mirror of
https://dev.iopsys.eu/bbf/icwmp.git
synced 2026-03-10 11:18:04 +01:00
Ticket refs #10256 : Secure file downloads
This commit is contained in:
imen.bhiri
parent
cd55e17e49
commit
9fd2fffcd3
7 changed files with 41 additions and 7 deletions
16
config.c
16
config.c
|
|
@ -593,6 +593,22 @@ int get_global_config(struct config *conf)
|
|||
{
|
||||
FREE(conf->acs_ssl_capath);
|
||||
}
|
||||
if((error = uci_get_value(UCI_HTTPS_SSL_CAPATH,&value)) == CWMP_OK)
|
||||
{
|
||||
if(value != NULL)
|
||||
{
|
||||
if (conf->https_ssl_capath != NULL)
|
||||
{
|
||||
free(conf->https_ssl_capath);
|
||||
}
|
||||
conf->https_ssl_capath = value;
|
||||
value = NULL;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
FREE(conf->https_ssl_capath);
|
||||
}
|
||||
if((error = uci_get_value(UCI_ACS_INSECURE_ENABLE,&value)) == CWMP_OK)
|
||||
{
|
||||
if(value != NULL)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ config 'cwmp' 'acs'
|
|||
option retry_min_wait_interval '5'
|
||||
# possible configs interval :[1000:65535]
|
||||
option retry_interval_multiplier '2000'
|
||||
|
||||
option https_ssl_capath ''
|
||||
config 'cwmp' 'cpe'
|
||||
option 'interface' 'eth0.1'
|
||||
option 'default_wan_interface' 'wan'
|
||||
|
|
|
|||
11
external.c
11
external.c
|
|
@ -29,6 +29,7 @@
|
|||
|
||||
#include "external.h"
|
||||
#include "cwmp.h"
|
||||
#include "xml.h"
|
||||
#include "log.h"
|
||||
|
||||
#include <stdarg.h>
|
||||
|
|
@ -254,10 +255,13 @@ int external_simple(char *command, char *arg, int c)
|
|||
int external_download(char *url, char *size, char *type, char *user, char *pass, time_t c)
|
||||
{
|
||||
DD(INFO,"executing download url '%s'", url);
|
||||
|
||||
json_object *json_obj_out;
|
||||
char *id = NULL;
|
||||
|
||||
char *cert_path = NULL;
|
||||
struct config *conf;
|
||||
json_object *json_obj_out;
|
||||
struct cwmp *cwmp = &cwmp_main;
|
||||
|
||||
conf = &(cwmp->conf);
|
||||
if (c) asprintf(&id, "%ld", c);
|
||||
/* send data to the script */
|
||||
json_obj_out = json_object_new_object();
|
||||
|
|
@ -269,6 +273,7 @@ int external_download(char *url, char *size, char *type, char *user, char *pass,
|
|||
if(user) json_obj_out_add(json_obj_out, "user", user);
|
||||
if(pass) json_obj_out_add(json_obj_out, "pass", pass);
|
||||
if(id) json_obj_out_add(json_obj_out, "ids", id);
|
||||
if(cert_path) json_obj_out_add(json_obj_out, "cert_path", cert_path);
|
||||
external_write_pipe_output(json_object_to_json_string(json_obj_out));
|
||||
|
||||
json_object_put(json_obj_out);
|
||||
|
|
|
|||
|
|
@ -51,7 +51,8 @@
|
|||
#define UCI_ACS_PASSWD_PATH "cwmp.acs.passwd"
|
||||
#define UCI_ACS_PARAMETERKEY_PATH "cwmp.acs.ParameterKey"
|
||||
#define UCI_ACS_SSL_CAPATH "cwmp.acs.ssl_capath"
|
||||
#define UCI_ACS_INSECURE_ENABLE "cwmp.acs.insecure_enable"
|
||||
#define UCI_HTTPS_SSL_CAPATH "cwmp.acs.https_ssl_capath"
|
||||
#define UCI_ACS_INSECURE_ENABLE "cwmp.acs.insecure_enable"
|
||||
#define UCI_ACS_SSL_VERSION "cwmp.acs.ssl_version"
|
||||
#define UCI_ACS_COMPRESSION "cwmp.acs.compression"
|
||||
#define UCI_ACS_RETRY_MIN_WAIT_INTERVAL "cwmp.acs.retry_min_wait_interval"
|
||||
|
|
@ -176,6 +177,7 @@ typedef struct config {
|
|||
char *acs_passwd;
|
||||
char *acs_ssl_capath;
|
||||
char *acs_ssl_version;
|
||||
char *https_ssl_capath;
|
||||
char *cpe_userid;
|
||||
char *cpe_passwd;
|
||||
char *dhcp_url_path;
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
|
||||
#define CWMP_MXML_TAB_SPACE " "
|
||||
#define DOWNLOAD_PROTOCOL_HTTP "http://"
|
||||
#define DOWNLOAD_PROTOCOL_HTTPS "https://"
|
||||
#define DOWNLOAD_PROTOCOL_FTP "ftp://"
|
||||
#define MAX_DOWNLOAD_QUEUE 10
|
||||
#define MAX_SCHEDULE_INFORM_QUEUE 10
|
||||
|
|
|
|||
|
|
@ -234,15 +234,23 @@ handle_action() {
|
|||
if [ "$action" = "download" ]; then
|
||||
local fault_code="9000"
|
||||
if [ "$__arg4" = "" -o "$__arg5" = "" ];then
|
||||
wget -O /tmp/icwmp_download "$__arg1" 2> /dev/null
|
||||
if [ "$__arg7" != ""];then
|
||||
wget -O /tmp/icwmp_download --ca-directory=$__arg7 "$__arg1" 2> /dev/null
|
||||
else
|
||||
wget -O /tmp/icwmp_download "$__arg1" 2> /dev/null
|
||||
fi
|
||||
if [ "$?" != "0" ];then
|
||||
let fault_code=$fault_code+$FAULT_CPE_DOWNLOAD_FAILURE
|
||||
icwmp_fault_output "" "$fault_code"
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
local url="http://$__arg4:$__arg5@`echo $__arg1|sed 's/http:\/\///g'`"
|
||||
local url=`echo "$__arg1" | sed -e "s@://@://$__arg4:$__arg5\@@g"`
|
||||
if [ "$__arg7" == ""];then
|
||||
wget -O /tmp/icwmp_download "$url" 2> /dev/null
|
||||
else
|
||||
wget -O /tmp/icwmp_download --ca-directory=$__arg7 "$url" 2> /dev/null
|
||||
fi
|
||||
if [ "$?" != "0" ];then
|
||||
let fault_code=$fault_code+$FAULT_CPE_DOWNLOAD_FAILURE
|
||||
icwmp_fault_output "" "$fault_code"
|
||||
|
|
@ -419,6 +427,7 @@ handle_action() {
|
|||
json_get_var __arg4 user
|
||||
json_get_var __arg5 pass
|
||||
json_get_var __arg6 ids
|
||||
json_get_var __arg7 cert_path
|
||||
action="download"
|
||||
;;
|
||||
du_download)
|
||||
|
|
|
|||
1
xml.c
1
xml.c
|
|
@ -4148,6 +4148,7 @@ int cwmp_handle_rpc_cpe_download(struct session *session, struct rpc *rpc)
|
|||
error = FAULT_CPE_INVALID_ARGUMENTS;
|
||||
}
|
||||
else if(strncmp(download->url,DOWNLOAD_PROTOCOL_HTTP,strlen(DOWNLOAD_PROTOCOL_HTTP))!=0 &&
|
||||
strncmp(download->url,DOWNLOAD_PROTOCOL_HTTPS,strlen(DOWNLOAD_PROTOCOL_HTTPS))!=0 &&
|
||||
strncmp(download->url,DOWNLOAD_PROTOCOL_FTP,strlen(DOWNLOAD_PROTOCOL_FTP))!=0)
|
||||
{
|
||||
error = FAULT_CPE_FILE_TRANSFER_UNSUPPORTED_PROTOCOL;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue