-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathluksctl_db
executable file
·168 lines (138 loc) · 4.07 KB
/
luksctl_db
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#!/bin/bash
# LUKS central management tool
# This script requires dmsetup and cryptsetup.
# Needs to be launched as superuser.
#
# Author: Marco Tangaro
# mail: ma.tangaro@ibiom.cnr.it
# CNR-IBIOM, ELIXIR-ITALY
#
# LICENCE: BSD
cryptdev_ini_file='/etc/luks/luks-cryptdev_db.ini'
#____________________________________
# Script needs superuser
function __su_check(){
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo -e "[Error] Not running as root."
exit
fi
}
#____________________________________
# Display dmsetup info
function __dmsetup_info(){
dmsetup info /dev/mapper/$cryptdev
}
#____________________________________
# check encrypted storage mounted
function __cryptdev_status(){
# check if $mountpoint is a mount point
mountpoint $mountpoint &> /dev/null
if [ $? -ne 0 ]; then
echo -e "\n${mountpoint} is not a mount point."
exit 1
fi
# if $mountpoint is a mount point
__dmsetup_info &>/dev/null
echo 'LUKS volume configuration'
echo 'Cipher algorithm:' $cipher_algorithm
echo 'Hash algorithm:' $hash_algorithm
echo 'Key size:' $keysize
echo 'Device:' $device
echo 'UUID:' $uuid
echo 'Crypt device:' $cryptdev
echo 'Mapper:' $mapper
echo 'Mount point:' $mountpoint
echo 'File system:' $filesystem
if [ $? -eq 0 ]; then
echo -e "\nEncrypted volume: [ OK ]"
else
echo -e "\nEncrypted volume: [ FAIL ]"
fi
}
#____________________________________
# luksOpen device
function __luksopen_cryptdev(){
cryptsetup luksOpen /dev/disk/by-uuid/$uuid $cryptdev
dmsetup info /dev/mapper/$cryptdev
mount /dev/mapper/$cryptdev $mountpoint
code=$?
if [ "$code" -ne 0 ]; then
return 31 # return error code 0
else
return 0 # return success
fi
}
#____________________________________
# Open encrypted device
function __cryptdev_open(){
__luksopen_cryptdev
code=$?
if [ "$code" -eq "0" ]; then
__cryptdev_status
else
echo -e "\nEncrypted volume mount: [ FAIL ]"
fi
}
#____________________________________
# luksClose device
function __luksclose_cryptdev(){
umount $mountpoint
cryptsetup close $cryptdev
}
#____________________________________
# Close encrypted device
function __cryptdev_close(){
__luksclose_cryptdev
__dmsetup_info &>/dev/null
if [ $? -eq 0 ]; then
echo -e "\nEncrypted volume umount: [ FAIL ]"
else
echo -e "\nEncrypted volume umount: [ OK ]"
fi
}
#____________________________________
# Read ini file
function cfg.parser ()
# http://theoldschooldevops.com/2008/02/09/bash-ini-parser/
{
IFS=$'\n' && ini=( $(<$1) ) # convert to line-array
ini=( ${ini[*]//;*/} ) # remove comments with ;
ini=( ${ini[*]//\#*/} ) # remove comments with #
ini=( ${ini[*]/\ =/=} ) # remove tabs before =
ini=( ${ini[*]/=\ /=} ) # remove tabs be =
ini=( ${ini[*]/\ =\ /=} ) # remove anything with a space around =
ini=( ${ini[*]/#[/\}$'\n'cfg.section.} ) # set section prefix
ini=( ${ini[*]/%]/ \(} ) # convert text2function (1)
ini=( ${ini[*]/=/=\( } ) # convert item to array
ini=( ${ini[*]/%/ \)} ) # close array parenthesis
ini=( ${ini[*]/%\\ \)/ \\} ) # the multiline trick
ini=( ${ini[*]/%\( \)/\(\) \{} ) # convert text2function (2)
ini=( ${ini[*]/%\} \)/\}} ) # remove extra parenthesis
ini[0]="" # remove first element
ini[${#ini[*]} + 1]='}' # add the last brace
eval "$(echo "${ini[*]}")" # eval the result
}
function read_ini_file(){
cfg.parser $cryptdev_ini_file
cfg.section.luks
}
#____________________________________
# Show help
function __cryptdev_help(){
echo -e "\nUsage: galaxyctl luks <option>"
echo -e "\nEncrypted volume options:\n"
echo -e " --help [print-out cryptdevice options]\n"
echo -e ' open [luks open and mount volume]\n'
echo -e ' close [luks close and umount volume]\n'
echo -e ' status [check volume status]\n'
}
#____________________________________
# Cryptdevice options
if [[ $1 == '--help' ]]; then __cryptdev_help; fi
__su_check
read_ini_file
if [[ $# -gt 0 ]]; then
if [ "$1" == 'open' ]; then __cryptdev_open; fi
if [ "$1" == 'close' ]; then __cryptdev_close; fi
if [ "$1" == 'status' ]; then __cryptdev_status; fi
fi