From patchwork Thu Nov 22 23:36:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002060 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G7f5dVnz9s0t for ; Fri, 23 Nov 2018 10:37:18 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="h9bLyJQO"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="yxVa9/35"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G7d5BHXzDqSJ for ; Fri, 23 Nov 2018 10:37:17 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="h9bLyJQO"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="yxVa9/35"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="h9bLyJQO"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="yxVa9/35"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7517bGzDqS1 for ; Fri, 23 Nov 2018 10:36:48 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 3E97622068; Thu, 22 Nov 2018 18:36:44 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=o59YH22o+gF0PjrNrkLU5zXONLahQ8g1r2AI30e58R8=; b=h9bLy JQOcDAGKh7Ghx0jFIysIQ7FdZfXC9SfjStgKOFoA1AMz2uzZa/RnY1l40GoxCRC5 171H1unZ1p+3xQKDgyqAaJyZw+yhmcLjDYE3h5IscOw+d8SLZsG/DaXmioZG3Sz1 uShhS1+p7PofMdkcjb42P7KovwbHGgMFIV9WM6K6WgRppodVkn5BDh1iPFWxfeCp mo/J7eH48HxvhfziyW21ggLSAo1UhG+sVlCnKiHWtc/fDYTcIaDWLM9oA61Iv/Is UXVIkexwqqfJ8mMaC8Q/UG/XKBtWHvaTHNh1R93UNA+wm+oXmkno6S06/PL7YcZ0 PrAtdWTDMLal1+72w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=o59YH22o+gF0PjrNrkLU5zXONLahQ8g1r2AI30e58R8=; b=yxVa9/35 qlWYoepcpC0TirJ8+DlVtqnOEyvc5oZXCEM5R2RHzbufKmOSSb2Oq1uYkKW8vKeG YWv2Yo24iZ5rCuI5ePW6Y+SxxFMllBhP1zptljO0+KBW5eiP6EQFrmK3T+704+TS wtdU8zTvurWPghrgoxx1p+XPSbN2EToTwBdmyzBIg0+SaksQmvlTc6SI0iVOfrjd A3wZSbuJsOygJC5qAtrzSji6gwDKnMlH9cEYgC48MVRQL1GXq9cqPv5lTs7XTzBh QNhJWn5Sf1hrVDtHani+DYTuGz08zL4ZiORZiOW2tHLytvblu8pbkhXrdQND42Ge k7Wej+eoQayf1w== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id CBAD7102DE; Thu, 22 Nov 2018 18:36:42 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 01/13] utils/pb-console: Support agetty's autologin option Date: Fri, 23 Nov 2018 10:36:18 +1100 Message-Id: <20181122233630.6303-2-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If the getty arguments include '-a' do not set the '-l' option. This implies the environment has been configured with users and will launch the subsequent pb-console instance itself. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-console | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/utils/pb-console b/utils/pb-console index 282fca11..ef9ed0f6 100644 --- a/utils/pb-console +++ b/utils/pb-console @@ -80,12 +80,24 @@ then then getty="$getty_arg" fi + + login_arg="-l$0" + for ttyarg in "$@" + do + # If the getty args include autologin don't override with -l + # and leave calling petitboot-nc to the user's init + if [ "$ttyarg" == "-a" ] + then + login_arg="" + fi + done + if [ "$detach" = 1 ] then - $getty -l $0 "$@" & + $getty $login_arg "$@" & exit else - exec $getty -l $0 "$@" + exec $getty $login_arg "$@" fi fi From patchwork Thu Nov 22 23:36:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002061 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G7q59Jwz9s3C for ; Fri, 23 Nov 2018 10:37:27 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="BdJ0y0lV"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="lCq3ju8p"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G7q3V4gzDqS8 for ; Fri, 23 Nov 2018 10:37:27 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="BdJ0y0lV"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="lCq3ju8p"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="BdJ0y0lV"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="lCq3ju8p"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7517ZTzDqRw for ; Fri, 23 Nov 2018 10:36:48 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id C003121EAE; Thu, 22 Nov 2018 18:36:45 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=vsImfuXzX2A9KOgelojX5gwh3sS7UiJBcwG2lJmAKXY=; b=BdJ0y 0lVZraXvxEnDxBM6Y4s6b7qTY6vOo0psRrj/9eqNPdK79+3ri5y00g8IXk9McLM7 YD267kzRx9WEkF3rAQK0tXjdOXfiXTYjejzguEugITtv9qByGpDIWq3AJs7yHVKd fiJ7oxBpIN7CssvR1eGeJuMFw5U7gnN0TiElyTzy4mkJEnhSHH20QW6girkYHbJq VC/e4xMgm3k3Ui7b3P0VFLIpNSm6FHRnv4DzjG9ds1pyHm8c4Ku4a0/I5FlYJ7lg mLR70qyWbL8Z1l2z9Wl4+XECL+gtGa2I9mKhlh0vxiV5mVNoOUlq8GvbcRqjad6/ isXi4/F/Z9hglC2Kw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=vsImfuXzX2A9KOgelojX5gwh3sS7UiJBcwG2lJmAKXY=; b=lCq3ju8p 1sOG2royqvSgSRf4gjMDigex6dGc1g4ughY1MWhpBxaGrce9hD8tpskamNJpjcML wCPT5xkg3PnWpWKm32oAnzKbWDC+ERWgeIWPDjTiTrICDbfk8QMeQRzl+wlUshoW 4bdvFK0wdj8k4lOhOXDVZfcScRBKWGqwLFXxxuvTCRG0Hp/mCftL6jcr1TPRpPHb R5mt2B0ahH5ZEr15VCIMOQC54LJMWpyzpCiLXLFJtmtwIHJTw1byGzdqb/FTqe7l E5MvOgiER0ns8UrdzXUEwRqmXTFDO0nPnxgful5FociVeoYeT1C/2aCAWPh+dItO +LutkbMJERXLUA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 6161C102DE; Thu, 22 Nov 2018 18:36:44 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 02/13] utils/pb-sos: Don't create files in root by default Date: Fri, 23 Nov 2018 10:36:19 +1100 Message-Id: <20181122233630.6303-3-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If running in a non-root shell the user will not be able to create or access files in / so operate in the current directory instead. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-sos | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/utils/pb-sos b/utils/pb-sos index e3e8f6bb..44dcabd7 100755 --- a/utils/pb-sos +++ b/utils/pb-sos @@ -43,32 +43,31 @@ do shift done -mkdir -p /$diagdir +mkdir -p $diagdir # Include version of pb-discover -pb-discover --version > /$diagdir/version +pb-discover --version > $diagdir/version # Unconditionally grab relevant /var/log files log "Adding files from /var/log" -cp -r /var/log/messages /var/log/petitboot /$diagdir/ +cp -r /var/log/messages /var/log/petitboot $diagdir/ # Check if pb-discover segfaulted if [ -r $corefile ] then log "Adding core dump" - cp /core /$diagdir/ + cp /core $diagdir/ fi # Copy dmesg log "Adding dmesg" -dmesg > /$diagdir/dmesg +dmesg > $diagdir/dmesg # Add Skiboot log log "Adding Skiboot log" -cat /sys/firmware/opal/msglog > /$diagdir/msglog +cat /sys/firmware/opal/msglog > $diagdir/msglog log "Compressing..." -cd / tar $tarflags $tarfile $diagdir gzip < $tarfile > $tarfile.gz From patchwork Thu Nov 22 23:36:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002062 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G822fkgz9s0t for ; Fri, 23 Nov 2018 10:37:38 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="JCFea4Ke"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="duVUjJX/"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G820z00zDqSH for ; Fri, 23 Nov 2018 10:37:38 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="JCFea4Ke"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="duVUjJX/"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="JCFea4Ke"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="duVUjJX/"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G756Dj7zDqS3 for ; Fri, 23 Nov 2018 10:36:49 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 5C6C121C7A; Thu, 22 Nov 2018 18:36:47 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=BYmjRqbMwzLz6SXhtgP54XVKhxnJJ2XUL+jScsVB/GU=; b=JCFea 4Kekq6LIKe01+zCG95w18x2tGw1Kc9nzPTECDRvZ6Gnf4Qx3o+zd0ZVHEsgXjAGd seyn3pqmWQ8XE5QRa6ttLtrVbuKGH+nVbaMoLwXjlwkpSGbjgCI8QEM3enT2ejz3 nnbRqH8mP2yJtyeqnFkpdzNeN6y8LZcwLzZfzeVM+oR2pTQ1ZTiQ4/oVgGWHd4W7 QQb/b1ov7n9xNQnlVUzjGOQzGRHG0ZYcwlqgf4X7uGX5x9eiswPB4ozgFCsUIPO8 cA8/VNOv0/KIkY7Hvhik1qENiApXD2QkuMkUvaiL+kMl6e3n+0ucPNQHNl6cT/EY gAJefxwIQAqJwDKNg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=BYmjRqbMwzLz6SXhtgP54XVKhxnJJ2XUL+jScsVB/GU=; b=duVUjJX/ WUZYrOFa8ZbmhH8TC17EbMd7775yeLF99ehzfDoHvTWIcSCgy8TIoYaRiRennkwW T0ahEAYgebvH8WJ1nC3hXPQXrqjfYZU+k9VqJWzE3GKtvu2qjnbMbImsAQJ3w6g5 JIzOE6T3uqYTm7Y2CdmQw3h1jld469CwSB+wEqYAg06+MqEcGjr8Kqw7x0Dzraod mp6zHXB5/qJ8P7bYh4lS7QyQn+0H9q34bC32xch801+dviuF14DXesj2gSuWNKKl 60JJEwUpDhjWEyaLhp5kX0idXT+pbRgKtO/6VeZ3rtwBOnIRdpE5je2crk9ofnKy QpAr0nqdgPAcRw== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id E9CF6102EA; Thu, 22 Nov 2018 18:36:45 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 03/13] utils/pb-console: Set up controlling terminal Date: Fri, 23 Nov 2018 10:36:20 +1100 Message-Id: <20181122233630.6303-4-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Enabling job control in the shell. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-console | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/pb-console b/utils/pb-console index ef9ed0f6..62952959 100644 --- a/utils/pb-console +++ b/utils/pb-console @@ -94,7 +94,7 @@ then if [ "$detach" = 1 ] then - $getty $login_arg "$@" & + setsid -c $getty $login_arg "$@" & exit else exec $getty $login_arg "$@" From patchwork Thu Nov 22 23:36:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002063 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G8C5HtTz9s0n for ; Fri, 23 Nov 2018 10:37:47 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="by9zk9Im"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="IBvTKw/X"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G8C3SjhzDqSD for ; Fri, 23 Nov 2018 10:37:47 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="by9zk9Im"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="IBvTKw/X"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="by9zk9Im"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="IBvTKw/X"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G774MTZzDqS4 for ; Fri, 23 Nov 2018 10:36:51 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id E722C20DB2; Thu, 22 Nov 2018 18:36:48 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=r38ADd7r8IGrG2ETqQgm8TKSGUabe9yJdiltNvr/wSs=; b=by9zk 9Imd8qYY2G8+B3B3fY3HkZAV4YIx9/TwvxXTmIQmYNC6bTtALqZcMlC794OGAlTG yy9PVObjEUkpgrYDEM1G8JdN2OVxGhyvlwvC6fGLPATpn2nK+QrSe+sdXpnH7nbJ 0uZw6MLHlJl5cFsaFT2P4IGj5MMi5P6kH5qVP6pmLmz8gr5wOfk9s9A/+eRX7d/u A/F903+0USu9IpGbvqhQDyae7KdySZRTg7YtK4tip8sANEit6Op+rzocr7ikU4aw cvF9XO0Oy4eh/3ChbT9HwwlvkDDyd6phaezYkQzU0aGMia1UEaz0Xu/bMqXbe2/4 Qq1YOZvpoAZl0hCDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=r38ADd7r8IGrG2ETqQgm8TKSGUabe9yJdiltNvr/wSs=; b=IBvTKw/X tdiOE8x9yXJVdMev8gb57y2LfPW2WpTe4O9ASfwHmi12DKlbuScXsSU8ILIxnGXC yYDFV6jgDFmhELAuFaI+J2Y9r6kwtICu/HfN2WnVESlpzTSkCp24PVPjzdrmMRHT TUueXOeKm6srYhk4vDhVuM6fQCux8BI+SB1fhGJv9GUs3L6FtQnQSHmNX0vcQx9u dIc2STH/A85rNmM4sPyttIMETBVMB0GsKgfUE81veGa67x7pB2VRzkAtrxM8Z6X/ nWt+nhnY2j9TomG1mPt/8r0sZgonL9UfnmPoVMKIYVcz29sGapUzHu81FWd/gLGk P1B8vwCtSyYQ/Q== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 8605D102E0; Thu, 22 Nov 2018 18:36:47 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 04/13] utils/pb-console: Ignore SIGINT Date: Fri, 23 Nov 2018 10:36:21 +1100 Message-Id: <20181122233630.6303-5-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Trap and ignore SIGINT to avoid a SIGINT intended for petitboot-nc also exiting the parent pb-console script. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-console | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/pb-console b/utils/pb-console index 62952959..ad601e2e 100644 --- a/utils/pb-console +++ b/utils/pb-console @@ -134,6 +134,8 @@ fi # show particularly important messages dmesg -n 1 +trap '' SIGINT + while : do $ui $verbose_opt From patchwork Thu Nov 22 23:36:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002065 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G8Y3vCsz9s0n for ; Fri, 23 Nov 2018 10:38:05 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="cWHQPXOL"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="aDq50aEj"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G8Y286VzDqSD for ; Fri, 23 Nov 2018 10:38:05 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="cWHQPXOL"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="aDq50aEj"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="cWHQPXOL"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="aDq50aEj"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7D1GPBzDqS1 for ; Fri, 23 Nov 2018 10:36:56 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id D2CEA20DC2; Thu, 22 Nov 2018 18:36:50 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=xvscBvzmAFsRu3t32i2wLu/n2XWOVuSPsHYs7SMkhkE=; b=cWHQP XOLdATmtaKZRxHVCO6bY/DmAC2eaw+ytGkl7oBROCz+SUu5dqaiI3qD4OA9WTF9O k7mbrYmiBPAyXnlqGrF1fE4qh0SbYEBn2BbwerTV9cwMdHDMT644LH4tyw4pc4F4 9Kzg3VtzQhCETSGyDGVGfruiAcUbaXKxkEkqM0UeIDonLeUrvCZfDAN+NzSolE3E shs3/92AkyEpkcY+DKt9Gcp76OvIfFLJWJyQAx0rfugzWdNevFb+HJzv3R5HGFOO m26roT2iziBYwdHrCLkbR5Z07Bv48ow23MSBaExRAF7Fc4lOXBRTOuz7XWldSLn8 TSXwDdZbW0/rsrvCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=xvscBvzmAFsRu3t32i2wLu/n2XWOVuSPsHYs7SMkhkE=; b=aDq50aEj wsPft/qUISdSXvRJoK99xLoYPQBwujW2RT8gWdcL6ltr3HkYIxlkU4sOaNVamEe9 TXYnVzWaS7+j4/0jTvF9l53EjtKaMwP34tV+tMx6YN9phZ2kKkpMjddprG22bVrI xybfp32IAHH9dY6EPiHVGazpfUbpa+p8S7JIXX+DpAoMZHs1yBbD2mqCjeApLYMS 9kC18A3r7/QlERNJ3Of4NOBk55UmkrkV3MHOvpP64iyRulyj/qTH4VAFaUsb46xA g8bK7IBDVVcMoPXDdKWmgNjSpRB4KZNo8y3IaahTWXyBTzOyZiKxxPzz30i3VOWg 4HkciW90m/Cq8Q== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 27B90102E0; Thu, 22 Nov 2018 18:36:48 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 05/13] lib/crypt: Add helpers for operating on /etc/shadow Date: Fri, 23 Nov 2018 10:36:22 +1100 Message-Id: <20181122233630.6303-6-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Provides helper functions for reading, writing, and checking against /etc/shadow. The main use case if for authenticating clients against the "system" password, which is set as the root password. Signed-off-by: Samuel Mendoza-Jonas --- configure.ac | 22 ++++++++ lib/Makefile.am | 9 ++++ lib/crypt/crypt.c | 126 ++++++++++++++++++++++++++++++++++++++++++++++ lib/crypt/crypt.h | 49 ++++++++++++++++++ 4 files changed, 206 insertions(+) create mode 100644 lib/crypt/crypt.c create mode 100644 lib/crypt/crypt.h diff --git a/configure.ac b/configure.ac index 2bf6e6f6..4151b002 100644 --- a/configure.ac +++ b/configure.ac @@ -76,6 +76,27 @@ AC_CHECK_LIB([devmapper], [dm_task_create], [AC_MSG_FAILURE([The libdevmapper development library is required by petitboot. Try installing the package libdevmapper-dev or device-mapper-devel.])] ) +AC_ARG_ENABLE( + [crypt], + [AS_HELP_STRING( + [--enable-crypt], + [Include crypt support to enable password use [default=no]] + )], + [], + [enable_crypt=no] +) +AM_CONDITIONAL([ENABLE_CRYPT], [test "x$enable_crypt" = "xyes"]) +AS_IF([test "x$enable_crypt" = "xyes"], + [AC_DEFINE(CRYPT_SUPPORT, 1, [Enable crypt/password support])], + [] +) +AS_IF([test "x$enable_crypt" = "xyes"], + AC_CHECK_LIB([crypt], [crypt], + [CRYPT_LIBS=-lcrypt], + [AC_MSG_FAILURE([shadow/crypt libs required])] + ) +) + AC_ARG_WITH([fdt], AS_HELP_STRING([--without-fdt], [Build without libfdt (default: no)])) @@ -455,6 +476,7 @@ AS_IF( AC_SUBST([UDEV_LIBS]) AC_SUBST([DEVMAPPER_LIBS]) +AC_SUBST([CRYPT_LIBS]) AC_SUBST([FDT_LIBS]) AC_SUBST([LIBFLASH_LIBS]) AC_SUBST([LIBTOOL_DEPS]) diff --git a/lib/Makefile.am b/lib/Makefile.am index 016a14dd..69a66c37 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -35,6 +35,7 @@ lib_libpbcore_la_CFLAGS = \ lib_libpbcore_la_SOURCES = \ lib/ccan/endian/endian.h \ + lib/crypt/crypt.h \ lib/file/file.h \ lib/file/file.c \ lib/fold/fold.h \ @@ -93,3 +94,11 @@ lib_libpbcore_la_SOURCES += \ lib/security/none.c endif endif + +if ENABLE_CRYPT +lib_libpbcore_la_SOURCES += \ + lib/crypt/crypt.c + +lib_libpbcore_la_LDFLAGS += \ + $(CRYPT_LIBS) +endif diff --git a/lib/crypt/crypt.c b/lib/crypt/crypt.c new file mode 100644 index 00000000..dcaf3afe --- /dev/null +++ b/lib/crypt/crypt.c @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "crypt.h" + +int crypt_set_password_hash(void *ctx, const char *hash) +{ + struct spwd *shadow; + FILE *fp; + int rc; + + shadow = getspnam("root"); + if (!shadow) { + pb_log("Could not find root shadow\n"); + return -1; + } + + shadow->sp_pwdp = talloc_strdup(ctx, hash); + if (!shadow->sp_pwdp) { + pb_log("Could not assign password\n"); + return -1; + } + + lckpwdf(); + + fp = fopen("/etc/shadow", "w+"); + if (!fp) { + pb_log("Could not open shadow file\n"); + rc = -1; + goto out; + } + + rc = putspent(shadow, fp); + if (rc) + pb_log("Failed to set password hash\n"); + + talloc_free(shadow->sp_pwdp); +out: + fclose(fp); + ulckpwdf(); + return rc; +} + +static const char *crypt_hash_password(const char *password) +{ + struct spwd *shadow; + char *hash; + + shadow = getspnam("root"); + if (!shadow) { + pb_log("Could not find root shadow\n"); + return NULL; + } + + hash = crypt(password ?: "", shadow->sp_pwdp); + if (!hash) + pb_log("Could not create hash, %m\n"); + + + return hash; +} + + +int crypt_set_password(void *ctx, const char *password) +{ + const char *hash; + + hash = crypt_hash_password(password); + if (!hash) + return -1; + + return crypt_set_password_hash(ctx, hash); +} + +char *crypt_get_hash(void *ctx) +{ + struct spwd *shadow; + + shadow = getspnam("root"); + if (!shadow) { + pb_log("Could not find root shadow\n"); + return false; + } + + return talloc_strdup(ctx, shadow->sp_pwdp); +} + +bool crypt_check_password(const char *password) +{ + struct spwd *shadow; + char *hash; + + shadow = getspnam("root"); + if (!shadow) { + pb_log("Could not find root shadow\n"); + return false; + } + + hash = crypt(password ? : "", shadow->sp_pwdp); + if (!hash) { + pb_log("Could not create hash, %m\n"); + return false; + } + + return strncmp(shadow->sp_pwdp, hash, strlen(shadow->sp_pwdp)) == 0; +} diff --git a/lib/crypt/crypt.h b/lib/crypt/crypt.h new file mode 100644 index 00000000..4b242f0c --- /dev/null +++ b/lib/crypt/crypt.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#ifndef CRYPT_H +#define CRYPT_H + +#include "config.h" + +#ifdef CRYPT_SUPPORT + +char *crypt_get_hash(void *ctx); +bool crypt_check_password(const char *password); +int crypt_set_password(void *ctx, const char *password); +int crypt_set_password_hash(void *ctx, const char *hash); + +#else + +static inline char *crypt_get_hash(void *ctx __attribute__((unused))) +{ + return NULL; +} +static inline bool crypt_check_password( + const char *password __attribute__((unused))) +{ + return false; +} +static inline int crypt_set_password(void *ctx __attribute__((unused)), + const char *password __attribute__((unused))) +{ + return -1; +} +static inline int crypt_set_password_hash(void *ctx __attribute__((unused)), + const char *hash __attribute__((unused))) +{ + return -1; +} + +#endif +#endif /* CRYPT_H */ From patchwork Thu Nov 22 23:36:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002064 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G8P11zHz9s0n for ; Fri, 23 Nov 2018 10:37:57 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="ty8YG67V"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="i7g4i9ch"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G8N68f0zDqS9 for ; Fri, 23 Nov 2018 10:37:56 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="ty8YG67V"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="i7g4i9ch"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="ty8YG67V"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="i7g4i9ch"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7D0YJMzDqRw for ; Fri, 23 Nov 2018 10:36:55 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 6C75922040; Thu, 22 Nov 2018 18:36:52 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=ARMfurx3RRgcHjyA6iGXiqndn5/DUoqx4Ci2mD0WkKA=; b=ty8YG 67VQzWiy3DsIdKqnfsPbYw0Wosmj9ocjofs7PquMHZprSKAJusIhOgsKNjCwRmGU 6I2FK7DZ1/E8sS6TKzFzdAFgwfRuYebTqzK9ToxK2rBAQ4ysgAzs3qK3jePxUcih T6K7b2sbGSeLE08XkyoRDSH1CZt8DM8rpfbli/u1G1igOO0Y3WbVSUeju9lpd4iP npdpuOlkVbn0YQ0g53ZuyxmCPCDxjyoLGawIye+XlPjRKj8Em3izXgJf5F++WX75 rzvyTn9F9n3P+r3BCn66SlQtAG+UJ4u9cvU2JsRbpnrpPcF1KVJ/zn/PTfLgO5an LTHUezq1xQL8PWcdQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=ARMfurx3RRgcHjyA6iGXiqndn5/DUoqx4Ci2mD0WkKA=; b=i7g4i9ch DcEw6VaSJc9BWGy8hPff8raeOY0/8wLgsBmshZdLVpqwR3eBtiyhQArdXUh5Djnk MdlTwlltXPL6baIJWSEh2blymKX5N23gu7MVtc9mTVaWIvmmPiD3zsxJ1AJtW2lm efpBp4yjQCYpI7PzA9fDuS16JxfEBfG7tVVdVU3+J0wIYpr3piD8YFInGuOMmMbQ qIYIMILmGyQlSGl5mxO+xTr4popG0eXNBSAMQKP7gyJLLNggSSoxVajis8aSmW0X UB2jiFoulCZSyj9BgYJQ7ua9ZZV+JaPdcEKhjS/oOg0z9HKqOi0M8EbbjqoOgIVu wmM/lAjJnDB1wA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 03127102DE; Thu, 22 Nov 2018 18:36:50 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 06/13] lib/pb-protocol: Add PB_PROTOCOL_ACTION_AUTHENTICATE Date: Fri, 23 Nov 2018 10:36:23 +1100 Message-Id: <20181122233630.6303-7-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Add a new "authenticate" action. Depending on the 'op' field this is either a) an authentication request, b) a response indicating the result, or c) a request to change the password. Signed-off-by: Samuel Mendoza-Jonas --- lib/pb-protocol/pb-protocol.c | 88 +++++++++++++++++++++++++++++++++++ lib/pb-protocol/pb-protocol.h | 26 +++++++++++ 2 files changed, 114 insertions(+) diff --git a/lib/pb-protocol/pb-protocol.c b/lib/pb-protocol/pb-protocol.c index 7c563c8e..5de382d2 100644 --- a/lib/pb-protocol/pb-protocol.c +++ b/lib/pb-protocol/pb-protocol.c @@ -379,6 +379,25 @@ int pb_protocol_temp_autoboot_len(const struct autoboot_option *opt) return len; } +int pb_protocol_authenticate_len(struct auth_message *msg) +{ + switch (msg->op) { + case AUTH_MSG_REQUEST: + /* enum + password + length */ + return 4 + 4 + optional_strlen(msg->password); + case AUTH_MSG_RESPONSE: + /* enum + bool */ + return 4 + 4; + case AUTH_MSG_SET: + /* enum + password + password */ + return 4 + 4 + optional_strlen(msg->set_password.password) + + 4 + optional_strlen(msg->set_password.new_password); + default: + pb_log("%s: invalid input\n", __func__); + return 0; + } +} + int pb_protocol_serialise_device(const struct device *dev, char *buf, int buf_len) { @@ -703,6 +722,39 @@ int pb_protocol_serialise_temp_autoboot(const struct autoboot_option *opt, return 0; } +int pb_protocol_serialise_authenticate(struct auth_message *msg, + char *buf, int buf_len) +{ + char *pos = buf; + + *(enum auth_msg_type *)pos = msg->op; + pos += sizeof(enum auth_msg_type); + + switch(msg->op) { + case AUTH_MSG_REQUEST: + pos += pb_protocol_serialise_string(pos, msg->password); + break; + case AUTH_MSG_RESPONSE: + *(bool *)pos = msg->authenticated; + pos += sizeof(bool); + break; + case AUTH_MSG_SET: + pos += pb_protocol_serialise_string(pos, + msg->set_password.password); + pos += pb_protocol_serialise_string(pos, + msg->set_password.new_password); + break; + default: + pb_log("%s: invalid msg\n", __func__); + return -1; + }; + + assert(pos <= buf + buf_len); + (void)buf_len; + + return 0; +} + int pb_protocol_write_message(int fd, struct pb_protocol_message *message) { int total_len, rc; @@ -1346,3 +1398,39 @@ int pb_protocol_deserialise_temp_autoboot(struct autoboot_option *opt, out: return rc; } + +int pb_protocol_deserialise_authenticate(struct auth_message *msg, + const struct pb_protocol_message *message) +{ + unsigned int len; + const char *pos; + + len = message->payload_len; + pos = message->payload; + + msg->op = *(enum auth_msg_type *)pos; + pos += sizeof(enum auth_msg_type); + + switch (msg->op) { + case AUTH_MSG_REQUEST: + if (read_string(msg, &pos, &len, &msg->password)) + return -1; + break; + case AUTH_MSG_RESPONSE: + msg->authenticated = *(bool *)pos; + pos += sizeof(bool); + break; + case AUTH_MSG_SET: + if (read_string(msg, &pos, &len, &msg->set_password.password)) + return -1; + if (read_string(msg, &pos, &len, + &msg->set_password.new_password)) + return -1; + break; + default: + pb_log("%s: unable to parse\n", __func__); + return -1; + } + + return 0; +} diff --git a/lib/pb-protocol/pb-protocol.h b/lib/pb-protocol/pb-protocol.h index 14fd8a29..1d6c0485 100644 --- a/lib/pb-protocol/pb-protocol.h +++ b/lib/pb-protocol/pb-protocol.h @@ -27,6 +27,7 @@ enum pb_protocol_action { PB_PROTOCOL_ACTION_PLUGINS_REMOVE = 0xd, PB_PROTOCOL_ACTION_PLUGIN_INSTALL = 0xe, PB_PROTOCOL_ACTION_TEMP_AUTOBOOT = 0xf, + PB_PROTOCOL_ACTION_AUTHENTICATE = 0x10, }; struct pb_protocol_message { @@ -35,6 +36,24 @@ struct pb_protocol_message { char payload[]; }; +enum auth_msg_type { + AUTH_MSG_REQUEST, + AUTH_MSG_RESPONSE, + AUTH_MSG_SET, +}; + +struct auth_message { + enum auth_msg_type op; + union { + bool authenticated; + char *password; + struct { + char *password; + char *new_password; + } set_password; + }; +}; + void pb_protocol_dump_device(const struct device *dev, const char *text, FILE *stream); int pb_protocol_device_len(const struct device *dev); @@ -46,6 +65,7 @@ int pb_protocol_config_len(const struct config *config); int pb_protocol_url_len(const char *url); int pb_protocol_plugin_option_len(const struct plugin_option *opt); int pb_protocol_temp_autoboot_len(const struct autoboot_option *opt); +int pb_protocol_authenticate_len(struct auth_message *msg); int pb_protocol_device_cmp(const struct device *a, const struct device *b); int pb_protocol_boot_option_cmp(const struct boot_option *a, @@ -72,6 +92,8 @@ int pb_protocol_serialise_plugin_option(const struct plugin_option *opt, char *buf, int buf_len); int pb_protocol_serialise_temp_autoboot(const struct autoboot_option *opt, char *buf, int buf_len); +int pb_protocol_serialise_authenticate(struct auth_message *msg, + char *buf, int buf_len); int pb_protocol_write_message(int fd, struct pb_protocol_message *message); @@ -100,6 +122,10 @@ int pb_protocol_deserialise_config(struct config *config, int pb_protocol_deserialise_plugin_option(struct plugin_option *opt, const struct pb_protocol_message *message); + int pb_protocol_deserialise_temp_autoboot(struct autoboot_option *opt, const struct pb_protocol_message *message); + +int pb_protocol_deserialise_authenticate(struct auth_message *msg, + const struct pb_protocol_message *message); #endif /* _PB_PROTOCOL_H */ From patchwork Thu Nov 22 23:36:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002066 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G8k6l5Cz9s0n for ; Fri, 23 Nov 2018 10:38:14 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="C88e4zcB"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="LldLdkOJ"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G8k4dvMzDqSF for ; Fri, 23 Nov 2018 10:38:14 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="C88e4zcB"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="LldLdkOJ"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="C88e4zcB"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="LldLdkOJ"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7D5bFMzDqS2 for ; Fri, 23 Nov 2018 10:36:56 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 51B5D21EAE; Thu, 22 Nov 2018 18:36:54 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=+QxA+QDVjAU2HjZuzpfZkCY9ng3WnR5rNTvUMb65IjY=; b=C88e4 zcBNeHc+GnO/ltNPT9p5whLDfjfbnMCAtpeSyOsnskkdQAfEyprcofz+YFbxU0yq q4mTfCOA0HdkKl7qhBbN261VZ53uuseszyEhtAO25P40Cgybqu1BEgjlO1Vw2Kdu q82xdgbEaXAXSGecNNCVUiNCzvKTeqNB1BLzpZmCprxar2L7v1s5LTBm70jrUUKy r8RWtKCAspWfjFP1+Skqt0CLEGZKZTEjKY/7C2J1MKKsTBxfo0yxSQwx0VrAxRJw FrJCQ8ijVxiAtOCdzexpaRCumjXPHH39qVuaO4mHMUtVuP3v3Tx6WxWnGF/Ai36f luriGgSiUP7MrOHYg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=+QxA+QDVjAU2HjZuzpfZkCY9ng3WnR5rNTvUMb65IjY=; b=LldLdkOJ 2ypYy352fPn3vy7kjeFXcJ30BLXnkVGw8BnduCOj33X2MhnkXVns4IKhUu2qp+8h 6oe49OphJWN1BNzUrlNkvkW4wQIz6oG8eH3fxmvFKtIDNC+CSwusND6Digo5a1BA oOFpOtDQcC1MJrRik2ylUyqK5mvODOw42sCehmJXX3RRArb546hQ+bAJwJfzdxH1 DP3aH30iZ/TbQIaehnTtpTrVhQ9z4eH8fkcYei6XYpioG6UR7A+pFRizh/SgidKC fxHR7dALazEpjeqUn4M5biQbEK8KOufWRYwFqPoDHVtCChA5m8NLprauV/6B+wRG p1cbvsbNaJ2RUA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 8E966102DE; Thu, 22 Nov 2018 18:36:52 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 07/13] discover/discover-server: Restrict clients based on uid Date: Fri, 23 Nov 2018 10:36:24 +1100 Message-Id: <20181122233630.6303-8-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If crypt support is enabled restrict what actions clients can perform by default. Initial authorisation is set at connection time; clients running as root are unrestricted, anything else runs as restricted until it makes an authentication to pb-discover. Unprivileged clients may only perform the following actions: - Boot the default boot option. - Cancel the autoboot timeout. - Make an authentication request. If a group named "petitgroup" exists then the socket permissions are also modified so that only clients running as root or in that group may connect to the socket. The user-event socket is only usable by root since the two main usecases are by utilities called by pb-discover or by a user in the shell who will need to su to root anyway. Signed-off-by: Samuel Mendoza-Jonas --- discover/discover-server.c | 236 ++++++++++++++++++++++++++++++++++++- discover/discover-server.h | 3 + discover/pb-discover.c | 3 + discover/platform.c | 13 ++ discover/platform.h | 4 + discover/user-event.c | 7 +- 6 files changed, 263 insertions(+), 3 deletions(-) diff --git a/discover/discover-server.c b/discover/discover-server.c index 34d82be8..434b4966 100644 --- a/discover/discover-server.c +++ b/discover/discover-server.c @@ -1,3 +1,4 @@ +#define _GNU_SOURCE #include #include @@ -10,11 +11,15 @@ #include #include #include +#include +#include #include #include #include #include +#include +#include #include "pb-protocol/pb-protocol.h" #include "list/list.h" @@ -31,6 +36,7 @@ struct discover_server { struct list clients; struct list status; struct device_handler *device_handler; + bool restrict_clients; }; struct client { @@ -39,6 +45,8 @@ struct client { struct waiter *waiter; int fd; bool remote_closed; + bool can_modify; + struct waiter *auth_waiter; }; @@ -245,11 +253,126 @@ static int write_config_message(struct discover_server *server, return client_write_message(server, client, message); } +static int write_authenticate_message(struct discover_server *server, + struct client *client) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_RESPONSE; + auth_msg.authenticated = client->can_modify; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + return client_write_message(server, client, message); +} + +static int client_auth_timeout(void *arg) +{ + struct client *client = arg; + int rc; + + client->can_modify = false; + + rc = write_authenticate_message(client->server, client); + if (rc) + pb_log("failed to send client auth timeout\n"); + + return 0; +} + +static int discover_server_handle_auth_message(struct client *client, + struct auth_message *auth_msg) +{ + struct status *status; + char *hash; + int rc; + + status = talloc_zero(client, struct status); + + switch (auth_msg->op) { + case AUTH_MSG_REQUEST: + if (!crypt_check_password(auth_msg->password)) { + rc = -1; + pb_log("Client failed to authenticate\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Password incorrect")); + } else { + client->can_modify = true; + rc = write_authenticate_message(client->server, + client); + if (client->auth_waiter) + waiter_remove(client->auth_waiter); + client->auth_waiter = waiter_register_timeout( + client->server->waitset, + 300000, /* 5 min */ + client_auth_timeout, client); + pb_log("Client authenticated\n"); + status->type = STATUS_INFO; + status->message = talloc_asprintf(status, + _("Authenticated successfully")); + } + break; + case AUTH_MSG_SET: + if (client->server->restrict_clients) { + if (!crypt_check_password(auth_msg->set_password.password)) { + rc = -1; + pb_log("Wrong password for set request\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Password incorrect")); + break; + } + } + + rc = crypt_set_password(auth_msg, + auth_msg->set_password.new_password); + if (rc) { + pb_log("Failed to set password\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Error setting password")); + } else { + hash = crypt_get_hash(auth_msg); + platform_set_password(hash); + discover_server_set_auth_mode(client->server, + auth_msg->set_password.new_password != NULL); + pb_log("System password changed\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Password updated successfully")); + talloc_free(hash); + + } + break; + default: + pb_log("%s: unknown op\n", __func__); + rc = -1; + break; + } + + write_boot_status_message(client->server, client, status); + talloc_free(status); + + return rc; +} + static int discover_server_process_message(void *arg) { struct autoboot_option *autoboot_opt; struct pb_protocol_message *message; struct boot_command *boot_command; + struct auth_message *auth_msg; + struct status *status; struct client *client = arg; struct config *config; char *url; @@ -262,6 +385,56 @@ static int discover_server_process_message(void *arg) return 0; } + /* + * If crypt support is enabled, non-authorised clients can only delay + * boot, not configure options or change the default boot option. + */ + if (!client->can_modify) { + switch (message->action) { + case PB_PROTOCOL_ACTION_BOOT: + boot_command = talloc(client, struct boot_command); + + rc = pb_protocol_deserialise_boot_command(boot_command, + message); + if (rc) { + pb_log("%s: no boot command?", __func__); + return 0; + } + + device_handler_boot(client->server->device_handler, + client->can_modify, boot_command); + break; + case PB_PROTOCOL_ACTION_CANCEL_DEFAULT: + device_handler_cancel_default(client->server->device_handler); + break; + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc(client, struct auth_message); + rc = pb_protocol_deserialise_authenticate( + auth_msg, message); + if (rc) { + pb_log("Couldn't parse client's auth request\n"); + break; + } + + rc = discover_server_handle_auth_message(client, + auth_msg); + talloc_free(auth_msg); + break; + default: + pb_log("non-root client tried to perform action %d\n", + message->action); + status = talloc_zero(client, struct status); + if (status) { + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + "Client must run as root to make changes"); + write_boot_status_message(client->server, client, + status); + talloc_free(status); + } + } + return 0; + } switch (message->action) { case PB_PROTOCOL_ACTION_BOOT: @@ -275,7 +448,7 @@ static int discover_server_process_message(void *arg) } device_handler_boot(client->server->device_handler, - boot_command); + client->can_modify, boot_command); break; case PB_PROTOCOL_ACTION_CANCEL_DEFAULT: @@ -327,6 +500,19 @@ static int discover_server_process_message(void *arg) autoboot_opt); break; + /* For AUTH_MSG_SET */ + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc(client, struct auth_message); + rc = pb_protocol_deserialise_authenticate( + auth_msg, message); + if (rc) { + pb_log("Couldn't parse client's auth request\n"); + break; + } + + rc = discover_server_handle_auth_message(client, auth_msg); + talloc_free(auth_msg); + break; default: pb_log_fn("invalid action %d\n", message->action); return 0; @@ -336,12 +522,27 @@ static int discover_server_process_message(void *arg) return 0; } +void discover_server_set_auth_mode(struct discover_server *server, + bool restrict_clients) +{ + struct client *client; + + server->restrict_clients = restrict_clients; + + list_for_each_entry(&server->clients, client, list) { + client->can_modify = !restrict_clients; + write_authenticate_message(server, client); + } +} + static int discover_server_process_connection(void *arg) { struct discover_server *server = arg; struct statuslog_entry *entry; int fd, rc, i, n_devices, n_plugins; struct client *client; + struct ucred ucred; + socklen_t len; /* accept the incoming connection */ fd = accept(server->socket, NULL, NULL); @@ -362,6 +563,30 @@ static int discover_server_process_connection(void *arg) WAIT_IN, discover_server_process_message, client); + /* + * get some info on the connecting process - if the client is being + * run as root allow them to make changes + */ + if (server->restrict_clients) { + len = sizeof(struct ucred); + rc = getsockopt(client->fd, SOL_SOCKET, SO_PEERCRED, &ucred, + &len); + if (rc) { + pb_log("Failed to get socket info - restricting client\n"); + client->can_modify = false; + } else { + pb_log("Client details: pid: %d, uid: %d, egid: %d\n", + ucred.pid, ucred.uid, ucred.gid); + client->can_modify = ucred.uid == 0; + } + } else + client->can_modify = true; + + /* send auth status to client */ + rc = write_authenticate_message(server, client); + if (rc) + return 0; + /* send sysinfo to client */ rc = write_system_info_message(server, client, system_info_get()); if (rc) @@ -508,6 +733,7 @@ struct discover_server *discover_server_init(struct waitset *waitset) { struct discover_server *server; struct sockaddr_un addr; + struct group *group; server = talloc(NULL, struct discover_server); if (!server) @@ -527,7 +753,6 @@ struct discover_server *discover_server_init(struct waitset *waitset) } talloc_set_destructor(server, server_destructor); - addr.sun_family = AF_UNIX; strcpy(addr.sun_path, PB_SOCKET_PATH); @@ -536,6 +761,13 @@ struct discover_server *discover_server_init(struct waitset *waitset) goto out_err; } + /* Allow all clients to communicate on this socket */ + group = getgrnam("petitgroup"); + if (group) { + chown(PB_SOCKET_PATH, 0, group->gr_gid); + chmod(PB_SOCKET_PATH, 0660); + } + if (listen(server->socket, 8)) { pb_log("server socket listen: %s\n", strerror(errno)); goto out_err; diff --git a/discover/discover-server.h b/discover/discover-server.h index 9f3aa627..9722e173 100644 --- a/discover/discover-server.h +++ b/discover/discover-server.h @@ -20,6 +20,9 @@ void discover_server_destroy(struct discover_server *server); void discover_server_set_device_source(struct discover_server *server, struct device_handler *handler); +void discover_server_set_auth_mode(struct discover_server *server, + bool restrict_clients); + void discover_server_notify_device_add(struct discover_server *server, struct device *device); void discover_server_notify_boot_option_add(struct discover_server *server, diff --git a/discover/pb-discover.c b/discover/pb-discover.c index c494eeb3..e2b36dd4 100644 --- a/discover/pb-discover.c +++ b/discover/pb-discover.c @@ -189,6 +189,9 @@ int main(int argc, char *argv[]) if (config_get()->debug) pb_log_set_debug(true); + if (platform_restrict_clients()) + discover_server_set_auth_mode(server, true); + system_info_init(server); handler = device_handler_init(server, waitset, opts.dry_run == opt_yes); diff --git a/discover/platform.c b/discover/platform.c index 237da3a9..7712ef14 100644 --- a/discover/platform.c +++ b/discover/platform.c @@ -213,6 +213,19 @@ int platform_get_sysinfo(struct system_info *info) return -1; } +bool platform_restrict_clients(){ + if (platform && platform->restrict_clients) + return platform->restrict_clients(platform); + return false; +} + +int platform_set_password(const char *hash) +{ + if (platform && platform->set_password) + return platform->set_password(platform, hash); + return -1; +} + int config_set(struct config *newconfig) { int rc; diff --git a/discover/platform.h b/discover/platform.h index 29405626..f7d3d1c4 100644 --- a/discover/platform.h +++ b/discover/platform.h @@ -12,6 +12,8 @@ struct platform { void (*pre_boot)(struct platform *, const struct config *); int (*get_sysinfo)(struct platform *, struct system_info *); + bool (*restrict_clients)(struct platform *); + int (*set_password)(struct platform *, const char *hash); uint16_t dhcp_arch_id; void *platform_data; }; @@ -20,6 +22,8 @@ int platform_init(void *ctx); int platform_fini(void); const struct platform *platform_get(void); int platform_get_sysinfo(struct system_info *info); +bool platform_restrict_clients(void); +int platform_set_password(const char *hash); void platform_pre_boot(void); /* configuration interface */ diff --git a/discover/user-event.c b/discover/user-event.c index 734f77b3..d3d4a5e8 100644 --- a/discover/user-event.c +++ b/discover/user-event.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -507,7 +508,7 @@ static int user_event_boot(struct user_event *uev, struct event *event) cmd->boot_args = talloc_strdup(cmd, event_get_param(event, "args")); } - device_handler_boot(handler, cmd); + device_handler_boot(handler, false, cmd); talloc_free(cmd); @@ -749,6 +750,10 @@ struct user_event *user_event_init(struct device_handler *handler, strerror(errno)); } + /* Don't allow events from non-priviledged users */ + chown(PBOOT_USER_EVENT_SOCKET, 0, 0); + chmod(PBOOT_USER_EVENT_SOCKET, 0660); + waiter_register_io(waitset, uev->socket, WAIT_IN, user_event_process, uev); From patchwork Thu Nov 22 23:36:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002067 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G8w0PYwz9s3C for ; Fri, 23 Nov 2018 10:38:24 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="bCDiCRPq"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="TdfCqbmH"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G8v5qX3zDqS8 for ; Fri, 23 Nov 2018 10:38:23 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="bCDiCRPq"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="TdfCqbmH"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="bCDiCRPq"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="TdfCqbmH"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7G0VVDzDqRw for ; Fri, 23 Nov 2018 10:36:58 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id C185E21C7A; Thu, 22 Nov 2018 18:36:55 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=2pQOGVOLSBxdlvXDGx+gCW2tetmkMLJd0f71A6vm0Vo=; b=bCDiC RPq9R1cPwaFCVxdvhOlWZJopbK1zz/dWSb9tkIbpQCqw0YxdYflrFBACoyx6XM2h FzuhpgMQvrofGHL4dHqusSNNzOY26UTFNu9tIpOcs/gw9DZucVRrgpaDdWdR5PWe KpirNaWidUmdiJIAUf4CZ1EmN+QocglHEZbctQM4cQwIypIyrO3Nbv+2RviHjcaB b3wo6Yrq49UK4QKEy/7x2PhVjGAMZY1Luq7x5hABaowGzbwCVi9UAXBoy32z8B2E u67511iUSiDp8FGirObsfaxQB9LU8+A8Mkhlx1fFFZjfllPNY0OAeuv2KXJ+HNdw A5klz+xhJaG1TWZcA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=2pQOGVOLSBxdlvXDGx+gCW2tetmkMLJd0f71A6vm0Vo=; b=TdfCqbmH afVqRLqmV0+7da9mW+1pD4HIiTUjaxoVCe5IuiPz/INPySKf3EicEsTh0wTOTPNM fMPeCUcbtpfIvk3jOfw5zQmM7YhEt5tk+lZ+E4OTHFvgTeiP081nO8zXJooYdrdF dD9fwn+Z9ujFXXTPUw9YS9mx2rZOl+Q1Pdq/XtV/A20TVbtciyaFbVFZNgHwXkQt XM5WADVNLxNEKBYnvsEd5vwk1NhIEH1IHarN2oIEiM4hKhijimLjSLRsbSXjDWkJ MDxaWBv7LGJiYE+UkN0YpVUUEOgjl7ukIvrA4xY92gBSbJGHDQzZ7eKyeWEXHJCe IL4VjBntggQrEA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 61610102DE; Thu, 22 Nov 2018 18:36:54 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 08/13] discover/device-handler: Prevent normal users changing boot target Date: Fri, 23 Nov 2018 10:36:25 +1100 Message-Id: <20181122233630.6303-9-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Signed-off-by: Samuel Mendoza-Jonas --- discover/device-handler.c | 14 +++++++++++++- discover/device-handler.h | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/discover/device-handler.c b/discover/device-handler.c index 271b9880..3c7943e1 100644 --- a/discover/device-handler.c +++ b/discover/device-handler.c @@ -81,6 +81,7 @@ struct device_handler { struct autoboot_option *temp_autoboot; struct discover_boot_option *default_boot_option; + struct discover_boot_option *last_boot_option; int default_boot_option_priority; struct list unresolved_boot_options; @@ -756,6 +757,8 @@ static int default_timeout(void *arg) opt = handler->default_boot_option; + handler->last_boot_option = opt; + if (handler->sec_to_boot) { countdown_status(handler, opt, handler->sec_to_boot); handler->sec_to_boot--; @@ -1453,13 +1456,22 @@ static struct discover_boot_option *find_boot_option_by_id( } void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd) + bool change_default, struct boot_command *cmd) { struct discover_boot_option *opt = NULL; if (cmd->option_id && strlen(cmd->option_id)) opt = find_boot_option_by_id(handler, cmd->option_id); + /* Don't allow a normal client to change the default */ + if (!change_default && handler->last_boot_option && + opt != handler->last_boot_option) { + pb_log("Non-root user tried to change boot option\n"); + device_handler_status_err(handler, + "Must be root to change default boot option\n"); + return; + } + if (handler->pending_boot) boot_cancel(handler->pending_boot); diff --git a/discover/device-handler.h b/discover/device-handler.h index 9696ec06..9619a2df 100644 --- a/discover/device-handler.h +++ b/discover/device-handler.h @@ -161,7 +161,7 @@ struct discover_boot_option *device_handler_find_option_by_name( struct device_handler *handler, const char *device, const char *name); void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd); + bool change_default, struct boot_command *cmd); void device_handler_cancel_default(struct device_handler *handler); void device_handler_update_config(struct device_handler *handler, struct config *config); From patchwork Thu Nov 22 23:36:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002068 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G945ZLpz9s3q for ; Fri, 23 Nov 2018 10:38:32 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="rDzAyyMK"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MFPiiNo7"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G943M3JzDqSF for ; Fri, 23 Nov 2018 10:38:32 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="rDzAyyMK"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MFPiiNo7"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="rDzAyyMK"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MFPiiNo7"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7H5r0nzDqRw for ; Fri, 23 Nov 2018 10:36:59 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 762BF2079B; Thu, 22 Nov 2018 18:36:57 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=dbHeTJpPwCU+mGqZZopGN7V0t+omY5UgwdK5IObsSQE=; b=rDzAy yMKylc/x1cP0keRnqOqVzDaAy7IgLIML40C5xhNvMgdY5o1OCa9IGgnbcqTrFBgS R6MLfFcBWQPnJF5MgZIS28IwCgYNZaCEUkiArk//N+2ydGGKyjVpqtEZ5UWazIpe pxzh1IF/N2JyK4DUAmm5KMH4yZpVFAUfzQZo0dQr6qydDOeIRLW16KUO46XcKA8F 8wrKzSY4U6FdvrMwn1HFsXw4e7yODwTrwRfUe6qW2fHqn5CUBoRbibPOEHvkRmjY HaUz1LnGy5CA+3TqMbiBLyrQwX2oy+sdK0jSSyMONUVxxhtcLFVfV+7k4E10VUCO 1odaHq+qQpcXuye0Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=dbHeTJpPwCU+mGqZZopGN7V0t+omY5UgwdK5IObsSQE=; b=MFPiiNo7 cNxPdD/BXVSlJ0HMLYnUkUW7q/WnYDeC7VoGaa6dcswpEpHUEPWP5MbeHy18wib1 A8KEcGHb8WNLgUdZ1hLMlwTKQoL7c+kSMshA1JqWNTZdlXOyiYu36tMlo0qHns7t qfsbWjLPPJs36TTjyV+QIWT3jCQJVpceETrlrNF/tPIfMR5uKkRU2uEqi/4BSQ0w HaDnmsf+2sR864YmuESLSvxdy3zRajiqY9j7PuLG7i4sIaoxNzCrZy1QwSPNKPKf RA1ZGQNmPrD34OfzO43MG+i0HKjfj6WB4Jy1mNgNxe1T3+ZA54lsscuQaS2O5jUw hPjz6kroZQOD+A== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id EA30E102DE; Thu, 22 Nov 2018 18:36:55 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 09/13] discover/platform-powerpc: Read and write password hash from NVRAM Date: Fri, 23 Nov 2018 10:36:26 +1100 Message-Id: <20181122233630.6303-10-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If petitboot,password exists set it as the root password. This will be the password used to authenticate clients. This is the *hash* of a password as it would appear in /etc/shadow, not the password itself. Signed-off-by: Samuel Mendoza-Jonas --- discover/platform-powerpc.c | 29 +++++++++++++++++++++++++++++ lib/param_list/param_list.c | 1 + 2 files changed, 30 insertions(+) diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c index f8f33054..e9972399 100644 --- a/discover/platform-powerpc.c +++ b/discover/platform-powerpc.c @@ -14,6 +14,7 @@ #include #include #include +#include #include "hostboot.h" #include "platform.h" @@ -599,6 +600,7 @@ err: static int load_config(struct platform *p, struct config *config) { struct platform_powerpc *platform = to_platform_powerpc(p); + const char *hash; int rc; rc = parse_nvram(platform); @@ -623,6 +625,14 @@ static int load_config(struct platform *p, struct config *config) config_get_active_consoles(config); + + hash = param_list_get_value(platform->params, "petitboot,password"); + if (hash) { + rc = crypt_set_password_hash(platform, hash); + if (rc) + pb_log("Failed to set password hash\n"); + } + return 0; } @@ -690,6 +700,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo) return 0; } +static bool restrict_clients(struct platform *p) +{ + struct platform_powerpc *platform = to_platform_powerpc(p); + + return param_list_get_value(platform->params, "petitboot,password") != NULL; +} + +static int set_password(struct platform *p, const char *hash) +{ + struct platform_powerpc *platform = to_platform_powerpc(p); + + param_list_set(platform->params, "petitboot,password", hash, true); + write_nvram(platform); + + return 0; +} + static bool probe(struct platform *p, void *ctx) { struct platform_powerpc *platform; @@ -743,6 +770,8 @@ static struct platform platform_powerpc = { .save_config = save_config, .pre_boot = pre_boot, .get_sysinfo = get_sysinfo, + .restrict_clients = restrict_clients, + .set_password = set_password, }; register_platform(platform_powerpc); diff --git a/lib/param_list/param_list.c b/lib/param_list/param_list.c index b3a45f8b..9a01be6c 100644 --- a/lib/param_list/param_list.c +++ b/lib/param_list/param_list.c @@ -22,6 +22,7 @@ const char **common_known_params(void) "petitboot,console", "petitboot,http_proxy", "petitboot,https_proxy", + "petitboot,password", NULL, }; From patchwork Thu Nov 22 23:36:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002069 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G9F1h3Cz9s3q for ; Fri, 23 Nov 2018 10:38:41 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="exW0/SGS"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MT8V+YOo"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G9F05GSzDqSQ for ; Fri, 23 Nov 2018 10:38:41 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="exW0/SGS"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MT8V+YOo"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="exW0/SGS"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MT8V+YOo"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7K2JbZzDqRw for ; Fri, 23 Nov 2018 10:37:01 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 002E821751; Thu, 22 Nov 2018 18:36:59 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:36:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=AIjKOZaEJGltBrbtvECq7EbwN4LXYJUyi1wPSGhdqjk=; b=exW0/ SGSOWTHfvvEkkgrsLM6tR0XYmU5Ff1Er21W0kuTHF/WwZUA1EFCY/6Wm9aGVzBl1 T59Ui8fMRI5f5RPjqpByyH8v8UdptCa+6UA/IuwR+B5InVa9Js8HLszo+zBDpbju MHFRonPolcjzN4U68Otb/C+GiPwumCzDtybDZNcjvhfjk+8kXPuS+zYDKZi8cati 8qInpnQd/lMtFwaFGl0tvCnmcg/l5VOU6NgjGyxx7eTy1C6eR5VvuQjVozoipHSi dQs9gnJm+AV5fRxjfQtLBI4QK1JDRvWFaKUF4YGYhcrL5GwIBJO+/MqjOEhEzPNA LvY3sDf36SEOhC74w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=AIjKOZaEJGltBrbtvECq7EbwN4LXYJUyi1wPSGhdqjk=; b=MT8V+YOo o9aCvdV1uuJ4mQx3rlzJdbyWutxZG9KoMkNUf3tUYjbSkxBdPDXRBFaOFV1ZXVtd c9QT1iGdIRW2a+OnV+DJWvonnwQ/KVQNEzwVm2kUyhSQEub0t0/488wGNwLGhkWi 1Ld23317cisPGGskEtZSVYcYHymBeU5khQ3T6QlNUJdEl7Nja/vwLSDpwpDBmnsq Zqo4WC3uOv2wdVcqc/n1rVOcnWVTmnJh3v7di8DEbyPMCul2Zg/QdZgBYroqTAxb OEW1ZX70CJQRLbsc0gxbl02aMDExV9b4MRbaYo0UnOX3NsqGNLO/6EQoCiXN2T2W U+xSdDquE+p2iA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 7EDC6102E4; Thu, 22 Nov 2018 18:36:57 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 10/13] ui/ncurses: Simplify starting shell Date: Fri, 23 Nov 2018 10:36:27 +1100 Message-Id: <20181122233630.6303-11-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Instead of calling sh twice to echo the 'exiting' message just call sh by itself and leave any welcome message to the shell's interactive config. Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear() will blank out the screen anyway. Signed-off-by: Samuel Mendoza-Jonas --- ui/ncurses/nc-cui.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 8ad89553..3c754546 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -206,31 +206,17 @@ void cui_resize(struct cui *cui) void cui_on_exit(struct pmenu *menu) { struct cui *cui = cui_from_pmenu(menu); - char *sh_cmd; cui_cancel_autoboot_on_exit(cui); - sh_cmd = talloc_asprintf(cui, - "echo \"Exiting petitboot. Type 'exit' to return.\";\ - echo \"You may run 'pb-sos' to gather diagnostic data\";\ - %s", pb_system_apps.sh); - - if (!sh_cmd) { - pb_log("Failed to allocate shell arguments\n"); - return; - } - const char *argv[] = { pb_system_apps.sh, - "-c", - sh_cmd, NULL }; cui_run_cmd(cui, argv); nc_scr_status_printf(cui->current, _("Returned from shell")); - talloc_free(sh_cmd); } /** @@ -263,11 +249,9 @@ int cui_run_cmd(struct cui *cui, const char **cmd_argv) nc_scr_status_printf(cui->current, _("Running %s..."), cmd_argv[0]); - nc_scr_unpost(cui->current); + def_prog_mode(); clear(); refresh(); - - def_prog_mode(); endwin(); result = process_run_sync(process); From patchwork Thu Nov 22 23:36:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002071 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G9Q4kFTz9s3C for ; Fri, 23 Nov 2018 10:38:50 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="oqONAubC"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BPMWKLfC"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G9Q2yLqzDqSN for ; Fri, 23 Nov 2018 10:38:50 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="oqONAubC"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BPMWKLfC"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="oqONAubC"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BPMWKLfC"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7L70JvzDqS5 for ; Fri, 23 Nov 2018 10:37:02 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 90FB921B88; Thu, 22 Nov 2018 18:37:00 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:37:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=oz0GLpEFYNRb/Fk5sHaZr35g1L/lmJ6hB1bZxCz+4yA=; b=oqONA ubC4PsbtB32uRAL3mmfu0LcXtWKRgGIlGCocDjz3LdV5KgqnQCzS8+CMcqMj1p+i +QLUqyL7MW0TKDuqXuhpBfV3c4FpFtzWO3Mzt0YZ8oxc1zpgB7UhNYakOy+0zXwe aotZzWfIP5elvtQMiAe2EbubxQ+Q+l/vpOH/wl+zf7KiQK2wmbNRrTCHTqktARbv nMF7cM7dqrv871TiOU37elZv+eSyiNQEwO1x8W/qGbKMPd2cfC3q90GK+OkZ83vc B1y89Ql2/epJxFLy3r3pkkja2OamvriKUkDbbrqF7p38sCoewJ2JW7kV7Yy6mDnS aNxYLg5yvzr1XY0CA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=oz0GLpEFYNRb/Fk5sHaZr35g1L/lmJ6hB1bZxCz+4yA=; b=BPMWKLfC YSqVwj783AqXjC3xnuov9TKn0mrgsI3QcLdL+3q3M2pSKtATskeWVrzPPBHO89Li xGTXLkxdiBPrMvbQB3k/Tvk5lUHqOhcVaMGSKOOjxu4y4+oKvXdFn9Uc+MXvYmDR D0C37EGlIzT5NQCCp5CBtW2r3u4VsYTm3PL7FC+6JYso/g4BVN/ho5l7JWRXlfQ0 Z8P2PDLvQy0nZHSdnGsy1wZlOyChYONMO2rZwL9ZIyFC+9iOSv2FY19+d1ZYHVt0 FdeO+/+tm18PuKU7TJlqVUTkX8dmpsB0Dddky7uJYm8F8f7lipzkYll2WBXsHBa1 5l7PkAedfiWMtw== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 25C49102DE; Thu, 22 Nov 2018 18:36:58 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 11/13] ui/common: Client authentication helpers Date: Fri, 23 Nov 2018 10:36:28 +1100 Message-Id: <20181122233630.6303-12-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Track the client's authentication status and provide methods for the client to send authentication requests to the server. Signed-off-by: Samuel Mendoza-Jonas --- ui/common/discover-client.c | 81 +++++++++++++++++++++++++++++++++++++ ui/common/discover-client.h | 12 ++++++ 2 files changed, 93 insertions(+) diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index d9414976..e7dfb831 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -1,4 +1,8 @@ +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + #include #include #include @@ -22,6 +26,7 @@ struct discover_client { struct discover_client_ops ops; int n_devices; struct device **devices; + bool authenticated; }; static int discover_client_destructor(void *arg) @@ -171,6 +176,7 @@ static int discover_client_process(void *arg) { struct discover_client *client = arg; struct pb_protocol_message *message; + struct auth_message *auth_msg; struct plugin_option *p_opt; struct system_info *sysinfo; struct boot_option *opt; @@ -266,6 +272,20 @@ static int discover_client_process(void *arg) case PB_PROTOCOL_ACTION_PLUGINS_REMOVE: plugins_remove(client); break; + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc_zero(ctx, struct auth_message); + + rc = pb_protocol_deserialise_authenticate(auth_msg, message); + if (rc || auth_msg->op != AUTH_MSG_RESPONSE) { + pb_log("%s: invalid auth message? (%d)\n", + __func__, rc); + goto out; + } + + pb_log("Client %sauthenticated by server\n", + client->authenticated ? "" : "un"); + client->authenticated = auth_msg->authenticated; + break; default: pb_log_fn("unknown action %d\n", message->action); } @@ -311,6 +331,13 @@ struct discover_client* discover_client_init(struct waitset *waitset, waiter_register_io(waitset, client->fd, WAIT_IN, discover_client_process, client); + /* Assume this client can't make changes if crypt support is enabled */ +#ifdef CRYPT_SUPPORT + client->authenticated = false; +#else + client->authenticated = true; +#endif + return client; out_err: @@ -333,6 +360,11 @@ struct device *discover_client_get_device(struct discover_client *client, return client->devices[index]; } +bool discover_client_authenticated(struct discover_client *client) +{ + return client->authenticated; +} + static void create_boot_command(struct boot_command *command, const struct device *device __attribute__((unused)), const struct boot_option *boot_option, @@ -471,3 +503,52 @@ int discover_client_send_temp_autoboot(struct discover_client *client, return pb_protocol_write_message(client->fd, message); } + +int discover_client_send_authenticate(struct discover_client *client, + char *password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_REQUEST; + auth_msg.password = password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} + +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_SET; + auth_msg.set_password.password = password; + auth_msg.set_password.new_password = new_password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 2a2ea288..9b56dcb7 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -71,6 +71,12 @@ int discover_client_device_count(struct discover_client *client); struct device *discover_client_get_device(struct discover_client *client, int index); +/** + * Get the client's authentication status. This is only useful if Petitboot + * has been built with crypt support. + */ +bool discover_client_authenticated(struct discover_client *client); + /* Tell the discover server to boot an image * @param client A pointer to the discover client * @param boot_command The command to boot @@ -101,6 +107,12 @@ int discover_client_send_url(struct discover_client *client, char *url); /* Send plugin file path to discover server to install */ int discover_client_send_plugin_install(struct discover_client *client, char *file); +/* Authenticate with pb-discover to allow modification */ +int discover_client_send_authenticate(struct discover_client *client, + char *password); +/* Set a new system password, authenticating with the current password */ +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password); /* send a temporary autoboot override */ int discover_client_send_temp_autoboot(struct discover_client *client, From patchwork Thu Nov 22 23:36:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002072 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G9b0txXz9s0n for ; Fri, 23 Nov 2018 10:38:59 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="yzHsrsBi"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="hqVEHD2f"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G9Z5PNrzDqSF for ; Fri, 23 Nov 2018 10:38:58 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="yzHsrsBi"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="hqVEHD2f"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="yzHsrsBi"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="hqVEHD2f"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7Q4vPlzDqRw for ; Fri, 23 Nov 2018 10:37:06 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id BF0D421D0A; Thu, 22 Nov 2018 18:37:02 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:37:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=RSBiduqvNZjGjV4BvBP1b2qnZipkz8AuQxdNdpnhQjM=; b=yzHsr sBiy2+LsAsM0ZvWL/DYI9KPNXeTwVqchDsBTuekldJNJ6LooR7KX5VW3+mwMOpgU 7pdkOvICf/T/8GeVOFq0HLcdp1yPbD5hiF+mO4Y35bCoDg7tVvbl2FMvLNOWXl6k +BHTd0X9WI1oaTawjwCaSmfHVKNv9ofpg76A8Niu8C9lSUE76sCdKXtudBol06R3 AQ9hgSLTvFejyK0c1e6mMiYslefCisjd2zs1CUdzM9j5t0nPJ7p90BS0CpUitxFP Nlz5DfNqfqBKBANAev73NEndj6KYmIhYv4hjYwSmF4PB4nAGmWrKlbGP5lobpvkO U2VOES3kfhFXEKiCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=RSBiduqvNZjGjV4BvBP1b2qnZipkz8AuQxdNdpnhQjM=; b=hqVEHD2f XqhFcacOohqn5SsRJcP+fS6qc2n/dqo74x5f6xdQ2RoAR4sZ4ghgMqpgRgx0NBk/ lhozAhB8q7DCx2VfMEYfaN55dtLFdj/K2cfgdsPR3oN6AuB3baZY9fvkf/GHkk0a XHngppREHEojjVrd1NCj4N/mOtl0Xca3X0HNG0L54uZbv6dldEQ+neoOgEOOLlCq UmOWZITu6wf8JfU6M1bN3xRe4tcXpYEx8CWRwpmboFSyTjSKsP4IDd488r3ZT2+T qkK9+lJGGrmn7AnLZIAiK0mMi9VSRbDe/3FbUEmUJn7mf1YEUnMAEz7m+0J326rp GmdVyxRWGgZ0XA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id B215F102E0; Thu, 22 Nov 2018 18:37:00 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 12/13] ui/ncurses: Add nc-auth and authenticate when required. Date: Fri, 23 Nov 2018 10:36:29 +1100 Message-Id: <20181122233630.6303-13-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" When the user tries to perform actions that require authentication a new subscreen 'nc-auth' is launched which accepts a password and will send an authentication request before performing the action. This also adds a button in nc-config which launches an nc-auth screen allowing the user to set or change the system password. Signed-off-by: Samuel Mendoza-Jonas --- ui/ncurses/Makefile.am | 4 +- ui/ncurses/nc-add-url.c | 63 ++++++--- ui/ncurses/nc-auth.c | 299 ++++++++++++++++++++++++++++++++++++++++ ui/ncurses/nc-auth.h | 33 +++++ ui/ncurses/nc-config.c | 64 +++++++-- ui/ncurses/nc-cui.c | 151 +++++++++++++++++++- ui/ncurses/nc-cui.h | 6 + ui/ncurses/nc-lang.c | 127 +++++++++++------ ui/ncurses/nc-plugin.c | 44 +++--- ui/ncurses/nc-plugin.h | 2 - ui/ncurses/nc-scr.h | 1 + ui/ncurses/nc-widgets.h | 1 + 12 files changed, 692 insertions(+), 103 deletions(-) create mode 100644 ui/ncurses/nc-auth.c create mode 100644 ui/ncurses/nc-auth.h diff --git a/ui/ncurses/Makefile.am b/ui/ncurses/Makefile.am index b791b9dc..cd525dfe 100644 --- a/ui/ncurses/Makefile.am +++ b/ui/ncurses/Makefile.am @@ -57,7 +57,9 @@ ui_ncurses_libpbnc_la_SOURCES = \ ui/ncurses/nc-plugin.c \ ui/ncurses/nc-plugin.h \ ui/ncurses/nc-plugin-help.c \ - ui/ncurses/nc-plugin-menu-help.c + ui/ncurses/nc-plugin-menu-help.c \ + ui/ncurses/nc-auth.c \ + ui/ncurses/nc-auth.h sbin_PROGRAMS += ui/ncurses/petitboot-nc diff --git a/ui/ncurses/nc-add-url.c b/ui/ncurses/nc-add-url.c index 4abca38a..33f502da 100644 --- a/ui/ncurses/nc-add-url.c +++ b/ui/ncurses/nc-add-url.c @@ -28,6 +28,7 @@ #include #include +#include "ui/common/discover-client.h" #include "nc-cui.h" #include "nc-add-url.h" #include "nc-widgets.h" @@ -111,14 +112,37 @@ static void add_url_screen_process_key(struct nc_scr *scr, int key) cui_show_help(screen->cui, _("Retrieve Config"), &add_url_help_text); - } else if (handled) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } +static int screen_process_form(struct add_url_screen *screen) +{ + char *url; + int rc; + + url = widget_textbox_get_value(screen->widgets.url_f); + if (!url || !strlen(url)) + return 0; + + /* Once we have all the info we need, tell the server */ + rc = cui_send_url(screen->cui, url); + + if (rc) + pb_log("cui_send_retreive failed!\n"); + else + pb_debug("add_url url sent!\n"); + return 0; +} + static int add_url_screen_post(struct nc_scr *scr) { struct add_url_screen *screen = add_url_screen_from_scr(scr); + + if (screen->exit) + screen->on_exit(screen->cui); + widgetset_post(screen->widgetset); nc_scr_frame_draw(scr); if (screen->need_redraw) { @@ -142,34 +166,29 @@ struct nc_scr *add_url_screen_scr(struct add_url_screen *screen) return &screen->scr; } -static int screen_process_form(struct add_url_screen *screen) +static void add_url_process_cb(struct nc_scr *scr) { - char *url; - int rc; - - url = widget_textbox_get_value(screen->widgets.url_f); - if (!url || !strlen(url)) - return 0; - - /* Once we have all the info we need, tell the server */ - rc = cui_send_url(screen->cui, url); + struct add_url_screen *screen = add_url_screen_from_scr(scr); - if (rc) - pb_log("cui_send_retreive failed!\n"); - else - pb_debug("add_url url sent!\n"); - return 0; + if (!screen_process_form(screen)) + screen->exit = true; } static void ok_click(void *arg) { struct add_url_screen *screen = arg; - if (screen_process_form(screen)) - /* errors are written to the status line, so we'll need - * to refresh */ - wrefresh(screen->scr.main_ncw); - else - screen->exit = true; + + if (discover_client_authenticated(screen->cui->client)) { + if (screen_process_form(screen)) + /* errors are written to the status line, so we'll need + * to refresh */ + wrefresh(screen->scr.main_ncw); + else + screen->exit = true; + } else { + cui_show_auth(screen->cui, screen->scr.main_ncw, false, + add_url_process_cb); + } } static void help_click(void *arg) diff --git a/ui/ncurses/nc-auth.c b/ui/ncurses/nc-auth.c new file mode 100644 index 00000000..e77a2bd2 --- /dev/null +++ b/ui/ncurses/nc-auth.c @@ -0,0 +1,299 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + +#include +#include +#include + +#include +#include +#include +#include + +#include "nc-cui.h" +#include "nc-widgets.h" +#include "nc-auth.h" + +#define N_FIELDS 5 + +struct auth_screen { + struct nc_scr scr; + struct cui *cui; + struct nc_scr *return_scr; + struct nc_widgetset *widgetset; + void (*process_key)(struct nc_scr *, int); + + bool set_password; + void (*callback)(struct nc_scr *); + int offset_y; + int label_x; + int field_x; + + bool exit; + void (*on_exit)(struct cui *); + + struct { + struct nc_widget_label *title_a_l; + struct nc_widget_label *title_b_l; + struct nc_widget_textbox *password_f; + struct nc_widget_label *new_l; + struct nc_widget_textbox *new_f; + struct nc_widget_button *ok_b; + struct nc_widget_button *cancel_b; + } widgets; +}; + +struct nc_scr *auth_screen_return_scr(struct auth_screen *screen) +{ + return screen->return_scr; +} + +struct nc_scr *auth_screen_scr(struct auth_screen *screen) +{ + return &screen->scr; +} + +static struct auth_screen *auth_screen_from_scr(struct nc_scr *scr) +{ + struct auth_screen *auth_screen; + + assert(scr->sig == pb_auth_screen_sig); + auth_screen = (struct auth_screen *) + ((char *)scr - (size_t)&((struct auth_screen *)0)->scr); + assert(auth_screen->scr.sig == pb_auth_screen_sig); + return auth_screen; +} + +static void auth_screen_process_key(struct nc_scr *scr, int key) +{ + struct auth_screen *screen = auth_screen_from_scr(scr); + bool handled; + + handled = widgetset_process_key(screen->widgetset, key); + + if (!handled) { + switch (key) { + case 'x': + case 27: /* esc */ + screen->exit = true; + break; + } + } + + if (screen->exit) + screen->on_exit(screen->cui); + else if (handled) + wrefresh(screen->scr.sub_ncw); +} + +static void auth_screen_frame_draw(struct nc_scr *scr) +{ + int y, x; + + getmaxyx(scr->sub_ncw, y, x); + + mvwhline(scr->sub_ncw, 0, 0, ACS_HLINE, x); + mvwhline(scr->sub_ncw, y - 1, 0, ACS_HLINE, x); + + mvwvline(scr->sub_ncw, 0, 0, ACS_VLINE, y); + mvwvline(scr->sub_ncw, 0, x - 1, ACS_VLINE, y); +} + +static int auth_screen_post(struct nc_scr *scr) +{ + struct auth_screen *screen = auth_screen_from_scr(scr); + widgetset_post(screen->widgetset); + auth_screen_frame_draw(scr); + wrefresh(scr->sub_ncw); + return 0; +} + +static int auth_screen_unpost(struct nc_scr *scr) +{ + struct auth_screen *screen = auth_screen_from_scr(scr); + widgetset_unpost(screen->widgetset); + return 0; +} + +static void ok_click(void *arg) +{ + struct auth_screen *screen = arg; + char *password, *new_password; + int rc; + + + password = widget_textbox_get_value(screen->widgets.password_f); + if (screen->set_password) { + new_password = widget_textbox_get_value(screen->widgets.new_f); + rc = cui_send_set_password(screen->cui, password, new_password); + } else + rc = cui_send_authenticate(screen->cui, password); + + if (rc) + pb_log("Failed to send authenticate action\n"); + else if (screen->callback) + screen->callback(screen->return_scr); + + screen->exit = true; +} + +static void cancel_click(void *arg) +{ + struct auth_screen *screen = arg; + screen->exit = true; +} + +static void auth_screen_layout_widgets(struct auth_screen *screen) +{ + int y = 1; + + widget_move(widget_label_base(screen->widgets.title_a_l), + y++, screen->label_x); + widget_move(widget_label_base(screen->widgets.title_b_l), + y++, screen->label_x); + + y += 1; + + widget_move(widget_textbox_base(screen->widgets.password_f), + y++, screen->field_x); + + y += 1; + + if (screen->set_password) { + widget_move(widget_label_base(screen->widgets.new_l), + y++, screen->label_x); + widget_move(widget_textbox_base(screen->widgets.new_f), + y++, screen->field_x); + y += 1; + } + + widget_move(widget_button_base(screen->widgets.ok_b), + y, 10); + widget_move(widget_button_base(screen->widgets.cancel_b), + y, 30); +} + +static void auth_screen_draw(struct auth_screen *screen) +{ + struct nc_widgetset *set; + + set = widgetset_create(screen, screen->scr.main_ncw, + screen->scr.sub_ncw); + if (!set) { + pb_log("%s: failed to create widgetset\n", __func__); + return; + } + screen->widgetset = set; + + screen->widgets.title_a_l = widget_new_label(set, 0, 0, + _("This action requires authorisation.")); + screen->widgets.title_b_l = widget_new_label(set, 0, 0, + _("Please enter the system password.")); + + screen->widgets.password_f = widget_new_textbox(set, 0, 0, + COLS - 20 - 20, ""); + + if (screen->set_password) { + screen->widgets.new_l = widget_new_label(set, 0, 0, + _("New password:")); + screen->widgets.new_f = widget_new_textbox(set, 0, 0, + COLS - 20 - 20, ""); + } + + screen->widgets.ok_b = widget_new_button(set, 0, 0, 10, _("OK"), + ok_click, screen); + screen->widgets.cancel_b = widget_new_button(set, 0, 0, 10, _("Cancel"), + cancel_click, screen); + + auth_screen_layout_widgets(screen); +} + +static int auth_screen_destroy(void *arg) +{ + struct auth_screen *screen = arg; + if (screen->scr.sub_ncw) + delwin(screen->scr.sub_ncw); + return 0; +} + +struct auth_screen *auth_screen_init(struct cui *cui, + WINDOW *parent, bool set_password, + void (*callback)(struct nc_scr *), + void (*on_exit)(struct cui *)) +{ + struct auth_screen *screen = NULL; + struct nc_scr *scr; + int y, x; + + if (!cui || !parent) + return NULL; + + screen = talloc_zero(cui, struct auth_screen); + if (!screen) + return NULL; + talloc_set_destructor(screen, auth_screen_destroy); + + screen->cui = cui; + screen->return_scr = cui->current; + screen->set_password = set_password; + screen->callback = callback; + screen->on_exit = on_exit; + screen->label_x = 5; + screen->field_x = 10; + + /* + * Manually init our nc_scr: we only want to create the subwin and + * 'inherit' the parent window. + */ + scr = &screen->scr; + scr->sig = pb_auth_screen_sig; + scr->ui_ctx = cui; + scr->process_key = auth_screen_process_key; + scr->post = auth_screen_post; + scr->unpost = auth_screen_unpost; + scr->resize = NULL; + + + getbegyx(parent, y, x); + /* Hold on to the real offset from the top of the screen */ + screen->offset_y = y + 5; + (void)x; + + scr->main_ncw = parent; + scr->sub_ncw = derwin(parent, set_password ? 15 : 10, COLS - 20, + 5, 10); /* relative to parent origin */ + if (!scr->sub_ncw) { + pb_log("Could not create subwin\n"); + goto err; + } + + auth_screen_draw(screen); + + return screen; +err: + pb_log("failed to create auth screen\n"); + if (screen) { + if (screen->scr.sub_ncw) + delwin(screen->scr.sub_ncw); + talloc_free(screen); + } + return NULL; +} diff --git a/ui/ncurses/nc-auth.h b/ui/ncurses/nc-auth.h new file mode 100644 index 00000000..e8e41482 --- /dev/null +++ b/ui/ncurses/nc-auth.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef _NC_AUTH_H +#define _NC_AUTH_H + +#include "nc-cui.h" + +struct auth_screen; + +struct auth_screen *auth_screen_init(struct cui *cui, + WINDOW *pad, bool set_password, + void (callback)(struct nc_scr *), + void (*on_exit)(struct cui *)); + +struct nc_scr *auth_screen_scr(struct auth_screen *screen); +struct nc_scr *auth_screen_return_scr(struct auth_screen *screen); + +#endif /* define _NC_AUTH_H */ diff --git a/ui/ncurses/nc-config.c b/ui/ncurses/nc-config.c index 51861763..4685fa5d 100644 --- a/ui/ncurses/nc-config.c +++ b/ui/ncurses/nc-config.c @@ -29,11 +29,12 @@ #include #include +#include "ui/common/discover-client.h" #include "nc-cui.h" #include "nc-config.h" #include "nc-widgets.h" -#define N_FIELDS 48 +#define N_FIELDS 49 extern struct help_text config_help_text; @@ -51,7 +52,6 @@ struct config_screen { bool exit; bool show_help; - bool show_subset; bool need_redraw; bool need_update; @@ -118,6 +118,8 @@ struct config_screen { struct nc_widget_label *manual_console_l; struct nc_widget_label *current_console_l; + struct nc_widget_button *update_password_l; + struct nc_widget_label *net_override_l; struct nc_widget_label *safe_mode; struct nc_widget_button *ok_b; @@ -175,7 +177,7 @@ static void config_screen_process_key(struct nc_scr *scr, int key) cui_show_help(screen->cui, _("System Configuration"), &config_help_text); - } else if (handled && !screen->show_subset) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } @@ -370,15 +372,39 @@ static int screen_process_form(struct config_screen *screen) return 0; } +static void config_screen_config_cb(struct nc_scr *scr) +{ + struct config_screen *screen = config_screen_from_scr(scr); + + if (!screen_process_form(screen)) + screen->exit = true; +} + +#ifdef CRYPT_SUPPORT +static void password_click(void *arg) +{ + struct config_screen *screen = arg; + + screen->need_update = true; + cui_show_auth(screen->cui, screen->scr.main_ncw, true, NULL); +} +#endif + static void ok_click(void *arg) { struct config_screen *screen = arg; - if (screen_process_form(screen)) - /* errors are written to the status line, so we'll need - * to refresh */ - wrefresh(screen->scr.main_ncw); - else - screen->exit = true; + + if (discover_client_authenticated(screen->cui->client)) { + if (screen_process_form(screen)) + /* errors are written to the status line, so we'll need + * to refresh */ + wrefresh(screen->scr.main_ncw); + else + screen->exit = true; + } else { + cui_show_auth(screen->cui, screen->scr.main_ncw, false, + config_screen_config_cb); + } } static void help_click(void *arg) @@ -650,6 +676,12 @@ static void config_screen_layout_widgets(struct config_screen *screen) screen->widgets.current_console_l), false); } +#ifdef CRYPT_SUPPORT + widget_move(widget_button_base(screen->widgets.update_password_l), + y, screen->field_x); + y += 2; +#endif + if (screen->net_override) { widget_move(widget_label_base(screen->widgets.net_override_l), y, screen->label_x); @@ -705,7 +737,6 @@ static void config_screen_add_device(void *arg) { struct config_screen *screen = arg; - screen->show_subset = true; cui_show_subset(screen->cui, _("Select a boot device to add"), screen->widgets.boot_order_f); } @@ -1113,6 +1144,11 @@ static void config_screen_setup_widgets(struct config_screen *screen, ttyname(STDIN_FILENO)); screen->widgets.current_console_l = widget_new_label(set, 0 , 0, tty); +#ifdef CRYPT_SUPPORT + screen->widgets.update_password_l = widget_new_button(set, 0, 0, 30, + _("Update system password"), password_click, screen); +#endif + screen->widgets.ok_b = widget_new_button(set, 0, 0, 10, _("OK"), ok_click, screen); screen->widgets.help_b = widget_new_button(set, 0, 0, 10, _("Help"), @@ -1212,7 +1248,12 @@ void config_screen_update(struct config_screen *screen, static int config_screen_post(struct nc_scr *scr) { struct config_screen *screen = config_screen_from_scr(scr); - screen->show_subset = false; + + /* We may have been posted after an auth action completed */ + if (screen->exit) { + screen->on_exit(screen->cui); + return 0; + } if (screen->need_update) { config_screen_draw(screen, screen->cui->config, @@ -1262,7 +1303,6 @@ struct config_screen *config_screen_init(struct cui *cui, screen->field_x = 17; screen->ipmi_override = false; - screen->show_subset = false; screen->scr.frame.ltitle = talloc_strdup(screen, _("Petitboot System Configuration")); diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 3c754546..88b8a91c 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -47,6 +47,7 @@ #include "nc-statuslog.h" #include "nc-subset.h" #include "nc-plugin.h" +#include "nc-auth.h" #include "console-codes.h" extern const struct help_text main_menu_help_text; @@ -307,6 +308,26 @@ static int cui_boot(struct pmenu_item *item) return 0; } +static void cui_boot_cb(struct nc_scr *scr) +{ + struct pmenu *menu = pmenu_from_scr(scr); + + if (pmenu_find_selected(menu)) + cui_boot(pmenu_find_selected(menu)); +} + +static int cui_boot_check(struct pmenu_item *item) +{ + struct cui *cui = cui_from_item(item); + + if (discover_client_authenticated(cui->client)) + return cui_boot(item); + + cui_show_auth(cui, item->pmenu->scr.main_ncw, false, cui_boot_cb); + + return 0; +} + static void cui_boot_editor_on_exit(struct cui *cui, struct pmenu_item *item, struct pb_boot_data *bd) @@ -338,7 +359,7 @@ static void cui_boot_editor_on_exit(struct cui *cui, } item->on_edit = cui_item_edit; - item->on_execute = cui_boot; + item->on_execute = cui_boot_check; item->data = cod; talloc_steal(item, cod); @@ -397,6 +418,52 @@ void cui_item_new(struct pmenu *menu) cui_set_current(cui, boot_editor_scr(cui->boot_editor)); } + +/* Call pb-plugin to install a plugin specified by plugin_file */ +static int cui_install_plugin(struct pmenu_item *item) +{ + struct cui *cui = cui_from_item(item); + struct cui_opt_data *cod = cod_from_item(item); + int rc; + + rc = cui_send_plugin_install(cui, cod->pd->plugin_file); + + if (rc) { + pb_log("cui_send_plugin_install failed!\n"); + nc_scr_status_printf(cui->current, + _("Failed to send install request")); + } else { + nc_scr_status_printf(cui->current, _("Installing plugin %s"), + cod->pd->plugin_file); + pb_debug("cui_send_plugin_install sent!\n"); + } + + return rc; +} + +static void cui_plugin_install_cb(struct nc_scr *scr) +{ + struct pmenu *menu = pmenu_from_scr(scr); + + if (pmenu_find_selected(menu)) + cui_install_plugin(pmenu_find_selected(menu)); + else + pb_debug("%s: no current item\n", __func__); +} + +static int cui_plugin_install_check(struct pmenu_item *item) +{ + struct cui *cui = cui_from_item(item); + + if (discover_client_authenticated(cui->client)) + return cui_install_plugin(item); + + cui_show_auth(cui, item->pmenu->scr.main_ncw, false, + cui_plugin_install_cb); + + return 0; +} + static void cui_sysinfo_exit(struct cui *cui) { cui_set_current(cui, &cui->main->scr); @@ -535,6 +602,39 @@ void cui_show_subset(struct cui *cui, const char *title, cui_set_current(cui, subset_screen_scr(cui->subset_screen)); } +static void cui_auth_exit(struct cui *cui) +{ + struct nc_scr *return_scr = auth_screen_return_scr(cui->auth_screen); + + /* + * Destroy the auth screen first so that the subwindow is cleaned up + * before the return_scr posts. If we don't do this operations on the + * main_ncw can cause a blank screen at first (eg. status update). + */ + nc_scr_unpost(cui->current); + talloc_free(cui->auth_screen); + cui->auth_screen = NULL; + + cui->current = return_scr; + nc_scr_post(cui->current); +} + +void cui_show_auth(struct cui *cui, WINDOW *parent, bool set_password, + void (*callback)(struct nc_scr *)) +{ + if (!cui->current) + return; + + if (cui->auth_screen) + return; + + cui->auth_screen = auth_screen_init(cui, parent, set_password, + callback, cui_auth_exit); + + if (cui->auth_screen) + cui_set_current(cui, auth_screen_scr(cui->auth_screen)); +} + /** * cui_set_current - Set the currently active screen and redraw it. */ @@ -769,10 +869,10 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, if (plugin_option) { i->on_edit = NULL; - i->on_execute = plugin_install_plugin; + i->on_execute = cui_plugin_install_check; } else { i->on_edit = cui_item_edit; - i->on_execute = cui_boot; + i->on_execute = cui_boot_check; } i->data = cod = talloc(i, struct cui_opt_data); @@ -1202,7 +1302,7 @@ static void cui_update_sysinfo(struct system_info *sysinfo, void *arg) cui_update_mm_title(cui); } -static void cui_update_language(struct cui *cui, char *lang) +void cui_update_language(struct cui *cui, const char *lang) { bool repost_menu; char *cur_lang; @@ -1266,6 +1366,17 @@ int cui_send_plugin_install(struct cui *cui, char *file) return discover_client_send_plugin_install(cui->client, file); } +int cui_send_authenticate(struct cui *cui, char *password) +{ + return discover_client_send_authenticate(cui->client, password); +} + +int cui_send_set_password(struct cui *cui, char *password, char *new_password) +{ + return discover_client_send_set_password(cui->client, password, + new_password); +} + void cui_send_reinit(struct cui *cui) { discover_client_send_reinit(cui->client); @@ -1295,10 +1406,38 @@ static int menu_statuslog_execute(struct pmenu_item *item) return 0; } +static void menu_reinit_cb(struct nc_scr *scr) +{ + struct pmenu *menu = pmenu_from_scr(scr); + + cui_send_reinit(cui_from_pmenu(menu)); +} + static int menu_reinit_execute(struct pmenu_item *item) { - if (cui_from_item(item)->client) - cui_send_reinit(cui_from_item(item)); + struct cui *cui = cui_from_item(item); + + if (!cui->client) + return 0; + + /* If we don't need to authenticate, send the reinit immediately */ + if (discover_client_authenticated(cui->client)) { + cui_send_reinit(cui); + return 0; + } + + if (!cui->current) + return 0; + + if (cui->auth_screen) + return 0; + + cui->auth_screen = auth_screen_init(cui, cui->current->main_ncw, + false, menu_reinit_cb, cui_auth_exit); + + if (cui->auth_screen) + cui_set_current(cui, auth_screen_scr(cui->auth_screen)); + return 0; } diff --git a/ui/ncurses/nc-cui.h b/ui/ncurses/nc-cui.h index abe4db98..8fa27aa7 100644 --- a/ui/ncurses/nc-cui.h +++ b/ui/ncurses/nc-cui.h @@ -73,6 +73,7 @@ struct cui { struct help_screen *help_screen; struct subset_screen *subset_screen; struct statuslog_screen *statuslog_screen; + struct auth_screen *auth_screen; struct pjs *pjs; void *platform_info; unsigned int default_item; @@ -98,9 +99,13 @@ void cui_show_subset(struct cui *cui, const char *title, void cui_show_add_url(struct cui *cui); void cui_show_plugin(struct pmenu_item *item); void cui_show_plugin_menu(struct cui *cui); +void cui_show_auth(struct cui *cui, WINDOW *parent, bool set_password, + void (*callback)(struct nc_scr *)); int cui_send_config(struct cui *cui, struct config *config); int cui_send_url(struct cui *cui, char *url); int cui_send_plugin_install(struct cui *cui, char *file); +int cui_send_authenticate(struct cui *cui, char *password); +int cui_send_set_password(struct cui *cui, char *password, char *new_password); void cui_send_reinit(struct cui *cui); /* convenience routines */ @@ -112,6 +117,7 @@ void cui_abort_on_exit(struct pmenu *menu); void cui_on_open(struct pmenu *menu); int cui_run_cmd(struct cui *cui, const char **cmd_argv); int cui_run_cmd_from_item(struct pmenu_item *item); +void cui_update_language(struct cui *cui, const char *lang); static inline struct cui *cui_from_arg(void *arg) { diff --git a/ui/ncurses/nc-lang.c b/ui/ncurses/nc-lang.c index a7c9ccc5..91d86e10 100644 --- a/ui/ncurses/nc-lang.c +++ b/ui/ncurses/nc-lang.c @@ -29,11 +29,12 @@ #include #include +#include "ui/common/discover-client.h" #include "nc-cui.h" #include "nc-lang.h" #include "nc-widgets.h" -#define N_FIELDS 5 +#define N_FIELDS 7 static struct lang { const char *name; @@ -70,6 +71,9 @@ struct lang_screen { struct nc_widget_select *lang_f; struct nc_widget_label *lang_l; + struct nc_widget_label *save_l; + struct nc_widget_checkbox *save_cb; + struct nc_widget_label *safe_mode; struct nc_widget_button *ok_b; struct nc_widget_button *cancel_b; @@ -115,12 +119,55 @@ static void lang_screen_process_key(struct nc_scr *scr, int key) if (screen->exit) { screen->on_exit(screen->cui); - - } else if (handled) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } +static const char *lang_get_lang_name(struct lang_screen *screen) +{ + struct lang *lang; + int idx; + + idx = widget_select_get_value(screen->widgets.lang_f); + + /* Option -1 ("Unknown") can only be populated from the current + * language, so there's no change here */ + if (idx == -1) + return NULL; + + lang = &languages[idx]; + + return lang->name; +} + +static int lang_process_form(struct lang_screen *screen) +{ + struct config *config; + const char *lang; + int rc; + + config = config_copy(screen, screen->cui->config); + + lang = lang_get_lang_name(screen); + + if (!lang || (config->lang && !strcmp(lang, config->lang))) + return 0; + + config->lang = talloc_strdup(screen, lang); + + config->safe_mode = false; + rc = cui_send_config(screen->cui, config); + talloc_free(config); + + if (rc) + pb_log("cui_send_config failed!\n"); + else + pb_debug("config sent!\n"); + + return 0; +} + static void lang_screen_resize(struct nc_scr *scr) { struct lang_screen *screen = lang_screen_from_scr(scr); @@ -130,6 +177,10 @@ static void lang_screen_resize(struct nc_scr *scr) static int lang_screen_post(struct nc_scr *scr) { struct lang_screen *screen = lang_screen_from_scr(scr); + + if (screen->exit) + screen->on_exit(screen->cui); + widgetset_post(screen->widgetset); nc_scr_frame_draw(scr); wrefresh(screen->scr.main_ncw); @@ -149,49 +200,39 @@ struct nc_scr *lang_screen_scr(struct lang_screen *screen) return &screen->scr; } -static int lang_process_form(struct lang_screen *screen) +static void lang_screen_update_cb(struct nc_scr *scr) { - struct config *config; - struct lang *lang; - int idx, rc; - - config = config_copy(screen, screen->cui->config); - - idx = widget_select_get_value(screen->widgets.lang_f); - - /* Option -1 ("Unknown") can only be populated from the current - * language, so there's no change here */ - if (idx == -1) - return 0; - - lang = &languages[idx]; - - if (config->lang && !strcmp(lang->name, config->lang)) - return 0; - - config->lang = talloc_strdup(screen, lang->name); - - config->safe_mode = false; - rc = cui_send_config(screen->cui, config); - talloc_free(config); - - if (rc) - pb_log("cui_send_config failed!\n"); - else - pb_debug("config sent!\n"); + struct lang_screen *screen = lang_screen_from_scr(scr); - return 0; + if (!lang_process_form(screen)) + screen->exit = true; } static void ok_click(void *arg) { struct lang_screen *screen = arg; - if (lang_process_form(screen)) - /* errors are written to the status line, so we'll need - * to refresh */ - wrefresh(screen->scr.main_ncw); - else + const char *lang; + + if (!widget_checkbox_get_value(screen->widgets.save_cb)) { + /* Just update the client display */ + lang = lang_get_lang_name(screen); + if (lang) + cui_update_language(screen->cui, lang); screen->exit = true; + return; + } + + if (discover_client_authenticated(screen->cui->client)) { + if (lang_process_form(screen)) + /* errors are written to the status line, so we'll need + * to refresh */ + wrefresh(screen->scr.main_ncw); + else + screen->exit = true; + } else { + cui_show_auth(screen->cui, screen->scr.main_ncw, false, + lang_screen_update_cb); + } } static void cancel_click(void *arg) @@ -221,6 +262,10 @@ static void lang_screen_layout_widgets(struct lang_screen *screen) y += 1; + y += layout_pair(screen, y, screen->widgets.save_l, + widget_checkbox_base(screen->widgets.save_cb)); + y += 1; + if (screen->cui->config->safe_mode) { widget_move(widget_label_base(screen->widgets.safe_mode), y, screen->field_x); @@ -289,6 +334,10 @@ static void lang_screen_setup_widgets(struct lang_screen *screen, label, true); } + screen->widgets.save_l = widget_new_label(set, 0, 0, + _("Save changes?")); + screen->widgets.save_cb = widget_new_checkbox(set, 0, 0, false); + if (config->safe_mode) screen->widgets.safe_mode = widget_new_label(set, 0, 0, _("Selecting 'OK' will exit safe mode")); @@ -325,7 +374,7 @@ static void lang_screen_draw(struct lang_screen *screen, bool repost = false; int height; - height = ARRAY_SIZE(languages) + 4; + height = ARRAY_SIZE(languages) + N_FIELDS + 4; if (!screen->pad || getmaxy(screen->pad) < height) { if (screen->pad) delwin(screen->pad); diff --git a/ui/ncurses/nc-plugin.c b/ui/ncurses/nc-plugin.c index ad8210f0..f897cc8e 100644 --- a/ui/ncurses/nc-plugin.c +++ b/ui/ncurses/nc-plugin.c @@ -40,6 +40,8 @@ extern const struct help_text plugin_help_text; +static void plugin_run_command(void *arg); + struct plugin_screen { struct nc_scr scr; struct cui *cui; @@ -48,6 +50,7 @@ struct plugin_screen { bool exit; bool show_help; + bool show_auth_run; bool need_redraw; void (*on_exit)(struct cui *); @@ -160,7 +163,7 @@ static void plugin_screen_process_key(struct nc_scr *scr, int key) cui_show_help(screen->cui, _("Petitboot Plugin"), &plugin_help_text); - } else if (handled) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } @@ -178,6 +181,12 @@ static int plugin_screen_post(struct nc_scr *scr) } wrefresh(screen->scr.main_ncw); pad_refresh(screen); + + if (screen->show_auth_run) { + screen->show_auth_run = false; + plugin_run_command(screen); + } + return 0; } @@ -232,28 +241,21 @@ static void plugin_run_command(void *arg) talloc_free(cmd); } -/* Call pb-plugin to install a plugin specified by plugin_file */ -int plugin_install_plugin(struct pmenu_item *item) +static void plugin_run_command_check(void *arg) { - struct cui *cui = cui_from_item(item); - struct cui_opt_data *cod = cod_from_item(item); - int rc; - - assert(cui->current == &cui->plugin_menu->scr); - - nc_scr_status_printf(cui->current, _("Installing plugin %s"), - cod->pd->plugin_file); - - rc = cui_send_plugin_install(cui, cod->pd->plugin_file); + struct plugin_screen *screen = arg; - if (rc) { - pb_log("cui_send_plugin_install failed!\n"); - nc_scr_status_printf(cui->current, - _("Failed to send install request")); - } else - pb_debug("cui_send_plugin_install sent!\n"); + if (discover_client_authenticated(screen->cui->client)) { + plugin_run_command(screen); + return; + } - return rc; + /* + * Don't supply a callback as we want to handle running the command + * from the plugin screen. + */ + screen->show_auth_run = true; + cui_show_auth(screen->cui, screen->scr.main_ncw, false, NULL); } static void plugin_screen_setup_widgets(struct plugin_screen *screen) @@ -291,7 +293,7 @@ static void plugin_screen_setup_widgets(struct plugin_screen *screen) } screen->widgets.run_b = widget_new_button(set, 0, 0, 30, - _("Run selected command"), plugin_run_command, screen); + _("Run selected command"), plugin_run_command_check, screen); } static int layout_pair(struct plugin_screen *screen, int y, diff --git a/ui/ncurses/nc-plugin.h b/ui/ncurses/nc-plugin.h index 6dfd4aef..398b7c72 100644 --- a/ui/ncurses/nc-plugin.h +++ b/ui/ncurses/nc-plugin.h @@ -29,6 +29,4 @@ struct plugin_screen *plugin_screen_init(struct cui *cui, struct nc_scr *plugin_screen_scr(struct plugin_screen *screen); void plugin_screen_update(struct plugin_screen *screen); -int plugin_install_plugin(struct pmenu_item *item); - #endif /* defined _NC_PLUGIN_H */ diff --git a/ui/ncurses/nc-scr.h b/ui/ncurses/nc-scr.h index 5671a6b7..9f46f99b 100644 --- a/ui/ncurses/nc-scr.h +++ b/ui/ncurses/nc-scr.h @@ -50,6 +50,7 @@ enum pb_nc_sig { pb_add_url_screen_sig = 888, pb_subset_screen_sig = 101, pb_plugin_screen_sig = 202, + pb_auth_screen_sig = 303, pb_removed_sig = -999, }; diff --git a/ui/ncurses/nc-widgets.h b/ui/ncurses/nc-widgets.h index a946c4f5..7339e231 100644 --- a/ui/ncurses/nc-widgets.h +++ b/ui/ncurses/nc-widgets.h @@ -16,6 +16,7 @@ */ #ifndef NC_WIDGETS_H +#define NC_WIDGETS_H struct nc_widgetset; struct nc_widget_label; From patchwork Thu Nov 22 23:36:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1002073 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 431G9l5YT0z9s0n for ; Fri, 23 Nov 2018 10:39:07 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="RWCBmMb1"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="cEuCm+r9"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 431G9l352CzDqSW for ; Fri, 23 Nov 2018 10:39:07 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="RWCBmMb1"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="cEuCm+r9"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="RWCBmMb1"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="cEuCm+r9"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 431G7R3bN4zDqRw for ; Fri, 23 Nov 2018 10:37:07 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 31F1821B88; Thu, 22 Nov 2018 18:37:04 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 22 Nov 2018 18:37:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=rUlfTuvVDUcIuDkrh4wXG68pGZxWRKYPSIv43ESWhV4=; b=RWCBm Mb1xRhHKN86PheZpmyNOdFgNGF0P5psxmg6+Fy+AATph2nWW3P7Dx5TWvX8blyw9 t1mOUnKddZRzNIdj9RrhTDztPrDKXJQsMcqHEfbef3Y3oNfjSki+cEvKoT49WcnN VlmhmcCpT0Hyvgfbjm3iC4stINhxJ/7p5W76iMo3TCcX4mWOsg0ulLcxwd3SwXm+ 8+5JhJn7fPQDSByCTQK/XDJPNTGDRHmVHSW3KUlDocd0az2t5hGP47obFJI1ER6c kKS+BAaZ9qaNZgwFTyEN7nvRHf8tCihEkPFVT7I9Z1REq/0+Chdq3bQdDKFl/NES ZtzmG00MwWiqAXnYw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=rUlfTuvVDUcIuDkrh4wXG68pGZxWRKYPSIv43ESWhV4=; b=cEuCm+r9 MXLRUneWiyxhHmqQvmx7tDGM1XgUo/YYN1LXPGWHc2NrHYGXX9WevtjPvAtTLyYy fFtCvGV+dPEHOMWzM+qPDOi1zfeLDRG2+yAkKWWlTSFIzuj4tlODhTtlLMl6xzIb hHIMuUhwtdhuilM72crlT7UK2XbQ8Gtkxkl+uFf0gw7SwR/14UyqbtRvVmHIUKQ4 6EXgJRE/aDKTO6lyNTZQGJzs/SoEfToqxZKb27dQSaehu/tOXAX9Y6RbeX5QJNEw V8EXJYw3ZTCnzpYftUG6UNUKZ7b0Hmlxf21EvRCx01ioL3XeGxLCRbQ82CG4/IYc XHintpMCg5rmlg== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id BB77C102DE; Thu, 22 Nov 2018 18:37:02 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH 13/13] ui/ncurses: Keep track of the default boot option Date: Fri, 23 Nov 2018 10:36:30 +1100 Message-Id: <20181122233630.6303-14-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181122233630.6303-1-sam@mendozajonas.com> References: <20181122233630.6303-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Keep track of the default boot option, and prefix its display name with a '(*)' to point it out to the user. This avoids having to authenticate with pb-discover even if only booting the default option. Signed-off-by: Samuel Mendoza-Jonas --- discover/device-handler.c | 4 ++++ lib/pb-protocol/pb-protocol.c | 6 ++++++ lib/types/types.h | 1 + ui/ncurses/nc-cui.c | 35 +++++++++++++++++++++++++++++++++-- 4 files changed, 44 insertions(+), 2 deletions(-) diff --git a/discover/device-handler.c b/discover/device-handler.c index 3c7943e1..6ccf26c3 100644 --- a/discover/device-handler.c +++ b/discover/device-handler.c @@ -930,6 +930,10 @@ static void set_default(struct device_handler *handler, return; } + if (handler->default_boot_option) + handler->default_boot_option->option->is_autoboot_default = false; + opt->option->is_autoboot_default = true; + handler->sec_to_boot = config_get()->autoboot_timeout_sec; handler->default_boot_option = opt; handler->default_boot_option_priority = new_prio; diff --git a/lib/pb-protocol/pb-protocol.c b/lib/pb-protocol/pb-protocol.c index 5de382d2..d8771fcb 100644 --- a/lib/pb-protocol/pb-protocol.c +++ b/lib/pb-protocol/pb-protocol.c @@ -204,6 +204,7 @@ int pb_protocol_boot_option_len(const struct boot_option *opt) 4 + optional_strlen(opt->boot_args) + 4 + optional_strlen(opt->args_sig_file) + sizeof(opt->is_default) + + sizeof(opt->is_autoboot_default) + sizeof(opt->type); } @@ -434,6 +435,8 @@ int pb_protocol_serialise_boot_option(const struct boot_option *opt, *(bool *)pos = opt->is_default; pos += sizeof(bool); + *(bool *)pos = opt->is_autoboot_default; + pos += sizeof(bool); *(uint32_t *)pos = __cpu_to_be32(opt->type); pos += 4; @@ -925,6 +928,9 @@ int pb_protocol_deserialise_boot_option(struct boot_option *opt, opt->is_default = *(bool *)(pos); pos += sizeof(bool); len -= sizeof(bool); + opt->is_autoboot_default = *(bool *)(pos); + pos += sizeof(bool); + len -= sizeof(bool); if (read_u32(&pos, &len, &opt->type)) return -1; diff --git a/lib/types/types.h b/lib/types/types.h index f5392c89..39760d91 100644 --- a/lib/types/types.h +++ b/lib/types/types.h @@ -54,6 +54,7 @@ struct boot_option { char *boot_args; char *args_sig_file; bool is_default; + bool is_autoboot_default; struct list_item list; diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 88b8a91c..16e8c286 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -318,11 +318,16 @@ static void cui_boot_cb(struct nc_scr *scr) static int cui_boot_check(struct pmenu_item *item) { + struct cui_opt_data *cod = cod_from_item(item); struct cui *cui = cui_from_item(item); if (discover_client_authenticated(cui->client)) return cui_boot(item); + /* Client doesn't need authentication to boot the default option */ + if (cui->default_item == cod->opt_hash) + return cui_boot(item); + cui_show_auth(cui, item->pmenu->scr.main_ncw, false, cui_boot_cb); return 0; @@ -858,8 +863,9 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, dev_hdr = pmenu_find_device(menu, dev, opt); /* All actual boot entries are 'tabbed' across */ - name = talloc_asprintf(menu, "%s%s", - tab, opt->name ? : "Unknown Name"); + name = talloc_asprintf(menu, "%s%s%s", + tab, opt->is_autoboot_default ? "(*) " : "", + opt->name ? : "Unknown Name"); /* Save the item in opt->ui_info for cui_device_remove() */ opt->ui_info = i = pmenu_item_create(menu, name); @@ -944,6 +950,27 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, pb_log_fn("set_menu_items failed: %d\n", result); } + /* Update the default option */ + if (opt->is_autoboot_default) { + struct cui_opt_data *tmp; + struct pmenu_item *item; + unsigned int j; + if (cui->default_item) { + for (j = 0; j < cui->main->item_count; j++) { + item = item_userptr(cui->main->items[j]); + tmp = cod_from_item(item); + if (tmp->opt_hash == cui->default_item) { + char *label = talloc_asprintf(menu, "%s%s", + tab, tmp->name ? : "Unknown Name"); + pmenu_item_update(item, label); + talloc_free(label); + break; + } + } + } + cui->default_item = cod->opt_hash; + } + /* Re-attach the items array. */ result = set_menu_items(menu->ncm, menu->items); @@ -988,6 +1015,7 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, static void cui_device_remove(struct device *dev, void *arg) { struct cui *cui = cui_from_arg(arg); + struct cui_opt_data *cod; struct boot_option *opt; unsigned int i; int rows, cols, top, last; @@ -1010,6 +1038,9 @@ static void cui_device_remove(struct device *dev, void *arg) list_for_each_entry(&dev->boot_options, opt, list) { struct pmenu_item *item = pmenu_item_from_arg(opt->ui_info); + cod = cod_from_item(item); + if (cui->default_item == cod->opt_hash) + cui->default_item = 0; assert(pb_protocol_device_cmp(dev, cod_from_item(item)->dev)); if (opt->type == DISCOVER_PLUGIN_OPTION)