CTD-592 add access key login to connectd installer (#140)

* CTD-592 added access key login method to connectd_installer

* CTD-592 more changes to support access key.  Not done yet.

* CTD-592-update URL for access key to production

* CTD-592 updated changelog and version in control file

* CTD-592 updating CI routines to add access key/secret test

* CTD-592-allow auto reg test to be skipped with env. variable

* CTD-592 fixing CI test for access key

* CTD-592 added sleep to login menu loop for debug

* CTD-592 debugging CI

* CTD-592 debugging CI

* CTD-592 debugging CI

* CTD-592 removed extra sleep statements

* CTD-592 debugging CI some more

* CTD-592 cleanup. bump versions, check dates

* CTD-592 updated changelog and copyright notice and fixed connectd_register

* CTD-592 little tweak on some curly brackets

* CTD-592 fixed a typo

* CTD-592 streamlined second pass of interactive test to save time

* CTD-592 making calls to check_service_counts() consistent

* CTD-592 added function run_test_and_check()

* CTD-592 added keystroke file to "remove all" with access key login.

* CTD-592 - build URL from $HOST and $URL_PATH

* CTD-592 added back 4 inadvertently deleted lines

* CTD-592 added missing "$"

Author: Digital-Larry

connectd/DEBIAN/control

@@ -1,5 +1,5 @@
 Package: connectd
-Version: 2.5.38
+Version: 2.6.39
 Section: non-free/net
 Priority: optional
 Homepage: https://remote.it

connectd/usr/bin/connectd_installer

@@ -9,12 +9,16 @@
 #
 
 ##### Settings #####
-VERSION=v2.0.5
+VERSION=v2.6.6
 AUTHOR="Gary Worsham"
-MODIFIED="April 13, 2019"
+MODIFIED="April 24, 2021"
 
 USERNAME=""
 PASSWORD=""
+# access key and secret are available in account page and can be used
+# when user has Google login only
+ACCESSKEY=""
+KEYSECRET=""
 AUTHHASH="REPLACE_AUTHHASH"
 DEVELOPERKEY=""
 MAXSEL=6

connectd/usr/bin/connectd_library

@@ -6,12 +6,12 @@
 #  attachment services for tcp listeners.
 #  Interactive and preconfigured modes supported.
 #
-#  Copyright (C) 2019-2020 remot3.it, Inc. All rights reserved.
+#  Copyright (C) 2019-2021 remot3.it, Inc. All rights reserved.
 
 ##### Settings #####
-LIBVERSION=lib_v2.1.26
+LIBVERSION=lib_v2.6.29
 AUTHOR="Gary Worsham"
-LIBMODIFIED="November 10, 2020"
+LIBMODIFIED="April 24, 2021"
 GREPFLAGS=
 apikey="remote.it.developertoolsHW9iHnd"
 
@@ -48,6 +48,19 @@ projectCreateURL="${apiMethod}${apiServer}${apiVersion}"/project/create
 projectFileLinkURL="${apiMethod}${apiServer}${apiVersion}"/project/provisioning
 
 # ----------------------------------------
+# the variables in this section are used by the login by access key function only.
+key_alias=""
+secret_base64=""
+HOST="device.remote.it"
+URL_PATH="api/user/info"
+URL="https://${HOST}/${URL_PATH}"
+DATA=""
+VERB="GET"
+CONTENT_TYPE="application/json"
+LC_VERB=`echo "${VERB}" | tr '[:upper:]' '[:lower:]'`
+CONTENT_LENGTH=0
+#
+#
 ##### End Settings #####
 
 ##### Version #####
@@ -983,22 +996,25 @@ askRegisterLogin()
 #        printf "\n\n"
         printf "********************* Sign In Menu *********************\n"
         printf "                                                      \n"
-        printf "     1) Sign in to your remote.it account    \n"
-        printf "     2) Exit                                          \n"
+        printf "     1) Sign in to your remote.it account with username and password   \n"
+        printf "     2) Sign in to your remote.it account with access key and secret   \n"
+        printf "     3) Exit                                          \n"
         printf "                                                      \n"
         printf "********************************************************\n"
         printf "*  To create a remote.it account, please visit         *\n"
         printf "*  https://remote.it                                   *\n"
         printf "********************************************************\n\n"
-
-        getNumRange 1 2 "Choose a menu selection"   
+        getNumRange 1 3 "Choose a menu selection"   
         get_num="$getNumRangeValue"
         debug "get_num: $get_num"
 
         if [ "$get_num" = 1 ]; then
 		userLogin
 		testLogin
         elif [ "$get_num" = 2 ]; then
+		userLogin key
+                debug "token: $token"
+        elif [ "$get_num" = 3 ]; then
 	    if ask "Are you sure?"; then
 		exit 0
 	    fi
@@ -1008,69 +1024,110 @@ askRegisterLogin()
 ######### End askRegisterLogin #########
 
 ######### Begin Portal Login #########
-userLogin() #Portal login function
+# if parameter "key" is passed in, then it uses access key and secret
+# otherwise it uses account username and password.
+#
+userLogin() 
 {
-#    echo "connectd_library Username = $USERNAME Password = $PASSWORD"
-
-    if [ "$USERNAME" != "" ]; then 
-	username="$USERNAME"
-    else        
-	printf "Please enter your remote.it Username (e-mail address): \n"
-	read username
-    fi
-    if [ "$AUTHHASH" != "REPLACE_AUTHHASH" ]; then
-	authhash="$AUTHHASH"
+# use access key and secret
+
+    if [ "$1" = "key" ]; then
+        if [ "$ACCESSKEY" != "" ]; then 
+	    key_alias="$ACCESSKEY"
+        else        
+	    printf "Please enter your remote.it access key: \n"
+	    read key_alias
+        fi
+        if [ "$KEYSECRET" != "" ]; then 
+	    secret_base64="$KEYSECRET"
+        else        
+	    printf "Please enter your remote.it access key secret: \n"
+	    read secret_base64
+        fi
+# use account username and password
     else
-        if [ "$PASSWORD" != "" ]; then
-	    password="$PASSWORD"
+        if [ "$USERNAME" != "" ]; then 
+            username="$USERNAME"
+        else        
+	    printf "Please enter your remote.it Username (e-mail address): \n"
+	    read username
+        fi
+        if [ "$AUTHHASH" != "REPLACE_AUTHHASH" ]; then
+	    authhash="$AUTHHASH"
         else
+            if [ "$PASSWORD" != "" ]; then
+	        password="$PASSWORD"
+            else
 	# use stty to suppress password, if stty exists.
-            if [ "$(which stty)" != "" ]; then
-                stty -echo
-	    fi
-	    printf "\nPlease enter your remote.it password: \n"
-	    password=""
-	    read password
-           if [ "$(which stty)" != "" ]; then
-                stty echo
-	    fi
-        fi
+                if [ "$(which stty)" != "" ]; then
+                    stty -echo
+	        fi
+	        printf "\nPlease enter your remote.it password: \n"
+	        password=""
+	        read password
+                if [ "$(which stty)" != "" ]; then
+                    stty echo
+	        fi
+            fi
+       fi
+       debug $username $password $authhash
    fi
-   debug $username $password $authhash
    signInAPI
 }
 ######### End Portal Login #########
 
 ####### SignInAPI ###################
 signInAPI()
 {
-    debug "U:$username P:$password A:$authhash D:$apikey"
-    # if AUTHHASH is REPLACE_AUTHHASH it means user just wants to use password
-    if [ "$AUTHHASH" = "REPLACE_AUTHHASH" ]; then
-          resp=$(curl ${CURL_OPTS} 'POST' -H "apikey:$apikey" -H "Content-Type:application/json" -H "Cache-Control:no-cache" -d "{ \"username\" : \"$username\", \"password\" : \"$password\" }" "$loginURL" 2> "$TMP_DIR"/.curlerr)
+    if [ "$key_alias" != "" ]; then
+        DATE=$(LANG=en_US date "+%a, %d %b %Y %H:%M:%S %Z")
+# note that the formatting of the SIGNING_STRING is critical and should not be changed.
+        SIGNING_STRING="(request-target): ${LC_VERB} /${URL_PATH}
+host: ${HOST}
+date: ${DATE}
+content-type: ${CONTENT_TYPE}
+content-length: ${CONTENT_LENGTH}"
+        SECRET=`echo ${secret_base64} | base64 --decode`
+        SIGNATURE=`echo -n "${SIGNING_STRING}" | openssl dgst -binary -sha256 -hmac "${SECRET}" | base64`
+        SIGNATURE_HEADER="Signature keyId=\"$key_alias\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"${SIGNATURE}\""
+        resp=$(curl -s -X ${VERB} -H "Authorization:${SIGNATURE_HEADER}" -H "apikey:${apikey}" -H "Date:${DATE}" -H "Content-Type:${CONTENT_TYPE}" ${URL} -d "${DATA}" --insecure 2> "$TMP_DIR"/.curlerr)
+        debug "Resp = $resp"
+        checkAPIResult "${URL}" "$resp"
+        status=$(jsonval "$resp" 'status')
+        if [ "$status" = 'true' ]; then
+            token=$(jsonval "$resp" "token")
+            debug "Login token: $token"
+        else
+            exit 1
+        fi
     else
+        # if AUTHHASH is REPLACE_AUTHHASH it means user just wants to use password
+        if [ "$AUTHHASH" = "REPLACE_AUTHHASH" ]; then
+            resp=$(curl ${CURL_OPTS} 'POST' -H "apikey:$apikey" -H "Content-Type:application/json" -H "Cache-Control:no-cache" -d "{ \"username\" : \"$username\", \"password\" : \"$password\" }" "$loginURL" 2> "$TMP_DIR"/.curlerr)
+        else
              resp=$(curl ${CURL_OPTS} 'POST' -H "apikey:$apikey" -H "Content-Type:application/json" -H "Cache-Control:no-cache" -d "{ \"username\" : \"$username\", \"authhash\" : \"$AUTHHASH\" }" "$loginAuthURL" 2> "$TMP_DIR"/.curlerr)
-    fi
+        fi
 #    checkAPIResult 'login' "$resp"
 
-    debug "Resp = $resp"
-    status=$(jsonval "$resp" 'status')
-    debug "Status = $status"
-    if [ "$status" = 'true' ]; then
-	token=$(jsonval "$resp" "token")
-        debug "Login token: $token"
-    else
-    	noSuchUser=$(echo "$resp" | grep "missing user" | sed 's/"//g')
+        debug "Resp = $resp"
+        status=$(jsonval "$resp" 'status')
+        debug "Status = $status"
+        if [ "$status" = 'true' ]; then
+	    token=$(jsonval "$resp" "token")
+            debug "Login token: $token"
+        else
+    	    noSuchUser=$(echo "$resp" | grep "missing user" | sed 's/"//g')
         # look for [0102] api return for invalid login
-    	loginFailed=$(echo "$resp" | grep "\[0102\]" | sed 's/"//g')
-    	slimError=$(echo "$resp" | grep "Slim Application Error" | sed 's/"//g')
+    	    loginFailed=$(echo "$resp" | grep "\[0102\]" | sed 's/"//g')
+    	    slimError=$(echo "$resp" | grep "Slim Application Error" | sed 's/"//g')
 # 404 is triggered when you enter some special character in e-mail.  this specific search may fail if API
 # "$apiServer" is moved
-    	login404=$(echo "$resp" | grep "404 Page Not Found" | sed 's/"//g')
-    	login400=$(echo "$resp" | grep "400 Bad Request" | sed 's/"//g')
-    	apikeyerror=$(echo "$resp" | grep "The API application key is invalid" | sed 's/"//g')
-        devkeyerror=$(echo "$resp" | grep "api key failed validation" | sed 's/"//g')
-	debug "Login Error: $noSuchUser $loginFailed $slimError $login404 $login400 $apikeyerror $devkeyerror" 
+    	    login404=$(echo "$resp" | grep "404 Page Not Found" | sed 's/"//g')
+    	    login400=$(echo "$resp" | grep "400 Bad Request" | sed 's/"//g')
+    	    apikeyerror=$(echo "$resp" | grep "The API application key is invalid" | sed 's/"//g')
+            devkeyerror=$(echo "$resp" | grep "api key failed validation" | sed 's/"//g')
+	    debug "Login Error: $noSuchUser $loginFailed $slimError $login404 $login400 $apikeyerror $devkeyerror" 
+        fi
     fi
     # invalid cert can happen if system date is set to before current date
     invalidCert=$(grep "SSL certificate problem" "$TMP_DIR"/.curlerr)

connectd/usr/bin/connectd_register

@@ -35,8 +35,14 @@ DEBUG="1"
 USERNAME=""
 PASSWORD=""
 AUTHHASH="REPLACE_AUTHHASH"
+ACCESSKEY=""
+KEYSECRET=""
 APIKEY="remote.it.developertoolsHW9iHnd"
-
+# set USEACCESSKEY=1 to use Access Key and Secret
+# Access Keys and secrets can be set in the Account area of the web portal at
+# https://remote.it
+# by default, USEACCESSKEY=0 and this script will use your account username and password.
+USEACCESSKEY=0
 #==================================================================================
 # include all of the registration functions
 
@@ -55,15 +61,25 @@ main()
 	      exit 1
     fi
 #-----------------------------------------------------------------------
-
-    if [ "$1" != "" ]; then
-        USERNAME=$1
-    fi
-    if [ "$2" != "" ]; then
-        PASSWORD=$2
+    if [ "$USEACCESSKEY" = "0" ]; then
+        if [ "$1" != "" ]; then
+            USERNAME=$1
+        fi
+        if [ "$2" != "" ]; then
+            PASSWORD=$2
+        fi
+        userLogin
+        testLogin
+    else
+        if [ "$1" != "" ]; then
+            ACCESSKEY=$1
+        fi
+        if [ "$2" != "" ]; then
+            KEYSECRET=$2
+        fi
+        userLogin key
+        testLogin
     fi
-    userLogin
-    testLogin
 
 # =============================================    
 # $SERVICEBASENAME is the base name of all installed services installed

connectd/usr/share/doc/connectd/changelog.gz

@@ -7,11 +7,11 @@ Modified Work Copyright (C) 2018 remot3.it, Inc. <[email protected]>
 License: MIT
 
 Files: *
-Copyright (C) 2020 remot3.it, Inc. <[email protected]>
+Copyright (C) 2021 remot3.it, Inc. <[email protected]>
 License: BSD-3-Clause
 
 Files: debian/*
-Copyright (C) 2020 remot3.it, Inc. <[email protected]>
+Copyright (C) 2021 remot3.it, Inc. <[email protected]>
 License: BSD-3-Clause
 
 License: BSD-3-Clause

connectd/usr/share/doc/connectd/copyright

@@ -2,11 +2,18 @@
 # auto-test.sh
 # script to test auto registration and present summary at end
 
-ver=2.1.14
-MODIFIED="June 21, 2020"
+ver=2.6.16
+MODIFIED="April 24, 2021"
 SCRIPT_DIR="$(cd $(dirname $0) && pwd)"
 TEST_DIR="$SCRIPT_DIR"
 
+# use the CI_SUPPRESS_AUTO_TEST environment variable to skip the auto test
+# because it takes a long time.  During test development anyway.
+if [ "${CI_SUPPRESS_AUTO_TEST}" != "" ]; then
+    exit 0
+fi
+
+
 sudo -E "$TEST_DIR"/auto-reg-test.sh  | tee /tmp/auto-reg-result.txt
 grep "failed" /tmp/auto-reg-result.txt
 if [ $? -eq 0 ]; then

test/Auto_Registration/auto-test.sh

@@ -0,0 +1,8 @@
+2
+SERVICENAME-_ device
+1
+1
+y
+SERVICENAME-_ ssh
+5
+y

test/Interactive/configure-01-ak.key

@@ -0,0 +1,7 @@
+2
+1
+2
+y
+SERVICENAME-web
+5
+y