Keep and use list of PSKs per station for RADIUS-based PSK

This adds support for multiple PSKs per station when using a RADIUS
authentication server to fetch the PSKs during MAC address
authentication step. This can be useful if multiple users share a
device but each user has his or her own private passphrase.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
Michael Braun 2012-11-25 17:49:25 +02:00 committed by Jouni Malinen
parent 2ad3e6c858
commit 5ee56c4e19
4 changed files with 26 additions and 11 deletions

View file

@ -570,13 +570,15 @@ static void handle_auth(struct hostapd_data *hapd,
HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
}
if (psk && hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
os_free(sta->psk);
sta->psk = os_malloc(PMK_LEN);
if (sta->psk)
os_memcpy(sta->psk, psk->psk, PMK_LEN);
while (sta->psk) {
struct hostapd_sta_wpa_psk_short *prev = sta->psk;
sta->psk = sta->psk->next;
os_free(prev);
}
if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
sta->psk = psk;
psk = NULL;
} else {
os_free(sta->psk);
sta->psk = NULL;
}

View file

@ -235,7 +235,11 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
wpabuf_free(sta->hs20_ie);
os_free(sta->ht_capabilities);
os_free(sta->psk);
while (sta->psk) {
struct hostapd_sta_wpa_psk_short *prev = sta->psk;
sta->psk = sta->psk->next;
os_free(prev);
}
os_free(sta->identity);
os_free(sta->radius_cui);

View file

@ -95,7 +95,8 @@ struct sta_info {
struct hostapd_ssid *ssid_probe; /* SSID selection based on ProbeReq */
int vlan_id;
u8 *psk; /* PSK from RADIUS authentication server */
/* PSKs from RADIUS authentication server */
struct hostapd_sta_wpa_psk_short *psk;
char *identity; /* User-Name from RADIUS */
char *radius_cui; /* Chargeable-User-Identity from RADIUS */

View file

@ -188,10 +188,18 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
/*
* This is about to iterate over all psks, prev_psk gives the last
* returned psk which should not be returned again.
* logic list (all hostapd_get_psk; sta->psk)
* logic list (all hostapd_get_psk; all sta->psk)
*/
if (sta && sta->psk && !psk && sta->psk != prev_psk)
psk = sta->psk;
if (sta && sta->psk && !psk) {
struct hostapd_sta_wpa_psk_short *pos;
psk = sta->psk->psk;
for (pos = sta->psk; pos; pos = pos->next) {
if (pos->psk == prev_psk) {
psk = pos->next ? pos->next->psk : NULL;
break;
}
}
}
return psk;
}