tfixes, added ssh key deletion - coffin - secure lan file storage on a device
(HTM) git clone git://parazyd.org/coffin.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) Submodules
(DIR) README
(DIR) LICENSE
---
(DIR) commit 24c573e300584906e439a1bfca1c1c6f645d170a
(DIR) parent 839e5e2ff0103e68e1aaeeaaa7fc80126fea52f5
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Wed, 23 Mar 2016 00:57:30 +0100
fixes, added ssh key deletion
Diffstat:
M src/sacrist | 19 +++++++++++--------
M src/zlibs/features | 36 +++++++++++++++++++++----------
M src/zlibs/hooks | 23 ++++++++++++-----------
M src/zlibs/mounts | 14 ++++++++------
M src/zlibs/ttab | 14 +++++++-------
5 files changed, 63 insertions(+), 43 deletions(-)
---
(DIR) diff --git a/src/sacrist b/src/sacrist
t@@ -32,7 +32,7 @@ source $R/zlibs/keyfiles
source $R/zlibs/mounts
source $R/zlibs/ttab
-LOCK=$R/lock
+LOCK=$R/lock # TODO: implement lock
[[ -f $LOCK ]] && { warn "Lock found. Wait until finished." && exit }
#touch $LOCK
t@@ -52,24 +52,27 @@ TOMBPASSWD="${TOMBPASSWD:-$GRAVEYARD/passwd}"
# Main
req=(happenz device)
-ckreq || {
- _msg failure "Not called through mourner. Exiting..."
- # clean
- exit
-}
+#ckreq || {
+# die "Not called through mourner. Exiting..."
+# # clean
+# exit
+#}
+
+act "Coffin, Cryptographic office filer for important nuggets "
+act "Version: $coffin_version, $coffin_release_date"
[[ $happenz == "CREATE" ]] && {
mount-key $device
[[ $? = 0 ]] || { die "Key not mounted successfully." && exit }
if [[ -d "$COFFINDOT" ]]; then
- notice "Found .coffin"
+ act "Found .coffin"
[[ -f "$HOOKS" ]] && xxx "Found hooks" && \
check-hooks
[[ -f "$TTAB" ]] && xxx "Found ttab" && \
ttab-magic
else
- _msg warning "No .coffin directory"
+ warn "No .coffin directory"
fi
umount-key $device
(DIR) diff --git a/src/zlibs/features b/src/zlibs/features
t@@ -6,24 +6,26 @@ check-webdav-hook() {
davconf="/etc/apache2/sites-available/coffindav.conf"
if [[ $entry =~ webdav && -f $COFFINDOT/webdav.conf ]]; then
- notice "Found WebDAV data. Setting up..."
+ act "Found WebDAV data. Setting up..."
[[ -f $COFFINDOT/davinfo ]] && {
cat $COFFINDOT/davinfo >> /etc/apache2/davpasswd
[[ $? = 0 ]] && {
rm $COFFINDOT/davinfo
gpasswd -a www-data $undertaker
- notice "Added new WebDAV user"
+ act "Added new WebDAV user"
}
}
sed -i -e :a -e '$d;N;2,3ba' -e 'P;D' $davconf
cat $COFFINDOT/webdav.conf >> $davconf
- notice "Wrote to $davconf"
+ act "Wrote to $davconf"
/etc/init.d/apache2 restart
+ [[ $? = 0 ]] || warn "Apache is funky"
rm $COFFINDOT/webdav.conf
- notice "Done setting up WebDAV"
+ act "Done setting up WebDAV"
else
- notice "No WebDAV data found"
+ act "No WebDAV data found"
+ return 0
fi
}
t@@ -34,20 +36,32 @@ check-sshfs-hook() {
fn check-sshfs-hook
if [[ $entry =~ sshfs && -f $COFFINDOT/sshpubkey ]]; then
- notice "Found SSH data. Setting up..."
+ act "Found SSH data. Setting up..."
mkdir -p /home/$undertaker/.ssh
- cat $COFFINDOT/sshpubkey >> /home/$undertaker/.ssh/authorized_keys
+ cat $COFFINDOT/$tombid.pub >> /home/$undertaker/.ssh/authorized_keys
chown -R $undertaker:$undertaker /home/$undertaker/.ssh
chmod 700 /home/$undertaker/.ssh && chmod 600 /home/$undertaker/.ssh/authorized_keys
- [[ $? = 0 ]] && notice "Wrote to authorized_keys" \
- && notice "Done setting up SSH"
+ [[ $? = 0 ]] && act "Wrote to authorized_keys" \
+ && act "Done setting up SSH"
# TODO: remove SSH key from usb
else
- notice "No SSH data found"
+ act "No SSH data found"
fi
}
-delete-sshfs-hook() { }
+delete-sshfs-hook() {
+ fn delete-sshfs-hook $*
+ req=(undertaker tombid)
+ undertaker="$1"
+ tombid="$2"
+ ckreq || return 1
+
+ authkeys="/home/$undertaker/.ssh/authorized_keys"
+ tempkeys="/home/$undertaker/.ssh/tempkeys"
+
+ grep -v $tombid $authkeys > $tempkeys
+ mv $tempkeys $authkeys
+}
(DIR) diff --git a/src/zlibs/hooks b/src/zlibs/hooks
t@@ -7,7 +7,7 @@ check-hooks() {
line=0
for entry in $(cat $HOOKS); do
let hook=$line+1
- notice "Found hook $line..."
+ act "Found hook $line..."
# Check what's hook supposed to do
if [[ ${entry[(ws@:@)1]} == "create" ]]; then
t@@ -17,9 +17,10 @@ check-hooks() {
elif [[ ${entry[(ws@:@)1]} == "backup" ]]; then
backup-tomb
else
- _msg failure "No valid hook syntax on hook $hook"
+ die "No valid hook syntax on hook $hook"
print $entry >> $HOOKS.fail
- notice "Wrote failed hook to $HOOKS.fail"
+ act "Wrote failed hook to $HOOKS.fail"
+ return 1
fi
done
t@@ -32,7 +33,7 @@ create-new-tomb() {
# TODO: recognize custom post/bind hooks and implement them in the
# new tomb
- notice "Creating new tomb"
+ act "Creating new tomb"
undertaker=${entry[(ws@:@)2]} && xxx "Undertaker: $undertaker"
tombid=${entry[(ws@:@)3]} && xxx "Tombid: $tombid"
t@@ -43,38 +44,38 @@ create-new-tomb() {
[[ $? = 0 ]] || {
warn "User $undertaker not found. Creating..."
useradd -G coffin -m -s /bin/nologin $undertaker
- notice "Created user $undertaker"
+ act "Created user $undertaker"
}
- notice "Digging your tomb..."
+ act "Digging your tomb..."
sudo -u $undertaker $TOMB dig -s $tombsize $GRAVEYARD/$tombid.tomb || \
(die "Digging went downhill. Cleaning and exiting" && \
- clean-failed-hook)
+ clean-failed-hook)
sudo -u $undertaker $TOMB forge $GRAVEYARD/$tombid.key \
--unsafe \
--tomb-pwd "$keypass" || \
(die "Forging key went downhill. Cleaning and exiting" && \
- clean-failed-hook)
+ clean-failed-hook)
sudo -u $undertaker $TOMB lock $GRAVEYARD/$tombid.tomb \
-k $GRAVEYARD/$tombid.key \
--unsafe \
--tomb-pwd "$keypass" || \
(die "Locking tomb went downhill. Cleaning and exiting" && \
- clean-failed-hook)
+ clean-failed-hook)
xxx "Moving your keyfile to your USB key..."
mv $GRAVEYARD/$tombid.key $COFFINDOT/ && \
chown $undertaker:$undertaker $COFFINDOT/$tombid.key && \
- xxx "Moved and chowned keyfile"
+ xxx "Moved and chowned keyfile"
print "${undertaker}:${tombid}:false" >> $TTAB
hash-key
print "${keyhash}:${keypass}" >> $TOMBPASSWD
- notice "Wrote to ttab and tombpasswd"
+ act "Wrote to ttab and tombpasswd"
# Check for features
check-webdav-hook
(DIR) diff --git a/src/zlibs/mounts b/src/zlibs/mounts
t@@ -3,15 +3,16 @@
mount-key() {
fn mount-key $*
req=(device)
+ device="$1"
ckreq || return 1
if [[ -d $KEYMOUNT ]]; then
- _msg failure "$KEYMOUNT already exists."
+ die "$KEYMOUNT already exists."
return 1
else
- notice "Creating $KEYMOUNT"
+ act "Creating $KEYMOUNT"
mkdir -p $KEYMOUNT
- notice "Mounting..."
+ act "Mounting..."
mount $device $KEYMOUNT
return 0
fi
t@@ -20,16 +21,17 @@ mount-key() {
umount-key() {
fn umount-key $?
req=(device)
+ device="$1"
ckreq || return 1
if [[ -d $KEYMOUNT ]]; then
- notice "Unmounting $device"
+ act "Unmounting $device"
umount $device \
&& rmdir $KEYMOUNT
- notice "Success umounting"
+ act "Success umounting"
return 0
else
- notice "No $KEYMOUNT found"
+ act "No $KEYMOUNT found"
return 0
fi
}
(DIR) diff --git a/src/zlibs/ttab b/src/zlibs/ttab
t@@ -3,33 +3,33 @@
ttab-magic() {
fn ttab-magic
- notice "Doing ttab magic..."
+ act "Doing ttab magic..."
line=0
for entry in $(cat $TTAB); do
let line=$line+1
- notice "Found line $line..."
+ act "Found line $line..."
[[ ${entry[(ws@:@)3]} == "true" ]] && {
- notice "Working on tomb from line $line"
+ act "Working on tomb from line $line"
undertaker=${entry[(ws@:@)1]} && xxx "Undertaker: $undertaker"
tombid=${entry[(ws@:@)2]} && xxx "Tombid: $tombid"
compare-key
[[ $? = 0 ]] && {
- notice "compare-key -> true"
+ act "compare-key -> true"
sudo -u $undertaker $TOMB slam $tombid
cp $TOMBS $TMPTOMBS
grep -v "${keyhash}:${keyuuid}" $TMPTOMBS > $TOMBS && \
chmod 600 $TOMBS && \
- notice "Updated $TOMBS"
+ act "Updated $TOMBS"
rm $TMPTOMBS
continue
}
- notice "compare-key -> false"
+ act "compare-key -> false"
hash-key
keypass=$(grep $keyhash $TOMBPASSWD)
t@@ -47,7 +47,7 @@ ttab-magic() {
chmod g+rw /media/$tombid
print "${undertaker}:${keyhash}:${keyuuid}" >> $TOMBS && \
chmod 600 $TOMBS && \
- notice "Added info to $TOMBS"
+ act "Added info to $TOMBS"
}
}
done