Changeset 162:79768bf7d208 in freeDiameter for extensions/acl_wl/acl_wl.c
- Timestamp:
- Jan 26, 2010, 1:23:03 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/acl_wl/acl_wl.c
r161 r162 71 71 72 72 /* Now, if we did not specify any flag, reject */ 73 if (res == 0) { 74 TRACE_DEBUG(INFO, "Peer '%s' rejected, only TLS-protected connection is whitelisted.", info->pi_diamid); 75 /* We don't actually set *auth = -1, leave space for a further extension to validate the peer */ 76 return 0; 77 } 73 78 74 79 /* Check the Inband-Security-Id value */ 80 res &= info->runtime.pir_isi; 81 if (res == 0) { 82 TRACE_DEBUG(INFO, "Peer '%s' rejected, remotely advertised Inband-Security-Id is not compatible with whitelist flags.", info->pi_diamid); 83 /* We don't actually set *auth = -1, leave space for a further extension to validate the peer */ 84 return 0; 85 } 86 87 /* Ok, the peer is whitelisted */ 88 *auth = 1; 89 90 /* Now, configure the peer for the authorized mechanism */ 91 if ((res & PI_SEC_NONE) && (res & PI_SEC_TLS_OLD)) 92 res = PI_SEC_NONE; /* If we authorized it, we must have an IPsec tunnel setup, no need for TLS in this case */ 93 94 /* Save information about the security mechanism to use after CER/CEA exchange */ 95 info->config.pic_flags.sec = res; 96 return 0; 75 97 } 76 98 … … 79 101 { 80 102 TRACE_ENTRY("%p", conffile); 81 82 103 CHECK_PARAMS(conffile); 83 104 … … 86 107 87 108 TRACE_DEBUG(INFO, "Extension ACL_wl initialized with configuration: '%s'", conffile); 88 aw_tree_dump(); 109 if (TRACE_BOOL(ANNOYING)) { 110 aw_tree_dump(); 111 } 89 112 90 113 /* Register the validator function */ 91 114 CHECK_FCT( fd_peer_validate_register ( aw_validate ) ); 115 92 116 return 0; 93 117 } … … 96 120 void fd_ext_fini(void) 97 121 { 98 /* Unregister the validator function */99 100 122 /* Destroy the tree */ 101 123 aw_tree_destroy(); 102 124 } 103 125
Note: See TracChangeset
for help on using the changeset viewer.