mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-09-28 12:49:04 +00:00
whitespace cleanup
This commit is contained in:
parent
37792ffdc5
commit
c20ca3a920
542
tomb
542
tomb
@ -60,11 +60,11 @@ option_is_set() {
|
||||
[[ -n ${(k)opts[$1]} ]];
|
||||
r=$?
|
||||
if [[ $2 == out ]]; then
|
||||
if [[ $r == 0 ]]; then
|
||||
echo 'set'
|
||||
else
|
||||
echo 'unset'
|
||||
fi
|
||||
if [[ $r == 0 ]]; then
|
||||
echo 'set'
|
||||
else
|
||||
echo 'unset'
|
||||
fi
|
||||
fi
|
||||
return $r;
|
||||
}
|
||||
@ -159,7 +159,7 @@ progress() {
|
||||
# progress create 90 formatting the tomb
|
||||
# progress create 100 tomb created successfully
|
||||
if ! option_is_set --batch; then
|
||||
return
|
||||
return
|
||||
fi
|
||||
print "[m][P][$1][$2][$3]" >&2
|
||||
|
||||
@ -184,8 +184,8 @@ check_bin() {
|
||||
|
||||
# check for filesystem creation progs
|
||||
command -v mkfs.ext4 > /dev/null && \
|
||||
MKFS="mkfs.ext4 -q -F -j -L" || \
|
||||
MKFS="mkfs.ext3 -q -F -j -L"
|
||||
MKFS="mkfs.ext4 -q -F -j -L" || \
|
||||
MKFS="mkfs.ext3 -q -F -j -L"
|
||||
|
||||
# check for mktemp
|
||||
command -v mktemp > /dev/null || MKTEMP=0
|
||||
@ -195,15 +195,15 @@ check_bin() {
|
||||
command -v e2fsck resize2fs > /dev/null || RESIZER=0
|
||||
|
||||
if which tomb-kdf-pbkdf2 &> /dev/null; then
|
||||
KDF_PBKDF2="tomb-kdf-pbkdf2"
|
||||
KDF_PBKDF2="tomb-kdf-pbkdf2"
|
||||
else
|
||||
local our_pbkdf2
|
||||
our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
|
||||
if which $our_pbkdf2 &> /dev/null; then
|
||||
KDF_PBKDF2=$our_pbkdf2
|
||||
else
|
||||
KDF_PBKDF2=
|
||||
fi
|
||||
local our_pbkdf2
|
||||
our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2"
|
||||
if which $our_pbkdf2 &> /dev/null; then
|
||||
KDF_PBKDF2=$our_pbkdf2
|
||||
else
|
||||
KDF_PBKDF2=
|
||||
fi
|
||||
fi
|
||||
|
||||
}
|
||||
@ -252,7 +252,7 @@ safe_dir() {
|
||||
return 0
|
||||
else
|
||||
_warning "WARNING: we cannot ensure we're running in RAM."
|
||||
xxx "Wait a bit before retrying... (attempt $tries)"
|
||||
xxx "Wait a bit before retrying... (attempt $tries)"
|
||||
sync && sleep 0.5
|
||||
fi
|
||||
done
|
||||
@ -308,7 +308,7 @@ SETPROMPT Password:
|
||||
GETPIN
|
||||
EOF`
|
||||
if [[ `tail -n1 <<<$output` =~ ERR ]]; then
|
||||
return 1
|
||||
return 1
|
||||
fi
|
||||
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
|
||||
return 0
|
||||
@ -336,7 +336,7 @@ check_priv() {
|
||||
sudok=false
|
||||
# sudo -n ${TOMBEXEC} &> /dev/null
|
||||
if ! option_is_set --sudo-pwd; then
|
||||
if [ $? != 0 ]; then # if not then ask a password
|
||||
if [ $? != 0 ]; then # if not then ask a password
|
||||
cat <<EOF | pinentry 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
|
||||
OPTION ttyname=$TTY
|
||||
OPTION lc-ctype=$LANG
|
||||
@ -345,10 +345,10 @@ SETDESC Sudo execution of Tomb ${OLDARGS[@]}
|
||||
SETPROMPT Insert your USER password:
|
||||
GETPIN
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
else
|
||||
_verbose "Escalating privileges using sudo-pwd"
|
||||
sudo -S -v <<<`option_value --sudo-pwd`
|
||||
_verbose "Escalating privileges using sudo-pwd"
|
||||
sudo -S -v <<<`option_value --sudo-pwd`
|
||||
fi
|
||||
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
|
||||
exit $?
|
||||
@ -365,10 +365,10 @@ check_command() {
|
||||
#before wasting user's time
|
||||
|
||||
if ! option_is_set --ignore-swap && ! option_is_set -f; then
|
||||
if ! check_swap; then
|
||||
error "Swap activated. Disable it with swapoff, or use --ignore-swap"
|
||||
exit 1
|
||||
fi
|
||||
if ! check_swap; then
|
||||
error "Swap activated. Disable it with swapoff, or use --ignore-swap"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
@ -464,22 +464,22 @@ EOF
|
||||
|
||||
cat $TOMBEXEC | awk '
|
||||
/(_verbose|xxx) ".*"$/ { sub( /^(_verbose|xxx)/ , "");
|
||||
print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
|
||||
/(_success|yes) ".*"$/ { sub( /^(_success|yes)/ , "");
|
||||
print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
|
||||
/(_warning|no) ".*"$/ { sub( /^(_warning|no)/ , "");
|
||||
print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
|
||||
/(_failure|die) ".*"$/ { sub( /^(_failure|die)/ , "");
|
||||
print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
|
||||
/(_message|say) ".*"$/ { sub( /^(_message|say)/ , "");
|
||||
print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
|
||||
/(_message -n|act) ".*"$/ { sub( /^(_message -n|act)/ , "");
|
||||
print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" }
|
||||
'
|
||||
}
|
||||
# }}}
|
||||
@ -554,8 +554,8 @@ decode_key() {
|
||||
|
||||
keyfile=${tombname%%\.*}.tomb.key
|
||||
if [[ -e "$keyfile" ]]; then
|
||||
_warning "Key file $keyfile already exist."
|
||||
return 1
|
||||
_warning "Key file $keyfile already exist."
|
||||
return 1
|
||||
fi
|
||||
_message "Trying to exhume a key out of image $imagefile"
|
||||
for c in 1 2 3; do
|
||||
@ -612,7 +612,7 @@ BEGIN { ciphers=0 }
|
||||
|
||||
exec_safe_bind_hooks() {
|
||||
if [[ -n ${(k)opts[-o]} ]]; then
|
||||
MOUNTOPTS=${opts[-o]}
|
||||
MOUNTOPTS=${opts[-o]}
|
||||
fi
|
||||
local MOUNTPOINT="${1}"
|
||||
local ME=${SUDO_USER:-$(whoami)}
|
||||
@ -685,8 +685,8 @@ forge_key() {
|
||||
_message "Commanded to forge key $1"
|
||||
|
||||
if ! [ $1 ]; then
|
||||
_warning "no key name specified for creation"
|
||||
return 1
|
||||
_warning "no key name specified for creation"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# if swap is on, we remind the user about possible data leaks to disk
|
||||
@ -716,13 +716,13 @@ forge_key() {
|
||||
chmod 0600 ${keytmp}/tomb.tmp
|
||||
random_source=/dev/random
|
||||
if option_is_set --use-urandom; then
|
||||
random_source=/dev/urandom
|
||||
random_source=/dev/urandom
|
||||
fi
|
||||
|
||||
if [[ $DD = "dcfldd" ]]; then
|
||||
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
|
||||
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
|
||||
else
|
||||
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
|
||||
$DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
|
||||
fi
|
||||
if ! [ -r ${keytmp}/tomb.tmp ]; then
|
||||
_warning "cannot generate encryption key"
|
||||
@ -744,7 +744,7 @@ forge_key() {
|
||||
# this does a check on the file header, virtuosism by hellekin
|
||||
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
|
||||
if ! is_valid_key ${tombkey}; then
|
||||
_warning "The key does not seem to be valid"
|
||||
_warning "The key does not seem to be valid"
|
||||
_warning "Dumping contents to screen:"
|
||||
cat ${tombkey}
|
||||
_warning "--"
|
||||
@ -774,8 +774,8 @@ dig_tomb() {
|
||||
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
|
||||
|
||||
if ! [ $1 ]; then
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
fi
|
||||
|
||||
|
||||
@ -827,9 +827,9 @@ dig_tomb() {
|
||||
# it take arguments as the LUKS cipher to be used
|
||||
lock_tomb_with_key() {
|
||||
if ! [ $1 ]; then
|
||||
_warning "no tomb specified for locking"
|
||||
_warning "no tomb specified for locking"
|
||||
_warning "usage: tomb lock file.tomb file.tomb.key"
|
||||
return 1
|
||||
return 1
|
||||
fi
|
||||
|
||||
tombfile=`basename $1`
|
||||
@ -853,10 +853,10 @@ lock_tomb_with_key() {
|
||||
xxx "loop mounted on ${nstloop}"
|
||||
|
||||
_message "checking if the tomb is empty (we never step on somebody else's bones)"
|
||||
cryptsetup isLuks ${nstloop}
|
||||
cryptsetup isLuks ${nstloop}
|
||||
if [ $? = 0 ]; then
|
||||
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
||||
_warning "The tomb was already locked with another key"
|
||||
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
||||
_warning "The tomb was already locked with another key"
|
||||
losetup -d ${nstloop}
|
||||
die "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
|
||||
else
|
||||
@ -873,11 +873,11 @@ lock_tomb_with_key() {
|
||||
tombkey=${tombkeydir}/stdin.tmp
|
||||
else
|
||||
# take key from a file
|
||||
tombkey=`option_value -k`
|
||||
tombkey=`option_value -k`
|
||||
fi
|
||||
else
|
||||
# guess key as lying besides the tomb
|
||||
tombkey=${tombdir}/${tombname}.tomb.key
|
||||
tombkey=${tombdir}/${tombname}.tomb.key
|
||||
fi
|
||||
|
||||
if [ -r "${tombkey}" ]; then
|
||||
@ -892,13 +892,13 @@ lock_tomb_with_key() {
|
||||
# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
|
||||
if ! is_valid_key ${tombkey}; then
|
||||
_warning "The key seems invalid, the application/pgp header is missing"
|
||||
losetup -d ${nstloop}
|
||||
losetup -d ${nstloop}
|
||||
die "Operation aborted."
|
||||
fi
|
||||
|
||||
# the encryption cipher for a tomb can be set at creation using -o
|
||||
if option_is_set -o; then
|
||||
cipher="`option_value -o`"
|
||||
cipher="`option_value -o`"
|
||||
else
|
||||
cipher="aes-cbc-essiv:sha256"
|
||||
fi
|
||||
@ -908,20 +908,20 @@ lock_tomb_with_key() {
|
||||
_message "a password is required to use key ${keyname}"
|
||||
local passok=0
|
||||
if option_is_set --tomb-pwd; then
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
else
|
||||
for c in 1 2 3; do
|
||||
if [ $c = 1 ]; then
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
|
||||
else
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
|
||||
fi
|
||||
if [[ $? != 0 ]]; then
|
||||
if [[ $? != 0 ]]; then
|
||||
losetup -d ${nstloop}
|
||||
die "User aborted"
|
||||
fi
|
||||
die "User aborted"
|
||||
fi
|
||||
|
||||
get_lukskey "${tombpass}" ${tombkey} >/dev/null
|
||||
get_lukskey "${tombpass}" ${tombkey} >/dev/null
|
||||
if [ $? = 0 ]; then
|
||||
passok=1; _message "Password OK."
|
||||
break;
|
||||
@ -984,8 +984,8 @@ lock_tomb_with_key() {
|
||||
# backward compatibility
|
||||
create_tomb() {
|
||||
if ! [ $1 ]; then
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
fi
|
||||
|
||||
dig_tomb ${=PARAM}
|
||||
@ -1023,21 +1023,21 @@ get_lukskey() {
|
||||
firstline=`head -n1 $keyfile`
|
||||
xxx "get_lukskey XXX $keyfile"
|
||||
if [[ $firstline =~ '^_KDF_' ]]; then
|
||||
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
|
||||
case `cut -d_ -f 3 <<<$firstline` in
|
||||
pbkdf2sha1)
|
||||
if [[ -z $KDF_PBKDF2 ]]; then
|
||||
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
||||
fi
|
||||
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
|
||||
tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
|
||||
;;
|
||||
*)
|
||||
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
|
||||
unset tombpass
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
|
||||
case `cut -d_ -f 3 <<<$firstline` in
|
||||
pbkdf2sha1)
|
||||
if [[ -z $KDF_PBKDF2 ]]; then
|
||||
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
||||
fi
|
||||
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
|
||||
tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass)
|
||||
;;
|
||||
*)
|
||||
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`"
|
||||
unset tombpass
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
print ${tombpass} | \
|
||||
gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 2 \
|
||||
@ -1057,29 +1057,29 @@ gen_key() {
|
||||
local tombpass=""
|
||||
local tombpasstmp=""
|
||||
if ! option_is_set --tomb-pwd; then
|
||||
while true; do
|
||||
# 3 tries to write two times a matching password
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
|
||||
if [[ $? != 0 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
if [ -z $tombpass ]; then
|
||||
_warning "you set empty password, which is not possible"
|
||||
continue
|
||||
fi
|
||||
tombpasstmp=$tombpass
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
|
||||
if [[ $? != 0 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
if [ "$tombpasstmp" = "$tombpass" ]; then
|
||||
break;
|
||||
fi
|
||||
unset tombpasstmp
|
||||
unset tombpass
|
||||
done
|
||||
while true; do
|
||||
# 3 tries to write two times a matching password
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
|
||||
if [[ $? != 0 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
if [ -z $tombpass ]; then
|
||||
_warning "you set empty password, which is not possible"
|
||||
continue
|
||||
fi
|
||||
tombpasstmp=$tombpass
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
|
||||
if [[ $? != 0 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
if [ "$tombpasstmp" = "$tombpass" ]; then
|
||||
break;
|
||||
fi
|
||||
unset tombpasstmp
|
||||
unset tombpass
|
||||
done
|
||||
else
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
fi
|
||||
|
||||
|
||||
@ -1088,40 +1088,40 @@ gen_key() {
|
||||
_verbose "KDF method chosen is: '`option_value --kdf`'"
|
||||
kdf_method=$(cut -d: -f1 <<<`option_value --kdf` )
|
||||
case $kdf_method in
|
||||
pbkdf2)
|
||||
if [[ -z $KDF_PBKDF2 ]]; then
|
||||
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
||||
fi
|
||||
# --kdf takes one parameter: iter time (on present machine) in seconds
|
||||
seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
|
||||
if [[ -z $seconds ]]; then
|
||||
seconds=1
|
||||
fi
|
||||
local -i microseconds
|
||||
microseconds=$((seconds*1000000))
|
||||
_verbose "Microseconds: $microseconds"
|
||||
pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
|
||||
pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
|
||||
# We use a length of 64bytes = 512bits (more than needed!?)
|
||||
tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
||||
pbkdf2)
|
||||
if [[ -z $KDF_PBKDF2 ]]; then
|
||||
die "The tomb use kdf method 'pbkdf2', which is unsupported on your system"
|
||||
fi
|
||||
# --kdf takes one parameter: iter time (on present machine) in seconds
|
||||
seconds=$(cut -d: -f2 -s <<<`option_value --kdf`)
|
||||
if [[ -z $seconds ]]; then
|
||||
seconds=1
|
||||
fi
|
||||
local -i microseconds
|
||||
microseconds=$((seconds*1000000))
|
||||
_verbose "Microseconds: $microseconds"
|
||||
pbkdf2_salt=`${KDF_PBKDF2}-gensalt`
|
||||
pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds`
|
||||
# We use a length of 64bytes = 512bits (more than needed!?)
|
||||
tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
||||
|
||||
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
||||
;;
|
||||
""|null)
|
||||
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
||||
;;
|
||||
""|null)
|
||||
|
||||
header=""
|
||||
;;
|
||||
*)
|
||||
_warning "KDF method non recognized"
|
||||
return 1
|
||||
header=""
|
||||
;;
|
||||
header=""
|
||||
;;
|
||||
*)
|
||||
_warning "KDF method non recognized"
|
||||
return 1
|
||||
header=""
|
||||
;;
|
||||
esac
|
||||
echo -n $header
|
||||
|
||||
print "${tombpass}" \
|
||||
| gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \
|
||||
-o - -c -a ${lukskey}
|
||||
-o - -c -a ${lukskey}
|
||||
|
||||
unset tombpass
|
||||
}
|
||||
@ -1136,8 +1136,8 @@ mount_tomb() {
|
||||
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
|
||||
|
||||
if ! [ ${1} ]; then
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
_warning "no tomb name specified for creation"
|
||||
return 1
|
||||
fi
|
||||
|
||||
|
||||
@ -1168,11 +1168,11 @@ mount_tomb() {
|
||||
tombkey=${tombkeydir}/stdin.tmp
|
||||
else
|
||||
# take key from a file
|
||||
tombkey=`option_value -k`
|
||||
tombkey=`option_value -k`
|
||||
fi
|
||||
else
|
||||
# guess key as lying besides the tomb
|
||||
tombkey=${tombdir}/${tombfile}.key
|
||||
tombkey=${tombdir}/${tombfile}.key
|
||||
fi
|
||||
if ! [ -r ${tombkey} ]; then
|
||||
_warning "key file not found: ${tombkey}"
|
||||
@ -1181,11 +1181,11 @@ mount_tomb() {
|
||||
fi
|
||||
|
||||
if ! [ $2 ]; then
|
||||
tombmount=/media/${tombfile}
|
||||
_message "mountpoint not specified, using default: $tombmount"
|
||||
tombmount=/media/${tombfile}
|
||||
_message "mountpoint not specified, using default: $tombmount"
|
||||
elif ! [ -x $2 ]; then
|
||||
_warning "mountpoint $2 doesn't exist, operation aborted."
|
||||
return 1
|
||||
_warning "mountpoint $2 doesn't exist, operation aborted."
|
||||
return 1
|
||||
else
|
||||
tombmount=$2
|
||||
fi
|
||||
@ -1193,7 +1193,7 @@ mount_tomb() {
|
||||
# check if its already open
|
||||
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
|
||||
if [ $? = 0 ]; then
|
||||
_warning "$tombname is already open on $tombmount"
|
||||
_warning "$tombname is already open on $tombmount"
|
||||
_message "here below its status is reported:"
|
||||
list_tombs ${tombname}
|
||||
return 1
|
||||
@ -1206,16 +1206,16 @@ mount_tomb() {
|
||||
|
||||
nstloop=`losetup -f`
|
||||
if [ $? = 255 ]; then
|
||||
die "too many tomb opened. Please close any of them to open another tomb"
|
||||
die "too many tomb opened. Please close any of them to open another tomb"
|
||||
fi
|
||||
losetup -f ${tombdir}/${tombfile}
|
||||
|
||||
cryptsetup isLuks ${nstloop}
|
||||
if [ $? != 0 ]; then
|
||||
# is it a LUKS encrypted nest? see cryptsetup(1)
|
||||
_warning "$tombfile is not a valid Luks encrypted storage file"
|
||||
$norm || rmdir $tombmount 2>/dev/null
|
||||
return 1
|
||||
# is it a LUKS encrypted nest? see cryptsetup(1)
|
||||
_warning "$tombfile is not a valid Luks encrypted storage file"
|
||||
$norm || rmdir $tombmount 2>/dev/null
|
||||
return 1
|
||||
fi
|
||||
say "this tomb is a valid LUKS encrypted device"
|
||||
|
||||
@ -1242,40 +1242,40 @@ mount_tomb() {
|
||||
|
||||
_warning "Password is required for key ${keyname}"
|
||||
for c in 1 2 3; do
|
||||
if ! option_is_set --tomb-pwd; then
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
|
||||
if [[ $? != 0 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
else
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
fi
|
||||
get_lukskey "${tombpass}" ${tombkey} | \
|
||||
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
||||
local ret=$?
|
||||
unset tombpass
|
||||
if [[ $ret != 0 ]]; then
|
||||
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
|
||||
die "Wrong password: aborting"
|
||||
fi
|
||||
continue
|
||||
fi
|
||||
if ! option_is_set --tomb-pwd; then
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"`
|
||||
if [[ $? != 0 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
else
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
fi
|
||||
get_lukskey "${tombpass}" ${tombkey} | \
|
||||
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
||||
local ret=$?
|
||||
unset tombpass
|
||||
if [[ $ret != 0 ]]; then
|
||||
if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
|
||||
die "Wrong password: aborting"
|
||||
fi
|
||||
continue
|
||||
fi
|
||||
|
||||
# if key was from stdin delete temp file and dir
|
||||
if [ $tombkeydir ]; then
|
||||
${=WIPE} ${tombkey}
|
||||
rmdir $tombkeydir
|
||||
fi
|
||||
# if key was from stdin delete temp file and dir
|
||||
if [ $tombkeydir ]; then
|
||||
${=WIPE} ${tombkey}
|
||||
rmdir $tombkeydir
|
||||
fi
|
||||
|
||||
if [ -r /dev/mapper/${mapper} ]; then
|
||||
break; # password was correct
|
||||
fi
|
||||
if [ -r /dev/mapper/${mapper} ]; then
|
||||
break; # password was correct
|
||||
fi
|
||||
done
|
||||
|
||||
if ! [ -r /dev/mapper/${mapper} ]; then
|
||||
losetup -d ${nstloop}
|
||||
$norm || rmdir ${tombmount} 2>/dev/null
|
||||
die "failure mounting the encrypted file"
|
||||
losetup -d ${nstloop}
|
||||
$norm || rmdir ${tombmount} 2>/dev/null
|
||||
die "failure mounting the encrypted file"
|
||||
fi
|
||||
|
||||
# array: [ cipher, keysize, loopdevice ]
|
||||
@ -1326,8 +1326,8 @@ mount_tomb() {
|
||||
# process bind-hooks (mount -o bind of directories)
|
||||
# and post-hooks (execute on open)
|
||||
if ! option_is_set -n ; then
|
||||
exec_safe_bind_hooks ${tombmount}
|
||||
exec_safe_post_hooks ${tombmount} open
|
||||
exec_safe_bind_hooks ${tombmount}
|
||||
exec_safe_post_hooks ${tombmount} open
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
@ -1379,7 +1379,7 @@ BEGIN { main="" }
|
||||
# needs an argument: name of tomb whose hooks belong
|
||||
list_tomb_binds() {
|
||||
if [ "$1" = "" ]; then
|
||||
_failure "internal error: list_tomb_binds called without argument."; fi
|
||||
_failure "internal error: list_tomb_binds called without argument."; fi
|
||||
|
||||
# list bind hooks on util-linux 2.20 (Debian 7)
|
||||
mount -l \
|
||||
@ -1400,7 +1400,7 @@ BEGIN { main="" }
|
||||
|
||||
mount -l | grep "^$tombmount" \
|
||||
| awk -vtomb="$1" '
|
||||
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
|
||||
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
|
||||
}
|
||||
|
||||
# }}}
|
||||
@ -1411,24 +1411,24 @@ BEGIN { main="" }
|
||||
slam_tomb() {
|
||||
# $1 = tomb mount point
|
||||
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
|
||||
return 0
|
||||
return 0
|
||||
fi
|
||||
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
|
||||
for s in TERM HUP KILL; do
|
||||
xxx "Sending $s to processes inside the tomb:"
|
||||
if option_is_set -D; then
|
||||
ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
|
||||
while read line; do
|
||||
xxx $line
|
||||
done
|
||||
fi
|
||||
fuser -s -m "$1" -k -M -$s
|
||||
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
|
||||
return 0
|
||||
fi
|
||||
if ! option_is_set -f; then
|
||||
sleep 3
|
||||
fi
|
||||
xxx "Sending $s to processes inside the tomb:"
|
||||
if option_is_set -D; then
|
||||
ps -fp `fuser -m /media/a.tomb 2> /dev/null`|
|
||||
while read line; do
|
||||
xxx $line
|
||||
done
|
||||
fi
|
||||
fuser -s -m "$1" -k -M -$s
|
||||
if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then
|
||||
return 0
|
||||
fi
|
||||
if ! option_is_set -f; then
|
||||
sleep 3
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
@ -1476,10 +1476,10 @@ umount_tomb() {
|
||||
if [ $SLAM ]; then
|
||||
_success "Slamming tomb $tombname mounted on $tombmount"
|
||||
_message "Kill all processes busy inside the tomb"
|
||||
if ! slam_tomb "$tombmount"; then
|
||||
if ! slam_tomb "$tombmount"; then
|
||||
_warning "Cannot slam the tomb $tombname"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
say "Closing tomb $tombname mounted on $tombmount"
|
||||
fi
|
||||
@ -1494,11 +1494,11 @@ umount_tomb() {
|
||||
if [[ $? != 0 ]]; then
|
||||
if [ $SLAM ]; then
|
||||
_success "Slamming tomb: killing all processes using this hook"
|
||||
slam_tomb "$bind_mount"
|
||||
if [[ $? == 1 ]]; then
|
||||
slam_tomb "$bind_mount"
|
||||
if [[ $? == 1 ]]; then
|
||||
_warning "Cannot slam the bind hook $bind_mount"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
umount $bind_mount
|
||||
else
|
||||
_warning "Tomb bind hook $bind_mount is busy, cannot close tomb."
|
||||
@ -1515,9 +1515,9 @@ umount_tomb() {
|
||||
umount ${tombmount}
|
||||
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
|
||||
else
|
||||
# this means we used a "default" mount point
|
||||
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
|
||||
rmdir ${tombmount} }
|
||||
# this means we used a "default" mount point
|
||||
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
|
||||
rmdir ${tombmount} }
|
||||
fi
|
||||
|
||||
cryptsetup luksClose $mapper
|
||||
@ -1553,14 +1553,14 @@ change_passwd() {
|
||||
|
||||
# check the keyfile
|
||||
if ! [ -r $keyfile ]; then
|
||||
_warning "key not found: $keyfile"
|
||||
return 1
|
||||
_warning "key not found: $keyfile"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! is_valid_key $keyfile ; then
|
||||
_warning "file doesn't seems to be a tomb key: $keyfile"
|
||||
_warning "operation aborted."
|
||||
return 1
|
||||
_warning "file doesn't seems to be a tomb key: $keyfile"
|
||||
_warning "operation aborted."
|
||||
return 1
|
||||
fi
|
||||
|
||||
local tmpnewkey lukskey c tombpass tombpasstmp
|
||||
@ -1571,37 +1571,37 @@ change_passwd() {
|
||||
_success "Changing password for $keyfile"
|
||||
keyname=`basename $keyfile`
|
||||
if ! option_is_set --tomb-old-pwd; then
|
||||
while true; do
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
|
||||
if [[ $? == 1 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
while true; do
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
|
||||
if [[ $? == 1 ]]; then
|
||||
die "User aborted"
|
||||
fi
|
||||
if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
else
|
||||
tombpass=`option_value --tomb-old-pwd`
|
||||
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||
die "Invalid old password"
|
||||
fi
|
||||
tombpass=`option_value --tomb-old-pwd`
|
||||
if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
|
||||
die "Invalid old password"
|
||||
fi
|
||||
fi
|
||||
|
||||
{
|
||||
gen_key $lukskey > ${tmpnewkey}
|
||||
gen_key $lukskey > ${tmpnewkey}
|
||||
|
||||
if ! is_valid_key $tmpnewkey; then
|
||||
die "Error: the newly generated keyfile does not seem valid"
|
||||
else
|
||||
# copy the new key as the original keyfile name
|
||||
cp "${tmpnewkey}" "${keyfile}"
|
||||
_success "Your passphrase was successfully updated."
|
||||
fi
|
||||
if ! is_valid_key $tmpnewkey; then
|
||||
die "Error: the newly generated keyfile does not seem valid"
|
||||
else
|
||||
# copy the new key as the original keyfile name
|
||||
cp "${tmpnewkey}" "${keyfile}"
|
||||
_success "Your passphrase was successfully updated."
|
||||
fi
|
||||
} always {
|
||||
_verbose "cleanup: $tmpnewkey $lukskey"
|
||||
# wipe all temp file
|
||||
${=WIPE} "${tmpnewkey}"
|
||||
${=WIPE} "${lukskey}"
|
||||
_verbose "cleanup: $tmpnewkey $lukskey"
|
||||
# wipe all temp file
|
||||
${=WIPE} "${tmpnewkey}"
|
||||
${=WIPE} "${lukskey}"
|
||||
}
|
||||
|
||||
return $?
|
||||
@ -1614,9 +1614,9 @@ change_passwd() {
|
||||
resize_tomb() {
|
||||
_message "Commanded to resize tomb $1 to $opts[-s] megabytes"
|
||||
if ! [ $1 ]; then
|
||||
_failure "No tomb name specified for resizing"
|
||||
_failure "No tomb name specified for resizing"
|
||||
elif ! [ -r "$1" ]; then
|
||||
_failure "Cannot find $1"
|
||||
_failure "Cannot find $1"
|
||||
fi
|
||||
|
||||
local c tombpass tombkey
|
||||
@ -1628,18 +1628,18 @@ resize_tomb() {
|
||||
|
||||
if option_is_set -k ; then
|
||||
if [[ "`option_value -k`" == "-" ]]; then
|
||||
# take key from stdin
|
||||
local tombkeydir
|
||||
tombkeydir=`safe_dir`
|
||||
cat > ${tombkeydir}/stdin.tmp
|
||||
tombkey=${tombkeydir}/stdin.tmp
|
||||
# take key from stdin
|
||||
local tombkeydir
|
||||
tombkeydir=`safe_dir`
|
||||
cat > ${tombkeydir}/stdin.tmp
|
||||
tombkey=${tombkeydir}/stdin.tmp
|
||||
else
|
||||
# take key from a file
|
||||
tombkey=`option_value -k`
|
||||
# take key from a file
|
||||
tombkey=`option_value -k`
|
||||
fi
|
||||
else
|
||||
# guess key as lying besides the tomb
|
||||
tombkey=${tombdir}/${tombfile}.key
|
||||
tombkey=${tombdir}/${tombfile}.key
|
||||
fi
|
||||
|
||||
if ! [ -r ${tombkey} ]; then
|
||||
@ -1650,21 +1650,21 @@ resize_tomb() {
|
||||
local newtombsize=$opts[-s]
|
||||
local oldtombsize=`stat -c %s "$1" 2>/dev/null`
|
||||
local mounted_tomb=`mount -l |
|
||||
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
|
||||
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
|
||||
|
||||
if [ "$mounted_tomb" ]; then
|
||||
_failure "the tomb $tombname is open, to resize it it needs to be close."
|
||||
_failure "the tomb $tombname is open, to resize it it needs to be close."
|
||||
fi
|
||||
|
||||
# MB to bytes conversion
|
||||
newtombsize=`expr \( $newtombsize \* 1024 \) \* 1024 2> /dev/null`
|
||||
|
||||
if ! [ "$newtombsize" ] ; then
|
||||
_failure "You must specify the new size of $tombname"
|
||||
_failure "You must specify the new size of $tombname"
|
||||
elif [[ $newtombsize != <-> ]]; then
|
||||
_failure "Size is not an integer"
|
||||
_failure "Size is not an integer"
|
||||
elif [ "$newtombsize" -le "$oldtombsize" ]; then
|
||||
_failure "the new size must be greater then old tomb size."
|
||||
_failure "the new size must be greater then old tomb size."
|
||||
fi
|
||||
|
||||
local delta=`expr $newtombsize \- $oldtombsize`
|
||||
@ -1686,7 +1686,7 @@ resize_tomb() {
|
||||
|
||||
local nstloop=`losetup -f`
|
||||
if [ $? = 255 ]; then
|
||||
_failure "too many tomb opened. Please close any of them to open another tomb"
|
||||
_failure "too many tomb opened. Please close any of them to open another tomb"
|
||||
fi
|
||||
losetup -f "$1"
|
||||
|
||||
@ -1700,37 +1700,37 @@ resize_tomb() {
|
||||
else
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"`
|
||||
fi
|
||||
get_lukskey "${tombpass}" ${tombkey} | \
|
||||
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
||||
get_lukskey "${tombpass}" ${tombkey} | \
|
||||
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
||||
|
||||
unset tombpass
|
||||
unset tombpass
|
||||
|
||||
if [ -r /dev/mapper/${mapper} ]; then
|
||||
break; # password was correct
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if ! [ -r /dev/mapper/${mapper} ]; then
|
||||
losetup -d ${nstloop}
|
||||
_failure "failure mounting the encrypted file"
|
||||
losetup -d ${nstloop}
|
||||
_failure "failure mounting the encrypted file"
|
||||
fi
|
||||
|
||||
cryptsetup resize "${mapper}"
|
||||
if [ $? != 0 ]; then
|
||||
losetup -d ${nstloop}
|
||||
_failure "cryptsetup failed to resize $mapper"
|
||||
losetup -d ${nstloop}
|
||||
_failure "cryptsetup failed to resize $mapper"
|
||||
fi
|
||||
|
||||
e2fsck -f /dev/mapper/${mapper}
|
||||
if [ $? != 0 ]; then
|
||||
losetup -d ${nstloop}
|
||||
_failure "e2fsck failed to check $mapper"
|
||||
losetup -d ${nstloop}
|
||||
_failure "e2fsck failed to check $mapper"
|
||||
fi
|
||||
|
||||
resize2fs /dev/mapper/${mapper}
|
||||
if [ $? != 0 ]; then
|
||||
losetup -d ${nstloop}
|
||||
_failure "resize2fs failed to resize $mapper"
|
||||
losetup -d ${nstloop}
|
||||
_failure "resize2fs failed to resize $mapper"
|
||||
fi
|
||||
|
||||
sleep 1 # needs to settle a bit
|
||||
@ -1835,8 +1835,8 @@ list_tombs() {
|
||||
}
|
||||
|
||||
if option_is_set --get-mountpoint; then
|
||||
echo $tombmount
|
||||
continue
|
||||
echo $tombmount
|
||||
continue
|
||||
fi
|
||||
# breaking up such strings is good for translation
|
||||
print -n "$fg[green]$tombname"
|
||||
@ -1872,7 +1872,7 @@ list_tombs() {
|
||||
|
||||
if [[ ${tombp} -ge 90 ]]; then
|
||||
print -n "$fg_no_bold[green]$tombname"
|
||||
print "$fg_bold[red] Your tomb is almost full!"
|
||||
print "$fg_bold[red] Your tomb is almost full!"
|
||||
fi
|
||||
|
||||
# now check hooks
|
||||
@ -2000,9 +2000,9 @@ main() {
|
||||
### Detect subcommand
|
||||
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
|
||||
for optspec in $subcommands_opts$main_opts; do
|
||||
for opt in ${=optspec}; do
|
||||
every_opts+=${opt}
|
||||
done
|
||||
for opt in ${=optspec}; do
|
||||
every_opts+=${opt}
|
||||
done
|
||||
done
|
||||
local -a oldstar
|
||||
oldstar=($argv)
|
||||
@ -2023,12 +2023,12 @@ main() {
|
||||
unset discardme
|
||||
subcommand=$1
|
||||
if [[ -z $subcommand ]]; then
|
||||
subcommand="__default"
|
||||
subcommand="__default"
|
||||
fi
|
||||
|
||||
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
|
||||
_warning "There's no such command \"$subcommand\"."
|
||||
_failure "Please try -h for help" 127
|
||||
_warning "There's no such command \"$subcommand\"."
|
||||
_failure "Please try -h for help" 127
|
||||
# die "Subcommand '$subcommand' doesn't exist" 127
|
||||
fi
|
||||
argv=(${oldstar})
|
||||
@ -2066,14 +2066,14 @@ main() {
|
||||
fi
|
||||
### End parsing command-specific options
|
||||
if ! option_is_set --no-color; then
|
||||
autoload colors; colors
|
||||
autoload colors; colors
|
||||
fi
|
||||
if ! option_is_set --unsecure-dev-mode; then
|
||||
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
||||
if option_is_set $opt; then
|
||||
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
|
||||
fi
|
||||
done
|
||||
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
||||
if option_is_set $opt; then
|
||||
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
# when we run as root, we remember the original uid:gid
|
||||
@ -2152,9 +2152,9 @@ main() {
|
||||
_warning "resize2fs not installed. Cannot resize your tomb."
|
||||
return 1
|
||||
fi
|
||||
check_priv
|
||||
resize_tomb $PARAM[1]
|
||||
;;
|
||||
check_priv
|
||||
resize_tomb $PARAM[1]
|
||||
;;
|
||||
|
||||
# internal commands useful to developers
|
||||
'source') return 0 ;;
|
||||
|
Loading…
Reference in New Issue
Block a user