Patchwork [V2,3/3] classes/image: Allow openssh empty passwords login.

login
register
mail settings
Submitter Lianhao Lu
Date June 12, 2012, 10:10 a.m.
Message ID <de650fb4dbcc6e2539f9325c58dbe5dd1e94f137.1339495723.git.lianhao.lu@intel.com>
Download mbox | patch
Permalink /patch/29693/
State New
Headers show

Comments

Lianhao Lu - June 12, 2012, 10:10 a.m.
Allow empty passwords login so that the default root user can login in
through openssh.

Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
---
 meta/classes/core-image.bbclass |    2 ++
 meta/classes/image.bbclass      |   10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletions(-)
Richard Purdie - June 12, 2012, 1:55 p.m.
On Tue, 2012-06-12 at 18:10 +0800, Lianhao Lu wrote:
> Allow empty passwords login so that the default root user can login in
> through openssh.
> 
> Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
> ---
>  meta/classes/core-image.bbclass |    2 ++
>  meta/classes/image.bbclass      |   10 +++++++++-
>  2 files changed, 11 insertions(+), 1 deletions(-)
> 
> diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
> index e2ad0fc..25f5c5a 100644
> --- a/meta/classes/core-image.bbclass
> +++ b/meta/classes/core-image.bbclass
> @@ -69,4 +69,6 @@ ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
>  
>  # Zap the root password if debug-tweaks feature is not enabled
>  ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
> +# Allow openssh accept empty password login if both debug-tweaks and ssh-server-openssh are enabled
> +ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks ssh-server-openssh", "openssh_allow_empty_password; ", "",d)}'
>  
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index fb932b9..3f53271 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -318,6 +318,14 @@ zap_root_password () {
>  	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
>  } 
>  
> +# allow openssh accept login with empty password string
> +openssh_allow_empty_password () {
> +	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
> +		sed 's#.*PermitEmptyPasswords.*#PermitEmptyPasswords yes#' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config >${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config.new
> +		mv -f ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config.new ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config
> +	fi
> +}

Can't we just use the -i option here?

>  # Turn any symbolic /sbin/init link into a file
>  remove_init_link () {
>  	if [ -h ${IMAGE_ROOTFS}/sbin/init ]; then
> @@ -372,7 +380,7 @@ rootfs_trim_schemas () {
>  	done
>  }
>  
> -EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
> +EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup openssh_allow_empty_password

This use of EXPORT_FUNCTIONS looks wrong, you don't need to add this
here and in fact that whole line can probably be removed...

Cheers,

Richard

Patch

diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
index e2ad0fc..25f5c5a 100644
--- a/meta/classes/core-image.bbclass
+++ b/meta/classes/core-image.bbclass
@@ -69,4 +69,6 @@  ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
 
 # Zap the root password if debug-tweaks feature is not enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
+# Allow openssh accept empty password login if both debug-tweaks and ssh-server-openssh are enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks ssh-server-openssh", "openssh_allow_empty_password; ", "",d)}'
 
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index fb932b9..3f53271 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -318,6 +318,14 @@  zap_root_password () {
 	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
 } 
 
+# allow openssh accept login with empty password string
+openssh_allow_empty_password () {
+	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
+		sed 's#.*PermitEmptyPasswords.*#PermitEmptyPasswords yes#' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config >${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config.new
+		mv -f ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config.new ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config
+	fi
+}
+
 # Turn any symbolic /sbin/init link into a file
 remove_init_link () {
 	if [ -h ${IMAGE_ROOTFS}/sbin/init ]; then
@@ -372,7 +380,7 @@  rootfs_trim_schemas () {
 	done
 }
 
-EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
+EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup openssh_allow_empty_password
 
 do_fetch[noexec] = "1"
 do_unpack[noexec] = "1"