~siretart/cryptsetup/debian

« back to all changes in this revision

Viewing changes to debian/usbcrypto.udev

  • Committer: Reinhard Tartler
  • Date: 2008-08-06 13:15:36 UTC
  • Revision ID: siretart@tauware.de-20080806131536-52nd1v52wo7ft4zt
import cryptsetup_1.0.6-4.dsc

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/bin/bash
2
 
 
3
 
#               replaces: /etc/hotplug.d/block/cryptostick.hotplug
4
 
#            and: /etc/dev.d/block/usbcrypto.dev
5
 
#
6
 
#       depends on: udev, cryptsetup
7
 
#
8
 
#       description:
9
 
#       script is called by udev if a certain (like special name, size,
10
 
#       FS-ID etc.) usb-stick is plugged in. It loads and reconstructs
11
 
#       AES256 keys by xor and runs cryptsetup to setup a dm-crypt
12
 
#       device to decrypt an encrypted raw partition. 
13
 
#       It automatically mounts the dm-crypt device and runs exportfs if
14
 
#       needed.
15
 
 
16
 
#               Something like this is needed somewhere in /etc/udev/rules for
17
 
#               the script to run (You need to adjust it to your USB Stick (model, rev,
18
 
#               ID_FS_UUID)):
19
 
 
20
 
# SUBSYSTEMS=="usb", BUS=="scsi", KERNEL=="sd*",  ATTRS{model}=="USB FLASH DRIVE", \
21
 
# ATTRS{rev}=="53CG", SYMLINK+="stick%n"
22
 
# SUBSYSTEMS=="usb", BUS=="scsi", KERNEL=="sd?2", \
23
 
# ATTRS{model}=="USB FLASH DRIVE", ATTRS{rev}=="53CG", \
24
 
# ACTION=="add",IMPORT{program}="vol_id --export $tempnode" \
25
 
# ENV{ID_FS_UUID}=="c3d9cb8e-1cb5-485c-9369-6404ec57b2c0" \
26
 
# ENV{ID_FS_TYPE}=="ext2" \
27
 
# RUN+="/usr/local/bin/mount_stuff_udev"
28
 
#                    ^^^^^^^^^^^^^^^^^^^ = this_script
29
 
#
30
 
#
31
 
#       Author: Volker Sauer <vsauer@dvs1.informatik.tu-darmstadt.de>
32
 
#       Version: 1.0
33
 
#       License: GPL
34
 
 
35
 
 
36
 
CRYPTRAWVOL=/dev/mapper/iata-rawstuff   # RAW volume to be decrypted
37
 
CRYPTVOLMNT=/home/stuff                                 # mountpoint the decrypted volume
38
 
CRYPTVOLNAME=stuff                                              # name of decrypted volume (in /dev/mapper)
39
 
STICKKEYDIR=/keys                                               # directory with the keys on the USB stick
40
 
HOSTKEYDIR=/etc/keys                                    # directory with host keys of this computer
41
 
CRYPTSETUP=/sbin/cryptsetup                     # needed to setup dm-crypt (package cryptsetup)
42
 
MOUNT=/bin/mount                                                # just in case you have your own mount program...
43
 
UMOUNT=/bin/umount                                              # just in case you have your own mount program...
44
 
RUN_EXPORTFS=yes                                                # run "exportfs -r" after successfull mount? 
45
 
 
46
 
 
47
 
# Check if RAW-Volume exists
48
 
if [ ! -b $CRYPTRAWVOL ]; then
49
 
        echo "(RAW) Volume $CRYPTRAWVOL does not exist or is not a block device"
50
 
        exit 0
51
 
fi
52
 
 
53
 
# Check if volume is already mounted
54
 
while read dev mntpath rest; do
55
 
        if [ "$mntpath" = "$CRYPTVOLMNT" ]; then
56
 
                echo "Volume $CRYPTVOLMNT is already mounted, exiting."
57
 
                exit 0
58
 
        fi
59
 
done < /proc/self/mounts
60
 
 
61
 
# Check if dm-crypt is already setup
62
 
if [ -b /dev/mapper/$CRYPTVOLNAME ]; then
63
 
        echo "/dev/mapper/$CRYPTVOLNAME already exists. Trying to mount...."
64
 
        $MOUNT /dev/mapper/$CRYPTVOLNAME $CRYPTVOLMNT
65
 
        if [ "$?" == "0" ]; then
66
 
                echo "/dev/mapper/$CRYPTVOLNAME successfully mounted in $CRYPTVOLMNT"
67
 
                exit 0
68
 
        else
69
 
                echo "($?) could not mount /dev/mapper/$CRYPTVOLNAME.  Exiting"
70
 
                exit 0
71
 
        fi
72
 
fi
73
 
 
74
 
STICKMNT=`mktemp -d`|| exit 0                           # where to (temporarily) mount usb stick 
75
 
echo "Trying to get key from $DEVNAME. Mounting at $STICKMNT"
76
 
$MOUNT -o ro $DEVNAME $STICKMNT
77
 
if [ "$?" != "0" ]; then
78
 
        echo "Unable to mount $DEVNAME. Exiting"
79
 
        rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
80
 
        exit 0
81
 
fi
82
 
if [ ! -d $STICKMNT/$STICKKEYDIR ]; then
83
 
        echo "Directory $STICKMNT/$STICKKEYDIR does not exist. Unmounting $DEVNAME"
84
 
        $MOUNT $STICKMNT
85
 
        rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
86
 
        exit 0
87
 
fi
88
 
HOSTNAME=`hostname`
89
 
if [ ! -e $STICKMNT/$STICKKEYDIR/$HOSTNAME*.key ]; then
90
 
        echo "There is no key for $HOSTNAME in $STICKMNT/$STICKKEYDIR/. Unmounting $SYMLINK"
91
 
        $UMOUNT $STICKMNT
92
 
        rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
93
 
        exit 0
94
 
else
95
 
        COUNT=`ls $STICKMNT/$STICKKEYDIR/$HOSTNAME*.key|wc -w`
96
 
        if [ $COUNT -gt 1 ]; then
97
 
                echo "I found $COUNT keys for $HOSTNAME on $DEVNAME. Please provide only one key per host. Exiting"
98
 
                $UNMOUNT $STICKMNT
99
 
                rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
100
 
                exit 0
101
 
        else
102
 
                KEYNAME=`ls $STICKMNT/$STICKKEYDIR/$HOSTNAME*.key`
103
 
                KEYNAME=`basename $KEYNAME`
104
 
                echo "Using $DEVNAME/keys/$KEYNAME as userkey"
105
 
                HOSTKEY=`echo $KEYNAME|cut -d. -f1`.host
106
 
                if [ ! -e $HOSTKEYDIR/$HOSTKEY ]; then
107
 
                        echo "Machtching hostkey $HOSTKEYDIR/$HOSTKEY. Exiting"
108
 
                        rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
109
 
                        exit 0
110
 
                else 
111
 
                        echo "Using $HOSTKEYDIR/$HOSTKEY as hostkey"
112
 
                fi
113
 
                perl -e 'open(F2,@ARGV[0]) && open(F1,@ARGV[1]) or die "Usage: $0 <file1> <file2>\n"; print $buf1 ^ $buf2 while (read (F1,$buf1,65536) && read (F2,$buf2,65536));' -- $STICKMNT/$STICKKEYDIR/$KEYNAME $HOSTKEYDIR/$HOSTKEY | $CRYPTSETUP create $CRYPTVOLNAME $CRYPTRAWVOL
114
 
                if [ "$?" != "0" ]; then
115
 
                        echo "($?) cryptsetup failed. This should not happen"
116
 
                        rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
117
 
                        exit 0
118
 
                fi
119
 
 
120
 
                echo "mount /dev/mapper/$CRYPTVOLNAME $CRYPTVOLMNT"
121
 
                $MOUNT /dev/mapper/$CRYPTVOLNAME $CRYPTVOLMNT
122
 
                if [ "$?" = "0" ]; then
123
 
                        echo "/dev/mapper/$CRYPTVOLNAME successfully mounted at $CRYPTVOLMNT"
124
 
                        if [ "$RUN_EXPORTFS" == "yes" ]; then
125
 
                                if [ -x /usr/sbin/exportfs ]; then
126
 
                                        echo "Running exportfs -r"
127
 
                                        /usr/sbin/exportfs -r
128
 
                                        if [ "$?" != "0" ]; then
129
 
                                                echo "Could not run exportfs -r"
130
 
                                fi
131
 
                                else
132
 
                                        echo "/usr/sbin/exportfs does not exist on this computer. Maybe it isn't an NFS-Server?"
133
 
                                fi
134
 
                        fi
135
 
                else
136
 
                        echo "($?) could not mount /dev/mapper/$CRYPTVOLNAME. Exiting"
137
 
                        $UMOUNT $STICKMNT
138
 
                        rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
139
 
                        echo "Removing cryptsetup for $CRYPTVOLNAME"
140
 
                        $CRYPTSETUP remove $CRYPTVOLNAME || echo "done"
141
 
                        exit 0
142
 
                fi
143
 
                $UMOUNT $STICKMNT
144
 
                rmdir $STICKMNT || echo "Unable to remove temporary mountpoint $STICKMNT"
145
 
        fi
146
 
fi
147
 
 
148
 
# vim:set nospell: