summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-06-19 16:51:50 +1000
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-12-03 14:39:57 +1100
commit1b72d21bc3713b6c82f56e31e84413e0956fa4ed (patch)
treeeaa2c5ee39c3f5748d212d3dd1bb3adf9c835a59
parent121d6bb265e991a237e9d07cfd84eed5a3ce3d57 (diff)
downloadtalos-petitboot-1b72d21bc3713b6c82f56e31e84413e0956fa4ed.zip
talos-petitboot-1b72d21bc3713b6c82f56e31e84413e0956fa4ed.tar.gz
discover/platform-powerpc: Read and write password hash from NVRAM
If petitboot,password exists set it as the root password. This will be the password used to authenticate clients. This is the *hash* of a password as it would appear in /etc/shadow, not the password itself. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
-rw-r--r--discover/platform-powerpc.c29
-rw-r--r--lib/param_list/param_list.c1
2 files changed, 30 insertions, 0 deletions
diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c
index a3f7bf5..a43dd67 100644
--- a/discover/platform-powerpc.c
+++ b/discover/platform-powerpc.c
@@ -14,6 +14,7 @@
#include <list/list.h>
#include <log/log.h>
#include <process/process.h>
+#include <crypt/crypt.h>
#include "hostboot.h"
#include "platform.h"
@@ -598,6 +599,7 @@ err:
static int load_config(struct platform *p, struct config *config)
{
struct platform_powerpc *platform = to_platform_powerpc(p);
+ const char *hash;
int rc;
rc = parse_nvram(platform);
@@ -622,6 +624,14 @@ static int load_config(struct platform *p, struct config *config)
config_get_active_consoles(config);
+
+ hash = param_list_get_value(platform->params, "petitboot,password");
+ if (hash) {
+ rc = crypt_set_password_hash(platform, hash);
+ if (rc)
+ pb_log("Failed to set password hash\n");
+ }
+
return 0;
}
@@ -689,6 +699,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
return 0;
}
+static bool restrict_clients(struct platform *p)
+{
+ struct platform_powerpc *platform = to_platform_powerpc(p);
+
+ return param_list_get_value(platform->params, "petitboot,password") != NULL;
+}
+
+static int set_password(struct platform *p, const char *hash)
+{
+ struct platform_powerpc *platform = to_platform_powerpc(p);
+
+ param_list_set(platform->params, "petitboot,password", hash, true);
+ write_nvram(platform);
+
+ return 0;
+}
+
static bool probe(struct platform *p, void *ctx)
{
struct platform_powerpc *platform;
@@ -742,6 +769,8 @@ static struct platform platform_powerpc = {
.save_config = save_config,
.pre_boot = pre_boot,
.get_sysinfo = get_sysinfo,
+ .restrict_clients = restrict_clients,
+ .set_password = set_password,
};
register_platform(platform_powerpc);
diff --git a/lib/param_list/param_list.c b/lib/param_list/param_list.c
index b3a45f8..9a01be6 100644
--- a/lib/param_list/param_list.c
+++ b/lib/param_list/param_list.c
@@ -22,6 +22,7 @@ const char **common_known_params(void)
"petitboot,console",
"petitboot,http_proxy",
"petitboot,https_proxy",
+ "petitboot,password",
NULL,
};
OpenPOWER on IntegriCloud