From 7227ab3a425c00e6c7d49bfb69901e184e76eae1 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Thu, 25 Oct 2018 09:49:22 +0200
Subject: debian pre/post naskpass initramfs init script: set printk, setup
 networking and start sshd

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 scripts/naskpass_debian.initscript | 39 ++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/scripts/naskpass_debian.initscript b/scripts/naskpass_debian.initscript
index 340dad3..b1c4f81 100755
--- a/scripts/naskpass_debian.initscript
+++ b/scripts/naskpass_debian.initscript
@@ -10,6 +10,34 @@ prereqs()
 	echo "$PREREQ"
 }
 
+OLDPRINTK=
+
+pre_naskpass()
+{
+	# disable printk output
+	OLDPRINTK=$(cat /proc/sys/kernel/printk)
+	echo '0 0 0 0' >/proc/sys/kernel/printk
+	# setup networking and start sshd
+	if [ -x /sbin/sshd ]; then
+	    [ -x /bin/ipconfig ] && configure_networking >/dev/null 2>/dev/null &
+	    /sbin/sshd
+	fi
+}
+
+post_naskpass()
+{
+	# restore old printk
+	echo "${OLDPRINTK}" >/proc/sys/kernel/printk
+	# stop sshd
+	kill $(pidof sshd)
+	# shutdown/clean all up'd network interfaces
+	for interface in $(ifconfig | grep -oE '^[a-zA-Z0-9]+\s+'); do
+		echo "disable ${interface}"
+		ifconfig ${interface} 0.0.0.0
+		ifconfig ${interface} down
+	done
+}
+
 case $1 in
 prereqs)
 	prereqs
@@ -299,6 +327,10 @@ setup_mapping()
 		count=$(( $count + 1 ))
 
 		if [ ! -e "$NEWROOT" ]; then
+			if ! /lib/cryptsetup/naskpass_check; then
+				message "cryptsetup ($crypttarget): naskpass check failed"
+				break
+			fi
 			if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \
 			     $cryptkeyscript -c"$cryptopen"; then
 				message "cryptsetup ($crypttarget): cryptsetup failed, bad password or options?"
@@ -401,15 +433,14 @@ for opt in $(cat /proc/cmdline); do
 	esac
 done
 
-OLDPRINTK=$(cat /proc/sys/kernel/printk)
-echo '0 0 0 0' >/proc/sys/kernel/printk
+pre_naskpass
 
 if [ -n "$cmdline_cryptopts" ]; then
 	# Call setup_mapping separately for each possible cryptopts= setting
 	for cryptopt in $cmdline_cryptopts; do
 		setup_mapping "$cryptopt"
 	done
-	echo "${OLDPRINTK}" >/proc/sys/kernel/printk
+	post_naskpass
 	exit 0
 fi
 
@@ -420,5 +451,5 @@ if [ -r /conf/conf.d/cryptroot ]; then
 	done 3< /conf/conf.d/cryptroot
 fi
 
-echo "${OLDPRINTK}" >/proc/sys/kernel/printk
+post_naskpass
 exit 0
-- 
cgit v1.2.3