From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Sun, 2 Dec 2012 14:12:54 +0000 (+0000)
Subject: Move code that modifies request when looking up home_server into its own function
X-Git-Tag: release_3_0_0_beta1~1440
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=755a4e657f652b3796d77ac39432536d946ef33d;p=thirdparty%2Ffreeradius-server.git

Move code that modifies request when looking up home_server into its own function
---

diff --git a/src/include/realms.h b/src/include/realms.h
index 8c230a0d717..fd65a6d0e4c 100644
--- a/src/include/realms.h
+++ b/src/include/realms.h
@@ -153,6 +153,7 @@ void realms_free(void);
 REALM *realm_find(const char *name); /* name is from a packet */
 REALM *realm_find2(const char *name); /* ... with name taken from realm_find */
 
+void home_server_update_request(home_server *home, REQUEST *request);
 home_server *home_server_ldb(const char *realmname, home_pool_t *pool, REQUEST *request);
 home_server *home_server_find(fr_ipaddr_t *ipaddr, int port, int proto);
 #ifdef WITH_COA
diff --git a/src/main/process.c b/src/main/process.c
index f6ca886710c..004f8fc3f69 100644
--- a/src/main/process.c
+++ b/src/main/process.c
@@ -2143,6 +2143,7 @@ static int request_will_proxy(REQUEST *request)
 		RDEBUG2("ERROR: Failed to find live home server: Cancelling proxy");
 		return 0;
 	}
+	home_server_update_request(home, request);
 
 #ifdef WITH_COA
 	/*
@@ -2384,6 +2385,7 @@ static int request_proxy_anew(REQUEST *request)
 		request_queue_or_run(request, proxy_running);
 		return 0;
 	}
+	home_server_update_request(home, request);
 
 	/*
 	 *	Don't free the old Id (if any) on error.
@@ -3051,6 +3053,7 @@ static void request_coa_originate(REQUEST *request)
 			RDEBUG("WARNING: No live home server for home_server_pool %s", vp->vp_strvalue);
 			goto fail;
 		}
+		home_server_update_request(coa->home_server, coa);
 
 	} else if (!coa->home_server) {
 		int port = PW_COA_UDP_PORT;
diff --git a/src/main/realms.c b/src/main/realms.c
index 23d0616b4b3..1b3be68b79f 100644
--- a/src/main/realms.c
+++ b/src/main/realms.c
@@ -2071,6 +2071,80 @@ REALM *realm_find(const char *name)
 
 
 #ifdef WITH_PROXY
+
+/*
+ *	Allocate the proxy list if it doesn't already exist, and copy request
+ *	VPs into it. Setup src/dst IP addresses based on home server, and
+ *	calculate and add the message-authenticator.
+ *
+ *	This is a distinct function from home_server_ldb, as not all home_server
+ *	lookups result in the *CURRENT* request being proxied,
+ *	as in rlm_replicate, and this may trigger asserts elsewhere in the
+ *	server.
+ */
+void home_server_update_request(home_server *home, REQUEST *request)
+{
+
+	/*
+	 *	Allocate the proxy packet, only if it wasn't
+	 *	already allocated by a module.  This check is
+	 *	mainly to support the proxying of EAP-TTLS and
+	 *	EAP-PEAP tunneled requests.
+	 *
+	 *	In those cases, the EAP module creates a
+	 *	"fake" request, and recursively passes it
+	 *	through the authentication stage of the
+	 *	server.  The module then checks if the request
+	 *	was supposed to be proxied, and if so, creates
+	 *	a proxy packet from the TUNNELED request, and
+	 *	not from the EAP request outside of the
+	 *	tunnel.
+	 *
+	 *	The proxy then works like normal, except that
+	 *	the response packet is "eaten" by the EAP
+	 *	module, and encapsulated into an EAP packet.
+	 */
+	if (!request->proxy) {
+		if ((request->proxy = rad_alloc(TRUE)) == NULL) {
+			radlog(L_ERR|L_CONS, "no memory");
+			exit(1);
+		}
+		
+		/*
+		 *	Copy the request, then look up name
+		 *	and plain-text password in the copy.
+		 *
+		 *	Note that the User-Name attribute is
+		 *	the *original* as sent over by the
+		 *	client.  The Stripped-User-Name
+		 *	attribute is the one hacked through
+		 *	the 'hints' file.
+		 */
+		request->proxy->vps =  paircopy(request->packet->vps);
+	}
+
+	/*
+	 *	Update the various fields as appropriate.
+	 */
+	request->proxy->src_ipaddr = home->src_ipaddr;
+	request->proxy->src_port = 0;
+	request->proxy->dst_ipaddr = home->ipaddr;
+	request->proxy->dst_port = home->port;
+	request->home_server = home;
+
+	/*
+	 *	We're supposed to add a Message-Authenticator
+	 *	if it doesn't exist, and it doesn't exist.
+	 */
+	if (home->message_authenticator &&
+	    (request->packet->code == PW_AUTHENTICATION_REQUEST) &&
+	    !pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0)) {
+		radius_pairmake(request, &request->proxy->vps,
+				"Message-Authenticator", "0x00",
+				T_OP_SET);
+	}
+}
+
 home_server *home_server_ldb(const char *realmname,
 			     home_pool_t *pool, REQUEST *request)
 {
@@ -2314,65 +2388,6 @@ home_server *home_server_ldb(const char *realmname,
 			exec_trigger(request, pool->cs, "home_server_pool.normal", FALSE);
 		}
 
-		/*
-		 *	Allocate the proxy packet, only if it wasn't
-		 *	already allocated by a module.  This check is
-		 *	mainly to support the proxying of EAP-TTLS and
-		 *	EAP-PEAP tunneled requests.
-		 *
-		 *	In those cases, the EAP module creates a
-		 *	"fake" request, and recursively passes it
-		 *	through the authentication stage of the
-		 *	server.  The module then checks if the request
-		 *	was supposed to be proxied, and if so, creates
-		 *	a proxy packet from the TUNNELED request, and
-		 *	not from the EAP request outside of the
-		 *	tunnel.
-		 *
-		 *	The proxy then works like normal, except that
-		 *	the response packet is "eaten" by the EAP
-		 *	module, and encapsulated into an EAP packet.
-		 */
-		if (!request->proxy) {
-			if ((request->proxy = rad_alloc(TRUE)) == NULL) {
-				radlog(L_ERR|L_CONS, "no memory");
-				exit(1);
-			}
-			
-			/*
-			 *	Copy the request, then look up name
-			 *	and plain-text password in the copy.
-			 *
-			 *	Note that the User-Name attribute is
-			 *	the *original* as sent over by the
-			 *	client.  The Stripped-User-Name
-			 *	attribute is the one hacked through
-			 *	the 'hints' file.
-			 */
-			request->proxy->vps =  paircopy(request->packet->vps);
-		}
-
-		/*
-		 *	Update the various fields as appropriate.
-		 */
-		request->proxy->src_ipaddr = found->src_ipaddr;
-		request->proxy->src_port = 0;
-		request->proxy->dst_ipaddr = found->ipaddr;
-		request->proxy->dst_port = found->port;
-		request->home_server = found;
-
-		/*
-		 *	We're supposed to add a Message-Authenticator
-		 *	if it doesn't exist, and it doesn't exist.
-		 */
-		if (found->message_authenticator &&
-		    (request->packet->code == PW_AUTHENTICATION_REQUEST) &&
-		    !pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0)) {
-			radius_pairmake(request, &request->proxy->vps,
-					"Message-Authenticator", "0x00",
-					T_OP_SET);
-		}
-
 		return found;
 	}