Bandie/pam_panic
Bandie/pam_panic
1
0
Fork 0
Code Issues 5 Pull Requests Releases Wiki Activity

Merge pull request #79 from Bandie/master

Browse Source 
Detect if no encrypted root device is available; visual tweaks; rm temporary file
This commit is contained in:
Bandie 2018-11-01 11:57:14 +01:00 committed by GitHub
commit 71f12a6c9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/pam_panic_config/pam_panic_config
View File

@ -16,6 +16,7 @@ fi
# Call when using the Cancel button # Call when using the Cancel button
function cancel(){ function cancel(){
rm -f .pam_panic_media_choice
clear clear
echo "Bye! :)" echo "Bye! :)"
exit 0 exit 0
@ -51,16 +52,14 @@ function getLUKSDevice(){
# Generic dialog question # Generic dialog question
function ask(){ function ask(){
dialog --backtitle "pam_panic's Configuration Generator" --title "$1" --yesno "$2" 8 80 dialog --backtitle "pam_panic's Configuration Generator" --title "$1" --yesno "$2" 8 80
return $? return $?
} }
# Generic message box # Generic message box
msg() { msg() {
dialog --backtitle "pam_panic's Configuration Generator" --msgbox "$1" 8 80 dialog --backtitle "pam_panic's Configuration Generator" --title "$1" --msgbox "$2" 8 80
} }
@ -124,10 +123,11 @@ dialog --backtitle "pam_panic's Configuration Generator" \
--ok-label "Yip!" \ --ok-label "Yip!" \
--msgbox "Welcome to pam_panic's Configuration Generator.\n\nIt will help you to create a valid pam_panic setup. It will also generate a Linux' PAM configuration file.\n\nAfter you're done with this Configuration Generator, you will see some hints how to integrate the new PAM configuration file in your system." 20 80 --msgbox "Welcome to pam_panic's Configuration Generator.\n\nIt will help you to create a valid pam_panic setup. It will also generate a Linux' PAM configuration file.\n\nAfter you're done with this Configuration Generator, you will see some hints how to integrate the new PAM configuration file in your system." 20 80
# Authentication mode
auth_mode=2 auth_mode=2
while [ $auth_mode -eq 2 ]; do while [ $auth_mode -eq 2 ]; do
# Authentication mode
dialog --backtitle "pam_panic's Configuration Generator" \ dialog --backtitle "pam_panic's Configuration Generator" \
--title "Authentication mode" \ --title "Authentication mode" \
--help-button \ --help-button \
@ -149,7 +149,7 @@ while [ $auth_mode -eq 2 ]; do
done done
chooseMedium Authentication chooseMedium Authentication
auth_dev=$(echo ${mediaArray[$?]} | sed 's/\/dev\/sd[b-z]*[0-1]\[//;s/\]//') auth_dev=$(echo ${mediaArray[$?]} | sed 's/\/dev\/sd[b-z]*[0-1]\[//;s/\]//')
msg "Authentication device chosen with UUID $auth_dev." msg "Removable media: Authentication device" "Authentication device chosen with UUID $auth_dev."
# Panic # Panic
unset media unset media
@ -161,7 +161,7 @@ while [ $auth_mode -eq 2 ]; do
done done
chooseMedium Panic chooseMedium Panic
panic_dev=$(echo ${mediaArray[$?]} | sed 's/\/dev\/sd[b-z]*[0-1]\[//;s/\]//') panic_dev=$(echo ${mediaArray[$?]} | sed 's/\/dev\/sd[b-z]*[0-1]\[//;s/\]//')
msg "Panic device chosen with UUID $panic_dev." msg "Removable media: Panic device" "Panic device chosen with UUID $panic_dev."
;; ;;
"3") "3")
@ -191,25 +191,32 @@ while [ $auth_mode -eq 2 ]; do
esac esac
done done
# serious flag # serious flag
ask "pam_panic's behaviour" "Do you wish to destroy your LUKS header in case of emergency?\nThis means that your encrypted device won't be readable anymore. After this question you will be asked to make a backup of this header." ask "pam_panic's behaviour" "Do you wish to destroy your LUKS header in case of emergency?\nThis means that your encrypted root device won't be readable anymore. After this question you will be asked to make a backup of this header."
serious=$? serious=$?
if [ $serious -eq 0 ]; then if [ $serious -eq 0 ]; then
serious_dev=$(getLUKSDevice UUID) serious_dev=$(getLUKSDevice UUID)
msg "We will destroy $(getLUKSDevice NAME) [$serious_dev] when you trigger the panic function." if [ ! -z $serious_dev ]; then
msg "pam_panic's behaviour" "We will destroy $(getLUKSDevice NAME) [$serious_dev] when you trigger the panic function."
# LUKS header backup # LUKS header backup
ask "LUKS Header backup" "Do you want to make a LUKS-Header backup now?\nIt will be saved at \"$LHBU\"." ask "LUKS Header backup" "Do you want to make a LUKS-Header backup now?\nIt will be saved at \"$LHBU\"."
bu=$? bu=$?
case $bu in case $bu in
"0") "0")
cryptsetup luksHeaderBackup $(getLUKSDevice NAME) --header-backup-file "$LHBU" cryptsetup luksHeaderBackup $(getLUKSDevice NAME) --header-backup-file "$LHBU"
msg "LUKSHeader backup has been saved here: $LHBU" msg "LUKS Header backup" "LUKSHeader backup has been saved here: $LHBU"
;; ;;
esac esac
else
msg "pam_panic's behaviour" "ERROR: There is no encrypted root device on /dev/sda."
serious=1
fi
fi fi
# poweroff / reboot behaviour # poweroff / reboot behaviour
dialog --backtitle "pam_panic's Configuration Generator" \ dialog --backtitle "pam_panic's Configuration Generator" \
--title "pam_panic's behaviour" \ --title "pam_panic's behaviour" \
@ -265,6 +272,7 @@ else
echo -e "$config" > $CONFIGFILE echo -e "$config" > $CONFIGFILE
fi fi
# Finished message # Finished message
clear clear
[ $ov -eq 0 ] && echo "Done! <3" || echo "Nothing done! </3" [ $ov -eq 0 ] && echo "Done! <3" || echo "Nothing done! </3"