From 50355554dc17182f80ff582daf9a680200830dcb Mon Sep 17 00:00:00 2001 From: Jean-Christophe PLAGNIOL-VILLARD Date: Mon, 16 Sep 2013 19:49:56 +0200 Subject: globalvar: add globalvar_add_simple_int/bool/enum/ip support so we can types var Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD Signed-off-by: Sascha Hauer --- common/globalvar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'common') diff --git a/common/globalvar.c b/common/globalvar.c index edb66ddca6..6ef4a6a680 100644 --- a/common/globalvar.c +++ b/common/globalvar.c @@ -6,7 +6,7 @@ #include #include -static struct device_d global_device = { +struct device_d global_device = { .name = "global", .id = DEVICE_ID_SINGLE, }; -- cgit v1.2.3 From bb89ea62a0b7e5c6fcedfe1a28b6dd82236247ce Mon Sep 17 00:00:00 2001 From: Jean-Christophe PLAGNIOL-VILLARD Date: Mon, 16 Sep 2013 19:49:58 +0200 Subject: login: disable input console if password wrong so we guarantee that barebox is secured again user interaction Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD Signed-off-by: Sascha Hauer --- commands/login.c | 6 +++++- common/console.c | 6 ++++++ common/console_common.c | 33 +++++++++++++++++++++++++++++++++ common/console_simple.c | 7 +++++++ common/startup.c | 2 ++ include/console.h | 3 +++ 6 files changed, 56 insertions(+), 1 deletion(-) (limited to 'common') diff --git a/commands/login.c b/commands/login.c index 485def2bcd..b616bf15fc 100644 --- a/commands/login.c +++ b/commands/login.c @@ -24,6 +24,7 @@ #include #include #include +#include #define PASSWD_MAX_LENGTH (128 + 1) @@ -44,6 +45,7 @@ static int do_login(int argc, char *argv[]) int timeout = login_timeout; char *timeout_cmd = "boot"; + console_allow_input(true); if (!is_passwd_enable()) { puts("login: password not set\n"); return 0; @@ -64,8 +66,10 @@ static int do_login(int argc, char *argv[]) puts("Password: "); passwd_len = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, timeout); - if (passwd_len < 0) + if (passwd_len < 0) { + console_allow_input(false); run_command(timeout_cmd, 0); + } if (check_passwd(passwd, passwd_len)) return 0; diff --git a/common/console.c b/common/console.c index 6ca94e2a02..49318291db 100644 --- a/common/console.c +++ b/common/console.c @@ -236,6 +236,9 @@ int getc(void) unsigned char ch; uint64_t start; + if (unlikely(!console_is_input_allow())) + return -EPERM; + /* * For 100us we read the characters from the serial driver * into a kfifo. This helps us not to lose characters @@ -270,6 +273,9 @@ EXPORT_SYMBOL(fgetc); int tstc(void) { + if (unlikely(!console_is_input_allow())) + return 0; + return kfifo_len(console_input_fifo) || tstc_raw(); } EXPORT_SYMBOL(tstc); diff --git a/common/console_common.c b/common/console_common.c index d139d1a8fe..d1b823ef8a 100644 --- a/common/console_common.c +++ b/common/console_common.c @@ -21,9 +21,42 @@ #include #include #include +#include +#include +#include +#include +#include +#include #ifndef CONFIG_CONSOLE_NONE +static int console_input_allow; + +static int console_global_init(void) +{ + if (IS_ENABLED(CONFIG_CMD_LOGIN) && is_passwd_enable()) + console_input_allow = 0; + else + console_input_allow = 1; + + globalvar_add_simple_bool("console.input_allow", &console_input_allow); + + return 0; +} +late_initcall(console_global_init); + +BAREBOX_MAGICVAR_NAMED(global_console_input_allow, global.console.input_allow, "console input allowed"); + +bool console_is_input_allow(void) +{ + return console_input_allow; +} + +void console_allow_input(bool val) +{ + console_input_allow = val; +} + int printf(const char *fmt, ...) { va_list args; diff --git a/common/console_simple.c b/common/console_simple.c index 101064b69a..5c80dcdf1e 100644 --- a/common/console_simple.c +++ b/common/console_simple.c @@ -3,6 +3,7 @@ #include #include #include +#include LIST_HEAD(console_list); EXPORT_SYMBOL(console_list); @@ -40,6 +41,9 @@ EXPORT_SYMBOL(console_putc); int tstc(void) { + if (unlikely(!console_is_input_allow())) + return 0; + if (!console) return 0; @@ -49,6 +53,9 @@ EXPORT_SYMBOL(tstc); int getc(void) { + if (unlikely(!console_is_input_allow())) + return -EPERM; + if (!console) return -EINVAL; return console->getc(console); diff --git a/common/startup.c b/common/startup.c index 9b33a92c86..0a36c07aae 100644 --- a/common/startup.c +++ b/common/startup.c @@ -138,6 +138,8 @@ void __noreturn start_barebox(void) run_command("source /env/bin/init", 0); } else { pr_err("/env/bin/init not found\n"); + if (IS_ENABLED(CONFIG_CMD_LOGIN)) + while(run_command("login -t 0", 0)); } } diff --git a/include/console.h b/include/console.h index 72cf99f55b..e94c5aec75 100644 --- a/include/console.h +++ b/include/console.h @@ -54,4 +54,7 @@ extern struct list_head console_list; #define CFG_PBSIZE (CONFIG_CBSIZE+sizeof(CONFIG_PROMPT)+16) +bool console_is_input_allow(void); +void console_allow_input(bool val); + #endif -- cgit v1.2.3 From 892c00584937426742a79b12243776a54980c087 Mon Sep 17 00:00:00 2001 From: Jean-Christophe PLAGNIOL-VILLARD Date: Mon, 16 Sep 2013 19:49:59 +0200 Subject: login/passwd: add default password support even if the env is broken you will have a password Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD Signed-off-by: Sascha Hauer --- commands/passwd.c | 8 ++--- common/Kconfig | 5 +++ common/Makefile | 20 ++++++++++++ common/password.c | 94 ++++++++++++++++++++++++++++++++++++++++++++++-------- include/password.h | 22 ++++++++++--- 5 files changed, 127 insertions(+), 22 deletions(-) (limited to 'common') diff --git a/commands/passwd.c b/commands/passwd.c index baccfa6c0c..368c4016b9 100644 --- a/commands/passwd.c +++ b/commands/passwd.c @@ -63,7 +63,7 @@ static int do_passwd(int argc, char *argv[]) goto err; } - ret = set_passwd(passwd1, passwd1_len); + ret = set_env_passwd(passwd1, passwd1_len); if (ret < 0) { puts("Sorry, passwords write failed\n"); @@ -78,15 +78,15 @@ err: return 1; disable: - passwd_disable(); + passwd_env_disable(); puts("passwd: password disabled\n"); return ret; } static const __maybe_unused char cmd_passwd_help[] = "Usage: passwd\n" -"passwd allow you to specify a password\n" -"to disable it put an empty password\n" +"passwd allow you to specify a password in the env\n" +"to disable it put an empty password will still use the default password if set\n" ; BAREBOX_CMD_START(passwd) diff --git a/common/Kconfig b/common/Kconfig index dd705782ab..5d922847e8 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -385,6 +385,11 @@ config PASSWORD help allow you to have password protection framework +config PASSWORD_DEFAULT + string + prompt "Password default" + depends on PASSWORD + if PASSWORD choice diff --git a/common/Makefile b/common/Makefile index 64eacc3047..9a9e3fe7d9 100644 --- a/common/Makefile +++ b/common/Makefile @@ -114,6 +114,26 @@ cmd_env_h = cat $< | (cd $(obj) && $(objtree)/scripts/bin2c default_environment) $(obj)/barebox_default_env.h: $(obj)/barebox_default_env$(barebox_default_env_comp) FORCE $(call if_changed,env_h) +quiet_cmd_pwd_h = PWDH $@ +ifneq ($(CONFIG_PASSWORD_DEFAULT),"") +PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f) +cmd_pwd_h = echo -n "const char default_passwd[] = \"" > $@; \ + cat $< | tr -d '\n' >> $@; \ + echo "\";" >> $@ + +include/generated/passwd.h: $(PASSWD_FILE) + $(call if_changed,pwd_h) +else +cmd_pwd_h = echo "const char default_passwd[] = \"\";" > $@ + +include/generated/passwd.h: FORCE + $(call if_changed,pwd_h) +endif + +targets += include/generated/passwd.h + +$(obj)/password.o: include/generated/passwd.h + # dependencies on generated files need to be listed explicitly $(obj)/version.o: include/generated/compile.h diff --git a/common/password.c b/common/password.c index d157a11b7b..9c1e54a359 100644 --- a/common/password.c +++ b/common/password.c @@ -25,6 +25,7 @@ #include #include #include +#include #if defined(CONFIG_PASSWD_SUM_MD5) #define PASSWD_SUM "md5" @@ -97,7 +98,13 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout) } EXPORT_SYMBOL(password); -int is_passwd_enable(void) +int is_passwd_default_enable(void) +{ + return strlen(default_passwd) > 0; +} +EXPORT_SYMBOL(is_passwd_default_enable); + +int is_passwd_env_enable(void) { int fd; @@ -110,13 +117,13 @@ int is_passwd_enable(void) return 1; } -EXPORT_SYMBOL(is_passwd_enable); +EXPORT_SYMBOL(is_passwd_env_enable); -int passwd_disable(void) +int passwd_env_disable(void) { return unlink(PASSWD_FILE); } -EXPORT_SYMBOL(passwd_disable); +EXPORT_SYMBOL(passwd_env_disable); static unsigned char to_digit(unsigned char c) { @@ -139,6 +146,43 @@ static unsigned char to_hexa(unsigned char c) } int read_passwd(unsigned char *sum, size_t length) +{ + if (is_passwd_env_enable()) + return read_env_passwd(sum, length); + else if (is_passwd_default_enable()) + return read_default_passwd(sum, length); + else + return -EINVAL; +} + +int read_default_passwd(unsigned char *sum, size_t length) +{ + int i = 0; + int len = strlen(default_passwd); + unsigned char *buf = (unsigned char *)default_passwd; + unsigned char c; + + if (!sum || length < 1) + return -EINVAL; + + for (i = 0; i < len && length > 0; i++) { + c = buf[i]; + i++; + + *sum = to_digit(c) << 4; + + c = buf[i]; + + *sum |= to_digit(c); + sum++; + length--; + } + + return 0; +} +EXPORT_SYMBOL(read_default_passwd); + +int read_env_passwd(unsigned char *sum, size_t length) { int fd; int ret = 0; @@ -178,9 +222,9 @@ exit: return ret; } -EXPORT_SYMBOL(read_passwd); +EXPORT_SYMBOL(read_env_passwd); -int write_passwd(unsigned char *sum, size_t length) +int write_env_passwd(unsigned char *sum, size_t length) { int fd; unsigned char c; @@ -227,9 +271,9 @@ exit: return ret; } -EXPORT_SYMBOL(write_passwd); +EXPORT_SYMBOL(write_env_passwd); -int check_passwd(unsigned char* passwd, size_t length) +static int __check_passwd(unsigned char* passwd, size_t length, int std) { struct digest *d; unsigned char *passwd1_sum; @@ -256,7 +300,10 @@ int check_passwd(unsigned char* passwd, size_t length) d->final(d, passwd1_sum); - ret = read_passwd(passwd2_sum, d->length); + if (std) + ret = read_env_passwd(passwd2_sum, d->length); + else + ret = read_default_passwd(passwd2_sum, d->length); if (ret < 0) goto err2; @@ -271,9 +318,30 @@ err1: return ret; } -EXPORT_SYMBOL(check_passwd); -int set_passwd(unsigned char* passwd, size_t length) +int check_default_passwd(unsigned char* passwd, size_t length) +{ + return __check_passwd(passwd, length, 0); +} +EXPORT_SYMBOL(check_default_passwd); + +int check_env_passwd(unsigned char* passwd, size_t length) +{ + return __check_passwd(passwd, length, 1); +} +EXPORT_SYMBOL(check_env_passwd); + +int check_passwd(unsigned char* passwd, size_t length) +{ + if (is_passwd_env_enable()) + return check_env_passwd(passwd, length); + else if (is_passwd_default_enable()) + return check_default_passwd(passwd, length); + else + return -EINVAL; +} + +int set_env_passwd(unsigned char* passwd, size_t length) { struct digest *d; unsigned char *passwd_sum; @@ -292,10 +360,10 @@ int set_passwd(unsigned char* passwd, size_t length) d->final(d, passwd_sum); - ret = write_passwd(passwd_sum, d->length); + ret = write_env_passwd(passwd_sum, d->length); free(passwd_sum); return ret; } -EXPORT_SYMBOL(set_passwd); +EXPORT_SYMBOL(set_env_passwd); diff --git a/include/password.h b/include/password.h index df03cd7561..0dd1054054 100644 --- a/include/password.h +++ b/include/password.h @@ -28,11 +28,23 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout); int read_passwd(unsigned char *sum, size_t length); -int write_passwd(unsigned char *sum, size_t length); - -int is_passwd_enable(void); -int passwd_disable(void); int check_passwd(unsigned char* passwd, size_t length); -int set_passwd(unsigned char* passwd, size_t length); + +int read_env_passwd(unsigned char *sum, size_t length); +int write_env_passwd(unsigned char *sum, size_t length); + +int read_default_passwd(unsigned char *sum, size_t length); +int is_passwd_default_enable(void); +int check_default_passwd(unsigned char* passwd, size_t length); + +int is_passwd_env_enable(void); +int passwd_env_disable(void); +int check_env_passwd(unsigned char* passwd, size_t length); +int set_env_passwd(unsigned char* passwd, size_t length); + +static inline int is_passwd_enable(void) +{ + return is_passwd_default_enable() || is_passwd_env_enable(); +} #endif /* __PASSWORD_H__ */ -- cgit v1.2.3 From 666f12e0c19a19f4431e05f6e5b37e657a62038f Mon Sep 17 00:00:00 2001 From: Sascha Hauer Date: Thu, 7 Feb 2013 13:47:26 +0100 Subject: introduce runtime loglevel With this the verbosity of barebox can be controlled during runtime using the 'loglevel' globalvar. Signed-off-by: Sascha Hauer --- common/Kconfig | 18 +++++++++++++++++- common/console_common.c | 27 +++++++++++++++++++++++++++ drivers/base/driver.c | 6 +++++- include/console.h | 2 ++ include/printk.h | 9 ++++++--- 5 files changed, 57 insertions(+), 5 deletions(-) (limited to 'common') diff --git a/common/Kconfig b/common/Kconfig index 5d922847e8..87abaf0b27 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -607,7 +607,7 @@ endmenu menu "Debugging" config COMPILE_LOGLEVEL - int "loglevel" + int "compile loglevel" default 6 help This defines the maximum loglevel compiled into the binary. Less important @@ -622,6 +622,22 @@ config COMPILE_LOGLEVEL 6 informational (info) 7 debug-level messages (debug) +config DEFAULT_LOGLEVEL + int "default loglevel" + default 7 + help + This defines the default runtime loglevel. It can be changed using the + global.loglevel variable. Available logelevels are: + + 0 system is unusable (emerg) + 1 action must be taken immediately (alert) + 2 critical conditions (crit) + 3 error conditions (err) + 4 warning conditions (warn) + 5 normal but significant condition (notice) + 6 informational (info) + 7 debug-level messages (debug) + config DEBUG_INFO bool prompt "enable debug symbols" diff --git a/common/console_common.c b/common/console_common.c index d1b823ef8a..18b76766d6 100644 --- a/common/console_common.c +++ b/common/console_common.c @@ -57,6 +57,33 @@ void console_allow_input(bool val) console_input_allow = val; } +int barebox_loglevel = CONFIG_DEFAULT_LOGLEVEL; + +int pr_print(int level, const char *fmt, ...) +{ + va_list args; + uint i; + char printbuffer[CFG_PBSIZE]; + + if (level > barebox_loglevel) + return 0; + + va_start(args, fmt); + i = vsprintf(printbuffer, fmt, args); + va_end(args); + + /* Print the string */ + puts(printbuffer); + + return i; +} + +static int loglevel_init(void) +{ + return globalvar_add_simple_int("loglevel", &barebox_loglevel, "%d"); +} +device_initcall(loglevel_init); + int printf(const char *fmt, ...) { va_list args; diff --git a/drivers/base/driver.c b/drivers/base/driver.c index 16b7f06c4a..e587e3acc1 100644 --- a/drivers/base/driver.c +++ b/drivers/base/driver.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -370,11 +371,14 @@ const char *dev_id(const struct device_d *dev) return buf; } -int dev_printf(const struct device_d *dev, const char *format, ...) +int dev_printf(int level, const struct device_d *dev, const char *format, ...) { va_list args; int ret = 0; + if (level > barebox_loglevel) + return 0; + if (dev->driver && dev->driver->name) ret += printf("%s ", dev->driver->name); diff --git a/include/console.h b/include/console.h index e94c5aec75..393579bb7f 100644 --- a/include/console.h +++ b/include/console.h @@ -57,4 +57,6 @@ extern struct list_head console_list; bool console_is_input_allow(void); void console_allow_input(bool val); +extern int barebox_loglevel; + #endif diff --git a/include/printk.h b/include/printk.h index 86bf208425..f550f07bb8 100644 --- a/include/printk.h +++ b/include/printk.h @@ -18,12 +18,15 @@ /* debugging and troubleshooting/diagnostic helpers. */ -int dev_printf(const struct device_d *dev, const char *format, ...) +int pr_print(int level, const char *format, ...) __attribute__ ((format(__printf__, 2, 3))); +int dev_printf(int level, const struct device_d *dev, const char *format, ...) + __attribute__ ((format(__printf__, 3, 4))); + #define __dev_printf(level, dev, format, args...) \ ({ \ - (level) <= LOGLEVEL ? dev_printf((dev), (format), ##args) : 0; \ + (level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \ }) @@ -46,7 +49,7 @@ int dev_printf(const struct device_d *dev, const char *format, ...) #define __pr_printk(level, format, args...) \ ({ \ - (level) <= LOGLEVEL ? printk((format), ##args) : 0; \ + (level) <= LOGLEVEL ? pr_print((level), (format), ##args) : 0; \ }) #ifndef pr_fmt -- cgit v1.2.3