AP: MLO: Make IEEE 802.1X SM, authserv, and RADIUS client singletons
To simplify the handling of MLD stations, assume that all interfaces/BSSs use the same IEEE 802.1X authenticator, the same RADIUS server instance, and the same RADIUS client. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This commit is contained in:
parent
7b45c2e6bc
commit
a213fee11d
3 changed files with 96 additions and 28 deletions
|
@ -106,6 +106,15 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
|
|||
{
|
||||
struct radius_server_conf srv;
|
||||
struct hostapd_bss_config *conf = hapd->conf;
|
||||
|
||||
if (hapd->mld_first_bss) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"MLD: Using RADIUS server of the first BSS");
|
||||
|
||||
hapd->radius_srv = hapd->mld_first_bss->radius_srv;
|
||||
return 0;
|
||||
}
|
||||
|
||||
os_memset(&srv, 0, sizeof(srv));
|
||||
srv.client_file = conf->radius_server_clients;
|
||||
srv.auth_port = conf->radius_server_auth_port;
|
||||
|
@ -238,6 +247,19 @@ static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd)
|
|||
|
||||
int authsrv_init(struct hostapd_data *hapd)
|
||||
{
|
||||
if (hapd->mld_first_bss) {
|
||||
wpa_printf(MSG_DEBUG, "MLD: Using auth_serv of the first BSS");
|
||||
|
||||
#ifdef EAP_TLS_FUNCS
|
||||
hapd->ssl_ctx = hapd->mld_first_bss->ssl_ctx;
|
||||
#endif /* EAP_TLS_FUNCS */
|
||||
hapd->eap_cfg = hapd->mld_first_bss->eap_cfg;
|
||||
#ifdef EAP_SIM_DB
|
||||
hapd->eap_sim_db_priv = hapd->mld_first_bss->eap_sim_db_priv;
|
||||
#endif /* EAP_SIM_DB */
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef EAP_TLS_FUNCS
|
||||
if (hapd->conf->eap_server &&
|
||||
(hapd->conf->ca_cert || hapd->conf->server_cert ||
|
||||
|
@ -352,6 +374,21 @@ int authsrv_init(struct hostapd_data *hapd)
|
|||
|
||||
void authsrv_deinit(struct hostapd_data *hapd)
|
||||
{
|
||||
if (hapd->mld_first_bss) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"MLD: Deinit auth_serv of a non-first BSS");
|
||||
|
||||
hapd->radius_srv = NULL;
|
||||
hapd->eap_cfg = NULL;
|
||||
#ifdef EAP_SIM_DB
|
||||
hapd->eap_sim_db_priv = NULL;
|
||||
#endif /* EAP_SIM_DB */
|
||||
#ifdef EAP_TLS_FUNCS
|
||||
hapd->ssl_ctx = NULL;
|
||||
#endif /* EAP_TLS_FUNCS */
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef RADIUS_SERVER
|
||||
radius_server_deinit(hapd->radius_srv);
|
||||
hapd->radius_srv = NULL;
|
||||
|
|
|
@ -439,9 +439,11 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
|
|||
vlan_deinit(hapd);
|
||||
hostapd_acl_deinit(hapd);
|
||||
#ifndef CONFIG_NO_RADIUS
|
||||
if (!hapd->mld_first_bss) {
|
||||
radius_client_deinit(hapd->radius);
|
||||
hapd->radius = NULL;
|
||||
radius_das_deinit(hapd->radius_das);
|
||||
}
|
||||
hapd->radius = NULL;
|
||||
hapd->radius_das = NULL;
|
||||
#endif /* CONFIG_NO_RADIUS */
|
||||
|
||||
|
@ -1215,6 +1217,10 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
|
|||
u8 if_addr[ETH_ALEN];
|
||||
int flush_old_stations = 1;
|
||||
|
||||
if (hapd->mld_first_bss)
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"MLD: %s: Setting non-first BSS", __func__);
|
||||
|
||||
wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s), first=%d)",
|
||||
__func__, hapd, conf->iface, first);
|
||||
|
||||
|
@ -1373,14 +1379,17 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
|
|||
}
|
||||
#endif /* CONFIG_SQLITE */
|
||||
|
||||
if (!hapd->mld_first_bss) {
|
||||
hapd->radius = radius_client_init(hapd, conf->radius);
|
||||
if (hapd->radius == NULL) {
|
||||
wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
|
||||
if (!hapd->radius) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"RADIUS client initialization failed.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (conf->radius_das_port) {
|
||||
struct radius_das_conf das_conf;
|
||||
|
||||
os_memset(&das_conf, 0, sizeof(das_conf));
|
||||
das_conf.port = conf->radius_das_port;
|
||||
das_conf.shared_secret = conf->radius_das_shared_secret;
|
||||
|
@ -1396,12 +1405,18 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
|
|||
das_conf.disconnect = hostapd_das_disconnect;
|
||||
das_conf.coa = hostapd_das_coa;
|
||||
hapd->radius_das = radius_das_init(&das_conf);
|
||||
if (hapd->radius_das == NULL) {
|
||||
wpa_printf(MSG_ERROR, "RADIUS DAS initialization "
|
||||
"failed.");
|
||||
if (!hapd->radius_das) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"RADIUS DAS initialization failed.");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"MLD: Using RADIUS client of the first BSS");
|
||||
hapd->radius = hapd->mld_first_bss->radius;
|
||||
hapd->radius_das = hapd->mld_first_bss->radius_das;
|
||||
}
|
||||
#endif /* CONFIG_NO_RADIUS */
|
||||
|
||||
if (hostapd_acl_init(hapd)) {
|
||||
|
|
|
@ -2474,6 +2474,14 @@ int ieee802_1x_init(struct hostapd_data *hapd)
|
|||
struct eapol_auth_config conf;
|
||||
struct eapol_auth_cb cb;
|
||||
|
||||
if (hapd->mld_first_bss) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"MLD: Using IEEE 802.1X state machine of the first BSS");
|
||||
|
||||
hapd->eapol_auth = hapd->mld_first_bss->eapol_auth;
|
||||
return 0;
|
||||
}
|
||||
|
||||
dl_list_init(&hapd->erp_keys);
|
||||
|
||||
os_memset(&conf, 0, sizeof(conf));
|
||||
|
@ -2558,6 +2566,14 @@ void ieee802_1x_erp_flush(struct hostapd_data *hapd)
|
|||
|
||||
void ieee802_1x_deinit(struct hostapd_data *hapd)
|
||||
{
|
||||
if (hapd->mld_first_bss) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"MLD: Deinit IEEE 802.1X state machine of a non-first BSS");
|
||||
|
||||
hapd->eapol_auth = NULL;
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_WEP
|
||||
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
|
||||
#endif /* CONFIG_WEP */
|
||||
|
|
Loading…
Reference in a new issue