diff --git a/hook-scripts/README b/hook-scripts/README new file mode 100644 index 0000000..b10fcb7 --- /dev/null +++ b/hook-scripts/README @@ -0,0 +1,25 @@ +Hook scripts for CryptoBox events + +If you want to execute specific actions according to changes of the cryptobox, +then you can just add your own scripts to this directory. +For every supported event of the CryptoBox, all scripts are called with root user +permissions. + +The common synopsis for all hook scripts is: + SCRIPTNAME EVENT [[EVENT_INFOS]...] + +Supported events: + premount|postmount|preumount|postumount: + called before and after (u)mounting of a volume + arguments (in this order): + - device: name of the underlying device + - vol_name: name of the (u)mounted volume + - vol_type: type of the volume (plain|luks) + - mount_dir: mountpoint of the volume + + +Every hook script has to fulfill the following conditions: + - be executable (for the cryptobox user and for root) + - be writeable for root only + - its parent directories must be writeable for root only + diff --git a/hook-scripts/samba b/hook-scripts/samba new file mode 100755 index 0000000..bd0d6ad --- /dev/null +++ b/hook-scripts/samba @@ -0,0 +1,91 @@ +#!/bin/sh +# +# Manage samba shares +# - after mounting: add the new samba share +# - before umounting: disable and remove the samba share +# +# The following line _must_ be added to your /etc/samba/smb.conf: +# include = /etc/cryptobox/samba-include.conf +# +# +# Params: $event $volume_name $volume_type $mount_dir +# +# event: premount | postmount | preumount | postumount +# device: name of the device +# volume_name: name of the volume +# volume_type: plain | luks +# mount_dir: mount directory +# + +set -eu + +SAMBA_CONTROL=smbcontrol +SAMBA_CONF_DIR=/var/cache/cryptobox/samba.conf.d +TEMPLATE_CONF_FILE=/etc/cryptobox/samba-share.conf-template +MAIN_SAMBA_CONF_FILE=/etc/cryptobox/samba-include.conf + +# check if samba is installed +test -z "$(which $SAMBA_CONTROL)" && exit 0 + +# create include-file directory +mkdir -p "$SAMBA_CONF_DIR" + +# check event argument +if test "$#" -eq 0 + then echo "Syntax: $(basename $0) EVENT [EVENT_INFORMATION]" >&2 + exit 1 + fi + +event=$1 + + +# ------------=-=-=- some functions -=-=-=----------------- + +update_include_conf_file() +{ + ( echo "# this file was automatically generated by the CryptoBox" + echo "# DO NOT EDIT - all changes will get lost!" + find "$SAMBA_CONF_DIR" -type f -name "*.conf" | while read fname + do echo "include = $fname" + done ) >"$MAIN_SAMBA_CONF_FILE" +} + +send_reload_command() +{ + # reload config files + "$SAMBA_CONTROL" smbd reload-config +} + +send_close_share_command() +{ + # close all connections and deny further requests + "$SAMBA_CONTROL" smbd close-share "$1" +} + +# -----------------=-=-=- main -=-=-=---------------------- + +case "$event" in + premount|postumount ) + ;; + postmount ) + vol_name=$3 + mount_dir=$5 + sed "s#_SHARE_DIR_#$mount_dir#g; s#_VOLUME_NAME_#$vol_name#g" "$TEMPLATE_CONF_FILE" >"$SAMBA_CONF_DIR/${vol_name}.conf" + update_include_conf_file + send_reload_command + ;; + preumount ) + vol_name=$3 + send_close_share_command "$vol_name" + rm "$SAMBA_CONF_DIR/${vol_name}.conf" || true + update_include_conf_file + send_reload_command + ;; + * ) + # ignore all events that we do not support + exit 0 + ;; + esac + +exit 0 +