Lines Matching refs:radius
2 * hostapd / RADIUS client
18 #include "radius.h"
22 /* Defaults for RADIUS retransmit values (exponential backoff) */
31 #define RADIUS_CLIENT_NUM_FAILOVER 4 /* try to change RADIUS server after this
44 /* RADIUS message retransmit list */
46 u8 addr[ETH_ALEN]; /* STA/client address; used to find RADIUS messages
69 int auth_serv_sock; /* socket for authentication RADIUS messages */
70 int acct_serv_sock; /* socket for accounting RADIUS messages */
89 radius_change_server(struct radius_client_data *radius,
93 static int radius_client_init_acct(struct radius_client_data *radius);
94 static int radius_client_init_auth(struct radius_client_data *radius);
105 int radius_client_register(struct radius_client_data *radius,
118 handlers = &radius->acct_handlers;
119 num = &radius->num_acct_handlers;
121 handlers = &radius->auth_handlers;
122 num = &radius->num_auth_handlers;
139 static void radius_client_handle_send_error(struct radius_client_data *radius,
144 perror("send[RADIUS]");
147 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
154 radius_client_init_acct(radius);
156 radius_client_init_auth(radius);
162 static int radius_client_retransmit(struct radius_client_data *radius,
166 struct hostapd_radius_servers *conf = radius->conf;
171 s = radius->acct_sock;
179 s = radius->auth_sock;
190 hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
191 HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)",
196 radius_client_handle_send_error(radius, s, entry->msg_type);
203 printf("Removing un-ACKed RADIUS message due to too many "
214 struct radius_client_data *radius = eloop_ctx;
215 struct hostapd_radius_servers *conf = radius->conf;
222 entry = radius->msgs;
232 radius_client_retransmit(radius, entry, now.sec)) {
236 radius->msgs = entry->next;
241 radius->num_msgs--;
260 if (radius->msgs) {
264 radius_client_timer, radius, NULL);
265 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
266 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client "
274 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
281 for (entry = radius->msgs; entry; entry = entry->next) {
290 radius_change_server(radius, next, old,
291 radius->auth_serv_sock,
292 radius->auth_serv_sock6, 1);
298 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
305 for (entry = radius->msgs; entry; entry = entry->next) {
315 radius_change_server(radius, next, old,
316 radius->acct_serv_sock,
317 radius->acct_serv_sock6, 0);
322 static void radius_client_update_timeout(struct radius_client_data *radius)
328 eloop_cancel_timeout(radius_client_timer, radius, NULL);
330 if (radius->msgs == NULL) {
335 for (entry = radius->msgs; entry; entry = entry->next) {
343 eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius,
345 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
346 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client retransmit in"
351 static void radius_client_list_add(struct radius_client_data *radius,
368 printf("Failed to add RADIUS packet into retransmit list\n");
385 entry->next = radius->msgs;
386 radius->msgs = entry;
387 radius_client_update_timeout(radius);
389 if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) {
390 printf("Removing the oldest un-ACKed RADIUS packet due to "
402 radius->num_msgs++;
406 static void radius_client_list_del(struct radius_client_data *radius,
414 entry = radius->msgs;
422 radius->msgs = entry->next;
425 hostapd_logger(radius->ctx, addr,
428 "Removing matching RADIUS message");
430 radius->num_msgs--;
439 int radius_client_send(struct radius_client_data *radius,
443 struct hostapd_radius_servers *conf = radius->conf;
451 radius_client_list_del(radius, msg_type, addr);
456 hostapd_logger(radius->ctx, NULL,
466 s = radius->acct_sock;
470 hostapd_logger(radius->ctx, NULL,
480 s = radius->auth_sock;
484 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
485 HOSTAPD_LEVEL_DEBUG, "Sending RADIUS message to %s "
492 radius_client_handle_send_error(radius, s, msg_type);
494 radius_client_list_add(radius, msg, msg_type, shared_secret,
503 struct radius_client_data *radius = eloop_ctx;
504 struct hostapd_radius_servers *conf = radius->conf;
517 handlers = radius->acct_handlers;
518 num_handlers = radius->num_acct_handlers;
521 handlers = radius->auth_handlers;
522 num_handlers = radius->num_auth_handlers;
528 perror("recv[RADIUS]");
531 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
532 HOSTAPD_LEVEL_DEBUG, "Received %d bytes from RADIUS "
542 printf("Parsing incoming RADIUS frame failed\n");
547 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
548 HOSTAPD_LEVEL_DEBUG, "Received RADIUS message");
568 req = radius->msgs;
571 * alternative RADIUS servers (?) */
583 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
585 "No matching RADIUS request found (type=%d "
594 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
596 "Received RADIUS packet matched with a pending "
601 /* Remove ACKed RADIUS packet from retransmit list */
605 radius->msgs = req->next;
606 radius->num_msgs--;
634 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
635 HOSTAPD_LEVEL_DEBUG, "No RADIUS RX handler found "
648 u8 radius_client_get_id(struct radius_client_data *radius)
651 u8 id = radius->next_radius_identifier++;
654 * using new reply from the RADIUS server with an old request */
655 entry = radius->msgs;
659 hostapd_logger(radius->ctx, entry->addr,
662 "Removing pending RADIUS message, "
667 radius->msgs = entry->next;
683 void radius_client_flush(struct radius_client_data *radius, int only_auth)
687 if (!radius)
691 entry = radius->msgs;
698 radius->msgs = entry->next;
703 radius->num_msgs--;
710 if (radius->msgs == NULL)
711 eloop_cancel_timeout(radius_client_timer, radius, NULL);
715 void radius_client_update_acct_msgs(struct radius_client_data *radius,
721 if (!radius)
724 for (entry = radius->msgs; entry; entry = entry->next) {
736 radius_change_server(struct radius_client_data *radius,
751 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
761 /* Pending RADIUS packets used different shared secret, so
764 * since they would require more changes and the new RADIUS
769 radius_client_flush(radius, 1);
772 radius, nserv->shared_secret,
778 for (entry = radius->msgs; entry; entry = entry->next) {
787 if (radius->msgs) {
788 eloop_cancel_timeout(radius_client_timer, radius, NULL);
790 radius_client_timer, radius, NULL);
820 perror("connect[radius]");
825 radius->auth_sock = sel_sock;
827 radius->acct_sock = sel_sock;
835 struct radius_client_data *radius = eloop_ctx;
836 struct hostapd_radius_servers *conf = radius->conf;
839 if (radius->auth_sock >= 0 && conf->auth_servers &&
843 radius_change_server(radius, conf->auth_server, oserv,
844 radius->auth_serv_sock,
845 radius->auth_serv_sock6, 1);
848 if (radius->acct_sock >= 0 && conf->acct_servers &&
852 radius_change_server(radius, conf->acct_server, oserv,
853 radius->acct_serv_sock,
854 radius->acct_serv_sock6, 0);
859 radius_retry_primary_timer, radius,
864 static int radius_client_init_auth(struct radius_client_data *radius)
866 struct hostapd_radius_servers *conf = radius->conf;
869 radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
870 if (radius->auth_serv_sock < 0)
876 radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
877 if (radius->auth_serv_sock6 < 0)
886 radius_change_server(radius, conf->auth_server, NULL,
887 radius->auth_serv_sock, radius->auth_serv_sock6,
890 if (radius->auth_serv_sock >= 0 &&
891 eloop_register_read_sock(radius->auth_serv_sock,
892 radius_client_receive, radius,
900 if (radius->auth_serv_sock6 >= 0 &&
901 eloop_register_read_sock(radius->auth_serv_sock6,
902 radius_client_receive, radius,
914 static int radius_client_init_acct(struct radius_client_data *radius)
916 struct hostapd_radius_servers *conf = radius->conf;
919 radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
920 if (radius->acct_serv_sock < 0)
926 radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
927 if (radius->acct_serv_sock6 < 0)
936 radius_change_server(radius, conf->acct_server, NULL,
937 radius->acct_serv_sock, radius->acct_serv_sock6,
940 if (radius->acct_serv_sock >= 0 &&
941 eloop_register_read_sock(radius->acct_serv_sock,
942 radius_client_receive, radius,
950 if (radius->acct_serv_sock6 >= 0 &&
951 eloop_register_read_sock(radius->acct_serv_sock6,
952 radius_client_receive, radius,
967 struct radius_client_data *radius;
969 radius = wpa_zalloc(sizeof(struct radius_client_data));
970 if (radius == NULL)
973 radius->ctx = ctx;
974 radius->conf = conf;
975 radius->auth_serv_sock = radius->acct_serv_sock =
976 radius->auth_serv_sock6 = radius->acct_serv_sock6 =
977 radius->auth_sock = radius->acct_sock = -1;
979 if (conf->auth_server && radius_client_init_auth(radius)) {
980 radius_client_deinit(radius);
984 if (conf->acct_server && radius_client_init_acct(radius)) {
985 radius_client_deinit(radius);
991 radius_retry_primary_timer, radius,
994 return radius;
998 void radius_client_deinit(struct radius_client_data *radius)
1000 if (!radius)
1003 if (radius->auth_serv_sock >= 0)
1004 eloop_unregister_read_sock(radius->auth_serv_sock);
1005 if (radius->acct_serv_sock >= 0)
1006 eloop_unregister_read_sock(radius->acct_serv_sock);
1008 eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL);
1010 radius_client_flush(radius, 0);
1011 os_free(radius->auth_handlers);
1012 os_free(radius->acct_handlers);
1013 os_free(radius);
1017 void radius_client_flush_auth(struct radius_client_data *radius, u8 *addr)
1022 entry = radius->msgs;
1026 hostapd_logger(radius->ctx, addr,
1029 "Removing pending RADIUS authentication"
1035 radius->msgs = entry->next;
1040 radius->num_msgs--;
1145 int radius_client_get_mib(struct radius_client_data *radius, char *buf,
1148 struct hostapd_radius_servers *conf = radius->conf;
1159 radius : NULL);
1169 radius : NULL);
1213 "Reconfiguring RADIUS client");
