diff --git a/commands/login.c b/commands/login.c index fb6bb35cf..b616bf15f 100644 --- a/commands/login.c +++ b/commands/login.c @@ -20,6 +20,11 @@ #include #include #include +#include +#include +#include +#include +#include #define PASSWD_MAX_LENGTH (128 + 1) @@ -31,13 +36,16 @@ #define LOGIN_MODE HIDE #endif +static int login_timeout = 0; + static int do_login(int argc, char *argv[]) { unsigned char passwd[PASSWD_MAX_LENGTH]; int passwd_len, opt; - int timeout = 0; + int timeout = login_timeout; char *timeout_cmd = "boot"; + console_allow_input(true); if (!is_passwd_enable()) { puts("login: password not set\n"); return 0; @@ -58,8 +66,10 @@ static int do_login(int argc, char *argv[]) puts("Password: "); passwd_len = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, timeout); - if (passwd_len < 0) + if (passwd_len < 0) { + console_allow_input(false); run_command(timeout_cmd, 0); + } if (check_passwd(passwd, passwd_len)) return 0; @@ -80,3 +90,13 @@ BAREBOX_CMD_START(login) BAREBOX_CMD_HELP(cmd_login_help) BAREBOX_CMD_COMPLETE(empty_complete) BAREBOX_CMD_END + +static int login_global_init(void) +{ + globalvar_add_simple_int("login.timeout", &login_timeout, "%d"); + + return 0; +} +late_initcall(login_global_init); + +BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout, "timeout to type the password"); diff --git a/commands/passwd.c b/commands/passwd.c index baccfa6c0..368c4016b 100644 --- a/commands/passwd.c +++ b/commands/passwd.c @@ -63,7 +63,7 @@ static int do_passwd(int argc, char *argv[]) goto err; } - ret = set_passwd(passwd1, passwd1_len); + ret = set_env_passwd(passwd1, passwd1_len); if (ret < 0) { puts("Sorry, passwords write failed\n"); @@ -78,15 +78,15 @@ err: return 1; disable: - passwd_disable(); + passwd_env_disable(); puts("passwd: password disabled\n"); return ret; } static const __maybe_unused char cmd_passwd_help[] = "Usage: passwd\n" -"passwd allow you to specify a password\n" -"to disable it put an empty password\n" +"passwd allow you to specify a password in the env\n" +"to disable it put an empty password will still use the default password if set\n" ; BAREBOX_CMD_START(passwd) diff --git a/common/Kconfig b/common/Kconfig index 7b0b0db2c..13419dc5b 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -386,6 +386,11 @@ config PASSWORD help allow you to have password protection framework +config PASSWORD_DEFAULT + string + prompt "Password default" + depends on PASSWORD + if PASSWORD choice @@ -604,7 +609,7 @@ endmenu menu "Debugging" config COMPILE_LOGLEVEL - int "loglevel" + int "compile loglevel" default 6 help This defines the maximum loglevel compiled into the binary. Less important @@ -619,6 +624,22 @@ config COMPILE_LOGLEVEL 6 informational (info) 7 debug-level messages (debug) +config DEFAULT_LOGLEVEL + int "default loglevel" + default 7 + help + This defines the default runtime loglevel. It can be changed using the + global.loglevel variable. Available logelevels are: + + 0 system is unusable (emerg) + 1 action must be taken immediately (alert) + 2 critical conditions (crit) + 3 error conditions (err) + 4 warning conditions (warn) + 5 normal but significant condition (notice) + 6 informational (info) + 7 debug-level messages (debug) + config DEBUG_INFO bool prompt "enable debug symbols" diff --git a/common/Makefile b/common/Makefile index 64eacc304..9a9e3fe7d 100644 --- a/common/Makefile +++ b/common/Makefile @@ -114,6 +114,26 @@ cmd_env_h = cat $< | (cd $(obj) && $(objtree)/scripts/bin2c default_environment) $(obj)/barebox_default_env.h: $(obj)/barebox_default_env$(barebox_default_env_comp) FORCE $(call if_changed,env_h) +quiet_cmd_pwd_h = PWDH $@ +ifneq ($(CONFIG_PASSWORD_DEFAULT),"") +PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f) +cmd_pwd_h = echo -n "const char default_passwd[] = \"" > $@; \ + cat $< | tr -d '\n' >> $@; \ + echo "\";" >> $@ + +include/generated/passwd.h: $(PASSWD_FILE) + $(call if_changed,pwd_h) +else +cmd_pwd_h = echo "const char default_passwd[] = \"\";" > $@ + +include/generated/passwd.h: FORCE + $(call if_changed,pwd_h) +endif + +targets += include/generated/passwd.h + +$(obj)/password.o: include/generated/passwd.h + # dependencies on generated files need to be listed explicitly $(obj)/version.o: include/generated/compile.h diff --git a/common/console.c b/common/console.c index 4ca5f1809..56bc864ad 100644 --- a/common/console.c +++ b/common/console.c @@ -238,6 +238,9 @@ int getc(void) unsigned char ch; uint64_t start; + if (unlikely(!console_is_input_allow())) + return -EPERM; + /* * For 100us we read the characters from the serial driver * into a kfifo. This helps us not to lose characters @@ -272,6 +275,9 @@ EXPORT_SYMBOL(fgetc); int tstc(void) { + if (unlikely(!console_is_input_allow())) + return 0; + return kfifo_len(console_input_fifo) || tstc_raw(); } EXPORT_SYMBOL(tstc); diff --git a/common/console_common.c b/common/console_common.c index a3aca6f46..5d2ccdb6e 100644 --- a/common/console_common.c +++ b/common/console_common.c @@ -21,9 +21,69 @@ #include #include #include +#include +#include +#include +#include +#include +#include #ifndef CONFIG_CONSOLE_NONE +static int console_input_allow; + +static int console_global_init(void) +{ + if (IS_ENABLED(CONFIG_CMD_LOGIN) && is_passwd_enable()) + console_input_allow = 0; + else + console_input_allow = 1; + + globalvar_add_simple_bool("console.input_allow", &console_input_allow); + + return 0; +} +late_initcall(console_global_init); + +BAREBOX_MAGICVAR_NAMED(global_console_input_allow, global.console.input_allow, "console input allowed"); + +bool console_is_input_allow(void) +{ + return console_input_allow; +} + +void console_allow_input(bool val) +{ + console_input_allow = val; +} + +int barebox_loglevel = CONFIG_DEFAULT_LOGLEVEL; + +int pr_print(int level, const char *fmt, ...) +{ + va_list args; + uint i; + char printbuffer[CFG_PBSIZE]; + + if (level > barebox_loglevel) + return 0; + + va_start(args, fmt); + i = vsprintf(printbuffer, fmt, args); + va_end(args); + + /* Print the string */ + puts(printbuffer); + + return i; +} + +static int loglevel_init(void) +{ + return globalvar_add_simple_int("loglevel", &barebox_loglevel, "%d"); +} +device_initcall(loglevel_init); + int printf(const char *fmt, ...) { va_list args; diff --git a/common/console_simple.c b/common/console_simple.c index 5ab937fdb..6cb72bb46 100644 --- a/common/console_simple.c +++ b/common/console_simple.c @@ -3,6 +3,7 @@ #include #include #include +#include LIST_HEAD(console_list); EXPORT_SYMBOL(console_list); @@ -40,6 +41,9 @@ EXPORT_SYMBOL(console_putc); int tstc(void) { + if (unlikely(!console_is_input_allow())) + return 0; + if (!console) return 0; @@ -49,6 +53,9 @@ EXPORT_SYMBOL(tstc); int getc(void) { + if (unlikely(!console_is_input_allow())) + return -EPERM; + if (!console) return -EINVAL; return console->getc(console); diff --git a/common/globalvar.c b/common/globalvar.c index edb66ddca..6ef4a6a68 100644 --- a/common/globalvar.c +++ b/common/globalvar.c @@ -6,7 +6,7 @@ #include #include -static struct device_d global_device = { +struct device_d global_device = { .name = "global", .id = DEVICE_ID_SINGLE, }; diff --git a/common/password.c b/common/password.c index d157a11b7..9c1e54a35 100644 --- a/common/password.c +++ b/common/password.c @@ -25,6 +25,7 @@ #include #include #include +#include #if defined(CONFIG_PASSWD_SUM_MD5) #define PASSWD_SUM "md5" @@ -97,7 +98,13 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout) } EXPORT_SYMBOL(password); -int is_passwd_enable(void) +int is_passwd_default_enable(void) +{ + return strlen(default_passwd) > 0; +} +EXPORT_SYMBOL(is_passwd_default_enable); + +int is_passwd_env_enable(void) { int fd; @@ -110,13 +117,13 @@ int is_passwd_enable(void) return 1; } -EXPORT_SYMBOL(is_passwd_enable); +EXPORT_SYMBOL(is_passwd_env_enable); -int passwd_disable(void) +int passwd_env_disable(void) { return unlink(PASSWD_FILE); } -EXPORT_SYMBOL(passwd_disable); +EXPORT_SYMBOL(passwd_env_disable); static unsigned char to_digit(unsigned char c) { @@ -139,6 +146,43 @@ static unsigned char to_hexa(unsigned char c) } int read_passwd(unsigned char *sum, size_t length) +{ + if (is_passwd_env_enable()) + return read_env_passwd(sum, length); + else if (is_passwd_default_enable()) + return read_default_passwd(sum, length); + else + return -EINVAL; +} + +int read_default_passwd(unsigned char *sum, size_t length) +{ + int i = 0; + int len = strlen(default_passwd); + unsigned char *buf = (unsigned char *)default_passwd; + unsigned char c; + + if (!sum || length < 1) + return -EINVAL; + + for (i = 0; i < len && length > 0; i++) { + c = buf[i]; + i++; + + *sum = to_digit(c) << 4; + + c = buf[i]; + + *sum |= to_digit(c); + sum++; + length--; + } + + return 0; +} +EXPORT_SYMBOL(read_default_passwd); + +int read_env_passwd(unsigned char *sum, size_t length) { int fd; int ret = 0; @@ -178,9 +222,9 @@ exit: return ret; } -EXPORT_SYMBOL(read_passwd); +EXPORT_SYMBOL(read_env_passwd); -int write_passwd(unsigned char *sum, size_t length) +int write_env_passwd(unsigned char *sum, size_t length) { int fd; unsigned char c; @@ -227,9 +271,9 @@ exit: return ret; } -EXPORT_SYMBOL(write_passwd); +EXPORT_SYMBOL(write_env_passwd); -int check_passwd(unsigned char* passwd, size_t length) +static int __check_passwd(unsigned char* passwd, size_t length, int std) { struct digest *d; unsigned char *passwd1_sum; @@ -256,7 +300,10 @@ int check_passwd(unsigned char* passwd, size_t length) d->final(d, passwd1_sum); - ret = read_passwd(passwd2_sum, d->length); + if (std) + ret = read_env_passwd(passwd2_sum, d->length); + else + ret = read_default_passwd(passwd2_sum, d->length); if (ret < 0) goto err2; @@ -271,9 +318,30 @@ err1: return ret; } -EXPORT_SYMBOL(check_passwd); -int set_passwd(unsigned char* passwd, size_t length) +int check_default_passwd(unsigned char* passwd, size_t length) +{ + return __check_passwd(passwd, length, 0); +} +EXPORT_SYMBOL(check_default_passwd); + +int check_env_passwd(unsigned char* passwd, size_t length) +{ + return __check_passwd(passwd, length, 1); +} +EXPORT_SYMBOL(check_env_passwd); + +int check_passwd(unsigned char* passwd, size_t length) +{ + if (is_passwd_env_enable()) + return check_env_passwd(passwd, length); + else if (is_passwd_default_enable()) + return check_default_passwd(passwd, length); + else + return -EINVAL; +} + +int set_env_passwd(unsigned char* passwd, size_t length) { struct digest *d; unsigned char *passwd_sum; @@ -292,10 +360,10 @@ int set_passwd(unsigned char* passwd, size_t length) d->final(d, passwd_sum); - ret = write_passwd(passwd_sum, d->length); + ret = write_env_passwd(passwd_sum, d->length); free(passwd_sum); return ret; } -EXPORT_SYMBOL(set_passwd); +EXPORT_SYMBOL(set_env_passwd); diff --git a/common/startup.c b/common/startup.c index 9b33a92c8..0a36c07aa 100644 --- a/common/startup.c +++ b/common/startup.c @@ -138,6 +138,8 @@ void __noreturn start_barebox(void) run_command("source /env/bin/init", 0); } else { pr_err("/env/bin/init not found\n"); + if (IS_ENABLED(CONFIG_CMD_LOGIN)) + while(run_command("login -t 0", 0)); } } diff --git a/defaultenv-2/base/bin/init b/defaultenv-2/base/bin/init index ca02ba642..81b343491 100644 --- a/defaultenv-2/base/bin/init +++ b/defaultenv-2/base/bin/init @@ -16,14 +16,24 @@ global editcmd=sedit [ -e /env/config-board ] && /env/config-board /env/config +# request password to login if a timeout is specified and password set +if [ -n ${global.login.timeout} ]; then + [ ${global.login.timeout} -gt 0 ] && login_cmd=login +fi +# allow the input if not +[ -n ${global.console.input_allow} ] && global.console.input_allow=1 + # allow to stop the boot before execute the /env/init/* # but without waiting timeout -s -a -v key 0 if [ "${key}" = "q" ]; then + ${login_cmd} exit fi +[ -n ${login_cmd} ] && global.console.input_allow=0 + for i in /env/init/*; do . $i done @@ -34,10 +44,15 @@ else echo -e -n "\nHit any key to stop autoboot: " fi +[ -n ${login_cmd} ] && global.console.input_allow=1 + timeout -a $global.autoboot_timeout -v key autoboot="$?" +[ -n ${login_cmd} ] && global.console.input_allow=0 + if [ "${key}" = "q" ]; then + ${login_cmd} exit fi @@ -46,9 +61,12 @@ if [ "$autoboot" = 0 ]; then fi if [ -e /env/menu ]; then + ${login_cmd} if [ "${key}" != "m" ]; then echo -e "\ntype exit to get to the menu" sh fi /env/menu/mainmenu fi + +${login_cmd} diff --git a/drivers/base/driver.c b/drivers/base/driver.c index 16b7f06c4..e587e3acc 100644 --- a/drivers/base/driver.c +++ b/drivers/base/driver.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -370,11 +371,14 @@ const char *dev_id(const struct device_d *dev) return buf; } -int dev_printf(const struct device_d *dev, const char *format, ...) +int dev_printf(int level, const struct device_d *dev, const char *format, ...) { va_list args; int ret = 0; + if (level > barebox_loglevel) + return 0; + if (dev->driver && dev->driver->name) ret += printf("%s ", dev->driver->name); diff --git a/include/console.h b/include/console.h index 707ba92f3..d12a06ebe 100644 --- a/include/console.h +++ b/include/console.h @@ -53,6 +53,11 @@ extern struct list_head console_list; #define CFG_PBSIZE (CONFIG_CBSIZE+sizeof(CONFIG_PROMPT)+16) +bool console_is_input_allow(void); +void console_allow_input(bool val); + +extern int barebox_loglevel; + struct console_device *console_get_first_active(void); #endif diff --git a/include/globalvar.h b/include/globalvar.h index c2a13b365..456e8cd1f 100644 --- a/include/globalvar.h +++ b/include/globalvar.h @@ -2,6 +2,10 @@ #define __GLOBALVAR_H #include +#include +#include + +extern struct device_d global_device; #ifdef CONFIG_GLOBALVAR int globalvar_add_simple(const char *name, const char *value); @@ -12,12 +16,92 @@ int globalvar_add(const char *name, unsigned long flags); char *globalvar_get_match(const char *match, const char *separator); void globalvar_set_match(const char *match, const char *val); + +static inline int globalvar_add_simple_int(const char *name, + int *value, const char *format) +{ + struct param_d *p; + + p = dev_add_param_int(&global_device, name, NULL, NULL, + value, format, NULL); + + if (IS_ERR(p)) + return PTR_ERR(p); + + return 0; +} + +static inline int globalvar_add_simple_bool(const char *name, + int *value) +{ + struct param_d *p; + + p = dev_add_param_bool(&global_device, name, NULL, NULL, + value, NULL); + + if (IS_ERR(p)) + return PTR_ERR(p); + + return 0; +} + +static inline int globalvar_add_simple_enum(const char *name, + int *value, const char **names, int max) +{ + struct param_d *p; + + p = dev_add_param_enum(&global_device, name, NULL, NULL, + value, names, max, NULL); + + if (IS_ERR(p)) + return PTR_ERR(p); + + return 0; +} + +static inline int globalvar_add_simple_ip(const char *name, + IPaddr_t *ip) +{ + struct param_d *p; + + p = dev_add_param_ip(&global_device, name, NULL, NULL, + ip, NULL); + + if (IS_ERR(p)) + return PTR_ERR(p); + + return 0; +} #else static inline int globalvar_add_simple(const char *name, const char *value) { return 0; } +static inline int globalvar_add_simple_int(const char *name, + int *value, const char *format) +{ + return 0; +} + +static inline int globalvar_add_simple_bool(const char *name, + int *value) +{ + return 0; +} + +static inline int globalvar_add_simple_enum(const char *name, + int *value, const char **names, int max) +{ + return 0; +} + +static inline int globalvar_add_simple_ip(const char *name, + IPaddr_t *ip) +{ + return 0; +} + static inline int globalvar_add(const char *name, int (*set)(struct device_d *dev, struct param_d *p, const char *val), const char *(*get)(struct device_d *, struct param_d *p), diff --git a/include/password.h b/include/password.h index df03cd756..0dd105405 100644 --- a/include/password.h +++ b/include/password.h @@ -28,11 +28,23 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout); int read_passwd(unsigned char *sum, size_t length); -int write_passwd(unsigned char *sum, size_t length); - -int is_passwd_enable(void); -int passwd_disable(void); int check_passwd(unsigned char* passwd, size_t length); -int set_passwd(unsigned char* passwd, size_t length); + +int read_env_passwd(unsigned char *sum, size_t length); +int write_env_passwd(unsigned char *sum, size_t length); + +int read_default_passwd(unsigned char *sum, size_t length); +int is_passwd_default_enable(void); +int check_default_passwd(unsigned char* passwd, size_t length); + +int is_passwd_env_enable(void); +int passwd_env_disable(void); +int check_env_passwd(unsigned char* passwd, size_t length); +int set_env_passwd(unsigned char* passwd, size_t length); + +static inline int is_passwd_enable(void) +{ + return is_passwd_default_enable() || is_passwd_env_enable(); +} #endif /* __PASSWORD_H__ */ diff --git a/include/printk.h b/include/printk.h index 86bf20842..f550f07bb 100644 --- a/include/printk.h +++ b/include/printk.h @@ -18,12 +18,15 @@ /* debugging and troubleshooting/diagnostic helpers. */ -int dev_printf(const struct device_d *dev, const char *format, ...) +int pr_print(int level, const char *format, ...) __attribute__ ((format(__printf__, 2, 3))); +int dev_printf(int level, const struct device_d *dev, const char *format, ...) + __attribute__ ((format(__printf__, 3, 4))); + #define __dev_printf(level, dev, format, args...) \ ({ \ - (level) <= LOGLEVEL ? dev_printf((dev), (format), ##args) : 0; \ + (level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \ }) @@ -46,7 +49,7 @@ int dev_printf(const struct device_d *dev, const char *format, ...) #define __pr_printk(level, format, args...) \ ({ \ - (level) <= LOGLEVEL ? printk((format), ##args) : 0; \ + (level) <= LOGLEVEL ? pr_print((level), (format), ##args) : 0; \ }) #ifndef pr_fmt