refactor init and update subcommands

2020-04-02 00:30:48 +02:00 · 2020-04-02 00:30:48 +02:00 · 77d0681d14
parent e9e8a790ba
commit 77d0681d14
4 changed files with 106 additions and 72 deletions
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@ -7,30 +7,25 @@
 # shellcheck source=./config
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"

-jail="${1:-}"
-if [ ! -n "${jail}" ]; then
+jail_name="${1:-}"
+if [ -z "${jail_name}" ]; then
    "${LIBDIR}/bkctld-help" && exit 1
 fi
-[ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
+jail_path=$(jail_path "${jail_name}")

-mkdir -p "${CONFDIR}" "${JAILDIR}"
-sshd_config="${TPLDIR}/sshd_config"
-inctpl="${TPLDIR}/inc.tpl"
-[ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
-[ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
+test -d "${jail_path}" && error "${jail_name} : jail already exists."

-rootdir=$(dirname "${JAILDIR}")
-rootdir_inode=$(stat --format=%i "${rootdir}")
-jaildir_inode=$(stat --format=%i "${JAILDIR}")
-if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
-    /bin/btrfs subvolume create "${JAILDIR}/${jail}"
+# Create config and jails directory
+mkdir --parents "${CONFDIR}" "${JAILDIR}"
+
+
+if is_btrfs "$(dirname "${JAILDIR}")" || is_btrfs "${JAILDIR}"; then
+    /bin/btrfs subvolume create "${jail_path}"
 else
-    mkdir -p "${JAILDIR}/${jail}"
+    mkdir --parents "${jail_path}"
 fi
-. "${LIBDIR}/mkjail"
-info "4 - Copie default sshd_config"
-install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
-info "5 - Copie default inc configuration"
-install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
-"${LIBDIR}/bkctld-port" "${jail}" auto
-notice "${jail} : created jail"
+
+setup_jail_chroot "${jail_name}"
+setup_jail_config "${jail_name}"
+
+notice "${jail_name} : jail has been created"
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@ -7,12 +7,16 @@
 # shellcheck source=./config
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"

-jail="${1:-}"
-if [ ! -n "${jail}" ]; then
+jail_name="${1:-}"
+if [ ! -n "${jail_name}" ]; then
    "${LIBDIR}/bkctld-help" && exit 1
 fi
-[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to update inexistant jail"
-"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
+jail_path=$(jail_path "${jail_name}")

-. "${LIBDIR}/mkjail"
-notice "${jail} : updated jail"
+[ -d "${jail_path}" ] || error "${jail_name} : trying to update inexistant jail"
+
+"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
+
+setup_jail_chroot "${jail_name}"
+
+notice "${jail_name} : jail has been updated."
--- a/lib/config
+++ b/lib/config
@ -10,10 +10,10 @@ BACKUP_DISK="${BACKUP_DISK:-}"
 JAILDIR="${JAILDIR:-/backup/jails}"
 INCDIR="${INCDIR:-/backup/incs}"
 TPLDIR="${TPLDIR:-/usr/share/bkctld}"
+LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
 LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"
 INDEX_DIR="${INDEX_DIR:-/backup/index}"
 IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
-LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
 SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
 SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
 AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
@ -139,3 +139,82 @@ jail_check_policy_file() {
        echo ""
    fi
 }
+
+setup_jail_chroot() {
+    jail_name=$1
+
+    jail_path=$(jail_path "${jail_name}")
+
+    passwd="${TPLDIR}/passwd"
+    shadow="${TPLDIR}/shadow"
+    group="${TPLDIR}/group"
+    sshrc="${TPLDIR}/sshrc"
+    [ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
+    [ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
+    [ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
+    [ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
+
+    cd "${jail_path}" || error "Failed to change directory to ${jail_path}."
+    umask 077
+
+    info "1 - Creating the chroot"
+    rm -rf bin lib lib64 run usr var/run etc/ssh/*key
+    mkdir -p ./dev
+    mkdir -p ./proc
+    mkdir -p ./usr/bin
+    mkdir -p ./usr/sbin
+    mkdir -p ./usr/lib ./usr/lib/x86_64-linux-gnu ./usr/lib/openssh ./usr/lib64
+    mkdir -p ./etc/ssh
+    mkdir -p ./var/log
+    mkdir -p ./run/sshd
+    # shellcheck disable=SC2174
+    mkdir -p ./root/.ssh --mode 0700
+    # shellcheck disable=SC2174
+    mkdir -p ./var/backup --mode 0700
+    ln -s ./usr/bin ./bin
+    ln -s ./usr/lib ./lib
+    ln -s ./usr/lib64 ./lib64
+    ln -s --target-directory=./var ../run
+    touch ./var/log/lastlog ./var/log/wtmp ./run/utmp
+
+    info "2 - Copying essential files"
+    [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh
+    [ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh
+    [ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh
+    touch "./${AUTHORIZED_KEYS}"
+    chmod 600 "./${AUTHORIZED_KEYS}"
+    cp "${passwd}" ./etc
+    cp "${shadow}" ./etc
+    cp "${group}" ./etc
+    cp "${sshrc}" ./etc/ssh
+
+    info "3 - Copying binaries"
+    cp -f /lib/ld-linux.so.2 ./lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 ./lib64
+    cp /lib/x86_64-linux-gnu/libnss* ./lib/x86_64-linux-gnu
+
+    for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
+        cp -f "${dbin}" "./${dbin}";
+        for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
+            cp -p "${lib}" "./${lib}"
+        done
+    done
+}
+
+setup_jail_config() {
+    jail_name=$1
+
+    jail_path=$(jail_path "${jail_name}")
+
+    sshd_config="${TPLDIR}/sshd_config"
+    test -f "${LOCALTPLDIR}/sshd_config" && sshd_config="${LOCALTPLDIR}/sshd_config"
+
+    info "4 - Copie default sshd_config"
+    install -m 0640 "${sshd_config}" "${jail_path}/${SSHD_CONFIG}"
+
+    inctpl="${TPLDIR}/inc.tpl"
+    test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl"
+
+    info "5 - Copie default inc configuration"
+    install -m 0640 "${inctpl}" "${jail_path}"
+    "${LIBDIR}/bkctld-port" "${jail_name}" auto
+}
--- a/lib/mkjail
+++ b/lib/mkjail
@ -1,44 +0,0 @@
-#!/bin/sh
-
-passwd="${TPLDIR}/passwd"
-shadow="${TPLDIR}/shadow"
-group="${TPLDIR}/group"
-sshrc="${TPLDIR}/sshrc"
-[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
-[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
-[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
-[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
-umask 077
-
-info "1 - Creating the chroot"
-cd "${JAILDIR}/${jail}"
-rm -rf bin lib lib64 run usr var/run etc/ssh/*key
-mkdir -p dev proc
-mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
-mkdir -p etc/ssh var/log run/sshd
-mkdir -p root/.ssh var/backup -m 0700
-ln -s usr/bin bin
-ln -s usr/lib lib
-ln -s usr/lib64 lib64
-ln -st var ../run
-touch var/log/lastlog var/log/wtmp run/utmp
-
-info "2 - Copying essential files"
-[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
-[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
-[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
-cp "${passwd}" etc
-cp "${shadow}" etc
-cp "${group}" etc
-cp "${sshrc}" etc/ssh
-
-info "3 - Copying binaries"
-cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
-cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
-
-for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
-    cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
-    for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
-        cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
-    done
-done