diff options
author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-06-19 16:51:50 +1000 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-12-03 14:39:57 +1100 |
commit | 1b72d21bc3713b6c82f56e31e84413e0956fa4ed (patch) | |
tree | eaa2c5ee39c3f5748d212d3dd1bb3adf9c835a59 | |
parent | 121d6bb265e991a237e9d07cfd84eed5a3ce3d57 (diff) | |
download | talos-petitboot-1b72d21bc3713b6c82f56e31e84413e0956fa4ed.tar.gz talos-petitboot-1b72d21bc3713b6c82f56e31e84413e0956fa4ed.zip |
discover/platform-powerpc: Read and write password hash from NVRAM
If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
-rw-r--r-- | discover/platform-powerpc.c | 29 | ||||
-rw-r--r-- | lib/param_list/param_list.c | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c index a3f7bf5..a43dd67 100644 --- a/discover/platform-powerpc.c +++ b/discover/platform-powerpc.c @@ -14,6 +14,7 @@ #include <list/list.h> #include <log/log.h> #include <process/process.h> +#include <crypt/crypt.h> #include "hostboot.h" #include "platform.h" @@ -598,6 +599,7 @@ err: static int load_config(struct platform *p, struct config *config) { struct platform_powerpc *platform = to_platform_powerpc(p); + const char *hash; int rc; rc = parse_nvram(platform); @@ -622,6 +624,14 @@ static int load_config(struct platform *p, struct config *config) config_get_active_consoles(config); + + hash = param_list_get_value(platform->params, "petitboot,password"); + if (hash) { + rc = crypt_set_password_hash(platform, hash); + if (rc) + pb_log("Failed to set password hash\n"); + } + return 0; } @@ -689,6 +699,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo) return 0; } +static bool restrict_clients(struct platform *p) +{ + struct platform_powerpc *platform = to_platform_powerpc(p); + + return param_list_get_value(platform->params, "petitboot,password") != NULL; +} + +static int set_password(struct platform *p, const char *hash) +{ + struct platform_powerpc *platform = to_platform_powerpc(p); + + param_list_set(platform->params, "petitboot,password", hash, true); + write_nvram(platform); + + return 0; +} + static bool probe(struct platform *p, void *ctx) { struct platform_powerpc *platform; @@ -742,6 +769,8 @@ static struct platform platform_powerpc = { .save_config = save_config, .pre_boot = pre_boot, .get_sysinfo = get_sysinfo, + .restrict_clients = restrict_clients, + .set_password = set_password, }; register_platform(platform_powerpc); diff --git a/lib/param_list/param_list.c b/lib/param_list/param_list.c index b3a45f8..9a01be6 100644 --- a/lib/param_list/param_list.c +++ b/lib/param_list/param_list.c @@ -22,6 +22,7 @@ const char **common_known_params(void) "petitboot,console", "petitboot,http_proxy", "petitboot,https_proxy", + "petitboot,password", NULL, }; |