Merge branch 'root-passwd'

40be7948 · Alessandro Rubini · aa9e36ec · 1d385f03 · 40be7948 · 40be7948
Commit 40be7948 authored Jul 15, 2015 by Alessandro Rubini
8 changed files
--- a/Kconfig
+++ b/Kconfig
@@ -98,6 +98,37 @@ config ETH0_GATEWAY

 endmenu

+menu "Root Password"
+
+config ROOT_PWD_IS_ENCRYPTED
+	bool "Should this file include an encripted root password?"
+	help
+	  The root password, as set here, can be in clear text or
+	  encrypted. If it is specified as clear text, it is encrypted and
+	  stored in the switch at run time.  If it specified in pre-encrypted
+	  form, the string will just be copied in place. A clear-text
+	  password in dot-config is less safe against sniffers.
+
+config ROOT_PWD_CLEAR
+	string "The password to be used at run time"
+	depends on !ROOT_PWD_IS_ENCRYPTED
+	default ""
+	help
+	  The string to be encrypted at boot time by the switch itself,
+	  to later use normal ssh authentication. The empty string is
+	  allowed.
+
+config ROOT_PWD_CYPHER
+	string "The password to be used at run time"
+	depends on ROOT_PWD_IS_ENCRYPTED
+	help
+	  The actual pre-encrypted string. This is stored at run time
+	  into /etc/passwd, for ssh authenticazion. To create the
+	  string, please run "mkpasswd --method=md5 <password>"
+
+endmenu
+
+
 config NTP_SERVER
 	string "IP address of local NTP server (empty for none)"
 	help

--- a/userspace/rootfs_override/wr/bin/apply_dot-config
+++ b/userspace/rootfs_override/wr/bin/apply_dot-config
@@ -42,6 +42,18 @@ fi

 ##### Actual configuration actions start here.

+# Root password
+passwd=""
+if [ ! -z "$CONFIG_ROOT_PWD_CLEAR" ]; then
+    passwd=$(mkpasswd --method=md5 "$CONFIG_ROOT_PWD_CLEAR")
+fi
+if [ ! -z "$CONFIG_ROOT_PWD_CYPHER" ]; then
+    passwd="$CONFIG_ROOT_PWD_CYPHER"
+fi
+if [ ! -z "$passwd" ]; then
+    sed -i "s,^root:[^:]*:,root:$passwd:," /etc/shadow
+fi
+
 # A non-existent wr_date.conf means no NTP. So "rm" if unconfigured
 if [ ! -z "$CONFIG_NTP_SERVER" ]; then
    echo "ntpserver $CONFIG_NTP_SERVER" > $T

--- a/userspace/tools/.gitignore
+++ b/userspace/tools/.gitignore
@@ -20,3 +20,4 @@ sdb-read
 nbtee
 wrs_auxclk
 wrs_checkcfg
+mkpasswd
--- a/userspace/tools/Makefile
+++ b/userspace/tools/Makefile
@@ -7,7 +7,7 @@ TOOLS += nbtee
 TOOLS += wrs_auxclk
 TOOLS += wrs_checkcfg
 TOOLS += wrs_status_led
-
+TOOLS += mkpasswd
 PPSI_CONFIG = ../ppsi/include/generated/autoconf.h

 WR_INSTALL_ROOT ?= /usr/lib/white-rabbit
@@ -77,3 +77,5 @@ install: all
 	install -d $(WR_INSTALL_ROOT)/bin
 	install $(TOOLS) $(WR_INSTALL_ROOT)/bin

+mkpasswd: mkpasswd.o utils.o
+	${CC} -o $@ $^ $(LDFLAGS) -lcrypt
--- a/userspace/tools/config.h
+++ b/userspace/tools/config.h
+/* Program version */
+#define VERSION "5.0.26"
+
+/* Configurable features */
+
+/* Always hide legal disclaimers */
+#undef ALWAYS_HIDE_DISCL
+
+/* Default server */
+#define DEFAULTSERVER   "whois.arin.net"
+
+/* Configuration file */
+/*
+#define CONFIG_FILE "/etc/whois.conf"
+*/
+
+
+/* autoconf in cpp macros */
+#ifdef linux
+# undef ENABLE_NLS
+#endif
+
+#ifdef __FreeBSD__
+/* which versions? */
+# define HAVE_GETOPT_LONG
+# define HAVE_GETADDRINFO
+# define ENABLE_NLS
+# ifndef LOCALEDIR
+#  define LOCALEDIR "/usr/local/share/locale"
+# endif
+#endif
+
+/* needs unistd.h */
+#if defined _POSIX_C_SOURCE && _POSIX_C_SOURCE >= 200112L
+# define HAVE_GETADDRINFO
+# define HAVE_REGEXEC
+#endif
+
+#if defined __APPLE__ && defined __MACH__
+# define HAVE_GETOPT_LONG
+# define HAVE_GETADDRINFO
+#endif
+
+#if defined __GLIBC__
+# define HAVE_GETOPT_LONG
+# if __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 1
+#  define HAVE_GETADDRINFO
+# endif
+# if __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 7
+#  define HAVE_SHA_CRYPT
+# endif
+#endif
+
+/* Unknown versions of Solaris */
+#if defined __SVR4 && defined __sun
+# define HAVE_SHA_CRYPT
+# define HAVE_SOLARIS_CRYPT_GENSALT
+#endif
+
+/* FIXME: which systems lack this? */
+#define HAVE_GETTIMEOFDAY
+/* FIXME: disabled because it does not parse addresses with a netmask length.
+ * The code using it needs to be either fixed or removed.
+#define HAVE_INET_PTON
+*/
+
+/*
+ * Please send patches to correctly ignore old releases which lack a RNG
+ * and add more systems which have one.
+ */
+#ifdef RANDOM_DEVICE
+#elif defined __GLIBC__ \
+	|| defined __FreeBSD__ || defined __NetBSD__ || defined __OpenBSD__ \
+	/* AIX >= 5.2? */ \
+	|| defined _AIX52 \
+	/* HP-UX >= B.11.11.09? */ \
+	|| defined  __hpux \
+	/* OS X: */ \
+	|| (defined __APPLE__ && defined __MACH__) \
+	/* Solaris >= 9 (this is >= 7): */ \
+	|| (defined __SVR4 && defined __sun && defined SUSv2) \
+	/* Tru64 UNIX >= 5.1B? */ \
+	|| defined __osf
+# define RANDOM_DEVICE "/dev/urandom"
+#endif
+
+#ifdef ENABLE_NLS
+# ifndef NLS_CAT_NAME
+#  define NLS_CAT_NAME   "whois"
+# endif
+# ifndef LOCALEDIR
+#  define LOCALEDIR     "/usr/share/locale"
+# endif
+#endif
+
--- a/userspace/tools/mkpasswd.c
+++ b/userspace/tools/mkpasswd.c
--- a/userspace/tools/utils.c
+++ b/userspace/tools/utils.c
+/*
+ * Copyright 1999-2008 by Marco d'Itri <md@linux.it>.
+ *
+ * do_nofail and merge_args come from the module-init-tools package.
+ * Copyright 2001 by Rusty Russell.
+ * Copyright 2002, 2003 by Rusty Russell, IBM Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* for strdup */
+#define _XOPEN_SOURCE 500
+
+/* System library */
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+
+/* Application-specific */
+#include "utils.h"
+
+void *do_nofail(void *ptr, const char *file, const int line)
+{
+    if (ptr)
+	return ptr;
+
+    err_quit("Memory allocation failure at %s:%d.", file, line);
+}
+
+/* Prepend options from a string. */
+char **merge_args(char *args, char *argv[], int *argc)
+{
+    char *arg, *argstring;
+    char **newargs = NULL;
+    unsigned int i, num_env = 0;
+
+    if (!args)
+	return argv;
+
+    argstring = NOFAIL(strdup(args));
+    for (arg = strtok(argstring, " "); arg; arg = strtok(NULL, " ")) {
+	num_env++;
+	newargs = NOFAIL(realloc(newargs,
+		    sizeof(newargs[0]) * (num_env + *argc + 1)));
+	newargs[num_env] = arg;
+    }
+
+    if (!newargs)
+	return argv;
+
+    /* Append commandline args */
+    newargs[0] = argv[0];
+    for (i = 1; i <= *argc; i++)
+	newargs[num_env + i] = argv[i];
+
+    *argc += num_env;
+    return newargs;
+}
+
+/* Error routines */
+void err_sys(const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    vfprintf(stderr, fmt, ap);
+    fprintf(stderr, ": %s\n", strerror(errno));
+    va_end(ap);
+    exit(2);
+}
+
+void err_quit(const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    vfprintf(stderr, fmt, ap);
+    fputs("\n", stderr);
+    va_end(ap);
+    exit(2);
+}
+
--- a/userspace/tools/utils.h
+++ b/userspace/tools/utils.h
+#ifndef WHOIS_UTILS_H
+#define WHOIS_UTILS_H
+
+/* Convenience macros */
+#define streq(a, b) (strcmp(a, b) == 0)
+#define strcaseeq(a, b) (strcasecmp(a, b) == 0)
+#define strneq(a, b, n) (strncmp(a, b, n) == 0)
+#define strncaseeq(a, b, n) (strncasecmp(a, b, n) == 0)
+
+#define NOFAIL(ptr) do_nofail((ptr), __FILE__, __LINE__)
+
+/* Portability macros */
+#ifdef __GNUC__
+# define NORETURN __attribute__((noreturn))
+#else
+# define NORETURN
+#endif
+
+#ifndef AI_IDN
+# define AI_IDN 0
+#endif
+
+#ifndef AI_ADDRCONFIG
+# define AI_ADDRCONFIG 0
+#endif
+
+#ifdef HAVE_GETOPT_LONG
+# define GETOPT_LONGISH(c, v, o, l, i) getopt_long(c, v, o, l, i)
+#else
+# define GETOPT_LONGISH(c, v, o, l, i) getopt(c, v, o)
+#endif
+
+#ifdef ENABLE_NLS
+# include <libintl.h>
+# include <locale.h>
+# define _(a) (gettext(a))
+# ifdef gettext_noop
+#  define N_(a) gettext_noop(a)
+# else
+#  define N_(a) (a)
+# endif
+#else
+# define _(a) (a)
+# define N_(a) (a)
+# define ngettext(a, b, c) ((c==1) ? (a) : (b))
+#endif
+
+
+/* Prototypes */
+void *do_nofail(void *ptr, const char *file, const int line);
+char **merge_args(char *args, char *argv[], int *argc);
+
+void err_quit(const char *fmt, ...) NORETURN;
+void err_sys(const char *fmt, ...) NORETURN;
+
+#endif