RADIUS DAS: Support Acct-Multi-Session-Id as a session identifier

This extends Disconnect-Request support for an additiona session
identification attribute.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-01-16 13:09:44 +02:00 committed by Jouni Malinen
parent b52c0d453f
commit 4e871ed1c3
3 changed files with 47 additions and 0 deletions

View File

@ -15,6 +15,8 @@
#include "radius/radius_client.h" #include "radius/radius_client.h"
#include "radius/radius_das.h" #include "radius/radius_das.h"
#include "eap_server/tncs.h" #include "eap_server/tncs.h"
#include "eapol_auth/eapol_auth_sm.h"
#include "eapol_auth/eapol_auth_sm_i.h"
#include "hostapd.h" #include "hostapd.h"
#include "authsrv.h" #include "authsrv.h"
#include "sta_info.h" #include "sta_info.h"
@ -673,6 +675,42 @@ static struct sta_info * hostapd_das_find_sta(struct hostapd_data *hapd,
wpa_printf(MSG_DEBUG, "RADIUS DAS: Acct-Session-Id match"); wpa_printf(MSG_DEBUG, "RADIUS DAS: Acct-Session-Id match");
} }
if (attr->acct_multi_session_id) {
num_attr++;
if (attr->acct_multi_session_id_len != 17) {
wpa_printf(MSG_DEBUG,
"RADIUS DAS: Acct-Multi-Session-Id cannot match");
return NULL;
}
count = 0;
for (sta = hapd->sta_list; sta; sta = sta->next) {
if (!sta->radius_das_match)
continue;
if (!sta->eapol_sm ||
!sta->eapol_sm->acct_multi_session_id_hi) {
sta->radius_das_match = 0;
continue;
}
os_snprintf(buf, sizeof(buf), "%08X+%08X",
sta->eapol_sm->acct_multi_session_id_hi,
sta->eapol_sm->acct_multi_session_id_lo);
if (os_memcmp(attr->acct_multi_session_id, buf, 17) !=
0)
sta->radius_das_match = 0;
else
count++;
}
if (count == 0) {
wpa_printf(MSG_DEBUG,
"RADIUS DAS: No matches remaining after Acct-Multi-Session-Id check");
return NULL;
}
wpa_printf(MSG_DEBUG,
"RADIUS DAS: Acct-Multi-Session-Id match");
}
if (attr->cui) { if (attr->cui) {
num_attr++; num_attr++;
count = 0; count = 0;

View File

@ -42,6 +42,7 @@ static struct radius_msg * radius_das_disconnect(struct radius_das_data *das,
RADIUS_ATTR_CALLING_STATION_ID, RADIUS_ATTR_CALLING_STATION_ID,
RADIUS_ATTR_NAS_IDENTIFIER, RADIUS_ATTR_NAS_IDENTIFIER,
RADIUS_ATTR_ACCT_SESSION_ID, RADIUS_ATTR_ACCT_SESSION_ID,
RADIUS_ATTR_ACCT_MULTI_SESSION_ID,
RADIUS_ATTR_EVENT_TIMESTAMP, RADIUS_ATTR_EVENT_TIMESTAMP,
RADIUS_ATTR_MESSAGE_AUTHENTICATOR, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
@ -129,6 +130,12 @@ static struct radius_msg * radius_das_disconnect(struct radius_das_data *das,
attrs.acct_session_id_len = len; attrs.acct_session_id_len = len;
} }
if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_ACCT_MULTI_SESSION_ID,
&buf, &len, NULL) == 0) {
attrs.acct_multi_session_id = buf;
attrs.acct_multi_session_id_len = len;
}
if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
&buf, &len, NULL) == 0) { &buf, &len, NULL) == 0) {
attrs.cui = buf; attrs.cui = buf;

View File

@ -31,6 +31,8 @@ struct radius_das_attrs {
size_t user_name_len; size_t user_name_len;
const u8 *acct_session_id; const u8 *acct_session_id;
size_t acct_session_id_len; size_t acct_session_id_len;
const u8 *acct_multi_session_id;
size_t acct_multi_session_id_len;
const u8 *cui; const u8 *cui;
size_t cui_len; size_t cui_len;
}; };