From 96700dbb845dfae4facc52e361c36d32adc3e9b3 Mon Sep 17 00:00:00 2001 From: erdgeist Date: Wed, 3 May 2006 16:01:41 +0000 Subject: Crypto image init-attach args converter introduced. --- ezjail-admin | 68 +++++++++++++++++++++++++++++++++++++++++++++++++----------- ezjail.sh | 13 +++++++++--- 2 files changed, 66 insertions(+), 15 deletions(-) diff --git a/ezjail-admin b/ezjail-admin index 5e30c9f..2c6e7ee 100755 --- a/ezjail-admin +++ b/ezjail-admin @@ -43,7 +43,7 @@ detach_images () { umount ${ezjail_rootdir} > /dev/null case ${ezjail_imagetype} in bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null;; - eli) geil detach /dev/${ezjail_imagedevice} > /dev/null;; + eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; esac mdconfig -d -u ${ezjail_imagedevice} > /dev/null [ "$1" = "success" ] || rm -f ${ezjail_image} @@ -139,7 +139,7 @@ case "$1" in ######################## ezjail-admin CREATE ######################## create) # Clean variables, prevent polution - unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config + unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_fillme="YES" shift; while getopts :f:r:s:xic:C: arg; do case ${arg} in @@ -246,16 +246,24 @@ create) [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" case "${ezjail_imagetype}" in - bde) - # Initialise crypto image - echo "Initialising crypto device. Enter a new passphrase twice..." - gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image." - - echo "Attaching crypto device. Enter the passphrase..." - gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image." - ezjail_device=${ezjail_imagedevice}.bde - ;; - eli) + bde|eli) + # parse imageparams, generate attachparams + if [ -n "${ezjail_imageparams}" ] ; then + ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` + [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed" + fi + case "${ezjail_imagetype}" in + bde) init_cmd="gbde init /dev/${ezjail_imagedevice} ${ezjail_imageparams}" + attach_cmd="gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams}";; + eli) init_cmd="geli init ${ezjail_imageparams} /dev/${ezjail_imagedevice}" + attach_cmd="geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice}";; + esac + echo "Initialising crypto device. Enter a new passphrase twice... (if necessary)" + ( echo ${init_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not initialise crypto image." + + echo "Attaching crypto device. Enter the passphrase... (if necessary)" + ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." + ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} ;; simple) ezjail_device=${ezjail_imagedevice} @@ -306,6 +314,7 @@ create) echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config} echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} + echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} # Final steps for flavour installation if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then @@ -545,6 +554,41 @@ config) esac ;; + +############################################################################## +# ezjail_imageparams HACK starts here +# +# +_parse_geli_attach_args_) + # create geli(8) attach arguments from geli(8) init arguments: + # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, + # everything else is dicarded + shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in + b|v|a|i|l|s);; # ignore these + P) echo -n "-p ";; + K) echo -n "-k '$OPTARG' ";; + ?) exit 11;; + esac; done + exit 0 + ;; +_parse_gbde_attach_args_) + # create gbde(8) attach arguments from gbde(8) init arguments: + # -L lockfile becomes -l lockfile if present + # -K keyfile becomes -k keyfile if present + # -P passphrase becomes -p passphrase if present + # everything else is discarded + shift; while getopts :iK:f:L:P: arg; do case ${arg} in + i|f);; # ignore these + P) echo -n "-p '$OPTARG' ";; + K) echo -n "-k '$OPTARG' ";; + L) echo -n "-l '$OPTARG' ";; + ?) exit 11;; + esac; done + exit 0 + ;; +# +# ezjail_imageparams HACK ends here (thank god) +############################################################################## *) exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" ;; diff --git a/ezjail.sh b/ezjail.sh index 49d915f..e461436 100755 --- a/ezjail.sh +++ b/ezjail.sh @@ -60,6 +60,7 @@ do_cmd() eval ezjail_root=\"\$jail_${ezjail}_rootdir\" eval ezjail_image=\"\$jail_${ezjail}_image\" eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" + eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\" # Cannot auto mount crypto jails without interrupting boot process [ "${ezjail_fromrc}" = "YES" -a "${ezjail_imagetype}" = "crypto" -a "${action}" = "start" ] && continue @@ -95,12 +96,15 @@ attach_detach_pre () case ${ezjail_imagetype} in crypto|bde) echo "Attaching gbde device for image jail ${ezjail}..." - gbde attach /dev/${ezjail_device} - + echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh # Device to mount is not md anymore ezjail_device=${ezjail_device}.bde ;; eli) + echo "Attaching gbde device for image jail ${ezjail}..." + echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh + # Device to mount is not md anymore + ezjail_device=${ezjail_device}.eli ;; esac @@ -115,7 +119,10 @@ attach_detach_pre () ezjail_device=`stat -f "%Y" ${ezjail_root}.device` # Add this device to the list of devices to be unmounted - ezjail_mds="${ezjail_mds} ${ezjail_device%.bde}" + case ${ezjail_imagetype} in + crypto|bde) ezjail_mds="${ezjail_mds} ${ezjail_device%.bde}" ;; + eli) ezjail_mds="${ezjail_mds} ${ezjail_device%.eli}" ;; + esac # Remove soft link (which acts as a lock) rm -f ${ezjail_root}.device -- cgit v1.2.3