Re: freecwmpd with an ACS requiring digest authentication

[Jonas Gorski <jogo@openwrt.org>]

Hi Rajsek,

On 19 February 2013 10:26, Rajsek Miroslav <miroslav.rajsek@innbox.net> wrote:
> Hi Luka, hi everybody
>
> Recently I have used freecwmpd with an ACS that required digest 
> authentication.
> I wrote a patch for this. It is written for HTTP_CURL and imitates ssl_verify 
> flag in configuration.
> Please check it if you find it useful. Let me know if you need other things 
> like pcap traces etc.
>
> Regards,
>
> Miroslav
Looks good at first glance, but some issues I saw:

You need to add [PATCH] to the subject, to make clear this is a patch.
Also the contents should be the commit message alone, without any
greetings & co - remember everything above the "tear-off-line" ("---")
goes into the git commit log.

> --------------------------------------
>
> Signed-off-by: Miroslav Rajsek <miroslav.rajsek@innbox.net>
> ---
>  src/config.c   |   11 +++++++++++
>  src/config.h   |    1 +
>  src/freecwmp.c |    2 +-
>  src/http.c     |    3 +++
>  4 files changed, 16 insertions(+), 1 deletions(-)
> diff --git a/src/config.c b/src/config.c
> index 9460c2f..de1a26a 100644
> --- a/src/config.c
> +++ b/src/config.c
> @@ -237,6 +237,17 @@ section_found:
>     DD("freecwmp.@acs[0].ssl_verify=%d\n", config->acs->ssl_verify);
>     goto next;
>    }

Your patch got whitespace broken, these single whitespaces should
probably be tabs.

> +
> +  if (!strcmp((uci_to_option(e))->e.name, "auth_digest")) {
> +   if (!strcmp((uci_to_option(e))->v.string, "enabled")) {
> +    config->acs->auth_digest = true;
> +   } else {
> +    config->acs->auth_digest = false;
> +   }
> +   DD("freecwmp.@acs[0].auth_digest=%d\n", config->acs->auth_digest);
> +   goto next;
> +  }
> +
>  #endif /* HTTP_CURL */
>
>  next:
> diff --git a/src/config.h b/src/config.h
> index 8bf5e3d..b658525 100644
> --- a/src/config.h
> +++ b/src/config.h
> @@ -30,6 +30,7 @@ struct acs {
>   char *ssl_cert;
>   char *ssl_cacert;
>   bool ssl_verify;
> + bool auth_digest;
>  #endif /* HTTP_CURL */
>  };
>
> diff --git a/src/freecwmp.c b/src/freecwmp.c
> index ada4def..c5ebcad 100644
> --- a/src/freecwmp.c
> +++ b/src/freecwmp.c
> @@ -236,7 +236,7 @@ int main (int argc, char **argv)
>
>   /* run early cwmp initialization */
>   cwmp = calloc(1, sizeof(struct cwmp_internal));
> - if (!cwmp) return;
> + if (!cwmp) return -1;

This is a unrelated change and should be in a separate patch.

>
>   INIT_LIST_HEAD(&cwmp->events);
>   INIT_LIST_HEAD(&cwmp->notifications);
> diff --git a/src/http.c b/src/http.c
> index c63712f..f1838b1 100644
> --- a/src/http.c
> +++ b/src/http.c
> @@ -155,6 +155,9 @@ http_send_message(char *msg_out, char **msg_in)
>   curl = curl_easy_init();
>   if (!curl) return -1;
>
> + if (config->acs->auth_digest)
> +  curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
> +
>   curl_easy_setopt(curl, CURLOPT_URL, http_c.url);
>   curl_easy_setopt(curl, CURLOPT_HTTPHEADER, http_c.header_list);
>
> --
> 1.7.0.4
>
> This e-mail and any attachments may contain confidential and/or privileged 
> information and is intended solely for the addressee. Any unauthorised use, 
> review, retransmissions, dissemination, copying or other use of this 
> information by persons or entities other than the intended recipient is 
> strictly prohibited.
>
> To elektronsko sporo?ilo in vse morebitne priloge lahko vsebujejo informacije 
> zaupne narave in so namenjene izklju?no naslovniku. Fizi?ni ali pravni osebi, 
> ki ni naslovnik, je kakr?nakoli nepoobla??ena uporaba, pregledovanje, 
> po?iljanje, raz?irjanje, kopiranje ali drug na?in razpolaganja z vsebino 
> sporo?ila strogo prepovedana.

You can't submit patches that are confidential, you need to drop this
footer for the patch to be acceptable.

Regards
Jonas