/*
* This program is is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 2 if the
- * License as published by the Free Software Foundation.
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
rad_assert(blk != NULL);
tid_srvr_get_address(blk, &sa, &sa_len);
- switch(sa->sa_family) {
-
- case AF_INET: {
- const struct sockaddr_in *sin = (const struct sockaddr_in *) sa;
- home_server_ip.af = AF_INET;
- home_server_ip.scope = 0;
- home_server_ip.ipaddr.ip4addr = sin->sin_addr;
- port = ntohs(sin->sin_port);
- break;
- }
-
- case AF_INET6: {
- const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *) sa;
- home_server_ip.af = AF_INET6;
- home_server_ip.scope = sin6->sin6_scope_id;
- home_server_ip.ipaddr.ip6addr = sin6->sin6_addr;
- break;
- }
- default:
- DEBUG2("Unknown address family in tid srvr block");
- return NULL;
- }
+ fr_sockaddr2ipaddr((struct sockaddr_storage *) sa, sa_len, &home_server_ip, &port);
if (0 != getnameinfo(sa, sa_len,
nametemp,
hs->type = HOME_TYPE_AUTH;
hs->ipaddr = home_server_ip;
hs->src_ipaddr.af = home_server_ip.af;
- hs->name = talloc_asprintf(hs, "%s-for-%s", nametemp, realm_name);
- hs->hostname = talloc_strdup(hs, nametemp);
+ hs->log_name = talloc_asprintf(hs, "%s-for-%s", nametemp, realm_name);
+ hs->name = talloc_strdup(hs, nametemp);
hs->port = port;
hs->proto = IPPROTO_TCP;
hs->secret = talloc_strdup(hs, "radsec");
}
/*
- * This server has received a packet in the last
- * 5 minutes. It doesn't need an update.
- */
- if ((now - server->last_packet_recv) < 300) {
- return false;
- }
-
- /*
* If we've opened in the last 10 minutes, then
* open rather than update.
*/
-REALM *tr_query_realm(char const *realm,
+REALM *tr_query_realm(REQUEST *request, char const *realm,
char const *community,
char const *rprealm,
char const *trustrouter,
{
int conn = 0;
int rcode;
+ VALUE_PAIR *vp;
gss_ctx_id_t gssctx;
struct resp_opaque cookie;
if (!realm) return NULL;
+ if (!trustrouter || (strcmp(trustrouter, "none") == 0)) return NULL;
+
/* clear the cookie structure */
memset (&cookie, 0, sizeof(cookie));
+ /* See if the request overrides the community*/
+ vp = fr_pair_find_by_num(request->packet->vps, PW_UKERNA_TR_COI, VENDORPEC_UKERNA, TAG_ANY);
+ if (vp)
+ community = vp->vp_strvalue;
+ else pair_make_request("Trust-Router-COI", community, T_OP_SET);
+
cookie.fr_realm_name = talloc_asprintf(NULL,
"%s%%%s",
community, realm);
DEBUG2("Error in tidc_send_request, rc = %d.\n", rcode);
goto cleanup;
}
+ if (cookie.result != TID_SUCCESS) {
+ DEBUG2("TID response is error, rc = %d: %s.\n", cookie.result,
+ cookie.err_msg?cookie.err_msg:"(NO ERROR TEXT)");
+ if (cookie.err_msg)
+ pair_make_reply("Reply-Message", cookie.err_msg, T_OP_SET);
+ pair_make_reply("Error-Cause", "502", T_OP_SET); /*proxy unroutable*/
+ }
cleanup:
if (cookie.fr_realm_name)
projects / freeradius.git / blobdiff