? sets/lists/32740 Index: utils/embedded/conf/evbarm.conf =================================================================== RCS file: /cvsroot/src/distrib/utils/embedded/conf/evbarm.conf,v retrieving revision 1.32 diff -p -u -r1.32 evbarm.conf --- utils/embedded/conf/evbarm.conf 2 Dec 2018 15:43:04 -0000 1.32 +++ utils/embedded/conf/evbarm.conf 11 Jun 2019 02:54:31 -0000 @@ -141,6 +141,8 @@ sshd=YES dhcpcd=YES ntpd=YES ntpd_flags="-g" +creds_msdos=YES +creds_msdos_partition=/boot EOF if $resize; then @@ -156,9 +158,11 @@ EOF >> "$tmp/selected_sets" mkdir ${mnt}/etc/rc.d - cp ${DIR}/files/resize_disklabel ${mnt}/etc/rc.d/resize_disklabel - echo "./etc/rc.d/resize_disklabel type=file uname=root gname=wheel mode=0555" \ - >> "$tmp/selected_sets" + for _f in resize_disklabel creds_msdos; do + cp ${DIR}/files/${_f} ${mnt}/etc/rc.d/${_f} + echo "./etc/rc.d/${_f} type=file uname=root gname=wheel mode=0555" \ + >> "$tmp/selected_sets" + done if [ ! -f ${release}/dev/MAKEDEV ]; then echo ${PROG}: Missing ${release}/dev/MAKEDEV 1>&2 Index: utils/embedded/files/creds_msdos =================================================================== RCS file: utils/embedded/files/creds_msdos diff -N utils/embedded/files/creds_msdos --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ utils/embedded/files/creds_msdos 11 Jun 2019 02:54:31 -0000 @@ -0,0 +1,179 @@ +#!/bin/sh +# +# $NetBSD$ +# +# Copyright (c) 2019 Matthew R. Green +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +# +# If "creds_msdos_partition" is an msdos partition and has a nbcreds.txt +# in it, perform these commands: +# "useradd " +# "sshkeyfile " +# "sshkeystring " +# If the "useradd" method is used, this the nbcreds.txt file will be +# shredded and deleted with rm -P. + +# PROVIDE: creds_msdos +# REQUIRE: mountall + +$_rc_subr_loaded . /etc/rc.subr + +name="creds_msdos" +start_cmd="creds_msdos_start" +stop_cmd=":" +fstab_file=/etc/fstab + +fail() { + echo "$@" 1>&2 + exit 1 +} + +do_user_add() { + local user="$1" + local password="$2" + local group="wheel" + + # don't add to existing users + id=$(id -u $user 2>/dev/null) + if [ $? -eq 0 ]; then + return + fi + + local password_hash=$(pwhash "$password") + useradd -m -p "${password_hash}" -G "${group}" "$user" || fail "Useradd failed." || fail "Useradd failed." +} + +sshkey_setup() { + local user="$1" + local group="wheel" + + # don't create existing users + id=$(id -u $user 2>/dev/null) + if [ $? -ne 0 ]; then + useradd -m -G "${group}" "$user" || fail "Useradd failed." + fi + + eval sshdir=~"${user}/.ssh" + eval mkdir -p -m 755 "${sshdir}" || fail "mkdir ~/.ssh failed." + eval userkeys="${sshdir}/authorized_keys" +} + +sshkey_finish() { + local user="$1" + local userkeys="$2" + + chmod 644 "${userkeys}" + chown "${user}" "${userkeys}" +} + +do_sshkeyfile() { + local user="$1" + local newkeys="${creds_msdos_partition}/$2" + + if [ ! -f "${newkeys}" ]; then + return + fi + + sshkey_setup "$user" + + # check entry is not present + while read type keydata name; do + if fgrep -q "${keydata}" "${userkeys}" 2>/dev/null; then + continue + fi + echo "${type} ${keydata} ${name}" >> "${userkeys}" + done < "${newkeys}" + + sshkey_finish "$user" "${userkeys}" +} + +do_sshkeystring() { + local user="$1" + local newkey="$2" + + sshkey_setup "$user" + + echo "${newkey}" >> "${userkeys}" + + sshkey_finish "$user" "${userkeys}" +} + +creds_msdos_start() +{ + if [ -z "${creds_msdos_partition}" ]; then + echo "Not looking for credientials on msdos" + return; + fi + check_fs= + while read junk1 mp fstype junk2; do + if [ "${mp}" != "${creds_msdos_partition}" ]; then + continue + fi + if [ "${fstype}" != "msdos" ]; then + echo "Not checking for creds on ${creds_msdos_partition}: not an msdos file system" + return; + fi + break + done < "${fstab_file}" + + delete_creds=no + creds_file="${creds_msdos_partition}/nbcreds.txt" + + if [ -f "${creds_file}" ]; then + while read type user arg1; do + case "$type" in + \#*|'') + continue + ;; + useradd) + echo "Added user ${user} via password method, shredding credentials file." + do_user_add "${user}" "${arg1}" + delete_creds=yes + ;; + sshkeyfile) + echo "Added user ${user} via ssh key file method." + do_sshkeyfile "${user}" "${arg1}" + ;; + sshkeystring) + echo "Added user ${user} via ssh key string method." + do_sshkeystring "${user}" "${arg1}" + ;; + *) + echo "Do not understand '$type' creds" 1>&2 + exit 1 + ;; + esac + done < "${creds_file}" + fi + + if [ $delete_creds = yes ]; then + rm -P -f "${creds_file}" + fi +} + +load_rc_config $name +run_rc_command "$1" Index: utils/embedded/files/creds_msdos.8 =================================================================== RCS file: utils/embedded/files/creds_msdos.8 diff -N utils/embedded/files/creds_msdos.8 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ utils/embedded/files/creds_msdos.8 11 Jun 2019 02:54:31 -0000 @@ -0,0 +1,111 @@ +.\" $NetBSD$ +.\" +.\" Copyright (c) 2019 Matthew R. Green +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd June 10, 2019 +.Dt CREDS_MSDOS 8 +.Os +.Sh NAME +.Nm creds_msdos +.Nd automatically add login credentials from MSDOS partition +.Sh SYNOPSIS +.Nm +.Ar start +.Sh DESCRIPTION +The +.Nm +rc.d script allows automatic addition of login credential during boot +using a special file found on the MSDOS partition of a bootable image. +This script is not distributed with the normal system and is only +be included with pre-installed bootable images. +The goal is to allow remote access of the system without having to +edit the primary root file system (which may not be accessible from +the host the image is being written from), but place this information +in the MSDOS partition that most platforms can easily access. +.Pp +Typically, an installable image (such as +.Pa arm64.img ) +is written to an SD card or similar media, and has both a native FFS +partition as well as an MSDOS partition for booting. +If this script is enabled and has been pointed the boot partition +it will inspect the file +.Pa nbcreds.txt +for any credentials to be added to the system. +.Pp +These are the supported option in the credentials files: +.Bl -tag -compact -width "sshkeystringpl" +.Pp +.It Sy sshkeyfile + . +.It Sy sshkeystring + +.It Sy useradd + +.El +.Pp +In all cases is the username added, and the user will be +added to the +.Dq wheel +group. +.Pp +The sshkeyfile method looks in the MSDOS boot partition for +the specified file and merges ssh keys from this file into +'s +.Pa ~/.ssh/authorized_keys +file. +.Pp +The sshkeystring adds the to the +'s +.Pa ~/.ssh/authorized_keys +file. +.Pp +The above two methods are the preferred methods. +.Pp +For the useradd method is an unencrypted raw password +that will be hashed and added to the system. This method is +not recommended as it leaves unencrypted passwords around until +such time that the script runs. If this method is used then the +.Pa nbcreds.txt +file will be shredded and deleted using +.Dq rm -P +after the credentials are updated. +.Sh FILES +.Pa /boot/nbcreds.txt +.Sh SEE ALSO +.Xr rm 1 , +.Xr ssh 1 , +.Xr ssh_config 5 , +.Xr mount_msdos 8 , +.Xr sshd 8 , +.Xr useradd 8 +.Sh HISTORY +The +.Nm +script appeared in +.Nx 9.0 . +.Sh AUTHORS +.An Matthew R. Green Aq Mt mrg@eterna.com.au .