From 892c00584937426742a79b12243776a54980c087 Mon Sep 17 00:00:00 2001 From: Jean-Christophe PLAGNIOL-VILLARD Date: Mon, 16 Sep 2013 19:49:59 +0200 Subject: login/passwd: add default password support even if the env is broken you will have a password Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD Signed-off-by: Sascha Hauer --- common/Kconfig | 5 +++ common/Makefile | 20 ++++++++++++ common/password.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 106 insertions(+), 13 deletions(-) (limited to 'common') diff --git a/common/Kconfig b/common/Kconfig index dd705782ab..5d922847e8 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -385,6 +385,11 @@ config PASSWORD help allow you to have password protection framework +config PASSWORD_DEFAULT + string + prompt "Password default" + depends on PASSWORD + if PASSWORD choice diff --git a/common/Makefile b/common/Makefile index 64eacc3047..9a9e3fe7d9 100644 --- a/common/Makefile +++ b/common/Makefile @@ -114,6 +114,26 @@ cmd_env_h = cat $< | (cd $(obj) && $(objtree)/scripts/bin2c default_environment) $(obj)/barebox_default_env.h: $(obj)/barebox_default_env$(barebox_default_env_comp) FORCE $(call if_changed,env_h) +quiet_cmd_pwd_h = PWDH $@ +ifneq ($(CONFIG_PASSWORD_DEFAULT),"") +PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f) +cmd_pwd_h = echo -n "const char default_passwd[] = \"" > $@; \ + cat $< | tr -d '\n' >> $@; \ + echo "\";" >> $@ + +include/generated/passwd.h: $(PASSWD_FILE) + $(call if_changed,pwd_h) +else +cmd_pwd_h = echo "const char default_passwd[] = \"\";" > $@ + +include/generated/passwd.h: FORCE + $(call if_changed,pwd_h) +endif + +targets += include/generated/passwd.h + +$(obj)/password.o: include/generated/passwd.h + # dependencies on generated files need to be listed explicitly $(obj)/version.o: include/generated/compile.h diff --git a/common/password.c b/common/password.c index d157a11b7b..9c1e54a359 100644 --- a/common/password.c +++ b/common/password.c @@ -25,6 +25,7 @@ #include #include #include +#include #if defined(CONFIG_PASSWD_SUM_MD5) #define PASSWD_SUM "md5" @@ -97,7 +98,13 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout) } EXPORT_SYMBOL(password); -int is_passwd_enable(void) +int is_passwd_default_enable(void) +{ + return strlen(default_passwd) > 0; +} +EXPORT_SYMBOL(is_passwd_default_enable); + +int is_passwd_env_enable(void) { int fd; @@ -110,13 +117,13 @@ int is_passwd_enable(void) return 1; } -EXPORT_SYMBOL(is_passwd_enable); +EXPORT_SYMBOL(is_passwd_env_enable); -int passwd_disable(void) +int passwd_env_disable(void) { return unlink(PASSWD_FILE); } -EXPORT_SYMBOL(passwd_disable); +EXPORT_SYMBOL(passwd_env_disable); static unsigned char to_digit(unsigned char c) { @@ -139,6 +146,43 @@ static unsigned char to_hexa(unsigned char c) } int read_passwd(unsigned char *sum, size_t length) +{ + if (is_passwd_env_enable()) + return read_env_passwd(sum, length); + else if (is_passwd_default_enable()) + return read_default_passwd(sum, length); + else + return -EINVAL; +} + +int read_default_passwd(unsigned char *sum, size_t length) +{ + int i = 0; + int len = strlen(default_passwd); + unsigned char *buf = (unsigned char *)default_passwd; + unsigned char c; + + if (!sum || length < 1) + return -EINVAL; + + for (i = 0; i < len && length > 0; i++) { + c = buf[i]; + i++; + + *sum = to_digit(c) << 4; + + c = buf[i]; + + *sum |= to_digit(c); + sum++; + length--; + } + + return 0; +} +EXPORT_SYMBOL(read_default_passwd); + +int read_env_passwd(unsigned char *sum, size_t length) { int fd; int ret = 0; @@ -178,9 +222,9 @@ exit: return ret; } -EXPORT_SYMBOL(read_passwd); +EXPORT_SYMBOL(read_env_passwd); -int write_passwd(unsigned char *sum, size_t length) +int write_env_passwd(unsigned char *sum, size_t length) { int fd; unsigned char c; @@ -227,9 +271,9 @@ exit: return ret; } -EXPORT_SYMBOL(write_passwd); +EXPORT_SYMBOL(write_env_passwd); -int check_passwd(unsigned char* passwd, size_t length) +static int __check_passwd(unsigned char* passwd, size_t length, int std) { struct digest *d; unsigned char *passwd1_sum; @@ -256,7 +300,10 @@ int check_passwd(unsigned char* passwd, size_t length) d->final(d, passwd1_sum); - ret = read_passwd(passwd2_sum, d->length); + if (std) + ret = read_env_passwd(passwd2_sum, d->length); + else + ret = read_default_passwd(passwd2_sum, d->length); if (ret < 0) goto err2; @@ -271,9 +318,30 @@ err1: return ret; } -EXPORT_SYMBOL(check_passwd); -int set_passwd(unsigned char* passwd, size_t length) +int check_default_passwd(unsigned char* passwd, size_t length) +{ + return __check_passwd(passwd, length, 0); +} +EXPORT_SYMBOL(check_default_passwd); + +int check_env_passwd(unsigned char* passwd, size_t length) +{ + return __check_passwd(passwd, length, 1); +} +EXPORT_SYMBOL(check_env_passwd); + +int check_passwd(unsigned char* passwd, size_t length) +{ + if (is_passwd_env_enable()) + return check_env_passwd(passwd, length); + else if (is_passwd_default_enable()) + return check_default_passwd(passwd, length); + else + return -EINVAL; +} + +int set_env_passwd(unsigned char* passwd, size_t length) { struct digest *d; unsigned char *passwd_sum; @@ -292,10 +360,10 @@ int set_passwd(unsigned char* passwd, size_t length) d->final(d, passwd_sum); - ret = write_passwd(passwd_sum, d->length); + ret = write_env_passwd(passwd_sum, d->length); free(passwd_sum); return ret; } -EXPORT_SYMBOL(set_passwd); +EXPORT_SYMBOL(set_env_passwd); -- cgit v1.2.3