path: root/src/radius/radius_das.h
Commit message (Collapse)AuthorAgeFilesLines
* Add a require_message_authenticator configuration optionNick Lowe2016-08-071-0/+1
| | | | | | | This can be used to mandate the presence of the Message-Authenticator attribute on CoA/Disconnect-Request packets. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
* RADIUS DAS: Support Acct-Multi-Session-Id as a session identifierJouni Malinen2015-01-161-0/+2
| | | | | | | This extends Disconnect-Request support for an additiona session identification attribute. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Check for single session match for Disconnect-RequestJouni Malinen2015-01-161-1/+2
| | | | | | | | | | | Previously, the first matching STA was picked. That is not really the design in RFC 5176, so extend this matching code to go through all specified session identification attributes and verify that all of them match. In addition, check for a possible case of multiple sessions matching. If such a case is detected, return with Disconnect-NAK and Error-Code 508 (multiple session selection not supported). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RADIUS DAS: Add support for NAS identification attributesJouni Malinen2014-02-201-0/+7
| | | | | | | This allows NAS-IP-Address, NAS-Identifier, and NAS-IPv6-Address to be included in the Disconnect-Request packets. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RADIUS DAS: Support Chargeable-User-Identity with Disconnect-RequestJouni Malinen2012-06-171-0/+2
| | | | | | | Chargeable-User-Identity can now be used in Disconnect-Request to identify the station to be disconnected. Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Add support for Disconnect-RequestJouni Malinen2012-06-171-0/+17
| | | | | | | | Calling-Station-Id, Acct-Session-Id, and User-Name attributes in a Disconnect-Request message can now be used to indicate which station is to be disconnected. Signed-hostap: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Validate Event-TimestampJouni Malinen2012-06-171-0/+2
| | | | | | | | | | DAS will now validate Event-Timestamp value to be within an acceptable time window (300 seconds by default; can be set using radius_das_time_window parameter). In addition, Event-Timestamp can be required in Disconnect-Request and CoA-Request messages with radius_das_require_event_timestamp=1. Signed-hostap: Jouni Malinen <j@w1.fi>
* Add preliminary RADIUS dynamic authorization server (RFC 5176)Jouni Malinen2012-05-061-0/+26
This adds the basic DAS mechanism to enable hostapd to be configured to request dynamic authorization requests (Disconnect-Request and CoA-Request). This commit does not add actual processing of the requests, i.e., this will only receive and authenticate the requests and NAK them regardless of what operation is requested. Signed-hostap: Jouni Malinen <j@w1.fi>