Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2025-01-09 00:20:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added new --unsafe mode: -k cleartext

Browse Source 
Using the 'cleartext' name for a key will read it from stdin and
expect it to be unencrypted. This is an unsafe mode of operation,
but useful i.e. to open remote tombs by piping the key over ssh,
or using a different software than Tomb to de/crypt keys.

This commit also renames the flag --unsecure-dev-mode into --unsafe
and includes a minor fix to the last opened date shown on open.

Addressing issue #161
This commit is contained in:
Jaromil 2014-11-21 22:25:43 +01:00
parent b7f4e3a7fd
commit e48c7c4a85
1 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
tomb
View File

@ -772,6 +772,14 @@ is_valid_key() {
_verbose "is_valid_key" _verbose "is_valid_key"
[[ -z $key ]] && key=$TOMBKEY [[ -z $key ]] && key=$TOMBKEY
[[ "$key" = "cleartext" ]] && {
{ option_is_set --unsafe } || {
_warning "cleartext key from stdin selected: this is unsafe."
exitv=127 _failure "please use --unsafe if you really want to do this."
}
_warning "received key in cleartext from stdin (unsafe mode)"
return 0 }
[[ -z $key ]] && { [[ -z $key ]] && {
_warning "is_valid_key() called without an argument." _warning "is_valid_key() called without an argument."
return 1 return 1
@ -819,25 +827,31 @@ _load_key() {
[[ -z $keyfile ]] && { [[ -z $keyfile ]] && {
_failure "This operation requires a key file to be specified using the -k option." } _failure "This operation requires a key file to be specified using the -k option." }
[[ $keyfile == "-" ]] && { if [[ $keyfile == "-" ]]; then
_verbose "load_key reading from stdin." _verbose "load_key reading from stdin."
_message "Waiting for the key to be piped from stdin... " _message "Waiting for the key to be piped from stdin... "
TOMBKEYFILE=stdin TOMBKEYFILE=stdin
TOMBKEY=$(cat) TOMBKEY=$(cat)
} || { elif [[ $keyfile == "cleartext" ]]; then
_verbose "load_key reading SECRET from stdin"
_message "Waiting for the key to be piped from stdin... "
TOMBKEYFILE=cleartext
TOMBKEY=cleartext
TOMBSECRET=$(cat)
else
_verbose "load_key argument: ::1 key file::" $keyfile _verbose "load_key argument: ::1 key file::" $keyfile
[[ -r $keyfile ]] || _failure "Key not found, specify one using -k." [[ -r $keyfile ]] || _failure "Key not found, specify one using -k."
TOMBKEYFILE=$keyfile TOMBKEYFILE=$keyfile
TOMBKEY="${mapfile[$TOMBKEYFILE]}" TOMBKEY="${mapfile[$TOMBKEYFILE]}"
} fi
_verbose "load_key: ::1 key::" $TOMBKEYFILE _verbose "load_key: ::1 key::" $TOMBKEYFILE
is_valid_key $TOMBKEY || { is_valid_key $TOMBKEY || {
_warning "The key seems invalid or its format is not known by this version of Tomb." _warning "The key seems invalid or its format is not known by this version of Tomb."
_tomb_key_recover $TOMBKEY _tomb_key_recover $TOMBKEY
} }
# Declared TOMBKEYFILE (path) # Declared TOMBKEYFILE (path)
# Declared TOMBKEY (contents) # Declared TOMBKEY (contents)
@ -933,6 +947,10 @@ ask_key_password() {
[[ -z $TOMBKEYFILE ]] && { [[ -z $TOMBKEYFILE ]] && {
_failure "Internal error: ask_key_password() called before _load_key()." } _failure "Internal error: ask_key_password() called before _load_key()." }
[[ "$TOMBKEYFILE" = "cleartext" ]] && {
_verbose "no password needed, using secret bytes from stdin"
return 0 }
_message "A password is required to use key ::1 key::" $TOMBKEYFILE _message "A password is required to use key ::1 key::" $TOMBKEYFILE
passok=0 passok=0
tombpass="" tombpass=""
@ -979,7 +997,7 @@ ask_key_password() {
# call cryptsetup with arguments using the currently known secret # call cryptsetup with arguments using the currently known secret
# echo flags eliminate newline and disable escape (BSD_ECHO) # echo flags eliminate newline and disable escape (BSD_ECHO)
_cryptsetup() { _cryptsetup() {
print -R -n - "$TOMBSECRET" | cryptsetup --key-file - ${=@} print -R - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
return $? return $?
} }
@ -1729,6 +1747,8 @@ mount_tomb() {
_success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount _success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount
local tombtty tombhost tombuid tombuser
# print out when was opened the last time, by whom and where # print out when was opened the last time, by whom and where
[[ -r ${tombmount}/.last ]] && { [[ -r ${tombmount}/.last ]] && {
tombtty=$(_cat ${tombmount}/.tty | tr -d ' ') tombtty=$(_cat ${tombmount}/.tty | tr -d ' ')
@ -1740,7 +1760,7 @@ mount_tomb() {
tombuser="${e[(ws@:@)1]}" } tombuser="${e[(ws@:@)1]}" }
done done
_message "Last visit by ::1 user::(::2 tomb build::) from ::3 tty:: on ::4 host::" $tombuser $tombuid $tombtty $tombhost _message "Last visit by ::1 user::(::2 tomb build::) from ::3 tty:: on ::4 host::" $tombuser $tombuid $tombtty $tombhost
_message "on date ::1 date::" $(date --date @$tomblast +%c) _message "on date ::1 date::" "`date --date=@${tomblast} +%c`"
} }
# write down the UID and TTY that opened the tomb # write down the UID and TTY that opened the tomb
rm -f ${tombmount}/.uid rm -f ${tombmount}/.uid
@ -2409,7 +2429,7 @@ main() {
# can only use the non-abbreviated long-option version like: # can only use the non-abbreviated long-option version like:
# -force and NOT -f # -force and NOT -f
# #
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v U: -uid=U G: -gid=G T: -tty=T -no-color -unsecure-dev-mode) main_opts=(q -quiet=q D -debug=D h -help=h v -version=v U: -uid=U G: -gid=G T: -tty=T -no-color -unsafe)
subcommands_opts[__default]="" subcommands_opts[__default]=""
subcommands_opts[open]="f -force n -nohook=n k: -key=k -kdf: o: -ignore-swap -sudo-pwd: -tomb-pwd: " subcommands_opts[open]="f -force n -nohook=n k: -key=k -kdf: o: -ignore-swap -sudo-pwd: -tomb-pwd: "
subcommands_opts[mount]=${subcommands_opts[open]} subcommands_opts[mount]=${subcommands_opts[open]}
@ -2512,10 +2532,10 @@ main() {
# Use colors unless told not to # Use colors unless told not to
{ ! option_is_set --no-color } && { autoload -Uz colors && colors } { ! option_is_set --no-color } && { autoload -Uz colors && colors }
# Some options are only available during insecure mode # Some options are only available during insecure mode
{ ! option_is_set --unsecure-dev-mode } && { { ! option_is_set --unsafe } && {
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
{ option_is_set $opt } && { { option_is_set $opt } && {
exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" $opt } exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt }
done done
} }