RHEXDUMP3(data, packet_len, "Read packet");
+ code = data[0];
+ if (!allowed_replies[code]) {
+ REDEBUG("%s packet received unknown reply code %s",
+ fr_radius_packet_names[u->code], fr_radius_packet_names[code]);
+ return DECODE_FAIL_UNKNOWN_PACKET_CODE;
+ }
+
+ /*
+ * Protocol error can reply to any packet.
+ *
+ * Status-Server can get any reply.
+ *
+ * Otherwise the reply code must be associated with the request code we sent.
+ */
+ if ((code != FR_RADIUS_CODE_PROTOCOL_ERROR) && (u->code != FR_RADIUS_CODE_STATUS_SERVER) &&
+ (allowed_replies[code] != u->code)) {
+ REDEBUG("%s packet received invalid reply code %s",
+ fr_radius_packet_names[u->code], fr_radius_packet_names[code]);
+ return DECODE_FAIL_UNKNOWN_PACKET_CODE;
+ }
+
original[0] = u->code;
original[1] = 0; /* not looked at by fr_radius_verify() */
original[2] = 0;
return DECODE_FAIL_MA_INVALID;
}
- code = data[0];
- if (!allowed_replies[code]) {
- REDEBUG("%s packet received invalid reply code %s",
- fr_radius_packet_names[u->code], fr_radius_packet_names[code]);
- return DECODE_FAIL_UNKNOWN_PACKET_CODE;
- }
-
- /*
- * Protocol error is allowed as a response to any
- * packet code.
- *
- * Status checks accept any response code.
- */
- if (!u->status_check && (code != FR_RADIUS_CODE_PROTOCOL_ERROR)) {
- if (allowed_replies[code] != (fr_radius_packet_code_t) u->code) {
- REDEBUG("%s packet received invalid reply code %s",
- fr_radius_packet_names[u->code], fr_radius_packet_names[code]);
- return DECODE_FAIL_UNKNOWN_PACKET_CODE;
- }
- }
-
/*
* Decode the attributes, in the context of the reply.
* This only fails if the packet is strangely malformed,
projects / thirdparty / freeradius-server.git / commitdiff
