Changes to support PAC and 802.1X interaction

hostapd/ctrl_iface.c

@@ -2773,6 +2773,9 @@ static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd,
  if (!sta || !sta->eapol_sm)
  return -1;
 
+#ifdef CONFIG_SONIC_HOSTAPD
+ memset(&sta->attr_info, 0, sizeof (sta->attr_info));
+#endif
  eapol_auth_reauthenticate(sta->eapol_sm);
  return 0;
 }

src/ap/ieee802_1x.c

@@ -19,6 +19,9 @@
 #include "common/ieee802_11_defs.h"
 #include "radius/radius.h"
 #include "radius/radius_client.h"
+#ifdef CONFIG_SONIC_RADIUS
+#include "radius/radius_attr_parse.h"
+#endif
 #include "eap_server/eap.h"
 #include "eap_common/eap_wsc_common.h"
 #include "eapol_auth/eapol_auth_sm.h"
@@ -460,6 +463,7 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd,
  return -1;
  }
 
+#ifndef CONFIG_SONIC_RADIUS
  if (sta->flags & WLAN_STA_PREAUTH) {
  os_strlcpy(buf, "IEEE 802.11i Pre-Authentication",
  sizeof(buf));
@@ -487,6 +491,7 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd,
  return -1;
  }
  }
+#endif
 
  if ((hapd->conf->wpa & 2) &&
  !hapd->conf->disable_pmksa_caching &&
@@ -565,8 +570,13 @@ int add_common_radius_attr(struct hostapd_data *hapd,
  return -1;
  }
 
+#ifdef CONFIG_SONIC_RADIUS
+ len = os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+ MAC2STR(hapd->own_addr));
+#else
  len = os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":",
  MAC2STR(hapd->own_addr));
+#endif
  os_memcpy(&buf[len], hapd->conf->ssid.ssid,
  hapd->conf->ssid.ssid_len);
  len += hapd->conf->ssid.ssid_len;
@@ -708,7 +718,13 @@ void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
  wpa_printf(MSG_INFO, "Could not add User-Name");
  goto fail;
  }
-
+#ifdef CONFIG_SONIC_RADIUS
+ else {
+ memset(sta->attr_info.userName,'\0', sizeof(sta->attr_info.userName));
+ strncpy(sta->attr_info.userName, sm->identity, sm->identity_len);
+ sta->attr_info.userNameLen = sm->identity_len;
+ }
+#endif
  if (add_common_radius_attr(hapd, hapd->conf->radius_auth_req_attr, sta,
  msg) < 0)
  goto fail;
@@ -1183,6 +1199,19 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
  sta->eapol_sm->eapolLogoff = true;
  sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
  eap_server_clear_identity(sta->eapol_sm->eap);
+
+#ifdef CONFIG_SONIC_HOSTAPD
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+ HOSTAPD_LEVEL_DEBUG,
+ "sending client_disconnect for EAPOL-Logoff from STA");
+ /* Inform PAC */
+ if (0 != hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "client_disconnected", NULL))
+ {
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+ HOSTAPD_LEVEL_DEBUG,
+ "sending client_disconnect for EAPOL-Logoff from STA not successful");
+ }
+#endif
  break;
 
  case IEEE802_1X_TYPE_EAPOL_KEY:
@@ -2006,6 +2035,14 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
  break;
 #endif /* CONFIG_NO_VLAN */
 
+#ifdef CONFIG_SONIC_RADIUS
+ if (0 != radiusClientAcceptProcess(msg, &sta->attr_info))
+ {
+ wpa_printf(MSG_DEBUG, "radiusClientAcceptProcess failed \n");
+ }
+#endif
+
+#ifndef CONFIG_SONIC_RADIUS
  sta->session_timeout_set = !!session_timeout_set;
  os_get_reltime(&sta->session_timeout);
  sta->session_timeout.sec += session_timeout;
@@ -2018,6 +2055,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
  ap_sta_session_timeout(hapd, sta, session_timeout);
  else
  ap_sta_no_session_timeout(hapd, sta);
+#endif
 
  sm->eap_if->aaaSuccess = true;
  override_eapReq = 1;
@@ -2110,6 +2148,11 @@ void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
  MAC2STR(sta->addr));
 
  sm->eap_if->portEnabled = false;
+#ifdef CONFIG_SONIC_RADIUS
+ /* Invoke driver to inform PAC */
+ hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr,
+ "auth_timeout", (void *) sta);
+#endif
  ap_sta_disconnect(hapd, sta, sta->addr,
  WLAN_REASON_PREV_AUTH_NOT_VALID);
  }
@@ -2998,5 +3041,16 @@ static void ieee802_1x_finished(struct hostapd_data *hapd,
  * EAPOL authentication to be started to complete connection.
  */
  ap_sta_delayed_1x_auth_fail_disconnect(hapd, sta);
- }
+
+#ifdef CONFIG_SONIC_HOSTAPD
+ /* Invoke driver to inform PAC */
+ hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "auth_fail", (void *) sta);
+#endif
+ }
+#ifdef CONFIG_SONIC_HOSTAPD
+ else {
+ /* Invoke driver to inform PAC */
+ hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "auth_success", (void *) sta);
+ }
+#endif
 }

src/eap_server/eap.h

@@ -82,6 +82,9 @@ struct eap_eapol_interface {
  struct wpabuf *aaaEapRespData;
  /* aaaIdentity -> eap_get_identity() */
  bool aaaTimeout;
+#ifdef CONFIG_SONIC_HOSTAPD
+ bool client_reauth;
+#endif
 };
 
 struct eap_server_erp_key {

src/eap_server/eap_server.c

@@ -231,7 +231,12 @@ SM_STATE(EAP, INITIALIZE)
  }
 
  sm->try_initiate_reauth = false;
+#ifdef CONFIG_SONIC_HOSTAPD
+ if (!sm->eap_if.client_reauth)
+ sm->currentId = -1;
+#else
  sm->currentId = -1;
+#endif
  sm->eap_if.eapSuccess = false;
  sm->eap_if.eapFail = false;
  sm->eap_if.eapTimeout = false;
@@ -402,6 +407,11 @@ SM_STATE(EAP, METHOD_REQUEST)
  return;
  }
 
+#ifdef CONFIG_SONIC_HOSTAPD
+ wpa_printf(MSG_DEBUG, "EAP: lastId %d",
+ sm->lastId);
+#endif
+
  sm->currentId = eap_sm_nextId(sm, sm->currentId);
  wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
  sm->currentId);

src/eapol_auth/eapol_auth_sm.c

@@ -168,6 +168,7 @@ static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
  }
  }
 
+#ifndef CONFIG_SONIC_HOSTAPD
  if (state->reAuthWhen > 0) {
  state->reAuthWhen--;
  if (state->reAuthWhen == 0) {
@@ -176,6 +177,7 @@ static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
  MAC2STR(state->addr));
  }
  }
+#endif 
 
  if (state->eap_if->retransWhile > 0) {
  state->eap_if->retransWhile--;
@@ -241,13 +243,25 @@ SM_STATE(AUTH_PAE, DISCONNECTED)
 
 SM_STATE(AUTH_PAE, RESTART)
 {
+#ifdef CONFIG_SONIC_HOSTAPD
+#ifdef HOSTAPD
+ sm->eap_if->client_reauth = false;
+#endif
+#endif
  if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED) {
  if (sm->reAuthenticate)
  sm->authAuthReauthsWhileAuthenticated++;
  if (sm->eapolStart)
  sm->authAuthEapStartsWhileAuthenticated++;
  if (sm->eapolLogoff)
  sm->authAuthEapLogoffWhileAuthenticated++;
+
+#ifdef CONFIG_SONIC_HOSTAPD
+#ifdef HOSTAPD
+ if (sm->reAuthenticate)
+ sm->eap_if->client_reauth = true;
+#endif
+#endif
  }
 
  SM_ENTRY_MA(AUTH_PAE, RESTART, auth_pae);
@@ -503,8 +517,9 @@ SM_STATE(BE_AUTH, RESPONSE)
 SM_STATE(BE_AUTH, SUCCESS)
 {
  SM_ENTRY_MA(BE_AUTH, SUCCESS, be_auth);
-
+#ifndef CONFIG_SONIC_HOSTAPD
  txReq();
+#endif
  sm->authSuccess = true;
  sm->keyRun = true;
 }
@@ -513,8 +528,9 @@ SM_STATE(BE_AUTH, SUCCESS)
 SM_STATE(BE_AUTH, FAIL)
 {
  SM_ENTRY_MA(BE_AUTH, FAIL, be_auth);
-
+#ifndef CONFIG_SONIC_HOSTAPD
  txReq();
+#endif
  sm->authFail = true;
 }
 

src/eapol_auth/eapol_auth_sm.h

@@ -17,6 +17,10 @@
 struct eapol_auth_config {
  const struct eap_config *eap_cfg;
  int eap_reauth_period;
+#ifdef CONFIG_SONIC_HOSTAPD
+ int eap_server_timeout;
+ int eap_quiet_period;
+#endif
  int wpa;
  int individual_wep_key_len;
  char *eap_req_id_text; /* a copy of this will be allocated */

src/eapol_auth/eapol_auth_sm_i.h

@@ -73,7 +73,11 @@ struct eapol_state_machine {
  unsigned int reAuthCount;
  /* constants */
  unsigned int quietPeriod; /* default 60; 0..65535 */
+#ifdef CONFIG_SONIC_HOSTAPD
+#define AUTH_PAE_DEFAULT_quietPeriod 2
+#else
 #define AUTH_PAE_DEFAULT_quietPeriod 60
+#endif
  unsigned int reAuthMax; /* default 2 */
 #define AUTH_PAE_DEFAULT_reAuthMax 2
  /* counters */

src/utils/wpa_debug.c

@@ -237,6 +237,9 @@ void wpa_printf(int level, const char *fmt, ...)
  va_start(ap, fmt);
  vprintf(fmt, ap);
  printf("\n");
+#ifdef CONFIG_SONIC_RADIUS
+ fflush(stdout);
+#endif
  va_end(ap);
  }
 #endif /* CONFIG_ANDROID_LOG */