trust_router.git
15 months agoUse json_is_true() in place of json_boolean_value() for compatibility master v3.4.0
Jennifer Richards [Tue, 5 Jun 2018 16:37:25 +0000 (12:37 -0400)]
Use json_is_true() in place of json_boolean_value() for compatibility

15 months agoBump version to 4.3.0, ABI to 4:2:2 3.4.0
Jennifer Richards [Sat, 2 Jun 2018 02:31:47 +0000 (22:31 -0400)]
Bump version to 4.3.0, ABI to 4:2:2

15 months agoMerge pull request #100 from painless-security/milestone/monitoring
Jennifer Richards [Sat, 2 Jun 2018 02:23:01 +0000 (22:23 -0400)]
Merge pull request #100 from painless-security/milestone/monitoring

Merge milestone/monitoring into master in preparation for release

15 months agoRemove remnant of debug code that was accidentally committed
Jennifer Richards [Sat, 2 Jun 2018 00:23:12 +0000 (20:23 -0400)]
Remove remnant of debug code that was accidentally committed

15 months agoAllow "last_connection_attempt" field to be omitted in peer JSON
Jennifer Richards [Sat, 2 Jun 2018 00:19:49 +0000 (20:19 -0400)]
Allow "last_connection_attempt" field to be omitted in peer JSON

15 months agoMerge branch 'milestone/monitoring' of https://github.com/painless-security/trust...
Jennifer Richards [Fri, 1 Jun 2018 21:04:28 +0000 (17:04 -0400)]
Merge branch 'milestone/monitoring' of https://github.com/painless-security/trust-router into milestone/monitoring

15 months agoEmit error message in configure for more missing libraries
Jennifer Richards [Fri, 1 Jun 2018 21:03:20 +0000 (21:03 +0000)]
Emit error message in configure for more missing libraries

15 months agoUse cast instead of talloc_get_type_abort for stack-allocated data
Jennifer Richards [Fri, 1 Jun 2018 21:01:31 +0000 (17:01 -0400)]
Use cast instead of talloc_get_type_abort for stack-allocated data

15 months agoEmit error message in configure if libevent is missing
Jennifer Richards [Fri, 1 Jun 2018 20:55:43 +0000 (20:55 +0000)]
Emit error message in configure if libevent is missing

15 months agoRefactor MON_CMD and MON_OPT_TYPE conversion to/from strings
Jennifer Richards [Fri, 1 Jun 2018 20:43:24 +0000 (16:43 -0400)]
Refactor MON_CMD and MON_OPT_TYPE conversion to/from strings

Use a table in place of ad hoc switch statements, hopefully this is
less effort to maintain.

15 months agoMerge pull request #99 from painless-security/jennifer/count_failed_reqs
Jennifer Richards [Fri, 1 Jun 2018 19:58:49 +0000 (15:58 -0400)]
Merge pull request #99 from painless-security/jennifer/count_failed_reqs

Return separate counts of TID reqs that succeed and result in error

15 months agoReduce priority on a couple non-essential log messages
Jennifer Richards [Fri, 1 Jun 2018 19:58:28 +0000 (15:58 -0400)]
Reduce priority on a couple non-essential log messages

15 months agoSet read timeout to 60 seconds instead of 60 ms (smh)
Jennifer Richards [Fri, 1 Jun 2018 19:39:56 +0000 (15:39 -0400)]
Set read timeout to 60 seconds instead of 60 ms (smh)

15 months agoReturn NULL rather than an invalid pointer on failure
Jennifer Richards [Fri, 1 Jun 2018 19:02:17 +0000 (15:02 -0400)]
Return NULL rather than an invalid pointer on failure

15 months agoFix misleading indentation
Jennifer Richards [Fri, 1 Jun 2018 19:00:42 +0000 (15:00 -0400)]
Fix misleading indentation

15 months agoAdd a timeout to ReadBuffer() method
Jennifer Richards [Fri, 1 Jun 2018 18:41:02 +0000 (14:41 -0400)]
Add a timeout to ReadBuffer() method

15 months agoReturn separate counts of TID reqs that succeed and result in error
Jennifer Richards [Fri, 1 Jun 2018 18:36:55 +0000 (14:36 -0400)]
Return separate counts of TID reqs that succeed and result in error

  * Pass result codes back from req callbacks for tr_gss connections
  * Separately count TID responses and TID error responses
  * Add monitoring handlers for the error response
  * Rename monitoring option #defines to better match the string names
  * Add more TR_GSS_RC codes
  * Update trmon documentation string

15 months agoReturn nonzero exit code (specifically, 2) when a tidc req fails
Jennifer Richards [Fri, 1 Jun 2018 17:50:19 +0000 (13:50 -0400)]
Return nonzero exit code (specifically, 2) when a tidc req fails

15 months agoChange monitoring_port -> mons_port where it was missed in a merge
Jennifer Richards [Fri, 1 Jun 2018 15:03:28 +0000 (11:03 -0400)]
Change monitoring_port -> mons_port where it was missed in a merge

15 months agoMerge pull request #92 from painless-security/jennifer/reduce_logging
Mark Donnelly [Fri, 1 Jun 2018 13:34:51 +0000 (09:34 -0400)]
Merge pull request #92 from painless-security/jennifer/reduce_logging

Reduce logging during connection accept and validate internal configuration

15 months agoReturn NULL when tr_cfg_parse_one_apc() fails
Jennifer Richards [Fri, 1 Jun 2018 00:46:07 +0000 (20:46 -0400)]
Return NULL when tr_cfg_parse_one_apc() fails

15 months agoLet's try again on the build number tagging
Jennifer Richards [Thu, 31 May 2018 19:30:06 +0000 (15:30 -0400)]
Let's try again on the build number tagging

15 months agoAdd a build_tag parameter to the version in the RPM spec file
Jennifer Richards [Thu, 31 May 2018 19:22:45 +0000 (15:22 -0400)]
Add a build_tag parameter to the version in the RPM spec file

This is to allow Jenkins to add a build number so we don't have
to muck about with the spec file

15 months agoAdd help to the trmon utility
Jennifer Richards [Thu, 31 May 2018 18:56:50 +0000 (14:56 -0400)]
Add help to the trmon utility

15 months agoFix handling of errors with strtol(), factor out port parsing
Jennifer Richards [Thu, 31 May 2018 17:23:10 +0000 (13:23 -0400)]
Fix handling of errors with strtol(), factor out port parsing

  * Set errno to 0 before calling strtol()
  * Fix warnings in gssconn_{server,client}.c
  * Add tr_parse_port() to tr_inet_util.[ch] and use throughout the
    codebase for parsing port numbers

15 months agoUpdate RPM example cfg files to include monitoring and serial_number
Jennifer Richards [Wed, 30 May 2018 14:51:15 +0000 (10:51 -0400)]
Update RPM example cfg files to include monitoring and serial_number

15 months agoMerge pull request #86 from painless-security/jennifer/aaa_server_port
Jennifer Richards [Wed, 30 May 2018 05:07:02 +0000 (01:07 -0400)]
Merge pull request #86 from painless-security/jennifer/aaa_server_port

Allow configurable TID and TRP ports

15 months agoWork with new hostname parsing and improve error reports
Jennifer Richards [Wed, 30 May 2018 05:00:21 +0000 (01:00 -0400)]
Work with new hostname parsing and improve error reports

  * Use the new tr_parse_host() function
  * Output more useful errors when parsing aaa servers
  * Update Makefile.am

15 months agoRefactor host validation and parsing, move methods out of tr_util.[ch]
Jennifer Richards [Wed, 30 May 2018 04:58:13 +0000 (00:58 -0400)]
Refactor host validation and parsing, move methods out of tr_util.[ch]

  * Limit hostname validation to avoiding ambiguity about whether a port
    is part of the string
  * Refactor hostname/port parsing
    - new function is tr_parse_host() in tr_inet_util.c
    - handles both hostname and port
    - works with strings, not TR_NAME
  * Move hostname related methods out of tr_util.c

Changes to make the rest of the codebase work with these updates will be
in the next commit.

15 months agoSet trust router port in trp_inforec_set_trust_router()
Jennifer Richards [Wed, 30 May 2018 04:54:35 +0000 (00:54 -0400)]
Set trust router port in trp_inforec_set_trust_router()

15 months agoAdd internet address/hostname validators in tr_inet_util.[ch]
Jennifer Richards [Wed, 30 May 2018 00:40:26 +0000 (20:40 -0400)]
Add internet address/hostname validators in tr_inet_util.[ch]

15 months agoAdd accidentally omitted 'port' parameter to error messages
Jennifer Richards [Tue, 29 May 2018 19:24:47 +0000 (15:24 -0400)]
Add accidentally omitted 'port' parameter to error messages

15 months agoValidate internal configuration more thoroughly
Jennifer Richards [Tue, 29 May 2018 19:07:55 +0000 (15:07 -0400)]
Validate internal configuration more thoroughly

15 months agoReduce logging priority while accepting connections
Jennifer Richards [Tue, 29 May 2018 18:12:29 +0000 (14:12 -0400)]
Reduce logging priority while accepting connections

This will help address #89 by eliminating messages logged with "err"
priority before a connection is accepted.

15 months agoCorrectly set peer when an update is received
Jennifer Richards [Fri, 25 May 2018 18:45:27 +0000 (14:45 -0400)]
Correctly set peer when an update is received

15 months agoUse hostname:port format for specifying peer addresses
Jennifer Richards [Fri, 25 May 2018 17:33:45 +0000 (13:33 -0400)]
Use hostname:port format for specifying peer addresses

Drop the old "port" key for consistency with other handling of ports.

15 months agoFix bug in tr_parse_port()
Jennifer Richards [Fri, 25 May 2018 17:32:50 +0000 (13:32 -0400)]
Fix bug in tr_parse_port()

15 months agoAdd signed integer parser to eliminate compiler errors
Jennifer Richards [Fri, 25 May 2018 16:49:25 +0000 (12:49 -0400)]
Add signed integer parser to eliminate compiler errors

15 months agoUse our hostname/TID port when sending a request, not our next_hop
Jennifer Richards [Fri, 25 May 2018 15:59:57 +0000 (11:59 -0400)]
Use our hostname/TID port when sending a request, not our next_hop

Before this, we set the next_hop to ourselves for local routes, then
simply forwarded the next_hop to our peers in update messages. That is
incorrect - we need to fill in our own hostname/TID port every time, not
send the next_hop we forward to.

Also fixes a few port name / signed int changes that really belonged in
the previous commit.

15 months agoNormalize port naming (tids_, trps_, and mons_port) and use signed int
Jennifer Richards [Fri, 25 May 2018 15:57:51 +0000 (11:57 -0400)]
Normalize port naming (tids_, trps_, and mons_port) and use signed int

This cleans up the port names in various functions and data structures.
Tries to get rid of ambiguous "port" fields. A few changes will be in
the next commit which has some functional updates as well.

15 months agoCopy TID and TRP ports from inforec when accepting a route update
Jennifer Richards [Fri, 25 May 2018 00:18:20 +0000 (20:18 -0400)]
Copy TID and TRP ports from inforec when accepting a route update

15 months agoSupport non-default TRP and TID ports
Jennifer Richards [Thu, 24 May 2018 22:30:11 +0000 (18:30 -0400)]
Support non-default TRP and TID ports

  * Include trust_router and next_hop ports in inforecs, routes, and
    update msgs
    - affects encoders and decoders
    - use next_hop from the inforec instead of assuming it is the
      peer's server address
    - default next_hop to the trust_router for backward compatibility
    - default both ports to the standard well-known ports if not given
  * fill in local routes with our hostname/port
    - no longer permit empty next_hop fields
  * Update filter handlers
    - handle next_hop field
    - use hostname:port format (or just hostname with default port)
    - handle next_hop field
  * Keep track of AAA server ports
  * Be more careful with tr_msg JSON helper return values
  * Use tr_name_strdup() to avoid ad hoc conversion from name to string
  * Use signed int as port to allow -1 as an invalid port indicator
  * Remove now-obsolete tr_aaa_server_from_name() function

15 months agoFactor out hostname parsing for reuse
Jennifer Richards [Thu, 24 May 2018 21:01:44 +0000 (17:01 -0400)]
Factor out hostname parsing for reuse

15 months agoFix typo, reorder methods in tr_aaa_server.c
Jennifer Richards [Thu, 24 May 2018 18:05:39 +0000 (14:05 -0400)]
Fix typo, reorder methods in tr_aaa_server.c

15 months agoFix a leftover use of the old TR_AAA_SERVER structure
Jennifer Richards [Thu, 24 May 2018 18:01:14 +0000 (14:01 -0400)]
Fix a leftover use of the old TR_AAA_SERVER structure

15 months agoUse the port configured for a AAA server instead of assuming TID_PORT
Jennifer Richards [Thu, 24 May 2018 18:00:56 +0000 (14:00 -0400)]
Use the port configured for a AAA server instead of assuming TID_PORT

  * Pass TR_AAA_SERVER instead of hostname to TIDS forward threads
  * Use the port set for the TR_AAA_SERVER instead of TID_PORT

15 months agoParse hostname/port for AAA server addresses
Jennifer Richards [Thu, 24 May 2018 17:34:20 +0000 (13:34 -0400)]
Parse hostname/port for AAA server addresses

  * Add methods to create a TR_AAA_SERVER from a hostname:port string
    - also a version starting from a TR_NAME, which is a bit of a
      misuse of the TR_NAME
  * Update code to use the new methods instead
  * tr_aaa_server_new() no longer sets the hostname
  * tr_aaa_server_set_port() only uses default port when port == 0,
    otherwise allows any value
  * refactor tr_cfg_parse_one_aaa_server() to better use talloc
  * Raise error in tr_tids_req_handler() if AAA server allocation fails

15 months agoMove AAA server methods out of tr_idp.[ch] into their own files
Jennifer Richards [Thu, 24 May 2018 15:43:31 +0000 (11:43 -0400)]
Move AAA server methods out of tr_idp.[ch] into their own files

  * Create tr_aaa_server.[ch], move methods out of tr_idp.[ch]
    - Existing methods unchanged
  * Add port to TR_AAA_SERVER
  * Add get/set methods for hostname/port
  * Update makefiles

15 months agoAdd last few missing headers and clean up the order of the list
Jennifer Richards [Wed, 23 May 2018 20:41:26 +0000 (16:41 -0400)]
Add last few missing headers and clean up the order of the list

15 months agoA few more forgotten headers in make dist
Jennifer Richards [Wed, 23 May 2018 20:26:52 +0000 (16:26 -0400)]
A few more forgotten headers in make dist

15 months agoAdd headers left out of make dist
Jennifer Richards [Wed, 23 May 2018 20:22:16 +0000 (16:22 -0400)]
Add headers left out of make dist

15 months agoBump version in trust_router.spec to match configure.ac
Jennifer Richards [Wed, 23 May 2018 19:56:04 +0000 (15:56 -0400)]
Bump version in trust_router.spec to match configure.ac

15 months agoEnsure the m4 directory exists so that autoreconf doesn't complain
Jennifer Richards [Wed, 23 May 2018 19:47:36 +0000 (15:47 -0400)]
Ensure the m4 directory exists so that autoreconf doesn't complain

  * Add a throwaway hidden file so git creates the directory
  * Add an exception in .gitignore so this file is not ignored

16 months agoPrevent core dumps on intentional mons/tids subprocess abort()
Jennifer Richards [Thu, 10 May 2018 16:15:06 +0000 (12:15 -0400)]
Prevent core dumps on intentional mons/tids subprocess abort()

Uses setrlimit() to set the core size limit to 0 for the subprocess
immediately before aborting.

16 months agoAbort instead of exit from forked tids and mons subprocesses
Jennifer Richards [Tue, 8 May 2018 17:01:31 +0000 (13:01 -0400)]
Abort instead of exit from forked tids and mons subprocesses

16 months agoUse the the peer table iterator correctly
Jennifer Richards [Mon, 7 May 2018 21:29:48 +0000 (17:29 -0400)]
Use the the peer table iterator correctly

16 months agoValidate whether peer gss name is non-null before duplicating it
Jennifer Richards [Mon, 7 May 2018 20:20:17 +0000 (16:20 -0400)]
Validate whether peer gss name is non-null before duplicating it

16 months agoFix Makefile.am for t_constraint so "make check" succeeds
Jennifer Richards [Mon, 7 May 2018 19:04:41 +0000 (15:04 -0400)]
Fix Makefile.am for t_constraint so "make check" succeeds

16 months agoMerge pull request #82 from painless-security/jennifer/pull_req_feedback
Jennifer Richards [Mon, 7 May 2018 18:48:22 +0000 (14:48 -0400)]
Merge pull request #82 from painless-security/jennifer/pull_req_feedback

Incorporate feedback from monitoring code reviews

16 months agoRename TID count options to show
Jennifer Richards [Mon, 7 May 2018 18:48:05 +0000 (14:48 -0400)]
Rename TID count options to show

  * tid_req_count -> tid_reqs_processed
  * tid_req_pending -> tid_reqs_pending
  * tid_req_error_count -> tid_error_count

16 months agoRemove unsupported 'reconfigure' monitoring command
Jennifer Richards [Mon, 7 May 2018 18:37:57 +0000 (14:37 -0400)]
Remove unsupported 'reconfigure' monitoring command

16 months agoInclude trmon in RPM, nudge version to 3.4.0~2
Jennifer Richards [Mon, 7 May 2018 18:20:10 +0000 (14:20 -0400)]
Include trmon in RPM, nudge version to 3.4.0~2

16 months agoMiscellaneous minor code cleanup for MRW's review comments
Jennifer Richards [Mon, 7 May 2018 18:11:43 +0000 (14:11 -0400)]
Miscellaneous minor code cleanup for MRW's review comments

  * Remove generation of DH in trmon.c, it's not needed
  * Check return value of mon_req_add_option() in a few places it had
    been ignored
  * Spell out "Trust Router" in trmon version/help description
  * Rename _decode -> _encode after a copy/paste
  * Fix a few incorrect comments describing file contents
  * Fix function name in debug messages in tr_cfg_parse_config_files()
  * Include glib.h instead of gmodule.h in a few files

16 months agoMove repeated #defines into tr_json_util.h and add documentation
Jennifer Richards [Mon, 7 May 2018 18:06:43 +0000 (14:06 -0400)]
Move repeated #defines into tr_json_util.h and add documentation

16 months agoMove DH record from TR_GSSC_INSTANCE to TIDC_INSTANCE, where it belongs
Jennifer Richards [Mon, 7 May 2018 17:45:51 +0000 (13:45 -0400)]
Move DH record from TR_GSSC_INSTANCE to TIDC_INSTANCE, where it belongs

16 months agoTreat TID req as error if a response is not sent
Jennifer Richards [Mon, 7 May 2018 17:24:19 +0000 (13:24 -0400)]
Treat TID req as error if a response is not sent

  * Return an error code from tr_gss_handle_connection()
  * When TID process terminates, send "OK" or "ERR" over the pipe
  * Refactor handling of the TID fork() and messaging

16 months agoUpdate a tr_mq_msg_new() call that slipped through with a msg priority
Jennifer Richards [Mon, 7 May 2018 16:16:15 +0000 (12:16 -0400)]
Update a tr_mq_msg_new() call that slipped through with a msg priority

16 months agoMerge pull request #81 from painless-security/jennifer/no_mq_priorities
Jennifer Richards [Mon, 7 May 2018 16:05:44 +0000 (12:05 -0400)]
Merge pull request #81 from painless-security/jennifer/no_mq_priorities

Remove TR_MQ message priorities

16 months agoMerge branch 'milestone/monitoring' into jennifer/no_mq_priorities
Jennifer Richards [Mon, 7 May 2018 16:05:23 +0000 (12:05 -0400)]
Merge branch 'milestone/monitoring' into jennifer/no_mq_priorities

16 months agoMerge pull request #79 from painless-security/jennifer/memory_leaks
mrw42 [Fri, 4 May 2018 20:59:05 +0000 (16:59 -0400)]
Merge pull request #79 from painless-security/jennifer/memory_leaks

Clean up several memory leaks detected by valgrind

16 months agoMerge pull request #76 from painless-security/jennifer/trpc_deadlock
mrw42 [Fri, 4 May 2018 20:58:06 +0000 (16:58 -0400)]
Merge pull request #76 from painless-security/jennifer/trpc_deadlock

Eliminate deadlock in TRPC messaging queueing

16 months agoMerge pull request #72 from painless-security/jennifer/peer_label_for_updates
mrw42 [Fri, 4 May 2018 19:05:56 +0000 (15:05 -0400)]
Merge pull request #72 from painless-security/jennifer/peer_label_for_updates

Use peer labels instead of GSS names when considering updates

16 months agoMerge pull request #74 from painless-security/jennifer/set_realm_apcs
mrw42 [Fri, 4 May 2018 19:04:10 +0000 (15:04 -0400)]
Merge pull request #74 from painless-security/jennifer/set_realm_apcs

Handle APC correctly when a realm is discovered from an APC community update

16 months agoMerge pull request #73 from painless-security/jennifer/expire_utc
mrw42 [Fri, 4 May 2018 19:01:37 +0000 (15:01 -0400)]
Merge pull request #73 from painless-security/jennifer/expire_utc

Report expiration times in UTC instead of local time

16 months agoMerge pull request #61 from painless-security/jennifer/request_id
mrw42 [Fri, 4 May 2018 19:00:24 +0000 (15:00 -0400)]
Merge pull request #61 from painless-security/jennifer/request_id

Add a 'request_id' to TID requests and responses

16 months agoMerge pull request #62 from painless-security/jennifer/report_incoming_ipaddr
mrw42 [Fri, 4 May 2018 18:50:16 +0000 (14:50 -0400)]
Merge pull request #62 from painless-security/jennifer/report_incoming_ipaddr

Report incoming IP address when a connection comes in

16 months agoCorrect a comment
Jennifer Richards [Thu, 3 May 2018 21:36:30 +0000 (17:36 -0400)]
Correct a comment

16 months agoMerge remote-tracking branch 'github/milestone/monitoring' into jennifer/request_id
Jennifer Richards [Thu, 3 May 2018 21:11:19 +0000 (17:11 -0400)]
Merge remote-tracking branch 'github/milestone/monitoring' into jennifer/request_id

16 months agoMerge branch 'milestone/monitoring' into jennifer/request_id
Jennifer Richards [Thu, 3 May 2018 20:50:54 +0000 (16:50 -0400)]
Merge branch 'milestone/monitoring' into jennifer/request_id

# Conflicts:
# include/trust_router/tid.h
# tid/tidc.c
# tr/tr_tid.c

16 months agoMerge pull request #59 from painless-security/jennifer/datastructures
mrw42 [Thu, 3 May 2018 20:42:46 +0000 (16:42 -0400)]
Merge pull request #59 from painless-security/jennifer/datastructures

Replace fixed length arrays with dynamic lists

16 months agoMerge pull request #48 from painless-security/jennifer/monitoring
mrw42 [Thu, 3 May 2018 20:13:15 +0000 (16:13 -0400)]
Merge pull request #48 from painless-security/jennifer/monitoring

Monitoring interface and back end support (pull request 10)

16 months agoMerge pull request #57 from painless-security/jennifer/show_rp_clients
mrw42 [Thu, 3 May 2018 20:11:35 +0000 (16:11 -0400)]
Merge pull request #57 from painless-security/jennifer/show_rp_clients

Add show rp_clients command (pull request 9)

16 months agoMerge pull request #56 from painless-security/jennifer/show_realms
mrw42 [Thu, 3 May 2018 20:10:13 +0000 (16:10 -0400)]
Merge pull request #56 from painless-security/jennifer/show_realms

Add show realms command (pull request 8)

16 months agoMerge pull request #55 from painless-security/jennifer/show_communities
mrw42 [Thu, 3 May 2018 20:09:12 +0000 (16:09 -0400)]
Merge pull request #55 from painless-security/jennifer/show_communities

Add show communities command (pull request 7)

16 months agoMerge pull request #54 from painless-security/jennifer/show_peers
mrw42 [Thu, 3 May 2018 20:08:08 +0000 (16:08 -0400)]
Merge pull request #54 from painless-security/jennifer/show_peers

Add the show peers command (pull request 6)

16 months agoMerge pull request #53 from painless-security/jennifer/show_routes
mrw42 [Thu, 3 May 2018 20:07:11 +0000 (16:07 -0400)]
Merge pull request #53 from painless-security/jennifer/show_routes

Add show routes message support (pull request 5)

16 months agoMerge pull request #52 from painless-security/jennifer/subprocess_status
mrw42 [Thu, 3 May 2018 20:05:51 +0000 (16:05 -0400)]
Merge pull request #52 from painless-security/jennifer/subprocess_status

Report whether TID requests succeed and better clean up zombie TID / MON processes (pull request 4)

16 months agoMerge pull request #51 from painless-security/jennifer/monitoring_client_and_server
mrw42 [Thu, 3 May 2018 20:03:15 +0000 (16:03 -0400)]
Merge pull request #51 from painless-security/jennifer/monitoring_client_and_server

First functioning monitoring client/server (pull request 3)

16 months agoMerge pull request #50 from painless-security/jennifer/refactoring_tids
mrw42 [Thu, 3 May 2018 20:02:05 +0000 (16:02 -0400)]
Merge pull request #50 from painless-security/jennifer/refactoring_tids

TID refactoring (pull request 2)

16 months agoMerge pull request #49 from painless-security/jennifer/mon_msg_encoders
mrw42 [Thu, 3 May 2018 20:00:42 +0000 (16:00 -0400)]
Merge pull request #49 from painless-security/jennifer/mon_msg_encoders

Add encoders for monitoring messages (pull request 1)

16 months agoEliminate message priority from TR_MQ / TR_MQ_MSG
Jennifer Richards [Thu, 3 May 2018 13:16:08 +0000 (09:16 -0400)]
Eliminate message priority from TR_MQ / TR_MQ_MSG

This was an unnecessary feature that had caused several bugs, most
recently #80. Rather than debug that, this removes the priorities,
returning to a simple queue.

16 months agoDo not allocate return array if there are no return values
Jennifer Richards [Wed, 2 May 2018 22:11:29 +0000 (18:11 -0400)]
Do not allocate return array if there are no return values

Calling talloc_array() with length 0 still allocates memory to track
the zero-length chunk. Return NULL because that is what we mean.

16 months agoRemove unused variable
Jennifer Richards [Wed, 2 May 2018 21:49:05 +0000 (17:49 -0400)]
Remove unused variable

16 months agoFree GSS service name after a failed incoming connection
Jennifer Richards [Wed, 2 May 2018 21:24:50 +0000 (17:24 -0400)]
Free GSS service name after a failed incoming connection

16 months agoFix memory leak when setting next hop for community inforecs
Jennifer Richards [Wed, 2 May 2018 14:31:03 +0000 (10:31 -0400)]
Fix memory leak when setting next hop for community inforecs

  * Return TRP_UNSUPPORTED when setting next hop on an inforec that
    does not accept it (i.e., community inforecs)
  * Free the next hop TR_NAME if it was not stored

16 months agoFix memory leak in gsscon_connect()
Jennifer Richards [Wed, 2 May 2018 14:29:36 +0000 (10:29 -0400)]
Fix memory leak in gsscon_connect()

  * Check for failure to allocate service name
  * Free input name after importing to GSS

16 months agoRemove last remnants of old trpc thread exit protocol, clear trpc queue
Jennifer Richards [Tue, 1 May 2018 19:36:33 +0000 (15:36 -0400)]
Remove last remnants of old trpc thread exit protocol, clear trpc queue

  * Remove the shutting_down status in the TRPC_INSTANCE
  * Clear the TRPC message queue after failed connections
  * Add a few comments

16 months agoEliminate deadlock in trpc message handling
Jennifer Richards [Tue, 1 May 2018 17:49:24 +0000 (13:49 -0400)]
Eliminate deadlock in trpc message handling

  * Remove notify_cb for the trpc thread's TR_MQ
  * Use trpc_mq_pop() directly in the tr_trpc_thread() instead of
    trying to empty the queue every time
  * Eliminate the complicated thread shutdown protocol needed to avoid
    invalid accesses to data allocated in tr_trpc_thread()

This eliminates a deadlock that was possible due to misuse of the
callback mutex in conjunction with the TR_MQ mutex.

16 months agoFix JSON reference counting errors
Jennifer Richards [Mon, 30 Apr 2018 17:12:41 +0000 (13:12 -0400)]
Fix JSON reference counting errors

16 months agoSet APC correctly for community updates, reject routes for non-APC comms
Jennifer Richards [Mon, 30 Apr 2018 17:07:46 +0000 (13:07 -0400)]
Set APC correctly for community updates, reject routes for non-APC comms

When an APC community update is received, the "apcs" list is empty. The
APC for any realms described by that update should be the APC community
itself.

Also, the trust router previously accepted any realm/community pairs for
routing. That should have been APC communities only.

Finally, this also prevents configuring multiple communities with the
same ID.