discover/discover-server: Restrict clients based on uid If crypt support is enabled restrict what actions clients can perform by default. Initial authorisation is set at connection time; clients running as root are unrestricted, anything else runs as restricted until it makes an authentication to pb-discover. Unprivileged clients may only perform the following actions: - Boot the default boot option. - Cancel the autoboot timeout. - Make an authentication request. If a group named "petitgroup" exists then the socket permissions are also modified so that only clients running as root or in that group may connect to the socket. The user-event socket is only usable by root since the two main usecases are by utilities called by pb-discover or by a user in the shell who will need to su to root anyway. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/pb-discover: #include <locale.h> for musl libc Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Add debug flag to config This change adds a debug flag to the config, and groups it under not-user-modifiable parts of struct config. This means we no longer need the pb-sysinfo helper, as the last remaining function (--debug-enabled) can be implemented with pb-config. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: Add setlocale calls in discover server We want the discover server to respect the configured language, so we'll need to add appropriate setlocale() calls. We use the config->lang setting to use any previously-saved language. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover,ui: fix checks for debug option We need to check for equality with opt_yes, not just check for non-zero. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
log: Allow runtime selection of 'debug' log level Currently, we need to compile with -DDEBUG to implement debug-level logging in the UIs and discover server. Since we may not be able to easily replace a system's petitboot binaries, this change introduces a -v|--verbose option to the discver server and ncurses UI, which enables debug at runtime. We also move some of the udev debug code out of an #ifdef DEBUG block. Since petitboot is generally started on boot, we also add a little infrastructure to pass -v to petitboot on certain system contitions: either petitboot.debug on the kernel command line, or a petitboot,debug? NVRAM property containing the value 'true'. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: move device sources to the device handler Currently, the pb-discover main() function initialises the device handler and the device sources. We want to eventually be able to re-init the device sources, which will be initiated by the handler. In this case, the handler will need references to the sources. This change moves the creation of the device sources to be internal to the handler. This way, the device handler gets a reference to everything, without having to pass pointers around in main(). We also remove the _destroy functions, as we handle everything through talloc destructors, as all sources are parented to the handler. We also change user_event_init and udev_init to take the handler as the first ('context') argument, to make them consistent with network_init. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
pb-config: Move config storage modules to "platform" modules in discover code There's no need to include the config storage code in lib/ as only the discover server should be using it. This change moves the config-storage code to discover/, with the platform-specific parts moved to a 'struct platform'. Each platform has a probe function, which is called during init. The first probe function to return a platform is used. At present we only have the one platform, but it's now non-intrusive to add others. We keep an array of platform pointers in a separate ("platforms") section, to allow the test module to drop-in its own test "platform". Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: Bring down configured interfaces on discover server exit. We want to down the interfaces that we brought up, so hook up the network_shutdown function to the discover exit path. Also, we only want to down interfaces that we've configured, and exclude lo. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: cleanup allocated data We have a few allocations hanging around at the end of pb-discover; free them. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Add system info messages Add a little infrastructure for communicating information about the system to the petitboot UIs. We just send some identifying info (type and identifier), as well as the interfaces. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: Don't call config_set_autoboot before config_init Change f611bde3 shifted the config_init until after process_init, as we need to run processes during config init. We also needed to move the config_set_autoboot invocation too. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: register network devices with the device handler We'd like to correlate incoming network boot options with a device, so register the interface with the device hander. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: Remove unnecessary event passing Currently, we pass "events" between the udev, user-event and device-handler layers. These events all get sent through device_handler_event, then de-multiplexed to an appropriate handler, depending on their source. Instead, just export relevant device_handler functions, and have the (old) event sources call these functions directly. This also means we can include a lot more of the device hander code in the parser tests. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
lib/log: Cleanup log API Rather than exposing log internals (through always_flush and set_stream), do all logging init through pb_log_init(). If pb_log_init() hasn't been called, pb_log will drop messages. Also, add a pb_debug() function, specifically for debugging information. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
lib/process: Add dry_run argument to process_init Implement dry-run behaviour on the discover server by passing a bool to process_init. UIs don't need to support dry runs. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
lib/process: replace pb_run_cmd_pipe Replace pb_run_cmd_pipe with process_create / process_run_sync. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: remove unused user_event_trigger Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
lib/waiter: remove waitset_destroy We can rely on the ctx free to destroy the waitset. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover: Hookup --no-autoboot to config Add new routine config_set_autoboot(), and use it to set the --no-autoboot option. Signed-off-by: Geoff Levand <geoff@infradead.org>