tfix to password check (return code of gpg parsed using --status-fd - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit cc3cfccd210e8dcd1e3c694a11a6f5310f2b01ab
(DIR) parent 32cf477b580f97aecbc8dc87106a3bfcc08ed3eb
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Fri, 22 Mar 2013 23:39:25 +0100
fix to password check (return code of gpg parsed using --status-fd
Diffstat:
M src/tomb | 24 ++++++++++--------------
1 file changed, 10 insertions(+), 14 deletions(-)
---
(DIR) diff --git a/src/tomb b/src/tomb
t@@ -868,10 +868,10 @@ lock_tomb_with_key() {
keyname=`basename $tombkey | cut -d. -f1`
_message "a password is required to use key ${keyname}"
+ local passok=0
if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd`
else
-
for c in 1 2 3; do
if [ $c = 1 ]; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
t@@ -883,16 +883,14 @@ lock_tomb_with_key() {
die "User aborted"
fi
- gpg --batch --passphrase-fd 0 --no-tty --no-options \
- -d "${tombkey}" 1> /dev/null 2>/dev/null <<< ${tombpass}
- if [[ $? = 0 ]]; then
- passok=1
- _message "Password OK."
+ get_lukskey "${tombpass}" ${tombkey} >/dev/null
+ if [ $? = 0 ]; then
+ passok=1; _message "Password OK."
break;
fi
done
fi
- if [[ $passok != 1 ]]; then
+ if [ "$passok" = "0" ]; then
_warning "Password incorrect"
losetup -d $nstloop
die "Operation aborted."
t@@ -900,11 +898,6 @@ lock_tomb_with_key() {
_success "Locking ${tombfile} with ${tombkey}"
- echo
- get_lukskey "${tombpass}" ${tombkey}
- echo
- xxx "cryptsetup --key-file - --batch-mode --cipher ${cipher} --key-size 256 luksFormat ${nstloop}"
-
_message "formatting Luks mapped device"
get_lukskey "${tombpass}" ${tombkey} | \
cryptsetup --key-file - --batch-mode \
t@@ -963,6 +956,7 @@ get_lukskey() {
local tombpass=$1
keyfile=$2
firstline=`head -n1 $keyfile`
+ xxx "get_lukskey XXX $keyfile"
if [[ $firstline =~ '^_KDF_' ]]; then
_verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
case `cut -d_ -f 3 <<<$firstline` in
t@@ -980,9 +974,11 @@ get_lukskey() {
;;
esac
fi
- gpg --batch --passphrase-fd 0 --no-tty --no-options \
- -d "${keyfile}" 2> /dev/null <<< ${tombpass}
+ gpg --batch --passphrase-fd 0 --no-tty --no-options --status-fd 1 -d "${keyfile}" \
+ <<< ${tombpass} \
+ | grep 'DECRYPTION_OKAY'
ret=$?
+ xxx "gpg decryption returns $ret"
unset tombpass
return $ret
}