Commit Graph

430 Commits

Author SHA1 Message Date
heat-wave
ce521ed2e2 Validate user-supplied sudo alternative (in name only) 2021-04-15 12:27:26 +02:00
heat-wave
3860487a0b Fix typos in doas config and --sudo opt definition 2021-04-15 12:27:26 +02:00
heat-wave
61386ca646 Support for sudo alternatives such as doas 2021-04-15 12:27:26 +02:00
Denis Roio
ae21619d04
Merge pull request #408 from heat-wave/fix/sphinx-test-configs
Fix configs and dockerfile to enable sphinx in tests
2021-01-31 00:10:22 +01:00
Jaromil
7f2e22c517 fix read-only opening of tombs using -o ro
skip touch, chown and some minor operations when read-only
2021-01-25 18:26:49 +01:00
heat-wave
815b8f4218 Fix configs and dockerfile to enable sphinx in tests 2021-01-23 19:16:29 +00:00
Jaromil
f35ad11e3f updated documentation for release 2021-01-04 22:00:29 +01:00
Matthieu Crapet
c5701793fb minor typo/formatting fixes
Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:22:06 +01:00
Matthieu Crapet
02812f4c06 tomb forge: useless sudo and chown
Depending script invokation, behavior is not exactly similar.
Assuming that if SUDO_USER is set, the _sudo invokation can be dropped (EUID=0).
In the other case, user has created file, owner is already good, don't call chown.

Preparation:
$ tomb dig foo.tomb -s 10

Method 1:
$ sudo tomb forge foo.tomb.key -v

Method 2:
$ tomb forge foo.tomb.key -v
... ask user password to gain superuser privileges
...
Sorry, user <username> is not allowed to execute '/bin/chown <uid>:<gid> foo.tomb.key' as root on <hostname>.

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:20:26 +01:00
Matthieu Crapet
99f10bf215 tomb dig: useless sudo and chown
Depending script invokation, behavior is not exactly similar.
Assuming that if SUDO_USER is set, the _sudo invokation can be dropped (EUID=0).
In the other case, user has created file, owner is already good, don't call chown.

Method 1:
$ sudo tomb dig foo.tomb -s 10 -v

Method 2:
$ tomb dig foo.tomb -s 10 -v
... ask user password to gain superuser privileges
...
Sorry, user <username> is not allowed to execute '/bin/chown <uid>:<gid> foo.tomb' as root on <hostname>.

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:12:55 +01:00
Matthieu Crapet
859a5c7783 TMPPREFIX is not supposed to be a directory
http://zsh.sourceforge.net/Doc/Release/Files.html
TMPPREFIX defaults to /tmp/zsh (for zsh shell)

Note: --tmp command line switch is not documented?

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:09:51 +01:00
Matthieu Crapet
312915b4b3 fix potential wrong _USER value
"id -u" gives then uid not a the name.
https://man7.org/linux/man-pages/man1/id.1.html

Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
2021-01-02 10:09:51 +01:00
Jaromil
d227695778 add support for tombs formatted with the btrfs filesystem
basic functionality working for open, close and resize

still needs test coverage and some minor checks
2020-12-29 13:50:04 +01:00
Jaromil
8d5a85658f explicit return codes for all operations 2020-12-29 11:52:23 +01:00
Jaromil
0ac5a34c20 close luks mapper and end with an error on lock format failures 2020-12-29 10:56:20 +01:00
Jaromil
d8360688b3 fix wrong comparison of $pass_asked left by last commits
fix #404
2020-12-29 10:52:16 +01:00
Jaromil
7a81ad032d add zsh to version output 2020-12-29 08:58:14 +01:00
Jaromil
b0de6e07b2 adopt everywhere -z test to check when variables are empty
check works both for empty ("") and non-existing vars and is a fix
for regression #398 to work on older Zsh versions. It is normalized
through all tomb's code.
2020-12-15 18:22:38 +01:00
Jaromil
5199bef4a6 documentation for release 2020-11-27 18:40:17 +01:00
Jaromil
45b144d213 print messages by default on stderr 2020-11-25 14:47:54 +01:00
Jaromil
c13f38266e fix tomb list output 2020-11-25 14:47:43 +01:00
Jaromil
0a968b80b7 fix losetup permission
leftover bug in #391
2020-11-23 21:56:25 +01:00
Narrat
da590fb50e Fix typo calling pinentry_assuan_getpass
Affected the use of Tomb without DISPLAY and pinentry-curses.
Fixes #393
2020-11-21 22:33:30 +01:00
Jaromil
c9f3b07cd8 documentation updates for release 2020-11-17 13:58:43 +01:00
Jaromil
c3a354cc0f fixes and cleanups 2020-11-17 08:19:36 +01:00
Jaromil
3fb248bde8 refactor of state tracking for loop mounting
simplified function calls for tracking of loop mount by using global
variables whose scope is limited to execution, most computation is now
included in the `is_valid_tomb` function.
2020-11-16 23:35:03 +01:00
Jaromil
940563d02c resize now checks for correct password before operating
fixes bug mentioned in issue #333 that made tomb append space to a
tomb file before checking for correct password, leading to file
corruption in case the wrong password is inserted 3 times.
2020-11-16 13:28:37 +01:00
Denis Roio
91debdbf58
Merge pull request #390 from dyne/pinentry_display_updates
updated pinentry invokation to include wayland
2020-11-16 13:27:04 +01:00
Jaromil
bc94559ac4 updated pinentry invokation to include wayland
also changes to priority order of invokation and some code cleanups and
indentations. Invokation order is now:

- WAYLAND? pinentry-gnome3
- X11?
	1. pinentry-x11 (distro specific wrapper)
	2. pinentry-gtk2 (legacy, removable)
	3. pinentry-gnome3
	4. pinentry-qt5
	5. pinentry-qt4
- NO DISPLAY? pinentry-curses
2020-11-16 10:24:37 +01:00
Jaromil
72da5b481e add .loop extension to /dev/mapper volume to identify its nature 2020-11-16 09:56:38 +01:00
Jaromil
9be5dff823 use realpath to always use absolute paths of tomb files in maphash 2020-11-16 09:54:37 +01:00
Jaromil
59d3810665 improve the check if a tomb file is in use
Change the mapper path using a hash of the tomb file path,
making it unique and reproducible to check if tomb is in use.
Check happens inside the new render_mapper() function which is
executed right after the key file opening.
2020-11-16 09:54:37 +01:00
Jaromil
136ba6e053 honor custom settings for GNUPGHOME
fix #371
2020-11-13 23:16:36 +01:00
Aaron Janse
15c894dfb4 use _verbose for pinentry-curses in ask_password 2020-11-09 16:43:06 -08:00
Denis Roio
f14ba758ee
Merge pull request #378 from quickcougar/pinentry-override
Allow pinentry to fail, so long as the password comes through.
2020-06-22 10:05:31 +02:00
Mark Mykkanen
2f29e6709c Allow pinentry to fail, so long as the password comes through. 2020-03-23 17:07:46 -05:00
Mark Mykkanen
7cead041ac Write all debug messages to stderr to avoid polluting stdout. 2020-03-22 14:02:12 -05:00
Jaromil
e9fd1a19e1 documentation fix for default xts cipher string 2019-11-18 10:17:38 +01:00
Jaromil
377e335e93 remove warning on open by fixing order of chown
fix #369 (completes #324)
2019-11-18 10:15:12 +01:00
Jaromil
bec53aeb72 documentation update for new release 2019-10-11 22:06:55 +02:00
Jaromil
15d279605b fix getent parsing when fields are emtpy
fix #365
2019-09-14 12:06:13 +02:00
Jaromil
382070481f use getent with wrappers every /etc/passwd query 2019-08-22 17:07:12 +02:00
Jaromil
1574723502 rewrite some conditionals for less ambiguity
this restyles some code introduced by the sphinx feature and tries to fix parse
errors reported in issue #357
2019-08-22 14:37:47 +02:00
Jaromil
71a7241f9c remove unneeded umount on forge_key failure 2019-08-22 11:49:43 +02:00
Jaromil
94d8ad497f Fix inconsistent cleanup on forge_key failure
Address concern raised in #360
2019-08-22 11:47:58 +02:00
Jaromil
0b9080e0ca make gettext optional in _sudo()
address #355
2019-07-05 08:10:00 +02:00
Alexandre Pujol
6b4bd69dbc
Ensure GPG key is trusted. See #340 2019-06-27 19:58:58 +01:00
Jaromil
06039a9e47 fix warnings on first tomb open
fix issue #324
2019-06-26 08:56:05 +02:00
Jaromil
e45c005c88 documentation updates for release
known bugs, changelog and manual for sphinx
2019-05-30 18:48:30 +02:00
Jaromil
ace80c87db switch default random source to /dev/urandom
there is no need to default to a blocking source of random,
since /dev/random doesn't improves the quality of randomness in Linux
2019-05-22 09:55:02 +02:00
Jaromil
2b8eec6ba5 improve tomb umount checks avoiding grep call
consolidate use of `list_tomb_mounts` also inside umount_tomb
this should fix #315
2019-05-22 01:03:00 +02:00
Jaromil
7b06be5d43 before opening check if mountpoint is already used by a tomb
a simple check introduced on `tomb open` to list all tombs mounted and
control if any mountpoint is already in use, in case refuse opening.

fix #326
2019-05-22 00:30:48 +02:00
Jaromil
95f2f68654 Revert temp file mechanism for sphinx
for some reason to be investigated further using tomb's temp
file mechanism breaks the test suite of sphinx support

This reverts commit a6d252c949.
2019-05-18 09:51:55 +02:00
Jaromil
91e607efb5 improve gpg key listing command 2019-05-18 09:50:57 +02:00
Jaromil
ec31d2d280 improved gpg recipient output warning
dropped the dependency from grep, head, cut, sed (only using awk)
added human readeable GPG ID besides fingerprint on recipient check
2019-05-05 11:29:25 +02:00
Jaromil
eec64f4f65
Merge pull request #348 from AlexisDanizan/master
Bug fix #328
2019-05-05 10:39:16 +02:00
Jaromil
a6d252c949 correct use of tomb's internal temp file mechanism for sphinx 2019-05-05 10:21:38 +02:00
Jaromil
5ce9960207
Merge pull request #344 from heat-wave/feature/pitchforked-sphinx-integration
Pitchforked sphinx integration
2019-05-05 09:58:39 +02:00
alexisdanizan
f1f23c417b Bug fix #328 2019-05-01 22:43:04 +02:00
heat-wave
b054a83ee5 Pitchforked sphinx integration for remote password storage 2019-04-30 16:05:03 +01:00
Steve Divskinsy
522ad3abad
Update suggested command with missing flag
`tomb lock` suggested command was missing "-k" flag
2019-04-18 20:54:30 +09:30
heat-wave
f2eb1fd242 Expanded steganographic functionality with cloakify integration 2019-02-21 09:28:21 +00:00
James Reed
46286047f6
Align usage message lines (fix #335)
Print newlines only when necessary

Correct coma to comma in usage message
2018-11-26 10:48:19 -07:00
James Reed
477ab20443
Overhaul message printing 2018-11-24 15:48:25 -07:00
James Reed
1ba3c55241
Check for KDF header in is_valid_key 2018-11-03 15:15:48 -06:00
Alexandre Pujol
2f3826d88d
Fix modification time restoration. 2018-09-24 12:58:51 +01:00
Alexandre Pujol
aaa4637ed0
Track access/modification time of sensitive files
Collects the stats of tomb keys and tomb files then restore them when
Tomb exits. Can be extended to any file opened by Tomb. See #266
2018-09-23 22:21:05 +01:00
bjonnh
18b7541a98
subkey_id for display must be out of _fingerprint
I did a typo, the ($gpg_id) should have been out of the _fingerprint call.
2018-08-18 17:41:37 -05:00
bjonnh
b49a36a07b
Add support for multiple keys especially subkeys
Correcting issue #316
2018-08-17 14:03:33 -05:00
Jaromil
68a9589925 set ownership after dig and forge 2018-02-11 21:41:58 +01:00
Jaromil
f5ceddc0b7 put assuan commands to pinentry into a single function 2018-01-29 09:47:42 +01:00
SargoDevel
66ade86441 Added pinentry-qt5 support 2018-01-28 21:49:21 +01:00
Narrat
08ca0a8eef list_gnupg_ciphers: Remove check on gpg
This function is called after _ensure_dependencies(), which would bail out if gpg is not found
2018-01-07 21:56:19 +01:00
Narrat
5e3b0dec84 list_gnupg_ciphers: be language agnostic
The old awk implementation always worked on lines beginning with 'Ciphers:' until it found 'Hash:'.
This fails for locales where a respective gnupg2.mo entry exists (Example: Ciphers in german is translated as Verschlü.:).
This is replaced by pointing awk on a specific line, which is for gpg1 and gpg2 the same. Work is done until awk stumbles up on a line which marks a new section (marked by keyword and :)

This closes #299
2018-01-07 21:40:32 +01:00
Narrat
e15c58dfd7 list_gnupg_ciphers: Pipe everything into /dev/null
Firstly the printed binary path is in the wrong place. Reading the text, one assumes Ciphers coming next.
Secondly it doesn't make sense to check there for a missing gnupg installation. Before calling list_gnupg_ciphers(), there is a direct call for gpg --version. If that fails the whole text is scrambled and no error reported

Dropping the output from which allows to remove the space from printing the ciphers. The text is correctly aligned now
2018-01-07 21:03:21 +01:00
Narrat
61fdab85be Show only version of pinentry
pinentry --version invocation includes License information.
As the same applies for gpg, and the information is not displayed there, we should the same with pinentry.
And tomb doesn't deal with the gpg sourcecode in any way.

This closes #300
2018-01-07 20:03:04 +01:00
Jaromil
74689ea484 tagging the release 2018-01-03 20:34:18 +01:00
Jaromil
7951645db5 switch code indentation to hard tabs
also update code guidelines.
2018-01-03 20:27:14 +01:00
Jaromil
ae78659efb
Merge pull request #297 from dyne/restore-chown
restored change of ownership on tomb's contents
2018-01-03 19:42:52 +01:00
Jaromil
ab3044c6f5 restored change of ownership on tomb's contents
this reverts commit 843b7fdfc4
and refers to various issues, among them #268

on the long term its easy to realise how this is a usability feature for most
users, so we just provide a new '-p' flag to preserve ownership on open.
2018-01-03 18:34:50 +01:00
Alexandre Pujol
b20daeea6f
Fix: use is-at-least function to check program version 2018-01-03 14:46:23 +00:00
Jaromil
bc963cd1ae fix for correct execution of exec-hooks
this was broken in the latest release and fixes #271
2018-01-03 14:37:15 +01:00
Jaromil
3b1759b2b3 fix for hidden files without an extension as tombs
fix #147 introducing an extra check on TOMBNAME that, if returned
empty by the first transormation that removes the last .extension,
then is filled with the full TOMBFILE name without any transformation
2018-01-03 13:43:05 +01:00
Jaromil
60b72ad91f documentation and version updates
findmnt version shown
2018-01-03 10:44:27 +01:00
Jaromil
cf93551efa
Merge pull request #296 from dyne/use-findmnt
Replace 'mount -l' with 'findmnt'
2018-01-03 10:38:48 +01:00
Jaromil
9b1d1891cc
Merge pull request #290 from parazyd/use-shred-instead-wipe-patch
use shred instead of wipe
2018-01-03 10:03:50 +01:00
Jaromil
b72d67618b restore square parens detection in list_tomb_mounts() 2018-01-02 15:35:32 +01:00
Jaromil
3f107f9d31 small fix for usage of findmnt --raw flag 2018-01-02 14:04:53 +01:00
Jaromil
3593721967 drop zsh/regex module in favor of =~
As debated in issue #282 Zsh introduced a bug in v5.3.1 which briefly affected
our mechanism for closing tombs. The bug is fixed, but while investigating the
issue @aude realised there can be a better way to apply this regex for the
detection of mounted volumes on distro dependent /run/media/$USER paths.

This change drops usage of the regex optional module in Zsh to use the built-in
=~ comparison and improves the match using round parenthesis. It may fix the
close command on some distributions.
2018-01-02 14:04:53 +01:00
Victor Calvert
09ff889c1d Replace mount with findmnt
this fixes a mount-related functionality (finding the volume label) in new
versions of util-linux, that since v2.30 does not list anymore volume labels
with its mount -l command. Since findmnt needs sudo to list labels, this also
introduces the need for sudo in more commands: is_valid_tomb(), list, index and
search. The issue was examined in PR #283 and this is a rebase of it.
2018-01-02 13:39:35 +01:00
Jaromil
a7190eb2e2 drop zsh/regex module in favor of =~
As debated in issue #282 Zsh introduced a bug in v5.3.1 which briefly affected
our mechanism for closing tombs. The bug is fixed, but while investigating the
issue @aude realised there can be a better way to apply this regex for the
detection of mounted volumes on distro dependent /run/media/$USER paths.

This change drops usage of the regex optional module in Zsh to use the built-in
=~ comparison and improves the match using round parenthesis. It may fix the
close command on some distributions.
2018-01-02 12:35:11 +01:00
Jaromil
c537676e92 wrap the cats 2017-12-12 11:29:53 +01:00
Jaromil
f6457090af documentation of the new 'ps' command 2017-12-11 17:55:02 +01:00
Jaromil
121a64bc80 improvements to the new ps and slam implementations 2017-12-11 17:55:02 +01:00
Jaromil
8e33be0472 new slam and list_processes 2017-12-11 17:55:02 +01:00
Jaromil
85ac179cc8 cleanup of umount_tomb and removed slam from inside 2017-12-11 17:55:02 +01:00
Jaromil
21347f3657 square parens detection in list_mounted_tombs 2017-12-11 17:53:38 +01:00
Jaromil
6182a56fb6 fix bug in message rendering: stop overriding $i if existing
this small bug caused rewriting the $i variable (often used as
iterator in loops) whenever a log message was produced. Fix also
includes an acceleration of log printing by substituting seq with
native zsh notation.
2017-12-11 17:53:17 +01:00
parazyd
c8be1c22dd
use shred instead of wipe 2017-12-07 11:36:59 +01:00
Florian Brandes
8d2cb2d852
Double check after umounting bind directories
Checking if a tomb is still present in the
output of mount after umounting binded directories.
Addresses issue #265
2017-07-23 10:28:06 +02:00