RADIUS server: Allow EAP methods to log into SQLite DB
This extends RADIUS server logging capabilities to allow EAP server methods to add log entries. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
8a57da7e28
commit
01f7fe10ef
8 changed files with 68 additions and 1 deletions
|
@ -81,6 +81,7 @@ struct eapol_callbacks {
|
||||||
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
|
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
|
||||||
int phase2, struct eap_user *user);
|
int phase2, struct eap_user *user);
|
||||||
const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
|
const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
|
||||||
|
void (*log_msg)(void *ctx, const char *msg);
|
||||||
};
|
};
|
||||||
|
|
||||||
struct eap_config {
|
struct eap_config {
|
||||||
|
|
|
@ -195,6 +195,8 @@ struct eap_sm {
|
||||||
|
|
||||||
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
|
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
|
||||||
int phase2);
|
int phase2);
|
||||||
|
void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
|
||||||
|
PRINTF_FORMAT(2, 3);
|
||||||
void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
|
void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
|
||||||
|
|
||||||
#endif /* EAP_I_H */
|
#endif /* EAP_I_H */
|
||||||
|
|
|
@ -119,6 +119,32 @@ int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
|
||||||
|
{
|
||||||
|
va_list ap;
|
||||||
|
char *buf;
|
||||||
|
int buflen;
|
||||||
|
|
||||||
|
if (sm == NULL || sm->eapol_cb == NULL || sm->eapol_cb->log_msg == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
va_start(ap, fmt);
|
||||||
|
buflen = vsnprintf(NULL, 0, fmt, ap) + 1;
|
||||||
|
va_end(ap);
|
||||||
|
|
||||||
|
buf = os_malloc(buflen);
|
||||||
|
if (buf == NULL)
|
||||||
|
return;
|
||||||
|
va_start(ap, fmt);
|
||||||
|
vsnprintf(buf, buflen, fmt, ap);
|
||||||
|
va_end(ap);
|
||||||
|
|
||||||
|
sm->eapol_cb->log_msg(sm->eapol_ctx, buf);
|
||||||
|
|
||||||
|
os_free(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
SM_STATE(EAP, DISABLED)
|
SM_STATE(EAP, DISABLED)
|
||||||
{
|
{
|
||||||
SM_ENTRY(EAP, DISABLED);
|
SM_ENTRY(EAP, DISABLED);
|
||||||
|
@ -366,6 +392,7 @@ try_another_method:
|
||||||
}
|
}
|
||||||
if (sm->m == NULL) {
|
if (sm->m == NULL) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method");
|
wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method");
|
||||||
|
eap_log_msg(sm, "Could not find suitable EAP method");
|
||||||
sm->decision = DECISION_FAILURE;
|
sm->decision = DECISION_FAILURE;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -377,6 +404,8 @@ try_another_method:
|
||||||
|
|
||||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
|
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
|
||||||
"vendor=%u method=%u", vendor, sm->currentMethod);
|
"vendor=%u method=%u", vendor, sm->currentMethod);
|
||||||
|
eap_log_msg(sm, "Propose EAP method vendor=%u method=%u",
|
||||||
|
vendor, sm->currentMethod);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -693,6 +722,7 @@ SM_STEP(EAP)
|
||||||
"respMethod=%d currentMethod=%d",
|
"respMethod=%d currentMethod=%d",
|
||||||
sm->rxResp, sm->respId, sm->currentId,
|
sm->rxResp, sm->respId, sm->currentId,
|
||||||
sm->respMethod, sm->currentMethod);
|
sm->respMethod, sm->currentMethod);
|
||||||
|
eap_log_msg(sm, "Discard received EAP message");
|
||||||
SM_ENTER(EAP, DISCARD);
|
SM_ENTER(EAP, DISCARD);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -102,6 +102,7 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
|
||||||
struct eap_identity_data *data = priv;
|
struct eap_identity_data *data = priv;
|
||||||
const u8 *pos;
|
const u8 *pos;
|
||||||
size_t len;
|
size_t len;
|
||||||
|
char *buf;
|
||||||
|
|
||||||
if (data->pick_up) {
|
if (data->pick_up) {
|
||||||
if (eap_identity_check(sm, data, respData)) {
|
if (eap_identity_check(sm, data, respData)) {
|
||||||
|
@ -119,6 +120,12 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
|
||||||
return; /* Should not happen - frame already validated */
|
return; /* Should not happen - frame already validated */
|
||||||
|
|
||||||
wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
|
wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
|
||||||
|
buf = os_malloc(len * 3 + 1);
|
||||||
|
if (buf) {
|
||||||
|
printf_encode(buf, len * 3 + 1, pos, len);
|
||||||
|
eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
|
||||||
|
os_free(buf);
|
||||||
|
}
|
||||||
if (sm->identity)
|
if (sm->identity)
|
||||||
sm->update_user = TRUE;
|
sm->update_user = TRUE;
|
||||||
os_free(sm->identity);
|
os_free(sm->identity);
|
||||||
|
|
|
@ -290,6 +290,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
|
||||||
const u8 *username, *user;
|
const u8 *username, *user;
|
||||||
size_t username_len, user_len;
|
size_t username_len, user_len;
|
||||||
int res;
|
int res;
|
||||||
|
char *buf;
|
||||||
|
|
||||||
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
|
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
|
||||||
&len);
|
&len);
|
||||||
|
@ -329,6 +330,13 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
|
||||||
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
|
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
|
||||||
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
|
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
|
||||||
|
|
||||||
|
buf = os_malloc(name_len * 3 + 1);
|
||||||
|
if (buf) {
|
||||||
|
printf_encode(buf, name_len * 3 + 1, name, name_len);
|
||||||
|
eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
|
||||||
|
os_free(buf);
|
||||||
|
}
|
||||||
|
|
||||||
/* MSCHAPv2 does not include optional domain name in the
|
/* MSCHAPv2 does not include optional domain name in the
|
||||||
* challenge-response calculation, so remove domain prefix
|
* challenge-response calculation, so remove domain prefix
|
||||||
* (if present). */
|
* (if present). */
|
||||||
|
|
|
@ -984,6 +984,16 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (parse.user_name) {
|
if (parse.user_name) {
|
||||||
|
char *nbuf;
|
||||||
|
nbuf = os_malloc(parse.user_name_len * 3 + 1);
|
||||||
|
if (nbuf) {
|
||||||
|
printf_encode(nbuf, parse.user_name_len * 3 + 1,
|
||||||
|
parse.user_name,
|
||||||
|
parse.user_name_len);
|
||||||
|
eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
|
||||||
|
os_free(nbuf);
|
||||||
|
}
|
||||||
|
|
||||||
os_free(sm->identity);
|
os_free(sm->identity);
|
||||||
sm->identity = os_malloc(parse.user_name_len);
|
sm->identity = os_malloc(parse.user_name_len);
|
||||||
if (sm->identity == NULL) {
|
if (sm->identity == NULL) {
|
||||||
|
|
|
@ -1023,7 +1023,8 @@ static const char * eapol_sm_get_eap_req_id_text(void *ctx, size_t *len)
|
||||||
static struct eapol_callbacks eapol_cb =
|
static struct eapol_callbacks eapol_cb =
|
||||||
{
|
{
|
||||||
eapol_sm_get_eap_user,
|
eapol_sm_get_eap_user,
|
||||||
eapol_sm_get_eap_req_id_text
|
eapol_sm_get_eap_req_id_text,
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1851,10 +1851,18 @@ static const char * radius_server_get_eap_req_id_text(void *ctx, size_t *len)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void radius_server_log_msg(void *ctx, const char *msg)
|
||||||
|
{
|
||||||
|
struct radius_session *sess = ctx;
|
||||||
|
srv_log(sess, "EAP: %s", msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static struct eapol_callbacks radius_server_eapol_cb =
|
static struct eapol_callbacks radius_server_eapol_cb =
|
||||||
{
|
{
|
||||||
.get_eap_user = radius_server_get_eap_user,
|
.get_eap_user = radius_server_get_eap_user,
|
||||||
.get_eap_req_id_text = radius_server_get_eap_req_id_text,
|
.get_eap_req_id_text = radius_server_get_eap_req_id_text,
|
||||||
|
.log_msg = radius_server_log_msg,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue