Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-28 12:49:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

whitespace cleanup

Browse Source
This commit is contained in:
Jaromil 2013-05-25 15:05:21 +02:00
parent 37792ffdc5
commit c20ca3a920
1 changed files with 330 additions and 330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

542
tomb
View File

@ -60,11 +60,11 @@ option_is_set() {
[[ -n ${(k)opts[$1]} ]];
r=$?
if [[ $2 == out ]]; then
if [[ $r == 0 ]]; then
echo 'set'
else
echo 'unset'
fi
if [[ $r == 0 ]]; then
echo 'set'
else
echo 'unset'
fi
fi
return $r;
}
@ -159,7 +159,7 @@ progress() {
# progress create 90 formatting the tomb
# progress create 100 tomb created successfully
if ! option_is_set --batch; then
return
return
fi
print "[m][P][$1][$2][$3]" >&2
@ -184,8 +184,8 @@ check_bin() {
# check for filesystem creation progs
command -v mkfs.ext4 > /dev/null && \
MKFS="mkfs.ext4 -q -F -j -L" || \
MKFS="mkfs.ext3 -q -F -j -L"
MKFS="mkfs.ext4 -q -F -j -L" || \
MKFS="mkfs.ext3 -q -F -j -L"
# check for mktemp
command -v mktemp > /dev/null || MKTEMP=0
@ -195,15 +195,15 @@ check_bin() {
command -v e2fsck resize2fs > /dev/null || RESIZER=0
if which tomb-kdf-pbkdf2 &> /dev/null; then
KDF_PBKDF2="tomb-kdf-pbkdf2"
KDF_PBKDF2="tomb-kdf-pbkdf2"
else
local our_pbkdf2
our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
if which $our_pbkdf2 &> /dev/null; then
KDF_PBKDF2=$our_pbkdf2
else
KDF_PBKDF2=
fi
local our_pbkdf2
our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
if which $our_pbkdf2 &> /dev/null; then
KDF_PBKDF2=$our_pbkdf2
else
KDF_PBKDF2=
fi
fi
}
@ -252,7 +252,7 @@ safe_dir() {
return 0
else
_warning "WARNING: we cannot ensure we're running in RAM."
xxx "Wait a bit before retrying... (attempt $tries)"
xxx "Wait a bit before retrying... (attempt $tries)"
sync && sleep 0.5
fi
done
@ -308,7 +308,7 @@ SETPROMPT Password:
GETPIN
EOF`
if [[ `tail -n1 <<<$output` =~ ERR ]]; then
return 1
return 1
fi
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
return 0
@ -336,7 +336,7 @@ check_priv() {
sudok=false
# sudo -n ${TOMBEXEC} &> /dev/null
if ! option_is_set --sudo-pwd; then
if [ $? != 0 ]; then # if not then ask a password
if [ $? != 0 ]; then # if not then ask a password
cat <<EOF | pinentry 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
@ -345,10 +345,10 @@ SETDESC Sudo execution of Tomb ${OLDARGS[@]}
SETPROMPT Insert your USER password:
GETPIN
EOF
fi
fi
else
_verbose "Escalating privileges using sudo-pwd"
sudo -S -v <<<`option_value --sudo-pwd`
_verbose "Escalating privileges using sudo-pwd"
sudo -S -v <<<`option_value --sudo-pwd`
fi
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
exit $?
@ -365,10 +365,10 @@ check_command() {
#before wasting user's time
if ! option_is_set --ignore-swap && ! option_is_set -f; then
if ! check_swap; then
error "Swap activated. Disable it with swapoff, or use --ignore-swap"
exit 1
fi
if ! check_swap; then
error "Swap activated. Disable it with swapoff, or use --ignore-swap"
exit 1
fi
fi
}
@ -464,22 +464,22 @@ EOF
cat $TOMBEXEC | awk '
/(_verbose|xxx) ".*"$/ { sub( /^(_verbose|xxx)/ , "");
print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
/(_success|yes) ".*"$/ { sub( /^(_success|yes)/ , "");
print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
/(_warning|no) ".*"$/ { sub( /^(_warning|no)/ , "");
print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
/(_failure|die) ".*"$/ { sub( /^(_failure|die)/ , "");
print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
/(_message|say) ".*"$/ { sub( /^(_message|say)/ , "");
print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
/(_message -n|act) ".*"$/ { sub( /^(_message -n|act)/ , "");
print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
'
}
# }}}
@ -554,8 +554,8 @@ decode_key() {
keyfile=${tombname%%\.*}.tomb.key
if [[ -e "$keyfile" ]]; then
_warning "Key file $keyfile already exist."
return 1
_warning "Key file $keyfile already exist."
return 1
fi
_message "Trying to exhume a key out of image $imagefile"
for c in 1 2 3; do
@ -612,7 +612,7 @@ BEGIN { ciphers=0 }
exec_safe_bind_hooks() {
if [[ -n ${(k)opts[-o]} ]]; then
MOUNTOPTS=${opts[-o]}
MOUNTOPTS=${opts[-o]}
fi
local MOUNTPOINT="${1}"
local ME=${SUDO_USER:-$(whoami)}
@ -685,8 +685,8 @@ forge_key() {
_message "Commanded to forge key $1"
if ! [ $1 ]; then
_warning "no key name specified for creation"
return 1
_warning "no key name specified for creation"
return 1
fi
# if swap is on, we remind the user about possible data leaks to disk
@ -716,13 +716,13 @@ forge_key() {
chmod 0600 ${keytmp}/tomb.tmp
random_source=/dev/random
if option_is_set --use-urandom; then
random_source=/dev/urandom
random_source=/dev/urandom
fi
if [[ $DD = "dcfldd" ]]; then
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
else
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
fi
if ! [ -r ${keytmp}/tomb.tmp ]; then
_warning "cannot generate encryption key"
@ -744,7 +744,7 @@ forge_key() {
# this does a check on the file header, virtuosism by hellekin
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
if ! is_valid_key ${tombkey}; then
_warning "The key does not seem to be valid"
_warning "The key does not seem to be valid"
_warning "Dumping contents to screen:"
cat ${tombkey}
_warning "--"
@ -774,8 +774,8 @@ dig_tomb() {
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
if ! [ $1 ]; then
_warning "no tomb name specified for creation"
return 1
_warning "no tomb name specified for creation"
return 1
fi
@ -827,9 +827,9 @@ dig_tomb() {
# it take arguments as the LUKS cipher to be used
lock_tomb_with_key() {
if ! [ $1 ]; then
_warning "no tomb specified for locking"
_warning "no tomb specified for locking"
_warning "usage: tomb lock file.tomb file.tomb.key"
return 1
return 1
fi
tombfile=`basename $1`
@ -853,10 +853,10 @@ lock_tomb_with_key() {
xxx "loop mounted on ${nstloop}"
_message "checking if the tomb is empty (we never step on somebody else's bones)"
cryptsetup isLuks ${nstloop}
cryptsetup isLuks ${nstloop}
if [ $? = 0 ]; then
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
_warning "The tomb was already locked with another key"
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
_warning "The tomb was already locked with another key"
losetup -d ${nstloop}
die "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
else
@ -873,11 +873,11 @@ lock_tomb_with_key() {
tombkey=${tombkeydir}/stdin.tmp
else
# take key from a file
tombkey=`option_value -k`
tombkey=`option_value -k`
fi
else
# guess key as lying besides the tomb
tombkey=${tombdir}/${tombname}.tomb.key
tombkey=${tombdir}/${tombname}.tomb.key
fi
if [ -r "${tombkey}" ]; then
@ -892,13 +892,13 @@ lock_tomb_with_key() {
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
if ! is_valid_key ${tombkey}; then
_warning "The key seems invalid, the application/pgp header is missing"
losetup -d ${nstloop}
losetup -d ${nstloop}
die "Operation aborted."
fi
# the encryption cipher for a tomb can be set at creation using -o
if option_is_set -o; then
cipher="`option_value -o`"
cipher="`option_value -o`"
else
cipher="aes-cbc-essiv:sha256"
fi
@ -908,20 +908,20 @@ lock_tomb_with_key() {
_message "a password is required to use key ${keyname}"
local passok=0
if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd`
tombpass=`option_value --tomb-pwd`
else
for c in 1 2 3; do
if [ $c = 1 ]; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
else
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
fi
if [[ $? != 0 ]]; then
if [[ $? != 0 ]]; then
losetup -d ${nstloop}
die "User aborted"
fi
die "User aborted"
fi
get_lukskey "${tombpass}" ${tombkey} >/dev/null
get_lukskey "${tombpass}" ${tombkey} >/dev/null
if [ $? = 0 ]; then
passok=1; _message "Password OK."
break;
@ -984,8 +984,8 @@ lock_tomb_with_key() {
# backward compatibility
create_tomb() {
if ! [ $1 ]; then
_warning "no tomb name specified for creation"
return 1
_warning "no tomb name specified for creation"
return 1
fi
dig_tomb ${=PARAM}
@ -1023,21 +1023,21 @@ get_lukskey() {
firstline=`head -n1 $keyfile`
xxx "get_lukskey XXX $keyfile"
if [[ $firstline =~ '^_KDF_' ]]; then
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
case `cut -d_ -f 3 <<<$firstline` in
pbkdf2sha1)
if [[ -z $KDF_PBKDF2 ]]; then
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
fi
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
;;
*)
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
unset tombpass
return 1
;;
esac
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
case `cut -d_ -f 3 <<<$firstline` in
pbkdf2sha1)
if [[ -z $KDF_PBKDF2 ]]; then
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
fi
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
;;
*)
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
unset tombpass
return 1
;;
esac
fi
print ${tombpass} | \
gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 2 \
@ -1057,29 +1057,29 @@ gen_key() {
local tombpass=""
local tombpasstmp=""
if ! option_is_set --tomb-pwd; then
while true; do
# 3 tries to write two times a matching password
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
if [[ $? != 0 ]]; then
die "User aborted"
fi
if [ -z $tombpass ]; then
_warning "you set empty password, which is not possible"
continue
fi
tombpasstmp=$tombpass
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
if [[ $? != 0 ]]; then
die "User aborted"
fi
if [ "$tombpasstmp" = "$tombpass" ]; then
break;
fi
unset tombpasstmp
unset tombpass
done
while true; do
# 3 tries to write two times a matching password
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
if [[ $? != 0 ]]; then
die "User aborted"
fi
if [ -z $tombpass ]; then
_warning "you set empty password, which is not possible"
continue
fi
tombpasstmp=$tombpass
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
if [[ $? != 0 ]]; then
die "User aborted"
fi
if [ "$tombpasstmp" = "$tombpass" ]; then
break;
fi
unset tombpasstmp
unset tombpass
done
else
tombpass=`option_value --tomb-pwd`
tombpass=`option_value --tomb-pwd`
fi
@ -1088,40 +1088,40 @@ gen_key() {
_verbose "KDF method chosen is: '`option_value --kdf`'"
kdf_method=$(cut -d: -f1 <<<`option_value --kdf` )
case $kdf_method in
pbkdf2)
if [[ -z $KDF_PBKDF2 ]]; then
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
fi
# --kdf takes one parameter: iter time (on present machine) in seconds
seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
if [[ -z $seconds ]]; then
seconds=1
fi
local -i microseconds
microseconds=$((seconds*1000000))
_verbose "Microseconds: $microseconds"
pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
# We use a length of 64bytes = 512bits (more than needed!?)
tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
pbkdf2)
if [[ -z $KDF_PBKDF2 ]]; then
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
fi
# --kdf takes one parameter: iter time (on present machine) in seconds
seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
if [[ -z $seconds ]]; then
seconds=1
fi
local -i microseconds
microseconds=$((seconds*1000000))
_verbose "Microseconds: $microseconds"
pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
# We use a length of 64bytes = 512bits (more than needed!?)
tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
;;
""|null)
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
;;
""|null)
header=""
;;
*)
_warning "KDF method non recognized"
return 1
header=""
;;
header=""
;;
*)
_warning "KDF method non recognized"
return 1
header=""
;;
esac
echo -n $header
print "${tombpass}" \
| gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \
-o - -c -a ${lukskey}
-o - -c -a ${lukskey}
unset tombpass
}
@ -1136,8 +1136,8 @@ mount_tomb() {
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
if ! [ ${1} ]; then
_warning "no tomb name specified for creation"
return 1
_warning "no tomb name specified for creation"
return 1
fi
@ -1168,11 +1168,11 @@ mount_tomb() {
tombkey=${tombkeydir}/stdin.tmp
else
# take key from a file
tombkey=`option_value -k`
tombkey=`option_value -k`
fi
else
# guess key as lying besides the tomb
tombkey=${tombdir}/${tombfile}.key
tombkey=${tombdir}/${tombfile}.key
fi
if ! [ -r ${tombkey} ]; then
_warning "key file not found: ${tombkey}"
@ -1181,11 +1181,11 @@ mount_tomb() {
fi
if ! [ $2 ]; then
tombmount=/media/${tombfile}
_message "mountpoint not specified, using default: $tombmount"
tombmount=/media/${tombfile}
_message "mountpoint not specified, using default: $tombmount"
elif ! [ -x $2 ]; then
_warning "mountpoint $2 doesn't exist, operation aborted."
return 1
_warning "mountpoint $2 doesn't exist, operation aborted."
return 1
else
tombmount=$2
fi
@ -1193,7 +1193,7 @@ mount_tomb() {
# check if its already open
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
if [ $? = 0 ]; then
_warning "$tombname is already open on $tombmount"
_warning "$tombname is already open on $tombmount"
_message "here below its status is reported:"
list_tombs ${tombname}
return 1
@ -1206,16 +1206,16 @@ mount_tomb() {
nstloop=`losetup -f`
if [ $? = 255 ]; then
die "too many tomb opened. Please close any of them to open another tomb"
die "too many tomb opened. Please close any of them to open another tomb"
fi
losetup -f ${tombdir}/${tombfile}
cryptsetup isLuks ${nstloop}
if [ $? != 0 ]; then
# is it a LUKS encrypted nest? see cryptsetup(1)
_warning "$tombfile is not a valid Luks encrypted storage file"
$norm || rmdir $tombmount 2>/dev/null
return 1
# is it a LUKS encrypted nest? see cryptsetup(1)
_warning "$tombfile is not a valid Luks encrypted storage file"
$norm || rmdir $tombmount 2>/dev/null
return 1
fi
say "this tomb is a valid LUKS encrypted device"
@ -1242,40 +1242,40 @@ mount_tomb() {
_warning "Password is required for key ${keyname}"
for c in 1 2 3; do
if ! option_is_set --tomb-pwd; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
if [[ $? != 0 ]]; then
die "User aborted"
fi
else
tombpass=`option_value --tomb-pwd`
fi
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
local ret=$?
unset tombpass
if [[ $ret != 0 ]]; then
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
die "Wrong password: aborting"
fi
continue
fi
if ! option_is_set --tomb-pwd; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
if [[ $? != 0 ]]; then
die "User aborted"
fi
else
tombpass=`option_value --tomb-pwd`
fi
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
local ret=$?
unset tombpass
if [[ $ret != 0 ]]; then
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
die "Wrong password: aborting"
fi
continue
fi
# if key was from stdin delete temp file and dir
if [ $tombkeydir ]; then
${=WIPE} ${tombkey}
rmdir $tombkeydir
fi
# if key was from stdin delete temp file and dir
if [ $tombkeydir ]; then
${=WIPE} ${tombkey}
rmdir $tombkeydir
fi
if [ -r /dev/mapper/${mapper} ]; then
break; # password was correct
fi
if [ -r /dev/mapper/${mapper} ]; then
break; # password was correct
fi
done
if ! [ -r /dev/mapper/${mapper} ]; then
losetup -d ${nstloop}
$norm || rmdir ${tombmount} 2>/dev/null
die "failure mounting the encrypted file"
losetup -d ${nstloop}
$norm || rmdir ${tombmount} 2>/dev/null
die "failure mounting the encrypted file"
fi
# array: [ cipher, keysize, loopdevice ]
@ -1326,8 +1326,8 @@ mount_tomb() {
# process bind-hooks (mount -o bind of directories)
# and post-hooks (execute on open)
if ! option_is_set -n ; then
exec_safe_bind_hooks ${tombmount}
exec_safe_post_hooks ${tombmount} open
exec_safe_bind_hooks ${tombmount}
exec_safe_post_hooks ${tombmount} open
fi
return 0
}
@ -1379,7 +1379,7 @@ BEGIN { main="" }
# needs an argument: name of tomb whose hooks belong
list_tomb_binds() {
if [ "$1" = "" ]; then
_failure "internal error: list_tomb_binds called without argument."; fi
_failure "internal error: list_tomb_binds called without argument."; fi
# list bind hooks on util-linux 2.20 (Debian 7)
mount -l \
@ -1400,7 +1400,7 @@ BEGIN { main="" }
mount -l | grep "^$tombmount" \
| awk -vtomb="$1" '
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
}
# }}}
@ -1411,24 +1411,24 @@ BEGIN { main="" }
slam_tomb() {
# $1 = tomb mount point
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
return 0
return 0
fi
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
for s in TERM HUP KILL; do
xxx "Sending $s to processes inside the tomb:"
if option_is_set -D; then
ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
while read line; do
xxx $line
done
fi
fuser -s -m "$1" -k -M -$s
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
return 0
fi
if ! option_is_set -f; then
sleep 3
fi
xxx "Sending $s to processes inside the tomb:"
if option_is_set -D; then
ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
while read line; do
xxx $line
done
fi
fuser -s -m "$1" -k -M -$s
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
return 0
fi
if ! option_is_set -f; then
sleep 3
fi
done
return 1
}
@ -1476,10 +1476,10 @@ umount_tomb() {
if [ $SLAM ]; then
_success "Slamming tomb $tombname mounted on $tombmount"
_message "Kill all processes busy inside the tomb"
if ! slam_tomb "$tombmount"; then
if ! slam_tomb "$tombmount"; then
_warning "Cannot slam the tomb $tombname"
return 1
fi
fi
else
say "Closing tomb $tombname mounted on $tombmount"
fi
@ -1494,11 +1494,11 @@ umount_tomb() {
if [[ $? != 0 ]]; then
if [ $SLAM ]; then
_success "Slamming tomb: killing all processes using this hook"
slam_tomb "$bind_mount"
if [[ $? == 1 ]]; then
slam_tomb "$bind_mount"
if [[ $? == 1 ]]; then
_warning "Cannot slam the bind hook $bind_mount"
return 1
fi
fi
umount $bind_mount
else
_warning "Tomb bind hook $bind_mount is busy, cannot close tomb."
@ -1515,9 +1515,9 @@ umount_tomb() {
umount ${tombmount}
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
else
# this means we used a "default" mount point
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
rmdir ${tombmount} }
# this means we used a "default" mount point
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
rmdir ${tombmount} }
fi
cryptsetup luksClose $mapper
@ -1553,14 +1553,14 @@ change_passwd() {
# check the keyfile
if ! [ -r $keyfile ]; then
_warning "key not found: $keyfile"
return 1
_warning "key not found: $keyfile"
return 1
fi
if ! is_valid_key $keyfile ; then
_warning "file doesn't seems to be a tomb key: $keyfile"
_warning "operation aborted."
return 1
_warning "file doesn't seems to be a tomb key: $keyfile"
_warning "operation aborted."
return 1
fi
local tmpnewkey lukskey c tombpass tombpasstmp
@ -1571,37 +1571,37 @@ change_passwd() {
_success "Changing password for $keyfile"
keyname=`basename $keyfile`
if ! option_is_set --tomb-old-pwd; then
while true; do
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
if [[ $? == 1 ]]; then
die "User aborted"
fi
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
break
fi
done
while true; do
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
if [[ $? == 1 ]]; then
die "User aborted"
fi
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
break
fi
done
else
tombpass=`option_value --tomb-old-pwd`
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
die "Invalid old password"
fi
tombpass=`option_value --tomb-old-pwd`
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
die "Invalid old password"
fi
fi
{
gen_key $lukskey > ${tmpnewkey}
gen_key $lukskey > ${tmpnewkey}
if ! is_valid_key $tmpnewkey; then
die "Error: the newly generated keyfile does not seem valid"
else
# copy the new key as the original keyfile name
cp "${tmpnewkey}" "${keyfile}"
_success "Your passphrase was successfully updated."
fi
if ! is_valid_key $tmpnewkey; then
die "Error: the newly generated keyfile does not seem valid"
else
# copy the new key as the original keyfile name
cp "${tmpnewkey}" "${keyfile}"
_success "Your passphrase was successfully updated."
fi
} always {
_verbose "cleanup: $tmpnewkey $lukskey"
# wipe all temp file
${=WIPE} "${tmpnewkey}"
${=WIPE} "${lukskey}"
_verbose "cleanup: $tmpnewkey $lukskey"
# wipe all temp file
${=WIPE} "${tmpnewkey}"
${=WIPE} "${lukskey}"
}
return $?
@ -1614,9 +1614,9 @@ change_passwd() {
resize_tomb() {
_message "Commanded to resize tomb $1 to $opts[-s] megabytes"
if ! [ $1 ]; then
_failure "No tomb name specified for resizing"
_failure "No tomb name specified for resizing"
elif ! [ -r "$1" ]; then
_failure "Cannot find $1"
_failure "Cannot find $1"
fi
local c tombpass tombkey
@ -1628,18 +1628,18 @@ resize_tomb() {
if option_is_set -k ; then
if [[ "`option_value -k`" == "-" ]]; then
# take key from stdin
local tombkeydir
tombkeydir=`safe_dir`
cat > ${tombkeydir}/stdin.tmp
tombkey=${tombkeydir}/stdin.tmp
# take key from stdin
local tombkeydir
tombkeydir=`safe_dir`
cat > ${tombkeydir}/stdin.tmp
tombkey=${tombkeydir}/stdin.tmp
else
# take key from a file
tombkey=`option_value -k`
# take key from a file
tombkey=`option_value -k`
fi
else
# guess key as lying besides the tomb
tombkey=${tombdir}/${tombfile}.key
tombkey=${tombdir}/${tombfile}.key
fi
if ! [ -r ${tombkey} ]; then
@ -1650,21 +1650,21 @@ resize_tomb() {
local newtombsize=$opts[-s]
local oldtombsize=`stat -c %s "$1" 2>/dev/null`
local mounted_tomb=`mount -l |
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
if [ "$mounted_tomb" ]; then
_failure "the tomb $tombname is open, to resize it it needs to be close."
_failure "the tomb $tombname is open, to resize it it needs to be close."
fi
# MB to bytes conversion
newtombsize=`expr \( $newtombsize \* 1024 \) \* 1024 2> /dev/null`
if ! [ "$newtombsize" ] ; then
_failure "You must specify the new size of $tombname"
_failure "You must specify the new size of $tombname"
elif [[ $newtombsize != <-> ]]; then
_failure "Size is not an integer"
_failure "Size is not an integer"
elif [ "$newtombsize" -le "$oldtombsize" ]; then
_failure "the new size must be greater then old tomb size."
_failure "the new size must be greater then old tomb size."
fi
local delta=`expr $newtombsize \- $oldtombsize`
@ -1686,7 +1686,7 @@ resize_tomb() {
local nstloop=`losetup -f`
if [ $? = 255 ]; then
_failure "too many tomb opened. Please close any of them to open another tomb"
_failure "too many tomb opened. Please close any of them to open another tomb"
fi
losetup -f "$1"
@ -1700,37 +1700,37 @@ resize_tomb() {
else
tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"`
fi
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
unset tombpass
unset tombpass
if [ -r /dev/mapper/${mapper} ]; then
break; # password was correct
fi
fi
done
if ! [ -r /dev/mapper/${mapper} ]; then
losetup -d ${nstloop}
_failure "failure mounting the encrypted file"
losetup -d ${nstloop}
_failure "failure mounting the encrypted file"
fi
cryptsetup resize "${mapper}"
if [ $? != 0 ]; then
losetup -d ${nstloop}
_failure "cryptsetup failed to resize $mapper"
losetup -d ${nstloop}
_failure "cryptsetup failed to resize $mapper"
fi
e2fsck -f /dev/mapper/${mapper}
if [ $? != 0 ]; then
losetup -d ${nstloop}
_failure "e2fsck failed to check $mapper"
losetup -d ${nstloop}
_failure "e2fsck failed to check $mapper"
fi
resize2fs /dev/mapper/${mapper}
if [ $? != 0 ]; then
losetup -d ${nstloop}
_failure "resize2fs failed to resize $mapper"
losetup -d ${nstloop}
_failure "resize2fs failed to resize $mapper"
fi
sleep 1 # needs to settle a bit
@ -1835,8 +1835,8 @@ list_tombs() {
}
if option_is_set --get-mountpoint; then
echo $tombmount
continue
echo $tombmount
continue
fi
# breaking up such strings is good for translation
print -n "$fg[green]$tombname"
@ -1872,7 +1872,7 @@ list_tombs() {
if [[ ${tombp} -ge 90 ]]; then
print -n "$fg_no_bold[green]$tombname"
print "$fg_bold[red] Your tomb is almost full!"
print "$fg_bold[red] Your tomb is almost full!"
fi
# now check hooks
@ -2000,9 +2000,9 @@ main() {
### Detect subcommand
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
for optspec in $subcommands_opts$main_opts; do
for opt in ${=optspec}; do
every_opts+=${opt}
done
for opt in ${=optspec}; do
every_opts+=${opt}
done
done
local -a oldstar
oldstar=($argv)
@ -2023,12 +2023,12 @@ main() {
unset discardme
subcommand=$1
if [[ -z $subcommand ]]; then
subcommand="__default"
subcommand="__default"
fi
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
_warning "There's no such command \"$subcommand\"."
_failure "Please try -h for help" 127
_warning "There's no such command \"$subcommand\"."
_failure "Please try -h for help" 127
# die "Subcommand '$subcommand' doesn't exist" 127
fi
argv=(${oldstar})
@ -2066,14 +2066,14 @@ main() {
fi
### End parsing command-specific options
if ! option_is_set --no-color; then
autoload colors; colors
autoload colors; colors
fi
if ! option_is_set --unsecure-dev-mode; then
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
if option_is_set $opt; then
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
fi
done
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
if option_is_set $opt; then
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
fi
done
fi
# when we run as root, we remember the original uid:gid
@ -2152,9 +2152,9 @@ main() {
_warning "resize2fs not installed. Cannot resize your tomb."
return 1
fi
check_priv
resize_tomb $PARAM[1]
;;
check_priv
resize_tomb $PARAM[1]
;;
# internal commands useful to developers
'source') return 0 ;;