From 9011b958364f2af965a33681e7375f079ba75d02 Mon Sep 17 00:00:00 2001 From: Samuel Mendoza-Jonas Date: Wed, 20 Jun 2018 10:45:41 +1000 Subject: [PATCH] ui/common: Client authentication helpers Track the client's authentication status and provide methods for the client to send authentication requests to the server. Signed-off-by: Samuel Mendoza-Jonas --- ui/common/discover-client.c | 81 +++++++++++++++++++++++++++++++++++++ ui/common/discover-client.h | 12 ++++++ 2 files changed, 93 insertions(+) diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index d941497..e7dfb83 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -1,4 +1,8 @@ +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + #include #include #include @@ -22,6 +26,7 @@ struct discover_client { struct discover_client_ops ops; int n_devices; struct device **devices; + bool authenticated; }; static int discover_client_destructor(void *arg) @@ -171,6 +176,7 @@ static int discover_client_process(void *arg) { struct discover_client *client = arg; struct pb_protocol_message *message; + struct auth_message *auth_msg; struct plugin_option *p_opt; struct system_info *sysinfo; struct boot_option *opt; @@ -266,6 +272,20 @@ static int discover_client_process(void *arg) case PB_PROTOCOL_ACTION_PLUGINS_REMOVE: plugins_remove(client); break; + case PB_PROTOCOL_ACTION_AUTHENTICATE: + auth_msg = talloc_zero(ctx, struct auth_message); + + rc = pb_protocol_deserialise_authenticate(auth_msg, message); + if (rc || auth_msg->op != AUTH_MSG_RESPONSE) { + pb_log("%s: invalid auth message? (%d)\n", + __func__, rc); + goto out; + } + + pb_log("Client %sauthenticated by server\n", + client->authenticated ? "" : "un"); + client->authenticated = auth_msg->authenticated; + break; default: pb_log_fn("unknown action %d\n", message->action); } @@ -311,6 +331,13 @@ struct discover_client* discover_client_init(struct waitset *waitset, waiter_register_io(waitset, client->fd, WAIT_IN, discover_client_process, client); + /* Assume this client can't make changes if crypt support is enabled */ +#ifdef CRYPT_SUPPORT + client->authenticated = false; +#else + client->authenticated = true; +#endif + return client; out_err: @@ -333,6 +360,11 @@ struct device *discover_client_get_device(struct discover_client *client, return client->devices[index]; } +bool discover_client_authenticated(struct discover_client *client) +{ + return client->authenticated; +} + static void create_boot_command(struct boot_command *command, const struct device *device __attribute__((unused)), const struct boot_option *boot_option, @@ -471,3 +503,52 @@ int discover_client_send_temp_autoboot(struct discover_client *client, return pb_protocol_write_message(client->fd, message); } + +int discover_client_send_authenticate(struct discover_client *client, + char *password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_REQUEST; + auth_msg.password = password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} + +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_SET; + auth_msg.set_password.password = password; + auth_msg.set_password.new_password = new_password; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 2a2ea28..9b56dcb 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -71,6 +71,12 @@ int discover_client_device_count(struct discover_client *client); struct device *discover_client_get_device(struct discover_client *client, int index); +/** + * Get the client's authentication status. This is only useful if Petitboot + * has been built with crypt support. + */ +bool discover_client_authenticated(struct discover_client *client); + /* Tell the discover server to boot an image * @param client A pointer to the discover client * @param boot_command The command to boot @@ -101,6 +107,12 @@ int discover_client_send_url(struct discover_client *client, char *url); /* Send plugin file path to discover server to install */ int discover_client_send_plugin_install(struct discover_client *client, char *file); +/* Authenticate with pb-discover to allow modification */ +int discover_client_send_authenticate(struct discover_client *client, + char *password); +/* Set a new system password, authenticating with the current password */ +int discover_client_send_set_password(struct discover_client *client, + char *password, char *new_password); /* send a temporary autoboot override */ int discover_client_send_temp_autoboot(struct discover_client *client, -- 2.39.2