diff --git a/commands/Kconfig b/commands/Kconfig index 25ed9dd..630cb12 100644 --- a/commands/Kconfig +++ b/commands/Kconfig @@ -928,7 +928,7 @@ config CMD_MD5SUM tristate select COMPILE_HASH - select MD5 + select DIGEST_MD5_GENERIC prompt "md5sum" help Usage: md5sum FILE|AREA... @@ -993,7 +993,7 @@ config CMD_SHA1SUM tristate select COMPILE_HASH - select SHA1 + select DIGEST_SHA1_GENERIC prompt "sha1sum" help Calculate SHA1 digest @@ -1005,7 +1005,7 @@ config CMD_SHA224SUM tristate select COMPILE_HASH - select SHA224 + select DIGEST_SHA224_GENERIC prompt "sha224sum" help Calculate SHA224 digest @@ -1017,7 +1017,7 @@ config CMD_SHA256SUM tristate select COMPILE_HASH - select SHA256 + select DIGEST_SHA256_GENERIC prompt "sha256sum" help sha256sum - calculate SHA256 digest @@ -1029,7 +1029,7 @@ config CMD_SHA384SUM tristate select COMPILE_HASH - select SHA384 + select DIGEST_SHA384_GENERIC prompt "sha384sum" help Calculate SHA384 digest @@ -1041,7 +1041,7 @@ config CMD_SHA512SUM tristate select COMPILE_HASH - select SHA512 + select DIGEST_SHA512_GENERIC prompt "sha512sum" help sha512sum - calculate SHA512 digest diff --git a/commands/login.c b/commands/login.c index bf5085c..58bb592 100644 --- a/commands/login.c +++ b/commands/login.c @@ -19,89 +19,23 @@ #include #include #include -#include -#include -#include -#include -#include -#include - -#define PASSWD_MAX_LENGTH (128 + 1) - -#if defined(CONFIG_PASSWD_MODE_STAR) -#define LOGIN_MODE STAR -#elif defined(CONFIG_PASSWD_MODE_CLEAR) -#define LOGIN_MODE CLEAR -#else -#define LOGIN_MODE HIDE -#endif - -static int login_timeout = 0; static int do_login(int argc, char *argv[]) { - unsigned char passwd[PASSWD_MAX_LENGTH]; - int passwd_len, opt; - int timeout = login_timeout; - char *timeout_cmd = "boot"; - - console_allow_input(true); - if (!is_passwd_enable()) { - puts("login: password not set\n"); - return 0; - } - - while((opt = getopt(argc, argv, "t:")) > 0) { - switch(opt) { - case 't': - timeout = simple_strtoul(optarg, NULL, 10); - break; - } - } - - if (optind != argc) - timeout_cmd = argv[optind]; - - do { - puts("Password: "); - passwd_len = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, timeout); - - if (passwd_len < 0) { - console_allow_input(false); - run_command(timeout_cmd); - } - - if (check_passwd(passwd, passwd_len) == 1) - return 0; - } while(1); + login(); return 0; } BAREBOX_CMD_HELP_START(login) BAREBOX_CMD_HELP_TEXT("Asks for a password from the console before script execution continues.") -BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command. Instead of specifying") -BAREBOX_CMD_HELP_TEXT("a TIMEOUT the magic variable 'global.login.timeout' could be set.") -BAREBOX_CMD_HELP_TEXT("") -BAREBOX_CMD_HELP_TEXT("Options:") -BAREBOX_CMD_HELP_OPT("-t TIMEOUT", "Execute COMMAND if no login withing TIMEOUT seconds") +BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command.") BAREBOX_CMD_HELP_END BAREBOX_CMD_START(login) .cmd = do_login, BAREBOX_CMD_DESC("ask for a password") - BAREBOX_CMD_OPTS("[-t TIMEOUT] COMMAND") BAREBOX_CMD_GROUP(CMD_GRP_CONSOLE) BAREBOX_CMD_HELP(cmd_login_help) BAREBOX_CMD_COMPLETE(empty_complete) BAREBOX_CMD_END - -static int login_global_init(void) -{ - globalvar_add_simple_int("login.timeout", &login_timeout, "%d"); - - return 0; -} -late_initcall(login_global_init); - -BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout, "timeout to type the password"); diff --git a/commands/menutree.c b/commands/menutree.c index 5d30b67..ea5f65f 100644 --- a/commands/menutree.c +++ b/commands/menutree.c @@ -12,12 +12,15 @@ #include #include #include +#include static int do_menutree(int argc, char *argv[]) { int opt, ret; char *path = "/env/menu"; + login(); + while ((opt = getopt(argc, argv, "m:")) > 0) { switch (opt) { case 'm': diff --git a/common/Kconfig b/common/Kconfig index 8c6ba7f..877d385 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -450,8 +450,14 @@ config PASSWORD_DEFAULT string - prompt "Password default" + prompt "Password default file" depends on PASSWORD + help + Set this to a file which is used as default password file. This file + has to contain the passwd encoded with the selected password digest. + i.e.: + echo -ne "MyPassword" | md5sum | while read a b; do echo $a > passwdfile; done + if PASSWORD @@ -460,19 +466,19 @@ config PASSWD_SUM_MD5 bool "MD5" - select MD5 + select DIGEST_MD5_GENERIC config PASSWD_SUM_SHA1 bool "SHA1" - select SHA1 + select DIGEST_SHA1_GENERIC config PASSWD_SUM_SHA256 bool "SHA256" - select SHA256 + select DIGEST_SHA256_GENERIC config PASSWD_SUM_SHA512 bool "SHA512" - select SHA512 + select DIGEST_SHA512_GENERIC config PASSWD_CRYPTO_PBKDF2 bool "PBKDF2" diff --git a/common/console.c b/common/console.c index bf64c08..84d4ea7 100644 --- a/common/console.c +++ b/common/console.c @@ -344,9 +344,6 @@ unsigned char ch; uint64_t start; - if (unlikely(!console_is_input_allow())) - return -EPERM; - /* * For 100us we read the characters from the serial driver * into a kfifo. This helps us not to lose characters @@ -381,9 +378,6 @@ int tstc(void) { - if (unlikely(!console_is_input_allow())) - return 0; - return kfifo_len(console_input_fifo) || tstc_raw(); } EXPORT_SYMBOL(tstc); diff --git a/common/console_common.c b/common/console_common.c index 2c82c6f..fcf89e8 100644 --- a/common/console_common.c +++ b/common/console_common.c @@ -33,33 +33,6 @@ #ifndef CONFIG_CONSOLE_NONE -static int console_input_allow; - -static int console_global_init(void) -{ - if (IS_ENABLED(CONFIG_CMD_LOGIN) && is_passwd_enable()) - console_input_allow = 0; - else - console_input_allow = 1; - - globalvar_add_simple_bool("console.input_allow", &console_input_allow); - - return 0; -} -late_initcall(console_global_init); - -BAREBOX_MAGICVAR_NAMED(global_console_input_allow, global.console.input_allow, "console input allowed"); - -bool console_is_input_allow(void) -{ - return console_input_allow; -} - -void console_allow_input(bool val) -{ - console_input_allow = val; -} - int barebox_loglevel = CONFIG_DEFAULT_LOGLEVEL; LIST_HEAD(barebox_logbuf); diff --git a/common/console_simple.c b/common/console_simple.c index 6cb72bb..69e7659 100644 --- a/common/console_simple.c +++ b/common/console_simple.c @@ -41,9 +41,6 @@ int tstc(void) { - if (unlikely(!console_is_input_allow())) - return 0; - if (!console) return 0; @@ -53,9 +50,6 @@ int getc(void) { - if (unlikely(!console_is_input_allow())) - return -EPERM; - if (!console) return -EINVAL; return console->getc(console); diff --git a/common/hush.c b/common/hush.c index ffd2513..abe8713 100644 --- a/common/hush.c +++ b/common/hush.c @@ -116,6 +116,7 @@ #include #include #include +#include #include #include #include @@ -1914,6 +1915,8 @@ struct p_context ctx; int exit = 0; + login(); + do { setup_file_in_str(&input); rcode = parse_stream_outer(&ctx, &input, FLAG_PARSE_SEMICOLON); diff --git a/common/parser.c b/common/parser.c index 207599f..ed414d0 100644 --- a/common/parser.c +++ b/common/parser.c @@ -1,5 +1,6 @@ #include #include +#include #include #include @@ -266,6 +267,8 @@ int len; int rc = 1; + login(); + for (;;) { len = readline (CONFIG_PROMPT, console_buffer, CONFIG_CBSIZE); diff --git a/common/password.c b/common/password.c index c845422..43c5e0c 100644 --- a/common/password.c +++ b/common/password.c @@ -24,8 +24,11 @@ #include #include #include +#include #include +#include #include +#include #include #include @@ -73,7 +76,7 @@ case CTL_CH('c'): passwd[0] = '\0'; puts("\r\n"); - return 0; + return -EINTR; case CTL_CH('h'): case BB_KEY_DEL7: case BB_KEY_DEL: @@ -104,7 +107,7 @@ } } while (!is_timeout(start, timeout * SECOND) || timeout == 0); - return -1; + return -ETIMEDOUT; } EXPORT_SYMBOL(password); @@ -155,17 +158,7 @@ return c; } -int read_passwd(unsigned char *sum, size_t length) -{ - if (is_passwd_env_enable()) - return read_env_passwd(sum, length); - else if (is_passwd_default_enable()) - return read_default_passwd(sum, length); - else - return -EINVAL; -} - -int read_default_passwd(unsigned char *sum, size_t length) +static int read_default_passwd(unsigned char *sum, size_t length) { int i = 0; int len = strlen(default_passwd); @@ -192,7 +185,7 @@ } EXPORT_SYMBOL(read_default_passwd); -int read_env_passwd(unsigned char *sum, size_t length) +static int read_env_passwd(unsigned char *sum, size_t length) { int fd; int ret = 0; @@ -283,7 +276,7 @@ } EXPORT_SYMBOL(write_env_passwd); -static int __check_passwd(unsigned char* passwd, size_t length, int std) +static int check_passwd(unsigned char *passwd, size_t length) { struct digest *d = NULL; unsigned char *passwd1_sum; @@ -295,6 +288,10 @@ hash_len = PBKDF2_LENGTH; } else { d = digest_alloc(PASSWD_SUM); + if (!d) { + pr_err("No such digest: %s\n", PASSWD_SUM); + return -ENOENT; + } hash_len = digest_length(d); } @@ -305,10 +302,12 @@ passwd2_sum = passwd1_sum + hash_len; - if (std) + if (is_passwd_env_enable()) ret = read_env_passwd(passwd2_sum, hash_len); - else + else if (is_passwd_default_enable()) ret = read_default_passwd(passwd2_sum, hash_len); + else + ret = -EINVAL; if (ret < 0) goto err; @@ -342,28 +341,6 @@ return ret; } -int check_default_passwd(unsigned char* passwd, size_t length) -{ - return __check_passwd(passwd, length, 0); -} -EXPORT_SYMBOL(check_default_passwd); - -int check_env_passwd(unsigned char* passwd, size_t length) -{ - return __check_passwd(passwd, length, 1); -} -EXPORT_SYMBOL(check_env_passwd); - -int check_passwd(unsigned char* passwd, size_t length) -{ - if (is_passwd_env_enable()) - return check_env_passwd(passwd, length); - else if (is_passwd_default_enable()) - return check_default_passwd(passwd, length); - else - return -EINVAL; -} - int set_env_passwd(unsigned char* passwd, size_t length) { struct digest *d = NULL; @@ -374,6 +351,8 @@ hash_len = PBKDF2_LENGTH; } else { d = digest_alloc(PASSWD_SUM); + if (!d) + return -EINVAL; hash_len = digest_length(d); } @@ -406,3 +385,69 @@ return ret; } EXPORT_SYMBOL(set_env_passwd); + +#define PASSWD_MAX_LENGTH (128 + 1) + +#if defined(CONFIG_PASSWD_MODE_STAR) +#define LOGIN_MODE STAR +#elif defined(CONFIG_PASSWD_MODE_CLEAR) +#define LOGIN_MODE CLEAR +#else +#define LOGIN_MODE HIDE +#endif + +static int logged_in; +static int login_timeout = 60; +static char *login_fail_command; + +/** + * login() - Prompt for password + * + * This function only returns when the correct password has been entered or + * no password is necessary because either no password is configured or the + * correct password has been entered in a previous call to this function. + */ +void login(void) +{ + unsigned char passwd[PASSWD_MAX_LENGTH]; + int ret; + + if (!is_passwd_default_enable() && !is_passwd_env_enable()) + return; + + if (logged_in) + return; + + while (1) { + printf("Password: "); + + ret = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, login_timeout); + if (ret < 0) + run_command(login_fail_command); + + if (ret < 0) + continue; + + if (check_passwd(passwd, ret) != 1) + continue; + + logged_in = 1; + return; + } +} + +static int login_global_init(void) +{ + login_fail_command = xstrdup("boot"); + + globalvar_add_simple_int("login.timeout", &login_timeout, "%d"); + globalvar_add_simple_string("login.fail_command", &login_fail_command); + + return 0; +} +late_initcall(login_global_init); + +BAREBOX_MAGICVAR_NAMED(global_login_fail_command, global.login.fail_command, + "command to run when password entry failed"); +BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout, + "timeout to type the password"); diff --git a/common/startup.c b/common/startup.c index 802b90e..4a303b2 100644 --- a/common/startup.c +++ b/common/startup.c @@ -108,13 +108,10 @@ if (IS_ENABLED(CONFIG_COMMAND_SUPPORT)) { pr_info("running /env/bin/init...\n"); - if (!stat("/env/bin/init", &s)) { + if (!stat("/env/bin/init", &s)) run_command("source /env/bin/init"); - } else { + else pr_err("/env/bin/init not found\n"); - if (IS_ENABLED(CONFIG_CMD_LOGIN)) - while(run_command("login -t 0")); - } } if (!barebox_main) { diff --git a/crypto/Kconfig b/crypto/Kconfig index 24f8b41..ef807de 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -82,5 +82,5 @@ config CRYPTO_PBKDF2 select DIGEST - select SHA1 + select DIGEST_SHA1_GENERIC bool diff --git a/defaultenv/defaultenv-2-base/bin/init b/defaultenv/defaultenv-2-base/bin/init index 30651e5..37ee365 100644 --- a/defaultenv/defaultenv-2-base/bin/init +++ b/defaultenv/defaultenv-2-base/bin/init @@ -27,25 +27,15 @@ [ -e /env/config-board ] && /env/config-board /env/config -# request password to login if a timeout is specified and password set -if [ -n ${global.login.timeout} ]; then - [ ${global.login.timeout} -gt 0 ] && login_cmd=login -fi -# allow the input if not -[ -n ${global.console.input_allow} ] && global.console.input_allow=1 - # allow to stop the boot before execute the /env/init/* # but without waiting timeout -s -a -v key 0 autoboot="$?" if [ "${key}" = "q" ]; then - ${login_cmd} exit fi -[ -n ${login_cmd} ] && global.console.input_allow=0 - for i in /env/init/*; do . $i done @@ -56,17 +46,12 @@ echo -e -n "\nHit any key to stop autoboot: " fi -[ -n ${login_cmd} ] && global.console.input_allow=1 - if [ "$autoboot" = 0 ]; then timeout -a $global.autoboot_timeout -v key autoboot="$?" fi -[ -n ${login_cmd} ] && global.console.input_allow=0 - if [ "${key}" = "q" ]; then - ${login_cmd} exit fi @@ -75,12 +60,9 @@ fi if [ -e /env/menu ]; then - ${login_cmd} if [ "${key}" != "m" ]; then echo -e "\ntype exit to get to the menu" sh fi /env/menu/mainmenu fi - -${login_cmd} diff --git a/include/console.h b/include/console.h index a6737c8..4b2f134 100644 --- a/include/console.h +++ b/include/console.h @@ -71,9 +71,6 @@ #define CFG_PBSIZE (CONFIG_CBSIZE+sizeof(CONFIG_PROMPT)+16) -bool console_is_input_allow(void); -void console_allow_input(bool val); - extern int barebox_loglevel; struct console_device *console_get_first_active(void); diff --git a/include/password.h b/include/password.h index 0dd1054..8b99618 100644 --- a/include/password.h +++ b/include/password.h @@ -26,25 +26,15 @@ #define CLEAR (1 << 2) int password(unsigned char *passwd, size_t length, int flags, int timeout); - -int read_passwd(unsigned char *sum, size_t length); -int check_passwd(unsigned char* passwd, size_t length); - -int read_env_passwd(unsigned char *sum, size_t length); -int write_env_passwd(unsigned char *sum, size_t length); - -int read_default_passwd(unsigned char *sum, size_t length); -int is_passwd_default_enable(void); -int check_default_passwd(unsigned char* passwd, size_t length); - -int is_passwd_env_enable(void); int passwd_env_disable(void); -int check_env_passwd(unsigned char* passwd, size_t length); -int set_env_passwd(unsigned char* passwd, size_t length); +int set_env_passwd(unsigned char *passwd, size_t length); -static inline int is_passwd_enable(void) +#ifdef CONFIG_PASSWORD +void login(void); +#else +static inline void login(void) { - return is_passwd_default_enable() || is_passwd_env_enable(); } +#endif #endif /* __PASSWORD_H__ */