From 304364719cc2de16146d84e2a7ff424cab9afbc4 Mon Sep 17 00:00:00 2001 From: Siddharth Narayan Date: Sun, 21 Dec 2025 21:07:55 -0500 Subject: [PATCH] Add radius retry timeout in configuration --- src/Cedar/Admin.c | 6 ++++-- src/Cedar/Admin.h | 1 + src/Cedar/Hub.c | 34 +++++++++++++++++++++++----------- src/Cedar/Hub.h | 7 ++++--- src/Cedar/Server.c | 9 ++++++++- src/Mayaqua/Network.h | 2 -- 6 files changed, 40 insertions(+), 19 deletions(-) diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index eeb99201..dda7fa62 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -8739,7 +8739,7 @@ UINT StSetHubRadius(ADMIN *a, RPC_RADIUS *t) } //SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret); - SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval); + SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout); ALog(a, h, "LA_SET_HUB_RADIUS"); @@ -8779,7 +8779,7 @@ UINT StGetHubRadius(ADMIN *a, RPC_RADIUS *t) //GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName), // &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret)); GetRadiusServerEx(h, t->RadiusServerName, sizeof(t->RadiusServerName), - &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval); + &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout); ReleaseHub(h); @@ -13031,6 +13031,7 @@ void InRpcRadius(RPC_RADIUS *t, PACK *p) PackGetStr(p, "HubName", t->HubName, sizeof(t->HubName)); PackGetStr(p, "RadiusSecret", t->RadiusSecret, sizeof(t->RadiusSecret)); t->RadiusRetryInterval = PackGetInt(p, "RadiusRetryInterval"); + t->RadiusRetryTimeout = PackGetInt(p, "RadiusRetryTimeout"); } void OutRpcRadius(PACK *p, RPC_RADIUS *t) { @@ -13045,6 +13046,7 @@ void OutRpcRadius(PACK *p, RPC_RADIUS *t) PackAddStr(p, "HubName", t->HubName); PackAddStr(p, "RadiusSecret", t->RadiusSecret); PackAddInt(p, "RadiusRetryInterval", t->RadiusRetryInterval); + PackAddInt(p, "RadiusRetryTimeout", t->RadiusRetryTimeout); } // RPC_HUB diff --git a/src/Cedar/Admin.h b/src/Cedar/Admin.h index e6e5faaf..4e951a41 100644 --- a/src/Cedar/Admin.h +++ b/src/Cedar/Admin.h @@ -259,6 +259,7 @@ struct RPC_RADIUS UINT RadiusPort; // Radius port number char RadiusSecret[MAX_PASSWORD_LEN + 1]; // Secret key UINT RadiusRetryInterval; // Radius retry interval + UINT RadiusRetryTimeout; // Radius retry timeout }; // Specify the HUB diff --git a/src/Cedar/Hub.c b/src/Cedar/Hub.c index 1677d605..8cbcd536 100644 --- a/src/Cedar/Hub.c +++ b/src/Cedar/Hub.c @@ -99,6 +99,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch char radius_servers[MAX_PATH] = {0}; UINT radius_port = 0; UINT radius_retry_interval = 0; + UINT radius_retry_timeout = 0; char radius_secret[MAX_PATH] = {0}; char radius_suffix_filter[MAX_PATH] = {0}; if (cedar == NULL || hubname == NULL || client_ip_str == NULL || username == NULL) @@ -116,7 +117,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch if (hub != NULL) { if (GetRadiusServerEx2(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret, - sizeof(radius_secret), &radius_retry_interval, radius_suffix_filter, sizeof(radius_suffix_filter))) + sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter))) { bool use_peap = hub->RadiusUsePeapInsteadOfEap; @@ -6415,17 +6416,18 @@ void ReleaseHub(HUB *h) bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size) { UINT interval; - return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval); + UINT timeout; + return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval, &timeout); } -bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval) +bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout) { - return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, NULL, 0); + return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0); } -bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size) +bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size) { bool ret = false; // Validate arguments - if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL) + if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL || timeout == NULL) { return false; } @@ -6439,6 +6441,7 @@ bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secre StrCpy(name, size, hub->RadiusServerName); *port = hub->RadiusServerPort; *interval = hub->RadiusRetryInterval; + *timeout = hub->RadiusRetryTimeout; tmp_size = hub->RadiusSecret->Size + 1; tmp = ZeroMalloc(tmp_size); @@ -6462,9 +6465,9 @@ bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secre // Set the Radius server information void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret) { - SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL); + SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL, RADIUS_RETRY_TIMEOUT); } -void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval) +void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout) { // Validate arguments if (hub == NULL) @@ -6484,19 +6487,28 @@ void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT inter hub->RadiusServerName = NULL; hub->RadiusServerPort = 0; hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL; + hub->RadiusRetryTimeout = RADIUS_RETRY_TIMEOUT; + FreeBuf(hub->RadiusSecret); } else { hub->RadiusServerName = CopyStr(name); hub->RadiusServerPort = port; + + if (timeout == 0) { + timeout = RADIUS_RETRY_TIMEOUT; + } + hub->RadiusRetryTimeout = timeout; + if (interval == 0) { - hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL; + hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL; ///What happens here is that RADIUS_RETRY_TIMEOUT is not configurable, and RADIUS_RETRY_INTERVAL is set to the timeout if it's larger. } - else if (interval > RADIUS_RETRY_TIMEOUT) + + if (interval > timeout) { - hub->RadiusRetryInterval = RADIUS_RETRY_TIMEOUT; + hub->RadiusRetryInterval = timeout; } else { diff --git a/src/Cedar/Hub.h b/src/Cedar/Hub.h index a47984f6..61f234d7 100644 --- a/src/Cedar/Hub.h +++ b/src/Cedar/Hub.h @@ -341,6 +341,7 @@ struct HUB char *RadiusServerName; // Radius server name UINT RadiusServerPort; // Radius server port number UINT RadiusRetryInterval; // Radius retry interval + UINT RadiusRetryTimeout; // Radius timeout, it will no longer retry BUF *RadiusSecret; // Radius shared key char RadiusSuffixFilter[MAX_SIZE]; // Radius suffix filter char RadiusRealm[MAX_SIZE]; // Radius realm (optional) @@ -481,10 +482,10 @@ bool IsPacketMaskedByAccessList(SESSION *s, PKT *p, ACCESS *a, UINT64 dest_usern void GetAccessListStr(char *str, UINT size, ACCESS *a); void DeleteOldIpTableEntry(LIST *o); void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret); -void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval); +void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout); bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size); -bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval); -bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size); +bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout); +bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size); int CompareCert(void *p1, void *p2); void GetHubLogSetting(HUB *h, HUB_LOG *setting); void SetHubLogSetting(HUB *h, HUB_LOG *setting); diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 08b8345b..59ddef72 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -4855,6 +4855,7 @@ void SiWriteHubCfg(FOLDER *f, HUB *h) } CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort); CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval); + CfgAddInt(f, "RadiusRetryTimeout", h->RadiusRetryTimeout); CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter); CfgAddStr(f, "RadiusRealm", h->RadiusRealm); @@ -5020,9 +5021,11 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name) BUF *secret; UINT port; UINT interval; + UINT timeout; port = CfgGetInt(f, "RadiusServerPort"); interval = CfgGetInt(f, "RadiusRetryInterval"); + timeout = CfgGetInt(f, "RadiusRetryTimeout"); CfgGetStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter, sizeof(h->RadiusSuffixFilter)); CfgGetStr(f, "RadiusRealm", h->RadiusRealm, sizeof(h->RadiusRealm)); @@ -5035,6 +5038,10 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name) interval = RADIUS_RETRY_INTERVAL; } + if (timeout == 0) { + timeout = RADIUS_RETRY_TIMEOUT; + } + if (port != 0 && CfgGetStr(f, "RadiusServerName", name, sizeof(name))) { secret = CfgGetBuf(f, "RadiusSecret"); @@ -5048,7 +5055,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name) } secret_str[sizeof(secret_str) - 1] = 0; //SetRadiusServer(h, name, port, secret_str); - SetRadiusServerEx(h, name, port, secret_str, interval); + SetRadiusServerEx(h, name, port, secret_str, interval, timeout); FreeBuf(secret); } } diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h index 2aa8d1f7..5d1aece2 100644 --- a/src/Mayaqua/Network.h +++ b/src/Mayaqua/Network.h @@ -881,8 +881,6 @@ struct SSL_VERIFY_OPTION X *SavedCert; // Saved server certificate }; -#define SSL_DEFAULT_CONNECT_TIMEOUT (15 * 1000) // SSL default timeout - // Header for TCP Pair struct TCP_PAIR_HEADER {