diff options
| author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2020-01-30 19:41:20 +0300 |
|---|---|---|
| committer | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2020-01-30 20:01:04 +0300 |
| commit | 8f3c2240f6dd48888e8552e905945ffcd62900a6 (patch) | |
| tree | 7c1a0a602371cfc576f91a89a476a5c92f4c3c1f /special-mode-mgr/cmake/FindPAM.cmake | |
| parent | de66bb8fdc5fcd0df7f75af71155852d0182d5c8 (diff) | |
| download | provingground-8f3c2240f6dd48888e8552e905945ffcd62900a6.tar.xz | |
Configure special user, if not set and in mfg mode
Configure special user with default passwod 0penBmc1, when
the root user is not set with any password, and mark the
password as expired, so that it will be forced to update on
first login. This method can be used when Host interface is
not available and we still need to enable root user.
Note: This feature is under VALIDATION_UNSECURE flag, and hence
will be available for reference only image.
Tested:
1. Built the image without debug-tweaks and flashed the same
2. Confirmed that root user is not enabled during regular boot
3. Pressed power button for 15 seconds during AC Cycle, and
entered manufacturing mode
4. Able to login to root user with password "0penBmc1" and
updated the password to the new one, due to force password update
5. Verified upon rebooting, the newly configured password can be
used to login to the serial console
Change-Id: I53e68ebbe24110a116816a29fe1bf5b3142b8bc2
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Diffstat (limited to 'special-mode-mgr/cmake/FindPAM.cmake')
| -rw-r--r-- | special-mode-mgr/cmake/FindPAM.cmake | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/special-mode-mgr/cmake/FindPAM.cmake b/special-mode-mgr/cmake/FindPAM.cmake new file mode 100644 index 0000000..25307bd --- /dev/null +++ b/special-mode-mgr/cmake/FindPAM.cmake @@ -0,0 +1,71 @@ +# - Try to find the PAM libraries +# Once done this will define +# +# PAM_FOUND - system has pam +# PAM_INCLUDE_DIR - the pam include directory +# PAM_LIBRARIES - libpam library + +if (PAM_INCLUDE_DIR AND PAM_LIBRARY) + # Already in cache, be silent + set(PAM_FIND_QUIETLY TRUE) +endif (PAM_INCLUDE_DIR AND PAM_LIBRARY) + +find_path(PAM_INCLUDE_DIR NAMES security/pam_appl.h pam/pam_appl.h) +find_library(PAM_LIBRARY pam) +find_library(DL_LIBRARY dl) + +if (PAM_INCLUDE_DIR AND PAM_LIBRARY) + set(PAM_FOUND TRUE) + if (DL_LIBRARY) + set(PAM_LIBRARIES ${PAM_LIBRARY} ${DL_LIBRARY}) + else (DL_LIBRARY) + set(PAM_LIBRARIES ${PAM_LIBRARY}) + endif (DL_LIBRARY) + + if (EXISTS ${PAM_INCLUDE_DIR}/pam/pam_appl.h) + # darwin claims to be something special + set(HAVE_PAM_PAM_APPL_H 1) + endif (EXISTS ${PAM_INCLUDE_DIR}/pam/pam_appl.h) + + if (NOT DEFINED PAM_MESSAGE_CONST) + include(CheckCXXSourceCompiles) + # XXX does this work with plain c? + check_cxx_source_compiles(" +#if ${HAVE_PAM_PAM_APPL_H}+0 +# include <pam/pam_appl.h> +#else +# include <security/pam_appl.h> +#endif +static int PAM_conv( + int num_msg, + const struct pam_message **msg, /* this is the culprit */ + struct pam_response **resp, + void *ctx) +{ + return 0; +} +int main(void) +{ + struct pam_conv PAM_conversation = { + &PAM_conv, /* this bombs out if the above does not match */ + 0 + }; + return 0; +} +" PAM_MESSAGE_CONST) + endif (NOT DEFINED PAM_MESSAGE_CONST) + set(PAM_MESSAGE_CONST ${PAM_MESSAGE_CONST} CACHE BOOL "PAM expects a conversation function with const pam_message") + +endif (PAM_INCLUDE_DIR AND PAM_LIBRARY) + +if (PAM_FOUND) + if (NOT PAM_FIND_QUIETLY) + message(STATUS "Found PAM: ${PAM_LIBRARIES}") + endif (NOT PAM_FIND_QUIETLY) +else (PAM_FOUND) + if (PAM_FIND_REQUIRED) + message(FATAL_ERROR "PAM was not found") + endif(PAM_FIND_REQUIRED) +endif (PAM_FOUND) + +mark_as_advanced(PAM_INCLUDE_DIR PAM_LIBRARY DL_LIBRARY PAM_MESSAGE_CONST) |