char *hexbuf = NULL;
DH *aaa_server_dh;
- tls = talloc_zero( hs, fr_tls_server_conf_t);
+ tls = fr_tls_server_conf_alloc(hs);
if (!tls) return NULL;
aaa_server_dh = tid_srvr_get_dh(server);
hs->secret = talloc_strdup(hs, "radsec");
hs->response_window.tv_sec = 30;
hs->last_packet_recv = time(NULL);
-
+ /*
+ * We want sockets using these servers to close as soon as possible,
+ * to make sure that whenever a pool is replaced, sockets using old ones
+ * will not last long (hopefully less than 300s).
+ */
+ hs->limit.idle_timeout = 5;
hs->tls = construct_tls(inst, hs, blk);
if (!hs->tls) goto error;
}
/*
- * This server has received a packet in the last
- * 5 minutes. It doesn't need an update.
- */
- if ((now - server->last_packet_recv) < 300) {
- return false;
- }
-
- /*
* If we've opened in the last 10 minutes, then
* open rather than update.
*/
if (!realm) return NULL;
+ if (!trustrouter || (strcmp(trustrouter, "none") == 0)) return NULL;
+
/* clear the cookie structure */
memset (&cookie, 0, sizeof(cookie));
/* See if the request overrides the community*/
- vp = pairfind(request->packet->vps, PW_UKERNA_TR_COI, VENDORPEC_UKERNA, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_UKERNA_TR_COI, VENDORPEC_UKERNA, TAG_ANY);
if (vp)
community = vp->vp_strvalue;
- else pairmake_packet("Trust-Router-COI", community, T_OP_SET);
+ else pair_make_request("Trust-Router-COI", community, T_OP_SET);
cookie.fr_realm_name = talloc_asprintf(NULL,
"%s%%%s",
DEBUG2("TID response is error, rc = %d: %s.\n", cookie.result,
cookie.err_msg?cookie.err_msg:"(NO ERROR TEXT)");
if (cookie.err_msg)
- pairmake_reply("Reply-Message", cookie.err_msg, T_OP_SET);
- pairmake_reply("Error-Cause", "502", T_OP_SET); /*proxy unroutable*/
+ pair_make_reply("Reply-Message", cookie.err_msg, T_OP_SET);
+ pair_make_reply("Error-Cause", "502", T_OP_SET); /*proxy unroutable*/
}
cleanup: