]> xenbits.xen.org Git - xenclient/toolstack.git/commitdiff
projects / xenclient / toolstack.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5f157bc)
Add missing scripts and Revert "Revert "Add sec-* scripts for local auth and vm disk...
authorChristian Limpach <Christian.Limpach@citrix.com>
Wed, 13 Jan 2010 20:00:49 +0000 (20:00 +0000)
committerChristian Limpach <Christian.Limpach@citrix.com>
Wed, 13 Jan 2010 20:00:49 +0000 (20:00 +0000)
This reverts commit 5f157bceb35d11bc62fb6965c3b4aff8ec70e879.

Makefile patch | blob | blame | history
scripts/sec-change-pass [new file with mode: 0755] patch | blob
scripts/sec-check-pass [new file with mode: 0755] patch | blob
scripts/sec-mount [new file with mode: 0755] patch | blob
scripts/sec-new-user [new file with mode: 0755] patch | blob
scripts/sec-umount [new file with mode: 0755] patch | blob

diff --git a/Makefile b/Makefile
index 3ce32560d325a8ccf07cc5aac361e1419e0d9e2e..11cbb57864c4dd2be003bb8ba8c0363e3bc0ff6f 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -19,7 +19,9 @@ SUBDIRS              = libs/uuid libs/stdext libs/mmap \
 INSTALL_PROGRAMS_BIN = \
        xenstored/xenstored xenguest/xenguest closeandexec/closeandexec \
        xenvm/xenops xenvm/xenvm xenvm/xenvm-cmd \
-       scripts/qemu-dm-wrapper scripts/ctxusb-wrapper
+       scripts/qemu-dm-wrapper scripts/ctxusb-wrapper \
+       scripts/sec-change-pass scripts/sec-mount scripts/sec-umount \
+       scripts/sec-check-pass scripts/sec-new-user
 
 -include extra/Makefile
 
diff --git a/scripts/sec-change-pass b/scripts/sec-change-pass
new file mode 100755 (executable)
index 0000000..8cafb1b
--- /dev/null
+++ b/scripts/sec-change-pass
@@ -0,0 +1,39 @@
+#! /bin/sh
+
+user="$1"
+userpass="$2"
+serverpass="$3"
+
+LVPREFIX=s-
+LVSIZE=12M
+VGNAME=xenclient
+DEVKEY=/config/sec/device.key
+RAMDIR=/tmp
+UKEY="${RAMDIR}/s-${user}.key"
+TKEY="${RAMDIR}/s-t-${user}.key"
+SECDM="s-${user}"
+
+( cat "${DEVKEY}"
+  echo "${user}"
+  cat "${userpass}" ) >"${UKEY}"
+
+( cat "${DEVKEY}"
+  echo "transmitter ${user}"
+  cat "${serverpass}" ) >"${TKEY}"
+
+cryptsetup -q -d "${TKEY}" \
+  luksKillSlot "/dev/${VGNAME}/${LVPREFIX}${user}" 0 || {
+    echo $0: cryptsetup luksKillSlot failed: $?
+    rm "${TKEY}" "${UKEY}"
+    exit 2
+  }                       
+
+cryptsetup -q -d "${TKEY}" -S 0 \
+  luksAddKey "/dev/${VGNAME}/${LVPREFIX}${user}" "${UKEY}" || {
+    echo $0: cryptsetup luksAddKey failed: $?
+    rm "${TKEY}" "${UKEY}"
+    exit 3
+  }
+
+rm "${TKEY}" "${UKEY}"
+
diff --git a/scripts/sec-check-pass b/scripts/sec-check-pass
new file mode 100755 (executable)
index 0000000..d781238
--- /dev/null
+++ b/scripts/sec-check-pass
@@ -0,0 +1,24 @@
+#! /bin/sh
+
+user="$1"
+userpass="$2"
+
+LVPREFIX=s-
+VGNAME=xenclient
+DEVKEY=/config/sec/device.key
+RAMDIR=/tmp
+UKEY="${RAMDIR}/s-${user}.key"
+
+( cat "${DEVKEY}"
+  echo "${user}"
+  cat "${userpass}" ) >"${UKEY}"
+
+cryptsetup -d "${UKEY}" -S 0 \
+  luksCheckKey "/dev/${VGNAME}/${LVPREFIX}${user}" || {
+  echo $0: cryptsetup luksCheckKey failed: $?
+  rm "${UKEY}"
+  exit 2
+}
+
+rm "${UKEY}"
+
diff --git a/scripts/sec-mount b/scripts/sec-mount
new file mode 100755 (executable)
index 0000000..aef4422
--- /dev/null
+++ b/scripts/sec-mount
@@ -0,0 +1,35 @@
+#! /bin/sh
+
+user="$1"
+userpass="$2"
+
+LVPREFIX=s-
+VGNAME=xenclient
+DEVKEY=/config/sec/device.key
+RAMDIR=/tmp
+UKEY="${RAMDIR}/s-${user}.key"
+SECDIR=/config/sec
+SECDM="s-${user}"
+SECPATH="${SECDIR}/s-${user}"
+
+( cat "${DEVKEY}"
+  echo "${user}"
+  cat "${userpass}" ) >"${UKEY}"
+
+cryptsetup -d "${UKEY}" \
+  luksOpen "/dev/${VGNAME}/${LVPREFIX}${user}" "${SECDM}" || {
+  echo $0: cryptsetup luksOpen failed: $?
+  rm "${UKEY}"
+  exit 2
+}
+
+mkdir -p "${SECPATH}"
+mount "/dev/mapper/${SECDM}" "${SECPATH}" || {
+  echo $0: mount failed: $?
+  cryptsetup luksClose "${SECDM}"
+  rm "${UKEY}"
+  exit 3
+}
+
+rm "${UKEY}"
+
diff --git a/scripts/sec-new-user b/scripts/sec-new-user
new file mode 100755 (executable)
index 0000000..767317d
--- /dev/null
+++ b/scripts/sec-new-user
@@ -0,0 +1,69 @@
+#! /bin/sh
+
+user="$1"
+userpass="$2"
+serverpass="$3"
+
+LVPREFIX=s-
+LVSIZE=12M
+VGNAME=xenclient
+DEVKEY=/config/sec/device.key
+RAMDIR=/tmp
+UKEY="${RAMDIR}/s-${user}.key"
+TKEY="${RAMDIR}/s-t-${user}.key"
+SECDM="s-${user}"
+
+lvcreate -L "${LVSIZE}" -n "${LVPREFIX}${user}" "${VGNAME}" || {
+  echo $0: lvcreate failed: $?
+  exit 2
+}
+
+( cat "${DEVKEY}"
+  echo "${user}"
+  cat "${userpass}" ) >"${UKEY}"
+
+cryptsetup -q -S 0 \
+  luksFormat "/dev/${VGNAME}/${LVPREFIX}${user}" "${UKEY}" || {
+  echo $0: cryptsetup luksFormat failed: $?
+  rm "${UKEY}"
+  exit 3
+}
+
+[ -z "${serverpass}" ] || {
+
+  ( cat "${DEVKEY}"
+    echo "transmitter ${user}"
+    cat "${serverpass}" ) >"${TKEY}"
+  cryptsetup -q -S 1 -d "${UKEY}" \
+    luksAddKey "/dev/${VGNAME}/${LVPREFIX}${user}" "${TKEY}" || {
+      echo $0: cryptsetup luksAddKey failed: $?
+      rm "${TKEY}" "${UKEY}"
+      exit 4
+    }
+
+  rm "${TKEY}"
+}
+
+cryptsetup -d "${UKEY}" \
+  luksOpen "/dev/${VGNAME}/${LVPREFIX}${user}" "${SECDM}" || {
+  echo $0: cryptsetup luksOpen failed: $?
+  rm "${UKEY}"
+  exit 5
+}
+
+mkfs.ext2 "/dev/mapper/${SECDM}" || {
+  echo $0: mkfs.ext2 failed: $?
+  cryptsetup luksClose "${SECDM}"
+  rm "${UKEY}"
+  exit 6
+}
+
+cryptsetup luksClose "${SECDM}" || {
+  echo $0: cryptsetup luksClose failed: $?
+  rm "${UKEY}"
+  exit 7
+}
+
+rm "${UKEY}"
+
diff --git a/scripts/sec-umount b/scripts/sec-umount
new file mode 100755 (executable)
index 0000000..62c4efe
--- /dev/null
+++ b/scripts/sec-umount
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+user="$1"
+
+SECDIR=/config/sec
+SECDM="s-${user}"
+SECPATH="${SECDIR}/s-${user}"
+
+umount "${SECPATH}" || {
+  echo $0: umount failed: $?
+  cryptsetup luksClose "${SECDM}"
+  exit 2
+}
+
+cryptsetup luksClose "${SECDM}" || {
+  echo $0: cryptsetup luksClose failed: $?
+  exit 3
+}
+
xenclient toolstack