Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changes to support PAC and 802.1X interaction #89

Merged
merged 1 commit into from
Oct 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions hostapd/ctrl_iface.c
Original file line number Diff line number Diff line change
Expand Up @@ -2773,6 +2773,9 @@ static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd,
if (!sta || !sta->eapol_sm)
return -1;

#ifdef CONFIG_SONIC_HOSTAPD

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move SONiC specific changes into a patch file?

memset(&sta->attr_info, 0, sizeof (sta->attr_info));
#endif
eapol_auth_reauthenticate(sta->eapol_sm);
return 0;
}
Expand Down
58 changes: 56 additions & 2 deletions src/ap/ieee802_1x.c
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@
#include "common/ieee802_11_defs.h"
#include "radius/radius.h"
#include "radius/radius_client.h"
#ifdef CONFIG_SONIC_RADIUS
#include "radius/radius_attr_parse.h"
#endif
#include "eap_server/eap.h"
#include "eap_common/eap_wsc_common.h"
#include "eapol_auth/eapol_auth_sm.h"
Expand Down Expand Up @@ -460,6 +463,7 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd,
return -1;
}

#ifndef CONFIG_SONIC_RADIUS
if (sta->flags & WLAN_STA_PREAUTH) {
os_strlcpy(buf, "IEEE 802.11i Pre-Authentication",
sizeof(buf));
Expand Down Expand Up @@ -487,6 +491,7 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd,
return -1;
}
}
#endif

if ((hapd->conf->wpa & 2) &&
!hapd->conf->disable_pmksa_caching &&
Expand Down Expand Up @@ -565,8 +570,13 @@ int add_common_radius_attr(struct hostapd_data *hapd,
return -1;
}

#ifdef CONFIG_SONIC_RADIUS
len = os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
MAC2STR(hapd->own_addr));
#else
len = os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":",
MAC2STR(hapd->own_addr));
#endif
os_memcpy(&buf[len], hapd->conf->ssid.ssid,
hapd->conf->ssid.ssid_len);
len += hapd->conf->ssid.ssid_len;
Expand Down Expand Up @@ -708,7 +718,13 @@ void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
wpa_printf(MSG_INFO, "Could not add User-Name");
goto fail;
}

#ifdef CONFIG_SONIC_RADIUS
else {
memset(sta->attr_info.userName,'\0', sizeof(sta->attr_info.userName));
strncpy(sta->attr_info.userName, sm->identity, sm->identity_len);
sta->attr_info.userNameLen = sm->identity_len;
}
#endif
if (add_common_radius_attr(hapd, hapd->conf->radius_auth_req_attr, sta,
msg) < 0)
goto fail;
Expand Down Expand Up @@ -1183,6 +1199,19 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
sta->eapol_sm->eapolLogoff = true;
sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
eap_server_clear_identity(sta->eapol_sm->eap);

#ifdef CONFIG_SONIC_HOSTAPD
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
HOSTAPD_LEVEL_DEBUG,
"sending client_disconnect for EAPOL-Logoff from STA");
/* Inform PAC */
if (0 != hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "client_disconnected", NULL))
{
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
HOSTAPD_LEVEL_DEBUG,
"sending client_disconnect for EAPOL-Logoff from STA not successful");
}
#endif
break;

case IEEE802_1X_TYPE_EAPOL_KEY:
Expand Down Expand Up @@ -2006,6 +2035,14 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
break;
#endif /* CONFIG_NO_VLAN */

#ifdef CONFIG_SONIC_RADIUS
if (0 != radiusClientAcceptProcess(msg, &sta->attr_info))
{
wpa_printf(MSG_DEBUG, "radiusClientAcceptProcess failed \n");
}
#endif

#ifndef CONFIG_SONIC_RADIUS
sta->session_timeout_set = !!session_timeout_set;
os_get_reltime(&sta->session_timeout);
sta->session_timeout.sec += session_timeout;
Expand All @@ -2018,6 +2055,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
ap_sta_session_timeout(hapd, sta, session_timeout);
else
ap_sta_no_session_timeout(hapd, sta);
#endif

sm->eap_if->aaaSuccess = true;
override_eapReq = 1;
Expand Down Expand Up @@ -2110,6 +2148,11 @@ void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
MAC2STR(sta->addr));

sm->eap_if->portEnabled = false;
#ifdef CONFIG_SONIC_RADIUS
/* Invoke driver to inform PAC */
hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr,
"auth_timeout", (void *) sta);
#endif
ap_sta_disconnect(hapd, sta, sta->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID);
}
Expand Down Expand Up @@ -2998,5 +3041,16 @@ static void ieee802_1x_finished(struct hostapd_data *hapd,
* EAPOL authentication to be started to complete connection.
*/
ap_sta_delayed_1x_auth_fail_disconnect(hapd, sta);
}

#ifdef CONFIG_SONIC_HOSTAPD
/* Invoke driver to inform PAC */
hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "auth_fail", (void *) sta);
#endif
}
#ifdef CONFIG_SONIC_HOSTAPD
else {
/* Invoke driver to inform PAC */
hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "auth_success", (void *) sta);
}
#endif
}
3 changes: 3 additions & 0 deletions src/eap_server/eap.h
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ struct eap_eapol_interface {
struct wpabuf *aaaEapRespData;
/* aaaIdentity -> eap_get_identity() */
bool aaaTimeout;
#ifdef CONFIG_SONIC_HOSTAPD
bool client_reauth;
#endif
};

struct eap_server_erp_key {
Expand Down
10 changes: 10 additions & 0 deletions src/eap_server/eap_server.c
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,12 @@ SM_STATE(EAP, INITIALIZE)
}

sm->try_initiate_reauth = false;
#ifdef CONFIG_SONIC_HOSTAPD
if (!sm->eap_if.client_reauth)
sm->currentId = -1;
#else
sm->currentId = -1;
#endif
sm->eap_if.eapSuccess = false;
sm->eap_if.eapFail = false;
sm->eap_if.eapTimeout = false;
Expand Down Expand Up @@ -402,6 +407,11 @@ SM_STATE(EAP, METHOD_REQUEST)
return;
}

#ifdef CONFIG_SONIC_HOSTAPD
wpa_printf(MSG_DEBUG, "EAP: lastId %d",
sm->lastId);
#endif

sm->currentId = eap_sm_nextId(sm, sm->currentId);
wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
sm->currentId);
Expand Down
20 changes: 18 additions & 2 deletions src/eapol_auth/eapol_auth_sm.c
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
}
}

#ifndef CONFIG_SONIC_HOSTAPD
if (state->reAuthWhen > 0) {
state->reAuthWhen--;
if (state->reAuthWhen == 0) {
Expand All @@ -176,6 +177,7 @@ static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
MAC2STR(state->addr));
}
}
#endif

if (state->eap_if->retransWhile > 0) {
state->eap_if->retransWhile--;
Expand Down Expand Up @@ -241,13 +243,25 @@ SM_STATE(AUTH_PAE, DISCONNECTED)

SM_STATE(AUTH_PAE, RESTART)
{
#ifdef CONFIG_SONIC_HOSTAPD
#ifdef HOSTAPD
sm->eap_if->client_reauth = false;
#endif
#endif
if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED) {
if (sm->reAuthenticate)
sm->authAuthReauthsWhileAuthenticated++;
if (sm->eapolStart)
sm->authAuthEapStartsWhileAuthenticated++;
if (sm->eapolLogoff)
sm->authAuthEapLogoffWhileAuthenticated++;

#ifdef CONFIG_SONIC_HOSTAPD
#ifdef HOSTAPD
if (sm->reAuthenticate)
sm->eap_if->client_reauth = true;
#endif
#endif
}

SM_ENTRY_MA(AUTH_PAE, RESTART, auth_pae);
Expand Down Expand Up @@ -503,8 +517,9 @@ SM_STATE(BE_AUTH, RESPONSE)
SM_STATE(BE_AUTH, SUCCESS)
{
SM_ENTRY_MA(BE_AUTH, SUCCESS, be_auth);

#ifndef CONFIG_SONIC_HOSTAPD
txReq();
#endif
sm->authSuccess = true;
sm->keyRun = true;
}
Expand All @@ -513,8 +528,9 @@ SM_STATE(BE_AUTH, SUCCESS)
SM_STATE(BE_AUTH, FAIL)
{
SM_ENTRY_MA(BE_AUTH, FAIL, be_auth);

#ifndef CONFIG_SONIC_HOSTAPD
txReq();
#endif
sm->authFail = true;
}

Expand Down
4 changes: 4 additions & 0 deletions src/eapol_auth/eapol_auth_sm.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@
struct eapol_auth_config {
const struct eap_config *eap_cfg;
int eap_reauth_period;
#ifdef CONFIG_SONIC_HOSTAPD
int eap_server_timeout;
int eap_quiet_period;
#endif
int wpa;
int individual_wep_key_len;
char *eap_req_id_text; /* a copy of this will be allocated */
Expand Down
4 changes: 4 additions & 0 deletions src/eapol_auth/eapol_auth_sm_i.h
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,11 @@ struct eapol_state_machine {
unsigned int reAuthCount;
/* constants */
unsigned int quietPeriod; /* default 60; 0..65535 */
#ifdef CONFIG_SONIC_HOSTAPD
#define AUTH_PAE_DEFAULT_quietPeriod 2
#else
#define AUTH_PAE_DEFAULT_quietPeriod 60
#endif
unsigned int reAuthMax; /* default 2 */
#define AUTH_PAE_DEFAULT_reAuthMax 2
/* counters */
Expand Down
3 changes: 3 additions & 0 deletions src/utils/wpa_debug.c
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,9 @@ void wpa_printf(int level, const char *fmt, ...)
va_start(ap, fmt);
vprintf(fmt, ap);
printf("\n");
#ifdef CONFIG_SONIC_RADIUS
fflush(stdout);
#endif
va_end(ap);
}
#endif /* CONFIG_ANDROID_LOG */
Expand Down