allow for reverse coa proxying in request_will_proxy()

author Alan T. DeKok <aland@freeradius.org>

Thu, 1 Apr 2021 15:24:45 +0000 (11:24 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 22 Jul 2021 13:55:20 +0000 (09:55 -0400)
author Alan T. DeKok <aland@freeradius.org>
Thu, 1 Apr 2021 15:24:45 +0000 (11:24 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 22 Jul 2021 13:55:20 +0000 (09:55 -0400)
diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal

index 31f9ab4a127b52a6e5720b3e7365b265aaf9554a..c9fae5507794091755d371c9822702396b2b17dc 100644 (file)
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -286,7 +286,8 @@ ATTRIBUTE   SSHA3-512-Password                      1185    octets
  
  ATTRIBUTE      MS-CHAP-Peer-Challenge                  1192    octets
  ATTRIBUTE      Home-Server-Name                        1193    string
-ATTRIBUTE      TCP-Session-Key                         1194    string
+ATTRIBUTE      Originating-Realm-Key                   1194    string
+ATTRIBUTE      Proxy-To-Originating-Realm              1195    string
  
  ATTRIBUTE      TOTP-Secret                             1194    string # base32 encoded
  ATTRIBUTE      TOTP-Key                                1195    octets # raw key
diff --git a/src/include/radiusd.h b/src/include/radiusd.h

index 1dbe8a5450cc8ab85dcb5a92556017003ce16ce2..e4d78158225bf2dcad2931f960babce8c3d788eb 100644 (file)
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -612,7 +612,7 @@ int proxy_tls_send_reply(rad_listen_t *listener, REQUEST *request);
  int dual_tls_send_coa_request(rad_listen_t *listener, REQUEST *request);
  void listen_coa_add(rad_listen_t *listener, char const *key);
  void listen_coa_delete(rad_listen_t *listener);
-rad_listen_t *listen_coa_find(REQUEST *request, char const *key);
+int listen_coa_find(REQUEST *request, char const *key);
  #endif
  #endif
  
diff --git a/src/main/listen.c b/src/main/listen.c

index cbe45c67fe969811ff443ed3fa1a19650df1f248..c50dcb03cffe51235743d6e98b021c2d5d7e9c65 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -801,7 +801,7 @@ static int dual_tcp_accept(rad_listen_t *listener)
                 home->coa_mrt = this->coa_mrt;
                 home->coa_mrc = this->coa_mrc;
                 home->coa_mrd = this->coa_mrd;
-               home->coa_server = this->server;
+               home->server = this->server;
         }
  #endif
  
@@ -3723,12 +3723,15 @@ void listen_coa_delete(rad_listen_t *this)
  
  /*
   *     Find an active listener by key.
+ *
+ *     This function will update request->home_server, and
+ *     request->proxy_listener.
   */
-rad_listen_t *listen_coa_find(UNUSED REQUEST *request, UNUSED char const *key)
+int listen_coa_find(UNUSED REQUEST *request, UNUSED char const *key)
  {
         /*
          *      Do more things here.
          */
-       return NULL;
+       return -1;
  }
  #endif
diff --git a/src/main/process.c b/src/main/process.c

index 65bd94094d1fffed5c18448f2e9125d87ce074bd..5a6a3fe91962106b9bc3c9ea10edc58ce0d137ca 100644 (file)
--- a/src/main/process.c
+++ b/src/main/process.c
@@ -3176,7 +3176,25 @@ static int request_will_proxy(REQUEST *request)
  
                 return 0;
  
+#ifdef WITH_COA_TUNNEL
+       } else if (((request->packet->code == PW_CODE_COA_REQUEST) ||
+                   (request->packet->code == PW_CODE_DISCONNECT_REQUEST)) &&
+                  ((vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_ORIGINATING_REALM, 0, TAG_ANY)) != NULL)) {
+
+               /*
+                *      This function will set request->home_server,
+                *      and also request->proxy_listener.
+                */
+               if (listen_coa_find(request, vp->vp_strvalue) < 0) return 0;
+
+               /*
+                *      Initialise request->proxy, and copy VPs over.
+                */
+               home_server_update_request(request->home_server, request);
+               goto add_proxy_state;
+
         } else {
+#endif
                 return 0;
         }
  
@@ -3272,6 +3290,10 @@ do_home:
          *      The RFC's say we have to do this, but FreeRADIUS
          *      doesn't need it.
          */
+#ifdef WITH_COA_TUNNEL
+add_proxy_state:
+#endif
+
         vp = radius_pair_create(request->proxy, &request->proxy->vps, PW_PROXY_STATE, 0);
         fr_pair_value_sprintf(vp, "%u", request->packet->id);
  
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c

index e6d491bde35aadfa51cc4aa9b73fe708dc9740a9..8d05342ea81260ca3cb0c20f96a18f9eca887561 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -585,7 +585,7 @@ int dual_tls_send(rad_listen_t *listener, REQUEST *request)
         if (listener->send_coa && !listener->key) {
                 VALUE_PAIR *vp = NULL;
  
-               vp = fr_pair_find_by_num(request->config, PW_TCP_SESSION_KEY, 0, TAG_ANY);
+               vp = fr_pair_find_by_num(request->config, PW_ORIGINATING_REALM_KEY, 0, TAG_ANY);
                 if (vp) {
                         RDEBUG("Adding send CoA listener with key %s", vp->vp_strvalue);
                         listen_coa_add(request->listener, vp->vp_strvalue);
author	Alan T. DeKok <aland@freeradius.org>
	Thu, 1 Apr 2021 15:24:45 +0000 (11:24 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 22 Jul 2021 13:55:20 +0000 (09:55 -0400)
share/dictionary.freeradius.internal		patch \| blob \| blame \| history
src/include/radiusd.h		patch \| blob \| blame \| history
src/main/listen.c		patch \| blob \| blame \| history
src/main/process.c		patch \| blob \| blame \| history
src/main/tls_listen.c		patch \| blob \| blame \| history