Commit Graph

18 Commits

Author SHA1 Message Date
Dan Harkins
df684d82ff EAP-pwd: Add support for EAP-pwd server and peer functionality
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
2010-09-14 21:51:40 -10:00
Gregory Detal
bb437f282b AP: Add wpa_msg() events for EAP server state machine 2010-04-07 11:13:14 +03:00
Jouni Malinen
f481459f5e Fix RADIUS server deinit to cancel timeout for session removal 2009-12-19 18:52:15 +02:00
Jouni Malinen
1489e11a94 Make struct radius_msg private to radius.c
This is internal data structure for RADIUS message handling and
external code should not touch it directly.
2009-12-19 17:26:57 +02:00
Jouni Malinen
aa235d2ef7 Convert RADIUS message code to use wpabuf internally 2009-12-19 17:12:07 +02:00
Jouni Malinen
9e7245bdb4 Change radius_msg_free() to free the buffer
Since all callers were freeing the buffer immediately anyway, move
this operation into radius_msg_free() to reduce code size.
2009-12-19 16:34:41 +02:00
Jouni Malinen
362bd35f2d Add more Doxygen documentation for RADIUS server implementation 2009-12-02 21:29:32 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
5a641ae01e Use type-punning to avoid breaking strict aliasing rules
While the actual use here would be unlikely to be broken by any C
optimization, it is better to use explicit union construction to let
gcc know about the aliasing and avoid warnings from gcc 4.4.
2009-11-05 12:11:49 +02:00
Alex Badea
7598210b79 radius_server: clean up completed sessions sooner
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.

The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.

Signed-off-by: Alex Badea <vamposdecampos@gmail.com>

Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
2009-09-09 23:54:03 +03:00
Jouni Malinen
5cd89c26f9 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:32:27 +03:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
2d86724409 EAP-FAST: Allow A-ID and A-ID-Info to be configured separately
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
2008-10-19 09:55:59 +03:00
Jouni Malinen
a11c90a64a EAP-FAST: Make PAC-Key lifetime values configurable
The hardcoded values in eap_fast.c were replaced with values read from
hostapd.conf.
2008-10-08 17:25:47 +03:00
Jouni Malinen
378eae5e9b EAP-FAST: Added support for disabling anonymous/authenticated provisioning
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
2008-10-08 16:55:23 +03:00
Jouni Malinen
c3e258ae9f TNC: Provide 'tnc' configuration option for EAP server and methods 2008-03-09 10:42:53 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00