Last call for 3.0.8

Sam Hartman hartmans at
Tue Mar 31 19:36:48 CEST 2015

Stefan has just noticed that the trustrouter code fails kind of
spectacularly if
you don't have a trustrouter configured.

My recommendation is that if trustrouter is null/empty string/the string
"none" (set in rlm_realm.c as the default) that tr_query_realm should
return NULL.

Here's a patch I've confirmed compiles but have not tested.
I'm unfortunately in the middle of something else and it'll be a bit
before I can test.
Stefan, can you confirm that this helps your problem and especially that
it doesn't break trustrouter usage?

diff --git a/src/modules/rlm_realm/trustrouter.c b/src/modules/rlm_realm/trustrouter.c
index 338f497..47ed024 100644
--- a/src/modules/rlm_realm/trustrouter.c
+++ b/src/modules/rlm_realm/trustrouter.c
@@ -355,6 +355,9 @@ REALM *tr_query_realm(REQUEST *request, char const *realm,
 	struct resp_opaque cookie;
 	if (!realm) return NULL;
+	if (!trustrouter || (strcmp(trustrouter, "none") == 0))
+		return NULL;
 	/* clear the cookie structure */
 	memset (&cookie, 0, sizeof(cookie));

More information about the Freeradius-Devel mailing list