/* Process the RADIUS frames from Accounting Server */ static RadiusRxResult accounting_receive(hostapd *hapd, struct radius_msg *msg, struct radius_msg *req, u8 *shared_secret, size_t shared_secret_len, void *data) { if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) { printf("Unknown RADIUS message code\n"); return RADIUS_RX_UNKNOWN; } if (radius_msg_verify_acct(msg, shared_secret, shared_secret_len, req)) { printf("Incoming RADIUS packet did not have correct " "Authenticator - dropped\n"); return RADIUS_RX_UNKNOWN; } return RADIUS_RX_PROCESSED; }
/* Return 0 if RADIUS message was a reply to ACL query (and was processed here) * or -1 if not. */ static RadiusRxResult hostapd_acl_recv_radius(hostapd *hapd, struct radius_msg *msg, struct radius_msg *req, u8 *shared_secret, size_t shared_secret_len, void *data) { struct hostapd_acl_query_data *query, *prev; struct hostapd_cached_radius_acl *cache; query = hapd->acl_queries; prev = NULL; while (query) { if (query->radius_id == msg->hdr->identifier) break; prev = query; query = query->next; } if (query == NULL) return RADIUS_RX_UNKNOWN; HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Found matching Access-Request " "for RADIUS message (id=%d)\n", query->radius_id); if (radius_msg_verify_acct(msg, shared_secret, shared_secret_len, req)) { printf("Incoming RADIUS packet did not have correct " "authenticator - dropped\n"); return RADIUS_RX_UNKNOWN; } if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT && msg->hdr->code != RADIUS_CODE_ACCESS_REJECT) { printf("Unknown RADIUS message code %d to ACL query\n", msg->hdr->code); return RADIUS_RX_UNKNOWN; } /* Insert Accept/Reject info into ACL cache */ cache = malloc(sizeof(*cache)); if (cache == NULL) { printf("Failed to add ACL cache entry\n"); goto done; } memset(cache, 0, sizeof(*cache)); time(&cache->timestamp); memcpy(cache->addr, query->addr, sizeof(cache->addr)); if (msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) { if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT, &cache->session_timeout) == 0) cache->accepted = HOSTAPD_ACL_ACCEPT_TIMEOUT; else cache->accepted = HOSTAPD_ACL_ACCEPT; if (radius_msg_get_attr_int32( msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL, &cache->acct_interim_interval) == 0 && cache->acct_interim_interval < 60) { HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Ignored too " "small Acct-Interim-Interval %d for " "STA " MACSTR "\n", cache->acct_interim_interval, MAC2STR(query->addr)); cache->acct_interim_interval = 0; } } else cache->accepted = HOSTAPD_ACL_REJECT; cache->next = hapd->acl_cache; hapd->acl_cache = cache; /* Re-send original authentication frame for 802.11 processing */ HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Re-sending authentication frame " "after successful RADIUS ACL query\n"); ieee802_11_mgmt(hapd, query->auth_msg, query->auth_msg_len, WLAN_FC_STYPE_AUTH); done: if (prev == NULL) hapd->acl_queries = query->next; else prev->next = query->next; hostapd_acl_query_free(query); return RADIUS_RX_PROCESSED; }