aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-04-30 17:07:55 (GMT)
committerJouni Malinen <j@w1.fi>2018-04-30 17:12:36 (GMT)
commit04ee197f87685d2042240742e88670e25d8b0ea3 (patch)
tree46ce1d060b8a197e857c86e4eccd4315f3020ab7
parent625a8c86ba1c9ba7bc469184c07cef48f68d47da (diff)
downloadhostap-04ee197f87685d2042240742e88670e25d8b0ea3.zip
hostap-04ee197f87685d2042240742e88670e25d8b0ea3.tar.gz
hostap-04ee197f87685d2042240742e88670e25d8b0ea3.tar.bz2
HS 2.0: Maintain a database of pending T&C acceptance sessions
The new SQLite table pending_tc is used to maintain a list of sessions that need to accept Terms and Conditions. This information can be used on an external Terms and Conditions server to map the incoming MAC address information into user identity. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--hostapd/hostapd.eap_user_sqlite5
-rw-r--r--src/radius/radius_server.c62
2 files changed, 65 insertions, 2 deletions
diff --git a/hostapd/hostapd.eap_user_sqlite b/hostapd/hostapd.eap_user_sqlite
index 1ee1843..fdae4e0 100644
--- a/hostapd/hostapd.eap_user_sqlite
+++ b/hostapd/hostapd.eap_user_sqlite
@@ -25,3 +25,8 @@ CREATE TABLE authlog(
username TEXT,
note TEXT
);
+
+CREATE TABLE pending_tc(
+ mac_addr TEXT PRIMARY KEY,
+ identity TEXT
+);
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index cc77204..17c9087 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -80,6 +80,7 @@ struct radius_session {
struct eap_eapol_interface *eap_if;
char *username; /* from User-Name attribute */
char *nas_ip;
+ u8 mac_addr[ETH_ALEN]; /* from Calling-Station-Id attribute */
struct radius_msg *last_msg;
char *last_from_addr;
@@ -631,8 +632,8 @@ radius_server_get_new_session(struct radius_server_data *data,
struct radius_client *client,
struct radius_msg *msg, const char *from_addr)
{
- u8 *user;
- size_t user_len;
+ u8 *user, *id;
+ size_t user_len, id_len;
int res;
struct radius_session *sess;
struct eap_config eap_conf;
@@ -678,6 +679,21 @@ radius_server_get_new_session(struct radius_server_data *data,
return NULL;
}
+ if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CALLING_STATION_ID, &id,
+ &id_len, NULL) == 0) {
+ char buf[3 * ETH_ALEN];
+
+ os_memset(buf, 0, sizeof(buf));
+ if (id_len >= sizeof(buf))
+ id_len = sizeof(buf) - 1;
+ os_memcpy(buf, id, id_len);
+ if (hwaddr_aton2(buf, sess->mac_addr) < 0)
+ os_memset(sess->mac_addr, 0, ETH_ALEN);
+ else
+ RADIUS_DEBUG("Calling-Station-Id: " MACSTR,
+ MAC2STR(sess->mac_addr));
+ }
+
srv_log(sess, "New session created");
os_memset(&eap_conf, 0, sizeof(eap_conf));
@@ -721,6 +737,47 @@ radius_server_get_new_session(struct radius_server_data *data,
}
+#ifdef CONFIG_HS20
+static void radius_srv_hs20_t_c_pending(struct radius_session *sess)
+{
+#ifdef CONFIG_SQLITE
+ char *sql;
+ char addr[3 * ETH_ALEN], *id_str;
+ const u8 *id;
+ size_t id_len;
+
+ if (!sess->server->db || !sess->eap ||
+ is_zero_ether_addr(sess->mac_addr))
+ return;
+
+ os_snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sess->mac_addr));
+
+ id = eap_get_identity(sess->eap, &id_len);
+ if (!id)
+ return;
+ id_str = os_malloc(id_len + 1);
+ if (!id_str)
+ return;
+ os_memcpy(id_str, id, id_len);
+ id_str[id_len] = '\0';
+
+ sql = sqlite3_mprintf("INSERT OR REPLACE INTO pending_tc (mac_addr,identity) VALUES (%Q,%Q)",
+ addr, id_str);
+ os_free(id_str);
+ if (!sql)
+ return;
+
+ if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) !=
+ SQLITE_OK) {
+ RADIUS_ERROR("Failed to add pending_tc entry into sqlite database: %s",
+ sqlite3_errmsg(sess->server->db));
+ }
+ sqlite3_free(sql);
+#endif /* CONFIG_SQLITE */
+}
+#endif /* CONFIG_HS20 */
+
+
static struct radius_msg *
radius_server_encapsulate_eap(struct radius_server_data *data,
struct radius_client *client,
@@ -833,6 +890,7 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
buf, sizeof(buf))) {
RADIUS_DEBUG("Failed to add WFA-HS20-T-C-Filtering");
}
+ radius_srv_hs20_t_c_pending(sess);
}
#endif /* CONFIG_HS20 */