--- radiusd.h.orig	Fri Jun  4 09:18:27 1999
+++ radiusd.h	Fri Jun  4 09:18:06 1999
@@ -83,4 +83,5 @@
 	u_char			*data;		/* Raw received data */
 	int			data_len;
+	VALUE_PAIR		*proxy_pairs;
 	/* Proxy support fields */
 	u_char			realm[32];
--- radius.c.orig	Fri Jun  4 09:15:20 1999
+++ radius.c	Fri Jun  4 09:20:19 1999
@@ -62,5 +62,4 @@
 			reply = NULL;
 			pairmove2(&reply, &oreply, PW_REPLY_MESSAGE);
-			pairmove2(&reply, &oreply, PW_PROXY_STATE);
 			break;
 		case PW_ACCESS_CHALLENGE:
@@ -78,4 +77,7 @@
 	}
 
+	/* this could be more efficient, but it works... */
+	pairmove2(&reply, &authreq->proxy_pairs, PW_PROXY_STATE);
+
 	/*
 	 *	Build standard header
@@ -362,4 +364,5 @@
 	authreq->data = buffer;
 	authreq->data_len = length;
+	authreq->proxy_pairs = NULL;
 
 	/*
@@ -489,4 +492,8 @@
 	}
 	authreq->request = first_pair;
+
+	/* hide the proxy pairs from the rest of the server */
+	pairmove2(&authreq->proxy_pairs, &authreq->request, PW_PROXY_STATE);
+
 	return(authreq);
 }
--- auth.c.orig	Fri Jun  4 09:20:35 1999
+++ auth.c	Fri Jun  4 09:21:37 1999
@@ -531,5 +531,4 @@
 	VALUE_PAIR	*user_check;
 	VALUE_PAIR	*user_reply;
-	VALUE_PAIR	*proxy_pairs;
 	int		result, r;
 	char		pw_digest[16];
@@ -558,10 +557,4 @@
 
 	/*
-	 *	Move the proxy_state A/V pairs somewhere else.
-	 */
-	proxy_pairs = NULL;
-	pairmove2(&proxy_pairs, &(authreq->request), PW_PROXY_STATE);
-
-	/*
 	 *	If this request got proxied to another server, we need
 	 *	to add an initial Auth-Type: Auth-Accept for success,
@@ -598,6 +591,5 @@
 			namepair->strvalue, auth_name(authreq, 1));
 		rad_send_reply(PW_AUTHENTICATION_REJECT, authreq,
-			proxy_pairs, NULL, activefd);
-		pairfree(proxy_pairs);
+			NULL, NULL, activefd);
 		pairfree(user_reply);
 		authfree(authreq);
@@ -616,11 +608,5 @@
 			namepair, pw_digest, &user_msg, userpass);
 		if (result > 0) {
-			/*
-			 *	FIXME: proxy_pairs is lost in reply.
-			 *	Happens only in the CHAP case, which
-			 *	doesn't work anyway, so ..
-			 */
 			authfree(authreq);
-			pairfree(proxy_pairs);
 			pairfree(user_reply);
 			return -1;
@@ -632,6 +618,4 @@
 		}
 	} while(0);
-
-	pairmove2(&user_reply, &proxy_pairs, PW_PROXY_STATE);
 
 	if (result < 0) {
--- proxy.c.orig	Fri Jun  4 09:28:00 1999
+++ proxy.c	Fri Jun  4 09:29:07 1999
@@ -573,5 +573,5 @@
 	prev    = NULL;
 
-	for (vp = authreq->request; vp; vp = vp->next) {
+	for (vp = authreq->proxy_pairs; vp; vp = vp->next) {
 		if (vp->attribute == PW_PROXY_STATE) {
 			prev = x;
@@ -614,5 +614,5 @@
 
 	if (oldreq == NULL) {
-		log(L_PROXY, "Unreckognized proxy reply from server %s - ID %d",
+		log(L_PROXY, "Unrecognized proxy reply from server %s - ID %d",
 			client_name(authreq->ipaddr), authreq->id);
 		return -1;
@@ -634,5 +634,5 @@
 			prev->next = last->next;
 		else
-			authreq->request = last->next;
+			authreq->proxy_pairs = last->next;
 	}