From patchwork Wed Nov 28 04:20:08 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sam Mendoza-Jonas <sam@mendozajonas.com>
X-Patchwork-Id: 1004185
Return-Path: 
 <petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 434SD437hTz9s1c
	for <incoming@patchwork.ozlabs.org>;
	Wed, 28 Nov 2018 15:22:12 +1100 (AEDT)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=mendozajonas.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com
	header.b="c4f5pM/7";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=messagingengine.com
	header.i=@messagingengine.com header.b="COMVOhPQ";
	dkim-atps=neutral
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 434SD41Pc9zDqgr
	for <incoming@patchwork.ozlabs.org>;
	Wed, 28 Nov 2018 15:22:12 +1100 (AEDT)
Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none)
	header.from=mendozajonas.com
Authentication-Results: lists.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com
	header.b="c4f5pM/7";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=messagingengine.com
	header.i=@messagingengine.com header.b="COMVOhPQ";
	dkim-atps=neutral
X-Original-To: petitboot@lists.ozlabs.org
Delivered-To: petitboot@lists.ozlabs.org
Authentication-Results: lists.ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com
	(client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com;
	envelope-from=sam@mendozajonas.com; receiver=<UNKNOWN>)
Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none)
	header.from=mendozajonas.com
Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com
	header.b="c4f5pM/7"; dkim=pass (2048-bit key;
	unprotected) header.d=messagingengine.com
	header.i=@messagingengine.com
	header.b="COMVOhPQ"; dkim-atps=neutral
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
	[66.111.4.28])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 434SBK5VqgzDqfV
	for <petitboot@lists.ozlabs.org>;
	Wed, 28 Nov 2018 15:20:41 +1100 (AEDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
	by mailout.nyi.internal (Postfix) with ESMTP id 80C6222A45;
	Tue, 27 Nov 2018 23:20:39 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
	by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	mendozajonas.com; h=from:to:cc:subject:date:message-id
	:in-reply-to:references:mime-version:content-transfer-encoding;
	s=fm1; bh=dbHeTJpPwCU+mGqZZopGN7V0t+omY5UgwdK5IObsSQE=; b=c4f5p
	M/7J9U6QOQZ5/Ki6W81uuVSQ2YanjoEioW7ffUteRlBt+fhAPUho1o+R563m0qmI
	BXKK3Oh8i0+Ixy0xGDAEMb0bjOEXKj2rDY/BXhUHNRFeb7Xk8uIB8u2aPbN5kHE7
	f2CD2g7/NmIWsU/mWbv5aN46a1oGbW+Ud7h+4MnX3yuMljSa2Hfd38OQdFmzIPQL
	1AGmzJVxjwni2adlSKXLrgeZ8H9XIku9J8JmQYPgZBSr/WNFddK3i7ERCvtizUAj
	taE7rh37Zt95rAFd/s7qTFsmI9z9bMiyDogeedmEpmiwQsfHTchAOmFfc5NFiO62
	wez5CZB4XzKneesIA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:date:from
	:in-reply-to:message-id:mime-version:references:subject:to
	:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; bh=dbHeTJpPwCU+mGqZZopGN7V0t+omY5UgwdK5IObsSQE=; b=COMVOhPQ
	abQkXenA2TA5b7iy/nACeB+BJNWzj4zRcJuEjpIrYI5VFVO09o9M966KCuzs0J+Y
	GwO7h3+k7MwvKrTx9MFFmZMwosfY7u7hZZVaqn/upJAdu4yRAwk9PXMh/cLSSOx+
	QdB1BbFIntlZtcttFFIDV38E0MHwg/UFzMdO6/WzJcP0c4S9aZeJIm6ZRD5p/nOD
	xeyXFGUrotzuGOWmbkzlw3dZkSqAxpPu1tNMDaQEzPWszWQ/d7976aL2Jenwd8wo
	+DsobV9nFON3534N2k5D2W3AhowvS35OJmYssbzWzZl+cd/NI5rYj/C9dSUHvGen
	2azxBQgEn8f25w==
X-ME-Sender: <xms:lxf-WxSKBKjMJOR8FaA9ErzHamD4Mg5BrNncocIgrgYeqsX3Ue5_Gg>
X-ME-Proxy: <xmx:lxf-WzlNd6ndy8VGnRh7SRgtEDEIsLrYXjJlYOdTvDnMFJkakYe5ug>
	<xmx:lxf-W3ANAiqx1lS2MDQQJupt24GG0DjB7s7pUzAHTei07ueYBA0ccQ>
	<xmx:lxf-W7ehDGb4fWSnKFVA8KDZwpskoC_v6h0Uqkl5YG2Sw8aZr02W0w>
	<xmx:lxf-W6LCJX19WI6cNQYUeBTFXcqMo4_bWV2ZGnuRxlEbvkMcZf-Brg>
	<xmx:lxf-W2dW4bxGHfOn8ansNAKLG79ttEOgNGLlV9cuIaSdKnVyH0wUdw>
	<xmx:lxf-W_5oEfq83N6AloYrZxtJCJIWeUlrcrSCn3BOuAdfLeDXBJf_mg>
Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10])
	by mail.messagingengine.com (Postfix) with ESMTPA id 0CCAA102DD;
	Tue, 27 Nov 2018 23:20:37 -0500 (EST)
From: Samuel Mendoza-Jonas <sam@mendozajonas.com>
To: petitboot@lists.ozlabs.org
Subject: [PATCH v2 09/13] discover/platform-powerpc: Read and write password
	hash from NVRAM
Date: Wed, 28 Nov 2018 15:20:08 +1100
Message-Id: <20181128042012.25916-10-sam@mendozajonas.com>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com>
References: <20181128042012.25916-1-sam@mendozajonas.com>
MIME-Version: 1.0
X-BeenThere: petitboot@lists.ozlabs.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Petitboot bootloader development <petitboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/petitboot/>
List-Post: <mailto:petitboot@lists.ozlabs.org>
List-Help: <mailto:petitboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=subscribe>
Cc: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Petitboot"
	<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 discover/platform-powerpc.c | 29 +++++++++++++++++++++++++++++
 lib/param_list/param_list.c |  1 +
 2 files changed, 30 insertions(+)

diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c
index f8f33054..e9972399 100644
--- a/discover/platform-powerpc.c
+++ b/discover/platform-powerpc.c
@@ -14,6 +14,7 @@
 #include <list/list.h>
 #include <log/log.h>
 #include <process/process.h>
+#include <crypt/crypt.h>
 
 #include "hostboot.h"
 #include "platform.h"
@@ -599,6 +600,7 @@ err:
 static int load_config(struct platform *p, struct config *config)
 {
 	struct platform_powerpc *platform = to_platform_powerpc(p);
+	const char *hash;
 	int rc;
 
 	rc = parse_nvram(platform);
@@ -623,6 +625,14 @@ static int load_config(struct platform *p, struct config *config)
 
 	config_get_active_consoles(config);
 
+
+	hash = param_list_get_value(platform->params, "petitboot,password");
+	if (hash) {
+		rc = crypt_set_password_hash(platform, hash);
+		if (rc)
+			pb_log("Failed to set password hash\n");
+	}
+
 	return 0;
 }
 
@@ -690,6 +700,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
 	return 0;
 }
 
+static bool restrict_clients(struct platform *p)
+{
+	struct platform_powerpc *platform = to_platform_powerpc(p);
+
+	return param_list_get_value(platform->params, "petitboot,password") != NULL;
+}
+
+static int set_password(struct platform *p, const char *hash)
+{
+	struct platform_powerpc *platform = to_platform_powerpc(p);
+
+	param_list_set(platform->params, "petitboot,password", hash, true);
+	write_nvram(platform);
+
+	return 0;
+}
+
 static bool probe(struct platform *p, void *ctx)
 {
 	struct platform_powerpc *platform;
@@ -743,6 +770,8 @@ static struct platform platform_powerpc = {
 	.save_config		= save_config,
 	.pre_boot		= pre_boot,
 	.get_sysinfo		= get_sysinfo,
+	.restrict_clients	= restrict_clients,
+	.set_password		= set_password,
 };
 
 register_platform(platform_powerpc);
diff --git a/lib/param_list/param_list.c b/lib/param_list/param_list.c
index b3a45f8b..9a01be6c 100644
--- a/lib/param_list/param_list.c
+++ b/lib/param_list/param_list.c
@@ -22,6 +22,7 @@ const char **common_known_params(void)
 		"petitboot,console",
 		"petitboot,http_proxy",
 		"petitboot,https_proxy",
+		"petitboot,password",
 		NULL,
 	};