/*
* hostapd / RADIUS Accounting
- * Copyright (c) 2002-2009, 2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2009, 2012-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
#include "utils/common.h"
#include "utils/eloop.h"
-#include "drivers/driver.h"
+#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "radius/radius.h"
#include "radius/radius_client.h"
#include "hostapd.h"
size_t len;
int i;
struct wpabuf *b;
+ struct os_time now;
msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
radius_client_get_id(hapd->radius));
if (sta) {
radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
-
- os_snprintf(buf, sizeof(buf), "%08X-%08X",
- sta->acct_session_id_hi, sta->acct_session_id_lo);
- if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
- (u8 *) buf, os_strlen(buf))) {
- wpa_printf(MSG_INFO, "Could not add Acct-Session-Id");
- goto fail;
- }
} else {
radius_msg_make_authenticator(msg, (u8 *) hapd, sizeof(*hapd));
}
goto fail;
}
- if (!hostapd_config_get_radius_attr(hapd->conf->radius_acct_req_attr,
- RADIUS_ATTR_ACCT_AUTHENTIC) &&
- !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC,
- hapd->conf->ieee802_1x ?
- RADIUS_ACCT_AUTHENTIC_RADIUS :
- RADIUS_ACCT_AUTHENTIC_LOCAL)) {
- wpa_printf(MSG_INFO, "Could not add Acct-Authentic");
- goto fail;
- }
-
if (sta) {
+ if (!hostapd_config_get_radius_attr(
+ hapd->conf->radius_acct_req_attr,
+ RADIUS_ATTR_ACCT_AUTHENTIC) &&
+ !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC,
+ hapd->conf->ieee802_1x ?
+ RADIUS_ACCT_AUTHENTIC_RADIUS :
+ RADIUS_ACCT_AUTHENTIC_LOCAL)) {
+ wpa_printf(MSG_INFO, "Could not add Acct-Authentic");
+ goto fail;
+ }
+
/* Use 802.1X identity if available */
val = ieee802_1x_get_identity(sta->eapol_sm, &len);
wpa_printf(MSG_ERROR, "Could not add CUI from ACL");
goto fail;
}
+
+ if (sta->ipaddr &&
+ !radius_msg_add_attr_int32(msg,
+ RADIUS_ATTR_FRAMED_IP_ADDRESS,
+ be_to_host32(sta->ipaddr))) {
+ wpa_printf(MSG_ERROR,
+ "Could not add Framed-IP-Address");
+ goto fail;
+ }
+ }
+
+ os_get_time(&now);
+ if (now.sec > 1000000000 &&
+ !radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP,
+ now.sec)) {
+ wpa_printf(MSG_INFO, "Could not add Event-Timestamp");
+ goto fail;
}
return msg;
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,
- "starting accounting session %08X-%08X",
- sta->acct_session_id_hi, sta->acct_session_id_lo);
+ "starting accounting session %016lX",
+ (long unsigned int) sta->acct_session_id);
os_get_reltime(&sta->acct_session_start);
sta->last_rx_bytes = sta->last_tx_bytes = 0;
int cause = sta->acct_terminate_cause;
struct hostap_sta_driver_data data;
struct os_reltime now_r, diff;
- struct os_time now;
u32 gigawords;
if (!hapd->conf->radius->acct_server)
}
os_get_reltime(&now_r);
- os_get_time(&now);
os_reltime_sub(&now_r, &sta->acct_session_start, &diff);
if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME,
diff.sec)) {
}
}
- if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP,
- now.sec)) {
- wpa_printf(MSG_INFO, "Could not add Event-Timestamp");
- goto fail;
- }
-
if (eloop_terminated())
cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT;
eloop_cancel_timeout(accounting_interim_update, hapd, sta);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,
- "stopped accounting session %08X-%08X",
- sta->acct_session_id_hi,
- sta->acct_session_id_lo);
+ "stopped accounting session %016lX",
+ (long unsigned int) sta->acct_session_id);
sta->acct_session_started = 0;
}
}
-void accounting_sta_get_id(struct hostapd_data *hapd,
- struct sta_info *sta)
+int accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta)
{
- sta->acct_session_id_lo = hapd->acct_session_id_lo++;
- if (hapd->acct_session_id_lo == 0) {
- hapd->acct_session_id_hi++;
- }
- sta->acct_session_id_hi = hapd->acct_session_id_hi;
+ /*
+ * Acct-Session-Id should be globally and temporarily unique.
+ * A high quality random number is required therefore.
+ * This could be be improved by switching to a GUID.
+ */
+ return os_get_random((u8 *) &sta->acct_session_id,
+ sizeof(sta->acct_session_id));
}
if (!msg)
return;
- if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
- RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT))
- {
- wpa_printf(MSG_INFO, "Could not add Acct-Terminate-Cause");
- radius_msg_free(msg);
- return;
+ if (hapd->acct_session_id) {
+ char buf[20];
+
+ os_snprintf(buf, sizeof(buf), "%016lX",
+ (long unsigned int) hapd->acct_session_id);
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
+ (u8 *) buf, os_strlen(buf)))
+ wpa_printf(MSG_ERROR, "Could not add Acct-Session-Id");
}
if (radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL) < 0)
*/
int accounting_init(struct hostapd_data *hapd)
{
- struct os_time now;
-
- /* Acct-Session-Id should be unique over reboots. If reliable clock is
- * not available, this could be replaced with reboot counter, etc. */
- os_get_time(&now);
- hapd->acct_session_id_hi = now.sec;
+ /*
+ * Acct-Session-Id should be globally and temporarily unique.
+ * A high quality random number is required therefore.
+ * This could be be improved by switching to a GUID.
+ */
+ if (os_get_random((u8 *) &hapd->acct_session_id,
+ sizeof(hapd->acct_session_id)) < 0)
+ return -1;
if (radius_client_register(hapd->radius, RADIUS_ACCT,
accounting_receive, hapd))
/**
- * accounting_deinit: Deinitilize accounting
+ * accounting_deinit: Deinitialize accounting
* @hapd: hostapd BSS data
*/
void accounting_deinit(struct hostapd_data *hapd)