Skip to content

API fixes for next-major branch #246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RoadRunnr merged 2 commits into from
Mar 4, 2026
+32 −7
Merged

API fixes for next-major branch #246

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ee45dae
Fix scramble encryption, Message-Authenticator HMAC, and optional cli…
RoadRunnr Mar 4, 2026
8ba4c84
Fix reconfigure server list update and start_client/1 return value
RoadRunnr Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 18 additions & 3 deletions src/eradius_client_mngr.erl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,16 @@
%%%=========================================================================

%% @doc Start a new RADIUS client that is managed by the eradius applications supervisor tree.
%% Returns the client manager pid (usable with eradius_client:send_request/3,4).
-spec start_client(client_opts()) ->
{ok, pid()} | {error, supervisor:startchild_err()}.
start_client(Opts) ->
eradius_client_top_sup:start_client([Opts]).
case eradius_client_top_sup:start_client([Opts]) of
{ok, SupPid} ->
client_mngr_pid(SupPid);
Error ->
Error
end.

%% @doc Start a new, named RADIUS client that is managed by the eradius applications supervisor tree.
-spec start_client(gen_server:server_name(), client_opts()) ->
Expand Down Expand Up @@ -261,8 +267,9 @@ handle_call({failed, _Peer}, _From, State) ->
%% @private
handle_call({reconfigure, Opts}, _From, #state{config = OConfig} = State0) ->
case client_config(maps:merge(OConfig, Opts)) of
{ok, Config} ->
State = reconfigure_address(Config, State0#state{config = Config}),
{ok, #{servers := Servers} = Config} ->
State1 = State0#state{config = Config, servers = Servers},
State = reconfigure_address(Config, State1),
{reply, ok, State};

{error, _} = Error ->
Expand Down Expand Up @@ -509,3 +516,11 @@ find_socket_process(PortIdx, Sockets, #state{owner = Owner, config = Config}) ->
Socket ->
{Socket, Sockets}
end.

client_mngr_pid(SupPid) ->
case lists:keyfind(eradius_client_mngr, 1, supervisor:which_children(SupPid)) of
{eradius_client_mngr, Pid, worker, _} when is_pid(Pid) ->
{ok, Pid};
_ ->
{error, not_started}
end.
18 changes: 14 additions & 4 deletions src/eradius_req.erl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,8 +156,15 @@ packet(#{req_id := _, cmd := _, authenticator := _, body := Body, secret := _} =
when is_binary(Body) ->
%% body must be fully prepared
encode_body(Req, Body);
packet(#{req_id := _, cmd := _, secret := _, attrs := Attrs, eap_msg := EAPmsg} = Req)
packet(#{req_id := _, cmd := Cmd, secret := _, attrs := Attrs, eap_msg := EAPmsg} = Req0)
when is_list(Attrs) ->
%% For 'request' cmd, the authenticator is random. Pre-generate it so that
%% scramble encryption (User-Password) and Message-Authenticator HMAC can
%% both use the same value before encode_body writes it into the packet header.
Req = case Cmd of
request -> Req0#{authenticator => random_authenticator()};
_ -> Req0
end,
Body0 = encode_attributes(Req, Attrs, <<>>),
Body1 = encode_eap_message(EAPmsg, Body0),
Body = encode_message_authenticator(Req, Body1),
Expand Down Expand Up @@ -218,7 +225,8 @@ new(Command, MetricsCallback)
-spec request(binary(), binary(), eradius_server:client(), 'undefined' | metrics_callback()) ->
req() | no_return().
request(<<Cmd, ReqId, Len:16, Authenticator:16/bytes>> = Header, Body,
#{secret := Secret, client := ClientId}, MetricsCallback) ->
#{secret := Secret} = NAS, MetricsCallback) ->
ClientId = maps:get(client, NAS, <<>>),
Command = decode_command(Cmd),
Req = new(Command, MetricsCallback),
mk_req(Command, ReqId, Len, Authenticator, Header, Body,
Expand Down Expand Up @@ -321,7 +329,9 @@ mk_req(_, _, Len, _, _, Body, _)

encode_body(#{req_id := ReqId, cmd := Cmd} = Req, Body)
when Cmd =:= request ->
Authenticator = random_authenticator(),
%% Use pre-generated authenticator if present (set by packet/1 for scramble
%% encryption), otherwise generate a fresh one.
Authenticator = maps:get(authenticator, Req, random_authenticator()),
Packet = <<(encode_command(Cmd)):8, ReqId:8, (byte_size(Body) + 20):16,
Authenticator:16/binary, Body/binary>>,
{Packet, Req#{is_valid := true, request_authenticator => Authenticator}};
Expand Down Expand Up @@ -357,7 +367,7 @@ encode_command(discack) -> ?RDisconnect_Ack;
encode_command(discnak) -> ?RDisconnect_Nak.

-spec encode_message_authenticator(req(), binary()) -> binary().
encode_message_authenticator(#{reqid := ReqId, cmd := Cmd,
encode_message_authenticator(#{req_id := ReqId, cmd := Cmd,
authenticator := Authenticator,
secret := Secret,
msg_hmac := true}, Body) ->
Expand Down
Loading