aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-12-26 20:22:12 +0200
committerJouni Malinen <j@w1.fi>2008-12-26 20:22:12 +0200
commit65d50f0ac63b6c7831cc0b04bbd476dd48b0991b (patch)
treeab84a109e64d312e5363fb4b8a3c4c8ca1c63a44 /src/radius
parentd9f56262938e155cd1f13da485e83ef6a23751f5 (diff)
downloadexternal_wpa_supplicant_8_ti-65d50f0ac63b6c7831cc0b04bbd476dd48b0991b.zip
external_wpa_supplicant_8_ti-65d50f0ac63b6c7831cc0b04bbd476dd48b0991b.tar.gz
external_wpa_supplicant_8_ti-65d50f0ac63b6c7831cc0b04bbd476dd48b0991b.tar.bz2
Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284 (EAP-Request/Identity from the AP) was supported. Now option 3 (subsequent EAP-Request/Identity from RADIUS server) can also be used when hostapd is used as a RADIUS server. The eap_user file will need to have a Phase 1 user entry pointing to Identity method in order for this to happen (e.g., "* Identity" in the end of the file). The identity hint is configured in the same was as for AP/Authenticator case (eap_message in hostapd.conf).
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius_server.c21
-rw-r--r--src/radius/radius_server.h2
2 files changed, 23 insertions, 0 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 11c1b5b..1bfb93c 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -99,6 +99,8 @@ struct radius_server_data {
struct radius_server_counters counters;
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
int phase2, struct eap_user *user);
+ char *eap_req_id_text;
+ size_t eap_req_id_text_len;
};
@@ -1043,6 +1045,14 @@ radius_server_init(struct radius_server_conf *conf)
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
data->tnc = conf->tnc;
data->wps = conf->wps;
+ if (conf->eap_req_id_text) {
+ data->eap_req_id_text = os_malloc(conf->eap_req_id_text_len);
+ if (data->eap_req_id_text) {
+ os_memcpy(data->eap_req_id_text, conf->eap_req_id_text,
+ conf->eap_req_id_text_len);
+ data->eap_req_id_text_len = conf->eap_req_id_text_len;
+ }
+ }
data->clients = radius_server_read_clients(conf->client_file,
conf->ipv6);
@@ -1090,6 +1100,7 @@ void radius_server_deinit(struct radius_server_data *data)
os_free(data->pac_opaque_encr_key);
os_free(data->eap_fast_a_id);
os_free(data->eap_fast_a_id_info);
+ os_free(data->eap_req_id_text);
os_free(data);
}
@@ -1217,9 +1228,19 @@ static int radius_server_get_eap_user(void *ctx, const u8 *identity,
}
+static const char * radius_server_get_eap_req_id_text(void *ctx, size_t *len)
+{
+ struct radius_session *sess = ctx;
+ struct radius_server_data *data = sess->server;
+ *len = data->eap_req_id_text_len;
+ return data->eap_req_id_text;
+}
+
+
static struct eapol_callbacks radius_server_eapol_cb =
{
.get_eap_user = radius_server_get_eap_user,
+ .get_eap_req_id_text = radius_server_get_eap_req_id_text,
};
diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h
index 2911e28..d5fb6a1 100644
--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@@ -37,6 +37,8 @@ struct radius_server_conf {
int ipv6;
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
int phase2, struct eap_user *user);
+ const char *eap_req_id_text;
+ size_t eap_req_id_text_len;
};