From 5ee2f2f5960044bdca0a5e1baf77225bdad6409d Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 16:14:45 +0200
Subject: Adding upstream version 4+nmu1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 askpass | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100755 askpass

(limited to 'askpass')

diff --git a/askpass b/askpass
new file mode 100755
index 0000000..09df0c8
--- /dev/null
+++ b/askpass
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+DIVERTED_ASKPASS=${DIVERTED_ASKPASS:-/lib/cryptsetup/askpass.cryptsetup}
+NUKE_PASSWORD_HASH_PATH=${NUKE_PASSWORD_HASH_PATH:-/etc/cryptsetup-nuke-password/password_hash}
+CRYPT_HELPER=${CRYPT_HELPER:-/usr/lib/cryptsetup-nuke-password/crypt}
+
+sanity_checks() {
+    local cryptsetup="$(which cryptsetup 2>/dev/null)"
+    if [ -z "$cryptsetup" ]; then
+	echo "$0: WARNING: cryptsetup not found in PATH" >&2
+	return 1
+    fi
+    if [ ! -e "$CRYPTTAB_SOURCE" ]; then
+	echo "$0: WARNING: \$CRYPTTAB_SOURCE (value: $CRYPTTAB_SOURCE) does not exist" >&2
+	return 1
+    fi
+    if [ ! -x "$CRYPT_HELPER" ]; then
+	echo "$0: WARNING: $CRYPT_HELPER is not executable" >&2
+	return 1
+    fi
+    return 0
+}
+
+hash_is_matching() {
+    local pass="$1"
+    local pass_hash
+
+    if [ ! -r $NUKE_PASSWORD_HASH_PATH ]; then
+	# No hash, no match
+	return 1
+    fi
+    pass_hash=$(cat $NUKE_PASSWORD_HASH_PATH)
+    if echo -n "$pass" | $CRYPT_HELPER --check "$pass_hash"; then
+	# User typed the nuke password!
+	return 0
+    else
+	return 1
+    fi
+}
+
+nuke_cryptsetup_partition() {
+    local partition="$1"
+    cryptsetup --batch-mode erase "$partition"
+}
+
+if [ ! -x "$DIVERTED_ASKPASS" ]; then
+    echo "ERROR: $DIVERTED_ASKPASS is not available/executable" >&2
+    exit 1
+fi
+
+PASSWORD=$($DIVERTED_ASKPASS "$1")
+
+if sanity_checks && hash_is_matching "$PASSWORD"; then
+    nuke_cryptsetup_partition "$CRYPTTAB_SOURCE"
+fi
+
+# Forward the password
+echo -n "$PASSWORD"
-- 
cgit v1.2.3