Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2025-01-03 14:17:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix to password check (return code of gpg parsed using --status-fd

Browse Source
This commit is contained in:
Jaromil 2013-03-22 23:39:25 +01:00
parent 32cf477b58
commit cc3cfccd21
1 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/tomb
View File

@ -868,10 +868,10 @@ lock_tomb_with_key() {
keyname=`basename $tombkey | cut -d. -f1` keyname=`basename $tombkey | cut -d. -f1`
_message "a password is required to use key ${keyname}" _message "a password is required to use key ${keyname}"
local passok=0
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd` tombpass=`option_value --tomb-pwd`
else else
for c in 1 2 3; do for c in 1 2 3; do
if [ $c = 1 ]; then if [ $c = 1 ]; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
@ -883,16 +883,14 @@ lock_tomb_with_key() {
die "User aborted" die "User aborted"
fi fi
gpg --batch --passphrase-fd 0 --no-tty --no-options \ get_lukskey "${tombpass}" ${tombkey} >/dev/null
-d "${tombkey}" 1> /dev/null 2>/dev/null <<< ${tombpass} if [ $? = 0 ]; then
if [[ $? = 0 ]]; then passok=1; _message "Password OK."
passok=1
_message "Password OK."
break; break;
fi fi
done done
fi fi
if [[ $passok != 1 ]]; then if [ "$passok" = "0" ]; then
_warning "Password incorrect" _warning "Password incorrect"
losetup -d $nstloop losetup -d $nstloop
die "Operation aborted." die "Operation aborted."
@ -900,11 +898,6 @@ lock_tomb_with_key() {
_success "Locking ${tombfile} with ${tombkey}" _success "Locking ${tombfile} with ${tombkey}"
echo
get_lukskey "${tombpass}" ${tombkey}
echo
xxx "cryptsetup --key-file - --batch-mode --cipher ${cipher} --key-size 256 luksFormat ${nstloop}"
_message "formatting Luks mapped device" _message "formatting Luks mapped device"
get_lukskey "${tombpass}" ${tombkey} | \ get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - --batch-mode \ cryptsetup --key-file - --batch-mode \
@ -963,6 +956,7 @@ get_lukskey() {
local tombpass=$1 local tombpass=$1
keyfile=$2 keyfile=$2
firstline=`head -n1 $keyfile` firstline=`head -n1 $keyfile`
xxx "get_lukskey XXX $keyfile"
if [[ $firstline =~ '^_KDF_' ]]; then if [[ $firstline =~ '^_KDF_' ]]; then
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`" _verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
case `cut -d_ -f 3 <<<$firstline` in case `cut -d_ -f 3 <<<$firstline` in
@ -980,9 +974,11 @@ get_lukskey() {
;; ;;
esac esac
fi fi
gpg --batch --passphrase-fd 0 --no-tty --no-options \ gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 1 -d "${keyfile}" \
-d "${keyfile}" 2> /dev/null <<< ${tombpass} <<< ${tombpass} \
| grep 'DECRYPTION_OKAY'
ret=$? ret=$?
xxx "gpg decryption returns $ret"
unset tombpass unset tombpass
return $ret return $ret
} }