Homework 3: Password Client

Educational Objectives: After completing this assignment, the student should have the following knowledge, ability, and skills:

Operational Objectives: Create a client of PWServer that simulates a password authentication system, along with makefiles makefile.linprog and makefile.program that create an executable named pwclient.x (on linprog and program, respectively).

Deliverables: Three files pwclient.cpp, makefile.linprog, and makefile.program.

The PWServer Class

The class PWServer is defined in the file pwserver.h. The (public) interface of a PWServer object is as follows:

PWServer Files

The interaction of a PWServer object with its files follows a few simple rules:

  1. Each file begins with the number of usernames contained in the file and is followed by that number of lines. Each of these subsequent lines contains a username followed by an integer, the signature for that username. These files cannot be created with an editor, because the signature depends on the username, the user password (known only to the user), and the hashing algorithm.
  2. The input file (whose name is the first constructor argument) is read one time to initialize the object. This file is closed after the initial read and never disturbed again. It therefore remains as a record of how the object was initialized.
  3. The output file (whose name is the second constructor argument) is opened, written, and closed whenever the password file data is changed in the PWServer object. It is also written by the destructor. Therefore this file serves as a record of the state of the PWServer object at the time it goes out of existence.
  4. A typical use scenario would be to stop the current PWServer object at midnight, copy its output file to the next day's startup file, and then start another PWServer object. An appropriate naming scheme for the files serves as a daily record of changes in the system user list and their signatures.
  5. You can create your own pw files using pwc.x and the CreateUser option.

The third constructor parameter is used to limit the number of users in the system that are served by a given PWServer object.

The Identification/Authentication/Authorization model for access control

The class PWServer conforms to a standard model for controlled access to computer services known as the IAA model, where access is controlled via a three-step process:

  1. Identification: The person or agent making a request for service is identified, in this situation by providing a user ID or username.
  2. Authentication. Once the agent asserts an identity, this identity is verified, or authenticated, by an independent item of information, the password. The password should satisfy certain rules:
    1. The password is known to the agent, who has responsibility to keep it private.
    2. The password is not known to or stored by the authentication system.
    3. The password (together with the username) is hashed to an unsigned integer value by a hashing algorithm (aka hash function). The input to the hash function is called a key. The output of the hash function is called a hash value or, in this particular context, a signature.
    4. The hashing algorithm may be publicly known.
    5. The signatures associated with keys may also be publicly readable.
    6. The hashing algorithm maps keys to numbers in a way that is mathematically irreversible, so that no formula mapping signature back to the key that generated it is possible; and it is pragmatically impractical to guess a key from its signature.
  3. Authorization. Once an agent is identified and authenticated, a database of services to which that agent is entitled or permitted is accessed, and those services are made available.

The intended use of a password server is to provide the identification and authentication phases of the model. For more about hashing, see the lecture notes Hashing, Hash Functions, and Their Uses.

Procedural Requirements

  1. Create and work within a separate subdirectory cop3330/hw3. Review the COP 3330 rules found in Introduction/Work Rules.

  2. Begin by copying the following files from the course directory /home/courses/cop3330p/fall09/ into your hw3 directory:

    hw3/pwserver.h   # defines class PWServer 
    hw3/xstring.h    # defines class fsu::String
    hw3/pwserver_s.o # PWServer implementation machine code - Sun/Unix
    hw3/pwserver_i.o # PWServer implementation machine code - Intel/Linux
    hw3/pwclient_s.o # example pwclient implementation machine code - Sun/Unix
    hw3/pwclient_i.o # example pwclient implementation machine code - Intel/Linux
    hw3/pwf1         # example password files
    hw3/pwf2
    hw3/pwf3
    hw3/hw3submit.sh # submit script
    

    The naming of the *.o files uses the convention that _s are compiled for Sun/Solaris and _i are compiled for Intel/Linux. Note that these files are object code, as would be stored in a library. They can be used in the linking step of compilation to create executables. The pwserver_?.o files contain compiled code for the PWServer object and must be used when you compile your client program. The pwclient_?.o files contain compiled code for the model solution pwclient.cpp and must be used when to create an example executable.

  3. Create an example executable from the distributed machine code files using one of the commands

    g++ -opwc.x pwclient_i.o pwserver_i.o # on linprog
    g++ -opwc.x pwclient_s.o pwserver_s.o # on program
    

    The executable so created is an example solution for this assignment. Use this example executable to experiment to get an understanding of how your program should behave.

  4. Copy one of the distributed object files to "pwserver.o", depending on whether you are doing your development on program (Sun) or linprog (Intel). This file is the machine code implementation of class PWServer defined in pwserver.h.

  5. Create a file pwclient.cpp that contains a main program that is a client of class PWServer, i.e., that creates and uses an object of type PWServer. You should be able to make use of sample code fragments in Chapter 3 of the lecture notes in the design of this program.

  6. Turn in three files makefile.linprog, makefile.program, and pwclient.cpp using the hw3submit.sh submit script.

    Warning: Submit scripts do not work on the program and linprog servers. Use shell.cs.fsu.edu to submit projects. If you do not receive the second confirmation with the contents of your project, there has been a malfunction.

Technical Requirements and Specifications

  1. The program must have these include statements:

    #include <xstring.h>
    #include <pwserver.h>
    

    near the top of the file. Note that angle brackets are required. Quotes will not do.

  2. The program must respond to the same basic menu commands as the distributed pwc.x you create as described under Procedure Requirement 3 above. (This requirement is necessary for automated testing of your program.) You may add your own options as well.

  3. Your program should use command line arguments to specify the input and output file names. There is source code demonstrating how to program with command line arguments in the file fall09/examples/commandLineArguments.cpp

  4. Compile the client for linprog with these commands:

    g++ -c -I/home/courses/cop3330p/fall09/hw3 pwclient.cpp
    g++ -opwclient.x /home/courses/cop3330p/fall09/hw3/pwserver_i.o pwclient.o
    

    (Substitute "_s" for "_i" to compile for program.)

    The project should compile error- and warning-free on both program and linprog.

  5. Create makefiles makefile.linprog and makefile.program that results in pwclient.x for linprog and program, respectively, using the commands in the previous step.

  6. Test your client program. The client should behave like the supplied model pwc.x that you build from the distributed object code as described in Procesural Requirement 3.

  7. You may assume that usernames and passwords have no more than 20 characters. Use declared constants!

Hints