[PATCH v2 11/13] ui/common: Client authentication helpers

Samuel Mendoza-Jonas sam at mendozajonas.com
Wed Nov 28 15:20:10 AEDT 2018


Track the client's authentication status and provide methods for the
client to send authentication requests to the server.

Signed-off-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>
---
 ui/common/discover-client.c | 81 +++++++++++++++++++++++++++++++++++++
 ui/common/discover-client.h | 12 ++++++
 2 files changed, 93 insertions(+)

diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c
index d9414976..e7dfb831 100644
--- a/ui/common/discover-client.c
+++ b/ui/common/discover-client.c
@@ -1,4 +1,8 @@
 
+#if defined(HAVE_CONFIG_H)
+#include "config.h"
+#endif
+
 #include <assert.h>
 #include <errno.h>
 #include <unistd.h>
@@ -22,6 +26,7 @@ struct discover_client {
 	struct discover_client_ops ops;
 	int n_devices;
 	struct device **devices;
+	bool authenticated;
 };
 
 static int discover_client_destructor(void *arg)
@@ -171,6 +176,7 @@ static int discover_client_process(void *arg)
 {
 	struct discover_client *client = arg;
 	struct pb_protocol_message *message;
+	struct auth_message *auth_msg;
 	struct plugin_option *p_opt;
 	struct system_info *sysinfo;
 	struct boot_option *opt;
@@ -266,6 +272,20 @@ static int discover_client_process(void *arg)
 	case PB_PROTOCOL_ACTION_PLUGINS_REMOVE:
 		plugins_remove(client);
 		break;
+	case PB_PROTOCOL_ACTION_AUTHENTICATE:
+		auth_msg = talloc_zero(ctx, struct auth_message);
+
+		rc = pb_protocol_deserialise_authenticate(auth_msg, message);
+		if (rc || auth_msg->op != AUTH_MSG_RESPONSE) {
+			pb_log("%s: invalid auth message? (%d)\n",
+					__func__, rc);
+			goto out;
+		}
+
+		pb_log("Client %sauthenticated by server\n",
+				client->authenticated ? "" : "un");
+		client->authenticated = auth_msg->authenticated;
+		break;
 	default:
 		pb_log_fn("unknown action %d\n", message->action);
 	}
@@ -311,6 +331,13 @@ struct discover_client* discover_client_init(struct waitset *waitset,
 	waiter_register_io(waitset, client->fd, WAIT_IN,
 			discover_client_process, client);
 
+	/* Assume this client can't make changes if crypt support is enabled */
+#ifdef CRYPT_SUPPORT
+	client->authenticated = false;
+#else
+	client->authenticated = true;
+#endif
+
 	return client;
 
 out_err:
@@ -333,6 +360,11 @@ struct device *discover_client_get_device(struct discover_client *client,
 	return client->devices[index];
 }
 
+bool discover_client_authenticated(struct discover_client *client)
+{
+	return client->authenticated;
+}
+
 static void create_boot_command(struct boot_command *command,
 		const struct device *device __attribute__((unused)),
 		const struct boot_option *boot_option,
@@ -471,3 +503,52 @@ int discover_client_send_temp_autoboot(struct discover_client *client,
 
 	return pb_protocol_write_message(client->fd, message);
 }
+
+int discover_client_send_authenticate(struct discover_client *client,
+		char *password)
+{
+	struct pb_protocol_message *message;
+	struct auth_message auth_msg;
+	int len;
+
+	auth_msg.op = AUTH_MSG_REQUEST;
+	auth_msg.password = password;
+
+	len = pb_protocol_authenticate_len(&auth_msg);
+
+	message = pb_protocol_create_message(client,
+				PB_PROTOCOL_ACTION_AUTHENTICATE, len);
+	if (!message)
+		return -1;
+
+	pb_log("serialising auth message..\n");
+	pb_protocol_serialise_authenticate(&auth_msg, message->payload, len);
+
+	pb_log("sending auth message..\n");
+	return pb_protocol_write_message(client->fd, message);
+}
+
+int discover_client_send_set_password(struct discover_client *client,
+		char *password, char *new_password)
+{
+	struct pb_protocol_message *message;
+	struct auth_message auth_msg;
+	int len;
+
+	auth_msg.op = AUTH_MSG_SET;
+	auth_msg.set_password.password = password;
+	auth_msg.set_password.new_password = new_password;
+
+	len = pb_protocol_authenticate_len(&auth_msg);
+
+	message = pb_protocol_create_message(client,
+				PB_PROTOCOL_ACTION_AUTHENTICATE, len);
+	if (!message)
+		return -1;
+
+	pb_log("serialising auth message..\n");
+	pb_protocol_serialise_authenticate(&auth_msg, message->payload, len);
+
+	pb_log("sending auth message..\n");
+	return pb_protocol_write_message(client->fd, message);
+}
diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h
index 2a2ea288..9b56dcb7 100644
--- a/ui/common/discover-client.h
+++ b/ui/common/discover-client.h
@@ -71,6 +71,12 @@ int discover_client_device_count(struct discover_client *client);
 struct device *discover_client_get_device(struct discover_client *client,
 		int index);
 
+/**
+ * Get the client's authentication status. This is only useful if Petitboot
+ * has been built with crypt support.
+ */
+bool discover_client_authenticated(struct discover_client *client);
+
 /* Tell the discover server to boot an image
  * @param client A pointer to the discover client
  * @param boot_command The command to boot
@@ -101,6 +107,12 @@ int discover_client_send_url(struct discover_client *client, char *url);
 /* Send plugin file path to discover server to install */
 int discover_client_send_plugin_install(struct discover_client *client,
 		char *file);
+/* Authenticate with pb-discover to allow modification */
+int discover_client_send_authenticate(struct discover_client *client,
+		char *password);
+/* Set a new system password, authenticating with the current password */
+int discover_client_send_set_password(struct discover_client *client,
+		char *password, char *new_password);
 
 /* send a temporary autoboot override */
 int discover_client_send_temp_autoboot(struct discover_client *client,
-- 
2.19.1



More information about the Petitboot mailing list