[PATCH 11/11] base-files: set root password if present inside board.json
Jo-Philipp Wich
jo at wwsnet.net
Tue Sep 24 02:57:46 PDT 2024
Hi,
> The code checks if the first character is "$". In that case it is assumed
> that the string contains a solted hash. Alternatively we assume that it is
> a cleartext password.
IMHO that kind of heuristic is undesirable. Imagine a scenario where something
autogenerates passwords and those happen to start with `$`, the resulting
configuration would not allow authentication with the expected password.
You should probably just separate the variables into `root_password_plain` and
`root_password_hash`, then make the latter take precedence over the former in
case both are defined.
~ Jo
>
> Signed-off-by: John Crispin <john at phrozen.org>
> ---
> .../files/etc/uci-defaults/50-root-passwd | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
> create mode 100644 package/base-files/files/etc/uci-defaults/50-root-passwd
>
> diff --git a/package/base-files/files/etc/uci-defaults/50-root-passwd b/package/base-files/files/etc/uci-defaults/50-root-passwd
> new file mode 100644
> index 0000000000..a7e5ace913
> --- /dev/null
> +++ b/package/base-files/files/etc/uci-defaults/50-root-passwd
> @@ -0,0 +1,15 @@
> +. /usr/share/libubox/jshn.sh
> +
> +json_init
> +json_load "$(cat /etc/board.json)"
> +
> +json_select credentials
> +json_get_vars root_password root_password
> + [ -z "$root_password" ] || {
> + if [ "${root_password:0:1}" == "$" ]; then
> + sed -i "s|^root:[^:]*|root:$root_password|g" /etc/shadow
> + else
> + (echo "$root_password"; sleep 1; echo "$root_password") | passwd root
> + fi
> + }
> +json_select ..
More information about the openwrt-devel
mailing list