WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] single-user mode in DomU

from [Tim Post] [Permanent Link][Original]
To: "Bhatia, Nikhil" <bhatia@xxxxxxxx>
Subject: Re: [Xen-users] single-user mode in DomU
From: Tim Post <tim.post@xxxxxxxxxxxxxxx>
Date: Mon, 25 Sep 2006 14:17:06 +0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 24 Sep 2006 23:18:08 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <537C6C0940C6C143AA46A88946B85417047300F9@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Net Kinetics
References: <537C6C0940C6C143AA46A88946B85417047300F9@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tim.post@xxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Try passing "single init=/bin/bash" as "extras" 

Just "single" should get you by, however not sure what OS your dom-u is,
above method should work on just about everything.

If this is just to change the root password, I'm attaching a handy perl
script to make the appropriate md5/digest hash so its easy to edit
the /etc/passwd (or shadow) on the dom-u without the hassle of chroot,
handy to automate re-setting a lost root password.

just run ./setroot.pl password , its designed to be used in a shell
script .. so echo -e `./setroot.pl password` "\n" may make for better
human readable output which one could cut and paste :)

It will return the appropriate md5 for the password you can replace
in /etc/password , /etc/shadow respectively. 

Again, I ripped this right out of webmin to have something handy to use
via command line to provision dom-u's without help from humans and with
very little effort and to make a method available to allow dom-u root
users to re-set their password self-service.

Best,
-Tim

Begin setroot.pl (chmod +x to use)
-----------------------------------[snip]

#!/usr/bin/perl

# Functions for MD5 and SHA1 password encryption

# check_md5()
# Returns a perl module name if the needed perl module(s) for MD5
encryption
# are not installed, or undef if they are
sub check_md5
{
eval "use MD5";
if (!$@) {
        eval "use Digest::MD5";
        if ($@) {
                return "Digest::MD5";
                }
        }
return undef;
}

# encrypt_md5(string, [salt])
# Returns a string encrypted in MD5 format
sub encrypt_md5
{
local $passwd = $_[0];
local $magic = '$1$';
local $salt = $_[1] || substr(time(), -8);

# Add the password, magic and salt
local $cls = "MD5";
eval "use MD5";
if ($@) {
        $cls = "Digest::MD5";
        eval "use Digest::MD5";
        if ($@) {
                &error("Missing MD5 or Digest::MD5 perl modules");
                }
        }
local $ctx = eval "new $cls";
$ctx->add($passwd);
$ctx->add($magic);
$ctx->add($salt);

# Add some more stuff from the hash of the password and salt
local $ctx1 = eval "new $cls";
$ctx1->add($passwd);
$ctx1->add($salt);
$ctx1->add($passwd);
local $final = $ctx1->digest();
for($pl=length($passwd); $pl>0; $pl-=16) {
        $ctx->add($pl > 16 ? $final : substr($final, 0, $pl));
        }

# This piece of code seems rather pointless, but it's in the C code that
# does MD5 in PAM so it has to go in!
local $j = 0;
local ($i, $l);
for($i=length($passwd); $i; $i >>= 1) {
        if ($i & 1) {
                $ctx->add("\0");
                }
        else {
                $ctx->add(substr($passwd, $j, 1));
                }
        }
$final = $ctx->digest();

# This loop exists only to waste time
for($i=0; $i<1000; $i++) {
        $ctx1 = eval "new $cls";
        $ctx1->add($i & 1 ? $passwd : $final);
        $ctx1->add($salt) if ($i % 3);
        $ctx1->add($passwd) if ($i % 7);
        $ctx1->add($i & 1 ? $final : $passwd);
        $final = $ctx1->digest();
        }

# Convert the 16-byte final string into a readable form
local $rv = $magic.$salt.'$';
local @final = map { ord($_) } split(//, $final);
$l = ($final[ 0]<<16) + ($final[ 6]<<8) + $final[12];
$rv .= &to64($l, 4);
$l = ($final[ 1]<<16) + ($final[ 7]<<8) + $final[13];
$rv .= &to64($l, 4);
$l = ($final[ 2]<<16) + ($final[ 8]<<8) + $final[14];
$rv .= &to64($l, 4);
$l = ($final[ 3]<<16) + ($final[ 9]<<8) + $final[15];
$rv .= &to64($l, 4);
$l = ($final[ 4]<<16) + ($final[10]<<8) + $final[ 5];
$rv .= &to64($l, 4);
$l = $final[11];
$rv .= &to64($l, 2);

return $rv;
}

@itoa64 = split(//,
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
sub to64
{
local ($v, $n) = @_;
local $r;
while(--$n >= 0) {
        $r .= $itoa64[$v & 0x3f];
        $v >>= 6;
        }
return $r;
}

sub check_sha1
{
eval "use Digest::SHA1";
return $@ ? "Digest::SHA1" : undef;
}

# encrypt_sha1(password)
# Encrypts a password in SHA1 format
sub encrypt_sha1
{
local $pass = $_[0];
local $sh = eval "use Digest::SHA1 qw(sha1_base64);return sha1_base64(\
$pass);";
return "{SHA}$sh=";
}

1;


$pass=$ARGV[0];

$md5=encrypt_md5("$pass");

print $md5;

[/snip]------------------------------------------------------------

On Mon, 2006-09-25 at 01:16 -0400, Bhatia, Nikhil wrote:
> Hello Xen Users,
> 
>  
> 
> I am trying to log into the guest domain in a single-user mode but am
> unable to do so by putting the value of the “extras” field in my
> configure script to 1. Is that the right way to get into the
> single-user mode? If not can anyone please let me know of the correct
> way? 
> 
>  
> 
> Thanks,
> 
> Nikhil
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] single-user mode in DomU, Bhatia, Nikhil
Next by Date:  [Xen-users] Bind interdomain ioctl error 22, Orathai Sukwong
Previous by Thread:  [Xen-users] single-user mode in DomU, Bhatia, Nikhil
Next by Thread:  [Xen-users] Bind interdomain ioctl error 22, Orathai Sukwong
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy