Add LoopPrevention per server (RADSECPROXY-1).

TODO: Documentation and configuration example still missing.


git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@544 e88ac4ed-0b26-0410-9574-a7f39faa03bf

2 files changed, 6 insertions, 1 deletions

diff --git a/radsecproxy.c b/radsecproxy.c
index 7a8b5e2..c058ac7 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1492,7 +1492,9 @@ int radsrv(struct request *rq) {
 	goto exit;
     }
 
-    if (options.loopprevention && !strcmp(from->conf->name, to->conf->name)) {
+    if ((to->conf->loopprevention == 1
+	 || (to->conf->loopprevention == UCHAR_MAX && options.loopprevention == 1))
+	&& !strcmp(from->conf->name, to->conf->name)) {
 	debug(DBG_INFO, "radsrv: Loop prevented, not forwarding request from client %s (%s) to server %s, discarding",
 	      from->conf->name, addr2string(from->addr), to->conf->name);
 	goto exit;
@@ -2759,6 +2761,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 	return 0;
     }
     memset(conf, 0, sizeof(struct clsrvconf));
+    conf->loopprevention = UCHAR_MAX; /* Uninitialized.  */
     resconf = (struct clsrvconf *)arg;
     if (resconf) {
 	conf->statusserver = resconf->statusserver;
@@ -2784,6 +2787,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 			  "RetryInterval", CONF_LINT, &retryinterval,
 			  "RetryCount", CONF_LINT, &retrycount,
 			  "DynamicLookupCommand", CONF_STR, &conf->dynamiclookupcommand,
+			  "LoopPrevention", CONF_BLN, &conf->loopprevention,
 			  NULL
 	    )) {
 	debug(DBG_ERR, "configuration error");
diff --git a/radsecproxy.h b/radsecproxy.h
index 4601259..7528f7f 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -98,6 +98,7 @@ struct clsrvconf {
     uint8_t dupinterval;
     uint8_t certnamecheck;
     uint8_t addttl;
+    uint8_t loopprevention;
     struct rewrite *rewritein;
     struct rewrite *rewriteout;
     pthread_mutex_t *lock; /* only used for updating clients so far */