#!/bin/bash # This script is supposed to be called from udev rules in order to open and mount a LUKS volume # (an encrypted volume) by using a key file in the user's home directory. # see http://www.hauke-laging.de/software/homeextension/ # This software is licenced under the GPL version 3: http://www.gnu.org/licenses/gpl-3.0.html # CHANGELOG # # 1.1, 2010-06-05, Hauke Laging, http://www.hauke-laging.de/software/homeextension/ # parameters from the udev rule call dev=$1 mode=$2 user=$3 blockdev="/dev/${dev}" # $user need not be an existing account but if it does not exist the # line "eval target_dir=..." has to be modified. standard_action () { test -n "$target_dir" || exit 1 cd "$target_dir" || exit 1 if [ add = "$mode" ] then /sbin/cryptsetup isLuks "$blockdev" || exit 1 uuid="$(/sbin/cryptsetup luksUUID "$blockdev")" if [ -z "$myuuid" -o "$myuuid" = "$uuid" ] then /usr/bin/test -f "$keyfile" || exit 1 /sbin/cryptsetup --key-file "$keyfile" luksOpen "$blockdev" "$dm_name" && /bin/mount -t ext2 -o ro /dev/mapper/"$dm_name" "$mountpoint" && /bin/ln --symbolic --force --no-target-directory "$mountpoint" "$switch_dir" else exit 1 fi fi if [ remove = "$mode" ] then /bin/umount /dev/mapper/"$dm_name" /sbin/cryptsetup luksClose "$dm_name" /bin/ln --symbolic --force --no-target-directory "$dummy_dir" "$switch_dir" fi } # standard_action () case "$user" in specialuser) # these lines MAY be modified - BEGIN dm_name=homeextension-"$user" mountpoint=.homeextension switch_dir=homeextension dummy_dir=.homeextension.dummy keyfile=.homeextension.key eval target_dir="~$user" || exit 1 # eval is needed as ~ (tilde expansion) has # precedence over $user (parameter expansion) # these lines MAY be modified - END standard_action ;; *) id "$user" &>/dev/null || exit 1 dm_name=homeextension-"$user" mountpoint=.homeextension switch_dir=homeextension dummy_dir=.homeextension.dummy keyfile=.homeextension.key eval target_dir="~$user" || exit 1 standard_action ;; esac