tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit fb5eee002bdb497c647f01ebe0694db700bffb56
parent 5f71b486df105f7104d881ef1536511fa781390c
Author: Jaromil <jaromil@dyne.org>
Date:   Tue, 13 Jun 2017 09:30:14 +0200

Merge pull request #267 from dyne/exec-hooks

Exec hooks
Diffstat:

Mdoc/tomb.1 | 15++++++++-------


Mtomb | 50+++++++++++++++++++++++++++-----------------------


2 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/doc/tomb.1 b/doc/tomb.1
@@ -298,13 +298,14 @@ example:
 .EE
 
 .B
-.IP "post-hooks"
-This hook file gets executed as user by tomb right after opening it;
-it should be a regular shell script, starting with a shebang. Tomb
-executes this hook as user (dropping root privileges) and giving it
-two arguments: "$1" is "open" or "close" depending from the tomb
-command given, "$2" is the full path to the mountpoint where the tomb
-is open.
+.IP "exec-hooks"
+This hook file gets executed as user by tomb with the first argument
+determining the step of execution: "open" or "close". The exec-hooks
+file should be an executable (ELF or shell script) present inside the
+Tomb. Tomb executes this hook as user supplying two or more arguments,
+the first being the step, followed by the mountpoint of the tomb and,
+on close events, its name, loopback device and dev-mapper device
+paths.
 
 .SH PRIVILEGE ESCALATION
 
diff --git a/tomb b/tomb
@@ -2065,10 +2065,11 @@ mount_tomb() {
 
 
     # process bind-hooks (mount -o bind of directories)
-    # and post-hooks (execute on open)
-    { option_is_set -n } || {
+    # and exec-hooks (execute on open)
+    option_is_set -n || {
         exec_safe_bind_hooks ${tombmount}
-        exec_safe_post_hooks ${tombmount} open }
+        exec_safe_func_hooks open ${tombmount} 
+	}
 
     return 0
 }
@@ -2145,27 +2146,23 @@ exec_safe_bind_hooks() {
 
 # Execute automated actions configured in the tomb.
 #
-# Synopsis: exec_safe_post_hooks /path/to/mounted/tomb [open|close]
+# Synopsis: exec_safe_func_hooks /path/to/mounted/tomb 
 #
-# If an executable file named 'post-hooks' is found inside the tomb,
+# If an executable file named 'exec-hooks' is found inside the tomb,
 # run it as a user.  This might need a dialog for security on what is
 # being run, however we expect you know well what is inside your tomb.
 # If you're mounting an untrusted tomb, be safe and use the -n switch
 # to verify what it would run if you let it.  This feature opens the
 # possibility to make encrypted executables.
-exec_safe_post_hooks() {
-    local mnt=$1     # First argument is where the tomb is mounted
-    local act=$2     # Either 'open' or 'close'
-
+exec_safe_func_hooks() {
     # Only run if post-hooks has the executable bit set
-    [[ -x $mnt/post-hooks ]] || return
-
-    # If the file starts with a shebang, run it.
-    head -n1 $mnt/post-hooks | grep '^#!\s*/'
-    [[ $? == 0 ]] && {
-        _success "Post hooks found, executing as user ::1 user name::." $USERNAME
-        $mnt/post-hooks $act $mnt
+    [[ -x $mnt/exec-hooks ]] && {
+        _success "Exec hook: ::1 exec hook:: ::2 action:: ::3 argument::" \
+				 "${mnt}/exec-hooks" "$1" "$2"
+        $mnt/exec-hooks "$1" "$2"
+		return $?
     }
+	return 0
 }
 
 # }}} - Tomb open
@@ -2629,6 +2626,16 @@ umount_tomb() {
             _warning "Please specify an existing tomb."
             return 0 }
 
+		option_is_set -n || {
+			exec_safe_func_hooks \
+				close "$tombmount" "$tombname" "$tombloop" "$mapper"
+			exec_hook_res=$?
+			[[ $exec_hook_res = 0 ]] || {
+				_warning "close exec-hook returns a non-zero error code: ::1 error::" $exec_hook_res
+				_failure "Operation aborted"
+			}
+		}
+	   
         [[ -n $SLAM ]] && {
             _success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" \
                 $tombname $tombmount
@@ -2656,10 +2663,6 @@ umount_tomb() {
             }
         done
 
-        # Execute post-hooks for eventual cleanup
-        { option_is_set -n } || {
-            exec_safe_post_hooks ${tombmount%%/} close }
-
         _verbose "Performing umount of ::1 mount point::" $tombmount
         _sudo umount ${tombmount}
         [[ $? = 0 ]] || { _failure "Tomb is busy, cannot umount!" }
@@ -2676,9 +2679,10 @@ umount_tomb() {
             _failure "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper }
 
         # Normally the loopback device is detached when unused
-        [[ -e "/dev/$tombloop" ]] && _sudo losetup -d "/dev/$tombloop"
-        [[ $? = 0 ]] || {
-            _verbose "/dev/$tombloop was already closed." }
+        [[ -e "/dev/$tombloop" ]] && {
+			_sudo losetup -d "/dev/$tombloop"
+			[[ $? = 0 ]] || _verbose "/dev/$tombloop was already closed."
+		}
 
         _success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname