Dual mode rejecting accounting requests in tcp only mode
Natarajan M
natarajan.m at gmail.com
Fri Jun 3 15:34:24 UTC 2022
If I use auth+acct with TLS+TCP, then both authentication & accounting
packets are accepted, but if I use same auth+acct with just TCP no TLS,
then accounting packets are rejected as invalid code. When I look at
tls_listen.c vs listen.c, I see following code snippet in tls_listen.c is
missing in listen.c, patching this fixes the issue also. Is it just a bug
or design intent was to support auth+acct only for TLS?
Thanks
Natarajan
diff --git a/src/main/listen.c b/src/main/listen.c
index 19d22a24fd..0bd88cdde0 100644
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -575,7 +575,16 @@ static int dual_tcp_recv(rad_listen_t *listener)
#ifdef WITH_ACCOUNTING
case PW_CODE_ACCOUNTING_REQUEST:
- if (listener->type != RAD_LISTEN_ACCT) goto bad_packet;
+ if (listener->type != RAD_LISTEN_ACCT) {
+ /*
+ * Allow auth + dual. Disallow
+ * everything else.
+ */
+ if (!((listener->type == RAD_LISTEN_AUTH) &&
+ (listener->dual))) {
+ goto bad_packet;
+ }
+ }
FR_STATS_INC(acct, total_requests);
fun = rad_accounting;
break;
More information about the Freeradius-Devel
mailing list