just remove code for proxying

FreeRADIUS · Jun 29, 2017 · c791d0a · c791d0a
1 parent 9556039
commit c791d0a
Showing 1 changed file with 4 additions and 344 deletions.
diff --git a/src/main/process.c b/src/main/process.c
@@ -2836,270 +2836,9 @@ static void proxy_queued(REQUEST *request, fr_state_action_t action)
  *	- 1 if #REQUEST should be proxied.
  *	- -1 on failure.
  */
-static int request_will_proxy(REQUEST *request)
+static int request_will_proxy(UNUSED REQUEST *request)
 {
-	int rcode, pre_proxy_type = 0;
-	char const *realmname = NULL;
-	VALUE_PAIR *vp, *strippedname;
-	home_server_t *home;
-	REALM *realm = NULL;
-	home_pool_t *pool = NULL;
-
-	VERIFY_REQUEST(request);
-
-	if (!request->root->proxy_requests) return 0;
-	if (request->packet->dst_port == 0) return 0;
-	if (request->packet->code == FR_CODE_STATUS_SERVER) return 0;
-	if (request->in_proxy_hash) return 0;
-	if (request->reply->code != 0) return 0;
-
-	vp = fr_pair_find_by_num(request->control, 0, FR_PROXY_TO_REALM, TAG_ANY);
-	if (vp) {
-		realm = NULL;
-		if (!realm) {
-			REDEBUG2("Cannot proxy to unknown realm %s",
-				vp->vp_strvalue);
-			return 0;
-		}
-
-		realmname = vp->vp_strvalue;
-
-		/*
-		 *	Figure out which pool to use.
-		 */
-		if (request->packet->code == FR_CODE_ACCESS_REQUEST) {
-			pool = realm->auth_pool;
-
-#ifdef WITH_ACCOUNTING
-		} else if (request->packet->code == FR_CODE_ACCOUNTING_REQUEST) {
-			pool = realm->acct_pool;
-#endif
-
-#ifdef WITH_COA
-		} else if ((request->packet->code == FR_CODE_COA_REQUEST) ||
-			   (request->packet->code == FR_CODE_DISCONNECT_REQUEST)) {
-			pool = realm->coa_pool;
-#endif
-
-		} else {
-			return 0;
-		}
-
-	} else if ((vp = fr_pair_find_by_num(request->control, 0, FR_HOME_SERVER_POOL, TAG_ANY)) != NULL) {
-		int pool_type;
-
-		switch (request->packet->code) {
-		case FR_CODE_ACCESS_REQUEST:
-			pool_type = HOME_TYPE_AUTH;
-			break;
-
-#ifdef WITH_ACCOUNTING
-		case FR_CODE_ACCOUNTING_REQUEST:
-			pool_type = HOME_TYPE_ACCT;
-			break;
-#endif
-
-#ifdef WITH_COA
-		case FR_CODE_COA_REQUEST:
-		case FR_CODE_DISCONNECT_REQUEST:
-			pool_type = HOME_TYPE_COA;
-			break;
-#endif
-
-		default:
-			return 0;
-		}
-
-		pool = NULL;
-
-		/*
-		 *	Send it directly to a home server (i.e. NAS)
-		 */
-	} else if (((vp = fr_pair_find_by_num(request->control, 0, FR_PACKET_DST_IP_ADDRESS, TAG_ANY)) != NULL) ||
-		   ((vp = fr_pair_find_by_num(request->control, 0, FR_PACKET_DST_IPV6_ADDRESS, TAG_ANY)) != NULL)) {
-		uint16_t dst_port;
-		fr_ipaddr_t dst_ipaddr;
-
-		memset(&dst_ipaddr, 0, sizeof(dst_ipaddr));
-
-		if (vp->da->attr == FR_PACKET_DST_IP_ADDRESS) {
-			dst_ipaddr.af = AF_INET;
-			dst_ipaddr.addr.v4.s_addr = vp->vp_ipv4addr;
-			dst_ipaddr.prefix = 32;
-		} else {
-			dst_ipaddr.af = AF_INET6;
-			memcpy(&dst_ipaddr.addr.v6, &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
-			dst_ipaddr.prefix = 128;
-		}
-
-		vp = fr_pair_find_by_num(request->control, 0, FR_PACKET_DST_PORT, TAG_ANY);
-		if (!vp) {
-			if (request->packet->code == FR_CODE_ACCESS_REQUEST) {
-				dst_port = FR_AUTH_UDP_PORT;
-
-#ifdef WITH_ACCOUNTING
-			} else if (request->packet->code == FR_CODE_ACCOUNTING_REQUEST) {
-				dst_port = FR_ACCT_UDP_PORT;
-#endif
-
-#ifdef WITH_COA
-			} else if ((request->packet->code == FR_CODE_COA_REQUEST) ||
-				   (request->packet->code == FR_CODE_DISCONNECT_REQUEST)) {
-				dst_port = FR_COA_UDP_PORT;
-#endif
-			} else { /* shouldn't happen for RADIUS... */
-				return 0;
-			}
-
-		} else {
-			dst_port = vp->vp_uint32;
-		}
-
-		/*
-		 *	Nothing does CoA over TCP.
-		 */
-		home = NULL;
-		if (!home) {
-			char buffer[INET6_ADDRSTRLEN];
-
-			WARN("No such home server %s port %u",
-			     inet_ntop(dst_ipaddr.af, &dst_ipaddr.addr, buffer, sizeof(buffer)),
-			     (unsigned int) dst_port);
-			return 0;
-		}
-
-		/*
-		 *	The home server is alive (or may be alive).
-		 *	Send the packet to the IP.
-		 */
-		if (home->state != HOME_STATE_IS_DEAD) goto do_home;
-
-		/*
-		 *	The home server is dead.  If you wanted
-		 *	fail-over, you should have proxied to a pool.
-		 *	Sucks to be you.
-		 */
-
-		return 0;
-
-	} else {
-		return 0;
-	}
-
-	if (!pool) {
-		RWDEBUG2("Cancelling proxy as no home pool exists");
-		return 0;
-	}
-
-	request->home_pool = pool;
-
-	home = NULL;
-
-	if (!home) {
-		REDEBUG2("Failed to find live home server: Cancelling proxy");
-		return 0;
-	}
-
-do_home:
-	/*
-	 *	Remember that we sent the request to a Realm.
-	 */
-	if (realmname) pair_make_request("Realm", realmname, T_OP_EQ);
-
-	/*
-	 *	Strip the name, if told to.
-	 *
-	 *	Doing it here catches the case of proxied tunneled
-	 *	requests.
-	 */
-	if (realm && (realm->strip_realm == true) &&
-	    (strippedname = fr_pair_find_by_num(request->proxy->packet->vps, 0, FR_STRIPPED_USER_NAME, TAG_ANY)) != NULL) {
-		/*
-		 *	If there's a Stripped-User-Name attribute in
-		 *	the request, then use THAT as the User-Name
-		 *	for the proxied request, instead of the
-		 *	original name.
-		 *
-		 *	This is done by making a copy of the
-		 *	Stripped-User-Name attribute, turning it into
-		 *	a User-Name attribute, deleting the
-		 *	Stripped-User-Name and User-Name attributes
-		 *	from the vps list, and making the new
-		 *	User-Name the head of the vps list.
-		 */
-		vp = fr_pair_find_by_num(request->proxy->packet->vps, 0, FR_USER_NAME, TAG_ANY);
-		if (!vp) {
-			vp_cursor_t cursor;
-			vp = radius_pair_create(NULL, NULL,
-					       FR_USER_NAME, 0);
-			rad_assert(vp != NULL);	/* handled by above function */
-			/* Insert at the START of the list */
-			/* FIXME: Can't make assumptions about ordering */
-			fr_pair_cursor_init(&cursor, &vp);
-			fr_pair_cursor_merge(&cursor, request->proxy->packet->vps);
-			request->proxy->packet->vps = vp;
-		}
-		fr_pair_value_strcpy(vp, strippedname->vp_strvalue);
-
-		/*
-		 *	Do NOT delete Stripped-User-Name.
-		 */
-	}
-
-	/*
-	 *	Call the pre-proxy routines.
-	 */
-	vp = fr_pair_find_by_num(request->control, 0, FR_PRE_PROXY_TYPE, TAG_ANY);
-	if (vp) {
-		fr_dict_enum_t const *dval = fr_dict_enum_by_value(NULL, vp->da, &vp->data);
-		/* Must be a validation issue */
-		rad_assert(dval);
-		RDEBUG2("Found Pre-Proxy-Type %s", dval->alias);
-		pre_proxy_type = vp->vp_uint32;
-	}
-
-	/*
-	 *	home_pool may be NULL when originating CoA packets,
-	 *	because they go directly to an IP address.
-	 */
-	if (request->home_pool && request->home_pool->virtual_server) {
-		CONF_SECTION *old_server = request->server_cs;
-
-		request->proxy->server_cs = virtual_server_find(request->home_pool->virtual_server);
-		request->server_cs = request->proxy->server_cs; /* @fixme 4.0 this shouldn't be necessary! */
-
-		RDEBUG2("server %s {", cf_section_name2(request->server_cs));
-		RINDENT();
-		rcode = process_pre_proxy(pre_proxy_type, request);
-		REXDENT();
-		RDEBUG2("}");
-
-		request->server_cs = old_server;
-	} else {
-		rcode = process_pre_proxy(pre_proxy_type, request);
-	}
-
-	switch (rcode) {
-	case RLM_MODULE_FAIL:
-	case RLM_MODULE_INVALID:
-	case RLM_MODULE_NOTFOUND:
-	case RLM_MODULE_USERLOCK:
-	default:
-		/* FIXME: debug print failed stuff */
-		return -1;
-
-	case RLM_MODULE_REJECT:
-	case RLM_MODULE_HANDLED:
-		return 0;
-
-	/*
-	 *	Only proxy the packet if the pre-proxy code succeeded.
-	 */
-	case RLM_MODULE_NOOP:
-	case RLM_MODULE_OK:
-	case RLM_MODULE_UPDATED:
-		return 1;
-	}
+	return 0;
 }
 
 static int proxy_to_virtual_server(REQUEST *request)
@@ -3253,88 +2992,9 @@ static int request_proxy_send(REQUEST *request)
 /*
  *	Proxy the packet as if it was new.
  */
-static int request_proxy_anew(REQUEST *request)
+static int request_proxy_anew(UNUSED REQUEST *request)
 {
-	home_server_t *home;
-
-	VERIFY_REQUEST(request);
-
-	/*
-	 *	Delete the request from the proxy list.
-	 *
-	 *	The packet list code takes care of ensuring that IDs
-	 *	aren't reused until all 256 IDs have been used.  So
-	 *	there's a 1/256 chance of re-using the same ID when
-	 *	we're sending to the same home server.  Which is
-	 *	acceptable.
-	 */
-	remove_from_proxy_hash(request);
-
-	/*
-	 *	Find a live home server for the request.
-	 */
-	home = NULL;
-	if (!home) {
-		REDEBUG2("Failed to find live home server for request");
-	post_proxy_fail:
-		if (setup_post_proxy_fail(request)) {
-			request_thread(request, proxy_no_reply);
-		} else {
-			gettimeofday(&request->reply->timestamp, NULL);
-			request_cleanup_delay_init(request);
-		}
-		return 0;
-	}
-
-#ifdef WITH_ACCOUNTING
-	/*
-	 *	Update the Acct-Delay-Time attribute, since the LAST
-	 *	time we tried to retransmit this packet.
-	 */
-	if (request->packet->code == FR_CODE_ACCOUNTING_REQUEST) {
-		VALUE_PAIR *vp;
-
-		vp = fr_pair_find_by_num(request->proxy->packet->vps, 0, FR_ACCT_DELAY_TIME, TAG_ANY);
-		if (!vp) vp = radius_pair_create(request->proxy->packet,
-						&request->proxy->packet->vps,
-						FR_ACCT_DELAY_TIME, 0);
-		if (vp) {
-			struct timeval now;
-
-			gettimeofday(&now, NULL);
-			vp->vp_uint32 += now.tv_sec - request->proxy->packet->timestamp.tv_sec;
-		}
-	}
-#endif
-
-	/*
-	 *	May have failed over to a "fallback" virtual server.
-	 *	If so, run that instead of doing proxying to a real
-	 *	server.
-	 */
-	if (home->server) {
-		request->proxy->home_server = home;
-		TALLOC_FREE(request->proxy->packet);
-
-		(void) proxy_to_virtual_server(request);
-		return 0;
-	}
-
-	if (!insert_into_proxy_hash(request)) {
-		RPROXY("Failed to insert retransmission into the proxy list");
-		goto post_proxy_fail;
-	}
-
-	/*
-	 *	Free the old packet, to force re-encoding
-	 */
-	talloc_free(request->proxy->packet->data);
-	request->proxy->packet->data = NULL;
-	request->proxy->packet->data_len = 0;
-
-	if (request_proxy_send(request) != 1) goto post_proxy_fail;
-
-	return 1;
+	return 0;
 }