Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-11 07:30:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

whitespace cleanup and correct indentation to 4 spaces (no tabs)

Browse Source
This commit is contained in:
Jaromil 2014-11-23 18:25:42 +01:00
parent aba0fa5191
commit 99581a5faa
1 changed files with 189 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

378
tomb
View File

@ -25,12 +25,12 @@
# modify it under the terms of the GNU Public License as published by # modify it under the terms of the GNU Public License as published by
# the Free Software Foundation; either version 3 of the License, or # the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version. # (at your option) any later version.
# #
# This source code is distributed in the hope that it will be useful, # This source code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Please refer # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Please refer
# to the GNU Public License for more details. # to the GNU Public License for more details.
# #
# You should have received a copy of the GNU Public License along with # You should have received a copy of the GNU Public License along with
# this source code; if not, write to: Free Software Foundation, Inc., # this source code; if not, write to: Free Software Foundation, Inc.,
# 675 Mass Ave, Cambridge, MA 02139, USA. # 675 Mass Ave, Cambridge, MA 02139, USA.
@ -176,26 +176,26 @@ _whoami() {
# Get GID from option -G or the environment # Get GID from option -G or the environment
option_is_set -G \ option_is_set -G \
&& _GID=$(option_value -G) || _GID=$(id -g $_USER) && _GID=$(option_value -G) || _GID=$(id -g $_USER)
# Get UID from option -U or the environment # Get UID from option -U or the environment
option_is_set -U \ option_is_set -U \
&& _UID=$(option_value -U) || _UID=$(id -u $_USER) && _UID=$(option_value -U) || _UID=$(id -u $_USER)
_verbose "Identified caller: ::1 username:: (::2 UID:::::3 GID::)" $_USER $_UID $_GID _verbose "Identified caller: ::1 username:: (::2 UID:::::3 GID::)" $_USER $_UID $_GID
# Update USERNAME accordingly if we can # Update USERNAME accordingly if we can
[[ EUID == 0 && $_USER != $USERNAME ]] && { [[ EUID == 0 && $_USER != $USERNAME ]] && {
_verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER _verbose "Updating USERNAME from '::1 USERNAME::' to '::2 _USER::')" $USERNAME $_USER
USERNAME=$_USER USERNAME=$_USER
} }
# Force HOME to _USER's HOME if necessary # Force HOME to _USER's HOME if necessary
local home=$(awk -F: "/$_USER/ { print \$6 }" /etc/passwd 2>/dev/null) local home=$(awk -F: "/$_USER/ { print \$6 }" /etc/passwd 2>/dev/null)
[[ $home == $HOME ]] || { [[ $home == $HOME ]] || {
_verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \ _verbose "Updating HOME to match user's: ::1 home:: (was ::2 HOME::)" \
$home $HOME $home $HOME
HOME=$home } HOME=$home }
# Get connecting TTY from option -T or the environment # Get connecting TTY from option -T or the environment
option_is_set -T && _TTY=$(option_value -T) option_is_set -T && _TTY=$(option_value -T)
@ -209,7 +209,7 @@ _plot() {
# We set global variables # We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME
TOMBPATH="$1" TOMBPATH="$1"
TOMBDIR=$(dirname $TOMBPATH) TOMBDIR=$(dirname $TOMBPATH)
@ -220,7 +220,7 @@ _plot() {
# It can start with dots: ..foo.tomb -> ..foo # It can start with dots: ..foo.tomb -> ..foo
TOMBNAME="${TOMBFILE%\.[^\.]*}" TOMBNAME="${TOMBFILE%\.[^\.]*}"
[[ -z $TOMBNAME ]] && { [[ -z $TOMBNAME ]] && {
_failure "Tomb won't work without a TOMBNAME." } _failure "Tomb won't work without a TOMBNAME." }
# Normalize tomb name # Normalize tomb name
TOMBFILE="$TOMBNAME.tomb" TOMBFILE="$TOMBNAME.tomb"
@ -233,10 +233,10 @@ _plot() {
# Provide a random filename in shared memory # Provide a random filename in shared memory
_tmp_create() { _tmp_create() {
[[ -d "$TMPPREFIX" ]] || { [[ -d "$TMPPREFIX" ]] || {
mkdir -m 777 "$TMPPREFIX" mkdir -m 777 "$TMPPREFIX"
[[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX" [[ $? == 0 ]] || _failure "Fatal error creating the temporary directory: ::1 temp dir::" "$TMPPREFIX"
# we create the tempdir with the sticky bit on # we create the tempdir with the sticky bit on
chmod o+t "$TMPPREFIX" chmod o+t "$TMPPREFIX"
} }
# We're going to add one more $RANDOM for each time someone complain # We're going to add one more $RANDOM for each time someone complain
@ -247,7 +247,7 @@ _tmp_create() {
_failure "Fatal error setting the permission umask for temporary files" } _failure "Fatal error setting the permission umask for temporary files" }
[[ -r "$tfile" ]] && { [[ -r "$tfile" ]] && {
_failure "Someone is messing up with us trying to hijack temporary files." } _failure "Someone is messing up with us trying to hijack temporary files." }
touch "$tfile" touch "$tfile"
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
@ -286,7 +286,7 @@ _ensure_safe_swap() {
r=1 r=1
break break
elif [[ "$bone" =~ "symbolic link" ]]; then elif [[ "$bone" =~ "symbolic link" ]]; then
# Might link to a block # Might link to a block
r=1 r=1
[[ "/dev/mapper" == "${s%/*}" ]] || { break } [[ "/dev/mapper" == "${s%/*}" ]] || { break }
@ -326,7 +326,7 @@ _check_swap() {
return 0 return 0
;; ;;
*) # Unencrypted swap *) # Unencrypted swap
_failure "Operation aborted." _failure "Operation aborted."
;; ;;
esac esac
fi fi
@ -345,10 +345,10 @@ ask_password() {
# Force pinentry to use a custom icon by overriding the GTK theme # Force pinentry to use a custom icon by overriding the GTK theme
# temporarily. # temporarily.
for prefix in /usr/local /usr; do for prefix in /usr/local /usr; do
[[ -r "$prefix/$gtkrc" ]] && { [[ -r "$prefix/$gtkrc" ]] && {
GTK2_RC="$prefix/$gtkrc" GTK2_RC="$prefix/$gtkrc"
break break
} }
done done
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} ${PINENTRY} 2>/dev/null | tail -n +7 output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} ${PINENTRY} 2>/dev/null | tail -n +7
@ -499,60 +499,60 @@ dump_secrets() {
# {{{ Commandline interaction # {{{ Commandline interaction
usage() { usage() {
_print "Syntax: tomb [options] command [arguments]" _print "Syntax: tomb [options] command [arguments]"
_print "\000" _print "\000"
_print "Commands:" _print "Commands:"
_print "\000" _print "\000"
_print " // Creation:" _print " // Creation:"
_print " dig create a new empty TOMB file of size -s in MB" _print " dig create a new empty TOMB file of size -s in MB"
_print " forge create a new KEY file and set its password" _print " forge create a new KEY file and set its password"
_print " lock installs a lock on a TOMB to use it with KEY" _print " lock installs a lock on a TOMB to use it with KEY"
_print "\000" _print "\000"
_print " // Operations on tombs:" _print " // Operations on tombs:"
_print " open open an existing TOMB" _print " open open an existing TOMB"
_print " index update the search indexes of tombs" _print " index update the search indexes of tombs"
_print " search looks for filenames matching text patterns" _print " search looks for filenames matching text patterns"
_print " list list of open TOMBs and information on them" _print " list list of open TOMBs and information on them"
_print " close close a specific TOMB (or 'all')" _print " close close a specific TOMB (or 'all')"
_print " slam slam a TOMB killing all programs using it" _print " slam slam a TOMB killing all programs using it"
[[ $RESIZER == 1 ]] && { [[ $RESIZER == 1 ]] && {
_print " resize resize a TOMB to a new size -s (can only grow)" _print " resize resize a TOMB to a new size -s (can only grow)"
} }
_print "\000" _print "\000"
_print " // Operations on keys:" _print " // Operations on keys:"
_print " passwd change the password of a KEY (needs old pass)" _print " passwd change the password of a KEY (needs old pass)"
_print " setkey change the KEY locking a TOMB (needs old key and pass)" _print " setkey change the KEY locking a TOMB (needs old key and pass)"
_print "\000" _print "\000"
[[ $QRENCODE == 1 ]] && { [[ $QRENCODE == 1 ]] && {
_print " // Backup on paper:" _print " // Backup on paper:"
_print " engrave makes a QR code of a KEY to be saved on paper" _print " engrave makes a QR code of a KEY to be saved on paper"
} }
_print "\000" _print "\000"
[[ $STEGHIDE == 1 ]] && { [[ $STEGHIDE == 1 ]] && {
_print " // Steganography:" _print " // Steganography:"
_print " bury hide a KEY inside a JPEG image (for use with -k)" _print " bury hide a KEY inside a JPEG image (for use with -k)"
_print " exhume extract a KEY from a JPEG image (prints to stdout)" _print " exhume extract a KEY from a JPEG image (prints to stdout)"
} }
_print "\000" _print "\000"
_print "Options:" _print "Options:"
_print "\000" _print "\000"
_print " -s size of the tomb file when creating/resizing one (in MB)" _print " -s size of the tomb file when creating/resizing one (in MB)"
_print " -k path to the key to be used ('-k -' to read from stdin)" _print " -k path to the key to be used ('-k -' to read from stdin)"
_print " -n don't process the hooks found in tomb" _print " -n don't process the hooks found in tomb"
_print " -o mount options used to open (default: rw,noatime,nodev)" _print " -o mount options used to open (default: rw,noatime,nodev)"
_print " -f force operation (i.e. even if swap is active)" _print " -f force operation (i.e. even if swap is active)"
[[ $KDF == 1 ]] && { [[ $KDF == 1 ]] && {
_print " --kdf generate passwords armored against dictionary attacks" _print " --kdf generate passwords armored against dictionary attacks"
} }
_print "\000" _print "\000"
_print " -h print this help" _print " -h print this help"
_print " -v print version, license and list of available ciphers" _print " -v print version, license and list of available ciphers"
_print " -q run quietly without printing informations" _print " -q run quietly without printing informations"
_print " -D print debugging information at runtime" _print " -D print debugging information at runtime"
_print "\000" _print "\000"
_print "For more informations on Tomb read the manual: man tomb" _print "For more informations on Tomb read the manual: man tomb"
_print "Please report bugs on <http://github.com/dyne/tomb/issues>." _print "Please report bugs on <http://github.com/dyne/tomb/issues>."
} }
@ -692,7 +692,7 @@ _list_optional_tools() {
_deps=(gettext dcfldd wipe mkfs.ext4 steghide e2fsck) _deps=(gettext dcfldd wipe mkfs.ext4 steghide e2fsck)
_deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv) _deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv)
for d in $_deps; do for d in $_deps; do
_print "`which $d`" _print "`which $d`"
done done
return 0 return 0
} }
@ -709,7 +709,7 @@ _ensure_dependencies() {
# Check for required programs # Check for required programs
for req in cryptsetup pinentry sudo gpg; do for req in cryptsetup pinentry sudo gpg; do
command -v $req 1>/dev/null 2>/dev/null || { command -v $req 1>/dev/null 2>/dev/null || {
_failure "Missing required dependency ::1 command::. Please install it." $req } _failure "Missing required dependency ::1 command::. Please install it." $req }
done done
# Ensure system binaries are available in the PATH # Ensure system binaries are available in the PATH
@ -764,20 +764,20 @@ is_valid_key() {
return 0 } return 0 }
[[ -z $key ]] && { [[ -z $key ]] && {
_warning "is_valid_key() called without an argument." _warning "is_valid_key() called without an argument."
return 1 return 1
} }
# If the key file is an image don't check file header # If the key file is an image don't check file header
[[ -r $TOMBKEYFILE ]] \ [[ -r $TOMBKEYFILE ]] \
&& [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \ && [[ $(file $TOMBKEYFILE) =~ "JP.G" ]] \
&& { && {
_message "Key is an image, it might be valid." _message "Key is an image, it might be valid."
return 0 } return 0 }
[[ $key =~ "BEGIN PGP" ]] && { [[ $key =~ "BEGIN PGP" ]] && {
_message "Key is valid." _message "Key is valid."
return 0 } return 0 }
return 1 return 1
} }
@ -823,7 +823,7 @@ _load_key() {
TOMBSECRET=$(cat) TOMBSECRET=$(cat)
else else
_verbose "load_key argument: ::1 key file::" $keyfile _verbose "load_key argument: ::1 key file::" $keyfile
[[ -r $keyfile ]] || _failure "Key not found, specify one using -k." [[ -r $keyfile ]] || _failure "Key not found, specify one using -k."
TOMBKEYFILE=$keyfile TOMBKEYFILE=$keyfile
TOMBKEY="${mapfile[$TOMBKEYFILE]}" TOMBKEY="${mapfile[$TOMBKEYFILE]}"
fi fi
@ -882,7 +882,7 @@ gpg_decrypt() {
# Gets a key file and a password, prints out the decoded contents to # Gets a key file and a password, prints out the decoded contents to
# be used directly by Luks as a cryptographic key # be used directly by Luks as a cryptographic key
get_lukskey() { get_lukskey() {
# $1 is the password # $1 is the password
_verbose "get_lukskey" _verbose "get_lukskey"
_password="$1" _password="$1"
@ -906,7 +906,7 @@ get_lukskey() {
;; ;;
esac esac
# key needs to be exhumed from an image # key needs to be exhumed from an image
elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then
exhume_key $TOMBKEYFILE "$_password" exhume_key $TOMBKEYFILE "$_password"
@ -939,10 +939,10 @@ ask_key_password() {
for c in 1 2 3; do for c in 1 2 3; do
if [[ $c == 1 ]]; then if [[ $c == 1 ]]; then
tombpass=$(exec_as_user ${TOMBEXEC} askpass \ tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to use key: $TOMBKEYFILE") "Insert password to use key: $TOMBKEYFILE")
else else
tombpass=$(exec_as_user ${TOMBEXEC} askpass \ tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to use key: $TOMBKEYFILE (attempt $c)") "Insert password to use key: $TOMBKEYFILE (attempt $c)")
fi fi
if [[ $? != 0 ]]; then if [[ $? != 0 ]]; then
_warning "User aborted password dialog." _warning "User aborted password dialog."
@ -1029,8 +1029,8 @@ change_passwd() {
# takes care to encrypt a key # takes care to encrypt a key
# honored options: --kdf --tomb-pwd -o # honored options: --kdf --tomb-pwd -o
gen_key() { gen_key() {
# $1 the password to use, if not set then ask user # $1 the password to use, if not set then ask user
# -o is the --cipher-algo to use (string taken by GnuPG) # -o is the --cipher-algo to use (string taken by GnuPG)
local algopt="`option_value -o`" local algopt="`option_value -o`"
local algo="${algopt:-AES256}" local algo="${algopt:-AES256}"
# here user is prompted for key password # here user is prompted for key password
@ -1066,8 +1066,8 @@ gen_key() {
header="" header=""
[[ $KDF == 1 ]] && { [[ $KDF == 1 ]] && {
{ option_is_set --kdf } && { { option_is_set --kdf } && {
# KDF is a new key strenghtening technique against brute forcing # KDF is a new key strenghtening technique against brute forcing
# see: https://github.com/dyne/Tomb/issues/82 # see: https://github.com/dyne/Tomb/issues/82
itertime="`option_value --kdf`" itertime="`option_value --kdf`"
# removing support of floating points because they can't be type checked well # removing support of floating points because they can't be type checked well
if [[ "$itertime" != <-> ]]; then if [[ "$itertime" != <-> ]]; then
@ -1168,11 +1168,11 @@ bury_key() {
| steghide embed --embedfile - --coverfile ${imagefile} \ | steghide embed --embedfile - --coverfile ${imagefile} \
-p $TOMBPASSWORD -z 9 -e serpent cbc -p $TOMBPASSWORD -z 9 -e serpent cbc
if [ $? != 0 ]; then if [ $? != 0 ]; then
_warning "Encoding error: steghide reports problems." _warning "Encoding error: steghide reports problems."
res=1 res=1
else else
_success "Tomb key encoded succesfully into image ::1 image file::" $imagefile _success "Tomb key encoded succesfully into image ::1 image file::" $imagefile
res=0 res=0
fi fi
return $res return $res
@ -1188,7 +1188,7 @@ exhume_key() {
local imagefile="$1" # The image file where to look for the key local imagefile="$1" # The image file where to look for the key
local tombpass="$2" # (Optional) the password to use (internal use) local tombpass="$2" # (Optional) the password to use (internal use)
local destkey="$3" # (Optional) the key file where to save the local destkey="$3" # (Optional) the key file where to save the
# result (- for stdout) # result (- for stdout)
local r=1 # Return code (default: fail) local r=1 # Return code (default: fail)
# Ensure the image file is a readable JPEG # Ensure the image file is a readable JPEG
@ -1201,7 +1201,7 @@ exhume_key() {
# the exhumed key on stdout without further checks (internal use) # the exhumed key on stdout without further checks (internal use)
[[ -n "$tombpass" ]] && { [[ -n "$tombpass" ]] && {
TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -) TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -)
[[ $? != 0 ]] && { [[ $? != 0 ]] && {
_failure "Wrong password or no steganographic key found" } _failure "Wrong password or no steganographic key found" }
recover_key $TOMBKEY recover_key $TOMBKEY
@ -1212,16 +1212,16 @@ exhume_key() {
# Ensure we have a valid destination for the key # Ensure we have a valid destination for the key
[[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k) [[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k)
[[ -z $destkey ]] && { [[ -z $destkey ]] && {
destkey="-" # No key was specified: fallback to stdout destkey="-" # No key was specified: fallback to stdout
_message "printing exhumed key on stdout" } _message "printing exhumed key on stdout" }
# Bail out if destination exists, unless -f (force) was passed # Bail out if destination exists, unless -f (force) was passed
[[ $destkey != "-" && -s $destkey ]] && { [[ $destkey != "-" && -s $destkey ]] && {
_warning "File exists: ::1 tomb key::" $destkey _warning "File exists: ::1 tomb key::" $destkey
{ option_is_set -f } && { { option_is_set -f } && {
_warning "Use of --force selected: overwriting." _warning "Use of --force selected: overwriting."
rm -f $destkey rm -f $destkey
} || { } || {
_warning "Make explicit use of --force to overwrite." _warning "Make explicit use of --force to overwrite."
_failure "Refusing to overwrite file. Operation aborted." } _failure "Refusing to overwrite file. Operation aborted." }
} }
@ -1231,12 +1231,12 @@ exhume_key() {
tombpass=$(option_value --tomb-pwd) tombpass=$(option_value --tomb-pwd)
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass _verbose "tomb-pwd = ::1 tomb pass::" $tombpass
} || { } || {
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD [[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
} || { } || {
tombpass=$(exec_as_user ${TOMBEXEC} askpass \ tombpass=$(exec_as_user ${TOMBEXEC} askpass \
"Insert password to exhume key from $imagefile") "Insert password to exhume key from $imagefile")
[[ $? != 0 ]] && { [[ $? != 0 ]] && {
_warning "User aborted password dialog." _warning "User aborted password dialog."
return 1 return 1
} }
} }
@ -1268,9 +1268,9 @@ engrave_key() {
_success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE _success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE
# we omit armor strings to save space # we omit armor strings to save space
awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \ awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \
| qrencode --size 4 --level H --casesensitive -o $pngname | qrencode --size 4 --level H --casesensitive -o $pngname
[[ $? != 0 ]] && { [[ $? != 0 ]] && {
_failure "QREncode reported an error." } _failure "QREncode reported an error." }
_success "Operation successful:" _success "Operation successful:"
# TODO: only if verbose and/or not silent # TODO: only if verbose and/or not silent
@ -1377,7 +1377,7 @@ forge_key() {
[[ -n "$algopt" ]] && algo=$algopt [[ -n "$algopt" ]] && algo=$algopt
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \ _message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
$destkey $algo $destkey $algo
TOMBKEYFILE="$destkey" # Set global variable TOMBKEYFILE="$destkey" # Set global variable
@ -1524,7 +1524,7 @@ lock_tomb_with_key() {
_message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher _message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $TOMBNAME $cipher
_success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \ _success "Your tomb is ready in ::1 tomb path:: and secured with key ::2 tomb key::" \
$TOMBPATH $TOMBKEYFILE $TOMBPATH $TOMBKEYFILE
} }
@ -1552,7 +1552,7 @@ change_tomb_key() {
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH } _failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
_load_key $tombkey # Try loading given key and set TOMBKEY and _load_key $tombkey # Try loading given key and set TOMBKEY and
# TOMBKEYFILE # TOMBKEYFILE
local oldkey=$TOMBKEY local oldkey=$TOMBKEY
local oldkeyfile=$TOMBKEYFILE local oldkeyfile=$TOMBKEYFILE
@ -1634,7 +1634,7 @@ mount_tomb() {
_load_key # Try loading new key from option -k and set TOMBKEYFILE _load_key # Try loading new key from option -k and set TOMBKEYFILE
tombmount=${2:-/media/$TOMBFILE} tombmount=${2:-/media/$TOMBFILE}
[[ -z "$2" ]] && { [[ -z "$2" ]] && {
_message "Mountpoint not specified, using default: ::1 mount point::" $tombmount } _message "Mountpoint not specified, using default: ::1 mount point::" $tombmount }
@ -1693,7 +1693,7 @@ mount_tomb() {
_cryptsetup luksOpen ${nstloop} ${mapper} _cryptsetup luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || { [[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }
# preserve the loopdev after exit # preserve the loopdev after exit
lo_preserve "$nstloop" lo_preserve "$nstloop"
@ -1721,7 +1721,7 @@ mount_tomb() {
_success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount _success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount
local tombtty tombhost tombuid tombuser local tombtty tombhost tombuid tombuser
# print out when was opened the last time, by whom and where # print out when was opened the last time, by whom and where
[[ -r ${tombmount}/.last ]] && { [[ -r ${tombmount}/.last ]] && {
@ -1782,11 +1782,11 @@ exec_safe_bind_hooks() {
# No HOME set? Note: this should never happen again. # No HOME set? Note: this should never happen again.
[[ -z $HOME ]] && { [[ -z $HOME ]] && {
_warning "How pitiful! A tomb, and no HOME." _warning "How pitiful! A tomb, and no HOME."
return 1 } return 1 }
[[ -z $mnt || ! -d $mnt ]] && { [[ -z $mnt || ! -d $mnt ]] && {
_warning "Cannot exec bind hooks without a mounted tomb." _warning "Cannot exec bind hooks without a mounted tomb."
return 1 } return 1 }
[[ -r "$mnt/bind-hooks" ]] || { [[ -r "$mnt/bind-hooks" ]] || {
@ -1825,7 +1825,7 @@ exec_safe_bind_hooks() {
_warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir _warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $mnt $dir
else else
mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \ mount -o bind,$MOUNTOPTS $mnt/$dir $HOME/${maps[$dir]} \
&& mounted+=("$HOME/${maps[$dir]}") && mounted+=("$HOME/${maps[$dir]}")
fi fi
done done
} }
@ -1847,7 +1847,7 @@ exec_safe_post_hooks() {
# Only run if post-hooks has the executable bit set # Only run if post-hooks has the executable bit set
[[ -x $mnt/post-hooks ]] || return [[ -x $mnt/post-hooks ]] || return
# If the file starts with a shebang, run it. # If the file starts with a shebang, run it.
cat $mnt/post-hooks | head -n1 | grep '^#!\s*/' &> /dev/null cat $mnt/post-hooks | head -n1 | grep '^#!\s*/' &> /dev/null
[[ $? == 0 ]] && { [[ $? == 0 ]] && {
_success "Post hooks found, executing as user ::1 user name::." $USERNAME _success "Post hooks found, executing as user ::1 user name::." $USERNAME
@ -1865,7 +1865,7 @@ list_tombs() {
local tombname tombmount tombfs tombfsopts tombloop local tombname tombmount tombfs tombfsopts tombloop
local ts tombtot tombused tombavail tombpercent tombp tombsince local ts tombtot tombused tombavail tombpercent tombp tombsince
local tombtty tombhost tombuid tombuser local tombtty tombhost tombuid tombuser
# list all open tombs # list all open tombs
mounted_tombs=(`list_tomb_mounts $1`) mounted_tombs=(`list_tomb_mounts $1`)
[[ ${#mounted_tombs} == 0 ]] && { [[ ${#mounted_tombs} == 0 ]] && {
@ -1959,7 +1959,7 @@ BEGIN { main="" }
} || { } || {
# list a specific tomb # list a specific tomb
mount -l \ mount -l \
| awk -vtomb="[$1]" ' | awk -vtomb="[$1]" '
BEGIN { main="" } BEGIN { main="" }
/^\/dev\/mapper\/tomb/ { /^\/dev\/mapper\/tomb/ {
if($7!=tomb) next; if($7!=tomb) next;
@ -2021,10 +2021,10 @@ index_tombs() {
mounted_tombs=(`list_tomb_mounts $1`) mounted_tombs=(`list_tomb_mounts $1`)
[[ ${#mounted_tombs} == 0 ]] && { [[ ${#mounted_tombs} == 0 ]] && {
# Considering one tomb # Considering one tomb
[[ -n "$1" ]] && { [[ -n "$1" ]] && {
_failure "There seems to be no open tomb engraved as [::1::]" $1 } _failure "There seems to be no open tomb engraved as [::1::]" $1 }
# Or more # Or more
_failure "I can't see any open tomb, may they all rest in peace." } _failure "I can't see any open tomb, may they all rest in peace." }
_success "Creating and updating search indexes." _success "Creating and updating search indexes."
@ -2155,13 +2155,13 @@ search_tombs() {
_message "Searching filenames in tomb ::1 tomb name::" $tombname _message "Searching filenames in tomb ::1 tomb name::" $tombname
locate -d ${tombmount}/.updatedb -e -i "${(f)@}" locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
_message "Matches found: ::1 matches::" \ _message "Matches found: ::1 matches::" \
$(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@}) $(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@})
# Use swish-e to search over contents # Use swish-e to search over contents
[[ $SWISH == 1 && -r $tombmount/.swish ]] && { [[ $SWISH == 1 && -r $tombmount/.swish ]] && {
_message "Searching contents in tomb ::1 tomb name::" $tombname _message "Searching contents in tomb ::1 tomb name::" $tombname
swish-e -w ${=@} -f $tombmount/.swish -H0 } swish-e -w ${=@} -f $tombmount/.swish -H0 }
} || { } || {
_warning "Skipping tomb ::1 tomb name::: not indexed." $tombname _warning "Skipping tomb ::1 tomb name::: not indexed." $tombname
_warning "Run 'tomb index' to create indexes." } _warning "Run 'tomb index' to create indexes." }
done done
@ -2233,7 +2233,7 @@ resize_tomb() {
_cryptsetup luksOpen ${nstloop} ${mapper} _cryptsetup luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || { [[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }
cryptsetup resize "${mapper}" || { cryptsetup resize "${mapper}" || {
_failure "cryptsetup failed to resize ::1 mapper::" $mapper } _failure "cryptsetup failed to resize ::1 mapper::" $mapper }
@ -2273,7 +2273,7 @@ umount_tomb() {
[[ ${#mounted_tombs} -gt 1 && -z "$1" ]] && { [[ ${#mounted_tombs} -gt 1 && -z "$1" ]] && {
_warning "Too many tombs mounted, please specify one (see tomb list)" _warning "Too many tombs mounted, please specify one (see tomb list)"
_warning "or issue the command 'tomb close all' to close them all." _warning "or issue the command 'tomb close all' to close them all."
_failure "Operation aborted." } _failure "Operation aborted." }
for t in ${mounted_tombs}; do for t in ${mounted_tombs}; do
mapper=`basename ${t[(ws:;:)1]}` mapper=`basename ${t[(ws:;:)1]}`
@ -2294,15 +2294,15 @@ umount_tomb() {
[[ -n $SLAM ]] && { [[ -n $SLAM ]] && {
_success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \ _success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \
$tombname $tombmount $tombname $tombmount
_message "Kill all processes busy inside the tomb." _message "Kill all processes busy inside the tomb."
{ slam_tomb "$tombmount" } || { { slam_tomb "$tombmount" } || {
_failure "Cannot slam the tomb ::1 tomb name::" $tombname } _failure "Cannot slam the tomb ::1 tomb name::" $tombname }
} || { } || {
_message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" \ _message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" \
$tombname $tombmount } $tombname $tombmount }
# check if there are binded dirs and close them # check if there are binded dirs and close them
bind_tombs=(`list_tomb_binds $tombname`) bind_tombs=(`list_tomb_binds $tombname`)
for b in ${bind_tombs}; do for b in ${bind_tombs}; do
bind_mapper="${b[(ws:;:)1]}" bind_mapper="${b[(ws:;:)1]}"
@ -2315,12 +2315,12 @@ umount_tomb() {
[[ $? == 1 ]] && { [[ $? == 1 ]] && {
_failure "Cannot slam the bind hook ::1 hook::" $bind_mount } _failure "Cannot slam the bind hook ::1 hook::" $bind_mount }
umount $bind_mount umount $bind_mount
} || { } || {
_warning "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount } _warning "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount }
} }
done done
# Execute post-hooks for eventual cleanup # Execute post-hooks for eventual cleanup
{ option_is_set -n } || { { option_is_set -n } || {
exec_safe_post_hooks ${tombmount%%/} close } exec_safe_post_hooks ${tombmount%%/} close }
@ -2328,17 +2328,17 @@ umount_tomb() {
umount ${tombmount} umount ${tombmount}
[[ $? = 0 ]] || { _warning "Tomb is busy, cannot umount!"; return 1 } [[ $? = 0 ]] || { _warning "Tomb is busy, cannot umount!"; return 1 }
# If we used a default mountpoint and is now empty, delete it # If we used a default mountpoint and is now empty, delete it
[[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount } [[ "$tombmount" == "/media/$tombname.tomb" ]] && { rmdir $tombmount }
cryptsetup luksClose $mapper cryptsetup luksClose $mapper
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper } _failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
# Normally the loopback device is detached when unused # Normally the loopback device is detached when unused
[[ -e "/dev/$tombloop" ]] && losetup -d "/dev/$tombloop" [[ -e "/dev/$tombloop" ]] && losetup -d "/dev/$tombloop"
[[ $? = 0 ]] || { [[ $? = 0 ]] || {
_verbose "/dev/$tombloop was already closed." } _verbose "/dev/$tombloop was already closed." }
_success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname _success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname
@ -2434,7 +2434,7 @@ main() {
subcommands_opts[source]="" subcommands_opts[source]=""
subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: " subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: "
subcommands_opts[check]="-ignore-swap " subcommands_opts[check]="-ignore-swap "
# subcommands_opts[translate]="" # subcommands_opts[translate]=""
### Detect subcommand ### Detect subcommand
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
@ -2445,20 +2445,20 @@ main() {
done done
local -a oldstar local -a oldstar
oldstar=("${(@)argv}") oldstar=("${(@)argv}")
#### detect early: useful for --optiion-parsing #### detect early: useful for --optiion-parsing
zparseopts -M -D -Adiscardme ${every_opts} zparseopts -M -D -Adiscardme ${every_opts}
if [[ -n ${(k)discardme[--option-parsing]} ]]; then if [[ -n ${(k)discardme[--option-parsing]} ]]; then
print $1 print $1
if [[ -n "$1" ]]; then if [[ -n "$1" ]]; then
return 1 return 1
fi
return 0
fi fi
unset discardme return 0
fi
unset discardme
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
_failure "Error parsing." _failure "Error parsing."
return 127 return 127
fi fi
unset discardme unset discardme
subcommand=$1 subcommand=$1
if [[ -z $subcommand ]]; then if [[ -z $subcommand ]]; then
@ -2527,7 +2527,7 @@ main() {
[[ -z $_UID ]] || { [[ -z $_UID ]] || {
_verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." \ _verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." \
$_UID $_GID $_TTY $_UID $_GID $_TTY
} }
_verbose "Temporary directory: $TMPPREFIX" _verbose "Temporary directory: $TMPPREFIX"
@ -2535,51 +2535,51 @@ main() {
# Process subcommand # Process subcommand
case "$subcommand" in case "$subcommand" in
# USAGE # USAGE
help) help)
usage usage
;; ;;
# DEPRECATION notice (leave here as 'create' is still present in old docs) # DEPRECATION notice (leave here as 'create' is still present in old docs)
create) create)
_warning "The create command is deprecated, please use dig, forge and lock instead." _warning "The create command is deprecated, please use dig, forge and lock instead."
_warning "For more informations see Tomb's manual page (man tomb)." _warning "For more informations see Tomb's manual page (man tomb)."
_failure "Operation aborted." _failure "Operation aborted."
;; ;;
# CREATE Step 1: dig -s NN file.tomb # CREATE Step 1: dig -s NN file.tomb
dig) dig)
check_priv check_priv
dig_tomb ${=PARAM} dig_tomb ${=PARAM}
;; ;;
# CREATE Step 2: forge file.tomb.key # CREATE Step 2: forge file.tomb.key
forge) forge)
check_priv check_priv
forge_key ${=PARAM} forge_key ${=PARAM}
;; ;;
# CREATE Step 2: lock -k file.tomb.key file.tomb # CREATE Step 2: lock -k file.tomb.key file.tomb
lock) lock)
check_priv check_priv
lock_tomb_with_key ${=PARAM} lock_tomb_with_key ${=PARAM}
;; ;;
# Open the tomb # Open the tomb
mount|open) mount|open)
check_priv check_priv
mount_tomb $PARAM[1] $PARAM[2] mount_tomb $PARAM[1] $PARAM[2]
;; ;;
# Close the tomb # Close the tomb
# `slam` is used to force closing. # `slam` is used to force closing.
umount|close|slam) umount|close|slam)
check_priv check_priv
[[ "$subcommand" == "slam" ]] && SLAM=1 [[ "$subcommand" == "slam" ]] && SLAM=1
umount_tomb $PARAM[1] umount_tomb $PARAM[1]
;; ;;
# Grow tomb's size # Grow tomb's size
resize) resize)
[[ $RESIZER == 0 ]] && { [[ $RESIZER == 0 ]] && {
_failure "Resize2fs not installed: cannot resize tombs." } _failure "Resize2fs not installed: cannot resize tombs." }
@ -2587,53 +2587,53 @@ main() {
resize_tomb $PARAM[1] resize_tomb $PARAM[1]
;; ;;
## Contents manipulation ## Contents manipulation
# Index tomb contents # Index tomb contents
index) index)
index_tombs $PARAM[1] index_tombs $PARAM[1]
;; ;;
# List tombs # List tombs
list) list)
list_tombs $PARAM[1] list_tombs $PARAM[1]
;; ;;
# Search tomb contents # Search tomb contents
search) search)
search_tombs ${=PARAM} search_tombs ${=PARAM}
;; ;;
## Locking operations ## Locking operations
# Export key to QR Code # Export key to QR Code
engrave) engrave)
[[ $QRENCODE == 0 ]] && { [[ $QRENCODE == 0 ]] && {
_failure "QREncode not installed: cannot engrave keys on paper." } _failure "QREncode not installed: cannot engrave keys on paper." }
engrave_key ${=PARAM} engrave_key ${=PARAM}
;; ;;
# Change password on existing key # Change password on existing key
passwd) passwd)
check_priv check_priv
change_passwd $PARAM[1] change_passwd $PARAM[1]
;; ;;
# Change tomb key # Change tomb key
setkey) setkey)
check_priv check_priv
change_tomb_key ${=PARAM} change_tomb_key ${=PARAM}
;; ;;
# STEGANOGRAPHY: hide key inside an image # STEGANOGRAPHY: hide key inside an image
bury) bury)
[[ $STEGHIDE == 0 ]] && { [[ $STEGHIDE == 0 ]] && {
_failure "Steghide not installed: cannot bury keys into images." } _failure "Steghide not installed: cannot bury keys into images." }
bury_key $PARAM[1] bury_key $PARAM[1]
;; ;;
# STEGANOGRAPHY: read key hidden in an image # STEGANOGRAPHY: read key hidden in an image
exhume) exhume)
[[ $STEGHIDE == 0 ]] && { [[ $STEGHIDE == 0 ]] && {
_failure "Steghide not installed: cannot exhume keys from images." } _failure "Steghide not installed: cannot exhume keys from images." }
exhume_key $PARAM[1] exhume_key $PARAM[1]
@ -2641,45 +2641,45 @@ main() {
## Internal commands useful to developers ## Internal commands useful to developers
# Make tomb functions available to the calling shell or script # Make tomb functions available to the calling shell or script
'source') return 0 ;; 'source') return 0 ;;
# Ask user for a password interactively # Ask user for a password interactively
askpass) ask_password $PARAM[1] $PARAM[2] ;; askpass) ask_password $PARAM[1] $PARAM[2] ;;
# Default operation: presentation, or version information with -v # Default operation: presentation, or version information with -v
__default) __default)
_print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION _print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION
_print "\000" _print "\000"
_print " Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+" _print " Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+"
_print " This is free software: you are free to change and redistribute it" _print " This is free software: you are free to change and redistribute it"
_print " For the latest sourcecode go to <http://dyne.org/software/tomb>" _print " For the latest sourcecode go to <http://dyne.org/software/tomb>"
_print "\000" _print "\000"
option_is_set -v && { option_is_set -v && {
_print " This source code is distributed in the hope that it will be useful," _print " This source code is distributed in the hope that it will be useful,"
_print " but WITHOUT ANY WARRANTY; without even the implied warranty of" _print " but WITHOUT ANY WARRANTY; without even the implied warranty of"
_print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." _print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
_print " When in need please refer to <http://dyne.org/support>." _print " When in need please refer to <http://dyne.org/support>."
_print "\000" _print "\000"
_print "System utils:" _print "System utils:"
_print "\000" _print "\000"
cat <<EOF cat <<EOF
`sudo -V | head -n1` `sudo -V | head -n1`
`cryptsetup --version` `cryptsetup --version`
`pinentry --version` `pinentry --version`
`gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers): `gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
`list_gnupg_ciphers` `list_gnupg_ciphers`
EOF EOF
_print "\000" _print "\000"
_print "Optional utils:" _print "Optional utils:"
_print "\000" _print "\000"
_list_optional_tools version _list_optional_tools version
return 0 return 0
} }
usage usage
;; ;;
# Reject unknown command and suggest help # Reject unknown command and suggest help
*) *)
_warning "Command \"::1 subcommand::\" not recognized." $subcommand _warning "Command \"::1 subcommand::\" not recognized." $subcommand
_message "Try -h for help." _message "Try -h for help."