blob: 34180de00966f5a9b026731b8fefbfaa15f839c6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
|
#!/bin/bash
# Password setting/generation script.
# Sets both root and u-boot password,
# or optionally just U-boot.
# What is actually written is the password
# and salt. But the password is printed
# for reference.
# ubpasswd -h will print usage.
#
# Command changes the password based on the following
# user list. The first user in this list that is found in
# /etc/shadow is changed. root is only changed if mtadm
# or admin is not found.
ADMINLIST="mtadm admin root"
MTS=/sys/devices/platform/mts-io
if (( $(id -u) != 0 )) ; then
echo "Must have root privilege to procede."
exit 1
fi
if ! [[ -x /sbin/mts-hashpwd ]] ; then
echo Need /sbin/mts-hashpwd to proceed.
exit 1
fi
usage() {
echo "ubpasswd [-c] [-d] [-n] [-i] [-m] [-u] [-r] [-f] [-s salt] [password]"
echo " -c clear the U-Boot password"
echo " -d debug"
echo " -n dryrun for setting password"
echo " -i use the uuid to generate the password"
echo " -m means use the mac to generate the password."
echo " -u means u-boot only (not UNIX password)"
echo " -r returns true if U-Boot password"
echo " is currently required"
echo " -f returns true if U-Boot password"
echo " feature is available."
echo " -s salt is user supplied salt"
echo " password is a user supplied password"
echo "A salt not supplied is generated."
echo "If a password is not supplied, it is generated"
echo "If generating a password. The MAC address is"
echo "preferred for generating the password, but the"
echo "UUID will be used if the MAC is not present."
exit 1
}
((ubonly=0))
((usemac=0))
((hassalt=0))
((debug=0))
((upwd=0))
((dryrun=0))
while getopts ":cdfimnrs:u" opt; do
case $opt in
c)
u-boot setenv mtsp
u-boot setenv mtss
exit 0
;;
f)
if ! /bin/fgrep "mts password protected" /dev/mtdblock2 >/dev/null 2>&1; then
echo "U-Boot does not support password protection."
exit 1
else
echo "U-Boot supports password protection."
exit 0
fi
;;
i)
((useuuid=1))
if ! [[ -f "${MTS}/uuid" ]] ; then
echo "${MTS}/uuid not found. Maybe mts-io driver is not loaded?"
exit 1
fi
uuid=$(cat "${MTS}/uuid")
if ((${#uuid} == 0)) ; then
echo "${MTS}/uuid must have a non-zero length value"
usage
fi
;;
m)
((usemac=1))
if ! [[ -f "${MTS}/mac-eth" ]] ; then
echo "${MTS}/mac-eth not found. Maybe mts-io driver is not loaded?"
exit 1
fi
mac=$(cat "${MTS}/mac-eth")
if ((${#mac} == 0)) ; then
echo "${MTS}/mac-eth must have a non-zero length value"
usage
fi
;;
n)
((dryrun=1))
;;
u)
((ubonly=1))
;;
s)
salt="$OPTARG"
((hassalt=1))
;;
r)
if /usr/bin/u-boot printenv mtsp >/dev/null 2>&1 ; then
echo "U-Boot password protection is on"
exit 0
else
echo "U-Boot password protection is off"
exit 1
fi
;;
d)
((debug=1))
;;
*)
usage
esac
done
((debug)) && echo OPTIND is $OPTIND
((sc=OPTIND-1))
shift $sc
if (($# == 1)) ; then
((debug)) && echo "User set password is \"$1\""
((upwd = 1))
pass="$1"
fi
((debug)) && echo hassalt is $hassalt, salt is \"$salt\"
((debug)) && echo ubonly is $ubonly
((debug)) && echo debug is $debug
len=8
saltlen=128
if ! /bin/fgrep "mts password protected" /dev/mtdblock2 >/dev/null 2>&1; then
echo "U-Boot does not support password protection."
exit 1
fi
if ((hassalt == 0)) ; then
salt="$(/bin/dd if=/dev/urandom count=1 bs=128 2>/dev/null | /bin/base64 | tr -d '\n' | cut -c1-${saltlen})"
fi
echo "salt: $salt"
((debug)) && echo upwd is $upwd
((debug)) && echo did length is ${#did}
if ((useuuid == 0)) && ((usemac == 0)) ; then
# Use MAC unless not present.
# This is because old code did this, and because
# UUID is not present in MTR and old Conduits.
((usemac=1))
mac=$(cat "${MTS}/mac-eth")
if ((${#mac} == 0)) ; then
((usemac=0))
# Check for UUID
((useuuid=1))
uuid=$(cat "${MTS}/uuid")
if ((${#uuid} == 0)) ; then
echo "${MTS}/uuid or ${MTS}/mac-eth must have a non-zero length value"
usage
fi
if ! [[ -f "${MTS}/uuid" ]] ; then
echo "${MTS}/uuid not found. Maybe mts-io driver is not loaded?"
exit 1
fi
fi
fi
if ((upwd == 0)) ; then
if ! [[ -f "${MTS}/device-id" ]] ; then
echo "${MTS}/device-id not found. Maybe mts-io driver is not loaded?"
exit 1
fi
did=$(cat "${MTS}/device-id")
if ((${#did} == 0)) ; then
echo "${MTS}/device-id must have a non-zero length value"
usage
fi
if ((usemac == 0)) ; then
if ! [[ -f "${MTS}/uuid" ]] ; then
echo "${MTS}/uuid not found. Maybe mts-io driver is not loaded?"
exit 1
fi
uuid=$(cat "${MTS}/uuid")
if ((${#uuid} == 0)) ; then
echo "${MTS}/uuid must have a non-zero length value"
usage
fi
pwdsrc="-d ${did} -u ${uuid}"
else
pwdsrc="-d ${did} -m ${mac}"
fi
if ((debug)) ; then
echo Try this:
echo "/sbin/mts-hashpwd ${pwdsrc} ${salt}"
fi
result=$(/sbin/mts-hashpwd ${pwdsrc} ${salt})
else
result=$(/sbin/mts-hashpwd -p "${pass}" ${salt})
fi
if ! [[ $result =~ ^pass=([^[:space:]]+)[[:space:]]+password_hash=([^[:space:]]+) ]] ; then
echo "/sbin/mts-hashpwd failed: ${result}"
exit 1
fi
if ((debug)) ; then
echo result is:
echo "$result"
fi
pass="${BASH_REMATCH[1]}"
password_hash="${BASH_REMATCH[2]}"
echo "uboot password hash: \"$password_hash\""
if ((ubonly == 0)) ; then
rstring="^"${ADMINLIST// /:|^}":"
list=" "$(egrep "${rstring}" /etc/shadow | sed 's/:.*//')" "
for u in $ADMINLIST ; do
((debug)) && echo "list is: $list, u: is $u"
if [[ $list =~ [[:space:]]${u}[[:space:]] ]] ; then
USER="${u}"
((debug)) && echo Change password of $USER
break
fi
done
if ((${#USER} == 0)) ; then
echo "No administrator user found"
echo "Cannot change the administrator password"
echo "Suggest using the \"-u\" option"
exit 1
fi
echo "setting ${USER} password to ${pass}"
if ((dryrun == 0)) ; then
echo -e "${pass}\n${pass}" | /usr/bin/passwd "${USER}" >/dev/null 2>&1
fi
fi
echo "u-boot password is ${pass}"
if ((dryrun == 0)) ; then
/usr/bin/u-boot setenv mtss "$salt"
/usr/bin/u-boot setenv mtsp "$password_hash"
fi
|