coffin

secure lan file storage on a device
git clone git://parazyd.org/coffin.git
Log | Files | Refs | Submodules | README | LICENSE

commit 657b0aa0f70688b5fc29c5f3139a2c3635c74326
parent 80b539b360ebc00c063e06cba6324aa28740d0e3
Author: parazyd <parazyd@dyne.org>
Date:   Wed, 30 Mar 2016 02:49:46 +0200

black baloon

Diffstat:
M.gitignore | 10++++------
MMakefile | 11++++++++---
Mconf/config.sh | 91+++++++++++++++++++++++++++++++++++++++++++-------------------------------------
Mconf/init.skel | 8++++----
Asrc/Makefile | 19+++++++++++++++++++
Dsrc/Tomb/.gitignore | 11-----------
Dsrc/Tomb/Makefile | 20--------------------
Rsrc/Tomb/benchmark.c -> src/benchmark.c | 0
Msrc/coffin | 2+-
Rsrc/Tomb/gen_salt.c -> src/gen_salt.c | 0
Rsrc/Tomb/hexencode.c -> src/hexencode.c | 0
Rsrc/Tomb/pbkdf2.c -> src/pbkdf2.c | 0
Rsrc/Tomb/tomb -> src/tomb | 0
13 files changed, 85 insertions(+), 87 deletions(-)

diff --git a/.gitignore b/.gitignore @@ -1,9 +1,7 @@ NOTES.md .*.swp test/* -conf/coffin.key -conf/coffin.pem -src/Tomb/kdf-keys/tomb-kdb-hexencode -src/Tomb/kdf-keys/tomb-kdb-pbkdf2 -src/Tomb/kdf-keys/tomb-kdb-pbkdf2-gensalt -src/Tomb/kdf-keys/tomb-kdb-pbkdf2-getiter +src/tomb-kdb-hexencode +src/tomb-kdb-pbkdf2 +src/tomb-kdb-pbkdf2-gensalt +src/tomb-kdb-pbkdf2-getiter diff --git a/Makefile b/Makefile @@ -1,13 +1,18 @@ all: - make -C src/Tomb + make -C src + @./conf/config.sh gen-ssl + @./conf/config.sh gen-init @./conf/config.sh checkdep install: - make -C src/Tomb install + make -C src install @./conf/config.sh snowman clean: - make -C src/Tomb clean + make -C src clean + rm -f conf/initscript-*.init + rm -f conf/coffin.pem + rm -f conf/coffin.key uninstall: @./conf/config.sh unsnowman diff --git a/conf/config.sh b/conf/config.sh @@ -7,7 +7,7 @@ # `make` [[ $1 == "checkdep" ]] && { missing=() - which apache2 >/dev/null || missing+=(apache) + #which apache2 >/dev/null || missing+=(apache) which cryptsetup >/dev/null || missing+=(cryptsetup) which inotifywatch >/dev/null || missing+=(inotify-tools) which wipe >/dev/null || missing+=(wipe) @@ -31,12 +31,12 @@ } # `make install` -#[[ $1 == "snowman" || $1 == "unsnowman" ]] && { -# [[ $UID = 0 ]] || { -# print "You must run this as root!" -# return 1 -# } -#} +[[ $1 == "snowman" || $1 == "unsnowman" ]] && { + [[ $UID = 0 ]] || { + print "You must run this as root!" + return 1 + } +} edit-sudo() { if [[ $1 == "add" ]]; then @@ -45,11 +45,14 @@ edit-sudo() { elif [[ $1 == "remove" ]]; then tmp=`sed '/^%coffin / d' /etc/sudoers` print $tmp | (EDITOR="tee" visudo) - [[ $? = 0 ]] && print "Removed coffin group from sudoers" + [[ $? = 0 ]] && print "####################\nRemoved coffin group from sudoers" fi } -generate-init() { +[[ $1 == "gen-init" ]] && { + # TODO: ckdistro; different ones + print whereami + pushd `pwd`/conf cat <<EOF | tee tempinit #!/bin/bash @@ -64,15 +67,37 @@ NAME=coffin DESC="coffin daemon" COFFINDIR=/usr/local/share/coffin DAEMON=\$COFFINDIR/bin/\$NAME -COFFINPID=\$COFFINPIDDIR/coffin.pid EOF - cat tempinit init.skel > initscript-$distro + cat tempinit init.skel > initscript-$distro.init rm tempinit } +apachemods() { + if [[ $1 == "on" ]]; then + mods=(ssl dav dav_fs dav_lock) + for i in $mods; do + a2enmod $i + done + elif [[ $1 == "off" ]]; then + mods=(dav_lock dav_fs dav ssl) + for i in $mods; do + a2dismod $i + done + fi + return 0 +} + +[[ $1 == "gen-ssl" ]] && { + pushd `pwd`/conf + openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \ + -keyout coffin.key -out coffin.pem + return 0 +} + update-init() { # TODO: rearrange this into another function and add other distros - update-rc.d + # update-rc.d + # } ckdistro() { @@ -82,21 +107,12 @@ ckdistro() { # because all cool software has snowmen in them [[ $1 == "snowman" ]] && { - # NOTE: remember to set this; see update-init() - # ckdistro - distro=deb pushd `pwd`/conf - groupadd coffin && print "created coffin group" - gpasswd -a www-data coffin && print "added www-data to coffin group" + ckdistro - # ssl - openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \ - -keyout coffin.key -out coffin.pem - [[ $? = 0 ]] || { - print "Failed generating openssl certificate." - return 1 - } + [[ `grep 'coffin' /etc/group` ]] || groupadd coffin + gpasswd -a www-data coffin install -Dm440 coffin.pem /etc/ssl/coffin/coffin.pem install -Dm400 coffin.key /etc/ssl/coffin/coffin.key @@ -108,13 +124,9 @@ ckdistro() { print "DAVLockDB /etc/apache2/DAV/DAVLock" >> /etc/apache2/apache2.conf } install -Dm600 davpasswd /etc/apache2/DAV/davpasswd - install -Dm640 coffindav.conf /etc/apache2/sites-available/coffindav.conf + install -Dm640 apachedav /etc/apache2/sites-available/coffindav.conf - apachemods=(dav dav_fs dav_lock ssl) - print "Enabling Apache modules..." - for i in $apachemods; do - a2enmod $i - done + apachemods on # [[ -f /etc/apache2/sites-enabled/000-default.conf ]] && a2dissite 000-default.conf [[ -f /etc/apache2/sites-enabled/coffindav.conf ]] || a2ensite coffindav.conf @@ -126,10 +138,9 @@ ckdistro() { install -Dm770 -g coffin -d /home/graveyard - generate-init - update-init - install -Dm755 initscript-$distro /etc/init.d/coffin + install -Dm755 initscript-$distro.init /etc/init.d/coffin + print "######################################" print "Successfully installed and configured coffin!" print "You can start it with '/etc/init.d/coffin start'" @@ -139,10 +150,9 @@ ckdistro() { print "The fingerptint of your SSL certificate is: $fprint" print "Compare it and/or set is as trusted when you connect to coffin." print "######################################" - print "" popd - #return 0 + return 0 } # `make uninstall` @@ -156,15 +166,11 @@ ckdistro() { revert=true [[ $revert == "true" ]] && { a2dissite coffindav.conf - a2ensite 000-default.conf - rm -rv /home/graveyard/DAV + #a2ensite 000-default.conf + rm -rv /etc/apache2/DAV rm -v /etc/apache2/sites-available/coffindav.conf - apachemods=(dav dav_fs dav_lock ssl) - print "Enabling Apache modules..." - for i in $apachemods; do - a2enmod $i - done + apachemods off sed -i '/^DAVLockDB / d' /etc/apache2/apache2.conf [[ $? = 0 ]] && print "removed entry from apache2.conf" @@ -175,6 +181,7 @@ ckdistro() { edit-sudo remove rm -rv /usr/local/share/coffin + rm -v /etc/init.d/coffin update-init } diff --git a/conf/init.skel b/conf/init.skel @@ -2,13 +2,13 @@ text -x $DAEMON || exit 0 case "$1" in start) - log_action_begin_msg "Starting $DESC" - nohup $DAEMON & + echo "Starting $DESC..." + nohup $DAEMON > /var/run/coffin.out & ;; stop) - log_daemon_msg "Stopping $DESC" + echo "Stopping $DESC..." pid=`cat $COFFINPID 2>/dev/null` - kill $pid && rm $COFFINPID + kill $pid && rm /var/run/coffin.pid && rm /var/run/coffin.out ;; restart) $0 stop diff --git a/src/Makefile b/src/Makefile @@ -0,0 +1,19 @@ +PREFIX = /usr/local/share/coffin/bin + +all: + $(CC) -Os -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt + $(CC) -Os -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt + $(CC) -Os -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt + $(CC) -Os -o tomb-kdb-hexencode hexencode.c + +clean: + rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode + +install: + install -Dm755 coffin ${PREFIX}/coffin + install -Dm755 sacrist ${PREFIX}/sacrist + install -Dm755 tomb ${PREFIX}/tomb + install -Dm755 tomb-kdb-pbkdf2 ${PREFIX}/tomb-kdb-pbkdf2 + install -Dm755 tomb-kdb-pbkdf2-getiter ${PREFIX}/tomb-kdb-pbkdf2-getiter + install -Dm755 tomb-kdb-pbkdf2-gensalt ${PREFIX}/tomb-kdb-pbkdf2-gensalt + install -Dm755 tomb-kdb-hexencode ${PREFIX}/tomb-kdb-hexencode diff --git a/src/Tomb/.gitignore b/src/Tomb/.gitignore @@ -1,11 +0,0 @@ -\#* -.\#* -*~ -*.o -tomb-askpass -tomb-status -doc/web/public -doc/web/dyne -share/gtkrc -.*.sw? -*.mo diff --git a/src/Tomb/Makefile b/src/Tomb/Makefile @@ -1,20 +0,0 @@ -PREFIX = /usr/local/share/coffin/bin - -all: - $(CC) -Os -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt - $(CC) -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt - $(CC) -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt - $(CC) -O2 -o tomb-kdb-hexencode hexencode.c - -clean: - rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode - -install: - install -Dm755 tomb ${PREFIX}/tomb - install -Dm755 tomb-kdb-pbkdf2 ${PREFIX}/tomb-kdb-pbkdf2 - install -Dm755 tomb-kdb-pbkdf2-getiter ${PREFIX}/tomb-kdb-pbkdf2-getiter - install -Dm755 tomb-kdb-pbkdf2-gensalt ${PREFIX}/tomb-kdb-pbkdf2-gensalt - install -Dm755 tomb-kdb-hexencode ${PREFIX}/tomb-kdb-hexencode - @echo - @echo "Tomb is installed succesfully." - @echo diff --git a/src/Tomb/benchmark.c b/src/benchmark.c diff --git a/src/coffin b/src/coffin @@ -7,7 +7,7 @@ pattern='sd[a-z][1-9]$' coproc inotifywait --monitor --event create,delete --format '%e %w%f' /dev -echo $$ > `pwd`/coffin.pid # pidfile +echo $COPROC_PID > /var/run/coffin.pid # pidfile while read -r -u "${COPROC[0]}" event file; do if [[ $file =~ $pattern ]]; then diff --git a/src/Tomb/gen_salt.c b/src/gen_salt.c diff --git a/src/Tomb/hexencode.c b/src/hexencode.c diff --git a/src/Tomb/pbkdf2.c b/src/pbkdf2.c diff --git a/src/Tomb/tomb b/src/tomb