diff options
author | Erich Eckner <git@eckner.net> | 2017-10-28 23:13:38 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2017-10-28 23:13:38 +0200 |
commit | d079e330e35093c0f821d1f1d007ccd9c004dd0c (patch) | |
tree | 517cdc5fc9caea832771fadbc9dc63108cd0037e /cryptfs.bin.in | |
parent | a9b6c51da7e3016d0150f70c7ac7675d725d77c0 (diff) | |
download | cryptfs-daemon-d079e330e35093c0f821d1f1d007ccd9c004dd0c.tar.xz |
sollte jetzt fuer alle passen ...
Diffstat (limited to 'cryptfs.bin.in')
-rw-r--r-- | cryptfs.bin.in | 236 |
1 files changed, 236 insertions, 0 deletions
diff --git a/cryptfs.bin.in b/cryptfs.bin.in new file mode 100644 index 0000000..fde3bd0 --- /dev/null +++ b/cryptfs.bin.in @@ -0,0 +1,236 @@ +#!/bin/bash +# +# #BINDIR#/cryptfs: mount/umount encrypted partitions +# + +set -e + +if [ $# -eq 1 ] && [ "x$1" = 'x-u' ]; then + unmount=true +elif [ $# -eq 0 ]; then + unmount=false +else + >&2 printf 'Usage: %s [-u]\n' "$0" + exit 1 +fi + +give_all_parent_dirs() { + local odir + local dir + odir="$1" + odir="/${odir#/}" + dir="${odir%/*}" + while [ "${dir}" != '' ]; do + printf '%s %s\n' "${odir}" "${dir}" + dir="${dir%/*}" + done +} + +inner_fs_to_mountorder() { + { + echo "${fstab}" | \ + grep "^$1 " | \ + awk '{print "x " $3}' + echo "${fstab}" | \ + sed -n ' + s|^\(\S\+\) \S\+ \(\S\+\)\( .*\)\?$|\1 \2| + T + p + ' | \ + while read -r order dir; do + give_all_parent_dirs "${dir}" | \ + awk '{print "'"${order}"' " $1 " " $2}' + done | \ + sort -k3,3 -k2r,2 | \ + uniq -f2 | \ + cut -d' ' -f1,3 + } | \ + sort -k2r,2 -k1,1 | \ + uniq -f1 -d | \ + cut -d' ' -f1 +} + +mountpoint_to_file() { + { + echo "${fstab}" | \ + awk '{print $1 " " $3}' + give_all_parent_dirs "$1" | \ + awk '{print "x " $2}' + } | \ + sort -k2r,2 -k1,1 | \ + uniq -f1 -d | \ + cut -d' ' -f1 | \ + head -n1 +} + +mountorder_to_device() { + { + printf 'x %s\n' "$1" + echo "${fstab}" | \ + awk '{print $1 " " $2}' | \ + sort -k2,2 -u + } | \ + sort -k2,2 -k1,1 | \ + uniq -f1 -d | \ + cut -d' ' -f1 +} + +crypttab=$( + sed ' + s|^\s*#CONF_PREFIXES#\s*|| + /^\s*#/d + /^\s*$/d + s/\s\+/ /g + ' '#ETCDIR#/crypttab' | \ + sort -u | \ + sed ' + s|UUID=|#UUIDDIR#/| + s/\s\+/ /g + s/^ // + ' +) +fstab=$( + sed ' + s|^\s*#CONF_PREFIXES#\s*|| + /^\s*#/d + /^\s*\S\+\s\+[^\/[:space:]]/d + /^\s*$/d + s/\s\+/ /g + ' '#ETCDIR#/fstab' | \ + sort -u | \ + cat -n | \ + sed ' + s|UUID=|#UUIDDIR#/| + s/\s\+/ /g + s/^ // + s/ \+$// + ' +) + +mount_details() { + echo "${fstab}" | \ + grep "^$2 " | \ + while read -r _ source dest fs opts _; do + case "$1" in + 'mp') + printf '%s\n' "${dest}" + ;; + 'dev') + printf '%s\n' "${source}" + ;; + 'fs') + printf '%s\n' "${fs}" + ;; + 'all') + printf -- '-t %s ' "${fs}" + if [ -n "${opts}" ] && \ + [ "${opts}" != 'defaults' ]; then + printf -- '-o %s ' "${opts}" + fi + printf '%s %s\n' "${source}" "${dest}" + ;; + *) + >&2 printf 'unknown mount_details "%s"\n' "$1" + exit 42 + ;; + esac + done +} + +is_mounted() { + mountpoint -q "$(mount_details mp "$1")" +} + +is_unlocked() { + cryptsetup status "$1" >/dev/null 2>&1 +} + +do_mount() { + local inner_fs + if is_mounted "$1"; then + return + fi + inner_fs=$(inner_fs_to_mountorder "$1") + + case "$(mount_details fs "$1")" in + 'ext'*) + e2fsck $(mount_details dev "$1") + ;; + 'fuse.sshfs'|'fuse.ftps') + local max_wait + local host + max_wait=$(($(date +%s)+120)) + host=$( + mount_details dev "$1" | \ + sed 's>^\([^:@]*@\)\?\([^:@]\+\):\S*$>\2>" + ) + while [ $(date +%s) -lt ${max_wait} ] && \ + ! /bin/ping6 -c1 ${host} >/dev/null 2>&1 && \ + ! /bin/ping -c1 ${host} >/dev/null 2>&1; do + >&2 printf ',' + sleep 1 + done + ;; + esac + + if [ -n "${inner_fs}" ]; then + do_unmount -l "${inner_fs}" + fi + mount $(mount_details all "$1") + if [ -n "${inner_fs}" ]; then + do_mount "${inner_fs}" + fi +} + +do_unmount() { + local inner_fs + local lazy + if [ "x$1" = 'x-l' ]; then + lazy='-l' + shift + else + lazy='' + fi + if ! is_mounted "$1"; then + return + fi + inner_fs=$(inner_fs_to_mountorder "$1") + if [ -n "${inner_fs}" ]; then + do_unmount -l "${inner_fs}" + fi + umount ${lazy} $(mount_details mp "$1") + if [ -n "${inner_fs}" ]; then + do_mount "${inner_fs}" + fi +} + +do_crypt_close() { + if is_unlocked "$1"; then + cryptsetup luksClose "$1" + fi +} + +do_crypt_open() { + if ! is_unlocked "$1"; then + cryptsetup luksOpen "$1" "$2" --key-file="$3" + fi +} + +echo "${crypttab}" | \ + while read -r name raw key; do + key="${key%% *}" + key_mount=$(mountpoint_to_file "${key}") + mount_order=$(mountorder_to_device "#MAPDIR#/${name}") + + if ${unmount}; then + do_unmount "${mount_order}" + do_crypt_close "${name}" + else + do_mount "${key_mount}" + do_crypt_open "${name}" "${raw}" "${key}" + do_unmount -l "${key_mount}" + do_mount "${mount_order}" + fi + done + +# End of file |