diff options
| author | Jouni Malinen <j@w1.fi> | 2008-12-26 20:22:12 +0200 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2008-12-26 20:22:12 +0200 |
| commit | 65d50f0ac63b6c7831cc0b04bbd476dd48b0991b (patch) | |
| tree | ab84a109e64d312e5363fb4b8a3c4c8ca1c63a44 /src/radius | |
| parent | d9f56262938e155cd1f13da485e83ef6a23751f5 (diff) | |
| download | external_wpa_supplicant_8_ti-65d50f0ac63b6c7831cc0b04bbd476dd48b0991b.zip external_wpa_supplicant_8_ti-65d50f0ac63b6c7831cc0b04bbd476dd48b0991b.tar.gz external_wpa_supplicant_8_ti-65d50f0ac63b6c7831cc0b04bbd476dd48b0991b.tar.bz2 | |
Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
Diffstat (limited to 'src/radius')
| -rw-r--r-- | src/radius/radius_server.c | 21 | ||||
| -rw-r--r-- | src/radius/radius_server.h | 2 |
2 files changed, 23 insertions, 0 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c index 11c1b5b..1bfb93c 100644 --- a/src/radius/radius_server.c +++ b/src/radius/radius_server.c @@ -99,6 +99,8 @@ struct radius_server_data { struct radius_server_counters counters; int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, int phase2, struct eap_user *user); + char *eap_req_id_text; + size_t eap_req_id_text_len; }; @@ -1043,6 +1045,14 @@ radius_server_init(struct radius_server_conf *conf) data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind; data->tnc = conf->tnc; data->wps = conf->wps; + if (conf->eap_req_id_text) { + data->eap_req_id_text = os_malloc(conf->eap_req_id_text_len); + if (data->eap_req_id_text) { + os_memcpy(data->eap_req_id_text, conf->eap_req_id_text, + conf->eap_req_id_text_len); + data->eap_req_id_text_len = conf->eap_req_id_text_len; + } + } data->clients = radius_server_read_clients(conf->client_file, conf->ipv6); @@ -1090,6 +1100,7 @@ void radius_server_deinit(struct radius_server_data *data) os_free(data->pac_opaque_encr_key); os_free(data->eap_fast_a_id); os_free(data->eap_fast_a_id_info); + os_free(data->eap_req_id_text); os_free(data); } @@ -1217,9 +1228,19 @@ static int radius_server_get_eap_user(void *ctx, const u8 *identity, } +static const char * radius_server_get_eap_req_id_text(void *ctx, size_t *len) +{ + struct radius_session *sess = ctx; + struct radius_server_data *data = sess->server; + *len = data->eap_req_id_text_len; + return data->eap_req_id_text; +} + + static struct eapol_callbacks radius_server_eapol_cb = { .get_eap_user = radius_server_get_eap_user, + .get_eap_req_id_text = radius_server_get_eap_req_id_text, }; diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h index 2911e28..d5fb6a1 100644 --- a/src/radius/radius_server.h +++ b/src/radius/radius_server.h @@ -37,6 +37,8 @@ struct radius_server_conf { int ipv6; int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, int phase2, struct eap_user *user); + const char *eap_req_id_text; + size_t eap_req_id_text_len; }; |