Browse Source

Import upstream version 6

Nathaniel McCallum 6 years ago
commit
27c47e39cb
29 changed files with 16340 additions and 0 deletions
  1. 674 0
      COPYING
  2. 43 0
      Makefile.am
  3. 1406 0
      Makefile.in
  4. 1496 0
      aclocal.m4
  5. 347 0
      compile
  6. 1462 0
      config.guess
  7. 1823 0
      config.sub
  8. 5805 0
      configure
  9. 79 0
      configure.ac
  10. 791 0
      depcomp
  11. 70 0
      doc/tang-nagios.1
  12. 137 0
      doc/tang.8
  13. 501 0
      install-sh
  14. 215 0
      missing
  15. 168 0
      src/http.c
  16. 53 0
      src/http.h
  17. 552 0
      src/nagios.c
  18. 36 0
      src/tangd-keygen
  19. 83 0
      src/tangd-update
  20. 226 0
      src/tangd.c
  21. 148 0
      test-driver
  22. 84 0
      tests/adv
  23. 43 0
      tests/nagios
  24. 59 0
      tests/rec
  25. 8 0
      units/tangd-keygen.service.in
  26. 4 0
      units/tangd-update.path.in
  27. 6 0
      units/tangd-update.service.in
  28. 11 0
      units/tangd.socket.in
  29. 10 0
      units/tangd@.service.in

+ 674 - 0
COPYING

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

+ 43 - 0
Makefile.am

@@ -0,0 +1,43 @@
+DISTCHECK_CONFIGURE_FLAGS = --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
+
+AM_CFLAGS = @TANG_CFLAGS@ @jose_CFLAGS@
+LDADD = @jose_LIBS@ @http_parser_LIBS@
+
+nagiosdir = $(libdir)/nagios/plugins
+cachedir = $(localstatedir)/cache/$(PACKAGE_NAME)
+jwkdir = $(localstatedir)/db/$(PACKAGE_NAME)
+
+nodist_systemdsystemunit_DATA = \
+    units/tangd@.service \
+    units/tangd.socket \
+    units/tangd-update.path \
+    units/tangd-update.service \
+    units/tangd-keygen.service
+
+dist_libexec_SCRIPTS = src/tangd-update src/tangd-keygen
+libexec_PROGRAMS = src/tangd
+nagios_PROGRAMS = src/tang
+man1_MANS = doc/tang-nagios.1
+man8_MANS = doc/tang.8
+
+src_tangd_SOURCES = src/http.c src/http.h src/tangd.c
+src_tang_SOURCES = src/nagios.c
+
+%: %.in
+	$(AM_V_GEN)mkdir -p "`dirname "$@"`"
+	$(AM_V_GEN)$(SED) \
+		-e 's,@libexecdir\@,$(libexecdir),g' \
+		-e 's,@jwkdir\@,$(jwkdir),g' \
+		-e 's,@cachedir\@,$(cachedir),g' \
+		$(srcdir)/$@.in > $@
+
+AM_TESTS_ENVIRONMENT = SD_ACTIVATE="@SD_ACTIVATE@" PATH=$(srcdir)/src:$(builddir)/src:$(PATH)
+TESTS = tests/adv tests/rec tests/nagios
+
+CLEANFILES = $(nodist_systemdsystemunit_DATA)
+EXTRA_DIST = \
+    $(foreach unit,$(nodist_systemdsystemunit_DATA),$(unit).in) \
+    COPYING \
+    $(TESTS) \
+    $(man1_MANS) \
+    $(man8_MANS)

File diff suppressed because it is too large
+ 1406 - 0
Makefile.in


File diff suppressed because it is too large
+ 1496 - 0
aclocal.m4


+ 347 - 0
compile

@@ -0,0 +1,347 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2012-10-14.11; # UTC
+
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" ""	$nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+  file=$1
+  case $file in
+    / | /[!/]*) # absolute file, and not a UNC file
+      if test -z "$file_conv"; then
+	# lazily determine how to convert abs files
+	case `uname -s` in
+	  MINGW*)
+	    file_conv=mingw
+	    ;;
+	  CYGWIN*)
+	    file_conv=cygwin
+	    ;;
+	  *)
+	    file_conv=wine
+	    ;;
+	esac
+      fi
+      case $file_conv/,$2, in
+	*,$file_conv,*)
+	  ;;
+	mingw/*)
+	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+	  ;;
+	cygwin/*)
+	  file=`cygpath -m "$file" || echo "$file"`
+	  ;;
+	wine/*)
+	  file=`winepath -w "$file" || echo "$file"`
+	  ;;
+      esac
+      ;;
+  esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+  func_file_conv "$1"
+  if test -z "$lib_path"; then
+    lib_path=$file
+  else
+    lib_path="$lib_path;$file"
+  fi
+  linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+  lib=$1
+  found=no
+  save_IFS=$IFS
+  IFS=';'
+  for dir in $lib_path $LIB
+  do
+    IFS=$save_IFS
+    if $shared && test -f "$dir/$lib.dll.lib"; then
+      found=yes
+      lib=$dir/$lib.dll.lib
+      break
+    fi
+    if test -f "$dir/$lib.lib"; then
+      found=yes
+      lib=$dir/$lib.lib
+      break
+    fi
+    if test -f "$dir/lib$lib.a"; then
+      found=yes
+      lib=$dir/lib$lib.a
+      break
+    fi
+  done
+  IFS=$save_IFS
+
+  if test "$found" != yes; then
+    lib=$lib.lib
+  fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+  # Assume a capable shell
+  lib_path=
+  shared=:
+  linker_opts=
+  for arg
+  do
+    if test -n "$eat"; then
+      eat=
+    else
+      case $1 in
+	-o)
+	  # configure might choose to run compile as 'compile cc -o foo foo.c'.
+	  eat=1
+	  case $2 in
+	    *.o | *.[oO][bB][jJ])
+	      func_file_conv "$2"
+	      set x "$@" -Fo"$file"
+	      shift
+	      ;;
+	    *)
+	      func_file_conv "$2"
+	      set x "$@" -Fe"$file"
+	      shift
+	      ;;
+	  esac
+	  ;;
+	-I)
+	  eat=1
+	  func_file_conv "$2" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-I*)
+	  func_file_conv "${1#-I}" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-l)
+	  eat=1
+	  func_cl_dashl "$2"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-l*)
+	  func_cl_dashl "${1#-l}"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-L)
+	  eat=1
+	  func_cl_dashL "$2"
+	  ;;
+	-L*)
+	  func_cl_dashL "${1#-L}"
+	  ;;
+	-static)
+	  shared=false
+	  ;;
+	-Wl,*)
+	  arg=${1#-Wl,}
+	  save_ifs="$IFS"; IFS=','
+	  for flag in $arg; do
+	    IFS="$save_ifs"
+	    linker_opts="$linker_opts $flag"
+	  done
+	  IFS="$save_ifs"
+	  ;;
+	-Xlinker)
+	  eat=1
+	  linker_opts="$linker_opts $2"
+	  ;;
+	-*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+	*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+	  func_file_conv "$1"
+	  set x "$@" -Tp"$file"
+	  shift
+	  ;;
+	*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+	  func_file_conv "$1" mingw
+	  set x "$@" "$file"
+	  shift
+	  ;;
+	*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+      esac
+    fi
+    shift
+  done
+  if test -n "$linker_opts"; then
+    linker_opts="-link$linker_opts"
+  fi
+  exec "$@" $linker_opts
+  exit 1
+}
+
+eat=
+
+case $1 in
+  '')
+     echo "$0: No command.  Try '$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "compile $scriptversion"
+    exit $?
+    ;;
+  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+    func_cl_wrapper "$@"      # Doesn't return...
+    ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+  if test -n "$eat"; then
+    eat=
+  else
+    case $1 in
+      -o)
+	# configure might choose to run compile as 'compile cc -o foo foo.c'.
+	# So we strip '-o arg' only if arg is an object.
+	eat=1
+	case $2 in
+	  *.o | *.obj)
+	    ofile=$2
+	    ;;
+	  *)
+	    set x "$@" -o "$2"
+	    shift
+	    ;;
+	esac
+	;;
+      *.c)
+	cfile=$1
+	set x "$@" "$1"
+	shift
+	;;
+      *)
+	set x "$@" "$1"
+	shift
+	;;
+    esac
+  fi
+  shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+  # If no '-o' option was seen then we might have been invoked from a
+  # pattern rule where we don't need one.  That is ok -- this is a
+  # normal compilation that the losing compiler can handle.  If no
+  # '.c' file was seen then we are probably linking.  That is also
+  # ok.
+  exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file.  Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+  if mkdir "$lockdir" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+  test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+  test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

File diff suppressed because it is too large
+ 1462 - 0
config.guess


File diff suppressed because it is too large
+ 1823 - 0
config.sub


File diff suppressed because it is too large
+ 5805 - 0
configure


+ 79 - 0
configure.ac

@@ -0,0 +1,79 @@
+AC_PREREQ(2.59)
+AC_INIT(tang, 6)
+AC_CANONICAL_SYSTEM
+AC_PROG_CC_C99
+AC_PROG_SED
+
+AM_INIT_AUTOMAKE([subdir-objects foreign no-dist-gzip dist-bzip2 parallel-tests])
+AM_SILENT_RULES([yes])
+AM_PROG_CC_C_O
+
+PKG_PROG_PKG_CONFIG([0.25])
+
+AC_CHECK_LIB([dl], [dlopen], [AC_SUBST([dl_LIBS], [-ldl])],
+             [AC_CHECK_LIB([dl], [dlopen], [AC_SUBST([dl_LIBS], [-ldl])],
+	                   [AC_MSG_ERROR([unable to find dlopen])])])
+
+AC_CHECK_HEADER([http_parser.h], [],
+		[AC_MSG_ERROR([http-parser required!])], [
+#include <http_parser.h>
+#ifndef HTTP_STATUS_MAP
+#error HTTP_STATUS_MAP not defined!
+#endif
+])
+
+AC_CHECK_LIB([http_parser], [http_parser_execute],
+             [AC_SUBST(http_parser_LIBS, [-lhttp_parser])],
+             [AC_MSG_ERROR([http-parser required!])])
+
+PKG_CHECK_MODULES([jose], [jose >= 8])
+PKG_CHECK_MODULES([systemd], [systemd])
+
+AC_ARG_WITH([systemdsystemunitdir],
+            [AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files])],
+            [],
+            [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)])
+
+AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])
+
+for ac_prog in systemd-socket-activate systemd-activate; do
+    AC_CHECK_PROG([SD_ACTIVATE], [$ac_prog], [$as_dir/$ac_prog], [],
+		  [$PATH$PATH_SEPARATOR$($PKG_CONFIG --variable=systemdutildir systemd)])
+    test -n "$SD_ACTIVATE" && break
+done
+
+test -n "$SD_ACTIVATE" || AC_MSG_ERROR([systemd-socket-activate required!])
+
+AC_MSG_CHECKING([systemd-socket-activate inetd flag])
+if $SD_ACTIVATE --help | grep -q inetd; then
+    SD_ACTIVATE="$SD_ACTIVATE --inetd"
+    AC_MSG_RESULT([--inetd])
+else
+    AC_MSG_RESULT([(default)])
+fi
+
+AC_SUBST(SD_ACTIVATE)
+
+TANG_CFLAGS="\
+-Wall \
+-Wextra \
+-Werror \
+-Wstrict-aliasing \
+-Wchar-subscripts \
+-Wformat-security \
+-Wmissing-declarations \
+-Wmissing-prototypes \
+-Wnested-externs \
+-Wpointer-arith \
+-Wshadow \
+-Wsign-compare \
+-Wstrict-prototypes \
+-Wtype-limits \
+-Wunused-function \
+-Wno-missing-field-initializers \
+-Wno-unused-parameter \
+"
+AC_SUBST([TANG_CFLAGS])
+
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT

+ 791 - 0
depcomp

@@ -0,0 +1,791 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2013-05-30.07; # UTC
+
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+    echo "$0: No command.  Try '$0 --help' for more information." 1>&2
+    exit 1;
+    ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by 'PROGRAMS ARGS'.
+  object      Object file output by 'PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputting dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+# Get the directory component of the given path, and save it in the
+# global variables '$dir'.  Note that this directory component will
+# be either empty or ending with a '/' character.  This is deliberate.
+set_dir_from ()
+{
+  case $1 in
+    */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
+      *) dir=;;
+  esac
+}
+
+# Get the suffix-stripped basename of the given path, and save it the
+# global variable '$base'.
+set_base_from ()
+{
+  base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
+}
+
+# If no dependency file was actually created by the compiler invocation,
+# we still have to create a dummy depfile, to avoid errors with the
+# Makefile "include basename.Plo" scheme.
+make_dummy_depfile ()
+{
+  echo "#dummy" > "$depfile"
+}
+
+# Factor out some common post-processing of the generated depfile.
+# Requires the auxiliary global variable '$tmpdepfile' to be set.
+aix_post_process_depfile ()
+{
+  # If the compiler actually managed to produce a dependency file,
+  # post-process it.
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form 'foo.o: dependency.h'.
+    # Do two passes, one to just change these to
+    #   $object: dependency.h
+    # and one to simply output
+    #   dependency.h:
+    # which is needed to avoid the deleted-header problem.
+    { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
+      sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
+    } > "$depfile"
+    rm -f "$tmpdepfile"
+  else
+    make_dummy_depfile
+  fi
+}
+
+# A tabulation character.
+tab='	'
+# A newline character.
+nl='
+'
+# Character ranges might be problematic outside the C locale.
+# These definitions help.
+upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
+lower=abcdefghijklmnopqrstuvwxyz
+digits=0123456789
+alpha=${upper}${lower}
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Avoid interferences from the environment.
+gccflag= dashmflag=
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+  # This is just like dashmstdout with a different argument.
+  dashmflag=-xM
+  depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+  # This is just like msvisualcpp but w/o cygpath translation.
+  # Just convert the backslash-escaped backslashes to single forward
+  # slashes to satisfy depend.m4
+  cygpath_u='sed s,\\\\,/,g'
+  depmode=msvisualcpp
+fi
+
+if test "$depmode" = msvc7msys; then
+  # This is just like msvc7 but w/o cygpath translation.
+  # Just convert the backslash-escaped backslashes to single forward
+  # slashes to satisfy depend.m4
+  cygpath_u='sed s,\\\\,/,g'
+  depmode=msvc7
+fi
+
+if test "$depmode" = xlc; then
+  # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
+  gccflag=-qmakedep=gcc,-MF
+  depmode=gcc
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
+## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
+## (see the conditional assignment to $gccflag above).
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).  Also, it might not be
+##   supported by the other compilers which use the 'gcc' depmode.
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  # The second -e expression handles DOS-style file names with drive
+  # letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the "deleted header file" problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+## Some versions of gcc put a space before the ':'.  On the theory
+## that the space means something, we add a space to the output as
+## well.  hp depmode also adds that space, but also prefixes the VPATH
+## to the object.  Take care to not repeat it in the output.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+  tr ' ' "$nl" < "$tmpdepfile" \
+    | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
+    | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like '#:fec' to the end of the
+    # dependency line.
+    tr ' ' "$nl" < "$tmpdepfile" \
+      | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
+      | tr "$nl" ' ' >> "$depfile"
+    echo >> "$depfile"
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' "$nl" < "$tmpdepfile" \
+      | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+      >> "$depfile"
+  else
+    make_dummy_depfile
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+xlc)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts '$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  set_dir_from "$object"
+  set_base_from "$object"
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  aix_post_process_depfile
+  ;;
+
+tcc)
+  # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
+  # FIXME: That version still under development at the moment of writing.
+  #        Make that this statement remains true also for stable, released
+  #        versions.
+  # It will wrap lines (doesn't matter whether long or short) with a
+  # trailing '\', as in:
+  #
+  #   foo.o : \
+  #    foo.c \
+  #    foo.h \
+  #
+  # It will put a trailing '\' even on the last line, and will use leading
+  # spaces rather than leading tabs (at least since its commit 0394caf7
+  # "Emit spaces for -MD").
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
+  # We have to change lines of the first kind to '$object: \'.
+  sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
+  # And for each line of the second kind, we have to emit a 'dep.h:'
+  # dummy dependency, to avoid the deleted-header problem.
+  sed -n -e 's|^  *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+## The order of this option in the case statement is important, since the
+## shell code in configure will try each of these formats in the order
+## listed in this file.  A plain '-MD' option would be understood by many
+## compilers, so we must ensure this comes after the gcc and icc options.
+pgcc)
+  # Portland's C compiler understands '-MD'.
+  # Will always output deps to 'file.d' where file is the root name of the
+  # source file under compilation, even if file resides in a subdirectory.
+  # The object file name does not affect the name of the '.d' file.
+  # pgcc 10.2 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using '\' :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+  set_dir_from "$object"
+  # Use the source, not the object, to determine the base name, since
+  # that's sadly what pgcc will do too.
+  set_base_from "$source"
+  tmpdepfile=$base.d
+
+  # For projects that build the same source file twice into different object
+  # files, the pgcc approach of using the *source* file root name can cause
+  # problems in parallel builds.  Use a locking strategy to avoid stomping on
+  # the same $tmpdepfile.
+  lockdir=$base.d-lock
+  trap "
+    echo '$0: caught signal, cleaning up...' >&2
+    rmdir '$lockdir'
+    exit 1
+  " 1 2 13 15
+  numtries=100
+  i=$numtries
+  while test $i -gt 0; do
+    # mkdir is a portable test-and-set.
+    if mkdir "$lockdir" 2>/dev/null; then
+      # This process acquired the lock.
+      "$@" -MD
+      stat=$?
+      # Release the lock.
+      rmdir "$lockdir"
+      break
+    else
+      # If the lock is being held by a different process, wait
+      # until the winning process is done or we timeout.
+      while test -d "$lockdir" && test $i -gt 0; do
+        sleep 1
+        i=`expr $i - 1`
+      done
+    fi
+    i=`expr $i - 1`
+  done
+  trap - 1 2 13 15
+  if test $i -le 0; then
+    echo "$0: failed to acquire lock after $numtries attempts" >&2
+    echo "$0: check lockdir '$lockdir'" >&2
+    exit 1
+  fi
+
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
+    | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  set_dir_from  "$object"
+  set_base_from "$object"
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -ne 0; then
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add 'dependent.h:' lines.
+    sed -ne '2,${
+               s/^ *//
+               s/ \\*$//
+               s/$/:/
+               p
+             }' "$tmpdepfile" >> "$depfile"
+  else
+    make_dummy_depfile
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+  # The Tru64 compiler uses -MD to generate dependencies as a side
+  # effect.  'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
+  # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+  # dependencies in 'foo.d' instead, so we check for that too.
+  # Subdirectories are respected.
+  set_dir_from  "$object"
+  set_base_from "$object"
+
+  if test "$libtool" = yes; then
+    # Libtool generates 2 separate objects for the 2 libraries.  These
+    # two compilations output dependencies in $dir.libs/$base.o.d and
+    # in $dir$base.o.d.  We have to check for both files, because
+    # one of the two compilations can be disabled.  We should prefer
+    # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+    # automatically cleaned when .libs/ is deleted, while ignoring
+    # the former would cause a distcleancheck panic.
+    tmpdepfile1=$dir$base.o.d          # libtool 1.5
+    tmpdepfile2=$dir.libs/$base.o.d    # Likewise.
+    tmpdepfile3=$dir.libs/$base.d      # Compaq CCC V6.2-504
+    "$@" -Wc,-MD
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    tmpdepfile3=$dir$base.d
+    "$@" -MD
+  fi
+
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  # Same post-processing that is required for AIX mode.
+  aix_post_process_depfile
+  ;;
+
+msvc7)
+  if test "$libtool" = yes; then
+    showIncludes=-Wc,-showIncludes
+  else
+    showIncludes=-showIncludes
+  fi
+  "$@" $showIncludes > "$tmpdepfile"
+  stat=$?
+  grep -v '^Note: including file: ' "$tmpdepfile"
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  # The first sed program below extracts the file names and escapes
+  # backslashes for cygpath.  The second sed program outputs the file
+  # name when reading, but also accumulates all include files in the
+  # hold buffer in order to output them again at the end.  This only
+  # works with sed implementations that can handle large buffers.
+  sed < "$tmpdepfile" -n '
+/^Note: including file:  *\(.*\)/ {
+  s//\1/
+  s/\\/\\\\/g
+  p
+}' | $cygpath_u | sort -u | sed -n '
+s/ /\\ /g
+s/\(.*\)/'"$tab"'\1 \\/p
+s/.\(.*\) \\/\1:/
+H
+$ {
+  s/.*/'"$tab"'/
+  G
+  p
+}' >> "$depfile"
+  echo >> "$depfile" # make sure the fragment doesn't end with a backslash
+  rm -f "$tmpdepfile"
+  ;;
+
+msvc7msys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove '-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for ':'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
+  "$@" $dashmflag |
+    sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this sed invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  tr ' ' "$nl" < "$tmpdepfile" \
+    | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
+    | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  # makedepend may prepend the VPATH from the source file name to the object.
+  # No need to regex-escape $object, excess matching of '.' is harmless.
+  sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process the last invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed '1,2d' "$tmpdepfile" \
+    | tr ' ' "$nl" \
+    | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
+    | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove '-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E \
+    | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+             -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+    | sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+        set fnord "$@"
+        shift
+        shift
+        ;;
+    *)
+        set fnord "$@" "$arg"
+        shift
+        shift
+        ;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
+  echo "$tab" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

+ 70 - 0
doc/tang-nagios.1

@@ -0,0 +1,70 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "TANG\-NAGIOS" "1" "June 2017" "" ""
+.
+.SH "NAME"
+\fBtang\-nagios\fR \- A Nagios plugin for Tang
+.
+.SH "SYNOPSIS"
+\fBtang\fR \-u URL
+.
+.SH "OVERVIEW"
+This Nagios plugin for Tang enables Nagios to monitor a Tang server for its basic functionality as well as performance metrics\. The plugin is executed simply by providing the base URL to the Tang service\.
+.
+.P
+The plugin will test the following functionality:
+.
+.IP "1." 4
+Downloading the advertisement\.
+.
+.IP "2." 4
+Verification of advertisement semantics\.
+.
+.IP "3." 4
+Verification of signatures for all advertised signing keys\.
+.
+.IP "4." 4
+Verification of key exchanges for all advertised exchange keys\.
+.
+.IP "" 0
+.
+.P
+If any of these tests fail, an error will be generated\. Upon success, the plugin will output the following performance metrics:
+.
+.IP "\(bu" 4
+\fBadv\fR : Time it took to fetch the advertisement (in μs)\.
+.
+.IP "\(bu" 4
+\fBexc\fR : Average time of all key exchange operations (in μs)\.
+.
+.IP "\(bu" 4
+\fBnkeys\fR : Number of keys in the advertisement\.
+.
+.IP "\(bu" 4
+\fBnsigk\fR : Number of signing keys in the advertisement\.
+.
+.IP "\(bu" 4
+\fBnexck\fR : Number of exchange keys in the advertisement\.
+.
+.IP "" 0
+.
+.SH "EXAMPLES"
+A simple test against a localhost Tang server:
+.
+.IP "" 4
+.
+.nf
+
+$ \./tang \-u http://localhost/
+OK|adv=21430 exc=44587 nkeys=2 nsigk=1 nexck=1
+.
+.fi
+.
+.IP "" 0
+.
+.SH "AUTHOR"
+Nathaniel McCallum <npmccallum@redhat\.com>
+.
+.SH "SEE ALSO"
+\fBtang\fR(8)

+ 137 - 0
doc/tang.8

@@ -0,0 +1,137 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "TANG" "8" "June 2017" "" ""
+.
+.SH "NAME"
+\fBtang\fR \- Network\-Based Cryptographic Binding Server
+.
+.SH "OVERVIEW"
+Tang is a service for binding cryptographic keys to network presence\. It offers a secure, stateless, anonymous alternative to key escrow services\.
+.
+.P
+The Tang project arose as a tool to help the automation of decryption\. Existing mechanisms predominantly use key escrow systems where a client encrypts some data with a symmetric key and stores the symmetric key in a remote server for later retrieval\. The desired goal of this setup is that the client can automatically decrypt the data when it is able to contact the escrow server and fetch the key\.
+.
+.P
+However, escrow servers have many additional requirements, including authentication (so that clients can\'t get keys they aren\'t suppossed to have) and transport encryption (so that attackers listening on the network can\'t eavesdrop on the keys in transit)\.
+.
+.P
+Tang avoids this complexity\. Instead of storing a symmetric key remotely, the client performs an asymmetric key exchange with the Tang server\. Since the Tang server doesn\'t store or transport symmetric keys, neither authentication nor encryption are required\. Thus, Tang is completely stateless and zero\-configuration\. Further, clients can be completely anonymous\.
+.
+.P
+Tang does not provide a client\. But it does export a simple REST API and it transfers only standards compliant JSON Object Signing and Encryption (JOSE) objects, allowing you to create your own clients using off the shelf components\. For an off\-the\-shelf automated encryption framework with support for Tang, see the Clevis project\. For the full technical details of the Tang protocol, see the Tang project\'s homepage\.
+.
+.SH "GETTING STARTED"
+Getting a Tang server up and running is simple:
+.
+.IP "" 4
+.
+.nf
+
+$ sudo systemctl enable tangd\.socket \-\-now
+.
+.fi
+.
+.IP "" 0
+.
+.P
+That\'s it\. The server is now running with a fresh set of cryptographic keys and will automatically start on the next reboot\.
+.
+.SH "CONFIGURATION"
+Tang intends to be a minimal network service and therefore does not have any configuration\. To adjust the network settings, you can override the \fBtangd\.socket\fR unit file using the standard systemd mechanisms\. See \fBsystemd\.unit\fR(5) and \fBsystemd\.socket\fR(5) for more information\.
+.
+.SH "KEY ROTATION"
+In order to preserve the security of the system over the long run, you need to periodically rotate your keys\. The precise interval at which you should rotate depends upon your application, key sizes and institutional policy\. For some common recommendations, see: https://www\.keylength\.com\.
+.
+.P
+To rotate keys, first we need to generate new keys in the key database directory\. This is typically \fB/var/db/tang\fR\. For example, you can create new signature and exchange keys with the following commands:
+.
+.IP "" 4
+.
+.nf
+
+# DB=/var/db/tang
+# jose jwk gen \-i \'{"alg":"ES512"}\' \-o $DB/new_sig\.jwk
+# jose jwk gen \-i \'{"alg":"ECMR"}\' \-o $DB/new_exc\.jwk
+.
+.fi
+.
+.IP "" 0
+.
+.P
+Next, rename the old keys to have a leading \fB\.\fR in order to hide them from advertisement:
+.
+.IP "" 4
+.
+.nf
+
+# mv $DB/old_sig\.jwk $DB/\.old_sig\.jwk
+# mv $DB/old_exc\.jwk $DB/\.old_exc\.jwk
+.
+.fi
+.
+.IP "" 0
+.
+.P
+Tang will immediately pick up all changes\. No restart is required\.
+.
+.P
+At this point, new client bindings will pick up the new keys and old clients can continue to utilize the old keys\. Once you are sure that all the old clients have been migrated to use the new keys, you can remove the old keys\. Be aware that removing the old keys while clients are still using them can result in data loss\. You have been warned\.
+.
+.SH "HIGH PERFORMANCE"
+The Tang protocol is extremely fast\. However, in the default setup we use systemd socket activiation to start one process per connection\. This imposes a performance overhead\. For most deployments, this is still probably quick enough, given that Tang is extremely lightweight\. But for larger deployments, greater performance can be achieved\.
+.
+.P
+Our recommendation for achieving higher throughput is to proxy traffic to Tang through your existing web services using a connection pool\. Since there is one process per connection, keeping a number of connections open in this setup will enable effective parallelism since there are no internal locks in Tang\.
+.
+.P
+For Apache, this is possible using the \fBProxyPass\fR directive of the \fBmod_proxy\fR module\.
+.
+.SH "HIGH AVAILABILITY"
+Tang provides two methods for building a high availability deployment\.
+.
+.IP "1." 4
+Client redundency (recommended)
+.
+.IP "2." 4
+Key sharing with DNS round\-robin
+.
+.IP "" 0
+.
+.P
+While it may be tempting to share keys between Tang servers, this method should be avoided\. Sharing keys increases the risk of key compromise and requires additional automation infrastructure\.
+.
+.P
+Instead, clients should be coded with the ability to bind to multiple Tang servers\. In this setup, each Tang server will have its own keys and clients will be able to decrypt by contacting a subset of these servers\.
+.
+.P
+Clevis already supports this workflow through its \fBsss\fR plugin\.
+.
+.P
+However, if you still feel that key sharing is the right deployment strategy, Tang will do nothing to stop you\. Just (securely!) transfer all the contents of the database directory to all your servers\. Make sure you don\'t forget the unadvertised keys! Then set up DNS round\-robin so that clients will be load balanced across your servers\.
+.
+.SH "COMMANDS"
+The Tang server provides no public commands\.
+.
+.SH "AUTHOR"
+Nathaniel McCallum <npmccallum@redhat\.com>
+.
+.SH "SEE ALSO"
+\fBsystemd\.unit\fR(5), \fBsystemd\.socket\fR(5), \fBjose\-jwk\-gen\fR(1)
+.
+.SH "FURTHER READING"
+.
+.IP "\(bu" 4
+Clevis : https://github\.com/latchset/clevis
+.
+.IP "\(bu" 4
+Tang : https://github\.com/latchset/tang
+.
+.IP "\(bu" 4
+JOSE : https://datatracker\.ietf\.org/wg/jose/charter/
+.
+.IP "\(bu" 4
+mod_proxy : https://httpd\.apache\.org/docs/2\.4/mod/mod_proxy\.html
+.
+.IP "" 0
+

+ 501 - 0
install-sh

@@ -0,0 +1,501 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2013-12-25.23; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# 'make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+tab='	'
+nl='
+'
+IFS=" $tab$nl"
+
+# Set DOITPROG to "echo" to test this script.
+
+doit=${DOITPROG-}
+doit_exec=${doit:-exec}
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+is_target_a_directory=possibly
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+        case $mode in
+          *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
+            echo "$0: invalid mode: $mode" >&2
+            exit 1;;
+        esac
+        shift;;
+
+    -o) chowncmd="$chownprog $2"
+        shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t)
+        is_target_a_directory=always
+        dst_arg=$2
+        # Protect names problematic for 'test' and other utilities.
+        case $dst_arg in
+          -* | [=\(\)!]) dst_arg=./$dst_arg;;
+        esac
+        shift;;
+
+    -T) is_target_a_directory=never;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --) shift
+        break;;
+
+    -*) echo "$0: invalid option: $1" >&2
+        exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+# We allow the use of options -d and -T together, by making -d
+# take the precedence; this is for compatibility with GNU install.
+
+if test -n "$dir_arg"; then
+  if test -n "$dst_arg"; then
+    echo "$0: target directory not allowed when installing a directory." >&2
+    exit 1
+  fi
+fi
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for 'test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call 'install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  if test $# -gt 1 || test "$is_target_a_directory" = always; then
+    if test ! -d "$dst_arg"; then
+      echo "$0: $dst_arg: Is not a directory." >&2
+      exit 1
+    fi
+  fi
+fi
+
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for 'test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test "$is_target_a_directory" = never; then
+        echo "$0: $dst_arg: Is a directory" >&2
+        exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      dstdir=`dirname "$dst"`
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+        # Create intermediate dirs using mode 755 as modified by the umask.
+        # This is like FreeBSD 'install' as of 1997-10-28.
+        umask=`umask`
+        case $stripcmd.$umask in
+          # Optimize common cases.
+          *[2367][2367]) mkdir_umask=$umask;;
+          .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+          *[0-7])
+            mkdir_umask=`expr $umask + 22 \
+              - $umask % 100 % 40 + $umask % 20 \
+              - $umask % 10 % 4 + $umask % 2
+            `;;
+          *) mkdir_umask=$umask,go-w;;
+        esac
+
+        # With -d, create the new directory with the user-specified mode.
+        # Otherwise, rely on $mkdir_umask.
+        if test -n "$dir_arg"; then
+          mkdir_mode=-m$mode
+        else
+          mkdir_mode=
+        fi
+
+        posix_mkdir=false
+        case $umask in
+          *[123567][0-7][0-7])
+            # POSIX mkdir -p sets u+wx bits regardless of umask, which
+            # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+            ;;
+          *)
+            tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+            trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+            if (umask $mkdir_umask &&
+                exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+            then
+              if test -z "$dir_arg" || {
+                   # Check for POSIX incompatibilities with -m.
+                   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+                   # other-writable bit of parent directory when it shouldn't.
+                   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+                   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+                   case $ls_ld_tmpdir in
+                     d????-?r-*) different_mode=700;;
+                     d????-?--*) different_mode=755;;
+                     *) false;;
+                   esac &&
+                   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+                     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+                     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+                   }
+                 }
+              then posix_mkdir=:
+              fi
+              rmdir "$tmpdir/d" "$tmpdir"
+            else
+              # Remove any dirs left behind by ancient mkdir implementations.
+              rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+            fi
+            trap '' 0;;
+        esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+        umask $mkdir_umask &&
+        $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+        /*) prefix='/';;
+        [-=\(\)!]*) prefix='./';;
+        *)  prefix='';;
+      esac
+
+      oIFS=$IFS
+      IFS=/
+      set -f
+      set fnord $dstdir
+      shift
+      set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+        test X"$d" = X && continue
+
+        prefix=$prefix$d
+        if test -d "$prefix"; then
+          prefixes=
+        else
+          if $posix_mkdir; then
+            (umask=$mkdir_umask &&
+             $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+            # Don't fail if two instances are running concurrently.
+            test -d "$prefix" || exit 1
+          else
+            case $prefix in
+              *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+              *) qprefix=$prefix;;
+            esac
+            prefixes="$prefixes '$qprefix'"
+          fi
+        fi
+        prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+        # Don't fail if two instances are running concurrently.
+        (umask $mkdir_umask &&
+         eval "\$doit_exec \$mkdirprog $prefixes") ||
+          test -d "$dstdir" || exit 1
+        obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"     2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"  2>/dev/null` &&
+       set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       set +f &&
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+        # Now remove or move aside any old file at destination location.
+        # We try this two ways since rm can't unlink itself on some
+        # systems and the destination file might be busy for other
+        # reasons.  In this case, the final cleanup might fail but the new
+        # file should still install successfully.
+        {
+          test ! -f "$dst" ||
+          $doit $rmcmd -f "$dst" 2>/dev/null ||
+          { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+            { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+          } ||
+          { echo "$0: cannot unlink or rename $dst" >&2
+            (exit 1); exit 1
+          }
+        } &&
+
+        # Now rename the file to the real destination.
+        $doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

+ 215 - 0
missing

@@ -0,0 +1,215 @@
+#! /bin/sh
+# Common wrapper for a few potentially missing GNU programs.
+
+scriptversion=2013-10-28.13; # UTC
+
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try '$0 --help' for more information"
+  exit 1
+fi
+
+case $1 in
+
+  --is-lightweight)
+    # Used by our autoconf macros to check whether the available missing
+    # script is modern enough.
+    exit 0
+    ;;
+
+  --run)
+    # Back-compat with the calling convention used by older automake.
+    shift
+    ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
+to PROGRAM being missing or too old.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+
+Supported PROGRAM values:
+  aclocal   autoconf  autoheader   autom4te  automake  makeinfo
+  bison     yacc      flex         lex       help2man
+
+Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
+'g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: unknown '$1' option"
+    echo 1>&2 "Try '$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# Run the given program, remember its exit status.
+"$@"; st=$?
+
+# If it succeeded, we are done.
+test $st -eq 0 && exit 0
+
+# Also exit now if we it failed (or wasn't found), and '--version' was
+# passed; such an option is passed most likely to detect whether the
+# program is present and works.
+case $2 in --version|--help) exit $st;; esac
+
+# Exit code 63 means version mismatch.  This often happens when the user
+# tries to use an ancient version of a tool on a file that requires a
+# minimum version.
+if test $st -eq 63; then
+  msg="probably too old"
+elif test $st -eq 127; then
+  # Program was missing.
+  msg="missing on your system"
+else
+  # Program was found and executed, but failed.  Give up.
+  exit $st
+fi
+
+perl_URL=http://www.perl.org/
+flex_URL=http://flex.sourceforge.net/
+gnu_software_URL=http://www.gnu.org/software
+
+program_details ()
+{
+  case $1 in
+    aclocal|automake)
+      echo "The '$1' program is part of the GNU Automake package:"
+      echo "<$gnu_software_URL/automake>"
+      echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/autoconf>"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+    autoconf|autom4te|autoheader)
+      echo "The '$1' program is part of the GNU Autoconf package:"
+      echo "<$gnu_software_URL/autoconf/>"
+      echo "It also requires GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+  esac
+}
+
+give_advice ()
+{
+  # Normalize program name to check for.
+  normalized_program=`echo "$1" | sed '
+    s/^gnu-//; t
+    s/^gnu//; t
+    s/^g//; t'`
+
+  printf '%s\n' "'$1' is $msg."
+
+  configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
+  case $normalized_program in
+    autoconf*)
+      echo "You should only need it if you modified 'configure.ac',"
+      echo "or m4 files included by it."
+      program_details 'autoconf'
+      ;;
+    autoheader*)
+      echo "You should only need it if you modified 'acconfig.h' or"
+      echo "$configure_deps."
+      program_details 'autoheader'
+      ;;
+    automake*)
+      echo "You should only need it if you modified 'Makefile.am' or"
+      echo "$configure_deps."
+      program_details 'automake'
+      ;;
+    aclocal*)
+      echo "You should only need it if you modified 'acinclude.m4' or"
+      echo "$configure_deps."
+      program_details 'aclocal'
+      ;;
+   autom4te*)
+      echo "You might have modified some maintainer files that require"
+      echo "the 'autom4te' program to be rebuilt."
+      program_details 'autom4te'
+      ;;
+    bison*|yacc*)
+      echo "You should only need it if you modified a '.y' file."
+      echo "You may want to install the GNU Bison package:"
+      echo "<$gnu_software_URL/bison/>"
+      ;;
+    lex*|flex*)
+      echo "You should only need it if you modified a '.l' file."
+      echo "You may want to install the Fast Lexical Analyzer package:"
+      echo "<$flex_URL>"
+      ;;
+    help2man*)
+      echo "You should only need it if you modified a dependency" \
+           "of a man page."
+      echo "You may want to install the GNU Help2man package:"
+      echo "<$gnu_software_URL/help2man/>"
+    ;;
+    makeinfo*)
+      echo "You should only need it if you modified a '.texi' file, or"
+      echo "any other file indirectly affecting the aspect of the manual."
+      echo "You might want to install the Texinfo package:"
+      echo "<$gnu_software_URL/texinfo/>"
+      echo "The spurious makeinfo call might also be the consequence of"
+      echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
+      echo "want to install GNU make:"
+      echo "<$gnu_software_URL/make/>"
+      ;;
+    *)
+      echo "You might have modified some files without having the proper"
+      echo "tools for further handling them.  Check the 'README' file, it"
+      echo "often tells you about the needed prerequisites for installing"
+      echo "this package.  You may also peek at any GNU archive site, in"
+      echo "case some other package contains this missing '$1' program."
+      ;;
+  esac
+}
+
+give_advice "$1" | sed -e '1s/^/WARNING: /' \
+                       -e '2,$s/^/         /' >&2
+
+# Propagate the correct exit status (expected to be 127 for a program
+# not found, 63 for a program that failed due to version mismatch).
+exit $st
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

+ 168 - 0
src/http.c

@@ -0,0 +1,168 @@
+/* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
+/*
+ * Copyright (c) 2016 Red Hat, Inc.
+ * Author: Nathaniel McCallum <npmccallum@redhat.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "http.h"
+#undef http_reply
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static const char *METHOD_NAMES[] = {
+#define XX(num, name, string) [num] = # string,
+HTTP_METHOD_MAP(XX)
+#undef XX
+    NULL
+};
+
+static int
+on_url(http_parser *parser, const char *at, size_t length)
+{
+    struct http_state *state = parser->data;
+
+    if (state->req.status == 0) {
+        if (strlen(state->req.path) + length >= sizeof(state->req.path))
+            state->req.status = HTTP_STATUS_URI_TOO_LONG;
+        else
+            strncat(state->req.path, at, length);
+    }
+
+    return 0;
+}
+
+static int
+on_body(http_parser *parser, const char *at, size_t length)
+{
+    struct http_state *state = parser->data;
+
+    if (state->req.status == 0) {
+        if (strlen(state->req.body) + length >= sizeof(state->req.body))
+            state->req.status = HTTP_STATUS_PAYLOAD_TOO_LARGE;
+        else
+            strncat(state->req.body, at, length);
+    }
+
+    return 0;
+}
+
+static int
+on_message_complete(http_parser *parser)
+{
+    struct http_state *state = parser->data;
+    const char *addr = NULL;
+    bool pathmatch = false;
+    bool methmatch = false;
+    int r = 0;
+
+    if (state->req.status != 0)
+        goto error;
+
+    addr = getenv("REMOTE_ADDR");
+    fprintf(stderr, "%s %s %s",
+            addr ? addr : "<unknown>",
+            METHOD_NAMES[parser->method],
+            state->req.path);
+
+    for (size_t i = 0; state->dispatch[i].re && r == 0; i++) {
+        const struct http_dispatch *d = &state->dispatch[i];
+        regmatch_t match[d->nmatches];
+        regex_t re = {};
+
+        memset(match, 0, sizeof(match));
+
+        r = regcomp(&re, d->re, REG_EXTENDED) == 0 ? 0 : -EINVAL;
+        if (r != 0) {
+            state->req.status = HTTP_STATUS_INTERNAL_SERVER_ERROR;
+            goto error;
+        }
+
+        if (regexec(&re, state->req.path, d->nmatches, match, 0) == 0) {
+            pathmatch = true;
+
+            if (((1 << parser->method) & d->methods) != 0) {
+                methmatch = true;
+
+                r = d->func(parser->method, state->req.path,
+                            state->req.body, match, state->misc);
+            }
+        }
+
+        regfree(&re);
+    }
+
+    if (r > 0)
+        goto egress;
+
+    if (r == 0) {
+        if (!pathmatch)
+            state->req.status = HTTP_STATUS_NOT_FOUND;
+        else if (!methmatch)
+            state->req.status = HTTP_STATUS_METHOD_NOT_ALLOWED;
+        else
+            state->req.status = HTTP_STATUS_INTERNAL_SERVER_ERROR;
+    } else {
+        state->req.status = HTTP_STATUS_INTERNAL_SERVER_ERROR;
+    }
+
+error:
+    http_reply(__FILE__, __LINE__, state->req.status, NULL);
+
+egress:
+    memset(&state->req, 0, sizeof(state->req));
+    return 0;
+}
+
+const http_parser_settings http_settings = {
+    .on_url = on_url,
+    .on_body = on_body,
+    .on_message_complete = on_message_complete,
+};
+
+int
+http_reply(const char *file, int line,
+           enum http_status code, const char *fmt, ...)
+{
+    const char *msg = NULL;
+    va_list ap;
+    int a;
+    int b;
+
+    switch (code) {
+#define XX(num, name, string) case num: msg = # string; break;
+    HTTP_STATUS_MAP(XX)
+#undef XX
+    default:
+        return http_reply(file, line, HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+    }
+
+    fprintf(stderr, " => %d (%s:%d)\n", code, file, line);
+
+    a = dprintf(STDOUT_FILENO, "HTTP/1.1 %d %s\r\n", code, msg);
+    if (a < 0)
+        return a;
+
+    va_start(ap, fmt);
+    b = vdprintf(STDOUT_FILENO, fmt ? fmt : "Content-Length: 0\r\n\r\n", ap);
+    va_end(ap);
+    return b < 0 ? b : a + b;
+}

+ 53 - 0
src/http.h

@@ -0,0 +1,53 @@
+/* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
+/*
+ * Copyright (c) 2016 Red Hat, Inc.
+ * Author: Nathaniel McCallum <npmccallum@redhat.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include <http_parser.h>
+#include <sys/types.h>
+#include <regex.h>
+
+struct http_dispatch {
+    int (*func)(enum http_method method, const char *path,
+                const char *body, regmatch_t matches[], void *misc);
+    uint64_t methods;
+    size_t nmatches;
+    const char *re;
+};
+
+struct http_request {
+    int status;
+    char path[1024 * 4];
+    char body[1024 * 64];
+};
+
+struct http_state {
+    const struct http_dispatch *dispatch;
+    struct http_request req;
+    void *misc;
+};
+
+extern const http_parser_settings http_settings;
+
+int __attribute__ ((format(printf, 4, 5)))
+http_reply(const char *file, int line,
+           enum http_status code, const char *fmt, ...);
+
+#define http_reply(code, ...) \
+    http_reply(__FILE__, __LINE__, code, __VA_ARGS__)

+ 552 - 0
src/nagios.c

@@ -0,0 +1,552 @@
+/* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
+/*
+ * Copyright (c) 2016 Red Hat, Inc.
+ * Author: Nathaniel McCallum <npmccallum@redhat.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * NOTE WELL: This code is completely insecure for real-world workflows!
+ *
+ * In particular, it has two glaring security problems:
+ *
+ *   1. Server keys are implicitly trusted.
+ *   2. No ephemeral keys are used to protect the recovery phase.
+ *
+ * However, the goal of this Nagios plugin is to determine if the server is
+ * alive and properly handles well-formed requests. So we don't care about
+ * security. If you are looking for an example of how to securely use Tang,
+ * check out the Clevis project.
+ */
+
+#define _GNU_SOURCE
+
+#include <http_parser.h>
+#include <jose/jose.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#define conn_auto_t conn_t __attribute__((cleanup(conn_cleanup)))
+
+enum {
+    NAGIOS_OK = 0,
+    NAGIOS_WARN = 1,
+    NAGIOS_CRIT = 2,
+    NAGIOS_UNKN = 3
+};
+
+typedef struct {
+    char data[4096];
+    size_t used;
+    int sock;
+} conn_t;
+
+typedef struct {
+    char *data;
+    size_t size;
+} body_t;
+
+typedef struct {
+    char schm[PATH_MAX];
+    char host[PATH_MAX];
+    char srvc[PATH_MAX];
+    char path[PATH_MAX];
+} url_t;
+
+static void
+conn_cleanup(conn_t **conn)
+{
+    if (conn && *conn) {
+        close((*conn)->sock);
+        free(*conn);
+    }
+}
+
+static conn_t *
+conn_open(const char *host, const char *srvc, int family)
+{
+    const struct addrinfo hint = {
+        .ai_socktype = SOCK_STREAM,
+        .ai_family = family,
+    };
+
+    struct addrinfo *ais = NULL;
+    conn_t *conn = NULL;
+    int sock = -1;
+
+    sock = getaddrinfo(host, srvc, &hint, &ais);
+    switch (sock) {
+        case 0: break;
+        case EAI_AGAIN:    errno = -EAGAIN;  return NULL;
+        case EAI_BADFLAGS: errno = -EINVAL;  return NULL;
+        case EAI_FAMILY:   errno = -ENOTSUP; return NULL;
+        case EAI_MEMORY:   errno = -ENOMEM;  return NULL;
+        case EAI_SERVICE:  errno = -EINVAL;  return NULL;
+        default:           errno = -EIO;     return NULL;
+    }
+
+    conn = calloc(1, sizeof(*conn));
+    if (!conn) {
+        freeaddrinfo(ais);
+        return NULL;
+    }
+
+    for (const struct addrinfo *ai = ais; ai; ai = ai->ai_next) {
+        conn->sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+        if (conn->sock < 0)
+            continue;
+
+        if (connect(conn->sock, ai->ai_addr, ai->ai_addrlen) != 0) {
+            close(conn->sock);
+            continue;
+        }
+
+        freeaddrinfo(ais);
+        return conn;
+    }
+
+    freeaddrinfo(ais);
+    free(conn);
+
+    errno = -ENOENT;
+    return NULL;
+}
+
+static int
+conn_send(const conn_t *conn, const char *fmt, ...)
+{
+    va_list ap;
+    int r;
+
+    va_start(ap, fmt);
+    r = vdprintf(conn->sock, fmt, ap);
+    va_end(ap);
+    return r;
+}
+
+static int
+on_body(http_parser *parser, const char *at, size_t length)
+{
+    body_t *body = parser->data;
+    char *tmp = NULL;
+
+    tmp = realloc(body->data, body->size + length + 1);
+    if (!tmp)
+        return -errno;
+
+    memcpy(&tmp[body->size], at, length);
+    body->size += length;
+    body->data = tmp;
+
+    body->data[body->size] = 0;
+    return 0;
+}
+
+static int
+on_message_complete(http_parser *parser)
+{
+    http_parser_pause(parser, true);
+    return 0;
+}
+
+static int
+conn_recv(conn_t *conn, char **body)
+{
+    static const http_parser_settings settings = {
+        .on_body = on_body,
+        .on_message_complete = on_message_complete
+    };
+
+    body_t data = {};
+    http_parser parser = { .data = &data };
+
+    http_parser_init(&parser, HTTP_RESPONSE);
+
+    for (;;) {
+        ssize_t rcvd = 0;
+        size_t prsd = 0;
+
+        rcvd = recv(conn->sock, &conn->data[conn->used],
+                    sizeof(conn->data) - conn->used, 0);
+        if (rcvd < 0) {
+            free(data.data);
+            return -errno;
+        } else if (rcvd == 0) {
+            free(data.data);
+            return -EIO;
+        }
+
+        conn->used += rcvd;
+
+        prsd = http_parser_execute(&parser, &settings, conn->data, conn->used);
+
+        conn->used -= prsd;
+        memmove(conn->data, &conn->data[prsd], conn->used);
+
+        switch (parser.http_errno) {
+        case HPE_OK: /* We need to process more data. */
+            break;
+
+        case HPE_PAUSED: /* We got one request. */
+            *body = data.data;
+            return parser.status_code;
+
+        default: /* An error occurred. */
+            free(data.data);
+            return -EBADMSG;
+        }
+    }
+}
+
+static double
+curtime(void)
+{
+    struct timespec ts = {};
+    double out = 0;
+
+    if (clock_gettime(CLOCK_MONOTONIC_RAW, &ts) == 0) {
+        out = ts.tv_nsec;
+        out /= 1000000000L;
+        out += ts.tv_sec;
+    }
+
+    return out;
+}
+
+static void
+dump_perf(json_t *time)
+{
+    const char *key = NULL;
+    bool first = true;
+    json_t *val = 0;
+
+    json_object_foreach(time, key, val) {
+        int v = 0;
+
+        if (!first)
+            printf(" ");
+        else
+            first = false;
+
+        if (json_is_integer(val))
+            v = json_integer_value(val);
+        else if (json_is_real(val))
+            v = json_real_value(val) * 1000000;
+
+        printf("%s=%d", key, v);
+    }
+}
+
+static int
+parse_url(const char *url, url_t *parts)
+{
+    static const uint16_t mask = (1 << UF_SCHEMA) | (1 << UF_HOST);
+    struct http_parser_url purl = {};
+
+    if (http_parser_parse_url(url, strlen(url), false, &purl) != 0)
+        return -EINVAL;
+
+    if ((purl.field_set & mask) != mask)
+        return -EINVAL;
+
+    if (purl.field_data[UF_SCHEMA].len >= sizeof(parts->schm) ||
+        purl.field_data[UF_HOST].len >= sizeof(parts->host) ||
+        purl.field_data[UF_PORT].len >= sizeof(parts->srvc) ||
+        purl.field_data[UF_PATH].len >= sizeof(parts->path))
+        return -E2BIG;
+
+    strncpy(parts->schm, &url[purl.field_data[UF_SCHEMA].off],
+            purl.field_data[UF_SCHEMA].len);
+
+    strncpy(parts->host, &url[purl.field_data[UF_HOST].off],
+            purl.field_data[UF_HOST].len);
+
+    if (purl.field_set & (1 << UF_PORT)) {
+        strncpy(parts->srvc, &url[purl.field_data[UF_PORT].off],
+                purl.field_data[UF_PORT].len);
+    } else {
+        strcpy(parts->srvc, parts->schm);
+    }
+
+    if (purl.field_set & (1 << UF_PATH)) {
+        strncpy(parts->path, &url[purl.field_data[UF_PATH].off],
+                purl.field_data[UF_PATH].len);
+    }
+
+    return 0;
+}
+
+static json_t *
+validate(const json_t *jws)
+{
+    json_auto_t *jwkset = NULL;
+    json_t *keys = NULL;
+    size_t sigs = 0;
+
+    jwkset = jose_b64_dec_load(json_object_get(jws, "payload"));
+    if (!jwkset)
+        return NULL;
+
+    keys = json_object_get(jwkset, "keys");
+    if (!json_is_array(keys))
+        return NULL;
+
+    for (size_t i = 0; i < json_array_size(keys); i++) {
+        json_t *key = json_array_get(keys, i);
+
+        if (!jose_jwk_prm(NULL, key, true, "verify"))
+            continue;
+
+        if (!jose_jws_ver(NULL, jws, NULL, key, true))
+            return NULL;
+
+        sigs++;
+    }
+
+    if (sigs == 0)
+        return NULL;
+
+    return json_incref(keys);
+}
+
+static bool
+nagios_recover(conn_t *con, const char *host, const char *path,
+               const json_t *jwk, size_t *sig, size_t *rec, json_t *time)
+{
+    json_auto_t *exc = NULL;
+    json_auto_t *rep = NULL;
+    json_auto_t *lcl = NULL;
+    json_auto_t *kid = NULL;
+    char *body = NULL;
+    double s = 0;
+    double e = 0;
+    int r = 0;
+
+    if (jose_jwk_prm(NULL, jwk, true, "verify")) {
+        *sig += 1;
+        return true;
+    }
+
+    if (!jose_jwk_prm(NULL, jwk, true, "deriveKey"))
+        return true;
+
+    kid = jose_jwk_thp(NULL, jwk, "S256");
+    if (!kid)
+        return true;
+
+    lcl = json_pack("{s:O,s:O,s:s,s:[s]}",
+                    "kty", json_object_get(jwk, "kty"),
+                    "crv", json_object_get(jwk, "crv"),
+                    "alg", "ECMR",
+                    "key_ops", "deriveKey");
+    if (!lcl)
+        return false;
+
+    if (!jose_jwk_gen(NULL, lcl))
+        return false;
+
+    exc = jose_jwk_exc(NULL, lcl, jwk);
+    if (!exc)
+        return false;
+
+    if (!jose_jwk_pub(NULL, lcl))
+        return false;
+
+    body = json_dumps(lcl, JSON_SORT_KEYS | JSON_COMPACT);
+    if (!body)
+        return false;
+
+    r = conn_send(con,
+                  "POST %s/rec/%s HTTP/1.1\r\n"
+                  "Content-Type: application/jwk+json\r\n"
+                  "Accept: application/jwk+json\r\n"
+                  "Content-Length: %zu\r\n"
+                  "Host: %s\r\n"
+                  "\r\n%s",
+                  path, json_string_value(kid), strlen(body), host, body);
+    free(body);
+    body = NULL;
+    if (r < 0)
+        return false;
+
+    s = curtime();
+    r = conn_recv(con, &body);
+    e = curtime();
+    if (r != 200) {
+        if (r < 0)
+            printf("Error performing recovery! %s\n", strerror(-r));
+        else
+            printf("Error performing recovery! HTTP Status %d\n", r);
+
+        free(body);
+        return false;
+    }
+
+    rep = json_loads(body, 0, NULL);
+    free(body);
+    if (!rep) {
+        printf("Received invalid JSON in response body!\n");
+        return false;
+    }
+
+    if (s == 0.0 || e == 0.0 ||
+        json_array_append_new(time, json_real(e - s)) < 0) {
+        printf("Error calculating performance metrics!\n");
+        return false;
+    }
+
+    if (!jose_jwk_eql(NULL, exc, rep)) {
+        printf("Recovered key doesn't match!\n");
+        return false;
+    }
+
+    *rec += 1;
+    return true;
+}
+
+static const struct option opts[] = {
+    { "help",   no_argument,      .val = INT_MAX },
+    { "url",   required_argument, .val = 'u' },
+    {}
+};
+
+int
+main(int argc, char *argv[])
+{
+    json_auto_t *perf = NULL;
+    json_auto_t *time = NULL;
+    json_auto_t *keys = NULL;
+    json_auto_t *adv = NULL;
+    conn_auto_t *con = NULL;
+    const char *url = NULL;
+    char *body = NULL;
+    url_t parts = {};
+    size_t sig = 0;
+    size_t exc = 0;
+    double sum = 0;
+    double s = 0;
+    double e = 0;
+    int r = 0;
+
+    perf = json_object();
+    time = json_array();
+    if (!perf || !time)
+        return NAGIOS_CRIT;
+
+    for (int c; (c = getopt_long(argc, argv, "u:", opts, NULL)) >= 0; ) {
+        switch (c) {
+        case 'u': url = optarg; break;
+        default: goto usage;
+        }
+    }
+
+    if (!url)
+        goto usage;
+
+    r = parse_url(url, &parts);
+    if (r < 0)
+        return NAGIOS_CRIT;
+
+    con = conn_open(parts.host, parts.srvc, AF_UNSPEC);
+    if (!con) {
+        printf("Unable to connect to server!\n");
+        return NAGIOS_CRIT;
+    }
+
+    r = conn_send(con,
+                  "GET %s/adv HTTP/1.1\r\n"
+                  "Accept: application/jose+json\r\n"
+                  "Content-Length: 0\r\n"
+                  "Host: %s\r\n"
+                  "\r\n", parts.path, parts.host);
+    if (r < 0)
+        return NAGIOS_CRIT;
+
+    s = curtime();
+    r = conn_recv(con, &body);
+    e = curtime();
+    if (r != 200) {
+        if (r < 0)
+            printf("Error fetching advertisement! %s\n", strerror(-r));
+        else
+            printf("Error fetching advertisement! HTTP Status %d\n", r);
+
+        free(body);
+        return NAGIOS_CRIT;
+    }
+
+    if (s == 0.0 || e == 0.0 ||
+        json_object_set_new(perf, "adv", json_real(e - s)) != 0) {
+        printf("Error calculating performance metrics!\n");
+        free(body);
+        return NAGIOS_CRIT;
+    }
+
+    adv = json_loads(body, 0, NULL);
+    free(body);
+    if (!adv) {
+        printf("Received invalid advertisement!\n");
+        return NAGIOS_CRIT;
+    }
+
+    keys = validate(adv);
+    if (!keys) {
+        printf("Error validating advertisement!\n");
+        return NAGIOS_CRIT;
+    }
+
+    for (size_t i = 0; i < json_array_size(keys); i++) {
+        json_t *jwk = json_array_get(keys, i);
+        if (!nagios_recover(con, parts.host, parts.path, jwk,
+                            &sig, &exc, time))
+            return NAGIOS_CRIT;
+    }
+
+    if (exc == 0) {
+        printf("Advertisement contains no exchange keys!\n");
+        return NAGIOS_CRIT;
+    }
+
+    for (size_t i = 0; i < json_array_size(time); i++)
+        sum += json_real_value(json_array_get(time, i));
+
+    json_object_set_new(perf, "exc", json_real(sum / json_array_size(time)));
+    json_object_set_new(perf, "nkeys", json_integer(json_array_size(keys)));
+    json_object_set_new(perf, "nsigk", json_integer(sig));
+    json_object_set_new(perf, "nexck", json_integer(exc));
+
+    printf("OK|");
+    dump_perf(perf);
+    printf("\n");
+    return NAGIOS_OK;
+
+usage:
+    fprintf(stderr,
+            "Usage: %s -u URL\n"
+            "\n"
+            "            --help       Show this usage message\n"
+            "    -u URL, --url URL    Test the server at this URL\n"
+            "", argv[0]);
+    return NAGIOS_CRIT;
+}

+ 36 - 0
src/tangd-keygen

@@ -0,0 +1,36 @@
+#!/bin/bash
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Nathaniel McCallum <npmccallum@redhat.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+trap 'exit' ERR
+
+if [ $# -ne 1 -a $# -ne 3 ] || [ ! -d "$1" ]; then
+    echo "Usage: $0 <jwkdir> [<sig> <exc>]" >&2
+    exit 1
+fi
+
+[ $# -eq 3 ] && sig=$2 && exc=$3
+
+jwe=`jose jwk gen -i '{"alg":"ES512"}'`
+[ -z "$sig" ] && sig=`echo "$jwe" | jose jwk thp -i-`
+echo "$jwe" > $1/$sig.jwk
+
+jwe=`jose jwk gen -i '{"alg":"ECMR"}'`
+[ -z "$exc" ] && exc=`echo "$jwe" | jose jwk thp -i-`
+echo "$jwe" > $1/$exc.jwk

+ 83 - 0
src/tangd-update

@@ -0,0 +1,83 @@
+#!/bin/bash
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Nathaniel McCallum <npmccallum@redhat.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+TMP='{"protected":{"cty":"jwk-set+json"}}'
+
+trap 'exit' ERR
+
+shopt -s nullglob
+
+HASHES=`jose alg -k hash`
+
+if [ $# -ne 2 ] || [ ! -d "$1" ]; then
+    echo "Usage: $0 <jwkdir> <cachedir>" >&2
+    exit 1
+fi
+
+[ ! -d "$2" ] && mkdir -p -m 0700 "$2"
+
+src=`realpath "$1"`
+dst=`realpath "$2"`
+
+payl=()
+sign=()
+
+for jwk in $src/*.jwk; do
+    if jose jwk use -i "$jwk" -r -u sign -u verify; then
+        sign+=("-s" "$TMP" "-k" "$jwk")
+        payl+=("-i" "$jwk")
+    elif jose jwk use -i "$jwk" -r -u deriveKey; then
+        payl+=("-i" "$jwk")
+    else
+        echo "Skipping invalid key: $jwk" >&2
+    fi
+done
+
+if [ ${#sign[@]} -gt 0 ]; then
+    jose jwk pub -s "${payl[@]}" \
+        | jose jws sig -I- "${sign[@]}" -o "$dst/.default.jws"
+    mv -f "$dst/.default.jws" "$dst/default.jws"
+    new=default.jws
+fi
+
+shopt -s dotglob
+
+for jwk in $src/*.jwk; do
+    for hsh in $HASHES; do
+        thp=`jose jwk thp -i "$jwk" -a $hsh`
+
+        if jose jwk use -i "$jwk" -r -u deriveKey; then
+            ln -sf "$jwk" "$dst/.$thp.jwk"
+            mv -f "$dst/.$thp.jwk" "$dst/$thp.jwk"
+            new="$new\n$thp.jwk"
+        elif jose jwk use -i "$jwk" -r -u sign; then
+            keys=("${sign[@]}" -s "$TMP" -k "$jwk")
+            jose jwk pub -s "${payl[@]}" \
+                | jose jws sig -I- "${keys[@]}" -o "$dst/.$thp.jws"
+            mv -f "$dst/.$thp.jws" "$dst/$thp.jws"
+            new="$new\n$thp.jws"
+        fi
+    done
+done
+
+for f in "$dst"/*; do
+    b=`basename "$f"`
+    echo -e "$new" | grep -q "^$b\$" || rm -f "$f"
+done

+ 226 - 0
src/tangd.c

@@ -0,0 +1,226 @@
+/* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
+/*
+ * Copyright (c) 2016 Red Hat, Inc.
+ * Author: Nathaniel McCallum <npmccallum@redhat.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "http.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <jose/jose.h>
+
+static void
+str_cleanup(char **str)
+{
+    if (str)
+        free(*str);
+}
+
+static void
+FILE_cleanup(FILE **file)
+{
+    if (file && *file)
+        fclose(*file);
+}
+
+static int
+adv(enum http_method method, const char *path, const char *body,
+    regmatch_t matches[], void *misc)
+{
+    __attribute__((cleanup(FILE_cleanup))) FILE *file = NULL;
+    __attribute__((cleanup(str_cleanup))) char *adv = NULL;
+    __attribute__((cleanup(str_cleanup))) char *thp = NULL;
+    char filename[PATH_MAX] = {};
+    const char *cachedir = misc;
+    struct stat st = {};
+
+    if (matches[1].rm_so < matches[1].rm_eo) {
+        size_t size = matches[1].rm_eo - matches[1].rm_so;
+        thp = strndup(&path[matches[1].rm_so], size);
+        if (!thp)
+            return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+    }
+
+    if (snprintf(filename, sizeof(filename),
+                 "%s/%s.jws", cachedir, thp ? thp : "default") < 0)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    file = fopen(filename, "r");
+    if (!file)
+        return http_reply(HTTP_STATUS_NOT_FOUND, NULL);
+
+    if (fstat(fileno(file), &st) != 0)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    adv = calloc(st.st_size + 1, 1);
+    if (!adv)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    if (fread(adv, st.st_size, 1, file) != 1)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    return http_reply(HTTP_STATUS_OK,
+                      "Content-Type: application/jose+json\r\n"
+                      "Content-Length: %zu\r\n"
+                      "\r\n%s", strlen(adv), adv);
+}
+
+static int
+rec(enum http_method method, const char *path, const char *body,
+    regmatch_t matches[], void *misc)
+{
+    __attribute__((cleanup(str_cleanup))) char *enc = NULL;
+    __attribute__((cleanup(str_cleanup))) char *thp = NULL;
+    size_t size = matches[1].rm_eo - matches[1].rm_so;
+    char filename[PATH_MAX] = {};
+    const char *cachedir = misc;
+    json_auto_t *jwk = NULL;
+    json_auto_t *req = NULL;
+    json_auto_t *rep = NULL;
+    const char *alg = NULL;
+    const char *kty = NULL;
+    const char *d = NULL;
+
+    /*
+     * Parse and validate the request JWK
+     */
+
+    req = json_loads(body, 0, NULL);
+    if (!req)
+        return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
+
+    if (!jose_jwk_prm(NULL, req, false, "deriveKey"))
+        return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
+
+    if (json_unpack(req, "{s:s,s?s}", "kty", &kty, "alg", &alg) < 0)
+        return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
+
+    if (strcmp(kty, "EC") != 0)
+        return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
+
+    if (alg && strcmp(alg, "ECMR") != 0)
+        return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
+
+    /*
+     * Parse and validate the server-side JWK
+     */
+
+    thp = strndup(&path[matches[1].rm_so], size);
+    if (!thp)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    if (snprintf(filename, sizeof(filename), "%s/%s.jwk", cachedir, thp) < 0)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    jwk = json_load_file(filename, 0, NULL);
+    if (!jwk)
+        return http_reply(HTTP_STATUS_NOT_FOUND, NULL);
+
+    if (!jose_jwk_prm(NULL, jwk, true, "deriveKey"))
+        return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
+
+    if (json_unpack(jwk, "{s:s,s?s}", "d", &d, "alg", &alg) < 0)
+        return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
+
+    if (alg && strcmp(alg, "ECMR") != 0)
+        return http_reply(HTTP_STATUS_FORBIDDEN, NULL);
+
+    /*
+     * Perform the exchange and return
+     */
+    rep = jose_jwk_exc(NULL, jwk, req);
+    if (!rep)
+        return http_reply(HTTP_STATUS_BAD_REQUEST, NULL);
+
+    if (json_object_set_new(rep, "alg", json_string("ECMR")) < 0)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    if (json_object_set_new(rep, "key_ops", json_pack("[s]", "deriveKey")) < 0)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    enc = json_dumps(rep, JSON_SORT_KEYS | JSON_COMPACT);
+    if (!enc)
+        return http_reply(HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL);
+
+    return http_reply(HTTP_STATUS_OK,
+                      "Content-Type: application/jwk+json\r\n"
+                      "Content-Length: %zu\r\n"
+                      "\r\n%s", strlen(enc), enc);
+}
+
+static struct http_dispatch dispatch[] = {
+    { adv, 1 << HTTP_GET,  2, "^/+adv/+([0-9A-Za-z_-]+)$" },
+    { adv, 1 << HTTP_GET,  2, "^/+adv/*$" },
+    { rec, 1 << HTTP_POST, 2, "^/+rec/+([0-9A-Za-z_-]+)$" },
+    {}
+};
+
+int
+main(int argc, char *argv[])
+{
+    struct http_state state = { .dispatch = dispatch, .misc = argv[1] };
+    struct http_parser parser = { .data = &state };
+    struct stat st = {};
+    char req[4096] = {};
+    size_t rcvd = 0;
+    int r = 0;
+
+    http_parser_init(&parser, HTTP_REQUEST);
+
+    if (argc != 2) {
+        fprintf(stderr, "Usage: %s <cachedir>\n", argv[0]);
+        return EXIT_FAILURE;
+    }
+
+    if (stat(argv[1], &st) != 0) {
+        fprintf(stderr, "Error calling stat() on path: %s: %m\n", argv[1]);
+        return EXIT_FAILURE;
+    }
+
+    if (!S_ISDIR(st.st_mode)) {
+        fprintf(stderr, "Path is not a directory: %s\n", argv[1]);
+        return EXIT_FAILURE;
+    }
+
+    for (;;) {
+        r = read(STDIN_FILENO, &req[rcvd], sizeof(req) - rcvd - 1);
+        if (r == 0)
+            return rcvd > 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+        if (r < 0)
+            return EXIT_FAILURE;
+
+        rcvd += r;
+
+        r = http_parser_execute(&parser, &http_settings, req, rcvd);
+        if (parser.http_errno != 0) {
+            fprintf(stderr, "HTTP Parsing Error: %s\n",
+                    http_errno_description(parser.http_errno));
+            return EXIT_FAILURE;
+        }
+
+        memmove(req, &req[r], rcvd - r);
+        rcvd -= r;
+    }
+
+    return EXIT_SUCCESS;
+}

+ 148 - 0
test-driver

@@ -0,0 +1,148 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2013-07-13.22; # UTC
+
+# Copyright (C) 2011-2014 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <<END
+Usage:
+  test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
+              [--expect-failure={yes|no}] [--color-tests={yes|no}]
+              [--enable-hard-errors={yes|no}] [--]
+              TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+END
+}
+
+test_name= # Used for reporting.
+log_file=  # Where to save the output of the test script.
+trs_file=  # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+  case $1 in
+  --help) print_usage; exit $?;;
+  --version) echo "test-driver $scriptversion"; exit $?;;
+  --test-name) test_name=$2; shift;;
+  --log-file) log_file=$2; shift;;
+  --trs-file) trs_file=$2; shift;;
+  --color-tests) color_tests=$2; shift;;
+  --expect-failure) expect_failure=$2; shift;;
+  --enable-hard-errors) enable_hard_errors=$2; shift;;
+  --) shift; break;;
+  -*) usage_error "invalid option: '$1'";;
+   *) break;;
+  esac
+  shift
+done
+
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file"  = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file"  = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+  usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+  usage_error "missing argument"
+fi
+
+if test $color_tests = yes; then
+  # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+  red='' # Red.
+  grn='' # Green.
+  lgn='' # Light green.
+  blu='' # Blue.
+  mgn='' # Magenta.
+  std=''     # No color.
+else
+  red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here.
+"$@" >$log_file 2>&1
+estatus=$?
+
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  tweaked_estatus=1
+else
+  tweaked_estatus=$estatus
+fi
+
+case $tweaked_estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>$log_file
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

+ 84 - 0
tests/adv

@@ -0,0 +1,84 @@
+#!/bin/bash -x
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Nathaniel McCallum <npmccallum@redhat.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+function on_exit() {
+    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
+    [ -d "$TMP" ] && rm -rf $TMP
+}
+
+trap 'on_exit' EXIT
+trap 'exit' ERR
+
+export TMP=`mktemp -d`
+mkdir -p $TMP/db
+mkdir -p $TMP/cache
+
+tangd-keygen $TMP/db sig exc
+jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.sig.jwk
+jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.oth.jwk
+tangd-update $TMP/db $TMP/cache
+
+for addr in "127.0.0.1" "[::1]"; do
+  port=`shuf -i 1024-65536 -n 1`
+  $SD_ACTIVATE -l "$addr:$port" -a $VALGRIND tangd $TMP/cache &
+  export PID=$!
+  sleep 0.5
+
+  # Make sure requests on the root fail
+  ! curl -sfg http://$addr:$port/
+
+  # The request should fail (404) for non-signature key IDs
+  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/exc.jwk`
+  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -a S512 -i $TMP/db/exc.jwk`
+
+  # The default advertisement fetch should succeed and pass verification
+  curl -sfg http://$addr:$port/adv
+  curl -sfg http://$addr:$port/adv | jose jws ver -i- -k $TMP/db/sig.jwk
+  curl -sfg http://$addr:$port/adv/ | jose jws ver -i- -k $TMP/db/sig.jwk
+
+  # Fetching by any thumbprint should work
+  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/sig.jwk
+  curl -sfg http://$addr:$port/adv/`jose jwk thp -a S512 -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/sig.jwk
+
+  # Requesting an adv by an advertised key ID should't be signed by hidden keys
+  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/.sig.jwk
+  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/.oth.jwk
+
+  # Verify that the default advertisement is not signed with hidden signature keys
+  ! curl -sfg http://$addr:$port/adv/ | jose jws ver -i- -k $TMP/db/.oth.jwk
+  ! curl -sfg http://$addr:$port/adv/ | jose jws ver -i- -k $TMP/db/.sig.jwk
+
+  # A private key advertisement is signed by all advertised keys and the requested private key
+  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` | jose jws ver -i- -k $TMP/db/sig.jwk
+  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` | jose jws ver -i- -k $TMP/db/.sig.jwk
+  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` | jose jws ver -i- -k $TMP/db/.oth.jwk
+
+  # Verify that the advertisements contain the cty parameter
+  curl -sfg http://$addr:$port/adv \
+      | jose fmt -j- -Og protected -SyOg cty -Sq "jwk-set+json" -E
+  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` \
+      | jose fmt -j- -Og signatures -A \
+                 -g 0 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU \
+                 -g 1 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU
+
+  kill $PID
+  wait $PID || true
+  unset PID
+done

+ 43 - 0
tests/nagios

@@ -0,0 +1,43 @@
+#!/bin/bash -x
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Nathaniel McCallum <npmccallum@redhat.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+function on_exit() {
+    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
+    [ -d "$TMP" ] && rm -rf $TMP
+}
+
+trap 'on_exit' EXIT
+trap 'exit' ERR
+
+export TMP=`mktemp -d`
+mkdir -p $TMP/db
+mkdir -p $TMP/cache
+
+# Generate the server keys
+tangd-keygen $TMP/db
+tangd-update $TMP/db $TMP/cache
+
+# Start the server
+port=`shuf -i 1024-65536 -n 1`
+$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/cache &
+export PID=$!
+sleep 0.5
+
+tang -u http://127.0.0.1:$port

+ 59 - 0
tests/rec

@@ -0,0 +1,59 @@
+#!/bin/bash -x
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Nathaniel McCallum <npmccallum@redhat.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+function on_exit() {
+    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
+    [ -d "$TMP" ] && rm -rf $TMP
+}
+
+trap 'on_exit' EXIT
+trap 'exit' ERR
+
+export TMP=`mktemp -d`
+mkdir -p $TMP/db
+mkdir -p $TMP/cache
+
+# Generate the server keys
+tangd-keygen $TMP/db sig exc
+tangd-update $TMP/db $TMP/cache
+
+# Generate the client keys
+exc_kid=`jose jwk thp -i $TMP/db/exc.jwk`
+tmp=`jose fmt -j $TMP/db/exc.jwk -Od x -d y -d d -o-`
+jose jwk gen -i "$tmp" -o $TMP/exc.jwk
+jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
+
+# Start the server
+port=`shuf -i 1024-65536 -n 1`
+$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/cache &
+export PID=$!
+sleep 0.5
+
+# Make sure that GET fails
+! curl -sf http://127.0.0.1:$port/rec
+! curl -sf http://127.0.0.1:$port/rec/
+
+# Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
+good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
+test=`curl -sf -X POST \
+           -H "Content-Type: application/jwk+json" \
+           --data-binary @- \
+           http://127.0.0.1:$port/rec/${exc_kid} < $TMP/exc.pub.jwk`
+[ "$good" == "$test" ]

+ 8 - 0
units/tangd-keygen.service.in

@@ -0,0 +1,8 @@
+[Unit]
+Description=Tang Server key generation script
+ConditionDirectoryNotEmpty=|!@jwkdir@
+Requires=tangd-update.path
+
+[Service]
+Type=oneshot
+ExecStart=@libexecdir@/tangd-keygen @jwkdir@

+ 4 - 0
units/tangd-update.path.in

@@ -0,0 +1,4 @@
+[Path]
+PathChanged=@jwkdir@
+MakeDirectory=true
+DirectoryMode=0700

+ 6 - 0
units/tangd-update.service.in

@@ -0,0 +1,6 @@
+[Unit]
+Description=Tang Server key update script
+
+[Service]
+Type=oneshot
+ExecStart=@libexecdir@/tangd-update @jwkdir@ @cachedir@

+ 11 - 0
units/tangd.socket.in

@@ -0,0 +1,11 @@
+[Unit]
+Description=Tang Server socket
+Requires=tangd-update.path
+Requires=tangd-keygen.service
+
+[Socket]
+ListenStream=80
+Accept=true
+
+[Install]
+WantedBy=multi-user.target

+ 10 - 0
units/tangd@.service.in

@@ -0,0 +1,10 @@
+[Unit]
+Description=Tang Server
+Requires=tangd-update.path
+Requires=tangd-keygen.service
+
+[Service]
+StandardInput=socket
+StandardOutput=socket
+StandardError=journal
+ExecStart=@libexecdir@/tangd @cachedir@