From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 16 Feb 2010 16:47:27 +0000 (+0100)
Subject: Switch default for acct realms to "no_response_fail"
X-Git-Tag: release_2_1_9~80
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68c7936c02db1164136805c99b413244ebc4db20;p=thirdparty%2Ffreeradius-server.git

Switch default for acct realms to "no_response_fail"

Since accounting packets aren't re-tried, failing one packet over
from one server to another isn't a good idea.
---

diff --git a/src/main/realms.c b/src/main/realms.c
index 925e23f98cd..6975ef3170e 100644
--- a/src/main/realms.c
+++ b/src/main/realms.c
@@ -385,6 +385,17 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs, int pool_type)
 	home->name = name2;
 	home->cs = cs;
 
+	/*
+	 *	Authentication servers have a default "no_response_fail = 0".
+	 *	Accounting servers have a default "no_response_fail = 1".
+	 *
+	 *	This is because authentication packets are retried, so
+	 *	they can fail over to another home server.  Accounting
+	 *	packets are not retried, so they cannot fail over, and
+	 *	instead should be rejected immediately.
+	 */
+	home->no_response_fail = 2;
+
 	memset(&hs_ip4addr, 0, sizeof(hs_ip4addr));
 	memset(&hs_ip6addr, 0, sizeof(hs_ip6addr));
 	if (cf_section_parse(cs, home, home_server_config) < 0) {
@@ -471,6 +482,7 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs, int pool_type)
 
 	if (strcasecmp(hs_type, "auth") == 0) {
 		home->type = HOME_TYPE_AUTH;
+		if (home->no_response_fail == 2) home->no_response_fail = 0;
 		if (pool_type != home->type) {
 		mismatch:
 			cf_log_err(cf_sectiontoitem(cs),
@@ -481,6 +493,7 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs, int pool_type)
 
 	} else if (strcasecmp(hs_type, "acct") == 0) {
 		home->type = HOME_TYPE_ACCT;
+		if (home->no_response_fail == 2) home->no_response_fail = 1;
 		if (pool_type != home->type) goto mismatch;
 
 	} else if (strcasecmp(hs_type, "auth+acct") == 0) {
@@ -640,6 +653,9 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs, int pool_type)
 		home2->ping_user_password = NULL;
 		home2->cs = cs;
 
+		if (home->no_response_fail == 2) home->no_response_fail = 0;
+		if (home2->no_response_fail == 2) home2->no_response_fail = 1;
+
 		if (!rbtree_insert(home_servers_byname, home2)) {
 			cf_log_err(cf_sectiontoitem(cs),
 				   "Internal error %d adding home server %s.",