path: root/src/radius/radius_das.c
Commit message (Collapse)AuthorAgeFilesLines
* Add a require_message_authenticator configuration optionNick Lowe2016-08-071-3/+8
| | | | | | | This can be used to mandate the presence of the Message-Authenticator attribute on CoA/Disconnect-Request packets. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
* RADIUS DAS: Avoid compiler warning on abs()Jouni Malinen2015-07-071-1/+1
| | | | | | | The input parameter ended up being converted to long int instead of int, so use an explicit typecase to get rid of the compiler warning. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Support Acct-Multi-Session-Id as a session identifierJouni Malinen2015-01-161-0/+7
| | | | | | | This extends Disconnect-Request support for an additiona session identification attribute. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Check for single session match for Disconnect-RequestJouni Malinen2015-01-161-0/+6
| | | | | | | | | | | Previously, the first matching STA was picked. That is not really the design in RFC 5176, so extend this matching code to go through all specified session identification attributes and verify that all of them match. In addition, check for a possible case of multiple sessions matching. If such a case is detected, return with Disconnect-NAK and Error-Code 508 (multiple session selection not supported). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RADIUS DAS: Add support for NAS identification attributesJouni Malinen2014-02-201-0/+35
| | | | | | | This allows NAS-IP-Address, NAS-Identifier, and NAS-IPv6-Address to be included in the Disconnect-Request packets. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Declare wpa_debug_* variables in src/utils/wpa_debug.hJouni Malinen2013-12-311-3/+0
| | | | | | | | | These were somewhat more hidden to avoid direct use, but there are now numerous places where these are needed and more justification to make the extern int declarations available from wpa_debug.h. In addition, this avoids some warnings from sparse. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove a compiler warning from -O0 buildJouni Malinen2013-11-051-1/+2
| | | | | | | It looks like abs() result is signed and gcc warns about this when running a build with -O0 but not with -O2. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Convert perror/printf calls to wpa_printfJouni Malinen2013-11-021-3/+3
| | | | | | | This makes debug and error logging more consistent and allows them to be directed to a file more easily. Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Verify that Error-Code attribute is addedJouni Malinen2012-08-191-3/+11
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Support Chargeable-User-Identity with Disconnect-RequestJouni Malinen2012-06-171-0/+6
| | | | | | | Chargeable-User-Identity can now be used in Disconnect-Request to identify the station to be disconnected. Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Add Event-Timestamp attribute into ACK/NAK messagesJouni Malinen2012-06-171-3/+9
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Add support for Disconnect-RequestJouni Malinen2012-06-171-4/+62
| | | | | | | | Calling-Station-Id, Acct-Session-Id, and User-Name attributes in a Disconnect-Request message can now be used to indicate which station is to be disconnected. Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Check Disconnect-Request attributesJouni Malinen2012-06-171-7/+45
| | | | | | Reject Disconnect-Request if it includes unsupported attributes. Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Validate Event-TimestampJouni Malinen2012-06-171-2/+28
| | | | | | | | | | DAS will now validate Event-Timestamp value to be within an acceptable time window (300 seconds by default; can be set using radius_das_time_window parameter). In addition, Event-Timestamp can be required in Disconnect-Request and CoA-Request messages with radius_das_require_event_timestamp=1. Signed-hostap: Jouni Malinen <j@w1.fi>
* Add preliminary RADIUS dynamic authorization server (RFC 5176)Jouni Malinen2012-05-061-0/+222
This adds the basic DAS mechanism to enable hostapd to be configured to request dynamic authorization requests (Disconnect-Request and CoA-Request). This commit does not add actual processing of the requests, i.e., this will only receive and authenticate the requests and NAK them regardless of what operation is requested. Signed-hostap: Jouni Malinen <j@w1.fi>