diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2015-08-27 15:29:58 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2015-08-28 08:00:27 +0200 |
commit | 90e766a78fe8ebf8acdc19713e9194266c78c093 (patch) | |
tree | 58556b422db0819d335e60c4b5e573206d8c872d /commands | |
parent | f38ba32965c5686c062884fab2e9f505015af82a (diff) | |
download | barebox-90e766a78fe8ebf8acdc19713e9194266c78c093.tar.gz barebox-90e766a78fe8ebf8acdc19713e9194266c78c093.tar.xz |
login: rework login mechanism
We used to have the login functionality in the /env/bin/init script.
This is hard to review and it's too easy to break the login functionality
with changes to this script. Move the places to ask for a password to
C code where we have only a few places where we have to ask for a password.
Mainly these are run_shell() and the menutree command.
This patch introduces a login() function which will only return if the correct
password has been entered. Following calls will return immediately without
asking for a password again.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'commands')
-rw-r--r-- | commands/login.c | 70 | ||||
-rw-r--r-- | commands/menutree.c | 3 |
2 files changed, 5 insertions, 68 deletions
diff --git a/commands/login.c b/commands/login.c index bf5085c854..58bb592900 100644 --- a/commands/login.c +++ b/commands/login.c @@ -19,89 +19,23 @@ #include <command.h> #include <complete.h> #include <password.h> -#include <getopt.h> -#include <environment.h> -#include <globalvar.h> -#include <magicvar.h> -#include <init.h> -#include <console.h> - -#define PASSWD_MAX_LENGTH (128 + 1) - -#if defined(CONFIG_PASSWD_MODE_STAR) -#define LOGIN_MODE STAR -#elif defined(CONFIG_PASSWD_MODE_CLEAR) -#define LOGIN_MODE CLEAR -#else -#define LOGIN_MODE HIDE -#endif - -static int login_timeout = 0; static int do_login(int argc, char *argv[]) { - unsigned char passwd[PASSWD_MAX_LENGTH]; - int passwd_len, opt; - int timeout = login_timeout; - char *timeout_cmd = "boot"; - - console_allow_input(true); - if (!is_passwd_enable()) { - puts("login: password not set\n"); - return 0; - } - - while((opt = getopt(argc, argv, "t:")) > 0) { - switch(opt) { - case 't': - timeout = simple_strtoul(optarg, NULL, 10); - break; - } - } - - if (optind != argc) - timeout_cmd = argv[optind]; - - do { - puts("Password: "); - passwd_len = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, timeout); - - if (passwd_len < 0) { - console_allow_input(false); - run_command(timeout_cmd); - } - - if (check_passwd(passwd, passwd_len) == 1) - return 0; - } while(1); + login(); return 0; } BAREBOX_CMD_HELP_START(login) BAREBOX_CMD_HELP_TEXT("Asks for a password from the console before script execution continues.") -BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command. Instead of specifying") -BAREBOX_CMD_HELP_TEXT("a TIMEOUT the magic variable 'global.login.timeout' could be set.") -BAREBOX_CMD_HELP_TEXT("") -BAREBOX_CMD_HELP_TEXT("Options:") -BAREBOX_CMD_HELP_OPT("-t TIMEOUT", "Execute COMMAND if no login withing TIMEOUT seconds") +BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command.") BAREBOX_CMD_HELP_END BAREBOX_CMD_START(login) .cmd = do_login, BAREBOX_CMD_DESC("ask for a password") - BAREBOX_CMD_OPTS("[-t TIMEOUT] COMMAND") BAREBOX_CMD_GROUP(CMD_GRP_CONSOLE) BAREBOX_CMD_HELP(cmd_login_help) BAREBOX_CMD_COMPLETE(empty_complete) BAREBOX_CMD_END - -static int login_global_init(void) -{ - globalvar_add_simple_int("login.timeout", &login_timeout, "%d"); - - return 0; -} -late_initcall(login_global_init); - -BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout, "timeout to type the password"); diff --git a/commands/menutree.c b/commands/menutree.c index 5d30b67ee5..ea5f65f3a1 100644 --- a/commands/menutree.c +++ b/commands/menutree.c @@ -12,12 +12,15 @@ #include <common.h> #include <getopt.h> #include <menu.h> +#include <password.h> static int do_menutree(int argc, char *argv[]) { int opt, ret; char *path = "/env/menu"; + login(); + while ((opt = getopt(argc, argv, "m:")) > 0) { switch (opt) { case 'm': |