discover/platform-powerpc: Read and write password hash from NVRAM

[petitboot] / discover / platform-powerpc.c

diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c
index 84e18ccca5c51e73edc93585cbefe1a30b822598..a43dd676494a18e28dab0ea53b7029898644e07d 100644 (file)
--- a/discover/platform-powerpc.c
+++ b/discover/platform-powerpc.c
@@ -14,6 +14,7 @@
 #include <list/list.h>
 #include <log/log.h>
 #include <process/process.h>
+#include <crypt/crypt.h>
 
 #include "hostboot.h"
 #include "platform.h"
@@ -25,9 +26,8 @@ static const char *sysparams_dir = "/sys/firmware/opal/sysparams/";
 static const char *devtree_dir = "/proc/device-tree/";
 
 struct platform_powerpc {
-       struct param_list params;
+       struct param_list *params;
        struct ipmi     *ipmi;
-       bool            ipmi_bootdev_persistent;
        int             (*get_ipmi_bootdev)(
                                struct platform_powerpc *platform,
                                uint8_t *bootdev, bool *persistent);
@@ -89,13 +89,13 @@ static int parse_nvram_params(struct platform_powerpc *platform,
                if (namelen == 0)
                        continue;
 
-               if (!param_list_is_known_n(&platform->params, name, namelen))
+               if (!param_list_is_known_n(platform->params, name, namelen))
                        continue;
 
                *value = '\0';
                value++;
 
-               param_list_set(&platform->params, name, value, false);
+               param_list_set(platform->params, name, value, false);
        }
 
        return 0;
@@ -145,7 +145,7 @@ static int write_nvram(struct platform_powerpc *platform)
        process->path = "nvram";
        process->argv = argv;
 
-       param_list_for_each(&platform->params, param) {
+       param_list_for_each(platform->params, param) {
                char *paramstr;
 
                if (!param->modified)
@@ -368,6 +368,7 @@ static int get_ipmi_bootdev_ipmi(struct platform_powerpc *platform,
 {
        uint16_t resp_len;
        uint8_t resp[8];
+       char *debug_buf;
        int rc;
        uint8_t req[] = {
                0x05, /* parameter selector: boot flags */
@@ -392,10 +393,9 @@ static int get_ipmi_bootdev_ipmi(struct platform_powerpc *platform,
                return -1;
        }
 
-       pb_debug("IPMI get_bootdev response:\n");
-       for (int i = 0; i < resp_len; i++)
-               pb_debug("%x ", resp[i]);
-       pb_debug("\n");
+       debug_buf = format_buffer(platform, resp, resp_len);
+       pb_debug_fn("IPMI get_bootdev response:\n%s\n", debug_buf);
+       talloc_free(debug_buf);
 
        if (resp[0] != 0) {
                pb_log("platform: non-zero completion code %d from IPMI req\n",
@@ -472,6 +472,7 @@ static void get_ipmi_network_override(struct platform_powerpc *platform,
        uint16_t min_len = 12, resp_len = 53, version;
        const uint32_t magic_value = 0x21706221;
        uint8_t resp[resp_len];
+       char *debug_buf;
        uint32_t cookie;
        bool persistent;
        int i, rc;
@@ -487,17 +488,9 @@ static void get_ipmi_network_override(struct platform_powerpc *platform,
                        resp, &resp_len,
                        ipmi_timeout);
 
-       pb_debug("IPMI net override resp [%d][%d]:\n", rc, resp_len);
-       if (resp_len > 0) {
-               for (i = 0; i < resp_len; i++) {
-                       pb_debug(" %02x", resp[i]);
-                       if (i && (i + 1) % 16 == 0 && i != resp_len - 1)
-                               pb_debug("\n");
-                       else if (i && (i + 1) % 8 == 0)
-                               pb_debug(" ");
-               }
-               pb_debug("\n");
-       }
+       debug_buf = format_buffer(platform, resp, resp_len);
+       pb_debug_fn("IPMI net override response:\n%s\n", debug_buf);
+       talloc_free(debug_buf);
 
        if (rc) {
                pb_debug("IPMI network config option unavailable\n");
@@ -562,7 +555,7 @@ static void get_ipmi_network_override(struct platform_powerpc *platform,
 
        if (!rc && persistent) {
                /* Write this new config to NVRAM */
-               params_update_network_values(&platform->params,
+               params_update_network_values(platform->params,
                        "petitboot,network", config);
                rc = write_nvram(platform);
                if (rc)
@@ -606,13 +599,14 @@ err:
 static int load_config(struct platform *p, struct config *config)
 {
        struct platform_powerpc *platform = to_platform_powerpc(p);
+       const char *hash;
        int rc;
 
        rc = parse_nvram(platform);
        if (rc)
                pb_log_fn("Failed to parse nvram\n");
 
-       config_populate_all(config, &platform->params);
+       config_populate_all(config, platform->params);
 
        if (platform->get_ipmi_bootdev) {
                bool bootdev_persistent;
@@ -630,6 +624,14 @@ static int load_config(struct platform *p, struct config *config)
 
        config_get_active_consoles(config);
 
+
+       hash = param_list_get_value(platform->params, "petitboot,password");
+       if (hash) {
+               rc = crypt_set_password_hash(platform, hash);
+               if (rc)
+                       pb_log("Failed to set password hash\n");
+       }
+
        return 0;
 }
 
@@ -649,7 +651,7 @@ static int save_config(struct platform *p, struct config *config)
        defaults = talloc_zero(platform, struct config);
        config_set_defaults(defaults);
 
-       params_update_all(&platform->params, config, defaults);
+       params_update_all(platform->params, config, defaults);
 
        talloc_free(defaults);
        return write_nvram(platform);
@@ -697,6 +699,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
        return 0;
 }
 
+static bool restrict_clients(struct platform *p)
+{
+       struct platform_powerpc *platform = to_platform_powerpc(p);
+
+       return param_list_get_value(platform->params, "petitboot,password") != NULL;
+}
+
+static int set_password(struct platform *p, const char *hash)
+{
+       struct platform_powerpc *platform = to_platform_powerpc(p);
+
+       param_list_set(platform->params, "petitboot,password", hash, true);
+       write_nvram(platform);
+
+       return 0;
+}
+
 static bool probe(struct platform *p, void *ctx)
 {
        struct platform_powerpc *platform;
@@ -713,7 +732,8 @@ static bool probe(struct platform *p, void *ctx)
                return false;
 
        platform = talloc_zero(ctx, struct platform_powerpc);
-       param_list_init(&platform->params, common_known_params());
+       platform->params = talloc_zero(platform, struct param_list);
+       param_list_init(platform->params, common_known_params());
 
        p->platform_data = platform;
 
@@ -749,6 +769,8 @@ static struct platform platform_powerpc = {
        .save_config            = save_config,
        .pre_boot               = pre_boot,
        .get_sysinfo            = get_sysinfo,
+       .restrict_clients       = restrict_clients,
+       .set_password           = set_password,
 };
 
 register_platform(platform_powerpc);