diff options
| author | Jouni Malinen <j@w1.fi> | 2012-05-05 20:19:56 +0300 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2012-05-05 20:19:56 +0300 |
| commit | af35e7af7f8bb1ca9f0905b4074fb56a264aa12b (patch) | |
| tree | 47e991a480b8016951fb7f79112478261ad3fa71 /hostapd | |
| parent | 86f6053aa254e8a5a5ad9ba1ad20815d21314449 (diff) | |
| download | external_wpa_supplicant_8_ti-af35e7af7f8bb1ca9f0905b4074fb56a264aa12b.zip external_wpa_supplicant_8_ti-af35e7af7f8bb1ca9f0905b4074fb56a264aa12b.tar.gz external_wpa_supplicant_8_ti-af35e7af7f8bb1ca9f0905b4074fb56a264aa12b.tar.bz2 | |
hostapd: Allow addition of arbitrary RADIUS attributes
New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.
Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd')
| -rw-r--r-- | hostapd/config_file.c | 100 | ||||
| -rw-r--r-- | hostapd/hostapd.conf | 30 |
2 files changed, 130 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c index c8a6288..5c8824c 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -491,6 +491,76 @@ hostapd_config_read_radius_addr(struct hostapd_radius_server **server, return ret; } + + +static struct hostapd_radius_attr * +hostapd_parse_radius_attr(const char *value) +{ + const char *pos; + char syntax; + struct hostapd_radius_attr *attr; + size_t len; + + attr = os_zalloc(sizeof(*attr)); + if (attr == NULL) + return NULL; + + attr->type = atoi(value); + + pos = os_strchr(value, ':'); + if (pos == NULL) { + attr->val = wpabuf_alloc(1); + if (attr->val == NULL) { + os_free(attr); + return NULL; + } + wpabuf_put_u8(attr->val, 0); + return attr; + } + + pos++; + if (pos[0] == '\0' || pos[1] != ':') { + os_free(attr); + return NULL; + } + syntax = *pos++; + pos++; + + switch (syntax) { + case 's': + attr->val = wpabuf_alloc_copy(pos, os_strlen(pos)); + break; + case 'x': + len = os_strlen(pos); + if (len & 1) + break; + len /= 2; + attr->val = wpabuf_alloc(len); + if (attr->val == NULL) + break; + if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) { + wpabuf_free(attr->val); + os_free(attr); + return NULL; + } + break; + case 'd': + attr->val = wpabuf_alloc(4); + if (attr->val) + wpabuf_put_be32(attr->val, atoi(pos)); + break; + default: + os_free(attr); + return NULL; + } + + if (attr->val == NULL) { + os_free(attr); + return NULL; + } + + return attr; +} #endif /* CONFIG_NO_RADIUS */ @@ -1557,6 +1627,36 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->acct_interim_interval = atoi(pos); } else if (os_strcmp(buf, "radius_request_cui") == 0) { bss->radius_request_cui = atoi(pos); + } else if (os_strcmp(buf, "radius_auth_req_attr") == 0) { + struct hostapd_radius_attr *attr, *a; + attr = hostapd_parse_radius_attr(pos); + if (attr == NULL) { + wpa_printf(MSG_ERROR, "Line %d: invalid " + "radius_auth_req_attr", line); + errors++; + } else if (bss->radius_auth_req_attr == NULL) { + bss->radius_auth_req_attr = attr; + } else { + a = bss->radius_auth_req_attr; + while (a->next) + a = a->next; + a->next = attr; + } + } else if (os_strcmp(buf, "radius_acct_req_attr") == 0) { + struct hostapd_radius_attr *attr, *a; + attr = hostapd_parse_radius_attr(pos); + if (attr == NULL) { + wpa_printf(MSG_ERROR, "Line %d: invalid " + "radius_acct_req_attr", line); + errors++; + } else if (bss->radius_acct_req_attr == NULL) { + bss->radius_acct_req_attr = attr; + } else { + a = bss->radius_acct_req_attr; + while (a->next) + a = a->next; + a->next = attr; + } #endif /* CONFIG_NO_RADIUS */ } else if (os_strcmp(buf, "auth_algs") == 0) { bss->auth_algs = atoi(pos); diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index e38a7aa..8890cd2 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -665,6 +665,36 @@ own_ip_addr=127.0.0.1 # to the bridge. #vlan_tagged_interface=eth0 +# Arbitrary RADIUS attributes can be added into Access-Request and +# Accounting-Request packets by specifying the contents of the attributes with +# the following configuration parameters. There can be multiple of these to +# add multiple attributes. These parameters can also be used to override some +# of the attributes added automatically by hostapd. +# Format: <attr_id>[:<syntax:value>] +# attr_id: RADIUS attribute type (e.g., 26 = Vendor-Specific) +# syntax: s = string (UTF-8), d = integer, x = octet string +# value: attribute value in format indicated by the syntax +# If syntax and value parts are omitted, a null value (single 0x00 octet) is +# used. +# +# Additional Access-Request attributes +# radius_auth_req_attr=<attr_id>[:<syntax:value>] +# Examples: +# Operator-Name = "Operator" +#radius_auth_req_attr=126:s:Operator +# Service-Type = Framed (2) +#radius_auth_req_attr=6:d:2 +# Connect-Info = "testing" (this overrides the automatically generated value) +#radius_auth_req_attr=77:s:testing +# Same Connect-Info value set as a hexdump +#radius_auth_req_attr=77:x:74657374696e67 + +# +# Additional Accounting-Request attributes +# radius_acct_req_attr=<attr_id>[:<syntax:value>] +# Examples: +# Operator-Name = "Operator" +#radius_acct_req_attr=126:s:Operator ##### RADIUS authentication server configuration ############################## |