blob: 3fe73366a3fb1fd40ebb16978fa0692f407c2848 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
#!/bin/sh
set -e
UUID_KKEY="7930cd94-b56e-4395-8859-f34da77f29be"
UUID_WKEY="9fcaf42a-86d5-4e70-828d-fd90aad2d964"
CRYPT_NAME="usbkey"
MOUNT_PATH="/media/usbkey"
op_mount() {
# First check if we have key drive
if [ ! -e "/dev/disk/by-uuid/$UUID_KKEY" ]; then
echo "Can't locate appropriate usb drive." >&2
exit 1
fi
# Decrypt drive
if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
echo "USB key seems to be already decrypted" >&2
else
echo "Decrypting usb key" >&2
sudo -- cryptsetup open /dev/disk/by-uuid/"$UUID_KKEY" "$CRYPT_NAME"
fi
# Mount drive
if mount | grep -q "$MOUNT_PATH"; then
echo "USB key is already mounted" >&2
else
echo "Mounting usb key"
sudo -- mkdir -p "$MOUNT_PATH"
sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME" "$MOUNT_PATH"
fi
echo "USB key drive mounted" >&2
}
op_unmount() {
# Unmount
if mount | grep -q "$MOUNT_PATH"; then
echo "Unmounting usb key" >&2
sync "$MOUNT_PATH"
sudo -- umount "$MOUNT_PATH"
fi
# Remove mount path
[ ! -d "$MOUNT_PATH" ] || sudo -- rmdir "$MOUNT_PATH"
# Close encryption
if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
echo "Closing encryption on usb key" >&2
sudo -- cryptsetup close "$CRYPT_NAME"
fi
echo "USB key unmounted" >&2
}
check_mount() {
mount | grep "$MOUNT_PATH" | grep -q "/dev/mapper/$CRYPT_NAME"
}
op_sync() {
local DOUNMOUNT=false
if [ ! -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
echo "USB backup key seems to not be inserted. Please do so." >&2
exit 1
fi
if ! check_mount; then
DOUNMOUNT=true
op_mount
fi
# Mount backup usb
sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup"
sudo -- mkdir -p "$MOUNT_PATH-backup"
sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup"
# Sync them
rsync -ax --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/"
# Unmount it
sudo -- umount "$MOUNT_PATH-backup"
sudo -- rmdir "$MOUNT_PATH-backup"
sudo -- cryptsetup close "$CRYPT_NAME-backup"
if $DOUNMOUNT; then
op_unmount
fi
echo "Sync process finished." >&2
}
op_gpg_import() {
# TODO
true
}
ssh_list() {
check_mount || op_mount
for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do
local N="${KEY#$MOUNT_PATH/ssh/}"
echo -n "${N%.pub}: "
sed -n 's/ssh-rsa .* \(.*\)/\1/p' "$KEY"
done
}
check_ssh_nane() {
if [ -z "$NAME" ]; then
echo "You have to specify key name!" >&2
exit 1
fi
}
op_ssh_generate() {
check_mount || op_mount
check_ssh_nane
if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
echo "Key $NAME seems to already exists." >&2
exit 1
fi
echo -n "Please enter comment: "
read COMMENT
ssh-keygen -f "$MOUNT_PATH/ssh/$NAME" -C "$COMMENT"
echo "SSH key $NAME was generated." >&2
}
op_ssh_import() {
check_mount || op_mount
check_ssh_nane
if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
echo "There is no key named $NAME" >&2
exit 1
fi
cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/
cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/
echo "SSH key $NAME copied to local .ssh directory." >&2
}
op_openvpn_list() {
check_mount || op_mount
# TODO
}
op_openvpn_get() {
check_mount || op_mount
# TODO
}
op_openvpn_generate() {
check_mount || op_mount
# TODO
}
unknown_argument() {
echo "Unknown argument: $1"
exit 1
}
# Parse operation (operation have to be first)
case "$1" in
-h|--help)
echo "Usb key manager"
echo "Usage: usbkey OPERATION ..."
echo
echo "Operations:"
echo " mount: Mount key of usb driver"
echo " unmount: Unmount usb driver"
echo " sync: Synchronize drive to bakup drive"
echo " gpg-import: Import gpg key"
echo " ssh-import: Import ssh key"
echo " ssh-generate: Generate new ssh key"
echo " ssh-list: List all keys in store"
echo " openvpn-list: List all keys"
echo " openvpn-get: Get keys for some host"
echo " openvpn-generate: Generate key for new host"
exit 0
;;
mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate)
OPERATION="$1"
;;
*)
unknown_argument "$1"
;;
esac
shift
# Parse rest of the arguments
while [ $# -gt 0 ]; do
case "$1" in
-h|--help)
echo "Usb key manager"
case "$OPERATION" in
mount|unmount|sync)
echo "Usage: usbkey $OPERATION [-h]"
;;
ssh-*)
echo "Usage: usbkey $OPERATION NAME [-h]"
;;
# TODO
esac
exit 0
;;
*)
if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then
NAME="$1"
else
unknown_argument "$1"
fi
;;
esac
shift
done
# Go to operation handler
eval "op_$(echo "$OPERATION" | tr '-' '_')"
|
