Changeset 162:79768bf7d208 in freeDiameter for extensions/acl_wl
- Timestamp:
- Jan 26, 2010, 1:23:03 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- Location:
- extensions/acl_wl
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/acl_wl/CMakeLists.txt
r161 r162 8 8 9 9 # List of source files 10 SET( A PP_TEST_SRC10 SET( ACL_WL_SRC 11 11 acl_wl.h 12 12 acl_wl.c … … 18 18 19 19 # Compile as a module 20 FD_ADD_EXTENSION(acl_wl ${A PP_TEST_SRC})20 FD_ADD_EXTENSION(acl_wl ${ACL_WL_SRC}) -
extensions/acl_wl/acl_wl.c
r161 r162 71 71 72 72 /* Now, if we did not specify any flag, reject */ 73 if (res == 0) { 74 TRACE_DEBUG(INFO, "Peer '%s' rejected, only TLS-protected connection is whitelisted.", info->pi_diamid); 75 /* We don't actually set *auth = -1, leave space for a further extension to validate the peer */ 76 return 0; 77 } 73 78 74 79 /* Check the Inband-Security-Id value */ 80 res &= info->runtime.pir_isi; 81 if (res == 0) { 82 TRACE_DEBUG(INFO, "Peer '%s' rejected, remotely advertised Inband-Security-Id is not compatible with whitelist flags.", info->pi_diamid); 83 /* We don't actually set *auth = -1, leave space for a further extension to validate the peer */ 84 return 0; 85 } 86 87 /* Ok, the peer is whitelisted */ 88 *auth = 1; 89 90 /* Now, configure the peer for the authorized mechanism */ 91 if ((res & PI_SEC_NONE) && (res & PI_SEC_TLS_OLD)) 92 res = PI_SEC_NONE; /* If we authorized it, we must have an IPsec tunnel setup, no need for TLS in this case */ 93 94 /* Save information about the security mechanism to use after CER/CEA exchange */ 95 info->config.pic_flags.sec = res; 96 return 0; 75 97 } 76 98 … … 79 101 { 80 102 TRACE_ENTRY("%p", conffile); 81 82 103 CHECK_PARAMS(conffile); 83 104 … … 86 107 87 108 TRACE_DEBUG(INFO, "Extension ACL_wl initialized with configuration: '%s'", conffile); 88 aw_tree_dump(); 109 if (TRACE_BOOL(ANNOYING)) { 110 aw_tree_dump(); 111 } 89 112 90 113 /* Register the validator function */ 91 114 CHECK_FCT( fd_peer_validate_register ( aw_validate ) ); 115 92 116 return 0; 93 117 } … … 96 120 void fd_ext_fini(void) 97 121 { 98 /* Unregister the validator function */99 100 122 /* Destroy the tree */ 101 123 aw_tree_destroy(); 102 124 } 103 125 -
extensions/acl_wl/aw_tree.c
r161 r162 230 230 ti = (struct tree_item *)(senti->next); 231 231 if (ti->str == NULL) { 232 fd_log_debug("[acl_wl] Warning: entry '%s' is superseeded by a generic entry at l evel %d, ignoring.\n", name, lbl);232 fd_log_debug("[acl_wl] Warning: entry '%s' is superseeded by a generic entry at label %d, ignoring.\n", name, lbl + 1); 233 233 return 0; 234 234 } … … 287 287 ti = (struct tree_item *)(senti->next); 288 288 if (ti->str == NULL) { 289 fd_log_debug("[acl_wl] Warning: entry '%s' is superseeded by a generic entry at l evel 0, ignoring.\n", name);289 fd_log_debug("[acl_wl] Warning: entry '%s' is superseeded by a generic entry at label 1, ignoring.\n", name); 290 290 return 0; 291 291 } … … 367 367 ti = (struct tree_item *)(senti->next); 368 368 if (ti->str == NULL) { 369 TRACE_DEBUG( FULL, "[acl_wl] %s matched at level %d with a generic entry.", name, lbl);369 TRACE_DEBUG(ANNOYING, "[acl_wl] %s matched at label %d with a generic entry.", name, lbl + 1); 370 370 *result = ti->flags; 371 371 return 0; … … 407 407 return 0; 408 408 409 TRACE_DEBUG( FULL, "[acl_wl] %s matched exactly.", name);409 TRACE_DEBUG(ANNOYING, "[acl_wl] %s matched exactly.", name); 410 410 *result = ti->flags; 411 411 return 0;
Note: See TracChangeset
for help on using the changeset viewer.