#include <tr.h>
#include <trust_router/tid.h>
#include <tr_config.h>
+#include <tr_comm.h>
#include <tr_idp.h>
/* Structure to hold TR instance and original request in one cookie */
}
static int tr_tids_req_handler (TIDS_INSTANCE * tids,
- TID_REQ *req,
+ TID_REQ *orig_req,
TID_RESP **resp,
void *tr)
{
- gss_ctx_id_t gssctx;
TIDC_INSTANCE *tidc = NULL;
TR_RESP_COOKIE resp_cookie;
TR_AAA_SERVER *aaa_servers = NULL;
- int conn = 0;
+ TR_NAME *apc = NULL;
+ TID_REQ *req = NULL;
+ TR_COMM *cfg_comm = NULL;
int rc;
- if ((!tids) || (!req) || (!resp) || (!(*resp))) {
+ if ((!tids) || (!orig_req) || (!resp) || (!(*resp))) {
printf("tids_req_handler: Bad parameters\n");
return -1;
}
- printf("Request received! Realm = %s, Comm = %s\n", req->realm->buf, req->comm->buf);
+ printf("Request received! Realm = %s, Comm = %s\n", orig_req->realm->buf, orig_req->comm->buf);
if (tids)
tids->req_count++;
- /* find the AAA server(s) for this request */
- aaa_servers = tr_idp_aaa_server_lookup((TR_INSTANCE *)tids->cookie, req->realm, req->comm);
+ /* Save tr and request info for the response */
+ resp_cookie.tr = tr;
+ resp_cookie.orig_req = req;
+
+ /* Duplicate the request, so we can modify and forward it */
+ if (NULL == (req = tid_dup_req(orig_req))) {
+ fprintf(stderr, "tr_tids_req_handler: Unable to duplicate request.\n");
+ return -1;
+ }
+
+ /* Map the comm in the request from a COI to an APC, if needed */
+ if (NULL == (cfg_comm = tr_comm_lookup((TR_INSTANCE *)tids->cookie, req->comm))) {
+ fprintf(stderr, "tr_tids_req_hander: Request for unknown comm: %s.\n", req->comm->buf);
+ }
+
+ /* TBD -- check that the rp_realm is a member of the original community */
+
+ if (TR_COMM_COI == cfg_comm->type) {
+ /* TBD -- In theory there can be more than one? How would that work? */
+ apc = tr_dup_name(cfg_comm->apcs->id);
+ req->orig_coi = req->comm;
+ req->comm = apc;
+ }
+
+ /* Find the AAA server(s) for this request */
+ aaa_servers = tr_idp_aaa_server_lookup((TR_INSTANCE *)tids->cookie, req->realm, apc);
/* send a TID request to the AAA server(s), and get the answer(s) */
/* TBD -- Handle multiple servers */
}
/* Use the DH parameters from the original request */
+ /* TBD -- this needs to be fixed when we handle more than one req per conn */
tidc->client_dh = req->tidc_dh;
+ /* Save information about this request for the response */
+ resp_cookie.tr = tr;
+ resp_cookie.orig_req = req;
+
/* Set-up TID connection */
- /* TBD -- version of open_connection that takes an inaddr */
- if (-1 == (conn = tidc_open_connection(tidc, inet_ntoa(aaa_servers->aaa_server_addr), &gssctx))) {
+ /* TBD -- handle IPv6 Addresses */
+ if (-1 == (req->conn = tidc_open_connection(tidc, inet_ntoa(aaa_servers->aaa_server_addr), &(req->gssctx)))) {
printf("tr_tids_req_handler: Error in tidc_open_connection.\n");
return -1;
};
/* Send a TID request */
- resp_cookie.tr = tr;
- resp_cookie.orig_req = req;
- /* TBD -- version of send request that takes TR_NAMES? */
- if (0 > (rc = tidc_send_request(tidc, conn, gssctx, req->rp_realm->buf, req->realm->buf, req->comm->buf, &tr_tidc_resp_handler, (void *)&resp_cookie))) {
- printf("Error in tidc_send_request, rc = %d.\n", rc);
+ if (0 > (rc = tidc_fwd_request(tidc, req, &tr_tidc_resp_handler, (void *)&resp_cookie))) {
+ printf("Error from tidc_fwd_request, rc = %d.\n", rc);
return -1;
}