Navigation

Changeset 332:e624fa5f85ca in freeDiameter for extensions/acl_wl


Ignore:
Timestamp:
May 31, 2010, 7:09:24 PM (14 years ago)
Author:
Sebastien Decugis <sdecugis@nict.go.jp>
Branch:
default
Phase:
public
Message:

Attempt to fix a bug reported by Alexey Berdnikov (CER without ISI AVP)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • extensions/acl_wl/acl_wl.c

    r258 r332  
    7777        }
    7878       
    79         /* Check the Inband-Security-Id value */
    80         res &= info->runtime.pir_isi;
    81         if (res == 0) {
    82                 TRACE_DEBUG(INFO, "Peer '%s' rejected, remotely advertised Inband-Security-Id is not compatible with whitelist flags.", info->pi_diamid);
    83                 /* We don't actually set *auth = -1, leave space for a further extension to validate the peer */
    84                 return 0;
    85         }
    86        
    87         /* Ok, the peer is whitelisted */
     79        /* Otherwise, just set the configured flags for the peer, and authorize it */
    8880        *auth = 1;
    8981       
    90         /* Now, configure the peer for the authorized mechanism */
     82        /* Save information about the security mechanism to use after CER/CEA exchange */
    9183        if ((res & PI_SEC_NONE) && (res & PI_SEC_TLS_OLD))
    9284                res = PI_SEC_NONE; /* If we authorized it, we must have an IPsec tunnel setup, no need for TLS in this case */
    9385       
    94         /* Save information about the security mechanism to use after CER/CEA exchange */
    9586        info->config.pic_flags.sec = res;
    9687        return 0;
Note: See TracChangeset for help on using the changeset viewer.