| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Missing the fstream include is causing build errors that block the
upstream sync, so adding it to fix the build.
Tested:
Confirmed that it builds.
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>
|
|
Change the default behavior of mount/umount dbus calls from blocking to
unblocking ones.
Once mount/unmount is triggered, appropriate action is running in the
background moving handling of operation result to async event. At the
end of processing dbus completion signal is sent to client with uint
value of operation status (identical with errno code).
Tested:
Manual scheduling of mount and unmount operations with monitoring dbus
communication of virtual-media service - matching api calls with
completion signal.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Due to requirements from community, new projects have to be built with
meson.
To unify with other projects some additional warnings has been enabled,
so appropriate code updates has been implemented.
This commit makes both meson and CMake available to simplyfy transition
in openbmc. CMake support will be removed after switching to meson in
openbmc will be accepted.
Tested:
Compiled and smoke tested.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
In the mechanism of passing the password to client application a file
with password is used. Until now, the file has been created with use of
unsecure tmpnam function, which can be a subject of TOCTOU vulnerability.
Changing tmpnam to mkstemp required some changes in the
flow (std::fstream can't reuse file descriptor of opened file,
appropriate file permissions are set by mkstemp).
Tested:
Manually. Password is passed to nbdkit, temporary file permissions are the same as
before.
Change-Id: Icdd1719cafa08946d5b06414a0db7fa4714cb7ee
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Providing comma (,) in username can lead to inject some unappropriate
mount options. In opposite to password, username is not escaped by
kernel driver so we have to disallow such entries.
Tested:
Manually mounting CIFS share with comma
Change-Id: I20ff5089d04f07d7e6aa3190fe83babdd7acfe96
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Mount function consumes mount parameters as coma delimited options. In
order to make it resistant to classic parameter injection each comma in
username or password parameter that user provides is escaped by second
comma character. This fix appiles such escaping for samba credentials.
Tested:
Tested by inserting media with password=smbpass,ver=1.0. Kernel does
not mount share, showing error appropriate to incorrect credentials:
intel-obmc kernel: CIFS: Status code returned 0xc000006d \
STATUS_LOGON_FAILURE
Change-Id: I3acb24a4b24e798e54e095c69e9c6ec3151e03d1
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
- Previously machine did not handle AnyEvent correctly,
implementation in BaseState was always run
- Changing from ActiveState to ReadyState was bugged,
previously only one of event SubprocessStopped or UdevNotification
caused state change when it is required to wait for both
- Introduced longer timer when waiting for ReadyState during Eject and
ActiveState during Inject, because ndbkit can timeout during Eject and
it is required to complete before next inject can success.
- Added event notification when process is terminated
- Added resourcess classes to handle deletion and notifications
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
Change-Id: Ie914e650c2f15bd73cdc87582ea77a94997a3472
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
|
|
- Flushing file content before deleting it
TESTED: Tested manually, no regression detected.
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Change-Id: Id48ebb6edbb2c0f0fbf930c2be9a63dd1034b7cc
|
|
This change introduces new 'Mount' API argument - UNIX_FD for named pipe.
This named pipe is utilized to securely send secret data over D-Bus.
Currently data consists of null-terminated char buffers with username and
password.
Data on receiving side is encapsulated into classes whose role is to:
- keep secret as short-lived as possible
- erase secret from memory when it's not needed
- pass secrets (and format them) to another secure container with above
capabilities
New classes:
- Credentials: is a class encapsulating login and password. It zeroes them
at destruction.
- CredentialProvider: contains Credentials, specifies SecureBuffer, allows
to store credentials in SecureBuffer
- SecureBuffer: char vector which zeroes itself at destruction,
used to provision secret data
- VolatileFile: class creating temporary file with 'owner-only' permissions
in /tmp; at destruction overwrites it's contents with '*' and removes it
New behavior:
- when UNIX_FD is provided over D-Bus it's treated as open unix pipe. Data
is read from this pipe and stored securely into CredentialsProvider
- credentials are stored in applications inside CredentialsProvider object,
encapsulated by unique_ptr for as long as it's needed
- strings containing secrets are zeroed immediately after use
- VolatileFile is used to securely pass credentials to nbdkit curl plugin
instead of command line parameters.
Tested:
Manual and automated tests on WilsonCity platform:
- positive and negative tests for authentication on both CIFS and HTTPS
resources
- error injection (ill-formed data transfered over pipe, pipe broken etc.)
Change-Id: I608ae0380b8ad57110bc0939f71eb48604e7dc99
Signed-off-by: Adrian Ambrożewicz <adrian.ambrozewicz@linux.intel.com>
Signed-off-by: Agata Olender <agata.olender@intel.com>
|
