Jennifer Richards [Tue, 5 Jun 2018 16:45:22 +0000 (12:45 -0400)]
Update changelog
Jennifer Richards [Tue, 5 Jun 2018 16:39:35 +0000 (12:39 -0400)]
Merge branch 'master' into debian
Jennifer Richards [Tue, 5 Jun 2018 16:37:25 +0000 (12:37 -0400)]
Use json_is_true() in place of json_boolean_value() for compatibility
Jennifer Richards [Mon, 4 Jun 2018 15:00:31 +0000 (11:00 -0400)]
Update changelog (3.4.0-1)
Jennifer Richards [Mon, 4 Jun 2018 14:50:19 +0000 (10:50 -0400)]
Merge branch 'master' into debian
Jennifer Richards [Mon, 4 Jun 2018 14:49:39 +0000 (10:49 -0400)]
Merge branch 'debian-testing' into debian
Jennifer Richards [Sat, 2 Jun 2018 02:31:47 +0000 (22:31 -0400)]
Bump version to 4.3.0, ABI to 4:2:2
Jennifer Richards [Sat, 2 Jun 2018 02:23:01 +0000 (22:23 -0400)]
Merge pull request #100 from painless-security/milestone/monitoring
Merge milestone/monitoring into master in preparation for release
Jennifer Richards [Sat, 2 Jun 2018 00:23:12 +0000 (20:23 -0400)]
Remove remnant of debug code that was accidentally committed
Jennifer Richards [Sat, 2 Jun 2018 00:19:49 +0000 (20:19 -0400)]
Allow "last_connection_attempt" field to be omitted in peer JSON
Jennifer Richards [Fri, 1 Jun 2018 21:04:28 +0000 (17:04 -0400)]
Merge branch 'milestone/monitoring' of https://github.com/painless-security/trust-router into milestone/monitoring
Jennifer Richards [Fri, 1 Jun 2018 21:03:20 +0000 (21:03 +0000)]
Emit error message in configure for more missing libraries
Jennifer Richards [Fri, 1 Jun 2018 21:01:31 +0000 (17:01 -0400)]
Use cast instead of talloc_get_type_abort for stack-allocated data
Jennifer Richards [Fri, 1 Jun 2018 20:55:43 +0000 (20:55 +0000)]
Emit error message in configure if libevent is missing
Jennifer Richards [Fri, 1 Jun 2018 20:43:24 +0000 (16:43 -0400)]
Refactor MON_CMD and MON_OPT_TYPE conversion to/from strings
Use a table in place of ad hoc switch statements, hopefully this is
less effort to maintain.
Jennifer Richards [Fri, 1 Jun 2018 19:58:49 +0000 (15:58 -0400)]
Merge pull request #99 from painless-security/jennifer/count_failed_reqs
Return separate counts of TID reqs that succeed and result in error
Jennifer Richards [Fri, 1 Jun 2018 19:58:28 +0000 (15:58 -0400)]
Reduce priority on a couple non-essential log messages
Jennifer Richards [Fri, 1 Jun 2018 19:39:56 +0000 (15:39 -0400)]
Set read timeout to 60 seconds instead of 60 ms (smh)
Jennifer Richards [Fri, 1 Jun 2018 19:02:17 +0000 (15:02 -0400)]
Return NULL rather than an invalid pointer on failure
Jennifer Richards [Fri, 1 Jun 2018 19:00:42 +0000 (15:00 -0400)]
Fix misleading indentation
Jennifer Richards [Fri, 1 Jun 2018 18:41:02 +0000 (14:41 -0400)]
Add a timeout to ReadBuffer() method
Jennifer Richards [Fri, 1 Jun 2018 18:36:55 +0000 (14:36 -0400)]
Return separate counts of TID reqs that succeed and result in error
* Pass result codes back from req callbacks for tr_gss connections
* Separately count TID responses and TID error responses
* Add monitoring handlers for the error response
* Rename monitoring option #defines to better match the string names
* Add more TR_GSS_RC codes
* Update trmon documentation string
Jennifer Richards [Fri, 1 Jun 2018 17:50:19 +0000 (13:50 -0400)]
Return nonzero exit code (specifically, 2) when a tidc req fails
Jennifer Richards [Fri, 1 Jun 2018 15:03:28 +0000 (11:03 -0400)]
Change monitoring_port -> mons_port where it was missed in a merge
Mark Donnelly [Fri, 1 Jun 2018 13:34:51 +0000 (09:34 -0400)]
Merge pull request #92 from painless-security/jennifer/reduce_logging
Reduce logging during connection accept and validate internal configuration
Jennifer Richards [Fri, 1 Jun 2018 00:46:07 +0000 (20:46 -0400)]
Return NULL when tr_cfg_parse_one_apc() fails
Jennifer Richards [Thu, 31 May 2018 19:30:06 +0000 (15:30 -0400)]
Let's try again on the build number tagging
Jennifer Richards [Thu, 31 May 2018 19:22:45 +0000 (15:22 -0400)]
Add a build_tag parameter to the version in the RPM spec file
This is to allow Jenkins to add a build number so we don't have
to muck about with the spec file
Jennifer Richards [Thu, 31 May 2018 18:56:50 +0000 (14:56 -0400)]
Add help to the trmon utility
Jennifer Richards [Thu, 31 May 2018 17:23:10 +0000 (13:23 -0400)]
Fix handling of errors with strtol(), factor out port parsing
* Set errno to 0 before calling strtol()
* Fix warnings in gssconn_{server,client}.c
* Add tr_parse_port() to tr_inet_util.[ch] and use throughout the
codebase for parsing port numbers
Jennifer Richards [Wed, 30 May 2018 14:51:15 +0000 (10:51 -0400)]
Update RPM example cfg files to include monitoring and serial_number
Jennifer Richards [Wed, 30 May 2018 05:07:02 +0000 (01:07 -0400)]
Merge pull request #86 from painless-security/jennifer/aaa_server_port
Allow configurable TID and TRP ports
Jennifer Richards [Wed, 30 May 2018 05:00:21 +0000 (01:00 -0400)]
Work with new hostname parsing and improve error reports
* Use the new tr_parse_host() function
* Output more useful errors when parsing aaa servers
* Update Makefile.am
Jennifer Richards [Wed, 30 May 2018 04:58:13 +0000 (00:58 -0400)]
Refactor host validation and parsing, move methods out of tr_util.[ch]
* Limit hostname validation to avoiding ambiguity about whether a port
is part of the string
* Refactor hostname/port parsing
- new function is tr_parse_host() in tr_inet_util.c
- handles both hostname and port
- works with strings, not TR_NAME
* Move hostname related methods out of tr_util.c
Changes to make the rest of the codebase work with these updates will be
in the next commit.
Jennifer Richards [Wed, 30 May 2018 04:54:35 +0000 (00:54 -0400)]
Set trust router port in trp_inforec_set_trust_router()
Jennifer Richards [Wed, 30 May 2018 00:40:26 +0000 (20:40 -0400)]
Add internet address/hostname validators in tr_inet_util.[ch]
Jennifer Richards [Tue, 29 May 2018 19:24:47 +0000 (15:24 -0400)]
Add accidentally omitted 'port' parameter to error messages
Jennifer Richards [Tue, 29 May 2018 19:07:55 +0000 (15:07 -0400)]
Validate internal configuration more thoroughly
Jennifer Richards [Tue, 29 May 2018 18:12:29 +0000 (14:12 -0400)]
Reduce logging priority while accepting connections
This will help address #89 by eliminating messages logged with "err"
priority before a connection is accepted.
Jennifer Richards [Fri, 25 May 2018 18:45:27 +0000 (14:45 -0400)]
Correctly set peer when an update is received
Jennifer Richards [Fri, 25 May 2018 17:33:45 +0000 (13:33 -0400)]
Use hostname:port format for specifying peer addresses
Drop the old "port" key for consistency with other handling of ports.
Jennifer Richards [Fri, 25 May 2018 17:32:50 +0000 (13:32 -0400)]
Fix bug in tr_parse_port()
Jennifer Richards [Fri, 25 May 2018 16:49:25 +0000 (12:49 -0400)]
Add signed integer parser to eliminate compiler errors
Jennifer Richards [Fri, 25 May 2018 15:59:57 +0000 (11:59 -0400)]
Use our hostname/TID port when sending a request, not our next_hop
Before this, we set the next_hop to ourselves for local routes, then
simply forwarded the next_hop to our peers in update messages. That is
incorrect - we need to fill in our own hostname/TID port every time, not
send the next_hop we forward to.
Also fixes a few port name / signed int changes that really belonged in
the previous commit.
Jennifer Richards [Fri, 25 May 2018 15:57:51 +0000 (11:57 -0400)]
Normalize port naming (tids_, trps_, and mons_port) and use signed int
This cleans up the port names in various functions and data structures.
Tries to get rid of ambiguous "port" fields. A few changes will be in
the next commit which has some functional updates as well.
Jennifer Richards [Fri, 25 May 2018 00:18:20 +0000 (20:18 -0400)]
Copy TID and TRP ports from inforec when accepting a route update
Jennifer Richards [Thu, 24 May 2018 22:30:11 +0000 (18:30 -0400)]
Support non-default TRP and TID ports
* Include trust_router and next_hop ports in inforecs, routes, and
update msgs
- affects encoders and decoders
- use next_hop from the inforec instead of assuming it is the
peer's server address
- default next_hop to the trust_router for backward compatibility
- default both ports to the standard well-known ports if not given
* fill in local routes with our hostname/port
- no longer permit empty next_hop fields
* Update filter handlers
- handle next_hop field
- use hostname:port format (or just hostname with default port)
- handle next_hop field
* Keep track of AAA server ports
* Be more careful with tr_msg JSON helper return values
* Use tr_name_strdup() to avoid ad hoc conversion from name to string
* Use signed int as port to allow -1 as an invalid port indicator
* Remove now-obsolete tr_aaa_server_from_name() function
Jennifer Richards [Thu, 24 May 2018 21:01:44 +0000 (17:01 -0400)]
Factor out hostname parsing for reuse
Jennifer Richards [Thu, 24 May 2018 18:05:39 +0000 (14:05 -0400)]
Fix typo, reorder methods in tr_aaa_server.c
Jennifer Richards [Thu, 24 May 2018 18:01:14 +0000 (14:01 -0400)]
Fix a leftover use of the old TR_AAA_SERVER structure
Jennifer Richards [Thu, 24 May 2018 18:00:56 +0000 (14:00 -0400)]
Use the port configured for a AAA server instead of assuming TID_PORT
* Pass TR_AAA_SERVER instead of hostname to TIDS forward threads
* Use the port set for the TR_AAA_SERVER instead of TID_PORT
Jennifer Richards [Thu, 24 May 2018 17:34:20 +0000 (13:34 -0400)]
Parse hostname/port for AAA server addresses
* Add methods to create a TR_AAA_SERVER from a hostname:port string
- also a version starting from a TR_NAME, which is a bit of a
misuse of the TR_NAME
* Update code to use the new methods instead
* tr_aaa_server_new() no longer sets the hostname
* tr_aaa_server_set_port() only uses default port when port == 0,
otherwise allows any value
* refactor tr_cfg_parse_one_aaa_server() to better use talloc
* Raise error in tr_tids_req_handler() if AAA server allocation fails
Jennifer Richards [Thu, 24 May 2018 15:43:31 +0000 (11:43 -0400)]
Move AAA server methods out of tr_idp.[ch] into their own files
* Create tr_aaa_server.[ch], move methods out of tr_idp.[ch]
- Existing methods unchanged
* Add port to TR_AAA_SERVER
* Add get/set methods for hostname/port
* Update makefiles
Jennifer Richards [Wed, 23 May 2018 20:41:26 +0000 (16:41 -0400)]
Add last few missing headers and clean up the order of the list
Jennifer Richards [Wed, 23 May 2018 20:26:52 +0000 (16:26 -0400)]
A few more forgotten headers in make dist
Jennifer Richards [Wed, 23 May 2018 20:22:16 +0000 (16:22 -0400)]
Add headers left out of make dist
Jennifer Richards [Wed, 23 May 2018 19:56:04 +0000 (15:56 -0400)]
Bump version in trust_router.spec to match configure.ac
Jennifer Richards [Wed, 23 May 2018 19:47:36 +0000 (15:47 -0400)]
Ensure the m4 directory exists so that autoreconf doesn't complain
* Add a throwaway hidden file so git creates the directory
* Add an exception in .gitignore so this file is not ignored
Jennifer Richards [Thu, 10 May 2018 16:15:06 +0000 (12:15 -0400)]
Prevent core dumps on intentional mons/tids subprocess abort()
Uses setrlimit() to set the core size limit to 0 for the subprocess
immediately before aborting.
Jennifer Richards [Tue, 8 May 2018 17:01:31 +0000 (13:01 -0400)]
Abort instead of exit from forked tids and mons subprocesses
Jennifer Richards [Mon, 7 May 2018 21:37:21 +0000 (17:37 -0400)]
Add trmon utility to debian packaging
Jennifer Richards [Mon, 7 May 2018 21:33:49 +0000 (17:33 -0400)]
Merge branch 'milestone/monitoring' into debian-testing
Jennifer Richards [Mon, 7 May 2018 21:29:48 +0000 (17:29 -0400)]
Use the the peer table iterator correctly
Jennifer Richards [Mon, 7 May 2018 20:20:17 +0000 (16:20 -0400)]
Validate whether peer gss name is non-null before duplicating it
Jennifer Richards [Mon, 7 May 2018 19:04:41 +0000 (15:04 -0400)]
Fix Makefile.am for t_constraint so "make check" succeeds
Jennifer Richards [Mon, 7 May 2018 18:48:22 +0000 (14:48 -0400)]
Merge pull request #82 from painless-security/jennifer/pull_req_feedback
Incorporate feedback from monitoring code reviews
Jennifer Richards [Mon, 7 May 2018 18:48:05 +0000 (14:48 -0400)]
Rename TID count options to show
* tid_req_count -> tid_reqs_processed
* tid_req_pending -> tid_reqs_pending
* tid_req_error_count -> tid_error_count
Jennifer Richards [Mon, 7 May 2018 18:37:57 +0000 (14:37 -0400)]
Remove unsupported 'reconfigure' monitoring command
Jennifer Richards [Mon, 7 May 2018 18:20:10 +0000 (14:20 -0400)]
Include trmon in RPM, nudge version to 3.4.0~2
Jennifer Richards [Mon, 7 May 2018 18:11:43 +0000 (14:11 -0400)]
Miscellaneous minor code cleanup for MRW's review comments
* Remove generation of DH in trmon.c, it's not needed
* Check return value of mon_req_add_option() in a few places it had
been ignored
* Spell out "Trust Router" in trmon version/help description
* Rename _decode -> _encode after a copy/paste
* Fix a few incorrect comments describing file contents
* Fix function name in debug messages in tr_cfg_parse_config_files()
* Include glib.h instead of gmodule.h in a few files
Jennifer Richards [Mon, 7 May 2018 18:06:43 +0000 (14:06 -0400)]
Move repeated #defines into tr_json_util.h and add documentation
Jennifer Richards [Mon, 7 May 2018 17:45:51 +0000 (13:45 -0400)]
Move DH record from TR_GSSC_INSTANCE to TIDC_INSTANCE, where it belongs
Jennifer Richards [Mon, 7 May 2018 17:24:19 +0000 (13:24 -0400)]
Treat TID req as error if a response is not sent
* Return an error code from tr_gss_handle_connection()
* When TID process terminates, send "OK" or "ERR" over the pipe
* Refactor handling of the TID fork() and messaging
Jennifer Richards [Mon, 7 May 2018 16:16:15 +0000 (12:16 -0400)]
Update a tr_mq_msg_new() call that slipped through with a msg priority
Jennifer Richards [Mon, 7 May 2018 16:05:44 +0000 (12:05 -0400)]
Merge pull request #81 from painless-security/jennifer/no_mq_priorities
Remove TR_MQ message priorities
Jennifer Richards [Mon, 7 May 2018 16:05:23 +0000 (12:05 -0400)]
Merge branch 'milestone/monitoring' into jennifer/no_mq_priorities
mrw42 [Fri, 4 May 2018 20:59:05 +0000 (16:59 -0400)]
Merge pull request #79 from painless-security/jennifer/memory_leaks
Clean up several memory leaks detected by valgrind
mrw42 [Fri, 4 May 2018 20:58:06 +0000 (16:58 -0400)]
Merge pull request #76 from painless-security/jennifer/trpc_deadlock
Eliminate deadlock in TRPC messaging queueing
mrw42 [Fri, 4 May 2018 19:05:56 +0000 (15:05 -0400)]
Merge pull request #72 from painless-security/jennifer/peer_label_for_updates
Use peer labels instead of GSS names when considering updates
mrw42 [Fri, 4 May 2018 19:04:10 +0000 (15:04 -0400)]
Merge pull request #74 from painless-security/jennifer/set_realm_apcs
Handle APC correctly when a realm is discovered from an APC community update
mrw42 [Fri, 4 May 2018 19:01:37 +0000 (15:01 -0400)]
Merge pull request #73 from painless-security/jennifer/expire_utc
Report expiration times in UTC instead of local time
mrw42 [Fri, 4 May 2018 19:00:24 +0000 (15:00 -0400)]
Merge pull request #61 from painless-security/jennifer/request_id
Add a 'request_id' to TID requests and responses
mrw42 [Fri, 4 May 2018 18:50:16 +0000 (14:50 -0400)]
Merge pull request #62 from painless-security/jennifer/report_incoming_ipaddr
Report incoming IP address when a connection comes in
Jennifer Richards [Thu, 3 May 2018 21:36:30 +0000 (17:36 -0400)]
Correct a comment
Jennifer Richards [Thu, 3 May 2018 21:11:19 +0000 (17:11 -0400)]
Merge remote-tracking branch 'github/milestone/monitoring' into jennifer/request_id
Jennifer Richards [Thu, 3 May 2018 20:50:54 +0000 (16:50 -0400)]
Merge branch 'milestone/monitoring' into jennifer/request_id
# Conflicts:
# include/trust_router/tid.h
# tid/tidc.c
# tr/tr_tid.c
mrw42 [Thu, 3 May 2018 20:42:46 +0000 (16:42 -0400)]
Merge pull request #59 from painless-security/jennifer/datastructures
Replace fixed length arrays with dynamic lists
mrw42 [Thu, 3 May 2018 20:13:15 +0000 (16:13 -0400)]
Merge pull request #48 from painless-security/jennifer/monitoring
Monitoring interface and back end support (pull request 10)
mrw42 [Thu, 3 May 2018 20:11:35 +0000 (16:11 -0400)]
Merge pull request #57 from painless-security/jennifer/show_rp_clients
Add show rp_clients command (pull request 9)
mrw42 [Thu, 3 May 2018 20:10:13 +0000 (16:10 -0400)]
Merge pull request #56 from painless-security/jennifer/show_realms
Add show realms command (pull request 8)
mrw42 [Thu, 3 May 2018 20:09:12 +0000 (16:09 -0400)]
Merge pull request #55 from painless-security/jennifer/show_communities
Add show communities command (pull request 7)
mrw42 [Thu, 3 May 2018 20:08:08 +0000 (16:08 -0400)]
Merge pull request #54 from painless-security/jennifer/show_peers
Add the show peers command (pull request 6)
mrw42 [Thu, 3 May 2018 20:07:11 +0000 (16:07 -0400)]
Merge pull request #53 from painless-security/jennifer/show_routes
Add show routes message support (pull request 5)
mrw42 [Thu, 3 May 2018 20:05:51 +0000 (16:05 -0400)]
Merge pull request #52 from painless-security/jennifer/subprocess_status
Report whether TID requests succeed and better clean up zombie TID / MON processes (pull request 4)
mrw42 [Thu, 3 May 2018 20:03:15 +0000 (16:03 -0400)]
Merge pull request #51 from painless-security/jennifer/monitoring_client_and_server
First functioning monitoring client/server (pull request 3)
mrw42 [Thu, 3 May 2018 20:02:05 +0000 (16:02 -0400)]
Merge pull request #50 from painless-security/jennifer/refactoring_tids
TID refactoring (pull request 2)
mrw42 [Thu, 3 May 2018 20:00:42 +0000 (16:00 -0400)]
Merge pull request #49 from painless-security/jennifer/mon_msg_encoders
Add encoders for monitoring messages (pull request 1)
Jennifer Richards [Thu, 3 May 2018 13:16:08 +0000 (09:16 -0400)]
Eliminate message priority from TR_MQ / TR_MQ_MSG
This was an unnecessary feature that had caused several bugs, most
recently #80. Rather than debug that, this removes the priorities,
returning to a simple queue.
Jennifer Richards [Wed, 2 May 2018 22:11:29 +0000 (18:11 -0400)]
Do not allocate return array if there are no return values
Calling talloc_array() with length 0 still allocates memory to track
the zero-length chunk. Return NULL because that is what we mean.
Jennifer Richards [Wed, 2 May 2018 21:49:05 +0000 (17:49 -0400)]
Remove unused variable