On Wed, Jul 10, 2013 at 04:25:56PM +0100, Phil Mayers wrote:
This is almost certainly this:
https://github.com/FreeRADIUS/freeradius-server/commit/a00c44328013f0e166636...
My code, but as usual I blame Arran for pulling it into v2 ;-P
...which is necessary for the EAP virtual server post-auth/reject stuff that was backported.
Probably needs this code converting to use rad_virtual_server:
https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/src/main/event.c...
Untested, but at a quick glance it's probably just changing line 1984 in event.c from fun = rad_authenticate to fun = rad_virtual_server rad_authenticate used to call rad_postauth internally on a success, but not failure (IIRC it was that way around), and the failure case was called from event.c - this meant that inner tunnel fake requests only saw it for one and not both. The new rad_virtual_server just makes sure it's called for both, and the "if accept {postauth}" code got pulled from rad_authenticate. There's probably no reason why rad_virtual_server can't be substituted wherever rad_authenticate appears, and then rad_postauth pulled out from anywhere else it's hiding (essentially just removing event.c:2453 and event.c:2478-2480). That should tidy it up a bit, and make things more consistent. I think this was all tidied and fixed in 3.0, but I can't remember off the top of my head. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>