diff --git a/hostapd/Makefile b/hostapd/Makefile index 343c8db1f..7f0fb2ae5 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -454,6 +454,10 @@ ifdef CONFIG_IPV6 CFLAGS += -DCONFIG_IPV6 endif +ifdef CONFIG_DRIVER_RADIUS_ACL +CFLAGS += -DCONFIG_DRIVER_RADIUS_ACL +endif + ifdef CONFIG_FULL_DYNAMIC_VLAN # define CONFIG_FULL_DYNAMIC_VLAN to have hostapd manipulate bridges # and vlan interfaces for the vlan feature. diff --git a/hostapd/defconfig b/hostapd/defconfig index 623f86a2a..4cfaee90f 100644 --- a/hostapd/defconfig +++ b/hostapd/defconfig @@ -120,3 +120,7 @@ CONFIG_IPV6=y # IEEE 802.11r. This draft is still subject to change, so it should be noted # that this version may not comply with the final standard. #CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) +#CONFIG_DRIVER_RADIUS_ACL=y diff --git a/hostapd/driver.h b/hostapd/driver.h index 8502a7478..f76d2d432 100644 --- a/hostapd/driver.h +++ b/hostapd/driver.h @@ -159,6 +159,10 @@ struct wpa_driver_ops { int (*send_ether)(void *priv, const u8 *dst, const u8 *src, u16 proto, const u8 *data, size_t data_len); + + int (*set_radius_acl_auth)(void *priv, const u8 *mac, int accepted, + u32 session_timeout); + int (*set_radius_acl_expire)(void *priv, const u8 *mac); }; static inline void * @@ -678,4 +682,23 @@ hostapd_driver_commit(struct hostapd_data *hapd) return hapd->driver->commit(hapd->drv_priv); } +static inline int +hostapd_set_radius_acl_auth(struct hostapd_data *hapd, const u8 *mac, + int accepted, u32 session_timeout) +{ + if (hapd->driver == NULL || hapd->driver->set_radius_acl_auth == NULL) + return 0; + return hapd->driver->set_radius_acl_auth(hapd->drv_priv, mac, accepted, + session_timeout); +} + +static inline int +hostapd_set_radius_acl_expire(struct hostapd_data *hapd, const u8 *mac) +{ + if (hapd->driver == NULL || + hapd->driver->set_radius_acl_expire == NULL) + return 0; + return hapd->driver->set_radius_acl_expire(hapd->drv_priv, mac); +} + #endif /* DRIVER_H */ diff --git a/hostapd/ieee802_11_auth.c b/hostapd/ieee802_11_auth.c index bbdf9f92d..86f71b397 100644 --- a/hostapd/ieee802_11_auth.c +++ b/hostapd/ieee802_11_auth.c @@ -22,6 +22,7 @@ #include "radius/radius.h" #include "radius/radius_client.h" #include "eloop.h" +#include "driver.h" #define RADIUS_ACL_TIMEOUT 30 @@ -293,7 +294,9 @@ static void hostapd_acl_expire_cache(struct hostapd_data *hapd, time_t now) prev->next = entry->next; else hapd->acl_cache = entry->next; - +#ifdef CONFIG_DRIVER_RADIUS_ACL + hostapd_set_radius_acl_expire(hapd, entry->addr); +#endif /* CONFIG_DRIVER_RADIUS_ACL */ tmp = entry; entry = entry->next; os_free(tmp); @@ -417,11 +420,16 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req, cache->next = hapd->acl_cache; hapd->acl_cache = cache; +#ifdef CONFIG_DRIVER_RADIUS_ACL + hostapd_set_radius_acl_auth(hapd, query->addr, cache->accepted, + cache->session_timeout); +#else /* CONFIG_DRIVER_RADIUS_ACL */ /* Re-send original authentication frame for 802.11 processing */ wpa_printf(MSG_DEBUG, "Re-sending authentication frame after " "successful RADIUS ACL query"); ieee802_11_mgmt(hapd, query->auth_msg, query->auth_msg_len, WLAN_FC_STYPE_AUTH, NULL); +#endif /* CONFIG_DRIVER_RADIUS_ACL */ done: if (prev == NULL)