mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
hostapd: Copy Chargeable-User-Identity into accounting (RFC 4372)
If Access-Accept packet includes the Chargeable-User-Identity attribute, copy this attribute as-is into accounting messages. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
4732ee3a87
commit
4e132a618e
@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* hostapd / RADIUS Accounting
|
* hostapd / RADIUS Accounting
|
||||||
* Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2002-2009, 2012, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
@ -39,6 +39,7 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
|
|||||||
u8 *val;
|
u8 *val;
|
||||||
size_t len;
|
size_t len;
|
||||||
int i;
|
int i;
|
||||||
|
struct wpabuf *b;
|
||||||
|
|
||||||
msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
|
msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
|
||||||
radius_client_get_id(hapd->radius));
|
radius_client_get_id(hapd->radius));
|
||||||
@ -167,6 +168,15 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
b = ieee802_1x_get_radius_cui(sta->eapol_sm);
|
||||||
|
if (b &&
|
||||||
|
!radius_msg_add_attr(msg,
|
||||||
|
RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
|
||||||
|
wpabuf_head(b), wpabuf_len(b))) {
|
||||||
|
wpa_printf(MSG_ERROR, "Could not add CUI");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return msg;
|
return msg;
|
||||||
|
@ -978,6 +978,7 @@ void ieee802_1x_free_station(struct sta_info *sta)
|
|||||||
#ifndef CONFIG_NO_RADIUS
|
#ifndef CONFIG_NO_RADIUS
|
||||||
radius_msg_free(sm->last_recv_radius);
|
radius_msg_free(sm->last_recv_radius);
|
||||||
radius_free_class(&sm->radius_class);
|
radius_free_class(&sm->radius_class);
|
||||||
|
wpabuf_free(sm->radius_cui);
|
||||||
#endif /* CONFIG_NO_RADIUS */
|
#endif /* CONFIG_NO_RADIUS */
|
||||||
|
|
||||||
os_free(sm->identity);
|
os_free(sm->identity);
|
||||||
@ -1199,6 +1200,32 @@ static void ieee802_1x_update_sta_identity(struct hostapd_data *hapd,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Update CUI based on Chargeable-User-Identity attribute in Access-Accept */
|
||||||
|
static void ieee802_1x_update_sta_cui(struct hostapd_data *hapd,
|
||||||
|
struct sta_info *sta,
|
||||||
|
struct radius_msg *msg)
|
||||||
|
{
|
||||||
|
struct eapol_state_machine *sm = sta->eapol_sm;
|
||||||
|
struct wpabuf *cui;
|
||||||
|
u8 *buf;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
|
if (sm == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
|
||||||
|
&buf, &len, NULL) < 0)
|
||||||
|
return;
|
||||||
|
|
||||||
|
cui = wpabuf_alloc_copy(buf, len);
|
||||||
|
if (cui == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
wpabuf_free(sm->radius_cui);
|
||||||
|
sm->radius_cui = cui;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
struct sta_id_search {
|
struct sta_id_search {
|
||||||
u8 identifier;
|
u8 identifier;
|
||||||
struct eapol_state_machine *sm;
|
struct eapol_state_machine *sm;
|
||||||
@ -1358,6 +1385,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
|
|||||||
shared_secret_len);
|
shared_secret_len);
|
||||||
ieee802_1x_store_radius_class(hapd, sta, msg);
|
ieee802_1x_store_radius_class(hapd, sta, msg);
|
||||||
ieee802_1x_update_sta_identity(hapd, sta, msg);
|
ieee802_1x_update_sta_identity(hapd, sta, msg);
|
||||||
|
ieee802_1x_update_sta_cui(hapd, sta, msg);
|
||||||
if (sm->eap_if->eapKeyAvailable &&
|
if (sm->eap_if->eapKeyAvailable &&
|
||||||
wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
|
wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
|
||||||
session_timeout_set ?
|
session_timeout_set ?
|
||||||
@ -1875,6 +1903,14 @@ u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm)
|
||||||
|
{
|
||||||
|
if (sm == NULL)
|
||||||
|
return NULL;
|
||||||
|
return sm->radius_cui;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len)
|
const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len)
|
||||||
{
|
{
|
||||||
*len = 0;
|
*len = 0;
|
||||||
|
@ -67,6 +67,7 @@ int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
|
|||||||
u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
|
u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
|
||||||
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
|
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
|
||||||
int idx);
|
int idx);
|
||||||
|
struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm);
|
||||||
const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len);
|
const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len);
|
||||||
void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm,
|
void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm,
|
||||||
int enabled);
|
int enabled);
|
||||||
|
@ -157,6 +157,7 @@ struct eapol_state_machine {
|
|||||||
* Authentication server */
|
* Authentication server */
|
||||||
u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
|
u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
|
||||||
struct radius_class_data radius_class;
|
struct radius_class_data radius_class;
|
||||||
|
struct wpabuf *radius_cui; /* Chargeable-User-Identity */
|
||||||
|
|
||||||
/* Keys for encrypting and signing EAPOL-Key frames */
|
/* Keys for encrypting and signing EAPOL-Key frames */
|
||||||
u8 *eapol_key_sign;
|
u8 *eapol_key_sign;
|
||||||
|
Loading…
Reference in New Issue
Block a user