12 #include "radius.h"
248 radius_change_server(struct radius_client_data *radius,
252 static int radius_client_init_acct(struct radius_client_data *radius);
253 static int radius_client_init_auth(struct radius_client_data *radius);
254 static void radius_client_auth_failover(struct radius_client_data *radius);
255 static void radius_client_acct_failover(struct radius_client_data *radius);
267  * @radius: RADIUS client context from radius_client_init()
281 int radius_client_register(struct radius_client_data *radius,
294 		handlers = &radius->acct_handlers;
295 		num = &radius->num_acct_handlers;
297 		handlers = &radius->auth_handlers;
298 		num = &radius->num_auth_handlers;
317  * @radius: RADIUS client context from radius_client_init()
325 void radius_client_set_interim_error_cb(struct radius_client_data *radius,
329 	radius->interim_error_cb = cb;
330 	radius->interim_error_cb_ctx = ctx;
338 static int radius_client_handle_send_error(struct radius_client_data *radius,
346 		hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
352 			radius_client_init_acct(radius);
355 			radius_client_init_auth(radius);
365 static int radius_client_retransmit(struct radius_client_data *radius,
369 	struct hostapd_radius_servers *conf = radius->conf;
380 		if (radius->acct_sock < 0)
381 			radius_client_init_acct(radius);
382 		if (radius->acct_sock < 0 && conf->num_acct_servers > 1) {
383 			prev_num_msgs = radius->num_msgs;
384 			radius_client_acct_failover(radius);
385 			if (prev_num_msgs != radius->num_msgs)
388 		s = radius->acct_sock;
397 		if (radius->auth_sock < 0)
398 			radius_client_init_auth(radius);
399 		if (radius->auth_sock < 0 && conf->num_auth_servers > 1) {
400 			prev_num_msgs = radius->num_msgs;
401 			radius_client_auth_failover(radius);
402 			if (prev_num_msgs != radius->num_msgs)
405 		s = radius->auth_sock;
419 		if (radius->interim_error_cb)
420 			radius->interim_error_cb(entry->addr,
421 						 radius->interim_error_cb_ctx);
444 		hdr->identifier = radius_client_get_id(radius);
455 		if (radius->conf->msg_dumps)
469 	hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
476 		if (radius_client_handle_send_error(radius, s, entry->msg_type)
492 	struct radius_client_data *radius = eloop_ctx;
500 	entry = radius->msgs;
508 			s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock :
509 				radius->acct_sock;
523 		radius_client_auth_failover(radius);
526 		radius_client_acct_failover(radius);
528 	entry = radius->msgs;
533 		prev_num_msgs = radius->num_msgs;
535 		    radius_client_retransmit(radius, entry, now.sec)) {
539 				radius->msgs = entry->next;
544 			radius->num_msgs--;
548 		if (prev_num_msgs != radius->num_msgs) {
551 			entry = radius->msgs;
563 	if (radius->msgs) {
566 		eloop_cancel_timeout(radius_client_timer, radius, NULL);
568 				       radius_client_timer, radius, NULL);
569 		hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
577 static void radius_client_auth_failover(struct radius_client_data *radius)
579 	struct hostapd_radius_servers *conf = radius->conf;
585 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
591 	for (entry = radius->msgs; entry; entry = entry->next) {
600 	radius_change_server(radius, next, old,
601 			     radius->auth_serv_sock,
602 			     radius->auth_serv_sock6, 1);
606 static void radius_client_acct_failover(struct radius_client_data *radius)
608 	struct hostapd_radius_servers *conf = radius->conf;
614 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
620 	for (entry = radius->msgs; entry; entry = entry->next) {
630 	radius_change_server(radius, next, old,
631 			     radius->acct_serv_sock,
632 			     radius->acct_serv_sock6, 0);
636 static void radius_client_update_timeout(struct radius_client_data *radius)
642 	eloop_cancel_timeout(radius_client_timer, radius, NULL);
644 	if (radius->msgs == NULL) {
649 	for (entry = radius->msgs; entry; entry = entry->next) {
657 	eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius,
659 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
665 static void radius_client_list_add(struct radius_client_data *radius,
701 	entry->next = radius->msgs;
702 	radius->msgs = entry;
703 	radius_client_update_timeout(radius);
705 	if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) {
717 		radius->num_msgs++;
723  * @radius: RADIUS client context from radius_client_init()
746 int radius_client_send(struct radius_client_data *radius,
750 	struct hostapd_radius_servers *conf = radius->conf;
758 		if (conf->acct_server && radius->acct_sock < 0)
759 			radius_client_init_acct(radius);
761 		if (conf->acct_server == NULL || radius->acct_sock < 0 ||
763 			hostapd_logger(radius->ctx, NULL,
773 		s = radius->acct_sock;
776 		if (conf->auth_server && radius->auth_sock < 0)
777 			radius_client_init_auth(radius);
779 		if (conf->auth_server == NULL || radius->auth_sock < 0 ||
781 			hostapd_logger(radius->ctx, NULL,
791 		s = radius->auth_sock;
795 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
804 		radius_client_handle_send_error(radius, s, msg_type);
806 	radius_client_list_add(radius, msg, msg_type, shared_secret,
815 	struct radius_client_data *radius = eloop_ctx;
816 	struct hostapd_radius_servers *conf = radius->conf;
830 		handlers = radius->acct_handlers;
831 		num_handlers = radius->num_acct_handlers;
834 		handlers = radius->auth_handlers;
835 		num_handlers = radius->num_auth_handlers;
844 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
860 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
881 	req = radius->msgs;
897 		hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
908 	hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
919 		radius->msgs = req->next;
920 	radius->num_msgs--;
947 	hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
962  * @radius: RADIUS client context from radius_client_init()
968 u8 radius_client_get_id(struct radius_client_data *radius)
971 	u8 id = radius->next_radius_identifier++;
975 	entry = radius->msgs;
979 			hostapd_logger(radius->ctx, entry->addr,
987 				radius->msgs = entry->next;
1005  * @radius: RADIUS client context from radius_client_init()
1008 void radius_client_flush(struct radius_client_data *radius, int only_auth)
1012 	if (!radius)
1016 	entry = radius->msgs;
1023 				radius->msgs = entry->next;
1028 			radius->num_msgs--;
1035 	if (radius->msgs == NULL)
1036 		eloop_cancel_timeout(radius_client_timer, radius, NULL);
1040 static void radius_client_update_acct_msgs(struct radius_client_data *radius,
1046 	if (!radius)
1049 	for (entry = radius->msgs; entry; entry = entry->next) {
1061 radius_change_server(struct radius_client_data *radius,
1075 	struct hostapd_radius_servers *conf = radius->conf;
1080 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
1090 			radius_client_flush(radius, 1);
1105 			radius_client_flush(radius, 1);
1108 				radius, nserv->shared_secret,
1114 	for (entry = radius->msgs; oserv && entry; entry = entry->next) {
1123 	if (radius->msgs) {
1124 		eloop_cancel_timeout(radius_client_timer, radius, NULL);
1126 				       radius_client_timer, radius, NULL);
1188 			wpa_printf(MSG_INFO, "bind[radius]: %s",
1197 		wpa_printf(MSG_INFO, "disconnect[radius]: %s", strerror(errno));
1200 		wpa_printf(MSG_INFO, "connect[radius]: %s", strerror(errno));
1232 		radius->auth_sock = sel_sock;
1234 		radius->acct_sock = sel_sock;
1242 	struct radius_client_data *radius = eloop_ctx;
1243 	struct hostapd_radius_servers *conf = radius->conf;
1246 	if (radius->auth_sock >= 0 && conf->auth_servers &&
1250 		if (radius_change_server(radius, conf->auth_server, oserv,
1251 					 radius->auth_serv_sock,
1252 					 radius->auth_serv_sock6, 1) < 0) {
1254 			radius_change_server(radius, oserv, conf->auth_server,
1255 					     radius->auth_serv_sock,
1256 					     radius->auth_serv_sock6, 1);
1260 	if (radius->acct_sock >= 0 && conf->acct_servers &&
1264 		if (radius_change_server(radius, conf->acct_server, oserv,
1265 					 radius->acct_serv_sock,
1266 					 radius->acct_serv_sock6, 0) < 0) {
1268 			radius_change_server(radius, oserv, conf->acct_server,
1269 					     radius->acct_serv_sock,
1270 					     radius->acct_serv_sock6, 0);
1276 				       radius_retry_primary_timer, radius,
1297 static void radius_close_auth_sockets(struct radius_client_data *radius)
1299 	radius->auth_sock = -1;
1301 	if (radius->auth_serv_sock >= 0) {
1302 		eloop_unregister_read_sock(radius->auth_serv_sock);
1303 		close(radius->auth_serv_sock);
1304 		radius->auth_serv_sock = -1;
1307 	if (radius->auth_serv_sock6 >= 0) {
1308 		eloop_unregister_read_sock(radius->auth_serv_sock6);
1309 		close(radius->auth_serv_sock6);
1310 		radius->auth_serv_sock6 = -1;
1316 static void radius_close_acct_sockets(struct radius_client_data *radius)
1318 	radius->acct_sock = -1;
1320 	if (radius->acct_serv_sock >= 0) {
1321 		eloop_unregister_read_sock(radius->acct_serv_sock);
1322 		close(radius->acct_serv_sock);
1323 		radius->acct_serv_sock = -1;
1326 	if (radius->acct_serv_sock6 >= 0) {
1327 		eloop_unregister_read_sock(radius->acct_serv_sock6);
1328 		close(radius->acct_serv_sock6);
1329 		radius->acct_serv_sock6 = -1;
1335 static int radius_client_init_auth(struct radius_client_data *radius)
1337 	struct hostapd_radius_servers *conf = radius->conf;
1340 	radius_close_auth_sockets(radius);
1342 	radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
1343 	if (radius->auth_serv_sock < 0)
1347 		radius_client_disable_pmtu_discovery(radius->auth_serv_sock);
1352 	radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
1353 	if (radius->auth_serv_sock6 < 0)
1363 	radius_change_server(radius, conf->auth_server, NULL,
1364 			     radius->auth_serv_sock, radius->auth_serv_sock6,
1367 	if (radius->auth_serv_sock >= 0 &&
1368 	    eloop_register_read_sock(radius->auth_serv_sock,
1369 				     radius_client_receive, radius,
1372 		radius_close_auth_sockets(radius);
1377 	if (radius->auth_serv_sock6 >= 0 &&
1378 	    eloop_register_read_sock(radius->auth_serv_sock6,
1379 				     radius_client_receive, radius,
1382 		radius_close_auth_sockets(radius);
1391 static int radius_client_init_acct(struct radius_client_data *radius)
1393 	struct hostapd_radius_servers *conf = radius->conf;
1396 	radius_close_acct_sockets(radius);
1398 	radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
1399 	if (radius->acct_serv_sock < 0)
1403 		radius_client_disable_pmtu_discovery(radius->acct_serv_sock);
1408 	radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
1409 	if (radius->acct_serv_sock6 < 0)
1419 	radius_change_server(radius, conf->acct_server, NULL,
1420 			     radius->acct_serv_sock, radius->acct_serv_sock6,
1423 	if (radius->acct_serv_sock >= 0 &&
1424 	    eloop_register_read_sock(radius->acct_serv_sock,
1425 				     radius_client_receive, radius,
1428 		radius_close_acct_sockets(radius);
1433 	if (radius->acct_serv_sock6 >= 0 &&
1434 	    eloop_register_read_sock(radius->acct_serv_sock6,
1435 				     radius_client_receive, radius,
1438 		radius_close_acct_sockets(radius);
1460 	struct radius_client_data *radius;
1462 	radius = os_zalloc(sizeof(struct radius_client_data));
1463 	if (radius == NULL)
1466 	radius->ctx = ctx;
1467 	radius->conf = conf;
1468 	radius->auth_serv_sock = radius->acct_serv_sock =
1469 		radius->auth_serv_sock6 = radius->acct_serv_sock6 =
1470 		radius->auth_sock = radius->acct_sock = -1;
1472 	if (conf->auth_server && radius_client_init_auth(radius)) {
1473 		radius_client_deinit(radius);
1477 	if (conf->acct_server && radius_client_init_acct(radius)) {
1478 		radius_client_deinit(radius);
1484 				       radius_retry_primary_timer, radius,
1487 	return radius;
1493  * @radius: RADIUS client context from radius_client_init()
1495 void radius_client_deinit(struct radius_client_data *radius)
1497 	if (!radius)
1500 	radius_close_auth_sockets(radius);
1501 	radius_close_acct_sockets(radius);
1503 	eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL);
1505 	radius_client_flush(radius, 0);
1506 	os_free(radius->auth_handlers);
1507 	os_free(radius->acct_handlers);
1508 	os_free(radius);
1514  * @radius: RADIUS client context from radius_client_init()
1522 void radius_client_flush_auth(struct radius_client_data *radius,
1528 	entry = radius->msgs;
1532 			hostapd_logger(radius->ctx, addr,
1541 				radius->msgs = entry->next;
1546 			radius->num_msgs--;
1653  * @radius: RADIUS client context from radius_client_init()
1658 int radius_client_get_mib(struct radius_client_data *radius, char *buf,
1666 	if (!radius)
1669 	conf = radius->conf;
1677 				radius : NULL);
1687 				radius : NULL);
1695 void radius_client_reconfig(struct radius_client_data *radius,
1698 	if (radius)
1699 		radius->conf = conf;

Indexes created Fri Sep 13 23:15:19 MDT 2024