itfixes, added ssh key deletion - coffin - secure lan file storage on a device Err parazyd.org 70 hgit clone git://parazyd.org/coffin.git URL:git://parazyd.org/coffin.git parazyd.org 70 1Log /git/coffin/log.gph parazyd.org 70 1Files /git/coffin/files.gph parazyd.org 70 1Refs /git/coffin/refs.gph parazyd.org 70 1Submodules /git/coffin/file/.gitmodules.gph parazyd.org 70 1README /git/coffin/file/README.md.gph parazyd.org 70 1LICENSE /git/coffin/file/LICENSE.gph parazyd.org 70 i--- Err parazyd.org 70 1commit 24c573e300584906e439a1bfca1c1c6f645d170a /git/coffin/commit/24c573e300584906e439a1bfca1c1c6f645d170a.gph parazyd.org 70 1parent 839e5e2ff0103e68e1aaeeaaa7fc80126fea52f5 /git/coffin/commit/839e5e2ff0103e68e1aaeeaaa7fc80126fea52f5.gph parazyd.org 70 hAuthor: parazyd URL:mailto:parazyd@dyne.org parazyd.org 70 iDate: Wed, 23 Mar 2016 00:57:30 +0100 Err parazyd.org 70 i Err parazyd.org 70 ifixes, added ssh key deletion Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M src/sacrist | 19 +++++++++++-------- Err parazyd.org 70 i M src/zlibs/features | 36 +++++++++++++++++++++---------- Err parazyd.org 70 i M src/zlibs/hooks | 23 ++++++++++++----------- Err parazyd.org 70 i M src/zlibs/mounts | 14 ++++++++------ Err parazyd.org 70 i M src/zlibs/ttab | 14 +++++++------- Err parazyd.org 70 i Err parazyd.org 70 i5 files changed, 63 insertions(+), 43 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/src/sacrist b/src/sacrist /git/coffin/file/src/sacrist.gph parazyd.org 70 it@@ -32,7 +32,7 @@ source $R/zlibs/keyfiles Err parazyd.org 70 i source $R/zlibs/mounts Err parazyd.org 70 i source $R/zlibs/ttab Err parazyd.org 70 i Err parazyd.org 70 i-LOCK=$R/lock Err parazyd.org 70 i+LOCK=$R/lock # TODO: implement lock Err parazyd.org 70 i [[ -f $LOCK ]] && { warn "Lock found. Wait until finished." && exit } Err parazyd.org 70 i #touch $LOCK Err parazyd.org 70 i Err parazyd.org 70 it@@ -52,24 +52,27 @@ TOMBPASSWD="${TOMBPASSWD:-$GRAVEYARD/passwd}" Err parazyd.org 70 i Err parazyd.org 70 i # Main Err parazyd.org 70 i req=(happenz device) Err parazyd.org 70 i-ckreq || { Err parazyd.org 70 i- _msg failure "Not called through mourner. Exiting..." Err parazyd.org 70 i- # clean Err parazyd.org 70 i- exit Err parazyd.org 70 i-} Err parazyd.org 70 i+#ckreq || { Err parazyd.org 70 i+# die "Not called through mourner. Exiting..." Err parazyd.org 70 i+# # clean Err parazyd.org 70 i+# exit Err parazyd.org 70 i+#} Err parazyd.org 70 i+ Err parazyd.org 70 i+act "Coffin, Cryptographic office filer for important nuggets " Err parazyd.org 70 i+act "Version: $coffin_version, $coffin_release_date" Err parazyd.org 70 i Err parazyd.org 70 i [[ $happenz == "CREATE" ]] && { Err parazyd.org 70 i mount-key $device Err parazyd.org 70 i [[ $? = 0 ]] || { die "Key not mounted successfully." && exit } Err parazyd.org 70 i Err parazyd.org 70 i if [[ -d "$COFFINDOT" ]]; then Err parazyd.org 70 i- notice "Found .coffin" Err parazyd.org 70 i+ act "Found .coffin" Err parazyd.org 70 i [[ -f "$HOOKS" ]] && xxx "Found hooks" && \ Err parazyd.org 70 i check-hooks Err parazyd.org 70 i [[ -f "$TTAB" ]] && xxx "Found ttab" && \ Err parazyd.org 70 i ttab-magic Err parazyd.org 70 i else Err parazyd.org 70 i- _msg warning "No .coffin directory" Err parazyd.org 70 i+ warn "No .coffin directory" Err parazyd.org 70 i fi Err parazyd.org 70 i Err parazyd.org 70 i umount-key $device Err parazyd.org 70 1diff --git a/src/zlibs/features b/src/zlibs/features /git/coffin/file/src/zlibs/features.gph parazyd.org 70 it@@ -6,24 +6,26 @@ check-webdav-hook() { Err parazyd.org 70 i davconf="/etc/apache2/sites-available/coffindav.conf" Err parazyd.org 70 i Err parazyd.org 70 i if [[ $entry =~ webdav && -f $COFFINDOT/webdav.conf ]]; then Err parazyd.org 70 i- notice "Found WebDAV data. Setting up..." Err parazyd.org 70 i+ act "Found WebDAV data. Setting up..." Err parazyd.org 70 i Err parazyd.org 70 i [[ -f $COFFINDOT/davinfo ]] && { Err parazyd.org 70 i cat $COFFINDOT/davinfo >> /etc/apache2/davpasswd Err parazyd.org 70 i [[ $? = 0 ]] && { Err parazyd.org 70 i rm $COFFINDOT/davinfo Err parazyd.org 70 i gpasswd -a www-data $undertaker Err parazyd.org 70 i- notice "Added new WebDAV user" Err parazyd.org 70 i+ act "Added new WebDAV user" Err parazyd.org 70 i } Err parazyd.org 70 i } Err parazyd.org 70 i sed -i -e :a -e '$d;N;2,3ba' -e 'P;D' $davconf Err parazyd.org 70 i cat $COFFINDOT/webdav.conf >> $davconf Err parazyd.org 70 i- notice "Wrote to $davconf" Err parazyd.org 70 i+ act "Wrote to $davconf" Err parazyd.org 70 i /etc/init.d/apache2 restart Err parazyd.org 70 i+ [[ $? = 0 ]] || warn "Apache is funky" Err parazyd.org 70 i rm $COFFINDOT/webdav.conf Err parazyd.org 70 i- notice "Done setting up WebDAV" Err parazyd.org 70 i+ act "Done setting up WebDAV" Err parazyd.org 70 i else Err parazyd.org 70 i- notice "No WebDAV data found" Err parazyd.org 70 i+ act "No WebDAV data found" Err parazyd.org 70 i+ return 0 Err parazyd.org 70 i fi Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 it@@ -34,20 +36,32 @@ check-sshfs-hook() { Err parazyd.org 70 i fn check-sshfs-hook Err parazyd.org 70 i Err parazyd.org 70 i if [[ $entry =~ sshfs && -f $COFFINDOT/sshpubkey ]]; then Err parazyd.org 70 i- notice "Found SSH data. Setting up..." Err parazyd.org 70 i+ act "Found SSH data. Setting up..." Err parazyd.org 70 i Err parazyd.org 70 i mkdir -p /home/$undertaker/.ssh Err parazyd.org 70 i- cat $COFFINDOT/sshpubkey >> /home/$undertaker/.ssh/authorized_keys Err parazyd.org 70 i+ cat $COFFINDOT/$tombid.pub >> /home/$undertaker/.ssh/authorized_keys Err parazyd.org 70 i chown -R $undertaker:$undertaker /home/$undertaker/.ssh Err parazyd.org 70 i chmod 700 /home/$undertaker/.ssh && chmod 600 /home/$undertaker/.ssh/authorized_keys Err parazyd.org 70 i Err parazyd.org 70 i- [[ $? = 0 ]] && notice "Wrote to authorized_keys" \ Err parazyd.org 70 i- && notice "Done setting up SSH" Err parazyd.org 70 i+ [[ $? = 0 ]] && act "Wrote to authorized_keys" \ Err parazyd.org 70 i+ && act "Done setting up SSH" Err parazyd.org 70 i Err parazyd.org 70 i # TODO: remove SSH key from usb Err parazyd.org 70 i else Err parazyd.org 70 i- notice "No SSH data found" Err parazyd.org 70 i+ act "No SSH data found" Err parazyd.org 70 i fi Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i-delete-sshfs-hook() { } Err parazyd.org 70 i+delete-sshfs-hook() { Err parazyd.org 70 i+ fn delete-sshfs-hook $* Err parazyd.org 70 i+ req=(undertaker tombid) Err parazyd.org 70 i+ undertaker="$1" Err parazyd.org 70 i+ tombid="$2" Err parazyd.org 70 i+ ckreq || return 1 Err parazyd.org 70 i+ Err parazyd.org 70 i+ authkeys="/home/$undertaker/.ssh/authorized_keys" Err parazyd.org 70 i+ tempkeys="/home/$undertaker/.ssh/tempkeys" Err parazyd.org 70 i+ Err parazyd.org 70 i+ grep -v $tombid $authkeys > $tempkeys Err parazyd.org 70 i+ mv $tempkeys $authkeys Err parazyd.org 70 i+} Err parazyd.org 70 1diff --git a/src/zlibs/hooks b/src/zlibs/hooks /git/coffin/file/src/zlibs/hooks.gph parazyd.org 70 it@@ -7,7 +7,7 @@ check-hooks() { Err parazyd.org 70 i line=0 Err parazyd.org 70 i for entry in $(cat $HOOKS); do Err parazyd.org 70 i let hook=$line+1 Err parazyd.org 70 i- notice "Found hook $line..." Err parazyd.org 70 i+ act "Found hook $line..." Err parazyd.org 70 i Err parazyd.org 70 i # Check what's hook supposed to do Err parazyd.org 70 i if [[ ${entry[(ws@:@)1]} == "create" ]]; then Err parazyd.org 70 it@@ -17,9 +17,10 @@ check-hooks() { Err parazyd.org 70 i elif [[ ${entry[(ws@:@)1]} == "backup" ]]; then Err parazyd.org 70 i backup-tomb Err parazyd.org 70 i else Err parazyd.org 70 i- _msg failure "No valid hook syntax on hook $hook" Err parazyd.org 70 i+ die "No valid hook syntax on hook $hook" Err parazyd.org 70 i print $entry >> $HOOKS.fail Err parazyd.org 70 i- notice "Wrote failed hook to $HOOKS.fail" Err parazyd.org 70 i+ act "Wrote failed hook to $HOOKS.fail" Err parazyd.org 70 i+ return 1 Err parazyd.org 70 i fi Err parazyd.org 70 i done Err parazyd.org 70 i Err parazyd.org 70 it@@ -32,7 +33,7 @@ create-new-tomb() { Err parazyd.org 70 i # TODO: recognize custom post/bind hooks and implement them in the Err parazyd.org 70 i # new tomb Err parazyd.org 70 i Err parazyd.org 70 i- notice "Creating new tomb" Err parazyd.org 70 i+ act "Creating new tomb" Err parazyd.org 70 i Err parazyd.org 70 i undertaker=${entry[(ws@:@)2]} && xxx "Undertaker: $undertaker" Err parazyd.org 70 i tombid=${entry[(ws@:@)3]} && xxx "Tombid: $tombid" Err parazyd.org 70 it@@ -43,38 +44,38 @@ create-new-tomb() { Err parazyd.org 70 i [[ $? = 0 ]] || { Err parazyd.org 70 i warn "User $undertaker not found. Creating..." Err parazyd.org 70 i useradd -G coffin -m -s /bin/nologin $undertaker Err parazyd.org 70 i- notice "Created user $undertaker" Err parazyd.org 70 i+ act "Created user $undertaker" Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i- notice "Digging your tomb..." Err parazyd.org 70 i+ act "Digging your tomb..." Err parazyd.org 70 i Err parazyd.org 70 i sudo -u $undertaker $TOMB dig -s $tombsize $GRAVEYARD/$tombid.tomb || \ Err parazyd.org 70 i (die "Digging went downhill. Cleaning and exiting" && \ Err parazyd.org 70 i- clean-failed-hook) Err parazyd.org 70 i+ clean-failed-hook) Err parazyd.org 70 i Err parazyd.org 70 i sudo -u $undertaker $TOMB forge $GRAVEYARD/$tombid.key \ Err parazyd.org 70 i --unsafe \ Err parazyd.org 70 i --tomb-pwd "$keypass" || \ Err parazyd.org 70 i (die "Forging key went downhill. Cleaning and exiting" && \ Err parazyd.org 70 i- clean-failed-hook) Err parazyd.org 70 i+ clean-failed-hook) Err parazyd.org 70 i Err parazyd.org 70 i sudo -u $undertaker $TOMB lock $GRAVEYARD/$tombid.tomb \ Err parazyd.org 70 i -k $GRAVEYARD/$tombid.key \ Err parazyd.org 70 i --unsafe \ Err parazyd.org 70 i --tomb-pwd "$keypass" || \ Err parazyd.org 70 i (die "Locking tomb went downhill. Cleaning and exiting" && \ Err parazyd.org 70 i- clean-failed-hook) Err parazyd.org 70 i+ clean-failed-hook) Err parazyd.org 70 i Err parazyd.org 70 i xxx "Moving your keyfile to your USB key..." Err parazyd.org 70 i mv $GRAVEYARD/$tombid.key $COFFINDOT/ && \ Err parazyd.org 70 i chown $undertaker:$undertaker $COFFINDOT/$tombid.key && \ Err parazyd.org 70 i- xxx "Moved and chowned keyfile" Err parazyd.org 70 i+ xxx "Moved and chowned keyfile" Err parazyd.org 70 i Err parazyd.org 70 i print "${undertaker}:${tombid}:false" >> $TTAB Err parazyd.org 70 i Err parazyd.org 70 i hash-key Err parazyd.org 70 i print "${keyhash}:${keypass}" >> $TOMBPASSWD Err parazyd.org 70 i- notice "Wrote to ttab and tombpasswd" Err parazyd.org 70 i+ act "Wrote to ttab and tombpasswd" Err parazyd.org 70 i Err parazyd.org 70 i # Check for features Err parazyd.org 70 i check-webdav-hook Err parazyd.org 70 1diff --git a/src/zlibs/mounts b/src/zlibs/mounts /git/coffin/file/src/zlibs/mounts.gph parazyd.org 70 it@@ -3,15 +3,16 @@ Err parazyd.org 70 i mount-key() { Err parazyd.org 70 i fn mount-key $* Err parazyd.org 70 i req=(device) Err parazyd.org 70 i+ device="$1" Err parazyd.org 70 i ckreq || return 1 Err parazyd.org 70 i Err parazyd.org 70 i if [[ -d $KEYMOUNT ]]; then Err parazyd.org 70 i- _msg failure "$KEYMOUNT already exists." Err parazyd.org 70 i+ die "$KEYMOUNT already exists." Err parazyd.org 70 i return 1 Err parazyd.org 70 i else Err parazyd.org 70 i- notice "Creating $KEYMOUNT" Err parazyd.org 70 i+ act "Creating $KEYMOUNT" Err parazyd.org 70 i mkdir -p $KEYMOUNT Err parazyd.org 70 i- notice "Mounting..." Err parazyd.org 70 i+ act "Mounting..." Err parazyd.org 70 i mount $device $KEYMOUNT Err parazyd.org 70 i return 0 Err parazyd.org 70 i fi Err parazyd.org 70 it@@ -20,16 +21,17 @@ mount-key() { Err parazyd.org 70 i umount-key() { Err parazyd.org 70 i fn umount-key $? Err parazyd.org 70 i req=(device) Err parazyd.org 70 i+ device="$1" Err parazyd.org 70 i ckreq || return 1 Err parazyd.org 70 i Err parazyd.org 70 i if [[ -d $KEYMOUNT ]]; then Err parazyd.org 70 i- notice "Unmounting $device" Err parazyd.org 70 i+ act "Unmounting $device" Err parazyd.org 70 i umount $device \ Err parazyd.org 70 i && rmdir $KEYMOUNT Err parazyd.org 70 i- notice "Success umounting" Err parazyd.org 70 i+ act "Success umounting" Err parazyd.org 70 i return 0 Err parazyd.org 70 i else Err parazyd.org 70 i- notice "No $KEYMOUNT found" Err parazyd.org 70 i+ act "No $KEYMOUNT found" Err parazyd.org 70 i return 0 Err parazyd.org 70 i fi Err parazyd.org 70 i } Err parazyd.org 70 1diff --git a/src/zlibs/ttab b/src/zlibs/ttab /git/coffin/file/src/zlibs/ttab.gph parazyd.org 70 it@@ -3,33 +3,33 @@ Err parazyd.org 70 i ttab-magic() { Err parazyd.org 70 i fn ttab-magic Err parazyd.org 70 i Err parazyd.org 70 i- notice "Doing ttab magic..." Err parazyd.org 70 i+ act "Doing ttab magic..." Err parazyd.org 70 i Err parazyd.org 70 i line=0 Err parazyd.org 70 i for entry in $(cat $TTAB); do Err parazyd.org 70 i let line=$line+1 Err parazyd.org 70 i- notice "Found line $line..." Err parazyd.org 70 i+ act "Found line $line..." Err parazyd.org 70 i Err parazyd.org 70 i [[ ${entry[(ws@:@)3]} == "true" ]] && { Err parazyd.org 70 i- notice "Working on tomb from line $line" Err parazyd.org 70 i+ act "Working on tomb from line $line" Err parazyd.org 70 i Err parazyd.org 70 i undertaker=${entry[(ws@:@)1]} && xxx "Undertaker: $undertaker" Err parazyd.org 70 i tombid=${entry[(ws@:@)2]} && xxx "Tombid: $tombid" Err parazyd.org 70 i Err parazyd.org 70 i compare-key Err parazyd.org 70 i [[ $? = 0 ]] && { Err parazyd.org 70 i- notice "compare-key -> true" Err parazyd.org 70 i+ act "compare-key -> true" Err parazyd.org 70 i sudo -u $undertaker $TOMB slam $tombid Err parazyd.org 70 i Err parazyd.org 70 i cp $TOMBS $TMPTOMBS Err parazyd.org 70 i grep -v "${keyhash}:${keyuuid}" $TMPTOMBS > $TOMBS && \ Err parazyd.org 70 i chmod 600 $TOMBS && \ Err parazyd.org 70 i- notice "Updated $TOMBS" Err parazyd.org 70 i+ act "Updated $TOMBS" Err parazyd.org 70 i rm $TMPTOMBS Err parazyd.org 70 i continue Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i- notice "compare-key -> false" Err parazyd.org 70 i+ act "compare-key -> false" Err parazyd.org 70 i Err parazyd.org 70 i hash-key Err parazyd.org 70 i keypass=$(grep $keyhash $TOMBPASSWD) Err parazyd.org 70 it@@ -47,7 +47,7 @@ ttab-magic() { Err parazyd.org 70 i chmod g+rw /media/$tombid Err parazyd.org 70 i print "${undertaker}:${keyhash}:${keyuuid}" >> $TOMBS && \ Err parazyd.org 70 i chmod 600 $TOMBS && \ Err parazyd.org 70 i- notice "Added info to $TOMBS" Err parazyd.org 70 i+ act "Added info to $TOMBS" Err parazyd.org 70 i } Err parazyd.org 70 i } Err parazyd.org 70 i done Err parazyd.org 70 .