diff options
| author | Kozlov Dmitry <dima@server> | 2011-08-16 17:46:36 +0400 |
|---|---|---|
| committer | Kozlov Dmitry <dima@server> | 2011-08-16 17:46:36 +0400 |
| commit | 3b04c12e021c35d71d8b690b54b7f96ce6a24576 (patch) | |
| tree | 71d4fbe11c30e6ab54224cb38b98a7562a4b30a3 /accel-pppd/radius/auth.c | |
| parent | 8a948ec1a1697601282a20f3c0f09d912c24c923 (diff) | |
| parent | dc7cbe120d8794d8520e6d9d35c121474453d807 (diff) | |
| download | accel-ppp-3b04c12e021c35d71d8b690b54b7f96ce6a24576.tar.gz accel-ppp-3b04c12e021c35d71d8b690b54b7f96ce6a24576.zip | |
Merge branch 'radius'
Diffstat (limited to 'accel-pppd/radius/auth.c')
| -rw-r--r-- | accel-pppd/radius/auth.c | 91 |
1 files changed, 60 insertions, 31 deletions
diff --git a/accel-pppd/radius/auth.c b/accel-pppd/radius/auth.c index a37da0b6..e4810fa6 100644 --- a/accel-pppd/radius/auth.c +++ b/accel-pppd/radius/auth.c @@ -30,7 +30,7 @@ static int decrypt_chap_mppe_keys(struct rad_req_t *req, struct rad_attr_t *attr memcpy(plain, attr->val.octets, 32); MD5_Init(&md5_ctx); - MD5_Update(&md5_ctx, conf_auth_secret, strlen(conf_auth_secret)); + MD5_Update(&md5_ctx, req->serv->auth_secret, strlen(req->serv->auth_secret)); MD5_Update(&md5_ctx, req->pack->buf + 4, 16); MD5_Final(md5, &md5_ctx); @@ -38,7 +38,7 @@ static int decrypt_chap_mppe_keys(struct rad_req_t *req, struct rad_attr_t *attr plain[i] ^= md5[i]; MD5_Init(&md5_ctx); - MD5_Update(&md5_ctx, conf_auth_secret, strlen(conf_auth_secret)); + MD5_Update(&md5_ctx, req->serv->auth_secret, strlen(req->serv->auth_secret)); MD5_Update(&md5_ctx, attr->val.octets, 16); MD5_Final(md5, &md5_ctx); @@ -74,7 +74,7 @@ static int decrypt_mppe_key(struct rad_req_t *req, struct rad_attr_t *attr, uint } MD5_Init(&md5_ctx); - MD5_Update(&md5_ctx, conf_auth_secret, strlen(conf_auth_secret)); + MD5_Update(&md5_ctx, req->serv->auth_secret, strlen(req->serv->auth_secret)); MD5_Update(&md5_ctx, req->pack->buf + 4, 16); MD5_Update(&md5_ctx, attr->val.octets, 2); MD5_Final(md5, &md5_ctx); @@ -90,7 +90,7 @@ static int decrypt_mppe_key(struct rad_req_t *req, struct rad_attr_t *attr, uint } MD5_Init(&md5_ctx); - MD5_Update(&md5_ctx, conf_auth_secret, strlen(conf_auth_secret)); + MD5_Update(&md5_ctx, req->serv->auth_secret, strlen(req->serv->auth_secret)); MD5_Update(&md5_ctx, attr->val.octets + 2, 16); MD5_Final(md5, &md5_ctx); @@ -145,42 +145,71 @@ static uint8_t* encrypt_password(const char *passwd, const char *secret, const u static int rad_auth_send(struct rad_req_t *req) { int i; - struct timeval tv; + struct timeval tv, tv2; unsigned int dt; + int timeout; - for(i = 0; i < conf_max_try; i++) { - __sync_add_and_fetch(&stat_auth_sent, 1); - gettimeofday(&tv, NULL); - if (rad_req_send(req, conf_verbose)) - goto out; + while (1) { + if (rad_server_req_enter(req)) { + if (rad_server_realloc(req, 0)) { + log_ppp_warn("radius: no available servers\n"); + break; + } + continue; + } - rad_req_wait(req, conf_timeout); + for(i = 0; i < conf_max_try; i++) { + __sync_add_and_fetch(&stat_auth_sent, 1); + gettimeofday(&tv, NULL); + if (rad_req_send(req, conf_verbose)) + goto out; - if (req->reply) { - if (req->reply->id != req->pack->id) { - __sync_add_and_fetch(&stat_auth_lost, 1); - stat_accm_add(stat_auth_lost_1m, 1); - stat_accm_add(stat_auth_lost_5m, 1); - rad_packet_free(req->reply); - req->reply = NULL; - } else { + timeout = conf_timeout; + + while (timeout > 0) { + + rad_req_wait(req, timeout); + + if (req->reply) { + if (req->reply->id != req->pack->id) { + rad_packet_free(req->reply); + req->reply = NULL; + gettimeofday(&tv2, NULL); + timeout = conf_timeout - ((tv2.tv_sec - tv.tv_sec) * 1000 + (tv2.tv_usec - tv.tv_usec) / 1000); + } else + break; + } else + break; + } + + if (req->reply) { dt = (req->reply->tv.tv_sec - tv.tv_sec) * 1000 + (req->reply->tv.tv_usec - tv.tv_usec) / 1000; stat_accm_add(stat_auth_query_1m, dt); stat_accm_add(stat_auth_query_5m, dt); break; + } else { + __sync_add_and_fetch(&stat_auth_lost, 1); + stat_accm_add(stat_auth_lost_1m, 1); + stat_accm_add(stat_auth_lost_5m, 1); } - } else - __sync_add_and_fetch(&stat_auth_lost, 1); - stat_accm_add(stat_auth_lost_1m, 1); - stat_accm_add(stat_auth_lost_5m, 1); - } + } + + rad_server_req_exit(req); - if (!req->reply) - log_ppp_warn("radius:auth: no response\n"); - else if (req->reply->code == CODE_ACCESS_ACCEPT) { - if (rad_proc_attrs(req)) - return PWDB_DENIED; - return PWDB_SUCCESS; + if (!req->reply) { + rad_server_fail(req->serv); + if (rad_server_realloc(req, 0)) { + log_ppp_warn("radius: no available servers\n"); + break; + } + } else { + if (req->reply->code == CODE_ACCESS_ACCEPT) { + if (rad_proc_attrs(req)) + return PWDB_DENIED; + return PWDB_SUCCESS; + } else + break; + } } out: @@ -200,7 +229,7 @@ int rad_auth_pap(struct radius_pd_t *rpd, const char *username, va_list args) if (!req) return PWDB_DENIED; - epasswd = encrypt_password(passwd, conf_auth_secret, req->RA, &epasswd_len); + epasswd = encrypt_password(passwd, req->serv->auth_secret, req->RA, &epasswd_len); if (!epasswd) goto out; |