projects
/
trust_router.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
44a04b1
)
Enforce single COI->APC mapping.
author
Jennifer Richards
<jennifer@painless-security.com>
Mon, 7 Nov 2016 20:36:48 +0000
(15:36 -0500)
committer
Jennifer Richards
<jennifer@painless-security.com>
Mon, 7 Nov 2016 20:36:48 +0000
(15:36 -0500)
tr/tr_tid.c
patch
|
blob
|
history
diff --git
a/tr/tr_tid.c
b/tr/tr_tid.c
index
30d9ee1
..
63744ab
100644
(file)
--- a/
tr/tr_tid.c
+++ b/
tr/tr_tid.c
@@
-154,6
+154,13
@@
static int tr_tids_req_handler (TIDS_INSTANCE *tids,
/* Map the comm in the request from a COI to an APC, if needed */
if (TR_COMM_COI == cfg_comm->type) {
/* Map the comm in the request from a COI to an APC, if needed */
if (TR_COMM_COI == cfg_comm->type) {
+ if (orig_req->orig_coi!=NULL) {
+ tr_notice("tr_tids_req_handler: community %s is COI but COI to APC mapping already occurred. Dropping request.",
+ orig_req->comm->buf);
+ tids_send_err_response(tids, orig_req, "Second COI to APC mapping would result, permitted only once.");
+ retval=-1;
+ goto cleanup;
+ }
tr_debug("tr_tids_req_handler: Community was a COI, switching.");
/* TBD -- In theory there can be more than one? How would that work? */
if ((!cfg_comm->apcs) || (!cfg_comm->apcs->id)) {
tr_debug("tr_tids_req_handler: Community was a COI, switching.");
/* TBD -- In theory there can be more than one? How would that work? */
if ((!cfg_comm->apcs) || (!cfg_comm->apcs->id)) {
@@
-196,7
+203,7
@@
static int tr_tids_req_handler (TIDS_INSTANCE *tids,
}
tr_debug("tr_tids_req_handler: found route.");
if (trp_route_is_local(route)) {
}
tr_debug("tr_tids_req_handler: found route.");
if (trp_route_is_local(route)) {
- tr_debug("tr_tids_req_handler: route is local.");
+
tr_debug("tr_tids_req_handler: route is local.");
aaa_servers = tr_idp_aaa_server_lookup(cfg_mgr->active->ctable->idp_realms,
orig_req->realm,
orig_req->comm);
aaa_servers = tr_idp_aaa_server_lookup(cfg_mgr->active->ctable->idp_realms,
orig_req->realm,
orig_req->comm);