[MIR] cobbler-enlist source and binaries

This tool is designed to 'enlist' with a cobbler server for future deployment. This tool is the first basic step of hardware discovery (normally of new hardware), then it is no-longer used.

In the current form, the only useful data sent home is the interfaces mac addresses. Next cycle, more data about the hardware will be sent home - including disk sizes, RAM and if the system supports virt extensions.

There is pending support to add it to the cd menu for people to 'try it'... however the main target is the ability to do netbooting with the debconf questions pre-answered, including cobbler credentials.

The udeb is never used on a live system, it's only target is to discover hardware then the system halts. debian-installer is hijacked to provide a volatile environment to run this tool. When this tool is used, the system should always halt.

It does not have SSL support, as debian-installer cannot currently retrieve ssl preseeds (bug 833994). It seemed pointless to receive the credentials via http and post back using https, when the returning data doesn't exactly add provided data to what was already received insecurely.

However, when bug 833994 is resolved - we will look at adding ssl support (and maybe even include the fingerprint via the preseed for self-signed).

Based on the above, there is nothing private in the data sent home at this time. Between that and bug #833994, the lack of SSL support should not be a blocker. I took the liberty of adding a cobbler-enlist task to bug #833994.

Based on irc discussion, I think I am going to want to look at this more closely.

I'm not done with my review yet, but I wanted to mention the following:

cobbler-xmlrpc.h
- PROBLEM: most xmlrpc_* calls are not doing any error checking, but should be based on looking at code of xmlrpc-c.
- RECOMMENDATION: create utility function wrappers for the common xmlrpc-c comamnds, have the cobbler-enlist code use the wrappers, and have the wrappers do all the error checking. Eg: all current uses of xmlrpc_array_new(...) should be changed to use ce_xmlrpc_array_new(...), then ce_xmlrpc_array_new() calls xmlrpc_array_new() and does the necessary error checking and fails. This should be done everywhere that an xmlrpc function is used a lot, and for those things that are used only once, simply do it inline (eg for xmlrpc_server_info_new()).

Another item of note: there is no man page for cobbler-enlist. Even if this is in universe only, it should really mention that authentication credentials are sent unencrypted to cobbler from the host.

Security review:
- does not check return codes in several places surrounding malloc() and xmlrpc_* calls
- SSL is not used due to bug #833994

I would really like to see the error checking done at some time. I realize this is a time crunch and don't see a vulnerability with the shallow audit I perfromed. That said, this should be fixed, especially since cobbler-enlist is intended to be run as a privileged user, and I have filed bug #862558.

To fully address the SSL issues, bug #833994 needs to be adjusted in the installer and cobbler-enlist. Since it is too late for that, I suggest:
- adjusting the already existing debconf questions/notes to include language that the information is currently submitted in unencrypted form (and a way to abort)
- add language to the --help text that the information is currently submitted in unencrypted form
- add a manpage which among other things includes language that the information is currently submitted in unencrypted form
- add text to README.Debian explaining the lack of SSL, language that the information is currently submitted in unencrypted form and a reference to bug #833994

I have filed bug #862567 to address this.

Since there is no difference between supporting the udeb for cobbler-enlist and the regular deb for cobbler-enlist, please feel free to promote and seed once bug #862567 is fixed.

Thanks!

"...please feel free to promote and seed once bug #862567 is fixed." should have read:

"...please feel free to seed and promote source and binaries once bug #862567 is fixed."

Marking as 'In Progress' since this is pending bug #862567.

Bug #862567 is fixed. Please feel free to seed in main.

2011-09-29 20:42:50 INFO Override Component to: 'main'
2011-09-29 20:42:51 INFO 'cobbler-enlist - 0.2-1/universe/admin' source overridden
2011-09-29 20:42:51 INFO 'cobbler-enlist-0.2-1/universe/admin/EXTRA' binary overridden in oneiric/amd64
2011-09-29 20:42:51 INFO 'cobbler-enlist-0.2-1/universe/admin/EXTRA' binary overridden in oneiric/armel
2011-09-29 20:42:51 INFO 'cobbler-enlist-0.2-1/universe/admin/EXTRA' binary overridden in oneiric/i386
2011-09-29 20:42:51 INFO 'cobbler-enlist-0.1-2/universe/admin/EXTRA' binary overridden in oneiric/powerpc
2011-09-29 20:42:51 INFO 'cobbler-enlist-udeb-0.2-1/universe/debian-installer/EXTRA' binary overridden in oneiric/amd64
2011-09-29 20:42:51 INFO 'cobbler-enlist-udeb-0.2-1/universe/debian-installer/EXTRA' binary overridden in oneiric/armel
2011-09-29 20:42:51 INFO 'cobbler-enlist-udeb-0.2-1/universe/debian-installer/EXTRA' binary overridden in oneiric/i386
2011-09-29 20:42:51 INFO 'cobbler-enlist-udeb-0.1-2/universe/debian-installer/EXTRA' binary overridden in oneiric/powerpc