Skip to content

Commit

Permalink
update enrollment job to add first managed certificate to tedge and r…
Browse files Browse the repository at this point in the history 
…econnect c8y
  • Loading branch information
@sukhyungkf
sukhyungkf committed Nov 5, 2024
1 parent bc5bf9b commit 9956303
Showing 1 changed file with 130 additions and 0 deletions.
130 changes: 130 additions & 0 deletions enrollment.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@
/******************************************************************************/
/************************** LOCAL GLOBAL VARIABLES ****************************/
/******************************************************************************/
static const char* TEDGE_CERT_PATH = "/home/keyfactor/Keyfactor-CAgent/certs/managed-cert-1.pem";
static const char* TEDGE_KEY_PATH = "/home/keyfactor/Keyfactor-CAgent/certs/managed-key-1.pem";

/******************************************************************************/
/************************ LOCAL FUNCTION DEFINITIONS **************************/
Expand Down Expand Up @@ -210,6 +212,128 @@ static int send_enroll_job_complete(const char* sessionToken, const char* jobId,
return res;
} /* send_enroll_job_complete */

static int do_single_command_read(const char* command, char** message)
{
int iResult;
char response[255];
FILE* fPipe = popen(command, "r");

do {
if (NULL == fPipe) {
log_error("%s::%s(%d) : Error in popen() with command %s", LOG_INF, command);
append_linef(message, "Error in popen() - pipe failed to open");
iResult = -1;
break;
}
/* We aren't really reading from the pipe, but we can read something & display the message */
while (NULL != fgets(response, 255, fPipe)) {
log_debug("%s::%s(%d) : Response from command %s is %s", LOG_INF, command, response);
}
/* Close the pipe */
iResult = pclose(fPipe);
log_trace("%s::%s(%d) : Result of pclose on command %s is %#x", LOG_INF, command, iResult);
} while(false);

return iResult;
} /* do_single_command */

/** */
/* This function executes bash commands. The target is defined */
/* by items in the ConfigData. */
/* The initial target is the tedge-certificate-store */
/* However, this was written generically enough to allow for other targets */
/* to be defined later. */
/* This function requires that tedge is already installed on the machine and */
/* the mosquitto user already exists */
/* */
/* @param [Input] : storePath = the target location's custom target name */
/* for example "tedge-certificate-store" */
/* @param [Output] : message = anything we want to add to tell the platform */
/* @param [Output] : Status message for the agent to return */
/* */
static void do_bash_commands(const char* storePath, char** message, enum AgentApiResultStatus* pStatus)
{
const int MAX_COMMAND = 255;
char chownCommand[MAX_COMMAND]; /* This one is dynamically created */
char localMessage[MAX_COMMAND]; /* Used to create a formatted message to Keyfactor */
char tedgeCommand[MAX_COMMAND]; /* This one is dynamically created */
const char* chownCommandFormat = "sudo chown mosquitto:mosquitto %s";
const char* restartTedgeCommand = "sudo tedge reconnect c8y";
const char* tedgeUpdateCommandFormat = "sudo tedge config set device.%s %s";

if (STAT_ERR == *pStatus) {
log_error("%s::%s(%d) : We have errored in the re-enrollment process, bypassing bash commands", LOG_INF);
goto exit;
}

if (0 == strcasecmp(storePath, TEDGE_CERT_PATH)) {
//only if the certificate matches the one to be used for tedge, set cert and key in
//tedge conf and reconnect: TODO change own to mosquitto?
snprintf(tedgeCommand, MAX_COMMAND, tedgeUpdateCommandFormat, "cert_path", TEDGE_CERT_PATH);
if (0 == (do_single_command_read(tedgeCommand, message))) {
log_error("%s::%s(%d) : Successfully executed command %s", LOG_INF, tedgeCommand);
snprintf(localMessage, MAX_COMMAND, "Successfully executed command %s", tedgeCommand);
} else {
log_error("%s::%s(%d) : Error result returned from command %s", LOG_INF, tedgeCommand);
snprintf(localMessage, MAX_COMMAND, "Error result returned from command %s", tedgeCommand);
*pStatus = STAT_ERR;
}
append_linef(message, "%s", localMessage);

snprintf(chownCommand, MAX_COMMAND, tedgeUpdateCommandFormat, "key_path", TEDGE_KEY_PATH);
if (0 == (do_single_command_read(tedgeCommand, message))) {
log_error("%s::%s(%d) : Successfully executed command %s", LOG_INF, tedgeCommand);
snprintf(localMessage, MAX_COMMAND, "Successfully executed command %s", tedgeCommand);
} else {
log_error("%s::%s(%d) : Error result returned from command %s", LOG_INF, tedgeCommand);
snprintf(localMessage, MAX_COMMAND, "Error result returned from command %s", tedgeCommand);
*pStatus = STAT_ERR;
}
append_linef(message, "%s", localMessage);
//chown cert/key to mosquitto/mosquitto
snprintf(chownCommand, MAX_COMMAND, chownCommandFormat, TEDGE_CERT_PATH);
if (0 == (do_single_command_read(chownCommand, message))) {
log_trace("%s::%s(%d) : Successfully executed command %s", LOG_INF, chownCommand);
snprintf(localMessage, MAX_COMMAND, "Successfully executed command %s", chownCommand);
} else {
log_error("%s::%s(%d) : Error result returned from command %s", LOG_INF, chownCommand);
snprintf(localMessage, MAX_COMMAND, "Error result returned from command %s", chownCommand);
*pStatus = STAT_ERR;
}
append_linef(message, "%s", localMessage);
/* BEGIN BUG 48891 - Also chown on the key for the certificate */
snprintf(chownCommand, MAX_COMMAND, chownCommandFormat, TEDGE_KEY_PATH);
if (0 == (do_single_command_read(chownCommand, message))) {
log_trace("%s::%s(%d) : Successfully executed command %s", LOG_INF, chownCommand);
snprintf(localMessage, MAX_COMMAND, "Successfully executed command %s", chownCommand);
} else {
log_error("%s::%s(%d) : Error result returned from command %s", LOG_INF, chownCommand);
snprintf(localMessage, MAX_COMMAND, "Error result returned from command %s", chownCommand);
*pStatus = STAT_ERR;
}
append_linef(message, "%s", localMessage);

if (0 == (do_single_command_read(restartTedgeCommand, message))) {
log_error("%s::%s(%d) : Successfully executed command %s", LOG_INF, restartTedgeCommand);
snprintf(localMessage, MAX_COMMAND, "Successfully executed command %s", restartTedgeCommand);
} else {
log_error("%s::%s(%d) : Error result returned from command %s", LOG_INF, restartTedgeCommand);
snprintf(localMessage, MAX_COMMAND, "Error result returned from command %s", restartTedgeCommand);
*pStatus = STAT_ERR;
}
append_linef(message, "%s", localMessage);
log_error("%s::%s(%d) : localMessage: %s", LOG_INF, localMessage);
} else {
log_warn("%s::%s(%d) : Unimplemented custom target store for post enrollment bash commands = %s", LOG_INF, storePath);
append_linef(message, "Unimplemented custom target store for post enrollment bash commands");
*pStatus = STAT_WARN;
goto exit;
}

exit:
return;
} /* do_bash_commands */

/******************************************************************************/
/*********************** GLOBAL FUNCTION DEFINITIONS **************************/
/******************************************************************************/
Expand Down Expand Up @@ -404,6 +528,12 @@ int cms_job_enroll(struct SessionJob* jobInfo, char* sessionToken,
&statusMessage, &status);
}

/* Modify re-enrollment job finish to update and restart tedge */
if (status < STAT_ERR && 0 == res && enrResp && enrResp->Certificate) {
log_verbose("%s::%s(%d) : certificates received, adding to tedge if necessary.", LOG_INF);
do_bash_commands(enrConf->StorePath, &statusMessage, &status);
}
/* END re-enrollment job modification */
/* Send the normal job complete */
res = send_enroll_job_complete(sessionToken, jobInfo->JobId,
jobInfo->CompletionEndpoint, status+1, auditId,
Expand Down

0 comments on commit 9956303

Please sign in to comment.