#!/bin/sh function help () { echo "Usage: $(basename $0) [-rlshv] [-p password] [entryfile1] [entryfile2...]" echo " -p password give password on command line" echo " -r recurse into subdirs" echo " -l log password in system log - use with extreme care" echo " -s success : return at first failed decoding" echo " -v verbose, more comments displayed" echo " -h this help" echo " Decodes files and directories given as arguments using gpg symetric decoding." # echo " a copy of encoded file is kept on a temp file for security" echo " Encoded files must begin with _" echo " The initial '_' character is trimmed from the encoded file's name." echo " Without args, decodes all crypted files in current directory." } function getpass () { echo "Enter passphrase" read -t30 -s pass=$REPLY } function decrypt () { entryfile=$1 entrydir=$(dirname $1) entrydir=${entrydir%%/}/ entrybsfile=$(basename $1) sortyfile=${entrydir}${entrybsfile##_} TMPFILE=$2 pass=$3 debug_echo "in function decrypt" debug_echo "entryfile is $entryfile" debug_echo "entrydir is $entrydir" debug_echo "entrybsfile is $entrybsfile" debug_echo "sortyfile is $sortyfile" debug_echo "TMPFILE is $TMPFILE" debug_echo "pass is $pass" if [ -f $TMPFILE ]; then chmod u+w $TMPFILE; rm -f $TMPFILE ; fi # to avoid questions if [ $HOSTNAME = Estragon ] then debug_echo "echo -e $pass | gpg --no-mdc-warning --passphrase-fd 0 -o $TMPFILE -d ${entryfile}" echo -e $pass | gpg --no-mdc-warning --passphrase-fd 0 -o $TMPFILE -d ${entryfile} vecho pass is $pass elif [ $HOSTNAME = Vanille ] then debug_echo "echo -e $pass | gpg --passphrase-fd 0 -o $TMPFILE -d ${entryfile}" echo -e $pass | gpg --passphrase-fd 0 -o $TMPFILE -d ${entryfile} fi # ls -l $TMPFILE if [ -f $sortyfile ]; then chmod u+w $sortyfile; rm -f $sortyfile ; fi; # just in case, to avoid permissions problems if [ -s $TMPFILE ] # gpg succeeded then cat $TMPFILE > $sortyfile touch -r $entryfile $sortyfile # BEGIN 2008-04-02-14:19 echo PWD is $PWD showdo mkdir -p ${entrydir}bucoded showdo cp ${entryfile} ${entrydir}bucoded # END 2008-04-02-14:19 chmod u+w ${entryfile}; rm -f ${entryfile} echo -e "Decoding of $entryfile SUCCEEDED\n" return 0 else echo -e "Decoding of $entryfile FAILED: bad passphrase.\n" return 1 fi } function filedec () { vecho "Attempting to decode $name" bsname=$(basename $name) if [ ${bsname##_} != ${bsname} ] # $name begins with _ then vecho "OK, $name begins with _" if [ -s $name ] then if [ "z$pass" = "z" ] then vecho "no pass set"; getpass; if [ $log = true ] then debug_echo "Calling logpass, pass is $pass" logpass fi fi decrypt $name $TMPFILE $pass return $? else vecho "Skipping ${name}: cannot decrypt empty file" return 0 fi else vecho "Skipping ${name}: files to decrypt must begin with the underscore character" return 0 fi } function recudec { debug_echo "Entering recudec, name is $name, recurse is $recurse" if [ -f $name -a -w $name ] then debug_echo "In recudec, $name is a writable file" filedec if [[ $success == true && $? == 1 ]]; then return 1; fi elif [ -d $name -a -w $name -a $(basename $name) != "bucoded" ] then debug_echo "In recudec, $name is a writable directory" oldname=$name for name in ${oldname}/* do debug_echo "Inside recudec loop, name is $name" if [ $recurse = true ] then recudec else if [ -f $name -a -w $name ]; then filedec ; if [[ $success == true && $? == 1 ]]; then return 1; fi else echo "${name}: Not a writable file" fi fi done name=$oldname else echo "${name}: Not a writable file or directory" fi return 0; } # function recudec # { # if [ -f $name -a -w $name ] # then # filedec # elif [ -d $name -a -w $name ] # then # # for name in ${cryptdir}/* # oldname=$name # for name in ${name}/* # do # if [ -f $name -a -w $name ] # then # if [ $recurse = true ] # then # recudec # else # filedec # fi # fi # done # name=$oldname # else # echo "${name}: Not a writable file or directory" # fi # name=$oldname # } # read functions y_or_n and debug_echo source ${MYSOURCERDIR}/interact # cryptdir=$HOME/perso # test help situations if [ z$1 = "z-?" ] || [ z$1 = "z-h" ] || [ z$1 = "z--help" ] then help; exit 1; fi help=false log=false recurse=false verbose=false success=false psswd=false pass= while getopts ":v" Option do case $Option in v ) verbose=true; ;; esac done OPTIND=1 # while getopts ":bchrtvx:" Option while getopts ":hlp:rsv" Option do case $Option in h ) help=true; vecho "Option h" ;; l ) log=true; vecho "Option l" ;; p ) psswd=true; pass=$OPTARG; vecho "Option p, psswd is $psswd, pass is $OPTARG" ;; r ) recurse=true; vecho "Option r, decode recursively" ;; s ) success=true; vecho "Option s" ;; v ) verbose=true; vecho "Option v, verbose mode" ;; * ) help=true; echo "Bad option $OPTARG" ;; esac done shift $(($OPTIND - 1)) # REtest help situations if [ $help = true ] then help ; exit 1; fi if [[ "z$pass" != "z" && $log = true ]] then debug_echo "Calling logpass, pass is $pass" logpass fi TMPFILE=`mktemp /tmp/gpg.XXXXXX` debug_echo "TMPFILE is $TMPFILE" # getpass; if [ $# = 0 ] then args=. else args=$@ fi for name in $args do name=${name%%/} recudec done pass= if [ -f $TMPFILE ]; then chmod u+w $TMPFILE; rm -f $TMPFILE; fi