aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-07-09 13:56:02 (GMT)
committerJouni Malinen <j@w1.fi>2019-07-09 13:56:02 (GMT)
commit0ed57c5ea8cf1ec32698b1a876bb014ebfc1136f (patch)
tree9af821327604e40c3a6d8fa07140344e74491552 /src/radius
parent7c6f1c5e4a24d0e7e0bd71222df56d7e2a7149fa (diff)
downloadhostap-0ed57c5ea8cf1ec32698b1a876bb014ebfc1136f.zip
hostap-0ed57c5ea8cf1ec32698b1a876bb014ebfc1136f.tar.gz
hostap-0ed57c5ea8cf1ec32698b1a876bb014ebfc1136f.tar.bz2
EAP-TEAP server and peer implementation (RFC 7170)
This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible Authentication Protocol). This should be considered experimental since RFC 7170 has number of conflicting statements and missing details to allow unambiguous interpretation. As such, there may be interoperability issues with other implementations and this version should not be deployed for production purposes until those unclear areas are resolved. This does not yet support use of NewSessionTicket message to deliver a new PAC (either in the server or peer implementation). In other words, only the in-tunnel distribution of PAC-Opaque is supported for now. Use of the NewSessionTicket mechanism would require TLS library support to allow arbitrary data to be specified as the contents of the message. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius_server.c7
-rw-r--r--src/radius/radius_server.h3
2 files changed, 10 insertions, 0 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index e0c0d82..1b605c7 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -238,6 +238,9 @@ struct radius_server_data {
*/
int pac_key_refresh_time;
+ int eap_teap_auth;
+ int eap_teap_pac_no_inner;
+
/**
* eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication
*
@@ -792,6 +795,8 @@ radius_server_get_new_session(struct radius_server_data *data,
eap_conf.eap_fast_prov = data->eap_fast_prov;
eap_conf.pac_key_lifetime = data->pac_key_lifetime;
eap_conf.pac_key_refresh_time = data->pac_key_refresh_time;
+ eap_conf.eap_teap_auth = data->eap_teap_auth;
+ eap_conf.eap_teap_pac_no_inner = data->eap_teap_pac_no_inner;
eap_conf.eap_sim_aka_result_ind = data->eap_sim_aka_result_ind;
eap_conf.tnc = data->tnc;
eap_conf.wps = data->wps;
@@ -2384,6 +2389,8 @@ radius_server_init(struct radius_server_conf *conf)
data->eap_fast_prov = conf->eap_fast_prov;
data->pac_key_lifetime = conf->pac_key_lifetime;
data->pac_key_refresh_time = conf->pac_key_refresh_time;
+ data->eap_teap_auth = conf->eap_teap_auth;
+ data->eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
data->get_eap_user = conf->get_eap_user;
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
data->tnc = conf->tnc;
diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h
index 53728f9..88c22db 100644
--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@@ -128,6 +128,9 @@ struct radius_server_conf {
*/
int pac_key_refresh_time;
+ int eap_teap_auth;
+ int eap_teap_pac_no_inner;
+
/**
* eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication
*