Improve documentationicefish_8.99.5icefish_8.99.4icefish/8.99.5icefish/8.99.48.99.58.99.4

Bug-AGL: SPEC-2968
Bug-AGL: SPEC-3032

Change-Id: I796f324e92df709a26e4b0bc64bed1e10b67f757
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

4 files changed, 207 insertions, 50 deletions

diff --git a/README.md b/README.md
index 448aed1..6012177 100644
--- a/README.md
+++ b/README.md
@@ -8,9 +8,8 @@ It currently only implments the client credential flow, checking
 the client identity using the Smack label. A tiny launcher,
 cynagoauth-launch, is provided to negociate the token and run
 the final client, setting CYNAGOAUTH_TOKEN environment
-variable and substi
-
-
+variable and substitute the patterns for the token of the
+arguments of the launched program.
 
 LICENSE
 -------
@@ -24,18 +23,18 @@ DEPENDENCIES
 
 It depends of:
 
- - json-c
- - libmicrohttpd
- - openssl
- - libcurl
-
+- json-c
+- libmicrohttpd
+- openssl
+- libcurl
+- cynagora
 
 COMPILING
 ---------
 
 To compile and install it:
 
-```
+```sh
 mkdir build
 cd build
 cmake ..
@@ -45,8 +44,65 @@ make
 RFCs
 ----
 
-OAuth 2.0 Authorization Server Metadata: https://tools.ietf.org/html/rfc8414
+OAuth 2.0 Authorization Framework: <https://tools.ietf.org/html/rfc6749>
+
+OAuth 2.0 Authorization Server Metadata: <https://tools.ietf.org/html/rfc8414>
+
+OAuth 2.0 Dynamic Client Registration Protocol: <https://tools.ietf.org/html/rfc7591>
+
+OpenID Connect Discovery 1.0: <https://openid.net/specs/openid-connect-discovery-1_0.html>
+
+cynagoauth-server
+-----------------
+
+```text
+> cynagoauth-server -h
+
+usage: cynagoauth-server [options...] [interfaces...]
+
+Run a basic OAuth server, currently only implementing client credential
+flow based on Smack labels and Cynagora backend.
+
+The interfaces specify ip adresses and port to listen. It must be of
+the form [HOST][:SERVICE]. Default host: *, default port: 7777.
+Examples:
 
-OAuth 2.0 Dynamic Client Registration Protocol: https://tools.ietf.org/html/rfc7591
+  localhost:5555        listen on loopback on port 5555
+  *:1234                listen any interface on port 1234
+  localhost             listen on default port of localhost
 
-OpenID Connect Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
+Default interface if none is given: *:7777
+
+Options:
+
+ -h, --help        this help
+ -s, --secure      serves https
+ -u, --unsecure    serves http
+```
+
+cynagoauth-launcher
+-------------------
+
+```text
+usage: cynagoauth-launch [options...] program [args...]
+
+Ask an OAuth2 server for an access token and launches the given program
+with this retrieved token. The URL of the token end point to be queried
+can be set by option (see below) or environment variable CYNAGOAUTH_URL.
+The default value is http://localhost:7777/tok
+
+When launched the program has the following environment variables defined:
+
+  - the access token   CYNAGOAUTH_TOKEN
+
+The arguments of the program to launch are scanned and patterns for the token
+are substituted by the effective value of the token. The default pattern is @t
+
+Options:
+
+ -h, --help             this help
+ -n, --name NAME        name of the environement variable to set
+ -r, --replace PATTERN  redefine the pattern to be replaced
+ -t, --token TOKEN      the token to use, token end point is not queried
+ -u, --url URL          URL of the token end point
+```
diff --git a/cynagoauth.service b/cynagoauth.service
index cd84afb..9468a7a 100644
--- a/cynagoauth.service
+++ b/cynagoauth.service
@@ -3,9 +3,9 @@ Description=Authorization server OAuth2
 BindsTo=cynagora.service
 
 [Service]
-#User=daemon
-#Group=nobody
-#SupplementaryGroups=cynagora
+User=daemon
+Group=nobody
+SupplementaryGroups=cynagora
 ExecStart=/usr/bin/cynagoauth-server
 Restart=on-failure
 RestartSec=5
diff --git a/src/cynagoauth-launch.c b/src/cynagoauth-launch.c
index a762877..b2d6401 100644
--- a/src/cynagoauth-launch.c
+++ b/src/cynagoauth-launch.c
@@ -31,6 +31,12 @@
 #if !defined(DEFAULTNAME)
 #    define DEFAULTNAME	"CYNAGOAUTH_TOKEN"
 #endif
+#if !defined(DEFAULTNAMETYPE)
+#    define DEFAULTNAMETYPE	DEFAULTNAME"_TYPE"
+#endif
+#if !defined(DEFAULTNAMEEXPIRE)
+#    define DEFAULTNAMEEXPIRE	DEFAULTNAME"_EXPIRE"
+#endif
 #if !defined(VARURL)
 #    define VARURL	"CYNAGOAUTH_URL"
 #endif
@@ -38,9 +44,10 @@
 #    define DEFAULTURL	"http://localhost:7777/tok"
 #endif
 
-const char shortopts[] = "+n:r:t:u:";
+const char shortopts[] = "+hn:r:t:u:";
 
 const struct option longopts[] = {
+	{ "help",    0, 0, 'h' },
 	{ "name",    1, 0, 'n' },
 	{ "replace", 1, 0, 'r' },
 	{ "token",   1, 0, 't' },
@@ -48,6 +55,39 @@ const struct option longopts[] = {
 	{ 0, 0, 0, 0 }
 };
 
+const char helpmsg[] =
+	"\n"
+	"usage: %s [options...] program [args...]\n"
+	"\n"
+	"Ask an OAuth2 server for an access token and launches the given program\n"
+	"with this retrieved token. The URL of the token end point to be queried\n"
+	"can be set by option (see below) or environment variable "VARURL".\n"
+	"The default value is "DEFAULTURL"\n"
+	"\n"
+	"When launched the program has the following environment variables defined:\n"
+	"\n"
+	"  - the access token   "DEFAULTNAME"\n"
+	"\n"
+	"The arguments of the program to launch are scanned and patterns for the token\n"
+	"are substituted by the effective value of the token. The default pattern is @t\n"
+	"\n"
+	"Options:\n"
+	"\n"
+	" -h, --help             this help\n"
+	" -n, --name NAME        name of the environement variable to set\n"
+	" -r, --replace PATTERN  redefine the pattern to be replaced\n"
+	" -t, --token TOKEN      the token to use, token end point is not queried\n"
+	" -u, --url URL          URL of the token end point\n"
+	"\n"
+;
+
+void printhelp(char *prog)
+{
+	prog = strchr(prog, '/') ? strrchr(prog, '/') + 1 : prog;
+	printf(helpmsg, prog);
+	exit(0);
+}
+
 char *optname = NULL;
 char *optreplace = NULL;
 char *opttoken = NULL;
@@ -67,7 +107,8 @@ char *rewrite_search(char *string, const char *defs[], int *idxpat)
 	for (iit = 0 ; (spat = defs[iit]) ; iit += 2) {
 		if (*spat) {
 			sit = strstr(string, spat);
-			if (sit && (sfound == NULL || sfound > sit)) {
+			if (sit && (sfound == NULL || sfound > sit ||
+			 (sfound == sit && strlen(spat) > strlen(defs[ifound])))) {
 				ifound = iit;
 				sfound = sit;
 			}
@@ -132,17 +173,9 @@ char *rewrite(char *arg, const char *token)
 {
 	const char *defs[5];
 	
-	if (optreplace) {
-		defs[0] = optreplace;
-		defs[1] = token;
-		defs[4] = NULL;
-	} else {
-		defs[0] = "@t";
-		defs[1] = token;
-		defs[2] = "@@";
-		defs[3] = "@";
-		defs[4] = NULL;
-	}
+	defs[0] = optreplace ?: "@t";
+	defs[1] = token;
+	defs[2] = NULL;
 	return rewrite_replace(arg, defs);
 }
 
@@ -191,22 +224,21 @@ void process_arguments(int ac, char **av)
 			return;
 		}
 		switch (optid) {
+		case 'h':
+			printhelp(av[0]);
+			break;
 		case 'n':
 			optname = optarg;
 			break;
-
 		case 'r':
 			optreplace = optarg;
 			break;
-
 		case 't':
 			opttoken = optarg;
 			break;
-
 		case 'u':
 			opturl = optarg;
 			break;
-
 		default:
 			fprintf(stderr, "Bad option detected");
 			exit(1);
diff --git a/src/cynagoauth-server.c b/src/cynagoauth-server.c
index f826c88..627e5d6 100644
--- a/src/cynagoauth-server.c
+++ b/src/cynagoauth-server.c
@@ -26,6 +26,7 @@
 #include <poll.h>
 #include <netdb.h>
 #include <sys/socket.h>
+#include <getopt.h>
 
 #include <microhttpd.h>
 #include <json-c/json.h>
@@ -54,6 +55,47 @@
 #    define ENVHOSTS		"CYNAGOAUTH_HOSTS_SPEC"
 #endif
 
+static const char shortopts[] = "hs";
+
+static const struct option longopts[] = {
+	{ "help",     0, 0, 'h' },
+	{ "secure",   0, 0, 's' },
+	{ "unsecure", 0, 0, 'u' },
+	{ 0, 0, 0, 0 }
+};
+
+const char helpmsg[] =
+	"\n"
+	"usage: %s [options...] [interfaces...]\n"
+	"\n"
+	"Run a basic OAuth server, currently only implementing client credential\n"
+	"flow based on Smack labels and Cynagora backend.\n"
+	"\n"
+	"The interfaces specify ip adresses and port to listen. It must be of\n"
+	"the form [HOST][:SERVICE]. Default host: *, default port: "DEFAULTPORT".\n"
+	"Examples:\n"
+	"\n"
+	"  localhost:5555        listen on loopback on port 5555\n"
+	"  *:1234                listen any interface on port 1234\n"
+	"  localhost             listen on default port of localhost\n"
+	"\n"
+	"Default interface if none is given: "DEFAULTHOSTS"\n"
+	"\n"
+	"Options:\n"
+	"\n"
+	" -h, --help        this help\n"
+	" -s, --secure      serves https\n"
+	" -u, --unsecure    serves http\n"
+	"\n"
+;
+
+void printhelp(char *prog)
+{
+	prog = strchr(prog, '/') ? strrchr(prog, '/') + 1 : prog;
+	printf(helpmsg, prog);
+	exit(0);
+}
+
 static char cert[] =
 "-----BEGIN CERTIFICATE-----\n"
 "MIID5TCCAk2gAwIBAgIUBJtxecHlDMYCJfnDLqo8iWmNREkwDQYJKoZIhvcNAQEL\n"
@@ -644,6 +686,10 @@ int access_handler(
 	return MHD_YES;
 }
 
+/****************************************************************************/
+/*** SETTING                                                              ***/
+/****************************************************************************/
+
 int openhost(const char *hostname)
 {
 	int rc, fd;
@@ -747,19 +793,46 @@ void main(int ac, char **av)
 	struct MHD_Daemon *mhd;
 	const union MHD_DaemonInfo *info;
 	MHD_UNSIGNED_LONG_LONG to;
-	int i, r, n, s;
-	unsigned int flags = 0;
+	int i, r, n, s, o;
+	unsigned int flags;
 	struct pollfd pfds[20];
 
 	credset_create(&creds);
 	uidset_create(&uids, 50);
 
-	i = 1;
-	if (av[i] && !strcmp(av[i], "-s")) {
-		flags |= MHD_USE_TLS;
-		i++;
+	flags = 0;
+	while((o = getopt_long(ac, av, shortopts, longopts, NULL)) >= 0) {
+		switch (o) {
+		case 'h':
+			printhelp(av[0]);
+			break;
+		case 's':
+			flags |= MHD_USE_TLS;
+			break;
+		case 'u':
+			flags &= ~MHD_USE_TLS;
+			break;
+		default:
+			fprintf(stderr, "Bad option detected");
+			exit(1);
+			break;
+		}
 	}
 
+	/* open hosts */
+	s = (int)(sizeof pfds / sizeof *pfds);
+	n = 1;
+	if (!av[optind])
+		n += openhosts(getenv(ENVHOSTS)?:DEFAULTHOSTS, &pfds[n], s - n);
+	else 
+		while (av[optind])
+			n += openhosts(av[optind++], &pfds[n], s - n);
+	if (n == 0) {
+		fprintf(stderr, "not listening");
+		exit(1);
+	}
+
+	/* instanciate LMHD */
 	mhd = MHD_start_daemon(
 			  MHD_USE_EPOLL
 			| MHD_USE_DEBUG
@@ -772,43 +845,38 @@ void main(int ac, char **av)
 			flags ? MHD_OPTION_HTTPS_MEM_KEY : MHD_OPTION_END, key,
 			MHD_OPTION_HTTPS_MEM_CERT, cert,
 			MHD_OPTION_END);
-
 	if (NULL == mhd) {
-		fprintf(stderr, "cant't start http server\n");
+		fprintf(stderr, "cant't create http server\n");
 		exit(1);
 	}
 
+	/* add LMHD to polls */
         info = MHD_get_daemon_info(mhd, MHD_DAEMON_INFO_EPOLL_FD);
         if (info == NULL) {
 		fprintf(stderr, "cant't get http server\n");
                 MHD_stop_daemon(mhd);
 		exit(2);
         }
-
-	s = (int)(sizeof pfds / sizeof *pfds);
         pfds[0].fd = info->epoll_fd;
         pfds[0].events = POLLIN;
-	n = 1;
-
-	/* open hosts */
-	if (!av[i])
-		n += openhosts(getenv(ENVHOSTS)?:DEFAULTHOSTS, &pfds[n], s - n);
-	else 
-		while (av[i])
-			n += openhosts(av[i++], &pfds[n], s - n);
 
 	/* main loop */
         for(;;) {
+		/* get timeout */
                 if (MHD_get_timeout(mhd, &to) == MHD_NO)
                         i = -1;
                 else
                         i = (int)to;
+
+		/* wait */
                 r = poll(pfds, n,  i);
 		if (r < 0) {
 			fprintf(stderr, "poll error\n");
 			MHD_stop_daemon (mhd);
 			exit(3);
 		}
+
+		/* dispatch LMHD */
 		if (r == 0 || (pfds[0].revents & POLLIN))
                 	MHD_run(mhd);
 		if (pfds[0].revents & POLLHUP) {
@@ -817,6 +885,7 @@ void main(int ac, char **av)
 			exit(4);
 		}
 
+		/* dispatch connections listeners */
 		for (i = 1 ; i < n ; i++) {
 			if (pfds[i].revents & POLLIN)
 				makeconnection(mhd, pfds[i].fd);