tfinished rewriting using zuper - coffin - secure lan file storage on a device
(HTM) git clone git://parazyd.org/coffin.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) Submodules
(DIR) README
(DIR) LICENSE
---
(DIR) commit 839e5e2ff0103e68e1aaeeaaa7fc80126fea52f5
(DIR) parent 77fab0eb4f6f0258c3620ba481780cac5b6f00dd
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Wed, 23 Mar 2016 00:09:12 +0100
finished rewriting using zuper
Code has been mostly refactored, and now using the zuper library
which will greatly enhance performance, and help along with development
Diffstat:
M src/mourner | 4 ++--
M src/sacrist | 81 +++++++++++++++++++------------
M src/zlibs/features | 22 +++++++++++++++-------
M src/zlibs/hooks | 66 ++++++++++++++++---------------
M src/zlibs/keyfiles | 9 ++++++---
M src/zlibs/mounts | 28 ++++++++++++++++------------
M src/zlibs/ttab | 40 ++++++++++++++++----------------
7 files changed, 143 insertions(+), 107 deletions(-)
---
(DIR) diff --git a/src/mourner b/src/mourner
t@@ -11,11 +11,11 @@ while read -r -u "${COPROC[0]}" event file; do
if [[ $file =~ $pattern ]]; then
case $event in
CREATE)
- echo "Created $file..."; sleep 1
+ echo "Created $file..." #; sleep 1
`pwd`/sacrist $file $event
;;
DELETE)
- echo "Removed $file..."; sleep 1
+ echo "Removed $file..." #; sleep 1
`pwd`/sacrist $file $event
;;
esac
(DIR) diff --git a/src/sacrist b/src/sacrist
t@@ -4,60 +4,79 @@
#
# ~ parazyd
+coffin_version=0.2
+coffin_release_date="Mar/2016"
+
+DEBUG=${DEBUG:-1}
+QUIET=${QUIET:-0}
+LOG=${LOG:-""}
+
zkv=1
helpers=1
-R=$(pwd)
+R=${COFFIN_PATH:-`pwd`}
source $R/zlibs/zuper
+# USB key
vars+=(device keyuuid)
+# Locals
+vars+=(GRAVEYARD TOMBS TMPTOMBS TOMBPASSWD)
+vars+=(KEYMOUNT COFFINDOT TTAB HOOKS)
+vars+=(keypass undertaker tombid)
+vars+=(happenz device keyuuid)
+source $R/zlibs/zuper.init
source $R/zlibs/features
source $R/zlibs/hooks
source $R/zlibs/keyfiles
source $R/zlibs/mounts
source $R/zlibs/ttab
-source $R/zlibs/zuper.init
+LOCK=$R/lock
+[[ -f $LOCK ]] && { warn "Lock found. Wait until finished." && exit }
+#touch $LOCK
-device=$1
-happenz=$2
-keyuuid=$(lsblk -no uuid $device)
-
-typeset -H keypass
-typeset -H keyuuid
-typeset -H undertaker
-typeset -H graveyard
-typeset -H tombs
-typeset -H tombpasswd
-
-# Vars
-graveyard="/home/graveyard" # Our graveyard, with all the tombs
-tombs="$graveyard/tombs" # Info about opened tombs, holds keyuuid, keyhash and tombid
-tmptombs="$graveyard/tmptombs" # Temp tempfile, for updating $tombs
-keymount="/media/tombkey" # Directory where keys get mounted
-coffindot="$keymount/.coffin" # .coffin directory on the usb key
-ttab="$coffindot/ttab" # Our ttab
-hooks="$coffindot/hook"
-tomb="/usr/local/bin/tomb"
-tombpasswd="$graveyard/passwd"
+device=$1 && xxx "Device: $device"
+happenz=$2 && xxx "Happenz: $happenz"
+keyuuid=$(lsblk -no uuid $device) && xxx "Key UUID: $keyuuid"
-[[ $happenz == "CREATE" ]] && {
- mount-key
+GRAVEYARD="${GRAVEYARD:-/home/graveyard}" # Our graveyard, with all the tombs
+TOMBS="${TOMBS:-$GRAVEYARD/tombs}" # Info about opened tombs, holds keyuuid, keyhash and tombid
+TMPTOMBS="${TMPTOMBS:-$GRAVEYARD/tmptombs}" # Temp tempfile, for updating $tombs
+KEYMOUNT="${KEYMOUNT:-/media/tombkey}" # Directory where keys get mounted
+COFFINDOT="${COFFINDOT:-$KEYMOUNT/.coffin}" # .coffin directory on the usb key
+TTAB="${TTAB:-$COFFINDOT/ttab}" # Our ttab
+HOOKS="${HOOKS:-$COFFINDOT/hook}"
+TOMB="${TOMB:-/usr/local/bin/tomb}"
+TOMBPASSWD="${TOMBPASSWD:-$GRAVEYARD/passwd}"
- if [[ -d "$coffindot" ]]; then
- notice "Found .coffin"
+# Main
+req=(happenz device)
+ckreq || {
+ _msg failure "Not called through mourner. Exiting..."
+ # clean
+ exit
+}
- [[ -f "$hooks" ]] && check-hooks
- [[ -f "$ttab" ]] && ttab-magic
+[[ $happenz == "CREATE" ]] && {
+ mount-key $device
+ [[ $? = 0 ]] || { die "Key not mounted successfully." && exit }
+ if [[ -d "$COFFINDOT" ]]; then
+ notice "Found .coffin"
+ [[ -f "$HOOKS" ]] && xxx "Found hooks" && \
+ check-hooks
+ [[ -f "$TTAB" ]] && xxx "Found ttab" && \
+ ttab-magic
else
_msg warning "No .coffin directory"
fi
- umount-key
+ umount-key $device
+ # cleanup & exit
}
[[ $happenz == "DELETE" ]] && {
- # Some kind of endgame
+ # TODO: Some kind of endgame
}
+
(DIR) diff --git a/src/zlibs/features b/src/zlibs/features
t@@ -5,41 +5,49 @@ check-webdav-hook() {
davconf="/etc/apache2/sites-available/coffindav.conf"
- if [[ $entry =~ webdav && -f $coffindot/webdav.conf ]]; then
+ if [[ $entry =~ webdav && -f $COFFINDOT/webdav.conf ]]; then
notice "Found WebDAV data. Setting up..."
- [[ -f $coffindot/davinfo ]] && {
- cat $coffindot/davinfo >> /etc/apache2/davpasswd
+ [[ -f $COFFINDOT/davinfo ]] && {
+ cat $COFFINDOT/davinfo >> /etc/apache2/davpasswd
[[ $? = 0 ]] && {
- rm $coffindot/davinfo
+ rm $COFFINDOT/davinfo
gpasswd -a www-data $undertaker
notice "Added new WebDAV user"
}
}
sed -i -e :a -e '$d;N;2,3ba' -e 'P;D' $davconf
- cat $coffindot/webdav.conf >> $davconf
+ cat $COFFINDOT/webdav.conf >> $davconf
notice "Wrote to $davconf"
/etc/init.d/apache2 restart
+ rm $COFFINDOT/webdav.conf
notice "Done setting up WebDAV"
else
notice "No WebDAV data found"
fi
}
+delete-webdav-hook() { }
+
+
check-sshfs-hook() {
fn check-sshfs-hook
- if [[ $entry =~ sshfs && -f $coffindot/sshpubkey ]]; then
+ if [[ $entry =~ sshfs && -f $COFFINDOT/sshpubkey ]]; then
notice "Found SSH data. Setting up..."
mkdir -p /home/$undertaker/.ssh
- cat $coffindot/sshpubkey >> /home/$undertaker/.ssh/authorized_keys
+ cat $COFFINDOT/sshpubkey >> /home/$undertaker/.ssh/authorized_keys
chown -R $undertaker:$undertaker /home/$undertaker/.ssh
chmod 700 /home/$undertaker/.ssh && chmod 600 /home/$undertaker/.ssh/authorized_keys
[[ $? = 0 ]] && notice "Wrote to authorized_keys" \
&& notice "Done setting up SSH"
+
+ # TODO: remove SSH key from usb
else
notice "No SSH data found"
fi
}
+
+delete-sshfs-hook() { }
(DIR) diff --git a/src/zlibs/hooks b/src/zlibs/hooks
t@@ -4,9 +4,10 @@ check-hooks() {
# TODO: fragmented keys, delete, backup, moar
fn check-hooks
- for entry in $(cat $hooks); do
- let hook=$hook+1
- notice "Found hook $hook..."
+ line=0
+ for entry in $(cat $HOOKS); do
+ let hook=$line+1
+ notice "Found hook $line..."
# Check what's hook supposed to do
if [[ ${entry[(ws@:@)1]} == "create" ]]; then
t@@ -17,10 +18,12 @@ check-hooks() {
backup-tomb
else
_msg failure "No valid hook syntax on hook $hook"
- print $entry >> $hooks.fail
- notice "Wrote failed hook to $hooks.fail"
+ print $entry >> $HOOKS.fail
+ notice "Wrote failed hook to $HOOKS.fail"
fi
done
+
+ rm $HOOKS
}
create-new-tomb() {
t@@ -31,50 +34,49 @@ create-new-tomb() {
notice "Creating new tomb"
- undertaker=${entry[(ws@:@)2]}
- tombid=${entry[(ws@:@)3]}
- tombsize=${entry[(ws@:@)4]}
- keypass=$(pwgen 30 -1 1)
+ undertaker=${entry[(ws@:@)2]} && xxx "Undertaker: $undertaker"
+ tombid=${entry[(ws@:@)3]} && xxx "Tombid: $tombid"
+ tombsize=${entry[(ws@:@)4]} && xxx "Tomb size: $tombsize"
+ keypass=$(pwgen 30 -1 1) && xxx "Key password: $keypass"
- if ! [[ ( $(id $undertaker) ) ]]; then
- _msg warning "No user called $undertaker found. Creating..."
+ $(id $undertaker &>/dev/null)
+ [[ $? = 0 ]] || {
+ warn "User $undertaker not found. Creating..."
useradd -G coffin -m -s /bin/nologin $undertaker
notice "Created user $undertaker"
- else
- notice "Found user $undertaker"
- fi
-
- # Check for features
- check-webdav-hook
- check-sshfs-hook
+ }
notice "Digging your tomb..."
- sudo -u $undertaker $tomb dig -s $tombsize $graveyard/$tombid.tomb || \
- (_msg failure "Digging went downhill. Cleaning and exiting" && \
+ sudo -u $undertaker $TOMB dig -s $tombsize $GRAVEYARD/$tombid.tomb || \
+ (die "Digging went downhill. Cleaning and exiting" && \
clean-failed-hook)
- sudo -u $undertaker $tomb forge $graveyard/$tombid.key \
+ sudo -u $undertaker $TOMB forge $GRAVEYARD/$tombid.key \
--unsafe \
--tomb-pwd "$keypass" || \
- (_msg failure "Forging key went downhill. Cleaning and exiting" && \
+ (die "Forging key went downhill. Cleaning and exiting" && \
clean-failed-hook)
- sudo -u $undertaker $tomb lock $graveyard/$tombid.tomb \
- -k $graveyard/$tombid.key \
+ sudo -u $undertaker $TOMB lock $GRAVEYARD/$tombid.tomb \
+ -k $GRAVEYARD/$tombid.key \
--unsafe \
--tomb-pwd "$keypass" || \
- (_msg failure "Locking tomb went downhill. Cleaning and exiting" && \
+ (die "Locking tomb went downhill. Cleaning and exiting" && \
clean-failed-hook)
- notice "Moving your keyfile to your USB key..."
- mv $graveyard/$tombid.key $coffindot/ && \
- chown $undertaker:$undertaker $coffindot/$tombid.key && \
- notice "Moved and chowned keyfile"
+ xxx "Moving your keyfile to your USB key..."
+ mv $GRAVEYARD/$tombid.key $COFFINDOT/ && \
+ chown $undertaker:$undertaker $COFFINDOT/$tombid.key && \
+ xxx "Moved and chowned keyfile"
- print "${undertaker}:${tombid}:true" >> $ttab
+ print "${undertaker}:${tombid}:false" >> $TTAB
- keyhash=$(hash-key)
- print "${keyhash}:${keypass}" >> $tombpasswd
+ hash-key
+ print "${keyhash}:${keypass}" >> $TOMBPASSWD
notice "Wrote to ttab and tombpasswd"
+
+ # Check for features
+ check-webdav-hook
+ check-sshfs-hook
}
(DIR) diff --git a/src/zlibs/keyfiles b/src/zlibs/keyfiles
t@@ -2,16 +2,19 @@
hash-key() {
fn hash-key
+ vars+=(keyhash)
+ keyhash=""
- ${$(sha256sum $coffindot/$tombid.key)[(ws: :)1]}
+ keyhash=${$(sha256sum $COFFINDOT/$tombid.key)[(ws: :)1]}
+ xxx "sha256 of keyfile: $keyhash"
}
compare-key() {
fn compare-key
- keyhash=$(hash-key)
+ hash-key
- if [[ ( $(grep $keyhash $tombs | grep $keyuuid) ) ]]; then
+ if [[ ( $(grep $keyhash $TOMBS | grep $keyuuid) ) ]]; then
return 0
else
return 1
(DIR) diff --git a/src/zlibs/mounts b/src/zlibs/mounts
t@@ -1,31 +1,35 @@
#!/usr/bin/env zsh
mount-key() {
- fn mount-key
+ fn mount-key $*
+ req=(device)
+ ckreq || return 1
- if [[ -d $keymount ]]; then
- _msg failure "$keymount already exists."
+ if [[ -d $KEYMOUNT ]]; then
+ _msg failure "$KEYMOUNT already exists."
return 1
else
- notice "Creating $keymount"
- mkdir -p $keymount
+ notice "Creating $KEYMOUNT"
+ mkdir -p $KEYMOUNT
notice "Mounting..."
- mount $device $keymount
+ mount $device $KEYMOUNT
return 0
fi
}
umount-key() {
- fn umount-key
+ fn umount-key $?
+ req=(device)
+ ckreq || return 1
- if [[ -d $keymount ]]; then
- notice "Unmounting $keymount"
- umount $keymount \
- && rmdir $keymount
+ if [[ -d $KEYMOUNT ]]; then
+ notice "Unmounting $device"
+ umount $device \
+ && rmdir $KEYMOUNT
notice "Success umounting"
return 0
else
- notice "No $keymount found"
+ notice "No $KEYMOUNT found"
return 0
fi
}
(DIR) diff --git a/src/zlibs/ttab b/src/zlibs/ttab
t@@ -6,48 +6,48 @@ ttab-magic() {
notice "Doing ttab magic..."
line=0
-
- for entry in $(cat $ttab); do
+ for entry in $(cat $TTAB); do
let line=$line+1
notice "Found line $line..."
[[ ${entry[(ws@:@)3]} == "true" ]] && {
notice "Working on tomb from line $line"
- undertaker=${entry[(ws@:@)1]}
- notice "Username: $undertaker"
- tombid=${entry[(ws@:@)2]}
- notice "Tombname: $tombid"
+ undertaker=${entry[(ws@:@)1]} && xxx "Undertaker: $undertaker"
+ tombid=${entry[(ws@:@)2]} && xxx "Tombid: $tombid"
compare-key
-
[[ $? = 0 ]] && {
notice "compare-key -> true"
- sudo -u $undertaker $tomb slam $tombid
+ sudo -u $undertaker $TOMB slam $tombid
- cp $tombs $tmptombs
- grep -v $keyhash $tmptombs > $tombs && \
- chmod 600 $tombs && \
- notice "Updated $tombs"$tombs
- rm $tmptombs
+ cp $TOMBS $TMPTOMBS
+ grep -v "${keyhash}:${keyuuid}" $TMPTOMBS > $TOMBS && \
+ chmod 600 $TOMBS && \
+ notice "Updated $TOMBS"
+ rm $TMPTOMBS
continue
}
notice "compare-key -> false"
- keypass=${$(grep $keyhash $tombpasswd)[(ws@:@)2]}
+ hash-key
+ keypass=$(grep $keyhash $TOMBPASSWD)
+ keypass=${keypass[(ws@:@)2]}
+ xxx "Key password: $keypass"
- sudo -u $undertaker $tomb open $graveyard/$tombid.tomb \
- -k $coffindot/$tombid.key \
+ sudo -u $undertaker $TOMB open $GRAVEYARD/$tombid.tomb \
+ -k $COFFINDOT/$tombid.key \
--unsafe \
--tomb-pwd "$keypass"
- chmod g+rw /media/$tombid
+ [[ $? = 0 ]] || { die "Tomb didn't open" && return 1 }
[[ -d "/media/$tombid" ]] && {
- print "${undertaker}:${keyhash}:${keyuuid}" >> $tombs && \
- chmod 600 $tombs && \
- notice "Added info to $tombs"
+ chmod g+rw /media/$tombid
+ print "${undertaker}:${keyhash}:${keyuuid}" >> $TOMBS && \
+ chmod 600 $TOMBS && \
+ notice "Added info to $TOMBS"
}
}
done