From patchwork Wed Nov 28 04:20:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004187 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SDQ1Qlpz9s1c for ; Wed, 28 Nov 2018 15:22:30 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="td7PFyvu"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s/jxgPCI"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SDP6LxdzDqhD for ; Wed, 28 Nov 2018 15:22:29 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="td7PFyvu"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s/jxgPCI"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="td7PFyvu"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s/jxgPCI"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBN5t85zDqgs for ; Wed, 28 Nov 2018 15:20:44 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 8F7D92234B; Tue, 27 Nov 2018 23:20:42 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=oz0GLpEFYNRb/Fk5sHaZr35g1L/lmJ6hB1bZxCz+4yA=; b=td7PF yvuinVOp/i+luZCAp6UyYHUtgm/KuCkP6ppDzZ6ccV8vPjmdvoqwJ7wMA46Dz64B SUEhl0bbjDW4HT1f2SfPW5thXnbIT+qy5pG1NcxTbYGjHGnMuHj+WfZVhjs9StpO Uszqa/tqkvp99LS2v8nYCDUxQKCo1fubgpjkbseWmqbipIJ74rOZdlhNettJHISs QIxEpl8UgZagK197+TFOmRdyDSq4fCaAV68AwlGOLFnH6m05zqxAXD1I7fJPrWv2 tuFkhilL0yONUGNMDTL8qQfwqJjIBvdM2dk389wpEE/U1XIqrFcPt9eoVFGhtMn8 o/BD+8V4z7oROxspQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=oz0GLpEFYNRb/Fk5sHaZr35g1L/lmJ6hB1bZxCz+4yA=; b=s/jxgPCI umsI97Pbg5dlfgD4pcpiUsMYL/n/QZ77dxvjBkJokU578IrJefaNDconQSKB52h6 5EFI0MieKzcXTM5NpvrA+plWP8vZAt28PBWC86kQ1ATw3qvQCAC+RyZ6EcMJUJeU K4jm9Qs2T+wOkJecoJGF23DXoLstZ75l/aAaJmUcf5GQHSAbulyGfiXR3L3OoKSa eY718TlW2BTNUSWsSfETY88vmw6Z1OQ9X83h15eOBDou0pbvB5SCzAxRbsIsGlc2 MbGf4XHks8ODgfM7ckk30L3NVnlamld84pAkG8fJGMN00u85rHWO3Brb/6bioo8y OaAL3g5Qzmkohg== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 29B00102DD; Tue, 27 Nov 2018 23:20:40 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 11/13] ui/common: Client authentication helpers Date: Wed, 28 Nov 2018 15:20:10 +1100 Message-Id: <20181128042012.25916-12-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Track the client's authentication status and provide methods for the client to send authentication requests to the server. Signed-off-by: Samuel Mendoza-Jonas --- ui/common/discover-client.c | 81 +++++++++++++++++++++++++++++++++++++ ui/common/discover-client.h | 12 ++++++ 2 files changed, 93 insertions(+) diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index d9414976..e7dfb831 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -1,4 +1,8 @@ +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + #include #include #include @@ -22,6 +26,7 @@ struct discover_client { struct discover_client_ops ops; int n_devices; struct device **devices; + bool authenticated; }; static int discover_client_destructor(void *arg) @@ -171,6 +176,7 @@ static int discover_client_process(void *arg) { struct discover_client *client = arg; struct pb_protocol_message *message; + struct auth_message *auth_msg; struct plugin_option *p_opt; struct system_info *sysinfo; struct boot_option *opt; @@ -266,6 +272,20 @@ static int discover_client_process(void *arg) case PB_PROTOCOL_ACTION_PLUGINS_REMOVE: plugins_remove(client); break; + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc_zero(ctx, struct auth_message); + + rc = pb_protocol_deserialise_authenticate(auth_msg, message); + if (rc || auth_msg->op != AUTH_MSG_RESPONSE) { + pb_log("%s: invalid auth message? (%d)\n", + __func__, rc); + goto out; + } + + pb_log("Client %sauthenticated by server\n", + client->authenticated ? "" : "un"); + client->authenticated = auth_msg->authenticated; + break; default: pb_log_fn("unknown action %d\n", message->action); } @@ -311,6 +331,13 @@ struct discover_client* discover_client_init(struct waitset *waitset, waiter_register_io(waitset, client->fd, WAIT_IN, discover_client_process, client); + /* Assume this client can't make changes if crypt support is enabled */ +#ifdef CRYPT_SUPPORT + client->authenticated = false; +#else + client->authenticated = true; +#endif + return client; out_err: @@ -333,6 +360,11 @@ struct device *discover_client_get_device(struct discover_client *client, return client->devices[index]; } +bool discover_client_authenticated(struct discover_client *client) +{ + return client->authenticated; +} + static void create_boot_command(struct boot_command *command, const struct device *device __attribute__((unused)), const struct boot_option *boot_option, @@ -471,3 +503,52 @@ int discover_client_send_temp_autoboot(struct discover_client *client, return pb_protocol_write_message(client->fd, message); } + +int discover_client_send_authenticate(struct discover_client *client, + char *password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_REQUEST; + auth_msg.password = password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} + +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_SET; + auth_msg.set_password.password = password; + auth_msg.set_password.new_password = new_password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 2a2ea288..9b56dcb7 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -71,6 +71,12 @@ int discover_client_device_count(struct discover_client *client); struct device *discover_client_get_device(struct discover_client *client, int index); +/** + * Get the client's authentication status. This is only useful if Petitboot + * has been built with crypt support. + */ +bool discover_client_authenticated(struct discover_client *client); + /* Tell the discover server to boot an image * @param client A pointer to the discover client * @param boot_command The command to boot @@ -101,6 +107,12 @@ int discover_client_send_url(struct discover_client *client, char *url); /* Send plugin file path to discover server to install */ int discover_client_send_plugin_install(struct discover_client *client, char *file); +/* Authenticate with pb-discover to allow modification */ +int discover_client_send_authenticate(struct discover_client *client, + char *password); +/* Set a new system password, authenticating with the current password */ +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password); /* send a temporary autoboot override */ int discover_client_send_temp_autoboot(struct discover_client *client,