On Apr 21, 2016, at 12:16 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 21/04/16 16:39, Arran Cudbard-Bell wrote:
I'll add something that behaves like that.
It would be super-useful if the thing you add is present before "authorize" is called; State only appears after eap.authenticate, which can be too late for some kinds of logging.
Yeah, the state I was referring to wasn't the state attribute, it was the a fr_state_entry_t. But the ID of that struct mutates every round too, because a new instance of that struct is allocated each time. We can change fr_state_to_request to populate a field in the REQUEST * with a session number if it fails to find a matching state entry or state attribute. If it does fine a state entry, we copy over the session number from that state entry. fr_state_to_request runs before authorize, so that'd meet your requirement :)
I never understood why State mutates on each roundtrip ;o)
Hmm, I think the idea might have been to add support for diverse proxy paths eventually, in which case you can't rely on just the request ID. -Arran