RADIUS client: Do not flush pending messages if server did not change
The re-open socket to the current RADIUS server code path did not work in the expected way here. The pending authentication messages do not need to be flushed in that case and neither should the retransmission parameters be cleared. Fix this by performing these operations only if the server did actually change as a part of a failover operation. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
5d67bf1566
commit
09844c0984
1 changed files with 6 additions and 4 deletions
|
|
@ -972,9 +972,10 @@ radius_change_server(struct radius_client_data *radius,
|
|||
hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)),
|
||||
nserv->port);
|
||||
|
||||
if (!oserv || nserv->shared_secret_len != oserv->shared_secret_len ||
|
||||
os_memcmp(nserv->shared_secret, oserv->shared_secret,
|
||||
nserv->shared_secret_len) != 0) {
|
||||
if (oserv && oserv != nserv &&
|
||||
(nserv->shared_secret_len != oserv->shared_secret_len ||
|
||||
os_memcmp(nserv->shared_secret, oserv->shared_secret,
|
||||
nserv->shared_secret_len) != 0)) {
|
||||
/* Pending RADIUS packets used different shared secret, so
|
||||
* they need to be modified. Update accounting message
|
||||
* authenticators here. Authentication messages are removed
|
||||
|
|
@ -992,7 +993,8 @@ radius_change_server(struct radius_client_data *radius,
|
|||
}
|
||||
|
||||
/* Reset retry counters for the new server */
|
||||
for (entry = radius->msgs; entry; entry = entry->next) {
|
||||
for (entry = radius->msgs; oserv && oserv != nserv && entry;
|
||||
entry = entry->next) {
|
||||
if ((auth && entry->msg_type != RADIUS_AUTH) ||
|
||||
(!auth && entry->msg_type != RADIUS_ACCT))
|
||||
continue;
|
||||
|
|
|
|||
Loading…
Reference in a new issue