AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-04-19 21:41:18 +03:00
Code Releases Activity

Implement extended-timeout radius login

Browse Source
This commit is contained in:
Siddharth Narayan
2026-02-18 00:44:18 -06:00
parent c32184495b
commit bbda0c298d
8 changed files with 50 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Cedar/Admin.c
+2 -2
View File
@@ -8739,7 +8739,7 @@ UINT StSetHubRadius(ADMIN *a, RPC_RADIUS *t)
} }
//SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret); //SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret);
SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout); SetRadiusServerEx2(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout);
ALog(a, h, "LA_SET_HUB_RADIUS"); ALog(a, h, "LA_SET_HUB_RADIUS");
@@ -8778,7 +8778,7 @@ UINT StGetHubRadius(ADMIN *a, RPC_RADIUS *t)
Zero(t, sizeof(RPC_RADIUS)); Zero(t, sizeof(RPC_RADIUS));
//GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName), //GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName),
// &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret)); // &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret));
GetRadiusServerEx(h, t->RadiusServerName, sizeof(t->RadiusServerName), GetRadiusServerEx2(h, t->RadiusServerName, sizeof(t->RadiusServerName),
&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout); &t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout);
ReleaseHub(h); ReleaseHub(h);
src/Cedar/Command.c
+7
View File
@@ -11789,6 +11789,9 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{"[server_name:port]", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_Host"), CmdEvalNotEmpty, NULL}, {"[server_name:port]", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_Host"), CmdEvalNotEmpty, NULL},
{"SECRET", CmdPromptChoosePassword, _UU("CMD_RadiusServerSet_Prompt_Secret"), NULL, NULL}, {"SECRET", CmdPromptChoosePassword, _UU("CMD_RadiusServerSet_Prompt_Secret"), NULL, NULL},
{"RETRY_INTERVAL", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryInterval"), CmdEvalMinMax, &minmax}, {"RETRY_INTERVAL", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryInterval"), CmdEvalMinMax, &minmax},
// Support for setting timeout through commandline not added
// {"RETRY_TIMEOUT", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryTimeout"), CmdEvalMinMax, &minmax},
}; };
// If virtual HUB is not selected, it's an error // If virtual HUB is not selected, it's an error
@@ -11813,6 +11816,7 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
StrCpy(t.RadiusServerName, sizeof(t.RadiusServerName), host); StrCpy(t.RadiusServerName, sizeof(t.RadiusServerName), host);
StrCpy(t.RadiusSecret, sizeof(t.RadiusSecret), GetParamStr(o, "SECRET")); StrCpy(t.RadiusSecret, sizeof(t.RadiusSecret), GetParamStr(o, "SECRET"));
t.RadiusRetryInterval = GetParamInt(o, "RETRY_INTERVAL"); t.RadiusRetryInterval = GetParamInt(o, "RETRY_INTERVAL");
// t.RadiusRetryTimeout = GetParamInt(o, "RETRY_TIMEOUT");
Free(host); Free(host);
@@ -11936,6 +11940,9 @@ UINT PsRadiusServerGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
UniToStri(tmp, t.RadiusRetryInterval); UniToStri(tmp, t.RadiusRetryInterval);
CtInsert(ct, _UU("CMD_RadiusServerGet_RetryInterval"), tmp); CtInsert(ct, _UU("CMD_RadiusServerGet_RetryInterval"), tmp);
UniToStri(tmp, t.RadiusRetryTimeout);
CtInsert(ct, _UU("CMD_RadiusServerGet_RetryTimeout"), tmp);
} }
CtFree(ct, c); CtFree(ct, c);
src/Cedar/Hub.c
+16 -7
View File
@@ -116,7 +116,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
if (hub != NULL) if (hub != NULL)
{ {
if (GetRadiusServerEx2(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret, if (GetRadiusServerEx3(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter))) sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter)))
{ {
bool use_peap = hub->RadiusUsePeapInsteadOfEap; bool use_peap = hub->RadiusUsePeapInsteadOfEap;
@@ -6416,14 +6416,19 @@ void ReleaseHub(HUB *h)
bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size) bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size)
{ {
UINT interval; UINT interval;
return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval);
}
bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval) {
UINT timeout; UINT timeout;
return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval, &timeout);
return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, timeout);
} }
bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout) bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout)
{ {
return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0); return GetRadiusServerEx3(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0);
} }
bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size) bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size)
{ {
bool ret = false; bool ret = false;
// Validate arguments // Validate arguments
@@ -6465,9 +6470,13 @@ bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secre
// Set the Radius server information // Set the Radius server information
void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret) void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret)
{ {
SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL, RADIUS_RETRY_TIMEOUT); SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL);
} }
void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout) void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval)
{
SetRadiusServerEx2(hub, name, port, secret, interval, RADIUS_RETRY_TIMEOUT);
}
void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout)
{ {
// Validate arguments // Validate arguments
if (hub == NULL) if (hub == NULL)
src/Cedar/Hub.h
+5 -3
View File
@@ -482,10 +482,12 @@ bool IsPacketMaskedByAccessList(SESSION *s, PKT *p, ACCESS *a, UINT64 dest_usern
void GetAccessListStr(char *str, UINT size, ACCESS *a); void GetAccessListStr(char *str, UINT size, ACCESS *a);
void DeleteOldIpTableEntry(LIST *o); void DeleteOldIpTableEntry(LIST *o);
void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret); void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret);
void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout); void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval);
void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout);
bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size); bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size);
bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout); bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval);
bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size); bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout);
bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size);
int CompareCert(void *p1, void *p2); int CompareCert(void *p1, void *p2);
void GetHubLogSetting(HUB *h, HUB_LOG *setting); void GetHubLogSetting(HUB *h, HUB_LOG *setting);
void SetHubLogSetting(HUB *h, HUB_LOG *setting); void SetHubLogSetting(HUB *h, HUB_LOG *setting);
src/Cedar/Radius.c
+15 -4
View File
@@ -7,6 +7,7 @@
#include "Radius.h" #include "Radius.h"
#include "Protocol.h"
#include "Connection.h" #include "Connection.h"
#include "IPC.h" #include "IPC.h"
#include "Server.h" #include "Server.h"
@@ -1767,7 +1768,7 @@ LABEL_ERROR:
////////// Classical implementation ////////// Classical implementation
// Attempts Radius authentication (with specifying retry interval and multiple server) // Attempts Radius authentication (with specifying retry interval and multiple server)
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20, bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt, char *hubname) RADIUS_LOGIN_OPTION *opt, char *hubname)
{ {
UCHAR random[MD5_SIZE]; UCHAR random[MD5_SIZE];
@@ -2072,14 +2073,22 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
// Transmission process start // Transmission process start
start = Tick64(); start = Tick64();
// Limit timeout to be larger than hardcoded timeout
// Limit interval to be larger than the hardcoded interval and less than timeout
if (timeout < RADIUS_RETRY_TIMEOUT) {
timeout = RADIUS_RETRY_TIMEOUT;
}
if(interval < RADIUS_RETRY_INTERVAL) if(interval < RADIUS_RETRY_INTERVAL)
{ {
interval = RADIUS_RETRY_INTERVAL; interval = RADIUS_RETRY_INTERVAL;
} }
else if(interval > RADIUS_RETRY_TIMEOUT) else if(interval > timeout)
{ {
interval = RADIUS_RETRY_TIMEOUT; interval = timeout;
} }
next_send_time = start + (UINT64)interval; next_send_time = start + (UINT64)interval;
while (true) while (true)
@@ -2099,6 +2108,8 @@ SEND_RETRY:
next_send_time = Tick64() + (UINT64)interval; next_send_time = Tick64() + (UINT64)interval;
RECV_RETRY: RECV_RETRY:
ServerUploadNoop(c);
now = Tick64(); now = Tick64();
if (next_send_time <= now) if (next_send_time <= now)
{ {
@@ -2109,7 +2120,7 @@ RECV_RETRY:
goto SEND_RETRY; goto SEND_RETRY;
} }
if ((start + RADIUS_RETRY_TIMEOUT) < now) if ((start + timeout) < now)
{ {
// Time-out // Time-out
break; break;
src/Cedar/Radius.h
+1 -1
View File
@@ -283,7 +283,7 @@ struct RADIUS_LOGIN_OPTION
}; };
// Function prototype // Function prototype
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20, bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt, char *hubname); RADIUS_LOGIN_OPTION *opt, char *hubname);
BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size); BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
BUF *RadiusCreateUserName(wchar_t *username); BUF *RadiusCreateUserName(wchar_t *username);
src/Cedar/Sam.c
+3 -2
View File
@@ -516,6 +516,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
char suffix_filter[MAX_SIZE]; char suffix_filter[MAX_SIZE];
wchar_t suffix_filter_w[MAX_SIZE]; wchar_t suffix_filter_w[MAX_SIZE];
UINT interval; UINT interval;
UINT timeout;
EAP_CLIENT *eap = NULL; EAP_CLIENT *eap = NULL;
char password1[MAX_SIZE]; char password1[MAX_SIZE];
UCHAR client_challenge[16]; UCHAR client_challenge[16];
@@ -586,7 +587,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
} }
// Get the Radius server information // Get the Radius server information
if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter))) if (GetRadiusServerEx3(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, &timeout, suffix_filter, sizeof(suffix_filter)))
{ {
Unlock(hub->lock); Unlock(hub->lock);
@@ -597,7 +598,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
// Attempt to login // Attempt to login
b = RadiusLogin(c, radius_server_addr, radius_server_port, b = RadiusLogin(c, radius_server_addr, radius_server_port,
radius_secret, StrLen(radius_secret), radius_secret, StrLen(radius_secret),
name, password, interval, mschap_v2_server_response_20, opt, hub->Name); name, password, interval, timeout, mschap_v2_server_response_20, opt, hub->Name);
if (b) if (b)
{ {
src/Cedar/Server.c
+1 -1
View File
@@ -5055,7 +5055,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
} }
secret_str[sizeof(secret_str) - 1] = 0; secret_str[sizeof(secret_str) - 1] = 0;
//SetRadiusServer(h, name, port, secret_str); //SetRadiusServer(h, name, port, secret_str);
SetRadiusServerEx(h, name, port, secret_str, interval, timeout); SetRadiusServerEx2(h, name, port, secret_str, interval, timeout);
FreeBuf(secret); FreeBuf(secret);
} }
} }