blob: 5e7648a61b470e7c77554722b638d9ac9964a310 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
#!/bin/sh
set -e
UUID_KKEY="7930cd94-b56e-4395-8859-f34da77f29be"
UUID_WKEY=""
CRYPT_NAME="usbkey"
MOUNT_PATH="/media/usbkey"
op_mount() {
# First check if we have key drive
if [ ! -e "/dev/disk/by-uuid/$UUID_KKEY" ]; then
echo "Can't locate appropriate usb drive." >&2
exit 1
fi
# Decrypt drive
if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
echo "USB key seems to be already decrypted" >&2
else
echo "Decrypting usb key" >&2
sudo -- cryptsetup open /dev/disk/by-uuid/"$UUID_KKEY" "$CRYPT_NAME"
fi
# Mount drive
if mount | grep -q "$MOUNT_PATH"; then
echo "USB key is already mounted" >&2
else
echo "Mounting usb key"
sudo -- mkdir -p "$MOUNT_PATH"
sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME" "$MOUNT_PATH"
fi
echo "USB key drive mounted" >&2
}
op_unmount() {
# Unmount
if mount | grep -q "$MOUNT_PATH"; then
echo "Unmounting usb key" >&2
sync "$MOUNT_PATH"
sudo -- umount "$MOUNT_PATH"
fi
# Remove mount path
[ ! -d "$MOUNT_PATH" ] || sudo -- rmdir "$MOUNT_PATH"
# Close encryption
if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
echo "Closing encryption on usb key" >&2
sudo -- cryptsetup close "$CRYPT_NAME"
fi
echo "USB key unmounted" >&2
}
check_mount() {
mount | grep "$MOUNT_PATH" | grep -q "/dev/mapper/$CRYPT_NAME"
}
op_sync() {
local DOUNMOUNT=false
local EXITC=0
if ! check_mount; then
DOUNMOUNT=true
op_mount
fi
if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
# Mount backup usb
sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup"
sudo -- mkdir -p "$MOUNT_PATH-backup"
sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup"
# Sync them
rsync -aAxXS --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/"
# Unmount it
sudo -- umount "$MOUNT_PATH-backup"
sudo -- rmdir "$MOUNT_PATH-backup"
sudo -- cryptsetup close "$CRYPT_NAME-backup"
else
echo "USB backup key seems to not be inserted. Please do so." >&2
EXITC=1
fi
if $DOUNMOUNT; then
op_unmount
fi
exit $EXITC
}
ssh_list() {
check_mount || op_mount
for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do
local N="${KEY#$MOUNT_PATH/ssh/}"
echo -n "${N%.pub}: "
sed -n 's/ssh-rsa .* \(.*\)/\1/p' "$KEY"
done
}
ssh_generate() {
check_mount || op_mount
if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
echo "Key $NAME seems to already exists." >&2
exit 1
fi
echo -n "Please enter comment: "
read COMMENT
ssh-keygen -f "$MOUNT_PATH/ssh/$NAME" -C "$COMMENT"
}
ssh_import() {
check_mount || op_mount
if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
echo "There is no key named $NAME" >&2
exit 1
fi
cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/
cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/
}
unknown_argument() {
echo "Unknown argument: $1"
exit 1
}
# Parse operation (operation have to be first)
case "$1" in
-h|--help)
echo "Usb key manager"
echo "Usage: usbkey OPERATION ..."
echo
echo "Operations:"
echo " mount: Mount key of usb driver"
echo " unmount: Unmount usb driver"
echo " sync: Synchronize drive to bakup drive"
echo " gpg-import: Import gpg key"
echo " ssh-import: Import ssh key"
echo " ssh-generate: Generate new ssh key"
echo " ssh-list: List all keys in store"
echo " openvpn-get: Get keys for some host"
echo " openvpn-generate: Generate key for new host"
exit 0
;;
mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate)
OPERATION="$1"
;;
*)
unknown_argument "$1"
;;
esac
shift
# Parse rest of the arguments
while [ $# -gt 0 ]; do
case "$1" in
-h|--help)
echo "Usb key manager"
case "$OPERATION" in
mount|unmount|sync)
echo "Usage: usbkey $OPERATION [-h]"
;;
ssh-*)
echo "Usage: usbkey $OPERATION NAME [-h]"
;;
# TODO
esac
exit 0
;;
*)
if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then
NAME="$1"
else
unknown_argument "$1"
fi
;;
esac
shift
done
case "$OPERATION" in
mount)
op_mount
;;
unmount)
op_unmount
;;
sync)
op_sync
;;
ssh-list)
ssh_list
;;
*)
echo "Operation $OPERATION not implemented" >&2
exit 2
;;
esac
|