Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-04 20:37:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

whitespace cleanup and correct indentation to 4 spaces (no tabs)

Browse Source
This commit is contained in:
Jaromil 2014-11-23 18:25:42 +01:00
parent aba0fa5191
commit 99581a5faa
1 changed files with 189 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

378
tomb
View File

@ -25,12 +25,12 @@
# modify it under the terms of the GNU Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
#
# This source code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Please refer
# to the GNU Public License for more details.
#
#
# You should have received a copy of the GNU Public License along with
# this source code; if not, write to: Free Software Foundation, Inc.,
# 675 Mass Ave, Cambridge, MA 02139, USA.
@ -176,26 +176,26 @@ _whoami() {
# Get GID from option -G or the environment
option_is_set -G \
&& _GID=$(option_value -G) || _GID=$(id -g $_USER)
&& _GID=$(option_value -G) || _GID=$(id -g $_USER)
# Get UID from option -U or the environment
option_is_set -U \
&& _UID=$(option_value -U) || _UID=$(id -u $_USER)
&& _UID=$(option_value -U) || _UID=$(id -u $_USER)
_verbose "Identified caller: ::1 username:: (::2 UID:::::3 GID::)" $_USER $_UID $_GID
# Update USERNAME accordingly if we can
[[ EUID == 0 && $_USER != $USERNAME ]] && {
_verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER
USERNAME=$_USER
_verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER
USERNAME=$_USER
}
# Force HOME to _USER's HOME if necessary
local home=$(awk -F: "/$_USER/ { print \$6 }" /etc/passwd 2>/dev/null)
[[ $home == $HOME ]] || {
_verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \
$home $HOME
HOME=$home }
_verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \
$home $HOME
HOME=$home }
# Get connecting TTY from option -T or the environment
option_is_set -T && _TTY=$(option_value -T)
@ -209,7 +209,7 @@ _plot() {
# We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME
TOMBPATH="$1"
TOMBDIR=$(dirname $TOMBPATH)
@ -220,7 +220,7 @@ _plot() {
# It can start with dots: ..foo.tomb -> ..foo
TOMBNAME="${TOMBFILE%\.[^\.]*}"
[[ -z $TOMBNAME ]] && {
_failure "Tomb won't work without a TOMBNAME." }
_failure "Tomb won't work without a TOMBNAME." }
# Normalize tomb name
TOMBFILE="$TOMBNAME.tomb"
@ -233,10 +233,10 @@ _plot() {
# Provide a random filename in shared memory
_tmp_create() {
[[ -d "$TMPPREFIX" ]] || {
mkdir -m 777 "$TMPPREFIX"
[[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
# we create the tempdir with the sticky bit on
chmod o+t "$TMPPREFIX"
mkdir -m 777 "$TMPPREFIX"
[[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
# we create the tempdir with the sticky bit on
chmod o+t "$TMPPREFIX"
}
# We're going to add one more $RANDOM for each time someone complain
@ -247,7 +247,7 @@ _tmp_create() {
_failure "Fatal error setting the permission umask for temporary files" }
[[ -r "$tfile" ]] && {
_failure "Someone is messing up with us trying to hijack temporary files." }
_failure "Someone is messing up with us trying to hijack temporary files." }
touch "$tfile"
[[ $? == 0 ]] || {
@ -286,7 +286,7 @@ _ensure_safe_swap() {
r=1
break
elif [[ "$bone" =~ "symbolic link" ]]; then
elif [[ "$bone" =~ "symbolic link" ]]; then
# Might link to a block
r=1
[[ "/dev/mapper" == "${s%/*}" ]] || { break }
@ -326,7 +326,7 @@ _check_swap() {
return 0
;;
*) # Unencrypted swap
_failure "Operation aborted."
_failure "Operation aborted."
;;
esac
fi
@ -345,10 +345,10 @@ ask_password() {
# Force pinentry to use a custom icon by overriding the GTK theme
# temporarily.
for prefix in /usr/local /usr; do
[[ -r "$prefix/$gtkrc" ]] && {
GTK2_RC="$prefix/$gtkrc"
break
}
[[ -r "$prefix/$gtkrc" ]] && {
GTK2_RC="$prefix/$gtkrc"
break
}
done
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} ${PINENTRY} 2>/dev/null | tail -n +7
@ -499,60 +499,60 @@ dump_secrets() {
# {{{ Commandline interaction
usage() {
_print "Syntax: tomb [options] command [arguments]"
_print "\000"
_print "Commands:"
_print "\000"
_print " // Creation:"
_print " dig create a new empty TOMB file of size -s in MB"
_print " forge create a new KEY file and set its password"
_print " lock installs a lock on a TOMB to use it with KEY"
_print "\000"
_print " // Operations on tombs:"
_print " open open an existing TOMB"
_print " index update the search indexes of tombs"
_print " search looks for filenames matching text patterns"
_print " list list of open TOMBs and information on them"
_print " close close a specific TOMB (or 'all')"
_print " slam slam a TOMB killing all programs using it"
_print "Syntax: tomb [options] command [arguments]"
_print "\000"
_print "Commands:"
_print "\000"
_print " // Creation:"
_print " dig create a new empty TOMB file of size -s in MB"
_print " forge create a new KEY file and set its password"
_print " lock installs a lock on a TOMB to use it with KEY"
_print "\000"
_print " // Operations on tombs:"
_print " open open an existing TOMB"
_print " index update the search indexes of tombs"
_print " search looks for filenames matching text patterns"
_print " list list of open TOMBs and information on them"
_print " close close a specific TOMB (or 'all')"
_print " slam slam a TOMB killing all programs using it"
[[ $RESIZER == 1 ]] && {
_print " resize resize a TOMB to a new size -s (can only grow)"
_print " resize resize a TOMB to a new size -s (can only grow)"
}
_print "\000"
_print " // Operations on keys:"
_print " passwd change the password of a KEY (needs old pass)"
_print " setkey change the KEY locking a TOMB (needs old key and pass)"
_print "\000"
_print "\000"
_print " // Operations on keys:"
_print " passwd change the password of a KEY (needs old pass)"
_print " setkey change the KEY locking a TOMB (needs old key and pass)"
_print "\000"
[[ $QRENCODE == 1 ]] && {
_print " // Backup on paper:"
_print " engrave makes a QR code of a KEY to be saved on paper"
_print " // Backup on paper:"
_print " engrave makes a QR code of a KEY to be saved on paper"
}
_print "\000"
_print "\000"
[[ $STEGHIDE == 1 ]] && {
_print " // Steganography:"
_print " bury hide a KEY inside a JPEG image (for use with -k)"
_print " exhume extract a KEY from a JPEG image (prints to stdout)"
_print " // Steganography:"
_print " bury hide a KEY inside a JPEG image (for use with -k)"
_print " exhume extract a KEY from a JPEG image (prints to stdout)"
}
_print "\000"
_print "Options:"
_print "\000"
_print " -s size of the tomb file when creating/resizing one (in MB)"
_print " -k path to the key to be used ('-k -' to read from stdin)"
_print " -n don't process the hooks found in tomb"
_print " -o mount options used to open (default: rw,noatime,nodev)"
_print " -f force operation (i.e. even if swap is active)"
_print "\000"
_print "Options:"
_print "\000"
_print " -s size of the tomb file when creating/resizing one (in MB)"
_print " -k path to the key to be used ('-k -' to read from stdin)"
_print " -n don't process the hooks found in tomb"
_print " -o mount options used to open (default: rw,noatime,nodev)"
_print " -f force operation (i.e. even if swap is active)"
[[ $KDF == 1 ]] && {
_print " --kdf generate passwords armored against dictionary attacks"
_print " --kdf generate passwords armored against dictionary attacks"
}
_print "\000"
_print " -h print this help"
_print " -v print version, license and list of available ciphers"
_print " -q run quietly without printing informations"
_print " -D print debugging information at runtime"
_print "\000"
_print "For more informations on Tomb read the manual: man tomb"
_print "Please report bugs on <http://github.com/dyne/tomb/issues>."
_print "\000"
_print " -h print this help"
_print " -v print version, license and list of available ciphers"
_print " -q run quietly without printing informations"
_print " -D print debugging information at runtime"
_print "\000"
_print "For more informations on Tomb read the manual: man tomb"
_print "Please report bugs on <http://github.com/dyne/tomb/issues>."
}
@ -692,7 +692,7 @@ _list_optional_tools() {
_deps=(gettext dcfldd wipe mkfs.ext4 steghide e2fsck)
_deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv)
for d in $_deps; do
_print "`which $d`"
_print "`which $d`"
done
return 0
}
@ -709,7 +709,7 @@ _ensure_dependencies() {
# Check for required programs
for req in cryptsetup pinentry sudo gpg; do
command -v $req 1>/dev/null 2>/dev/null || {
_failure "Missing required dependency ::1 command::. Please install it." $req }
_failure "Missing required dependency ::1 command::. Please install it." $req }
done
# Ensure system binaries are available in the PATH
@ -764,20 +764,20 @@ is_valid_key() {
return 0 }
[[ -z $key ]] && {
_warning "is_valid_key() called without an argument."
return 1
_warning "is_valid_key() called without an argument."
return 1
}
# If the key file is an image don't check file header
[[ -r $TOMBKEYFILE ]] \
&& [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \
&& [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \
&& {
_message "Key is an image, it might be valid."
return 0 }
return 0 }
[[ $key =~ "BEGIN PGP" ]] && {
_message "Key is valid."
return 0 }
return 0 }
return 1
}
@ -823,7 +823,7 @@ _load_key() {
TOMBSECRET=$(cat)
else
_verbose "load_key argument: ::1 key file::" $keyfile
[[ -r $keyfile ]] || _failure "Key not found, specify one using -k."
[[ -r $keyfile ]] || _failure "Key not found, specify one using -k."
TOMBKEYFILE=$keyfile
TOMBKEY="${mapfile[$TOMBKEYFILE]}"
fi
@ -882,7 +882,7 @@ gpg_decrypt() {
# Gets a key file and a password, prints out the decoded contents to
# be used directly by Luks as a cryptographic key
get_lukskey() {
# $1 is the password
# $1 is the password
_verbose "get_lukskey"
_password="$1"
@ -906,7 +906,7 @@ get_lukskey() {
;;
esac
# key needs to be exhumed from an image
# key needs to be exhumed from an image
elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then
exhume_key $TOMBKEYFILE "$_password"
@ -939,10 +939,10 @@ ask_key_password() {
for c in 1 2 3; do
if [[ $c == 1 ]]; then
tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to use key: $TOMBKEYFILE")
"Insert password to use key: $TOMBKEYFILE")
else
tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to use key: $TOMBKEYFILE (attempt $c)")
"Insert password to use key: $TOMBKEYFILE (attempt $c)")
fi
if [[ $? != 0 ]]; then
_warning "User aborted password dialog."
@ -1029,8 +1029,8 @@ change_passwd() {
# takes care to encrypt a key
# honored options: --kdf --tomb-pwd -o
gen_key() {
# $1 the password to use, if not set then ask user
# -o is the --cipher-algo to use (string taken by GnuPG)
# $1 the password to use, if not set then ask user
# -o is the --cipher-algo to use (string taken by GnuPG)
local algopt="`option_value -o`"
local algo="${algopt:-AES256}"
# here user is prompted for key password
@ -1066,8 +1066,8 @@ gen_key() {
header=""
[[ $KDF == 1 ]] && {
{ option_is_set --kdf } && {
# KDF is a new key strenghtening technique against brute forcing
# see: https://github.com/dyne/Tomb/issues/82
# KDF is a new key strenghtening technique against brute forcing
# see: https://github.com/dyne/Tomb/issues/82
itertime="`option_value --kdf`"
# removing support of floating points because they can't be type checked well
if [[ "$itertime" != <-> ]]; then
@ -1168,11 +1168,11 @@ bury_key() {
| steghide embed --embedfile - --coverfile ${imagefile} \
-p $TOMBPASSWORD -z 9 -e serpent cbc
if [ $? != 0 ]; then
_warning "Encoding error: steghide reports problems."
res=1
_warning "Encoding error: steghide reports problems."
res=1
else
_success "Tomb key encoded succesfully into image ::1 image file::" $imagefile
res=0
_success "Tomb key encoded succesfully into image ::1 image file::" $imagefile
res=0
fi
return $res
@ -1188,7 +1188,7 @@ exhume_key() {
local imagefile="$1" # The image file where to look for the key
local tombpass="$2" # (Optional) the password to use (internal use)
local destkey="$3" # (Optional) the key file where to save the
# result (- for stdout)
# result (- for stdout)
local r=1 # Return code (default: fail)
# Ensure the image file is a readable JPEG
@ -1201,7 +1201,7 @@ exhume_key() {
# the exhumed key on stdout without further checks (internal use)
[[ -n "$tombpass" ]] && {
TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -)
[[ $? != 0 ]] && {
[[ $? != 0 ]] && {
_failure "Wrong password or no steganographic key found" }
recover_key $TOMBKEY
@ -1212,16 +1212,16 @@ exhume_key() {
# Ensure we have a valid destination for the key
[[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k)
[[ -z $destkey ]] && {
destkey="-" # No key was specified: fallback to stdout
_message "printing exhumed key on stdout" }
destkey="-" # No key was specified: fallback to stdout
_message "printing exhumed key on stdout" }
# Bail out if destination exists, unless -f (force) was passed
[[ $destkey != "-" && -s $destkey ]] && {
_warning "File exists: ::1 tomb key::" $destkey
_warning "File exists: ::1 tomb key::" $destkey
{ option_is_set -f } && {
_warning "Use of --force selected: overwriting."
rm -f $destkey
} || {
} || {
_warning "Make explicit use of --force to overwrite."
_failure "Refusing to overwrite file. Operation aborted." }
}
@ -1231,12 +1231,12 @@ exhume_key() {
tombpass=$(option_value --tomb-pwd)
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass
} || {
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
} || {
tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to exhume key from $imagefile")
"Insert password to exhume key from $imagefile")
[[ $? != 0 ]] && {
_warning "User aborted password dialog."
_warning "User aborted password dialog."
return 1
}
}
@ -1268,9 +1268,9 @@ engrave_key() {
_success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE
# we omit armor strings to save space
awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \
| qrencode --size 4 --level H --casesensitive -o $pngname
| qrencode --size 4 --level H --casesensitive -o $pngname
[[ $? != 0 ]] && {
_failure "QREncode reported an error." }
_failure "QREncode reported an error." }
_success "Operation successful:"
# TODO: only if verbose and/or not silent
@ -1377,7 +1377,7 @@ forge_key() {
[[ -n "$algopt" ]] && algo=$algopt
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
$destkey $algo
$destkey $algo
TOMBKEYFILE="$destkey" # Set global variable
@ -1524,7 +1524,7 @@ lock_tomb_with_key() {
_message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher
_success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \
$TOMBPATH $TOMBKEYFILE
$TOMBPATH $TOMBKEYFILE
}
@ -1552,7 +1552,7 @@ change_tomb_key() {
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
_load_key $tombkey # Try loading given key and set TOMBKEY and
# TOMBKEYFILE
# TOMBKEYFILE
local oldkey=$TOMBKEY
local oldkeyfile=$TOMBKEYFILE
@ -1634,7 +1634,7 @@ mount_tomb() {
_load_key # Try loading new key from option -k and set TOMBKEYFILE
tombmount=${2:-/media/$TOMBFILE}
tombmount=${2:-/media/$TOMBFILE}
[[ -z "$2" ]] && {
_message "Mountpoint not specified, using default: ::1 mount point::" $tombmount }
@ -1693,7 +1693,7 @@ mount_tomb() {
_cryptsetup luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." }
_failure "Failure mounting the encrypted file." }
# preserve the loopdev after exit
lo_preserve "$nstloop"
@ -1721,7 +1721,7 @@ mount_tomb() {
_success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount
local tombtty tombhost tombuid tombuser
local tombtty tombhost tombuid tombuser
# print out when was opened the last time, by whom and where
[[ -r ${tombmount}/.last ]] && {
@ -1782,11 +1782,11 @@ exec_safe_bind_hooks() {
# No HOME set? Note: this should never happen again.
[[ -z $HOME ]] && {
_warning "How pitiful! A tomb, and no HOME."
return 1 }
_warning "How pitiful! A tomb, and no HOME."
return 1 }
[[ -z $mnt || ! -d $mnt ]] && {
_warning "Cannot exec bind hooks without a mounted tomb."
_warning "Cannot exec bind hooks without a mounted tomb."
return 1 }
[[ -r "$mnt/bind-hooks" ]] || {
@ -1825,7 +1825,7 @@ exec_safe_bind_hooks() {
_warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir
else
mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \
&& mounted+=("$HOME/${maps[$dir]}")
&& mounted+=("$HOME/${maps[$dir]}")
fi
done
}
@ -1847,7 +1847,7 @@ exec_safe_post_hooks() {
# Only run if post-hooks has the executable bit set
[[ -x $mnt/post-hooks ]] || return
# If the file starts with a shebang, run it.
# If the file starts with a shebang, run it.
cat $mnt/post-hooks | head -n1 | grep '^#!\s*/' &> /dev/null
[[ $? == 0 ]] && {
_success "Post hooks found, executing as user ::1 user name::." $USERNAME
@ -1865,7 +1865,7 @@ list_tombs() {
local tombname tombmount tombfs tombfsopts tombloop
local ts tombtot tombused tombavail tombpercent tombp tombsince
local tombtty tombhost tombuid tombuser
local tombtty tombhost tombuid tombuser
# list all open tombs
mounted_tombs=(`list_tomb_mounts $1`)
[[ ${#mounted_tombs} == 0 ]] && {
@ -1959,7 +1959,7 @@ BEGIN { main="" }
} || {
# list a specific tomb
mount -l \
| awk -vtomb="[$1]" '
| awk -vtomb="[$1]" '
BEGIN { main="" }
/^\/dev\/mapper\/tomb/ {
if($7!=tomb) next;
@ -2021,10 +2021,10 @@ index_tombs() {
mounted_tombs=(`list_tomb_mounts $1`)
[[ ${#mounted_tombs} == 0 ]] && {
# Considering one tomb
# Considering one tomb
[[ -n "$1" ]] && {
_failure "There seems to be no open tomb engraved as [::1::]" $1 }
# Or more
_failure "There seems to be no open tomb engraved as [::1::]" $1 }
# Or more
_failure "I can't see any open tomb, may they all rest in peace." }
_success "Creating and updating search indexes."
@ -2155,13 +2155,13 @@ search_tombs() {
_message "Searching filenames in tomb ::1 tomb name::" $tombname
locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
_message "Matches found: ::1 matches::" \
$(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@})
$(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@})
# Use swish-e to search over contents
[[ $SWISH == 1 && -r $tombmount/.swish ]] && {
_message "Searching contents in tomb ::1 tomb name::" $tombname
swish-e -w ${=@} -f $tombmount/.swish -H0 }
} || {
_message "Searching contents in tomb ::1 tomb name::" $tombname
swish-e -w ${=@} -f $tombmount/.swish -H0 }
} || {
_warning "Skipping tomb ::1 tomb name::: not indexed." $tombname
_warning "Run 'tomb index' to create indexes." }
done
@ -2233,7 +2233,7 @@ resize_tomb() {
_cryptsetup luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." }
_failure "Failure mounting the encrypted file." }
cryptsetup resize "${mapper}" || {
_failure "cryptsetup failed to resize ::1 mapper::" $mapper }
@ -2273,7 +2273,7 @@ umount_tomb() {
[[ ${#mounted_tombs} -gt 1 && -z "$1" ]] && {
_warning "Too many tombs mounted, please specify one (see tomb list)"
_warning "or issue the command 'tomb close all' to close them all."
_failure "Operation aborted." }
_failure "Operation aborted." }
for t in ${mounted_tombs}; do
mapper=`basename ${t[(ws:;:)1]}`
@ -2294,15 +2294,15 @@ umount_tomb() {
[[ -n $SLAM ]] && {
_success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \
$tombname $tombmount
$tombname $tombmount
_message "Kill all processes busy inside the tomb."
{ slam_tomb "$tombmount" } || {
_failure "Cannot slam the tomb ::1 tomb name::" $tombname }
} || {
} || {
_message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" \
$tombname $tombmount }
$tombname $tombmount }
# check if there are binded dirs and close them
# check if there are binded dirs and close them
bind_tombs=(`list_tomb_binds $tombname`)
for b in ${bind_tombs}; do
bind_mapper="${b[(ws:;:)1]}"
@ -2315,12 +2315,12 @@ umount_tomb() {
[[ $? == 1 ]] && {
_failure "Cannot slam the bind hook ::1 hook::" $bind_mount }
umount $bind_mount
} || {
} || {
_warning "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount }
}
done
# Execute post-hooks for eventual cleanup
# Execute post-hooks for eventual cleanup
{ option_is_set -n } || {
exec_safe_post_hooks ${tombmount%%/} close }
@ -2328,17 +2328,17 @@ umount_tomb() {
umount ${tombmount}
[[ $? = 0 ]] || { _warning "Tomb is busy, cannot umount!"; return 1 }
# If we used a default mountpoint and is now empty, delete it
[[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount }
# If we used a default mountpoint and is now empty, delete it
[[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount }
cryptsetup luksClose $mapper
[[ $? == 0 ]] || {
[[ $? == 0 ]] || {
_failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
# Normally the loopback device is detached when unused
# Normally the loopback device is detached when unused
[[ -e "/dev/$tombloop" ]] && losetup -d "/dev/$tombloop"
[[ $? = 0 ]] || {
_verbose "/dev/$tombloop was already closed." }
_verbose "/dev/$tombloop was already closed." }
_success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname
@ -2434,7 +2434,7 @@ main() {
subcommands_opts[source]=""
subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: "
subcommands_opts[check]="-ignore-swap "
# subcommands_opts[translate]=""
# subcommands_opts[translate]=""
### Detect subcommand
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
@ -2445,20 +2445,20 @@ main() {
done
local -a oldstar
oldstar=("${(@)argv}")
#### detect early: useful for --optiion-parsing
#### detect early: useful for --optiion-parsing
zparseopts -M -D -Adiscardme ${every_opts}
if [[ -n ${(k)discardme[--option-parsing]} ]]; then
print $1
if [[ -n "$1" ]]; then
return 1
fi
return 0
if [[ -n ${(k)discardme[--option-parsing]} ]]; then
print $1
if [[ -n "$1" ]]; then
return 1
fi
unset discardme
return 0
fi
unset discardme
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
_failure "Error parsing."
return 127
fi
_failure "Error parsing."
return 127
fi
unset discardme
subcommand=$1
if [[ -z $subcommand ]]; then
@ -2527,7 +2527,7 @@ main() {
[[ -z $_UID ]] || {
_verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." \
$_UID $_GID $_TTY
$_UID $_GID $_TTY
}
_verbose "Temporary directory: $TMPPREFIX"
@ -2535,51 +2535,51 @@ main() {
# Process subcommand
case "$subcommand" in
# USAGE
# USAGE
help)
usage
;;
# DEPRECATION notice (leave here as 'create' is still present in old docs)
# DEPRECATION notice (leave here as 'create' is still present in old docs)
create)
_warning "The create command is deprecated, please use dig, forge and lock instead."
_warning "For more informations see Tomb's manual page (man tomb)."
_failure "Operation aborted."
_failure "Operation aborted."
;;
# CREATE Step 1: dig -s NN file.tomb
# CREATE Step 1: dig -s NN file.tomb
dig)
check_priv
dig_tomb ${=PARAM}
;;
# CREATE Step 2: forge file.tomb.key
# CREATE Step 2: forge file.tomb.key
forge)
check_priv
forge_key ${=PARAM}
;;
# CREATE Step 2: lock -k file.tomb.key file.tomb
# CREATE Step 2: lock -k file.tomb.key file.tomb
lock)
check_priv
lock_tomb_with_key ${=PARAM}
;;
# Open the tomb
# Open the tomb
mount|open)
check_priv
mount_tomb $PARAM[1] $PARAM[2]
;;
# Close the tomb
# `slam` is used to force closing.
# Close the tomb
# `slam` is used to force closing.
umount|close|slam)
check_priv
[[ "$subcommand" == "slam" ]] && SLAM=1
umount_tomb $PARAM[1]
;;
# Grow tomb's size
# Grow tomb's size
resize)
[[ $RESIZER == 0 ]] && {
_failure "Resize2fs not installed: cannot resize tombs." }
@ -2587,53 +2587,53 @@ main() {
resize_tomb $PARAM[1]
;;
## Contents manipulation
## Contents manipulation
# Index tomb contents
# Index tomb contents
index)
index_tombs $PARAM[1]
;;
;;
# List tombs
# List tombs
list)
list_tombs $PARAM[1]
;;
# Search tomb contents
# Search tomb contents
search)
search_tombs ${=PARAM}
;;
## Locking operations
## Locking operations
# Export key to QR Code
# Export key to QR Code
engrave)
[[ $QRENCODE == 0 ]] && {
_failure "QREncode not installed: cannot engrave keys on paper." }
engrave_key ${=PARAM}
;;
# Change password on existing key
# Change password on existing key
passwd)
check_priv
change_passwd $PARAM[1]
;;
# Change tomb key
# Change tomb key
setkey)
check_priv
change_tomb_key ${=PARAM}
;;
# STEGANOGRAPHY: hide key inside an image
# STEGANOGRAPHY: hide key inside an image
bury)
[[ $STEGHIDE == 0 ]] && {
_failure "Steghide not installed: cannot bury keys into images." }
bury_key $PARAM[1]
;;
# STEGANOGRAPHY: read key hidden in an image
exhume)
# STEGANOGRAPHY: read key hidden in an image
exhume)
[[ $STEGHIDE == 0 ]] && {
_failure "Steghide not installed: cannot exhume keys from images." }
exhume_key $PARAM[1]
@ -2641,45 +2641,45 @@ main() {
## Internal commands useful to developers
# Make tomb functions available to the calling shell or script
# Make tomb functions available to the calling shell or script
'source') return 0 ;;
# Ask user for a password interactively
# Ask user for a password interactively
askpass) ask_password $PARAM[1] $PARAM[2] ;;
# Default operation: presentation, or version information with -v
# Default operation: presentation, or version information with -v
__default)
_print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION
_print "\000"
_print " Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+"
_print " This is free software: you are free to change and redistribute it"
_print " For the latest sourcecode go to <http://dyne.org/software/tomb>"
_print "\000"
_print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION
_print "\000"
_print " Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+"
_print " This is free software: you are free to change and redistribute it"
_print " For the latest sourcecode go to <http://dyne.org/software/tomb>"
_print "\000"
option_is_set -v && {
_print " This source code is distributed in the hope that it will be useful,"
_print " but WITHOUT ANY WARRANTY; without even the implied warranty of"
_print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
_print " When in need please refer to <http://dyne.org/support>."
_print "\000"
_print "System utils:"
_print "\000"
cat <<EOF
_print " This source code is distributed in the hope that it will be useful,"
_print " but WITHOUT ANY WARRANTY; without even the implied warranty of"
_print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
_print " When in need please refer to <http://dyne.org/support>."
_print "\000"
_print "System utils:"
_print "\000"
cat <<EOF
`sudo -V | head -n1`
`cryptsetup --version`
`pinentry --version`
`gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
`list_gnupg_ciphers`
EOF
_print "\000"
_print "Optional utils:"
_print "\000"
_list_optional_tools version
return 0
_print "\000"
_print "Optional utils:"
_print "\000"
_list_optional_tools version
return 0
}
usage
;;
# Reject unknown command and suggest help
# Reject unknown command and suggest help
*)
_warning "Command \"::1 subcommand::\" not recognized." $subcommand
_message "Try -h for help."