ccd: require password to change or clear it

Let's not allow the user to clear or change CCD password without
specifying the old password.

To keep things simple, two changes are being made:

  - do not allow setting password if password is already set

  - when clearing the password require user to enter
    'clear:<password>' instead of just 'clear'

BRANCH=cr50
BUG=b:70029808
TEST=verified that setting password is possible only if there is no
     password set currently, and that invoking 'ccd password
     clear:<old password>' indeed clears the password.

Change-Id: I3753c2701e224ef89b25ad68c1b47b54eef9cdb1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/813098
Reviewed-by: Randall Spangler <rspangler@chromium.org>

1 files changed, 15 insertions, 5 deletions

diff --git a/common/ccd_config.c b/common/ccd_config.c
index dd46b1b1db..b2453b8fdf 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -772,13 +772,23 @@ static int do_ccd_password(char *password)
 	if (ccd_state == CCD_STATE_LOCKED)
 		return EC_ERROR_ACCESS_DENIED;
 
-	/* If password was set from Opened, can't change if just Unlocked */
-	if (raw_has_password() && ccd_state == CCD_STATE_UNLOCKED &&
-	    !ccd_get_flag(CCD_FLAG_PASSWORD_SET_WHEN_UNLOCKED))
-		return EC_ERROR_ACCESS_DENIED;
+	if (raw_has_password()) {
+		const char clear_prefix[] = {'c', 'l', 'e', 'a', 'r', ':'};
+
+		/*
+		 * The only allowed action at this point is to clear the
+		 * password. To do it the user is supposed to enter
+		 * 'clear:<passwd>'
+		 */
+		if (strncasecmp(password, clear_prefix, sizeof(clear_prefix)))
+			return EC_ERROR_ACCESS_DENIED;
+
+		if (raw_check_password(password + sizeof(clear_prefix)) !=
+		    EC_SUCCESS)
+			return EC_ERROR_ACCESS_DENIED;
 
-	if (!strcasecmp(password, "clear"))
 		return ccd_reset_password();
+	}
 
 	/* Set new password */
 	return ccd_set_password(password);