From patchwork Thu Jun 28 06:41:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 935966 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41GVcs18wcz9ryk for ; Thu, 28 Jun 2018 16:44:29 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="PpGgCT7D"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="CfVq8hG4"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41GVcr6gpMzF1RG for ; Thu, 28 Jun 2018 16:44:28 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="PpGgCT7D"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="CfVq8hG4"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.25; helo=out1-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="PpGgCT7D"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="CfVq8hG4"; dkim-atps=neutral Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41GVZf4w1BzF1QG for ; Thu, 28 Jun 2018 16:42:34 +1000 (AEST) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 6A27F21AF4; Thu, 28 Jun 2018 02:42:24 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 28 Jun 2018 02:42:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=qSKCAIH4ZI5N2dKPj/Q5OrBB6ACZdMGpdknJntkRCzc=; b=PpGgCT7D 8kTYaS375ePMeDQva7pXnMT+ol8pUGuWUlObcEfzOC21tKTXVSEF47lrHYDce6wQ QIGTT9SnSsK8vIrkHuYo5ruFfRfh2pT4vBND5T8chvP3cdENfsbubxKK5G9fQpYG nyx32Y6VvuaJvCaPCSZQaSlAVxLyf7ubOcndfSlnBJ+4I9pZkGc/ijjGRN3Kut/W wJ8k1HilhV4yn+qbRy12A9R8YXxGzPJdeMv1e7ojUSi1vx+V68P/e9FVvXZQejbs TC1galnkCJM8gSxjxHl+UasXgDVkwYcmeJje081xRh0hkHxjT4jZoHWceVIzxocr 0L/ai6XipNBx7A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=qSKCAIH4ZI5N2dKPj/Q5OrBB6ACZdMGpdknJntkRCzc=; b=CfVq8hG4 jyqJIsedvTwCa4FbrP3NtDdt5E5nNyGlDwI3MQbkQHMyazu1ZqfbX6VgUgMtT3Fk y8mPacwxmfEk7JCipxv5aSzj0+4sBURGn9tD1U3D3G+0DO778LQUQW35K4Ss+VzT Cp5GuzZQIjLHbFMVRB5W9R+ksc278DiP3m2j57sga4EGqLUB9OrC2IXjGr6JRz/u 0kbGg25LuaYlSD8+xj567HTlAUsdZOlTGfqc12QMBO9sjpC7LiaZgCsIOng+3UbS hUQ8b9ioFN8FlLehTcPn9u7DHOLQzaFB7qT9j/hNfkErxmVKaSu8NHK0G5Q/b7LC tj3JRMJ8dL+l0g== X-ME-Proxy: X-ME-Sender: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id EFCB010255; Thu, 28 Jun 2018 02:42:22 -0400 (EDT) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [RFC PATCH 11/13] ui/common: Client authentication helpers Date: Thu, 28 Jun 2018 16:41:49 +1000 Message-Id: <20180628064151.13370-12-sam@mendozajonas.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180628064151.13370-1-sam@mendozajonas.com> References: <20180628064151.13370-1-sam@mendozajonas.com> X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas MIME-Version: 1.0 Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Track the client's authentication status and provide methods for the client to send authentication requests to the server. Signed-off-by: Samuel Mendoza-Jonas --- ui/common/discover-client.c | 81 +++++++++++++++++++++++++++++++++++++ ui/common/discover-client.h | 12 ++++++ 2 files changed, 93 insertions(+) diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index 784154e..4b08568 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -1,4 +1,8 @@ +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + #include #include #include @@ -22,6 +26,7 @@ struct discover_client { struct discover_client_ops ops; int n_devices; struct device **devices; + bool authenticated; }; static int discover_client_destructor(void *arg) @@ -171,6 +176,7 @@ static int discover_client_process(void *arg) { struct discover_client *client = arg; struct pb_protocol_message *message; + struct auth_message *auth_msg; struct plugin_option *p_opt; struct system_info *sysinfo; struct boot_option *opt; @@ -266,6 +272,20 @@ static int discover_client_process(void *arg) case PB_PROTOCOL_ACTION_PLUGINS_REMOVE: plugins_remove(client); break; + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc_zero(ctx, struct auth_message); + + rc = pb_protocol_deserialise_authenticate(auth_msg, message); + if (rc || auth_msg->op != AUTH_MSG_RESPONSE) { + pb_log("%s: invalid auth message? (%d)\n", + __func__, rc); + goto out; + } + + pb_log("Client %sauthenticated by server\n", + client->authenticated ? "" : "un"); + client->authenticated = auth_msg->authenticated; + break; default: pb_log("%s: unknown action %d\n", __func__, message->action); } @@ -311,6 +331,13 @@ struct discover_client* discover_client_init(struct waitset *waitset, waiter_register_io(waitset, client->fd, WAIT_IN, discover_client_process, client); + /* Assume this client can't make changes if crypt support is enabled */ +#ifdef CRYPT_SUPPORT + client->authenticated = false; +#else + client->authenticated = true; +#endif + return client; out_err: @@ -333,6 +360,11 @@ struct device *discover_client_get_device(struct discover_client *client, return client->devices[index]; } +bool discover_client_authenticated(struct discover_client *client) +{ + return client->authenticated; +} + static void create_boot_command(struct boot_command *command, const struct device *device __attribute__((unused)), const struct boot_option *boot_option, @@ -453,3 +485,52 @@ int discover_client_send_plugin_install(struct discover_client *client, return pb_protocol_write_message(client->fd, message); } + +int discover_client_send_authenticate(struct discover_client *client, + char *password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_REQUEST; + auth_msg.password = password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} + +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_SET; + auth_msg.set_password.password = password; + auth_msg.set_password.new_password = new_password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 7224691..cc5ed78 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -71,6 +71,12 @@ int discover_client_device_count(struct discover_client *client); struct device *discover_client_get_device(struct discover_client *client, int index); +/** + * Get the client's authentication status. This is only useful if Petitboot + * has been built with crypt support. + */ +bool discover_client_authenticated(struct discover_client *client); + /* Tell the discover server to boot an image * @param client A pointer to the discover client * @param boot_command The command to boot @@ -101,5 +107,11 @@ int discover_client_send_url(struct discover_client *client, char *url); /* Send plugin file path to discover server to install */ int discover_client_send_plugin_install(struct discover_client *client, char *file); +/* Authenticate with pb-discover to allow modification */ +int discover_client_send_authenticate(struct discover_client *client, + char *password); +/* Set a new system password, authenticating with the current password */ +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password); #endif