Some refactoring here and there, too.
#include <tr_cfgwatch.h>
/**
+ * Parse a boolean
+ *
+ * If the key does not exist in the src object, returns success but does fill in *dest.
+ *
+ * @param src JSON object to pull a value from
+ * @param key key to pull
+ * @param dest (output) pointer to an allocated integer
+ * @return TR_CFG_SUCCESS or an error code
+ */
+static TR_CFG_RC tr_cfg_parse_boolean(json_t *src, const char *key, int *dest)
+{
+ json_t *jtmp;
+
+ /* Validate parameters */
+ if ((src == NULL) || (key == NULL) || (dest == NULL))
+ return TR_CFG_BAD_PARAMS;
+
+ /* See if we have a value for this key; do nothing if not */
+ jtmp = json_object_get(src, key);
+ if (jtmp) {
+ if (json_is_boolean(jtmp)) {
+ *dest = json_boolean_value(jtmp);
+ } else {
+ tr_debug("tr_cfg_parse_unsigned: Parsing error, %s is not a boolean.", key);
+ return TR_CFG_NOPARSE;
+ }
+ }
+
+ return TR_CFG_SUCCESS;
+}
+
+/**
* Parse an unsigned integer
*
* If the key does not exist in the src object, returns success but does fill in *dest.
cfg->max_tree_depth = TR_DEFAULT_MAX_TREE_DEPTH;
cfg->tids_port = TR_DEFAULT_TIDS_PORT;
cfg->trps_port = TR_DEFAULT_TRPS_PORT;
+ cfg->monitoring_port = TR_DEFAULT_MONITORING_PORT;
cfg->cfg_poll_interval = TR_CFGWATCH_DEFAULT_POLL;
cfg->cfg_settling_time = TR_CFGWATCH_DEFAULT_SETTLE;
cfg->trp_connect_interval = TR_DEFAULT_TRP_CONNECT_INTERVAL;
cfg->tid_resp_denom = TR_DEFAULT_TID_RESP_DENOM;
cfg->log_threshold = TR_DEFAULT_LOG_THRESHOLD;
cfg->console_threshold = TR_DEFAULT_CONSOLE_THRESHOLD;
+ cfg->monitoring_credentials = NULL;
}
/* Helper that checks return value of a parse fn and returns if it failed */
else
trp_peer_set_port(new_peer, json_integer_value(jport));
- names=tr_cfg_parse_gss_names(tmp_ctx, jgss, &rc);
+ rc = tr_cfg_parse_gss_names(tmp_ctx, jgss, &names);
if (rc!=TR_CFG_SUCCESS) {
tr_err("tr_cfg_parse_one_peer_org: unable to parse gss names.");
rc=TR_CFG_NOPARSE;
#endif
-TR_GSS_NAMES *tr_cfg_parse_gss_names(TALLOC_CTX *mem_ctx, json_t *jgss_names, TR_CFG_RC *rc)
+TR_CFG_RC tr_cfg_parse_gss_names(TALLOC_CTX *mem_ctx, json_t *jgss_names, TR_GSS_NAMES **gssn_out)
{
TALLOC_CTX *tmp_ctx=talloc_new(NULL);
TR_GSS_NAMES *gn=NULL;
json_t *jname=NULL;
- int ii=0;
+ size_t ii=0;
TR_NAME *name=NULL;
+ TR_CFG_RC rc = TR_CFG_ERROR;
- if ((rc==NULL) || (jgss_names==NULL)) {
+ if (jgss_names==NULL) {
tr_err("tr_cfg_parse_gss_names: Bad parameters.");
- *rc=TR_CFG_BAD_PARAMS;
-
+ rc=TR_CFG_BAD_PARAMS;
+ goto cleanup;
}
if (!json_is_array(jgss_names)) {
tr_err("tr_cfg_parse_gss_names: gss_names not an array.");
- *rc=TR_CFG_NOPARSE;
+ rc=TR_CFG_NOPARSE;
goto cleanup;
}
jname=json_array_get(jgss_names, ii);
if (!json_is_string(jname)) {
tr_err("tr_cfg_parse_gss_names: Encountered non-string gss name.");
- *rc=TR_CFG_NOPARSE;
+ rc=TR_CFG_NOPARSE;
goto cleanup;
}
name=tr_new_name(json_string_value(jname));
if (name==NULL) {
tr_err("tr_cfg_parse_gss_names: Out of memory allocating gss name.");
- *rc=TR_CFG_NOMEM;
+ rc=TR_CFG_NOMEM;
goto cleanup;
}
if (tr_gss_names_add(gn, name)!=0) {
tr_free_name(name);
tr_err("tr_cfg_parse_gss_names: Unable to add gss name to RP client.");
- *rc=TR_CFG_ERROR;
+ rc=TR_CFG_ERROR;
goto cleanup;
}
}
- talloc_steal(mem_ctx, gn);
- *rc=TR_CFG_SUCCESS;
+ *gssn_out = gn;
+ talloc_steal(mem_ctx, *gssn_out);
+ rc=TR_CFG_SUCCESS;
cleanup:
talloc_free(tmp_ctx);
- if ((*rc!=TR_CFG_SUCCESS) && (gn!=NULL))
- gn=NULL;
- return gn;
+ return rc;
}
/* default filter accepts realm and *.realm */
goto cleanup;
}
- client->gss_names=tr_cfg_parse_gss_names(client, json_object_get(jrealm, "gss_names"), &call_rc);
+ call_rc = tr_cfg_parse_gss_names(client, json_object_get(jrealm, "gss_names"), &(client->gss_names));
if (call_rc!=TR_CFG_SUCCESS) {
tr_err("tr_cfg_parse_one_rp_client: could not parse gss_names.");
#include <talloc.h>
#include <tr_gss_names.h>
+#include <tr_debug.h>
static int tr_gss_names_destructor(void *obj)
{
return -1;
}
+/**
+ * Create a duplicate GSS names struct
+ *
+ * @param mem_ctx
+ * @param orig
+ * @return
+ */
+TR_GSS_NAMES *tr_gss_names_dup(TALLOC_CTX *mem_ctx, TR_GSS_NAMES *orig)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+ TR_GSS_NAMES *new = tr_gss_names_new(tmp_ctx);
+ TR_GSS_NAMES_ITER *iter = tr_gss_names_iter_new(tmp_ctx);
+ TR_NAME *this = NULL;
+
+ if ( !orig || !new || !iter ) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ this = tr_gss_names_iter_first(iter, orig);
+ while (this) {
+ if (tr_gss_names_add(new, tr_dup_name(this)) != 0) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ this = tr_gss_names_iter_next(iter);
+ }
+ /* success */
+ talloc_steal(mem_ctx, new);
+ return new;
+}
int tr_gss_names_matches(TR_GSS_NAMES *gn, TR_NAME *name)
{
int ii=0;
return 0;
}
- tr_debug("tr_sock_listen_all: monitoring interface listening on port %d on %d socket%s",
+ tr_debug("tr_sock_listen_all: listening on port %d on %d socket%s",
port,
n_opened,
(n_opened==1)?"":"s");
#define TR_DEFAULT_MAX_TREE_DEPTH 12
#define TR_DEFAULT_TRPS_PORT 12308
#define TR_DEFAULT_TIDS_PORT 12309
+#define TR_DEFAULT_MONITORING_PORT 0 /* defaults to being turned off */
#define TR_DEFAULT_LOG_THRESHOLD LOG_INFO
#define TR_DEFAULT_CONSOLE_THRESHOLD LOG_NOTICE
#define TR_DEFAULT_APC_EXPIRATION_INTERVAL 43200
unsigned int tid_req_timeout;
unsigned int tid_resp_numer; /* numerator of fraction of AAA servers to wait for in unshared mode */
unsigned int tid_resp_denom; /* denominator of fraction of AAA servers to wait for in unshared mode */
+ TR_GSS_NAMES *monitoring_credentials;
} TR_CFG_INTERNAL;
/* record of files loaded for this configuration */
/* tr_config_rp_clients.c */
TR_RP_CLIENT *tr_cfg_parse_rp_clients(TALLOC_CTX *mem_ctx, json_t *jrealms, TR_CFG_RC *rc);
-TR_GSS_NAMES *tr_cfg_parse_gss_names(TALLOC_CTX *mem_ctx, json_t *jgss_names, TR_CFG_RC *rc);
+TR_CFG_RC tr_cfg_parse_gss_names(TALLOC_CTX *mem_ctx, json_t *jgss_names, TR_GSS_NAMES **gssn_out);
/* tr_config_encoders.c */
json_t *tr_cfg_files_to_json_array(TR_CFG *cfg);
TR_GSS_NAMES *tr_gss_names_new(TALLOC_CTX *mem_ctx);
void tr_gss_names_free(TR_GSS_NAMES *gn);
int tr_gss_names_add(TR_GSS_NAMES *gn, TR_NAME *new);
+TR_GSS_NAMES *tr_gss_names_dup(TALLOC_CTX *mem_ctx, TR_GSS_NAMES *orig);
int tr_gss_names_matches(TR_GSS_NAMES *gn, TR_NAME *name);
TR_GSS_NAMES_ITER *tr_gss_names_iter_new(TALLOC_CTX *mem_ctx);
{
struct tr_mons_event_cookie *cookie=talloc_get_type_abort(cookie_in, struct tr_mons_event_cookie);
MONS_INSTANCE *mons = cookie->mons;
- TR_CFG_MGR *cfg_mgr = cookie->cfg_mgr;
- if ((!client_name) || (!gss_name) || (!mons) || (!cfg_mgr)) {
+ if ((!client_name) || (!gss_name) || (!mons)) {
tr_debug("tr_mons_gss_handler: Bad parameters.");
return -1;
}
+ tr_debug("tr_mons_gss_handler: %p", mons->authorized_gss_names);
/* Ensure at least one client exists using this GSS name */
if (! tr_gss_names_matches(mons->authorized_gss_names, gss_name)) {
tr_info("tr_mons_gss_handler: Unauthorized request from %.*s", gss_name->len, gss_name->buf);
goto cleanup;
}
+ if (cfg_mgr->active->internal->monitoring_port == 0) {
+ tr_notice("tr_mons_event_init: monitoring is disabled, not enabling events or opening sockets");
+ retval = 0;
+ goto cleanup;
+ }
+
/* Create the cookie for callbacks. We'll put it in the mons context, so it will
* be cleaned up when mons is freed by talloc_free. */
cookie=talloc(tmp_ctx, struct tr_mons_event_cookie);
tr->tids->hostname = new_cfg->internal->hostname;
tr->mons->hostname = new_cfg->internal->hostname;
+ /* Update the authorized monitoring gss names */
+ if (tr->mons->authorized_gss_names) {
+ tr_debug("tr_config_changed: freeing tr->mons->authorized_gss_names");
+ tr_gss_names_free(tr->mons->authorized_gss_names);
+ }
+ tr->mons->authorized_gss_names = tr_gss_names_dup(tr->mons, new_cfg->internal->monitoring_credentials);
+ if (tr->mons->authorized_gss_names == NULL) {
+ tr_err("tr_config_changed: Error configuring monitoring credentials");
+ }
+
trps_set_connect_interval(trps, new_cfg->internal->trp_connect_interval);
trps_set_update_interval(trps, new_cfg->internal->trp_update_interval);
trps_set_sweep_interval(trps, new_cfg->internal->trp_sweep_interval);