Linux ip-172-26-2-223 5.4.0-1018-aws #18-Ubuntu SMP Wed Jun 24 01:15:00 UTC 2020 x86_64
Apache
: 172.26.2.223 | : 3.16.137.217
Cant Read [ /etc/named.conf ]
8.1.13
www
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
/
snap /
core22 /
1963 /
usr /
lib /
cryptsetup /
[ HOME SHELL ]
Name
Size
Permission
Action
checks
[ DIR ]
drwxr-xr-x
scripts
[ DIR ]
drwxr-xr-x
askpass
22.48
KB
-rwxr-xr-x
cryptdisks-functions
8.41
KB
-rw-r--r--
functions
26.4
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : functions
if [ "${0#/usr/share/initramfs-tools/hooks/}" != "$0" ] || [ "${0#/etc/initramfs-tools/hooks/}" != "$0" ]; then # called from an initramfs-tools hook script TABFILE="$DESTDIR/cryptroot/crypttab" elif [ "${0#/scripts/}" != "$0" ]; then # called at initramfs stage from a boot script TABFILE="/cryptroot/crypttab" CRYPTROOT_COUNT_FILE="/run/cryptroot.initrd.cnt" else TABFILE="${TABFILE-/etc/crypttab}" fi export DM_DEFAULT_NAME_MANGLING_MODE=hex # for dmsetup(8) # Logging helpers. Send the argument list to plymouth(1), or fold it # and print it to the standard error. cryptsetup_message() { local IFS=' ' if [ "${0#/scripts/}" != "$0" ] && [ -x /bin/plymouth ] && plymouth --ping; then plymouth message --text="cryptsetup: $*" elif [ ${#*} -lt 70 ]; then echo "cryptsetup: $*" >&2 else # use busybox's fold(1) and sed(1) at initramfs stage echo "cryptsetup: $*" | fold -s | sed '1! s/^/ /' >&2 fi return 0 } # crypttab_parse_options([--export], [--quiet], [--missing-path={ignore|warn|fail}]) # Parse $_CRYPTTAB_OPTIONS, a comma-separated option string from the # crypttab(5) 4th column, and sets corresponding variables # CRYPTTAB_OPTION_<option>=<value> (which are added to the environment # if --export is set). If --path-exists isn't set to "ignore" (the # default), then options taking a file name, such as header=<path>, # need to point to an existing path, otherwise a warning is printed; # and an error is raised if the value is set to "fail". # For error and warning messages, CRYPTTAB_NAME, (resp. CRYPTTAB_KEY) # should be set to the (unmangled) mapped device name (resp. key # file). # Moreover CRYPTTAB_TYPE is set the device type. # Return 1 on parsing error, 0 otherwise (incl. if unknown options # were encountered). crypttab_parse_options() { local quiet="n" export="n" missing_path="ignore" while [ $# -gt 0 ]; do case "$1" in --quiet) quiet="y";; --export) export="y";; --missing-path=*) missing_path="${1#--missing-path=}";; *) cryptsetup_message "WARNING: crypttab_parse_options(): unknown option $1" esac shift done local IFS=',' x OPTION VALUE unset -v CRYPTTAB_OPTION_cipher \ CRYPTTAB_OPTION_size \ CRYPTTAB_OPTION_sector_size \ CRYPTTAB_OPTION_hash \ CRYPTTAB_OPTION_offset \ CRYPTTAB_OPTION_skip \ CRYPTTAB_OPTION_verify \ CRYPTTAB_OPTION_readonly \ CRYPTTAB_OPTION_discard \ CRYPTTAB_OPTION_plain \ CRYPTTAB_OPTION_luks \ CRYPTTAB_OPTION_tcrypt \ CRYPTTAB_OPTION_veracrypt \ CRYPTTAB_OPTION_bitlk \ CRYPTTAB_OPTION_swap \ CRYPTTAB_OPTION_tmp \ CRYPTTAB_OPTION_check \ CRYPTTAB_OPTION_checkargs \ CRYPTTAB_OPTION_tries \ CRYPTTAB_OPTION_initramfs \ CRYPTTAB_OPTION_noearly \ CRYPTTAB_OPTION_noauto \ CRYPTTAB_OPTION_loud \ CRYPTTAB_OPTION_quiet \ CRYPTTAB_OPTION_keyscript \ CRYPTTAB_OPTION_keyslot \ CRYPTTAB_OPTION_header \ CRYPTTAB_OPTION_tcrypthidden \ CRYPTTAB_OPTION_same_cpu_crypt \ CRYPTTAB_OPTION_submit_from_crypt_cpus \ CRYPTTAB_OPTION_no_read_workqueue \ CRYPTTAB_OPTION_no_write_workqueue # use $_CRYPTTAB_OPTIONS not $CRYPTTAB_OPTIONS as options values may # contain '\054' which is decoded to ',' in the latter for x in $_CRYPTTAB_OPTIONS; do OPTION="${x%%=*}" VALUE="${x#*=}" if [ "$x" = "$OPTION" ]; then unset -v VALUE else VALUE="$(printf '%b' "$VALUE")" fi if ! crypttab_validate_option; then if [ "$quiet" = "n" ]; then cryptsetup_message "ERROR: $CRYPTTAB_NAME: invalid value for '${x%%=*}' option, skipping" fi return 1 elif [ -z "${OPTION+x}" ]; then continue fi if [ "$export" = "y" ]; then export "CRYPTTAB_OPTION_$OPTION"="${VALUE-yes}" else eval "CRYPTTAB_OPTION_$OPTION"='${VALUE-yes}' fi done IFS=" " if ! _get_crypt_type; then # set CRYPTTAB_TYPE to the type of crypt device CRYPTTAB_TYPE="plain" if [ "$quiet" = "n" ]; then cryptsetup_message "WARNING: $CRYPTTAB_NAME: couldn't determine device type," \ "assuming default ($CRYPTTAB_TYPE)." fi fi if [ "$quiet" = "n" ] && [ -n "${CRYPTTAB_OPTION_header+x}" ] && [ "$CRYPTTAB_TYPE" != "luks" ]; then cryptsetup_message "WARNING: $CRYPTTAB_NAME: Headers are only supported for LUKS devices." fi if [ "$CRYPTTAB_TYPE" = "plain" ]; then # the compiled-in default for these are subject to change options='cipher size' if [ -n "${CRYPTTAB_OPTION_keyscript+x}" ] || [ "$CRYPTTAB_KEY" = "none" ]; then options="$options hash" # --hash is being ignored in plain mode with keyfile specified fi for o in $options; do if [ "$quiet" = "n" ] && eval [ -z "\${CRYPTTAB_OPTION_$o+x}" ]; then cryptsetup_message "WARNING: Option '$o' missing in crypttab for plain dm-crypt" \ "mapping $CRYPTTAB_NAME. Please read /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz and" \ "add the correct '$o' option to your crypttab(5)." fi done fi } # crypttab_validate_option() # Validate $OPTION=$VALUE (or flag $OPTION if VALUE is unset). return # 1 on error, unsets OPTION for unknown or useless options. crypttab_validate_option() { # option aliases case "$OPTION" in read-only) OPTION="readonly";; key-slot) OPTION="keyslot";; tcrypt-hidden) OPTION="tcrypthidden";; tcrypt-veracrypt) OPTION="veracrypt";; esac # sanitize the option name so CRYPTTAB_OPTION_$OPTION is a valid variable name local o="$OPTION" case "$o" in keyfile-offset) OPTION="keyfile_offset";; keyfile-size) OPTION="keyfile_size";; sector-size) OPTION="sector_size";; same-cpu-crypt) OPTION="same_cpu_crypt";; submit-from-crypt-cpus) OPTION="submit_from_crypt_cpus";; no-read-workqueue) OPTION="no_read_workqueue";; no-write-workqueue) OPTION="no_write_workqueue";; esac case "$o" in # value must be a non-empty string cipher|hash) [ -n "${VALUE:+x}" ] || return 1 ;; # value must be a non-empty string, and an existing path if --missing-path is set header) [ -n "${VALUE:+x}" ] || return 1 if [ "$missing_path" != "ignore" ]; then if [ ! -e "$VALUE" ]; then cryptsetup_message "WARNING: $CRYPTTAB_NAME: $VALUE does not exist"; [ "$missing_path" = "warn" ] || return 1 fi fi ;; # numeric options >0 size|keyfile-size|sector-size) if ! printf '%s' "${VALUE-}" | grep -Exq "0*[1-9][0-9]*"; then return 1 fi ;; # numeric options >=0 offset|skip|tries|keyslot|keyfile-offset) if ! printf '%s' "${VALUE-}" | grep -Exq "[0-9]+"; then return 1 fi ;; tmp) if [ -z "${VALUE+x}" ]; then VALUE="ext4" # 'tmp flag' elif [ -z "$VALUE" ]; then return 1 fi ;; check) if [ -z "${VALUE+x}" ]; then if [ -n "${CRYPTDISKS_CHECK-}" ]; then VALUE="$CRYPTDISKS_CHECK" else unset -v OPTION return 0 fi fi if [ "${VALUE#/}" = "$VALUE" ]; then VALUE="/lib/cryptsetup/checks/$VALUE" fi if [ ! -x "$VALUE" ] || [ ! -f "$VALUE" ]; then return 1 fi ;; checkargs) [ -n "${VALUE+x}" ] || return 1 # must have a value (possibly empty) ;; keyscript) [ -n "${VALUE:+x}" ] || return 1 # must have a value if [ "${VALUE#/}" = "$VALUE" ]; then VALUE="/lib/cryptsetup/scripts/$VALUE" fi if [ ! -x "$VALUE" ] || [ ! -f "$VALUE" ]; then return 1 fi ;; # and now the flags verify) ;; loud) ;; quiet) ;; initramfs) ;; noearly) ;; noauto) ;; readonly) ;; discard) ;; plain) ;; luks) ;; swap) ;; tcrypt) ;; veracrypt) ;; tcrypthidden) ;; bitlk) ;; same-cpu-crypt) ;; submit-from-crypt-cpus) ;; no-read-workqueue) ;; no-write-workqueue) ;; *) if [ "${quiet:-n}" = "n" ]; then cryptsetup_message "WARNING: $CRYPTTAB_NAME: ignoring unknown option '$o'"; fi unset -v OPTION ;; esac } # crypttab_resolve_source() # Resolve the CRYPTTAB_SOURCE variable, containing value of the second # field of a crypttab(5)-like file. # On error (non-existing source), CRYPTTAB_SOURCE is not changed and 1 # is returned. crypttab_resolve_source() { # return immediately if source is a regular file [ ! -f "$CRYPTTAB_SOURCE" ] || return 0 # otherwise resolve the block device specification local dev="$CRYPTTAB_SOURCE" dev="$(_resolve_device_spec "$dev")" && CRYPTTAB_SOURCE="$dev" || return 1 } # run_keyscript($tried_count) # exec()'ute `$CRYPTTAB_OPTION_keyscript "$CRYPTTAB_KEY"`. # If $CRYPTTAB_OPTION_keyscript is unset or null and $CRYPTTAB_KEY is # "none" (meaning the passphrase is to be read interactively from the # console), then use `/lib/cryptsetup/askpass` as keyscript with a # suitable prompt message instead. # Since the shell process is replaced with the $CRYPTTAB_OPTION_keyscript # program, run_keyscript() must be used on the left-hand side of a # pipe, or similar. run_keyscript() { local keyscript keyscriptarg="$CRYPTTAB_KEY" export CRYPTTAB_NAME CRYPTTAB_SOURCE CRYPTTAB_OPTIONS export _CRYPTTAB_NAME _CRYPTTAB_SOURCE _CRYPTTAB_OPTIONS export CRYPTTAB_TRIED="$1" if [ -n "${CRYPTTAB_OPTION_keyscript+x}" ] && \ [ "$CRYPTTAB_OPTION_keyscript" != "/lib/cryptsetup/askpass" ]; then # 'keyscript' option is present: export its argument as $CRYPTTAB_KEY export CRYPTTAB_KEY _CRYPTTAB_KEY keyscript="$CRYPTTAB_OPTION_keyscript" elif [ "$keyscriptarg" = "none" ]; then # don't export the prompt message as CRYPTTAB_KEY keyscript="/lib/cryptsetup/askpass" keyscriptarg="Please unlock disk $CRYPTTAB_NAME: " fi exec "$keyscript" "$keyscriptarg" } # _get_crypt_type() # Set CRYPTTAB_TYPE to the mapping type, depending on its # $CRYPTTAB_OPTION_<option> values # Return a non-zero status if the mapping couldn't be determined _get_crypt_type() { local s="$CRYPTTAB_SOURCE" t="" blk_t if [ "${CRYPTTAB_OPTION_luks-}" = "yes" ]; then t="luks" elif [ "${CRYPTTAB_OPTION_tcrypt-}" = "yes" ]; then t="tcrypt" elif [ "${CRYPTTAB_OPTION_plain-}" = "yes" ]; then t="plain" elif [ "${CRYPTTAB_OPTION_bitlk-}" = "yes" ]; then t="bitlk" elif [ -n "${CRYPTTAB_OPTION_header+x}" ]; then # detached headers are only supported for LUKS devices if [ -e "$CRYPTTAB_OPTION_header" ] && /sbin/cryptsetup isLuks -- "$CRYPTTAB_OPTION_header"; then t="luks" fi elif [ -f "$s" ] || s="$(_resolve_device_spec "$CRYPTTAB_SOURCE")"; then if /sbin/cryptsetup isLuks -- "$s"; then t="luks" elif blk_t="$(blkid -s TYPE -o value -- "$s")" && [ "$blk_t" = "BitLocker" ]; then t="bitlk" fi fi [ -n "$t" ] || return 1 CRYPTTAB_TYPE="$t" } # unlock_mapping([$keyfile]) # Run cryptsetup(8) with suitable options and arguments to unlock # $CRYPTTAB_SOURCE and setup dm-crypt managed device-mapper mapping # $CRYPTTAB_NAME. unlock_mapping() { local keyfile="${1:--}" if [ "$CRYPTTAB_TYPE" = "luks" ] || [ "$CRYPTTAB_TYPE" = "tcrypt" ]; then # ignored for LUKS and TCRYPT devices unset -v CRYPTTAB_OPTION_cipher \ CRYPTTAB_OPTION_size \ CRYPTTAB_OPTION_hash \ CRYPTTAB_OPTION_offset \ CRYPTTAB_OPTION_skip fi if [ "$CRYPTTAB_TYPE" = "plain" ] || [ "$CRYPTTAB_TYPE" = "tcrypt" ]; then unset -v CRYPTTAB_OPTION_keyfile_size fi if [ "$CRYPTTAB_TYPE" = "tcrypt" ]; then # ignored for TCRYPT devices unset -v CRYPTTAB_OPTION_keyfile_offset else # ignored for non-TCRYPT devices unset -v CRYPTTAB_OPTION_veracrypt CRYPTTAB_OPTION_tcrypthidden fi if [ "$CRYPTTAB_TYPE" != "luks" ]; then # ignored for non-LUKS devices unset -v CRYPTTAB_OPTION_keyslot fi /sbin/cryptsetup -T1 \ ${CRYPTTAB_OPTION_header:+--header="$CRYPTTAB_OPTION_header"} \ ${CRYPTTAB_OPTION_cipher:+--cipher="$CRYPTTAB_OPTION_cipher"} \ ${CRYPTTAB_OPTION_size:+--key-size="$CRYPTTAB_OPTION_size"} \ ${CRYPTTAB_OPTION_sector_size:+--sector-size="$CRYPTTAB_OPTION_sector_size"} \ ${CRYPTTAB_OPTION_hash:+--hash="$CRYPTTAB_OPTION_hash"} \ ${CRYPTTAB_OPTION_offset:+--offset="$CRYPTTAB_OPTION_offset"} \ ${CRYPTTAB_OPTION_skip:+--skip="$CRYPTTAB_OPTION_skip"} \ ${CRYPTTAB_OPTION_verify:+--verify-passphrase} \ ${CRYPTTAB_OPTION_readonly:+--readonly} \ ${CRYPTTAB_OPTION_discard:+--allow-discards} \ ${CRYPTTAB_OPTION_veracrypt:+--veracrypt} \ ${CRYPTTAB_OPTION_keyslot:+--key-slot="$CRYPTTAB_OPTION_keyslot"} \ ${CRYPTTAB_OPTION_tcrypthidden:+--tcrypt-hidden} \ ${CRYPTTAB_OPTION_keyfile_size:+--keyfile-size="$CRYPTTAB_OPTION_keyfile_size"} \ ${CRYPTTAB_OPTION_keyfile_offset:+--keyfile-offset="$CRYPTTAB_OPTION_keyfile_offset"} \ ${CRYPTTAB_OPTION_same_cpu_crypt:+--perf-same_cpu_crypt} \ ${CRYPTTAB_OPTION_submit_from_crypt_cpus:+--perf-submit_from_crypt_cpus} \ ${CRYPTTAB_OPTION_no_read_workqueue:+--perf-no_read_workqueue} \ ${CRYPTTAB_OPTION_no_write_workqueue:+--perf-no_write_workqueue} \ --type="$CRYPTTAB_TYPE" --key-file="$keyfile" \ open -- "$CRYPTTAB_SOURCE" "$CRYPTTAB_NAME" } # resume_mapping([$keyfile]) # Run cryptsetup(8) with suitable options and arguments to resume # $CRYPTTAB_NAME. resume_mapping() { local keyfile="${1:--}" if [ "$CRYPTTAB_TYPE" != "luks" ]; then cryptsetup_message "ERROR: $CRYPTTAB_NAME: unable to resume non-luks device" return 1 fi /sbin/cryptsetup -T1 \ ${CRYPTTAB_OPTION_header:+--header="$CRYPTTAB_OPTION_header"} \ ${CRYPTTAB_OPTION_keyslot:+--key-slot="$CRYPTTAB_OPTION_keyslot"} \ ${CRYPTTAB_OPTION_keyfile_size:+--keyfile-size="$CRYPTTAB_OPTION_keyfile_size"} \ ${CRYPTTAB_OPTION_keyfile_offset:+--keyfile-offset="$CRYPTTAB_OPTION_keyfile_offset"} \ --type="$CRYPTTAB_TYPE" --key-file="$keyfile" \ luksResume "$CRYPTTAB_NAME" } # resume_device($device) # Resume $device with endless retries. Used by cryptsetup-suspend-wrapper. resume_device() { local device="$1" # check if device is really suspended if dmsetup info -c --noheadings -o suspended -- "$device" 2>/dev/null | grep -Fxq "Active"; then cryptsetup_message "ERROR: $CRYPTTAB_NAME: device was not suspendend" sleep 5 return 1 fi crypttab_find_entry "$device" crypttab_parse_options --quiet _get_crypt_type # Loop endlessly until the resume command succeeded while true; do if [ "$CRYPTTAB_KEY" != "none" ]; then resume_mapping "$CRYPTTAB_KEY" && break || true else run_keyscript 1 | resume_mapping && break || true fi done } # crypttab_key_check() # Sanity checks for keyfile $CRYPTTAB_KEY. CRYPTTAB_NAME and # CRYPTTAB_OPTION_<option> must be set appropriately. crypttab_key_check() { if [ ! -f "$CRYPTTAB_KEY" ] && [ ! -b "$CRYPTTAB_KEY" ] && [ ! -c "$CRYPTTAB_KEY" ] ; then cryptsetup_message "WARNING: $CRYPTTAB_NAME: keyfile '$CRYPTTAB_KEY' not found" return 0 fi if [ "$CRYPTTAB_KEY" = "/dev/random" ] || [ "$CRYPTTAB_KEY" = "/dev/urandom" ]; then if [ -n "${CRYPTTAB_OPTION_luks+x}" ] || [ -n "${CRYPTTAB_OPTION_tcrypt+x}" ]; then cryptsetup_message "WARNING: $CRYPTTAB_NAME: has random data as key" return 1 else return 0 fi fi local mode="$(stat -L -c"%04a" -- "$CRYPTTAB_KEY")" if [ $(stat -L -c"%u" -- "$CRYPTTAB_KEY") -ne 0 ] || [ "${mode%00}" = "$mode" ]; then cryptsetup_message "WARNING: $CRYPTTAB_NAME: key file $CRYPTTAB_KEY has" \ "insecure ownership, see /usr/share/doc/cryptsetup/README.Debian.gz." fi } # _resolve_device_spec($spec) # Resolve LABEL=<label>, UUID=<uuid>, PARTUUID=<partuuid> and # PARTLABEL=<partlabel> to a block special device. If $spec is # already a (link to a block special device) then it is echoed as is. # Return 1 if $spec doesn't correspond to a block special device. _resolve_device_spec() { local spec="$1" case "$spec" in UUID=*|LABEL=*|PARTUUID=*|PARTLABEL=*) # don't use /dev/disk/by-label/... to avoid gessing udev mangling spec="$(blkid -l -t "$spec" -o device)" || spec= ;; esac [ -b "$spec" ] && printf '%s\n' "$spec" || return 1 } # dm_blkdevname($name) # Print the mapped device name, or return 1 if the the device doesn't exist. dm_blkdevname() { local name="$1" dev # /dev/mapper/$name isn't reliable due to udev mangling if dev="$(dmsetup info -c --noheadings -o blkdevname -- "$name" 2>/dev/null)" && [ -n "$dev" ] && [ -b "/dev/$dev" ]; then echo "/dev/$dev" return 0 else return 1 fi } # dm_active_crypt_devices() # Print list of active dm-crypt devices. dm_active_crypt_devices() { # XXX: that's not robust wrt udev mangling of special characters such as blank or colons dmsetup table --target crypt | sed -n 's/:.*//p' } # crypttab_find_entry([--quiet], $target) # Search in the crypttab(5) for the given $target, and sets the # variables CRYPTTAB_NAME, CRYPTTAB_SOURCE, CRYPTTAB_KEY and # CRYPTTAB_OPTIONS accordingly. (In addition _CRYPTTAB_NAME, # _CRYPTTAB_SOURCE, _CRYPTTAB_KEY and _CRYPTTAB_OPTIONS are set to the # unmangled values before decoding the escape sequence.) If there are # duplicates then only the first match is considered. # Return 0 if a match is found, and 1 otherwise. crypttab_find_entry() { local target="$1" quiet="n" IFS if [ "$target" = "--quiet" ] && [ $# -eq 2 ]; then quiet="y" target="$2" fi if [ -f "$TABFILE" ]; then while IFS=" " read -r _CRYPTTAB_NAME _CRYPTTAB_SOURCE _CRYPTTAB_KEY _CRYPTTAB_OPTIONS; do if [ "${_CRYPTTAB_NAME#\#}" != "$_CRYPTTAB_NAME" ] || [ -z "$_CRYPTTAB_NAME" ]; then # ignore comments and empty lines continue fi # unmangle names CRYPTTAB_NAME="$(printf '%b' "$_CRYPTTAB_NAME")" if [ -z "$_CRYPTTAB_SOURCE" ] || [ -z "$_CRYPTTAB_KEY" ]; then cryptsetup_message "WARNING: '$CRYPTTAB_NAME' is missing some arguments, see crypttab(5)" continue elif [ "$CRYPTTAB_NAME" = "$target" ]; then CRYPTTAB_SOURCE="$( printf '%b' "$_CRYPTTAB_SOURCE" )" CRYPTTAB_KEY="$( printf '%b' "$_CRYPTTAB_KEY" )" CRYPTTAB_OPTIONS="$(printf '%b' "$_CRYPTTAB_OPTIONS")" return 0 fi done <"$TABFILE" fi if [ "$quiet" = "n" ]; then cryptsetup_message "WARNING: target '$target' not found in $TABFILE" fi return 1 } # crypttab_foreach_entry($callback) # Iterate through the crypttab(5) and run the given $callback for each # entry found. Variables CRYPTTAB_NAME, CRYPTTAB_SOURCE, CRYPTTAB_KEY # and CRYPTTAB_OPTIONS are set accordingly and available to the # $callback. (In addition _CRYPTTAB_NAME, _CRYPTTAB_SOURCE, # _CRYPTTAB_KEY and _CRYPTTAB_OPTIONS are set to the original values # before decoding the escape sequence.) # Return 0 if a match is found, and 1 otherwise. crypttab_foreach_entry() { local callback="$1" IFS local _CRYPTTAB_NAME _CRYPTTAB_SOURCE _CRYPTTAB_KEY _CRYPTTAB_OPTIONS \ CRYPTTAB_NAME CRYPTTAB_SOURCE CRYPTTAB_KEY CRYPTTAB_OPTIONS [ -f "$TABFILE" ] || return while IFS=" " read -r _CRYPTTAB_NAME _CRYPTTAB_SOURCE _CRYPTTAB_KEY _CRYPTTAB_OPTIONS <&9; do if [ "${_CRYPTTAB_NAME#\#}" != "$_CRYPTTAB_NAME" ] || [ -z "$_CRYPTTAB_NAME" ]; then # ignore comments and empty lines continue fi # unmangle names CRYPTTAB_NAME="$(printf '%b' "$_CRYPTTAB_NAME")" if [ -z "$_CRYPTTAB_SOURCE" ] || [ -z "$_CRYPTTAB_KEY" ]; then cryptsetup_message "WARNING: '$CRYPTTAB_NAME' is missing some arguments, see crypttab(5)" continue fi CRYPTTAB_SOURCE="$( printf '%b' "$_CRYPTTAB_SOURCE" )" CRYPTTAB_KEY="$( printf '%b' "$_CRYPTTAB_KEY" )" CRYPTTAB_OPTIONS="$(printf '%b' "$_CRYPTTAB_OPTIONS")" "$callback" 9<&- done 9<"$TABFILE" } # _device_uuid($device) # Print the UUID attribute of given block special $device. Return 0 # on success, 1 on error. _device_uuid() { local device="$1" uuid if uuid="$(blkid -s UUID -o value -- "$device")" && [ -n "$uuid" ]; then printf '%s\n' "$uuid" else return 1 fi } # _resolve_device({$device | $spec}) # Take a path to (or spec for) a block special device, and set DEV to # the (symlink to block) device, and MAJ (resp. MIN) to its major-ID # (resp. minor ID) decimal value. On error these variables are not # changed and 1 is returned. _resolve_device() { local spec="$1" dev devno maj min if dev="$(_resolve_device_spec "$spec")" && devno="$(stat -L -c"%t:%T" -- "$dev" 2>/dev/null)" && maj="${devno%:*}" && min="${devno#*:}" && [ "$devno" = "$maj:$min" ] && [ -n "$maj" ] && [ -n "$min" ] && maj=$(( 0x$maj )) && min=$(( 0x$min )) && [ $maj -gt 0 ]; then DEV="$dev" MAJ="$maj" MIN="$min" return 0 else cryptsetup_message "ERROR: Couldn't resolve device $spec" fi return 1 } # get_mnt_devno($mountpoint) # Print the major:minor device ID(s) holding the file system currently # mounted currenty mounted on $mountpoint. # Return 0 on success, 1 on error (if $mountpoint is not a mountpoint). # devno will be empty if the filesystem must be excluded. get_mnt_devno() { local wantmount="$1" devnos="" uuid dev local out spec fstype DEV MAJ MIN # use awk rather than a `while read; do done` loop here as /proc/mounts # can be many thousands lines long and the `read` builtin goes one # read(2) at the time which slows down execution time, see MR !36 out="$(awk -v mp="$wantmount" -- ' BEGIN { FS = "[ \t]" ret = "" } !/^\s*(#|$)/ { # decode octal sequences; per procfs(5) the format of /proc/mounts # is analogous to fstab(5) head = "" while (match($2, /\\[0-7]{3}/)) { oct = substr($2, RSTART+1, RLENGTH-1) dec = (substr(oct, 1, 1) * 8 + substr(oct, 2, 1)) * 8 + substr(oct, 3, 1) head = head substr($2, 1, RSTART-1) sprintf("%c", dec) $2 = substr($2, RSTART+RLENGTH) } if (head $2 == mp) { # take the last mountpoint if used several times (shadowed) ret = $1 " " $3 } } END { print ret }' </proc/mounts)" || out="" spec="$(printf '%b' "${out% *}")" if [ -n "$out" ]; then fstype="${out##* }" if [ "$fstype" = "zfs" ]; then # Ignore ZFS entries as they don't have a major/minor and won't # be imported when local-top cryptroot script will ran. # Returns success with empty devno printf '' return 0 fi if _resolve_device "$spec"; then # _resolve_device() already warns on error if [ "$fstype" = "btrfs" ]; then # btrfs can span over multiple devices if uuid="$(_device_uuid "$DEV")"; then for dev in "/sys/fs/$fstype/$uuid/devices"/*/dev; do devnos="${devnos:+$devnos }$(cat "$dev")" done else cryptsetup_message "ERROR: $spec: Couldn't determine UUID" fi elif [ -n "$fstype" ]; then devnos="$MAJ:$MIN" fi fi fi if [ -z "${devnos:+x}" ]; then return 1 # not found else printf '%s' "$devnos" fi } # foreach_cryptdev($callback, $maj:$min, [$maj:$min ..]) # Run $callback on the (unmangled) name of each dm-crypt device # recursively holding $maj:$min (typically corresponding to an md, # linear, or dm-crypt device). Slaves that aren't dm-crypt devices # are ignored. foreach_cryptdev() { local callback="$1" devno base shift for devno in "$@"; do base="/sys/dev/block/$devno" if [ ! -d "$base" ]; then cryptsetup_message "ERROR: Couldn't find sysfs directory for $devno" return 1 fi _foreach_cryptdev "$callback" "$base" done } _foreach_cryptdev() { local callback="$1" d="$2" devno maj min name slave [ -d "$d/slaves" ] || return 0 if [ -d "$d/dm" ] && devno="$(cat "$d/dev")" && maj="${devno%:*}" && min="${devno#*:}" && [ "$devno" = "$maj:$min" ] && [ -n "$maj" ] && [ -n "$min" ] && [ "$(dmsetup info -c --noheadings -o subsystem -j "$maj" -m "$min")" = "CRYPT" ] && name="$(dmsetup info -c --noheadings -o unmangled_name -j "$maj" -m "$min")"; then "$callback" "$name" fi for slave in "$d/slaves"/*; do if [ -d "$slave" ] && slave="$(realpath -e -- "$slave")"; then _foreach_cryptdev "$callback" "$slave" fi done } # vim: set filetype=sh :
Close
