diff options
Diffstat (limited to 'cryptmount.sh')
| -rwxr-xr-x | cryptmount.sh | 247 |
1 files changed, 247 insertions, 0 deletions
diff --git a/cryptmount.sh b/cryptmount.sh new file mode 100755 index 0000000..7094586 --- /dev/null +++ b/cryptmount.sh @@ -0,0 +1,247 @@ +#!/bin/bash +PATH="/bin:/sbin:/usr/bin:/usr/sbin" +TARGET_DIR="/media" +DATA_DIR="daten" +CRYPTED_UUIDS="9de4f43b-ce55-4bea-b152-1245fb199e1d 34a631ab-cf66-4275-a275-353ba264121a 6342ac03-2401-4485-b44d-8fbd0ef66d55 73218cdc-c38d-450d-8175-c055b3ccef47 496deb95-6e40-4813-96c9-957d56f34ba1 cb2525c4-f46f-4214-94fe-cc3090f3bb82" +BIND_DIRS="Images(A-K) Images(L-Z) Musik Fun XXX Doc Download Programme Treiber home Serien Filme(#-D) Filme(E-K) Filme(L-Z)" +CMD_MOUNT="/etc/rc.d/samba start; /etc/rc.d/vsftpd start;" +CMD_UMOUNT="/etc/rc.d/samba stop; /home/hashd/boincd stop; /etc/rc.d/vsftpd stop; /home/hlds/start.sh stop;" +CONFIG_FILE="/etc/cryptmount.conf" +LIB_FILE="/etc/rc.d/functions" +CR_NAME="hdd_crypted" + +ERR_DIR='WARNUNG: Verzeichnis nicht leer/vorhanden?' +RED="\e[1;31m" +GREEN="\e[1;32m" +NC="\e[m" # No Color + +[ `whoami` != "root" ] && { echo "You need uid 0 to do this, sorry $USER."; exit 2; } +[ "$SUDO_USER" != "" ] && echo "`date`: $0 started by $SUDO_USER" | wall + +test -r "$CONFIG_FILE" && . "$CONFIG_FILE" +test -r "$LIB_FILE" && { test -r /etc/rc.conf && { . /etc/rc.conf; . $LIB_FILE; FANCY=true; } } + +check_lock() { +nm=`basename "$0"` +pl=`ps aux | grep "$nm" | grep "/bin/bash" | wc -l` +[ $pl -gt 2 ] && return 1; +return 0 +} + +while(true); do + check_lock + [ $? -eq 0 ] && { break; } + echo -e "${RED}Someone is using this script.${NC}" + echo -en "${RED}*${NC} Plz wait some secs: " + for i in 1 2 3 4 5 + do + echo -en "." + sleep 1 + done + echo +done + +trap "stty echo; echo; exit 3" SIGHUP SIGINT SIGTERM + +status() { +test $QUIET -eq 0 && echo "LUKS status." +FAIL=0 +INC=-1 +for uuid in $CRYPTED_UUIDS ; do + INC=`expr $INC + 1` + if [ -b "/dev/disk/by-uuid/$uuid" ]; then + test $QUIET -eq 0 && echo -e "${RED}1\t${GREEN}SUCCESS${NC}: uuid /dev/disk/by-uuid/$uuid existiert." + else + test $QUIET -eq 0 && echo -e "${RED}1\tFAIL${NC}: uuid /dev/disk/by-uuid/$uuid existiert nicht." + FAIL=1 + fi + if [ -h "/dev/$CR_NAME$INC" ]; then + test $QUIET -eq 0 && echo -e "${RED}2\t${GREEN}SUCCESS${NC}: symlink /dev/$CR_NAME$INC existiert." + else + test $QUIET -eq 0 && echo -e "${RED}2\tFAIL${NC}: symlink /dev/$CR_NAME$INC existiert nicht." + FAIL=1 + fi + if [ -d "$TARGET_DIR/$CR_NAME$INC" ]; then + test $QUIET -eq 0 && echo -e "${RED}3\t${GREEN}SUCCESS${NC}: dir $TARGET_DIR/$CR_NAME$INC existiert." + else + test $QUIET -eq 0 && echo -e "${RED}3\tFAIL${NC}: $TARGET_DIR/$CR_NAME$INC existiert nicht." + FAIL=1 + fi + if [ $(mount | cut -f 1 -d ' ' | grep "/dev/mapper/$CR_NAME$INC" | wc -l) -gt 0 ]; then + test $QUIET -eq 0 && echo -e "${RED}4\t${GREEN}SUCCESS${NC}: dev /dev/mapper/$CR_NAME$INC gemountet." + else + test $QUIET -eq 0 && echo -e "${RED}4\tFAIL${NC}: /dev/mapper/$CR_NAME$INC nicht gemountet." + FAIL=1 + fi + test $QUIET -eq 0 && echo "" +done +if [ -x "$TARGET_DIR/$DATA_DIR" ]; then + test $QUIET -eq 0 && echo -e "${GREEN}SUCCESS${NC}: $TARGET_DIR/$DATA_DIR existiert." +else + test $QUIET -eq 0 && echo -e "${RED}FAIL${NC}: $TARGET_DIR/$DATA_DIR existiert nicht." + FAIL=1 +fi +test $FAIL -eq 1 && echo -e "${RED}Keine Partitionen entschluesselt/gemountet.${NC}" +test $FAIL -eq 0 && echo -e "\n${GREEN}LUKS Partitionen offen und gemountet.${NC}" +} + +if [ "$2" == "quiet" ]; then + QUIET=1 +else + QUIET=0 +fi +test "$1" = "status" && { status; exit 0; } +test `whoami` = "root" || { echo -e "Sie sind kein ${RED}root${NC}...\nBenutzer duerfen folgenden Befehl ausfuehren:\n\t$0 [status] [quiet]"; exit 1; } +if [ "$2" == "fsck" ]; then + FSCK=1 +else + FSCK=0 +fi + +checkmapper() { +cryptsetup status "$1" >/dev/null +retval=$? +test $retval -eq 0 && { return 0; } +return 1 +} + +openluks() { +test `lsmod|grep dm_crypt|wc -w` -gt 0 || modprobe dm_crypt +echo "Verschluesselungsmodul bereit." +echo -n "(LUKS) Passwort: " +stty -echo; read PW; stty echo +echo "" +echo "Erstelle Symlinks und oeffne LUKS..." +INC=-1 +for uuid in $CRYPTED_UUIDS ; do + INC=`expr $INC + 1` + test -h /dev/hdd_crypted$INC && { echo -e "${RED}WARNUNG${NC}: symlink /dev/hdd_crypted$INC existiert."; } + ln -s /dev/disk/by-uuid/$uuid /dev/hdd_crypted$INC 2>/dev/null 1>/dev/null + test -f /dev/mapper/hdd_crypted$INC || (echo -n $PW | cryptsetup luksOpen /dev/hdd_crypted$INC hdd_crypted$INC > /dev/null 1>&1) + if [ $? -eq 0 ]; then + echo "Schluessel erfolgreich gelesen: Verfuegbar in /dev/mapper/hdd_crypted$INC" + test $FSCK -eq 1 && { echo "Pruefe Dateisystem ... Abbrechen mit STRG+C"; fsck /dev/mapper/hdd_crypted$INC; } + else + echo -e "${RED}FEHLER${NC}: LUKS auf hdd_crypted$INC konnte nicht geoeffnet werden?!\n\t${RED}Falsches${NC} Kennwort?" + read -p " Fortfahren? (y/n)" -n 1 ret + [ "$ret" == "n" ] && return 1 + fi +done +return 0 +} + +closeluks() { +test $FANCY && stat_busy "close luks .." +INC=-1 +for uuid in $CRYPTED_UUIDS ; do + INC=`expr $INC + 1` + test $FANCY && { stat_busy "Closing /dev/mapper/hdd_crypted$INC .."; } + test $FSCK -eq 1 && { echo "HDD CRYPTED #$INC's filesystem will be checked ..." | wall; fsck -a -p -M /dev/mapper/hdd_crypted$INC &>/dev/null; sleep 2; } + test -h /dev/hdd_crypted$INC && { rm /dev/hdd_crypted$INC; } + cryptsetup luksClose hdd_crypted$INC &>/dev/null; test $? -ne 0 && { test $FANCY && stat_fail; continue; } + test $FANCY && stat_done +done +} + +mountmap() { +test -d $TARGET_DIR/$DATA_DIR || mkdir -p $TARGET_DIR/$DATA_DIR +INC=-1 +for uuid in $CRYPTED_UUIDS ; do + INC=`expr $INC + 1` + test -d $TARGET/hdd_crypted$INC || mkdir -p $TARGET_DIR/hdd_crypted$INC + test $(mount | cut -f 1 -d ' ' | grep $TARGET_DIR/hdd_crypted$INC | wc -l) -le 0 && mount /dev/mapper/hdd_crypted$INC $TARGET_DIR/hdd_crypted$INC -t auto -o nodev,rw,nosuid,nouser 2>/dev/null + for dir in $BIND_DIRS ; do + test $(mount | cut -f 1 -d ' ' | grep $TARGET_DIR/hdd_crypted$INC/$dir | wc -l) -le 0 && test -d $TARGET_DIR/hdd_crypted$INC/$dir && (test -d $TARGET/$DATA_DIR/$dir || mkdir $TARGET_DIR/$DATA_DIR/$dir; mount -o bind $TARGET_DIR/hdd_crypted$INC/$dir $TARGET_DIR/$DATA_DIR/$dir) 2>/dev/null + done +done +bash -c "$CMD_MOUNT" +echo "All crypto dev's ready. (mounted by $SUDO_USER)" | wall +} + +umountmap() { +echo "$USER try to unmount all crypto dev's" | wall +bash -c "$CMD_UMOUNT" 2>/dev/null +INC=-1 +for uuid in $CRYPTED_UUIDS ; do + INC=`expr $INC + 1` + test $FANCY && stat_busy "unmount $TARGET_DIR/hdd_crypted$INC .." + for dir in $BIND_DIRS ; do + test -d $TARGET_DIR/hdd_crypted$INC/$dir && (umount -l $TARGET_DIR/hdd_crypted$INC/$dir; rmdir $TARGET_DIR/$DATA_DIR/$dir; test $? -ne 0 && { test $FANCY && stat_fail; FAIL=true; } ) + done + umount -l /dev/mapper/hdd_crypted$INC > /dev/null 2>&1 + rmdir $TARGET_DIR/hdd_crypted$INC > /dev/null 2>&1 + test $? -ne 0 && { test $FANCY && stat_fail; FAIL=true; } + test $FAIL || { test $FANCY && stat_done; } +done +test $FANCY && stat_busy "removing $TARGET_DIR/$DATA_DIR" +rmdir $TARGET_DIR/$DATA_DIR > /dev/null 2>&1 +if [ $? -ne 0 ]; then + test $FANCY && stat_fail +else + test $FANCY && stat_done +fi +} + +case "$1" in + mount) + echo "Partitionen werden geoeffnet ..." + openluks + if [ $? -eq 0 ]; then + echo "LUKS Partitionen werden gemounted ..." + mountmap + else + echo -e "\n\t${RED}Falsches LUKS Kennwort ...${NC}" + fi + ;; + cdir) + echo "Partitionen werden geoeffnet ..." + openluks + echo "LUKS Partitionen werden gemounted ... (nur crypted dir's)" + test -d $TARGET_DIR/$DATA_DIR || mkdir -p $TARGET_DIR/$DATA_DIR + INC=-1 + for uuid in $CRYPTED_UUIDS ; do + INC=`expr $INC + 1` + test -d $TARGET/hdd_crypted$INC || mkdir -p $TARGET_DIR/hdd_crypted$INC + test $(mount | cut -f 1 -d ' ' | grep $TARGET_DIR/hdd_crypted$INC | wc -l) -le 0 && mount /dev/mapper/hdd_crypted$INC $TARGET_DIR/hdd_crypted$INC -t auto -o nodev,rw,nosuid,nouser 2>/dev/null + done + ;; + umount) + echo "Unmounting.." + umountmap + + ;; + open) + echo "Open LUKS..." + openluks + ;; + close) + test $FANCY && stat_busy "umount all devs and close luks .." + umountmap + sleep 2 + closeluks + ;; + check) + echo "Checking FS.." + umountmap + checkfs + mountmap + ;; + checkmap) + echo "Checking mapped devs..." + for file in `ls /dev/mapper/`; do + if [ "$file" != "control" ]; then + echo -n "$file .. " + checkmapper "$file" + if [ $? -eq 0 ]; then + echo -e "[ ${GREEN}OK${NC} ]"; + else + echo -e "[ ${RED}FAIL${NC} ]"; + fi + fi + done + ;; + *) + echo -e "Usage:\t[close|check|mount|umount|status|checkmap] [fsck|quiet]" + exit 3 + ;; +esac |