AP: MLO: Make IEEE 802.1X SM, authserv, and RADIUS client singletons

To simplify the handling of MLD stations, assume that all
interfaces/BSSs use the same IEEE 802.1X authenticator, the same RADIUS
server instance, and the same RADIUS client.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This commit is contained in:
Ilan Peer 2023-05-22 22:33:39 +03:00 committed by Jouni Malinen
parent 7b45c2e6bc
commit a213fee11d
3 changed files with 96 additions and 28 deletions

View file

@ -106,6 +106,15 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
{ {
struct radius_server_conf srv; struct radius_server_conf srv;
struct hostapd_bss_config *conf = hapd->conf; struct hostapd_bss_config *conf = hapd->conf;
if (hapd->mld_first_bss) {
wpa_printf(MSG_DEBUG,
"MLD: Using RADIUS server of the first BSS");
hapd->radius_srv = hapd->mld_first_bss->radius_srv;
return 0;
}
os_memset(&srv, 0, sizeof(srv)); os_memset(&srv, 0, sizeof(srv));
srv.client_file = conf->radius_server_clients; srv.client_file = conf->radius_server_clients;
srv.auth_port = conf->radius_server_auth_port; srv.auth_port = conf->radius_server_auth_port;
@ -238,6 +247,19 @@ static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd)
int authsrv_init(struct hostapd_data *hapd) int authsrv_init(struct hostapd_data *hapd)
{ {
if (hapd->mld_first_bss) {
wpa_printf(MSG_DEBUG, "MLD: Using auth_serv of the first BSS");
#ifdef EAP_TLS_FUNCS
hapd->ssl_ctx = hapd->mld_first_bss->ssl_ctx;
#endif /* EAP_TLS_FUNCS */
hapd->eap_cfg = hapd->mld_first_bss->eap_cfg;
#ifdef EAP_SIM_DB
hapd->eap_sim_db_priv = hapd->mld_first_bss->eap_sim_db_priv;
#endif /* EAP_SIM_DB */
return 0;
}
#ifdef EAP_TLS_FUNCS #ifdef EAP_TLS_FUNCS
if (hapd->conf->eap_server && if (hapd->conf->eap_server &&
(hapd->conf->ca_cert || hapd->conf->server_cert || (hapd->conf->ca_cert || hapd->conf->server_cert ||
@ -352,6 +374,21 @@ int authsrv_init(struct hostapd_data *hapd)
void authsrv_deinit(struct hostapd_data *hapd) void authsrv_deinit(struct hostapd_data *hapd)
{ {
if (hapd->mld_first_bss) {
wpa_printf(MSG_DEBUG,
"MLD: Deinit auth_serv of a non-first BSS");
hapd->radius_srv = NULL;
hapd->eap_cfg = NULL;
#ifdef EAP_SIM_DB
hapd->eap_sim_db_priv = NULL;
#endif /* EAP_SIM_DB */
#ifdef EAP_TLS_FUNCS
hapd->ssl_ctx = NULL;
#endif /* EAP_TLS_FUNCS */
return;
}
#ifdef RADIUS_SERVER #ifdef RADIUS_SERVER
radius_server_deinit(hapd->radius_srv); radius_server_deinit(hapd->radius_srv);
hapd->radius_srv = NULL; hapd->radius_srv = NULL;

View file

@ -439,9 +439,11 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
vlan_deinit(hapd); vlan_deinit(hapd);
hostapd_acl_deinit(hapd); hostapd_acl_deinit(hapd);
#ifndef CONFIG_NO_RADIUS #ifndef CONFIG_NO_RADIUS
radius_client_deinit(hapd->radius); if (!hapd->mld_first_bss) {
radius_client_deinit(hapd->radius);
radius_das_deinit(hapd->radius_das);
}
hapd->radius = NULL; hapd->radius = NULL;
radius_das_deinit(hapd->radius_das);
hapd->radius_das = NULL; hapd->radius_das = NULL;
#endif /* CONFIG_NO_RADIUS */ #endif /* CONFIG_NO_RADIUS */
@ -1215,6 +1217,10 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
u8 if_addr[ETH_ALEN]; u8 if_addr[ETH_ALEN];
int flush_old_stations = 1; int flush_old_stations = 1;
if (hapd->mld_first_bss)
wpa_printf(MSG_DEBUG,
"MLD: %s: Setting non-first BSS", __func__);
wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s), first=%d)", wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s), first=%d)",
__func__, hapd, conf->iface, first); __func__, hapd, conf->iface, first);
@ -1373,34 +1379,43 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
} }
#endif /* CONFIG_SQLITE */ #endif /* CONFIG_SQLITE */
hapd->radius = radius_client_init(hapd, conf->radius); if (!hapd->mld_first_bss) {
if (hapd->radius == NULL) { hapd->radius = radius_client_init(hapd, conf->radius);
wpa_printf(MSG_ERROR, "RADIUS client initialization failed."); if (!hapd->radius) {
return -1; wpa_printf(MSG_ERROR,
} "RADIUS client initialization failed.");
if (conf->radius_das_port) {
struct radius_das_conf das_conf;
os_memset(&das_conf, 0, sizeof(das_conf));
das_conf.port = conf->radius_das_port;
das_conf.shared_secret = conf->radius_das_shared_secret;
das_conf.shared_secret_len =
conf->radius_das_shared_secret_len;
das_conf.client_addr = &conf->radius_das_client_addr;
das_conf.time_window = conf->radius_das_time_window;
das_conf.require_event_timestamp =
conf->radius_das_require_event_timestamp;
das_conf.require_message_authenticator =
conf->radius_das_require_message_authenticator;
das_conf.ctx = hapd;
das_conf.disconnect = hostapd_das_disconnect;
das_conf.coa = hostapd_das_coa;
hapd->radius_das = radius_das_init(&das_conf);
if (hapd->radius_das == NULL) {
wpa_printf(MSG_ERROR, "RADIUS DAS initialization "
"failed.");
return -1; return -1;
} }
if (conf->radius_das_port) {
struct radius_das_conf das_conf;
os_memset(&das_conf, 0, sizeof(das_conf));
das_conf.port = conf->radius_das_port;
das_conf.shared_secret = conf->radius_das_shared_secret;
das_conf.shared_secret_len =
conf->radius_das_shared_secret_len;
das_conf.client_addr = &conf->radius_das_client_addr;
das_conf.time_window = conf->radius_das_time_window;
das_conf.require_event_timestamp =
conf->radius_das_require_event_timestamp;
das_conf.require_message_authenticator =
conf->radius_das_require_message_authenticator;
das_conf.ctx = hapd;
das_conf.disconnect = hostapd_das_disconnect;
das_conf.coa = hostapd_das_coa;
hapd->radius_das = radius_das_init(&das_conf);
if (!hapd->radius_das) {
wpa_printf(MSG_ERROR,
"RADIUS DAS initialization failed.");
return -1;
}
}
} else {
wpa_printf(MSG_DEBUG,
"MLD: Using RADIUS client of the first BSS");
hapd->radius = hapd->mld_first_bss->radius;
hapd->radius_das = hapd->mld_first_bss->radius_das;
} }
#endif /* CONFIG_NO_RADIUS */ #endif /* CONFIG_NO_RADIUS */

View file

@ -2474,6 +2474,14 @@ int ieee802_1x_init(struct hostapd_data *hapd)
struct eapol_auth_config conf; struct eapol_auth_config conf;
struct eapol_auth_cb cb; struct eapol_auth_cb cb;
if (hapd->mld_first_bss) {
wpa_printf(MSG_DEBUG,
"MLD: Using IEEE 802.1X state machine of the first BSS");
hapd->eapol_auth = hapd->mld_first_bss->eapol_auth;
return 0;
}
dl_list_init(&hapd->erp_keys); dl_list_init(&hapd->erp_keys);
os_memset(&conf, 0, sizeof(conf)); os_memset(&conf, 0, sizeof(conf));
@ -2558,6 +2566,14 @@ void ieee802_1x_erp_flush(struct hostapd_data *hapd)
void ieee802_1x_deinit(struct hostapd_data *hapd) void ieee802_1x_deinit(struct hostapd_data *hapd)
{ {
if (hapd->mld_first_bss) {
wpa_printf(MSG_DEBUG,
"MLD: Deinit IEEE 802.1X state machine of a non-first BSS");
hapd->eapol_auth = NULL;
return;
}
#ifdef CONFIG_WEP #ifdef CONFIG_WEP
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL); eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
#endif /* CONFIG_WEP */ #endif /* CONFIG_WEP */