#!/usr/bin/bash # # This is a minimal version of login(1). It will be called by agetty for console and serial terminal logins. # function authenticate_user() { # Authenticates the (only) user if a terminal login password is configured. # Returns if successful or if no password is configured, exits after some failed attempts. # The login name is always ignored as the recovery system knows only one user. if [[ -f /.TTY_ROOT_PASSWORD ]]; then trap '' SIGINT SIGQUIT SIGTSTP # Read the configured hash signature from its file read -r TTY_ROOT_PASSWORD </.TTY_ROOT_PASSWORD # Extract hash algorithm and salt from the configured hash signature IFS='$' read -r _ method salt _ </.TTY_ROOT_PASSWORD for _ in 1 2 3; do read -r -s -p "Password: " password 2>&1 echo "" # Compute signature of the password to verify password_signature="$(openssl passwd -"$method" -salt "$salt" "$password")" if [[ "$password_signature" == "$TTY_ROOT_PASSWORD" ]]; then # Password matches: Success! trap - SIGINT SIGQUIT SIGTSTP return fi sleep 5 echo -e "\nLogin incorrect" read -r -p "$(hostname) login: " _ 2>&1 # Fake a login prompt although the user name is not used. done exit 1 # Exit after several unsuccessful attempts fi } # Authenticate the (only) user if a password is configured. authenticate_user # setup standard environment for root user # ATM root is the only user who can logon at the rescue system export HOME=/root cd $HOME exec -a -bash /bin/bash