#!/usr/bin/bash if [ $(/usr/bin/id -u) != 0 ]; then echo "only root can do that"; exit 2; fi #*************************************************************************** # This file is part of the CRYPTO BONE # File : cbcontrol.functions # Version : 1.6 (ALL-IN-ONE) # License : BSD # Date : 2 April 2023 # Contact : Please send enquiries and bug-reports to innovation@senderek.ie # # # Copyright (c) 2015-2023 # Ralf Senderek, Ireland. All rights reserved. (https://senderek.ie) # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by Ralf Senderek. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # #**************************************************************************** SOCK="/usr/lib/cryptobone/secrets.sock" #-------------------------------------------------------------# function sanitize_username { R=$(echo -n $1 | /bin/tr -d '\\\n\t ! "§$%&/()=?`´#*+~;:,|^°_') R=$(echo -n $R | cut -c-15) echo -n "$R" } #-------------------------------------------------------------# function looks_like_email { if [[ $1 = @([0-9A-Za-z])+([0-9A-Za-z\.-])\@@([0-9A-Za-z])+([0-9A-Za-z\.-])\.@([ 0-9A-Za-z])+([0-9A-Za-z]) ]] then return 0 else if [[ $1 = @([0-9A-Za-z])+([0-9A-Za-z\.-])\%@([0-9A-Za-z])+([0-9A-Za-z\.-]) ]] then return 0 fi fi return 1 } #-------------------------------------------------------------# function mailqueue { RES=$(/usr/bin/mailq 2>&1) if [ "${RES}x" = "x" ] then echo "empty" else echo $RES fi } #-------------------------------------------------------------# # ATTACHMENTS #-------------------------------------------------------------# function attachmentlist { TRANSPORT=$(echo "get-element transport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${TRANSPORT}"x = "WEBDROPx" ] ; then if [ -d /dev/shm/RAM/FILES ] ; then /bin/ls /dev/shm/RAM/FILES | sort fi fi } #-------------------------------------------------------------# function move_attachment { USER=$(cat /etc/sudoers.d/cbcontrol | tail -1 | cut -f1 -d " ") if [ ! -d /home/${USER}/.safewebdrop ] ; then /usr/bin/mkdir /home/${USER}/.safewebdrop 2> /dev/null chmod 700 /home/${USER}/.safewebdrop chown ${USER} /home/${USER}/.safewebdrop fi /usr/bin/mv /dev/shm/RAM/FILES/$1 /home/${USER}/.safewebdrop chown ${USER} /home/${USER}/.safewebdrop/* chmod 600 /home/${USER}/.safewebdrop/* if [ $? -eq 0 ] ; then echo "$1 MOVED" fi } #-------------------------------------------------------------# # KEYS #-------------------------------------------------------------# function get_new_key { dd if=/dev/urandom bs=1 count=16 2> /dev/null | base64 | cut -c-22 } #-------------------------------------------------------------# function get_new_secrets { # assemble 3 new keys for NN1, NN2 and NN3 RES=$(echo "all-keys" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null | grep "key.NN") typeset -i COUNT=0 while [ $COUNT -lt 3 ] do COUNT=${COUNT}+1 if ! echo ${RES} | grep "key.NN${COUNT}" 2>&1 > /dev/null then NEWKEY=$(get_new_key) echo "write key.NN${COUNT}.key ${NEWKEY}" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null NEWKEY="xxxxxxxxxxxxxxxxxxxxxxxx" fi done RES=$(echo "all-keys" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null | grep "key.NN") for KEY in $(echo ${RES}) do if echo $KEY | grep "key.NN" then RES=$(echo "get-element $KEY" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo ${KEY}:${RES} fi done } #-------------------------------------------------------------# function register_new_key { if [ "$1x" != "x" ] then if [ "$2x" != "x" ] then if looks_like_email $1 then echo replace "key."$1".key" "$2" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo get-element "key."$1".key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES}x" = "$2x" ] then # if transport is WEBDROP RES=$(echo "get-element transport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" != "Errorx" ] ; then if [ "${RES}x" = "WEBDROPx" ] ; then /usr/lib/cryptobone/safewebdrop/bin/safewebdropcontact "$1" "$2" fi fi # destroy nextkey, lastkey and flag if they exist RES=$(echo remove "key."$1".nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo remove "key."$1".lastkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo remove "key."$1".flag" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) # if the new key is "00000000000000000000", # then destroy the key to eliminate the recipient from the list if [ "$2x" = "00000000000000000000x" ] then RES=$(echo remove "key."$1".key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo " : $1" has been deleted. else echo "success" fi else echo "failed" fi set $2 "xxxxxxxxxxxxxxxxxxxxxxxx" RES="xxxxxxxxxxxxxxxxxxxxxxxx" else echo "failed : not an email address" fi fi fi } #-------------------------------------------------------------# function reset_key_for_email { # make sure the contact is blocked if [ "$1x" != "x" ] then NEWKEY=$(get_new_key) # this key is not known outside the Crypto Bone if looks_like_email $1 then RES=$(echo replace "key."$1".key" "${NEWKEY}" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo get-element "key."$1".key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" != "x" ] then echo "success" else echo "failed" fi NEWKEY="xxxxxxxxxxxxxxxxxxxxxxxx" RES="xxxxxxxxxxxxxxxxxxxxxxxx" else echo "failed : not an email address" fi fi } #-------------------------------------------------------------# function change_email_address { if [ "$1x" != "x" ] then if ! looks_like_email $1 then if [[ $1 != "NN1" && $1 != "NN2" && $1 != "NN3" ]] then echo "failed : Invalid key identifier. Check the email address." return 1 fi fi if [ "$2x" != "x" ] then KEY=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${KEY}x" != "x" ] then # contact exists # check if new email is registered already NEWKEY=$(echo get-element "key.$2.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${NEWKEY}x" = "x" ] then # new email address is not in use # remove old entry RES=$(echo remove "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) # write new entry with old key RES=$(echo write "key.$2.key" ${KEY} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo "success" else echo "failed : New contact email is in use." fi KEY="xxxxxxxxxxxxxxxxxxxxxxxx" NEWKEY="xxxxxxxxxxxxxxxxxxxxxxxx" else # cannot change an email on an non-existing key echo "failed : There is no key for this name." fi fi fi } #-------------------------------------------------------------# function contact_registered { if [ "$1x" != "x" ] then RES=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES}x != "x" ] then echo "yes" else echo "no" fi fi } #-------------------------------------------------------------# function recipient_list { RES=$(echo "all-keys" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) TRANSPORT=$(echo "get-element transport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) for KEY in $(echo ${RES}) do if echo $KEY | grep "\.key$" | grep -v "NN" 2> /dev/null > /dev/null then CONTACT=${KEY#*key\.} CONTACT=${CONTACT%\.key*} # check transport if [ "${TRANSPORT}x" = "EMAILx" ] ; then if echo ${CONTACT} | grep "@" 2>&1 > /dev/null then echo ${CONTACT} fi else if echo ${CONTACT} | grep "%" 2>&1 > /dev/null then echo ${CONTACT} fi fi fi done } #-------------------------------------------------------------# # READ #-------------------------------------------------------------# function get_message_list { TRANSPORT=$(echo "get-element transport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${TRANSPORT}x" = "EMAILx" ] ; then /bin/ls /dev/shm/RAM/MESSAGES | grep "@" 2>/dev/null | sort else /bin/ls /dev/shm/RAM/MESSAGES | grep "%" 2>/dev/null | sort fi } #-------------------------------------------------------------# function read_message { if [ "$1x" != "x" ] then if [ -r /dev/shm/RAM/MESSAGES/$1 ] then cat /dev/shm/RAM/MESSAGES/$1 | base64 echo $1 >> /dev/shm/RAM/read else echo "failed : no such file" fi fi } #-------------------------------------------------------------# function get_email_list { /bin/ls /dev/shm/RAM/IN 2>/dev/null | sort | tail -15 } #-------------------------------------------------------------# function read_email { if [ "$1x" != "x" ] then if [ -r /dev/shm/RAM/IN/$1 ] then cat /dev/shm/RAM/IN/$1 | base64 else echo "failed : no such file" fi fi } #-------------------------------------------------------------# function destroy_message { if [ "$1x" != "x" ] then if [ -w /dev/shm/RAM/MESSAGES/$1 ] then # overwrite /bin/rm /dev/shm/RAM/MESSAGES/$1 echo "success" else echo "failed : cannot delete $1" fi fi } #-------------------------------------------------------------# # WRITE #-------------------------------------------------------------# function write_message { # $1 recipient # $2 base64-encoded message if [ "$1x" != "x" ] then if [ "$2x" != "x" ] then MYSELF=$(echo "get-element mailuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) MESSAGE=$(/bin/echo $2 | base64 -d) MESSAGE="$(/bin/date +'%x %X')\n\n${MESSAGE}" echo echo "Sending a message to $1" NEXT=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) ENCRYPTIONKEY="none" if [ "${NEXT}x" = "x" ] then # no nextkey available, first message out, ever. # initialisation required # echo "doing init" RES=$(echo replace "key."$1".nextkey" "none" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) NEXT="none" RES=$(echo replace "key."$1".lastkey" "none" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".flag" "false" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) fi # now there is a set of keys in the secrets database NEXT=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${NEXT}x" = "nonex" ] then # never sent or received a message NEXT=$(get_new_key) # create a new nextkey ENCRYPTIONKEY=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) # overwrite nextkey (none) RES=$(echo replace "key."$1".nextkey" ${NEXT} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) # set flag true RES=$(echo replace "key."$1".flag" "true" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) else # we have sent or received messages FLAG=$(echo get-element "key.$1.flag" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${FLAG}x" = "truex" ] then # we have already sent the nextkey, use it again. # and do no change the secrets database ENCRYPTIONKEY=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) NEXT=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) else # Our correspondent has sent a message, this is our reply to it, # we'll use the nextkey to encrypt our message and create a new one. # Save key in lastkey, in case we'll receive messages that are delayed # and are encrypted with this key. # These late messages may arrive after we have sent our message. # In addition transfer nextkey to key to make space for a new nextkey and store it. # Set the flag, to indicate we've created a new nextkey. # Our correspondent had reset the flag previously and had stored the nextkey # via the script processmessage. ENCRYPTIONKEY=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) KEY=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) NEXT=$(get_new_key) # create a new nextkey RES=$(echo replace "key."$1".lastkey" ${KEY} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".key" ${ENCRYPTIONKEY} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".nextkey" ${NEXT} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".flag" "true" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) fi fi MESSAGE=${MESSAGE}\\n${NEXT} if [ ${#ENCRYPTIONKEY} -ge 20 ] then RES=$(echo encrypt $(echo -en "${MESSAGE}" | base64 --wrap=0) ${ENCRYPTIONKEY} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo cat /usr/lib/cryptobone/cryptobone/encryptedmessage.asc echo RES=$(/usr/lib/cryptobone/bin/sendmessage ${MYSELF} $1 2> /dev/null) echo "success: ${RES}" else echo "failed: no secure encryption key available" fi fi fi } #-------------------------------------------------------------# function safewebdrop_message { # $1 recipient # $2 base64-encoded message # $3 attachment file name if [ "$1x" != "x" ] then if [ "$2x" != "x" ] then MYSELF=$(echo "get-element webdropuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) MYSERVER=$(echo "get-element webdropserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) MESSAGE=$(/bin/echo $2 | base64 -d) MESSAGE="$(/bin/date +'%x %X')\n\n${MESSAGE}" echo echo "Sending a message to $1" NEXT=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) ENCRYPTIONKEY="none" if [ "${NEXT}x" = "x" ] then # no nextkey available, first message out, ever. # initialisation required # echo "doing init" RES=$(echo replace "key."$1".nextkey" "none" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) NEXT="none" RES=$(echo replace "key."$1".lastkey" "none" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".flag" "false" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) fi # now there is a set of keys in the secrets database NEXT=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${NEXT}x" = "nonex" ] then # never sent or received a message NEXT=$(get_new_key) # create a new nextkey ENCRYPTIONKEY=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) # overwrite nextkey (none) RES=$(echo replace "key."$1".nextkey" ${NEXT} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) # set flag true RES=$(echo replace "key."$1".flag" "true" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) else # we have sent or received messages FLAG=$(echo get-element "key.$1.flag" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${FLAG}x" = "truex" ] then # we have already sent the nextkey, use it again. # and do no change the secrets database ENCRYPTIONKEY=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) NEXT=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) else # Our correspondent has sent a message, this is our reply to it, # we'll use the nextkey to encrypt our message and create a new one. # Save key in lastkey, in case we'll receive messages that are delayed # and are encrypted with this key. # These late messages may arrive after we have sent our message. # In addition transfer nextkey to key to make space for a new nextkey and store it. # Set the flag, to indicate we've created a new nextkey. # Our correspondent had reset the flag previously and had stored the nextkey # via the script processmessage. ENCRYPTIONKEY=$(echo get-element "key.$1.nextkey" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) KEY=$(echo get-element "key.$1.key" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) NEXT=$(get_new_key) # create a new nextkey RES=$(echo replace "key."$1".lastkey" ${KEY} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".key" ${ENCRYPTIONKEY} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".nextkey" ${NEXT} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) RES=$(echo replace "key."$1".flag" "true" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) fi fi if [ "$3"x != "x" ] && [ "$3"x != "nonex" ] ; then # an attachment file name is added MESSAGE=${MESSAGE}"\\n\\nAttachment: ${3##*/}\\n" fi MESSAGE=${MESSAGE}\\n${NEXT} if [ ${#ENCRYPTIONKEY} -ge 20 ] then RES=$(echo encrypt $(echo -en "${MESSAGE}" | base64 --wrap=0) ${ENCRYPTIONKEY} | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo cat /usr/lib/cryptobone/cryptobone/encryptedmessage.asc echo MYSELF=${MYSELF}%${MYSERVER} if [ "$3"x = "x" ] || [ "$3"x = "nonex" ] ; then # no attachment RES=$(/usr/lib/cryptobone/safewebdrop/bin/sendsafewebdrop ${MYSELF} $1 none 2> /dev/null) else ### echo "HANDLING ATTACHMENT $3" /usr/bin/rm -f /usr/lib/cryptobone/cryptobone/attachment 2> /dev/null /usr/bin/rm -f /usr/lib/cryptobone/cryptobone/attachment.asc 2> /dev/null Filename="$3" cp ${Filename} /usr/lib/cryptobone/cryptobone/attachment # use modified claes to encrypt the attachment echo "${ENCRYPTIONKEY}" | /usr/lib/cryptobone/bin/claes /usr/lib/cryptobone/cryptobone/attachment > /dev/null 2> /dev/null if [ $? -eq 0 ]; then /usr/bin/rm -f /usr/lib/cryptobone/cryptobone/attachment 2> /dev/null RES=$(/usr/lib/cryptobone/safewebdrop/bin/sendsafewebdrop ${MYSELF} $1 ${Filename} 2> /dev/null) fi fi echo "success: ${RES}" else echo "failed: no secure encryption key available" fi fi fi } #-------------------------------------------------------------# # SETUP #-------------------------------------------------------------# function get_id { RES=$(echo "get-element mailuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" != "Errorx" ] then if [ "${RES%%:*}x" != "x" ] then echo ${RES} else echo "failed" fi else echo "failed" fi } #-------------------------------------------------------------# function get_transport { RES=$(echo "get-element transport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" != "Errorx" ] then if [ "${RES%%:*}x" != "x" ] then echo ${RES} else echo "failed" fi else echo "failed" fi } #-------------------------------------------------------------# function setup_transport { echo replace transport "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element transport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" = "$1x" ] then echo "success" else echo "failed" fi /usr/lib/cryptobone/bin/createfetchmailrc } #-------------------------------------------------------------# function setup_mailserver { echo replace mailserver "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element mailserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" = "$1x" ] then echo "success" else echo "failed" fi /usr/lib/cryptobone/bin/createfetchmailrc } #-------------------------------------------------------------# function setup_mailuser { echo replace mailuser "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element mailuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" = "$1x" ] then echo "success" else echo "failed" fi /usr/lib/cryptobone/bin/createfetchmailrc } #-------------------------------------------------------------# function setup_mailpassword { echo replace mailpassword "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element mailpassword" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "$1x" ] then echo "success" else echo "failed" fi /usr/lib/cryptobone/bin/createfetchmailrc } #-------------------------------------------------------------# function setup_smtpserver { echo replace smtpserver "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element smtpserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "$1x" ] then echo "success" else echo "failed" fi /usr/lib/cryptobone/bin/createfetchmailrc } #-------------------------------------------------------------# function setup_smtpport { echo replace smtpport "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element smtpport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "$1x" ] then echo "success" else echo "failed" fi /usr/lib/cryptobone/bin/createfetchmailrc } #-------------------------------------------------------------# function setup_smtptls { echo replace smtptls "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element smtptls" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "$1x" ] then echo "success" else echo "failed" fi /usr/lib/cryptobone/bin/createfetchmailrc } #-------------------------------------------------------------# function show_setup { SERVER=$(echo "get-element mailserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) USER=$(echo "get-element mailuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) PASSWORD=$(echo "get-element mailpassword" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo "mailserver:${SERVER}" echo "mailuser:${USER}" echo "mailpassword:${PASSWORD}" SMTPSERVER=$(echo "get-element smtpserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) SMTPPORT=$(echo "get-element smtpport" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) SMTPTLS=$(echo "get-element smtptls" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo "smtpserver:${SMTPSERVER}" echo "smtpport:${SMTPPORT}" echo "smtptls:${SMTPTLS}" } #-------------------------------------------------------------# # SAFE WEBDROP #-------------------------------------------------------------# function get_wid { RES=$(echo "get-element webdropuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" != "Errorx" ] then if [ "${RES%%:*}x" != "x" ] then echo ${RES} else echo "failed" fi else echo "failed" fi } #-------------------------------------------------------------# function show_safewebdrop_setup { SERVER=$(echo "get-element webdropserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) USER=$(echo "get-element webdropuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) PASSWORD=$(echo "get-element webdropsecret" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) echo "webdropserver:${SERVER}" echo "webdropuser:${USER}" echo "webdropsecret:${PASSWORD}" } #-------------------------------------------------------------# function setup_safewebdropserver { echo replace webdropserver "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element webdropserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" = "$1x" ] then echo "success" else echo "failed" fi } #-------------------------------------------------------------# function setup_safewebdropuser { NEW=$(sanitize_username "$1") echo replace webdropuser "${NEW}" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element webdropuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ "${RES%%:*}x" = "$1x" ] then echo "success" else echo "failed" fi } #-------------------------------------------------------------# function setup_safewebdropsecret { echo replace webdropsecret "$1" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element webdropsecret" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "$1x" ] then echo "success" else echo "failed" fi } #-------------------------------------------------------------# function setup_register_safewebdrop { RES=$(echo "get-element registrationcode" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "nonex" ] then # this registration is the first attempt # create a new webdropsecret to encrypt the RSA private key NEWKEY=$(get_new_key) echo replace webdropsecret "${NEWKEY}" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element webdropsecret" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "${NEWKEY}x" ] then #echo ### echo ${NEWKEY} ### to control the success # get the ID and server name SERVER=$(echo "get-element webdropserver" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) USER=$(echo "get-element webdropuser" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) # generate new RSA keys secured with the new webdropsecret rm -f /usr/lib/cryptobone/safewebdrop/private.pem rm -f /usr/lib/cryptobone/safewebdrop/pubkey.pem /usr/lib/cryptobone/safewebdrop/bin/createRSA ${NEWKEY} # start safewebdropregistration CODE=$(/usr/lib/cryptobone/safewebdrop/bin/safewebdropregistration ${USER} ${SERVER}) if [ ${#CODE} -gt 19 ] then # store the registration code echo replace registrationcode "${CODE}" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null echo ${CODE} else echo "registration failed" fi fi fi } #-------------------------------------------------------------# function setup_clear_safewebdrop_registration { echo "replace registrationcode none" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null RES=$(echo "get-element registrationcode" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x = "nonex" ] then echo "success" else echo "failed" fi } #-------------------------------------------------------------# function setup_get_safewebdrop_registration { RES=$(echo "get-element registrationcode" | socat -t15 - UNIX-connect:$SOCK 2> /dev/null) if [ ${RES%%:*}x != "x" ] then echo "${RES}" else echo "failed" fi } #-------------------------------------------------------------# # ALL-IN-ONE Functions #-------------------------------------------------------------# function clear_RAM { /usr/lib/cryptobone/bin/savemessages /bin/rm -rf /dev/shm/RAM } #-------------------------------------------------------------# function cryptobonesuspend { echo "success" } #-------------------------------------------------------------# function cryptoboneresume { echo "success" } #-------------------------------------------------------------# function check_external { if [ -L /usr/lib/cryptobone/ext/masterkey ] && [ -d /dev/shm/EXRAM ] ; then echo "This machine is an EXTERNAL Cryptobone" else echo "ALLINONE" fi } #-------------------------------------------------------------#