From f719c5df60b6b49488d4970fd24a06ec5f2d8eea Mon Sep 17 00:00:00 2001 From: Kevin MacMartin Date: Thu, 29 May 2014 03:51:54 -0400 Subject: [PATCH] Wrapped variables in quotes where appropriate, numerous fixes were made, and errors now produce error messages and then exit with a failed state --- cryptobox | 109 +++++++++++++++++++++++++----------------------------- 1 file changed, 50 insertions(+), 59 deletions(-) diff --git a/cryptobox b/cryptobox index 3233016..a8bf2d2 100755 --- a/cryptobox +++ b/cryptobox @@ -10,85 +10,76 @@ # # ############################################################## -NAME=`echo $0 | grep -o -e "[^\/]*$"` +NAME=`echo "$0" | grep -o -e "[^\/]*$"` -# Check for root -[[ "$UID" -ne 0 ]] && (echo -e "Error: Please run this script with root permissions\n"; exit 1) - -# Check dependencies -[[ `type -P dd` ]] || (echo "Error: The 'dd' program is missing"; exit 1) -[[ `type -P losetup` ]] || (echo "Error: The 'losetup' program is missing"; exit 1) -[[ `type -P cryptsetup` ]] || (echo "Error: The 'cryptsetup' program is missing"; exit 1) -[[ `type -P mkfs` ]] || (echo "Error: The 'mkfs' program is missing"; exit 1) - -# Load modules if they aren't present -[[ `lsmod | grep loop` ]] || echo "loading 'loop' module"; modprobe loop || (echo "Error: failed to load 'loop' module"; exit 1) -[[ `lsmod | grep dm_mod` ]] || echo "loading 'dm_mod' module"; modprobe dm_mod || (echo "Error: failed to load 'dm_mod' module"; exit 1) +function errorquit { + echo -e "Error: $1" + [[ "$1" = "syntax" ]] && (echo; usage) + exit 1 +} function usage { echo -e "${NAME}: create and mount encrypted images\n" - echo "Usage: ${NAME} option arguments" + echo "Usage: $NAME option arguments" echo -e "\tc (create) -> $NAME c filename.img filesystem size-in-mb" echo -e "\tm (mount) -> $NAME m filename.img /mount/point" echo -e "\tu (umount) -> $NAME u /mount/point" } +# Check for root +[[ "$UID" -ne 0 ]] && errorquit "run with root permission\n" + +# Check dependencies +[[ `type -P dd` ]] || errorquit "Error: The 'dd' program is missing" +[[ `type -P losetup` ]] || errorquit "Error: The 'losetup' program is missing" +[[ `type -P cryptsetup` ]] || errorquit "Error: The 'cryptsetup' program is missing" +[[ `type -P mkfs` ]] || errorquit "Error: The 'mkfs' program is missing" + +# Load modules if they aren't present +[[ `lsmod | grep loop` ]] || echo "loading 'loop' module"; modprobe loop || errorquit "Error: failed to load 'loop' module" +[[ `lsmod | grep dm_mod` ]] || echo "loading 'dm_mod' module"; modprobe dm_mod || errorquit "Error: failed to load 'dm_mod' module" + if [ -z "$1" ]; then - usage - exit 1 + usage; exit 1 elif [ ! "$1" = "c" -a ! "$1" = "m" -a ! "$1" = "u" ]; then - echo "syntax error" - usage - exit 1 + errorquit "syntax" fi case "$1" in - "c") - if [ -z "$2" -o -z "$3" -o -z "$4" ]; then - echo "syntax error" - usage - exit 1 - fi - if [ -f "$2" ]; then - echo "error: $2 already exists" - exit 1 - fi + c) + if [ -z "$2" -o -z "$3" -o -z "$4" ]; then errorquit "syntax"; fi + [[ -f "$2" ]] && errorquit "$2 already exists" LOOPDEV=`losetup -f` CONTAINER=`echo "$2" | sed s/"[^\/]*\/"//g | sed s/"\.".*$//g` - dd bs=1M count="$4" if=/dev/urandom of="$2" - losetup $LOOPDEV "$2" - cryptsetup -c aes-xts-plain -y -s 512 luksFormat $LOOPDEV - cryptsetup luksOpen $LOOPDEV $CONTAINER - mkfs -t "$3" /dev/mapper/$CONTAINER || echo "error: mkfs failed for filesystem type: $3" - cryptsetup luksClose $CONTAINER - losetup -d $LOOPDEV + dd bs=1M count="$4" if=/dev/urandom of="$2" || errorquit "couldn't create create image file" + losetup "$LOOPDEV" "$2" || errorquit "couldn't setup loop device (${LOOPDEV})" + cryptsetup -c aes-xts-plain -y -s 512 luksFormat "$LOOPDEV" || errorquit "couldn't encrypt image file" + cryptsetup luksOpen "$LOOPDEV" "$CONTAINER" || errorquit "couldn't decrypt $CONTAINER" + mkfs -t "$3" "/dev/mapper/${CONTAINER}" || errorquit "mkfs failed for filesystem type: $3" + cryptsetup luksClose "$CONTAINER" || errorquit "couldn't close encryption for $CONTAINER" + sleep 1 + losetup -d "$LOOPDEV" || errorquit "couldn't close loop device (${LOOPDEV})" ;; - "m") - if [ -z "$2" -o -z "$3" ]; then echo -e "Error: syntax\n"; usage; exit 1; fi - [[ ! -f "$2" ]] && (echo "Error: $2 does not exist"; exit 1) - [[ -d "$3" ]] || (echo "Error: $3 does not exist"; exit 1) + m) + if [ -z "$2" -o -z "$3" ]; then errorquit "syntax"; fi + [[ ! -f "$2" ]] && errorquit "$2 does not exist" + [[ -d "$3" ]] || errorquit "$3 does not exist" LOOPDEV=$(losetup -f) - CONTAINER=$(echo $LOOPDEV | sed s/"[^\/]*\/"//g | sed s/"\.".*$//g) - losetup $LOOPDEV "$2" - cryptsetup luksOpen $LOOPDEV $CONTAINER - mount /dev/mapper/$CONTAINER "$3" + CONTAINER=$(echo "$LOOPDEV" | sed s/"[^\/]*\/"//g | sed s/"\.".*$//g) + losetup "$LOOPDEV" "$2" || errorquit "couldn't setup loop device (${LOOPDEV})" + cryptsetup luksOpen "$LOOPDEV" "$CONTAINER" || errorquit "couldn't decrypt $CONTAINER" + mount "/dev/mapper/${CONTAINER}" "$3" || errorquit "couldn't mount /dev/mapper/${CONTAINER} on $3" ;; - "u") - if [ -z "$2" ]; then - echo "syntax error" - usage - exit 1 - fi + u) + if [ -z "$2" ]; then errorquit "syntax"; fi MOUNT=`mount | grep $(echo "$2" | sed s/"\/"$//)` - if [ -z "$MOUNT" ]; then - echo "error: $2 is not mounted" - exit 1 - fi - LOOPDEV=`echo $MOUNT | sed s/\ .*//g | sed s/"\/mapper"//` - CONTAINER=`echo $LOOPDEV | sed s/"[^\/]*\/"//g | sed s/"\.".*$//g` - umount "$2" - cryptsetup luksClose $CONTAINER - losetup -d $LOOPDEV + [[ -z "$MOUNT" ]] && errorquit "$2 is not mounted" + LOOPDEV=`echo "$MOUNT" | sed s/\ .*//g | sed s/"\/mapper"//` + CONTAINER=`echo "$LOOPDEV" | sed s/"[^\/]*\/"//g | sed s/"\.".*$//g` + umount "$2" || errorquit "Couldn't unmount $2" + cryptsetup luksClose "$CONTAINER" || errorquit "couldn't close encryption for $CONTAINER" + sleep 1 + losetup -d "$LOOPDEV" || errorquit "couldn't close loop device (${LOOPDEV})" ;; generic) usage