Disable shell access when lockdown is active

This patch disables direct command line access when the /etc/pb-lockdown
file is present.

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
index 09b63b053f25638176b1837332b88dab387be110..c2f1c83f1c406bcd698c9b9f782da25b431f3800 100644 (file)
--- a/ui/ncurses/nc-cui.c
+++ b/ui/ncurses/nc-cui.c
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/ioctl.h>
+#include <sys/reboot.h>
 
 #include "log/log.h"
 #include "pb-protocol/pb-protocol.h"
@@ -47,6 +48,14 @@ extern const struct help_text main_menu_help_text;
 
 static struct pmenu *main_menu_init(struct cui *cui);
 
+static bool lockdown_active(void)
+{
+       bool lockdown = false;
+       if (access(LOCKDOWN_FILE, F_OK) != -1)
+               lockdown = true;
+       return lockdown;
+}
+
 static void cui_start(void)
 {
        initscr();                      /* Initialize ncurses. */
@@ -94,6 +103,13 @@ static void cui_atexit(void)
        clear();
        refresh();
        endwin();
+
+       bool lockdown = lockdown_active();
+
+       while (lockdown) {
+               sync();
+               reboot(RB_AUTOBOOT);
+       }
 }
 
 /**
@@ -826,6 +842,7 @@ static struct pmenu *main_menu_init(struct cui *cui)
        struct pmenu_item *i;
        struct pmenu *m;
        int result;
+       bool lockdown = lockdown_active();
 
        m = pmenu_init(cui, 7, cui_on_exit);
        if (!m) {
@@ -869,7 +886,10 @@ static struct pmenu *main_menu_init(struct cui *cui)
        i->on_execute = menu_add_url_execute;
        pmenu_item_insert(m, i, 5);
 
-       i = pmenu_item_create(m, _("Exit to shell"));
+       if (lockdown)
+               i = pmenu_item_create(m, _("Reboot"));
+       else
+               i = pmenu_item_create(m, _("Exit to shell"));
        i->on_execute = pmenu_exit_cb;
        pmenu_item_insert(m, i, 6);