Cumulative patch from commit 390b92913a9a1b3a6aaf70e8b5971a7b7c76cabc
390b929 TLS testing: Allow hostapd to be used as a TLS testing tool
994afe3 RADIUS server: Allow TLS implementation add log entries
01f7fe1 RADIUS server: Allow EAP methods to log into SQLite DB
8a57da7 RADIUS server: Add option for storing log information to SQLite DB
f3ef7a2 TLS client: Send decrypt_error on verify_data validation error
129b9b9 TLS: Share a helper function for verifying Signature
6531963 TLS: Use a helper function for calculating ServerKeyExchange hash
65074a2 TLS: Add support for DHE-RSA cipher suites
41ebfe9 TLS server: Enable SHA256-based cipher suites
60b893d wpa_supplicant: Allow external management frame processing for testing
ec33bc6 Enable RADIUS message dumps with excessive debug verbosity
226e357 Revert "bridge: Track inter-BSS usage"
d0ee16e Allow arbitrary RADIUS attributes to be added into Access-Accept
0ac3876 Fix PMF protect disconnection on session timeout
49021c1 Fix hostapd error path regression
Change-Id: Ie0710c036cca2fb370d28684cc5a5d28a075dfc1
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index b995892..f744985 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -388,8 +388,9 @@
}
-static void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
+void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
{
+ hostapd_config_free_radius_attr(user->accept_attr);
os_free(user->identity);
os_free(user->password);
os_free(user);
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index e1e34e2..f6ca8b1 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -128,6 +128,7 @@
* nt_password_hash() */
unsigned int remediation:1;
int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */
+ struct hostapd_radius_attr *accept_attr;
};
struct hostapd_radius_attr {
@@ -601,6 +602,7 @@
int hostapd_mac_comp_empty(const void *a);
struct hostapd_config * hostapd_config_defaults(void);
void hostapd_config_defaults_bss(struct hostapd_bss_config *bss);
+void hostapd_config_free_eap_user(struct hostapd_eap_user *user);
void hostapd_config_free_bss(struct hostapd_bss_config *conf);
void hostapd_config_free(struct hostapd_config *conf);
int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 7691012..6e3decd 100644
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -81,6 +81,7 @@
user->force_version = eap_user->force_version;
user->ttls_auth = eap_user->ttls_auth;
user->remediation = eap_user->remediation;
+ user->accept_attr = eap_user->accept_attr;
return 0;
}
@@ -114,6 +115,7 @@
srv.eap_req_id_text_len = conf->eap_req_id_text_len;
srv.pwd_group = conf->pwd_group;
srv.server_id = conf->server_id ? conf->server_id : "hostapd";
+ srv.sqlite_file = conf->eap_user_sqlite;
#ifdef CONFIG_RADIUS_TEST
srv.dump_msk_file = conf->dump_msk_file;
#endif /* CONFIG_RADIUS_TEST */
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index bfa3c49..bc5bb6c 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -760,7 +760,7 @@
return -1;
}
- if (wpa_debug_level == MSG_MSGDUMP)
+ if (wpa_debug_level <= MSG_MSGDUMP)
conf->radius->msg_dumps = 1;
#ifndef CONFIG_NO_RADIUS
hapd->radius = radius_client_init(hapd, conf->radius);
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index be7df51..9a705a4 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -24,7 +24,6 @@
union wps_event_data;
struct hostapd_iface;
-struct hostapd_dynamic_iface;
struct hapd_interfaces {
int (*reload_config)(struct hostapd_iface *iface);
@@ -37,7 +36,6 @@
int (*driver_init)(struct hostapd_iface *iface);
size_t count;
- size_t count_dynamic;
int global_ctrl_sock;
char *global_iface_path;
char *global_iface_name;
@@ -45,7 +43,6 @@
gid_t ctrl_iface_group;
#endif /* CONFIG_NATIVE_WINDOWS */
struct hostapd_iface **iface;
- struct hostapd_dynamic_iface **dynamic_iface;
size_t terminate_on_error;
};
@@ -358,16 +355,6 @@
void (*scan_cb)(struct hostapd_iface *iface);
};
-/**
- * struct hostapd_dynamic_iface - hostapd per dynamically allocated
- * or added interface data structure
- */
-struct hostapd_dynamic_iface {
- char parent[IFNAMSIZ + 1];
- char iface[IFNAMSIZ + 1];
- unsigned int usage;
-};
-
/* hostapd.c */
int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
int (*cb)(struct hostapd_iface *iface,
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 0b90e3b..c7d051b 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -473,7 +473,6 @@
{
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
- u8 addr[ETH_ALEN];
if (!(sta->flags & WLAN_STA_AUTH)) {
if (sta->flags & WLAN_STA_GAS) {
@@ -484,6 +483,8 @@
return;
}
+ hostapd_drv_sta_deauth(hapd, sta->addr,
+ WLAN_REASON_PREV_AUTH_NOT_VALID);
mlme_deauthenticate_indication(hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
@@ -491,9 +492,7 @@
"session timeout");
sta->acct_terminate_cause =
RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
- os_memcpy(addr, sta->addr, ETH_ALEN);
ap_free_sta(hapd, sta);
- hostapd_drv_sta_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID);
}
diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
index 509e557..4e4a352 100644
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -474,123 +474,6 @@
#endif /* CONFIG_VLAN_NETLINK */
-/**
- * Increase the usage counter for given parent/ifname combination.
- * If create is set, then this iface is added to the global list.
- * Returns
- * -1 on error
- * 0 if iface is not in list
- * 1 if iface is in list (was there or has been added)
- */
-static int hapd_get_dynamic_iface(const char *parent, const char *ifname,
- int create, struct hostapd_data *hapd)
-{
- size_t i;
- struct hostapd_dynamic_iface *j = NULL, **tmp;
- struct hapd_interfaces *hapd_global = hapd->iface->interfaces;
-
- if (!parent)
- parent = "";
-
- for (i = 0; i < hapd_global->count_dynamic; i++) {
- j = hapd_global->dynamic_iface[i];
- if (os_strncmp(j->iface, ifname, sizeof(j->iface)) == 0 &&
- os_strncmp(j->parent, parent, sizeof(j->parent)) == 0)
- break;
- }
- if (i < hapd_global->count_dynamic) {
- j->usage++;
- return 1;
- }
-
- /* new entry required */
- if (!create)
- return 0;
-
- j = os_zalloc(sizeof(*j));
- if (!j)
- return -1;
- os_strlcpy(j->iface, ifname, sizeof(j->iface));
- os_strlcpy(j->parent, parent, sizeof(j->parent));
-
- tmp = os_realloc_array(hapd_global->dynamic_iface, i + 1,
- sizeof(*hapd_global->dynamic_iface));
- if (!tmp) {
- wpa_printf(MSG_ERROR, "VLAN: Failed to allocate memory in %s",
- __func__);
- return -1;
- }
- hapd_global->count_dynamic++;
- hapd_global->dynamic_iface = tmp;
- hapd_global->dynamic_iface[i] = j;
-
- return 1;
-}
-
-
-/**
- * Decrease the usage counter for given ifname.
- * Returns
- * -1 on error or if iface was not found
- * 0 if iface was found and is still present
- * 1 if iface was removed from global list
- */
-static int hapd_put_dynamic_iface(const char *parent, const char *ifname,
- struct hostapd_data *hapd)
-{
- size_t i;
- struct hostapd_dynamic_iface *j = NULL, **tmp;
- struct hapd_interfaces *hapd_glob = hapd->iface->interfaces;
-
- if (!parent)
- parent = "";
-
- for (i = 0; i < hapd_glob->count_dynamic; i++) {
- j = hapd_glob->dynamic_iface[i];
- if (os_strncmp(j->iface, ifname, sizeof(j->iface)) == 0 &&
- os_strncmp(j->parent, parent, sizeof(j->parent)) == 0)
- break;
- }
-
- if (i == hapd_glob->count_dynamic) {
- /*
- * Interface not in global list. This can happen if alloc in
- * _get_ failed.
- */
- return -1;
- }
-
- if (j->usage > 0) {
- j->usage--;
- return 0;
- }
-
- os_free(j);
- for (; i < hapd_glob->count_dynamic - 1; i++)
- hapd_glob->dynamic_iface[i] = hapd_glob->dynamic_iface[i + 1];
- hapd_glob->dynamic_iface[hapd_glob->count_dynamic - 1] = NULL;
- hapd_glob->count_dynamic--;
-
- if (hapd_glob->count_dynamic == 0) {
- os_free(hapd_glob->dynamic_iface);
- hapd_glob->dynamic_iface = NULL;
- return 1;
- }
-
- tmp = os_realloc_array(hapd_glob->dynamic_iface,
- hapd_glob->count_dynamic,
- sizeof(*hapd_glob->dynamic_iface));
- if (!tmp) {
- wpa_printf(MSG_ERROR, "VLAN: Failed to release memory in %s",
- __func__);
- return -1;
- }
- hapd_glob->dynamic_iface = tmp;
-
- return 1;
-}
-
-
static void vlan_newlink(char *ifname, struct hostapd_data *hapd)
{
char vlan_ifname[IFNAMSIZ];
@@ -598,7 +481,6 @@
struct hostapd_vlan *vlan = hapd->conf->vlan;
char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
int vlan_naming = hapd->conf->ssid.vlan_naming;
- int ret;
wpa_printf(MSG_DEBUG, "VLAN: vlan_newlink(%s)", ifname);
@@ -618,9 +500,7 @@
"brvlan%d", vlan->vlan_id);
}
- ret = br_addbr(br_name);
- if (hapd_get_dynamic_iface(NULL, br_name, ret == 0,
- hapd))
+ if (!br_addbr(br_name))
vlan->clean |= DVLAN_CLEAN_BR;
ifconfig_up(br_name);
@@ -638,24 +518,17 @@
"vlan%d", vlan->vlan_id);
ifconfig_up(tagged_interface);
- ret = vlan_add(tagged_interface, vlan->vlan_id,
- vlan_ifname);
- if (hapd_get_dynamic_iface(NULL, vlan_ifname,
- ret == 0, hapd))
+ if (!vlan_add(tagged_interface, vlan->vlan_id,
+ vlan_ifname))
vlan->clean |= DVLAN_CLEAN_VLAN;
- ret = br_addif(br_name, vlan_ifname);
- if (hapd_get_dynamic_iface(br_name,
- vlan_ifname,
- ret == 0, hapd))
+ if (!br_addif(br_name, vlan_ifname))
vlan->clean |= DVLAN_CLEAN_VLAN_PORT;
ifconfig_up(vlan_ifname);
}
- ret = br_addif(br_name, ifname);
- if (hapd_get_dynamic_iface(br_name, ifname, ret == 0,
- hapd))
+ if (!br_addif(br_name, ifname))
vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
ifconfig_up(ifname);
@@ -694,8 +567,7 @@
"brvlan%d", vlan->vlan_id);
}
- if ((vlan->clean & DVLAN_CLEAN_WLAN_PORT) &&
- hapd_put_dynamic_iface(br_name, vlan->ifname, hapd))
+ if (vlan->clean & DVLAN_CLEAN_WLAN_PORT)
br_delif(br_name, vlan->ifname);
if (tagged_interface) {
@@ -709,20 +581,15 @@
os_snprintf(vlan_ifname,
sizeof(vlan_ifname),
"vlan%d", vlan->vlan_id);
- if ((vlan->clean & DVLAN_CLEAN_VLAN_PORT) &&
- hapd_put_dynamic_iface(br_name, vlan_ifname,
- hapd))
+ if (vlan->clean & DVLAN_CLEAN_VLAN_PORT)
br_delif(br_name, vlan_ifname);
ifconfig_down(vlan_ifname);
- if ((vlan->clean & DVLAN_CLEAN_VLAN) &&
- hapd_put_dynamic_iface(NULL, vlan_ifname,
- hapd))
+ if (vlan->clean & DVLAN_CLEAN_VLAN)
vlan_rem(vlan_ifname);
}
if ((vlan->clean & DVLAN_CLEAN_BR) &&
- hapd_put_dynamic_iface(NULL, br_name, hapd) &&
br_getnumports(br_name) == 0) {
ifconfig_down(br_name);
br_delbr(br_name);