From patchwork Fri Feb 23 10:08:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Diego Rondini X-Patchwork-Id: 877004 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4010:c07::240; helo=mail-lf0-x240.google.com; envelope-from=swupdate+bncbckn5fetvucbbo6qx7kakgqeptphvvy@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="eic2XpS+"; dkim-atps=neutral Received: from mail-lf0-x240.google.com (mail-lf0-x240.google.com [IPv6:2a00:1450:4010:c07::240]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3znn4c3sbxz9sW0 for ; Fri, 23 Feb 2018 21:09:02 +1100 (AEDT) Received: by mail-lf0-x240.google.com with SMTP id d134sf35961lfd.10 for ; Fri, 23 Feb 2018 02:09:02 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1519380540; cv=pass; d=google.com; s=arc-20160816; b=XElH1EkV+njfL1EneRccU8TsoBbI28jOIYUgtEOnJtcyqKqo/U07pwVAFdy5ofHujG pl29I66hjBKvjsGYm9boquGPa1b/gQWOgEBEJ329aLB8jnlf2NiAS1fm15lUnDahtoIy gtJk++8QasIO43EMXiVCvSTLZ1oWCLO1QeSKXRXNDK40byx/SOzQYQFRLzW2h8IHp/R4 2/TitCHWdA60GTsDt0OrTuAdmF+aJ63k5uFdLierpOtZSqjr41WPK9CJVr5M8Pfs9MZ2 ZO/3LL6k5qZytJSMnEnYbL7m+vwyQTNh1Abv5ltup2WGPROaDa2S/Bvj5bKsHndsWWFq NCgQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:date:subject:cc:to:from :arc-authentication-results:arc-message-signature:mime-version :sender:dkim-signature:arc-authentication-results; bh=liKhSnBsI60TAfdSZC53/BQRtWgOJxneCnsZyyX+oHI=; b=t/O8opUTucoRZpyPfpgPpO7R1CT7dWcnoQTRA1ls6L7IiD/bbsv10vBanbKRPcSOsg u6DNQ0S/e2t/Mwzp1amo7p5RQLc8P2rzTAV5KXqPT8/lKm+RDVP1ADcv0OD1xJZoaOU8 cu5SjLPN/gGkdkGykDPHMzk1h6dfyvRA80u7CwykNQdsVcNb0ts7Uhu/XV76Ob2Gxl1J B3U/g1f2FeFeOgg6E/343YtyUYc5UWXu3N6XGyXTNyP2bGt29wBQOnE1XeoeKEMxEFlL h0j3UsQygINvDWcLYh810rOQxNA9iNCuzbrw3M1iMEjC8R/I6J8fCL3lD420bkuQs4/X 2KIw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@kynetics-com.20150623.gappssmtp.com header.s=20150623 header.b=qP5PFFcI; spf=neutral (google.com: 2a00:1450:400c:c09::244 is neither permitted nor denied by domain of diego.rondini@kynetics.com) smtp.mailfrom=diego.rondini@kynetics.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=liKhSnBsI60TAfdSZC53/BQRtWgOJxneCnsZyyX+oHI=; b=eic2XpS+ooKJinxtQV2GzdhKNu67Zuac8lfhvycLOCzrnDsCALXTEYPrRx0sUfggc8 hb/E5KPmf48imw76tsxxohL9FNzX2K9g+GvaQpDI1EgUwQNQs7sKoUI6aucle2/e4mz0 XxY8rLvERUsTFgwY3rHN8bweOOQsXAGUf0tItAMlpx/NcT3zjgiPSAulfSzjBKGpKVF6 WZNNcsZFlNtIpQLg9Rw3DF5kHbqY87Ra0DhH0pcgnxywV6pg1+qC5B8k2Qq6O/Kif7T/ WcWKSbnUOiBdrmtZyxBvjbnQaNDxasDqlDORKTujhTdkKdzYyqp62kXhabldxYMSzK4/ Gw0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=liKhSnBsI60TAfdSZC53/BQRtWgOJxneCnsZyyX+oHI=; b=dhuWrf+NrImbKZ09k6q+VZNikx/BeTDfx6OfHrc2sE7IlGUX292CF4r07VZXAsA79V Ng/k+PeiOOcHdSIUtpzbZ1fqHirZ4WYDr9u7X6zxQ4blERiDzV/yNl6smrF/rN29JGbd r6rf5xSe9qZvzxUXBWsDCwjQpeIZUo3MyNMUabbPAU2FgkZZFfRpAgFeROr1agtqYVtQ fG1QB2y/ySdbNk44bKWq9Dl7LtsOC5qd9FDglphWwIQ0p51k83caSVXsqu7CQDi1wf+S JHiVR87DVkJrq+jgK0+E/1FH7JNgod4U4hX6CiECd3yaMSlLTwzSRvP4SjxupESlDXnL Rhvw== Sender: swupdate@googlegroups.com X-Gm-Message-State: APf1xPDN32tXmOnrFJWXWbAJw1AqWtMGFrpCiZwEXu6GoJQx4hoItN/M gPEe8HrNyHi5ICqfT11IzTc= X-Google-Smtp-Source: AG47ELtNiVAlNraYNWUrnHApHtwGwzmjxOYxVUZ+sUPd+IxaJ2Hgi0jGImZ76hFpmCtlzmy/hQGvhw== X-Received: by 10.25.26.20 with SMTP id a20mr4059lfa.1.1519380540218; Fri, 23 Feb 2018 02:09:00 -0800 (PST) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 10.46.127.30 with SMTP id a30ls304755ljd.10.gmail; Fri, 23 Feb 2018 02:08:59 -0800 (PST) X-Received: by 10.46.22.25 with SMTP id w25mr51813ljd.8.1519380539386; Fri, 23 Feb 2018 02:08:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519380539; cv=none; d=google.com; s=arc-20160816; b=vPUNWhkGlei9mz5cuzimWzY/lAOY5aGW3gL3rieMuM7GjC9OkBwdYSpwo7pVKdm2Lh sT4jAAw+z/rPmgHosTPA8EV+Zdeg52eEjUK2lws869OfSWYXKBC+18m7pk/oKjlWfjzY XZze4EsH/dYHL2vna+vUJPxdQYLNADeD8r62CxUH/CqBVURHBmLUbmyQDfs4ZJWUceFS Kz8LIRgzqMEBgy0DhjLDdGWCXswajebrt3q0xYSyjl4opXLfDbNEclOAhD5CTmoZM7aY 4XDbBBG9akTGWXPz2iw8orTiNsHdJXGyUNRmECj7DtL915MEdip/Ocj3JiLGmHd3kST4 Zebg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=z6xOfb12HQeIpKLcu5dGD7Q2EOcHkmQr3mE7ZWNR2Mo=; b=oL0K7Rm1z12ssTU+XpdF3N0kL0jehreV8H134BLh8R0WyJWjLuzmiERQnxh3VMvADs M5mzv8wK/Im0/Awh7LwzeuHyDMJBwsAAeyfp5Uor4DZxLA/k3hItE3RpkBROa6TXbbaK 5ihv1LAEpyv6U2y3NJM5QktVWlFsaZ1vHt9jy+LyGHK8IZOhdBMj1nwb7Rht3dETUNPx Z5iydYZifDkTDojUPPhe4S+JbILYyN9T/tItXMs1Ghp5PLWmb9LiNMrVRNSQ1M+wSd1t d6OllUFbW595QOd+8SCtq/WuMTMWJXF95bnBiP2zsr0szCR3114sTCqQssw5g9/On0da PL9w== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@kynetics-com.20150623.gappssmtp.com header.s=20150623 header.b=qP5PFFcI; spf=neutral (google.com: 2a00:1450:400c:c09::244 is neither permitted nor denied by domain of diego.rondini@kynetics.com) smtp.mailfrom=diego.rondini@kynetics.com Received: from mail-wm0-x244.google.com (mail-wm0-x244.google.com. [2a00:1450:400c:c09::244]) by gmr-mx.google.com with ESMTPS id z25si107266lfg.5.2018.02.23.02.08.59 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Feb 2018 02:08:59 -0800 (PST) Received-SPF: neutral (google.com: 2a00:1450:400c:c09::244 is neither permitted nor denied by domain of diego.rondini@kynetics.com) client-ip=2a00:1450:400c:c09::244; Received: by mail-wm0-x244.google.com with SMTP id t74so3621543wme.3 for ; Fri, 23 Feb 2018 02:08:59 -0800 (PST) X-Received: by 10.28.109.10 with SMTP id i10mr1303600wmc.107.1519380538406; Fri, 23 Feb 2018 02:08:58 -0800 (PST) Received: from localhost.localdomain.it (host57-224-static.7-79-b.business.telecomitalia.it. [79.7.224.57]) by smtp.gmail.com with ESMTPSA id 137sm5512808wml.3.2018.02.23.02.08.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 23 Feb 2018 02:08:56 -0800 (PST) From: Diego Rondini To: swupdate@googlegroups.com Cc: Ayoub Zaki , Diego Rondini Subject: [swupdate] [PATCHv2] hawkbit: adding authentication using security token Date: Fri, 23 Feb 2018 11:08:29 +0100 Message-Id: <20180223100829.10132-1-diego.rondini@kynetics.com> X-Mailer: git-send-email 2.14.3 X-Original-Sender: diego.rondini@kynetics.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@kynetics-com.20150623.gappssmtp.com header.s=20150623 header.b=qP5PFFcI; spf=neutral (google.com: 2a00:1450:400c:c09::244 is neither permitted nor denied by domain of diego.rondini@kynetics.com) smtp.mailfrom=diego.rondini@kynetics.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , From: Ayoub Zaki When a target is created within hawkBit a specific security token (32 alphanumeric character) is generated. This can be used to authenticate the target through a HTTP-Authorization header with a custom scheme TargetToken. Signed-off-by: Ayoub Zaki Signed-off-by: Diego Rondini --- Changes in v2: used generic "header" concept in channel_curl code corelib/channel_curl.c | 8 ++++++++ examples/configuration/swupdate.cfg | 3 +++ include/channel_curl.h | 1 + suricatta/server_hawkbit.c | 6 ++++++ 4 files changed, 18 insertions(+) diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c index 0dec551..2f572d4 100644 --- a/corelib/channel_curl.c +++ b/corelib/channel_curl.c @@ -385,6 +385,14 @@ channel_op_res_t channel_set_options(channel_t *this, } } + if (channel_data->header != NULL) { + if (((channel_curl->header = curl_slist_append( + channel_curl->header, channel_data->header)) == NULL)) { + result = CHANNEL_EINIT; + goto cleanup; + } + } + switch (method) { case CHANNEL_GET: if (curl_easy_setopt(channel_curl->handle, CURLOPT_CUSTOMREQUEST, diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg index 5c9e122..213f8be 100644 --- a/examples/configuration/swupdate.cfg +++ b/examples/configuration/swupdate.cfg @@ -105,6 +105,8 @@ identify : ( # path of the file containing the key for ssl connection # sslcert : string # path of the file containing the certificate for SSL connection +# token : string +# Hawkbit security token # proxy : string # in case the server is reached via a proxy @@ -126,6 +128,7 @@ suricatta : cafile = "/etc/ssl/cafile"; sslkey = "/etc/ssl/sslkey"; sslcert = "/etc/ssl/sslcert"; + token = "3bc13b476cb3962a0c63a5c92beacfh7"; */ }; diff --git a/include/channel_curl.h b/include/channel_curl.h index 2133744..b13e9cf 100644 --- a/include/channel_curl.h +++ b/include/channel_curl.h @@ -37,6 +37,7 @@ typedef struct { char *sslcert; char *proxy; char *info; + char *header; unsigned int retry_sleep; unsigned int offs; unsigned int method; diff --git a/suricatta/server_hawkbit.c b/suricatta/server_hawkbit.c index 02ffb3a..480750d 100644 --- a/suricatta/server_hawkbit.c +++ b/suricatta/server_hawkbit.c @@ -1521,6 +1521,12 @@ static int suricatta_settings(void *elem, void __attribute__ ((__unused__)) *da GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "proxy", tmp); if (strlen(tmp)) SETSTRING(channel_data_defaults.proxy, tmp); + GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "token", tmp); + if (strlen(tmp)) { + char *token_header; + if (asprintf(&token_header, "Authorization: TargetToken %s", tmp)) + SETSTRING(channel_data_defaults.header, token_header); + } return 0;