AP: MLO: Make IEEE 802.1X SM, authserv, and RADIUS client singletons
To simplify the handling of MLD stations, assume that all interfaces/BSSs use the same IEEE 802.1X authenticator, the same RADIUS server instance, and the same RADIUS client. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This commit is contained in:
parent
7b45c2e6bc
commit
a213fee11d
3 changed files with 96 additions and 28 deletions
|
@ -106,6 +106,15 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
|
||||||
{
|
{
|
||||||
struct radius_server_conf srv;
|
struct radius_server_conf srv;
|
||||||
struct hostapd_bss_config *conf = hapd->conf;
|
struct hostapd_bss_config *conf = hapd->conf;
|
||||||
|
|
||||||
|
if (hapd->mld_first_bss) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"MLD: Using RADIUS server of the first BSS");
|
||||||
|
|
||||||
|
hapd->radius_srv = hapd->mld_first_bss->radius_srv;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
os_memset(&srv, 0, sizeof(srv));
|
os_memset(&srv, 0, sizeof(srv));
|
||||||
srv.client_file = conf->radius_server_clients;
|
srv.client_file = conf->radius_server_clients;
|
||||||
srv.auth_port = conf->radius_server_auth_port;
|
srv.auth_port = conf->radius_server_auth_port;
|
||||||
|
@ -238,6 +247,19 @@ static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd)
|
||||||
|
|
||||||
int authsrv_init(struct hostapd_data *hapd)
|
int authsrv_init(struct hostapd_data *hapd)
|
||||||
{
|
{
|
||||||
|
if (hapd->mld_first_bss) {
|
||||||
|
wpa_printf(MSG_DEBUG, "MLD: Using auth_serv of the first BSS");
|
||||||
|
|
||||||
|
#ifdef EAP_TLS_FUNCS
|
||||||
|
hapd->ssl_ctx = hapd->mld_first_bss->ssl_ctx;
|
||||||
|
#endif /* EAP_TLS_FUNCS */
|
||||||
|
hapd->eap_cfg = hapd->mld_first_bss->eap_cfg;
|
||||||
|
#ifdef EAP_SIM_DB
|
||||||
|
hapd->eap_sim_db_priv = hapd->mld_first_bss->eap_sim_db_priv;
|
||||||
|
#endif /* EAP_SIM_DB */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef EAP_TLS_FUNCS
|
#ifdef EAP_TLS_FUNCS
|
||||||
if (hapd->conf->eap_server &&
|
if (hapd->conf->eap_server &&
|
||||||
(hapd->conf->ca_cert || hapd->conf->server_cert ||
|
(hapd->conf->ca_cert || hapd->conf->server_cert ||
|
||||||
|
@ -352,6 +374,21 @@ int authsrv_init(struct hostapd_data *hapd)
|
||||||
|
|
||||||
void authsrv_deinit(struct hostapd_data *hapd)
|
void authsrv_deinit(struct hostapd_data *hapd)
|
||||||
{
|
{
|
||||||
|
if (hapd->mld_first_bss) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"MLD: Deinit auth_serv of a non-first BSS");
|
||||||
|
|
||||||
|
hapd->radius_srv = NULL;
|
||||||
|
hapd->eap_cfg = NULL;
|
||||||
|
#ifdef EAP_SIM_DB
|
||||||
|
hapd->eap_sim_db_priv = NULL;
|
||||||
|
#endif /* EAP_SIM_DB */
|
||||||
|
#ifdef EAP_TLS_FUNCS
|
||||||
|
hapd->ssl_ctx = NULL;
|
||||||
|
#endif /* EAP_TLS_FUNCS */
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef RADIUS_SERVER
|
#ifdef RADIUS_SERVER
|
||||||
radius_server_deinit(hapd->radius_srv);
|
radius_server_deinit(hapd->radius_srv);
|
||||||
hapd->radius_srv = NULL;
|
hapd->radius_srv = NULL;
|
||||||
|
|
|
@ -439,9 +439,11 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
|
||||||
vlan_deinit(hapd);
|
vlan_deinit(hapd);
|
||||||
hostapd_acl_deinit(hapd);
|
hostapd_acl_deinit(hapd);
|
||||||
#ifndef CONFIG_NO_RADIUS
|
#ifndef CONFIG_NO_RADIUS
|
||||||
radius_client_deinit(hapd->radius);
|
if (!hapd->mld_first_bss) {
|
||||||
|
radius_client_deinit(hapd->radius);
|
||||||
|
radius_das_deinit(hapd->radius_das);
|
||||||
|
}
|
||||||
hapd->radius = NULL;
|
hapd->radius = NULL;
|
||||||
radius_das_deinit(hapd->radius_das);
|
|
||||||
hapd->radius_das = NULL;
|
hapd->radius_das = NULL;
|
||||||
#endif /* CONFIG_NO_RADIUS */
|
#endif /* CONFIG_NO_RADIUS */
|
||||||
|
|
||||||
|
@ -1215,6 +1217,10 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
|
||||||
u8 if_addr[ETH_ALEN];
|
u8 if_addr[ETH_ALEN];
|
||||||
int flush_old_stations = 1;
|
int flush_old_stations = 1;
|
||||||
|
|
||||||
|
if (hapd->mld_first_bss)
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"MLD: %s: Setting non-first BSS", __func__);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s), first=%d)",
|
wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s), first=%d)",
|
||||||
__func__, hapd, conf->iface, first);
|
__func__, hapd, conf->iface, first);
|
||||||
|
|
||||||
|
@ -1373,34 +1379,43 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_SQLITE */
|
#endif /* CONFIG_SQLITE */
|
||||||
|
|
||||||
hapd->radius = radius_client_init(hapd, conf->radius);
|
if (!hapd->mld_first_bss) {
|
||||||
if (hapd->radius == NULL) {
|
hapd->radius = radius_client_init(hapd, conf->radius);
|
||||||
wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
|
if (!hapd->radius) {
|
||||||
return -1;
|
wpa_printf(MSG_ERROR,
|
||||||
}
|
"RADIUS client initialization failed.");
|
||||||
|
|
||||||
if (conf->radius_das_port) {
|
|
||||||
struct radius_das_conf das_conf;
|
|
||||||
os_memset(&das_conf, 0, sizeof(das_conf));
|
|
||||||
das_conf.port = conf->radius_das_port;
|
|
||||||
das_conf.shared_secret = conf->radius_das_shared_secret;
|
|
||||||
das_conf.shared_secret_len =
|
|
||||||
conf->radius_das_shared_secret_len;
|
|
||||||
das_conf.client_addr = &conf->radius_das_client_addr;
|
|
||||||
das_conf.time_window = conf->radius_das_time_window;
|
|
||||||
das_conf.require_event_timestamp =
|
|
||||||
conf->radius_das_require_event_timestamp;
|
|
||||||
das_conf.require_message_authenticator =
|
|
||||||
conf->radius_das_require_message_authenticator;
|
|
||||||
das_conf.ctx = hapd;
|
|
||||||
das_conf.disconnect = hostapd_das_disconnect;
|
|
||||||
das_conf.coa = hostapd_das_coa;
|
|
||||||
hapd->radius_das = radius_das_init(&das_conf);
|
|
||||||
if (hapd->radius_das == NULL) {
|
|
||||||
wpa_printf(MSG_ERROR, "RADIUS DAS initialization "
|
|
||||||
"failed.");
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (conf->radius_das_port) {
|
||||||
|
struct radius_das_conf das_conf;
|
||||||
|
|
||||||
|
os_memset(&das_conf, 0, sizeof(das_conf));
|
||||||
|
das_conf.port = conf->radius_das_port;
|
||||||
|
das_conf.shared_secret = conf->radius_das_shared_secret;
|
||||||
|
das_conf.shared_secret_len =
|
||||||
|
conf->radius_das_shared_secret_len;
|
||||||
|
das_conf.client_addr = &conf->radius_das_client_addr;
|
||||||
|
das_conf.time_window = conf->radius_das_time_window;
|
||||||
|
das_conf.require_event_timestamp =
|
||||||
|
conf->radius_das_require_event_timestamp;
|
||||||
|
das_conf.require_message_authenticator =
|
||||||
|
conf->radius_das_require_message_authenticator;
|
||||||
|
das_conf.ctx = hapd;
|
||||||
|
das_conf.disconnect = hostapd_das_disconnect;
|
||||||
|
das_conf.coa = hostapd_das_coa;
|
||||||
|
hapd->radius_das = radius_das_init(&das_conf);
|
||||||
|
if (!hapd->radius_das) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"RADIUS DAS initialization failed.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"MLD: Using RADIUS client of the first BSS");
|
||||||
|
hapd->radius = hapd->mld_first_bss->radius;
|
||||||
|
hapd->radius_das = hapd->mld_first_bss->radius_das;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_NO_RADIUS */
|
#endif /* CONFIG_NO_RADIUS */
|
||||||
|
|
||||||
|
|
|
@ -2474,6 +2474,14 @@ int ieee802_1x_init(struct hostapd_data *hapd)
|
||||||
struct eapol_auth_config conf;
|
struct eapol_auth_config conf;
|
||||||
struct eapol_auth_cb cb;
|
struct eapol_auth_cb cb;
|
||||||
|
|
||||||
|
if (hapd->mld_first_bss) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"MLD: Using IEEE 802.1X state machine of the first BSS");
|
||||||
|
|
||||||
|
hapd->eapol_auth = hapd->mld_first_bss->eapol_auth;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
dl_list_init(&hapd->erp_keys);
|
dl_list_init(&hapd->erp_keys);
|
||||||
|
|
||||||
os_memset(&conf, 0, sizeof(conf));
|
os_memset(&conf, 0, sizeof(conf));
|
||||||
|
@ -2558,6 +2566,14 @@ void ieee802_1x_erp_flush(struct hostapd_data *hapd)
|
||||||
|
|
||||||
void ieee802_1x_deinit(struct hostapd_data *hapd)
|
void ieee802_1x_deinit(struct hostapd_data *hapd)
|
||||||
{
|
{
|
||||||
|
if (hapd->mld_first_bss) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"MLD: Deinit IEEE 802.1X state machine of a non-first BSS");
|
||||||
|
|
||||||
|
hapd->eapol_auth = NULL;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_WEP
|
#ifdef CONFIG_WEP
|
||||||
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
|
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
|
||||||
#endif /* CONFIG_WEP */
|
#endif /* CONFIG_WEP */
|
||||||
|
|
Loading…
Reference in a new issue