srv.wps = hapd->wps;
srv.ipv6 = conf->radius_server_ipv6;
srv.get_eap_user = hostapd_radius_get_eap_user;
+ srv.eap_req_id_text = conf->eap_req_id_text;
+ srv.eap_req_id_text_len = conf->eap_req_id_text_len;
hapd->radius_srv = radius_server_init(&srv);
if (hapd->radius_srv == NULL) {
}
if ((sm->user == NULL || sm->update_user) && sm->identity) {
+ /*
+ * Allow Identity method to be started once to allow identity
+ * selection hint to be sent from the authentication server,
+ * but prevent a loop of Identity requests by only allowing
+ * this to happen once.
+ */
+ int id_req = 0;
+ if (sm->user && sm->currentMethod == EAP_TYPE_IDENTITY &&
+ sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
+ sm->user->methods[0].method == EAP_TYPE_IDENTITY)
+ id_req = 1;
if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: user not "
"found from database -> FAILURE");
return DECISION_FAILURE;
}
+ if (id_req && sm->user &&
+ sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
+ sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
+ wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
+ "identity request loop -> FAILURE");
+ sm->update_user = TRUE;
+ return DECISION_FAILURE;
+ }
sm->update_user = FALSE;
}
return; /* Should not happen - frame already validated */
wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
+ if (sm->identity)
+ sm->update_user = TRUE;
os_free(sm->identity);
sm->identity = os_malloc(len ? len : 1);
if (sm->identity == NULL) {
struct radius_server_counters counters;
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
int phase2, struct eap_user *user);
+ char *eap_req_id_text;
+ size_t eap_req_id_text_len;
};
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
data->tnc = conf->tnc;
data->wps = conf->wps;
+ if (conf->eap_req_id_text) {
+ data->eap_req_id_text = os_malloc(conf->eap_req_id_text_len);
+ if (data->eap_req_id_text) {
+ os_memcpy(data->eap_req_id_text, conf->eap_req_id_text,
+ conf->eap_req_id_text_len);
+ data->eap_req_id_text_len = conf->eap_req_id_text_len;
+ }
+ }
data->clients = radius_server_read_clients(conf->client_file,
conf->ipv6);
os_free(data->pac_opaque_encr_key);
os_free(data->eap_fast_a_id);
os_free(data->eap_fast_a_id_info);
+ os_free(data->eap_req_id_text);
os_free(data);
}
}
+static const char * radius_server_get_eap_req_id_text(void *ctx, size_t *len)
+{
+ struct radius_session *sess = ctx;
+ struct radius_server_data *data = sess->server;
+ *len = data->eap_req_id_text_len;
+ return data->eap_req_id_text;
+}
+
+
static struct eapol_callbacks radius_server_eapol_cb =
{
.get_eap_user = radius_server_get_eap_user,
+ .get_eap_req_id_text = radius_server_get_eap_req_id_text,
};
int ipv6;
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
int phase2, struct eap_user *user);
+ const char *eap_req_id_text;
+ size_t eap_req_id_text_len;
};