From 9e052a3835a625b2d237fe598f089c65351b4ccd Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 16 Sep 2014 09:54:44 +0200 Subject: [PATCH 01/49] add test --- test/internal_test/certs/id_rsa_testlatch | 27 ++ test/internal_test/certs/id_rsa_testlatch.pub | 27 ++ .../informe_pruebas_latch.template | 163 ++++++++ .../informe_pruebas_ssh.template | 138 +++++++ test/internal_test/readme | 21 + test/internal_test/sshd.exp | 35 ++ test/internal_test/test.sh | 364 ++++++++++++++++++ 7 files changed, 775 insertions(+) create mode 100644 test/internal_test/certs/id_rsa_testlatch create mode 100644 test/internal_test/certs/id_rsa_testlatch.pub create mode 100644 test/internal_test/informe_pruebas_latch.template create mode 100644 test/internal_test/informe_pruebas_ssh.template create mode 100644 test/internal_test/readme create mode 100755 test/internal_test/sshd.exp create mode 100755 test/internal_test/test.sh diff --git a/test/internal_test/certs/id_rsa_testlatch b/test/internal_test/certs/id_rsa_testlatch new file mode 100644 index 0000000..473a2c4 --- /dev/null +++ b/test/internal_test/certs/id_rsa_testlatch @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAx7BJy/xp7QSUH9QNZM49cNleeQkgk/VKwrkL3m0IDyCMX/6r +PKopxN81ZaLdzFaTCwhxrIji/1w71kk12fvdopPiY69vC5CdUvmuX6OTkKdc9MB5 +U9aftaSdyvqCxT+S12GIff+TuEGvAFJgZkX+xGK3weiinTlj6FpsZ7IN0Lm0XAqL +zhRfplQwYz1U6V+78cdsxoM/3ij3c/gGv9imlkLn+iHsCQGx7KjOxj1XpeIPtz+a +3BFULWPC4UvsdgI7gmN71PdILc8K3qgPPbeH2z3hIWCKPPSK9DJVMzlhs8FFsCuM +YE6Dm3ohc+G/ckOSQaqftImJLWyXpUfK9TFJyQIDAQABAoIBAQC7iY+1GMiuhYdL +YQ53Js5DJpH4IB9NdagRulIwQbu44TuUiAtvvOvfbjWqz0t4tbIBQZvoiuKNKqUz +uavungFnx3VtY3xpoxZtr/oY7foPd27wmbcYis+RexmKYLzh3LPevUW/94BXIrDl +H3hTdNcwvvmPDhlyiUyQEiQPOwSIicOwsx27Qbpra5nF88X2pwzoW2B4ZKEKu88I +G0T+eucEJFVOeRvruTNaSHzieIEoYDGeEfX6ccDKxWhvDU3lg0AwY9piFcYSfZAn +mxLJnxgZCwmtgY0pTjGHTJreToAwbU0k0wbg8ZCGHmHFxMP3HB3EbsIK1et6Q9iZ +qMAL+ScFAoGBAP/RC0slSeG3DGYVSKmKFHX3ypWMUpR+/9yKhFjl2iLC/zx9hUGH +1C8yy2DG6lNG3NJ0gIsj6YFNwBtI6KQ5WT/5B/1e2pFwQqPGtErV6SDlYOaU4EA2 +bUop27EdS3mtP5zIFwR1YdFqj4V+komqmw4E8oyD13+tVC6SaCLqkssfAoGBAMfU +8RNwIZnq8kU0e2OcO1DkmGLmu8zJMrSrLYHhbnKX1+JcbgntfDELPwoFTtFXZBAR +p/CRmq+FiSnO5GhQa5WbO90RnFMEKHTdQFE4LcJaE5ZP2GR//ZPDEDPlxpUW6sAJ +LMjz0ciU861KE97hZDWGSDzxXcXWGHkwWVzQR7YXAoGAD5QUYvwfVq6GA8VyClkN +S+3OGXNVKBPf0vdgfeVpdkp3rqBaOBZkdodaWUdjx7R+CBbuKQsD0ksA0uiKuk1/ +wOSSdvyKxOaYOE8GdbQ3ITi2wPP6AA8Qcr6/0TZefUduo0aQGEZpsY4StWdy1w1b +qevlNWdl/TF5+egSjWXJkLMCgYASbdT90e2HYF+PelOW0CW4RBy5okXXkQaYGuFL +hRrGfrJuMdAEIl69tyfNKMgoDkMwKDCwwvzdCxenP2lZJXGGjpZqwOEF1vBUNsNj +uiaeMeh0iFCQlC0yn16zKpGx1jc4FqCGt9W1BeejJ53FhEvVk9i9phTb1e7T3l2f +baXvaQKBgQC3BbsZRUn4QZzyf6GRzQwyXXCf0yv4KtnP3BWmTSz3Lt1jNkF38j2t +XtkACtYzS9ZxSqY7zlo6LSTn97Wj1Bm7bAmoaxm9S8kI6x0VkyFOuLp4ayeKLXfE +RSjtDs1nyx8Av2JODnxdXv052xproROsAG6TAC3ygOzyY1okh5A8gw== +-----END RSA PRIVATE KEY----- diff --git a/test/internal_test/certs/id_rsa_testlatch.pub b/test/internal_test/certs/id_rsa_testlatch.pub new file mode 100644 index 0000000..473a2c4 --- /dev/null +++ b/test/internal_test/certs/id_rsa_testlatch.pub @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAx7BJy/xp7QSUH9QNZM49cNleeQkgk/VKwrkL3m0IDyCMX/6r +PKopxN81ZaLdzFaTCwhxrIji/1w71kk12fvdopPiY69vC5CdUvmuX6OTkKdc9MB5 +U9aftaSdyvqCxT+S12GIff+TuEGvAFJgZkX+xGK3weiinTlj6FpsZ7IN0Lm0XAqL +zhRfplQwYz1U6V+78cdsxoM/3ij3c/gGv9imlkLn+iHsCQGx7KjOxj1XpeIPtz+a +3BFULWPC4UvsdgI7gmN71PdILc8K3qgPPbeH2z3hIWCKPPSK9DJVMzlhs8FFsCuM +YE6Dm3ohc+G/ckOSQaqftImJLWyXpUfK9TFJyQIDAQABAoIBAQC7iY+1GMiuhYdL +YQ53Js5DJpH4IB9NdagRulIwQbu44TuUiAtvvOvfbjWqz0t4tbIBQZvoiuKNKqUz +uavungFnx3VtY3xpoxZtr/oY7foPd27wmbcYis+RexmKYLzh3LPevUW/94BXIrDl +H3hTdNcwvvmPDhlyiUyQEiQPOwSIicOwsx27Qbpra5nF88X2pwzoW2B4ZKEKu88I +G0T+eucEJFVOeRvruTNaSHzieIEoYDGeEfX6ccDKxWhvDU3lg0AwY9piFcYSfZAn +mxLJnxgZCwmtgY0pTjGHTJreToAwbU0k0wbg8ZCGHmHFxMP3HB3EbsIK1et6Q9iZ +qMAL+ScFAoGBAP/RC0slSeG3DGYVSKmKFHX3ypWMUpR+/9yKhFjl2iLC/zx9hUGH +1C8yy2DG6lNG3NJ0gIsj6YFNwBtI6KQ5WT/5B/1e2pFwQqPGtErV6SDlYOaU4EA2 +bUop27EdS3mtP5zIFwR1YdFqj4V+komqmw4E8oyD13+tVC6SaCLqkssfAoGBAMfU +8RNwIZnq8kU0e2OcO1DkmGLmu8zJMrSrLYHhbnKX1+JcbgntfDELPwoFTtFXZBAR +p/CRmq+FiSnO5GhQa5WbO90RnFMEKHTdQFE4LcJaE5ZP2GR//ZPDEDPlxpUW6sAJ +LMjz0ciU861KE97hZDWGSDzxXcXWGHkwWVzQR7YXAoGAD5QUYvwfVq6GA8VyClkN +S+3OGXNVKBPf0vdgfeVpdkp3rqBaOBZkdodaWUdjx7R+CBbuKQsD0ksA0uiKuk1/ +wOSSdvyKxOaYOE8GdbQ3ITi2wPP6AA8Qcr6/0TZefUduo0aQGEZpsY4StWdy1w1b +qevlNWdl/TF5+egSjWXJkLMCgYASbdT90e2HYF+PelOW0CW4RBy5okXXkQaYGuFL +hRrGfrJuMdAEIl69tyfNKMgoDkMwKDCwwvzdCxenP2lZJXGGjpZqwOEF1vBUNsNj +uiaeMeh0iFCQlC0yn16zKpGx1jc4FqCGt9W1BeejJ53FhEvVk9i9phTb1e7T3l2f +baXvaQKBgQC3BbsZRUn4QZzyf6GRzQwyXXCf0yv4KtnP3BWmTSz3Lt1jNkF38j2t +XtkACtYzS9ZxSqY7zlo6LSTn97Wj1Bm7bAmoaxm9S8kI6x0VkyFOuLp4ayeKLXfE +RSjtDs1nyx8Av2JODnxdXv052xproROsAG6TAC3ygOzyY1okh5A8gw== +-----END RSA PRIVATE KEY----- diff --git a/test/internal_test/informe_pruebas_latch.template b/test/internal_test/informe_pruebas_latch.template new file mode 100644 index 0000000..315a4c0 --- /dev/null +++ b/test/internal_test/informe_pruebas_latch.template @@ -0,0 +1,163 @@ +#Pruebas funcionales sobre plugin +*Generado automáticamente* + +**Prueba:** TEST_NAME +**Herramienta:** latch +**Entorno:** LATCH_ENVIRONMENT +**Versión:** LATCH_VERSION +**Sistema:** SYSTEM +**Fecha:** DATE + + +###1ª Prueba: Intento de pareo con configuración errónea de los valores Secret_key o Application_ID + +1º- Se establece una configuración errónea +2º- Se procede a intentar parear la aplicación + +``` +TEST_1_ +``` + +Respuesta: +``` +RESPONSE_1_ +``` + +###2ª Prueba: Intento de pareo con introducción del token de pareo erróneo + +1º- Se establece una configuración correcta +2º- Se procede a intentar parear la aplicación + +``` +TEST_2_ +``` + +Respuesta: +``` +RESPONSE_2_ +``` + +###3ª Prueba: Intento de pareo con token en blanco (sin introducir nada) + +1º- Se establece una configuración correcta +2º- Se procede a intentar parear la aplicación + +``` +TEST_3_ +``` + +Respuesta: +``` +RESPONSE_3_ +``` + +###4ª Prueba: Intento de pareo con token correcto + +1º- Se establece una configuración correcta +2º- Se procede a intentar parear la aplicación + +``` +TEST_4_ +``` + +Respuesta: +``` +RESPONSE_4_ +``` + +###5ª Prueba: Intento de pareo estando previamente pareado + +1º- Se establece una configuración correcta +2º- Se procede a intentar parear la aplicación + +``` +TEST_5_ +``` + +Respuesta: +``` +RESPONSE_5_ +``` + +###6ª Prueba: Intento de pareo con token correcto y la máquina sin conexión a Internet + +1º- Se desconecta la red +2º- Se establece una configuración correcta +3º- Se procede a intentar parear la aplicación + +``` +TEST_6_ +``` + +Respuesta: +``` +RESPONSE_6_ +``` + +###7ª Prueba: Consulta de estado de bloqueo de cuenta mediante aplicación latch-UNIX pareada + +1º- Se procede a bloquear +2º- Se consulta el estado de latch + +``` +TEST_7_ +``` + +Respuesta: +``` +RESPONSE_7_ +``` + +###8ª Prueba: Consulta de estado de desbloqueo de cuenta mediante aplicación latch-UNIX pareada + +1º- Se procede a desbloquear +2º- Se consulta el estado de latch + +``` +TEST_8_ +``` + +Respuesta: +``` +RESPONSE_8_ +``` + +###9ª Prueba: Prueba de despareo + +1º- Se procede a desparear la cuenta + +``` +TEST_9_ +``` + +Respuesta: +``` +RESPONSE_9_ +``` + +###10ª Prueba: Prueba de despareo estando previamente despareado + +1º- Se procede a desparear la cuenta + +``` +TEST_10_ +``` + +Respuesta: +``` +RESPONSE_10_ +``` + +###11ª Prueba: Prueba de despareo sin conexión a Internet + +1º- Se desconecta la red +2º- Se procede a desparear la cuenta + +``` +TEST_11_ +``` + +Respuesta: +``` +RESPONSE_11_ +``` diff --git a/test/internal_test/informe_pruebas_ssh.template b/test/internal_test/informe_pruebas_ssh.template new file mode 100644 index 0000000..dd34968 --- /dev/null +++ b/test/internal_test/informe_pruebas_ssh.template @@ -0,0 +1,138 @@ +#Pruebas funcionales sobre plugin +*Generado automáticamente* + +**Prueba:** TEST_NAME +**Herramienta:** latch-ssh +**Entorno:** LATCH_ENVIRONMENT +**Versión:** LATCH_VERSION +**Sistema:** SYSTEM +**Fecha:** DATE + + + +###1ª Prueba: Bloqueo de cuenta SSH mediante aplicación latch-UNIX pareada + +1º- Se procede a bloquear +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada + +Interacción automatizada: +``` +RESPONSE_1_ +``` + +###2ª Prueba: Intento inicio de sesión con la cuenta bloqueada y la información del AppID y Secret Key han sido cambiados por el Administrador + +1º- Se establece una configuración errónea +2º- Se procede a activar el bloqueo de la cuenta en la aplicación del smartphone +3º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada + +Interacción automatizada: +``` +RESPONSE_2_ +``` + +###3ª Prueba: Desbloqueo de cuenta SSH mediante aplicación latch-UNIX pareada + +1º- Se procede a desbloquear +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada + +Interacción automatizada: +``` +RESPONSE_3_ +``` + +###4ª Prueba: Intento de inicio de sesión con una contraseña incorrecta, con el One Time Password activado + +1º- Se procede a desbloquear y activar la opción del OTP +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada +3º- Se introduce una contraseña incorrecta + +Interacción automatizada: +``` +RESPONSE_4_ +``` + +###5ª Prueba: Uso del One Time Password con cuenta desbloqueada + +1º- Se procede a desbloquear y activar la opción del OTP +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada +3º- Se introduce un OTP correcto + +Interacción automatizada: +``` +RESPONSE_5_ +``` + +###6ª Prueba: Uso del One Time Password en blanco con cuenta desbloqueada + +1º- Se procede a desbloquear y activar la opción del OTP +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada +3º- Se introduce un OTP en blanco + +Interacción automatizada: +``` +RESPONSE_6_ +``` + +###7ª Prueba: Uso del One Time Password erróneo con cuenta desbloqueada + +1º- Se procede a desbloquear y activar la opción del OTP +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada +3º- Se introduce un OTP erróneo + +Interacción automatizada: +``` +RESPONSE_7_ +``` + +###8ª Prueba: Bloqueo de clave SSH mediante aplicación latch-UNIX pareada + +1º- Se procede a bloquear +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada + +``` +TEST_8_ +``` + +Respuesta: +``` +RESPONSE_8_ +``` + +###9ª Prueba: Desbloqueo de clave SSH mediante aplicación latch-UNIX pareada + +1º- Se procede a desbloquear +2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada + +``` +TEST_9_ +``` + +Respuesta: +``` +RESPONSE_9_ +``` + +###10ª Prueba: Bloqueo de cuenta SSH mediante aplicación latch-UNIX pareada y la máquina sin conexión a Internet, definiendo la opción por defecto como "open" + +1º- Se desconecta la red +2º- Se establece una configuración abierta por defecto +3º- Se procede a bloquear +4º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada + +Interacción automatizada: +``` +RESPONSE_10_ +``` + +###11ª Prueba: Desbloqueo de cuenta SSH mediante aplicación latch-UNIX pareada y la máquina sin conexión a Internet, definiendo la opción por defecto como "close" + +1º- Se desconecta la red +2º- Se establece una configuración cerrada por defecto +3º- Se procede a desbloquear +4º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada + +Interacción automatizada: +``` +RESPONSE_11_ +``` diff --git a/test/internal_test/readme b/test/internal_test/readme new file mode 100644 index 0000000..2d9845a --- /dev/null +++ b/test/internal_test/readme @@ -0,0 +1,21 @@ +## Prerrequisites +* Bash. +* Expect. +* Latch-client-app tool. + + +## Installation +* Install and configure the plugin +./configure && make && sudo make install + +* Edit App_id and Secret_key parameters, and add a test_op operation. + +* Execute test +sudo ./test.sh + +* Convert markdown file to pdf -> http://www.markdowntopdf.com/ + + +## Pendiente +test ssh pam: +- Programar expect para que cada vez que recibe "Password:" envie la respuestra programada como si fuera un bucle. diff --git a/test/internal_test/sshd.exp b/test/internal_test/sshd.exp new file mode 100755 index 0000000..21d345a --- /dev/null +++ b/test/internal_test/sshd.exp @@ -0,0 +1,35 @@ +#!/usr/bin/expect -f + + +set username [lindex $argv 0] +set password [lindex $argv 1] +set operation_id [lindex $argv 2] +set otp_option [lindex $argv 3] + +spawn ssh $username@localhost whoami + +expect { + "Password:" { + stty -echo + send "$password\r" + stty echo + exp_continue + } "One-time password:" { + if { $otp_option == "wrong" } { + set otp "XXXX" + } elseif { $otp_option == "blank" } { + set otp "" + } else { + set otp [exec latch-client-app otp $operation_id] + } + send "$otp\r" + exp_continue + } timeout { + send_user "connection to localhost timed out\n" + exit + } eof { + send_user \ + "connection to host failed: $expect_out(buffer)" + exit + } +} \ No newline at end of file diff --git a/test/internal_test/test.sh b/test/internal_test/test.sh new file mode 100755 index 0000000..2a3b1cb --- /dev/null +++ b/test/internal_test/test.sh @@ -0,0 +1,364 @@ +#!/usr/bin/env bash +# run as root + + +## constants +OUTPUT_LOG=test.log + +USER_TEST=testlatch +ADDRESS=$USER_TEST@localhost +SSH_KEYS_DIR=$HOME/.ssh +SSH_USER_TEST_KEYS_DIR=/home/$USER_TEST/.ssh + +PASSWD=$(echo $RANDOM$RANDOM$RANDOM | sha256sum | base64 | head -c 32) + + + +# functions + +function init_test { + sudo adduser $USER_TEST --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password > $OUTPUT_LOG 2>&1 + echo -e "$PASSWD\n$PASSWD\n" | sudo passwd $USER_TEST >> $OUTPUT_LOG 2>&1 + + # force unpair + sudo su $USER_TEST -c 'latch -u' >> $OUTPUT_LOG 2>&1 +} + +function end_test { + sudo su $USER_TEST -c 'latch -u' >> $OUTPUT_LOG 2>&1 + sudo deluser $USER_TEST >> $OUTPUT_LOG 2>&1 +} + +function prev_info { + if grep "testpath2.11paths.com" /etc/latch/latch.conf >> $OUTPUT_LOG 2>&1 ; then + local ENVIRONMENT=test + else + local ENVIRONMENT=produccion + fi + + local TEST_NAME=${1:-Indefinida} + local VERSION=$(latch -v) + local SYSTEM=$(lsb_release -d 2>&1 | cut -d ":" -f 2 2>&1) + local DATE=$(date) + + sed "s/TEST_NAME/$TEST_NAME/g" $OUTPUT_TEMPLATE | \ + sed "s/LATCH_ENVIRONMENT/$ENVIRONMENT/g" | \ + sed "s/LATCH_VERSION/$VERSION/g" | \ + sed "s/SYSTEM/$SYSTEM/g" | \ + sed "s/DATE/$DATE/g" > $OUTPUT_FILE + + sudo chmod a+rw $OUTPUT_FILE +} + +function config_wrong { + sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf + + sudo sed 's/app_id.*/app_id = XXXX/g' /etc/latch/latch_orig.conf | \ + sudo sed 's/secret_key.*/secret_key = XXXX/g' > /etc/latch/latch.conf + sudo chmod 600 /etc/latch/latch.conf +} + +function config_back { + if test -f /etc/latch/latch_orig.conf; then + sudo mv /etc/latch/latch_orig.conf /etc/latch/latch.conf + fi + sudo chmod 600 /etc/latch/latch.conf +} + +function config_open { + sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf + + sudo sed 's/action.*/action = open/g' /etc/latch/latch_orig.conf > /etc/latch/latch.conf + sudo chmod 600 /etc/latch/latch.conf +} + +function config_close { + sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf + + sudo sed 's/action.*/action = close/g' /etc/latch/latch_orig.conf > /etc/latch/latch.conf + sudo chmod 600 /etc/latch/latch.conf +} + +function network_down { + sudo ifconfig eth0 down + sleep 2 +} + +function network_up { + # ubuntu + sudo service network-manager restart >> $OUTPUT_LOG 2>&1 + sudo ifconfig eth0 up >> $OUTPUT_LOG 2>&1 + + # centos + sudo service network restart >> $OUTPUT_LOG 2>&1 + sudo ifup eth0 >> $OUTPUT_LOG 2>&1 + + sleep 20 +} + +function add_certs { + cp certs/* $SSH_KEYS_DIR >> $OUTPUT_LOG 2>&1 + + eval `ssh-agent` >> $OUTPUT_LOG 2>&1 + echo $SSH_AUTH_SOCK >> $OUTPUT_LOG 2>&1 + ssh-add $SSH_KEYS_DIR/id_rsa_testlatch >> $OUTPUT_LOG 2>&1 + + if [ ! -d $SSH_USER_TEST_KEYS_DIR ]; then + sudo mkdir $SSH_USER_TEST_KEYS_DIR + fi + + echo -n 'command="latch-shell -o sshd-keys" ' >> $SSH_USER_TEST_KEYS_DIR/authorized_keys + cat certs/id_rsa_testlatch.pub >> $SSH_USER_TEST_KEYS_DIR/authorized_keys +} + +function rm_certs { + if [ -d $SSH_USER_TEST_KEYS_DIR ]; then + test -f $SSH_USER_TEST_KEYS_DIR/authorized_keys && sed -i.bak '/latch-shell/d' $SSH_KEYS_DIR/authorized_keys + fi + + test -f $SSH_KEYS_DIR/id_rsa_testlatch.pub && sudo rm $SSH_KEYS_DIR/id_rsa_testlatch.pub + test -f $SSH_KEYS_DIR/id_rsa_testlatch && sudo rm $SSH_KEYS_DIR/id_rsa_testlatch +} + +function process_request { + local TEST_N="$1" + local REQUEST="$2" + + if [ "$3" = expect ]; then + local RESPONSE=$( $REQUEST 2>&1 ) + elif [ "$3" = simple ]; then + local RESPONSE=$( $REQUEST 2>&1 ) + else + local RESPONSE=$( sudo su $USER_TEST -c "$REQUEST" 2>&1 ) + fi + + local str1="TEST_"$TEST_N"_" + local str2="RESPONSE_"$TEST_N"_" + + local SED=$(echo "$RESPONSE" | sed ':begin;$!N;s/\n/newLine/;tbegin' | sed -e 's/[\/&]/\\&/g') + sudo sed -i.bak "s/$str1/$REQUEST/g" $OUTPUT_FILE + sudo sed -i.bak "s/$str2/$SED/g" $OUTPUT_FILE + sudo sed -i.bak 's/newLine/\n/g' $OUTPUT_FILE +} + +function ensure_paired_state { + local token=$( latch-client-app pairingcode ) + local exp="latch -p $token" + + sudo su $USER_TEST -c "$exp" +} + + +## tests + +function test_ { + + if [ "$2" == "pair" ]; then + case "$3" in + "blank") + local REQUEST="latch -p" + ;; + *) + local REQUEST="latch -p $3" + ;; + esac + + elif [ "$2" == "status" ]; then + local OPERATION_NAME=app_id + local REQUEST="latch -s" + + elif [ "$2" == "unpair" ]; then + local REQUEST="latch -u" + + elif [ "$2" == "ssh-pam" ]; then + local OPERATION_NAME=sshd-login + local P_OPTION=expect + rm_certs + + case "$3" in + "password") + local REQUEST="./sshd.exp $ADDRESS $PASSWD" + ;; + + "passwrong") + local REQUEST="./sshd.exp $ADDRESS XXXX" + ;; + + "otp") + local OPERATION_ID=$( sudo latch-client-app --config getid $OPERATION_NAME ) + local REQUEST="./sshd.exp $ADDRESS $PASSWD $OPERATION_ID" + ;; + + "otpwrong") + local OPERATION_ID=$( sudo latch-client-app --config getid $OPERATION_NAME ) + local REQUEST="./sshd.exp $ADDRESS $PASSWD $OPERATION_ID wrong" + ;; + + "otpblank") + local OPERATION_ID=$( sudo latch-client-app --config getid $OPERATION_NAME ) + local REQUEST="./sshd.exp $ADDRESS $PASSWD $OPERATION_ID blank" + ;; + esac + + elif [ "$2" == "ssh-pkey" ]; then + local OPERATION_NAME=sshd-keys + local P_OPTION=simple + add_certs + local REQUEST='ssh '$ADDRESS' whoami' + + fi + + for arg in "$@"; do + case "$arg" in + "latch-on") + sudo latch-client-app lock -o $OPERATION_NAME + sleep 1 + ;; + + "latch-off") + sudo latch-client-app unlock -o $OPERATION_NAME off + sleep 1 + ;; + + "latch-otp") + sudo latch-client-app unlock -o $OPERATION_NAME on + sleep 1 + ;; + + "invalid-configuration") + config_wrong + ;; + + "action-open") + config_open + ;; + + "action-close") + config_close + ;; + + esac + done + + process_request "$1" "$REQUEST" $P_OPTION + + config_back +} + + +## suit tests ## + +suit_test_pair () { + token=$( latch-client-app pairingcode ) + test_ 1 pair $token invalid-configuration + test_ 2 pair XXXXXX + test_ 3 pair blank + test_ 4 pair $token + test_ 5 pair $token +} + +suit_test_status () { + test_ 7 status latch-on + test_ 8 status latch-off +} + +suit_test_unpair () { + test_ 9 unpair + test_ 10 unpair +} + +suit_test_ssh_pam () { + test_ 1 ssh-pam password latch-on + test_ 2 ssh-pam password latch-on invalid-configuration + test_ 3 ssh-pam password latch-off + test_ 4 ssh-pam passwrong latch-otp + test_ 5 ssh-pam otp latch-otp + test_ 6 ssh-pam otpblank latch-otp + test_ 7 ssh-pam otpwrong latch-otp +} + +suit_test_ssh_pkey () { + test_ 8 ssh-pkey latch-on + test_ 9 ssh-pkey latch-off +} + +suit_test_without_network () { + network_down + + network_up +} + + + +## main ## + +if [ "$1" == "latch" ]; then + OUTPUT_FILE=informe_pruebas_latch.md + OUTPUT_TEMPLATE=informe_pruebas_latch.template + + init_test + + case "$2" in + "all") + prev_info "Completa" + suit_test_pair + suit_test_status + suit_test_unpair + ;; + + "pair") + prev_info "Pareado" + suit_test_pair + ;; + + "status") + prev_info "Consulta de estado de latch" + ensure_paired_state + suit_test_status + ;; + + "unpair") + prev_info "Despareado" + ensure_paired_state + suit_test_unpair + ;; + + *) + esac + + end_test + +elif [ "$1" == "ssh" ]; then + OUTPUT_FILE=informe_pruebas_ssh.md + OUTPUT_TEMPLATE=informe_pruebas_ssh.template + + init_test + ensure_paired_state + + case "$2" in + "all") + prev_info "Completa" + suit_test_ssh_pam + suit_test_ssh_pkey + ;; + "pam") + prev_info "PAM" + suit_test_ssh_pam + ;; + + "pkey") + prev_info "Public-private keys" + suit_test_ssh_pkey + ;; + + *) + esac + + end_test + +else + # superuser required + echo 'Usage: sudo ./test.sh latch [ all | pair | status | unpair ]' + echo ' ssh [ all | pam | pkey ]' +fi + From 3c803b232a77af51443f904a36502aac001ba9f7 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 23 Sep 2014 11:57:36 +0200 Subject: [PATCH 02/49] some changes --- test/internal_test/sshd.exp | 4 ++-- test/internal_test/test.sh | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/test/internal_test/sshd.exp b/test/internal_test/sshd.exp index 21d345a..d65f087 100755 --- a/test/internal_test/sshd.exp +++ b/test/internal_test/sshd.exp @@ -6,7 +6,7 @@ set password [lindex $argv 1] set operation_id [lindex $argv 2] set otp_option [lindex $argv 3] -spawn ssh $username@localhost whoami +spawn ssh $username@localhost echo "ssh user authenticated!" expect { "Password:" { @@ -32,4 +32,4 @@ expect { "connection to host failed: $expect_out(buffer)" exit } -} \ No newline at end of file +} diff --git a/test/internal_test/test.sh b/test/internal_test/test.sh index 2a3b1cb..a8c5745 100755 --- a/test/internal_test/test.sh +++ b/test/internal_test/test.sh @@ -359,6 +359,7 @@ elif [ "$1" == "ssh" ]; then else # superuser required echo 'Usage: sudo ./test.sh latch [ all | pair | status | unpair ]' - echo ' ssh [ all | pam | pkey ]' + echo '' + echo 'version 1.0' fi From 6263dd5a0b0f9b590b92657b773e3beb488679d6 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 29 Sep 2014 09:06:54 +0200 Subject: [PATCH 03/49] drop privs when they are no longer needed --- lib/drop_privs.c | 114 ++++++++++++++++++++++++++++++++++ lib/drop_privs.h | 5 ++ lib/util.c | 48 -------------- lib/util.h | 6 -- modules/SSH/src/Makefile.am | 6 +- modules/SSH/src/Makefile.in | 11 +++- modules/SSH/src/latch_shell.c | 14 +++-- pam/Makefile.am | 2 +- pam/Makefile.in | 6 +- pam/pam_latch.c | 11 +++- src/Makefile.am | 3 +- src/Makefile.in | 8 ++- src/latch_unix.c | 22 ++++++- src/latch_unix.h | 3 + 14 files changed, 187 insertions(+), 72 deletions(-) create mode 100644 lib/drop_privs.c create mode 100644 lib/drop_privs.h diff --git a/lib/drop_privs.c b/lib/drop_privs.c new file mode 100644 index 0000000..59ac0cd --- /dev/null +++ b/lib/drop_privs.c @@ -0,0 +1,114 @@ +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "drop_privs.h" + +static int orig_ngroups = -1; +static gid_t orig_gid = -1; +static uid_t orig_uid = -1; +static gid_t orig_groups[NGROUPS_MAX]; + + + +int drop_privileges(int permanent) { + gid_t newgid = getgid(), oldgid = getegid(); + uid_t newuid = getuid(), olduid = geteuid(); + + if (!permanent) { + /* Save information about the privileges that are being dropped so that they + * can be restored later. + */ + orig_gid = oldgid; + orig_uid = olduid; + orig_ngroups = getgroups(NGROUPS_MAX, orig_groups); + } + + /* If root privileges are to be dropped, be sure to pare down the ancillary + * groups for the process before doing anything else because the setgroups( ) + * system call requires root privileges. Drop ancillary groups regardless of + * whether privileges are being dropped temporarily or permanently. + */ + if (!olduid) setgroups(1, &newgid); + + if (newgid != oldgid) { +#if !defined(linux) + setegid(newgid); + if (permanent && setgid(newgid) == -1) return -1; +#else + if (setregid((permanent ? newgid : -1), newgid) == -1) return -1; +#endif + } + + if (newuid != olduid) { + if (permanent) { + setuid(newuid); + } else { + seteuid(newuid); + } + } + + /* verify that the changes were successful */ + if (permanent) { + if (newgid != oldgid && (setegid(oldgid) != -1 || getegid() != newgid)) + return -1; + if (newuid != olduid && (seteuid(olduid) != -1 || geteuid() != newuid)) + return -1; + } else { + if (newgid != oldgid && getegid() != newgid) return -1; + if (newuid != olduid && geteuid() != newuid) return -1; + } + + return 0; +} + +int restore_privileges(void) { + if (geteuid() != orig_uid) + if (seteuid(orig_uid) == -1 || geteuid() != orig_uid) return -1; + if (getegid() != orig_gid) + if (setegid(orig_gid) == -1 || getegid() != orig_gid) return -1; + if (!orig_uid) + setgroups(orig_ngroups, orig_groups); + + return 0; +} + + +char *get_user_name(){ + + int bufsize; + if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { + return NULL; + } + + char *buffer = malloc(bufsize); + struct passwd pwd, *result = NULL; + if (getpwuid_r(getuid(), &pwd, buffer, bufsize, &result) != 0 || !result) { + return NULL; + } + + return pwd.pw_name; +} + +const char *get_effective_user_name(){ + + int bufsize; + if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { + return NULL; + } + + char *buffer = malloc(bufsize); + struct passwd pwd, *result = NULL; + if (getpwuid_r(geteuid(), &pwd, buffer, bufsize, &result) != 0 || !result) { + return NULL; + } + + return pwd.pw_name; +} diff --git a/lib/drop_privs.h b/lib/drop_privs.h new file mode 100644 index 0000000..bce1f84 --- /dev/null +++ b/lib/drop_privs.h @@ -0,0 +1,5 @@ +int drop_privileges(int permanent); +int restore_privileges(void); + +char *get_user_name(void); +const char *get_effective_user_name(void); diff --git a/lib/util.c b/lib/util.c index c83a397..3a3eee4 100644 --- a/lib/util.c +++ b/lib/util.c @@ -208,51 +208,3 @@ void send_syslog_alert(char *ident, const char *msg){ syslog (LOG_ALERT, msg); closelog (); } - - -char *get_user_name(){ - - int bufsize; - if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { - return NULL; - } - - char *buffer = malloc(bufsize); - struct passwd pwd, *result = NULL; - if (getpwuid_r(getuid(), &pwd, buffer, bufsize, &result) != 0 || !result) { - return NULL; - } - - return pwd.pw_name; -} - -const char *get_effective_user_name(){ - - int bufsize; - if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { - return NULL; - } - - char *buffer = malloc(bufsize); - struct passwd pwd, *result = NULL; - if (getpwuid_r(geteuid(), &pwd, buffer, bufsize, &result) != 0 || !result) { - return NULL; - } - - return pwd.pw_name; -} - -int drop_privileges(){ - - uid_t uid = getuid(); - gid_t gid = getgid(); - - if(setgid(gid) < 0) - return -1; - if(setuid(uid) < 0) - return -1; - if(getgid() != gid || getuid() != uid) - return -1; - - return 0; -} diff --git a/lib/util.h b/lib/util.h index 3c6e915..aca20fe 100644 --- a/lib/util.h +++ b/lib/util.h @@ -45,9 +45,3 @@ const char* getAccountId(const char* pUser, const char* pAccounts); const char* getConfig(int max_size, const char* pParameter, const char* pConfig); void send_syslog_alert(char *ident, const char *msg); - -char *get_user_name(void); -const char *get_effective_user_name(void); - -int drop_privileges(void); - diff --git a/modules/SSH/src/Makefile.am b/modules/SSH/src/Makefile.am index 8e780ba..26e90e3 100644 --- a/modules/SSH/src/Makefile.am +++ b/modules/SSH/src/Makefile.am @@ -6,9 +6,11 @@ LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl bin_PROGRAMS = latch-shell latch_shell_SOURCES = latch_shell.c \ $(top_builddir)/lib/latch.c \ - $(top_builddir)/lib/util.c \ $(top_builddir)/lib/latch.h \ - $(top_builddir)/lib/util.h + $(top_builddir)/lib/util.c \ + $(top_builddir)/lib/util.h \ + $(top_builddir)/lib/drop_privs.c \ + $(top_builddir)/lib/drop_privs.h install-exec-hook: echo "#### Setting SUID for latch-shell ####" diff --git a/modules/SSH/src/Makefile.in b/modules/SSH/src/Makefile.in index 2309473..601c431 100644 --- a/modules/SSH/src/Makefile.in +++ b/modules/SSH/src/Makefile.in @@ -97,7 +97,8 @@ PROGRAMS = $(bin_PROGRAMS) am__dirstamp = $(am__leading_dot)dirstamp am_latch_shell_OBJECTS = latch_shell.$(OBJEXT) \ $(top_builddir)/lib/latch.$(OBJEXT) \ - $(top_builddir)/lib/util.$(OBJEXT) + $(top_builddir)/lib/util.$(OBJEXT) \ + $(top_builddir)/lib/drop_privs.$(OBJEXT) latch_shell_OBJECTS = $(am_latch_shell_OBJECTS) latch_shell_LDADD = $(LDADD) AM_V_lt = $(am__v_lt_@AM_V@) @@ -284,9 +285,11 @@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = no-dependencies latch_shell_SOURCES = latch_shell.c \ $(top_builddir)/lib/latch.c \ - $(top_builddir)/lib/util.c \ $(top_builddir)/lib/latch.h \ - $(top_builddir)/lib/util.h + $(top_builddir)/lib/util.c \ + $(top_builddir)/lib/util.h \ + $(top_builddir)/lib/drop_privs.c \ + $(top_builddir)/lib/drop_privs.h all: all-am @@ -378,6 +381,8 @@ $(top_builddir)/lib/latch.$(OBJEXT): \ $(top_builddir)/lib/$(am__dirstamp) $(top_builddir)/lib/util.$(OBJEXT): \ $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/drop_privs.$(OBJEXT): \ + $(top_builddir)/lib/$(am__dirstamp) latch-shell$(EXEEXT): $(latch_shell_OBJECTS) $(latch_shell_DEPENDENCIES) $(EXTRA_latch_shell_DEPENDENCIES) @rm -f latch-shell$(EXEEXT) diff --git a/modules/SSH/src/latch_shell.c b/modules/SSH/src/latch_shell.c index ae3c478..3133dea 100644 --- a/modules/SSH/src/latch_shell.c +++ b/modules/SSH/src/latch_shell.c @@ -26,6 +26,7 @@ #include "config.h" #include "../../../lib/latch.h" #include "../../../lib/util.h" + #include "../../../lib/drop_privs.h" @@ -35,11 +36,6 @@ static int exec_shell(){ - - if(drop_privileges() != 0){ - return 1; - } - if (getenv("SSH_ORIGINAL_COMMAND") != NULL) { return execl(getenv("SHELL"), getenv("SHELL"), "-c", getenv("SSH_ORIGINAL_COMMAND"), NULL); }else{ @@ -57,6 +53,10 @@ static int latch_shell_status(const char *username, const char *accountsFile, in return 0; } + if(drop_privileges(1)){ + return 1; + } + buffer = status(pAccountId); free((char*)pAccountId); @@ -93,6 +93,10 @@ static int latch_shell_operation_status(const char *username, const char *accoun return res; } + if(drop_privileges(1)){ + return 1; + } + buffer = operationStatus(pAccountId, pOperationId); free((char*)pAccountId); free((char*)pOperationId); diff --git a/pam/Makefile.am b/pam/Makefile.am index b77e119..c2624bc 100644 --- a/pam/Makefile.am +++ b/pam/Makefile.am @@ -7,7 +7,7 @@ if OSLINUX endif lib_LTLIBRARIES = pam_latch.la -pam_latch_la_SOURCES = pam_latch.c ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h +pam_latch_la_SOURCES = pam_latch.c ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h ../lib/drop_privs.c ../lib/drop_privs.h pam_latch_la_LDFLAGS = -module -avoid-version bin_PROGRAMS = test test_SOURCES = test.c diff --git a/pam/Makefile.in b/pam/Makefile.in index 949367f..b260f9c 100644 --- a/pam/Makefile.in +++ b/pam/Makefile.in @@ -125,7 +125,8 @@ am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" LTLIBRARIES = $(lib_LTLIBRARIES) pam_latch_la_LIBADD = am__dirstamp = $(am__leading_dot)dirstamp -am_pam_latch_la_OBJECTS = pam_latch.lo ../lib/latch.lo ../lib/util.lo +am_pam_latch_la_OBJECTS = pam_latch.lo ../lib/latch.lo ../lib/util.lo \ + ../lib/drop_privs.lo pam_latch_la_OBJECTS = $(am_pam_latch_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -317,7 +318,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = no-dependencies lib_LTLIBRARIES = pam_latch.la -pam_latch_la_SOURCES = pam_latch.c ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h +pam_latch_la_SOURCES = pam_latch.c ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h ../lib/drop_privs.c ../lib/drop_privs.h pam_latch_la_LDFLAGS = -module -avoid-version test_SOURCES = test.c pam_latch_LIBS = @LIBS@ -lpam -lcurl -lcrypto -lssl -ldl @@ -396,6 +397,7 @@ clean-libLTLIBRARIES: @: > ../lib/$(am__dirstamp) ../lib/latch.lo: ../lib/$(am__dirstamp) ../lib/util.lo: ../lib/$(am__dirstamp) +../lib/drop_privs.lo: ../lib/$(am__dirstamp) pam_latch.la: $(pam_latch_la_OBJECTS) $(pam_latch_la_DEPENDENCIES) $(EXTRA_pam_latch_la_DEPENDENCIES) $(AM_V_CCLD)$(pam_latch_la_LINK) -rpath $(libdir) $(pam_latch_la_OBJECTS) $(pam_latch_la_LIBADD) $(LIBS) diff --git a/pam/pam_latch.c b/pam/pam_latch.c index 501f9bd..40b6d3f 100644 --- a/pam/pam_latch.c +++ b/pam/pam_latch.c @@ -39,6 +39,7 @@ #include "../lib/latch.h" #include "../lib/util.h" + #include "../lib/drop_privs.h" @@ -224,7 +225,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, cons timeout = 2; } free((char*)pTimeout); - + + if (drop_privileges(0)) { + send_syslog_alert("PAM", "Latch-auth-pam error: Couldn't drop privileges"); + } + init(pAppId, pSecretKey); setHost(pHost); setTimeout(timeout); @@ -240,6 +245,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, cons free((char*)pOperationId); free((char*)pHost); + if (restore_privileges()) { + send_syslog_alert("PAM", "Latch-auth-pam error: Couldn't restore privileges"); + } + if(buffer == NULL || strcmp(buffer,"") == 0){ free(buffer); return default_option; diff --git a/src/Makefile.am b/src/Makefile.am index 85393bb..b03181b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,7 +4,8 @@ DEFS = LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl bin_PROGRAMS = latch -latch_SOURCES = latch_unix.c latch_unix.h ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h ../lib/charset.c ../lib/charset.h +latch_SOURCES = latch_unix.c latch_unix.h ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h \ + ../lib/drop_privs.c ../lib/drop_privs.h ../lib/charset.c ../lib/charset.h install-exec-hook: echo "#### Setting SUID for latch ####" diff --git a/src/Makefile.in b/src/Makefile.in index 2f27464..a2624d9 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -96,7 +96,8 @@ am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am__dirstamp = $(am__leading_dot)dirstamp am_latch_OBJECTS = latch_unix.$(OBJEXT) ../lib/latch.$(OBJEXT) \ - ../lib/util.$(OBJEXT) ../lib/charset.$(OBJEXT) + ../lib/util.$(OBJEXT) ../lib/drop_privs.$(OBJEXT) \ + ../lib/charset.$(OBJEXT) latch_OBJECTS = $(am_latch_OBJECTS) latch_LDADD = $(LDADD) AM_V_lt = $(am__v_lt_@AM_V@) @@ -281,7 +282,9 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = no-dependencies -latch_SOURCES = latch_unix.c latch_unix.h ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h ../lib/charset.c ../lib/charset.h +latch_SOURCES = latch_unix.c latch_unix.h ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h \ + ../lib/drop_privs.c ../lib/drop_privs.h ../lib/charset.c ../lib/charset.h + all: all-am .SUFFIXES: @@ -370,6 +373,7 @@ clean-binPROGRAMS: @: > ../lib/$(am__dirstamp) ../lib/latch.$(OBJEXT): ../lib/$(am__dirstamp) ../lib/util.$(OBJEXT): ../lib/$(am__dirstamp) +../lib/drop_privs.$(OBJEXT): ../lib/$(am__dirstamp) ../lib/charset.$(OBJEXT): ../lib/$(am__dirstamp) latch$(EXEEXT): $(latch_OBJECTS) $(latch_DEPENDENCIES) $(EXTRA_latch_DEPENDENCIES) diff --git a/src/latch_unix.c b/src/latch_unix.c index 91dea06..aeba934 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -30,6 +30,7 @@ #include "latch_unix.h" #include "../lib/latch.h" #include "../lib/util.h" +#include "../lib/drop_privs.h" #include "../lib/charset.h" @@ -57,6 +58,10 @@ static int latch_pair(const char *username, const char *accountsFile, char *pair return 1; } + if (drop_privileges(0)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + } + if (! validCode(pairingCode)) { fprintf(stderr, "%s\n", INVALID_TOKEN_FORMAT_MSG); return 1; @@ -76,6 +81,11 @@ static int latch_pair(const char *username, const char *accountsFile, char *pair acc_id = malloc(ACCOUNT_ID_LENGTH + 1); strncpy(acc_id, pstr, ACCOUNT_ID_LENGTH); acc_id[ACCOUNT_ID_LENGTH] = '\0'; + + if (restore_privileges()) { + fprintf(stderr, "%s\n", RESTORE_PRIVS_ERROR_MSG); + } + if (appendAccountId(username, acc_id, accountsFile) == -1) { fprintf(stderr, "%s %s\n", WRITE_ACC_FILE_ERROR_MSG, accountsFile); res = 1; @@ -118,6 +128,9 @@ static int latch_unpair(const char *username, const char *accountsFile) { fprintf(stdout, UNPAIRING_SUCCESS_$USER_MSG, username); if (countAccountId(pAccountId, accountsFile) == 0) { + if (drop_privileges(1)) { + fprintf(stderr, "%s\n", DROP_PRIVS_ERROR_MSG); + } buffer = unpair(pAccountId); free(buffer); } @@ -137,6 +150,10 @@ static int latch_status(const char *username, const char *accountsFile) { return 1; } + if (drop_privileges(1)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + } + fprintf(stdout, CHECK_STATUS_$USER_MSG, username); buffer = status(pAccountId); @@ -183,7 +200,6 @@ static int latch_operation_status(const char *username, const char *accountsFile } pOperationId = getConfig(OPERATION_ID_LENGTH, operation, configFile); - if(pOperationId == NULL || strcmp(pOperationId,"") == 0){ fprintf(stderr, STATUS_NOT_OP_ERROR_$OP_$CFILE_MSG, operation, configFile); free((char*)pAccountId); @@ -191,6 +207,10 @@ static int latch_operation_status(const char *username, const char *accountsFile return 1; } + if (drop_privileges(1)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + } + fprintf(stdout, CHECK_STATUS_$USER_$OP_MSG, username, operation); buffer = operationStatus(pAccountId, pOperationId); diff --git a/src/latch_unix.h b/src/latch_unix.h index d376b07..1599abf 100644 --- a/src/latch_unix.h +++ b/src/latch_unix.h @@ -58,3 +58,6 @@ #define UNKNOWN_OPT_CHAR_$OPT_MSG "Unknown option character `\\x%x'.\n" #define UNKNOWN_OPT_$OPT_MSG "Unknown option `-%c'.\n" #define REQUIRED_ARG_$OPT_MSG "Option -%c requires an argument.\n" + +#define DROP_PRIVS_ERROR_MSG "Couldn't drop privileges." +#define RESTORE_PRIVS_ERROR_MSG "Couldn't restore privileges." From c17ec3098620267bdeb8ff6c15216b6b0da9dc42 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 29 Sep 2014 12:23:28 +0200 Subject: [PATCH 04/49] fix i4326 --- lib/drop_privs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/drop_privs.c b/lib/drop_privs.c index 59ac0cd..77a8d9b 100644 --- a/lib/drop_privs.c +++ b/lib/drop_privs.c @@ -85,7 +85,7 @@ char *get_user_name(){ int bufsize; if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { - return NULL; + bufsize = 1024; } char *buffer = malloc(bufsize); From aacd0224d978ebfb1890970ca282dc599ee4ce70 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Thu, 2 Oct 2014 09:28:08 +0200 Subject: [PATCH 05/49] Fix i4374 --- src/latch_unix.c | 106 +++++++++++++++++++++++++++-------------------- 1 file changed, 60 insertions(+), 46 deletions(-) diff --git a/src/latch_unix.c b/src/latch_unix.c index aeba934..89fcfc2 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -44,24 +44,17 @@ void print_version() { } -static int latch_pair(const char *username, const char *accountsFile, char *pairingCode) { +static int latch_pair(const char *username, const char *pAccountId, const char *accountsFile, int aperms, char *pairingCode) { int res = 0; - const char *pAccountId = NULL; char *acc_id = NULL; char *buffer = NULL; char *pstr = NULL; - pAccountId = getAccountId(username, accountsFile); if (pAccountId != NULL) { fprintf(stderr, ALREADY_PAIRED_$USER_MSG, username); - free((char*)pAccountId); return 1; } - if (drop_privileges(0)) { - printf("%s\n", DROP_PRIVS_ERROR_MSG); - } - if (! validCode(pairingCode)) { fprintf(stderr, "%s\n", INVALID_TOKEN_FORMAT_MSG); return 1; @@ -82,7 +75,7 @@ static int latch_pair(const char *username, const char *accountsFile, char *pair strncpy(acc_id, pstr, ACCOUNT_ID_LENGTH); acc_id[ACCOUNT_ID_LENGTH] = '\0'; - if (restore_privileges()) { + if (aperms && restore_privileges()) { fprintf(stderr, "%s\n", RESTORE_PRIVS_ERROR_MSG); } @@ -109,17 +102,20 @@ static int latch_pair(const char *username, const char *accountsFile, char *pair return res; } -static int latch_unpair(const char *username, const char *accountsFile) { +static int latch_unpair(const char *username, const char *pAccountId, const char *accountsFile, int aperms) { int res = 0; const char *pAccountId = NULL; char *buffer = NULL; - pAccountId = getAccountId(username, accountsFile); if (pAccountId == NULL) { fprintf(stderr, NOT_PAIRED_$USER_MSG, username); return 1; } + if (aperms && restore_privileges()) { + printf("%s\n", RESTORE_PRIVS_ERROR_MSG); + } + if (deleteAccountId(username, accountsFile) == -1) { fprintf(stderr, "%s %s\n", WRITE_ACC_FILE_ERROR_MSG, accountsFile); free((char*)pAccountId); @@ -135,30 +131,21 @@ static int latch_unpair(const char *username, const char *accountsFile) { free(buffer); } - free((char*)pAccountId); return res; } -static int latch_status(const char *username, const char *accountsFile) { +static int latch_status(const char *username, const char *pAccountId) { int res = 0; - const char *pAccountId = NULL; char *buffer = NULL; - pAccountId = getAccountId(username, accountsFile); if (pAccountId == NULL) { fprintf(stderr, NOT_PAIRED_$USER_MSG, username); return 1; } - if (drop_privileges(1)) { - printf("%s\n", DROP_PRIVS_ERROR_MSG); - } - fprintf(stdout, CHECK_STATUS_$USER_MSG, username); buffer = status(pAccountId); - free((char*)pAccountId); - if(buffer == NULL || strcmp(buffer,"") == 0) { fprintf(stderr, "%s\n", CONNECTION_SERVER_ERROR_MSG); free(buffer); @@ -187,35 +174,17 @@ static int latch_status(const char *username, const char *accountsFile) { return res; } -static int latch_operation_status(const char *username, const char *accountsFile, const char *configFile, const char *operation) { +static int latch_operation_status(const char *username, const char *pAccountId, const char *pOperationId) { int res = 0; - const char *pAccountId = NULL; - const char *pOperationId = NULL; char *buffer = NULL; - pAccountId = getAccountId(username, accountsFile); if (pAccountId == NULL) { fprintf(stderr, NOT_PAIRED_$USER_MSG, username); return 1; } - - pOperationId = getConfig(OPERATION_ID_LENGTH, operation, configFile); - if(pOperationId == NULL || strcmp(pOperationId,"") == 0){ - fprintf(stderr, STATUS_NOT_OP_ERROR_$OP_$CFILE_MSG, operation, configFile); - free((char*)pAccountId); - free((char*)pOperationId); - return 1; - } - - if (drop_privileges(1)) { - printf("%s\n", DROP_PRIVS_ERROR_MSG); - } fprintf(stdout, CHECK_STATUS_$USER_$OP_MSG, username, operation); buffer = operationStatus(pAccountId, pOperationId); - - free((char*)pAccountId); - free((char*)pOperationId); if(buffer == NULL || strcmp(buffer,"") == 0) { fprintf(stderr, "%s\n", CONNECTION_SERVER_ERROR_MSG); @@ -248,6 +217,8 @@ static int latch_operation_status(const char *username, const char *accountsFile int main(int argc, char **argv) { + int fperms = 0; + int aperms = 0; int hflag = 0; int vflag = 0; int uflag = 0; @@ -258,11 +229,13 @@ int main(int argc, char **argv) { char *ovalue = NULL; int index = 0; int c; + const char *pAccountId = NULL; const char* pUsername = NULL; const char *pSecretKey = NULL; const char *pAppId = NULL; const char *pHost = NULL; - const char *pTimeout = NULL; + const char *pTimeout = NULL; + const char *pOperationId = NULL; int timeout = 2; int res = 0; FILE *f; @@ -342,6 +315,7 @@ int main(int argc, char **argv) { if (avalue == NULL) { avalue = DEFAULT_LATCH_ACCOUNTS_FILE; + aperms = 1; } else if (access(avalue, W_OK|R_OK) != 0) { fprintf(stderr, ACCESS_RW_ERROR_$USER_$FILE_MSG, pUsername, avalue); return 1; @@ -349,11 +323,17 @@ int main(int argc, char **argv) { if (fvalue == NULL) { fvalue = DEFAULT_LATCH_CONFIG_FILE; + fperms = 1; } else if (access(fvalue, R_OK) != 0) { fprintf(stderr, ACCESS_R_ERROR_$USER_$FILE_MSG, pUsername, fvalue); return 1; } + if (!fperms && drop_privileges(0)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + return 1; + } + pAppId = getConfig(APP_ID_LENGTH, "app_id", fvalue); pSecretKey = getConfig(SECRET_KEY_LENGTH, "secret_key", fvalue); @@ -362,6 +342,11 @@ int main(int argc, char **argv) { return 1; } + if(ovalue && pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue) == NULL) { + fprintf(stderr, STATUS_NOT_OP_ERROR_$OP_$CFILE_MSG, ovalue, fvalue); + return 1; + } + pHost = getConfig(MAX_SIZE, "latch_host", fvalue); if(pHost == NULL) { pHost = malloc(LATCH_API_HOST_LENGTH + 1); @@ -378,19 +363,48 @@ int main(int argc, char **argv) { init(pAppId, pSecretKey); setHost(pHost); setTimeout(timeout); - + + if (!aperms && drop_privileges(0)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + return 1; + } + + if (!fperms && aperms && restore_privileges()) { + printf("%s\n", RESTORE_PRIVS_ERROR_MSG); + } + + pAccountId = getAccountId(username, avalue); + if (sflag) { - res = latch_status(pUsername, avalue); + if (drop_privileges(1)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + return 1; + } + res = latch_status(pUsername, pAccountId); } else if (ovalue) { - res = latch_operation_status(pUsername, avalue, fvalue, ovalue); + if (drop_privileges(1)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + return 1; + } + res = latch_operation_status(pUsername, pAccountId, pOperationId); } else if (uflag) { - res = latch_unpair(pUsername, avalue); + if (drop_privileges(0)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + return 1; + } + res = latch_unpair(pUsername, pAccountId, avalue, aperms); } else if (pvalue) { - res = latch_pair(pUsername, avalue, pvalue); + if (drop_privileges(0)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + return 1; + } + res = latch_pair(pUsername, pAccountId, avalue, aperms, pvalue); } + free((char*)pAccountId); free((char*)pAppId); free((char*)pSecretKey); free((char*)pHost); + free((char*)pOperationId); return res; } From b9819ffd806322c4e94dd3044129ed000f575333 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Thu, 2 Oct 2014 09:42:29 +0200 Subject: [PATCH 06/49] save only first user privileges --- lib/drop_privs.c | 92 ++++++++++++++++++++++++------------------------ 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/lib/drop_privs.c b/lib/drop_privs.c index 77a8d9b..4c37582 100644 --- a/lib/drop_privs.c +++ b/lib/drop_privs.c @@ -2,7 +2,6 @@ #include #include #include - #include #include #include @@ -11,6 +10,7 @@ #include "drop_privs.h" + static int orig_ngroups = -1; static gid_t orig_gid = -1; static uid_t orig_uid = -1; @@ -19,65 +19,65 @@ static gid_t orig_groups[NGROUPS_MAX]; int drop_privileges(int permanent) { - gid_t newgid = getgid(), oldgid = getegid(); - uid_t newuid = getuid(), olduid = geteuid(); + gid_t newgid = getgid(), oldgid = getegid(); + uid_t newuid = getuid(), olduid = geteuid(); - if (!permanent) { - /* Save information about the privileges that are being dropped so that they - * can be restored later. - */ - orig_gid = oldgid; - orig_uid = olduid; - orig_ngroups = getgroups(NGROUPS_MAX, orig_groups); - } + if (!permanent && orig_uid == -1 && orig_gid == -1 && orig_ngroups == -1) { + /* Save information about the privileges that are being dropped so that they + * can be restored later. Only once. + */ + orig_gid = oldgid; + orig_uid = olduid; + orig_ngroups = getgroups(NGROUPS_MAX, orig_groups); + } - /* If root privileges are to be dropped, be sure to pare down the ancillary - * groups for the process before doing anything else because the setgroups( ) - * system call requires root privileges. Drop ancillary groups regardless of - * whether privileges are being dropped temporarily or permanently. - */ - if (!olduid) setgroups(1, &newgid); + /* If root privileges are to be dropped, be sure to pare down the ancillary + * groups for the process before doing anything else because the setgroups( ) + * system call requires root privileges. Drop ancillary groups regardless of + * whether privileges are being dropped temporarily or permanently. + */ + if (!olduid) setgroups(1, &newgid); - if (newgid != oldgid) { + if (newgid != oldgid) { #if !defined(linux) - setegid(newgid); - if (permanent && setgid(newgid) == -1) return -1; + setegid(newgid); + if (permanent && setgid(newgid) == -1) return -1; #else - if (setregid((permanent ? newgid : -1), newgid) == -1) return -1; + if (setregid((permanent ? newgid : -1), newgid) == -1) return -1; #endif - } + } - if (newuid != olduid) { + if (newuid != olduid) { + if (permanent) { + setuid(newuid); + } else { + seteuid(newuid); + } + } + + /* verify that the changes were successful */ if (permanent) { - setuid(newuid); + if (newgid != oldgid && (setegid(oldgid) != -1 || getegid() != newgid)) + return -1; + if (newuid != olduid && (seteuid(olduid) != -1 || geteuid() != newuid)) + return -1; } else { - seteuid(newuid); + if (newgid != oldgid && getegid() != newgid) return -1; + if (newuid != olduid && geteuid() != newuid) return -1; } - } - - /* verify that the changes were successful */ - if (permanent) { - if (newgid != oldgid && (setegid(oldgid) != -1 || getegid() != newgid)) - return -1; - if (newuid != olduid && (seteuid(olduid) != -1 || geteuid() != newuid)) - return -1; - } else { - if (newgid != oldgid && getegid() != newgid) return -1; - if (newuid != olduid && geteuid() != newuid) return -1; - } - return 0; + return 0; } int restore_privileges(void) { - if (geteuid() != orig_uid) - if (seteuid(orig_uid) == -1 || geteuid() != orig_uid) return -1; - if (getegid() != orig_gid) - if (setegid(orig_gid) == -1 || getegid() != orig_gid) return -1; - if (!orig_uid) - setgroups(orig_ngroups, orig_groups); - - return 0; + if (geteuid() != orig_uid) + if (seteuid(orig_uid) == -1 || geteuid() != orig_uid) return -1; + if (getegid() != orig_gid) + if (setegid(orig_gid) == -1 || getegid() != orig_gid) return -1; + if (!orig_uid) + setgroups(orig_ngroups, orig_groups); + + return 0; } From a2ff068dff0deabcd826cec67cab174ed1580053 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Fri, 3 Oct 2014 08:21:07 +0200 Subject: [PATCH 07/49] fix some bugs --- src/latch_unix.c | 7 +++---- src/latch_unix.h | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/latch_unix.c b/src/latch_unix.c index 89fcfc2..ae86523 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -104,7 +104,6 @@ static int latch_pair(const char *username, const char *pAccountId, const char * static int latch_unpair(const char *username, const char *pAccountId, const char *accountsFile, int aperms) { int res = 0; - const char *pAccountId = NULL; char *buffer = NULL; if (pAccountId == NULL) { @@ -183,7 +182,7 @@ static int latch_operation_status(const char *username, const char *pAccountId, return 1; } - fprintf(stdout, CHECK_STATUS_$USER_$OP_MSG, username, operation); + fprintf(stdout, CHECK_STATUS_$USER_MSG, username); buffer = operationStatus(pAccountId, pOperationId); if(buffer == NULL || strcmp(buffer,"") == 0) { @@ -342,7 +341,7 @@ int main(int argc, char **argv) { return 1; } - if(ovalue && pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue) == NULL) { + if(ovalue && (pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue) == NULL)) { fprintf(stderr, STATUS_NOT_OP_ERROR_$OP_$CFILE_MSG, ovalue, fvalue); return 1; } @@ -373,7 +372,7 @@ int main(int argc, char **argv) { printf("%s\n", RESTORE_PRIVS_ERROR_MSG); } - pAccountId = getAccountId(username, avalue); + pAccountId = getAccountId(pUsername, avalue); if (sflag) { if (drop_privileges(1)) { diff --git a/src/latch_unix.h b/src/latch_unix.h index 1599abf..40fc1a6 100644 --- a/src/latch_unix.h +++ b/src/latch_unix.h @@ -46,7 +46,7 @@ #define NOT_PAIRED_$USER_MSG "The user %s is not paired with latch\n" #define CHECK_STATUS_$USER_MSG "Checking status for user %s...\n" -#define CHECK_STATUS_$USER_$OP_MSG "Checking status for user %s in operation %s...\n" +#define CHECK_STATUS_$USER_$OP_MSG "Checking status for user %s in operation...\n" #define GET_USERNAME_ERROR_MSG "Unknown user" From 2cee3355d038429a508ee86b0ed053138931d962 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Fri, 3 Oct 2014 09:04:19 +0200 Subject: [PATCH 08/49] add drop privs to latch shell --- modules/SSH/src/latch_shell.c | 61 +++++++++++++++++++++-------------- src/latch_unix.c | 35 +++++++------------- 2 files changed, 49 insertions(+), 47 deletions(-) diff --git a/modules/SSH/src/latch_shell.c b/modules/SSH/src/latch_shell.c index 3133dea..c72b44f 100644 --- a/modules/SSH/src/latch_shell.c +++ b/modules/SSH/src/latch_shell.c @@ -43,22 +43,15 @@ static int exec_shell(){ } } -static int latch_shell_status(const char *username, const char *accountsFile, int defaultOption) { +static int latch_shell_status(const char *pAccountId, int defaultOption) { int res = 0; - const char *pAccountId = NULL; char *buffer = NULL; - pAccountId = getAccountId(username, accountsFile); if (pAccountId == NULL) { return 0; } - if(drop_privileges(1)){ - return 1; - } - buffer = status(pAccountId); - free((char*)pAccountId); if(buffer == NULL || strcmp(buffer,"") == 0) { free(buffer); @@ -75,14 +68,10 @@ static int latch_shell_status(const char *username, const char *accountsFile, in return res; } -static int latch_shell_operation_status(const char *username, const char *accountsFile, - const char *configFile, const char *operation, int defaultOption) { +static int latch_shell_operation_status(const char *pAccountId, const char *pOperationId, int defaultOption) { int res = 0; - const char *pAccountId = NULL; - const char *pOperationId = NULL; char *buffer = NULL; - pAccountId = getAccountId(username, accountsFile); if (pAccountId == NULL) { return 0; } @@ -93,13 +82,7 @@ static int latch_shell_operation_status(const char *username, const char *accoun return res; } - if(drop_privileges(1)){ - return 1; - } - buffer = operationStatus(pAccountId, pOperationId); - free((char*)pAccountId); - free((char*)pOperationId); if(buffer == NULL || strcmp(buffer,"") == 0) { free(buffer); @@ -119,6 +102,8 @@ static int latch_shell_operation_status(const char *username, const char *accoun int main(int argc, char **argv) { + int fperms = 0; + int aperms = 0; int sflag = 0; char *fvalue = NULL; char *avalue = NULL; @@ -126,11 +111,13 @@ int main(int argc, char **argv) { int index; int c; int error = 0; + const char *pAccountId = NULL; const char* pUsername = NULL; const char* pSecretKey = NULL; const char* pAppId = NULL; const char* pHost = NULL; const char* pTimeout = NULL; + const char *pOperationId = NULL; char* pDefaultOption = NULL; char *buffer; int timeout = 2; @@ -180,22 +167,32 @@ int main(int argc, char **argv) { if (avalue == NULL) { avalue = DEFAULT_LATCH_ACCOUNTS_FILE; + aperms = 1; } else if (access(avalue, R_OK) != 0) { return 1; } if (fvalue == NULL) { fvalue = DEFAULT_LATCH_CONFIG_FILE; + fperms = 1; } else if (access(fvalue, R_OK) != 0) { return 1; } + if (!fperms && drop_privileges(0)) { + return 1; + } + pAppId = getConfig(APP_ID_LENGTH, "app_id", fvalue); pSecretKey = getConfig(SECRET_KEY_LENGTH, "secret_key", fvalue); if(pAppId == NULL || pSecretKey == NULL || strcmp(pAppId, "") == 0 || strcmp(pSecretKey, "") == 0){ return exec_shell(); } + + if(ovalue && (pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue) == NULL)) { + return 1; + } pDefaultOption = (char*)getConfig(DEFAULT_OPTION_MAX_LENGTH, "action", fvalue); if (pDefaultOption == NULL) { @@ -216,31 +213,47 @@ int main(int argc, char **argv) { free((char*)pDefaultOption); pHost = getConfig(MAX_SIZE, "latch_host", fvalue); - if(pHost == NULL) { + if (pHost == NULL) { pHost = malloc(LATCH_API_HOST_LENGTH + 1); memset((char*)pHost, 0, LATCH_API_HOST_LENGTH + 1); strncpy((char*)pHost, LATCH_API_HOST, LATCH_API_HOST_LENGTH); } pTimeout = getConfig(TIMEOUT_MAX_LENGTH, "timeout", fvalue); - if(pTimeout == NULL || ((timeout = atoi(pTimeout)) < TIMEOUT_MIN) || timeout > TIMEOUT_MAX) { + if (pTimeout == NULL || ((timeout = atoi(pTimeout)) < TIMEOUT_MIN) || timeout > TIMEOUT_MAX) { timeout = 2; } free((char*)pTimeout); - + + if (!aperms && drop_privileges(0)) { + return 1; + } + + if (aperms && !fperms) { + restore_privileges(); + } + + pAccountId = getAccountId(pUsername, avalue); + + if (drop_privileges(1)) { + return 1; + } + init(pAppId, pSecretKey); setHost(pHost); setTimeout(timeout); if (sflag) { - res = latch_shell_status(pUsername, avalue, default_option); + res = latch_shell_status(pAccountId, default_option); } else if (ovalue) { - res = latch_shell_operation_status(pUsername, avalue, fvalue, ovalue, default_option); + res = latch_shell_operation_status(pAccountId, pOperationId, default_option); } + free((char*)pAccountId); free((char*)pAppId); free((char*)pSecretKey); free((char*)pHost); + free((char*)pOperationId); if (! res) { res = exec_shell(); diff --git a/src/latch_unix.c b/src/latch_unix.c index ae86523..0919d12 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -358,45 +358,34 @@ int main(int argc, char **argv) { timeout = 2; } free((char*)pTimeout); - - init(pAppId, pSecretKey); - setHost(pHost); - setTimeout(timeout); if (!aperms && drop_privileges(0)) { printf("%s\n", DROP_PRIVS_ERROR_MSG); return 1; - } + } - if (!fperms && aperms && restore_privileges()) { + if (aperms && !fperms && restore_privileges()) { printf("%s\n", RESTORE_PRIVS_ERROR_MSG); } pAccountId = getAccountId(pUsername, avalue); - + + if (drop_privileges(0)) { + printf("%s\n", DROP_PRIVS_ERROR_MSG); + return 1; + } + + init(pAppId, pSecretKey); + setHost(pHost); + setTimeout(timeout); + if (sflag) { - if (drop_privileges(1)) { - printf("%s\n", DROP_PRIVS_ERROR_MSG); - return 1; - } res = latch_status(pUsername, pAccountId); } else if (ovalue) { - if (drop_privileges(1)) { - printf("%s\n", DROP_PRIVS_ERROR_MSG); - return 1; - } res = latch_operation_status(pUsername, pAccountId, pOperationId); } else if (uflag) { - if (drop_privileges(0)) { - printf("%s\n", DROP_PRIVS_ERROR_MSG); - return 1; - } res = latch_unpair(pUsername, pAccountId, avalue, aperms); } else if (pvalue) { - if (drop_privileges(0)) { - printf("%s\n", DROP_PRIVS_ERROR_MSG); - return 1; - } res = latch_pair(pUsername, pAccountId, avalue, aperms, pvalue); } From 5708a53865b486be483b9d95ae0e9ec3bfa2ee2e Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Fri, 3 Oct 2014 09:16:34 +0200 Subject: [PATCH 09/49] fix bug --- modules/SSH/src/latch_shell.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/SSH/src/latch_shell.c b/modules/SSH/src/latch_shell.c index c72b44f..6bb4a09 100644 --- a/modules/SSH/src/latch_shell.c +++ b/modules/SSH/src/latch_shell.c @@ -75,12 +75,6 @@ static int latch_shell_operation_status(const char *pAccountId, const char *pOpe if (pAccountId == NULL) { return 0; } - - pOperationId = getConfig(OPERATION_ID_LENGTH, operation, configFile); - if(pOperationId == NULL || strcmp(pOperationId, "") == 0){ - free((char*)pAccountId); - return res; - } buffer = operationStatus(pAccountId, pOperationId); From 7acc390b1f106b58617ad324b590ebb3c20818f1 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Fri, 3 Oct 2014 09:29:25 +0200 Subject: [PATCH 10/49] update version --- ChangeLog | 6 ++++++ src/latch_unix.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e69de29..e2be0cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -0,0 +1,6 @@ +* latch_1.1. +- Fix error when sysconf call fails. +- Use minimum privileges policy. + +* latch_1.0. +Initial version. diff --git a/src/latch_unix.h b/src/latch_unix.h index 40fc1a6..0a027ba 100644 --- a/src/latch_unix.h +++ b/src/latch_unix.h @@ -19,7 +19,7 @@ "Report latch bugs to latch-help@support.elevenpaths.com\n"\ "For more information, \n"\ -#define LATCH_VERSION "latch_1.0" +#define LATCH_VERSION "latch_1.1" #define LATCH_ERROR_102_MSG "Invalid Application ID or Secret Key" #define LATCH_ERROR_109_MSG "Something went wrong. Review your date & time settings." From 900368a9d304fbe2bd746de605b772623ab20a7f Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Fri, 24 Oct 2014 12:39:26 +0200 Subject: [PATCH 11/49] allow to use ./configure flags --- ChangeLog | 1 + Makefile.am | 28 ++-- Makefile.in | 28 ++-- config.h.in | 2 +- configure | 26 ++-- configure.ac | 8 +- lib/util.h | 11 +- modules/SSH/src/Makefile.am | 13 +- modules/SSH/src/Makefile.in | 29 ++-- .../{latch_shell.c => latch_ssh_command.c} | 7 +- pam/Makefile.am | 12 +- pam/Makefile.in | 143 +++++++----------- src/Makefile.am | 6 +- src/Makefile.in | 36 +++-- src/latch_unix.c | 12 +- src/latch_unix.h | 11 +- test/installation_test/check_configure.sh | 93 ++++++++++++ 17 files changed, 270 insertions(+), 196 deletions(-) rename modules/SSH/src/{latch_shell.c => latch_ssh_command.c} (98%) create mode 100755 test/installation_test/check_configure.sh diff --git a/ChangeLog b/ChangeLog index e2be0cb..59a5c67 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ * latch_1.1. - Fix error when sysconf call fails. - Use minimum privileges policy. +- Allow local installation. * latch_1.0. Initial version. diff --git a/Makefile.am b/Makefile.am index 85d2fc7..a3c7eef 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3,31 +3,31 @@ ACLOCAL_AMFLAGS = -I m4 SUBDIRS = src pam modules/SSH/src -EXTRA_DIST = AUTHORS ChangeLog NEWS README.md +EXTRA_DIST = ChangeLog README.md install-data-local: - $(MKDIR_P) $(DESTDIR)$(sysconfdir) - -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch.conf ]; then \ - cp examples/latch/latch.conf $(DESTDIR)$(sysconfdir)/latch.conf; \ - echo "Created ${DESTDIR}$(sysconfdir)/latch.conf"; \ + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/latch + -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch/latch.conf ]; then \ + cp examples/latch/latch.conf $(DESTDIR)$(sysconfdir)/latch/latch.conf; \ + echo "Created ${DESTDIR}$(sysconfdir)/latch/latch.conf"; \ echo "Please edit it to add your Application Id and your Secret Key"; \ else \ - echo "Found existing ${DESTDIR}$(sysconfdir)/latch.conf - updating permissions"; \ + echo "Found existing ${DESTDIR}$(sysconfdir)/latch/latch.conf - updating permissions"; \ fi - -chmod 600 $(DESTDIR)$(sysconfdir)/latch.conf - -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch.accounts ]; then \ - cp examples/latch/latch.accounts $(DESTDIR)$(sysconfdir)/latch.accounts; \ - echo "Created ${DESTDIR}$(sysconfdir)/latch.accounts"; \ + -chmod 600 $(DESTDIR)$(sysconfdir)/latch/latch.conf + -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch/latch.accounts ]; then \ + cp examples/latch/latch.accounts $(DESTDIR)$(sysconfdir)/latch/latch.accounts; \ + echo "Created ${DESTDIR}$(sysconfdir)/latch/latch.accounts"; \ else \ - echo "Found existing ${DESTDIR}$(sysconfdir)/latch.accounts - updating permissions"; \ + echo "Found existing ${DESTDIR}$(sysconfdir)/latch/latch.accounts - updating permissions"; \ fi - -chmod 600 $(DESTDIR)$(sysconfdir)/latch.accounts + -chmod 600 $(DESTDIR)$(sysconfdir)/latch/latch.accounts uninstall-local: - -@if [ -d $(DESTDIR)$(sysconfdir) ]; then \ + -@if [ -d $(DESTDIR)$(sysconfdir)/latch ]; then \ echo "Removing latch conf directory..."; \ - rm -R $(DESTDIR)$(sysconfdir); \ + rm -R $(DESTDIR)$(sysconfdir)/latch; \ fi diff --git a/Makefile.in b/Makefile.in index f277154..628e83f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -321,7 +321,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ ACLOCAL_AMFLAGS = -I m4 SUBDIRS = src pam modules/SSH/src -EXTRA_DIST = AUTHORS ChangeLog NEWS README.md +EXTRA_DIST = ChangeLog README.md all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -798,27 +798,27 @@ uninstall-am: uninstall-local install-data-local: - $(MKDIR_P) $(DESTDIR)$(sysconfdir) - -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch.conf ]; then \ - cp examples/latch/latch.conf $(DESTDIR)$(sysconfdir)/latch.conf; \ - echo "Created ${DESTDIR}$(sysconfdir)/latch.conf"; \ + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/latch + -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch/latch.conf ]; then \ + cp examples/latch/latch.conf $(DESTDIR)$(sysconfdir)/latch/latch.conf; \ + echo "Created ${DESTDIR}$(sysconfdir)/latch/latch.conf"; \ echo "Please edit it to add your Application Id and your Secret Key"; \ else \ - echo "Found existing ${DESTDIR}$(sysconfdir)/latch.conf - updating permissions"; \ + echo "Found existing ${DESTDIR}$(sysconfdir)/latch/latch.conf - updating permissions"; \ fi - -chmod 600 $(DESTDIR)$(sysconfdir)/latch.conf - -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch.accounts ]; then \ - cp examples/latch/latch.accounts $(DESTDIR)$(sysconfdir)/latch.accounts; \ - echo "Created ${DESTDIR}$(sysconfdir)/latch.accounts"; \ + -chmod 600 $(DESTDIR)$(sysconfdir)/latch/latch.conf + -@if [ ! -f $(DESTDIR)$(sysconfdir)/latch/latch.accounts ]; then \ + cp examples/latch/latch.accounts $(DESTDIR)$(sysconfdir)/latch/latch.accounts; \ + echo "Created ${DESTDIR}$(sysconfdir)/latch/latch.accounts"; \ else \ - echo "Found existing ${DESTDIR}$(sysconfdir)/latch.accounts - updating permissions"; \ + echo "Found existing ${DESTDIR}$(sysconfdir)/latch/latch.accounts - updating permissions"; \ fi - -chmod 600 $(DESTDIR)$(sysconfdir)/latch.accounts + -chmod 600 $(DESTDIR)$(sysconfdir)/latch/latch.accounts uninstall-local: - -@if [ -d $(DESTDIR)$(sysconfdir) ]; then \ + -@if [ -d $(DESTDIR)$(sysconfdir)/latch ]; then \ echo "Removing latch conf directory..."; \ - rm -R $(DESTDIR)$(sysconfdir); \ + rm -R $(DESTDIR)$(sysconfdir)/latch; \ fi # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/config.h.in b/config.h.in index 8d1fa42..f2d3a64 100644 --- a/config.h.in +++ b/config.h.in @@ -112,7 +112,7 @@ /* HP-UX System */ #undef HPUX -/* Configuration directory */ +/* Latch configuration directory */ #undef LATCH_CONF_DIR /* Linux System */ diff --git a/configure b/configure index 9d1147e..764acb9 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for latch 1.0. +# Generated by GNU Autoconf 2.69 for latch 1.1. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='latch' PACKAGE_TARNAME='latch' -PACKAGE_VERSION='1.0' -PACKAGE_STRING='latch 1.0' +PACKAGE_VERSION='1.1' +PACKAGE_STRING='latch 1.1' PACKAGE_BUGREPORT='latch-help@support.elevenpaths.com' PACKAGE_URL='' @@ -1321,7 +1321,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures latch 1.0 to adapt to many kinds of systems. +\`configure' configures latch 1.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1391,7 +1391,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of latch 1.0:";; + short | recursive ) echo "Configuration of latch 1.1:";; esac cat <<\_ACEOF @@ -1501,7 +1501,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -latch configure 1.0 +latch configure 1.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1924,7 +1924,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by latch $as_me 1.0, which was +It was created by latch $as_me 1.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2790,7 +2790,7 @@ fi # Define the identity of the package. PACKAGE='latch' - VERSION='1.0' + VERSION='1.1' cat >>confdefs.h <<_ACEOF @@ -12639,14 +12639,14 @@ fi done -# Default sysconfdir to /etc/latch -test "$sysconfdir" = '${prefix}/etc' && sysconfdir=/etc/latch +# Define latch conf dirrectory +latchsysconfdir=$sysconfdir/latch prefix_NONE= exec_prefix_NONE= test "x$prefix" = xNONE && prefix_NONE=yes && prefix=$ac_default_prefix test "x$exec_prefix" = xNONE && exec_prefix_NONE=yes && exec_prefix=$prefix - eval ac_define_dir="\"$sysconfdir\"" + eval ac_define_dir="\"$latchsysconfdir\"" eval ac_define_dir="\"$ac_define_dir\"" LATCH_CONF_DIR="$ac_define_dir" @@ -13426,7 +13426,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by latch $as_me 1.0, which was +This file was extended by latch $as_me 1.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13492,7 +13492,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -latch config.status 1.0 +latch config.status 1.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index a723277..981c1e3 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,7 @@ AC_PREREQ([2.61]) -AC_INIT([latch], [1.0], [latch-help@support.elevenpaths.com]) +AC_INIT([latch], [1.1], [latch-help@support.elevenpaths.com]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS(config.h) @@ -66,9 +66,9 @@ AC_TYPE_UID_T AC_FUNC_MALLOC AC_CHECK_FUNCS([memset strchr strerror strstr]) -# Default sysconfdir to /etc/latch -test "$sysconfdir" = '${prefix}/etc' && sysconfdir=/etc/latch -AC_DEFINE_DIR([LATCH_CONF_DIR], [sysconfdir], [Configuration directory]) +# Define latch conf dirrectory +latchsysconfdir=$sysconfdir/latch +AC_DEFINE_DIR([LATCH_CONF_DIR], [latchsysconfdir], [Latch configuration directory]) AC_SUBST(PAMDIR, "\$(exec_prefix)/lib/security") AC_ARG_WITH(pam-dir, diff --git a/lib/util.h b/lib/util.h index aca20fe..69516fa 100644 --- a/lib/util.h +++ b/lib/util.h @@ -17,6 +17,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include "config.h" #define OTP_LENGTH 6 #define MAX_SIZE 64 @@ -29,8 +30,14 @@ #define TIMEOUT_MAX_LENGTH 2 #define TIMEOUT_MIN 1 #define TIMEOUT_MAX 99 -#define DEFAULT_LATCH_CONFIG_FILE "/etc/latch/latch.conf" -#define DEFAULT_LATCH_ACCOUNTS_FILE "/etc/latch/latch.accounts" + +#define SEPARATOR "/" + +#define LATCH_CONF_FILE "latch.conf" +#define LATCH_ACC_FILE "latch.accounts" +#define DEFAULT_LATCH_CONFIG_FILE LATCH_CONF_DIR SEPARATOR LATCH_CONF_FILE +#define DEFAULT_LATCH_ACCOUNTS_FILE LATCH_CONF_DIR SEPARATOR LATCH_ACC_FILE + #define LATCH_API_HOST "https://latch.elevenpaths.com" #define LATCH_TEMP_FILE "/tmp/latch_temp" diff --git a/modules/SSH/src/Makefile.am b/modules/SSH/src/Makefile.am index 26e90e3..077d1f2 100644 --- a/modules/SSH/src/Makefile.am +++ b/modules/SSH/src/Makefile.am @@ -1,10 +1,11 @@ AUTOMAKE_OPTIONS = no-dependencies DEFS = +AM_CPPFLAGS = -I$(top_srcdir)/lib LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl -bin_PROGRAMS = latch-shell -latch_shell_SOURCES = latch_shell.c \ +bin_PROGRAMS = latch-ssh-cmd +latch_ssh_cmd_SOURCES = latch_ssh_command.c \ $(top_builddir)/lib/latch.c \ $(top_builddir)/lib/latch.h \ $(top_builddir)/lib/util.c \ @@ -13,8 +14,8 @@ latch_shell_SOURCES = latch_shell.c \ $(top_builddir)/lib/drop_privs.h install-exec-hook: - echo "#### Setting SUID for latch-shell ####" - ls -l $(DESTDIR)$(bindir)/latch-shell - chmod 4755 $(DESTDIR)$(bindir)/latch-shell - ls -l $(DESTDIR)$(bindir)/latch-shell + echo "#### Setting SUID for latch-ssh-cmd ####" + ls -l $(DESTDIR)$(bindir)/latch-ssh-cmd + chmod 4755 $(DESTDIR)$(bindir)/latch-ssh-cmd + ls -l $(DESTDIR)$(bindir)/latch-ssh-cmd echo "####-------------------------------####" diff --git a/modules/SSH/src/Makefile.in b/modules/SSH/src/Makefile.in index 601c431..a604e6a 100644 --- a/modules/SSH/src/Makefile.in +++ b/modules/SSH/src/Makefile.in @@ -78,7 +78,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -bin_PROGRAMS = latch-shell$(EXEEXT) +bin_PROGRAMS = latch-ssh-cmd$(EXEEXT) subdir = modules/SSH/src DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -95,12 +95,12 @@ CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am__dirstamp = $(am__leading_dot)dirstamp -am_latch_shell_OBJECTS = latch_shell.$(OBJEXT) \ +am_latch_ssh_cmd_OBJECTS = latch_ssh_command.$(OBJEXT) \ $(top_builddir)/lib/latch.$(OBJEXT) \ $(top_builddir)/lib/util.$(OBJEXT) \ $(top_builddir)/lib/drop_privs.$(OBJEXT) -latch_shell_OBJECTS = $(am_latch_shell_OBJECTS) -latch_shell_LDADD = $(LDADD) +latch_ssh_cmd_OBJECTS = $(am_latch_ssh_cmd_OBJECTS) +latch_ssh_cmd_LDADD = $(LDADD) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -138,8 +138,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(latch_shell_SOURCES) -DIST_SOURCES = $(latch_shell_SOURCES) +SOURCES = $(latch_ssh_cmd_SOURCES) +DIST_SOURCES = $(latch_ssh_cmd_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -283,7 +283,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = no-dependencies -latch_shell_SOURCES = latch_shell.c \ +AM_CPPFLAGS = -I$(top_srcdir)/lib +latch_ssh_cmd_SOURCES = latch_ssh_command.c \ $(top_builddir)/lib/latch.c \ $(top_builddir)/lib/latch.h \ $(top_builddir)/lib/util.c \ @@ -384,9 +385,9 @@ $(top_builddir)/lib/util.$(OBJEXT): \ $(top_builddir)/lib/drop_privs.$(OBJEXT): \ $(top_builddir)/lib/$(am__dirstamp) -latch-shell$(EXEEXT): $(latch_shell_OBJECTS) $(latch_shell_DEPENDENCIES) $(EXTRA_latch_shell_DEPENDENCIES) - @rm -f latch-shell$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(latch_shell_OBJECTS) $(latch_shell_LDADD) $(LIBS) +latch-ssh-cmd$(EXEEXT): $(latch_ssh_cmd_OBJECTS) $(latch_ssh_cmd_DEPENDENCIES) $(EXTRA_latch_ssh_cmd_DEPENDENCIES) + @rm -f latch-ssh-cmd$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(latch_ssh_cmd_OBJECTS) $(latch_ssh_cmd_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -618,10 +619,10 @@ uninstall-am: uninstall-binPROGRAMS install-exec-hook: - echo "#### Setting SUID for latch-shell ####" - ls -l $(DESTDIR)$(bindir)/latch-shell - chmod 4755 $(DESTDIR)$(bindir)/latch-shell - ls -l $(DESTDIR)$(bindir)/latch-shell + echo "#### Setting SUID for latch-ssh-cmd ####" + ls -l $(DESTDIR)$(bindir)/latch-ssh-cmd + chmod 4755 $(DESTDIR)$(bindir)/latch-ssh-cmd + ls -l $(DESTDIR)$(bindir)/latch-ssh-cmd echo "####-------------------------------####" # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/modules/SSH/src/latch_shell.c b/modules/SSH/src/latch_ssh_command.c similarity index 98% rename from modules/SSH/src/latch_shell.c rename to modules/SSH/src/latch_ssh_command.c index 6bb4a09..2b3bc6e 100644 --- a/modules/SSH/src/latch_shell.c +++ b/modules/SSH/src/latch_ssh_command.c @@ -24,9 +24,10 @@ #include #include #include "config.h" -#include "../../../lib/latch.h" -#include "../../../lib/util.h" - #include "../../../lib/drop_privs.h" + +#include "latch.h" +#include "util.h" +#include "drop_privs.h" diff --git a/pam/Makefile.am b/pam/Makefile.am index c2624bc..3e16c68 100644 --- a/pam/Makefile.am +++ b/pam/Makefile.am @@ -1,19 +1,19 @@ AUTOMAKE_OPTIONS = no-dependencies - DEFS = +AM_CPPFLAGS = -I$(top_srcdir)/lib if OSLINUX LIBS += -lpam_misc endif lib_LTLIBRARIES = pam_latch.la -pam_latch_la_SOURCES = pam_latch.c ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h ../lib/drop_privs.c ../lib/drop_privs.h +pam_latch_la_SOURCES = pam_latch.c $(top_builddir)/lib/latch.c $(top_builddir)/lib/latch.h $(top_builddir)/lib/util.c \ + $(top_builddir)/lib/util.h $(top_builddir)/lib/drop_privs.c $(top_builddir)/lib/drop_privs.h pam_latch_la_LDFLAGS = -module -avoid-version -bin_PROGRAMS = test -test_SOURCES = test.c +noinst_PROGRAMS = test_pam_latch +test_pam_latch_SOURCES = test.c pam_latch_LIBS = @LIBS@ -lpam -lcurl -lcrypto -lssl -ldl - -test_LIBS = @LIBS@ @linux_test_LIBS@ -lpam +test_pam_latch_LIBS = @LIBS@ @linux_test_LIBS@ -lpam diff --git a/pam/Makefile.in b/pam/Makefile.in index b260f9c..a716036 100644 --- a/pam/Makefile.in +++ b/pam/Makefile.in @@ -80,7 +80,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @OSLINUX_TRUE@am__append_1 = -lpam_misc -bin_PROGRAMS = test$(EXEEXT) +noinst_PROGRAMS = test_pam_latch$(EXEEXT) subdir = pam DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -121,12 +121,12 @@ am__uninstall_files_from_dir = { \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" +am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) pam_latch_la_LIBADD = am__dirstamp = $(am__leading_dot)dirstamp -am_pam_latch_la_OBJECTS = pam_latch.lo ../lib/latch.lo ../lib/util.lo \ - ../lib/drop_privs.lo +am_pam_latch_la_OBJECTS = pam_latch.lo $(top_builddir)/lib/latch.lo \ + $(top_builddir)/lib/util.lo $(top_builddir)/lib/drop_privs.lo pam_latch_la_OBJECTS = $(am_pam_latch_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -135,10 +135,10 @@ am__v_lt_1 = pam_latch_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_latch_la_LDFLAGS) $(LDFLAGS) -o $@ -PROGRAMS = $(bin_PROGRAMS) -am_test_OBJECTS = test.$(OBJEXT) -test_OBJECTS = $(am_test_OBJECTS) -test_LDADD = $(LDADD) +PROGRAMS = $(noinst_PROGRAMS) +am_test_pam_latch_OBJECTS = test.$(OBJEXT) +test_pam_latch_OBJECTS = $(am_test_pam_latch_OBJECTS) +test_pam_latch_LDADD = $(LDADD) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -172,8 +172,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(pam_latch_la_SOURCES) $(test_SOURCES) -DIST_SOURCES = $(pam_latch_la_SOURCES) $(test_SOURCES) +SOURCES = $(pam_latch_la_SOURCES) $(test_pam_latch_SOURCES) +DIST_SOURCES = $(pam_latch_la_SOURCES) $(test_pam_latch_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -317,12 +317,15 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = no-dependencies +AM_CPPFLAGS = -I$(top_srcdir)/lib lib_LTLIBRARIES = pam_latch.la -pam_latch_la_SOURCES = pam_latch.c ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h ../lib/drop_privs.c ../lib/drop_privs.h +pam_latch_la_SOURCES = pam_latch.c $(top_builddir)/lib/latch.c $(top_builddir)/lib/latch.h $(top_builddir)/lib/util.c \ + $(top_builddir)/lib/util.h $(top_builddir)/lib/drop_privs.c $(top_builddir)/lib/drop_privs.h + pam_latch_la_LDFLAGS = -module -avoid-version -test_SOURCES = test.c +test_pam_latch_SOURCES = test.c pam_latch_LIBS = @LIBS@ -lpam -lcurl -lcrypto -lssl -ldl -test_LIBS = @LIBS@ @linux_test_LIBS@ -lpam +test_pam_latch_LIBS = @LIBS@ @linux_test_LIBS@ -lpam all: all-am .SUFFIXES: @@ -392,58 +395,19 @@ clean-libLTLIBRARIES: echo rm -f $${locs}; \ rm -f $${locs}; \ } -../lib/$(am__dirstamp): - @$(MKDIR_P) ../lib - @: > ../lib/$(am__dirstamp) -../lib/latch.lo: ../lib/$(am__dirstamp) -../lib/util.lo: ../lib/$(am__dirstamp) -../lib/drop_privs.lo: ../lib/$(am__dirstamp) +$(top_builddir)/lib/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/lib + @: > $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/latch.lo: $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/util.lo: $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/drop_privs.lo: \ + $(top_builddir)/lib/$(am__dirstamp) pam_latch.la: $(pam_latch_la_OBJECTS) $(pam_latch_la_DEPENDENCIES) $(EXTRA_pam_latch_la_DEPENDENCIES) $(AM_V_CCLD)$(pam_latch_la_LINK) -rpath $(libdir) $(pam_latch_la_OBJECTS) $(pam_latch_la_LIBADD) $(LIBS) -install-binPROGRAMS: $(bin_PROGRAMS) - @$(NORMAL_INSTALL) - @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ - fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p \ - || test -f $$p1 \ - ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n;h' \ - -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ - } \ - ; done - -uninstall-binPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' \ - `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files - -clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ @@ -451,14 +415,14 @@ clean-binPROGRAMS: echo " rm -f" $$list; \ rm -f $$list -test$(EXEEXT): $(test_OBJECTS) $(test_DEPENDENCIES) $(EXTRA_test_DEPENDENCIES) - @rm -f test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(test_OBJECTS) $(test_LDADD) $(LIBS) +test_pam_latch$(EXEEXT): $(test_pam_latch_OBJECTS) $(test_pam_latch_DEPENDENCIES) $(EXTRA_test_pam_latch_DEPENDENCIES) + @rm -f test_pam_latch$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_pam_latch_OBJECTS) $(test_pam_latch_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) - -rm -f ../lib/*.$(OBJEXT) - -rm -f ../lib/*.lo + -rm -f $(top_builddir)/lib/*.$(OBJEXT) + -rm -f $(top_builddir)/lib/*.lo distclean-compile: -rm -f *.tab.c @@ -476,8 +440,8 @@ mostlyclean-libtool: -rm -f *.lo clean-libtool: + -rm -rf $(top_builddir)/lib/.libs $(top_builddir)/lib/_libs -rm -rf .libs _libs - -rm -rf ../lib/.libs ../lib/_libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -564,10 +528,8 @@ distdir: $(DISTFILES) check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) -install-binPROGRAMS: install-libLTLIBRARIES - installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)"; do \ + for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -596,15 +558,15 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -rm -f ../lib/$(am__dirstamp) + -test -z "$(top_builddir)/lib/$(am__dirstamp)" || rm -f $(top_builddir)/lib/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ - clean-libtool mostlyclean-am +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am -rm -f Makefile @@ -629,7 +591,7 @@ install-dvi: install-dvi-am install-dvi-am: -install-exec-am: install-binPROGRAMS install-libLTLIBRARIES +install-exec-am: install-libLTLIBRARIES install-html: install-html-am @@ -668,25 +630,24 @@ ps: ps-am ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-libLTLIBRARIES +uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ - clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ - clean-libtool cscopelist-am ctags ctags-am distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-binPROGRAMS install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-libLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-libLTLIBRARIES +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-libLTLIBRARIES \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-libLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/Makefile.am b/src/Makefile.am index b03181b..7202d49 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,11 +1,13 @@ AUTOMAKE_OPTIONS = no-dependencies DEFS = +AM_CPPFLAGS = -I$(top_srcdir)/lib LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl bin_PROGRAMS = latch -latch_SOURCES = latch_unix.c latch_unix.h ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h \ - ../lib/drop_privs.c ../lib/drop_privs.h ../lib/charset.c ../lib/charset.h +latch_SOURCES = latch_unix.c latch_unix.h $(top_builddir)/lib/latch.c $(top_builddir)/lib/latch.h $(top_builddir)/lib/util.c \ + $(top_builddir)/lib/util.h $(top_builddir)/lib/drop_privs.c $(top_builddir)/lib/drop_privs.h $(top_builddir)/lib/charset.c \ + $(top_builddir)/lib/charset.h install-exec-hook: echo "#### Setting SUID for latch ####" diff --git a/src/Makefile.in b/src/Makefile.in index a2624d9..9f1d99b 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -95,9 +95,11 @@ CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am__dirstamp = $(am__leading_dot)dirstamp -am_latch_OBJECTS = latch_unix.$(OBJEXT) ../lib/latch.$(OBJEXT) \ - ../lib/util.$(OBJEXT) ../lib/drop_privs.$(OBJEXT) \ - ../lib/charset.$(OBJEXT) +am_latch_OBJECTS = latch_unix.$(OBJEXT) \ + $(top_builddir)/lib/latch.$(OBJEXT) \ + $(top_builddir)/lib/util.$(OBJEXT) \ + $(top_builddir)/lib/drop_privs.$(OBJEXT) \ + $(top_builddir)/lib/charset.$(OBJEXT) latch_OBJECTS = $(am_latch_OBJECTS) latch_LDADD = $(LDADD) AM_V_lt = $(am__v_lt_@AM_V@) @@ -282,8 +284,10 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = no-dependencies -latch_SOURCES = latch_unix.c latch_unix.h ../lib/latch.c ../lib/latch.h ../lib/util.c ../lib/util.h \ - ../lib/drop_privs.c ../lib/drop_privs.h ../lib/charset.c ../lib/charset.h +AM_CPPFLAGS = -I$(top_srcdir)/lib +latch_SOURCES = latch_unix.c latch_unix.h $(top_builddir)/lib/latch.c $(top_builddir)/lib/latch.h $(top_builddir)/lib/util.c \ + $(top_builddir)/lib/util.h $(top_builddir)/lib/drop_privs.c $(top_builddir)/lib/drop_privs.h $(top_builddir)/lib/charset.c \ + $(top_builddir)/lib/charset.h all: all-am @@ -368,13 +372,17 @@ clean-binPROGRAMS: list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list -../lib/$(am__dirstamp): - @$(MKDIR_P) ../lib - @: > ../lib/$(am__dirstamp) -../lib/latch.$(OBJEXT): ../lib/$(am__dirstamp) -../lib/util.$(OBJEXT): ../lib/$(am__dirstamp) -../lib/drop_privs.$(OBJEXT): ../lib/$(am__dirstamp) -../lib/charset.$(OBJEXT): ../lib/$(am__dirstamp) +$(top_builddir)/lib/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/lib + @: > $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/latch.$(OBJEXT): \ + $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/util.$(OBJEXT): \ + $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/drop_privs.$(OBJEXT): \ + $(top_builddir)/lib/$(am__dirstamp) +$(top_builddir)/lib/charset.$(OBJEXT): \ + $(top_builddir)/lib/$(am__dirstamp) latch$(EXEEXT): $(latch_OBJECTS) $(latch_DEPENDENCIES) $(EXTRA_latch_DEPENDENCIES) @rm -f latch$(EXEEXT) @@ -382,7 +390,7 @@ latch$(EXEEXT): $(latch_OBJECTS) $(latch_DEPENDENCIES) $(EXTRA_latch_DEPENDENCIE mostlyclean-compile: -rm -f *.$(OBJEXT) - -rm -f ../lib/*.$(OBJEXT) + -rm -f $(top_builddir)/lib/*.$(OBJEXT) distclean-compile: -rm -f *.tab.c @@ -517,7 +525,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -rm -f ../lib/$(am__dirstamp) + -test -z "$(top_builddir)/lib/$(am__dirstamp)" || rm -f $(top_builddir)/lib/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" diff --git a/src/latch_unix.c b/src/latch_unix.c index 0919d12..b3146b8 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -25,14 +25,12 @@ #include #include #include -#include "config.h" #include "latch_unix.h" -#include "../lib/latch.h" -#include "../lib/util.h" -#include "../lib/drop_privs.h" -#include "../lib/charset.h" - +#include "latch.h" +#include "util.h" +#include "drop_privs.h" +#include "charset.h" void print_usage() { @@ -40,7 +38,7 @@ void print_usage() { } void print_version() { - printf("%s\n", LATCH_VERSION); + printf("%s\n", PACKAGE_STRING); } diff --git a/src/latch_unix.h b/src/latch_unix.h index 0a027ba..b99b1fb 100644 --- a/src/latch_unix.h +++ b/src/latch_unix.h @@ -1,3 +1,5 @@ +#include "config.h" + #define LATCH_USAGE "Usage: latch -p PAIRING_CODE [options]\n"\ " latch -s [options]\n"\ " latch -o OPERATION [options]\n"\ @@ -12,14 +14,13 @@ "\n"\ "Options:\n"\ "-f CONFIG_FILE, get configuration parameters from CONFIG_FILE;\n"\ - " by default use /etc/latch/latch.conf\n"\ + " by default use " LATCH_CONF_DIR "/latch.conf\n"\ "-a ACCOUNTS_FILE, put and get accounts information from ACCOUNTS_FILE;\n"\ - " by default use /etc/latch/latch.accounts\n"\ + " by default use " LATCH_CONF_DIR "/latch.accounts\n"\ "\n"\ - "Report latch bugs to latch-help@support.elevenpaths.com\n"\ - "For more information, \n"\ + "Report latch bugs to " PACKAGE_BUGREPORT "\n"\ + "For more information, \n" -#define LATCH_VERSION "latch_1.1" #define LATCH_ERROR_102_MSG "Invalid Application ID or Secret Key" #define LATCH_ERROR_109_MSG "Something went wrong. Review your date & time settings." diff --git a/test/installation_test/check_configure.sh b/test/installation_test/check_configure.sh new file mode 100755 index 0000000..5840fd1 --- /dev/null +++ b/test/installation_test/check_configure.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash +# run as root + +RESULTS_TXT=test/installation/text-results.txt + + +assert_sysconf () { + echo "assert sysconf: $1" >> $RESULTS_TXT + test -d $1/latch && \ + stat -c '%U' $1/latch/latch.accounts | grep root && \ + stat -c '%a' $1/latch/latch.accounts | grep "600" && \ + stat -c '%U' $1/latch/latch.conf | grep root && \ + stat -c '%a' $1/latch/latch.conf | grep "600" && \ + echo "...passed" >> $RESULTS_TXT +} + +assert_binary () { + echo "assert binary: $1" >> $RESULTS_TXT + test -f $1 && \ + stat -c '%U' $1 | grep root && \ + stat -c '%a' $1 | grep "4755" && \ + echo "...passed" >> $RESULTS_TXT +} + + +test_no_flags () { + ./configure + make + sudo make install + + echo "TEST_NO_FLAGS" >> $RESULTS_TXT + assert_sysconf /usr/local/etc/ + assert_binary /usr/local/bin/latch + assert_binary /usr/local/bin/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + +test_sysconfdir_flag () { + ./configure --sysconfdir=$1 + make + sudo make install + + echo "TEST_SYSCONFDIR_FLAG -> sysconfdir=$1" >> $RESULTS_TXT + assert_sysconf $1 + assert_binary /usr/local/bin/latch + assert_binary /usr/local/bin/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + +test_bindir_flag () { + ./configure --bindir=$1 + make + sudo make install + + echo "TEST_BINDIR_FLAG -> bindir=$1" >> $RESULTS_TXT + assert_sysconf /usr/local/etc/ + assert_binary $1/latch + assert_binary $1/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + +test_prefix_flag () { + ./configure --prefix=$1 + make + sudo make install + + echo "TEST_PREFIX_FLAG -> prefix=$1" >> $RESULTS_TXT + assert_sysconf $1/etc/ + assert_binary $1/bin/latch + assert_binary $1/bin/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + + + +### main ### +cd ../../ + +echo "--CONFIGURE TEST BEGIN--" > $RESULTS_TXT +test_no_flags +test_sysconfdir_flag /etc +test_bindir_flag /usr/bin +test_prefix_flag /usr +test_prefix_flag /opt/latch +echo "--CONFIGURE TEST END--" >> $RESULTS_TXT \ No newline at end of file From bb83f348b0253c148a36e98f4df068496842e4ec Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 26 Oct 2014 21:19:12 +0100 Subject: [PATCH 12/49] update setup --- examples/setup.sh | 142 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100755 examples/setup.sh diff --git a/examples/setup.sh b/examples/setup.sh new file mode 100755 index 0000000..7924140 --- /dev/null +++ b/examples/setup.sh @@ -0,0 +1,142 @@ +#!/usr/bin/env bash +# run as root +# tested on (OS X 10.9.3) + + +function pre_install_ () +{ + # install dependencies + sudo apt-get update + sudo apt-get install libpam0g-dev, libcurl4-openssl-dev, libssl-dev + sudo apt-get install gcc make + +} + +function install_ () +{ + local SYS=$1 + + # change to root directory + cd .. + + # configure & make & install + ./configure prefix=/usr sysconfdir=/etc && make && sudo make install + + # move pam_latch.so to PAM directory + echo 'Moving pam_latch.so to PAM directory...' + if test -d /lib*/*/security/ ; then + PAM_DIR=/lib*/*/security/ + elif test -d /lib*/security/ ; then + PAM_DIR=/lib*/security/ + elif test -d /usr/lib/security/ ; then + PAM_DIR=/usr/lib/security/ + else + PAM_DIR=/usr/lib/pam/ + fi + + if test -d $PAM_DIR && test -f /usr/lib/pam_latch.so ; then + echo 'PAM directory: '$PAM_DIR + sudo cp /usr/lib/pam_latch.so $PAM_DIR + else + echo 'Move /usr/lib/pam_latch.so manually to PAM dir' + exit 1 + fi + + # change to centos directory + echo 'Setting up '$SYS'...' + cd examples/$SYS/ + + # configure pam services + echo 'Configuring pam services...' + for i in `ls etc/pam.d/` ; do + if [[ $i == *latch ]] ; then + sudo cp etc/pam.d/$i /etc/pam.d/ + continue + fi + if test ! -f /etc/pam.d/$i ; then + continue + fi + if test ! -f /etc/pam.d/$i.lchsave ; then + sudo mv /etc/pam.d/$i /etc/pam.d/$i.lchsave + fi + sudo cp etc/pam.d/$i /etc/pam.d/ + done + + # configure ssh server + echo 'Configuring ssh server...' + if test -d /etc/ssh/ ; then + SSH_CONFIG_DIR=etc/ssh + else + SSH_CONFIG_DIR=etc + fi + + if test -f /$SSH_CONFIG_DIR/sshd_config ; then + if test ! -f /$SSH_CONFIG_DIR/sshd_config.lchsave ; then + sudo mv /$SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config.lchsave + fi + sudo cp $SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config + else + echo 'SSH server not found' + fi + + # restart ssh + echo 'Restarting ssh server...' + sudo service ssh restart +} + +function uninstall_ () +{ + # change to root directory + cd .. + + # configure pam services + echo 'Re-configuring pam services...' + for i in `ls /etc/pam.d/ | grep '.lchsave' | cut -d "." -f 1` ; do + sudo mv /etc/pam.d/$i.lchsave /etc/pam.d/$i + done + for i in `ls /etc/pam.d/ | grep 'latch'` ; do + sudo rm /etc/pam.d/$i + done + + # configure ssh server + echo 'Re-configuring ssh server ...' + if test -d /etc/ssh/ ; then + SSH_CONFIG_DIR=/etc/ssh + else + SSH_CONFIG_DIR=/etc + fi + + if test -f $SSH_CONFIG_DIR/sshd_config.lchsave ; then + sudo mv $SSH_CONFIG_DIR/sshd_config.lchsave $SSH_CONFIG_DIR/sshd_config + fi + + # configure & uninstall + ./configure prefix=/usr sysconfdir=/etc && make clean && sudo make uninstall + + # restart ssh + echo 'Restarting ssh server...' + sudo service ssh restart +} + + +elif [ "$1" == 'uninstall' ] ; then + echo 'Uninstalling latch ...' + uninstall_ +elif [ "$1" != '' ] ; then + echo 'Installing prerequisites ...' + pre_install_ + echo 'Installing latch ...' + install_ $1 +else + echo 'Usage: sudo ./setup DIST | uninstall' +fi + + + + + + + + + + From 57600999cd544199312d07b03cd14bffac7052c2 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 26 Oct 2014 21:22:22 +0100 Subject: [PATCH 13/49] fix file --- examples/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/setup.sh b/examples/setup.sh index 7924140..cbf4ac4 100755 --- a/examples/setup.sh +++ b/examples/setup.sh @@ -119,7 +119,7 @@ function uninstall_ () } -elif [ "$1" == 'uninstall' ] ; then +if [ "$1" == 'uninstall' ] ; then echo 'Uninstalling latch ...' uninstall_ elif [ "$1" != '' ] ; then From 6447f0908f52ac6df48e04030d6de95a2356774c Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 26 Oct 2014 21:25:04 +0100 Subject: [PATCH 14/49] fix setup --- examples/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/setup.sh b/examples/setup.sh index cbf4ac4..0fd4b35 100755 --- a/examples/setup.sh +++ b/examples/setup.sh @@ -7,7 +7,7 @@ function pre_install_ () { # install dependencies sudo apt-get update - sudo apt-get install libpam0g-dev, libcurl4-openssl-dev, libssl-dev + sudo apt-get install libpam0g-dev libcurl4-openssl-dev libssl-dev sudo apt-get install gcc make } From d53ede400b579f7a7f686a714a518157811f80f6 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 26 Oct 2014 21:26:57 +0100 Subject: [PATCH 15/49] fix setup --- examples/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/setup.sh b/examples/setup.sh index 0fd4b35..da35207 100755 --- a/examples/setup.sh +++ b/examples/setup.sh @@ -7,7 +7,7 @@ function pre_install_ () { # install dependencies sudo apt-get update - sudo apt-get install libpam0g-dev libcurl4-openssl-dev libssl-dev + sudo apt-get install -f libpam0g-dev libcurl4-openssl-dev libssl-dev sudo apt-get install gcc make } From fe07273b25b869d60d226b0b964613b9a39af297 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 26 Oct 2014 22:07:03 +0100 Subject: [PATCH 16/49] update setup --- examples/OSX/setup.sh | 143 --------------------------------------- examples/centos/setup.sh | 135 ------------------------------------ examples/debian/setup.sh | 134 ------------------------------------ examples/fedora/setup.sh | 140 -------------------------------------- examples/setup.sh | 26 +++++-- examples/ubuntu/setup.sh | 134 ------------------------------------ 6 files changed, 19 insertions(+), 693 deletions(-) delete mode 100755 examples/OSX/setup.sh delete mode 100755 examples/centos/setup.sh delete mode 100755 examples/debian/setup.sh delete mode 100755 examples/fedora/setup.sh delete mode 100755 examples/ubuntu/setup.sh diff --git a/examples/OSX/setup.sh b/examples/OSX/setup.sh deleted file mode 100755 index 745e06e..0000000 --- a/examples/OSX/setup.sh +++ /dev/null @@ -1,143 +0,0 @@ -#!/usr/bin/env bash -# run as root -# tested on (OS X 10.9.3) - - - - -function install_ () -{ - local SYS=$1 - - # change to root directory - cd ../.. - - # configure & make & install - ./configure && make && sudo make install - - # move pam_latch.so to PAM directory - echo 'Moving pam_latch.so to PAM directory...' - if test -d /lib/*/security/ ; then - PAM_DIR=/lib/*/security/ - elif test -d /lib64/security/ ; then - PAM_DIR=/lib64/security/ - elif test -d /lib/security/ ; then - PAM_DIR=/lib/security/ - else - PAM_DIR=/usr/lib/pam/ - fi - - if test -d $PAM_DIR && test -f /usr/local/lib/pam_latch.so ; then - echo 'PAM directory: '$PAM_DIR - sudo mv /usr/local/lib/pam_latch.so $PAM_DIR - else - echo 'Move /usr/local/lib/pam_latch.so manually to PAM dir' - exit 1 - fi - - # move binary files to /usr/bin/ - echo 'Moving binaries to /usr/bin/ ...' - sudo mv /usr/local/bin/latch /usr/local/bin/latch-shell /usr/bin/ - - # update permissions - echo 'Updating permissions...' - sudo chmod 4755 /usr/bin/latch /usr/bin/latch-shell - - # change to centos directory - echo 'Setting up '$SYS'...' - cd examples/$SYS/ - - # configure pam services - echo 'Configuring pam services...' - for i in `ls etc/pam.d/` ; do - if [[ $i == *latch ]] ; then - sudo cp etc/pam.d/$i /etc/pam.d/ - continue - fi - if test ! -f /etc/pam.d/$i ; then - continue - fi - if test ! -f /etc/pam.d/$i.lchsave ; then - sudo mv /etc/pam.d/$i /etc/pam.d/$i.lchsave - fi - sudo cp etc/pam.d/$i /etc/pam.d/ - done - - # configure ssh server - echo 'Configuring ssh server...' - if test -d /etc/ssh/ ; then - SSH_CONFIG_DIR=etc/ssh - else - SSH_CONFIG_DIR=etc - fi - - if test -f /$SSH_CONFIG_DIR/sshd_config ; then - if test ! -f /$SSH_CONFIG_DIR/sshd_config.lchsave ; then - sudo mv /$SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config.lchsave - fi - sudo cp $SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config - else - echo 'SSH server not found' - fi -} - -function uninstall_ () -{ - # change to root directory - cd ../.. - - # configure pam services - echo 'Re-configuring pam services...' - for i in `ls /etc/pam.d/ | grep '.lchsave' | cut -d "." -f 1` ; do - sudo mv /etc/pam.d/$i.lchsave /etc/pam.d/$i - done - for i in `ls /etc/pam.d/ | grep 'latch'` ; do - sudo rm /etc/pam.d/$i - done - - # configure ssh server - echo 'Re-configuring ssh server...' - if test -d /etc/ssh/ ; then - SSH_CONFIG_DIR=/etc/ssh - else - SSH_CONFIG_DIR=/etc - fi - - if test -f $SSH_CONFIG_DIR/sshd_config.lchsave ; then - sudo mv $SSH_CONFIG_DIR/sshd_config.lchsave $SSH_CONFIG_DIR/sshd_config - fi - - # configure & uninstall - ./configure && make clean && sudo make uninstall - - # remove binaries - echo 'Removing binaries from /usr/bin/ ...' - if test -f /usr/bin/latch ; then - sudo rm /usr/bin/latch - fi - if test -f /usr/bin/latch-shell ; then - sudo rm /usr/bin/latch-shell - fi - -} - - -if [ "$1" == "" ] ; then - echo 'Installing latch for Mac OS X...' - install_ OSX -elif [ "$1" == 'uninstall' ] ; then - echo 'Uninstalling latch for Mac OS X...' - uninstall_ -else - echo 'Usage: sudo ./setup [ uninstall ]' -fi - - - - - - - - - - diff --git a/examples/centos/setup.sh b/examples/centos/setup.sh deleted file mode 100755 index f77378a..0000000 --- a/examples/centos/setup.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/env bash -# run as root -# tested on (Centos 6.5) - - -function pre_install_ () -{ - # install dependencies - sudo yum update - sudo yum install pam-devel libcurl-devel openssl-devel - sudo yum install gcc make - -} - -function install_ () -{ - # change to root directory - cd ../.. - - # configure & make & install - ./configure && make && sudo make install - - # change to centos directory - echo 'Setting up CentOS...' - cd examples/centos/ - - # configure pam services - echo 'Configuring pam services...' - for i in `ls etc/pam.d/` ; do - if test -f /etc/pam.d/$i && test ! -f /etc/pam.d/$i.lchsave ; then - sudo mv /etc/pam.d/$i /etc/pam.d/$i.lchsave - fi - sudo cp etc/pam.d/$i /etc/pam.d/ - done - - # configure ssh server - echo 'Configuring ssh server...' - if test -f /etc/ssh/sshd_config ; then - if test ! -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.lchsave - fi - sudo cp etc/ssh/sshd_config /etc/ssh/sshd_config - else - echo 'SSH server not found' - fi - - # move pam_latch.so to PAM directory - echo 'Moving pam_latch.so to PAM directory...' - if test -d /lib/*/security/ ; then - PAM_DIR=/lib/*/security/ - elif test -d /lib64/security/ ; then - PAM_DIR=/lib64/security/ - else - PAM_DIR=/lib/security/ - fi - - if test -d $PAM_DIR ; then - sudo mv /usr/local/lib/pam_latch.so $PAM_DIR - echo 'PAM directory: '$PAM_DIR - else - echo 'Move /usr/local/lib/pam_latch.so manually to PAM dir' - fi - - # move binary files to /usr/bin/ - echo 'Moving binaries to /usr/bin/ ...' - sudo mv /usr/local/bin/latch /usr/local/bin/latch-shell /usr/bin/ - - # update permissions - echo 'Updating permissions...' - sudo chmod 4755 /usr/bin/latch /usr/bin/latch-shell - - # restart ssh - echo 'Restarting ssh server...' - sudo service sshd restart -} - -function uninstall_ () -{ - # change to root directory - cd ../.. - - # configure & uninstall - ./configure && make clean && sudo make uninstall - - # configure pam services - echo 'Re-configuring pam services...' - for i in `ls /etc/pam.d/ | grep '.lchsave' | cut -d "." -f 1` ; do - sudo mv /etc/pam.d/$i.lchsave /etc/pam.d/$i - done - for i in `ls /etc/pam.d/ | grep 'latch'` ; do - sudo rm /etc/pam.d/$i - done - - # configure ssh server - echo 'Re-configuring ssh server...' - if test -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config.lchsave /etc/ssh/sshd_config - fi - - # remove binaries - echo 'Removing binaries from /usr/bin/ ...' - if test -f /usr/bin/latch ; then - sudo rm /usr/bin/latch - fi - if test -f /usr/bin/latch-shell ; then - sudo rm /usr/bin/latch-shell - fi - - # restart ssh - echo 'Restarting ssh server...' - sudo service sshd restart -} - - -if [ "$1" == "" ] ; then - echo 'Installing prerequisites..' - pre_install_ - echo 'Installing latch-Unix...' - install_ -elif [ "$1" == 'uninstall' ] ; then - echo 'Uninstalling latch-Unix...' - uninstall_ -else - echo 'Usage: sudo ./setup [ uninstall ]' -fi - - - - - - - - - - diff --git a/examples/debian/setup.sh b/examples/debian/setup.sh deleted file mode 100755 index cb56502..0000000 --- a/examples/debian/setup.sh +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/env bash -# run as root -# tested on (Debian 6.5) - - - -function pre_install_ () -{ - # install dependencies - sudo apt-get update - sudo apt-get install libpam0g-dev, libcurl4-openssl-dev, libssl-dev - sudo apt-get install gcc make - -} - -function install_ () -{ - # change to root directory - cd ../.. - - # configure & make & install - ./configure && make && sudo make install - - # change to ubuntu directory - echo 'Setting up Debian...' - cd examples/debian/ - - # configure pam services - echo 'Configuring pam services...' - for i in `ls etc/pam.d/` ; do - if [[ $i == *latch ]] ; then - sudo cp etc/pam.d/$i /etc/pam.d/ - continue - fi - if test ! -f /etc/pam.d/$i ; then - continue - fi - if test ! -f /etc/pam.d/$i.lchsave ; then - sudo mv /etc/pam.d/$i /etc/pam.d/$i.lchsave - fi - sudo cp etc/pam.d/$i /etc/pam.d/ - done - - # configure ssh server - echo 'Configuring ssh server...' - if test -f /etc/ssh/sshd_config ; then - if test ! -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.lchsave - fi - sudo cp etc/ssh/sshd_config /etc/ssh/sshd_config - else - echo 'SSH server not found' - fi - - # move pam_latch.so to PAM directory - echo 'Moving pam_latch.so to PAM directory...' - if test -d /lib/*/security/ ; then - PAM_DIR=/lib/*/security/ - elif test -d /lib64/security/ ; then - PAM_DIR=/lib64/security/ - else - PAM_DIR=/lib/security/ - fi - - if test -d $PAM_DIR ; then - sudo mv /usr/local/lib/pam_latch.so $PAM_DIR - echo 'PAM directory: '$PAM_DIR - else - echo 'Move /usr/local/lib/pam_latch.so manually to PAM dir' - fi - - # move binary files to /usr/bin/ - echo 'Moving binaries to /usr/bin/ ...' - sudo mv /usr/local/bin/latch /usr/local/bin/latch-shell /usr/bin/ - - # update permissions - echo 'Updating permissions...' - sudo chmod 4755 /usr/bin/latch /usr/bin/latch-shell - - # restart ssh - echo 'Restarting ssh server...' - sudo service ssh restart -} - -function uninstall_ () -{ - # change to root directory - cd ../.. - - # configure & uninstall - ./configure && make clean && sudo make uninstall - - # configure pam services - echo 'Re-configuring pam services...' - for i in `ls /etc/pam.d/ | grep '.lchsave' | cut -d "." -f 1` ; do - sudo mv /etc/pam.d/$i.lchsave /etc/pam.d/$i - done - for i in `ls /etc/pam.d/ | grep 'latch'` ; do - sudo rm /etc/pam.d/$i - done - - # configure ssh server - echo 'Re-configuring ssh server...' - if test -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config.lchsave /etc/ssh/sshd_config - fi - - # remove binaries - echo 'Removing binaries from /usr/bin/ ...' - if test -f /usr/bin/latch ; then - sudo rm /usr/bin/latch - fi - if test -f /usr/bin/latch-shell ; then - sudo rm /usr/bin/latch-shell - fi - - # restart ssh - echo 'Restarting ssh server...' - sudo service ssh restart -} - - -if [ "$1" == "" ] ; then - echo 'Installing prerequisites..' - pre_install_ - echo 'Installing latch-Unix...' - install_ -elif [ "$1" == 'uninstall' ] ; then - echo 'Uninstalling latch-Unix...' - uninstall_ -else - echo 'Usage: sudo ./setup [ uninstall ]' -fi - diff --git a/examples/fedora/setup.sh b/examples/fedora/setup.sh deleted file mode 100755 index 2bfc3be..0000000 --- a/examples/fedora/setup.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/env bash -# run as root -# tested on (Fedora 20) - - -function pre_install_ () -{ - # install dependencies - sudo yum update - sudo yum install pam-devel libcurl-devel openssl-devel - sudo yum install gcc make - -} - -function install_ () -{ - # change to root directory - cd ../.. - - # configure & make & install - ./configure && make && sudo make install - - # change to centos directory - echo 'Setting up Fedora...' - cd examples/fedora/ - - # configure pam services - echo 'Configuring pam services...' - for i in `ls etc/pam.d/` ; do - if test -f /etc/pam.d/$i && test ! -f /etc/pam.d/$i.lchsave ; then - sudo mv /etc/pam.d/$i /etc/pam.d/$i.lchsave - fi - sudo cp etc/pam.d/$i /etc/pam.d/ - done - - # configure ssh server - echo 'Configuring ssh server...' - if test -f /etc/ssh/sshd_config ; then - if test ! -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.lchsave - fi - sudo cp etc/ssh/sshd_config /etc/ssh/sshd_config - else - echo 'SSH server not found' - fi - - # move pam_latch.so to PAM directory - echo 'Moving pam_latch.so to PAM directory...' - if test -d /lib/*/security/ ; then - PAM_DIR=/lib/*/security/ - elif test -d /lib64/security/ ; then - PAM_DIR=/lib64/security/ - else - PAM_DIR=/lib/security/ - fi - - if test -d $PAM_DIR ; then - sudo mv /usr/local/lib/pam_latch.so $PAM_DIR - echo 'PAM directory: '$PAM_DIR - else - echo 'Move /usr/local/lib/pam_latch.so manually to PAM dir' - fi - - # move binary files to /usr/bin/ - echo 'Moving binaries to /usr/bin/ ...' - sudo mv /usr/local/bin/latch /usr/local/bin/latch-shell /usr/bin/ - - # update permissions - echo 'Updating permissions...' - sudo chmod 4755 /usr/bin/latch /usr/bin/latch-shell - - # adding selinux policy to enable sshd conection to Latch servers - echo 'Installing selinux modules...' - sudo semodule -i authlogin_latch.pp - sudo semodule -i log_latch.pp - - # restart ssh - echo 'Restarting ssh server...' - sudo service sshd restart -} - -function uninstall_ () -{ - # change to root directory - cd ../.. - - # configure & uninstall - ./configure && make clean && sudo make uninstall - - # configure pam services - echo 'Re-configuring pam services...' - for i in `ls /etc/pam.d/ | grep '.lchsave' | cut -d "." -f 1` ; do - sudo mv /etc/pam.d/$i.lchsave /etc/pam.d/$i - done - for i in `ls /etc/pam.d/ | grep 'latch'` ; do - sudo rm /etc/pam.d/$i - done - - # configure ssh server - echo 'Re-configuring ssh server...' - if test -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config.lchsave /etc/ssh/sshd_config - fi - - # remove binaries - echo 'Removing binaries from /usr/bin/ ...' - if test -f /usr/bin/latch ; then - sudo rm /usr/bin/latch - fi - if test -f /usr/bin/latch-shell ; then - sudo rm /usr/bin/latch-shell - fi - - # restart ssh - echo 'Restarting ssh server...' - sudo service sshd restart -} - - -if [ "$1" == "" ] ; then - echo 'Installing prerequisites..' - pre_install_ - echo 'Installing latch-Unix...' - install_ -elif [ "$1" == 'uninstall' ] ; then - echo 'Uninstalling latch-Unix...' - uninstall_ -else - echo 'Usage: sudo ./setup [ uninstall ]' -fi - - - - - - - - - - diff --git a/examples/setup.sh b/examples/setup.sh index da35207..b1b2c59 100755 --- a/examples/setup.sh +++ b/examples/setup.sh @@ -5,11 +5,15 @@ function pre_install_ () { - # install dependencies - sudo apt-get update - sudo apt-get install -f libpam0g-dev libcurl4-openssl-dev libssl-dev - sudo apt-get install gcc make - + if [ -f "`which apt-get`" ] ; then + sudo apt-get -y update + sudo apt-get -y install libpam0g-dev libcurl4-openssl-dev libssl-dev + sudo apt-get -y install gcc make + elif [ -f "`which yum`" ] ; then + sudo yum -y update + sudo yum -y install pam-devel libcurl-devel openssl-devel + sudo yum -y install gcc make + fi } function install_ () @@ -81,7 +85,11 @@ function install_ () # restart ssh echo 'Restarting ssh server...' - sudo service ssh restart + if [[ "$1" == "debian" || "$1" == "ubuntu" ]] ; then + sudo service ssh restart + elif [[ "$1" == 'fedora' || "$1" == 'centos' ]] ; then + sudo service sshd restart + fi } function uninstall_ () @@ -115,7 +123,11 @@ function uninstall_ () # restart ssh echo 'Restarting ssh server...' - sudo service ssh restart + if [[ "$1" == "debian" || "$1" == "ubuntu" ]] ; then + sudo service ssh restart + elif [[ "$1" == 'fedora' || "$1" == 'centos' ]] ; then + sudo service sshd restart + fi } diff --git a/examples/ubuntu/setup.sh b/examples/ubuntu/setup.sh deleted file mode 100755 index 0fa6a4e..0000000 --- a/examples/ubuntu/setup.sh +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/env bash -# run as root -# tested on (Ubuntu 14.04, Ubuntu 13.10) - - - -function install_dependencies () -{ - # install dependencies - sudo apt-get update - sudo apt-get install libpam0g-dev, libcurl4-openssl-dev, libssl-dev - sudo apt-get install gcc make - -} - -function install_ () -{ - # change to root directory - cd ../.. - - # configure & make & install - ./configure && make && sudo make install - - # move pam_latch.so to PAM directory - echo 'Moving pam_latch.so to PAM directory...' - if test -d /lib/*/security/ ; then - PAM_DIR=/lib/*/security/ - elif test -d /lib64/security/ ; then - PAM_DIR=/lib64/security/ - else - PAM_DIR=/lib/security/ - fi - - if test -d $PAM_DIR ; then - sudo mv /usr/local/lib/pam_latch.so $PAM_DIR - echo 'PAM directory: '$PAM_DIR - else - echo 'Move /usr/local/lib/pam_latch.so manually to PAM dir' - fi - - # move binary files to /usr/bin/ - echo 'Moving binaries to /usr/bin/ ...' - sudo mv /usr/local/bin/latch /usr/local/bin/latch-shell /usr/bin/ - - # update permissions - echo 'Updating permissions...' - sudo chmod 4755 /usr/bin/latch /usr/bin/latch-shell - - # change to ubuntu directory - echo 'Setting up Ubuntu...' - cd examples/ubuntu/ - - # configure pam services - echo 'Configuring pam services...' - for i in `ls etc/pam.d/` ; do - if [[ $i == *latch ]] ; then - sudo cp etc/pam.d/$i /etc/pam.d/ - continue - fi - if test ! -f /etc/pam.d/$i ; then - continue - fi - if test ! -f /etc/pam.d/$i.lchsave ; then - sudo mv /etc/pam.d/$i /etc/pam.d/$i.lchsave - fi - sudo cp etc/pam.d/$i /etc/pam.d/ - done - - # configure ssh server - echo 'Configuring ssh server...' - if test -f /etc/ssh/sshd_config ; then - if test ! -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.lchsave - fi - sudo cp etc/ssh/sshd_config /etc/ssh/sshd_config - else - echo 'SSH server not found' - fi - - # restart ssh - echo 'Restarting ssh server...' - sudo service ssh restart -} - -function uninstall_ () -{ - # configure pam services - echo 'Re-configuring pam services...' - for i in `ls /etc/pam.d/ | grep '.lchsave' | cut -d "." -f 1` ; do - sudo mv /etc/pam.d/$i.lchsave /etc/pam.d/$i - done - for i in `ls /etc/pam.d/ | grep 'latch'` ; do - sudo rm /etc/pam.d/$i - done - - # configure ssh server - echo 'Re-configuring ssh server...' - if test -f /etc/ssh/sshd_config.lchsave ; then - sudo mv /etc/ssh/sshd_config.lchsave /etc/ssh/sshd_config - fi - - # remove binaries - echo 'Removing binaries from /usr/bin/ ...' - if test -f /usr/bin/latch ; then - sudo rm /usr/bin/latch - fi - if test -f /usr/bin/latch-shell ; then - sudo rm /usr/bin/latch-shell - fi - - # change to root directory - cd ../.. - - # configure & uninstall - ./configure && make clean && sudo make uninstall - - # restart ssh - echo 'Restarting ssh server...' - sudo service ssh restart -} - - -if [ "$1" == "" ] ; then - echo 'Installing prerequisites..' - install_dependencies - echo 'Installing latch-Unix...' - install_ -elif [ "$1" == 'uninstall' ] ; then - echo 'Uninstalling latch-Unix...' - uninstall_ -else - echo 'Usage: sudo ./setup [ uninstall ]' -fi - From 16231c39cb462990209cbed5cf05d4b7b7354927 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 28 Oct 2014 07:42:09 +0100 Subject: [PATCH 17/49] update unit tests --- test/unit_test/AllTests.c | 32 -- test/unit_test/CUnitAllTest.c | 117 +++++++ test/unit_test/CUnitCharsetSuite.c | 115 +++++++ test/unit_test/CUnitCharsetSuite.h | 8 + test/unit_test/CUnitDropPrivsSuite.c | 108 ++++++ test/unit_test/CUnitDropPrivsSuite.h | 4 + test/unit_test/CUnitUtilSuite.c | 422 +++++++++++++++++++++++ test/unit_test/CUnitUtilSuite.h | 35 ++ test/unit_test/CharsetTest.c | 152 --------- test/unit_test/CuTest.c | 339 ------------------- test/unit_test/CuTest.h | 116 ------- test/unit_test/Makefile | 31 ++ test/unit_test/README | 25 ++ test/unit_test/UtilTest.c | 478 --------------------------- test/unit_test/makefile | 23 -- test/unit_test/readme | 4 - 16 files changed, 865 insertions(+), 1144 deletions(-) delete mode 100644 test/unit_test/AllTests.c create mode 100644 test/unit_test/CUnitAllTest.c create mode 100644 test/unit_test/CUnitCharsetSuite.c create mode 100644 test/unit_test/CUnitCharsetSuite.h create mode 100644 test/unit_test/CUnitDropPrivsSuite.c create mode 100644 test/unit_test/CUnitDropPrivsSuite.h create mode 100644 test/unit_test/CUnitUtilSuite.c create mode 100644 test/unit_test/CUnitUtilSuite.h delete mode 100644 test/unit_test/CharsetTest.c delete mode 100644 test/unit_test/CuTest.c delete mode 100644 test/unit_test/CuTest.h create mode 100644 test/unit_test/Makefile create mode 100644 test/unit_test/README delete mode 100644 test/unit_test/UtilTest.c delete mode 100644 test/unit_test/makefile delete mode 100644 test/unit_test/readme diff --git a/test/unit_test/AllTests.c b/test/unit_test/AllTests.c deleted file mode 100644 index bb6ceb3..0000000 --- a/test/unit_test/AllTests.c +++ /dev/null @@ -1,32 +0,0 @@ - #include "CuTest.h" - - - CuSuite* UtilGetSuite(); - CuSuite* CharsetGetSuite(); - - - int RunAllTests(void) { - CuString *output = CuStringNew(); - CuSuite* suite = CuSuiteNew(); - - CuSuiteAddSuite(suite, UtilGetSuite()); - CuSuiteAddSuite(suite, CharsetGetSuite()); - - CuSuiteRun(suite); - CuSuiteSummary(suite, output); - CuSuiteDetails(suite, output); - printf("%s\n", output->buffer); - - if(suite->failCount == 0){ - return 1; - }else{ - return 0; - } - } - - int main(void) { - int x = RunAllTests(); - if (x == 1){ - return 0; - } - } diff --git a/test/unit_test/CUnitAllTest.c b/test/unit_test/CUnitAllTest.c new file mode 100644 index 0000000..0202b2d --- /dev/null +++ b/test/unit_test/CUnitAllTest.c @@ -0,0 +1,117 @@ +#include +#include +#include +#include +#include +#include + +#include "CUnitCharsetSuite.h" +#include "CUnitUtilSuite.h" +#include "CUnitDropPrivsSuite.h" + + + + +/*-------------------------------------------------------------------------* + * Main + *-------------------------------------------------------------------------*/ + +int main(int argc, char *argv[]){ + + CU_pSuite pSuiteCharset = NULL; + CU_pSuite pSuiteUtil = NULL; + CU_pSuite pSuiteDropPrivs = NULL; + + + const char *output_file = "cunit-results"; + + + /* initialize the CUnit test registry */ + if (CUE_SUCCESS != CU_initialize_registry()) + return CU_get_error(); + + /* add a suite to the registry */ + pSuiteCharset = CU_add_suite("Suite_Charset", init_suiteCharset, clean_suiteCharset); + if (NULL == pSuiteCharset) { + CU_cleanup_registry(); + return CU_get_error(); + } + pSuiteUtil = CU_add_suite("Suite_Util", init_suiteUtil, clean_suiteUtil); + if (NULL == pSuiteUtil) { + CU_cleanup_registry(); + return CU_get_error(); + } + pSuiteDropPrivs = CU_add_suite("Suite_DropPrivs", init_suiteDropPrivs, clean_suiteDropPrivs); + if (NULL == pSuiteDropPrivs) { + CU_cleanup_registry(); + return CU_get_error(); + } + + + /* add the tests to the suite */ + if ( + (NULL == CU_add_test(pSuiteCharset, "test of test_valid_code()", test_valid_code)) || + (NULL == CU_add_test(pSuiteCharset, "test of test_valid_code_exceptions()", test_valid_code_exceptions)) || + (NULL == CU_add_test(pSuiteCharset, "test of test_valid_code_invalid_chars()", test_valid_code_invalid_chars)) || + (NULL == CU_add_test(pSuiteCharset, "test of test_valid_code_short()", test_valid_code_short)) || + (NULL == CU_add_test(pSuiteCharset, "test of test_valid_code_long()", test_valid_code_long))) + { + CU_cleanup_registry(); + return CU_get_error(); + } + /* add the tests to the suite */ + if ( + (NULL == CU_add_test(pSuiteUtil, "test of test_get_account()", test_get_account)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_account_equals()", test_get_account_equals)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_account_longer_accountId()", test_get_account_longer_accountId)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_account_shorter_accountId()", test_get_account_shorter_accountId)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_account_no_value()", test_get_account_no_value)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_account_user_not_found()", test_get_account_user_not_found)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_config()", test_get_config)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_config_bad_config_file()", test_get_config_bad_config_file)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_config_longer_length()", test_get_config_longer_length)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_config_shorter_length()", test_get_config_shorter_length)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_config_empty()", test_get_config_empty)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_config_no_value()", test_get_config_no_value)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_get_config_gt_bufsiz()", test_get_config_gt_bufsiz)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_count_account()", test_count_account)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_count_account_bad_length()", test_count_account_bad_length)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_count_account_null()", test_count_account_null)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_count_account_null_acc_file()", test_count_account_null_acc_file)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_count_account_bad_acc_file()", test_count_account_bad_acc_file)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_append_accountId()", test_append_accountId)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_append_accountId_longer()", test_append_accountId_longer)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_append_accountId_shorter()", test_append_accountId_shorter)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_append_accountId_no_value()", test_append_accountId_no_value)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_append_accountId_no_file()", test_append_accountId_no_file)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_delete_accountId()", test_delete_accountId)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_delete_accountId_longer()", test_delete_accountId_longer)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_delete_accountId_shorter()", test_delete_accountId_shorter)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_delete_accountId_no_value()", test_delete_accountId_no_value)) || + (NULL == CU_add_test(pSuiteUtil, "test of test_delete_accountId_no_file()", test_delete_accountId_no_file)) + ) + { + CU_cleanup_registry(); + return CU_get_error(); + } + if ( + (NULL == CU_add_test(pSuiteDropPrivs, "test of test_drop_privileges()", test_drop_privileges))) + { + CU_cleanup_registry(); + return CU_get_error(); + } + + /* + CU_list_tests_to_file(); + CU_set_output_filename(output_file); + CU_automated_run_tests(); + */ + /* Run all tests using the CUnit Basic interface */ + + CU_basic_set_mode(CU_BRM_VERBOSE); + CU_basic_run_tests(); + + + CU_cleanup_registry(); + return CU_get_error(); +} \ No newline at end of file diff --git a/test/unit_test/CUnitCharsetSuite.c b/test/unit_test/CUnitCharsetSuite.c new file mode 100644 index 0000000..b99f8f9 --- /dev/null +++ b/test/unit_test/CUnitCharsetSuite.c @@ -0,0 +1,115 @@ +#include +#include +#include +#include + +#include "charset.h" + + + + + +/*-------------------------------------------------------------------------* + * ValidCode Test + *-------------------------------------------------------------------------*/ + +void test_valid_code() +{ + char *input1 = "DD3abC"; + char *input2 = "AB8mb9"; + char *input3 = "yhj83A"; + char *input4 = "Cabcmn"; + char *input5 = "222289"; + char *input6 = "ab789D"; + char *input7 = "gfrtX6"; + char *input8 = "4frtXu"; + char *input9 = "2frtX6"; + char *input10 = "yDXyr8"; + + CU_ASSERT(validCode(input1)); + CU_ASSERT(validCode(input2)); + CU_ASSERT(validCode(input3)); + CU_ASSERT(validCode(input4)); + CU_ASSERT(validCode(input5)); + CU_ASSERT(validCode(input6)); + CU_ASSERT(validCode(input7)); + CU_ASSERT(validCode(input8)); + CU_ASSERT(validCode(input9)); + CU_ASSERT(validCode(input10)); +} + +void test_valid_code_exceptions() +{ + char *input1 = "0abcmn"; + char *input2 = "OfrtX6"; + char *input3 = "1frtXu"; + char *input4 = "1frtX6"; + char *input5 = "dfr8X5"; + char *input6 = "yDSyr8"; + + CU_ASSERT_FALSE(validCode(input1)); + CU_ASSERT_FALSE(validCode(input2)); + CU_ASSERT_FALSE(validCode(input3)); + CU_ASSERT_FALSE(validCode(input4)); + CU_ASSERT_FALSE(validCode(input5)); + CU_ASSERT_FALSE(validCode(input6)); +} + +void test_valid_code_invalid_chars() +{ + char *input1 = "*abcmn"; + char *input2 = "Ofrt_6"; + char *input3 = "******"; + char *input4 = "'rptX6"; + char *input5 = "df¿?-g"; + char *input6 = "<ñsu 3"; + + CU_ASSERT_FALSE(validCode(input1)); + CU_ASSERT_FALSE(validCode(input2)); + CU_ASSERT_FALSE(validCode(input3)); + CU_ASSERT_FALSE(validCode(input4)); + CU_ASSERT_FALSE(validCode(input5)); + CU_ASSERT_FALSE(validCode(input6)); +} + +void test_valid_code_short() +{ + char *input1 = ""; + char *input2 = "rtde6"; + char *input3 = "***"; + char *input4 = "m"; + + CU_ASSERT_FALSE(validCode(input1)); + CU_ASSERT_FALSE(validCode(input2)); + CU_ASSERT_FALSE(validCode(input3)); + CU_ASSERT_FALSE(validCode(input4)); +} + +void test_valid_code_long() +{ + char *input1 = "fsdgdfhgfhghkkjhkkghtryt67rhrtu"; + char *input2 = "rtde886"; + char *input3 = "*********************************************"; + char *input4 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + + CU_ASSERT_FALSE(validCode(input1)); + CU_ASSERT_FALSE(validCode(input2)); + CU_ASSERT_FALSE(validCode(input3)); + CU_ASSERT_FALSE(validCode(input4)); +} + + + +/*-------------------------------------------------------------------------* + * Charset Suite + *-------------------------------------------------------------------------*/ + +int init_suiteCharset(void) +{ + return 0; +} + +int clean_suiteCharset(void) +{ + return 0; +} \ No newline at end of file diff --git a/test/unit_test/CUnitCharsetSuite.h b/test/unit_test/CUnitCharsetSuite.h new file mode 100644 index 0000000..290293a --- /dev/null +++ b/test/unit_test/CUnitCharsetSuite.h @@ -0,0 +1,8 @@ +void test_valid_code(void) ; +void test_valid_code_exceptions(void) ; +void test_valid_code_invalid_chars(void); +void test_valid_code_short(void); +void test_valid_code_long(void); + +int init_suiteCharset(void); +int clean_suiteCharset(void); \ No newline at end of file diff --git a/test/unit_test/CUnitDropPrivsSuite.c b/test/unit_test/CUnitDropPrivsSuite.c new file mode 100644 index 0000000..9821849 --- /dev/null +++ b/test/unit_test/CUnitDropPrivsSuite.c @@ -0,0 +1,108 @@ +#include +#include +#include +#include + +#include "drop_privs.h" + + + + +/*-------------------------------------------------------------------------* + * Drop_privileges Test + *-------------------------------------------------------------------------*/ + +void test_drop_privileges() +{ + char *e_user_name_initial = get_effective_user_name(); + char *r_user_name_initial = get_user_name(); + + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name_initial); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name_initial); + + // drop_privs temp + int response1 = drop_privileges(0); + char *e_user_name1 = get_effective_user_name(); + char *r_user_name1 = get_user_name(); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name1); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name1); + CU_ASSERT_STRING_EQUAL(r_user_name1, e_user_name1); + + // drop_privs temp again + int response2 = drop_privileges(0); + char *e_user_name2 = get_effective_user_name(); + char *r_user_name2 = get_user_name(); + + CU_ASSERT_FALSE(response2); + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name2); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name2); + CU_ASSERT_STRING_EQUAL(r_user_name2, e_user_name2); + + // restore privs + int response3 = restore_privileges(); + char *e_user_name3 = get_effective_user_name(); + char *r_user_name3 = get_user_name(); + + CU_ASSERT_FALSE(response3); + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name3); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name3); + CU_ASSERT_STRING_EQUAL(e_user_name_initial, e_user_name3); + + // drop_privs definitely + int response4 = drop_privileges(1); + char *e_user_name4 = get_effective_user_name(); + char *r_user_name4 = get_user_name(); + + CU_ASSERT_FALSE(response4); + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name4); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name4); + CU_ASSERT_STRING_EQUAL(r_user_name4, e_user_name4); + + // restore privs + int response5 = restore_privileges(); + char *e_user_name5 = get_effective_user_name(); + char *r_user_name5 = get_user_name(); + + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name5); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name5); + CU_ASSERT_STRING_EQUAL(r_user_name5, e_user_name5); + + // drop_privs temp (being dropped definitely) + int response6 = drop_privileges(0); + char *e_user_name6 = get_effective_user_name(); + char *r_user_name6 = get_user_name(); + + CU_ASSERT_FALSE(response6); + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name6); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name6); + CU_ASSERT_STRING_EQUAL(r_user_name6, e_user_name6); + + // drop_privs definitely again + int response7 = drop_privileges(1); + char *e_user_name7 = get_effective_user_name(); + char *r_user_name7 = get_user_name(); + + CU_ASSERT_FALSE(response7); + CU_ASSERT_PTR_NOT_NULL_FATAL(e_user_name7); + CU_ASSERT_PTR_NOT_NULL_FATAL(r_user_name7); + CU_ASSERT_STRING_EQUAL(r_user_name7, e_user_name7); +} + + + + +/*-------------------------------------------------------------------------* + * Drop privs Suite + *-------------------------------------------------------------------------*/ + +int init_suiteDropPrivs(void) +{ + return 0; +} + +int clean_suiteDropPrivs(void) +{ + return 0; +} \ No newline at end of file diff --git a/test/unit_test/CUnitDropPrivsSuite.h b/test/unit_test/CUnitDropPrivsSuite.h new file mode 100644 index 0000000..b99e04a --- /dev/null +++ b/test/unit_test/CUnitDropPrivsSuite.h @@ -0,0 +1,4 @@ +void test_drop_privileges(void); + +int init_suiteDropPrivs(void); +int clean_suiteDropPrivs(void); \ No newline at end of file diff --git a/test/unit_test/CUnitUtilSuite.c b/test/unit_test/CUnitUtilSuite.c new file mode 100644 index 0000000..92b04be --- /dev/null +++ b/test/unit_test/CUnitUtilSuite.c @@ -0,0 +1,422 @@ +#include +#include +#include +#include + +#include "util.h" + + +static const char *pAccountsFile = "test.accounts"; +static const char *pConfigFile = "test.conf"; + + + +/*-------------------------------------------------------------------------* + * GetAccount Test + *-------------------------------------------------------------------------*/ + +void test_get_account() +{ + const char* input = "user"; + const char* response = getAccountId(input, pAccountsFile); + const char* expected = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + + CU_ASSERT_PTR_NOT_NULL_FATAL(response); + CU_ASSERT_STRING_EQUAL(expected, response); +} + +void test_get_account_equals() +{ + const char* input1 = "user1"; + const char* input2 = "user2"; + const char* response1 = getAccountId(input1, pAccountsFile); + const char* response2 = getAccountId(input2, pAccountsFile); + const char* expected = "123xxxbrt8a782408a396197bv82a664b61eb7dd2f9b97236202e290489d9777"; + + CU_ASSERT_PTR_NOT_NULL_FATAL(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(response2); + CU_ASSERT_STRING_EQUAL(expected, response1); + CU_ASSERT_STRING_EQUAL(expected, response2); +} + +void test_get_account_longer_accountId() +{ + const char* input = "user3"; + const char* response = getAccountId(input, pAccountsFile); + + CU_ASSERT_PTR_NULL(response); +} + +void test_get_account_shorter_accountId() +{ + const char* input = "user4"; + const char* response = getAccountId(input, pAccountsFile); + + CU_ASSERT_PTR_NULL(response); +} + +void test_get_account_no_value() +{ + const char* input = "root"; + const char* response = getAccountId(input, pAccountsFile); + + CU_ASSERT_PTR_NULL(response); +} + +void test_get_account_user_not_found() +{ + const char* input = "bad_user"; + const char* response = getAccountId(input, pAccountsFile); + + CU_ASSERT_PTR_NULL(response); +} + + +/*-------------------------------------------------------------------------* + * GetConfig Test + *-------------------------------------------------------------------------*/ + +void test_get_config() +{ + const char* input1 = "app_id"; + const char* input2 = "secret_key"; + + char *response1; + char *response2; + + response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); + response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); + + const char* expected1 = "gh7a3yh82B5zjhgeP6y7"; + const char* expected2 = "t6yEdFivm3jDnt4DfghvbnQrb54ed509sTXvs6yu"; + + CU_ASSERT_PTR_NOT_NULL_FATAL(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(response2); + CU_ASSERT_STRING_EQUAL(expected1, response1); + CU_ASSERT_STRING_EQUAL(expected2, response2); +} + +void test_get_config_bad_config_file() +{ + const char* input1 = "app_id"; + const char* input2 = "secret_key"; + + char *response1; + char *response2; + + response1 = getConfig(APP_ID_LENGTH, input1, "bad_latch.conf"); + response2 = getConfig(SECRET_KEY_LENGTH, input2, "bad_latch.conf"); + + CU_ASSERT_PTR_NULL(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_get_config_longer_length() +{ + const char* input1 = "app_id_longer"; + const char* input2 = "secret_key_longer"; + + char *response1; + char *response2; + + response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); + response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); + + const char* expected1 = "gh7a3yh82B5zjvxcxcbx"; + const char* expected2 = "t6yEdFivm3jDnt4fgfgdgsdfnm86878zczvcxDfg"; + + CU_ASSERT_PTR_NOT_NULL_FATAL(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(response2); + CU_ASSERT_STRING_EQUAL(expected1, response1); + CU_ASSERT_STRING_EQUAL(expected2, response2); +} + +void test_get_config_shorter_length() +{ + const char* input1 = "app_id_shorter"; + const char* input2 = "secret_key_shorter"; + + char *response1; + char *response2; + + response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); + response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); + + const char* expected1 = "gh7a3yh82B"; + const char* expected2 = "t6yEdFivm3jDnt4Dfgh"; + + CU_ASSERT_PTR_NOT_NULL_FATAL(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(response2); + CU_ASSERT_STRING_EQUAL(expected1, response1); + CU_ASSERT_STRING_EQUAL(expected2, response2); +} + +void test_get_config_empty() +{ + const char* input1 = "app_id"; + const char* input2 = "secret_key"; + + char *response1; + char *response2; + + response1 = getConfig(APP_ID_LENGTH, input1, "empty.conf"); + response2 = getConfig(SECRET_KEY_LENGTH, input2, "empty.conf"); + + CU_ASSERT_PTR_NULL(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_get_config_no_value() +{ + const char* input1 = "app_id_no_value"; + const char* input2 = "secret_key_no_value"; + + char *response1 = NULL; + char *response2 = NULL; + + response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); + response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); + + CU_ASSERT_PTR_NULL(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_get_config_gt_bufsiz() +{ + FILE *fd = fopen("temp.conf", "w"); + fprintf(fd, "app_id_gt_bufsiz = "); + + int i; + for (i = 0 ; i < BUFSIZ + 10 ; i++) { + fprintf(fd, "X"); + } + fprintf(fd, "\n\n"); + fprintf(fd, "secret_key_gt_bufsiz = "); + + for (i = 0 ; i < BUFSIZ + 10 ; i++) { + fprintf(fd, "x"); + } + fprintf(fd, "\n\n"); + + fclose(fd); + + const char* input1 = "app_id_gt_bufsiz"; + const char* input2 = "secret_key_gt_bufsiz"; + + char *response1; + char *response2; + + response1 = getConfig(APP_ID_LENGTH, input1, "temp.conf"); + response2 = getConfig(SECRET_KEY_LENGTH, input2, "temp.conf"); + + remove("temp.conf"); + + const char* expected1 = "XXXXXXXXXXXXXXXXXXXX"; + const char* expected2 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; + + CU_ASSERT_PTR_NOT_NULL_FATAL(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(response2); + CU_ASSERT_STRING_EQUAL(expected1, response1); + CU_ASSERT_STRING_EQUAL(expected2, response2); +} + + +/*-------------------------------------------------------------------------* + * CountAccountId Test + *-------------------------------------------------------------------------*/ + +void test_count_account() +{ + const char* input1 = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + const char* input2 = "123xxxbrt8a782408a396197bv82a664b61eb7dd2f9b97236202e290489d9777"; + const char* input3 = "023xxxbrt8a782408a396197bv82a664b61eb7dd2f9b97236202e290489d9777"; + const char* input4 = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b9"; + + int response1 = countAccountId(input1, pAccountsFile); + int response2 = countAccountId(input2, pAccountsFile); + int response3 = countAccountId(input3, pAccountsFile); + int response4 = countAccountId(input4, pAccountsFile); + + int expected1 = 1; + int expected2 = 2; + int expected3 = 0; + int expected4 = 0; + + CU_ASSERT_TRUE(response1 == expected1); + CU_ASSERT_TRUE(response2 == expected2); + CU_ASSERT_TRUE(response3 == expected3); + CU_ASSERT_TRUE(response4 == expected4); +} + +void test_count_account_bad_length() +{ + const char* input = "yuihdcvbn8a782408a397236202e2904rffmjh3"; + int response = countAccountId(input, pAccountsFile); + int expected = -1; + + CU_ASSERT_TRUE(response == expected); +} + +void test_count_account_null() +{ + int response = countAccountId(NULL, pAccountsFile); + int expected = -1; + + CU_ASSERT_TRUE(response == expected); +} + +void test_count_account_null_acc_file() +{ + const char* input = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + int response = countAccountId(input, NULL); + int expected = -1; + + CU_ASSERT_TRUE(response == expected); +} + +void test_count_account_bad_acc_file() +{ + const char* input = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + int response = countAccountId(input, "bad_acc_file.accounts"); + int expected = -1; + + CU_ASSERT_TRUE(response == expected); +} + + + +/*-------------------------------------------------------------------------* + * AppendAccountId Test + *-------------------------------------------------------------------------*/ + +void test_append_accountId() +{ + const char* input = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + int response1 = appendAccountId("username", input, pAccountsFile); + + const char* response2 = getAccountId("username", pAccountsFile); + const char* expected2 = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(response2); + CU_ASSERT_STRING_EQUAL(expected2, response2); +} + +void test_append_accountId_longer() +{ + const char* input = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8t543tst45"; + int response1 = appendAccountId("username_longer", input, pAccountsFile); + + const char* response2 = getAccountId("username_longer", pAccountsFile); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_append_accountId_shorter() +{ + const char* input = "4461eb7dd2f9b97236202e290489d98b8t543tst45"; + int response1 = appendAccountId("username_shorter", input, pAccountsFile); + + const char* response2 = getAccountId("username_shorter", pAccountsFile); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_append_accountId_no_value() +{ + const char* input = ""; + int response1 = appendAccountId("username_no_value", input, pAccountsFile); + + const char* response2 = getAccountId("username_no_value", pAccountsFile); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_append_accountId_no_file() +{ + const char* input = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + int response1 = appendAccountId("username_no_file", input, "no_file"); + + const char* response2 = getAccountId("username", pAccountsFile); + const char* expected2 = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; + + remove("no_file"); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NOT_NULL_FATAL(response2); + CU_ASSERT_STRING_EQUAL(expected2, response2); +} + + + +/*-------------------------------------------------------------------------* + * DeleteAccountId Test + *-------------------------------------------------------------------------*/ + +void test_delete_accountId() +{ + int response1 = deleteAccountId("username", pAccountsFile); + + const char* response2 = getAccountId("username", pAccountsFile); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_delete_accountId_longer() +{ + int response1 = deleteAccountId("username_longer", pAccountsFile); + + const char* response2 = getAccountId("username_longer", pAccountsFile); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_delete_accountId_shorter() +{ + int response1 = deleteAccountId("username_shorter", pAccountsFile); + + const char* response2 = getAccountId("username_shorter", pAccountsFile); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NULL(response2); +} + +void test_delete_accountId_no_value() +{ + int response1 = deleteAccountId("username_no_value", pAccountsFile); + + const char* response2 = getAccountId("username_no_value", pAccountsFile); + + CU_ASSERT_FALSE(response1); + CU_ASSERT_PTR_NULL(response2); + +} + +void test_delete_accountId_no_file() +{ + int response = deleteAccountId("username_no_file", "no_file"); + + CU_ASSERT_TRUE(response); +} + + + + +/*-------------------------------------------------------------------------* + * Util Suite + *-------------------------------------------------------------------------*/ + +int init_suiteUtil(void) +{ + return 0; +} + +int clean_suiteUtil(void) +{ + return 0; +} \ No newline at end of file diff --git a/test/unit_test/CUnitUtilSuite.h b/test/unit_test/CUnitUtilSuite.h new file mode 100644 index 0000000..59f5cb7 --- /dev/null +++ b/test/unit_test/CUnitUtilSuite.h @@ -0,0 +1,35 @@ +void test_get_account(void); +void test_get_account_equals(void); +void test_get_account_longer_accountId(void); +void test_get_account_shorter_accountId(void); +void test_get_account_no_value(void); +void test_get_account_user_not_found(void); + +void test_get_config(void); +void test_get_config_bad_config_file(void); +void test_get_config_longer_length(void); +void test_get_config_shorter_length(void); +void test_get_config_empty(void); +void test_get_config_no_value(void); +void test_get_config_gt_bufsiz(void); + +void test_count_account(void); +void test_count_account_bad_length(void); +void test_count_account_null(void); +void test_count_account_null_acc_file(void); +void test_count_account_bad_acc_file(void); + +void test_append_accountId(void); +void test_append_accountId_longer(void); +void test_append_accountId_shorter(void); +void test_append_accountId_no_value(void); +void test_append_accountId_no_file(void); + +void test_delete_accountId(void); +void test_delete_accountId_longer(void); +void test_delete_accountId_shorter(void); +void test_delete_accountId_no_value(void); +void test_delete_accountId_no_file(void); + +int init_suiteUtil(void); +int clean_suiteUtil(void); \ No newline at end of file diff --git a/test/unit_test/CharsetTest.c b/test/unit_test/CharsetTest.c deleted file mode 100644 index 295b84d..0000000 --- a/test/unit_test/CharsetTest.c +++ /dev/null @@ -1,152 +0,0 @@ -#include -#include -#include - -#include "CuTest.h" -#include "../../lib/charset.h" - - - - -/*-------------------------------------------------------------------------* - * ValidCode Test - *-------------------------------------------------------------------------*/ - -void TestValidCode(CuTest *tc) { - - char *input1 = "DD3abC"; - char *input2 = "AB8mb9"; - char *input3 = "yhj83A"; - char *input4 = "Cabcmn"; - char *input5 = "222289"; - char *input6 = "ab789D"; - char *input7 = "gfrtX6"; - char *input8 = "4frtXu"; - char *input9 = "2frtX6"; - char *input10 = "yDXyr8"; - - int response1 = validCode(input1); - int response2 = validCode(input2); - int response3 = validCode(input3); - int response4 = validCode(input4); - int response5 = validCode(input5); - int response6 = validCode(input6); - int response7 = validCode(input7); - int response8 = validCode(input8); - int response9 = validCode(input9); - int response10 = validCode(input10); - - CuAssertTrue(tc, response1); - CuAssertTrue(tc, response2); - CuAssertTrue(tc, response3); - CuAssertTrue(tc, response4); - CuAssertTrue(tc, response5); - CuAssertTrue(tc, response6); - CuAssertTrue(tc, response7); - CuAssertTrue(tc, response8); - CuAssertTrue(tc, response9); - CuAssertTrue(tc, response10); -} - -void TestValidCode_Exceptions(CuTest *tc) { - - char *input1 = "0abcmn"; - char *input2 = "OfrtX6"; - char *input3 = "1frtXu"; - char *input4 = "1frtX6"; - char *input5 = "dfr8X5"; - char *input6 = "yDSyr8"; - - int response1 = validCode(input1); - int response2 = validCode(input2); - int response3 = validCode(input3); - int response4 = validCode(input4); - int response5 = validCode(input5); - int response6 = validCode(input6); - - CuAssertTrue(tc, !response1); - CuAssertTrue(tc, !response2); - CuAssertTrue(tc, !response3); - CuAssertTrue(tc, !response4); - CuAssertTrue(tc, !response5); - CuAssertTrue(tc, !response6); -} - -void TestValidCode_Invalid_Chars(CuTest *tc) { - - char *input1 = "*abcmn"; - char *input2 = "Ofrt_6"; - char *input3 = "******"; - char *input4 = "'rptX6"; - char *input5 = "df¿?-g"; - char *input6 = "<ñsu 3"; - - int response1 = validCode(input1); - int response2 = validCode(input2); - int response3 = validCode(input3); - int response4 = validCode(input4); - int response5 = validCode(input5); - int response6 = validCode(input6); - - CuAssertTrue(tc, !response1); - CuAssertTrue(tc, !response2); - CuAssertTrue(tc, !response3); - CuAssertTrue(tc, !response4); - CuAssertTrue(tc, !response5); - CuAssertTrue(tc, !response6); -} - -void TestValidCode_Short(CuTest *tc) { - - char *input1 = ""; - char *input2 = "rtde6"; - char *input3 = "***"; - char *input4 = "m"; - - int response1 = validCode(input1); - int response2 = validCode(input2); - int response3 = validCode(input3); - int response4 = validCode(input4); - - CuAssertTrue(tc, !response1); - CuAssertTrue(tc, !response2); - CuAssertTrue(tc, !response3); - CuAssertTrue(tc, !response4); -} - -void TestValidCode_Long(CuTest *tc) { - - char *input1 = "fsdgdfhgfhghkkjhkkghtryt67rhrtu"; - char *input2 = "rtde886"; - char *input3 = "*********************************************"; - char *input4 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - - int response1 = validCode(input1); - int response2 = validCode(input2); - int response3 = validCode(input3); - int response4 = validCode(input4); - - CuAssertTrue(tc, !response1); - CuAssertTrue(tc, !response2); - CuAssertTrue(tc, !response3); - CuAssertTrue(tc, !response4); -} - - - -/*-------------------------------------------------------------------------* - * CharsetSuite Test - *-------------------------------------------------------------------------*/ - - -CuSuite* CharsetGetSuite() { - CuSuite* suite = CuSuiteNew(); - - SUITE_ADD_TEST(suite, TestValidCode); - SUITE_ADD_TEST(suite, TestValidCode_Exceptions); - SUITE_ADD_TEST(suite, TestValidCode_Invalid_Chars); - SUITE_ADD_TEST(suite, TestValidCode_Short); - SUITE_ADD_TEST(suite, TestValidCode_Long); - - return suite; -} diff --git a/test/unit_test/CuTest.c b/test/unit_test/CuTest.c deleted file mode 100644 index 8f61199..0000000 --- a/test/unit_test/CuTest.c +++ /dev/null @@ -1,339 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include "CuTest.h" - -/*-------------------------------------------------------------------------* - * CuStr - *-------------------------------------------------------------------------*/ - -char* CuStrAlloc(int size) -{ - char* newStr = (char*) malloc( sizeof(char) * (size) ); - return newStr; -} - -char* CuStrCopy(const char* old) -{ - int len = strlen(old); - char* newStr = CuStrAlloc(len + 1); - strcpy(newStr, old); - return newStr; -} - -/*-------------------------------------------------------------------------* - * CuString - *-------------------------------------------------------------------------*/ - -void CuStringInit(CuString* str) -{ - str->length = 0; - str->size = STRING_MAX; - str->buffer = (char*) malloc(sizeof(char) * str->size); - str->buffer[0] = '\0'; -} - -CuString* CuStringNew(void) -{ - CuString* str = (CuString*) malloc(sizeof(CuString)); - str->length = 0; - str->size = STRING_MAX; - str->buffer = (char*) malloc(sizeof(char) * str->size); - str->buffer[0] = '\0'; - return str; -} - -void CuStringDelete(CuString *str) -{ - if (!str) return; - free(str->buffer); - free(str); -} - -void CuStringResize(CuString* str, int newSize) -{ - str->buffer = (char*) realloc(str->buffer, sizeof(char) * newSize); - str->size = newSize; -} - -void CuStringAppend(CuString* str, const char* text) -{ - int length; - - if (text == NULL) { - text = "NULL"; - } - - length = strlen(text); - if (str->length + length + 1 >= str->size) - CuStringResize(str, str->length + length + 1 + STRING_INC); - str->length += length; - strcat(str->buffer, text); -} - -void CuStringAppendChar(CuString* str, char ch) -{ - char text[2]; - text[0] = ch; - text[1] = '\0'; - CuStringAppend(str, text); -} - -void CuStringAppendFormat(CuString* str, const char* format, ...) -{ - va_list argp; - char buf[HUGE_STRING_LEN]; - va_start(argp, format); - vsprintf(buf, format, argp); - va_end(argp); - CuStringAppend(str, buf); -} - -void CuStringInsert(CuString* str, const char* text, int pos) -{ - int length = strlen(text); - if (pos > str->length) - pos = str->length; - if (str->length + length + 1 >= str->size) - CuStringResize(str, str->length + length + 1 + STRING_INC); - memmove(str->buffer + pos + length, str->buffer + pos, (str->length - pos) + 1); - str->length += length; - memcpy(str->buffer + pos, text, length); -} - -/*-------------------------------------------------------------------------* - * CuTest - *-------------------------------------------------------------------------*/ - -void CuTestInit(CuTest* t, const char* name, TestFunction function) -{ - t->name = CuStrCopy(name); - t->failed = 0; - t->ran = 0; - t->message = NULL; - t->function = function; - t->jumpBuf = NULL; -} - -CuTest* CuTestNew(const char* name, TestFunction function) -{ - CuTest* tc = CU_ALLOC(CuTest); - CuTestInit(tc, name, function); - return tc; -} - -void CuTestDelete(CuTest *t) -{ - if (!t) return; - free(t->name); - free(t); -} - -void CuTestRun(CuTest* tc) -{ - jmp_buf buf; - tc->jumpBuf = &buf; - if (setjmp(buf) == 0) - { - tc->ran = 1; - (tc->function)(tc); - } - tc->jumpBuf = 0; -} - -static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* string) -{ - char buf[HUGE_STRING_LEN]; - - sprintf(buf, "%s:%d: ", file, line); - CuStringInsert(string, buf, 0); - - tc->failed = 1; - tc->message = string->buffer; - if (tc->jumpBuf != 0) longjmp(*(tc->jumpBuf), 0); -} - -void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message) -{ - CuString string; - - CuStringInit(&string); - if (message2 != NULL) - { - CuStringAppend(&string, message2); - CuStringAppend(&string, ": "); - } - CuStringAppend(&string, message); - CuFailInternal(tc, file, line, &string); -} - -void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition) -{ - if (condition) return; - CuFail_Line(tc, file, line, NULL, message); -} - -void CuAssertStrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, - const char* expected, const char* actual) -{ - CuString string; - if ((expected == NULL && actual == NULL) || - (expected != NULL && actual != NULL && - strcmp(expected, actual) == 0)) - { - return; - } - - CuStringInit(&string); - if (message != NULL) - { - CuStringAppend(&string, message); - CuStringAppend(&string, ": "); - } - CuStringAppend(&string, "expected <"); - CuStringAppend(&string, expected); - CuStringAppend(&string, "> but was <"); - CuStringAppend(&string, actual); - CuStringAppend(&string, ">"); - CuFailInternal(tc, file, line, &string); -} - -void CuAssertIntEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, - int expected, int actual) -{ - char buf[STRING_MAX]; - if (expected == actual) return; - sprintf(buf, "expected <%d> but was <%d>", expected, actual); - CuFail_Line(tc, file, line, message, buf); -} - -void CuAssertDblEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, - double expected, double actual, double delta) -{ - char buf[STRING_MAX]; - if (fabs(expected - actual) <= delta) return; - sprintf(buf, "expected <%f> but was <%f>", expected, actual); - - CuFail_Line(tc, file, line, message, buf); -} - -void CuAssertPtrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, - void* expected, void* actual) -{ - char buf[STRING_MAX]; - if (expected == actual) return; - sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual); - CuFail_Line(tc, file, line, message, buf); -} - - -/*-------------------------------------------------------------------------* - * CuSuite - *-------------------------------------------------------------------------*/ - -void CuSuiteInit(CuSuite* testSuite) -{ - testSuite->count = 0; - testSuite->failCount = 0; - memset(testSuite->list, 0, sizeof(testSuite->list)); -} - -CuSuite* CuSuiteNew(void) -{ - CuSuite* testSuite = CU_ALLOC(CuSuite); - CuSuiteInit(testSuite); - return testSuite; -} - -void CuSuiteDelete(CuSuite *testSuite) -{ - unsigned int n; - for (n=0; n < MAX_TEST_CASES; n++) - { - if (testSuite->list[n]) - { - CuTestDelete(testSuite->list[n]); - } - } - free(testSuite); - -} - -void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase) -{ - assert(testSuite->count < MAX_TEST_CASES); - testSuite->list[testSuite->count] = testCase; - testSuite->count++; -} - -void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2) -{ - int i; - for (i = 0 ; i < testSuite2->count ; ++i) - { - CuTest* testCase = testSuite2->list[i]; - CuSuiteAdd(testSuite, testCase); - } -} - -void CuSuiteRun(CuSuite* testSuite) -{ - int i; - for (i = 0 ; i < testSuite->count ; ++i) - { - CuTest* testCase = testSuite->list[i]; - CuTestRun(testCase); - if (testCase->failed) { testSuite->failCount += 1; } - } -} - -void CuSuiteSummary(CuSuite* testSuite, CuString* summary) -{ - int i; - for (i = 0 ; i < testSuite->count ; ++i) - { - CuTest* testCase = testSuite->list[i]; - CuStringAppend(summary, testCase->failed ? "F" : "."); - } - CuStringAppend(summary, "\n\n"); -} - -void CuSuiteDetails(CuSuite* testSuite, CuString* details) -{ - int i; - int failCount = 0; - - if (testSuite->failCount == 0) - { - int passCount = testSuite->count - testSuite->failCount; - const char* testWord = passCount == 1 ? "test" : "tests"; - CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord); - } - else - { - if (testSuite->failCount == 1) - CuStringAppend(details, "There was 1 failure:\n"); - else - CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount); - - for (i = 0 ; i < testSuite->count ; ++i) - { - CuTest* testCase = testSuite->list[i]; - if (testCase->failed) - { - failCount++; - CuStringAppendFormat(details, "%d) %s: %s\n", - failCount, testCase->name, testCase->message); - } - } - CuStringAppend(details, "\n!!!FAILURES!!!\n"); - - CuStringAppendFormat(details, "Runs: %d ", testSuite->count); - CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount); - CuStringAppendFormat(details, "Fails: %d\n", testSuite->failCount); - } -} diff --git a/test/unit_test/CuTest.h b/test/unit_test/CuTest.h deleted file mode 100644 index 8b32773..0000000 --- a/test/unit_test/CuTest.h +++ /dev/null @@ -1,116 +0,0 @@ -#ifndef CU_TEST_H -#define CU_TEST_H - -#include -#include - -#define CUTEST_VERSION "CuTest 1.5" - -/* CuString */ - -char* CuStrAlloc(int size); -char* CuStrCopy(const char* old); - -#define CU_ALLOC(TYPE) ((TYPE*) malloc(sizeof(TYPE))) - -#define HUGE_STRING_LEN 8192 -#define STRING_MAX 256 -#define STRING_INC 256 - -typedef struct -{ - int length; - int size; - char* buffer; -} CuString; - -void CuStringInit(CuString* str); -CuString* CuStringNew(void); -void CuStringRead(CuString* str, const char* path); -void CuStringAppend(CuString* str, const char* text); -void CuStringAppendChar(CuString* str, char ch); -void CuStringAppendFormat(CuString* str, const char* format, ...); -void CuStringInsert(CuString* str, const char* text, int pos); -void CuStringResize(CuString* str, int newSize); -void CuStringDelete(CuString* str); - -/* CuTest */ - -typedef struct CuTest CuTest; - -typedef void (*TestFunction)(CuTest *); - -struct CuTest -{ - char* name; - TestFunction function; - int failed; - int ran; - const char* message; - jmp_buf *jumpBuf; -}; - -void CuTestInit(CuTest* t, const char* name, TestFunction function); -CuTest* CuTestNew(const char* name, TestFunction function); -void CuTestRun(CuTest* tc); -void CuTestDelete(CuTest *t); - -/* Internal versions of assert functions -- use the public versions */ -void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message); -void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition); -void CuAssertStrEquals_LineMsg(CuTest* tc, - const char* file, int line, const char* message, - const char* expected, const char* actual); -void CuAssertIntEquals_LineMsg(CuTest* tc, - const char* file, int line, const char* message, - int expected, int actual); -void CuAssertDblEquals_LineMsg(CuTest* tc, - const char* file, int line, const char* message, - double expected, double actual, double delta); -void CuAssertPtrEquals_LineMsg(CuTest* tc, - const char* file, int line, const char* message, - void* expected, void* actual); - -/* public assert functions */ - -#define CuFail(tc, ms) CuFail_Line( (tc), __FILE__, __LINE__, NULL, (ms)) -#define CuAssert(tc, ms, cond) CuAssert_Line((tc), __FILE__, __LINE__, (ms), (cond)) -#define CuAssertTrue(tc, cond) CuAssert_Line((tc), __FILE__, __LINE__, "assert failed", (cond)) - -#define CuAssertStrEquals(tc,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) -#define CuAssertStrEquals_Msg(tc,ms,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) -#define CuAssertIntEquals(tc,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) -#define CuAssertIntEquals_Msg(tc,ms,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) -#define CuAssertDblEquals(tc,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac),(dl)) -#define CuAssertDblEquals_Msg(tc,ms,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac),(dl)) -#define CuAssertPtrEquals(tc,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) -#define CuAssertPtrEquals_Msg(tc,ms,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) - -#define CuAssertPtrNotNull(tc,p) CuAssert_Line((tc),__FILE__,__LINE__,"null pointer unexpected",(p != NULL)) -#define CuAssertPtrNotNullMsg(tc,msg,p) CuAssert_Line((tc),__FILE__,__LINE__,(msg),(p != NULL)) - -/* CuSuite */ - -#define MAX_TEST_CASES 1024 - -#define SUITE_ADD_TEST(SUITE,TEST) CuSuiteAdd(SUITE, CuTestNew(#TEST, TEST)) - -typedef struct -{ - int count; - CuTest* list[MAX_TEST_CASES]; - int failCount; - -} CuSuite; - - -void CuSuiteInit(CuSuite* testSuite); -CuSuite* CuSuiteNew(void); -void CuSuiteDelete(CuSuite *testSuite); -void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase); -void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2); -void CuSuiteRun(CuSuite* testSuite); -void CuSuiteSummary(CuSuite* testSuite, CuString* summary); -void CuSuiteDetails(CuSuite* testSuite, CuString* details); - -#endif /* CU_TEST_H */ diff --git a/test/unit_test/Makefile b/test/unit_test/Makefile new file mode 100644 index 0000000..df70806 --- /dev/null +++ b/test/unit_test/Makefile @@ -0,0 +1,31 @@ +CC := cc +RM := rm +ROOT_DIR := ../.. +LIB_DIR := $(ROOT_DIR)/lib + +SRCEXT := c +BUILDEXT := o + +SOURCES := $(shell find . -type f -name "*.$(SRCEXT)") $(LIB_DIR)/charset.c $(LIB_DIR)/util.c $(LIB_DIR)/drop_privs.c +OBJECTS := $(patsubst %.$(SRCEXT),%.$(BUILDEXT),$(SOURCES)) +TARGET := test + +CFLAGS += -g -Wall -I$(LIB_DIR) -I$(ROOT_DIR) +LDFLAGS += -lcunit + +all: ${TARGET} + +$(TARGET): $(OBJECTS) + @echo " $(CC) -o $@ $(OBJECTS) $(LDFLAGS)"; $(CC) -o $@ $(OBJECTS) $(LDFLAGS) + +.c.o: + @echo " $(CC) -c $(CFLAGS) -o $@ $<"; $(CC) -c $(CFLAGS) -o $@ $< + +clean: + @echo " Cleaning..."; + @echo " $(RM) -rf $(OBJECTS) $(TARGET)"; $(RM) -rf $(OBJECTS) $(TARGET) + +setuid: + @echo " chown root"; chown root test + @echo " chmod 4755 test"; chmod 4755 test + diff --git a/test/unit_test/README b/test/unit_test/README new file mode 100644 index 0000000..cf1747d --- /dev/null +++ b/test/unit_test/README @@ -0,0 +1,25 @@ +* Prerrequisites: + - CUnit 2.1.3 available -> http://sourceforge.net/projects/cunit/ + +To install CUNit: +``` +autoreconf --install +``` +``` +autoconf configure.in > configure +``` +``` +./configure && make && sudo make install +``` + + + +CUnit documentation -> http://cunit.sourceforge.net/ + + + + +* make +* run ./test + + diff --git a/test/unit_test/UtilTest.c b/test/unit_test/UtilTest.c deleted file mode 100644 index 673bf4a..0000000 --- a/test/unit_test/UtilTest.c +++ /dev/null @@ -1,478 +0,0 @@ -#include -#include -#include - -#include "CuTest.h" -#include "../../lib/util.h" - - -static const char *pAccountsFile = "test.accounts"; -static const char *pConfigFile = "test.conf"; - - - -/*-------------------------------------------------------------------------* - * GetAccount Test - *-------------------------------------------------------------------------*/ - -void TestGetAccount(CuTest *tc) { - - const char* input = strdup("user"); - const char* response = getAccountId(input, pAccountsFile); - const char* expected = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; - - CuAssertStrEquals(tc, expected, response); -} - -void TestGetAccount_Equals(CuTest *tc) { - - const char* input1 = strdup("user1"); - const char* input2 = strdup("user2"); - const char* response1 = getAccountId(input1, pAccountsFile); - const char* response2 = getAccountId(input2, pAccountsFile); - const char* expected = "123xxxbrt8a782408a396197bv82a664b61eb7dd2f9b97236202e290489d9777"; - - CuAssertStrEquals(tc, expected, response1); - CuAssertStrEquals(tc, expected, response2); -} - -void TestGetAccount_Longer_AccountId(CuTest *tc) { - - const char* input = strdup("user3"); - const char* response = getAccountId(input, pAccountsFile); - const char* expected = NULL; - - CuAssertTrue(tc, response == expected); -} - -void TestGetAccount_Shorter_AccountId(CuTest *tc) { - - const char* input = strdup("user4"); - const char* response = getAccountId(input, pAccountsFile); - const char* expected = NULL; - - CuAssertTrue(tc, response == expected); -} - -void TestGetAccount_No_Value(CuTest *tc) { - - const char* input = strdup("root"); - const char* response = getAccountId(input, pAccountsFile); - const char* expected = NULL; - - CuAssertTrue(tc, response == expected); -} - -void TestGetAccount_User_not_found(CuTest *tc) { - - const char* input = strdup("bad_user"); - const char* response = getAccountId(input, pAccountsFile); - const char* expected = NULL; - - CuAssertTrue(tc, response == expected); -} - -/*-------------------------------------------------------------------------* - * GetConfig Test - *-------------------------------------------------------------------------*/ - -void TestGetConfig(CuTest *tc) { - - const char* input1 = strdup("app_id"); - const char* input2 = strdup("secret_key"); - - char *response1; - char *response2; - - response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); - response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); - - const char* expected1 = "gh7a3yh82B5zjhgeP6y7"; - const char* expected2 = "t6yEdFivm3jDnt4DfghvbnQrb54ed509sTXvs6yu"; - - CuAssertStrEquals(tc, expected1, response1); - CuAssertStrEquals(tc, expected2, response2); -} - -void TestGetConfig_Bad_configFile(CuTest *tc) { - - const char* input1 = strdup("app_id"); - const char* input2 = strdup("secret_key"); - - char *response1; - char *response2; - - response1 = getConfig(APP_ID_LENGTH, input1, "bad_latch.conf"); - response2 = getConfig(SECRET_KEY_LENGTH, input2, "bad_latch.conf"); - - char expected1 = NULL; - char expected2 = NULL; - - CuAssertTrue(tc, response1 == expected1); - CuAssertTrue(tc, response2 == expected2); -} - -void TestGetConfig_Longer_Length(CuTest *tc) { - - const char* input1 = strdup("app_id_longer"); - const char* input2 = strdup("secret_key_longer"); - - char *response1; - char *response2; - - response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); - response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); - - const char* expected1 = "gh7a3yh82B5zjvxcxcbx"; - const char* expected2 = "t6yEdFivm3jDnt4fgfgdgsdfnm86878zczvcxDfg"; - - CuAssertStrEquals(tc, expected1, response1); - CuAssertStrEquals(tc, expected2, response2); -} - -void TestGetConfig_Shorter_Length(CuTest *tc) { - - const char* input1 = strdup("app_id_shorter"); - const char* input2 = strdup("secret_key_shorter"); - - char *response1; - char *response2; - - response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); - response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); - - const char* expected1 = "gh7a3yh82B"; - const char* expected2 = "t6yEdFivm3jDnt4Dfgh"; - - CuAssertStrEquals(tc, expected1, response1); - CuAssertStrEquals(tc, expected2, response2); -} - -void TestGetConfig_Empty(CuTest *tc) { - - const char* input1 = strdup("app_id"); - const char* input2 = strdup("secret_key"); - - char *response1; - char *response2; - - response1 = getConfig(APP_ID_LENGTH, input1, "empty.conf"); - response2 = getConfig(SECRET_KEY_LENGTH, input2, "empty.conf"); - - char *expected1 = NULL; - char *expected2 = NULL; - - CuAssertTrue(tc, response1 == expected1); - CuAssertTrue(tc, response2 == expected2); -} - -void TestGetConfig_No_Value(CuTest *tc) { - - const char* input1 = strdup("app_id_no_value"); - const char* input2 = strdup("secret_key_no_value"); - - char *response1 = NULL; - char *response2 = NULL; - - response1 = getConfig(APP_ID_LENGTH, input1, pConfigFile); - response2 = getConfig(SECRET_KEY_LENGTH, input2, pConfigFile); - - char *expected1 = NULL; - char *expected2 = NULL; - - CuAssertTrue(tc, response1 == expected1); - CuAssertTrue(tc, response2 == expected2); -} - -void TestGetConfig_Gt_Bufsiz(CuTest *tc) { - - FILE *fd = fopen("temp.conf", "w"); - fprintf(fd, "app_id_gt_bufsiz = "); - - int i; - for (i = 0 ; i < BUFSIZ + 10 ; i++) { - fprintf(fd, "X"); - } - fprintf(fd, "\n\n"); - fprintf(fd, "secret_key_gt_bufsiz = "); - - for (i = 0 ; i < BUFSIZ + 10 ; i++) { - fprintf(fd, "x"); - } - fprintf(fd, "\n\n"); - - fclose(fd); - - const char* input1 = strdup("app_id_gt_bufsiz"); - const char* input2 = strdup("secret_key_gt_bufsiz"); - - char *response1; - char *response2; - - response1 = getConfig(APP_ID_LENGTH, input1, "temp.conf"); - response2 = getConfig(SECRET_KEY_LENGTH, input2, "temp.conf"); - - remove("temp.conf"); - - const char* expected1 = "XXXXXXXXXXXXXXXXXXXX"; - const char* expected2 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; - - CuAssertStrEquals(tc, expected1, response1); - CuAssertStrEquals(tc, expected2, response2); -} - - -/*-------------------------------------------------------------------------* - * CountAccountId Test - *-------------------------------------------------------------------------*/ - -void TestCountAccount(CuTest *tc) { - - const char* input1 = strdup("ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"); - const char* input2 = strdup("123xxxbrt8a782408a396197bv82a664b61eb7dd2f9b97236202e290489d9777"); - const char* input3 = strdup("023xxxbrt8a782408a396197bv82a664b61eb7dd2f9b97236202e290489d9777"); - const char* input4 = strdup("ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b9"); - - int response1 = countAccountId(input1, pAccountsFile); - int response2 = countAccountId(input2, pAccountsFile); - int response3 = countAccountId(input3, pAccountsFile); - int response4 = countAccountId(input4, pAccountsFile); - - int expected1 = 1; - int expected2 = 2; - int expected3 = 0; - int expected4 = 0; - - CuAssertTrue(tc, response1 == expected1); - CuAssertTrue(tc, response2 == expected2); - CuAssertTrue(tc, response3 == expected3); - CuAssertTrue(tc, response4 == expected4); -} - -void TestCountAccount_Bad_Length(CuTest *tc) { - - const char* input = strdup("yuihdcvbn8a782408a397236202e2904rffmjh3"); - int response = countAccountId(input, pAccountsFile); - int expected = -1; - CuAssertTrue(tc, response == expected); -} - -void TestCountAccount_Null(CuTest *tc) { - - int response = countAccountId(NULL, pAccountsFile); - int expected = -1; - CuAssertTrue(tc, response == expected); -} - -void TestCountAccount_Null_AccFile(CuTest *tc) { - - const char* input = strdup("ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"); - int response = countAccountId(input, NULL); - int expected = -1; - CuAssertTrue(tc, response == expected); -} - -void TestCountAccount_Bad_AccFile(CuTest *tc) { - - const char* input = strdup("ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"); - int response = countAccountId(input, "bad_acc_file.accounts"); - int expected = -1; - CuAssertTrue(tc, response == expected); -} - - - -/*-------------------------------------------------------------------------* - * AppendAccountId Test - *-------------------------------------------------------------------------*/ - -void TestAppendAccountId(CuTest *tc) { - - const char* input = strdup("ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"); - const char* response = appendAccountId("username", input, pAccountsFile); - - const char* response2 = getAccountId("username", pAccountsFile); - const char* expected2 = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; - - CuAssertStrEquals(tc, expected2, response2); - CuAssertTrue(tc, !response); -} - -void TestAppendAccountId_Longer(CuTest *tc) { - - const char* input = strdup("ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8t543tst45"); - const char* response = appendAccountId("username_longer", input, pAccountsFile); - - const char* response2 = getAccountId("username_longer", pAccountsFile); - const char* expected2 = NULL; - - CuAssertTrue(tc, expected2 == response2); - CuAssertTrue(tc, !response); -} - -void TestAppendAccountId_Shorter(CuTest *tc) { - - const char* input = strdup("4461eb7dd2f9b97236202e290489d98b8t543tst45"); - const char* response = appendAccountId("username_shorter", input, pAccountsFile); - - const char* response2 = getAccountId("username_shorter", pAccountsFile); - const char* expected2 = NULL; - - CuAssertTrue(tc, expected2 == response2); - CuAssertTrue(tc, !response); -} - -void TestAppendAccountId_No_Value(CuTest *tc) { - - const char* input = strdup(""); - const char* response = appendAccountId("username_no_value", input, pAccountsFile); - - const char* response2 = getAccountId("username_no_value", pAccountsFile); - const char* expected2 = NULL; - - CuAssertTrue(tc, expected2 == response2); - CuAssertTrue(tc, !response); -} - -void TestAppendAccountId_No_File(CuTest *tc) { - - const char* input = strdup("ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"); - const char* response = appendAccountId("username_no_file", input, "no_file"); - - const char* response2 = getAccountId("username", pAccountsFile); - const char* expected2 = "ddd917b408a782408a3961978a82a664461eb7dd2f9b97236202e290489d98b8"; - - remove("no_file"); - - CuAssertStrEquals(tc, expected2, response2); - CuAssertTrue(tc, !response); -} - - - -/*-------------------------------------------------------------------------* - * DeleteAccountId Test - *-------------------------------------------------------------------------*/ - -void TestDeleteAccountId(CuTest *tc) { - - const char* response = deleteAccountId("username", pAccountsFile); - - const char* response2 = getAccountId("username", pAccountsFile); - const char* expected2 = NULL; - - CuAssertTrue(tc, expected2 == response2); - CuAssertTrue(tc, !response); -} - -void TestDeleteAccountId_Longer(CuTest *tc) { - - const char* response = deleteAccountId("username_longer", pAccountsFile); - - const char* response2 = getAccountId("username_longer", pAccountsFile); - const char* expected2 = NULL; - - CuAssertTrue(tc, expected2 == response2); - CuAssertTrue(tc, !response); -} - -void TestDeleteAccountId_Shorter(CuTest *tc) { - - const char* response = deleteAccountId("username_shorter", pAccountsFile); - - const char* response2 = getAccountId("username_shorter", pAccountsFile); - const char* expected2 = NULL; - - CuAssertTrue(tc, expected2 == response2); - CuAssertTrue(tc, !response); -} - -void TestDeleteAccountId_No_Value(CuTest *tc) { - - const char* response = deleteAccountId("username_no_value", pAccountsFile); - - const char* response2 = getAccountId("username_no_value", pAccountsFile); - const char* expected2 = NULL; - - CuAssertTrue(tc, expected2 == response2); - CuAssertTrue(tc, !response); -} - -void TestDeleteAccountId_No_File(CuTest *tc) { - - const char* response = deleteAccountId("username_no_file", "no_file"); - - CuAssertTrue(tc, response); -} - - - -/*-------------------------------------------------------------------------* - * Drop_privileges Test - *-------------------------------------------------------------------------*/ - -void TestDropPrivileges(CuTest *tc) { - - const char* response1 = get_effective_user_name(); - CuAssertStrEquals(tc, "root", response1); - - const char* expected3 = get_user_name(); - - int error = drop_privileges(); - - const char* response2 = get_effective_user_name(); - const char* response3 = get_user_name(); - - - CuAssertTrue(tc, strcmp("root", response2) != 0); - CuAssertStrEquals(tc, expected3, response3); - CuAssertTrue(tc, ! error); -} - - - -/*-------------------------------------------------------------------------* - * UtilSuite Test - *-------------------------------------------------------------------------*/ - - -CuSuite* UtilGetSuite() { - CuSuite* suite = CuSuiteNew(); - - SUITE_ADD_TEST(suite, TestGetAccount); - SUITE_ADD_TEST(suite, TestGetAccount_Equals); - SUITE_ADD_TEST(suite, TestGetAccount_Longer_AccountId); - SUITE_ADD_TEST(suite, TestGetAccount_Shorter_AccountId); - SUITE_ADD_TEST(suite, TestGetAccount_No_Value); - SUITE_ADD_TEST(suite, TestGetAccount_User_not_found); - - SUITE_ADD_TEST(suite, TestGetConfig); - SUITE_ADD_TEST(suite, TestGetConfig_Bad_configFile); - SUITE_ADD_TEST(suite, TestGetConfig_Longer_Length); - SUITE_ADD_TEST(suite, TestGetConfig_Shorter_Length); - SUITE_ADD_TEST(suite, TestGetConfig_Empty); - SUITE_ADD_TEST(suite, TestGetConfig_No_Value); - SUITE_ADD_TEST(suite, TestGetConfig_Gt_Bufsiz); - - SUITE_ADD_TEST(suite, TestCountAccount); - SUITE_ADD_TEST(suite, TestCountAccount_Bad_Length); - SUITE_ADD_TEST(suite, TestCountAccount_Null); - SUITE_ADD_TEST(suite, TestCountAccount_Null_AccFile); - SUITE_ADD_TEST(suite, TestCountAccount_Bad_AccFile); - - SUITE_ADD_TEST(suite, TestAppendAccountId); - SUITE_ADD_TEST(suite, TestAppendAccountId_Longer); - SUITE_ADD_TEST(suite, TestAppendAccountId_Shorter); - SUITE_ADD_TEST(suite, TestAppendAccountId_No_Value); - SUITE_ADD_TEST(suite, TestAppendAccountId_No_File); - - SUITE_ADD_TEST(suite, TestDeleteAccountId); - SUITE_ADD_TEST(suite, TestDeleteAccountId_Longer); - SUITE_ADD_TEST(suite, TestDeleteAccountId_Shorter); - SUITE_ADD_TEST(suite, TestDeleteAccountId_No_Value); - SUITE_ADD_TEST(suite, TestDeleteAccountId_No_File); - - SUITE_ADD_TEST(suite, TestDropPrivileges); - - return suite; -} diff --git a/test/unit_test/makefile b/test/unit_test/makefile deleted file mode 100644 index e060986..0000000 --- a/test/unit_test/makefile +++ /dev/null @@ -1,23 +0,0 @@ -CFLAGS += -Wall - -CC = gcc -OBJECTS = ../../lib/util.o ../../lib/charset.o UtilTest.o CharsetTest.o CuTest.o - -test : AllTests.o $(OBJECTS) - $(CC) $(CFLAGS) -o test AllTests.o $(OBJECTS) - - -AllTests.o: CuTest.h -../../lib/util.o: ../../lib/util.h -../../lib/charset.o: ../../lib/charset.h -UtilTest.o: CuTest.h ../../lib/util.h -CharsetTest.o: CuTest.h ../../lib/charset.h -CuTest.o: CuTest.h - - -.PHONY : clean - clean : - -rm test AllTests.o $(OBJECTS) - all: - -sudo chown root:root test - -sudo chmod 4755 test diff --git a/test/unit_test/readme b/test/unit_test/readme deleted file mode 100644 index 60f1b07..0000000 --- a/test/unit_test/readme +++ /dev/null @@ -1,4 +0,0 @@ - -make -sudo make all -./test From 13b92819db5b2a72ffcb38a9fdedc0220b358d0d Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 28 Oct 2014 08:21:55 +0100 Subject: [PATCH 18/49] fix setup --- examples/setup.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/examples/setup.sh b/examples/setup.sh index b1b2c59..701f39b 100755 --- a/examples/setup.sh +++ b/examples/setup.sh @@ -18,8 +18,6 @@ function pre_install_ () function install_ () { - local SYS=$1 - # change to root directory cd .. @@ -27,7 +25,7 @@ function install_ () ./configure prefix=/usr sysconfdir=/etc && make && sudo make install # move pam_latch.so to PAM directory - echo 'Moving pam_latch.so to PAM directory...' + echo 'Moving pam_latch.so to PAM directory ...' if test -d /lib*/*/security/ ; then PAM_DIR=/lib*/*/security/ elif test -d /lib*/security/ ; then @@ -40,15 +38,15 @@ function install_ () if test -d $PAM_DIR && test -f /usr/lib/pam_latch.so ; then echo 'PAM directory: '$PAM_DIR - sudo cp /usr/lib/pam_latch.so $PAM_DIR + sudo mv /usr/lib/pam_latch.so $PAM_DIR else echo 'Move /usr/lib/pam_latch.so manually to PAM dir' exit 1 fi # change to centos directory - echo 'Setting up '$SYS'...' - cd examples/$SYS/ + echo "Setting up $1 ..." + cd examples/$1/ # configure pam services echo 'Configuring pam services...' @@ -119,7 +117,7 @@ function uninstall_ () fi # configure & uninstall - ./configure prefix=/usr sysconfdir=/etc && make clean && sudo make uninstall + ./configure prefix=/usr sysconfdir=/etc && make && sudo make uninstall && make clean # restart ssh echo 'Restarting ssh server...' From 863b0b96e41688af1adbe5594254b816fb93d119 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 28 Oct 2014 13:46:17 +0100 Subject: [PATCH 19/49] fix possible stack overflow --- pam/pam_latch.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pam/pam_latch.c b/pam/pam_latch.c index 40b6d3f..6b2db5a 100644 --- a/pam/pam_latch.c +++ b/pam/pam_latch.c @@ -39,9 +39,9 @@ #include "../lib/latch.h" #include "../lib/util.h" - #include "../lib/drop_privs.h" - +#include "../lib/drop_privs.h" +#define MAXBUFSIZE 512 /* expected hook */ @@ -77,7 +77,7 @@ char *get_response(pam_handle_t *pamh, const char *prompt, int verbose) { const struct pam_message *msgp; struct pam_response *resp; char *response; - char buffer[512]; + char buffer[MAXBUFSIZE]; retval = pam_get_item(pamh, PAM_CONV, (const void**) &conv); if (retval != PAM_SUCCESS) { @@ -91,7 +91,7 @@ char *get_response(pam_handle_t *pamh, const char *prompt, int verbose) { msg.msg_style = PAM_PROMPT_ECHO_OFF; if (prompt) { - sprintf(buffer, "%s: ", prompt); + snprintf(buffer, MAXBUFSIZE, "%s: ", prompt); } else { strcpy(buffer, "Password: "); } From 0a5d8ae453c46efb202bd4dbb6ccb1c78e158006 Mon Sep 17 00:00:00 2001 From: naviprojects Date: Wed, 29 Oct 2014 11:52:02 +0100 Subject: [PATCH 20/49] fix get operation id --- src/latch_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/latch_unix.c b/src/latch_unix.c index b3146b8..1e42c22 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -339,7 +339,7 @@ int main(int argc, char **argv) { return 1; } - if(ovalue && (pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue) == NULL)) { + if(ovalue && ((pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue)) == NULL)) { fprintf(stderr, STATUS_NOT_OP_ERROR_$OP_$CFILE_MSG, ovalue, fvalue); return 1; } From ab26284d263c46c01a8c7fd00cd5caf9c8ac49ce Mon Sep 17 00:00:00 2001 From: naviprojects Date: Wed, 29 Oct 2014 12:00:31 +0100 Subject: [PATCH 21/49] fix get operation id in ssh_command --- modules/SSH/src/latch_ssh_command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/SSH/src/latch_ssh_command.c b/modules/SSH/src/latch_ssh_command.c index 2b3bc6e..78c09ee 100644 --- a/modules/SSH/src/latch_ssh_command.c +++ b/modules/SSH/src/latch_ssh_command.c @@ -185,7 +185,7 @@ int main(int argc, char **argv) { return exec_shell(); } - if(ovalue && (pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue) == NULL)) { + if(ovalue && ((pOperationId = getConfig(OPERATION_ID_LENGTH, ovalue, fvalue)) == NULL)) { return 1; } From c53ede9eadc0297e5dbf09dcecf31e4fe03adeb8 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 29 Oct 2014 12:21:05 +0100 Subject: [PATCH 22/49] add operation status to tests --- .../informe_pruebas_latch.template | 42 +++++++++++++++---- test/internal_test/test.sh | 18 ++++++-- 2 files changed, 49 insertions(+), 11 deletions(-) diff --git a/test/internal_test/informe_pruebas_latch.template b/test/internal_test/informe_pruebas_latch.template index 315a4c0..07f0422 100644 --- a/test/internal_test/informe_pruebas_latch.template +++ b/test/internal_test/informe_pruebas_latch.template @@ -122,9 +122,10 @@ Respuesta: RESPONSE_8_ ``` -###9ª Prueba: Prueba de despareo +###9ª Prueba: Consulta de estado de bloqueo de cuenta mediante aplicación latch-UNIX pareada -1º- Se procede a desparear la cuenta +1º- Se procede a bloquear +2º- Se consulta el estado de latch ``` TEST_9_ @@ -135,9 +136,10 @@ Respuesta: RESPONSE_9_ ``` -###10ª Prueba: Prueba de despareo estando previamente despareado +###10ª Prueba: Consulta de estado de desbloqueo de cuenta mediante aplicación latch-UNIX pareada -1º- Se procede a desparear la cuenta +1º- Se procede a desbloquear +2º- Se consulta el estado de latch ``` TEST_10_ @@ -148,10 +150,9 @@ Respuesta: RESPONSE_10_ ``` -###11ª Prueba: Prueba de despareo sin conexión a Internet +###11ª Prueba: Prueba de despareo -1º- Se desconecta la red -2º- Se procede a desparear la cuenta +1º- Se procede a desparear la cuenta ``` TEST_11_ @@ -161,3 +162,30 @@ Respuesta: ``` RESPONSE_11_ ``` + +###12ª Prueba: Prueba de despareo estando previamente despareado + +1º- Se procede a desparear la cuenta + +``` +TEST_12_ +``` + +Respuesta: +``` +RESPONSE_12_ +``` + +###13ª Prueba: Prueba de despareo sin conexión a Internet + +1º- Se desconecta la red +2º- Se procede a desparear la cuenta + +``` +TEST_13_ +``` + +Respuesta: +``` +RESPONSE_13_ +``` diff --git a/test/internal_test/test.sh b/test/internal_test/test.sh index a8c5745..3a6ef7e 100755 --- a/test/internal_test/test.sh +++ b/test/internal_test/test.sh @@ -164,8 +164,16 @@ function test_ { esac elif [ "$2" == "status" ]; then - local OPERATION_NAME=app_id - local REQUEST="latch -s" + case "$3" in + "op") + local OPERATION_NAME=$4 + local REQUEST="latch -o $4" + ;; + *) + local OPERATION_NAME=app_id + local REQUEST="latch -s" + ;; + esac elif [ "$2" == "unpair" ]; then local REQUEST="latch -u" @@ -260,11 +268,13 @@ suit_test_pair () { suit_test_status () { test_ 7 status latch-on test_ 8 status latch-off + test_ 9 status op test_op latch-on + test_ 10 status opt test_op latch-off } suit_test_unpair () { - test_ 9 unpair - test_ 10 unpair + test_ 11 unpair + test_ 12 unpair } suit_test_ssh_pam () { From 725dc7b98906d3ab36d3996037df6bab261f7c55 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 29 Oct 2014 12:32:55 +0100 Subject: [PATCH 23/49] fix test --- .../informe_pruebas_latch.template | 36 ++++++++----------- test/internal_test/test.sh | 2 +- 2 files changed, 16 insertions(+), 22 deletions(-) diff --git a/test/internal_test/informe_pruebas_latch.template b/test/internal_test/informe_pruebas_latch.template index 07f0422..d438899 100644 --- a/test/internal_test/informe_pruebas_latch.template +++ b/test/internal_test/informe_pruebas_latch.template @@ -18,7 +18,7 @@ TEST_1_ ``` -Respuesta: +Response: ``` RESPONSE_1_ ``` @@ -32,7 +32,7 @@ RESPONSE_1_ TEST_2_ ``` -Respuesta: +Response: ``` RESPONSE_2_ ``` @@ -46,7 +46,7 @@ RESPONSE_2_ TEST_3_ ``` -Respuesta: +Response: ``` RESPONSE_3_ ``` @@ -60,7 +60,7 @@ RESPONSE_3_ TEST_4_ ``` -Respuesta: +Response: ``` RESPONSE_4_ ``` @@ -74,7 +74,7 @@ RESPONSE_4_ TEST_5_ ``` -Respuesta: +Response: ``` RESPONSE_5_ ``` @@ -89,7 +89,7 @@ RESPONSE_5_ TEST_6_ ``` -Respuesta: +Response: ``` RESPONSE_6_ ``` @@ -103,7 +103,7 @@ RESPONSE_6_ TEST_7_ ``` -Respuesta: +Response: ``` RESPONSE_7_ ``` @@ -117,35 +117,29 @@ RESPONSE_7_ TEST_8_ ``` -Respuesta: +Response: ``` RESPONSE_8_ ``` -###9ª Prueba: Consulta de estado de bloqueo de cuenta mediante aplicación latch-UNIX pareada - -1º- Se procede a bloquear -2º- Se consulta el estado de latch +###9th test: Check locked operation status ``` TEST_9_ ``` -Respuesta: +Response: ``` RESPONSE_9_ ``` -###10ª Prueba: Consulta de estado de desbloqueo de cuenta mediante aplicación latch-UNIX pareada - -1º- Se procede a desbloquear -2º- Se consulta el estado de latch +###10th test: Check unlocked operation status ``` TEST_10_ ``` -Respuesta: +Response: ``` RESPONSE_10_ ``` @@ -158,7 +152,7 @@ RESPONSE_10_ TEST_11_ ``` -Respuesta: +Response: ``` RESPONSE_11_ ``` @@ -171,7 +165,7 @@ RESPONSE_11_ TEST_12_ ``` -Respuesta: +Response: ``` RESPONSE_12_ ``` @@ -185,7 +179,7 @@ RESPONSE_12_ TEST_13_ ``` -Respuesta: +Response: ``` RESPONSE_13_ ``` diff --git a/test/internal_test/test.sh b/test/internal_test/test.sh index 3a6ef7e..ab71937 100755 --- a/test/internal_test/test.sh +++ b/test/internal_test/test.sh @@ -269,7 +269,7 @@ suit_test_status () { test_ 7 status latch-on test_ 8 status latch-off test_ 9 status op test_op latch-on - test_ 10 status opt test_op latch-off + test_ 10 status op test_op latch-off } suit_test_unpair () { From ceee41e6b476efed4099948431a9ebabdf2c249d Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 3 Nov 2014 13:10:49 +0100 Subject: [PATCH 24/49] add wrapped get_name funct --- lib/drop_privs.c | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/lib/drop_privs.c b/lib/drop_privs.c index 4c37582..456d6ef 100644 --- a/lib/drop_privs.c +++ b/lib/drop_privs.c @@ -80,9 +80,7 @@ int restore_privileges(void) { return 0; } - -char *get_user_name(){ - +static char *get_name(uid_t u_id) { int bufsize; if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { bufsize = 1024; @@ -90,25 +88,19 @@ char *get_user_name(){ char *buffer = malloc(bufsize); struct passwd pwd, *result = NULL; - if (getpwuid_r(getuid(), &pwd, buffer, bufsize, &result) != 0 || !result) { + if (getpwuid_r(u_id, &pwd, buffer, bufsize, &result) != 0 || !result) { return NULL; } return pwd.pw_name; } -const char *get_effective_user_name(){ - - int bufsize; - if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { - return NULL; - } - - char *buffer = malloc(bufsize); - struct passwd pwd, *result = NULL; - if (getpwuid_r(geteuid(), &pwd, buffer, bufsize, &result) != 0 || !result) { - return NULL; - } +char *get_user_name(){ + uid_t real_uid = getuid(); + return get_name(real_uid); +} - return pwd.pw_name; +const char *get_effective_user_name(){ + uid_t effective_uid = geteuid(); + return get_name(effective_uid); } From 8cabcd03156c9fe4bd9b61a8468978ff312a5df4 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Fri, 7 Nov 2014 08:08:35 +0100 Subject: [PATCH 25/49] update readme --- README.md | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index d4aeb09..33be2aa 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ yum install pam-devel libcurl-devel openssl-devel ##INSTALLING THE PLUGIN IN UNIX * Cd to the top-level directory of the plugin, and use the **"./configure && make && sudo make install"** command to install it. ``` -./configure && make && sudo make install +./configure prefix=/usr sysconfdir=/etc && make && sudo make install ``` * Edit /etc/latch/latch.conf file and add your **"Application ID"** and **"Secret"**. Add as operations as services will be protected with latch. @@ -56,7 +56,7 @@ yum install pam-devel libcurl-devel openssl-devel * Move pam_latch.so (located in $distdir/lib) into the PAM directory (where PAM modules are stored). ``` -sudo mv /usr/local/lib/pam_latch.so $PAM_DIR +sudo mv /usr/lib/pam_latch.so $PAM_DIR ``` Depending on the system, PAM directory is located in a different place: @@ -67,19 +67,11 @@ PAM_DIR=/usr/lib/pam ``` Ubuntu, Debian: ``` -PAM_DIR=/lib/*/security, /lib64/security/, /lib/security/ +PAM_DIR=/lib/*/security, /lib*/security/ ``` CentOS, Fedora, RedHat: ``` -PAM_DIR=/lib64/security/, /lib/security/ -``` - -* Latch binary located in $distdir/bin must be placed in /usr/bin, and changed permissions to 4755. -``` -sudo mv /usr/local/bin/latch /usr/bin/ -``` -``` -sudo chmod 4755 /usr/bin/latch +PAM_DIR=/lib*/security/ ``` * There are some PAM configuration examples how to protect some applications (such as sudo, sshd, su, login, etc.) in examples/ directory. Usually, your PAM module is setup by adding a line to the appropriate file in /etc/pam.d/: @@ -98,20 +90,12 @@ ChallengeResponseAuthentication yes PasswordAuthentication no ``` -* In order to protect authentication for SSH pubkeys, move latch-shell binary installed in $distdir/bin to /usr/bin/, and change permissions to 4755. -``` -sudo mv /usr/local/bin/latch-shell /usr/bin/ -``` -``` -sudo chmod 4755 /usr/bin/latch-shell -``` - -Use the command option in users’ ~/.ssh/authorized_keys: +* In order to protect authentication for SSH pubkeys, use the command option in users’ ~/.ssh/authorized_keys: ``` -command="latch-shell -o sshd-keys" ssh-rsa AAA...HP5 someone@host +command="latch-ssh-cmd -o sshd-keys" ssh-rsa AAA...HP5 someone@host ``` -Note: OTP not implemented for latch-shell. +Note: OTP not implemented for latch-ssh-cmd. * Restart ssh service. @@ -134,7 +118,7 @@ sudo service sshd restart * Open a terminal. Move to the top-level directory of the plugin. Run **"sudo make uninstall"**. ``` -./configure && sudo make uninstall +./configure prefix=/usr sysconfdir=/etc && sudo make uninstall ``` * Remove binaries. From 874100a6a86910b2452188287cc3ccb5d6405d34 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 16 Nov 2014 22:02:33 +0100 Subject: [PATCH 26/49] update sdk --- lib/latch.c | 400 ++++++++++++++++++++++++++++++++++++++++++++-------- lib/latch.h | 42 +++--- 2 files changed, 355 insertions(+), 87 deletions(-) diff --git a/lib/latch.c b/lib/latch.c index f9e992e..f7ae056 100644 --- a/lib/latch.c +++ b/lib/latch.c @@ -17,17 +17,55 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#include "latch.h" - -#define ACCOUNT_ID_MAX_LENGTH 64 -#define OPERATION_ID_MAX_LENGTH 20 -#define TOKEN_MAX_LENGTH 6 +#include +#include +#include +#include +#include + +#include +#include + +#include +#include +#include +#include + +#define AUTHORIZATION_HEADER_NAME "Authorization" +#define DATE_HEADER_NAME "X-11Paths-Date" +#define AUTHORIZATION_METHOD "11PATHS" +#define AUTHORIZATION_HEADER_FIELD_SEPARATOR " " +#define UTC_STRING_FORMAT "%Y-%m-%d %H:%M:%S" + +#define API_CHECK_STATUS_URL "/api/0.9/status" +#define API_PAIR_URL "/api/0.9/pair" +#define API_PAIR_WITH_ID_URL "/api/0.9/pairWithId" +#define API_UNPAIR_URL "/api/0.9/unpair" +#define API_LOCK_URL "/api/0.9/lock" +#define API_UNLOCK_URL "/api/0.9/unlock" +#define API_HISTORY_URL "/api/0.9/history" +#define API_OPERATION_URL "/api/0.9/operation" + +#define HTTP_METHOD_GET "GET" +#define HTTP_METHOD_POST "POST" +#define HTTP_METHOD_PUT "PUT" +#define HTTP_METHOD_DELETE "DELETE" + +#define HTTP_PARAM_LOCK_ON_REQUEST "lock_on_request" +#define HTTP_PARAM_NAME "name" +#define HTTP_PARAM_PARENTID "parentId" +#define HTTP_PARAM_TWO_FACTOR "two_factor" typedef struct curl_response_buffer { - char *buffer; - size_t size; + char *buffer; + size_t size; } curl_response_buffer; +typedef struct http_param { + char *name; + char *value; +} http_param; + /* * Function to handle stuff from HTTP response. * @@ -80,6 +118,43 @@ char* base64encode(const unsigned char *input, int length) { return buff; } +char toHex(char code) { + static char hex[] = "0123456789ABCDEF"; + return hex[code & 15]; +} + +/* + * Function to percent-encode a string + * + * Based on http://www.geekhideout.com/downloads/urlcode.c + */ +char* urlEncode(const char* str, int space2Plus) { + + char* buf = NULL; + char* pbuf = NULL; + const char* pstr = str; + + if ((str != NULL) && ((buf = malloc(strlen(str) * 3 + 1)) != NULL)) { + pbuf = buf; + while (*pstr) { + if (isalnum(*pstr) || *pstr == '-' || *pstr == '_' || *pstr == '.' || *pstr == '~') { + *pbuf++ = *pstr; + } else if (*pstr == ' ' && space2Plus) { + *pbuf++ = '+'; + } else { + *pbuf++ = '%'; + *pbuf++ = toHex(*pstr >> 4); + *pbuf++ = toHex(*pstr & 15); + } + pstr++; + } + *pbuf = '\0'; + } + + return buf; + +} + /* * Function to calculate the HMAC hash (SHA1) of a string. Returns a Base64 value of the hash * @@ -88,10 +163,10 @@ char* base64encode(const unsigned char *input, int length) { * @return HMAC in Base64 format */ char* sign_data(const char* pSecretKey, const char* pData) { - unsigned char* digest; - - digest = HMAC(EVP_sha1(), pSecretKey, strlen(pSecretKey), (unsigned char*)pData, strlen(pData), NULL, NULL); - return base64encode(digest, 20); + unsigned char* digest; + + digest = HMAC(EVP_sha1(), pSecretKey, strlen(pSecretKey), (unsigned char*) pData, strlen(pData), NULL, NULL); + return base64encode(digest, 20); } int nosignal = 0; @@ -148,7 +223,7 @@ void setTLSCRLFile(const char* pTLSCRLFile) tlsCRLFile = pTLSCRLFile; } -void authenticationHeaders(const char* pHTTPMethod, const char* pQueryString, char* pHeaders[]) { +void authenticationHeaders(const char* pHTTPMethod, const char* pQueryString, char* pHeaders[], const char *pBody) { char* authHeader, *dateHeader, *stringToSign, *b64hash; char utc[20]; @@ -160,9 +235,19 @@ void authenticationHeaders(const char* pHTTPMethod, const char* pQueryString, ch gmtime_r(&timer, &tm_info); strftime(utc, 20, UTC_STRING_FORMAT, &tm_info); - len = strlen(pHTTPMethod) + strlen(utc) + strlen(pQueryString) + 4; + if (pBody == NULL) { + len = strlen(pHTTPMethod) + strlen(utc) + strlen(pQueryString) + 4; + } else { + len = strlen(pHTTPMethod) + strlen(utc) + strlen(pQueryString) + strlen(pBody) + 5; + } + stringToSign = malloc(len); - snprintf(stringToSign, len, "%s\n%s\n\n%s", pHTTPMethod, utc, pQueryString); + + if (pBody == NULL) { + snprintf(stringToSign, len, "%s\n%s\n\n%s", pHTTPMethod, utc, pQueryString); + } else { + snprintf(stringToSign, len, "%s\n%s\n\n%s\n%s", pHTTPMethod, utc, pQueryString, pBody); + } b64hash = sign_data(SecretKey, stringToSign); @@ -186,7 +271,7 @@ void authenticationHeaders(const char* pHTTPMethod, const char* pQueryString, ch * Perform a GET request to the specified URL of the Latch API * @param pUrl- requested URL including host */ -char* http_get_proxy(const char* pUrl) { +char* http_proxy(const char* pMethod, const char* pUrl, const char* pBody) { char* headers[2]; curl_response_buffer response; @@ -196,7 +281,7 @@ char* http_get_proxy(const char* pUrl) { int i = 0; struct curl_slist* chunk = NULL; char* hostAndUrl; - + if (!pCurl) { return NULL; } @@ -205,7 +290,7 @@ char* http_get_proxy(const char* pUrl) { response.size = 0; response.buffer[response.size] = '\0'; - authenticationHeaders("GET", pUrl, headers); + authenticationHeaders(pMethod, pUrl, headers, pBody); for (i=0; i<(sizeof(headers)/sizeof(char*)); i++) { chunk = curl_slist_append(chunk, headers[i]); } @@ -224,6 +309,15 @@ char* http_get_proxy(const char* pUrl) { curl_easy_setopt(pCurl, CURLOPT_NOPROGRESS, 1); // we don't care about progress curl_easy_setopt(pCurl, CURLOPT_FAILONERROR, 1); + curl_easy_setopt(pCurl, CURLOPT_CUSTOMREQUEST, pMethod); + + if ((strncmp(pMethod, HTTP_METHOD_POST, strlen(HTTP_METHOD_POST)) == 0) || (strncmp(pMethod, HTTP_METHOD_PUT, strlen(HTTP_METHOD_PUT)) == 0)) { + curl_easy_setopt(pCurl, CURLOPT_POSTFIELDS, pBody); + if (pBody == NULL) { + curl_easy_setopt(pCurl, CURLOPT_POSTFIELDSIZE, 0); + } + } + if(Proxy != NULL){ curl_easy_setopt(pCurl, CURLOPT_PROXY, Proxy); } @@ -280,106 +374,290 @@ char* http_get_proxy(const char* pUrl) { } +char* build_string(int argc, char** argv) { -char* pairWithId(const char* pAccountId) { + int i = 0; + int len = 1; + char *rv = NULL; - char *response = NULL; - char *url = NULL; + for (i = 0; i < argc; i++) { + if (argv[i] != NULL) { + len += strlen(argv[i]); + } + } - if ((url = malloc((strlen(API_PAIR_WITH_ID_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1)*sizeof(char))) == NULL) { - return NULL; + if ((rv = (char *) malloc(len)) != NULL) { + *rv = '\0'; + for (i = 0; i < argc; i++) { + if (argv[i] != NULL) { + strncat(rv, argv[i], strlen(argv[i])); + } + } } - snprintf(url, strlen(API_PAIR_WITH_ID_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1, "%s/%s", API_PAIR_WITH_ID_URL, pAccountId); + return rv; - response = http_get_proxy(url); +} - free(url); +char* build_url(int argc, ...) { + + int i = 0; + char *tokens[2 * argc - 1]; + char *response = NULL; + va_list args; + + va_start(args, argc); + for (i = 0; i < 2 * argc - 1; i = i + 2) { + if (i == 0) { + tokens[i] = va_arg(args, char*); + } else { + tokens[i] = urlEncode(va_arg(args, char*), 0); + } + if (i < 2 * argc - 1) { + if (tokens[i] == NULL) { + tokens[i + 1] = NULL; + } else { + tokens[i + 1] = "/"; + } + } + } + va_end(args); + + response = build_string(2 * argc - 1, tokens); + + for (i = 0; i < 2 * argc - 1; i = i + 2) { + if (i != 0) { + free(tokens[i]); + } + } return response; } -char* pair(const char* pToken) { +char* build_url_v(int argc, va_list args) { + int i = 0; + char *tokens[2 * argc - 1]; char *response = NULL; - char *url = NULL; - if ((url = malloc((strlen(API_PAIR_URL) + 1 + strnlen(pToken, TOKEN_MAX_LENGTH) + 1)*sizeof(char))) == NULL) { - return NULL; + for (i = 0; i < 2 * argc - 1; i = i + 2) { + if (i == 0) { + tokens[i] = va_arg(args, char*); + } else { + tokens[i] = urlEncode(va_arg(args, char*), 0); + } + if (i < 2 * argc - 1) { + if (tokens[i] == NULL) { + tokens[i + 1] = NULL; + } else { + tokens[i + 1] = "/"; + } + } } - snprintf(url, strlen(API_PAIR_URL) + 1 + strnlen(pToken, TOKEN_MAX_LENGTH) + 1, "%s/%s", API_PAIR_URL, pToken); - - response = http_get_proxy(url); + response = build_string(2 * argc - 1, tokens); - free(url); + for (i = 0; i < 2 * argc - 1; i = i + 2) { + if (i != 0) { + free(tokens[i]); + } + } return response; } -char* status(const char* pAccountId) { +char* build_querystring(int argc, http_param* params) { + + int i = 0; + int j = 0; + char *rv = NULL; + char *tokens[4 * argc]; + + for (i = 0, j = 0; i < 4 * argc; i = i + 4, j++) { + if (params[j].name != NULL && params[j].value != NULL) { + tokens[i] = params[j].name; + tokens[i + 1] = "="; + tokens[i + 2] = params[j].value; + tokens[i + 3] = "&"; + } else { + tokens[i] = NULL; + tokens[i + 1] = NULL; + tokens[i + 2] = NULL; + tokens[i + 3] = NULL; + } + } + + rv = build_string(4 * argc, tokens); + rv[strlen(rv) - 1] = '\0'; + + return rv; + +} +char* operation(const char* pMethod, int nParams, http_param* params, int nUrlTokens, ...) { + + int i = 0; + int valid = 1; char *response = NULL; char *url = NULL; - - if ((url = malloc((strlen(API_CHECK_STATUS_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1)*sizeof(char))) == NULL) { - return NULL; + char *body = NULL; + va_list args; + + va_start(args, nUrlTokens); + for (i = 0; i < nUrlTokens; i++) { + if (va_arg(args, char*) == NULL) { + valid = 0; + } } + va_end(args); + + va_start(args, nUrlTokens); + + if (valid && ((url = build_url_v(nUrlTokens, args)) != NULL)) { + + if (nParams > 0) { + body = build_querystring(nParams, params); + } - snprintf(url, strlen(API_CHECK_STATUS_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1, "%s/%s", API_CHECK_STATUS_URL, pAccountId); + response = http_proxy(pMethod, url, body); - response = http_get_proxy(url); + free(url); + free(body); - free(url); + } + + va_end(args); return response; } +char* pairWithId(const char* pAccountId) { + return operation(HTTP_METHOD_GET, 0, NULL, 2, API_PAIR_WITH_ID_URL, pAccountId); +} + +char* pair(const char* pToken) { + return operation(HTTP_METHOD_GET, 0, NULL, 2, API_PAIR_URL, pToken); +} + +char* status(const char* pAccountId) { + return operation(HTTP_METHOD_GET, 0, NULL, 2, API_CHECK_STATUS_URL, pAccountId); +} + char* operationStatus(const char* pAccountId, const char* pOperationId) { + return operation(HTTP_METHOD_GET, 0, NULL, 4, API_CHECK_STATUS_URL, pAccountId, "op", pOperationId); +} - char *response = NULL; - char *urlA = NULL; - char *urlB = NULL; +char* unpair(const char* pAccountId) { + return operation(HTTP_METHOD_GET, 0, NULL, 2, API_UNPAIR_URL, pAccountId); +} - if ((urlA = malloc((strlen(API_CHECK_STATUS_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1)*sizeof(char))) == NULL) { - return NULL; +char* lock(const char* pAccountId) { + return operation(HTTP_METHOD_POST, 0, NULL, 2, API_LOCK_URL, pAccountId); +} + +char* operationLock(const char* pAccountId, const char* pOperationId) { + return operation(HTTP_METHOD_POST, 0, NULL, 4, API_LOCK_URL, pAccountId, "op", pOperationId); +} + +char* unlock(const char* pAccountId) { + return operation(HTTP_METHOD_POST, 0, NULL, 2, API_UNLOCK_URL, pAccountId); +} + +char* operationUnlock(const char* pAccountId, const char* pOperationId) { + return operation(HTTP_METHOD_POST, 0, NULL, 4, API_UNLOCK_URL, pAccountId, "op", pOperationId); +} + +char* history(const char* pAccountId) { + return operation(HTTP_METHOD_GET, 0, NULL, 2, API_HISTORY_URL, pAccountId); +} + +char* timePeriodHistory(const char* pAccountId, time_t from, time_t to) { + + char sFrom[14]; + char sTo[14]; + + if (from == 0) { + snprintf(sFrom, 14, "%lld", (long long)from); + } else { + snprintf(sFrom, 14, "%lld000", (long long)from); } - if ((urlB = malloc((strlen(API_CHECK_STATUS_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 4 + strnlen(pOperationId, OPERATION_ID_MAX_LENGTH) + 1)*sizeof(char))) == NULL) { - free(urlA); - return NULL; + if (to == 0) { + snprintf(sTo, 14, "%lld", (long long)to); + } else { + snprintf(sTo, 14, "%lld000", (long long)to); } - snprintf(urlA, strlen(API_CHECK_STATUS_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1, "%s/%s", API_CHECK_STATUS_URL, pAccountId); - snprintf(urlB, strlen(urlA) + 4 + strnlen(pOperationId, OPERATION_ID_MAX_LENGTH) + 1, "%s/op/%s", urlA, pOperationId); + return operation(HTTP_METHOD_GET, 0, NULL, 4, API_HISTORY_URL, pAccountId, sFrom, sTo); - response = http_get_proxy(urlB); +} + +char* operationCreate(const char* pParentId, const char* pName, const char* pTwoFactor, const char* pLockOnRequest) { - free(urlA); - free(urlB); + char *response = NULL; + http_param params[4]; + + if (pParentId != NULL && pName != NULL) { + + params[0].name = HTTP_PARAM_LOCK_ON_REQUEST; + params[0].value = pLockOnRequest == NULL ? NULL : urlEncode(pLockOnRequest, 1); + params[1].name = HTTP_PARAM_NAME; + params[1].value = urlEncode(pName, 1); + params[2].name = HTTP_PARAM_PARENTID; + params[2].value = urlEncode(pParentId, 1); + params[3].name = HTTP_PARAM_TWO_FACTOR; + params[3].value = pTwoFactor == NULL ? NULL : urlEncode(pTwoFactor, 1); + + response = operation(HTTP_METHOD_PUT, 4, params, 1, API_OPERATION_URL); + + free(params[0].value); + free(params[1].value); + free(params[2].value); + free(params[3].value); + + } return response; } -char* unpair(const char* pAccountId) { +char* operationUpdate(const char* pOperationId, const char* pName, const char* pTwoFactor, const char* pLockOnRequest) { char *response = NULL; - char *url = NULL; + http_param params[3]; - if ((url = malloc((strlen(API_UNPAIR_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1)*sizeof(char))) == NULL) { - return NULL; - } + if (pOperationId != NULL && (pName != NULL || pTwoFactor != NULL || pLockOnRequest != NULL)) { + + params[0].name = HTTP_PARAM_LOCK_ON_REQUEST; + params[0].value = pLockOnRequest == NULL ? NULL : urlEncode(pLockOnRequest, 1); + params[1].name = HTTP_PARAM_NAME; + params[1].value = pName == NULL ? NULL : urlEncode(pName, 1); + params[2].name = HTTP_PARAM_TWO_FACTOR; + params[2].value = pTwoFactor == NULL ? NULL : urlEncode(pTwoFactor, 1); - snprintf(url, strlen(API_UNPAIR_URL) + 1 + strnlen(pAccountId, ACCOUNT_ID_MAX_LENGTH) + 1, "%s/%s", API_UNPAIR_URL, pAccountId); + response = operation(HTTP_METHOD_POST, 3, params, 2, API_OPERATION_URL, pOperationId); - response = http_get_proxy(url); + free(params[0].value); + free(params[1].value); + free(params[2].value); - free(url); + } return response; } + +char* operationRemove(const char* pOperationId) { + return operation(HTTP_METHOD_DELETE, 0, NULL, 2, API_OPERATION_URL, pOperationId); +} + +char* operationGet(const char* pOperationId) { + return operation(HTTP_METHOD_GET, 0, NULL, 2, API_OPERATION_URL, pOperationId); +} + +char* operationsGet() { + return operation(HTTP_METHOD_GET, 0, NULL, 1, API_OPERATION_URL); +} diff --git a/lib/latch.h b/lib/latch.h index 48fda05..e1f8436 100644 --- a/lib/latch.h +++ b/lib/latch.h @@ -17,32 +17,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - -#include -#include -#include - -// libcurl -#include -#include - -// openssl -#include -#include -#include -#include - -#define AUTHORIZATION_HEADER_NAME "Authorization" -#define DATE_HEADER_NAME "X-11Paths-Date" -#define AUTHORIZATION_METHOD "11PATHS" -#define AUTHORIZATION_HEADER_FIELD_SEPARATOR " " -#define UTC_STRING_FORMAT "%Y-%m-%d %H:%M:%S" -#define LATCH_BUFFER_SIZE (256 * 1024) /* 256kB */ - -#define API_CHECK_STATUS_URL "/api/0.6/status" -#define API_PAIR_URL "/api/0.6/pair" -#define API_PAIR_WITH_ID_URL "/api/0.6/pairWithId" -#define API_UNPAIR_URL "/api/0.6/unpair" +#ifndef __LATCH_H__ +#define __LATCH_H__ void init(const char*, const char*); void setHost(const char*); @@ -52,8 +28,22 @@ void setNoSignal(const int); void setTLSCAFile(const char*); void setTLSCAPath(const char*); void setTLSCRLFile(const char*); + char* pairWithId(const char*); char* pair(const char*); char* status(const char*); char* operationStatus(const char*, const char*); char* unpair(const char*); +char* lock(const char*); +char* operationLock(const char*, const char*); +char* unlock(const char*); +char* operationUnlock(const char*, const char*); +char* history(const char*); +char* timePeriodHistory(const char*, time_t, time_t); +char* operationCreate(const char*, const char*, const char*, const char*); +char* operationUpdate(const char*, const char*, const char*, const char*); +char* operationRemove(const char*); +char* operationGet(const char*); +char* operationsGet(); + +#endif /* __LATCH_H__ */ From cb7c997962299da713a2972e69074752aed66d6c Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 16 Nov 2014 22:04:32 +0100 Subject: [PATCH 27/49] catch 201 error using status op call --- src/latch_unix.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/latch_unix.c b/src/latch_unix.c index 1e42c22..505256b 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -182,7 +182,7 @@ static int latch_operation_status(const char *username, const char *pAccountId, fprintf(stdout, CHECK_STATUS_$USER_MSG, username); buffer = operationStatus(pAccountId, pOperationId); - + if(buffer == NULL || strcmp(buffer,"") == 0) { fprintf(stderr, "%s\n", CONNECTION_SERVER_ERROR_MSG); free(buffer); @@ -199,6 +199,9 @@ static int latch_operation_status(const char *username, const char *pAccountId, } else if (strstr(buffer, "\"error\":{\"code\":109") != NULL) { fprintf(stderr, "%s\n", LATCH_ERROR_109_MSG); res = 1; + } else if (strstr(buffer, "\"error\":{\"code\":201") != NULL) { + fprintf(stderr, LATCH_ERROR_201_$USER_MSG, username); + res = 1; } else if (strstr(buffer, "\"error\":{\"code\":301") != NULL) { fprintf(stderr, LATCH_ERROR_301_$USER_MSG, username); res = 1; From 077b6eb5635c2b5e7b8d5adf3762bfd9b4a941bc Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 16 Nov 2014 22:07:03 +0100 Subject: [PATCH 28/49] rm old tests --- test/black-box_test/certs/id_rsa_testlatch | 27 -- .../black-box_test/certs/id_rsa_testlatch.pub | 27 -- .../informe_pruebas_latch.template | 163 ------- .../informe_pruebas_ssh.template | 138 ------ test/black-box_test/python/latch.py | 351 --------------- test/black-box_test/python/pairwithid.py | 118 ----- test/black-box_test/readme | 20 - test/black-box_test/test.sh | 422 ------------------ test/installation_test/check_configure.sh | 93 ---- test/internal_test/certs/id_rsa_testlatch | 27 -- test/internal_test/certs/id_rsa_testlatch.pub | 27 -- .../informe_pruebas_latch.template | 185 -------- .../informe_pruebas_ssh.template | 138 ------ test/internal_test/readme | 21 - test/internal_test/sshd.exp | 35 -- test/internal_test/test.sh | 375 ---------------- test/white-box_test/latch/all_no_sudo_test.sh | 7 - test/white-box_test/latch/all_test.sh | 60 --- test/white-box_test/latch/responses.sh | 42 -- .../latch/test_accounts_access_error.sh | 15 - .../latch/test_config_access_error.sh | 15 - .../latch/test_generating_token.sh | 81 ---- .../test_op_status_invalid_account_id.sh | 26 -- .../test_op_status_invalid_app_and_secret.sh | 34 -- .../test_op_status_invalid_operation_id.sh | 34 -- .../latch/test_op_status_not_operation.sh | 26 -- .../latch/test_op_status_not_paired.sh | 16 - .../latch/test_op_status_without_acc_file.sh | 21 - .../latch/test_pair_bad_char_token.sh | 15 - .../latch/test_pair_bad_length_token.sh | 15 - .../latch/test_pair_invalid_app_and_secret.sh | 25 -- .../latch/test_pair_invalid_token.sh | 15 - .../latch/test_status_invalid_account_id.sh | 26 -- .../test_status_invalid_app_and_secret.sh | 34 -- .../latch/test_status_not_paired.sh | 16 - .../latch/test_status_without_acc_file.sh | 21 - .../latch/test_unpair_not_paired.sh | 16 - ...unpair_succ_with_other_same_acc_id_user.sh | 26 -- .../latch/test_unpair_success.sh | 24 - .../latch/test_unpair_without_acc_file.sh | 21 - .../latch/test_without_network.sh | 67 --- test/white-box_test/readme | 10 - 42 files changed, 2875 deletions(-) delete mode 100644 test/black-box_test/certs/id_rsa_testlatch delete mode 100644 test/black-box_test/certs/id_rsa_testlatch.pub delete mode 100644 test/black-box_test/informe_pruebas_latch.template delete mode 100644 test/black-box_test/informe_pruebas_ssh.template delete mode 100644 test/black-box_test/python/latch.py delete mode 100644 test/black-box_test/python/pairwithid.py delete mode 100644 test/black-box_test/readme delete mode 100755 test/black-box_test/test.sh delete mode 100755 test/installation_test/check_configure.sh delete mode 100644 test/internal_test/certs/id_rsa_testlatch delete mode 100644 test/internal_test/certs/id_rsa_testlatch.pub delete mode 100644 test/internal_test/informe_pruebas_latch.template delete mode 100644 test/internal_test/informe_pruebas_ssh.template delete mode 100644 test/internal_test/readme delete mode 100755 test/internal_test/sshd.exp delete mode 100755 test/internal_test/test.sh delete mode 100755 test/white-box_test/latch/all_no_sudo_test.sh delete mode 100755 test/white-box_test/latch/all_test.sh delete mode 100755 test/white-box_test/latch/responses.sh delete mode 100755 test/white-box_test/latch/test_accounts_access_error.sh delete mode 100755 test/white-box_test/latch/test_config_access_error.sh delete mode 100755 test/white-box_test/latch/test_generating_token.sh delete mode 100755 test/white-box_test/latch/test_op_status_invalid_account_id.sh delete mode 100755 test/white-box_test/latch/test_op_status_invalid_app_and_secret.sh delete mode 100755 test/white-box_test/latch/test_op_status_invalid_operation_id.sh delete mode 100755 test/white-box_test/latch/test_op_status_not_operation.sh delete mode 100755 test/white-box_test/latch/test_op_status_not_paired.sh delete mode 100755 test/white-box_test/latch/test_op_status_without_acc_file.sh delete mode 100755 test/white-box_test/latch/test_pair_bad_char_token.sh delete mode 100755 test/white-box_test/latch/test_pair_bad_length_token.sh delete mode 100755 test/white-box_test/latch/test_pair_invalid_app_and_secret.sh delete mode 100755 test/white-box_test/latch/test_pair_invalid_token.sh delete mode 100755 test/white-box_test/latch/test_status_invalid_account_id.sh delete mode 100755 test/white-box_test/latch/test_status_invalid_app_and_secret.sh delete mode 100755 test/white-box_test/latch/test_status_not_paired.sh delete mode 100755 test/white-box_test/latch/test_status_without_acc_file.sh delete mode 100755 test/white-box_test/latch/test_unpair_not_paired.sh delete mode 100755 test/white-box_test/latch/test_unpair_succ_with_other_same_acc_id_user.sh delete mode 100755 test/white-box_test/latch/test_unpair_success.sh delete mode 100755 test/white-box_test/latch/test_unpair_without_acc_file.sh delete mode 100755 test/white-box_test/latch/test_without_network.sh delete mode 100644 test/white-box_test/readme diff --git a/test/black-box_test/certs/id_rsa_testlatch b/test/black-box_test/certs/id_rsa_testlatch deleted file mode 100644 index 473a2c4..0000000 --- a/test/black-box_test/certs/id_rsa_testlatch +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAx7BJy/xp7QSUH9QNZM49cNleeQkgk/VKwrkL3m0IDyCMX/6r -PKopxN81ZaLdzFaTCwhxrIji/1w71kk12fvdopPiY69vC5CdUvmuX6OTkKdc9MB5 -U9aftaSdyvqCxT+S12GIff+TuEGvAFJgZkX+xGK3weiinTlj6FpsZ7IN0Lm0XAqL -zhRfplQwYz1U6V+78cdsxoM/3ij3c/gGv9imlkLn+iHsCQGx7KjOxj1XpeIPtz+a -3BFULWPC4UvsdgI7gmN71PdILc8K3qgPPbeH2z3hIWCKPPSK9DJVMzlhs8FFsCuM -YE6Dm3ohc+G/ckOSQaqftImJLWyXpUfK9TFJyQIDAQABAoIBAQC7iY+1GMiuhYdL -YQ53Js5DJpH4IB9NdagRulIwQbu44TuUiAtvvOvfbjWqz0t4tbIBQZvoiuKNKqUz -uavungFnx3VtY3xpoxZtr/oY7foPd27wmbcYis+RexmKYLzh3LPevUW/94BXIrDl -H3hTdNcwvvmPDhlyiUyQEiQPOwSIicOwsx27Qbpra5nF88X2pwzoW2B4ZKEKu88I -G0T+eucEJFVOeRvruTNaSHzieIEoYDGeEfX6ccDKxWhvDU3lg0AwY9piFcYSfZAn -mxLJnxgZCwmtgY0pTjGHTJreToAwbU0k0wbg8ZCGHmHFxMP3HB3EbsIK1et6Q9iZ -qMAL+ScFAoGBAP/RC0slSeG3DGYVSKmKFHX3ypWMUpR+/9yKhFjl2iLC/zx9hUGH -1C8yy2DG6lNG3NJ0gIsj6YFNwBtI6KQ5WT/5B/1e2pFwQqPGtErV6SDlYOaU4EA2 -bUop27EdS3mtP5zIFwR1YdFqj4V+komqmw4E8oyD13+tVC6SaCLqkssfAoGBAMfU -8RNwIZnq8kU0e2OcO1DkmGLmu8zJMrSrLYHhbnKX1+JcbgntfDELPwoFTtFXZBAR -p/CRmq+FiSnO5GhQa5WbO90RnFMEKHTdQFE4LcJaE5ZP2GR//ZPDEDPlxpUW6sAJ -LMjz0ciU861KE97hZDWGSDzxXcXWGHkwWVzQR7YXAoGAD5QUYvwfVq6GA8VyClkN -S+3OGXNVKBPf0vdgfeVpdkp3rqBaOBZkdodaWUdjx7R+CBbuKQsD0ksA0uiKuk1/ -wOSSdvyKxOaYOE8GdbQ3ITi2wPP6AA8Qcr6/0TZefUduo0aQGEZpsY4StWdy1w1b -qevlNWdl/TF5+egSjWXJkLMCgYASbdT90e2HYF+PelOW0CW4RBy5okXXkQaYGuFL -hRrGfrJuMdAEIl69tyfNKMgoDkMwKDCwwvzdCxenP2lZJXGGjpZqwOEF1vBUNsNj -uiaeMeh0iFCQlC0yn16zKpGx1jc4FqCGt9W1BeejJ53FhEvVk9i9phTb1e7T3l2f -baXvaQKBgQC3BbsZRUn4QZzyf6GRzQwyXXCf0yv4KtnP3BWmTSz3Lt1jNkF38j2t -XtkACtYzS9ZxSqY7zlo6LSTn97Wj1Bm7bAmoaxm9S8kI6x0VkyFOuLp4ayeKLXfE -RSjtDs1nyx8Av2JODnxdXv052xproROsAG6TAC3ygOzyY1okh5A8gw== ------END RSA PRIVATE KEY----- diff --git a/test/black-box_test/certs/id_rsa_testlatch.pub b/test/black-box_test/certs/id_rsa_testlatch.pub deleted file mode 100644 index 473a2c4..0000000 --- a/test/black-box_test/certs/id_rsa_testlatch.pub +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAx7BJy/xp7QSUH9QNZM49cNleeQkgk/VKwrkL3m0IDyCMX/6r -PKopxN81ZaLdzFaTCwhxrIji/1w71kk12fvdopPiY69vC5CdUvmuX6OTkKdc9MB5 -U9aftaSdyvqCxT+S12GIff+TuEGvAFJgZkX+xGK3weiinTlj6FpsZ7IN0Lm0XAqL -zhRfplQwYz1U6V+78cdsxoM/3ij3c/gGv9imlkLn+iHsCQGx7KjOxj1XpeIPtz+a -3BFULWPC4UvsdgI7gmN71PdILc8K3qgPPbeH2z3hIWCKPPSK9DJVMzlhs8FFsCuM -YE6Dm3ohc+G/ckOSQaqftImJLWyXpUfK9TFJyQIDAQABAoIBAQC7iY+1GMiuhYdL -YQ53Js5DJpH4IB9NdagRulIwQbu44TuUiAtvvOvfbjWqz0t4tbIBQZvoiuKNKqUz -uavungFnx3VtY3xpoxZtr/oY7foPd27wmbcYis+RexmKYLzh3LPevUW/94BXIrDl -H3hTdNcwvvmPDhlyiUyQEiQPOwSIicOwsx27Qbpra5nF88X2pwzoW2B4ZKEKu88I -G0T+eucEJFVOeRvruTNaSHzieIEoYDGeEfX6ccDKxWhvDU3lg0AwY9piFcYSfZAn -mxLJnxgZCwmtgY0pTjGHTJreToAwbU0k0wbg8ZCGHmHFxMP3HB3EbsIK1et6Q9iZ -qMAL+ScFAoGBAP/RC0slSeG3DGYVSKmKFHX3ypWMUpR+/9yKhFjl2iLC/zx9hUGH -1C8yy2DG6lNG3NJ0gIsj6YFNwBtI6KQ5WT/5B/1e2pFwQqPGtErV6SDlYOaU4EA2 -bUop27EdS3mtP5zIFwR1YdFqj4V+komqmw4E8oyD13+tVC6SaCLqkssfAoGBAMfU -8RNwIZnq8kU0e2OcO1DkmGLmu8zJMrSrLYHhbnKX1+JcbgntfDELPwoFTtFXZBAR -p/CRmq+FiSnO5GhQa5WbO90RnFMEKHTdQFE4LcJaE5ZP2GR//ZPDEDPlxpUW6sAJ -LMjz0ciU861KE97hZDWGSDzxXcXWGHkwWVzQR7YXAoGAD5QUYvwfVq6GA8VyClkN -S+3OGXNVKBPf0vdgfeVpdkp3rqBaOBZkdodaWUdjx7R+CBbuKQsD0ksA0uiKuk1/ -wOSSdvyKxOaYOE8GdbQ3ITi2wPP6AA8Qcr6/0TZefUduo0aQGEZpsY4StWdy1w1b -qevlNWdl/TF5+egSjWXJkLMCgYASbdT90e2HYF+PelOW0CW4RBy5okXXkQaYGuFL -hRrGfrJuMdAEIl69tyfNKMgoDkMwKDCwwvzdCxenP2lZJXGGjpZqwOEF1vBUNsNj -uiaeMeh0iFCQlC0yn16zKpGx1jc4FqCGt9W1BeejJ53FhEvVk9i9phTb1e7T3l2f -baXvaQKBgQC3BbsZRUn4QZzyf6GRzQwyXXCf0yv4KtnP3BWmTSz3Lt1jNkF38j2t -XtkACtYzS9ZxSqY7zlo6LSTn97Wj1Bm7bAmoaxm9S8kI6x0VkyFOuLp4ayeKLXfE -RSjtDs1nyx8Av2JODnxdXv052xproROsAG6TAC3ygOzyY1okh5A8gw== ------END RSA PRIVATE KEY----- diff --git a/test/black-box_test/informe_pruebas_latch.template b/test/black-box_test/informe_pruebas_latch.template deleted file mode 100644 index 315a4c0..0000000 --- a/test/black-box_test/informe_pruebas_latch.template +++ /dev/null @@ -1,163 +0,0 @@ -#Pruebas funcionales sobre plugin -*Generado automáticamente* - -**Prueba:** TEST_NAME -**Herramienta:** latch -**Entorno:** LATCH_ENVIRONMENT -**Versión:** LATCH_VERSION -**Sistema:** SYSTEM -**Fecha:** DATE - - -###1ª Prueba: Intento de pareo con configuración errónea de los valores Secret_key o Application_ID - -1º- Se establece una configuración errónea -2º- Se procede a intentar parear la aplicación - -``` -TEST_1_ -``` - -Respuesta: -``` -RESPONSE_1_ -``` - -###2ª Prueba: Intento de pareo con introducción del token de pareo erróneo - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_2_ -``` - -Respuesta: -``` -RESPONSE_2_ -``` - -###3ª Prueba: Intento de pareo con token en blanco (sin introducir nada) - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_3_ -``` - -Respuesta: -``` -RESPONSE_3_ -``` - -###4ª Prueba: Intento de pareo con token correcto - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_4_ -``` - -Respuesta: -``` -RESPONSE_4_ -``` - -###5ª Prueba: Intento de pareo estando previamente pareado - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_5_ -``` - -Respuesta: -``` -RESPONSE_5_ -``` - -###6ª Prueba: Intento de pareo con token correcto y la máquina sin conexión a Internet - -1º- Se desconecta la red -2º- Se establece una configuración correcta -3º- Se procede a intentar parear la aplicación - -``` -TEST_6_ -``` - -Respuesta: -``` -RESPONSE_6_ -``` - -###7ª Prueba: Consulta de estado de bloqueo de cuenta mediante aplicación latch-UNIX pareada - -1º- Se procede a bloquear -2º- Se consulta el estado de latch - -``` -TEST_7_ -``` - -Respuesta: -``` -RESPONSE_7_ -``` - -###8ª Prueba: Consulta de estado de desbloqueo de cuenta mediante aplicación latch-UNIX pareada - -1º- Se procede a desbloquear -2º- Se consulta el estado de latch - -``` -TEST_8_ -``` - -Respuesta: -``` -RESPONSE_8_ -``` - -###9ª Prueba: Prueba de despareo - -1º- Se procede a desparear la cuenta - -``` -TEST_9_ -``` - -Respuesta: -``` -RESPONSE_9_ -``` - -###10ª Prueba: Prueba de despareo estando previamente despareado - -1º- Se procede a desparear la cuenta - -``` -TEST_10_ -``` - -Respuesta: -``` -RESPONSE_10_ -``` - -###11ª Prueba: Prueba de despareo sin conexión a Internet - -1º- Se desconecta la red -2º- Se procede a desparear la cuenta - -``` -TEST_11_ -``` - -Respuesta: -``` -RESPONSE_11_ -``` diff --git a/test/black-box_test/informe_pruebas_ssh.template b/test/black-box_test/informe_pruebas_ssh.template deleted file mode 100644 index dd34968..0000000 --- a/test/black-box_test/informe_pruebas_ssh.template +++ /dev/null @@ -1,138 +0,0 @@ -#Pruebas funcionales sobre plugin -*Generado automáticamente* - -**Prueba:** TEST_NAME -**Herramienta:** latch-ssh -**Entorno:** LATCH_ENVIRONMENT -**Versión:** LATCH_VERSION -**Sistema:** SYSTEM -**Fecha:** DATE - - - -###1ª Prueba: Bloqueo de cuenta SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a bloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_1_ -``` - -###2ª Prueba: Intento inicio de sesión con la cuenta bloqueada y la información del AppID y Secret Key han sido cambiados por el Administrador - -1º- Se establece una configuración errónea -2º- Se procede a activar el bloqueo de la cuenta en la aplicación del smartphone -3º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_2_ -``` - -###3ª Prueba: Desbloqueo de cuenta SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a desbloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_3_ -``` - -###4ª Prueba: Intento de inicio de sesión con una contraseña incorrecta, con el One Time Password activado - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce una contraseña incorrecta - -Interacción automatizada: -``` -RESPONSE_4_ -``` - -###5ª Prueba: Uso del One Time Password con cuenta desbloqueada - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce un OTP correcto - -Interacción automatizada: -``` -RESPONSE_5_ -``` - -###6ª Prueba: Uso del One Time Password en blanco con cuenta desbloqueada - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce un OTP en blanco - -Interacción automatizada: -``` -RESPONSE_6_ -``` - -###7ª Prueba: Uso del One Time Password erróneo con cuenta desbloqueada - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce un OTP erróneo - -Interacción automatizada: -``` -RESPONSE_7_ -``` - -###8ª Prueba: Bloqueo de clave SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a bloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -``` -TEST_8_ -``` - -Respuesta: -``` -RESPONSE_8_ -``` - -###9ª Prueba: Desbloqueo de clave SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a desbloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -``` -TEST_9_ -``` - -Respuesta: -``` -RESPONSE_9_ -``` - -###10ª Prueba: Bloqueo de cuenta SSH mediante aplicación latch-UNIX pareada y la máquina sin conexión a Internet, definiendo la opción por defecto como "open" - -1º- Se desconecta la red -2º- Se establece una configuración abierta por defecto -3º- Se procede a bloquear -4º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_10_ -``` - -###11ª Prueba: Desbloqueo de cuenta SSH mediante aplicación latch-UNIX pareada y la máquina sin conexión a Internet, definiendo la opción por defecto como "close" - -1º- Se desconecta la red -2º- Se establece una configuración cerrada por defecto -3º- Se procede a desbloquear -4º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_11_ -``` diff --git a/test/black-box_test/python/latch.py b/test/black-box_test/python/latch.py deleted file mode 100644 index fef8aef..0000000 --- a/test/black-box_test/python/latch.py +++ /dev/null @@ -1,351 +0,0 @@ -''' - This library offers an API to use Latch in a python environment. - Copyright (C) 2013 Eleven Paths - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -''' - - -import json -import logging - -class Error(object): - - def __init__(self, json_data): - ''' - Constructor - ''' - - self.code = json_data['code'] - self.message = json_data['message'] - - - def get_code(self): - return self.code - - def get_message(self): - return self.message - - def to_json(self): - return {"code" : self.code, "message" : self.message} - - def __repr__(self): - return json.dumps(self.to_json()) - - def __str__(self): - return self.__repr__() - - - -class LatchResponse(object): - ''' - This class models a response from any of the endpoints in the Latch API. - It consists of a "data" and an "error" elements. Although normally only one of them will be - present, they are not mutually exclusive, since errors can be non fatal, and therefore a response - could have valid information in the data field and at the same time inform of an error. - ''' - - def __init__(self, json_string): - ''' - @param $json a json string received from one of the methods of the Latch API - ''' - json_object = json.loads(json_string) - if "data" in json_object: - self.data = json_object["data"] - else: - self.data = "" - - if "error" in json_object: - self.error = Error(json_object["error"]) - else: - self.error = "" - - def get_data(self): - ''' - @return JsonObject the data part of the API response - ''' - return self.data - - - def set_data(self, data): - ''' - @param $data the data to include in the API response - ''' - self.data = json.loads(data) - - - def get_error(self): - ''' - @return Error the error part of the API response, consisting of an error code and an error message - ''' - return self.error - - - def set_error(self, error): - ''' - @param $error an error to include in the API response - ''' - self.error = Error(error) - - - def to_json(self): - ''' - @return a Json object with the data and error parts set if they exist - ''' - json_response = {} - - if hasattr(self, "data"): - json_response["data"] = self.data - - if hasattr(self, "error"): - json_response["error"] = self.error - - return json_response; - - -class Latch(object): - - API_HOST = "latch.elevenpaths.com"; - API_PORT = 443; - API_HTTPS = True - API_PROXY = None; - API_PROXY_PORT = None; - API_CHECK_STATUS_URL = "/api/0.6/status"; - API_PAIR_URL = "/api/0.6/pair"; - API_PAIR_WITH_ID_URL = "/api/0.6/pairWithId"; - API_UNPAIR_URL = "/api/0.6/unpair"; - - - AUTHORIZATION_HEADER_NAME = "Authorization"; - DATE_HEADER_NAME = "X-11Paths-Date"; - AUTHORIZATION_METHOD = "11PATHS"; - AUTHORIZATION_HEADER_FIELD_SEPARATOR = " "; - - UTC_STRING_FORMAT = "%Y-%m-%d %H:%M:%S"; - - X_11PATHS_HEADER_PREFIX = "X-11paths-"; - X_11PATHS_HEADER_SEPARATOR = ":"; - - @staticmethod - def set_host(host): - ''' - @param $host The host to be connected with (http://hostname) or (https://hostname) - ''' - if host.startswith("http://"): - Latch.API_HOST = host[len("http://"):] - Latch.API_PORT = 80 - Latch.API_HTTPS = False - elif host.startswith("https://"): - Latch.API_HOST = host[len("https://"):] - Latch.API_PORT = 443 - Latch.API_HTTPS = True - - @staticmethod - def set_proxy(proxy, port): - ''' - Enable using a Proxy to connect through - @param $proxy The proxy server - @param $port The proxy port number - ''' - Latch.API_PROXY = proxy - Latch.API_PROXY_PORT = port - - @staticmethod - def get_part_from_header(part, header): - ''' - The custom header consists of three parts, the method, the appId and the signature. - This method returns the specified part if it exists. - @param $part The zero indexed part to be returned - @param $header The HTTP header value from which to extract the part - @return string the specified part from the header or an empty string if not existent - ''' - if (header): - parts = header.split(Latch.AUTHORIZATION_HEADER_FIELD_SEPARATOR); - if(len(parts) >= part): - return parts[part] - return "" - - @staticmethod - def get_auth_method_from_header(authorizationHeader): - ''' - @param $authorizationHeader Authorization HTTP Header - @return string the Authorization method. Typical values are "Basic", "Digest" or "11PATHS" - ''' - return Latch.get_part_from_header(0, authorizationHeader) - - @staticmethod - def get_app_id_from_header(authorizationHeader): - ''' - @param $authorizationHeader Authorization HTTP Header - @return string the requesting application Id. Identifies the application using the API - ''' - return Latch.get_part_from_header(1, authorizationHeader) - - @staticmethod - def get_signature_from_header(authorizationHeader): - ''' - @param $authorizationHeader Authorization HTTP Header - @return string the signature of the current request. Verifies the identity of the application using the API - ''' - return Latch.get_part_from_header(2, authorizationHeader) - - - def __init__(self, appId, secretKey): - ''' - Create an instance of the class with the Application ID and secret obtained from Eleven Paths - @param $appId - @param $secretKey - ''' - self.appId = appId - self.secretKey = secretKey - - - - - def _http_get(self, url, xHeaders=None): - ''' - HTTP GET Request to the specified API endpoint - @param $string $url - @param $string $xHeaders - @return LatchResponse - ''' - try: - # Try to use the new Python3 HTTP library if available - import http.client as http - except: - # Must be using Python2 so use the appropriate library - import httplib as http - - authHeaders = self.authentication_headers("GET", url, xHeaders) - #print(headers) - if Latch.API_PROXY != None: - if Latch.API_HTTPS: - conn = http.HTTPSConnection(Latch.API_PROXY, Latch.API_PROXY_PORT) - conn.set_tunnel(Latch.API_HOST, Latch.API_PORT) - else: - conn = http.HTTPConnection(Latch.API_PROXY, Latch.API_PROXY_PORT) - url = "http://" + Latch.API_HOST + url - else: - if Latch.API_HTTPS: - conn = http.HTTPSConnection(Latch.API_HOST, Latch.API_PORT) - else: - conn = http.HTTPConnection(Latch.API_HOST, Latch.API_PORT) - - try: - conn.request("GET", url, headers=authHeaders) - response = conn.getresponse() - - responseData = response.read().decode('utf8') - #print("response:" + responseData) - conn.close(); - ret = LatchResponse(responseData) - except: - ret = LatchResponse("{}") - - return ret - - - def pairWithId(self, accountId): - return self._http_get(self.API_PAIR_WITH_ID_URL + "/" + accountId) - - def pair(self, token): - return self._http_get(self.API_PAIR_URL + "/" + token) - - def status(self, accountId): - return self._http_get(self.API_CHECK_STATUS_URL + "/" + accountId) - - def operationStatus(self, accountId, operationId): - return self._http_get(self.API_CHECK_STATUS_URL + "/" + accountId + "/op/" + operationId) - - def unpair(self, accountId): - return self._http_get(self.API_UNPAIR_URL + "/" + accountId) - - - - - def sign_data(self, data): - ''' - @param $data the string to sign - @return string base64 encoding of the HMAC-SHA1 hash of the data parameter using {@code secretKey} as cipher key. - ''' - from hashlib import sha1 - import hmac - import binascii - - sha1Hash = hmac.new(self.secretKey.encode(), data.encode(), sha1) - return binascii.b2a_base64(sha1Hash.digest())[:-1].decode('utf8') - - - def authentication_headers(self, HTTPMethod, queryString, xHeaders=None, utc=None): - ''' - Calculate the authentication headers to be sent with a request to the API - @param $HTTPMethod the HTTP Method, currently only GET is supported - @param $queryString the urlencoded string including the path (from the first forward slash) and the parameters - @param $xHeaders HTTP headers specific to the 11-paths API. null if not needed. - @param $utc the Universal Coordinated Time for the Date HTTP header - @return array a map with the Authorization and Date headers needed to sign a Latch API request - ''' - if (not utc): - utc = Latch.get_current_UTC() - - utc = utc.strip() - - #logging.debug(HTTPMethod); - #logging.debug(queryString); - #logging.debug(utc); - - stringToSign = (HTTPMethod.upper().strip() + "\n" + - utc + "\n" + - self.get_serialized_headers(xHeaders) + "\n" + - queryString.strip()) - - authorizationHeader = (Latch.AUTHORIZATION_METHOD + Latch.AUTHORIZATION_HEADER_FIELD_SEPARATOR + - self.appId + Latch.AUTHORIZATION_HEADER_FIELD_SEPARATOR + - self.sign_data(stringToSign)) - - headers = dict() - headers[Latch.AUTHORIZATION_HEADER_NAME] = authorizationHeader; - headers[Latch.DATE_HEADER_NAME] = utc; - return headers - - - def get_serialized_headers(self, xHeaders): - ''' - Prepares and returns a string ready to be signed from the 11-paths specific HTTP headers received - @param $xHeaders a non neccesarily ordered map (array without duplicates) of the HTTP headers to be ordered. - @return string The serialized headers, an empty string if no headers are passed, or None if there's a problem such as non 11paths specific headers - ''' - if (xHeaders): - headers = dict((k.lower(), v) for k, v in xHeaders.iteritems()) - headers.sort() - serializedHeaders = "" - for key, value in headers: - if (not key.startsWith(Latch.X_11PATHS_HEADER_PREFIX.lower())): - logging.error("Error serializing headers. Only specific " + Latch.X_11PATHS_HEADER_PREFIX + " headers need to be singed") - return None - serializedHeaders += key + Latch.X_11PATHS_HEADER_SEPARATOR + value + " " - return serializedHeaders.strip() - else: - return "" - - @staticmethod - def get_current_UTC(): - ''' - @return a string representation of the current time in UTC to be used in a Date HTTP Header - ''' - import time - return time.strftime(Latch.UTC_STRING_FORMAT, time.gmtime()) - - diff --git a/test/black-box_test/python/pairwithid.py b/test/black-box_test/python/pairwithid.py deleted file mode 100644 index 5cfc1ae..0000000 --- a/test/black-box_test/python/pairwithid.py +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/env python -# -*- coding: UTF-8 -*- -# vim: set fileencoding=utf-8 -# Run as root - -''' - This script allows to pair our application with Latch in some UNIX systems (like Linux) - Copyright (C) 2013 Eleven Paths - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -''' - -import sys -import os -import latch - - - -## const - -USER_DEFAULT = 'testlatch' -ACCOUNT_EMAIL_DEFAULT = 'ivan.martin@11paths.com' - -LATCH_CONFIG_DEFAULT = '/etc/latch/latch.conf' -LATCH_ACCOUNTS_DEFAULT = '/etc/latch/latch.accounts' - - - -## functions - -def get_config(name, configFile=LATCH_CONFIG_DEFAULT): - - if os.path.isfile(configFile): - f = open(configFile,"r") - lines = f.readlines() - f.close() - - for line in lines: - words = line.split() - if len(words) == 3 and words[0] == name and words[1] == '=': - return words[2] - return None - - else: - print (configFile + " doesn't exist") - exit(1) - -def is_paired(user, accountsFile=LATCH_ACCOUNTS_DEFAULT): - if os.path.isfile(accountsFile): - f = open(accountsFile,"r") - lines = f.readlines() - f.close() - - for line in lines: - if line.startswith(user + ':'): - return True - return False - else: - print (accountsFile + " doesn't exist") - exit(1) - -def add_account(user, accountId, accountsFile=LATCH_ACCOUNTS_DEFAULT): - if os.path.isfile(accountsFile): - f = open (accountsFile, "a") - f.write(user + ": " + accountId + "\n") - f.close(); - else: - print (accountsFile + " doesn't exist") - exit(1) - - - -## main ## - -if len(sys.argv) == 4: - user = sys.argv[2] - accountEmail = sys.argv[3] -else: - user = USER_DEFAULT - accountEmail = ACCOUNT_EMAIL_DEFAULT - -if is_paired (user): - print (user + ' is already paired') - exit(0) - -secret_key = get_config("secret_key"); -app_id = get_config("app_id"); -latch_host = get_config("latch_host") - -api = latch.Latch(app_id, secret_key) -if latch_host != None: - latch.Latch.set_host(latch_host) - -res = api.pairWithId(accountEmail) - -responseData = res.get_data() -responseError = res.get_error() - -if 'accountId' in responseData: - accountId = responseData["accountId"] - add_account(user, accountId) - print (user + ' paired successfully') - exit(0) -else: - print ('Error pairing account: ' + str(responseError)) - exit(1) diff --git a/test/black-box_test/readme b/test/black-box_test/readme deleted file mode 100644 index e7f5b67..0000000 --- a/test/black-box_test/readme +++ /dev/null @@ -1,20 +0,0 @@ -## Prerrequisites -* Bash. -* Expect. - - -## Installation -* Install and configure the plugin -./configure && make && sudo make install - -* Edit App_id and Secret_key parameters, and add a test_op operation. - -* Execute test -sudo ./test.sh - -* Convert markdown file to pdf -> http://www.markdowntopdf.com/ - - -## Pendiente -test ssh pam: -- Programar expect para que cada vez que recibe "Password:" envie la respuestra programada como si fuera un bucle. diff --git a/test/black-box_test/test.sh b/test/black-box_test/test.sh deleted file mode 100755 index 46c760f..0000000 --- a/test/black-box_test/test.sh +++ /dev/null @@ -1,422 +0,0 @@ -#!/usr/bin/env bash -# run as root - - -## constants -OUTPUT_LOG=test.log -ACCOUNT_EMAIL=ivan.martin@11paths.com - -USER_TEST=testlatch -ADDRESS=$USER_TEST@localhost -SSH_KEYS_DIR=$HOME/.ssh -SSH_USER_TEST_KEYS_DIR=/home/$USER_TEST/.ssh - -PASSWD=$(echo $RANDOM$RANDOM$RANDOM | sha256sum | base64 | head -c 32) - - - -# functions - -function init_test { - sudo adduser $USER_TEST --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password > $OUTPUT_LOG 2>&1 - echo -e "$PASSWD\n$PASSWD\n" | sudo passwd $USER_TEST >> $OUTPUT_LOG 2>&1 - - # force unpair - sudo su $USER_TEST -c 'latch -u' >> $OUTPUT_LOG 2>&1 -} - -function end_test { - sudo su $USER_TEST -c 'latch -u' >> $OUTPUT_LOG 2>&1 - sudo deluser $USER_TEST >> $OUTPUT_LOG 2>&1 -} - -function prev_info { - if grep "testpath2.11paths.com" /etc/latch/latch.conf >> $OUTPUT_LOG 2>&1 ; then - local ENVIRONMENT=test - else - local ENVIRONMENT=produccion - fi - - local TEST_NAME=${1:-Indefinida} - local VERSION=$(latch -v) - local SYSTEM=$(lsb_release -d 2>&1 | cut -d ":" -f 2 2>&1) - local DATE=$(date) - - sed "s/TEST_NAME/$TEST_NAME/g" $OUTPUT_TEMPLATE | \ - sed "s/LATCH_ENVIRONMENT/$ENVIRONMENT/g" | \ - sed "s/LATCH_VERSION/$VERSION/g" | \ - sed "s/SYSTEM/$SYSTEM/g" | \ - sed "s/DATE/$DATE/g" > $OUTPUT_FILE - - sudo chmod a+rw $OUTPUT_FILE -} - -function request_token { - echo >&2 'Generate a token with your mobile phone, please.' - read -p 'Enter token: ' TOKEN - - echo "$TOKEN" -} - -function config_wrong { - sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - - sudo sed 's/app_id.*/app_id = XXXX/g' /etc/latch/latch_orig.conf | \ - sudo sed 's/secret_key.*/secret_key = XXXX/g' > /etc/latch/latch.conf - sudo chmod 600 /etc/latch/latch.conf -} - -function config_back { - if test -f /etc/latch/latch_orig.conf; then - sudo mv /etc/latch/latch_orig.conf /etc/latch/latch.conf - fi - sudo chmod 600 /etc/latch/latch.conf -} - -function config_open { - sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - - sudo sed 's/action.*/action = open/g' /etc/latch/latch_orig.conf > /etc/latch/latch.conf - sudo chmod 600 /etc/latch/latch.conf -} - -function config_close { - sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - - sudo sed 's/action.*/action = close/g' /etc/latch/latch_orig.conf > /etc/latch/latch.conf - sudo chmod 600 /etc/latch/latch.conf -} - -function network_down { - sudo ifconfig eth0 down - sleep 2 -} - -function network_up { - # ubuntu - sudo service network-manager restart >> $OUTPUT_LOG 2>&1 - sudo ifconfig eth0 up >> $OUTPUT_LOG 2>&1 - - # centos - sudo service network restart >> $OUTPUT_LOG 2>&1 - sudo ifup eth0 >> $OUTPUT_LOG 2>&1 - - sleep 20 -} - -function add_certs { - cp certs/* $SSH_KEYS_DIR >> $OUTPUT_LOG 2>&1 - - eval `ssh-agent` >> $OUTPUT_LOG 2>&1 - echo $SSH_AUTH_SOCK >> $OUTPUT_LOG 2>&1 - ssh-add $SSH_KEYS_DIR/id_rsa_testlatch >> $OUTPUT_LOG 2>&1 - - if [ ! -d $SSH_USER_TEST_KEYS_DIR ]; then - sudo mkdir $SSH_USER_TEST_KEYS_DIR - fi - - echo -n 'command="latch-shell -o sshd-keys" ' >> $SSH_USER_TEST_KEYS_DIR/authorized_keys - cat certs/id_rsa_testlatch.pub >> $SSH_USER_TEST_KEYS_DIR/authorized_keys -} - -function rm_certs { - if [ -d $SSH_USER_TEST_KEYS_DIR ]; then - test -f $SSH_USER_TEST_KEYS_DIR/authorized_keys && sed -i.bak '/latch-shell/d' $SSH_KEYS_DIR/authorized_keys - fi - - test -f $SSH_KEYS_DIR/id_rsa_testlatch.pub && sudo rm $SSH_KEYS_DIR/id_rsa_testlatch.pub - test -f $SSH_KEYS_DIR/id_rsa_testlatch && sudo rm $SSH_KEYS_DIR/id_rsa_testlatch -} - -function process_request { - local TEST_N="$1" - local REQUEST="$2" - - if [ "$3" = expect ]; then - expect -c "$REQUEST" | tee test_output.temp - local RESPONSE=$( cat test_output.temp 2>&1 ) - elif [ "$3" = simple ]; then - local RESPONSE=$( $REQUEST 2>&1 ) - else - local RESPONSE=$( sudo su $USER_TEST -c "$REQUEST" 2>&1 ) - fi - - local str1="TEST_"$TEST_N"_" - local str2="RESPONSE_"$TEST_N"_" - - local SED=$(echo "$RESPONSE" | sed ':begin;$!N;s/\n/newLine/;tbegin' | sed -e 's/[\/&]/\\&/g') - sudo sed -i.bak "s/$str1/$REQUEST/g" $OUTPUT_FILE - sudo sed -i.bak "s/$str2/$SED/g" $OUTPUT_FILE - sudo sed -i.bak 's/newLine/\n/g' $OUTPUT_FILE -} - -function ensure_paired_state { - sudo python python/pairwithid.py $USER_TEST $ACCOUNT_EMAIL >> $OUTPUT_LOG - - if [ "$?" = "1" ]; then - token=$( request_token ) - test_ x pair $token - fi -} - - -## tests - -function test_ { - - if [ "$2" == "pair" ]; then - case "$3" in - "blank") - local REQUEST="latch -p" - ;; - *) - local REQUEST="latch -p $3" - ;; - esac - - elif [ "$2" == "status" ]; then - local REQUEST="latch -s" - - elif [ "$2" == "unpair" ]; then - local REQUEST="latch -u" - - elif [ "$2" == "ssh-pam" ]; then - local P_OPTION=expect - rm_certs - - case "$3" in - "passone") - local REQUEST=' spawn ssh '$ADDRESS' whoami; \ - expect "Password:" { send "'$PASSWD'\r"}; \ - interact ' - ;; - - "passthree") - local REQUEST=' spawn ssh '$ADDRESS' whoami; \ - expect "Password:" { send "'$PASSWD'\r"}; \ - expect "Password:" { send "'$PASSWD'\r"}; \ - expect "Password:" { send "'$PASSWD'\r"}; \ - interact ' - ;; - - "passwrong") - local REQUEST=' spawn ssh '$ADDRESS' whoami; \ - expect "Password:" { send "XXXX\r"}; \ - expect "Password:" { send "XXXX\r"}; \ - expect "Password:" { send "XXXX\r"}; \ - interact ' - ;; - - "otp") - local REQUEST=' spawn ssh '$ADDRESS' whoami; \ - expect "Password:" { send "'$PASSWD'\r"}; \ - interact ' - ;; - - "otpwrong") - local REQUEST=' spawn ssh '$ADDRESS' whoami; \ - expect "Password:" { send "'$PASSWD'\r"}; \ - expect "One-time password:" { send "XXX\r"} ;\ - expect "Password:" { send "'$PASSWD'\r"}; \ - expect "One-time password:" { send "XXX\r"} ;\ - expect "Password:" { send "'$PASSWD'\r"}; \ - expect "One-time password:" { send "XXX\r"} ;\ - interact ' - ;; - - "otpblank") - local REQUEST='spawn ssh '$ADDRESS' whoami; \ - expect "Password:"; \ - send "'$PASSWD'\r"; \ - expect "One-time password:"; \ - send "\r"; \ - expect "Password:"; \ - send "'$PASSWD'\r"; \ - expect "One-time password:"; \ - send "\r"; \ - expect "Password:"; \ - send "'$PASSWD'\r"; \ - expect "One-time password:"; \ - send "\r"; \ - interact' - ;; - esac - - elif [ "$2" == "ssh-pkey" ]; then - local P_OPTION=simple - add_certs - local REQUEST='ssh '$ADDRESS' whoami' - - fi - - for arg in "$@"; do - case "$arg" in - "latch-on") - echo 'Lock your latch from mobile application, please.' - read - ;; - - "latch-off") - echo 'Unlock your latch from mobile application, please.' - read - ;; - - "latch-otp") - echo 'Unlock your ssh-login latch from mobile application and active OTP mode, please.' - read - ;; - - "invalid-configuration") - config_wrong - ;; - - "action-open") - config_open - ;; - - "action-close") - config_close - ;; - - esac - done - - process_request "$1" "$REQUEST" $P_OPTION - - config_back -} - - -## suit tests ## - -suit_test_pair () { - token=$( request_token ) - test_ 1 pair $token invalid-configuration - test_ 2 pair XXXXXX - test_ 3 pair blank - test_ 4 pair $token - test_ 5 pair $token -} - -suit_test_status () { - test_ 7 status latch-on - test_ 8 status latch-off -} - -suit_test_unpair () { - test_ 9 unpair - test_ 10 unpair -} - -suit_test_ssh_pam () { - test_ 1 ssh-pam passthree latch-on - test_ 2 ssh-pam passone latch-on invalid-configuration - test_ 3 ssh-pam passone latch-off - test_ 4 ssh-pam passwrong latch-otp - test_ 5 ssh-pam otp latch-otp - test_ 6 ssh-pam otpblank latch-otp - test_ 7 ssh-pam otpwrong latch-otp -} - -suit_test_ssh_pkey () { - test_ 8 ssh-pkey latch-on - test_ 9 ssh-pkey latch-off -} - -suit_test_without_network () { - network_down - - network_up -} - - - -## main ## - -if [ "$1" == "latch" ]; then - OUTPUT_FILE=informe_pruebas_latch.md - OUTPUT_TEMPLATE=informe_pruebas_latch.template - - init_test - - case "$2" in - "all") - prev_info "Completa" - suit_test_pair - suit_test_status - suit_test_unpair - ;; - - "pair") - prev_info "Pareado" - suit_test_pair - ;; - - "status") - prev_info "Consulta de estado de latch" - ensure_paired_state - suit_test_status - ;; - - "unpair") - prev_info "Despareado" - ensure_paired_state - suit_test_unpair - ;; - - "non-interactive") - prev_info "Sin interaccion persona-ordenador" - test_ 1 pair XXXXXX invalid-configuration - test_ 2 pair XXXXXX - test_ 3 pair blank - ensure_paired_state - test_ 5 pair XXXXXX - - test_ 7 status - - suit_test_unpair - ;; - - *) - esac - - end_test - -elif [ "$1" == "ssh" ]; then - OUTPUT_FILE=informe_pruebas_ssh.md - OUTPUT_TEMPLATE=informe_pruebas_ssh.template - - init_test - ensure_paired_state - - case "$2" in - "all") - prev_info "Completa" - suit_test_ssh_pam - suit_test_ssh_pkey - ;; - "pam") - prev_info "PAM" - suit_test_ssh_pam - ;; - - "pkey") - prev_info "Public-private keys" - suit_test_ssh_pkey - ;; - - "non-interactive") - prev_info "Sin interaccion persona-ordenador" - ;; - - *) - esac - - end_test - -else - # superuser required - echo 'Usage: sudo ./test.sh latch [ all | pair | status | unpair | non-interactive ]' - echo ' ssh [ all | pam | pkey | non-interactive ]' -fi - diff --git a/test/installation_test/check_configure.sh b/test/installation_test/check_configure.sh deleted file mode 100755 index 5840fd1..0000000 --- a/test/installation_test/check_configure.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/env bash -# run as root - -RESULTS_TXT=test/installation/text-results.txt - - -assert_sysconf () { - echo "assert sysconf: $1" >> $RESULTS_TXT - test -d $1/latch && \ - stat -c '%U' $1/latch/latch.accounts | grep root && \ - stat -c '%a' $1/latch/latch.accounts | grep "600" && \ - stat -c '%U' $1/latch/latch.conf | grep root && \ - stat -c '%a' $1/latch/latch.conf | grep "600" && \ - echo "...passed" >> $RESULTS_TXT -} - -assert_binary () { - echo "assert binary: $1" >> $RESULTS_TXT - test -f $1 && \ - stat -c '%U' $1 | grep root && \ - stat -c '%a' $1 | grep "4755" && \ - echo "...passed" >> $RESULTS_TXT -} - - -test_no_flags () { - ./configure - make - sudo make install - - echo "TEST_NO_FLAGS" >> $RESULTS_TXT - assert_sysconf /usr/local/etc/ - assert_binary /usr/local/bin/latch - assert_binary /usr/local/bin/latch-ssh-cmd - echo >> $RESULTS_TXT - - sudo make uninstall -} - -test_sysconfdir_flag () { - ./configure --sysconfdir=$1 - make - sudo make install - - echo "TEST_SYSCONFDIR_FLAG -> sysconfdir=$1" >> $RESULTS_TXT - assert_sysconf $1 - assert_binary /usr/local/bin/latch - assert_binary /usr/local/bin/latch-ssh-cmd - echo >> $RESULTS_TXT - - sudo make uninstall -} - -test_bindir_flag () { - ./configure --bindir=$1 - make - sudo make install - - echo "TEST_BINDIR_FLAG -> bindir=$1" >> $RESULTS_TXT - assert_sysconf /usr/local/etc/ - assert_binary $1/latch - assert_binary $1/latch-ssh-cmd - echo >> $RESULTS_TXT - - sudo make uninstall -} - -test_prefix_flag () { - ./configure --prefix=$1 - make - sudo make install - - echo "TEST_PREFIX_FLAG -> prefix=$1" >> $RESULTS_TXT - assert_sysconf $1/etc/ - assert_binary $1/bin/latch - assert_binary $1/bin/latch-ssh-cmd - echo >> $RESULTS_TXT - - sudo make uninstall -} - - - -### main ### -cd ../../ - -echo "--CONFIGURE TEST BEGIN--" > $RESULTS_TXT -test_no_flags -test_sysconfdir_flag /etc -test_bindir_flag /usr/bin -test_prefix_flag /usr -test_prefix_flag /opt/latch -echo "--CONFIGURE TEST END--" >> $RESULTS_TXT \ No newline at end of file diff --git a/test/internal_test/certs/id_rsa_testlatch b/test/internal_test/certs/id_rsa_testlatch deleted file mode 100644 index 473a2c4..0000000 --- a/test/internal_test/certs/id_rsa_testlatch +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAx7BJy/xp7QSUH9QNZM49cNleeQkgk/VKwrkL3m0IDyCMX/6r -PKopxN81ZaLdzFaTCwhxrIji/1w71kk12fvdopPiY69vC5CdUvmuX6OTkKdc9MB5 -U9aftaSdyvqCxT+S12GIff+TuEGvAFJgZkX+xGK3weiinTlj6FpsZ7IN0Lm0XAqL -zhRfplQwYz1U6V+78cdsxoM/3ij3c/gGv9imlkLn+iHsCQGx7KjOxj1XpeIPtz+a -3BFULWPC4UvsdgI7gmN71PdILc8K3qgPPbeH2z3hIWCKPPSK9DJVMzlhs8FFsCuM -YE6Dm3ohc+G/ckOSQaqftImJLWyXpUfK9TFJyQIDAQABAoIBAQC7iY+1GMiuhYdL -YQ53Js5DJpH4IB9NdagRulIwQbu44TuUiAtvvOvfbjWqz0t4tbIBQZvoiuKNKqUz -uavungFnx3VtY3xpoxZtr/oY7foPd27wmbcYis+RexmKYLzh3LPevUW/94BXIrDl -H3hTdNcwvvmPDhlyiUyQEiQPOwSIicOwsx27Qbpra5nF88X2pwzoW2B4ZKEKu88I -G0T+eucEJFVOeRvruTNaSHzieIEoYDGeEfX6ccDKxWhvDU3lg0AwY9piFcYSfZAn -mxLJnxgZCwmtgY0pTjGHTJreToAwbU0k0wbg8ZCGHmHFxMP3HB3EbsIK1et6Q9iZ -qMAL+ScFAoGBAP/RC0slSeG3DGYVSKmKFHX3ypWMUpR+/9yKhFjl2iLC/zx9hUGH -1C8yy2DG6lNG3NJ0gIsj6YFNwBtI6KQ5WT/5B/1e2pFwQqPGtErV6SDlYOaU4EA2 -bUop27EdS3mtP5zIFwR1YdFqj4V+komqmw4E8oyD13+tVC6SaCLqkssfAoGBAMfU -8RNwIZnq8kU0e2OcO1DkmGLmu8zJMrSrLYHhbnKX1+JcbgntfDELPwoFTtFXZBAR -p/CRmq+FiSnO5GhQa5WbO90RnFMEKHTdQFE4LcJaE5ZP2GR//ZPDEDPlxpUW6sAJ -LMjz0ciU861KE97hZDWGSDzxXcXWGHkwWVzQR7YXAoGAD5QUYvwfVq6GA8VyClkN -S+3OGXNVKBPf0vdgfeVpdkp3rqBaOBZkdodaWUdjx7R+CBbuKQsD0ksA0uiKuk1/ -wOSSdvyKxOaYOE8GdbQ3ITi2wPP6AA8Qcr6/0TZefUduo0aQGEZpsY4StWdy1w1b -qevlNWdl/TF5+egSjWXJkLMCgYASbdT90e2HYF+PelOW0CW4RBy5okXXkQaYGuFL -hRrGfrJuMdAEIl69tyfNKMgoDkMwKDCwwvzdCxenP2lZJXGGjpZqwOEF1vBUNsNj -uiaeMeh0iFCQlC0yn16zKpGx1jc4FqCGt9W1BeejJ53FhEvVk9i9phTb1e7T3l2f -baXvaQKBgQC3BbsZRUn4QZzyf6GRzQwyXXCf0yv4KtnP3BWmTSz3Lt1jNkF38j2t -XtkACtYzS9ZxSqY7zlo6LSTn97Wj1Bm7bAmoaxm9S8kI6x0VkyFOuLp4ayeKLXfE -RSjtDs1nyx8Av2JODnxdXv052xproROsAG6TAC3ygOzyY1okh5A8gw== ------END RSA PRIVATE KEY----- diff --git a/test/internal_test/certs/id_rsa_testlatch.pub b/test/internal_test/certs/id_rsa_testlatch.pub deleted file mode 100644 index 473a2c4..0000000 --- a/test/internal_test/certs/id_rsa_testlatch.pub +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAx7BJy/xp7QSUH9QNZM49cNleeQkgk/VKwrkL3m0IDyCMX/6r -PKopxN81ZaLdzFaTCwhxrIji/1w71kk12fvdopPiY69vC5CdUvmuX6OTkKdc9MB5 -U9aftaSdyvqCxT+S12GIff+TuEGvAFJgZkX+xGK3weiinTlj6FpsZ7IN0Lm0XAqL -zhRfplQwYz1U6V+78cdsxoM/3ij3c/gGv9imlkLn+iHsCQGx7KjOxj1XpeIPtz+a -3BFULWPC4UvsdgI7gmN71PdILc8K3qgPPbeH2z3hIWCKPPSK9DJVMzlhs8FFsCuM -YE6Dm3ohc+G/ckOSQaqftImJLWyXpUfK9TFJyQIDAQABAoIBAQC7iY+1GMiuhYdL -YQ53Js5DJpH4IB9NdagRulIwQbu44TuUiAtvvOvfbjWqz0t4tbIBQZvoiuKNKqUz -uavungFnx3VtY3xpoxZtr/oY7foPd27wmbcYis+RexmKYLzh3LPevUW/94BXIrDl -H3hTdNcwvvmPDhlyiUyQEiQPOwSIicOwsx27Qbpra5nF88X2pwzoW2B4ZKEKu88I -G0T+eucEJFVOeRvruTNaSHzieIEoYDGeEfX6ccDKxWhvDU3lg0AwY9piFcYSfZAn -mxLJnxgZCwmtgY0pTjGHTJreToAwbU0k0wbg8ZCGHmHFxMP3HB3EbsIK1et6Q9iZ -qMAL+ScFAoGBAP/RC0slSeG3DGYVSKmKFHX3ypWMUpR+/9yKhFjl2iLC/zx9hUGH -1C8yy2DG6lNG3NJ0gIsj6YFNwBtI6KQ5WT/5B/1e2pFwQqPGtErV6SDlYOaU4EA2 -bUop27EdS3mtP5zIFwR1YdFqj4V+komqmw4E8oyD13+tVC6SaCLqkssfAoGBAMfU -8RNwIZnq8kU0e2OcO1DkmGLmu8zJMrSrLYHhbnKX1+JcbgntfDELPwoFTtFXZBAR -p/CRmq+FiSnO5GhQa5WbO90RnFMEKHTdQFE4LcJaE5ZP2GR//ZPDEDPlxpUW6sAJ -LMjz0ciU861KE97hZDWGSDzxXcXWGHkwWVzQR7YXAoGAD5QUYvwfVq6GA8VyClkN -S+3OGXNVKBPf0vdgfeVpdkp3rqBaOBZkdodaWUdjx7R+CBbuKQsD0ksA0uiKuk1/ -wOSSdvyKxOaYOE8GdbQ3ITi2wPP6AA8Qcr6/0TZefUduo0aQGEZpsY4StWdy1w1b -qevlNWdl/TF5+egSjWXJkLMCgYASbdT90e2HYF+PelOW0CW4RBy5okXXkQaYGuFL -hRrGfrJuMdAEIl69tyfNKMgoDkMwKDCwwvzdCxenP2lZJXGGjpZqwOEF1vBUNsNj -uiaeMeh0iFCQlC0yn16zKpGx1jc4FqCGt9W1BeejJ53FhEvVk9i9phTb1e7T3l2f -baXvaQKBgQC3BbsZRUn4QZzyf6GRzQwyXXCf0yv4KtnP3BWmTSz3Lt1jNkF38j2t -XtkACtYzS9ZxSqY7zlo6LSTn97Wj1Bm7bAmoaxm9S8kI6x0VkyFOuLp4ayeKLXfE -RSjtDs1nyx8Av2JODnxdXv052xproROsAG6TAC3ygOzyY1okh5A8gw== ------END RSA PRIVATE KEY----- diff --git a/test/internal_test/informe_pruebas_latch.template b/test/internal_test/informe_pruebas_latch.template deleted file mode 100644 index d438899..0000000 --- a/test/internal_test/informe_pruebas_latch.template +++ /dev/null @@ -1,185 +0,0 @@ -#Pruebas funcionales sobre plugin -*Generado automáticamente* - -**Prueba:** TEST_NAME -**Herramienta:** latch -**Entorno:** LATCH_ENVIRONMENT -**Versión:** LATCH_VERSION -**Sistema:** SYSTEM -**Fecha:** DATE - - -###1ª Prueba: Intento de pareo con configuración errónea de los valores Secret_key o Application_ID - -1º- Se establece una configuración errónea -2º- Se procede a intentar parear la aplicación - -``` -TEST_1_ -``` - -Response: -``` -RESPONSE_1_ -``` - -###2ª Prueba: Intento de pareo con introducción del token de pareo erróneo - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_2_ -``` - -Response: -``` -RESPONSE_2_ -``` - -###3ª Prueba: Intento de pareo con token en blanco (sin introducir nada) - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_3_ -``` - -Response: -``` -RESPONSE_3_ -``` - -###4ª Prueba: Intento de pareo con token correcto - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_4_ -``` - -Response: -``` -RESPONSE_4_ -``` - -###5ª Prueba: Intento de pareo estando previamente pareado - -1º- Se establece una configuración correcta -2º- Se procede a intentar parear la aplicación - -``` -TEST_5_ -``` - -Response: -``` -RESPONSE_5_ -``` - -###6ª Prueba: Intento de pareo con token correcto y la máquina sin conexión a Internet - -1º- Se desconecta la red -2º- Se establece una configuración correcta -3º- Se procede a intentar parear la aplicación - -``` -TEST_6_ -``` - -Response: -``` -RESPONSE_6_ -``` - -###7ª Prueba: Consulta de estado de bloqueo de cuenta mediante aplicación latch-UNIX pareada - -1º- Se procede a bloquear -2º- Se consulta el estado de latch - -``` -TEST_7_ -``` - -Response: -``` -RESPONSE_7_ -``` - -###8ª Prueba: Consulta de estado de desbloqueo de cuenta mediante aplicación latch-UNIX pareada - -1º- Se procede a desbloquear -2º- Se consulta el estado de latch - -``` -TEST_8_ -``` - -Response: -``` -RESPONSE_8_ -``` - -###9th test: Check locked operation status - -``` -TEST_9_ -``` - -Response: -``` -RESPONSE_9_ -``` - -###10th test: Check unlocked operation status - -``` -TEST_10_ -``` - -Response: -``` -RESPONSE_10_ -``` - -###11ª Prueba: Prueba de despareo - -1º- Se procede a desparear la cuenta - -``` -TEST_11_ -``` - -Response: -``` -RESPONSE_11_ -``` - -###12ª Prueba: Prueba de despareo estando previamente despareado - -1º- Se procede a desparear la cuenta - -``` -TEST_12_ -``` - -Response: -``` -RESPONSE_12_ -``` - -###13ª Prueba: Prueba de despareo sin conexión a Internet - -1º- Se desconecta la red -2º- Se procede a desparear la cuenta - -``` -TEST_13_ -``` - -Response: -``` -RESPONSE_13_ -``` diff --git a/test/internal_test/informe_pruebas_ssh.template b/test/internal_test/informe_pruebas_ssh.template deleted file mode 100644 index dd34968..0000000 --- a/test/internal_test/informe_pruebas_ssh.template +++ /dev/null @@ -1,138 +0,0 @@ -#Pruebas funcionales sobre plugin -*Generado automáticamente* - -**Prueba:** TEST_NAME -**Herramienta:** latch-ssh -**Entorno:** LATCH_ENVIRONMENT -**Versión:** LATCH_VERSION -**Sistema:** SYSTEM -**Fecha:** DATE - - - -###1ª Prueba: Bloqueo de cuenta SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a bloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_1_ -``` - -###2ª Prueba: Intento inicio de sesión con la cuenta bloqueada y la información del AppID y Secret Key han sido cambiados por el Administrador - -1º- Se establece una configuración errónea -2º- Se procede a activar el bloqueo de la cuenta en la aplicación del smartphone -3º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_2_ -``` - -###3ª Prueba: Desbloqueo de cuenta SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a desbloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_3_ -``` - -###4ª Prueba: Intento de inicio de sesión con una contraseña incorrecta, con el One Time Password activado - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce una contraseña incorrecta - -Interacción automatizada: -``` -RESPONSE_4_ -``` - -###5ª Prueba: Uso del One Time Password con cuenta desbloqueada - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce un OTP correcto - -Interacción automatizada: -``` -RESPONSE_5_ -``` - -###6ª Prueba: Uso del One Time Password en blanco con cuenta desbloqueada - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce un OTP en blanco - -Interacción automatizada: -``` -RESPONSE_6_ -``` - -###7ª Prueba: Uso del One Time Password erróneo con cuenta desbloqueada - -1º- Se procede a desbloquear y activar la opción del OTP -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada -3º- Se introduce un OTP erróneo - -Interacción automatizada: -``` -RESPONSE_7_ -``` - -###8ª Prueba: Bloqueo de clave SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a bloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -``` -TEST_8_ -``` - -Respuesta: -``` -RESPONSE_8_ -``` - -###9ª Prueba: Desbloqueo de clave SSH mediante aplicación latch-UNIX pareada - -1º- Se procede a desbloquear -2º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -``` -TEST_9_ -``` - -Respuesta: -``` -RESPONSE_9_ -``` - -###10ª Prueba: Bloqueo de cuenta SSH mediante aplicación latch-UNIX pareada y la máquina sin conexión a Internet, definiendo la opción por defecto como "open" - -1º- Se desconecta la red -2º- Se establece una configuración abierta por defecto -3º- Se procede a bloquear -4º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_10_ -``` - -###11ª Prueba: Desbloqueo de cuenta SSH mediante aplicación latch-UNIX pareada y la máquina sin conexión a Internet, definiendo la opción por defecto como "close" - -1º- Se desconecta la red -2º- Se establece una configuración cerrada por defecto -3º- Se procede a desbloquear -4º- Se intenta ejecutar el comando whoami con SSH en la cuenta pareada - -Interacción automatizada: -``` -RESPONSE_11_ -``` diff --git a/test/internal_test/readme b/test/internal_test/readme deleted file mode 100644 index 2d9845a..0000000 --- a/test/internal_test/readme +++ /dev/null @@ -1,21 +0,0 @@ -## Prerrequisites -* Bash. -* Expect. -* Latch-client-app tool. - - -## Installation -* Install and configure the plugin -./configure && make && sudo make install - -* Edit App_id and Secret_key parameters, and add a test_op operation. - -* Execute test -sudo ./test.sh - -* Convert markdown file to pdf -> http://www.markdowntopdf.com/ - - -## Pendiente -test ssh pam: -- Programar expect para que cada vez que recibe "Password:" envie la respuestra programada como si fuera un bucle. diff --git a/test/internal_test/sshd.exp b/test/internal_test/sshd.exp deleted file mode 100755 index d65f087..0000000 --- a/test/internal_test/sshd.exp +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/expect -f - - -set username [lindex $argv 0] -set password [lindex $argv 1] -set operation_id [lindex $argv 2] -set otp_option [lindex $argv 3] - -spawn ssh $username@localhost echo "ssh user authenticated!" - -expect { - "Password:" { - stty -echo - send "$password\r" - stty echo - exp_continue - } "One-time password:" { - if { $otp_option == "wrong" } { - set otp "XXXX" - } elseif { $otp_option == "blank" } { - set otp "" - } else { - set otp [exec latch-client-app otp $operation_id] - } - send "$otp\r" - exp_continue - } timeout { - send_user "connection to localhost timed out\n" - exit - } eof { - send_user \ - "connection to host failed: $expect_out(buffer)" - exit - } -} diff --git a/test/internal_test/test.sh b/test/internal_test/test.sh deleted file mode 100755 index ab71937..0000000 --- a/test/internal_test/test.sh +++ /dev/null @@ -1,375 +0,0 @@ -#!/usr/bin/env bash -# run as root - - -## constants -OUTPUT_LOG=test.log - -USER_TEST=testlatch -ADDRESS=$USER_TEST@localhost -SSH_KEYS_DIR=$HOME/.ssh -SSH_USER_TEST_KEYS_DIR=/home/$USER_TEST/.ssh - -PASSWD=$(echo $RANDOM$RANDOM$RANDOM | sha256sum | base64 | head -c 32) - - - -# functions - -function init_test { - sudo adduser $USER_TEST --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password > $OUTPUT_LOG 2>&1 - echo -e "$PASSWD\n$PASSWD\n" | sudo passwd $USER_TEST >> $OUTPUT_LOG 2>&1 - - # force unpair - sudo su $USER_TEST -c 'latch -u' >> $OUTPUT_LOG 2>&1 -} - -function end_test { - sudo su $USER_TEST -c 'latch -u' >> $OUTPUT_LOG 2>&1 - sudo deluser $USER_TEST >> $OUTPUT_LOG 2>&1 -} - -function prev_info { - if grep "testpath2.11paths.com" /etc/latch/latch.conf >> $OUTPUT_LOG 2>&1 ; then - local ENVIRONMENT=test - else - local ENVIRONMENT=produccion - fi - - local TEST_NAME=${1:-Indefinida} - local VERSION=$(latch -v) - local SYSTEM=$(lsb_release -d 2>&1 | cut -d ":" -f 2 2>&1) - local DATE=$(date) - - sed "s/TEST_NAME/$TEST_NAME/g" $OUTPUT_TEMPLATE | \ - sed "s/LATCH_ENVIRONMENT/$ENVIRONMENT/g" | \ - sed "s/LATCH_VERSION/$VERSION/g" | \ - sed "s/SYSTEM/$SYSTEM/g" | \ - sed "s/DATE/$DATE/g" > $OUTPUT_FILE - - sudo chmod a+rw $OUTPUT_FILE -} - -function config_wrong { - sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - - sudo sed 's/app_id.*/app_id = XXXX/g' /etc/latch/latch_orig.conf | \ - sudo sed 's/secret_key.*/secret_key = XXXX/g' > /etc/latch/latch.conf - sudo chmod 600 /etc/latch/latch.conf -} - -function config_back { - if test -f /etc/latch/latch_orig.conf; then - sudo mv /etc/latch/latch_orig.conf /etc/latch/latch.conf - fi - sudo chmod 600 /etc/latch/latch.conf -} - -function config_open { - sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - - sudo sed 's/action.*/action = open/g' /etc/latch/latch_orig.conf > /etc/latch/latch.conf - sudo chmod 600 /etc/latch/latch.conf -} - -function config_close { - sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - - sudo sed 's/action.*/action = close/g' /etc/latch/latch_orig.conf > /etc/latch/latch.conf - sudo chmod 600 /etc/latch/latch.conf -} - -function network_down { - sudo ifconfig eth0 down - sleep 2 -} - -function network_up { - # ubuntu - sudo service network-manager restart >> $OUTPUT_LOG 2>&1 - sudo ifconfig eth0 up >> $OUTPUT_LOG 2>&1 - - # centos - sudo service network restart >> $OUTPUT_LOG 2>&1 - sudo ifup eth0 >> $OUTPUT_LOG 2>&1 - - sleep 20 -} - -function add_certs { - cp certs/* $SSH_KEYS_DIR >> $OUTPUT_LOG 2>&1 - - eval `ssh-agent` >> $OUTPUT_LOG 2>&1 - echo $SSH_AUTH_SOCK >> $OUTPUT_LOG 2>&1 - ssh-add $SSH_KEYS_DIR/id_rsa_testlatch >> $OUTPUT_LOG 2>&1 - - if [ ! -d $SSH_USER_TEST_KEYS_DIR ]; then - sudo mkdir $SSH_USER_TEST_KEYS_DIR - fi - - echo -n 'command="latch-shell -o sshd-keys" ' >> $SSH_USER_TEST_KEYS_DIR/authorized_keys - cat certs/id_rsa_testlatch.pub >> $SSH_USER_TEST_KEYS_DIR/authorized_keys -} - -function rm_certs { - if [ -d $SSH_USER_TEST_KEYS_DIR ]; then - test -f $SSH_USER_TEST_KEYS_DIR/authorized_keys && sed -i.bak '/latch-shell/d' $SSH_KEYS_DIR/authorized_keys - fi - - test -f $SSH_KEYS_DIR/id_rsa_testlatch.pub && sudo rm $SSH_KEYS_DIR/id_rsa_testlatch.pub - test -f $SSH_KEYS_DIR/id_rsa_testlatch && sudo rm $SSH_KEYS_DIR/id_rsa_testlatch -} - -function process_request { - local TEST_N="$1" - local REQUEST="$2" - - if [ "$3" = expect ]; then - local RESPONSE=$( $REQUEST 2>&1 ) - elif [ "$3" = simple ]; then - local RESPONSE=$( $REQUEST 2>&1 ) - else - local RESPONSE=$( sudo su $USER_TEST -c "$REQUEST" 2>&1 ) - fi - - local str1="TEST_"$TEST_N"_" - local str2="RESPONSE_"$TEST_N"_" - - local SED=$(echo "$RESPONSE" | sed ':begin;$!N;s/\n/newLine/;tbegin' | sed -e 's/[\/&]/\\&/g') - sudo sed -i.bak "s/$str1/$REQUEST/g" $OUTPUT_FILE - sudo sed -i.bak "s/$str2/$SED/g" $OUTPUT_FILE - sudo sed -i.bak 's/newLine/\n/g' $OUTPUT_FILE -} - -function ensure_paired_state { - local token=$( latch-client-app pairingcode ) - local exp="latch -p $token" - - sudo su $USER_TEST -c "$exp" -} - - -## tests - -function test_ { - - if [ "$2" == "pair" ]; then - case "$3" in - "blank") - local REQUEST="latch -p" - ;; - *) - local REQUEST="latch -p $3" - ;; - esac - - elif [ "$2" == "status" ]; then - case "$3" in - "op") - local OPERATION_NAME=$4 - local REQUEST="latch -o $4" - ;; - *) - local OPERATION_NAME=app_id - local REQUEST="latch -s" - ;; - esac - - elif [ "$2" == "unpair" ]; then - local REQUEST="latch -u" - - elif [ "$2" == "ssh-pam" ]; then - local OPERATION_NAME=sshd-login - local P_OPTION=expect - rm_certs - - case "$3" in - "password") - local REQUEST="./sshd.exp $ADDRESS $PASSWD" - ;; - - "passwrong") - local REQUEST="./sshd.exp $ADDRESS XXXX" - ;; - - "otp") - local OPERATION_ID=$( sudo latch-client-app --config getid $OPERATION_NAME ) - local REQUEST="./sshd.exp $ADDRESS $PASSWD $OPERATION_ID" - ;; - - "otpwrong") - local OPERATION_ID=$( sudo latch-client-app --config getid $OPERATION_NAME ) - local REQUEST="./sshd.exp $ADDRESS $PASSWD $OPERATION_ID wrong" - ;; - - "otpblank") - local OPERATION_ID=$( sudo latch-client-app --config getid $OPERATION_NAME ) - local REQUEST="./sshd.exp $ADDRESS $PASSWD $OPERATION_ID blank" - ;; - esac - - elif [ "$2" == "ssh-pkey" ]; then - local OPERATION_NAME=sshd-keys - local P_OPTION=simple - add_certs - local REQUEST='ssh '$ADDRESS' whoami' - - fi - - for arg in "$@"; do - case "$arg" in - "latch-on") - sudo latch-client-app lock -o $OPERATION_NAME - sleep 1 - ;; - - "latch-off") - sudo latch-client-app unlock -o $OPERATION_NAME off - sleep 1 - ;; - - "latch-otp") - sudo latch-client-app unlock -o $OPERATION_NAME on - sleep 1 - ;; - - "invalid-configuration") - config_wrong - ;; - - "action-open") - config_open - ;; - - "action-close") - config_close - ;; - - esac - done - - process_request "$1" "$REQUEST" $P_OPTION - - config_back -} - - -## suit tests ## - -suit_test_pair () { - token=$( latch-client-app pairingcode ) - test_ 1 pair $token invalid-configuration - test_ 2 pair XXXXXX - test_ 3 pair blank - test_ 4 pair $token - test_ 5 pair $token -} - -suit_test_status () { - test_ 7 status latch-on - test_ 8 status latch-off - test_ 9 status op test_op latch-on - test_ 10 status op test_op latch-off -} - -suit_test_unpair () { - test_ 11 unpair - test_ 12 unpair -} - -suit_test_ssh_pam () { - test_ 1 ssh-pam password latch-on - test_ 2 ssh-pam password latch-on invalid-configuration - test_ 3 ssh-pam password latch-off - test_ 4 ssh-pam passwrong latch-otp - test_ 5 ssh-pam otp latch-otp - test_ 6 ssh-pam otpblank latch-otp - test_ 7 ssh-pam otpwrong latch-otp -} - -suit_test_ssh_pkey () { - test_ 8 ssh-pkey latch-on - test_ 9 ssh-pkey latch-off -} - -suit_test_without_network () { - network_down - - network_up -} - - - -## main ## - -if [ "$1" == "latch" ]; then - OUTPUT_FILE=informe_pruebas_latch.md - OUTPUT_TEMPLATE=informe_pruebas_latch.template - - init_test - - case "$2" in - "all") - prev_info "Completa" - suit_test_pair - suit_test_status - suit_test_unpair - ;; - - "pair") - prev_info "Pareado" - suit_test_pair - ;; - - "status") - prev_info "Consulta de estado de latch" - ensure_paired_state - suit_test_status - ;; - - "unpair") - prev_info "Despareado" - ensure_paired_state - suit_test_unpair - ;; - - *) - esac - - end_test - -elif [ "$1" == "ssh" ]; then - OUTPUT_FILE=informe_pruebas_ssh.md - OUTPUT_TEMPLATE=informe_pruebas_ssh.template - - init_test - ensure_paired_state - - case "$2" in - "all") - prev_info "Completa" - suit_test_ssh_pam - suit_test_ssh_pkey - ;; - "pam") - prev_info "PAM" - suit_test_ssh_pam - ;; - - "pkey") - prev_info "Public-private keys" - suit_test_ssh_pkey - ;; - - *) - esac - - end_test - -else - # superuser required - echo 'Usage: sudo ./test.sh latch [ all | pair | status | unpair ]' - echo '' - echo 'version 1.0' -fi - diff --git a/test/white-box_test/latch/all_no_sudo_test.sh b/test/white-box_test/latch/all_no_sudo_test.sh deleted file mode 100755 index 74cea7b..0000000 --- a/test/white-box_test/latch/all_no_sudo_test.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -# no sudo tests -./test_accounts_access_error.sh -echo -./test_config_access_error.sh -echo diff --git a/test/white-box_test/latch/all_test.sh b/test/white-box_test/latch/all_test.sh deleted file mode 100755 index b0557c8..0000000 --- a/test/white-box_test/latch/all_test.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env bash -#run as root - -echo '###############' -echo ' Latch tests ' -echo '###############' -echo - - -# pair tests -./test_pair_bad_char_token.sh -echo -./test_pair_bad_length_token.sh -echo -sudo ./test_pair_invalid_app_and_secret.sh -echo -./test_pair_invalid_token.sh -echo - -# status tests -sudo ./test_status_without_acc_file.sh -echo -./test_status_not_paired.sh -echo -sudo ./test_status_invalid_app_and_secret.sh -echo -sudo ./test_status_invalid_account_id.sh -echo - -# operation status tests -sudo ./test_op_status_without_acc_file.sh -echo -./test_op_status_not_paired.sh -echo -./test_op_status_not_operation.sh -echo -sudo ./test_op_status_invalid_app_and_secret.sh -echo -sudo ./test_op_status_invalid_operation_id.sh -echo -sudo ./test_op_status_invalid_account_id.sh -echo - -# unpair tests -sudo ./test_unpair_without_acc_file.sh -echo -./test_unpair_not_paired.sh -echo -sudo ./test_unpair_success.sh -echo -sudo ./test_unpair_succ_with_other_same_acc_id_user.sh -echo - -# interactive tests -sudo ./test_generating_token.sh -echo - -# network tests -sudo ./test_without_network.sh -echo diff --git a/test/white-box_test/latch/responses.sh b/test/white-box_test/latch/responses.sh deleted file mode 100755 index 2553873..0000000 --- a/test/white-box_test/latch/responses.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env bash - -USER=$(whoami) - -TEST_ACCOUNTS_ACCESS_ERROR_RES="The user "$USER" doesn't have the correct permissions to write or read .*" -TEST_CONFIG_ACCESS_ERROR_RES="The user "$USER" doesn't have the correct permissions to read .*" - -TEST_PAIR_AFT_SUCC_PAIRED_RES="The user "$USER" is already paired with latch" -TEST_PAIR_BAD_CHAR_TOKEN_RES="Invalid token" -TEST_PAIR_BAD_LEN_TOKEN_RES="Invalid token" -TEST_PAIR_WITHOUT_NETWORK_RES="Error contacting latch servers" -TEST_PAIR_SUCCESS_RES="Account successfully paired to the user "$USER -TEST_PAIR_INVALID_APP_AND_SEC_RES="Invalid Application ID or Secret Key" -#TEST_PAIR_109_ERR_RES="Something went wrong. Review your date & time settings" -TEST_PAIR_INVALID_TOKEN_RES="Invalid token" -#TEST_PAIR_DEFAULT_ERR_RES="There has been an error pairing the user" - -TEST_STATUS_WITHOUT_ACC_FILE_RES="The user "$USER" is not paired with latch" -TEST_STATUS_NOT_PAIRED_RES="The user "$USER" is not paired with latch" -TEST_STATUS_WITHOUT_NETWORK_RES="Error contacting latch servers" -TEST_STATUS_OFF_RES="Status: latch not locked" -TEST_STATUS_ON_RES="Status: latch locked" -TEST_STATUS_INVALID_APP_AND_SEC_RES="Invalid Application ID or Secret Key" -#TEST_STATUS_109_ERR_RES="Something went wrong. Review your date & time settings" -#TEST_STATUS_201_ERR_RES="The user %s is not really paired with latch. Try to unpair and pair again" -TEST_STATUS_INVALID_ACC_ID_RES="There has been an error checking status for the user" - -TEST_OP_STATUS_WITHOUT_ACC_FILE_RES="The user "$USER" is not paired with latch" -TEST_OP_STATUS_NOT_PAIRED_RES="The user "$USER" is not paired with latch" -TEST_OP_STATUS_NOT_OPERATION_RES="Operation .* does not exist in " -TEST_OP_STATUS_WITHOUT_NETWORK_RES="Error contacting latch servers" -TEST_OP_STATUS_OFF_RES="Status: latch not locked" -TEST_OP_STATUS_ON_RES="Status: latch locked" -TEST_OP_STATUS_INVALID_APP_AND_SEC_RES="Invalid Application ID or Secret Key" -#TEST_OP_STATUS_109_ERR_RES="Something went wrong. Review your date & time settings" -TEST_OP_STATUS_301_ERR_RES="The user "$USER" is not really paired with latch or Invalid Operation ID" -TEST_OP_STATUS_INVALID_ACC_ID_RES="There has been an error checking status for the user" - -TEST_UNPAIR_WITHOUT_ACC_FILE_RES="The user "$USER" is not paired with latch" -TEST_UNPAIR_NOT_PAIRED_RES="The user "$USER" is not paired with latch" -TEST_UNPAIR_SUCC_WITH_OTHER_SAME_ACC_ID_PAIRED_USER_RES="Account belonging to the user "$USER" successfully unpaired from latch" -TEST_UNPAIR_SUCCESS_RES="Account belonging to the user "$USER" successfully unpaired from latch" diff --git a/test/white-box_test/latch/test_accounts_access_error.sh b/test/white-box_test/latch/test_accounts_access_error.sh deleted file mode 100755 index 03d5861..0000000 --- a/test/white-box_test/latch/test_accounts_access_error.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -echo 'Test latch accounts: without read-write permissions' -if latch -a /etc/latch/latch.accounts 2>&1 | grep "$TEST_ACCOUNTS_ACCESS_ERROR_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_config_access_error.sh b/test/white-box_test/latch/test_config_access_error.sh deleted file mode 100755 index 93a08af..0000000 --- a/test/white-box_test/latch/test_config_access_error.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -echo 'Test latch conf: without read permissions' -if latch -f /etc/latch/latch.conf 2>&1 | grep "$TEST_CONFIG_ACCESS_ERROR__RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_generating_token.sh b/test/white-box_test/latch/test_generating_token.sh deleted file mode 100755 index ef2784e..0000000 --- a/test/white-box_test/latch/test_generating_token.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -echo 'Generate a token with your mobile phone, please.' -read -p 'Enter token: ' TOKEN - - -echo 'Test latch pair: success' - -USER=$(whoami) -if latch -p $TOKEN 2>&1 | grep "$TEST_PAIR_SUCCESS_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' - - # force unpair - latch -u > /dev/null 2>&1 - exit -fi - - -echo 'Test latch pair: pair after success pair' -if latch -p $TOKEN 2>&1 | grep "$TEST_PAIR_AFT_SUCC_PAIRED_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - - -echo 'Test latch status: latch ON' -read -p 'Please, lock your latch in your mobile phone application. Then, press any key' -read -if latch -s 2>&1 | grep "$TEST_STATUS_ON_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - - -echo 'Test latch status: latch OFF' -read -p 'Please, open your latch in your mobile phone application. Then, press any key' -if latch -s 2>&1 | grep "$TEST_STATUS_OFF_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - - -echo 'Test latch operation status: latch ON' -read -p 'Please, lock your test_op latch in your mobile phone application. Then, press any key' -read -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_ON_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - - -echo 'Test latch operation status: latch OFF' -read -p 'Please, open your test_op latch in your mobile phone application. Then, press any key' -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_OFF_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -# force unpair -latch -u > /dev/null 2>&1 - diff --git a/test/white-box_test/latch/test_op_status_invalid_account_id.sh b/test/white-box_test/latch/test_op_status_invalid_account_id.sh deleted file mode 100755 index 86e0b43..0000000 --- a/test/white-box_test/latch/test_op_status_invalid_account_id.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -echo 'Test latch operation status: invalid account id' -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_INVALID_ACC_ID_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_op_status_invalid_app_and_secret.sh b/test/white-box_test/latch/test_op_status_invalid_app_and_secret.sh deleted file mode 100755 index 19b3034..0000000 --- a/test/white-box_test/latch/test_op_status_invalid_app_and_secret.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf -sudo sed 's/app_id.*/app_id = XXXX/g' /etc/latch/latch_orig.conf | \ -sudo sed 's/secret_key.*/secret_key = XXXX/g' > /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf - -echo 'Test latch operation status: invalid app_id and secret_key configuration' -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_INVALID_APP_AND_SEC_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.conf /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_op_status_invalid_operation_id.sh b/test/white-box_test/latch/test_op_status_invalid_operation_id.sh deleted file mode 100755 index b15653b..0000000 --- a/test/white-box_test/latch/test_op_status_invalid_operation_id.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - -sudo sed 's/test_op.*/test_op = xxxxxxxxxxxxxxxxxxxx/g' /etc/latch/latch_orig.conf > /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf - -echo 'Test latch operation status: invalid operation id' -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_301_ERR_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.conf /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_op_status_not_operation.sh b/test/white-box_test/latch/test_op_status_not_operation.sh deleted file mode 100755 index 278328e..0000000 --- a/test/white-box_test/latch/test_op_status_not_operation.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -USER=$(whoami) -echo 'Test latch operation status: non-existent operation' -if latch -o non_existent_operation 2>&1 | grep "$TEST_OP_STATUS_NOT_OPERATION_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_op_status_not_paired.sh b/test/white-box_test/latch/test_op_status_not_paired.sh deleted file mode 100755 index 3f20250..0000000 --- a/test/white-box_test/latch/test_op_status_not_paired.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -USER=$(whoami) -echo 'Test latch operation status: user not paired' -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_NOT_PAIRED_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_op_status_without_acc_file.sh b/test/white-box_test/latch/test_op_status_without_acc_file.sh deleted file mode 100755 index 29a981e..0000000 --- a/test/white-box_test/latch/test_op_status_without_acc_file.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -echo 'Test latch operation status: without account file' -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_WITHOUT_ACC_FILE_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_pair_bad_char_token.sh b/test/white-box_test/latch/test_pair_bad_char_token.sh deleted file mode 100755 index ee19304..0000000 --- a/test/white-box_test/latch/test_pair_bad_char_token.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -echo 'Test latch pair: bad character token' -if latch -p XXX*XX 2>&1 | grep "$TEST_PAIR_BAD_CHAR_TOKEN_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_pair_bad_length_token.sh b/test/white-box_test/latch/test_pair_bad_length_token.sh deleted file mode 100755 index 0e89efc..0000000 --- a/test/white-box_test/latch/test_pair_bad_length_token.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -echo 'Test latch pair: bad length token' -if latch -p XXXX 2>&1 | grep "$TEST_PAIR_BAD_LEN_TOKEN_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_pair_invalid_app_and_secret.sh b/test/white-box_test/latch/test_pair_invalid_app_and_secret.sh deleted file mode 100755 index 97b7e6b..0000000 --- a/test/white-box_test/latch/test_pair_invalid_app_and_secret.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf - -sudo sed 's/app_id.*/app_id = XXXX/g' /etc/latch/latch_orig.conf | \ -sudo sed 's/secret_key.*/secret_key = XXXX/g' > /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf - -echo 'Test latch pair: invalid app_id and secret_key configuration' -if latch -p XXXXXX 2>&1 | grep "$TEST_PAIR_INVALID_APP_AND_SEC_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.conf /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf diff --git a/test/white-box_test/latch/test_pair_invalid_token.sh b/test/white-box_test/latch/test_pair_invalid_token.sh deleted file mode 100755 index 78a591b..0000000 --- a/test/white-box_test/latch/test_pair_invalid_token.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -echo 'Test latch pair: invalid token' -if latch -p XXXXXX 2>&1 | grep "$TEST_PAIR_INVALID_TOKEN_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_status_invalid_account_id.sh b/test/white-box_test/latch/test_status_invalid_account_id.sh deleted file mode 100755 index 1441703..0000000 --- a/test/white-box_test/latch/test_status_invalid_account_id.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -echo 'Test latch status: invalid account id' -if latch -s 2>&1 | grep "$TEST_STATUS_INVALID_ACC_ID_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_status_invalid_app_and_secret.sh b/test/white-box_test/latch/test_status_invalid_app_and_secret.sh deleted file mode 100755 index 9f053c9..0000000 --- a/test/white-box_test/latch/test_status_invalid_app_and_secret.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -sudo mv /etc/latch/latch.conf /etc/latch/latch_orig.conf -sudo sed 's/app_id.*/app_id = XXXX/g' /etc/latch/latch_orig.conf | \ -sudo sed 's/secret_key.*/secret_key = XXXX/g' > /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf - -echo 'Test latch status: invalid app_id and secret_key configuration' -if latch -s 2>&1 | grep "$TEST_STATUS_INVALID_APP_AND_SEC_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.conf /etc/latch/latch.conf -sudo chmod 600 /etc/latch/latch.conf - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_status_not_paired.sh b/test/white-box_test/latch/test_status_not_paired.sh deleted file mode 100755 index 9d49b6e..0000000 --- a/test/white-box_test/latch/test_status_not_paired.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -USER=$(whoami) -echo 'Test latch status: user not paired' -if latch -s 2>&1 | grep "$TEST_STATUS_NOT_PAIRED_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_status_without_acc_file.sh b/test/white-box_test/latch/test_status_without_acc_file.sh deleted file mode 100755 index a3edb20..0000000 --- a/test/white-box_test/latch/test_status_without_acc_file.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -echo 'Test latch status: without account file' -if latch -s 2>&1 | grep "$TEST_STATUS_WITHOUT_ACC_FILE_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_unpair_not_paired.sh b/test/white-box_test/latch/test_unpair_not_paired.sh deleted file mode 100755 index 0a7365e..0000000 --- a/test/white-box_test/latch/test_unpair_not_paired.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -USER=$(whoami) -echo 'Test latch unpair: user not paired' -if latch -u 2>&1 | grep "$TEST_UNPAIR_NOT_PAIRED_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi diff --git a/test/white-box_test/latch/test_unpair_succ_with_other_same_acc_id_user.sh b/test/white-box_test/latch/test_unpair_succ_with_other_same_acc_id_user.sh deleted file mode 100755 index 96cb3f3..0000000 --- a/test/white-box_test/latch/test_unpair_succ_with_other_same_acc_id_user.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -echo 'Test latch unpair: success with other paired users with the same accountId' - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo echo $USER'2: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ ->> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -if latch -u 2>&1 | grep "$TEST_UNPAIR_SUCC_WITH_OTHER_SAME_ACC_ID_PAIRED_USER_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_unpair_success.sh b/test/white-box_test/latch/test_unpair_success.sh deleted file mode 100755 index 53307be..0000000 --- a/test/white-box_test/latch/test_unpair_success.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -echo 'Test latch unpair: success' - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -if latch -u 2>&1 | grep "$TEST_UNPAIR_SUCCESS_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_unpair_without_acc_file.sh b/test/white-box_test/latch/test_unpair_without_acc_file.sh deleted file mode 100755 index fffa993..0000000 --- a/test/white-box_test/latch/test_unpair_without_acc_file.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -# run as root -# import EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -echo 'Test latch unpair: without account file' -if latch -u 2>&1 | grep "$TEST_UNPAIR_WITHOUT_ACC_FILE_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts diff --git a/test/white-box_test/latch/test_without_network.sh b/test/white-box_test/latch/test_without_network.sh deleted file mode 100755 index 68c60aa..0000000 --- a/test/white-box_test/latch/test_without_network.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash -# run as root -# read EXPECTED RESPONSES VARS -. ./responses.sh - - -# force unpair -latch -u > /dev/null 2>&1 - - -echo 'getting down network...' -sudo ifconfig eth0 down -sleep 2 - - -echo 'Test latch pair: without network' - -if latch -p XXXXXX 2>&1 | grep "$TEST_PAIR_WITHOUT_NETWORK_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - - -echo 'Test latch status: without network' - -sudo mv /etc/latch/latch.accounts /etc/latch/latch_orig.accounts - -USER=$(whoami) -sudo echo $USER': xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -> /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - -if latch -s 2>&1 | grep "$TEST_STATUS_WITHOUT_NETWORK_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - - -echo 'Test latch operation status: without network' - -if latch -o test_op 2>&1 | grep "$TEST_OP_STATUS_WITHOUT_NETWORK_RES" > /dev/null 2>&1 -then - echo -e '\e[32mIt was great! =)\e[0m' -else - echo -e '\e[31mUpps.. Something was wrong :(\e[0m' -fi - -sudo mv /etc/latch/latch_orig.accounts /etc/latch/latch.accounts -sudo chmod 600 /etc/latch/latch.accounts - - - -echo 'geting up network...' - -# ubuntu -sudo service network-manager restart > /dev/null 2>&1 -sudo ifconfig eth0 up > /dev/null 2>&1 - -# centos -sudo service network restart > /dev/null 2>&1 -sudo ifup eth0 > /dev/null 2>&1 - -sleep 20 diff --git a/test/white-box_test/readme b/test/white-box_test/readme deleted file mode 100644 index cedad48..0000000 --- a/test/white-box_test/readme +++ /dev/null @@ -1,10 +0,0 @@ - -# Install and configure the plugin -./configure && make && sudo make install - -# Edit App_id and Secret_key parameters, and add a test_op operation. - -# Execute test -./all_no_sudo_test.sh -sudo ./all_test.sh - From 147f80b1acc017291879904d3dbcc9b7ee70df8c Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Sun, 16 Nov 2014 22:08:21 +0100 Subject: [PATCH 29/49] add tests --- test/TODO/SSH/readme | 1 + test/TODO/SSH/sshd.exp | 35 +++ .../TODO/installation_test/check_configure.sh | 93 ++++++ test/integration_test/adduser.sh | 9 + test/integration_test/latchtest.py | 283 ++++++++++++++++++ 5 files changed, 421 insertions(+) create mode 100644 test/TODO/SSH/readme create mode 100755 test/TODO/SSH/sshd.exp create mode 100755 test/TODO/installation_test/check_configure.sh create mode 100755 test/integration_test/adduser.sh create mode 100644 test/integration_test/latchtest.py diff --git a/test/TODO/SSH/readme b/test/TODO/SSH/readme new file mode 100644 index 0000000..92e5960 --- /dev/null +++ b/test/TODO/SSH/readme @@ -0,0 +1 @@ +Expect is used to automatically interact with system. Useful for testing SSH. diff --git a/test/TODO/SSH/sshd.exp b/test/TODO/SSH/sshd.exp new file mode 100755 index 0000000..d65f087 --- /dev/null +++ b/test/TODO/SSH/sshd.exp @@ -0,0 +1,35 @@ +#!/usr/bin/expect -f + + +set username [lindex $argv 0] +set password [lindex $argv 1] +set operation_id [lindex $argv 2] +set otp_option [lindex $argv 3] + +spawn ssh $username@localhost echo "ssh user authenticated!" + +expect { + "Password:" { + stty -echo + send "$password\r" + stty echo + exp_continue + } "One-time password:" { + if { $otp_option == "wrong" } { + set otp "XXXX" + } elseif { $otp_option == "blank" } { + set otp "" + } else { + set otp [exec latch-client-app otp $operation_id] + } + send "$otp\r" + exp_continue + } timeout { + send_user "connection to localhost timed out\n" + exit + } eof { + send_user \ + "connection to host failed: $expect_out(buffer)" + exit + } +} diff --git a/test/TODO/installation_test/check_configure.sh b/test/TODO/installation_test/check_configure.sh new file mode 100755 index 0000000..5840fd1 --- /dev/null +++ b/test/TODO/installation_test/check_configure.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash +# run as root + +RESULTS_TXT=test/installation/text-results.txt + + +assert_sysconf () { + echo "assert sysconf: $1" >> $RESULTS_TXT + test -d $1/latch && \ + stat -c '%U' $1/latch/latch.accounts | grep root && \ + stat -c '%a' $1/latch/latch.accounts | grep "600" && \ + stat -c '%U' $1/latch/latch.conf | grep root && \ + stat -c '%a' $1/latch/latch.conf | grep "600" && \ + echo "...passed" >> $RESULTS_TXT +} + +assert_binary () { + echo "assert binary: $1" >> $RESULTS_TXT + test -f $1 && \ + stat -c '%U' $1 | grep root && \ + stat -c '%a' $1 | grep "4755" && \ + echo "...passed" >> $RESULTS_TXT +} + + +test_no_flags () { + ./configure + make + sudo make install + + echo "TEST_NO_FLAGS" >> $RESULTS_TXT + assert_sysconf /usr/local/etc/ + assert_binary /usr/local/bin/latch + assert_binary /usr/local/bin/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + +test_sysconfdir_flag () { + ./configure --sysconfdir=$1 + make + sudo make install + + echo "TEST_SYSCONFDIR_FLAG -> sysconfdir=$1" >> $RESULTS_TXT + assert_sysconf $1 + assert_binary /usr/local/bin/latch + assert_binary /usr/local/bin/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + +test_bindir_flag () { + ./configure --bindir=$1 + make + sudo make install + + echo "TEST_BINDIR_FLAG -> bindir=$1" >> $RESULTS_TXT + assert_sysconf /usr/local/etc/ + assert_binary $1/latch + assert_binary $1/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + +test_prefix_flag () { + ./configure --prefix=$1 + make + sudo make install + + echo "TEST_PREFIX_FLAG -> prefix=$1" >> $RESULTS_TXT + assert_sysconf $1/etc/ + assert_binary $1/bin/latch + assert_binary $1/bin/latch-ssh-cmd + echo >> $RESULTS_TXT + + sudo make uninstall +} + + + +### main ### +cd ../../ + +echo "--CONFIGURE TEST BEGIN--" > $RESULTS_TXT +test_no_flags +test_sysconfdir_flag /etc +test_bindir_flag /usr/bin +test_prefix_flag /usr +test_prefix_flag /opt/latch +echo "--CONFIGURE TEST END--" >> $RESULTS_TXT \ No newline at end of file diff --git a/test/integration_test/adduser.sh b/test/integration_test/adduser.sh new file mode 100755 index 0000000..2a53d72 --- /dev/null +++ b/test/integration_test/adduser.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# run as root + +if [[ $1 != "" && $2 != "" ]]; then + sudo adduser $1 --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password + echo -e "$2\n$2\n" | sudo passwd $USER_TEST +else + echo "Usage: adduser.sh USERNAME PASSWORD" +fi diff --git a/test/integration_test/latchtest.py b/test/integration_test/latchtest.py new file mode 100644 index 0000000..b210cdf --- /dev/null +++ b/test/integration_test/latchtest.py @@ -0,0 +1,283 @@ +#!/usr/bin/env python +# -*- coding: UTF-8 -*- +# vim: set fileencoding=utf-8 +# Run as root + +''' + This script allows to test latch plugin + Copyright (C) 2013 Eleven Paths + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +''' + +import unittest +import random +import shutil +import os + +from subprocess import * + + + +def internal_test(f): + try: + import latchclient + except: + return + return f + + +def modify_conf(key, value, cfile="/etc/latch/latch.conf"): + if not os.path.isfile(cfile + ".orig"): + shutil.copy2(cfile, cfile + ".orig") + + f = open(cfile, "r") + lines = f.readlines() + f.close() + + f = open(cfile, "w") + for line in lines: + if line.startswith(key): + f.write(key + " = " + value + "\n") + else: + f.write(line) + f.close() + + shutil.copystat(cfile + ".orig", cfile) + +def modify_acc(key, value, afile="/etc/latch/latch.accounts"): + if not os.path.isfile(afile + ".orig"): + shutil.copy2(afile, afile + ".orig") + + f = open(afile, "r") + lines = f.readlines() + f.close() + + f = open(afile, "w") + f.write(key + ": " + value + "\n") + for line in lines: + f.write(line) + f.close() + + shutil.copystat(afile + ".orig", afile) + +def restore_file(f): + shutil.copy2(f + ".orig", f) + os.remove(f + ".orig") + +def getConfigParameter(name, configFile="/etc/latch/latch.conf"): + try: + f = open(configFile,"r") + except IOError as e: + return None + + lines = f.readlines() + f.close() + + for line in lines: + if line.find(name) != -1: + break; + + words = line.split() + if len(words) == 3: + return words[2] + return None + + +class TestLatch(unittest.TestCase): + + def setUp(self): + self.user = "latch_test_user" + self.password = str(random.random()) + call(["./adduser.sh", self.user, self.password], stdout=PIPE, stderr=PIPE) + + def tearDown(self): + call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + call(["sudo", "deluser", self.user], stdout=PIPE, stderr=PIPE) + + + def test_pair_with_invalid_configuration(self): + modify_conf("app_id", "XXXX") + + response = Popen(["sudo", "su", self.user, "-c", "latch -p XXXXXX"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + restore_file("/etc/latch/latch.conf") + self.assertEqual("Invalid Application ID or Secret Key\n", err) + + def test_pair_invalid_token(self): + response = Popen(["sudo", "su", self.user, "-c", "latch -p XXXXXX"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("Invalid token\n", err) + + def test_pair_invalid_token_len(self): + response = Popen(["sudo", "su", self.user, "-c", "latch -p XXXXXXXX"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("Invalid token\n", err) + + def test_pair_invalid_token_chars(self): + response = Popen(["sudo", "su", self.user, "-c", "latch -p *10OI_"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("Invalid token\n", err) + + def test_pair_blank_token(self): + response = Popen(["sudo", "su", self.user, "-c", "latch -p"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertTrue("Option -p requires an argument." in err) + + def test_status_being_unpaired(self): + call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + + response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + + def test_status_without_acc_file(self): + shutil.copy2("/etc/latch/latch.accounts", "/etc/latch/latch.accounts.orig") + os.remove("/etc/latch/latch.accounts") + + response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + restore_file("/etc/latch/latch.accounts") + + self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + + def test_status_invalid_acc_id(self): + modify_acc(self.user, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") + + response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + restore_file("/etc/latch/latch.accounts") + + self.assertEqual("The user " + self.user + " is not really paired with latch. Try to unpair and pair again.\n", err) + + def test_op_status_being_unpaired(self): + call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + + response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + + def test_op_status_without_acc_file(self): + shutil.copy2("/etc/latch/latch.accounts", "/etc/latch/latch.accounts.orig") + os.remove("/etc/latch/latch.accounts") + + response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + restore_file("/etc/latch/latch.accounts") + + self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + + def test_op_status_invalid_operation(self): + response = Popen(["sudo", "su", self.user, "-c", "latch -o invalid_op"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + self.assertEqual("Operation invalid_op does not exist in /etc/latch/latch.conf\n", err) + + def test_op_status_invalid_acc_id(self): + modify_acc(self.user, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") + + response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + restore_file("/etc/latch/latch.accounts") + + self.assertEqual("The user " + self.user + " is not really paired with latch. Try to unpair and pair again.\n", err) + + def test_unpair_being_unpaired(self): + call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + + response = Popen(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + + def test_unpair_without_acc_file(self): + shutil.copy2("/etc/latch/latch.accounts", "/etc/latch/latch.accounts.orig") + os.remove("/etc/latch/latch.accounts") + + response = Popen(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + restore_file("/etc/latch/latch.accounts") + + self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + + @internal_test + def test_all_correct(self): + import latchclient + + app = latchclient.LatchClient() + res = app.pairing_token() + token = res.get_data()["token"] + + # pair + response = Popen(["sudo", "su", self.user, "-c", "latch -p " + token], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("Account successfully paired to the user " + self.user + "\n", out) + + # try pair again + response = Popen(["sudo", "su", self.user, "-c", "latch -p " + token], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("The user " + self.user + " is already paired with latch\n", err) + + app_id = getConfigParameter("app_id") + app = latchclient.LatchClient() + app.status_update(app_id, "on") + + # status locked + response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertTrue("Status: latch locked\n", err) + + app.status_update(app_id, "off") + + # status unlocked + response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertTrue("Status: latch not locked\n", err) + + op_id = getConfigParameter("test_op") + app.status_update(op_id, "on") + + # operation status locked + response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertTrue("Status: latch locked\n", err) + + app.status_update(op_id, "off") + + # operation status unlocked + response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertTrue("Status: latch not locked\n", err) + + # status invalid configuration + modify_conf("app_id", "XXXX") + + response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + + restore_file("/etc/latch/latch.conf") + self.assertEqual("Invalid Application ID or Secret Key\n", err) + + # unpair + response = Popen(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + out, err = response.communicate() + self.assertEqual("Account belonging to the user " + self.user + " successfully unpaired from latch\n", out) + + + +if __name__ == '__main__': + unittest.main() From 7fe993d04f3401d26b4f3f2c417cd4ef2841533f Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 19 Nov 2014 08:41:08 +0100 Subject: [PATCH 30/49] fix test and add README --- test/integration_test/README.md | 31 ++++++ test/integration_test/latchtest.py | 157 +++++++++++++++-------------- 2 files changed, 112 insertions(+), 76 deletions(-) create mode 100644 test/integration_test/README.md diff --git a/test/integration_test/README.md b/test/integration_test/README.md new file mode 100644 index 0000000..315605f --- /dev/null +++ b/test/integration_test/README.md @@ -0,0 +1,31 @@ +#Latch-Unix integration Tests + +## Tests prerrequisites + +* Tested on Ubuntu 13.10, Debian 7.6. + +* Python 2.7.5+ is ok. + +* Extra: latchclient module. + + +# Latch-Unix installation and configuration. + +* Compile and install package. +``` +./configure prefix=/usr sysconfdir=/etc && make && sudo make install +``` + +* Configure latch-unix plugin correctly, adding an operation called . + + +# Tests usage +* if using the latchclient module, replace the following values: +``` +app.authenticate("THE_LATCH_ACCOUNT", "PASSWORD") +``` + +* Run python script. +``` +sudo python latchtest.py +``` diff --git a/test/integration_test/latchtest.py b/test/integration_test/latchtest.py index b210cdf..a127f39 100644 --- a/test/integration_test/latchtest.py +++ b/test/integration_test/latchtest.py @@ -21,6 +21,7 @@ import unittest import random +import re import shutil import os @@ -28,6 +29,10 @@ +LATCH_CONFIG_DEFAULT = "/etc/latch/latch.conf" +LATCH_ACC_DEFAULT = "/etc/latch/latch.accounts" + + def internal_test(f): try: import latchclient @@ -36,7 +41,7 @@ def internal_test(f): return f -def modify_conf(key, value, cfile="/etc/latch/latch.conf"): +def modify_conf(key, value, cfile=LATCH_CONFIG_DEFAULT): if not os.path.isfile(cfile + ".orig"): shutil.copy2(cfile, cfile + ".orig") @@ -54,7 +59,7 @@ def modify_conf(key, value, cfile="/etc/latch/latch.conf"): shutil.copystat(cfile + ".orig", cfile) -def modify_acc(key, value, afile="/etc/latch/latch.accounts"): +def modify_acc(key, value, afile=LATCH_ACC_DEFAULT): if not os.path.isfile(afile + ".orig"): shutil.copy2(afile, afile + ".orig") @@ -74,208 +79,208 @@ def restore_file(f): shutil.copy2(f + ".orig", f) os.remove(f + ".orig") -def getConfigParameter(name, configFile="/etc/latch/latch.conf"): - try: +def get_config(key, configFile=LATCH_CONFIG_DEFAULT): + if os.path.isfile(configFile): f = open(configFile,"r") - except IOError as e: - return None + lines = f.readlines() + f.close() - lines = f.readlines() - f.close() + for line in lines: + regex = r'\s*' + re.escape(key) + r'\s*=\s*(?P.+)' + res = re.match(regex, line) - for line in lines: - if line.find(name) != -1: - break; + if res != None: + return res.group('value') - words = line.split() - if len(words) == 3: - return words[2] return None class TestLatch(unittest.TestCase): - def setUp(self): - self.user = "latch_test_user" - self.password = str(random.random()) - call(["./adduser.sh", self.user, self.password], stdout=PIPE, stderr=PIPE) + @classmethod + def setUpClass(cls): + TestLatch.user = "latch_test_user" + TestLatch.password = str(random.random()) + call(["./adduser.sh", TestLatch.user, TestLatch.password], stdout=PIPE, stderr=PIPE) - def tearDown(self): - call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) - call(["sudo", "deluser", self.user], stdout=PIPE, stderr=PIPE) + @classmethod + def tearDownClass(cls): + call(["sudo", "su", TestLatch.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + call(["sudo", "deluser", TestLatch.user], stdout=PIPE, stderr=PIPE) def test_pair_with_invalid_configuration(self): modify_conf("app_id", "XXXX") - response = Popen(["sudo", "su", self.user, "-c", "latch -p XXXXXX"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -p XXXXXX"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - restore_file("/etc/latch/latch.conf") + restore_file(LATCH_CONFIG_DEFAULT) self.assertEqual("Invalid Application ID or Secret Key\n", err) def test_pair_invalid_token(self): - response = Popen(["sudo", "su", self.user, "-c", "latch -p XXXXXX"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -p XXXXXX"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertEqual("Invalid token\n", err) def test_pair_invalid_token_len(self): - response = Popen(["sudo", "su", self.user, "-c", "latch -p XXXXXXXX"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -p XXXXXXXX"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertEqual("Invalid token\n", err) def test_pair_invalid_token_chars(self): - response = Popen(["sudo", "su", self.user, "-c", "latch -p *10OI_"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -p *10OI_"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertEqual("Invalid token\n", err) def test_pair_blank_token(self): - response = Popen(["sudo", "su", self.user, "-c", "latch -p"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -p"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertTrue("Option -p requires an argument." in err) def test_status_being_unpaired(self): - call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + call(["sudo", "su", TestLatch.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) - response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + self.assertEqual("The user " + TestLatch.user + " is not paired with latch\n", err) def test_status_without_acc_file(self): - shutil.copy2("/etc/latch/latch.accounts", "/etc/latch/latch.accounts.orig") - os.remove("/etc/latch/latch.accounts") + shutil.copy2(LATCH_ACC_DEFAULT, LATCH_ACC_DEFAULT + ".orig") + os.remove(LATCH_ACC_DEFAULT) - response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - restore_file("/etc/latch/latch.accounts") + restore_file(LATCH_ACC_DEFAULT) - self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + self.assertEqual("The user " + TestLatch.user + " is not paired with latch\n", err) def test_status_invalid_acc_id(self): - modify_acc(self.user, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") + modify_acc(TestLatch.user, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") - response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - restore_file("/etc/latch/latch.accounts") + restore_file(LATCH_ACC_DEFAULT) - self.assertEqual("The user " + self.user + " is not really paired with latch. Try to unpair and pair again.\n", err) + self.assertEqual("The user " + TestLatch.user + " is not really paired with latch. Try to unpair and pair again.\n", err) def test_op_status_being_unpaired(self): - call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + call(["sudo", "su", TestLatch.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) - response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + self.assertEqual("The user " + TestLatch.user + " is not paired with latch\n", err) def test_op_status_without_acc_file(self): - shutil.copy2("/etc/latch/latch.accounts", "/etc/latch/latch.accounts.orig") - os.remove("/etc/latch/latch.accounts") + shutil.copy2(LATCH_ACC_DEFAULT, LATCH_ACC_DEFAULT + ".orig") + os.remove(LATCH_ACC_DEFAULT) - response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - restore_file("/etc/latch/latch.accounts") + restore_file(LATCH_ACC_DEFAULT) - self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + self.assertEqual("The user " + TestLatch.user + " is not paired with latch\n", err) def test_op_status_invalid_operation(self): - response = Popen(["sudo", "su", self.user, "-c", "latch -o invalid_op"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -o invalid_op"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - self.assertEqual("Operation invalid_op does not exist in /etc/latch/latch.conf\n", err) + self.assertEqual("Operation invalid_op does not exist in " + LATCH_CONFIG_DEFAULT + "\n", err) def test_op_status_invalid_acc_id(self): - modify_acc(self.user, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") + modify_acc(TestLatch.user, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") - response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - restore_file("/etc/latch/latch.accounts") + restore_file(LATCH_ACC_DEFAULT) - self.assertEqual("The user " + self.user + " is not really paired with latch. Try to unpair and pair again.\n", err) + self.assertEqual("The user " + TestLatch.user + " is not really paired with latch. Try to unpair and pair again.\n", err) def test_unpair_being_unpaired(self): - call(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + call(["sudo", "su", TestLatch.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) - response = Popen(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + self.assertEqual("The user " + TestLatch.user + " is not paired with latch\n", err) def test_unpair_without_acc_file(self): - shutil.copy2("/etc/latch/latch.accounts", "/etc/latch/latch.accounts.orig") - os.remove("/etc/latch/latch.accounts") + shutil.copy2(LATCH_ACC_DEFAULT, LATCH_ACC_DEFAULT + ".orig") + os.remove(LATCH_ACC_DEFAULT) - response = Popen(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - restore_file("/etc/latch/latch.accounts") + restore_file(LATCH_ACC_DEFAULT) - self.assertEqual("The user " + self.user + " is not paired with latch\n", err) + self.assertEqual("The user " + TestLatch.user + " is not paired with latch\n", err) @internal_test def test_all_correct(self): import latchclient app = latchclient.LatchClient() + app.authenticate("THE_LATCH_ACCOUNT", "PASSWORD") + res = app.pairing_token() token = res.get_data()["token"] # pair - response = Popen(["sudo", "su", self.user, "-c", "latch -p " + token], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -p " + token], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - self.assertEqual("Account successfully paired to the user " + self.user + "\n", out) + self.assertEqual("Account successfully paired to the user " + TestLatch.user + "\n", out) # try pair again - response = Popen(["sudo", "su", self.user, "-c", "latch -p " + token], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -p " + token], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - self.assertEqual("The user " + self.user + " is already paired with latch\n", err) + self.assertEqual("The user " + TestLatch.user + " is already paired with latch\n", err) - app_id = getConfigParameter("app_id") - app = latchclient.LatchClient() + app_id = get_config("app_id") app.status_update(app_id, "on") # status locked - response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertTrue("Status: latch locked\n", err) app.status_update(app_id, "off") # status unlocked - response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertTrue("Status: latch not locked\n", err) - op_id = getConfigParameter("test_op") + op_id = get_config("test_op") app.status_update(op_id, "on") # operation status locked - response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertTrue("Status: latch locked\n", err) app.status_update(op_id, "off") # operation status unlocked - response = Popen(["sudo", "su", self.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -o test_op"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() self.assertTrue("Status: latch not locked\n", err) # status invalid configuration modify_conf("app_id", "XXXX") - response = Popen(["sudo", "su", self.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -s"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - restore_file("/etc/latch/latch.conf") + restore_file(LATCH_CONFIG_DEFAULT) self.assertEqual("Invalid Application ID or Secret Key\n", err) # unpair - response = Popen(["sudo", "su", self.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) + response = Popen(["sudo", "su", TestLatch.user, "-c", "latch -u"], stdout=PIPE, stderr=PIPE) out, err = response.communicate() - self.assertEqual("Account belonging to the user " + self.user + " successfully unpaired from latch\n", out) + self.assertEqual("Account belonging to the user " + TestLatch.user + " successfully unpaired from latch\n", out) From 147ee8e45a6cf7a17f9cac5868dd84fc62032b56 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 19 Nov 2014 08:45:09 +0100 Subject: [PATCH 31/49] update tests readme --- test/integration_test/README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/integration_test/README.md b/test/integration_test/README.md index 315605f..83aa637 100644 --- a/test/integration_test/README.md +++ b/test/integration_test/README.md @@ -9,17 +9,18 @@ * Extra: latchclient module. -# Latch-Unix installation and configuration. +## Latch-Unix installation and configuration. * Compile and install package. ``` ./configure prefix=/usr sysconfdir=/etc && make && sudo make install ``` -* Configure latch-unix plugin correctly, adding an operation called . +* Configure latch-unix plugin correctly, adding an operation called **"test_op"**. -# Tests usage +## Tests usage + * if using the latchclient module, replace the following values: ``` app.authenticate("THE_LATCH_ACCOUNT", "PASSWORD") From 1ab5478af931ce3ec1a853ce2e13991e9ace586f Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 19 Nov 2014 09:01:52 +0100 Subject: [PATCH 32/49] update ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 59a5c67..652943c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ * latch_1.1. +- Update latch-Sdk (October 2014) - Fix error when sysconf call fails. - Use minimum privileges policy. - Allow local installation. From 0f88120e4ec32929990b0ffdef3d6d3581bc6e67 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 2 Dec 2014 09:55:25 +0100 Subject: [PATCH 33/49] fix undetected failure --- src/latch_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/latch_unix.c b/src/latch_unix.c index 505256b..73fa958 100644 --- a/src/latch_unix.c +++ b/src/latch_unix.c @@ -113,7 +113,7 @@ static int latch_unpair(const char *username, const char *pAccountId, const char printf("%s\n", RESTORE_PRIVS_ERROR_MSG); } - if (deleteAccountId(username, accountsFile) == -1) { + if (deleteAccountId(username, accountsFile) != 0) { fprintf(stderr, "%s %s\n", WRITE_ACC_FILE_ERROR_MSG, accountsFile); free((char*)pAccountId); return 1; From d2d1eeab9ecc54f4491d6ef30c31e2eb7a030a55 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 2 Dec 2014 09:56:33 +0100 Subject: [PATCH 34/49] add .idea files to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index d7c2fa4..f055dcd 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ *.so *.lo *.la +.idea/* From 9aa047477b49e44664f7a91f71c59bc6d8ce9180 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 2 Dec 2014 09:59:31 +0100 Subject: [PATCH 35/49] update OSX examples --- examples/OSX/etc/pam.d/authorization | 2 +- examples/OSX/etc/pam.d/sshd | 2 +- examples/OSX/etc/pam.d/sudo | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/OSX/etc/pam.d/authorization b/examples/OSX/etc/pam.d/authorization index ba7250a..82875a4 100644 --- a/examples/OSX/etc/pam.d/authorization +++ b/examples/OSX/etc/pam.d/authorization @@ -2,5 +2,5 @@ auth optional pam_krb5.so use_first_pass use_kcminit auth optional pam_ntlm.so use_first_pass auth required pam_opendirectory.so use_first_pass nullok -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=no +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=no account required pam_opendirectory.so diff --git a/examples/OSX/etc/pam.d/sshd b/examples/OSX/etc/pam.d/sshd index e2276a6..1c2ffd2 100644 --- a/examples/OSX/etc/pam.d/sshd +++ b/examples/OSX/etc/pam.d/sshd @@ -3,7 +3,7 @@ account required pam_krb5.so use_kcminit auth optional pam_ntlm.so try_first_pass auth optional pam_mount.so try_first_pass auth requisite pam_opendirectory.so try_first_pass -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sshd-login otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sshd-login otp=yes account required pam_nologin.so account required pam_sacl.so sacl_service=ssh account required pam_opendirectory.so diff --git a/examples/OSX/etc/pam.d/sudo b/examples/OSX/etc/pam.d/sudo index b408ace..382492b 100644 --- a/examples/OSX/etc/pam.d/sudo +++ b/examples/OSX/etc/pam.d/sudo @@ -1,6 +1,6 @@ # sudo: auth account password session auth requisite pam_opendirectory.so -#auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sudo otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sudo otp=yes account required pam_permit.so password required pam_deny.so session required pam_permit.so From 8b76cea4bf943f8f0d1be60ad468b9dd138b0133 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 2 Dec 2014 10:04:41 +0100 Subject: [PATCH 36/49] update example files --- examples/debian/etc/pam.d/gdm3 | 4 ++-- examples/debian/etc/pam.d/gdm3-autologin | 4 ++-- examples/ubuntu/etc/pam.d/lightdm | 2 +- examples/ubuntu/etc/pam.d/lightdm-autologin | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/debian/etc/pam.d/gdm3 b/examples/debian/etc/pam.d/gdm3 index 834fdfb..d1c1c32 100644 --- a/examples/debian/etc/pam.d/gdm3 +++ b/examples/debian/etc/pam.d/gdm3 @@ -1,8 +1,8 @@ #%PAM-1.0 auth requisite pam_nologin.so -auth required pam_succeed_if.so user != root quiet_success +auth required pam_succeed_if.so user != root quiet_success @include common-auth -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes auth optional pam_gnome_keyring.so @include common-account # SELinux needs to be the first session rule. This ensures that any diff --git a/examples/debian/etc/pam.d/gdm3-autologin b/examples/debian/etc/pam.d/gdm3-autologin index a8e2ee9..8ff7f13 100644 --- a/examples/debian/etc/pam.d/gdm3-autologin +++ b/examples/debian/etc/pam.d/gdm3-autologin @@ -1,8 +1,8 @@ #%PAM-1.0 auth requisite pam_nologin.so -auth required pam_succeed_if.so user != root quiet_success +auth required pam_succeed_if.so user != root quiet_success auth required pam_permit.so -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes @include common-account # SELinux needs to be the first session rule. This ensures that any # lingering context has been cleared. Without out this it is possible diff --git a/examples/ubuntu/etc/pam.d/lightdm b/examples/ubuntu/etc/pam.d/lightdm index c160970..0acb4dc 100644 --- a/examples/ubuntu/etc/pam.d/lightdm +++ b/examples/ubuntu/etc/pam.d/lightdm @@ -2,7 +2,7 @@ auth requisite pam_nologin.so auth sufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes auth optional pam_gnome_keyring.so auth optional pam_kwallet.so @include common-account diff --git a/examples/ubuntu/etc/pam.d/lightdm-autologin b/examples/ubuntu/etc/pam.d/lightdm-autologin index b14ce18..01dfed1 100644 --- a/examples/ubuntu/etc/pam.d/lightdm-autologin +++ b/examples/ubuntu/etc/pam.d/lightdm-autologin @@ -1,7 +1,7 @@ #%PAM-1.0 auth requisite pam_nologin.so auth required pam_permit.so -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=yes @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_limits.so From 193547e6d7c64b424b533e92fa419c98ba88b3d8 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 2 Dec 2014 10:44:41 +0100 Subject: [PATCH 37/49] update example files --- examples/OSX/etc/pam.d/authorization | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/OSX/etc/pam.d/authorization b/examples/OSX/etc/pam.d/authorization index 82875a4..6af6171 100644 --- a/examples/OSX/etc/pam.d/authorization +++ b/examples/OSX/etc/pam.d/authorization @@ -2,5 +2,5 @@ auth optional pam_krb5.so use_first_pass use_kcminit auth optional pam_ntlm.so use_first_pass auth required pam_opendirectory.so use_first_pass nullok -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=no +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=login otp=no account required pam_opendirectory.so From 406af97c950d66ab9752fb4a12e7ca4b9c71fca1 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 2 Dec 2014 10:48:34 +0100 Subject: [PATCH 38/49] update example files --- examples/OSX/etc/pam.d/sshd | 2 +- examples/OSX/etc/pam.d/sudo | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/OSX/etc/pam.d/sshd b/examples/OSX/etc/pam.d/sshd index 1c2ffd2..ea9ace2 100644 --- a/examples/OSX/etc/pam.d/sshd +++ b/examples/OSX/etc/pam.d/sshd @@ -3,7 +3,7 @@ account required pam_krb5.so use_kcminit auth optional pam_ntlm.so try_first_pass auth optional pam_mount.so try_first_pass auth requisite pam_opendirectory.so try_first_pass -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sshd-login otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sshd-login otp=yes account required pam_nologin.so account required pam_sacl.so sacl_service=ssh account required pam_opendirectory.so diff --git a/examples/OSX/etc/pam.d/sudo b/examples/OSX/etc/pam.d/sudo index 382492b..1adb081 100644 --- a/examples/OSX/etc/pam.d/sudo +++ b/examples/OSX/etc/pam.d/sudo @@ -1,6 +1,6 @@ # sudo: auth account password session auth requisite pam_opendirectory.so -auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sudo otp=yes +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sudo otp=yes account required pam_permit.so password required pam_deny.so session required pam_permit.so From 3c90aa1a3dd0808ca38e0a747102193ddd127e41 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 3 Dec 2014 09:32:48 +0100 Subject: [PATCH 39/49] avoid filesystem problems to rename file --- lib/util.c | 13 ++++++++++--- test/unit_test/{README => README.md} | 17 +++++++++++++---- 2 files changed, 23 insertions(+), 7 deletions(-) rename test/unit_test/{README => README.md} (65%) diff --git a/lib/util.c b/lib/util.c index 3a3eee4..440656a 100644 --- a/lib/util.c +++ b/lib/util.c @@ -80,18 +80,25 @@ int deleteAccountId(const char* pUsername, const char* pAccounts) { char* line = NULL; size_t len = 0; + size_t pathlen = 0; ssize_t read; FILE *fp; int fp_dest; - char nameBuff[32]; + char *nameBuff; fp = fopen(pAccounts, "r"); if (fp == NULL) { return -1; } - strncpy(nameBuff,"/tmp/latch-XXXXXX",17); - nameBuff[17] = '\0'; + char *pLastSlash = strrchr(pAccounts,'/'); + if(pLastSlash != NULL) + pathlen = pLastSlash - pAccounts + 1; + + nameBuff = malloc(pathlen + 12 + 1); + strncpy(nameBuff, pAccounts, pathlen); + strncpy(nameBuff + pathlen, "latch-XXXXXX", 12); + nameBuff[pathlen + 12] = '\0'; fp_dest = mkstemp(nameBuff); if (fp_dest == -1) { diff --git a/test/unit_test/README b/test/unit_test/README.md similarity index 65% rename from test/unit_test/README rename to test/unit_test/README.md index cf1747d..f630a88 100644 --- a/test/unit_test/README +++ b/test/unit_test/README.md @@ -12,14 +12,23 @@ autoconf configure.in > configure ./configure && make && sudo make install ``` - - CUnit documentation -> http://cunit.sourceforge.net/ -* make -* run ./test +## Run tests +* Compile. +``` +make +``` +* Set uid (we are testing drop and restore privileges). +``` +sudo make setuid +``` +* Run. +``` + ./test +``` From a23048f2d9d436b1c2bce5ab7114564eca5ea31f Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 3 Dec 2014 09:38:23 +0100 Subject: [PATCH 40/49] update test README --- test/unit_test/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/unit_test/README.md b/test/unit_test/README.md index f630a88..eb74260 100644 --- a/test/unit_test/README.md +++ b/test/unit_test/README.md @@ -1,7 +1,7 @@ -* Prerrequisites: - - CUnit 2.1.3 available -> http://sourceforge.net/projects/cunit/ +## Prerrequisites: +* CUnit 2.1.3 available -> http://sourceforge.net/projects/cunit/ -To install CUNit: +To install CUNit: ``` autoreconf --install ``` From 354d5d9de561a9c50b388b6adec6ac075b1b4ccc Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Thu, 4 Dec 2014 13:09:22 +0100 Subject: [PATCH 41/49] remove -ldl flag --- Makefile.in | 326 +++++++++----------- aclocal.m4 | 593 ++++++++++++++++-------------------- configure | 215 +++++-------- modules/SSH/src/Makefile.am | 2 +- modules/SSH/src/Makefile.in | 227 +++++--------- pam/Makefile.am | 2 +- pam/Makefile.in | 240 +++++---------- src/Makefile.am | 2 +- src/Makefile.in | 228 +++++--------- 9 files changed, 723 insertions(+), 1112 deletions(-) diff --git a/Makefile.in b/Makefile.in index 628e83f..07213d4 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,51 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -78,18 +51,11 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = . -DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \ - $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/configure $(am__configure_deps) \ - $(srcdir)/config.h.in COPYING build-aux/compile \ - build-aux/config.guess build-aux/config.sub \ - build-aux/install-sh build-aux/missing build-aux/ltmain.sh \ - $(top_srcdir)/build-aux/compile \ - $(top_srcdir)/build-aux/config.guess \ - $(top_srcdir)/build-aux/config.sub \ - $(top_srcdir)/build-aux/install-sh \ - $(top_srcdir)/build-aux/ltmain.sh \ - $(top_srcdir)/build-aux/missing +DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \ + build-aux/compile build-aux/config.guess build-aux/config.sub \ + build-aux/install-sh build-aux/ltmain.sh build-aux/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_define_dir.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -103,28 +69,15 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = SOURCES = DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ - ctags-recursive dvi-recursive html-recursive info-recursive \ - install-data-recursive install-dvi-recursive \ - install-exec-recursive install-html-recursive \ - install-info-recursive install-pdf-recursive \ - install-ps-recursive install-recursive installcheck-recursive \ - installdirs-recursive pdf-recursive ps-recursive \ - tags-recursive uninstall-recursive +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -132,33 +85,11 @@ am__can_run_installinfo = \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive -am__recursive_targets = \ - $(RECURSIVE_TARGETS) \ - $(RECURSIVE_CLEAN_TARGETS) \ - $(am__extra_recursive_targets) -AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - cscope distdir dist dist-all distcheck -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ - $(LISP)config.h.in -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags -CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) @@ -169,7 +100,6 @@ am__remove_distdir = \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi -am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ @@ -197,14 +127,12 @@ am__relativize = \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best -DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -386,25 +314,22 @@ distclean-libtool: -rm -f libtool config.lt # This directory's subdirectories are mostly independent; you can cd -# into them and run 'make' without going through this Makefile. -# To change the values of 'make' variables: instead of editing Makefiles, -# (1) if the variable is set in 'config.status', edit 'config.status' -# (which will cause the Makefiles to be regenerated when you run 'make'); -# (2) otherwise, pass the desired values on the 'make' command line. -$(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - for subdir in $$list; do \ + list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ @@ -419,12 +344,57 @@ $(am__recursive_targets): $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-recursive -TAGS: tags +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ @@ -440,7 +410,12 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ - $(am__define_uniq_tagged_files); \ + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -452,11 +427,15 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $$unique; \ fi; \ fi -ctags: ctags-recursive - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -465,31 +444,9 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" -cscope: cscope.files - test ! -s cscope.files \ - || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) -clean-cscope: - -rm -f cscope.files -cscope.files: clean-cscope cscopelist -cscopelist: cscopelist-recursive - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) @@ -557,36 +514,40 @@ distdir: $(DISTFILES) || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__post_remove_distdir) + $(am__remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 - $(am__post_remove_distdir) + $(am__remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz - $(am__post_remove_distdir) + $(am__remove_distdir) + +dist-lzma: distdir + tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma + $(am__remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz - $(am__post_remove_distdir) + $(am__remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z - $(am__post_remove_distdir) + $(am__remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz - $(am__post_remove_distdir) + $(am__remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) - $(am__post_remove_distdir) + $(am__remove_distdir) -dist dist-all: - $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' - $(am__post_remove_distdir) +dist dist-all: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another @@ -597,6 +558,8 @@ distcheck: dist GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lzma*) \ + lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ @@ -608,9 +571,9 @@ distcheck: dist *.zip*) \ unzip $(distdir).zip ;;\ esac - chmod -R a-w $(distdir) - chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_inst + chmod -R a-w $(distdir); chmod u+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ @@ -642,7 +605,7 @@ distcheck: dist && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 - $(am__post_remove_distdir) + $(am__remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' @@ -777,24 +740,25 @@ ps-am: uninstall-am: uninstall-local -.MAKE: $(am__recursive_targets) all install-am install-strip - -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ - am--refresh check check-am clean clean-cscope clean-generic \ - clean-libtool cscope cscopelist-am ctags ctags-am dist \ - dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ - dist-xz dist-zip distcheck distclean distclean-generic \ - distclean-hdr distclean-libtool distclean-tags distcleancheck \ - distdir distuninstallcheck dvi dvi-am html html-am info \ - info-am install install-am install-data install-data-am \ +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ + ctags-recursive install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am am--refresh check check-am clean clean-generic \ + clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ + dist-gzip dist-lzip dist-lzma dist-shar dist-tarZ dist-xz \ + dist-zip distcheck distclean distclean-generic distclean-hdr \ + distclean-libtool distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am \ install-data-local install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am uninstall-local + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am uninstall-local install-data-local: diff --git a/aclocal.m4 b/aclocal.m4 index a14c26c..7a556f6 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,7 +1,8 @@ -# generated automatically by aclocal 1.13.3 -*- Autoconf -*- - -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# generated automatically by aclocal 1.11.6 -*- Autoconf -*- +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, +# Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -11,31 +12,33 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, [m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. -To do so, use the procedure documented by the package, typically 'autoreconf'.])]) +To do so, use the procedure documented by the package, typically `autoreconf'.])]) -# Copyright (C) 2002-2013 Free Software Foundation, Inc. +# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software +# Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 1 + # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.13' +[am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.13.3], [], +m4_if([$1], [1.11.6], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,22 +54,24 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.13.3])dnl +[AM_AUTOMAKE_VERSION([1.11.6])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 1 + # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets -# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to -# '$srcdir', '$srcdir/..', or '$srcdir/../..'. +# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to +# `$srcdir', `$srcdir/..', or `$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and @@ -85,7 +90,7 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually -# harmless because $srcdir is '.', but things will broke when you +# harmless because $srcdir is `.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, @@ -111,19 +116,22 @@ am_aux_dir=`cd $ac_aux_dir && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 +# Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 9 + # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], -[AC_PREREQ([2.52])dnl - m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], - [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +[AC_PREREQ(2.52)dnl + ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl @@ -142,14 +150,16 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009, +# 2010, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 12 -# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing @@ -159,7 +169,7 @@ fi])]) # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. -# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". +# NAME is "CC", "CXX", "GCJ", or "OBJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was @@ -172,13 +182,12 @@ AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl -m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], - [$1], [CXX], [depcc="$CXX" am_compiler_list=], - [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], - [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], - [$1], [UPC], [depcc="$UPC" am_compiler_list=], - [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], - [depcc="$$1" am_compiler_list=]) +ifelse([$1], CC, [depcc="$CC" am_compiler_list=], + [$1], CXX, [depcc="$CXX" am_compiler_list=], + [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], UPC, [depcc="$UPC" am_compiler_list=], + [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], @@ -186,8 +195,8 @@ AC_CACHE_CHECK([dependency style of $depcc], # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named 'D' -- because '-MD' means "put the output - # in D". + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -227,16 +236,16 @@ AC_CACHE_CHECK([dependency style of $depcc], : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with - # Solaris 10 /bin/sh. - echo '/* dummy */' > sub/conftst$i.h + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with '-c' and '-o' for the sake of the "dashmstdout" + # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle '-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs. + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -245,8 +254,8 @@ AC_CACHE_CHECK([dependency style of $depcc], test "$am__universal" = false || continue ;; nosideeffect) - # After this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested. + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else @@ -254,7 +263,7 @@ AC_CACHE_CHECK([dependency style of $depcc], fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok '-c -o', but also, the minuso test has + # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -302,7 +311,7 @@ AM_CONDITIONAL([am__fastdep$1], [ # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. -# This macro is AC_REQUIREd in _AM_DEPENDENCIES. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl @@ -312,13 +321,9 @@ AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], -[AC_ARG_ENABLE([dependency-tracking], [dnl -AS_HELP_STRING( - [--enable-dependency-tracking], - [do not reject slow dependency extractors]) -AS_HELP_STRING( - [--disable-dependency-tracking], - [speeds up one-time build])]) +[AC_ARG_ENABLE(dependency-tracking, +[ --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' @@ -333,18 +338,20 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +#serial 5 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ - # Older Autoconf quotes --file arguments for eval, but not when files + # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in @@ -357,7 +364,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but + # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. @@ -369,19 +376,21 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], continue fi # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. + # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue + test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` @@ -399,7 +408,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking -# is enabled. FIXME. This creates each '.P' file that we will +# is enabled. FIXME. This creates each `.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], @@ -409,12 +418,15 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 16 + # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. @@ -430,7 +442,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], -[AC_PREREQ([2.65])dnl +[AC_PREREQ([2.62])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl @@ -459,40 +471,31 @@ AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], -[AC_DIAGNOSE([obsolete], - [$0: two- and three-arguments forms are deprecated.]) -m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl +[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. -m4_if( - m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), - [ok:ok],, +m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, -[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) - AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl +[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) + AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl -AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) -AM_MISSING_PROG([AUTOCONF], [autoconf]) -AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) -AM_MISSING_PROG([AUTOHEADER], [autoheader]) -AM_MISSING_PROG([MAKEINFO], [makeinfo]) +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) +AM_MISSING_PROG(AUTOCONF, autoconf) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) +AM_MISSING_PROG(AUTOHEADER, autoheader) +AM_MISSING_PROG(MAKEINFO, makeinfo) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl -AC_REQUIRE([AC_PROG_MKDIR_P])dnl -# For better backward compatibility. To be removed once Automake 1.9.x -# dies out for good. For more background, see: -# -# -AC_SUBST([mkdir_p], ['$(MKDIR_P)']) +AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl @@ -503,32 +506,28 @@ _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], - [_AM_DEPENDENCIES([CC])], - [m4_define([AC_PROG_CC], - m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], - [_AM_DEPENDENCIES([CXX])], - [m4_define([AC_PROG_CXX], - m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], - [_AM_DEPENDENCIES([OBJC])], - [m4_define([AC_PROG_OBJC], - m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl -AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], - [_AM_DEPENDENCIES([OBJCXX])], - [m4_define([AC_PROG_OBJCXX], - m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl + [_AM_DEPENDENCIES(OBJC)], + [define([AC_PROG_OBJC], + defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl ]) -AC_REQUIRE([AM_SILENT_RULES])dnl -dnl The testsuite driver may need to know about EXEEXT, so add the -dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This -dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. +_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl +dnl The `parallel-tests' driver may need to know about EXEEXT, so add the +dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) -dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], @@ -556,12 +555,15 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation, +# Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 1 + # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. @@ -575,14 +577,16 @@ if test x"${install_sh}" != xset; then install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi -AC_SUBST([install_sh])]) +AC_SUBST(install_sh)]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. +# Copyright (C) 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 2 + # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], @@ -599,17 +603,20 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008, +# 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 5 + # AM_MAINTAINER_MODE([DEFAULT-MODE]) # ---------------------------------- # Control maintainer-specific portions of Makefiles. -# Default is to disable them, unless 'enable' is passed literally. -# For symmetry, 'disable' may be passed as well. Anyway, the user +# Default is to disable them, unless `enable' is passed literally. +# For symmetry, `disable' may be passed as well. Anyway, the user # can override the default with the --enable/--disable switch. AC_DEFUN([AM_MAINTAINER_MODE], [m4_case(m4_default([$1], [disable]), @@ -620,11 +627,10 @@ AC_DEFUN([AM_MAINTAINER_MODE], AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) dnl maintainer-mode's default is 'disable' unless 'enable' is passed AC_ARG_ENABLE([maintainer-mode], - [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode], - am_maintainer_other[ make rules and dependencies not useful - (and sometimes confusing) to the casual installer])], - [USE_MAINTAINER_MODE=$enableval], - [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) +[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful + (and sometimes confusing) to the casual installer], + [USE_MAINTAINER_MODE=$enableval], + [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) AC_MSG_RESULT([$USE_MAINTAINER_MODE]) AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) MAINT=$MAINTAINER_MODE_TRUE @@ -632,14 +638,18 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) ] ) +AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) + # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 4 + # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. @@ -657,7 +667,7 @@ am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. +# Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include @@ -682,12 +692,15 @@ AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 6 + # AM_PROG_CC_C_O # -------------- # Like AC_PROG_CC_C_O, but changed for automake. @@ -716,12 +729,15 @@ m4_define([AC_PROG_CC], # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 6 + # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], @@ -729,10 +745,11 @@ AC_DEFUN([AM_MISSING_PROG], $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) + # AM_MISSING_HAS_RUN # ------------------ -# Define MISSING if not defined so far and test if it is modern enough. -# If it is, set am_missing_run to use it, otherwise, to nothing. +# Define MISSING if not defined so far and test if it supports --run. +# If it does, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl @@ -745,22 +762,54 @@ if test x"${MISSING+set}" != xset; then esac fi # Use eval to expand $SHELL -if eval "$MISSING --is-lightweight"; then - am_missing_run="$MISSING " +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " else am_missing_run= - AC_MSG_WARN(['missing' script is too old or missing]) + AC_MSG_WARN([`missing' script is too old or missing]) fi ]) +# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation, +# Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_PROG_MKDIR_P +# --------------- +# Check for `mkdir -p'. +AC_DEFUN([AM_PROG_MKDIR_P], +[AC_PREREQ([2.60])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, +dnl while keeping a definition of mkdir_p for backward compatibility. +dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. +dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of +dnl Makefile.ins that do not define MKDIR_P, so we do our own +dnl adjustment using top_builddir (which is defined more often than +dnl MKDIR_P). +AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl +case $mkdir_p in + [[\\/$]]* | ?:[[\\/]]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac +]) + # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software +# Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 5 + # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], @@ -770,7 +819,7 @@ AC_DEFUN([_AM_MANGLE_OPTION], # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], -[m4_define(_AM_MANGLE_OPTION([$1]), [1])]) +[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ @@ -786,16 +835,22 @@ AC_DEFUN([_AM_IF_OPTION], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 +# Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 5 + # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -806,40 +861,32 @@ case `pwd` in esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) - AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; + AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; esac -# Do 'set' in a subshell so we don't clobber the current shell's +# Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - am_has_slept=no - for am_try in 1 2; do - echo "timestamp, slept: $am_has_slept" > conftest.file - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$[*]" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - if test "$[*]" != "X $srcdir/configure conftest.file" \ - && test "$[*]" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken - alias in your environment]) - fi - if test "$[2]" = conftest.file || test $am_try -eq 2; then - break - fi - # Just in case. - sleep 1 - am_has_slept=yes - done + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + test "$[2]" = conftest.file ) then @@ -849,118 +896,46 @@ else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi -AC_MSG_RESULT([yes]) -# If we didn't sleep, we still need to ensure time stamps of config.status and -# generated files are strictly newer. -am_sleep_pid= -if grep 'slept: no' conftest.file >/dev/null 2>&1; then - ( sleep 1 ) & - am_sleep_pid=$! -fi -AC_CONFIG_COMMANDS_PRE( - [AC_MSG_CHECKING([that generated files are newer than configure]) - if test -n "$am_sleep_pid"; then - # Hide warnings about reused PIDs. - wait $am_sleep_pid 2>/dev/null - fi - AC_MSG_RESULT([done])]) -rm -f conftest.file -]) +AC_MSG_RESULT(yes)]) -# Copyright (C) 2009-2013 Free Software Foundation, Inc. +# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# AM_SILENT_RULES([DEFAULT]) -# -------------------------- -# Enable less verbose build rules; with the default set to DEFAULT -# ("yes" being less verbose, "no" or empty being verbose). -AC_DEFUN([AM_SILENT_RULES], -[AC_ARG_ENABLE([silent-rules], [dnl -AS_HELP_STRING( - [--enable-silent-rules], - [less verbose build output (undo: "make V=1")]) -AS_HELP_STRING( - [--disable-silent-rules], - [verbose build output (undo: "make V=0")])dnl -]) -case $enable_silent_rules in @%:@ ((( - yes) AM_DEFAULT_VERBOSITY=0;; - no) AM_DEFAULT_VERBOSITY=1;; - *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; -esac -dnl -dnl A few 'make' implementations (e.g., NonStop OS and NextStep) -dnl do not support nested variable expansions. -dnl See automake bug#9928 and bug#10237. -am_make=${MAKE-make} -AC_CACHE_CHECK([whether $am_make supports nested variables], - [am_cv_make_support_nested_variables], - [if AS_ECHO([['TRUE=$(BAR$(V)) -BAR0=false -BAR1=true -V=1 -am__doit: - @$(TRUE) -.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then - am_cv_make_support_nested_variables=yes -else - am_cv_make_support_nested_variables=no -fi]) -if test $am_cv_make_support_nested_variables = yes; then - dnl Using '$V' instead of '$(V)' breaks IRIX make. - AM_V='$(V)' - AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' -else - AM_V=$AM_DEFAULT_VERBOSITY - AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY -fi -AC_SUBST([AM_V])dnl -AM_SUBST_NOTMAKE([AM_V])dnl -AC_SUBST([AM_DEFAULT_V])dnl -AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl -AC_SUBST([AM_DEFAULT_VERBOSITY])dnl -AM_BACKSLASH='\' -AC_SUBST([AM_BACKSLASH])dnl -_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl -]) - -# Copyright (C) 2001-2013 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# serial 1 # AM_PROG_INSTALL_STRIP # --------------------- -# One issue with vendor 'install' (even GNU) is that you can't +# One issue with vendor `install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we -# always use install-sh in "make install-strip", and initialize +# always use install-sh in `make install-strip', and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl -# Installed binaries are usually stripped using 'strip' when the user -# run "make install-strip". However 'strip' might not be the right +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake -# will honor the 'STRIP' environment variable to overrule this program. -dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. +# will honor the `STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be `maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2013 Free Software Foundation, Inc. +# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 3 + # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. @@ -974,16 +949,18 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2013 Free Software Foundation, Inc. +# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 2 + # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. -# FORMAT should be one of 'v7', 'ustar', or 'pax'. +# FORMAT should be one of `v7', `ustar', or `pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory @@ -993,114 +970,76 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar -# AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) - -# We'll loop over all known methods to create a tar archive until one works. +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + [m4_case([$1], [ustar],, [pax],, + [m4_fatal([Unknown tar format])]) +AC_MSG_CHECKING([how to create a $1 tar archive]) +# Loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' +_am_tools=${am_cv_prog_tar_$1-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of `-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac -m4_if([$1], [v7], - [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], - - [m4_case([$1], - [ustar], - [# The POSIX 1988 'ustar' format is defined with fixed-size fields. - # There is notably a 21 bits limit for the UID and the GID. In fact, - # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 - # and bug#13588). - am_max_uid=2097151 # 2^21 - 1 - am_max_gid=$am_max_uid - # The $UID and $GID variables are not portable, so we need to resort - # to the POSIX-mandated id(1) utility. Errors in the 'id' calls - # below are definitely unexpected, so allow the users to see them - # (that is, avoid stderr redirection). - am_uid=`id -u || echo unknown` - am_gid=`id -g || echo unknown` - AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) - if test $am_uid -le $am_max_uid; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - _am_tools=none - fi - AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) - if test $am_gid -le $am_max_gid; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - _am_tools=none - fi], - - [pax], - [], - - [m4_fatal([Unknown tar format])]) - - AC_MSG_CHECKING([how to create a $1 tar archive]) - - # Go ahead even if we have the value already cached. We do so because we - # need to set the values for the 'am__tar' and 'am__untar' variables. - _am_tools=${am_cv_prog_tar_$1-$_am_tools} - - for _am_tool in $_am_tools; do - case $_am_tool in - gnutar) - for _am_tar in tar gnutar gtar; do - AM_RUN_LOG([$_am_tar --version]) && break - done - am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' - am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' - am__untar="$_am_tar -xf -" - ;; - plaintar) - # Must skip GNU tar: if it does not support --format= it doesn't create - # ustar tarball either. - (tar --version) >/dev/null 2>&1 && continue - am__tar='tar chf - "$$tardir"' - am__tar_='tar chf - "$tardir"' - am__untar='tar xf -' - ;; - pax) - am__tar='pax -L -x $1 -w "$$tardir"' - am__tar_='pax -L -x $1 -w "$tardir"' - am__untar='pax -r' - ;; - cpio) - am__tar='find "$$tardir" -print | cpio -o -H $1 -L' - am__tar_='find "$tardir" -print | cpio -o -H $1 -L' - am__untar='cpio -i -H $1 -d' - ;; - none) - am__tar=false - am__tar_=false - am__untar=false - ;; - esac + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break - # If the value was cached, stop now. We just wanted to have am__tar - # and am__untar set. - test -n "${am_cv_prog_tar_$1}" && break - - # tar/untar a dummy directory, and stop if the command works. - rm -rf conftest.dir - mkdir conftest.dir - echo GrepMe > conftest.dir/file - AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) - rm -rf conftest.dir - if test -s conftest.tar; then - AM_RUN_LOG([$am__untar /dev/null 2>&1 && break - fi - done + # tar/untar a dummy directory, and stop if the command works rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi +done +rm -rf conftest.dir - AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) - AC_MSG_RESULT([$am_cv_prog_tar_$1])]) - +AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) +AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR diff --git a/configure b/configure index 764acb9..72dbaa0 100755 --- a/configure +++ b/configure @@ -691,10 +691,6 @@ LIBTOOL MAINT MAINTAINER_MODE_FALSE MAINTAINER_MODE_TRUE -AM_BACKSLASH -AM_DEFAULT_VERBOSITY -AM_DEFAULT_V -AM_V am__untar am__tar AMTAR @@ -759,7 +755,6 @@ SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking -enable_silent_rules enable_maintainer_mode enable_shared enable_static @@ -1399,19 +1394,14 @@ Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-silent-rules less verbose build output (undo: "make V=1") - --disable-silent-rules verbose build output (undo: "make V=0") - --enable-maintainer-mode - enable make rules and dependencies not useful (and - sometimes confusing) to the casual installer + --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] - --enable-dependency-tracking - do not reject slow dependency extractors - --disable-dependency-tracking - speeds up one-time build + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors --disable-libtool-lock avoid locking (might break parallel builds) --enable-gcc-warnings turn on lots of GCC warnings (for developers) @@ -2304,7 +2294,7 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. ac_config_headers="$ac_config_headers config.h" -am__api_version='1.13' +am__api_version='1.11' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or @@ -2401,6 +2391,9 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } +# Just in case +sleep 1 +echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -2411,40 +2404,32 @@ case `pwd` in esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) - as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; + as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; esac -# Do 'set' in a subshell so we don't clobber the current shell's +# Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - am_has_slept=no - for am_try in 1 2; do - echo "timestamp, slept: $am_has_slept" > conftest.file - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$*" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - if test "$*" != "X $srcdir/configure conftest.file" \ - && test "$*" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - as_fn_error $? "ls -t appears to fail. Make sure there is not a broken - alias in your environment" "$LINENO" 5 - fi - if test "$2" = conftest.file || test $am_try -eq 2; then - break - fi - # Just in case. - sleep 1 - am_has_slept=yes - done + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken +alias in your environment" "$LINENO" 5 + fi + test "$2" = conftest.file ) then @@ -2456,16 +2441,6 @@ Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -# If we didn't sleep, we still need to ensure time stamps of config.status and -# generated files are strictly newer. -am_sleep_pid= -if grep 'slept: no' conftest.file >/dev/null 2>&1; then - ( sleep 1 ) & - am_sleep_pid=$! -fi - -rm -f conftest.file - test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. @@ -2488,12 +2463,12 @@ if test x"${MISSING+set}" != xset; then esac fi # Use eval to expand $SHELL -if eval "$MISSING --is-lightweight"; then - am_missing_run="$MISSING " +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then @@ -2505,10 +2480,10 @@ if test x"${install_sh}" != xset; then esac fi -# Installed binaries are usually stripped using 'strip' when the user -# run "make install-strip". However 'strip' might not be the right +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake -# will honor the 'STRIP' environment variable to overrule this program. +# will honor the `STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. @@ -2647,6 +2622,12 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } +mkdir_p="$MKDIR_P" +case $mkdir_p in + [\\/$]* | ?:[\\/]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac + for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -2729,45 +2710,6 @@ else fi rmdir .tst 2>/dev/null -# Check whether --enable-silent-rules was given. -if test "${enable_silent_rules+set}" = set; then : - enableval=$enable_silent_rules; -fi - -case $enable_silent_rules in # ((( - yes) AM_DEFAULT_VERBOSITY=0;; - no) AM_DEFAULT_VERBOSITY=1;; - *) AM_DEFAULT_VERBOSITY=1;; -esac -am_make=${MAKE-make} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 -$as_echo_n "checking whether $am_make supports nested variables... " >&6; } -if ${am_cv_make_support_nested_variables+:} false; then : - $as_echo_n "(cached) " >&6 -else - if $as_echo 'TRUE=$(BAR$(V)) -BAR0=false -BAR1=true -V=1 -am__doit: - @$(TRUE) -.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then - am_cv_make_support_nested_variables=yes -else - am_cv_make_support_nested_variables=no -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 -$as_echo "$am_cv_make_support_nested_variables" >&6; } -if test $am_cv_make_support_nested_variables = yes; then - AM_V='$(V)' - AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' -else - AM_V=$AM_DEFAULT_VERBOSITY - AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY -fi -AM_BACKSLASH='\' - if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." @@ -2818,22 +2760,12 @@ AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} -# For better backward compatibility. To be removed once Automake 1.9.x -# dies out for good. For more background, see: -# -# -mkdir_p='$(MKDIR_P)' - # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' - -# We'll loop over all known methods to create a tar archive until one works. -_am_tools='gnutar pax cpio none' - am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' @@ -2841,7 +2773,6 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 $as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } # Check whether --enable-maintainer-mode was given. @@ -3051,7 +2982,7 @@ am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. +# Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include @@ -3895,8 +3826,8 @@ else # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named 'D' -- because '-MD' means "put the output - # in D". + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -3931,16 +3862,16 @@ else : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with - # Solaris 10 /bin/sh. - echo '/* dummy */' > sub/conftst$i.h + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with '-c' and '-o' for the sake of the "dashmstdout" + # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle '-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs. + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -3949,8 +3880,8 @@ else test "$am__universal" = false || continue ;; nosideeffect) - # After this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested. + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else @@ -3958,7 +3889,7 @@ else fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok '-c -o', but also, the minuso test has + # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -12046,8 +11977,8 @@ else # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named 'D' -- because '-MD' means "put the output - # in D". + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -12082,16 +12013,16 @@ else : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with - # Solaris 10 /bin/sh. - echo '/* dummy */' > sub/conftst$i.h + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with '-c' and '-o' for the sake of the "dashmstdout" + # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle '-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs. + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -12100,8 +12031,8 @@ else test "$am__universal" = false || continue ;; nosideeffect) - # After this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested. + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else @@ -12109,7 +12040,7 @@ else fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok '-c -o', but also, the minuso test has + # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -12989,14 +12920,6 @@ LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 -$as_echo_n "checking that generated files are newer than configure... " >&6; } - if test -n "$am_sleep_pid"; then - # Hide warnings about reused PIDs. - wait $am_sleep_pid 2>/dev/null - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 -$as_echo "done" >&6; } if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' @@ -14501,7 +14424,7 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || { - # Older Autoconf quotes --file arguments for eval, but not when files + # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in @@ -14514,7 +14437,7 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but + # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. @@ -14548,19 +14471,21 @@ $as_echo X"$mf" | continue fi # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. + # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue + test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || diff --git a/modules/SSH/src/Makefile.am b/modules/SSH/src/Makefile.am index 077d1f2..ed10dc1 100644 --- a/modules/SSH/src/Makefile.am +++ b/modules/SSH/src/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = no-dependencies DEFS = AM_CPPFLAGS = -I$(top_srcdir)/lib -LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl +LIBS = @LIBS@ -lcurl -lcrypto -lssl bin_PROGRAMS = latch-ssh-cmd latch_ssh_cmd_SOURCES = latch_ssh_command.c \ diff --git a/modules/SSH/src/Makefile.in b/modules/SSH/src/Makefile.in index a604e6a..a134b07 100644 --- a/modules/SSH/src/Makefile.in +++ b/modules/SSH/src/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,51 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -80,7 +53,7 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = latch-ssh-cmd$(EXEEXT) subdir = modules/SSH/src -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_define_dir.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -101,43 +74,18 @@ am_latch_ssh_cmd_OBJECTS = latch_ssh_command.$(OBJEXT) \ $(top_builddir)/lib/drop_privs.$(OBJEXT) latch_ssh_cmd_OBJECTS = $(am_latch_ssh_cmd_OBJECTS) latch_ssh_cmd_LDADD = $(LDADD) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = am__depfiles_maybe = COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ SOURCES = $(latch_ssh_cmd_SOURCES) DIST_SOURCES = $(latch_ssh_cmd_SOURCES) am__can_run_installinfo = \ @@ -145,29 +93,11 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -200,7 +130,7 @@ LATCH_CONF_DIR = @LATCH_CONF_DIR@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl +LIBS = @LIBS@ -lcurl -lcrypto -lssl LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ @@ -335,12 +265,10 @@ install-binPROGRAMS: $(bin_PROGRAMS) fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p \ - || test -f $$p1 \ - ; then echo "$$p"; echo "$$p"; else :; fi; \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ done | \ - sed -e 'p;s,.*/,,;n;h' \ - -e 's|.*|.|' \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ @@ -361,8 +289,7 @@ uninstall-binPROGRAMS: @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' \ - `; \ + -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(bindir)" && rm -f $$files @@ -384,26 +311,27 @@ $(top_builddir)/lib/util.$(OBJEXT): \ $(top_builddir)/lib/$(am__dirstamp) $(top_builddir)/lib/drop_privs.$(OBJEXT): \ $(top_builddir)/lib/$(am__dirstamp) - latch-ssh-cmd$(EXEEXT): $(latch_ssh_cmd_OBJECTS) $(latch_ssh_cmd_DEPENDENCIES) $(EXTRA_latch_ssh_cmd_DEPENDENCIES) @rm -f latch-ssh-cmd$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(latch_ssh_cmd_OBJECTS) $(latch_ssh_cmd_LDADD) $(LIBS) + $(LINK) $(latch_ssh_cmd_OBJECTS) $(latch_ssh_cmd_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) - -rm -f $(top_builddir)/lib/*.$(OBJEXT) + -rm -f $(top_builddir)/lib/drop_privs.$(OBJEXT) + -rm -f $(top_builddir)/lib/latch.$(OBJEXT) + -rm -f $(top_builddir)/lib/util.$(OBJEXT) distclean-compile: -rm -f *.tab.c .c.o: - $(AM_V_CC)$(COMPILE) -c -o $@ $< + $(COMPILE) -c -o $@ $< .c.obj: - $(AM_V_CC)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: - $(AM_V_CC)$(LTCOMPILE) -c -o $@ $< + $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -411,15 +339,26 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ - $(am__define_uniq_tagged_files); \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -431,11 +370,15 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $$unique; \ fi; \ fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -444,21 +387,6 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -602,20 +530,19 @@ uninstall-am: uninstall-binPROGRAMS .MAKE: install-am install-exec-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ - clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ - ctags ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-binPROGRAMS +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ + clean-generic clean-libtool ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-binPROGRAMS install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-binPROGRAMS install-exec-hook: diff --git a/pam/Makefile.am b/pam/Makefile.am index 3e16c68..b769518 100644 --- a/pam/Makefile.am +++ b/pam/Makefile.am @@ -13,7 +13,7 @@ pam_latch_la_LDFLAGS = -module -avoid-version noinst_PROGRAMS = test_pam_latch test_pam_latch_SOURCES = test.c -pam_latch_LIBS = @LIBS@ -lpam -lcurl -lcrypto -lssl -ldl +pam_latch_LIBS = @LIBS@ -lpam -lcurl -lcrypto -lssl test_pam_latch_LIBS = @LIBS@ @linux_test_LIBS@ -lpam diff --git a/pam/Makefile.in b/pam/Makefile.in index a716036..33e147a 100644 --- a/pam/Makefile.in +++ b/pam/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,51 +17,23 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -82,7 +55,7 @@ host_triplet = @host@ @OSLINUX_TRUE@am__append_1 = -lpam_misc noinst_PROGRAMS = test_pam_latch$(EXEEXT) subdir = pam -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_define_dir.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -128,50 +101,25 @@ am__dirstamp = $(am__leading_dot)dirstamp am_pam_latch_la_OBJECTS = pam_latch.lo $(top_builddir)/lib/latch.lo \ $(top_builddir)/lib/util.lo $(top_builddir)/lib/drop_privs.lo pam_latch_la_OBJECTS = $(am_pam_latch_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -pam_latch_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ +pam_latch_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_latch_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(noinst_PROGRAMS) am_test_pam_latch_OBJECTS = test.$(OBJEXT) test_pam_latch_OBJECTS = $(am_test_pam_latch_OBJECTS) test_pam_latch_LDADD = $(LDADD) -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = am__depfiles_maybe = COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ SOURCES = $(pam_latch_la_SOURCES) $(test_pam_latch_SOURCES) DIST_SOURCES = $(pam_latch_la_SOURCES) $(test_pam_latch_SOURCES) am__can_run_installinfo = \ @@ -179,29 +127,11 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -324,7 +254,7 @@ pam_latch_la_SOURCES = pam_latch.c $(top_builddir)/lib/latch.c $(top_builddir)/l pam_latch_la_LDFLAGS = -module -avoid-version test_pam_latch_SOURCES = test.c -pam_latch_LIBS = @LIBS@ -lpam -lcurl -lcrypto -lssl -ldl +pam_latch_LIBS = @LIBS@ -lpam -lcurl -lcrypto -lssl test_pam_latch_LIBS = @LIBS@ @linux_test_LIBS@ -lpam all: all-am @@ -360,7 +290,6 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): - install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ @@ -387,14 +316,12 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done $(top_builddir)/lib/$(am__dirstamp): @$(MKDIR_P) $(top_builddir)/lib @: > $(top_builddir)/lib/$(am__dirstamp) @@ -402,9 +329,8 @@ $(top_builddir)/lib/latch.lo: $(top_builddir)/lib/$(am__dirstamp) $(top_builddir)/lib/util.lo: $(top_builddir)/lib/$(am__dirstamp) $(top_builddir)/lib/drop_privs.lo: \ $(top_builddir)/lib/$(am__dirstamp) - pam_latch.la: $(pam_latch_la_OBJECTS) $(pam_latch_la_DEPENDENCIES) $(EXTRA_pam_latch_la_DEPENDENCIES) - $(AM_V_CCLD)$(pam_latch_la_LINK) -rpath $(libdir) $(pam_latch_la_OBJECTS) $(pam_latch_la_LIBADD) $(LIBS) + $(pam_latch_la_LINK) -rpath $(libdir) $(pam_latch_la_OBJECTS) $(pam_latch_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ @@ -414,27 +340,30 @@ clean-noinstPROGRAMS: list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list - test_pam_latch$(EXEEXT): $(test_pam_latch_OBJECTS) $(test_pam_latch_DEPENDENCIES) $(EXTRA_test_pam_latch_DEPENDENCIES) @rm -f test_pam_latch$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(test_pam_latch_OBJECTS) $(test_pam_latch_LDADD) $(LIBS) + $(LINK) $(test_pam_latch_OBJECTS) $(test_pam_latch_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) - -rm -f $(top_builddir)/lib/*.$(OBJEXT) - -rm -f $(top_builddir)/lib/*.lo + -rm -f $(top_builddir)/lib/drop_privs.$(OBJEXT) + -rm -f $(top_builddir)/lib/drop_privs.lo + -rm -f $(top_builddir)/lib/latch.$(OBJEXT) + -rm -f $(top_builddir)/lib/latch.lo + -rm -f $(top_builddir)/lib/util.$(OBJEXT) + -rm -f $(top_builddir)/lib/util.lo distclean-compile: -rm -f *.tab.c .c.o: - $(AM_V_CC)$(COMPILE) -c -o $@ $< + $(COMPILE) -c -o $@ $< .c.obj: - $(AM_V_CC)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: - $(AM_V_CC)$(LTCOMPILE) -c -o $@ $< + $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -443,15 +372,26 @@ clean-libtool: -rm -rf $(top_builddir)/lib/.libs $(top_builddir)/lib/_libs -rm -rf .libs _libs -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ - $(am__define_uniq_tagged_files); \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -463,11 +403,15 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $$unique; \ fi; \ fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -476,21 +420,6 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -634,20 +563,19 @@ uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ - cscopelist-am ctags ctags-am distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-libLTLIBRARIES \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am uninstall-libLTLIBRARIES +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-libLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/Makefile.am b/src/Makefile.am index 7202d49..69d78a0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = no-dependencies DEFS = AM_CPPFLAGS = -I$(top_srcdir)/lib -LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl +LIBS = @LIBS@ -lcurl -lcrypto -lssl bin_PROGRAMS = latch latch_SOURCES = latch_unix.c latch_unix.h $(top_builddir)/lib/latch.c $(top_builddir)/lib/latch.h $(top_builddir)/lib/util.c \ diff --git a/src/Makefile.in b/src/Makefile.in index 9f1d99b..7820bb7 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,51 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -80,7 +53,7 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = latch$(EXEEXT) subdir = src -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_define_dir.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -102,43 +75,18 @@ am_latch_OBJECTS = latch_unix.$(OBJEXT) \ $(top_builddir)/lib/charset.$(OBJEXT) latch_OBJECTS = $(am_latch_OBJECTS) latch_LDADD = $(LDADD) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = am__depfiles_maybe = COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ SOURCES = $(latch_SOURCES) DIST_SOURCES = $(latch_SOURCES) am__can_run_installinfo = \ @@ -146,29 +94,11 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -201,7 +131,7 @@ LATCH_CONF_DIR = @LATCH_CONF_DIR@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -lcurl -lcrypto -lssl -ldl +LIBS = @LIBS@ -lcurl -lcrypto -lssl LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ @@ -332,12 +262,10 @@ install-binPROGRAMS: $(bin_PROGRAMS) fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p \ - || test -f $$p1 \ - ; then echo "$$p"; echo "$$p"; else :; fi; \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ done | \ - sed -e 'p;s,.*/,,;n;h' \ - -e 's|.*|.|' \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ @@ -358,8 +286,7 @@ uninstall-binPROGRAMS: @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' \ - `; \ + -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(bindir)" && rm -f $$files @@ -383,26 +310,28 @@ $(top_builddir)/lib/drop_privs.$(OBJEXT): \ $(top_builddir)/lib/$(am__dirstamp) $(top_builddir)/lib/charset.$(OBJEXT): \ $(top_builddir)/lib/$(am__dirstamp) - latch$(EXEEXT): $(latch_OBJECTS) $(latch_DEPENDENCIES) $(EXTRA_latch_DEPENDENCIES) @rm -f latch$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(latch_OBJECTS) $(latch_LDADD) $(LIBS) + $(LINK) $(latch_OBJECTS) $(latch_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) - -rm -f $(top_builddir)/lib/*.$(OBJEXT) + -rm -f $(top_builddir)/lib/charset.$(OBJEXT) + -rm -f $(top_builddir)/lib/drop_privs.$(OBJEXT) + -rm -f $(top_builddir)/lib/latch.$(OBJEXT) + -rm -f $(top_builddir)/lib/util.$(OBJEXT) distclean-compile: -rm -f *.tab.c .c.o: - $(AM_V_CC)$(COMPILE) -c -o $@ $< + $(COMPILE) -c -o $@ $< .c.obj: - $(AM_V_CC)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: - $(AM_V_CC)$(LTCOMPILE) -c -o $@ $< + $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -410,15 +339,26 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ - $(am__define_uniq_tagged_files); \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -430,11 +370,15 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $$unique; \ fi; \ fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -443,21 +387,6 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -601,20 +530,19 @@ uninstall-am: uninstall-binPROGRAMS .MAKE: install-am install-exec-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ - clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ - ctags ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-binPROGRAMS +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ + clean-generic clean-libtool ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-binPROGRAMS install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-binPROGRAMS install-exec-hook: From 1df9b3d70e31cb07cf2f72dff9de57a0be821c88 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 15 Dec 2014 12:16:55 +0100 Subject: [PATCH 42/49] update latch.conf examples --- examples/OSX/etc/latch/latch.conf | 8 ++++++++ examples/centos/etc/latch/latch.conf | 7 +++++++ examples/debian/etc/latch/latch.conf | 8 ++++++++ examples/fedora/etc/latch/latch.conf | 7 +++++++ examples/ubuntu/etc/latch/latch.conf | 7 +++++++ 5 files changed, 37 insertions(+) diff --git a/examples/OSX/etc/latch/latch.conf b/examples/OSX/etc/latch/latch.conf index e409492..fd7e0f7 100644 --- a/examples/OSX/etc/latch/latch.conf +++ b/examples/OSX/etc/latch/latch.conf @@ -11,13 +11,21 @@ app_id = REPLACE_APP_ID_HERE # secret_key = REPLACE_SECRET_KEY_HERE +# Latch host value +# +latch_host = https://latch.elevenpaths.com + # # Default action when latch is not available # Options: open, close action = open +# Set timeout value +timeout = 8 + # Operations sshd-login = REPLACE_OPERATION_ID_HERE sshd-keys = REPLACE_OPERATION_ID_HERE login = REPLACE_OPERATION_ID_HERE sudo = REPLACE_OPERATION_ID_HERE +su = REPLACE_OPERATION_ID_HERE diff --git a/examples/centos/etc/latch/latch.conf b/examples/centos/etc/latch/latch.conf index 06f2a57..fd7e0f7 100644 --- a/examples/centos/etc/latch/latch.conf +++ b/examples/centos/etc/latch/latch.conf @@ -11,11 +11,18 @@ app_id = REPLACE_APP_ID_HERE # secret_key = REPLACE_SECRET_KEY_HERE +# Latch host value +# +latch_host = https://latch.elevenpaths.com + # # Default action when latch is not available # Options: open, close action = open +# Set timeout value +timeout = 8 + # Operations sshd-login = REPLACE_OPERATION_ID_HERE sshd-keys = REPLACE_OPERATION_ID_HERE diff --git a/examples/debian/etc/latch/latch.conf b/examples/debian/etc/latch/latch.conf index e409492..fd7e0f7 100644 --- a/examples/debian/etc/latch/latch.conf +++ b/examples/debian/etc/latch/latch.conf @@ -11,13 +11,21 @@ app_id = REPLACE_APP_ID_HERE # secret_key = REPLACE_SECRET_KEY_HERE +# Latch host value +# +latch_host = https://latch.elevenpaths.com + # # Default action when latch is not available # Options: open, close action = open +# Set timeout value +timeout = 8 + # Operations sshd-login = REPLACE_OPERATION_ID_HERE sshd-keys = REPLACE_OPERATION_ID_HERE login = REPLACE_OPERATION_ID_HERE sudo = REPLACE_OPERATION_ID_HERE +su = REPLACE_OPERATION_ID_HERE diff --git a/examples/fedora/etc/latch/latch.conf b/examples/fedora/etc/latch/latch.conf index 06f2a57..fd7e0f7 100644 --- a/examples/fedora/etc/latch/latch.conf +++ b/examples/fedora/etc/latch/latch.conf @@ -11,11 +11,18 @@ app_id = REPLACE_APP_ID_HERE # secret_key = REPLACE_SECRET_KEY_HERE +# Latch host value +# +latch_host = https://latch.elevenpaths.com + # # Default action when latch is not available # Options: open, close action = open +# Set timeout value +timeout = 8 + # Operations sshd-login = REPLACE_OPERATION_ID_HERE sshd-keys = REPLACE_OPERATION_ID_HERE diff --git a/examples/ubuntu/etc/latch/latch.conf b/examples/ubuntu/etc/latch/latch.conf index 06f2a57..fd7e0f7 100644 --- a/examples/ubuntu/etc/latch/latch.conf +++ b/examples/ubuntu/etc/latch/latch.conf @@ -11,11 +11,18 @@ app_id = REPLACE_APP_ID_HERE # secret_key = REPLACE_SECRET_KEY_HERE +# Latch host value +# +latch_host = https://latch.elevenpaths.com + # # Default action when latch is not available # Options: open, close action = open +# Set timeout value +timeout = 8 + # Operations sshd-login = REPLACE_OPERATION_ID_HERE sshd-keys = REPLACE_OPERATION_ID_HERE From 04ca4b12aebefcfc1f47fc0fa8f2697eed79f2a9 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 15 Dec 2014 12:22:48 +0100 Subject: [PATCH 43/49] add freeBSD examples --- examples/freeBSD/etc/latch/latch.accounts | 0 examples/freeBSD/etc/latch/latch.conf | 31 +++++ examples/freeBSD/etc/pam.d/sshd | 27 ++++ examples/freeBSD/etc/ssh/sshd_config | 148 ++++++++++++++++++++++ 4 files changed, 206 insertions(+) create mode 100644 examples/freeBSD/etc/latch/latch.accounts create mode 100644 examples/freeBSD/etc/latch/latch.conf create mode 100644 examples/freeBSD/etc/pam.d/sshd create mode 100644 examples/freeBSD/etc/ssh/sshd_config diff --git a/examples/freeBSD/etc/latch/latch.accounts b/examples/freeBSD/etc/latch/latch.accounts new file mode 100644 index 0000000..e69de29 diff --git a/examples/freeBSD/etc/latch/latch.conf b/examples/freeBSD/etc/latch/latch.conf new file mode 100644 index 0000000..fd7e0f7 --- /dev/null +++ b/examples/freeBSD/etc/latch/latch.conf @@ -0,0 +1,31 @@ +# +# Configuration file for the latch UNIX plugin +# + +# Identify your Application +# Application ID value +# +app_id = REPLACE_APP_ID_HERE + +# Secret key value +# +secret_key = REPLACE_SECRET_KEY_HERE + +# Latch host value +# +latch_host = https://latch.elevenpaths.com + +# +# Default action when latch is not available +# Options: open, close +action = open + +# Set timeout value +timeout = 8 + +# Operations +sshd-login = REPLACE_OPERATION_ID_HERE +sshd-keys = REPLACE_OPERATION_ID_HERE +login = REPLACE_OPERATION_ID_HERE +sudo = REPLACE_OPERATION_ID_HERE +su = REPLACE_OPERATION_ID_HERE diff --git a/examples/freeBSD/etc/pam.d/sshd b/examples/freeBSD/etc/pam.d/sshd new file mode 100644 index 0000000..fbf0264 --- /dev/null +++ b/examples/freeBSD/etc/pam.d/sshd @@ -0,0 +1,27 @@ +# +# $FreeBSD: releng/10.1/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $ +# +# PAM configuration for the "sshd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth requisite pam_unix.so no_warn try_first_pass +auth required pam_latch.so config=/etc/latch/latch.conf accounts=/etc/latch/latch.accounts operation=sshd-login otp=yes + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/examples/freeBSD/etc/ssh/sshd_config b/examples/freeBSD/etc/ssh/sshd_config new file mode 100644 index 0000000..5116cdd --- /dev/null +++ b/examples/freeBSD/etc/ssh/sshd_config @@ -0,0 +1,148 @@ +# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ +# $FreeBSD: releng/10.1/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +# Note that some of FreeBSD's defaults differ from OpenBSD's, and +# FreeBSD has a few additional options. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Ciphers and keying +#RekeyLimit default none + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to yes to enable built-in password authentication. +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable PAM authentication +ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'no' to disable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum FreeBSD-20140420 + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Disable HPN tuning improvements. +#HPNDisabled no + +# Buffer size for HPN to non-HPN connections. +#HPNBufferSize 2048 + +# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels. +#TcpRcvBufPoll yes + +# Allow the use of the NONE cipher. +#NoneEnabled no + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server From 9da3da964b86a216bb3a57fdf87f1638a51725ab Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 15 Dec 2014 12:25:46 +0100 Subject: [PATCH 44/49] update README --- README.md | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 33be2aa..8f21846 100644 --- a/README.md +++ b/README.md @@ -45,11 +45,16 @@ yum install pam-devel libcurl-devel openssl-devel ##INSTALLING THE PLUGIN IN UNIX -* Cd to the top-level directory of the plugin, and use the **"./configure && make && sudo make install"** command to install it. +* Cd to the top-level directory of the plugin, and use the **"./configure prefix=/usr sysconfdir=/etc && make && sudo make install"** command to install it. ``` ./configure prefix=/usr sysconfdir=/etc && make && sudo make install ``` +If you are installing on OpenBSD/FreeBSD, add CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" directives to "configure", since gcc will not find dependencies otherwise. +``` +./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" prefix=/usr sysconfdir=/etc && make && sudo make install +``` + * Edit /etc/latch/latch.conf file and add your **"Application ID"** and **"Secret"**. Add as operations as services will be protected with latch. * The action option within latch.conf file (that may be open/close) specifies the action to be performed in case there is no connection to Latch servers. @@ -67,12 +72,16 @@ PAM_DIR=/usr/lib/pam ``` Ubuntu, Debian: ``` -PAM_DIR=/lib/*/security, /lib*/security/ +PAM_DIR=/lib*/*/security ``` CentOS, Fedora, RedHat: ``` PAM_DIR=/lib*/security/ ``` +FreeBSD (default installation directory): +``` +PAM_DIR=/urs/lib/ +``` * There are some PAM configuration examples how to protect some applications (such as sudo, sshd, su, login, etc.) in examples/ directory. Usually, your PAM module is setup by adding a line to the appropriate file in /etc/pam.d/: ``` @@ -103,14 +112,14 @@ For Ubuntu/Debian, ``` sudo service ssh restart ``` -For RedHat/CentOS/Fedora, +For RedHat/CentOS/Fedora/FreeBSD, ``` sudo service sshd restart ``` -###SELinux (Fedora) SETUP -* In Fedora 20, the program **“SELinux“** at times defines a security policy that prevents communication from being opened between the SSH server and the Latch server. To solve this problem, you must add a SELinux module to the policy. To do so you must enter the **“modules/SSH/SELinux“** folder of the packet for the downloaded plugin and execute the command **“semodule -i latch_ssh.pp“**. Then you must enable the variable that was created through the command **“setsebool -P ssh_can_network 1“**. +###SELinux (Fedora/CentOS) SETUP +* In some systems, like Fedora 20 and CentOS 6.7, the program **“SELinux“** at times defines a security policy that prevents communication from being opened between the SSH server and the Latch server. To solve this problem, you must add a SELinux module to the policy. To do so you must enter the **“modules/SSH/SELinux“** folder of the packet for the downloaded plugin and execute the command **“semodule -i latch_ssh.pp“**. Then you must enable the variable that was created through the command **“setsebool -P ssh_can_network 1“**. ##UNINSTALLING THE PLUGIN IN UNIX @@ -118,12 +127,9 @@ sudo service sshd restart * Open a terminal. Move to the top-level directory of the plugin. Run **"sudo make uninstall"**. ``` -./configure prefix=/usr sysconfdir=/etc && sudo make uninstall +./configure prefix=/usr sysconfdir=/etc && make && sudo make uninstall ``` -* Remove binaries. - - ##USE OF LATCH PLUGIN FOR THE USERS **Latch does not affect in any case or in any way the usual operations with an account. It just allows or denies actions over it, acting as an independent extra layer of security that, once removed or without effect, will have no effect over the accounts, which will remain with their original state.** From e84bdc41214fc1cb2531d4390f7be1aa724e0fc1 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 15 Dec 2014 12:46:44 +0100 Subject: [PATCH 45/49] update README --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 8f21846..87c859e 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,10 @@ For RedHat/Centos/Fedora, ``` yum install pam-devel libcurl-devel openssl-devel ``` +For FreeBSD, +``` +pkg install ftp/curl +``` * To get the **"Application ID"** and **"Secret"**, (fundamental values for integrating Latch in any application), it’s necessary to register a developer account in [Latch's website](https://latch.elevenpaths.com). On the upper right side, click on **"Developer area"**. From dc58af2a379b0829c550ad8380bd179f1045496c Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Mon, 15 Dec 2014 12:54:59 +0100 Subject: [PATCH 46/49] update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 87c859e..dbf911b 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ sudo apt-get install libpam0g-dev libcurl4-openssl-dev libssl-dev ``` For RedHat/Centos/Fedora, ``` -yum install pam-devel libcurl-devel openssl-devel +sudo yum install pam-devel libcurl-devel openssl-devel ``` For FreeBSD, ``` @@ -56,7 +56,7 @@ pkg install ftp/curl If you are installing on OpenBSD/FreeBSD, add CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" directives to "configure", since gcc will not find dependencies otherwise. ``` -./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" prefix=/usr sysconfdir=/etc && make && sudo make install +./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" prefix=/usr sysconfdir=/etc && make && make install ``` * Edit /etc/latch/latch.conf file and add your **"Application ID"** and **"Secret"**. Add as operations as services will be protected with latch. From eddacfce0a678ff350bde6852ae952346c537307 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Wed, 17 Dec 2014 08:07:06 +0100 Subject: [PATCH 47/49] add freeBSD examples --- examples/freeBSD/etc/pam.d/login | 20 ++++++++++++++ examples/freeBSD/etc/pam.d/su | 17 ++++++++++++ examples/freeBSD/etc/pam.d/system-login-latch | 26 +++++++++++++++++++ examples/freeBSD/etc/pam.d/system-su-latch | 26 +++++++++++++++++++ 4 files changed, 89 insertions(+) create mode 100644 examples/freeBSD/etc/pam.d/login create mode 100644 examples/freeBSD/etc/pam.d/su create mode 100644 examples/freeBSD/etc/pam.d/system-login-latch create mode 100644 examples/freeBSD/etc/pam.d/system-su-latch diff --git a/examples/freeBSD/etc/pam.d/login b/examples/freeBSD/etc/pam.d/login new file mode 100644 index 0000000..e3cd0f7 --- /dev/null +++ b/examples/freeBSD/etc/pam.d/login @@ -0,0 +1,20 @@ +# +# $FreeBSD: releng/10.1/etc/pam.d/login 170510 2007-06-10 18:57:20Z yar $ +# +# PAM configuration for the "login" service +# + +# auth +auth sufficient pam_self.so no_warn +auth include system-login-latch + +# account +account requisite pam_securetty.so +account required pam_nologin.so +account include system + +# session +session include system + +# password +password include system diff --git a/examples/freeBSD/etc/pam.d/su b/examples/freeBSD/etc/pam.d/su new file mode 100644 index 0000000..ad95993 --- /dev/null +++ b/examples/freeBSD/etc/pam.d/su @@ -0,0 +1,17 @@ +# +# $FreeBSD: releng/10.1/etc/pam.d/su 219663 2011-03-15 10:13:35Z des $ +# +# PAM configuration for the "su" service +# + +# auth +auth sufficient pam_rootok.so no_warn +auth sufficient pam_self.so no_warn +auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser +auth include system-su-latch + +# account +account include system + +# session +session required pam_permit.so diff --git a/examples/freeBSD/etc/pam.d/system-login-latch b/examples/freeBSD/etc/pam.d/system-login-latch new file mode 100644 index 0000000..d458d08 --- /dev/null +++ b/examples/freeBSD/etc/pam.d/system-login-latch @@ -0,0 +1,26 @@ +# +# $FreeBSD: releng/10.1/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $ +# +# System-wide defaults +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth requisite pam_unix.so no_warn try_first_pass nullok +auth required pam_latch.so config=/etc/latch/latch.conf account=/etc/latch/latch.accounts operation=login otp=yes + +# account +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/examples/freeBSD/etc/pam.d/system-su-latch b/examples/freeBSD/etc/pam.d/system-su-latch new file mode 100644 index 0000000..990acc5 --- /dev/null +++ b/examples/freeBSD/etc/pam.d/system-su-latch @@ -0,0 +1,26 @@ +# +# $FreeBSD: releng/10.1/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $ +# +# System-wide defaults +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok +auth required pam_latch.so config=/etc/latch/latch.conf account=/etc/latch/latch.accounts operation=su otp=yes + +# account +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass From 5f7d8611bf0ebbdf27495e6bd0102887837c587f Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 23 Dec 2014 09:17:47 +0100 Subject: [PATCH 48/49] update setup.sh --- examples/setup.sh | 68 +++++++++++++++++++++++++---------------------- 1 file changed, 36 insertions(+), 32 deletions(-) diff --git a/examples/setup.sh b/examples/setup.sh index 701f39b..12c0aac 100755 --- a/examples/setup.sh +++ b/examples/setup.sh @@ -1,18 +1,18 @@ #!/usr/bin/env bash # run as root -# tested on (OS X 10.9.3) +# tested on (OS X 10.9.3, debian 7.7) function pre_install_ () { if [ -f "`which apt-get`" ] ; then - sudo apt-get -y update - sudo apt-get -y install libpam0g-dev libcurl4-openssl-dev libssl-dev - sudo apt-get -y install gcc make + apt-get -y update + apt-get -y install libpam0g-dev libcurl4-openssl-dev libssl-dev + apt-get -y install gcc make elif [ -f "`which yum`" ] ; then - sudo yum -y update - sudo yum -y install pam-devel libcurl-devel openssl-devel - sudo yum -y install gcc make + yum -y update + yum -y install pam-devel libcurl-devel openssl-devel + yum -y install gcc make fi } @@ -21,8 +21,8 @@ function install_ () # change to root directory cd .. - # configure & make & install - ./configure prefix=/usr sysconfdir=/etc && make && sudo make install + # configure & make & install (supports freeBSD/openBSD) + ./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" prefix=/usr sysconfdir=/etc && make && make install # move pam_latch.so to PAM directory echo 'Moving pam_latch.so to PAM directory ...' @@ -38,34 +38,34 @@ function install_ () if test -d $PAM_DIR && test -f /usr/lib/pam_latch.so ; then echo 'PAM directory: '$PAM_DIR - sudo mv /usr/lib/pam_latch.so $PAM_DIR + mv /usr/lib/pam_latch.so $PAM_DIR else echo 'Move /usr/lib/pam_latch.so manually to PAM dir' exit 1 fi - # change to centos directory + # change to examples/DIST directory echo "Setting up $1 ..." cd examples/$1/ # configure pam services - echo 'Configuring pam services...' + echo 'Configuring pam services ...' for i in `ls etc/pam.d/` ; do if [[ $i == *latch ]] ; then - sudo cp etc/pam.d/$i /etc/pam.d/ + cp etc/pam.d/$i /etc/pam.d/ continue fi if test ! -f /etc/pam.d/$i ; then continue fi if test ! -f /etc/pam.d/$i.lchsave ; then - sudo mv /etc/pam.d/$i /etc/pam.d/$i.lchsave + mv /etc/pam.d/$i /etc/pam.d/$i.lchsave fi - sudo cp etc/pam.d/$i /etc/pam.d/ + cp etc/pam.d/$i /etc/pam.d/ done # configure ssh server - echo 'Configuring ssh server...' + echo 'Configuring ssh server ...' if test -d /etc/ssh/ ; then SSH_CONFIG_DIR=etc/ssh else @@ -74,19 +74,19 @@ function install_ () if test -f /$SSH_CONFIG_DIR/sshd_config ; then if test ! -f /$SSH_CONFIG_DIR/sshd_config.lchsave ; then - sudo mv /$SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config.lchsave + mv /$SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config.lchsave fi - sudo cp $SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config + cp $SSH_CONFIG_DIR/sshd_config /$SSH_CONFIG_DIR/sshd_config else echo 'SSH server not found' fi # restart ssh - echo 'Restarting ssh server...' + echo 'Restarting ssh server ...' if [[ "$1" == "debian" || "$1" == "ubuntu" ]] ; then - sudo service ssh restart - elif [[ "$1" == 'fedora' || "$1" == 'centos' ]] ; then - sudo service sshd restart + service ssh restart + elif [[ "$1" == 'fedora' || "$1" == 'centos' || "$1" == 'freeBSD' ]] ; then + service sshd restart fi } @@ -96,12 +96,12 @@ function uninstall_ () cd .. # configure pam services - echo 'Re-configuring pam services...' + echo 'Re-configuring pam services ...' for i in `ls /etc/pam.d/ | grep '.lchsave' | cut -d "." -f 1` ; do - sudo mv /etc/pam.d/$i.lchsave /etc/pam.d/$i + mv /etc/pam.d/$i.lchsave /etc/pam.d/$i done for i in `ls /etc/pam.d/ | grep 'latch'` ; do - sudo rm /etc/pam.d/$i + rm /etc/pam.d/$i done # configure ssh server @@ -113,22 +113,24 @@ function uninstall_ () fi if test -f $SSH_CONFIG_DIR/sshd_config.lchsave ; then - sudo mv $SSH_CONFIG_DIR/sshd_config.lchsave $SSH_CONFIG_DIR/sshd_config + mv $SSH_CONFIG_DIR/sshd_config.lchsave $SSH_CONFIG_DIR/sshd_config fi # configure & uninstall - ./configure prefix=/usr sysconfdir=/etc && make && sudo make uninstall && make clean + ./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" prefix=/usr sysconfdir=/etc && make && make uninstall && make clean # restart ssh - echo 'Restarting ssh server...' + echo 'Restarting ssh server ...' if [[ "$1" == "debian" || "$1" == "ubuntu" ]] ; then - sudo service ssh restart - elif [[ "$1" == 'fedora' || "$1" == 'centos' ]] ; then - sudo service sshd restart + service ssh restart + elif [[ "$1" == 'fedora' || "$1" == 'centos' || "$1" == 'freeBSD' ]] ; then + service sshd restart fi } +## main ## + if [ "$1" == 'uninstall' ] ; then echo 'Uninstalling latch ...' uninstall_ @@ -138,7 +140,9 @@ elif [ "$1" != '' ] ; then echo 'Installing latch ...' install_ $1 else - echo 'Usage: sudo ./setup DIST | uninstall' + echo "Usage: $0 DIST | uninstall" + echo "DIST options:" + ls -d */ | grep -v latch fi From c9d27e7d58c0dda48413e2de1293d9d9245b3980 Mon Sep 17 00:00:00 2001 From: Ivan Martin Date: Tue, 23 Dec 2014 09:42:26 +0100 Subject: [PATCH 49/49] update README --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dbf911b..24c9272 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,16 @@ For RedHat/Centos/Fedora, sudo yum install pam-devel libcurl-devel openssl-devel ``` For FreeBSD, +Because of some problems with libcurl library, you must disable threaded_resolver[] option before make install: ``` -pkg install ftp/curl +cd /usr/ports/ftp/curl/ +make config ``` +And then, install curl using ports: +``` +make install clean +``` + * To get the **"Application ID"** and **"Secret"**, (fundamental values for integrating Latch in any application), it’s necessary to register a developer account in [Latch's website](https://latch.elevenpaths.com). On the upper right side, click on **"Developer area"**.