diff options
Diffstat (limited to 'src/ubpasswd.sh')
| -rwxr-xr-x | src/ubpasswd.sh | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/src/ubpasswd.sh b/src/ubpasswd.sh index 98347fb..e3509ab 100755 --- a/src/ubpasswd.sh +++ b/src/ubpasswd.sh @@ -11,6 +11,11 @@ # user list. The first user in this list that is found in # /etc/shadow is changed. root is only changed if mtadm # or admin is not found. +# +# -p option (pass password through stdin) is more secure +# because another user on the system could use ps to acquire +# the password. +# ADMINLIST="mtadm admin" MTS=/sys/devices/platform/mts-io @@ -24,7 +29,7 @@ if ! [[ -x /sbin/mts-hashpwd ]] ; then exit 1 fi usage() { - echo "mts-ubpasswd [-c] [-d] [-n] [-i] [-m] [-u] [-r] [-f] [-s salt] [password]" + echo "mts-ubpasswd [-c] [-d] [-n] [-i] [-m] [-u] [-r] [-f] [-p] [-s salt] [password]" echo " -c clear the U-Boot password" echo " -d debug" echo " -n dryrun for setting password" @@ -35,6 +40,7 @@ usage() { echo " is currently required" echo " -f returns true if U-Boot password" echo " feature is available." + echo " -p read password from standard input" echo " -s salt is user supplied salt" echo " password is a user supplied password" echo "A salt not supplied is generated." @@ -50,7 +56,8 @@ usage() { ((debug=0)) ((upwd=0)) ((dryrun=0)) -while getopts ":cdfimnrs:u" opt; do +((stdp=0)) +while getopts ":cdfimnprs:u" opt; do case $opt in c) u-boot setenv mtsp @@ -93,6 +100,9 @@ while getopts ":cdfimnrs:u" opt; do n) ((dryrun=1)) ;; + p) + ((stdp=1)) + ;; u) ((ubonly=1)) ;; @@ -119,10 +129,17 @@ done ((debug)) && echo OPTIND is $OPTIND ((sc=OPTIND-1)) shift $sc +if (($# == 1)) && ((stdp == 1)) ; then + "Cannot use -p option with password on the command line" + usage +fi if (($# == 1)) ; then ((debug)) && echo "User set password is \"$1\"" ((upwd = 1)) pass="$1" +elif ((stdp == 1)) ; then + ((upwd = 1)) + read -r pass fi ((debug)) && echo hassalt is $hassalt, salt is \"$salt\" @@ -204,7 +221,7 @@ if ((upwd == 0)) ; then fi result=$(/sbin/mts-hashpwd ${pwdsrc} ${salt}) else - result=$(/sbin/mts-hashpwd -p "${pass}" ${salt}) + result=$(echo -n "$pass" | /sbin/mts-hashpwd -i ${salt}) fi if ! [[ $result =~ ^pass=([^$'\n']+)$'\n'password_hash=([^$'\n']+) ]] ; then echo "/sbin/mts-hashpwd failed: ${result}" |