| Message ID | 20180826221720.30982-1-brett.grandbois@opengear.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | ui/ncurses: in lockdown ensure system reboot in ncurses menu exit | expand |
On Mon, 2018-08-27 at 08:17 +1000, Brett Grandbois wrote: > In a lockdown situation in the ncurses menu there is a switch to replace > the 'Exit to shell' option with 'Reboot', so the intent seems to be to > not allow the user the option to exit to shell in a lockdown situation. > However the associated foreced reboot logic is in the process atexit so > is only triggered when completely exiting the menu system. The default > menu item logic to exit to shell is still in place though so the menu > exit never occurs and shell access is still available. > Add a switch to a different menu exit callback to force a menu abort > using the same mechanism as a signal in lockdown situations so the shell > can never be entered. This also affects the 'x' or esc shortcut keys. > > Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> > --- > ui/ncurses/nc-cui.c | 13 ++++++++++++- > ui/ncurses/nc-cui.h | 1 + > 2 files changed, 13 insertions(+), 1 deletion(-) Thanks, merged as c4be9490. > > diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c > index 3abeac3..d3e00aa 100644 > --- a/ui/ncurses/nc-cui.c > +++ b/ui/ncurses/nc-cui.c > @@ -219,6 +219,17 @@ void cui_on_exit(struct pmenu *menu) > talloc_free(sh_cmd); > } > > +/** > + * cui_abort_on_exit - Force an exit of the main loop on menu exit. > + * This is mainly for lockdown situations where > + * the exit then triggers an expected reboot. > + */ > +void cui_abort_on_exit(struct pmenu *menu) > +{ > + struct cui *cui = cui_from_pmenu(menu); > + cui->abort = 1; > +} > + > /** > * cui_run_cmd - A generic cb to run the supplied command. > */ > @@ -1298,7 +1309,7 @@ static struct pmenu *main_menu_init(struct cui *cui) > int result; > bool lockdown = lockdown_active(); > > - m = pmenu_init(cui, 9, cui_on_exit); > + m = pmenu_init(cui, 9, lockdown ? cui_abort_on_exit : cui_on_exit); > if (!m) { > pb_log_fn("failed\n"); > return NULL; > diff --git a/ui/ncurses/nc-cui.h b/ui/ncurses/nc-cui.h > index 4997f4b..d26883b 100644 > --- a/ui/ncurses/nc-cui.h > +++ b/ui/ncurses/nc-cui.h > @@ -107,6 +107,7 @@ void cui_send_reinit(struct cui *cui); > void cui_abort(struct cui *cui); > void cui_resize(struct cui *cui); > void cui_on_exit(struct pmenu *menu); > +void cui_abort_on_exit(struct pmenu *menu); > void cui_on_open(struct pmenu *menu); > int cui_run_cmd(struct cui *cui, const char **cmd_argv); > int cui_run_cmd_from_item(struct pmenu_item *item);
diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 3abeac3..d3e00aa 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -219,6 +219,17 @@ void cui_on_exit(struct pmenu *menu) talloc_free(sh_cmd); } +/** + * cui_abort_on_exit - Force an exit of the main loop on menu exit. + * This is mainly for lockdown situations where + * the exit then triggers an expected reboot. + */ +void cui_abort_on_exit(struct pmenu *menu) +{ + struct cui *cui = cui_from_pmenu(menu); + cui->abort = 1; +} + /** * cui_run_cmd - A generic cb to run the supplied command. */ @@ -1298,7 +1309,7 @@ static struct pmenu *main_menu_init(struct cui *cui) int result; bool lockdown = lockdown_active(); - m = pmenu_init(cui, 9, cui_on_exit); + m = pmenu_init(cui, 9, lockdown ? cui_abort_on_exit : cui_on_exit); if (!m) { pb_log_fn("failed\n"); return NULL; diff --git a/ui/ncurses/nc-cui.h b/ui/ncurses/nc-cui.h index 4997f4b..d26883b 100644 --- a/ui/ncurses/nc-cui.h +++ b/ui/ncurses/nc-cui.h @@ -107,6 +107,7 @@ void cui_send_reinit(struct cui *cui); void cui_abort(struct cui *cui); void cui_resize(struct cui *cui); void cui_on_exit(struct pmenu *menu); +void cui_abort_on_exit(struct pmenu *menu); void cui_on_open(struct pmenu *menu); int cui_run_cmd(struct cui *cui, const char **cmd_argv); int cui_run_cmd_from_item(struct pmenu_item *item);
In a lockdown situation in the ncurses menu there is a switch to replace the 'Exit to shell' option with 'Reboot', so the intent seems to be to not allow the user the option to exit to shell in a lockdown situation. However the associated foreced reboot logic is in the process atexit so is only triggered when completely exiting the menu system. The default menu item logic to exit to shell is still in place though so the menu exit never occurs and shell access is still available. Add a switch to a different menu exit callback to force a menu abort using the same mechanism as a signal in lockdown situations so the shell can never be entered. This also affects the 'x' or esc shortcut keys. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> --- ui/ncurses/nc-cui.c | 13 ++++++++++++- ui/ncurses/nc-cui.h | 1 + 2 files changed, 13 insertions(+), 1 deletion(-)