From 0a400811f9c85584e7897a822dc70b5c9c38192d Mon Sep 17 00:00:00 2001 From: Ian Moffett Date: Thu, 10 Jul 2025 02:41:17 -0400 Subject: usr: login: Implement 'password' input/hashing - Update /etc/passwd to contain the hash for 'root' - Implement password checking login in the 'login' program - Add information about default credentials in the README Signed-off-by: Ian Moffett --- README.md | 6 ++++++ etc/passwd | 2 +- usr.bin/login/login.c | 42 +++++++++++++++++++++++++++++++++++------- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1d7f9a9..5592a0d 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,12 @@ After running the configure script, you can now actually build Hyra: This will generate a new `Hyra.iso` file. + +Default User: +---------------- +Upon booting, the `login` program will ask for user credentials. The default username is `root` and the default +password is also `root`. + Documentation: -------------- Documentation will be in the form of comments throughout the codebase and can also be found in the share/ directory within the project root. diff --git a/etc/passwd b/etc/passwd index 298e923..7855b99 100644 --- a/etc/passwd +++ b/etc/passwd @@ -1 +1 @@ -root:x:0:0:Not a ruler:/root:/usr/bin/osh +root:4813494d137e1631bba301d5acab6e7bb7aa74ce1185d456565ef51d737677b2:0:0:Not a ruler:/root:/usr/bin/osh diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index c5af6c0..d4c4562 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -51,6 +52,7 @@ static char buf[64]; static uint8_t buf_i; +static short echo_chars = 1; /* * Verify a UID is valid @@ -83,13 +85,14 @@ check_uid(const char *uid) * (username) * * @alias: Alias to lookup + * @hash: Password hash * @entry: /etc/passwd entry * * Returns -1 on failure * Returns 0 if the entry matches */ static int -check_user(char *alias, char *entry) +check_user(char *alias, char *hash, char *entry) { const char *p, *shell; char *shell_argv[] = { DEFAULT_SHELL, NULL }; @@ -118,6 +121,11 @@ check_user(char *alias, char *entry) retval = 0; } break; /* UNREACHABLE */ + case ROW_HASH: + if (strcmp(p, hash) == 0) { + retval = 0; + } + break; case ROW_USERID: if (check_uid(p) != 0) { printf("bad uid @ line %d\n", line); @@ -155,12 +163,11 @@ check_user(char *alias, char *entry) static char * getstr(void) { - char c; + char c, printc; int input; buf_i = 0; - for (;;) { if ((input = getchar()) < 0) { continue; @@ -171,6 +178,13 @@ getstr(void) continue; } + /* + * If we want to echo characters, 'printc' becomes + * exactly the character we got. Otherwise, just + * print little stars to redact it. + */ + printc = echo_chars ? c : '*'; + /* return on newline */ if (c == '\n') { buf[buf_i] = '\0'; @@ -187,7 +201,7 @@ getstr(void) } else if (is_ascii(c) && buf_i < sizeof(buf) - 1) { /* write to fd and add to buffer */ buf[buf_i++] = c; - putchar(c); + putchar(printc); } } } @@ -195,21 +209,36 @@ getstr(void) static int getuser(FILE *fp) { + char *pwtmp; char *alias; char entry[256]; + char pwhash[SHA256_HEX_SIZE]; int retval; printf("username: "); alias = getstr(); + + /* Grab the password now */ + echo_chars = 0; + printf("password: "); + pwtmp = getstr(); + sha256_hex(pwtmp, strlen(pwtmp), pwhash); + + /* Paranoia */ + pwtmp = NULL; + buf_i = 0; + memset(buf, 0, sizeof(buf)); + + /* See if anything matches */ while (fgets(entry, sizeof(entry), fp) != NULL) { - retval = check_user(alias, entry); + retval = check_user(alias, pwhash, entry); if (retval == 0) { printf("login: successful\n"); return 0; } } - printf("bad username \"%s\"\n", alias); + printf("bad username or password\n"); fseek(fp, 0, SEEK_SET); memset(buf, 0, sizeof(buf)); buf_i = 0; @@ -228,7 +257,6 @@ main(void) } printf("- Please authenticate yourself -\n"); - printf("Default user 'root'\n"); for (;;) { if (getuser(fp) == 0) { break; -- cgit v1.2.3