allow for reverse coa proxying in request_will_proxy()

Add new Proxy-To-Originating-Realm attribute, and change
TCP-Session-Key to Originating-Realm-Key, which is perhaps
a little clearer.

also note that when we automatically create a home server
for incoming TLS connections, we set home->server, not
home->coa_server

diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index baf5e08fecb1d5132e1eccbff7f0d2092e9e8c2f..4e31098ee6c9d58a95540b795ca8d82f837ce306 100644 (file)
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -286,7 +286,8 @@ ATTRIBUTE   SSHA3-512-Password                      1185    octets
 
 ATTRIBUTE      MS-CHAP-Peer-Challenge                  1192    octets
 ATTRIBUTE      Home-Server-Name                        1193    string
-ATTRIBUTE      TCP-Session-Key                         1194    string
+ATTRIBUTE      Originating-Realm-Key                   1194    string
+ATTRIBUTE      Proxy-To-Originating-Realm              1195    string
 
 #
 #      Range:  1200-1279

diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index b1e3947efd3e59a385286de791e7d53f59acf2ee..923924822199d1f0cc302ef5f2f95bc6414ee143 100644 (file)
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -610,7 +610,7 @@ int proxy_tls_send_reply(rad_listen_t *listener, REQUEST *request);
 int dual_tls_send_coa_request(rad_listen_t *listener, REQUEST *request);
 void listen_coa_add(rad_listen_t *listener, char const *key);
 void listen_coa_delete(rad_listen_t *listener);
-rad_listen_t *listen_coa_find(REQUEST *request, char const *key);
+int listen_coa_find(REQUEST *request, char const *key);
 #endif
 #endif
 

diff --git a/src/main/listen.c b/src/main/listen.c
index 13fca9a093add47640f896e84cbbfa5bc1c39cd7..0bebd3e007fc341a3a14b81a1ef39288616f674e 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -764,7 +764,7 @@ static int dual_tcp_accept(rad_listen_t *listener)
                home->coa_mrt = this->coa_mrt;
                home->coa_mrc = this->coa_mrc;
                home->coa_mrd = this->coa_mrd;
-               home->coa_server = this->server;
+               home->server = this->server;
        }
 #endif
 
@@ -3686,12 +3686,15 @@ void listen_coa_delete(rad_listen_t *this)
 
 /*
  *     Find an active listener by key.
+ *
+ *     This function will update request->home_server, and
+ *     request->proxy_listener.
  */
-rad_listen_t *listen_coa_find(UNUSED REQUEST *request, UNUSED char const *key)
+int listen_coa_find(UNUSED REQUEST *request, UNUSED char const *key)
 {
        /*
         *      Do more things here.
         */
-       return NULL;
+       return -1;
 }
 #endif

diff --git a/src/main/process.c b/src/main/process.c
index 6e9140e213ff5fd555d1493c21224e63477dcf8d..ac5d570124a2da57ee4ebd0423034a2f72bd0517 100644 (file)
--- a/src/main/process.c
+++ b/src/main/process.c
@@ -3171,7 +3171,25 @@ static int request_will_proxy(REQUEST *request)
 
                return 0;
 
+#ifdef WITH_COA_TUNNEL
+       } else if (((request->packet->code == PW_CODE_COA_REQUEST) ||
+                   (request->packet->code == PW_CODE_DISCONNECT_REQUEST)) &&
+                  ((vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_ORIGINATING_REALM, 0, TAG_ANY)) != NULL)) {
+
+               /*
+                *      This function will set request->home_server,
+                *      and also request->proxy_listener.
+                */
+               if (listen_coa_find(request, vp->vp_strvalue) < 0) return 0;
+
+               /*
+                *      Initialise request->proxy, and copy VPs over.
+                */
+               home_server_update_request(request->home_server, request);
+               goto add_proxy_state;
+
        } else {
+#endif
                return 0;
        }
 
@@ -3267,6 +3285,10 @@ do_home:
         *      The RFC's say we have to do this, but FreeRADIUS
         *      doesn't need it.
         */
+#ifdef WITH_COA_TUNNEL
+add_proxy_state:
+#endif
+
        vp = radius_pair_create(request->proxy, &request->proxy->vps, PW_PROXY_STATE, 0);
        fr_pair_value_sprintf(vp, "%u", request->packet->id);
 

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 7bc848116c2612ae2f54cf83a08d5a44587f56ef..ec59e963dffa7bd4bbdba96320a2ed7da0a81cf9 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -585,7 +585,7 @@ int dual_tls_send(rad_listen_t *listener, REQUEST *request)
        if (listener->send_coa && !listener->key) {
                VALUE_PAIR *vp = NULL;
 
-               vp = fr_pair_find_by_num(request->config, PW_TCP_SESSION_KEY, 0, TAG_ANY);
+               vp = fr_pair_find_by_num(request->config, PW_ORIGINATING_REALM_KEY, 0, TAG_ANY);
                if (vp) {
                        RDEBUG("Adding send CoA listener with key %s", vp->vp_strvalue);
                        listen_coa_add(request->listener, vp->vp_strvalue);