projects / mech_eap.orig / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
automake build system
[mech_eap.orig] / src / ap / authsrv.c
1 /*
2  * Authentication server setup
3  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14
15 #include "utils/includes.h"
16
17 #include "utils/common.h"
18 #include "crypto/tls.h"
19 #include "eap_server/eap.h"
20 #include "eap_server/eap_sim_db.h"
21 #include "eapol_auth/eapol_auth_sm.h"
22 #include "radius/radius_server.h"
23 #include "hostapd.h"
24 #include "ap_config.h"
25 #include "sta_info.h"
26 #include "authsrv.h"
27
28
29 #if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
30 #define EAP_SIM_DB
31 #endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
32
33
34 #ifdef EAP_SIM_DB
35 static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
36                                  struct sta_info *sta, void *ctx)
37 {
38         if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0)
39                 return 1;
40         return 0;
41 }
42
43
44 static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
45 {
46         struct hostapd_data *hapd = ctx;
47         if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) {
48 #ifdef RADIUS_SERVER
49                 radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
50 #endif /* RADIUS_SERVER */
51         }
52 }
53 #endif /* EAP_SIM_DB */
54
55
56 #ifdef RADIUS_SERVER
57
58 static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
59                                        size_t identity_len, int phase2,
60                                        struct eap_user *user)
61 {
62         const struct hostapd_eap_user *eap_user;
63         int i, count;
64
65         eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
66         if (eap_user == NULL)
67                 return -1;
68
69         if (user == NULL)
70                 return 0;
71
72         os_memset(user, 0, sizeof(*user));
73         count = EAP_USER_MAX_METHODS;
74         if (count > EAP_MAX_METHODS)
75                 count = EAP_MAX_METHODS;
76         for (i = 0; i < count; i++) {
77                 user->methods[i].vendor = eap_user->methods[i].vendor;
78                 user->methods[i].method = eap_user->methods[i].method;
79         }
80
81         if (eap_user->password) {
82                 user->password = os_malloc(eap_user->password_len);
83                 if (user->password == NULL)
84                         return -1;
85                 os_memcpy(user->password, eap_user->password,
86                           eap_user->password_len);
87                 user->password_len = eap_user->password_len;
88                 user->password_hash = eap_user->password_hash;
89         }
90         user->force_version = eap_user->force_version;
91         user->ttls_auth = eap_user->ttls_auth;
92
93         return 0;
94 }
95
96
97 static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
98 {
99         struct radius_server_conf srv;
100         struct hostapd_bss_config *conf = hapd->conf;
101         os_memset(&srv, 0, sizeof(srv));
102         srv.client_file = conf->radius_server_clients;
103         srv.auth_port = conf->radius_server_auth_port;
104         srv.conf_ctx = conf;
105         srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
106         srv.ssl_ctx = hapd->ssl_ctx;
107         srv.msg_ctx = hapd->msg_ctx;
108         srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
109         srv.eap_fast_a_id = conf->eap_fast_a_id;
110         srv.eap_fast_a_id_len = conf->eap_fast_a_id_len;
111         srv.eap_fast_a_id_info = conf->eap_fast_a_id_info;
112         srv.eap_fast_prov = conf->eap_fast_prov;
113         srv.pac_key_lifetime = conf->pac_key_lifetime;
114         srv.pac_key_refresh_time = conf->pac_key_refresh_time;
115         srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
116         srv.tnc = conf->tnc;
117         srv.wps = hapd->wps;
118         srv.ipv6 = conf->radius_server_ipv6;
119         srv.get_eap_user = hostapd_radius_get_eap_user;
120         srv.eap_req_id_text = conf->eap_req_id_text;
121         srv.eap_req_id_text_len = conf->eap_req_id_text_len;
122         srv.pwd_group = conf->pwd_group;
123
124         hapd->radius_srv = radius_server_init(&srv);
125         if (hapd->radius_srv == NULL) {
126                 wpa_printf(MSG_ERROR, "RADIUS server initialization failed.");
127                 return -1;
128         }
129
130         return 0;
131 }
132
133 #endif /* RADIUS_SERVER */
134
135
136 int authsrv_init(struct hostapd_data *hapd)
137 {
138 #ifdef EAP_TLS_FUNCS
139         if (hapd->conf->eap_server &&
140             (hapd->conf->ca_cert || hapd->conf->server_cert ||
141              hapd->conf->dh_file)) {
142                 struct tls_connection_params params;
143
144                 hapd->ssl_ctx = tls_init(NULL);
145                 if (hapd->ssl_ctx == NULL) {
146                         wpa_printf(MSG_ERROR, "Failed to initialize TLS");
147                         authsrv_deinit(hapd);
148                         return -1;
149                 }
150
151                 os_memset(&params, 0, sizeof(params));
152                 params.ca_cert = hapd->conf->ca_cert;
153                 params.client_cert = hapd->conf->server_cert;
154                 params.private_key = hapd->conf->private_key;
155                 params.private_key_passwd = hapd->conf->private_key_passwd;
156                 params.dh_file = hapd->conf->dh_file;
157
158                 if (tls_global_set_params(hapd->ssl_ctx, &params)) {
159                         wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
160                         authsrv_deinit(hapd);
161                         return -1;
162                 }
163
164                 if (tls_global_set_verify(hapd->ssl_ctx,
165                                           hapd->conf->check_crl)) {
166                         wpa_printf(MSG_ERROR, "Failed to enable check_crl");
167                         authsrv_deinit(hapd);
168                         return -1;
169                 }
170         }
171 #endif /* EAP_TLS_FUNCS */
172
173 #ifdef EAP_SIM_DB
174         if (hapd->conf->eap_sim_db) {
175                 hapd->eap_sim_db_priv =
176                         eap_sim_db_init(hapd->conf->eap_sim_db,
177                                         hostapd_sim_db_cb, hapd);
178                 if (hapd->eap_sim_db_priv == NULL) {
179                         wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
180                                    "database interface");
181                         authsrv_deinit(hapd);
182                         return -1;
183                 }
184         }
185 #endif /* EAP_SIM_DB */
186
187 #ifdef RADIUS_SERVER
188         if (hapd->conf->radius_server_clients &&
189             hostapd_setup_radius_srv(hapd))
190                 return -1;
191 #endif /* RADIUS_SERVER */
192
193         return 0;
194 }
195
196
197 void authsrv_deinit(struct hostapd_data *hapd)
198 {
199 #ifdef RADIUS_SERVER
200         radius_server_deinit(hapd->radius_srv);
201         hapd->radius_srv = NULL;
202 #endif /* RADIUS_SERVER */
203
204 #ifdef EAP_TLS_FUNCS
205         if (hapd->ssl_ctx) {
206                 tls_deinit(hapd->ssl_ctx);
207                 hapd->ssl_ctx = NULL;
208         }
209 #endif /* EAP_TLS_FUNCS */
210
211 #ifdef EAP_SIM_DB
212         if (hapd->eap_sim_db_priv) {
213                 eap_sim_db_deinit(hapd->eap_sim_db_priv);
214                 hapd->eap_sim_db_priv = NULL;
215         }
216 #endif /* EAP_SIM_DB */
217 }
Moonshot GSS-API mechanism