blob: 9fea52dbec708411517630e5edd94df0448c382f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
#!/bin/bash
# Password setting/generation script.
# Sets both root and u-boot password,
# or optionally just U-boot.
# What is actually written is the password
# and salt. But the password is printed
# for reference.
# ubpasswd -h will print usage.
#
# Command changes the password based on the following
# user list. The first user in this list that is found in
# /etc/shadow is changed. root is only changed if mtadm
# or admin is not found.
ADMINLIST="mtadm admin root"
MTS=/sys/devices/platform/mts-io
if (( $(id -u) != 0 )) ; then
echo "Must have root privilege to procede."
exit 1
fi
if ! [[ -x /sbin/mts-hashpwd ]] ; then
echo Need /sbin/mts-hashpwd to proceed.
exit 1
fi
usage() {
echo "ubpasswd [-u] [-d] [-s salt] [password]"
echo " -u means u-boot only (not UNIX password)"
echo " -s salt is user supplied salt"
echo " -d debug"
echo " password is a user supplied password"
echo "A salt not supplied is generated."
echo "If a password is not supplied, it is generated"
exit 1
}
((ubonly=0))
((hassalt=0))
((debug=0))
((upwd=0))
while getopts ":dus:" opt; do
case $opt in
u)
((ubonly=1))
;;
s)
salt="$OPTARG"
((hassalt=1))
;;
d)
((debug=1))
;;
*)
usage
esac
done
((debug)) && echo OPTIND is $OPTIND
((sc=OPTIND-1))
shift $sc
if (($# == 1)) ; then
((debug)) && echo "User set password is \"$1\""
((upwd = 1))
pass="$1"
fi
((debug)) && echo hassalt is $hassalt, salt is \"$salt\"
((debug)) && echo ubonly is $ubonly
((debug)) && echo debug is $debug
len=8
saltlen=128
if ! /bin/fgrep "mts password protected" /dev/mtdblock2 >/dev/null 2>&1; then
echo "U-Boot does not support password protection."
exit 1
fi
if ((hassalt == 0)) ; then
salt="$(/bin/dd if=/dev/urandom count=1 bs=128 2>/dev/null | /bin/base64 | tr -d '\n' | cut -c1-${saltlen})"
fi
echo "salt: $salt"
((debug)) && echo upwd is $upwd
((debug)) && echo did length is ${#did}
if ((upwd == 0)) ; then
if ! [[ -f "${MTS}/device-id" ]] ; then
echo "${MTS}/device-id not found. Maybe mts-io driver is not loaded?"
exit 1
fi
if ! [[ -f "${MTS}/mac-eth" ]] ; then
echo "${MTS}/mac-eth not found. Maybe mts-io driver is not loaded?"
exit 1
fi
did=$(cat "${MTS}/device-id")
mac=$(cat "${MTS}/mac-eth")
if ((${#did} == 0)) ; then
echo "${MTS}/device-id must have a non-zero length value"
usage
fi
if ((${#mac} == 0)) ; then
echo "${mts}/mac-eth must have a non-zero length value"
usage
fi
if ((debug)) ; then
echo Try this:
echo "/sbin/mts-hashpwd -d ${did} -m ${mac} ${salt}"
fi
result=$(/sbin/mts-hashpwd -d ${did} -m ${mac} ${salt})
else
result=$(/sbin/mts-hashpwd -p "${pass}" ${salt})
fi
if ! [[ $result =~ ^pass=([^[:space:]]+)[[:space:]]+password_hash=([^[:space:]]+) ]] ; then
echo "/sbin/mts-hashpwd failed: ${result}"
exit 1
fi
if ((debug)) ; then
echo result is:
echo "$result"
fi
pass="${BASH_REMATCH[1]}"
password_hash="${BASH_REMATCH[2]}"
echo "uboot password hash: \"$password_hash\""
if ((ubonly == 0)) ; then
rstring="^"${ADMINLIST// /:|^}":"
list=" "$(egrep "${rstring}" /etc/shadow | sed 's/:.*//')" "
for u in $ADMINLIST ; do
((debug)) && echo "list is: $list, u: is $u"
if [[ $list =~ [[:space:]]${u}[[:space:]] ]] ; then
USER="${u}"
((debug)) && echo Change password of $USER
break
fi
done
if ((${#USER} == 0)) ; then
echo "No administrator user found"
echo "Cannot change the administrator password"
echo "Suggest using the \"-u\" option"
exit 1
fi
echo "setting ${USER} password to ${pass}"
echo -e "${pass}\n${pass}" | /usr/bin/passwd "${USER}" >/dev/null 2>&1
fi
echo "u-boot password is ${pass}"
set -x
/usr/bin/u-boot setenv mtss "$salt"
/usr/bin/u-boot setenv mtsp "$password_hash"
|