Pull request #14: Handle --password option in ecFlow client (ECFLOW-1865)

Merge in ECFLOW/ecflow from bug/ECFLOW-1865_password_option to develop

* commit 'd92e902bf1fefee7fdc4eebfdfb90cc1e544770f':
  Add test to ensure the ---password option is handled ECFLOW-1865
  Add missing handling of --password option
  Encapsulate POSIX crypt uses into specific class ECFLOW-1865

Author: marcosbento

ACore/src/Passwd.cpp

@@ -18,9 +18,6 @@
 
 #include "Passwd.hpp"
 
-//extern char *crypt(const char *key, const char *salt);
-
-
 double ecf_drand48();
 
 

ACore/src/PasswdFile.cpp

@@ -13,7 +13,6 @@
 // Description : Parser for white list file
 //============================================================================
 
-#include <unistd.h>  // for crypt
 #include <iostream>
 
 #include <boost/lexical_cast.hpp>
@@ -23,6 +22,7 @@
 #include "File.hpp"
 #include "Str.hpp"
 #include "User.hpp"
+#include "PasswordEncryption.hpp"
 
 using namespace ecf;
 using namespace std;
@@ -269,7 +269,7 @@ bool PasswdFile::add_user(std::vector<std::string>& tokens, std::string& error_m
       return false;
    }
 
-   vec_.emplace_back(tokens[0],tokens[1],tokens[2],crypt(tokens[3].c_str(),tokens[0].c_str()));
+   vec_.emplace_back(tokens[0],tokens[1],tokens[2],PasswordEncryption::encrypt(tokens[3],tokens[0]));
 
    return true;
 }

ACore/src/PasswordEncryption.hpp

@@ -0,0 +1,50 @@
+#ifndef PASSWORD_ENCRYPTION_HPP_
+#define PASSWORD_ENCRYPTION_HPP_
+//============================================================================
+// Name        :
+// Author      :
+// Revision    :
+//
+// Copyright 2009- ECMWF.
+// This software is licensed under the terms of the Apache Licence version 2.0
+// which can be obtained at http://www.apache.org/licenses/LICENSE-2.0.
+// In applying this licence, ECMWF does not waive the privileges and immunities
+// granted to it by virtue of its status as an intergovernmental organisation
+// nor does it submit to any jurisdiction.
+//
+// Description : Provides a generic password encryption mechanism
+//                + specific POSIX implementation
+//============================================================================
+
+#include <unistd.h>
+
+#include <string>
+
+struct PosixEncryption {
+  using salt_t = std::string;
+  using key_t = std::string;
+  using encrypted_t = std::string;
+
+  static encrypted_t encrypt(const key_t& key, const salt_t& salt) {
+    auto result = crypt(key.c_str(), salt.c_str());
+    if (!result) {
+      throw std::runtime_error("Error: unable to encrypt the given key");
+    }
+    return std::string{result};
+  }
+};
+
+template <typename ENGINE>
+struct BasePasswordEncryption {
+  using username_t = std::string;
+  using plain_password_t = std::string;
+  using encrypted_password_t = std::string;
+
+  static encrypted_password_t encrypt(const plain_password_t& password, const username_t& username) {
+    return ENGINE::encrypt(password, username);
+  }
+};
+
+using PasswordEncryption = BasePasswordEncryption<PosixEncryption>;
+
+#endif  // PASSWORD_ENCRYPTION_HPP_

ACore/test/TestPasswdFile.cpp

@@ -12,15 +12,14 @@
 //
 // Description :
 //============================================================================
-#include <iostream>
-#include <unistd.h>
-
+#include <boost/filesystem/operations.hpp>
+#include <boost/filesystem/path.hpp>
 #include <boost/test/unit_test.hpp>
-#include "boost/filesystem/operations.hpp"
-#include "boost/filesystem/path.hpp"
+#include <iostream>
 
-#include "PasswdFile.hpp"
 #include "File.hpp"
+#include "PasswdFile.hpp"
+#include "PasswordEncryption.hpp"
 
 namespace fs = boost::filesystem;
 using namespace std;
@@ -146,11 +145,11 @@ BOOST_AUTO_TEST_CASE( test_passwd )
 //   tom host3 3143    x12ggg # sdsdsd
 
    std::vector<Pass_wd> expected_passwds;
-   expected_passwds.emplace_back("fred", "host",  "3141", crypt("x12ggg","fred") );
-   expected_passwds.emplace_back("fred", "host3", "3143", crypt("passwd","fred") );
-   expected_passwds.emplace_back("fred", "host4", "3145", crypt("x12ggg","fred") );
-   expected_passwds.emplace_back("jake", "host",  "3141", crypt("x12ggg","jake") );
-   expected_passwds.emplace_back("tom",  "host3", "3143", crypt("x12ggg","tom") );
+   expected_passwds.emplace_back("fred", "host",  "3141", PasswordEncryption::encrypt("x12ggg","fred") );
+   expected_passwds.emplace_back("fred", "host3", "3143", PasswordEncryption::encrypt("passwd","fred") );
+   expected_passwds.emplace_back("fred", "host4", "3145", PasswordEncryption::encrypt("x12ggg","fred") );
+   expected_passwds.emplace_back("jake", "host",  "3141", PasswordEncryption::encrypt("x12ggg","jake") );
+   expected_passwds.emplace_back("tom",  "host3", "3143", PasswordEncryption::encrypt("x12ggg","tom") );
 
    BOOST_REQUIRE_MESSAGE(expected_passwds == theFile.passwds() ,"expected passwords to match");
 }

ACore/test/TestPasswordEncryption.cpp

@@ -0,0 +1,34 @@
+//============================================================================
+// Name        :
+// Author      :
+// Revision    :
+//
+// Copyright 2009- ECMWF.
+// This software is licensed under the terms of the Apache Licence version 2.0
+// which can be obtained at http://www.apache.org/licenses/LICENSE-2.0.
+// In applying this licence, ECMWF does not waive the privileges and immunities
+// granted to it by virtue of its status as an intergovernmental organisation
+// nor does it submit to any jurisdiction.
+//
+// Description : Tests the functionality provided by PasswordEncryption
+//============================================================================
+
+#include <boost/test/unit_test.hpp>
+
+#include "PasswordEncryption.hpp"
+
+BOOST_AUTO_TEST_SUITE( CoreTestSuite )
+
+BOOST_AUTO_TEST_CASE( test_is_able_to_encrypt_password )
+{
+  PasswordEncryption::username_t user = "username";
+  PasswordEncryption::plain_password_t plain = "password";
+  PasswordEncryption::encrypted_password_t expected = "usjRS48E8ZADM";
+  // Expected was obtained by calling `$ openssl passwd -salt username password`
+
+  auto encrypted = PasswordEncryption::encrypt(plain, user);
+
+   BOOST_REQUIRE(encrypted == expected);
+}
+
+BOOST_AUTO_TEST_SUITE_END()

Client/CMakeLists.txt

@@ -72,6 +72,7 @@ SET_TARGET_PROPERTIES(ecflow_client PROPERTIES
 
 list( APPEND test_srcs
     test/TestClientEnvironment.cpp
+    test/TestClientOptions.cpp
     test/TestClientInterface.cpp
     test/TestJobGenOnly.cpp
     test/TestLifeCycle.cpp

Client/src/ClientOptions.cpp

@@ -26,6 +26,7 @@
 #include "Ecf.hpp"
 #include "Child.hpp"
 #include "TaskApi.hpp"
+#include "PasswordEncryption.hpp"
 
 using namespace std;
 using namespace ecf;
@@ -137,6 +138,11 @@ Cmd_ptr ClientOptions::parse(int argc, char* argv[],ClientEnvironment* env) cons
        if (env->debug())  std::cout << "  user " << user << " overridden at the command line\n";
        env->set_user_name(user);
     }
+    if ( vm.count( "password" ) ) {
+       std::string password = vm[ "password" ].as< std::string > ();
+       if (env->debug())  std::cout << "  password overridden at the command line\n";
+       env->set_password(PasswordEncryption::encrypt(password, env->get_user_name()));
+    }
 
 #ifdef ECF_OPENSSL
    if ( vm.count( "ssl" )) {

Client/test/TestClientOptions.cpp

@@ -0,0 +1,42 @@
+//============================================================================
+// Name        :
+// Author      : Avi
+// Revision    : $Revision: #9 $
+//
+// Copyright 2009- ECMWF.
+// This software is licensed under the terms of the Apache Licence version 2.0
+// which can be obtained at http://www.apache.org/licenses/LICENSE-2.0.
+// In applying this licence, ECMWF does not waive the privileges and immunities
+// granted to it by virtue of its status as an intergovernmental organisation
+// nor does it submit to any jurisdiction.
+//
+// Description : Tests the capabilities of ClientOptions
+//============================================================================
+#include <boost/test/unit_test.hpp>
+
+#include "ClientEnvironment.hpp"
+#include "ClientOptions.hpp"
+#include "PasswordEncryption.hpp"
+
+BOOST_AUTO_TEST_SUITE(ClientTestSuite)
+
+BOOST_AUTO_TEST_CASE(test_is_able_to_process_username_and_password) {
+  const char* expected_username = "username";
+  const char* plain_password = "password";
+  std::string expected_password = PasswordEncryption::encrypt(plain_password, expected_username);
+
+  const char* argv[]{"ecflow_client", "--user", expected_username, "--password", plain_password, "--ping"};
+  int argc = boost::size(argv);
+
+  ClientOptions options;
+  ClientEnvironment environment(false);
+  options.parse(argc, const_cast<char**>(argv), &environment);
+
+  std::string actual_username = environment.get_user_name();
+  BOOST_REQUIRE(expected_username == actual_username);
+
+  std::string actual_password = environment.get_user_password(expected_username);
+  BOOST_REQUIRE(expected_password == actual_password);
+}
+
+BOOST_AUTO_TEST_SUITE_END()

Http/src/BasicAuth.cpp

@@ -15,14 +15,16 @@
 /////////1/////////2/////////3/////////4/////////5/////////6/////////7/////////8
 
 #include "BasicAuth.hpp"
+
+#include "Base64.hpp"
 #include "HttpServerException.hpp"
-#include <Base64.hpp>
-#include <Str.hpp>
+#include "PasswordEncryption.hpp"
+#include "Str.hpp"
 
 std::pair<std::string, std::string> BasicAuth::get_credentials(const std::string& token) {
    const std::string decoded = base64_decode(token);
    std::vector<std::string> elems;
    ecf::Str::split(decoded, elems, ":");
 
-   return std::make_pair(elems[0], crypt(elems[1].c_str(), elems[0].c_str()));
+   return std::make_pair(elems[0], PasswordEncryption::encrypt(elems[1], elems[0]));
 }