mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-22 12:35:13 +00:00
e8aaf03b52
This refactoring avoids writing of keys on filesystem, exception made for the 'setkey' command. Loopfiles and tempfiles are automatically wiped at exit, variable are filled with random data before unset.
2581 lines
78 KiB
Bash
Executable File
2581 lines
78 KiB
Bash
Executable File
#!/bin/zsh
|
|
#
|
|
# Tomb, the Crypto Undertaker
|
|
#
|
|
# A commandline tool to easily operate encryption of secret data
|
|
#
|
|
# Homepage on: [tomb.dyne.org](http://tomb.dyne.org)
|
|
|
|
# {{{ License
|
|
|
|
# Copyright (C) 2007-2014 Dyne.org Foundation
|
|
#
|
|
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
|
|
#
|
|
# With contributions by Anathema, Boyska and Hellekin O. Wolf.
|
|
#
|
|
# Testing and reviews are contributed by Dreamer, Shining,
|
|
# Mancausoft, Asbesto Molesto and Nignux.
|
|
#
|
|
# Tomb's artwork is contributed by Jordi aka Mon Mort.
|
|
|
|
#This source code is free software; you can redistribute it
|
|
#and/or modify it under the terms of the GNU Public License
|
|
#as published by the Free Software Foundation; either
|
|
#version 3 of the License, or (at your option) any later
|
|
#version.
|
|
#
|
|
#This source code is distributed in the hope that it will be
|
|
#useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
#warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
#PURPOSE. Please refer to the GNU Public License for more
|
|
#details.
|
|
#
|
|
#You should have received a copy of the GNU Public License
|
|
#along with this source code; if not, write to: Free
|
|
#Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
|
|
#02139, USA.
|
|
|
|
# }}} - License
|
|
|
|
# {{{ Global variables
|
|
|
|
VERSION=1.5.3
|
|
DATE="Jun/2014"
|
|
TOMBEXEC=$0
|
|
typeset -a OLDARGS
|
|
for arg in ${argv}; do OLDARGS+=($arg); done
|
|
DD="dd"
|
|
WIPE="rm -f"
|
|
MKFS="mkfs.ext3 -q -F -j -L"
|
|
KDF=1
|
|
STEGHIDE=1
|
|
RESIZER=1
|
|
SWISH=1
|
|
QRENCODE=1
|
|
MOUNTOPTS="rw,noatime,nodev"
|
|
|
|
# prefix for temporary files
|
|
TMPPREFIX="/dev/shm/$$.$RANDOM."
|
|
|
|
# makes glob matching case insensitive
|
|
unsetopt CASE_MATCH
|
|
|
|
typeset -AH global_opts
|
|
typeset -AH opts
|
|
typeset -H username
|
|
|
|
typeset -H _uid
|
|
typeset -H _gid
|
|
typeset -H _tty
|
|
|
|
typeset -H tomb_file
|
|
|
|
typeset -H tomb_key
|
|
typeset -H tomb_key_file
|
|
typeset -H tomb_secret
|
|
typeset -H tomb_password
|
|
|
|
typeset -aH tomb_tempfiles
|
|
typeset -aH tomb_loopdevs
|
|
|
|
# Make sure sbin is in PATH
|
|
PATH+=:/sbin:/usr/sbin
|
|
|
|
# For gettext
|
|
export TEXTDOMAIN=tomb
|
|
|
|
# }}}
|
|
|
|
# {{{ Safety functions
|
|
|
|
endgame() {
|
|
# here clear all temp files and flush all pipes
|
|
|
|
# prepare some random material to overwrite vars
|
|
rr="$RANDOM"
|
|
while [[ ${#rr} -lt 500 ]]; do
|
|
rr+="$RANDOM"; done
|
|
# we make sure no info is left in unallocated mem
|
|
tomb_file="$rr"; unset tomb_file
|
|
tomb_key="$rr"; unset tomb_key
|
|
tomb_key_file="$rr"; unset tomb_key_file
|
|
tomb_secret="$rr"; unset tomb_secret
|
|
tomb_password="$rr"; unset tomb_password
|
|
|
|
for f in $tomb_tempfiles; do
|
|
${=WIPE} "$f"; done
|
|
unset tomb_tempfiles
|
|
|
|
for l in $tomb_loopdevs; do
|
|
losetup -d "$l"; done
|
|
unset tomb_loopdevs
|
|
}
|
|
|
|
# trap functions for the endgame event
|
|
TRAPINT() { endgame INT }
|
|
TRAPEXIT() { endgame EXIT }
|
|
TRAPHUP() { endgame HUP }
|
|
TRAPQUIT() { endgame QUIT }
|
|
TRAPABRT() { endgame ABORT }
|
|
TRAPKILL() { endgame KILL }
|
|
TRAPPIPE() { endgame PIPE }
|
|
TRAPTERM() { endgame TERM }
|
|
TRAPSTOP() { endgame STOP }
|
|
|
|
check_shm() {
|
|
# TODO: configure which tmp dir to use from a cli flag
|
|
SHMPREFIX=/dev/shm
|
|
|
|
[[ -k /dev/shm ]] || [[ -k /run/shm ]] && { SHMPREFIX=/run/shm } \
|
|
|| {
|
|
# mount the tmpfs if the SO doesn't already
|
|
mkdir /run/shm
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error creating a directory for temporary files"
|
|
return 1 }
|
|
mount -t tmpfs tmpfs /run/shm \
|
|
-o nosuid,noexec,nodev,mode=0600,uid="$_uid",gid="$_gid"
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error mounting tmpfs in /run/shm for temporary files"
|
|
return 1 }
|
|
|
|
SHMPREFIX=/run/shm
|
|
}
|
|
|
|
# setup a special env var for zsh to create temp files that will
|
|
# then be deleted at the exit of each function using them.
|
|
TMPPREFIX="$SHMPREFIX/$$.$RANDOM."
|
|
return 0
|
|
}
|
|
|
|
# Provide a random filename in shared memory
|
|
tmp_create() {
|
|
local tfile="${TMPPREFIX}${RANDOM}"
|
|
touch "$tfile"
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error creating a temporary file: $tfile"
|
|
return 1 }
|
|
chown "$_uid":"$_gid" "$tfile"
|
|
chmod 0600 "$tfile"
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error setting permissions on temporary file: $tfile"
|
|
return 1 }
|
|
_verbose "created tempfile: $tfile"
|
|
tomb_tempfiles+=($tfile)
|
|
return 0
|
|
}
|
|
tmp_new() {
|
|
# print out the latest tempfile
|
|
print - "${tomb_tempfiles[${#tomb_tempfiles}]}"
|
|
}
|
|
|
|
# Check if swap is activated
|
|
check_swap() {
|
|
# Return 0 if NO swap is used, 1 if swap is used
|
|
# Return 2 if swap(s) is(are) used, but ALL encrypted
|
|
local swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>-)"
|
|
[[ -z "$swaps" ]] && return 0 # No swap partition is active
|
|
# Check whether all swaps are encrypted, and return 2
|
|
# If any of the swaps is not encrypted, we bail out and return 1.
|
|
ret=1
|
|
for s in $=swaps; do
|
|
bone=`sudo file $s`
|
|
if `echo "$bone" | grep 'swap file' &>-`; then
|
|
# It's a regular (unencrypted) swap file
|
|
ret=1
|
|
break
|
|
elif `echo "$bone" | grep 'symbolic link' &>-`; then
|
|
# Might link to a block
|
|
ret=1
|
|
if [ "/dev/mapper" = "${s%/*}" ]; then
|
|
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
|
|
if [ "crypt" = "$is_crypt" ]; then
|
|
ret=2
|
|
fi
|
|
else
|
|
break
|
|
fi
|
|
elif `echo "$bone" | grep 'block special' &>-`; then
|
|
# Is a block
|
|
ret=1
|
|
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
|
|
if [ "crypt" = "$is_crypt" ]; then
|
|
ret=2
|
|
else
|
|
break
|
|
fi
|
|
fi
|
|
done
|
|
_warning "An active swap partition is detected, this poses security risks."
|
|
if [[ $ret -eq 2 ]]; then
|
|
_success "All your swaps are belong to crypt. Good."
|
|
else
|
|
_warning "You can deactivate all swap partitions using the command:"
|
|
_warning " swapoff -a"
|
|
_warning "But if you want to proceed like this, use the -f (force) flag."
|
|
_failure "Operation aborted."
|
|
fi
|
|
return $ret
|
|
}
|
|
|
|
# Wrapper to allow encrypted swap and remind the user about
|
|
# possible data leaks to disk if swap is on, and not to be ignored
|
|
_check_swap() {
|
|
if ! option_is_set -f && ! option_is_set --ignore-swap; then
|
|
check_swap
|
|
case $? in
|
|
0|2) # No, or encrypted swap
|
|
return 0
|
|
;;
|
|
*) # Unencrypted swap
|
|
return 1
|
|
;;
|
|
esac
|
|
fi
|
|
}
|
|
|
|
# Ask user for a password
|
|
ask_password() {
|
|
# we use pinentry now
|
|
# comes from gpg project and is much more secure
|
|
# it also conveniently uses the right toolkit
|
|
|
|
# pinentry has no custom icon setting
|
|
# so we need to temporary modify the gtk theme
|
|
if [ -r /usr/local/share/themes/tomb/gtk-2.0-key/gtkrc ]; then
|
|
GTK2_RC=/usr/local/share/themes/tomb/gtk-2.0-key/gtkrc
|
|
elif [ -r /usr/share/themes/tomb/gtk-2.0-key/gtkrc ]; then
|
|
GTK2_RC=/usr/share/themes/tomb/gtk-2.0-key/gtkrc
|
|
fi
|
|
|
|
title="Insert tomb password."
|
|
if [ $2 ]; then title="$2"; fi
|
|
|
|
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} pinentry 2>- | tail -n +7
|
|
OPTION ttyname=$TTY
|
|
OPTION lc-ctype=$LANG
|
|
SETTITLE $title
|
|
SETDESC $1
|
|
SETPROMPT Password:
|
|
GETPIN
|
|
EOF`
|
|
if [[ `tail -n1 <<<$output` =~ ERR ]]; then
|
|
return 1
|
|
fi
|
|
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
|
|
return 0
|
|
}
|
|
|
|
# Drop privileges
|
|
exec_as_user() {
|
|
if ! [ $SUDO_USER ]; then
|
|
exec $@[@]
|
|
return $?
|
|
fi
|
|
_verbose "exec_as_user '$SUDO_USER': ${(f)@}"
|
|
sudo -u $SUDO_USER "${@[@]}"
|
|
return $?
|
|
}
|
|
|
|
#Escalate privileges
|
|
check_priv() {
|
|
# save original user
|
|
username=$USER
|
|
if [ $UID != 0 ]; then
|
|
_verbose "Using sudo for root execution of '${TOMBEXEC} ${(f)OLDARGS}'."
|
|
# check if sudo has a timestamp active
|
|
sudok=false
|
|
|
|
if ! option_is_set --sudo-pwd; then
|
|
if [ $? != 0 ]; then # if not then ask a password
|
|
cat <<EOF | pinentry 2>- | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
|
|
OPTION ttyname=$TTY
|
|
OPTION lc-ctype=$LANG
|
|
SETTITLE Super user privileges required
|
|
SETDESC Sudo execution of Tomb ${OLDARGS[@]}
|
|
SETPROMPT Insert your USER password:
|
|
GETPIN
|
|
EOF
|
|
fi
|
|
else
|
|
_verbose "Escalating privileges using sudo-pwd."
|
|
sudo -S -v <<<`option_value --sudo-pwd`
|
|
fi
|
|
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
|
|
exit $?
|
|
fi # are we root already
|
|
|
|
# make sure necessary kernel modules are loaded
|
|
modprobe dm_mod
|
|
modprobe dm_crypt
|
|
|
|
return 0
|
|
}
|
|
|
|
# check if a filename is a valid tomb
|
|
is_valid_tomb() {
|
|
_verbose "is_valid_tomb $1"
|
|
# argument check
|
|
{ test "$1" = "" } && {
|
|
_warning "Tomb file is missing from arguments."; return 1 }
|
|
# file checks
|
|
{ test -r "$1" } || {
|
|
_warning "Tomb file not found: $1"; return 1 }
|
|
{ test -f "$1" } || {
|
|
_warning "Tomb file is not a regular file: $1"; return 1 }
|
|
{ test -s "$1" } || {
|
|
_warning "Tomb file is empty (zero length): $1"; return 1 }
|
|
{ test -w "$1" } || {
|
|
_warning "Tomb file is not writable: $1"; return 1 }
|
|
|
|
# check file type (if its a Luks fs)
|
|
file "$1" | grep -i "luks encrypted file" > /dev/null || {
|
|
_warning "File is not yet a tomb: $1" }
|
|
|
|
# check if its already open
|
|
tombfile=`basename $1`
|
|
tombname=${tombfile%%\.*}
|
|
mount -l | grep "${tombfile}.*\[$tombname\]$" > /dev/null
|
|
{ test $? = 0 } && {
|
|
_warning "Tomb is currently in use: $tombname"; return 1 }
|
|
_message "Valid tomb file found: $1"
|
|
return 0
|
|
}
|
|
|
|
# $1 is the tomb file to be lomounted
|
|
lo_mount() {
|
|
tpath="$1"
|
|
is_valid_tomb "$tpath" || {
|
|
_failure "Loopback mount called on invalid tomb: $tpath" }
|
|
|
|
# check if we have support for loop mounting
|
|
losetup -f >& -
|
|
[[ $? = 0 ]] || {
|
|
_warning "Loop mount of volumes is not possible on this machine, this error"
|
|
_warning "often occurs on VPS and kernels that don't provide the loop module."
|
|
_warning "It is impossible to use Tomb on this machine at this conditions."
|
|
_failure "Operation aborted."
|
|
}
|
|
|
|
_nstloop=`losetup -f` # get the number for next loopback device
|
|
|
|
losetup -f "$tpath" >& - # allocates the next loopback for our file
|
|
|
|
tomb_loopdevs+=("$_nstloop") # add to array of lodevs used
|
|
|
|
return 0
|
|
}
|
|
|
|
# print out latest loopback mounted
|
|
lo_new() { print - "${tomb_loopdevs[${#tomb_loopdevs}]}" }
|
|
|
|
# $1 is the path to the lodev to be preserved after quit
|
|
lo_preserve() {
|
|
_verbose "lo_preserve on $1"
|
|
# remove the lodev from the tomb_lodevs array
|
|
tomb_loopdevs=("${(@)tomb_loopdevs:#$1}")
|
|
}
|
|
|
|
# eventually used for debugging
|
|
dump_secrets() {
|
|
_verbose "tomb_file: $tomb_file"
|
|
_verbose "tomb_key: ${#tomb_key} chars long"
|
|
_verbose "tomb_key_file: $tomb_key_file"
|
|
_verbose "tomb_secret: ${#tomb_secret} chars long"
|
|
_verbose "tomb_password: $tomb_password"
|
|
|
|
_verbose "tomb_tempfiles: ${(@)tomb_tempfiles}"
|
|
_verbose "tomb_loopdevs: ${(@)tomb_loopdevs}"
|
|
}
|
|
# }}}
|
|
|
|
# {{{ Commandline interaction
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
|
|
Syntax: tomb [options] command [arguments]
|
|
|
|
Commands:
|
|
|
|
// Creation:
|
|
dig create a new empty TOMB file of size -s in MB
|
|
forge create a new KEY file and set its password
|
|
lock installs a lock on a TOMB to use it with KEY
|
|
|
|
// Operations on tombs:
|
|
open open an existing TOMB
|
|
index update the search indexes of tombs
|
|
search looks for filenames matching text patterns
|
|
list list of open TOMBs and information on them
|
|
close close a specific TOMB (or 'all')
|
|
slam slam a TOMB killing all programs using it
|
|
EOF
|
|
if [ "$RESIZER" = 1 ]; then
|
|
cat <<EOF
|
|
resize resize a TOMB to a new size -s (can only grow)
|
|
EOF
|
|
fi
|
|
cat <<EOF
|
|
|
|
// Operations on keys:
|
|
passwd change the password of a KEY
|
|
setkey change the KEY locking a TOMB (needs old one)
|
|
EOF
|
|
|
|
{ test "$QRENCODE" = "1" } && {
|
|
cat <<EOF
|
|
engrave makes a QR code of a KEY to be saved on paper
|
|
EOF
|
|
}
|
|
|
|
if [ "$STEGHIDE" = 1 ]; then
|
|
cat <<EOF
|
|
bury hide a KEY inside a JPEG image
|
|
exhume extract a KEY from a JPEG image
|
|
EOF
|
|
fi
|
|
cat <<EOF
|
|
|
|
Options:
|
|
|
|
-s size of the tomb file when creating/resizing one (in MB)
|
|
-k path to the key to be used ('-k -' to read from stdin)
|
|
-n don't process the hooks found in tomb
|
|
-o mount options used to open (default: rw,noatime,nodev)
|
|
-f force operation (i.e. even if swap is active)
|
|
EOF
|
|
{ test "$KDF" = 1 } && {
|
|
cat <<EOF
|
|
--kdf generate passwords armored against dictionary attacks
|
|
EOF
|
|
}
|
|
|
|
cat <<EOF
|
|
|
|
-h print this help
|
|
-v print version, license and list of available ciphers
|
|
-q run quietly without printing informations
|
|
-D print debugging information at runtime
|
|
|
|
For more informations on Tomb read the manual: man tomb
|
|
Please report bugs on <http://github.com/dyne/tomb/issues>.
|
|
EOF
|
|
}
|
|
|
|
|
|
# Check an option
|
|
option_is_set() {
|
|
# First argument, the commandline flag (i.e. "-s").
|
|
# Second (optional) argument: if "out", command will print it out 'set'/'unset'
|
|
# (useful for if conditions).
|
|
# Return 0 if is set, 1 otherwise
|
|
[[ -n ${(k)opts[$1]} ]];
|
|
r=$?
|
|
if [[ $2 == out ]]; then
|
|
if [[ $r == 0 ]]; then
|
|
echo 'set'
|
|
else
|
|
echo 'unset'
|
|
fi
|
|
fi
|
|
return $r;
|
|
}
|
|
|
|
# Get an option value
|
|
option_value() {
|
|
# First argument, the commandline flag (i.e. "-s").
|
|
print -n - "${opts[$1]}"
|
|
}
|
|
|
|
# Messaging function with pretty coloring
|
|
function _msg() {
|
|
local msg="$(gettext -s "$2")"
|
|
local command="print -P"
|
|
local progname="$fg[magenta]${TOMBEXEC##*/}$reset_color"
|
|
local message="$fg_bold[normal]$fg_no_bold[normal]$msg$reset_color"
|
|
local -i returncode
|
|
|
|
case "$1" in
|
|
inline)
|
|
command+=" -n"; pchars=" > "; pcolor="yellow"
|
|
;;
|
|
message)
|
|
pchars=" . "; pcolor="white"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
;;
|
|
verbose)
|
|
pchars="[D]"; pcolor="blue"
|
|
;;
|
|
success)
|
|
pchars="(*)"; pcolor="green"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
;;
|
|
warning)
|
|
pchars="[W]"; pcolor="yellow"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
;;
|
|
failure)
|
|
pchars="[E]"; pcolor="red"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
returncode=1
|
|
;;
|
|
*)
|
|
pchars="[F]"; pcolor="red"
|
|
message="Developer oops! Usage: _msg MESSAGE_TYPE \"MESSAGE_CONTENT\""
|
|
returncode=127
|
|
;;
|
|
esac
|
|
${=command} "${progname} $fg_bold[$pcolor]$pchars$reset_color ${message}$color[reset_color]" >&2
|
|
return $returncode
|
|
}
|
|
|
|
function _message say() {
|
|
local notice="message"
|
|
[[ "$1" = "-n" ]] && shift && notice="inline"
|
|
option_is_set -q || _msg "$notice" "$1"
|
|
return 0
|
|
}
|
|
|
|
function _verbose xxx() {
|
|
option_is_set -D && _msg verbose "$1"
|
|
return 0
|
|
}
|
|
|
|
function _success yes() {
|
|
option_is_set -q || _msg success "$1"
|
|
return 0
|
|
}
|
|
|
|
function _warning no() {
|
|
option_is_set -q || _msg warning "$1"
|
|
return 1
|
|
}
|
|
|
|
function _failure die() {
|
|
typeset -i exitcode=${2:-1}
|
|
option_is_set -q || _msg failure "$1"
|
|
# be sure we forget the secrets we were told
|
|
exit $exitcode
|
|
}
|
|
|
|
# Print out progress to inform GUI caller applications (--batch mode)
|
|
progress() {
|
|
# $1 is "what is progressing"
|
|
# $2 is "percentage"
|
|
# $3 is (eventually blank) status
|
|
# Example: if creating a tomb, it could be sth like
|
|
# progress create 0 filling with random data
|
|
# progress create 40 generating key
|
|
# progress keygen 0 please move the mouse
|
|
# progress keygen 30 please move the mouse
|
|
# progress keygen 60 please move the mouse
|
|
# progress keygen 100 key generated
|
|
# progress create 80 please enter password
|
|
# progress create 90 formatting the tomb
|
|
# progress create 100 tomb created successfully
|
|
if ! option_is_set --batch; then
|
|
return
|
|
fi
|
|
print "[m][P][$1][$2][$3]" >&2
|
|
|
|
}
|
|
|
|
# Check what's installed
|
|
check_bin() {
|
|
# check for required programs
|
|
for req in cryptsetup pinentry sudo gpg; do
|
|
command -v $req >& - || _failure "Cannot find $req. It's a requirement to use Tomb, please install it." 1
|
|
done
|
|
|
|
export PATH=/sbin:/usr/sbin:$PATH
|
|
|
|
# which dd command to use
|
|
command -v dcfldd >& -
|
|
{ test $? = 0 } && { DD="dcfldd statusinterval=1" }
|
|
|
|
# which wipe command to use
|
|
command -v wipe >& - && WIPE="wipe -f -s" || WIPE="rm -f"
|
|
|
|
# check for filesystem creation progs
|
|
command -v mkfs.ext4 >& - && \
|
|
MKFS="mkfs.ext4 -q -F -j -L" || \
|
|
MKFS="mkfs.ext3 -q -F -j -L"
|
|
|
|
# check for steghide
|
|
command -v steghide >& - || STEGHIDE=0
|
|
# check for resize
|
|
command -v e2fsck resize2fs >& - || RESIZER=0
|
|
# check for KDF auxiliary tools
|
|
command -v tomb-kdb-pbkdf2 >& - || KDF=0
|
|
# check for Swish-E file content indexer
|
|
command -v swish-e >& - || SWISH=0
|
|
# check for QREncode for paper backups of keys
|
|
command -v qrencode >& - || QRENCODE=0
|
|
}
|
|
|
|
# }}} - Commandline interaction
|
|
|
|
# {{{ Key operations
|
|
|
|
# $1 is the encrypted key contents we are checking
|
|
is_valid_key() {
|
|
_verbose "is_valid_key"
|
|
_key="$1"
|
|
# argument check
|
|
{ test "$_key" = "" } && { _key="$tomb_key" }
|
|
{ test "$_key" = "" } && {
|
|
_warning "is_valid_key() called without argument."; return 1 }
|
|
|
|
# if the key file is an image don't check file header
|
|
{ test -r "$tomb_key_file" } \
|
|
&& [[ `file "$tomb_key_file"` =~ "JP.G" ]] \
|
|
&& {
|
|
_message "Key is an image, it might be valid."; return 0 }
|
|
|
|
[[ "$_key" =~ "BEGIN PGP" ]] && {
|
|
_message "Key is valid."; return 0 }
|
|
|
|
return 1
|
|
}
|
|
|
|
# $1 is a string containing an encrypted key
|
|
recover_key() {
|
|
_warning "Attempting key recovery."
|
|
_key="$tomb_key"
|
|
tomb_key=""
|
|
|
|
[[ "$_key" =~ "_KDF_" ]] && {
|
|
tomb_key+="`print - $_key | $head -n 1`\n" }
|
|
|
|
tomb_key+="-----BEGIN PGP MESSAGE-----\n"
|
|
tomb_key+="$_key\n"
|
|
tomb_key+="-----END PGP MESSAGE-----\n"
|
|
return 0
|
|
}
|
|
|
|
# This function retrieves a tomb key specified on commandline or from
|
|
# stdin if -k - was selected. It also runs validity checks on the
|
|
# file. On success returns 0 and prints out the full path to
|
|
# the key, setting globals: $tomb_key_file and $tomb_key
|
|
load_key() {
|
|
# take the name of a tomb file as argument to option -k
|
|
# if no argument is given, tomb{key|dir|file} are set by caller
|
|
local keyopt
|
|
[[ "$1" = "" ]] || { keyopt="$1" }
|
|
[[ "$keyopt" = "" ]] && { keyopt="`option_value -k`" }
|
|
[[ "$keyopt" = "" ]] && {
|
|
_failure "This operation requires a key file to be specified using the -k option." }
|
|
|
|
if [[ "$keyopt" == "-" ]]; then
|
|
_verbose "load_key reading from stdin."
|
|
# take key from stdin
|
|
_message "Waiting for the key to be piped from stdin... "
|
|
tomb_key_file=stdin
|
|
tomb_key=`cat`
|
|
else
|
|
_verbose "load_key argument: $keyopt"
|
|
# take key from a file
|
|
tomb_key_file="$keyopt"
|
|
{ test -r "${tomb_key_file}" } || {
|
|
_warning "Key not found, specify one using -k."
|
|
return 1}
|
|
tomb_key=`cat $tomb_key_file`
|
|
fi
|
|
|
|
_verbose "load_key: ${tomb_key_file}"
|
|
|
|
is_valid_key "${tomb_key}" || {
|
|
_warning "The key seems invalid or its format is not known by this version of Tomb."
|
|
# try recovering the key
|
|
recover_key "$tomb_key"
|
|
}
|
|
|
|
# declared tomb_key (contents)
|
|
# declared tomb_key_file (path)
|
|
return 0
|
|
}
|
|
|
|
# takes two args just like get_lukskey
|
|
# prints out the decrypted content
|
|
# contains tweaks for different gpg versions
|
|
gpg_decrypt() {
|
|
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
|
|
gpgver=`gpg --version --no-permission-warning | awk '/^gpg/ {print $3}'`
|
|
gpgpass="$1\n$tomb_key"
|
|
|
|
if [ "$gpgver" = "1.4.11" ]; then
|
|
_verbose "GnuPG is version 1.4.11 - adopting status fix."
|
|
|
|
tomb_secret=`print - "$gpgpass" | \
|
|
gpg --batch --passphrase-fd 0 --no-tty --no-options"`
|
|
ret=$?
|
|
unset gpgpass
|
|
|
|
else # using status-file in gpg != 1.4.11
|
|
|
|
# TODO: use mkfifo
|
|
tmp_create
|
|
_status=`tmp_new`
|
|
|
|
tomb_secret=`print - "$gpgpass" | \
|
|
gpg --batch --passphrase-fd 0 --no-tty --no-options \
|
|
--status-fd 2 --no-mdc-warning --no-permission-warning \
|
|
--no-secmem-warning 2> $_status`
|
|
|
|
unset gpgpass
|
|
grep 'DECRYPTION_OKAY' $_status > /dev/null
|
|
ret=$?
|
|
|
|
fi
|
|
return $ret
|
|
|
|
}
|
|
|
|
|
|
# Gets a key file and a password, prints out the decoded contents to
|
|
# be used directly by Luks as a cryptographic key
|
|
get_lukskey() {
|
|
# $1 is the password
|
|
_verbose "get_lukskey"
|
|
|
|
_password="$1"
|
|
|
|
exhumedkey=""
|
|
|
|
firstline=`head -n1 <<< "$tomb_key"`
|
|
|
|
# key is KDF encoded
|
|
if [[ $firstline =~ '^_KDF_' ]]; then
|
|
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
|
|
case `cut -d_ -f 3 <<<$firstline` in
|
|
pbkdf2sha1)
|
|
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
|
|
_password=$(tomb-kdb-pbkdf2 ${=pbkdf2_param} 2>- <<<$_password)
|
|
;;
|
|
*)
|
|
_failure "No suitable program for KDF `cut -f 3 <<<$firstline`."
|
|
unset _password
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
# key needs to be exhumed from an image
|
|
elif [ -r "$tomb_key_file" ] \
|
|
&& [[ `file "$tomb_key_file"` =~ "JP.G" ]]; then
|
|
|
|
exhume_key "$tomb_key_file" "$_password"
|
|
|
|
fi
|
|
|
|
gpg_decrypt "$_password" # saves decrypted content into $tomb_secret
|
|
|
|
ret="$?"
|
|
|
|
_verbose "get_lukskey returns $ret"
|
|
return $ret
|
|
}
|
|
|
|
# This function asks the user for the password to use the key it tests
|
|
# it against the return code of gpg on success returns 0 and saves
|
|
# the password in the global variable $tomb_password
|
|
ask_key_password() {
|
|
[[ "$tomb_key_file" = "" ]] && {
|
|
_failure "Internal error: ask_key_password() called before load_key()." }
|
|
|
|
keyname="$tomb_key_file"
|
|
_message "A password is required to use key ${keyname}"
|
|
passok=0
|
|
tombpass=""
|
|
if [[ "$1" = "" ]]; then
|
|
for c in 1 2 3; do
|
|
if [[ $c = 1 ]]; then
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
|
|
else
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
|
|
fi
|
|
if [[ $? != 0 ]]; then
|
|
_warning "User aborted password dialog."
|
|
return 1
|
|
fi
|
|
|
|
get_lukskey "$tombpass"
|
|
|
|
if [ $? = 0 ]; then
|
|
passok=1; _message "Password OK."
|
|
break;
|
|
fi
|
|
done
|
|
|
|
else
|
|
# if a second argument is present then the password is already known
|
|
tombpass="$1"
|
|
_verbose "ask_key_password with tombpass: $tombpass"
|
|
|
|
get_lukskey "$tombpass"
|
|
|
|
if [ $? = 0 ]; then
|
|
passok=1; _message "Password OK."; fi
|
|
|
|
fi
|
|
# print the password out in case caller needs to know it
|
|
{ test "$passok" = "1" } || { return 1 }
|
|
|
|
tomb_password="$tombpass"
|
|
return 0
|
|
}
|
|
|
|
# change tomb key password
|
|
change_passwd() {
|
|
_message "Commanded to change password for tomb key $1"
|
|
_check_swap
|
|
|
|
load_key
|
|
keyfile="$tomb_key_file"
|
|
|
|
local tmpnewkey lukskey c tombpass tombpasstmp
|
|
|
|
tmp_create
|
|
tmpnewkey=`tmp_new`
|
|
|
|
_success "Changing password for $keyfile"
|
|
|
|
|
|
if option_is_set --tomb-old-pwd; then
|
|
tomb_old_pwd="`option_value --tomb-old-pwd`"
|
|
_verbose "tomb-old-pwd = $tomb_old_pwd"
|
|
ask_key_password "$tomb_old_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
# here $tomb_secret contains the key material in clear
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_new_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tomb_new_pwd"
|
|
gen_key "$tomb_new_pwd" >> "$tmpnewkey"
|
|
else
|
|
gen_key >> "$tmpnewkey"
|
|
fi
|
|
|
|
if ! is_valid_key "`cat $tmpnewkey`"; then
|
|
_failure "Error: the newly generated keyfile does not seem valid."
|
|
else
|
|
# copy the new key as the original keyfile name
|
|
cp -f "${tmpnewkey}" "${keyfile}"
|
|
_success "Your passphrase was successfully updated."
|
|
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
|
|
# takes care to encrypt a key
|
|
# honored options: --kdf --tomb-pwd -o
|
|
gen_key() {
|
|
# $1 the password to use, if not set then ask user
|
|
# -o is the --cipher-algo to use (string taken by GnuPG)
|
|
local algopt="`option_value -o`"
|
|
local algo="${algopt:-AES256}"
|
|
# here user is prompted for key password
|
|
tombpass=""
|
|
tombpasstmp=""
|
|
|
|
if [ "$1" = "" ]; then
|
|
while true; do
|
|
# 3 tries to write two times a matching password
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key"`
|
|
if [[ $? != 0 ]]; then
|
|
_failure "User aborted."
|
|
fi
|
|
if [ -z $tombpass ]; then
|
|
_warning "You set empty password, which is not possible."
|
|
continue
|
|
fi
|
|
tombpasstmp=$tombpass
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key (again)"`
|
|
if [[ $? != 0 ]]; then
|
|
_failure "User aborted."
|
|
fi
|
|
if [ "$tombpasstmp" = "$tombpass" ]; then
|
|
break;
|
|
fi
|
|
unset tombpasstmp
|
|
unset tombpass
|
|
done
|
|
else
|
|
tombpass="$1"
|
|
_verbose "gen_key takes tombpass from CLI argument: $tombpass"
|
|
fi
|
|
|
|
header=""
|
|
{ test "$KDF" = 1 } && {
|
|
{ option_is_set --kdf } && {
|
|
# KDF is a new key strenghtening technique against brute forcing
|
|
# see: https://github.com/dyne/Tomb/issues/82
|
|
itertime="`option_value --kdf`"
|
|
# removing support of floating points because they can't be type checked well
|
|
if [[ "$itertime" != <-> ]]; then
|
|
unset tombpass
|
|
unset tombpasstmp
|
|
_failure "Wrong argument for --kdf: must be an integer number (iteration seconds)."
|
|
fi
|
|
# --kdf takes one parameter: iter time (on present machine) in seconds
|
|
local -i microseconds
|
|
microseconds=$(( itertime * 10000 ))
|
|
_success "Using KDF, iterations: $microseconds"
|
|
_message "generating salt"
|
|
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
|
|
_message "calculating iterations"
|
|
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
|
|
_message "encoding the password"
|
|
# We use a length of 64bytes = 512bits (more than needed!?)
|
|
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
|
|
|
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
|
}
|
|
}
|
|
|
|
|
|
print $header
|
|
|
|
# TODO: check result of gpg operation
|
|
cat <<EOF | gpg --openpgp --force-mdc --cipher-algo ${algo} \
|
|
--batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
|
|
-o - -c -a
|
|
${tombpass}
|
|
${tomb_secret}
|
|
EOF
|
|
# print -n "${tombpass}" \
|
|
# | gpg --openpgp --force-mdc --cipher-algo ${algo} \
|
|
# --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
|
|
# -o - -c -a ${lukskey}
|
|
|
|
# update global var
|
|
tomb_password="$tombpass"
|
|
unset tombpass
|
|
unset tombpasstmp
|
|
}
|
|
|
|
# prints an array of ciphers available in gnupg (to encrypt keys)
|
|
list_gnupg_ciphers() {
|
|
# prints an error if GnuPG is not found
|
|
which gpg >& - || _failure "gpg (GnuPG) is not found, Tomb cannot function without it."
|
|
|
|
ciphers=(`gpg --version | awk '
|
|
BEGIN { ciphers=0 }
|
|
/^Cipher:/ { gsub(/,/,""); sub(/^Cipher:/,""); print; ciphers=1; next }
|
|
/^Hash:/ { ciphers=0 }
|
|
{ if(ciphers==0) { next } else { gsub(/,/,""); print; } }
|
|
'`)
|
|
echo " ${ciphers}"
|
|
return 1
|
|
}
|
|
|
|
# Steganographic function to bury a key inside an image.
|
|
# Requires steghide(1) to be installed
|
|
bury_key() {
|
|
load_key
|
|
[[ $? = 0 ]] || {
|
|
_failure "Bury failed for invalid key: $tomb_key_file" }
|
|
|
|
imagefile=$1
|
|
|
|
file $imagefile | grep -i JPEG > /dev/null
|
|
if [ $? != 0 ]; then
|
|
_warning "Encode failed: $imagefile is not a jpeg image."
|
|
return 1
|
|
fi
|
|
|
|
_success "Encoding key $tombkey inside image $imagefile"
|
|
_message "Please confirm the key password for the encoding"
|
|
# We ask the password and test if it is the same encoding the
|
|
# base key, to insure that the same password is used for the
|
|
# encryption and the steganography. This is a standard enforced
|
|
# by Tomb, but its not strictly necessary (and having different
|
|
# password would enhance security). Nevertheless here we prefer
|
|
# usability.
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tomb_pwd"
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_warning "Wrong password supplied."
|
|
_failure "You shall not bury a key whose password is unknown to you."
|
|
}
|
|
|
|
# we omit armor strings since having them as constants can give
|
|
# ground to effective attacks on steganography
|
|
print - "$tomb_key" | awk '
|
|
/^-----/ {next}
|
|
/^Version/ {next}
|
|
{print $0}' \
|
|
| steghide embed --embedfile - --coverfile ${imagefile} \
|
|
-p ${tomb_password} -z 9 -e serpent cbc
|
|
if [ $? != 0 ]; then
|
|
_warning "Encoding error: steghide reports problems."
|
|
res=1
|
|
else
|
|
_success "Tomb key encoded succesfully into image ${imagefile}"
|
|
res=0
|
|
fi
|
|
|
|
return $res
|
|
}
|
|
|
|
# mandatory 1st arg: the image file where key is supposed to be
|
|
# optional 2nd arg: the password to use (same as key, internal use)
|
|
# optional 3rd arg: the key where to save the result (- for stdout)
|
|
exhume_key() {
|
|
|
|
imagefile="$1"
|
|
res=1
|
|
|
|
knownpass="$2"
|
|
|
|
destkey="$3"
|
|
[[ "$destkey" = "" ]] && {
|
|
destkey="`option_value -k`"
|
|
{ test "$destkey" = "" } && {
|
|
# no key output specified: fallback to stdout
|
|
destkey="-"
|
|
_message "printing exhumed key on stdout" }
|
|
}
|
|
|
|
{ test -r "$imagefile" } || {
|
|
_failure "Exhume failed, image file not found: $imagefile" }
|
|
|
|
[[ `file "$imagefile"` =~ "JP.G" ]] || {
|
|
_failure "Exhume failed: $imagefile is not a jpeg image." }
|
|
|
|
# when a password is passed as argument then always print out
|
|
# the exhumed key on stdout without further checks (internal use)
|
|
{ test "$knownpass" = "" } || {
|
|
tomb_key=`steghide extract -sf "$imagefile" -p "$knownpass" -xf -`
|
|
{ test $? = 0 } || {
|
|
_failure "Wrong password or no steganographic key found" }
|
|
|
|
recover_key "$tomb_key"
|
|
return 0
|
|
}
|
|
|
|
{ test "$destkey" = "-" } || {
|
|
if [[ -s "$destkey" ]]; then
|
|
_warning "File exists: $destkey"
|
|
{ option_is_set -f } || {
|
|
_warning "Make explicit use of --force to overwrite."
|
|
_failure "Refusing to overwrite file. Operation aborted." }
|
|
_warning "Use of --force selected: overwriting."
|
|
rm -f ${destkey}
|
|
fi
|
|
}
|
|
|
|
_message "Trying to exhume a key out of image $imagefile"
|
|
if option_is_set --tomb-pwd; then
|
|
tombpass="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tombpass"
|
|
elif [[ "$tomb_password" != "" ]]; then
|
|
# password is known already
|
|
tombpass="$tomb_password"
|
|
else
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
|
|
if [[ $? != 0 ]]; then
|
|
_warning "User aborted password dialog."
|
|
return 1
|
|
fi
|
|
fi
|
|
|
|
# always steghide required
|
|
steghide extract -sf ${imagefile} -p ${tombpass} -xf ${destkey}
|
|
res=$?
|
|
|
|
unset tombpass
|
|
|
|
[[ "$destkey" = "-" ]] && { destkey="stdout" }
|
|
if [ $res = 0 ]; then
|
|
_success "Key succesfully exhumed to ${destkey}."
|
|
else
|
|
_warning "Nothing found in ${imagefile}."
|
|
fi
|
|
|
|
return $res
|
|
}
|
|
|
|
# Produces a printable image of the key contents so that it can be
|
|
# backuped on paper and hidden in books etc.
|
|
engrave_key() {
|
|
# load key from options
|
|
load_key
|
|
tombkey="$tomb_key_file"
|
|
{ test $? = 0 } || { _failure "No key specified." }
|
|
keyname=`basename $tombkey`
|
|
pngname="$keyname.qr.png"
|
|
|
|
_success "Rendering a printable QRCode for key: $tombkey"
|
|
# we omit armor strings to save space
|
|
awk '
|
|
/^-----/ {next}
|
|
/^Version/ {next}
|
|
{print $0}' ${tombkey} | qrencode --size 4 --level H \
|
|
--casesensitive -o "$pngname"
|
|
{ test $? = 0 } || { _failure "QREncode reported an error." }
|
|
_success "Operation successful:"
|
|
ls -lh $pngname
|
|
file $pngname
|
|
}
|
|
|
|
# }}} - Key handling
|
|
|
|
# {{{ Create
|
|
|
|
# This is a new way to create tombs which dissects the whole create_tomb() into 3 clear steps:
|
|
#
|
|
# * dig a .tomb (the large file) using /dev/urandom (takes some minutes at least)
|
|
#
|
|
# * forge a .key (the small file) using /dev/random (good entropy needed)
|
|
#
|
|
# * lock the .tomb file with the key, binding the key to the tomb (requires dm_crypt format)
|
|
|
|
|
|
forge_key() {
|
|
# can be specified both as simple argument or using -k
|
|
destkey="$1"
|
|
{ option_is_set -k } && { destkey="`option_value -k`" }
|
|
|
|
{ test "$destkey" = "" } && {
|
|
_warning "A filename needs to be specified using -k to forge a new key."
|
|
return 1 }
|
|
|
|
_message "Commanded to forge key $destkey"
|
|
_check_swap
|
|
|
|
|
|
# make sure that gnupg doesn't quits with an error before first run
|
|
{ test -r $HOME/.gnupg/pubring.gpg } || {
|
|
mkdir $HOME/.gnupg
|
|
touch $HOME/.gnupg/pubring.gpg }
|
|
|
|
{ test -r "$destkey" } && {
|
|
_warning "Forging this key would overwrite an existing file. Operation aborted."
|
|
_failure "`ls -lh $destkey`" }
|
|
|
|
{ option_is_set -o } && { algopt="`option_value -o`" }
|
|
algo=${algopt:-AES256}
|
|
|
|
_message "Commanded to forge key $destkey with cipher algorithm $algo"
|
|
|
|
tomb_key_file="$destkey"
|
|
|
|
_message "This operation takes time, keep using this computer on other tasks,"
|
|
_message "once done you will be asked to choose a password for your tomb."
|
|
_message "To make it faster you can move the mouse around."
|
|
_message "If you are on a server, you can use an Entropy Generation Daemon."
|
|
|
|
local random_source=/dev/random
|
|
if option_is_set --use-urandom; then
|
|
random_source=/dev/urandom
|
|
fi
|
|
|
|
_verbose "Data dump using ${DD[1]} from $random_source"
|
|
tomb_secret=`${=DD} bs=1 count=256 if=$random_source`
|
|
{ test $? = 0 } || {
|
|
_warning "Cannot generate encryption key."
|
|
_failure "Operation aborted." }
|
|
|
|
# here the global var tomb_secret contains the nude secret
|
|
|
|
_success "Choose the password of your key: ${tomb_key_file}"
|
|
_message "(You can also change it later using 'tomb passwd'.)"
|
|
touch ${tomb_key_file}
|
|
chown ${_uid}:${_gid} ${tomb_key_file}
|
|
chmod 0600 ${tomb_key_file}
|
|
|
|
tombname="$tomb_key_file"
|
|
# the gen_key() function takes care of the new key's encryption
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_new_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tomb_new_pwd"
|
|
gen_key "$tomb_new_pwd" >> "$tomb_key_file"
|
|
else
|
|
gen_key >> "$tomb_key_file"
|
|
fi
|
|
|
|
# load the key contents
|
|
tomb_key=`cat "$tomb_key_file"`
|
|
|
|
# this does a check on the file header
|
|
is_valid_key "${tomb_key}" || {
|
|
_warning "The key does not seem to be valid."
|
|
_warning "Dumping contents to screen:"
|
|
cat ${tombkey}
|
|
_warning "--"
|
|
umount ${keytmp}
|
|
rm -r $keytmp
|
|
_failure "Operation aborted."
|
|
}
|
|
|
|
_message "Done forging $tomb_key_file"
|
|
_success "Your key is ready:"
|
|
ls -lh ${tomb_key_file}
|
|
}
|
|
|
|
# Dig a tomb, means that it will create an empty file to be formatted
|
|
# as a loopback filesystem. Initially the file is filled with random data
|
|
# taken from /dev/urandom which improves the tomb's overall security
|
|
dig_tomb() {
|
|
_message "Commanded to dig tomb $1"
|
|
if [ "$1" = "" ]; then
|
|
_warning "No tomb name specified for creation."
|
|
return 1
|
|
fi
|
|
|
|
_check_swap
|
|
|
|
tombfile=`basename $1`
|
|
tombdir=`dirname $1`
|
|
# make sure the file has a .tomb extension
|
|
tombname=${tombfile%%\.*}
|
|
tombfile=${tombname}.tomb
|
|
|
|
# require the specification of the size of the tomb (-s) in MB
|
|
tombsize="`option_value -s`"
|
|
|
|
[ $tombsize ] || _failure "Size argument missing, use -s"
|
|
|
|
[[ $tombsize != <-> ]] && _failure "Size argument is not an integer."
|
|
|
|
[[ $tombsize -lt 10 ]] && _failure "Tombs can't be smaller than 10 megabytes."
|
|
|
|
if [ -e ${tombdir}/${tombfile} ]; then
|
|
_warning "A tomb exists already. I'm not digging here:"
|
|
_warning " `ls -lh ${tombdir}/${tombfile}`"
|
|
return 1
|
|
fi
|
|
|
|
_success "Creating a new tomb in ${tombdir}/${tombfile}"
|
|
|
|
_message "Generating ${tombfile} of ${tombsize}MiB"
|
|
# we will first touch the file and set permissions: this way, even if interrupted, permissions are right
|
|
touch ${tombdir}/${tombfile}
|
|
chmod 0600 "${tombdir}/${tombfile}"
|
|
chown $_uid:$_gid "${tombdir}/${tombfile}"
|
|
|
|
_verbose "Data dump using ${DD[1]} from /dev/urandom"
|
|
|
|
${=DD} if=/dev/urandom bs=1048576 count=${tombsize} of=${tombdir}/${tombfile}
|
|
|
|
if [ $? = 0 -a -e ${tombdir}/${tombfile} ]; then
|
|
_message " `ls -lh ${tombdir}/${tombfile}`"
|
|
else
|
|
_failure "Error creating the tomb ${tombdir}/${tombfile}, operation aborted."
|
|
fi
|
|
|
|
_success "Done digging $tombname"
|
|
_message "Your tomb is not yet ready, you need to forge a key and lock it:"
|
|
_message "tomb forge ${tombname}.tomb.key"
|
|
_message "tomb lock ${tombname}.tomb -k ${tombname}.tomb.key"
|
|
}
|
|
|
|
|
|
# this function locks a tomb with a key file
|
|
# in fact LUKS formatting the loopback volume
|
|
# it take arguments as the LUKS cipher to be used
|
|
lock_tomb_with_key() {
|
|
if ! [ $1 ]; then
|
|
_warning "No tomb specified for locking."
|
|
_warning "Usage: tomb lock file.tomb file.tomb.key"
|
|
return 1
|
|
fi
|
|
|
|
tombpath="$1"
|
|
_message "Commanded to lock tomb ${tombfile}"
|
|
|
|
tombdir=`dirname "$tombpath"`
|
|
tombfile=`basename "$tombpath"`
|
|
tombname="${tombfile%%\.*}"
|
|
|
|
{ test -f ${tombdir}/${tombfile} } || {
|
|
_failure "There is no tomb here. You have to it dig first."
|
|
return 1 }
|
|
|
|
_verbose "Tomb found: ${tombdir}/${tombfile}"
|
|
|
|
lo_mount "${tombdir}/${tombfile}"
|
|
nstloop=`lo_new`
|
|
|
|
_verbose "Loop mounted on ${nstloop}"
|
|
|
|
_message "Checking if the tomb is empty (we never step on somebody else's bones)."
|
|
cryptsetup isLuks ${nstloop}
|
|
if [ $? = 0 ]; then
|
|
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
|
_warning "The tomb was already locked with another key."
|
|
_failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
|
|
else
|
|
_message "Fine, this tomb seems empty."
|
|
fi
|
|
|
|
# load key from options or file
|
|
load_key
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading key." }
|
|
# make sure to call drop_key later
|
|
|
|
# the encryption cipher for a tomb can be set when locking using -o
|
|
if option_is_set -o; then
|
|
cipher="`option_value -o`"
|
|
else
|
|
cipher="aes-xts-plain64:sha256"
|
|
# old default was aes-cbc-essiv:sha256
|
|
# for more alternatives refer to cryptsetup(8)
|
|
fi
|
|
_message "Locking using cipher: $cipher"
|
|
|
|
# get the pass from the user and check it
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tomb_pwd"
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
_success "Locking ${tombfile} with ${tombkey}"
|
|
|
|
_message "Formatting Luks mapped device."
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - --batch-mode \
|
|
--cipher ${cipher} --key-size 256 --key-slot 0 \
|
|
luksFormat ${nstloop}
|
|
if ! [ $? = 0 ]; then
|
|
_warning "cryptsetup luksFormat returned an error."
|
|
_failure "Operation aborted."
|
|
fi
|
|
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - \
|
|
--cipher ${cipher} luksOpen ${nstloop} tomb.tmp
|
|
if ! [ $? = 0 ]; then
|
|
_warning "cryptsetup luksOpen returned an error."
|
|
_failure "Operation aborted."
|
|
fi
|
|
|
|
_message "Formatting your Tomb with Ext3/Ext4 filesystem."
|
|
${=MKFS} ${tombname} /dev/mapper/tomb.tmp
|
|
|
|
if [ $? != 0 ]; then
|
|
_warning "Tomb format returned an error."
|
|
_warning "Your tomb ${tombfile} may be corrupted."
|
|
fi
|
|
|
|
# sync
|
|
|
|
cryptsetup luksClose tomb.tmp
|
|
|
|
_message "Done locking $tombname using Luks dm-crypt ${create_cipher}"
|
|
_success "Your tomb is ready in ${tombdir}/${tombfile} and secured with key ${tombkey}"
|
|
|
|
}
|
|
|
|
# This function changes the key that locks a tomb
|
|
change_tomb_key() {
|
|
_message "Commanded to reset key for tomb $2"
|
|
|
|
_check_swap
|
|
|
|
[[ "$2" = "" ]] && {
|
|
_warning "Command 'setkey' needs two arguments: the old key file and the tomb."
|
|
_warning "I.e: tomb -k new.tomb.key old.tomb.key secret.tomb"
|
|
_failure "Execution aborted."
|
|
}
|
|
|
|
lo_mount "$2"
|
|
nstloop=`lo_new`
|
|
cryptsetup isLuks ${nstloop}
|
|
# is it a LUKS encrypted nest? we check one more time
|
|
{ test $? = 0 } || {
|
|
_failure "Not a valid LUKS encrypted volume: $2" }
|
|
|
|
|
|
load_key "$1"
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading old key from arguments" }
|
|
old_key="$tomb_key"
|
|
old_key_file="$tomb_key_file"
|
|
|
|
# we have everything, prepare to mount
|
|
_success "Changing lock on tomb $tombname"
|
|
_message "Old key: $old_key_file"
|
|
|
|
# render the mapper
|
|
mapdate=`date +%s`
|
|
# save date of mount in minutes since 1970
|
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
|
|
|
|
|
# load the old key
|
|
if option_is_set --tomb-old-pwd; then
|
|
tomb_old_pwd="`option_value --tomb-old-pwd`"
|
|
_verbose "tomb-old-pwd = $tomb_old_pwd"
|
|
ask_key_password "$tomb_old_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied for the old key." }
|
|
old_secret="$tomb_secret"
|
|
|
|
# luksOpen the tomb (not really mounting, just on the loopback)
|
|
print -n - "$old_secret" | \
|
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
|
{ test $? = 0 } || {
|
|
_failure "Unexpected error in luksOpen." }
|
|
|
|
load_key
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading new key from -k" }
|
|
new_key="$tomb_key"
|
|
new_key_file="$tomb_key_file"
|
|
_message "New key: $new_key_file"
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_new_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tomb_new_pwd"
|
|
ask_key_password "$tomb_new_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied for the new key." }
|
|
new_secret="$tomb_secret"
|
|
|
|
# danger zone: due to cryptsetup limitations, in setkey we need
|
|
# to write the bare unencrypted key on the tmpfs.
|
|
tmp_create
|
|
new_secret_file=`tmp_new`
|
|
print -n - "$new_secret" >> $new_secret_file
|
|
print -n - "$old_secret"| \
|
|
cryptsetup --key-file - luksChangeKey "$nstloop" "$new_secret_file"
|
|
{ test $? = 0 } || {
|
|
_failure "Unexpected error in luksChangeKey." }
|
|
|
|
unset old_key
|
|
unset new_key
|
|
|
|
cryptsetup luksClose "${mapper}"
|
|
{ test $? = 0 } || {
|
|
_failure "Unexpected error in luksClose." }
|
|
|
|
_success "Succesfully changed key for tomb: $2"
|
|
_message "The new key is: $new_key_file"
|
|
|
|
return 0
|
|
}
|
|
|
|
# backward compatibility
|
|
create_tomb() {
|
|
_verbose "create_tomb(): ${=@} ${=OLDARGS}"
|
|
if ! [ $1 ]; then
|
|
_warning "No tomb name specified for creation."
|
|
return 1
|
|
fi
|
|
|
|
|
|
{ test -r "$1" } && {
|
|
_warning "Creating this tomb would overwrite an existing file. Operation aborted."
|
|
_failure "`ls -lh $1`" }
|
|
|
|
{ test $? = 0 } || { _failure "Failed to dig tomb, operation aborted." }
|
|
|
|
|
|
tombfile=`basename $1`
|
|
tombdir=`dirname $1`
|
|
# make sure the file has a .tomb extension
|
|
tombname=${tombfile%%\.*}
|
|
tombfile=${tombname}.tomb
|
|
|
|
${TOMBEXEC} dig ${=PARAM}
|
|
${TOMBEXEC} forge ${tombdir}/${tombfile}.key
|
|
{ test $? = 0 } || { _failure "Failed to forge key, operation aborted." }
|
|
|
|
${TOMBEXEC} lock ${tombdir}/${tombfile} -k ${tombdir}/${tombfile}.key
|
|
{ test $? = 0 } || { _failure "Failed to lock tomb with key, operation aborted." }
|
|
|
|
_success "Tomb $tombname succesfully created."
|
|
ls -l ${tombfile}*
|
|
}
|
|
|
|
# }}} - Creation
|
|
|
|
# {{{ Open
|
|
|
|
# $1 = tombfile $2(optional) = mountpoint
|
|
mount_tomb() {
|
|
_message "Commanded to open tomb $1"
|
|
if [ "$1" = "" ]; then
|
|
_warning "No tomb name specified for opening."
|
|
return 1
|
|
fi
|
|
|
|
_check_swap
|
|
|
|
# set up variables to be used
|
|
# the full path is made with $tombdir/$tombfile
|
|
|
|
tombfile=`basename ${1}`
|
|
tombdir=`dirname ${1}`
|
|
# check file type (if its a Luks fs)
|
|
file ${tombdir}/${tombfile} | \
|
|
grep -i 'luks encrypted file' 2>&1 > /dev/null
|
|
if [ $? != 0 ]; then
|
|
_warning "$1 is not a valid tomb file, operation aborted."
|
|
return 1
|
|
fi
|
|
tombname=${tombfile%%\.*}
|
|
_verbose "Tomb found: ${tombdir}/${tombfile}"
|
|
|
|
# load_key called here
|
|
load_key
|
|
########
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading key $tomb_key_file" }
|
|
|
|
if [ "$2" = "" ]; then
|
|
tombmount=/media/${tombfile}
|
|
_message "Mountpoint not specified, using default: $tombmount"
|
|
else
|
|
tombmount=$2
|
|
fi
|
|
|
|
# check if its already open
|
|
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
|
|
if [ $? = 0 ]; then
|
|
_warning "$tombname is already open."
|
|
_message "Here below its status is reported:"
|
|
list_tombs ${tombname}
|
|
return 0
|
|
fi
|
|
|
|
_success "Opening $tombfile on $tombmount"
|
|
|
|
lo_mount "${tombdir}/${tombfile}"
|
|
nstloop=`lo_new`
|
|
|
|
cryptsetup isLuks ${nstloop}
|
|
if [ $? != 0 ]; then
|
|
# is it a LUKS encrypted nest? see cryptsetup(1)
|
|
_warning "$tombfile is not a valid Luks encrypted storage file."
|
|
return 1
|
|
fi
|
|
_message "This tomb is a valid LUKS encrypted device."
|
|
|
|
luksdump="`cryptsetup luksDump ${nstloop}`"
|
|
tombdump=(`print $luksdump | awk '
|
|
/^Cipher name/ {print $3}
|
|
/^Cipher mode/ {print $3}
|
|
/^Hash spec/ {print $3}'`)
|
|
_message "Cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
|
|
|
|
slotwarn=`print $luksdump | awk '
|
|
BEGIN { zero=0 }
|
|
/^Key slot 0/ { zero=1 }
|
|
/^Key slot.*ENABLED/ { if(zero==1) print "WARN" }'`
|
|
{ test "$slotwarn" = "WARN" } && {
|
|
_warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
|
|
|
|
# save date of mount in minutes since 1970
|
|
mapdate=`date +%s`
|
|
|
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
|
_verbose "dev mapper device: $mapper"
|
|
_verbose "Tomb key: $tomb_key_file"
|
|
|
|
# take the name only, strip extensions
|
|
_verbose "Tomb name: $tombname (to be engraved)"
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tomb_pwd"
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
|
|
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
|
_failure "Failure mounting the encrypted file."
|
|
fi
|
|
|
|
# preserve the loopdev after exit
|
|
lo_preserve "$nstloop"
|
|
|
|
# array: [ cipher, keysize, loopdevice ]
|
|
tombstat=(`cryptsetup status ${mapper} | awk '
|
|
/cipher:/ {print $2}
|
|
/keysize:/ {print $2}
|
|
/device:/ {print $2}'`)
|
|
_success "Success unlocking tomb $tombname"
|
|
_verbose "Key size is $tombstat[2] for cipher $tombstat[1]"
|
|
|
|
_message "Checking filesystem via $tombstat[3]"
|
|
fsck -p -C0 /dev/mapper/${mapper}
|
|
_verbose "Tomb engraved as $tombname"
|
|
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
|
|
|
|
# we need root from here on
|
|
mkdir -p $tombmount
|
|
|
|
mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount}
|
|
|
|
chown ${_uid}:${_gid} ${tombmount}
|
|
chmod 0711 ${tombmount}
|
|
|
|
_success "Success opening $tombfile on $fg_bold[white]$tombmount$fg_no_bold[white]"
|
|
|
|
# print out when was opened the last time, by whom and where
|
|
{ test -r ${tombmount}/.last } && {
|
|
tombtty="`cat ${tombmount}/.tty`"
|
|
tombhost="`cat ${tombmount}/.host`"
|
|
tombuid="`cat ${tombmount}/.uid`"
|
|
tomblast="`cat ${tombmount}/.last`"
|
|
tombuser=`awk -F: '/:'"$tombuid"':/ {print $1}' /etc/passwd`
|
|
_message "Last visit by $fg_bold[white]$tombuser($tombuid)$fg_no_bold[white] from $fg_bold[white]$tombtty$fg_no_bold[white] on $fg_bold[white]$tombhost$fg_no_bold[white]"
|
|
_message "on date $fg_bold[white]`date --date @${tomblast} +%c`$fg_no_bold[white]"
|
|
}
|
|
# write down the UID and TTY that opened the tomb
|
|
rm -f ${tombmount}/.uid
|
|
echo ${_uid} > ${tombmount}/.uid
|
|
rm -f ${tombmount}/.tty
|
|
echo ${_tty} > ${tombmount}/.tty
|
|
# also the hostname
|
|
rm -f ${tombmount}/.host
|
|
echo `hostname` > ${tombmount}/.host
|
|
# and the "last time opened" information
|
|
# in minutes since 1970, this is printed at next open
|
|
rm -f ${tombmount}/.last
|
|
echo "`date +%s`" > ${tombmount}/.last
|
|
# human readable: date --date=@"`cat .last`" +%c
|
|
|
|
|
|
# process bind-hooks (mount -o bind of directories)
|
|
# and post-hooks (execute on open)
|
|
if ! option_is_set -n ; then
|
|
exec_safe_bind_hooks ${tombmount}
|
|
exec_safe_post_hooks ${tombmount} open
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
# ## Hooks execution
|
|
exec_safe_bind_hooks() {
|
|
if [[ -n ${(k)opts[-o]} ]]; then
|
|
MOUNTOPTS=${opts[-o]}
|
|
fi
|
|
local MOUNTPOINT="${1}"
|
|
local ME=${SUDO_USER:-$(whoami)}
|
|
local HOME=$(awk -v a="$ME" -F ':' '{if ($1 == a) print $6}' /etc/passwd 2>-)
|
|
if [ $? -ne 0 ]; then
|
|
_warning "How pitiful! A tomb, and no HOME."
|
|
return 1
|
|
fi
|
|
if [ -z "$MOUNTPOINT" -o ! -d "$MOUNTPOINT" ]; then
|
|
_warning "Cannot exec bind hooks without a mounted tomb."
|
|
return 1
|
|
fi
|
|
if ! [ -r "$MOUNTPOINT/bind-hooks" ]; then
|
|
_verbose "bind-hooks not found in $MOUNTPOINT"
|
|
return 1
|
|
fi
|
|
typeset -al mounted
|
|
typeset -Al maps
|
|
maps=($(<"$MOUNTPOINT/bind-hooks"))
|
|
for dir in ${(k)maps}; do
|
|
if [ "${dir[1]}" = "/" -o "${dir[1,2]}" = ".." ]; then
|
|
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME"
|
|
continue
|
|
fi
|
|
if [ "${${maps[$dir]}[1]}" = "/" -o "${${maps[$dir]}[1,2]}" = ".." ]; then
|
|
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
|
|
for dir in ${mounted}; do umount $dir; done
|
|
return 1
|
|
fi
|
|
if [ ! -r "$HOME/${maps[$dir]}" ]; then
|
|
_warning "bind-hook target not existent, skipping $HOME/${maps[$dir]}"
|
|
elif [ ! -r "$MOUNTPOINT/$dir" ]; then
|
|
_warning "bind-hook source not found in tomb, skipping ${MOUNTPOINT}/${dir}"
|
|
else
|
|
mount -o bind,$MOUNTOPTS $MOUNTPOINT/$dir $HOME/${maps[$dir]}
|
|
mounted+=("$HOME/${maps[$dir]}")
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Post mount hooks
|
|
exec_safe_post_hooks() {
|
|
local mnt=$1 # first argument is where the tomb is mounted
|
|
local ME=${SUDO_USER:-$(whoami)}
|
|
if ! [ -x ${mnt}/post-hooks ]; then return; fi
|
|
# if 'post-hooks' is found inside the tomb, check it: if it is an
|
|
# executable, launch it as a user this might need a dialog for
|
|
# security on what is being run, however we expect you know well
|
|
# what is inside your tomb. this feature opens the possibility to
|
|
# make encrypted executables.
|
|
cat ${mnt}/post-hooks | head -n1 | grep '^#!/'
|
|
if [ $? = 0 ]; then
|
|
_success "Post hooks found, executing as user $SUDO_USER."
|
|
exec_as_user ${mnt}/post-hooks "$2" "$1"
|
|
fi
|
|
}
|
|
|
|
# }}} - Tomb open
|
|
|
|
# {{{ List
|
|
|
|
# list all tombs mounted in a readable format
|
|
# $1 is optional, to specify a tomb
|
|
list_tombs() {
|
|
|
|
# list all open tombs
|
|
mounted_tombs=(`list_tomb_mounts $1`)
|
|
{ test ${#mounted_tombs} = 0 } && {
|
|
_failure "I can't see any ${1:-open} tomb, may they all rest in peace." }
|
|
|
|
for t in ${mounted_tombs}; do
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
tombfs=${t[(ws:;:)3]}
|
|
tombfsopts=${t[(ws:;:)4]}
|
|
tombloop=${mapper[(ws:.:)4]}
|
|
|
|
# calculate tomb size
|
|
ts=`df -hP /dev/mapper/$mapper |
|
|
awk "/mapper/"' { print $2 ";" $3 ";" $4 ";" $5 }'`
|
|
tombtot=${ts[(ws:;:)1]}
|
|
tombused=${ts[(ws:;:)2]}
|
|
tombavail=${ts[(ws:;:)3]}
|
|
tombpercent=${ts[(ws:;:)4]}
|
|
tombp=${tombpercent%%%}
|
|
tombsince=`date --date=@${mapper[(ws:.:)3]} +%c`
|
|
|
|
# find out who opens it from where
|
|
{ test -r ${tombmount}/.tty } && {
|
|
tombtty="`cat ${tombmount}/.tty`"
|
|
tombhost="`cat ${tombmount}/.host`"
|
|
tombuid="`cat ${tombmount}/.uid`"
|
|
tombuser=`awk -F: '/:'"$tombuid"':/ {print $1}' /etc/passwd`
|
|
}
|
|
|
|
if option_is_set --get-mountpoint; then
|
|
echo $tombmount
|
|
continue
|
|
fi
|
|
# breaking up such strings is good for translation
|
|
print -n "$fg[green]$tombname"
|
|
print -n "$fg[white] open on "
|
|
print -n "$fg_bold[white]$tombmount"
|
|
print -n "$fg_no_bold[white] using "
|
|
print "$fg_bold[white]$tombfs $tombfsopts"
|
|
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg_no_bold[white] open since "
|
|
print "$fg_bold[white]$tombsince$fg_no_bold[white]"
|
|
|
|
{ test "$tombtty" = "" } || {
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg_no_bold[white] open by "
|
|
print -n "$fg_bold[white]$tombuser"
|
|
print -n "$fg_no_bold[white] from "
|
|
print -n "$fg_bold[white]$tombtty"
|
|
print -n "$fg_no_bold[white] on "
|
|
print "$fg_bold[white]$tombhost"
|
|
}
|
|
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg[white] size "
|
|
print -n "$fg_bold[white]$tombtot"
|
|
print -n "$fg_no_bold[white] of which "
|
|
print -n "$fg_bold[white]$tombused"
|
|
print -n "$fg_no_bold[white] used: "
|
|
print -n "$fg_bold[white]$tombavail"
|
|
print -n "$fg_no_bold[white] free ("
|
|
print -n "$fg_bold[white]$tombpercent"
|
|
print "$fg_no_bold[white] full)"
|
|
|
|
if [[ ${tombp} -ge 90 ]]; then
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print "$fg_bold[red] Your tomb is almost full!"
|
|
fi
|
|
|
|
# now check hooks
|
|
mounted_hooks=(`list_tomb_binds $tombname`)
|
|
for h in ${mounted_hooks}; do
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg_no_bold[white] hooks "
|
|
# print -n "$fg_bold[white]`basename ${h[(ws:;:)1]}`"
|
|
# print -n "$fg_no_bold[white] on "
|
|
print "$fg_bold[white]${h[(ws:;:)2]}$fg_no_bold[white]"
|
|
done
|
|
done
|
|
}
|
|
|
|
|
|
# print out an array of mounted tombs (internal use)
|
|
# format is semi-colon separated list of attributes
|
|
# if 1st arg is supplied, then list only that tomb
|
|
#
|
|
# String positions in the semicolon separated array:
|
|
#
|
|
# 1. full mapper path
|
|
#
|
|
# 2. mountpoint
|
|
#
|
|
# 3. filesystem type
|
|
#
|
|
# 4. mount options
|
|
#
|
|
# 5. tomb name
|
|
list_tomb_mounts() {
|
|
if [ "$1" = "" ]; then
|
|
# list all open tombs
|
|
mount -l \
|
|
| awk '
|
|
BEGIN { main="" }
|
|
/^\/dev\/mapper\/tomb/ {
|
|
if(main==$1) next;
|
|
print $1 ";" $3 ";" $5 ";" $6 ";" $7
|
|
main=$1
|
|
}
|
|
'
|
|
else
|
|
# list a specific tomb
|
|
mount -l \
|
|
| awk -vtomb="[$1]" '
|
|
BEGIN { main="" }
|
|
/^\/dev\/mapper\/tomb/ {
|
|
if($7!=tomb) next;
|
|
if(main==$1) next;
|
|
print $1 ";" $3 ";" $5 ";" $6 ";" $7
|
|
main=$1
|
|
}
|
|
'
|
|
fi
|
|
}
|
|
|
|
# list_tomb_binds
|
|
# print out an array of mounted bind hooks (internal use)
|
|
# format is semi-colon separated list of attributes
|
|
# needs an argument: name of tomb whose hooks belong
|
|
list_tomb_binds() {
|
|
if [ "$1" = "" ]; then
|
|
_failure "Internal error: list_tomb_binds called without argument."; fi
|
|
|
|
# list bind hooks on util-linux 2.20 (Debian 7)
|
|
mount -l \
|
|
| awk -vtomb="$1" '
|
|
BEGIN { main="" }
|
|
/^\/dev\/mapper\/tomb/ {
|
|
if($7!=tomb) next;
|
|
if(main=="") { main=$1; next; }
|
|
if(main==$1)
|
|
print $1 ";" $3 ";" $5 ";" $6 ";" $7
|
|
}
|
|
'
|
|
|
|
# list bind hooks on util-linux 2.17 (Debian 6)
|
|
tombmount=`mount -l \
|
|
| awk -vtomb="$1" '
|
|
/^\/dev\/mapper\/tomb/ { if($7!=tomb) next; print $3; exit; }'`
|
|
|
|
mount -l | grep "^$tombmount" \
|
|
| awk -vtomb="$1" '
|
|
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
|
|
}
|
|
|
|
# }}} - Tomb list
|
|
|
|
# {{{ Index and search
|
|
|
|
# index files in all tombs for search
|
|
# $1 is optional, to specify a tomb
|
|
index_tombs() {
|
|
{ command -v updatedb >& - } || {
|
|
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
|
|
|
|
updatedbver=`updatedb --version | grep '^updatedb'`
|
|
[[ "$updatedbver" =~ "GNU findutils" ]] && {
|
|
_warning "Cannot use GNU findutils for index/search commands." }
|
|
[[ "$updatedbver" =~ "mlocate" ]] || {
|
|
_failure "Index command needs 'mlocate' to be installed." }
|
|
|
|
_verbose "$updatedbver"
|
|
|
|
mounted_tombs=(`list_tomb_mounts $1`)
|
|
{ test ${#mounted_tombs} = 0 } && {
|
|
if [ $1 ]; then _failure "There seems to be no open tomb engraved as [$1]"
|
|
else _failure "I can't see any open tomb, may they all rest in peace."
|
|
fi
|
|
}
|
|
|
|
|
|
_success "Creating and updating search indexes."
|
|
|
|
# start the LibreOffice document converter if installed
|
|
{ command -v unoconv >& - } && {
|
|
unoconv -l 2>- &
|
|
_verbose "unoconv listener launched."
|
|
sleep 1 }
|
|
|
|
for t in ${mounted_tombs}; do
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
{ test -r ${tombmount}/.noindex } && {
|
|
_message "Skipping $tombname (.noindex found)."
|
|
continue }
|
|
_message "Indexing $tombname filenames..."
|
|
updatedb -l 0 -o ${tombmount}/.updatedb -U ${tombmount}
|
|
|
|
# here we use swish to index file contents
|
|
{ test $SWISH = 1 } && {
|
|
_message "Indexing $tombname contents..."
|
|
tmp_create
|
|
swishrc=`tmp_new`
|
|
|
|
cat <<EOF > $swishrc
|
|
# index directives
|
|
DefaultContents TXT*
|
|
IndexDir $tombmount
|
|
IndexFile $tombmount/.swish
|
|
# exclude images
|
|
FileRules filename regex /\.jp.?g/i
|
|
FileRules filename regex /\.png/i
|
|
FileRules filename regex /\.gif/i
|
|
FileRules filename regex /\.tiff/i
|
|
FileRules filename regex /\.svg/i
|
|
FileRules filename regex /\.xcf/i
|
|
FileRules filename regex /\.eps/i
|
|
FileRules filename regex /\.ttf/i
|
|
# exclude audio
|
|
FileRules filename regex /\.mp3/i
|
|
FileRules filename regex /\.ogg/i
|
|
FileRules filename regex /\.wav/i
|
|
FileRules filename regex /\.mod/i
|
|
FileRules filename regex /\.xm/i
|
|
# exclude video
|
|
FileRules filename regex /\.mp4/i
|
|
FileRules filename regex /\.avi/i
|
|
FileRules filename regex /\.ogv/i
|
|
FileRules filename regex /\.ogm/i
|
|
FileRules filename regex /\.mkv/i
|
|
FileRules filename regex /\.mov/i
|
|
# exclude system
|
|
FileRules filename is ok
|
|
FileRules filename is lock
|
|
FileRules filename is control
|
|
FileRules filename is status
|
|
FileRules filename is proc
|
|
FileRules filename is sys
|
|
FileRules filename is supervise
|
|
FileRules filename regex /\.asc$/i
|
|
FileRules filename regex /\.gpg$/i
|
|
|
|
# pdf and postscript
|
|
FileFilter .pdf pdftotext "'%p' -"
|
|
FileFilter .ps ps2txt "'%p' -"
|
|
# compressed files
|
|
FileFilterMatch lesspipe "%p" /\.tgz$/i
|
|
FileFilterMatch lesspipe "%p" /\.zip$/i
|
|
FileFilterMatch lesspipe "%p" /\.gz$/i
|
|
FileFilterMatch lesspipe "%p" /\.bz2$/i
|
|
FileFilterMatch lesspipe "%p" /\.Z$/
|
|
# spreadsheets
|
|
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xls.*/i
|
|
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xlt.*/i
|
|
FileFilter .ods unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .ots unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .dbf unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .dif unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .uos unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .sxc unoconv "-d spreadsheet -f csv --stdout %P"
|
|
# word documents
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.doc.*/i
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.odt.*/i
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.rtf.*/i
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i
|
|
# native html support
|
|
IndexContents HTML* .htm .html .shtml
|
|
IndexContents XML* .xml
|
|
EOF
|
|
|
|
_verbose "Using swish-e to create index."
|
|
swish-e -c $swishrc -S fs -v3
|
|
rm -f $swishrc
|
|
}
|
|
|
|
_message "Search index updated."
|
|
done
|
|
}
|
|
search_tombs() {
|
|
{ command -v locate >& - } || {
|
|
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
|
|
|
|
updatedbver=`updatedb --version | grep '^updatedb'`
|
|
[[ "$updatedbver" =~ "GNU findutils" ]] && {
|
|
_warning "Cannot use GNU findutils for index/search commands." }
|
|
[[ "$updatedbver" =~ "mlocate" ]] || {
|
|
_failure "Index command needs 'mlocate' to be installed." }
|
|
|
|
_verbose "$updatedbver"
|
|
|
|
# list all open tombs
|
|
mounted_tombs=(`list_tomb_mounts`)
|
|
if [ ${#mounted_tombs} = 0 ]; then
|
|
_failure "I can't see any open tomb, may they all rest in peace."; fi
|
|
|
|
_success "Searching for: $fg_bold[white]${(f)@}$fg_no_bold[white]"
|
|
for t in ${mounted_tombs}; do
|
|
_verbose "Checking for index: ${t}"
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
if [ -r ${tombmount}/.updatedb ]; then
|
|
|
|
# use mlocate to search hits on filenames
|
|
_message "Searching filenames in tomb $tombname"
|
|
locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
|
|
_message "Matches found: `locate -d ${tombmount}/.updatedb -e -i -c ${(f)@}`"
|
|
|
|
# use swish-e to search over contents
|
|
{ test $SWISH = 1 } && { test -r $tombmount/.swish } && {
|
|
_message "Searching contents in tomb $tombname"
|
|
swish-search -w ${=@} -f $tombmount/.swish -H0 }
|
|
|
|
else
|
|
_warning "Skipping tomb $tombname: not indexed."
|
|
_warning "Run 'tomb index' to create indexes."
|
|
fi
|
|
done
|
|
_message "Search completed."
|
|
}
|
|
|
|
# }}} - Index and search
|
|
|
|
# {{{ Resize
|
|
|
|
# resize tomb file size
|
|
resize_tomb() {
|
|
_message "Commanded to resize tomb $1 to $opts[-s] megabytes."
|
|
if ! [ $1 ]; then
|
|
_failure "No tomb name specified for resizing."
|
|
elif ! [ -r "$1" ]; then
|
|
_failure "Cannot find $1"
|
|
fi
|
|
# $1 is the tomb file path
|
|
|
|
newtombsize="`option_value -s`"
|
|
{ test "$newtombsize" = "" } && {
|
|
_failure "Aborting operations: new size was not specified, use -s" }
|
|
|
|
|
|
tombdir=`dirname $1`
|
|
tombfile=`basename $1`
|
|
tombname=${tombfile%%\.*}
|
|
|
|
# load key from options or file
|
|
load_key
|
|
########
|
|
|
|
local oldtombsize=$(( `stat -c %s "$1" 2>-` / 1048576 ))
|
|
local mounted_tomb=`mount -l |
|
|
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
|
|
|
|
if [ "$mounted_tomb" ]; then
|
|
_failure "The tomb $tombname is open, to resize it it needs to be closed."
|
|
fi
|
|
|
|
if ! [ "$newtombsize" ] ; then
|
|
_failure "You must specify the new size of $tombname"
|
|
elif [[ $newtombsize != <-> ]]; then
|
|
_failure "Size is not an integer."
|
|
elif [ "$newtombsize" -le "$oldtombsize" ]; then
|
|
_failure "The new size must be greater then old tomb size."
|
|
fi
|
|
|
|
delta="$(( $newtombsize - $oldtombsize ))"
|
|
|
|
_message "Generating ${tombfile} of ${newtombsize}MiB"
|
|
|
|
_verbose "Data dump using ${DD[1]} from /dev/urandom"
|
|
${=DD} if=/dev/urandom bs=1048576 count=${delta} >> ${tombdir}/${tombfile}
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "Error creating the extra resize $tmp_resize, operation aborted." }
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = $tomb_pwd"
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
lo_mount "${tombdir}/${tombfile}"
|
|
nstloop=`lo_new`
|
|
|
|
mapdate=`date +%s`
|
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
|
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
|
|
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
|
_failure "Failure mounting the encrypted file."
|
|
fi
|
|
|
|
cryptsetup resize "${mapper}"
|
|
if [ $? != 0 ]; then
|
|
_failure "cryptsetup failed to resize $mapper"
|
|
fi
|
|
|
|
e2fsck -p -f /dev/mapper/${mapper}
|
|
if [ $? != 0 ]; then
|
|
_failure "e2fsck failed to check $mapper"
|
|
fi
|
|
|
|
resize2fs /dev/mapper/${mapper}
|
|
if [ $? != 0 ]; then
|
|
_failure "resize2fs failed to resize $mapper"
|
|
fi
|
|
|
|
sleep 1 # needs to settle a bit
|
|
|
|
# close and free the loop device
|
|
cryptsetup luksClose "${mapper}"
|
|
|
|
return 0
|
|
}
|
|
|
|
# }}}
|
|
|
|
# {{{ Close
|
|
|
|
umount_tomb() {
|
|
local tombs how_many_tombs
|
|
local pathmap mapper tombname tombmount loopdev
|
|
local ans pidk pname
|
|
|
|
if [ "$1" = "all" ]; then
|
|
mounted_tombs=(`list_tomb_mounts`)
|
|
else
|
|
mounted_tombs=(`list_tomb_mounts $1`)
|
|
fi
|
|
|
|
{ test ${#mounted_tombs} = 0 } && {
|
|
_warning "There is no open tomb to be closed."
|
|
return 1 }
|
|
|
|
{ test ${#mounted_tombs} -gt 1 } && { test "$1" = "" } && {
|
|
_warning "Too many tombs mounted, please specify one (see tomb list)"
|
|
_warning "or issue the command 'tomb close all' to close them all."
|
|
return 1 }
|
|
|
|
_message "Tomb close $1"
|
|
|
|
for t in ${mounted_tombs}; do
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
tombfs=${t[(ws:;:)3]}
|
|
tombfsopts=${t[(ws:;:)4]}
|
|
tombloop=${mapper[(ws:.:)4]}
|
|
|
|
_verbose "Name: $tombname"
|
|
_verbose "Mount: $tombmount"
|
|
_verbose "Mapper: $mapper"
|
|
|
|
{ test -e "$mapper" } && {
|
|
_warning "Tomb not found: $1"
|
|
_warning "Please specify an existing tomb."
|
|
return 0 }
|
|
|
|
if [ $SLAM ]; then
|
|
_success "Slamming tomb $tombname mounted on $tombmount"
|
|
_message "Kill all processes busy inside the tomb."
|
|
if ! slam_tomb "$tombmount"; then
|
|
_warning "Cannot slam the tomb $tombname"
|
|
return 1
|
|
fi
|
|
else
|
|
_message "Closing tomb $tombname mounted on $tombmount"
|
|
fi
|
|
|
|
# check if there are binded dirs and close them
|
|
bind_tombs=(`list_tomb_binds $tombname`)
|
|
for b in ${bind_tombs}; do
|
|
bind_mapper="${b[(ws:;:)1]}"
|
|
bind_mount="${b[(ws:;:)2]}"
|
|
_message "Closing tomb bind hook: $bind_mount"
|
|
umount $bind_mount
|
|
if [[ $? != 0 ]]; then
|
|
if [ $SLAM ]; then
|
|
_success "Slamming tomb: killing all processes using this hook."
|
|
slam_tomb "$bind_mount"
|
|
if [[ $? == 1 ]]; then
|
|
_warning "Cannot slam the bind hook $bind_mount"
|
|
return 1
|
|
fi
|
|
umount $bind_mount
|
|
else
|
|
_warning "Tomb bind hook $bind_mount is busy, cannot close tomb."
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# Execute post-hooks for eventual cleanup
|
|
if ! option_is_set -n ; then
|
|
exec_safe_post_hooks ${tombmount%%/} close
|
|
fi
|
|
|
|
_verbose "Performing umount of $tombmount"
|
|
umount ${tombmount}
|
|
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
|
|
else
|
|
# this means we used a "default" mount point
|
|
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
|
|
rmdir ${tombmount} }
|
|
fi
|
|
|
|
cryptsetup luksClose $mapper
|
|
{ test $? = 0 } || {
|
|
_warning "Error occurred in cryptsetup luksClose ${mapper}"
|
|
return 1 }
|
|
|
|
losetup -d "/dev/$tombloop"
|
|
|
|
_success "Tomb $tombname closed: your bones will rest in peace."
|
|
|
|
done # loop across mounted tombs
|
|
|
|
return 0
|
|
}
|
|
|
|
# Kill all processes using the tomb
|
|
slam_tomb() {
|
|
# $1 = tomb mount point
|
|
if [[ -z `fuser -m "$1" 2>-` ]]; then
|
|
return 0
|
|
fi
|
|
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
|
|
for s in TERM HUP KILL; do
|
|
_verbose "Sending $s to processes inside the tomb:"
|
|
if option_is_set -D; then
|
|
ps -fp `fuser -m /media/a.tomb 2>-`|
|
|
while read line; do
|
|
_verbose $line
|
|
done
|
|
fi
|
|
fuser -s -m "$1" -k -M -$s
|
|
if [[ -z `fuser -m "$1" 2>-` ]]; then
|
|
return 0
|
|
fi
|
|
if ! option_is_set -f; then
|
|
sleep 3
|
|
fi
|
|
done
|
|
return 1
|
|
}
|
|
|
|
# }}} - Tomb close
|
|
|
|
# {{{ Main routine
|
|
main() {
|
|
|
|
local -A subcommands_opts
|
|
### Options configuration
|
|
|
|
# Hi, dear developer! Are you trying to add a new subcommand, or
|
|
# to add some options? Well, keep in mind that an option CAN'T
|
|
# have differente meanings/behaviour in different subcommands.
|
|
|
|
# For example, "-s" means "size" and accept an argument. If you are tempted to add
|
|
# an option "-s" (that means, for example "silent", and doesn't accept an argument)
|
|
# DON'T DO IT!
|
|
|
|
# There are two reasons for that:
|
|
# I. usability; user expect that "-s" is "size"
|
|
# II. Option parsing WILL EXPLODE if you do this kind of bad things
|
|
# (it will say "option defined more than once, and he's right")
|
|
#
|
|
# If you want to use the same option in multiple commands then
|
|
# you can only use the non-abbreviated long-option version like:
|
|
# -force and NOT -f
|
|
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v U: -uid=U G: -gid=G T: -tty=T -no-color -unsecure-dev-mode)
|
|
subcommands_opts[__default]=""
|
|
subcommands_opts[open]="f -force n -nohook=n k: -key=k -kdf: o: -ignore-swap -sudo-pwd: -tomb-pwd: "
|
|
subcommands_opts[mount]=${subcommands_opts[open]}
|
|
|
|
subcommands_opts[create]="" # deprecated, will issue warning
|
|
|
|
subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: o: -tomb-pwd: -use-urandom "
|
|
subcommands_opts[dig]="f -force -ignore-swap s: -size=s "
|
|
subcommands_opts[lock]="f -force -ignore-swap k: -key=k -kdf: o: -sudo-pwd: -tomb-pwd: "
|
|
subcommands_opts[setkey]="k: -key=k f -force -ignore-swap -kdf: -sudo-pwd: -tomb-old-pwd: -tomb-pwd: "
|
|
subcommands_opts[engrave]="k: -key=k "
|
|
|
|
subcommands_opts[passwd]="k: -key=k f -force -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
|
subcommands_opts[close]="-sudo-pwd: "
|
|
subcommands_opts[help]=""
|
|
subcommands_opts[slam]=""
|
|
subcommands_opts[list]="-get-mountpoint "
|
|
|
|
subcommands_opts[index]=""
|
|
subcommands_opts[search]=""
|
|
|
|
subcommands_opts[help]=""
|
|
subcommands_opts[bury]="f -force k: -key=k -tomb-pwd: "
|
|
subcommands_opts[exhume]="f -force k: -key=k -tomb-pwd: "
|
|
# subcommands_opts[decompose]=""
|
|
# subcommands_opts[recompose]=""
|
|
# subcommands_opts[install]=""
|
|
subcommands_opts[askpass]=""
|
|
subcommands_opts[source]=""
|
|
subcommands_opts[resize]="f -force -ignore-swap s: -size=s k: -key=k -tomb-pwd: "
|
|
subcommands_opts[check]="-ignore-swap "
|
|
# subcommands_opts[translate]=""
|
|
|
|
### Detect subcommand
|
|
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
|
|
for optspec in $subcommands_opts$main_opts; do
|
|
for opt in ${=optspec}; do
|
|
every_opts+=${opt}
|
|
done
|
|
done
|
|
local -a oldstar
|
|
oldstar=($argv)
|
|
#### detect early: useful for --optiion-parsing
|
|
zparseopts -M -D -Adiscardme ${every_opts}
|
|
if [[ -n ${(k)discardme[--option-parsing]} ]]; then
|
|
echo $1
|
|
if [[ -n "$1" ]]; then
|
|
return 1
|
|
fi
|
|
return 0
|
|
fi
|
|
unset discardme
|
|
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
|
|
_failure "Error parsing."
|
|
return 127
|
|
fi
|
|
unset discardme
|
|
subcommand=$1
|
|
if [[ -z $subcommand ]]; then
|
|
subcommand="__default"
|
|
fi
|
|
|
|
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
|
|
_warning "There's no such command \"$subcommand\"."
|
|
_failure "Please try -h for help." 127
|
|
# _failure "Subcommand '$subcommand' doesn't exist" 127
|
|
fi
|
|
argv=(${oldstar})
|
|
unset oldstar
|
|
|
|
### Parsing global + command-specific options
|
|
# zsh magic: ${=string} will split to multiple arguments when spaces occur
|
|
set -A cmd_opts ${main_opts} ${=subcommands_opts[$subcommand]}
|
|
# if there is no option, we don't need parsing
|
|
if [[ -n $cmd_opts ]]; then
|
|
zparseopts -M -E -D -Aopts ${cmd_opts}
|
|
if [[ $? != 0 ]]; then
|
|
_warning "Some error occurred during option processing."
|
|
_failure "See \"tomb help\" for more info." 127
|
|
fi
|
|
fi
|
|
#build PARAM (array of arguments) and check if there are unrecognized options
|
|
ok=0
|
|
PARAM=()
|
|
for arg in $*; do
|
|
if [[ $arg == '--' || $arg == '-' ]]; then
|
|
ok=1
|
|
continue #it shouldnt be appended to PARAM
|
|
elif [[ $arg[1] == '-' ]]; then
|
|
if [[ $ok == 0 ]]; then
|
|
_failure "Unrecognized option $arg for subcommand $subcommand" 127
|
|
fi
|
|
fi
|
|
PARAM+=$arg
|
|
done
|
|
#first parameter actually is the subcommand: delete it and shift
|
|
if [[ $subcommand != '__default' ]]; then
|
|
PARAM[1]=()
|
|
shift
|
|
fi
|
|
### End parsing command-specific options
|
|
if ! option_is_set --no-color; then
|
|
autoload colors; colors
|
|
fi
|
|
if ! option_is_set --unsecure-dev-mode; then
|
|
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
|
if option_is_set $opt; then
|
|
_failure "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# when we run as root, we remember the original uid:gid
|
|
# to set permissions for the calling user and drop privileges
|
|
if option_is_set -U; then _uid="`option_value -U`"; fi
|
|
if option_is_set -G; then _gid="`option_value -G`"; fi
|
|
if option_is_set -T; then _tty="`option_value -T`"; fi
|
|
|
|
_verbose "Tomb command: $subcommand ${PARAM}"
|
|
_verbose "Caller: uid[$_uid], gid[$_gid], tty[$_tty]."
|
|
|
|
case "$subcommand" in
|
|
|
|
# new creation in three steps
|
|
forge)
|
|
check_priv
|
|
forge_key ${=PARAM}
|
|
;;
|
|
dig)
|
|
dig_tomb ${=PARAM}
|
|
;;
|
|
lock)
|
|
check_priv
|
|
lock_tomb_with_key ${=PARAM}
|
|
;;
|
|
|
|
setkey)
|
|
check_priv
|
|
change_tomb_key ${=PARAM}
|
|
;;
|
|
|
|
engrave)
|
|
{ test "$QRENCODE" = 0 } && {
|
|
_failure "QREncode not installed: cannot engrave keys on paper." }
|
|
engrave_key ${=PARAM}
|
|
;;
|
|
|
|
# backward compat
|
|
create)
|
|
_warning "The create command is deprecated, please use dig, forge and lock instead."
|
|
_warning "For more informations see Tomb's manual page (man tomb)."
|
|
;;
|
|
|
|
mount|open)
|
|
check_priv
|
|
mount_tomb $PARAM[1] $PARAM[2]
|
|
;;
|
|
umount|close|slam)
|
|
check_priv
|
|
[ "$subcommand" = "slam" ] && SLAM=1
|
|
umount_tomb $PARAM[1]
|
|
;;
|
|
passwd)
|
|
change_passwd $PARAM[1]
|
|
;;
|
|
list)
|
|
list_tombs $PARAM[1]
|
|
;;
|
|
|
|
index)
|
|
index_tombs $PARAM[1]
|
|
;;
|
|
search)
|
|
search_tombs ${=PARAM}
|
|
;;
|
|
|
|
help)
|
|
usage
|
|
;;
|
|
bury)
|
|
{ test "$STEGHIDE" = 0 } && {
|
|
_failure "Steghide not installed: cannot bury keys into images." }
|
|
bury_key $PARAM[1]
|
|
;;
|
|
exhume)
|
|
{ test "$STEGHIDE" = 0 } && {
|
|
_failure "Steghide not installed: cannot exhume keys from images." }
|
|
exhume_key $PARAM[1]
|
|
;;
|
|
resize)
|
|
{ test "$RESIZER" = 0 } && {
|
|
_failure "Resize2fs not installed: cannot resize tombs." }
|
|
check_priv
|
|
resize_tomb $PARAM[1]
|
|
;;
|
|
|
|
# internal commands useful to developers
|
|
'source') return 0 ;;
|
|
askpass) ask_password $PARAM[1] $PARAM[2] ;;
|
|
|
|
__default)
|
|
cat <<EOF
|
|
Tomb $VERSION - a strong and gentle undertaker for your secrets
|
|
|
|
Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+
|
|
This is free software: you are free to change and redistribute it
|
|
The latest Tomb sourcecode is published on <http://tomb.dyne.org>
|
|
EOF
|
|
option_is_set -v && {
|
|
cat <<EOF
|
|
This source code is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
Please refer to the GNU Public License for more details.
|
|
|
|
System utils:
|
|
|
|
`sudo -V | head -n1`
|
|
`cryptsetup --version`
|
|
`pinentry --version`
|
|
`gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
|
|
`list_gnupg_ciphers`
|
|
EOF
|
|
return 0
|
|
}
|
|
usage
|
|
;;
|
|
*)
|
|
_warning "Command \"$subcommand\" not recognized."
|
|
_message "Try -h for help."
|
|
return 1
|
|
;;
|
|
esac
|
|
return $?
|
|
}
|
|
|
|
# }}}
|
|
|
|
# {{{ Run
|
|
check_bin
|
|
|
|
check_shm
|
|
|
|
main $@
|
|
ret=$?
|
|
if [[ $ret != 0 ]]; then #this "if" seems useless, but avoid source tomb source from exiting
|
|
exit $ret
|
|
fi
|
|
# }}}
|
|
|
|
# -*- tab-width: 4; indent-tabs-mode:nil; -*-
|
|
# vim: set shiftwidth=4 expandtab:
|