trust_router.git
3 years agoUse json_is_true() in place of json_boolean_value() for compatibility master v3.4.0
Jennifer Richards [Tue, 5 Jun 2018 16:37:25 +0000 (12:37 -0400)]
Use json_is_true() in place of json_boolean_value() for compatibility

3 years agoBump version to 4.3.0, ABI to 4:2:2 3.4.0
Jennifer Richards [Sat, 2 Jun 2018 02:31:47 +0000 (22:31 -0400)]
Bump version to 4.3.0, ABI to 4:2:2

3 years agoMerge pull request #100 from painless-security/milestone/monitoring
Jennifer Richards [Sat, 2 Jun 2018 02:23:01 +0000 (22:23 -0400)]
Merge pull request #100 from painless-security/milestone/monitoring

Merge milestone/monitoring into master in preparation for release

3 years agoRemove remnant of debug code that was accidentally committed
Jennifer Richards [Sat, 2 Jun 2018 00:23:12 +0000 (20:23 -0400)]
Remove remnant of debug code that was accidentally committed

3 years agoAllow "last_connection_attempt" field to be omitted in peer JSON
Jennifer Richards [Sat, 2 Jun 2018 00:19:49 +0000 (20:19 -0400)]
Allow "last_connection_attempt" field to be omitted in peer JSON

3 years agoMerge branch 'milestone/monitoring' of https://github.com/painless-security/trust...
Jennifer Richards [Fri, 1 Jun 2018 21:04:28 +0000 (17:04 -0400)]
Merge branch 'milestone/monitoring' of https://github.com/painless-security/trust-router into milestone/monitoring

3 years agoEmit error message in configure for more missing libraries
Jennifer Richards [Fri, 1 Jun 2018 21:03:20 +0000 (21:03 +0000)]
Emit error message in configure for more missing libraries

3 years agoUse cast instead of talloc_get_type_abort for stack-allocated data
Jennifer Richards [Fri, 1 Jun 2018 21:01:31 +0000 (17:01 -0400)]
Use cast instead of talloc_get_type_abort for stack-allocated data

3 years agoEmit error message in configure if libevent is missing
Jennifer Richards [Fri, 1 Jun 2018 20:55:43 +0000 (20:55 +0000)]
Emit error message in configure if libevent is missing

3 years agoRefactor MON_CMD and MON_OPT_TYPE conversion to/from strings
Jennifer Richards [Fri, 1 Jun 2018 20:43:24 +0000 (16:43 -0400)]
Refactor MON_CMD and MON_OPT_TYPE conversion to/from strings

Use a table in place of ad hoc switch statements, hopefully this is
less effort to maintain.

3 years agoMerge pull request #99 from painless-security/jennifer/count_failed_reqs
Jennifer Richards [Fri, 1 Jun 2018 19:58:49 +0000 (15:58 -0400)]
Merge pull request #99 from painless-security/jennifer/count_failed_reqs

Return separate counts of TID reqs that succeed and result in error

3 years agoReduce priority on a couple non-essential log messages
Jennifer Richards [Fri, 1 Jun 2018 19:58:28 +0000 (15:58 -0400)]
Reduce priority on a couple non-essential log messages

3 years agoSet read timeout to 60 seconds instead of 60 ms (smh)
Jennifer Richards [Fri, 1 Jun 2018 19:39:56 +0000 (15:39 -0400)]
Set read timeout to 60 seconds instead of 60 ms (smh)

3 years agoReturn NULL rather than an invalid pointer on failure
Jennifer Richards [Fri, 1 Jun 2018 19:02:17 +0000 (15:02 -0400)]
Return NULL rather than an invalid pointer on failure

3 years agoFix misleading indentation
Jennifer Richards [Fri, 1 Jun 2018 19:00:42 +0000 (15:00 -0400)]
Fix misleading indentation

3 years agoAdd a timeout to ReadBuffer() method
Jennifer Richards [Fri, 1 Jun 2018 18:41:02 +0000 (14:41 -0400)]
Add a timeout to ReadBuffer() method

3 years agoReturn separate counts of TID reqs that succeed and result in error
Jennifer Richards [Fri, 1 Jun 2018 18:36:55 +0000 (14:36 -0400)]
Return separate counts of TID reqs that succeed and result in error

  * Pass result codes back from req callbacks for tr_gss connections
  * Separately count TID responses and TID error responses
  * Add monitoring handlers for the error response
  * Rename monitoring option #defines to better match the string names
  * Add more TR_GSS_RC codes
  * Update trmon documentation string

3 years agoReturn nonzero exit code (specifically, 2) when a tidc req fails
Jennifer Richards [Fri, 1 Jun 2018 17:50:19 +0000 (13:50 -0400)]
Return nonzero exit code (specifically, 2) when a tidc req fails

3 years agoChange monitoring_port -> mons_port where it was missed in a merge
Jennifer Richards [Fri, 1 Jun 2018 15:03:28 +0000 (11:03 -0400)]
Change monitoring_port -> mons_port where it was missed in a merge

3 years agoMerge pull request #92 from painless-security/jennifer/reduce_logging
Mark Donnelly [Fri, 1 Jun 2018 13:34:51 +0000 (09:34 -0400)]
Merge pull request #92 from painless-security/jennifer/reduce_logging

Reduce logging during connection accept and validate internal configuration

3 years agoReturn NULL when tr_cfg_parse_one_apc() fails
Jennifer Richards [Fri, 1 Jun 2018 00:46:07 +0000 (20:46 -0400)]
Return NULL when tr_cfg_parse_one_apc() fails

3 years agoLet's try again on the build number tagging
Jennifer Richards [Thu, 31 May 2018 19:30:06 +0000 (15:30 -0400)]
Let's try again on the build number tagging

3 years agoAdd a build_tag parameter to the version in the RPM spec file
Jennifer Richards [Thu, 31 May 2018 19:22:45 +0000 (15:22 -0400)]
Add a build_tag parameter to the version in the RPM spec file

This is to allow Jenkins to add a build number so we don't have
to muck about with the spec file

3 years agoAdd help to the trmon utility
Jennifer Richards [Thu, 31 May 2018 18:56:50 +0000 (14:56 -0400)]
Add help to the trmon utility

3 years agoFix handling of errors with strtol(), factor out port parsing
Jennifer Richards [Thu, 31 May 2018 17:23:10 +0000 (13:23 -0400)]
Fix handling of errors with strtol(), factor out port parsing

  * Set errno to 0 before calling strtol()
  * Fix warnings in gssconn_{server,client}.c
  * Add tr_parse_port() to tr_inet_util.[ch] and use throughout the
    codebase for parsing port numbers

3 years agoUpdate RPM example cfg files to include monitoring and serial_number
Jennifer Richards [Wed, 30 May 2018 14:51:15 +0000 (10:51 -0400)]
Update RPM example cfg files to include monitoring and serial_number

3 years agoMerge pull request #86 from painless-security/jennifer/aaa_server_port
Jennifer Richards [Wed, 30 May 2018 05:07:02 +0000 (01:07 -0400)]
Merge pull request #86 from painless-security/jennifer/aaa_server_port

Allow configurable TID and TRP ports

3 years agoWork with new hostname parsing and improve error reports
Jennifer Richards [Wed, 30 May 2018 05:00:21 +0000 (01:00 -0400)]
Work with new hostname parsing and improve error reports

  * Use the new tr_parse_host() function
  * Output more useful errors when parsing aaa servers
  * Update Makefile.am

3 years agoRefactor host validation and parsing, move methods out of tr_util.[ch]
Jennifer Richards [Wed, 30 May 2018 04:58:13 +0000 (00:58 -0400)]
Refactor host validation and parsing, move methods out of tr_util.[ch]

  * Limit hostname validation to avoiding ambiguity about whether a port
    is part of the string
  * Refactor hostname/port parsing
    - new function is tr_parse_host() in tr_inet_util.c
    - handles both hostname and port
    - works with strings, not TR_NAME
  * Move hostname related methods out of tr_util.c

Changes to make the rest of the codebase work with these updates will be
in the next commit.

3 years agoSet trust router port in trp_inforec_set_trust_router()
Jennifer Richards [Wed, 30 May 2018 04:54:35 +0000 (00:54 -0400)]
Set trust router port in trp_inforec_set_trust_router()

3 years agoAdd internet address/hostname validators in tr_inet_util.[ch]
Jennifer Richards [Wed, 30 May 2018 00:40:26 +0000 (20:40 -0400)]
Add internet address/hostname validators in tr_inet_util.[ch]

3 years agoAdd accidentally omitted 'port' parameter to error messages
Jennifer Richards [Tue, 29 May 2018 19:24:47 +0000 (15:24 -0400)]
Add accidentally omitted 'port' parameter to error messages

3 years agoValidate internal configuration more thoroughly
Jennifer Richards [Tue, 29 May 2018 19:07:55 +0000 (15:07 -0400)]
Validate internal configuration more thoroughly

3 years agoReduce logging priority while accepting connections
Jennifer Richards [Tue, 29 May 2018 18:12:29 +0000 (14:12 -0400)]
Reduce logging priority while accepting connections

This will help address #89 by eliminating messages logged with "err"
priority before a connection is accepted.

3 years agoCorrectly set peer when an update is received
Jennifer Richards [Fri, 25 May 2018 18:45:27 +0000 (14:45 -0400)]
Correctly set peer when an update is received

3 years agoUse hostname:port format for specifying peer addresses
Jennifer Richards [Fri, 25 May 2018 17:33:45 +0000 (13:33 -0400)]
Use hostname:port format for specifying peer addresses

Drop the old "port" key for consistency with other handling of ports.

3 years agoFix bug in tr_parse_port()
Jennifer Richards [Fri, 25 May 2018 17:32:50 +0000 (13:32 -0400)]
Fix bug in tr_parse_port()

3 years agoAdd signed integer parser to eliminate compiler errors
Jennifer Richards [Fri, 25 May 2018 16:49:25 +0000 (12:49 -0400)]
Add signed integer parser to eliminate compiler errors

3 years agoUse our hostname/TID port when sending a request, not our next_hop
Jennifer Richards [Fri, 25 May 2018 15:59:57 +0000 (11:59 -0400)]
Use our hostname/TID port when sending a request, not our next_hop

Before this, we set the next_hop to ourselves for local routes, then
simply forwarded the next_hop to our peers in update messages. That is
incorrect - we need to fill in our own hostname/TID port every time, not
send the next_hop we forward to.

Also fixes a few port name / signed int changes that really belonged in
the previous commit.

3 years agoNormalize port naming (tids_, trps_, and mons_port) and use signed int
Jennifer Richards [Fri, 25 May 2018 15:57:51 +0000 (11:57 -0400)]
Normalize port naming (tids_, trps_, and mons_port) and use signed int

This cleans up the port names in various functions and data structures.
Tries to get rid of ambiguous "port" fields. A few changes will be in
the next commit which has some functional updates as well.

3 years agoCopy TID and TRP ports from inforec when accepting a route update
Jennifer Richards [Fri, 25 May 2018 00:18:20 +0000 (20:18 -0400)]
Copy TID and TRP ports from inforec when accepting a route update

3 years agoSupport non-default TRP and TID ports
Jennifer Richards [Thu, 24 May 2018 22:30:11 +0000 (18:30 -0400)]
Support non-default TRP and TID ports

  * Include trust_router and next_hop ports in inforecs, routes, and
    update msgs
    - affects encoders and decoders
    - use next_hop from the inforec instead of assuming it is the
      peer's server address
    - default next_hop to the trust_router for backward compatibility
    - default both ports to the standard well-known ports if not given
  * fill in local routes with our hostname/port
    - no longer permit empty next_hop fields
  * Update filter handlers
    - handle next_hop field
    - use hostname:port format (or just hostname with default port)
    - handle next_hop field
  * Keep track of AAA server ports
  * Be more careful with tr_msg JSON helper return values
  * Use tr_name_strdup() to avoid ad hoc conversion from name to string
  * Use signed int as port to allow -1 as an invalid port indicator
  * Remove now-obsolete tr_aaa_server_from_name() function

3 years agoFactor out hostname parsing for reuse
Jennifer Richards [Thu, 24 May 2018 21:01:44 +0000 (17:01 -0400)]
Factor out hostname parsing for reuse

3 years agoFix typo, reorder methods in tr_aaa_server.c
Jennifer Richards [Thu, 24 May 2018 18:05:39 +0000 (14:05 -0400)]
Fix typo, reorder methods in tr_aaa_server.c

3 years agoFix a leftover use of the old TR_AAA_SERVER structure
Jennifer Richards [Thu, 24 May 2018 18:01:14 +0000 (14:01 -0400)]
Fix a leftover use of the old TR_AAA_SERVER structure

3 years agoUse the port configured for a AAA server instead of assuming TID_PORT
Jennifer Richards [Thu, 24 May 2018 18:00:56 +0000 (14:00 -0400)]
Use the port configured for a AAA server instead of assuming TID_PORT

  * Pass TR_AAA_SERVER instead of hostname to TIDS forward threads
  * Use the port set for the TR_AAA_SERVER instead of TID_PORT

3 years agoParse hostname/port for AAA server addresses
Jennifer Richards [Thu, 24 May 2018 17:34:20 +0000 (13:34 -0400)]
Parse hostname/port for AAA server addresses

  * Add methods to create a TR_AAA_SERVER from a hostname:port string
    - also a version starting from a TR_NAME, which is a bit of a
      misuse of the TR_NAME
  * Update code to use the new methods instead
  * tr_aaa_server_new() no longer sets the hostname
  * tr_aaa_server_set_port() only uses default port when port == 0,
    otherwise allows any value
  * refactor tr_cfg_parse_one_aaa_server() to better use talloc
  * Raise error in tr_tids_req_handler() if AAA server allocation fails

3 years agoMove AAA server methods out of tr_idp.[ch] into their own files
Jennifer Richards [Thu, 24 May 2018 15:43:31 +0000 (11:43 -0400)]
Move AAA server methods out of tr_idp.[ch] into their own files

  * Create tr_aaa_server.[ch], move methods out of tr_idp.[ch]
    - Existing methods unchanged
  * Add port to TR_AAA_SERVER
  * Add get/set methods for hostname/port
  * Update makefiles

3 years agoAdd last few missing headers and clean up the order of the list
Jennifer Richards [Wed, 23 May 2018 20:41:26 +0000 (16:41 -0400)]
Add last few missing headers and clean up the order of the list

3 years agoA few more forgotten headers in make dist
Jennifer Richards [Wed, 23 May 2018 20:26:52 +0000 (16:26 -0400)]
A few more forgotten headers in make dist

3 years agoAdd headers left out of make dist
Jennifer Richards [Wed, 23 May 2018 20:22:16 +0000 (16:22 -0400)]
Add headers left out of make dist

3 years agoBump version in trust_router.spec to match configure.ac
Jennifer Richards [Wed, 23 May 2018 19:56:04 +0000 (15:56 -0400)]
Bump version in trust_router.spec to match configure.ac

3 years agoEnsure the m4 directory exists so that autoreconf doesn't complain
Jennifer Richards [Wed, 23 May 2018 19:47:36 +0000 (15:47 -0400)]
Ensure the m4 directory exists so that autoreconf doesn't complain

  * Add a throwaway hidden file so git creates the directory
  * Add an exception in .gitignore so this file is not ignored

3 years agoPrevent core dumps on intentional mons/tids subprocess abort()
Jennifer Richards [Thu, 10 May 2018 16:15:06 +0000 (12:15 -0400)]
Prevent core dumps on intentional mons/tids subprocess abort()

Uses setrlimit() to set the core size limit to 0 for the subprocess
immediately before aborting.

3 years agoAbort instead of exit from forked tids and mons subprocesses
Jennifer Richards [Tue, 8 May 2018 17:01:31 +0000 (13:01 -0400)]
Abort instead of exit from forked tids and mons subprocesses

3 years agoUse the the peer table iterator correctly
Jennifer Richards [Mon, 7 May 2018 21:29:48 +0000 (17:29 -0400)]
Use the the peer table iterator correctly

3 years agoValidate whether peer gss name is non-null before duplicating it
Jennifer Richards [Mon, 7 May 2018 20:20:17 +0000 (16:20 -0400)]
Validate whether peer gss name is non-null before duplicating it

3 years agoFix Makefile.am for t_constraint so "make check" succeeds
Jennifer Richards [Mon, 7 May 2018 19:04:41 +0000 (15:04 -0400)]
Fix Makefile.am for t_constraint so "make check" succeeds

3 years agoMerge pull request #82 from painless-security/jennifer/pull_req_feedback
Jennifer Richards [Mon, 7 May 2018 18:48:22 +0000 (14:48 -0400)]
Merge pull request #82 from painless-security/jennifer/pull_req_feedback

Incorporate feedback from monitoring code reviews

3 years agoRename TID count options to show
Jennifer Richards [Mon, 7 May 2018 18:48:05 +0000 (14:48 -0400)]
Rename TID count options to show

  * tid_req_count -> tid_reqs_processed
  * tid_req_pending -> tid_reqs_pending
  * tid_req_error_count -> tid_error_count

3 years agoRemove unsupported 'reconfigure' monitoring command
Jennifer Richards [Mon, 7 May 2018 18:37:57 +0000 (14:37 -0400)]
Remove unsupported 'reconfigure' monitoring command

3 years agoInclude trmon in RPM, nudge version to 3.4.0~2
Jennifer Richards [Mon, 7 May 2018 18:20:10 +0000 (14:20 -0400)]
Include trmon in RPM, nudge version to 3.4.0~2

3 years agoMiscellaneous minor code cleanup for MRW's review comments
Jennifer Richards [Mon, 7 May 2018 18:11:43 +0000 (14:11 -0400)]
Miscellaneous minor code cleanup for MRW's review comments

  * Remove generation of DH in trmon.c, it's not needed
  * Check return value of mon_req_add_option() in a few places it had
    been ignored
  * Spell out "Trust Router" in trmon version/help description
  * Rename _decode -> _encode after a copy/paste
  * Fix a few incorrect comments describing file contents
  * Fix function name in debug messages in tr_cfg_parse_config_files()
  * Include glib.h instead of gmodule.h in a few files

3 years agoMove repeated #defines into tr_json_util.h and add documentation
Jennifer Richards [Mon, 7 May 2018 18:06:43 +0000 (14:06 -0400)]
Move repeated #defines into tr_json_util.h and add documentation

3 years agoMove DH record from TR_GSSC_INSTANCE to TIDC_INSTANCE, where it belongs
Jennifer Richards [Mon, 7 May 2018 17:45:51 +0000 (13:45 -0400)]
Move DH record from TR_GSSC_INSTANCE to TIDC_INSTANCE, where it belongs

3 years agoTreat TID req as error if a response is not sent
Jennifer Richards [Mon, 7 May 2018 17:24:19 +0000 (13:24 -0400)]
Treat TID req as error if a response is not sent

  * Return an error code from tr_gss_handle_connection()
  * When TID process terminates, send "OK" or "ERR" over the pipe
  * Refactor handling of the TID fork() and messaging

3 years agoUpdate a tr_mq_msg_new() call that slipped through with a msg priority
Jennifer Richards [Mon, 7 May 2018 16:16:15 +0000 (12:16 -0400)]
Update a tr_mq_msg_new() call that slipped through with a msg priority

3 years agoMerge pull request #81 from painless-security/jennifer/no_mq_priorities
Jennifer Richards [Mon, 7 May 2018 16:05:44 +0000 (12:05 -0400)]
Merge pull request #81 from painless-security/jennifer/no_mq_priorities

Remove TR_MQ message priorities

3 years agoMerge branch 'milestone/monitoring' into jennifer/no_mq_priorities
Jennifer Richards [Mon, 7 May 2018 16:05:23 +0000 (12:05 -0400)]
Merge branch 'milestone/monitoring' into jennifer/no_mq_priorities

3 years agoMerge pull request #79 from painless-security/jennifer/memory_leaks
mrw42 [Fri, 4 May 2018 20:59:05 +0000 (16:59 -0400)]
Merge pull request #79 from painless-security/jennifer/memory_leaks

Clean up several memory leaks detected by valgrind

3 years agoMerge pull request #76 from painless-security/jennifer/trpc_deadlock
mrw42 [Fri, 4 May 2018 20:58:06 +0000 (16:58 -0400)]
Merge pull request #76 from painless-security/jennifer/trpc_deadlock

Eliminate deadlock in TRPC messaging queueing

3 years agoMerge pull request #72 from painless-security/jennifer/peer_label_for_updates
mrw42 [Fri, 4 May 2018 19:05:56 +0000 (15:05 -0400)]
Merge pull request #72 from painless-security/jennifer/peer_label_for_updates

Use peer labels instead of GSS names when considering updates

3 years agoMerge pull request #74 from painless-security/jennifer/set_realm_apcs
mrw42 [Fri, 4 May 2018 19:04:10 +0000 (15:04 -0400)]
Merge pull request #74 from painless-security/jennifer/set_realm_apcs

Handle APC correctly when a realm is discovered from an APC community update

3 years agoMerge pull request #73 from painless-security/jennifer/expire_utc
mrw42 [Fri, 4 May 2018 19:01:37 +0000 (15:01 -0400)]
Merge pull request #73 from painless-security/jennifer/expire_utc

Report expiration times in UTC instead of local time

3 years agoMerge pull request #61 from painless-security/jennifer/request_id
mrw42 [Fri, 4 May 2018 19:00:24 +0000 (15:00 -0400)]
Merge pull request #61 from painless-security/jennifer/request_id

Add a 'request_id' to TID requests and responses

3 years agoMerge pull request #62 from painless-security/jennifer/report_incoming_ipaddr
mrw42 [Fri, 4 May 2018 18:50:16 +0000 (14:50 -0400)]
Merge pull request #62 from painless-security/jennifer/report_incoming_ipaddr

Report incoming IP address when a connection comes in

3 years agoCorrect a comment
Jennifer Richards [Thu, 3 May 2018 21:36:30 +0000 (17:36 -0400)]
Correct a comment

3 years agoMerge remote-tracking branch 'github/milestone/monitoring' into jennifer/request_id
Jennifer Richards [Thu, 3 May 2018 21:11:19 +0000 (17:11 -0400)]
Merge remote-tracking branch 'github/milestone/monitoring' into jennifer/request_id

3 years agoMerge branch 'milestone/monitoring' into jennifer/request_id
Jennifer Richards [Thu, 3 May 2018 20:50:54 +0000 (16:50 -0400)]
Merge branch 'milestone/monitoring' into jennifer/request_id

# Conflicts:
# include/trust_router/tid.h
# tid/tidc.c
# tr/tr_tid.c

3 years agoMerge pull request #59 from painless-security/jennifer/datastructures
mrw42 [Thu, 3 May 2018 20:42:46 +0000 (16:42 -0400)]
Merge pull request #59 from painless-security/jennifer/datastructures

Replace fixed length arrays with dynamic lists

3 years agoMerge pull request #48 from painless-security/jennifer/monitoring
mrw42 [Thu, 3 May 2018 20:13:15 +0000 (16:13 -0400)]
Merge pull request #48 from painless-security/jennifer/monitoring

Monitoring interface and back end support (pull request 10)

3 years agoMerge pull request #57 from painless-security/jennifer/show_rp_clients
mrw42 [Thu, 3 May 2018 20:11:35 +0000 (16:11 -0400)]
Merge pull request #57 from painless-security/jennifer/show_rp_clients

Add show rp_clients command (pull request 9)

3 years agoMerge pull request #56 from painless-security/jennifer/show_realms
mrw42 [Thu, 3 May 2018 20:10:13 +0000 (16:10 -0400)]
Merge pull request #56 from painless-security/jennifer/show_realms

Add show realms command (pull request 8)

3 years agoMerge pull request #55 from painless-security/jennifer/show_communities
mrw42 [Thu, 3 May 2018 20:09:12 +0000 (16:09 -0400)]
Merge pull request #55 from painless-security/jennifer/show_communities

Add show communities command (pull request 7)

3 years agoMerge pull request #54 from painless-security/jennifer/show_peers
mrw42 [Thu, 3 May 2018 20:08:08 +0000 (16:08 -0400)]
Merge pull request #54 from painless-security/jennifer/show_peers

Add the show peers command (pull request 6)

3 years agoMerge pull request #53 from painless-security/jennifer/show_routes
mrw42 [Thu, 3 May 2018 20:07:11 +0000 (16:07 -0400)]
Merge pull request #53 from painless-security/jennifer/show_routes

Add show routes message support (pull request 5)

3 years agoMerge pull request #52 from painless-security/jennifer/subprocess_status
mrw42 [Thu, 3 May 2018 20:05:51 +0000 (16:05 -0400)]
Merge pull request #52 from painless-security/jennifer/subprocess_status

Report whether TID requests succeed and better clean up zombie TID / MON processes (pull request 4)

3 years agoMerge pull request #51 from painless-security/jennifer/monitoring_client_and_server
mrw42 [Thu, 3 May 2018 20:03:15 +0000 (16:03 -0400)]
Merge pull request #51 from painless-security/jennifer/monitoring_client_and_server

First functioning monitoring client/server (pull request 3)

3 years agoMerge pull request #50 from painless-security/jennifer/refactoring_tids
mrw42 [Thu, 3 May 2018 20:02:05 +0000 (16:02 -0400)]
Merge pull request #50 from painless-security/jennifer/refactoring_tids

TID refactoring (pull request 2)

3 years agoMerge pull request #49 from painless-security/jennifer/mon_msg_encoders
mrw42 [Thu, 3 May 2018 20:00:42 +0000 (16:00 -0400)]
Merge pull request #49 from painless-security/jennifer/mon_msg_encoders

Add encoders for monitoring messages (pull request 1)

3 years agoEliminate message priority from TR_MQ / TR_MQ_MSG
Jennifer Richards [Thu, 3 May 2018 13:16:08 +0000 (09:16 -0400)]
Eliminate message priority from TR_MQ / TR_MQ_MSG

This was an unnecessary feature that had caused several bugs, most
recently #80. Rather than debug that, this removes the priorities,
returning to a simple queue.

3 years agoDo not allocate return array if there are no return values
Jennifer Richards [Wed, 2 May 2018 22:11:29 +0000 (18:11 -0400)]
Do not allocate return array if there are no return values

Calling talloc_array() with length 0 still allocates memory to track
the zero-length chunk. Return NULL because that is what we mean.

3 years agoRemove unused variable
Jennifer Richards [Wed, 2 May 2018 21:49:05 +0000 (17:49 -0400)]
Remove unused variable

3 years agoFree GSS service name after a failed incoming connection
Jennifer Richards [Wed, 2 May 2018 21:24:50 +0000 (17:24 -0400)]
Free GSS service name after a failed incoming connection

3 years agoFix memory leak when setting next hop for community inforecs
Jennifer Richards [Wed, 2 May 2018 14:31:03 +0000 (10:31 -0400)]
Fix memory leak when setting next hop for community inforecs

  * Return TRP_UNSUPPORTED when setting next hop on an inforec that
    does not accept it (i.e., community inforecs)
  * Free the next hop TR_NAME if it was not stored

3 years agoFix memory leak in gsscon_connect()
Jennifer Richards [Wed, 2 May 2018 14:29:36 +0000 (10:29 -0400)]
Fix memory leak in gsscon_connect()

  * Check for failure to allocate service name
  * Free input name after importing to GSS

3 years agoRemove last remnants of old trpc thread exit protocol, clear trpc queue
Jennifer Richards [Tue, 1 May 2018 19:36:33 +0000 (15:36 -0400)]
Remove last remnants of old trpc thread exit protocol, clear trpc queue

  * Remove the shutting_down status in the TRPC_INSTANCE
  * Clear the TRPC message queue after failed connections
  * Add a few comments

3 years agoEliminate deadlock in trpc message handling
Jennifer Richards [Tue, 1 May 2018 17:49:24 +0000 (13:49 -0400)]
Eliminate deadlock in trpc message handling

  * Remove notify_cb for the trpc thread's TR_MQ
  * Use trpc_mq_pop() directly in the tr_trpc_thread() instead of
    trying to empty the queue every time
  * Eliminate the complicated thread shutdown protocol needed to avoid
    invalid accesses to data allocated in tr_trpc_thread()

This eliminates a deadlock that was possible due to misuse of the
callback mutex in conjunction with the TR_MQ mutex.

3 years agoFix JSON reference counting errors
Jennifer Richards [Mon, 30 Apr 2018 17:12:41 +0000 (13:12 -0400)]
Fix JSON reference counting errors

3 years agoSet APC correctly for community updates, reject routes for non-APC comms
Jennifer Richards [Mon, 30 Apr 2018 17:07:46 +0000 (13:07 -0400)]
Set APC correctly for community updates, reject routes for non-APC comms

When an APC community update is received, the "apcs" list is empty. The
APC for any realms described by that update should be the APC community
itself.

Also, the trust router previously accepted any realm/community pairs for
routing. That should have been APC communities only.

Finally, this also prevents configuring multiple communities with the
same ID.