Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015 #include "utils/includes.h"
00016
00017 #include "utils/common.h"
00018 #include "crypto/tls.h"
00019 #include "eap_server/eap.h"
00020 #include "eap_server/eap_sim_db.h"
00021 #include "eapol_auth/eapol_auth_sm.h"
00022 #include "radius/radius_server.h"
00023 #include "hostapd.h"
00024 #include "ap_config.h"
00025 #include "sta_info.h"
00026 #include "authsrv.h"
00027
00028
00029 #if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
00030 #define EAP_SIM_DB
00031 #endif
00032
00033
00034 #ifdef EAP_SIM_DB
00035 static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
00036 struct sta_info *sta, void *ctx)
00037 {
00038 if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0)
00039 return 1;
00040 return 0;
00041 }
00042
00043
00044 static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
00045 {
00046 struct hostapd_data *hapd = ctx;
00047 if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) {
00048 #ifdef RADIUS_SERVER
00049 radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
00050 #endif
00051 }
00052 }
00053 #endif
00054
00055
00056 #ifdef RADIUS_SERVER
00057
00058 static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
00059 size_t identity_len, int phase2,
00060 struct eap_user *user)
00061 {
00062 const struct hostapd_eap_user *eap_user;
00063 int i, count;
00064
00065 eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
00066 if (eap_user == NULL)
00067 return -1;
00068
00069 if (user == NULL)
00070 return 0;
00071
00072 os_memset(user, 0, sizeof(*user));
00073 count = EAP_USER_MAX_METHODS;
00074 if (count > EAP_MAX_METHODS)
00075 count = EAP_MAX_METHODS;
00076 for (i = 0; i < count; i++) {
00077 user->methods[i].vendor = eap_user->methods[i].vendor;
00078 user->methods[i].method = eap_user->methods[i].method;
00079 }
00080
00081 if (eap_user->password) {
00082 user->password = os_malloc(eap_user->password_len);
00083 if (user->password == NULL)
00084 return -1;
00085 os_memcpy(user->password, eap_user->password,
00086 eap_user->password_len);
00087 user->password_len = eap_user->password_len;
00088 user->password_hash = eap_user->password_hash;
00089 }
00090 user->force_version = eap_user->force_version;
00091 user->ttls_auth = eap_user->ttls_auth;
00092
00093 return 0;
00094 }
00095
00096
00097 static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
00098 {
00099 struct radius_server_conf srv;
00100 struct hostapd_bss_config *conf = hapd->conf;
00101 os_memset(&srv, 0, sizeof(srv));
00102 srv.client_file = conf->radius_server_clients;
00103 srv.auth_port = conf->radius_server_auth_port;
00104 srv.conf_ctx = conf;
00105 srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
00106 srv.ssl_ctx = hapd->ssl_ctx;
00107 srv.msg_ctx = hapd->msg_ctx;
00108 srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
00109 srv.eap_fast_a_id = conf->eap_fast_a_id;
00110 srv.eap_fast_a_id_len = conf->eap_fast_a_id_len;
00111 srv.eap_fast_a_id_info = conf->eap_fast_a_id_info;
00112 srv.eap_fast_prov = conf->eap_fast_prov;
00113 srv.pac_key_lifetime = conf->pac_key_lifetime;
00114 srv.pac_key_refresh_time = conf->pac_key_refresh_time;
00115 srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
00116 srv.tnc = conf->tnc;
00117 srv.wps = hapd->wps;
00118 srv.ipv6 = conf->radius_server_ipv6;
00119 srv.get_eap_user = hostapd_radius_get_eap_user;
00120 srv.eap_req_id_text = conf->eap_req_id_text;
00121 srv.eap_req_id_text_len = conf->eap_req_id_text_len;
00122
00123 hapd->radius_srv = radius_server_init(&srv);
00124 if (hapd->radius_srv == NULL) {
00125 wpa_printf(MSG_ERROR, "RADIUS server initialization failed.");
00126 return -1;
00127 }
00128
00129 return 0;
00130 }
00131
00132 #endif
00133
00134
00135 int authsrv_init(struct hostapd_data *hapd)
00136 {
00137 #ifdef EAP_TLS_FUNCS
00138 if (hapd->conf->eap_server &&
00139 (hapd->conf->ca_cert || hapd->conf->server_cert ||
00140 hapd->conf->dh_file)) {
00141 struct tls_connection_params params;
00142
00143 hapd->ssl_ctx = tls_init(NULL);
00144 if (hapd->ssl_ctx == NULL) {
00145 wpa_printf(MSG_ERROR, "Failed to initialize TLS");
00146 authsrv_deinit(hapd);
00147 return -1;
00148 }
00149
00150 os_memset(¶ms, 0, sizeof(params));
00151 params.ca_cert = hapd->conf->ca_cert;
00152 params.client_cert = hapd->conf->server_cert;
00153 params.private_key = hapd->conf->private_key;
00154 params.private_key_passwd = hapd->conf->private_key_passwd;
00155 params.dh_file = hapd->conf->dh_file;
00156
00157 if (tls_global_set_params(hapd->ssl_ctx, ¶ms)) {
00158 wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
00159 authsrv_deinit(hapd);
00160 return -1;
00161 }
00162
00163 if (tls_global_set_verify(hapd->ssl_ctx,
00164 hapd->conf->check_crl)) {
00165 wpa_printf(MSG_ERROR, "Failed to enable check_crl");
00166 authsrv_deinit(hapd);
00167 return -1;
00168 }
00169 }
00170 #endif
00171
00172 #ifdef EAP_SIM_DB
00173 if (hapd->conf->eap_sim_db) {
00174 hapd->eap_sim_db_priv =
00175 eap_sim_db_init(hapd->conf->eap_sim_db,
00176 hostapd_sim_db_cb, hapd);
00177 if (hapd->eap_sim_db_priv == NULL) {
00178 wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
00179 "database interface");
00180 authsrv_deinit(hapd);
00181 return -1;
00182 }
00183 }
00184 #endif
00185
00186 #ifdef RADIUS_SERVER
00187 if (hapd->conf->radius_server_clients &&
00188 hostapd_setup_radius_srv(hapd))
00189 return -1;
00190 #endif
00191
00192 return 0;
00193 }
00194
00195
00196 void authsrv_deinit(struct hostapd_data *hapd)
00197 {
00198 #ifdef RADIUS_SERVER
00199 radius_server_deinit(hapd->radius_srv);
00200 hapd->radius_srv = NULL;
00201 #endif
00202
00203 #ifdef EAP_TLS_FUNCS
00204 if (hapd->ssl_ctx) {
00205 tls_deinit(hapd->ssl_ctx);
00206 hapd->ssl_ctx = NULL;
00207 }
00208 #endif
00209
00210 #ifdef EAP_SIM_DB
00211 if (hapd->eap_sim_db_priv) {
00212 eap_sim_db_deinit(hapd->eap_sim_db_priv);
00213 hapd->eap_sim_db_priv = NULL;
00214 }
00215 #endif
00216 }