RADIUS server: Accept ERP keyName-NAI as user identity
Previously the EAP user database had to include a wildcard entry for ERP to work since the keyName-NAI as User-Name in Access-Request would not be recognized without such wildcard entry (that could point to any EAP method). This is not ideal, so add a separate check to allow any stored ERP keyName-NAI to be used for ERP without any requirement for the EAP user database to contain a matching entry. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
8f5b1c40bd
commit
3580ed8266
1 changed files with 31 additions and 8 deletions
|
@ -676,6 +676,23 @@ static void radius_server_testing_options(struct radius_session *sess,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CONFIG_ERP
|
||||||
|
static struct eap_server_erp_key *
|
||||||
|
radius_server_erp_find_key(struct radius_server_data *data, const char *keyname)
|
||||||
|
{
|
||||||
|
struct eap_server_erp_key *erp;
|
||||||
|
|
||||||
|
dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
|
||||||
|
list) {
|
||||||
|
if (os_strcmp(erp->keyname_nai, keyname) == 0)
|
||||||
|
return erp;
|
||||||
|
}
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_ERP */
|
||||||
|
|
||||||
|
|
||||||
static struct radius_session *
|
static struct radius_session *
|
||||||
radius_server_get_new_session(struct radius_server_data *data,
|
radius_server_get_new_session(struct radius_server_data *data,
|
||||||
struct radius_client *client,
|
struct radius_client *client,
|
||||||
|
@ -702,6 +719,19 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
|
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
|
||||||
|
#ifdef CONFIG_ERP
|
||||||
|
if (res != 0 && data->erp) {
|
||||||
|
char *username;
|
||||||
|
|
||||||
|
username = os_zalloc(user_len + 1);
|
||||||
|
if (username) {
|
||||||
|
os_memcpy(username, user, user_len);
|
||||||
|
if (radius_server_erp_find_key(data, username))
|
||||||
|
res = 0;
|
||||||
|
os_free(username);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_ERP */
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
RADIUS_DEBUG("User-Name not found from user database");
|
RADIUS_DEBUG("User-Name not found from user database");
|
||||||
eap_user_free(tmp);
|
eap_user_free(tmp);
|
||||||
|
@ -2706,15 +2736,8 @@ radius_server_erp_get_key(void *ctx, const char *keyname)
|
||||||
{
|
{
|
||||||
struct radius_session *sess = ctx;
|
struct radius_session *sess = ctx;
|
||||||
struct radius_server_data *data = sess->server;
|
struct radius_server_data *data = sess->server;
|
||||||
struct eap_server_erp_key *erp;
|
|
||||||
|
|
||||||
dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
|
return radius_server_erp_find_key(data, keyname);
|
||||||
list) {
|
|
||||||
if (os_strcmp(erp->keyname_nai, keyname) == 0)
|
|
||||||
return erp;
|
|
||||||
}
|
|
||||||
|
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue