#include <tr_debug.h>
#include <tr_filter.h>
#include <trust_router/tr_constraint.h>
+#include <tr_idp.h>
#include <tr.h>
void tr_print_config (FILE *stream, TR_CFG *cfg) {
static TR_IDP_REALM *tr_cfg_parse_one_idp_realm (TR_CFG *trc, json_t *jidp, TR_CFG_RC *rc) {
TR_IDP_REALM *idp = NULL;
+ json_t *jremote = NULL;
json_t *jrid = NULL;
json_t *jscfg = NULL;
json_t *jsrvrs = NULL;
return NULL;
}
- if (NULL == (idp = talloc_zero(trc, TR_IDP_REALM))) {
+ if (NULL == (idp = tr_idp_realm_new(trc))) {
tr_debug("tr_cfg_parse_one_idp_realm: Out of memory.");
*rc = TR_CFG_NOMEM;
return NULL;
}
- if ((NULL == (jrid = json_object_get(jidp, "realm_id"))) ||
- (!json_is_string(jrid)) ||
- (NULL == (jscfg = json_object_get(jidp, "shared_config"))) ||
- (!json_is_string(jscfg)) ||
- (NULL == (jsrvrs = json_object_get(jidp, "aaa_servers"))) ||
- (!json_is_array(jsrvrs))) {
- tr_debug("tr_cfg_parse_one_idp_realm: Error parsing IDP realm configuration.");
- *rc = TR_CFG_NOPARSE;
+ /* Assume local route unless specified as remote. */
+ jremote = json_object_get(jidp, "remote");
+ if ((jremote!=NULL) && (!json_is_number(jremote))) {
+ tr_debug("tr_cfg_parse_one_idp_realm: Error parsing IDP realm configuration (remote is not a number).");
+ *rc=TR_CFG_NOPARSE;
return NULL;
}
- if (0 == strcmp(json_string_value(jscfg), "no")) {
- idp->shared_config = 0;
- } else {
- idp->shared_config = 1;
+ if ((NULL == (jrid = json_object_get(jidp, "realm_id"))) ||
+ (!json_is_string(jrid))) {
+ tr_debug("tr_cfg_parse_one_idp_realm: Error parsing IDP realm configuration (realm_id missing or invalid).");
+ *rc = TR_CFG_NOPARSE;
+ return NULL;
}
+
+ if ((jremote==NULL) || (0==json_integer_value(jremote))) {
+ idp->origin=TR_REALM_LOCAL;
+
+ if ((NULL == (jscfg = json_object_get(jidp, "shared_config"))) ||
+ (!json_is_string(jscfg)) ||
+ (NULL == (jsrvrs = json_object_get(jidp, "aaa_servers"))) ||
+ (!json_is_array(jsrvrs))) {
+ tr_debug("tr_cfg_parse_one_idp_realm: Error parsing IDP realm configuration.");
+ *rc = TR_CFG_NOPARSE;
+ return NULL;
+ }
+
+ if (0 == strcmp(json_string_value(jscfg), "no")) {
+ idp->shared_config = 0;
+ } else {
+ idp->shared_config = 1;
+ }
+ } else
+ idp->origin=TR_REALM_REMOTE_INCOMPLETE;
if (NULL == (idp->realm_id = tr_new_name((char *)json_string_value(jrid)))) {
tr_debug("tr_cfg_parse_one_idp_realm: No memory for realm id.");
return NULL;
}
- if (NULL == (idp->aaa_servers = tr_cfg_parse_aaa_servers(trc, jsrvrs, rc))) {
- tr_debug("tr_cfg_parse_one_idp_realm: Can't parse AAA servers for realm %s.", idp->realm_id->buf);
- tr_free_name(idp->realm_id);
- return NULL;
- }
-
if ((NULL != (japcs = json_object_get(jidp, "apcs"))) &&
(json_is_array(japcs))) {
if (NULL == (idp->apcs = tr_cfg_parse_apcs(trc, japcs, rc))) {
tr_debug("tr_cfg_parse_one_idp_realm: Can't parse APCs for realm %s .", idp->realm_id->buf);
tr_free_name(idp->realm_id);
- /* TBD -- free aaa_servers */;
+ /* TBD -- free aaa_servers */
return NULL;
}
}
+
+ if ((idp->origin==TR_REALM_LOCAL) &&
+ (NULL == (idp->aaa_servers = tr_cfg_parse_aaa_servers(trc, jsrvrs, rc)))) {
+ tr_debug("tr_cfg_parse_one_idp_realm: Can't parse AAA servers for realm %s.", idp->realm_id->buf);
+ tr_free_name(idp->realm_id);
+ return NULL;
+ }
+
return idp;
}
#ifndef TR_IDP_H
#define TR_IDP_H
+#include <talloc.h>
+
#include <trust_router/tr_name.h>
#include <tr_apc.h>
TR_NAME *hostname;
} TR_AAA_SERVER;
+/* may also want to use in tr_rp.h */
+typedef enum tr_realm_origin {
+ TR_REALM_LOCAL=0, /* realm we were configured to contact */
+ TR_REALM_REMOTE_INCOMPLETE, /* realm we were configured to know about, without contact info yet */
+ TR_REALM_REMOTE, /* realm we were configured to know about, with discovered contact info */
+ TR_REALM_DISCOVERED /* realm we learned about from a peer */
+} TR_REALM_ORIGIN;
+
typedef struct tr_idp_realm {
struct tr_idp_realm *next;
struct tr_idp_realm *comm_next; /* for linked list in comm config */
int shared_config;
TR_AAA_SERVER *aaa_servers;
TR_APC *apcs;
+ TR_REALM_ORIGIN origin; /* how did we learn about this realm? */
} TR_IDP_REALM;
+TR_IDP_REALM *tr_idp_realm_new(TALLOC_CTX *mem_ctx);
+
TR_AAA_SERVER *tr_idp_aaa_server_lookup(TR_IDP_REALM *idp_realms, TR_NAME *idp_realm_name, TR_NAME *comm);
TR_AAA_SERVER *tr_default_server_lookup(TR_AAA_SERVER *default_servers, TR_NAME *comm);
#endif