coffin

secure lan file storage on a device
git clone git://parazyd.org/coffin.git
Log | Files | Refs | Submodules | README | LICENSE

commit 80bb8a40f1e53059404cd13a0d321127b0f8d072
parent c72765a0c46be65f742dca8abf3cf2ae2f0ba319
Author: parazyd <parazyd@dyne.org>
Date:   Mon, 22 Feb 2016 15:01:15 +0100

removed web, restructured sacrist

Diffstat:
ATODO | 7+++++++
Mbin/mourner | 2+-
Mbin/sacrist | 148+++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------
Dweb/index.php | 50--------------------------------------------------
Dweb/tomb.php | 28----------------------------
Dweb/undertaker | 47-----------------------------------------------
6 files changed, 111 insertions(+), 171 deletions(-)

diff --git a/TODO b/TODO @@ -0,0 +1,7 @@ +* ssh pubkeys +* pwless keys +* ssh/gpg +* devuan raspi image +* test suite +* yubikeys +* consider genpasswd diff --git a/bin/mourner b/bin/mourner @@ -4,7 +4,7 @@ # # ~ parazyd -pattern='sd[b-z][1-9]$' +pattern='sd[a-z][1-9]$' coproc inotifywait --monitor --event create,delete --format '%e %w%f' /dev while read -r -u "${COPROC[0]}" event file; do diff --git a/bin/sacrist b/bin/sacrist @@ -6,81 +6,139 @@ device=$1 happenz=$2 -keyuuid=`blkid $device | awk -F\" '{print $2}'` +keyuuid=$(blkid $device | awk -F\" '{print $2}') -tmptombs="/tmp/tombs" -temptombs="/tmp/tombs2" -lockfile="/tmp/coffinlock" -keymount="/media/tombkey" -coffindot=".coffin" +# Vars +tmptombs="/tmp/tombs" # Info about opened tombs, holds keyuuid, keyhash and tombname +tmptombs2="/tmp/tombs2" # Temp tempfile, for updating $tmptombs +graveyard="/home/graveyard" # Our graveyard, with all the tombs +keymount="/media/tombkey" # Directory where keys get mounted +coffindot="$keymount/.coffin" # .coffin directory on the usb key +ttab="$coffindot/ttab" # Our ttab +createme="$coffindot/create.me" # New tomb creation trigger +tomb="/usr/local/bin/tomb" -# debugs +# Debugs echo "Arg1: $1" echo "Arg2: $2" echo "Device path is: $device" echo "Device UUID is: $keyuuid" -echo "I am $happenz" -# end debugs - -# echo partitions to file for webadmin -lsblk -npl | awk -F" " '{print $1}' | grep ^/dev/sd.. > /home/parazyd/devel/tombox/web/devs +# {{{ Functions _mountkey() { mkdir -p $keymount mount $device $keymount } -_get_ttab() { ttab=`ls $keymount/$coffindot | awk -F. '{print $1}'` } +_ttabmagic() { + # Loop entire ttab and do stuff for tombs that want to be opened + _msg info "Doing ttab magic..." + line=0 + for entry in $(cat $ttab); do + let line=$line+1 + _msg info "Found line $line..." + if [[ $(echo $entry | awk -F: '{print $4}') == "true" ]]; then + _msg info "Working on tomb from line $line..." + undertaker=$(echo $entry | awk -F: '{print $1}') + echo "Username: $undertaker" + tombname=$(echo $entry | awk -F: '{print $2}') + echo "Tomb name: $tombname" + _comparekey + if [[ $happenz == "close" ]]; then + _msg warn "Comparekey true" + sudo -u $undertaker $tomb slam $tombname + cp $tmptombs $tmptombs2 + grep -v $keyhash $tmptombs2 > $tmptombs; chmod 600 $tmptombs; _msg info "Updated $tmptombs" + rm $tmptombs2 + continue + fi + _msg warn "Comparekey false" + tombpass=$(echo $entry | awk -F: '{print $3}') + echo "Tomb passphrase: $tombpass" + sudo -u $undertaker $tomb open $graveyard/$tombname.tomb -k $coffindot/$tombname.key \ + --unsafe --tomb-pwd $tombpass # Deal with this shit somehow! + + if [[ -d "/media/$tombname" ]]; then + echo "$undertaker:$keyhash:$keyuuid" >> $tmptombs; chmod 600 $tmptombs; _msg info "Added info to $tmptombs" + else + _msg warn "Nothing added to $tmptombs" + fi + fi + done + umount $keymount; rmdir $keymount; _msg info "Unmounted and deleted $keymount" +} _hashkey() { - _get_ttab - cat $keymount/$coffindot/$ttab.key \ - | sha512sum \ - | awk -F" " '{print $1}' + cat $coffindot/$tombname.key | sha512sum | awk -F" " '{print $1}' } -_compare_key() { - keyhash=`_hashkey` - if [[ ( `cat $tmptombs | grep $keyhash | grep $keyuuid` ) ]]; then +_comparekey() { + keyhash=$(_hashkey) + if [[ ( $(cat $tmptombs | grep $keyhash | grep $keyuuid) ) ]]; then happenz=close else happenz=open fi } + +_create_new_tomb() { + _msg info "Creating new tomb!" + undertaker=$(cat $createme | awk -F: '{print $1}') + tombname=$(cat $createme | awk -F: '{print $2}') + tombpass=$(cat $createme | awk -F: '{print $3}') + tombsize=$(cat $createme | awk -F: '{print $4}') + + if ! [[ ( $(id $undertaker) ) ]]; then + _msg warn "No user called $undertaker found. Creating..." + useradd -G tombox -m -s /bin/bash $undertaker + _msg info "Created user $undertaker" + fi + + sudo -u $undertaker $tomb dig -s $tombsize $graveyard/$tombname.tomb + sudo -u $undertaker $tomb forge $graveyard/$tombname.key --unsafe --tomb-pwd "$tombpass" + sudo -u $undertaker $tomb lock $graveyard/$tombname.tomb -k $graveyard/$tombname.key \ + --unsafe --tomb-pwd "$tombpass" + mv $graveyard/$tombname.key $coffindot/ && chown $undertaker:$undertaker $coffindot/$tombname.key && \ + _msg info "Moved and chowned keyfile" + echo "$undertaker:$tombname:$tombpass:true" >> $ttab + _msg info "Wrote to $ttab" + rm $createme && _msg info "Removed $createme" +} + +_endgame() { + # Mr. Proper +} + _msg() { - if [[ $1 == "err" ]]; then - echo $fg_bold[red] "[E] $2" + if [[ $1 == "error" ]]; then + echo -e "\e[1;31m[E] \e[0;31m$2 \e[0m" elif [[ $1 == "warn" ]]; then - echo $fg_bold[cyan] "[W] $2" + echo -e "\e[1;33m[W] \e[0;33m$2 \e[0m" elif [[ $1 == "info" ]]; then - echo $fg_bold[orange] "[i] $2" + echo -e "\e[1;34m[i] \e[0;34m$2 \e[0m" fi } +# }}} + +# Main if [[ $happenz == "CREATE" ]]; then _mountkey - if [[ -d "$keymount/$coffindot" ]]; then - _get_ttab; _msg info "Got undertaker: $ttab" - - _compare_key - if [[ $happenz == "close" ]]; then - _msg info "Comparekey true" - tombname=`cat $tmptombs | grep $keyhash | awk -F: '{print $1}'`; _msg info "Got tombname: $ttab" - tomb slam $tombname - cp $tmptombs $temptombs - grep -v "$keyhash" $temptombs > $tmptombs; _msg info "Put stuff in $tmptombs" - rm $temptombs - umount $keymount; rmdir $keymount; _msg info "Unmounted usb" - elif [[ $happenz == "open" ]]; then - _msg info "Comparekey false" - _get_ttab - echo -e "$ttab:$keyhash:$keyuuid\n" >> $tmptombs ; _msg info "Added it to $tmptombs" - su $ttab -c "tomb open /home/$ttab/$ttab -k $keymount/$coffindot/$ttab.key --unsafe --tomb-pwd lalala" - - umount $keymount; rmdir $keymount; _msg info "Unmounted usb" + if [[ -d "$coffindot" ]]; then + _msg info "$coffindot found..." + + if [[ -f "$createme" ]]; then + _create_new_tomb + fi + + if ! [[ -f "$ttab" ]]; then + _msg error "No ttab!" + umount $keymount; rmdir $keymount; _msg info "Unmounted and removed $keymount" + else + _ttabmagic fi else - _msg err "No valid .coffin dir!" - umount $keymount; rmdir $keymount; + _msg error "No valid .coffin directory! Exiting..." + umount $keymount; rmdir $keymount; _msg info "Umounted and removed $keymount" fi fi diff --git a/web/index.php b/web/index.php @@ -1,50 +0,0 @@ -<!DOCTYPE html> -<html lang="en"> -<head> - <meta charset="utf-8"> - <title>tombox administration</title> -</head> -<body> - <h1>tombox administration</h1> - <hr> - - - <h3>Create new tomb and key</h3> - <form action="tomb.php?happenz=CREATE" method="post"> - Username: <input type="text" name="undertaker"> - Tomb size (MiB): <input type="number" name="size"> - <select name="device"> - <option selected>Choose device to store key</option> - <?php - $devs = file("devs", FILE_IGNORE_NEW_LINES); - $sizes = file("sizes", FILE_IGNORE_NEW_LINES); - foreach ($devs as $line_num => $line) { - echo '<option value="' . $line . '">' . $line . '</option>' . "\n "; - } - ?> - </select> - <input type="submit"> - </form> - - <hr> - - <h3>Change tomb's key</h3> - <form action="tomb.php?happenz=REVOKE" method="post"> - <select name="device"> - <option selected>Choose device to store key</option> - <?php - $devs = file("devs", FILE_IGNORE_NEW_LINES); - $sizes = file("sizes", FILE_IGNORE_NEW_LINES); - foreach ($devs as $line_num => $line) { - echo '<option value="' . $line . '">' . $line . '</option>' . "\n "; - } - ?> - </select> - <input type="submit"> - </form> - - - <hr> - -</body> -</html> diff --git a/web/tomb.php b/web/tomb.php @@ -1,28 +0,0 @@ -<!DOCTYPE html> -<!-- - tomb.php - php script called by the index form, passing vars to - undertaker (shell middleman between web and rest of tombox ---> -<html lang="en"> -<head> - <meta charset="utf-8"> - <title>Creating new tomb...</title> -</head> -<body> - <?php - $happenz = $_GET["happenz"]; - $username = $_POST["undertaker"]; - $device = $_POST["device"]; - $size = $_POST["size"]; - - $command = "./undertaker " . $happenz . " " . $device . " " . $username . " " . $size; - - echo $command; // debug - - $output = system($command, $retval); - - echo $output; - echo "<br><br><br>" . $retval; - ?> -</body> -</html> diff --git a/web/undertaker b/web/undertaker @@ -1,47 +0,0 @@ -#!/usr/bin/env zsh -# -# Shell script for webadmin to work as a middleman between the web and -# rest of the tombox -# -# ~ parazyd - -keymount="/media/tombkey" -coffindot=".coffin" - -happenz=$1 -device=$2 -user=$3 -size=$4 - -if [[ $happenz == "CREATE" ]]; then - - if [[ -d /home/$user ]]; then - echo "User already exists. Exiting..."; exit - fi - - sudo useradd -G tombox -m -s /bin/bash $user; echo "Added user: $user <br>" - sudo -u $user tomb dig -s $size /home/$user/$user; echo "Finished digging tomb <br>" - - sudo mkdir -p $keymount; echo "mkdir $keymount <br>" - sudo mount $device $keymount; echo "Mounted $device to $keymount <br>" - sudo mkdir $keymount/$coffindot; echo "mkdir $keymount/$coffindot <br>" - sudo chown -R $user:$user $keymount; echo "chown on those <br>" - - sudo -u $user tomb forge $keymount/$coffindot/$user.key --unsafe --tomb-pwd lalala ; \ - echo "Forged tomb's key at $keymount/$coffindot/$user.key <br>" - sudo -u $user tomb lock /home/$user/$user -k $keymount/$coffindot/$user.key --unsafe --tomb-pwd lalala ; \ - echo "Locked tomb with the key <br>" - - sudo umount $keymount; sudo rmdir $keymount; echo "Unmounted usb key <hr>" -fi - -if [[ $happenz == "REVOKE" ]]; then - - sudo mount $device $keymount - if ! [[ -d $keymount/$coffindot ]]; then - echo "No valid $coffindot dir. Exiting..."; exit - fi - - - -fi