Merge ssh://192.168.0.10:/root/naskpass into jessie

10 files changed, 149 insertions, 8 deletions

diff --git a/debian/control b/debian/control
index dc3c228..93503a0 100644
--- a/debian/control
+++ b/debian/control
@@ -11,5 +11,7 @@ Homepage: https://github.com/freecoding/naskpass.git
 Package: naskpass
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, cryptsetup (= 2:1.6.6-5), libncurses5, libtinfo5, coreutils
+Recommends: openssh-server
+Conflicts: dropbear
 Description: Ncurses based cryptsetup askpass replacement
  NULL.
diff --git a/debian/naskpass.postinst b/debian/naskpass.postinst
index 4d9cc42..981f62b 100755
--- a/debian/naskpass.postinst
+++ b/debian/naskpass.postinst
@@ -24,6 +24,11 @@ case "$1" in
         else
           nask_deactivate
         fi
+	if [ -x /usr/bin/ssh-keygen ]; then
+		[ -r /etc/initramfs-tools/etc/ssh/ssh_host_rsa_key ] || /usr/bin/ssh-keygen -t rsa -N '' -b 4096 -f /etc/initramfs-tools/etc/ssh/ssh_host_rsa_key
+		[ -r /etc/initramfs-tools/etc/ssh/ssh_host_dsa_key ] || /usr/bin/ssh-keygen -t dsa -N '' -b 1024 -f /etc/initramfs-tools/etc/ssh/ssh_host_dsa_key
+		[ -r /etc/initramfs-tools/etc/ssh/authorized_keys ] || touch /etc/initramfs-tools/etc/ssh/authorized_keys
+	fi
         update-initramfs -u
     ;;
 
diff --git a/debian/naskpass.postrm b/debian/naskpass.postrm
new file mode 100755
index 0000000..0963e23
--- /dev/null
+++ b/debian/naskpass.postrm
@@ -0,0 +1,33 @@
+#!/bin/sh
+# postrm script for naskpass
+#
+# see: dh_installdeb(1)
+
+set -e
+
+
+. /usr/share/debconf/confmodule
+
+case "$1" in
+    purge)
+        rm -f /etc/initramfs-tools/etc/ssh/authorized_keys
+        rm -f /etc/initramfs-tools/etc/ssh/ssh_host_dsa_key
+        rm -f /etc/initramfs-tools/etc/ssh/ssh_host_dsa_key.pub
+        rm -f /etc/initramfs-tools/etc/ssh/ssh_host_rsa_key
+        rm -f /etc/initramfs-tools/etc/ssh/ssh_host_rsa_key.pub
+    ;;
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/naskpass.prerm b/debian/naskpass.prerm
index afcf9b1..47beafb 100755
--- a/debian/naskpass.prerm
+++ b/debian/naskpass.prerm
@@ -10,7 +10,7 @@ set -e
 . /usr/share/naskpass/naskconf
 
 case "$1" in
-    remove|purge)
+    remove)
         nask_deactivate
         db_purge
         update-initramfs -u
@@ -19,7 +19,7 @@ case "$1" in
     ;;
 
     *)
-        echo "postrm called with unknown argument \`$1'" >&2
+        echo "prerm called with unknown argument \`$1'" >&2
         exit 1
     ;;
 esac
diff --git a/debian/rules b/debian/rules
index 5375c6b..2311fb3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -25,6 +25,7 @@ clean:
 	dh_testroot
 	rm -f build-stamp configure-stamp
 	dh_clean
+	dh_auto_clean
 
 distclean: build
 	$(MAKE) distclean
@@ -45,6 +46,8 @@ install: build
 	install -D -m755 ./scripts/naskpass.initconf   $(CURDIR)/debian/naskpass/usr/share/naskpass/
 	install -D -m755 ./scripts/naskpass.pre        $(CURDIR)/debian/naskpass/usr/share/naskpass/
 	install -D -m755 ./scripts/naskpass.post       $(CURDIR)/debian/naskpass/usr/share/naskpass/
+	install -d -m755 $(CURDIR)/debian/naskpass/etc/initramfs-tools/etc/ssh/
+	install -D -m644 ./scripts/sshd_config         $(CURDIR)/debian/naskpass/etc/initramfs-tools/etc/ssh/
 
 binary-indep: build install
 
diff --git a/scripts/naskpass.initconf b/scripts/naskpass.initconf
index 2e16e82..63989a1 100755
--- a/scripts/naskpass.initconf
+++ b/scripts/naskpass.initconf
@@ -1,7 +1,15 @@
 # initramfs naskpass config file
 
-# network device
-NETDEV=eth0
-
 # maximum ip wait time in seconds
-MAXWAIT=10
+MAXWAIT=25
+
+# kernel printk path
+PRINTK=/proc/sys/kernel/printk
+OLDPRINTK=/tmp/naskpass.oldprintk
+
+# network options
+# NASK_IP, NASK_MAC requires NASK_DEV !
+#NASK_DEV=eth0
+# commenting out the following line will force debian's `configure_network` routine
+#NASK_IP=192.168.0.11
+#NASK_MAC=66:66:66:66:66:66
diff --git a/scripts/naskpass.inithook b/scripts/naskpass.inithook
index 6bb0cc1..ac67cf5 100755
--- a/scripts/naskpass.inithook
+++ b/scripts/naskpass.inithook
@@ -24,6 +24,24 @@ copy_exec /usr/share/naskpass/naskpass.pre      /lib/cryptsetup
 copy_exec /usr/share/naskpass/naskpass.post     /lib/cryptsetup
 copy_exec /usr/share/naskpass/naskpass.initconf /etc/naskpass.conf
 
+copy_exec /usr/sbin/sshd /sbin/sshd
+copy_exec /usr/bin/strace /bin/strace
+
+cp -R /etc/initramfs-tools/etc/ssh "${DESTDIR}/etc/"
+
+copy_exec /usr/lib/i386-linux-gnu/libnss_compat.so /usr/lib/i386-linux-gnu/
+if [ -r "${DESTDIR}/etc/nsswitch.conf" ]; then
+echo << EOF >"${DESTDIR}/etc/nsswitch.conf"
+passwd:         compat
+group:          compat
+shadow:         compat
+EOF
+fi
+
+[ -r "${DESTDIR}/etc/passwd" ] || echo 'root:x:0:0:root:/root:/bin/sh' >"${DESTDIR}/etc/passwd"
+[ -r "${DESTDIR}/etc/group" ] || echo 'root:x:0:' >"${DESTDIR}/etc/group"
+[ -r "${DESTDIR}/etc/shadow" ] || echo 'root:*:16777:0:99999:7:::' >"${DESTDIR}/etc/shadow"
+
 mkdir -p ${DESTDIR}/lib/terminfo/l
 cp /lib/terminfo/l/linux ${DESTDIR}/lib/terminfo/l/
 
diff --git a/scripts/naskpass.post b/scripts/naskpass.post
index 0ea24a2..f76a4cc 100755
--- a/scripts/naskpass.post
+++ b/scripts/naskpass.post
@@ -1,3 +1,16 @@
 #!/bin/sh
 
 . /etc/naskpass.conf
+
+if [ "x${OLDPRINTK}" != "x" ] && [ -r ${OLDPRINTK} ] && [ -w ${PRINTK} ]; then
+	cat ${OLDPRINTK} >${OLDPRINTK}
+fi
+
+kill $(pidof sshd)
+
+for interface in $(ifconfig | grep -oE '^[a-zA-Z0-9]+\s+'); do
+	echo "disable ${interface}"
+	ifconfig ${interface} 0.0.0.0
+	ifconfig ${interface} down
+done
+
diff --git a/scripts/naskpass.pre b/scripts/naskpass.pre
index f5acd96..032cc49 100755
--- a/scripts/naskpass.pre
+++ b/scripts/naskpass.pre
@@ -1,12 +1,30 @@
 #!/bin/sh
 
+. /scripts/functions
 . /etc/naskpass.conf
 
 
+if [ "x${PRINTK}" != "x" ] && [ -r ${PRINTK} ] && [ -w ${PRINTK} ]; then
+	cat ${PRINTK} >${OLDPRINTK}
+	echo "0 0 0 0" >${PRINTK}
+fi
+sleep 0.2
+
 echo -n 'waiting for ip '
 CURWAIT=$MAXWAIT
 
-if [ -x /sbin/dropbear ]; then
+if [ -x /sbin/sshd ]; then
+
+if [ "x${NASK_DEV}" != "x" ] && [ "x${NASK_MAC}" != "x" ];  then
+	ifconfig ${NASK_DEV} hw ether ${NASK_MAC}
+fi
+
+if [ "x${NASK_DEV}" != "x" ] && [ "x${NASK_IP}" != "x" ];  then
+        ifconfig ${NASK_DEV} ${NASK_IP}
+else
+	configure_networking &
+fi
+
 while ! $(ifconfig -a | grep -qoE 'inet addr:'); do
 	echo -n '.'
 	if [ $CURWAIT -le 0 ]; then
@@ -14,8 +32,9 @@ while ! $(ifconfig -a | grep -qoE 'inet addr:'); do
 		break
 	fi
 	CURWAIT=$(expr $CURWAIT - 1)
-	sleep 1
+	sleep 0.5
 done
 echo
+/sbin/sshd
 fi
 
diff --git a/scripts/sshd_config b/scripts/sshd_config
new file mode 100644
index 0000000..256d2c0
--- /dev/null
+++ b/scripts/sshd_config
@@ -0,0 +1,40 @@
+Port 22
+ListenAddress ::
+ListenAddress 0.0.0.0
+Protocol 2
+
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+UsePrivilegeSeparation no
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 4096
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin yes
+StrictModes yes
+RSAAuthentication yes
+PubkeyAuthentication yes
+AuthorizedKeysFile /etc/ssh/authorized_keys
+
+IgnoreRhosts yes
+RhostsRSAAuthentication no
+HostbasedAuthentication no
+
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+
+X11Forwarding no
+PrintMotd no
+PrintLastLog no
+TCPKeepAlive yes
+UseLogin no
+
+AcceptEnv LANG LC_*
+ForceCommand /bin/sh
+
+UsePAM no