blob: 94ee0142303ccf661733bd7cfe8a69bbe2c3184a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#!/bin/sh
# vim: set noexpandtab:
. /etc/initrd.defaults
. /etc/initrd.scripts
. "${CRYPT_ENV_FILE}"
[ -e /etc/initrd.splash ] && . /etc/initrd.splash
GK_INIT_LOG_PREFIX=${0}
if [ -n "${SSH_CLIENT}" ]
then
SSH_CLIENT_IP=$(echo "${SSH_CLIENT}" | awk '{ print $1 }')
SSH_CLIENT_PORT=$(echo "${SSH_CLIENT}" | awk '{ print $2 }')
if [ -n "${SSH_CLIENT_IP}" ] && [ -n "${SSH_CLIENT_PORT}" ]
then
GK_INIT_LOG_PREFIX="${0}[${SSH_CLIENT_IP}:${SSH_CLIENT_PORT}]"
export SSH_CLIENT_IP
export SSH_CLIENT_PORT
fi
fi
receivefile() {
case ${1} in
root)
file=${CRYPT_KEYFILE_ROOT}
;;
swap)
file=${CRYPT_KEYFILE_SWAP}
;;
'')
bad_msg "No keyfile specified." "${CRYPT_SILENT}"
exit 1
;;
*)
bad_msg "Unknown '${1}' keyfile received." "${CRYPT_SILENT}"
exit 1
;;
esac
# limit maximum stored bytes to 1M to avoid killing the server
run dd of="${file}" count=1k bs=1k 2>/dev/null
return $?
}
if [ "x${1}" = "x-c" ]
then
command=$(echo "${2}" | awk '{ print $1 }')
type=$(echo "${2}" | awk '{ print $2 }')
case ${command} in
post)
if receivefile "${type}"
then
if unlock-luks "${type}"
then
if [ "${type}" = 'root' ]
then
# this is required to keep scripted unlock working
# without requring an additional command.
resume-boot
fi
exit 0
else
exit 1
fi
else
bad_msg "Keyfile was not properly received!" "${CRYPT_SILENT}"
exit 1
fi
;;
*)
bad_msg "Command '${command}' is not supported!" "${CRYPT_SILENT}"
exit 1
esac
else
run touch "${GK_SSHD_LOCKFILE}"
# Don't log further remote shell output
GK_INIT_LOG=
gk_ver="$(cat /etc/build_id)"
gk_build_date="$(cat /etc/build_date)"
kernel_ver="$(uname -r)"
export PS1='remote rescueshell \w \# '
GOOD=${BLUE} good_msg "${NORMAL}Welcome to ${BOLD}${gk_ver}${NORMAL} (${gk_build_date}) ${BOLD}remote rescue shell${NORMAL}!"
GOOD=${BLUE} good_msg "${NORMAL}...running Linux kernel ${BOLD}${kernel_ver}${NORMAL}"
echo
good_msg "${NORMAL}The lockfile '${BOLD}${GK_SSHD_LOCKFILE}${NORMAL}' was created."
good_msg "${NORMAL}In order to resume boot process, run '${BOLD}resume-boot${NORMAL}'."
good_msg "${NORMAL}Be aware that it will kill your connection which means"
good_msg "${NORMAL}you will no longer be able to work in this shell."
if [ -n "${CRYPT_ROOT}" ] && [ ! -f "${CRYPT_ROOT_OPENED_LOCKFILE}" ]
then
good_msg "${NORMAL}To remote unlock LUKS-encrypted root device, run '${BOLD}unlock-luks root${NORMAL}'."
fi
if [ -n "${CRYPT_SWAP}" ] && [ ! -f "${CRYPT_ROOT_OPENED_LOCKFILE}" ]
then
good_msg "${NORMAL}To remote unlock LUKS-encrypted swap device, run '${BOLD}unlock-luks swap${NORMAL}'."
fi
if [ -e "${ZFS_ENC_ENV_FILE}" ] && [ ! -f "${ZFS_ENC_OPENED_LOCKFILE}" ]
then
good_msg "${NORMAL}To remote unlock ZFS root device, run '${BOLD}unlock-zfs${NORMAL}'."
fi
echo
[ -x /bin/sh ] && SH=/bin/sh || SH=/bin/ash
exec \
env \
SSH_CLIENT_IP="${SSH_CLIENT_IP}" \
SSH_CLIENT_PORT="${SSH_CLIENT_PORT}" \
${SH} --login
fi
exit 0
|