tundertaker - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
tundertaker (6767B)
---
1 #!/bin/zsh
2 #
3 # Undertaker, auxiliary command for Tomb
4 #
5 # Tomb is a tool to operate file encryption of private and secret data
6 #
7 # Undertaker is a tool to retrieve tomb keys from various sources
8 #
9 # {{{ Copyleft (C) 2012 Dyne.org foundation
10 # 2011-2012 Denis Roio <jaromil@dyne.org>
11 #
12 # This source code is free software; you can redistribute it and/or
13 # modify it under the terms of the GNU Public License as published by
14 # the Free Software Foundation; either version 3 of the License, or
15 # (at your option) any later version.
16 #
17 # This source code is distributed in the hope that it will be useful,
18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 # Please refer to the GNU Public License for more details.
21 #
22 # You should have received a copy of the GNU Public License along with
23 # this source code; if not, write to:
24 # Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25
26 # }}}
27
28 # signal traps (special funcs in Zsh)
29 TRAPKILL() die "KILL signal caught, undertaker aborting."
30 TRAPSTOP() die "STOP signal caught, undertaker aborting."
31
32 # first of all source the tomb core functions
33 TOMBBIN=$(dirname $(readlink -f $0))/tomb
34 if ! [[ -x $TOMBBIN ]]; then
35 print "$fg[red][!]$fg[white] Tomb command not found, operation aborted." >&2; exit 1
36 fi
37 source $TOMBBIN ${tomb_opts[@]} source
38 TOMBEXEC=undertaker
39
40 key_found() {
41 # $1 is "url"
42 if option_is_set --batch; then
43 print -n '[m]' >&2
44 fi
45 print "$fg[white][found] $1" >&2
46 }
47
48
49
50 function undertaker_scheme() {
51 zparseopts -D -path=print_path
52
53 local scheme
54 scheme=$1
55 local keypath
56 keypath=$2
57 case $scheme in
58
59
60 bluetooth)
61 #TODO: support --print-path
62 act "access to bluetooth protocol requested"
63 which obexftp &> /dev/null
64 if [[ $? != 0 ]]; then
65 _warning "obexftp not found, needed for bluetooth: operation aborted."
66 return 64
67 fi
68 keytmp=`safe_dir undertaker`
69 cd $keytmp
70 # fetch key from bluetooth, url format: bluetooth://55:33:44:55:66/file/path
71 obexdevpath=${keypath#*//}
72 obexdev=${obexdevpath%%/*}
73 obexpath=${obexdevpath#*/}
74 act "obex device: $obexdev"
75 act "obex path: $obexpath"
76 obexftp -b $obexdev -g $obexpath
77 if [[ $? != 0 ]]; then
78 rmdir ${keytmp}
79 die "a problem occurred retreiving the key via bluetooth."
80 fi
81 # print out the key on stdout
82 if option_is_set --path; then
83 echo $obexpath
84 # up to the caller to delete the key
85 # TODO: --path should have the directory where to put the key
86 # as argument, instead of creating keytmp
87 else
88 cat `pwd`/$obexpath >&1
89 # wipe out the key
90 ${WIPE[@]} $obexpath
91 cd -
92 rmdir ${keytmp}
93 fi
94
95 # tombkey="basename $obexpath"
96 ;;
97
98 file)
99 if ! [[ -f $keypath ]]; then
100 _warning "Invalid path $keypath"
101 return 1
102 fi
103 if option_is_set --path; then
104 key_found $scheme://$keypath;
105 else
106 < $keypath
107 r=$?
108 if [[ $r != 0 ]]; then return 1; fi
109 return 0
110 fi
111 ;;
112
113 mounted)
114 for mountpoint in `cut -f2 /etc/mtab -d ' ' | sort -u`; do
115 undertaker_scheme ${print_path[@]} file ${mountpoint}/${keypath}
116 ret=$?
117 if [[ $ret == 0 ]]; then
118 return 0
119 fi
120 done
121 ;;
122
123 udisks)
124 #It implements automounting using udisks; udisks is a (recently)
125 #new technology, so we can't rely on it being present
126 if ! which udisks &> /dev/null; then
127 _warning 'udisks not found'
128 exit 64
129 fi
130 while true; do
131 device=`udisks --monitor|egrep '/sd[a-z][0-9]' -o -m1`
132 device=/dev$device
133 udisks --mount $device
134 ###get mountpoint for device
135 mountpoint=`egrep "^${device} " /etc/mtab|cut -d ' ' -f2`
136 undertaker_scheme ${print_path[@]} file ${mountpoint}/${keypath}
137 ret=$?
138 udisks --unmount $device
139 if [[ $ret == 0 ]]; then
140 return 0
141 fi
142 done
143 ;;
144
145 near)
146 ###Given the path to the tomb, search the key near to that
147 undertaker_scheme file ${keypath}.key
148 ;;
149
150
151
152 *)
153 if ! which undertaker-$scheme &> /dev/null; then
154 _warning "url protocol not recognized: $scheme"
155 return 64
156 fi
157 undertaker-$scheme ${print_path[@]} ${scheme}://$keypath
158 return $?
159 ;;
160 esac
161 }
162
163 function main() {
164 typeset -A opts
165 zparseopts -M -E -D -Aopts -poll -path -batch
166 if ! [ $1 ] ; then
167 print "[W] an argument is missing, the undertaker is confused" >&2
168 print "usage: undertaker [options] url://host:path/to/tomb.key" >&2
169 exit 1;
170 fi
171 local -a tomb_opts
172 if [[ -n ${(k)opts[--batch]} ]]; then
173 tomb_opts+='--no-color'
174 tomb_opts+='--quiet'
175 fi
176 local -a under_opts
177 if [[ -n ${(k)opts[--path]} ]]; then
178 under_opts+='--path'
179 fi
180 local -A backupopts
181 for a in ${(k)opts}; do
182 backupopts[$a]=${opts[$a]}
183 done
184 source tomb ${tomb_opts[@]} source
185 TOMBEXEC=undertaker
186 for a in ${(k)backupopts}; do
187 opts[$a]=${backupopts[$a]}
188 done
189 check_bin
190
191 _success "Undertaker will look for $1"
192
193 ARG1=${1}
194 scheme=${ARG1%://*}
195 keypath=${ARG1#*//}
196
197 if [[ -n ${(k)opts[--poll]} ]]; then
198 while true; do
199 progress poll 0 search
200 undertaker_scheme ${under_opts[@]} $scheme $keypath
201 r=$?
202 if [[ $r == 64 ]]; then
203 exit 64
204 fi
205 progress poll 100 done
206 sleep 3
207 done
208 else
209 undertaker_scheme ${under_opts[@]} $scheme $keypath
210 fi
211 }
212 main $*
213
214 ### Conventions and other comments:
215 #
216 # EXIT CODES FOR SCHEME HANDLERS
217 # 0 is for everything went fine
218 # 64 is for "not supported/the problem won't be solved by polling". This is for things like: unmet dependencies, not supported at all, etc
219 # everything else means just "error". Use 1, please. So other codes can be used if needed
220 #