#!/bin/sh
# 
# v1.0 20130109
# Created by Steven Plunkett
# www.criticalentropy.com/openssl-bind-mount.sh.txt
# 
# Free for use - please email steven@criticalentropy.com if there are necessary updates

PATH=/bin:/usr/bin

# Ensure there variables match whatever is required on your server.
CHROOTDIR=/chroot/named
OPENSSLVER=1.0.0

mount_bind() {
	mount --bind /usr/lib/x86_64-linux-gnu/openssl-$OPENSSLVER/engines $CHROOTDIR/usr/lib/x86_64-linux-gnu/openssl-$OPENSSLVER/engines
	mount -o remount,ro $CHROOTDIR/usr/lib/x86_64-linux-gnu/openssl-$OPENSSLVER/engines
}

umount_bind() {
	umount $CHROOTDIR/usr/lib/x86_64-linux-gnu/openssl-$OPENSSLVER/engines
}

check_mount() {
	mount -l | grep "/usr/lib/x86_64-linux-gnu/openssl-$OPENSSLVER/engines on $CHROOTDIR/usr/lib/x86_64-linux-gnu/openssl-$OPENSSLVER/engines" > /dev/null 2>&1
}

case $1 in
	start)
		if [ ! -d $CHROOTDIR/usr/lib/x86_64-linux-gnu/openssl-$OPENSSLVER/engines ]; then
			logger -i -s -f /var/log/syslog "Necessary mount point doesn't exist - not created or directory path is wrong?"
			exit 1
		fi
		logger -i -s -f /var/log/syslog "Checking mount point for chrooted bind (openssl)"
		check_mount
		if [ $? = 0 ]; then
			logger -i -s -f /var/log/syslog "openssl engine for bind is already mounted. No further action required."
			exit 0
		else
			logger -i -s -f /var/log/syslog "openssl engine for bind isn't mounted. Attempting to mount..."
			mount_bind
			if [ $? = 0 ]; then
				logger -i -s -f /var/log/syslog "Mount of openssl engine for bind was successful."
				exit 0
			else
				logger -i -s -f /var/log/syslog "Mount of openssl engine for bind has failed."
				exit 1
			fi
		fi
	;;
	
	stop)
		logger -i -s -f /var/log/syslog "Checking mount point for chrooted bind (openssl)" 
		check_mount
		if [ $? = 1 ]; then
			logger -i -s -f /var/log/syslog "Mount point isn't mounted. No further action necessary."
			exit 0
		else
			logger -i -s -f /var/log/syslog "Mount point is present. Attempting to unmount..."
			umount_bind
			if [ $? = 0 ]; then
				logger -i -s -f /var/log/syslog "Unmount of openssl engine for bind was successful."
				exit 0
			else
				logger -i -s -f /var/log/syslog "Unmount of openssl engine for bind has failed."
				exit 1
			fi
		fi
	;;
	
	*)
		echo "Usage: /usr/local/bin/bind-openssl-mount.sh {start|stop}"
esac

exit 0