RADIUS: Add WLAN-Reason-Code attribute to Access-Reject
Make the RADIUS server in hostapd add WLAN-Reason-Code attribute to all Access-Reject messages generated based on EAP-Failure from the EAP server. For now, the reason code value is set to 23 (IEEE 802.1X authentication failed). This can be extending in future commits to cover addition failure reasons. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
9ec824b9c1
commit
f75ed556c8
3 changed files with 13 additions and 0 deletions
|
@ -250,6 +250,8 @@ static const struct radius_attr_type radius_attrs[] =
|
||||||
{ RADIUS_ATTR_MOBILITY_DOMAIN_ID, "Mobility-Domain-Id",
|
{ RADIUS_ATTR_MOBILITY_DOMAIN_ID, "Mobility-Domain-Id",
|
||||||
RADIUS_ATTR_INT32 },
|
RADIUS_ATTR_INT32 },
|
||||||
{ RADIUS_ATTR_WLAN_HESSID, "WLAN-HESSID", RADIUS_ATTR_TEXT },
|
{ RADIUS_ATTR_WLAN_HESSID, "WLAN-HESSID", RADIUS_ATTR_TEXT },
|
||||||
|
{ RADIUS_ATTR_WLAN_REASON_CODE, "WLAN-Reason-Code",
|
||||||
|
RADIUS_ATTR_INT32 },
|
||||||
{ RADIUS_ATTR_WLAN_PAIRWISE_CIPHER, "WLAN-Pairwise-Cipher",
|
{ RADIUS_ATTR_WLAN_PAIRWISE_CIPHER, "WLAN-Pairwise-Cipher",
|
||||||
RADIUS_ATTR_HEXDUMP },
|
RADIUS_ATTR_HEXDUMP },
|
||||||
{ RADIUS_ATTR_WLAN_GROUP_CIPHER, "WLAN-Group-Cipher",
|
{ RADIUS_ATTR_WLAN_GROUP_CIPHER, "WLAN-Group-Cipher",
|
||||||
|
|
|
@ -104,6 +104,7 @@ enum { RADIUS_ATTR_USER_NAME = 1,
|
||||||
RADIUS_ATTR_REQUESTED_LOCATION_INFO = 132,
|
RADIUS_ATTR_REQUESTED_LOCATION_INFO = 132,
|
||||||
RADIUS_ATTR_MOBILITY_DOMAIN_ID = 177,
|
RADIUS_ATTR_MOBILITY_DOMAIN_ID = 177,
|
||||||
RADIUS_ATTR_WLAN_HESSID = 181,
|
RADIUS_ATTR_WLAN_HESSID = 181,
|
||||||
|
RADIUS_ATTR_WLAN_REASON_CODE = 185,
|
||||||
RADIUS_ATTR_WLAN_PAIRWISE_CIPHER = 186,
|
RADIUS_ATTR_WLAN_PAIRWISE_CIPHER = 186,
|
||||||
RADIUS_ATTR_WLAN_GROUP_CIPHER = 187,
|
RADIUS_ATTR_WLAN_GROUP_CIPHER = 187,
|
||||||
RADIUS_ATTR_WLAN_AKM_SUITE = 188,
|
RADIUS_ATTR_WLAN_AKM_SUITE = 188,
|
||||||
|
|
|
@ -728,6 +728,7 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
|
||||||
int code;
|
int code;
|
||||||
unsigned int sess_id;
|
unsigned int sess_id;
|
||||||
struct radius_hdr *hdr = radius_msg_get_hdr(request);
|
struct radius_hdr *hdr = radius_msg_get_hdr(request);
|
||||||
|
u16 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
|
||||||
|
|
||||||
if (sess->eap_if->eapFail) {
|
if (sess->eap_if->eapFail) {
|
||||||
sess->eap_if->eapFail = FALSE;
|
sess->eap_if->eapFail = FALSE;
|
||||||
|
@ -841,6 +842,15 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (code == RADIUS_CODE_ACCESS_REJECT) {
|
||||||
|
if (radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_REASON_CODE,
|
||||||
|
reason) < 0) {
|
||||||
|
RADIUS_DEBUG("Failed to add WLAN-Reason-Code attribute");
|
||||||
|
radius_msg_free(msg);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
|
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
|
||||||
client->shared_secret_len,
|
client->shared_secret_len,
|
||||||
hdr->authenticator) < 0) {
|
hdr->authenticator) < 0) {
|
||||||
|
|
Loading…
Reference in a new issue