From patchwork Tue Dec 5 21:11:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ayoub Zaki X-Patchwork-Id: 844941 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4010:c07::23a; helo=mail-lf0-x23a.google.com; envelope-from=swupdate+bncbdbktzhrzujrbimxttiqkgqeijfgdxy@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="QHDdSuCb"; dkim-atps=neutral Received: from mail-lf0-x23a.google.com (mail-lf0-x23a.google.com [IPv6:2a00:1450:4010:c07::23a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yrvZY4CZqz9sxR for ; Wed, 6 Dec 2017 08:12:04 +1100 (AEDT) Received: by mail-lf0-x23a.google.com with SMTP id m82sf387084lfm.16 for ; Tue, 05 Dec 2017 13:12:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1512508321; cv=pass; d=google.com; s=arc-20160816; b=pyUqkpVVSE3SwOUN6QA6N8rpf7SfktYabdZAWPicT6ekGc9vHUxSuRxvvw1cep54vg hBdl3dDj5aCqsezzSFnkUiWLpOHHmheAqnJ4QYENP/XGoKtlmwABhNQhthdcRl8ujHjy RXemFvYn7Pra4ijNkyorsA+xSkM1T5WJzQ73kaVxDcVrH5Tbm/tV3YpvD9W5bf1EMMxj 09DzcJBOAjhhyDAwUTOEhHE1rLPL+hoHv3wbbsYjb7hILszEn3udhE/Gee1614VMkIRL KZRahpysAqTCmEur6eot03Ubz7p6W1EYNNySdohFS/9WFGCc1azmu9WXL8E/OEs4PS11 Tt3w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:date:subject:to:from :arc-authentication-results:arc-message-signature:mime-version :sender:dkim-signature:arc-authentication-results; bh=FgBtCMP2rUu8zj0HDhJKSzMnkQqUEwd5/AUc0SsxC+k=; b=RwpQe67R1vJ41SxMy6j5la+UoHz1+o2sItKsJCyLWv1BecreNddT75SOOK/k6HJxRX RUCsySqYkSaRTsAkHXrfyFZVVKP4P1PhfmTYc2uCUrMrY3ViJH/6/o4d0sgSDUZ9doSz vvBTnqLgc39SiZpqNhlBxcDJsd578X/c92O08/kEJZE4gzS0bprS9uKG7LwW/exnoCyD LkqgTRA3KqRc33LP6qk0RBwq71pJ9/24+GjMHKSIYtzB1XVW2JgUNVRyAXTP1KmIcBT8 onAEVEJTQ+ayfvRz+g4yDcyuyWFrQFFCiL3/t6E7Fa7AjtTfXRr0+kXxIjDwzKWabBBM xyfA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@embexus.com header.s=20140924 header.b=JeNZxXeq; spf=neutral (google.com: 46.30.212.10 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) smtp.mailfrom=ayoub.zaki@embexus.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:subject:date:message-id :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=FgBtCMP2rUu8zj0HDhJKSzMnkQqUEwd5/AUc0SsxC+k=; b=QHDdSuCbZWX4m0sCMMubxYe4SRsDnSz7dmhBbJyIhVf2JFl3JWcOTs0DI065CIR1oE P5Rwg2IogF520LrICyr6MiVK+3Ae1AUAm/V7hN5m6pMjFO6xU+AW3P2Uj9Yg2YndO5db Zu9YqPnj+w6868lO7EYNvylTMAhEKZv6AjLUEPP/RxPsK64cRLdwU3ad0SpV0//k6u1a LoykWhCrM9ZX2eKVsOeBzbaj04mEI28LADfntGFamI0Kw4BPQ+OaGa0yVJ42hhWd1I3A 7meiZntcrMfFd18RN5IetFaFN+Ld/HP7dO5nVZUJI6p4ATexIcdyaGfsTDaM8hCE3rYW j+pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:subject:date :message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=FgBtCMP2rUu8zj0HDhJKSzMnkQqUEwd5/AUc0SsxC+k=; b=d5DpCTsqkBO/A0L4INhrvwH1Ml+A3JLil6J85jtrxLXi3RXzmztGhmqurDj/8PXnPO oyOv0L4fi1NO3Vh6847FmOimoXCcltVhEqUZPQa17M0wGYYopyF690QNu1tSNyGgo942 IM6mwnaiYCp0dh7Zb1ZxPhx7vuSlcJO71ULtd5cDvFUpoms2DmEH/JRYXoMOLkz7YOBt Bz2IXwo4X5GudkpStuwpdcVZ5wOnMpLfXLURsCI9hjcidMMIA30Y3NWyXBUGO7Tp91Rz vQLBfkcKxLSGM2PSw7nV+OKMedZ5N++GWxHD+8MDUBRvzmO6y1yNEV7NK4gqwAu9kABD io0A== Sender: swupdate@googlegroups.com X-Gm-Message-State: AJaThX46TvvVSYF0uPdwJz6IM4TT4WQOTVtYMiQwWPVJ1H0nKaZ3dAas YpK+Aepi55UMkjg/JpMz2T4= X-Google-Smtp-Source: AGs4zMb35JSZYjp4D/l4pMvj2bh62unkwaLZjX/e+ZGy5B4ejsTdhW61YI1Slbre2iaBNmVRP+EJvw== X-Received: by 10.46.42.129 with SMTP id q123mr81476ljq.4.1512508321790; Tue, 05 Dec 2017 13:12:01 -0800 (PST) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 10.25.67.89 with SMTP id m25ls260495lfj.6.gmail; Tue, 05 Dec 2017 13:12:00 -0800 (PST) X-Received: by 10.25.225.137 with SMTP id l9mr1106497lfk.22.1512508320941; Tue, 05 Dec 2017 13:12:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512508320; cv=none; d=google.com; s=arc-20160816; b=iSfvepIdoHnhHXATQNQvcECN/3+SnnVSag6nT1UULDjDWMswdYxkYIv3FzzLM5zru3 1aqek2E5abCGw1xjt8OoVATgjRWTU9Y1oSdH7ggUCAgxdO+cBKy+TD+7ESqWRD9ZMvct w5FO+i3Ken0z0UZd7JBghEmRdwT7vOipwc4Bkixg1zDT1K6+nwqoJACo3uXh5r5B67le 0IpQNgPNwM0LX2JsEdhFPvPwEt2phoCG9X1SbBMvKICoAZ8033WhYQaYf2tRAgqqEW7a 5w3D9lTijpr25/pvChTBeWqr6jz5dfTkzwKAam/MuFQYjXLi42sb4xHYRgOEYV1XsgI3 UeRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:to:from:dkim-signature :arc-authentication-results; bh=S69cZHEsVBcM0r3aTMXX79dBNhFzJHUHSMFlSjxSSbU=; b=z1/Zxqf9U0HJ/N8p+k592lBUYAWyJrR6/NMXTTYkASkJ+YYP2zuuDgfzRitOXG1GK7 FTNPsnhSeIRdCOp5fq+LWmVm2X0i6dye55kEXKUtr8Ihw9c1BPFUm2+UAXmXfvpfc/zh Z/vFak9wjC3fSknNwkum9Fzvsnv/3uzulYnEf5yyWjU0K5VyWU6u5HLJCXreoRYzGKfN 5KS6HVbEnt8Hw30uZYv0dkIte+T57bT6ih+qMEBllnZD00fSZVtPD7xIcjtcCHWUlUM9 M3GYf9F9o8YwSCtMJNT/wicz2FTXLPhb/FJqPreDi6hx90GQdxMxt0C/v7kZ7moYPavG NvDg== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@embexus.com header.s=20140924 header.b=JeNZxXeq; spf=neutral (google.com: 46.30.212.10 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) smtp.mailfrom=ayoub.zaki@embexus.com Received: from mailrelay1-3.pub.mailoutpod1-cph3.one.com (mailrelay1-3.pub.mailoutpod1-cph3.one.com. [46.30.212.10]) by gmr-mx.google.com with ESMTPS id q77si118108lfi.1.2017.12.05.13.12.00 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Dec 2017 13:12:00 -0800 (PST) Received-SPF: neutral (google.com: 46.30.212.10 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) client-ip=46.30.212.10; X-HalOne-Cookie: 8eb1e6cd81bad1cd227ac79b7ef0ff62002c4a54 X-HalOne-ID: ee730376-da00-11e7-b923-d0431ea8a283 Received: from embexus.fritz.box (unknown [77.178.23.90]) by mailrelay1.pub.mailoutpod1-cph3.one.com (Halon) with ESMTPSA id ee730376-da00-11e7-b923-d0431ea8a283; Tue, 05 Dec 2017 21:11:59 +0000 (UTC) From: Ayoub Zaki To: swupdate@googlegroups.com Subject: [swupdate] [PATCH] hawkbit: adding authentication using security token Date: Tue, 5 Dec 2017 22:11:59 +0100 Message-Id: <1512508319-30950-1-git-send-email-ayoub.zaki@embexus.com> X-Mailer: git-send-email 2.7.4 X-Original-Sender: ayoub.zaki@embexus.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@embexus.com header.s=20140924 header.b=JeNZxXeq; spf=neutral (google.com: 46.30.212.10 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) smtp.mailfrom=ayoub.zaki@embexus.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , When a target is created within hawkBit a specific security token (32 alphanumeric character) is generated. This can be used to authenticate the target through a HTTP-Authorization header with a custom scheme TargetToken. --- corelib/channel_curl.c | 12 ++++++++++++ examples/configuration/swupdate.cfg | 3 +++ include/channel_curl.h | 1 + suricatta/server_hawkbit.c | 3 +++ 4 files changed, 19 insertions(+) diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c index 608f5d3..ec412c0 100644 --- a/corelib/channel_curl.c +++ b/corelib/channel_curl.c @@ -345,6 +345,7 @@ channel_op_res_t channel_set_options(channel_t *this, { channel_curl_t *channel_curl = this->priv; channel_op_res_t result = CHANNEL_OK; + char *token = NULL; if ((curl_easy_setopt(channel_curl->handle, CURLOPT_URL, channel_data->url) != CURLE_OK) || (curl_easy_setopt(channel_curl->handle, CURLOPT_USERAGENT, @@ -397,6 +398,17 @@ channel_op_res_t channel_set_options(channel_t *this, } } + if (channel_data->token != NULL) { + if (asprintf(&token, "Authorization: TargetToken %s", + channel_data->token)) { + if (((channel_curl->header = curl_slist_append( + channel_curl->header, token)) == NULL)) { + result = CHANNEL_EINIT; + goto cleanup; + } + } + } + switch (method) { case CHANNEL_GET: if (curl_easy_setopt(channel_curl->handle, CURLOPT_CUSTOMREQUEST, diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg index f9366fd..0d4aba2 100644 --- a/examples/configuration/swupdate.cfg +++ b/examples/configuration/swupdate.cfg @@ -101,6 +101,8 @@ identify : ( # path of the file containing the key for ssl connection # sslcert : string # path of the file containing the certificate for SSL connection +# token : string +# Hawkbit security token # proxy : string # in case the server is reached via a proxy @@ -122,6 +124,7 @@ suricatta : cafile = "/etc/ssl/cafile"; sslkey = "/etc/ssl/sslkey"; sslcert = "/etc/ssl/sslcert"; + token = "3bc13b476cb3962a0c63a5c92beacfh7"; */ }; diff --git a/include/channel_curl.h b/include/channel_curl.h index 98240a9..156d671 100644 --- a/include/channel_curl.h +++ b/include/channel_curl.h @@ -46,6 +46,7 @@ typedef struct { char *cafile; char *sslkey; char *sslcert; + char *token; char *proxy; char *info; unsigned int retry_sleep; diff --git a/suricatta/server_hawkbit.c b/suricatta/server_hawkbit.c index 175396c..ce5374b 100644 --- a/suricatta/server_hawkbit.c +++ b/suricatta/server_hawkbit.c @@ -1527,6 +1527,9 @@ static int suricatta_settings(void *elem, void __attribute__ ((__unused__)) *da GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "proxy", tmp); if (strlen(tmp)) SETSTRING(channel_data_defaults.proxy, tmp); + GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "token", tmp); + if (strlen(tmp)) + SETSTRING(channel_data_defaults.token, tmp); return 0;