From: Jennifer Richards <jennifer@painless-security.com>
Date: Mon, 20 Jun 2016 17:24:43 +0000 (-0400)
Subject: Apply Adam Bishop's March 2016 patches.
X-Git-Tag: v1.5.2~2^2
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;ds=sidebyside;h=1bc4bf57bafa273daa8a758d26c0e1b0ab7ad2af;p=trust_router.git

Apply Adam Bishop's March 2016 patches.

0001: (Trivial) The trust router does not build in a minimal environment on CentOS; specifying glib2 explicitly corrects this.
0002: (Trivial) This adds a check and log entry for the serial number to the config parser.
0003: (Trivial) Correct a typo and add more information to a log message.
0004: (Trivial) Implement enough of tr_print_config to diagnose this quicker
0005: (Substantial) Fix the corruption by making sure that a dereferenced copy is performed on each realm.
0006: (Trivial) Obligatory version bump.
---

diff --git a/common/tr_comm.c b/common/tr_comm.c
index 08d6638..9b79850 100644
--- a/common/tr_comm.c
+++ b/common/tr_comm.c
@@ -47,9 +47,9 @@ TR_IDP_REALM *tr_find_comm_idp (TR_COMM *comm, TR_NAME *idp_realm)
     return NULL;
   }
 
-  for (idp = comm->idp_realms; NULL != idp; idp = idp->next) {
+  for (idp = comm->idp_realms; NULL != idp; idp = idp->comm_next) {
     if (!tr_name_cmp (idp_realm, idp->realm_id)) {
-      tr_debug("tr_find_comm_idp: Found %s.", idp_realm->buf);
+      tr_debug("tr_find_comm_idp: Found IdP %s in community %s.", idp_realm->buf, comm->id->buf);
       return idp;
     }
   }
@@ -67,7 +67,7 @@ TR_RP_REALM *tr_find_comm_rp (TR_COMM *comm, TR_NAME *rp_realm)
 
   for (rp = comm->rp_realms; NULL != rp; rp = rp->next) {
     if (!tr_name_cmp (rp_realm, rp->realm_name)) {
-      tr_debug("tr_find_comm_idp: Found %s.", rp_realm->buf);
+      tr_debug("tr_find_comm_rp: Found RP %s in community %s.", rp_realm->buf, comm->id->buf);
       return rp;
     }
   }
diff --git a/common/tr_config.c b/common/tr_config.c
index cc352a0..629b0a1 100644
--- a/common/tr_config.c
+++ b/common/tr_config.c
@@ -44,9 +44,39 @@
 #include <tr_filter.h>
 #include <trust_router/tr_constraint.h>
 
-void tr_print_config (FILE *stream, TR_CFG *cfg) {
-  fprintf(stream, "tr_print_config: Not yet implemented.");
-  return;
+void tr_print_config (TR_CFG *cfg) {
+  tr_notice("tr_print_config: Logging running trust router configuration.");
+  tr_print_comms(cfg->comms);
+}
+
+void tr_print_comms (TR_COMM *comm_list) {
+  TR_COMM *comm = NULL;
+
+  for (comm = comm_list; NULL != comm; comm = comm->next) {
+    tr_notice("tr_print_config: Community %s:", comm->id->buf);
+
+    tr_notice("tr_print_config:  - Member IdPs:");
+    tr_print_comm_idps(comm->idp_realms);
+
+    tr_notice("tr_print_config:  - Member RPs:");
+    tr_print_comm_rps(comm->rp_realms);
+  }
+}
+
+void tr_print_comm_idps (TR_IDP_REALM *idp_list) {
+  TR_IDP_REALM *idp = NULL;
+
+  for (idp = idp_list; NULL != idp; idp = idp->comm_next) {
+    tr_notice("tr_print_config:    - @%s", idp->realm_id->buf);
+  }
+}
+
+void tr_print_comm_rps(TR_RP_REALM *rp_list) {
+  TR_RP_REALM *rp = NULL;
+
+  for (rp = rp_list; NULL != rp; rp = rp->next) {
+    tr_notice("tr_print_config:    - %s", rp->realm_name->buf);
+  }
 }
 
 void tr_cfg_free (TR_CFG *cfg) {
@@ -649,6 +679,7 @@ static TR_CFG_RC tr_cfg_parse_idp_realms (TR_CFG *trc, json_t *jcfg)
 static TR_IDP_REALM *tr_cfg_parse_comm_idps (TR_CFG *trc, json_t *jidps, TR_CFG_RC *rc)
 {
   TR_IDP_REALM *idp = NULL;
+  TR_IDP_REALM *found_idp = NULL;
   TR_IDP_REALM *temp_idp = NULL;
   int i = 0;
 
@@ -661,7 +692,15 @@ static TR_IDP_REALM *tr_cfg_parse_comm_idps (TR_CFG *trc, json_t *jidps, TR_CFG_
   }
 
   for (i = 0; i < json_array_size(jidps); i++) {
-    if (NULL == (temp_idp = (tr_cfg_find_idp(trc, 
+    if (NULL == (temp_idp = talloc(trc, TR_IDP_REALM))) {
+      tr_debug("tr_cfg_parse_comm_idps: Can't allocate memory for IdP Realm.");
+      if (rc)
+	*rc = TR_CFG_NOMEM;
+      return NULL;
+    }
+    memset (temp_idp, 0, sizeof(TR_IDP_REALM));
+
+    if (NULL == (found_idp = (tr_cfg_find_idp(trc, 
 					     tr_new_name((char *)json_string_value(json_array_get(jidps, i))), 
 					     rc)))) {
       tr_debug("tr_cfg_parse_comm_idps: Unknown IDP %s.", 
@@ -669,6 +708,9 @@ static TR_IDP_REALM *tr_cfg_parse_comm_idps (TR_CFG *trc, json_t *jidps, TR_CFG_
       return NULL;
     }
 
+    // We *MUST* do a dereferenced copy here or the second community will corrupt the linked list we create here.
+    *temp_idp = *found_idp;
+
     temp_idp->comm_next = idp;
     idp = temp_idp;
   }
@@ -868,6 +910,7 @@ TR_CFG_RC tr_cfg_validate (TR_CFG *trc) {
 
 TR_CFG_RC tr_parse_config (TR_INSTANCE *tr, int n, struct dirent **cfg_files) {
   json_t *jcfg;
+  json_t *jser;
   json_error_t rc;
 
   if ((!tr) || (!cfg_files))
@@ -891,7 +934,16 @@ TR_CFG_RC tr_parse_config (TR_INSTANCE *tr, int n, struct dirent **cfg_files) {
 	       cfg_files[n]->d_name);
       return TR_CFG_NOPARSE;
     }
-	
+
+    // Look for serial number and log it if it exists
+    if (NULL != (jser = json_object_get(jcfg, "serial_number"))) {
+      if (json_is_number(jser)) {
+        tr_notice("tr_read_config: Attempting to load revision %i of %s.",
+                  (int *) json_integer_value(jser),
+                  cfg_files[n]->d_name);
+      }
+    }
+
     if ((TR_CFG_SUCCESS != tr_cfg_parse_internal(tr->new_cfg, jcfg)) ||
 	(TR_CFG_SUCCESS != tr_cfg_parse_rp_clients(tr->new_cfg, jcfg)) ||
 	(TR_CFG_SUCCESS != tr_cfg_parse_idp_realms(tr->new_cfg, jcfg)) ||
diff --git a/include/tr_config.h b/include/tr_config.h
index 8147612..d369618 100644
--- a/include/tr_config.h
+++ b/include/tr_config.h
@@ -83,7 +83,11 @@ TR_CFG_RC tr_parse_config (TR_INSTANCE *tr, int n, struct dirent **cfg_files);
 TR_CFG_RC tr_apply_new_config (TR_INSTANCE *tr);
 TR_CFG_RC tr_cfg_validate (TR_CFG *trc);
 void tr_cfg_free(TR_CFG *cfg);
-void tr_print_config(FILE *stream, TR_CFG *cfg);
+
+void tr_print_config(TR_CFG *cfg);
+void tr_print_comms(TR_COMM *comm_list);
+void tr_print_comm_idps(TR_IDP_REALM *idp_list);
+void tr_print_comm_rps(TR_RP_REALM *rp_list);
 
 TR_IDP_REALM *tr_cfg_find_idp (TR_CFG *tr_cfg, TR_NAME *idp_id, TR_CFG_RC *rc);
 TR_RP_CLIENT *tr_cfg_find_rp (TR_CFG *tr_cfg, TR_NAME *rp_gss, TR_CFG_RC *rc);
diff --git a/tr/tr_main.c b/tr/tr_main.c
index 0459101..74aec0d 100644
--- a/tr/tr_main.c
+++ b/tr/tr_main.c
@@ -290,6 +290,9 @@ int main (int argc, const char *argv[])
     exit(1);
   }
 
+  /* print the loaded configuration */
+  tr_print_config(tr->active_cfg);
+
   /* initialize the trust path query server instance */
   if (0 == (tr->tids = tids_create ())) {
     tr_crit("Error initializing Trust Path Query Server instance.");
diff --git a/trust_router.spec b/trust_router.spec
index ddfee6e..8a0cef3 100644
--- a/trust_router.spec
+++ b/trust_router.spec
@@ -1,7 +1,7 @@
 %global optflags %{optflags} -Wno-parentheses
 Name:           trust_router
-Version:        1.5.1
-Release:        2%{?dist}
+Version:        1.5.2
+Release:        1%{?dist}
 Summary:        Moonshot Trust Router
 
 Group:          System Environment/Libraries
@@ -10,7 +10,7 @@ URL:            http://www.project-moonshot.org/
 Source0:        %{name}-%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  krb5-devel , glib-devel
+BuildRequires:  krb5-devel, glib2-devel
 BuildRequires: jansson-devel >= 2.4
 BuildRequires: sqlite-devel, openssl-devel, libtalloc-devel
 BuildRequires: systemd