From: Nick Porter Date: Thu, 13 Feb 2025 12:14:26 +0000 (+0000) Subject: Not all calls to fr_tls_call_push require the session cache X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0fea0b7a60b5dd6a17525bf64f0e057ee2ea370;p=thirdparty%2Ffreeradius-server.git Not all calls to fr_tls_call_push require the session cache --- diff --git a/src/lib/tls/base-h b/src/lib/tls/base-h index 4bf1f6ee6b5..2113fe38341 100644 --- a/src/lib/tls/base-h +++ b/src/lib/tls/base-h @@ -172,7 +172,7 @@ void fr_tls_dict_free(void); * tls/virtual_server.c */ unlang_action_t fr_tls_call_push(request_t *child, unlang_function_t resume, - fr_tls_conf_t *conf, fr_tls_session_t *tls_session); + fr_tls_conf_t *conf, fr_tls_session_t *tls_session, bool cache_required); #ifdef __cplusplus } diff --git a/src/lib/tls/cache.c b/src/lib/tls/cache.c index 565532041f1..cf4c0f1f6e4 100644 --- a/src/lib/tls/cache.c +++ b/src/lib/tls/cache.c @@ -446,7 +446,7 @@ static unlang_action_t tls_cache_load_push(request_t *request, fr_tls_session_t * Allocate a child, and set it up to call * the TLS virtual server. */ - ua = fr_tls_call_push(child, tls_cache_load_result, conf, tls_session); + ua = fr_tls_call_push(child, tls_cache_load_result, conf, tls_session, true); if (ua < 0) { talloc_free(child); tls_cache_load_state_reset(request, tls_cache); @@ -586,7 +586,7 @@ unlang_action_t tls_cache_store_push(request_t *request, fr_tls_conf_t *conf, fr * Allocate a child, and set it up to call * the TLS virtual server. */ - ua = fr_tls_call_push(child, tls_cache_store_result, conf, tls_session); + ua = fr_tls_call_push(child, tls_cache_store_result, conf, tls_session, true); if (ua < 0) goto error; return ua; @@ -655,7 +655,7 @@ unlang_action_t tls_cache_clear_push(request_t *request, fr_tls_conf_t *conf, fr * Allocate a child, and set it up to call * the TLS virtual server. */ - ua = fr_tls_call_push(child, tls_cache_clear_result, conf, tls_session); + ua = fr_tls_call_push(child, tls_cache_clear_result, conf, tls_session, true); if (ua < 0) { talloc_free(child); tls_cache_clear_state_reset(request, tls_cache); diff --git a/src/lib/tls/session.c b/src/lib/tls/session.c index dbef8a1be6f..0c7a56737a4 100644 --- a/src/lib/tls/session.c +++ b/src/lib/tls/session.c @@ -1170,7 +1170,7 @@ unlang_action_t tls_establish_session_push(request_t *request, fr_tls_conf_t *co * Allocate a child, and set it up to call * the TLS virtual server. */ - ua = fr_tls_call_push(child, tls_establish_session_result, conf, tls_session); + ua = fr_tls_call_push(child, tls_establish_session_result, conf, tls_session, false); if (ua < 0) { talloc_free(child); return UNLANG_ACTION_FAIL; diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c index 5cb32159b53..7babc302375 100644 --- a/src/lib/tls/verify.c +++ b/src/lib/tls/verify.c @@ -467,7 +467,7 @@ static unlang_action_t tls_verify_client_cert_push(request_t *request, fr_tls_se * Allocate a child, and set it up to call * the TLS virtual server. */ - ua = fr_tls_call_push(child, tls_verify_client_cert_result, conf, tls_session); + ua = fr_tls_call_push(child, tls_verify_client_cert_result, conf, tls_session, false); if (ua < 0) { PERROR("Failed calling TLS virtual server"); talloc_free(child); diff --git a/src/lib/tls/virtual_server.c b/src/lib/tls/virtual_server.c index 82a9602d2fc..59daeea4b55 100644 --- a/src/lib/tls/virtual_server.c +++ b/src/lib/tls/virtual_server.c @@ -43,14 +43,19 @@ * be a pointer to the provided tls_session. * @param[in] conf the tls configuration. * @param[in] tls_session The current tls_session. + * @param[in] cache_required Does this action require the tls cache * @return * - 0 on success. * - -1 on failure. */ unlang_action_t fr_tls_call_push(request_t *child, unlang_function_t resume, - fr_tls_conf_t *conf, fr_tls_session_t *tls_session) + fr_tls_conf_t *conf, fr_tls_session_t *tls_session, +#ifdef NDEBUG + UNUSED +#endif + bool cache_required) { - fr_assert(tls_session->cache); + fr_assert(tls_session->cache || !cache_required); /* * Sets up a dispatch frame in the parent