Retrieve and use a per-PSK vlan_description

Signed-off-by: Tom Barthe <jeltz+hostap@auro.re>

src/ap/ieee802_11.c

@@ -2321,25 +2321,11 @@ ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
 {
 	u32 session_timeout = info->session_timeout;
 	u32 acct_interim_interval = info->acct_interim_interval;
-	struct vlan_description *vlan_id = &info->vlan_id;
 	struct hostapd_sta_wpa_psk_short *psk = info->psk;
 	char *identity = info->identity;
 	char *radius_cui = info->radius_cui;
 
-	if (vlan_id->notempty &&
-	    !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
-		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
-			       HOSTAPD_LEVEL_INFO,
-			       "Invalid VLAN %d%s received from RADIUS server",
-			       vlan_id->untagged,
-			       vlan_id->tagged[0] ? "+" : "");
-		return -1;
-	}
-	if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
-		return -1;
-	if (sta->vlan_id)
-		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
-			       HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
+	sta->default_radius_vlan = info->vlan_id;
 
 	hostapd_free_psk_list(sta->psk);
 	if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED)

src/ap/sta_info.h

@@ -200,8 +200,9 @@ struct sta_info {
 	int vlan_id; /* 0: none, >0: VID */
 	struct vlan_description *vlan_desc;
 	int vlan_id_bound; /* updated by ap_sta_bind_vlan() */
-	 /* PSKs from RADIUS authentication server */
+	/* PSKs from RADIUS authentication server */
 	struct hostapd_sta_wpa_psk_short *psk;
+	struct vlan_description default_radius_vlan;
 
 	char *identity; /* User-Name from RADIUS */
 	char *radius_cui; /* Chargeable-User-Identity from RADIUS */

src/ap/wpa_auth_glue.c

@@ -334,10 +334,9 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
 {
 	struct hostapd_data *hapd = ctx;
 	struct sta_info *sta = ap_get_sta(hapd, addr);
+	struct vlan_description *vlan = NULL;
 	const u8 *psk;
 
-	if (vlan_desc)
-		vlan_desc->notempty = 0;
 	if (psk_len)
 		*psk_len = PMK_LEN;
 
@@ -386,6 +385,7 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
 		if (vlan_desc)
 			vlan_desc->notempty = 0;
 		psk = sta->psk->psk;
+		vlan = &sta->psk->vlan;
 		for (pos = sta->psk; pos; pos = pos->next) {
 			if (pos->is_passphrase) {
 				pbkdf2_sha1(pos->passphrase,
@@ -396,10 +396,18 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
 			}
 			if (pos->psk == prev_psk) {
 				psk = pos->next ? pos->next->psk : NULL;
+				vlan = pos->next ? &pos->next->vlan : NULL;
 				break;
 			}
 		}
 	}
+
+	if (vlan && vlan_desc) {
+		if (vlan && vlan->notempty)
+			*vlan_desc = *vlan;
+		else if (sta->default_radius_vlan.notempty)
+			*vlan_desc = sta->default_radius_vlan;
+	}
 	return psk;
 }
 
@@ -956,16 +964,14 @@ static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr,
 
 	if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
 		if (!hostapd_vlan_valid(hapd->conf->vlan, vlan_desc)) {
-			wpa_printf(MSG_INFO,
-				   "Invalid VLAN ID %d in wpa_psk_file",
-				   vlan_id);
+			wpa_printf(MSG_INFO, "Invalid VLAN ID %d", vlan_id);
 			return -1;
 		}
 
 		if (ap_sta_set_vlan(hapd, sta, vlan_desc) < 0) {
 			wpa_printf(MSG_INFO,
-				   "Failed to assign VLAN ID %d from wpa_psk_file to "
-				   MACSTR, vlan_id, MAC2STR(sta->addr));
+				   "Failed to assign VLAN ID %d to " MACSTR,
+				   vlan_id, MAC2STR(sta->addr));
 			return -1;
 		}
 	} else {
@@ -973,7 +979,7 @@ static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr,
 	}
 
 	wpa_printf(MSG_INFO,
-		   "Assigned VLAN ID %d from wpa_psk_file to " MACSTR,
+		   "Assigned VLAN ID %d from to " MACSTR,
 		   vlan_id, MAC2STR(sta->addr));
 	if ((sta->flags & WLAN_STA_ASSOC) &&
 	    ap_sta_bind_vlan(hapd, sta) < 0)