#!/bin/sh
#
# $NetBSD: random_seed,v 1.7.26.2 2020/05/02 16:24:11 martin Exp $
#

# PROVIDE: random_seed
# REQUIRE: mountcritlocal
# BEFORE: securelevel
# BEFORE: bootconf
# KEYWORD: shutdown
#
# The "BEFORE: securelevel" is a real dependency, in that
# this script won't work if run after the securelevel is changed.
#
# The "BEFORE: bootconf" is intended to cause this to
# be the first script that runs after mountcritlocal.

$_rc_subr_loaded . /etc/rc.subr

name="random_seed"
rcvar=$name
start_cmd="random_load"
stop_cmd="random_save"

random_file="${random_file:-/var/db/entropy-file}"

message()
{
	echo "${name}: ${random_file}: $@" 1>&2
}

getfstype() {
	df -G "$1" | while read line; do
		set -- $line
		if [ "$2" = "fstype" ]; then
			echo "$1"
			return
		fi
	done
}

fs_safe()
{
	#
	# Enforce that the file's on a local file system.
	# Include only the types we can actually write.
	#
	fstype="$(getfstype "$1")"
	case "${fstype}" in
	ffs|lfs|ext2fs|msdos|v7fs|zfs)
		return 0
		;;
	*)
		message "Bad file system type ${fstype}"
		return 1
		;;
	esac
}

random_load()
{
	if [ ! -f "${random_file}" ]; then
		message "Not present"
		return
	fi

	if ! fs_safe "$(dirname "${random_file}")"; then
		return 1
	fi

	set -- $(ls -ldn "${random_file}")
	st_mode="$1" # should be "-rw-------"
	st_uid="$3"  # should be "0" for root

	# The file must be owned by root,
	if [ "$st_uid" != "0" ]; then
		message "Bad owner ${st_uid}"
		return 1
	fi
	# and root read/write only.
	if [ "$st_mode" != "-rw-------" ]; then
		message "Bad mode ${st_mode}"
		return 1
	fi

	if rndctl -L "${random_file}"; then
		echo "Loaded entropy from ${random_file}."
	fi
}

random_save()
{
	oum="$(umask)"
	umask 077

	if ! fs_safe "$(dirname "${random_file}")"; then
		umask "${oum}"
		return 1
	fi

	if rndctl -S "${random_file}"; then
		echo "Saved entropy to ${random_file}."
	fi
	umask "${oum}"
}


load_rc_config "${name}"
run_rc_command "$1"