tr_debug("tr_tids_req_handler: looking up route.");
route=trps_get_selected_route(trps, orig_req->comm, orig_req->realm);
if (route==NULL) {
- tr_notice("tr_tids_req_handler: no route table entry found for realm (%s) in community (%s).",
- orig_req->realm->buf, orig_req->comm->buf);
- tids_send_err_response(tids, orig_req, "Missing trust route error");
- retval=-1;
- goto cleanup;
- }
- tr_debug("tr_tids_req_handler: found route.");
- if (trp_route_is_local(route)) {
- tr_debug("tr_tids_req_handler: route is local.");
- aaa_servers = tr_idp_aaa_server_lookup(cfg_mgr->active->ctable->idp_realms,
- orig_req->realm,
- orig_req->comm,
- &idp_shared);
- } else {
- tr_debug("tr_tids_req_handler: route not local.");
- aaa_servers = tr_aaa_server_new(tmp_ctx, trp_route_get_next_hop(route));
- idp_shared=0;
- }
-
- /* Find the AAA server(s) for this request */
- if (NULL == aaa_servers) {
- tr_debug("tr_tids_req_handler: No AAA Servers for realm %s, defaulting.", orig_req->realm->buf);
- if (NULL == (aaa_servers = tr_default_server_lookup (cfg_mgr->active->default_servers,
- orig_req->comm))) {
+ /* No route. Use default AAA servers if we have them. */
+ tr_debug("tr_tids_req_handler: No route for realm %s, defaulting.", orig_req->realm->buf);
+ if (NULL == (aaa_servers = tr_default_server_lookup(cfg_mgr->active->default_servers,
+ orig_req->comm))) {
tr_notice("tr_tids_req_handler: No default AAA servers, discarded.");
tids_send_err_response(tids, orig_req, "No path to AAA Server(s) for realm");
- retval=-1;
+ retval = -1;
goto cleanup;
}
- idp_shared=0;
+ idp_shared = 0;
} else {
- /* if we aren't defaulting, check idp coi and apc membership */
+ /* Found a route. Determine the AAA servers or next hop address. */
+ tr_debug("tr_tids_req_handler: found route.");
+ if (trp_route_is_local(route)) {
+ tr_debug("tr_tids_req_handler: route is local.");
+ aaa_servers = tr_idp_aaa_server_lookup(cfg_mgr->active->ctable->idp_realms,
+ orig_req->realm,
+ orig_req->comm,
+ &idp_shared);
+ } else {
+ tr_debug("tr_tids_req_handler: route not local.");
+ aaa_servers = tr_aaa_server_new(tmp_ctx, trp_route_get_next_hop(route));
+ idp_shared = 0;
+ }
+
+ /* Since we aren't defaulting, check idp coi and apc membership */
if (NULL == (tr_comm_find_idp(cfg_mgr->active->ctable, cfg_comm, fwd_req->realm))) {
tr_notice("tr_tids_req_handler: IDP Realm (%s) not member of community (%s).", orig_req->realm->buf, orig_req->comm->buf);
tids_send_err_response(tids, orig_req, "IDP community membership error");
}
}
+ /* Make sure we came through with a AAA server. If not, we can't handle the request. */
+ if (NULL == aaa_servers) {
+ tr_notice("tr_tids_req_handler: no route or AAA server for realm (%s) in community (%s).",
+ orig_req->realm->buf, orig_req->comm->buf);
+ tids_send_err_response(tids, orig_req, "Missing trust route error");
+ retval = -1;
+ goto cleanup;
+ }
+
/* send a TID request to the AAA server(s), and get the answer(s) */
tr_debug("tr_tids_req_handler: sending TID request(s).");
if (cfg_apc)
TALLOC_CTX *tmp_ctx=talloc_new(NULL);
struct tr_tids_event_cookie *cookie=NULL;
int retval=0;
- size_t ii=0;
+ int ii=0;
if (tids_ev == NULL) {
tr_debug("tr_tids_event_init: Null tids_ev.");
talloc_steal(tids, cookie);
/* get a tids listener */
- tids_ev->n_sock_fd=tids_get_listener(tids,
- tr_tids_req_handler,
- tr_tids_gss_handler,
- cfg_mgr->active->internal->hostname,
- cfg_mgr->active->internal->tids_port,
- (void *)cookie,
- tids_ev->sock_fd,
- TR_MAX_SOCKETS);
+ tids_ev->n_sock_fd = (int)tids_get_listener(tids,
+ tr_tids_req_handler,
+ tr_tids_gss_handler,
+ cfg_mgr->active->internal->hostname,
+ cfg_mgr->active->internal->tids_port,
+ (void *)cookie,
+ tids_ev->sock_fd,
+ TR_MAX_SOCKETS);
if (tids_ev->n_sock_fd==0) {
tr_crit("Error opening TID server socket.");
retval=1;
projects / trust_router.git / blobdiff