[PATCH] ui/ncurses: in lockdown ensure system reboot in ncurses menu exit

Brett Grandbois brett.grandbois at opengear.com
Mon Aug 27 08:17:20 AEST 2018


In a lockdown situation in the ncurses menu there is a switch to replace
the 'Exit to shell' option with 'Reboot', so the intent seems to be to
not allow the user the option to exit to shell in a lockdown situation.
However the associated foreced reboot logic is in the process atexit so
is only triggered when completely exiting the menu system.  The default
menu item logic to exit to shell is still in place though so the menu
exit never occurs and shell access is still available.
Add a switch to a different menu exit callback to force a menu abort
using the same mechanism as a signal in lockdown situations so the shell
can never be entered.  This also affects the 'x' or esc shortcut keys.

Signed-off-by: Brett Grandbois <brett.grandbois at opengear.com>
---
 ui/ncurses/nc-cui.c | 13 ++++++++++++-
 ui/ncurses/nc-cui.h |  1 +
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
index 3abeac3..d3e00aa 100644
--- a/ui/ncurses/nc-cui.c
+++ b/ui/ncurses/nc-cui.c
@@ -219,6 +219,17 @@ void cui_on_exit(struct pmenu *menu)
 	talloc_free(sh_cmd);
 }
 
+/**
+ * cui_abort_on_exit - Force an exit of the main loop on menu exit.
+ *                     This is mainly for lockdown situations where
+ *                     the exit then triggers an expected reboot.
+ */
+void cui_abort_on_exit(struct pmenu *menu)
+{
+	struct cui *cui = cui_from_pmenu(menu);
+	cui->abort = 1;
+}
+
 /**
  * cui_run_cmd - A generic cb to run the supplied command.
  */
@@ -1298,7 +1309,7 @@ static struct pmenu *main_menu_init(struct cui *cui)
 	int result;
 	bool lockdown = lockdown_active();
 
-	m = pmenu_init(cui, 9, cui_on_exit);
+	m = pmenu_init(cui, 9, lockdown ? cui_abort_on_exit : cui_on_exit);
 	if (!m) {
 		pb_log_fn("failed\n");
 		return NULL;
diff --git a/ui/ncurses/nc-cui.h b/ui/ncurses/nc-cui.h
index 4997f4b..d26883b 100644
--- a/ui/ncurses/nc-cui.h
+++ b/ui/ncurses/nc-cui.h
@@ -107,6 +107,7 @@ void cui_send_reinit(struct cui *cui);
 void cui_abort(struct cui *cui);
 void cui_resize(struct cui *cui);
 void cui_on_exit(struct pmenu *menu);
+void cui_abort_on_exit(struct pmenu *menu);
 void cui_on_open(struct pmenu *menu);
 int cui_run_cmd(struct cui *cui, const char **cmd_argv);
 int cui_run_cmd_from_item(struct pmenu_item *item);
-- 
2.17.1



More information about the Petitboot mailing list