jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add a per-PSK vlan_description

Browse source 
Signed-off-by: Tom Barthe <jeltz+hostap@auro.re>
This commit is contained in:
jeltz 2021-11-13 00:05:59 +01:00
parent b82877d603
commit c34c234aec
Signed by: jeltz
GPG key ID: 800882B66C0C3326
2 changed files with 34 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/ap/ap_config.h
View file

@ -152,6 +152,7 @@ struct hostapd_sta_wpa_psk_short {
u8 psk[PMK_LEN]; u8 psk[PMK_LEN];
char passphrase[MAX_PASSPHRASE_LEN + 1]; char passphrase[MAX_PASSPHRASE_LEN + 1];
int ref; /* (number of references held) - 1 */ int ref; /* (number of references held) - 1 */
struct vlan_description vlan;
u8 tag; u8 tag;
}; };

38
src/ap/ieee802_11_auth.c
View file

@ -457,6 +457,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
struct hostapd_cached_radius_acl *cache; struct hostapd_cached_radius_acl *cache;
struct radius_sta *info; struct radius_sta *info;
struct radius_hdr *hdr = radius_msg_get_hdr(msg); struct radius_hdr *hdr = radius_msg_get_hdr(msg);
struct hostapd_sta_wpa_psk_short *psk;
int vlan_psk_empty = 1;
query = hapd->acl_queries; query = hapd->acl_queries;
prev = NULL; prev = NULL;
@ -515,13 +517,25 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
info->acct_interim_interval = 0; info->acct_interim_interval = 0;
} }
if (hapd->conf->ssid.dynamic_vlan != DYNAMIC_VLAN_DISABLED) decode_tunnel_passwords(hapd, shared_secret, shared_secret_len,
msg, req, cache);
if (hapd->conf->ssid.dynamic_vlan != DYNAMIC_VLAN_DISABLED) {
/*
* Fill in the "default" VLAN (in case there is no
* tagged Tunnel* attribute associated with the PSK)
*/
info->vlan_id.notempty = !!radius_msg_get_vlanid( info->vlan_id.notempty = !!radius_msg_get_vlanid(
msg, &info->vlan_id.untagged, msg, &info->vlan_id.untagged,
MAX_NUM_TAGGED_VLAN, info->vlan_id.tagged, 0); MAX_NUM_TAGGED_VLAN, info->vlan_id.tagged, 0);
/* Fill in per-PSK VLAN descriptions */
decode_tunnel_passwords(hapd, shared_secret, shared_secret_len, for (psk = info->psk; psk; psk = psk->next) {
msg, req, cache); psk->vlan.notempty = !!radius_msg_get_vlanid(
msg, &psk->vlan.untagged,
MAX_NUM_TAGGED_VLAN, psk->vlan.tagged,
psk->tag);
}
}
if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_USER_NAME, if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_USER_NAME,
&buf, &len, NULL) == 0) { &buf, &len, NULL) == 0) {
@ -551,9 +565,23 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
info->vlan_id.tagged[0] ? "+" : ""); info->vlan_id.tagged[0] ? "+" : "");
os_memset(&info->vlan_id, 0, sizeof(info->vlan_id)); os_memset(&info->vlan_id, 0, sizeof(info->vlan_id));
} }
for (psk = info->psk; psk; psk = psk->next) {
if (psk->vlan.notempty &&
!hostapd_vlan_valid(hapd->conf->vlan, &psk->vlan)) {
hostapd_logger(hapd, query->addr,
HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,
"Invalid VLAN %d%s received from RADIUS server",
psk->vlan.untagged,
psk->vlan.tagged[0] ? "+" : "");
os_memset(&psk->vlan, 0, sizeof(psk->vlan));
}
vlan_psk_empty &= !psk->vlan.notempty;
}
if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED && if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED &&
!info->vlan_id.notempty) !info->vlan_id.notempty && vlan_psk_empty) {
cache->accepted = HOSTAPD_ACL_REJECT; cache->accepted = HOSTAPD_ACL_REJECT;
}
} else } else
cache->accepted = HOSTAPD_ACL_REJECT; cache->accepted = HOSTAPD_ACL_REJECT;
cache->next = hapd->acl_cache; cache->next = hapd->acl_cache;