diff options
author | Michael Braun <michael-dev@fami-braun.de> | 2011-12-11 13:01:57 +0200 |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2011-12-11 13:01:57 +0200 |
commit | 05ab9712b9977192b713f01f07c3b14ca4d1ba78 (patch) | |
tree | 1e97b6daa1f6f5053e97b58be2955bd65a30c696 /hostapd/config_file.c | |
parent | c3daaf3325563ccbe0d8c3a8c8b729683a9d68c2 (diff) | |
download | external_wpa_supplicant_8_ti-05ab9712b9977192b713f01f07c3b14ca4d1ba78.zip external_wpa_supplicant_8_ti-05ab9712b9977192b713f01f07c3b14ca4d1ba78.tar.gz external_wpa_supplicant_8_ti-05ab9712b9977192b713f01f07c3b14ca4d1ba78.tar.bz2 |
Allow WPA passphrase to be fetched with RADIUS Tunnel-Password attribute
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Diffstat (limited to 'hostapd/config_file.c')
-rw-r--r-- | hostapd/config_file.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 9d39b48..ca79695 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -1050,9 +1050,18 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss, return -1; } + if (bss->wpa && bss->wpa_psk_radius != PSK_RADIUS_IGNORED && + bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) { + wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no " + "RADIUS checking (macaddr_acl=2) enabled."); + return -1; + } + if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) && bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL && - bss->ssid.wpa_psk_file == NULL) { + bss->ssid.wpa_psk_file == NULL && + (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED || + bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) { wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase " "is not configured."); return -1; @@ -1629,6 +1638,16 @@ struct hostapd_config * hostapd_config_read(const char *fname) hostapd_config_parse_key_mgmt(line, pos); if (bss->wpa_key_mgmt == -1) errors++; + } else if (os_strcmp(buf, "wpa_psk_radius") == 0) { + bss->wpa_psk_radius = atoi(pos); + if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED && + bss->wpa_psk_radius != PSK_RADIUS_ACCEPTED && + bss->wpa_psk_radius != PSK_RADIUS_REQUIRED) { + wpa_printf(MSG_ERROR, "Line %d: unknown " + "wpa_psk_radius %d", + line, bss->wpa_psk_radius); + errors++; + } } else if (os_strcmp(buf, "wpa_pairwise") == 0) { bss->wpa_pairwise = hostapd_config_parse_cipher(line, pos); |