summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-06-20 10:45:41 +1000
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-12-03 14:39:57 +1100
commit9011b958364f2af965a33681e7375f079ba75d02 (patch)
treec26a44dd2727ae9c99a8b364c9b0cd9cb2d86b35
parentb917fc4ec145de2457349bd5df358c89617f1581 (diff)
downloadtalos-petitboot-9011b958364f2af965a33681e7375f079ba75d02.zip
talos-petitboot-9011b958364f2af965a33681e7375f079ba75d02.tar.gz
ui/common: Client authentication helpers
Track the client's authentication status and provide methods for the client to send authentication requests to the server. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
-rw-r--r--ui/common/discover-client.c81
-rw-r--r--ui/common/discover-client.h12
2 files changed, 93 insertions, 0 deletions
diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c
index d941497..e7dfb83 100644
--- a/ui/common/discover-client.c
+++ b/ui/common/discover-client.c
@@ -1,4 +1,8 @@
+#if defined(HAVE_CONFIG_H)
+#include "config.h"
+#endif
+
#include <assert.h>
#include <errno.h>
#include <unistd.h>
@@ -22,6 +26,7 @@ struct discover_client {
struct discover_client_ops ops;
int n_devices;
struct device **devices;
+ bool authenticated;
};
static int discover_client_destructor(void *arg)
@@ -171,6 +176,7 @@ static int discover_client_process(void *arg)
{
struct discover_client *client = arg;
struct pb_protocol_message *message;
+ struct auth_message *auth_msg;
struct plugin_option *p_opt;
struct system_info *sysinfo;
struct boot_option *opt;
@@ -266,6 +272,20 @@ static int discover_client_process(void *arg)
case PB_PROTOCOL_ACTION_PLUGINS_REMOVE:
plugins_remove(client);
break;
+ case PB_PROTOCOL_ACTION_AUTHENTICATE:
+ auth_msg = talloc_zero(ctx, struct auth_message);
+
+ rc = pb_protocol_deserialise_authenticate(auth_msg, message);
+ if (rc || auth_msg->op != AUTH_MSG_RESPONSE) {
+ pb_log("%s: invalid auth message? (%d)\n",
+ __func__, rc);
+ goto out;
+ }
+
+ pb_log("Client %sauthenticated by server\n",
+ client->authenticated ? "" : "un");
+ client->authenticated = auth_msg->authenticated;
+ break;
default:
pb_log_fn("unknown action %d\n", message->action);
}
@@ -311,6 +331,13 @@ struct discover_client* discover_client_init(struct waitset *waitset,
waiter_register_io(waitset, client->fd, WAIT_IN,
discover_client_process, client);
+ /* Assume this client can't make changes if crypt support is enabled */
+#ifdef CRYPT_SUPPORT
+ client->authenticated = false;
+#else
+ client->authenticated = true;
+#endif
+
return client;
out_err:
@@ -333,6 +360,11 @@ struct device *discover_client_get_device(struct discover_client *client,
return client->devices[index];
}
+bool discover_client_authenticated(struct discover_client *client)
+{
+ return client->authenticated;
+}
+
static void create_boot_command(struct boot_command *command,
const struct device *device __attribute__((unused)),
const struct boot_option *boot_option,
@@ -471,3 +503,52 @@ int discover_client_send_temp_autoboot(struct discover_client *client,
return pb_protocol_write_message(client->fd, message);
}
+
+int discover_client_send_authenticate(struct discover_client *client,
+ char *password)
+{
+ struct pb_protocol_message *message;
+ struct auth_message auth_msg;
+ int len;
+
+ auth_msg.op = AUTH_MSG_REQUEST;
+ auth_msg.password = password;
+
+ len = pb_protocol_authenticate_len(&auth_msg);
+
+ message = pb_protocol_create_message(client,
+ PB_PROTOCOL_ACTION_AUTHENTICATE, len);
+ if (!message)
+ return -1;
+
+ pb_log("serialising auth message..\n");
+ pb_protocol_serialise_authenticate(&auth_msg, message->payload, len);
+
+ pb_log("sending auth message..\n");
+ return pb_protocol_write_message(client->fd, message);
+}
+
+int discover_client_send_set_password(struct discover_client *client,
+ char *password, char *new_password)
+{
+ struct pb_protocol_message *message;
+ struct auth_message auth_msg;
+ int len;
+
+ auth_msg.op = AUTH_MSG_SET;
+ auth_msg.set_password.password = password;
+ auth_msg.set_password.new_password = new_password;
+
+ len = pb_protocol_authenticate_len(&auth_msg);
+
+ message = pb_protocol_create_message(client,
+ PB_PROTOCOL_ACTION_AUTHENTICATE, len);
+ if (!message)
+ return -1;
+
+ pb_log("serialising auth message..\n");
+ pb_protocol_serialise_authenticate(&auth_msg, message->payload, len);
+
+ pb_log("sending auth message..\n");
+ return pb_protocol_write_message(client->fd, message);
+}
diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h
index 2a2ea28..9b56dcb 100644
--- a/ui/common/discover-client.h
+++ b/ui/common/discover-client.h
@@ -71,6 +71,12 @@ int discover_client_device_count(struct discover_client *client);
struct device *discover_client_get_device(struct discover_client *client,
int index);
+/**
+ * Get the client's authentication status. This is only useful if Petitboot
+ * has been built with crypt support.
+ */
+bool discover_client_authenticated(struct discover_client *client);
+
/* Tell the discover server to boot an image
* @param client A pointer to the discover client
* @param boot_command The command to boot
@@ -101,6 +107,12 @@ int discover_client_send_url(struct discover_client *client, char *url);
/* Send plugin file path to discover server to install */
int discover_client_send_plugin_install(struct discover_client *client,
char *file);
+/* Authenticate with pb-discover to allow modification */
+int discover_client_send_authenticate(struct discover_client *client,
+ char *password);
+/* Set a new system password, authenticating with the current password */
+int discover_client_send_set_password(struct discover_client *client,
+ char *password, char *new_password);
/* send a temporary autoboot override */
int discover_client_send_temp_autoboot(struct discover_client *client,
OpenPOWER on IntegriCloud