LCOV - code coverage report
Current view: top level - src/ap - authsrv.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1422976643 Lines: 98 116 84.5 %
Date: 2015-02-03 Functions: 6 6 100.0 %

          Line data    Source code
       1             : /*
       2             :  * Authentication server setup
       3             :  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "utils/includes.h"
      10             : 
      11             : #include "utils/common.h"
      12             : #include "crypto/tls.h"
      13             : #include "eap_server/eap.h"
      14             : #include "eap_server/eap_sim_db.h"
      15             : #include "eapol_auth/eapol_auth_sm.h"
      16             : #include "radius/radius_server.h"
      17             : #include "hostapd.h"
      18             : #include "ap_config.h"
      19             : #include "sta_info.h"
      20             : #include "authsrv.h"
      21             : 
      22             : 
      23             : #if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
      24             : #define EAP_SIM_DB
      25             : #endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
      26             : 
      27             : 
      28             : #ifdef EAP_SIM_DB
      29           6 : static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
      30             :                                  struct sta_info *sta, void *ctx)
      31             : {
      32           6 :         if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0)
      33           6 :                 return 1;
      34           0 :         return 0;
      35             : }
      36             : 
      37             : 
      38          84 : static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
      39             : {
      40          84 :         struct hostapd_data *hapd = ctx;
      41          84 :         if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) {
      42             : #ifdef RADIUS_SERVER
      43          78 :                 radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
      44             : #endif /* RADIUS_SERVER */
      45             :         }
      46          84 : }
      47             : #endif /* EAP_SIM_DB */
      48             : 
      49             : 
      50             : #ifdef RADIUS_SERVER
      51             : 
      52        1609 : static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
      53             :                                        size_t identity_len, int phase2,
      54             :                                        struct eap_user *user)
      55             : {
      56             :         const struct hostapd_eap_user *eap_user;
      57             :         int i;
      58             : 
      59        1609 :         eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
      60        1609 :         if (eap_user == NULL)
      61           3 :                 return -1;
      62             : 
      63        1606 :         if (user == NULL)
      64           0 :                 return 0;
      65             : 
      66        1606 :         os_memset(user, 0, sizeof(*user));
      67       14454 :         for (i = 0; i < EAP_MAX_METHODS; i++) {
      68       12848 :                 user->methods[i].vendor = eap_user->methods[i].vendor;
      69       12848 :                 user->methods[i].method = eap_user->methods[i].method;
      70             :         }
      71             : 
      72        1606 :         if (eap_user->password) {
      73         967 :                 user->password = os_malloc(eap_user->password_len);
      74         967 :                 if (user->password == NULL)
      75           0 :                         return -1;
      76         967 :                 os_memcpy(user->password, eap_user->password,
      77             :                           eap_user->password_len);
      78         967 :                 user->password_len = eap_user->password_len;
      79         967 :                 user->password_hash = eap_user->password_hash;
      80             :         }
      81        1606 :         user->force_version = eap_user->force_version;
      82        1606 :         user->macacl = eap_user->macacl;
      83        1606 :         user->ttls_auth = eap_user->ttls_auth;
      84        1606 :         user->remediation = eap_user->remediation;
      85        1606 :         user->accept_attr = eap_user->accept_attr;
      86             : 
      87        1606 :         return 0;
      88             : }
      89             : 
      90             : 
      91          16 : static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
      92             : {
      93             :         struct radius_server_conf srv;
      94          16 :         struct hostapd_bss_config *conf = hapd->conf;
      95          16 :         os_memset(&srv, 0, sizeof(srv));
      96          16 :         srv.client_file = conf->radius_server_clients;
      97          16 :         srv.auth_port = conf->radius_server_auth_port;
      98          16 :         srv.acct_port = conf->radius_server_acct_port;
      99          16 :         srv.conf_ctx = hapd;
     100          16 :         srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
     101          16 :         srv.ssl_ctx = hapd->ssl_ctx;
     102          16 :         srv.msg_ctx = hapd->msg_ctx;
     103          16 :         srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
     104          16 :         srv.eap_fast_a_id = conf->eap_fast_a_id;
     105          16 :         srv.eap_fast_a_id_len = conf->eap_fast_a_id_len;
     106          16 :         srv.eap_fast_a_id_info = conf->eap_fast_a_id_info;
     107          16 :         srv.eap_fast_prov = conf->eap_fast_prov;
     108          16 :         srv.pac_key_lifetime = conf->pac_key_lifetime;
     109          16 :         srv.pac_key_refresh_time = conf->pac_key_refresh_time;
     110          16 :         srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
     111          16 :         srv.tnc = conf->tnc;
     112          16 :         srv.wps = hapd->wps;
     113          16 :         srv.ipv6 = conf->radius_server_ipv6;
     114          16 :         srv.get_eap_user = hostapd_radius_get_eap_user;
     115          16 :         srv.eap_req_id_text = conf->eap_req_id_text;
     116          16 :         srv.eap_req_id_text_len = conf->eap_req_id_text_len;
     117          16 :         srv.pwd_group = conf->pwd_group;
     118          16 :         srv.server_id = conf->server_id ? conf->server_id : "hostapd";
     119          16 :         srv.sqlite_file = conf->eap_user_sqlite;
     120             : #ifdef CONFIG_RADIUS_TEST
     121             :         srv.dump_msk_file = conf->dump_msk_file;
     122             : #endif /* CONFIG_RADIUS_TEST */
     123             : #ifdef CONFIG_HS20
     124          16 :         srv.subscr_remediation_url = conf->subscr_remediation_url;
     125          16 :         srv.subscr_remediation_method = conf->subscr_remediation_method;
     126             : #endif /* CONFIG_HS20 */
     127          16 :         srv.erp = conf->eap_server_erp;
     128          16 :         srv.erp_domain = conf->erp_domain;
     129             : 
     130          16 :         hapd->radius_srv = radius_server_init(&srv);
     131          16 :         if (hapd->radius_srv == NULL) {
     132           0 :                 wpa_printf(MSG_ERROR, "RADIUS server initialization failed.");
     133           0 :                 return -1;
     134             :         }
     135             : 
     136          16 :         return 0;
     137             : }
     138             : 
     139             : #endif /* RADIUS_SERVER */
     140             : 
     141             : 
     142        1248 : int authsrv_init(struct hostapd_data *hapd)
     143             : {
     144             : #ifdef EAP_TLS_FUNCS
     145        1125 :         if (hapd->conf->eap_server &&
     146         330 :             (hapd->conf->ca_cert || hapd->conf->server_cert ||
     147         188 :              hapd->conf->private_key || hapd->conf->dh_file)) {
     148             :                 struct tls_connection_params params;
     149             : 
     150          48 :                 hapd->ssl_ctx = tls_init(NULL);
     151          48 :                 if (hapd->ssl_ctx == NULL) {
     152           0 :                         wpa_printf(MSG_ERROR, "Failed to initialize TLS");
     153           0 :                         authsrv_deinit(hapd);
     154           0 :                         return -1;
     155             :                 }
     156             : 
     157          48 :                 os_memset(&params, 0, sizeof(params));
     158          48 :                 params.ca_cert = hapd->conf->ca_cert;
     159          48 :                 params.client_cert = hapd->conf->server_cert;
     160          48 :                 params.private_key = hapd->conf->private_key;
     161          48 :                 params.private_key_passwd = hapd->conf->private_key_passwd;
     162          48 :                 params.dh_file = hapd->conf->dh_file;
     163          48 :                 params.openssl_ciphers = hapd->conf->openssl_ciphers;
     164          48 :                 params.ocsp_stapling_response =
     165          48 :                         hapd->conf->ocsp_stapling_response;
     166             : 
     167          48 :                 if (tls_global_set_params(hapd->ssl_ctx, &params)) {
     168           0 :                         wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
     169           0 :                         authsrv_deinit(hapd);
     170           0 :                         return -1;
     171             :                 }
     172             : 
     173          48 :                 if (tls_global_set_verify(hapd->ssl_ctx,
     174          48 :                                           hapd->conf->check_crl)) {
     175           0 :                         wpa_printf(MSG_ERROR, "Failed to enable check_crl");
     176           0 :                         authsrv_deinit(hapd);
     177           0 :                         return -1;
     178             :                 }
     179             :         }
     180             : #endif /* EAP_TLS_FUNCS */
     181             : 
     182             : #ifdef EAP_SIM_DB
     183         983 :         if (hapd->conf->eap_sim_db) {
     184          13 :                 hapd->eap_sim_db_priv =
     185          13 :                         eap_sim_db_init(hapd->conf->eap_sim_db,
     186             :                                         hostapd_sim_db_cb, hapd);
     187          13 :                 if (hapd->eap_sim_db_priv == NULL) {
     188           0 :                         wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
     189             :                                    "database interface");
     190           0 :                         authsrv_deinit(hapd);
     191           0 :                         return -1;
     192             :                 }
     193             :         }
     194             : #endif /* EAP_SIM_DB */
     195             : 
     196             : #ifdef RADIUS_SERVER
     197         999 :         if (hapd->conf->radius_server_clients &&
     198          16 :             hostapd_setup_radius_srv(hapd))
     199           0 :                 return -1;
     200             : #endif /* RADIUS_SERVER */
     201             : 
     202        1248 :         return 0;
     203             : }
     204             : 
     205             : 
     206        1252 : void authsrv_deinit(struct hostapd_data *hapd)
     207             : {
     208             : #ifdef RADIUS_SERVER
     209         987 :         radius_server_deinit(hapd->radius_srv);
     210         987 :         hapd->radius_srv = NULL;
     211             : #endif /* RADIUS_SERVER */
     212             : 
     213             : #ifdef EAP_TLS_FUNCS
     214         987 :         if (hapd->ssl_ctx) {
     215          48 :                 tls_deinit(hapd->ssl_ctx);
     216          48 :                 hapd->ssl_ctx = NULL;
     217             :         }
     218             : #endif /* EAP_TLS_FUNCS */
     219             : 
     220             : #ifdef EAP_SIM_DB
     221         987 :         if (hapd->eap_sim_db_priv) {
     222          13 :                 eap_sim_db_deinit(hapd->eap_sim_db_priv);
     223          13 :                 hapd->eap_sim_db_priv = NULL;
     224             :         }
     225             : #endif /* EAP_SIM_DB */
     226        1252 : }

Generated by: LCOV version 1.10