From patchwork Sat Dec 29 00:07:34 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yann E. MORIN" <yann.morin.1998@free.fr>
X-Patchwork-Id: 208608
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 5D60E2C00F4
	for <incoming@patchwork.ozlabs.org>;
	Sat, 29 Dec 2012 11:08:04 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id D03A7A0100;
	Sat, 29 Dec 2012 00:08:03 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id EtOFZCIikWP6; Sat, 29 Dec 2012 00:07:58 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 74273A0019;
	Sat, 29 Dec 2012 00:07:56 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (whitealder.osuosl.org
	[140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id C32BE8F74B
	for <buildroot@lists.busybox.net>;
	Sat, 29 Dec 2012 00:07:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id F01E280A28
	for <buildroot@lists.busybox.net>;
	Sat, 29 Dec 2012 00:07:47 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id WFZkwrqAQ2Kf for <buildroot@lists.busybox.net>;
	Sat, 29 Dec 2012 00:07:45 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com
	[209.85.212.175])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 8E3F880040
	for <buildroot@busybox.net>; Sat, 29 Dec 2012 00:07:45 +0000 (UTC)
Received: by mail-wi0-f175.google.com with SMTP id hm11so8505743wib.8
	for <buildroot@busybox.net>; Fri, 28 Dec 2012 16:07:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=x-received:sender:from:to:cc:subject:date:message-id:x-mailer
	:in-reply-to:references:in-reply-to:references;
	bh=5cDW4EOOCX12Xaff49FOfz8dJs4D2jIoWhOQjqfW9SI=;
	b=I5XcA+qM9T0wjs2KrQkAvSVU47vlSFEZAMx3gQIX/jWhukubtCvVM2Eh2TtpZRV+2h
	vJsU65HQZAlblwexMz0D429ssIrrhuEZ/cs6OD9bKkIKHfud7tkFkI6K9hj4ht+DUg0L
	EFZmIMEYJswnVuJdhcMgkbzvnh8HyeJVEDBPEv41OEbIEnhllqFk1m/ozJr17zoPaQDk
	WkZtYne0C06ry39VfWB3floTLp2SQX0GfpyXmW+PC3acq4ipbw4eV05dPDTxKODrQUre
	7voE7F8sRjQgeMLlFWrcpNXOA9x8s0OzfiqjA8BMaSCslrCRTrv0lAM3sIKGfSYsk4fO
	0Ukg==
X-Received: by 10.180.107.129 with SMTP id hc1mr47599233wib.34.1356739663914;
	Fri, 28 Dec 2012 16:07:43 -0800 (PST)
Received: from localhost.localdomain
	(ARennes-256-1-131-98.w90-32.abo.wanadoo.fr. [90.32.242.98])
	by mx.google.com with ESMTPS id
	bd7sm57218462wib.8.2012.12.28.16.07.42
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 28 Dec 2012 16:07:43 -0800 (PST)
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Date: Sat, 29 Dec 2012 01:07:34 +0100
Message-Id: 
 <9a13fa348b5d4f9039c48e2ec539256d567d7483.1356739565.git.yann.morin.1998@free.fr>
X-Mailer: git-send-email 1.7.2.5
In-Reply-To: <cover.1356739565.git.yann.morin.1998@free.fr>
References: <cover.1356739565.git.yann.morin.1998@free.fr>
In-Reply-To: <cover.1356739565.git.yann.morin.1998@free.fr>
References: <cover.1356739565.git.yann.morin.1998@free.fr>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Subject: [Buildroot] [PATCH 2/2] target: add different methods to encode the
	root password
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: buildroot-bounces@busybox.net

The password can be encoded in different ways (from the weakest
to the strongest): des, md5, sha-256, sha-512

Add a choice entry to select the method, defaulting to 'md5'.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 system/Config.in |   46 ++++++++++++++++++++++++++++++++++++++++++++++
 system/system.mk |    3 ++-
 2 files changed, 48 insertions(+), 1 deletions(-)

diff --git a/system/Config.in b/system/Config.in
index deead86..2c90e8a 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -34,6 +34,52 @@ config BR2_TARGET_GENERIC_ROOT_PASSWD
 	  .config file or the build log may be distributed!
 
 choice
+	bool "root password encoding"
+	depends on BR2_TARGET_GENERIC_ROOT_PASSWD != ""
+	default BR2_TARGET_GENERIC_ROOT_PASSWD_MD5
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_DES
+	bool "des"
+	help
+	  Use standard 56-bit DES-based crypt(3).
+	  
+	  Old, wildly available, but also the weakest.
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_MD5
+	bool "md5"
+	help
+	  Use MD5 to encode the password.
+	  
+	  The default, wildly available, and pretty good.
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_SHA256
+	bool "sha-256"
+	help
+	  Use SHA256 to encode the password.
+	  
+	  Very strong, but not ubiquitous, although available in glibc
+	  for some time now. Choose only if you are sure your C library
+	  understands SHA256 passwords.
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_SHA512
+	bool "sha-512"
+	help
+	  Use SHA512 to encode the password.
+	  
+	  Extremely strong, but not ubiquitous, although available in glibc
+	  for some time now. Choose only if you are sure your C library
+	  understands SHA512 passwords.
+
+endchoice # root passwd encoding
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_METHOD
+	string
+	default "des"       if BR2_TARGET_GENERIC_ROOT_PASSWD_DES
+	default "md5"       if BR2_TARGET_GENERIC_ROOT_PASSWD_MD5
+	default "sha-256"   if BR2_TARGET_GENERIC_ROOT_PASSWD_SHA256
+	default "sha-512"   if BR2_TARGET_GENERIC_ROOT_PASSWD_SHA512
+
+choice
 	prompt "/dev management"
 	default BR2_ROOTFS_DEVICE_CREATION_STATIC
 
diff --git a/system/system.mk b/system/system.mk
index a23feef..f5a8310 100644
--- a/system/system.mk
+++ b/system/system.mk
@@ -1,6 +1,7 @@
 TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
 TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
 TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
+TARGET_GENERIC_ROOT_PASSWD_METHOD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD_METHOD))
 TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
 TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))
 TARGET_GENERIC_GETTY_TERM:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_TERM))
@@ -19,7 +20,7 @@ target-no-root-passwd:
 	$(SED) "s/^root:[^:]*:/root::/" $(TARGET_DIR)/etc/shadow
 
 target-root-passwd:
-	root_passwd="$$( mkpasswd -m md5 "$(TARGET_GENERIC_ROOT_PASSWD)" )"; \
+	root_passwd="$$( mkpasswd -m "$(TARGET_GENERIC_ROOT_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)" )"; \
 	$(SED) "s,^root::,root:$${root_passwd}:," $(TARGET_DIR)/etc/shadow
 
 target-generic-getty-busybox: