login/passwd: add default password support
even if the env is broken you will have a password Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
This commit is contained in:
parent
bb89ea62a0
commit
892c005849
|
@ -63,7 +63,7 @@ static int do_passwd(int argc, char *argv[])
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = set_passwd(passwd1, passwd1_len);
|
ret = set_env_passwd(passwd1, passwd1_len);
|
||||||
|
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
puts("Sorry, passwords write failed\n");
|
puts("Sorry, passwords write failed\n");
|
||||||
|
@ -78,15 +78,15 @@ err:
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
disable:
|
disable:
|
||||||
passwd_disable();
|
passwd_env_disable();
|
||||||
puts("passwd: password disabled\n");
|
puts("passwd: password disabled\n");
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const __maybe_unused char cmd_passwd_help[] =
|
static const __maybe_unused char cmd_passwd_help[] =
|
||||||
"Usage: passwd\n"
|
"Usage: passwd\n"
|
||||||
"passwd allow you to specify a password\n"
|
"passwd allow you to specify a password in the env\n"
|
||||||
"to disable it put an empty password\n"
|
"to disable it put an empty password will still use the default password if set\n"
|
||||||
;
|
;
|
||||||
|
|
||||||
BAREBOX_CMD_START(passwd)
|
BAREBOX_CMD_START(passwd)
|
||||||
|
|
|
@ -385,6 +385,11 @@ config PASSWORD
|
||||||
help
|
help
|
||||||
allow you to have password protection framework
|
allow you to have password protection framework
|
||||||
|
|
||||||
|
config PASSWORD_DEFAULT
|
||||||
|
string
|
||||||
|
prompt "Password default"
|
||||||
|
depends on PASSWORD
|
||||||
|
|
||||||
if PASSWORD
|
if PASSWORD
|
||||||
|
|
||||||
choice
|
choice
|
||||||
|
|
|
@ -114,6 +114,26 @@ cmd_env_h = cat $< | (cd $(obj) && $(objtree)/scripts/bin2c default_environment)
|
||||||
$(obj)/barebox_default_env.h: $(obj)/barebox_default_env$(barebox_default_env_comp) FORCE
|
$(obj)/barebox_default_env.h: $(obj)/barebox_default_env$(barebox_default_env_comp) FORCE
|
||||||
$(call if_changed,env_h)
|
$(call if_changed,env_h)
|
||||||
|
|
||||||
|
quiet_cmd_pwd_h = PWDH $@
|
||||||
|
ifneq ($(CONFIG_PASSWORD_DEFAULT),"")
|
||||||
|
PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
|
||||||
|
cmd_pwd_h = echo -n "const char default_passwd[] = \"" > $@; \
|
||||||
|
cat $< | tr -d '\n' >> $@; \
|
||||||
|
echo "\";" >> $@
|
||||||
|
|
||||||
|
include/generated/passwd.h: $(PASSWD_FILE)
|
||||||
|
$(call if_changed,pwd_h)
|
||||||
|
else
|
||||||
|
cmd_pwd_h = echo "const char default_passwd[] = \"\";" > $@
|
||||||
|
|
||||||
|
include/generated/passwd.h: FORCE
|
||||||
|
$(call if_changed,pwd_h)
|
||||||
|
endif
|
||||||
|
|
||||||
|
targets += include/generated/passwd.h
|
||||||
|
|
||||||
|
$(obj)/password.o: include/generated/passwd.h
|
||||||
|
|
||||||
# dependencies on generated files need to be listed explicitly
|
# dependencies on generated files need to be listed explicitly
|
||||||
$(obj)/version.o: include/generated/compile.h
|
$(obj)/version.o: include/generated/compile.h
|
||||||
|
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
#include <malloc.h>
|
#include <malloc.h>
|
||||||
#include <xfuncs.h>
|
#include <xfuncs.h>
|
||||||
#include <clock.h>
|
#include <clock.h>
|
||||||
|
#include <generated/passwd.h>
|
||||||
|
|
||||||
#if defined(CONFIG_PASSWD_SUM_MD5)
|
#if defined(CONFIG_PASSWD_SUM_MD5)
|
||||||
#define PASSWD_SUM "md5"
|
#define PASSWD_SUM "md5"
|
||||||
|
@ -97,7 +98,13 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(password);
|
EXPORT_SYMBOL(password);
|
||||||
|
|
||||||
int is_passwd_enable(void)
|
int is_passwd_default_enable(void)
|
||||||
|
{
|
||||||
|
return strlen(default_passwd) > 0;
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(is_passwd_default_enable);
|
||||||
|
|
||||||
|
int is_passwd_env_enable(void)
|
||||||
{
|
{
|
||||||
int fd;
|
int fd;
|
||||||
|
|
||||||
|
@ -110,13 +117,13 @@ int is_passwd_enable(void)
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(is_passwd_enable);
|
EXPORT_SYMBOL(is_passwd_env_enable);
|
||||||
|
|
||||||
int passwd_disable(void)
|
int passwd_env_disable(void)
|
||||||
{
|
{
|
||||||
return unlink(PASSWD_FILE);
|
return unlink(PASSWD_FILE);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(passwd_disable);
|
EXPORT_SYMBOL(passwd_env_disable);
|
||||||
|
|
||||||
static unsigned char to_digit(unsigned char c)
|
static unsigned char to_digit(unsigned char c)
|
||||||
{
|
{
|
||||||
|
@ -139,6 +146,43 @@ static unsigned char to_hexa(unsigned char c)
|
||||||
}
|
}
|
||||||
|
|
||||||
int read_passwd(unsigned char *sum, size_t length)
|
int read_passwd(unsigned char *sum, size_t length)
|
||||||
|
{
|
||||||
|
if (is_passwd_env_enable())
|
||||||
|
return read_env_passwd(sum, length);
|
||||||
|
else if (is_passwd_default_enable())
|
||||||
|
return read_default_passwd(sum, length);
|
||||||
|
else
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
int read_default_passwd(unsigned char *sum, size_t length)
|
||||||
|
{
|
||||||
|
int i = 0;
|
||||||
|
int len = strlen(default_passwd);
|
||||||
|
unsigned char *buf = (unsigned char *)default_passwd;
|
||||||
|
unsigned char c;
|
||||||
|
|
||||||
|
if (!sum || length < 1)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
|
for (i = 0; i < len && length > 0; i++) {
|
||||||
|
c = buf[i];
|
||||||
|
i++;
|
||||||
|
|
||||||
|
*sum = to_digit(c) << 4;
|
||||||
|
|
||||||
|
c = buf[i];
|
||||||
|
|
||||||
|
*sum |= to_digit(c);
|
||||||
|
sum++;
|
||||||
|
length--;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(read_default_passwd);
|
||||||
|
|
||||||
|
int read_env_passwd(unsigned char *sum, size_t length)
|
||||||
{
|
{
|
||||||
int fd;
|
int fd;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
@ -178,9 +222,9 @@ exit:
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(read_passwd);
|
EXPORT_SYMBOL(read_env_passwd);
|
||||||
|
|
||||||
int write_passwd(unsigned char *sum, size_t length)
|
int write_env_passwd(unsigned char *sum, size_t length)
|
||||||
{
|
{
|
||||||
int fd;
|
int fd;
|
||||||
unsigned char c;
|
unsigned char c;
|
||||||
|
@ -227,9 +271,9 @@ exit:
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(write_passwd);
|
EXPORT_SYMBOL(write_env_passwd);
|
||||||
|
|
||||||
int check_passwd(unsigned char* passwd, size_t length)
|
static int __check_passwd(unsigned char* passwd, size_t length, int std)
|
||||||
{
|
{
|
||||||
struct digest *d;
|
struct digest *d;
|
||||||
unsigned char *passwd1_sum;
|
unsigned char *passwd1_sum;
|
||||||
|
@ -256,7 +300,10 @@ int check_passwd(unsigned char* passwd, size_t length)
|
||||||
|
|
||||||
d->final(d, passwd1_sum);
|
d->final(d, passwd1_sum);
|
||||||
|
|
||||||
ret = read_passwd(passwd2_sum, d->length);
|
if (std)
|
||||||
|
ret = read_env_passwd(passwd2_sum, d->length);
|
||||||
|
else
|
||||||
|
ret = read_default_passwd(passwd2_sum, d->length);
|
||||||
|
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err2;
|
goto err2;
|
||||||
|
@ -271,9 +318,30 @@ err1:
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(check_passwd);
|
|
||||||
|
|
||||||
int set_passwd(unsigned char* passwd, size_t length)
|
int check_default_passwd(unsigned char* passwd, size_t length)
|
||||||
|
{
|
||||||
|
return __check_passwd(passwd, length, 0);
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(check_default_passwd);
|
||||||
|
|
||||||
|
int check_env_passwd(unsigned char* passwd, size_t length)
|
||||||
|
{
|
||||||
|
return __check_passwd(passwd, length, 1);
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL(check_env_passwd);
|
||||||
|
|
||||||
|
int check_passwd(unsigned char* passwd, size_t length)
|
||||||
|
{
|
||||||
|
if (is_passwd_env_enable())
|
||||||
|
return check_env_passwd(passwd, length);
|
||||||
|
else if (is_passwd_default_enable())
|
||||||
|
return check_default_passwd(passwd, length);
|
||||||
|
else
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
int set_env_passwd(unsigned char* passwd, size_t length)
|
||||||
{
|
{
|
||||||
struct digest *d;
|
struct digest *d;
|
||||||
unsigned char *passwd_sum;
|
unsigned char *passwd_sum;
|
||||||
|
@ -292,10 +360,10 @@ int set_passwd(unsigned char* passwd, size_t length)
|
||||||
|
|
||||||
d->final(d, passwd_sum);
|
d->final(d, passwd_sum);
|
||||||
|
|
||||||
ret = write_passwd(passwd_sum, d->length);
|
ret = write_env_passwd(passwd_sum, d->length);
|
||||||
|
|
||||||
free(passwd_sum);
|
free(passwd_sum);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(set_passwd);
|
EXPORT_SYMBOL(set_env_passwd);
|
||||||
|
|
|
@ -28,11 +28,23 @@
|
||||||
int password(unsigned char *passwd, size_t length, int flags, int timeout);
|
int password(unsigned char *passwd, size_t length, int flags, int timeout);
|
||||||
|
|
||||||
int read_passwd(unsigned char *sum, size_t length);
|
int read_passwd(unsigned char *sum, size_t length);
|
||||||
int write_passwd(unsigned char *sum, size_t length);
|
|
||||||
|
|
||||||
int is_passwd_enable(void);
|
|
||||||
int passwd_disable(void);
|
|
||||||
int check_passwd(unsigned char* passwd, size_t length);
|
int check_passwd(unsigned char* passwd, size_t length);
|
||||||
int set_passwd(unsigned char* passwd, size_t length);
|
|
||||||
|
int read_env_passwd(unsigned char *sum, size_t length);
|
||||||
|
int write_env_passwd(unsigned char *sum, size_t length);
|
||||||
|
|
||||||
|
int read_default_passwd(unsigned char *sum, size_t length);
|
||||||
|
int is_passwd_default_enable(void);
|
||||||
|
int check_default_passwd(unsigned char* passwd, size_t length);
|
||||||
|
|
||||||
|
int is_passwd_env_enable(void);
|
||||||
|
int passwd_env_disable(void);
|
||||||
|
int check_env_passwd(unsigned char* passwd, size_t length);
|
||||||
|
int set_env_passwd(unsigned char* passwd, size_t length);
|
||||||
|
|
||||||
|
static inline int is_passwd_enable(void)
|
||||||
|
{
|
||||||
|
return is_passwd_default_enable() || is_passwd_env_enable();
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* __PASSWORD_H__ */
|
#endif /* __PASSWORD_H__ */
|
||||||
|
|
Loading…
Reference in New Issue