|
|
|
|
@ -1,31 +1,5 @@
|
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
check_publickey() {
|
|
|
|
|
local publickey=$STORAGE/id_rsa.pub
|
|
|
|
|
if ! [[ -f $publickey ]]
|
|
|
|
|
then
|
|
|
|
|
error "Failed to found public key $publickey"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
return 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_header() {
|
|
|
|
|
local datadir=$1
|
|
|
|
|
local header=$datadir/header
|
|
|
|
|
if ! [[ -f $header ]]
|
|
|
|
|
then
|
|
|
|
|
error "Crypt header for $(basename $datadir) not found"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
if ! cryptsetup isLuks $header
|
|
|
|
|
then
|
|
|
|
|
error "Crypt header for $(basename $datadir) is wrong"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PATH=/lib/rc/bin:$PATH
|
|
|
|
|
|
|
|
|
|
TEXTDOMAIN=cl_access_add
|
|
|
|
|
@ -190,7 +164,7 @@ update_sshkey() {
|
|
|
|
|
touch $authkeys
|
|
|
|
|
fi
|
|
|
|
|
cat >>$authkeys <<EOF
|
|
|
|
|
command="~/bin/access-shell $id",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa $(cat $publickey)
|
|
|
|
|
command="~/bin/access-shell $id",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat $publickey)
|
|
|
|
|
EOF
|
|
|
|
|
chown $USERNAME. $authkeys
|
|
|
|
|
}
|
|
|
|
|
@ -257,7 +231,7 @@ check_luks_key() {
|
|
|
|
|
ewarn $"Could not check key without header"
|
|
|
|
|
return 0
|
|
|
|
|
else
|
|
|
|
|
cryptsetup -d $key -q luksDump --dump-master-key $header || eerror "Wrong LUKS key/header pair"
|
|
|
|
|
cryptsetup -d $key -q luksDump --dump-master-key $header &>/dev/null || eerror "Wrong LUKS key/header pair"
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -276,10 +250,10 @@ is_dev() {
|
|
|
|
|
|
|
|
|
|
create_record() {
|
|
|
|
|
local id=$1
|
|
|
|
|
local header=$2
|
|
|
|
|
local key=$3
|
|
|
|
|
local device=$4
|
|
|
|
|
local mp=$5
|
|
|
|
|
local key=$2
|
|
|
|
|
local device=$3
|
|
|
|
|
local mp=$4
|
|
|
|
|
local header=$5
|
|
|
|
|
for rec in {0..99}
|
|
|
|
|
do
|
|
|
|
|
recdn=$STORAGE/$id/$rec
|
|
|
|
|
@ -321,7 +295,7 @@ id_not_exists $ID || ask_rewrite_sshkey
|
|
|
|
|
|
|
|
|
|
id_not_exists $ID && create_id $ID
|
|
|
|
|
|
|
|
|
|
create_record "$ID" "$HEADER" "$KEY" "$DEVICE" "$MOUNTPOINT"
|
|
|
|
|
create_record "$ID" "$KEY" "$DEVICE" "$MP" "$HEADER"
|
|
|
|
|
|
|
|
|
|
[[ -n $SSHKEY ]] && update_sshkey $ID $SSHKEY
|
|
|
|
|
|
|
|
|
|
|
