calculate
/
calculate-access
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Переименованы параметры

Browse Source
master
Хирецкий Михаил 6 years ago
parent 39db62f523
commit 7761813897
1 changed files with 130 additions and 135 deletions
Show Stats Download Patch File Download Diff File

265
scripts/cl-access-add
Unescape View File

@ -21,7 +21,7 @@ set -e
# вывод короткой справки
# show the short help message
usage() {
echo "Usage: $0 --id ID [--sshkey PKEY] [--header HEADER] --key KEYFILE --device DEVICE --mountpoint MOUNTPOINT
echo "Usage: $0 --id ID [--ssh-key PKEY] [--header HEADER] --key KEYFILE --device DEVICE --mount DIR
Version: $CL_ACCESS_VERSION
@ -33,18 +33,18 @@ ${DESCRIPTION}
# вывод полной справки
# show the long help message
long_usage() {
echo "Usage: $0 --id ID [--sshkey PKEY] [--header HEADER] --key KEYFILE --device DEVICE --mountpoint MOUNTPOINT
echo "Usage: $0 --id ID [--ssh-key PKEY] [--header HEADER] --key KEYFILE --device DEVICE --mount DIR
Version: $CL_ACCESS_VERSION
${DESCRIPTION}
--id ID set access id
--sshkey PKEY public authorized key
--header HEADER separated LUKS header
--key KEYFILE LUKS key file
--device DEVICE LUKS device (/dev or PARTUUID)
--mountpoint MOUNTPOINT mount point
--id ID set access id
-s PKEY, --ssh-key PKEY public authorized key
-H HEADER, --header HEADER separated LUKS header
-k KEYFILE, --key KEYFILE LUKS key file
-d DEVICE, --device DEVICE LUKS device (/dev or PARTUUID)
-m DIR, --mount DIR mount point
"
}
@ -53,14 +53,14 @@ ${DESCRIPTION}
rearrange_params() {
set +e
TEMP=$(unset POSIXLY_CORRECT; getopt \
-o "h" \
-o "hs:H:k:d:m:" \
--long help \
--long id: \
--long sshkey: \
--long ssh-key: \
--long header: \
--long key: \
--long device: \
--long mountpoint: \
--long mount: \
-- "$@" 2>&1)
if (( $? != 0 )); then
echo "$TEMP" | sed 's/getopt: /cl-access-add: /;$d'
@ -82,31 +82,27 @@ do_args() {
ID="$2"
shift
;;
--sshkey)
-s|--ssh-key)
SSHKEY="$2"
shift
;;
--header)
-H|--header)
HEADER="$2"
shift
shift
;;
--key)
-k|--key)
KEY="$2"
shift
shift
;;
--device)
-d|--device)
DEVICE="$2"
shift
;;
--partuuid)
PARTUUID="$2"
shift
shift
;;
--mountpoint)
-m|---mount)
MP="$2"
shift
shift
;;
--) shift; break;;
--) shift; break;;
*) usage;
eerror $"Unknown option: $1"
;;
@ -129,150 +125,150 @@ eval set -- "$TEMP"
do_args "$@"
check_setup() {
[[ -d $ACCESSDIR ]]
[[ -d $ACCESSDIR ]]
}
id_not_exists() {
local id=$1
[[ ! -d $STORAGE/$id ]]
local id=$1
[[ ! -d $STORAGE/$id ]]
}
create_id() {
local id=$1
local dn=$STORAGE/$id
mkdir -p $dn
chown $USERNAME. -R $dn
local id=$1
local dn=$STORAGE/$id
mkdir -p $dn
chown $USERNAME. -R $dn
}
update_sshkey() {
local id=$1
local sshkey=$2
local publickey=$STORAGE/$id/id_rsa.pub
local sshdir=$ACCESSDIR/.ssh
local authkeys=$sshdir/authorized_keys
cp $sshkey $publickey
chown $USERNAME. $publickey
if [[ -f $authkeys ]]
then
sed -i "/access-shell $id/d" $authkeys
else
if [[ ! -d $sshdir ]]
then
mkdir -p $sshdir
chown $USERNAME. $sshdir
fi
touch $authkeys
fi
cat >>$authkeys <<EOF
local id=$1
local sshkey=$2
local publickey=$STORAGE/$id/id_rsa.pub
local sshdir=$ACCESSDIR/.ssh
local authkeys=$sshdir/authorized_keys
cp $sshkey $publickey
chown $USERNAME. $publickey
if [[ -f $authkeys ]]
then
sed -i "/access-shell $id/d" $authkeys
else
if [[ ! -d $sshdir ]]
then
mkdir -p $sshdir
chown $USERNAME. $sshdir
fi
touch $authkeys
fi
cat >>$authkeys <<EOF
command="~/bin/access-shell $id",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat $publickey)
EOF
chown $USERNAME. $authkeys
chown $USERNAME. $authkeys
}
ask_rewrite_sshkey() {
while true
do
read -p $"Do you want replace authorzied key? " yn
case $yn in
[Yy]* ) return 0;;
[Nn]* ) return 1;;
* ) ewarn $"Please answer yes or no." ;;
esac
done
while true
do
read -p $"Do you want replace authorzied key? " yn
case $yn in
[Yy]* ) return 0;;
[Nn]* ) return 1;;
* ) ewarn $"Please answer yes or no." ;;
esac
done
}
check_sshkey() {
local sshkey=$1
if ! [[ -f $sshkey ]]
then
eerror $"Public authorized key not found"
return 1
fi
if grep -q "PRIVATE KEY" $sshkey
then
eerror $"You should use public key instead private"
return 1
fi
if ! ssh-keygen -l -f $sshkey &>/dev/null
then
eerror $"$sshkey is not public key"
return 1
fi
return 0
local sshkey=$1
if ! [[ -f $sshkey ]]
then
eerror $"Public authorized key not found"
return 1
fi
if grep -q "PRIVATE KEY" $sshkey
then
eerror $"You should use public key instead private"
return 1
fi
if ! ssh-keygen -l -f $sshkey &>/dev/null
then
eerror $"$sshkey is not public key"
return 1
fi
return 0
}
check_luks_header() {
local header=$1
if ! [[ -f $header ]]
then
eerror $"LUKS header not found"
return 1
fi
if ! cryptsetup isLuks $header &>/dev/null
then
eerror $"LUKS header is wrong"
return 1
fi
return 0
local header=$1
if ! [[ -f $header ]]
then
eerror $"LUKS header not found"
return 1
fi
if ! cryptsetup isLuks $header &>/dev/null
then
eerror $"LUKS header is wrong"
return 1
fi
return 0
}
check_luks_key() {
local key=$1
local header=$2
if ! [[ -f $key ]]
then
eerror $"LUKS key not found"
return 1
fi
if [[ -z $header ]]
then
ewarn $"Could not check key without header"
return 0
else
cryptsetup -d $key -q luksDump --dump-master-key $header &>/dev/null || eerror "Wrong LUKS key/header pair"
fi
local key=$1
local header=$2
if ! [[ -f $key ]]
then
eerror $"LUKS key not found"
return 1
fi
if [[ -z $header ]]
then
ewarn $"Could not check key without header"
return 0
else
cryptsetup -d $key -q luksDump --dump-master-key $header &>/dev/null || eerror "Wrong LUKS key/header pair"
fi
}
check_device_name() {
local device=$1
is_uuid $device || is_dev $device || eerror $"Device must be PARTUUID or /dev"
local device=$1
is_uuid $device || is_dev $device || eerror $"Device must be PARTUUID or /dev"
}
is_uuid() {
[[ "$1" =~ ^(PARTUUID=)?(([0-9a-f]+-)+[0-9a-f]+)$ ]]
[[ "$1" =~ ^(PARTUUID=)?(([0-9a-f]+-)+[0-9a-f]+)$ ]]
}
is_dev() {
[[ "$1" =~ ^/dev/ ]]
[[ "$1" =~ ^/dev/ ]]
}
create_record() {
local id=$1
local key=$2
local device=$3
local mp=$4
local header=$5
for rec in {0..99}
do
recdn=$STORAGE/$id/$rec
if [[ ! -d $recdn ]]
then
mkdir -p $recdn
[[ -n $header ]] && cp $header $recdn/header
cp $key $recdn/key
if is_uuid $device
then
echo ${BASH_REMATCH[2]} >$recdn/partuuid
else
echo $device >$recdn/dev
fi
echo $mp >$recdn/mountpoint
break
fi
done
local id=$1
local key=$2
local device=$3
local mp=$4
local header=$5
for rec in {0..99}
do
recdn=$STORAGE/$id/$rec
if [[ ! -d $recdn ]]
then
mkdir -p $recdn
[[ -n $header ]] && cp $header $recdn/header
cp $key $recdn/key
if is_uuid $device
then
echo ${BASH_REMATCH[2]} >$recdn/partuuid
else
echo $device >$recdn/dev
fi
echo $mp >$recdn/mountpoint
break
fi
done
}
check_setup || eerror $"Calculate access is not setup"
@ -292,7 +288,6 @@ check_device_name $DEVICE
id_not_exists $ID || ask_rewrite_sshkey
id_not_exists $ID && create_id $ID
create_record "$ID" "$KEY" "$DEVICE" "$MP" "$HEADER"

Write Preview
Loading…
Cancel
Save