[PATCH] hostapd: Force radius socket renewal on radius auth failures

Helmut Schaa helmut.schaa
Wed Sep 16 05:04:56 PDT 2015


On radius auth/acct failures hostapd will try a new server if one
is available. Reuse the failover logic to force a socket renewal
if only one radius server is configured.

This fixes problems when a route for the RADIUS server gets
added after the socket was "connected". The radius socket is still
sending the RADIUS requests out using the previous route.

Signed-off-by: Helmut Schaa <helmut.schaa at googlemail.com>
---
 src/radius/radius_client.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
index 693f61e..db7430d 100644
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@@ -476,10 +476,10 @@ static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
 			       (long int) (first - now.sec));
 	}
 
-	if (auth_failover && conf->num_auth_servers > 1)
+	if (auth_failover)
 		radius_client_auth_failover(radius);
 
-	if (acct_failover && conf->num_acct_servers > 1)
+	if (acct_failover)
 		radius_client_acct_failover(radius);
 }
 
@@ -1023,6 +1023,12 @@ radius_change_server(struct radius_client_data *radius,
 		       hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)),
 		       nserv->port);
 
+	if (oserv && oserv == nserv) {
+		/* Reconnect to same server, flush */
+		if (auth)
+			radius_client_flush(radius, 1);
+	}
+
 	if (oserv && oserv != nserv &&
 	    (nserv->shared_secret_len != oserv->shared_secret_len ||
 	     os_memcmp(nserv->shared_secret, oserv->shared_secret,
@@ -1125,6 +1131,14 @@ radius_change_server(struct radius_client_data *radius,
 		}
 	}
 
+	/* Force a reconnect by disconnecting the socket first */
+	struct sockaddr_in disconnect_addr = {
+		.sin_family = AF_UNSPEC,
+	};
+	if (connect(sel_sock, &disconnect_addr, sizeof(disconnect_addr)) < 0) {
+		wpa_printf(MSG_INFO, "disconnect[radius]: %s", strerror(errno));
+	}
+
 	if (connect(sel_sock, addr, addrlen) < 0) {
 		wpa_printf(MSG_INFO, "connect[radius]: %s", strerror(errno));
 		return -1;
-- 
1.8.4.5




More information about the Hostap mailing list