Hi,
The code checks if the first character is "$". In that case it is assumed
that the string contains a solted hash. Alternatively we assume that it is
a cleartext password.
IMHO that kind of heuristic is undesirable. Imagine a scenario where something
autogenerates passwords and those happen to start with `$`, the resulting
configuration would not allow authentication with the expected password.
You should probably just separate the variables into `root_password_plain` and
`root_password_hash`, then make the latter take precedence over the former in
case both are defined.
~ Jo
Signed-off-by: John Crispin <j...@phrozen.org>
---
.../files/etc/uci-defaults/50-root-passwd | 15 +++++++++++++++
1 file changed, 15 insertions(+)
create mode 100644 package/base-files/files/etc/uci-defaults/50-root-passwd
diff --git a/package/base-files/files/etc/uci-defaults/50-root-passwd
b/package/base-files/files/etc/uci-defaults/50-root-passwd
new file mode 100644
index 0000000000..a7e5ace913
--- /dev/null
+++ b/package/base-files/files/etc/uci-defaults/50-root-passwd
@@ -0,0 +1,15 @@
+. /usr/share/libubox/jshn.sh
+
+json_init
+json_load "$(cat /etc/board.json)"
+
+json_select credentials
+json_get_vars root_password root_password
+ [ -z "$root_password" ] || {
+ if [ "${root_password:0:1}" == "$" ]; then
+ sed -i "s|^root:[^:]*|root:$root_password|g" /etc/shadow
+ else
+ (echo "$root_password"; sleep 1; echo "$root_password")
| passwd root
+ fi
+ }
+json_select ..
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
