saret/rpc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: saret:spelling-fix
Branches Tags
saret:main saret:v1.2.1 saret:v2.0.0 saret:spelling-fix saret:feat_shbc saret:snyk-fix-44a8204e6c95596ec2a9d17964ce3a6a saret:snyk-fix-51090c5823436dc7c175acd7ea8061ca saret:snyk-fix-7878daa4d2c9c5da97f8d537cdcb3681 saret:snyk-fix-6e85ead74cf2afd85b1e36c53b87db01 saret:snyk-fix-6656d9d66f0cd9635afbc2883228bf2b saret:snyk-fix-a687bff058156a3ba04bf994b9e11bd3 saret:snyk-fix-1d8863f16d091e33ff6e6bd8ae14d853 saret:snyk-fix-5b5cfae2fd64a752c6a12acbc673c8bb saret:v1.2.0 saret:feature_secure_host_based_config saret:v1.1.0 saret:v1.0.0
saret:v2.0.0 saret:v1.2.1 saret:v1.2.0 saret:v1.1.0 saret:v1.0.0 saret:v0.9.1 saret:v0.9.0
..
compare: saret:v1.2.1
Branches Tags
saret:main saret:v1.2.1 saret:v2.0.0 saret:spelling-fix saret:feat_shbc saret:snyk-fix-44a8204e6c95596ec2a9d17964ce3a6a saret:snyk-fix-51090c5823436dc7c175acd7ea8061ca saret:snyk-fix-7878daa4d2c9c5da97f8d537cdcb3681 saret:snyk-fix-6e85ead74cf2afd85b1e36c53b87db01 saret:snyk-fix-6656d9d66f0cd9635afbc2883228bf2b saret:snyk-fix-a687bff058156a3ba04bf994b9e11bd3 saret:snyk-fix-1d8863f16d091e33ff6e6bd8ae14d853 saret:snyk-fix-5b5cfae2fd64a752c6a12acbc673c8bb saret:v1.2.0 saret:feature_secure_host_based_config saret:v1.1.0 saret:v1.0.0
saret:v2.0.0 saret:v1.2.1 saret:v1.2.0 saret:v1.1.0 saret:v1.0.0 saret:v0.9.1 saret:v0.9.0

2 Commits
spelling-f ... v1.2.1

Author SHA1 Message Date
Mike
f34e92ff3c Merge pull request #73 from bill-mahoney/patch-2 
ci: remove unneeded daily scan
 2022-03-07 10:14:19 -07:00
Bill Mahoney
c74f8119ae ci: remove unneeded daily scan 2022-03-07 10:13:26 -07:00
11 changed files with 171 additions and 273 deletions
Expand all files Collapse all files

20
.github/workflows/changelog.yml vendored
View File

@@ -1,20 +0,0 @@
name: Changelog Generator
on:
pull_request:
branches: [ master ]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- run: docker run -v $PWD:/workdir quay.io/git-chglog/git-chglog --next-tag vNext --output CHANGELOG-new.md vNext..
- name: GitHub Upload Release Artifacts
uses: actions/upload-artifact@v2
with:
name: CHANGELOG-new.md
path: |
./CHANGELOG-new.md

15
CHANGELOG.md
View File

@@ -1,18 +1,3 @@
<a name="v1.2.2"></a>
## [v1.2.2] - 2021-06-22
### Ci
- remove Jenkins chron
- **changelog:** add automation for changelog generation
### Fix
- update examples text and version
<a name="v1.2.1"></a>
## [v1.2.1] - 2021-05-06
### Fix
**docker:** add missing ca-certs
<a name="v1.2.0"></a>
## v1.2.0

2
CMakeLists.txt
View File

@@ -1,6 +1,6 @@
cmake_minimum_required (VERSION 3.1)
project (rpc VERSION 1.3.0)
project (rpc VERSION 1.2.0)
set (CMAKE_CXX_STANDARD 11)

195
Jenkinsfile vendored
View File

@@ -1,33 +1,61 @@
pipeline {
agent {
label 'docker-amt'
}
agent none
options {
buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30'))
timestamps()
timeout(unit: 'HOURS', time: 2)
}
stages {
stage ('Cloning Repository') {
steps {
script {
scmCheckout {
clean = true
stage ('Parallel') {
parallel {
stage ('Linux') {
agent { label 'docker-amt' }
stages {
stage ('Cloning Repository') {
steps {
script {
scmCheckout {
clean = true
}
}
}
}
}
}
stage ('Windows') {
agent { label 'openamt-win' }
stages {
stage ('Cloning Repository') {
steps {
script {
scmCheckout {
clean = true
}
}
}
}
}
}
}
}
stage('Static Code Scan - Protex') {
environment{
PROJECT_NAME = 'OpenAMT - RPC'
SCANNERS = 'protex'
}
stage ('Static Code Scan - Protex') {
agent { label 'docker-amt' }
steps {
rbheStaticCodeScan()
script {
staticCodeScan {
// generic
scanners = ['protex']
scannerType = ['c','c++']
protexProjectName = 'OpenAMT - RPC'
// internal, do not change
protexBuildName = 'rrs-generic-protex-build'
}
}
}
}
stage ('Parallel Builds') {
parallel {
stage ('Linux') {
@@ -43,7 +71,6 @@ pipeline {
steps {
sh './scripts/jenkins-pre-build.sh'
sh './scripts/jenkins-build.sh'
stash includes: 'build/rpc', name: 'linux-rpc-app'
}
}
stage ('Archive') {
@@ -51,6 +78,7 @@ pipeline {
archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true
}
}
}
}
stage ('Windows') {
@@ -61,7 +89,7 @@ pipeline {
bat 'scripts\\jenkins-pre-build.cmd'
bat 'scripts\\jenkins-build.cmd'
// prepare stash for the binary scan
stash includes: '**/*.exe', name: 'win-rpc-app'
stash includes: "**/*.exe", name: 'rpc-app'
}
}
stage ('Archive') {
@@ -73,82 +101,71 @@ pipeline {
}
}
}
stage('Prep Binary') {
steps {
sh 'mkdir -p ./bin'
dir('./bin') {
unstash 'linux-rpc-app'
unstash 'win-rpc-app'
}
}
}
stage('Linux Scans') {
environment{
PROJECT_NAME = 'OpenAMT - RPC - Linux'
SCANNERS = 'bdba,klocwork'
// protecode details
PROTECODE_BIN_DIR = './bin'
PROTECODE_INCLUDE_SUB_DIRS = true
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = './scripts/jenkins-pre-build.sh'
KLOCWORK_BUILD_COMMAND = './scripts/jenkins-build.sh'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
steps {
rbheStaticCodeScan()
dir('artifacts/Klockwork'){
sh 'cp kw_report.html kw_report_linux.html'
sh 'cp kw_report.csv kw_report_linux.csv'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv'
}
}
}
stage('Windows Scans'){
agent { label 'openamt-win' }
stages{
stage ('Windows Scans - klocwork') {
environment {
PROJECT_NAME = 'OpenAMT - RPC - Windows'
SCANNERS = 'klocwork'
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = 'scripts\\jenkins-pre-build.cmd'
KLOCWORK_BUILD_COMMAND = 'scripts\\jenkins-build.cmd'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
stage ('Parallel Scans') {
parallel {
stage ('Static Code Scan Linux') {
agent { label 'docker-amt' }
steps {
rbheStaticCodeScan()
dir('artifacts\\Klockwork'){
bat 'copy kw_report.html kw_report_windows.html'
bat 'copy kw_report.csv kw_report_windows.csv'
stash includes: 'kw_report_windows.*', name: 'win-kwreports'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv'
script {
staticCodeScan {
// generic
scanners = ['bdba','klocwork']
scannerType = 'c++'
protecodeGroup = '25'
protecodeScanName = 'rpc-zip'
protecodeDirectory = './build/rpc'
klockworkPreBuildScript = './scripts/jenkins-pre-build.sh'
klockworkBuildCommand = './scripts/jenkins-build.sh'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
}
}
}
}
stage ('Static Code Scan Windows') {
stages {
stage ('Static Code Scan Windows - Klockwork') {
agent { label 'openamt-win' }
steps {
script {
staticCodeScan {
// generic
scanners = ['klocwork']
scannerType = 'c++'
klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd'
klockworkBuildCommand = 'scripts\\jenkins-build.cmd'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
}
}
}
}
stage ('Static Code Scan Windows - BDBA') {
agent { label 'docker-amt' }
steps {
script {
sh "mkdir -p bdbaScanDir"
dir("bdbaScanDir") {
unstash 'rpc-app'
}
staticCodeScan {
// generic
scanners = ['bdba']
scannerType = 'c++'
protecodeGroup = '25'
protecodeScanName = 'rpc-zip'
protecodeDirectory = 'bdbaScanDir'
}
}
}
}
}
}
}
}
stage('Publish Artifacts'){
steps{
dir('artifacts/Klockwork'){
unstash 'win-kwreports'
}
publishArtifacts()
}
}
}
}
}

31
README.md
View File

@@ -4,43 +4,26 @@
The Remote Provisioning Client (RPC) is an application that enables remote capabilities for Intel® AMT, such as as device activation and configuration. To accomplish this, RPC communicates with the Remote Provisioning Server (RPS) to activate and connect the edge device.
<br><br>
**For detailed documentation** about RPC or other features of the Open AMT Cloud Toolkit, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/).
<br>
## Prerequisites
We leverage GitHub Actions as a means to build RPC automatically leveraging Github's CI/CD Infrastructure. This avoids having to deal with the challenges of getting your build environment just right on your local machine and allows you to get up and running much faster. Read more about GitHub Actions [here](https://github.blog/2019-08-08-github-actions-now-supports-ci-cd/#:~:text=GitHub%20Actions%20is%20an%20API,every%20step%20along%20the%20way.)
## Build the Remote Provisioning Client (RPC)
<p align="center">
<img src="assets/animations/forkandbuild.gif" width="650" />
</p>
## Build the Remote Provisioning Client (RPC)
1. Create a fork of the rpc repository [here](https://github.com/open-amt-cloud-toolkit/rpc/fork) or via the Fork button in the top-right corner of the rpc repository.
1. <a href="https://github.com/open-amt-cloud-toolkit/rpc/fork" target="_blank">Create a fork of rpc on GitHub.</a>
2. Click on "Actions" and Select "Build RPC (Native)" Workflow.
2. Click on the **Actions** tab at the top and select **Build RPC (Native) Debug/Release**.
3. Click "Run Workflow", select branch "master", and click "Run Workflow".
3. Click the **Run Workflow** dropdown.
4. Grab a coffee. The build for Windows will take approximately 30 minutes and the build for Linux will take approximately 5 minutes.
4. Select the **Branch: master**, or a preferred version, from the **Use workflow from** dropdown.
5. Once complete, click the completed job, and download the appropriate RPC for your OS under the "Artifacts" section.
5. By default, the Build Type should be **release**.
6. Click the **Run Workflow** button. Grab a coffee and take a break! The build time ranges from 15 to 20 minutes.
8. Once the download is complete, click the completed job which will feature a green checkmark.
9. Download the appropriate RPC for your managed device's OS under the **Artifacts** section.
### To Delete your workflow run
1. Click the ellipsis ( **...** ) menu for the workflow.
2. Choose the **Delete workflow run** option.
For detailed documentation about RPC and using it to activate a device, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/)
For detailed documentation about RPC and using it to activate a device, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/)

5
SECURITY.md
View File

@@ -1,5 +0,0 @@
# Security Policy
Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
## Reporting a Vulnerability
Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).

89
commands.cpp
View File

@@ -282,54 +282,51 @@ bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries)
for (int i = 0; i < (int) amt_hash_handles.Length; i++)
{
// get each entry
AMT_STATUS amt_status = pthi_GetCertificateHashEntry(amt_hash_handles.Handles[i], &certhash_entry);
AMT_STATUS status = pthi_GetCertificateHashEntry(amt_hash_handles.Handles[i], &certhash_entry);
if (amt_status == 0)
int hashSize;
cert_hash_entry tmp;
switch (certhash_entry.HashAlgorithm) {
case 0: // MD5
hashSize = 16;
tmp.algorithm = "MD5";
break;
case 1: // SHA1
hashSize = 20;
tmp.algorithm = "SHA1";
break;
case 2: // SHA256
hashSize = 32;
tmp.algorithm = "SHA256";
break;
case 3: // SHA512
hashSize = 64;
tmp.algorithm = "SHA512";
break;
default:
hashSize = 0;
tmp.algorithm = "UNKNOWN";
break;
}
if (certhash_entry.IsActive == 1)
{
int hashSize;
cert_hash_entry tmp;
switch (certhash_entry.HashAlgorithm) {
case 0: // MD5
hashSize = 16;
tmp.algorithm = "MD5";
break;
case 1: // SHA1
hashSize = 20;
tmp.algorithm = "SHA1";
break;
case 2: // SHA256
hashSize = 32;
tmp.algorithm = "SHA256";
break;
case 3: // SHA512
hashSize = 64;
tmp.algorithm = "SHA512";
break;
default:
hashSize = 0;
tmp.algorithm = "UNKNOWN";
break;
}
std::string cert_name(certhash_entry.Name.Buffer, certhash_entry.Name.Length);
tmp.name = cert_name;
tmp.is_default = certhash_entry.IsDefault;
tmp.is_active = certhash_entry.IsActive;
if (certhash_entry.IsActive == 1)
std::string hashString;
for (int i = 0; i < hashSize; i++)
{
std::string cert_name(certhash_entry.Name.Buffer, certhash_entry.Name.Length);
tmp.name = cert_name;
tmp.is_default = certhash_entry.IsDefault;
tmp.is_active = certhash_entry.IsActive;
std::string hashString;
for (int i = 0; i < hashSize; i++)
{
char hex[10];
snprintf(hex, 10, "%02x", certhash_entry.CertificateHash[i]);
hashString += hex;
}
tmp.hash = hashString;
hash_entries.push_back(tmp);
char hex[10];
snprintf(hex, 10, "%02x", certhash_entry.CertificateHash[i]);
hashString += hex;
}
tmp.hash = hashString;
hash_entries.push_back(tmp);
}
}
@@ -380,14 +377,14 @@ bool cmd_get_remote_access_connection_status(int& network_status, int& remote_st
return false;
}
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings, bool wired_interface)
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings)
{
// initialize HECI interface
if (heci_Init(NULL, PTHI_CLIENT) == 0) return false;
// get wired interface
LAN_SETTINGS lan_settings;
UINT32 interface_settings = (wired_interface) ? 0 : 1; // wired=0, wireless=1
UINT32 interface_settings = 0; // wired=0, wireless=1
AMT_STATUS amt_status = pthi_GetLanInterfaceSettings(interface_settings, &lan_settings);
if (amt_status == 0)
{
@@ -396,13 +393,11 @@ bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settin
lan_interface_settings.dhcp_enabled = lan_settings.DhcpEnabled;
lan_interface_settings.link_status = lan_settings.LinkStatus;
lan_interface_settings.ip_address.clear();
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 24) & 0xff);
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 16) & 0xff);
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 8) & 0xff);
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address) & 0xff);
lan_interface_settings.mac_address.clear();
lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[0]);
lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[1]);
lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[2]);

2
commands.h
View File

@@ -49,6 +49,6 @@ bool cmd_get_dns_suffix(std::string& suffix);
bool cmd_get_wired_mac_address(std::vector<unsigned char>& address);
bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries);
bool cmd_get_remote_access_connection_status(int& network_status, int& remote_status, int& remote_trigger, std::string& mps_hostname);
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings, bool wired_interface = true);
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings);
#endif

44
info.cpp
View File

@@ -20,7 +20,7 @@ void out_text(const std::string name, const std::vector<unsigned char> value, co
for (unsigned char tmp : value)
{
(hex) ? std::cout << std::setfill('0') << std::setw(2) << std::hex << (unsigned int)tmp
: std::cout << std::dec << (unsigned int)tmp;
: std::cout << (unsigned int)tmp;
if (char_count++ < value.size())
{
@@ -270,41 +270,15 @@ bool info_get_lan_interface_settings()
tmp.ip_address.clear();
tmp.mac_address.clear();
bool hasWired = cmd_get_lan_interface_settings(tmp);
if (hasWired)
{
out_text("LAN Interface", "wired");
out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
out_text("Link Status", (tmp.link_status) ? "up" : "down");
out_text("IP Address", tmp.ip_address, '.', false);
out_text("MAC Address", tmp.mac_address, ':');
}
tmp.is_enabled = false;
tmp.link_status = false;
tmp.dhcp_enabled = false;
tmp.dhcp_mode = 0;
tmp.ip_address.clear();
tmp.mac_address.clear();
if (!cmd_get_lan_interface_settings(tmp)) return false;
bool hasWireless = cmd_get_lan_interface_settings(tmp, false);
if (hasWireless)
{
out_text("LAN Interface", "wireless");
out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
out_text("Link Status", (tmp.link_status) ? "up" : "down");
out_text("IP Address", tmp.ip_address, '.', false);
out_text("MAC Address", tmp.mac_address, ':');
}
out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
out_text("Link Status", (tmp.link_status) ? "up" : "down");
out_text("IP Address", tmp.ip_address, '.', false);
out_text("MAC Address", tmp.mac_address, ':');
if (hasWired || hasWireless)
{
return true;
}
return false;
return true;
}
bool info_get(const std::string info)
@@ -368,4 +342,4 @@ bool info_get_verify(const std::string info)
}
return false;
}
}

35
main.cpp
View File

@@ -7,7 +7,6 @@
#include <thread>
#include <cpprest/ws_client.h>
#include <cpprest/json.h>
#include <algorithm>
#include "port.h"
#include "lms.h"
#include "commands.h"
@@ -272,22 +271,7 @@ int main(int argc, char* argv[])
g_timeout_val = 0;
// exit
try {
std::cout << std::endl;
utility::string_t tmp = utility::conversions::convertstring(msgMessage);
web::json::value parsed = web::json::value::parse(tmp);
for (const auto& obj : parsed.as_object()) {
std::string key = utility::conversions::to_utf8string(obj.first);
std::string value = utility::conversions::to_utf8string(obj.second.serialize());
value.erase(std::remove(value.begin(), value.end(), '"'), value.end());
std::cout << key << ": " << value << std::endl;
}
}
catch (...)
{
std::cout << std::endl << msgMessage << std::endl;
}
std::cout << std::endl << msgMessage << std::endl;
return;
}
else if (msgStatus.compare("failed")==0)
@@ -296,22 +280,7 @@ int main(int argc, char* argv[])
g_timeout_val = 0;
// exit
try {
std::cout << std::endl;
utility::string_t tmp = utility::conversions::convertstring(msgMessage);
web::json::value parsed = web::json::value::parse(tmp);
for (const auto& obj : parsed.as_object()) {
std::string key = utility::conversions::to_utf8string(obj.first);
std::string value = utility::conversions::to_utf8string(obj.second.serialize());
value.erase(std::remove(value.begin(), value.end(), '"'), value.end());
std::cout << key << ": " << value << std::endl;
}
}
catch (...)
{
std::cout << std::endl << msgMessage << std::endl;
}
std::cout << std::endl << msgMessage << std::endl;
return;
}

6
usage.cpp
View File

@@ -49,15 +49,15 @@ void usage_show_help()
std::cout << "Examples:" << std::endl;
std::cout << " # Activate platform using profile1" << std::endl;
std::cout << " " << PROJECT_NAME << \
" --url wss://192.168.86.100/activate --cmd \"-t activate --profile profile1\"" << std::endl;
" --url wss://localhost:8080 --cmd \"-t activate --profile profile1\"" << std::endl;
std::cout << std::endl;
std::cout << " # Activate platform using profile1 and override DNS detection" << std::endl;
std::cout << " " << PROJECT_NAME << \
" --url wss://mycloud.com/activate --cmd \"-t activate --profile profile1\" --dns corp.com" << std::endl;
" --url wss://localhost:8080 --cmd \"-t activate --profile profile1\" --dns corp.com" << std::endl;
std::cout << std::endl;
std::cout << " # Deactivate platform and connect through a proxy" << std::endl;
std::cout << " " << PROJECT_NAME << \
" -u wss://mycloud.com/activate -c \"-t deactivate --password P@ssw0rd\" -p http://proxy.com:1000" << std::endl;
" -u wss://localhost:8080 -c \"-t deactivate --password P@ssw0rd\" -p http://proxy.com:1000" << std::endl;
std::cout << std::endl;
std::cout << " # Show all informational items" << std::endl;
std::cout << " " << PROJECT_NAME << " --amtinfo all" << std::endl;