ieee802_1x.c (281806) | ieee802_1x.c (289549) |
---|---|
1/* 2 * hostapd / IEEE 802.1X-2004 Authenticator 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 --- 111 unchanged lines hidden (view full) --- 120 121 if (authorized) { 122 os_get_reltime(&sta->connected_time); 123 accounting_sta_start(hapd, sta); 124 } 125} 126 127 | 1/* 2 * hostapd / IEEE 802.1X-2004 Authenticator 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 --- 111 unchanged lines hidden (view full) --- 120 121 if (authorized) { 122 os_get_reltime(&sta->connected_time); 123 accounting_sta_start(hapd, sta); 124 } 125} 126 127 |
128#ifndef CONFIG_FIPS 129#ifndef CONFIG_NO_RC4 130 |
|
128static void ieee802_1x_tx_key_one(struct hostapd_data *hapd, 129 struct sta_info *sta, 130 int idx, int broadcast, 131 u8 *key_data, size_t key_len) 132{ 133 u8 *buf, *ekey; 134 struct ieee802_1x_hdr *hdr; 135 struct ieee802_1x_eapol_key *key; --- 63 unchanged lines hidden (view full) --- 199 broadcast ? "broadcast" : "unicast", idx); 200 ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAPOL_KEY, (u8 *) key, len); 201 if (sta->eapol_sm) 202 sta->eapol_sm->dot1xAuthEapolFramesTx++; 203 os_free(buf); 204} 205 206 | 131static void ieee802_1x_tx_key_one(struct hostapd_data *hapd, 132 struct sta_info *sta, 133 int idx, int broadcast, 134 u8 *key_data, size_t key_len) 135{ 136 u8 *buf, *ekey; 137 struct ieee802_1x_hdr *hdr; 138 struct ieee802_1x_eapol_key *key; --- 63 unchanged lines hidden (view full) --- 202 broadcast ? "broadcast" : "unicast", idx); 203 ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAPOL_KEY, (u8 *) key, len); 204 if (sta->eapol_sm) 205 sta->eapol_sm->dot1xAuthEapolFramesTx++; 206 os_free(buf); 207} 208 209 |
207void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta) | 210static void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta) |
208{ 209 struct eapol_authenticator *eapol = hapd->eapol_auth; 210 struct eapol_state_machine *sm = sta->eapol_sm; 211 212 if (sm == NULL || !sm->eap_if->eapKeyData) 213 return; 214 215 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key(s) to " MACSTR, --- 38 unchanged lines hidden (view full) --- 254 wpa_printf(MSG_ERROR, "Could not set individual WEP " 255 "encryption."); 256 } 257 258 os_free(ikey); 259 } 260} 261 | 211{ 212 struct eapol_authenticator *eapol = hapd->eapol_auth; 213 struct eapol_state_machine *sm = sta->eapol_sm; 214 215 if (sm == NULL || !sm->eap_if->eapKeyData) 216 return; 217 218 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key(s) to " MACSTR, --- 38 unchanged lines hidden (view full) --- 257 wpa_printf(MSG_ERROR, "Could not set individual WEP " 258 "encryption."); 259 } 260 261 os_free(ikey); 262 } 263} 264 |
265#endif /* CONFIG_NO_RC4 */ 266#endif /* CONFIG_FIPS */ |
|
262 | 267 |
268 |
|
263const char *radius_mode_txt(struct hostapd_data *hapd) 264{ 265 switch (hapd->iface->conf->hw_mode) { 266 case HOSTAPD_MODE_IEEE80211AD: 267 return "802.11ad"; 268 case HOSTAPD_MODE_IEEE80211A: 269 return "802.11a"; 270 case HOSTAPD_MODE_IEEE80211G: --- 70 unchanged lines hidden (view full) --- 341 !hostapd_config_get_radius_attr(req_attr, 342 RADIUS_ATTR_WLAN_PAIRWISE_CIPHER) && 343 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_PAIRWISE_CIPHER, 344 suite)) { 345 wpa_printf(MSG_ERROR, "Could not add WLAN-Pairwise-Cipher"); 346 return -1; 347 } 348 | 269const char *radius_mode_txt(struct hostapd_data *hapd) 270{ 271 switch (hapd->iface->conf->hw_mode) { 272 case HOSTAPD_MODE_IEEE80211AD: 273 return "802.11ad"; 274 case HOSTAPD_MODE_IEEE80211A: 275 return "802.11a"; 276 case HOSTAPD_MODE_IEEE80211G: --- 70 unchanged lines hidden (view full) --- 347 !hostapd_config_get_radius_attr(req_attr, 348 RADIUS_ATTR_WLAN_PAIRWISE_CIPHER) && 349 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_PAIRWISE_CIPHER, 350 suite)) { 351 wpa_printf(MSG_ERROR, "Could not add WLAN-Pairwise-Cipher"); 352 return -1; 353 } 354 |
349 suite = wpa_cipher_to_suite((hapd->conf->wpa & 0x2) ? | 355 suite = wpa_cipher_to_suite(((hapd->conf->wpa & 0x2) || 356 hapd->conf->osen) ? |
350 WPA_PROTO_RSN : WPA_PROTO_WPA, 351 hapd->conf->wpa_group); 352 if (!hostapd_config_get_radius_attr(req_attr, 353 RADIUS_ATTR_WLAN_GROUP_CIPHER) && 354 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_GROUP_CIPHER, 355 suite)) { 356 wpa_printf(MSG_ERROR, "Could not add WLAN-Group-Cipher"); 357 return -1; --- 90 unchanged lines hidden (view full) --- 448 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_MOBILITY_DOMAIN_ID, 449 WPA_GET_BE16( 450 hapd->conf->mobility_domain))) { 451 wpa_printf(MSG_ERROR, "Could not add Mobility-Domain-Id"); 452 return -1; 453 } 454#endif /* CONFIG_IEEE80211R */ 455 | 357 WPA_PROTO_RSN : WPA_PROTO_WPA, 358 hapd->conf->wpa_group); 359 if (!hostapd_config_get_radius_attr(req_attr, 360 RADIUS_ATTR_WLAN_GROUP_CIPHER) && 361 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_GROUP_CIPHER, 362 suite)) { 363 wpa_printf(MSG_ERROR, "Could not add WLAN-Group-Cipher"); 364 return -1; --- 90 unchanged lines hidden (view full) --- 455 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_MOBILITY_DOMAIN_ID, 456 WPA_GET_BE16( 457 hapd->conf->mobility_domain))) { 458 wpa_printf(MSG_ERROR, "Could not add Mobility-Domain-Id"); 459 return -1; 460 } 461#endif /* CONFIG_IEEE80211R */ 462 |
456 if (hapd->conf->wpa && sta->wpa_sm && | 463 if ((hapd->conf->wpa || hapd->conf->osen) && sta->wpa_sm && |
457 add_common_radius_sta_attr_rsn(hapd, req_attr, sta, msg) < 0) 458 return -1; 459 460 return 0; 461} 462 463 464int add_common_radius_attr(struct hostapd_data *hapd, --- 129 unchanged lines hidden (view full) --- 594 */ 595 if (!hostapd_config_get_radius_attr(hapd->conf->radius_auth_req_attr, 596 RADIUS_ATTR_FRAMED_MTU) && 597 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) { 598 wpa_printf(MSG_INFO, "Could not add Framed-MTU"); 599 goto fail; 600 } 601 | 464 add_common_radius_sta_attr_rsn(hapd, req_attr, sta, msg) < 0) 465 return -1; 466 467 return 0; 468} 469 470 471int add_common_radius_attr(struct hostapd_data *hapd, --- 129 unchanged lines hidden (view full) --- 601 */ 602 if (!hostapd_config_get_radius_attr(hapd->conf->radius_auth_req_attr, 603 RADIUS_ATTR_FRAMED_MTU) && 604 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) { 605 wpa_printf(MSG_INFO, "Could not add Framed-MTU"); 606 goto fail; 607 } 608 |
602 if (eap && !radius_msg_add_eap(msg, eap, len)) { | 609 if (!radius_msg_add_eap(msg, eap, len)) { |
603 wpa_printf(MSG_INFO, "Could not add EAP-Message"); 604 goto fail; 605 } 606 607 /* State attribute must be copied if and only if this packet is 608 * Access-Request reply to the previous Access-Challenge */ 609 if (sm->last_recv_radius && 610 radius_msg_get_hdr(sm->last_recv_radius)->code == --- 492 unchanged lines hidden (view full) --- 1103 eap_sm_notify_cached(sta->eapol_sm->eap); 1104 /* TODO: get vlan_id from R0KH using RRB message */ 1105 return; 1106 } 1107#endif /* CONFIG_IEEE80211R */ 1108 1109 pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm); 1110 if (pmksa) { | 610 wpa_printf(MSG_INFO, "Could not add EAP-Message"); 611 goto fail; 612 } 613 614 /* State attribute must be copied if and only if this packet is 615 * Access-Request reply to the previous Access-Challenge */ 616 if (sm->last_recv_radius && 617 radius_msg_get_hdr(sm->last_recv_radius)->code == --- 492 unchanged lines hidden (view full) --- 1110 eap_sm_notify_cached(sta->eapol_sm->eap); 1111 /* TODO: get vlan_id from R0KH using RRB message */ 1112 return; 1113 } 1114#endif /* CONFIG_IEEE80211R */ 1115 1116 pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm); 1117 if (pmksa) { |
1111 int old_vlanid; 1112 | |
1113 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, 1114 HOSTAPD_LEVEL_DEBUG, 1115 "PMK from PMKSA cache - skip IEEE 802.1X/EAP"); 1116 /* Setup EAPOL state machines to already authenticated state 1117 * because of existing PMKSA information in the cache. */ 1118 sta->eapol_sm->keyRun = TRUE; 1119 sta->eapol_sm->eap_if->eapKeyAvailable = TRUE; 1120 sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING; 1121 sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS; 1122 sta->eapol_sm->authSuccess = TRUE; 1123 sta->eapol_sm->authFail = FALSE; 1124 if (sta->eapol_sm->eap) 1125 eap_sm_notify_cached(sta->eapol_sm->eap); | 1118 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, 1119 HOSTAPD_LEVEL_DEBUG, 1120 "PMK from PMKSA cache - skip IEEE 802.1X/EAP"); 1121 /* Setup EAPOL state machines to already authenticated state 1122 * because of existing PMKSA information in the cache. */ 1123 sta->eapol_sm->keyRun = TRUE; 1124 sta->eapol_sm->eap_if->eapKeyAvailable = TRUE; 1125 sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING; 1126 sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS; 1127 sta->eapol_sm->authSuccess = TRUE; 1128 sta->eapol_sm->authFail = FALSE; 1129 if (sta->eapol_sm->eap) 1130 eap_sm_notify_cached(sta->eapol_sm->eap); |
1126 old_vlanid = sta->vlan_id; | |
1127 pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm); | 1131 pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm); |
1128 if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED) 1129 sta->vlan_id = 0; 1130 ap_sta_bind_vlan(hapd, sta, old_vlanid); | 1132 ap_sta_bind_vlan(hapd, sta); |
1131 } else { 1132 if (reassoc) { 1133 /* 1134 * Force EAPOL state machines to start 1135 * re-authentication without having to wait for the 1136 * Supplicant to send EAPOL-Start. 1137 */ 1138 sta->eapol_sm->reAuthenticate = TRUE; --- 146 unchanged lines hidden (view full) --- 1285 } 1286} 1287 1288 1289static void ieee802_1x_store_radius_class(struct hostapd_data *hapd, 1290 struct sta_info *sta, 1291 struct radius_msg *msg) 1292{ | 1133 } else { 1134 if (reassoc) { 1135 /* 1136 * Force EAPOL state machines to start 1137 * re-authentication without having to wait for the 1138 * Supplicant to send EAPOL-Start. 1139 */ 1140 sta->eapol_sm->reAuthenticate = TRUE; --- 146 unchanged lines hidden (view full) --- 1287 } 1288} 1289 1290 1291static void ieee802_1x_store_radius_class(struct hostapd_data *hapd, 1292 struct sta_info *sta, 1293 struct radius_msg *msg) 1294{ |
1293 u8 *class; | 1295 u8 *attr_class; |
1294 size_t class_len; 1295 struct eapol_state_machine *sm = sta->eapol_sm; 1296 int count, i; 1297 struct radius_attr_data *nclass; 1298 size_t nclass_count; 1299 1300 if (!hapd->conf->radius->acct_server || hapd->radius == NULL || 1301 sm == NULL) --- 5 unchanged lines hidden (view full) --- 1307 return; 1308 1309 nclass = os_calloc(count, sizeof(struct radius_attr_data)); 1310 if (nclass == NULL) 1311 return; 1312 1313 nclass_count = 0; 1314 | 1296 size_t class_len; 1297 struct eapol_state_machine *sm = sta->eapol_sm; 1298 int count, i; 1299 struct radius_attr_data *nclass; 1300 size_t nclass_count; 1301 1302 if (!hapd->conf->radius->acct_server || hapd->radius == NULL || 1303 sm == NULL) --- 5 unchanged lines hidden (view full) --- 1309 return; 1310 1311 nclass = os_calloc(count, sizeof(struct radius_attr_data)); 1312 if (nclass == NULL) 1313 return; 1314 1315 nclass_count = 0; 1316 |
1315 class = NULL; | 1317 attr_class = NULL; |
1316 for (i = 0; i < count; i++) { 1317 do { 1318 if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS, | 1318 for (i = 0; i < count; i++) { 1319 do { 1320 if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS, |
1319 &class, &class_len, 1320 class) < 0) { | 1321 &attr_class, &class_len, 1322 attr_class) < 0) { |
1321 i = count; 1322 break; 1323 } 1324 } while (class_len < 1); 1325 1326 nclass[nclass_count].data = os_malloc(class_len); 1327 if (nclass[nclass_count].data == NULL) 1328 break; 1329 | 1323 i = count; 1324 break; 1325 } 1326 } while (class_len < 1); 1327 1328 nclass[nclass_count].data = os_malloc(class_len); 1329 if (nclass[nclass_count].data == NULL) 1330 break; 1331 |
1330 os_memcpy(nclass[nclass_count].data, class, class_len); | 1332 os_memcpy(nclass[nclass_count].data, attr_class, class_len); |
1331 nclass[nclass_count].len = class_len; 1332 nclass_count++; 1333 } 1334 1335 sm->radius_class.attr = nclass; 1336 sm->radius_class.count = nclass_count; 1337 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Stored %lu RADIUS Class " 1338 "attributes for " MACSTR, --- 246 unchanged lines hidden (view full) --- 1585static RadiusRxResult 1586ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req, 1587 const u8 *shared_secret, size_t shared_secret_len, 1588 void *data) 1589{ 1590 struct hostapd_data *hapd = data; 1591 struct sta_info *sta; 1592 u32 session_timeout = 0, termination_action, acct_interim_interval; | 1333 nclass[nclass_count].len = class_len; 1334 nclass_count++; 1335 } 1336 1337 sm->radius_class.attr = nclass; 1338 sm->radius_class.count = nclass_count; 1339 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Stored %lu RADIUS Class " 1340 "attributes for " MACSTR, --- 246 unchanged lines hidden (view full) --- 1587static RadiusRxResult 1588ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req, 1589 const u8 *shared_secret, size_t shared_secret_len, 1590 void *data) 1591{ 1592 struct hostapd_data *hapd = data; 1593 struct sta_info *sta; 1594 u32 session_timeout = 0, termination_action, acct_interim_interval; |
1593 int session_timeout_set, old_vlanid = 0; | 1595 int session_timeout_set, vlan_id = 0; |
1594 struct eapol_state_machine *sm; 1595 int override_eapReq = 0; 1596 struct radius_hdr *hdr = radius_msg_get_hdr(msg); 1597 1598 sm = ieee802_1x_search_radius_identifier(hapd, hdr->identifier); 1599 if (sm == NULL) { 1600 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Could not find matching " 1601 "station for this RADIUS message"); --- 50 unchanged lines hidden (view full) --- 1652 acct_interim_interval); 1653 } else 1654 sta->acct_interim_interval = acct_interim_interval; 1655 } 1656 1657 1658 switch (hdr->code) { 1659 case RADIUS_CODE_ACCESS_ACCEPT: | 1596 struct eapol_state_machine *sm; 1597 int override_eapReq = 0; 1598 struct radius_hdr *hdr = radius_msg_get_hdr(msg); 1599 1600 sm = ieee802_1x_search_radius_identifier(hapd, hdr->identifier); 1601 if (sm == NULL) { 1602 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Could not find matching " 1603 "station for this RADIUS message"); --- 50 unchanged lines hidden (view full) --- 1654 acct_interim_interval); 1655 } else 1656 sta->acct_interim_interval = acct_interim_interval; 1657 } 1658 1659 1660 switch (hdr->code) { 1661 case RADIUS_CODE_ACCESS_ACCEPT: |
1660 if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED) 1661 sta->vlan_id = 0; | 1662 if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED) 1663 vlan_id = 0; |
1662#ifndef CONFIG_NO_VLAN | 1664#ifndef CONFIG_NO_VLAN |
1663 else { 1664 old_vlanid = sta->vlan_id; 1665 sta->vlan_id = radius_msg_get_vlanid(msg); 1666 } 1667 if (sta->vlan_id > 0 && 1668 hostapd_vlan_id_valid(hapd->conf->vlan, sta->vlan_id)) { | 1665 else 1666 vlan_id = radius_msg_get_vlanid(msg); 1667 if (vlan_id > 0 && 1668 hostapd_vlan_id_valid(hapd->conf->vlan, vlan_id)) { |
1669 hostapd_logger(hapd, sta->addr, 1670 HOSTAPD_MODULE_RADIUS, 1671 HOSTAPD_LEVEL_INFO, | 1669 hostapd_logger(hapd, sta->addr, 1670 HOSTAPD_MODULE_RADIUS, 1671 HOSTAPD_LEVEL_INFO, |
1672 "VLAN ID %d", sta->vlan_id); 1673 } else if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_REQUIRED) { | 1672 "VLAN ID %d", vlan_id); 1673 } else if (vlan_id > 0) { |
1674 sta->eapol_sm->authFail = TRUE; 1675 hostapd_logger(hapd, sta->addr, | 1674 sta->eapol_sm->authFail = TRUE; 1675 hostapd_logger(hapd, sta->addr, |
1676 HOSTAPD_MODULE_RADIUS, 1677 HOSTAPD_LEVEL_INFO, 1678 "Invalid VLAN ID %d received from RADIUS server", 1679 vlan_id); 1680 break; 1681 } else if (hapd->conf->ssid.dynamic_vlan == 1682 DYNAMIC_VLAN_REQUIRED) { 1683 sta->eapol_sm->authFail = TRUE; 1684 hostapd_logger(hapd, sta->addr, |
|
1676 HOSTAPD_MODULE_IEEE8021X, 1677 HOSTAPD_LEVEL_INFO, "authentication " 1678 "server did not include required VLAN " 1679 "ID in Access-Accept"); 1680 break; 1681 } 1682#endif /* CONFIG_NO_VLAN */ 1683 | 1685 HOSTAPD_MODULE_IEEE8021X, 1686 HOSTAPD_LEVEL_INFO, "authentication " 1687 "server did not include required VLAN " 1688 "ID in Access-Accept"); 1689 break; 1690 } 1691#endif /* CONFIG_NO_VLAN */ 1692 |
1684 if (ap_sta_bind_vlan(hapd, sta, old_vlanid) < 0) | 1693 sta->vlan_id = vlan_id; 1694 if ((sta->flags & WLAN_STA_ASSOC) && 1695 ap_sta_bind_vlan(hapd, sta) < 0) |
1685 break; 1686 1687 sta->session_timeout_set = !!session_timeout_set; 1688 sta->session_timeout = session_timeout; 1689 1690 /* RFC 3580, Ch. 3.17 */ 1691 if (session_timeout_set && termination_action == 1692 RADIUS_TERMINATION_ACTION_RADIUS_REQUEST) { --- 228 unchanged lines hidden (view full) --- 1921 1922static int ieee802_1x_get_eap_user(void *ctx, const u8 *identity, 1923 size_t identity_len, int phase2, 1924 struct eap_user *user) 1925{ 1926 struct hostapd_data *hapd = ctx; 1927 const struct hostapd_eap_user *eap_user; 1928 int i; | 1696 break; 1697 1698 sta->session_timeout_set = !!session_timeout_set; 1699 sta->session_timeout = session_timeout; 1700 1701 /* RFC 3580, Ch. 3.17 */ 1702 if (session_timeout_set && termination_action == 1703 RADIUS_TERMINATION_ACTION_RADIUS_REQUEST) { --- 228 unchanged lines hidden (view full) --- 1932 1933static int ieee802_1x_get_eap_user(void *ctx, const u8 *identity, 1934 size_t identity_len, int phase2, 1935 struct eap_user *user) 1936{ 1937 struct hostapd_data *hapd = ctx; 1938 const struct hostapd_eap_user *eap_user; 1939 int i; |
1940 int rv = -1; |
|
1929 1930 eap_user = hostapd_get_eap_user(hapd, identity, identity_len, phase2); 1931 if (eap_user == NULL) | 1941 1942 eap_user = hostapd_get_eap_user(hapd, identity, identity_len, phase2); 1943 if (eap_user == NULL) |
1932 return -1; | 1944 goto out; |
1933 1934 os_memset(user, 0, sizeof(*user)); 1935 user->phase2 = phase2; 1936 for (i = 0; i < EAP_MAX_METHODS; i++) { 1937 user->methods[i].vendor = eap_user->methods[i].vendor; 1938 user->methods[i].method = eap_user->methods[i].method; 1939 } 1940 1941 if (eap_user->password) { 1942 user->password = os_malloc(eap_user->password_len); 1943 if (user->password == NULL) | 1945 1946 os_memset(user, 0, sizeof(*user)); 1947 user->phase2 = phase2; 1948 for (i = 0; i < EAP_MAX_METHODS; i++) { 1949 user->methods[i].vendor = eap_user->methods[i].vendor; 1950 user->methods[i].method = eap_user->methods[i].method; 1951 } 1952 1953 if (eap_user->password) { 1954 user->password = os_malloc(eap_user->password_len); 1955 if (user->password == NULL) |
1944 return -1; | 1956 goto out; |
1945 os_memcpy(user->password, eap_user->password, 1946 eap_user->password_len); 1947 user->password_len = eap_user->password_len; 1948 user->password_hash = eap_user->password_hash; 1949 } 1950 user->force_version = eap_user->force_version; 1951 user->macacl = eap_user->macacl; 1952 user->ttls_auth = eap_user->ttls_auth; 1953 user->remediation = eap_user->remediation; | 1957 os_memcpy(user->password, eap_user->password, 1958 eap_user->password_len); 1959 user->password_len = eap_user->password_len; 1960 user->password_hash = eap_user->password_hash; 1961 } 1962 user->force_version = eap_user->force_version; 1963 user->macacl = eap_user->macacl; 1964 user->ttls_auth = eap_user->ttls_auth; 1965 user->remediation = eap_user->remediation; |
1966 rv = 0; |
|
1954 | 1967 |
1955 return 0; | 1968out: 1969 if (rv) 1970 wpa_printf(MSG_DEBUG, "%s: Failed to find user", __func__); 1971 1972 return rv; |
1956} 1957 1958 1959static int ieee802_1x_sta_entry_alive(void *ctx, const u8 *addr) 1960{ 1961 struct hostapd_data *hapd = ctx; 1962 struct sta_info *sta; 1963 sta = ap_get_sta(hapd, addr); --- 43 unchanged lines hidden (view full) --- 2007 struct hostapd_data *hapd = ctx; 2008 struct sta_info *sta = sta_ctx; 2009 ieee802_1x_abort_auth(hapd, sta); 2010} 2011 2012 2013static void _ieee802_1x_tx_key(void *ctx, void *sta_ctx) 2014{ | 1973} 1974 1975 1976static int ieee802_1x_sta_entry_alive(void *ctx, const u8 *addr) 1977{ 1978 struct hostapd_data *hapd = ctx; 1979 struct sta_info *sta; 1980 sta = ap_get_sta(hapd, addr); --- 43 unchanged lines hidden (view full) --- 2024 struct hostapd_data *hapd = ctx; 2025 struct sta_info *sta = sta_ctx; 2026 ieee802_1x_abort_auth(hapd, sta); 2027} 2028 2029 2030static void _ieee802_1x_tx_key(void *ctx, void *sta_ctx) 2031{ |
2032#ifndef CONFIG_FIPS 2033#ifndef CONFIG_NO_RC4 |
|
2015 struct hostapd_data *hapd = ctx; 2016 struct sta_info *sta = sta_ctx; 2017 ieee802_1x_tx_key(hapd, sta); | 2034 struct hostapd_data *hapd = ctx; 2035 struct sta_info *sta = sta_ctx; 2036 ieee802_1x_tx_key(hapd, sta); |
2037#endif /* CONFIG_NO_RC4 */ 2038#endif /* CONFIG_FIPS */ |
|
2018} 2019 2020 2021static void ieee802_1x_eapol_event(void *ctx, void *sta_ctx, 2022 enum eapol_event type) 2023{ 2024 /* struct hostapd_data *hapd = ctx; */ 2025 struct sta_info *sta = sta_ctx; --- 54 unchanged lines hidden (view full) --- 2080 conf.ssl_ctx = hapd->ssl_ctx; 2081 conf.msg_ctx = hapd->msg_ctx; 2082 conf.eap_sim_db_priv = hapd->eap_sim_db_priv; 2083 conf.eap_req_id_text = hapd->conf->eap_req_id_text; 2084 conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len; 2085 conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start; 2086 conf.erp_domain = hapd->conf->erp_domain; 2087 conf.erp = hapd->conf->eap_server_erp; | 2039} 2040 2041 2042static void ieee802_1x_eapol_event(void *ctx, void *sta_ctx, 2043 enum eapol_event type) 2044{ 2045 /* struct hostapd_data *hapd = ctx; */ 2046 struct sta_info *sta = sta_ctx; --- 54 unchanged lines hidden (view full) --- 2101 conf.ssl_ctx = hapd->ssl_ctx; 2102 conf.msg_ctx = hapd->msg_ctx; 2103 conf.eap_sim_db_priv = hapd->eap_sim_db_priv; 2104 conf.eap_req_id_text = hapd->conf->eap_req_id_text; 2105 conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len; 2106 conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start; 2107 conf.erp_domain = hapd->conf->erp_domain; 2108 conf.erp = hapd->conf->eap_server_erp; |
2109 conf.tls_session_lifetime = hapd->conf->tls_session_lifetime; |
|
2088 conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key; 2089 conf.eap_fast_a_id = hapd->conf->eap_fast_a_id; 2090 conf.eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len; 2091 conf.eap_fast_a_id_info = hapd->conf->eap_fast_a_id_info; 2092 conf.eap_fast_prov = hapd->conf->eap_fast_prov; 2093 conf.pac_key_lifetime = hapd->conf->pac_key_lifetime; 2094 conf.pac_key_refresh_time = hapd->conf->pac_key_refresh_time; 2095 conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind; --- 231 unchanged lines hidden (view full) --- 2327 return; 2328 if (pre_auth) 2329 sm->flags |= EAPOL_SM_PREAUTH; 2330 else 2331 sm->flags &= ~EAPOL_SM_PREAUTH; 2332} 2333 2334 | 2110 conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key; 2111 conf.eap_fast_a_id = hapd->conf->eap_fast_a_id; 2112 conf.eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len; 2113 conf.eap_fast_a_id_info = hapd->conf->eap_fast_a_id_info; 2114 conf.eap_fast_prov = hapd->conf->eap_fast_prov; 2115 conf.pac_key_lifetime = hapd->conf->pac_key_lifetime; 2116 conf.pac_key_refresh_time = hapd->conf->pac_key_refresh_time; 2117 conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind; --- 231 unchanged lines hidden (view full) --- 2349 return; 2350 if (pre_auth) 2351 sm->flags |= EAPOL_SM_PREAUTH; 2352 else 2353 sm->flags &= ~EAPOL_SM_PREAUTH; 2354} 2355 2356 |
2335static const char * bool_txt(Boolean bool) | 2357static const char * bool_txt(Boolean val) |
2336{ | 2358{ |
2337 return bool ? "TRUE" : "FALSE"; | 2359 return val ? "TRUE" : "FALSE"; |
2338} 2339 2340 2341int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2342{ 2343 /* TODO */ 2344 return 0; 2345} --- 249 unchanged lines hidden --- | 2360} 2361 2362 2363int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2364{ 2365 /* TODO */ 2366 return 0; 2367} --- 249 unchanged lines hidden --- |