From patchwork Fri Dec 15 10:45:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Couret Charles-Antoine X-Patchwork-Id: 849087 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4010:c07::238; helo=mail-lf0-x238.google.com; envelope-from=swupdate+bncbaabb66pz3iqkgqexjqrf7a@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="d+qX1xCe"; dkim-atps=neutral Received: from mail-lf0-x238.google.com (mail-lf0-x238.google.com [IPv6:2a00:1450:4010:c07::238]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yynD03c16z9t2f for ; Fri, 15 Dec 2017 21:46:23 +1100 (AEDT) Received: by mail-lf0-x238.google.com with SMTP id t13sf2144865lfe.2 for ; Fri, 15 Dec 2017 02:46:23 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1513334780; cv=pass; d=google.com; s=arc-20160816; b=hNybAjKDM0m1jMwBhhrmzWfhHS///WhtKLxqHUPMDPI6cO8xjjc9gCJI2M6uiIDJdW gOUUC5YeWqzeuE5nvd8O3T6hNN41uu8ELgHESoE+5YJpdi/M16P7dRVyroPgvWBXS3qR 4jP03AS/DaCONSbMHPBkFfLCena9ksELZsz6egmn01X+mecpy6ssdaxUfIgiB9sjRZWm +J0QxdxsnC8kPT0OK8POTcNFUEzZm8a5OsT5N1bDokYnRPIuJAENGVm0xsDDhuGkP4g+ 7bOUN6o6BeFslBoywr/ERjxImiRUZ3FH2zF4H/IoapEfaFnlui2oULORZdJigakHKcwu c8Iw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:arc-authentication-results:arc-message-signature :sender:dkim-signature:arc-authentication-results; bh=2DChi7jRDgXTGkeQ6TrpnwSxtGTpDLrpFwOPCZPEsCM=; b=K2x39u1uaSkhwXeta45VRZ0+arWXFaJzdrHMlgy0dJpXUHi691gmFc9aVSOiyO0/Qp Nw+8jP8p5+LLTmCxaJ7BXMeqwBerg5REVB7eJxhfsiawUPdpF8GRX8BzgrC8WwBby6G+ XR5EQNJArnynXJcwPGRi3i/t623axucqqm/QucAoO+HpGTLo/i78vct/JzfqEQp49cyO t4sK56ZEKsGJXm2LFQ1dc+E9v/HWQMtifckkbKk0fgwdtaoHut0EvEIYpF+83C10Vxx1 O2tmbSL4L3dG1gZIC2qPBgCYY3ab5edMOVq7bYjdCcDiA5L1P2/yDo2gS+oILZreQSkN dImA== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of charles-antoine.couret@essensium.com designates 195.144.77.220 as permitted sender) smtp.mailfrom=Charles-Antoine.Couret@essensium.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=2DChi7jRDgXTGkeQ6TrpnwSxtGTpDLrpFwOPCZPEsCM=; b=d+qX1xCeMeef/9+njevfew+Q4zCJ/IW4gKc4L5qqdAY/qa6VEf7OGiFdHokXzU9DQ1 7iLb7PhCWEngLOZRhZa5TBNx+W149Br9IyiFf0p7jjyvPJADkbwKexd8ZRZozurcqpQB hrVlINq5nyOVE2kqzMf+MGOQPtC7snYlRhl/n58zFP/io8PB47xGjTkIcEsLEWVwPxV1 GLQkq7JnM05O38bCWrwFN8oYDwvJWJUmiDxevcp/lFdmksIaaHH1B0kJP03y3Ft/q8zQ TOzLueJoc541ozBfIIwdc9M4O/X3HlnVBDyp7KfrSwMONuKlFF6eAE0V5Z18wu7fSrdT ie0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=2DChi7jRDgXTGkeQ6TrpnwSxtGTpDLrpFwOPCZPEsCM=; b=ULx0wDxxeLvJ6R0QMELrRZ9I7FvGWAKQSiWRKHf5ciAQ1CcB0104CUzuM2dko8VkJm Z/pE9xNtWeZ8wKkN4bqQLc0mIi1xuLUJpPRAxaZFLisNEuqn8pdpG/ly20LlT9QLG5Qb /YgbxLjn2dUqYbnmT/DAQfH8t+m9phUOwHJ6HsMeqeHgNjUaISoru9SF10e7B+2SAn8L Iw6+BcNwL+SLSLIofwD6bho2Aor5sB921VnBRXVQURQts3VH7URt051+OeARZUz+Irpx sxzUI8GxxxlgmWd3ZR2HN8ZbyfOpy7qcM3uD7WysCc7O45s0yVE1fjT0CjXw1hxSOX5s dAHQ== Sender: swupdate@googlegroups.com X-Gm-Message-State: AKGB3mKZHeT4456s2ejrZcAfo203hSJ4v9Yy4skiAu6DFxxCt35ps+fL niBwZbJBfKHn/IbVsKVZAjY= X-Google-Smtp-Source: ACJfBotVD9p1fiOPpnO+A1dOFMhu/dBTJ8X49guSAHePCx5u8J6MW/Bduz1ddVQH6Pt7KHWLDX+xmA== X-Received: by 10.46.25.27 with SMTP id p27mr23780lje.7.1513334780036; Fri, 15 Dec 2017 02:46:20 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 10.46.67.136 with SMTP id z8ls1063312lje.2.gmail; Fri, 15 Dec 2017 02:46:19 -0800 (PST) X-Received: by 10.46.77.20 with SMTP id a20mr670515ljb.35.1513334779303; Fri, 15 Dec 2017 02:46:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513334779; cv=none; d=google.com; s=arc-20160816; b=wTsSV1Yr7R5TLUALu2H2l9wur/elJt6aZcqDQncoJaigB1CUYT+G5ZgfApsl9EZYB7 TDC34JmdsIPT7je76rVQ7EKE2E2k5Hi5VMs7XjzD5eOXepfgQunHALZeU/78Hw3MVA0I QQB0Bc+XcU2iTVP8BJB4q9EHmRnkMMXf7NowrU1lTO0kT/X/lV9sAuUAcqtTGDEOsHqp PT5RRfDVnaEOPx1mguKOaDnDnV5rvcdjCal+DhWRHbd7mU7tc/SlM/8peHmd73H0OROt +9DlWDHtMtIecInNa6/32iln9dcsmjCPIUlsTCEKwbWHKqCBfqV9llRDOsYAQbvNr1q6 8vDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:message-id:date:subject:cc:to:from :arc-authentication-results; bh=cNzHdcdYi+cjnjeIpV2QiWDo17yM2RiRVL5ZBiTNf3w=; b=p28ljUfJhGVD02+T3G6VyzYjjmv1bLA/pvLz/9pr0fn4GaRRgOZBREST6guJ8AFBCs QCOrpsIsnPdht4z9oUNjKCwVyPW2g1zyafo2cUx+DYwJCqDRyECgUTtxjRGefn5aONWU s4O/2VqFZBK6flcsP0Q5bnTsTI9+qZcCV4D9NqlsTOa1R+3o8AbxsjW87L+IVl3rDp2l gn4ITLsOjr3vrZyHQxWZCahfob01T0XM2e7QGO45BXwnxrYYe49+ft1WGJ0Xu3IytVJm sBRoiOsr0X6QftWriu77ZAe7YRPbYD/lBybrrLIqcIx4zEmjdb62MR20hogJ4NcAjcX5 CiRw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of charles-antoine.couret@essensium.com designates 195.144.77.220 as permitted sender) smtp.mailfrom=Charles-Antoine.Couret@essensium.com Received: from exchange.essensium.com (220.77.144.195.ipv4.evonet.be. [195.144.77.220]) by gmr-mx.google.com with ESMTP id g77si501903lfl.5.2017.12.15.02.46.18 for ; Fri, 15 Dec 2017 02:46:18 -0800 (PST) Received-SPF: pass (google.com: domain of charles-antoine.couret@essensium.com designates 195.144.77.220 as permitted sender) client-ip=195.144.77.220; Received: from Abby.local.ess-mail.com (10.3.4.143) by beleexch01.local.ess-mail.com (10.3.7.8) with Microsoft SMTP Server (TLS) id 15.0.847.32; Fri, 15 Dec 2017 11:46:12 +0100 From: Charles-Antoine Couret To: CC: Charles-Antoine Couret Subject: [swupdate] [PATCH v3] downloader: add option to send Basic Auth info Date: Fri, 15 Dec 2017 11:45:14 +0100 Message-ID: <20171215104514.23885-1-charles-antoine.couret@essensium.com> X-Mailer: git-send-email 2.14.3 MIME-Version: 1.0 X-Originating-IP: [10.3.4.143] X-ClientProxiedBy: beleexch01.local.ess-mail.com (10.3.7.8) To beleexch01.local.ess-mail.com (10.3.7.8) X-Original-Sender: charles-antoine.couret@essensium.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of charles-antoine.couret@essensium.com designates 195.144.77.220 as permitted sender) smtp.mailfrom=Charles-Antoine.Couret@essensium.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , This option is needed if an update is protected by username / password to avoid that anybody can download this update file. This method is used by Cumulocity infrastructure for example to deploy updates. Signed-off-by: Charles-Antoine Couret --- corelib/downloader.c | 34 +++++++++++++++++++++++++++------- doc/source/swupdate.rst | 2 ++ examples/configuration/swupdate.cfg | 4 ++++ 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/corelib/downloader.c b/corelib/downloader.c index 27bb4e8..0f33e4c 100644 --- a/corelib/downloader.c +++ b/corelib/downloader.c @@ -62,6 +62,7 @@ struct dwl_options { char *url; unsigned int retries; unsigned int timeout; + char *auth; }; /* notify download progress each second */ @@ -76,6 +77,7 @@ static struct option long_options[] = { {"url", required_argument, NULL, 'u'}, {"retries", required_argument, NULL, 'r'}, {"timeout", required_argument, NULL, 't'}, + {"authentification", required_argument, NULL, 'a'}, {NULL, 0, NULL, 0}}; @@ -200,7 +202,7 @@ static void set_option_common(CURL *curl_handle, * for that, the -i option is used. */ static RECOVERY_STATUS download_from_url(char *image_url, unsigned int retries, - unsigned long lowspeed_time) + unsigned long lowspeed_time, char *auth) { CURL *curl_handle; CURLcode res = CURLE_GOT_NOTHING; @@ -253,6 +255,12 @@ static RECOVERY_STATUS download_from_url(char *image_url, unsigned int retries, return FAILURE; } + /* Set Authentification */ + if (auth && curl_easy_setopt(curl_handle, CURLOPT_USERPWD, auth) != CURLE_OK) { + TRACE("Runs out of memory: serious internal error"); + return FAILURE; + } + curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, write_data); curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, &fd); set_option_common(curl_handle, lowspeed_time, &progress); @@ -314,6 +322,13 @@ static int download_settings(void *elem, void __attribute__ ((__unused__)) *dat SETSTRING(opt->url, tmp); } + GET_FIELD_STRING(LIBCFG_PARSER, elem, "authentication", tmp); + if (strlen(tmp)) { + SETSTRING(opt->authentication, tmp); + } else { + opt->authentication = NULL; + } + get_field(LIBCFG_PARSER, elem, "retries", &opt->retries); get_field(LIBCFG_PARSER, elem, "timeout", @@ -327,10 +342,11 @@ void download_print_help(void) fprintf( stdout, "\tdownload arguments (mandatory arguments are marked with '*'):\n" - "\t -u, --url * is a link to the .swu update image\n" - "\t -r, --retries number of retries (resumed download) if connection\n" - "\t is broken (0 means indefinitely retries) (default: %d)\n" - "\t -t, --timeout timeout to check if a connection is lost (default: %d)\n", + "\t -u, --url * is a link to the .swu update image\n" + "\t -r, --retries number of retries (resumed download) if connection\n" + "\t is broken (0 means indefinitely retries) (default: %d)\n" + "\t -t, --timeout timeout to check if a connection is lost (default: %d)\n" + "\t -a, --authentication authentification information as username:password\n", DL_DEFAULT_RETRIES, DL_LOWSPEED_TIME); } @@ -345,6 +361,7 @@ int start_download(const char *fname, int argc, char *argv[]) options.retries = DL_DEFAULT_RETRIES; options.timeout = DL_LOWSPEED_TIME; + options.auth = NULL; if (fname) { read_module_settings(fname, "download", download_settings, @@ -353,7 +370,7 @@ int start_download(const char *fname, int argc, char *argv[]) /* reset to optind=1 to parse download's argument vector */ optind = 1; - while ((choice = getopt_long(argc, argv, "t:u:r:", + while ((choice = getopt_long(argc, argv, "t:u:r:a:", long_options, NULL)) != -1) { switch (choice) { case 't': @@ -362,6 +379,9 @@ int start_download(const char *fname, int argc, char *argv[]) case 'u': SETSTRING(options.url, optarg); break; + case 'a': + SETSTRING(options.auth, optarg); + break; case 'r': options.retries = strtoul(optarg, NULL, 10); break; @@ -379,7 +399,7 @@ int start_download(const char *fname, int argc, char *argv[]) */ for (attempt = 0;; attempt++) { result = download_from_url(options.url, options.retries, - options.timeout); + options.timeout, options.auth); if (result != FAILURE) { ipc_message msg; if (ipc_postupdate(&msg) != 0) { diff --git a/doc/source/swupdate.rst b/doc/source/swupdate.rst index 138e0c4..8e5ca40 100644 --- a/doc/source/swupdate.rst +++ b/doc/source/swupdate.rst @@ -534,6 +534,8 @@ Command line parameters | -t | integer | Timeout for connection lost when | | | | downloading | +-------------+----------+--------------------------------------------+ +| -a | string | Send user and password for Basic Auth | ++-------------+----------+--------------------------------------------+ systemd Integration diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg index f9366fd..5c9e122 100644 --- a/examples/configuration/swupdate.cfg +++ b/examples/configuration/swupdate.cfg @@ -48,8 +48,12 @@ globals : # it is the number of seconds that can be accepted without # receiving any packets. If it elapses, the connection is # considered broken. +# authentication : string +# credentials needed to get software if server +# enables Basic Auth to allow this downloading download : { + authentication = "user:password"; retries = 3; timeout = 1800; url = "http://example.com/software.swu";