
|
||||||
tombkey=`load_key ${tombdir}/${tombfile}`
|
tombkey=`load_key ${tombdir}/${tombfile}.key`
|
||||||
{ test $? = 0 } || {
|
{ test $? = 0 } || {
|
||||||
losetup -d $nstloop
|
losetup -d $nstloop
|
||||||
die "Aborting operations: error loading key $tombkey" }
|
die "Aborting operations: error loading key $tombkey" }
|
||||||
@ -1115,6 +1122,7 @@ lock_tomb_with_key() {
|
|||||||
|
|
||||||
# backward compatibility
|
# backward compatibility
|
||||||
create_tomb() {
|
create_tomb() {
|
||||||
|
xxx "create_tomb(): ${=@} ${=OLDARGS}"
|
||||||
if ! [ $1 ]; then
|
if ! [ $1 ]; then
|
||||||
_warning "no tomb name specified for creation"
|
_warning "no tomb name specified for creation"
|
||||||
return 1
|
return 1
|
||||||
@ -1125,19 +1133,20 @@ create_tomb() {
|
|||||||
_warning "Creating this tomb would overwrite an existing file. Operation aborted."
|
_warning "Creating this tomb would overwrite an existing file. Operation aborted."
|
||||||
die "`ls -lh $1`" }
|
die "`ls -lh $1`" }
|
||||||
|
|
||||||
dig_tomb ${=PARAM}
|
|
||||||
{ test $? = 0 } || { die "Failed to dig tomb, operation aborted." }
|
{ test $? = 0 } || { die "Failed to dig tomb, operation aborted." }
|
||||||
|
|
||||||
|
|
||||||
tombfile=`basename $1`
|
tombfile=`basename $1`
|
||||||
tombdir=`dirname $1`
|
tombdir=`dirname $1`
|
||||||
# make sure the file has a .tomb extension
|
# make sure the file has a .tomb extension
|
||||||
tombname=${tombfile%%\.*}
|
tombname=${tombfile%%\.*}
|
||||||
tombfile=${tombname}.tomb
|
tombfile=${tombname}.tomb
|
||||||
|
|
||||||
forge_key ${tombfile}.key
|
${TOMBEXEC} dig ${=PARAM}
|
||||||
|
${TOMBEXEC} forge ${tombdir}/${tombfile}.key
|
||||||
{ test $? = 0 } || { die "Failed to forge key, operation aborted." }
|
{ test $? = 0 } || { die "Failed to forge key, operation aborted." }
|
||||||
|
|
||||||
lock_tomb_with_key ${tombfile} -l ${tombfile}.key
|
${TOMBEXEC} lock ${tombdir}/${tombfile} -k ${tombdir}/${tombfile}.key
|
||||||
{ test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." }
|
{ test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." }
|
||||||
|
|
||||||
yes "Tomb $tombname succesfully created"
|
yes "Tomb $tombname succesfully created"
|
||||||
@ -1212,6 +1221,7 @@ mount_tomb() {
|
|||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
# is it a LUKS encrypted nest? see cryptsetup(1)
|
# is it a LUKS encrypted nest? see cryptsetup(1)
|
||||||
_warning "$tombfile is not a valid Luks encrypted storage file"
|
_warning "$tombfile is not a valid Luks encrypted storage file"
|
||||||
|
losetup -d ${nstloop}
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
say "this tomb is a valid LUKS encrypted device"
|
say "this tomb is a valid LUKS encrypted device"
|
||||||
@ -1238,6 +1248,7 @@ mount_tomb() {
|
|||||||
|
|
||||||
tombpass=`ask_key_password $tombkey`
|
tombpass=`ask_key_password $tombkey`
|
||||||
{ test $? = 0 } || {
|
{ test $? = 0 } || {
|
||||||
|
losetup -d ${nstloop}
|
||||||
die "No valid password supplied" }
|
die "No valid password supplied" }
|
||||||
|
|
||||||
get_lukskey "${tombpass}" ${tombkey} | \
|
get_lukskey "${tombpass}" ${tombkey} | \
|
||||||
@ -1884,10 +1895,10 @@ main() {
|
|||||||
subcommands_opts[open]="f n -nohook=n k: -key=k o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:"
|
subcommands_opts[open]="f n -nohook=n k: -key=k o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:"
|
||||||
subcommands_opts[mount]=${subcommands_opts[open]}
|
subcommands_opts[mount]=${subcommands_opts[open]}
|
||||||
|
|
||||||
subcommands_opts[create]="f s: -size=s -force k: -key=k -ignore-swap -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
|
subcommands_opts[create]="f -force -ignore-swap s: -size=s k: -key=k -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
|
||||||
|
|
||||||
subcommands_opts[forge]="f -ignore-swap k: -key=k -kdf: -use-urandom"
|
subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: -tomb-pwd: -use-urandom"
|
||||||
subcommands_opts[dig]="f -ignore-swap s: -size=s"
|
subcommands_opts[dig]="f -forge -ignore-swap s: -size=s"
|
||||||
subcommands_opts[lock]="f -force -ignore-swap s: -size=s k: -key=k -sudo-pwd: -tomb-pwd:"
|
subcommands_opts[lock]="f -force -ignore-swap s: -size=s k: -key=k -sudo-pwd: -tomb-pwd:"
|
||||||
|
|
||||||
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
||||||
|
Loading…
Reference in New Issue
Block a user