** Description changed: + [SRU INFORMATION] + [ Impact ] + + * freeradius server will send duplicate messages continuously if a COA request is made prior to an authentication request. + + * this keeps a worker busy continuously, adds network traffic, and more. if using radclient, it will terminate and not continue listening, but the server keeps on sending + + [ Test Plan ] + + test plan written for Ubuntu systems with lxc installed + + * lxc launch ubuntu-daily:$SUITE --name freeradius-test-$SUITE + + * lxc shell freeradius-test-$SUITE + + * sudo apt update && sudo apt full-upgrade + + * enable proposed + + * sudo apt install freeradius + + * sudo service freeradius stop # it autostarts on install + + * Symlink the coa or coa-relay virtual server: + ln -s /etc/freeradius/3.0/sites-available/coa /etc/freeradius/3.0/sites-enabled/coa + + * Start freeradius in debug mode: + freeradius -X + + # super helpful so we can see on the terminal all output + + * open a separate terminal and lxc shell freeradius-test-$SUITE + + * Send a CoA request: + echo "User-Name:=test" | /usr/bin/radclient -x -r 1 -t 2 localhost coa testing123 + + * observer in the _first_ terminal that a response is sent, and it + enters a cleanup loop + + * FAILURE: the freeradius server will send continuous duplicate requests like: + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + (0) Sending duplicate reply to client localhost port 44478 - ID: 58 + + [ Where problems could occur ] + + * This problem is isolated to COA requests, as part of the + `coa_socket_recv` + + * Not tested in this is a COA request done _after_ an authentication + request. + + * this occurs in a large block related to COA requests. There are a + number of conditional statements that may change the final ctx sent to + rad_recv. These different areas (like having a proxy configured) are not + tested + + * this is tested with the basic example server. Other server + definitions may introduce unknowns + + + [ Other Info ] + + * the upstream bug had another fix introduced first which did not + address the problem, however radclient reported a different message than + before. This commit is _not_ included, which means the final state may + be different than upstream's testing of the bug. The unmerged commit is + here: + + https://github.com/FreeRADIUS/freeradius- + server/commit/8bdd2006cf1a48d0c526ed6e33a3c73ed2a4a100 + + This may solve a separate bug, but did not specifically address the + primary issue raised upstream and here. + + [ORIGINAL BUG INFO] + I am using freeradius to process Change of Authorization (CoA) requests. If I send a request to freeradius it will reply but then start to send the same reply repeatedly. This has been fixed in this commit: https://github.com/FreeRADIUS/freeradius- server/commit/d270b8ae68296cd64915591d45662c4d5c175cc6#diff-11836a66a6e8bb80370bd160c144a82fd2e2a42ae70e997af263090f6ca370b0L2562 This commit is included in release 3.2.6. But Ubuntu 24.04 currently has 3.2.5. Building 3.2.6 from source and installing fixes the problem. - Steps to reproduce: 1. Symlink the coa or coa-relay virtual server: ln -s /etc/freeradius/3.0/sites-available/coa /etc/freeradius/3.0/sites-enabled/coa 2. Start freeradius in debug mode: freeradius -X 3. Send a CoA request: echo "User-Name:=test" | /usr/bin/radclient -x -r 1 -t 2 localhost coa testing123 Output from freeradius will display multiple lines like: (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58 (0) Sending duplicate reply to client localhost port 44478 - ID: 58
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2087740 Title: Sending CoA message to freeradius will start an endless loop of replies To manage notifications about this bug go to: https://bugs.launchpad.net/freeradius-1.1.8/+bug/2087740/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
