Lines Matching defs:radius
16 #include "radius.h"
257 radius_change_server(struct radius_client_data *radius,
261 static int radius_client_init_acct(struct radius_client_data *radius);
262 static int radius_client_init_auth(struct radius_client_data *radius);
263 static void radius_client_auth_failover(struct radius_client_data *radius);
264 static void radius_client_acct_failover(struct radius_client_data *radius);
276 * @radius: RADIUS client context from radius_client_init()
290 int radius_client_register(struct radius_client_data *radius,
303 handlers = &radius->acct_handlers;
304 num = &radius->num_acct_handlers;
306 handlers = &radius->auth_handlers;
307 num = &radius->num_auth_handlers;
326 * @radius: RADIUS client context from radius_client_init()
334 void radius_client_set_interim_error_cb(struct radius_client_data *radius,
338 radius->interim_error_cb = cb;
339 radius->interim_error_cb_ctx = ctx;
347 static int radius_client_handle_send_error(struct radius_client_data *radius,
355 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
361 radius_client_init_acct(radius);
364 radius_client_init_auth(radius);
374 static int radius_client_retransmit(struct radius_client_data *radius,
378 struct hostapd_radius_servers *conf = radius->conf;
395 if (radius->acct_tls)
396 conn = radius->acct_tls_conn;
399 if (radius->acct_sock < 0)
400 radius_client_init_acct(radius);
401 if (radius->acct_sock < 0 && conf->num_acct_servers > 1) {
402 prev_num_msgs = radius->num_msgs;
403 radius_client_acct_failover(radius);
404 if (prev_num_msgs != radius->num_msgs)
407 s = radius->acct_sock;
416 if (radius->auth_tls)
417 conn = radius->auth_tls_conn;
420 if (radius->auth_sock < 0)
421 radius_client_init_auth(radius);
422 if (radius->auth_sock < 0 && conf->num_auth_servers > 1) {
423 prev_num_msgs = radius->num_msgs;
424 radius_client_auth_failover(radius);
425 if (prev_num_msgs != radius->num_msgs)
428 s = radius->auth_sock;
442 if (radius->interim_error_cb)
443 radius->interim_error_cb(entry->addr,
444 radius->interim_error_cb_ctx);
455 if ((acct && radius->acct_tls && !radius->acct_tls_ready) ||
456 (!acct && radius->auth_tls && !radius->auth_tls_ready)) {
476 hdr->identifier = radius_client_get_id(radius);
487 if (radius->conf->msg_dumps)
501 hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
509 out = tls_connection_encrypt(radius->tls_ctx, conn, buf);
525 if (radius_client_handle_send_error(radius, s, entry->msg_type)
550 struct radius_client_data *radius = eloop_ctx;
558 entry = radius->msgs;
566 s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock :
567 radius->acct_sock;
581 radius_client_auth_failover(radius);
584 radius_client_acct_failover(radius);
586 entry = radius->msgs;
591 prev_num_msgs = radius->num_msgs;
593 radius_client_retransmit(radius, entry, now.sec)) {
597 radius->msgs = entry->next;
602 radius->num_msgs--;
606 if (prev_num_msgs != radius->num_msgs) {
609 entry = radius->msgs;
621 if (radius->msgs) {
624 eloop_cancel_timeout(radius_client_timer, radius, NULL);
626 radius_client_timer, radius, NULL);
627 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
635 static void radius_client_auth_failover(struct radius_client_data *radius)
637 struct hostapd_radius_servers *conf = radius->conf;
643 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
649 for (entry = radius->msgs; entry; entry = entry->next) {
658 radius_change_server(radius, next, old, 1);
662 static void radius_client_acct_failover(struct radius_client_data *radius)
664 struct hostapd_radius_servers *conf = radius->conf;
670 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
676 for (entry = radius->msgs; entry; entry = entry->next) {
686 radius_change_server(radius, next, old, 0);
690 static void radius_client_update_timeout(struct radius_client_data *radius)
696 eloop_cancel_timeout(radius_client_timer, radius, NULL);
698 if (radius->msgs == NULL) {
703 for (entry = radius->msgs; entry; entry = entry->next) {
711 eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius,
713 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
719 static void radius_client_list_add(struct radius_client_data *radius,
755 entry->next = radius->msgs;
756 radius->msgs = entry;
757 radius_client_update_timeout(radius);
759 if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) {
771 radius->num_msgs++;
791 static void radius_close_auth_socket(struct radius_client_data *radius)
793 if (radius->auth_sock >= 0) {
795 if (radius->conf->auth_server->tls)
796 eloop_unregister_sock(radius->auth_sock,
799 eloop_unregister_read_sock(radius->auth_sock);
800 close(radius->auth_sock);
801 radius->auth_sock = -1;
806 static void radius_close_acct_socket(struct radius_client_data *radius)
808 if (radius->acct_sock >= 0) {
810 if (radius->conf->acct_server->tls)
811 eloop_unregister_sock(radius->acct_sock,
814 eloop_unregister_read_sock(radius->acct_sock);
815 close(radius->acct_sock);
816 radius->acct_sock = -1;
823 * @radius: RADIUS client context from radius_client_init()
846 int radius_client_send(struct radius_client_data *radius,
850 struct hostapd_radius_servers *conf = radius->conf;
865 if (radius->acct_tls)
866 conn = radius->acct_tls_conn;
868 if (conf->acct_server && radius->acct_sock < 0)
869 radius_client_init_acct(radius);
871 if (conf->acct_server == NULL || radius->acct_sock < 0 ||
873 hostapd_logger(radius->ctx, NULL,
883 s = radius->acct_sock;
887 if (radius->auth_tls)
888 conn = radius->auth_tls_conn;
890 if (conf->auth_server && radius->auth_sock < 0)
891 radius_client_init_auth(radius);
893 if (conf->auth_server == NULL || radius->auth_sock < 0 ||
895 hostapd_logger(radius->ctx, NULL,
905 s = radius->auth_sock;
909 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
916 if ((acct && radius->acct_tls && !radius->acct_tls_ready) ||
917 (!acct && radius->auth_tls && !radius->auth_tls_ready)) {
927 out = tls_connection_encrypt(radius->tls_ctx, conn, buf);
946 radius_client_handle_send_error(radius, s, msg_type);
951 radius_client_list_add(radius, msg, msg_type, shared_secret,
960 static void radius_client_close_tcp(struct radius_client_data *radius,
966 radius->acct_tls_ready = false;
967 radius_close_acct_socket(radius);
969 radius->auth_tls_ready = false;
970 radius_close_auth_socket(radius);
976 radius_client_process_tls_handshake(struct radius_client_data *radius,
990 conn = radius->acct_tls_conn;
992 conn = radius->auth_tls_conn;
999 out = tls_connection_handshake(radius->tls_ctx, conn, in, &appl);
1007 if (tls_connection_get_failed(radius->tls_ctx, conn)) {
1012 if (tls_connection_established(radius->tls_ctx, conn)) {
1017 radius->acct_tls_ready = true;
1019 radius->auth_tls_ready = true;
1047 entry = radius->msgs;
1056 if (radius_client_retransmit(radius, entry, now.sec)) {
1060 radius->msgs = entry->next;
1065 radius->num_msgs--;
1078 tls_connection_deinit(radius->tls_ctx, conn);
1080 radius->acct_tls_conn = NULL;
1082 radius->auth_tls_conn = NULL;
1083 radius_client_close_tcp(radius, sock, msg_type);
1091 struct radius_client_data *radius = eloop_ctx;
1092 struct hostapd_radius_servers *conf = radius->conf;
1113 if (radius->acct_tls)
1114 conn = radius->acct_tls_conn;
1115 tls = radius->acct_tls;
1116 tls_ready = radius->acct_tls_ready;
1118 handlers = radius->acct_handlers;
1119 num_handlers = radius->num_acct_handlers;
1123 if (radius->auth_tls)
1124 conn = radius->auth_tls_conn;
1125 tls = radius->auth_tls;
1126 tls_ready = radius->auth_tls_ready;
1128 handlers = radius->auth_handlers;
1129 num_handlers = radius->num_auth_handlers;
1150 radius_client_process_tls_handshake(radius, sock, msg_type,
1164 out = tls_connection_decrypt(radius->tls_ctx, conn, in);
1190 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
1207 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
1228 req = radius->msgs;
1244 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
1255 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
1266 radius->msgs = req->next;
1267 radius->num_msgs--;
1294 hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
1308 radius_client_close_tcp(radius, sock, msg_type);
1316 struct radius_client_data *radius = eloop_ctx;
1329 eloop_register_read_sock(sock, radius_client_receive, radius,
1331 if (radius->acct_tls_conn) {
1334 tls_connection_deinit(radius->tls_ctx,
1335 radius->acct_tls_conn);
1336 radius->acct_tls_conn = NULL;
1338 server = radius->conf->acct_server;
1341 eloop_register_read_sock(sock, radius_client_receive, radius,
1343 if (radius->auth_tls_conn) {
1346 tls_connection_deinit(radius->tls_ctx,
1347 radius->auth_tls_conn);
1348 radius->auth_tls_conn = NULL;
1350 server = radius->conf->auth_server;
1356 conn = tls_connection_init(radius->tls_ctx);
1369 if (tls_connection_set_params(radius->tls_ctx, conn, ¶ms)) {
1377 out = tls_connection_handshake(radius->tls_ctx, conn, in, &appl);
1384 if (tls_connection_get_failed(radius->tls_ctx, conn)) {
1405 radius->acct_tls_conn = conn;
1407 radius->auth_tls_conn = conn;
1412 tls_connection_deinit(radius->tls_ctx, conn);
1414 radius_client_close_tcp(radius, sock, msg_type);
1421 * @radius: RADIUS client context from radius_client_init()
1427 u8 radius_client_get_id(struct radius_client_data *radius)
1430 u8 id = radius->next_radius_identifier++;
1434 entry = radius->msgs;
1438 hostapd_logger(radius->ctx, entry->addr,
1446 radius->msgs = entry->next;
1464 * @radius: RADIUS client context from radius_client_init()
1467 void radius_client_flush(struct radius_client_data *radius, int only_auth)
1471 if (!radius)
1475 entry = radius->msgs;
1482 radius->msgs = entry->next;
1487 radius->num_msgs--;
1494 if (radius->msgs == NULL)
1495 eloop_cancel_timeout(radius_client_timer, radius, NULL);
1499 static void radius_client_update_acct_msgs(struct radius_client_data *radius,
1505 if (!radius)
1508 for (entry = radius->msgs; entry; entry = entry->next) {
1520 radius_change_server(struct radius_client_data *radius,
1534 struct hostapd_radius_servers *conf = radius->conf;
1547 hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
1557 radius_client_flush(radius, 1);
1572 radius_client_flush(radius, 1);
1575 radius, nserv->shared_secret,
1581 for (entry = radius->msgs; oserv && entry; entry = entry->next) {
1590 if (radius->msgs) {
1591 eloop_cancel_timeout(radius_client_timer, radius, NULL);
1593 radius_client_timer, radius, NULL);
1685 wpa_printf(MSG_INFO, "bind[radius]: %s",
1698 wpa_printf(MSG_INFO, "connect[radius]: %s",
1733 radius_close_auth_socket(radius);
1734 radius->auth_sock = sel_sock;
1736 radius_close_acct_socket(radius);
1737 radius->acct_sock = sel_sock;
1742 radius,
1748 radius_client_write_ready, radius,
1754 radius->auth_tls = nserv->tls;
1755 radius->auth_tls_ready = false;
1757 radius->acct_tls = nserv->tls;
1758 radius->acct_tls_ready = false;
1767 struct radius_client_data *radius = eloop_ctx;
1768 struct hostapd_radius_servers *conf = radius->conf;
1771 if (radius->auth_sock >= 0 && conf->auth_servers &&
1775 if (radius_change_server(radius, conf->auth_server, oserv,
1778 radius_change_server(radius, oserv, conf->auth_server,
1783 if (radius->acct_sock >= 0 && conf->acct_servers &&
1787 if (radius_change_server(radius, conf->acct_server, oserv,
1790 radius_change_server(radius, oserv, conf->acct_server,
1797 radius_retry_primary_timer, radius,
1802 static int radius_client_init_auth(struct radius_client_data *radius)
1804 radius_close_auth_socket(radius);
1805 return radius_change_server(radius, radius->conf->auth_server, NULL, 1);
1809 static int radius_client_init_acct(struct radius_client_data *radius)
1811 radius_close_acct_socket(radius);
1812 return radius_change_server(radius, radius->conf->acct_server, NULL, 0);
1838 struct radius_client_data *radius;
1840 radius = os_zalloc(sizeof(struct radius_client_data));
1841 if (radius == NULL)
1844 radius->ctx = ctx;
1845 radius->conf = conf;
1846 radius->auth_sock = radius->acct_sock = -1;
1848 if (conf->auth_server && radius_client_init_auth(radius) == -1) {
1849 radius_client_deinit(radius);
1853 if (conf->acct_server && radius_client_init_acct(radius) == -1) {
1854 radius_client_deinit(radius);
1860 radius_retry_primary_timer, radius,
1870 radius->tls_ctx = tls_init(&tls_conf);
1871 if (!radius->tls_ctx) {
1872 radius_client_deinit(radius);
1879 return radius;
1885 * @radius: RADIUS client context from radius_client_init()
1887 void radius_client_deinit(struct radius_client_data *radius)
1889 if (!radius)
1892 radius_close_auth_socket(radius);
1893 radius_close_acct_socket(radius);
1895 eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL);
1897 radius_client_flush(radius, 0);
1898 os_free(radius->auth_handlers);
1899 os_free(radius->acct_handlers);
1901 if (radius->tls_ctx) {
1902 tls_connection_deinit(radius->tls_ctx, radius->auth_tls_conn);
1903 tls_connection_deinit(radius->tls_ctx, radius->acct_tls_conn);
1904 tls_deinit(radius->tls_ctx);
1907 os_free(radius);
1913 * @radius: RADIUS client context from radius_client_init()
1921 void radius_client_flush_auth(struct radius_client_data *radius,
1927 entry = radius->msgs;
1931 hostapd_logger(radius->ctx, addr,
1940 radius->msgs = entry->next;
1945 radius->num_msgs--;
2052 * @radius: RADIUS client context from radius_client_init()
2057 int radius_client_get_mib(struct radius_client_data *radius, char *buf,
2065 if (!radius)
2068 conf = radius->conf;
2076 radius : NULL);
2086 radius : NULL);
2094 void radius_client_reconfig(struct radius_client_data *radius,
2097 if (radius)
2098 radius->conf = conf;