Add server identity configuration for EAP server
The new server_id parameter in hostapd.conf can now be used to specify which identity is delivered to the EAP peer with EAP methods that support authenticated server identity. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
06aeff5f8f
commit
67fe933d40
13 changed files with 46 additions and 0 deletions
|
@ -2634,6 +2634,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||||
bss->upc = os_strdup(pos);
|
bss->upc = os_strdup(pos);
|
||||||
} else if (os_strcmp(buf, "pbc_in_m1") == 0) {
|
} else if (os_strcmp(buf, "pbc_in_m1") == 0) {
|
||||||
bss->pbc_in_m1 = atoi(pos);
|
bss->pbc_in_m1 = atoi(pos);
|
||||||
|
} else if (os_strcmp(buf, "server_id") == 0) {
|
||||||
|
os_free(bss->server_id);
|
||||||
|
bss->server_id = os_strdup(pos);
|
||||||
#ifdef CONFIG_WPS_NFC
|
#ifdef CONFIG_WPS_NFC
|
||||||
} else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
|
} else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
|
||||||
bss->wps_nfc_dev_pw_id = atoi(pos);
|
bss->wps_nfc_dev_pw_id = atoi(pos);
|
||||||
|
|
|
@ -666,6 +666,11 @@ eap_server=0
|
||||||
# Passphrase for private key
|
# Passphrase for private key
|
||||||
#private_key_passwd=secret passphrase
|
#private_key_passwd=secret passphrase
|
||||||
|
|
||||||
|
# Server identity
|
||||||
|
# EAP methods that provide mechanism for authenticated server identity delivery
|
||||||
|
# use this value. If not set, "hostapd" is used as a default.
|
||||||
|
#server_id=server.example.com
|
||||||
|
|
||||||
# Enable CRL verification.
|
# Enable CRL verification.
|
||||||
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
|
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
|
||||||
# valid CRL signed by the CA is required to be included in the ca_cert file.
|
# valid CRL signed by the CA is required to be included in the ca_cert file.
|
||||||
|
|
|
@ -532,6 +532,8 @@ static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
|
||||||
wpabuf_free(conf->vendor_elements);
|
wpabuf_free(conf->vendor_elements);
|
||||||
|
|
||||||
os_free(conf->sae_groups);
|
os_free(conf->sae_groups);
|
||||||
|
|
||||||
|
os_free(conf->server_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -375,6 +375,7 @@ struct hostapd_bss_config {
|
||||||
struct wpabuf *wps_nfc_dev_pw;
|
struct wpabuf *wps_nfc_dev_pw;
|
||||||
#endif /* CONFIG_WPS */
|
#endif /* CONFIG_WPS */
|
||||||
int pbc_in_m1;
|
int pbc_in_m1;
|
||||||
|
char *server_id;
|
||||||
|
|
||||||
#define P2P_ENABLED BIT(0)
|
#define P2P_ENABLED BIT(0)
|
||||||
#define P2P_GROUP_OWNER BIT(1)
|
#define P2P_GROUP_OWNER BIT(1)
|
||||||
|
|
|
@ -111,6 +111,7 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
|
||||||
srv.eap_req_id_text = conf->eap_req_id_text;
|
srv.eap_req_id_text = conf->eap_req_id_text;
|
||||||
srv.eap_req_id_text_len = conf->eap_req_id_text_len;
|
srv.eap_req_id_text_len = conf->eap_req_id_text_len;
|
||||||
srv.pwd_group = conf->pwd_group;
|
srv.pwd_group = conf->pwd_group;
|
||||||
|
srv.server_id = conf->server_id ? conf->server_id : "hostapd";
|
||||||
#ifdef CONFIG_RADIUS_TEST
|
#ifdef CONFIG_RADIUS_TEST
|
||||||
srv.dump_msk_file = conf->dump_msk_file;
|
srv.dump_msk_file = conf->dump_msk_file;
|
||||||
#endif /* CONFIG_RADIUS_TEST */
|
#endif /* CONFIG_RADIUS_TEST */
|
||||||
|
|
|
@ -1828,6 +1828,13 @@ int ieee802_1x_init(struct hostapd_data *hapd)
|
||||||
conf.fragment_size = hapd->conf->fragment_size;
|
conf.fragment_size = hapd->conf->fragment_size;
|
||||||
conf.pwd_group = hapd->conf->pwd_group;
|
conf.pwd_group = hapd->conf->pwd_group;
|
||||||
conf.pbc_in_m1 = hapd->conf->pbc_in_m1;
|
conf.pbc_in_m1 = hapd->conf->pbc_in_m1;
|
||||||
|
if (hapd->conf->server_id) {
|
||||||
|
conf.server_id = (const u8 *) hapd->conf->server_id;
|
||||||
|
conf.server_id_len = os_strlen(hapd->conf->server_id);
|
||||||
|
} else {
|
||||||
|
conf.server_id = (const u8 *) "hostapd";
|
||||||
|
conf.server_id_len = 7;
|
||||||
|
}
|
||||||
|
|
||||||
os_memset(&cb, 0, sizeof(cb));
|
os_memset(&cb, 0, sizeof(cb));
|
||||||
cb.eapol_send = ieee802_1x_eapol_send;
|
cb.eapol_send = ieee802_1x_eapol_send;
|
||||||
|
|
|
@ -104,6 +104,9 @@ struct eap_config {
|
||||||
int fragment_size;
|
int fragment_size;
|
||||||
|
|
||||||
int pbc_in_m1;
|
int pbc_in_m1;
|
||||||
|
|
||||||
|
const u8 *server_id;
|
||||||
|
size_t server_id_len;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -188,6 +188,9 @@ struct eap_sm {
|
||||||
int fragment_size;
|
int fragment_size;
|
||||||
|
|
||||||
int pbc_in_m1;
|
int pbc_in_m1;
|
||||||
|
|
||||||
|
const u8 *server_id;
|
||||||
|
size_t server_id_len;
|
||||||
};
|
};
|
||||||
|
|
||||||
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
|
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
|
||||||
|
|
|
@ -1278,6 +1278,8 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx,
|
||||||
sm->fragment_size = conf->fragment_size;
|
sm->fragment_size = conf->fragment_size;
|
||||||
sm->pwd_group = conf->pwd_group;
|
sm->pwd_group = conf->pwd_group;
|
||||||
sm->pbc_in_m1 = conf->pbc_in_m1;
|
sm->pbc_in_m1 = conf->pbc_in_m1;
|
||||||
|
sm->server_id = conf->server_id;
|
||||||
|
sm->server_id_len = conf->server_id_len;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
|
wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
|
||||||
|
|
||||||
|
|
|
@ -830,6 +830,8 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
|
||||||
eap_conf.fragment_size = eapol->conf.fragment_size;
|
eap_conf.fragment_size = eapol->conf.fragment_size;
|
||||||
eap_conf.pwd_group = eapol->conf.pwd_group;
|
eap_conf.pwd_group = eapol->conf.pwd_group;
|
||||||
eap_conf.pbc_in_m1 = eapol->conf.pbc_in_m1;
|
eap_conf.pbc_in_m1 = eapol->conf.pbc_in_m1;
|
||||||
|
eap_conf.server_id = eapol->conf.server_id;
|
||||||
|
eap_conf.server_id_len = eapol->conf.server_id_len;
|
||||||
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
|
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
|
||||||
if (sm->eap == NULL) {
|
if (sm->eap == NULL) {
|
||||||
eapol_auth_free(sm);
|
eapol_auth_free(sm);
|
||||||
|
@ -1045,6 +1047,8 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
|
||||||
os_free(dst->eap_req_id_text);
|
os_free(dst->eap_req_id_text);
|
||||||
dst->pwd_group = src->pwd_group;
|
dst->pwd_group = src->pwd_group;
|
||||||
dst->pbc_in_m1 = src->pbc_in_m1;
|
dst->pbc_in_m1 = src->pbc_in_m1;
|
||||||
|
dst->server_id = src->server_id;
|
||||||
|
dst->server_id_len = src->server_id_len;
|
||||||
if (src->eap_req_id_text) {
|
if (src->eap_req_id_text) {
|
||||||
dst->eap_req_id_text = os_malloc(src->eap_req_id_text_len);
|
dst->eap_req_id_text = os_malloc(src->eap_req_id_text_len);
|
||||||
if (dst->eap_req_id_text == NULL)
|
if (dst->eap_req_id_text == NULL)
|
||||||
|
|
|
@ -37,6 +37,8 @@ struct eapol_auth_config {
|
||||||
int fragment_size;
|
int fragment_size;
|
||||||
u16 pwd_group;
|
u16 pwd_group;
|
||||||
int pbc_in_m1;
|
int pbc_in_m1;
|
||||||
|
const u8 *server_id;
|
||||||
|
size_t server_id_len;
|
||||||
|
|
||||||
/* Opaque context pointer to owner data for callback functions */
|
/* Opaque context pointer to owner data for callback functions */
|
||||||
void *ctx;
|
void *ctx;
|
||||||
|
|
|
@ -222,6 +222,11 @@ struct radius_server_data {
|
||||||
*/
|
*/
|
||||||
u16 pwd_group;
|
u16 pwd_group;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* server_id - Server identity
|
||||||
|
*/
|
||||||
|
const char *server_id;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* wps - Wi-Fi Protected Setup context
|
* wps - Wi-Fi Protected Setup context
|
||||||
*
|
*
|
||||||
|
@ -511,6 +516,8 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||||
eap_conf.tnc = data->tnc;
|
eap_conf.tnc = data->tnc;
|
||||||
eap_conf.wps = data->wps;
|
eap_conf.wps = data->wps;
|
||||||
eap_conf.pwd_group = data->pwd_group;
|
eap_conf.pwd_group = data->pwd_group;
|
||||||
|
eap_conf.server_id = (const u8 *) data->server_id;
|
||||||
|
eap_conf.server_id_len = os_strlen(data->server_id);
|
||||||
sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
|
sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
|
||||||
&eap_conf);
|
&eap_conf);
|
||||||
if (sess->eap == NULL) {
|
if (sess->eap == NULL) {
|
||||||
|
@ -1280,6 +1287,7 @@ radius_server_init(struct radius_server_conf *conf)
|
||||||
data->tnc = conf->tnc;
|
data->tnc = conf->tnc;
|
||||||
data->wps = conf->wps;
|
data->wps = conf->wps;
|
||||||
data->pwd_group = conf->pwd_group;
|
data->pwd_group = conf->pwd_group;
|
||||||
|
data->server_id = conf->server_id;
|
||||||
if (conf->eap_req_id_text) {
|
if (conf->eap_req_id_text) {
|
||||||
data->eap_req_id_text = os_malloc(conf->eap_req_id_text_len);
|
data->eap_req_id_text = os_malloc(conf->eap_req_id_text_len);
|
||||||
if (data->eap_req_id_text) {
|
if (data->eap_req_id_text) {
|
||||||
|
|
|
@ -143,6 +143,11 @@ struct radius_server_conf {
|
||||||
*/
|
*/
|
||||||
u16 pwd_group;
|
u16 pwd_group;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* server_id - Server identity
|
||||||
|
*/
|
||||||
|
const char *server_id;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* wps - Wi-Fi Protected Setup context
|
* wps - Wi-Fi Protected Setup context
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in a new issue