diff options
| author |  Christian Hesse <mail@eworm.de> | 2014-12-22 22:03:21 +0100 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2014-12-22 23:20:10 +0100 |
| commit | 0498dd512161b7fb07e703e03bc9b8ca8b3dd400 (patch) | |
| tree | 0ced97f5e7015af52d712c53cf312adfa6c2dfa7 /bin/ykfde | |
| parent | ebcce373b196cd4ad44667a05c856ed0f4b472b5 (diff) | |
| download | mkinitcpio-ykfde-0498dd512161b7fb07e703e03bc9b8ca8b3dd400.tar.gz mkinitcpio-ykfde-0498dd512161b7fb07e703e03bc9b8ca8b3dd400.tar.zst | |
replace shell script with C code, and many more
* place bin/ykfde with C source code bin/ykfde.c
* challenge/response can be updated in place
WARNING: This required config file syntax change!
* updates and simplification to udev/ykfde
* a lot more...
Signed-off-by: Christian Hesse <mail@eworm.de>
Diffstat (limited to 'bin/ykfde')
| -rwxr-xr-x | bin/ykfde | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/bin/ykfde b/bin/ykfde deleted file mode 100755 index 41601b1..0000000 --- a/bin/ykfde +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/sh - -function help() { - echo "usage: ${0} [OPTIONS]" - echo - echo "where OPTIONS are:" - echo " -1 use Yubico key slot 1" - echo " -2 use Yubico key slot 2 (default)" - echo " -h show this help" -} - -DEVICE="$(egrep -v '^(#|$)' /etc/crypttab.initramfs 2>/dev/null | head -n1 | sed 's/\s\+/:/g' | cut -d: -f2)" -SERIAL="$(ykinfo -sq)" -SLOT="2" -TMPDIR="$(mktemp --directory --tmpdir=/tmp/ .$(basename ${0})-${$}-XXXXXX)" - -while getopts "12h" opt; do - case ${opt} in - 1) - SLOT="1" - ;; - 2) - SLOT="2" - ;; - h) - help - exit 0 - ;; - esac -done - -# check we have all information -if [ -z "${DEVICE}" ]; then - echo "Failed to get device from /etc/crypttab.initramfs." >&2 - exit 1 -elif [ ! -b "${DEVICE}" ]; then - echo "Device '${DEVICE}' does not exist or is not a block device." >&2 - exit 1 -elif ! cryptsetup isLuks "${DEVICE}" 2>/dev/null; then - echo "Device '${DEVICE}' is not a LUKS device." >&2 - exit 1 -elif [ -z "${SERIAL}" ]; then - echo "Did not get a serial number from key. Did you insert one?" >&2 - exit 1 -fi - -# This directroy should exist, but we create it in case it does not -if [ ! -d "/etc/ykfde.d/" ]; then - install -d -m 0700 "/etc/ykfde.d/" -fi - -# generate the challenge -if ! makepasswd --chars=64 | tr -d '\n' > "/etc/ykfde.d/challenge-${SERIAL}"; then - exit 1 -fi - -# generate response -if ! ykchalresp -${SLOT} "$(cat "/etc/ykfde.d/challenge-${SERIAL}")" | tr -d '\n' > "${TMPDIR}/ykfde-response"; then - # ykchalresp should have shouted, so do not complain here - exit 1 -fi - -# add key to LUKS device -if ! cryptsetup luksAddKey "${DEVICE}" "${TMPDIR}/ykfde-response"; then - # cryptsetup should have shouted, ... - exit 1 -fi - -# shred response and remove temporary directory -shred --remove "${TMPDIR}/ykfde-response" -rm -rf "${TMPDIR}" - -echo "Please do not forget to remove old keys when changing challenge!" -echo "Now run 'mkinitcpio' to build a new initramfs!" |