authsrv.c
Go to the documentation of this file.
00001 /*
00002  * Authentication server setup
00003  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #include "utils/includes.h"
00016 
00017 #include "utils/common.h"
00018 #include "crypto/tls.h"
00019 #include "eap_server/eap.h"
00020 #include "eap_server/eap_sim_db.h"
00021 #include "eapol_auth/eapol_auth_sm.h"
00022 #include "radius/radius_server.h"
00023 #include "hostapd.h"
00024 #include "ap_config.h"
00025 #include "sta_info.h"
00026 #include "authsrv.h"
00027 
00028 
00029 #if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
00030 #define EAP_SIM_DB
00031 #endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
00032 
00033 
00034 #ifdef EAP_SIM_DB
00035 static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
00036                                  struct sta_info *sta, void *ctx)
00037 {
00038         if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0)
00039                 return 1;
00040         return 0;
00041 }
00042 
00043 
00044 static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
00045 {
00046         struct hostapd_data *hapd = ctx;
00047         if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) {
00048 #ifdef RADIUS_SERVER
00049                 radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
00050 #endif /* RADIUS_SERVER */
00051         }
00052 }
00053 #endif /* EAP_SIM_DB */
00054 
00055 
00056 #ifdef RADIUS_SERVER
00057 
00058 static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
00059                                        size_t identity_len, int phase2,
00060                                        struct eap_user *user)
00061 {
00062         const struct hostapd_eap_user *eap_user;
00063         int i, count;
00064 
00065         eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
00066         if (eap_user == NULL)
00067                 return -1;
00068 
00069         if (user == NULL)
00070                 return 0;
00071 
00072         os_memset(user, 0, sizeof(*user));
00073         count = EAP_USER_MAX_METHODS;
00074         if (count > EAP_MAX_METHODS)
00075                 count = EAP_MAX_METHODS;
00076         for (i = 0; i < count; i++) {
00077                 user->methods[i].vendor = eap_user->methods[i].vendor;
00078                 user->methods[i].method = eap_user->methods[i].method;
00079         }
00080 
00081         if (eap_user->password) {
00082                 user->password = os_malloc(eap_user->password_len);
00083                 if (user->password == NULL)
00084                         return -1;
00085                 os_memcpy(user->password, eap_user->password,
00086                           eap_user->password_len);
00087                 user->password_len = eap_user->password_len;
00088                 user->password_hash = eap_user->password_hash;
00089         }
00090         user->force_version = eap_user->force_version;
00091         user->ttls_auth = eap_user->ttls_auth;
00092 
00093         return 0;
00094 }
00095 
00096 
00097 static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
00098 {
00099         struct radius_server_conf srv;
00100         struct hostapd_bss_config *conf = hapd->conf;
00101         os_memset(&srv, 0, sizeof(srv));
00102         srv.client_file = conf->radius_server_clients;
00103         srv.auth_port = conf->radius_server_auth_port;
00104         srv.conf_ctx = conf;
00105         srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
00106         srv.ssl_ctx = hapd->ssl_ctx;
00107         srv.msg_ctx = hapd->msg_ctx;
00108         srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
00109         srv.eap_fast_a_id = conf->eap_fast_a_id;
00110         srv.eap_fast_a_id_len = conf->eap_fast_a_id_len;
00111         srv.eap_fast_a_id_info = conf->eap_fast_a_id_info;
00112         srv.eap_fast_prov = conf->eap_fast_prov;
00113         srv.pac_key_lifetime = conf->pac_key_lifetime;
00114         srv.pac_key_refresh_time = conf->pac_key_refresh_time;
00115         srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
00116         srv.tnc = conf->tnc;
00117         srv.wps = hapd->wps;
00118         srv.ipv6 = conf->radius_server_ipv6;
00119         srv.get_eap_user = hostapd_radius_get_eap_user;
00120         srv.eap_req_id_text = conf->eap_req_id_text;
00121         srv.eap_req_id_text_len = conf->eap_req_id_text_len;
00122 
00123         hapd->radius_srv = radius_server_init(&srv);
00124         if (hapd->radius_srv == NULL) {
00125                 wpa_printf(MSG_ERROR, "RADIUS server initialization failed.");
00126                 return -1;
00127         }
00128 
00129         return 0;
00130 }
00131 
00132 #endif /* RADIUS_SERVER */
00133 
00134 
00135 int authsrv_init(struct hostapd_data *hapd)
00136 {
00137 #ifdef EAP_TLS_FUNCS
00138         if (hapd->conf->eap_server &&
00139             (hapd->conf->ca_cert || hapd->conf->server_cert ||
00140              hapd->conf->dh_file)) {
00141                 struct tls_connection_params params;
00142 
00143                 hapd->ssl_ctx = tls_init(NULL);
00144                 if (hapd->ssl_ctx == NULL) {
00145                         wpa_printf(MSG_ERROR, "Failed to initialize TLS");
00146                         authsrv_deinit(hapd);
00147                         return -1;
00148                 }
00149 
00150                 os_memset(&params, 0, sizeof(params));
00151                 params.ca_cert = hapd->conf->ca_cert;
00152                 params.client_cert = hapd->conf->server_cert;
00153                 params.private_key = hapd->conf->private_key;
00154                 params.private_key_passwd = hapd->conf->private_key_passwd;
00155                 params.dh_file = hapd->conf->dh_file;
00156 
00157                 if (tls_global_set_params(hapd->ssl_ctx, &params)) {
00158                         wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
00159                         authsrv_deinit(hapd);
00160                         return -1;
00161                 }
00162 
00163                 if (tls_global_set_verify(hapd->ssl_ctx,
00164                                           hapd->conf->check_crl)) {
00165                         wpa_printf(MSG_ERROR, "Failed to enable check_crl");
00166                         authsrv_deinit(hapd);
00167                         return -1;
00168                 }
00169         }
00170 #endif /* EAP_TLS_FUNCS */
00171 
00172 #ifdef EAP_SIM_DB
00173         if (hapd->conf->eap_sim_db) {
00174                 hapd->eap_sim_db_priv =
00175                         eap_sim_db_init(hapd->conf->eap_sim_db,
00176                                         hostapd_sim_db_cb, hapd);
00177                 if (hapd->eap_sim_db_priv == NULL) {
00178                         wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
00179                                    "database interface");
00180                         authsrv_deinit(hapd);
00181                         return -1;
00182                 }
00183         }
00184 #endif /* EAP_SIM_DB */
00185 
00186 #ifdef RADIUS_SERVER
00187         if (hapd->conf->radius_server_clients &&
00188             hostapd_setup_radius_srv(hapd))
00189                 return -1;
00190 #endif /* RADIUS_SERVER */
00191 
00192         return 0;
00193 }
00194 
00195 
00196 void authsrv_deinit(struct hostapd_data *hapd)
00197 {
00198 #ifdef RADIUS_SERVER
00199         radius_server_deinit(hapd->radius_srv);
00200         hapd->radius_srv = NULL;
00201 #endif /* RADIUS_SERVER */
00202 
00203 #ifdef EAP_TLS_FUNCS
00204         if (hapd->ssl_ctx) {
00205                 tls_deinit(hapd->ssl_ctx);
00206                 hapd->ssl_ctx = NULL;
00207         }
00208 #endif /* EAP_TLS_FUNCS */
00209 
00210 #ifdef EAP_SIM_DB
00211         if (hapd->eap_sim_db_priv) {
00212                 eap_sim_db_deinit(hapd->eap_sim_db_priv);
00213                 hapd->eap_sim_db_priv = NULL;
00214         }
00215 #endif /* EAP_SIM_DB */
00216 }


wpa_supplicant_node
Author(s): Package maintained by Blaise Gassend
autogenerated on Thu Jan 2 2014 11:25:12