diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 9cc45e98a..8e6f35a5f 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2634,6 +2634,9 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->upc = os_strdup(pos); } else if (os_strcmp(buf, "pbc_in_m1") == 0) { bss->pbc_in_m1 = atoi(pos); + } else if (os_strcmp(buf, "server_id") == 0) { + os_free(bss->server_id); + bss->server_id = os_strdup(pos); #ifdef CONFIG_WPS_NFC } else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) { bss->wps_nfc_dev_pw_id = atoi(pos); diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index de10c4e89..68c406946 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -666,6 +666,11 @@ eap_server=0 # Passphrase for private key #private_key_passwd=secret passphrase +# Server identity +# EAP methods that provide mechanism for authenticated server identity delivery +# use this value. If not set, "hostapd" is used as a default. +#server_id=server.example.com + # Enable CRL verification. # Note: hostapd does not yet support CRL downloading based on CDP. Thus, a # valid CRL signed by the CA is required to be included in the ca_cert file. diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index c7748dabb..fbc1ee05a 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -532,6 +532,8 @@ static void hostapd_config_free_bss(struct hostapd_bss_config *conf) wpabuf_free(conf->vendor_elements); os_free(conf->sae_groups); + + os_free(conf->server_id); } diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 1124920ac..a744ba627 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -375,6 +375,7 @@ struct hostapd_bss_config { struct wpabuf *wps_nfc_dev_pw; #endif /* CONFIG_WPS */ int pbc_in_m1; + char *server_id; #define P2P_ENABLED BIT(0) #define P2P_GROUP_OWNER BIT(1) diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c index 597b8dd88..68ad4dc50 100644 --- a/src/ap/authsrv.c +++ b/src/ap/authsrv.c @@ -111,6 +111,7 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd) srv.eap_req_id_text = conf->eap_req_id_text; srv.eap_req_id_text_len = conf->eap_req_id_text_len; srv.pwd_group = conf->pwd_group; + srv.server_id = conf->server_id ? conf->server_id : "hostapd"; #ifdef CONFIG_RADIUS_TEST srv.dump_msk_file = conf->dump_msk_file; #endif /* CONFIG_RADIUS_TEST */ diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index d3dda145d..f75801777 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -1828,6 +1828,13 @@ int ieee802_1x_init(struct hostapd_data *hapd) conf.fragment_size = hapd->conf->fragment_size; conf.pwd_group = hapd->conf->pwd_group; conf.pbc_in_m1 = hapd->conf->pbc_in_m1; + if (hapd->conf->server_id) { + conf.server_id = (const u8 *) hapd->conf->server_id; + conf.server_id_len = os_strlen(hapd->conf->server_id); + } else { + conf.server_id = (const u8 *) "hostapd"; + conf.server_id_len = 7; + } os_memset(&cb, 0, sizeof(cb)); cb.eapol_send = ieee802_1x_eapol_send; diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h index f2a7cd752..36b230b48 100644 --- a/src/eap_server/eap.h +++ b/src/eap_server/eap.h @@ -104,6 +104,9 @@ struct eap_config { int fragment_size; int pbc_in_m1; + + const u8 *server_id; + size_t server_id_len; }; diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h index f92704a11..003e20205 100644 --- a/src/eap_server/eap_i.h +++ b/src/eap_server/eap_i.h @@ -188,6 +188,9 @@ struct eap_sm { int fragment_size; int pbc_in_m1; + + const u8 *server_id; + size_t server_id_len; }; int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len, diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c index 15f7e2284..54b7533d6 100644 --- a/src/eap_server/eap_server.c +++ b/src/eap_server/eap_server.c @@ -1278,6 +1278,8 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx, sm->fragment_size = conf->fragment_size; sm->pwd_group = conf->pwd_group; sm->pbc_in_m1 = conf->pbc_in_m1; + sm->server_id = conf->server_id; + sm->server_id_len = conf->server_id_len; wpa_printf(MSG_DEBUG, "EAP: Server state machine created"); diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c index c3ccb46bf..013d781a9 100644 --- a/src/eapol_auth/eapol_auth_sm.c +++ b/src/eapol_auth/eapol_auth_sm.c @@ -830,6 +830,8 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr, eap_conf.fragment_size = eapol->conf.fragment_size; eap_conf.pwd_group = eapol->conf.pwd_group; eap_conf.pbc_in_m1 = eapol->conf.pbc_in_m1; + eap_conf.server_id = eapol->conf.server_id; + eap_conf.server_id_len = eapol->conf.server_id_len; sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf); if (sm->eap == NULL) { eapol_auth_free(sm); @@ -1045,6 +1047,8 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst, os_free(dst->eap_req_id_text); dst->pwd_group = src->pwd_group; dst->pbc_in_m1 = src->pbc_in_m1; + dst->server_id = src->server_id; + dst->server_id_len = src->server_id_len; if (src->eap_req_id_text) { dst->eap_req_id_text = os_malloc(src->eap_req_id_text_len); if (dst->eap_req_id_text == NULL) diff --git a/src/eapol_auth/eapol_auth_sm.h b/src/eapol_auth/eapol_auth_sm.h index b50bbdd0f..3a0f45090 100644 --- a/src/eapol_auth/eapol_auth_sm.h +++ b/src/eapol_auth/eapol_auth_sm.h @@ -37,6 +37,8 @@ struct eapol_auth_config { int fragment_size; u16 pwd_group; int pbc_in_m1; + const u8 *server_id; + size_t server_id_len; /* Opaque context pointer to owner data for callback functions */ void *ctx; diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c index 5b2d71111..0144c9f87 100644 --- a/src/radius/radius_server.c +++ b/src/radius/radius_server.c @@ -222,6 +222,11 @@ struct radius_server_data { */ u16 pwd_group; + /** + * server_id - Server identity + */ + const char *server_id; + /** * wps - Wi-Fi Protected Setup context * @@ -511,6 +516,8 @@ radius_server_get_new_session(struct radius_server_data *data, eap_conf.tnc = data->tnc; eap_conf.wps = data->wps; eap_conf.pwd_group = data->pwd_group; + eap_conf.server_id = (const u8 *) data->server_id; + eap_conf.server_id_len = os_strlen(data->server_id); sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb, &eap_conf); if (sess->eap == NULL) { @@ -1280,6 +1287,7 @@ radius_server_init(struct radius_server_conf *conf) data->tnc = conf->tnc; data->wps = conf->wps; data->pwd_group = conf->pwd_group; + data->server_id = conf->server_id; if (conf->eap_req_id_text) { data->eap_req_id_text = os_malloc(conf->eap_req_id_text_len); if (data->eap_req_id_text) { diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h index 82466c302..284bd59d7 100644 --- a/src/radius/radius_server.h +++ b/src/radius/radius_server.h @@ -143,6 +143,11 @@ struct radius_server_conf { */ u16 pwd_group; + /** + * server_id - Server identity + */ + const char *server_id; + /** * wps - Wi-Fi Protected Setup context *