diff options
author | Aaron Ball <nullspoon@oper.io> | 2017-09-26 09:31:20 -0600 |
---|---|---|
committer | Aaron Ball <nullspoon@oper.io> | 2017-09-26 09:31:20 -0600 |
commit | 30a84a1bbfbf8afc6aa8532ec61a272f13332a57 (patch) | |
tree | 48f63093ad2997a7890f468acf56ea70455548b5 | |
parent | d82567d46d5df4e3fed100713caca944cccf3637 (diff) | |
download | crypttab-30a84a1bbfbf8afc6aa8532ec61a272f13332a57.tar.gz crypttab-30a84a1bbfbf8afc6aa8532ec61a272f13332a57.tar.xz |
Fixed support for multiline crypttab files
Was parsing all lines in the crypttab file as the same line, causing any
line beyond the first to be ignored.
Also updated global variable tab to be all caps to better indicate that
it is a global.
-rwxr-xr-x | crypttab | 62 |
1 files changed, 37 insertions, 25 deletions
@@ -4,7 +4,7 @@ # on execution. # -tab=/etc/crypttab +TAB=/etc/crypttab # # Iterrates through all entries in crypttab with the purpose to close the @@ -14,13 +14,13 @@ tab=/etc/crypttab # them first, since not doing so will cause the luksClose to hang. # function destroy_entries { - if [[ ! -f ${tab} ]]; then - echo "Could not access ${tab}." + if [[ ! -f ${TAB} ]]; then + echo "Could not access ${TAB}." exit 1 fi # For each entry in crypttab - for entry in "$(cat ${tab})"; do + while read entry; do local name=${entry%% *} # Unmount all mountpoins if mounted anywhere @@ -45,7 +45,7 @@ function destroy_entries { done cryptsetup luksClose ${name} - done + done < "${TAB}" } @@ -54,42 +54,54 @@ function destroy_entries { # (encrypted, or decrypted). # function stat_entries { - if [[ ! -f ${tab} ]]; then - echo "Could not access ${tab}." + local _name # Name of the mount + local _dev # Device to be decrypted + if [[ ! -f ${TAB} ]]; then + echo "Could not access ${TAB}." exit 1 fi # For each entry in crypttab - for i in "$(cat ${tab})"; do - name=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 1) - dev=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 2) + while read line; do + _name=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 1) + _dev=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 2) - if [[ -L /dev/mapper/${name} ]]; then - echo "${dev} decrypted at /dev/mapper/${name}" + if [[ -L /dev/mapper/${_name} ]]; then + echo "${_name} (${_dev}) decrypted at /dev/mapper/${_name}" else - echo "${dev} not decrypted." + echo "${_name} (${_dev}) not decrypted." fi - done + done < "${TAB}" } # # Decrypts each encrypted device listed in crypttab # function setup_entries { - if [[ ! -f ${tab} ]]; then - echo "Could not access ${tab}." + local _name # Name of the encrypted mount + local _dev # Encrypted device path + local _key # Encryption key to decrypt the device with + + if [[ ! -f ${TAB} ]]; then + echo "Could not access ${TAB}." exit 1 fi - for entry in "$(cat ${tab})"; do - name=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 1) - dev=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2) - key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 3) - - echo "Decrypting ${dev} using key ${key}." - echo "Plaintext device is at /dev/mapper/${name}" - cryptsetup luksOpen ${dev} ${name} --key-file ${key} - done + while read entry; do + _name=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 1) + _dev=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2) + _key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 3) + + # Skip any devices that are already decrypted + if [ -b "/dev/mapper/${_name}" ]; then + printf "Device ${_dev} already decrypted at /dev/mapper/${_name}.\n" + continue + fi + echo "Decrypting ${_dev} using key ${_key}." + echo "Plaintext device is at /dev/mapper/${_name}" + cryptsetup luksOpen ${_dev} ${_name} --key-file ${_key} + + done < "${TAB}" } |