-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add some script to manage default passwords
These script can set and restore the password from the BlueTooth pincode as will be done in production. ve-is-password-set-by-default reports if there was a password set in the factory or none at all as before this change. This check is based on the release date of the installer firmware.
- Loading branch information
Showing
4 changed files
with
98 additions
and
1 deletion.
There are no files selected for viewing
28 changes: 28 additions & 0 deletions
28
meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-is-password-set-by-default
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| #!/bin/sh | ||
|
|
||
| if [ "$1" = "-h" ]; then | ||
| echo "usage: $0" | ||
| echo | ||
| echo "After April 2024 all product are shipped with the BlueTooth PIN as" | ||
| echo "default password, this wasn't the case before that." | ||
| echo | ||
| echo "Returns if the product left the factory with the PIN as password," | ||
| echo "which can e.g. be used to restore a product to its default factory state." | ||
| echo | ||
| echo "example:" | ||
| echo | ||
| echo " if ve-is-password-set-by-default; then" | ||
| echo " There was a unique password set by default and it should be restored for factory default" | ||
| echo " else:" | ||
| echo " The product left the factory without a default unique password, and the user is" | ||
| echo " expected to set one first if a password is required or disable the password check." | ||
| fi | ||
|
|
||
| installer_version="$(sed -n '3p' /data/venus/installer-version 2>/dev/null)" | ||
|
|
||
| if [ ${installer_version:-0} -ge 20240405000000 ]; then | ||
| exit 0 | ||
| else | ||
| exit 1 | ||
| fi | ||
|
|
19 changes: 19 additions & 0 deletions
19
meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-password-as-in-factory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| #!/bin/sh | ||
|
|
||
| if [ "$1" = "-h" ]; then | ||
| echo "usage: $0" | ||
| echo | ||
| echo "Simple helper to set a password back to how it was after it left the factory" | ||
| echo "if there is currently none set. If it left the factory without a default password," | ||
| echo "this script does nothing, since there is no default password already. If it left" | ||
| echo "the factory with the BlueTooth PIN code as password that will be restored" | ||
| echo | ||
| echo "The intended usage is that after running a factory default script, i.o.w removing" | ||
| echo "most of /data, this script will be called to restore the default password to" | ||
| echo "factory default. Which migh be the PIN code or none at all." | ||
| fi | ||
|
|
||
| if [ ! -f /data/conf/vncpassword.txt ] && ve-is-password-set-by-default; then | ||
| ve-set-passwd-to-pincode | ||
| fi | ||
|
|
44 changes: 44 additions & 0 deletions
44
meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-set-passwd-to-pincode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| #!/usr/bin/python3 | ||
|
|
||
| import argparse | ||
| import bcrypt | ||
| import glob | ||
| import os | ||
| import subprocess | ||
|
|
||
| from datetime import datetime | ||
|
|
||
| parser = argparse.ArgumentParser( | ||
| description='Set the default password to the BlueTooth pincode as read from the EEPROM.', | ||
| epilog='Victron Energy B.V.' | ||
| ) | ||
| parser.add_argument('--allow-default', action='store_true', help='Assume a default 000000 pincode if reading from the EEPROM failed'); | ||
|
|
||
| args = parser.parse_args() | ||
|
|
||
| pin = "000000" | ||
| try: | ||
| pin = subprocess.check_output(['/opt/victronenergy/venus-eeprom/eeprom', '--show', 'bluetooth-pin'], encoding="utf-8").strip() | ||
| except: | ||
| if not args.allow_default: | ||
| print("Reading the pincode from the EEPROM failed, giving up!", file=sys.stderr) | ||
| os.exit(1) | ||
| pass | ||
|
|
||
| # Check randomness, since this might run during boot. | ||
| hash = bcrypt.hashpw(pin.encode('utf-8'), bcrypt.gensalt(prefix=b"2a", rounds=8)) | ||
|
|
||
| # syncs -> make sure it is actually on the storage medium, so it is still there if power is cut. | ||
| passwd_file = "/data/conf/vncpassword.txt" | ||
| with open(passwd_file + ".tmp", "w") as f: | ||
| f.write(hash.decode('utf-8')) | ||
| f.flush() | ||
| os.fsync(f.fileno()) | ||
|
|
||
| os.rename(passwd_file + ".tmp", passwd_file); | ||
|
|
||
| dst_dir = os.path.dirname(passwd_file) | ||
| fd = os.open(dst_dir, 0) | ||
| os.fsync(fd) | ||
| os.close(fd) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters