diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index dda7fa62..a6c59f48 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -8739,7 +8739,7 @@ UINT StSetHubRadius(ADMIN *a, RPC_RADIUS *t) } //SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret); - SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout); + SetRadiusServerEx2(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout); ALog(a, h, "LA_SET_HUB_RADIUS"); @@ -8778,7 +8778,7 @@ UINT StGetHubRadius(ADMIN *a, RPC_RADIUS *t) Zero(t, sizeof(RPC_RADIUS)); //GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName), // &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret)); - GetRadiusServerEx(h, t->RadiusServerName, sizeof(t->RadiusServerName), + GetRadiusServerEx2(h, t->RadiusServerName, sizeof(t->RadiusServerName), &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout); ReleaseHub(h); diff --git a/src/Cedar/Command.c b/src/Cedar/Command.c index dce502bb..848d620e 100644 --- a/src/Cedar/Command.c +++ b/src/Cedar/Command.c @@ -11789,6 +11789,9 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) {"[server_name:port]", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_Host"), CmdEvalNotEmpty, NULL}, {"SECRET", CmdPromptChoosePassword, _UU("CMD_RadiusServerSet_Prompt_Secret"), NULL, NULL}, {"RETRY_INTERVAL", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryInterval"), CmdEvalMinMax, &minmax}, + + // Support for setting timeout through commandline not added + // {"RETRY_TIMEOUT", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryTimeout"), CmdEvalMinMax, &minmax}, }; // If virtual HUB is not selected, it's an error @@ -11813,6 +11816,7 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) StrCpy(t.RadiusServerName, sizeof(t.RadiusServerName), host); StrCpy(t.RadiusSecret, sizeof(t.RadiusSecret), GetParamStr(o, "SECRET")); t.RadiusRetryInterval = GetParamInt(o, "RETRY_INTERVAL"); + // t.RadiusRetryTimeout = GetParamInt(o, "RETRY_TIMEOUT"); Free(host); @@ -11936,6 +11940,9 @@ UINT PsRadiusServerGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) UniToStri(tmp, t.RadiusRetryInterval); CtInsert(ct, _UU("CMD_RadiusServerGet_RetryInterval"), tmp); + + UniToStri(tmp, t.RadiusRetryTimeout); + CtInsert(ct, _UU("CMD_RadiusServerGet_RetryTimeout"), tmp); } CtFree(ct, c); diff --git a/src/Cedar/Hub.c b/src/Cedar/Hub.c index 8cbcd536..774da34d 100644 --- a/src/Cedar/Hub.c +++ b/src/Cedar/Hub.c @@ -116,7 +116,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch if (hub != NULL) { - if (GetRadiusServerEx2(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret, + if (GetRadiusServerEx3(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret, sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter))) { bool use_peap = hub->RadiusUsePeapInsteadOfEap; @@ -6416,14 +6416,19 @@ void ReleaseHub(HUB *h) bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size) { UINT interval; + + return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval); +} +bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval) { UINT timeout; - return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval, &timeout); + + return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, timeout); } -bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout) +bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout) { - return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0); + return GetRadiusServerEx3(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0); } -bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size) +bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size) { bool ret = false; // Validate arguments @@ -6465,9 +6470,13 @@ bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secre // Set the Radius server information void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret) { - SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL, RADIUS_RETRY_TIMEOUT); + SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL); } -void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout) +void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval) +{ + SetRadiusServerEx2(hub, name, port, secret, interval, RADIUS_RETRY_TIMEOUT); +} +void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout) { // Validate arguments if (hub == NULL) diff --git a/src/Cedar/Hub.h b/src/Cedar/Hub.h index 61f234d7..0c740700 100644 --- a/src/Cedar/Hub.h +++ b/src/Cedar/Hub.h @@ -482,10 +482,12 @@ bool IsPacketMaskedByAccessList(SESSION *s, PKT *p, ACCESS *a, UINT64 dest_usern void GetAccessListStr(char *str, UINT size, ACCESS *a); void DeleteOldIpTableEntry(LIST *o); void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret); -void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout); +void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval); +void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout); bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size); -bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout); -bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size); +bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval); +bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout); +bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size); int CompareCert(void *p1, void *p2); void GetHubLogSetting(HUB *h, HUB_LOG *setting); void SetHubLogSetting(HUB *h, HUB_LOG *setting); diff --git a/src/Cedar/Radius.c b/src/Cedar/Radius.c index c17c5b42..08e6727b 100644 --- a/src/Cedar/Radius.c +++ b/src/Cedar/Radius.c @@ -7,6 +7,7 @@ #include "Radius.h" +#include "Protocol.h" #include "Connection.h" #include "IPC.h" #include "Server.h" @@ -1767,7 +1768,7 @@ LABEL_ERROR: ////////// Classical implementation // Attempts Radius authentication (with specifying retry interval and multiple server) -bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20, +bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20, RADIUS_LOGIN_OPTION *opt, char *hubname) { UCHAR random[MD5_SIZE]; @@ -2072,14 +2073,22 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec // Transmission process start start = Tick64(); + + // Limit timeout to be larger than hardcoded timeout + // Limit interval to be larger than the hardcoded interval and less than timeout + if (timeout < RADIUS_RETRY_TIMEOUT) { + timeout = RADIUS_RETRY_TIMEOUT; + } + if(interval < RADIUS_RETRY_INTERVAL) { interval = RADIUS_RETRY_INTERVAL; } - else if(interval > RADIUS_RETRY_TIMEOUT) + else if(interval > timeout) { - interval = RADIUS_RETRY_TIMEOUT; + interval = timeout; } + next_send_time = start + (UINT64)interval; while (true) @@ -2099,6 +2108,8 @@ SEND_RETRY: next_send_time = Tick64() + (UINT64)interval; RECV_RETRY: + ServerUploadNoop(c); + now = Tick64(); if (next_send_time <= now) { @@ -2109,7 +2120,7 @@ RECV_RETRY: goto SEND_RETRY; } - if ((start + RADIUS_RETRY_TIMEOUT) < now) + if ((start + timeout) < now) { // Time-out break; diff --git a/src/Cedar/Radius.h b/src/Cedar/Radius.h index ccae30c9..8d3b880d 100644 --- a/src/Cedar/Radius.h +++ b/src/Cedar/Radius.h @@ -283,7 +283,7 @@ struct RADIUS_LOGIN_OPTION }; // Function prototype -bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20, +bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20, RADIUS_LOGIN_OPTION *opt, char *hubname); BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size); BUF *RadiusCreateUserName(wchar_t *username); diff --git a/src/Cedar/Sam.c b/src/Cedar/Sam.c index 4a223d64..511d5e9d 100644 --- a/src/Cedar/Sam.c +++ b/src/Cedar/Sam.c @@ -516,6 +516,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p char suffix_filter[MAX_SIZE]; wchar_t suffix_filter_w[MAX_SIZE]; UINT interval; + UINT timeout; EAP_CLIENT *eap = NULL; char password1[MAX_SIZE]; UCHAR client_challenge[16]; @@ -586,7 +587,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p } // Get the Radius server information - if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter))) + if (GetRadiusServerEx3(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, &timeout, suffix_filter, sizeof(suffix_filter))) { Unlock(hub->lock); @@ -597,7 +598,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p // Attempt to login b = RadiusLogin(c, radius_server_addr, radius_server_port, radius_secret, StrLen(radius_secret), - name, password, interval, mschap_v2_server_response_20, opt, hub->Name); + name, password, interval, timeout, mschap_v2_server_response_20, opt, hub->Name); if (b) { diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 59ddef72..f23399b0 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -5055,7 +5055,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name) } secret_str[sizeof(secret_str) - 1] = 0; //SetRadiusServer(h, name, port, secret_str); - SetRadiusServerEx(h, name, port, secret_str, interval, timeout); + SetRadiusServerEx2(h, name, port, secret_str, interval, timeout); FreeBuf(secret); } }