summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVadim Bendebury <vbendeb@chromium.org>2018-01-10 11:31:53 -0800
committerchrome-bot <chrome-bot@chromium.org>2018-01-12 03:27:09 -0800
commit35c8f62480ec47dac9825e1fc0fdf6a59b47df8f (patch)
tree0a543f491a1a4e44e7f26718639ced578da15c16
parent88c5e62f89a7d9eab423c8fd11dd49c51e512826 (diff)
downloadchrome-ec-35c8f62480ec47dac9825e1fc0fdf6a59b47df8f.tar.gz
ccd: do not allow 'unlock' from console unless password is set
CCD management policies explicitly prohibit running the 'unlock' command from the Cr50 CLI unless CCD password is set. This patch enforces the policy. BRANCH=cr50 BUG=b:62537474 TEST=ran the following commands on the Cr50 console: > ccd State: Locked Password: none ... > ccd unlock Cann't unlock without password Access Denied Usage: ccd [help | ...] > Change-Id: I5a14a54049a233e86e097064ff235e9b7a8bbb86 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/861000 Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat
-rw-r--r--common/ccd_config.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/common/ccd_config.c b/common/ccd_config.c
index 185b29278a..12885926dd 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -1182,8 +1182,13 @@ static int command_ccd_body(int argc, char **argv)
/* Commands to set state */
if (!strcasecmp(argv[1], "lock"))
return ccd_command_wrapper(0, NULL, CCDV_LOCK);
- if (!strcasecmp(argv[1], "unlock"))
+ if (!strcasecmp(argv[1], "unlock")) {
+ if (!raw_has_password()) {
+ ccprintf("Unlock only allowed after password is set\n");
+ return EC_ERROR_ACCESS_DENIED;
+ }
return ccd_command_wrapper(argc - 1, argv[2], CCDV_UNLOCK);
+ }
if (!strcasecmp(argv[1], "open"))
return ccd_command_wrapper(argc - 1, argv[2], CCDV_OPEN);
View Lorry Controller Status