* @param[in] state tree to lookup state in.
* @param[in] request to restore state for.
* @return
- * - 0 on success (state restored)
+ * - 2 if the state attribute didn't match any known states.
* - 1 if no state attribute existed.
- * - -1 if a state entry matching the value couldn't be found.
- * - -2 if a state entry has already been thawed by a another request.
+ * - 0 on success (state restored)
+ * - -1 if a state entry has already been thawed by a another request.
*/
int fr_state_to_request(fr_state_tree_t *state, request_t *request)
{
PTHREAD_MUTEX_UNLOCK(&state->mutex);
} else {
PTHREAD_MUTEX_UNLOCK(&state->mutex);
- REDEBUG("No state entry matching &request.%pP found", vp);
- return -1;
+ RDEBUG2("No state entry matching &request.%pP found", vp);
+ return 2;
}
if (!fr_pair_list_empty(&request->session_state_pairs)) {
process_radius_t const *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
/*
- * Requests with invalid state values
- * are extremely unlikely to result
- * in success, so reject them as quickly
- * as we possible.
+ * Only reject if the state has already been thawed.
+ * It could be that the state value wasn't intended
+ * for us, and we're just proxying upstream.
*/
if (fr_state_to_request(inst->auth.state_tree, request) < 0) {
fr_process_state_t const *state;
{
process_ttls_t const *inst = talloc_get_type_abort_const(mctx->instance, process_ttls_t);
- /*
- * Requests with invalid state values
- * are extremely unlikely to result
- * in success, so reject them as quickly
- * as we possible.
- */
- if (fr_state_to_request(inst->auth.state_tree, request) < 0) {
- fr_process_state_t const *state;
- CONF_SECTION *cs;
-
- request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT;
- UPDATE_STATE_CS(reply);
- return unlang_module_yield_to_section(p_result, request,
- cs, state->rcode, state->send,
- NULL, NULL);
- }
-
return CALL_RECV(generic);
}
projects / thirdparty / freeradius-server.git / commitdiff
