Lines Matching refs:radius
2 * RADIUS client
12 #include "radius.h"
16 /* Defaults for RADIUS retransmit values (exponential backoff) */
19 * RADIUS_CLIENT_FIRST_WAIT - RADIUS client timeout for first retry in seconds
24 * RADIUS_CLIENT_MAX_WAIT - RADIUS client maximum retry timeout in seconds
29 * RADIUS_CLIENT_MAX_RETRIES - RADIUS client maximum retries
37 * RADIUS_CLIENT_MAX_ENTRIES - RADIUS client maximum pending messages
45 * RADIUS_CLIENT_NUM_FAILOVER - RADIUS client failover point
47 * The number of failed retry attempts after which the RADIUS server will be
54 * struct radius_rx_handler - RADIUS client RX handler
56 * This data structure is used internally inside the RADIUS client module to
58 * radius_client_register() and unregistered when the RADIUS client is
63 * handler - Received RADIUS message handler
79 * struct radius_msg_list - RADIUS client message retransmit list
81 * This data structure is used internally inside the RADIUS client module to
82 * store pending RADIUS requests that may still need to be retransmitted.
88 * This is used to find RADIUS messages for the same STA.
93 * msg - RADIUS message
128 * shared_secret - Shared secret with the target RADIUS server
147 * struct radius_client_data - Internal RADIUS client data
149 * This data structure is used internally inside the RADIUS client module.
152 * calls to other functions as an identifier for the RADIUS client instance.
161 * conf - RADIUS client configuration (list of RADIUS servers to use)
166 * auth_serv_sock - IPv4 socket for RADIUS authentication messages
171 * acct_serv_sock - IPv4 socket for RADIUS accounting messages
176 * auth_serv_sock6 - IPv6 socket for RADIUS authentication messages
181 * acct_serv_sock6 - IPv6 socket for RADIUS accounting messages
186 * auth_sock - Currently used socket for RADIUS authentication server
191 * acct_sock - Currently used socket for RADIUS accounting server
216 * msgs - Pending outgoing RADIUS messages
226 * next_radius_identifier - Next RADIUS message identifier to use
233 radius_change_server(struct radius_client_data *radius,
237 static int radius_client_init_acct(struct radius_client_data *radius);
238 static int radius_client_init_auth(struct radius_client_data *radius);
249 * radius_client_register - Register a RADIUS client RX handler
250 * @radius: RADIUS client context from radius_client_init()
251 * @msg_type: RADIUS client type (RADIUS_AUTH or RADIUS_ACCT)
252 * @handler: Handler for received RADIUS messages
256 * This function is used to register a handler for processing received RADIUS
258 * be called whenever a RADIUS message is received from the active server.
260 * There can be multiple registered RADIUS message handlers. The handlers will
264 int radius_client_register(struct radius_client_data *radius,
277 handlers = &radius->acct_handlers;
278 num = &radius->num_acct_handlers;
280 handlers = &radius->auth_handlers;
281 num = &radius->num_auth_handlers;
302 static int radius_client_handle_send_error(struct radius_client_data *radius,
307 wpa_printf(MSG_INFO, "send[RADIUS]: %s", strerror(errno));
310 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
316 radius_client_init_acct(radius);
319 radius_client_init_auth(radius);
329 static int radius_client_retransmit(struct radius_client_data *radius,
333 struct hostapd_radius_servers *conf = radius->conf;
339 s = radius->acct_sock;
347 s = radius->auth_sock;
358 hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
359 HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)",
365 if (radius_client_handle_send_error(radius, s, entry->msg_type)
375 wpa_printf(MSG_INFO, "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts");
385 struct radius_client_data *radius = eloop_ctx;
386 struct hostapd_radius_servers *conf = radius->conf;
395 entry = radius->msgs;
404 prev_num_msgs = radius->num_msgs;
406 radius_client_retransmit(radius, entry, now.sec)) {
410 radius->msgs = entry->next;
415 radius->num_msgs--;
419 if (prev_num_msgs != radius->num_msgs) {
421 "RADIUS: Message removed from queue - restart from beginning");
422 entry = radius->msgs;
427 s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock :
428 radius->acct_sock;
445 if (radius->msgs) {
449 radius_client_timer, radius, NULL);
450 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
451 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client "
459 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
466 for (entry = radius->msgs; entry; entry = entry->next) {
475 radius_change_server(radius, next, old,
476 radius->auth_serv_sock,
477 radius->auth_serv_sock6, 1);
483 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
490 for (entry = radius->msgs; entry; entry = entry->next) {
500 radius_change_server(radius, next, old,
501 radius->acct_serv_sock,
502 radius->acct_serv_sock6, 0);
507 static void radius_client_update_timeout(struct radius_client_data *radius)
513 eloop_cancel_timeout(radius_client_timer, radius, NULL);
515 if (radius->msgs == NULL) {
520 for (entry = radius->msgs; entry; entry = entry->next) {
528 eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius,
530 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
531 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client retransmit in"
536 static void radius_client_list_add(struct radius_client_data *radius,
553 wpa_printf(MSG_INFO, "RADIUS: Failed to add packet into retransmit list");
569 entry->next = radius->msgs;
570 radius->msgs = entry;
571 radius_client_update_timeout(radius);
573 if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) {
574 wpa_printf(MSG_INFO, "RADIUS: Removing the oldest un-ACKed packet due to retransmit list limits");
585 radius->num_msgs++;
589 static void radius_client_list_del(struct radius_client_data *radius,
597 entry = radius->msgs;
605 radius->msgs = entry->next;
608 hostapd_logger(radius->ctx, addr,
611 "Removing matching RADIUS message");
613 radius->num_msgs--;
623 * radius_client_send - Send a RADIUS request
624 * @radius: RADIUS client context from radius_client_init()
625 * @msg: RADIUS message to be sent
630 * This function is used to transmit a RADIUS authentication (RADIUS_AUTH) or
644 int radius_client_send(struct radius_client_data *radius,
648 struct hostapd_radius_servers *conf = radius->conf;
657 radius_client_list_del(radius, msg_type, addr);
661 if (conf->acct_server == NULL || radius->acct_sock < 0) {
662 hostapd_logger(radius->ctx, NULL,
672 s = radius->acct_sock;
675 if (conf->auth_server == NULL || radius->auth_sock < 0) {
676 hostapd_logger(radius->ctx, NULL,
686 s = radius->auth_sock;
690 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
691 HOSTAPD_LEVEL_DEBUG, "Sending RADIUS message to %s "
699 radius_client_handle_send_error(radius, s, msg_type);
701 radius_client_list_add(radius, msg, msg_type, shared_secret,
710 struct radius_client_data *radius = eloop_ctx;
711 struct hostapd_radius_servers *conf = radius->conf;
725 handlers = radius->acct_handlers;
726 num_handlers = radius->num_acct_handlers;
729 handlers = radius->auth_handlers;
730 num_handlers = radius->num_auth_handlers;
736 wpa_printf(MSG_INFO, "recv[RADIUS]: %s", strerror(errno));
739 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
740 HOSTAPD_LEVEL_DEBUG, "Received %d bytes from RADIUS "
743 wpa_printf(MSG_INFO, "RADIUS: Possibly too long UDP frame for our buffer - dropping it");
749 wpa_printf(MSG_INFO, "RADIUS: Parsing incoming frame failed");
755 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
756 HOSTAPD_LEVEL_DEBUG, "Received RADIUS message");
776 req = radius->msgs;
779 * alternative RADIUS servers (?) */
792 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
794 "No matching RADIUS request found (type=%d "
803 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
805 "Received RADIUS packet matched with a pending "
810 /* Remove ACKed RADIUS packet from retransmit list */
814 radius->msgs = req->next;
815 radius->num_msgs--;
842 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
843 HOSTAPD_LEVEL_DEBUG, "No RADIUS RX handler found "
856 * radius_client_get_id - Get an identifier for a new RADIUS message
857 * @radius: RADIUS client context from radius_client_init()
861 * for a new RADIUS message.
863 u8 radius_client_get_id(struct radius_client_data *radius)
866 u8 id = radius->next_radius_identifier++;
869 * using new reply from the RADIUS server with an old request */
870 entry = radius->msgs;
874 hostapd_logger(radius->ctx, entry->addr,
877 "Removing pending RADIUS message, "
882 radius->msgs = entry->next;
899 * radius_client_flush - Flush all pending RADIUS client messages
900 * @radius: RADIUS client context from radius_client_init()
903 void radius_client_flush(struct radius_client_data *radius, int only_auth)
907 if (!radius)
911 entry = radius->msgs;
918 radius->msgs = entry->next;
923 radius->num_msgs--;
930 if (radius->msgs == NULL)
931 eloop_cancel_timeout(radius_client_timer, radius, NULL);
935 static void radius_client_update_acct_msgs(struct radius_client_data *radius,
941 if (!radius)
944 for (entry = radius->msgs; entry; entry = entry->next) {
956 radius_change_server(struct radius_client_data *radius,
970 struct hostapd_radius_servers *conf = radius->conf;
972 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
983 /* Pending RADIUS packets used different shared secret, so
986 * since they would require more changes and the new RADIUS
991 radius_client_flush(radius, 1);
994 radius, nserv->shared_secret,
1000 for (entry = radius->msgs; oserv && oserv != nserv && entry;
1010 if (radius->msgs) {
1011 eloop_cancel_timeout(radius_client_timer, radius, NULL);
1013 radius_client_timer, radius, NULL);
1068 wpa_printf(MSG_INFO, "bind[radius]: %s",
1075 wpa_printf(MSG_INFO, "connect[radius]: %s", strerror(errno));
1084 wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u",
1092 wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u",
1103 radius->auth_sock = sel_sock;
1105 radius->acct_sock = sel_sock;
1113 struct radius_client_data *radius = eloop_ctx;
1114 struct hostapd_radius_servers *conf = radius->conf;
1117 if (radius->auth_sock >= 0 && conf->auth_servers &&
1121 radius_change_server(radius, conf->auth_server, oserv,
1122 radius->auth_serv_sock,
1123 radius->auth_serv_sock6, 1);
1126 if (radius->acct_sock >= 0 && conf->acct_servers &&
1130 radius_change_server(radius, conf->acct_server, oserv,
1131 radius->acct_serv_sock,
1132 radius->acct_serv_sock6, 0);
1137 radius_retry_primary_timer, radius,
1151 wpa_printf(MSG_ERROR, "RADIUS: Failed to set IP_MTU_DISCOVER: %s",
1158 static void radius_close_auth_sockets(struct radius_client_data *radius)
1160 radius->auth_sock = -1;
1162 if (radius->auth_serv_sock >= 0) {
1163 eloop_unregister_read_sock(radius->auth_serv_sock);
1164 close(radius->auth_serv_sock);
1165 radius->auth_serv_sock = -1;
1168 if (radius->auth_serv_sock6 >= 0) {
1169 eloop_unregister_read_sock(radius->auth_serv_sock6);
1170 close(radius->auth_serv_sock6);
1171 radius->auth_serv_sock6 = -1;
1177 static void radius_close_acct_sockets(struct radius_client_data *radius)
1179 radius->acct_sock = -1;
1181 if (radius->acct_serv_sock >= 0) {
1182 eloop_unregister_read_sock(radius->acct_serv_sock);
1183 close(radius->acct_serv_sock);
1184 radius->acct_serv_sock = -1;
1187 if (radius->acct_serv_sock6 >= 0) {
1188 eloop_unregister_read_sock(radius->acct_serv_sock6);
1189 close(radius->acct_serv_sock6);
1190 radius->acct_serv_sock6 = -1;
1196 static int radius_client_init_auth(struct radius_client_data *radius)
1198 struct hostapd_radius_servers *conf = radius->conf;
1201 radius_close_auth_sockets(radius);
1203 radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
1204 if (radius->auth_serv_sock < 0)
1205 wpa_printf(MSG_INFO, "RADIUS: socket[PF_INET,SOCK_DGRAM]: %s",
1208 radius_client_disable_pmtu_discovery(radius->auth_serv_sock);
1213 radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
1214 if (radius->auth_serv_sock6 < 0)
1215 wpa_printf(MSG_INFO, "RADIUS: socket[PF_INET6,SOCK_DGRAM]: %s",
1224 radius_change_server(radius, conf->auth_server, NULL,
1225 radius->auth_serv_sock, radius->auth_serv_sock6,
1228 if (radius->auth_serv_sock >= 0 &&
1229 eloop_register_read_sock(radius->auth_serv_sock,
1230 radius_client_receive, radius,
1232 wpa_printf(MSG_INFO, "RADIUS: Could not register read socket for authentication server");
1233 radius_close_auth_sockets(radius);
1238 if (radius->auth_serv_sock6 >= 0 &&
1239 eloop_register_read_sock(radius->auth_serv_sock6,
1240 radius_client_receive, radius,
1242 wpa_printf(MSG_INFO, "RADIUS: Could not register read socket for authentication server");
1243 radius_close_auth_sockets(radius);
1252 static int radius_client_init_acct(struct radius_client_data *radius)
1254 struct hostapd_radius_servers *conf = radius->conf;
1257 radius_close_acct_sockets(radius);
1259 radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
1260 if (radius->acct_serv_sock < 0)
1261 wpa_printf(MSG_INFO, "RADIUS: socket[PF_INET,SOCK_DGRAM]: %s",
1264 radius_client_disable_pmtu_discovery(radius->acct_serv_sock);
1269 radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
1270 if (radius->acct_serv_sock6 < 0)
1271 wpa_printf(MSG_INFO, "RADIUS: socket[PF_INET6,SOCK_DGRAM]: %s",
1280 radius_change_server(radius, conf->acct_server, NULL,
1281 radius->acct_serv_sock, radius->acct_serv_sock6,
1284 if (radius->acct_serv_sock >= 0 &&
1285 eloop_register_read_sock(radius->acct_serv_sock,
1286 radius_client_receive, radius,
1288 wpa_printf(MSG_INFO, "RADIUS: Could not register read socket for accounting server");
1289 radius_close_acct_sockets(radius);
1294 if (radius->acct_serv_sock6 >= 0 &&
1295 eloop_register_read_sock(radius->acct_serv_sock6,
1296 radius_client_receive, radius,
1298 wpa_printf(MSG_INFO, "RADIUS: Could not register read socket for accounting server");
1299 radius_close_acct_sockets(radius);
1309 * radius_client_init - Initialize RADIUS client
1311 * @conf: RADIUS client configuration (RADIUS servers)
1312 * Returns: Pointer to private RADIUS client context or %NULL on failure
1315 * the lifetime of the RADIUS client, i.e., until radius_client_deinit() is
1321 struct radius_client_data *radius;
1323 radius = os_zalloc(sizeof(struct radius_client_data));
1324 if (radius == NULL)
1327 radius->ctx = ctx;
1328 radius->conf = conf;
1329 radius->auth_serv_sock = radius->acct_serv_sock =
1330 radius->auth_serv_sock6 = radius->acct_serv_sock6 =
1331 radius->auth_sock = radius->acct_sock = -1;
1333 if (conf->auth_server && radius_client_init_auth(radius)) {
1334 radius_client_deinit(radius);
1338 if (conf->acct_server && radius_client_init_acct(radius)) {
1339 radius_client_deinit(radius);
1345 radius_retry_primary_timer, radius,
1348 return radius;
1353 * radius_client_deinit - Deinitialize RADIUS client
1354 * @radius: RADIUS client context from radius_client_init()
1356 void radius_client_deinit(struct radius_client_data *radius)
1358 if (!radius)
1361 radius_close_auth_sockets(radius);
1362 radius_close_acct_sockets(radius);
1364 eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL);
1366 radius_client_flush(radius, 0);
1367 os_free(radius->auth_handlers);
1368 os_free(radius->acct_handlers);
1369 os_free(radius);
1374 * radius_client_flush_auth - Flush pending RADIUS messages for an address
1375 * @radius: RADIUS client context from radius_client_init()
1378 * This function can be used to remove pending RADIUS authentication messages
1383 void radius_client_flush_auth(struct radius_client_data *radius,
1389 entry = radius->msgs;
1393 hostapd_logger(radius->ctx, addr,
1396 "Removing pending RADIUS authentication"
1402 radius->msgs = entry->next;
1407 radius->num_msgs--;
1513 * radius_client_get_mib - Get RADIUS client MIB information
1514 * @radius: RADIUS client context from radius_client_init()
1519 int radius_client_get_mib(struct radius_client_data *radius, char *buf,
1522 struct hostapd_radius_servers *conf = radius->conf;
1533 radius : NULL);
1543 radius : NULL);
1551 void radius_client_reconfig(struct radius_client_data *radius,
1554 if (radius)
1555 radius->conf = conf;
