Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault

2015-07-10 09:56:21 -06:00 · 2015-07-10 09:56:21 -06:00 · 2901890df2
parent 3c7dd8611c 334dbe430c
commit 2901890df2
9 changed files with 44 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -41,12 +41,15 @@ IMPROVEMENTS:

 BUG FIXES:

+ * audit/file: file removing TLS connection state
+ * audit/syslog: fix removing TLS connection state
 * command/*: commands accepting `k=v` allow blank values
 * core: Allow building on FreeBSD [GH-365]
 * core: Fixed various panics when audit logging enabled
 * core: Lease renewal does not create redundant lease
 * core: fixed leases with negative duration [GH-354]
 * core: token renewal does not create child token
+ * core: fixing panic when lease increment is null [GH-408]
 * credential/app-id: Salt the paths in storage backend to avoid information leak
 * credential/cert: Fixing client certificate not being requested
 * credential/cert: Fixing panic when no certificate match found [GH-361]
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -112,8 +112,8 @@
 		},
 		{
 			"ImportPath": "github.com/hashicorp/consul/api",
-			"Comment": "v0.5.2-123-gaddb614",
-			"Rev": "addb6145096bbce6f9dde807a78cad2a4cea3a68"
+			"Comment": "v0.5.2-144-g2783f2b",
+			"Rev": "2783f2bfec1823362602924f5cd3c894743dca08"
 		},
 		{
 			"ImportPath": "github.com/hashicorp/errwrap",
--- a/builtin/audit/file/backend.go
+++ b/builtin/audit/file/backend.go
@ -56,10 +56,11 @@ func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr
 		// Before we copy the structure we must nil out some data
 		// otherwise we will cause reflection to panic and die
 		if req.Connection != nil && req.Connection.ConnState != nil {
+			origReq := req
 			origState := req.Connection.ConnState
 			req.Connection.ConnState = nil
 			defer func() {
-				req.Connection.ConnState = origState
+				origReq.Connection.ConnState = origState
 			}()
 		}

@ -101,10 +102,11 @@ func (b *Backend) LogResponse(
 		// Before we copy the structure we must nil out some data
 		// otherwise we will cause reflection to panic and die
 		if req.Connection != nil && req.Connection.ConnState != nil {
+			origReq := req
 			origState := req.Connection.ConnState
 			req.Connection.ConnState = nil
 			defer func() {
-				req.Connection.ConnState = origState
+				origReq.Connection.ConnState = origState
 			}()
 		}

--- a/builtin/audit/syslog/backend.go
+++ b/builtin/audit/syslog/backend.go
@ -57,10 +57,11 @@ func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr
 		// Before we copy the structure we must nil out some data
 		// otherwise we will cause reflection to panic and die
 		if req.Connection != nil && req.Connection.ConnState != nil {
+			origReq := req
 			origState := req.Connection.ConnState
 			req.Connection.ConnState = nil
 			defer func() {
-				req.Connection.ConnState = origState
+				origReq.Connection.ConnState = origState
 			}()
 		}

@ -104,10 +105,11 @@ func (b *Backend) LogResponse(auth *logical.Auth, req *logical.Request,
 		// Before we copy the structure we must nil out some data
 		// otherwise we will cause reflection to panic and die
 		if req.Connection != nil && req.Connection.ConnState != nil {
+			origReq := req
 			origState := req.Connection.ConnState
 			req.Connection.ConnState = nil
 			defer func() {
-				req.Connection.ConnState = origState
+				origReq.Connection.ConnState = origState
 			}()
 		}

--- a/cli/version.go
+++ b/cli/version.go
@ -10,4 +10,4 @@ const Version = "0.2.0"
 // A pre-release marker for the version. If this is "" (empty string)
 // then it means that it is a final release. Otherwise, this is a pre-release
 // such as "dev" (in development), "beta", "rc1", etc.
-const VersionPrerelease = "dev"
+const VersionPrerelease = "rc"
--- a/logical/framework/field_data.go
+++ b/logical/framework/field_data.go
@ -115,6 +115,8 @@ func (d *FieldData) getPrimitive(
 	case TypeDurationSecond:
 		var result int
 		switch inp := raw.(type) {
+		case nil:
+			return nil, true, nil
 		case int:
 			result = inp
 		case float32:
--- a/logical/framework/field_data_test.go
+++ b/logical/framework/field_data_test.go
@ -135,6 +135,17 @@ func TestFieldDataGet(t *testing.T) {
 			"foo",
 			42,
 		},
+
+		"duration type, nil value": {
+			map[string]*FieldSchema{
+				"foo": &FieldSchema{Type: TypeDurationSecond},
+			},
+			map[string]interface{}{
+				"foo": nil,
+			},
+			"foo",
+			0,
+		},
 	}

 	for name, tc := range cases {
--- a/vault/barrier_aes_gcm.go
+++ b/vault/barrier_aes_gcm.go
@ -362,7 +362,6 @@ func (b *AESGCMBarrier) Unseal(key []byte) error {
 	if err := json.Unmarshal(plain, &init); err != nil {
 		return fmt.Errorf("failed to unmarshal barrier init file")
 	}
-	defer memzero(init.Key)

 	// Setup a new keyring, this is for backwards compatability
 	keyring := NewKeyring()
--- a/vault/barrier_aes_gcm_test.go
+++ b/vault/barrier_aes_gcm_test.go
@ -105,6 +105,14 @@ func TestAESGCMBarrier_BackwardsCompatible(t *testing.T) {
 	}
 	inm.Put(pe)

+	// Create a fake key
+	gcm, _ = b.aeadFromKey(encrypt)
+	pe = &physical.Entry{
+		Key:   "test/foo",
+		Value: b.encrypt(initialKeyTerm, gcm, []byte("test")),
+	}
+	inm.Put(pe)
+
 	// Should still be initialized
 	isInit, err := b.Initialized()
 	if err != nil {
@ -137,6 +145,15 @@ func TestAESGCMBarrier_BackwardsCompatible(t *testing.T) {
 	if out == nil {
 		t.Fatalf("should have keyring file")
 	}
+
+	// Attempt to read encrypted key
+	entry, err := b.Get("test/foo")
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if string(entry.Value) != "test" {
+		t.Fatalf("bad: %#v", entry)
+	}
 }

 // Verify data sent through is encrypted