From patchwork Wed Nov 28 04:20:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004178 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SBt5f68z9s1c for ; Wed, 28 Nov 2018 15:21:10 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="JR4e+MKE"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="kSQGqBSQ"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SBt3yq2zDqhH for ; Wed, 28 Nov 2018 15:21:10 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="JR4e+MKE"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="kSQGqBSQ"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="JR4e+MKE"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="kSQGqBSQ"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SB72r3zzDqfV for ; Wed, 28 Nov 2018 15:20:30 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 680262297C; Tue, 27 Nov 2018 23:20:26 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=o59YH22o+gF0PjrNrkLU5zXONLahQ8g1r2AI30e58R8=; b=JR4e+ MKEerPobbC7CeQ2nNK+eFAhXCz04PnzrD6OTNEqPlHqSFoAXQzLZ1xnT6f2SnF1D caDlOi49dzveeRgvkO4i9rd3SIgjJMbZ8Yxst9WHVkJ9iH+LEIh51Wz4uV+97WHH Antn98xD4LW8spJTbmbGl3FGIszhxLkxWp5sKcBLVJgWrpSnAbwj6Xsp2UBxX35j oLPPLX2yuVcMZtqzhpwnn+JP9fbcfudPb3oBH4KFVivx/BH4a+FnGUDhGdQgzyIt MrIQ7wNB33Ww3kukfLMuzR78y4VZYTrKcZRg3NVLp+STkNdraEykhwla/h3zjvc+ rxaj+t52mXMn/nfaQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=o59YH22o+gF0PjrNrkLU5zXONLahQ8g1r2AI30e58R8=; b=kSQGqBSQ AhWsqT4mkES9zvqH7DZUtePWUUZnQ6mqX9EeO2hk0JV740UrS1M4lmzwy2aQ2uPD TD56Ik5iISWMsKwVRIRFMBr8u+0kznQ6PAe4e62Oc7Z+xerdPzZSUHEbQXYtfJEz RoJuYlLG5g8LgDXfAdgu6ArmzcUQtae8sBnOU6s14byVMddziYYO1hGSKetcOmkX A1AHzFT6T+7T2gEdq3FWlCuFIRg73qu/D34MqepZbfPvhmj38tGB4g0TE5OAV9ca JICXk/T9pc5rOTLaEFihXjtEUYniNEyTwhjp7LWtE/tdNTkzn2FysT2ID1f2pH7r Wgyik54cntlBlg== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 0733810310; Tue, 27 Nov 2018 23:20:24 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 01/13] utils/pb-console: Support agetty's autologin option Date: Wed, 28 Nov 2018 15:20:00 +1100 Message-Id: <20181128042012.25916-2-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If the getty arguments include '-a' do not set the '-l' option. This implies the environment has been configured with users and will launch the subsequent pb-console instance itself. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-console | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/utils/pb-console b/utils/pb-console index 282fca11..ef9ed0f6 100644 --- a/utils/pb-console +++ b/utils/pb-console @@ -80,12 +80,24 @@ then then getty="$getty_arg" fi + + login_arg="-l$0" + for ttyarg in "$@" + do + # If the getty args include autologin don't override with -l + # and leave calling petitboot-nc to the user's init + if [ "$ttyarg" == "-a" ] + then + login_arg="" + fi + done + if [ "$detach" = 1 ] then - $getty -l $0 "$@" & + $getty $login_arg "$@" & exit else - exec $getty -l $0 "$@" + exec $getty $login_arg "$@" fi fi From patchwork Wed Nov 28 04:20:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004177 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SBc6LXFz9s3Z for ; Wed, 28 Nov 2018 15:20:56 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="SCaXK03v"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BsHFfvVE"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SBc4RR7zDqgS for ; Wed, 28 Nov 2018 15:20:56 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="SCaXK03v"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BsHFfvVE"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="SCaXK03v"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BsHFfvVE"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SB72tSbzDqg4 for ; Wed, 28 Nov 2018 15:20:30 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id E94282096B; Tue, 27 Nov 2018 23:20:27 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=vsImfuXzX2A9KOgelojX5gwh3sS7UiJBcwG2lJmAKXY=; b=SCaXK 03vB6q/rHDc347A5Kd62MjDDNXjSgZoaUGMaM8QS9mRKAEJe1tb40ZlAdWLsPclQ aQG3BpkJCwmaZolrcLBCnoXdcgKRb+N/cnpH2lQVmFf8iHrw9vda6cZzOnvkS9q1 7p/A9ccRG/R91GzZclgXsNSZ1BqGfq1bUBTTG5+MuuBmfbwhjuVZ5/spk/4z7T/n j51Oxz3e5hi8p5nvpaVoK6mr/t5m8IMAUWDxOn5uaTq0zrBaHuE6VVvRrpUw34Se 0f2i7owiRN1mauCjBuc2Q7i/Idsy6gcXlhXk+ayb0YpPM1PtDOoQG3DgliT5tX8D EFCFrH2hliLZag6Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=vsImfuXzX2A9KOgelojX5gwh3sS7UiJBcwG2lJmAKXY=; b=BsHFfvVE g4o3tPpQ0JXUvplf8AAPJFIDzCVvdD1OxImORC1bOpVLMZwO6AQwgKj2qNAxEf+v /T+vkzkD7ea3gh1jQxYjfIuPfgqz6mfDofWZRHgHDB42hPX5nFvzkjxTzLuF2iIZ hO/16/qjbWrWHR4q014O6z+c6YbOx6q6Fye/lZsVk2mY1nL2QgUSMDokoD3EHM3H /EBXKOX0YQHpgXkDfb1lyOGcVD0cBXtkKjvTHnDk8mtOWHMIHOhku5/L1QJcUh8W LqvnKYgtTbWfITSGz0/Jw1yWag/DvVhOmojkR9kWSmR/Ptt1d1YCryWMINJjJ29T uf6Q/+yVPwgFhA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 8CF93102FE; Tue, 27 Nov 2018 23:20:26 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 02/13] utils/pb-sos: Don't create files in root by default Date: Wed, 28 Nov 2018 15:20:01 +1100 Message-Id: <20181128042012.25916-3-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If running in a non-root shell the user will not be able to create or access files in / so operate in the current directory instead. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-sos | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/utils/pb-sos b/utils/pb-sos index e3e8f6bb..44dcabd7 100755 --- a/utils/pb-sos +++ b/utils/pb-sos @@ -43,32 +43,31 @@ do shift done -mkdir -p /$diagdir +mkdir -p $diagdir # Include version of pb-discover -pb-discover --version > /$diagdir/version +pb-discover --version > $diagdir/version # Unconditionally grab relevant /var/log files log "Adding files from /var/log" -cp -r /var/log/messages /var/log/petitboot /$diagdir/ +cp -r /var/log/messages /var/log/petitboot $diagdir/ # Check if pb-discover segfaulted if [ -r $corefile ] then log "Adding core dump" - cp /core /$diagdir/ + cp /core $diagdir/ fi # Copy dmesg log "Adding dmesg" -dmesg > /$diagdir/dmesg +dmesg > $diagdir/dmesg # Add Skiboot log log "Adding Skiboot log" -cat /sys/firmware/opal/msglog > /$diagdir/msglog +cat /sys/firmware/opal/msglog > $diagdir/msglog log "Compressing..." -cd / tar $tarflags $tarfile $diagdir gzip < $tarfile > $tarfile.gz From patchwork Wed Nov 28 04:20:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004179 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SC36xXDz9s1c for ; Wed, 28 Nov 2018 15:21:19 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="Ojd9LI2F"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MhQUB/lg"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SC34fk9zDqg7 for ; Wed, 28 Nov 2018 15:21:19 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="Ojd9LI2F"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MhQUB/lg"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="Ojd9LI2F"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="MhQUB/lg"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SB7754PzDqg7 for ; Wed, 28 Nov 2018 15:20:31 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 87FA822A3B; Tue, 27 Nov 2018 23:20:29 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=BYmjRqbMwzLz6SXhtgP54XVKhxnJJ2XUL+jScsVB/GU=; b=Ojd9L I2FZnfGyqhmQZ2PhBKo+R+cr33AzpGhS7/Sq4IMYFxruVr9fzMK+sa8cDg+7vlVh Nd3/LiGulNvzOaXCnV5Q4VOm/KgWQN09MupFbyNk7WPxZdPGjm9cgJMzVwE2YSVO Gmo8M7lyHeBSnSyrOoHV7xbwQpRatgrCK6dgWCYZLqKcTzXLV0CZDTu+PSkEIurr Lg1fA0bQ47LtT1f1XjSV1NGiGr86kDpOZpT9Fiy031GxgzZPTU7EQxhG51UIkpSI 2lAHmhQN9/u5f3nVxQvQEHI7j4OaMpGslXZC87ABypDs9pyrzctAXA7BtuEaB0Ak pMVuCpuTarg8GXUsg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=BYmjRqbMwzLz6SXhtgP54XVKhxnJJ2XUL+jScsVB/GU=; b=MhQUB/lg 2GOGsyaSmcaO8/IOcWonQN5T5TfVBam07hXbirA08/DgU6km/ptRDtBF0nBaMrjD ivkq6Ojp0f4E+4/LclUFvbZwr0aqhf84NWxGEMzdxAEMoAOUPgtDhwJCTTQobtah mRBJ3/FpE6pFURpK9hMVHcXWzPGIhFOZJmE9ZNpv44PCUiTKpDml62xvF0RK1F/q CutOM2sSng0KsWQbEmSX2a9HN4vuCPboRD3yOXfuAtORUF+1q1884SYYVJd1X9Qf 39HctuB2qB6J5aR4uIXp9eRwdExeHuWyoWeZXrhjz/3nlTKXWecdkX1c2Al3W95F Neb58jkE0bLCJQ== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 1FBC8102F2; Tue, 27 Nov 2018 23:20:27 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 03/13] utils/pb-console: Set up controlling terminal Date: Wed, 28 Nov 2018 15:20:02 +1100 Message-Id: <20181128042012.25916-4-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Enabling job control in the shell. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-console | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/pb-console b/utils/pb-console index ef9ed0f6..62952959 100644 --- a/utils/pb-console +++ b/utils/pb-console @@ -94,7 +94,7 @@ then if [ "$detach" = 1 ] then - $getty $login_arg "$@" & + setsid -c $getty $login_arg "$@" & exit else exec $getty $login_arg "$@" From patchwork Wed Nov 28 04:20:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004176 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SBQ3mr0z9s3Z for ; Wed, 28 Nov 2018 15:20:46 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="iE1ApiP4"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="GrePuKZP"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SBQ1j3dzDqgs for ; Wed, 28 Nov 2018 15:20:46 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="iE1ApiP4"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="GrePuKZP"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="iE1ApiP4"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="GrePuKZP"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SB95QrmzDqgC for ; Wed, 28 Nov 2018 15:20:33 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 1B9B022A45; Tue, 27 Nov 2018 23:20:31 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=r38ADd7r8IGrG2ETqQgm8TKSGUabe9yJdiltNvr/wSs=; b=iE1Ap iP4y1lEa8N/CeOhPw8UvTt4k9yei4kV2S4eikhfs1nIgG/JLDwLn+lkIPiqzTv5k /99UcGyoo8t5uYHbmmVtOQsCYDCx18/DGlU9yS4vwJMMB7BCDtQ7fAdn2Th1xdIR vtAV37BObukQAPlYi5F1yFvR1y4R04SFb5uT2hnjEIIlPzBP6Vns2uL73ghRnl9y iGQ0j59BINDsDMXUiIk6gmK04Ohm2XM2r8dtkLf8QQtQmJvnlhoOMOld8OipfefK cnH2IRD5wcw+xoTViNh6L44ijphfNOMpglq4o7/VNts6VhloNFXLG2J5XOOGYthT AId6mayk0dAzofOfA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=r38ADd7r8IGrG2ETqQgm8TKSGUabe9yJdiltNvr/wSs=; b=GrePuKZP cHH0v9CsdJgRPuZ9r7w80fGtk3l4fVF7EvErhj7JOoLIOJIP/RR/nyCbomCmOc16 kuBuUlYLvOiyDh9qWhLAyPSCZvn6u6gkfURLbdws/QjqU+TRCmqIIeIreq8W1Xni SH1+lpRRjOadMvszhJXh6K5Ced1qttD5nmVFK6rvVvz6JOC0LkvOItpTwuD/J/nZ EVaouirLChiWc84RMZ4neGVYpZBHaJFhlA9qO4JLZNUbWuGvDqXmFEf0PtCr966X unwYhHH4+BWUmu3cOw/k74XVQuAv7IjE4MpQeZgBQbo6i/dRjrR9owC+CqRQL4bQ 7owcu8nsBjcUOw== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id ADD80102F2; Tue, 27 Nov 2018 23:20:29 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 04/13] utils/pb-console: Ignore SIGINT Date: Wed, 28 Nov 2018 15:20:03 +1100 Message-Id: <20181128042012.25916-5-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Trap and ignore SIGINT to avoid a SIGINT intended for petitboot-nc also exiting the parent pb-console script. Signed-off-by: Samuel Mendoza-Jonas --- utils/pb-console | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/pb-console b/utils/pb-console index 62952959..ad601e2e 100644 --- a/utils/pb-console +++ b/utils/pb-console @@ -134,6 +134,8 @@ fi # show particularly important messages dmesg -n 1 +trap '' SIGINT + while : do $ui $verbose_opt From patchwork Wed Nov 28 04:20:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004181 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SCQ45jlz9s1c for ; Wed, 28 Nov 2018 15:21:38 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="pT6PYEYC"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="Bo8Lj19J"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SCQ2Dr1zDqgC for ; Wed, 28 Nov 2018 15:21:38 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="pT6PYEYC"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="Bo8Lj19J"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="pT6PYEYC"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="Bo8Lj19J"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBJ2vgPzDqg7 for ; Wed, 28 Nov 2018 15:20:40 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id EDCD32201E; Tue, 27 Nov 2018 23:20:32 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=3Byqos525mbO5TOmsVI3ICTBk6FfyHHWVf6bi52Gc+I=; b=pT6PY EYC2+UJ30K6POR+KxWy4jgsLZOcWF4qMdKJ2x4jffojxuWwwHgomQs++QkhLQWGG uYYLGl1GmNzx5ddRmuj5QcMPjWiCtBAeC5sbrzrJ+I0vTjp93HqUrQ5moMIGwmk0 R36GATQO8Of85Sj6AnxVlJjWd6zTM7us7vIwEeBSUX2g2/YwqgoOV8uDeS6WFW7F mtU7h0y5bxc4SgAnO+lsZMHrr4JV9RK56eI0tPgJCoyphhvunSGARD1B6skmRuou Ws2UcY2Z/JnxQoDuERauOZ4Ka1FW+RlsqLMgQ0/5M7gzF5q27YX5ITEgv2r/Rudi unHmYX+o2TmBbiZdg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=3Byqos525mbO5TOmsVI3ICTBk6FfyHHWVf6bi52Gc+I=; b=Bo8Lj19J G/NaCgGdxW9HERKJfIUm7gz9CKUtGqVD5q8phhK8rohtqCQCgU99mkqfWAy9ESEe J/5rGeFqT8dR0kA25HXCvp1q8Fw70cf39lvIWplYW+TiQiqpmXWJ9RiJYowA3BW0 7MdK6mexrmGMa0Ps86fuDLi4WA+5yaA+X9vzy/mD0fYuBsucX9VI+Q80Hnhux1v4 CJ/1JQ9oNpZ5vVgTpxoUipUuHZDNM2r2y24OV2HnHFgvXPqhPqi57RYJaWb/bd+c 0yANGhXS0XHEsDpefILnkDsP08Cuzbqkp30SI3fIxhmfyqIuWdoK00eybvqoRIqU T9NEKfgz37oPrQ== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 48668102F2; Tue, 27 Nov 2018 23:20:31 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 05/13] lib/crypt: Add helpers for operating on /etc/shadow Date: Wed, 28 Nov 2018 15:20:04 +1100 Message-Id: <20181128042012.25916-6-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Provides helper functions for reading, writing, and checking against /etc/shadow. The main use case if for authenticating clients against the "system" password, which is set as the root password. Signed-off-by: Samuel Mendoza-Jonas --- configure.ac | 22 +++++ lib/Makefile.am | 9 ++ lib/crypt/crypt.c | 217 ++++++++++++++++++++++++++++++++++++++++++++++ lib/crypt/crypt.h | 49 +++++++++++ 4 files changed, 297 insertions(+) create mode 100644 lib/crypt/crypt.c create mode 100644 lib/crypt/crypt.h diff --git a/configure.ac b/configure.ac index 2bf6e6f6..4151b002 100644 --- a/configure.ac +++ b/configure.ac @@ -76,6 +76,27 @@ AC_CHECK_LIB([devmapper], [dm_task_create], [AC_MSG_FAILURE([The libdevmapper development library is required by petitboot. Try installing the package libdevmapper-dev or device-mapper-devel.])] ) +AC_ARG_ENABLE( + [crypt], + [AS_HELP_STRING( + [--enable-crypt], + [Include crypt support to enable password use [default=no]] + )], + [], + [enable_crypt=no] +) +AM_CONDITIONAL([ENABLE_CRYPT], [test "x$enable_crypt" = "xyes"]) +AS_IF([test "x$enable_crypt" = "xyes"], + [AC_DEFINE(CRYPT_SUPPORT, 1, [Enable crypt/password support])], + [] +) +AS_IF([test "x$enable_crypt" = "xyes"], + AC_CHECK_LIB([crypt], [crypt], + [CRYPT_LIBS=-lcrypt], + [AC_MSG_FAILURE([shadow/crypt libs required])] + ) +) + AC_ARG_WITH([fdt], AS_HELP_STRING([--without-fdt], [Build without libfdt (default: no)])) @@ -455,6 +476,7 @@ AS_IF( AC_SUBST([UDEV_LIBS]) AC_SUBST([DEVMAPPER_LIBS]) +AC_SUBST([CRYPT_LIBS]) AC_SUBST([FDT_LIBS]) AC_SUBST([LIBFLASH_LIBS]) AC_SUBST([LIBTOOL_DEPS]) diff --git a/lib/Makefile.am b/lib/Makefile.am index 016a14dd..69a66c37 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -35,6 +35,7 @@ lib_libpbcore_la_CFLAGS = \ lib_libpbcore_la_SOURCES = \ lib/ccan/endian/endian.h \ + lib/crypt/crypt.h \ lib/file/file.h \ lib/file/file.c \ lib/fold/fold.h \ @@ -93,3 +94,11 @@ lib_libpbcore_la_SOURCES += \ lib/security/none.c endif endif + +if ENABLE_CRYPT +lib_libpbcore_la_SOURCES += \ + lib/crypt/crypt.c + +lib_libpbcore_la_LDFLAGS += \ + $(CRYPT_LIBS) +endif diff --git a/lib/crypt/crypt.c b/lib/crypt/crypt.c new file mode 100644 index 00000000..b5e183a9 --- /dev/null +++ b/lib/crypt/crypt.c @@ -0,0 +1,217 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "crypt.h" + +int crypt_set_password_hash(void *ctx, const char *hash) +{ + struct spwd **shadow, *entry; + bool found_root; + int rc, i, n; + FILE *fp; + + if (lckpwdf()) { + pb_log("Could not obtain access to shadow file\n"); + return -1; + } + setspent(); + + found_root = false; + shadow = NULL; + n = 0; + + /* Read all entries and modify the root entry */ + errno = 0; + fp = fopen("/etc/shadow", "r"); + if (!fp) { + pb_log("Could not open shadow file, %m\n"); + rc = -1; + goto out; + } + + entry = fgetspent(fp); + while (entry) { + shadow = talloc_realloc(ctx, shadow, struct spwd *, n + 1); + if (!shadow) { + pb_log("Failed to allocate shadow struct\n"); + rc = -1; + goto out; + } + + shadow[n] = talloc_memdup(shadow, entry, sizeof(struct spwd)); + if (!shadow[n]) { + pb_log("Could not duplicate entry for %s\n", + entry->sp_namp); + rc = -1; + goto out; + } + + shadow[n]->sp_namp = talloc_strdup(shadow, entry->sp_namp); + if (strncmp(shadow[n]->sp_namp, "root", strlen("root")) == 0) { + shadow[n]->sp_pwdp = talloc_strdup(shadow, hash); + found_root = true; + } else { + shadow[n]->sp_pwdp = talloc_strdup(shadow, + entry->sp_pwdp); + } + + if (!shadow[n]->sp_namp || !shadow[n]->sp_pwdp) { + pb_log("Failed to allocate new fields for %s\n", + entry->sp_namp); + rc = -1; + goto out; + } + + n++; + entry = fgetspent(fp); + } + + if (n == 0) + pb_debug_fn("No entries found\n"); + + fclose(fp); + + if (!found_root) { + /* Make our own */ + pb_debug_fn("No root user found, creating entry\n"); + shadow = talloc_realloc(ctx, shadow, struct spwd *, n + 1); + if (!shadow) { + pb_log("Failed to allocate shadow struct\n"); + rc = -1; + goto out; + } + + shadow[n] = talloc_zero(shadow, struct spwd); + shadow[n]->sp_namp = talloc_asprintf(shadow, "root"); + shadow[n]->sp_pwdp = talloc_strdup(shadow, hash); + if (!shadow[n]->sp_namp || !shadow[n]->sp_pwdp) { + pb_log("Failed to allocate new fields for root entry\n"); + rc = -1; + goto out; + } + n++; + } + + errno = 0; + fp = fopen("/etc/shadow", "w"); + if (!fp) { + pb_log("Could not open shadow file, %m\n"); + rc = -1; + goto out; + } + + /* Write each entry back to keep the same format in /etc/shadow */ + for (i = 0; i < n; i++) { + rc = putspent(shadow[i], fp); + if (rc) + pb_log("Failed to write back shadow entry for %s!\n", + shadow[i]->sp_namp); + } + + rc = 0; +out: + if (fp) + fclose(fp); + talloc_free(shadow); + endspent(); + ulckpwdf(); + return rc; +} + +static const char *crypt_hash_password(const char *password) +{ + struct spwd *shadow; + char *hash, *salt; + char new_salt[17]; + int i; + + shadow = getspnam("root"); + if (!shadow) { + pb_log("Could not find root shadow\n"); + return NULL; + } + + if (shadow->sp_pwdp && strlen(shadow->sp_pwdp)) { + salt = shadow->sp_pwdp; + } else { + for (i = 0; i < 16; i++) + new_salt[i] = random() % 94 + 32; + new_salt[i] = '\0'; + salt = talloc_asprintf(password, "$6$%s", new_salt); + } + + hash = crypt(password ?: "", salt); + if (!hash) + pb_log("Could not create hash, %m\n"); + + + return hash; +} + + +int crypt_set_password(void *ctx, const char *password) +{ + const char *hash; + + if (!password || !strlen(password)) + return crypt_set_password_hash(ctx, ""); + + hash = crypt_hash_password(password); + if (!hash) + return -1; + + return crypt_set_password_hash(ctx, hash); +} + +char *crypt_get_hash(void *ctx) +{ + struct spwd *shadow; + + shadow = getspnam("root"); + if (!shadow) { + pb_log("Could not find root shadow\n"); + return false; + } + + return talloc_strdup(ctx, shadow->sp_pwdp); +} + +bool crypt_check_password(const char *password) +{ + struct spwd *shadow; + char *hash; + + shadow = getspnam("root"); + if (!shadow) { + pb_log("Could not find root shadow\n"); + return false; + } + + hash = crypt(password ? : "", shadow->sp_pwdp); + if (!hash) { + pb_log("Could not create hash, %m\n"); + return false; + } + + return strncmp(shadow->sp_pwdp, hash, strlen(shadow->sp_pwdp)) == 0; +} diff --git a/lib/crypt/crypt.h b/lib/crypt/crypt.h new file mode 100644 index 00000000..4b242f0c --- /dev/null +++ b/lib/crypt/crypt.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#ifndef CRYPT_H +#define CRYPT_H + +#include "config.h" + +#ifdef CRYPT_SUPPORT + +char *crypt_get_hash(void *ctx); +bool crypt_check_password(const char *password); +int crypt_set_password(void *ctx, const char *password); +int crypt_set_password_hash(void *ctx, const char *hash); + +#else + +static inline char *crypt_get_hash(void *ctx __attribute__((unused))) +{ + return NULL; +} +static inline bool crypt_check_password( + const char *password __attribute__((unused))) +{ + return false; +} +static inline int crypt_set_password(void *ctx __attribute__((unused)), + const char *password __attribute__((unused))) +{ + return -1; +} +static inline int crypt_set_password_hash(void *ctx __attribute__((unused)), + const char *hash __attribute__((unused))) +{ + return -1; +} + +#endif +#endif /* CRYPT_H */ From patchwork Wed Nov 28 04:20:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004184 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SCv4Jrmz9s1c for ; Wed, 28 Nov 2018 15:22:03 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="dsvtN8SR"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="M49LbTDX"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SCv2PDnzDqhD for ; Wed, 28 Nov 2018 15:22:03 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="dsvtN8SR"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="M49LbTDX"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="dsvtN8SR"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="M49LbTDX"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBJ3Fr9zDqgC for ; Wed, 28 Nov 2018 15:20:40 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 8C93322A5B; Tue, 27 Nov 2018 23:20:34 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=ARMfurx3RRgcHjyA6iGXiqndn5/DUoqx4Ci2mD0WkKA=; b=dsvtN 8SRRBQMjiP3eA0BpTUzqjuEMjsGIp/+himpX2CPYINvE7pVOlcGArnnEga5cOuIb BQLnUVkNS5lvIOvdqXX6mPSdLeLvO23SrrIrauVfJeTGQQqHttIWcDawAL+u1+RX 8IE99BoN2Ob+WCS5rWtfh4dez3NaN4FWnuSO9MxQe6y1LWl+P7SsyXuBjMJULtoq T0JqYJ0sD6i7C/eKpR7tWhexQVOXuitn9wpkedbyxNM98va3Dawxsuy1QDP6ZMUk BwZzuJVig6UCnCyMY/+4txHyu6OGp3J/d8QoRQcWPBhrKA+bMmu12RwgyQ/SsXr2 YpRLXVSBb/aJlbrvQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=ARMfurx3RRgcHjyA6iGXiqndn5/DUoqx4Ci2mD0WkKA=; b=M49LbTDX KMeTehtCdeOgAycUZh5T215tNQszNQejFOjtqhxU+PgGQbxShihfPFYuArRCWbYu McqzE4WiD+XMOMeIy8TSWhWwTPmbH/FXFNcFpoz5hZq3NaW1barUE9QRGPrSEHep vgSD+UNbgpzWWqR7FnJlG45ccMVdXrcTUiNTO0ALacP4hhedyO6OdZdIhBS95vGX nxLRYW4Q9XJOlqz6NNsLLkcQZGVu5KH1GSegv5YKqq6PDsROc54ZGGx4Byja+FAH xlRW+Vt91AFLa2ik59s5t0JarvBAZsEwtrn+8aPKiBDQTUtb2iFwpmahN2iv+s0B VL80WgTt+pMpwA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 1D908102DD; Tue, 27 Nov 2018 23:20:32 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 06/13] lib/pb-protocol: Add PB_PROTOCOL_ACTION_AUTHENTICATE Date: Wed, 28 Nov 2018 15:20:05 +1100 Message-Id: <20181128042012.25916-7-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Add a new "authenticate" action. Depending on the 'op' field this is either a) an authentication request, b) a response indicating the result, or c) a request to change the password. Signed-off-by: Samuel Mendoza-Jonas --- lib/pb-protocol/pb-protocol.c | 88 +++++++++++++++++++++++++++++++++++ lib/pb-protocol/pb-protocol.h | 26 +++++++++++ 2 files changed, 114 insertions(+) diff --git a/lib/pb-protocol/pb-protocol.c b/lib/pb-protocol/pb-protocol.c index 7c563c8e..5de382d2 100644 --- a/lib/pb-protocol/pb-protocol.c +++ b/lib/pb-protocol/pb-protocol.c @@ -379,6 +379,25 @@ int pb_protocol_temp_autoboot_len(const struct autoboot_option *opt) return len; } +int pb_protocol_authenticate_len(struct auth_message *msg) +{ + switch (msg->op) { + case AUTH_MSG_REQUEST: + /* enum + password + length */ + return 4 + 4 + optional_strlen(msg->password); + case AUTH_MSG_RESPONSE: + /* enum + bool */ + return 4 + 4; + case AUTH_MSG_SET: + /* enum + password + password */ + return 4 + 4 + optional_strlen(msg->set_password.password) + + 4 + optional_strlen(msg->set_password.new_password); + default: + pb_log("%s: invalid input\n", __func__); + return 0; + } +} + int pb_protocol_serialise_device(const struct device *dev, char *buf, int buf_len) { @@ -703,6 +722,39 @@ int pb_protocol_serialise_temp_autoboot(const struct autoboot_option *opt, return 0; } +int pb_protocol_serialise_authenticate(struct auth_message *msg, + char *buf, int buf_len) +{ + char *pos = buf; + + *(enum auth_msg_type *)pos = msg->op; + pos += sizeof(enum auth_msg_type); + + switch(msg->op) { + case AUTH_MSG_REQUEST: + pos += pb_protocol_serialise_string(pos, msg->password); + break; + case AUTH_MSG_RESPONSE: + *(bool *)pos = msg->authenticated; + pos += sizeof(bool); + break; + case AUTH_MSG_SET: + pos += pb_protocol_serialise_string(pos, + msg->set_password.password); + pos += pb_protocol_serialise_string(pos, + msg->set_password.new_password); + break; + default: + pb_log("%s: invalid msg\n", __func__); + return -1; + }; + + assert(pos <= buf + buf_len); + (void)buf_len; + + return 0; +} + int pb_protocol_write_message(int fd, struct pb_protocol_message *message) { int total_len, rc; @@ -1346,3 +1398,39 @@ int pb_protocol_deserialise_temp_autoboot(struct autoboot_option *opt, out: return rc; } + +int pb_protocol_deserialise_authenticate(struct auth_message *msg, + const struct pb_protocol_message *message) +{ + unsigned int len; + const char *pos; + + len = message->payload_len; + pos = message->payload; + + msg->op = *(enum auth_msg_type *)pos; + pos += sizeof(enum auth_msg_type); + + switch (msg->op) { + case AUTH_MSG_REQUEST: + if (read_string(msg, &pos, &len, &msg->password)) + return -1; + break; + case AUTH_MSG_RESPONSE: + msg->authenticated = *(bool *)pos; + pos += sizeof(bool); + break; + case AUTH_MSG_SET: + if (read_string(msg, &pos, &len, &msg->set_password.password)) + return -1; + if (read_string(msg, &pos, &len, + &msg->set_password.new_password)) + return -1; + break; + default: + pb_log("%s: unable to parse\n", __func__); + return -1; + } + + return 0; +} diff --git a/lib/pb-protocol/pb-protocol.h b/lib/pb-protocol/pb-protocol.h index 14fd8a29..1d6c0485 100644 --- a/lib/pb-protocol/pb-protocol.h +++ b/lib/pb-protocol/pb-protocol.h @@ -27,6 +27,7 @@ enum pb_protocol_action { PB_PROTOCOL_ACTION_PLUGINS_REMOVE = 0xd, PB_PROTOCOL_ACTION_PLUGIN_INSTALL = 0xe, PB_PROTOCOL_ACTION_TEMP_AUTOBOOT = 0xf, + PB_PROTOCOL_ACTION_AUTHENTICATE = 0x10, }; struct pb_protocol_message { @@ -35,6 +36,24 @@ struct pb_protocol_message { char payload[]; }; +enum auth_msg_type { + AUTH_MSG_REQUEST, + AUTH_MSG_RESPONSE, + AUTH_MSG_SET, +}; + +struct auth_message { + enum auth_msg_type op; + union { + bool authenticated; + char *password; + struct { + char *password; + char *new_password; + } set_password; + }; +}; + void pb_protocol_dump_device(const struct device *dev, const char *text, FILE *stream); int pb_protocol_device_len(const struct device *dev); @@ -46,6 +65,7 @@ int pb_protocol_config_len(const struct config *config); int pb_protocol_url_len(const char *url); int pb_protocol_plugin_option_len(const struct plugin_option *opt); int pb_protocol_temp_autoboot_len(const struct autoboot_option *opt); +int pb_protocol_authenticate_len(struct auth_message *msg); int pb_protocol_device_cmp(const struct device *a, const struct device *b); int pb_protocol_boot_option_cmp(const struct boot_option *a, @@ -72,6 +92,8 @@ int pb_protocol_serialise_plugin_option(const struct plugin_option *opt, char *buf, int buf_len); int pb_protocol_serialise_temp_autoboot(const struct autoboot_option *opt, char *buf, int buf_len); +int pb_protocol_serialise_authenticate(struct auth_message *msg, + char *buf, int buf_len); int pb_protocol_write_message(int fd, struct pb_protocol_message *message); @@ -100,6 +122,10 @@ int pb_protocol_deserialise_config(struct config *config, int pb_protocol_deserialise_plugin_option(struct plugin_option *opt, const struct pb_protocol_message *message); + int pb_protocol_deserialise_temp_autoboot(struct autoboot_option *opt, const struct pb_protocol_message *message); + +int pb_protocol_deserialise_authenticate(struct auth_message *msg, + const struct pb_protocol_message *message); #endif /* _PB_PROTOCOL_H */ From patchwork Wed Nov 28 04:20:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004182 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SCb1V29z9s1c for ; Wed, 28 Nov 2018 15:21:47 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="nTJJEGRM"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="gU+EWy76"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SCZ6hr3zDqhs for ; Wed, 28 Nov 2018 15:21:46 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="nTJJEGRM"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="gU+EWy76"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="nTJJEGRM"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="gU+EWy76"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBJ2JtyzDqg4 for ; Wed, 28 Nov 2018 15:20:40 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 57F8C2156E; Tue, 27 Nov 2018 23:20:36 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=HAVK111vlcUProAhI4AWMlT/7nEh3HcBGn1DuCjOTNY=; b=nTJJE GRMgzIDSEqOiQuj429UZNK2Qshi5cNmdpwlaqdl+aIWIOSSY9VDYZNchr4JgCcX5 Kn/q0rVUXqTOzD8Dkf+h+dNxx65IJAwNKJeXaUV4qdk269QKXl8L4DnH1Ik3tmAT X43TOTPmv/RvXkLSugl6NqPQNxdYOhKiHRG0H3EvUYcZJTuP/nGB80tpN0GPJy6q Ru8EkxVMS54luyxb7/zap65j7bSzMh+JYvNOjI7aSvDWHfnQcjnJxk3tBx73le+c wGdESDsvd4baHGEqZw4v5j06Q8OHxWa0B1bFOvA5cwOvJ0cvcs1Y0zS8UlAgU9Ev n7iVow4xnFMhi69oQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=HAVK111vlcUProAhI4AWMlT/7nEh3HcBGn1DuCjOTNY=; b=gU+EWy76 FCJiRCCNgq8WWtsq3zI8MJ6pdlDhRyUsHDxhpw28wDPLV0hEIaW3QvPKera8jcRS 9zHQhWYUEVFWvdpHSptYacLenwJS3XzJsZGjXAfxPzGqOz9OkSzBF3mZfnUJV9mD PExy3iiv7WbABnuuVxaJp2B/k7QzxGM68Wp7kyyuiKAyDYjMZ2joKqFV8g3AIZOq /z/N0nfIjv6pSqY5aX5EsRU5kj72tJa9cwNHQYAkKcPIzIv/Ug5VLi9r/pRplz+l Z2oKDM9+3JlcwAjLY4C5jBdRbKtrH0dkMXWenmoFouA7copXNAOxVNZq0OL5jCLv JKij+PqZQHnIbQ== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id A5372102DD; Tue, 27 Nov 2018 23:20:34 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 07/13] discover/discover-server: Restrict clients based on uid Date: Wed, 28 Nov 2018 15:20:06 +1100 Message-Id: <20181128042012.25916-8-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If crypt support is enabled restrict what actions clients can perform by default. Initial authorisation is set at connection time; clients running as root are unrestricted, anything else runs as restricted until it makes an authentication to pb-discover. Unprivileged clients may only perform the following actions: - Boot the default boot option. - Cancel the autoboot timeout. - Make an authentication request. If a group named "petitgroup" exists then the socket permissions are also modified so that only clients running as root or in that group may connect to the socket. The user-event socket is only usable by root since the two main usecases are by utilities called by pb-discover or by a user in the shell who will need to su to root anyway. Signed-off-by: Samuel Mendoza-Jonas --- discover/discover-server.c | 247 ++++++++++++++++++++++++++++++++++++- discover/discover-server.h | 3 + discover/pb-discover.c | 3 + discover/platform.c | 13 ++ discover/platform.h | 4 + discover/user-event.c | 7 +- 6 files changed, 274 insertions(+), 3 deletions(-) diff --git a/discover/discover-server.c b/discover/discover-server.c index 34d82be8..23d6113e 100644 --- a/discover/discover-server.c +++ b/discover/discover-server.c @@ -1,3 +1,4 @@ +#define _GNU_SOURCE #include #include @@ -10,11 +11,15 @@ #include #include #include +#include +#include #include #include #include #include +#include +#include #include "pb-protocol/pb-protocol.h" #include "list/list.h" @@ -31,6 +36,7 @@ struct discover_server { struct list clients; struct list status; struct device_handler *device_handler; + bool restrict_clients; }; struct client { @@ -39,6 +45,8 @@ struct client { struct waiter *waiter; int fd; bool remote_closed; + bool can_modify; + struct waiter *auth_waiter; }; @@ -65,6 +73,9 @@ static int client_destructor(void *arg) if (client->waiter) waiter_remove(client->waiter); + if (client->auth_waiter) + waiter_remove(client->auth_waiter); + list_remove(&client->list); return 0; @@ -245,11 +256,134 @@ static int write_config_message(struct discover_server *server, return client_write_message(server, client, message); } +static int write_authenticate_message(struct discover_server *server, + struct client *client) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_RESPONSE; + auth_msg.authenticated = client->can_modify; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + return client_write_message(server, client, message); +} + +static int client_auth_timeout(void *arg) +{ + struct client *client = arg; + int rc; + + client->auth_waiter = NULL; + client->can_modify = false; + + rc = write_authenticate_message(client->server, client); + if (rc) + pb_log("failed to send client auth timeout\n"); + + return 0; +} + +static int discover_server_handle_auth_message(struct client *client, + struct auth_message *auth_msg) +{ + struct status *status; + char *hash; + int rc; + + status = talloc_zero(client, struct status); + + switch (auth_msg->op) { + case AUTH_MSG_REQUEST: + if (!crypt_check_password(auth_msg->password)) { + rc = -1; + pb_log("Client failed to authenticate\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Password incorrect")); + } else { + client->can_modify = true; + rc = write_authenticate_message(client->server, + client); + if (client->auth_waiter) + waiter_remove(client->auth_waiter); + client->auth_waiter = waiter_register_timeout( + client->server->waitset, + 300000, /* 5 min */ + client_auth_timeout, client); + pb_log("Client authenticated\n"); + status->type = STATUS_INFO; + status->message = talloc_asprintf(status, + _("Authenticated successfully")); + } + break; + case AUTH_MSG_SET: + if (client->server->restrict_clients) { + if (!crypt_check_password(auth_msg->set_password.password)) { + rc = -1; + pb_log("Wrong password for set request\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Password incorrect")); + break; + } + } + + rc = crypt_set_password(auth_msg, + auth_msg->set_password.new_password); + if (rc) { + pb_log("Failed to set password\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Error setting password")); + } else { + if (!auth_msg->set_password.new_password || + !strlen(auth_msg->set_password.new_password)) { + platform_set_password(""); + discover_server_set_auth_mode(client->server, + false); + pb_log("Password cleared\n"); + } else { + hash = crypt_get_hash(auth_msg); + platform_set_password(hash); + talloc_free(hash); + discover_server_set_auth_mode(client->server, + true); + } + pb_log("System password changed\n"); + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Password updated successfully")); + } + break; + default: + pb_log("%s: unknown op\n", __func__); + rc = -1; + break; + } + + write_boot_status_message(client->server, client, status); + talloc_free(status); + + return rc; +} + static int discover_server_process_message(void *arg) { struct autoboot_option *autoboot_opt; struct pb_protocol_message *message; struct boot_command *boot_command; + struct auth_message *auth_msg; + struct status *status; struct client *client = arg; struct config *config; char *url; @@ -262,6 +396,56 @@ static int discover_server_process_message(void *arg) return 0; } + /* + * If crypt support is enabled, non-authorised clients can only delay + * boot, not configure options or change the default boot option. + */ + if (!client->can_modify) { + switch (message->action) { + case PB_PROTOCOL_ACTION_BOOT: + boot_command = talloc(client, struct boot_command); + + rc = pb_protocol_deserialise_boot_command(boot_command, + message); + if (rc) { + pb_log("%s: no boot command?", __func__); + return 0; + } + + device_handler_boot(client->server->device_handler, + client->can_modify, boot_command); + break; + case PB_PROTOCOL_ACTION_CANCEL_DEFAULT: + device_handler_cancel_default(client->server->device_handler); + break; + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc(client, struct auth_message); + rc = pb_protocol_deserialise_authenticate( + auth_msg, message); + if (rc) { + pb_log("Couldn't parse client's auth request\n"); + break; + } + + rc = discover_server_handle_auth_message(client, + auth_msg); + talloc_free(auth_msg); + break; + default: + pb_log("non-root client tried to perform action %d\n", + message->action); + status = talloc_zero(client, struct status); + if (status) { + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + "Client must run as root to make changes"); + write_boot_status_message(client->server, client, + status); + talloc_free(status); + } + } + return 0; + } switch (message->action) { case PB_PROTOCOL_ACTION_BOOT: @@ -275,7 +459,7 @@ static int discover_server_process_message(void *arg) } device_handler_boot(client->server->device_handler, - boot_command); + client->can_modify, boot_command); break; case PB_PROTOCOL_ACTION_CANCEL_DEFAULT: @@ -327,6 +511,19 @@ static int discover_server_process_message(void *arg) autoboot_opt); break; + /* For AUTH_MSG_SET */ + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc(client, struct auth_message); + rc = pb_protocol_deserialise_authenticate( + auth_msg, message); + if (rc) { + pb_log("Couldn't parse client's auth request\n"); + break; + } + + rc = discover_server_handle_auth_message(client, auth_msg); + talloc_free(auth_msg); + break; default: pb_log_fn("invalid action %d\n", message->action); return 0; @@ -336,12 +533,27 @@ static int discover_server_process_message(void *arg) return 0; } +void discover_server_set_auth_mode(struct discover_server *server, + bool restrict_clients) +{ + struct client *client; + + server->restrict_clients = restrict_clients; + + list_for_each_entry(&server->clients, client, list) { + client->can_modify = !restrict_clients; + write_authenticate_message(server, client); + } +} + static int discover_server_process_connection(void *arg) { struct discover_server *server = arg; struct statuslog_entry *entry; int fd, rc, i, n_devices, n_plugins; struct client *client; + struct ucred ucred; + socklen_t len; /* accept the incoming connection */ fd = accept(server->socket, NULL, NULL); @@ -362,6 +574,30 @@ static int discover_server_process_connection(void *arg) WAIT_IN, discover_server_process_message, client); + /* + * get some info on the connecting process - if the client is being + * run as root allow them to make changes + */ + if (server->restrict_clients) { + len = sizeof(struct ucred); + rc = getsockopt(client->fd, SOL_SOCKET, SO_PEERCRED, &ucred, + &len); + if (rc) { + pb_log("Failed to get socket info - restricting client\n"); + client->can_modify = false; + } else { + pb_log("Client details: pid: %d, uid: %d, egid: %d\n", + ucred.pid, ucred.uid, ucred.gid); + client->can_modify = ucred.uid == 0; + } + } else + client->can_modify = true; + + /* send auth status to client */ + rc = write_authenticate_message(server, client); + if (rc) + return 0; + /* send sysinfo to client */ rc = write_system_info_message(server, client, system_info_get()); if (rc) @@ -508,6 +744,7 @@ struct discover_server *discover_server_init(struct waitset *waitset) { struct discover_server *server; struct sockaddr_un addr; + struct group *group; server = talloc(NULL, struct discover_server); if (!server) @@ -527,7 +764,6 @@ struct discover_server *discover_server_init(struct waitset *waitset) } talloc_set_destructor(server, server_destructor); - addr.sun_family = AF_UNIX; strcpy(addr.sun_path, PB_SOCKET_PATH); @@ -536,6 +772,13 @@ struct discover_server *discover_server_init(struct waitset *waitset) goto out_err; } + /* Allow all clients to communicate on this socket */ + group = getgrnam("petitgroup"); + if (group) { + chown(PB_SOCKET_PATH, 0, group->gr_gid); + chmod(PB_SOCKET_PATH, 0660); + } + if (listen(server->socket, 8)) { pb_log("server socket listen: %s\n", strerror(errno)); goto out_err; diff --git a/discover/discover-server.h b/discover/discover-server.h index 9f3aa627..9722e173 100644 --- a/discover/discover-server.h +++ b/discover/discover-server.h @@ -20,6 +20,9 @@ void discover_server_destroy(struct discover_server *server); void discover_server_set_device_source(struct discover_server *server, struct device_handler *handler); +void discover_server_set_auth_mode(struct discover_server *server, + bool restrict_clients); + void discover_server_notify_device_add(struct discover_server *server, struct device *device); void discover_server_notify_boot_option_add(struct discover_server *server, diff --git a/discover/pb-discover.c b/discover/pb-discover.c index c494eeb3..e2b36dd4 100644 --- a/discover/pb-discover.c +++ b/discover/pb-discover.c @@ -189,6 +189,9 @@ int main(int argc, char *argv[]) if (config_get()->debug) pb_log_set_debug(true); + if (platform_restrict_clients()) + discover_server_set_auth_mode(server, true); + system_info_init(server); handler = device_handler_init(server, waitset, opts.dry_run == opt_yes); diff --git a/discover/platform.c b/discover/platform.c index 237da3a9..7712ef14 100644 --- a/discover/platform.c +++ b/discover/platform.c @@ -213,6 +213,19 @@ int platform_get_sysinfo(struct system_info *info) return -1; } +bool platform_restrict_clients(){ + if (platform && platform->restrict_clients) + return platform->restrict_clients(platform); + return false; +} + +int platform_set_password(const char *hash) +{ + if (platform && platform->set_password) + return platform->set_password(platform, hash); + return -1; +} + int config_set(struct config *newconfig) { int rc; diff --git a/discover/platform.h b/discover/platform.h index 29405626..f7d3d1c4 100644 --- a/discover/platform.h +++ b/discover/platform.h @@ -12,6 +12,8 @@ struct platform { void (*pre_boot)(struct platform *, const struct config *); int (*get_sysinfo)(struct platform *, struct system_info *); + bool (*restrict_clients)(struct platform *); + int (*set_password)(struct platform *, const char *hash); uint16_t dhcp_arch_id; void *platform_data; }; @@ -20,6 +22,8 @@ int platform_init(void *ctx); int platform_fini(void); const struct platform *platform_get(void); int platform_get_sysinfo(struct system_info *info); +bool platform_restrict_clients(void); +int platform_set_password(const char *hash); void platform_pre_boot(void); /* configuration interface */ diff --git a/discover/user-event.c b/discover/user-event.c index 734f77b3..d3d4a5e8 100644 --- a/discover/user-event.c +++ b/discover/user-event.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -507,7 +508,7 @@ static int user_event_boot(struct user_event *uev, struct event *event) cmd->boot_args = talloc_strdup(cmd, event_get_param(event, "args")); } - device_handler_boot(handler, cmd); + device_handler_boot(handler, false, cmd); talloc_free(cmd); @@ -749,6 +750,10 @@ struct user_event *user_event_init(struct device_handler *handler, strerror(errno)); } + /* Don't allow events from non-priviledged users */ + chown(PBOOT_USER_EVENT_SOCKET, 0, 0); + chmod(PBOOT_USER_EVENT_SOCKET, 0660); + waiter_register_io(waitset, uev->socket, WAIT_IN, user_event_process, uev); From patchwork Wed Nov 28 04:20:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004183 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SCl3Qtqz9s1c for ; Wed, 28 Nov 2018 15:21:55 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="mJZFJxPP"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BrPbB/1o"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SCl1hFgzDqgS for ; Wed, 28 Nov 2018 15:21:55 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="mJZFJxPP"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BrPbB/1o"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="mJZFJxPP"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BrPbB/1o"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBJ1rG5zDqfV for ; Wed, 28 Nov 2018 15:20:40 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id E1F702250C; Tue, 27 Nov 2018 23:20:37 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=2pQOGVOLSBxdlvXDGx+gCW2tetmkMLJd0f71A6vm0Vo=; b=mJZFJ xPPOhG8tpAqdkrnuaqSupnGbOxJ0QuyotvfuZCrY13xfNgC5t0YFdte+BRVmJKlr l/MzEuEutY2V7+rAz6b9fKT+2bX/3YyIYG50HrxEWP2OHE7BsqPsSQ3kvYTZ+WKR yA25JrOi+sJTUsSPEiJR3H+IjyyivuuAcw+A7I7xKbBu15q1TODF0C8YiZHJj78/ DAnHT67V4pvkDkcN6fUt58ny4EXY0+JEwKLvdpVbeuEai8jkuFQAt4Brc4T9rpps b4Re2oM6Pnv/YFhLpKCqEIJx/MIIaG7Ey3oNREGyMwEMBEBUbr319kkFJZLcjt7j yaL5Qsc1snBEiAG3w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=2pQOGVOLSBxdlvXDGx+gCW2tetmkMLJd0f71A6vm0Vo=; b=BrPbB/1o AbMCdO39Xc3ba5rGdiMrVZMetBiVQEc4YuNI6pS+2Q7SWzx2WmJ9zDyVnm5OXCXr p7Xy+lpGJ1vCeF8H0YG1wJNZBBuW2AdycK1qOKSi/xaz+y2b7tXIY/x+gIEzwFLv XIBgPnVBpwIbV6IAaqSsUeyYueuje3Wyy9y0L+97/rAB41mLDN7XkWhPuAcsw9Lg kHfJ6sHbjkv5DyIp1Jckszl+0DolpuWqtI9a5uDkvJ16w4zTapaE++bnaF3pA/qA gktcXgvCRZUM/+3AZwbK1ds3pEhQNB+54PDCz997hVm9KpLZ7b1pvQhphlkNJqiA cv/9JJLRYzS6Pw== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 7811C102DD; Tue, 27 Nov 2018 23:20:36 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 08/13] discover/device-handler: Prevent normal users changing boot target Date: Wed, 28 Nov 2018 15:20:07 +1100 Message-Id: <20181128042012.25916-9-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Signed-off-by: Samuel Mendoza-Jonas --- discover/device-handler.c | 14 +++++++++++++- discover/device-handler.h | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/discover/device-handler.c b/discover/device-handler.c index 271b9880..3c7943e1 100644 --- a/discover/device-handler.c +++ b/discover/device-handler.c @@ -81,6 +81,7 @@ struct device_handler { struct autoboot_option *temp_autoboot; struct discover_boot_option *default_boot_option; + struct discover_boot_option *last_boot_option; int default_boot_option_priority; struct list unresolved_boot_options; @@ -756,6 +757,8 @@ static int default_timeout(void *arg) opt = handler->default_boot_option; + handler->last_boot_option = opt; + if (handler->sec_to_boot) { countdown_status(handler, opt, handler->sec_to_boot); handler->sec_to_boot--; @@ -1453,13 +1456,22 @@ static struct discover_boot_option *find_boot_option_by_id( } void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd) + bool change_default, struct boot_command *cmd) { struct discover_boot_option *opt = NULL; if (cmd->option_id && strlen(cmd->option_id)) opt = find_boot_option_by_id(handler, cmd->option_id); + /* Don't allow a normal client to change the default */ + if (!change_default && handler->last_boot_option && + opt != handler->last_boot_option) { + pb_log("Non-root user tried to change boot option\n"); + device_handler_status_err(handler, + "Must be root to change default boot option\n"); + return; + } + if (handler->pending_boot) boot_cancel(handler->pending_boot); diff --git a/discover/device-handler.h b/discover/device-handler.h index 9696ec06..9619a2df 100644 --- a/discover/device-handler.h +++ b/discover/device-handler.h @@ -161,7 +161,7 @@ struct discover_boot_option *device_handler_find_option_by_name( struct device_handler *handler, const char *device, const char *name); void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd); + bool change_default, struct boot_command *cmd); void device_handler_cancel_default(struct device_handler *handler); void device_handler_update_config(struct device_handler *handler, struct config *config); From patchwork Wed Nov 28 04:20:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004185 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SD437hTz9s1c for ; Wed, 28 Nov 2018 15:22:12 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="c4f5pM/7"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="COMVOhPQ"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SD41Pc9zDqgr for ; Wed, 28 Nov 2018 15:22:12 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="c4f5pM/7"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="COMVOhPQ"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="c4f5pM/7"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="COMVOhPQ"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBK5VqgzDqfV for ; Wed, 28 Nov 2018 15:20:41 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 80C6222A45; Tue, 27 Nov 2018 23:20:39 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=dbHeTJpPwCU+mGqZZopGN7V0t+omY5UgwdK5IObsSQE=; b=c4f5p M/7J9U6QOQZ5/Ki6W81uuVSQ2YanjoEioW7ffUteRlBt+fhAPUho1o+R563m0qmI BXKK3Oh8i0+Ixy0xGDAEMb0bjOEXKj2rDY/BXhUHNRFeb7Xk8uIB8u2aPbN5kHE7 f2CD2g7/NmIWsU/mWbv5aN46a1oGbW+Ud7h+4MnX3yuMljSa2Hfd38OQdFmzIPQL 1AGmzJVxjwni2adlSKXLrgeZ8H9XIku9J8JmQYPgZBSr/WNFddK3i7ERCvtizUAj taE7rh37Zt95rAFd/s7qTFsmI9z9bMiyDogeedmEpmiwQsfHTchAOmFfc5NFiO62 wez5CZB4XzKneesIA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=dbHeTJpPwCU+mGqZZopGN7V0t+omY5UgwdK5IObsSQE=; b=COMVOhPQ abQkXenA2TA5b7iy/nACeB+BJNWzj4zRcJuEjpIrYI5VFVO09o9M966KCuzs0J+Y GwO7h3+k7MwvKrTx9MFFmZMwosfY7u7hZZVaqn/upJAdu4yRAwk9PXMh/cLSSOx+ QdB1BbFIntlZtcttFFIDV38E0MHwg/UFzMdO6/WzJcP0c4S9aZeJIm6ZRD5p/nOD xeyXFGUrotzuGOWmbkzlw3dZkSqAxpPu1tNMDaQEzPWszWQ/d7976aL2Jenwd8wo +DsobV9nFON3534N2k5D2W3AhowvS35OJmYssbzWzZl+cd/NI5rYj/C9dSUHvGen 2azxBQgEn8f25w== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 0CCAA102DD; Tue, 27 Nov 2018 23:20:37 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 09/13] discover/platform-powerpc: Read and write password hash from NVRAM Date: Wed, 28 Nov 2018 15:20:08 +1100 Message-Id: <20181128042012.25916-10-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" If petitboot,password exists set it as the root password. This will be the password used to authenticate clients. This is the *hash* of a password as it would appear in /etc/shadow, not the password itself. Signed-off-by: Samuel Mendoza-Jonas --- discover/platform-powerpc.c | 29 +++++++++++++++++++++++++++++ lib/param_list/param_list.c | 1 + 2 files changed, 30 insertions(+) diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c index f8f33054..e9972399 100644 --- a/discover/platform-powerpc.c +++ b/discover/platform-powerpc.c @@ -14,6 +14,7 @@ #include #include #include +#include #include "hostboot.h" #include "platform.h" @@ -599,6 +600,7 @@ err: static int load_config(struct platform *p, struct config *config) { struct platform_powerpc *platform = to_platform_powerpc(p); + const char *hash; int rc; rc = parse_nvram(platform); @@ -623,6 +625,14 @@ static int load_config(struct platform *p, struct config *config) config_get_active_consoles(config); + + hash = param_list_get_value(platform->params, "petitboot,password"); + if (hash) { + rc = crypt_set_password_hash(platform, hash); + if (rc) + pb_log("Failed to set password hash\n"); + } + return 0; } @@ -690,6 +700,23 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo) return 0; } +static bool restrict_clients(struct platform *p) +{ + struct platform_powerpc *platform = to_platform_powerpc(p); + + return param_list_get_value(platform->params, "petitboot,password") != NULL; +} + +static int set_password(struct platform *p, const char *hash) +{ + struct platform_powerpc *platform = to_platform_powerpc(p); + + param_list_set(platform->params, "petitboot,password", hash, true); + write_nvram(platform); + + return 0; +} + static bool probe(struct platform *p, void *ctx) { struct platform_powerpc *platform; @@ -743,6 +770,8 @@ static struct platform platform_powerpc = { .save_config = save_config, .pre_boot = pre_boot, .get_sysinfo = get_sysinfo, + .restrict_clients = restrict_clients, + .set_password = set_password, }; register_platform(platform_powerpc); diff --git a/lib/param_list/param_list.c b/lib/param_list/param_list.c index b3a45f8b..9a01be6c 100644 --- a/lib/param_list/param_list.c +++ b/lib/param_list/param_list.c @@ -22,6 +22,7 @@ const char **common_known_params(void) "petitboot,console", "petitboot,http_proxy", "petitboot,https_proxy", + "petitboot,password", NULL, }; From patchwork Wed Nov 28 04:20:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004186 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SDF2MNlz9s1c for ; Wed, 28 Nov 2018 15:22:21 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="RZo8jHCm"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="eAs3q7QZ"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SDF0d0MzDqgL for ; Wed, 28 Nov 2018 15:22:21 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="RZo8jHCm"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="eAs3q7QZ"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="RZo8jHCm"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="eAs3q7QZ"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBM1gfDzDqfV for ; Wed, 28 Nov 2018 15:20:43 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id D66342096B; Tue, 27 Nov 2018 23:20:40 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=AIjKOZaEJGltBrbtvECq7EbwN4LXYJUyi1wPSGhdqjk=; b=RZo8j HCmeznvABS3vbCNxQIYxSsMn/iqI3Os2nRiNuS41Sq/lI9uxMVMGCRvl3w9XG+45 P7y7+tySpDSfgOkBTpTrKo4nFMO7BgKdIgGEBUtWMaySrZ2foPl0NBE+0HXUnRnz d736MNYh+mclDNtjO2gbiAhGVsEVErcLmfVbhE5dJL5f6oM7JOtuVH9jK5UIzkVr oDojzkScBC9O/tWVlDW1msYBxpxNg2P10RdC6N2nAM8mV9/flj8CF5hl+yRHHZ6V SDnx7+UFbOtb4RyZY3ozDN07FGMAUHcZ3ryQbmtc47PY59TCljD2ubJ2kNHDi4gD fDau8nVMIeJ7iC4lA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=AIjKOZaEJGltBrbtvECq7EbwN4LXYJUyi1wPSGhdqjk=; b=eAs3q7QZ qs0YrWQ/GTheRC0MEaU/gjxY6Nu7eUFadGbsr4v70Kc81WV9HMSyH7q1i4C3SHp2 +IgqfBrD8YzguHwVPOG391aaeombma3Xy5shJL/zYar2IEykAZbdcyU4qeCDGVQW alydfhezPnR+EIW6lNM20vB4zFFcsV66sdMdUxtkAoo3Lc8Q6grVG76Wp0uB3HFr Lk//ZAUl47pA3IMD1/0vpGU5vMz5Pds2yd81rg3KjJH+E+4zlI3BXH3LGUQMnzG7 b6t9QRHcbc+V+epKwkieyFn4HCoJBruRsOKUUbFWxoZGwSkLxDg9eZdt9VkGQfgq l5sDQmhEU17qBA== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 93CEF102DD; Tue, 27 Nov 2018 23:20:39 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 10/13] ui/ncurses: Simplify starting shell Date: Wed, 28 Nov 2018 15:20:09 +1100 Message-Id: <20181128042012.25916-11-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Instead of calling sh twice to echo the 'exiting' message just call sh by itself and leave any welcome message to the shell's interactive config. Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear() will blank out the screen anyway. Signed-off-by: Samuel Mendoza-Jonas --- ui/ncurses/nc-cui.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 8ad89553..3c754546 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -206,31 +206,17 @@ void cui_resize(struct cui *cui) void cui_on_exit(struct pmenu *menu) { struct cui *cui = cui_from_pmenu(menu); - char *sh_cmd; cui_cancel_autoboot_on_exit(cui); - sh_cmd = talloc_asprintf(cui, - "echo \"Exiting petitboot. Type 'exit' to return.\";\ - echo \"You may run 'pb-sos' to gather diagnostic data\";\ - %s", pb_system_apps.sh); - - if (!sh_cmd) { - pb_log("Failed to allocate shell arguments\n"); - return; - } - const char *argv[] = { pb_system_apps.sh, - "-c", - sh_cmd, NULL }; cui_run_cmd(cui, argv); nc_scr_status_printf(cui->current, _("Returned from shell")); - talloc_free(sh_cmd); } /** @@ -263,11 +249,9 @@ int cui_run_cmd(struct cui *cui, const char **cmd_argv) nc_scr_status_printf(cui->current, _("Running %s..."), cmd_argv[0]); - nc_scr_unpost(cui->current); + def_prog_mode(); clear(); refresh(); - - def_prog_mode(); endwin(); result = process_run_sync(process); From patchwork Wed Nov 28 04:20:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004187 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SDQ1Qlpz9s1c for ; Wed, 28 Nov 2018 15:22:30 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="td7PFyvu"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s/jxgPCI"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SDP6LxdzDqhD for ; Wed, 28 Nov 2018 15:22:29 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="td7PFyvu"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s/jxgPCI"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="td7PFyvu"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="s/jxgPCI"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBN5t85zDqgs for ; Wed, 28 Nov 2018 15:20:44 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 8F7D92234B; Tue, 27 Nov 2018 23:20:42 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=oz0GLpEFYNRb/Fk5sHaZr35g1L/lmJ6hB1bZxCz+4yA=; b=td7PF yvuinVOp/i+luZCAp6UyYHUtgm/KuCkP6ppDzZ6ccV8vPjmdvoqwJ7wMA46Dz64B SUEhl0bbjDW4HT1f2SfPW5thXnbIT+qy5pG1NcxTbYGjHGnMuHj+WfZVhjs9StpO Uszqa/tqkvp99LS2v8nYCDUxQKCo1fubgpjkbseWmqbipIJ74rOZdlhNettJHISs QIxEpl8UgZagK197+TFOmRdyDSq4fCaAV68AwlGOLFnH6m05zqxAXD1I7fJPrWv2 tuFkhilL0yONUGNMDTL8qQfwqJjIBvdM2dk389wpEE/U1XIqrFcPt9eoVFGhtMn8 o/BD+8V4z7oROxspQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=oz0GLpEFYNRb/Fk5sHaZr35g1L/lmJ6hB1bZxCz+4yA=; b=s/jxgPCI umsI97Pbg5dlfgD4pcpiUsMYL/n/QZ77dxvjBkJokU578IrJefaNDconQSKB52h6 5EFI0MieKzcXTM5NpvrA+plWP8vZAt28PBWC86kQ1ATw3qvQCAC+RyZ6EcMJUJeU K4jm9Qs2T+wOkJecoJGF23DXoLstZ75l/aAaJmUcf5GQHSAbulyGfiXR3L3OoKSa eY718TlW2BTNUSWsSfETY88vmw6Z1OQ9X83h15eOBDou0pbvB5SCzAxRbsIsGlc2 MbGf4XHks8ODgfM7ckk30L3NVnlamld84pAkG8fJGMN00u85rHWO3Brb/6bioo8y OaAL3g5Qzmkohg== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 29B00102DD; Tue, 27 Nov 2018 23:20:40 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 11/13] ui/common: Client authentication helpers Date: Wed, 28 Nov 2018 15:20:10 +1100 Message-Id: <20181128042012.25916-12-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Track the client's authentication status and provide methods for the client to send authentication requests to the server. Signed-off-by: Samuel Mendoza-Jonas --- ui/common/discover-client.c | 81 +++++++++++++++++++++++++++++++++++++ ui/common/discover-client.h | 12 ++++++ 2 files changed, 93 insertions(+) diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index d9414976..e7dfb831 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -1,4 +1,8 @@ +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + #include #include #include @@ -22,6 +26,7 @@ struct discover_client { struct discover_client_ops ops; int n_devices; struct device **devices; + bool authenticated; }; static int discover_client_destructor(void *arg) @@ -171,6 +176,7 @@ static int discover_client_process(void *arg) { struct discover_client *client = arg; struct pb_protocol_message *message; + struct auth_message *auth_msg; struct plugin_option *p_opt; struct system_info *sysinfo; struct boot_option *opt; @@ -266,6 +272,20 @@ static int discover_client_process(void *arg) case PB_PROTOCOL_ACTION_PLUGINS_REMOVE: plugins_remove(client); break; + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc_zero(ctx, struct auth_message); + + rc = pb_protocol_deserialise_authenticate(auth_msg, message); + if (rc || auth_msg->op != AUTH_MSG_RESPONSE) { + pb_log("%s: invalid auth message? (%d)\n", + __func__, rc); + goto out; + } + + pb_log("Client %sauthenticated by server\n", + client->authenticated ? "" : "un"); + client->authenticated = auth_msg->authenticated; + break; default: pb_log_fn("unknown action %d\n", message->action); } @@ -311,6 +331,13 @@ struct discover_client* discover_client_init(struct waitset *waitset, waiter_register_io(waitset, client->fd, WAIT_IN, discover_client_process, client); + /* Assume this client can't make changes if crypt support is enabled */ +#ifdef CRYPT_SUPPORT + client->authenticated = false; +#else + client->authenticated = true; +#endif + return client; out_err: @@ -333,6 +360,11 @@ struct device *discover_client_get_device(struct discover_client *client, return client->devices[index]; } +bool discover_client_authenticated(struct discover_client *client) +{ + return client->authenticated; +} + static void create_boot_command(struct boot_command *command, const struct device *device __attribute__((unused)), const struct boot_option *boot_option, @@ -471,3 +503,52 @@ int discover_client_send_temp_autoboot(struct discover_client *client, return pb_protocol_write_message(client->fd, message); } + +int discover_client_send_authenticate(struct discover_client *client, + char *password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_REQUEST; + auth_msg.password = password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} + +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_SET; + auth_msg.set_password.password = password; + auth_msg.set_password.new_password = new_password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 2a2ea288..9b56dcb7 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -71,6 +71,12 @@ int discover_client_device_count(struct discover_client *client); struct device *discover_client_get_device(struct discover_client *client, int index); +/** + * Get the client's authentication status. This is only useful if Petitboot + * has been built with crypt support. + */ +bool discover_client_authenticated(struct discover_client *client); + /* Tell the discover server to boot an image * @param client A pointer to the discover client * @param boot_command The command to boot @@ -101,6 +107,12 @@ int discover_client_send_url(struct discover_client *client, char *url); /* Send plugin file path to discover server to install */ int discover_client_send_plugin_install(struct discover_client *client, char *file); +/* Authenticate with pb-discover to allow modification */ +int discover_client_send_authenticate(struct discover_client *client, + char *password); +/* Set a new system password, authenticating with the current password */ +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password); /* send a temporary autoboot override */ int discover_client_send_temp_autoboot(struct discover_client *client, From patchwork Wed Nov 28 04:20:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004189 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SDb2lCWz9s1c for ; Wed, 28 Nov 2018 15:22:39 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="LG0BbfsF"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="L0IVqfId"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SDb12qVzDqC0 for ; Wed, 28 Nov 2018 15:22:39 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="LG0BbfsF"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="L0IVqfId"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="LG0BbfsF"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="L0IVqfId"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBR0gqwzDqgs for ; Wed, 28 Nov 2018 15:20:47 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 91FD62096B; Tue, 27 Nov 2018 23:20:44 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=BUZ+IMInFzyiSohDsKjQrujYFjwQnfo99aVkq/0JjZw=; b=LG0Bb fsFTGPP03bOjIKB6G7sot+89PVqz1aW+lpCKmvU2b/BjQIFeqvUoKUSicnof5fyb YUY+UBeT9H/2NMR5LwzE5s7zdUXmHEaIxbY4vwmwk8tbUznNR38oQf0Mcr9tHTpi Mw/Em7JGnDDXWMQdqqHsfPzhjRq9AtgqHSRtOSnW//ziGjTQdO29NqyjDknoBk6M 8jb1EW1Ii1aqiPt9JBxCFzZoBSexEiZnd4eM0jr44HBHxqWGCpH8FU8PBHi23MXK cVPlxiVkZZV7F56jMkOPsFIn+vdz65IKoKCyZSpo2Q+QL/7rqMSzidesJVgisI3P ZRRMyzB47hq0VC56A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=BUZ+IMInFzyiSohDsKjQrujYFjwQnfo99aVkq/0JjZw=; b=L0IVqfId h73OI2GG4oRgfVyZ4IATCPZqVjlN2VOBQ95D+TdNHm/W+P746tMCVXLLLyMxEPBN aBVx7FxFr+i1+DQ98Dwy1dLrLh7pte9yp7xXgas1QXg55vau+AjqIzn0mFXpHtih U/xvA/W5BfREor4S+zyueWZgJ8s/UNLQEeLZMC9YpS67lIxI8rFT2KQ54DgK8T9t AbilA5KihffYseuHQUC0GqFzojVb9WKp1YpdOKbSGGOc+9hXhJTteRNmnLMjn/br xXoEK119KXxzL/mARD1CRoNrWKXm0t+YK95w8ySj8AzHaAjuDwEnEjokr1BjZzbx R1Z+KQLnNfvrhg== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id B7C99102DD; Tue, 27 Nov 2018 23:20:42 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 12/13] ui/ncurses: Add nc-auth and authenticate when required. Date: Wed, 28 Nov 2018 15:20:11 +1100 Message-Id: <20181128042012.25916-13-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" When the user tries to perform actions that require authentication a new subscreen 'nc-auth' is launched which accepts a password and will send an authentication request before performing the action. This also adds a button in nc-config which launches an nc-auth screen allowing the user to set or change the system password. Signed-off-by: Samuel Mendoza-Jonas --- ui/ncurses/Makefile.am | 4 +- ui/ncurses/nc-add-url.c | 63 ++++++--- ui/ncurses/nc-auth.c | 299 ++++++++++++++++++++++++++++++++++++++++ ui/ncurses/nc-auth.h | 33 +++++ ui/ncurses/nc-config.c | 64 +++++++-- ui/ncurses/nc-cui.c | 151 +++++++++++++++++++- ui/ncurses/nc-cui.h | 6 + ui/ncurses/nc-lang.c | 127 +++++++++++------ ui/ncurses/nc-plugin.c | 44 +++--- ui/ncurses/nc-plugin.h | 2 - ui/ncurses/nc-scr.h | 1 + ui/ncurses/nc-widgets.c | 12 +- ui/ncurses/nc-widgets.h | 3 + 13 files changed, 704 insertions(+), 105 deletions(-) create mode 100644 ui/ncurses/nc-auth.c create mode 100644 ui/ncurses/nc-auth.h diff --git a/ui/ncurses/Makefile.am b/ui/ncurses/Makefile.am index b791b9dc..cd525dfe 100644 --- a/ui/ncurses/Makefile.am +++ b/ui/ncurses/Makefile.am @@ -57,7 +57,9 @@ ui_ncurses_libpbnc_la_SOURCES = \ ui/ncurses/nc-plugin.c \ ui/ncurses/nc-plugin.h \ ui/ncurses/nc-plugin-help.c \ - ui/ncurses/nc-plugin-menu-help.c + ui/ncurses/nc-plugin-menu-help.c \ + ui/ncurses/nc-auth.c \ + ui/ncurses/nc-auth.h sbin_PROGRAMS += ui/ncurses/petitboot-nc diff --git a/ui/ncurses/nc-add-url.c b/ui/ncurses/nc-add-url.c index 4abca38a..33f502da 100644 --- a/ui/ncurses/nc-add-url.c +++ b/ui/ncurses/nc-add-url.c @@ -28,6 +28,7 @@ #include #include +#include "ui/common/discover-client.h" #include "nc-cui.h" #include "nc-add-url.h" #include "nc-widgets.h" @@ -111,14 +112,37 @@ static void add_url_screen_process_key(struct nc_scr *scr, int key) cui_show_help(screen->cui, _("Retrieve Config"), &add_url_help_text); - } else if (handled) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } +static int screen_process_form(struct add_url_screen *screen) +{ + char *url; + int rc; + + url = widget_textbox_get_value(screen->widgets.url_f); + if (!url || !strlen(url)) + return 0; + + /* Once we have all the info we need, tell the server */ + rc = cui_send_url(screen->cui, url); + + if (rc) + pb_log("cui_send_retreive failed!\n"); + else + pb_debug("add_url url sent!\n"); + return 0; +} + static int add_url_screen_post(struct nc_scr *scr) { struct add_url_screen *screen = add_url_screen_from_scr(scr); + + if (screen->exit) + screen->on_exit(screen->cui); + widgetset_post(screen->widgetset); nc_scr_frame_draw(scr); if (screen->need_redraw) { @@ -142,34 +166,29 @@ struct nc_scr *add_url_screen_scr(struct add_url_screen *screen) return &screen->scr; } -static int screen_process_form(struct add_url_screen *screen) +static void add_url_process_cb(struct nc_scr *scr) { - char *url; - int rc; - - url = widget_textbox_get_value(screen->widgets.url_f); - if (!url || !strlen(url)) - return 0; - - /* Once we have all the info we need, tell the server */ - rc = cui_send_url(screen->cui, url); + struct add_url_screen *screen = add_url_screen_from_scr(scr); - if (rc) - pb_log("cui_send_retreive failed!\n"); - else - pb_debug("add_url url sent!\n"); - return 0; + if (!screen_process_form(screen)) + screen->exit = true; } static void ok_click(void *arg) { struct add_url_screen *screen = arg; - if (screen_process_form(screen)) - /* errors are written to the status line, so we'll need - * to refresh */ - wrefresh(screen->scr.main_ncw); - else - screen->exit = true; + + if (discover_client_authenticated(screen->cui->client)) { + if (screen_process_form(screen)) + /* errors are written to the status line, so we'll need + * to refresh */ + wrefresh(screen->scr.main_ncw); + else + screen->exit = true; + } else { + cui_show_auth(screen->cui, screen->scr.main_ncw, false, + add_url_process_cb); + } } static void help_click(void *arg) diff --git a/ui/ncurses/nc-auth.c b/ui/ncurses/nc-auth.c new file mode 100644 index 00000000..5bfda8b4 --- /dev/null +++ b/ui/ncurses/nc-auth.c @@ -0,0 +1,299 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + +#include +#include +#include + +#include +#include +#include +#include + +#include "nc-cui.h" +#include "nc-widgets.h" +#include "nc-auth.h" + +#define N_FIELDS 5 + +struct auth_screen { + struct nc_scr scr; + struct cui *cui; + struct nc_scr *return_scr; + struct nc_widgetset *widgetset; + void (*process_key)(struct nc_scr *, int); + + bool set_password; + void (*callback)(struct nc_scr *); + int offset_y; + int label_x; + int field_x; + + bool exit; + void (*on_exit)(struct cui *); + + struct { + struct nc_widget_label *title_a_l; + struct nc_widget_label *title_b_l; + struct nc_widget_textbox *password_f; + struct nc_widget_label *new_l; + struct nc_widget_textbox *new_f; + struct nc_widget_button *ok_b; + struct nc_widget_button *cancel_b; + } widgets; +}; + +struct nc_scr *auth_screen_return_scr(struct auth_screen *screen) +{ + return screen->return_scr; +} + +struct nc_scr *auth_screen_scr(struct auth_screen *screen) +{ + return &screen->scr; +} + +static struct auth_screen *auth_screen_from_scr(struct nc_scr *scr) +{ + struct auth_screen *auth_screen; + + assert(scr->sig == pb_auth_screen_sig); + auth_screen = (struct auth_screen *) + ((char *)scr - (size_t)&((struct auth_screen *)0)->scr); + assert(auth_screen->scr.sig == pb_auth_screen_sig); + return auth_screen; +} + +static void auth_screen_process_key(struct nc_scr *scr, int key) +{ + struct auth_screen *screen = auth_screen_from_scr(scr); + bool handled; + + handled = widgetset_process_key(screen->widgetset, key); + + if (!handled) { + switch (key) { + case 'x': + case 27: /* esc */ + screen->exit = true; + break; + } + } + + if (screen->exit) + screen->on_exit(screen->cui); + else if (handled) + wrefresh(screen->scr.sub_ncw); +} + +static void auth_screen_frame_draw(struct nc_scr *scr) +{ + int y, x; + + getmaxyx(scr->sub_ncw, y, x); + + mvwhline(scr->sub_ncw, 0, 0, ACS_HLINE, x); + mvwhline(scr->sub_ncw, y - 1, 0, ACS_HLINE, x); + + mvwvline(scr->sub_ncw, 0, 0, ACS_VLINE, y); + mvwvline(scr->sub_ncw, 0, x - 1, ACS_VLINE, y); +} + +static int auth_screen_post(struct nc_scr *scr) +{ + struct auth_screen *screen = auth_screen_from_scr(scr); + widgetset_post(screen->widgetset); + auth_screen_frame_draw(scr); + wrefresh(scr->sub_ncw); + return 0; +} + +static int auth_screen_unpost(struct nc_scr *scr) +{ + struct auth_screen *screen = auth_screen_from_scr(scr); + widgetset_unpost(screen->widgetset); + return 0; +} + +static void ok_click(void *arg) +{ + struct auth_screen *screen = arg; + char *password, *new_password; + int rc; + + + password = widget_textbox_get_value(screen->widgets.password_f); + if (screen->set_password) { + new_password = widget_textbox_get_value(screen->widgets.new_f); + rc = cui_send_set_password(screen->cui, password, new_password); + } else + rc = cui_send_authenticate(screen->cui, password); + + if (rc) + pb_log("Failed to send authenticate action\n"); + else if (screen->callback) + screen->callback(screen->return_scr); + + screen->exit = true; +} + +static void cancel_click(void *arg) +{ + struct auth_screen *screen = arg; + screen->exit = true; +} + +static void auth_screen_layout_widgets(struct auth_screen *screen) +{ + int y = 1; + + widget_move(widget_label_base(screen->widgets.title_a_l), + y++, screen->label_x); + widget_move(widget_label_base(screen->widgets.title_b_l), + y++, screen->label_x); + + y += 1; + + widget_move(widget_textbox_base(screen->widgets.password_f), + y++, screen->field_x); + + y += 1; + + if (screen->set_password) { + widget_move(widget_label_base(screen->widgets.new_l), + y++, screen->label_x); + widget_move(widget_textbox_base(screen->widgets.new_f), + y++, screen->field_x); + y += 1; + } + + widget_move(widget_button_base(screen->widgets.ok_b), + y, 10); + widget_move(widget_button_base(screen->widgets.cancel_b), + y, 30); +} + +static void auth_screen_draw(struct auth_screen *screen) +{ + struct nc_widgetset *set; + + set = widgetset_create(screen, screen->scr.main_ncw, + screen->scr.sub_ncw); + if (!set) { + pb_log("%s: failed to create widgetset\n", __func__); + return; + } + screen->widgetset = set; + + screen->widgets.title_a_l = widget_new_label(set, 0, 0, + _("This action requires authorisation.")); + screen->widgets.title_b_l = widget_new_label(set, 0, 0, + _("Please enter the system password.")); + + screen->widgets.password_f = widget_new_textbox_hidden(set, 0, 0, + COLS - 20 - 20, "", true); + + if (screen->set_password) { + screen->widgets.new_l = widget_new_label(set, 0, 0, + _("New password:")); + screen->widgets.new_f = widget_new_textbox_hidden(set, 0, 0, + COLS - 20 - 20, "", true); + } + + screen->widgets.ok_b = widget_new_button(set, 0, 0, 10, _("OK"), + ok_click, screen); + screen->widgets.cancel_b = widget_new_button(set, 0, 0, 10, _("Cancel"), + cancel_click, screen); + + auth_screen_layout_widgets(screen); +} + +static int auth_screen_destroy(void *arg) +{ + struct auth_screen *screen = arg; + if (screen->scr.sub_ncw) + delwin(screen->scr.sub_ncw); + return 0; +} + +struct auth_screen *auth_screen_init(struct cui *cui, + WINDOW *parent, bool set_password, + void (*callback)(struct nc_scr *), + void (*on_exit)(struct cui *)) +{ + struct auth_screen *screen = NULL; + struct nc_scr *scr; + int y, x; + + if (!cui || !parent) + return NULL; + + screen = talloc_zero(cui, struct auth_screen); + if (!screen) + return NULL; + talloc_set_destructor(screen, auth_screen_destroy); + + screen->cui = cui; + screen->return_scr = cui->current; + screen->set_password = set_password; + screen->callback = callback; + screen->on_exit = on_exit; + screen->label_x = 5; + screen->field_x = 10; + + /* + * Manually init our nc_scr: we only want to create the subwin and + * 'inherit' the parent window. + */ + scr = &screen->scr; + scr->sig = pb_auth_screen_sig; + scr->ui_ctx = cui; + scr->process_key = auth_screen_process_key; + scr->post = auth_screen_post; + scr->unpost = auth_screen_unpost; + scr->resize = NULL; + + + getbegyx(parent, y, x); + /* Hold on to the real offset from the top of the screen */ + screen->offset_y = y + 5; + (void)x; + + scr->main_ncw = parent; + scr->sub_ncw = derwin(parent, set_password ? 15 : 10, COLS - 20, + 5, 10); /* relative to parent origin */ + if (!scr->sub_ncw) { + pb_log("Could not create subwin\n"); + goto err; + } + + auth_screen_draw(screen); + + return screen; +err: + pb_log("failed to create auth screen\n"); + if (screen) { + if (screen->scr.sub_ncw) + delwin(screen->scr.sub_ncw); + talloc_free(screen); + } + return NULL; +} diff --git a/ui/ncurses/nc-auth.h b/ui/ncurses/nc-auth.h new file mode 100644 index 00000000..e8e41482 --- /dev/null +++ b/ui/ncurses/nc-auth.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2018 IBM Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef _NC_AUTH_H +#define _NC_AUTH_H + +#include "nc-cui.h" + +struct auth_screen; + +struct auth_screen *auth_screen_init(struct cui *cui, + WINDOW *pad, bool set_password, + void (callback)(struct nc_scr *), + void (*on_exit)(struct cui *)); + +struct nc_scr *auth_screen_scr(struct auth_screen *screen); +struct nc_scr *auth_screen_return_scr(struct auth_screen *screen); + +#endif /* define _NC_AUTH_H */ diff --git a/ui/ncurses/nc-config.c b/ui/ncurses/nc-config.c index 51861763..4685fa5d 100644 --- a/ui/ncurses/nc-config.c +++ b/ui/ncurses/nc-config.c @@ -29,11 +29,12 @@ #include #include +#include "ui/common/discover-client.h" #include "nc-cui.h" #include "nc-config.h" #include "nc-widgets.h" -#define N_FIELDS 48 +#define N_FIELDS 49 extern struct help_text config_help_text; @@ -51,7 +52,6 @@ struct config_screen { bool exit; bool show_help; - bool show_subset; bool need_redraw; bool need_update; @@ -118,6 +118,8 @@ struct config_screen { struct nc_widget_label *manual_console_l; struct nc_widget_label *current_console_l; + struct nc_widget_button *update_password_l; + struct nc_widget_label *net_override_l; struct nc_widget_label *safe_mode; struct nc_widget_button *ok_b; @@ -175,7 +177,7 @@ static void config_screen_process_key(struct nc_scr *scr, int key) cui_show_help(screen->cui, _("System Configuration"), &config_help_text); - } else if (handled && !screen->show_subset) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } @@ -370,15 +372,39 @@ static int screen_process_form(struct config_screen *screen) return 0; } +static void config_screen_config_cb(struct nc_scr *scr) +{ + struct config_screen *screen = config_screen_from_scr(scr); + + if (!screen_process_form(screen)) + screen->exit = true; +} + +#ifdef CRYPT_SUPPORT +static void password_click(void *arg) +{ + struct config_screen *screen = arg; + + screen->need_update = true; + cui_show_auth(screen->cui, screen->scr.main_ncw, true, NULL); +} +#endif + static void ok_click(void *arg) { struct config_screen *screen = arg; - if (screen_process_form(screen)) - /* errors are written to the status line, so we'll need - * to refresh */ - wrefresh(screen->scr.main_ncw); - else - screen->exit = true; + + if (discover_client_authenticated(screen->cui->client)) { + if (screen_process_form(screen)) + /* errors are written to the status line, so we'll need + * to refresh */ + wrefresh(screen->scr.main_ncw); + else + screen->exit = true; + } else { + cui_show_auth(screen->cui, screen->scr.main_ncw, false, + config_screen_config_cb); + } } static void help_click(void *arg) @@ -650,6 +676,12 @@ static void config_screen_layout_widgets(struct config_screen *screen) screen->widgets.current_console_l), false); } +#ifdef CRYPT_SUPPORT + widget_move(widget_button_base(screen->widgets.update_password_l), + y, screen->field_x); + y += 2; +#endif + if (screen->net_override) { widget_move(widget_label_base(screen->widgets.net_override_l), y, screen->label_x); @@ -705,7 +737,6 @@ static void config_screen_add_device(void *arg) { struct config_screen *screen = arg; - screen->show_subset = true; cui_show_subset(screen->cui, _("Select a boot device to add"), screen->widgets.boot_order_f); } @@ -1113,6 +1144,11 @@ static void config_screen_setup_widgets(struct config_screen *screen, ttyname(STDIN_FILENO)); screen->widgets.current_console_l = widget_new_label(set, 0 , 0, tty); +#ifdef CRYPT_SUPPORT + screen->widgets.update_password_l = widget_new_button(set, 0, 0, 30, + _("Update system password"), password_click, screen); +#endif + screen->widgets.ok_b = widget_new_button(set, 0, 0, 10, _("OK"), ok_click, screen); screen->widgets.help_b = widget_new_button(set, 0, 0, 10, _("Help"), @@ -1212,7 +1248,12 @@ void config_screen_update(struct config_screen *screen, static int config_screen_post(struct nc_scr *scr) { struct config_screen *screen = config_screen_from_scr(scr); - screen->show_subset = false; + + /* We may have been posted after an auth action completed */ + if (screen->exit) { + screen->on_exit(screen->cui); + return 0; + } if (screen->need_update) { config_screen_draw(screen, screen->cui->config, @@ -1262,7 +1303,6 @@ struct config_screen *config_screen_init(struct cui *cui, screen->field_x = 17; screen->ipmi_override = false; - screen->show_subset = false; screen->scr.frame.ltitle = talloc_strdup(screen, _("Petitboot System Configuration")); diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 3c754546..88b8a91c 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -47,6 +47,7 @@ #include "nc-statuslog.h" #include "nc-subset.h" #include "nc-plugin.h" +#include "nc-auth.h" #include "console-codes.h" extern const struct help_text main_menu_help_text; @@ -307,6 +308,26 @@ static int cui_boot(struct pmenu_item *item) return 0; } +static void cui_boot_cb(struct nc_scr *scr) +{ + struct pmenu *menu = pmenu_from_scr(scr); + + if (pmenu_find_selected(menu)) + cui_boot(pmenu_find_selected(menu)); +} + +static int cui_boot_check(struct pmenu_item *item) +{ + struct cui *cui = cui_from_item(item); + + if (discover_client_authenticated(cui->client)) + return cui_boot(item); + + cui_show_auth(cui, item->pmenu->scr.main_ncw, false, cui_boot_cb); + + return 0; +} + static void cui_boot_editor_on_exit(struct cui *cui, struct pmenu_item *item, struct pb_boot_data *bd) @@ -338,7 +359,7 @@ static void cui_boot_editor_on_exit(struct cui *cui, } item->on_edit = cui_item_edit; - item->on_execute = cui_boot; + item->on_execute = cui_boot_check; item->data = cod; talloc_steal(item, cod); @@ -397,6 +418,52 @@ void cui_item_new(struct pmenu *menu) cui_set_current(cui, boot_editor_scr(cui->boot_editor)); } + +/* Call pb-plugin to install a plugin specified by plugin_file */ +static int cui_install_plugin(struct pmenu_item *item) +{ + struct cui *cui = cui_from_item(item); + struct cui_opt_data *cod = cod_from_item(item); + int rc; + + rc = cui_send_plugin_install(cui, cod->pd->plugin_file); + + if (rc) { + pb_log("cui_send_plugin_install failed!\n"); + nc_scr_status_printf(cui->current, + _("Failed to send install request")); + } else { + nc_scr_status_printf(cui->current, _("Installing plugin %s"), + cod->pd->plugin_file); + pb_debug("cui_send_plugin_install sent!\n"); + } + + return rc; +} + +static void cui_plugin_install_cb(struct nc_scr *scr) +{ + struct pmenu *menu = pmenu_from_scr(scr); + + if (pmenu_find_selected(menu)) + cui_install_plugin(pmenu_find_selected(menu)); + else + pb_debug("%s: no current item\n", __func__); +} + +static int cui_plugin_install_check(struct pmenu_item *item) +{ + struct cui *cui = cui_from_item(item); + + if (discover_client_authenticated(cui->client)) + return cui_install_plugin(item); + + cui_show_auth(cui, item->pmenu->scr.main_ncw, false, + cui_plugin_install_cb); + + return 0; +} + static void cui_sysinfo_exit(struct cui *cui) { cui_set_current(cui, &cui->main->scr); @@ -535,6 +602,39 @@ void cui_show_subset(struct cui *cui, const char *title, cui_set_current(cui, subset_screen_scr(cui->subset_screen)); } +static void cui_auth_exit(struct cui *cui) +{ + struct nc_scr *return_scr = auth_screen_return_scr(cui->auth_screen); + + /* + * Destroy the auth screen first so that the subwindow is cleaned up + * before the return_scr posts. If we don't do this operations on the + * main_ncw can cause a blank screen at first (eg. status update). + */ + nc_scr_unpost(cui->current); + talloc_free(cui->auth_screen); + cui->auth_screen = NULL; + + cui->current = return_scr; + nc_scr_post(cui->current); +} + +void cui_show_auth(struct cui *cui, WINDOW *parent, bool set_password, + void (*callback)(struct nc_scr *)) +{ + if (!cui->current) + return; + + if (cui->auth_screen) + return; + + cui->auth_screen = auth_screen_init(cui, parent, set_password, + callback, cui_auth_exit); + + if (cui->auth_screen) + cui_set_current(cui, auth_screen_scr(cui->auth_screen)); +} + /** * cui_set_current - Set the currently active screen and redraw it. */ @@ -769,10 +869,10 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, if (plugin_option) { i->on_edit = NULL; - i->on_execute = plugin_install_plugin; + i->on_execute = cui_plugin_install_check; } else { i->on_edit = cui_item_edit; - i->on_execute = cui_boot; + i->on_execute = cui_boot_check; } i->data = cod = talloc(i, struct cui_opt_data); @@ -1202,7 +1302,7 @@ static void cui_update_sysinfo(struct system_info *sysinfo, void *arg) cui_update_mm_title(cui); } -static void cui_update_language(struct cui *cui, char *lang) +void cui_update_language(struct cui *cui, const char *lang) { bool repost_menu; char *cur_lang; @@ -1266,6 +1366,17 @@ int cui_send_plugin_install(struct cui *cui, char *file) return discover_client_send_plugin_install(cui->client, file); } +int cui_send_authenticate(struct cui *cui, char *password) +{ + return discover_client_send_authenticate(cui->client, password); +} + +int cui_send_set_password(struct cui *cui, char *password, char *new_password) +{ + return discover_client_send_set_password(cui->client, password, + new_password); +} + void cui_send_reinit(struct cui *cui) { discover_client_send_reinit(cui->client); @@ -1295,10 +1406,38 @@ static int menu_statuslog_execute(struct pmenu_item *item) return 0; } +static void menu_reinit_cb(struct nc_scr *scr) +{ + struct pmenu *menu = pmenu_from_scr(scr); + + cui_send_reinit(cui_from_pmenu(menu)); +} + static int menu_reinit_execute(struct pmenu_item *item) { - if (cui_from_item(item)->client) - cui_send_reinit(cui_from_item(item)); + struct cui *cui = cui_from_item(item); + + if (!cui->client) + return 0; + + /* If we don't need to authenticate, send the reinit immediately */ + if (discover_client_authenticated(cui->client)) { + cui_send_reinit(cui); + return 0; + } + + if (!cui->current) + return 0; + + if (cui->auth_screen) + return 0; + + cui->auth_screen = auth_screen_init(cui, cui->current->main_ncw, + false, menu_reinit_cb, cui_auth_exit); + + if (cui->auth_screen) + cui_set_current(cui, auth_screen_scr(cui->auth_screen)); + return 0; } diff --git a/ui/ncurses/nc-cui.h b/ui/ncurses/nc-cui.h index abe4db98..8fa27aa7 100644 --- a/ui/ncurses/nc-cui.h +++ b/ui/ncurses/nc-cui.h @@ -73,6 +73,7 @@ struct cui { struct help_screen *help_screen; struct subset_screen *subset_screen; struct statuslog_screen *statuslog_screen; + struct auth_screen *auth_screen; struct pjs *pjs; void *platform_info; unsigned int default_item; @@ -98,9 +99,13 @@ void cui_show_subset(struct cui *cui, const char *title, void cui_show_add_url(struct cui *cui); void cui_show_plugin(struct pmenu_item *item); void cui_show_plugin_menu(struct cui *cui); +void cui_show_auth(struct cui *cui, WINDOW *parent, bool set_password, + void (*callback)(struct nc_scr *)); int cui_send_config(struct cui *cui, struct config *config); int cui_send_url(struct cui *cui, char *url); int cui_send_plugin_install(struct cui *cui, char *file); +int cui_send_authenticate(struct cui *cui, char *password); +int cui_send_set_password(struct cui *cui, char *password, char *new_password); void cui_send_reinit(struct cui *cui); /* convenience routines */ @@ -112,6 +117,7 @@ void cui_abort_on_exit(struct pmenu *menu); void cui_on_open(struct pmenu *menu); int cui_run_cmd(struct cui *cui, const char **cmd_argv); int cui_run_cmd_from_item(struct pmenu_item *item); +void cui_update_language(struct cui *cui, const char *lang); static inline struct cui *cui_from_arg(void *arg) { diff --git a/ui/ncurses/nc-lang.c b/ui/ncurses/nc-lang.c index a7c9ccc5..91d86e10 100644 --- a/ui/ncurses/nc-lang.c +++ b/ui/ncurses/nc-lang.c @@ -29,11 +29,12 @@ #include #include +#include "ui/common/discover-client.h" #include "nc-cui.h" #include "nc-lang.h" #include "nc-widgets.h" -#define N_FIELDS 5 +#define N_FIELDS 7 static struct lang { const char *name; @@ -70,6 +71,9 @@ struct lang_screen { struct nc_widget_select *lang_f; struct nc_widget_label *lang_l; + struct nc_widget_label *save_l; + struct nc_widget_checkbox *save_cb; + struct nc_widget_label *safe_mode; struct nc_widget_button *ok_b; struct nc_widget_button *cancel_b; @@ -115,12 +119,55 @@ static void lang_screen_process_key(struct nc_scr *scr, int key) if (screen->exit) { screen->on_exit(screen->cui); - - } else if (handled) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } +static const char *lang_get_lang_name(struct lang_screen *screen) +{ + struct lang *lang; + int idx; + + idx = widget_select_get_value(screen->widgets.lang_f); + + /* Option -1 ("Unknown") can only be populated from the current + * language, so there's no change here */ + if (idx == -1) + return NULL; + + lang = &languages[idx]; + + return lang->name; +} + +static int lang_process_form(struct lang_screen *screen) +{ + struct config *config; + const char *lang; + int rc; + + config = config_copy(screen, screen->cui->config); + + lang = lang_get_lang_name(screen); + + if (!lang || (config->lang && !strcmp(lang, config->lang))) + return 0; + + config->lang = talloc_strdup(screen, lang); + + config->safe_mode = false; + rc = cui_send_config(screen->cui, config); + talloc_free(config); + + if (rc) + pb_log("cui_send_config failed!\n"); + else + pb_debug("config sent!\n"); + + return 0; +} + static void lang_screen_resize(struct nc_scr *scr) { struct lang_screen *screen = lang_screen_from_scr(scr); @@ -130,6 +177,10 @@ static void lang_screen_resize(struct nc_scr *scr) static int lang_screen_post(struct nc_scr *scr) { struct lang_screen *screen = lang_screen_from_scr(scr); + + if (screen->exit) + screen->on_exit(screen->cui); + widgetset_post(screen->widgetset); nc_scr_frame_draw(scr); wrefresh(screen->scr.main_ncw); @@ -149,49 +200,39 @@ struct nc_scr *lang_screen_scr(struct lang_screen *screen) return &screen->scr; } -static int lang_process_form(struct lang_screen *screen) +static void lang_screen_update_cb(struct nc_scr *scr) { - struct config *config; - struct lang *lang; - int idx, rc; - - config = config_copy(screen, screen->cui->config); - - idx = widget_select_get_value(screen->widgets.lang_f); - - /* Option -1 ("Unknown") can only be populated from the current - * language, so there's no change here */ - if (idx == -1) - return 0; - - lang = &languages[idx]; - - if (config->lang && !strcmp(lang->name, config->lang)) - return 0; - - config->lang = talloc_strdup(screen, lang->name); - - config->safe_mode = false; - rc = cui_send_config(screen->cui, config); - talloc_free(config); - - if (rc) - pb_log("cui_send_config failed!\n"); - else - pb_debug("config sent!\n"); + struct lang_screen *screen = lang_screen_from_scr(scr); - return 0; + if (!lang_process_form(screen)) + screen->exit = true; } static void ok_click(void *arg) { struct lang_screen *screen = arg; - if (lang_process_form(screen)) - /* errors are written to the status line, so we'll need - * to refresh */ - wrefresh(screen->scr.main_ncw); - else + const char *lang; + + if (!widget_checkbox_get_value(screen->widgets.save_cb)) { + /* Just update the client display */ + lang = lang_get_lang_name(screen); + if (lang) + cui_update_language(screen->cui, lang); screen->exit = true; + return; + } + + if (discover_client_authenticated(screen->cui->client)) { + if (lang_process_form(screen)) + /* errors are written to the status line, so we'll need + * to refresh */ + wrefresh(screen->scr.main_ncw); + else + screen->exit = true; + } else { + cui_show_auth(screen->cui, screen->scr.main_ncw, false, + lang_screen_update_cb); + } } static void cancel_click(void *arg) @@ -221,6 +262,10 @@ static void lang_screen_layout_widgets(struct lang_screen *screen) y += 1; + y += layout_pair(screen, y, screen->widgets.save_l, + widget_checkbox_base(screen->widgets.save_cb)); + y += 1; + if (screen->cui->config->safe_mode) { widget_move(widget_label_base(screen->widgets.safe_mode), y, screen->field_x); @@ -289,6 +334,10 @@ static void lang_screen_setup_widgets(struct lang_screen *screen, label, true); } + screen->widgets.save_l = widget_new_label(set, 0, 0, + _("Save changes?")); + screen->widgets.save_cb = widget_new_checkbox(set, 0, 0, false); + if (config->safe_mode) screen->widgets.safe_mode = widget_new_label(set, 0, 0, _("Selecting 'OK' will exit safe mode")); @@ -325,7 +374,7 @@ static void lang_screen_draw(struct lang_screen *screen, bool repost = false; int height; - height = ARRAY_SIZE(languages) + 4; + height = ARRAY_SIZE(languages) + N_FIELDS + 4; if (!screen->pad || getmaxy(screen->pad) < height) { if (screen->pad) delwin(screen->pad); diff --git a/ui/ncurses/nc-plugin.c b/ui/ncurses/nc-plugin.c index ad8210f0..f897cc8e 100644 --- a/ui/ncurses/nc-plugin.c +++ b/ui/ncurses/nc-plugin.c @@ -40,6 +40,8 @@ extern const struct help_text plugin_help_text; +static void plugin_run_command(void *arg); + struct plugin_screen { struct nc_scr scr; struct cui *cui; @@ -48,6 +50,7 @@ struct plugin_screen { bool exit; bool show_help; + bool show_auth_run; bool need_redraw; void (*on_exit)(struct cui *); @@ -160,7 +163,7 @@ static void plugin_screen_process_key(struct nc_scr *scr, int key) cui_show_help(screen->cui, _("Petitboot Plugin"), &plugin_help_text); - } else if (handled) { + } else if (handled && (screen->cui->current == scr)) { pad_refresh(screen); } } @@ -178,6 +181,12 @@ static int plugin_screen_post(struct nc_scr *scr) } wrefresh(screen->scr.main_ncw); pad_refresh(screen); + + if (screen->show_auth_run) { + screen->show_auth_run = false; + plugin_run_command(screen); + } + return 0; } @@ -232,28 +241,21 @@ static void plugin_run_command(void *arg) talloc_free(cmd); } -/* Call pb-plugin to install a plugin specified by plugin_file */ -int plugin_install_plugin(struct pmenu_item *item) +static void plugin_run_command_check(void *arg) { - struct cui *cui = cui_from_item(item); - struct cui_opt_data *cod = cod_from_item(item); - int rc; - - assert(cui->current == &cui->plugin_menu->scr); - - nc_scr_status_printf(cui->current, _("Installing plugin %s"), - cod->pd->plugin_file); - - rc = cui_send_plugin_install(cui, cod->pd->plugin_file); + struct plugin_screen *screen = arg; - if (rc) { - pb_log("cui_send_plugin_install failed!\n"); - nc_scr_status_printf(cui->current, - _("Failed to send install request")); - } else - pb_debug("cui_send_plugin_install sent!\n"); + if (discover_client_authenticated(screen->cui->client)) { + plugin_run_command(screen); + return; + } - return rc; + /* + * Don't supply a callback as we want to handle running the command + * from the plugin screen. + */ + screen->show_auth_run = true; + cui_show_auth(screen->cui, screen->scr.main_ncw, false, NULL); } static void plugin_screen_setup_widgets(struct plugin_screen *screen) @@ -291,7 +293,7 @@ static void plugin_screen_setup_widgets(struct plugin_screen *screen) } screen->widgets.run_b = widget_new_button(set, 0, 0, 30, - _("Run selected command"), plugin_run_command, screen); + _("Run selected command"), plugin_run_command_check, screen); } static int layout_pair(struct plugin_screen *screen, int y, diff --git a/ui/ncurses/nc-plugin.h b/ui/ncurses/nc-plugin.h index 6dfd4aef..398b7c72 100644 --- a/ui/ncurses/nc-plugin.h +++ b/ui/ncurses/nc-plugin.h @@ -29,6 +29,4 @@ struct plugin_screen *plugin_screen_init(struct cui *cui, struct nc_scr *plugin_screen_scr(struct plugin_screen *screen); void plugin_screen_update(struct plugin_screen *screen); -int plugin_install_plugin(struct pmenu_item *item); - #endif /* defined _NC_PLUGIN_H */ diff --git a/ui/ncurses/nc-scr.h b/ui/ncurses/nc-scr.h index 5671a6b7..9f46f99b 100644 --- a/ui/ncurses/nc-scr.h +++ b/ui/ncurses/nc-scr.h @@ -50,6 +50,7 @@ enum pb_nc_sig { pb_add_url_screen_sig = 888, pb_subset_screen_sig = 101, pb_plugin_screen_sig = 202, + pb_auth_screen_sig = 303, pb_removed_sig = -999, }; diff --git a/ui/ncurses/nc-widgets.c b/ui/ncurses/nc-widgets.c index 30915a97..afd56d71 100644 --- a/ui/ncurses/nc-widgets.c +++ b/ui/ncurses/nc-widgets.c @@ -365,8 +365,8 @@ static int textbox_destructor(void *ptr) return 0; } -struct nc_widget_textbox *widget_new_textbox(struct nc_widgetset *set, - int y, int x, int len, char *str) +struct nc_widget_textbox *widget_new_textbox_hidden(struct nc_widgetset *set, + int y, int x, int len, char *str, bool hide_input) { struct nc_widget_textbox *textbox; FIELD *f; @@ -383,6 +383,8 @@ struct nc_widget_textbox *widget_new_textbox(struct nc_widgetset *set, textbox->widget.unfocussed_attr = A_UNDERLINE; field_opts_off(f, O_STATIC | O_WRAP | O_BLANK); + if (hide_input) + field_opts_off(f, O_PUBLIC); set_field_buffer(f, 0, str); set_field_back(f, textbox->widget.unfocussed_attr); set_field_userptr(f, &textbox->widget); @@ -393,6 +395,12 @@ struct nc_widget_textbox *widget_new_textbox(struct nc_widgetset *set, return textbox; } +struct nc_widget_textbox *widget_new_textbox(struct nc_widgetset *set, + int y, int x, int len, char *str) +{ + return widget_new_textbox_hidden(set, y, x, len, str, false); +} + void widget_textbox_set_fixed_size(struct nc_widget_textbox *textbox) { field_opts_on(textbox->widget.field, O_STATIC); diff --git a/ui/ncurses/nc-widgets.h b/ui/ncurses/nc-widgets.h index a946c4f5..ce3b0386 100644 --- a/ui/ncurses/nc-widgets.h +++ b/ui/ncurses/nc-widgets.h @@ -16,6 +16,7 @@ */ #ifndef NC_WIDGETS_H +#define NC_WIDGETS_H struct nc_widgetset; struct nc_widget_label; @@ -27,6 +28,8 @@ struct nc_widget_label *widget_new_label(struct nc_widgetset *set, int y, int x, char *str); struct nc_widget_checkbox *widget_new_checkbox(struct nc_widgetset *set, int y, int x, bool checked); +struct nc_widget_textbox *widget_new_textbox_hidden(struct nc_widgetset *set, + int y, int x, int len, char *str, bool hide_input); struct nc_widget_textbox *widget_new_textbox(struct nc_widgetset *set, int y, int x, int len, char *str); struct nc_widget_subset *widget_new_subset(struct nc_widgetset *set, From patchwork Wed Nov 28 04:20:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004190 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SDn0xHVz9s1c for ; Wed, 28 Nov 2018 15:22:49 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="m/tlw3QF"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="cmbt1iU/"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SDm632lzDqPm for ; Wed, 28 Nov 2018 15:22:48 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="m/tlw3QF"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="cmbt1iU/"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="m/tlw3QF"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="cmbt1iU/"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBT1kX3zDqgr for ; Wed, 28 Nov 2018 15:20:48 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 3120A2234B; Tue, 27 Nov 2018 23:20:46 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=rUlfTuvVDUcIuDkrh4wXG68pGZxWRKYPSIv43ESWhV4=; b=m/tlw 3QF8DH1yI2T3mKyDdkWAF80oNes1/cx4cFoQivkwoi3HIwVwDxZkZSuKzxGwukdV RGnQoKgtHdXBjGuZL234xmCCVdLxrQM9u/i7w+fIgfEU1RyYPMbRrwR0mup9NI86 NqmLQLQ1ayTboRMOM4Wr/3z/oG2yuTbRTWZYLP1622Qq3uugr/DjpqDQ99tDz/CS TnuzGIkVyVKzoBN+RE9+Y9mZ80EOs66d03YLbqQez6q2yUGGMDtB78WPW7AK5g32 ITTI7eOPJ5b22s+jkjk/+uWwVO1DffctwncfyvZF89XtPYGEq0zJLtUrZZWCn9lR SbrvfINIZtwGA6aJw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=rUlfTuvVDUcIuDkrh4wXG68pGZxWRKYPSIv43ESWhV4=; b=cmbt1iU/ VEFFflt1+sTu7pNT2wK6diov85zNKkjITDJLMrH33KSbZq0Gi7LzCq/JHxLKedVY BetpIAoAE3zeUzNU0ed7vQ2jw8a6I7rpMDIY4aBRi8hrrH5HRuvdVhM5KgWrNxAA 4lz+QALoCxIwafbEUHSUmMxLLixetgCUDgwysK/wl736LKfdkrSkni0wOqlz6f5o mQL0tDnRz+2sKEwaTLhVvl6dsr+LDnMxabEiELAX1Ilt6xHlIevcoi4sL3qDfdYr MlfZSOeZom6r/tq0aKNoukCnMA2m45OPTawz0/S/uFTmGcunpWaPeJZRy5fPxjIR dLu16hYAfhbYog== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 8F49410357; Tue, 27 Nov 2018 23:20:44 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 13/13] ui/ncurses: Keep track of the default boot option Date: Wed, 28 Nov 2018 15:20:12 +1100 Message-Id: <20181128042012.25916-14-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Keep track of the default boot option, and prefix its display name with a '(*)' to point it out to the user. This avoids having to authenticate with pb-discover even if only booting the default option. Signed-off-by: Samuel Mendoza-Jonas --- discover/device-handler.c | 4 ++++ lib/pb-protocol/pb-protocol.c | 6 ++++++ lib/types/types.h | 1 + ui/ncurses/nc-cui.c | 35 +++++++++++++++++++++++++++++++++-- 4 files changed, 44 insertions(+), 2 deletions(-) diff --git a/discover/device-handler.c b/discover/device-handler.c index 3c7943e1..6ccf26c3 100644 --- a/discover/device-handler.c +++ b/discover/device-handler.c @@ -930,6 +930,10 @@ static void set_default(struct device_handler *handler, return; } + if (handler->default_boot_option) + handler->default_boot_option->option->is_autoboot_default = false; + opt->option->is_autoboot_default = true; + handler->sec_to_boot = config_get()->autoboot_timeout_sec; handler->default_boot_option = opt; handler->default_boot_option_priority = new_prio; diff --git a/lib/pb-protocol/pb-protocol.c b/lib/pb-protocol/pb-protocol.c index 5de382d2..d8771fcb 100644 --- a/lib/pb-protocol/pb-protocol.c +++ b/lib/pb-protocol/pb-protocol.c @@ -204,6 +204,7 @@ int pb_protocol_boot_option_len(const struct boot_option *opt) 4 + optional_strlen(opt->boot_args) + 4 + optional_strlen(opt->args_sig_file) + sizeof(opt->is_default) + + sizeof(opt->is_autoboot_default) + sizeof(opt->type); } @@ -434,6 +435,8 @@ int pb_protocol_serialise_boot_option(const struct boot_option *opt, *(bool *)pos = opt->is_default; pos += sizeof(bool); + *(bool *)pos = opt->is_autoboot_default; + pos += sizeof(bool); *(uint32_t *)pos = __cpu_to_be32(opt->type); pos += 4; @@ -925,6 +928,9 @@ int pb_protocol_deserialise_boot_option(struct boot_option *opt, opt->is_default = *(bool *)(pos); pos += sizeof(bool); len -= sizeof(bool); + opt->is_autoboot_default = *(bool *)(pos); + pos += sizeof(bool); + len -= sizeof(bool); if (read_u32(&pos, &len, &opt->type)) return -1; diff --git a/lib/types/types.h b/lib/types/types.h index f5392c89..39760d91 100644 --- a/lib/types/types.h +++ b/lib/types/types.h @@ -54,6 +54,7 @@ struct boot_option { char *boot_args; char *args_sig_file; bool is_default; + bool is_autoboot_default; struct list_item list; diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 88b8a91c..16e8c286 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -318,11 +318,16 @@ static void cui_boot_cb(struct nc_scr *scr) static int cui_boot_check(struct pmenu_item *item) { + struct cui_opt_data *cod = cod_from_item(item); struct cui *cui = cui_from_item(item); if (discover_client_authenticated(cui->client)) return cui_boot(item); + /* Client doesn't need authentication to boot the default option */ + if (cui->default_item == cod->opt_hash) + return cui_boot(item); + cui_show_auth(cui, item->pmenu->scr.main_ncw, false, cui_boot_cb); return 0; @@ -858,8 +863,9 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, dev_hdr = pmenu_find_device(menu, dev, opt); /* All actual boot entries are 'tabbed' across */ - name = talloc_asprintf(menu, "%s%s", - tab, opt->name ? : "Unknown Name"); + name = talloc_asprintf(menu, "%s%s%s", + tab, opt->is_autoboot_default ? "(*) " : "", + opt->name ? : "Unknown Name"); /* Save the item in opt->ui_info for cui_device_remove() */ opt->ui_info = i = pmenu_item_create(menu, name); @@ -944,6 +950,27 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, pb_log_fn("set_menu_items failed: %d\n", result); } + /* Update the default option */ + if (opt->is_autoboot_default) { + struct cui_opt_data *tmp; + struct pmenu_item *item; + unsigned int j; + if (cui->default_item) { + for (j = 0; j < cui->main->item_count; j++) { + item = item_userptr(cui->main->items[j]); + tmp = cod_from_item(item); + if (tmp->opt_hash == cui->default_item) { + char *label = talloc_asprintf(menu, "%s%s", + tab, tmp->name ? : "Unknown Name"); + pmenu_item_update(item, label); + talloc_free(label); + break; + } + } + } + cui->default_item = cod->opt_hash; + } + /* Re-attach the items array. */ result = set_menu_items(menu->ncm, menu->items); @@ -988,6 +1015,7 @@ static int cui_boot_option_add(struct device *dev, struct boot_option *opt, static void cui_device_remove(struct device *dev, void *arg) { struct cui *cui = cui_from_arg(arg); + struct cui_opt_data *cod; struct boot_option *opt; unsigned int i; int rows, cols, top, last; @@ -1010,6 +1038,9 @@ static void cui_device_remove(struct device *dev, void *arg) list_for_each_entry(&dev->boot_options, opt, list) { struct pmenu_item *item = pmenu_item_from_arg(opt->ui_info); + cod = cod_from_item(item); + if (cui->default_item == cod->opt_hash) + cui->default_item = 0; assert(pb_protocol_device_cmp(dev, cod_from_item(item)->dev)); if (opt->type == DISCOVER_PLUGIN_OPTION)