mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
To: barebox@lists.infradead.org
Subject: [PATCH 4/5] login/passwd: add default password support
Date: Mon, 16 Sep 2013 19:49:59 +0200	[thread overview]
Message-ID: <1379353800-28237-4-git-send-email-plagnioj@jcrosoft.com> (raw)
In-Reply-To: <1379353800-28237-1-git-send-email-plagnioj@jcrosoft.com>

even if the env is broken you will have a password

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/passwd.c  |  8 ++---
 common/Kconfig     |  5 +++
 common/Makefile    | 20 ++++++++++++
 common/password.c  | 94 ++++++++++++++++++++++++++++++++++++++++++++++--------
 include/password.h | 22 ++++++++++---
 5 files changed, 127 insertions(+), 22 deletions(-)

diff --git a/commands/passwd.c b/commands/passwd.c
index baccfa6..368c401 100644
--- a/commands/passwd.c
+++ b/commands/passwd.c
@@ -63,7 +63,7 @@ static int do_passwd(int argc, char *argv[])
 			goto err;
 	}
 
-	ret = set_passwd(passwd1, passwd1_len);
+	ret = set_env_passwd(passwd1, passwd1_len);
 
 	if (ret < 0) {
 		puts("Sorry, passwords write failed\n");
@@ -78,15 +78,15 @@ err:
 	return 1;
 
 disable:
-	passwd_disable();
+	passwd_env_disable();
 	puts("passwd: password disabled\n");
 	return ret;
 }
 
 static const __maybe_unused char cmd_passwd_help[] =
 "Usage: passwd\n"
-"passwd allow you to specify a password\n"
-"to disable it put an empty password\n"
+"passwd allow you to specify a password in the env\n"
+"to disable it put an empty password will still use the default password if set\n"
 ;
 
 BAREBOX_CMD_START(passwd)
diff --git a/common/Kconfig b/common/Kconfig
index dd70578..5d92284 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -385,6 +385,11 @@ config PASSWORD
 	help
 	  allow you to have password protection framework
 
+config PASSWORD_DEFAULT
+	string
+	prompt "Password default"
+	depends on PASSWORD
+
 if PASSWORD
 
 choice
diff --git a/common/Makefile b/common/Makefile
index 64eacc3..9a9e3fe 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -114,6 +114,26 @@ cmd_env_h = cat $< | (cd $(obj) && $(objtree)/scripts/bin2c default_environment)
 $(obj)/barebox_default_env.h: $(obj)/barebox_default_env$(barebox_default_env_comp) FORCE
 	$(call if_changed,env_h)
 
+quiet_cmd_pwd_h = PWDH    $@
+ifneq ($(CONFIG_PASSWORD_DEFAULT),"")
+PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
+cmd_pwd_h = echo -n "const char default_passwd[] = \"" > $@; \
+	cat $< | tr -d '\n' >> $@; \
+	echo "\";" >> $@
+
+include/generated/passwd.h: $(PASSWD_FILE)
+	$(call if_changed,pwd_h)
+else
+cmd_pwd_h = echo "const char default_passwd[] = \"\";" > $@
+
+include/generated/passwd.h: FORCE
+	$(call if_changed,pwd_h)
+endif
+
+targets += include/generated/passwd.h
+
+$(obj)/password.o: include/generated/passwd.h
+
 # dependencies on generated files need to be listed explicitly
 $(obj)/version.o: include/generated/compile.h
 
diff --git a/common/password.c b/common/password.c
index d157a11..9c1e54a 100644
--- a/common/password.c
+++ b/common/password.c
@@ -25,6 +25,7 @@
 #include <malloc.h>
 #include <xfuncs.h>
 #include <clock.h>
+#include <generated/passwd.h>
 
 #if defined(CONFIG_PASSWD_SUM_MD5)
 #define PASSWD_SUM "md5"
@@ -97,7 +98,13 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
 }
 EXPORT_SYMBOL(password);
 
-int is_passwd_enable(void)
+int is_passwd_default_enable(void)
+{
+	return strlen(default_passwd) > 0;
+}
+EXPORT_SYMBOL(is_passwd_default_enable);
+
+int is_passwd_env_enable(void)
 {
 	int fd;
 
@@ -110,13 +117,13 @@ int is_passwd_enable(void)
 
 	return 1;
 }
-EXPORT_SYMBOL(is_passwd_enable);
+EXPORT_SYMBOL(is_passwd_env_enable);
 
-int passwd_disable(void)
+int passwd_env_disable(void)
 {
 	return unlink(PASSWD_FILE);
 }
-EXPORT_SYMBOL(passwd_disable);
+EXPORT_SYMBOL(passwd_env_disable);
 
 static unsigned char to_digit(unsigned char c)
 {
@@ -140,6 +147,43 @@ static unsigned char to_hexa(unsigned char c)
 
 int read_passwd(unsigned char *sum, size_t length)
 {
+	if (is_passwd_env_enable())
+		return read_env_passwd(sum, length);
+	else if (is_passwd_default_enable())
+		return read_default_passwd(sum, length);
+	else
+		return -EINVAL;
+}
+
+int read_default_passwd(unsigned char *sum, size_t length)
+{
+	int i = 0;
+	int len = strlen(default_passwd);
+	unsigned char *buf = (unsigned char *)default_passwd;
+	unsigned char c;
+
+	if (!sum || length < 1)
+		return -EINVAL;
+
+	for (i = 0; i < len && length > 0; i++) {
+		c = buf[i];
+		i++;
+
+		*sum = to_digit(c) << 4;
+
+		c = buf[i];
+
+		*sum |= to_digit(c);
+		sum++;
+		length--;
+	}
+
+	return 0;
+}
+EXPORT_SYMBOL(read_default_passwd);
+
+int read_env_passwd(unsigned char *sum, size_t length)
+{
 	int fd;
 	int ret = 0;
 	unsigned char c;
@@ -178,9 +222,9 @@ exit:
 
 	return ret;
 }
-EXPORT_SYMBOL(read_passwd);
+EXPORT_SYMBOL(read_env_passwd);
 
-int write_passwd(unsigned char *sum, size_t length)
+int write_env_passwd(unsigned char *sum, size_t length)
 {
 	int fd;
 	unsigned char c;
@@ -227,9 +271,9 @@ exit:
 
 	return ret;
 }
-EXPORT_SYMBOL(write_passwd);
+EXPORT_SYMBOL(write_env_passwd);
 
-int check_passwd(unsigned char* passwd, size_t length)
+static int __check_passwd(unsigned char* passwd, size_t length, int std)
 {
 	struct digest *d;
 	unsigned char *passwd1_sum;
@@ -256,7 +300,10 @@ int check_passwd(unsigned char* passwd, size_t length)
 
 	d->final(d, passwd1_sum);
 
-	ret = read_passwd(passwd2_sum, d->length);
+	if (std)
+		ret = read_env_passwd(passwd2_sum, d->length);
+	else
+		ret = read_default_passwd(passwd2_sum, d->length);
 
 	if (ret < 0)
 		goto err2;
@@ -271,9 +318,30 @@ err1:
 
 	return ret;
 }
-EXPORT_SYMBOL(check_passwd);
 
-int set_passwd(unsigned char* passwd, size_t length)
+int check_default_passwd(unsigned char* passwd, size_t length)
+{
+	return __check_passwd(passwd, length, 0);
+}
+EXPORT_SYMBOL(check_default_passwd);
+
+int check_env_passwd(unsigned char* passwd, size_t length)
+{
+	return __check_passwd(passwd, length, 1);
+}
+EXPORT_SYMBOL(check_env_passwd);
+
+int check_passwd(unsigned char* passwd, size_t length)
+{
+	if (is_passwd_env_enable())
+		return check_env_passwd(passwd, length);
+	else if (is_passwd_default_enable())
+		return check_default_passwd(passwd, length);
+	else
+		return -EINVAL;
+}
+
+int set_env_passwd(unsigned char* passwd, size_t length)
 {
 	struct digest *d;
 	unsigned char *passwd_sum;
@@ -292,10 +360,10 @@ int set_passwd(unsigned char* passwd, size_t length)
 
 	d->final(d, passwd_sum);
 
-	ret = write_passwd(passwd_sum, d->length);
+	ret = write_env_passwd(passwd_sum, d->length);
 
 	free(passwd_sum);
 
 	return ret;
 }
-EXPORT_SYMBOL(set_passwd);
+EXPORT_SYMBOL(set_env_passwd);
diff --git a/include/password.h b/include/password.h
index df03cd7..0dd1054 100644
--- a/include/password.h
+++ b/include/password.h
@@ -28,11 +28,23 @@
 int password(unsigned char *passwd, size_t length, int flags, int timeout);
 
 int read_passwd(unsigned char *sum, size_t length);
-int write_passwd(unsigned char *sum, size_t length);
-
-int is_passwd_enable(void);
-int passwd_disable(void);
 int check_passwd(unsigned char* passwd, size_t length);
-int set_passwd(unsigned char* passwd, size_t length);
+
+int read_env_passwd(unsigned char *sum, size_t length);
+int write_env_passwd(unsigned char *sum, size_t length);
+
+int read_default_passwd(unsigned char *sum, size_t length);
+int is_passwd_default_enable(void);
+int check_default_passwd(unsigned char* passwd, size_t length);
+
+int is_passwd_env_enable(void);
+int passwd_env_disable(void);
+int check_env_passwd(unsigned char* passwd, size_t length);
+int set_env_passwd(unsigned char* passwd, size_t length);
+
+static inline int is_passwd_enable(void)
+{
+	return is_passwd_default_enable() || is_passwd_env_enable();
+}
 
 #endif /* __PASSWORD_H__ */
-- 
1.8.4.rc1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

  parent reply	other threads:[~2013-09-16 17:49 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-16 17:48 [PATCH 0/5 v3] defaultenv-2: add login support Jean-Christophe PLAGNIOL-VILLARD
2013-09-16 17:49 ` [PATCH 1/5] globalvar: add globalvar_add_simple_int/bool/enum/ip support Jean-Christophe PLAGNIOL-VILLARD
2013-09-16 17:49   ` [PATCH 2/5] login: add globalvar timeout support Jean-Christophe PLAGNIOL-VILLARD
2013-09-16 17:49   ` [PATCH 3/5] login: disable input console if password wrong Jean-Christophe PLAGNIOL-VILLARD
2013-09-16 17:49   ` Jean-Christophe PLAGNIOL-VILLARD [this message]
2013-09-16 17:50   ` [PATCH 5/5] defaultenv-2: add login support Jean-Christophe PLAGNIOL-VILLARD
2013-09-18  7:25 ` [PATCH 0/5 v3] " Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1379353800-28237-4-git-send-email-plagnioj@jcrosoft.com \
    --to=plagnioj@jcrosoft.com \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox