Give warnings if expiration interval is clipped to allowed min/max

author Jennifer Richards <jennifer@painless-security.com>

Fri, 23 Jun 2017 15:19:46 +0000 (11:19 -0400)

committer Jennifer Richards <jennifer@painless-security.com>

Fri, 23 Jun 2017 15:19:46 +0000 (11:19 -0400)
author Jennifer Richards <jennifer@painless-security.com>
Fri, 23 Jun 2017 15:19:46 +0000 (11:19 -0400)
committer Jennifer Richards <jennifer@painless-security.com>
Fri, 23 Jun 2017 15:19:46 +0000 (11:19 -0400)
diff --git a/common/tr_config.c b/common/tr_config.c

index adabe85..4fa6506 100644 (file)
--- a/common/tr_config.c
+++ b/common/tr_config.c
@@ -1924,16 +1924,26 @@ static TR_COMM *tr_cfg_parse_one_comm (TALLOC_CTX *mem_ctx, TR_CFG *trc, json_t
      json_t *jexpire  = json_object_get(jcomm, "expiration_interval");
      comm->expiration_interval = 43200; /*30 days*/
      if (jexpire) {
-       if (!json_is_integer(jexpire)) {
-         fprintf(stderr, "tr_parse_one_comm: expiration_interval is not an integer\n");
-    comm=NULL;
-    goto cleanup;
-       }
-       comm->expiration_interval = json_integer_value(jexpire);
-       if (comm->expiration_interval <= 10)
-         comm->expiration_interval = 11; /* Freeradius waits 10 minutes between successful TR queries*/
-       if (comm->expiration_interval > 129600) /* 90 days*/
-       comm->expiration_interval = 129600;
+      if (!json_is_integer(jexpire)) {
+        tr_err("tr_parse_one_comm: expiration_interval is not an integer for comm %.*s",
+                 tr_comm_get_id(comm)->len, tr_comm_get_id(comm)->buf);
+        comm=NULL;
+        goto cleanup;
+      }
+      comm->expiration_interval = json_integer_value(jexpire);
+      if (comm->expiration_interval <= 10) {
+        comm->expiration_interval = 11; /* Freeradius waits 10 minutes between successful TR queries*/
+        tr_notice(
+            "tr_parse_one_comm: expiration interval for %.*s less than minimum of 11 minutes; using 11 minutes instead.",
+            tr_comm_get_id(comm)->len, tr_comm_get_id(comm)->buf);
+      }
+      if (comm->expiration_interval > 129600) {
+        /* > 90 days*/
+        comm->expiration_interval = 129600;
+        tr_notice(
+            "tr_parse_one_comm: expiration interval for %.*s exceeds maximum of 90 days; using 90 days instead.",
+            tr_comm_get_id(comm)->len, tr_comm_get_id(comm)->buf);
+      }
      }
    }
  
diff --git a/trp/trps.c b/trp/trps.c

index 9aa38ed..1dd1f6c 100644 (file)
--- a/trp/trps.c
+++ b/trp/trps.c
@@ -1705,7 +1705,7 @@ static void trps_filter_one_outbound_update(TR_FILTER *filt, TRP_UPD *upd)
  static void trps_filter_outbound_updates(TR_FILTER_SET *filters, GPtrArray *updates)
  {
    TRP_UPD *upd=NULL;
-  int ii=0;
+  guint ii=0;
  
    /* walk backward through the array so we can remove elements */
    for (ii=updates->len-1; ii>=0; ii--) {
author	Jennifer Richards <jennifer@painless-security.com>
	Fri, 23 Jun 2017 15:19:46 +0000 (11:19 -0400)
committer	Jennifer Richards <jennifer@painless-security.com>
	Fri, 23 Jun 2017 15:19:46 +0000 (11:19 -0400)
common/tr_config.c		patch \| blob \| history
trp/trps.c		patch \| blob \| history