Merge branch 'dev/next' of https://github.com/Tripwire/tripwire-open-source into dev/next

2017-08-25 19:02:30 -07:00 · 2017-08-25 19:02:30 -07:00 · dbc48d0326
parent f4263cf2b8 55020401d9
commit dbc48d0326
46 changed files with 338 additions and 537 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -14,5 +14,6 @@ uninstall-hook:
 check:
 	rm -Rf $(top_srcdir)/src/test-harness/twtest
 	rm -Rf $(top_srcdir)/bin/TWTestData
 	cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
-	$(top_srcdir)/bin/twtest all
+	cd $(top_srcdir)/bin && ./twtest all
--- a/Makefile.in
+++ b/Makefile.in
@ -809,8 +809,9 @@ uninstall-hook:
 check:
 	rm -Rf $(top_srcdir)/src/test-harness/twtest
 	rm -Rf $(top_srcdir)/bin/TWTestData
 	cd $(top_srcdir)/src/test-harness && perl ./twtest.pl
-	$(top_srcdir)/bin/twtest all
+	cd $(top_srcdir)/bin && ./twtest all
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/src/core/displayencoder.cpp
+++ b/src/core/displayencoder.cpp
@ -653,6 +653,9 @@ cEncoder::cEncoder( int e, int f )
 cEncoder::~cEncoder() 
 {
    sack_type::iterator itr;
    for( itr = m_encodings.begin(); itr != m_encodings.end(); ++itr)
        delete *itr;
 }
 bool cEncoder::RoundTrip() const
--- a/src/core/fsservices.h
+++ b/src/core/fsservices.h
@ -290,8 +290,6 @@ class iFSServices
  virtual bool    Rename( const TSTRING& strOldName, const TSTRING& strNewName, bool fOverWrite = true ) const = 0;
  // rename a file
  virtual bool        GetOwnerForFile( const TSTRING& tstrFilename, TSTRING& tstrUser ) const = 0;
  virtual bool        GetGroupForFile( const TSTRING& tstrFilename, TSTRING& tstrGroup ) const = 0;
  virtual bool        GetUserName( uid_t user_id, TSTRING& tstrUser ) const = 0;
  virtual bool        GetGroupName( gid_t group_id, TSTRING& tstrGroup ) const = 0;
--- a/src/core/hashtable.h
+++ b/src/core/hashtable.h
@ -316,6 +316,7 @@ cHashTable<KEY_TYPE, VAL_TYPE, COMPARE_OP, CONVERTER>::~cHashTable()
            }
        }
    }
    delete [] mTable;
 }
 ////////////////////////////////////////////////////////////////////////////////
--- a/src/core/haval.cpp
+++ b/src/core/haval.cpp
@ -275,6 +275,7 @@ static uint8 padding[128] = {        /* constants for padding */
  }                                                \
 }
 #if 0 //unused in OST
 /* hash a string */
 void haval_string (char *string, uint8 fingerprint[FPTLEN >> 3])
@ -330,6 +331,7 @@ void haval_stdin ()
    putchar(fingerprint[i]);
  }
 }
 #endif
 /* initialization */
 void haval_start (haval_state *state)
--- a/src/core/haval.h
+++ b/src/core/haval.h
@ -117,10 +117,12 @@ typedef struct {
 #define P_(s) s
 //Old prototyping stuff... I will ignore it for now.
-
+#if 0 //unused in OST
 void haval_string P_((char *, uint8 *)); /* hash a string */
 int  haval_file P_((char *, uint8 *));   /* hash a file */
 void haval_stdin P_((void));                     /* filter -- hash input from stdin */
 #endif
 void haval_start P_((haval_state *));            /* initialization */
 void haval_hash P_((haval_state* state, uint8* str, int str_len));
 void haval_end P_((haval_state *, uint8 *)); /* finalization */
--- a/src/core/platform.h
+++ b/src/core/platform.h
@ -80,6 +80,7 @@
 #define OS_MINT         0x0507
 #define OS_AROS         0x0508
 #define OS_RTEMS        0x0509   
 #define OS_RISCOS       0x050A
 #define COMP_UNKNOWN        0
 #define COMP_GCC            0x0001
@ -214,9 +215,10 @@
    #define OS                  OS_RTEMS
    #define IS_RTEMS            1
-#else
+#elif defined(__riscos__)
-//  OK for OS not to resolve, it's being phased out.
+    #define OS                  OS_RISCOS
-//    #error Unknown OS
+    #define IS_RISCOS           1
 #endif
@ -300,7 +302,7 @@
 #define SUPPORTS_ST_BLOCKS          (!IS_DOS_DJGPP)
 #define SUPPORTS_POSIX_SIGNALS      (!IS_DOS_DJGPP)
 #define SUPPORTS_NETWORKING         (!IS_SORTIX && !IS_DOS_DJGPP)
-#define SUPPORTS_SYSLOG             (HAVE_SYSLOG_H && !IS_SKYOS)
+#define SUPPORTS_SYSLOG             (HAVE_SYSLOG_H && !IS_SKYOS && !IS_RISCOS)
 #define NEEDS_SWAB_IMPL             (IS_SYLLABLE || IS_ANDROID || IS_SORTIX)
 #define USES_MBLEN                  (!IS_ANDROID && !IS_AROS)
 #define USES_DEVICE_PATH            (IS_AROS || IS_DOS_DJGPP)
--- a/src/core/unixfsservices.cpp
+++ b/src/core/unixfsservices.cpp
@ -368,7 +368,7 @@ void cUnixFSServices::Stat( const TSTRING& strNameC, cFSStatArgs& stat) const
 #ifdef S_IFDOOR
    else if(S_ISDOOR(statbuf.st_mode))  stat.mFileType = cFSStatArgs::TY_DOOR;
 #endif
-#ifdef S_IFPORT
+#ifdef S_ISPORT
    else if(S_ISPORT(statbuf.st_mode))  stat.mFileType = cFSStatArgs::TY_PORT;
 #endif
@ -497,43 +497,6 @@ void cUnixFSServices::SetResolveNames(bool resolve)
    mResolveNames=resolve;
 }
 bool cUnixFSServices::GetOwnerForFile( const TSTRING& tstrFilename, TSTRING& tstrUser ) const 
 {
    bool fSuccess = true;
    struct stat statbuf;
    int ret = lstat(tstrFilename.c_str(), &statbuf);    
    if(ret < 0)
    {
        fSuccess = false;
    }
    else
    {
        fSuccess = GetUserName(statbuf.st_uid, tstrUser);
    }
    return( fSuccess );
 }
 bool cUnixFSServices::GetGroupForFile( const TSTRING& tstrFilename, TSTRING& tstrGroup ) const 
 {    
    bool fSuccess = true;
    struct stat statbuf;
    int ret = lstat(tstrFilename.c_str(), &statbuf);    
    if(ret < 0)
    {
        fSuccess = false;
    }
    else
    {
        fSuccess = GetGroupName(statbuf.st_gid, tstrGroup);
    }   
    return( fSuccess );
 }
 bool cUnixFSServices::GetUserName( uid_t user_id, TSTRING& tstrUser ) const
 {
@ -636,7 +599,7 @@ void cUnixFSServices::ConvertModeToString( uint64 perm, TSTRING& tstrPerm ) cons
            szPerm[0] = _T('D');
            break;
 #endif
-#ifdef S_IFPORT
+#ifdef S_ISPORT
        case S_IFPORT:
            szPerm[0] = _T('P');
            break;
--- a/src/core/unixfsservices.h
+++ b/src/core/unixfsservices.h
@ -132,8 +132,6 @@ class cUnixFSServices : public iFSServices
  virtual bool    Rename( const TSTRING& strOldName, const TSTRING& strNewName, bool fOverWrite = true ) const;
  // rename a file
  virtual bool        GetOwnerForFile( const TSTRING& tstrFilename, TSTRING& tstrUser ) const;
  virtual bool        GetGroupForFile( const TSTRING& tstrFilename, TSTRING& tstrGroup ) const;
  virtual bool        GetUserName( uid_t user_id, TSTRING& tstrUser ) const;
  virtual bool        GetGroupName( gid_t group_id, TSTRING& tstrGroup ) const;
--- a/src/fs/fsparserutil.cpp
+++ b/src/fs/fsparserutil.cpp
@ -83,6 +83,11 @@ bool cFSParserUtil::MapStringToProperty( const TSTRING& str, int& propIndex ) co
            default:  fMappedChar = false;                  break;
        }
    }
    else
        fMappedChar = false;
 /* Leaving this here in case we ever want to implement long property names
    else
    {
        if( 0 == str.compare( TSS_GetString( cFS, fs::STR_PARSER_PROP_MODE ) ) )
@ -122,6 +127,7 @@ bool cFSParserUtil::MapStringToProperty( const TSTRING& str, int& propIndex ) co
        else
            fMappedChar = false;
    }
 */
    return( fMappedChar );
 }
--- a/src/fs/fspropcalc.cpp
+++ b/src/fs/fspropcalc.cpp
@ -85,20 +85,32 @@ static bool NeedsStat(const cFCOPropVector& v)
 ///////////////////////////////////////////////////////////////////////////////
-static bool GetSymLinkStr(const TSTRING& strName, cArchive& arch)
+bool cFSPropCalc::GetSymLinkStr(const TSTRING& strName, cArchive& arch, size_t size)
 {
-    char buf[1024]; // TODO: is this big enough?
+    std::vector<char> data(size+1);
    char* buf = &data[0];
 #if defined(O_PATH) 
    int fd = open(strName.c_str(), (O_PATH | O_NOFOLLOW | O_NOATIME));
-    int rtn = readlinkat(fd, 0, buf, 1024);
+    int rtn = readlinkat(fd, 0, buf, size);
    close(fd);
 #else
-    int rtn = readlink( strName.c_str(), buf, 1024 );
+    int rtn = readlink( strName.c_str(), buf, size );
 #endif
    if(rtn == -1)
        return false;
    //Sadly if buf isn't big enough readlink 'succeeds' by truncating the string, so the only
    // clue your buffer might be too small is if you maxed it out.  So we try again, within reason.
    if((size_t)rtn == size)
    {
        if(size < 128*TW_PATH_SIZE)
            return GetSymLinkStr(strName, arch, size*2);
        return false;
    }
    // the return value is the number of characters written.
    arch.WriteBlob(buf, rtn);   
--- a/src/fs/fspropcalc.h
+++ b/src/fs/fspropcalc.h
@ -53,6 +53,12 @@
 #include "core/archive.h"
 #include "fspropset.h"
 #ifdef PATH_MAX
 # define TW_PATH_SIZE PATH_MAX
 #else
 # define TW_PATH_SIZE 1024
 #endif
 TSS_FILE_EXCEPTION( eFSPropCalc,                eFileError )
 //TSS_EXCEPTION( eFSPropCalcResetAccessTime,    eFSPropCalc ) // this was never used
@ -80,6 +86,8 @@ public:
    virtual int                     GetCalcFlags() const;
    virtual void                    SetCalcFlags( int i );
    static bool GetSymLinkStr(const TSTRING& strName, cArchive& arch, size_t size = TW_PATH_SIZE);
 private:
    cFSPropCalc( const cFSPropCalc& );
    void operator =( const cFSPropCalc& );
--- a/src/fs/fsstrings.cpp
+++ b/src/fs/fsstrings.cpp
@ -74,7 +74,8 @@ TSS_BeginStringtable( cFS )
    TSS_StringEntry( fs::STR_PROP_HAVAL,                _T("HAVAL") ),
    TSS_StringEntry( fs::STR_PROP_ACL,                  _T("ACL Placeholder -- Not Implemented") ),
-    // TODO: get actual strings
+/*  Leaving these here in case we ever implement long property names
    TSS_StringEntry( fs::STR_PARSER_PROP_DEV,           _T("unimplemented") ),
    TSS_StringEntry( fs::STR_PARSER_PROP_RDEV,          _T("unimplemented") ),
    TSS_StringEntry( fs::STR_PARSER_PROP_INODE,         _T("unimplemented") ),
@ -94,7 +95,7 @@ TSS_BeginStringtable( cFS )
    TSS_StringEntry( fs::STR_PARSER_PROP_MD5,           _T("unimplemented") ),
    TSS_StringEntry( fs::STR_PARSER_PROP_SHA,           _T("unimplemented") ),
    TSS_StringEntry( fs::STR_PARSER_PROP_HAVAL,         _T("unimplemented") ),
-
+*/
    TSS_StringEntry( fs::STR_PARSER_READONLY,           _T("ReadOnly")),
    TSS_StringEntry( fs::STR_PARSER_DYNAMIC,            _T("Dynamic")),
    TSS_StringEntry( fs::STR_PARSER_GROWING,            _T("Growing")),
--- a/src/fs/fsstrings.h
+++ b/src/fs/fsstrings.h
@ -78,6 +78,7 @@ TSS_BeginStringIds( fs )
    STR_PROP_HAVAL,
    STR_PROP_ACL,
 /* Leaving these here in case we ever implement long property names
    STR_PARSER_PROP_DEV,
    STR_PARSER_PROP_RDEV,
    STR_PARSER_PROP_INODE,
@ -97,7 +98,7 @@ TSS_BeginStringIds( fs )
    STR_PARSER_PROP_MD5,
    STR_PARSER_PROP_SHA,
    STR_PARSER_PROP_HAVAL,
-    
+*/    
    STR_PARSER_READONLY,
    STR_PARSER_DYNAMIC,
    STR_PARSER_GROWING,
--- a/src/test-harness/tests/dbupdate.pm
+++ b/src/test-harness/tests/dbupdate.pm
@ -168,7 +168,11 @@ sub RunBasicTest
    # do the database update...
    #
-	twtools::UpdateDatabase();
+    if (0 != twtools::UpdateDatabase())
    {
        twtools::logStatus("FAILED -- db update did not succeed\n");
        return 0;
    }
    # do another IC and make sure there are no violations
    #
@ -195,10 +199,6 @@ sub RunSecureModeTest
    twtools::logStatus("*** Beginning dbupdate.secure-mode test\n");
    printf("%-30s", "-- dbupdate.secure-mode test");
 	++$twtools::twskippedtests;
 	print "SKIPPED - this test needs further investigation\n";
 	return 1;
    PrepareForTest();
    # make a violation and generate a report
@ -226,10 +226,20 @@ sub RunSecureModeTest
    #
    twtools::UpdateDatabase( { report => $report1 } );
    # Try to update the database with report 1 again ... this should fail
    # in secure-mode == high because the db can't accept same changes again.
    #
    if( 0 == twtools::UpdateDatabase(
    { report => $report1, secure-mode => "high" } ) )
    {
        twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
        return 0;
    }
    # Try to update the database with report 2 ... this should fail
    # in secure-mode == high because the "old" values don't match.
    #
-	if( twtools::UpdateDatabase(
+    if( 0 == twtools::UpdateDatabase(
        { report => $report2, secure-mode => "high" } ) )
    {
        twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
@ -239,7 +249,7 @@ sub RunSecureModeTest
    # do a high severity update with report3 -- this should 
    # succeed 
    #
-	if( ! twtools::UpdateDatabase(
+    if(  0 != twtools::UpdateDatabase(
        { report => $report3, secure-mode => "high" } ) )
    {
        twtools::logStatus("FAILED ... Update with report 3 failed\n");
@ -250,14 +260,14 @@ sub RunSecureModeTest
    # doesn't exist in the database at all. This should
    # succeed in low but fail in high.
    #
-	if( twtools::UpdateDatabase(
+    if( 0 == twtools::UpdateDatabase(
        { report => $report2, secure-mode => "high" } ) )
    {
        twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
        return 0;
    }
-	if( ! twtools::UpdateDatabase(
+    if( 0 != twtools::UpdateDatabase(
        { report => $report2, secure-mode => "low" } ) )
    {
        twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");
--- a/src/test-harness/twtools.pm
+++ b/src/test-harness/twtools.pm
@ -273,9 +273,13 @@ sub GeneratePolicyFile {
    print "generating policy file...\n" if $verbose;
-    logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`);
+    my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
@ -291,9 +295,13 @@ sub CreatePolicy {
    print "generating policy file...\n" if $verbose;
-    logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`);
+    my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
@ -305,9 +313,13 @@ sub InitializeDatabase {
    my ($twmsg) = @_;
    print "initializing database for '$twmsg' test...\n" if $verbose;
-    logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`);
+    my (@out) = `$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
@ -317,13 +329,17 @@ sub InitializeDatabase {
 sub UpdateDatabase {
    my (%params) = %{$_[0]};
-    $params{'report'}      = $reportloc if( ! defined($params{'report'}) );
+    $params{report}      = $reportloc if( ! defined($params{report}) );
-    $params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
+    $params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
    print "updating database for '$twmsg' test...\n" if $verbose;
-    logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{'report'} 2>&1`);
+    my (@out) = `$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{report} 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
 ######################################################################
@ -332,10 +348,10 @@ sub UpdateDatabase {
 sub UpdatePolicy {
    my (%params) = %{$_[0]};
-    $params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
+    $params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
    print "updating policy for '$twmsg' test...\n" if $verbose;
-    logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
+    logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
    return ($? == 0);
 }
--- a/src/tw/twutil.cpp
+++ b/src/tw/twutil.cpp
@ -332,61 +332,6 @@ bool cTWUtil::IsObjectEncrypted( const TCHAR* objFileName, const cFileHeaderID&
    return( fEncrypted );
 }
 bool cTWUtil::IsObjectEncrypted( cArchive &arch, const cFileHeaderID& fhid, const TSTRING& errorMsg )
 {
    bool fEncrypted = false;
    cDebug d("IsObjectEncrypted");
    d.TraceDebug(_T("Reading from archive\n"));
    try
    {
        cFileHeader fileHeader;
        cSerializerImpl fhSer(arch, cSerializerImpl::S_READ, TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME).c_str());
        fileHeader.Read(&fhSer);
        // check for a mismatched header
        if (fileHeader.GetID() != fhid)
            ThrowAndAssert(eSerializerInputStreamFmt(_T(""), TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME).c_str(), eSerializer::TY_FILE));
        // switch on the type of encoding...
        if(fileHeader.GetEncoding() == cFileHeader::ASYM_ENCRYPTION)
        {
            fEncrypted = true;
        }
        else if(fileHeader.GetEncoding() == cFileHeader::COMPRESSED)
        {
            fEncrypted = false;
        }
        else
            // unknown encoding...
            ThrowAndAssert(eSerializerInputStreamFmt(_T(""), TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME).c_str(), eSerializer::TY_FILE));
    }
    catch(eArchive& e)
    {
        // Note: Output to TCERR is O.K. here, it is documented that this is what this function does
        TSTRING msg = e.GetMsg();
        if( ! msg.empty() )
            msg += _T("\n");
        msg += errorMsg;
        cTWUtil::PrintErrorMsg(ePoly(e.GetID(), msg, e.GetFlags() ));
        ThrowAndAssert(ePoly());
    }
    catch(eSerializer& e)
    {
        // Note: Output to TCERR is O.K. here, it is documented that this is what this function does
        TSTRING msg = e.GetMsg();
        if( ! msg.empty() )
            msg += _T("\n");
        msg += errorMsg;
        cTWUtil::PrintErrorMsg(ePoly(e.GetID(), msg, e.GetFlags() ));
        ThrowAndAssert(ePoly());
    }
    return( fEncrypted );
 }
 ///////////////////////////////////////////////////////////////////////////////
 // WriteDatabase
@ -452,20 +397,6 @@ void cTWUtil::WriteReport(const TCHAR* filename, const cFCOReportHeader& reportH
 }
 void cTWUtil::WriteReport(cArchive &archive, const cFCOReportHeader& reportHeader, const cFCOReport& r, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey)
 {
    cFileHeader fileHeader;
    fileHeader.SetID(cFCOReport::GetFileHeaderID());
    TSTRING filename = TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME);
    WriteObjectToArchive(archive, filename.c_str(), &reportHeader, r, fileHeader, bEncrypt, pPrivateKey);
    iUserNotify::GetInstance()->Notify( iUserNotify::V_NORMAL, _T("%s%s\n"),
                                        TSS_GetString( cTW, tw::STR_WRITE_REPORT_FILE).c_str(), 
                                        cDisplayEncoder::EncodeInline( filename ).c_str() );
 }
 ///////////////////////////////////////////////////////////////////////////////
 // ReadReport
 ///////////////////////////////////////////////////////////////////////////////
@ -478,16 +409,6 @@ void cTWUtil::ReadReport(const TCHAR* reportFileName, cFCOReportHeader& reportHe
    ReadObject(reportFileName, &reportHeader, r, cFCOReport::GetFileHeaderID(), pPublicKey, bEncrypted);
 }
 void cTWUtil::ReadReport(cArchive &archive, cFCOReportHeader& reportHeader, cFCOReport& r, const cElGamalSigPublicKey* pPublicKey, bool silent, bool& bEncrypted)
 {
    TSTRING filename = TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME);
    iUserNotify::GetInstance()->Notify( iUserNotify::V_VERBOSE, _T("%s%s\n"),
                                        TSS_GetString( cTW, tw::STR_OPEN_REPORT_FILE).c_str(), 
                                        cDisplayEncoder::EncodeInline( filename ).c_str());
    ReadObjectFromArchive(archive, filename.c_str(), &reportHeader, r, cFCOReport::GetFileHeaderID(), pPublicKey, bEncrypted);
 }
 ///////////////////////////////////////////////////////////////////////////////
 // UpdatePolicyFile
@ -598,38 +519,6 @@ void cTWUtil::WriteConfigText(const TCHAR* filename, const TSTRING configText, b
                                        cDisplayEncoder::EncodeInline( filename ).c_str() );
 }
 void cTWUtil::WriteConfigText(cArchive &archive, const TSTRING configText, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey)
 {
    cSerializableNString nstring;
    nstring.mString = CONFIG_FILE_MAGIC_8BYTE;
    TSTRING filename = TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME);
    std::string ns;
    cStringUtil::Convert( ns, configText );
    nstring.mString += ns;
    cFileHeader fileHeader;
    fileHeader.SetID(cConfigFile::GetFileHeaderID());
    fileHeader.SetVersion(CURRENT_FIXED_VERSION);
    if (bEncrypt)
    {
        ASSERT(pPrivateKey != 0);
        cElGamalSigPublicKey publicKey(*pPrivateKey);
        fileHeader.GetBaggage().MapArchive(0, publicKey.GetWriteLen());
        publicKey.Write(fileHeader.GetBaggage().GetMap());
    }
    WriteObjectToArchive(archive, filename.c_str(), NULL, nstring, fileHeader, bEncrypt, pPrivateKey);
    iUserNotify::GetInstance()->Notify( iUserNotify::V_NORMAL, _T("%s%s\n"),
                                        TSS_GetString( cTW, tw::STR_WRITE_CONFIG_FILE).c_str(), 
                                        cDisplayEncoder::EncodeInline( filename ).c_str());
 }
 ///////////////////////////////////////////////////////////////////////////////
 // ReadConfigText
@ -742,111 +631,6 @@ void cTWUtil::ReadConfigText(const TCHAR* filename, TSTRING& configText, cArchiv
 }  
 void cTWUtil::ReadConfigText(cArchive &arch, TSTRING& configText, cArchive* pBaggage)
 {
 // TODO -- neat up this function; try to use LoadObject() above...
    cSerializableNString nstring;
    TSTRING filename = TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME);
    // This was coppied from ReadObject().  We need to use the baggage of the
    // file header to obtain the public key, thus the special casing.
    cDebug d("ReadConfigText");
    d.TraceDebug(_T("Reading %s from file %s\n"), nstring.GetType().AsString(), filename.c_str());
    iUserNotify::GetInstance()->Notify( iUserNotify::V_VERBOSE, _T("%s%s\n"),
                                        TSS_GetString( cTW, tw::STR_OPEN_CONFIG_FILE).c_str(), 
                                        cDisplayEncoder::EncodeInline( filename ).c_str());
    cFileHeader fileHeader;
    try
    {
        cSerializerImpl fhSer(arch, cSerializerImpl::S_READ);
        fileHeader.Read(&fhSer);
    }
    catch (eError&)
    {
        throw eSerializerInputStreamFmt(_T(""), filename.c_str(), eSerializer::TY_FILE);
    }
 #if 0   // XXX: This is broken, how can you convert a class to an int??? -PH
    d.TraceDebug("Found a file header of type %d.\n", fileHeader.GetEncoding());
 #endif
    // check for a mismatched header
    if (fileHeader.GetID() != cConfigFile::GetFileHeaderID())
        throw eSerializerInputStreamFmt(_T(""), filename.c_str(), eSerializer::TY_FILE);
    // check the version
    if (fileHeader.GetVersion() != CURRENT_FIXED_VERSION)
        throw eSerializerVersionMismatch(_T(""), filename.c_str(), eSerializer::TY_FILE);
    // switch on the type of encoding...
    if(fileHeader.GetEncoding() == cFileHeader::ASYM_ENCRYPTION)
    {
        d.TraceDebug("Config file is compressed, public key len %d.\n", fileHeader.GetBaggage().Length());
        // tell the user the db is encrypted
        iUserNotify::GetInstance()->Notify( iUserNotify::V_VERBOSE, TSS_GetString(cTW, tw::STR_FILE_ENCRYPTED).c_str());
        iUserNotify::GetInstance()->Notify( iUserNotify::V_VERBOSE, TSS_GetString(cTW, tw::STR_NEWLINE).c_str());
        ASSERT(fileHeader.GetBaggage().Length() > 0);
        if (fileHeader.GetBaggage().Length() <= 0)
            ThrowAndAssert(eSerializerInputStreamFmt(_T(""), filename.c_str(), eSerializer::TY_FILE));
        fileHeader.GetBaggage().MapArchive(0, fileHeader.GetBaggage().Length());
        cElGamalSigPublicKey publicKey(fileHeader.GetBaggage().GetMap());
        cElGamalSigArchive cryptoArchive;
        cryptoArchive.SetRead(&arch, &publicKey);
        cSerializerImpl ser(cryptoArchive, cSerializerImpl::S_READ);            
        ser.Init();
        ser.ReadObject(&nstring);
        ser.Finit();
        // copy the baggage into the archive, if it was passed in
        // Note: We rely in VerifySiteKey that we only fill out pBaggage if
        // the config file is encrypted.
        //
        if( pBaggage )
        {
            fileHeader.GetBaggage().Seek( 0, cBidirArchive::BEGINNING );
            pBaggage->Copy( &fileHeader.GetBaggage(), fileHeader.GetBaggage().Length() );
        }
    }
    else if(fileHeader.GetEncoding() == cFileHeader::COMPRESSED)
    {
        d.TraceDebug("Config file is not compressed.\n");
        //not encrypted db...
        cNullCryptoArchive cryptoArchive;
        cryptoArchive.Start(&arch);
        cSerializerImpl ser(cryptoArchive, cSerializerImpl::S_READ);            
        ser.Init();
        ser.ReadObject(&nstring);
        ser.Finit();
    }
    else
        // unknown encoding...
        throw eSerializerInputStreamFmt(_T(""), filename.c_str(), eSerializer::TY_FILE);
    // check 8 byte header
    if (nstring.mString.compare(0, 8*sizeof(byte), CONFIG_FILE_MAGIC_8BYTE) != 0)
        ThrowAndAssert(eSerializerInputStreamFmt(_T(""), filename.c_str(), eSerializer::TY_FILE));
    // remove 8 byte header
    nstring.mString.assign(nstring.mString.substr(8));
    cStringUtil::Convert( configText, nstring.mString );
 }
 ///////////////////////////////////////////////////////////////////////////////
 // Given a filename and the text of a policy file, write an encrypted version
 // of the policy file text to disk.  
@ -871,26 +655,6 @@ void cTWUtil::WritePolicyText(const TCHAR* filename, const std::string& polText,
                                        cDisplayEncoder::EncodeInline( filename ).c_str() );
 }
 void cTWUtil::WritePolicyText(cArchive &archive, const std::string& polText, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey)
 {
    cSerializableNString nstring;
    TSTRING filename = TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME);
    // add a 8 byte header we can use to verify decryption
    nstring.mString = POLICY_FILE_MAGIC_8BYTE;
    nstring.mString += polText;
    cFileHeader fileHeader;
    fileHeader.SetID(cPolicyFile::GetFileHeaderID());
    WriteObjectToArchive(archive, filename.c_str(), NULL, nstring, fileHeader, bEncrypt, pPrivateKey);
    iUserNotify::GetInstance()->Notify( iUserNotify::V_NORMAL, _T("%s%s\n"),
                                        TSS_GetString( cTW, tw::STR_WRITE_POLICY_FILE).c_str(), 
                                        cDisplayEncoder::EncodeInline( filename ).c_str());
 }
 ///////////////////////////////////////////////////////////////////////////////
 // ReadPolicyText
@ -917,24 +681,6 @@ void cTWUtil::ReadPolicyText(const TCHAR* filename, std::string& polText, const
    polText = nstring.mString;
 }
 void cTWUtil::ReadPolicyText(cArchive &archive, std::string& polText, const cElGamalSigPublicKey* pPublicKey)
 {
    cSerializableNString nstring;
    TSTRING filename = TSS_GetString( cTW, tw::STR_MEMORY_MAPPED_FILENAME);
    bool bEncrypted;
    ReadObjectFromArchive(archive, filename.c_str(), NULL, nstring, cPolicyFile::GetFileHeaderID(), pPublicKey, bEncrypted);
    // check 8 byte header
    if (nstring.mString.compare(0, 8*sizeof(byte), POLICY_FILE_MAGIC_8BYTE) != 0)
        ThrowAndAssert(eSerializerInputStreamFmt(_T(""), filename.c_str(), eSerializer::TY_FILE));
    // remove 8 byte header
    nstring.mString.assign(nstring.mString.substr(8));
    polText = nstring.mString;
 }
 ///////////////////////////////////////////////////////////////////////////////
 // OpenKeyFile
--- a/src/tw/twutil.h
+++ b/src/tw/twutil.h
@ -106,16 +106,16 @@ public:
        // if an error occurs, this will print the error message to stderr and throw eError.
    static void WriteReport (const TCHAR* filename, const cFCOReportHeader& reportHeader, const cFCOReport& r, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey);    // throw eError
-    static void WriteReport (cArchive &archive,     const cFCOReportHeader& reportHeader, const cFCOReport& r, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey);    // throw eError
+
    static void ReadReport  (const TCHAR* reportFileName, cFCOReportHeader& reportHeader, cFCOReport& r, const cElGamalSigPublicKey* pPublicKey, bool silent, bool& bEncrypted);    // throw eError
-    static void ReadReport  (cArchive &archive,           cFCOReportHeader& reportHeader, cFCOReport& r, const cElGamalSigPublicKey* pPublicKey, bool silent, bool& bEncrypted);    // throw eError
+
        // same as Read/WriteDatabase above, except it operates on reports
        // if an error occurs, this will print the error message to stderr and throw eError.
    static void WriteConfigText(const TCHAR* filename, const TSTRING configText, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey); // throw (eArchive())
-    static void WriteConfigText(cArchive &archive,     const TSTRING configText, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey); // throw (eArchive())
+
    static void ReadConfigText(const TCHAR* filename, TSTRING& configText, cArchive* pBaggage = 0);
-    static void ReadConfigText(cArchive &archive,     TSTRING& configText, cArchive* pBaggage = 0);
+
        // read and write config file text to and from disk.
        // if pBaggage is non-NULL, the contents of the baggage( ie -- the public key ) is copied to the archive.
        // eArchive is thrown if filename can not be opened
@ -123,9 +123,9 @@ public:
        // eConfigFile is thrown if config file does not parse correctly during reading
    static void WritePolicyText(const TCHAR* filename, const std::string& policyText, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey);
-    static void WritePolicyText(cArchive &archive,     const std::string& policyText, bool bEncrypt, const cElGamalSigPrivateKey* pPrivateKey);
+
    static void ReadPolicyText(const TCHAR* filename, std::string& policyText, const cElGamalSigPublicKey* pPublicKey);
-    static void ReadPolicyText(cArchive &archive,     std::string& policyText, const cElGamalSigPublicKey* pPublicKey);
+
        // read and write policy file to and from disk
        // eError() will be thrown on error
--- a/src/twparser/yylex.cpp
+++ b/src/twparser/yylex.cpp
@ -614,10 +614,10 @@ yy_scan::~yy_scan()
 {
    if (mustfree) {
        mustfree = 0;
-        delete(yytext);
+        delete [] yytext;
-        delete(state);
+        delete [] state;
 #ifdef YY_PRESERVE
-        delete(save);
+        delete [] save;
 #endif
    }
 }
--- a/src/twparser/yyparse.cpp
+++ b/src/twparser/yyparse.cpp
@ -419,12 +419,12 @@ yy_parse::yy_parse(int sz)
 yy_parse::~yy_parse()
 {
    if (mustfree) {
-        delete stateStack;
+        delete [] stateStack;
-        delete valueStack;
+        delete [] valueStack;
    }
    stateStack = (short *) 0;
 #if YYDEBUG
-    delete typeStack;
+    delete [] typeStack;
 #endif
 }
--- a/src/twtest/archive_t.cpp
+++ b/src/twtest/archive_t.cpp
@ -104,8 +104,8 @@ void TestArchive()
    // cLockedTemporaryFileArchive
-    TSTRING lockedFileName = TEMP_DIR;
+    TSTRING lockedFileName = TwTestPath("inaccessable_file.bin");
-    lockedFileName += _T("/inaccessable_file.bin");
+//    lockedFileName += _T("/inaccessable_file.bin");
    cLockedTemporaryFileArchive lockedArch;
@ -130,8 +130,8 @@ void TestArchive()
    lockedArch.Close();
    // cFileArchive 
-    TSTRING fileName = TEMP_DIR;
+    TSTRING fileName = TwTestPath("archive_test.bin");
-    fileName += _T("/archive_test.bin");
+    //fileName += _T("/archive_test.bin");
    cFileArchive filearch;
    filearch.OpenReadWrite(fileName.c_str());
--- a/src/twtest/blockfile_t.cpp
+++ b/src/twtest/blockfile_t.cpp
@ -41,11 +41,11 @@ void TestBlockFile()
 {
    cDebug d( "TestBlockFile" );
-    static const TCHAR fileName[] = _T("test.bf");
+    std::string fileName = TwTestPath("test.bf");
    // truncate the file I am going to use...
    //
    cFileArchive a;
-    a.OpenReadWrite( fileName );
+    a.OpenReadWrite( fileName.c_str() );
    a.Close();
    //
    // open up the block file...
--- a/src/twtest/blockrecordarray_t.cpp
+++ b/src/twtest/blockrecordarray_t.cpp
@ -41,7 +41,7 @@ void TestBlockRecordArray()
 {
    cDebug d( "TestBlockRecordArray" );
-    static const TCHAR fileName[] = _T("test.bf");
+    std::string fileName = TwTestPath("test2.bf");
    cBlockFile bf;
    bf.Open( fileName, 2, true );   // opened up with two pages
--- a/src/twtest/configfile_t.cpp
+++ b/src/twtest/configfile_t.cpp
@ -128,9 +128,6 @@ void TestConfigFile2(void)
    //Define some test values for <name, value> pairs to be
    //stored in a test config. module. I'm going to use the
    //values specified in the install doc. -DA
    TSTRING currpath;
    pFSServices->GetCurrentDir(currpath);
    const TSTRING testTWROOT = currpath;
    //TODO maybe also test read failure when mandatory config values aren't set
@ -145,7 +142,7 @@ void TestConfigFile2(void)
    write_cfgmod.Insert( _T("LOCALKEYFILE"), "local.key");
    //Filename for writing/reading some value pairs:
-    const TSTRING testfile = testTWROOT + _T("/tripwire.cfg");
+    const TSTRING testfile = TwTestPath("tripwire.cfg");
    //Store these values on disk.
    TSTRING configText;
--- a/src/twtest/cryptoarchive_t.cpp
+++ b/src/twtest/cryptoarchive_t.cpp
@ -70,7 +70,7 @@ void TestCryptoArchive()
        d.TraceDetail("Encrypting using symmetric key\n");
        cFileArchive outFile;
-        outFile.OpenReadWrite(TEMP_DIR _T("/crypted.bin"));
+        outFile.OpenReadWrite(TwTestPath("crypted.bin"));
        idea.SetKey(iCipher::ENCRYPT, ideaKey);
        cCryptoArchive outCrypt;
@ -90,7 +90,7 @@ void TestCryptoArchive()
        d.TraceDetail("Decrypting using symmetric key\n");
        cFileArchive inFile;
-        inFile.OpenRead(TEMP_DIR _T("/crypted.bin"));
+        inFile.OpenRead(TwTestPath("crypted.bin"));
        idea.SetKey(iCipher::DECRYPT, ideaKey);
        cCryptoArchive inCrypt;
@ -129,7 +129,7 @@ void TestCryptoArchive()
        d.TraceDetail("Signing using asymmetric key\n");
        cFileArchive outFile;
-        outFile.OpenReadWrite(TEMP_DIR _T("/rsacrypted.bin"));
+        outFile.OpenReadWrite(TwTestPath("rsacrypted.bin").c_str());
        cElGamalSigArchive outCrypt;
        outCrypt.SetWrite(&outFile, privateKey);
@ -149,7 +149,7 @@ void TestCryptoArchive()
        d.TraceDetail("Verifying using asymmetric key\n");
        cFileArchive inFile;
-        inFile.OpenRead(TEMP_DIR _T("/rsacrypted.bin"));
+        inFile.OpenRead(TwTestPath("rsacrypted.bin").c_str());
        cElGamalSigArchive inCrypt;
        inCrypt.SetRead(&inFile, publicKey);
@ -206,7 +206,7 @@ void TestCryptoArchive()
        d.TraceDetail("Encrypting using asymmetric key\n");
        cFileArchive outFile;
-        outFile.OpenReadWrite(TEMP_DIR _T("/rsacrypted.bin"));
+        outFile.OpenReadWrite(TwTestPath("rsacrypted.bin").c_str());
        cRSAArchive outCrypt;
        outCrypt.SetWrite(&outFile, publicKey);
@ -226,7 +226,7 @@ void TestCryptoArchive()
        d.TraceDetail("Decrypting using asymmetric key\n");
        cFileArchive inFile;
-        inFile.OpenRead(TEMP_DIR _T("/rsacrypted.bin"));
+        inFile.OpenRead(TwTestPath("rsacrypted.bin").c_str());
        cRSAArchive inCrypt;
        inCrypt.SetRead(&inFile, privateKey);
@ -252,7 +252,7 @@ void TestCryptoArchive()
        d.TraceDetail("Signing using asymmetric key\n");
        cFileArchive outFile;
-        outFile.OpenReadWrite(TEMP_DIR _T("/rsacrypted.bin"));
+        outFile.OpenReadWrite(TwTestPath("rsacrypted.bin").c_str());
        cRSAArchive outCrypt;
        outCrypt.SetWrite(&outFile, privateKey);
@ -272,7 +272,7 @@ void TestCryptoArchive()
        d.TraceDetail("Verifying using asymmetric key\n");
        cFileArchive inFile;
-        inFile.OpenRead(TEMP_DIR _T("/rsacrypted.bin"));
+        inFile.OpenRead(TwTestPath("rsacrypted.bin").c_str());
        cRSAArchive inCrypt;
        inCrypt.SetRead(&inFile, publicKey);
--- a/src/twtest/crytpo_t.cpp
+++ b/src/twtest/crytpo_t.cpp
@ -407,6 +407,8 @@ void TestCrypto()
    delete pPublic;
    delete pPrivate;
    delete pPublic2;
    delete pPrivate2;
    }
 }
--- a/src/twtest/dbdatasource_t.cpp
+++ b/src/twtest/dbdatasource_t.cpp
@ -173,7 +173,8 @@ static void AssertChildren(cDbDataSourceIter& iter, const TSTRING& filename, boo
 void TestDbDataSourceBasic()
 {
    cHierDatabase db;
-    db.Open( _T("test.db"), 5, true);
+    std::string dbpath = TwTestPath("test.db");
    db.Open( dbpath, 5, true);
    cDbDataSourceIter iter(&db);
    AddFile(iter, "file1", true);
--- a/src/twtest/debug_t.cpp
+++ b/src/twtest/debug_t.cpp
@ -73,8 +73,7 @@ void TestDebug()
    // set up an output file...use the temp file in test.h
-    std::string str = TEMP_DIR_N;
+    std::string str = TwTestPath("debug.out");
    str += "/debug.out";
 #ifdef DEBUG
    TEST(cDebug::SetOutputFile(str.c_str()));
--- a/src/twtest/fcocompare_t.cpp
+++ b/src/twtest/fcocompare_t.cpp
@ -62,18 +62,17 @@ static void PrintProps(const iFCO* pFCO)
 void TestFCOCompare()
 {
-    const TCHAR* FILE_NAME = TEMP_DIR _T("/dog.txt");
+    std::string filename = TwTestPath("dog.txt");
    const char*  FILE_NAME_N = TEMP_DIR_N "/dog.txt";
    cDebug d("TestFCOCompare");
    d.TraceDebug("Entering...\n");
    // first, create an fco to compare with...
-    TOFSTREAM fstr(FILE_NAME_N);
+    TOFSTREAM fstr(filename.c_str());
    if(fstr.bad())
    {
-        d.TraceError("Unable to create test file %s!\n", FILE_NAME);
+        d.TraceError("Unable to create test file %s!\n", filename.c_str());
        TEST(false);
        return;
    }
@ -83,7 +82,7 @@ void TestFCOCompare()
    // create the test FCO
    cFSDataSourceIter ds;
-    ds.SeekToFCO(cFCOName(FILE_NAME), false);
+    ds.SeekToFCO(cFCOName(filename), false);
    iFCO* pFCO = ds.CreateFCO();
    TEST(pFCO);
@ -110,10 +109,10 @@ void TestFCOCompare()
    // change the file...
    d.TraceDebug("Changing the file...\n");
-    fstr.open(FILE_NAME);
+    fstr.open(filename.c_str());
    if(fstr.bad())
    {
-        d.TraceError("Unable to reopen %s!\n", FILE_NAME_N);
+        d.TraceError("Unable to reopen %s!\n", filename.c_str());
        TEST(false);
        return;
    }
@ -123,7 +122,7 @@ void TestFCOCompare()
    //need a new data source iter, otherwise the existing FCO gets updated & you get a ref to it,
    // and the resulting FCOs always match.
    cFSDataSourceIter ds2;
-    ds2.SeekToFCO(cFCOName(FILE_NAME), false);
+    ds2.SeekToFCO(cFCOName(filename), false);
    iFCO* pFCO2 = ds2.CreateFCO();
    TEST(pFCO2);
    pFCO2->AcceptVisitor(&propCalc);
@ -137,7 +136,7 @@ void TestFCOCompare()
    //result.mPropVector.TraceContents();
    cFSDataSourceIter ds3;
-    ds3.SeekToFCO(cFCOName(FILE_NAME), false);
+    ds3.SeekToFCO(cFCOName(filename), false);
    // try testing properties that weren't calculated...
    d.TraceDebug("Comparing FCOs with different properties calculated\n");
    iFCO* pFCO3 = ds3.CreateFCO();
--- a/src/twtest/fcoreport_t.cpp
+++ b/src/twtest/fcoreport_t.cpp
@ -130,8 +130,9 @@ void TestFCOReport()
        d.TraceDebug("Before serializing report:\n");
        TraceReport(report, d);
        {
            std::string filepath = TwTestPath("tmp.twr");
            cFileArchive outFile;
-            outFile.OpenReadWrite(_T("tmp.twr"));
+            outFile.OpenReadWrite(filepath.c_str());
            cSerializerImpl outSer(outFile, cSerializerImpl::S_WRITE);
            outSer.Init();
@ -141,7 +142,7 @@ void TestFCOReport()
            outFile.Close();
            cFileArchive inFile;
-            inFile.OpenRead(_T("tmp.twr"));
+            inFile.OpenRead(filepath.c_str());
            cSerializerImpl inSer(inFile, cSerializerImpl::S_READ);
            cFCOReport inReport;
--- a/src/twtest/file_t.cpp
+++ b/src/twtest/file_t.cpp
@ -39,8 +39,7 @@
 void TestFile()
 {
-    TSTRING fileName = TEMP_DIR;
+    TSTRING fileName = TwTestPath("file_test.bin");
    fileName += _T("/file_test.bin");
    //Create a temporary file for testing:
    FILE* testStream;
--- a/src/twtest/fileutil_t.cpp
+++ b/src/twtest/fileutil_t.cpp
@ -49,8 +49,7 @@ using namespace std;
 void TestFileUtil()
 {
-    TSTRING source = TEMP_DIR;
+    TSTRING source = TwTestPath("copy_src");
    source += _T("/copy_src");
    //Create a temporary file for testing:
    FILE* testStream;
@ -64,8 +63,7 @@ void TestFileUtil()
    fwrite( testString.c_str(), sizeof(TCHAR), iTestStringLength, testStream );
    fclose( testStream );
-    TSTRING dest = TEMP_DIR;
+    TSTRING dest = TwTestPath("copy_dest");
    dest += "/copy_dest";
    TEST(cFileUtil::Copy(source, dest));
--- a/src/twtest/fspropcalc_t.cpp
+++ b/src/twtest/fspropcalc_t.cpp
@ -43,6 +43,8 @@
 #include <iostream>
 #include <fstream>
 #include <unistd.h>
 #include <fcntl.h>
 ///////////////////////////////////////////////////////////////////////////////
 // PrintProps -- prints out all the valid property names and values as pairs...
@ -67,8 +69,7 @@ void TestFSPropCalc()
 {
    cDebug d("TestFSPropCalc");
    cFSDataSourceIter ds;
-    TSTRING foo_bin = TEMP_DIR;
+    TSTRING foo_bin = TwTestPath("foo.bin");
    foo_bin.append("/foo.bin");
    //iFSServices* pFSServices = iFSServices::GetInstance();
@ -138,3 +139,20 @@ void TestFSPropCalc()
    return;
 }
 void TestGetSymLinkStr()
 {
    std::string file = TwTestPath("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
    std::string link = TwTestPath("linky");
    int fd = creat(file.c_str(), 0777);
    close(fd);
    symlink(file.c_str(), link.c_str());
    cMemoryArchive arch(1024*1024);
    TEST(cFSPropCalc::GetSymLinkStr(link, arch, 8));
    TEST(arch.Length() == (int64)file.size());
 }
--- a/src/twtest/fspropdisplayer_t.cpp
+++ b/src/twtest/fspropdisplayer_t.cpp
@ -127,6 +127,8 @@ void cTestFSPropDisplayer::Test()
        d.TraceDebug("\n");
    }
    delete pPD;
    delete pPDNew;
    return;
 }
--- a/src/twtest/fsspec_t.cpp
+++ b/src/twtest/fsspec_t.cpp
@ -73,9 +73,9 @@ void TestFCOSpecImpl()
    cFSDataSourceIter dataSrc;
    // test AllChildStopPoint fcos...
-    d.TraceDebug("Now testing a spec whose start point is the only thing it maps to (%s)\n", TEMP_DIR);
+    d.TraceDebug("Now testing a spec whose start point is the only thing it maps to (%s)\n", TwTestDir().c_str());
-    cFCOSpecImpl* pSpec2 = new cFCOSpecImpl(TEMP_DIR, &dataSrc, new cFCOSpecNoChildren);
+    cFCOSpecImpl* pSpec2 = new cFCOSpecImpl(TwTestDir(), &dataSrc, new cFCOSpecNoChildren);
-    pSpec2->SetStartPoint(cFCOName(TEMP_DIR));
+    pSpec2->SetStartPoint(cFCOName(TwTestDir()));
    dataSrc.SeekToFCO(pSpec2->GetStartPoint(), false);
    iFCO* pFCO = dataSrc.CreateFCO();
    TEST(pFCO);
--- a/src/twtest/keyfile_t.cpp
+++ b/src/twtest/keyfile_t.cpp
@ -109,16 +109,17 @@ void TestKeyFile()
        elGamal.ProcessBlock(ciphertext, recovered_text);
        TEST(memcmp(recovered_text, plaintext, elGamal.GetBlockSizePlain()) == 0);
        delete [] pMem;
    }
    // save to and read from disk
    d.TraceDebug("Read/Write to file...\n");
    {
-        keyfile.WriteFile(TEMP_DIR _T("/keyfile.key"));
+        keyfile.WriteFile(TwTestPath("keyfile.key").c_str());
        cKeyFile keyfile2;
        TEST(!keyfile2.KeysLoaded());
-        keyfile2.ReadFile(TEMP_DIR _T("/keyfile.key"));
+        keyfile2.ReadFile(TwTestPath("keyfile.key").c_str());
        TEST(keyfile2.KeysLoaded());
        cElGamalSig elGamal(*keyfile2.GetPublicKey());
--- a/src/twtest/refcountobj_t.cpp
+++ b/src/twtest/refcountobj_t.cpp
@ -66,7 +66,7 @@ cRefCountTestObj::~cRefCountTestObj()
        mChildren.pop_front();
    }
-    delete mpSomeMem;
+    delete [] mpSomeMem;
 }
 void cRefCountTestObj::AddChild(cRefCountTestObj* pChild)
--- a/src/twtest/serializerimpl_t.cpp
+++ b/src/twtest/serializerimpl_t.cpp
@ -119,7 +119,7 @@ void TestSerializerImpl()
    // writing
    {
        cFileArchive file;
-        file.OpenReadWrite(TEMP_DIR _T("/tmp.bin"));
+        file.OpenReadWrite(TwTestPath("tmp.bin").c_str());
        cSerializerImpl serializer(file, cSerializerImpl::S_WRITE);
        serializer.Init();
@ -127,16 +127,16 @@ void TestSerializerImpl()
        cSerializerTestObject testobj;
        testobj.Write(&serializer);
-        db.TraceAlways("    Writeing object 1...\n");
+        db.TraceAlways("    Writing object 1...\n");
        serializer.WriteObject(&testobj);
-        db.TraceAlways("    Writeing object 2...\n");
+        db.TraceAlways("    Writing object 2...\n");
        serializer.WriteObject(&testobj);
-        db.TraceAlways("    Writeing object 3...\n");
+        db.TraceAlways("    Writing object 3...\n");
        serializer.WriteObject(&testobj);
-        db.TraceAlways("    Writeing object 4...\n");
+        db.TraceAlways("    Writing object 4...\n");
        serializer.WriteObject(&testobj);
        serializer.Finit();
@ -145,7 +145,7 @@ void TestSerializerImpl()
    // reading
    {
        cFileArchive file;
-        file.OpenRead(TEMP_DIR _T("/tmp.bin"));
+        file.OpenRead(TwTestPath("tmp.bin").c_str());
        cSerializerImpl serializer(file, cSerializerImpl::S_READ);
        serializer.Init();
--- a/src/twtest/signature_t.cpp
+++ b/src/twtest/signature_t.cpp
@ -87,8 +87,7 @@ void TestSignature()
    //sha      : Oia1aljHD793tfj7M55tND+3OG/
    //haval    : BL6bFSo0EP5zf8lGSueeed
-    TSTRING sigFileName = TEMP_DIR;
+    TSTRING sigFileName = TwTestPath("signature_test.bin");
    sigFileName += TSTRING( _T("/signature_test.bin") );
    cFileArchive fileArc;
    fileArc.OpenReadWrite(sigFileName.c_str());
--- a/src/twtest/tchar_t.cpp
+++ b/src/twtest/tchar_t.cpp
@ -39,6 +39,8 @@
 #include "core/debug.h"
 #endif
 #include "test.h"
 TSTRING test_wost(int, const TSTRING&);
 void test_wist(const TSTRING&, cDebug& d);
@ -87,21 +89,21 @@ void TestTCHAR()
 //Testing file streams
    //explict constructors of 'TIFSTREAM' and "TOFSTREAM' take char*
-    const char* inputfile = "fun";
+    std::string inputfile = TwTestPath("fun");
-    const char* outputfile = "mo'fun";
+    std::string outputfile = TwTestPath("mo'fun");
    //Set up the input file.
    TOFSTREAM out;
-    out.open(inputfile, std::ios_base::out);
+    out.open(inputfile.c_str(), std::ios_base::out);
    out<<"Unicode is fun\n";
    out.close();
    TIFSTREAM from;
-    from.open(inputfile, std::ios_base::in);
+    from.open(inputfile.c_str(), std::ios_base::in);
    if(!from)
        d.TraceDetail("error opening input file\n");
-    TOFSTREAM to(outputfile, std::ios_base::trunc);
+    TOFSTREAM to(outputfile.c_str(), std::ios_base::trunc);
    if(!to)
        d.TraceDetail("error opening output file\n");
--- a/src/twtest/test.cpp
+++ b/src/twtest/test.cpp
@ -42,8 +42,6 @@
 #include "twparser/twparser.h"
 #include "tw/tw.h"
 #include "fco/fco.h"
 #include "fs/fs.h"
 #include "util/util.h"
@ -51,6 +49,7 @@
 #include "core/debug.h"
 #include "core/error.h"
 #include "core/twlocale.h"
 #include "core/fsservices.h"
 #include "test.h"
 #include "core/errorbucketimpl.h"
 #include "tw/twinit.h"
@ -62,6 +61,8 @@
 #include "db/blockrecordarray.h"
 #include "db/hierdatabase.h"
 #include <unistd.h>
 #include <sys/stat.h>
 // the test routines
 void TestFCOName();
@ -99,7 +100,7 @@ void TestTextReportViewer();
 void TestFCONameTbl();
 void TestConfigFile();
 void TestResources();
-
+void TestGetSymLinkStr();
 void TestPolicyParser();
 void TestFCOSpecHelper();
@ -187,7 +188,7 @@ static void Test(int testID)
        case 14: TestFCOPropVector(); break;
        case 15: TestFCOPropImpl(); break;
        case 16: TestFCOReport(); break;
-                
+        case 17: TestGetSymLinkStr(); break;
        case 18: TestFCOSetImpl(); break;
        case 19: TestFCOSpec(); break;
        case 20: TestFCOSpecAttr(); break;
@ -294,6 +295,31 @@ static void Test(int testID)
        TCERR << std::endl << "=== test ID #" << testID << " currently unused ===" << std::endl;
 }
 std::string TwTestDir()
 {
    static std::string dir;
    if(dir.empty())
    {
        iFSServices::GetInstance()->GetCurrentDir(dir);
        dir.append("/TWTestData");
        TCERR << "Using test directory: " << dir << std::endl;
        mkdir(dir.c_str(), 0777);
    }
    return dir;
 }
 std::string TwTestPath(const std::string& child)
 {
    std::stringstream sstr;
    sstr << TwTestDir();
    if (child[0] != '/')
        sstr << '/';
    sstr << child;
    return sstr.str();
 }
 ///////////////////////////////////////////////////////////////////////////////
 // cTest
 ///////////////////////////////////////////////////////////////////////////////
--- a/src/twtest/test.h
+++ b/src/twtest/test.h
@ -75,9 +75,9 @@ TSS_EndPackage( cTest )
                    } 
 ///////////////////////////////////////////////////////////////////////////////
-// Platform dependancies
+
-#define TEMP_DIR   _T("/tmp")
+std::string TwTestDir();
-#define TEMP_DIR_N "/tmp"
+std::string TwTestPath(const std::string& child);
 #endif // __TEST_H
--- a/src/twtest/textreportviewer_t.cpp
+++ b/src/twtest/textreportviewer_t.cpp
@ -380,7 +380,7 @@ void TestTextReportViewer()
            d.TraceDebug("Read in serialized report:\n");
            //TraceReport(inReport, d);
-            trv.PrintTextReport(TSTRING( TEMP_DIR _T( "/test2.txt" ) ) );
+            trv.PrintTextReport(TSTRING( TwTestPath("test2.txt" ) ) );
            //TODO: this does not work any more
            //trv.LaunchEditorOnFile( TSTRING( TEMP_DIR _T("/test2.txt") ), _T("") );
--- a/src/twtest/twutil_t.cpp
+++ b/src/twtest/twutil_t.cpp
@ -58,10 +58,8 @@ void TestTWUtil()
    // assuming the current dir is writable, this test should succeed
    TEST(cFileUtil::FileWritable(_T("afilethatdoesnotexist.tmp")) == true);
-    TSTRING tmpDir = TEMP_DIR;
+    TSTRING tmpDir = TwTestPath("fileexistdir");
-    tmpDir += _T("/fileexistdir");
+    TSTRING tmpFN = TwTestPath("fileexiststest.tmp");
    TSTRING tmpFN = tmpDir;
    tmpFN += _T("/fileexiststest.tmp");
    // make a subdir in the TEMP_DIR
    mkdir(tmpDir.c_str(), 0700);
@ -77,14 +75,14 @@ void TestTWUtil()
    TEST(cFileUtil::FileWritable(tmpFN) == true)
    TEST(cFileUtil::FileExists(tmpFN) == false);
    // make the dir read only and make sure write tests false
    // windows fails this test, perhaps because I am an administrator?
    chmod(tmpDir.c_str(), 0500);
    bool is_root = (0 == getuid());
-    TEST(cFileUtil::FileWritable(tmpFN) == is_root);
+    // make the dir read only and make sure write tests false
-
+    // windows fails this test, perhaps because I am an administrator?
-    chmod(tmpDir.c_str(), 0700);
+//  chmod(tmpDir.c_str(), 0500);
 //  TODO - is this valid now that we don't use /tmp?
 //  TEST(cFileUtil::FileWritable(tmpFN) == is_root);
 //  chmod(tmpDir.c_str(), 0700);
    // create the file
    {
--- a/src/twtest/unixfsservices_t.cpp
+++ b/src/twtest/unixfsservices_t.cpp
@ -54,9 +54,9 @@ void TestUnixFSServices()
    iFSServices* pFSServices = iFSServices::GetInstance();
    // working primarily with the temp dir.
-    cFCOName name(_T("/tmp"));  
+    cFCOName name(TwTestDir());
-    // Check to make sure /tmp is a dir
+    // Check to make sure test dir is a dir
    //TEST(pFSServices->GetFileType(name) == cFSStatArgs::TY_DIR);
    // get directory contents (test readdir)
@ -80,7 +80,7 @@ void TestUnixFSServices()
    cFSStatArgs stat;
    //TO DO: use archive to create this file
-    TSTRING testfile = "/tmp/tmp.tmp";
+    TSTRING testfile = TwTestPath("tmp.tmp");
    cFileArchive filearch;
    filearch.OpenReadWrite(testfile.c_str());
    filearch.Seek(0, cBidirArchive::BEGINNING);
@ -150,21 +150,9 @@ void TestUnixFSServices()
    // test Rename
    d.TraceDetail("Testing Rename:\n");
-    TSTRING newtestfile = _T("/tmp/new.tmp");
+    TSTRING newtestfile = TwTestPath("new.tmp");
    TEST( pFSServices->Rename( testfile, newtestfile ) );
    // test GetOwnerForFile
    d.TraceDetail("Testing GetOwnerForFile:\n");
    TSTRING ownername;
    TEST( pFSServices->GetOwnerForFile( newtestfile, ownername ) );
    d.TraceDetail("GetOwnerForFile returned owner %s.\n", ownername.c_str());
    // test GetGroupForFile
    d.TraceDetail("Testing GetGroupForFile:\n");
    TSTRING groupname;
    TEST( pFSServices->GetGroupForFile( newtestfile, groupname ) );
    d.TraceDetail("GetGroupForFile returned group %s.\n", groupname.c_str());
    // test FileDelete
    d.TraceDetail("Testing FileDelete:\n");
    TEST( pFSServices->FileDelete( newtestfile ) );