#!/bin/sh
#
# BackWatcher, Inc.
# Information Security Solutions
# http://www.backwatcher.com/ 
# support@backwatcher.com
# 813-979-1633
#
# cryptfs
#
# mount/unmount blowfish encrypted filesystem
#
# Important Note:  Under OpenBSD's current encrypted vnd filesystem
# implementation, when a system with a mounted, encrypted vnd filesystem
# is shutdown uncleanly, the encrypted vnd filesystem's structures get
# damaged and, since OpenBSD's fsck will not acknowledge vnd filesystems,
# these damaged structures can not reasonably be repaired.
#
# 12/19/01

#
# Set user defined defaults
#

cryptfile=/lame/secrets/cryptfile
cryptmnt=/lame/secrets/cryptmnt
## the svnd-device we're gonna use (not the partition!)
svnd=svnd0
## the partition which we're gonna mount:
svnda=/dev/svnd0a

#
# Get arguments
#

while getopts muf:p:d:vh option
do
  case "$option"
  in
    m)   mount="yes"
         ;;
    u)   umount="yes"
         ;;
    f)   cryptfile="$OPTARG"
         ;;
    p)   cryptmnt="$OPTARG"
         ;;
    d)   svnd="$OPTARG"
         ;;
    v)   verbose="-v"
         ;;
    h) echo "Usage: cryptfs [-vh] -m|u [-f cryptfile ] [-p mntpoint] [-d svnd]"
         echo "  -m		mount encrypted filesystem"  
         echo "  -u		unmount encrypted filesystem"  
         echo "  -f cryptfile	cryptfile (default = $cryptfile)"  
         echo "  -p mntpoint	mount point (default = $cryptmnt)"  
         echo "  -d svnd	svnd device (default = $svnd)"  
         echo "  -v		verbose"  
         echo "  -h		help" 
         exit 1
         ;;
  esac
done

#
# Check syntax
#

if [ -n "$mount" -a -n "$umount" ]
then
  /bin/echo "syntax error: use -h for help"
  exit
fi

#
# Make sure we are on an OpenBSD system
#

if [ "`/usr/bin/uname -s`" != "OpenBSD" ]
then
  /bin/echo "os error: this must be an OpenBSD system"
  exit
fi

#
# mount encrypted filesystem
#

if [ -n "$mount" ]
then
  [ $verbose ] && /bin/echo "mounting encrypted filesystem ..."
  /usr/sbin/vnconfig -ck $verbose $svnd $cryptfile
  sleep 1
  /sbin/mount -f $svnda $cryptmnt
  [ $verbose ] && /bin/echo "             mounted on $cryptmnt"
  exit
fi

#
# unmount encrypted filesystem
#

if [ -n "$umount" ]
then
  [ $verbose ] && /bin/echo "unmounting encrypted filesystem ..."
  /sbin/umount $cryptmnt
  sleep 1
  /usr/sbin/vnconfig -u $verbose $svnd
  exit
fi