blob: 7094586ebe8b2dc2bdb29c76d6e17534b8378865 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
|
#!/bin/bash
PATH="/bin:/sbin:/usr/bin:/usr/sbin"
TARGET_DIR="/media"
DATA_DIR="daten"
CRYPTED_UUIDS="9de4f43b-ce55-4bea-b152-1245fb199e1d 34a631ab-cf66-4275-a275-353ba264121a 6342ac03-2401-4485-b44d-8fbd0ef66d55 73218cdc-c38d-450d-8175-c055b3ccef47 496deb95-6e40-4813-96c9-957d56f34ba1 cb2525c4-f46f-4214-94fe-cc3090f3bb82"
BIND_DIRS="Images(A-K) Images(L-Z) Musik Fun XXX Doc Download Programme Treiber home Serien Filme(#-D) Filme(E-K) Filme(L-Z)"
CMD_MOUNT="/etc/rc.d/samba start; /etc/rc.d/vsftpd start;"
CMD_UMOUNT="/etc/rc.d/samba stop; /home/hashd/boincd stop; /etc/rc.d/vsftpd stop; /home/hlds/start.sh stop;"
CONFIG_FILE="/etc/cryptmount.conf"
LIB_FILE="/etc/rc.d/functions"
CR_NAME="hdd_crypted"
ERR_DIR='WARNUNG: Verzeichnis nicht leer/vorhanden?'
RED="\e[1;31m"
GREEN="\e[1;32m"
NC="\e[m" # No Color
[ `whoami` != "root" ] && { echo "You need uid 0 to do this, sorry $USER."; exit 2; }
[ "$SUDO_USER" != "" ] && echo "`date`: $0 started by $SUDO_USER" | wall
test -r "$CONFIG_FILE" && . "$CONFIG_FILE"
test -r "$LIB_FILE" && { test -r /etc/rc.conf && { . /etc/rc.conf; . $LIB_FILE; FANCY=true; } }
check_lock() {
nm=`basename "$0"`
pl=`ps aux | grep "$nm" | grep "/bin/bash" | wc -l`
[ $pl -gt 2 ] && return 1;
return 0
}
while(true); do
check_lock
[ $? -eq 0 ] && { break; }
echo -e "${RED}Someone is using this script.${NC}"
echo -en "${RED}*${NC} Plz wait some secs: "
for i in 1 2 3 4 5
do
echo -en "."
sleep 1
done
echo
done
trap "stty echo; echo; exit 3" SIGHUP SIGINT SIGTERM
status() {
test $QUIET -eq 0 && echo "LUKS status."
FAIL=0
INC=-1
for uuid in $CRYPTED_UUIDS ; do
INC=`expr $INC + 1`
if [ -b "/dev/disk/by-uuid/$uuid" ]; then
test $QUIET -eq 0 && echo -e "${RED}1\t${GREEN}SUCCESS${NC}: uuid /dev/disk/by-uuid/$uuid existiert."
else
test $QUIET -eq 0 && echo -e "${RED}1\tFAIL${NC}: uuid /dev/disk/by-uuid/$uuid existiert nicht."
FAIL=1
fi
if [ -h "/dev/$CR_NAME$INC" ]; then
test $QUIET -eq 0 && echo -e "${RED}2\t${GREEN}SUCCESS${NC}: symlink /dev/$CR_NAME$INC existiert."
else
test $QUIET -eq 0 && echo -e "${RED}2\tFAIL${NC}: symlink /dev/$CR_NAME$INC existiert nicht."
FAIL=1
fi
if [ -d "$TARGET_DIR/$CR_NAME$INC" ]; then
test $QUIET -eq 0 && echo -e "${RED}3\t${GREEN}SUCCESS${NC}: dir $TARGET_DIR/$CR_NAME$INC existiert."
else
test $QUIET -eq 0 && echo -e "${RED}3\tFAIL${NC}: $TARGET_DIR/$CR_NAME$INC existiert nicht."
FAIL=1
fi
if [ $(mount | cut -f 1 -d ' ' | grep "/dev/mapper/$CR_NAME$INC" | wc -l) -gt 0 ]; then
test $QUIET -eq 0 && echo -e "${RED}4\t${GREEN}SUCCESS${NC}: dev /dev/mapper/$CR_NAME$INC gemountet."
else
test $QUIET -eq 0 && echo -e "${RED}4\tFAIL${NC}: /dev/mapper/$CR_NAME$INC nicht gemountet."
FAIL=1
fi
test $QUIET -eq 0 && echo ""
done
if [ -x "$TARGET_DIR/$DATA_DIR" ]; then
test $QUIET -eq 0 && echo -e "${GREEN}SUCCESS${NC}: $TARGET_DIR/$DATA_DIR existiert."
else
test $QUIET -eq 0 && echo -e "${RED}FAIL${NC}: $TARGET_DIR/$DATA_DIR existiert nicht."
FAIL=1
fi
test $FAIL -eq 1 && echo -e "${RED}Keine Partitionen entschluesselt/gemountet.${NC}"
test $FAIL -eq 0 && echo -e "\n${GREEN}LUKS Partitionen offen und gemountet.${NC}"
}
if [ "$2" == "quiet" ]; then
QUIET=1
else
QUIET=0
fi
test "$1" = "status" && { status; exit 0; }
test `whoami` = "root" || { echo -e "Sie sind kein ${RED}root${NC}...\nBenutzer duerfen folgenden Befehl ausfuehren:\n\t$0 [status] [quiet]"; exit 1; }
if [ "$2" == "fsck" ]; then
FSCK=1
else
FSCK=0
fi
checkmapper() {
cryptsetup status "$1" >/dev/null
retval=$?
test $retval -eq 0 && { return 0; }
return 1
}
openluks() {
test `lsmod|grep dm_crypt|wc -w` -gt 0 || modprobe dm_crypt
echo "Verschluesselungsmodul bereit."
echo -n "(LUKS) Passwort: "
stty -echo; read PW; stty echo
echo ""
echo "Erstelle Symlinks und oeffne LUKS..."
INC=-1
for uuid in $CRYPTED_UUIDS ; do
INC=`expr $INC + 1`
test -h /dev/hdd_crypted$INC && { echo -e "${RED}WARNUNG${NC}: symlink /dev/hdd_crypted$INC existiert."; }
ln -s /dev/disk/by-uuid/$uuid /dev/hdd_crypted$INC 2>/dev/null 1>/dev/null
test -f /dev/mapper/hdd_crypted$INC || (echo -n $PW | cryptsetup luksOpen /dev/hdd_crypted$INC hdd_crypted$INC > /dev/null 1>&1)
if [ $? -eq 0 ]; then
echo "Schluessel erfolgreich gelesen: Verfuegbar in /dev/mapper/hdd_crypted$INC"
test $FSCK -eq 1 && { echo "Pruefe Dateisystem ... Abbrechen mit STRG+C"; fsck /dev/mapper/hdd_crypted$INC; }
else
echo -e "${RED}FEHLER${NC}: LUKS auf hdd_crypted$INC konnte nicht geoeffnet werden?!\n\t${RED}Falsches${NC} Kennwort?"
read -p " Fortfahren? (y/n)" -n 1 ret
[ "$ret" == "n" ] && return 1
fi
done
return 0
}
closeluks() {
test $FANCY && stat_busy "close luks .."
INC=-1
for uuid in $CRYPTED_UUIDS ; do
INC=`expr $INC + 1`
test $FANCY && { stat_busy "Closing /dev/mapper/hdd_crypted$INC .."; }
test $FSCK -eq 1 && { echo "HDD CRYPTED #$INC's filesystem will be checked ..." | wall; fsck -a -p -M /dev/mapper/hdd_crypted$INC &>/dev/null; sleep 2; }
test -h /dev/hdd_crypted$INC && { rm /dev/hdd_crypted$INC; }
cryptsetup luksClose hdd_crypted$INC &>/dev/null; test $? -ne 0 && { test $FANCY && stat_fail; continue; }
test $FANCY && stat_done
done
}
mountmap() {
test -d $TARGET_DIR/$DATA_DIR || mkdir -p $TARGET_DIR/$DATA_DIR
INC=-1
for uuid in $CRYPTED_UUIDS ; do
INC=`expr $INC + 1`
test -d $TARGET/hdd_crypted$INC || mkdir -p $TARGET_DIR/hdd_crypted$INC
test $(mount | cut -f 1 -d ' ' | grep $TARGET_DIR/hdd_crypted$INC | wc -l) -le 0 && mount /dev/mapper/hdd_crypted$INC $TARGET_DIR/hdd_crypted$INC -t auto -o nodev,rw,nosuid,nouser 2>/dev/null
for dir in $BIND_DIRS ; do
test $(mount | cut -f 1 -d ' ' | grep $TARGET_DIR/hdd_crypted$INC/$dir | wc -l) -le 0 && test -d $TARGET_DIR/hdd_crypted$INC/$dir && (test -d $TARGET/$DATA_DIR/$dir || mkdir $TARGET_DIR/$DATA_DIR/$dir; mount -o bind $TARGET_DIR/hdd_crypted$INC/$dir $TARGET_DIR/$DATA_DIR/$dir) 2>/dev/null
done
done
bash -c "$CMD_MOUNT"
echo "All crypto dev's ready. (mounted by $SUDO_USER)" | wall
}
umountmap() {
echo "$USER try to unmount all crypto dev's" | wall
bash -c "$CMD_UMOUNT" 2>/dev/null
INC=-1
for uuid in $CRYPTED_UUIDS ; do
INC=`expr $INC + 1`
test $FANCY && stat_busy "unmount $TARGET_DIR/hdd_crypted$INC .."
for dir in $BIND_DIRS ; do
test -d $TARGET_DIR/hdd_crypted$INC/$dir && (umount -l $TARGET_DIR/hdd_crypted$INC/$dir; rmdir $TARGET_DIR/$DATA_DIR/$dir; test $? -ne 0 && { test $FANCY && stat_fail; FAIL=true; } )
done
umount -l /dev/mapper/hdd_crypted$INC > /dev/null 2>&1
rmdir $TARGET_DIR/hdd_crypted$INC > /dev/null 2>&1
test $? -ne 0 && { test $FANCY && stat_fail; FAIL=true; }
test $FAIL || { test $FANCY && stat_done; }
done
test $FANCY && stat_busy "removing $TARGET_DIR/$DATA_DIR"
rmdir $TARGET_DIR/$DATA_DIR > /dev/null 2>&1
if [ $? -ne 0 ]; then
test $FANCY && stat_fail
else
test $FANCY && stat_done
fi
}
case "$1" in
mount)
echo "Partitionen werden geoeffnet ..."
openluks
if [ $? -eq 0 ]; then
echo "LUKS Partitionen werden gemounted ..."
mountmap
else
echo -e "\n\t${RED}Falsches LUKS Kennwort ...${NC}"
fi
;;
cdir)
echo "Partitionen werden geoeffnet ..."
openluks
echo "LUKS Partitionen werden gemounted ... (nur crypted dir's)"
test -d $TARGET_DIR/$DATA_DIR || mkdir -p $TARGET_DIR/$DATA_DIR
INC=-1
for uuid in $CRYPTED_UUIDS ; do
INC=`expr $INC + 1`
test -d $TARGET/hdd_crypted$INC || mkdir -p $TARGET_DIR/hdd_crypted$INC
test $(mount | cut -f 1 -d ' ' | grep $TARGET_DIR/hdd_crypted$INC | wc -l) -le 0 && mount /dev/mapper/hdd_crypted$INC $TARGET_DIR/hdd_crypted$INC -t auto -o nodev,rw,nosuid,nouser 2>/dev/null
done
;;
umount)
echo "Unmounting.."
umountmap
;;
open)
echo "Open LUKS..."
openluks
;;
close)
test $FANCY && stat_busy "umount all devs and close luks .."
umountmap
sleep 2
closeluks
;;
check)
echo "Checking FS.."
umountmap
checkfs
mountmap
;;
checkmap)
echo "Checking mapped devs..."
for file in `ls /dev/mapper/`; do
if [ "$file" != "control" ]; then
echo -n "$file .. "
checkmapper "$file"
if [ $? -eq 0 ]; then
echo -e "[ ${GREEN}OK${NC} ]";
else
echo -e "[ ${RED}FAIL${NC} ]";
fi
fi
done
;;
*)
echo -e "Usage:\t[close|check|mount|umount|status|checkmap] [fsck|quiet]"
exit 3
;;
esac
|