[PATCH] hostapd: Force radius socket renewal on radius auth failures
Helmut Schaa
helmut.schaa
Wed Sep 16 05:04:56 PDT 2015
On radius auth/acct failures hostapd will try a new server if one
is available. Reuse the failover logic to force a socket renewal
if only one radius server is configured.
This fixes problems when a route for the RADIUS server gets
added after the socket was "connected". The radius socket is still
sending the RADIUS requests out using the previous route.
Signed-off-by: Helmut Schaa <helmut.schaa at googlemail.com>
---
src/radius/radius_client.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
index 693f61e..db7430d 100644
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@@ -476,10 +476,10 @@ static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
(long int) (first - now.sec));
}
- if (auth_failover && conf->num_auth_servers > 1)
+ if (auth_failover)
radius_client_auth_failover(radius);
- if (acct_failover && conf->num_acct_servers > 1)
+ if (acct_failover)
radius_client_acct_failover(radius);
}
@@ -1023,6 +1023,12 @@ radius_change_server(struct radius_client_data *radius,
hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)),
nserv->port);
+ if (oserv && oserv == nserv) {
+ /* Reconnect to same server, flush */
+ if (auth)
+ radius_client_flush(radius, 1);
+ }
+
if (oserv && oserv != nserv &&
(nserv->shared_secret_len != oserv->shared_secret_len ||
os_memcmp(nserv->shared_secret, oserv->shared_secret,
@@ -1125,6 +1131,14 @@ radius_change_server(struct radius_client_data *radius,
}
}
+ /* Force a reconnect by disconnecting the socket first */
+ struct sockaddr_in disconnect_addr = {
+ .sin_family = AF_UNSPEC,
+ };
+ if (connect(sel_sock, &disconnect_addr, sizeof(disconnect_addr)) < 0) {
+ wpa_printf(MSG_INFO, "disconnect[radius]: %s", strerror(errno));
+ }
+
if (connect(sel_sock, addr, addrlen) < 0) {
wpa_printf(MSG_INFO, "connect[radius]: %s", strerror(errno));
return -1;
--
1.8.4.5
More information about the Hostap
mailing list