summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJohn Klug <john.klug@multitech.com>2019-12-10 13:41:57 -0600
committerJohn Klug <john.klug@multitech.com>2019-12-10 13:41:57 -0600
commit65662db674cb3529331dc5db83be9bd9220f072d (patch)
treec90bfda38d3a1bcbdcb2d758a97fa4eb16113912 /src
parentb3c010190ffcc295dcc45781abfb1e66e1eb4c46 (diff)
downloadmts-id-eeprom-65662db674cb3529331dc5db83be9bd9220f072d.tar.gz
mts-id-eeprom-65662db674cb3529331dc5db83be9bd9220f072d.tar.bz2
mts-id-eeprom-65662db674cb3529331dc5db83be9bd9220f072d.zip
Read password from stdin0.5.0
Diffstat (limited to 'src')
-rw-r--r--src/hashpwd.cpp43
-rwxr-xr-xsrc/ubpasswd.sh23
2 files changed, 58 insertions, 8 deletions
diff --git a/src/hashpwd.cpp b/src/hashpwd.cpp
index 6bc322c..1ea3e2c 100644
--- a/src/hashpwd.cpp
+++ b/src/hashpwd.cpp
@@ -153,6 +153,7 @@ void usage(void)
" -V version" << endl <<
" -v verbose" << endl <<
" -d did Device ID (serial #)" << endl <<
+ " -i Read password from standard input" << endl <<
" -m mac Ethernet mac address" << endl <<
" -p password" << endl <<
" -u uuid UUID (base 16)" << endl <<
@@ -163,17 +164,20 @@ void usage(void)
}
int main(int argc, char **argv) {
- int opt = 0, p = 0, d = 0, m = 0, u=0;
+ int opt = 0, p = 0, d = 0, m = 0, u=0, iopt = 0;
+ char c;
unsigned long long fudge = 0;
short unsigned int prefix;
string did, mac, pwd, salt, uuid;
+ int supplied_password = 0;
- while ((opt = getopt(argc,argv,"Vd:m:p:u:v")) != EOF)
+ while ((opt = getopt(argc,argv,"Vd:im:p:u:v")) != EOF)
switch(opt)
{
case 'V': cout << MYVERSION << endl; exit(0);
case 'v': v = 1; cout << " verbose" <<endl; break;
case 'd': d = 1; did = optarg ; (v==1) && cout << "device-id is " << did << endl; break;
+ case 'i': iopt = 1; (v==1) && cout << "Reading password from stdin " << endl; break;
case 'm': m = 1; mac = optarg ; (v==1) && cout << "Ethernet mac is " << mac << endl; break;
case 'p': p = 1; pwd = optarg ; (v==1) && cout << "User defined password is \"" << pwd << "\"" << endl; break;
case 'u': u = 1; uuid = optarg ; (v==1) && cout << "UUID is \"" << uuid << "\"" << endl; break;
@@ -187,6 +191,15 @@ int main(int argc, char **argv) {
cout << " argv[" << i << "]=\"" << argv[i] << "\"" << endl;
}
+ if (p && iopt) {
+ cout << "Cannot have both a command line password and standard input password" << endl;
+ usage();
+ }
+
+ if (p || iopt)
+ supplied_password = 1;
+
+
if ((p && d) || (p && m)) {
cout << "Must use either a supplied password or Device ID and Ethernet MAC address, but not all three." << endl;
usage();
@@ -212,13 +225,33 @@ int main(int argc, char **argv) {
(v == 1) && cout << "prefix is " << prefixStream.str() << endl;
+ if(iopt) {
+ while(1)
+ {
+ cin.get(c);
+ if (cin.eof())
+ break;
+ pwd.push_back(c);
+ }
+ }
+
+ // Dump password in hex
+ if(v == 1) {
+ cout.width(2);
+ cout.fill(0);
+ cout << hex;
+ cout << right;
+ for(unsigned int i=0; i<pwd.length(); i++)
+ cout << hex << right << (int)pwd[i];
+ cout << endl;
+ }
string passwd_str;
string passwd0, passwdnew;
SHA256_CTX sha256;
unsigned char hash[SHA256_DIGEST_LENGTH];
- if(!p) {
+ if(!(p || iopt)) {
if (m)
passwd0 = did + "|" + mac;
else if (u)
@@ -227,7 +260,7 @@ int main(int argc, char **argv) {
while (1) {
unsigned char append[9];
- (v == 1) && cout << "pwdinput: " << passwdnew << endl;
+ (v == 1) && cout << "pwdinput: " << passwdnew << endl;
SHA256_Init(&sha256);
SHA256_Update(&sha256,passwdnew.c_str(),passwdnew.length());
@@ -264,7 +297,7 @@ int main(int argc, char **argv) {
cout << "pass=" << pwd << endl;
- passwd_str = prefixStream.str() + pwd + salt;
+ passwd_str = prefixStream.str() + pwd + salt;
SHA256_Init(&sha256);
SHA256_Update(&sha256,passwd_str.c_str(),passwd_str.length());
diff --git a/src/ubpasswd.sh b/src/ubpasswd.sh
index 98347fb..e3509ab 100755
--- a/src/ubpasswd.sh
+++ b/src/ubpasswd.sh
@@ -11,6 +11,11 @@
# user list. The first user in this list that is found in
# /etc/shadow is changed. root is only changed if mtadm
# or admin is not found.
+#
+# -p option (pass password through stdin) is more secure
+# because another user on the system could use ps to acquire
+# the password.
+#
ADMINLIST="mtadm admin"
MTS=/sys/devices/platform/mts-io
@@ -24,7 +29,7 @@ if ! [[ -x /sbin/mts-hashpwd ]] ; then
exit 1
fi
usage() {
- echo "mts-ubpasswd [-c] [-d] [-n] [-i] [-m] [-u] [-r] [-f] [-s salt] [password]"
+ echo "mts-ubpasswd [-c] [-d] [-n] [-i] [-m] [-u] [-r] [-f] [-p] [-s salt] [password]"
echo " -c clear the U-Boot password"
echo " -d debug"
echo " -n dryrun for setting password"
@@ -35,6 +40,7 @@ usage() {
echo " is currently required"
echo " -f returns true if U-Boot password"
echo " feature is available."
+ echo " -p read password from standard input"
echo " -s salt is user supplied salt"
echo " password is a user supplied password"
echo "A salt not supplied is generated."
@@ -50,7 +56,8 @@ usage() {
((debug=0))
((upwd=0))
((dryrun=0))
-while getopts ":cdfimnrs:u" opt; do
+((stdp=0))
+while getopts ":cdfimnprs:u" opt; do
case $opt in
c)
u-boot setenv mtsp
@@ -93,6 +100,9 @@ while getopts ":cdfimnrs:u" opt; do
n)
((dryrun=1))
;;
+ p)
+ ((stdp=1))
+ ;;
u)
((ubonly=1))
;;
@@ -119,10 +129,17 @@ done
((debug)) && echo OPTIND is $OPTIND
((sc=OPTIND-1))
shift $sc
+if (($# == 1)) && ((stdp == 1)) ; then
+ "Cannot use -p option with password on the command line"
+ usage
+fi
if (($# == 1)) ; then
((debug)) && echo "User set password is \"$1\""
((upwd = 1))
pass="$1"
+elif ((stdp == 1)) ; then
+ ((upwd = 1))
+ read -r pass
fi
((debug)) && echo hassalt is $hassalt, salt is \"$salt\"
@@ -204,7 +221,7 @@ if ((upwd == 0)) ; then
fi
result=$(/sbin/mts-hashpwd ${pwdsrc} ${salt})
else
- result=$(/sbin/mts-hashpwd -p "${pass}" ${salt})
+ result=$(echo -n "$pass" | /sbin/mts-hashpwd -i ${salt})
fi
if ! [[ $result =~ ^pass=([^$'\n']+)$'\n'password_hash=([^$'\n']+) ]] ; then
echo "/sbin/mts-hashpwd failed: ${result}"