From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 16 Feb 2024 13:33:54 +0000 (-0500)
Subject: add tls flag to packets
X-Git-Tag: release_3_2_5~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c20b92bbfde507888e710ad2053a12e95d36323;p=thirdparty%2Ffreeradius-server.git

add tls flag to packets

and set it for TLS transport send / receive.  This lets the
packet encoder and verification routines behave differently for
TLS and non-TLS transport
---

diff --git a/src/include/libradius.h b/src/include/libradius.h
index 777927edb32..36fe87fc9e5 100644
--- a/src/include/libradius.h
+++ b/src/include/libradius.h
@@ -410,6 +410,7 @@ typedef struct radius_packet {
 #ifdef WITH_RADIUSV11
 	bool			radiusv11;
 #endif
+	bool			tls;		//!< uses secure transport
 } RADIUS_PACKET;
 
 typedef enum {
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 8c2d3db7fcc..3dc786bb551 100644
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -673,6 +673,7 @@ read_application_data:
 #ifdef WITH_RADIUSV11
 	packet->radiusv11 = sock->radiusv11;
 #endif
+	packet->tls = true;
 
 	if (!rad_packet_ok(packet, 0, NULL)) {
 		if (DEBUG_ENABLED) ERROR("Receive - %s", fr_strerror());
@@ -1286,6 +1287,7 @@ int proxy_tls_recv(rad_listen_t *listener)
 	}
 
 #endif
+	packet->tls = true;
 
 	/*
 	 *	FIXME: Client MIB updates?
@@ -1373,6 +1375,7 @@ int proxy_tls_send(rad_listen_t *listener, REQUEST *request)
 	 *	if there's no packet, encode it here.
 	 */
 	if (!request->proxy->data) {
+		request->reply->tls = true;
 		request->proxy_listener->proxy_encode(request->proxy_listener,
 						      request);
 	}
@@ -1510,6 +1513,8 @@ int proxy_tls_send_reply(rad_listen_t *listener, REQUEST *request)
 	if ((listener->status != RAD_LISTEN_STATUS_INIT &&
 	    (listener->status != RAD_LISTEN_STATUS_KNOWN))) return 0;
 
+	request->reply->tls = true;
+
 	/*
 	 *	Pack the VPs
 	 */