if the realm is a LOCAL one, then still add the 'Realm' attribute,

	but don't actually proxy the packet, as we'll end up handling
	it anyhow.

	This allows the administrator to use Proxy-To-Realm := "localrealm",
	and NOT have the server send itself packets in an infinite loop.

diff --git a/src/main/proxy.c b/src/main/proxy.c
index 9738842..4636bc4 100644 (file)
--- a/src/main/proxy.c
+++ b/src/main/proxy.c
@@ -197,6 +197,14 @@ int proxy_send(REQUEST *request)
                return 0;
        }
 
+       /*
+        *      Length == 0 means it exists, but there's no realm.
+        *      Don't proxy it.
+        */
+       if (realmpair->length == 0) {
+               return 0;
+       }
+
        realmname = (char *)realmpair->strvalue;
 
        /*
@@ -212,6 +220,23 @@ int proxy_send(REQUEST *request)
        }
 
        /*
+        *      Remember that we sent the request to a Realm.
+        */
+       pairadd(&request->packet->vps,
+               pairmake("Realm", realm->realm, T_OP_EQ));
+       
+
+       /*
+        *      Maybe they're proxying it to a LOCAL realm, in which
+        *      case do nothing.
+        */
+       if ((realm->ipaddr = htonl(0x7f000001)) &&      
+           (realm->auth_port == auth_port) &&
+           (realm->acct_port == acct_port)) {
+               return 0;
+       }
+       
+       /*
         *      Copy the request, then look up
         *      name and plain-text password in the copy.
         *
@@ -251,12 +276,6 @@ int proxy_send(REQUEST *request)
        }
 
        /*
-        *      Remember that we sent the request to a Realm.
-        */
-       pairadd(&request->packet->vps,
-               pairmake("Realm", realm->realm, T_OP_EQ));
-
-       /*
         *      Now build a new RADIUS_PACKET and send it.
         *
         *      FIXME: it could be that the id wraps around too fast if