| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Remove the GPL notification text from the files that were
initially contributed by myself.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Testing code can now be enabled in the hostapd RADIUS server to dump
each derived MSK into a text file (e.g., to be used as an input to
wlantest). This functionality is not included in the default build
and can be enabled by adding the following line to hostapd/.config:
CFLAGS += -DCONFIG_RADIUS_TEST
The MSK dump file is specified with dump_msk_file parameter in
hostapd.conf (path to the dump file). If this variable is not set,
MSK dump mechanism is not enabled at run time.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
| |
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
|
| | |
|
| | |
|
| |
|
|
|
| |
This is internal data structure for RADIUS message handling and
external code should not touch it directly.
|
| | |
|
| |
|
|
|
| |
Since all callers were freeing the buffer immediately anyway, move
this operation into radius_msg_free() to reduce code size.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.
In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
|
| |
|
|
|
|
| |
While the actual use here would be unlikely to be broken by any C
optimization, it is better to use explicit union construction to let
gcc know about the aliasing and avoid warnings from gcc 4.4.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.
The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.
Signed-off-by: Alex Badea <vamposdecampos@gmail.com>
Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
|
| |
|
|
|
|
|
|
|
|
|
| |
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.
This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.
Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
|
| |
|
|
|
|
|
| |
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
|
| |
|
|
|
| |
The hardcoded values in eap_fast.c were replaced with values read from
hostapd.conf.
|
| |
|
|
|
|
|
|
|
| |
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
|
| | |
|
| |
|
