diff options
| author | Chris Wilson <chris+github@qwirx.com> | 2019-06-02 21:51:27 +0100 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2019-06-07 05:55:39 -0400 |
| commit | 8ed804d9d2c587a9c8e925209619d7dc84e63423 (patch) | |
| tree | bba8d105d185673c94d0b12b1f984ba131afae52 | |
| parent | 4489eb94ed896477c4b01d4c4329b45c9134f894 (diff) | |
[PATCH] Minimal fix for Debian bug 907135 [#36]
Unfortunately, the changes required to implement the full solution to Debian
bug 907135 were quite large and could not be reviewed in time for Debian 10's
release date. This would have meant that Box Backup was not available at all in
Debian 10.
Therefore we have developed a workaround specifically for Debian 10 users
(this patch), which contains only the minimal changes needed to:
* reduce the security level for Box Backup to 1 (the previous default),
* overriding the system default; ensure that all newly generated certificates
* meet the new security requirements that will later be imposed.
This interim version will hopefully be replaced by a version from the master
branch that supports the SSLSecurityLevel configuration option, which we hope
to see in debian-backports as soon as possible, and we recommend that anyone
using the interim version upgrade to this master version as soon as possible.
See
https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2
for more details.
Gbp-Pq: Name openssl1.1.patch
50 files changed, 1375 insertions, 27 deletions
diff --git a/bin/bbackupd/bbackupd-config.in b/bin/bbackupd/bbackupd-config.in index 1fc224c2..52dd38df 100755 --- a/bin/bbackupd/bbackupd-config.in +++ b/bin/bbackupd/bbackupd-config.in @@ -169,7 +169,7 @@ if(!-f $private_key) if(!-f $certificate_request) { die "Couldn't run openssl for CSR generation" unless - open(CSR,"|openssl req -new -key $private_key -sha1 -out $certificate_request"); + open(CSR,"|openssl req -new -key $private_key -sha256 -out $certificate_request"); print CSR <<__E; . . diff --git a/bin/bbstored/bbstored-certs.in b/bin/bbstored/bbstored-certs.in index 00085662..10072a87 100755 --- a/bin/bbstored/bbstored-certs.in +++ b/bin/bbstored/bbstored-certs.in @@ -122,7 +122,7 @@ sub cmd_init_create_root # make CSR die "Couldn't run openssl for CSR generation" unless - open(CSR,"|openssl req -new -key $key -sha1 -out $csr"); + open(CSR,"|openssl req -new -key $key -sha256 -out $csr"); print CSR <<__E; . . @@ -140,7 +140,7 @@ __E die "Certificate request wasn't created.\n" unless -f $csr; # sign it to make a self-signed root CA key - if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) { die "Couldn't generate root certificate." } @@ -201,7 +201,7 @@ __E my $out_cert = "$cert_dir/clients/$acc"."-cert.pem"; # sign it! - if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) { die "Signing failed" } @@ -257,7 +257,7 @@ __E my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem"; # sign it! - if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) { die "Signing failed" } diff --git a/infrastructure/cmake/CMakeLists.txt b/infrastructure/cmake/CMakeLists.txt index e6f46148..e98ef4c2 100644 --- a/infrastructure/cmake/CMakeLists.txt +++ b/infrastructure/cmake/CMakeLists.txt @@ -71,13 +71,6 @@ function(move_file_if_exists source_file dest_file) endif() endfunction() -foreach(file_to_configure ${files_to_configure}) - configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) - replace_file_if_different( - "${base_dir}/${file_to_configure}" - "${base_dir}/${file_to_configure}.out") -endforeach() - # If BOXBACKUP_VERSION is defined when running CMake (as the AppVeyor config does), use it # as-is, since it contains the full version number, branch, and platform (Win32/Win64): if(BOXBACKUP_VERSION) @@ -375,6 +368,7 @@ file(WRITE "${boxconfig_h_file}" "// Auto-generated by CMake. Do not edit.\n") if(WIN32) target_link_libraries(lib_common PUBLIC ws2_32 gdi32) + list(APPEND CMAKE_REQUIRED_LIBRARIES ws2_32 gdi32) endif() # On Windows we want to statically link zlib to make debugging and distribution easier, @@ -430,6 +424,7 @@ else() endif() include_directories(${OPENSSL_INCLUDE_DIR}) target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES}) +list(APPEND CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) # Link to PCRE if (WIN32) @@ -608,6 +603,9 @@ foreach(function_name ${detect_functions}) file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_${platform_var_name}\n") endforeach() +check_function_exists(SSL_CTX_set_security_level HAVE_SSL_CTX_SET_SECURITY_LEVEL) +file(APPEND "${boxconfig_h_file}" "#cmakedefine HAVE_SSL_CTX_SET_SECURITY_LEVEL\n") + check_symbol_exists(dirfd "dirent.h" HAVE_DECL_DIRFD) file(APPEND "${boxconfig_h_file}" "#cmakedefine01 HAVE_DECL_DIRFD\n") @@ -824,6 +822,13 @@ file(TO_NATIVE_PATH "${PERL_EXECUTABLE}" perl_executable_native) string(REPLACE "\\" "\\\\" perl_path_escaped ${perl_executable_native}) target_compile_definitions(test_backupstorefix PRIVATE -DPERL_EXECUTABLE="${perl_path_escaped}") +foreach(file_to_configure ${files_to_configure}) + configure_file("${base_dir}/${file_to_configure}.in" "${base_dir}/${file_to_configure}.out" @ONLY) + replace_file_if_different( + "${base_dir}/${file_to_configure}" + "${base_dir}/${file_to_configure}.out") +endforeach() + # Configure test timeouts: # I've set the timeout to 4 times as long as it took to run on a particular run on Appveyor: # https://ci.appveyor.com/project/qris/boxbackup/build/job/xm10itascygtu93j diff --git a/infrastructure/m4/boxbackup_tests.m4 b/infrastructure/m4/boxbackup_tests.m4 index 86aa560a..f2b44ff0 100644 --- a/infrastructure/m4/boxbackup_tests.m4 +++ b/infrastructure/m4/boxbackup_tests.m4 @@ -142,7 +142,8 @@ AC_SEARCH_LIBS( Upgrade or read the documentation for alternatives]]) fi ]) - +AC_CHECK_FUNCS([SSL_CTX_set_security_level], [HAVE_SSL_CTX_SET_SECURITY_LEVEL=1]) +AC_SUBST([HAVE_SSL_CTX_SET_SECURITY_LEVEL]) ### Checks for header files. diff --git a/lib/common/BoxPortsAndFiles.h.in b/lib/common/BoxPortsAndFiles.h.in index 047a828f..8978cd4c 100644 --- a/lib/common/BoxPortsAndFiles.h.in +++ b/lib/common/BoxPortsAndFiles.h.in @@ -20,6 +20,10 @@ // directory within the RAIDFILE root for the backup store daemon #define BOX_RAIDFILE_ROOT_BBSTORED "backup" +// default security level if SSLSecurityLevel is not specified: see +// https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates +const int BOX_DEFAULT_SSL_SECURITY_LEVEL = 1; + // configuration file paths #ifdef WIN32 // no default config file path, use these macros to call diff --git a/lib/common/Test.h b/lib/common/Test.h index 4b5cef61..32f8220d 100644 --- a/lib/common/Test.h +++ b/lib/common/Test.h @@ -23,6 +23,7 @@ #define BBACKUPQUERY "..\\..\\bin\\bbackupquery\\bbackupquery.exe" #define BBSTOREACCOUNTS "..\\..\\bin\\bbstoreaccounts\\bbstoreaccounts.exe" #define TEST_RETURN(actual, expected) TEST_EQUAL(expected, actual); +#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE(expected, actual, command); #else #define BBACKUPCTL "../../bin/bbackupctl/bbackupctl" #define BBACKUPD "../../bin/bbackupd/bbackupd" @@ -30,6 +31,7 @@ #define BBACKUPQUERY "../../bin/bbackupquery/bbackupquery" #define BBSTOREACCOUNTS "../../bin/bbstoreaccounts/bbstoreaccounts" #define TEST_RETURN(actual, expected) TEST_EQUAL((expected << 8), actual); +#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE((expected << 8), actual, command); #endif extern int num_failures; diff --git a/lib/server/TLSContext.cpp b/lib/server/TLSContext.cpp index 1a6d4a53..d3f41f45 100644 --- a/lib/server/TLSContext.cpp +++ b/lib/server/TLSContext.cpp @@ -14,6 +14,7 @@ #include "autogen_ConnectionException.h" #include "autogen_ServerException.h" +#include "BoxPortsAndFiles.h" #include "CryptoUtils.h" #include "SSLLib.h" #include "TLSContext.h" @@ -84,6 +85,14 @@ void TLSContext::Initialise(bool AsServer, const char *CertificatesFile, const c THROW_EXCEPTION(ServerException, TLSAllocationFailed) } +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + BOX_WARNING("This version of Box Backup overrides the system-wide SSLSecurityLevel for " + "backwards compatibility. Please upgrade as soon as possible. See " + "https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 " + "for details"); + SSL_CTX_set_security_level(mpContext, BOX_DEFAULT_SSL_SECURITY_LEVEL); +#endif + // Setup our identity if(::SSL_CTX_use_certificate_chain_file(mpContext, CertificatesFile) != 1) { diff --git a/test/backupstorefix/testbackupstorefix.cpp b/test/backupstorefix/testbackupstorefix.cpp index 38492bd1..6099f133 100644 --- a/test/backupstorefix/testbackupstorefix.cpp +++ b/test/backupstorefix/testbackupstorefix.cpp @@ -671,8 +671,13 @@ int test(int argc, const char *argv[]) char name[256]; while(::fgets(line, sizeof(line), f) != 0) { - TEST_THAT(::sscanf(line, "%x %s %s", &id, - flags, name) == 3); + if(StartsWith("WARNING: This version of Box Backup overrides the " + "system-wide SSLSecurityLevel", line)) + { + continue; + } + TEST_EQUAL_LINE(3, ::sscanf(line, "%x %s %s", &id, flags, name), + "Unexpected format in initial-listing.txt: <" << line << ">"); bool isDir = (::strcmp(flags, "-d---") == 0); //TRACE3("%x,%d,%s\n", id, isDir, name); MEMLEAKFINDER_NO_LEAKS; diff --git a/test/backupstorefix/testfiles/testbackupstorefix.pl.in b/test/backupstorefix/testfiles/testbackupstorefix.pl.in index fc807155..177b3b70 100755 --- a/test/backupstorefix/testfiles/testbackupstorefix.pl.in +++ b/test/backupstorefix/testfiles/testbackupstorefix.pl.in @@ -148,18 +148,20 @@ elsif($ARGV[0] eq 'reroot') or die "can't open copy listing file"; my $err = 0; my $count = 0; - while(<LISTING>) + while(my $line = <LISTING>) { - print LISTING_COPY; - chomp; - s/\[FILENAME NOT ENCRYPTED\]//; - next if /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; - my ($id,$type,$name) = split / /; + print LISTING_COPY $line; + chomp $line; + $line =~s/\[FILENAME NOT ENCRYPTED\]//; + next if $line =~ /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; + next if $line =~ /^WARNING: This version of Box Backup overrides the system-wide SSLSecurityLevel/; + my ($id,$type,$name) = split / /, $line; $count++; if($name !~ /\Alost\+found0/) { # everything must be in a lost and found dir - $err = 1 + print "Expected '$name' to be in a lost+found directory, but it was not ($line)"; + $err = 1; } } close LISTING_COPY; diff --git a/test/basicserver/testbasicserver.cpp b/test/basicserver/testbasicserver.cpp index 6f2def54..4aeded6c 100644 --- a/test/basicserver/testbasicserver.cpp +++ b/test/basicserver/testbasicserver.cpp @@ -449,6 +449,80 @@ void TestStreamReceive(TestProtocolClient &protocol, int value, bool uncertainst TEST_THAT(count == (24273*3)); // over 64 k of data, definately } +bool test_security_level(int cert_level) +{ + int old_num_failures = num_failures; + + // Context first + TLSContext context; + if(cert_level == 0) + { + context.Initialise(false /* client */, + "testfiles/clientCerts.pem", + "testfiles/clientPrivKey.pem", + "testfiles/clientTrustedCAs.pem"); + } + else if(cert_level == 1) + { + context.Initialise(false /* client */, + "testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem", + "testfiles/seclevel2-sha1/bbackupd/1234567-key.pem", + "testfiles/seclevel2-sha1/ca/roots/serverCA.pem"); + } + else if(cert_level == 2) + { + context.Initialise(false /* client */, + "testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem", + "testfiles/seclevel2-sha256/bbackupd/1234567-key.pem", + "testfiles/seclevel2-sha256/ca/roots/serverCA.pem"); + } + else + { + TEST_FAIL_WITH_MESSAGE("No certificates generated for level " << cert_level); + return false; + } + + SocketStreamTLS conn; + conn.Open(context, Socket::TypeINET, "localhost", 2003); + + return (num_failures == old_num_failures); // no new failures -> good +} + +// Test the certificates that were distributed with the Box Backup source since ancient times, +// which have only 1024-bit keys, and thus fail with "ee key too small". +bool test_ancient_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(0)); // cert_level + + return (num_failures == old_num_failures); // no new failures -> good +} + +// Test a set of more recent certificates, which have a longer key but are signed using the SHA1 +// algorithm instead of SHA256, which fail with "ca md too weak" instead. +bool test_old_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(1)); // cert_level + + return (num_failures == old_num_failures); // no new failures -> good +} + + +bool test_new_certificates() +{ + int old_num_failures = num_failures; + + // Level -1 (allow weaker, with warning) should pass with any certificates: + TEST_THAT(test_security_level(2)); // cert_level + + return (num_failures == old_num_failures); // no new failures -> good +} + int test(int argc, const char *argv[]) { @@ -682,6 +756,11 @@ int test(int argc, const char *argv[]) TEST_THAT(ServerIsAlive(pid)); #endif + // Try testing with different security levels, check that the behaviour is + // as documented at: + // https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates + TEST_THAT(test_ancient_certificates()); + // Kill it TEST_THAT(KillServer(pid)); ::sleep(1); @@ -691,6 +770,24 @@ int test(int argc, const char *argv[]) TestRemoteProcessMemLeaks("test-srv3.memleaks"); #endif } + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-seclevel2-sha1.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_old_certificates()); + TEST_THAT(KillServer(pid)); + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-seclevel2-sha256.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_new_certificates()); + TEST_THAT(KillServer(pid)); } //protocolserver: diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf new file mode 100644 index 00000000..eb37d9ab --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf @@ -0,0 +1,196 @@ + +StoreHostname = localhost +AccountNumber = 0x1234567 +KeysFile = ./bbackupd/1234567-FileEncKeys.raw + +CertificateFile = ./bbackupd/1234567-cert.pem +PrivateKeyFile = ./bbackupd/1234567-key.pem +TrustedCAsFile = ./bbackupd/serverCA.pem +SSLSecurityLevel = 2 + +DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 + + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +NotifyScript = ./bbackupd/NotifySysadmin.sh + + +# The number of seconds between backup runs under normal conditions. To avoid +# cycles of load on the server, this time is randomly adjusted by a small +# percentage as the daemon runs. + +UpdateStoreInterval = 3600 + + +# The minimum age of a file, in seconds, that will be uploaded. Avoids +# repeated uploads of a file which is constantly being modified. + +MinimumFileAge = 21600 + + +# If a file is modified repeated, it won't be uploaded immediately in case +# it's modified again, due to the MinimumFileAge specified above. However, it +# should be uploaded eventually even if it is being modified repeatedly. This +# is how long we should wait, in seconds, after first noticing a change. +# (86400 seconds = 1 day) + +MaxUploadWait = 86400 + +# If the connection is idle for some time (e.g. over 10 minutes or 600 +# seconds, not sure exactly how long) then the server will give up and +# disconnect the client, resulting in Connection Protocol_Timeout errors +# on the server and TLSReadFailed or TLSWriteFailed errors on the client. +# Also, some firewalls and NAT gateways will kill idle connections after +# similar lengths of time. +# +# This can happen for example when most files are backed up already and +# don't need to be sent to the store again, while scanning a large +# directory, or while calculating diffs of a large file. To avoid this, +# KeepAliveTime specifies that special keep-alive messages should be sent +# when the connection is otherwise idle for a certain length of time, +# specified here in seconds. +# +# The default is that these messages are never sent, equivalent to setting +# this option to zero, but we recommend that all users enable this. + +KeepAliveTime = 120 + + +# Files above this size (in bytes) are tracked, and if they are renamed they will simply be +# renamed on the server, rather than being uploaded again. (64k - 1) + +FileTrackingSizeThreshold = 65535 + + +# The daemon does "changes only" uploads for files above this size (in bytes). +# Files less than it are uploaded whole without this extra processing. + +DiffingUploadSizeThreshold = 8192 + + +# The limit on how much time is spent diffing files, in seconds. Most files +# shouldn't take very long, but if you have really big files you can use this +# to limit the time spent diffing them. +# +# * Reduce if you are having problems with processor usage. +# +# * Increase if you have large files, and think the upload of changes is too +# large and you want bbackupd to spend more time searching for unchanged +# blocks. + +MaximumDiffingTime = 120 + + +# Uncomment this line to see exactly what the daemon is going when it's connected to the server. + +# ExtendedLogging = yes + + +# This specifies a program or script script which is run just before each +# sync, and ideally the full path to the interpreter. It will be run as the +# same user bbackupd is running as, usually root. +# +# The script must output (print) either "now" or a number to STDOUT (and a +# terminating newline, no quotes). +# +# If the result was "now", then the sync will happen. If it's a number, then +# no backup will happen for that number of seconds (bbackupd will pause) and +# then the script will be run again. +# +# Use this to temporarily stop bbackupd from syncronising or connecting to the +# store. For example, you could use this on a laptop to only backup when on a +# specific network, or when it has a working Internet connection. + +# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc + + +# Where the command socket is created in the filesystem. + +CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.sock + +# Uncomment the StoreObjectInfoFile to enable the experimental archiving +# of the daemon's state (including client store marker and configuration) +# between backup runs. This saves time and increases efficiency when +# bbackupd is frequently stopped and started, since it removes the need +# to rescan all directories on the remote server. However, it is new and +# not yet heavily tested, so use with caution. + +# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.state + +Server +{ + PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1/bbackupd.pid +} + + +# BackupLocations specifies which locations on disc should be backed up. Each +# directory is in the format +# +# name +# { +# Path = /path/of/directory +# (optional exclude directives) +# } +# +# 'name' is derived from the Path by the config script, but should merely be +# unique. +# +# The exclude directives are of the form +# +# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname +# +# (The regex suffix is shown as 'sRegex' to make File or Dir plural) +# +# For example: +# +# ExcludeDir = /home/guest-user +# ExcludeFilesRegex = .(mp3|MP3)$ +# AlwaysIncludeFile = /home/username/veryimportant.mp3 +# +# This excludes the directory /home/guest-user from the backup along with all mp3 +# files, except one MP3 file in particular. +# +# In general, Exclude excludes a file or directory, unless the directory is +# explicitly mentioned in a AlwaysInclude directive. However, Box Backup +# does NOT scan inside excluded directories and will never back up an +# AlwaysIncluded file or directory inside an excluded directory or any +# subdirectory thereof. +# +# To back up a directory inside an excluded directory, use a configuration +# like this, to ensure that each directory in the path to the important +# files is included, but none of their contents will be backed up except +# the directories further down that path to the important one. +# +# ExcludeDirsRegex = ^/home/user/bigfiles/ +# ExcludeFilesRegex = ^/home/user/bigfiles/ +# AlwaysIncludeDir = /home/user/bigfiles/path +# AlwaysIncludeDir = /home/user/bigfiles/path/to +# AlwaysIncludeDir = /home/user/bigfiles/path/important +# AlwaysIncludeDir = /home/user/bigfiles/path/important/files +# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ +# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ +# +# If a directive ends in Regex, then it is a regular expression rather than a +# explicit full pathname. See +# +# man 7 re_format +# +# for the regex syntax on your platform. + +BackupLocations +{ + home-chris-boxbackup-test-basicserver-testfiles-seclevel2-sha1 + { + Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2-sha1 + } +} + diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem new file mode 100644 index 00000000..340116ed --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSHZEUGZxLnDFr0B02Utd5rF6YwYmhzLG +WNBnC0FBrCN0qJgjEHpQ0jqMGA9vIvBuesYhBmk8hOyJFHNtJB8MJyeHvKSwdwlF +Isz+gr60RGAKj290nSdFgMvMgkdqz6Vg4R9t94fzhxjk/BJyNjr8r+64hffIOQmM +YlmADLX38BLRLAfbVVkq/bRgqBFtmvFYTZKl6of1jVSWQLcXGShWE45lc5Hpd+qv +DRjzsQukb3gJmKU4DMW1BCaS8W6v7R0MG/5CooiwMRrct8puH4IeIDrByBz/0mRP +fMPjR2qpjx4EmLRcC39lGVBTnXLYM1XGIYsX7f1ssYZZXSSajUp9AgMBAAGgADAN +BgkqhkiG9w0BAQUFAAOCAQEAbDRc2PW9WnUu7F1g/mWQW8aGhyzMcYTp28kVEtMC +dvvbNLFWtWPXktM9PjR6F+3QRQktdXwYXsTctmGL4vvSKFd66gw4HklGe+Opiiw/ +o9F6E2PAFzRYbMio7UYevs/RhktaJRkVyd81e8LtFHuUD3vqBY84NVeKwmxnbdoK +jzBj3x3COkLLiPTWjb+RgxnPWcNtXhLAcATZeCKBo4U0gvRL1NTMCslIumdhtD8h +BQOdEaSP2sB8o3mMEh8W5tgja4zWv1GszJK9sJNL/EZag331/++5H06yf8vPhQW7 +rqRHA33CUe7XiqAkXp+Rgq5W97qcKIlo4uKRzCsTYC/QUg== +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem new file mode 100644 index 00000000..9ee696ee --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY +IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v +dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH +21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil +OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 +XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABAoIBAHLetfI6uXlOW/M4 +BVJYKGNhQ8WAg69zHGpJRfrVYX5Zo62pI97gPifV1c3+lNtD41s0m4uqcQlVXAzS +2lZn0yqjV6+ApDJ0opLrM++8X4kmEgMDDwx2GNBUAFm3RY4slAzU7e8iAtsfz2JC +a1yNYiH1G3RE5FgzaGPt0Xg/DgqorT6uR5/jIzlSpqRse9sXG4/uGEmfkogMwvU+ +gmcMOs+Jm7HbLMIGxzBydNTFoup1YUVSCuIjdJBpWRCbBaeYeTSoQgdAPALtwJgz +v8quFaJOkJMKIaXOF+1VN8w5rPTJJdfHtYITz6i0V5A7qSHR5jckbm0UWcXnEdaZ +YvkKRUECgYEA4krb4xrXLuSbUv70dKXybyNxEFK+IVG6NZG4+iaW8B8oU8+q8FzM +HPYAdppYKkYrjslKWIOwZdTsYa4Z8U/uhmMv4OpcCq7nYv6W/g1N/AMd8pEJvV9m +EQ5hY1uMg3rgorYWGDyh3HcYl2q4/9EJiPKUVoZb9IPeO3Po3TgK8A8CgYEAwcTf +EHJVs5F2mnetRhETpC5IGUB9OKbPm+JR6+BNFsh1vaPosobfYOzO6PJm0H/z4jMN +n29oc1SAphUXegE6gbVO8/hd9S4OhTq8egFO9Y/BN3/lHUYe/RPs2BZ+Foh70PH7 +9l6K/UDrwJ458hBrFM/DCcjRRcw12GBPUZ8xkLMCgYEAlND8GDc/igQnLYajhs7X +R0V8hmqTxN+1YKNLjZ6xJoqm/68TUG0Ggok5NsY78tkgrg8sSFeaOu2y4m4Xe33A +dDpoczZMf24UlyKsc7iWL4RxPmMpj5NcUR0u6KN9Hb5CWl762seM/qqHzpQNw5ZZ ++ejlqp1DfeL21Axe+JRxhPsCgYEAiYEWtoocbRhd7RHeYWl+4bSCL4FHG2usyjdZ +4SREMFXCz/fACuiRHiwOTNqvwWf7ftqx4SFjIuylerZe+ZJjnWY3iAQJURME9OCQ +nZfOG46PE75rrVF0bi20lken5H+oNcdzAQtoYH2wjvj5r+CczKD/DDN45qoaz9jQ +kOCCgOcCgYBDeOUq+6UoZMmx1c/H4MnRWMpHu0hNfivDEeJMYkxLMA98clstohc7 +T4B4gaoCewJ5XVR72k+Oqgvy++d4g5EpRjFE8hVNjw7Vo3WP0+X5iI+TmBuLKh/c +Wl10t7jLE25vyLJs4nmQd4hav9gWMbP5l99sVq61DM6bMuRcQnyeIA== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh new file mode 100644 index 00000000..48e8cf8e --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +SUBJECT="BACKUP PROBLEM on host debian-unstable" +SENDTO="chris" + +if [ "$1" = "" ]; then + echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 + exit 2 +elif [ "$1" = store-full ]; then + sendmail: $SENDTO <<EOM +Subject: $SUBJECT (store full) +To: $SENDTO + + +The store account for debian-unstable is full. + +============================= +FILES ARE NOT BEING BACKED UP +============================= + +Please adjust the limits on account 1234567 on server localhost. + +EOM +elif [ "$1" = read-error ]; then +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (read errors) +To: $SENDTO + + +Errors occured reading some files or directories for backup on debian-unstable. + +=================================== +THESE FILES ARE NOT BEING BACKED UP +=================================== + +Check the logs on debian-unstable for the files and directories which caused +these errors, and take appropriate action. + +Other files are being backed up. + +EOM +elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then + # do nothing by default + true +else +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (unknown) +To: $SENDTO + + +The backup daemon on debian-unstable reported an unknown error ($1). + +========================== +FILES MAY NOT BE BACKED UP +========================== + +Please check the logs on debian-unstable. + +EOM +fi diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf new file mode 100644 index 00000000..25425dfa --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored.conf @@ -0,0 +1,23 @@ + +RaidFileConf = ./raidfile.conf +AccountDatabase = ./bbstored/accounts.txt + +# Uncomment this line to see exactly what commands are being received from clients. +# ExtendedLogging = yes + +# scan all accounts for files which need deleting every 15 minutes. + +TimeBetweenHousekeeping = 900 + +Server +{ + PidFile = /var/run/bbstored.pid + User = chris + ListenAddresses = inet:localhost + CertificateFile = ./bbstored/localhost-cert.pem + PrivateKeyFile = ./bbstored/localhost-key.pem + TrustedCAsFile = ./bbstored/clientCA.pem + SSLSecurityLevel = 2 +} + + diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem new file mode 100644 index 00000000..db9fe3f7 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr +/yoUBQz7/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M +36V5/k7wfF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodU +oqysEK3DF4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYa +sP0KqFH8CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4 +iuekRol6dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABoAAwDQYJKoZI +hvcNAQEFBQADggEBACN8kdjf8P/OBMVytAKxWlXDAtG5A8qZz4e+aNM4JfXF//fP +pS5c+m0rpt6aop4N5n5MWyL54eJlhh+yyNdm2RmHvybJKHLTRCPzP3gtHaVZ4v2V +xWbDW+LuLMhDp70Ci1/CGWv+fQ2jmKPAtXGcbIsvjI+swLRtJDTwNV6B/dbS5QyF +6n8O+pSLS6l7vsXginavB+VLAWWdtCbZAgId9Io0BePN/LpVb2bLgzGfzBInSCFl +4bBN3dqC7nFkXdk+EXseA0L1NYUpXZoperzxMgDG74IMPwIomkb3elNP7xpz3Zgg +Y5xwL05H5Jj5aW3Ao9mY3LKK8ZmAQnljOsyQsKc= +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem new file mode 100644 index 00000000..885892b3 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyzNFMI4BCpd/vGvPseb8U/NZYDQZ6nV7nFwDPsyr/yoUBQz7 +/gEAFP9Zo+8C9h89N2dPuxVNgylybiXO1icy8NsH+xkTtJXPSqi/Q87M36V5/k7w +fF6Kx9ayuB2e1xg844fuY3llYacOyoA1NWP3DaQP+MztxuvKqK4JnodUoqysEK3D +F4F1qFSHh1fum5nY+GBPaZjhn6ns/prQP8De6bctEjUAEYSKqUjNJpYasP0KqFH8 +CoY1ZGa/f5n0CZ/9VT5N+Nm0TA1HwX2QeH0h1yp/LH52tD6/8T9XqgK4iuekRol6 +dkj63jXPnVSK4NSFksTzJsQCABOUz4kXKZucQQIDAQABAoIBACvo7mCprwvs5QuA +eKdG9OvnQD8LwzXpIUcOkxz0+Y3wN9dHkQS4jp36+BH2yjsJUR8x0gbpeZCIWlP3 +E5Uvb1Cg5D6ckqeJX/wQLxSmEZualJwhztHxVCgO+xvSOsrcT/wTGa6hQwkxIn8b +6WOaMH7gHxtynUdJGMgOo8GAGQf1yVganOo8hk/jARjln3Cyg+0018a8P0bZHI5L +2EJgXSvVo5N4s0sVxMTDUX80YMmpH5M1duCYRitJwZCDMg5xOjootvfzw9pDD40/ +JsQHxdCfotDEBOVym7mKqxOUowwA+8vKG5yOkG7Fb7QmO9UkujqBCQs7n9q+0wj5 +3OV872ECgYEA+YwqJ+vk8EK6Eo4ZJmYNhreKDtfTCiv4CRpxWimyf8fShhPSpcur +JSMl7OLuJhqsWIoGs5v1QSMhaSckLVq5lSZ7czVyC/ZFmhXN8LmfdYJ3LuSfEhG/ +ma9c2qXXC9EbTgdRg5lFSIugBFEHv+656Jn6Oj4hN/V8bd0EDgSY7Q0CgYEA0HRR +esMH2YSGztoauzl0FmOHrH53diTpCNBzh2ZEwQgHcTbHK3VfDqN0bsUx4SwZW/Wj +o7elnrBDHdVa8LMbUq7DH5YzRnfbGJHcKhUCTI3eT0wfpKvnyptIwRaKozS313rx ++5ZePf51krnYTs6p73Nvu7ALUwTLLi57PZQKJwUCgYB2B0JlEWB99sF1RzpD/B7H +qgWlUZUiiXtOKvCT+YbQgx1ihvupqTPwY7hrW0XSRelgEyBqUQhl34zM5FNrFC8U +iVf4PL4NRFTVNRzrj5AJD0T5q+5EqJpbwSKE081rbGKivDlkqdioIEn14LFuqSXL +CxDb/UjO49APUmq5ipkd/QKBgQCfSxPsrNb1yMk/jvn4coochchq72WYudH+c1Sl +dmg53knZoROISTPvusbB0x0vxgRG+qom9LKyVl2jkaPh5eyOPZBMNfpO8k5SMzw8 +SDuuhocIr9JKgzco44swSmp9F08ZchEywZCY7TepfS0n49OGcP9EPN4afcJKMyjo +QJWVhQKBgH47nr45MgQJIoeUzmDPL/N9jAlG4+MvfsGvZxtGeRij68TYFStPEccO +GJH09GQZgxvz8YbamC4KEA67PlwOdm/4ITs4HAE+tX6gaYeXG8XTw/azQdx0ZhXu +EIhyRvSeCfXq/hi4Qef2yIx3YLarPXw1E38Xtl0MOl+yGg827Imt +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem new file mode 100644 index 00000000..d3f3acba --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZkCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDU3NDBaFw0zMzAxMDQyMDU3NDBa +MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAq0h2RFBmcS5wxa9AdNlLXeaxemMGJocyxljQZwtBQawjdKiY +IxB6UNI6jBgPbyLwbnrGIQZpPITsiRRzbSQfDCcnh7yksHcJRSLM/oK+tERgCo9v +dJ0nRYDLzIJHas+lYOEfbfeH84cY5PwScjY6/K/uuIX3yDkJjGJZgAy19/AS0SwH +21VZKv20YKgRbZrxWE2SpeqH9Y1UlkC3FxkoVhOOZXOR6Xfqrw0Y87ELpG94CZil +OAzFtQQmkvFur+0dDBv+QqKIsDEa3LfKbh+CHiA6wcgc/9JkT3zD40dqqY8eBJi0 +XAt/ZRlQU51y2DNVxiGLF+39bLGGWV0kmo1KfQIDAQABMA0GCSqGSIb3DQEBBQUA +A4IBAQBvwLWvNs2FhwNhjCA0A4r6hbKcdZDqmHT+EJpf1Os/f5A1fTah5u2UvNiQ +jYkI7u5dds/pSRDQ+1itbq2ltHq59QolMDN80xbrqgW2SCYIzBqR5i+plIIlGaM+ +Cih9QUrbZO1qBSA9nvuqFOGdi4tca+rkkuogWWNsngEydS32EmcI/cTcrubMKnYT +aW3+z46D42uZwljlhjnDDRbbvwpqd1h4NPbJcadelZnG3fsO0MCWi8LLp8Sepot7 +oDoseZ55JtYSjQuLFzfvgbvdkl/AQS1J+0Tjf2pq1zjIJmZ8qCuCP694z2BzRMTp +y0vJrXoCFTpVaNZZJx+x8ZqKjp3J +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem new file mode 100644 index 00000000..e5bb872b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcxnm27tjpmhPdI23hV +VLerRKdYRutug9EaVwoegRzsnx/+6vBrnXQFbqenA2MR9yMhje+CJqZJcKoEyN6o +hSuv2vpMUOxLquUjhzv184rxp8dVcz1E6zpnxo5vJw8NoxN65SEjMKxFcO8e/RwQ +Pb8Yot1wEantMZKUu9qQ45lPCJH1VdPES09D6yMc62P7gOkybR4MZE7t2Wm9Bbx6 +H3Ag9OaSuYJOhf3614SvZQFmUlr07X/RFGsAixXi7CWqMjPKZDpG0PALVnKeKrfj +5gftcEUVVh2jRtfwN7DcTQu1f0Cv3Ixvv7T0lOK1BXGt5S8/l1RLeCNkzzIDyyEM +92UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB9d+4iZAtngEGpbtuHEhWssZKP +fisCUA+XokqrQ5Bw8wpE/zh4WHBfKDE0mrXARiJABKJqTVUI/fI9cGVWvRj17yxv +aIuZdYsZgAWhy6U2u0I8Kyul4URnDJq+JiqKOwYDjduZRi6axsjqVoWqeyRn0M1o +05d5O+TzS6uH9JhdYzpBeQVRweH4Dq374ApJu55RW+RQ7CpFQpW1cCqm3nMybNoM +uMMDTXeV09jh8DE63VE5GLi2N9/DaAD8VrrGuZWRFUhEvxHe8Qs8gCX7ep+9rUlS ++Vn0880ItjjBRQwDaSkJqQaGL0Wq4eBSTx9WcvIer9XFfwUYKOFVIPwQqDqn +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem new file mode 100644 index 00000000..0ccfd83c --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxzGebbu2OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q +8GuddAVup6cDYxH3IyGN74ImpklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1Vz +PUTrOmfGjm8nDw2jE3rlISMwrEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV +08RLT0PrIxzrY/uA6TJtHgxkTu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTt +f9EUawCLFeLsJaoyM8pkOkbQ8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/c +jG+/tPSU4rUFca3lLz+XVEt4I2TPMgPLIQz3ZQIDAQABAoIBAQC1TQJIGmw4J4uq +j5PCqNgc/DPWpNCYBNTRg8npGe6mZvBGbP1lqm17Zl5bFfZNO9LXFPldH/cRrxJu +jUBO+M+M/divrLqS+CQpvvadqrTqqBzvn2TuRUZcuIvOpHjGiMD/QAJA8QiiI+ow +muIBov6wajoClrhdE9jk858vxmSB6gE4czdTrXvZQXC+9EyuaqrLQeTuJbz1JNGN +jR61iSZWBfI6Ige+PSKpIQW/pU1+2QHyUNhTqN9V8Cxw0tVnOCZxNlWbXIaqsowa +s4lzfYVvK1NsHitX3wIRJv3gPt3JYN8VIwpq86w1CDxvmEQUuj6VYGDj1n278z4h +4CaZGNFBAoGBAP/b++wVZ1D0glBRhXghCMqGi/bzBySD+XDzd2DwVRM6jkX4Krof +MPflg2AMGXOvYYEoDtNWPHYzLts45zpOY111DA4OKqLL1QgTOOtjjd4b/+AaQOKt +m/Gvr9WFdqCjtO2rcv4546nB4M6bf6umHqoeKK947mi08jmW9VvZhaC5AoGBAMdN +qIYmnR17s9He9/jgU9zfp+21fC9GSDI9MrdaGP9E4EAeg95Sn3ppplzVeIW+c2b/ +0MuhdbR2dn7JoXcJKlO2qcadvsRWURvR0ofWbjcKoKdAHlShsNIfT8cWfk7E1DL3 +04JTWFcLA7M5RkdT9y2/N4NNKAZ37ZWO10r5jz4NAoGAXWh8gmYV//IkGRqJ9Z9p +zDZupst20hf0Ww4niRZ0mL6J7nV5c9WrVPVPjyMbr6ZZnIN5ViJnlGd/Nb2CfUDc ++eOfcQou+pwbvAT4hMclpe7m7XPoOFlVU1jmgrdk5aSeix5KrxGHUhRb9FHEvG+7 +RjQYemdV8pgMzoWUMeIp7NECgYB/39rN3/6UySbR9E6EF2KXZ8T2Jqh8KIrv+QYO +UDeTqVx8p1eSkM6UGy9LhwfiQBUJM/+Cd6Du3ccfiD0aA/5tYdjCf7nDfWJjCBgd +Yb6rgB0d0mzjfi7WUpK8OTlnTrCb1xiVGOaoSn/gQVJPN5dzeamjjCCvLcl5WQHX +sBFxDQKBgAYnvJcaXYiyDW2fpdKodzf0AwPBaR2yUJsO2Zm2RpigrpAkpSo5lk5N +GTWEbWUeENlgapQot5pxKbX07wSpifG3eAULusJuwd9+Ys04GZMYR9T+JXxjLQq7 +hxlWFoj/8o8zh5tGWocqvmTgIiFngwLpHRFStrAhmFSWtHlsgruV +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem new file mode 100644 index 00000000..5b6688f4 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmT9t4A51xpeJ3h6ddg +l2wYFYSp2YdquKX85hipesYp0EIlrPHDdHXFjDS50ZhI62+2hxr/qCtSWwsAiNoK +xSopXMVd6BO6eYPM0KqW4BMnqsKewv39uDiIHVQblB/3/4nd2Jx3sxGIdFivCDuo +nqYm4BT5vEvHWG1Z+FtGqdPGZk4UG53Rx6ewHCYwpXUgCxJE814fruw+aWXPI0U3 +QYCgehOTP5+zcONaFP9aSVd5GXqCtF+MgZYSSK4exL33gKsaDXwhiTJ2IgOs4YpN +HG4fu/ct4ppwArHvaHMuLKS6IgFjCHYCqMD/N2+ZpszPWzI5KGprfHZxl0uTLGTd +HdsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCflWlk+xCivLP+EK8oh0VCuTo2 +qLMuPOR8GU+gVUN1z68T4j/ZsI0NKox++9NOzGwTE/cSpN+nfLNdhPwOM+TrRtS/ +iDrTSDMSVK4SjIQ9iEaINbfOZOv52l9vkyCR/u0TrnnkjXknzU9ZQmnDvj2e8K/B +lq7LjvxeMxvLeZKfISr5XGcnUvhGcJkG6Cdkk6OIYUL7oDmBjS3IBzNTVTVmMB/U +fHMURt/+ljmYKwNN8J7bG8nsMc/UnqqSLqBpPovup/+Ol8pbAjPNaLrQTz5PrN/k +0PwqzbSJ52HEQY+kwpWLpx47p8ArQhD+YTaCUxyqzBWAI573rMdiAh/ZKVVi +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem new file mode 100644 index 00000000..21dfb204 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyZP23gDnXGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs +8cN0dcWMNLnRmEjrb7aHGv+oK1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C +/f24OIgdVBuUH/f/id3YnHezEYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQb +ndHHp7AcJjCldSALEkTzXh+u7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0 +X4yBlhJIrh7EvfeAqxoNfCGJMnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMI +dgKowP83b5mmzM9bMjkoamt8dnGXS5MsZN0d2wIDAQABAoIBAQCKVJ3+74PV6RM6 +1YORp9mB9m0d4ylCQryAPDLzDasRPjSKkCxEpKrQ/0YeEL6C0NewjAPfRT50rEmK +HU3Mw8NWEZh2YOEYWMl25yDzUCJpQrluYWDSyECZmt71jw9xeNDGHZW+mm4qRAgD +q+nsduSYhOkVu+O55Q0Lzcgfaziz+KNlZNFyjQpyrwCoj9lssL+ZYfhFZV2OnPof +QLQpCEmrqzFaE9oFDjXxRkvmEBgtxPqSHNg2ZoFuVRAwcal8WHJbf7twCyQKB4i4 +UFV/SX70qw4pfX53rfUoxUNEJgnnJIpOV0q2N/FO3CPYMjvdSoqkhbaIa2D4c37h +8aB0HCjxAoGBAPukpme3nRy7ybr5P8XomkIy+36sH8hLRoDZCNnz8UJa1OmrA8tG +yKch9vlBMDXjzDQ0Uq8OFSjFN7uQF5zLx4UU2eL/ptEWEmDpPZui7YmI5Ep/ZK4k +reK4op0tJ2fy7Fhq6IoBKvUVN3waWXzmObq77IKIQ5t1Z+MyfHEAtvKHAoGBAM0R +aXluyt3+RwOE2RdlwgSDnHYNvKAUfmkOIVprFEb13LQABbna5BmNIa/rZ+RDtNza +2/Tzqpmq8OVQkF9ATqjba+Y6GAoDwaAcvVwDrjoYtlI8zjnFEhhgVl455QlEZc5O +qxOPYx4Kt60Cc6ee8L9gPvJUIAQLyyCjv1IWYQsNAoGBANWkPALiSGkUpXgwFIyZ +ph192zb4OyN5hSnvGSyxhqqnIwwfPOFf/wqmM1/6kEuwUrYflfM5KY2rol2DQAjG +mWXLBhFKqv3ol0Hfw4ZXFQQnTGpTLc8LJPXPe3+lzkbaXv3SBgrkYuwgTzL1y/PW +Ijz/PxSzS3K4grLJMg1eZfQRAoGAOuatbPutuWW38ALQeC/6MmG7Jw17CF/aj0JH +wjjPcjJcWjdHbcK5kb0/18+934qzAFy8oPb8IXdACh3B2hoWfdnIfDBjhzzc+KhI +m41TFczTUXu1oFJCiE3jgN0QNEE5HLDr4opk5dQePctefN7iN5XlfqU7LO5WQeHG +qkVTSmECgYB+pEKVBHyKyJtdnWhrVr8vhlJH7fh6VUkL4gnuoiFcfPn2gyw6UX7E +9tls3aoxx47jvaJuoaNjiaT8ZZ4C0mx/L7XNHxiQHRb89nPC+WvapplDw+1XA0JK +k/JenbDUXuEPrdoJh30lwwYqNBEJTstFbYILDhbaw4Ud6hRUrIfQOA== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem new file mode 100644 index 00000000..79df3946 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFDMFGbY+8snuTNZA311AVJo5GvwmMA0GCSqGSIb3DQEBBQUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 +NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs +aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzGebbu2 +OmaE90jbeFVUt6tEp1hG626D0RpXCh6BHOyfH/7q8GuddAVup6cDYxH3IyGN74Im +pklwqgTI3qiFK6/a+kxQ7Euq5SOHO/XzivGnx1VzPUTrOmfGjm8nDw2jE3rlISMw +rEVw7x79HBA9vxii3XARqe0xkpS72pDjmU8IkfVV08RLT0PrIxzrY/uA6TJtHgxk +Tu3Zab0FvHofcCD05pK5gk6F/frXhK9lAWZSWvTtf9EUawCLFeLsJaoyM8pkOkbQ +8AtWcp4qt+PmB+1wRRVWHaNG1/A3sNxNC7V/QK/cjG+/tPSU4rUFca3lLz+XVEt4 +I2TPMgPLIQz3ZQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCUifYeul9/GHa2LV6/ +k9ZKOjcSmmDud8sTwfum3CuHLb9ODcKMaNz/vzPYeVyN7MZvXJIAqxaxrrToye46 +pDRQnguPNI5XU+Vb2l3Xvm7WBRGcxkAInkYBB7GwxmfffPS9/JrdPzxD6h3z8IOT +jwzULNmNDse7Wf1hrgS1qKcCzJA1b1rLnZcrU+z3OUvLiR/8Bo/IuwXZVoNqDdq7 +NzrqYT4x0J4P5PuBQHPB/fHMFDc1HoCgLG9b42th71kDoxG7IH2r02FzVjF8qIvD +eQes3VbI7BDT/f0L2r1FHcA7FVRUqTWnEWby/PjTZiRCSPKUG7RqAplrOKmk9JuN +PkkW +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem new file mode 100644 index 00000000..31ae4ecd --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFGAQPLcwEruVZrE+h1tmI7s9CffgMA0GCSqGSIb3DQEBBQUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 +NzM1WhcNMzgwMTE4MjA1NzM1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl +cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZP23gDn +XGl4neHp12CXbBgVhKnZh2q4pfzmGKl6xinQQiWs8cN0dcWMNLnRmEjrb7aHGv+o +K1JbCwCI2grFKilcxV3oE7p5g8zQqpbgEyeqwp7C/f24OIgdVBuUH/f/id3YnHez +EYh0WK8IO6iepibgFPm8S8dYbVn4W0ap08ZmThQbndHHp7AcJjCldSALEkTzXh+u +7D5pZc8jRTdBgKB6E5M/n7Nw41oU/1pJV3kZeoK0X4yBlhJIrh7EvfeAqxoNfCGJ +MnYiA6zhik0cbh+79y3imnACse9ocy4spLoiAWMIdgKowP83b5mmzM9bMjkoamt8 +dnGXS5MsZN0d2wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCHI5RDuqx9hu0anQRC +dREc+3agRxq4C+Fo0mrsF1CWooO9lGyWvJqygiBGqOSjMi3D8AoyQXhxcvf1EniP +CHCpqlP+h+6qILbtBizTTtHhceTpXiU5Se/yJvm9814jJrXVp10akShXzBlc4W/2 +O0NX6b1B0De2z+YJydB+meZws7wgGD3eZCBr2uF2seYTNitKmNfUfq9UXxxCKcMu +eeRzWGM1UDFaRbN7FKNo6YpUE21olZEjxF8xOfyuWOYxv8qNTck89SurOwj4as/o +CLJLVQ7i/keqt1XXXOSpp46CkRoEmmuxHuql44dToQOLZH1RcZLOMHSPO3OdNo5Z +o2Do +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem new file mode 100644 index 00000000..c3c6459b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQEwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDU3MzhaFw0zMzAxMDQyMDU3Mzha +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMszRTCOAQqXf7xrz7Hm/FPzWWA0Gep1e5xcAz7Mq/8qFAUM+/4BABT/ +WaPvAvYfPTdnT7sVTYMpcm4lztYnMvDbB/sZE7SVz0qov0POzN+lef5O8HxeisfW +srgdntcYPOOH7mN5ZWGnDsqANTVj9w2kD/jM7cbryqiuCZ6HVKKsrBCtwxeBdahU +h4dX7puZ2PhgT2mY4Z+p7P6a0D/A3um3LRI1ABGEiqlIzSaWGrD9CqhR/AqGNWRm +v3+Z9Amf/VU+TfjZtEwNR8F9kHh9Idcqfyx+drQ+v/E/V6oCuIrnpEaJenZI+t41 +z51UiuDUhZLE8ybEAgATlM+JFymbnEECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +dYM0WTSCb0AN6eGhlbyNsENnUwLYjDE7ojVD2pY0Ab4ik04DIfTm5piqEkz5HBaI +1ZIEtYlImnvQ9cax1m+8LrVS2tflPpZ0CqWT+In7EncuI1lONZJfYELITDgU3LWx +FEfNQJaOv0Uc8u8GG29d22a50/jTfZr20puM7mYQkLaUJLHgoTImYg6M8W3Ggkyt +DO/yrtPUWm424wCYx+f3DgOrraFtiRLdqUpy5+bRqmzTuEFMAARqt4uudF6MR36n +hBIXg1jYKGrZMLwi60vfdtwe+zpAV/7SRGLbekhB6iAcVIXuom2aD7rlIcJHW/wd +hk9u7ie0JVDdu0R4I5Z9vw== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf new file mode 100644 index 00000000..6e235b24 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha1/raidfile.conf @@ -0,0 +1,10 @@ + +disc0 +{ + SetNumber = 0 + BlockSize = 1024 + Dir0 = . + Dir1 = . + Dir2 = . +} + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf new file mode 100644 index 00000000..e8f2c104 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf @@ -0,0 +1,195 @@ + +StoreHostname = localhost +AccountNumber = 0x1234567 +KeysFile = ./bbackupd/1234567-FileEncKeys.raw + +CertificateFile = ./bbackupd/1234567-cert.pem +PrivateKeyFile = ./bbackupd/1234567-key.pem +TrustedCAsFile = ./bbackupd/serverCA.pem + +DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 + + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +NotifyScript = ./bbackupd/NotifySysadmin.sh + + +# The number of seconds between backup runs under normal conditions. To avoid +# cycles of load on the server, this time is randomly adjusted by a small +# percentage as the daemon runs. + +UpdateStoreInterval = 3600 + + +# The minimum age of a file, in seconds, that will be uploaded. Avoids +# repeated uploads of a file which is constantly being modified. + +MinimumFileAge = 21600 + + +# If a file is modified repeated, it won't be uploaded immediately in case +# it's modified again, due to the MinimumFileAge specified above. However, it +# should be uploaded eventually even if it is being modified repeatedly. This +# is how long we should wait, in seconds, after first noticing a change. +# (86400 seconds = 1 day) + +MaxUploadWait = 86400 + +# If the connection is idle for some time (e.g. over 10 minutes or 600 +# seconds, not sure exactly how long) then the server will give up and +# disconnect the client, resulting in Connection Protocol_Timeout errors +# on the server and TLSReadFailed or TLSWriteFailed errors on the client. +# Also, some firewalls and NAT gateways will kill idle connections after +# similar lengths of time. +# +# This can happen for example when most files are backed up already and +# don't need to be sent to the store again, while scanning a large +# directory, or while calculating diffs of a large file. To avoid this, +# KeepAliveTime specifies that special keep-alive messages should be sent +# when the connection is otherwise idle for a certain length of time, +# specified here in seconds. +# +# The default is that these messages are never sent, equivalent to setting +# this option to zero, but we recommend that all users enable this. + +KeepAliveTime = 120 + + +# Files above this size (in bytes) are tracked, and if they are renamed they will simply be +# renamed on the server, rather than being uploaded again. (64k - 1) + +FileTrackingSizeThreshold = 65535 + + +# The daemon does "changes only" uploads for files above this size (in bytes). +# Files less than it are uploaded whole without this extra processing. + +DiffingUploadSizeThreshold = 8192 + + +# The limit on how much time is spent diffing files, in seconds. Most files +# shouldn't take very long, but if you have really big files you can use this +# to limit the time spent diffing them. +# +# * Reduce if you are having problems with processor usage. +# +# * Increase if you have large files, and think the upload of changes is too +# large and you want bbackupd to spend more time searching for unchanged +# blocks. + +MaximumDiffingTime = 120 + + +# Uncomment this line to see exactly what the daemon is going when it's connected to the server. + +# ExtendedLogging = yes + + +# This specifies a program or script script which is run just before each +# sync, and ideally the full path to the interpreter. It will be run as the +# same user bbackupd is running as, usually root. +# +# The script must output (print) either "now" or a number to STDOUT (and a +# terminating newline, no quotes). +# +# If the result was "now", then the sync will happen. If it's a number, then +# no backup will happen for that number of seconds (bbackupd will pause) and +# then the script will be run again. +# +# Use this to temporarily stop bbackupd from syncronising or connecting to the +# store. For example, you could use this on a laptop to only backup when on a +# specific network, or when it has a working Internet connection. + +# SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc + + +# Where the command socket is created in the filesystem. + +CommandSocket = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.sock + +# Uncomment the StoreObjectInfoFile to enable the experimental archiving +# of the daemon's state (including client store marker and configuration) +# between backup runs. This saves time and increases efficiency when +# bbackupd is frequently stopped and started, since it removes the need +# to rescan all directories on the remote server. However, it is new and +# not yet heavily tested, so use with caution. + +# StoreObjectInfoFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.state + +Server +{ + PidFile = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2/bbackupd.pid +} + + +# BackupLocations specifies which locations on disc should be backed up. Each +# directory is in the format +# +# name +# { +# Path = /path/of/directory +# (optional exclude directives) +# } +# +# 'name' is derived from the Path by the config script, but should merely be +# unique. +# +# The exclude directives are of the form +# +# [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname +# +# (The regex suffix is shown as 'sRegex' to make File or Dir plural) +# +# For example: +# +# ExcludeDir = /home/guest-user +# ExcludeFilesRegex = .(mp3|MP3)$ +# AlwaysIncludeFile = /home/username/veryimportant.mp3 +# +# This excludes the directory /home/guest-user from the backup along with all mp3 +# files, except one MP3 file in particular. +# +# In general, Exclude excludes a file or directory, unless the directory is +# explicitly mentioned in a AlwaysInclude directive. However, Box Backup +# does NOT scan inside excluded directories and will never back up an +# AlwaysIncluded file or directory inside an excluded directory or any +# subdirectory thereof. +# +# To back up a directory inside an excluded directory, use a configuration +# like this, to ensure that each directory in the path to the important +# files is included, but none of their contents will be backed up except +# the directories further down that path to the important one. +# +# ExcludeDirsRegex = ^/home/user/bigfiles/ +# ExcludeFilesRegex = ^/home/user/bigfiles/ +# AlwaysIncludeDir = /home/user/bigfiles/path +# AlwaysIncludeDir = /home/user/bigfiles/path/to +# AlwaysIncludeDir = /home/user/bigfiles/path/important +# AlwaysIncludeDir = /home/user/bigfiles/path/important/files +# AlwaysIncludeDirsRegex = ^/home/user/bigfiles/path/important/files/ +# AlwaysIncludeFilesRegex = ^/home/user/bigfiles/path/important/files/ +# +# If a directive ends in Regex, then it is a regular expression rather than a +# explicit full pathname. See +# +# man 7 re_format +# +# for the regex syntax on your platform. + +BackupLocations +{ + home-chris-boxbackup-test-basicserver-testfiles-seclevel2 + { + Path = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 + } +} + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem new file mode 100644 index 00000000..4f228021 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOQkFDS1VQLTEyMzQ1NjcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeKRy4ppAb1cByCRkt2f1j+6iv7AWdF92p +nPlzXPbLhP/edfuyVPFyBY46p+z6j4p9TrccMjUi4RPMx6dqyL2/o3Qzg3PhoHPq +2fexEkrBSJ1bbL6hXjadzE53wiONj/8nSzFyzqR3/IhKNM0ssR10cqq64VgoiWOR +GHYTTEbQy1k9WvoReC+diTEqIDBLif1EQJ+c/3iUopqtaVZWNS1LV5DX/u2Y1anX +gO1s8jQaYlTtyNZyOi9lwXYXj4mH0mil2Hfh3IKD6GqB4HpFDUZ0/NHFRDvjdwfW +4RTad55l8dWparOyie/QzFRj6Ua1746FsbUw2pERdmHAMshLpxkNAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAuW/o02Ga2yICJSJIrq44T+dIddakxhUPfIvAEWXs +7Cap9qzmBNOAfzFqvbdVgsqC9/WCnpumf9ZpjkXvUy/6EB77HbtiJAXukT2DvFbo +7mvbuh10YGv/AdZxLR2tMXmk9YqV6kgXdXFn18u8Vv35aYa4hru5q16m9QVhkeW+ +UAJCsjhYVISVWW5Pss5mgL058viMHt3T5X3+2ybMdsfLe5BfRbsPxnFClKfBg6QS +3yH5JxQdfJlg64z4uQNHNbsWJ5mRBPEYawZ2ge+HmWb6xnuGLR3Dg5ZbbB0hvAO6 +kw7sZ1at9bX+MWz7rTvgKyxFXcGVXZ40/UQlgfzMiLEAHg== +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem new file mode 100644 index 00000000..e5b132b6 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 +slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ +oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 +EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW +cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz +sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABAoIBAF1cH5LFhGf+ItqJ +Ukh/hEnBFzme0RkcT22Y5weA+MG8SZ6eLEDcC38kMIobya3eJo/URYUW4FehCKYU +/RkV9Q+UzB9dzZPyzuPR55JFIp8pOd+SymWb5w3XLt6K+k/iRJKpucUKa/l0aX3t +xI9UexFVosPYMSkP24S9J9miQ1w4X8D1laJPi5KWrbdzDZxy5geoNmS0veQl6mRf +91Owxsa15wQpxNoVesAiGbrHb5ljMsBovYgljRL6rqA9THXPXfcDkWkabfGai/kD +AktxqPGUELxjD7gSO5G4ygCcGTeIEJbOfwgDtr59V518kVzwVNAxOKb7lfDM/l4D +v0H3liECgYEA+nh1RjwOm2db+yW0hQ2DTCA84by2AyKP7nCwD7CjrGaXrm7zfQ+U +VqSgpDg+xH9/Caa9P1n6zSZSEiXrCePQL6UsREj8sd+st7Uah9eQOc3vywxizGN6 +VMqqmctn+gKKxkmv8T6YtWblDDqOA/7yYlCaH0l7WUO+HKAl7MhaGgUCgYEA4xCo +2bGwbaT7lLdFtOU2+erM2lbA4NzBkR7Mjpq16JiPPFdSF680XBRL0uNR0r2GFucM +gG8Z+ktV1QosY22546Z3fl7+jcyZC4uramDicpAxnmEGIdPnqIkEPhZzKvV0uRGj +tXs2qnJ9ztK7hf+PRwdQEvqCNLkoy+pQPG/bSWkCgYAvH36g6ietYTLS+3MNHU+4 +gNAzgDeWO2hs6dKWARuqEdszvDgfLVExQ+PdQZ+9hGc4P6CXTKx88Fq8g1nHEI9Y +h3DeoAS6ymRKY85MBGhkF7SntPrZjVW0ojSansQ/Kz9EsxRhBO/iISuys0mIwuyD +RrrYbBDC6JXZ+N9pvwAEqQKBgQCI4DgI0pY54iRN55S7kRjs2l+Wlok6g5ijtF82 +74gMqDpf83tnD5SOlSWIAMQIN3snPyxIF7EfMl6RR8quPSy7UFPj97uXGuh/DzjL +rY+T49wlTvN1XNnevIm0K7BNCx3LmhiHg7jWUqIIFPw5sG5cMMpSRnRK9/rhwWOQ +qxUTUQKBgQDYUi6255mUI23dYxCyY7P6rIcGiKqhiAJ5HbGShMFhpA94WS3m6YmJ +sQTip0kykY168klOcRqt8y3RLS5UB1aYBMYvtFuk5wbUcuXFeGcIsuUIZeR3iueg +G0MEhf9hgmBK/xkpfoiLJ+E0hFHqER57N6KCuEK0NWC1Vgqo8X79MQ== +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh new file mode 100644 index 00000000..48e8cf8e --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# This script is run whenever bbackupd changes state or encounters a +# problem which requires the system administrator to assist: +# +# 1) The store is full, and no more data can be uploaded. +# 2) Some files or directories were not readable. +# 3) A backup run starts or finishes. +# +# The default script emails the system administrator, except for backups +# starting and stopping, where it does nothing. + +SUBJECT="BACKUP PROBLEM on host debian-unstable" +SENDTO="chris" + +if [ "$1" = "" ]; then + echo "Usage: $0 <store-full|read-error|backup-ok|backup-error|backup-start|backup-finish>" >&2 + exit 2 +elif [ "$1" = store-full ]; then + sendmail: $SENDTO <<EOM +Subject: $SUBJECT (store full) +To: $SENDTO + + +The store account for debian-unstable is full. + +============================= +FILES ARE NOT BEING BACKED UP +============================= + +Please adjust the limits on account 1234567 on server localhost. + +EOM +elif [ "$1" = read-error ]; then +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (read errors) +To: $SENDTO + + +Errors occured reading some files or directories for backup on debian-unstable. + +=================================== +THESE FILES ARE NOT BEING BACKED UP +=================================== + +Check the logs on debian-unstable for the files and directories which caused +these errors, and take appropriate action. + +Other files are being backed up. + +EOM +elif [ "$1" = backup-start -o "$1" = backup-finish -o "$1" = backup-ok ]; then + # do nothing by default + true +else +sendmail: $SENDTO <<EOM +Subject: $SUBJECT (unknown) +To: $SENDTO + + +The backup daemon on debian-unstable reported an unknown error ($1). + +========================== +FILES MAY NOT BE BACKED UP +========================== + +Please check the logs on debian-unstable. + +EOM +fi diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf new file mode 100644 index 00000000..25425dfa --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored.conf @@ -0,0 +1,23 @@ + +RaidFileConf = ./raidfile.conf +AccountDatabase = ./bbstored/accounts.txt + +# Uncomment this line to see exactly what commands are being received from clients. +# ExtendedLogging = yes + +# scan all accounts for files which need deleting every 15 minutes. + +TimeBetweenHousekeeping = 900 + +Server +{ + PidFile = /var/run/bbstored.pid + User = chris + ListenAddresses = inet:localhost + CertificateFile = ./bbstored/localhost-cert.pem + PrivateKeyFile = ./bbstored/localhost-key.pem + TrustedCAsFile = ./bbstored/clientCA.pem + SSLSecurityLevel = 2 +} + + diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem new file mode 100644 index 00000000..b3ff3f1f --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuX +UrO4+xJIBYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXw +uw3IDQESFbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d +4hbAq/uPd5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCB +i0MfyCIq2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5bt +AVIok/NIWX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABoAAwDQYJKoZI +hvcNAQEFBQADggEBAJVk9eAleSiTsV3Pdq3L01WEyndnmpbU1FcExJWg5xb95xbX +Ojxi6g/NhBodAWl6GHJEUTQ+eJHrZ/hTLD6ZHeX9CGxmxOIvpKJCoOiQU7zamLaq +K6aP8BoG21h2MccnbKlrSFF/c89SzH78r2fgWpUqFUCxobemKfvUbdHSaNlOWxh9 +yO3q1P/ZK0wl/V0CG9kdkUfpl9OLATilBiJayrpX92Ef/U6JkX3ZFEG9vTGBSXXU +5QQM7BrPDgMsaTNDv9N1oPCVrUKfQ7Ts2pTEKU/oMA8fYZKX2GFZ/LDXj4C7clQ4 +LJakbh26NhrohTjecHvJCxIDAk2xLipwmXLmVoU= +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem new file mode 100644 index 00000000..c6acc692 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA9Uk3V+oultps1qwaJwo+w332tal2trjr5LCXoTuXUrO4+xJI +BYKC2D7a+Nl2VUZw+Kr6UEI/wc7ROwM84s9l1jCZ5iXVrz/8XHYJvJXwuw3IDQES +FbxZsrNg0FC8U7GEtVlCRnVr6B2RkciPkDXK3TVqdf43fv4rripPSE/d4hbAq/uP +d5LZNUQdy6yFsMywG4cSqiaHw3hg4aLgF6EKXj29s8IFTiNhM1h8XrCBi0MfyCIq +2jHVM1/ZRL10HA6cMvu/2E+ofrLETl6FlTzyC4WFQBqv0onFmKFIM5btAVIok/NI +WX5vpk1rqGnSOuW/6lhUO4yczExZadgDwx7YiwIDAQABAoIBAGc/FF6bIlU5R8rs +0m1QcK7VHL3GwUOUfybZ9llVvhJ/uANm5I39K5peislor9ihN/hT791MpY2swoF2 +kXBfIFySRJWNo26LHmzE+sA41QXHfUeMBdLEX3VK8Bt/gGYyOMwk8DK8RlmD6LxW +kaeAHQ4T5+YWxcFct4IuKQUlKR565lHr6LRDaYmlDHzjksi/fx0ceMlD/RBje7YD +HXPDdetNkSBvpHEcH2lINnrY0kBb5HQv57ipOdA8MfQ+Xf06SjqjhA6ZUOdsMjsn +QVleXQsT1HQ5Ji///JbqVL5j68qkjza2HroyXgOgQdu+fuksHTXvMjvAnW7/z3u2 +SpUd6WECgYEA/aBM7DKWeQdzlRCfosgv6SZ+ME0Lt5oBaHbbUYizi8DuylB196MJ +xnP1QLa7MAYna6ASxDXIClqxG4x+d4lHpErmbYR4F0pa8/9teSbtUw3OXGe9ahZy +HcpK3LSVV5ns8CjRsclNX86cn/Gxubw48gxjcjIA4qKUJv9KxCSAdoMCgYEA95Tu +qhkXDGhBSSTqs51K8mHbTS4CrpCK6+5J++NP7AT4t2IHIaaQ7DtttAI9xFvwxD9U +zFP2/lZVq1KSFATAoDhItUoC0SMlaFcrIxsIyq/UOqTTluf3in29rFHq3UN1rz9M +X90Tfl5EhUvruVJOiJ5iYt97DJeVgOlWkU7qt1kCgYACEwWOCPviEYWIepJTqn95 +0K7HhlnKLqBEUnSIvi15vyI01WOhmtvBm8EtvlDZm7NG1hBROn9gVk2MhCGkqKLF +XTd1PdgdmKYVyMkEbKUUQNCnQNHzxCs6wyTJmVB/XurpK+xLH/JaDj6JsFhbxIZS +tHc7v9zx/ZJonz3lTMcgMQKBgG+WPqOHv22mJ5ax/t6JjFgGZvM4Q5kuKI8BzXKs +Fz+HVhpBInm2Oydd+aniQLiZv8CT0sJtLaugeehHxPMk2TTdaVfcTby5HIkUkKq3 +6pR//yWXWI5xao6O8cgS+8pSN16PJvsmBz0ze6qgd1QFlsPYrvtlQm6Ae6+oe43u +hbexAoGBAIKGmPAoQsBPEWkSs3nWyAPDHQ45NBoB23G0j01amf11Y/sQWhH+Mqfp +mcU40xr/XwMlTVgALfW1Q048ftJ4D2oYPsUEG3Yiayqe8epl6V55QjGMpdEe/+mQ +5VpndGimuUwxr9cyNShn6dngEg6D0hXfNqu4NFmt/2PH3x0D8eer +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem new file mode 100644 index 00000000..e1cb932c --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZkCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBjbGllbnQgcm9vdDAeFw0xOTA0MjgyMDUxNTlaFw0zMzAxMDQyMDUxNTla +MBkxFzAVBgNVBAMMDkJBQ0tVUC0xMjM0NTY3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA3ikcuKaQG9XAcgkZLdn9Y/uor+wFnRfdqZz5c1z2y4T/3nX7 +slTxcgWOOqfs+o+KfU63HDI1IuETzMenasi9v6N0M4Nz4aBz6tn3sRJKwUidW2y+ +oV42ncxOd8IjjY//J0sxcs6kd/yISjTNLLEddHKquuFYKIljkRh2E0xG0MtZPVr6 +EXgvnYkxKiAwS4n9RECfnP94lKKarWlWVjUtS1eQ1/7tmNWp14DtbPI0GmJU7cjW +cjovZcF2F4+Jh9Jopdh34dyCg+hqgeB6RQ1GdPzRxUQ743cH1uEU2neeZfHVqWqz +sonv0MxUY+lGte+OhbG1MNqREXZhwDLIS6cZDQIDAQABMA0GCSqGSIb3DQEBCwUA +A4IBAQAEpEobzo6qm+GJw3Jgi7Gc/XBVBbib5Tp7fH0oyyzX7sSnbUWNUYNHLjMH +CFFmeNsj2/x4P7JFK2shVy7lRnBt6RUi5zLtQyjhEF8OqV1rxb74hQHl4+7CiRUP +Q1SRTJpdbdDwwAzd5UyDTAX3Glg73krDEHY+k0UCr0kczqcffVzgNmCklMzrCzZk +Nz9KkUF+cMkFDz/5BRBj6I4M9b5ebkVYM32Gz0mAh/G/DcL5KGzWPL9KJ31pgkAP +P8yrvZe2HwscKTJKnAK78M+75zzNv3539/V3y55lNNiyKF2q9Up4k3BE5PY9LDFJ +fVZvMdAltZlFV1tlZksrsRoq3jsc +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem new file mode 100644 index 00000000..c4d2be66 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBjbGllbnQgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWLP1hzvhUgHs8gp6+w +v3aIbsEHXjWOKfTpB4u+eubM4oA9XtXT0NiCLZQPy2BAtIOkazJ6sae6w2Qq2naj +MDyTBclAgok3TLVI6whMkgxdB878uaKQb3sk7xg6yNI6iI7S70cTRM9JKF8ZPBMZ +6ftPgoPooe1ka2kFTjhNgE6jO/DjAyWGpf7Q4cb2ELBdgrU+ehbz4Zz0hHZ0Ts5p +KO8SxEkBX4FRP4sUkbuDM92UNcxyBxlrLg21ktDlIciftef9J94qQyx5HnotMWWp +rj4Zi2mA8/i14op90CXPq/figj8zYkPyyx9KytKDSKcGgByxjNMBWzIAZ17doRgq +1KkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVUqpA7BizyLkDut8sLYI4qyJA +8Os+6IiSDyjyjf3C/hTbrbA31mtF0g3gbZFXnehVhop04zQYy3071OBYzuMx+/2F +olylk7HWrScaKE0MDSSamfVTlSGiO2P+zPg32WKoZsOPPjSyrGF/l+A4TlTQJmFK +SgapRRQVm3VDlkWO77c4EjpqoREPeSHVt+0m2490BY7aUT+kRlXl2nViSV52SS5j +EDnb4N/9t60NRS2zaLtAr0DcRWemR+PzVKqKdNyhXdCeieQ9xzGGHK1vXpW/6kCo +OHi/Xt4MHkt3hHxQQKOrK5dcsoqP9WxlnwOuuy9m9mVH4HUhi+S0KFtOytoX +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem new file mode 100644 index 00000000..c81b607b --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApYs/WHO+FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e +1dPQ2IItlA/LYEC0g6RrMnqxp7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5 +opBveyTvGDrI0jqIjtLvRxNEz0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMD +JYal/tDhxvYQsF2CtT56FvPhnPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIH +GWsuDbWS0OUhyJ+15/0n3ipDLHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNi +Q/LLH0rK0oNIpwaAHLGM0wFbMgBnXt2hGCrUqQIDAQABAoIBAFOJ4X2RaureOq3r +nLNcTkJStxFR1ojQJPwiXFx40yyFWAe+8IyXR1z61GVTUx5PiMilwDLJF7280b1K +otQbpcvrpY/ZrgXwkhUppvGZMlpq1/XsMwGGQbuy97USdSUhxKfOalFDuAWitWzI +HzjEav8XMJXAX3acpldpBgADnCwSA5izEfwt2oGNtcYTHjxG4tR96UvgAxbVbxrU +jg6zd0/Q7eI4MGYc5l2mGFcbAUbeqCOQmTB8eQY9cdXCotXgQSa2EKEt1aG7dEbA +omwwm8+hGYIX4i/E3crFHO5qlbQqtqktvic1Axj3I4NEy+a4Gpja3y6k8gY4TWbS +4+0BZMECgYEA2o6mRCyDNI13VhRdlAO6VDSAdf//8EMeMrANvAGl70de0Ri10ZL6 +GdJLx31le94tVa5Dy+Qi9d9eYci9qIjMK1kUrLcVgvF63tbbOSpz37gESJe+wJYc +xEW2eGRTUwHoYVqRjEi36kAKeWL4mxXeqzJE/ZUQZt2felr4dBJPyBsCgYEAweeS +vV5TJsPlEazUZcRA2dMY8JG9tD1JFVVrlSC4xnLBOEXsC4dw74RsOhoMr69lBn6X +xwcKtzsrx/s9NHI1s2AJXlz310Uj+gRB6/6foyyQDOtijfweZpm3zUNY5OwQ1VBZ +M9J1YVI6xaa3BehQ0PHvx4U/WM9oFMc0upXaaosCgYEAmfo+MXGazn+MP90BQLKP +p5uFlZzSWBcxQ0y9oGMY4MdLicz667e89Ewwj09NHEOfdOndYdxMtSS1ffbLh904 +2qFb64LhaOtwQWbl9BRwpoEio3IlNdGMWssyjwc/nQ+PBGeme0sQJ70OpA6ST9DM +m5hC+tT2RUKGhNFqkXwFMVkCgYBY3Jlg82ND9q55xSypXqEhsh5R0ViQyy08+6KL ++yzytRBbi5+7QNy+x38ZuWpq8QRpT4abDV0Zz6Imybqo2FZH2BEzD4P9QZBVObJE +RrI+A2QYp57I1uvPtU6IYP7SGmU0fNgEacSlTxvkDJz/thGjT9zFIQmA17wpGYnO +oHIyNQKBgEbA0apflhYExq2OZP3mjUM7Baf8MhGylUFnND68YKEr2aR5ihYuWxME +yLSGIDORaVQBiVklze9MXPvJv6WF0nE3VrR5j0AsSoAF0MZBcCJcn5bod0pFRZXG +PkxibqTmzJXJjGRuAKxbNR2+WFxKqc2hsev3hwOSXKYH4DbdCxQg +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem new file mode 100644 index 00000000..b204952d --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICaTCCAVECAQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5c3RlbSBzZXJ2ZXIgcm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMqKzGuRMYTGC4GtM4Y +sa/EcpfgdRDt1V54c7Qjarfz/6Uvb7dn+21IDgnSMImnBzKuE11KBS2WAPPSxyF9 +Z+rNlry38pAVprnVv40dAUaohShxrkzgIYlZ866RonFYQ9mujMdynzGHB0jKH66T +/enqFhEYzOuBcHyb7obgX+HmT95yAVhm6TvMuF8FR5CvrSqdnj141qJWdRmNeXH/ +Eonz1mcFizHRuFZ0ymxjoegwxQkeSnoYyH2vUh3RkQ/iNZPhu9DdDjgZ6Z0m8mUc +xMGqtwTqiYS8KEcAHvcEPoS44BO1aGTnJEwhABTLuEkTPCXl1HkRoq50ts+Cr9w6 +vu8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAhVOO7/mqt2AWFaOlMrXICPm5n +judbMjQhOzaTmYr+Tb2lDlsQyiSm/EONpjC1F8PP6ig3oK8dzmIn9/qLOau6xM2Y +JiaTTJXRX+/JC/AaZvvaiA0etc2JwAcfBijAudEKivA/qKh01SvCgB+IEx5rlR6S +TPjLRO4ygig3qGHeHUsiPBzR4PZA669Is3/P4W8pIlDbCQHI91brQV4TlHJET2V5 ++y4et7ZduWvS6yEn29aiPq5UT36kWtJ9rhBFIiu2oUNnDiL7YUDIbdsl0I9LDPjw +equwfb+dwjjO/bFQKB1RX4j5jUXj25bpe9FdB6iy36+3tLd1a0Oh4j6SEn2n +-----END CERTIFICATE REQUEST----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem new file mode 100644 index 00000000..7eb1ac20 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0yorMa5ExhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9v +t2f7bUgOCdIwiacHMq4TXUoFLZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGu +TOAhiVnzrpGicVhD2a6Mx3KfMYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIB +WGbpO8y4XwVHkK+tKp2ePXjWolZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5K +ehjIfa9SHdGRD+I1k+G70N0OOBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7Vo +ZOckTCEAFMu4SRM8JeXUeRGirnS2z4Kv3Dq+7wIDAQABAoIBADUc0ih40MuRWe+Z +uDhudaLkIn6Y8lkDuTs9yLxyfBEwygheWhcjjFX8XauStqqo3GKe7jf0ukCxDiRF +y9hclpq0g0mMavJav8jWPovb08pV8Mgvb8veRBEsEuLBtr4TmV1TTg2MgwYOFIL2 +c+mRR7hiLJK4TjKeKBDvl5tNLFDBC/2clHXnLCRb8rOKqwmseoPavi992QZ7+Yyq +n0Dx5DOpr1cOcJEr4va8Sornd3LjLuNMjm7XzgIryR5pvLM0ns8Fy2ihyKl7Hd3s +ek9c5fh0jbhz6s28K8laWm9bhozdMQ12y1U5z0PJV+VOwTX/M9UCK1+CpvmjTim5 +NeD93QECgYEA924yXRdUXpOlxJifJ49n88gytHOVcgitrdlZNCAE7aKdYcQW7VSY +7IjUyXH/Mi2zlWKpXYGllOoDW71PhLiMuEtaNfLdToXgHEMGvj+vGw9ZRqs6HY2w +wGyOrxg5VcSOfSpAom4gCGRqxWhHtY/rzFOy7oZePJuRbjcqrAeGQmECgYEA2npt +dGHwp20S5tyd7n1H6Fe2m1t/vjxGsGFfwbFggGIu9lVQxgAQiimzHgBDOjSzs163 +PmuWWUDmHllB9AmJw4wrbAyiHNOmdi4rgY0ez5G6Q9sviFQeFJZzHhe6G1+CcafL ++oSU+Ej7zznMpyU85vcxFz70JvRZ4BeD0PtZI08CgYEAsXEGjzoG2Fh8PdPR91Xh +j7NXoY9ucjwFCbLgRQBdaGoBAbbVVlgf3yl1qA2nnL2nlw8NNLCgJX348JZ/60dK +K3Rmel/0E7bwdHQg5tjW48oLFSIAaGdPhX+Uh78QhxCRuvNNLO9a64nQBEf3fR58 +VKkFngcgl8hc8DSB1qMCxqECgYAOZ54J219DmrRxVkBvdgEkt4vJqHm+sDi07mai +3bAQJukTwsJFm8F7ao5tvvSvxMPIYslQK0XJcrb5b0ci8PINW5ONVzPlFKtYBWlG +7GgIpYITcUMsCOfG0bibVlMl9OEj3z1ash0kVaOMoTH2H0VpsQiikLsGSnwWg1Zk +k/3njwKBgD6Nu6kj4BSWGZacLtePJQzxlsnYiDm9SSmrtqJ1lnpbqo4/Zp5bCHS9 +qMOUv+Hcwpsb3IYI8np1ekZfKi7xFXcRjxKRYnDURQgQKwPeHZ06ht7X0DdTXuiY +K97byeb9hks3QNE1k1EuXue7IXS657Fq5IZrN+NQ6vkqq/X7e91X +-----END RSA PRIVATE KEY----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem new file mode 100644 index 00000000..a9302167 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFAiy3jWfhXnxRqZJCbjzFQzsU3p/MA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gY2xpZW50IHJvb3QwHhcNMTkwNDI4MjA1 +MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIGNs +aWVudCByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYs/WHO+ +FSAezyCnr7C/dohuwQdeNY4p9OkHi7565szigD1e1dPQ2IItlA/LYEC0g6RrMnqx +p7rDZCradqMwPJMFyUCCiTdMtUjrCEySDF0Hzvy5opBveyTvGDrI0jqIjtLvRxNE +z0koXxk8Exnp+0+Cg+ih7WRraQVOOE2ATqM78OMDJYal/tDhxvYQsF2CtT56FvPh +nPSEdnROzmko7xLESQFfgVE/ixSRu4Mz3ZQ1zHIHGWsuDbWS0OUhyJ+15/0n3ipD +LHkeei0xZamuPhmLaYDz+LXiin3QJc+r9+KCPzNiQ/LLH0rK0oNIpwaAHLGM0wFb +MgBnXt2hGCrUqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvHW8APi1lhEguSXDc +X/k5ETL1YJzlEfIn4HKL7kcKo5IOdyHaIigGCWM7atwKeGBtTRl8CTY4wt1L7d+A +LDzF07MlKL/KiX1yPw9ZzHBhKNLYgmKsRL5cgW/YLYEAGD0lTwW7llsqZ40jJ1+X +CWomYEzVpGW76MprYge4Oj+4PRXaZikkn7pzlZVcGJbzr1Q+JaFNLRkAMPK4pRXj +AOSLQpIuc0DzftzC8tHbyLMifrHYdibHaujsvu1mV4NeYhO63ZB8S5Xyz1JlpsEQ +rieLH1/9dnWue7yBCpI+QMRq+zK92HxiCCaM0d6xpSsbI5IawkqmoWj9gYol0EnX +ImLj +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl @@ -0,0 +1 @@ +01 diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem new file mode 100644 index 00000000..e26b6e1a --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFFv62JnwctULelqlEY+sZTPEb7ekMA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGUJhY2t1cCBzeXN0ZW0gc2VydmVyIHJvb3QwHhcNMTkwNDI4MjA1 +MTU1WhcNMzgwMTE4MjA1MTU1WjAkMSIwIAYDVQQDDBlCYWNrdXAgc3lzdGVtIHNl +cnZlciByb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yorMa5E +xhMYLga0zhixr8Ryl+B1EO3VXnhztCNqt/P/pS9vt2f7bUgOCdIwiacHMq4TXUoF +LZYA89LHIX1n6s2WvLfykBWmudW/jR0BRqiFKHGuTOAhiVnzrpGicVhD2a6Mx3Kf +MYcHSMofrpP96eoWERjM64FwfJvuhuBf4eZP3nIBWGbpO8y4XwVHkK+tKp2ePXjW +olZ1GY15cf8SifPWZwWLMdG4VnTKbGOh6DDFCR5KehjIfa9SHdGRD+I1k+G70N0O +OBnpnSbyZRzEwaq3BOqJhLwoRwAe9wQ+hLjgE7VoZOckTCEAFMu4SRM8JeXUeRGi +rnS2z4Kv3Dq+7wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAI6THIONT6lgNq3Bvg +TCBqkBA1W/k372Pktt6IDFW44dT0J9/oq2o6ZNHycpKS3VwS4C05XbU/v5hE/k2O +Cu3/y3en+dJIv4Wl2JTPaSRF/4J46sXNtizVAJDKoE3ZHt1viCjsWyllGXoaavce +fWYppf3g6ImhyAkzlCfyVph2F0vmLZL41K3C040e+GpXdzG1Yy1+2USPhz0Ch+kd +jqIErNp9OnPRd1yRb1YD+dQ7Wei5vB3OXMk3UQiG9AJ2qmxlEem5lTSpt9fTvWfU +OAjTynvWbHTULjxvOeenW7cD5ILSr2zVDYQ53KTWjP9NfmsQTAFzkqJztPpB2A0o +CKG2 +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl new file mode 100644 index 00000000..9e22bcb8 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl @@ -0,0 +1 @@ +02 diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem new file mode 100644 index 00000000..19b6ed62 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQIwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjkxOTI3NDRaFw0zMzAxMDUxOTI3NDRa +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ +2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz +YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE +HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf +2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN +a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +E8KZNWzkbNwhcVEHR34IxVYPy1uppI/jtVOsQGGSVC1UscAWyGiQWPxqMhwYxsVn +gz7QYj1oKye1VRuJNTekARvBRFZzWhAi0qGlpiC5yilZB8IlhYUABmgPjg+PuhAF +xSd+IGVlm/+sisClsPG9DpesyK6+C2ukpVXyaXWR+1/IrQuUpWKLT1pPamVH3zWK +anT+62bbk0XuxsVqCkGx+aPLesCHAfTNuAxWfkbXXcA+HoGNy3IpmpJGhyCnf1je +eL6Wf6sAY44y7wQlwHimbi4kOge+UFLIKkqhHSDO2pzyPc02Gs1bBRd94+v2z5h7 +OkIcTqwiJLjLLIWV4WsdwA== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem new file mode 100644 index 00000000..40ce8cbf --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrDCCAZQCAQEwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UEAwwZQmFja3VwIHN5 +c3RlbSBzZXJ2ZXIgcm9vdDAeFw0xOTA0MjgyMDUxNTdaFw0zMzAxMDQyMDUxNTda +MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAPVJN1fqLpbabNasGicKPsN99rWpdra46+Swl6E7l1KzuPsSSAWCgtg+ +2vjZdlVGcPiq+lBCP8HO0TsDPOLPZdYwmeYl1a8//Fx2CbyV8LsNyA0BEhW8WbKz +YNBQvFOxhLVZQkZ1a+gdkZHIj5A1yt01anX+N37+K64qT0hP3eIWwKv7j3eS2TVE +HcushbDMsBuHEqomh8N4YOGi4BehCl49vbPCBU4jYTNYfF6wgYtDH8giKtox1TNf +2US9dBwOnDL7v9hPqH6yxE5ehZU88guFhUAar9KJxZihSDOW7QFSKJPzSFl+b6ZN +a6hp0jrlv+pYVDuMnMxMWWnYA8Me2IsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA +fu1wVNuZLkO0e8+oYAnznL7oknE8QJGAd/P2/MqgfsnBXHS0UVl+5L8DQdvCBarr +vDO/CVL9/ZGj30CipA556cz1pYDtx5TV2GLtfKHKJhoftbgswmt1pPowIIa8zlBA +SOERy2ooXGnrA5kii+fifkiWy1R0FmJTKZ2jX41Xq60FwXWX7cyCq/xRI+V08HrY +mNJ2rmAjyWpWZpPNOtQ/SYIX1s2KoPw4XMxfiP5fiMOl3RqEVBkW0h9Hxikl8wKY +EmA/ESm1F6lnRXvGXWDGQIFCRf2Rv0KlPvNPA/GLZMr0ibYIjc4KnIxKFg//GQF3 +LUYpyJyToT8hE49ypG18mQ== +-----END CERTIFICATE----- diff --git a/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf new file mode 100644 index 00000000..6e235b24 --- /dev/null +++ b/test/basicserver/testfiles/seclevel2-sha256/raidfile.conf @@ -0,0 +1,10 @@ + +disc0 +{ + SetNumber = 0 + BlockSize = 1024 + Dir0 = . + Dir1 = . + Dir2 = . +} + diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha1.conf b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf new file mode 100644 index 00000000..01e0fe6d --- /dev/null +++ b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf @@ -0,0 +1,8 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem + PrivateKeyFile = testfiles/seclevel2-sha1/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha1/ca/roots/clientCA.pem +} diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha256.conf b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf new file mode 100644 index 00000000..4db52361 --- /dev/null +++ b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf @@ -0,0 +1,8 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem + PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem +} diff --git a/test/bbackupd/testbbackupd.cpp b/test/bbackupd/testbbackupd.cpp index cc602f22..d55b5d8d 100644 --- a/test/bbackupd/testbbackupd.cpp +++ b/test/bbackupd/testbbackupd.cpp @@ -26,6 +26,10 @@ #include <sys/wait.h> #endif +#ifdef HAVE_PWD_H + #include <pwd.h> +#endif + #ifdef HAVE_SYS_XATTR_H #include <cerrno> #include <sys/xattr.h> @@ -428,7 +432,8 @@ bool kill_running_daemons() } bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, - bool do_start_bbstored = true) + bool do_start_bbstored = true, + const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") { Timers::Cleanup(false); // don't throw exception if not initialised Timers::Init(); @@ -469,8 +474,7 @@ bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, #endif } - TEST_THAT_OR(configure_bbackupd(bbackupd, "testfiles/bbackupd.conf"), - FAIL); + TEST_THAT_OR(configure_bbackupd(bbackupd, bbackupd_conf_file), FAIL); spDaemon = &bbackupd; return true; } @@ -985,13 +989,14 @@ bool test_entry_deleted(BackupStoreDirectory& rDir, bool compare(BackupQueries::ReturnCode::Type expected_status, const std::string& bbackupquery_options = "", - const std::string& compare_options = "-acQ") + const std::string& compare_options = "-acQ", + const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") { std::string cmd = BBACKUPQUERY; cmd += " "; cmd += (expected_status == BackupQueries::ReturnCode::Compare_Same) ? "-Wwarning" : "-Werror"; - cmd += " -c testfiles/bbackupd.conf "; + cmd += " -c " + bbackupd_conf_file; cmd += " " + bbackupquery_options; cmd += " \"compare " + compare_options + "\" quit"; @@ -4039,6 +4044,113 @@ bool test_parse_syncallowscript_output() TEARDOWN_TEST_BBACKUPD(); } + +bool test_bbackupd_config_script() +{ + SETUP_TEST_BBACKUPD(); + +#ifdef WIN32 + BOX_NOTICE("skipping test on this platform"); // TODO: write a PowerShell version +#else + char buf[PATH_MAX]; + if (getcwd(buf, sizeof(buf)) == NULL) + { + BOX_LOG_SYS_ERROR("getcwd"); + } + std::string current_dir = buf; + + TEST_THAT(mkdir("testfiles/tmp", 0777) == 0); + TEST_THAT(mkdir("testfiles/TestDir1", 0777) == 0); + + // Generate a new configuration for our test bbackupd, from scratch: + std::string cmd = "../../../bin/bbackupd/bbackupd-config " + + current_dir + "/testfiles/tmp " // config-dir + "lazy " // backup-mode + "12345 " // account-num + "localhost " + // server-hostname + current_dir + "/testfiles " + // working-dir + current_dir + "/testfiles/TestDir1"; // backup directories + TEST_RETURN(system(cmd.c_str()), 0) + + // Open the generated config file and add a StorePort line: + { + FileStream conf_file("testfiles/tmp/bbackupd.conf", O_WRONLY | O_APPEND); + conf_file.IOStream::Write("StorePort = 22011\n"); + conf_file.Close(); + } + + // Generate a new configuration for our test bbstored, from scratch: + struct passwd *result = getpwuid(getuid()); + TEST_THAT_OR(result != NULL, FAIL); // failed to get username for current user + std::string username = result->pw_name; + + cmd = "../../../bin/bbstored/bbstored-config testfiles/tmp localhost " + username + " " + "testfiles/raidfile.conf"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "sed -i.orig -e 's/\\(ListenAddresses = inet:localhost\\)/\\1:22011/' " + "-e 's@PidFile = .*/run/bbstored.pid@PidFile = testfiles/bbstored.pid@' " + "testfiles/tmp/bbstored.conf"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + // Create a server certificate authority, and sign the client and server certificates: + cmd = "../../../bin/bbstored/bbstored-certs testfiles/tmp/ca init"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign " + "testfiles/tmp/bbackupd/12345-csr.pem"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "echo yes | ../../../bin/bbstored/bbstored-certs testfiles/tmp/ca sign-server " + "testfiles/tmp/bbstored/localhost-csr.pem"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + // Copy the certificate files into the right places + cmd = "cp testfiles/tmp/ca/clients/12345-cert.pem testfiles/tmp/bbackupd"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "cp testfiles/tmp/ca/roots/serverCA.pem testfiles/tmp/bbackupd"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "cp testfiles/tmp/ca/servers/localhost-cert.pem testfiles/tmp/bbstored"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + cmd = "cp testfiles/tmp/ca/roots/clientCA.pem testfiles/tmp/bbstored"; + TEST_RETURN(system(cmd.c_str()), 0) + + cmd = BBSTOREACCOUNTS " -c testfiles/tmp/bbstored.conf create 12345 0 1M 2M"; + TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) + + bbstored_pid = StartDaemon(bbstored_pid, BBSTORED " " + bbstored_args + + " -o testfiles/tmp/bbstored.log testfiles/tmp/bbstored.conf", + "testfiles/bbstored.pid"); + + { + Capture capture; + Logging::TempLoggerGuard guard(&capture); + + BackupDaemon bbackupd; + TEST_THAT( + setup_test_bbackupd( + bbackupd, + true, // do_unpack_files + false, // !do_start_bbstored + "testfiles/tmp/bbackupd.conf") + ); + + bbackupd.RunSyncNow(); + } + + TEST_THAT(compare(BackupQueries::ReturnCode::Compare_Same, + "-otestfiles/tmp/bbackupquery.log", "-acQ", "testfiles/tmp/bbackupd.conf")); + + TEST_THAT(StopServer()); +#endif // !WIN32 + + TEARDOWN_TEST_BBACKUPD(); +} + + int test(int argc, const char *argv[]) { // SSL library @@ -4104,6 +4216,7 @@ int test(int argc, const char *argv[]) TEST_THAT(test_backup_many_files()); TEST_THAT(test_parse_incomplete_command()); TEST_THAT(test_parse_syncallowscript_output()); + TEST_THAT(test_bbackupd_config_script()); TEST_THAT(kill_running_daemons()); |