From 3e5f20f58619df0b9301603d53c1d0f0e826eb39 Mon Sep 17 00:00:00 2001 From: Michael Janczyk Date: Wed, 8 Apr 2009 16:49:20 +0000 Subject: added sha1 encryption of PXE menu passwd, thx to Sebastian who actually did the whole thing ;) git-svn-id: http://svn.openslx.org/svn/openslx/openslx/trunk@2811 95ad53e4-c205-0410-b2fa-d234c58c8868 --- Makefile | 8 ++++---- boot-env/OpenSLX/BootEnvironment/PXE.pm | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 029f51ec..689794c4 100644 --- a/Makefile +++ b/Makefile @@ -92,10 +92,10 @@ dep-check: @ # many of the following modules are part of core perl, but we check @ # for them just to be sure... - @for m in Carp Clone Config::General Cwd DBI Digest::MD5 Encode Fcntl \ - File::Basename File::Find File::Glob File::Path FindBin \ - Getopt::Long List::Util Pod::Usage POSIX Socket Storable \ - Sys::Hostname Term::ReadLine ; do \ + @for m in Carp Clone Config::General Cwd DBI Digest::MD5 Digest::SHA1 \ + Encode Fcntl File::Basename File::Find File::Glob File::Path \ + FindBin Getopt::Long List::Util MIME::Base64 Pod::Usage \ + POSIX Socket Storable Sys::Hostname Term::ReadLine ; do \ if ! perl -e "use $$m" 2>>${SLX_INSTALL_LOG} ; then \ echo " The perl module '$$m' is required, please install it."; \ exit 1; \ diff --git a/boot-env/OpenSLX/BootEnvironment/PXE.pm b/boot-env/OpenSLX/BootEnvironment/PXE.pm index 160f7193..b8c5b9a6 100644 --- a/boot-env/OpenSLX/BootEnvironment/PXE.pm +++ b/boot-env/OpenSLX/BootEnvironment/PXE.pm @@ -20,6 +20,9 @@ use base qw(OpenSLX::BootEnvironment::Base); use File::Basename; use File::Path; +# for sha1 passwd encryption +use Digest::SHA1; +use MIME::Base64; use OpenSLX::Basics; use OpenSLX::Utils; @@ -202,7 +205,8 @@ sub _getTemplate $pxeTemplate .= "\n# slxsettings configuration\n"; $pxeTemplate .= "TIMEOUT $openslxConfig{'pxe-timeout'}\n" || ""; $pxeTemplate .= "TOTALTIMEOUT $openslxConfig{'pxe-totaltimeout'}\n" || ""; - $pxeTemplate .= "MENU MASTER PASSWD $openslxConfig{'pxe-passwd'}\n" || ""; + my $sha1pass = $self->_sha1pass($openslxConfig{'pxe-passwd'}); + $pxeTemplate .= "MENU MASTER PASSWD $sha1pass\n" || ""; $pxeTemplate .= "MENU TITLE $openslxConfig{'pxe-title'}\n" || ""; # fetch PXE-include, if exists (overwrite existing definitions) @@ -246,4 +250,31 @@ sub _prepareBootloaderConfigFolder return 1; } +# from syslinux 3.73: http://syslinux.zytor.co +sub _random_bytes +{ + my $self = shift; + my $n = shift; + my($v, $i); + + # using perl rand because of problems with encoding(cp850) and 'bytes' + srand($$ ^ time); + $v = ''; + for ( $i = 0 ; $i < $n ; $i++ ) { + $v .= ord(int(rand() * 256)); + } + + return $v; +} + +sub _sha1pass +{ + my $self = shift; + my $pass = shift; + my $salt = shift || MIME::Base64::encode($self->_random_bytes(6), ''); + $pass = Digest::SHA1::sha1_base64($salt, $pass); + + return sprintf('$4$%s$%s$', $salt, $pass); +} + 1; -- cgit v1.2.3-55-g7522