diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:41:52 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:41:52 +0000 |
| commit | 44eafeee62e6982131c62df6f74335114ca53024 (patch) | |
| tree | 1cdf833b0a76e52630d717202398ced5900e11e9 /src/main/tls_listen.c | |
| parent | Adding upstream version 3.2.3+dfsg. (diff) | |
| download | freeradius-upstream.tar.xz freeradius-upstream.zip | |
Adding upstream version 3.2.5+dfsg.upstream/3.2.5+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/main/tls_listen.c')
| -rw-r--r-- | src/main/tls_listen.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c index fa8c382..3dc786b 100644 --- a/src/main/tls_listen.c +++ b/src/main/tls_listen.c @@ -377,7 +377,6 @@ static int tls_socket_recv(rad_listen_t *listener) REQUEST *request; listen_socket_t *sock = listener->data; fr_tls_status_t status; - RADCLIENT *client = sock->client; if (!sock->packet) { sock->packet = rad_alloc(sock, false); @@ -580,6 +579,7 @@ check_for_setup: * or any other contents. */ request->packet->code = PW_CODE_STATUS_SERVER; + request->packet->id = request->reply->id = 0; request->packet->data = talloc_zero_array(request->packet, uint8_t, 20); request->packet->data[0] = PW_CODE_STATUS_SERVER; request->packet->data[3] = 20; @@ -673,6 +673,7 @@ read_application_data: #ifdef WITH_RADIUSV11 packet->radiusv11 = sock->radiusv11; #endif + packet->tls = true; if (!rad_packet_ok(packet, 0, NULL)) { if (DEBUG_ENABLED) ERROR("Receive - %s", fr_strerror()); @@ -708,8 +709,6 @@ read_application_data: } } - FR_STATS_INC(auth, total_requests); - return 1; } @@ -874,6 +873,7 @@ int dual_tls_send(rad_listen_t *listener, REQUEST *request) */ if (sock->state == LISTEN_TLS_CHECKING) { if (request->reply->code != PW_CODE_ACCESS_ACCEPT) { + RDEBUG("(TLS) Connection checks failed - closing connection"); listener->status = RAD_LISTEN_STATUS_EOL; listener->tls = NULL; /* parent owns this! */ @@ -887,6 +887,7 @@ int dual_tls_send(rad_listen_t *listener, REQUEST *request) /* * Resume reading from the listener. */ + RDEBUG("(TLS) Connection checks succeeded - continuing with normal reads"); listener->status = RAD_LISTEN_STATUS_RESUME; radius_update_listener(listener); @@ -1286,6 +1287,7 @@ int proxy_tls_recv(rad_listen_t *listener) } #endif + packet->tls = true; /* * FIXME: Client MIB updates? @@ -1373,6 +1375,7 @@ int proxy_tls_send(rad_listen_t *listener, REQUEST *request) * if there's no packet, encode it here. */ if (!request->proxy->data) { + request->reply->tls = true; request->proxy_listener->proxy_encode(request->proxy_listener, request); } @@ -1406,9 +1409,11 @@ int proxy_tls_send(rad_listen_t *listener, REQUEST *request) return -1; } + RDEBUG3("(TLS) has %zu bytes in the buffer", sock->ssn->clean_out.used); + memcpy(sock->ssn->clean_out.data + sock->ssn->clean_out.used, request->proxy->data, request->proxy->data_len); sock->ssn->clean_out.used += request->proxy->data_len; - RDEBUG3("(TLS) Writing %zu bytes for later (total %zu)", request->proxy->data_len, sock->ssn->clean_out.used); + RDEBUG3("(TLS) Saving %zu bytes of RADIUS traffic for later (total %zu)", request->proxy->data_len, sock->ssn->clean_out.used); PTHREAD_MUTEX_UNLOCK(&sock->mutex); return 0; @@ -1508,6 +1513,8 @@ int proxy_tls_send_reply(rad_listen_t *listener, REQUEST *request) if ((listener->status != RAD_LISTEN_STATUS_INIT && (listener->status != RAD_LISTEN_STATUS_KNOWN))) return 0; + request->reply->tls = true; + /* * Pack the VPs */ |