tseparate features; implement ssl password encryption; safer exec - coffin - secure lan file storage on a device
HTML git clone git://parazyd.org/coffin.git
DIR Log
DIR Files
DIR Refs
DIR Submodules
DIR README
DIR LICENSE
---
DIR commit 14f478dc78b5d37fa6b5730df4ad6203fa7b37e5
DIR parent 05f5ac344e1b907c372b3b88b28637b7f5316a5d
HTML Author: parazyd <parazyd@dyne.org>
Date: Thu, 6 Oct 2016 14:57:11 +0200
separate features; implement ssl password encryption; safer exec
Diffstat:
M Makefile | 2 +-
M config.mk | 4 +++-
M sacrist | 31 ++++++++++++++++---------------
A zlibs/feature-ssh | 53 ++++++++++++++++++++++++++++++
A zlibs/feature-webdav | 75 +++++++++++++++++++++++++++++++
D zlibs/features | 126 -------------------------------
M zlibs/hooks | 113 +++++++++++++------------------
D zlibs/keyfiles | 75 -------------------------------
A zlibs/keyops | 106 ++++++++++++++++++++++++++++++
M zlibs/mounts | 10 +++++-----
A zlibs/tombops | 81 ++++++++++++++++++++++++++++++
M zlibs/ttab | 47 +++++++++----------------------
12 files changed, 400 insertions(+), 323 deletions(-)
---
DIR diff --git a/Makefile b/Makefile
t@@ -57,7 +57,7 @@ clean:
dist: clean
@echo creating dist tarball
@mkdir -p coffin-${VERSION}
- @cp -f coffin config.mk LICENSE Makefile README.md NOTES.md \
+ @cp -f coffin config.mk LICENSE Makefile README.md \
sacrist tomb ${SRC} coffin-${VERSION}
@cp -r zlibs helpers zuper extra coffin-${VERSION}
@rm -f coffin-${VERSION}/zuper/.git
DIR diff --git a/config.mk b/config.mk
t@@ -4,7 +4,9 @@
VERSION=0.4
# remove a feature to disable it
-FEATURES = webdav ssh
+# available features: webdav, ssh
+FEATURES = webdav
+#FEATURES = webdav ssh
# customize below to fit your system
PREFIX = /usr/local
DIR diff --git a/sacrist b/sacrist
t@@ -27,11 +27,10 @@ LOG=${LOG:-""}
swapoff -a ## I feel so safe
R="$(dirname $0)"
-source $R/../share/zlibs/zuper
+source $R/../share/zuper/zuper
# USB key
vars+=(device keyuuid)
-
vars+=(GRAVEYARD TOMBS TMPTOMBS TOMBPASSWD)
vars+=(KEYMOUNT COFFINDOT TTAB HOOKS)
vars+=(keypass undertaker tombid)
t@@ -40,13 +39,15 @@ vars+=(happenz device keyuuid)
## zsh magic
path+=()
-source $R/../share/zlibs/features
+source $R/../share/zlibs/feature-ssh
+source $R/../share/zlibs/feature-webdav
source $R/../share/zlibs/hooks
-source $R/../share/zlibs/keyfiles
+source $R/../share/zlibs/keyops
source $R/../share/zlibs/mounts
+source $R/../share/zlibs/tombops
source $R/../share/zlibs/ttab
-source $R/../share/zlibs/zuper.init
+source $R/../share/zuper/zuper.init
LOCK=$R/.lock
[[ -f $LOCK ]] && { warn "Lock found. Wait until finished." && exit }
t@@ -55,9 +56,9 @@ touch $LOCK
# Check for a configuration file
# [[ -f ".coffinrc" ]] && parse-config
-device=$1 && xxx "Device: $device"
-happenz=$2 && xxx "Happenz: $happenz"
-keyuuid=$(lsblk -no uuid $device) && xxx "Key UUID: $keyuuid"
+device=$1
+happenz=$2
+keyuuid=$(lsblk -no uuid $device)
GRAVEYARD="/home/graveyard" # Our graveyard, with all the tombs
TOMBS="$GRAVEYARD/tombs" # Info about opened tombs, holds keyuuid, keyhash and tombid
t@@ -73,21 +74,19 @@ TOMB="$R/tomb"
req=(happenz device)
ckreq || {
die "Not called through mourner. Exiting..."
- clean
- exit
+ #clean
+ exit 1
}
-act "Coffin v${coffin_version}, Cryptographic office filer for important nuggets "
+notice "Coffin v${coffin_version}, Cryptographic office filer for important nuggets"
[[ $happenz == "CREATE" ]] && {
mount-key $device || { die "Key not mounted successfully." && exit 1 }
if [[ -d "$COFFINDOT" ]]; then
act "Found .coffin"
- [[ -f "$HOOKS" ]] && xxx "Found hooks" && \
- check-hooks
- [[ -f "$TTAB" ]] && xxx "Found ttab" && \
- ttab-magic
+ [[ -f "$HOOKS" ]] && check-hooks
+ [[ -f "$TTAB" ]] && ttab-magic
else
warn "No .coffin directory"
fi
t@@ -101,3 +100,5 @@ act "Coffin v${coffin_version}, Cryptographic office filer for important nuggets
# TODO: Some kind of endgame
rm -f $LOCK && exit 0 || exit 1
}
+
+exit 1
DIR diff --git a/zlibs/feature-ssh b/zlibs/feature-ssh
t@@ -0,0 +1,53 @@
+#!/usr/bin/env zsh
+#
+# Copyright (c) 2016 Dyne.org Foundation
+# coffin is written and maintained by Ivan J. <parazyd@dyne.org>
+#
+# This file is part of coffin
+#
+# This source code is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this source code. If not, see <http://www.gnu.org/licenses/>.
+
+create-sshfs-hook() {
+ fn create-sshfs-hook
+ req=(entry tombid COFFINDOT undertaker)
+ ckreq || return 1
+
+ if [[ $entry =~ sshfs && -f $COFFINDOT/$tombid.pub ]]; then
+ act "Found SSH data. Setting up..."
+
+ [[ -d /home/$undertaker/.ssh ]] || mkdir -p /home/$undertaker/.ssh
+ cat $COFFINDOT/$tombid.pub >> /home/$undertaker/.ssh/authorized_keys
+ chown -R $undertaker:$undertaker /home/$undertaker/.ssh
+ chmod 700 /home/$undertaker/.ssh && chmod 600 /home/$undertaker/.ssh/authorized_keys
+
+ ## NOTE: maybe remove SSH key from usb, consider deletion
+ else
+ act "No SSH data found"
+ fi
+}
+
+delete-sshfs-hook() {
+ fn delete-sshfs-hook $*
+ req=(undertaker tombid)
+ local undertaker="$1"
+ local tombid="$2"
+ ckreq || return 1
+
+ local authkeys="/home/$undertaker/.ssh/authorized_keys"
+
+ grep -v $tombid $authkeys > $authkeys.tmp
+ mv $authkeys.tmp $authkeys
+
+ act "Deleted SSH data"
+}
DIR diff --git a/zlibs/feature-webdav b/zlibs/feature-webdav
t@@ -0,0 +1,75 @@
+#!/usr/bin/env zsh
+#
+# Copyright (c) 2016 Dyne.org Foundation
+# coffin is written and maintained by Ivan J. <parazyd@dyne.org>
+#
+# This file is part of coffin
+#
+# This source code is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this source code. If not, see <http://www.gnu.org/licenses/>.
+
+create-webdav-hook() {
+ fn create-webdav-hook
+ req=(entry COFFINDOT davconf davpass undertaker tombid)
+ local davconf="/etc/apache2/sites-available/coffindav.conf"
+ local davpass="/etc/apache2/DAV/davpasswd"
+ ckreq || return 1
+
+ if [[ $entry =~ webdav && -f $COFFINDOT/davpasswd ]]; then
+ act "Found WebDAV data. Setting up..."
+
+ cat $COFFINDOT/davpasswd >> $davpass
+ [[ $? = 0 ]] || {
+ die "Failed setting up WebDAV."
+ return 1 }
+
+ rm $COFFINDOT/davpasswd
+ gpasswd -a www-data $undertaker # NOTE: consider standalone group
+
+ sed -i -e :a -e '$d;N;2,3ba' -e 'P;D' $davconf
+ cat <<EOF >> $davconf
+
+ alias /${tombid} /media/${tombid}
+ <Directory "/media/${tombid}">
+ Dav On
+ AllowOverride none
+ Options Indexes
+ AuthType Digest
+ AuthName WebDAV
+ AuthUserFile /etc/apache2/DAV/davpasswd
+ Require user ${undertaker}
+ </Directory>
+
+ </VirtualHost>
+</IfModule>
+EOF
+ act "Wrote to $davconf"
+ /etc/init.d/apache2 reload || warn "Apache is funky"
+# rm $COFFINDOT/webdav.conf
+ act "Done setting up WebDAV"
+ else
+ act "No WebDAV data found"
+ return 0
+ fi
+}
+
+delete-webdav-hook() {
+ fn delete-webdav-hook $*
+ freq=(davconf)
+ local davconf="/etc/apache2/sites-available/coffindav.conf"
+ ckreq || return 1
+
+ sed -i '/alias\ \/${tombid}/,+10 d' $davconf
+ /etc/init.d/apache2 reload || warn "Apache is funky"
+ act "Deleted WebDAV data"
+}
DIR diff --git a/zlibs/features b/zlibs/features
t@@ -1,126 +0,0 @@
-#!/usr/bin/env zsh
-#
-# Copyright (c) 2016 Dyne.org Foundation
-# coffin is written and maintained by Ivan J. <parazyd@dyne.org>
-#
-# This file is part of coffin
-#
-# This source code is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This software is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this source code. If not, see <http://www.gnu.org/licenses/>.
-
-create-webdav-hook() {
- fn create-webdav-hook
-
- davconf="/etc/apache2/sites-available/coffindav.conf"
- davpass="/etc/apache2/DAV/davpasswd"
-
- if [[ $entry =~ webdav && -f $COFFINDOT/davpasswd ]]; then
- act "Found WebDAV data. Setting up..."
-
- cat $COFFINDOT/davpasswd >> $davpass
- [[ $? = 0 ]] || {
- die "Failed setting up WebDAV."
- return 1
- }
- rm $COFFINDOT/davpasswd
- gpasswd -a www-data $undertaker # NOTE: consider standalone group
- act "Added new WebDAV user"
-
- sed -i -e :a -e '$d;N;2,3ba' -e 'P;D' $davconf
-# cat $COFFINDOT/webdav.conf >> $davconf
- cat << EOF >> $davconf
-
- alias /${tombid} /media/${tombid}
- <Directory "/media/${tombid}">
- Dav On
- AllowOverride none
- Options Indexes
- AuthType Digest
- AuthName WebDAV
- AuthUserFile /etc/apache2/DAV/davpasswd
- Require user ${undertaker}
- </Directory>
-
- </VirtualHost>
-</IfModule>
-EOF
- act "Wrote to $davconf"
- /etc/init.d/apache2 reload
- [[ $? = 0 ]] || warn "Apache is funky"
-# rm $COFFINDOT/webdav.conf
- act "Done setting up WebDAV"
- else
- act "No WebDAV data found"
- return 0
- fi
-}
-
-delete-webdav-hook() {
- fn delete-webdav-hook $*
- req=(tombid)
- tombid="$1"
- ckreq || return 1
-
- davconf="/etc/apache2/sites-available/coffindav.conf"
-
- sed -i '/alias\ \/${tombid}/,+10 d' $davconf
- /etc/init.d/apache2 reload
- [[ $? = 0 ]] || warn "Apache is funky"
- act "Deleted WebDAV data"
-}
-
-create-sshfs-hook() {
- fn create-sshfs-hook
-
- if [[ $entry =~ sshfs && -f $COFFINDOT/$tombid.pub ]]; then
- act "Found SSH data. Setting up..."
-
- [[ -d /home/$undertaker/.ssh ]] || mkdir -p /home/$undertaker/.ssh
- cat $COFFINDOT/$tombid.pub >> /home/$undertaker/.ssh/authorized_keys
- chown -R $undertaker:$undertaker /home/$undertaker/.ssh
- chmod 700 /home/$undertaker/.ssh && chmod 600 /home/$undertaker/.ssh/authorized_keys
-
- [[ $? = 0 ]] && act "Wrote to authorized_keys" \
- && act "Done setting up SSH"
-
- # NOTE: maybe remove SSH key from usb, consider deletion
- else
- act "No SSH data found"
- fi
-}
-
-delete-sshfs-hook() {
- fn delete-sshfs-hook $*
- req=(undertaker tombid)
- undertaker="$1"
- tombid="$2"
- ckreq || return 1
-
- authkeys="/home/$undertaker/.ssh/authorized_keys"
-
- grep -v $tombid $authkeys > $authkeys.tmp
- mv $authkeys.tmp $authkeys
-
- act "Deleted SSH data"
-}
-
-create-wallet-hook() {
- fn create-wallet-hook
-
- if [[ $entry =~ ":wallet" ]]; then
- act "Found Bitcoin wallet data. Setting up..."
-
- [[ -d /home/$undertaker/.bitcoin/wallet ]] || mkdir -p /home/$undertaker/.bitcoin/wallet
- # TODO: see NOTES.md about the tmp idea
- fi
-}
DIR diff --git a/zlibs/hooks b/zlibs/hooks
t@@ -19,84 +19,64 @@
# along with this source code. If not, see <http://www.gnu.org/licenses/>.
check-hooks() {
- # TODO: fragmented keys, delete, backup, moar
+ ## TODO: fragmented keys, delete, backup, moar
fn check-hooks
+ freq=(HOOKS)
+ ckreq || return 1
- line=0
+ local line=0
for entry in $(cat $HOOKS); do
- let hook=$line+1
+ let line=$line+1
act "Found hook $line..."
- # Check what's hook supposed to do
+ ## Check what's hook supposed to do
if [[ ${entry[(ws@:@)1]} == "create" ]]; then
create-new-tomb
elif [[ ${entry[(ws@:@)1]} == "delete" ]]; then
delete-tomb
elif [[ ${entry[(ws@:@)1]} == "backup" ]]; then
- backup-tomb
+ backup-tomb ## TODO:
else
- die "No valid hook syntax on hook $hook"
+ die "No valid hook syntax on hook $line"
print $entry >> $HOOKS.fail
act "Wrote failed hook to $HOOKS.fail"
return 1
fi
done
- rm $HOOKS
+ rm -f $HOOKS
}
create-new-tomb() {
fn create-new-tomb
+ req=(undertaker tombid tombsize COFFINDOT GRAVEYARD)
+ undertaker=${entry[(ws@:@)2]}
+ tombid=${entry[(ws@:@)3]}
+ tombsize=${entry[(ws@:@)4]}
+ ckreq || return 1
- # TODO: recognize custom post/bind hooks and implement them in the
- # new tomb
+ ## TODO: recognize custom post/bind hooks and implement them in the
+ ## new tomb
- act "Creating new tomb"
+ notice "Creating new tomb"
- undertaker=${entry[(ws@:@)2]} && xxx "Undertaker: $undertaker"
- tombid=${entry[(ws@:@)3]} && xxx "Tombid: $tombid"
- tombsize=${entry[(ws@:@)4]} && xxx "Tomb size: $tombsize"
- keypass=$(pwgen 30 -1 1) && xxx "Key password: $keypass"
-
- $(id $undertaker &>/dev/null)
- [[ $? = 0 ]] || {
+ $(id $undertaker &>/dev/null) || {
warn "User $undertaker not found. Creating..."
useradd -G coffin -m -s /bin/sh $undertaker
- act "Created user $undertaker"
- }
-
- act "Digging your tomb..."
-
- sudo -u $undertaker $TOMB dig -s $tombsize $GRAVEYARD/$tombid.tomb || \
- (die "Digging went downhill. Cleaning and exiting" && \
- clean-failed-hook)
-
- sudo -u $undertaker $TOMB forge -k $GRAVEYARD/$tombid.key \
- --kdf 10 \
- --unsafe \
- --tomb-pwd "$keypass" || \
- (die "Forging key went downhill. Cleaning and exiting" && \
- clean-failed-hook)
+ act "Created user $undertaker" }
- sudo -u $undertaker $TOMB lock $GRAVEYARD/$tombid.tomb \
- -k $GRAVEYARD/$tombid.key \
- --unsafe \
- --tomb-pwd "$keypass" || \
- (die "Locking tomb went downhill. Cleaning and exiting" && \
- clean-failed-hook)
-
- xxx "Moving your keyfile to your USB key..."
- mv $GRAVEYARD/$tombid.key $COFFINDOT/ && \
- chown $undertaker:$undertaker $COFFINDOT/$tombid.key && \
- xxx "Moved and chowned keyfile"
+ genssl
+ dig-tomb
+ forge-tomb-key
+ lock-tomb
print "${undertaker}:${tombid}:true" >> $TTAB
- hash-key
- print "${keyhash}:${keypass}" >> $TOMBPASSWD
- chmod 600 $TOMBPASSWD
- act "Wrote to ttab and tombpasswd"
+ #hash-key
+ #print "${keyhash}" >> $TOMBPASSWD
+ #chmod 600 $TOMBPASSWD
+ #act "Wrote to ttab and tombpasswd"
- # Check for features
+ ## Check for features
create-webdav-hook
create-sshfs-hook
create-wallet-hook
t@@ -104,42 +84,41 @@ create-new-tomb() {
delete-tomb() {
fn delete-tomb
+ req=(entry undertaker tombid GRAVEYARD COFFINDOT)
+ freq=(TOMB)
+ ckreq || return 1
- act "Deleting tomb"
+ notice "deleting $tombid.tomb"
- undertaker=${entry[(ws@:@)2]} && xxx "Undertaker: $undertaker"
- tombid=${entry[(ws@:@)3]} && xxx "Tombid: $tombid"
+ undertaker=${entry[(ws@:@)2]}
+ tombid=${entry[(ws@:@)3]}
[[ $(id $undertaker) ]] || {
die "User $undertaker not found. Exiting..." \
- && return 1
- }
+ && return 1 }
[[ -f $GRAVEYARD/$tombid.tomb ]] || {
die "Tomb $tombid.tomb not found. Exiting..." \
- && return 1
- }
+ && return 1 }
[[ -f $COFFINDOT/$tombid.key ]] || {
die "Key of $tombid not found. Exiting..." \
- && return 1
- }
+ && return 1 }
- compare-key
- [[ $? = 0 ]] && {
+ compare-key && {
sudo -u $undertaker $TOMB slam $tombid
update-tombs del
- grep -v ${undertaker}:${tombid} $TTAB > $TTAB.tmp
- mv $TTAB.tmp $TTAB && \
+ grep -v ${undertaker}:${tombid} $TTAB > /tmp/$TTAB.tmp
+ mv /tmp/$TTAB.tmp $TTAB && \
act "Removed from ttab"
- grep -v ${keyhash} $TOMBPASSWD > $TOMBPASSWD.tmp
- mv $TOMBPASSWD.tmp $TOMBPASSWD && \
- chmod 600 $TOMBPASSWD && \
- act "Removed from tombpasswd"
+ #grep -v ${keyhash} $TOMBPASSWD > /tmp/$TOMBPASSWD.tmp
+ #mv /tmp/$TOMBPASSWD.tmp $TOMBPASSWD && \
+ # chmod 600 $TOMBPASSWD && \
+ # act "Removed from tombpasswd"
- # Check for features
+ ## Check for features
delete-webdav-hook $tombid
delete-sshfs-hook $undertaker $tombid
}
t@@ -147,6 +126,8 @@ delete-tomb() {
check-temptomb() {
fn check-temptomb
+ req=(tombid GRAVEYARD)
+ ckreq || return 1
act "Checking for tomb temps"
if [[ -d ${GRAVEYARD}/temp/${tombid} ]]; then
DIR diff --git a/zlibs/keyfiles b/zlibs/keyfiles
t@@ -1,75 +0,0 @@
-#!/usr/bin/env zsh
-#
-# Copyright (c) 2016 Dyne.org Foundation
-# coffin is written and maintained by Ivan J. <parazyd@dyne.org>
-#
-# This file is part of coffin
-#
-# This source code is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This software is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this source code. If not, see <http://www.gnu.org/licenses/>.
-
-hash-key() {
- fn hash-key
- vars+=(keyhash)
- keyhash=""
-
- keyhash=${$(sha256sum $COFFINDOT/$tombid.key)[(ws: :)1]}
- xxx "sha256 of keyfile: $keyhash"
-}
-
-compare-key() {
- fn compare-key
-
- hash-key
-
- if [[ ( $(grep $keyhash $TOMBS | grep $keyuuid) ) ]]; then
- return 0
- else
- return 1
- fi
-}
-
-# ,_-=(!7(7/zs_.
-# .=' ' .`/,/!(=)Zm.
-# .._,,._.. ,-`- `,\ ` -` -`\\7//WW.
-# ,v=~/.-,-\- -!|V-s.)iT-|s|\-.' `///mK%.
-# v!`i!-.e]-g`bT/i(/[=.Z/m)K(YNYi.. /-]i44M.
-# v`/,`|v]-DvLcfZ/eV/iDLN\D/ZK@%8W[Z.. `/d!Z8m
-# //,c\(2(X/NYNY8]ZZ/bZd\()/\7WY%WKKW) -'|(][%4.
-# ,\\i\c(e)WX@WKKZKDKWMZ8(b5/ZK8]Z7%ffVM, -.Y!bNMi
-# /-iit5N)KWG%%8%%%%W8%ZWM(8YZvD)XN(@. [ \]!/GXW[
-# / ))G8\NMN%W%%%%%%%%%%8KK@WZKYK*ZG5KMi,- vi[NZGM[
-# i\!(44Y8K%8%%%**~YZYZ@%%%%%4KWZ/PKN)ZDZ7 c=//WZK%! This is a euphemism for how my code is structured.
-# ,\v\YtMZW8W%%f`,`.t/bNZZK%%W%%ZXb*K(K5DZ -c\\/KM48
-# -|c5PbM4DDW%f v./c\[tMY8W%PMW%D@KW)Gbf -/(=ZZKM8[ If you're reading this, you have probably been put
-# 2(N8YXWK85@K -'c|K4/KKK%@ V%@@WD8e~ .//ct)8ZK%8` in charge of maintaining this program.
-# =)b%]Nd)@KM[ !'\cG!iWYK%%| !M@KZf -c\))ZDKW%`
-# YYKWZGNM4/Pb '-VscP4]b@W% 'Mf` -L\///KM(%W! I am so, so sorry for you.
-# !KKW4ZK/W7)Z. '/cttbY)DKW% -` .',\v)K(5KW%%f
-# 'W)KWKZZg)Z2/,!/L(-DYYb54% ,,`, -\-/v(((KK5WW%f God speed.
-# \M4NDDKZZ(e!/\7vNTtZd)8\Mi!\-,-/i-v((tKNGN%W%%
-# 'M8M88(Zd))///((|D\tDY\\KK-`/-i(=)KtNNN@W%%%@%[
-# !8%@KW5KKN4///s(\Pd!ROBY8/=2(/4ZdzKD%K%%%M8@%%
-# '%%%W%dGNtPK(c\/2\[Z(ttNYZ2NZW8W8K%%%%YKM%M%%.
-# *%%W%GW5@/%!e]_tZdY()v)ZXMZW%W%%%*5Y]K%ZK%8[
-# '*%%%%8%8WK\)[/ZmZ/Zi]!/M%%%%@f\ \Y/NNMK%%!
-# 'VM%%%%W%WN5Z/Gt5/b)((cV@f` - |cZbMKW%%|
-# 'V*M%%%WZ/ZG\t5((+)L'-,,/ -)X(NWW%%%
-# `~`MZ/DZGNZG5(((\, ,t\\Z)KW%@
-# 'M8K%8GN8\5(5///]i!v\K)85W%%f
-# YWWKKKKWZ8G54X/GGMeK@WM8%@
-# !M8%8%48WG@KWYbW%WWW%%%@
-# VM%WKWK%8K%%8WWWW%%%@`
-# ~*%%%%%%W%%%%%%%@~
-# ~*MM%%%%%%@f`
-# '''''
DIR diff --git a/zlibs/keyops b/zlibs/keyops
t@@ -0,0 +1,106 @@
+#!/usr/bin/env zsh
+#
+# Copyright (c) 2016 Dyne.org Foundation
+# coffin is written and maintained by Ivan J. <parazyd@dyne.org>
+#
+# This file is part of coffin
+#
+# This source code is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this source code. If not, see <http://www.gnu.org/licenses/>.
+
+vars+=(keyhash)
+
+hash-key() {
+ fn hash-key
+
+ keyhash=""
+ keyhash=${$(sha256sum $COFFINDOT/$tombid.key)[(ws: :)1]}
+}
+
+compare-key() {
+ fn compare-key
+
+ hash-key
+ $(grep $keyhash $TOMBS | grep $keyuuid) || return 1
+}
+
+genssl() {
+ fn genssl
+ req=(tombid COFFINDOT GRAVEYARD)
+ ckreq || return 1
+
+ notice "generating tomb's ssl cert"
+
+ openssl genrsa -out $COFFINDOT/${tombid}-priv.pem 4096
+ openssl rsa -in $COFFINDOT/${tombid}-priv.pem \
+ -out $GRAVEYARD/${tombid}-pub.pem \
+ -outform PEM \
+ -pubout
+
+ cp -f $GRAVEYARD/${tombid}-pub.pem $COFFINDOT/
+}
+
+encrypt-password() {
+ fn encrypt-password $*
+ req=(password GRAVEYARD tombid)
+ local password="$*"
+ ckreq || return 1
+
+ act "encrypting password"
+ print $password | openssl rsautl -encrypt -inkey $GRAVEYARD/${tombid}-pub.pem -pubin \
+ > $GRAVEYARD/${tombid}.pass
+}
+
+decrypt-password() {
+ fn decrypt-password
+ req=(tombid GRAVEYARD COFFINDOT)
+ ckreq || return 1
+
+ act "decrypting password"
+ openssl rsautl -decrypt -inkey $COFFINDOT/${tombid}-priv.pem -in $GRAVEYARD/${tombid}.pass
+}
+
+# ,_-=(!7(7/zs_.
+# .=' ' .`/,/!(=)Zm.
+# .._,,._.. ,-`- `,\ ` -` -`\\7//WW.
+# ,v=~/.-,-\- -!|V-s.)iT-|s|\-.' `///mK%.
+# v!`i!-.e]-g`bT/i(/[=.Z/m)K(YNYi.. /-]i44M.
+# v`/,`|v]-DvLcfZ/eV/iDLN\D/ZK@%8W[Z.. `/d!Z8m
+# //,c\(2(X/NYNY8]ZZ/bZd\()/\7WY%WKKW) -'|(][%4.
+# ,\\i\c(e)WX@WKKZKDKWMZ8(b5/ZK8]Z7%ffVM, -.Y!bNMi
+# /-iit5N)KWG%%8%%%%W8%ZWM(8YZvD)XN(@. [ \]!/GXW[
+# / ))G8\NMN%W%%%%%%%%%%8KK@WZKYK*ZG5KMi,- vi[NZGM[
+# i\!(44Y8K%8%%%**~YZYZ@%%%%%4KWZ/PKN)ZDZ7 c=//WZK%! This is a euphemism for how my code is structured.
+# ,\v\YtMZW8W%%f`,`.t/bNZZK%%W%%ZXb*K(K5DZ -c\\/KM48
+# -|c5PbM4DDW%f v./c\[tMY8W%PMW%D@KW)Gbf -/(=ZZKM8[ If you're reading this, you have probably been put
+# 2(N8YXWK85@K -'c|K4/KKK%@ V%@@WD8e~ .//ct)8ZK%8` in charge of maintaining this program.
+# =)b%]Nd)@KM[ !'\cG!iWYK%%| !M@KZf -c\))ZDKW%`
+# YYKWZGNM4/Pb '-VscP4]b@W% 'Mf` -L\///KM(%W! I am so, so sorry for you.
+# !KKW4ZK/W7)Z. '/cttbY)DKW% -` .',\v)K(5KW%%f
+# 'W)KWKZZg)Z2/,!/L(-DYYb54% ,,`, -\-/v(((KK5WW%f God speed.
+# \M4NDDKZZ(e!/\7vNTtZd)8\Mi!\-,-/i-v((tKNGN%W%%
+# 'M8M88(Zd))///((|D\tDY\\KK-`/-i(=)KtNNN@W%%%@%[
+# !8%@KW5KKN4///s(\Pd!ROBY8/=2(/4ZdzKD%K%%%M8@%%
+# '%%%W%dGNtPK(c\/2\[Z(ttNYZ2NZW8W8K%%%%YKM%M%%.
+# *%%W%GW5@/%!e]_tZdY()v)ZXMZW%W%%%*5Y]K%ZK%8[
+# '*%%%%8%8WK\)[/ZmZ/Zi]!/M%%%%@f\ \Y/NNMK%%!
+# 'VM%%%%W%WN5Z/Gt5/b)((cV@f` - |cZbMKW%%|
+# 'V*M%%%WZ/ZG\t5((+)L'-,,/ -)X(NWW%%%
+# `~`MZ/DZGNZG5(((\, ,t\\Z)KW%@
+# 'M8K%8GN8\5(5///]i!v\K)85W%%f
+# YWWKKKKWZ8G54X/GGMeK@WM8%@
+# !M8%8%48WG@KWYbW%WWW%%%@
+# VM%WKWK%8K%%8WWWW%%%@`
+# ~*%%%%%%W%%%%%%%@~
+# ~*MM%%%%%%@f`
+# '''''
DIR diff --git a/zlibs/mounts b/zlibs/mounts
t@@ -20,8 +20,8 @@
mount-key() {
fn mount-key $*
- req=(device)
- device="$1"
+ req=(device KEYMOUNT)
+ local device="$1"
ckreq || return 1
if [[ -d $KEYMOUNT ]]; then
t@@ -37,9 +37,9 @@ mount-key() {
}
umount-key() {
- fn umount-key $?
- req=(device)
- device="$1"
+ fn umount-key $*
+ req=(device KEYMOUNT)
+ local device="$1"
ckreq || return 1
if [[ -d $KEYMOUNT ]]; then
DIR diff --git a/zlibs/tombops b/zlibs/tombops
t@@ -0,0 +1,81 @@
+#!/usr/bin/env zsh
+#
+# Copyright (c) 2016 Dyne.org Foundation
+# coffin is written and maintained by Ivan J. <parazyd@dyne.org>
+#
+# This file is part of coffin
+#
+# This source code is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this source code. If not, see <http://www.gnu.org/licenses/>.
+
+dig-tomb() {
+ fn dig-tomb
+ req=(undertaker tombid tombsize GRAVEYARD)
+ freq=(TOMB)
+ ckreq || return 1
+
+ sudo -u $undertaker $TOMB dig -s $tombsize $GRAVEYARD/$tombid.tomb || \
+ { die "digging went downhill, cleaning and exiting" && \
+ clean-failed-hook }
+}
+
+forge-tomb-key() {
+ fn forge-tomb-key
+ req=(undertaker tombid GRAVEYARD)
+ freq=(TOMB)
+ ckreq || return 1
+
+ encrypt-password $(pwgen 30 -1 1)
+ sudo -u $undertaker $TOMB forge -k $COFFINDOT/$tombid.key \
+ --kdf 10 \
+ --unsafe \
+ --tomb-pwd "$(decrypt-password)" || \
+ { die "forging went downhill; cleaning and exiting" && \
+ clean-failed-hook }
+}
+
+lock-tomb() {
+ fn lock-tomb
+ req=(undertaker tombid GRAVEYARD)
+ freq=(TOMB)
+ ckreq || return 1
+
+ sudo -u $undertaker $TOMB lock $GRAVEYARD/$tombid.tomb || \
+ -k $COFFINDOT/$tombid.key \
+ --unsafe \
+ --tomb-pwd "$(decrypt-password)" || \
+ { die "locking went downhill; cleaning and exiting" && \
+ clean-failed-hook }
+}
+
+open-tomb() {
+ fn open-tomb
+ req=(undertaker tombid GRAVEYARD)
+ freq=(TOMB)
+ ckreq || return 1
+
+ sudo -u $undertaker $TOMB open \
+ $GRAVEYARD/$tombid.tomb \
+ -k $COFFINDOT/$tombid.key \
+ --unsafe \
+ --tomb-pwd "$(decrypt-password)"
+}
+
+close-tomb() {
+ fn close-tomb
+ req=(undertaker tombid)
+ freq=(TOMB)
+ ckreq || return 1
+
+ sudo -u $undertaker $TOMB slam $tombid
+}
DIR diff --git a/zlibs/ttab b/zlibs/ttab
t@@ -21,28 +21,31 @@
update-tombs() {
fn update-tombs $*
req=(happ)
- happ="$1"
+ local happ="$1"
ckreq || return 1
if [[ $happ == "add" ]]; then
print "${undertaker}:${keyhash}:${keyuuid}" >> $TOMBS && \
chmod 600 $TOMBS && \
act "Added info to $TOMBS"
+
elif [[ $happ == "del" ]]; then
- cp $TOMBS $TMPTOMBS
- grep -v "${keyhash}:${keyuuid}" $TMPTOMBS > $TOMBS && \
+ cp $TOMBS /tmp/$TMPTOMBS
+ grep -v "${keyhash}:${keyuuid}" /tmp/$TMPTOMBS > $TOMBS && \
chmod 600 $TOMBS && \
act "Removed from $TOMBS"
- rm $TMPTOMBS
+ rm /tmp/$TMPTOMBS
fi
}
ttab-magic() {
fn ttab-magic
+ freq=(TTAB)
+ ckreq || return 1
- act "Doing ttab magic..."
+ notice "Doing ttab magic..."
- line=0
+ local line=0
for entry in $(cat $TTAB); do
let line=$line+1
act "Found line $line..."
t@@ -50,25 +53,17 @@ ttab-magic() {
[[ ${entry[(ws@:@)3]} == "true" ]] && {
act "Working on tomb from line $line"
- undertaker=${entry[(ws@:@)1]} && xxx "Undertaker: $undertaker"
- tombid=${entry[(ws@:@)2]} && xxx "Tombid: $tombid"
+ undertaker=${entry[(ws@:@)1]}
+ tombid=${entry[(ws@:@)2]}
- compare-key
- [[ $? = 0 ]] && {
+ compare-key && {
act "compare-key -> true"
close-tomb
-
update-tombs del
- continue
- }
+ continue }
act "compare-key -> false"
- hash-key
- keypass=$(grep $keyhash $TOMBPASSWD)
- keypass=${keypass[(ws@:@)2]}
- xxx "Key password: $keypass"
-
open-tomb
[[ -d "/media/$tombid" ]] && {
t@@ -80,19 +75,3 @@ ttab-magic() {
}
done
}
-
-open-tomb() {
- sudo -u ${undertaker} ${TOMB} open \
- ${GRAVEYARD}/${tombid}.tomb \
- -k ${COFFINDOT}/${tombid}.key \
- --unsafe \
- --tomb-pwd "${keypass}"
-
- [[ $? = 0 ]] || { die "Tomb didn't open" && return 1 }
-}
-
-close-tomb() {
- sudo -u ${undertaker} ${TOMB} slam ${tombid}
-
- [[ $? = 0 ]] || { die "Tomb didn't slam" && return 1 }
-}