Jennifer Richards [Wed, 10 Aug 2016 18:29:01 +0000 (14:29 -0400)]
Merge branch 'master' into jennifer/trp-devel
Conflicts:
common/tr_config.c
common/tr_name.c
include/tr_config.h
include/trust_router/tid.h
tr/tr_main.c
Jennifer Richards [Wed, 10 Aug 2016 17:36:17 +0000 (13:36 -0400)]
Bump versions to 1.5.2 in a couple places.
Jennifer Richards [Wed, 10 Aug 2016 12:38:21 +0000 (08:38 -0400)]
Attempt to route TID requests using routing table. Unstable.
Checking in before beginning configuration file work. Connections between
trust routers are unreliable and need to be debugged.
Jennifer Richards [Thu, 4 Aug 2016 16:45:14 +0000 (12:45 -0400)]
Introduce "remote" routes that we know about but cannot contact directly.
Jennifer Richards [Thu, 4 Aug 2016 02:26:18 +0000 (22:26 -0400)]
Properly respond to wildcard route requests.
Jennifer Richards [Thu, 4 Aug 2016 02:17:15 +0000 (22:17 -0400)]
Wildcard route requests now working.
Jennifer Richards [Wed, 3 Aug 2016 17:05:07 +0000 (13:05 -0400)]
Requests nearly work, but not quite.
Issue: the request can go out before the return connection for the
peer to respond has been established, so the reply does not get sent.
Checking in before reworking detection that a peer is connected.
Jennifer Richards [Tue, 2 Aug 2016 21:37:32 +0000 (17:37 -0400)]
Partial handling of incoming route requests.
Jennifer Richards [Tue, 2 Aug 2016 15:29:12 +0000 (11:29 -0400)]
Fix memory freeing bugs. Seems stable, even through loss of connections.
Jennifer Richards [Tue, 2 Aug 2016 15:28:41 +0000 (11:28 -0400)]
Whitespace change, remove debug printf.
Jennifer Richards [Tue, 2 Aug 2016 15:24:28 +0000 (11:24 -0400)]
Leave SIGPIPE handling alone. Caller must disable or handle that.
Jennifer Richards [Wed, 27 Jul 2016 16:18:14 +0000 (12:18 -0400)]
Send triggered updates (not really tested).
Jennifer Richards [Wed, 27 Jul 2016 14:41:10 +0000 (10:41 -0400)]
Only compute routes for connected peers. Other progress.
Jennifer Richards [Wed, 27 Jul 2016 14:40:45 +0000 (10:40 -0400)]
Remove unused debug printf.
Jennifer Richards [Tue, 26 Jul 2016 20:18:30 +0000 (16:18 -0400)]
Use correct default TRP port.
Jennifer Richards [Tue, 26 Jul 2016 18:26:49 +0000 (14:26 -0400)]
Initialize route table with local routes. Fix bugs.
Jennifer Richards [Wed, 20 Jul 2016 04:02:27 +0000 (00:02 -0400)]
Connect to hard-coded peer and exchange route info. Buggy and incomplete.
Jennifer Richards [Mon, 18 Jul 2016 19:43:12 +0000 (15:43 -0400)]
Generate scheduled updates. Untested, but builds.
Jennifer Richards [Sat, 16 Jul 2016 05:14:08 +0000 (01:14 -0400)]
Test peer table and update selection functions. Seem to work.
Jennifer Richards [Fri, 15 Jul 2016 21:02:01 +0000 (17:02 -0400)]
Select route updates for a given peer (not yet tested).
Jennifer Richards [Fri, 15 Jul 2016 19:00:53 +0000 (15:00 -0400)]
Basic peer table, hard coded for testing.
Jennifer Richards [Fri, 15 Jul 2016 16:37:05 +0000 (12:37 -0400)]
Peer table (work in progress).
Jennifer Richards [Thu, 14 Jul 2016 19:54:50 +0000 (15:54 -0400)]
Sweep for expired routes. Sweeps every two seconds for now, not yet configurable.
Jennifer Richards [Thu, 14 Jul 2016 18:13:24 +0000 (14:13 -0400)]
Remove extraneous newline
Jennifer Richards [Fri, 1 Jul 2016 21:05:47 +0000 (17:05 -0400)]
Select active route after updates to the route table.
Jennifer Richards [Fri, 1 Jul 2016 19:24:32 +0000 (15:24 -0400)]
Update the routing table when TRP updates are received.
Jennifer Richards [Fri, 1 Jul 2016 15:02:12 +0000 (11:02 -0400)]
Update route table when a TRP update is received. Not tested.
Jennifer Richards [Thu, 30 Jun 2016 16:32:37 +0000 (12:32 -0400)]
Add next_hop field to route update record, filled in locally.
Jennifer Richards [Thu, 30 Jun 2016 01:47:07 +0000 (21:47 -0400)]
Improved, sorted printing, provide _to_str methods.
Jennifer Richards [Thu, 30 Jun 2016 01:45:25 +0000 (21:45 -0400)]
Do a signed compare suitable for sorting TR_NAMEs.
Jennifer Richards [Wed, 29 Jun 2016 20:15:05 +0000 (16:15 -0400)]
Fully test trp_rtable code. All tests pass.
Jennifer Richards [Tue, 28 Jun 2016 20:35:12 +0000 (16:35 -0400)]
Implement hash-indexed routing table.
Jennifer Richards [Tue, 28 Jun 2016 03:58:52 +0000 (23:58 -0400)]
Trust router: open TRP connection to self, send multiple msgs.
Jennifer Richards [Mon, 27 Jun 2016 20:55:32 +0000 (16:55 -0400)]
Make outgoing connections. Connect to self as a test.
Jennifer Richards [Sat, 25 Jun 2016 18:24:03 +0000 (14:24 -0400)]
Avoid freeing uninitialized pointer. Add -r option to trpc.
The trust router can now accept multiple simultaneous connections from
trpc programs. The messages are decoded from JSON and then printed to
the screen.
Jennifer Richards [Sat, 25 Jun 2016 01:41:28 +0000 (21:41 -0400)]
Decode JSON TRP messages, then send to main thread.
Jennifer Richards [Fri, 24 Jun 2016 17:16:13 +0000 (13:16 -0400)]
Successful messages via mq to main thread.
Jennifer Richards [Fri, 24 Jun 2016 15:19:59 +0000 (11:19 -0400)]
Authenticate GSS context in separate thread. (Not fully working yet.)
Jennifer Richards [Thu, 23 Jun 2016 17:24:23 +0000 (13:24 -0400)]
Add accessor functions and check in header file.
Jennifer Richards [Wed, 22 Jun 2016 20:59:02 +0000 (16:59 -0400)]
Test multithreaded functionality of tm_mq.
Jennifer Richards [Wed, 22 Jun 2016 17:08:32 +0000 (13:08 -0400)]
Implement message queue and test program.
Jennifer Richards [Tue, 21 Jun 2016 15:25:18 +0000 (11:25 -0400)]
Minor patches from Adam Bishop to fix build issues from commit 1bc4bf5.
1. Make sure that the spec file only includes systemd on el7 builds to fix an el6 build break.
2. Fix a build break on 32 bit systems - Jansson provides a macro which I should have used.
Jennifer Richards [Mon, 20 Jun 2016 19:15:45 +0000 (15:15 -0400)]
Fix syntax of TR_EXPORT.
Jennifer Richards [Mon, 20 Jun 2016 18:35:09 +0000 (14:35 -0400)]
Use accessor functions for TRP objects.
Jennifer Richards [Mon, 20 Jun 2016 17:57:50 +0000 (13:57 -0400)]
Separate trp_msg.c into trp_upd.c and trp_req.c.
Jennifer Richards [Mon, 20 Jun 2016 17:39:31 +0000 (13:39 -0400)]
Merge branch 'jennifer/march2016-patches'
Conflicts (both trivial):
common/tr_config.c
common/tr_name.c
Jennifer Richards [Mon, 20 Jun 2016 17:24:43 +0000 (13:24 -0400)]
Apply Adam Bishop's March 2016 patches.
0001: (Trivial) The trust router does not build in a minimal environment on CentOS; specifying glib2 explicitly corrects this.
0002: (Trivial) This adds a check and log entry for the serial number to the config parser.
0003: (Trivial) Correct a typo and add more information to a log message.
0004: (Trivial) Implement enough of tr_print_config to diagnose this quicker
0005: (Substantial) Fix the corruption by making sure that a dereferenced copy is performed on each realm.
0006: (Trivial) Obligatory version bump.
Jennifer Richards [Mon, 20 Jun 2016 16:30:13 +0000 (12:30 -0400)]
Specify string argument to tr_name() as const.
Fixes build problem with freeradius. Merges janetuk github commits
9b50472db6493fd7b5d5b6024b7899fc279fac59 and
38b9ed4c2fc284114012f1a50b357a0ae7e267c0. See:
https://github.com/janetuk/trust_router/pull/6/commits/
38b9ed4c2fc284114012f1a50b357a0ae7e267c0
Jennifer Richards [Fri, 17 Jun 2016 01:49:26 +0000 (21:49 -0400)]
Move TRP messaging to tr_msg.c. Fix old bug.
* Move TRP message-related code to tr_msg.c
* Change names/code to match existing conventions
* Add constructor/destructor for TID_RESP struct
* Free sub-structures when freeing TR_MSG struct
* Add msgtst to Makefile.am
Jennifer Richards [Thu, 16 Jun 2016 15:14:00 +0000 (11:14 -0400)]
Free json object after encoding.
Jennifer Richards [Thu, 16 Jun 2016 02:26:19 +0000 (22:26 -0400)]
Encode update messages.
Jennifer Richards [Wed, 15 Jun 2016 22:52:05 +0000 (18:52 -0400)]
Properly handle record types. Encoding temporarily broken.
Jennifer Richards [Wed, 15 Jun 2016 16:17:17 +0000 (12:17 -0400)]
Encode route_req messages.
Jennifer Richards [Wed, 15 Jun 2016 03:26:54 +0000 (23:26 -0400)]
Decode and print route_req messages.
Jennifer Richards [Wed, 15 Jun 2016 02:49:58 +0000 (22:49 -0400)]
Handle update messages properly by separating records from body.
Jennifer Richards [Tue, 14 Jun 2016 21:08:08 +0000 (17:08 -0400)]
Parse update messages. Add rudimentary printing.
Jennifer Richards [Tue, 14 Jun 2016 18:36:09 +0000 (14:36 -0400)]
Progress towards parsing update messages.
Jennifer Richards [Tue, 14 Jun 2016 03:52:03 +0000 (23:52 -0400)]
Beginning of JSON parser for TRP messages (nonfunctional)
Jennifer Richards [Mon, 13 Jun 2016 20:05:20 +0000 (16:05 -0400)]
Separate TRP from main trust router code.
Not a functional checkin, probably does not build.
Jennifer Richards [Fri, 3 Jun 2016 16:29:09 +0000 (16:29 +0000)]
Include tids.service in list of %files.
Jennifer Richards [Thu, 26 May 2016 19:55:08 +0000 (15:55 -0400)]
Add stub of TRP client test program, trpc.
Jennifer Richards [Thu, 26 May 2016 02:42:13 +0000 (22:42 -0400)]
Add TRP handling events, plus change to cfg layout.
The main purpose of this commit is to add a stub for TRP event handling.
This currently amounts to listning to a TCP port and replying with a
brief message. Additionally, moved the active and new configurations
in the TR_INSTANCE struct into a container called TR_CFG_MGR. Other
instance types (TIDS, TRPS [new with this commit], and CFGWATCH)
instances now refer to the TR_CFG_MGR rather than to the TR_INSTANCE.
This resolves circular include dependencies and makes for a cycle-free
object hierarchy. Finally, introduced more complete use of talloc
for memory management, though this is probably not complete yet.
Jennifer Richards [Thu, 26 May 2016 02:33:31 +0000 (22:33 -0400)]
Provide function to convert log severity to string.
Jennifer Richards [Tue, 24 May 2016 14:45:44 +0000 (10:45 -0400)]
Load config files in lexical order.
Previously, arbitrary load order was used. Also added config options for
the config watcher polling.
Jennifer Richards [Tue, 24 May 2016 01:37:49 +0000 (21:37 -0400)]
Refactor to move task code out of tr_main.c.
Jennifer Richards [Mon, 23 May 2016 21:54:03 +0000 (17:54 -0400)]
Resolve circular header dependencies.
The use of TR_INSTANCE throughout various modules created a situation
where circular header file inclusion was occurring. Resolve this by
moving responsibility for picking out appropriate members from the
active configuration to the caller and passing only the directly
data into various functions. Also cleaned up some allocation code
to better make use of talloc.
Jennifer Richards [Mon, 23 May 2016 20:24:15 +0000 (16:24 -0400)]
Fix function name.
Jennifer Richards [Sat, 21 May 2016 19:47:53 +0000 (15:47 -0400)]
Fix debug/error messages.
Jennifer Richards [Sat, 21 May 2016 19:39:34 +0000 (15:39 -0400)]
Reload configuration dynamically when files change.
Detect a change to the configuration files and reload when this occurs.
Any change, deletion, or addition of configuration files in the
config directory will result in reloading the configuration. If a
valid configuration results, switch to this, otherwise continue using
the old configuration. Allows a few seconds for changes to settle
before attempting to reload the configuration.
Jennifer Richards [Thu, 19 May 2016 05:35:15 +0000 (01:35 -0400)]
Add beginnings of configuration file watcher.
Not yet working, but does poll the config directory and notice changes
while also servicing TID requests.
Jennifer Richards [Wed, 18 May 2016 14:04:29 +0000 (10:04 -0400)]
Fix fcntl call to set socket to non-blocking mode.
Jennifer Richards [Wed, 18 May 2016 13:53:57 +0000 (09:53 -0400)]
Eliminate debugging message in main loop.
Jennifer Richards [Tue, 17 May 2016 23:03:07 +0000 (19:03 -0400)]
Handle tids connections from rudimentary event loop in main().
Has debugging code in place, not ready for release.
Jennifer Richards [Tue, 17 May 2016 19:53:20 +0000 (15:53 -0400)]
Avoid error message after handling TID req.
Replace the return 0 with an exit(0) after a forked subprocess finishes
handling a request. This prevents an erroneous error message from
indicating that the tids server has unexpectedly exited.
Jennifer Richards [Tue, 17 May 2016 19:38:31 +0000 (15:38 -0400)]
Give useful tids error on bad gss-name (bug 1325953)
Return a meaningful error code from tids_auth_cb() when there is a
mismatch between the expected gss-name and the client name in a TID
request. Also print a helpful error message to the server log.
Jennifer Richards [Tue, 17 May 2016 18:28:08 +0000 (14:28 -0400)]
Use strncmp instead of strcmp in tr_name_cmp().
Jennifer Richards [Tue, 17 May 2016 17:30:58 +0000 (13:30 -0400)]
Ignore SIGPIPE signals when writing to GSS socket.
If the remote end of a GSS connection disconnects, attempts to write
to the now-broken pipe result in a SIGPIPE signal. This unceremoniously
exits. Instead, ignore those signals during the write() and let the
error handling code deal gracefully with the broken pipe.
Jennifer Richards [Fri, 13 May 2016 21:44:12 +0000 (17:44 -0400)]
Parse tidc command line with argp.
Introduce argp here for consistency with tids and trust_router. This
adds --help and --usage options automatically.
Jennifer Richards [Fri, 13 May 2016 21:17:31 +0000 (17:17 -0400)]
Parse tids command line with argp (bug #1209349).
Use the argp package to parse arguments. This provides the --help option
requested by the bug report.
Jennifer Richards [Fri, 6 May 2016 15:49:14 +0000 (11:49 -0400)]
Protect against freeing config file list twice.
Jennifer Richards [Fri, 6 May 2016 02:16:38 +0000 (22:16 -0400)]
Process command-line args, add config dir option.
Add command-line processing with argp. Introduced an option to read
configuration files from other than the working directory. Also,
modified debug output in tr_parse_config to correctly indicate this
function name instead of tr_read_config.
Jennifer Richards [Wed, 20 Apr 2016 19:58:39 +0000 (15:58 -0400)]
Reject trust router config files that begin with '.'
Sam Hartman [Thu, 26 Mar 2015 01:20:26 +0000 (21:20 -0400)]
Update release
Sam Hartman [Thu, 26 Mar 2015 01:19:48 +0000 (21:19 -0400)]
Insert into psk_keys_tab not psk_keys
Sam Hartman [Wed, 25 Mar 2015 18:25:38 +0000 (14:25 -0400)]
Version 1.5.1; new schema
Sam Hartman [Wed, 25 Mar 2015 18:21:54 +0000 (14:21 -0400)]
Don't include expired keys in the psk_keys table
FreeRADIUS directly queries psk_keys. It's important that it not
match expired keys. Instead create a table psk_keys_tab and make
psk_keys a view that excludes expired keys.
Sam Hartman [Wed, 18 Mar 2015 19:25:51 +0000 (15:25 -0400)]
Update spec release
Sam Hartman [Tue, 17 Mar 2015 19:18:48 +0000 (15:18 -0400)]
Move logging to tr_internal
Sam Hartman [Tue, 17 Mar 2015 16:29:12 +0000 (12:29 -0400)]
Require sufficiently new moonshot-gss-eap rpm
Sam Hartman [Tue, 17 Mar 2015 16:27:00 +0000 (12:27 -0400)]
Update release in spec
Sam Hartman [Tue, 17 Mar 2015 16:26:31 +0000 (12:26 -0400)]
Expiration should be minimum of configured and incoming from current request
Sam Hartman [Fri, 13 Mar 2015 20:25:05 +0000 (16:25 -0400)]
Update spec version
Sam Hartman [Fri, 13 Mar 2015 20:23:06 +0000 (16:23 -0400)]
Fix sense of comparison in schema.
Sam Hartman [Thu, 12 Mar 2015 18:11:22 +0000 (14:11 -0400)]
Fix version string
Sam Hartman [Thu, 12 Mar 2015 17:09:36 +0000 (13:09 -0400)]
fix typo
Sam Hartman [Thu, 12 Mar 2015 16:43:46 +0000 (12:43 -0400)]
We now require glib-devel
Sam Hartman [Thu, 12 Mar 2015 16:33:50 +0000 (12:33 -0400)]
Schema updates; exclude expired keys from view
Sam Hartman [Thu, 12 Mar 2015 16:11:36 +0000 (12:11 -0400)]
tids handler fixes
* use talloc for server responses
* bind expiration to right value in statement
Sam Hartman [Thu, 12 Mar 2015 15:34:20 +0000 (11:34 -0400)]
Key expiration in minutes
Sam Hartman [Wed, 11 Mar 2015 22:31:55 +0000 (18:31 -0400)]
Fix logging configuration