The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,262 other subscribers

Archive for February 24th, 2022

Bash functions to encode and decode the ‘Basic’ HTTP Authentication Scheme

Posted by jpluimers on 2022/02/24

IoT devices still often use the ‘Basic’ HTTP Authentication Scheme for authorisation, see [Wayback] RFC7617: The ‘Basic’ HTTP Authentication Scheme (RFC ) and [Wayback] RFC2617: HTTP Authentication: Basic and Digest Access Authentication (RFC ).

Often this authentication is used even over http instead of over https, for instance the Egardia/Woonveilig alarm devices I wrote about yesterday at  Egardia/Woonveilig: some notes about logging on a local gateway to see more detailed information on the security system. This is contrary to guidance in:

  • RFC7617:
       This scheme is not considered to be a secure method of user
   authentication unless used in conjunction with some external secure
   system such as TLS (Transport Layer Security, [RFC5246]), as the
   user-id and password are passed over the network as cleartext.
  • RFC2617:
       "HTTP/1.0", includes the specification for a Basic Access
   Authentication scheme. This scheme is not considered to be a secure
   method of user authentication (unless used in conjunction with some
   external secure system such as SSL [5]), as the user name and
   password are passed over the network as cleartext.

Fiddling with those alarm devices, I wrote these two little bash functions (with a few notes) that work both on MacOS and in Linux:

# `base64 --decode` is platform neutral (as MacOS uses `-D` and Linux uses `-d`)
# `$1` is the encoded username:password
function decode_http_Basic_Authorization(){
  echo $1 | base64 --decode
  echo
}

# `base64` without parameters encodes
# `echo -n` does not output a new-line
# `$1` is the username; `$2` is the password
function encode_http_Basic_Authorization(){
  echo $1:$2 | base64
}

The first decodes the <credentials> from a Authorization: Basic <credentials> header into a username:password clean text followed by a newline.

The second one encodes a pair of username and password parameters into such a <credentials> string.

They are based on these initial posts that were not cross platform or explanatory:

  1. [Wayback] Decode HTTP Basic Access Authentication – Stack Pointer
  2. [Wayback] Create Authorization Basic Header | MJ’s Web Log

–jeroen

Posted in *nix, *nix-tools, Apple, Authentication, bash, bash, Communications Development, Development, HTTP, Internet protocol suite, Linux, Mac OS X / OS X / MacOS, Power User, Scripting, Security, Software Development, TCP, Web Development | Leave a Comment »

Days since last time zone issue

Posted by jpluimers on 2022/02/24

If you do business with for instance Jordan for he first time, then is likely -1 because tomorrow their clock moves forward one hour.

The 2022 daylight saving time changes (summer time / winter time) are at time.is/DST_2022 [Wayback/Archive.is]

[Archive.is] Dr. Jessie Christianstein 👩🏻‍🔬🧟‍♀️ on Twitter: “… “

–jeroen

Read the rest of this entry »

Posted in Algorithms, Development, Software Development | Leave a Comment »

Viewing the last lines of the postfix log with journalctl (with help from Unix & Linux Stack Exchange)

Posted by jpluimers on 2022/02/24

Two command-lines I use to view my Postfix logs:

  1. journalctl --unit postfix --since "2 days ago"
  2. journalctl --unit postfix --pager-end

Note that neither of these work well with the --follow (or equivalent -f) option, as this will effectively disable the pager (which by default is less).

The second is via [Wayback] systemd – How to see the latest x lines from systemctl service log – Unix & Linux Stack Exchange (which got the--pagerend bit wrong, as it misses a dash and should be --pager-end, but still thanks [Wayback] Daniel Kmak):

Just:

journalctl -u SERVICE_NAME -e

Parameter -e stands for:

-e –pagerend

That’s the one ! Other answers will go through the whole log to get to its end, which can be veeeeery long for large syslogs.

The last bit (by [Wayback] Léo Germond, thanks!) is why I like it most.

Similarly, specifying --since in the first example will not go through the whole log.

Some background information:

Read the rest of this entry »

Posted in *nix, *nix-tools, bash, Development, journalctl and journald, Linux, postfix, Power User, Scripting, Software Development, systemd | Leave a Comment »