Initial Commit

AGPLv3 Veröffentlichung gemäß Dienstanweisung vom 15. August 2018.

Initial Commit
72b6b9f4 · Timm Fitschen · 72b6b9f4 · 72b6b9f4 · 72b6b9f4 · 72b6b9f4
Commit 72b6b9f4 authored 6 years ago by Timm Fitschen
--- a/.gitignore
+++ b/.gitignore
+# configuration files
+/conf/*
+!/conf/*.template
+# dot files but not .gitignore
+.*
+!/.gitignore
+!/.gitlab-ci.yml
+# java keystore
+*.jks
+# typical build dirs
+bin/
+target/
+# eclipse stuff
+.classpath
+.project
+.settings
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+stages:
+    - setup
+    - code-generation
+    - build
+    - test
+    - clean
+##########
+# SETUP
+##########
+# delete local maven repo to be sure all packages are still maintained by the maven repos
+setup:mvn:
+    tags: [ linux ]
+    stage: setup
+    script:
+        - make easy-units
+        - mvn dependency:purge-local-repository
+##################
+# Code-generation
+##################
+# generate parsing classes with antlr
+code-generation:antlr:
+    tags: [ linux ]
+    stage: code-generation
+    artifacts:
+        paths:
+            - target/generated-sources/antlr4/
+    script:
+        - mvn antlr4:antlr4
+#########
+# Build
+#########
+# compile the server
+build:server:
+    tags: [ linux ]
+    stage: build
+    dependencies:
+        - code-generation:antlr
+    artifacts:
+        paths:
+            - target/classes/
+    script:
+        - mvn compile
+########
+# Test
+########
+# junit tests for the server
+test:server:
+    tags: [ linux ]
+    stage: test
+    dependencies:
+        - build:server
+    script:
+        - mvn test
+###########
+# Clean
+###########
+clean:mvn:
+    tags: [ linux ]
+    stage: clean
+    when: always
+    dependencies: []
+    script:
+        - mvn clean
--- a/LICENSE.md
+++ b/LICENSE.md
--- a/README.md
+++ b/README.md
+# Welcome
+This is the **CaosDB Server** repository and a part of the CaosDB project.
+# Setup
+Please read the [README_SETUP.md](README_SETUP.md) for instructions on how to
+setup this code.
+# Further Reading
+Please refer to the [official gitlab repository of the CaosDB
+project](https://gitlab.gwdg.de/bmp-caosdb/caosdb) for more information.
+# License
+Copyright (C) 2018 Research Group Biomedical Physics, Max Planck Institute for
+Dynamics and Self-Organization Göttingen.
+All files in this repository are licensed under a [GNU Affero General Public
+License](LICENCE.md) (version 3 or later).
--- a/README_SETUP.md
+++ b/README_SETUP.md
+# First Setup
+After a fresh clone of the repository, this is what you need to setup the server:
+1. It is recommended to run the unit tests with `make test`
+2. Copy `conf/server.conf.template` to `conf/server.conf` and change it
+   appropriately:
+    * Setup for MySQL back-end: Assuming that the mysql back-end is installed,
+      specify the fields `MYSQL_USER_NAME`, `MYSQL_USER_PASSWORD`,
+      `MYSQL_DATABASE_NAME`, and `MYSQL_HOST`.
+    * Setup the SSL certificate: Assuming that there is an appropriate `Java
+      Key Store` file, change the fields `CERTIFICATES_KEY_PASSWORD`,
+      `CERTIFICATES_KEY_STORE_PATH`, and `CERTIFICATES_KEY_STORE_PASSWORD`.
+    * Select a path for the file system and set the fields `FILE_SYSTEM_ROOT`,
+      `DROP_OFF_BOX`, and `TMP_FILES`.
+    * Maybe set another `SESSION_TIMEOUT_MS`.
+3. Copy `conf/usersources.ini.template` to `conf/usersources.ini`.
+    * Define the users/groups who you want to include/exclude.
+    * Assign at least one user the `administration` role.
+    * It is important, that the file complies with the ini file specification.
+      Especially, that there are no `properties` (aka `keys`) without a
+      `value`. An emtpy value can be represented by `""`. Comments are
+      everything from `#` or `;` to the end of the line.
+4. Install the pam caller in `misc/pam_authentication/`. See
+   [the pam authentication README](misc/pam_authentication/README.md)
+Done!
+# Start Server
+`$ make run`
+# Run Unit Tests
+`$ make test`
+# Setup Eclipse
+1. Open Eclipse (recommended version: Oxygen.1a Release (4.7.1a))
+2. `File > New > Java Project`: Choose a project name and specify the location
+   of this repo. The JRE and Project layout should be configured automatically.
+   Now, the project should initially have two source-folders: `./src/main/java`
+   and `./src/test/java`. After a build, another one,
+   `./target/generated-sources/antlr4` should be generated. If there are more
+   than these three source-folders, reconfigure the projects source folders
+   appropriately with `Project > Properties > Java Build Path > Source`.
+3. In the `Package Explorer` view, right-click on the project and `Configure > Convert to Maven Project`.
+4. In the `Package Explorer` view, right-click on the project and `Maven > Update Project`.
+5. Usually a build of the project is started automatically. Otherwise `Project > Build Project`.
+Done!
--- a/conf/server.conf.template
+++ b/conf/server.conf.template
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+# MySQL
+MYSQL_USER_NAME = {mysql-user-name}
+MYSQL_USER_PASSWORD = {mysql-user-password}
+MYSQL_DATABASE_NAME = {mysql-database_name}
+MYSQL_HOST = {mysql-host}
+# (HTTP will be redirected to HTTP)
+SERVER_PORT_HTTP = {server-port-http}
+SERVER_PORT_HTTPS = {server-port-https}
+# about certificates needed for HTTPS auth
+CERTIFICATES_KEY_PASSWORD = {certificates-key-password}
+CERTIFICATES_KEY_STORE_PATH = {certificates-key-store-path}
+CERTIFICATES_KEY_STORE_PASSWORD = {certificates-key-store-password}
+# Location of the internal file storage
+FILE_SYSTEM_ROOT = {file-system-root}
+DROP_OFF_BOX = {drop-off-box}
+TMP_FILES = {tmp-files}
+SESSION_TIMEOUT_MS = 43200000
--- a/conf/usersources.ini.template
+++ b/conf/usersources.ini.template
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+realms = PAM
+defaultRealm = PAM
+[PAM]
+class = caosdb.server.accessControl.Pam
+default_status = ACTIVE
+;include.user = [uncomment and put your users here]
+;include.group = [uncomment and put your groups here]
+;exclude.user = [uncomment and put excluded users here]
+;exclude.group = [uncomment and put excluded groups here]
+;it is necessary to add at least one admin
+user.{a user}.roles = administration
--- a/lib/easy-units-0.0.1-SNAPSHOT-jar-with-dependencies.jar
+++ b/lib/easy-units-0.0.1-SNAPSHOT-jar-with-dependencies.jar
--- a/makefile
+++ b/makefile
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+run: compile
+	mvn exec:exec
+run-debug: compile
+	mvn exec:exec -Dexec.args="-classpath %classpath -Djava.util.logging.config.file=./conf/logging.conf caosdb.server.CaosDBServer silent debug"
+compile: easy-units
+	mvn compile
+run-nobackend:
+	mvn exec:exec -Dexec.args="-classpath %classpath -Djava.util.logging.config.file=./conf/logging.conf caosdb.server.CaosDBServer silent debug nobackend insecure"
+start-portforwarding:
+	sudo iptables -t nat -N CAOSDB
+	sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -g CAOSDB
+	sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -g CAOSDB
+	sudo iptables -t nat -A CAOSDB -p tcp --dport 80 -j REDIRECT --to-port $$(grep "SERVER_PORT_HTTP[^S]" conf/server.conf | grep -o -e "[0-9]*")
+	sudo iptables -t nat -A CAOSDB -p tcp --dport 443 -j REDIRECT --to-port $$(grep "SERVER_PORT_HTTPS" conf/server.conf | grep -o -e "[0-9]*")
+stop-portforwarding:
+	sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -g CAOSDB
+	sudo iptables -t nat -D PREROUTING -p tcp --dport 443 -g CAOSDB
+	sudo iptables -t nat -F CAOSDB
+	sudo iptables -t nat -X CAOSDB
+antlr:
+	mvn antlr4:antlr4
+test: easy-units
+	mvn test
+clean: clean-antlr
+	mvn clean
+	rm -rf .m2-local
+clean-antlr:
+	rm -rf target/generated-sources/antlr4/
+run-debug-screen:
+	# start and wait for server
+	@screen -L -S caosdb-screen -t server -d -m -A make run-debug
+	@sleep 2
+	@while [ 1 -eq 1 ] ; do \
+		screen -S caosdb-screen -X hardcopy .screen.log || break ; \
+		[ $$(grep -c "org.restlet.ext.jetty.JettyServerHelper start" .screen.log) -eq 0 ] || break ; \
+	done; \
+stop-debug-screen:
+	# stop screen session with debug server
+	@screen -S caosdb-screen -X hardcopy screen.log || true
+	@screen -S caosdb-screen -p server -X stuff "^C"
+.m2-local:
+	mkdir .m2-local
+easy-units: .m2-local
+	mvn deploy:deploy-file -DgroupId=de.timmfitschen -DartifactId=easy-units -Dversion=0.0.1-SNAPSHOT -Durl=file:./.m2-local/ -DrepositoryId=local-maven-repo -DupdateReleaseInfo=true -Dfile=./lib/easy-units-0.0.1-SNAPSHOT-jar-with-dependencies.jar
--- a/misc/check_symlinks/check_symlinks
+++ b/misc/check_symlinks/check_symlinks
+#!/bin/bash
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+function is_dir_in(){
+    [ -d "$2/$1" ]
+}
+function has_symlink_in_dir(){
+    [ -L "$2/$1" ]
+}
+function symlink_ok(){
+    [ -e "$1" ]
+}
+function is_empty(){
+    [[ -z "$(find -L $1 -type f)" ]] 
+}
+IFS=$(echo -en "\n\b")
+function check_recursively() {
+    local symlink_dir=$1
+    local orig_dir=$2
+    # check if all symlinks are unbroken
+    for symlink in $(find $symlink_dir -maxdepth 1 -mindepth 1 -type l)
+    do 
+        if ! symlink_ok $symlink
+        then
+            echo -e "[ERROR broken link]\n\t$symlink is broken link."
+        fi
+    done
+    # check if a symlink exists for all files
+    for file in $(find $orig_dir -maxdepth 1 -mindepth 1 -type f)
+    do
+        local filename=$(basename "$file")
+        if ! has_symlink_in_dir $filename $symlink_dir
+        then 
+            echo -e "[ERROR unlinked file]\n\t$filename has no symlink in $symlink_dir."
+        fi
+    done
+    # check if a directory exists for all directories
+    for subdir in $(find $orig_dir -maxdepth 1 -mindepth 1 -type d)
+    do
+        if ! is_empty $subdir
+        then
+            local dirname=$(basename "$subdir")
+            if ! is_dir_in $dirname $symlink_dir and ! is_empty $subdir 
+            then
+                echo -e "[ERROR missing dir]\n\t$dirname is not in $symlink_dir."
+            else
+                check_recursively $symlink_dir/$dirname $subdir
+            fi
+        else
+            echo "$subdir is empty"
+        fi
+    done
+}
+check_recursively ${1%/} ${2%/}
--- a/misc/chown_script/README
+++ b/misc/chown_script/README
+* The chown_script for the caosdb DropOffBox.
+* @author: Timm Fitschen (timm.fitschen@ds.mpg.de)
+* @date: 2015-10-12
+========================= README ==============================
+*** INSTALL ***
+run ./install [-s]
+The optional `-s` means that the install script will not request any input from the user. In this case all parameters need to be defined in the CONFIG file.
+*** UNINSTALL ***
+run ./uninstall 
+This script is generated by the install script and removes the generated files.
+*** CONFIG file ***
+COPY this into a file called "CONFIG" (upper case) and edit it to your own needs:
+--- copy below this line ---
+#This config file defines the parameters needed for the installation as a KEY/VALUE list. A line beginning with `#` will be ignored.
+#DB_USER is the unix user who runs the caosdb server
+DB_USER=caosdb
+#LOC_DROPOFFBOX is the directory of the DropOffBox. ATTENTION: The path must not end with `/`!
+LOC_DROPOFFBOX=/path/to/dropOffBox
+#LOC_SUDOERS is a directory which files are included by the sudoers file. ATTENTION: The path must not end with `/`!
+LOC_SUDOERS=/etc/sudoers.d
+#LOC_PREFIX is the folder which the caosdb_chown_script is stored to. ATTENTION: The path must not end with `/`!
+LOC_PREFIX=/usr/local/sbin
+--- copy above this line ---
--- a/misc/chown_script/chown_script_template
+++ b/misc/chown_script/chown_script_template
+#!/bin/bash
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+LOC_DROPOFFBOX=$(awk < ./conf/server.conf '{ if ($1 == "DROP_OFF_BOX") print $3 }')
+DB_USER=__DB_USER__
+DB_GROUP=__DB_GROUP__
+CMD_CHOWN=__CMD_CHOWN__
+if [[ "$1" = "--test" ]]; then
+    exit 0
+fi
+# Tests whether file/folder is in the DropOffBox. 
+# This does not actually test whether the file/folder exists!
+# @return: true/false
+function file_is_in_DropOffBox {
+    # $1 : absolute filename
+    if [ "${1##$LOC_DROPOFFBOX}" != "${1}" ]; then
+        true
+    else
+        false
+    fi
+}
+# Echoes the absolute filename (in case a relative path is given).
+# @return: absolute filename
+function get_abs_filename {
+    # $1 : relative filename
+    if [ -d "$(dirname "$1")" ]; then
+        echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
+    fi
+}
+# one argument expected.
+if [[ $# -ne 1 ]]; then
+	# wrong number of arguments -> exit with error.
+	>&2 echo "One argument expected."
+	exit 1
+fi
+# file exists?
+if [ ! -e $1 ]; then
+	# file does not exist -> exit with error.
+	>&2 echo "File $1 does not exist."
+	exit 2
+fi
+# convert to absolute path
+FILE_PATH=$(get_abs_filename $1)
+# file in DropOffBox?
+if ! file_is_in_DropOffBox $FILE_PATH ; then
+    # file not in DropOffBox -> exit with error 
+	>&2 echo "File is not in DropOffBox."
+    exit 3
+fi
+# make $DB_USER the file-owner and 
+$CMD_CHOWN -R $DB_USER:$DB_GROUP $FILE_PATH
--- a/misc/chown_script/install
+++ b/misc/chown_script/install
+#!/bin/bash
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+DB_USER=caosdb
+LOC_SUDOERS=/etc/sudoers.d
+LOC_PREFIX=/usr/local/sbin
+CMD_CHOWN=chown
+SCRIPT_TMP=chown_script_template
+# silent mode???
+if [[ "$1" = "-s" ]]; then 
+    SILENT="yes"
+fi
+# remove old files
+if [ -r uninstall ]; then
+    source uninstall > /dev/null
+fi
+# load config if existent
+if [ -e CONFIG ]; then
+    source CONFIG
+fi
+# check if all parameters are defined and valid
+function check_parameters {
+    if [ ! -e $LOC_DROPOFFBOX ]; then
+        >&2 echo "DropOffBox $LOC_DROPOFFBOX does not exist."
+        exit 11
+    fi
+    if [ ! -e $LOC_PREFIX ]; then
+        >&2 echo "$LOC_PREFIX does not exist."
+        exit 12
+    fi
+    if [ ! -e $LOC_SUDOERS ]; then
+        >&2 echo "$LOC_SUDOERS does not exist."
+        exit 13
+    fi
+    local ret=false
+    getent passwd $DB_USER >/dev/null 2>&1 && ret=true
+    if [[ $ret = false ]]; then
+        >&2 echo "User $DB_USER does not exist."
+        exit 14
+    fi
+}
+# Echoes the absolute filename (in case a relative path is given).
+# @return: absolute filename
+function get_abs_filename {
+    # $1 : relative filename
+    if [ -d "$(dirname "$1")" ]; then
+        echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
+    fi
+}
+# Promt for an input by the user (fancily).
+# @arg $1: A description of the variable that the user has to specify.
+# @arg $2: The name of the global variable the return value is to be stored in.
+# @arg $3: Optional "-f". Indicates, that the user has to specify a file/folder. 
+#          In this case, the tab completion is enabled, the existens of the
+#          file/folder is tested, and relative paths are converted to absolute ones.
+function prompt {
+    if [[ "$SILENT" = "yes" ]]; then
+        return 0
+    fi
+    local __ret=$2
+    local default=$(eval echo \${$2})
+    local new_val
+    if [[ "$3" = "-f" ]]; then 
+        local par="-e" 
+    fi
+	while [[ 0 = 0 ]]; do
+        if [[ -z "$default" ]]; then
+            PROMPT="Please insert $1: "
+            read $par -p "${PROMPT}" new_val
+        else 
+            PROMPT="Please insert $1 or press ENTER for default [$default]: "
+            read $par -p "${PROMPT}" new_val
+            if [[ -z "$new_val" ]]; then                
+                new_val=$default
+                echo -en "\033[1A\033[2K"
+                echo $PROMPT $new_val
+            fi
+        fi
+        if [[ -z "$new_val" ]]; then
+            # no value -> repeat while loop
+            continue
+        fi
+        if [[ "$3" = "-f" ]]; then
+            # check whether file exists
+            if [ ! -e "$new_val" ]; then
+                # file does not exist -> repeat
+                echo "Directory/file does not exist. "
+                continue
+            fi
+        fi
+        # no problem occured -> leave while loop
+        break
+    done
+    eval $__ret="'$new_val'"
+}
+# make sure this is root
+[[ $(id -u) -eq 0 ]] || ! echo "You need to run this script as a root user." || exit 1
+# make sure sudo is installed
+sudo -v
+if [[ ! $? -eq 0 ]]; then 
+	>&2 echo -e "\ncommand 'sudo -v' failed. Did you install sudo?"
+	exit 1
+fi
+# promt for dbuser
+# default: caosdb
+prompt "the unix user which who runs the caosdb server" DB_USER
+# TODO
+DB_GROUP=$DB_USER
+# promt for sudoers.d
+# default: /etc/sudoers.d/
+prompt "the location of sudoers.d" LOC_SUDOERS -f
+LOC_SUDOERS=$(get_abs_filename $LOC_SUDOERS)
+LOC_SUDO_SCRIPT="${LOC_SUDOERS}/caosdb_chown_script"
+# promt for prefix
+# default: /usr/local/sbin/
+prompt "the location of the script which is to be generated" LOC_PREFIX -f
+LOC_PREFIX=$(get_abs_filename $LOC_PREFIX)
+LOC_SCRIPT="${LOC_PREFIX}/caosdb_chown_dropoffbox"
+check_parameters
+# print info:
+echo -e "\nDB_USER=$DB_USER"
+echo "DB_GROUP=$DB_GROUP"
+echo "LOC_SUDO_SCRIPT=$LOC_SUDO_SCRIPT"
+echo "LOC_SCRIPT=$LOC_SCRIPT"
+echo "CMD_CHOWN=$CMD_CHOWN"
+echo -e "\n"
+prompt "continue? [yes/no]" CONT
+if [[ -n $CONT && "$CONT" != "yes" ]]; then
+    echo "Installation aborted by the user."
+    exit 0 
+fi
+echo '#!/bin/bash' > uninstall
+echo '[[ $(id -u) -eq 0 ]] || ! echo "You need to run this script as a root user." || exit 1' >> uninstall
+echo "rm $LOC_SCRIPT" >> uninstall 
+echo "unlink ${LOC_SCRIPT##$LOC_PREFIX/}" >> uninstall
+echo "rm $LOC_SUDO_SCRIPT" >> uninstall  
+echo 'rm uninstall' >> uninstall
+echo 'echo -e "\nDone."' >> uninstall
+chmod ug+x uninstall
+# configure script and store it
+awk "BEGIN { 
+  rep[\"__DB_USER__\"] = \"$DB_USER\"; 
+  rep[\"__DB_GROUP__\"] = \"$DB_GROUP\"; 
+  rep[\"__CMD_CHOWN__\"] = \"$CMD_CHOWN\"  
+ }
+ {
+   for (key in rep) {
+    gsub(key, rep[key])
+   }
+   print
+ }" < $SCRIPT_TMP > $LOC_SCRIPT
+# create symbolic link in working directory
+ln -s $LOC_SCRIPT
+# chown/chgrp to root
+$CMD_CHOWN root:root $LOC_SCRIPT
+# chmod 500 script
+chmod 500 $LOC_SCRIPT
+## configure sudo
+echo -en "# Generated by caosdb install script. Do not edit!
+# CONTACT: Timm Fitschen (timm.fitschen@ds.mpg.de)
+# DATE: 2015-10-09
+$DB_USER ALL = (root) NOPASSWD: $LOC_SCRIPT
+" > $LOC_SUDO_SCRIPT
+$CMD_CHOWN root:root $LOC_SUDO_SCRIPT
+chmod 440 $LOC_SUDO_SCRIPT
+# some tests
+. test_functions
+test1
+echo -e "\nDone."
--- a/misc/chown_script/test_functions
+++ b/misc/chown_script/test_functions
+#!/bin/bash
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+# create file in dropoffbox, owned by root, change-mod/own/grp to dbuser
+function test1 {
+    echo -n "Test 1 "
+    local FILENAME=$LOC_DROPOFFBOX/chmod_test.dat
+    echo "blablabla" > $FILENAME
+    $CMD_CHOWN root:root $FILENAME
+    if [ ! -e $FILENAME ]; then
+        echo "[FAILED] - could not create a testfile in the DropOffBox."
+        return 1
+    fi
+    local lsstr=$(ls -la $FILENAME)
+    local matchlen=$(expr match "$lsstr" "[-drwx]\{10\}\s[0-9]*\sroot\sroot\s[0-9]")
+    if [ $matchlen -lt 24 ]; then
+        echo -e "[FAILED] - 'ls -la' did not indicate that the owner was root at the beginning of this test."
+        rm $FILENAME
+        return 2
+    fi
+    sudo -u $DB_USER -H sh -c "sudo $LOC_SCRIPT $FILENAME" 
+    local lsstr=$(ls -la $FILENAME)
+    local matchlen=$(expr match "$lsstr" "[-drwx]\{10\}\s[0-9]*\s$DB_USER\s$DB_GROUP\s[0-9]")
+    if [ $matchlen -lt 18 ]; then
+        echo -e "[FAILED] - 'ls -la' did not indicate that the owner has changed successfully."
+        rm $FILENAME
+        return 3
+    fi
+    rm $FILENAME
+    echo "[OK]"
+    return 0
+}
--- a/misc/mv_unknown_files_script/mv_unknown_files
+++ b/misc/mv_unknown_files_script/mv_unknown_files
+#!/bin/bash
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+grep ": Unknown file." $1 | sed 's/<Warning.*tion="//' | sed 's/:\sUnknown.*//' | awk '{ print "move ", $1 }'
--- a/misc/pam_authentication/README.md
+++ b/misc/pam_authentication/README.md
+# Install
+`$ make`
+## Troubleshooting
+* In the case that the install fails with `pam_authentication.c:4:31: fatal
+  error: security/pam_appl.h: No such file or directory` the header files are
+  probably not installed. You can do so under debian and ubuntu with `# apt-get
+  install libpam0g-dev`. Then try again.
+# Run Tests
+`$ pam_authentication.sh asdf asdf` should print `[FAILED]` and return with a
+non-zero exit code.
--- a/misc/pam_authentication/makefile
+++ b/misc/pam_authentication/makefile
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+# Makefile for pam_authentication.c
+main: pam_authentication.c
+	mkdir ./bin
+	gcc -o ./bin/pam_authentication pam_authentication.c -lpam -lpam_misc
--- a/misc/pam_authentication/pam_authentication.c
+++ b/misc/pam_authentication/pam_authentication.c
+/*
+ * ** header v3.0
+ * This file is a part of the CaosDB Project.
+ *
+ * Copyright (C) 2018 Research Group Biomedical Physics,
+ * Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ** end header
+ */
+// Pam Authentication
+// A. Schlemmer, 07/2018
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+char * password; // needs to be global
+int supply_password(int num_msg, const struct pam_message **msgm,
+                    struct pam_response **responsep, void *appdata_ptr) {
+  struct pam_response* response = (struct pam_response*)calloc(sizeof(struct pam_response), num_msg);
+  int i;
+  for (i=0; i<num_msg; i++) {
+    if (msgm[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+      response[i].resp = strdup(password);
+      response[i].resp_retcode = 0;
+    }
+  }
+  *responsep = response;
+  return PAM_SUCCESS;
+}
+static struct pam_conv conv =
+  {
+   supply_password,
+   NULL
+  };
+int main(int args, char** argv) {
+  if (args != 3) {
+    fprintf(stderr, "Usage: pam_authentication username password\n");
+    return 2;
+  }
+  pam_handle_t *pamh;
+  char * username = argv[1];
+  password = argv[2];
+  int res = pam_start("login", username, &conv, &pamh);
+  if (!res == PAM_SUCCESS) {
+    fprintf(stderr, "Error in starting pam authentication.\n");
+    return 2;
+  }
+  res = pam_authenticate(pamh, 0);
+  // printf("Return code %i: %s\n", res, pam_strerror(pamh, res));
+  return res;
+}
--- a/misc/pam_authentication/pam_authentication.sh
+++ b/misc/pam_authentication/pam_authentication.sh
+#!/bin/bash
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+if ./bin/pam_authentication $1 $2 ; then
+    echo "[OK]"
+    exit 0
+else
+    echo "[FAILED]"
+    exit 1
+fi
--- a/misc/pam_authentication/test_authentication.sh
+++ b/misc/pam_authentication/test_authentication.sh
+#!/bin/bash
+#
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2018 Research Group Biomedical Physics,
+# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+#
+exit 0