[PATCH 09/13] discover/platform-powerpc: Read and write password hash from NVRAM

Samuel Mendoza-Jonas sam at mendozajonas.com
Fri Nov 23 10:36:26 AEDT 2018 

If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.

Signed-off-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>
---
 discover/platform-powerpc.c | 29 +++++++++++++++++++++++++++++
 lib/param_list/param_list.c |  1 +
 2 files changed, 30 insertions(+)

diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c
index f8f33054..e9972399 100644
--- a/discover/platform-powerpc.c
+++ b/discover/platform-powerpc.c
@@ -14,6 +14,7 @@
 #include <list/list.h>
 #include <log/log.h>
 #include <process/process.h>
+#include <crypt/crypt.h>
 
 #include "hostboot.h"
 #include "platform.h"
@@ -599,6 +600,7 @@ err:
 static int load_config(struct platform *p, struct config *config)
 {
 	struct platform_powerpc *platform = to_platform_powerpc(p);
+	const char *hash;
 	int rc;
 
 	rc = parse_nvram(platform);
@@ -623,6 +625,14 @@ static int load_config(struct platform *p, struct config *config)
 
 	config_get_active_consoles(config);
 
+
+	hash = param_list_get_value(platform->params, "petitboot,password");
+	if (hash) {
+		rc = crypt_set_password_hash(platform, hash);
+		if (rc)
+			pb_log("Failed to set password hash\n");
+	}
+
 	return 0;
 }
 
@@ -690,6 +700,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
 	return 0;
 }
 
+static bool restrict_clients(struct platform *p)
+{
+	struct platform_powerpc *platform = to_platform_powerpc(p);
+
+	return param_list_get_value(platform->params, "petitboot,password") != NULL;
+}
+
+static int set_password(struct platform *p, const char *hash)
+{
+	struct platform_powerpc *platform = to_platform_powerpc(p);
+
+	param_list_set(platform->params, "petitboot,password", hash, true);
+	write_nvram(platform);
+
+	return 0;
+}
+
 static bool probe(struct platform *p, void *ctx)
 {
 	struct platform_powerpc *platform;
@@ -743,6 +770,8 @@ static struct platform platform_powerpc = {
 	.save_config		= save_config,
 	.pre_boot		= pre_boot,
 	.get_sysinfo		= get_sysinfo,
+	.restrict_clients	= restrict_clients,
+	.set_password		= set_password,
 };
 
 register_platform(platform_powerpc);
diff --git a/lib/param_list/param_list.c b/lib/param_list/param_list.c
index b3a45f8b..9a01be6c 100644
--- a/lib/param_list/param_list.c
+++ b/lib/param_list/param_list.c
@@ -22,6 +22,7 @@ const char **common_known_params(void)
 		"petitboot,console",
 		"petitboot,http_proxy",
 		"petitboot,https_proxy",
+		"petitboot,password",
 		NULL,
 	};
 
-- 
2.19.1

More information about the Petitboot mailing list