aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-01-24 04:33:19 (GMT)
committerJouni Malinen <j@w1.fi>2008-01-24 04:33:19 (GMT)
commitf5804ad4640e7c211671a3307b0007b5c5cc25e6 (patch)
tree44c05d8c5031a48490f202b3b829f9ec040302ba
parent3ca2efc2cf8ff78bb02303249f44b083216ae36c (diff)
downloadhostap-history-f5804ad4640e7c211671a3307b0007b5c5cc25e6.zip
hostap-history-f5804ad4640e7c211671a3307b0007b5c5cc25e6.tar.gz
hostap-history-f5804ad4640e7c211671a3307b0007b5c5cc25e6.tar.bz2
RADIUS server: Copy optional Proxy-State attribute(s) into response
RFC 2865 requires that these attributes are copied unmodified and in order into the response packet.
-rw-r--r--hostapd/ChangeLog2
-rw-r--r--src/radius/radius.c25
-rw-r--r--src/radius/radius.h1
-rw-r--r--src/radius/radius_server.c15
4 files changed, 28 insertions, 15 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 832ac7b..6241c60 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -13,6 +13,8 @@ ChangeLog for hostapd
wps_pbc are used to configuration WPS negotiation; see README-WPS for
more details
* updated FT support to use the latest draft, IEEE 802.11r/D9.0
+ * copy optional Proxy-State attributes into RADIUS response when acting
+ as a RADIUS authentication server
2008-01-01 - v0.6.2
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 28183b4..cc0d6eb 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1,6 +1,6 @@
/*
* hostapd / RADIUS message processing
- * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -142,6 +142,7 @@ static struct radius_attr_type radius_attrs[] =
{ RADIUS_ATTR_CALLING_STATION_ID, "Calling-Station-Id",
RADIUS_ATTR_TEXT },
{ RADIUS_ATTR_NAS_IDENTIFIER, "NAS-Identifier", RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_PROXY_STATE, "Proxy-State", RADIUS_ATTR_UNDIST },
{ RADIUS_ATTR_ACCT_STATUS_TYPE, "Acct-Status-Type",
RADIUS_ATTR_INT32 },
{ RADIUS_ATTR_ACCT_DELAY_TIME, "Acct-Delay-Time", RADIUS_ATTR_INT32 },
@@ -667,25 +668,21 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
u8 type)
{
- struct radius_attr_hdr *attr = NULL, *tmp;
+ struct radius_attr_hdr *attr;
size_t i;
+ int count = 0;
for (i = 0; i < src->attr_used; i++) {
- tmp = radius_get_attr_hdr(src, i);
- if (tmp->type == type) {
- attr = tmp;
- break;
+ attr = radius_get_attr_hdr(src, i);
+ if (attr->type == type) {
+ if (!radius_msg_add_attr(dst, type, (u8 *) (attr + 1),
+ attr->length - sizeof(*attr)))
+ return -1;
+ count++;
}
}
- if (attr == NULL)
- return 0;
-
- if (!radius_msg_add_attr(dst, type, (u8 *) (attr + 1),
- attr->length - sizeof(*attr)))
- return -1;
-
- return 1;
+ return count;
}
diff --git a/src/radius/radius.h b/src/radius/radius.h
index 03f3407..61ec459 100644
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -63,6 +63,7 @@ enum { RADIUS_ATTR_USER_NAME = 1,
RADIUS_ATTR_CALLED_STATION_ID = 30,
RADIUS_ATTR_CALLING_STATION_ID = 31,
RADIUS_ATTR_NAS_IDENTIFIER = 32,
+ RADIUS_ATTR_PROXY_STATE = 33,
RADIUS_ATTR_ACCT_STATUS_TYPE = 40,
RADIUS_ATTR_ACCT_DELAY_TIME = 41,
RADIUS_ATTR_ACCT_INPUT_OCTETS = 42,
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 6cbf58d..0341615 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -1,6 +1,6 @@
/*
* hostapd / RADIUS authentication server
- * Copyright (c) 2005-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -388,6 +388,13 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
}
}
+ if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
+ RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
+ radius_msg_free(msg);
+ os_free(msg);
+ return NULL;
+ }
+
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
request->hdr->authenticator) < 0) {
@@ -426,6 +433,12 @@ static int radius_server_reject(struct radius_server_data *data,
RADIUS_DEBUG("Failed to add EAP-Message attribute");
}
+ if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
+ RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
+ radius_msg_free(msg);
+ os_free(msg);
+ return -1;
+ }
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,