projects / freeradius.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
eliminate bogus whitespace diff
[freeradius.git] / src / main / tls_listen.c
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 710946a..f4323a7 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -77,22 +77,11 @@ static void tls_socket_close(rad_listen_t *listener)
        listener->status = RAD_LISTEN_STATUS_EOL;
        listener->tls = NULL; /* parent owns this! */
 
-       if (sock->parent) {
-               /*
-                *      Decrement the number of connections.
-                */
-               if (sock->parent->limit.num_connections > 0) {
-                       sock->parent->limit.num_connections--;
-               }
-               if (sock->client->limit.num_connections > 0) {
-                       sock->client->limit.num_connections--;
-               }
-       }
-
        /*
         *      Tell the event handler that an FD has disappeared.
         */
-       event_new_fd(listener);
+       DEBUG("Client has closed connection");
+       radius_update_listener(listener);
 
        /*
         *      Do NOT free the listener here.  It's in use by
@@ -141,7 +130,7 @@ static int tls_socket_recv(rad_listen_t *listener)
        RADCLIENT *client = sock->client;
 
        if (!sock->packet) {
-               sock->packet = rad_alloc(sock, 0);
+               sock->packet = rad_alloc(sock, false);
                if (!sock->packet) return 0;
 
                sock->packet->sockfd = listener->fd;
@@ -151,8 +140,7 @@ static int tls_socket_recv(rad_listen_t *listener)
                sock->packet->dst_port = sock->my_port;
 
                if (sock->request) {
-                       (void) talloc_steal(sock->request, sock->packet);
-                       sock->request->packet = sock->packet;
+                       sock->request->packet = talloc_steal(sock->request, sock->packet);
                }
        }
 
@@ -168,7 +156,7 @@ static int tls_socket_recv(rad_listen_t *listener)
 
                rad_assert(request->packet == NULL);
                rad_assert(sock->packet != NULL);
-               request->packet = sock->packet;
+               request->packet = talloc_steal(request, sock->packet);
 
                request->component = "<core>";
                request->component = "<tls-connect>";
@@ -176,15 +164,15 @@ static int tls_socket_recv(rad_listen_t *listener)
                /*
                 *      Not sure if we should do this on every packet...
                 */
-               request->reply = rad_alloc(request, 0);
+               request->reply = rad_alloc(request, false);
                if (!request->reply) return 0;
 
                rad_assert(sock->ssn == NULL);
 
-               sock->ssn = tls_new_session(listener->tls, sock->request,
+               sock->ssn = tls_new_session(listener->tls, listener->tls, sock->request,
                                            listener->tls->require_client_cert);
                if (!sock->ssn) {
-                       request_free(&sock->request);
+                       TALLOC_FREE(sock->request);
                        sock->packet = NULL;
                        return 0;
                }
@@ -192,6 +180,7 @@ static int tls_socket_recv(rad_listen_t *listener)
                (void) talloc_steal(sock, sock->ssn);
                SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_REQUEST, (void *)request);
                SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_CERTS, (void *)&request->packet->vps);
+               SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_TALLOC, sock->parent);
 
                doing_init = true;
        }
@@ -274,7 +263,7 @@ app:
                return 0;
        }
 
-       dump_hex("TUNNELED DATA", sock->ssn->clean_out.data, sock->ssn->clean_out.used);
+       dump_hex("TUNNELED DATA > ", sock->ssn->clean_out.data, sock->ssn->clean_out.used);
 
        /*
         *      If the packet is a complete RADIUS packet, return it to
@@ -365,7 +354,7 @@ int dual_tls_recv(rad_listen_t *listener)
         *      set.
         */
        switch(packet->code) {
-       case PW_CODE_AUTHENTICATION_REQUEST:
+       case PW_CODE_ACCESS_REQUEST:
                if (listener->type != RAD_LISTEN_AUTH) goto bad_packet;
                FR_STATS_INC(auth, total_requests);
                fun = rad_authenticate;
@@ -389,9 +378,9 @@ int dual_tls_recv(rad_listen_t *listener)
 #endif
 
        case PW_CODE_STATUS_SERVER:
-               if (!mainconfig.status_server) {
+               if (!main_config.status_server) {
                        FR_STATS_INC(auth, total_unknown_types);
-                       WDEBUG("Ignoring Status-Server request due to security configuration");
+                       WARN("Ignoring Status-Server request due to security configuration");
                        rad_free(&sock->packet);
                        request->packet = NULL;
                        return 0;
@@ -465,12 +454,15 @@ int dual_tls_send(rad_listen_t *listener, REQUEST *request)
        }
 
        PTHREAD_MUTEX_LOCK(&sock->mutex);
+
        /*
         *      Write the packet to the SSL buffers.
         */
        sock->ssn->record_plus(&sock->ssn->clean_in,
                               request->reply->data, request->reply->data_len);
 
+       dump_hex("TUNNELED DATA < ", sock->ssn->clean_in.data, sock->ssn->clean_in.used);
+
        /*
         *      Do SSL magic to get encrypted data.
         */
@@ -637,7 +629,7 @@ int proxy_tls_recv(rad_listen_t *listener)
 
        data = sock->data;
 
-       packet = rad_alloc(sock, 0);
+       packet = rad_alloc(sock, false);
        packet->sockfd = listener->fd;
        packet->src_ipaddr = sock->other_ipaddr;
        packet->src_port = sock->other_port;
@@ -654,9 +646,9 @@ int proxy_tls_recv(rad_listen_t *listener)
         *      FIXME: Client MIB updates?
         */
        switch(packet->code) {
-       case PW_CODE_AUTHENTICATION_ACK:
+       case PW_CODE_ACCESS_ACCEPT:
        case PW_CODE_ACCESS_CHALLENGE:
-       case PW_CODE_AUTHENTICATION_REJECT:
+       case PW_CODE_ACCESS_REJECT:
                break;
 
 #ifdef WITH_ACCOUNTING
@@ -693,7 +685,8 @@ int proxy_tls_send(rad_listen_t *listener, REQUEST *request)
 
        VERIFY_REQUEST(request);
 
-       if (listener->status != RAD_LISTEN_STATUS_KNOWN) return 0;
+       if ((listener->status != RAD_LISTEN_STATUS_INIT) &&
+           (listener->status != RAD_LISTEN_STATUS_KNOWN)) return 0;
 
        /*
         *      Normal proxying calls us with the data already
Unnamed repository; edit this file 'description' to name the repository.