summaryrefslogtreecommitdiff
path: root/src/ubpasswd.sh
blob: 8a6abf9e566be8175e17bcad885febca057a2c40 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
#!/bin/bash
# Password setting/generation script.
# Sets both root and u-boot password,
# or optionally just U-boot.
# What is actually written is the password
# and salt.  But the password is printed
# for reference.
# ubpasswd -h will print usage.
#
# Command changes the password based on the following
# user list.  The first user in this list that is found in
# /etc/shadow is changed. root is only changed if mtadm
# or admin is not found.
ADMINLIST="mtadm admin root"
MTS=/sys/devices/platform/mts-io

if (( $(id -u) != 0 )) ; then
  echo "Must have root privilege to procede."
  exit 1
fi

if ! [[ -x /sbin/mts-hashpwd ]] ; then
  echo Need /sbin/mts-hashpwd to proceed.
  exit 1
fi
usage() {
  echo "ubpasswd [-c] [-r] [-u] [-d] [-s salt] [password]"
  echo "  -c        clear the U-Boot password"
  echo "  -u        means u-boot only (not UNIX password)"
  echo "  -s        salt is user supplied salt"
  echo "  -r        returns true if U-Boot password"
  echo "            is currently required"
  echo "  -f        returns true if U-Boot password"
  echo "            feature is available."
  echo "  -d        debug"
  echo "  password  is a user supplied password"
  echo "A salt not supplied is generated."
  echo "If a password is not supplied, it is generated"
  exit 1
}
((ubonly=0))
((hassalt=0))
((debug=0))
((upwd=0))
while getopts ":cdfrs:u" opt; do
  case $opt in
    c)
      u-boot setenv mtsp
      u-boot setenv mtss
      exit 0
      ;;
    f)
      if ! /bin/fgrep "mts password protected" /dev/mtdblock2 >/dev/null 2>&1;  then
	echo "U-Boot does not support password protection."
        exit 1
      else
	echo "U-Boot supports password protection."
        exit 0
      fi
      ;;
    u)
      ((ubonly=1))
      ;;
    s)
      salt="$OPTARG"
      ((hassalt=1)) 
      ;;
    r)
      if /usr/bin/u-boot printenv mtsp >/dev/null 2>&1 ; then
	echo "U-Boot password protection is on"
        exit 0
      else
	echo "U-Boot password protection is off"
        exit 1
      fi
      ;;
    d)
      ((debug=1))
      ;;
    *)
      usage
  esac
done
((debug)) && echo OPTIND is $OPTIND
((sc=OPTIND-1))
shift $sc
if (($# == 1)) ; then
  ((debug)) && echo "User set password is \"$1\""
  ((upwd = 1))
  pass="$1"
fi

((debug)) && echo hassalt is $hassalt, salt is \"$salt\"
((debug)) && echo ubonly is $ubonly
((debug)) && echo debug is $debug

len=8
saltlen=128

if ! /bin/fgrep "mts password protected" /dev/mtdblock2 >/dev/null 2>&1;  then
	echo "U-Boot does not support password protection."
        exit 1
fi
if ((hassalt == 0)) ; then
  salt="$(/bin/dd if=/dev/urandom count=1 bs=128 2>/dev/null  | /bin/base64 |  tr -d '\n' | cut -c1-${saltlen})"
fi

echo "salt: $salt"

((debug)) && echo upwd is $upwd
((debug)) && echo did length is ${#did}
if ((upwd == 0)) ; then
  if ! [[ -f "${MTS}/device-id" ]] ; then
    echo "${MTS}/device-id not found.  Maybe mts-io driver is not loaded?"
    exit 1
  fi
  if ! [[ -f "${MTS}/mac-eth" ]] ; then
    echo "${MTS}/mac-eth not found.  Maybe mts-io driver is not loaded?"
    exit 1
  fi

  did=$(cat "${MTS}/device-id")
  mac=$(cat "${MTS}/mac-eth")
  if ((${#did} == 0)) ; then
    echo "${MTS}/device-id must have a non-zero length value"
    usage
  fi
    if ((${#mac} == 0)) ; then
    echo "${mts}/mac-eth must have a non-zero length value"
    usage
  fi
  if ((debug)) ; then
    echo Try this:
    echo "/sbin/mts-hashpwd -d ${did} -m ${mac} ${salt}"
  fi
  result=$(/sbin/mts-hashpwd -d ${did} -m ${mac} ${salt})
else
  result=$(/sbin/mts-hashpwd -p "${pass}" ${salt})
fi
if ! [[ $result =~ ^pass=([^[:space:]]+)[[:space:]]+password_hash=([^[:space:]]+) ]] ; then
  echo "/sbin/mts-hashpwd failed: ${result}"
  exit 1
fi
if ((debug)) ; then
  echo result is:
  echo "$result"
fi
pass="${BASH_REMATCH[1]}"
password_hash="${BASH_REMATCH[2]}"
echo "uboot password hash: \"$password_hash\""
if ((ubonly == 0)) ; then
  rstring="^"${ADMINLIST// /:|^}":"
  list=" "$(egrep "${rstring}" /etc/shadow | sed 's/:.*//')" "
  for u in $ADMINLIST ; do
    ((debug)) && echo "list is: $list, u: is $u"
    if [[ $list =~ [[:space:]]${u}[[:space:]] ]] ; then
      USER="${u}"
      ((debug)) && echo Change password of $USER
      break
    fi
  done
  if ((${#USER} == 0)) ; then
    echo "No administrator user found"
    echo "Cannot change the administrator password"
    echo "Suggest using the \"-u\" option"
    exit 1
  fi
  echo "setting ${USER} password to ${pass}"
  echo -e "${pass}\n${pass}" | /usr/bin/passwd "${USER}" >/dev/null 2>&1
fi
echo "u-boot password is ${pass}"
set -x
/usr/bin/u-boot setenv mtss "$salt"
/usr/bin/u-boot setenv mtsp "$password_hash"