[RFC PATCH 09/13] discover/platform-powerpc: Read and write password hash from NVRAM

Samuel Mendoza-Jonas sam at mendozajonas.com
Thu Jun 28 16:41:47 AEST 2018 

If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.

Signed-off-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>
---
 discover/platform-powerpc.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c
index df8c7d6..34ddcd2 100644
--- a/discover/platform-powerpc.c
+++ b/discover/platform-powerpc.c
@@ -17,6 +17,7 @@
 #include <process/process.h>
 #include <types/types.h>
 #include <url/url.h>
+#include <crypt/crypt.h>
 
 #include "hostboot.h"
 #include "platform.h"
@@ -62,6 +63,7 @@ static const char *known_params[] = {
 	"petitboot,console",
 	"petitboot,http_proxy",
 	"petitboot,https_proxy",
+	"petitboot,password",
 	NULL,
 };
 
@@ -556,6 +558,12 @@ static void populate_config(struct platform_powerpc *platform,
 	val = get_param(platform, "petitboot,https_proxy");
 	if (val)
 		config->https_proxy = talloc_strdup(config, val);
+
+	val = get_param(platform, "petitboot,password");
+	if (val) {
+		if (crypt_set_password_hash(config, val))
+			pb_log("Failed to set password set in NVRAM\n");
+	}
 }
 
 static char *iface_config_str(void *ctx, struct interface_config *config)
@@ -1338,6 +1346,29 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
 	return 0;
 }
 
+static bool restrict_clients(struct platform *p)
+{
+	struct platform_powerpc *platform = to_platform_powerpc(p);
+
+	return get_param(platform, "petitboot,password") != NULL;
+}
+
+static int set_password(struct platform *p, char *password)
+{
+	struct platform_powerpc *platform = to_platform_powerpc(p);
+	const char *hash;
+
+	hash = crypt_hash_password(password);
+	if (!hash) {
+		pb_log("Could not obtain password hash\n");
+		return -1;
+	}
+
+	update_string_config(platform, "petitboot,password", hash);
+
+	return 0;
+}
+
 static bool probe(struct platform *p, void *ctx)
 {
 	struct platform_powerpc *platform;
@@ -1390,6 +1421,8 @@ static struct platform platform_powerpc = {
 	.save_config		= save_config,
 	.pre_boot		= pre_boot,
 	.get_sysinfo		= get_sysinfo,
+	.restrict_clients	= restrict_clients,
+	.set_password		= set_password,
 };
 
 register_platform(platform_powerpc);
-- 
2.18.0

More information about the Petitboot mailing list