TO-DO FOR FULL PILOT VERSION (by July 1, 2013)
============================
-DONE Check rp_realm COI membership in TR
-DONE Check idp_realm APC membership in TR
-DONE Check gss_name on incoming TID request in TR (in TIDS, too?)
+- Check rp_realm COI membership in TR
+- Check idp_realm APC membership in TR
+- Add key confirmation to TID protocol
+- Check gss_name on incoming TID request in TR (in TIDS, too?)
- Add Request ID to TID messages (req'd for mult simultaneous reqs)
+- Fix issue with how DH params are handled in the TR (API clean-up)
- Handle per-request community configuration in AAA proxy
- Normalize/configure logging for info, warnings and errors (log4c)
- Clean-up gsscon API and messages
-DONE Add accessors for all externally accessible data structures, etc.
-DONE Formalize API for integration with RADIUS servers
-DONE Figure out what to do about commented-out checks in gsscon_passive.c
+- Add accessors for all externally accessible data structures, etc.
+- Formalize API for integration with RADIUS servers
+- Figure out what to do about commented-out checks in gsscon_passive.c
- Handle IPv6 addresses in TID req/resp (use getaddrinfo())
-DONE Implement rp_permitted filters (incl. general filtering mechanism)
-DONE Add constraints to TID req in TR, store and use them in AAA Server
+- Implement rp_permitted filters (incl. general filtering mechanism)
+- Add constraints to TID req in TR, store and use them in AAA Server
- Use valgrind to check for memory leaks, other issues
- Resolve remaining TBDs
-DONE Full functional testing
+- Full functional testing
TO-DO FOR PRODUCTION VERSION (expected in August 2013)
============================
--- /dev/null
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2012-10-14.11; # UTC
+
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" "" $nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv/,$2, in
+ *,$file_conv,*)
+ ;;
+ mingw/*)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin/*)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine/*)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+ func_file_conv "$1"
+ if test -z "$lib_path"; then
+ lib_path=$file
+ else
+ lib_path="$lib_path;$file"
+ fi
+ linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+ lib=$1
+ found=no
+ save_IFS=$IFS
+ IFS=';'
+ for dir in $lib_path $LIB
+ do
+ IFS=$save_IFS
+ if $shared && test -f "$dir/$lib.dll.lib"; then
+ found=yes
+ lib=$dir/$lib.dll.lib
+ break
+ fi
+ if test -f "$dir/$lib.lib"; then
+ found=yes
+ lib=$dir/$lib.lib
+ break
+ fi
+ if test -f "$dir/lib$lib.a"; then
+ found=yes
+ lib=$dir/lib$lib.a
+ break
+ fi
+ done
+ IFS=$save_IFS
+
+ if test "$found" != yes; then
+ lib=$lib.lib
+ fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+ # Assume a capable shell
+ lib_path=
+ shared=:
+ linker_opts=
+ for arg
+ do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ eat=1
+ case $2 in
+ *.o | *.[oO][bB][jJ])
+ func_file_conv "$2"
+ set x "$@" -Fo"$file"
+ shift
+ ;;
+ *)
+ func_file_conv "$2"
+ set x "$@" -Fe"$file"
+ shift
+ ;;
+ esac
+ ;;
+ -I)
+ eat=1
+ func_file_conv "$2" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -I*)
+ func_file_conv "${1#-I}" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -l)
+ eat=1
+ func_cl_dashl "$2"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -l*)
+ func_cl_dashl "${1#-l}"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -L)
+ eat=1
+ func_cl_dashL "$2"
+ ;;
+ -L*)
+ func_cl_dashL "${1#-L}"
+ ;;
+ -static)
+ shared=false
+ ;;
+ -Wl,*)
+ arg=${1#-Wl,}
+ save_ifs="$IFS"; IFS=','
+ for flag in $arg; do
+ IFS="$save_ifs"
+ linker_opts="$linker_opts $flag"
+ done
+ IFS="$save_ifs"
+ ;;
+ -Xlinker)
+ eat=1
+ linker_opts="$linker_opts $2"
+ ;;
+ -*)
+ set x "$@" "$1"
+ shift
+ ;;
+ *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+ func_file_conv "$1"
+ set x "$@" -Tp"$file"
+ shift
+ ;;
+ *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+ func_file_conv "$1" mingw
+ set x "$@" "$file"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+ done
+ if test -n "$linker_opts"; then
+ linker_opts="-link$linker_opts"
+ fi
+ exec "$@" $linker_opts
+ exit 1
+}
+
+eat=
+
+case $1 in
+ '')
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "compile $scriptversion"
+ exit $?
+ ;;
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ func_cl_wrapper "$@" # Doesn't return...
+ ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ # So we strip '-o arg' only if arg is an object.
+ eat=1
+ case $2 in
+ *.o | *.obj)
+ ofile=$2
+ ;;
+ *)
+ set x "$@" -o "$2"
+ shift
+ ;;
+ esac
+ ;;
+ *.c)
+ cfile=$1
+ set x "$@" "$1"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+ # If no '-o' option was seen then we might have been invoked from a
+ # pattern rule where we don't need one. That is ok -- this is a
+ # normal compilation that the losing compiler can handle. If no
+ # '.c' file was seen then we are probably linking. That is also
+ # ok.
+ exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file. Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+ if mkdir "$lockdir" >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+ test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+ test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2013-07-13.22; # UTC
+
+# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+# Make unconditional expansion of undefined variables an error. This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+ echo "$0: $*" >&2
+ print_usage >&2
+ exit 2
+}
+
+print_usage ()
+{
+ cat <<END
+Usage:
+ test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
+ [--expect-failure={yes|no}] [--color-tests={yes|no}]
+ [--enable-hard-errors={yes|no}] [--]
+ TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+END
+}
+
+test_name= # Used for reporting.
+log_file= # Where to save the output of the test script.
+trs_file= # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+ case $1 in
+ --help) print_usage; exit $?;;
+ --version) echo "test-driver $scriptversion"; exit $?;;
+ --test-name) test_name=$2; shift;;
+ --log-file) log_file=$2; shift;;
+ --trs-file) trs_file=$2; shift;;
+ --color-tests) color_tests=$2; shift;;
+ --expect-failure) expect_failure=$2; shift;;
+ --enable-hard-errors) enable_hard_errors=$2; shift;;
+ --) shift; break;;
+ -*) usage_error "invalid option: '$1'";;
+ *) break;;
+ esac
+ shift
+done
+
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file" = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file" = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+ usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+ usage_error "missing argument"
+fi
+
+if test $color_tests = yes; then
+ # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+ red='\e[0;31m' # Red.
+ grn='\e[0;32m' # Green.
+ lgn='\e[1;32m' # Light green.
+ blu='\e[1;34m' # Blue.
+ mgn='\e[0;35m' # Magenta.
+ std='\e[m' # No color.
+else
+ red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here.
+"$@" >$log_file 2>&1
+estatus=$?
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+ estatus=1
+fi
+
+case $estatus:$expect_failure in
+ 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+ 0:*) col=$grn res=PASS recheck=no gcopy=no;;
+ 77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
+ 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;;
+ *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;;
+ *:*) col=$red res=FAIL recheck=yes gcopy=yes;;
+esac
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+# see git-dpm(1) from git-dpm package
+f159988592bd2db0f7ef6662a9117af6b82b23ff
+f159988592bd2db0f7ef6662a9117af6b82b23ff
+bbf497cdf42f068cae597f3a38e2d2400470119b
+bbf497cdf42f068cae597f3a38e2d2400470119b
+moonshot-trust-router_1.4.1.orig.tar.gz
+a8c6fb6b6f9cfd2bcec95a9433723147d24a48ba
+371621
--- /dev/null
+The Debian Package moonshot-trust-router
+----------------------------
+
+Comments regarding the Package
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 05 Dec 2012 14:24:54 -0500
--- /dev/null
+* Service files and possibly init scripts for trust_router and tids (tids already has service file)
+
+Sadly, the code in its current state really works a lot better with
+journald than another logging approach, so there's a huge advantage to
+using systemd.
+
+* Include pointers to what we have for current documentation.
--- /dev/null
+moonshot-trust-router (2.0-1) UNRELEASED; urgency=low
+
+ * New upstream release
+ * Support dynamic trust route peering, flooding, and discovery
+ * Support TID request routing
+ * New configuration file format
+
+ -- Jennifer Richards <jennifer@painless-security.com> Tue, 20 Sep 2016 14:57:24 -0400
+
+moonshot-trust-router (1.5.1~2) unstable; urgency=medium
+
+ * Fix insert statement
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 25 Mar 2015 21:20:54 -0400
+
+moonshot-trust-router (1.5.1~1) unstable; urgency=medium
+
+ * New Upstream version to fix key expiration schema/view
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 25 Mar 2015 14:30:01 -0400
+
+moonshot-trust-router (1.5~4) unstable; urgency=medium
+
+ * Fix versioning because we want to fix the gss_delete_sec_context for wheezy
+ * Move logging section to tr_internal
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 17 Mar 2015 15:20:21 -0400
+
+moonshot-trust-router (1.5~3) unstable; urgency=medium
+
+ * Pull in expiration fix
+ * Depend on sufficiently new moonshot-gss-eap to avoid
+ delete_sec_context problem
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 17 Mar 2015 12:27:57 -0400
+
+moonshot-trust-router (1.5~2) UNRELEASED; urgency=medium
+
+ * Fix comparison operator
+
+ -- Sam Hartman <hartmans@debian.org> Fri, 13 Mar 2015 16:23:37 -0400
+
+moonshot-trust-router (1.5~1) unstable; urgency=medium
+
+ * New Upstream Release
+ * Support Key expiration and logging
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 11 Mar 2015 10:52:39 -0400
+
+moonshot-trust-router (1.4.1-2) unstable; urgency=medium
+
+ * Print default realm from Config (LP: #1386654)
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 04 Nov 2014 15:50:04 -0500
+
+moonshot-trust-router (1.4.1-1) unstable; urgency=medium
+
+ * New upstream version
+ * Fix major bug in handling of community lookups when defaulting is
+ not used.
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 07 Oct 2014 07:19:13 -0400
+
+moonshot-trust-router (1.4-9) unstable; urgency=medium
+
+ * Fix lintian errors:
+ - Update LSB header for tids init script
+ - Make tids wrapper executable
+ - Override things lintian gets wrong
+
+ -- Sam Hartman <hartmans@debian.org> Fri, 03 Oct 2014 16:22:31 -0400
+
+moonshot-trust-router (1.4-8) unstable; urgency=medium
+
+ * Fix umask of database
+
+ -- Sam Hartman <hartmans@debian.org> Fri, 03 Oct 2014 11:15:57 -0400
+
+moonshot-trust-router (1.4-7) unstable; urgency=medium
+
+ * Remove debugging and fix postinst script to work when SHELL is not set.
+
+ -- Sam Hartman <hartmans@debian.org> Fri, 03 Oct 2014 10:20:15 -0400
+
+moonshot-trust-router (1.4-6) unstable; urgency=medium
+
+ * Even more debugging
+
+ -- Sam Hartman <hartmans@debian.org> Thu, 02 Oct 2014 16:44:20 -0400
+
+moonshot-trust-router (1.4-5) unstable; urgency=medium
+
+ * Even more debugging
+
+ -- Sam Hartman <hartmans@debian.org> Thu, 02 Oct 2014 16:01:30 -0400
+
+moonshot-trust-router (1.4-4) unstable; urgency=medium
+
+ * postinst quiet about user creation
+ * tids.init:fix run levels
+ * Add debugging to postinst to try and understand dvd creation bug
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 01 Oct 2014 22:37:46 -0400
+
+moonshot-trust-router (1.4-3) unstable; urgency=medium
+
+ * Create a schema on upgrade or install
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 30 Sep 2014 15:21:43 -0400
+
+moonshot-trust-router (1.4-2) unstable; urgency=medium
+
+ * Update to fix bug in init script, Thanks Stefan
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 30 Sep 2014 14:53:39 -0400
+
+moonshot-trust-router (1.4-1) unstable; urgency=medium
+
+ * New Upstream version
+ * Install tids init script, thanks Stefan Paetow
+
+ -- Sam Hartman <hartmans@debian.org> Fri, 26 Sep 2014 10:45:18 -0400
+
+moonshot-trust-router (1.3.1-1) unstable; urgency=medium
+
+ * New Upstream Version
+ * Initial Debian release, Closes: #759398
+ * Use git dpm and 3.0 quilt source format
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 27 Aug 2014 19:13:23 -0400
+
+moonshot-trust-router (1.3-1) unstable; urgency=medium
+
+ * New upstream version
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 22 Jul 2014 12:05:27 -0400
+
+moonshot-trust-router (1.2-4) unstable; urgency=medium
+
+ * Fix another bug in tids.service
+
+ -- Sam Hartman <hartmans@debian.org> Mon, 26 May 2014 15:43:46 -0400
+
+moonshot-trust-router (1.2-3) unstable; urgency=medium
+
+ * trust_router not trustrouter in tids.service
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 21 May 2014 16:02:15 -0400
+
+moonshot-trust-router (1.2-2) unstable; urgency=medium
+
+ * Include systemd service and schema file
+ * Create trustrouter user on install
+
+ -- Sam Hartman <hartmans@debian.org> Mon, 19 May 2014 20:48:12 -0400
+
+moonshot-trust-router (1.2-1) unstable; urgency=low
+
+ * New upstream version.
+ * Includes constraints, gss-name change and settable port number.
+
+ -- Margaret Wasserman <mrw@painless-security.com> Tue, 18 Mar 2014 18:00:19 -0400
+
+moonshot-trust-router (1.0.1-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Sam Hartman <hartmans@debian.org> Fri, 20 Dec 2013 15:17:17 -0500
+
+moonshot-trust-router (1.0-2) unstable; urgency=low
+
+ * New release including trustidentity for acceptor
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 20 Nov 2013 08:26:16 -0500
+
+moonshot-trust-router (1.0-1) unstable; urgency=low
+
+ * New upstream version, 1.0 release
+
+ -- Mark Donnelly <mark@mark-VirtualBox.painless-security.com> Thu, 18 Jul 2013 11:00:32 -0400
+
+moonshot-trust-router (0.2+20130506-1) unstable; urgency=low
+
+ * New upstream version, beta release
+
+ -- Margaret Wasserman <mrw@painless-security.com> Mon, 06 May 2013 15:40:43 -0400
+
+moonshot-trust-router (0.1+20130418-1) unstable; urgency=low
+
+ * New upstream version
+ * Includes trust router and working tids
+
+ -- Sam Hartman <hartmans@debian.org> Thu, 18 Apr 2013 11:47:21 -0400
+
+moonshot-trust-router (0.0+20121205) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 05 Dec 2012 14:24:54 -0500
--- /dev/null
+Source: moonshot-trust-router
+Section: net
+Priority: extra
+Maintainer: Sam Hartman <hartmans@debian.org>
+Build-Depends: debhelper (>= 9), autotools-dev, automake, autoconf, libtool, libjansson-dev, libkrb5-dev (>= 1.10~), dh-autoreconf, libssl-dev, libsqlite3-dev, libtalloc-dev, libglib2.0-dev, libevent-dev
+Standards-Version: 3.9.5
+Homepage: http://www.project-moonshot.org/
+Vcs-Git: git://git.project-moonshot.org/trust_router.git
+
+Package: moonshot-trust-router
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, moonshot-gss-eap (>= 0.9.2-3+deb8u1), adduser, sqlite3
+Description: Moonshot Trust Router
+ Moonshot allows services using GSS-API applications to gain federated
+ access to identities provided by other organizations. Moonshot uses
+ EAP and RADIUS over TLS for authentication and federation and SAML
+ for enhanced attribute exchange.
+ .
+ This package provides the trust router and associated commands. The
+ trust router provides authenticated key exchange so that RADIUS
+ proxies in one organization can connect to RADIUS servers (providing
+ identities) in another organization.
+
+Package: moonshot-trust-router-dev
+Section: libdevel
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libtr-tid2 (= ${binary:Version})
+Description: Development environment for the Trust Router
+ Moonshot allows services using GSS-API applications to gain federated
+ access to identities provided by other organizations. Moonshot uses
+ EAP and RADIUS over TLS for authentication and federation and SAML
+ for enhanced attribute exchange.
+ .
+ This package provides the trust router development environment. The
+ trust router provides authenticated key exchange so that RADIUS
+ proxies in one organization can connect to RADIUS servers (providing
+ identities) in another organization.
+
+
+Package: libtr-tid2
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Breaks: moonshot-gss-eap (<< 0.9.2-3+deb8u1)
+Pre-Depends: ${misc:Pre-Depends}
+Multi-Arch: same
+Description: Moonshot Temporary Identity Shared Libraries
+ Moonshot allows services using GSS-API applications to gain federated
+ access to identities provided by other organizations. Moonshot uses
+ EAP and RADIUS over TLS for authentication and federation and SAML
+ for enhanced attribute exchange.
+ .
+ This package provides the trust router's Temporary Identity Protocol
+ client and server library. The trust router provides authenticated
+ key exchange so that RADIUS proxies in one organization can connect
+ to RADIUS servers (providing identities) in another organization.
+
+
+Package: moonshot-trust-router-dbg
+Section: debug
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, moonshot-trust-router (= ${binary:Version}) |libtr-tid2 (= ${binary:Version})
+Description: Trust Router Debugging Symbols
+ This package includes debugging symbols for trust router libraries
+ and binaries.
--- /dev/null
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: git://git.project-moonshot.org/trust_router.git
+
+Files: *
+Copyright: 2009-2014 JANET(UK)
+License: BSD-3-clause
+
+Files: gsscon/*
+Copyright: 2012-2014 JANET(UK)
+ 2004-2006 Massachusetts Institute of Technology.
+License: BSD-3-clause and OLD-MIT-KERBEROS
+ Copyright (c) 2012, JANET(UK)
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of JANET(UK) nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+ .
+ This code was adapted from the MIT Kerberos Consortium's
+ GSS example code, which was distributed under the following
+ license:
+ Copyright 2004-2006 Massachusetts Institute of Technology.
+ All Rights Reserved.
+ .
+ WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ distribute this software and its documentation for any purpose and
+ without fee is hereby granted, provided that the above copyright
+ notice appear in all copies and that both that copyright notice and
+ this permission notice appear in supporting documentation, and that
+ the name of M.I.T. not be used in advertising or publicity pertaining
+ to distribution of the software without specific, written prior
+ permission. Furthermore if you modify this software you must label
+ your software as modified software and not distribute it in such a
+ fashion that it might be confused with the original M.I.T. software.
+ M.I.T. makes no representations about the suitability of
+ this software for any purpose. It is provided "as is" without express
+ or implied warranty.
+
+
+Files: common/jansson_iterators.h
+Copyright: 2009-2013 Petri Lehtinen <petri@digip.org>
+License: JANSSON
+ Jansson is free software; you can redistribute it and/or modify
+ it under the terms of the MIT license. See LICENSE for details.
+ Copyright (c) 2009-2013 Petri Lehtinen <petri@digip.org>
+ .
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+
+Files: debian/*
+Copyright: 2012-2014 Sam Hartman <hartmans@debian.org>
+License: BSD-3-clause
+
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of JANET(UK) nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
--- /dev/null
+[DEFAULT]
+pristine-tar=True
+debian-branch=debian
--- /dev/null
+usr/lib/*/*.so.*
--- /dev/null
+libtr_tid.so.2 libtr-tid2 #MINVER#
+ tid_dup_req@Base 1.3
+ tid_req_free@Base 1.3
+ tid_req_get_comm@Base 1.3
+ tid_req_get_conn@Base 1.3
+ tid_req_get_cookie@Base 1.3
+ tid_req_get_gssctx@Base 1.3
+ tid_req_get_next_req@Base 1.3
+ tid_req_get_orig_coi@Base 1.3
+ tid_req_get_realm@Base 1.3
+ tid_req_get_resp_func@Base 1.3
+ tid_req_get_resp_rcvd@Base 1.3
+ tid_req_get_resp_sent@Base 1.3
+ tid_req_get_rp_realm@Base 1.3
+ tid_req_new@Base 1.3
+ tid_resp_get_comm@Base 1.3
+ tid_resp_get_err_msg@Base 1.3
+ tid_resp_get_num_servers@Base 1.3
+ tid_resp_get_orig_coi@Base 1.3
+ tid_resp_get_realm@Base 1.3
+ tid_resp_get_result@Base 1.3
+ tid_resp_get_rp_realm@Base 1.3
+ tid_resp_get_server@Base 1.3
+ tid_srvr_get_address@Base 1.3
+ tid_srvr_get_dh@Base 1.3
+ tid_srvr_get_key_name@Base 1.3
+ tidc_create@Base 1.3
+ tidc_destroy@Base 1.3
+ tidc_fwd_request@Base 1.3
+ tidc_get_dh@Base 1.3
+ tidc_open_connection@Base 1.3
+ tidc_send_request@Base 1.3
+ tidc_set_dh@Base 1.3
+ tids_create@Base 1.3
+ tids_destroy@Base 1.3
+ tids_send_err_response@Base 1.3
+ tids_send_response@Base 1.3
+ tids_start@Base 1.3
+ tr_bin_to_hex@Base 1.3
+ tr_compute_dh_key@Base 1.3
+ tr_constraint_add_to_set@Base 1.3
+ tr_constraint_set_filter@Base 1.3
+ tr_constraint_set_get_match_strings@Base 1.3
+ tr_constraint_set_intersect@Base 1.3
+ tr_constraint_set_validate@Base 1.3
+ tr_create_dh_params@Base 1.3
+ tr_create_matching_dh@Base 1.3
+ tr_destroy_dh_params@Base 1.3
+ tr_dh_free@Base 1.3
+ tr_dh_pub_hash@Base 1.3
+ tr_dup_name@Base 1.3
+ tr_free_name@Base 1.3
+ tr_name_cmp@Base 1.3
+ tr_name_strdup@Base 1.3
+ tr_name_strlcat@Base 1.3
+ tr_new_name@Base 1.3
+ tr_prefix_wildcard_match@Base 1.3
--- /dev/null
+usr/lib/*/*so
+usr/lib/*/*.a
+usr/include
--- /dev/null
+usr/lib/trust_router
--- /dev/null
+usr/bin/tidc
+usr/bin/tids
+usr/bin/trpc
+usr/bin/trust_router
+usr/share/trust_router/*
+lib/systemd/system/*
+
+debian/tids-wrapper usr/lib/trust_router
--- /dev/null
+moonshot-trust-router: binary-without-manpage usr/bin/tidc
+moonshot-trust-router: binary-without-manpage usr/bin/trust_router
+moonshot-trust-router: binary-without-manpage usr/bin/tids
+moonshot-trust-router: script-not-executable usr/share/trust_router/redhat/*
+# No, actually we do test earlier and exit if the default file is not present
+moonshot-trust-router: init.d-script-sourcing-without-test
--- /dev/null
+#!/bin/sh
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ if dpkg --compare-versions "$2" lt 1.2-2; then
+ adduser --quiet --system --home /var/lib/trust_router --group --disabled-login trustrouter
+ fi
+ if dpkg --compare-versions "$2" lt-nl 1.5.1 ; then
+ # Schema updated
+ rm -f /var/lib/trust_router/keys
+ fi
+ su -s /bin/sh -c "umask 027&&sqlite3 </usr/share/trust_router/schema.sql /var/lib/trust_router/keys" trustrouter ||true
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/bash
+### BEGIN INIT INFO
+# Provides: tids
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Required-Start: $local_fs $remote_fs $network
+# Required-Stop:local_fs $remote_fs $network
+# Should-Start: freeradius
+# Short-Description: Starts Moonshot TIDS
+# Description: Starts the Moonshot Temporary ID Service
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+. /lib/lsb/init-functions
+
+[ -z "$HOME" ] && export HOME=/
+
+usage() {
+ echo "Usage: $0 {start|stop|status}"
+}
+
+# Load the configuration
+[ -f /etc/default/trust_router ] || exit 0
+. /etc/default/trust_router
+TIDS_PIDDIR=/var/run/trust_router
+TIDS_LOGDIR=/var/log/trust_router
+
+# Create the PID and LOG directories
+[ -d "$TIDS_PIDDIR" ] || mkdir -p $TIDS_PIDDIR && chown $TIDS_USER:$TIDS_GROUP $TIDS_PIDDIR
+[ -d "$TIDS_LOGDIR" ] || mkdir -p $TIDS_LOGDIR && chown $TIDS_USER:$TIDS_GROUP $TIDS_LOGDIR
+
+# Some variables
+prog=/usr/lib/trust_router/tids-wrapper
+PIDFILE="$TIDS_PIDDIR/tids.pid"
+LOGFILE="$TIDS_LOGDIR/tids.log"
+
+# Does the trust router and wrapper exist
+[ -x /usr/bin/tids ] || exit 5
+[ -x $prog ] || exit 5
+
+[ -f "$LOGFILE" ] || touch $LOGFILE && chown $TIDS_USER:$TIDS_GROUP $LOGFILE
+
+OPTIONS="$PIDFILE $LOGFILE $ipaddr $gssname $hostname /var/lib/trust_router/keys"
+
+case $1 in
+ start)
+ if [ -f ${PIDFILE} ] ;
+ then
+ OLD_PID=$(cat "$PIDFILE")
+
+ if [ -d "/proc/$OLD_PID" ] ;
+ then
+ echo "Error: TIDS already running" ; exit 1
+ else
+ rm $PIDFILE
+ fi
+ fi
+
+ timestamp=$(date)
+ echo "$timestamp Starting TIDS..." >> $LOGFILE
+ log_daemon_msg "Starting TIDS" "tids"
+ start-stop-daemon --start --chuid $TIDS_USER --pidfile $PIDFILE --oknodo --startas $prog $OPTIONS
+ status=$?
+ log_end_msg $status
+ ;;
+ stop)
+ timestamp=$(date)
+ echo "$timestamp Stopping TIDS..." >> $LOGFILE
+ log_daemon_msg "Stopping TIDS" "tids"
+ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
+ status=$?
+ log_end_msg $status
+ rm -f $PIDFILE
+ ;;
+ status)
+ if [ -f $PIDFILE ] ;
+ then
+ PID=$(cat "$PIDFILE")
+
+ if [ -d "/proc/$PID" ] ;
+ then
+ echo "TIDS is running (pid $PID)"
+ else
+ if [ -e $PIDFILE ] ; then
+ echo "TIDS appears to be dead but its PID file exists"
+ else
+ echo "TIDS appears to be stopped"
+ fi
+ fi
+ else
+ echo "TIDS appears to be stopped"
+ fi
+ exit 0
+ ;;
+ reload | force-reload | condrestart | try-restart)
+ usage
+ exit 3
+ ;;
+ *)
+ usage
+ exit 2
+ ;;
+esac
--- /dev/null
+From a7cab74a12d0c5064c02c99b22039d24b75283df Mon Sep 17 00:00:00 2001
+From: Margaret Wasserman <mrw@painless-security.com>
+Date: Tue, 4 Nov 2014 15:30:28 -0500
+Subject: Add default aaa server to config printout, remove redundant log
+ mesage.
+
+---
+ common/tr_config.c | 2 +-
+ tid/tidc.c | 1 -
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/common/tr_config.c b/common/tr_config.c
+index 352c894..66eda35 100644
+--- a/common/tr_config.c
++++ b/common/tr_config.c
+@@ -570,7 +570,7 @@ static TR_CFG_RC tr_cfg_parse_default_servers (TR_CFG *trc, json_t *jcfg)
+ &rc))) {
+ return rc;
+ }
+- fprintf(stderr, "tr_cfg_parse_default_servers: Default server configured.\n");
++ fprintf(stderr, "tr_cfg_parse_default_servers: Default server configured: %s.\n", ds->hostname->buf);
+ ds->next = trc->default_servers;
+ trc->default_servers = ds;
+ }
+diff --git a/tid/tidc.c b/tid/tidc.c
+index 103d354..649706c 100644
+--- a/tid/tidc.c
++++ b/tid/tidc.c
+@@ -74,7 +74,6 @@ int tidc_open_connection (TIDC_INSTANCE *tidc,
+ else
+ use_port = port;
+
+- fprintf(stderr, "tidc_open_connection: Opening GSS connection to %s:%u.", server, use_port);
+ err = gsscon_connect(server, use_port, "trustidentity", &conn, gssctx);
+
+ if (!err)
--- /dev/null
+From f159988592bd2db0f7ef6662a9117af6b82b23ff Mon Sep 17 00:00:00 2001
+From: Margaret Wasserman <mrw@painless-security.com>
+Date: Tue, 4 Nov 2014 15:35:09 -0500
+Subject: Remove period from default configuration message.
+
+---
+ common/tr_config.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/tr_config.c b/common/tr_config.c
+index 66eda35..ccc8a9d 100644
+--- a/common/tr_config.c
++++ b/common/tr_config.c
+@@ -570,7 +570,7 @@ static TR_CFG_RC tr_cfg_parse_default_servers (TR_CFG *trc, json_t *jcfg)
+ &rc))) {
+ return rc;
+ }
+- fprintf(stderr, "tr_cfg_parse_default_servers: Default server configured: %s.\n", ds->hostname->buf);
++ fprintf(stderr, "tr_cfg_parse_default_servers: Default server configured: %s\n", ds->hostname->buf);
+ ds->next = trc->default_servers;
+ trc->default_servers = ds;
+ }
--- /dev/null
+From cee86495bad5c1f6d019cfc73c47fb86562dc0b2 Mon Sep 17 00:00:00 2001
+From: Sam Hartman <hartmans@debian.org>
+Date: Wed, 27 Aug 2014 19:05:15 -0400
+Subject: gitignore
+
+INclude gitignore files not distributed in upstream tarball
+
+Patch-Name: gitignore
+---
+ .gitignore | 24 ++++++++++++++++++++++++
+ gsscon/test/.gitignore | 2 ++
+ 2 files changed, 26 insertions(+)
+ create mode 100644 .gitignore
+ create mode 100644 gsscon/test/.gitignore
+
+diff --git a/.gitignore b/.gitignore
+new file mode 100644
+index 0000000..7159568
+--- /dev/null
++++ b/.gitignore
+@@ -0,0 +1,24 @@
++*~
++\#*\#
++.\#*
++*.o
++*.la
++*.lo
++.deps
++.dirstamp
++.libs
++aclocal.m4
++build-aux
++configure
++Makefile.in
++Makefile
++autom4te.cache
++m4
++ltmain.sh
++libtool
++config.*
++tr/trust_router
++common/dh_test/tr_dh_test
++common/t_constraint
++tid/example/tids
++tid/example/tidc
+\ No newline at end of file
+diff --git a/gsscon/test/.gitignore b/gsscon/test/.gitignore
+new file mode 100644
+index 0000000..89859de
+--- /dev/null
++++ b/gsscon/test/.gitignore
+@@ -0,0 +1,2 @@
++gsscon_client
++gsscon_server
--- /dev/null
+gitignore
+0002-Add-default-aaa-server-to-config-printout-remove-red.patch
+0003-Remove-period-from-default-configuration-message.patch
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+ dh $@ --with autoreconf --parallel
+
+override_dh_auto_configure:
+ dh_auto_configure -- --with-systemdsystemunitdir=/lib/systemd/system
+
+override_dh_install:
+ chmod a+x debian/tids-wrapper
+ dh_install
+
+override_dh_strip:
+ dh_strip --dbg-package=moonshot-trust-router-dbg
+
+override_dh_installinit:
+ dh_installinit --name tids
--- /dev/null
+3.0 (native)
--- /dev/null
+#! /usr/bin/env bash
+
+PIDFILE=$1
+LOGFILE=$2
+shift 2
+
+unset DISPLAY
+/usr/bin/tids $@ >> $LOGFILE 2>&1 &
+BGPID=$!
+RET=$?
+
+echo $BGPID > $PIDFILE
+
+exit $RET
%pre
getent group trustrouter > /dev/null || groupadd -r trustrouter
-getent passwd trustrouter > /dev/null || useradd -r -g trustrouter -d /var/lib/trust_router -s /sbin/nologin -c "GSS-EAP Trust Router service account" trustrouter
+getent passwd trustrouter > /dev/null || useradd -r -g trustrouter -d /var/lib/trustrouter -s /sbin/nologin -c "GSS-EAP Trust Router service account" trustrouter
exit 0
projects / trust_router.git / commitdiff