aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/ap/ap_config.c3
-rw-r--r--src/ap/ap_config.h2
-rw-r--r--src/ap/authsrv.c1
-rw-r--r--src/eap_server/eap.h1
-rw-r--r--src/radius/radius_server.c26
5 files changed, 30 insertions, 3 deletions
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index b995892..f744985 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -388,8 +388,9 @@ static void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
}
-static void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
+void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
{
+ hostapd_config_free_radius_attr(user->accept_attr);
os_free(user->identity);
os_free(user->password);
os_free(user);
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index e1e34e2..f6ca8b1 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -128,6 +128,7 @@ struct hostapd_eap_user {
* nt_password_hash() */
unsigned int remediation:1;
int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */
+ struct hostapd_radius_attr *accept_attr;
};
struct hostapd_radius_attr {
@@ -601,6 +602,7 @@ int hostapd_mac_comp(const void *a, const void *b);
int hostapd_mac_comp_empty(const void *a);
struct hostapd_config * hostapd_config_defaults(void);
void hostapd_config_defaults_bss(struct hostapd_bss_config *bss);
+void hostapd_config_free_eap_user(struct hostapd_eap_user *user);
void hostapd_config_free_bss(struct hostapd_bss_config *conf);
void hostapd_config_free(struct hostapd_config *conf);
int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 7691012..8b922ec 100644
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -81,6 +81,7 @@ static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
user->force_version = eap_user->force_version;
user->ttls_auth = eap_user->ttls_auth;
user->remediation = eap_user->remediation;
+ user->accept_attr = eap_user->accept_attr;
return 0;
}
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 197b232..25347ba 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -35,6 +35,7 @@ struct eap_user {
unsigned int remediation:1;
int ttls_auth; /* bitfield of
* EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
+ struct hostapd_radius_attr *accept_attr;
};
struct eap_eapol_interface {
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 6b86932..dd96b59 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -13,6 +13,7 @@
#include "radius.h"
#include "eloop.h"
#include "eap_server/eap.h"
+#include "ap/ap_config.h"
#include "radius_server.h"
/**
@@ -79,6 +80,8 @@ struct radius_session {
u8 last_authenticator[16];
unsigned int remediation:1;
+
+ struct hostapd_radius_attr *accept_attr;
};
/**
@@ -483,6 +486,7 @@ radius_server_get_new_session(struct radius_server_data *data,
int res;
struct radius_session *sess;
struct eap_config eap_conf;
+ struct eap_user tmp;
RADIUS_DEBUG("Creating a new session");
@@ -499,7 +503,9 @@ radius_server_get_new_session(struct radius_server_data *data,
user_len = res;
RADIUS_DUMP_ASCII("User-Name", user, user_len);
- res = data->get_eap_user(data->conf_ctx, user, user_len, 0, NULL);
+ os_memset(&tmp, 0, sizeof(tmp));
+ res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
+ os_free(tmp.password);
os_free(user);
if (res == 0) {
@@ -509,6 +515,7 @@ radius_server_get_new_session(struct radius_server_data *data,
RADIUS_DEBUG("Failed to create a new session");
return NULL;
}
+ sess->accept_attr = tmp.accept_attr;
} else {
RADIUS_DEBUG("User-Name not found from user database");
return NULL;
@@ -661,6 +668,19 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
return NULL;
}
+ if (code == RADIUS_CODE_ACCESS_ACCEPT) {
+ struct hostapd_radius_attr *attr;
+ for (attr = sess->accept_attr; attr; attr = attr->next) {
+ if (!radius_msg_add_attr(msg, attr->type,
+ wpabuf_head(attr->val),
+ wpabuf_len(attr->val))) {
+ wpa_printf(MSG_ERROR, "Could not add RADIUS attribute");
+ radius_msg_free(msg);
+ return NULL;
+ }
+ }
+ }
+
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
hdr->authenticator) < 0) {
@@ -1725,8 +1745,10 @@ static int radius_server_get_eap_user(void *ctx, const u8 *identity,
ret = data->get_eap_user(data->conf_ctx, identity, identity_len,
phase2, user);
- if (ret == 0 && user)
+ if (ret == 0 && user) {
+ sess->accept_attr = user->accept_attr;
sess->remediation = user->remediation;
+ }
return ret;
}