Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 38 additions & 45 deletions tomb
Original file line number Diff line number Diff line change
Expand Up @@ -575,22 +575,31 @@ is_valid_tomb() {
# First argument must be the path to a tomb
[[ ! -z $1 ]] || _failure "Tomb file is missing from arguments."

# We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME TOMBMAPPER

TOMBPATH="$1"

TOMBDIR=$(dirname $TOMBPATH)

TOMBFILE=$(basename $TOMBPATH)

local _fail=0
# Tomb file must be a readable, writable, non-empty regular file.
# If passed the "ro" mount option, the writable check is skipped.
while true; do
option_value_contains -o ro || {
[[ ! -w "$1" ]] && {
_warning "Tomb file is not writable: ::1 tomb file::" $1
[[ ! -w "$TOMBPATH" ]] && {
_warning "Tomb file is not writable: ::1 tomb file::" $TOMBPATH
_fail=1; break; }
}
_verbose "tomb file is readable"
[[ ! -f "$1" ]] && {
_warning "Tomb file is not a regular file: ::1 tomb file::" $1
[[ ! -f "$TOMBPATH" ]] && {
_warning "Tomb file is not a regular file: ::1 tomb file::" $TOMBPATH
_fail=1; break; }
_verbose "tomb file is a regular file"
[[ ! -s "$1" ]] && {
_warning "Tomb file is empty (zero length): ::1 tomb file::" $1
[[ ! -s "$TOMBPATH" ]] && {
_warning "Tomb file is empty (zero length): ::1 tomb file::" $TOMBPATH
_fail=1; break; }
_verbose "tomb file is not empty"
break;
Expand All @@ -599,19 +608,6 @@ is_valid_tomb() {
_failure "Tomb command failed: ::1 command name::" $subcommand
}

# Tomb file may be a LUKS FS (or we are creating it)
[[ "`file $1`" =~ "luks encrypted file" ]] || {
_message "File is not yet a tomb: ::1 tomb file::" $1 }

# We set global variables
typeset -g TOMBPATH TOMBDIR TOMBFILE TOMBNAME TOMBMAPPER

TOMBPATH="$1"

TOMBDIR=$(dirname $TOMBPATH)

TOMBFILE=$(basename $TOMBPATH)

# The tomb name is TOMBFILE without an extension and underscores instead of spaces (for mount and cryptsetup)
# It can start with dots: ..foo bar baz.tomb -> ..foo_bar_baz
TOMBNAME=${${TOMBFILE// /_}%.*}
Expand All @@ -638,6 +634,12 @@ is_valid_tomb() {

_verbose "tomb file is not currently in use"

# Confirm if the Tomb file is a LUKS device
cryptsetup isLuks "$TOMBPATH" || {
_message "File is not a tomb: ::1 tomb file::" $TOMBPATH
return 1
}

_message "Valid tomb file found: ::1 tomb path::" $TOMBPATH
return 0
}
Expand Down Expand Up @@ -2063,8 +2065,16 @@ lock_tomb_with_key() {
return 1
}


_message "Checking if the tomb is empty (we never step on somebody else's bones)."
is_valid_tomb $tombpath
if [ $? = 0 ]; then
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
_warning "The tomb was already locked with another key."
_failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
else
_message "Fine, this tomb seems empty."
fi
lo_check "$TOMBPATH"

_message "Commanded to lock tomb ::1 tomb file::" $TOMBFILE

Expand Down Expand Up @@ -2100,18 +2110,6 @@ lock_tomb_with_key() {
_success "Selected filesystem type ::1 filesystem::" $filesystem
}

lo_check "$TOMBPATH"

_message "Checking if the tomb is empty (we never step on somebody else's bones)."
_sudo cryptsetup isLuks ${TOMBPATH}
if [ $? = 0 ]; then
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
_warning "The tomb was already locked with another key."
_failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
else
_message "Fine, this tomb seems empty."
fi

_load_key # Try loading key from option -k and set TOMBKEYFILE

# the encryption cipher for a tomb can be set when locking using -c
Expand Down Expand Up @@ -2191,12 +2189,9 @@ change_tomb_key() {

_check_swap

is_valid_tomb $tombpath
lo_check "$TOMBPATH"
_sudo cryptsetup isLuks ${TOMBPATH}
# is it a LUKS encrypted nest? we check one more time
[[ $? == 0 ]] || {
is_valid_tomb $tombpath || {
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $TOMBPATH }
lo_check "$TOMBPATH"

_load_key $tombkey # Try loading given key and set TOMBKEY

Expand Down Expand Up @@ -2288,7 +2283,10 @@ mount_tomb() {

_check_swap

is_valid_tomb $1
is_valid_tomb $1 || {
# is it a LUKS encrypted nest? see cryptsetup(1)
_failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }
lo_check "$TOMBPATH"

_track_stat "$TOMBPATH"

Expand Down Expand Up @@ -2316,12 +2314,6 @@ mount_tomb() {
_failure "Mountpoint already in use: ::1 mount point::" "$tombmount"
done


lo_check "$TOMBPATH"
_sudo cryptsetup isLuks ${TOMBPATH} || {
# is it a LUKS encrypted nest? see cryptsetup(1)
_failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }

_message "This tomb is a valid LUKS encrypted device."

local luksdump="`_sudo cryptsetup luksDump ${TOMBPATH}`"
Expand Down Expand Up @@ -2835,7 +2827,8 @@ resize_tomb() {
[[ -z "$newtombsize" ]] && {
_failure "Aborting operations: new size was not specified, use -s" }

is_valid_tomb $tombpath
is_valid_tomb $tombpath || {
_failure "::1 tomb file:: is not a valid Luks encrypted storage file." $TOMBFILE }

_load_key # Try loading new key from option -k and set TOMBKEYFILE

Expand Down