RADIUS client: Do not flush pending messages if server did not change

The re-open socket to the current RADIUS server code path did not work
in the expected way here. The pending authentication messages do not
need to be flushed in that case and neither should the retransmission
parameters be cleared. Fix this by performing these operations only if
the server did actually change as a part of a failover operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-05-30 20:46:20 +03:00
parent 5d67bf1566
commit 09844c0984

View file

@ -972,9 +972,10 @@ radius_change_server(struct radius_client_data *radius,
hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)), hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)),
nserv->port); nserv->port);
if (!oserv || nserv->shared_secret_len != oserv->shared_secret_len || if (oserv && oserv != nserv &&
(nserv->shared_secret_len != oserv->shared_secret_len ||
os_memcmp(nserv->shared_secret, oserv->shared_secret, os_memcmp(nserv->shared_secret, oserv->shared_secret,
nserv->shared_secret_len) != 0) { nserv->shared_secret_len) != 0)) {
/* Pending RADIUS packets used different shared secret, so /* Pending RADIUS packets used different shared secret, so
* they need to be modified. Update accounting message * they need to be modified. Update accounting message
* authenticators here. Authentication messages are removed * authenticators here. Authentication messages are removed
@ -992,7 +993,8 @@ radius_change_server(struct radius_client_data *radius,
} }
/* Reset retry counters for the new server */ /* Reset retry counters for the new server */
for (entry = radius->msgs; entry; entry = entry->next) { for (entry = radius->msgs; oserv && oserv != nserv && entry;
entry = entry->next) {
if ((auth && entry->msg_type != RADIUS_AUTH) || if ((auth && entry->msg_type != RADIUS_AUTH) ||
(!auth && entry->msg_type != RADIUS_ACCT)) (!auth && entry->msg_type != RADIUS_ACCT))
continue; continue;