twhitespace cleanup - tomb - the crypto undertaker HTML git clone git://parazyd.org/tomb.git DIR Log DIR Files DIR Refs DIR README DIR LICENSE --- DIR commit c20ca3a9209afd0f469f91951a9b111f28eaecfe DIR parent 37792ffdc5fd5d697b7e4df11428689234d361d2 HTML Author: Jaromil <jaromil@dyne.org> Date: Sat, 25 May 2013 15:05:21 +0200 whitespace cleanup Diffstat: M tomb | 666 ++++++++++++++++---------------- 1 file changed, 333 insertions(+), 333 deletions(-) --- DIR diff --git a/tomb b/tomb t@@ -60,11 +60,11 @@ option_is_set() { [[ -n ${(k)opts[$1]} ]]; r=$? if [[ $2 == out ]]; then - if [[ $r == 0 ]]; then - echo 'set' - else - echo 'unset' - fi + if [[ $r == 0 ]]; then + echo 'set' + else + echo 'unset' + fi fi return $r; } t@@ -159,7 +159,7 @@ progress() { # progress create 90 formatting the tomb # progress create 100 tomb created successfully if ! option_is_set --batch; then - return + return fi print "[m][P][$1][$2][$3]" >&2 t@@ -184,8 +184,8 @@ check_bin() { # check for filesystem creation progs command -v mkfs.ext4 > /dev/null && \ - MKFS="mkfs.ext4 -q -F -j -L" || \ - MKFS="mkfs.ext3 -q -F -j -L" + MKFS="mkfs.ext4 -q -F -j -L" || \ + MKFS="mkfs.ext3 -q -F -j -L" # check for mktemp command -v mktemp > /dev/null || MKTEMP=0 t@@ -193,17 +193,17 @@ check_bin() { command -v steghide > /dev/null || STEGHIDE=0 # check for resize command -v e2fsck resize2fs > /dev/null || RESIZER=0 - + if which tomb-kdf-pbkdf2 &> /dev/null; then - KDF_PBKDF2="tomb-kdf-pbkdf2" + KDF_PBKDF2="tomb-kdf-pbkdf2" else - local our_pbkdf2 - our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2" - if which $our_pbkdf2 &> /dev/null; then - KDF_PBKDF2=$our_pbkdf2 - else - KDF_PBKDF2= - fi + local our_pbkdf2 + our_pbkdf2="$(dirname $(readlink -f $TOMBEXEC))/kdf/tomb-kdf-pbkdf2" + if which $our_pbkdf2 &> /dev/null; then + KDF_PBKDF2=$our_pbkdf2 + else + KDF_PBKDF2= + fi fi } t@@ -252,7 +252,7 @@ safe_dir() { return 0 else _warning "WARNING: we cannot ensure we're running in RAM." - xxx "Wait a bit before retrying... (attempt $tries)" + xxx "Wait a bit before retrying... (attempt $tries)" sync && sleep 0.5 fi done t@@ -308,7 +308,7 @@ SETPROMPT Password: GETPIN EOF` if [[ `tail -n1 <<<$output` =~ ERR ]]; then - return 1 + return 1 fi head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }' return 0 t@@ -336,7 +336,7 @@ check_priv() { sudok=false # sudo -n ${TOMBEXEC} &> /dev/null if ! option_is_set --sudo-pwd; then - if [ $? != 0 ]; then # if not then ask a password + if [ $? != 0 ]; then # if not then ask a password cat <<EOF | pinentry 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v OPTION ttyname=$TTY OPTION lc-ctype=$LANG t@@ -345,30 +345,30 @@ SETDESC Sudo execution of Tomb ${OLDARGS[@]} SETPROMPT Insert your USER password: GETPIN EOF - fi + fi else - _verbose "Escalating privileges using sudo-pwd" - sudo -S -v <<<`option_value --sudo-pwd` + _verbose "Escalating privileges using sudo-pwd" + sudo -S -v <<<`option_value --sudo-pwd` fi sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}" exit $? fi # are we root already # make sure necessary kernel modules are loaded - modprobe dm_crypt - + modprobe dm_crypt + return 0 } # }}} check_command() { #generic checks; useful for interaction, to check if there are problems #before wasting user's time - + if ! option_is_set --ignore-swap && ! option_is_set -f; then - if ! check_swap; then - error "Swap activated. Disable it with swapoff, or use --ignore-swap" - exit 1 - fi + if ! check_swap; then + error "Swap activated. Disable it with swapoff, or use --ignore-swap" + exit 1 + fi fi } t@@ -464,22 +464,22 @@ EOF cat $TOMBEXEC | awk ' /(_verbose|xxx) ".*"$/ { sub( /^(_verbose|xxx)/ , ""); - print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" } + print "#: _verbose"; print "msgid " $0; print "msgstr \"\"\n" } /(_success|yes) ".*"$/ { sub( /^(_success|yes)/ , ""); - print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" } + print "#: _success"; print "msgid " $0; print "msgstr \"\"\n" } /(_warning|no) ".*"$/ { sub( /^(_warning|no)/ , ""); - print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" } + print "#: _warning"; print "msgid " $0; print "msgstr \"\"\n" } /(_failure|die) ".*"$/ { sub( /^(_failure|die)/ , ""); - print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" } + print "#: _failure"; print "msgid " $0; print "msgstr \"\"\n" } /(_message|say) ".*"$/ { sub( /^(_message|say)/ , ""); - print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" } + print "#: _message"; print "msgid " $0; print "msgstr \"\"\n" } /(_message -n|act) ".*"$/ { sub( /^(_message -n|act)/ , ""); - print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" } + print "#: _message -n"; print "msgid " $0; print "msgstr \"\"\n" } ' } # }}} t@@ -554,8 +554,8 @@ decode_key() { keyfile=${tombname%%\.*}.tomb.key if [[ -e "$keyfile" ]]; then - _warning "Key file $keyfile already exist." - return 1 + _warning "Key file $keyfile already exist." + return 1 fi _message "Trying to exhume a key out of image $imagefile" for c in 1 2 3; do t@@ -612,7 +612,7 @@ BEGIN { ciphers=0 } exec_safe_bind_hooks() { if [[ -n ${(k)opts[-o]} ]]; then - MOUNTOPTS=${opts[-o]} + MOUNTOPTS=${opts[-o]} fi local MOUNTPOINT="${1}" local ME=${SUDO_USER:-$(whoami)} t@@ -685,8 +685,8 @@ forge_key() { _message "Commanded to forge key $1" if ! [ $1 ]; then - _warning "no key name specified for creation" - return 1 + _warning "no key name specified for creation" + return 1 fi # if swap is on, we remind the user about possible data leaks to disk t@@ -702,7 +702,7 @@ forge_key() { if [ $? != 0 ]; then _warning "cannot mount tmpfs filesystem in volatile memory" rm -r "${keytmp}" - die "operation aborted." + die "operation aborted." fi tombkey="$1" t@@ -716,19 +716,19 @@ forge_key() { chmod 0600 ${keytmp}/tomb.tmp random_source=/dev/random if option_is_set --use-urandom; then - random_source=/dev/urandom + random_source=/dev/urandom fi if [[ $DD = "dcfldd" ]]; then - $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1 + $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1 else - $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp + $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp fi if ! [ -r ${keytmp}/tomb.tmp ]; then _warning "cannot generate encryption key" umount ${keytmp} rm -r $keytmp - die "operation aborted." + die "operation aborted." fi _success "Choose the password of your key: ${tombkey}" t@@ -742,18 +742,18 @@ forge_key() { gen_key ${keytmp}/tomb.tmp > ${tombkey} # this does a check on the file header, virtuosism by hellekin - # [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]] + # [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]] if ! is_valid_key ${tombkey}; then - _warning "The key does not seem to be valid" + _warning "The key does not seem to be valid" _warning "Dumping contents to screen:" cat ${tombkey} _warning "--" umount ${keytmp} rm -r $keytmp - die "operation aborted." + die "operation aborted." fi - ${=WIPE} ${keytmp}/tomb.tmp # no need really, but anyway + ${=WIPE} ${keytmp}/tomb.tmp # no need really, but anyway umount ${keytmp} rm -r ${keytmp} t@@ -774,8 +774,8 @@ dig_tomb() { if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi if ! [ $1 ]; then - _warning "no tomb name specified for creation" - return 1 + _warning "no tomb name specified for creation" + return 1 fi t@@ -798,7 +798,7 @@ dig_tomb() { _warning " `ls -lh ${tombdir}/${tombfile}`" return 1 fi - + _success "Creating a new tomb in ${tombdir}/${tombfile}" t@@ -813,7 +813,7 @@ dig_tomb() { if [ $? = 0 -a -e ${tombdir}/${tombfile} ]; then _message " `ls -lh ${tombdir}/${tombfile}`" else - die "Error creating the tomb ${tombdir}/${tombfile}, operation aborted." + die "Error creating the tomb ${tombdir}/${tombfile}, operation aborted." fi _success "Done digging $tombname" t@@ -827,9 +827,9 @@ dig_tomb() { # it take arguments as the LUKS cipher to be used lock_tomb_with_key() { if ! [ $1 ]; then - _warning "no tomb specified for locking" + _warning "no tomb specified for locking" _warning "usage: tomb lock file.tomb file.tomb.key" - return 1 + return 1 fi tombfile=`basename $1` t@@ -853,10 +853,10 @@ lock_tomb_with_key() { xxx "loop mounted on ${nstloop}" _message "checking if the tomb is empty (we never step on somebody else's bones)" - cryptsetup isLuks ${nstloop} + cryptsetup isLuks ${nstloop} if [ $? = 0 ]; then - # is it a LUKS encrypted nest? then bail out and avoid reformatting it - _warning "The tomb was already locked with another key" + # is it a LUKS encrypted nest? then bail out and avoid reformatting it + _warning "The tomb was already locked with another key" losetup -d ${nstloop} die "Operation aborted. I cannot lock an already locked tomb. Go dig a new one." else t@@ -873,11 +873,11 @@ lock_tomb_with_key() { tombkey=${tombkeydir}/stdin.tmp else # take key from a file - tombkey=`option_value -k` + tombkey=`option_value -k` fi else # guess key as lying besides the tomb - tombkey=${tombdir}/${tombname}.tomb.key + tombkey=${tombdir}/${tombname}.tomb.key fi if [ -r "${tombkey}" ]; then t@@ -892,13 +892,13 @@ lock_tomb_with_key() { # [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]] if ! is_valid_key ${tombkey}; then _warning "The key seems invalid, the application/pgp header is missing" - losetup -d ${nstloop} + losetup -d ${nstloop} die "Operation aborted." - fi + fi # the encryption cipher for a tomb can be set at creation using -o - if option_is_set -o; then - cipher="`option_value -o`" + if option_is_set -o; then + cipher="`option_value -o`" else cipher="aes-cbc-essiv:sha256" fi t@@ -908,20 +908,20 @@ lock_tomb_with_key() { _message "a password is required to use key ${keyname}" local passok=0 if option_is_set --tomb-pwd; then - tombpass=`option_value --tomb-pwd` - else + tombpass=`option_value --tomb-pwd` + else for c in 1 2 3; do if [ $c = 1 ]; then - tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"` + tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"` else - tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"` + tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"` fi - if [[ $? != 0 ]]; then - losetup -d ${nstloop} - die "User aborted" - fi - - get_lukskey "${tombpass}" ${tombkey} >/dev/null + if [[ $? != 0 ]]; then + losetup -d ${nstloop} + die "User aborted" + fi + + get_lukskey "${tombpass}" ${tombkey} >/dev/null if [ $? = 0 ]; then passok=1; _message "Password OK." break; t@@ -930,7 +930,7 @@ lock_tomb_with_key() { fi if [ "$passok" = "0" ]; then _warning "Password incorrect" - losetup -d $nstloop + losetup -d $nstloop die "Operation aborted." fi t@@ -947,12 +947,12 @@ lock_tomb_with_key() { losetup -d $nstloop die "Operation aborted." fi - - - + + + get_lukskey "${tombpass}" ${tombkey} | \ cryptsetup --key-file - \ - --cipher ${cipher} luksOpen ${nstloop} tomb.tmp + --cipher ${cipher} luksOpen ${nstloop} tomb.tmp if ! [ $? = 0 ]; then _warning "cryptsetup luksOpen returned an error" unset tombpass t@@ -984,10 +984,10 @@ lock_tomb_with_key() { # backward compatibility create_tomb() { if ! [ $1 ]; then - _warning "no tomb name specified for creation" - return 1 + _warning "no tomb name specified for creation" + return 1 fi - + dig_tomb ${=PARAM} { test $? = 0 } || { die "Failed to dig tomb, operation aborted." } t@@ -996,13 +996,13 @@ create_tomb() { # make sure the file has a .tomb extension tombname=${tombfile%%\.*} tombfile=${tombname}.tomb - + forge_key ${tombfile}.key { test $? = 0 } || { die "Failed to forge key, operation aborted." } lock_tomb_with_key ${tombfile} -l ${tombfile}.key { test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." } - + yes "Tomb $tombname succesfully created" ls -l ${tombfile}* } t@@ -1023,25 +1023,25 @@ get_lukskey() { firstline=`head -n1 $keyfile` xxx "get_lukskey XXX $keyfile" if [[ $firstline =~ '^_KDF_' ]]; then - _verbose "KDF: `cut -d_ -f 3 <<<$firstline`" - case `cut -d_ -f 3 <<<$firstline` in - pbkdf2sha1) - if [[ -z $KDF_PBKDF2 ]]; then - die "The tomb use kdf method 'pbkdf2', which is unsupported on your system" - fi - pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '` - tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass) - ;; - *) - _failure "No suitable program for KDF `cut -f 3 <<<$firstline`" - unset tombpass - return 1 - ;; - esac + _verbose "KDF: `cut -d_ -f 3 <<<$firstline`" + case `cut -d_ -f 3 <<<$firstline` in + pbkdf2sha1) + if [[ -z $KDF_PBKDF2 ]]; then + die "The tomb use kdf method 'pbkdf2', which is unsupported on your system" + fi + pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '` + tombpass=$(${KDF_PBKDF2} ${=pbkdf2_param} 2> /dev/null <<<$tombpass) + ;; + *) + _failure "No suitable program for KDF `cut -f 3 <<<$firstline`" + unset tombpass + return 1 + ;; + esac fi print ${tombpass} | \ gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 2 \ - -d "${keyfile}" 2> /dev/null + -d "${keyfile}" 2> /dev/null ret=$? xxx "gpg decryption returns $ret" unset tombpass t@@ -1057,29 +1057,29 @@ gen_key() { local tombpass="" local tombpasstmp="" if ! option_is_set --tomb-pwd; then - while true; do - # 3 tries to write two times a matching password - tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"` - if [[ $? != 0 ]]; then - die "User aborted" - fi - if [ -z $tombpass ]; then - _warning "you set empty password, which is not possible" - continue - fi - tombpasstmp=$tombpass - tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"` - if [[ $? != 0 ]]; then - die "User aborted" - fi - if [ "$tombpasstmp" = "$tombpass" ]; then - break; - fi - unset tombpasstmp - unset tombpass - done + while true; do + # 3 tries to write two times a matching password + tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"` + if [[ $? != 0 ]]; then + die "User aborted" + fi + if [ -z $tombpass ]; then + _warning "you set empty password, which is not possible" + continue + fi + tombpasstmp=$tombpass + tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"` + if [[ $? != 0 ]]; then + die "User aborted" + fi + if [ "$tombpasstmp" = "$tombpass" ]; then + break; + fi + unset tombpasstmp + unset tombpass + done else - tombpass=`option_value --tomb-pwd` + tombpass=`option_value --tomb-pwd` fi t@@ -1088,40 +1088,40 @@ gen_key() { _verbose "KDF method chosen is: '`option_value --kdf`'" kdf_method=$(cut -d: -f1 <<<`option_value --kdf` ) case $kdf_method in - pbkdf2) - if [[ -z $KDF_PBKDF2 ]]; then - die "The tomb use kdf method 'pbkdf2', which is unsupported on your system" - fi - # --kdf takes one parameter: iter time (on present machine) in seconds - seconds=$(cut -d: -f2 -s <<<`option_value --kdf`) - if [[ -z $seconds ]]; then - seconds=1 - fi - local -i microseconds - microseconds=$((seconds*1000000)) - _verbose "Microseconds: $microseconds" - pbkdf2_salt=`${KDF_PBKDF2}-gensalt` - pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds` - # We use a length of 64bytes = 512bits (more than needed!?) - tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"` - - header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n" - ;; - ""|null) - - header="" - ;; - *) - _warning "KDF method non recognized" - return 1 - header="" - ;; + pbkdf2) + if [[ -z $KDF_PBKDF2 ]]; then + die "The tomb use kdf method 'pbkdf2', which is unsupported on your system" + fi + # --kdf takes one parameter: iter time (on present machine) in seconds + seconds=$(cut -d: -f2 -s <<<`option_value --kdf`) + if [[ -z $seconds ]]; then + seconds=1 + fi + local -i microseconds + microseconds=$((seconds*1000000)) + _verbose "Microseconds: $microseconds" + pbkdf2_salt=`${KDF_PBKDF2}-gensalt` + pbkdf2_iter=`${KDF_PBKDF2}-getiter $microseconds` + # We use a length of 64bytes = 512bits (more than needed!?) + tombpass=`${KDF_PBKDF2} $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"` + + header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n" + ;; + ""|null) + + header="" + ;; + *) + _warning "KDF method non recognized" + return 1 + header="" + ;; esac echo -n $header print "${tombpass}" \ | gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \ - -o - -c -a ${lukskey} + -o - -c -a ${lukskey} unset tombpass } t@@ -1136,8 +1136,8 @@ mount_tomb() { if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi if ! [ ${1} ]; then - _warning "no tomb name specified for creation" - return 1 + _warning "no tomb name specified for creation" + return 1 fi t@@ -1168,11 +1168,11 @@ mount_tomb() { tombkey=${tombkeydir}/stdin.tmp else # take key from a file - tombkey=`option_value -k` + tombkey=`option_value -k` fi else # guess key as lying besides the tomb - tombkey=${tombdir}/${tombfile}.key + tombkey=${tombdir}/${tombfile}.key fi if ! [ -r ${tombkey} ]; then _warning "key file not found: ${tombkey}" t@@ -1181,11 +1181,11 @@ mount_tomb() { fi if ! [ $2 ]; then - tombmount=/media/${tombfile} - _message "mountpoint not specified, using default: $tombmount" + tombmount=/media/${tombfile} + _message "mountpoint not specified, using default: $tombmount" elif ! [ -x $2 ]; then - _warning "mountpoint $2 doesn't exist, operation aborted." - return 1 + _warning "mountpoint $2 doesn't exist, operation aborted." + return 1 else tombmount=$2 fi t@@ -1193,7 +1193,7 @@ mount_tomb() { # check if its already open mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null if [ $? = 0 ]; then - _warning "$tombname is already open on $tombmount" + _warning "$tombname is already open on $tombmount" _message "here below its status is reported:" list_tombs ${tombname} return 1 t@@ -1206,16 +1206,16 @@ mount_tomb() { nstloop=`losetup -f` if [ $? = 255 ]; then - die "too many tomb opened. Please close any of them to open another tomb" + die "too many tomb opened. Please close any of them to open another tomb" fi losetup -f ${tombdir}/${tombfile} cryptsetup isLuks ${nstloop} if [ $? != 0 ]; then - # is it a LUKS encrypted nest? see cryptsetup(1) - _warning "$tombfile is not a valid Luks encrypted storage file" - $norm || rmdir $tombmount 2>/dev/null - return 1 + # is it a LUKS encrypted nest? see cryptsetup(1) + _warning "$tombfile is not a valid Luks encrypted storage file" + $norm || rmdir $tombmount 2>/dev/null + return 1 fi say "this tomb is a valid LUKS encrypted device" t@@ -1235,47 +1235,47 @@ mount_tomb() { # save date of mount in minutes since 1970 mapdate=`date +%s` - + mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`" keyname=`basename $tombkey | cut -d. -f1` _warning "Password is required for key ${keyname}" for c in 1 2 3; do - if ! option_is_set --tomb-pwd; then - tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"` - if [[ $? != 0 ]]; then - die "User aborted" - fi - else - tombpass=`option_value --tomb-pwd` - fi - get_lukskey "${tombpass}" ${tombkey} | \ - cryptsetup --key-file - luksOpen ${nstloop} ${mapper} - local ret=$? - unset tombpass - if [[ $ret != 0 ]]; then - if [[ $c = 3 ]] || option_is_set --tomb-pwd; then - die "Wrong password: aborting" - fi - continue - fi - - # if key was from stdin delete temp file and dir - if [ $tombkeydir ]; then - ${=WIPE} ${tombkey} - rmdir $tombkeydir - fi - - if [ -r /dev/mapper/${mapper} ]; then - break; # password was correct - fi + if ! option_is_set --tomb-pwd; then + tombpass=`exec_as_user ${TOMBEXEC} askpass "Open tomb ${keyname}"` + if [[ $? != 0 ]]; then + die "User aborted" + fi + else + tombpass=`option_value --tomb-pwd` + fi + get_lukskey "${tombpass}" ${tombkey} | \ + cryptsetup --key-file - luksOpen ${nstloop} ${mapper} + local ret=$? + unset tombpass + if [[ $ret != 0 ]]; then + if [[ $c = 3 ]] || option_is_set --tomb-pwd; then + die "Wrong password: aborting" + fi + continue + fi + + # if key was from stdin delete temp file and dir + if [ $tombkeydir ]; then + ${=WIPE} ${tombkey} + rmdir $tombkeydir + fi + + if [ -r /dev/mapper/${mapper} ]; then + break; # password was correct + fi done if ! [ -r /dev/mapper/${mapper} ]; then - losetup -d ${nstloop} - $norm || rmdir ${tombmount} 2>/dev/null - die "failure mounting the encrypted file" + losetup -d ${nstloop} + $norm || rmdir ${tombmount} 2>/dev/null + die "failure mounting the encrypted file" fi # array: [ cipher, keysize, loopdevice ] t@@ -1326,8 +1326,8 @@ mount_tomb() { # process bind-hooks (mount -o bind of directories) # and post-hooks (execute on open) if ! option_is_set -n ; then - exec_safe_bind_hooks ${tombmount} - exec_safe_post_hooks ${tombmount} open + exec_safe_bind_hooks ${tombmount} + exec_safe_post_hooks ${tombmount} open fi return 0 } t@@ -1336,7 +1336,7 @@ mount_tomb() { # {{{ - Internal operations on mounted tombs -# list_tomb_mounts +# list_tomb_mounts # print out an array of mounted tombs (internal use) # format is semi-colon separated list of attributes # if 1st arg is supplied, then list only that tomb t@@ -1352,7 +1352,7 @@ list_tomb_mounts() { mount -l \ | awk ' BEGIN { main="" } -/^\/dev\/mapper\/tomb/ { +/^\/dev\/mapper\/tomb/ { if(main==$1) next; print $1 ";" $3 ";" $5 ";" $6 ";" $7 main=$1 t@@ -1379,8 +1379,8 @@ BEGIN { main="" } # needs an argument: name of tomb whose hooks belong list_tomb_binds() { if [ "$1" = "" ]; then - _failure "internal error: list_tomb_binds called without argument."; fi - + _failure "internal error: list_tomb_binds called without argument."; fi + # list bind hooks on util-linux 2.20 (Debian 7) mount -l \ | awk -vtomb="$1" ' t@@ -1389,18 +1389,18 @@ BEGIN { main="" } if($7!=tomb) next; if(main=="") { main=$1; next; } if(main==$1) - print $1 ";" $3 ";" $5 ";" $6 ";" $7 + print $1 ";" $3 ";" $5 ";" $6 ";" $7 } ' - + # list bind hooks on util-linux 2.17 (Debian 6) tombmount=`mount -l \ | awk -vtomb="$1" ' /^\/dev\/mapper\/tomb/ { if($7!=tomb) next; print $3; exit; }'` - + mount -l | grep "^$tombmount" \ | awk -vtomb="$1" ' - /bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }' + /bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }' } # }}} t@@ -1411,24 +1411,24 @@ BEGIN { main="" } slam_tomb() { # $1 = tomb mount point if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then - return 0 + return 0 fi #Note: shells are NOT killed by INT or TERM, but they are killed by HUP for s in TERM HUP KILL; do - xxx "Sending $s to processes inside the tomb:" - if option_is_set -D; then - ps -fp `fuser -m /media/a.tomb 2> /dev/null`| - while read line; do - xxx $line - done - fi - fuser -s -m "$1" -k -M -$s - if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then - return 0 - fi - if ! option_is_set -f; then - sleep 3 - fi + xxx "Sending $s to processes inside the tomb:" + if option_is_set -D; then + ps -fp `fuser -m /media/a.tomb 2> /dev/null`| + while read line; do + xxx $line + done + fi + fuser -s -m "$1" -k -M -$s + if [[ -z `fuser -m "$1" 2> /dev/null` ]]; then + return 0 + fi + if ! option_is_set -f; then + sleep 3 + fi done return 1 } t@@ -1467,19 +1467,19 @@ umount_tomb() { xxx "name: $tombname" xxx "mount: $tombmount" xxx "mapper: $mapper" - + { test -e "$mapper" } && { _warning "Tomb not found: $1" _warning "Please specify an existing tomb." return 0 } - + if [ $SLAM ]; then _success "Slamming tomb $tombname mounted on $tombmount" _message "Kill all processes busy inside the tomb" - if ! slam_tomb "$tombmount"; then + if ! slam_tomb "$tombmount"; then _warning "Cannot slam the tomb $tombname" return 1 - fi + fi else say "Closing tomb $tombname mounted on $tombmount" fi t@@ -1494,18 +1494,18 @@ umount_tomb() { if [[ $? != 0 ]]; then if [ $SLAM ]; then _success "Slamming tomb: killing all processes using this hook" - slam_tomb "$bind_mount" - if [[ $? == 1 ]]; then + slam_tomb "$bind_mount" + if [[ $? == 1 ]]; then _warning "Cannot slam the bind hook $bind_mount" return 1 - fi + fi umount $bind_mount else _warning "Tomb bind hook $bind_mount is busy, cannot close tomb." fi fi done - + # Execute post-hooks for eventual cleanup if ! option_is_set -n ; then exec_safe_post_hooks ${tombmount%%/} close t@@ -1515,28 +1515,28 @@ umount_tomb() { umount ${tombmount} if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!" else - # this means we used a "default" mount point - { test "${tombmount}" = "/media/${tombname}.tomb" } && { - rmdir ${tombmount} } + # this means we used a "default" mount point + { test "${tombmount}" = "/media/${tombname}.tomb" } && { + rmdir ${tombmount} } fi cryptsetup luksClose $mapper { test $? = 0 } || { _warning "error occurred in cryptsetup luksClose ${mapper}" return 1 } - + losetup -d "/dev/$tombloop" - + # # kill the status tray widget if still present # # this makes the widget disappear when closing tomb from cli # awkmapper=`sed 's:\/:\\\/:g' <<< $mapper` # statustray_pid=`ps ax | awk "/tomb-status $awkmapper/"' {print $1} '` # { test "$statustray_pid" = "" } || { kill ${statustray_pid} } - + _success "Tomb $tombname closed: your bones will rest in peace." - + done # loop across mounted tombs - + return 0 } # }}} t@@ -1553,14 +1553,14 @@ change_passwd() { # check the keyfile if ! [ -r $keyfile ]; then - _warning "key not found: $keyfile" - return 1 + _warning "key not found: $keyfile" + return 1 fi if ! is_valid_key $keyfile ; then - _warning "file doesn't seems to be a tomb key: $keyfile" - _warning "operation aborted." - return 1 + _warning "file doesn't seems to be a tomb key: $keyfile" + _warning "operation aborted." + return 1 fi local tmpnewkey lukskey c tombpass tombpasstmp t@@ -1571,37 +1571,37 @@ change_passwd() { _success "Changing password for $keyfile" keyname=`basename $keyfile` if ! option_is_set --tomb-old-pwd; then - while true; do - tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"` - if [[ $? == 1 ]]; then - die "User aborted" - fi - if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then - break - fi - done + while true; do + tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"` + if [[ $? == 1 ]]; then + die "User aborted" + fi + if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then + break + fi + done else - tombpass=`option_value --tomb-old-pwd` - if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then - die "Invalid old password" - fi + tombpass=`option_value --tomb-old-pwd` + if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then + die "Invalid old password" + fi fi { - gen_key $lukskey > ${tmpnewkey} - - if ! is_valid_key $tmpnewkey; then - die "Error: the newly generated keyfile does not seem valid" - else - # copy the new key as the original keyfile name - cp "${tmpnewkey}" "${keyfile}" - _success "Your passphrase was successfully updated." - fi + gen_key $lukskey > ${tmpnewkey} + + if ! is_valid_key $tmpnewkey; then + die "Error: the newly generated keyfile does not seem valid" + else + # copy the new key as the original keyfile name + cp "${tmpnewkey}" "${keyfile}" + _success "Your passphrase was successfully updated." + fi } always { - _verbose "cleanup: $tmpnewkey $lukskey" - # wipe all temp file - ${=WIPE} "${tmpnewkey}" - ${=WIPE} "${lukskey}" + _verbose "cleanup: $tmpnewkey $lukskey" + # wipe all temp file + ${=WIPE} "${tmpnewkey}" + ${=WIPE} "${lukskey}" } return $? t@@ -1614,9 +1614,9 @@ change_passwd() { resize_tomb() { _message "Commanded to resize tomb $1 to $opts[-s] megabytes" if ! [ $1 ]; then - _failure "No tomb name specified for resizing" + _failure "No tomb name specified for resizing" elif ! [ -r "$1" ]; then - _failure "Cannot find $1" + _failure "Cannot find $1" fi local c tombpass tombkey t@@ -1628,20 +1628,20 @@ resize_tomb() { if option_is_set -k ; then if [[ "`option_value -k`" == "-" ]]; then - # take key from stdin - local tombkeydir - tombkeydir=`safe_dir` - cat > ${tombkeydir}/stdin.tmp - tombkey=${tombkeydir}/stdin.tmp + # take key from stdin + local tombkeydir + tombkeydir=`safe_dir` + cat > ${tombkeydir}/stdin.tmp + tombkey=${tombkeydir}/stdin.tmp else - # take key from a file - tombkey=`option_value -k` + # take key from a file + tombkey=`option_value -k` fi else # guess key as lying besides the tomb - tombkey=${tombdir}/${tombfile}.key + tombkey=${tombdir}/${tombfile}.key fi - + if ! [ -r ${tombkey} ]; then _failure "key file not found: ${tombkey}" fi t@@ -1650,28 +1650,28 @@ resize_tomb() { local newtombsize=$opts[-s] local oldtombsize=`stat -c %s "$1" 2>/dev/null` local mounted_tomb=`mount -l | - awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'` + awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'` if [ "$mounted_tomb" ]; then - _failure "the tomb $tombname is open, to resize it it needs to be close." + _failure "the tomb $tombname is open, to resize it it needs to be close." fi # MB to bytes conversion newtombsize=`expr \( $newtombsize \* 1024 \) \* 1024 2> /dev/null` - + if ! [ "$newtombsize" ] ; then - _failure "You must specify the new size of $tombname" + _failure "You must specify the new size of $tombname" elif [[ $newtombsize != <-> ]]; then - _failure "Size is not an integer" + _failure "Size is not an integer" elif [ "$newtombsize" -le "$oldtombsize" ]; then - _failure "the new size must be greater then old tomb size." + _failure "the new size must be greater then old tomb size." fi local delta=`expr $newtombsize \- $oldtombsize` - + local tombsize_4k=`expr $delta \/ 1024` tombsize_4k=`expr $tombsize_4k \/ 4 ` - + act "Generating ${tombfile} of ${newtombsize}Mb (${tombsize_4k} blocks of 4Kb)" "$DD" if=/dev/urandom bs=4k count=${tombsize_4k} of="${tmp_resize}" t@@ -1680,19 +1680,19 @@ resize_tomb() { else _failure "Error creating the extra resize $tmp_resize, operation aborted." fi - + cat "${tmp_resize}" >> "$1" ${=WIPE} "${tmp_resize}" - + local nstloop=`losetup -f` if [ $? = 255 ]; then - _failure "too many tomb opened. Please close any of them to open another tomb" + _failure "too many tomb opened. Please close any of them to open another tomb" fi losetup -f "$1" - + local mapdate=`date +%s` local mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`" - + _message "Password is required for key ${keyname}" for c in 1 2 3; do if [ $c = 1 ]; then t@@ -1700,37 +1700,37 @@ resize_tomb() { else tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"` fi - get_lukskey "${tombpass}" ${tombkey} | \ - cryptsetup --key-file - luksOpen ${nstloop} ${mapper} - - unset tombpass - + get_lukskey "${tombpass}" ${tombkey} | \ + cryptsetup --key-file - luksOpen ${nstloop} ${mapper} + + unset tombpass + if [ -r /dev/mapper/${mapper} ]; then break; # password was correct - fi + fi done if ! [ -r /dev/mapper/${mapper} ]; then - losetup -d ${nstloop} - _failure "failure mounting the encrypted file" + losetup -d ${nstloop} + _failure "failure mounting the encrypted file" fi cryptsetup resize "${mapper}" if [ $? != 0 ]; then - losetup -d ${nstloop} - _failure "cryptsetup failed to resize $mapper" + losetup -d ${nstloop} + _failure "cryptsetup failed to resize $mapper" fi e2fsck -f /dev/mapper/${mapper} if [ $? != 0 ]; then - losetup -d ${nstloop} - _failure "e2fsck failed to check $mapper" + losetup -d ${nstloop} + _failure "e2fsck failed to check $mapper" fi resize2fs /dev/mapper/${mapper} if [ $? != 0 ]; then - losetup -d ${nstloop} - _failure "resize2fs failed to resize $mapper" + losetup -d ${nstloop} + _failure "resize2fs failed to resize $mapper" fi sleep 1 # needs to settle a bit t@@ -1749,7 +1749,7 @@ resize_tomb() { # index files in all tombs for search # $1 is optional, to specify a tomb index_tombs() { - { command -v updatedb > /dev/null } || { + { command -v updatedb > /dev/null } || { die "Cannot index tombs on this system: updatedb not installed" } mounted_tombs=(`list_tomb_mounts $1`) t@@ -1773,7 +1773,7 @@ index_tombs() { done } search_tombs() { - { command -v locate > /dev/null } || { + { command -v locate > /dev/null } || { die "Cannot index tombs on this system: updatedb not installed" } # list all open tombs t@@ -1795,7 +1795,7 @@ search_tombs() { no "run 'tomb index' to create indexes" fi done - + } # {{{ - List t@@ -1835,8 +1835,8 @@ list_tombs() { } if option_is_set --get-mountpoint; then - echo $tombmount - continue + echo $tombmount + continue fi # breaking up such strings is good for translation print -n "$fg[green]$tombname" t@@ -1872,7 +1872,7 @@ list_tombs() { if [[ ${tombp} -ge 90 ]]; then print -n "$fg_no_bold[green]$tombname" - print "$fg_bold[red] Your tomb is almost full!" + print "$fg_bold[red] Your tomb is almost full!" fi # now check hooks t@@ -1996,13 +1996,13 @@ main() { subcommands_opts[resize]="s: -size=s k: -key=k" subcommands_opts[check]="-ignore-swap" # subcommands_opts[translate]="" - + ### Detect subcommand local -aU every_opts #every_opts behave like a set; that is, an array with unique elements for optspec in $subcommands_opts$main_opts; do - for opt in ${=optspec}; do - every_opts+=${opt} - done + for opt in ${=optspec}; do + every_opts+=${opt} + done done local -a oldstar oldstar=($argv) t@@ -2023,12 +2023,12 @@ main() { unset discardme subcommand=$1 if [[ -z $subcommand ]]; then - subcommand="__default" + subcommand="__default" fi if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then - _warning "There's no such command \"$subcommand\"." - _failure "Please try -h for help" 127 + _warning "There's no such command \"$subcommand\"." + _failure "Please try -h for help" 127 # die "Subcommand '$subcommand' doesn't exist" 127 fi argv=(${oldstar}) t@@ -2038,7 +2038,7 @@ main() { # zsh magic: ${=string} will split to multiple arguments when spaces occur set -A cmd_opts ${main_opts} ${=subcommands_opts[$subcommand]} # if there is no option, we don't need parsing - if [[ -n $cmd_opts ]]; then + if [[ -n $cmd_opts ]]; then zparseopts -M -E -D -Aopts ${cmd_opts} if [[ $? != 0 ]]; then _warning "Some error occurred during option processing." t@@ -2066,18 +2066,18 @@ main() { fi ### End parsing command-specific options if ! option_is_set --no-color; then - autoload colors; colors + autoload colors; colors fi if ! option_is_set --unsecure-dev-mode; then - for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do - if option_is_set $opt; then - die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127 - fi - done + for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do + if option_is_set $opt; then + die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127 + fi + done fi # when we run as root, we remember the original uid:gid - # to set permissions for the calling user and drop privileges + # to set permissions for the calling user and drop privileges if option_is_set -U; then _uid="`option_value -U`"; fi if option_is_set -G; then _gid="`option_value -G`"; fi if option_is_set -T; then _tty="`option_value -T`"; fi t@@ -2139,7 +2139,7 @@ main() { _warning "steghide not installed. Cannot bury your key" return 1 fi - encode_key $PARAM[1] $PARAM[2] ;; + encode_key $PARAM[1] $PARAM[2] ;; exhume) if [ "$STEGHIDE" = 0 ]; then _warning "steghide not installed. Cannot exhume your key" t@@ -2152,9 +2152,9 @@ main() { _warning "resize2fs not installed. Cannot resize your tomb." return 1 fi - check_priv - resize_tomb $PARAM[1] - ;; + check_priv + resize_tomb $PARAM[1] + ;; # internal commands useful to developers 'source') return 0 ;;