From a41bc36a2d8ce17d46327da9b709ca9e9c4c3de4 Mon Sep 17 00:00:00 2001 From: John Klug Date: Mon, 20 Mar 2017 17:47:48 -0500 Subject: Password script for U-Boot and root --- src/ubpasswd.sh | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100755 src/ubpasswd.sh diff --git a/src/ubpasswd.sh b/src/ubpasswd.sh new file mode 100755 index 0000000..000c831 --- /dev/null +++ b/src/ubpasswd.sh @@ -0,0 +1,108 @@ +#!/bin/bash +# Password setting/generation script. +# Sets both root and u-boot password, +# or optionally just U-boot. +# What is actually written is the password +# and salt. But the password is printed +# for reference. +# ubpasswd -h will print usage. +if ! [[ -x /sbin/hashpwd ]] ; then + echo Need /sbin/hashpwd to proceed. +fi +usage() { + echo "ubpasswd [-u] [-d] [-s salt] [password]" + echo " -u means u-boot only (not UNIX password)" + echo " -s salt is user supplied salt" + echo " -d debug" + echo " password is a user supplied password" + echo "A salt not supplied is generated." + echo "If a password is not supplied, it is generated" + exit 1 +} +((ubonly=0)) +((hassalt=0)) +((debug=0)) +((upwd=0)) +while getopts ":dus:" opt; do + case $opt in + u) + ((ubonly=1)) + ;; + s) + salt="$OPTARG" + ((hassalt=1)) + ;; + d) + ((debug=1)) + ;; + *) + usage + esac +done +((debug)) && echo OPTIND is $OPTIND +((sc=OPTIND-1)) +shift $sc +if (($# == 1)) ; then + ((debug)) && echo "User set password is \"$1\"" + ((upwd = 1)) + pass="$1" +fi + +((debug)) && echo hassalt is $hassalt, salt is \"$salt\" +((debug)) && echo ubonly is $ubonly +((debug)) && echo debug is $debug + +len=8 +saltlen=128 +mts=/sys/devices/platform/mts-io +did="${mts}/device-id" +mac="${mts}/mac-eth" + +if ! /bin/fgrep "mts password protected" /dev/mtdblock2 >/dev/null 2>&1; then + echo "U-Boot does not support password protection." +fi + +if ((hassalt == 0)) ; then + salt="$(/bin/dd if=/dev/urandom count=1 bs=128 2>/dev/null | /bin/base64 | tr -d '\n' | cut -c1-${saltlen})" +fi + +echo "salt: $salt" + +((v == 1)) && echo upwd is $upwd +((v == 1)) && echo did length is ${#did} +if ((upwd == 0)) ; then + if ((${#did} == 0)) ; then + echo "${mts}/device-id must have a non-zero length value" + usage + fi + if ((${#mac} == 0)) ; then + echo "${mts}/mac-eth must have a non-zero length value" + usage + fi + if ((v == 1)) ; then + echo Try this: + echo "/sbin/hashpwd -d ${did} -m ${mac} ${salt}" + fi + result=$(/sbin/hashpwd -d ${did} -m ${mac} ${salt}) +else + result=$(/sbin/hashpwd -p "${pass}" ${salt}) +fi +if ! [[ $result =~ ^pass=([^[:space:]]+)[[:space:]]+password_hash=([^[:space:]]+) ]] ; then + echo "/sbin/hashpwd failed: ${result}" + exit 1 +fi +if ((v == 1)) ; then + echo result is: + echo "$result" +fi +pass="${BASH_REMATCH[1]}" +password_hash="${BASH_REMATCH[2]}" +echo "uboot password hash: \"$password_hash\"" +if ((ubonly == 0)) ; then + echo "setting root password to ${pass}" + echo -e "${pass}\n${pass}" | /usr/bin/passwd >/dev/null 2>&1 +fi +set -e +echo "u-boot password is ${pass}" +/usr/bin/u-boot setenv mtss "$salt" +/usr/bin/u-boot setenv mtsp "$password_hash" -- cgit v1.2.3