aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2014-02-28 12:41:42 (GMT)
committerJouni Malinen <j@w1.fi>2014-03-09 16:21:13 (GMT)
commit01f7fe10ef4b39e056ebc4d0756129919fb7eb53 (patch)
tree42d4a827cd25e5790efa52c089f8323c90a5f466 /src/eap_server
parent8a57da7e28ec48e452eedd76e7f255ebe0e745c4 (diff)
downloadhostap-01f7fe10ef4b39e056ebc4d0756129919fb7eb53.zip
hostap-01f7fe10ef4b39e056ebc4d0756129919fb7eb53.tar.gz
hostap-01f7fe10ef4b39e056ebc4d0756129919fb7eb53.tar.bz2
RADIUS server: Allow EAP methods to log into SQLite DB
This extends RADIUS server logging capabilities to allow EAP server methods to add log entries. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/eap_server')
-rw-r--r--src/eap_server/eap.h1
-rw-r--r--src/eap_server/eap_i.h2
-rw-r--r--src/eap_server/eap_server.c30
-rw-r--r--src/eap_server/eap_server_identity.c7
-rw-r--r--src/eap_server/eap_server_mschapv2.c8
-rw-r--r--src/eap_server/eap_server_ttls.c10
6 files changed, 58 insertions, 0 deletions
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 25347ba..f1eb468 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -81,6 +81,7 @@ struct eapol_callbacks {
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
int phase2, struct eap_user *user);
const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
+ void (*log_msg)(void *ctx, const char *msg);
};
struct eap_config {
diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index 003e202..0180aff 100644
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -195,6 +195,8 @@ struct eap_sm {
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
int phase2);
+void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
+PRINTF_FORMAT(2, 3);
void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
#endif /* EAP_I_H */
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 233e272..1999782 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -119,6 +119,32 @@ int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
}
+void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
+{
+ va_list ap;
+ char *buf;
+ int buflen;
+
+ if (sm == NULL || sm->eapol_cb == NULL || sm->eapol_cb->log_msg == NULL)
+ return;
+
+ va_start(ap, fmt);
+ buflen = vsnprintf(NULL, 0, fmt, ap) + 1;
+ va_end(ap);
+
+ buf = os_malloc(buflen);
+ if (buf == NULL)
+ return;
+ va_start(ap, fmt);
+ vsnprintf(buf, buflen, fmt, ap);
+ va_end(ap);
+
+ sm->eapol_cb->log_msg(sm->eapol_ctx, buf);
+
+ os_free(buf);
+}
+
+
SM_STATE(EAP, DISABLED)
{
SM_ENTRY(EAP, DISABLED);
@@ -366,6 +392,7 @@ try_another_method:
}
if (sm->m == NULL) {
wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method");
+ eap_log_msg(sm, "Could not find suitable EAP method");
sm->decision = DECISION_FAILURE;
return;
}
@@ -377,6 +404,8 @@ try_another_method:
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
"vendor=%u method=%u", vendor, sm->currentMethod);
+ eap_log_msg(sm, "Propose EAP method vendor=%u method=%u",
+ vendor, sm->currentMethod);
}
@@ -693,6 +722,7 @@ SM_STEP(EAP)
"respMethod=%d currentMethod=%d",
sm->rxResp, sm->respId, sm->currentId,
sm->respMethod, sm->currentMethod);
+ eap_log_msg(sm, "Discard received EAP message");
SM_ENTER(EAP, DISCARD);
}
break;
diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c
index 51dc4e8..b3c2087 100644
--- a/src/eap_server/eap_server_identity.c
+++ b/src/eap_server/eap_server_identity.c
@@ -102,6 +102,7 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
struct eap_identity_data *data = priv;
const u8 *pos;
size_t len;
+ char *buf;
if (data->pick_up) {
if (eap_identity_check(sm, data, respData)) {
@@ -119,6 +120,12 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
return; /* Should not happen - frame already validated */
wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
+ buf = os_malloc(len * 3 + 1);
+ if (buf) {
+ printf_encode(buf, len * 3 + 1, pos, len);
+ eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
+ os_free(buf);
+ }
if (sm->identity)
sm->update_user = TRUE;
os_free(sm->identity);
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 3153d2e..790c719 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -290,6 +290,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
const u8 *username, *user;
size_t username_len, user_len;
int res;
+ char *buf;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
@@ -329,6 +330,13 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+ buf = os_malloc(name_len * 3 + 1);
+ if (buf) {
+ printf_encode(buf, name_len * 3 + 1, name, name_len);
+ eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
+ os_free(buf);
+ }
+
/* MSCHAPv2 does not include optional domain name in the
* challenge-response calculation, so remove domain prefix
* (if present). */
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 647bd2f..24225a4 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -984,6 +984,16 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
}
if (parse.user_name) {
+ char *nbuf;
+ nbuf = os_malloc(parse.user_name_len * 3 + 1);
+ if (nbuf) {
+ printf_encode(nbuf, parse.user_name_len * 3 + 1,
+ parse.user_name,
+ parse.user_name_len);
+ eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
+ os_free(nbuf);
+ }
+
os_free(sm->identity);
sm->identity = os_malloc(parse.user_name_len);
if (sm->identity == NULL) {