aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-01-12 18:45:12 (GMT)
committerJouni Malinen <jouni@codeaurora.org>2018-01-12 18:45:12 (GMT)
commitf75ed556c8d7d41447b87045211e3a75fa00577f (patch)
tree6401a6a2d37b15c6bc1c283402dc2f0b3d378d13 /src/radius
parent9ec824b9c176476050881f105967ce95d1e76496 (diff)
downloadhostap-f75ed556c8d7d41447b87045211e3a75fa00577f.zip
hostap-f75ed556c8d7d41447b87045211e3a75fa00577f.tar.gz
hostap-f75ed556c8d7d41447b87045211e3a75fa00577f.tar.bz2
RADIUS: Add WLAN-Reason-Code attribute to Access-Reject
Make the RADIUS server in hostapd add WLAN-Reason-Code attribute to all Access-Reject messages generated based on EAP-Failure from the EAP server. For now, the reason code value is set to 23 (IEEE 802.1X authentication failed). This can be extending in future commits to cover addition failure reasons. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius.c2
-rw-r--r--src/radius/radius.h1
-rw-r--r--src/radius/radius_server.c10
3 files changed, 13 insertions, 0 deletions
diff --git a/src/radius/radius.c b/src/radius/radius.c
index fc98ad6..07240ea 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -250,6 +250,8 @@ static const struct radius_attr_type radius_attrs[] =
{ RADIUS_ATTR_MOBILITY_DOMAIN_ID, "Mobility-Domain-Id",
RADIUS_ATTR_INT32 },
{ RADIUS_ATTR_WLAN_HESSID, "WLAN-HESSID", RADIUS_ATTR_TEXT },
+ { RADIUS_ATTR_WLAN_REASON_CODE, "WLAN-Reason-Code",
+ RADIUS_ATTR_INT32 },
{ RADIUS_ATTR_WLAN_PAIRWISE_CIPHER, "WLAN-Pairwise-Cipher",
RADIUS_ATTR_HEXDUMP },
{ RADIUS_ATTR_WLAN_GROUP_CIPHER, "WLAN-Group-Cipher",
diff --git a/src/radius/radius.h b/src/radius/radius.h
index cd510d2..96551c6 100644
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -104,6 +104,7 @@ enum { RADIUS_ATTR_USER_NAME = 1,
RADIUS_ATTR_REQUESTED_LOCATION_INFO = 132,
RADIUS_ATTR_MOBILITY_DOMAIN_ID = 177,
RADIUS_ATTR_WLAN_HESSID = 181,
+ RADIUS_ATTR_WLAN_REASON_CODE = 185,
RADIUS_ATTR_WLAN_PAIRWISE_CIPHER = 186,
RADIUS_ATTR_WLAN_GROUP_CIPHER = 187,
RADIUS_ATTR_WLAN_AKM_SUITE = 188,
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index c76bb22..0a8f448 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -728,6 +728,7 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
int code;
unsigned int sess_id;
struct radius_hdr *hdr = radius_msg_get_hdr(request);
+ u16 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
if (sess->eap_if->eapFail) {
sess->eap_if->eapFail = FALSE;
@@ -841,6 +842,15 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
}
}
+ if (code == RADIUS_CODE_ACCESS_REJECT) {
+ if (radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_REASON_CODE,
+ reason) < 0) {
+ RADIUS_DEBUG("Failed to add WLAN-Reason-Code attribute");
+ radius_msg_free(msg);
+ return NULL;
+ }
+ }
+
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
hdr->authenticator) < 0) {