Various fixups and checks to make scan-build happy Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/discover-server: Restrict clients based on uid If crypt support is enabled restrict what actions clients can perform by default. Initial authorisation is set at connection time; clients running as root are unrestricted, anything else runs as restricted until it makes an authentication to pb-discover. Unprivileged clients may only perform the following actions: - Boot the default boot option. - Cancel the autoboot timeout. - Make an authentication request. If a group named "petitgroup" exists then the socket permissions are also modified so that only clients running as root or in that group may connect to the socket. The user-event socket is only usable by root since the two main usecases are by utilities called by pb-discover or by a user in the shell who will need to su to root anyway. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Let 'boot' user-event boot by name If a 'name' parameter is used for a boot user event, search existing boot options for one that matches that name on the given device. This allows a pb-event user to boot based on name rather than having to specify the exact boot arguments. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/log: Switch to pb_log_fn The only functional change should be an additional '/n' to a few log messagees that seemed to be missing it. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/user-event: Use bootfile_url if available Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Support IPv6 addresses Support handling IPv6 addresses from user events and call the udhcpc6 client in addition to the udhcpc client. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/user-event: Check for required parameters Check for some required parameters in the 'dhcp' handler, and in the 'add' handler return an error if parse_user_event() fails rather than charging ahead into a segfault. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Add 'plugin' user-event Add a new user event to advertise pb-plugins and add them to the device_handler. Plugins described by this event can either be uninstalled pb-plugin files or successfully installed pb-plugins depending on the associated parameters. The is primarily intended for use by the pb-plugin utility itself to notify Petitboot as it operates on pb-plugin files. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Record IP address of network interfaces If an interface has a valid IP address (either via DHCP or static config) store it in the interface_info struct so it can be referenced later. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Pass UUID to discover_device_create() Currently discover_device_create() will search for existing discover devices by id to determine if a new device is required. However it is possible under some circumstances for distinct devices to have the same name. This is especially troublesome if the following network events are seen in network_handle_nlmsg(): - New interface, 'foo' with uuid x:x:x:x:x:x -> new discover device created with dev->device->id = 'foo' dev->uuid = x:x:x:x:x:x - New interface, 'foo' with uuid y:y:y:y:y:y -> existing device 'foo' found dev->uuid = y:y:y:y:y:y This can occur if an interface rename event arrives *after* an old name is reused, where temporarily Petitboot will see two distinct network interfaces with the same name. Now the two interfaces point to the same discover device, which can quickly result in a segfault if a 'remove' event occurs for one of the interfaces and the discover device is freed. To generally avoid this a 'uuid' parameter is added to discover_device_create(), which if present allows existing devices to be looked up by UUID rather than just their name. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Deprecate 'conf' user event The 'conf' user event is functionally very similar to the 'url' event, in that both events result in downloading a specified configuration file and passing it to iterate_parsers(). The 'url' event additionally allows downloading files from a directory path and is also accessed by the UI via pb-protocol, so remove the 'conf' event and associated functions in favour of 'url' and device_handler_process_url(). Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/event: Ensure event struct exists for async callers When handling an event, user_event_handle_message() creates an event struct with relevant parameters. Once user_event_handle_message() is finished it frees the struct. However in the case of a dhcp or add_url event, asynchronous jobs may be spawned that will later reference the event struct. In particular this becomes a problem when pxe_process_pair() handles an IPAPPEND name/value pair and tries to access event->device. In the case of dhcp and add_url events, we avoid this by changing the event struct's talloc parent to the discover_context struct which persists until all async pxe jobs have completed. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Add support for GPG signature enforcement on booted kernels and related blobs This can be used to implement a form of organization-controlled secure boot, whereby kernels may be loaded from a variety of sources but they will only boot if a valid signature file is found for each component, and only if the signature is listed in the /etc/pb-lockdown file. Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> (Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
discover: Add 'sync' user event Add a user event named 'sync' that causes the discover server to merge the devicemapper snapshots of mounted devices. This is particularly useful as a debug aid (for example, when copying logs to a USB device), as the server will otherwise only sync changes to mounted devices in response to parser actions. The command can be called as pb-event sync@device to sync a particular device, or as pb-event sync@all to sync all devices with snapshots. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
pb-event: Add 'boot' user event Add a user event to send a boot command to the discover server. The format of the boot command is similar to the add command, eg: pb-event boot@eth0 image="http://host/image" initrd="http://host/initrd" and also recognises "id", "dtb", and "args" arguments. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: extend URL in UI to support auto-discovery The URL field currently only supports loading a particular file for static network configurations. But it makes sense in certain static network configurations to 'auto-discover' a file like petitboot does with DHCP -- based off the MAC address and IP. Extend device_handler_process_url to take those as parameters, and toggle off the URL ending in a '/' to indicate whether to 'auto-discover' or directly load the specified URL. Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com> Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
discover: Null-terminate buffer in user_event_process() Fixes Coverity defect #30480 Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
discover: Enable 'url' pb-events Adds a new option to pb-event; ./pb-event url@dev url=scheme://path/to/petitboot.conf Specifies a remote conf file to parse for boot options Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: move device sources to the device handler Currently, the pb-discover main() function initialises the device handler and the device sources. We want to eventually be able to re-init the device sources, which will be initiated by the handler. In this case, the handler will need references to the sources. This change moves the creation of the device sources to be internal to the handler. This way, the device handler gets a reference to everything, without having to pass pointers around in main(). We also remove the _destroy functions, as we handle everything through talloc destructors, as all sources are parented to the handler. We also change user_event_init and udev_init to take the handler as the first ('context') argument, to make them consistent with network_init. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover/pxe: Fix prefix autodetection when bootfile is in the root dir Currently, if the bootfile doesn't contain a directory, the path we use for config file resolution will use the bootfile as the first component of path. For example, if bootfile is: pxelinux.0 the config files requested will be: pxelinux.0/<mac> pxelinux.0/<ips> pxelinux.0/default For cases where bootfile is a single file, we need to use a blank prefix. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>