aboutsummaryrefslogtreecommitdiff
path: root/local/bin/usbkey
blob: 5e7648a61b470e7c77554722b638d9ac9964a310 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/bin/sh
set -e

UUID_KKEY="7930cd94-b56e-4395-8859-f34da77f29be"
UUID_WKEY=""

CRYPT_NAME="usbkey"
MOUNT_PATH="/media/usbkey"

op_mount() {
	# First check if we have key drive
	if [ ! -e "/dev/disk/by-uuid/$UUID_KKEY" ]; then
		echo "Can't locate appropriate usb drive." >&2
		exit 1
	fi
	# Decrypt drive
	if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
		echo "USB key seems to be already decrypted" >&2
	else
		echo "Decrypting usb key" >&2
		sudo -- cryptsetup open /dev/disk/by-uuid/"$UUID_KKEY" "$CRYPT_NAME"
	fi
	# Mount drive
	if mount | grep -q "$MOUNT_PATH"; then
		echo "USB key is already mounted" >&2
	else
		echo "Mounting usb key"
		sudo -- mkdir -p "$MOUNT_PATH"
		sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME" "$MOUNT_PATH"
	fi

	echo "USB key drive mounted" >&2
}

op_unmount() {
	# Unmount
	if mount | grep -q "$MOUNT_PATH"; then
		echo "Unmounting usb key" >&2
		sync "$MOUNT_PATH"
		sudo -- umount "$MOUNT_PATH"
	fi
	# Remove mount path
	[ ! -d "$MOUNT_PATH" ] || sudo -- rmdir "$MOUNT_PATH"
	# Close encryption
	if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
		echo "Closing encryption on usb key" >&2
		sudo -- cryptsetup close "$CRYPT_NAME"
	fi

	echo "USB key unmounted" >&2
}

check_mount() {
	mount | grep "$MOUNT_PATH" | grep -q "/dev/mapper/$CRYPT_NAME"
}

op_sync() {
	local DOUNMOUNT=false
	local EXITC=0
	if ! check_mount; then
		DOUNMOUNT=true
		op_mount
	fi
	if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
		# Mount backup usb
		sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup"
		sudo -- mkdir -p "$MOUNT_PATH-backup"
		sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup"
		# Sync them
		rsync -aAxXS --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/"
		# Unmount it
		sudo -- umount "$MOUNT_PATH-backup"
		sudo -- rmdir "$MOUNT_PATH-backup"
		sudo -- cryptsetup close "$CRYPT_NAME-backup"
	else
		echo "USB backup key seems to not be inserted. Please do so." >&2
		EXITC=1
	fi
	if $DOUNMOUNT; then
		op_unmount
	fi
	exit $EXITC
}

ssh_list() {
	check_mount || op_mount
	for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do
		local N="${KEY#$MOUNT_PATH/ssh/}"
		echo -n "${N%.pub}: "
		sed -n 's/ssh-rsa .* \(.*\)/\1/p' "$KEY"
	done
}

ssh_generate() {
	check_mount || op_mount
	if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
		echo "Key $NAME seems to already exists." >&2
		exit 1
	fi
	echo -n "Please enter comment: "
	read COMMENT
	ssh-keygen -f "$MOUNT_PATH/ssh/$NAME" -C "$COMMENT"
}

ssh_import() {
	check_mount || op_mount
	if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
		echo "There is no key named $NAME" >&2
		exit 1
	fi
	cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/
	cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/
}


unknown_argument() {
	echo "Unknown argument: $1"
	exit 1
}
# Parse operation (operation have to be first)
case "$1" in
	-h|--help)
		echo "Usb key manager"
		echo "Usage: usbkey OPERATION ..."
		echo
		echo "Operations:"
		echo "  mount: Mount key of usb driver"
		echo "  unmount: Unmount usb driver"
		echo "  sync: Synchronize drive to bakup drive"
		echo "  gpg-import: Import gpg key"
		echo "  ssh-import: Import ssh key"
		echo "  ssh-generate: Generate new ssh key"
		echo "  ssh-list: List all keys in store"
		echo "  openvpn-get: Get keys for some host"
		echo "  openvpn-generate: Generate key for new host"
		exit 0
		;;
	mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate)
		OPERATION="$1"
		;;
	*)
		unknown_argument "$1"
		;;
esac
shift
# Parse rest of the arguments
while [ $# -gt 0 ]; do
	case "$1" in
		-h|--help)
			echo "Usb key manager"
			case "$OPERATION" in
				mount|unmount|sync)
					echo "Usage: usbkey $OPERATION [-h]"
					;;
				ssh-*)
					echo "Usage: usbkey $OPERATION NAME [-h]"
					;;
				# TODO
			esac
			exit 0
			;;
		*)
			if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then
				NAME="$1"
			else
				unknown_argument "$1"
			fi
			;;
	esac
	shift
done

case "$OPERATION" in
	mount)
		op_mount
		;;
	unmount)
		op_unmount
		;;
	sync)
		op_sync
		;;
	ssh-list)
		ssh_list
		;;
	*)
		echo "Operation $OPERATION not implemented" >&2
		exit 2
		;;
esac