From dd90d231263fc3dde5f538a5a83d88dd701ed178 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@painless-security.com>
Date: Thu, 19 Apr 2018 17:01:13 -0400
Subject: [PATCH] Add support for "show realms" monitoring request

---
 common/tr_comm_encoders.c |   2 +
 common/tr_idp_encoders.c  | 145 ++++++++++++++++++++++++++++++++++++++++++++++
 include/mon_internal.h    |   4 +-
 include/tr_idp.h          |   2 +-
 mon/mon_common.c          |   8 +++
 tr/tr_trp_mons.c          |  12 ++++
 trp/trp_peer_encoders.c   |   8 +--
 7 files changed, 175 insertions(+), 6 deletions(-)

diff --git a/common/tr_comm_encoders.c b/common/tr_comm_encoders.c
index 8a5a9b6..bd3278e 100644
--- a/common/tr_comm_encoders.c
+++ b/common/tr_comm_encoders.c
@@ -183,6 +183,8 @@ static json_t *tr_comm_realms_to_json(TR_COMM_TABLE *ctable, TR_NAME *comm_name,
 
   iter = tr_comm_iter_new(NULL);
   realm = tr_realm_iter_first(iter, ctable, comm_name);
+
+  /* Do not display the full realm json here, only the name and info relevant to the community listing */
   while(realm) {
     if (realm->role == role) {
       realm_json = json_object();
diff --git a/common/tr_idp_encoders.c b/common/tr_idp_encoders.c
index f31aa65..fec129a 100644
--- a/common/tr_idp_encoders.c
+++ b/common/tr_idp_encoders.c
@@ -34,6 +34,7 @@
 
 #include <talloc.h>
 #include <time.h>
+#include <jansson.h>
 
 #include <tr_name_internal.h>
 #include <tr_idp.h>
@@ -119,3 +120,147 @@ char *tr_idp_realm_to_str(TALLOC_CTX *mem_ctx, TR_IDP_REALM *idp)
   return result;
 }
 
+
+/* helper for below */
+#define OBJECT_SET_OR_FAIL(jobj, key, val)     \
+do {                                           \
+  if (val)                                     \
+    json_object_set_new((jobj),(key),(val));   \
+  else                                         \
+    goto cleanup;                              \
+} while (0)
+
+#define ARRAY_APPEND_OR_FAIL(jary, val)        \
+do {                                           \
+  if (val)                                     \
+    json_array_append_new((jary),(val));       \
+  else                                         \
+    goto cleanup;                              \
+} while (0)
+
+static json_t *tr_apcs_to_json(TR_APC *apcs)
+{
+  json_t *jarray = json_array();
+  json_t *retval = NULL;
+  TR_APC_ITER *iter = tr_apc_iter_new(NULL);
+  TR_APC *apc = NULL;
+
+  if ((jarray == NULL) || (iter == NULL))
+    goto cleanup;
+
+  apc = tr_apc_iter_first(iter, apcs);
+  while (apc) {
+    ARRAY_APPEND_OR_FAIL(jarray, tr_name_to_json_string(tr_apc_get_id(apc)));
+    apc = tr_apc_iter_next(iter);
+  }
+
+  /* success */
+  retval = jarray;
+  json_incref(retval);
+
+cleanup:
+  if (jarray)
+    json_decref(jarray);
+
+  return retval;
+}
+
+static json_t *tr_aaa_server_to_json(TR_AAA_SERVER *aaa)
+{
+  char *hostname = tr_name_strdup(aaa->hostname);
+  char *s = NULL;
+  json_t *jstr = NULL;
+
+  if (hostname == NULL)
+    return NULL;
+
+  s = talloc_asprintf(NULL, "%s:%d", hostname, TID_PORT);
+  if (s) {
+    jstr = json_string(s);
+    talloc_free(s);
+  }
+  return jstr;
+}
+
+static json_t *tr_aaa_servers_to_json(TR_AAA_SERVER *aaas)
+{
+  json_t *jarray = json_array();
+  json_t *retval = NULL;
+  TR_AAA_SERVER_ITER *iter = tr_aaa_server_iter_new(NULL);
+  TR_AAA_SERVER *aaa = NULL;
+
+  if ((jarray == NULL) || (iter == NULL))
+    goto cleanup;
+
+  aaa = tr_aaa_server_iter_first(iter, aaas);
+  while (aaa) {
+    ARRAY_APPEND_OR_FAIL(jarray, tr_aaa_server_to_json(aaa));
+    aaa = tr_aaa_server_iter_next(iter);
+  }
+
+  /* success */
+  retval = jarray;
+  json_incref(retval);
+
+cleanup:
+  if (jarray)
+    json_decref(jarray);
+
+  return retval;
+}
+
+static json_t *tr_idp_realm_to_json(TR_IDP_REALM *idp)
+{
+  json_t *idp_json = json_object();
+  json_t *retval = NULL;
+
+  if (idp_json == NULL)
+    goto cleanup;
+
+
+  /* success */
+  retval = idp_json;
+  json_incref(retval);
+
+  OBJECT_SET_OR_FAIL(idp_json, "realm",
+                     tr_name_to_json_string(tr_idp_realm_get_id(idp)));
+  OBJECT_SET_OR_FAIL(idp_json, "discovered",
+                     json_boolean(idp->origin == TR_REALM_DISCOVERED));
+  OBJECT_SET_OR_FAIL(idp_json, "apcs",
+                     tr_apcs_to_json(tr_idp_realm_get_apcs(idp)));
+  OBJECT_SET_OR_FAIL(idp_json, "aaa_servers",
+                     tr_aaa_servers_to_json(idp->aaa_servers));
+  OBJECT_SET_OR_FAIL(idp_json, "shared_config",
+                     json_boolean(idp->shared_config));
+cleanup:
+  if (idp_json)
+    json_decref(idp_json);
+
+  return retval;
+}
+
+json_t *tr_idp_realms_to_json(TR_IDP_REALM *idps)
+{
+  {
+    json_t *jarray = json_array();
+    json_t *retval = NULL;
+    TR_IDP_REALM *this = NULL;
+
+    if (jarray == NULL)
+      goto cleanup;
+
+    for (this=idps; this != NULL; this=this->next)
+      ARRAY_APPEND_OR_FAIL(jarray, tr_idp_realm_to_json(this));
+
+    /* success */
+    retval = jarray;
+    json_incref(retval);
+
+  cleanup:
+    if (jarray)
+      json_decref(jarray);
+
+    return retval;
+  }
+
+}
\ No newline at end of file
diff --git a/include/mon_internal.h b/include/mon_internal.h
index c58b9d7..ff2be72 100644
--- a/include/mon_internal.h
+++ b/include/mon_internal.h
@@ -106,7 +106,9 @@ enum mon_opt_type {
   // Dynamic trust router state
   OPT_TYPE_SHOW_ROUTES,
   OPT_TYPE_SHOW_PEERS,
-  OPT_TYPE_SHOW_COMMUNITIES
+  OPT_TYPE_SHOW_COMMUNITIES,
+  OPT_TYPE_SHOW_REALMS,
+  OPT_TYPE_SHOW_RP_CLIENTS
 };
 
 struct mon_opt {
diff --git a/include/tr_idp.h b/include/tr_idp.h
index 917da85..68d669e 100644
--- a/include/tr_idp.h
+++ b/include/tr_idp.h
@@ -101,6 +101,6 @@ TR_AAA_SERVER *tr_default_server_lookup(TR_AAA_SERVER *default_servers, TR_NAME
 
 /* tr_idp_encoders.c */
 char *tr_idp_realm_to_str(TALLOC_CTX *mem_ctx, TR_IDP_REALM *idp);
-json_t *tr_idp_realm_to_json(TR_IDP_REALM *idp);
+json_t *tr_idp_realms_to_json(TR_IDP_REALM *idp);
 
 #endif
diff --git a/mon/mon_common.c b/mon/mon_common.c
index d97c943..b03afda 100644
--- a/mon/mon_common.c
+++ b/mon/mon_common.c
@@ -110,6 +110,12 @@ const char *mon_opt_type_to_string(MON_OPT_TYPE opt_type)
 
     case OPT_TYPE_SHOW_COMMUNITIES:
       return "communities";
+
+    case OPT_TYPE_SHOW_REALMS:
+      return "realms";
+
+    case OPT_TYPE_SHOW_RP_CLIENTS:
+      return "rp_clients";
   }
   return NULL;
 }
@@ -132,6 +138,8 @@ MON_OPT_TYPE mon_opt_type_from_string(const char *s)
   return_if_matches(s, OPT_TYPE_SHOW_ROUTES);
   return_if_matches(s, OPT_TYPE_SHOW_PEERS);
   return_if_matches(s, OPT_TYPE_SHOW_COMMUNITIES);
+  return_if_matches(s, OPT_TYPE_SHOW_REALMS);
+  return_if_matches(s, OPT_TYPE_SHOW_RP_CLIENTS);
   return OPT_TYPE_UNKNOWN;
 }
 #undef return_if_matches
diff --git a/tr/tr_trp_mons.c b/tr/tr_trp_mons.c
index f57154d..354d1c8 100644
--- a/tr/tr_trp_mons.c
+++ b/tr/tr_trp_mons.c
@@ -40,6 +40,7 @@
 #include <trp_rtable.h>
 #include <trp_ptable.h>
 #include <tr_comm.h>
+#include <tr_idp.h>
 #include <mon_internal.h>
 #include <mons_handlers.h>
 
@@ -67,6 +68,14 @@ static MON_RC handle_show_communities(void *cookie, json_t **response_ptr)
   return (*response_ptr == NULL) ? MON_NOMEM : MON_SUCCESS;
 }
 
+static MON_RC handle_show_realms(void *cookie, json_t **response_ptr)
+{
+  TRPS_INSTANCE *trps = talloc_get_type_abort(cookie, TRPS_INSTANCE);
+
+  *response_ptr = tr_idp_realms_to_json(trps->ctable->idp_realms);
+  return (*response_ptr == NULL) ? MON_NOMEM : MON_SUCCESS;
+}
+
 void tr_trp_register_mons_handlers(TRPS_INSTANCE *trps, MONS_INSTANCE *mons)
 {
   mons_register_handler(mons,
@@ -78,4 +87,7 @@ void tr_trp_register_mons_handlers(TRPS_INSTANCE *trps, MONS_INSTANCE *mons)
   mons_register_handler(mons,
                         MON_CMD_SHOW, OPT_TYPE_SHOW_COMMUNITIES,
                         handle_show_communities, trps);
+  mons_register_handler(mons,
+                        MON_CMD_SHOW, OPT_TYPE_SHOW_REALMS,
+                        handle_show_realms, trps);
 }
diff --git a/trp/trp_peer_encoders.c b/trp/trp_peer_encoders.c
index f4edbeb..6c8a4bf 100644
--- a/trp/trp_peer_encoders.c
+++ b/trp/trp_peer_encoders.c
@@ -100,18 +100,18 @@ json_t *trp_peer_to_json(TRP_PEER *peer)
   OBJECT_SET_OR_FAIL(peer_json, "server",
                      server_to_json_string(trp_peer_get_server(peer),
                                            trp_peer_get_port(peer)));
+  OBJECT_SET_OR_FAIL(peer_json, "servicename",
+                     tr_name_to_json_string(trp_peer_get_servicename(peer)));
   OBJECT_SET_OR_FAIL(peer_json, "linkcost",
                      json_integer(trp_peer_get_linkcost(peer)));
   OBJECT_SET_OR_FAIL(peer_json, "connected_to",
                      json_boolean(trp_peer_get_outgoing_status(peer) == PEER_CONNECTED));
   OBJECT_SET_OR_FAIL(peer_json, "connected_from",
                      json_boolean(trp_peer_get_incoming_status(peer) == PEER_CONNECTED));
-  OBJECT_SET_OR_FAIL(peer_json, "servicename",
-                     tr_name_to_json_string(trp_peer_get_servicename(peer)));
-  OBJECT_SET_OR_FAIL(peer_json, "allowed_credentials",
-                     gss_names_to_json_array(trp_peer_get_gss_names(peer)));
   OBJECT_SET_OR_FAIL(peer_json, "last_connection_attempt",
                      last_attempt_to_json_string(peer));
+  OBJECT_SET_OR_FAIL(peer_json, "allowed_credentials",
+                     gss_names_to_json_array(trp_peer_get_gss_names(peer)));
 
   /* succeeded - set the return value and increment the reference count */
   retval = peer_json;
-- 
2.1.4