From: Nick Porter Date: Fri, 28 Feb 2025 15:50:27 +0000 (+0000) Subject: Fully update parent client when connected dynamic clients are approved X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=592ec1c278c235e25c7a5370df506ebf84b0adbf;p=thirdparty%2Ffreeradius-server.git Fully update parent client when connected dynamic clients are approved Without this, subsequent clones of the parent will be missing data. --- diff --git a/src/lib/io/master.c b/src/lib/io/master.c index 7e3be57233..cb93df4ecb 100644 --- a/src/lib/io/master.c +++ b/src/lib/io/master.c @@ -2511,8 +2511,8 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, fr_time_t request_ti * The new client is mostly OK. Copy the various fields * over. */ -#define COPY_FIELD(_x) client->radclient->_x = radclient->_x -#define DUP_FIELD(_x) client->radclient->_x = talloc_strdup(client->radclient, radclient->_x) +#define COPY_FIELD(_dest, _x) _dest->radclient->_x = radclient->_x +#define DUP_FIELD(_dest, _x) _dest->radclient->_x = talloc_strdup(_dest->radclient, radclient->_x) /* * Only these two fields are set. Other strings in @@ -2521,19 +2521,19 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, fr_time_t request_ti talloc_const_free(client->radclient->shortname); talloc_const_free(client->radclient->secret); - DUP_FIELD(longname); - DUP_FIELD(shortname); - DUP_FIELD(secret); - DUP_FIELD(nas_type); + DUP_FIELD(client, longname); + DUP_FIELD(client, shortname); + DUP_FIELD(client, secret); + DUP_FIELD(client, nas_type); - COPY_FIELD(ipaddr); - COPY_FIELD(src_ipaddr); - COPY_FIELD(require_message_authenticator); - COPY_FIELD(require_message_authenticator_is_set); - COPY_FIELD(limit_proxy_state); - COPY_FIELD(limit_proxy_state_is_set); - COPY_FIELD(use_connected); - COPY_FIELD(cs); + COPY_FIELD(client, ipaddr); + COPY_FIELD(client, src_ipaddr); + COPY_FIELD(client, require_message_authenticator); + COPY_FIELD(client, require_message_authenticator_is_set); + COPY_FIELD(client, limit_proxy_state); + COPY_FIELD(client, limit_proxy_state_is_set); + COPY_FIELD(client, use_connected); + COPY_FIELD(client, cs); // @todo - fill in other fields? @@ -2543,12 +2543,6 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, fr_time_t request_ti radclient->server_cs = inst->server_cs; radclient->server = cf_section_name2(inst->server_cs); - /* - * Re-parent the conf section used to build this client - * so its lifetime is linked to the client - */ - talloc_steal(radclient, radclient->cs); - /* * This is a connected socket, and it's just been * allowed. Go poke the network side to read from the @@ -2583,10 +2577,25 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, fr_time_t request_ti fr_assert(connection->parent->state == PR_CLIENT_PENDING); connection->parent->state = PR_CLIENT_DYNAMIC; - connection->parent->radclient->secret = talloc_strdup(connection->parent->radclient, - radclient->secret); - connection->parent->radclient->shortname = talloc_strdup(connection->parent->radclient, - radclient->shortname); + DUP_FIELD(connection->parent, longname); + DUP_FIELD(connection->parent, shortname); + DUP_FIELD(connection->parent, secret); + DUP_FIELD(connection->parent, nas_type); + + COPY_FIELD(connection->parent, ipaddr); + COPY_FIELD(connection->parent, src_ipaddr); + COPY_FIELD(connection->parent, require_message_authenticator); + COPY_FIELD(connection->parent, require_message_authenticator_is_set); + COPY_FIELD(connection->parent, limit_proxy_state); + COPY_FIELD(connection->parent, limit_proxy_state_is_set); + COPY_FIELD(connection->parent, use_connected); + COPY_FIELD(connection->parent, cs); + + /* + * Re-parent the conf section used to build this client + * so its lifetime is linked to parent client + */ + talloc_steal(connection->parent->radclient, connection->parent->radclient->cs); /* * The client has been allowed. @@ -2597,6 +2606,12 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, fr_time_t request_ti INFO("proto_%s - Verification succeeded for packet from dynamic client %pV - processing queued packets", inst->app_io->common.name, fr_box_ipaddr(client->src_ipaddr)); goto finish; + } else { + /* + * Re-parent the conf section used to build this client + * so its lifetime is linked to the client + */ + talloc_steal(radclient, radclient->cs); } fr_assert(connection == NULL);