mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2026-02-20 01:20:09 +03:00
Implement extended-timeout radius login
This commit is contained in:
Siddharth Narayan
@ -8739,7 +8739,7 @@ UINT StSetHubRadius(ADMIN *a, RPC_RADIUS *t)
|
||||
}
|
||||
|
||||
//SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret);
|
||||
SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout);
|
||||
SetRadiusServerEx2(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout);
|
||||
|
||||
ALog(a, h, "LA_SET_HUB_RADIUS");
|
||||
|
||||
@ -8778,7 +8778,7 @@ UINT StGetHubRadius(ADMIN *a, RPC_RADIUS *t)
|
||||
Zero(t, sizeof(RPC_RADIUS));
|
||||
//GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName),
|
||||
// &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret));
|
||||
GetRadiusServerEx(h, t->RadiusServerName, sizeof(t->RadiusServerName),
|
||||
GetRadiusServerEx2(h, t->RadiusServerName, sizeof(t->RadiusServerName),
|
||||
&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout);
|
||||
|
||||
ReleaseHub(h);
|
||||
|
||||
@ -11789,6 +11789,9 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{"[server_name:port]", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_Host"), CmdEvalNotEmpty, NULL},
|
||||
{"SECRET", CmdPromptChoosePassword, _UU("CMD_RadiusServerSet_Prompt_Secret"), NULL, NULL},
|
||||
{"RETRY_INTERVAL", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryInterval"), CmdEvalMinMax, &minmax},
|
||||
|
||||
// Support for setting timeout through commandline not added
|
||||
// {"RETRY_TIMEOUT", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryTimeout"), CmdEvalMinMax, &minmax},
|
||||
};
|
||||
|
||||
// If virtual HUB is not selected, it's an error
|
||||
@ -11813,6 +11816,7 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
StrCpy(t.RadiusServerName, sizeof(t.RadiusServerName), host);
|
||||
StrCpy(t.RadiusSecret, sizeof(t.RadiusSecret), GetParamStr(o, "SECRET"));
|
||||
t.RadiusRetryInterval = GetParamInt(o, "RETRY_INTERVAL");
|
||||
// t.RadiusRetryTimeout = GetParamInt(o, "RETRY_TIMEOUT");
|
||||
|
||||
Free(host);
|
||||
|
||||
@ -11936,6 +11940,9 @@ UINT PsRadiusServerGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
|
||||
UniToStri(tmp, t.RadiusRetryInterval);
|
||||
CtInsert(ct, _UU("CMD_RadiusServerGet_RetryInterval"), tmp);
|
||||
|
||||
UniToStri(tmp, t.RadiusRetryTimeout);
|
||||
CtInsert(ct, _UU("CMD_RadiusServerGet_RetryTimeout"), tmp);
|
||||
}
|
||||
|
||||
CtFree(ct, c);
|
||||
|
||||
@ -116,7 +116,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
|
||||
|
||||
if (hub != NULL)
|
||||
{
|
||||
if (GetRadiusServerEx2(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
|
||||
if (GetRadiusServerEx3(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
|
||||
sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter)))
|
||||
{
|
||||
bool use_peap = hub->RadiusUsePeapInsteadOfEap;
|
||||
@ -6416,14 +6416,19 @@ void ReleaseHub(HUB *h)
|
||||
bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size)
|
||||
{
|
||||
UINT interval;
|
||||
|
||||
return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval);
|
||||
}
|
||||
bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval) {
|
||||
UINT timeout;
|
||||
return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval, &timeout);
|
||||
|
||||
return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, timeout);
|
||||
}
|
||||
bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout)
|
||||
bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout)
|
||||
{
|
||||
return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0);
|
||||
return GetRadiusServerEx3(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0);
|
||||
}
|
||||
bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size)
|
||||
bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size)
|
||||
{
|
||||
bool ret = false;
|
||||
// Validate arguments
|
||||
@ -6465,9 +6470,13 @@ bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secre
|
||||
// Set the Radius server information
|
||||
void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret)
|
||||
{
|
||||
SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL, RADIUS_RETRY_TIMEOUT);
|
||||
SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL);
|
||||
}
|
||||
void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout)
|
||||
void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval)
|
||||
{
|
||||
SetRadiusServerEx2(hub, name, port, secret, interval, RADIUS_RETRY_TIMEOUT);
|
||||
}
|
||||
void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout)
|
||||
{
|
||||
// Validate arguments
|
||||
if (hub == NULL)
|
||||
|
||||
@ -482,10 +482,12 @@ bool IsPacketMaskedByAccessList(SESSION *s, PKT *p, ACCESS *a, UINT64 dest_usern
|
||||
void GetAccessListStr(char *str, UINT size, ACCESS *a);
|
||||
void DeleteOldIpTableEntry(LIST *o);
|
||||
void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret);
|
||||
void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout);
|
||||
void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval);
|
||||
void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout);
|
||||
bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size);
|
||||
bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout);
|
||||
bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size);
|
||||
bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval);
|
||||
bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout);
|
||||
bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size);
|
||||
int CompareCert(void *p1, void *p2);
|
||||
void GetHubLogSetting(HUB *h, HUB_LOG *setting);
|
||||
void SetHubLogSetting(HUB *h, HUB_LOG *setting);
|
||||
|
||||
@ -7,6 +7,7 @@
|
||||
|
||||
#include "Radius.h"
|
||||
|
||||
#include "Protocol.h"
|
||||
#include "Connection.h"
|
||||
#include "IPC.h"
|
||||
#include "Server.h"
|
||||
@ -1767,7 +1768,7 @@ LABEL_ERROR:
|
||||
////////// Classical implementation
|
||||
|
||||
// Attempts Radius authentication (with specifying retry interval and multiple server)
|
||||
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
|
||||
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
|
||||
RADIUS_LOGIN_OPTION *opt, char *hubname)
|
||||
{
|
||||
UCHAR random[MD5_SIZE];
|
||||
@ -2072,14 +2073,22 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
|
||||
|
||||
// Transmission process start
|
||||
start = Tick64();
|
||||
|
||||
// Limit timeout to be larger than hardcoded timeout
|
||||
// Limit interval to be larger than the hardcoded interval and less than timeout
|
||||
if (timeout < RADIUS_RETRY_TIMEOUT) {
|
||||
timeout = RADIUS_RETRY_TIMEOUT;
|
||||
}
|
||||
|
||||
if(interval < RADIUS_RETRY_INTERVAL)
|
||||
{
|
||||
interval = RADIUS_RETRY_INTERVAL;
|
||||
}
|
||||
else if(interval > RADIUS_RETRY_TIMEOUT)
|
||||
else if(interval > timeout)
|
||||
{
|
||||
interval = RADIUS_RETRY_TIMEOUT;
|
||||
interval = timeout;
|
||||
}
|
||||
|
||||
next_send_time = start + (UINT64)interval;
|
||||
|
||||
while (true)
|
||||
@ -2099,6 +2108,8 @@ SEND_RETRY:
|
||||
next_send_time = Tick64() + (UINT64)interval;
|
||||
|
||||
RECV_RETRY:
|
||||
ServerUploadNoop(c);
|
||||
|
||||
now = Tick64();
|
||||
if (next_send_time <= now)
|
||||
{
|
||||
@ -2109,7 +2120,7 @@ RECV_RETRY:
|
||||
goto SEND_RETRY;
|
||||
}
|
||||
|
||||
if ((start + RADIUS_RETRY_TIMEOUT) < now)
|
||||
if ((start + timeout) < now)
|
||||
{
|
||||
// Time-out
|
||||
break;
|
||||
|
||||
@ -283,7 +283,7 @@ struct RADIUS_LOGIN_OPTION
|
||||
};
|
||||
|
||||
// Function prototype
|
||||
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
|
||||
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
|
||||
RADIUS_LOGIN_OPTION *opt, char *hubname);
|
||||
BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
|
||||
BUF *RadiusCreateUserName(wchar_t *username);
|
||||
|
||||
@ -516,6 +516,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
|
||||
char suffix_filter[MAX_SIZE];
|
||||
wchar_t suffix_filter_w[MAX_SIZE];
|
||||
UINT interval;
|
||||
UINT timeout;
|
||||
EAP_CLIENT *eap = NULL;
|
||||
char password1[MAX_SIZE];
|
||||
UCHAR client_challenge[16];
|
||||
@ -586,7 +587,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
|
||||
}
|
||||
|
||||
// Get the Radius server information
|
||||
if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter)))
|
||||
if (GetRadiusServerEx3(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, &timeout, suffix_filter, sizeof(suffix_filter)))
|
||||
{
|
||||
Unlock(hub->lock);
|
||||
|
||||
@ -597,7 +598,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
|
||||
// Attempt to login
|
||||
b = RadiusLogin(c, radius_server_addr, radius_server_port,
|
||||
radius_secret, StrLen(radius_secret),
|
||||
name, password, interval, mschap_v2_server_response_20, opt, hub->Name);
|
||||
name, password, interval, timeout, mschap_v2_server_response_20, opt, hub->Name);
|
||||
|
||||
if (b)
|
||||
{
|
||||
|
||||
@ -5055,7 +5055,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
|
||||
}
|
||||
secret_str[sizeof(secret_str) - 1] = 0;
|
||||
//SetRadiusServer(h, name, port, secret_str);
|
||||
SetRadiusServerEx(h, name, port, secret_str, interval, timeout);
|
||||
SetRadiusServerEx2(h, name, port, secret_str, interval, timeout);
|
||||
FreeBuf(secret);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user