URI: 
       trelevant code cleanup reenginered priviled escalation fixed more test cases - tomb - the crypto undertaker
  HTML git clone git://parazyd.org/tomb.git
   DIR Log
   DIR Files
   DIR Refs
   DIR README
   DIR LICENSE
       ---
   DIR commit 465e2f63e5453b470dd605a46f3ff551fde07d23
   DIR parent 613fb37cc7cfcdd4274266be435e1d19d49397ee
  HTML Author: Jaromil <jaromil@dyne.org>
       Date:   Thu,  3 Feb 2011 17:11:08 +0100
       
       relevant code cleanup
       reenginered priviled escalation
       fixed more test cases
       
       Diffstat:
         M src/tomb                            |     294 +++++++++++++++++++++----------
         M src/tomb-open                       |       8 +++++++-
       
       2 files changed, 205 insertions(+), 97 deletions(-)
       ---
   DIR diff --git a/src/tomb b/src/tomb
       t@@ -20,8 +20,8 @@
        # this source code; if not, write to:
        # Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
        
       -VERSION=0.9
       -DATE=Jan/2011
       +VERSION=0.9.1
       +DATE=Feb/2011
        
        # PATH=/usr/bin:/usr/sbin:/bin:/sbin   
        
       t@@ -50,6 +50,10 @@ fi
        
        # usb auto detect using dmesg
        # tested on ubuntu 10.04 - please test and patch on other systems if you can
       +# TODO: use udev rules, see how archlinux folks document it - arch rox 8)
       +# https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
       +# here we could modularize the choice of methods using function pointers,
       +# so that they are configurable when calling tomb.
        ask_usbkey() {
            notice "Waiting 1 minute for a usb key to connect"
            echo -n " .  please insert your usb key "
       t@@ -127,15 +131,16 @@ ask_usbkey() {
        # user interface (just to ask the password)
        ask_password() {
        
       -    exec_as_user xhost 2>/dev/null
       +    exec_as_user xhost # 2&>1 >/dev/null
            if [ $? = 0 ]; then # we have access to the X display
                
       -        exec_as_user which tomb-askpass
       +        exec_as_user which tomb-askpass # 2&>1 > /dev/null
                if [ $? = 0 ]; then
       -            keyname=`basename $enc_key | cut -d. -f1`
       -            export scolopendro="`exec_as_user tomb-askpass $keyname`"
       +            export scolopendro="`exec_as_user tomb-askpass ${1} 2>/dev/null`"
                    return
       -        elif [ -x /usr/bin/ssh-askpass ]; then # debian has this
       +        fi
       +        exec_as_user which ssh-askpass # 2&>1 > /dev/null
       +        if [ $? = 0 ]; then
                    export scolopendro="`exec_as_user ssh-askpass "Tomb: provide the password to unlock"`"
                    return
                fi
       t@@ -146,6 +151,7 @@ ask_password() {
                echo -n " >  "
                read -s scolopendro
                export scolopendro
       +
            fi
        
            # just in case we'd like to have dialog supported too:
       t@@ -157,22 +163,69 @@ ask_password() {
        
        # popup notification
        tomb-notify() {
       +    # look for our icon in common prefixes
       +    if   [ -r /usr/share/pixmaps/monmort.xpm ];       then icon=/usr/share/pixmaps/monmort.xpm
       +    elif [ -r /usr/share/icons/monmort.xpm ];         then icon=/usr/share/icons/monmort.xpm
       +    elif [ -r /usr/local/share/pixmaps/monmort.xpm ]; then icon=/usr/local/share/pixmaps/monmort.xpm
       +    elif [ -r /usr/local/share/icons/monmort.xpm ];   then icon=/usr/local/share/icons/monmort.xpm
       +    elif [ -r /opt/share/pixmaps/monmort.xpm ];       then icon=/opt/share/pixmaps/monmort.xpm
       +    elif [ -r /sw/share/pixmaps/monmort.xpm ];        then icon=/sw/share/pixmaps/monmort.xpm
       +    fi
       +
            if [ -z $1 ]; then
       -        exec_as_user notify-send -i monmort \
       +        exec_as_user notify-send -i $icon \
                    -u low -h string:App:Tomb \
                    -h double:Version:${VERSION} \
                    "Tomb version $VERSION" \
                    "Hi, I'm the Undertaker.
        Let's start setting your Crypt?"
            else
       -        exec_as_user notify-send -i monmort ${@}
       +        exec_as_user notify-send -i $icon ${@}
            fi
        }
        
        # drop privileges
        exec_as_user() {
       +
       +    if ! [ $SUDO_USER ]; then
       +        exec $@[@]
       +        return $?
       +    fi
       +    
            func "executing as user '$SUDO_USER': ${(f)@}"
       -    sudo -u $SUDO_USER ${@}
       +    which gksu > /dev/null
       +    if [ $? = 0 ]; then
       +        func "Using gksu for execution of '${(f)@}' as user $SUDO_USER"
       +        gksu -u $SUDO_USER "${@[@]}"
       +        return $?
       +    fi
       +    which sudo > /dev/null
       +    if [ $? = 0 ]; then
       +        func "Using sudo for execution of '${(f)@}' as user $SUDO_USER"
       +        sudo -u $SUDO_USER "${@[@]}"
       +        return $?
       +    fi
       +}
       +
       +
       +# escalate privileges
       +check_priv() {
       +    id | grep root > /dev/null
       +    if [ $? != 0 ]; then
       +        which gksu > /dev/null
       +        if [ $? = 0 ]; then
       +            func "Using gksu for root execution of 'tomb ${(f)ARGS}'"
       +            gksu "tomb ${ARGS[@]}"
       +            exit $?
       +        fi
       +        which sudo > /dev/null
       +        if [ $? = 0 ]; then
       +            func "Using sudo for root execution of 'tomb ${(f)ARGS}'"
       +            sudo "tomb ${ARGS[@]}"
       +            exit $?
       +        fi
       +        exit 1
       +    fi
        }
        
        
       t@@ -184,9 +237,9 @@ notice "Tomb  -  simple commandline tool for encrypted storage"
        act "version $VERSION ($DATE) by Jaromil @ dyne.org"
        func "invoked with args \"${(f)@}\" "
        func "running on `date`"
       +ARGS=$@[@]
        
       -
       -OPTS=`getopt -o hvs:k:S -n 'tomb' -- "$@"`
       +OPTS=`getopt -o hvDs:k: -n 'tomb' -- "$@"`
        while true; do
            case "$1" in
                -h)
       t@@ -196,6 +249,7 @@ while true; do
                    notice "Options:"
                    act "-h     print this help"
                    act "-v     print out the version information for this tool"
       +            act "-D     print out debugging information at runtime"
                    act "-s     size of the storage file when creating one (MB)"
                    act "-k     path to the key to use for decryption"
                    act "-S     acquire super user rights if possible"
       t@@ -216,37 +270,7 @@ BEGIN { license=0 }
        '
                    act ""
                    exit 0 ;;
       -        -S) GETPRIV=true; shift 1 ;;
       -        *)  break ;;
       -    esac
       -done
       -
       -id | grep root > /dev/null
       -if [ $? != 0 ]; then
       -    if [ "$GETPRIV" = "true" ]; then
       -        which gksu > /dev/null
       -        if [ $? = 0 ]; then
       -            act "Using gksu for root execution of 'tomb ${(f)@}'"
       -            gksu "tomb ${(f)@}"
       -            exit $?
       -        fi
       -        which sudo > /dev/null
       -        if [ $? = 0 ]; then
       -            act "Using sudo for root execution of 'tomb ${(f)@}'"
       -            sudo "tomb ${(f)@}"
       -            exit $?
       -        fi
       -        exit 1
       -    else
       -        error "This program must be run as root to produce results"
       -        exit 1
       -    fi
       -fi
       -
       -# now process the real options
       -OPTS=`getopt -o hvs:k:S -n 'tomb' -- "$@"`
       -while true; do
       -    case "$1" in
       +        -D) DEBUG=1; shift 1 ;;
                -s) SIZE=$2; shift 2 ;;
                -k) KEY=$2; shift 2 ;;
                --) shift; break ;;
       t@@ -257,6 +281,7 @@ while true; do
        done
        
        
       +
        if [ -z $CMD ]; then
            error "first argument missing, use -h for help"
            tomb-notify
       t@@ -279,11 +304,14 @@ fi
        
        create_tomb() {
        
       +# make sure the file has a .tomb extension
       +    FILE="${FILE%\.*}.tomb"
       +
            if [ -e "$FILE" ]; then
                error "$FILE exists already. I'm not digging here."
                exit 1
            fi
       -    
       +
            notice "Creating a new tomb"
            if [ -z $SIZE ]; then
                if [ $MOUNT ]; then
       t@@ -296,12 +324,8 @@ create_tomb() {
                fi
            fi
        
       -# make sure the file has a .tomb extension
       -    FILE="${FILE%\.*}.tomb"
       -
            SIZE_4k=`expr $SIZE \* 1000 / 4`
            act "Generating ${FILE} of ${SIZE}Mb (${SIZE_4k} blocks of 4Kb)"
       -#   TODO: use dd_rescue 
            $DD if=/dev/urandom bs=4k count=${SIZE_4k} of=${FILE}
            
            if [ $? = 0 -a -e ${FILE} ]; then
       t@@ -311,34 +335,78 @@ create_tomb() {
                exit 1
            fi
        
       -    mkdir -p /tmp/tomb
       -
            modprobe dm-crypt
            modprobe aes-i586
        
            nstloop=`losetup -f` # get the number for next loopback device
            losetup -f ${FILE}   # allocates the next loopback for our file
       -    keytmp=`tempfile`
       +
       +    # create the keyfile in tmpfs so that we leave less traces in RAM
       +    keytmp=`tempfile -p tomb`
       +    rm -f $keytmp
       +    mkdir -p $keytmp
       +    mount tmpfs ${keytmp} -t tmpfs -o size=1m
       +    if [ $? != 0 ]; then
       +        error "cannot mount tmpfs filesystem in volatile memory"
       +        error "operation aborted."
       +        losetup -d $nstloop
       +        rm -r $keytmp
       +        exit 1
       +    fi
            act "Generating secret key..."
            act "this operation takes time, keep using this computer on other tasks,"
            act "once done you will be asked to choose a password for your tomb."
       -    cat /dev/urandom | dd bs=1 count=256 of=${keytmp}
       -
       +    touch ${keytmp}/tomb.tmp
       +    chmod 0600 ${keytmp}/tomb.tmp
       +    $DD bs=1 count=256 if=/dev/urandom of=${keytmp}/tomb.tmp
       +    if ! [ -r ${keytmp}/tomb.tmp ]; then
       +        error "cannot generate encryption key, operation aborted."
       +        umount ${keytmp}
       +        losetup -d $nstloop
       +        rm -r $keytmp
       +        exit 1
       +    fi
       +        
            notice "Setup your secret key file ${FILE}.gpg"
            tomb-notify "The Tomb key is being forged:" "please set your password."
       +
            # here user is prompted for key password
       -    gpg -o "${FILE}.gpg" --no-options --openpgp -c -a ${keytmp}
       -    while [ $? = 2 ]; do
       -        gpg -o "${FILE}.gpg" --no-options --openpgp -c -a ${keytmp}
       +    for c in 1 2 3; do
       +        # 3 tries to write two times a matching password
       +        ask_password ${FILE}
       +        scolotemp=$scolopendro
       +        ask_password "${FILE} (again)"
       +        if [ "$scolotemp" = "$scolopendro" ]; then
       +            break;
       +        fi
       +        unset $scolotemp
       +        unset $scolopendro
            done
       +
       +    if [ -z $scolopendro ]; then
       +        error "passwords don't match, aborting operation"
       +        umount ${keytmp}
       +        losetup -d $nstloop
       +        rm -r $keytmp
       +        exit 1
       +    fi
       +
       +    echo "${scolopendro}" | gpg --batch --no-options --no-tty --passphrase-fd 0 \
       +        -o "${FILE}.gpg" -c -a ${keytmp}/tomb.tmp
       +    if [ $? = 2 ]; then
       +        error "setting password failed: gnupg returns 2"
       +        umount ${keytmp}
       +        losetup -d $nstloop
       +        rm -r $keytmp
       +        exit 1
       +    fi
            
            act "formatting Luks mapped device"
       -        # dm-crypt only supports sha1
       -        # but we can use aes-cbc-essiv with sha256 for better security
       -        # see http://clemens.endorphin.org/LinuxHDEncSettings
       +        # we use aes-cbc-essiv with sha256
       +        # for security, performance and compatibility
            cryptsetup --batch-mode \
                --cipher aes-cbc-essiv:sha256 --key-size 256 \
       -        luksFormat ${nstloop} ${keytmp}
       +        luksFormat ${nstloop} ${keytmp}/tomb.tmp
        
            if ! [ $? = 0 ]; then
                act "operation aborted."
       t@@ -346,8 +414,10 @@ create_tomb() {
            fi
         
            
       -    cryptsetup --key-file ${keytmp} --cipher aes luksOpen ${nstloop} tomb.tmp
       -    ${WIPE[@]} ${keytmp}
       +    cryptsetup --key-file ${keytmp}/tomb.tmp --cipher aes luksOpen ${nstloop} tomb.tmp
       +    ${WIPE[@]} ${keytmp}/tomb.tmp
       +    umount ${keytmp}
       +    rm -r ${keytmp}
        
            notice "Your tomb is ready on ${FILE} and secured with key ${FILE}.gpg"
            act "Would you like to save the key on  an external usb device?"
       t@@ -393,12 +463,24 @@ create_tomb() {
        
        mount_tomb() {
        
       -    if [ -z $KEY ]; then
       +    if ! [ -r $FILE ]; then
       +#  try also adding a .tomb extension
       +        FILEtomb="${FILE%\.*}.tomb"
       +        if ! [ -r $FILEtomb ]; then
       +            error "cannot find a tomb named $FILE"
       +            exit 1
       +        else
       +            FILE=$FILEtomb
       +        fi
       +    fi
       +
       +    if ! [ $KEY ]; then
                enc_key="`basename ${FILE}.gpg`"
            else
                enc_key="$KEY"
            fi
        
       +
            notice "mounting $FILE on mountpoint $MOUNT"
            if [ -z $MOUNT ]; then
                MOUNT=/media/`basename ${FILE}`
       t@@ -447,13 +529,17 @@ mount_tomb() {
            mapper="tomb.`basename $FILE | cut -d. -f1`.$mapdate.`basename $nstloop`"
            
            notice "Password is required for key ${enc_key}"
       +    keyname=`basename $enc_key | cut -d. -f1`
            for c in 1 2 3; do
                
       -        ask_password
       -        
       +        if [ $c = 1 ]; then
       +            ask_password ${keyname}
       +        else
       +            ask_password "$keyname (retry $c)"
       +        fi
                echo "${scolopendro}" \
       -            | gpg --passphrase-fd 0 --no-tty --no-options \
       -            -d "${enc_key}" 2>/dev/null \
       +            | gpg --batch --passphrase-fd 0 --no-tty --no-options \
       +                  -d "${enc_key}" 2>/dev/null \
                    | cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
                
                unset scolopendro
       t@@ -475,7 +561,7 @@ mount_tomb() {
            
            mount -o rw,noatime,nodev /dev/mapper/${mapper} ${MOUNT}
        
       -    # Ensure the user can write the disk
       +    # Ensure the user can write the disk - 10x Hellekin :)
            ME=${SUDO_USER:-$(whoami)}
            chmod 0750 ${MOUNT}
            chown $(id -u $ME):$(id -g $ME) ${MOUNT}
       t@@ -490,7 +576,7 @@ umount_tomb() {
        
            if [ -z $FILE ]; then
        
       -        how_many_tombs=$(2>/dev/null (ls /dev/mapper/tomb.* | wc -w))
       +        how_many_tombs=`ls /dev/mapper/tomb.* 2> /dev/null | wc -w`
                if [ $how_many_tombs = 0 ]; then
                    error "there is no open tomb to be closed"
                    exit 0
       t@@ -503,21 +589,23 @@ umount_tomb() {
                    exit 1
                fi
        
       -    else
       -
       -        if [ -r $FILE ]; then
       -            mapper=$FILE
       -        elif [ -r /dev/mapper/${FILE} ]; then
       -            mapper=/dev/mapper/${FILE}
       -        else
       -            error "tomb not found: $FILE"
       -            error "please specify an existing /dev/mapper/tomb.*"
       -            ls /dev/mapper/tomb.*
       -            exit 1
       -        fi
       -#        FILE=`mount | grep $mapper | awk '{print $3}'`
       +    fi
        
       +    if [ -r $FILE ]; then # accepts relative and absolute path
       +        mapper=$FILE
       +    elif [ -r /dev/mapper/${FILE} ]; then
       +        mapper=/dev/mapper/${FILE}
            fi
       +        
       +    if ! [ -r $mapper ]; then
       +        error "tomb not found: $mapper"
       +        error "please specify an existing /dev/mapper/tomb.*"
       +        ls /dev/mapper/tomb.*
       +        tomb-notify "My tomb vanished" "Crypto undertaker will rest in peace."
       +        killall -e ${mapper}
       +        exit 1
       +    fi
       +
        
            # if [ "$mapper" = "" ]; then
            #         error "$FILE is not mounted"
       t@@ -535,11 +623,16 @@ umount_tomb() {
            basemap=`basename $mapper`
            tombname=`echo ${basemap} | cut -d. -f2`
        
       -    errno=`umount ${mapper}`
       -    if ! [ $? = 0 ]; then
       -        tomb-notify "Tomb '$tombname' is too busy." \
       -            "Close all applications and file managers, then try again."
       -        exit 1
       +    act "closing tomb $tombname on dm-crypt $basemap"
       +
       +    mount | grep $mapper 2&>1 > /dev/null
       +    if [ $? = 0 ]; then # still mounted
       +        errno=`umount ${mapper}`
       +        if ! [ $? = 0 ]; then
       +            tomb-notify "Tomb '$tombname' is too busy." \
       +                "Close all applications and file managers, then try again."
       +            exit 1
       +        fi
            fi
        
            cryptsetup luksClose $basemap
       t@@ -568,7 +661,7 @@ umount_tomb() {
        # install mime-types, bells and whistles for the desktop
        # see http://developers.sun.com/solaris/articles/integrating_gnome.html
        # and freedesktop specs
       -install() {
       +install_tomb() {
        
        # TODO: distro package deps (for binary)
        # debian: zsh, cryptsetup, libgtk2.0-0, libnotify-bin
       t@@ -653,25 +746,34 @@ tomb
        EOF
            act "Tomb is now installed."
        }
       +
       +kill_tomb() {
       +    # TODO: fixME - should close all tombs
       +    umount /tmp/tomb*     2&>1 > /dev/null
       +    # todo check which are tomb loops
       +    losetup -d /dev/loop* 2&>1 > /dev/null
       +}
       +    
                
        case "$CMD" in
       -    create)   create_tomb ;;
       +    create)   check_priv ; create_tomb ;;
        
       -    mount)    mount_tomb  ;;
       -    open)     mount_tomb  ;;
       +    mount)    check_priv ; mount_tomb  ;;
       +    open)     check_priv ; mount_tomb  ;;
        
       -    umount)   umount_tomb ;;
       -    unmount)  umount_tomb ;;
       -    close)    umount_tomb ;;
       +    umount)   check_priv ; umount_tomb ;;
       +    unmount)  check_priv ; umount_tomb ;;
       +    close)    check_priv ; umount_tomb ;;
        
       -    install)  install     ;;
       +    install)  check_priv ; install_tomb     ;;
       +    kill)     check_priv ; kill_tomb   ;;
        
            status)   tomb-status ;;
            notify)   tomb-notify $CMD2 $CMD3 ;;
        
            *) error "command \"$CMD\" not recognized"
                act "try -h for help"
       -        break
       +        exit 1
                ;;
        esac
        
   DIR diff --git a/src/tomb-open b/src/tomb-open
       t@@ -77,7 +77,7 @@ if [ "$1" != "create" ]; then
        fi
        
        # start guided tomb creation
       -tomb -S notify
       +tomb notify
        cat <<EOF
        Create a new Tomb
        =================
       t@@ -128,6 +128,12 @@ cat <<EOF
          password:
        EOF
        tomb -S create ${filename}.tomb $size
       +if [ $? != 0 ]; then
       +    echo "An error occurred creating tomb, operation aborted"
       +    tomb -S kill
       +    read -q
       +    exit 1
       +fi
        if ! [ -r /usr/share/applications/tomb.desktop ]; then
            echo "  Well done!"
            echo "  Now the last thing to do is to install Tomb on your desktop:"