Lines Matching refs:radius
2 * RADIUS client
12 #include "radius.h"
16 /* Defaults for RADIUS retransmit values (exponential backoff) */
19 * RADIUS_CLIENT_FIRST_WAIT - RADIUS client timeout for first retry in seconds
24 * RADIUS_CLIENT_MAX_WAIT - RADIUS client maximum retry timeout in seconds
29 * RADIUS_CLIENT_MAX_RETRIES - RADIUS client maximum retries
37 * RADIUS_CLIENT_MAX_ENTRIES - RADIUS client maximum pending messages
45 * RADIUS_CLIENT_NUM_FAILOVER - RADIUS client failover point
47 * The number of failed retry attempts after which the RADIUS server will be
54 * struct radius_rx_handler - RADIUS client RX handler
56 * This data structure is used internally inside the RADIUS client module to
58 * radius_client_register() and unregistered when the RADIUS client is
63 * handler - Received RADIUS message handler
79 * struct radius_msg_list - RADIUS client message retransmit list
81 * This data structure is used internally inside the RADIUS client module to
82 * store pending RADIUS requests that may still need to be retransmitted.
88 * This is used to find RADIUS messages for the same STA.
93 * msg - RADIUS message
128 * shared_secret - Shared secret with the target RADIUS server
147 * struct radius_client_data - Internal RADIUS client data
149 * This data structure is used internally inside the RADIUS client module.
152 * calls to other functions as an identifier for the RADIUS client instance.
161 * conf - RADIUS client configuration (list of RADIUS servers to use)
166 * auth_serv_sock - IPv4 socket for RADIUS authentication messages
171 * acct_serv_sock - IPv4 socket for RADIUS accounting messages
176 * auth_serv_sock6 - IPv6 socket for RADIUS authentication messages
181 * acct_serv_sock6 - IPv6 socket for RADIUS accounting messages
186 * auth_sock - Currently used socket for RADIUS authentication server
191 * acct_sock - Currently used socket for RADIUS accounting server
216 * msgs - Pending outgoing RADIUS messages
226 * next_radius_identifier - Next RADIUS message identifier to use
233 radius_change_server(struct radius_client_data *radius,
237 static int radius_client_init_acct(struct radius_client_data *radius);
238 static int radius_client_init_auth(struct radius_client_data *radius);
249 * radius_client_register - Register a RADIUS client RX handler
250 * @radius: RADIUS client context from radius_client_init()
251 * @msg_type: RADIUS client type (RADIUS_AUTH or RADIUS_ACCT)
252 * @handler: Handler for received RADIUS messages
256 * This function is used to register a handler for processing received RADIUS
258 * be called whenever a RADIUS message is received from the active server.
260 * There can be multiple registered RADIUS message handlers. The handlers will
264 int radius_client_register(struct radius_client_data *radius,
277 handlers = &radius->acct_handlers;
278 num = &radius->num_acct_handlers;
280 handlers = &radius->auth_handlers;
281 num = &radius->num_auth_handlers;
298 static void radius_client_handle_send_error(struct radius_client_data *radius,
303 perror("send[RADIUS]");
306 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
313 radius_client_init_acct(radius);
315 radius_client_init_auth(radius);
321 static int radius_client_retransmit(struct radius_client_data *radius,
325 struct hostapd_radius_servers *conf = radius->conf;
331 s = radius->acct_sock;
339 s = radius->auth_sock;
350 hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
351 HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)",
357 radius_client_handle_send_error(radius, s, entry->msg_type);
364 printf("Removing un-ACKed RADIUS message due to too many "
375 struct radius_client_data *radius = eloop_ctx;
376 struct hostapd_radius_servers *conf = radius->conf;
383 entry = radius->msgs;
393 radius_client_retransmit(radius, entry, now.sec)) {
397 radius->msgs = entry->next;
402 radius->num_msgs--;
421 if (radius->msgs) {
425 radius_client_timer, radius, NULL);
426 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
427 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client "
435 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
442 for (entry = radius->msgs; entry; entry = entry->next) {
451 radius_change_server(radius, next, old,
452 radius->auth_serv_sock,
453 radius->auth_serv_sock6, 1);
459 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
466 for (entry = radius->msgs; entry; entry = entry->next) {
476 radius_change_server(radius, next, old,
477 radius->acct_serv_sock,
478 radius->acct_serv_sock6, 0);
483 static void radius_client_update_timeout(struct radius_client_data *radius)
489 eloop_cancel_timeout(radius_client_timer, radius, NULL);
491 if (radius->msgs == NULL) {
496 for (entry = radius->msgs; entry; entry = entry->next) {
504 eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius,
506 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
507 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client retransmit in"
512 static void radius_client_list_add(struct radius_client_data *radius,
529 printf("Failed to add RADIUS packet into retransmit list\n");
545 entry->next = radius->msgs;
546 radius->msgs = entry;
547 radius_client_update_timeout(radius);
549 if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) {
550 printf("Removing the oldest un-ACKed RADIUS packet due to "
562 radius->num_msgs++;
566 static void radius_client_list_del(struct radius_client_data *radius,
574 entry = radius->msgs;
582 radius->msgs = entry->next;
585 hostapd_logger(radius->ctx, addr,
588 "Removing matching RADIUS message");
590 radius->num_msgs--;
600 * radius_client_send - Send a RADIUS request
601 * @radius: RADIUS client context from radius_client_init()
602 * @msg: RADIUS message to be sent
607 * This function is used to transmit a RADIUS authentication (RADIUS_AUTH) or
621 int radius_client_send(struct radius_client_data *radius,
625 struct hostapd_radius_servers *conf = radius->conf;
634 radius_client_list_del(radius, msg_type, addr);
639 hostapd_logger(radius->ctx, NULL,
649 s = radius->acct_sock;
653 hostapd_logger(radius->ctx, NULL,
663 s = radius->auth_sock;
667 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
668 HOSTAPD_LEVEL_DEBUG, "Sending RADIUS message to %s "
676 radius_client_handle_send_error(radius, s, msg_type);
678 radius_client_list_add(radius, msg, msg_type, shared_secret,
687 struct radius_client_data *radius = eloop_ctx;
688 struct hostapd_radius_servers *conf = radius->conf;
702 handlers = radius->acct_handlers;
703 num_handlers = radius->num_acct_handlers;
706 handlers = radius->auth_handlers;
707 num_handlers = radius->num_auth_handlers;
713 perror("recv[RADIUS]");
716 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
717 HOSTAPD_LEVEL_DEBUG, "Received %d bytes from RADIUS "
727 printf("Parsing incoming RADIUS frame failed\n");
733 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
734 HOSTAPD_LEVEL_DEBUG, "Received RADIUS message");
754 req = radius->msgs;
757 * alternative RADIUS servers (?) */
770 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
772 "No matching RADIUS request found (type=%d "
781 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
783 "Received RADIUS packet matched with a pending "
788 /* Remove ACKed RADIUS packet from retransmit list */
792 radius->msgs = req->next;
793 radius->num_msgs--;
820 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
821 HOSTAPD_LEVEL_DEBUG, "No RADIUS RX handler found "
834 * radius_client_get_id - Get an identifier for a new RADIUS message
835 * @radius: RADIUS client context from radius_client_init()
839 * for a new RADIUS message.
841 u8 radius_client_get_id(struct radius_client_data *radius)
844 u8 id = radius->next_radius_identifier++;
847 * using new reply from the RADIUS server with an old request */
848 entry = radius->msgs;
852 hostapd_logger(radius->ctx, entry->addr,
855 "Removing pending RADIUS message, "
860 radius->msgs = entry->next;
877 * radius_client_flush - Flush all pending RADIUS client messages
878 * @radius: RADIUS client context from radius_client_init()
881 void radius_client_flush(struct radius_client_data *radius, int only_auth)
885 if (!radius)
889 entry = radius->msgs;
896 radius->msgs = entry->next;
901 radius->num_msgs--;
908 if (radius->msgs == NULL)
909 eloop_cancel_timeout(radius_client_timer, radius, NULL);
913 static void radius_client_update_acct_msgs(struct radius_client_data *radius,
919 if (!radius)
922 for (entry = radius->msgs; entry; entry = entry->next) {
934 radius_change_server(struct radius_client_data *radius,
948 struct hostapd_radius_servers *conf = radius->conf;
950 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
960 /* Pending RADIUS packets used different shared secret, so
963 * since they would require more changes and the new RADIUS
968 radius_client_flush(radius, 1);
971 radius, nserv->shared_secret,
977 for (entry = radius->msgs; entry; entry = entry->next) {
986 if (radius->msgs) {
987 eloop_cancel_timeout(radius_client_timer, radius, NULL);
989 radius_client_timer, radius, NULL);
1044 perror("bind[radius]");
1050 perror("connect[radius]");
1059 wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u",
1067 wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u",
1078 radius->auth_sock = sel_sock;
1080 radius->acct_sock = sel_sock;
1088 struct radius_client_data *radius = eloop_ctx;
1089 struct hostapd_radius_servers *conf = radius->conf;
1092 if (radius->auth_sock >= 0 && conf->auth_servers &&
1096 radius_change_server(radius, conf->auth_server, oserv,
1097 radius->auth_serv_sock,
1098 radius->auth_serv_sock6, 1);
1101 if (radius->acct_sock >= 0 && conf->acct_servers &&
1105 radius_change_server(radius, conf->acct_server, oserv,
1106 radius->acct_serv_sock,
1107 radius->acct_serv_sock6, 0);
1112 radius_retry_primary_timer, radius,
1133 static int radius_client_init_auth(struct radius_client_data *radius)
1135 struct hostapd_radius_servers *conf = radius->conf;
1138 radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
1139 if (radius->auth_serv_sock < 0)
1142 radius_client_disable_pmtu_discovery(radius->auth_serv_sock);
1147 radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
1148 if (radius->auth_serv_sock6 < 0)
1157 radius_change_server(radius, conf->auth_server, NULL,
1158 radius->auth_serv_sock, radius->auth_serv_sock6,
1161 if (radius->auth_serv_sock >= 0 &&
1162 eloop_register_read_sock(radius->auth_serv_sock,
1163 radius_client_receive, radius,
1171 if (radius->auth_serv_sock6 >= 0 &&
1172 eloop_register_read_sock(radius->auth_serv_sock6,
1173 radius_client_receive, radius,
1185 static int radius_client_init_acct(struct radius_client_data *radius)
1187 struct hostapd_radius_servers *conf = radius->conf;
1190 radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
1191 if (radius->acct_serv_sock < 0)
1194 radius_client_disable_pmtu_discovery(radius->acct_serv_sock);
1199 radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
1200 if (radius->acct_serv_sock6 < 0)
1209 radius_change_server(radius, conf->acct_server, NULL,
1210 radius->acct_serv_sock, radius->acct_serv_sock6,
1213 if (radius->acct_serv_sock >= 0 &&
1214 eloop_register_read_sock(radius->acct_serv_sock,
1215 radius_client_receive, radius,
1223 if (radius->acct_serv_sock6 >= 0 &&
1224 eloop_register_read_sock(radius->acct_serv_sock6,
1225 radius_client_receive, radius,
1238 * radius_client_init - Initialize RADIUS client
1240 * @conf: RADIUS client configuration (RADIUS servers)
1241 * Returns: Pointer to private RADIUS client context or %NULL on failure
1244 * the lifetime of the RADIUS client, i.e., until radius_client_deinit() is
1250 struct radius_client_data *radius;
1252 radius = os_zalloc(sizeof(struct radius_client_data));
1253 if (radius == NULL)
1256 radius->ctx = ctx;
1257 radius->conf = conf;
1258 radius->auth_serv_sock = radius->acct_serv_sock =
1259 radius->auth_serv_sock6 = radius->acct_serv_sock6 =
1260 radius->auth_sock = radius->acct_sock = -1;
1262 if (conf->auth_server && radius_client_init_auth(radius)) {
1263 radius_client_deinit(radius);
1267 if (conf->acct_server && radius_client_init_acct(radius)) {
1268 radius_client_deinit(radius);
1274 radius_retry_primary_timer, radius,
1277 return radius;
1282 * radius_client_deinit - Deinitialize RADIUS client
1283 * @radius: RADIUS client context from radius_client_init()
1285 void radius_client_deinit(struct radius_client_data *radius)
1287 if (!radius)
1290 if (radius->auth_serv_sock >= 0)
1291 eloop_unregister_read_sock(radius->auth_serv_sock);
1292 if (radius->acct_serv_sock >= 0)
1293 eloop_unregister_read_sock(radius->acct_serv_sock);
1295 if (radius->auth_serv_sock6 >= 0)
1296 eloop_unregister_read_sock(radius->auth_serv_sock6);
1297 if (radius->acct_serv_sock6 >= 0)
1298 eloop_unregister_read_sock(radius->acct_serv_sock6);
1301 eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL);
1303 radius_client_flush(radius, 0);
1304 os_free(radius->auth_handlers);
1305 os_free(radius->acct_handlers);
1306 os_free(radius);
1311 * radius_client_flush_auth - Flush pending RADIUS messages for an address
1312 * @radius: RADIUS client context from radius_client_init()
1315 * This function can be used to remove pending RADIUS authentication messages
1320 void radius_client_flush_auth(struct radius_client_data *radius,
1326 entry = radius->msgs;
1330 hostapd_logger(radius->ctx, addr,
1333 "Removing pending RADIUS authentication"
1339 radius->msgs = entry->next;
1344 radius->num_msgs--;
1450 * radius_client_get_mib - Get RADIUS client MIB information
1451 * @radius: RADIUS client context from radius_client_init()
1456 int radius_client_get_mib(struct radius_client_data *radius, char *buf,
1459 struct hostapd_radius_servers *conf = radius->conf;
1470 radius : NULL);
1480 radius : NULL);
1488 void radius_client_reconfig(struct radius_client_data *radius,
1491 if (radius)
1492 radius->conf = conf;
