From 0ea865f14ba36e7b191c5cb15a4bf3e6ef21c46f Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Thu, 1 Apr 2021 11:24:45 -0400 Subject: [PATCH] allow for reverse coa proxying in request_will_proxy() Add new Proxy-To-Originating-Realm attribute, and change TCP-Session-Key to Originating-Realm-Key, which is perhaps a little clearer. also note that when we automatically create a home server for incoming TLS connections, we set home->server, not home->coa_server --- share/dictionary.freeradius.internal | 3 ++- src/include/radiusd.h | 2 +- src/main/listen.c | 9 ++++++--- src/main/process.c | 22 ++++++++++++++++++++++ src/main/tls_listen.c | 2 +- 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal index baf5e08fec..4e31098ee6 100644 --- a/share/dictionary.freeradius.internal +++ b/share/dictionary.freeradius.internal @@ -286,7 +286,8 @@ ATTRIBUTE SSHA3-512-Password 1185 octets ATTRIBUTE MS-CHAP-Peer-Challenge 1192 octets ATTRIBUTE Home-Server-Name 1193 string -ATTRIBUTE TCP-Session-Key 1194 string +ATTRIBUTE Originating-Realm-Key 1194 string +ATTRIBUTE Proxy-To-Originating-Realm 1195 string # # Range: 1200-1279 diff --git a/src/include/radiusd.h b/src/include/radiusd.h index b1e3947efd..9239248221 100644 --- a/src/include/radiusd.h +++ b/src/include/radiusd.h @@ -610,7 +610,7 @@ int proxy_tls_send_reply(rad_listen_t *listener, REQUEST *request); int dual_tls_send_coa_request(rad_listen_t *listener, REQUEST *request); void listen_coa_add(rad_listen_t *listener, char const *key); void listen_coa_delete(rad_listen_t *listener); -rad_listen_t *listen_coa_find(REQUEST *request, char const *key); +int listen_coa_find(REQUEST *request, char const *key); #endif #endif diff --git a/src/main/listen.c b/src/main/listen.c index 13fca9a093..0bebd3e007 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -764,7 +764,7 @@ static int dual_tcp_accept(rad_listen_t *listener) home->coa_mrt = this->coa_mrt; home->coa_mrc = this->coa_mrc; home->coa_mrd = this->coa_mrd; - home->coa_server = this->server; + home->server = this->server; } #endif @@ -3686,12 +3686,15 @@ void listen_coa_delete(rad_listen_t *this) /* * Find an active listener by key. + * + * This function will update request->home_server, and + * request->proxy_listener. */ -rad_listen_t *listen_coa_find(UNUSED REQUEST *request, UNUSED char const *key) +int listen_coa_find(UNUSED REQUEST *request, UNUSED char const *key) { /* * Do more things here. */ - return NULL; + return -1; } #endif diff --git a/src/main/process.c b/src/main/process.c index 6e9140e213..ac5d570124 100644 --- a/src/main/process.c +++ b/src/main/process.c @@ -3171,7 +3171,25 @@ static int request_will_proxy(REQUEST *request) return 0; +#ifdef WITH_COA_TUNNEL + } else if (((request->packet->code == PW_CODE_COA_REQUEST) || + (request->packet->code == PW_CODE_DISCONNECT_REQUEST)) && + ((vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_ORIGINATING_REALM, 0, TAG_ANY)) != NULL)) { + + /* + * This function will set request->home_server, + * and also request->proxy_listener. + */ + if (listen_coa_find(request, vp->vp_strvalue) < 0) return 0; + + /* + * Initialise request->proxy, and copy VPs over. + */ + home_server_update_request(request->home_server, request); + goto add_proxy_state; + } else { +#endif return 0; } @@ -3267,6 +3285,10 @@ do_home: * The RFC's say we have to do this, but FreeRADIUS * doesn't need it. */ +#ifdef WITH_COA_TUNNEL +add_proxy_state: +#endif + vp = radius_pair_create(request->proxy, &request->proxy->vps, PW_PROXY_STATE, 0); fr_pair_value_sprintf(vp, "%u", request->packet->id); diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c index 7bc848116c..ec59e963df 100644 --- a/src/main/tls_listen.c +++ b/src/main/tls_listen.c @@ -585,7 +585,7 @@ int dual_tls_send(rad_listen_t *listener, REQUEST *request) if (listener->send_coa && !listener->key) { VALUE_PAIR *vp = NULL; - vp = fr_pair_find_by_num(request->config, PW_TCP_SESSION_KEY, 0, TAG_ANY); + vp = fr_pair_find_by_num(request->config, PW_ORIGINATING_REALM_KEY, 0, TAG_ANY); if (vp) { RDEBUG("Adding send CoA listener with key %s", vp->vp_strvalue); listen_coa_add(request->listener, vp->vp_strvalue); -- 2.47.2