Dual mode rejecting accounting requests in tcp only mode
If I use auth+acct with TLS+TCP, then both authentication & accounting packets are accepted, but if I use same auth+acct with just TCP no TLS, then accounting packets are rejected as invalid code. When I look at tls_listen.c vs listen.c, I see following code snippet in tls_listen.c is missing in listen.c, patching this fixes the issue also. Is it just a bug or design intent was to support auth+acct only for TLS? Thanks Natarajan diff --git a/src/main/listen.c b/src/main/listen.c index 19d22a24fd..0bd88cdde0 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -575,7 +575,16 @@ static int dual_tcp_recv(rad_listen_t *listener) #ifdef WITH_ACCOUNTING case PW_CODE_ACCOUNTING_REQUEST: - if (listener->type != RAD_LISTEN_ACCT) goto bad_packet; + if (listener->type != RAD_LISTEN_ACCT) { + /* + * Allow auth + dual. Disallow + * everything else. + */ + if (!((listener->type == RAD_LISTEN_AUTH) && + (listener->dual))) { + goto bad_packet; + } + } FR_STATS_INC(acct, total_requests); fun = rad_accounting; break;
On Jun 3, 2022, at 11:34 AM, Natarajan M <natarajan.m@gmail.com> wrote:
If I use auth+acct with TLS+TCP, then both authentication & accounting packets are accepted, but if I use same auth+acct with just TCP no TLS, then accounting packets are rejected as invalid code. When I look at tls_listen.c vs listen.c, I see following code snippet in tls_listen.c is missing in listen.c, patching this fixes the issue also. Is it just a bug or design intent was to support auth+acct only for TLS?
It's a bug. Thanks for the patch, I'll push it over to git. Alan DeKok.
participants (2)
-
Alan DeKok -
Natarajan M