Sam Hartman [Thu, 28 Aug 2014 21:26:55 +0000 (17:26 -0400)]
Symbols file
Sam Hartman [Thu, 28 Aug 2014 20:44:02 +0000 (16:44 -0400)]
Fix spelling
Sam Hartman [Thu, 28 Aug 2014 20:43:47 +0000 (16:43 -0400)]
Don't install tr_dh_test
Sam Hartman [Thu, 28 Aug 2014 20:35:14 +0000 (16:35 -0400)]
Fix email addresses in changelog
Sam Hartman [Thu, 28 Aug 2014 20:34:20 +0000 (16:34 -0400)]
Note missing manpages
Sam Hartman [Thu, 28 Aug 2014 20:32:16 +0000 (16:32 -0400)]
Fix debug package dependencies
Sam Hartman [Thu, 28 Aug 2014 00:00:19 +0000 (20:00 -0400)]
merge patched-debian into debian
Sam Hartman [Wed, 27 Aug 2014 23:59:38 +0000 (19:59 -0400)]
remove indentation in makefile which breaks install rule
Sam Hartman [Wed, 27 Aug 2014 23:28:07 +0000 (19:28 -0400)]
Policy fixups
Sam Hartman [Wed, 27 Aug 2014 23:13:32 +0000 (19:13 -0400)]
Use git dpm and 3.0 quilt source format
Sam Hartman [Wed, 27 Aug 2014 23:10:53 +0000 (19:10 -0400)]
Document changes and todo
Sam Hartman [Wed, 27 Aug 2014 23:09:35 +0000 (19:09 -0400)]
change version to 1.3.1-1 (UNRELEASED)
New Upstream Version
Initial Debian release, Closes: #759398
Sam Hartman [Wed, 27 Aug 2014 23:05:40 +0000 (19:05 -0400)]
merge patched-debian into debian
Sam Hartman [Wed, 27 Aug 2014 23:05:15 +0000 (19:05 -0400)]
gitignore
INclude gitignore files not distributed in upstream tarball
Patch-Name: gitignore
Sam Hartman [Wed, 27 Aug 2014 23:03:31 +0000 (19:03 -0400)]
Initialize git-dpm
Sam Hartman [Wed, 27 Aug 2014 23:02:29 +0000 (19:02 -0400)]
Merge branch 'upstream' into debian
Merge 1.3.1 into Debian
Sam Hartman [Wed, 27 Aug 2014 23:02:17 +0000 (19:02 -0400)]
Import trust-router_1.3.1.orig.tar.gz
Sam Hartman [Wed, 27 Aug 2014 22:31:59 +0000 (18:31 -0400)]
Release 1.3.1 for stable point for Debian
Sam Hartman [Wed, 27 Aug 2014 22:57:47 +0000 (18:57 -0400)]
gsscon_passive: remove dead code
Sam Hartman [Tue, 26 Aug 2014 23:01:43 +0000 (19:01 -0400)]
Update debian copyright to be accurate
Sam Hartman [Sat, 23 Aug 2014 00:09:23 +0000 (20:09 -0400)]
fix typo
Adam Bishop [Wed, 20 Aug 2014 18:01:54 +0000 (19:01 +0100)]
Allow tidc to take a port number as an optional argument
Sam Hartman [Mon, 4 Aug 2014 04:20:09 +0000 (00:20 -0400)]
Merge remote-tracking branch 'origin/master' into debian
Conflicts:
trust_router.spec
Sam Hartman [Fri, 1 Aug 2014 17:49:05 +0000 (13:49 -0400)]
Specify systemdsystemunitdir location
Sam Hartman [Wed, 30 Jul 2014 23:44:12 +0000 (19:44 -0400)]
We don't install the tids.service until rhel7
Sam Hartman [Wed, 30 Jul 2014 23:23:39 +0000 (19:23 -0400)]
Standardized approach to systemd unit files
Sam Hartman [Wed, 30 Jul 2014 22:00:59 +0000 (18:00 -0400)]
Create user and populate keys database
Sam Hartman [Wed, 30 Jul 2014 22:00:59 +0000 (18:00 -0400)]
Create user and populate keys database
Sam Hartman [Wed, 30 Jul 2014 19:29:20 +0000 (15:29 -0400)]
Convince Centos not to override -Wno-parenthesis
Sam Hartman [Wed, 30 Jul 2014 19:24:37 +0000 (15:24 -0400)]
Distribute tr_debug.h
Sam Hartman [Wed, 30 Jul 2014 18:56:20 +0000 (14:56 -0400)]
Include new files in spec
Sam Hartman [Wed, 30 Jul 2014 18:54:51 +0000 (14:54 -0400)]
distribute tids.service and schema.sql
Sam Hartman [Thu, 24 Jul 2014 16:05:35 +0000 (12:05 -0400)]
libtr-tid1->2
Sam Hartman [Thu, 24 Jul 2014 15:59:41 +0000 (11:59 -0400)]
Centos6 compiler is too picky about typedefs; pacify it.
Sam Hartman [Tue, 22 Jul 2014 17:48:42 +0000 (13:48 -0400)]
fix typo
Sam Hartman [Tue, 22 Jul 2014 16:09:25 +0000 (12:09 -0400)]
Packaging for Trust router 1.3
Sam Hartman [Tue, 22 Jul 2014 16:04:59 +0000 (12:04 -0400)]
Merge branch 'master' into debian
Version 1.3
Sam Hartman [Tue, 22 Jul 2014 14:29:17 +0000 (10:29 -0400)]
Version 1.3
Sam Hartman [Thu, 17 Jul 2014 00:41:45 +0000 (20:41 -0400)]
API improvements needed by freeradius
Sam Hartman [Wed, 16 Jul 2014 16:51:17 +0000 (12:51 -0400)]
In with the scabs, out with the tr_msg union!
The tr_msg union lead to a number of security issues because the code
tended to check to see if msg->msg_struct_name was non-null. However
it was always non-null because the pointer was shared among all the
union members. Instead, use accessors for everything.
LP: #1333734
Sam Hartman [Wed, 16 Jul 2014 15:17:52 +0000 (11:17 -0400)]
ABI/API break: pas in TID_RESP * to handler
Previously, we passed in TID_RESP ** to the request handler. However
the request handlers assumed that the response was allocated. We
don't want responses allocated in the handler, so make it a single
pointer.
note that the existing handler interface is probably inappropriate for
an event-loop-based trust router.
Sam Hartman [Mon, 21 Jul 2014 21:44:36 +0000 (17:44 -0400)]
always use tid_req_new for TID_REQ
Sam Hartman [Mon, 21 Jul 2014 21:43:38 +0000 (17:43 -0400)]
Enable talloc error reporting for tids and tidc
Sam Hartman [Tue, 15 Jul 2014 20:38:12 +0000 (16:38 -0400)]
Track num_servers correctly
Sam Hartman [Tue, 15 Jul 2014 15:39:15 +0000 (11:39 -0400)]
TID_RESP: array of servers rather than linked list
Provide an array of servers rather than a linked list for easier sorting.
TID_RESP is now allocated by talloc.
Sam Hartman [Tue, 15 Jul 2014 14:07:29 +0000 (10:07 -0400)]
Make tid types opaque
Sam Hartman [Mon, 14 Jul 2014 19:59:46 +0000 (15:59 -0400)]
It is not a failure to have no constraints at all, although no authorizations are created
Sam Hartman [Mon, 14 Jul 2014 19:55:27 +0000 (15:55 -0400)]
tr_constraints: constraint set members can have limited types
If a constraint set member has a domain constraint but no realm
constraint treat that as a universal realm constraint (*).
However, if no constraint set member has that constraint type then
access is denied; we do not fail open.
Sam Hartman [Mon, 14 Jul 2014 18:18:36 +0000 (14:18 -0400)]
Include authorizations view in schema
Sam Hartman [Fri, 11 Jul 2014 19:12:34 +0000 (15:12 -0400)]
Iterators also needed for tests
Sam Hartman [Fri, 11 Jul 2014 19:12:24 +0000 (15:12 -0400)]
don't redefine json_t
Sam Hartman [Fri, 11 Jul 2014 19:03:12 +0000 (15:03 -0400)]
Back port jansson iterators
Sam Hartman [Mon, 7 Jul 2014 18:27:48 +0000 (14:27 -0400)]
tids: include constraints in database
new table authorizations includes constraints for domain and realm as
well as the COI and APC used for the connection.
Sam Hartman [Thu, 3 Jul 2014 20:40:48 +0000 (16:40 -0400)]
tr_constraint_set_get_match_strings
New function to retrieve the wild card strings that match a constraint
type for an intersected constraint set.
As a result convert TID_REQ to using talloc.
Depend on talloc project wide.
# Please enter the commit
message for your changes. Lines starting # with '#' will be ignored,
and an empty message aborts the commit. # On branch master # Your
branch is ahead of 'origin/master' by 3 commits. # (use "git push" to
publish your local commits) # # Changes to be committed: # modified:
common/tr_constraint.c # modified: configure.ac # modified:
include/trust_router/tid.h # modified:
include/trust_router/tr_constraint.h # modified:
include/trust_router/tr_name.h # modified: tid/tid_req.c # modified:
tid/tidc.c # # Changes not staged for commit: # modified:
include/trust_router/tr_versioning.h # # Untracked files: # "\a" #
cscope.out # db # dest/ # foo.c # trust_router-1.0.tar.gz #
Sam Hartman [Fri, 11 Jul 2014 19:11:27 +0000 (15:11 -0400)]
depend on talloc
Sam Hartman [Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)]
tr_dh_pub_digest
Function to compute public key digest of client. Use to store that in
sqlite3 database. Update schema.
Sam Hartman [Thu, 3 Jul 2014 14:43:50 +0000 (10:43 -0400)]
copyright update
Sam Hartman [Thu, 3 Jul 2014 14:36:35 +0000 (10:36 -0400)]
Include constraints in tid_req messages
Sam Hartman [Wed, 2 Jul 2014 09:41:41 +0000 (05:41 -0400)]
Makefile: enable tests and -Werror
Enable t_constraint tests in make check
Also enable -Werror since we pass with that.
Sam Hartman [Wed, 2 Jul 2014 09:37:06 +0000 (05:37 -0400)]
tr_constraint_set_intersect
New function to intersect a constraint set and return a constraint
describing the domain and realm constraints that can be met by the
set.
Include tests for this. The particular test cases are also designed
to test merge_constraints (included in this patch) and
tr_prefix_wildcard_match.
Sam Hartman [Wed, 2 Jul 2014 09:34:12 +0000 (05:34 -0400)]
tid_req: Store json references
Support storing references to json objects in TID requests.
Sam Hartman [Wed, 2 Jul 2014 09:30:21 +0000 (05:30 -0400)]
Move tr_prefix_wildcard_match to tr_constraint.c
We need tr_prefix_wildcard_match for merge_constraints and for
tr_filter.c. Export it from libtr_tid even though it's in a private
header. It's not part of the public API but is part of the library so
tr_filter can import it.
Also, fix bug; all strings were treated as wildcards.
Sam Hartman [Mon, 26 May 2014 19:44:21 +0000 (15:44 -0400)]
fix keys creation
Sam Hartman [Mon, 26 May 2014 19:44:21 +0000 (15:44 -0400)]
fix keys creation
Sam Hartman [Mon, 26 May 2014 19:44:04 +0000 (15:44 -0400)]
Fix another bug in tids.service
Sam Hartman [Wed, 21 May 2014 20:02:01 +0000 (16:02 -0400)]
s:trustrouter:trust_router
Sam Hartman [Wed, 21 May 2014 20:02:22 +0000 (16:02 -0400)]
trust_router not trustrouter in tids.service
Sam Hartman [Wed, 21 May 2014 20:02:01 +0000 (16:02 -0400)]
s:trustrouter:trust_router
Sam Hartman [Tue, 20 May 2014 01:21:40 +0000 (21:21 -0400)]
Fix typo
Sam Hartman [Tue, 20 May 2014 01:21:40 +0000 (21:21 -0400)]
Fix typo
Sam Hartman [Tue, 20 May 2014 01:10:53 +0000 (21:10 -0400)]
Merge branch 'master' into debian
Sam Hartman [Tue, 20 May 2014 01:10:45 +0000 (21:10 -0400)]
Enable unit
Sam Hartman [Tue, 20 May 2014 01:10:35 +0000 (21:10 -0400)]
fix typo
Sam Hartman [Tue, 20 May 2014 00:49:56 +0000 (20:49 -0400)]
Merge branch 'master' into debian
Sam Hartman [Tue, 20 May 2014 00:49:39 +0000 (20:49 -0400)]
Include tids service unit and schema sql.
Sam Hartman [Tue, 20 May 2014 00:49:21 +0000 (20:49 -0400)]
Include systemd service and schema file
* Include systemd service and schema file
* Create trustrouter user on install
Sam Hartman [Wed, 26 Mar 2014 08:18:16 +0000 (04:18 -0400)]
Update spec file for 1.2
Margaret Wasserman [Mon, 24 Mar 2014 22:20:47 +0000 (18:20 -0400)]
Remove need for remote def of TR_FLINE that won't compile on Centos.
Margaret Wasserman [Tue, 18 Mar 2014 22:02:17 +0000 (18:02 -0400)]
Document changes.
Margaret Wasserman [Tue, 18 Mar 2014 22:00:10 +0000 (18:00 -0400)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router into debian
Margaret Wasserman [Tue, 18 Mar 2014 21:21:41 +0000 (17:21 -0400)]
Update trust_router version number to 1.2
Margaret Wasserman [Tue, 18 Mar 2014 21:12:40 +0000 (17:12 -0400)]
Change version number of libtr-tid library.
Margaret Wasserman [Tue, 18 Mar 2014 21:10:49 +0000 (17:10 -0400)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router into debian
Margaret Wasserman [Tue, 18 Mar 2014 20:50:49 +0000 (16:50 -0400)]
Increment TID library version number to 1.
Margaret Wasserman [Mon, 17 Mar 2014 19:04:47 +0000 (15:04 -0400)]
If port passed in to tidc_open_connection() is 0, use the default port.
Margaret Wasserman [Sat, 15 Mar 2014 10:10:00 +0000 (06:10 -0400)]
Debugging printfs for trust router port number.
Margaret Wasserman [Fri, 14 Mar 2014 13:41:22 +0000 (09:41 -0400)]
Remove API dependency on jansson for constraints.
Margaret Wasserman [Thu, 13 Mar 2014 13:13:32 +0000 (09:13 -0400)]
Allow caller to set port number for tidc_open_connection(). Install
include/trust_router/tr_constraints.h, so that freeradius will build
with updated TID code.
Margaret Wasserman [Wed, 12 Mar 2014 18:18:24 +0000 (14:18 -0400)]
Change name type passed to gss_import_name().
Margaret Wasserman [Wed, 12 Mar 2014 12:30:09 +0000 (08:30 -0400)]
Avoid overwriting gss error before printing.
Margaret Wasserman [Wed, 12 Mar 2014 12:29:25 +0000 (08:29 -0400)]
Allow the Trust Router's TIDS port to be set in the internal config.
Margaret Wasserman [Tue, 4 Mar 2014 13:19:05 +0000 (08:19 -0500)]
Don't overwrite minorStatus before printing error.
Margaret Wasserman [Tue, 4 Mar 2014 12:41:49 +0000 (07:41 -0500)]
Fix bug in previous commit.
Margaret Wasserman [Tue, 4 Mar 2014 12:40:01 +0000 (07:40 -0500)]
Add hostname to service name in gsscon_connect().
Margaret Wasserman [Fri, 14 Feb 2014 19:03:58 +0000 (14:03 -0500)]
Add files not commited for AAA Server IP Addr to Hostname change.
Margaret Wasserman [Fri, 14 Feb 2014 01:15:53 +0000 (20:15 -0500)]
Configure AAA Server hostname, instead of expecting an IP address.
Margaret Wasserman [Fri, 14 Feb 2014 00:57:13 +0000 (19:57 -0500)]
Completion of constraints code, not fully tested.
Margaret Wasserman [Mon, 3 Feb 2014 10:45:31 +0000 (05:45 -0500)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Sam Hartman [Thu, 30 Jan 2014 16:02:45 +0000 (11:02 -0500)]
tr_tids_gss_handler: print auth name
Print the name we authenticated to.
Margaret Wasserman [Thu, 30 Jan 2014 10:45:30 +0000 (05:45 -0500)]
Configuration code for realm and domain constraints.