/
decrypt_usb
104 lines (83 loc) · 3.69 KB
/
decrypt_usb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/usr/bin/env bash
set -eu
# set -xv
# Load common functions
source "$(dirname "${BASH_SOURCE[0]}")/common.bsh"
# 1. Set variables up
###############################################################################
set_disk_variables "${1}"
# 2. Find decryption key
###############################################################################
# Search for 10 mintues, just like on boot
search_until=$(($(date +%s)+${DECRIPTION_KEY_SEARCH_TIME}))
# Search for 10 minutes, or until the device is unplugged
while [ "${search_until}" -gt "$(date +%s)" ] && [ -e ${sys_path} ]; do
# Search for keys
for key in /media/*/"${name}.key" /data/*/"${name}.key"; do
# If the key files exists and check to see if it unlocks the drive
if [ -e "${key}" ] && cryptsetup luksOpen --test-passphrase --key-file "${key}" "${devname}"; then
good_key="${key}"
break 2
fi
done
timeleft=$((${search_until} - $(date +%s)))
message=" Waiting for ${name}.key to be inserted. ${timeleft}s left"
for (( offset=0; offset<50; offset++ )); do
/usr/bin/rnutil rn_lcd -s "${message:offset}" -p 1 -e 1 -k 478
sleep 0.2
done
done
/usr/bin/rnutil rn_lcd -s "Key found!" -p 1 -e 5 -k 478
# 3. Auto decrypt and mount
###############################################################################
# If good key found
if [ -n "${good_key+set}" ]; then
# cryptsetup close doesn't work if you unplug without unmounting, so we test
# the the key, and then look for an available name
dev_mapper_name="$(get_dev_mapper_name "${name}")"
dev_mapper_location="/dev/mapper/${dev_mapper_name}"
# Activate luks mount
cryptsetup luksOpen --key-file "${good_key}" "${devname}" "${dev_mapper_name}"
set_disk_variables_unencrypted "${dev_mapper_location}" "${serial}"
# Mount it
mkdir -p "/${mount_location}"
mount "${dev_mapper_location}" /"${mount_location}"
# 4. Update database and files
###############################################################################
fs_type="$(mount_type /"${mount_location}" | head -n 1)"
fs_type="${fs_type//\'/\'\'}"
# When you unmount ANY usb device, something in readynas will decide "You know
# what, your encrypted volume isn't REALLY mounted" and remove it from the
# databases. So I constantly monitor it and remove ie
# While the disk is still mounted...
while mount | grep "${dev_mapper_location} on /${mount_location}" &> /dev/null; do
# Detect if this line has changed, because that indicates that its been
# marked as gone, even when it's not
if ! grep "${uid}!!${name}!!${description}!!${size}!!1!!${last_connected_node}!!!!${link_speed}!!${location}!!${fs_type}!!" "${STORAGE_CONF}" &> /dev/null; then
echo "Refreshing the database for ${name}" >&2
# Add to the database
update_database_entry
fi
# only check ever x seconds
sleep 5
done
# 5. Cleanup
#############################################################################
# A bit of cleanup that doesn't happen for some odd reason *shrugs*
if [ -d "/${mount_location}" ]; then
rmdir "/${mount_location}"
fi
if [ -b "${dev_mapper_location}" ]; then
cryptsetup luksClose "${dev_mapper_name}"
fi
fi
# Debugging
# watch -n 1 '
# sqlite3 -column -header -init /opt/usb-auto-decrypt/init.sql \
# -readonly /var/readynasd/db.sq3 "
# SELECT id, uid, name, description, device_size, is_connected FROM usb_storage;
# SELECT id, last_connected_node, speed, usbpath, mount_point, fstype, label, serial FROM usb_storage;
# SELECT id, zfs_name, type, volume_id, name, path, comment, user_id FROM share;
# SELECT share_id, mb_refquota FROM zfs_attr;"
# cat /etc/frontview/usb/storage.conf
# ls -x /dev/sd[g-z]*; ls /dev/mapper /media'