static void test_acquire_random_bytes(bool high_quality_required) {
uint8_t buf[16] = {};
unsigned i;
log_info("/* %s */", __func__);
for (i = 1; i < sizeof buf; i++) {
assert_se(acquire_random_bytes(buf, i, high_quality_required) == 0);
if (i + 1 < sizeof buf)
assert_se(buf[i] == 0);
hexdump(stdout, buf, i);
}
}
static int process_root_password(void) {
static const char table[] =
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789"
"./";
struct spwd item = {
.sp_namp = (char*) "root",
.sp_min = -1,
.sp_max = -1,
.sp_warn = -1,
.sp_inact = -1,
.sp_expire = -1,
.sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */
};
_cleanup_close_ int lock = -1;
char salt[3+16+1+1];
uint8_t raw[16];
unsigned i;
char *j;
const char *etc_shadow;
int r;
etc_shadow = prefix_roota(arg_root, "/etc/shadow");
if (laccess(etc_shadow, F_OK) >= 0)
return 0;
mkdir_parents(etc_shadow, 0755);
lock = take_etc_passwd_lock(arg_root);
if (lock < 0)
return log_error_errno(lock, "Failed to take a lock: %m");
if (arg_copy_root_password && arg_root) {
struct spwd *p;
errno = 0;
p = getspnam("root");
if (p || errno != ENOENT) {
if (!p) {
if (!errno)
errno = EIO;
return log_error_errno(errno, "Failed to find shadow entry for root: %m");
}
r = write_root_shadow(etc_shadow, p);
if (r < 0)
return log_error_errno(r, "Failed to write %s: %m", etc_shadow);
log_info("%s copied.", etc_shadow);
return 0;
}
}
r = prompt_root_password();
if (r < 0)
return r;
if (!arg_root_password)
return 0;
r = acquire_random_bytes(raw, 16, true);
if (r < 0)
return log_error_errno(r, "Failed to get salt: %m");
/* We only bother with SHA512 hashed passwords, the rest is legacy, and we don't do legacy. */
assert_cc(sizeof(table) == 64 + 1);
j = stpcpy(salt, "$6$");
for (i = 0; i < 16; i++)
j[i] = table[raw[i] & 63];
j[i++] = '$';
j[i] = 0;
errno = 0;
item.sp_pwdp = crypt(arg_root_password, salt);
if (!item.sp_pwdp) {
if (!errno)
errno = EINVAL;
return log_error_errno(errno, "Failed to encrypt password: %m");
}
item.sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
r = write_root_shadow(etc_shadow, &item);
if (r < 0)
return log_error_errno(r, "Failed to write %s: %m", etc_shadow);
log_info("%s written.", etc_shadow);
return 0;
}
static int help(void) {
_cleanup_free_ char *link = NULL;
int r;
r = terminal_urlify_man("systemd-firstboot", "1", &link);
if (r < 0)
return log_oom();
printf("%s [OPTIONS...]\n\n"
"Configures basic settings of the system.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --root=PATH Operate on an alternate filesystem root\n"
" --locale=LOCALE Set primary locale (LANG=)\n"
" --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n"
" --keymap=KEYMAP Set keymap\n"
" --timezone=TIMEZONE Set timezone\n"
" --hostname=NAME Set host name\n"
" --machine-ID=ID Set machine ID\n"
" --root-password=PASSWORD Set root password\n"
" --root-password-file=FILE Set root password from file\n"
" --prompt-locale Prompt the user for locale settings\n"
" --prompt-keymap Prompt the user for keymap settings\n"
" --prompt-timezone Prompt the user for timezone\n"
" --prompt-hostname Prompt the user for hostname\n"
" --prompt-root-password Prompt the user for root password\n"
" --prompt Prompt for all of the above\n"
" --copy-locale Copy locale from host\n"
" --copy-keymap Copy keymap from host\n"
" --copy-timezone Copy timezone from host\n"
" --copy-root-password Copy root password from host\n"
" --copy Copy locale, keymap, timezone, root password\n"
" --setup-machine-id Generate a new random machine ID\n"
"\nSee the %s for details.\n"
, program_invocation_short_name
, link
);
return 0;
}