[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] single-user mode in DomU

Try passing "single init=/bin/bash" as "extras" 

Just "single" should get you by, however not sure what OS your dom-u is,
above method should work on just about everything.

If this is just to change the root password, I'm attaching a handy perl
script to make the appropriate md5/digest hash so its easy to edit
the /etc/passwd (or shadow) on the dom-u without the hassle of chroot,
handy to automate re-setting a lost root password.

just run ./setroot.pl password , its designed to be used in a shell
script .. so echo -e `./setroot.pl password` "\n" may make for better
human readable output which one could cut and paste :)

It will return the appropriate md5 for the password you can replace
in /etc/password , /etc/shadow respectively. 

Again, I ripped this right out of webmin to have something handy to use
via command line to provision dom-u's without help from humans and with
very little effort and to make a method available to allow dom-u root
users to re-set their password self-service.

Best,
-Tim

Begin setroot.pl (chmod +x to use)
-----------------------------------[snip]

#!/usr/bin/perl

# Functions for MD5 and SHA1 password encryption

# check_md5()
# Returns a perl module name if the needed perl module(s) for MD5
encryption
# are not installed, or undef if they are
sub check_md5
{
eval "use MD5";
if (!$@) {
        eval "use Digest::MD5";
        if ($@) {
                return "Digest::MD5";
                }
        }
return undef;
}

# encrypt_md5(string, [salt])
# Returns a string encrypted in MD5 format
sub encrypt_md5
{
local $passwd = $_[0];
local $magic = '$1$';
local $salt = $_[1] || substr(time(), -8);

# Add the password, magic and salt
local $cls = "MD5";
eval "use MD5";
if ($@) {
        $cls = "Digest::MD5";
        eval "use Digest::MD5";
        if ($@) {
                &error("Missing MD5 or Digest::MD5 perl modules");
                }
        }
local $ctx = eval "new $cls";
$ctx->add($passwd);
$ctx->add($magic);
$ctx->add($salt);

# Add some more stuff from the hash of the password and salt
local $ctx1 = eval "new $cls";
$ctx1->add($passwd);
$ctx1->add($salt);
$ctx1->add($passwd);
local $final = $ctx1->digest();
for($pl=length($passwd); $pl>0; $pl-=16) {
        $ctx->add($pl > 16 ? $final : substr($final, 0, $pl));
        }

# This piece of code seems rather pointless, but it's in the C code that
# does MD5 in PAM so it has to go in!
local $j = 0;
local ($i, $l);
for($i=length($passwd); $i; $i >>= 1) {
        if ($i & 1) {
                $ctx->add("\0");
                }
        else {
                $ctx->add(substr($passwd, $j, 1));
                }
        }
$final = $ctx->digest();

# This loop exists only to waste time
for($i=0; $i<1000; $i++) {
        $ctx1 = eval "new $cls";
        $ctx1->add($i & 1 ? $passwd : $final);
        $ctx1->add($salt) if ($i % 3);
        $ctx1->add($passwd) if ($i % 7);
        $ctx1->add($i & 1 ? $final : $passwd);
        $final = $ctx1->digest();
        }

# Convert the 16-byte final string into a readable form
local $rv = $magic.$salt.'$';
local @final = map { ord($_) } split(//, $final);
$l = ($final[ 0]<<16) + ($final[ 6]<<8) + $final[12];
$rv .= &to64($l, 4);
$l = ($final[ 1]<<16) + ($final[ 7]<<8) + $final[13];
$rv .= &to64($l, 4);
$l = ($final[ 2]<<16) + ($final[ 8]<<8) + $final[14];
$rv .= &to64($l, 4);
$l = ($final[ 3]<<16) + ($final[ 9]<<8) + $final[15];
$rv .= &to64($l, 4);
$l = ($final[ 4]<<16) + ($final[10]<<8) + $final[ 5];
$rv .= &to64($l, 4);
$l = $final[11];
$rv .= &to64($l, 2);

return $rv;
}

@itoa64 = split(//,
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
sub to64
{
local ($v, $n) = @_;
local $r;
while(--$n >= 0) {
        $r .= $itoa64[$v & 0x3f];
        $v >>= 6;
        }
return $r;
}

sub check_sha1
{
eval "use Digest::SHA1";
return $@ ? "Digest::SHA1" : undef;
}

# encrypt_sha1(password)
# Encrypts a password in SHA1 format
sub encrypt_sha1
{
local $pass = $_[0];
local $sh = eval "use Digest::SHA1 qw(sha1_base64);return sha1_base64(\
$pass);";
return "{SHA}$sh=";
}

1;


$pass=$ARGV[0];

$md5=encrypt_md5("$pass");

print $md5;

[/snip]------------------------------------------------------------

On Mon, 2006-09-25 at 01:16 -0400, Bhatia, Nikhil wrote:
> Hello Xen Users,
> 
>  
> 
> I am trying to log into the guest domain in a single-user mode but am
> unable to do so by putting the value of the âextrasâ field in my
> configure script to 1. Is that the right way to get into the
> single-user mode? If not can anyone please let me know of the correct
> way? 
> 
>  
> 
> Thanks,
> 
> Nikhil
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.