diff options
| author | Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> | 2013-09-16 19:49:58 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2013-09-19 08:49:47 +0200 |
| commit | bb89ea62a0b7e5c6fcedfe1a28b6dd82236247ce (patch) | |
| tree | 45448d5807a24e8bd1b42e27994334e590763f2f /common | |
| parent | 54385ace4b98f8131d53757d18858d0729960dc2 (diff) | |
| download | barebox-bb89ea62a0b7e5c6fcedfe1a28b6dd82236247ce.tar.gz barebox-bb89ea62a0b7e5c6fcedfe1a28b6dd82236247ce.tar.xz | |
login: disable input console if password wrong
so we guarantee that barebox is secured again user interaction
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'common')
| -rw-r--r-- | common/console.c | 6 | ||||
| -rw-r--r-- | common/console_common.c | 33 | ||||
| -rw-r--r-- | common/console_simple.c | 7 | ||||
| -rw-r--r-- | common/startup.c | 2 |
4 files changed, 48 insertions, 0 deletions
diff --git a/common/console.c b/common/console.c index 6ca94e2a02..49318291db 100644 --- a/common/console.c +++ b/common/console.c @@ -236,6 +236,9 @@ int getc(void) unsigned char ch; uint64_t start; + if (unlikely(!console_is_input_allow())) + return -EPERM; + /* * For 100us we read the characters from the serial driver * into a kfifo. This helps us not to lose characters @@ -270,6 +273,9 @@ EXPORT_SYMBOL(fgetc); int tstc(void) { + if (unlikely(!console_is_input_allow())) + return 0; + return kfifo_len(console_input_fifo) || tstc_raw(); } EXPORT_SYMBOL(tstc); diff --git a/common/console_common.c b/common/console_common.c index d139d1a8fe..d1b823ef8a 100644 --- a/common/console_common.c +++ b/common/console_common.c @@ -21,9 +21,42 @@ #include <common.h> #include <fs.h> #include <errno.h> +#include <console.h> +#include <init.h> +#include <environment.h> +#include <globalvar.h> +#include <magicvar.h> +#include <password.h> #ifndef CONFIG_CONSOLE_NONE +static int console_input_allow; + +static int console_global_init(void) +{ + if (IS_ENABLED(CONFIG_CMD_LOGIN) && is_passwd_enable()) + console_input_allow = 0; + else + console_input_allow = 1; + + globalvar_add_simple_bool("console.input_allow", &console_input_allow); + + return 0; +} +late_initcall(console_global_init); + +BAREBOX_MAGICVAR_NAMED(global_console_input_allow, global.console.input_allow, "console input allowed"); + +bool console_is_input_allow(void) +{ + return console_input_allow; +} + +void console_allow_input(bool val) +{ + console_input_allow = val; +} + int printf(const char *fmt, ...) { va_list args; diff --git a/common/console_simple.c b/common/console_simple.c index 101064b69a..5c80dcdf1e 100644 --- a/common/console_simple.c +++ b/common/console_simple.c @@ -3,6 +3,7 @@ #include <fs.h> #include <errno.h> #include <debug_ll.h> +#include <console.h> LIST_HEAD(console_list); EXPORT_SYMBOL(console_list); @@ -40,6 +41,9 @@ EXPORT_SYMBOL(console_putc); int tstc(void) { + if (unlikely(!console_is_input_allow())) + return 0; + if (!console) return 0; @@ -49,6 +53,9 @@ EXPORT_SYMBOL(tstc); int getc(void) { + if (unlikely(!console_is_input_allow())) + return -EPERM; + if (!console) return -EINVAL; return console->getc(console); diff --git a/common/startup.c b/common/startup.c index 9b33a92c86..0a36c07aae 100644 --- a/common/startup.c +++ b/common/startup.c @@ -138,6 +138,8 @@ void __noreturn start_barebox(void) run_command("source /env/bin/init", 0); } else { pr_err("/env/bin/init not found\n"); + if (IS_ENABLED(CONFIG_CMD_LOGIN)) + while(run_command("login -t 0", 0)); } } |