warn if the secret changes

author Alan T. DeKok <aland@freeradius.org>

Wed, 12 Feb 2025 15:45:24 +0000 (10:45 -0500)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 12 Feb 2025 15:59:12 +0000 (10:59 -0500)
author Alan T. DeKok <aland@freeradius.org>
Wed, 12 Feb 2025 15:45:24 +0000 (10:45 -0500)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 12 Feb 2025 15:59:12 +0000 (10:59 -0500)
diff --git a/src/modules/rlm_radius/bio.c b/src/modules/rlm_radius/bio.c

index caece1c5bdc1e0204fd46ccd824742cf2abf2619..5c6c120b9b7fcb30cda76e4ad0209ed49eb7d5c7 100644 (file)
--- a/src/modules/rlm_radius/bio.c
+++ b/src/modules/rlm_radius/bio.c
@@ -2719,6 +2719,16 @@ static xlat_action_t xlat_radius_client(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcurso
                 fr_time_t now = fr_time();
                 home_server_t *old;
  
+               /*
+                *      We can't change secrets on the fly.  The home
+                *      server has to expire first, and then the
+                *      secret can be changed.
+                */
+               if ((home->ctx.radius_ctx.secret_length != secret->vb_length) ||
+                   (strcmp(home->ctx.radius_ctx.secret, secret->vb_strvalue) != 0)) {
+                       RWDEBUG("The new secret is not the same as the old secret: Ignoring the new one");
+               }
+
                 fr_rb_expire_update(expire, home, now);
  
                 while ((old = fr_dlist_head(&expire->head)) != NULL) {
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 12 Feb 2025 15:45:24 +0000 (10:45 -0500)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 12 Feb 2025 15:59:12 +0000 (10:59 -0500)