Add server identity configuration for EAP server

The new server_id parameter in hostapd.conf can now be used to specify which identity is delivered to the EAP peer with EAP methods that support authenticated server identity. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-06 18:17:15 +03:00 · 2013-07-06 18:17:15 +03:00 · 67fe933d40
commit 67fe933d40
parent 06aeff5f8f
13 changed files with 46 additions and 0 deletions
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@ -532,6 +532,8 @@ static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
 	wpabuf_free(conf->vendor_elements);

 	os_free(conf->sae_groups);
+
+	os_free(conf->server_id);
 }


--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@ -375,6 +375,7 @@ struct hostapd_bss_config {
 	struct wpabuf *wps_nfc_dev_pw;
 #endif /* CONFIG_WPS */
 	int pbc_in_m1;
+	char *server_id;

 #define P2P_ENABLED BIT(0)
 #define P2P_GROUP_OWNER BIT(1)
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@ -111,6 +111,7 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
 	srv.eap_req_id_text = conf->eap_req_id_text;
 	srv.eap_req_id_text_len = conf->eap_req_id_text_len;
 	srv.pwd_group = conf->pwd_group;
+	srv.server_id = conf->server_id ? conf->server_id : "hostapd";
 #ifdef CONFIG_RADIUS_TEST
 	srv.dump_msk_file = conf->dump_msk_file;
 #endif /* CONFIG_RADIUS_TEST */
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@ -1828,6 +1828,13 @@ int ieee802_1x_init(struct hostapd_data *hapd)
 	conf.fragment_size = hapd->conf->fragment_size;
 	conf.pwd_group = hapd->conf->pwd_group;
 	conf.pbc_in_m1 = hapd->conf->pbc_in_m1;
+	if (hapd->conf->server_id) {
+		conf.server_id = (const u8 *) hapd->conf->server_id;
+		conf.server_id_len = os_strlen(hapd->conf->server_id);
+	} else {
+		conf.server_id = (const u8 *) "hostapd";
+		conf.server_id_len = 7;
+	}

 	os_memset(&cb, 0, sizeof(cb));
 	cb.eapol_send = ieee802_1x_eapol_send;