bss->assoc_ping_timeout = 1000;
bss->assoc_ping_attempts = 3;
#endif /* CONFIG_IEEE80211W */
+#ifdef EAP_FAST
+ /* both anonymous and authenticated provisioning */
+ bss->eap_fast_prov = 3;
+#endif /* EAP_FAST */
}
} else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
os_free(bss->eap_fast_a_id);
bss->eap_fast_a_id = os_strdup(pos);
+ } else if (os_strcmp(buf, "eap_fast_prov") == 0) {
+ bss->eap_fast_prov = atoi(pos);
#endif /* EAP_FAST */
#ifdef EAP_SIM
} else if (os_strcmp(buf, "eap_sim_db") == 0) {
char *dh_file;
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
+ int eap_fast_prov;
int eap_sim_aka_result_ind;
int tnc;
eap_conf.eap_sim_db_priv = eapol->conf.eap_sim_db_priv;
eap_conf.pac_opaque_encr_key = eapol->conf.pac_opaque_encr_key;
eap_conf.eap_fast_a_id = eapol->conf.eap_fast_a_id;
+ eap_conf.eap_fast_prov = eapol->conf.eap_fast_prov;
eap_conf.eap_sim_aka_result_ind = eapol->conf.eap_sim_aka_result_ind;
eap_conf.tnc = eapol->conf.tnc;
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
dst->eap_fast_a_id = os_strdup(src->eap_fast_a_id);
else
dst->eap_fast_a_id = NULL;
+ dst->eap_fast_prov = src->eap_fast_prov;
dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
dst->tnc = src->tnc;
return 0;
size_t eap_req_id_text_len;
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
+ int eap_fast_prov;
int eap_sim_aka_result_ind;
int tnc;
srv.ssl_ctx = hapd->ssl_ctx;
srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
srv.eap_fast_a_id = conf->eap_fast_a_id;
+ srv.eap_fast_prov = conf->eap_fast_prov;
srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
srv.tnc = conf->tnc;
srv.ipv6 = conf->radius_server_ipv6;
# EAP-FAST authority identity (A-ID)
#eap_fast_a_id=test server
+# Enable/disable different EAP-FAST provisioning modes:
+#0 = provisioning disabled
+#1 = only anonymous provisioning allowed
+#2 = only authenticated provisioning allowed
+#3 = both provisioning modes allowed (default)
+#eap_fast_prov=3
+
# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND
# (default: 0 = disabled).
#eap_sim_aka_result_ind=1
conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key;
conf.eap_fast_a_id = hapd->conf->eap_fast_a_id;
+ conf.eap_fast_prov = hapd->conf->eap_fast_prov;
conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
conf.tnc = hapd->conf->tnc;
}
if (conf->eap_fast_a_id)
sm->eap_fast_a_id = os_strdup(conf->eap_fast_a_id);
+ sm->eap_fast_prov = conf->eap_fast_prov;
sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
sm->tnc = conf->tnc;
int eap_server;
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
+ int eap_fast_prov;
int eap_sim_aka_result_ind;
int tnc;
};
"completed successfully");
}
+ if (data->anon_provisioning &&
+ sm->eap_fast_prov != ANON_PROV &&
+ sm->eap_fast_prov != BOTH_PROV) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
+ "use unauthenticated provisioning which is "
+ "disabled");
+ eap_fast_state(data, FAILURE);
+ return;
+ }
+
+ if (sm->eap_fast_prov != AUTH_PROV &&
+ sm->eap_fast_prov != BOTH_PROV &&
+ tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
+ eap_fast_pac_type(tlv.pac, tlv.pac_len,
+ PAC_TYPE_TUNNEL_PAC)) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
+ "use authenticated provisioning which is "
+ "disabled");
+ eap_fast_state(data, FAILURE);
+ return;
+ }
+
if (data->anon_provisioning ||
(tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
eap_fast_pac_type(tlv.pac, tlv.pac_len,
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
+ enum {
+ NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
+ } eap_fast_prov;
int eap_sim_aka_result_ind;
int tnc;
};
void *ssl_ctx;
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
+ int eap_fast_prov;
int eap_sim_aka_result_ind;
int tnc;
int ipv6;
eap_conf.eap_server = 1;
eap_conf.pac_opaque_encr_key = data->pac_opaque_encr_key;
eap_conf.eap_fast_a_id = data->eap_fast_a_id;
+ eap_conf.eap_fast_prov = data->eap_fast_prov;
eap_conf.eap_sim_aka_result_ind = data->eap_sim_aka_result_ind;
eap_conf.tnc = data->tnc;
sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
}
if (conf->eap_fast_a_id)
data->eap_fast_a_id = os_strdup(conf->eap_fast_a_id);
+ data->eap_fast_prov = conf->eap_fast_prov;
data->get_eap_user = conf->get_eap_user;
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
data->tnc = conf->tnc;
void *ssl_ctx;
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
+ int eap_fast_prov;
int eap_sim_aka_result_ind;
int tnc;
int ipv6;