umount fixed

new format for naming of mapper, containing information about the tomb while mounted
This commit is contained in:
Jaromil 2010-08-22 16:44:35 +02:00
parent e7c86049e9
commit 660ed8447b

168
src/tomb
View File

@ -193,7 +193,7 @@ if [ -z $CMD ]; then
exit 0 exit 0
fi fi
act "command: $CMD for file $FILE" func "command: $CMD for file $FILE"
tombdir=${HOME}/.tomb tombdir=${HOME}/.tomb
tombtab=${tombdir}/fstab tombtab=${tombdir}/fstab
@ -205,7 +205,7 @@ if ! [ -r ${tombtab} ]; then
echo "# <file system> <mount point> <type> <options> <key>" >> ${tombtab} echo "# <file system> <mount point> <type> <options> <key>" >> ${tombtab}
fi fi
format_crypto() { format_tomb() {
notice "Formatting partition $FILE as an encrypted storage" notice "Formatting partition $FILE as an encrypted storage"
act "give it a name:" act "give it a name:"
read -s fsname read -s fsname
@ -261,7 +261,7 @@ format_crypto() {
"${FILE} ${tombdir}/`basename ${FILE}` aes-cbc-essiv:sha256 none ${tombdir}/${key}.gpg" "${FILE} ${tombdir}/`basename ${FILE}` aes-cbc-essiv:sha256 none ${tombdir}/${key}.gpg"
} }
create_crypto() { create_tomb() {
if [ -z $SIZE ]; then if [ -z $SIZE ]; then
error "size is not specified, please use -s option when creating a storage file" error "size is not specified, please use -s option when creating a storage file"
@ -335,23 +335,23 @@ create_crypto() {
notice "done creating $FILE encrypted storage (using Luks dm-crypt AES/SHA256)" notice "done creating $FILE encrypted storage (using Luks dm-crypt AES/SHA256)"
} }
mount_crypto() { # mount_crypto() {
if ! [ -r $FILE ]; then # if ! [ -r $FILE ]; then
error "file or partition $FILE does not exists" # error "file or partition $FILE does not exists"
exit 0 # exit 0
fi # fi
# check if its a file or partition # # check if its a file or partition
file ${FILE} | grep block > /dev/null # file ${FILE} | grep block > /dev/null
if [ $? = 0 ]; then # if [ $? = 0 ]; then
act "$FILE is a partition" # act "$FILE is a partition"
mount_crypto_partition # mount_crypto_partition
else # else
act "$FILE is a loopback file" # act "$FILE is a loopback file"
mount_crypto_file # mount_crypto_file
fi # fi
} # }
mount_crypto_file() { mount_tomb() {
if [ -z $KEY ]; then if [ -z $KEY ]; then
enc_key="~/.tomb/`basename $FILE`" enc_key="~/.tomb/`basename $FILE`"
@ -369,7 +369,6 @@ mount_crypto_file() {
exit 0 exit 0
fi fi
act "mounting $FILE on mountpoint $MOUNT over loopback device"
nstloop=`losetup -f` nstloop=`losetup -f`
losetup -f ${FILE} losetup -f ${FILE}
@ -389,7 +388,11 @@ mount_crypto_file() {
modprobe dm-crypt modprobe dm-crypt
modprobe aes-i586 modprobe aes-i586
mapper="tomb.`date +%s`" # save date of mount in minutes since 1970
mapdate="`date +%s`"
mapdate="`echo ${mapdate}/60 | bc -l | cut -d. -f1`"
mapper="tomb.`basename $FILE | cut -d. -f1`.$mapdate.`basename $nstloop`"
notice "Password is required for key ${enc_key}" notice "Password is required for key ${enc_key}"
for c in 1 2 3; do for c in 1 2 3; do
@ -431,110 +434,25 @@ mount_crypto_file() {
fi fi
} }
mount_crypto_partition() { umount_tomb() {
if [ -z $KEY ]; then
key=`basename $FILE`
grep -e "^${FILE}" ${tombtab}
if [ $? = 1 ]; then
error "entombed partition $file is not found in ${tombtab}"
error "aborting operation."
exit 1
fi
if [ -r ${tombdir}/${key}.gpg ]; then
enc_key=${tombdir}/${key}.gpg
else
error "secret encryption key for partition ${FILE} not found in ${tombdir}/${key}.gpg"
error "we cannot decrypt files from partition ${FILE}. sorry."
exit 0
fi
else
enc_key=${KEY}
act "using key $KEY to unlock"
fi
if [ -z $MOUNT ]; then
mount=`grep "^${FILE}" ${tombtab} | awk '{print $2}'`
if ! [ -x $mount ]; then
error "you need to specify a MOUNTPOINT for the mount command"
exit 1
else
MOUNT=$mount
fi
fi
notice "mounting entombed partition $FILE on mountpoint $MOUNT"
if ! [ -x $MOUNT ]; then
error "mountpoint $MOUNT does not exist"
exit 1
fi
act "check if nest is a an encrypted Luks device"
cryptsetup isLuks ${FILE}
if [ $? = 0 ]; then
act "secret encryption key found in ${enc_key}"
modprobe dm-crypt
modprobe aes-i586
mapper="tomb.${key}.`date +%s`"
notice "Password is required to unlock the encryption key"
for c in 1 2 3 4 5; do
ask_password $c
cat /var/run/.scolopendro \
| gpg --passphrase-fd 0 --no-tty --no-options \
-d ${enc_key} 2>/dev/null \
| cryptsetup --key-file - luksOpen ${FILE} ${mapper}
rm -f /var/run/.scolopendro
if [ -r /dev/mapper/${mapper} ]; then
break; # password was correct
else
dialog --sleep 3 --infobox \
"password invalid, `expr 5 - $attempt` attempts left" 10 30
fi
done
if ! [ -r /dev/mapper/${mapper} ]; then
error "failure mounting the encrypted file"
return # this exits
fi
act "encrypted storage filesystem check"
fsck.ext3 -p -C0 /dev/mapper/${mapper}
mount -t ext3 /dev/mapper/${mapper} ${MOUNT}
notice "encrypted partition $FILE succesfully mounted on $MOUNT"
touch ${tombdir}/mtab
echo "${FILE} ${MOUNT} ${mapper}" >> ${tombdir}/mtab
else
error "$FILE is not a valid Luks encrypted partition"
fi
}
umount_crypto() {
if [ -z $FILE ]; then if [ -z $FILE ]; then
# TODO: if only one tomb is mounted, unmount that
error "must specify the mountpoint to be unmounted" how_many_tombs="`ls /dev/mapper/tomb* 2>/dev/null | wc -w`"
exit 0 if [ $how_many_tombs = 0 ]; then
error "there is no tomb found to be mounted"
return
elif [ $how_many_tombs = 1 ]; then
mapper=`ls /dev/mapper/tomb* 2>/dev/null`
FILE=`mount | grep $mapper | awk '{print $3}'`
fi fi
else
mapper=`mount | grep $FILE | awk '{print $1}'` mapper=`mount | grep $FILE | awk '{print $1}'`
fi
if [ "$mapper" = "" ]; then if [ "$mapper" = "" ]; then
error "$FILE is not mounted" error "$FILE is not mounted"
return return
@ -560,6 +478,8 @@ umount_crypto() {
exit 0 exit 0
fi fi
losetup -d "`echo $mapper | cut -d. -f4`"
# echo ${nstloop} | grep loop 1>/dev/null 2>/dev/null # echo ${nstloop} | grep loop 1>/dev/null 2>/dev/null
# # if it's a loopback then we need to do losetup -d # # if it's a loopback then we need to do losetup -d
# if [ $? = 0 ]; then # if [ $? = 0 ]; then
@ -577,11 +497,11 @@ umount_crypto() {
case "$CMD" in case "$CMD" in
create) create_crypto ;; create) create_tomb ;;
format) format_crypto ;; format) format_tomb ;;
mount) mount_crypto ;; mount) mount_tomb ;;
umount) umount_crypto ;; umount) umount_tomb ;;
unmount) umount_crypto ;; unmount) umount_tomb ;;
*) error "command \"$CMD\" not recognized" *) error "command \"$CMD\" not recognized"
act "try -h for help" act "try -h for help"
;; ;;