Password script for U-Boot and root

1 files changed, 108 insertions, 0 deletions

diff --git a/src/ubpasswd.sh b/src/ubpasswd.sh
new file mode 100755
index 0000000..000c831
--- /dev/null
+++ b/src/ubpasswd.sh
@@ -0,0 +1,108 @@
+#!/bin/bash
+# Password setting/generation script.
+# Sets both root and u-boot password,
+# or optionally just U-boot.
+# What is actually written is the password
+# and salt.  But the password is printed
+# for reference.
+# ubpasswd -h will print usage.
+if ! [[ -x /sbin/hashpwd ]] ; then
+  echo Need /sbin/hashpwd to proceed.
+fi
+usage() {
+  echo "ubpasswd [-u] [-d] [-s salt] [password]"
+  echo "  -u        means u-boot only (not UNIX password)"
+  echo "  -s        salt is user supplied salt"
+  echo "  -d        debug"
+  echo "  password  is a user supplied password"
+  echo "A salt not supplied is generated."
+  echo "If a password is not supplied, it is generated"
+  exit 1
+}
+((ubonly=0))
+((hassalt=0))
+((debug=0))
+((upwd=0))
+while getopts ":dus:" opt; do
+  case $opt in
+    u)
+      ((ubonly=1))
+      ;;
+    s)
+      salt="$OPTARG"
+      ((hassalt=1)) 
+      ;;
+    d)
+      ((debug=1))
+      ;;
+    *)
+      usage
+  esac
+done
+((debug)) && echo OPTIND is $OPTIND
+((sc=OPTIND-1))
+shift $sc
+if (($# == 1)) ; then
+  ((debug)) && echo "User set password is \"$1\""
+  ((upwd = 1))
+  pass="$1"
+fi
+
+((debug)) && echo hassalt is $hassalt, salt is \"$salt\"
+((debug)) && echo ubonly is $ubonly
+((debug)) && echo debug is $debug
+
+len=8
+saltlen=128
+mts=/sys/devices/platform/mts-io
+did="${mts}/device-id"
+mac="${mts}/mac-eth"
+
+if ! /bin/fgrep "mts password protected" /dev/mtdblock2 >/dev/null 2>&1;  then
+	echo "U-Boot does not support password protection."
+fi
+
+if ((hassalt == 0)) ; then
+  salt="$(/bin/dd if=/dev/urandom count=1 bs=128 2>/dev/null  | /bin/base64 |  tr -d '\n' | cut -c1-${saltlen})"
+fi
+
+echo "salt: $salt"
+
+((v == 1)) && echo upwd is $upwd
+((v == 1)) && echo did length is ${#did}
+if ((upwd == 0)) ; then
+  if ((${#did} == 0)) ; then
+    echo "${mts}/device-id must have a non-zero length value"
+    usage
+  fi
+    if ((${#mac} == 0)) ; then
+    echo "${mts}/mac-eth must have a non-zero length value"
+    usage
+  fi
+  if ((v == 1)) ; then
+    echo Try this:
+    echo "/sbin/hashpwd -d ${did} -m ${mac} ${salt}"
+  fi
+  result=$(/sbin/hashpwd -d ${did} -m ${mac} ${salt})
+else
+  result=$(/sbin/hashpwd -p "${pass}" ${salt})
+fi
+if ! [[ $result =~ ^pass=([^[:space:]]+)[[:space:]]+password_hash=([^[:space:]]+) ]] ; then
+  echo "/sbin/hashpwd failed: ${result}"
+  exit 1
+fi
+if ((v == 1)) ; then
+  echo result is:
+  echo "$result"
+fi
+pass="${BASH_REMATCH[1]}"
+password_hash="${BASH_REMATCH[2]}"
+echo "uboot password hash: \"$password_hash\""
+if ((ubonly == 0)) ; then
+  echo "setting root password to ${pass}"
+  echo -e "${pass}\n${pass}" | /usr/bin/passwd >/dev/null 2>&1
+fi
+set -e
+echo "u-boot password is ${pass}"
+/usr/bin/u-boot setenv mtss "$salt"
+/usr/bin/u-boot setenv mtsp "$password_hash"