From patchwork Mon Sep 23 17:18:25 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Crispin <john@phrozen.org>
X-Patchwork-Id: 1988682
X-Patchwork-Delegate: blogic@openwrt.org
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=X2zZtavU;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4XC97q3bNbz1xsM
	for <incoming@patchwork.ozlabs.org>; Tue, 24 Sep 2024 03:33:25 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=BturfZ68Qqb3cZW5LpBlf/Q5l9HH4VBr0VTQsZ1b3+M=; b=X2zZtavUiCZdDi
	ZXLkyG484DZ6A/IPjKyVp2FfI/s2dxWfX51Y+pez1pSv+/2QVkNxeQhWp0tIn/p58LTXf4MvdK7bx
	4HdLmutGT4DvVUrEhwvPZcNAYYuYtz0mn8c93+/C0ZYG3Or91ODfhzgbqKeMj9dc7IsTIEwnP7cTV
	8TRxOtku4Yxb+Iqj0sgGO8Eo8vVR/z6OG8mk5j5Y4PUNkHxjpjdSQjLkwAXvBYcjwYvLvvQczQsQe
	rso3z+EwPariOLYQ0/JreZG1hsuPRmQXTPAVHiT/T5ATuf110UifxggTmmgxtBjxwFGPcL+KfJ36t
	RGTIgnMnV62yLBs+CVfw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
	id 1ssmv5-00000000ANu-480R;
	Mon, 23 Sep 2024 17:32:20 +0000
Received: from nbd.name ([46.4.11.11])
	by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1ssmv3-00000000AMs-1VDg
	for openwrt-devel@lists.openwrt.org;
	Mon, 23 Sep 2024 17:32:18 +0000
Received: from [2a04:4540:1404:e800:43a1:93c8:f672:7397] (helo=bertha10..)
	by ds12 with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <john@phrozen.org>)
	id 1ssmhm-00HS5P-2u
	for openwrt-devel@lists.openwrt.org;
	Mon, 23 Sep 2024 19:18:34 +0200
From: John Crispin <john@phrozen.org>
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH 11/11] base-files: set root password if present inside
 board.json
Date: Mon, 23 Sep 2024 19:18:25 +0200
Message-Id: <20240923171825.148902-12-john@phrozen.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240923171825.148902-1-john@phrozen.org>
References: <20240923171825.148902-1-john@phrozen.org>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240923_103217_400018_ED69D023 
X-CRM114-Status: UNSURE (   9.50  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -1.9 (-)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  The code checks if the first character is "$". In that case
    it is assumed that the string contains a solted hash. Alternatively we
 assume
    that it is a cleartext password. Signed-off-by: John Crispin
 <john@phrozen.org>
    --- .../files/etc/uci-defaults/50-root-passwd | 15 +++++++++++++++ 1 file
    changed,
 15 insertions(+) create mode 100644 package/base-files/files/etc/uci-d
    [...]
 Content analysis details:   (-1.9 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [46.4.11.11 listed in
 sa-trusted.bondedsender.org]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [46.4.11.11 listed in sa-accredit.habeas.com]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [46.4.11.11 listed in bl.score.senderscore.com]
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

The code checks if the first character is "$". In that case it is assumed
that the string contains a solted hash. Alternatively we assume that it is
a cleartext password.

Signed-off-by: John Crispin <john@phrozen.org>
---
 .../files/etc/uci-defaults/50-root-passwd         | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 package/base-files/files/etc/uci-defaults/50-root-passwd

diff --git a/package/base-files/files/etc/uci-defaults/50-root-passwd b/package/base-files/files/etc/uci-defaults/50-root-passwd
new file mode 100644
index 0000000000..a7e5ace913
--- /dev/null
+++ b/package/base-files/files/etc/uci-defaults/50-root-passwd
@@ -0,0 +1,15 @@
+. /usr/share/libubox/jshn.sh
+
+json_init
+json_load "$(cat /etc/board.json)"
+
+json_select credentials
+json_get_vars root_password root_password
+	[ -z "$root_password" ] || {
+		if [ "${root_password:0:1}" == "$" ]; then
+			sed -i "s|^root:[^:]*|root:$root_password|g" /etc/shadow
+		else
+			(echo "$root_password"; sleep 1; echo "$root_password") | passwd root
+		fi
+	}
+json_select ..