blob: f3ce1215cc265f1ad528c4c359331ab96d45adca [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -07001/*
2 * hostapd / RADIUS Accounting
Dmitry Shmidtd80a4012015-11-05 16:35:40 -08003 * Copyright (c) 2002-2009, 2012-2015, Jouni Malinen <j@w1.fi>
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -07004 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -08005 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -07007 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "utils/eloop.h"
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -080013#include "eapol_auth/eapol_auth_sm.h"
14#include "eapol_auth/eapol_auth_sm_i.h"
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070015#include "radius/radius.h"
16#include "radius/radius_client.h"
17#include "hostapd.h"
18#include "ieee802_1x.h"
19#include "ap_config.h"
20#include "sta_info.h"
21#include "ap_drv_ops.h"
22#include "accounting.h"
23
24
25/* Default interval in seconds for polling TX/RX octets from the driver if
26 * STA is not using interim accounting. This detects wrap arounds for
27 * input/output octets and updates Acct-{Input,Output}-Gigawords. */
28#define ACCT_DEFAULT_UPDATE_INTERVAL 300
29
Dmitry Shmidt61d9df32012-08-29 16:22:06 -070030static void accounting_sta_interim(struct hostapd_data *hapd,
31 struct sta_info *sta);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070032
33
34static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
35 struct sta_info *sta,
36 int status_type)
37{
38 struct radius_msg *msg;
39 char buf[128];
40 u8 *val;
41 size_t len;
42 int i;
Dmitry Shmidt04949592012-07-19 12:16:46 -070043 struct wpabuf *b;
Dmitry Shmidtb97e4282016-02-08 10:16:07 -080044 struct os_time now;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070045
46 msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
47 radius_client_get_id(hapd->radius));
48 if (msg == NULL) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -080049 wpa_printf(MSG_INFO, "Could not create new RADIUS packet");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070050 return NULL;
51 }
52
Dmitry Shmidtb97e4282016-02-08 10:16:07 -080053 if (radius_msg_make_authenticator(msg) < 0) {
54 wpa_printf(MSG_INFO, "Could not make Request Authenticator");
55 goto fail;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070056 }
57
58 if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_STATUS_TYPE,
59 status_type)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -080060 wpa_printf(MSG_INFO, "Could not add Acct-Status-Type");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070061 goto fail;
62 }
63
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070064 if (sta) {
Dmitry Shmidtb97e4282016-02-08 10:16:07 -080065 if (!hostapd_config_get_radius_attr(
66 hapd->conf->radius_acct_req_attr,
67 RADIUS_ATTR_ACCT_AUTHENTIC) &&
68 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC,
69 hapd->conf->ieee802_1x ?
70 RADIUS_ACCT_AUTHENTIC_RADIUS :
71 RADIUS_ACCT_AUTHENTIC_LOCAL)) {
72 wpa_printf(MSG_INFO, "Could not add Acct-Authentic");
73 goto fail;
74 }
75
Dmitry Shmidt61d9df32012-08-29 16:22:06 -070076 /* Use 802.1X identity if available */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070077 val = ieee802_1x_get_identity(sta->eapol_sm, &len);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -070078
79 /* Use RADIUS ACL identity if 802.1X provides no identity */
80 if (!val && sta->identity) {
81 val = (u8 *) sta->identity;
82 len = os_strlen(sta->identity);
83 }
84
85 /* Use STA MAC if neither 802.1X nor RADIUS ACL provided
86 * identity */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070087 if (!val) {
88 os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
89 MAC2STR(sta->addr));
90 val = (u8 *) buf;
91 len = os_strlen(buf);
92 }
93
94 if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val,
95 len)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -080096 wpa_printf(MSG_INFO, "Could not add User-Name");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -070097 goto fail;
98 }
99 }
100
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700101 if (add_common_radius_attr(hapd, hapd->conf->radius_acct_req_attr, sta,
102 msg) < 0)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700103 goto fail;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700104
105 if (sta) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700106 for (i = 0; ; i++) {
107 val = ieee802_1x_get_radius_class(sta->eapol_sm, &len,
108 i);
109 if (val == NULL)
110 break;
111
112 if (!radius_msg_add_attr(msg, RADIUS_ATTR_CLASS,
113 val, len)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800114 wpa_printf(MSG_INFO, "Could not add Class");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700115 goto fail;
116 }
117 }
Dmitry Shmidt04949592012-07-19 12:16:46 -0700118
119 b = ieee802_1x_get_radius_cui(sta->eapol_sm);
120 if (b &&
121 !radius_msg_add_attr(msg,
122 RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
123 wpabuf_head(b), wpabuf_len(b))) {
124 wpa_printf(MSG_ERROR, "Could not add CUI");
125 goto fail;
126 }
Dmitry Shmidt04949592012-07-19 12:16:46 -0700127
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700128 if (!b && sta->radius_cui &&
129 !radius_msg_add_attr(msg,
130 RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
131 (u8 *) sta->radius_cui,
132 os_strlen(sta->radius_cui))) {
133 wpa_printf(MSG_ERROR, "Could not add CUI from ACL");
Dmitry Shmidt04949592012-07-19 12:16:46 -0700134 goto fail;
135 }
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800136
137 if (sta->ipaddr &&
138 !radius_msg_add_attr_int32(msg,
139 RADIUS_ATTR_FRAMED_IP_ADDRESS,
140 be_to_host32(sta->ipaddr))) {
141 wpa_printf(MSG_ERROR,
142 "Could not add Framed-IP-Address");
143 goto fail;
144 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700145 }
146
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800147 os_get_time(&now);
148 if (now.sec > 1000000000 &&
149 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP,
150 now.sec)) {
151 wpa_printf(MSG_INFO, "Could not add Event-Timestamp");
152 goto fail;
153 }
154
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700155 return msg;
156
157 fail:
158 radius_msg_free(msg);
159 return NULL;
160}
161
162
163static int accounting_sta_update_stats(struct hostapd_data *hapd,
164 struct sta_info *sta,
165 struct hostap_sta_driver_data *data)
166{
167 if (hostapd_drv_read_sta_data(hapd, data, sta->addr))
168 return -1;
169
170 if (sta->last_rx_bytes > data->rx_bytes)
171 sta->acct_input_gigawords++;
172 if (sta->last_tx_bytes > data->tx_bytes)
173 sta->acct_output_gigawords++;
174 sta->last_rx_bytes = data->rx_bytes;
175 sta->last_tx_bytes = data->tx_bytes;
176
177 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
178 HOSTAPD_LEVEL_DEBUG, "updated TX/RX stats: "
179 "Acct-Input-Octets=%lu Acct-Input-Gigawords=%u "
180 "Acct-Output-Octets=%lu Acct-Output-Gigawords=%u",
181 sta->last_rx_bytes, sta->acct_input_gigawords,
182 sta->last_tx_bytes, sta->acct_output_gigawords);
183
184 return 0;
185}
186
187
188static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx)
189{
190 struct hostapd_data *hapd = eloop_ctx;
191 struct sta_info *sta = timeout_ctx;
192 int interval;
193
194 if (sta->acct_interim_interval) {
195 accounting_sta_interim(hapd, sta);
196 interval = sta->acct_interim_interval;
197 } else {
198 struct hostap_sta_driver_data data;
199 accounting_sta_update_stats(hapd, sta, &data);
200 interval = ACCT_DEFAULT_UPDATE_INTERVAL;
201 }
202
203 eloop_register_timeout(interval, 0, accounting_interim_update,
204 hapd, sta);
205}
206
207
208/**
209 * accounting_sta_start - Start STA accounting
210 * @hapd: hostapd BSS data
211 * @sta: The station
212 */
213void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta)
214{
215 struct radius_msg *msg;
216 int interval;
217
218 if (sta->acct_session_started)
219 return;
220
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700221 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
222 HOSTAPD_LEVEL_INFO,
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800223 "starting accounting session %016lX",
224 (long unsigned int) sta->acct_session_id);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700225
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800226 os_get_reltime(&sta->acct_session_start);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700227 sta->last_rx_bytes = sta->last_tx_bytes = 0;
228 sta->acct_input_gigawords = sta->acct_output_gigawords = 0;
229 hostapd_drv_sta_clear_stats(hapd, sta->addr);
230
231 if (!hapd->conf->radius->acct_server)
232 return;
233
234 if (sta->acct_interim_interval)
235 interval = sta->acct_interim_interval;
236 else
237 interval = ACCT_DEFAULT_UPDATE_INTERVAL;
238 eloop_register_timeout(interval, 0, accounting_interim_update,
239 hapd, sta);
240
241 msg = accounting_msg(hapd, sta, RADIUS_ACCT_STATUS_TYPE_START);
Dmitry Shmidt04949592012-07-19 12:16:46 -0700242 if (msg &&
243 radius_client_send(hapd->radius, msg, RADIUS_ACCT, sta->addr) < 0)
244 radius_msg_free(msg);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700245
246 sta->acct_session_started = 1;
247}
248
249
250static void accounting_sta_report(struct hostapd_data *hapd,
251 struct sta_info *sta, int stop)
252{
253 struct radius_msg *msg;
254 int cause = sta->acct_terminate_cause;
255 struct hostap_sta_driver_data data;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800256 struct os_reltime now_r, diff;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700257 u32 gigawords;
258
259 if (!hapd->conf->radius->acct_server)
260 return;
261
262 msg = accounting_msg(hapd, sta,
263 stop ? RADIUS_ACCT_STATUS_TYPE_STOP :
264 RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE);
265 if (!msg) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800266 wpa_printf(MSG_INFO, "Could not create RADIUS Accounting message");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700267 return;
268 }
269
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800270 os_get_reltime(&now_r);
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800271 os_reltime_sub(&now_r, &sta->acct_session_start, &diff);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700272 if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME,
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800273 diff.sec)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800274 wpa_printf(MSG_INFO, "Could not add Acct-Session-Time");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700275 goto fail;
276 }
277
278 if (accounting_sta_update_stats(hapd, sta, &data) == 0) {
279 if (!radius_msg_add_attr_int32(msg,
280 RADIUS_ATTR_ACCT_INPUT_PACKETS,
281 data.rx_packets)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800282 wpa_printf(MSG_INFO, "Could not add Acct-Input-Packets");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700283 goto fail;
284 }
285 if (!radius_msg_add_attr_int32(msg,
286 RADIUS_ATTR_ACCT_OUTPUT_PACKETS,
287 data.tx_packets)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800288 wpa_printf(MSG_INFO, "Could not add Acct-Output-Packets");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700289 goto fail;
290 }
291 if (!radius_msg_add_attr_int32(msg,
292 RADIUS_ATTR_ACCT_INPUT_OCTETS,
293 data.rx_bytes)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800294 wpa_printf(MSG_INFO, "Could not add Acct-Input-Octets");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700295 goto fail;
296 }
297 gigawords = sta->acct_input_gigawords;
298#if __WORDSIZE == 64
299 gigawords += data.rx_bytes >> 32;
300#endif
301 if (gigawords &&
302 !radius_msg_add_attr_int32(
303 msg, RADIUS_ATTR_ACCT_INPUT_GIGAWORDS,
304 gigawords)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800305 wpa_printf(MSG_INFO, "Could not add Acct-Input-Gigawords");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700306 goto fail;
307 }
308 if (!radius_msg_add_attr_int32(msg,
309 RADIUS_ATTR_ACCT_OUTPUT_OCTETS,
310 data.tx_bytes)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800311 wpa_printf(MSG_INFO, "Could not add Acct-Output-Octets");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700312 goto fail;
313 }
314 gigawords = sta->acct_output_gigawords;
315#if __WORDSIZE == 64
316 gigawords += data.tx_bytes >> 32;
317#endif
318 if (gigawords &&
319 !radius_msg_add_attr_int32(
320 msg, RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS,
321 gigawords)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800322 wpa_printf(MSG_INFO, "Could not add Acct-Output-Gigawords");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700323 goto fail;
324 }
325 }
326
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700327 if (eloop_terminated())
328 cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT;
329
330 if (stop && cause &&
331 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
332 cause)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800333 wpa_printf(MSG_INFO, "Could not add Acct-Terminate-Cause");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700334 goto fail;
335 }
336
Dmitry Shmidt04949592012-07-19 12:16:46 -0700337 if (radius_client_send(hapd->radius, msg,
338 stop ? RADIUS_ACCT : RADIUS_ACCT_INTERIM,
339 sta->addr) < 0)
340 goto fail;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700341 return;
342
343 fail:
344 radius_msg_free(msg);
345}
346
347
348/**
349 * accounting_sta_interim - Send a interim STA accounting report
350 * @hapd: hostapd BSS data
351 * @sta: The station
352 */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700353static void accounting_sta_interim(struct hostapd_data *hapd,
354 struct sta_info *sta)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700355{
356 if (sta->acct_session_started)
357 accounting_sta_report(hapd, sta, 0);
358}
359
360
361/**
362 * accounting_sta_stop - Stop STA accounting
363 * @hapd: hostapd BSS data
364 * @sta: The station
365 */
366void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta)
367{
368 if (sta->acct_session_started) {
369 accounting_sta_report(hapd, sta, 1);
370 eloop_cancel_timeout(accounting_interim_update, hapd, sta);
371 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
372 HOSTAPD_LEVEL_INFO,
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800373 "stopped accounting session %016lX",
374 (long unsigned int) sta->acct_session_id);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700375 sta->acct_session_started = 0;
376 }
377}
378
379
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800380int accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700381{
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800382 return radius_gen_session_id((u8 *) &sta->acct_session_id,
383 sizeof(sta->acct_session_id));
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700384}
385
386
387/**
388 * accounting_receive - Process the RADIUS frames from Accounting Server
389 * @msg: RADIUS response message
390 * @req: RADIUS request message
391 * @shared_secret: RADIUS shared secret
392 * @shared_secret_len: Length of shared_secret in octets
393 * @data: Context data (struct hostapd_data *)
394 * Returns: Processing status
395 */
396static RadiusRxResult
397accounting_receive(struct radius_msg *msg, struct radius_msg *req,
398 const u8 *shared_secret, size_t shared_secret_len,
399 void *data)
400{
401 if (radius_msg_get_hdr(msg)->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800402 wpa_printf(MSG_INFO, "Unknown RADIUS message code");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700403 return RADIUS_RX_UNKNOWN;
404 }
405
406 if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800407 wpa_printf(MSG_INFO, "Incoming RADIUS packet did not have correct Authenticator - dropped");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700408 return RADIUS_RX_INVALID_AUTHENTICATOR;
409 }
410
411 return RADIUS_RX_PROCESSED;
412}
413
414
415static void accounting_report_state(struct hostapd_data *hapd, int on)
416{
417 struct radius_msg *msg;
418
419 if (!hapd->conf->radius->acct_server || hapd->radius == NULL)
420 return;
421
422 /* Inform RADIUS server that accounting will start/stop so that the
423 * server can close old accounting sessions. */
424 msg = accounting_msg(hapd, NULL,
425 on ? RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON :
426 RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF);
427 if (!msg)
428 return;
429
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800430 if (hapd->acct_session_id) {
431 char buf[20];
432
433 os_snprintf(buf, sizeof(buf), "%016lX",
434 (long unsigned int) hapd->acct_session_id);
435 if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
436 (u8 *) buf, os_strlen(buf)))
437 wpa_printf(MSG_ERROR, "Could not add Acct-Session-Id");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700438 }
439
Dmitry Shmidt04949592012-07-19 12:16:46 -0700440 if (radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL) < 0)
441 radius_msg_free(msg);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700442}
443
444
445/**
446 * accounting_init: Initialize accounting
447 * @hapd: hostapd BSS data
448 * Returns: 0 on success, -1 on failure
449 */
450int accounting_init(struct hostapd_data *hapd)
451{
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800452 if (radius_gen_session_id((u8 *) &hapd->acct_session_id,
453 sizeof(hapd->acct_session_id)) < 0)
454 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700455
456 if (radius_client_register(hapd->radius, RADIUS_ACCT,
457 accounting_receive, hapd))
458 return -1;
459
460 accounting_report_state(hapd, 1);
461
462 return 0;
463}
464
465
466/**
Dmitry Shmidt7a53dbb2015-06-11 13:13:53 -0700467 * accounting_deinit: Deinitialize accounting
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700468 * @hapd: hostapd BSS data
469 */
470void accounting_deinit(struct hostapd_data *hapd)
471{
472 accounting_report_state(hapd, 0);
473}