discover/platform-powerpc: Read and write password hash from NVRAM
authorSamuel Mendoza-Jonas <sam@mendozajonas.com>
Tue, 19 Jun 2018 06:51:50 +0000 (16:51 +1000)
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>
Mon, 3 Dec 2018 03:39:57 +0000 (14:39 +1100)
If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/platform-powerpc.c
lib/param_list/param_list.c

index a3f7bf53a7292b8728092cdb0a92de466190cf02..a43dd676494a18e28dab0ea53b7029898644e07d 100644 (file)
@@ -14,6 +14,7 @@
 #include <list/list.h>
 #include <log/log.h>
 #include <process/process.h>
+#include <crypt/crypt.h>
 
 #include "hostboot.h"
 #include "platform.h"
@@ -598,6 +599,7 @@ err:
 static int load_config(struct platform *p, struct config *config)
 {
        struct platform_powerpc *platform = to_platform_powerpc(p);
+       const char *hash;
        int rc;
 
        rc = parse_nvram(platform);
@@ -622,6 +624,14 @@ static int load_config(struct platform *p, struct config *config)
 
        config_get_active_consoles(config);
 
+
+       hash = param_list_get_value(platform->params, "petitboot,password");
+       if (hash) {
+               rc = crypt_set_password_hash(platform, hash);
+               if (rc)
+                       pb_log("Failed to set password hash\n");
+       }
+
        return 0;
 }
 
@@ -689,6 +699,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
        return 0;
 }
 
+static bool restrict_clients(struct platform *p)
+{
+       struct platform_powerpc *platform = to_platform_powerpc(p);
+
+       return param_list_get_value(platform->params, "petitboot,password") != NULL;
+}
+
+static int set_password(struct platform *p, const char *hash)
+{
+       struct platform_powerpc *platform = to_platform_powerpc(p);
+
+       param_list_set(platform->params, "petitboot,password", hash, true);
+       write_nvram(platform);
+
+       return 0;
+}
+
 static bool probe(struct platform *p, void *ctx)
 {
        struct platform_powerpc *platform;
@@ -742,6 +769,8 @@ static struct platform platform_powerpc = {
        .save_config            = save_config,
        .pre_boot               = pre_boot,
        .get_sysinfo            = get_sysinfo,
+       .restrict_clients       = restrict_clients,
+       .set_password           = set_password,
 };
 
 register_platform(platform_powerpc);
index b3a45f8b89c2c95db1fb1f403b1a0157768ae8b2..9a01be6ca819a1520bff200b5697caf769ef7ef1 100644 (file)
@@ -22,6 +22,7 @@ const char **common_known_params(void)
                "petitboot,console",
                "petitboot,http_proxy",
                "petitboot,https_proxy",
+               "petitboot,password",
                NULL,
        };