tbugfixes and improvements from rc1 - coffin - secure lan file storage on a device
HTML git clone git://parazyd.org/coffin.git
DIR Log
DIR Files
DIR Refs
DIR Submodules
DIR README
DIR LICENSE
---
DIR commit 4f1ff06e39b1edb7dc038da5b4609a5d42b36ab2
DIR parent 285f102b38b479f81485a138875d8df782835bde
HTML Author: parazyd <parazyd@dyne.org>
Date: Sun, 3 Apr 2016 20:01:56 +0200
bugfixes and improvements from rc1
Diffstat:
M Makefile | 2 +-
M conf/config.sh | 15 +++++++++++----
M src/zlibs/features | 44 +++++++++++++++++++++----------
M src/zlibs/hooks | 23 ++++++++++++-----------
M src/zlibs/ttab | 29 +++++++++++++++++++++--------
5 files changed, 75 insertions(+), 38 deletions(-)
---
DIR diff --git a/Makefile b/Makefile
t@@ -1,8 +1,8 @@
all:
+ @./conf/config.sh checkdep
make -C src
@./conf/config.sh gen-ssl
@./conf/config.sh gen-init
- @./conf/config.sh checkdep
install:
make -C src install
DIR diff --git a/conf/config.sh b/conf/config.sh
t@@ -75,12 +75,12 @@ EOF
apachemods() {
if [[ $1 == "on" ]]; then
- mods=(ssl dav dav_fs dav_lock)
+ mods=(ssl dav dav_fs dav_lock auth_digest)
for i in $mods; do
- a2enmod $i
+ a2enmod $i # NOTE: a2en* is only on debian
done
elif [[ $1 == "off" ]]; then
- mods=(dav_lock dav_fs dav ssl)
+ mods=(auth_digest dav_lock dav_fs dav ssl)
for i in $mods; do
a2dismod $i
done
t@@ -122,7 +122,14 @@ ckdistro() {
# apache
install -Dm775 -g www-data -d /etc/apache2/DAV
[[ `grep '^DAVLockDB ' /etc/apache2/apache2.conf` ]] || {
- print "DAVLockDB /etc/apache2/DAV/DAVLock" >> /etc/apache2/apache2.conf
+ cat << EOF >> /etc/apache2/apache2.conf
+<Directory /media/>
+ Options Indexes
+ AllowOverride None
+ Require all granted
+</Directory>
+DAVLockDB /etc/apache2/DAV/DAVLock
+EOF
}
install -Dm600 davpasswd /etc/apache2/DAV/davpasswd
install -Dm640 apachedav /etc/apache2/sites-available/coffindav.conf
DIR diff --git a/src/zlibs/features b/src/zlibs/features
t@@ -6,23 +6,40 @@ create-webdav-hook() {
davconf="/etc/apache2/sites-available/coffindav.conf"
davpass="/etc/apache2/DAV/davpasswd"
- if [[ $entry =~ webdav && -f $COFFINDOT/webdav.conf ]]; then
+ if [[ $entry =~ webdav && -f $COFFINDOT/davpasswd ]]; then
act "Found WebDAV data. Setting up..."
- [[ -f $COFFINDOT/davpasswd ]] && {
- cat $COFFINDOT/davpasswd >> $davpass
- [[ $? = 0 ]] && {
- rm $COFFINDOT/davpasswd
- gpasswd -a www-data $undertaker # NOTE: consider standalone group
- act "Added new WebDAV user"
- }
+ cat $COFFINDOT/davpasswd >> $davpass
+ [[ $? = 0 ]] || {
+ die "Failed setting up WebDAV."
+ return 1
}
+ rm $COFFINDOT/davpasswd
+ gpasswd -a www-data $undertaker # NOTE: consider standalone group
+ act "Added new WebDAV user"
+
sed -i -e :a -e '$d;N;2,3ba' -e 'P;D' $davconf
- cat $COFFINDOT/webdav.conf >> $davconf
+# cat $COFFINDOT/webdav.conf >> $davconf
+ cat << EOF >> $davconf
+
+ alias /${tombid} /media/${tombid}
+ <Directory "/media/${tombid}">
+ Dav On
+ AllowOverride none
+ Options Indexes
+ AuthType Digest
+ AuthName WebDAV
+ AuthUserFile /etc/apache2/DAV/davpasswd
+ Require user ${undertaker}
+ </Directory>
+
+ </VirtualHost>
+</IfModule>
+EOF
act "Wrote to $davconf"
/etc/init.d/apache2 reload
[[ $? = 0 ]] || warn "Apache is funky"
- rm $COFFINDOT/webdav.conf
+# rm $COFFINDOT/webdav.conf
act "Done setting up WebDAV"
else
act "No WebDAV data found"
t@@ -47,7 +64,7 @@ delete-webdav-hook() {
create-sshfs-hook() {
fn create-sshfs-hook
- if [[ $entry =~ sshfs && -f $COFFINDOT/sshpubkey ]]; then
+ if [[ $entry =~ sshfs && -f $COFFINDOT/$tombid.pub ]]; then
act "Found SSH data. Setting up..."
[[ -d /home/$undertaker/.ssh ]] || mkdir -p /home/$undertaker/.ssh
t@@ -72,10 +89,9 @@ delete-sshfs-hook() {
ckreq || return 1
authkeys="/home/$undertaker/.ssh/authorized_keys"
- tempkeys="/home/$undertaker/.ssh/tempkeys"
- grep -v $tombid $authkeys > $tempkeys
- mv $tempkeys $authkeys
+ grep -v $tombid $authkeys > $authkeys.tmp
+ mv $authkeys.tmp $authkeys
act "Deleted SSH data"
}
DIR diff --git a/src/zlibs/hooks b/src/zlibs/hooks
t@@ -42,7 +42,7 @@ create-new-tomb() {
$(id $undertaker &>/dev/null)
[[ $? = 0 ]] || {
warn "User $undertaker not found. Creating..."
- useradd -G coffin -m -s /bin/nologin $undertaker
+ useradd -G coffin -m -s /bin/sh $undertaker
act "Created user $undertaker"
}
t@@ -89,33 +89,34 @@ delete-tomb() {
act "Deleting tomb"
undertaker=${entry[(ws@:@)2]} && xxx "Undertaker: $undertaker"
- tombid=${entry[(ws@:@)2]} && xxx "Tombid: $tombid"
+ tombid=${entry[(ws@:@)3]} && xxx "Tombid: $tombid"
- [[ $(id $undertaker &>/dev/null) ]] || {
- die "User $undertaker not found. Exiting..."
- return 1
+ [[ $(id $undertaker) ]] || {
+ die "User $undertaker not found. Exiting..." \
+ && return 1
}
[[ -f $GRAVEYARD/$tombid.tomb ]] || {
- die "Tomb $tombid.tomb not found. Exiting..."
- return 1
+ die "Tomb $tombid.tomb not found. Exiting..." \
+ && return 1
}
[[ -f $COFFINDOT/$tombid.key ]] || {
- die "Key of $tombid not found. Exiting..."
- return 1
+ die "Key of $tombid not found. Exiting..." \
+ && return 1
}
compare-key
[[ $? = 0 ]] && {
sudo -u $undertaker $TOMB slam $tombid
+ update-tombs del
grep -v ${undertaker}:${tombid} $TTAB > $TTAB.tmp
- [[ $? = 0 ]] && mv $TTAB.tmp $TTAB && \
+ mv $TTAB.tmp $TTAB && \
act "Removed from ttab"
grep -v ${keyhash} $TOMBPASSWD > $TOMBPASSWD.tmp
- [[ $? = 0 ]] && mv $TOMBPASSWD.tmp $TOMBPASSWD && \
+ mv $TOMBPASSWD.tmp $TOMBPASSWD && \
chmod 600 $TOMBPASSWD && \
act "Removed from tombpasswd"
DIR diff --git a/src/zlibs/ttab b/src/zlibs/ttab
t@@ -1,5 +1,24 @@
#!/usr/bin/env zsh
+update-tombs() {
+ fn update-tombs $*
+ req=(happ)
+ happ="$1"
+ ckreq || return 1
+
+ if [[ $happ == "add" ]]; then
+ print "${undertaker}:${keyhash}:${keyuuid}" >> $TOMBS && \
+ chmod 600 $TOMBS && \
+ act "Added info to $TOMBS"
+ elif [[ $happ == "del" ]]; then
+ cp $TOMBS $TMPTOMBS
+ grep -v "${keyhash}:${keyuuid}" $TMPTOMBS > $TOMBS && \
+ chmod 600 $TOMBS && \
+ act "Removed from $TOMBS"
+ rm $TMPTOMBS
+ fi
+}
+
ttab-magic() {
fn ttab-magic
t@@ -21,11 +40,7 @@ ttab-magic() {
act "compare-key -> true"
sudo -u $undertaker $TOMB slam $tombid
- cp $TOMBS $TMPTOMBS
- grep -v "${keyhash}:${keyuuid}" $TMPTOMBS > $TOMBS && \
- chmod 600 $TOMBS && \
- act "Updated $TOMBS"
- rm $TMPTOMBS
+ update-tombs del
continue
}
t@@ -45,9 +60,7 @@ ttab-magic() {
[[ -d "/media/$tombid" ]] && {
chmod g+rw /media/$tombid
- print "${undertaker}:${keyhash}:${keyuuid}" >> $TOMBS && \
- chmod 600 $TOMBS && \
- act "Added info to $TOMBS"
+ update-tombs add
}
}
done