From 708103998b7005c51fd78fc5563e46dd93fee283 Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Sun, 10 Jul 2016 22:45:32 -0400 Subject: Try to restrict wheel user to only setting pins. This is a bit of social engineering, because at the moment he can easily drop out of config mode to get the full command set. It also doesn't restrict his use of RPC. --- projects/hsm/mgmt-cli.c | 23 +++++++++++++++-------- projects/hsm/mgmt-cli.h | 6 ++++++ projects/hsm/mgmt-keystore.c | 14 ++++++++++++-- 3 files changed, 33 insertions(+), 10 deletions(-) diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c index eeeaef5..514cdd1 100644 --- a/projects/hsm/mgmt-cli.c +++ b/projects/hsm/mgmt-cli.c @@ -195,7 +195,7 @@ static int embedded_cli_loop(struct cli_def *cli) } if (ctx.l < 0) - continue; + break; /* cli_print(cli, "Process command: '%s'", ctx.cmd); */ n = cli_loop_process_cmd(cli, &ctx); @@ -219,6 +219,8 @@ static void mgmt_cli_init(struct cli_def *cli) hal_user_t user; +static struct cli_def cli; + static int check_auth(const char *username, const char *password) { hal_client_handle_t client = { -1 }; @@ -233,25 +235,30 @@ static int check_auth(const char *username, const char *password) else user = HAL_USER_NONE; - if (hal_rpc_login(client, user, password, strlen(password)) == LIBHAL_OK) - return CLI_OK; + if (hal_rpc_login(client, user, password, strlen(password)) != LIBHAL_OK) { + user = HAL_USER_NONE; + return CLI_ERROR; + } - user = HAL_USER_NONE; - return CLI_ERROR; + /* set mode to 'config', so wheel can only set pins */ + if (user == HAL_USER_WHEEL) + cli_set_configmode(&cli, MODE_CONFIG, NULL); + + return CLI_OK; } int cli_main(void) { - static struct cli_def cli; - uart_sem = osSemaphoreCreate(osSemaphore(uart_sem), 0); mgmt_cli_init(&cli); cli_set_auth_callback(&cli, check_auth); + cli_unregister_command(&cli, "configure"); + + configure_cli_misc(&cli); configure_cli_show(&cli); configure_cli_fpga(&cli); - configure_cli_misc(&cli); configure_cli_firmware(&cli); configure_cli_bootloader(&cli); configure_cli_keystore(&cli); diff --git a/projects/hsm/mgmt-cli.h b/projects/hsm/mgmt-cli.h index c96dae6..35694aa 100644 --- a/projects/hsm/mgmt-cli.h +++ b/projects/hsm/mgmt-cli.h @@ -67,6 +67,12 @@ _cli_cmd_struct(name, name, cmd_##name, (char *) help); \ cli_register_command2(cli, &cmd_##name##_s, NULL) +#define cli_set_cmd_privilege(name, p) \ + cmd_##name##_s.privilege = p + +#define cli_set_cmd_mode(name, m) \ + cmd_##name##_s.mode = m + typedef enum { DMA_RX_STOP, diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c index 128ae4c..ee6d521 100644 --- a/projects/hsm/mgmt-keystore.c +++ b/projects/hsm/mgmt-keystore.c @@ -179,7 +179,7 @@ int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[], int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv[], int argc) { hal_error_t status; - int hint = 0; + int hint = -1; if (argc != 1) { cli_print(cli, "Wrong number of arguments (%i).", argc); @@ -191,7 +191,7 @@ int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv (uint8_t *) argv[0], strlen(argv[0]), &hint)) != LIBHAL_OK) { - cli_print(cli, "Failed deleting key: %s", hal_error_string(status)); + cli_print(cli, "Failed deleting key \"%s\": %s", argv[0], hal_error_string(status)); return CLI_ERROR; } @@ -358,4 +358,14 @@ void configure_cli_keystore(struct cli_def *cli) /* keystore show keys */ cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore"); + + cli_set_cmd_mode(keystore, MODE_ANY); + cli_set_cmd_mode(keystore_erase, MODE_ANY); + cli_set_cmd_mode(keystore_set, MODE_ANY); + cli_set_cmd_mode(keystore_set_pin, MODE_ANY); + cli_set_cmd_mode(keystore_set_pin_iterations, MODE_ANY); + cli_set_cmd_mode(keystore_clear, MODE_ANY); + cli_set_cmd_mode(keystore_clear_pin, MODE_ANY); + cli_set_cmd_mode(keystore_show, MODE_ANY); + cli_set_cmd_mode(keystore_show_keys, MODE_ANY); } -- cgit v1.2.3