Jennifer Richards [Sat, 2 Jun 2018 00:23:12 +0000 (20:23 -0400)]
Remove remnant of debug code that was accidentally committed
Jennifer Richards [Sat, 2 Jun 2018 00:19:49 +0000 (20:19 -0400)]
Allow "last_connection_attempt" field to be omitted in peer JSON
Jennifer Richards [Fri, 1 Jun 2018 21:04:28 +0000 (17:04 -0400)]
Merge branch 'milestone/monitoring' of https://github.com/painless-security/trust-router into milestone/monitoring
Jennifer Richards [Fri, 1 Jun 2018 21:03:20 +0000 (21:03 +0000)]
Emit error message in configure for more missing libraries
Jennifer Richards [Fri, 1 Jun 2018 21:01:31 +0000 (17:01 -0400)]
Use cast instead of talloc_get_type_abort for stack-allocated data
Jennifer Richards [Fri, 1 Jun 2018 20:55:43 +0000 (20:55 +0000)]
Emit error message in configure if libevent is missing
Jennifer Richards [Fri, 1 Jun 2018 20:43:24 +0000 (16:43 -0400)]
Refactor MON_CMD and MON_OPT_TYPE conversion to/from strings
Use a table in place of ad hoc switch statements, hopefully this is
less effort to maintain.
Jennifer Richards [Fri, 1 Jun 2018 19:58:49 +0000 (15:58 -0400)]
Merge pull request #99 from painless-security/jennifer/count_failed_reqs
Return separate counts of TID reqs that succeed and result in error
Jennifer Richards [Fri, 1 Jun 2018 19:58:28 +0000 (15:58 -0400)]
Reduce priority on a couple non-essential log messages
Jennifer Richards [Fri, 1 Jun 2018 19:39:56 +0000 (15:39 -0400)]
Set read timeout to 60 seconds instead of 60 ms (smh)
Jennifer Richards [Fri, 1 Jun 2018 19:02:17 +0000 (15:02 -0400)]
Return NULL rather than an invalid pointer on failure
Jennifer Richards [Fri, 1 Jun 2018 19:00:42 +0000 (15:00 -0400)]
Fix misleading indentation
Jennifer Richards [Fri, 1 Jun 2018 18:41:02 +0000 (14:41 -0400)]
Add a timeout to ReadBuffer() method
Jennifer Richards [Fri, 1 Jun 2018 18:36:55 +0000 (14:36 -0400)]
Return separate counts of TID reqs that succeed and result in error
* Pass result codes back from req callbacks for tr_gss connections
* Separately count TID responses and TID error responses
* Add monitoring handlers for the error response
* Rename monitoring option #defines to better match the string names
* Add more TR_GSS_RC codes
* Update trmon documentation string
Jennifer Richards [Fri, 1 Jun 2018 17:50:19 +0000 (13:50 -0400)]
Return nonzero exit code (specifically, 2) when a tidc req fails
Jennifer Richards [Fri, 1 Jun 2018 15:03:28 +0000 (11:03 -0400)]
Change monitoring_port -> mons_port where it was missed in a merge
Mark Donnelly [Fri, 1 Jun 2018 13:34:51 +0000 (09:34 -0400)]
Merge pull request #92 from painless-security/jennifer/reduce_logging
Reduce logging during connection accept and validate internal configuration
Jennifer Richards [Fri, 1 Jun 2018 00:46:07 +0000 (20:46 -0400)]
Return NULL when tr_cfg_parse_one_apc() fails
Jennifer Richards [Thu, 31 May 2018 19:30:06 +0000 (15:30 -0400)]
Let's try again on the build number tagging
Jennifer Richards [Thu, 31 May 2018 19:22:45 +0000 (15:22 -0400)]
Add a build_tag parameter to the version in the RPM spec file
This is to allow Jenkins to add a build number so we don't have
to muck about with the spec file
Jennifer Richards [Thu, 31 May 2018 18:56:50 +0000 (14:56 -0400)]
Add help to the trmon utility
Jennifer Richards [Thu, 31 May 2018 17:23:10 +0000 (13:23 -0400)]
Fix handling of errors with strtol(), factor out port parsing
* Set errno to 0 before calling strtol()
* Fix warnings in gssconn_{server,client}.c
* Add tr_parse_port() to tr_inet_util.[ch] and use throughout the
codebase for parsing port numbers
Jennifer Richards [Wed, 30 May 2018 14:51:15 +0000 (10:51 -0400)]
Update RPM example cfg files to include monitoring and serial_number
Jennifer Richards [Wed, 30 May 2018 05:07:02 +0000 (01:07 -0400)]
Merge pull request #86 from painless-security/jennifer/aaa_server_port
Allow configurable TID and TRP ports
Jennifer Richards [Wed, 30 May 2018 05:00:21 +0000 (01:00 -0400)]
Work with new hostname parsing and improve error reports
* Use the new tr_parse_host() function
* Output more useful errors when parsing aaa servers
* Update Makefile.am
Jennifer Richards [Wed, 30 May 2018 04:58:13 +0000 (00:58 -0400)]
Refactor host validation and parsing, move methods out of tr_util.[ch]
* Limit hostname validation to avoiding ambiguity about whether a port
is part of the string
* Refactor hostname/port parsing
- new function is tr_parse_host() in tr_inet_util.c
- handles both hostname and port
- works with strings, not TR_NAME
* Move hostname related methods out of tr_util.c
Changes to make the rest of the codebase work with these updates will be
in the next commit.
Jennifer Richards [Wed, 30 May 2018 04:54:35 +0000 (00:54 -0400)]
Set trust router port in trp_inforec_set_trust_router()
Jennifer Richards [Wed, 30 May 2018 00:40:26 +0000 (20:40 -0400)]
Add internet address/hostname validators in tr_inet_util.[ch]
Jennifer Richards [Tue, 29 May 2018 19:24:47 +0000 (15:24 -0400)]
Add accidentally omitted 'port' parameter to error messages
Jennifer Richards [Tue, 29 May 2018 19:07:55 +0000 (15:07 -0400)]
Validate internal configuration more thoroughly
Jennifer Richards [Tue, 29 May 2018 18:12:29 +0000 (14:12 -0400)]
Reduce logging priority while accepting connections
This will help address #89 by eliminating messages logged with "err"
priority before a connection is accepted.
Jennifer Richards [Fri, 25 May 2018 18:45:27 +0000 (14:45 -0400)]
Correctly set peer when an update is received
Jennifer Richards [Fri, 25 May 2018 17:33:45 +0000 (13:33 -0400)]
Use hostname:port format for specifying peer addresses
Drop the old "port" key for consistency with other handling of ports.
Jennifer Richards [Fri, 25 May 2018 17:32:50 +0000 (13:32 -0400)]
Fix bug in tr_parse_port()
Jennifer Richards [Fri, 25 May 2018 16:49:25 +0000 (12:49 -0400)]
Add signed integer parser to eliminate compiler errors
Jennifer Richards [Fri, 25 May 2018 15:59:57 +0000 (11:59 -0400)]
Use our hostname/TID port when sending a request, not our next_hop
Before this, we set the next_hop to ourselves for local routes, then
simply forwarded the next_hop to our peers in update messages. That is
incorrect - we need to fill in our own hostname/TID port every time, not
send the next_hop we forward to.
Also fixes a few port name / signed int changes that really belonged in
the previous commit.
Jennifer Richards [Fri, 25 May 2018 15:57:51 +0000 (11:57 -0400)]
Normalize port naming (tids_, trps_, and mons_port) and use signed int
This cleans up the port names in various functions and data structures.
Tries to get rid of ambiguous "port" fields. A few changes will be in
the next commit which has some functional updates as well.
Jennifer Richards [Fri, 25 May 2018 00:18:20 +0000 (20:18 -0400)]
Copy TID and TRP ports from inforec when accepting a route update
Jennifer Richards [Thu, 24 May 2018 22:30:11 +0000 (18:30 -0400)]
Support non-default TRP and TID ports
* Include trust_router and next_hop ports in inforecs, routes, and
update msgs
- affects encoders and decoders
- use next_hop from the inforec instead of assuming it is the
peer's server address
- default next_hop to the trust_router for backward compatibility
- default both ports to the standard well-known ports if not given
* fill in local routes with our hostname/port
- no longer permit empty next_hop fields
* Update filter handlers
- handle next_hop field
- use hostname:port format (or just hostname with default port)
- handle next_hop field
* Keep track of AAA server ports
* Be more careful with tr_msg JSON helper return values
* Use tr_name_strdup() to avoid ad hoc conversion from name to string
* Use signed int as port to allow -1 as an invalid port indicator
* Remove now-obsolete tr_aaa_server_from_name() function
Jennifer Richards [Thu, 24 May 2018 21:01:44 +0000 (17:01 -0400)]
Factor out hostname parsing for reuse
Jennifer Richards [Thu, 24 May 2018 18:05:39 +0000 (14:05 -0400)]
Fix typo, reorder methods in tr_aaa_server.c
Jennifer Richards [Thu, 24 May 2018 18:01:14 +0000 (14:01 -0400)]
Fix a leftover use of the old TR_AAA_SERVER structure
Jennifer Richards [Thu, 24 May 2018 18:00:56 +0000 (14:00 -0400)]
Use the port configured for a AAA server instead of assuming TID_PORT
* Pass TR_AAA_SERVER instead of hostname to TIDS forward threads
* Use the port set for the TR_AAA_SERVER instead of TID_PORT
Jennifer Richards [Thu, 24 May 2018 17:34:20 +0000 (13:34 -0400)]
Parse hostname/port for AAA server addresses
* Add methods to create a TR_AAA_SERVER from a hostname:port string
- also a version starting from a TR_NAME, which is a bit of a
misuse of the TR_NAME
* Update code to use the new methods instead
* tr_aaa_server_new() no longer sets the hostname
* tr_aaa_server_set_port() only uses default port when port == 0,
otherwise allows any value
* refactor tr_cfg_parse_one_aaa_server() to better use talloc
* Raise error in tr_tids_req_handler() if AAA server allocation fails
Jennifer Richards [Thu, 24 May 2018 15:43:31 +0000 (11:43 -0400)]
Move AAA server methods out of tr_idp.[ch] into their own files
* Create tr_aaa_server.[ch], move methods out of tr_idp.[ch]
- Existing methods unchanged
* Add port to TR_AAA_SERVER
* Add get/set methods for hostname/port
* Update makefiles
Jennifer Richards [Wed, 23 May 2018 20:41:26 +0000 (16:41 -0400)]
Add last few missing headers and clean up the order of the list
Jennifer Richards [Wed, 23 May 2018 20:26:52 +0000 (16:26 -0400)]
A few more forgotten headers in make dist
Jennifer Richards [Wed, 23 May 2018 20:22:16 +0000 (16:22 -0400)]
Add headers left out of make dist
Jennifer Richards [Wed, 23 May 2018 19:56:04 +0000 (15:56 -0400)]
Bump version in trust_router.spec to match configure.ac
Jennifer Richards [Wed, 23 May 2018 19:47:36 +0000 (15:47 -0400)]
Ensure the m4 directory exists so that autoreconf doesn't complain
* Add a throwaway hidden file so git creates the directory
* Add an exception in .gitignore so this file is not ignored
Jennifer Richards [Thu, 10 May 2018 16:15:06 +0000 (12:15 -0400)]
Prevent core dumps on intentional mons/tids subprocess abort()
Uses setrlimit() to set the core size limit to 0 for the subprocess
immediately before aborting.
Jennifer Richards [Tue, 8 May 2018 17:01:31 +0000 (13:01 -0400)]
Abort instead of exit from forked tids and mons subprocesses
Jennifer Richards [Mon, 7 May 2018 21:29:48 +0000 (17:29 -0400)]
Use the the peer table iterator correctly
Jennifer Richards [Mon, 7 May 2018 20:20:17 +0000 (16:20 -0400)]
Validate whether peer gss name is non-null before duplicating it
Jennifer Richards [Mon, 7 May 2018 19:04:41 +0000 (15:04 -0400)]
Fix Makefile.am for t_constraint so "make check" succeeds
Jennifer Richards [Mon, 7 May 2018 18:48:22 +0000 (14:48 -0400)]
Merge pull request #82 from painless-security/jennifer/pull_req_feedback
Incorporate feedback from monitoring code reviews
Jennifer Richards [Mon, 7 May 2018 18:48:05 +0000 (14:48 -0400)]
Rename TID count options to show
* tid_req_count -> tid_reqs_processed
* tid_req_pending -> tid_reqs_pending
* tid_req_error_count -> tid_error_count
Jennifer Richards [Mon, 7 May 2018 18:37:57 +0000 (14:37 -0400)]
Remove unsupported 'reconfigure' monitoring command
Jennifer Richards [Mon, 7 May 2018 18:20:10 +0000 (14:20 -0400)]
Include trmon in RPM, nudge version to 3.4.0~2
Jennifer Richards [Mon, 7 May 2018 18:11:43 +0000 (14:11 -0400)]
Miscellaneous minor code cleanup for MRW's review comments
* Remove generation of DH in trmon.c, it's not needed
* Check return value of mon_req_add_option() in a few places it had
been ignored
* Spell out "Trust Router" in trmon version/help description
* Rename _decode -> _encode after a copy/paste
* Fix a few incorrect comments describing file contents
* Fix function name in debug messages in tr_cfg_parse_config_files()
* Include glib.h instead of gmodule.h in a few files
Jennifer Richards [Mon, 7 May 2018 18:06:43 +0000 (14:06 -0400)]
Move repeated #defines into tr_json_util.h and add documentation
Jennifer Richards [Mon, 7 May 2018 17:45:51 +0000 (13:45 -0400)]
Move DH record from TR_GSSC_INSTANCE to TIDC_INSTANCE, where it belongs
Jennifer Richards [Mon, 7 May 2018 17:24:19 +0000 (13:24 -0400)]
Treat TID req as error if a response is not sent
* Return an error code from tr_gss_handle_connection()
* When TID process terminates, send "OK" or "ERR" over the pipe
* Refactor handling of the TID fork() and messaging
Jennifer Richards [Mon, 7 May 2018 16:16:15 +0000 (12:16 -0400)]
Update a tr_mq_msg_new() call that slipped through with a msg priority
Jennifer Richards [Mon, 7 May 2018 16:05:44 +0000 (12:05 -0400)]
Merge pull request #81 from painless-security/jennifer/no_mq_priorities
Remove TR_MQ message priorities
Jennifer Richards [Mon, 7 May 2018 16:05:23 +0000 (12:05 -0400)]
Merge branch 'milestone/monitoring' into jennifer/no_mq_priorities
mrw42 [Fri, 4 May 2018 20:59:05 +0000 (16:59 -0400)]
Merge pull request #79 from painless-security/jennifer/memory_leaks
Clean up several memory leaks detected by valgrind
mrw42 [Fri, 4 May 2018 20:58:06 +0000 (16:58 -0400)]
Merge pull request #76 from painless-security/jennifer/trpc_deadlock
Eliminate deadlock in TRPC messaging queueing
mrw42 [Fri, 4 May 2018 19:05:56 +0000 (15:05 -0400)]
Merge pull request #72 from painless-security/jennifer/peer_label_for_updates
Use peer labels instead of GSS names when considering updates
mrw42 [Fri, 4 May 2018 19:04:10 +0000 (15:04 -0400)]
Merge pull request #74 from painless-security/jennifer/set_realm_apcs
Handle APC correctly when a realm is discovered from an APC community update
mrw42 [Fri, 4 May 2018 19:01:37 +0000 (15:01 -0400)]
Merge pull request #73 from painless-security/jennifer/expire_utc
Report expiration times in UTC instead of local time
mrw42 [Fri, 4 May 2018 19:00:24 +0000 (15:00 -0400)]
Merge pull request #61 from painless-security/jennifer/request_id
Add a 'request_id' to TID requests and responses
mrw42 [Fri, 4 May 2018 18:50:16 +0000 (14:50 -0400)]
Merge pull request #62 from painless-security/jennifer/report_incoming_ipaddr
Report incoming IP address when a connection comes in
Jennifer Richards [Thu, 3 May 2018 21:36:30 +0000 (17:36 -0400)]
Correct a comment
Jennifer Richards [Thu, 3 May 2018 21:11:19 +0000 (17:11 -0400)]
Merge remote-tracking branch 'github/milestone/monitoring' into jennifer/request_id
Jennifer Richards [Thu, 3 May 2018 20:50:54 +0000 (16:50 -0400)]
Merge branch 'milestone/monitoring' into jennifer/request_id
# Conflicts:
# include/trust_router/tid.h
# tid/tidc.c
# tr/tr_tid.c
mrw42 [Thu, 3 May 2018 20:42:46 +0000 (16:42 -0400)]
Merge pull request #59 from painless-security/jennifer/datastructures
Replace fixed length arrays with dynamic lists
mrw42 [Thu, 3 May 2018 20:13:15 +0000 (16:13 -0400)]
Merge pull request #48 from painless-security/jennifer/monitoring
Monitoring interface and back end support (pull request 10)
mrw42 [Thu, 3 May 2018 20:11:35 +0000 (16:11 -0400)]
Merge pull request #57 from painless-security/jennifer/show_rp_clients
Add show rp_clients command (pull request 9)
mrw42 [Thu, 3 May 2018 20:10:13 +0000 (16:10 -0400)]
Merge pull request #56 from painless-security/jennifer/show_realms
Add show realms command (pull request 8)
mrw42 [Thu, 3 May 2018 20:09:12 +0000 (16:09 -0400)]
Merge pull request #55 from painless-security/jennifer/show_communities
Add show communities command (pull request 7)
mrw42 [Thu, 3 May 2018 20:08:08 +0000 (16:08 -0400)]
Merge pull request #54 from painless-security/jennifer/show_peers
Add the show peers command (pull request 6)
mrw42 [Thu, 3 May 2018 20:07:11 +0000 (16:07 -0400)]
Merge pull request #53 from painless-security/jennifer/show_routes
Add show routes message support (pull request 5)
mrw42 [Thu, 3 May 2018 20:05:51 +0000 (16:05 -0400)]
Merge pull request #52 from painless-security/jennifer/subprocess_status
Report whether TID requests succeed and better clean up zombie TID / MON processes (pull request 4)
mrw42 [Thu, 3 May 2018 20:03:15 +0000 (16:03 -0400)]
Merge pull request #51 from painless-security/jennifer/monitoring_client_and_server
First functioning monitoring client/server (pull request 3)
mrw42 [Thu, 3 May 2018 20:02:05 +0000 (16:02 -0400)]
Merge pull request #50 from painless-security/jennifer/refactoring_tids
TID refactoring (pull request 2)
mrw42 [Thu, 3 May 2018 20:00:42 +0000 (16:00 -0400)]
Merge pull request #49 from painless-security/jennifer/mon_msg_encoders
Add encoders for monitoring messages (pull request 1)
Jennifer Richards [Thu, 3 May 2018 13:16:08 +0000 (09:16 -0400)]
Eliminate message priority from TR_MQ / TR_MQ_MSG
This was an unnecessary feature that had caused several bugs, most
recently #80. Rather than debug that, this removes the priorities,
returning to a simple queue.
Jennifer Richards [Wed, 2 May 2018 22:11:29 +0000 (18:11 -0400)]
Do not allocate return array if there are no return values
Calling talloc_array() with length 0 still allocates memory to track
the zero-length chunk. Return NULL because that is what we mean.
Jennifer Richards [Wed, 2 May 2018 21:49:05 +0000 (17:49 -0400)]
Remove unused variable
Jennifer Richards [Wed, 2 May 2018 21:24:50 +0000 (17:24 -0400)]
Free GSS service name after a failed incoming connection
Jennifer Richards [Wed, 2 May 2018 14:31:03 +0000 (10:31 -0400)]
Fix memory leak when setting next hop for community inforecs
* Return TRP_UNSUPPORTED when setting next hop on an inforec that
does not accept it (i.e., community inforecs)
* Free the next hop TR_NAME if it was not stored
Jennifer Richards [Wed, 2 May 2018 14:29:36 +0000 (10:29 -0400)]
Fix memory leak in gsscon_connect()
* Check for failure to allocate service name
* Free input name after importing to GSS
Jennifer Richards [Tue, 1 May 2018 19:36:33 +0000 (15:36 -0400)]
Remove last remnants of old trpc thread exit protocol, clear trpc queue
* Remove the shutting_down status in the TRPC_INSTANCE
* Clear the TRPC message queue after failed connections
* Add a few comments
Jennifer Richards [Tue, 1 May 2018 17:49:24 +0000 (13:49 -0400)]
Eliminate deadlock in trpc message handling
* Remove notify_cb for the trpc thread's TR_MQ
* Use trpc_mq_pop() directly in the tr_trpc_thread() instead of
trying to empty the queue every time
* Eliminate the complicated thread shutdown protocol needed to avoid
invalid accesses to data allocated in tr_trpc_thread()
This eliminates a deadlock that was possible due to misuse of the
callback mutex in conjunction with the TR_MQ mutex.
Jennifer Richards [Mon, 30 Apr 2018 17:12:41 +0000 (13:12 -0400)]
Fix JSON reference counting errors
Jennifer Richards [Mon, 30 Apr 2018 17:07:46 +0000 (13:07 -0400)]
Set APC correctly for community updates, reject routes for non-APC comms
When an APC community update is received, the "apcs" list is empty. The
APC for any realms described by that update should be the APC community
itself.
Also, the trust router previously accepted any realm/community pairs for
routing. That should have been APC communities only.
Finally, this also prevents configuring multiple communities with the
same ID.
Jennifer Richards [Sun, 29 Apr 2018 18:05:56 +0000 (14:05 -0400)]
Use peer_label instead of peer_gssname in community gathering
Currently this does nothing (loop prevention is done by the TR that
receives an update)
Jennifer Richards [Sun, 29 Apr 2018 17:52:59 +0000 (13:52 -0400)]
Properly check peer labels when finding alternate route to advertise
Jennifer Richards [Sun, 29 Apr 2018 17:23:46 +0000 (13:23 -0400)]
Consistently use peer label to ID peers when enforcing split horizon
We were incorrectly comparing the peer label (which is "hostname:port")
with the GSS name of our route's source (i.e., "credential@apc.x") when
checking whether we were about to advertise a route back to the trust
router that announced it to us. That broke split horizon enforcement.