RADIUS DAS: Validate Event-Timestamp

DAS will now validate Event-Timestamp value to be within an acceptable
time window (300 seconds by default; can be set using
radius_das_time_window parameter). In addition, Event-Timestamp can be
required in Disconnect-Request and CoA-Request messages with
radius_das_require_event_timestamp=1.

Signed-hostap: Jouni Malinen <j@w1.fi>

3 files changed, 7 insertions, 0 deletions

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index e916f12..d8f55a2 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -87,6 +87,8 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
 #ifdef CONFIG_IEEE80211R
 	bss->ft_over_ds = 1;
 #endif /* CONFIG_IEEE80211R */
+
+	bss->radius_das_time_window = 300;
 }
 
 
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 78c9068..1f35f72 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -187,6 +187,8 @@ struct hostapd_bss_config {
 	struct hostapd_radius_attr *radius_auth_req_attr;
 	struct hostapd_radius_attr *radius_acct_req_attr;
 	int radius_das_port;
+	unsigned int radius_das_time_window;
+	int radius_das_require_event_timestamp;
 	struct hostapd_ip_addr radius_das_client_addr;
 	u8 *radius_das_shared_secret;
 	size_t radius_das_shared_secret_len;
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 9d6fd7b..50239b0 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -639,6 +639,9 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
 		das_conf.shared_secret_len =
 			hapd->conf->radius_das_shared_secret_len;
 		das_conf.client_addr = &hapd->conf->radius_das_client_addr;
+		das_conf.time_window = hapd->conf->radius_das_time_window;
+		das_conf.require_event_timestamp =
+			hapd->conf->radius_das_require_event_timestamp;
 		hapd->radius_das = radius_das_init(&das_conf);
 		if (hapd->radius_das == NULL) {
 			wpa_printf(MSG_ERROR, "RADIUS DAS initialization "