#!/bin/bash function help () { echo "Usage: $(basename $0) [-rlshv] [-p password] entryfile1 [entryfile2...]" echo " -p password give password on command line BEWARE!" echo " -e pwentry give name of pwsafe entry" echo " -r recurse into subdirs" echo " -l log password in system log - USE WITH EXTREME CARE" echo " -s success : return at first failed decoding" echo " -v verbose, more comments displayed" echo " -h this help" echo " Decodes files and directories given as arguments using gpg symetric decoding." # echo " a copy of encoded file is kept on a temp file for security" echo " Encoded files must begin with _" echo " The initial '_' character is trimmed from the encoded file's name." echo " Without args, decodes all crypted files in current directory using \$PWENTRY_DEF as entry." } function decrypt () { entryfile=$1 entrydir0=$(dirname $1) entrydir=${entrydir0%%/}/ entrybsfile=$(basename $1) sortyfile=${entrydir}${entrybsfile##_} TMPFILE=$2 pass=$3 vecho "in function decrypt" vecho "entryfile is $entryfile" vecho "entrydir is $entrydir" vecho "entrybsfile is $entrybsfile" vecho "sortyfile is $sortyfile" vecho "TMPFILE is $TMPFILE" vecho "pass is $pass" if [ -f $TMPFILE ]; then chmod u+w $TMPFILE; rm -f $TMPFILE ; fi # to avoid questions # if [ $HOSTNAME = Estragon ] # then # vecho "echo -e $pass | gpg --batch --no-mdc-warning --passphrase-fd 0 -o $TMPFILE -d ${entryfile}" # echo -e $pass | gpg --batch --no-mdc-warning --passphrase-fd 0 -o $TMPFILE -d ${entryfile} # vecho pass is $pass # elif [ $HOSTNAME = Vanille ] # then # vecho "echo -e $pass | gpg --batch --passphrase-fd 0 -o $TMPFILE -d ${entryfile}" # echo -e $pass | gpg --batch --passphrase-fd 0 -o $TMPFILE -d ${entryfile} # fi # ls -l $TMPFILE # vecho "echo -e $pass | gpg --batch --no-mdc-warning --passphrase-fd 0 -o $TMPFILE -d ${entryfile}" # echo -e $pass | gpg --batch --no-mdc-warning --passphrase-fd 0 -o $TMPFILE -d ${entryfile} vecho "echo -e $pass | gpg --batch --passphrase-fd 0 -o $TMPFILE -d ${entryfile}" echo -e $pass | gpg --batch --passphrase-fd 0 -o $TMPFILE -d ${entryfile} if [ -f $sortyfile ]; then chmod u+w $sortyfile; rm -f $sortyfile ; fi; # just in case, to avoid permissions problems if [ -s $TMPFILE ] # gpg succeeded then cat $TMPFILE > $sortyfile touch -r $entryfile $sortyfile # BEGIN 2008-04-02-14:19 echo PWD is $PWD showdo mkdir -p ${entrydir}bucoded showdo cp ${entryfile} ${entrydir}bucoded # END 2008-04-02-14:19 chmod u+w ${entryfile}; rm -f ${entryfile} echo -e "Decoding of $entryfile SUCCEEDED\n" return 0 else echo -e "Decoding of $entryfile FAILED: bad passphrase.\n" return 1 fi } function filedec () { vecho "Attempting to decode $name" bsname=$(basename $name) if [ ${bsname##_} != ${bsname} ] # $name begins with _ then vecho "OK, $name begins with _" if [ -s $name ] then if [ "z$pass" = "z" ] then vecho "no pass set"; getpass NON; if [ $log = true ] then vecho "Calling logpass, pass is $pass" logpass fi fi decrypt $name $TMPFILE $pass return $? else vecho "Skipping ${name}: cannot decrypt empty file" return 0 fi else vecho "Skipping ${name}: files to decrypt must begin with the underscore character" return 0 fi } function recudec { vecho "Entering recudec, name is $name, recurse is $recurse" if [ -f "$name" -a -w "$name" ] then vecho "In recudec, $name is a writable file" filedec if [[ $success == true && $? == 1 ]]; then return 1; fi elif [ -d "$name" -a -w "$name" -a $(basename "$name") != "bucoded" ] then vecho "In recudec, $name is a writable directory" oldname="$name" # for name in ${oldname}/* # CO 2021-01-05-03:46 for name in ${oldname}/* ${oldname}/.* do vecho "Inside recudec loop, name is $name" if [ $recurse = true ] then recudec else if [ -f "$name" -a -w "$name" ]; then filedec ; if [[ $success == true && $? == 1 ]]; then return 1; fi else echo "${name}: Not a writable file" fi fi done name=$oldname elif [ $(basename "$name") == "bucoded" ] then echo "${name}: Security backup - I won't touch it" else base=$(basename "$name") vecho "base is $base" crypname=$(dirname "$name")/_$(basename "$name") vecho "crypname is $crypname" if [ -f $crypname -a -w $crypname ] then name=$crypname; filedec else echo "${name}: Not a writable file or directory" fi fi return 0; } # function recudec # { # if [ -f $name -a -w $name ] # then # filedec # elif [ -d $name -a -w $name ] # then # # for name in ${cryptdir}/* # oldname=$name # for name in ${name}/* # do # if [ -f $name -a -w $name ] # then # if [ $recurse = true ] # then # recudec # else # filedec # fi # fi # done # name=$oldname # else # echo "${name}: Not a writable file or directory" # fi # name=$oldname # } if [[ "z${MYSOURCERDIR}" = "z" || ! -d ${MYSOURCERDIR} ]] then MYSOURCERDIR=${HOME}/bin/sourcers fi source ${MYSOURCERDIR}/interact envassert MYSOURCERDIR # read functions y_or_n and vecho source ${MYSOURCERDIR}/interact source ${MYSOURCERDIR}/getpass # cryptdir=$HOME/perso # test help situations if [ z$1 = "z-?" ] || [ z$1 = "z-h" ] || [ z$1 = "z--help" ] then help; exit 1; fi PWENTRY_DEF=perso help=false log=false recurse=false verbose=false success=false pass_spec=NON pass= pwentry_spec=NON pwentry=$PWENTRY_DEF while getopts ":v" Option do case $Option in v ) verbose=true; ;; esac done OPTIND=1 # while getopts ":bchrtvx:" Option while getopts ":e:hlp:rsv" Option do case $Option in h ) help=true; vecho "Option h" ;; l ) log=true; vecho "Option l" ;; p ) pass_spec=OUI; pass=$OPTARG; vecho "Option p, pass_spec is $pass_spec, pass is $OPTARG" ;; e ) pwentry_spec=OUI; pwentry="$OPTARG"; vecho "Option e, example option with arg" ;; r ) recurse=true; vecho "Option r, decode recursively" ;; s ) success=true; vecho "Option s" ;; v ) verbose=true; vecho "Option v, verbose mode" ;; * ) help=true; echo "Bad option $OPTARG" ;; esac done shift $(($OPTIND - 1)) # REtest help situations if [ $help = true ] then help ; exit 1; fi vecho pwentry_spec is $pwentry_spec vecho pass_spec is $pass_spec if [[ $pwentry_spec = OUI && $pass_spec = OUI ]] then echo "-p and -e options are mutually exclusive" help; exit 1; fi if [[ "z$pass" != "z" && $log = true ]] then vecho "Calling logpass, pass is $pass" logpass fi TMPFILE=`mktemp /tmp/gpg.XXXXXX` vecho "TMPFILE is $TMPFILE" # getpass; if [ $# = 0 ] then args=. else args=$@ fi # for name in $args # do # name=${name%%/} # vecho "1 name is $name" # base=$(basename $name) # if [ ${base##_} == $base ] # crypname=$(dirname $name)/_$(basename $name) # vecho "crypname is $crypname" # if [ -f $name ] # then # continue # elif [ -f $crypname ] # then # name=${crypname} # vecho "3 name is $name" # else # vecho "4 name is $name" # fi # recudec # done for name in $args do name=${name%%/} vecho "name is $name" recudec done pass= if [ -f $TMPFILE ]; then chmod u+w $TMPFILE; rm -f $TMPFILE; fi