Lines Matching full:radius
2 * RADIUS client
16 #include "radius.h"
19 /* Defaults for RADIUS retransmit values (exponential backoff) */
22 * RADIUS_CLIENT_FIRST_WAIT - RADIUS client timeout for first retry in seconds
27 * RADIUS_CLIENT_MAX_WAIT - RADIUS client maximum retry timeout in seconds
32 * RADIUS_CLIENT_MAX_FAILOVER - RADIUS client maximum retries
40 * RADIUS_CLIENT_MAX_ENTRIES - RADIUS client maximum pending messages
48 * RADIUS_CLIENT_NUM_FAILOVER - RADIUS client failover point
50 * The number of failed retry attempts after which the RADIUS server will be
57 * struct radius_rx_handler - RADIUS client RX handler
59 * This data structure is used internally inside the RADIUS client module to
61 * radius_client_register() and unregistered when the RADIUS client is
66 * handler - Received RADIUS message handler
82 * struct radius_msg_list - RADIUS client message retransmit list
84 * This data structure is used internally inside the RADIUS client module to
85 * store pending RADIUS requests that may still need to be retransmitted.
91 * This is used to find RADIUS messages for the same STA.
96 * msg - RADIUS message
136 * shared_secret - Shared secret with the target RADIUS server
155 * struct radius_client_data - Internal RADIUS client data
157 * This data structure is used internally inside the RADIUS client module.
160 * calls to other functions as an identifier for the RADIUS client instance.
169 * conf - RADIUS client configuration (list of RADIUS servers to use)
174 * auth_sock - Currently used socket for RADIUS authentication server
189 * acct_sock - Currently used socket for RADIUS accounting server
224 * msgs - Pending outgoing RADIUS messages
234 * next_radius_identifier - Next RADIUS message identifier to use
257 radius_change_server(struct radius_client_data *radius,
261 static int radius_client_init_acct(struct radius_client_data *radius);
262 static int radius_client_init_auth(struct radius_client_data *radius);
263 static void radius_client_auth_failover(struct radius_client_data *radius);
264 static void radius_client_acct_failover(struct radius_client_data *radius);
275 * radius_client_register - Register a RADIUS client RX handler
276 * @radius: RADIUS client context from radius_client_init()
277 * @msg_type: RADIUS client type (RADIUS_AUTH or RADIUS_ACCT)
278 * @handler: Handler for received RADIUS messages
282 * This function is used to register a handler for processing received RADIUS
284 * be called whenever a RADIUS message is received from the active server.
286 * There can be multiple registered RADIUS message handlers. The handlers will
290 int radius_client_register(struct radius_client_data *radius, in radius_client_register() argument
303 handlers = &radius->acct_handlers; in radius_client_register()
304 num = &radius->num_acct_handlers; in radius_client_register()
306 handlers = &radius->auth_handlers; in radius_client_register()
307 num = &radius->num_auth_handlers; in radius_client_register()
326 * @radius: RADIUS client context from radius_client_init()
334 void radius_client_set_interim_error_cb(struct radius_client_data *radius, in radius_client_set_interim_error_cb() argument
338 radius->interim_error_cb = cb; in radius_client_set_interim_error_cb()
339 radius->interim_error_cb_ctx = ctx; in radius_client_set_interim_error_cb()
347 static int radius_client_handle_send_error(struct radius_client_data *radius, in radius_client_handle_send_error() argument
352 wpa_printf(MSG_INFO, "send[RADIUS,s=%d]: %s", s, strerror(errno)); in radius_client_handle_send_error()
355 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_handle_send_error()
361 radius_client_init_acct(radius); in radius_client_handle_send_error()
364 radius_client_init_auth(radius); in radius_client_handle_send_error()
374 static int radius_client_retransmit(struct radius_client_data *radius, in radius_client_retransmit() argument
378 struct hostapd_radius_servers *conf = radius->conf; in radius_client_retransmit()
395 if (radius->acct_tls) in radius_client_retransmit()
396 conn = radius->acct_tls_conn; in radius_client_retransmit()
399 if (radius->acct_sock < 0) in radius_client_retransmit()
400 radius_client_init_acct(radius); in radius_client_retransmit()
401 if (radius->acct_sock < 0 && conf->num_acct_servers > 1) { in radius_client_retransmit()
402 prev_num_msgs = radius->num_msgs; in radius_client_retransmit()
403 radius_client_acct_failover(radius); in radius_client_retransmit()
404 if (prev_num_msgs != radius->num_msgs) in radius_client_retransmit()
407 s = radius->acct_sock; in radius_client_retransmit()
416 if (radius->auth_tls) in radius_client_retransmit()
417 conn = radius->auth_tls_conn; in radius_client_retransmit()
420 if (radius->auth_sock < 0) in radius_client_retransmit()
421 radius_client_init_auth(radius); in radius_client_retransmit()
422 if (radius->auth_sock < 0 && conf->num_auth_servers > 1) { in radius_client_retransmit()
423 prev_num_msgs = radius->num_msgs; in radius_client_retransmit()
424 radius_client_auth_failover(radius); in radius_client_retransmit()
425 if (prev_num_msgs != radius->num_msgs) in radius_client_retransmit()
428 s = radius->auth_sock; in radius_client_retransmit()
439 "RADIUS: Failed to transmit interim accounting update to " in radius_client_retransmit()
442 if (radius->interim_error_cb) in radius_client_retransmit()
443 radius->interim_error_cb(entry->addr, in radius_client_retransmit()
444 radius->interim_error_cb_ctx); in radius_client_retransmit()
450 "RADIUS: No valid socket for retransmission"); in radius_client_retransmit()
455 if ((acct && radius->acct_tls && !radius->acct_tls_ready) || in radius_client_retransmit()
456 (!acct && radius->auth_tls && !radius->auth_tls_ready)) { in radius_client_retransmit()
458 "RADIUS: TLS connection not yet ready for TX"); in radius_client_retransmit()
476 hdr->identifier = radius_client_get_id(radius); in radius_client_retransmit()
483 "RADIUS: Updated Acct-Delay-Time to %u for retransmission", in radius_client_retransmit()
487 wpa_printf(MSG_INFO, "Failed to build RADIUS message"); in radius_client_retransmit()
490 if (radius->conf->msg_dumps) in radius_client_retransmit()
498 "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts"); in radius_client_retransmit()
504 hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS, in radius_client_retransmit()
505 HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)", in radius_client_retransmit()
512 out = tls_connection_encrypt(radius->tls_ctx, conn, buf); in radius_client_retransmit()
515 "RADIUS: Failed to encrypt RADIUS message (TLS)"); in radius_client_retransmit()
519 "RADIUS: TLS encryption of %zu bytes of plaintext to %zu bytes of ciphertext", in radius_client_retransmit()
525 wpa_printf(MSG_DEBUG, "RADIUS: Send %zu bytes to the server", in radius_client_retransmit()
528 if (radius_client_handle_send_error(radius, s, entry->msg_type) in radius_client_retransmit()
553 struct radius_client_data *radius = eloop_ctx; in radius_client_timer() local
561 entry = radius->msgs; in radius_client_timer()
569 s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock : in radius_client_timer()
570 radius->acct_sock; in radius_client_timer()
584 radius_client_auth_failover(radius); in radius_client_timer()
587 radius_client_acct_failover(radius); in radius_client_timer()
589 entry = radius->msgs; in radius_client_timer()
594 prev_num_msgs = radius->num_msgs; in radius_client_timer()
596 radius_client_retransmit(radius, entry, now.sec)) { in radius_client_timer()
600 radius->msgs = entry->next; in radius_client_timer()
605 radius->num_msgs--; in radius_client_timer()
609 if (prev_num_msgs != radius->num_msgs) { in radius_client_timer()
611 "RADIUS: Message removed from queue - restart from beginning"); in radius_client_timer()
612 entry = radius->msgs; in radius_client_timer()
624 if (radius->msgs) { in radius_client_timer()
627 eloop_cancel_timeout(radius_client_timer, radius, NULL); in radius_client_timer()
629 radius_client_timer, radius, NULL); in radius_client_timer()
630 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_timer()
631 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client " in radius_client_timer()
638 static void radius_client_auth_failover(struct radius_client_data *radius) in radius_client_auth_failover() argument
640 struct hostapd_radius_servers *conf = radius->conf; in radius_client_auth_failover()
646 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_auth_failover()
652 for (entry = radius->msgs; entry; entry = entry->next) { in radius_client_auth_failover()
661 radius_change_server(radius, next, old, 1); in radius_client_auth_failover()
665 static void radius_client_acct_failover(struct radius_client_data *radius) in radius_client_acct_failover() argument
667 struct hostapd_radius_servers *conf = radius->conf; in radius_client_acct_failover()
673 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_acct_failover()
679 for (entry = radius->msgs; entry; entry = entry->next) { in radius_client_acct_failover()
689 radius_change_server(radius, next, old, 0); in radius_client_acct_failover()
693 static void radius_client_update_timeout(struct radius_client_data *radius) in radius_client_update_timeout() argument
699 eloop_cancel_timeout(radius_client_timer, radius, NULL); in radius_client_update_timeout()
701 if (radius->msgs == NULL) { in radius_client_update_timeout()
706 for (entry = radius->msgs; entry; entry = entry->next) { in radius_client_update_timeout()
714 eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius, in radius_client_update_timeout()
716 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_update_timeout()
717 HOSTAPD_LEVEL_DEBUG, "Next RADIUS client retransmit in" in radius_client_update_timeout()
722 static void radius_client_list_add(struct radius_client_data *radius, in radius_client_list_add() argument
739 wpa_printf(MSG_INFO, "RADIUS: Failed to add packet into retransmit list"); in radius_client_list_add()
758 entry->next = radius->msgs; in radius_client_list_add()
759 radius->msgs = entry; in radius_client_list_add()
760 radius_client_update_timeout(radius); in radius_client_list_add()
762 if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) { in radius_client_list_add()
763 wpa_printf(MSG_INFO, "RADIUS: Removing the oldest un-ACKed packet due to retransmit list limits"); in radius_client_list_add()
774 radius->num_msgs++; in radius_client_list_add()
787 wpa_printf(MSG_ERROR, "RADIUS: Failed to set IP_MTU_DISCOVER: %s", in radius_client_disable_pmtu_discovery()
794 static void radius_close_auth_socket(struct radius_client_data *radius) in radius_close_auth_socket() argument
796 if (radius->auth_sock >= 0) { in radius_close_auth_socket()
798 if (radius->conf->auth_server->tls) in radius_close_auth_socket()
799 eloop_unregister_sock(radius->auth_sock, in radius_close_auth_socket()
802 eloop_unregister_read_sock(radius->auth_sock); in radius_close_auth_socket()
803 close(radius->auth_sock); in radius_close_auth_socket()
804 radius->auth_sock = -1; in radius_close_auth_socket()
809 static void radius_close_acct_socket(struct radius_client_data *radius) in radius_close_acct_socket() argument
811 if (radius->acct_sock >= 0) { in radius_close_acct_socket()
813 if (radius->conf->acct_server->tls) in radius_close_acct_socket()
814 eloop_unregister_sock(radius->acct_sock, in radius_close_acct_socket()
817 eloop_unregister_read_sock(radius->acct_sock); in radius_close_acct_socket()
818 close(radius->acct_sock); in radius_close_acct_socket()
819 radius->acct_sock = -1; in radius_close_acct_socket()
825 * radius_client_send - Send a RADIUS request
826 * @radius: RADIUS client context from radius_client_init()
827 * @msg: RADIUS message to be sent
832 * This function is used to transmit a RADIUS authentication (RADIUS_AUTH) or
849 int radius_client_send(struct radius_client_data *radius, in radius_client_send() argument
853 struct hostapd_radius_servers *conf = radius->conf; in radius_client_send()
868 if (radius->acct_tls) in radius_client_send()
869 conn = radius->acct_tls_conn; in radius_client_send()
871 if (conf->acct_server && radius->acct_sock < 0) in radius_client_send()
872 radius_client_init_acct(radius); in radius_client_send()
874 if (conf->acct_server == NULL || radius->acct_sock < 0 || in radius_client_send()
876 hostapd_logger(radius->ctx, NULL, in radius_client_send()
886 hostapd_logger(radius->ctx, NULL, in radius_client_send()
889 "Failed to build RADIUS accounting message"); in radius_client_send()
893 s = radius->acct_sock; in radius_client_send()
897 if (radius->auth_tls) in radius_client_send()
898 conn = radius->auth_tls_conn; in radius_client_send()
900 if (conf->auth_server && radius->auth_sock < 0) in radius_client_send()
901 radius_client_init_auth(radius); in radius_client_send()
903 if (conf->auth_server == NULL || radius->auth_sock < 0 || in radius_client_send()
905 hostapd_logger(radius->ctx, NULL, in radius_client_send()
915 hostapd_logger(radius->ctx, NULL, in radius_client_send()
918 "Failed to build RADIUS authentication message"); in radius_client_send()
922 s = radius->auth_sock; in radius_client_send()
926 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_send()
927 HOSTAPD_LEVEL_DEBUG, "Sending RADIUS message to %s " in radius_client_send()
933 if ((acct && radius->acct_tls && !radius->acct_tls_ready) || in radius_client_send()
934 (!acct && radius->auth_tls && !radius->auth_tls_ready)) { in radius_client_send()
936 "RADIUS: TLS connection not yet ready for TX"); in radius_client_send()
944 out = tls_connection_encrypt(radius->tls_ctx, conn, buf); in radius_client_send()
947 "RADIUS: Failed to encrypt RADIUS message (TLS)"); in radius_client_send()
951 "RADIUS: TLS encryption of %zu bytes of plaintext to %zu bytes of ciphertext", in radius_client_send()
956 wpa_printf(MSG_DEBUG, "RADIUS: Send %zu bytes to the server", in radius_client_send()
963 radius_client_handle_send_error(radius, s, msg_type); in radius_client_send()
968 radius_client_list_add(radius, msg, msg_type, shared_secret, in radius_client_send()
977 static void radius_client_close_tcp(struct radius_client_data *radius, in radius_client_close_tcp() argument
980 wpa_printf(MSG_DEBUG, "RADIUS: Closing TCP connection (sock %d)", in radius_client_close_tcp()
983 radius->acct_tls_ready = false; in radius_client_close_tcp()
984 radius_close_acct_socket(radius); in radius_client_close_tcp()
986 radius->auth_tls_ready = false; in radius_client_close_tcp()
987 radius_close_auth_socket(radius); in radius_client_close_tcp()
993 radius_client_process_tls_handshake(struct radius_client_data *radius, in radius_client_process_tls_handshake() argument
1003 "RADIUS: Process %zu bytes of received TLS handshake message", in radius_client_process_tls_handshake()
1007 conn = radius->acct_tls_conn; in radius_client_process_tls_handshake()
1009 conn = radius->auth_tls_conn; in radius_client_process_tls_handshake()
1016 out = tls_connection_handshake(radius->tls_ctx, conn, in, &appl); in radius_client_process_tls_handshake()
1020 "RADIUS: Could not generate TLS handshake data"); in radius_client_process_tls_handshake()
1024 if (tls_connection_get_failed(radius->tls_ctx, conn)) { in radius_client_process_tls_handshake()
1025 wpa_printf(MSG_INFO, "RADIUS: TLS handshake failed"); in radius_client_process_tls_handshake()
1029 if (tls_connection_established(radius->tls_ctx, conn)) { in radius_client_process_tls_handshake()
1031 "RADIUS: TLS connection established (sock=%d)", in radius_client_process_tls_handshake()
1034 radius->acct_tls_ready = true; in radius_client_process_tls_handshake()
1036 radius->auth_tls_ready = true; in radius_client_process_tls_handshake()
1040 wpa_printf(MSG_DEBUG, "RADIUS: Sending %zu bytes of TLS handshake", in radius_client_process_tls_handshake()
1044 wpa_printf(MSG_INFO, "RADIUS: send: %s", strerror(errno)); in radius_client_process_tls_handshake()
1049 "RADIUS: Could not send all data for TLS handshake: only %d bytes sent", in radius_client_process_tls_handshake()
1064 entry = radius->msgs; in radius_client_process_tls_handshake()
1073 if (radius_client_retransmit(radius, entry, now.sec)) { in radius_client_process_tls_handshake()
1077 radius->msgs = entry->next; in radius_client_process_tls_handshake()
1082 radius->num_msgs--; in radius_client_process_tls_handshake()
1095 tls_connection_deinit(radius->tls_ctx, conn); in radius_client_process_tls_handshake()
1097 radius->acct_tls_conn = NULL; in radius_client_process_tls_handshake()
1099 radius->auth_tls_conn = NULL; in radius_client_process_tls_handshake()
1100 radius_client_close_tcp(radius, sock, msg_type); in radius_client_process_tls_handshake()
1108 struct radius_client_data *radius = eloop_ctx; in radius_client_receive() local
1109 struct hostapd_radius_servers *conf = radius->conf; in radius_client_receive()
1130 if (radius->acct_tls) in radius_client_receive()
1131 conn = radius->acct_tls_conn; in radius_client_receive()
1132 tls = radius->acct_tls; in radius_client_receive()
1133 tls_ready = radius->acct_tls_ready; in radius_client_receive()
1135 handlers = radius->acct_handlers; in radius_client_receive()
1136 num_handlers = radius->num_acct_handlers; in radius_client_receive()
1140 if (radius->auth_tls) in radius_client_receive()
1141 conn = radius->auth_tls_conn; in radius_client_receive()
1142 tls = radius->auth_tls; in radius_client_receive()
1143 tls_ready = radius->auth_tls_ready; in radius_client_receive()
1145 handlers = radius->auth_handlers; in radius_client_receive()
1146 num_handlers = radius->num_auth_handlers; in radius_client_receive()
1157 wpa_printf(MSG_INFO, "recvmsg[RADIUS]: %s", strerror(errno)); in radius_client_receive()
1162 wpa_printf(MSG_DEBUG, "RADIUS: No TCP data available"); in radius_client_receive()
1167 radius_client_process_tls_handshake(radius, sock, msg_type, in radius_client_receive()
1179 "RADIUS: Process %d bytes of encrypted TLS data", in radius_client_receive()
1181 out = tls_connection_decrypt(radius->tls_ctx, conn, in); in radius_client_receive()
1185 "RADIUS: Failed to decrypt TLS data"); in radius_client_receive()
1190 "RADIUS: Full message not yet received - continue waiting for additional TLS data"); in radius_client_receive()
1196 "RADIUS: Too long RADIUS message from TLS: %zu", in radius_client_receive()
1207 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_receive()
1208 HOSTAPD_LEVEL_DEBUG, "Received %d bytes from RADIUS " in radius_client_receive()
1212 wpa_printf(MSG_INFO, "RADIUS: Possibly too long UDP frame for our buffer - dropping it"); in radius_client_receive()
1218 wpa_printf(MSG_INFO, "RADIUS: Parsing incoming frame failed"); in radius_client_receive()
1224 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_receive()
1225 HOSTAPD_LEVEL_DEBUG, "Received RADIUS message"); in radius_client_receive()
1244 req = radius->msgs; in radius_client_receive()
1247 * alternative RADIUS servers (?) */ in radius_client_receive()
1259 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_client_receive()
1261 "No matching RADIUS request found (type=%d " in radius_client_receive()
1270 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS, in radius_client_receive()
1272 "Received RADIUS packet matched with a pending " in radius_client_receive()
1287 /* Remove ACKed RADIUS packet from retransmit list */ in radius_client_receive()
1289 for (r = radius->msgs; r; r = r->next) { in radius_client_receive()
1297 radius->msgs = req->next; in radius_client_receive()
1298 radius->num_msgs--; in radius_client_receive()
1315 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS, in radius_client_receive()
1316 HOSTAPD_LEVEL_DEBUG, "No RADIUS RX handler found " in radius_client_receive()
1328 radius_client_close_tcp(radius, sock, msg_type); in radius_client_receive()
1336 struct radius_client_data *radius = eloop_ctx; in radius_client_write_ready() local
1344 wpa_printf(MSG_DEBUG, "RADIUS: TCP connection established - start TLS handshake (sock=%d)", in radius_client_write_ready()
1349 eloop_register_read_sock(sock, radius_client_receive, radius, in radius_client_write_ready()
1351 if (radius->acct_tls_conn) { in radius_client_write_ready()
1353 "RADIUS: Deinit previously used TLS connection"); in radius_client_write_ready()
1354 tls_connection_deinit(radius->tls_ctx, in radius_client_write_ready()
1355 radius->acct_tls_conn); in radius_client_write_ready()
1356 radius->acct_tls_conn = NULL; in radius_client_write_ready()
1358 server = radius->conf->acct_server; in radius_client_write_ready()
1361 eloop_register_read_sock(sock, radius_client_receive, radius, in radius_client_write_ready()
1363 if (radius->auth_tls_conn) { in radius_client_write_ready()
1365 "RADIUS: Deinit previously used TLS connection"); in radius_client_write_ready()
1366 tls_connection_deinit(radius->tls_ctx, in radius_client_write_ready()
1367 radius->auth_tls_conn); in radius_client_write_ready()
1368 radius->auth_tls_conn = NULL; in radius_client_write_ready()
1370 server = radius->conf->auth_server; in radius_client_write_ready()
1376 conn = tls_connection_init(radius->tls_ctx); in radius_client_write_ready()
1379 "RADIUS: Failed to initiate TLS connection"); in radius_client_write_ready()
1389 if (tls_connection_set_params(radius->tls_ctx, conn, ¶ms)) { in radius_client_write_ready()
1391 "RADIUS: Failed to set TLS connection parameters"); in radius_client_write_ready()
1397 out = tls_connection_handshake(radius->tls_ctx, conn, in, &appl); in radius_client_write_ready()
1400 "RADIUS: Could not generate TLS handshake data"); in radius_client_write_ready()
1404 if (tls_connection_get_failed(radius->tls_ctx, conn)) { in radius_client_write_ready()
1405 wpa_printf(MSG_INFO, "RADIUS: TLS handshake failed"); in radius_client_write_ready()
1409 wpa_printf(MSG_DEBUG, "RADIUS: Sending %zu bytes of TLS handshake", in radius_client_write_ready()
1413 wpa_printf(MSG_INFO, "RADIUS: send: %s", strerror(errno)); in radius_client_write_ready()
1418 "RADIUS: Could not send all data for TLS handshake: only %d bytes sent", in radius_client_write_ready()
1425 radius->acct_tls_conn = conn; in radius_client_write_ready()
1427 radius->auth_tls_conn = conn; in radius_client_write_ready()
1431 wpa_printf(MSG_INFO, "RADIUS: Failed to perform TLS handshake"); in radius_client_write_ready()
1432 tls_connection_deinit(radius->tls_ctx, conn); in radius_client_write_ready()
1434 radius_client_close_tcp(radius, sock, msg_type); in radius_client_write_ready()
1440 * radius_client_get_id - Get an identifier for a new RADIUS message
1441 * @radius: RADIUS client context from radius_client_init()
1445 * for a new RADIUS message.
1447 u8 radius_client_get_id(struct radius_client_data *radius) in radius_client_get_id() argument
1450 u8 id = radius->next_radius_identifier++; in radius_client_get_id()
1453 * using new reply from the RADIUS server with an old request */ in radius_client_get_id()
1454 entry = radius->msgs; in radius_client_get_id()
1458 hostapd_logger(radius->ctx, entry->addr, in radius_client_get_id()
1461 "Removing pending RADIUS message, " in radius_client_get_id()
1466 radius->msgs = entry->next; in radius_client_get_id()
1483 * radius_client_flush - Flush all pending RADIUS client messages
1484 * @radius: RADIUS client context from radius_client_init()
1487 void radius_client_flush(struct radius_client_data *radius, int only_auth) in radius_client_flush() argument
1491 if (!radius) in radius_client_flush()
1495 entry = radius->msgs; in radius_client_flush()
1502 radius->msgs = entry->next; in radius_client_flush()
1507 radius->num_msgs--; in radius_client_flush()
1514 if (radius->msgs == NULL) in radius_client_flush()
1515 eloop_cancel_timeout(radius_client_timer, radius, NULL); in radius_client_flush()
1519 static void radius_client_update_acct_msgs(struct radius_client_data *radius, in radius_client_update_acct_msgs() argument
1525 if (!radius) in radius_client_update_acct_msgs()
1528 for (entry = radius->msgs; entry; entry = entry->next) { in radius_client_update_acct_msgs()
1535 "RADIUS: Failed to update accounting message"); in radius_client_update_acct_msgs()
1542 radius_change_server(struct radius_client_data *radius, in radius_change_server() argument
1556 struct hostapd_radius_servers *conf = radius->conf; in radius_change_server()
1564 wpa_printf(MSG_ERROR, "RADIUS: TLS not supported"); in radius_change_server()
1569 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, in radius_change_server()
1579 radius_client_flush(radius, 1); in radius_change_server()
1586 /* Pending RADIUS packets used different shared secret, so in radius_change_server()
1589 * since they would require more changes and the new RADIUS in radius_change_server()
1594 radius_client_flush(radius, 1); in radius_change_server()
1597 radius, nserv->shared_secret, in radius_change_server()
1603 for (entry = radius->msgs; oserv && entry; entry = entry->next) { in radius_change_server()
1612 if (radius->msgs) { in radius_change_server()
1613 eloop_cancel_timeout(radius_client_timer, radius, NULL); in radius_change_server()
1615 radius_client_timer, radius, NULL); in radius_change_server()
1648 "RADIUS: Failed to open server socket (af=%d auth=%d)", in radius_change_server()
1655 wpa_printf(MSG_DEBUG, "RADIUS: fnctl(O_NONBLOCK) failed: %s", in radius_change_server()
1668 "RADIUS: setsockopt[SO_BINDTODEVICE]: %s", in radius_change_server()
1674 "RADIUS: Bound client socket to device: %s", in radius_change_server()
1707 wpa_printf(MSG_INFO, "bind[radius]: %s", in radius_change_server()
1717 "RADIUS: TCP connection establishment in progress (sock %d)", in radius_change_server()
1720 wpa_printf(MSG_INFO, "connect[radius]: %s", in radius_change_server()
1733 wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u", in radius_change_server()
1743 wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u", in radius_change_server()
1755 radius_close_auth_socket(radius); in radius_change_server()
1756 radius->auth_sock = sel_sock; in radius_change_server()
1758 radius_close_acct_socket(radius); in radius_change_server()
1759 radius->acct_sock = sel_sock; in radius_change_server()
1764 radius, in radius_change_server()
1770 radius_client_write_ready, radius, in radius_change_server()
1776 radius->auth_tls = nserv->tls; in radius_change_server()
1777 radius->auth_tls_ready = false; in radius_change_server()
1779 radius->acct_tls = nserv->tls; in radius_change_server()
1780 radius->acct_tls_ready = false; in radius_change_server()
1789 struct radius_client_data *radius = eloop_ctx; in radius_retry_primary_timer() local
1790 struct hostapd_radius_servers *conf = radius->conf; in radius_retry_primary_timer()
1793 if (radius->auth_sock >= 0 && conf->auth_servers && in radius_retry_primary_timer()
1797 if (radius_change_server(radius, conf->auth_server, oserv, in radius_retry_primary_timer()
1800 radius_change_server(radius, oserv, conf->auth_server, in radius_retry_primary_timer()
1805 if (radius->acct_sock >= 0 && conf->acct_servers && in radius_retry_primary_timer()
1809 if (radius_change_server(radius, conf->acct_server, oserv, in radius_retry_primary_timer()
1812 radius_change_server(radius, oserv, conf->acct_server, in radius_retry_primary_timer()
1819 radius_retry_primary_timer, radius, in radius_retry_primary_timer()
1824 static int radius_client_init_auth(struct radius_client_data *radius) in radius_client_init_auth() argument
1826 radius_close_auth_socket(radius); in radius_client_init_auth()
1827 return radius_change_server(radius, radius->conf->auth_server, NULL, 1); in radius_client_init_auth()
1831 static int radius_client_init_acct(struct radius_client_data *radius) in radius_client_init_acct() argument
1833 radius_close_acct_socket(radius); in radius_client_init_acct()
1834 return radius_change_server(radius, radius->conf->acct_server, NULL, 0); in radius_client_init_acct()
1842 wpa_printf(MSG_DEBUG, "RADIUS: TLS event %d", ev); in radius_tls_event_cb()
1848 * radius_client_init - Initialize RADIUS client
1850 * @conf: RADIUS client configuration (RADIUS servers)
1851 * Returns: Pointer to private RADIUS client context or %NULL on failure
1854 * the lifetime of the RADIUS client, i.e., until radius_client_deinit() is
1860 struct radius_client_data *radius; in radius_client_init() local
1862 radius = os_zalloc(sizeof(struct radius_client_data)); in radius_client_init()
1863 if (radius == NULL) in radius_client_init()
1866 radius->ctx = ctx; in radius_client_init()
1867 radius->conf = conf; in radius_client_init()
1868 radius->auth_sock = radius->acct_sock = -1; in radius_client_init()
1870 if (conf->auth_server && radius_client_init_auth(radius) == -1) { in radius_client_init()
1871 radius_client_deinit(radius); in radius_client_init()
1875 if (conf->acct_server && radius_client_init_acct(radius) == -1) { in radius_client_init()
1876 radius_client_deinit(radius); in radius_client_init()
1882 radius_retry_primary_timer, radius, in radius_client_init()
1892 radius->tls_ctx = tls_init(&tls_conf); in radius_client_init()
1893 if (!radius->tls_ctx) { in radius_client_init()
1894 radius_client_deinit(radius); in radius_client_init()
1901 return radius; in radius_client_init()
1906 * radius_client_deinit - Deinitialize RADIUS client
1907 * @radius: RADIUS client context from radius_client_init()
1909 void radius_client_deinit(struct radius_client_data *radius) in radius_client_deinit() argument
1911 if (!radius) in radius_client_deinit()
1914 radius_close_auth_socket(radius); in radius_client_deinit()
1915 radius_close_acct_socket(radius); in radius_client_deinit()
1917 eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL); in radius_client_deinit()
1919 radius_client_flush(radius, 0); in radius_client_deinit()
1920 os_free(radius->auth_handlers); in radius_client_deinit()
1921 os_free(radius->acct_handlers); in radius_client_deinit()
1923 if (radius->tls_ctx) { in radius_client_deinit()
1924 tls_connection_deinit(radius->tls_ctx, radius->auth_tls_conn); in radius_client_deinit()
1925 tls_connection_deinit(radius->tls_ctx, radius->acct_tls_conn); in radius_client_deinit()
1926 tls_deinit(radius->tls_ctx); in radius_client_deinit()
1929 os_free(radius); in radius_client_deinit()
1934 * radius_client_flush_auth - Flush pending RADIUS messages for an address
1935 * @radius: RADIUS client context from radius_client_init()
1938 * This function can be used to remove pending RADIUS authentication messages
1943 void radius_client_flush_auth(struct radius_client_data *radius, in radius_client_flush_auth() argument
1949 entry = radius->msgs; in radius_client_flush_auth()
1953 hostapd_logger(radius->ctx, addr, in radius_client_flush_auth()
1956 "Removing pending RADIUS authentication" in radius_client_flush_auth()
1962 radius->msgs = entry->next; in radius_client_flush_auth()
1967 radius->num_msgs--; in radius_client_flush_auth()
2073 * radius_client_get_mib - Get RADIUS client MIB information
2074 * @radius: RADIUS client context from radius_client_init()
2079 int radius_client_get_mib(struct radius_client_data *radius, char *buf, in radius_client_get_mib() argument
2087 if (!radius) in radius_client_get_mib()
2090 conf = radius->conf; in radius_client_get_mib()
2098 radius : NULL); in radius_client_get_mib()
2108 radius : NULL); in radius_client_get_mib()
2116 void radius_client_reconfig(struct radius_client_data *radius, in radius_client_reconfig() argument
2119 if (radius) in radius_client_reconfig()
2120 radius->conf = conf; in radius_client_reconfig()