summaryrefslogtreecommitdiffstats
path: root/src/aclk/aclk_otp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/aclk/aclk_otp.c')
-rw-r--r--src/aclk/aclk_otp.c67
1 files changed, 12 insertions, 55 deletions
diff --git a/src/aclk/aclk_otp.c b/src/aclk/aclk_otp.c
index 3b8222931..3e4f7835a 100644
--- a/src/aclk/aclk_otp.c
+++ b/src/aclk/aclk_otp.c
@@ -4,10 +4,6 @@
#include "aclk_util.h"
#include "aclk.h"
-#include "daemon/common.h"
-
-#include "mqtt_websockets/c-rbuf/cringbuffer.h"
-
static int aclk_https_request(https_req_t *request, https_req_response_t *response, bool *fallback_ipv4) {
int rc;
// wrapper for ACLK only which loads ACLK specific proxy settings
@@ -271,40 +267,8 @@ exit:
}
#endif
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
-static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
-{
- EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
-
- if (ctx != NULL) {
- memset(ctx, 0, sizeof(*ctx));
- }
- return ctx;
-}
-static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
-{
- OPENSSL_free(ctx);
- return;
-}
-#endif
-
#define CHALLENGE_LEN 256
#define CHALLENGE_LEN_BASE64 344
-inline static int base64_decode_helper(unsigned char *out, int *outl, const unsigned char *in, int in_len)
-{
- unsigned char remaining_data[CHALLENGE_LEN];
- EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
- EVP_DecodeInit(ctx);
- EVP_DecodeUpdate(ctx, out, outl, in, in_len);
- int remainder = 0;
- EVP_DecodeFinal(ctx, remaining_data, &remainder);
- EVP_ENCODE_CTX_free(ctx);
- if (remainder) {
- netdata_log_error("Unexpected data at EVP_DecodeFinal");
- return 1;
- }
- return 0;
-}
#define OTP_URL_PREFIX "/api/v1/auth/node/"
int aclk_get_otp_challenge(url_t *target, const char *agent_id, unsigned char **challenge, int *challenge_bytes, bool *fallback_ipv4)
@@ -351,7 +315,7 @@ int aclk_get_otp_challenge(url_t *target, const char *agent_id, unsigned char **
goto cleanup_json;
}
const char *challenge_base64;
- if (!(challenge_base64 = json_object_get_string(challenge_json))) {
+ if (!((challenge_base64 = json_object_get_string(challenge_json)))) {
netdata_log_error("Failed to extract challenge from JSON object");
goto cleanup_json;
}
@@ -360,8 +324,9 @@ int aclk_get_otp_challenge(url_t *target, const char *agent_id, unsigned char **
goto cleanup_json;
}
- *challenge = mallocz((CHALLENGE_LEN_BASE64 / 4) * 3);
- base64_decode_helper(*challenge, challenge_bytes, (const unsigned char*)challenge_base64, strlen(challenge_base64));
+ *challenge = mallocz((CHALLENGE_LEN_BASE64 / 4) * 3 + 1);
+ *challenge_bytes = netdata_base64_decode(*challenge, (const unsigned char *) challenge_base64, CHALLENGE_LEN_BASE64);
+
if (*challenge_bytes != CHALLENGE_LEN) {
netdata_log_error("Unexpected challenge length of %d instead of %d", *challenge_bytes, CHALLENGE_LEN);
freez(*challenge);
@@ -379,7 +344,6 @@ cleanup_resp:
int aclk_send_otp_response(const char *agent_id, const unsigned char *response, int response_bytes, url_t *target, struct auth_data *mqtt_auth, bool *fallback_ipv4)
{
- int len;
int rc = 1;
https_req_t req = HTTPS_REQ_T_INITIALIZER;
https_req_response_t resp = HTTPS_REQ_RESPONSE_T_INITIALIZER;
@@ -391,7 +355,7 @@ int aclk_send_otp_response(const char *agent_id, const unsigned char *response,
unsigned char base64[CHALLENGE_LEN_BASE64 + 1];
memset(base64, 0, CHALLENGE_LEN_BASE64 + 1);
- base64_encode_helper(base64, &len, response, response_bytes);
+ (void) netdata_base64_encode(base64, response, response_bytes);
BUFFER *url = buffer_create(strlen(OTP_URL_PREFIX) + UUID_STR_LEN + 20, &netdata_buffers_statistics.buffers_aclk);
BUFFER *resp_json = buffer_create(strlen(OTP_URL_PREFIX) + UUID_STR_LEN + 20, &netdata_buffers_statistics.buffers_aclk);
@@ -487,16 +451,15 @@ int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_p
unsigned char *challenge = NULL;
int challenge_bytes;
- char *agent_id = get_agent_claimid();
- if (agent_id == NULL) {
+ CLAIM_ID claim_id = claim_id_get();
+ if (!claim_id_is_set(claim_id)) {
netdata_log_error("Agent was not claimed - cannot perform challenge/response");
return 1;
}
// Get Challenge
- if (aclk_get_otp_challenge(target, agent_id, &challenge, &challenge_bytes, fallback_ipv4)) {
+ if (aclk_get_otp_challenge(target, claim_id.str, &challenge, &challenge_bytes, fallback_ipv4)) {
netdata_log_error("Error getting challenge");
- freez(agent_id);
return 1;
}
@@ -507,17 +470,15 @@ int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_p
netdata_log_error("Couldn't decrypt the challenge received");
freez(response_plaintext);
freez(challenge);
- freez(agent_id);
return 1;
}
freez(challenge);
// Encode and Send Challenge
struct auth_data data = { .client_id = NULL, .passwd = NULL, .username = NULL };
- if (aclk_send_otp_response(agent_id, response_plaintext, response_plaintext_bytes, target, &data, fallback_ipv4)) {
+ if (aclk_send_otp_response(claim_id.str, response_plaintext, response_plaintext_bytes, target, &data, fallback_ipv4)) {
netdata_log_error("Error getting response");
freez(response_plaintext);
- freez(agent_id);
return 1;
}
@@ -526,7 +487,6 @@ int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_p
*mqtt_id = data.client_id;
freez(response_plaintext);
- freez(agent_id);
return 0;
}
@@ -830,17 +790,14 @@ int aclk_get_env(aclk_env_t *env, const char* aclk_hostname, int aclk_port, bool
req.request_type = HTTP_REQ_GET;
- char *agent_id = get_agent_claimid();
- if (agent_id == NULL)
- {
+ CLAIM_ID claim_id = claim_id_get();
+ if (!claim_id_is_set(claim_id)) {
netdata_log_error("Agent was not claimed - cannot perform challenge/response");
buffer_free(buf);
return 1;
}
- buffer_sprintf(buf, "/api/v1/env?v=%s&cap=proto,ctx&claim_id=%s", &(NETDATA_VERSION[1]) /* skip 'v' at beginning */, agent_id);
-
- freez(agent_id);
+ buffer_sprintf(buf, "/api/v1/env?v=%s&cap=proto,ctx&claim_id=%s", &(NETDATA_VERSION[1]) /* skip 'v' at beginning */, claim_id.str);
req.host = (char*)aclk_hostname;
req.port = aclk_port;