From 2598090b7e17f8bdca95b22e7f27217054730e02 Mon Sep 17 00:00:00 2001 From: Joe Hershberger Date: Tue, 11 Dec 2012 22:16:31 -0600 Subject: env: Add environment variable flags Currently just validates variable types as decimal, hexidecimal, boolean, ip address, and mac address. If the entry is not found in the env ".flags", then look in the static one. This allows the env to override the static definitions, but prevents the need to have every definition in the environment distracting you. Signed-off-by: Joe Hershberger --- common/env_flags.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 319 insertions(+) create mode 100644 common/env_flags.c (limited to 'common/env_flags.c') diff --git a/common/env_flags.c b/common/env_flags.c new file mode 100644 index 0000000000..a58d614bb3 --- /dev/null +++ b/common/env_flags.c @@ -0,0 +1,319 @@ +/* + * (C) Copyright 2012 + * Joe Hershberger, National Instruments, joe.hershberger@ni.com + * + * See file CREDITS for list of people who contributed to this + * project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + */ + +#include +#include + +#include +#include + +#ifdef CONFIG_CMD_NET +#define ENV_FLAGS_NET_VARTYPE_REPS "im" +#else +#define ENV_FLAGS_NET_VARTYPE_REPS "" +#endif + +static const char env_flags_vartype_rep[] = "sdxb" ENV_FLAGS_NET_VARTYPE_REPS; + +/* + * Parse the flags string from a .flags attribute list into the vartype enum. + */ +enum env_flags_vartype env_flags_parse_vartype(const char *flags) +{ + char *type; + + if (strlen(flags) <= ENV_FLAGS_VARTYPE_LOC) + return env_flags_vartype_string; + + type = strchr(env_flags_vartype_rep, + flags[ENV_FLAGS_VARTYPE_LOC]); + + if (type != NULL) + return (enum env_flags_vartype) + (type - &env_flags_vartype_rep[0]); + + printf("## Warning: Unknown environment variable type '%c'\n", + flags[ENV_FLAGS_VARTYPE_LOC]); + return env_flags_vartype_string; +} + +static inline int is_hex_prefix(const char *value) +{ + return value[0] == '0' && (value[1] == 'x' || value[1] == 'X'); +} + +static void skip_num(int hex, const char *value, const char **end, + int max_digits) +{ + int i; + + if (hex && is_hex_prefix(value)) + value += 2; + + for (i = max_digits; i != 0; i--) { + if (hex && !isxdigit(*value)) + break; + if (!hex && !isdigit(*value)) + break; + value++; + } + if (end != NULL) + *end = value; +} + +/* + * Based on the declared type enum, validate that the value string complies + * with that format + */ +static int _env_flags_validate_type(const char *value, + enum env_flags_vartype type) +{ + const char *end; +#ifdef CONFIG_CMD_NET + const char *cur; + int i; +#endif + + switch (type) { + case env_flags_vartype_string: + break; + case env_flags_vartype_decimal: + skip_num(0, value, &end, -1); + if (*end != '\0') + return -1; + break; + case env_flags_vartype_hex: + skip_num(1, value, &end, -1); + if (*end != '\0') + return -1; + if (value + 2 == end && is_hex_prefix(value)) + return -1; + break; + case env_flags_vartype_bool: + if (value[0] != '1' && value[0] != 'y' && value[0] != 't' && + value[0] != 'Y' && value[0] != 'T' && + value[0] != '0' && value[0] != 'n' && value[0] != 'f' && + value[0] != 'N' && value[0] != 'F') + return -1; + if (value[1] != '\0') + return -1; + break; +#ifdef CONFIG_CMD_NET + case env_flags_vartype_ipaddr: + cur = value; + for (i = 0; i < 4; i++) { + skip_num(0, cur, &end, 3); + if (cur == end) + return -1; + if (i != 3 && *end != '.') + return -1; + if (i == 3 && *end != '\0') + return -1; + cur = end + 1; + } + break; + case env_flags_vartype_macaddr: + cur = value; + for (i = 0; i < 6; i++) { + skip_num(1, cur, &end, 2); + if (cur == end) + return -1; + if (cur + 2 == end && is_hex_prefix(cur)) + return -1; + if (i != 5 && *end != ':') + return -1; + if (i == 5 && *end != '\0') + return -1; + cur = end + 1; + } + break; +#endif + case env_flags_vartype_end: + return -1; + } + + /* OK */ + return 0; +} + +/* + * Look for flags in a provided list and failing that the static list + */ +static inline int env_flags_lookup(const char *flags_list, const char *name, + char *flags) +{ + int ret = 1; + + if (!flags) + /* bad parameter */ + return -1; + + /* try the env first */ + if (flags_list) + ret = env_attr_lookup(flags_list, name, flags); + + if (ret != 0) + /* if not found in the env, look in the static list */ + ret = env_attr_lookup(ENV_FLAGS_LIST_STATIC, name, flags); + + return ret; +} + +/* + * Parse the flag charachters from the .flags attribute list into the binary + * form to be stored in the environment entry->flags field. + */ +static int env_parse_flags_to_bin(const char *flags) +{ + return env_flags_parse_vartype(flags) & ENV_FLAGS_VARTYPE_BIN_MASK; +} + +/* + * Look for possible flags for a newly added variable + * This is called specifically when the variable did not exist in the hash + * previously, so the blanket update did not find this variable. + */ +void env_flags_init(ENTRY *var_entry) +{ + const char *var_name = var_entry->key; + const char *flags_list = getenv(ENV_FLAGS_VAR); + char flags[ENV_FLAGS_ATTR_MAX_LEN + 1] = ""; + int ret = 1; + + /* look in the ".flags" and static for a reference to this variable */ + ret = env_flags_lookup(flags_list, var_name, flags); + + /* if any flags were found, set the binary form to the entry */ + if (!ret && strlen(flags)) + var_entry->flags = env_parse_flags_to_bin(flags); +} + +/* + * Called on each existing env var prior to the blanket update since removing + * a flag in the flag list should remove its flags. + */ +static int clear_flags(ENTRY *entry) +{ + entry->flags = 0; + + return 0; +} + +/* + * Call for each element in the list that defines flags for a variable + */ +static int set_flags(const char *name, const char *value) +{ + ENTRY e, *ep; + + e.key = name; + e.data = NULL; + hsearch_r(e, FIND, &ep, &env_htab, 0); + + /* does the env variable actually exist? */ + if (ep != NULL) { + /* the flag list is empty, so clear the flags */ + if (value == NULL || strlen(value) == 0) + ep->flags = 0; + else + /* assign the requested flags */ + ep->flags = env_parse_flags_to_bin(value); + } + + return 0; +} + +static int on_flags(const char *name, const char *value, enum env_op op, + int flags) +{ + /* remove all flags */ + hwalk_r(&env_htab, clear_flags); + + /* configure any static flags */ + env_attr_walk(ENV_FLAGS_LIST_STATIC, set_flags); + /* configure any dynamic flags */ + env_attr_walk(value, set_flags); + + return 0; +} +U_BOOT_ENV_CALLBACK(flags, on_flags); + +/* + * Perform consistency checking before creating, overwriting, or deleting an + * environment variable. Called as a callback function by hsearch_r() and + * hdelete_r(). Returns 0 in case of success, 1 in case of failure. + * When (flag & H_FORCE) is set, do not print out any error message and force + * overwriting of write-once variables. + */ + +int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, + int flag) +{ + const char *name; +#if !defined(CONFIG_ENV_OVERWRITE) && defined(CONFIG_OVERWRITE_ETHADDR_ONCE) \ +&& defined(CONFIG_ETHADDR) + const char *oldval = NULL; + + if (op != env_op_create) + oldval = item->data; +#endif + + name = item->key; + + /* Default value for NULL to protect string-manipulating functions */ + newval = newval ? : ""; + +#ifndef CONFIG_ENV_OVERWRITE + /* + * Some variables like "ethaddr" and "serial#" can be set only once and + * cannot be deleted, unless CONFIG_ENV_OVERWRITE is defined. + */ + if (op != env_op_create && /* variable exists */ + (flag & H_FORCE) == 0) { /* and we are not forced */ + if (strcmp(name, "serial#") == 0 || + (strcmp(name, "ethaddr") == 0 +#if defined(CONFIG_OVERWRITE_ETHADDR_ONCE) && defined(CONFIG_ETHADDR) + && strcmp(oldval, __stringify(CONFIG_ETHADDR)) != 0 +#endif /* CONFIG_OVERWRITE_ETHADDR_ONCE && CONFIG_ETHADDR */ + )) { + printf("Can't overwrite \"%s\"\n", name); + return 1; + } + } +#endif + + /* validate the value to match the variable type */ + if (op != env_op_delete) { + enum env_flags_vartype type = (enum env_flags_vartype) + (ENV_FLAGS_VARTYPE_BIN_MASK & item->flags); + + if (_env_flags_validate_type(newval, type) < 0) { + printf("## Error: flags type check failure for " + "\"%s\" <= \"%s\" (type: %c)\n", + name, newval, env_flags_vartype_rep[type]); + return -1; + } + } + + return 0; +} -- cgit v1.2.3 From 30fd4fadb319d7c6d43d949e2d30ffaea46a60cf Mon Sep 17 00:00:00 2001 From: Joe Hershberger Date: Tue, 11 Dec 2012 22:16:32 -0600 Subject: tools/env: Add environment variable flags support Currently just validates variable types as decimal, hexidecimal, boolean, ip address, and mac address. Call env_acl_validate_setenv_params() from setenv() in fw_env.c. If the entry is not found in the env .flags, then look in the static one. This allows the env to override the static definitions, but prevents the need to have every definition in the environment distracting you. Need to build in _ctype for isdigit for Linux. Signed-off-by: Joe Hershberger --- common/env_attr.c | 7 +++++ common/env_flags.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++ include/env_flags.h | 19 ++++++++++++++ tools/env/Makefile | 3 +++ tools/env/fw_env.c | 9 +++++++ 5 files changed, 113 insertions(+) (limited to 'common/env_flags.c') diff --git a/common/env_attr.c b/common/env_attr.c index 7d330a58bb..210c98dcfd 100644 --- a/common/env_attr.c +++ b/common/env_attr.c @@ -21,7 +21,14 @@ * MA 02111-1307 USA */ +#ifdef USE_HOSTCC /* Eliminate "ANSI does not permit..." warnings */ +#include +#include +#include +#else #include +#endif + #include #include #include diff --git a/common/env_flags.c b/common/env_flags.c index a58d614bb3..ed0857cf9e 100644 --- a/common/env_flags.c +++ b/common/env_flags.c @@ -24,8 +24,17 @@ #include #include +#ifdef USE_HOSTCC /* Eliminate "ANSI does not permit..." warnings */ +#include +#include +#include "fw_env.h" +#include +#include +#define getenv fw_getenv +#else #include #include +#endif #ifdef CONFIG_CMD_NET #define ENV_FLAGS_NET_VARTYPE_REPS "im" @@ -179,6 +188,70 @@ static inline int env_flags_lookup(const char *flags_list, const char *name, return ret; } +#ifdef USE_HOSTCC /* Functions only used from tools/env */ +/* + * Look up any flags directly from the .flags variable and the static list + * and convert them to the vartype enum. + */ +enum env_flags_vartype env_flags_get_type(const char *name) +{ + const char *flags_list = getenv(ENV_FLAGS_VAR); + char flags[ENV_FLAGS_ATTR_MAX_LEN + 1]; + + if (env_flags_lookup(flags_list, name, flags)) + return env_flags_vartype_string; + + if (strlen(flags) <= ENV_FLAGS_VARTYPE_LOC) + return env_flags_vartype_string; + + return env_flags_parse_vartype(flags); +} + +/* + * Validate that the proposed new value for "name" is valid according to the + * defined flags for that variable, if any. + */ +int env_flags_validate_type(const char *name, const char *value) +{ + enum env_flags_vartype type; + + if (value == NULL) + return 0; + type = env_flags_get_type(name); + if (_env_flags_validate_type(value, type) < 0) { + printf("## Error: flags type check failure for " + "\"%s\" <= \"%s\" (type: %c)\n", + name, value, env_flags_vartype_rep[type]); + return -1; + } + return 0; +} + +/* + * Validate the parameters to "env set" directly + */ +int env_flags_validate_env_set_params(int argc, char * const argv[]) +{ + if ((argc >= 3) && argv[2] != NULL) { + enum env_flags_vartype type = env_flags_get_type(argv[1]); + + /* + * we don't currently check types that need more than + * one argument + */ + if (type != env_flags_vartype_string && argc > 3) { + printf("## Error: too many parameters for setting " + "\"%s\"\n", argv[1]); + return -1; + } + return env_flags_validate_type(argv[1], argv[2]); + } + /* ok */ + return 0; +} + +#else /* !USE_HOSTCC - Functions only used from lib/hashtable.c */ + /* * Parse the flag charachters from the .flags attribute list into the binary * form to be stored in the environment entry->flags field. @@ -317,3 +390,5 @@ int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, return 0; } + +#endif diff --git a/include/env_flags.h b/include/env_flags.h index bf25f2746b..33334464d4 100644 --- a/include/env_flags.h +++ b/include/env_flags.h @@ -52,6 +52,23 @@ enum env_flags_vartype { */ enum env_flags_vartype env_flags_parse_vartype(const char *flags); +#ifdef USE_HOSTCC +/* + * Look up the type of a variable directly from the .flags var. + */ +enum env_flags_vartype env_flags_get_type(const char *name); +/* + * Validate the newval for its type to conform with the requirements defined by + * its flags (directly looked at the .flags var). + */ +int env_flags_validate_type(const char *name, const char *newval); +/* + * Validate the parameters passed to "env set" for type compliance + */ +int env_flags_validate_env_set_params(int argc, char * const argv[]); + +#else /* !USE_HOSTCC */ + #include /* @@ -73,4 +90,6 @@ int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, #define ENV_FLAGS_VARTYPE_BIN_MASK 0x00000007 /* The actual variable type values use the enum value (within the mask) */ +#endif /* USE_HOSTCC */ + #endif /* __ENV_FLAGS_H__ */ diff --git a/tools/env/Makefile b/tools/env/Makefile index ab73c8c744..0e798e0940 100644 --- a/tools/env/Makefile +++ b/tools/env/Makefile @@ -24,12 +24,15 @@ include $(TOPDIR)/config.mk HOSTSRCS := $(SRCTREE)/lib/crc32.c fw_env.c fw_env_main.c +HOSTSRCS += $(SRCTREE)/lib/ctype.c $(SRCTREE)/lib/linux_string.c +HOSTSRCS += $(SRCTREE)/common/env_attr.c $(SRCTREE)/common/env_flags.c HEADERS := fw_env.h $(OBJTREE)/include/config.h # Compile for a hosted environment on the target HOSTCPPFLAGS = -idirafter $(SRCTREE)/include \ -idirafter $(OBJTREE)/include2 \ -idirafter $(OBJTREE)/include \ + -idirafter $(SRCTREE)/tools/env \ -DUSE_HOSTCC \ -DTEXT_BASE=$(TEXT_BASE) diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index 9b023e807b..5be36fc359 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -25,6 +25,7 @@ */ #include +#include #include #include #include @@ -395,6 +396,9 @@ int fw_setenv(int argc, char *argv[]) name = argv[1]; + if (env_flags_validate_env_set_params(argc, argv) < 0) + return 1; + len = 0; for (i = 2; i < argc; ++i) { char *val = argv[i]; @@ -516,6 +520,11 @@ int fw_parse_script(char *fname) name, val ? val : " removed"); #endif + if (env_flags_validate_type(name, val) < 0) { + ret = -1; + break; + } + /* * If there is an error setting a variable, * try to save the environment and returns an error -- cgit v1.2.3 From fffad71bc489cf224eda6d826a1645423852ee45 Mon Sep 17 00:00:00 2001 From: Joe Hershberger Date: Tue, 11 Dec 2012 22:16:33 -0600 Subject: env: Add a command to display details about env flags Similar to the env callback command, this will show details about the options available, the static list, and the currently active variables. Signed-off-by: Joe Hershberger --- README | 1 + common/cmd_nvedit.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++ common/env_flags.c | 34 ++++++++++++++++++++++++++++++ include/env_flags.h | 11 ++++++++++ 4 files changed, 105 insertions(+) (limited to 'common/env_flags.c') diff --git a/README b/README index acb711a384..08c0fccb5e 100644 --- a/README +++ b/README @@ -816,6 +816,7 @@ The following options need to be configured: CONFIG_CMD_EEPROM * EEPROM read/write support CONFIG_CMD_ELF * bootelf, bootvx CONFIG_CMD_ENV_CALLBACK * display details about env callbacks + CONFIG_CMD_ENV_FLAGS * display details about env flags CONFIG_CMD_EXPORTENV * export the environment CONFIG_CMD_EXT2 * ext2 command support CONFIG_CMD_EXT4 * ext4 command support diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c index f645194bf1..468b89cc9c 100644 --- a/common/cmd_nvedit.c +++ b/common/cmd_nvedit.c @@ -443,6 +443,59 @@ int do_env_callback(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) } #endif +#if defined(CONFIG_CMD_ENV_FLAGS) +static int print_static_flags(const char *var_name, const char *flags) +{ + enum env_flags_vartype type = env_flags_parse_vartype(flags); + + printf("\t%-20s %-20s\n", var_name, env_flags_get_vartype_name(type)); + + return 0; +} + +static int print_active_flags(ENTRY *entry) +{ + enum env_flags_vartype type; + + if (entry->flags == 0) + return 0; + + type = (enum env_flags_vartype) + (entry->flags & ENV_FLAGS_VARTYPE_BIN_MASK); + printf("\t%-20s %-20s\n", entry->key, env_flags_get_vartype_name(type)); + + return 0; +} + +/* + * Print the flags available and what variables have flags + */ +int do_env_flags(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + /* Print the available variable types */ + printf("Available variable type flags (position %d):\n", + ENV_FLAGS_VARTYPE_LOC); + puts("\tFlag\tVariable Type Name\n"); + puts("\t----\t------------------\n"); + env_flags_print_vartypes(); + puts("\n"); + + /* Print the static flags that may exist */ + puts("Static flags:\n"); + printf("\t%-20s %-20s\n", "Variable Name", "Variable Type"); + printf("\t%-20s %-20s\n", "-------------", "-------------"); + env_attr_walk(ENV_FLAGS_LIST_STATIC, print_static_flags); + puts("\n"); + + /* walk through each variable and print the flags if non-default */ + puts("Active flags:\n"); + printf("\t%-20s %-20s\n", "Variable Name", "Variable Type"); + printf("\t%-20s %-20s\n", "-------------", "-------------"); + hwalk_r(&env_htab, print_active_flags); + return 0; +} +#endif + /* * Interactively edit an environment variable */ @@ -913,6 +966,9 @@ static cmd_tbl_t cmd_env_sub[] = { #if defined(CONFIG_CMD_ENV_CALLBACK) U_BOOT_CMD_MKENT(callbacks, 1, 0, do_env_callback, "", ""), #endif +#if defined(CONFIG_CMD_ENV_FLAGS) + U_BOOT_CMD_MKENT(flags, 1, 0, do_env_flags, "", ""), +#endif #if defined(CONFIG_CMD_EXPORTENV) U_BOOT_CMD_MKENT(export, 4, 0, do_env_export, "", ""), #endif @@ -974,6 +1030,9 @@ static char env_help_text[] = #if defined(CONFIG_CMD_EXPORTENV) "env export [-t | -b | -c] [-s size] addr [var ...] - export environment\n" #endif +#if defined(CONFIG_CMD_ENV_FLAGS) + "env flags - print variables that have non-default flags\n" +#endif #if defined(CONFIG_CMD_GREPENV) "env grep string [...] - search environment\n" #endif diff --git a/common/env_flags.c b/common/env_flags.c index ed0857cf9e..09f93d59d6 100644 --- a/common/env_flags.c +++ b/common/env_flags.c @@ -43,6 +43,40 @@ #endif static const char env_flags_vartype_rep[] = "sdxb" ENV_FLAGS_NET_VARTYPE_REPS; +#ifdef CONFIG_CMD_ENV_FLAGS +static const char * const env_flags_vartype_names[] = { + "string", + "decimal", + "hexadecimal", + "boolean", +#ifdef CONFIG_CMD_NET + "IP address", + "MAC address", +#endif +}; + +/* + * Print the whole list of available type flags. + */ +void env_flags_print_vartypes(void) +{ + enum env_flags_vartype curtype = (enum env_flags_vartype)0; + + while (curtype != env_flags_vartype_end) { + printf("\t%c -\t%s\n", env_flags_vartype_rep[curtype], + env_flags_vartype_names[curtype]); + curtype++; + } +} + +/* + * Return the name of the type. + */ +const char *env_flags_get_vartype_name(enum env_flags_vartype type) +{ + return env_flags_vartype_names[type]; +} +#endif /* CONFIG_CMD_ENV_FLAGS */ /* * Parse the flags string from a .flags attribute list into the vartype enum. diff --git a/include/env_flags.h b/include/env_flags.h index 33334464d4..7e72523f02 100644 --- a/include/env_flags.h +++ b/include/env_flags.h @@ -47,6 +47,17 @@ enum env_flags_vartype { #define ENV_FLAGS_LIST_STATIC \ CONFIG_ENV_FLAGS_LIST_STATIC +#ifdef CONFIG_CMD_ENV_FLAGS +/* + * Print the whole list of available type flags. + */ +void env_flags_print_vartypes(void); +/* + * Return the name of the type. + */ +const char *env_flags_get_vartype_name(enum env_flags_vartype type); +#endif + /* * Parse the flags string from a .flags attribute list into the vartype enum. */ -- cgit v1.2.3 From 267541f776f1e2bec21681c6e39a4c93af9621cf Mon Sep 17 00:00:00 2001 From: Joe Hershberger Date: Tue, 11 Dec 2012 22:16:34 -0600 Subject: env: Add support for access control to .flags Add support for read-only, write-once, and change-default. Signed-off-by: Joe Hershberger --- README | 13 ++++- common/cmd_nvedit.c | 31 ++++++++-- common/env_common.c | 18 ++++++ common/env_flags.c | 159 ++++++++++++++++++++++++++++++++++++++++++++++++-- include/env_flags.h | 50 +++++++++++++++- include/environment.h | 3 + tools/env/fw_env.c | 74 +++++++++++++++++++++-- 7 files changed, 330 insertions(+), 18 deletions(-) (limited to 'common/env_flags.c') diff --git a/README b/README index 08c0fccb5e..b5c1c0377b 100644 --- a/README +++ b/README @@ -3128,7 +3128,8 @@ Configuration Settings: The format of the list is: type_attribute = [s|d|x|b|i|m] - attributes = type_attribute + access_atribute = [a|r|o|c] + attributes = type_attribute[access_atribute] entry = variable_name[:attributes] list = entry[,list] @@ -3140,6 +3141,12 @@ Configuration Settings: i - IP address m - MAC address + The access attributes are: + a - Any (default) + r - Read-only + o - Write-once + c - Change-default + - CONFIG_ENV_FLAGS_LIST_DEFAULT Define this to a list (string) to define the ".flags" envirnoment variable in the default or embedded environment. @@ -3151,6 +3158,10 @@ Configuration Settings: list, simply add an entry for the same variable name to the ".flags" variable. +- CONFIG_ENV_ACCESS_IGNORE_FORCE + If defined, don't allow the -f switch to env set override variable + access flags. + The following definitions that deal with the placement and management of environment data (variable area); in general, we support the following configurations: diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c index 468b89cc9c..e8dfbf5d85 100644 --- a/common/cmd_nvedit.c +++ b/common/cmd_nvedit.c @@ -447,8 +447,11 @@ int do_env_callback(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int print_static_flags(const char *var_name, const char *flags) { enum env_flags_vartype type = env_flags_parse_vartype(flags); + enum env_flags_varaccess access = env_flags_parse_varaccess(flags); - printf("\t%-20s %-20s\n", var_name, env_flags_get_vartype_name(type)); + printf("\t%-20s %-20s %-20s\n", var_name, + env_flags_get_vartype_name(type), + env_flags_get_varaccess_name(access)); return 0; } @@ -456,13 +459,17 @@ static int print_static_flags(const char *var_name, const char *flags) static int print_active_flags(ENTRY *entry) { enum env_flags_vartype type; + enum env_flags_varaccess access; if (entry->flags == 0) return 0; type = (enum env_flags_vartype) (entry->flags & ENV_FLAGS_VARTYPE_BIN_MASK); - printf("\t%-20s %-20s\n", entry->key, env_flags_get_vartype_name(type)); + access = env_flags_parse_varaccess_from_binflags(entry->flags); + printf("\t%-20s %-20s %-20s\n", entry->key, + env_flags_get_vartype_name(type), + env_flags_get_varaccess_name(access)); return 0; } @@ -480,17 +487,29 @@ int do_env_flags(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) env_flags_print_vartypes(); puts("\n"); + /* Print the available variable access types */ + printf("Available variable access flags (position %d):\n", + ENV_FLAGS_VARACCESS_LOC); + puts("\tFlag\tVariable Access Name\n"); + puts("\t----\t--------------------\n"); + env_flags_print_varaccess(); + puts("\n"); + /* Print the static flags that may exist */ puts("Static flags:\n"); - printf("\t%-20s %-20s\n", "Variable Name", "Variable Type"); - printf("\t%-20s %-20s\n", "-------------", "-------------"); + printf("\t%-20s %-20s %-20s\n", "Variable Name", "Variable Type", + "Variable Access"); + printf("\t%-20s %-20s %-20s\n", "-------------", "-------------", + "---------------"); env_attr_walk(ENV_FLAGS_LIST_STATIC, print_static_flags); puts("\n"); /* walk through each variable and print the flags if non-default */ puts("Active flags:\n"); - printf("\t%-20s %-20s\n", "Variable Name", "Variable Type"); - printf("\t%-20s %-20s\n", "-------------", "-------------"); + printf("\t%-20s %-20s %-20s\n", "Variable Name", "Variable Type", + "Variable Access"); + printf("\t%-20s %-20s %-20s\n", "-------------", "-------------", + "---------------"); hwalk_r(&env_htab, print_active_flags); return 0; } diff --git a/common/env_common.c b/common/env_common.c index bb18070c54..906b41fcca 100644 --- a/common/env_common.c +++ b/common/env_common.c @@ -95,6 +95,24 @@ int getenv_yesno(const char *var) 1 : 0; } +/* + * Look up the variable from the default environment + */ +char *getenv_default(const char *name) +{ + char *ret_val; + unsigned long really_valid = gd->env_valid; + unsigned long real_gd_flags = gd->flags; + + /* Pretend that the image is bad. */ + gd->flags &= ~GD_FLG_ENV_READY; + gd->env_valid = 0; + ret_val = getenv(name); + gd->env_valid = really_valid; + gd->flags = real_gd_flags; + return ret_val; +} + void set_default_env(const char *s) { int flags = 0; diff --git a/common/env_flags.c b/common/env_flags.c index 09f93d59d6..4caf12e697 100644 --- a/common/env_flags.c +++ b/common/env_flags.c @@ -43,6 +43,17 @@ #endif static const char env_flags_vartype_rep[] = "sdxb" ENV_FLAGS_NET_VARTYPE_REPS; +static const char env_flags_varaccess_rep[] = "aroc"; +static const int env_flags_varaccess_mask[] = { + 0, + ENV_FLAGS_VARACCESS_PREVENT_DELETE | + ENV_FLAGS_VARACCESS_PREVENT_CREATE | + ENV_FLAGS_VARACCESS_PREVENT_OVERWR, + ENV_FLAGS_VARACCESS_PREVENT_DELETE | + ENV_FLAGS_VARACCESS_PREVENT_OVERWR, + ENV_FLAGS_VARACCESS_PREVENT_DELETE | + ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR}; + #ifdef CONFIG_CMD_ENV_FLAGS static const char * const env_flags_vartype_names[] = { "string", @@ -54,6 +65,12 @@ static const char * const env_flags_vartype_names[] = { "MAC address", #endif }; +static const char * const env_flags_varaccess_names[] = { + "any", + "read-only", + "write-once", + "change-default", +}; /* * Print the whole list of available type flags. @@ -69,6 +86,20 @@ void env_flags_print_vartypes(void) } } +/* + * Print the whole list of available access flags. + */ +void env_flags_print_varaccess(void) +{ + enum env_flags_varaccess curaccess = (enum env_flags_varaccess)0; + + while (curaccess != env_flags_varaccess_end) { + printf("\t%c -\t%s\n", env_flags_varaccess_rep[curaccess], + env_flags_varaccess_names[curaccess]); + curaccess++; + } +} + /* * Return the name of the type. */ @@ -76,6 +107,14 @@ const char *env_flags_get_vartype_name(enum env_flags_vartype type) { return env_flags_vartype_names[type]; } + +/* + * Return the name of the access. + */ +const char *env_flags_get_varaccess_name(enum env_flags_varaccess access) +{ + return env_flags_varaccess_names[access]; +} #endif /* CONFIG_CMD_ENV_FLAGS */ /* @@ -100,6 +139,46 @@ enum env_flags_vartype env_flags_parse_vartype(const char *flags) return env_flags_vartype_string; } +/* + * Parse the flags string from a .flags attribute list into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess(const char *flags) +{ + char *access; + + if (strlen(flags) <= ENV_FLAGS_VARACCESS_LOC) + return env_flags_varaccess_any; + + access = strchr(env_flags_varaccess_rep, + flags[ENV_FLAGS_VARACCESS_LOC]); + + if (access != NULL) + return (enum env_flags_varaccess) + (access - &env_flags_varaccess_rep[0]); + + printf("## Warning: Unknown environment variable access method '%c'\n", + flags[ENV_FLAGS_VARACCESS_LOC]); + return env_flags_varaccess_any; +} + +/* + * Parse the binary flags from a hash table entry into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess_from_binflags(int binflags) +{ + int i; + + for (i = 0; i < sizeof(env_flags_varaccess_mask); i++) + if (env_flags_varaccess_mask[i] == + (binflags & ENV_FLAGS_VARACCESS_BIN_MASK)) + return (enum env_flags_varaccess)i; + + printf("Warning: Non-standard access flags. (0x%x)\n", + binflags & ENV_FLAGS_VARACCESS_BIN_MASK); + + return env_flags_varaccess_any; +} + static inline int is_hex_prefix(const char *value) { return value[0] == '0' && (value[1] == 'x' || value[1] == 'X'); @@ -241,6 +320,23 @@ enum env_flags_vartype env_flags_get_type(const char *name) return env_flags_parse_vartype(flags); } +/* + * Look up the access of a variable directly from the .flags var. + */ +enum env_flags_varaccess env_flags_get_varaccess(const char *name) +{ + const char *flags_list = getenv(ENV_FLAGS_VAR); + char flags[ENV_FLAGS_ATTR_MAX_LEN + 1]; + + if (env_flags_lookup(flags_list, name, flags)) + return env_flags_varaccess_any; + + if (strlen(flags) <= ENV_FLAGS_VARACCESS_LOC) + return env_flags_varaccess_any; + + return env_flags_parse_varaccess(flags); +} + /* * Validate that the proposed new value for "name" is valid according to the * defined flags for that variable, if any. @@ -261,6 +357,21 @@ int env_flags_validate_type(const char *name, const char *value) return 0; } +/* + * Validate that the proposed access to variable "name" is valid according to + * the defined flags for that variable, if any. + */ +int env_flags_validate_varaccess(const char *name, int check_mask) +{ + enum env_flags_varaccess access; + int access_mask; + + access = env_flags_get_varaccess(name); + access_mask = env_flags_varaccess_mask[access]; + + return (check_mask & access_mask) != 0; +} + /* * Validate the parameters to "env set" directly */ @@ -292,7 +403,12 @@ int env_flags_validate_env_set_params(int argc, char * const argv[]) */ static int env_parse_flags_to_bin(const char *flags) { - return env_flags_parse_vartype(flags) & ENV_FLAGS_VARTYPE_BIN_MASK; + int binflags; + + binflags = env_flags_parse_vartype(flags) & ENV_FLAGS_VARTYPE_BIN_MASK; + binflags |= env_flags_varaccess_mask[env_flags_parse_varaccess(flags)]; + + return binflags; } /* @@ -377,13 +493,10 @@ int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, int flag) { const char *name; -#if !defined(CONFIG_ENV_OVERWRITE) && defined(CONFIG_OVERWRITE_ETHADDR_ONCE) \ -&& defined(CONFIG_ETHADDR) const char *oldval = NULL; if (op != env_op_create) oldval = item->data; -#endif name = item->key; @@ -422,6 +535,44 @@ int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, } } + /* check for access permission */ +#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE + if (flag & H_FORCE) + return 0; +#endif + switch (op) { + case env_op_delete: + if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_DELETE) { + printf("## Error: Can't delete \"%s\"\n", name); + return 1; + } + break; + case env_op_overwrite: + if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_OVERWR) { + printf("## Error: Can't overwrite \"%s\"\n", name); + return 1; + } else if (item->flags & + ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR) { + const char *defval = getenv_default(name); + + if (defval == NULL) + defval = ""; + printf("oldval: %s defval: %s\n", oldval, defval); + if (strcmp(oldval, defval) != 0) { + printf("## Error: Can't overwrite \"%s\"\n", + name); + return 1; + } + } + break; + case env_op_create: + if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_CREATE) { + printf("## Error: Can't create \"%s\"\n", name); + return 1; + } + break; + } + return 0; } diff --git a/include/env_flags.h b/include/env_flags.h index 7e72523f02..0bdae07838 100644 --- a/include/env_flags.h +++ b/include/env_flags.h @@ -36,9 +36,18 @@ enum env_flags_vartype { env_flags_vartype_end }; +enum env_flags_varaccess { + env_flags_varaccess_any, + env_flags_varaccess_readonly, + env_flags_varaccess_writeonce, + env_flags_varaccess_changedefault, + env_flags_varaccess_end +}; + #define ENV_FLAGS_VAR ".flags" #define ENV_FLAGS_ATTR_MAX_LEN 2 #define ENV_FLAGS_VARTYPE_LOC 0 +#define ENV_FLAGS_VARACCESS_LOC 1 #ifndef CONFIG_ENV_FLAGS_LIST_STATIC #define CONFIG_ENV_FLAGS_LIST_STATIC "" @@ -52,27 +61,57 @@ enum env_flags_vartype { * Print the whole list of available type flags. */ void env_flags_print_vartypes(void); +/* + * Print the whole list of available access flags. + */ +void env_flags_print_varaccess(void); /* * Return the name of the type. */ const char *env_flags_get_vartype_name(enum env_flags_vartype type); +/* + * Return the name of the access. + */ +const char *env_flags_get_varaccess_name(enum env_flags_varaccess access); #endif /* * Parse the flags string from a .flags attribute list into the vartype enum. */ enum env_flags_vartype env_flags_parse_vartype(const char *flags); +/* + * Parse the flags string from a .flags attribute list into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess(const char *flags); +/* + * Parse the binary flags from a hash table entry into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess_from_binflags(int binflags); #ifdef USE_HOSTCC /* * Look up the type of a variable directly from the .flags var. */ enum env_flags_vartype env_flags_get_type(const char *name); +/* + * Look up the access of a variable directly from the .flags var. + */ +enum env_flags_varaccess env_flags_get_access(const char *name); /* * Validate the newval for its type to conform with the requirements defined by * its flags (directly looked at the .flags var). */ int env_flags_validate_type(const char *name, const char *newval); +/* + * Validate the newval for its access to conform with the requirements defined + * by its flags (directly looked at the .flags var). + */ +int env_flags_validate_access(const char *name, int check_mask); +/* + * Validate that the proposed access to variable "name" is valid according to + * the defined flags for that variable, if any. + */ +int env_flags_validate_varaccess(const char *name, int check_mask); /* * Validate the parameters passed to "env set" for type compliance */ @@ -94,13 +133,18 @@ void env_flags_init(ENTRY *var_entry); int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, int flag); +#endif /* USE_HOSTCC */ + /* * These are the binary flags used in the environment entry->flags variable to * decribe properties of veriables in the table */ -#define ENV_FLAGS_VARTYPE_BIN_MASK 0x00000007 +#define ENV_FLAGS_VARTYPE_BIN_MASK 0x00000007 /* The actual variable type values use the enum value (within the mask) */ - -#endif /* USE_HOSTCC */ +#define ENV_FLAGS_VARACCESS_PREVENT_DELETE 0x00000008 +#define ENV_FLAGS_VARACCESS_PREVENT_CREATE 0x00000010 +#define ENV_FLAGS_VARACCESS_PREVENT_OVERWR 0x00000020 +#define ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR 0x00000040 +#define ENV_FLAGS_VARACCESS_BIN_MASK 0x00000078 #endif /* __ENV_FLAGS_H__ */ diff --git a/include/environment.h b/include/environment.h index 00e59ba789..e64b43d2d9 100644 --- a/include/environment.h +++ b/include/environment.h @@ -181,6 +181,9 @@ unsigned char env_get_char_memory(int index); /* Function that updates CRC of the enironment */ void env_crc_update(void); +/* Look up the variable from the default environment */ +char *getenv_default(const char *name); + /* [re]set to the default environment */ void set_default_env(const char *s); diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index 5be36fc359..a596a1b0dc 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -181,6 +181,32 @@ char *fw_getenv (char *name) return NULL; } +/* + * Search the default environment for a variable. + * Return the value, if found, or NULL, if not found. + */ +char *fw_getdefenv(char *name) +{ + char *env, *nxt; + + for (env = default_environment; *env; env = nxt + 1) { + char *val; + + for (nxt = env; *nxt; ++nxt) { + if (nxt >= &default_environment[ENV_SIZE]) { + fprintf(stderr, "## Error: " + "default environment not terminated\n"); + return NULL; + } + } + val = envmatch(name, env); + if (!val) + continue; + return val; + } + return NULL; +} + /* * Print the current definition of one, or more, or all * environment variables @@ -282,6 +308,7 @@ int fw_env_write(char *name, char *value) int len; char *env, *nxt; char *oldval = NULL; + int deleting, creating, overwriting; /* * search if variable with this name already exists @@ -299,10 +326,49 @@ int fw_env_write(char *name, char *value) break; } - /* - * Delete any existing definition - */ - if (oldval) { + deleting = (oldval && !(value && strlen(value))); + creating = (!oldval && (value && strlen(value))); + overwriting = (oldval && (value && strlen(value))); + + /* check for permission */ + if (deleting) { + if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_DELETE)) { + printf("Can't delete \"%s\"\n", name); + errno = EROFS; + return -1; + } + } else if (overwriting) { + if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_OVERWR)) { + printf("Can't overwrite \"%s\"\n", name); + errno = EROFS; + return -1; + } else if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR)) { + const char *defval = fw_getdefenv(name); + + if (defval == NULL) + defval = ""; + if (strcmp(oldval, defval) + != 0) { + printf("Can't overwrite \"%s\"\n", name); + errno = EROFS; + return -1; + } + } + } else if (creating) { + if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_CREATE)) { + printf("Can't create \"%s\"\n", name); + errno = EROFS; + return -1; + } + } else + /* Nothing to do */ + return 0; + + if (deleting || overwriting) { #ifndef CONFIG_ENV_OVERWRITE /* * Ethernet Address and serial# can be set only once -- cgit v1.2.3 From 1d6cd0a3f69b549a3fc7e735a045279e7a14947e Mon Sep 17 00:00:00 2001 From: Joe Hershberger Date: Tue, 11 Dec 2012 22:16:37 -0600 Subject: env: Handle write-once ethaddr and serial# generically Use the variable access flags to implement the protection for ethaddr and serial# instead of hard-coding them. Signed-off-by: Joe Hershberger --- common/env_flags.c | 19 ------------------- include/env_flags.h | 22 ++++++++++++++++++++++ tools/env/fw_env.c | 17 ----------------- 3 files changed, 22 insertions(+), 36 deletions(-) (limited to 'common/env_flags.c') diff --git a/common/env_flags.c b/common/env_flags.c index 4caf12e697..336cae4e9f 100644 --- a/common/env_flags.c +++ b/common/env_flags.c @@ -503,25 +503,6 @@ int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, /* Default value for NULL to protect string-manipulating functions */ newval = newval ? : ""; -#ifndef CONFIG_ENV_OVERWRITE - /* - * Some variables like "ethaddr" and "serial#" can be set only once and - * cannot be deleted, unless CONFIG_ENV_OVERWRITE is defined. - */ - if (op != env_op_create && /* variable exists */ - (flag & H_FORCE) == 0) { /* and we are not forced */ - if (strcmp(name, "serial#") == 0 || - (strcmp(name, "ethaddr") == 0 -#if defined(CONFIG_OVERWRITE_ETHADDR_ONCE) && defined(CONFIG_ETHADDR) - && strcmp(oldval, __stringify(CONFIG_ETHADDR)) != 0 -#endif /* CONFIG_OVERWRITE_ETHADDR_ONCE && CONFIG_ETHADDR */ - )) { - printf("Can't overwrite \"%s\"\n", name); - return 1; - } - } -#endif - /* validate the value to match the variable type */ if (op != env_op_delete) { enum env_flags_vartype type = (enum env_flags_vartype) diff --git a/include/env_flags.h b/include/env_flags.h index 0bdae07838..d1aa1440f7 100644 --- a/include/env_flags.h +++ b/include/env_flags.h @@ -53,7 +53,29 @@ enum env_flags_varaccess { #define CONFIG_ENV_FLAGS_LIST_STATIC "" #endif +#ifdef CONFIG_CMD_NET +#ifdef CONFIG_ENV_OVERWRITE +#define ETHADDR_FLAGS "ethaddr:ma," +#else +#ifdef CONFIG_OVERWRITE_ETHADDR_ONCE +#define ETHADDR_FLAGS "ethaddr:mc," +#else +#define ETHADDR_FLAGS "ethaddr:mo," +#endif +#endif +#else +#define ETHADDR_FLAGS "" +#endif + +#ifndef CONFIG_ENV_OVERWRITE +#define SERIAL_FLAGS "serial#:so," +#else +#define SERIAL_FLAGS "" +#endif + #define ENV_FLAGS_LIST_STATIC \ + ETHADDR_FLAGS \ + SERIAL_FLAGS \ CONFIG_ENV_FLAGS_LIST_STATIC #ifdef CONFIG_CMD_ENV_FLAGS diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index a596a1b0dc..90c7a5d3f3 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -369,23 +369,6 @@ int fw_env_write(char *name, char *value) return 0; if (deleting || overwriting) { -#ifndef CONFIG_ENV_OVERWRITE - /* - * Ethernet Address and serial# can be set only once - */ - if ( - (strcmp(name, "serial#") == 0) || - ((strcmp(name, "ethaddr") == 0) -#if defined(CONFIG_OVERWRITE_ETHADDR_ONCE) && defined(CONFIG_ETHADDR) - && (strcmp(oldval, __stringify(CONFIG_ETHADDR)) != 0) -#endif /* CONFIG_OVERWRITE_ETHADDR_ONCE && CONFIG_ETHADDR */ - ) ) { - fprintf (stderr, "Can't overwrite \"%s\"\n", name); - errno = EROFS; - return -1; - } -#endif /* CONFIG_ENV_OVERWRITE */ - if (*++nxt == '\0') { *env = '\0'; } else { -- cgit v1.2.3