Navigation

← Previous Changeset
Next Changeset →

Changeset 279

Timestamp:

05/08/08 00:13:42 (7 months ago)

Author:

mbr

Message:

Changed --Obfuscate-filenames format to not include the gpgdir PID.
This allows directories to be encrypted/decrypted under -O multiple
times without creating new filenames (which would pollute encrypted
directories under rsync to other systems). The new -O encrypted
filename format is just "gpgdir_<num>.gpg".
Added PID locking against directories so that multiple gpgdir processes
cannot operate against the same top-level directory simultaneously.

Files:

gpgdir/trunk/ChangeLog (modified) (1 diff)
gpgdir/trunk/gpgdir (modified) (11 diffs)
gpgdir/trunk/test/gpgdir_test.pl (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

gpgdir/trunk/ChangeLog

r275	r279
	1	gpgdir-1.9 (05//2008):
	2	- Changed --Obfuscate-filenames format to not include the gpgdir PID.
	3	This allows directories to be encrypted/decrypted under -O multiple
	4	times without creating new filenames (which would pollute encrypted
	5	directories under rsync to other systems). The new -O encrypted
	6	filename format is just "gpgdir_<num>.gpg".
	7	- Added PID locking against directories so that multiple gpgdir processes
	8	cannot operate against the same top-level directory simultaneously.
	9
1	10	gpgdir-1.8 (04/04/2008):
2	11	- Updated the test suite to validate the gpgdir --Obfuscate-filenames

gpgdir/trunk/gpgdir

r275	r279
13	13	# Version: 1.8
14	14	#
15		# Copyright (C) 2002-2007 Michael Rash (mbr@cipherdyne.org)
	15	# Copyright (C) 2002-2008 Michael Rash (mbr@cipherdyne.org)
16	16	#
17	17	# License (GNU General Public License):
…	…
61	61	my $include_pat = '';
62	62	my $include_file = '';
	63	my $pid_file = '';
63	64	my $total_encrypted = 0;
64	65	my $total_decrypted = 0;
…	…
295	296	$skip_test_mode = 1 if $trial_run;
296	297
	298	if ($dir eq '.') {
	299	$dir = $initial_dir;
	300	} elsif ($dir !~ m\|^/\|) {
	301	$dir = $initial_dir . '/' . $dir;
	302	}
	303	$dir =~ s\|/$\|\|; ### remove any trailing slash
	304
	305	### make sure another gpgdir process is not trying to operate
	306	### on the same directory
	307	$pid_file = "$dir/.gpgdir.pid";
	308	&unique_pid();
	309	&write_pid();
	310
297	311	if ($symmetric_mode) {
298	312	&get_password();
…	…
301	315	}
302	316
303		~~if ($dir eq '.') {~~
304		~~$dir = $initial_dir;~~
305		~~} elsif ($dir !~ m\|^/\|) {~~
306		~~$dir = $initial_dir . '/' . $dir;~~
307		}
308		~~$dir =~ s\|/$\|\|; ### remove any trailing slash~~
309
310	317	### run a test to make sure gpgdir and encrypt and decrypt a file
311	318	unless ($skip_test_mode) {
…	…
330	337	unless ($obfuscate_mode) {
331	338	if ($have_obfuscated_file) {
332		print "[-] Obfuscated filenames detected, try decrypting with -O.\n"
	339	print "[-] Obfuscated filenames detected, try decrypting with -O\n"
333	340	unless $quiet;
334	341	}
…	…
341	348	print "[+] Total number of files decrypted: " .
342	349	"$total_decrypted\n" unless $quiet;
	350	}
	351
	352	if (-e $pid_file) {
	353	unlink $pid_file or die "[*] Could not remove pid file $pid_file: $!";
343	354	}
344	355
…	…
599	610	}
600	611
601		$encrypt_filename = 'gpgdir_' . $$ . '_'
602		. $obfuscate_ctrs{$dir} . '.gpg';
	612	$encrypt_filename = 'gpgdir_' . $obfuscate_ctrs{$dir} . '.gpg';
603	613	}
604	614
…	…
684	694
685	695	} else {
686		if (not $force_mode and $file =~ /gpgdir_\d+_\d+.gpg/) {
	696	if (not $force_mode and ($file =~ /gpgdir_\d+_\d+\.gpg/
	697	or $file =~ /gpgdir_\d+\.gpg/)) {
687	698	### be careful not to decrypt obfuscated file unless we
688	699	### are running in -O mode. This ensures that the
…	…
854	865	"$obfuscate_map_filename: $!";
855	866	while (<F>) {
856		if (/^\s.\s+(gpgdir_\d+_\d+.gpg)/) {
	867	if (/^\s.\s+(gpgdir_\d+_\d+\.gpg)/) {
	868	if (-e $1) {
	869	push @existing_obfuscated_files, $_;
	870	}
	871	} elsif (/^\s.\s+(gpgdir_\d+\.gpg)/) {
857	872	if (-e $1) {
858	873	push @existing_obfuscated_files, $_;
…	…
896	911	"$obfuscate_map_filename: $!";
897	912	while (<G>) {
898		if (/^\s(.)\s+(gpgdir_\d+_\d+.gpg)/) {
	913	if (/^\s(.)\s+(gpgdir_\d+_\d+\.gpg)/) {
	914	$obfuscated_dirs{$dir}{$2} = $1;
	915	$total_mapped_files++;
	916	} elsif (/^\s(.)\s+(gpgdir_\d+\.gpg)/) {
899	917	$obfuscated_dirs{$dir}{$2} = $1;
900	918	$total_mapped_files++;
…	…
1156	1174	return 1 if $ans eq 'y';
1157	1175	return 0;
	1176	}
	1177
	1178	sub unique_pid() {
	1179	return unless -e $pid_file;
	1180	open P, "< $pid_file" or die "[*] Could not open $pid_file: $!";
	1181	my $pid = <P>;
	1182	chomp $pid;
	1183	close P;
	1184	if (kill 0, $pid) {
	1185	die "[*] Another gpgdir process (pid: $pid) is already ",
	1186	"running against\n $dir";
	1187	}
	1188	return;
	1189	}
	1190
	1191	sub write_pid() {
	1192	open P, "> $pid_file" or die "[*] Could not open $pid_file: $!";
	1193	print P $$, "\n";
	1194	close P;
	1195	return;
1158	1196	}
1159	1197

gpgdir/trunk/test/gpgdir_test.pl

r269	r279
236	236	for my $file (@data_dir_files) {
237	237	if (-f $file and not ($file =~ m\|^\.\| or $file =~ m\|/\.\|)) {
238		### gpgdir_~~20089_~~1.gpg
239		unless ($file =~ m\|gpgdir_\d+~~_\d+~~\.gpg$\|) {
	238	### gpgdir_1.gpg
	239	unless ($file =~ m\|gpgdir_\d+\.gpg$\|) {
240	240	return &print_errors("fail ($test_num)\n[*] " .
241	241	"File $file not encrypted and obfuscated");

Navigation

Changeset 279

Legend:

gpgdir/trunk/ChangeLog

gpgdir/trunk/gpgdir

gpgdir/trunk/test/gpgdir_test.pl

Download in other formats: