Sam Hartman [Wed, 27 Aug 2014 23:05:15 +0000 (19:05 -0400)]
gitignore
INclude gitignore files not distributed in upstream tarball
Patch-Name: gitignore
Sam Hartman [Fri, 26 Sep 2014 13:58:14 +0000 (09:58 -0400)]
Import moonshot-trust-router_1.4.orig.tar.gz
Margaret Wasserman [Tue, 23 Sep 2014 19:23:06 +0000 (15:23 -0400)]
Merge Stefan's changes for TIDS init scripts for Centos.
Margaret Wasserman [Tue, 23 Sep 2014 19:02:32 +0000 (15:02 -0400)]
Don't check IDP membership when defaulting, minor fixes.
Margaret Wasserman [Tue, 23 Sep 2014 01:37:38 +0000 (21:37 -0400)]
Add configuration for default next-hop
Margaret Wasserman [Tue, 23 Sep 2014 01:36:16 +0000 (21:36 -0400)]
Merge branch 'tr-peering' of moonshot.suchdamage.org:/srv/git/trust_router into tr-peering
Sam Hartman [Tue, 23 Sep 2014 00:04:41 +0000 (20:04 -0400)]
Don't loop on waitpid returning 0
Margaret Wasserman [Fri, 19 Sep 2014 19:38:37 +0000 (15:38 -0400)]
Updated version number
Margaret Wasserman [Fri, 19 Sep 2014 19:28:30 +0000 (15:28 -0400)]
Fixes to make build work after merging.
Margaret Wasserman [Fri, 19 Sep 2014 19:13:52 +0000 (15:13 -0400)]
Merge remote-tracking branch 'origin/tr-peering' into tr-peering
Margaret Wasserman [Fri, 19 Sep 2014 19:01:10 +0000 (15:01 -0400)]
Commit changes to allow a default server and to improve peering config.
Margaret Wasserman [Mon, 15 Sep 2014 15:31:58 +0000 (11:31 -0400)]
Clean up any zombie processes whenever a new request is forked.
Stefan Paetow [Fri, 19 Sep 2014 17:02:38 +0000 (18:02 +0100)]
Update tids.initd
A tweak or two because of tids status.
Stefan Paetow [Fri, 19 Sep 2014 16:29:31 +0000 (17:29 +0100)]
Update trust_router.spec
Keep the SPEC clean and tidy.
Stefan Paetow [Fri, 19 Sep 2014 16:26:10 +0000 (17:26 +0100)]
Update trust_router.spec
Add the TIDS script to the SPEC file to be added to the installation. It does *not* mean that TIDS is auto-started or enabled in chkconfig. That is a manual step when the admin is ready to do so.
Stefan Paetow [Fri, 19 Sep 2014 15:47:38 +0000 (16:47 +0100)]
Create sysconfig.tids
The TIDS sysconfig file - Stores the tids configuration
Stefan Paetow [Fri, 19 Sep 2014 15:44:02 +0000 (16:44 +0100)]
Create tids-wrapper
The wrapper for the TIDS executable. Makes TIDS go nicely into the background
Stefan Paetow [Fri, 19 Sep 2014 15:41:46 +0000 (16:41 +0100)]
Update tids.initd
Revamped to use Adam B's method of 'double-forking'. Seems to function just as well.
Stefan Paetow [Fri, 19 Sep 2014 15:30:47 +0000 (16:30 +0100)]
Create tids.initd
Initial version sent to Sam H.
Margaret Wasserman [Mon, 15 Sep 2014 15:31:58 +0000 (11:31 -0400)]
Clean up any zombie processes whenever a new request is forked.
Adam Bishop [Wed, 3 Sep 2014 13:02:58 +0000 (14:02 +0100)]
Specfile version bump
Adam Bishop [Wed, 3 Sep 2014 13:02:02 +0000 (14:02 +0100)]
Don't recreate the log directory if it is still available
Adam Bishop [Wed, 3 Sep 2014 12:45:05 +0000 (13:45 +0100)]
Move user creation to %pre, and use the method the redhat manual suggests
Adam Bishop [Wed, 3 Sep 2014 12:43:28 +0000 (13:43 +0100)]
Changing the spec file to package the redhat init scripts and config
Adam Bishop [Wed, 3 Sep 2014 12:38:21 +0000 (13:38 +0100)]
Include /redhat when installing
Adam Bishop [Wed, 3 Sep 2014 12:35:04 +0000 (13:35 +0100)]
Adding files for running trust_router on rhel6-ish distributions nicely
Sam Hartman [Wed, 27 Aug 2014 23:59:38 +0000 (19:59 -0400)]
remove indentation in makefile which breaks install rule
(cherry picked from commit
8ee1a1c9a537c2d4847571c6611f3f32187c5eff)
Sam Hartman [Wed, 27 Aug 2014 23:02:17 +0000 (19:02 -0400)]
Import trust-router_1.3.1.orig.tar.gz
Sam Hartman [Wed, 27 Aug 2014 22:31:59 +0000 (18:31 -0400)]
Release 1.3.1 for stable point for Debian
Sam Hartman [Wed, 27 Aug 2014 22:57:47 +0000 (18:57 -0400)]
gsscon_passive: remove dead code
Adam Bishop [Wed, 20 Aug 2014 18:01:54 +0000 (19:01 +0100)]
Allow tidc to take a port number as an optional argument
Sam Hartman [Wed, 30 Jul 2014 23:44:12 +0000 (19:44 -0400)]
We don't install the tids.service until rhel7
Sam Hartman [Wed, 30 Jul 2014 23:23:39 +0000 (19:23 -0400)]
Standardized approach to systemd unit files
Sam Hartman [Wed, 30 Jul 2014 22:00:59 +0000 (18:00 -0400)]
Create user and populate keys database
Sam Hartman [Wed, 30 Jul 2014 19:29:20 +0000 (15:29 -0400)]
Convince Centos not to override -Wno-parenthesis
Sam Hartman [Wed, 30 Jul 2014 19:24:37 +0000 (15:24 -0400)]
Distribute tr_debug.h
Sam Hartman [Wed, 30 Jul 2014 18:56:20 +0000 (14:56 -0400)]
Include new files in spec
Sam Hartman [Wed, 30 Jul 2014 18:54:51 +0000 (14:54 -0400)]
distribute tids.service and schema.sql
Sam Hartman [Thu, 24 Jul 2014 15:59:41 +0000 (11:59 -0400)]
Centos6 compiler is too picky about typedefs; pacify it.
Sam Hartman [Tue, 22 Jul 2014 14:29:17 +0000 (10:29 -0400)]
Version 1.3
Sam Hartman [Thu, 17 Jul 2014 00:41:45 +0000 (20:41 -0400)]
API improvements needed by freeradius
Sam Hartman [Wed, 16 Jul 2014 16:51:17 +0000 (12:51 -0400)]
In with the scabs, out with the tr_msg union!
The tr_msg union lead to a number of security issues because the code
tended to check to see if msg->msg_struct_name was non-null. However
it was always non-null because the pointer was shared among all the
union members. Instead, use accessors for everything.
LP: #1333734
Sam Hartman [Wed, 16 Jul 2014 15:17:52 +0000 (11:17 -0400)]
ABI/API break: pas in TID_RESP * to handler
Previously, we passed in TID_RESP ** to the request handler. However
the request handlers assumed that the response was allocated. We
don't want responses allocated in the handler, so make it a single
pointer.
note that the existing handler interface is probably inappropriate for
an event-loop-based trust router.
Sam Hartman [Mon, 21 Jul 2014 21:44:36 +0000 (17:44 -0400)]
always use tid_req_new for TID_REQ
Sam Hartman [Mon, 21 Jul 2014 21:43:38 +0000 (17:43 -0400)]
Enable talloc error reporting for tids and tidc
Sam Hartman [Tue, 15 Jul 2014 20:38:12 +0000 (16:38 -0400)]
Track num_servers correctly
Sam Hartman [Tue, 15 Jul 2014 15:39:15 +0000 (11:39 -0400)]
TID_RESP: array of servers rather than linked list
Provide an array of servers rather than a linked list for easier sorting.
TID_RESP is now allocated by talloc.
Sam Hartman [Tue, 15 Jul 2014 14:07:29 +0000 (10:07 -0400)]
Make tid types opaque
Sam Hartman [Mon, 14 Jul 2014 19:59:46 +0000 (15:59 -0400)]
It is not a failure to have no constraints at all, although no authorizations are created
Sam Hartman [Mon, 14 Jul 2014 19:55:27 +0000 (15:55 -0400)]
tr_constraints: constraint set members can have limited types
If a constraint set member has a domain constraint but no realm
constraint treat that as a universal realm constraint (*).
However, if no constraint set member has that constraint type then
access is denied; we do not fail open.
Sam Hartman [Mon, 14 Jul 2014 18:18:36 +0000 (14:18 -0400)]
Include authorizations view in schema
Sam Hartman [Fri, 11 Jul 2014 19:12:34 +0000 (15:12 -0400)]
Iterators also needed for tests
Sam Hartman [Fri, 11 Jul 2014 19:12:24 +0000 (15:12 -0400)]
don't redefine json_t
Sam Hartman [Fri, 11 Jul 2014 19:03:12 +0000 (15:03 -0400)]
Back port jansson iterators
Sam Hartman [Mon, 7 Jul 2014 18:27:48 +0000 (14:27 -0400)]
tids: include constraints in database
new table authorizations includes constraints for domain and realm as
well as the COI and APC used for the connection.
Sam Hartman [Thu, 3 Jul 2014 20:40:48 +0000 (16:40 -0400)]
tr_constraint_set_get_match_strings
New function to retrieve the wild card strings that match a constraint
type for an intersected constraint set.
As a result convert TID_REQ to using talloc.
Depend on talloc project wide.
# Please enter the commit
message for your changes. Lines starting # with '#' will be ignored,
and an empty message aborts the commit. # On branch master # Your
branch is ahead of 'origin/master' by 3 commits. # (use "git push" to
publish your local commits) # # Changes to be committed: # modified:
common/tr_constraint.c # modified: configure.ac # modified:
include/trust_router/tid.h # modified:
include/trust_router/tr_constraint.h # modified:
include/trust_router/tr_name.h # modified: tid/tid_req.c # modified:
tid/tidc.c # # Changes not staged for commit: # modified:
include/trust_router/tr_versioning.h # # Untracked files: # "\a" #
cscope.out # db # dest/ # foo.c # trust_router-1.0.tar.gz #
Sam Hartman [Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)]
tr_dh_pub_digest
Function to compute public key digest of client. Use to store that in
sqlite3 database. Update schema.
Sam Hartman [Thu, 3 Jul 2014 14:43:50 +0000 (10:43 -0400)]
copyright update
Sam Hartman [Thu, 3 Jul 2014 14:36:35 +0000 (10:36 -0400)]
Include constraints in tid_req messages
Sam Hartman [Wed, 2 Jul 2014 09:41:41 +0000 (05:41 -0400)]
Makefile: enable tests and -Werror
Enable t_constraint tests in make check
Also enable -Werror since we pass with that.
Sam Hartman [Wed, 2 Jul 2014 09:37:06 +0000 (05:37 -0400)]
tr_constraint_set_intersect
New function to intersect a constraint set and return a constraint
describing the domain and realm constraints that can be met by the
set.
Include tests for this. The particular test cases are also designed
to test merge_constraints (included in this patch) and
tr_prefix_wildcard_match.
Sam Hartman [Wed, 2 Jul 2014 09:34:12 +0000 (05:34 -0400)]
tid_req: Store json references
Support storing references to json objects in TID requests.
Sam Hartman [Wed, 2 Jul 2014 09:30:21 +0000 (05:30 -0400)]
Move tr_prefix_wildcard_match to tr_constraint.c
We need tr_prefix_wildcard_match for merge_constraints and for
tr_filter.c. Export it from libtr_tid even though it's in a private
header. It's not part of the public API but is part of the library so
tr_filter can import it.
Also, fix bug; all strings were treated as wildcards.
Sam Hartman [Mon, 26 May 2014 19:44:21 +0000 (15:44 -0400)]
fix keys creation
Sam Hartman [Wed, 21 May 2014 20:02:01 +0000 (16:02 -0400)]
s:trustrouter:trust_router
Sam Hartman [Tue, 20 May 2014 01:21:40 +0000 (21:21 -0400)]
Fix typo
Sam Hartman [Tue, 20 May 2014 01:10:45 +0000 (21:10 -0400)]
Enable unit
Sam Hartman [Tue, 20 May 2014 00:49:39 +0000 (20:49 -0400)]
Include tids service unit and schema sql.
Sam Hartman [Wed, 26 Mar 2014 08:18:16 +0000 (04:18 -0400)]
Update spec file for 1.2
Margaret Wasserman [Mon, 24 Mar 2014 22:20:47 +0000 (18:20 -0400)]
Remove need for remote def of TR_FLINE that won't compile on Centos.
Margaret Wasserman [Tue, 18 Mar 2014 21:21:41 +0000 (17:21 -0400)]
Update trust_router version number to 1.2
Margaret Wasserman [Tue, 18 Mar 2014 20:50:49 +0000 (16:50 -0400)]
Increment TID library version number to 1.
Margaret Wasserman [Mon, 17 Mar 2014 19:04:47 +0000 (15:04 -0400)]
If port passed in to tidc_open_connection() is 0, use the default port.
Margaret Wasserman [Sat, 15 Mar 2014 10:10:00 +0000 (06:10 -0400)]
Debugging printfs for trust router port number.
Margaret Wasserman [Fri, 14 Mar 2014 13:41:22 +0000 (09:41 -0400)]
Remove API dependency on jansson for constraints.
Margaret Wasserman [Thu, 13 Mar 2014 13:13:32 +0000 (09:13 -0400)]
Allow caller to set port number for tidc_open_connection(). Install
include/trust_router/tr_constraints.h, so that freeradius will build
with updated TID code.
Margaret Wasserman [Wed, 12 Mar 2014 18:18:24 +0000 (14:18 -0400)]
Change name type passed to gss_import_name().
Margaret Wasserman [Wed, 12 Mar 2014 12:30:09 +0000 (08:30 -0400)]
Avoid overwriting gss error before printing.
Margaret Wasserman [Wed, 12 Mar 2014 12:29:25 +0000 (08:29 -0400)]
Allow the Trust Router's TIDS port to be set in the internal config.
Margaret Wasserman [Tue, 4 Mar 2014 13:19:05 +0000 (08:19 -0500)]
Don't overwrite minorStatus before printing error.
Margaret Wasserman [Tue, 4 Mar 2014 12:41:49 +0000 (07:41 -0500)]
Fix bug in previous commit.
Margaret Wasserman [Tue, 4 Mar 2014 12:40:01 +0000 (07:40 -0500)]
Add hostname to service name in gsscon_connect().
Margaret Wasserman [Fri, 14 Feb 2014 19:03:58 +0000 (14:03 -0500)]
Add files not commited for AAA Server IP Addr to Hostname change.
Margaret Wasserman [Fri, 14 Feb 2014 01:15:53 +0000 (20:15 -0500)]
Configure AAA Server hostname, instead of expecting an IP address.
Margaret Wasserman [Fri, 14 Feb 2014 00:57:13 +0000 (19:57 -0500)]
Completion of constraints code, not fully tested.
Margaret Wasserman [Mon, 3 Feb 2014 10:45:31 +0000 (05:45 -0500)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Sam Hartman [Thu, 30 Jan 2014 16:02:45 +0000 (11:02 -0500)]
tr_tids_gss_handler: print auth name
Print the name we authenticated to.
Margaret Wasserman [Thu, 30 Jan 2014 10:45:30 +0000 (05:45 -0500)]
Configuration code for realm and domain constraints.
Sam Hartman [Thu, 23 Jan 2014 21:11:52 +0000 (16:11 -0500)]
asprintf not sprintf
Margaret Wasserman [Wed, 22 Jan 2014 20:05:58 +0000 (15:05 -0500)]
Added hostname to configuration and example code.
Margaret Wasserman [Wed, 22 Jan 2014 14:43:02 +0000 (09:43 -0500)]
Add things missing from previous commit to add realm_name to the service name.
Margaret Wasserman [Wed, 22 Jan 2014 14:37:22 +0000 (09:37 -0500)]
Changes to add realm name (from config) to end of service name for passive authentication.
Sam Hartman [Fri, 20 Dec 2013 20:15:59 +0000 (15:15 -0500)]
new version
Margaret Wasserman [Fri, 20 Dec 2013 16:43:36 +0000 (11:43 -0500)]
Fix bugs found in testing new filtering code.
Margaret Wasserman [Thu, 19 Dec 2013 18:20:57 +0000 (13:20 -0500)]
Clean up compiler warnings (and likely bugs).
Margaret Wasserman [Thu, 19 Dec 2013 18:14:09 +0000 (13:14 -0500)]
Full support for rp_permitted filters using new filter structures, etc.
Margaret Wasserman [Wed, 18 Dec 2013 12:27:00 +0000 (07:27 -0500)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Margaret Wasserman [Wed, 18 Dec 2013 12:25:52 +0000 (07:25 -0500)]
Configuration for full filter structures.
Sam Hartman [Mon, 25 Nov 2013 12:59:39 +0000 (07:59 -0500)]
specfile: bump release
Margaret Wasserman [Tue, 19 Nov 2013 17:27:51 +0000 (12:27 -0500)]
Update makefiles to include tid/tr_resp.c.