aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-04-08 21:10:20 (GMT)
committerJouni Malinen <j@w1.fi>2019-04-08 21:10:20 (GMT)
commit3580ed8266f673b41ba494b1b2c823d145064439 (patch)
treea1554d63b75e02421851bd56f459d1d1f2c3e2cd
parent8f5b1c40bddf6e0a67f8381ad5f82440d14c894f (diff)
downloadhostap-3580ed8266f673b41ba494b1b2c823d145064439.zip
hostap-3580ed8266f673b41ba494b1b2c823d145064439.tar.gz
hostap-3580ed8266f673b41ba494b1b2c823d145064439.tar.bz2
RADIUS server: Accept ERP keyName-NAI as user identity
Previously the EAP user database had to include a wildcard entry for ERP to work since the keyName-NAI as User-Name in Access-Request would not be recognized without such wildcard entry (that could point to any EAP method). This is not ideal, so add a separate check to allow any stored ERP keyName-NAI to be used for ERP without any requirement for the EAP user database to contain a matching entry. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--src/radius/radius_server.c39
1 files changed, 31 insertions, 8 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 095144d..b621ada 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -676,6 +676,23 @@ static void radius_server_testing_options(struct radius_session *sess,
}
+#ifdef CONFIG_ERP
+static struct eap_server_erp_key *
+radius_server_erp_find_key(struct radius_server_data *data, const char *keyname)
+{
+ struct eap_server_erp_key *erp;
+
+ dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
+ list) {
+ if (os_strcmp(erp->keyname_nai, keyname) == 0)
+ return erp;
+ }
+
+ return NULL;
+}
+#endif /* CONFIG_ERP */
+
+
static struct radius_session *
radius_server_get_new_session(struct radius_server_data *data,
struct radius_client *client,
@@ -702,6 +719,19 @@ radius_server_get_new_session(struct radius_server_data *data,
return NULL;
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
+#ifdef CONFIG_ERP
+ if (res != 0 && data->erp) {
+ char *username;
+
+ username = os_zalloc(user_len + 1);
+ if (username) {
+ os_memcpy(username, user, user_len);
+ if (radius_server_erp_find_key(data, username))
+ res = 0;
+ os_free(username);
+ }
+ }
+#endif /* CONFIG_ERP */
if (res != 0) {
RADIUS_DEBUG("User-Name not found from user database");
eap_user_free(tmp);
@@ -2706,15 +2736,8 @@ radius_server_erp_get_key(void *ctx, const char *keyname)
{
struct radius_session *sess = ctx;
struct radius_server_data *data = sess->server;
- struct eap_server_erp_key *erp;
- dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
- list) {
- if (os_strcmp(erp->keyname_nai, keyname) == 0)
- return erp;
- }
-
- return NULL;
+ return radius_server_erp_find_key(data, keyname);
}