tremoved web, restructured sacrist - coffin - secure lan file storage on a device
HTML git clone git://parazyd.org/coffin.git
DIR Log
DIR Files
DIR Refs
DIR Submodules
DIR README
DIR LICENSE
---
DIR commit 80bb8a40f1e53059404cd13a0d321127b0f8d072
DIR parent c72765a0c46be65f742dca8abf3cf2ae2f0ba319
HTML Author: parazyd <parazyd@dyne.org>
Date: Mon, 22 Feb 2016 15:01:15 +0100
removed web, restructured sacrist
Diffstat:
A TODO | 7 +++++++
M bin/mourner | 2 +-
M bin/sacrist | 148 +++++++++++++++++++++----------
D web/index.php | 50 -------------------------------
D web/tomb.php | 28 ----------------------------
D web/undertaker | 47 -------------------------------
6 files changed, 111 insertions(+), 171 deletions(-)
---
DIR diff --git a/TODO b/TODO
t@@ -0,0 +1,7 @@
+* ssh pubkeys
+* pwless keys
+* ssh/gpg
+* devuan raspi image
+* test suite
+* yubikeys
+* consider genpasswd
DIR diff --git a/bin/mourner b/bin/mourner
t@@ -4,7 +4,7 @@
#
# ~ parazyd
-pattern='sd[b-z][1-9]$'
+pattern='sd[a-z][1-9]$'
coproc inotifywait --monitor --event create,delete --format '%e %w%f' /dev
while read -r -u "${COPROC[0]}" event file; do
DIR diff --git a/bin/sacrist b/bin/sacrist
t@@ -6,81 +6,139 @@
device=$1
happenz=$2
-keyuuid=`blkid $device | awk -F\" '{print $2}'`
+keyuuid=$(blkid $device | awk -F\" '{print $2}')
-tmptombs="/tmp/tombs"
-temptombs="/tmp/tombs2"
-lockfile="/tmp/coffinlock"
-keymount="/media/tombkey"
-coffindot=".coffin"
+# Vars
+tmptombs="/tmp/tombs" # Info about opened tombs, holds keyuuid, keyhash and tombname
+tmptombs2="/tmp/tombs2" # Temp tempfile, for updating $tmptombs
+graveyard="/home/graveyard" # Our graveyard, with all the tombs
+keymount="/media/tombkey" # Directory where keys get mounted
+coffindot="$keymount/.coffin" # .coffin directory on the usb key
+ttab="$coffindot/ttab" # Our ttab
+createme="$coffindot/create.me" # New tomb creation trigger
+tomb="/usr/local/bin/tomb"
-# debugs
+# Debugs
echo "Arg1: $1"
echo "Arg2: $2"
echo "Device path is: $device"
echo "Device UUID is: $keyuuid"
-echo "I am $happenz"
-# end debugs
-
-# echo partitions to file for webadmin
-lsblk -npl | awk -F" " '{print $1}' | grep ^/dev/sd.. > /home/parazyd/devel/tombox/web/devs
+# {{{ Functions
_mountkey() {
mkdir -p $keymount
mount $device $keymount
}
-_get_ttab() { ttab=`ls $keymount/$coffindot | awk -F. '{print $1}'` }
+_ttabmagic() {
+ # Loop entire ttab and do stuff for tombs that want to be opened
+ _msg info "Doing ttab magic..."
+ line=0
+ for entry in $(cat $ttab); do
+ let line=$line+1
+ _msg info "Found line $line..."
+ if [[ $(echo $entry | awk -F: '{print $4}') == "true" ]]; then
+ _msg info "Working on tomb from line $line..."
+ undertaker=$(echo $entry | awk -F: '{print $1}')
+ echo "Username: $undertaker"
+ tombname=$(echo $entry | awk -F: '{print $2}')
+ echo "Tomb name: $tombname"
+ _comparekey
+ if [[ $happenz == "close" ]]; then
+ _msg warn "Comparekey true"
+ sudo -u $undertaker $tomb slam $tombname
+ cp $tmptombs $tmptombs2
+ grep -v $keyhash $tmptombs2 > $tmptombs; chmod 600 $tmptombs; _msg info "Updated $tmptombs"
+ rm $tmptombs2
+ continue
+ fi
+ _msg warn "Comparekey false"
+ tombpass=$(echo $entry | awk -F: '{print $3}')
+ echo "Tomb passphrase: $tombpass"
+ sudo -u $undertaker $tomb open $graveyard/$tombname.tomb -k $coffindot/$tombname.key \
+ --unsafe --tomb-pwd $tombpass # Deal with this shit somehow!
+
+ if [[ -d "/media/$tombname" ]]; then
+ echo "$undertaker:$keyhash:$keyuuid" >> $tmptombs; chmod 600 $tmptombs; _msg info "Added info to $tmptombs"
+ else
+ _msg warn "Nothing added to $tmptombs"
+ fi
+ fi
+ done
+ umount $keymount; rmdir $keymount; _msg info "Unmounted and deleted $keymount"
+}
_hashkey() {
- _get_ttab
- cat $keymount/$coffindot/$ttab.key \
- | sha512sum \
- | awk -F" " '{print $1}'
+ cat $coffindot/$tombname.key | sha512sum | awk -F" " '{print $1}'
}
-_compare_key() {
- keyhash=`_hashkey`
- if [[ ( `cat $tmptombs | grep $keyhash | grep $keyuuid` ) ]]; then
+_comparekey() {
+ keyhash=$(_hashkey)
+ if [[ ( $(cat $tmptombs | grep $keyhash | grep $keyuuid) ) ]]; then
happenz=close
else
happenz=open
fi
}
+
+_create_new_tomb() {
+ _msg info "Creating new tomb!"
+ undertaker=$(cat $createme | awk -F: '{print $1}')
+ tombname=$(cat $createme | awk -F: '{print $2}')
+ tombpass=$(cat $createme | awk -F: '{print $3}')
+ tombsize=$(cat $createme | awk -F: '{print $4}')
+
+ if ! [[ ( $(id $undertaker) ) ]]; then
+ _msg warn "No user called $undertaker found. Creating..."
+ useradd -G tombox -m -s /bin/bash $undertaker
+ _msg info "Created user $undertaker"
+ fi
+
+ sudo -u $undertaker $tomb dig -s $tombsize $graveyard/$tombname.tomb
+ sudo -u $undertaker $tomb forge $graveyard/$tombname.key --unsafe --tomb-pwd "$tombpass"
+ sudo -u $undertaker $tomb lock $graveyard/$tombname.tomb -k $graveyard/$tombname.key \
+ --unsafe --tomb-pwd "$tombpass"
+ mv $graveyard/$tombname.key $coffindot/ && chown $undertaker:$undertaker $coffindot/$tombname.key && \
+ _msg info "Moved and chowned keyfile"
+ echo "$undertaker:$tombname:$tombpass:true" >> $ttab
+ _msg info "Wrote to $ttab"
+ rm $createme && _msg info "Removed $createme"
+}
+
+_endgame() {
+ # Mr. Proper
+}
+
_msg() {
- if [[ $1 == "err" ]]; then
- echo $fg_bold[red] "[E] $2"
+ if [[ $1 == "error" ]]; then
+ echo -e "\e[1;31m[E] \e[0;31m$2 \e[0m"
elif [[ $1 == "warn" ]]; then
- echo $fg_bold[cyan] "[W] $2"
+ echo -e "\e[1;33m[W] \e[0;33m$2 \e[0m"
elif [[ $1 == "info" ]]; then
- echo $fg_bold[orange] "[i] $2"
+ echo -e "\e[1;34m[i] \e[0;34m$2 \e[0m"
fi
}
+# }}}
+
+# Main
if [[ $happenz == "CREATE" ]]; then
_mountkey
- if [[ -d "$keymount/$coffindot" ]]; then
- _get_ttab; _msg info "Got undertaker: $ttab"
-
- _compare_key
- if [[ $happenz == "close" ]]; then
- _msg info "Comparekey true"
- tombname=`cat $tmptombs | grep $keyhash | awk -F: '{print $1}'`; _msg info "Got tombname: $ttab"
- tomb slam $tombname
- cp $tmptombs $temptombs
- grep -v "$keyhash" $temptombs > $tmptombs; _msg info "Put stuff in $tmptombs"
- rm $temptombs
- umount $keymount; rmdir $keymount; _msg info "Unmounted usb"
- elif [[ $happenz == "open" ]]; then
- _msg info "Comparekey false"
- _get_ttab
- echo -e "$ttab:$keyhash:$keyuuid\n" >> $tmptombs ; _msg info "Added it to $tmptombs"
- su $ttab -c "tomb open /home/$ttab/$ttab -k $keymount/$coffindot/$ttab.key --unsafe --tomb-pwd lalala"
-
- umount $keymount; rmdir $keymount; _msg info "Unmounted usb"
+ if [[ -d "$coffindot" ]]; then
+ _msg info "$coffindot found..."
+
+ if [[ -f "$createme" ]]; then
+ _create_new_tomb
+ fi
+
+ if ! [[ -f "$ttab" ]]; then
+ _msg error "No ttab!"
+ umount $keymount; rmdir $keymount; _msg info "Unmounted and removed $keymount"
+ else
+ _ttabmagic
fi
else
- _msg err "No valid .coffin dir!"
- umount $keymount; rmdir $keymount;
+ _msg error "No valid .coffin directory! Exiting..."
+ umount $keymount; rmdir $keymount; _msg info "Umounted and removed $keymount"
fi
fi
DIR diff --git a/web/index.php b/web/index.php
t@@ -1,50 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <title>tombox administration</title>
-</head>
-<body>
- <h1>tombox administration</h1>
- <hr>
-
-
- <h3>Create new tomb and key</h3>
- <form action="tomb.php?happenz=CREATE" method="post">
- Username: <input type="text" name="undertaker">
- Tomb size (MiB): <input type="number" name="size">
- <select name="device">
- <option selected>Choose device to store key</option>
- <?php
- $devs = file("devs", FILE_IGNORE_NEW_LINES);
- $sizes = file("sizes", FILE_IGNORE_NEW_LINES);
- foreach ($devs as $line_num => $line) {
- echo '<option value="' . $line . '">' . $line . '</option>' . "\n ";
- }
- ?>
- </select>
- <input type="submit">
- </form>
-
- <hr>
-
- <h3>Change tomb's key</h3>
- <form action="tomb.php?happenz=REVOKE" method="post">
- <select name="device">
- <option selected>Choose device to store key</option>
- <?php
- $devs = file("devs", FILE_IGNORE_NEW_LINES);
- $sizes = file("sizes", FILE_IGNORE_NEW_LINES);
- foreach ($devs as $line_num => $line) {
- echo '<option value="' . $line . '">' . $line . '</option>' . "\n ";
- }
- ?>
- </select>
- <input type="submit">
- </form>
-
-
- <hr>
-
-</body>
-</html>
DIR diff --git a/web/tomb.php b/web/tomb.php
t@@ -1,28 +0,0 @@
-<!DOCTYPE html>
-<!--
- tomb.php - php script called by the index form, passing vars to
- undertaker (shell middleman between web and rest of tombox
--->
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <title>Creating new tomb...</title>
-</head>
-<body>
- <?php
- $happenz = $_GET["happenz"];
- $username = $_POST["undertaker"];
- $device = $_POST["device"];
- $size = $_POST["size"];
-
- $command = "./undertaker " . $happenz . " " . $device . " " . $username . " " . $size;
-
- echo $command; // debug
-
- $output = system($command, $retval);
-
- echo $output;
- echo "<br><br><br>" . $retval;
- ?>
-</body>
-</html>
DIR diff --git a/web/undertaker b/web/undertaker
t@@ -1,47 +0,0 @@
-#!/usr/bin/env zsh
-#
-# Shell script for webadmin to work as a middleman between the web and
-# rest of the tombox
-#
-# ~ parazyd
-
-keymount="/media/tombkey"
-coffindot=".coffin"
-
-happenz=$1
-device=$2
-user=$3
-size=$4
-
-if [[ $happenz == "CREATE" ]]; then
-
- if [[ -d /home/$user ]]; then
- echo "User already exists. Exiting..."; exit
- fi
-
- sudo useradd -G tombox -m -s /bin/bash $user; echo "Added user: $user <br>"
- sudo -u $user tomb dig -s $size /home/$user/$user; echo "Finished digging tomb <br>"
-
- sudo mkdir -p $keymount; echo "mkdir $keymount <br>"
- sudo mount $device $keymount; echo "Mounted $device to $keymount <br>"
- sudo mkdir $keymount/$coffindot; echo "mkdir $keymount/$coffindot <br>"
- sudo chown -R $user:$user $keymount; echo "chown on those <br>"
-
- sudo -u $user tomb forge $keymount/$coffindot/$user.key --unsafe --tomb-pwd lalala ; \
- echo "Forged tomb's key at $keymount/$coffindot/$user.key <br>"
- sudo -u $user tomb lock /home/$user/$user -k $keymount/$coffindot/$user.key --unsafe --tomb-pwd lalala ; \
- echo "Locked tomb with the key <br>"
-
- sudo umount $keymount; sudo rmdir $keymount; echo "Unmounted usb key <hr>"
-fi
-
-if [[ $happenz == "REVOKE" ]]; then
-
- sudo mount $device $keymount
- if ! [[ -d $keymount/$coffindot ]]; then
- echo "No valid $coffindot dir. Exiting..."; exit
- fi
-
-
-
-fi