Sam Hartman [Thu, 2 Oct 2014 20:45:42 +0000 (16:45 -0400)]
Even more debugging
Sam Hartman [Thu, 2 Oct 2014 20:01:34 +0000 (16:01 -0400)]
Even more debugging
Sam Hartman [Thu, 2 Oct 2014 02:37:51 +0000 (22:37 -0400)]
Add debugging to postinst to try and understand dvd creation bug
Sam Hartman [Wed, 1 Oct 2014 17:51:50 +0000 (13:51 -0400)]
postinst quiet about user creation
* postinst quiet about user creation
* tids.init:fix run levels
Sam Hartman [Tue, 30 Sep 2014 19:22:07 +0000 (15:22 -0400)]
Create a schema on upgrade or install
Sam Hartman [Tue, 30 Sep 2014 18:53:47 +0000 (14:53 -0400)]
Update to fix bug in init script, Thanks Stefan
Stefan Paetow [Tue, 30 Sep 2014 14:06:59 +0000 (15:06 +0100)]
Update moonshot-trust-router.tids.init
Remove an erroneous $ sign
Sam Hartman [Fri, 26 Sep 2014 15:26:38 +0000 (11:26 -0400)]
merge patched-debian into debian
Sam Hartman [Fri, 26 Sep 2014 15:26:15 +0000 (11:26 -0400)]
Bring back portal.cfg and manual.cfg
Patch-Category: upstream
Sam Hartman [Fri, 26 Sep 2014 14:46:47 +0000 (10:46 -0400)]
Install tids init script
Patch by Stefan Paetow;modified slightly for Debian conventions.
Sam Hartman [Fri, 26 Sep 2014 14:02:06 +0000 (10:02 -0400)]
change version to 1.4-1
New Upstream version
Sam Hartman [Wed, 27 Aug 2014 23:05:15 +0000 (19:05 -0400)]
gitignore
INclude gitignore files not distributed in upstream tarball
Patch-Name: gitignore
Sam Hartman [Fri, 26 Sep 2014 13:58:14 +0000 (09:58 -0400)]
record new upstream branch created by importing moonshot-trust-router_1.4.orig.tar.gz
Sam Hartman [Fri, 26 Sep 2014 13:58:14 +0000 (09:58 -0400)]
Import moonshot-trust-router_1.4.orig.tar.gz
Margaret Wasserman [Tue, 23 Sep 2014 19:23:06 +0000 (15:23 -0400)]
Merge Stefan's changes for TIDS init scripts for Centos.
Margaret Wasserman [Tue, 23 Sep 2014 19:02:32 +0000 (15:02 -0400)]
Don't check IDP membership when defaulting, minor fixes.
Margaret Wasserman [Tue, 23 Sep 2014 01:37:38 +0000 (21:37 -0400)]
Add configuration for default next-hop
Margaret Wasserman [Tue, 23 Sep 2014 01:36:16 +0000 (21:36 -0400)]
Merge branch 'tr-peering' of moonshot.suchdamage.org:/srv/git/trust_router into tr-peering
Sam Hartman [Tue, 23 Sep 2014 00:04:41 +0000 (20:04 -0400)]
Don't loop on waitpid returning 0
Margaret Wasserman [Fri, 19 Sep 2014 19:38:37 +0000 (15:38 -0400)]
Updated version number
Margaret Wasserman [Fri, 19 Sep 2014 19:28:30 +0000 (15:28 -0400)]
Fixes to make build work after merging.
Margaret Wasserman [Fri, 19 Sep 2014 19:13:52 +0000 (15:13 -0400)]
Merge remote-tracking branch 'origin/tr-peering' into tr-peering
Margaret Wasserman [Fri, 19 Sep 2014 19:01:10 +0000 (15:01 -0400)]
Commit changes to allow a default server and to improve peering config.
Margaret Wasserman [Mon, 15 Sep 2014 15:31:58 +0000 (11:31 -0400)]
Clean up any zombie processes whenever a new request is forked.
Stefan Paetow [Fri, 19 Sep 2014 17:02:38 +0000 (18:02 +0100)]
Update tids.initd
A tweak or two because of tids status.
Stefan Paetow [Fri, 19 Sep 2014 16:29:31 +0000 (17:29 +0100)]
Update trust_router.spec
Keep the SPEC clean and tidy.
Stefan Paetow [Fri, 19 Sep 2014 16:26:10 +0000 (17:26 +0100)]
Update trust_router.spec
Add the TIDS script to the SPEC file to be added to the installation. It does *not* mean that TIDS is auto-started or enabled in chkconfig. That is a manual step when the admin is ready to do so.
Stefan Paetow [Fri, 19 Sep 2014 15:47:38 +0000 (16:47 +0100)]
Create sysconfig.tids
The TIDS sysconfig file - Stores the tids configuration
Stefan Paetow [Fri, 19 Sep 2014 15:44:02 +0000 (16:44 +0100)]
Create tids-wrapper
The wrapper for the TIDS executable. Makes TIDS go nicely into the background
Stefan Paetow [Fri, 19 Sep 2014 15:41:46 +0000 (16:41 +0100)]
Update tids.initd
Revamped to use Adam B's method of 'double-forking'. Seems to function just as well.
Stefan Paetow [Fri, 19 Sep 2014 15:30:47 +0000 (16:30 +0100)]
Create tids.initd
Initial version sent to Sam H.
Margaret Wasserman [Mon, 15 Sep 2014 15:31:58 +0000 (11:31 -0400)]
Clean up any zombie processes whenever a new request is forked.
Adam Bishop [Wed, 3 Sep 2014 13:02:58 +0000 (14:02 +0100)]
Specfile version bump
Adam Bishop [Wed, 3 Sep 2014 13:02:02 +0000 (14:02 +0100)]
Don't recreate the log directory if it is still available
Adam Bishop [Wed, 3 Sep 2014 12:45:05 +0000 (13:45 +0100)]
Move user creation to %pre, and use the method the redhat manual suggests
Adam Bishop [Wed, 3 Sep 2014 12:43:28 +0000 (13:43 +0100)]
Changing the spec file to package the redhat init scripts and config
Adam Bishop [Wed, 3 Sep 2014 12:38:21 +0000 (13:38 +0100)]
Include /redhat when installing
Adam Bishop [Wed, 3 Sep 2014 12:35:04 +0000 (13:35 +0100)]
Adding files for running trust_router on rhel6-ish distributions nicely
Sam Hartman [Thu, 28 Aug 2014 21:26:55 +0000 (17:26 -0400)]
Symbols file
Sam Hartman [Thu, 28 Aug 2014 20:44:02 +0000 (16:44 -0400)]
Fix spelling
Sam Hartman [Thu, 28 Aug 2014 20:43:47 +0000 (16:43 -0400)]
Don't install tr_dh_test
Sam Hartman [Thu, 28 Aug 2014 20:35:14 +0000 (16:35 -0400)]
Fix email addresses in changelog
Sam Hartman [Thu, 28 Aug 2014 20:34:20 +0000 (16:34 -0400)]
Note missing manpages
Sam Hartman [Thu, 28 Aug 2014 20:32:16 +0000 (16:32 -0400)]
Fix debug package dependencies
Sam Hartman [Thu, 28 Aug 2014 00:00:19 +0000 (20:00 -0400)]
merge patched-debian into debian
Sam Hartman [Wed, 27 Aug 2014 23:59:38 +0000 (19:59 -0400)]
remove indentation in makefile which breaks install rule
(cherry picked from commit
8ee1a1c9a537c2d4847571c6611f3f32187c5eff)
Sam Hartman [Wed, 27 Aug 2014 23:59:38 +0000 (19:59 -0400)]
remove indentation in makefile which breaks install rule
Sam Hartman [Wed, 27 Aug 2014 23:28:07 +0000 (19:28 -0400)]
Policy fixups
Sam Hartman [Wed, 27 Aug 2014 23:13:32 +0000 (19:13 -0400)]
Use git dpm and 3.0 quilt source format
Sam Hartman [Wed, 27 Aug 2014 23:10:53 +0000 (19:10 -0400)]
Document changes and todo
Sam Hartman [Wed, 27 Aug 2014 23:09:35 +0000 (19:09 -0400)]
change version to 1.3.1-1 (UNRELEASED)
New Upstream Version
Initial Debian release, Closes: #759398
Sam Hartman [Wed, 27 Aug 2014 23:05:40 +0000 (19:05 -0400)]
merge patched-debian into debian
Sam Hartman [Wed, 27 Aug 2014 23:05:15 +0000 (19:05 -0400)]
gitignore
INclude gitignore files not distributed in upstream tarball
Patch-Name: gitignore
Sam Hartman [Wed, 27 Aug 2014 23:03:31 +0000 (19:03 -0400)]
Initialize git-dpm
Sam Hartman [Wed, 27 Aug 2014 23:02:29 +0000 (19:02 -0400)]
Merge branch 'upstream' into debian
Merge 1.3.1 into Debian
Sam Hartman [Wed, 27 Aug 2014 23:02:17 +0000 (19:02 -0400)]
Import trust-router_1.3.1.orig.tar.gz
Sam Hartman [Wed, 27 Aug 2014 22:31:59 +0000 (18:31 -0400)]
Release 1.3.1 for stable point for Debian
Sam Hartman [Wed, 27 Aug 2014 22:57:47 +0000 (18:57 -0400)]
gsscon_passive: remove dead code
Sam Hartman [Tue, 26 Aug 2014 23:01:43 +0000 (19:01 -0400)]
Update debian copyright to be accurate
Sam Hartman [Sat, 23 Aug 2014 00:09:23 +0000 (20:09 -0400)]
fix typo
Adam Bishop [Wed, 20 Aug 2014 18:01:54 +0000 (19:01 +0100)]
Allow tidc to take a port number as an optional argument
Sam Hartman [Mon, 4 Aug 2014 04:20:09 +0000 (00:20 -0400)]
Merge remote-tracking branch 'origin/master' into debian
Conflicts:
trust_router.spec
Sam Hartman [Fri, 1 Aug 2014 17:49:05 +0000 (13:49 -0400)]
Specify systemdsystemunitdir location
Sam Hartman [Wed, 30 Jul 2014 23:44:12 +0000 (19:44 -0400)]
We don't install the tids.service until rhel7
Sam Hartman [Wed, 30 Jul 2014 23:23:39 +0000 (19:23 -0400)]
Standardized approach to systemd unit files
Sam Hartman [Wed, 30 Jul 2014 22:00:59 +0000 (18:00 -0400)]
Create user and populate keys database
Sam Hartman [Wed, 30 Jul 2014 22:00:59 +0000 (18:00 -0400)]
Create user and populate keys database
Sam Hartman [Wed, 30 Jul 2014 19:29:20 +0000 (15:29 -0400)]
Convince Centos not to override -Wno-parenthesis
Sam Hartman [Wed, 30 Jul 2014 19:24:37 +0000 (15:24 -0400)]
Distribute tr_debug.h
Sam Hartman [Wed, 30 Jul 2014 18:56:20 +0000 (14:56 -0400)]
Include new files in spec
Sam Hartman [Wed, 30 Jul 2014 18:54:51 +0000 (14:54 -0400)]
distribute tids.service and schema.sql
Sam Hartman [Thu, 24 Jul 2014 16:05:35 +0000 (12:05 -0400)]
libtr-tid1->2
Sam Hartman [Thu, 24 Jul 2014 15:59:41 +0000 (11:59 -0400)]
Centos6 compiler is too picky about typedefs; pacify it.
Sam Hartman [Tue, 22 Jul 2014 17:48:42 +0000 (13:48 -0400)]
fix typo
Sam Hartman [Tue, 22 Jul 2014 16:09:25 +0000 (12:09 -0400)]
Packaging for Trust router 1.3
Sam Hartman [Tue, 22 Jul 2014 16:04:59 +0000 (12:04 -0400)]
Merge branch 'master' into debian
Version 1.3
Sam Hartman [Tue, 22 Jul 2014 14:29:17 +0000 (10:29 -0400)]
Version 1.3
Sam Hartman [Thu, 17 Jul 2014 00:41:45 +0000 (20:41 -0400)]
API improvements needed by freeradius
Sam Hartman [Wed, 16 Jul 2014 16:51:17 +0000 (12:51 -0400)]
In with the scabs, out with the tr_msg union!
The tr_msg union lead to a number of security issues because the code
tended to check to see if msg->msg_struct_name was non-null. However
it was always non-null because the pointer was shared among all the
union members. Instead, use accessors for everything.
LP: #1333734
Sam Hartman [Wed, 16 Jul 2014 15:17:52 +0000 (11:17 -0400)]
ABI/API break: pas in TID_RESP * to handler
Previously, we passed in TID_RESP ** to the request handler. However
the request handlers assumed that the response was allocated. We
don't want responses allocated in the handler, so make it a single
pointer.
note that the existing handler interface is probably inappropriate for
an event-loop-based trust router.
Sam Hartman [Mon, 21 Jul 2014 21:44:36 +0000 (17:44 -0400)]
always use tid_req_new for TID_REQ
Sam Hartman [Mon, 21 Jul 2014 21:43:38 +0000 (17:43 -0400)]
Enable talloc error reporting for tids and tidc
Sam Hartman [Tue, 15 Jul 2014 20:38:12 +0000 (16:38 -0400)]
Track num_servers correctly
Sam Hartman [Tue, 15 Jul 2014 15:39:15 +0000 (11:39 -0400)]
TID_RESP: array of servers rather than linked list
Provide an array of servers rather than a linked list for easier sorting.
TID_RESP is now allocated by talloc.
Sam Hartman [Tue, 15 Jul 2014 14:07:29 +0000 (10:07 -0400)]
Make tid types opaque
Sam Hartman [Mon, 14 Jul 2014 19:59:46 +0000 (15:59 -0400)]
It is not a failure to have no constraints at all, although no authorizations are created
Sam Hartman [Mon, 14 Jul 2014 19:55:27 +0000 (15:55 -0400)]
tr_constraints: constraint set members can have limited types
If a constraint set member has a domain constraint but no realm
constraint treat that as a universal realm constraint (*).
However, if no constraint set member has that constraint type then
access is denied; we do not fail open.
Sam Hartman [Mon, 14 Jul 2014 18:18:36 +0000 (14:18 -0400)]
Include authorizations view in schema
Sam Hartman [Fri, 11 Jul 2014 19:12:34 +0000 (15:12 -0400)]
Iterators also needed for tests
Sam Hartman [Fri, 11 Jul 2014 19:12:24 +0000 (15:12 -0400)]
don't redefine json_t
Sam Hartman [Fri, 11 Jul 2014 19:03:12 +0000 (15:03 -0400)]
Back port jansson iterators
Sam Hartman [Mon, 7 Jul 2014 18:27:48 +0000 (14:27 -0400)]
tids: include constraints in database
new table authorizations includes constraints for domain and realm as
well as the COI and APC used for the connection.
Sam Hartman [Thu, 3 Jul 2014 20:40:48 +0000 (16:40 -0400)]
tr_constraint_set_get_match_strings
New function to retrieve the wild card strings that match a constraint
type for an intersected constraint set.
As a result convert TID_REQ to using talloc.
Depend on talloc project wide.
# Please enter the commit
message for your changes. Lines starting # with '#' will be ignored,
and an empty message aborts the commit. # On branch master # Your
branch is ahead of 'origin/master' by 3 commits. # (use "git push" to
publish your local commits) # # Changes to be committed: # modified:
common/tr_constraint.c # modified: configure.ac # modified:
include/trust_router/tid.h # modified:
include/trust_router/tr_constraint.h # modified:
include/trust_router/tr_name.h # modified: tid/tid_req.c # modified:
tid/tidc.c # # Changes not staged for commit: # modified:
include/trust_router/tr_versioning.h # # Untracked files: # "\a" #
cscope.out # db # dest/ # foo.c # trust_router-1.0.tar.gz #
Sam Hartman [Fri, 11 Jul 2014 19:11:27 +0000 (15:11 -0400)]
depend on talloc
Sam Hartman [Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)]
tr_dh_pub_digest
Function to compute public key digest of client. Use to store that in
sqlite3 database. Update schema.
Sam Hartman [Thu, 3 Jul 2014 14:43:50 +0000 (10:43 -0400)]
copyright update
Sam Hartman [Thu, 3 Jul 2014 14:36:35 +0000 (10:36 -0400)]
Include constraints in tid_req messages
Sam Hartman [Wed, 2 Jul 2014 09:41:41 +0000 (05:41 -0400)]
Makefile: enable tests and -Werror
Enable t_constraint tests in make check
Also enable -Werror since we pass with that.
Sam Hartman [Wed, 2 Jul 2014 09:37:06 +0000 (05:37 -0400)]
tr_constraint_set_intersect
New function to intersect a constraint set and return a constraint
describing the domain and realm constraints that can be met by the
set.
Include tests for this. The particular test cases are also designed
to test merge_constraints (included in this patch) and
tr_prefix_wildcard_match.
Sam Hartman [Wed, 2 Jul 2014 09:34:12 +0000 (05:34 -0400)]
tid_req: Store json references
Support storing references to json objects in TID requests.