Detail listeners halt on invalid signature when proxying

John Morrissey jwm at horde.net
Thu Oct 15 20:28:22 CEST 2009


We write all accounting to detail files, which is then picked up by detail
listener(s) and proxied to remote hosts.

Recently, one of the home servers in a load balanced pool was configured
with the wrong secret, triggering this code in received_proxy_response():

    if (rad_verify(packet, request->proxy,
               request->home_server->secret) != 0) {
        DEBUG("Ignoring spoofed proxy reply.  Signature is invalid");
        return NULL;
    }

Since the proxy response is ignored and detail_send() is never called, the
detail listener stays in STATE_RUNNING. detail_recv() short-circuits during
STATE_RUNNING, so the failed request is never retransmitted and all detail
processing for that listener halts until FreeRADIUS is restarted.

When received_proxy_response() is modified to fall through (instead of
returning NULL) for detail listeners, rad_accounting() overrides
request->reply->code, setting it to PW_ACCOUNTING_RESPONSE. When
detail_send() is called, there's no way for it to tell that the request
hasn't been processed successfully. It skips the current detail entry and
continues processing.

Adding more state information to the request to inform rad_accounting()'s
(or detail_send()'s) decision making seems kludgy. Maybe allow
received_proxy_response() to override the handler function (pfun in
proxy_socket_recv()) to avoid rad_accounting() in this case?

Alan, any feedback on your desired way to do this?

john
-- 
John Morrissey          _o            /\         ----  __o
jwm at horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__



More information about the Freeradius-Devel mailing list