Post Reply 
 
Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Build iPXE binary (undionly.kpxe) to handle http basic authentication
2016-08-19, 08:55
Post: #1
Build iPXE binary (undionly.kpxe) to handle http basic authentication
Hi everyone


I am currently having a troubles to send an HTTP request with basic authentication from a host running an iPXE (undionly.kpxe) binary.

The request http://<login>:<psw>@<ip> sends an http request where the header does not contain any authentication.

I think that the binary that I built does not handle http basic authentication. The command that I used to build it is:
make bin/undionly.kpxe HTTP_AUTH_BASIC=enable DOWNLOAD_PROTO_HTTPS=enable EMBED=<iPxeScript>

Could anyone tell me how to properly build my ipxe binary in order to handle http basic authentication. Or if the request that I wrote on the iPXE script is wrong.
Find all posts by this user
Quote this message in a reply
2016-12-17, 01:25
Post: #2
RE: Build iPXE binary (undionly.kpxe) to handle http basic authentication
I'm having the same issue, did you figure this out?
Find all posts by this user
Quote this message in a reply
2016-12-17, 10:57
Post: #3
RE: Build iPXE binary (undionly.kpxe) to handle http basic authentication
HTTP_AUTH_BASIC is already defined by default
We can see this forum post about syntax and that it should work.

To enable features such as DOWNLOAD_PROTO_HTTPS
you will want to edit src/config/local/general.h (which is created on build if it does not exist and is empty by default)
in this case i would add
Code:
#define DOWNLOAD_PROTO_HTTPS    /* Secure Hypertext Transfer Protocol */

which is copied from src/config/general.h and the #undef is just changed to #define
The define should be in the the same src/config/local/xxx.h filename as it is already in the src/config/xxx.h path.

src/config/local is used so that it is not overriden or causes confilicts on uppstream changes, also note that only changes are defined, do not copy general.h and then enable everything - because that will sooner or later leave you with a build that won't work.

by looking on the ipxe.name.tmp.map file that is generated when building you can see which features was included in the resulting binary,
in this case we can do
Code:
grep https bin/undionly.kpxe.tmp.map
and we can see if any https related code was included or not.

Use GitHub Discussions
VRAM bin
Visit this user's website Find all posts by this user
Quote this message in a reply
2016-12-20, 00:13 (This post was last modified: 2016-12-20 00:14 by krackajak.)
Post: #4
RE: Build iPXE binary (undionly.kpxe) to handle http basic authentication
Already had that build flag enabled. The issue is that commits were made ane now iPXE will only send auth information if it first gets a 401. Unfortunately the server we are booting from is public and for security reasons, returns 404. There is a solution in this thread around php, but I'm not familiar enough to implement it.

http://lists.ipxe.org/pipermail/ipxe-dev...01733.html
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 2 Guest(s)