Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-26 06:46:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

whitespace cleanup and correct indentation to 4 spaces (no tabs)

Browse Source
This commit is contained in:
Jaromil 2014-11-23 18:25:42 +01:00
parent aba0fa5191
commit 99581a5faa
1 changed files with 189 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

362
tomb
View File

@ -176,26 +176,26 @@ _whoami() {
# Get GID from option -G or the environment # Get GID from option -G or the environment
option_is_set -G \ option_is_set -G \
&& _GID=$(option_value -G) || _GID=$(id -g $_USER) && _GID=$(option_value -G) || _GID=$(id -g $_USER)
# Get UID from option -U or the environment # Get UID from option -U or the environment
option_is_set -U \ option_is_set -U \
&& _UID=$(option_value -U) || _UID=$(id -u $_USER) && _UID=$(option_value -U) || _UID=$(id -u $_USER)
_verbose "Identified caller: ::1 username:: (::2 UID:::::3 GID::)" $_USER $_UID $_GID _verbose "Identified caller: ::1 username:: (::2 UID:::::3 GID::)" $_USER $_UID $_GID
# Update USERNAME accordingly if we can # Update USERNAME accordingly if we can
[[ EUID == 0 && $_USER != $USERNAME ]] && { [[ EUID == 0 && $_USER != $USERNAME ]] && {
_verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER _verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER
USERNAME=$_USER USERNAME=$_USER
} }
# Force HOME to _USER's HOME if necessary # Force HOME to _USER's HOME if necessary
local home=$(awk -F: "/$_USER/ { print \$6 }" /etc/passwd 2>/dev/null) local home=$(awk -F: "/$_USER/ { print \$6 }" /etc/passwd 2>/dev/null)
[[ $home == $HOME ]] || { [[ $home == $HOME ]] || {
_verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \ _verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \
$home $HOME $home $HOME
HOME=$home } HOME=$home }
# Get connecting TTY from option -T or the environment # Get connecting TTY from option -T or the environment
option_is_set -T && _TTY=$(option_value -T) option_is_set -T && _TTY=$(option_value -T)
@ -220,7 +220,7 @@ _plot() {
# It can start with dots: ..foo.tomb -> ..foo # It can start with dots: ..foo.tomb -> ..foo
TOMBNAME="${TOMBFILE%\.[^\.]*}" TOMBNAME="${TOMBFILE%\.[^\.]*}"
[[ -z $TOMBNAME ]] && { [[ -z $TOMBNAME ]] && {
_failure "Tomb won't work without a TOMBNAME." } _failure "Tomb won't work without a TOMBNAME." }
# Normalize tomb name # Normalize tomb name
TOMBFILE="$TOMBNAME.tomb" TOMBFILE="$TOMBNAME.tomb"
@ -233,10 +233,10 @@ _plot() {
# Provide a random filename in shared memory # Provide a random filename in shared memory
_tmp_create() { _tmp_create() {
[[ -d "$TMPPREFIX" ]] || { [[ -d "$TMPPREFIX" ]] || {
mkdir -m 777 "$TMPPREFIX" mkdir -m 777 "$TMPPREFIX"
[[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX" [[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
# we create the tempdir with the sticky bit on # we create the tempdir with the sticky bit on
chmod o+t "$TMPPREFIX" chmod o+t "$TMPPREFIX"
} }
# We're going to add one more $RANDOM for each time someone complain # We're going to add one more $RANDOM for each time someone complain
@ -247,7 +247,7 @@ _tmp_create() {
_failure "Fatal error setting the permission umask for temporary files" } _failure "Fatal error setting the permission umask for temporary files" }
[[ -r "$tfile" ]] && { [[ -r "$tfile" ]] && {
_failure "Someone is messing up with us trying to hijack temporary files." } _failure "Someone is messing up with us trying to hijack temporary files." }
touch "$tfile" touch "$tfile"
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
@ -286,7 +286,7 @@ _ensure_safe_swap() {
r=1 r=1
break break
elif [[ "$bone" =~ "symbolic link" ]]; then elif [[ "$bone" =~ "symbolic link" ]]; then
# Might link to a block # Might link to a block
r=1 r=1
[[ "/dev/mapper" == "${s%/*}" ]] || { break } [[ "/dev/mapper" == "${s%/*}" ]] || { break }
@ -326,7 +326,7 @@ _check_swap() {
return 0 return 0
;; ;;
*) # Unencrypted swap *) # Unencrypted swap
_failure "Operation aborted." _failure "Operation aborted."
;; ;;
esac esac
fi fi
@ -345,10 +345,10 @@ ask_password() {
# Force pinentry to use a custom icon by overriding the GTK theme # Force pinentry to use a custom icon by overriding the GTK theme
# temporarily. # temporarily.
for prefix in /usr/local /usr; do for prefix in /usr/local /usr; do
[[ -r "$prefix/$gtkrc" ]] && { [[ -r "$prefix/$gtkrc" ]] && {
GTK2_RC="$prefix/$gtkrc" GTK2_RC="$prefix/$gtkrc"
break break
} }
done done
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} ${PINENTRY} 2>/dev/null | tail -n +7 output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} ${PINENTRY} 2>/dev/null | tail -n +7
@ -499,60 +499,60 @@ dump_secrets() {
# {{{ Commandline interaction # {{{ Commandline interaction
usage() { usage() {
_print "Syntax: tomb [options] command [arguments]" _print "Syntax: tomb [options] command [arguments]"
_print "\000" _print "\000"
_print "Commands:" _print "Commands:"
_print "\000" _print "\000"
_print " // Creation:" _print " // Creation:"
_print " dig create a new empty TOMB file of size -s in MB" _print " dig create a new empty TOMB file of size -s in MB"
_print " forge create a new KEY file and set its password" _print " forge create a new KEY file and set its password"
_print " lock installs a lock on a TOMB to use it with KEY" _print " lock installs a lock on a TOMB to use it with KEY"
_print "\000" _print "\000"
_print " // Operations on tombs:" _print " // Operations on tombs:"
_print " open open an existing TOMB" _print " open open an existing TOMB"
_print " index update the search indexes of tombs" _print " index update the search indexes of tombs"
_print " search looks for filenames matching text patterns" _print " search looks for filenames matching text patterns"
_print " list list of open TOMBs and information on them" _print " list list of open TOMBs and information on them"
_print " close close a specific TOMB (or 'all')" _print " close close a specific TOMB (or 'all')"
_print " slam slam a TOMB killing all programs using it" _print " slam slam a TOMB killing all programs using it"
[[ $RESIZER == 1 ]] && { [[ $RESIZER == 1 ]] && {
_print " resize resize a TOMB to a new size -s (can only grow)" _print " resize resize a TOMB to a new size -s (can only grow)"
} }
_print "\000" _print "\000"
_print " // Operations on keys:" _print " // Operations on keys:"
_print " passwd change the password of a KEY (needs old pass)" _print " passwd change the password of a KEY (needs old pass)"
_print " setkey change the KEY locking a TOMB (needs old key and pass)" _print " setkey change the KEY locking a TOMB (needs old key and pass)"
_print "\000" _print "\000"
[[ $QRENCODE == 1 ]] && { [[ $QRENCODE == 1 ]] && {
_print " // Backup on paper:" _print " // Backup on paper:"
_print " engrave makes a QR code of a KEY to be saved on paper" _print " engrave makes a QR code of a KEY to be saved on paper"
} }
_print "\000" _print "\000"
[[ $STEGHIDE == 1 ]] && { [[ $STEGHIDE == 1 ]] && {
_print " // Steganography:" _print " // Steganography:"
_print " bury hide a KEY inside a JPEG image (for use with -k)" _print " bury hide a KEY inside a JPEG image (for use with -k)"
_print " exhume extract a KEY from a JPEG image (prints to stdout)" _print " exhume extract a KEY from a JPEG image (prints to stdout)"
} }
_print "\000" _print "\000"
_print "Options:" _print "Options:"
_print "\000" _print "\000"
_print " -s size of the tomb file when creating/resizing one (in MB)" _print " -s size of the tomb file when creating/resizing one (in MB)"
_print " -k path to the key to be used ('-k -' to read from stdin)" _print " -k path to the key to be used ('-k -' to read from stdin)"
_print " -n don't process the hooks found in tomb" _print " -n don't process the hooks found in tomb"
_print " -o mount options used to open (default: rw,noatime,nodev)" _print " -o mount options used to open (default: rw,noatime,nodev)"
_print " -f force operation (i.e. even if swap is active)" _print " -f force operation (i.e. even if swap is active)"
[[ $KDF == 1 ]] && { [[ $KDF == 1 ]] && {
_print " --kdf generate passwords armored against dictionary attacks" _print " --kdf generate passwords armored against dictionary attacks"
} }
_print "\000" _print "\000"
_print " -h print this help" _print " -h print this help"
_print " -v print version, license and list of available ciphers" _print " -v print version, license and list of available ciphers"
_print " -q run quietly without printing informations" _print " -q run quietly without printing informations"
_print " -D print debugging information at runtime" _print " -D print debugging information at runtime"
_print "\000" _print "\000"
_print "For more informations on Tomb read the manual: man tomb" _print "For more informations on Tomb read the manual: man tomb"
_print "Please report bugs on <http://github.com/dyne/tomb/issues>." _print "Please report bugs on <http://github.com/dyne/tomb/issues>."
} }
@ -692,7 +692,7 @@ _list_optional_tools() {
_deps=(gettext dcfldd wipe mkfs.ext4 steghide e2fsck) _deps=(gettext dcfldd wipe mkfs.ext4 steghide e2fsck)
_deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv) _deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv)
for d in $_deps; do for d in $_deps; do
_print "`which $d`" _print "`which $d`"
done done
return 0 return 0
} }
@ -709,7 +709,7 @@ _ensure_dependencies() {
# Check for required programs # Check for required programs
for req in cryptsetup pinentry sudo gpg; do for req in cryptsetup pinentry sudo gpg; do
command -v $req 1>/dev/null 2>/dev/null || { command -v $req 1>/dev/null 2>/dev/null || {
_failure "Missing required dependency ::1 command::. Please install it." $req } _failure "Missing required dependency ::1 command::. Please install it." $req }
done done
# Ensure system binaries are available in the PATH # Ensure system binaries are available in the PATH
@ -764,20 +764,20 @@ is_valid_key() {
return 0 } return 0 }
[[ -z $key ]] && { [[ -z $key ]] && {
_warning "is_valid_key() called without an argument." _warning "is_valid_key() called without an argument."
return 1 return 1
} }
# If the key file is an image don't check file header # If the key file is an image don't check file header
[[ -r $TOMBKEYFILE ]] \ [[ -r $TOMBKEYFILE ]] \
&& [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \ && [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \
&& { && {
_message "Key is an image, it might be valid." _message "Key is an image, it might be valid."
return 0 } return 0 }
[[ $key =~ "BEGIN PGP" ]] && { [[ $key =~ "BEGIN PGP" ]] && {
_message "Key is valid." _message "Key is valid."
return 0 } return 0 }
return 1 return 1
} }
@ -823,7 +823,7 @@ _load_key() {
TOMBSECRET=$(cat) TOMBSECRET=$(cat)
else else
_verbose "load_key argument: ::1 key file::" $keyfile _verbose "load_key argument: ::1 key file::" $keyfile
[[ -r $keyfile ]] || _failure "Key not found, specify one using -k." [[ -r $keyfile ]] || _failure "Key not found, specify one using -k."
TOMBKEYFILE=$keyfile TOMBKEYFILE=$keyfile
TOMBKEY="${mapfile[$TOMBKEYFILE]}" TOMBKEY="${mapfile[$TOMBKEYFILE]}"
fi fi
@ -882,7 +882,7 @@ gpg_decrypt() {
# Gets a key file and a password, prints out the decoded contents to # Gets a key file and a password, prints out the decoded contents to
# be used directly by Luks as a cryptographic key # be used directly by Luks as a cryptographic key
get_lukskey() { get_lukskey() {
# $1 is the password # $1 is the password
_verbose "get_lukskey" _verbose "get_lukskey"
_password="$1" _password="$1"
@ -906,7 +906,7 @@ get_lukskey() {
;; ;;
esac esac
# key needs to be exhumed from an image # key needs to be exhumed from an image
elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then
exhume_key $TOMBKEYFILE "$_password" exhume_key $TOMBKEYFILE "$_password"
@ -939,10 +939,10 @@ ask_key_password() {
for c in 1 2 3; do for c in 1 2 3; do
if [[ $c == 1 ]]; then if [[ $c == 1 ]]; then
tombpass=$(exec_as_user ${TOMBEXEC} askpass \ tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to use key: $TOMBKEYFILE") "Insert password to use key: $TOMBKEYFILE")
else else
tombpass=$(exec_as_user ${TOMBEXEC} askpass \ tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to use key: $TOMBKEYFILE (attempt $c)") "Insert password to use key: $TOMBKEYFILE (attempt $c)")
fi fi
if [[ $? != 0 ]]; then if [[ $? != 0 ]]; then
_warning "User aborted password dialog." _warning "User aborted password dialog."
@ -1029,8 +1029,8 @@ change_passwd() {
# takes care to encrypt a key # takes care to encrypt a key
# honored options: --kdf --tomb-pwd -o # honored options: --kdf --tomb-pwd -o
gen_key() { gen_key() {
# $1 the password to use, if not set then ask user # $1 the password to use, if not set then ask user
# -o is the --cipher-algo to use (string taken by GnuPG) # -o is the --cipher-algo to use (string taken by GnuPG)
local algopt="`option_value -o`" local algopt="`option_value -o`"
local algo="${algopt:-AES256}" local algo="${algopt:-AES256}"
# here user is prompted for key password # here user is prompted for key password
@ -1066,8 +1066,8 @@ gen_key() {
header="" header=""
[[ $KDF == 1 ]] && { [[ $KDF == 1 ]] && {
{ option_is_set --kdf } && { { option_is_set --kdf } && {
# KDF is a new key strenghtening technique against brute forcing # KDF is a new key strenghtening technique against brute forcing
# see: https://github.com/dyne/Tomb/issues/82 # see: https://github.com/dyne/Tomb/issues/82
itertime="`option_value --kdf`" itertime="`option_value --kdf`"
# removing support of floating points because they can't be type checked well # removing support of floating points because they can't be type checked well
if [[ "$itertime" != <-> ]]; then if [[ "$itertime" != <-> ]]; then
@ -1168,11 +1168,11 @@ bury_key() {
| steghide embed --embedfile - --coverfile ${imagefile} \ | steghide embed --embedfile - --coverfile ${imagefile} \
-p $TOMBPASSWORD -z 9 -e serpent cbc -p $TOMBPASSWORD -z 9 -e serpent cbc
if [ $? != 0 ]; then if [ $? != 0 ]; then
_warning "Encoding error: steghide reports problems." _warning "Encoding error: steghide reports problems."
res=1 res=1
else else
_success "Tomb key encoded succesfully into image ::1 image file::" $imagefile _success "Tomb key encoded succesfully into image ::1 image file::" $imagefile
res=0 res=0
fi fi
return $res return $res
@ -1188,7 +1188,7 @@ exhume_key() {
local imagefile="$1" # The image file where to look for the key local imagefile="$1" # The image file where to look for the key
local tombpass="$2" # (Optional) the password to use (internal use) local tombpass="$2" # (Optional) the password to use (internal use)
local destkey="$3" # (Optional) the key file where to save the local destkey="$3" # (Optional) the key file where to save the
# result (- for stdout) # result (- for stdout)
local r=1 # Return code (default: fail) local r=1 # Return code (default: fail)
# Ensure the image file is a readable JPEG # Ensure the image file is a readable JPEG
@ -1201,7 +1201,7 @@ exhume_key() {
# the exhumed key on stdout without further checks (internal use) # the exhumed key on stdout without further checks (internal use)
[[ -n "$tombpass" ]] && { [[ -n "$tombpass" ]] && {
TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -) TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -)
[[ $? != 0 ]] && { [[ $? != 0 ]] && {
_failure "Wrong password or no steganographic key found" } _failure "Wrong password or no steganographic key found" }
recover_key $TOMBKEY recover_key $TOMBKEY
@ -1212,16 +1212,16 @@ exhume_key() {
# Ensure we have a valid destination for the key # Ensure we have a valid destination for the key
[[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k) [[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k)
[[ -z $destkey ]] && { [[ -z $destkey ]] && {
destkey="-" # No key was specified: fallback to stdout destkey="-" # No key was specified: fallback to stdout
_message "printing exhumed key on stdout" } _message "printing exhumed key on stdout" }
# Bail out if destination exists, unless -f (force) was passed # Bail out if destination exists, unless -f (force) was passed
[[ $destkey != "-" && -s $destkey ]] && { [[ $destkey != "-" && -s $destkey ]] && {
_warning "File exists: ::1 tomb key::" $destkey _warning "File exists: ::1 tomb key::" $destkey
{ option_is_set -f } && { { option_is_set -f } && {
_warning "Use of --force selected: overwriting." _warning "Use of --force selected: overwriting."
rm -f $destkey rm -f $destkey
} || { } || {
_warning "Make explicit use of --force to overwrite." _warning "Make explicit use of --force to overwrite."
_failure "Refusing to overwrite file. Operation aborted." } _failure "Refusing to overwrite file. Operation aborted." }
} }
@ -1231,12 +1231,12 @@ exhume_key() {
tombpass=$(option_value --tomb-pwd) tombpass=$(option_value --tomb-pwd)
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass _verbose "tomb-pwd = ::1 tomb pass::" $tombpass
} || { } || {
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD [[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
} || { } || {
tombpass=$(exec_as_user ${TOMBEXEC} askpass \ tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to exhume key from $imagefile") "Insert password to exhume key from $imagefile")
[[ $? != 0 ]] && { [[ $? != 0 ]] && {
_warning "User aborted password dialog." _warning "User aborted password dialog."
return 1 return 1
} }
} }
@ -1268,9 +1268,9 @@ engrave_key() {
_success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE _success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE
# we omit armor strings to save space # we omit armor strings to save space
awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \ awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \
| qrencode --size 4 --level H --casesensitive -o $pngname | qrencode --size 4 --level H --casesensitive -o $pngname
[[ $? != 0 ]] && { [[ $? != 0 ]] && {
_failure "QREncode reported an error." } _failure "QREncode reported an error." }
_success "Operation successful:" _success "Operation successful:"
# TODO: only if verbose and/or not silent # TODO: only if verbose and/or not silent
@ -1377,7 +1377,7 @@ forge_key() {
[[ -n "$algopt" ]] && algo=$algopt [[ -n "$algopt" ]] && algo=$algopt
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \ _message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
$destkey $algo $destkey $algo
TOMBKEYFILE="$destkey" # Set global variable TOMBKEYFILE="$destkey" # Set global variable
@ -1524,7 +1524,7 @@ lock_tomb_with_key() {
_message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher _message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher
_success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \ _success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \
$TOMBPATH $TOMBKEYFILE $TOMBPATH $TOMBKEYFILE
} }
@ -1552,7 +1552,7 @@ change_tomb_key() {
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH } _failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
_load_key $tombkey # Try loading given key and set TOMBKEY and _load_key $tombkey # Try loading given key and set TOMBKEY and
# TOMBKEYFILE # TOMBKEYFILE
local oldkey=$TOMBKEY local oldkey=$TOMBKEY
local oldkeyfile=$TOMBKEYFILE local oldkeyfile=$TOMBKEYFILE
@ -1693,7 +1693,7 @@ mount_tomb() {
_cryptsetup luksOpen ${nstloop} ${mapper} _cryptsetup luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || { [[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }
# preserve the loopdev after exit # preserve the loopdev after exit
lo_preserve "$nstloop" lo_preserve "$nstloop"
@ -1782,8 +1782,8 @@ exec_safe_bind_hooks() {
# No HOME set? Note: this should never happen again. # No HOME set? Note: this should never happen again.
[[ -z $HOME ]] && { [[ -z $HOME ]] && {
_warning "How pitiful! A tomb, and no HOME." _warning "How pitiful! A tomb, and no HOME."
return 1 } return 1 }
[[ -z $mnt || ! -d $mnt ]] && { [[ -z $mnt || ! -d $mnt ]] && {
_warning "Cannot exec bind hooks without a mounted tomb." _warning "Cannot exec bind hooks without a mounted tomb."
@ -1825,7 +1825,7 @@ exec_safe_bind_hooks() {
_warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir _warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir
else else
mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \ mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \
&& mounted+=("$HOME/${maps[$dir]}") && mounted+=("$HOME/${maps[$dir]}")
fi fi
done done
} }
@ -1959,7 +1959,7 @@ BEGIN { main="" }
} || { } || {
# list a specific tomb # list a specific tomb
mount -l \ mount -l \
| awk -vtomb="[$1]" ' | awk -vtomb="[$1]" '
BEGIN { main="" } BEGIN { main="" }
/^\/dev\/mapper\/tomb/ { /^\/dev\/mapper\/tomb/ {
if($7!=tomb) next; if($7!=tomb) next;
@ -2021,10 +2021,10 @@ index_tombs() {
mounted_tombs=(`list_tomb_mounts $1`) mounted_tombs=(`list_tomb_mounts $1`)
[[ ${#mounted_tombs} == 0 ]] && { [[ ${#mounted_tombs} == 0 ]] && {
# Considering one tomb # Considering one tomb
[[ -n "$1" ]] && { [[ -n "$1" ]] && {
_failure "There seems to be no open tomb engraved as [::1::]" $1 } _failure "There seems to be no open tomb engraved as [::1::]" $1 }
# Or more # Or more
_failure "I can't see any open tomb, may they all rest in peace." } _failure "I can't see any open tomb, may they all rest in peace." }
_success "Creating and updating search indexes." _success "Creating and updating search indexes."
@ -2155,13 +2155,13 @@ search_tombs() {
_message "Searching filenames in tomb ::1 tomb name::" $tombname _message "Searching filenames in tomb ::1 tomb name::" $tombname
locate -d ${tombmount}/.updatedb -e -i "${(f)@}" locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
_message "Matches found: ::1 matches::" \ _message "Matches found: ::1 matches::" \
$(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@}) $(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@})
# Use swish-e to search over contents # Use swish-e to search over contents
[[ $SWISH == 1 && -r $tombmount/.swish ]] && { [[ $SWISH == 1 && -r $tombmount/.swish ]] && {
_message "Searching contents in tomb ::1 tomb name::" $tombname _message "Searching contents in tomb ::1 tomb name::" $tombname
swish-e -w ${=@} -f $tombmount/.swish -H0 } swish-e -w ${=@} -f $tombmount/.swish -H0 }
} || { } || {
_warning "Skipping tomb ::1 tomb name::: not indexed." $tombname _warning "Skipping tomb ::1 tomb name::: not indexed." $tombname
_warning "Run 'tomb index' to create indexes." } _warning "Run 'tomb index' to create indexes." }
done done
@ -2233,7 +2233,7 @@ resize_tomb() {
_cryptsetup luksOpen ${nstloop} ${mapper} _cryptsetup luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || { [[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }
cryptsetup resize "${mapper}" || { cryptsetup resize "${mapper}" || {
_failure "cryptsetup failed to resize ::1 mapper::" $mapper } _failure "cryptsetup failed to resize ::1 mapper::" $mapper }
@ -2273,7 +2273,7 @@ umount_tomb() {
[[ ${#mounted_tombs} -gt 1 && -z "$1" ]] && { [[ ${#mounted_tombs} -gt 1 && -z "$1" ]] && {
_warning "Too many tombs mounted, please specify one (see tomb list)" _warning "Too many tombs mounted, please specify one (see tomb list)"
_warning "or issue the command 'tomb close all' to close them all." _warning "or issue the command 'tomb close all' to close them all."
_failure "Operation aborted." } _failure "Operation aborted." }
for t in ${mounted_tombs}; do for t in ${mounted_tombs}; do
mapper=`basename ${t[(ws:;:)1]}` mapper=`basename ${t[(ws:;:)1]}`
@ -2294,15 +2294,15 @@ umount_tomb() {
[[ -n $SLAM ]] && { [[ -n $SLAM ]] && {
_success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \ _success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \
$tombname $tombmount $tombname $tombmount
_message "Kill all processes busy inside the tomb." _message "Kill all processes busy inside the tomb."
{ slam_tomb "$tombmount" } || { { slam_tomb "$tombmount" } || {
_failure "Cannot slam the tomb ::1 tomb name::" $tombname } _failure "Cannot slam the tomb ::1 tomb name::" $tombname }
} || { } || {
_message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" \ _message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" \
$tombname $tombmount } $tombname $tombmount }
# check if there are binded dirs and close them # check if there are binded dirs and close them
bind_tombs=(`list_tomb_binds $tombname`) bind_tombs=(`list_tomb_binds $tombname`)
for b in ${bind_tombs}; do for b in ${bind_tombs}; do
bind_mapper="${b[(ws:;:)1]}" bind_mapper="${b[(ws:;:)1]}"
@ -2315,12 +2315,12 @@ umount_tomb() {
[[ $? == 1 ]] && { [[ $? == 1 ]] && {
_failure "Cannot slam the bind hook ::1 hook::" $bind_mount } _failure "Cannot slam the bind hook ::1 hook::" $bind_mount }
umount $bind_mount umount $bind_mount
} || { } || {
_warning "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount } _warning "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount }
} }
done done
# Execute post-hooks for eventual cleanup # Execute post-hooks for eventual cleanup
{ option_is_set -n } || { { option_is_set -n } || {
exec_safe_post_hooks ${tombmount%%/} close } exec_safe_post_hooks ${tombmount%%/} close }
@ -2328,17 +2328,17 @@ umount_tomb() {
umount ${tombmount} umount ${tombmount}
[[ $? = 0 ]] || { _warning "Tomb is busy, cannot umount!"; return 1 } [[ $? = 0 ]] || { _warning "Tomb is busy, cannot umount!"; return 1 }
# If we used a default mountpoint and is now empty, delete it # If we used a default mountpoint and is now empty, delete it
[[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount } [[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount }
cryptsetup luksClose $mapper cryptsetup luksClose $mapper
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper } _failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
# Normally the loopback device is detached when unused # Normally the loopback device is detached when unused
[[ -e "/dev/$tombloop" ]] && losetup -d "/dev/$tombloop" [[ -e "/dev/$tombloop" ]] && losetup -d "/dev/$tombloop"
[[ $? = 0 ]] || { [[ $? = 0 ]] || {
_verbose "/dev/$tombloop was already closed." } _verbose "/dev/$tombloop was already closed." }
_success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname _success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname
@ -2434,7 +2434,7 @@ main() {
subcommands_opts[source]="" subcommands_opts[source]=""
subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: " subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: "
subcommands_opts[check]="-ignore-swap " subcommands_opts[check]="-ignore-swap "
# subcommands_opts[translate]="" # subcommands_opts[translate]=""
### Detect subcommand ### Detect subcommand
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
@ -2445,20 +2445,20 @@ main() {
done done
local -a oldstar local -a oldstar
oldstar=("${(@)argv}") oldstar=("${(@)argv}")
#### detect early: useful for --optiion-parsing #### detect early: useful for --optiion-parsing
zparseopts -M -D -Adiscardme ${every_opts} zparseopts -M -D -Adiscardme ${every_opts}
if [[ -n ${(k)discardme[--option-parsing]} ]]; then if [[ -n ${(k)discardme[--option-parsing]} ]]; then
print $1 print $1
if [[ -n "$1" ]]; then if [[ -n "$1" ]]; then
return 1 return 1
fi
return 0
fi fi
unset discardme return 0
fi
unset discardme
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
_failure "Error parsing." _failure "Error parsing."
return 127 return 127
fi fi
unset discardme unset discardme
subcommand=$1 subcommand=$1
if [[ -z $subcommand ]]; then if [[ -z $subcommand ]]; then
@ -2527,7 +2527,7 @@ main() {
[[ -z $_UID ]] || { [[ -z $_UID ]] || {
_verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." \ _verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." \
$_UID $_GID $_TTY $_UID $_GID $_TTY
} }
_verbose "Temporary directory: $TMPPREFIX" _verbose "Temporary directory: $TMPPREFIX"
@ -2535,51 +2535,51 @@ main() {
# Process subcommand # Process subcommand
case "$subcommand" in case "$subcommand" in
# USAGE # USAGE
help) help)
usage usage
;; ;;
# DEPRECATION notice (leave here as 'create' is still present in old docs) # DEPRECATION notice (leave here as 'create' is still present in old docs)
create) create)
_warning "The create command is deprecated, please use dig, forge and lock instead." _warning "The create command is deprecated, please use dig, forge and lock instead."
_warning "For more informations see Tomb's manual page (man tomb)." _warning "For more informations see Tomb's manual page (man tomb)."
_failure "Operation aborted." _failure "Operation aborted."
;; ;;
# CREATE Step 1: dig -s NN file.tomb # CREATE Step 1: dig -s NN file.tomb
dig) dig)
check_priv check_priv
dig_tomb ${=PARAM} dig_tomb ${=PARAM}
;; ;;
# CREATE Step 2: forge file.tomb.key # CREATE Step 2: forge file.tomb.key
forge) forge)
check_priv check_priv
forge_key ${=PARAM} forge_key ${=PARAM}
;; ;;
# CREATE Step 2: lock -k file.tomb.key file.tomb # CREATE Step 2: lock -k file.tomb.key file.tomb
lock) lock)
check_priv check_priv
lock_tomb_with_key ${=PARAM} lock_tomb_with_key ${=PARAM}
;; ;;
# Open the tomb # Open the tomb
mount|open) mount|open)
check_priv check_priv
mount_tomb $PARAM[1] $PARAM[2] mount_tomb $PARAM[1] $PARAM[2]
;; ;;
# Close the tomb # Close the tomb
# `slam` is used to force closing. # `slam` is used to force closing.
umount|close|slam) umount|close|slam)
check_priv check_priv
[[ "$subcommand" == "slam" ]] && SLAM=1 [[ "$subcommand" == "slam" ]] && SLAM=1
umount_tomb $PARAM[1] umount_tomb $PARAM[1]
;; ;;
# Grow tomb's size # Grow tomb's size
resize) resize)
[[ $RESIZER == 0 ]] && { [[ $RESIZER == 0 ]] && {
_failure "Resize2fs not installed: cannot resize tombs." } _failure "Resize2fs not installed: cannot resize tombs." }
@ -2587,53 +2587,53 @@ main() {
resize_tomb $PARAM[1] resize_tomb $PARAM[1]
;; ;;
## Contents manipulation ## Contents manipulation
# Index tomb contents # Index tomb contents
index) index)
index_tombs $PARAM[1] index_tombs $PARAM[1]
;; ;;
# List tombs # List tombs
list) list)
list_tombs $PARAM[1] list_tombs $PARAM[1]
;; ;;
# Search tomb contents # Search tomb contents
search) search)
search_tombs ${=PARAM} search_tombs ${=PARAM}
;; ;;
## Locking operations ## Locking operations
# Export key to QR Code # Export key to QR Code
engrave) engrave)
[[ $QRENCODE == 0 ]] && { [[ $QRENCODE == 0 ]] && {
_failure "QREncode not installed: cannot engrave keys on paper." } _failure "QREncode not installed: cannot engrave keys on paper." }
engrave_key ${=PARAM} engrave_key ${=PARAM}
;; ;;
# Change password on existing key # Change password on existing key
passwd) passwd)
check_priv check_priv
change_passwd $PARAM[1] change_passwd $PARAM[1]
;; ;;
# Change tomb key # Change tomb key
setkey) setkey)
check_priv check_priv
change_tomb_key ${=PARAM} change_tomb_key ${=PARAM}
;; ;;
# STEGANOGRAPHY: hide key inside an image # STEGANOGRAPHY: hide key inside an image
bury) bury)
[[ $STEGHIDE == 0 ]] && { [[ $STEGHIDE == 0 ]] && {
_failure "Steghide not installed: cannot bury keys into images." } _failure "Steghide not installed: cannot bury keys into images." }
bury_key $PARAM[1] bury_key $PARAM[1]
;; ;;
# STEGANOGRAPHY: read key hidden in an image # STEGANOGRAPHY: read key hidden in an image
exhume) exhume)
[[ $STEGHIDE == 0 ]] && { [[ $STEGHIDE == 0 ]] && {
_failure "Steghide not installed: cannot exhume keys from images." } _failure "Steghide not installed: cannot exhume keys from images." }
exhume_key $PARAM[1] exhume_key $PARAM[1]
@ -2641,45 +2641,45 @@ main() {
## Internal commands useful to developers ## Internal commands useful to developers
# Make tomb functions available to the calling shell or script # Make tomb functions available to the calling shell or script
'source') return 0 ;; 'source') return 0 ;;
# Ask user for a password interactively # Ask user for a password interactively
askpass) ask_password $PARAM[1] $PARAM[2] ;; askpass) ask_password $PARAM[1] $PARAM[2] ;;
# Default operation: presentation, or version information with -v # Default operation: presentation, or version information with -v
__default) __default)
_print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION _print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION
_print "\000" _print "\000"
_print " Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+" _print " Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+"
_print " This is free software: you are free to change and redistribute it" _print " This is free software: you are free to change and redistribute it"
_print " For the latest sourcecode go to <http://dyne.org/software/tomb>" _print " For the latest sourcecode go to <http://dyne.org/software/tomb>"
_print "\000" _print "\000"
option_is_set -v && { option_is_set -v && {
_print " This source code is distributed in the hope that it will be useful," _print " This source code is distributed in the hope that it will be useful,"
_print " but WITHOUT ANY WARRANTY; without even the implied warranty of" _print " but WITHOUT ANY WARRANTY; without even the implied warranty of"
_print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." _print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
_print " When in need please refer to <http://dyne.org/support>." _print " When in need please refer to <http://dyne.org/support>."
_print "\000" _print "\000"
_print "System utils:" _print "System utils:"
_print "\000" _print "\000"
cat <<EOF cat <<EOF
`sudo -V | head -n1` `sudo -V | head -n1`
`cryptsetup --version` `cryptsetup --version`
`pinentry --version` `pinentry --version`
`gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers): `gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
`list_gnupg_ciphers` `list_gnupg_ciphers`
EOF EOF
_print "\000" _print "\000"
_print "Optional utils:" _print "Optional utils:"
_print "\000" _print "\000"
_list_optional_tools version _list_optional_tools version
return 0 return 0
} }
usage usage
;; ;;
# Reject unknown command and suggest help # Reject unknown command and suggest help
*) *)
_warning "Command \"::1 subcommand::\" not recognized." $subcommand _warning "Command \"::1 subcommand::\" not recognized." $subcommand
_message "Try -h for help." _message "Try -h for help."