ui/ncurses: in lockdown ensure system reboot in ncurses menu exit

In a lockdown situation in the ncurses menu there is a switch to replace
the 'Exit to shell' option with 'Reboot', so the intent seems to be to
not allow the user the option to exit to shell in a lockdown situation.
However the associated foreced reboot logic is in the process atexit so
is only triggered when completely exiting the menu system.  The default
menu item logic to exit to shell is still in place though so the menu
exit never occurs and shell access is still available.
Add a switch to a different menu exit callback to force a menu abort
using the same mechanism as a signal in lockdown situations so the shell
can never be entered.  This also affects the 'x' or esc shortcut keys.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
index 3abeac3e2ff29d41a2ecfd34f552339d5637523e..d3e00aa03a0e6199f030b46209fe45194843092f 100644 (file)
--- a/ui/ncurses/nc-cui.c
+++ b/ui/ncurses/nc-cui.c
@@ -219,6 +219,17 @@ void cui_on_exit(struct pmenu *menu)
        talloc_free(sh_cmd);
 }
 
        talloc_free(sh_cmd);
 }
 

+/**
+ * cui_abort_on_exit - Force an exit of the main loop on menu exit.
+ *                     This is mainly for lockdown situations where
+ *                     the exit then triggers an expected reboot.
+ */
+void cui_abort_on_exit(struct pmenu *menu)
+{
+       struct cui *cui = cui_from_pmenu(menu);
+       cui->abort = 1;
+}
+

 /**
  * cui_run_cmd - A generic cb to run the supplied command.
  */
 /**
  * cui_run_cmd - A generic cb to run the supplied command.
  */


@@ -1298,7 +1309,7 @@ static struct pmenu *main_menu_init(struct cui *cui)
        int result;
        bool lockdown = lockdown_active();
 
        int result;
        bool lockdown = lockdown_active();
 

-       m = pmenu_init(cui, 9, cui_on_exit);
+       m = pmenu_init(cui, 9, lockdown ? cui_abort_on_exit : cui_on_exit);

        if (!m) {
                pb_log_fn("failed\n");
                return NULL;
        if (!m) {
                pb_log_fn("failed\n");
                return NULL;

diff --git a/ui/ncurses/nc-cui.h b/ui/ncurses/nc-cui.h
index 4997f4b5ff4734995f6c9b3ce03173026b0b97d9..d26883b1e47d08a3a07d86c39898096e72e208fd 100644 (file)
--- a/ui/ncurses/nc-cui.h
+++ b/ui/ncurses/nc-cui.h
@@ -107,6 +107,7 @@ void cui_send_reinit(struct cui *cui);
 void cui_abort(struct cui *cui);
 void cui_resize(struct cui *cui);
 void cui_on_exit(struct pmenu *menu);
 void cui_abort(struct cui *cui);
 void cui_resize(struct cui *cui);
 void cui_on_exit(struct pmenu *menu);

+void cui_abort_on_exit(struct pmenu *menu);

 void cui_on_open(struct pmenu *menu);
 int cui_run_cmd(struct cui *cui, const char **cmd_argv);
 int cui_run_cmd_from_item(struct pmenu_item *item);
 void cui_on_open(struct pmenu *menu);
 int cui_run_cmd(struct cui *cui, const char **cmd_argv);
 int cui_run_cmd_from_item(struct pmenu_item *item);