From b46df3e23c665ef124fc06417a4d8dadd382a251 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Mon, 9 Mar 2015 20:34:57 -0400
Subject: [PATCH] Configuration of key expiration for APC

Add support for configuring the key expiration in the config and pass this allong as requests are forwarded.
---
 common/tr_config.c | 20 +++++++++++++++++---
 include/tr_comm.h  |  3 ++-
 tr/tr_main.c       |  3 +++
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/common/tr_config.c b/common/tr_config.c
index ccc8a9d..e221363 100644
--- a/common/tr_config.c
+++ b/common/tr_config.c
@@ -689,13 +689,12 @@ static TR_COMM *tr_cfg_parse_one_comm (TR_CFG *trc, json_t *jcomm, TR_CFG_RC *rc
     return NULL;
   }
 
-  if (NULL == (comm = talloc(trc, TR_COMM))) {
+  if (NULL == (comm = talloc_zero(trc, TR_COMM))) {
     fprintf(stderr, "tr_cfg_parse_one_comm: Out of memory.\n");
     *rc = TR_CFG_NOMEM;
     return NULL;
   }
 
-  memset(comm, 0, sizeof(TR_COMM));
 
   if ((NULL == (jid = json_object_get(jcomm, "community_id"))) ||
       (!json_is_string(jid)) ||
@@ -745,10 +744,25 @@ static TR_COMM *tr_cfg_parse_one_comm (TR_CFG *trc, json_t *jcomm, TR_CFG_RC *rc
   if (TR_CFG_SUCCESS != *rc) {
     fprintf(stderr, "tr_cfg_parse_comm: Can't parse RP realms for comm %s .\n", comm->id->buf);
     tr_free_name(comm->id);
-    /* TBD -- free idps? */;
     return NULL;
   }
 
+  if (TR_COMM_APC == comm->type) {
+    json_t *jexpire  = json_object_get(jcomm, "expiration_interval");
+    comm->expiration_interval = 43200; /*30 days*/
+    if (jexpire) {
+	if (!json_is_integer(jexpire)) {
+	  fprintf(stderr, "tr_parse_comm: expirae_interval is not an integer\n");
+	  return NULL;
+	}
+	comm->expiration_interval = json_integer_value(jexpire);
+	if (comm->expiration_interval <= 10)
+	  comm->expiration_interval = 11; /* Freeradius waits 10 minutes between successful TR queries*/
+	if (comm->expiration_interval > 129600) /* 90 days*/
+	comm->expiration_interval = 129600;
+    }
+  }
+  
   return comm;
 }
 
diff --git a/include/tr_comm.h b/include/tr_comm.h
index 717aafd..374227b 100644
--- a/include/tr_comm.h
+++ b/include/tr_comm.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2015, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52,6 +52,7 @@ typedef struct tr_comm {
   TR_APC *apcs;
   TR_IDP_REALM *idp_realms;
   TR_RP_REALM *rp_realms;
+  time_t expiration_interval; /*Minutes to key expiration; only valid for an APC*/
 } TR_COMM;
 
 TR_COMM *tr_comm_lookup(TR_INSTANCE *tr, TR_NAME *comm);
diff --git a/tr/tr_main.c b/tr/tr_main.c
index d160231..241b496 100644
--- a/tr/tr_main.c
+++ b/tr/tr_main.c
@@ -184,6 +184,9 @@ static int tr_tids_req_handler (TIDS_INSTANCE *tids,
   /* send a TID request to the AAA server(s), and get the answer(s) */
   /* TBD -- Handle multiple servers */
 
+  if (cfg_apc)
+    fwd_req->expiration_interval = cfg_apc->expiration_interval;
+  else fwd_req->expiration_interval = cfg_comm->expiration_interval;
   /* Create a TID client instance */
   if (NULL == (tidc = tidc_create())) {
     fprintf(stderr, "tr_tids_req_hander: Unable to allocate TIDC instance.\n");
-- 
2.1.4