blob: c0c2f9e2e6731630e3844a6f63c4712199f7b626 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
/^#/ || /^$/ { next }
NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next }
{
# decode the src variants
split($2, o_src, "=")
if (o_src[1] == "UUID" || o_src[1] == "PARTUUID") ("blkid -l -o device -t " $2) | getline src;
else src=o_src[1];
# no password or none is given, ask fo it
if ( NF == 2 ) {
ccmd="cryptsetup luksOpen " src " " $1;
system(ccmd);
ccmd="";
}
else if (NF == 3 ) {
dest=$1
key=$3
split($3, po, "=");
if ( po[1] == "none") ccmd="cryptsetup luksOpen " src " " dest;
else ccmd="cryptsetup luksOpen -d " key " " src" " dest;
system(ccmd);
ccmd="";
}
else {
# the option field is not empty parse the options
dest=$1
key=$3
split($4, opts, ",");
commonopts="";
swapopts="";
luksopts="";
for(i in opts) {
split(opts[i], para, "=");
par=para[1];
val=para[2];
if ( par == "readonly" || par == "read-only") commonopts=commonopts "-r ";
else if ( par == "discard" ) commonopts=commonopts "--allow-discards ";
else if ( par == "tries" ) commonopts=commonopts "-T " val " ";
else if ( par == "swap" ) makeswap="y";
else if ( par == "cipher" ) swapopts=swapopts "-c " val " ";
else if ( par == "size" ) swapopts=swapopts "-s " val " ";
else if ( par == "hash" ) swapopts=swapopts "-h " val " ";
else if ( par == "offset" ) swapopts=swapopts "-o " val " ";
else if ( par == "skip" ) swapopts=swapopts "-p " val " ";
else if ( par == "verify" ) swapopts=swapopts "-y ";
#else if ( par == "noauto" )
#else if ( par == "nofail" )
#else if ( par == "plain" )
#else if ( par == "timeout" )
#else if ( par == "tmp" )
else if ( par == "luks" ) use_luks="y";
else if ( par == "keyscript" ) {use_keyscript="y"; keyscript=val;}
else if ( par == "keyslot" || par == "key-slot" ) luksopts=luksopts "-S " val " ";
else if ( par == "keyfile-size" ) luksopts=luksopts "-l " val " ";
else if ( par == "keyfile-offset" ) luksopts=luksopts "-keyfile-offset=" val " ";
else if ( par == "header" ) luksopts=luksopts "--header=" val " ";
else {
print "option: " par " not supported " >"/dev/stderr";
makeswap="";
use_luks="";
use_keyscript="";
next;
}
}
if ( makeswap == "y" && use_luks != "y" ) {
ccmd="cryptsetup " swapopts commonopts "-d " key " create " dest " " src;
ccmd_2="mkswap /dev/mapper/" dest;
makeswap="";
use_luks="";
use_keyscript="";
system(ccmd);
system(ccmd_2);
ccmd="";
ccmd_2="";
next;
}
if ( use_luks == "y" && makeswap != "y" ){
if ( use_keyscript == "y") {
ccmd=keyscript " | cryptsetup " luksopts commonopts "luksOpen -d - " src " " dest;
use_keyscript="";
}
else {
if ( key == "none" ){
ccmd="cryptsetup " luksopts commonopts "luksOpen " src " " dest;
}
else {
ccmd="cryptsetup " luksopts commonopts "luksOpen -d " key " " src " " dest;
}
}
}
else {
print "use swap OR luks as option" >"/dev/stderr";
ccmd="";
}
makeswap="";
use_luks="";
use_keyscript="";
if ( ccmd != ""){
system(ccmd);
ccmd=""
}
}
}
|