1195a1a762
* Decipher command * Smartcard presence test
132 lines
3.8 KiB
Bash
Executable file
132 lines
3.8 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
# Why not use "openct-tool rwait" instead of polling opensc-tool exit status?
|
|
# Well openct daemon has to be running which interferes with pcscd since both
|
|
# implement reader drivers, my particular CCID reader (SCM SCR331-LC1) doesn't
|
|
# work with the CCID driver in openct, however it does work with pcscd.
|
|
|
|
# Why not use "opensc-tool --wait" instead of polling opensc-tool exit status?
|
|
# Although opensc-tool --help reports that there is a --wait option, it doesn't
|
|
# seem to be implemented.
|
|
|
|
# Load configuration and test set default value if missing
|
|
. /etc/default/decrypt_pkcs
|
|
SMARTCARD_PRESENCE_COMMAND=${SMARTCARD_PRESENCE_COMMAND:-/usr/bin/opensc-tool}
|
|
SMARTCARD_PRESENCE_ARGS=${SMARTCARD_PRESENCE_ARGS:-'-n'}
|
|
DECIPHER_COMMAND=${DECIPHER_COMMAND:-/usr/bin/pkcs15-crypt}
|
|
DECIPHER_ARGS=${DECIPHER_ARGS:-'--decipher --pkcs1 --raw --input'}
|
|
DECIPHER_ASK_PIN=${DECIPHER_ASK_PIN:-'--pin'}
|
|
|
|
check_plymouth() {
|
|
plymouth=0
|
|
if [ -x /bin/plymouth ] && plymouth --ping > /dev/null ; then
|
|
plymouth=1
|
|
fi
|
|
}
|
|
|
|
check_osk_sdl() {
|
|
osk_sdl=0
|
|
if [ -f /usr/bin/osk-sdl ] ; then
|
|
osk_sdl=1
|
|
export ETNA_MESA_DEBUG=no_supertile
|
|
export SDL_VIDEODRIVER=kmsdrm
|
|
fi
|
|
}
|
|
|
|
check_card() {
|
|
cardfound=0
|
|
if $SMARTCARD_PRESENCE_COMMAND $SMARTCARD_PRESENCE_ARGS >/dev/null 2>&1; then
|
|
cardfound=1
|
|
fi
|
|
}
|
|
|
|
log_message() {
|
|
if [ $plymouth = 1 ] ; then
|
|
plymouth display-message --text="$@" 2>/dev/null
|
|
else
|
|
echo "$@" >&2
|
|
fi
|
|
}
|
|
|
|
fallback() {
|
|
log_message 'Asking for passphrase'
|
|
if [ $plymouth = 1 ] ; then
|
|
if [ $osk_sdl = 1 ] ; then
|
|
plymouth hide-splash 2>/dev/null
|
|
/usr/bin/osk-sdl -d ${CRYPTTAB_SOURCE} -n "${CRYPTTAB_NAME}" -c /etc/osk.conf -v \
|
|
|| panic "Failure running osk-sdl. Good luck."
|
|
plymouth show-splash 2>/dev/null
|
|
else
|
|
plymouth ask-for-password --prompt "Try LUKS password for $CRYPTTAB_NAME: " 2>/dev/null
|
|
exit 0
|
|
fi
|
|
else
|
|
if [ $osk_sdl = 1 ] ; then
|
|
/usr/bin/osk-sdl -d ${CRYPTTAB_SOURCE} -n "${CRYPTTAB_NAME}" -c /etc/osk.conf -v \
|
|
|| panic "Failure running osk-sdl. Good luck."
|
|
else
|
|
echo </dev/console 2>/dev/console
|
|
exit 0
|
|
fi
|
|
|
|
fi
|
|
exit $?
|
|
}
|
|
|
|
wait_card() {
|
|
check_card
|
|
if [ $cardfound = 0 ] ; then
|
|
log_message "Waiting for Smart Card..."
|
|
tries=0
|
|
while [ $cardfound = 0 ] && [ $tries -lt 15 ] ; do
|
|
sleep 1
|
|
check_card
|
|
tries=$(($tries + 1))
|
|
done
|
|
if [ $cardfound = 0 ] ; then
|
|
log_message 'Failed to find Smart Card card!'
|
|
if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then
|
|
log_message 'Already decrypted'
|
|
exit 0
|
|
else
|
|
fallback
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
|
|
check_plymouth
|
|
check_osk_sdl
|
|
|
|
if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then
|
|
log_message 'Already decrypted'
|
|
exit 0
|
|
fi
|
|
|
|
wait_card
|
|
|
|
if [ $plymouth = 1 ] ; then
|
|
if [ $osk_sdl = 1 ] ; then
|
|
# Get pin number from osk_sdl
|
|
plymouth hide-splash 2>/dev/null
|
|
${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS \
|
|
$DECIPHER_ASK_PIN "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
|
|
plymouth show-splash 2>/dev/null
|
|
else
|
|
# Get pin number from plymouth
|
|
${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS \
|
|
$DECIPHER_ASK_PIN "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME: ")"
|
|
fi
|
|
else
|
|
if [ $osk_sdl = 1 ] ; then
|
|
# Get pin number from osk_sdl
|
|
${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS \
|
|
$DECIPHER_ASK_PIN "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
|
|
else
|
|
# Get pin number from console
|
|
${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS </dev/console 2>/dev/console
|
|
fi
|
|
fi
|
|
|
|
exit $?
|