#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:$PATH

BIN=$(basename $0)
DEV=$1
MOUNTPOINT=$2
CRYPT_DEV=${MOUNTPOINT##*/}
MOUNTFLAG=1
LOG_FILE="/var/log/usb_crypt.log"

OSVER=$(cat /etc/.kyinfo | grep milestone | awk -F= '{print $2}' | tr -d ' ')

function adddate {
    while IFS= read -r line; do
        echo "$(date +"%Y-%m-%d %H:%m:%S"): $line"
    done
}

function PolicyVeri {
	TMP="/opt/secplatform/usb_crypt_policy"
	## 策略文件如果不存在, 则默认允许
	if [[ ! -f $TMP ]]; then
		return 1
	fi
	## 策略文件如果为0, 则允许, 如果非0, 则不允许
	if [[ `cat $TMP` -eq 0 ]]; then
		return 1
	else
		return 0
	fi
}

function CheckList {
	TMP="/tmp/usb_crypt_info.tmp"	
	rm -rf $TMP
	ucrypt readInfo $DEV --info-backup-file=$TMP
	SECRET_CODE=$(cut -b 9-20 $TMP)
	rm -rf $TMP
	
	while test -f  /opt/secplatform/check_list.tmp
	do
		echo "">/dev/null
	done
	test `cat /opt/secplatform/check_list 2>/dev/null | grep $SECRET_CODE` == $SECRET_CODE
	if [[ $? -eq 0 ]]; then
		return 0
	fi
	return 1
}

function Init {
	ucryptsetup open $DEV $CRYPT_DEV BkaX25ytu9gtxzQg >>/dev/null 2>&1
	if [[ $? -ne 0 ]]; then
		echo "Open ucrypt $DEV failed" | adddate >>$LOG_FILE 2>&1
		exit 1
	fi
	
	if [[ ! -d $MOUNTPOINT ]]; then
		mkdir -p $MOUNTPOINT >>/dev/null 2>&1
		chmod 777 $MOUNTPOINT
		MOUNTFLAG=0
	fi
}

function Exit {
	ucryptsetup close $CRYPT_DEV >>/dev/null 2>&1
	if [[ $MOUNTFLAG -eq 0 ]]; then
		\rm -rf $MOUNTPOINT
	fi
	exit 1
}

if [[ $# -ne 2 ]]; then
	echo "Usage: $BIN <device> <mountpoint>" | adddate >>$LOG_FILE 2>&1
	exit 1
fi 

## 策略读取
PolicyVeri
if [[ $? -eq  0 ]]; then
	echo  "all usb crypt forbid" | adddate >>$LOG_FILE 2>&1
	exit 0
fi

## 挂失列表读取
#CheckList
#if [[ $? -eq 0 ]]; then
#	echo "$DEV is check device" | adddate &>>$LOG_FILE
#	exit 0
#fi

## 初始化加密usb存储
Init

## 挂载加密usb存储
if [[ ${OSVER:0:3} == "3.4" || ${OSVER:0:3} == "3.5" ]];then
    systemd-mount /dev/mapper/$CRYPT_DEV $MOUNTPOINT -o acl,rw,uhelper=udisks2,noexec,nosuid,nodev >>/dev/null 2>&1
    ret=$?
else
    mount /dev/mapper/$CRYPT_DEV $MOUNTPOINT -o acl,rw,uhelper=udisks2,noexec,nosuid,nodev >>/dev/null 2>&1
    ret=$?
fi
if [[ $ret -ne 0 ]]; then
	echo "Mount $CRYPT_DEV failed" | adddate >>$LOG_FILE 2>&1
	Exit
fi
sync
chmod 777 $MOUNTPOINT

echo "mount $CRYPT_DEV success" | adddate >>$LOG_FILE 2>&1
exit 0




