diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2014-03-10 13:15:21 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2014-03-10 13:15:21 -0700 |
| commit | 818ea489ef32dcdc7c098d8a336d6e1dd8996112 (patch) | |
| tree | 34efcd6c76d5300623864aac0b04069c3af2790d /hostapd | |
| parent | 2ac5f6049e74103a8fe8e9c78b330020081d7df4 (diff) | |
| download | android_external_wpa_supplicant_8-818ea489ef32dcdc7c098d8a336d6e1dd8996112.tar.gz android_external_wpa_supplicant_8-818ea489ef32dcdc7c098d8a336d6e1dd8996112.tar.bz2 android_external_wpa_supplicant_8-818ea489ef32dcdc7c098d8a336d6e1dd8996112.zip | |
Cumulative patch from commit 390b92913a9a1b3a6aaf70e8b5971a7b7c76cabc
390b929 TLS testing: Allow hostapd to be used as a TLS testing tool
994afe3 RADIUS server: Allow TLS implementation add log entries
01f7fe1 RADIUS server: Allow EAP methods to log into SQLite DB
8a57da7 RADIUS server: Add option for storing log information to SQLite DB
f3ef7a2 TLS client: Send decrypt_error on verify_data validation error
129b9b9 TLS: Share a helper function for verifying Signature
6531963 TLS: Use a helper function for calculating ServerKeyExchange hash
65074a2 TLS: Add support for DHE-RSA cipher suites
41ebfe9 TLS server: Enable SHA256-based cipher suites
60b893d wpa_supplicant: Allow external management frame processing for testing
ec33bc6 Enable RADIUS message dumps with excessive debug verbosity
226e357 Revert "bridge: Track inter-BSS usage"
d0ee16e Allow arbitrary RADIUS attributes to be added into Access-Accept
0ac3876 Fix PMF protect disconnection on session timeout
49021c1 Fix hostapd error path regression
Change-Id: Ie0710c036cca2fb370d28684cc5a5d28a075dfc1
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'hostapd')
| -rw-r--r-- | hostapd/config_file.c | 38 | ||||
| -rw-r--r-- | hostapd/hostapd.eap_user | 6 | ||||
| -rw-r--r-- | hostapd/hostapd.eap_user_sqlite | 8 | ||||
| -rw-r--r-- | hostapd/main.c | 2 |
4 files changed, 48 insertions, 6 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c index bd664743..949a9d17 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -22,6 +22,14 @@ #include "config_file.h" +#ifndef CONFIG_NO_RADIUS +#ifdef EAP_SERVER +static struct hostapd_radius_attr * +hostapd_parse_radius_attr(const char *value); +#endif /* EAP_SERVER */ +#endif /* CONFIG_NO_RADIUS */ + + #ifndef CONFIG_NO_VLAN static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss, const char *fname) @@ -208,7 +216,7 @@ static int hostapd_config_read_eap_user(const char *fname, FILE *f; char buf[512], *pos, *start, *pos2; int line = 0, ret = 0, num_methods; - struct hostapd_eap_user *user, *tail = NULL; + struct hostapd_eap_user *user = NULL, *tail = NULL; if (!fname) return 0; @@ -242,6 +250,27 @@ static int hostapd_config_read_eap_user(const char *fname, if (buf[0] == '\0') continue; +#ifndef CONFIG_NO_RADIUS + if (user && os_strncmp(buf, "radius_accept_attr=", 19) == 0) { + struct hostapd_radius_attr *attr, *a; + attr = hostapd_parse_radius_attr(buf + 19); + if (attr == NULL) { + wpa_printf(MSG_ERROR, "Invalid radius_auth_req_attr: %s", + buf + 19); + goto failed; + } + if (user->accept_attr == NULL) { + user->accept_attr = attr; + } else { + a = user->accept_attr; + while (a->next) + a = a->next; + a->next = attr; + } + continue; + } +#endif /* CONFIG_NO_RADIUS */ + user = NULL; if (buf[0] != '"' && buf[0] != '*') { @@ -468,11 +497,8 @@ static int hostapd_config_read_eap_user(const char *fname, continue; failed: - if (user) { - os_free(user->password); - os_free(user->identity); - os_free(user); - } + if (user) + hostapd_config_free_eap_user(user); ret = -1; break; } diff --git a/hostapd/hostapd.eap_user b/hostapd/hostapd.eap_user index 12a2c612..00edc95a 100644 --- a/hostapd/hostapd.eap_user +++ b/hostapd/hostapd.eap_user @@ -48,6 +48,12 @@ # TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a # plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password # hash. +# +# Arbitrary RADIUS attributes can be added into Access-Accept packets similarly +# to the way radius_auth_req_attr is used for Access-Request packet in +# hostapd.conf. For EAP server, this is configured separately for each user +# entry with radius_accept_attr=<value> line(s) following the main user entry +# line. # Phase 1 users "user" MD5 "password" diff --git a/hostapd/hostapd.eap_user_sqlite b/hostapd/hostapd.eap_user_sqlite index 2c1f130f..826db349 100644 --- a/hostapd/hostapd.eap_user_sqlite +++ b/hostapd/hostapd.eap_user_sqlite @@ -16,3 +16,11 @@ INSERT INTO users(identity,methods,password,phase2) VALUES ('DOMAIN\mschapv2 use INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS'); INSERT INTO wildcards(identity,methods) VALUES ('0','AKA'); + +CREATE TABLE authlog( + timestamp TEXT, + session TEXT, + nas_ip TEXT, + username TEXT, + note TEXT +); diff --git a/hostapd/main.c b/hostapd/main.c index 68bc9b58..a9d7da51 100644 --- a/hostapd/main.c +++ b/hostapd/main.c @@ -729,6 +729,8 @@ int main(int argc, char *argv[]) hostapd_global_ctrl_iface_deinit(&interfaces); /* Deinitialize all interfaces */ for (i = 0; i < interfaces.count; i++) { + if (!interfaces.iface[i]) + continue; interfaces.iface[i]->driver_ap_teardown = !!(interfaces.iface[i]->drv_flags & WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT); |