diff options
Diffstat (limited to 'src/aclk/aclk_otp.c')
-rw-r--r-- | src/aclk/aclk_otp.c | 67 |
1 files changed, 12 insertions, 55 deletions
diff --git a/src/aclk/aclk_otp.c b/src/aclk/aclk_otp.c index 3b8222931..3e4f7835a 100644 --- a/src/aclk/aclk_otp.c +++ b/src/aclk/aclk_otp.c @@ -4,10 +4,6 @@ #include "aclk_util.h" #include "aclk.h" -#include "daemon/common.h" - -#include "mqtt_websockets/c-rbuf/cringbuffer.h" - static int aclk_https_request(https_req_t *request, https_req_response_t *response, bool *fallback_ipv4) { int rc; // wrapper for ACLK only which loads ACLK specific proxy settings @@ -271,40 +267,8 @@ exit: } #endif -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110 -static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) -{ - EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); - - if (ctx != NULL) { - memset(ctx, 0, sizeof(*ctx)); - } - return ctx; -} -static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) -{ - OPENSSL_free(ctx); - return; -} -#endif - #define CHALLENGE_LEN 256 #define CHALLENGE_LEN_BASE64 344 -inline static int base64_decode_helper(unsigned char *out, int *outl, const unsigned char *in, int in_len) -{ - unsigned char remaining_data[CHALLENGE_LEN]; - EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); - EVP_DecodeInit(ctx); - EVP_DecodeUpdate(ctx, out, outl, in, in_len); - int remainder = 0; - EVP_DecodeFinal(ctx, remaining_data, &remainder); - EVP_ENCODE_CTX_free(ctx); - if (remainder) { - netdata_log_error("Unexpected data at EVP_DecodeFinal"); - return 1; - } - return 0; -} #define OTP_URL_PREFIX "/api/v1/auth/node/" int aclk_get_otp_challenge(url_t *target, const char *agent_id, unsigned char **challenge, int *challenge_bytes, bool *fallback_ipv4) @@ -351,7 +315,7 @@ int aclk_get_otp_challenge(url_t *target, const char *agent_id, unsigned char ** goto cleanup_json; } const char *challenge_base64; - if (!(challenge_base64 = json_object_get_string(challenge_json))) { + if (!((challenge_base64 = json_object_get_string(challenge_json)))) { netdata_log_error("Failed to extract challenge from JSON object"); goto cleanup_json; } @@ -360,8 +324,9 @@ int aclk_get_otp_challenge(url_t *target, const char *agent_id, unsigned char ** goto cleanup_json; } - *challenge = mallocz((CHALLENGE_LEN_BASE64 / 4) * 3); - base64_decode_helper(*challenge, challenge_bytes, (const unsigned char*)challenge_base64, strlen(challenge_base64)); + *challenge = mallocz((CHALLENGE_LEN_BASE64 / 4) * 3 + 1); + *challenge_bytes = netdata_base64_decode(*challenge, (const unsigned char *) challenge_base64, CHALLENGE_LEN_BASE64); + if (*challenge_bytes != CHALLENGE_LEN) { netdata_log_error("Unexpected challenge length of %d instead of %d", *challenge_bytes, CHALLENGE_LEN); freez(*challenge); @@ -379,7 +344,6 @@ cleanup_resp: int aclk_send_otp_response(const char *agent_id, const unsigned char *response, int response_bytes, url_t *target, struct auth_data *mqtt_auth, bool *fallback_ipv4) { - int len; int rc = 1; https_req_t req = HTTPS_REQ_T_INITIALIZER; https_req_response_t resp = HTTPS_REQ_RESPONSE_T_INITIALIZER; @@ -391,7 +355,7 @@ int aclk_send_otp_response(const char *agent_id, const unsigned char *response, unsigned char base64[CHALLENGE_LEN_BASE64 + 1]; memset(base64, 0, CHALLENGE_LEN_BASE64 + 1); - base64_encode_helper(base64, &len, response, response_bytes); + (void) netdata_base64_encode(base64, response, response_bytes); BUFFER *url = buffer_create(strlen(OTP_URL_PREFIX) + UUID_STR_LEN + 20, &netdata_buffers_statistics.buffers_aclk); BUFFER *resp_json = buffer_create(strlen(OTP_URL_PREFIX) + UUID_STR_LEN + 20, &netdata_buffers_statistics.buffers_aclk); @@ -487,16 +451,15 @@ int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_p unsigned char *challenge = NULL; int challenge_bytes; - char *agent_id = get_agent_claimid(); - if (agent_id == NULL) { + CLAIM_ID claim_id = claim_id_get(); + if (!claim_id_is_set(claim_id)) { netdata_log_error("Agent was not claimed - cannot perform challenge/response"); return 1; } // Get Challenge - if (aclk_get_otp_challenge(target, agent_id, &challenge, &challenge_bytes, fallback_ipv4)) { + if (aclk_get_otp_challenge(target, claim_id.str, &challenge, &challenge_bytes, fallback_ipv4)) { netdata_log_error("Error getting challenge"); - freez(agent_id); return 1; } @@ -507,17 +470,15 @@ int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_p netdata_log_error("Couldn't decrypt the challenge received"); freez(response_plaintext); freez(challenge); - freez(agent_id); return 1; } freez(challenge); // Encode and Send Challenge struct auth_data data = { .client_id = NULL, .passwd = NULL, .username = NULL }; - if (aclk_send_otp_response(agent_id, response_plaintext, response_plaintext_bytes, target, &data, fallback_ipv4)) { + if (aclk_send_otp_response(claim_id.str, response_plaintext, response_plaintext_bytes, target, &data, fallback_ipv4)) { netdata_log_error("Error getting response"); freez(response_plaintext); - freez(agent_id); return 1; } @@ -526,7 +487,6 @@ int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_p *mqtt_id = data.client_id; freez(response_plaintext); - freez(agent_id); return 0; } @@ -830,17 +790,14 @@ int aclk_get_env(aclk_env_t *env, const char* aclk_hostname, int aclk_port, bool req.request_type = HTTP_REQ_GET; - char *agent_id = get_agent_claimid(); - if (agent_id == NULL) - { + CLAIM_ID claim_id = claim_id_get(); + if (!claim_id_is_set(claim_id)) { netdata_log_error("Agent was not claimed - cannot perform challenge/response"); buffer_free(buf); return 1; } - buffer_sprintf(buf, "/api/v1/env?v=%s&cap=proto,ctx&claim_id=%s", &(NETDATA_VERSION[1]) /* skip 'v' at beginning */, agent_id); - - freez(agent_id); + buffer_sprintf(buf, "/api/v1/env?v=%s&cap=proto,ctx&claim_id=%s", &(NETDATA_VERSION[1]) /* skip 'v' at beginning */, claim_id.str); req.host = (char*)aclk_hostname; req.port = aclk_port; |