X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;ds=sidebyside;f=src%2Ffirstboot%2Ffirstboot.c;h=e6b40294bf6df17883eb6867c4a767e363136d11;hb=127c167cdbbce1c3d730cd53fd79ef5a0603ab7d;hp=a3f4377a6415f613fe3874ab575f9943ef787907;hpb=ad2bf5df89606007817bbd4e51e2bbcd4e36022e;p=thirdparty%2Fsystemd.git diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index a3f4377a641..e6b40294bf6 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -27,6 +27,7 @@ #include "fileio.h" #include "fs-util.h" #include "hostname-util.h" +#include "kbd-util.h" #include "locale-util.h" #include "main-func.h" #include "mkdir.h" @@ -162,7 +163,7 @@ static int prompt_loop(const char *text, char **l, bool (*is_valid)(const char * _cleanup_free_ char *p = NULL; unsigned u; - r = ask_string(&p, "%s %s (empty to skip): ", special_glyph(TRIANGULAR_BULLET), text); + r = ask_string(&p, "%s %s (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), text); if (r < 0) return log_error_errno(r, "Failed to query user: %m"); @@ -252,8 +253,8 @@ static int process_locale(void) { if (arg_copy_locale && arg_root) { - mkdir_parents(etc_localeconf, 0755); - r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644, 0, COPY_REFLINK); + (void) mkdir_parents(etc_localeconf, 0755); + r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644, 0, 0, COPY_REFLINK); if (r != -ENOENT) { if (r < 0) return log_error_errno(r, "Failed to copy %s: %m", etc_localeconf); @@ -277,7 +278,7 @@ static int process_locale(void) { locales[i] = NULL; - mkdir_parents(etc_localeconf, 0755); + (void) mkdir_parents(etc_localeconf, 0755); r = write_env_file(etc_localeconf, locales); if (r < 0) return log_error_errno(r, "Failed to write %s: %m", etc_localeconf); @@ -326,8 +327,8 @@ static int process_keymap(void) { if (arg_copy_keymap && arg_root) { - mkdir_parents(etc_vconsoleconf, 0755); - r = copy_file("/etc/vconsole.conf", etc_vconsoleconf, 0, 0644, 0, COPY_REFLINK); + (void) mkdir_parents(etc_vconsoleconf, 0755); + r = copy_file("/etc/vconsole.conf", etc_vconsoleconf, 0, 0644, 0, 0, COPY_REFLINK); if (r != -ENOENT) { if (r < 0) return log_error_errno(r, "Failed to copy %s: %m", etc_vconsoleconf); @@ -410,7 +411,7 @@ static int process_timezone(void) { if (r < 0) return log_error_errno(r, "Failed to read host timezone: %m"); - mkdir_parents(etc_localtime, 0755); + (void) mkdir_parents(etc_localtime, 0755); if (symlink(p, etc_localtime) < 0) return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); @@ -428,7 +429,7 @@ static int process_timezone(void) { e = strjoina("../usr/share/zoneinfo/", arg_timezone); - mkdir_parents(etc_localtime, 0755); + (void) mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); @@ -451,7 +452,7 @@ static int prompt_hostname(void) { for (;;) { _cleanup_free_ char *h = NULL; - r = ask_string(&h, "%s Please enter hostname for new system (empty to skip): ", special_glyph(TRIANGULAR_BULLET)); + r = ask_string(&h, "%s Please enter hostname for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET)); if (r < 0) return log_error_errno(r, "Failed to query hostname: %m"); @@ -489,9 +490,8 @@ static int process_hostname(void) { if (isempty(arg_hostname)) return 0; - mkdir_parents(etc_hostname, 0755); r = write_string_file(etc_hostname, arg_hostname, - WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC); + WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755); if (r < 0) return log_error_errno(r, "Failed to write %s: %m", etc_hostname); @@ -511,9 +511,8 @@ static int process_machine_id(void) { if (sd_id128_is_null(arg_machine_id)) return 0; - mkdir_parents(etc_machine_id, 0755); r = write_string_file(etc_machine_id, sd_id128_to_string(arg_machine_id, id), - WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC); + WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755); if (r < 0) return log_error_errno(r, "Failed to write machine id: %m"); @@ -538,8 +537,8 @@ static int prompt_root_password(void) { print_welcome(); putchar('\n'); - msg1 = strjoina(special_glyph(TRIANGULAR_BULLET), " Please enter a new root password (empty to skip): "); - msg2 = strjoina(special_glyph(TRIANGULAR_BULLET), " Please enter new root password again: "); + msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip): "); + msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again: "); for (;;) { _cleanup_strv_free_erase_ char **a = NULL, **b = NULL; @@ -594,12 +593,6 @@ static int write_root_shadow(const char *path, const struct spwd *p) { static int process_root_password(void) { - static const char table[] = - "abcdefghijklmnopqrstuvwxyz" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "0123456789" - "./"; - struct spwd item = { .sp_namp = (char*) "root", .sp_min = -1, @@ -609,12 +602,9 @@ static int process_root_password(void) { .sp_expire = -1, .sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */ }; - + _cleanup_free_ char *salt = NULL; _cleanup_close_ int lock = -1; - char salt[3+16+1+1]; - uint8_t raw[16]; - unsigned i; - char *j; + struct crypt_data cd = {}; const char *etc_shadow; int r; @@ -623,7 +613,7 @@ static int process_root_password(void) { if (laccess(etc_shadow, F_OK) >= 0) return 0; - mkdir_parents(etc_shadow, 0755); + (void) mkdir_parents(etc_shadow, 0755); lock = take_etc_passwd_lock(arg_root); if (lock < 0) @@ -658,27 +648,15 @@ static int process_root_password(void) { if (!arg_root_password) return 0; - /* Insist on the best randomness by setting RANDOM_BLOCK, this is about keeping passwords secret after all. */ - r = genuine_random_bytes(raw, 16, RANDOM_BLOCK); + r = make_salt(&salt); if (r < 0) return log_error_errno(r, "Failed to get salt: %m"); - /* We only bother with SHA512 hashed passwords, the rest is legacy, and we don't do legacy. */ - assert_cc(sizeof(table) == 64 + 1); - j = stpcpy(salt, "$6$"); - for (i = 0; i < 16; i++) - j[i] = table[raw[i] & 63]; - j[i++] = '$'; - j[i] = 0; - errno = 0; - item.sp_pwdp = crypt(arg_root_password, salt); - if (!item.sp_pwdp) { - if (!errno) - errno = EINVAL; - - return log_error_errno(errno, "Failed to encrypt password: %m"); - } + item.sp_pwdp = crypt_r(arg_root_password, salt, &cd); + if (!item.sp_pwdp) + return log_error_errno(errno == 0 ? SYNTHETIC_ERRNO(EINVAL) : errno, + "Failed to encrypt password: %m"); item.sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);