[PATCH] ui/ncurses: in lockdown ensure system reboot in ncurses menu exit

Samuel Mendoza-Jonas sam at mendozajonas.com
Tue Aug 28 17:02:31 AEST 2018 

On Mon, 2018-08-27 at 08:17 +1000, Brett Grandbois wrote:
> In a lockdown situation in the ncurses menu there is a switch to replace
> the 'Exit to shell' option with 'Reboot', so the intent seems to be to
> not allow the user the option to exit to shell in a lockdown situation.
> However the associated foreced reboot logic is in the process atexit so
> is only triggered when completely exiting the menu system.  The default
> menu item logic to exit to shell is still in place though so the menu
> exit never occurs and shell access is still available.
> Add a switch to a different menu exit callback to force a menu abort
> using the same mechanism as a signal in lockdown situations so the shell
> can never be entered.  This also affects the 'x' or esc shortcut keys.
> 
> Signed-off-by: Brett Grandbois <brett.grandbois at opengear.com>
> ---
>  ui/ncurses/nc-cui.c | 13 ++++++++++++-
>  ui/ncurses/nc-cui.h |  1 +
>  2 files changed, 13 insertions(+), 1 deletion(-)

Thanks, merged as c4be9490.

> 
> diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
> index 3abeac3..d3e00aa 100644
> --- a/ui/ncurses/nc-cui.c
> +++ b/ui/ncurses/nc-cui.c
> @@ -219,6 +219,17 @@ void cui_on_exit(struct pmenu *menu)
>  	talloc_free(sh_cmd);
>  }
>  
> +/**
> + * cui_abort_on_exit - Force an exit of the main loop on menu exit.
> + *                     This is mainly for lockdown situations where
> + *                     the exit then triggers an expected reboot.
> + */
> +void cui_abort_on_exit(struct pmenu *menu)
> +{
> +	struct cui *cui = cui_from_pmenu(menu);
> +	cui->abort = 1;
> +}
> +
>  /**
>   * cui_run_cmd - A generic cb to run the supplied command.
>   */
> @@ -1298,7 +1309,7 @@ static struct pmenu *main_menu_init(struct cui *cui)
>  	int result;
>  	bool lockdown = lockdown_active();
>  
> -	m = pmenu_init(cui, 9, cui_on_exit);
> +	m = pmenu_init(cui, 9, lockdown ? cui_abort_on_exit : cui_on_exit);
>  	if (!m) {
>  		pb_log_fn("failed\n");
>  		return NULL;
> diff --git a/ui/ncurses/nc-cui.h b/ui/ncurses/nc-cui.h
> index 4997f4b..d26883b 100644
> --- a/ui/ncurses/nc-cui.h
> +++ b/ui/ncurses/nc-cui.h
> @@ -107,6 +107,7 @@ void cui_send_reinit(struct cui *cui);
>  void cui_abort(struct cui *cui);
>  void cui_resize(struct cui *cui);
>  void cui_on_exit(struct pmenu *menu);
> +void cui_abort_on_exit(struct pmenu *menu);
>  void cui_on_open(struct pmenu *menu);
>  int cui_run_cmd(struct cui *cui, const char **cmd_argv);
>  int cui_run_cmd_from_item(struct pmenu_item *item);

More information about the Petitboot mailing list