static void radius_retry_primary_timer(void *eloop_ctx, void *timeout_ctx)
{
struct radius_client_data *radius = eloop_ctx;
struct hostapd_radius_servers *conf = radius->conf;
struct hostapd_radius_server *oserv;
if (radius->auth_sock >= 0 && conf->auth_servers &&
conf->auth_server != conf->auth_servers) {
oserv = conf->auth_server;
conf->auth_server = conf->auth_servers;
radius_change_server(radius, conf->auth_server, oserv,
radius->auth_serv_sock,
radius->auth_serv_sock6, 1);
}
if (radius->acct_sock >= 0 && conf->acct_servers &&
conf->acct_server != conf->acct_servers) {
oserv = conf->acct_server;
conf->acct_server = conf->acct_servers;
radius_change_server(radius, conf->acct_server, oserv,
radius->acct_serv_sock,
radius->acct_serv_sock6, 0);
}
if (conf->retry_primary_interval)
eloop_register_timeout(conf->retry_primary_interval, 0,
radius_retry_primary_timer, radius,
NULL);
}
static void radius_retry_primary_timer(void *eloop_ctx, void *timeout_ctx)
{
struct wpa_supplicant *wpa_s = eloop_ctx;
struct hostapd_radius_server *oserv;
if (wpa_s->radius->auth_serv_sock >= 0 && wpa_s->auth_servers &&
wpa_s->auth_server != wpa_s->auth_servers) {
oserv = wpa_s->auth_server;
wpa_s->auth_server = wpa_s->auth_servers;
radius_change_server(wpa_s, wpa_s->auth_server, oserv,
wpa_s->radius->auth_serv_sock, 1);
}
if (wpa_s->radius->acct_serv_sock >= 0 && wpa_s->acct_servers &&
wpa_s->acct_server != wpa_s->acct_servers) {
oserv = wpa_s->acct_server;
wpa_s->acct_server = wpa_s->acct_servers;
radius_change_server(wpa_s, wpa_s->acct_server, oserv,
wpa_s->radius->acct_serv_sock, 0);
}
if (wpa_s->radius_retry_primary_interval)
eloop_register_timeout(wpa_s->
radius_retry_primary_interval, 0,
radius_retry_primary_timer, wpa_s, NULL);
}
static void radius_retry_primary_timer(void *eloop_ctx, void *timeout_ctx)
{
struct radius_client_data *radius = eloop_ctx;
struct hostapd_data *hapd = radius->hapd;
struct hostapd_radius_server *oserv;
if (radius->auth_serv_sock >= 0 && hapd->conf->auth_servers &&
hapd->conf->auth_server != hapd->conf->auth_servers) {
oserv = hapd->conf->auth_server;
hapd->conf->auth_server = hapd->conf->auth_servers;
radius_change_server(radius, hapd->conf->auth_server, oserv,
radius->auth_serv_sock, 1);
}
if (radius->acct_serv_sock >= 0 && hapd->conf->acct_servers &&
hapd->conf->acct_server != hapd->conf->acct_servers) {
oserv = hapd->conf->acct_server;
hapd->conf->acct_server = hapd->conf->acct_servers;
radius_change_server(radius, hapd->conf->acct_server, oserv,
radius->acct_serv_sock, 0);
}
if (hapd->conf->radius_retry_primary_interval)
eloop_register_timeout(hapd->conf->
radius_retry_primary_interval, 0,
radius_retry_primary_timer, radius,
NULL);
}
static void radius_client_acct_failover(struct radius_client_data *radius)
{
struct hostapd_radius_servers *conf = radius->conf;
struct hostapd_radius_server *next, *old;
struct radius_msg_list *entry;
char abuf[50];
old = conf->acct_server;
hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_NOTICE,
"No response from Accounting server %s:%d - failover",
hostapd_ip_txt(&old->addr, abuf, sizeof(abuf)),
old->port);
for (entry = radius->msgs; entry; entry = entry->next) {
if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM)
old->timeouts++;
}
next = old + 1;
if (next > &conf->acct_servers[conf->num_acct_servers - 1])
next = conf->acct_servers;
conf->acct_server = next;
radius_change_server(radius, next, old,
radius->acct_serv_sock,
radius->acct_serv_sock6, 0);
}
static int radius_client_init_acct(struct radius_client_data *radius)
{
struct hostapd_radius_servers *conf = radius->conf;
int ok = 0;
radius_close_acct_sockets(radius);
radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->acct_serv_sock < 0)
wpa_printf(MSG_INFO, "RADIUS: socket[PF_INET,SOCK_DGRAM]: %s",
strerror(errno));
else {
radius_client_disable_pmtu_discovery(radius->acct_serv_sock);
ok++;
}
#ifdef CONFIG_IPV6
radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
if (radius->acct_serv_sock6 < 0)
wpa_printf(MSG_INFO, "RADIUS: socket[PF_INET6,SOCK_DGRAM]: %s",
strerror(errno));
else
ok++;
#endif /* CONFIG_IPV6 */
if (ok == 0)
return -1;
radius_change_server(radius, conf->acct_server, NULL,
radius->acct_serv_sock, radius->acct_serv_sock6,
0);
if (radius->acct_serv_sock >= 0 &&
eloop_register_read_sock(radius->acct_serv_sock,
radius_client_receive, radius,
(void *) RADIUS_ACCT)) {
wpa_printf(MSG_INFO, "RADIUS: Could not register read socket for accounting server");
radius_close_acct_sockets(radius);
return -1;
}
#ifdef CONFIG_IPV6
if (radius->acct_serv_sock6 >= 0 &&
eloop_register_read_sock(radius->acct_serv_sock6,
radius_client_receive, radius,
(void *) RADIUS_ACCT)) {
wpa_printf(MSG_INFO, "RADIUS: Could not register read socket for accounting server");
radius_close_acct_sockets(radius);
return -1;
}
#endif /* CONFIG_IPV6 */
return 0;
}
static int radius_client_init_auth(struct radius_client_data *radius)
{
struct hostapd_radius_servers *conf = radius->conf;
int ok = 0;
radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->auth_serv_sock < 0)
perror("socket[PF_INET,SOCK_DGRAM]");
else {
radius_client_disable_pmtu_discovery(radius->auth_serv_sock);
ok++;
}
#ifdef CONFIG_IPV6
radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
if (radius->auth_serv_sock6 < 0)
perror("socket[PF_INET6,SOCK_DGRAM]");
else
ok++;
#endif /* CONFIG_IPV6 */
if (ok == 0)
return -1;
radius_change_server(radius, conf->auth_server, NULL,
radius->auth_serv_sock, radius->auth_serv_sock6,
1);
if (radius->auth_serv_sock >= 0 &&
eloop_register_read_sock(radius->auth_serv_sock,
radius_client_receive, radius,
(void *) RADIUS_AUTH)) {
printf("Could not register read socket for authentication "
"server\n");
return -1;
}
#ifdef CONFIG_IPV6
if (radius->auth_serv_sock6 >= 0 &&
eloop_register_read_sock(radius->auth_serv_sock6,
radius_client_receive, radius,
(void *) RADIUS_AUTH)) {
printf("Could not register read socket for authentication "
"server\n");
return -1;
}
#endif /* CONFIG_IPV6 */
return 0;
}
static int radius_client_init_acct(hostapd *hapd)
{
hapd->radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (hapd->radius->acct_serv_sock < 0) {
perror("socket[PF_INET,SOCK_DGRAM]");
return -1;
}
radius_change_server(hapd, hapd->conf->acct_server, NULL,
hapd->radius->acct_serv_sock, 0);
if (eloop_register_read_sock(hapd->radius->acct_serv_sock,
radius_client_receive, hapd,
(void *) RADIUS_ACCT)) {
printf("Could not register read socket for accounting "
"server\n");
return -1;
}
return 0;
}
static int radius_client_init_acct(struct wpa_supplicant *wpa_s)
{
wpa_s->radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (wpa_s->radius->acct_serv_sock < 0) {
perror("socket[PF_INET,SOCK_DGRAM]");
return -1;
}
radius_change_server(wpa_s, wpa_s->acct_server, NULL,
wpa_s->radius->acct_serv_sock, 0);
if (eloop_register_read_sock(wpa_s->radius->acct_serv_sock,
radius_client_receive, wpa_s,
(void *) RADIUS_ACCT)) {
printf("Could not register read socket for accounting "
"server\n");
return -1;
}
return 0;
}
static int radius_client_init_acct(struct radius_client_data *radius)
{
struct hostapd_data *hapd = radius->hapd;
radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->acct_serv_sock < 0) {
perror("socket[PF_INET,SOCK_DGRAM]");
return -1;
}
radius_change_server(radius, hapd->conf->acct_server, NULL,
radius->acct_serv_sock, 0);
if (eloop_register_read_sock(radius->acct_serv_sock,
radius_client_receive, radius,
(void *) RADIUS_ACCT)) {
printf("Could not register read socket for accounting "
"server\n");
return -1;
}
return 0;
}
static int radius_client_init_acct(struct radius_client_data *radius)
{
struct hostapd_radius_servers *conf = radius->conf;
int ok = 0;
radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->acct_serv_sock < 0)
perror("socket[PF_INET,SOCK_DGRAM]");
else
ok++;
radius_change_server(radius, conf->acct_server, NULL,
radius->acct_serv_sock, radius->acct_serv_sock6,
0);
if (radius->acct_serv_sock >= 0 &&
eloop_register_read_sock(radius->acct_serv_sock,
radius_client_receive, radius,
(void *) RADIUS_ACCT)) {
wpa_printf(MSG_ERROR,
"Could not register read socket for accounting "
"server\n");
return -1;
}
#ifdef CONFIG_IPV6
if (radius->acct_serv_sock6 >= 0 &&
eloop_register_read_sock(radius->acct_serv_sock6,
radius_client_receive, radius,
(void *) RADIUS_ACCT)) {
wpa_printf(MSG_ERROR,
"Could not register read socket for accounting "
"server\n");
return -1;
}
#endif /* CONFIG_IPV6 */
return 0;
}
static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
{
struct radius_client_data *radius = eloop_ctx;
struct hostapd_radius_servers *conf = radius->conf;
struct os_time now;
os_time_t first;
struct radius_msg_list *entry, *prev, *tmp;
int auth_failover = 0, acct_failover = 0;
char abuf[50];
entry = radius->msgs;
if (!entry)
return;
os_get_time(&now);
first = 0;
prev = NULL;
while (entry) {
if (now.sec >= entry->next_try &&
radius_client_retransmit(radius, entry, now.sec)) {
if (prev)
prev->next = entry->next;
else
radius->msgs = entry->next;
tmp = entry;
entry = entry->next;
radius_client_msg_free(tmp);
radius->num_msgs--;
continue;
}
if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER) {
if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM)
acct_failover++;
else
auth_failover++;
}
if (first == 0 || entry->next_try < first)
first = entry->next_try;
prev = entry;
entry = entry->next;
}
if (radius->msgs) {
if (first < now.sec)
first = now.sec;
eloop_register_timeout(first - now.sec, 0,
radius_client_timer, radius, NULL);
hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_DEBUG, "Next RADIUS client "
"retransmit in %ld seconds",
(long int) (first - now.sec));
}
if (auth_failover && conf->num_auth_servers > 1) {
struct hostapd_radius_server *next, *old;
old = conf->auth_server;
hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_NOTICE,
"No response from Authentication server "
"%s:%d - failover",
hostapd_ip_txt(&old->addr, abuf, sizeof(abuf)),
old->port);
for (entry = radius->msgs; entry; entry = entry->next) {
if (entry->msg_type == RADIUS_AUTH)
old->timeouts++;
}
next = old + 1;
if (next > &(conf->auth_servers[conf->num_auth_servers - 1]))
next = conf->auth_servers;
conf->auth_server = next;
radius_change_server(radius, next, old,
radius->auth_serv_sock,
radius->auth_serv_sock6, 1);
}
if (acct_failover && conf->num_acct_servers > 1) {
struct hostapd_radius_server *next, *old;
old = conf->acct_server;
hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_NOTICE,
"No response from Accounting server "
"%s:%d - failover",
hostapd_ip_txt(&old->addr, abuf, sizeof(abuf)),
old->port);
for (entry = radius->msgs; entry; entry = entry->next) {
if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM)
old->timeouts++;
}
next = old + 1;
if (next > &conf->acct_servers[conf->num_acct_servers - 1])
next = conf->acct_servers;
conf->acct_server = next;
radius_change_server(radius, next, old,
radius->acct_serv_sock,
radius->acct_serv_sock6, 0);
}
}
static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
{
struct radius_client_data *radius = eloop_ctx;
struct hostapd_data *hapd = radius->hapd;
time_t now, first;
struct radius_msg_list *entry, *prev, *tmp;
int auth_failover = 0, acct_failover = 0;
entry = radius->msgs;
if (!entry)
return;
time(&now);
first = 0;
prev = NULL;
while (entry) {
if (now >= entry->next_try &&
radius_client_retransmit(radius, entry, now)) {
if (prev)
prev->next = entry->next;
else
radius->msgs = entry->next;
tmp = entry;
entry = entry->next;
radius_client_msg_free(tmp);
radius->num_msgs--;
continue;
}
if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER) {
if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM)
acct_failover++;
else
auth_failover++;
}
if (first == 0 || entry->next_try < first)
first = entry->next_try;
prev = entry;
entry = entry->next;
}
if (radius->msgs) {
if (first < now)
first = now;
eloop_register_timeout(first - now, 0,
radius_client_timer, radius, NULL);
HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Next RADIUS client "
"retransmit in %ld seconds\n",
(long int) (first - now));
}
if (auth_failover && hapd->conf->num_auth_servers > 1) {
struct hostapd_radius_server *next, *old;
old = hapd->conf->auth_server;
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_NOTICE,
"No response from Authentication server "
"%s:%d - failover",
inet_ntoa(old->addr), old->port);
for (entry = radius->msgs; entry; entry = entry->next) {
if (entry->msg_type == RADIUS_AUTH)
old->timeouts++;
}
next = old + 1;
if (next > &(hapd->conf->auth_servers
[hapd->conf->num_auth_servers - 1]))
next = hapd->conf->auth_servers;
hapd->conf->auth_server = next;
radius_change_server(radius, next, old,
radius->auth_serv_sock, 1);
}
if (acct_failover && hapd->conf->num_acct_servers > 1) {
struct hostapd_radius_server *next, *old;
old = hapd->conf->acct_server;
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_NOTICE,
"No response from Accounting server "
"%s:%d - failover",
inet_ntoa(old->addr), old->port);
for (entry = radius->msgs; entry; entry = entry->next) {
if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM)
old->timeouts++;
}
next = old + 1;
if (next > &hapd->conf->acct_servers
[hapd->conf->num_acct_servers - 1])
next = hapd->conf->acct_servers;
hapd->conf->acct_server = next;
radius_change_server(radius, next, old,
radius->acct_serv_sock, 0);
}
}
static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
{
struct wpa_supplicant *wpa_s = eloop_ctx;
time_t now, first;
struct radius_msg_list *entry, *prev, *tmp;
int auth_failover = 0, acct_failover = 0;
entry = wpa_s->radius->msgs;
if (!entry)
return;
time(&now);
first = 0;
prev = NULL;
while (entry) {
if (now >= entry->next_try &&
radius_client_retransmit(wpa_s, entry, now)) {
if (prev)
prev->next = entry->next;
else
wpa_s->radius->msgs = entry->next;
tmp = entry;
entry = entry->next;
radius_client_msg_free(tmp);
wpa_s->radius->num_msgs--;
continue;
}
if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER) {
if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM)
acct_failover++;
else
auth_failover++;
}
if (first == 0 || entry->next_try < first)
first = entry->next_try;
prev = entry;
entry = entry->next;
}
if (wpa_s->radius->msgs) {
if (first < now)
first = now;
eloop_register_timeout(first - now, 0,
radius_client_timer, wpa_s, NULL);
}
if (auth_failover && wpa_s->num_auth_servers > 1) {
struct hostapd_radius_server *next, *old;
old = wpa_s->auth_server;
hostapd_logger(wpa_s, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_NOTICE,
"No response from Authentication server "
"%s:%d - failover",
inet_ntoa(old->addr), old->port);
next = old + 1;
if (next > &(wpa_s->auth_servers
[wpa_s->num_auth_servers - 1]))
next = wpa_s->auth_servers;
wpa_s->auth_server = next;
radius_change_server(wpa_s, next, old,
wpa_s->radius->auth_serv_sock, 1);
}
if (acct_failover && wpa_s->num_acct_servers > 1) {
struct hostapd_radius_server *next, *old;
old = wpa_s->acct_server;
hostapd_logger(wpa_s, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_NOTICE,
"No response from Accounting server "
"%s:%d - failover",
inet_ntoa(old->addr), old->port);
next = old + 1;
if (next > &wpa_s->acct_servers
[wpa_s->num_acct_servers - 1])
next = wpa_s->acct_servers;
wpa_s->acct_server = next;
radius_change_server(wpa_s, next, old,
wpa_s->radius->acct_serv_sock, 0);
}
}
