mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-09-29 05:09:02 +00:00
whitespace cleanup
This commit is contained in:
parent
37792ffdc5
commit
c20ca3a920
542
tomb
542
tomb
@ -60,11 +60,11 @@ option_is_set() {
|
|||||||
[[ -n ${(k)opts[$1]} ]];
|
[[ -n ${(k)opts[$1]} ]];
|
||||||
r=$?
|
r=$?
|
||||||
if [[ $2 == out ]]; then
|
if [[ $2 == out ]]; then
|
||||||
if [[ $r == 0 ]]; then
|
if [[ $r == 0 ]]; then
|
||||||
echo 'set'
|
echo 'set'
|
||||||
else
|
else
|
||||||
echo 'unset'
|
echo 'unset'
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
@ -159,7 +159,7 @@ progress() {
|
|||||||
# progress create 90 formatting the tomb
|
# progress create 90 formatting the tomb
|
||||||
# progress create 100 tomb created successfully
|
# progress create 100 tomb created successfully
|
||||||
if ! option_is_set --batch; then
|
if ! option_is_set --batch; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
print "[m][P][$1][$2][$3]" >&2
|
print "[m][P][$1][$2][$3]" >&2
|
||||||
|
|
||||||
@ -184,8 +184,8 @@ check_bin() {
|
|||||||
|
|
||||||
# check for filesystem creation progs
|
# check for filesystem creation progs
|
||||||
command -v mkfs.ext4 > /dev/null && \
|
command -v mkfs.ext4 > /dev/null && \
|
||||||
MKFS="mkfs.ext4 -q -F -j -L" || \
|
MKFS="mkfs.ext4 -q -F -j -L" || \
|
||||||
MKFS="mkfs.ext3 -q -F -j -L"
|
MKFS="mkfs.ext3 -q -F -j -L"
|
||||||
|
|
||||||
# check for mktemp
|
# check for mktemp
|
||||||
command -v mktemp > /dev/null || MKTEMP=0
|
command -v mktemp > /dev/null || MKTEMP=0
|
||||||
@ -195,15 +195,15 @@ check_bin() {
|
|||||||
command -v e2fsck resize2fs > /dev/null || RESIZER=0
|
command -v e2fsck resize2fs > /dev/null || RESIZER=0
|
||||||
|
|
||||||
if which tomb-kdf-pbkdf2 &> /dev/null; then
|
if which tomb-kdf-pbkdf2 &> /dev/null; then
|
||||||
KDF_PBKDF2="tomb-kdf-pbkdf2"
|
KDF_PBKDF2="tomb-kdf-pbkdf2"
|
||||||
else
|
else
|
||||||
local our_pbkdf2
|
local our_pbkdf2
|
||||||
our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
|
our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
|
||||||
if which $our_pbkdf2 &> /dev/null; then
|
if which $our_pbkdf2 &> /dev/null; then
|
||||||
KDF_PBKDF2=$our_pbkdf2
|
KDF_PBKDF2=$our_pbkdf2
|
||||||
else
|
else
|
||||||
KDF_PBKDF2=
|
KDF_PBKDF2=
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -252,7 +252,7 @@ safe_dir() {
|
|||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
_warning "WARNING: we cannot ensure we're running in RAM."
|
_warning "WARNING: we cannot ensure we're running in RAM."
|
||||||
xxx "Wait a bit before retrying... (attempt $tries)"
|
xxx "Wait a bit before retrying... (attempt $tries)"
|
||||||
sync && sleep 0.5
|
sync && sleep 0.5
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@ -308,7 +308,7 @@ SETPROMPT Password:
|
|||||||
GETPIN
|
GETPIN
|
||||||
EOF`
|
EOF`
|
||||||
if [[ `tail -n1 <<<$output` =~ ERR ]]; then
|
if [[ `tail -n1 <<<$output` =~ ERR ]]; then
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
|
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
|
||||||
return 0
|
return 0
|
||||||
@ -336,7 +336,7 @@ check_priv() {
|
|||||||
sudok=false
|
sudok=false
|
||||||
# sudo -n ${TOMBEXEC} &> /dev/null
|
# sudo -n ${TOMBEXEC} &> /dev/null
|
||||||
if ! option_is_set --sudo-pwd; then
|
if ! option_is_set --sudo-pwd; then
|
||||||
if [ $? != 0 ]; then # if not then ask a password
|
if [ $? != 0 ]; then # if not then ask a password
|
||||||
cat <<EOF | pinentry 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
|
cat <<EOF | pinentry 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
|
||||||
OPTION ttyname=$TTY
|
OPTION ttyname=$TTY
|
||||||
OPTION lc-ctype=$LANG
|
OPTION lc-ctype=$LANG
|
||||||
@ -345,10 +345,10 @@ SETDESC Sudo execution of Tomb ${OLDARGS[@]}
|
|||||||
SETPROMPT Insert your USER password:
|
SETPROMPT Insert your USER password:
|
||||||
GETPIN
|
GETPIN
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_verbose "Escalating privileges using sudo-pwd"
|
_verbose "Escalating privileges using sudo-pwd"
|
||||||
sudo -S -v <<<`option_value --sudo-pwd`
|
sudo -S -v <<<`option_value --sudo-pwd`
|
||||||
fi
|
fi
|
||||||
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
|
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
|
||||||
exit $?
|
exit $?
|
||||||
@ -365,10 +365,10 @@ check_command() {
|
|||||||
#before wasting user's time
|
#before wasting user's time
|
||||||
|
|
||||||
if ! option_is_set --ignore-swap && ! option_is_set -f; then
|
if ! option_is_set --ignore-swap && ! option_is_set -f; then
|
||||||
if ! check_swap; then
|
if ! check_swap; then
|
||||||
error "Swap activated. Disable it with swapoff, or use --ignore-swap"
|
error "Swap activated. Disable it with swapoff, or use --ignore-swap"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -464,22 +464,22 @@ EOF
|
|||||||
|
|
||||||
cat $TOMBEXEC | awk '
|
cat $TOMBEXEC | awk '
|
||||||
/(_verbose|xxx) ".*"$/ { sub( /^(_verbose|xxx)/ , "");
|
/(_verbose|xxx) ".*"$/ { sub( /^(_verbose|xxx)/ , "");
|
||||||
print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
|
print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||||
|
|
||||||
/(_success|yes) ".*"$/ { sub( /^(_success|yes)/ , "");
|
/(_success|yes) ".*"$/ { sub( /^(_success|yes)/ , "");
|
||||||
print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
|
print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||||
|
|
||||||
/(_warning|no) ".*"$/ { sub( /^(_warning|no)/ , "");
|
/(_warning|no) ".*"$/ { sub( /^(_warning|no)/ , "");
|
||||||
print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
|
print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||||
|
|
||||||
/(_failure|die) ".*"$/ { sub( /^(_failure|die)/ , "");
|
/(_failure|die) ".*"$/ { sub( /^(_failure|die)/ , "");
|
||||||
print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
|
print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||||
|
|
||||||
/(_message|say) ".*"$/ { sub( /^(_message|say)/ , "");
|
/(_message|say) ".*"$/ { sub( /^(_message|say)/ , "");
|
||||||
print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
|
print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||||
|
|
||||||
/(_message -n|act) ".*"$/ { sub( /^(_message -n|act)/ , "");
|
/(_message -n|act) ".*"$/ { sub( /^(_message -n|act)/ , "");
|
||||||
print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
|
print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||||
'
|
'
|
||||||
}
|
}
|
||||||
# }}}
|
# }}}
|
||||||
@ -554,8 +554,8 @@ decode_key() {
|
|||||||
|
|
||||||
keyfile=${tombname%%\.*}.tomb.key
|
keyfile=${tombname%%\.*}.tomb.key
|
||||||
if [[ -e "$keyfile" ]]; then
|
if [[ -e "$keyfile" ]]; then
|
||||||
_warning "Key file $keyfile already exist."
|
_warning "Key file $keyfile already exist."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_message "Trying to exhume a key out of image $imagefile"
|
_message "Trying to exhume a key out of image $imagefile"
|
||||||
for c in 1 2 3; do
|
for c in 1 2 3; do
|
||||||
@ -612,7 +612,7 @@ BEGIN { ciphers=0 }
|
|||||||
|
|
||||||
exec_safe_bind_hooks() {
|
exec_safe_bind_hooks() {
|
||||||
if [[ -n ${(k)opts[-o]} ]]; then
|
if [[ -n ${(k)opts[-o]} ]]; then
|
||||||
MOUNTOPTS=${opts[-o]}
|
MOUNTOPTS=${opts[-o]}
|
||||||
fi
|
fi
|
||||||
local MOUNTPOINT="${1}"
|
local MOUNTPOINT="${1}"
|
||||||
local ME=${SUDO_USER:-$(whoami)}
|
local ME=${SUDO_USER:-$(whoami)}
|
||||||
@ -685,8 +685,8 @@ forge_key() {
|
|||||||
_message "Commanded to forge key $1"
|
_message "Commanded to forge key $1"
|
||||||
|
|
||||||
if ! [ $1 ]; then
|
if ! [ $1 ]; then
|
||||||
_warning "no key name specified for creation"
|
_warning "no key name specified for creation"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if swap is on, we remind the user about possible data leaks to disk
|
# if swap is on, we remind the user about possible data leaks to disk
|
||||||
@ -716,13 +716,13 @@ forge_key() {
|
|||||||
chmod 0600 ${keytmp}/tomb.tmp
|
chmod 0600 ${keytmp}/tomb.tmp
|
||||||
random_source=/dev/random
|
random_source=/dev/random
|
||||||
if option_is_set --use-urandom; then
|
if option_is_set --use-urandom; then
|
||||||
random_source=/dev/urandom
|
random_source=/dev/urandom
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $DD = "dcfldd" ]]; then
|
if [[ $DD = "dcfldd" ]]; then
|
||||||
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
|
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
|
||||||
else
|
else
|
||||||
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
|
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
|
||||||
fi
|
fi
|
||||||
if ! [ -r ${keytmp}/tomb.tmp ]; then
|
if ! [ -r ${keytmp}/tomb.tmp ]; then
|
||||||
_warning "cannot generate encryption key"
|
_warning "cannot generate encryption key"
|
||||||
@ -744,7 +744,7 @@ forge_key() {
|
|||||||
# this does a check on the file header, virtuosism by hellekin
|
# this does a check on the file header, virtuosism by hellekin
|
||||||
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
|
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
|
||||||
if ! is_valid_key ${tombkey}; then
|
if ! is_valid_key ${tombkey}; then
|
||||||
_warning "The key does not seem to be valid"
|
_warning "The key does not seem to be valid"
|
||||||
_warning "Dumping contents to screen:"
|
_warning "Dumping contents to screen:"
|
||||||
cat ${tombkey}
|
cat ${tombkey}
|
||||||
_warning "--"
|
_warning "--"
|
||||||
@ -774,8 +774,8 @@ dig_tomb() {
|
|||||||
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
|
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
|
||||||
|
|
||||||
if ! [ $1 ]; then
|
if ! [ $1 ]; then
|
||||||
_warning "no tomb name specified for creation"
|
_warning "no tomb name specified for creation"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
@ -827,9 +827,9 @@ dig_tomb() {
|
|||||||
# it take arguments as the LUKS cipher to be used
|
# it take arguments as the LUKS cipher to be used
|
||||||
lock_tomb_with_key() {
|
lock_tomb_with_key() {
|
||||||
if ! [ $1 ]; then
|
if ! [ $1 ]; then
|
||||||
_warning "no tomb specified for locking"
|
_warning "no tomb specified for locking"
|
||||||
_warning "usage: tomb lock file.tomb file.tomb.key"
|
_warning "usage: tomb lock file.tomb file.tomb.key"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
tombfile=`basename $1`
|
tombfile=`basename $1`
|
||||||
@ -853,10 +853,10 @@ lock_tomb_with_key() {
|
|||||||
xxx "loop mounted on ${nstloop}"
|
xxx "loop mounted on ${nstloop}"
|
||||||
|
|
||||||
_message "checking if the tomb is empty (we never step on somebody else's bones)"
|
_message "checking if the tomb is empty (we never step on somebody else's bones)"
|
||||||
cryptsetup isLuks ${nstloop}
|
cryptsetup isLuks ${nstloop}
|
||||||
if [ $? = 0 ]; then
|
if [ $? = 0 ]; then
|
||||||
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
||||||
_warning "The tomb was already locked with another key"
|
_warning "The tomb was already locked with another key"
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
die "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
|
die "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
|
||||||
else
|
else
|
||||||
@ -873,11 +873,11 @@ lock_tomb_with_key() {
|
|||||||
tombkey=${tombkeydir}/stdin.tmp
|
tombkey=${tombkeydir}/stdin.tmp
|
||||||
else
|
else
|
||||||
# take key from a file
|
# take key from a file
|
||||||
tombkey=`option_value -k`
|
tombkey=`option_value -k`
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
# guess key as lying besides the tomb
|
# guess key as lying besides the tomb
|
||||||
tombkey=${tombdir}/${tombname}.tomb.key
|
tombkey=${tombdir}/${tombname}.tomb.key
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -r "${tombkey}" ]; then
|
if [ -r "${tombkey}" ]; then
|
||||||
@ -892,13 +892,13 @@ lock_tomb_with_key() {
|
|||||||
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
|
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
|
||||||
if ! is_valid_key ${tombkey}; then
|
if ! is_valid_key ${tombkey}; then
|
||||||
_warning "The key seems invalid, the application/pgp header is missing"
|
_warning "The key seems invalid, the application/pgp header is missing"
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
die "Operation aborted."
|
die "Operation aborted."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# the encryption cipher for a tomb can be set at creation using -o
|
# the encryption cipher for a tomb can be set at creation using -o
|
||||||
if option_is_set -o; then
|
if option_is_set -o; then
|
||||||
cipher="`option_value -o`"
|
cipher="`option_value -o`"
|
||||||
else
|
else
|
||||||
cipher="aes-cbc-essiv:sha256"
|
cipher="aes-cbc-essiv:sha256"
|
||||||
fi
|
fi
|
||||||
@ -908,20 +908,20 @@ lock_tomb_with_key() {
|
|||||||
_message "a password is required to use key ${keyname}"
|
_message "a password is required to use key ${keyname}"
|
||||||
local passok=0
|
local passok=0
|
||||||
if option_is_set --tomb-pwd; then
|
if option_is_set --tomb-pwd; then
|
||||||
tombpass=`option_value --tomb-pwd`
|
tombpass=`option_value --tomb-pwd`
|
||||||
else
|
else
|
||||||
for c in 1 2 3; do
|
for c in 1 2 3; do
|
||||||
if [ $c = 1 ]; then
|
if [ $c = 1 ]; then
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
|
||||||
else
|
else
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
|
||||||
fi
|
fi
|
||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
die "User aborted"
|
die "User aborted"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
get_lukskey "${tombpass}" ${tombkey} >/dev/null
|
get_lukskey "${tombpass}" ${tombkey} >/dev/null
|
||||||
if [ $? = 0 ]; then
|
if [ $? = 0 ]; then
|
||||||
passok=1; _message "Password OK."
|
passok=1; _message "Password OK."
|
||||||
break;
|
break;
|
||||||
@ -984,8 +984,8 @@ lock_tomb_with_key() {
|
|||||||
# backward compatibility
|
# backward compatibility
|
||||||
create_tomb() {
|
create_tomb() {
|
||||||
if ! [ $1 ]; then
|
if ! [ $1 ]; then
|
||||||
_warning "no tomb name specified for creation"
|
_warning "no tomb name specified for creation"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
dig_tomb ${=PARAM}
|
dig_tomb ${=PARAM}
|
||||||
@ -1023,21 +1023,21 @@ get_lukskey() {
|
|||||||
firstline=`head -n1 $keyfile`
|
firstline=`head -n1 $keyfile`
|
||||||
xxx "get_lukskey XXX $keyfile"
|
xxx "get_lukskey XXX $keyfile"
|
||||||
if [[ $firstline =~ '^_KDF_' ]]; then
|
if [[ $firstline =~ '^_KDF_' ]]; then
|
||||||
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
|
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
|
||||||
case `cut -d_ -f 3 <<<$firstline` in
|
case `cut -d_ -f 3 <<<$firstline` in
|
||||||
pbkdf2sha1)
|
pbkdf2sha1)
|
||||||
if [[ -z $KDF_PBKDF2 ]]; then
|
if [[ -z $KDF_PBKDF2 ]]; then
|
||||||
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
||||||
fi
|
fi
|
||||||
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
|
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
|
||||||
tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
|
tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
|
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
|
||||||
unset tombpass
|
unset tombpass
|
||||||
return 1
|
return 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
print ${tombpass} | \
|
print ${tombpass} | \
|
||||||
gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 2 \
|
gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 2 \
|
||||||
@ -1057,29 +1057,29 @@ gen_key() {
|
|||||||
local tombpass=""
|
local tombpass=""
|
||||||
local tombpasstmp=""
|
local tombpasstmp=""
|
||||||
if ! option_is_set --tomb-pwd; then
|
if ! option_is_set --tomb-pwd; then
|
||||||
while true; do
|
while true; do
|
||||||
# 3 tries to write two times a matching password
|
# 3 tries to write two times a matching password
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
|
||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
die "User aborted"
|
die "User aborted"
|
||||||
fi
|
fi
|
||||||
if [ -z $tombpass ]; then
|
if [ -z $tombpass ]; then
|
||||||
_warning "you set empty password, which is not possible"
|
_warning "you set empty password, which is not possible"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
tombpasstmp=$tombpass
|
tombpasstmp=$tombpass
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
|
||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
die "User aborted"
|
die "User aborted"
|
||||||
fi
|
fi
|
||||||
if [ "$tombpasstmp" = "$tombpass" ]; then
|
if [ "$tombpasstmp" = "$tombpass" ]; then
|
||||||
break;
|
break;
|
||||||
fi
|
fi
|
||||||
unset tombpasstmp
|
unset tombpasstmp
|
||||||
unset tombpass
|
unset tombpass
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
tombpass=`option_value --tomb-pwd`
|
tombpass=`option_value --tomb-pwd`
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
@ -1088,40 +1088,40 @@ gen_key() {
|
|||||||
_verbose "KDF method chosen is: '`option_value --kdf`'"
|
_verbose "KDF method chosen is: '`option_value --kdf`'"
|
||||||
kdf_method=$(cut -d: -f1 <<<`option_value --kdf` )
|
kdf_method=$(cut -d: -f1 <<<`option_value --kdf` )
|
||||||
case $kdf_method in
|
case $kdf_method in
|
||||||
pbkdf2)
|
pbkdf2)
|
||||||
if [[ -z $KDF_PBKDF2 ]]; then
|
if [[ -z $KDF_PBKDF2 ]]; then
|
||||||
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
||||||
fi
|
fi
|
||||||
# --kdf takes one parameter: iter time (on present machine) in seconds
|
# --kdf takes one parameter: iter time (on present machine) in seconds
|
||||||
seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
|
seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
|
||||||
if [[ -z $seconds ]]; then
|
if [[ -z $seconds ]]; then
|
||||||
seconds=1
|
seconds=1
|
||||||
fi
|
fi
|
||||||
local -i microseconds
|
local -i microseconds
|
||||||
microseconds=$((seconds*1000000))
|
microseconds=$((seconds*1000000))
|
||||||
_verbose "Microseconds: $microseconds"
|
_verbose "Microseconds: $microseconds"
|
||||||
pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
|
pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
|
||||||
pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
|
pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
|
||||||
# We use a length of 64bytes = 512bits (more than needed!?)
|
# We use a length of 64bytes = 512bits (more than needed!?)
|
||||||
tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
||||||
|
|
||||||
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
||||||
;;
|
;;
|
||||||
""|null)
|
""|null)
|
||||||
|
|
||||||
header=""
|
header=""
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
_warning "KDF method non recognized"
|
_warning "KDF method non recognized"
|
||||||
return 1
|
return 1
|
||||||
header=""
|
header=""
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
echo -n $header
|
echo -n $header
|
||||||
|
|
||||||
print "${tombpass}" \
|
print "${tombpass}" \
|
||||||
| gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \
|
| gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \
|
||||||
-o - -c -a ${lukskey}
|
-o - -c -a ${lukskey}
|
||||||
|
|
||||||
unset tombpass
|
unset tombpass
|
||||||
}
|
}
|
||||||
@ -1136,8 +1136,8 @@ mount_tomb() {
|
|||||||
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
|
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
|
||||||
|
|
||||||
if ! [ ${1} ]; then
|
if ! [ ${1} ]; then
|
||||||
_warning "no tomb name specified for creation"
|
_warning "no tomb name specified for creation"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
@ -1168,11 +1168,11 @@ mount_tomb() {
|
|||||||
tombkey=${tombkeydir}/stdin.tmp
|
tombkey=${tombkeydir}/stdin.tmp
|
||||||
else
|
else
|
||||||
# take key from a file
|
# take key from a file
|
||||||
tombkey=`option_value -k`
|
tombkey=`option_value -k`
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
# guess key as lying besides the tomb
|
# guess key as lying besides the tomb
|
||||||
tombkey=${tombdir}/${tombfile}.key
|
tombkey=${tombdir}/${tombfile}.key
|
||||||
fi
|
fi
|
||||||
if ! [ -r ${tombkey} ]; then
|
if ! [ -r ${tombkey} ]; then
|
||||||
_warning "key file not found: ${tombkey}"
|
_warning "key file not found: ${tombkey}"
|
||||||
@ -1181,11 +1181,11 @@ mount_tomb() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if ! [ $2 ]; then
|
if ! [ $2 ]; then
|
||||||
tombmount=/media/${tombfile}
|
tombmount=/media/${tombfile}
|
||||||
_message "mountpoint not specified, using default: $tombmount"
|
_message "mountpoint not specified, using default: $tombmount"
|
||||||
elif ! [ -x $2 ]; then
|
elif ! [ -x $2 ]; then
|
||||||
_warning "mountpoint $2 doesn't exist, operation aborted."
|
_warning "mountpoint $2 doesn't exist, operation aborted."
|
||||||
return 1
|
return 1
|
||||||
else
|
else
|
||||||
tombmount=$2
|
tombmount=$2
|
||||||
fi
|
fi
|
||||||
@ -1193,7 +1193,7 @@ mount_tomb() {
|
|||||||
# check if its already open
|
# check if its already open
|
||||||
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
|
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
|
||||||
if [ $? = 0 ]; then
|
if [ $? = 0 ]; then
|
||||||
_warning "$tombname is already open on $tombmount"
|
_warning "$tombname is already open on $tombmount"
|
||||||
_message "here below its status is reported:"
|
_message "here below its status is reported:"
|
||||||
list_tombs ${tombname}
|
list_tombs ${tombname}
|
||||||
return 1
|
return 1
|
||||||
@ -1206,16 +1206,16 @@ mount_tomb() {
|
|||||||
|
|
||||||
nstloop=`losetup -f`
|
nstloop=`losetup -f`
|
||||||
if [ $? = 255 ]; then
|
if [ $? = 255 ]; then
|
||||||
die "too many tomb opened. Please close any of them to open another tomb"
|
die "too many tomb opened. Please close any of them to open another tomb"
|
||||||
fi
|
fi
|
||||||
losetup -f ${tombdir}/${tombfile}
|
losetup -f ${tombdir}/${tombfile}
|
||||||
|
|
||||||
cryptsetup isLuks ${nstloop}
|
cryptsetup isLuks ${nstloop}
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
# is it a LUKS encrypted nest? see cryptsetup(1)
|
# is it a LUKS encrypted nest? see cryptsetup(1)
|
||||||
_warning "$tombfile is not a valid Luks encrypted storage file"
|
_warning "$tombfile is not a valid Luks encrypted storage file"
|
||||||
$norm || rmdir $tombmount 2>/dev/null
|
$norm || rmdir $tombmount 2>/dev/null
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
say "this tomb is a valid LUKS encrypted device"
|
say "this tomb is a valid LUKS encrypted device"
|
||||||
|
|
||||||
@ -1242,40 +1242,40 @@ mount_tomb() {
|
|||||||
|
|
||||||
_warning "Password is required for key ${keyname}"
|
_warning "Password is required for key ${keyname}"
|
||||||
for c in 1 2 3; do
|
for c in 1 2 3; do
|
||||||
if ! option_is_set --tomb-pwd; then
|
if ! option_is_set --tomb-pwd; then
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
|
||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
die "User aborted"
|
die "User aborted"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
tombpass=`option_value --tomb-pwd`
|
tombpass=`option_value --tomb-pwd`
|
||||||
fi
|
fi
|
||||||
get_lukskey "${tombpass}" ${tombkey} | \
|
get_lukskey "${tombpass}" ${tombkey} | \
|
||||||
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
||||||
local ret=$?
|
local ret=$?
|
||||||
unset tombpass
|
unset tombpass
|
||||||
if [[ $ret != 0 ]]; then
|
if [[ $ret != 0 ]]; then
|
||||||
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
|
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
|
||||||
die "Wrong password: aborting"
|
die "Wrong password: aborting"
|
||||||
fi
|
fi
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if key was from stdin delete temp file and dir
|
# if key was from stdin delete temp file and dir
|
||||||
if [ $tombkeydir ]; then
|
if [ $tombkeydir ]; then
|
||||||
${=WIPE} ${tombkey}
|
${=WIPE} ${tombkey}
|
||||||
rmdir $tombkeydir
|
rmdir $tombkeydir
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -r /dev/mapper/${mapper} ]; then
|
if [ -r /dev/mapper/${mapper} ]; then
|
||||||
break; # password was correct
|
break; # password was correct
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if ! [ -r /dev/mapper/${mapper} ]; then
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
$norm || rmdir ${tombmount} 2>/dev/null
|
$norm || rmdir ${tombmount} 2>/dev/null
|
||||||
die "failure mounting the encrypted file"
|
die "failure mounting the encrypted file"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# array: [ cipher, keysize, loopdevice ]
|
# array: [ cipher, keysize, loopdevice ]
|
||||||
@ -1326,8 +1326,8 @@ mount_tomb() {
|
|||||||
# process bind-hooks (mount -o bind of directories)
|
# process bind-hooks (mount -o bind of directories)
|
||||||
# and post-hooks (execute on open)
|
# and post-hooks (execute on open)
|
||||||
if ! option_is_set -n ; then
|
if ! option_is_set -n ; then
|
||||||
exec_safe_bind_hooks ${tombmount}
|
exec_safe_bind_hooks ${tombmount}
|
||||||
exec_safe_post_hooks ${tombmount} open
|
exec_safe_post_hooks ${tombmount} open
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -1379,7 +1379,7 @@ BEGIN { main="" }
|
|||||||
# needs an argument: name of tomb whose hooks belong
|
# needs an argument: name of tomb whose hooks belong
|
||||||
list_tomb_binds() {
|
list_tomb_binds() {
|
||||||
if [ "$1" = "" ]; then
|
if [ "$1" = "" ]; then
|
||||||
_failure "internal error: list_tomb_binds called without argument."; fi
|
_failure "internal error: list_tomb_binds called without argument."; fi
|
||||||
|
|
||||||
# list bind hooks on util-linux 2.20 (Debian 7)
|
# list bind hooks on util-linux 2.20 (Debian 7)
|
||||||
mount -l \
|
mount -l \
|
||||||
@ -1400,7 +1400,7 @@ BEGIN { main="" }
|
|||||||
|
|
||||||
mount -l | grep "^$tombmount" \
|
mount -l | grep "^$tombmount" \
|
||||||
| awk -vtomb="$1" '
|
| awk -vtomb="$1" '
|
||||||
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
|
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
|
||||||
}
|
}
|
||||||
|
|
||||||
# }}}
|
# }}}
|
||||||
@ -1411,24 +1411,24 @@ BEGIN { main="" }
|
|||||||
slam_tomb() {
|
slam_tomb() {
|
||||||
# $1 = tomb mount point
|
# $1 = tomb mount point
|
||||||
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
|
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
|
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
|
||||||
for s in TERM HUP KILL; do
|
for s in TERM HUP KILL; do
|
||||||
xxx "Sending $s to processes inside the tomb:"
|
xxx "Sending $s to processes inside the tomb:"
|
||||||
if option_is_set -D; then
|
if option_is_set -D; then
|
||||||
ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
|
ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
|
||||||
while read line; do
|
while read line; do
|
||||||
xxx $line
|
xxx $line
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fuser -s -m "$1" -k -M -$s
|
fuser -s -m "$1" -k -M -$s
|
||||||
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
|
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
if ! option_is_set -f; then
|
if ! option_is_set -f; then
|
||||||
sleep 3
|
sleep 3
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
@ -1476,10 +1476,10 @@ umount_tomb() {
|
|||||||
if [ $SLAM ]; then
|
if [ $SLAM ]; then
|
||||||
_success "Slamming tomb $tombname mounted on $tombmount"
|
_success "Slamming tomb $tombname mounted on $tombmount"
|
||||||
_message "Kill all processes busy inside the tomb"
|
_message "Kill all processes busy inside the tomb"
|
||||||
if ! slam_tomb "$tombmount"; then
|
if ! slam_tomb "$tombmount"; then
|
||||||
_warning "Cannot slam the tomb $tombname"
|
_warning "Cannot slam the tomb $tombname"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
say "Closing tomb $tombname mounted on $tombmount"
|
say "Closing tomb $tombname mounted on $tombmount"
|
||||||
fi
|
fi
|
||||||
@ -1494,11 +1494,11 @@ umount_tomb() {
|
|||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
if [ $SLAM ]; then
|
if [ $SLAM ]; then
|
||||||
_success "Slamming tomb: killing all processes using this hook"
|
_success "Slamming tomb: killing all processes using this hook"
|
||||||
slam_tomb "$bind_mount"
|
slam_tomb "$bind_mount"
|
||||||
if [[ $? == 1 ]]; then
|
if [[ $? == 1 ]]; then
|
||||||
_warning "Cannot slam the bind hook $bind_mount"
|
_warning "Cannot slam the bind hook $bind_mount"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
umount $bind_mount
|
umount $bind_mount
|
||||||
else
|
else
|
||||||
_warning "Tomb bind hook $bind_mount is busy, cannot close tomb."
|
_warning "Tomb bind hook $bind_mount is busy, cannot close tomb."
|
||||||
@ -1515,9 +1515,9 @@ umount_tomb() {
|
|||||||
umount ${tombmount}
|
umount ${tombmount}
|
||||||
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
|
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
|
||||||
else
|
else
|
||||||
# this means we used a "default" mount point
|
# this means we used a "default" mount point
|
||||||
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
|
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
|
||||||
rmdir ${tombmount} }
|
rmdir ${tombmount} }
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cryptsetup luksClose $mapper
|
cryptsetup luksClose $mapper
|
||||||
@ -1553,14 +1553,14 @@ change_passwd() {
|
|||||||
|
|
||||||
# check the keyfile
|
# check the keyfile
|
||||||
if ! [ -r $keyfile ]; then
|
if ! [ -r $keyfile ]; then
|
||||||
_warning "key not found: $keyfile"
|
_warning "key not found: $keyfile"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! is_valid_key $keyfile ; then
|
if ! is_valid_key $keyfile ; then
|
||||||
_warning "file doesn't seems to be a tomb key: $keyfile"
|
_warning "file doesn't seems to be a tomb key: $keyfile"
|
||||||
_warning "operation aborted."
|
_warning "operation aborted."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local tmpnewkey lukskey c tombpass tombpasstmp
|
local tmpnewkey lukskey c tombpass tombpasstmp
|
||||||
@ -1571,37 +1571,37 @@ change_passwd() {
|
|||||||
_success "Changing password for $keyfile"
|
_success "Changing password for $keyfile"
|
||||||
keyname=`basename $keyfile`
|
keyname=`basename $keyfile`
|
||||||
if ! option_is_set --tomb-old-pwd; then
|
if ! option_is_set --tomb-old-pwd; then
|
||||||
while true; do
|
while true; do
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
|
||||||
if [[ $? == 1 ]]; then
|
if [[ $? == 1 ]]; then
|
||||||
die "User aborted"
|
die "User aborted"
|
||||||
fi
|
fi
|
||||||
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
tombpass=`option_value --tomb-old-pwd`
|
tombpass=`option_value --tomb-old-pwd`
|
||||||
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||||
die "Invalid old password"
|
die "Invalid old password"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
{
|
{
|
||||||
gen_key $lukskey > ${tmpnewkey}
|
gen_key $lukskey > ${tmpnewkey}
|
||||||
|
|
||||||
if ! is_valid_key $tmpnewkey; then
|
if ! is_valid_key $tmpnewkey; then
|
||||||
die "Error: the newly generated keyfile does not seem valid"
|
die "Error: the newly generated keyfile does not seem valid"
|
||||||
else
|
else
|
||||||
# copy the new key as the original keyfile name
|
# copy the new key as the original keyfile name
|
||||||
cp "${tmpnewkey}" "${keyfile}"
|
cp "${tmpnewkey}" "${keyfile}"
|
||||||
_success "Your passphrase was successfully updated."
|
_success "Your passphrase was successfully updated."
|
||||||
fi
|
fi
|
||||||
} always {
|
} always {
|
||||||
_verbose "cleanup: $tmpnewkey $lukskey"
|
_verbose "cleanup: $tmpnewkey $lukskey"
|
||||||
# wipe all temp file
|
# wipe all temp file
|
||||||
${=WIPE} "${tmpnewkey}"
|
${=WIPE} "${tmpnewkey}"
|
||||||
${=WIPE} "${lukskey}"
|
${=WIPE} "${lukskey}"
|
||||||
}
|
}
|
||||||
|
|
||||||
return $?
|
return $?
|
||||||
@ -1614,9 +1614,9 @@ change_passwd() {
|
|||||||
resize_tomb() {
|
resize_tomb() {
|
||||||
_message "Commanded to resize tomb $1 to $opts[-s] megabytes"
|
_message "Commanded to resize tomb $1 to $opts[-s] megabytes"
|
||||||
if ! [ $1 ]; then
|
if ! [ $1 ]; then
|
||||||
_failure "No tomb name specified for resizing"
|
_failure "No tomb name specified for resizing"
|
||||||
elif ! [ -r "$1" ]; then
|
elif ! [ -r "$1" ]; then
|
||||||
_failure "Cannot find $1"
|
_failure "Cannot find $1"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local c tombpass tombkey
|
local c tombpass tombkey
|
||||||
@ -1628,18 +1628,18 @@ resize_tomb() {
|
|||||||
|
|
||||||
if option_is_set -k ; then
|
if option_is_set -k ; then
|
||||||
if [[ "`option_value -k`" == "-" ]]; then
|
if [[ "`option_value -k`" == "-" ]]; then
|
||||||
# take key from stdin
|
# take key from stdin
|
||||||
local tombkeydir
|
local tombkeydir
|
||||||
tombkeydir=`safe_dir`
|
tombkeydir=`safe_dir`
|
||||||
cat > ${tombkeydir}/stdin.tmp
|
cat > ${tombkeydir}/stdin.tmp
|
||||||
tombkey=${tombkeydir}/stdin.tmp
|
tombkey=${tombkeydir}/stdin.tmp
|
||||||
else
|
else
|
||||||
# take key from a file
|
# take key from a file
|
||||||
tombkey=`option_value -k`
|
tombkey=`option_value -k`
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
# guess key as lying besides the tomb
|
# guess key as lying besides the tomb
|
||||||
tombkey=${tombdir}/${tombfile}.key
|
tombkey=${tombdir}/${tombfile}.key
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! [ -r ${tombkey} ]; then
|
if ! [ -r ${tombkey} ]; then
|
||||||
@ -1650,21 +1650,21 @@ resize_tomb() {
|
|||||||
local newtombsize=$opts[-s]
|
local newtombsize=$opts[-s]
|
||||||
local oldtombsize=`stat -c %s "$1" 2>/dev/null`
|
local oldtombsize=`stat -c %s "$1" 2>/dev/null`
|
||||||
local mounted_tomb=`mount -l |
|
local mounted_tomb=`mount -l |
|
||||||
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
|
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
|
||||||
|
|
||||||
if [ "$mounted_tomb" ]; then
|
if [ "$mounted_tomb" ]; then
|
||||||
_failure "the tomb $tombname is open, to resize it it needs to be close."
|
_failure "the tomb $tombname is open, to resize it it needs to be close."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# MB to bytes conversion
|
# MB to bytes conversion
|
||||||
newtombsize=`expr \( $newtombsize \* 1024 \) \* 1024 2> /dev/null`
|
newtombsize=`expr \( $newtombsize \* 1024 \) \* 1024 2> /dev/null`
|
||||||
|
|
||||||
if ! [ "$newtombsize" ] ; then
|
if ! [ "$newtombsize" ] ; then
|
||||||
_failure "You must specify the new size of $tombname"
|
_failure "You must specify the new size of $tombname"
|
||||||
elif [[ $newtombsize != <-> ]]; then
|
elif [[ $newtombsize != <-> ]]; then
|
||||||
_failure "Size is not an integer"
|
_failure "Size is not an integer"
|
||||||
elif [ "$newtombsize" -le "$oldtombsize" ]; then
|
elif [ "$newtombsize" -le "$oldtombsize" ]; then
|
||||||
_failure "the new size must be greater then old tomb size."
|
_failure "the new size must be greater then old tomb size."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local delta=`expr $newtombsize \- $oldtombsize`
|
local delta=`expr $newtombsize \- $oldtombsize`
|
||||||
@ -1686,7 +1686,7 @@ resize_tomb() {
|
|||||||
|
|
||||||
local nstloop=`losetup -f`
|
local nstloop=`losetup -f`
|
||||||
if [ $? = 255 ]; then
|
if [ $? = 255 ]; then
|
||||||
_failure "too many tomb opened. Please close any of them to open another tomb"
|
_failure "too many tomb opened. Please close any of them to open another tomb"
|
||||||
fi
|
fi
|
||||||
losetup -f "$1"
|
losetup -f "$1"
|
||||||
|
|
||||||
@ -1700,37 +1700,37 @@ resize_tomb() {
|
|||||||
else
|
else
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"`
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"`
|
||||||
fi
|
fi
|
||||||
get_lukskey "${tombpass}" ${tombkey} | \
|
get_lukskey "${tombpass}" ${tombkey} | \
|
||||||
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
||||||
|
|
||||||
unset tombpass
|
unset tombpass
|
||||||
|
|
||||||
if [ -r /dev/mapper/${mapper} ]; then
|
if [ -r /dev/mapper/${mapper} ]; then
|
||||||
break; # password was correct
|
break; # password was correct
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if ! [ -r /dev/mapper/${mapper} ]; then
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
_failure "failure mounting the encrypted file"
|
_failure "failure mounting the encrypted file"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cryptsetup resize "${mapper}"
|
cryptsetup resize "${mapper}"
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
_failure "cryptsetup failed to resize $mapper"
|
_failure "cryptsetup failed to resize $mapper"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
e2fsck -f /dev/mapper/${mapper}
|
e2fsck -f /dev/mapper/${mapper}
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
_failure "e2fsck failed to check $mapper"
|
_failure "e2fsck failed to check $mapper"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
resize2fs /dev/mapper/${mapper}
|
resize2fs /dev/mapper/${mapper}
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
losetup -d ${nstloop}
|
losetup -d ${nstloop}
|
||||||
_failure "resize2fs failed to resize $mapper"
|
_failure "resize2fs failed to resize $mapper"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sleep 1 # needs to settle a bit
|
sleep 1 # needs to settle a bit
|
||||||
@ -1835,8 +1835,8 @@ list_tombs() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if option_is_set --get-mountpoint; then
|
if option_is_set --get-mountpoint; then
|
||||||
echo $tombmount
|
echo $tombmount
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
# breaking up such strings is good for translation
|
# breaking up such strings is good for translation
|
||||||
print -n "$fg[green]$tombname"
|
print -n "$fg[green]$tombname"
|
||||||
@ -1872,7 +1872,7 @@ list_tombs() {
|
|||||||
|
|
||||||
if [[ ${tombp} -ge 90 ]]; then
|
if [[ ${tombp} -ge 90 ]]; then
|
||||||
print -n "$fg_no_bold[green]$tombname"
|
print -n "$fg_no_bold[green]$tombname"
|
||||||
print "$fg_bold[red] Your tomb is almost full!"
|
print "$fg_bold[red] Your tomb is almost full!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# now check hooks
|
# now check hooks
|
||||||
@ -2000,9 +2000,9 @@ main() {
|
|||||||
### Detect subcommand
|
### Detect subcommand
|
||||||
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
|
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
|
||||||
for optspec in $subcommands_opts$main_opts; do
|
for optspec in $subcommands_opts$main_opts; do
|
||||||
for opt in ${=optspec}; do
|
for opt in ${=optspec}; do
|
||||||
every_opts+=${opt}
|
every_opts+=${opt}
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
local -a oldstar
|
local -a oldstar
|
||||||
oldstar=($argv)
|
oldstar=($argv)
|
||||||
@ -2023,12 +2023,12 @@ main() {
|
|||||||
unset discardme
|
unset discardme
|
||||||
subcommand=$1
|
subcommand=$1
|
||||||
if [[ -z $subcommand ]]; then
|
if [[ -z $subcommand ]]; then
|
||||||
subcommand="__default"
|
subcommand="__default"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
|
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
|
||||||
_warning "There's no such command \"$subcommand\"."
|
_warning "There's no such command \"$subcommand\"."
|
||||||
_failure "Please try -h for help" 127
|
_failure "Please try -h for help" 127
|
||||||
# die "Subcommand '$subcommand' doesn't exist" 127
|
# die "Subcommand '$subcommand' doesn't exist" 127
|
||||||
fi
|
fi
|
||||||
argv=(${oldstar})
|
argv=(${oldstar})
|
||||||
@ -2066,14 +2066,14 @@ main() {
|
|||||||
fi
|
fi
|
||||||
### End parsing command-specific options
|
### End parsing command-specific options
|
||||||
if ! option_is_set --no-color; then
|
if ! option_is_set --no-color; then
|
||||||
autoload colors; colors
|
autoload colors; colors
|
||||||
fi
|
fi
|
||||||
if ! option_is_set --unsecure-dev-mode; then
|
if ! option_is_set --unsecure-dev-mode; then
|
||||||
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
||||||
if option_is_set $opt; then
|
if option_is_set $opt; then
|
||||||
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
|
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# when we run as root, we remember the original uid:gid
|
# when we run as root, we remember the original uid:gid
|
||||||
@ -2152,9 +2152,9 @@ main() {
|
|||||||
_warning "resize2fs not installed. Cannot resize your tomb."
|
_warning "resize2fs not installed. Cannot resize your tomb."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
check_priv
|
check_priv
|
||||||
resize_tomb $PARAM[1]
|
resize_tomb $PARAM[1]
|
||||||
;;
|
;;
|
||||||
|
|
||||||
# internal commands useful to developers
|
# internal commands useful to developers
|
||||||
'source') return 0 ;;
|
'source') return 0 ;;
|
||||||
|
Loading…
Reference in New Issue
Block a user