~siretart/cryptsetup/debian

« back to all changes in this revision

Viewing changes to debian/cryptdisks.functions

  • Committer: Reinhard Tartler
  • Date: 2008-08-06 13:15:36 UTC
  • Revision ID: siretart@tauware.de-20080806131536-52nd1v52wo7ft4zt
import cryptsetup_1.0.6-4.dsc

Show diffs side-by-side

added added

removed removed

Lines of Context:
36
36
        opts=$(echo -n $1 | sed 's/ *#.*//')
37
37
        LOUD=""
38
38
        PARAMS=""
 
39
        SIZE=""
39
40
        CHECK=""
40
41
        CHECKARGS=""
41
42
        PRECHECK=""
45
46
        USELUKS=""
46
47
        TIMEOUT=""
47
48
        KEYSCRIPT=""
 
49
        IGNORE=""
48
50
 
49
51
        # Parse the options field, convert to cryptsetup parameters
50
52
        # and construct the command line
65
67
                        PARAMS="$PARAMS -c $VALUE"
66
68
                        ;;
67
69
                size)
68
 
                        if [ -z "$VALUE" ]; then
69
 
                                log_warning_msg "$dst: no value for size option, skipping"
70
 
                                return 1
 
70
                        if echo "$VALUE" | grep -q "^[[:digit:]]\+$" && [ "$VALUE" -gt 0 ]; then
 
71
                                SIZE="$VALUE"
 
72
                        else
 
73
                                log_warning_msg "$dst: option size used with an incorrect argument - forced to $SIZE"
71
74
                        fi
72
 
                        PARAMS="$PARAMS -s $VALUE"
 
75
                        PARAMS="$PARAMS -s $SIZE"
73
76
                        ;;
74
77
                hash)
75
78
                        if [ -z "$VALUE" ]; then
132
135
                        else
133
136
                                log_warning_msg "$dst: option tries used with an incorrect argument - forced to $TRIES"
134
137
                        fi
135
 
                        PARAMS="$PARAMS --tries=$TRIES"
136
138
                        ;;
137
139
                timeout)
138
140
                        if [ -z "$VALUE" ]; then
229
231
        # If the keyscript option is set, the "key" is just an argument to
230
232
        # the keyscript and not necessarily a file
231
233
        if [ -n "$KEYSCRIPT" ]; then
 
234
                INTERACTIVE="yes"
232
235
                return 0
233
236
        fi
234
237
 
235
238
        if [ -z "$key" ] || [ "$key" = "none" ]; then
 
239
                key=""
236
240
                INTERACTIVE="yes"
237
241
                return 0
238
242
        fi
276
280
 
277
281
# Setup a luks mapping
278
282
do_luks () {
279
 
        local tried
 
283
        local tried keyscriptarg
280
284
        tried=0
 
285
        keyscriptarg=""
281
286
 
282
287
        if ! cryptsetup isLuks "$src" >/dev/null 2>&1; then
283
288
                log_warning_msg "$dst: device '$src' is not a LUKS partition, skipping"
285
290
        fi
286
291
 
287
292
        if [ -n "$KEYSCRIPT" ]; then
288
 
                PARAMS="$PARAMS --key-file=-"
289
 
                while [ "$tried" -lt "$TRIES" ]; do
290
 
                        if "$KEYSCRIPT" "$key" <&1 | cryptsetup $PARAMS luksOpen "$src" "$dst"; then
291
 
                                break
292
 
                        fi
293
 
                        tried=$(( $tried + 1 ))
294
 
                done
295
 
        elif [ "$INTERACTIVE" != "yes" ]; then
296
 
                PARAMS="$PARAMS --key-file=$key"
297
 
                while [ "$tried" -lt "$TRIES" ]; do
298
 
                        if cryptsetup $PARAMS luksOpen "$src" "$dst" <&1; then
299
 
                                break
300
 
                        fi
301
 
                        tried=$(( $tried + 1 ))
302
 
                done
 
293
                # keyscript => "key" is just an argument to the keyscript
 
294
                keyscriptarg="$key"
 
295
                key="-"
 
296
        elif [ -z "$key" ]; then
 
297
                # no keyscript, no key => password
 
298
                keyscriptarg="Enter passphrase to unlock the disk $src ($dst): "
 
299
                key="-"
 
300
                KEYSCRIPT="/lib/cryptsetup/askpass"
 
301
        elif [ "$key" != "${key%/dev/*}" ]; then
 
302
                # no keyscript, device key => special treatment
 
303
                keyscriptarg=""
 
304
                key="$key"
 
305
                KEYSCRIPT=""
303
306
        else
304
 
                cryptsetup $PARAMS luksOpen "$src" "$dst" <&1 || tried="$TRIES"
305
 
        fi
306
 
 
307
 
        if [ "$tried" -ge "$TRIES" ]; then
308
 
                return 1
309
 
        fi
 
307
                # no keyscript, key => file input
 
308
                keyscriptarg="$key"
 
309
                key="-"
 
310
                KEYSCRIPT="cat"
 
311
        fi
 
312
 
 
313
        PARAMS="$PARAMS --key-file=$key"
 
314
 
 
315
        while [ "$tried" -lt "$TRIES" ]; do
 
316
                if [ -n "$KEYSCRIPT" ]; then
 
317
                        if "$KEYSCRIPT" "$keyscriptarg" | cryptsetup $PARAMS luksOpen "$src" "$dst"; then
 
318
                                break
 
319
                        fi
 
320
                else
 
321
                        if cryptsetup $PARAMS luksOpen "$src" "$dst"; then
 
322
                                break
 
323
                        fi
 
324
                fi
 
325
 
 
326
                tried=$(( $tried + 1 ))
 
327
                if [ "$tried" -ge "$TRIES" ]; then
 
328
                        return 1
 
329
                fi
 
330
        done
310
331
 
311
332
        if [ -n "$CHECK" ] && ! "$CHECK" "/dev/mapper/$dst" $CHECKARGS; then
312
333
                log_warning_msg "$dst: the check for '/dev/mapper/$dst' failed"
313
 
                cryptsetup luksClose $dst
 
334
                cryptsetup luksClose "$dst"
314
335
                return 1
315
336
        fi
316
337
 
319
340
 
320
341
# Setup a regular mapping
321
342
do_noluks () {
322
 
        local pre_out tried
 
343
        local pre_out tried keyscriptarg
323
344
        tried=0
 
345
        keyscriptarg=""
324
346
 
325
347
        if [ -z "$PRECHECK" ]; then
326
348
                PRECHECK="/lib/cryptsetup/checks/un_vol_id"
333
355
                return 1
334
356
        fi
335
357
 
 
358
        PARAMS="$PARAMS --key-file=$key"
 
359
 
336
360
        if [ -n "$KEYSCRIPT" ]; then
337
 
                PARAMS="$PARAMS --key-file=-"
338
 
        elif [ "$INTERACTIVE" != "yes" ]; then
339
 
                PARAMS="$PARAMS --key-file=$key"
 
361
                # keyscript => "key" is just an argument to the keyscript
 
362
                keyscriptarg="$key"
 
363
                key="-"
 
364
        elif [ -z "$key" ]; then
 
365
                # no keyscript, no key => password
 
366
                keyscriptarg="Enter passphrase to unlock the disk $src ($dst): "
 
367
                key="-"
 
368
                KEYSCRIPT="/lib/cryptsetup/askpass"
 
369
        elif [ "$key" != "${key%/dev/*}" ]; then
 
370
                # no keyscript, device (random) key => special treatment
 
371
                keyscriptarg=""
 
372
                key="$key"
 
373
                KEYSCRIPT=""
 
374
        else
 
375
                # no keyscript, key => file input
 
376
                keyscriptarg="$key"
 
377
                key="-"
 
378
                KEYSCRIPT="cat"
340
379
        fi
341
380
 
 
381
        PARAMS="$PARAMS --key-file=$key"
 
382
 
342
383
        while [ "$tried" -lt "$TRIES" ]; do
343
384
                if [ -n "$KEYSCRIPT" ]; then
344
 
                        "$KEYSCRIPT" "$key" <&1 | cryptsetup $PARAMS create "$dst" "$src"
 
385
                        "$KEYSCRIPT" "$keyscriptarg" | cryptsetup $PARAMS create "$dst" "$src"
345
386
                else
346
 
                        cryptsetup $PARAMS create "$dst" "$src" <&1
 
387
                        cryptsetup $PARAMS create "$dst" "$src"
347
388
                fi
348
389
 
349
390
                if [ -z "$CHECK" ] || "$CHECK" "/dev/mapper/$dst" $CHECKARGS; then
352
393
                        log_warning_msg "$dst: the check for '/dev/mapper/$dst' failed - maybe the password is wrong"
353
394
                        cryptsetup remove "$dst"
354
395
                fi
 
396
 
355
397
                tried=$(( $tried + 1 ))
 
398
                if [ "$tried" -ge "$TRIES" ]; then
 
399
                        return 1
 
400
                fi
356
401
        done
357
402
 
358
 
        if [ "$tried" -ge "$TRIES" ]; then
359
 
                return 1
360
 
        fi
361
 
 
362
403
        return 0
363
404
}
364
405
 
466
507
        fi
467
508
 
468
509
        # parse UUID= symlinks
469
 
        if [ ${src#UUID=} != $src ]; then
 
510
        if [ "${src#UUID=}" != "$src" ]; then
470
511
                src="/dev/disk/by-uuid/${src#UUID=}"
471
 
        elif [ ${src#LABEL=} != $src ]; then
 
512
        elif [ "${src#LABEL=}" != "$src" ]; then
472
513
                src="/dev/disk/by-label/${src#LABEL=}"
473
514
        fi
474
515
 
581
622
        mount_fs
582
623
 
583
624
        egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do
584
 
                handle_crypttab_line_start "$dst" "$src" "$key" "$opts"
585
 
        done
 
625
                handle_crypttab_line_start "$dst" "$src" "$key" "$opts" <&3
 
626
        done 3<&1
586
627
        umount_fs
587
628
 
588
629
        log_action_end_msg 0
597
638
        loopmajor=$(grep "[[:space:]]*loop$" /proc/devices | sed 's/^[[:space:]]*//;s/[[:space:]].*//')
598
639
 
599
640
        egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do
600
 
                handle_crypttab_line_stop "$dst" "$src" "$key" "$opts"
601
 
        done
 
641
                handle_crypttab_line_stop "$dst" "$src" "$key" "$opts" <&3
 
642
        done 3<&1
602
643
 
603
644
        log_action_end_msg 0
604
645
}