From a7d330997efbbb15966a23c712ba7f0707269839 Mon Sep 17 00:00:00 2001 From: Jaromil Date: Wed, 19 Feb 2014 12:08:26 +0100 Subject: [PATCH] fixed correct handling and deletion of keys when taken from stdin --- tomb | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/tomb b/tomb index 9aee97a..5d62be3 100755 --- a/tomb +++ b/tomb @@ -40,7 +40,7 @@ # {{{ Global variables -VERSION=1.4 +VERSION=1.5 DATE="Jun/2013" TOMBEXEC=$0 typeset -a OLDARGS @@ -60,9 +60,6 @@ typeset -A global_opts typeset -A opts typeset -h username -typeset -h tombkeydir # global used if key comes from stdin -tombkeydir="" - typeset -h _uid typeset -h _gid typeset -h _tty @@ -70,7 +67,6 @@ typeset -h _tty # Set a sensible PATH # PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin - # }}} # {{{ Safety functions @@ -308,6 +304,7 @@ is_valid_tomb() { _message "Valid tomb file found: $1" return 0 } + # }}} # {{{ Commandline interaction @@ -554,34 +551,41 @@ load_key() { if [[ "`option_value -k`" == "-" ]]; then xxx "load_key reading from stdin" # take key from stdin - tombkeydir=`safe_dir load_key` + tombkeydir=`safe_dir load_key_stdin` # global used to check if key from stdin xxx "tempdir is $tombkeydir" - cat > ${tombkeydir}/stdin.tmp + cat > ${tombkeydir}/stdin.tmp.key tombdir=${tombkeydir} tombfile=stdin.tmp tombname="stdin" elif [[ "`option_value -k`" != "" ]]; then + xxx "load_key argument: `option_value -k`" # take key from a file tombkey=`option_value -k` tombdir=`dirname $tombkey` tombfile=`basename $tombkey` fi - else - tombkey=${tombdir}/${tombfile}.key fi + tombkey=${tombdir}/${tombfile}.key + xxx "load_key: ${tombkey}" if [ -r "${tombkey}" ]; then - _message "We'll use this key: ${tombkey}" + if [ "$tombkeydir" = "" ]; then + _message "We'll use this key: ${tombkey}" + else + _message "We'll use the key piped from stdin" + fi else _warning "Key not found, specify one using -k" + drop_key return 1 fi # this does a check on the file header if ! is_valid_key ${tombkey}; then _warning "The key seems invalid, the application/pgp header is missing" + drop_key return 1 fi print "$tombkey" @@ -694,9 +698,13 @@ change_passwd() { # To be called after load_key() drop_key() { - { test "$tombkeydir" = "" } && { return 0 } - { test -r ${tombkeydir}/stdin.tmp } && { - ${=WIPE} ${tombkeydir}/stdin.tmp; rmdir ${tombkeydir} } + xxx "drop_key $tombkey" + # delete key if temp stored from stdin + if [[ "$tombkey" =~ "/dev/shm/tomb.load_key_stdin" ]]; then + { test -r ${tombkey} } && { + _message "removing key temporarily stored from stdin" + ${=WIPE} ${tombkey}; rmdir `dirname ${tombkey}` } + fi } #$1 is the keyfile we are checking @@ -712,7 +720,9 @@ is_valid_key() { _warning "Key file is not a regular file: $1"; return 1 } # this header validity check is a virtuosism by Hellekin [[ `file =(awk '/^-+BEGIN/,0' $1)` =~ PGP ]] && { - _message "Valid key file found: $1"; return 0 } + if [ "$tombkeydir" = "" ]; then _message "Valid key file found: $1" + else _message "Valid key file passed from stdin"; fi + return 0 } # if no BEGIN header found then we try to recover it [[ `file $1 -bi` =~ text/plain ]] && { _warning "Key data found with missing headers, attempting recovery" @@ -1379,6 +1389,7 @@ create_tomb() { yes "Tomb $tombname succesfully created" ls -l ${tombfile}* } + # }}} - Creation # {{{ Open