From 90e766a78fe8ebf8acdc19713e9194266c78c093 Mon Sep 17 00:00:00 2001 From: Sascha Hauer Date: Thu, 27 Aug 2015 15:29:58 +0200 Subject: login: rework login mechanism We used to have the login functionality in the /env/bin/init script. This is hard to review and it's too easy to break the login functionality with changes to this script. Move the places to ask for a password to C code where we have only a few places where we have to ask for a password. Mainly these are run_shell() and the menutree command. This patch introduces a login() function which will only return if the correct password has been entered. Following calls will return immediately without asking for a password again. Signed-off-by: Sascha Hauer --- commands/login.c | 70 ++--------------------------------------------------- commands/menutree.c | 3 +++ 2 files changed, 5 insertions(+), 68 deletions(-) (limited to 'commands') diff --git a/commands/login.c b/commands/login.c index bf5085c854..58bb592900 100644 --- a/commands/login.c +++ b/commands/login.c @@ -19,89 +19,23 @@ #include #include #include -#include -#include -#include -#include -#include -#include - -#define PASSWD_MAX_LENGTH (128 + 1) - -#if defined(CONFIG_PASSWD_MODE_STAR) -#define LOGIN_MODE STAR -#elif defined(CONFIG_PASSWD_MODE_CLEAR) -#define LOGIN_MODE CLEAR -#else -#define LOGIN_MODE HIDE -#endif - -static int login_timeout = 0; static int do_login(int argc, char *argv[]) { - unsigned char passwd[PASSWD_MAX_LENGTH]; - int passwd_len, opt; - int timeout = login_timeout; - char *timeout_cmd = "boot"; - - console_allow_input(true); - if (!is_passwd_enable()) { - puts("login: password not set\n"); - return 0; - } - - while((opt = getopt(argc, argv, "t:")) > 0) { - switch(opt) { - case 't': - timeout = simple_strtoul(optarg, NULL, 10); - break; - } - } - - if (optind != argc) - timeout_cmd = argv[optind]; - - do { - puts("Password: "); - passwd_len = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, timeout); - - if (passwd_len < 0) { - console_allow_input(false); - run_command(timeout_cmd); - } - - if (check_passwd(passwd, passwd_len) == 1) - return 0; - } while(1); + login(); return 0; } BAREBOX_CMD_HELP_START(login) BAREBOX_CMD_HELP_TEXT("Asks for a password from the console before script execution continues.") -BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command. Instead of specifying") -BAREBOX_CMD_HELP_TEXT("a TIMEOUT the magic variable 'global.login.timeout' could be set.") -BAREBOX_CMD_HELP_TEXT("") -BAREBOX_CMD_HELP_TEXT("Options:") -BAREBOX_CMD_HELP_OPT("-t TIMEOUT", "Execute COMMAND if no login withing TIMEOUT seconds") +BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command.") BAREBOX_CMD_HELP_END BAREBOX_CMD_START(login) .cmd = do_login, BAREBOX_CMD_DESC("ask for a password") - BAREBOX_CMD_OPTS("[-t TIMEOUT] COMMAND") BAREBOX_CMD_GROUP(CMD_GRP_CONSOLE) BAREBOX_CMD_HELP(cmd_login_help) BAREBOX_CMD_COMPLETE(empty_complete) BAREBOX_CMD_END - -static int login_global_init(void) -{ - globalvar_add_simple_int("login.timeout", &login_timeout, "%d"); - - return 0; -} -late_initcall(login_global_init); - -BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout, "timeout to type the password"); diff --git a/commands/menutree.c b/commands/menutree.c index 5d30b67ee5..ea5f65f3a1 100644 --- a/commands/menutree.c +++ b/commands/menutree.c @@ -12,12 +12,15 @@ #include #include #include +#include static int do_menutree(int argc, char *argv[]) { int opt, ret; char *path = "/env/menu"; + login(); + while ((opt = getopt(argc, argv, "m:")) > 0) { switch (opt) { case 'm': -- cgit v1.2.3