discard state on Protocol-Error, too

i.e. if we're sending a Protocol-Error back to the client, then
we can't do anything else with the State attribute

diff --git a/src/process/radius/base.c b/src/process/radius/base.c
index 0570e719f7fe5c0880b3acc3857cde95617e5718..223bede80c9de324cacf63bfe12e5e554451f0b0 100644 (file)
--- a/src/process/radius/base.c
+++ b/src/process/radius/base.c
@@ -125,7 +125,7 @@ typedef struct {
        CONF_SECTION    *disconnect_nak;
 
        CONF_SECTION    *do_not_respond;
-       CONF_SECTION    *protocol_error;        /* @todo - allow protocol error as a reject reply? */
+       CONF_SECTION    *protocol_error;
 
        CONF_SECTION    *new_client;
        CONF_SECTION    *add_client;
@@ -731,9 +731,10 @@ RESUME(status_server)
 }
 #endif
 
-RESUME(protocol_error)
+RESUME_FLAG(protocol_error,UNUSED,)
 {
        fr_pair_t                       *vp;
+       process_radius_t const          *inst = talloc_get_type_abort_const(mctx->mi->data, process_radius_t);
 
        PROCESS_TRACE;
 
@@ -763,6 +764,13 @@ RESUME(protocol_error)
                }
        }
 
+       /*
+        *      Discard any session state associated with the request.
+        */
+       if (request->packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) {
+               fr_state_discard(inst->auth.state_tree, request);
+       }
+
        /*
         *      And do the generic processing after running a "send" section.
         */