authprogs/radius retries needed

elr at panix.com elr at panix.com
Fri Jun 15 17:33:05 UTC 2001


We were having a problem with authprogs/radius.c - users with valid
passwords would occasionally get refused access, but when they tried
a second or third time, they would be logged in without problems.

The problem turned out to be that radius.c only tries once - since
radius uses UDP and a five second timeout, it appeared that packets
were occasionally getting lost.  The patch below adds a retry
capability.

We're using an INN version some predecessor of mine set up called
"1999-04-28_03" - I assume that's when he downloaded it.  That's
what the patch below is based on - I just looked at the INN 2.3 version
of radius.c and though the code has changed slightly, the retry
capability can be added there more or less as shown below.

--- radius.c	2001/06/15 00:03:53	1.1
+++ radius.c	2001/06/15 00:04:57
@@ -1,4 +1,4 @@
-/* $Revision: 1.1 $
+/* $Revision: 1.2 $
  *
  * radius.c - Authenticate a user against a remote radius server.
  */
@@ -169,6 +169,7 @@
     struct timeval tmout;
     int got;
     fd_set rdfds;
+    int authtries= 3; /* number of times to try reaching the radius server */
 
     /* seed the random number generator for the auth vector */
     gettimeofday(&seed, 0);
@@ -292,6 +293,7 @@
 	return(-1);
     }
 
+    while (!done && authtries--) {
     /* send out the packet and wait for reply. */
     if (sendto(sock, (char *)&req, reqlen, 0, (struct sockaddr*) &sinr,
                sizeof(sinr)) < 0) {
@@ -309,7 +311,6 @@
     /* store the old vector to verify next checksum */
     memcpy(secbuf+sizeof(req.vector), req.vector, sizeof(req.vector));
     ret = -2;
-    while (!done && end >= now) {
 	FD_SET(sock, &rdfds);
 	got = select(sock+1, &rdfds, 0, 0, &tmout);
 	if (got < 0) {


More information about the inn-bugs mailing list