int authsrv_init(struct hostapd_data *hapd)
{
#ifdef EAP_TLS_FUNCS
if (hapd->conf->eap_server &&
(hapd->conf->ca_cert || hapd->conf->server_cert ||
hapd->conf->dh_file)) {
struct tls_connection_params params;
hapd->ssl_ctx = tls_init(NULL);
if (hapd->ssl_ctx == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize TLS");
authsrv_deinit(hapd);
return -1;
}
os_memset(¶ms, 0, sizeof(params));
params.ca_cert = hapd->conf->ca_cert;
params.client_cert = hapd->conf->server_cert;
params.private_key = hapd->conf->private_key;
params.private_key_passwd = hapd->conf->private_key_passwd;
params.dh_file = hapd->conf->dh_file;
if (tls_global_set_params(hapd->ssl_ctx, ¶ms)) {
wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
authsrv_deinit(hapd);
return -1;
}
if (tls_global_set_verify(hapd->ssl_ctx,
hapd->conf->check_crl)) {
wpa_printf(MSG_ERROR, "Failed to enable check_crl");
authsrv_deinit(hapd);
return -1;
}
}
#endif /* EAP_TLS_FUNCS */
#ifdef EAP_SIM_DB
if (hapd->conf->eap_sim_db) {
hapd->eap_sim_db_priv =
eap_sim_db_init(hapd->conf->eap_sim_db,
hostapd_sim_db_cb, hapd);
if (hapd->eap_sim_db_priv == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
"database interface");
authsrv_deinit(hapd);
return -1;
}
}
#endif /* EAP_SIM_DB */
#ifdef RADIUS_SERVER
if (hapd->conf->radius_server_clients &&
hostapd_setup_radius_srv(hapd))
return -1;
#endif /* RADIUS_SERVER */
return 0;
}
static int eap_example_server_init_tls(rlm_eap_t *inst)
{
struct tls_config tconf;
os_memset(&tconf, 0, sizeof(tconf));
inst->tls_ctx = tls_init(&tconf);
if (inst->tls_ctx == NULL)
return -1;
if (tls_global_set_params(inst->tls_ctx, &inst->tparams)) {
radlog(L_ERR, "rlm_eap2: Failed to set TLS parameters");
return -1;
}
if (tls_global_set_verify(inst->tls_ctx, 0)) {
radlog(L_ERR, "rlm_eap2: Failed to set check_crl");
return -1;
}
return 0;
}
static hostapd * hostapd_init(const char *config_file)
{
hostapd *hapd;
hapd = malloc(sizeof(*hapd));
if (hapd == NULL) {
printf("Could not allocate memory for hostapd data\n");
goto fail;
}
memset(hapd, 0, sizeof(*hapd));
hapd->config_fname = strdup(config_file);
if (hapd->config_fname == NULL) {
printf("Could not allocate memory for config_fname\n");
goto fail;
}
hapd->conf = hostapd_config_read(hapd->config_fname);
if (hapd->conf == NULL) {
goto fail;
}
if (hapd->conf->individual_wep_key_len > 0) {
/* use key0 in individual key and key1 in broadcast key */
hapd->default_wep_key_idx = 1;
}
#ifdef EAP_TLS_FUNCS
if (hapd->conf->eap_server &&
(hapd->conf->ca_cert || hapd->conf->server_cert)) {
hapd->ssl_ctx = tls_init(NULL);
if (hapd->ssl_ctx == NULL) {
printf("Failed to initialize TLS\n");
goto fail;
}
if (tls_global_ca_cert(hapd->ssl_ctx, hapd->conf->ca_cert)) {
printf("Failed to load CA certificate (%s)\n",
hapd->conf->ca_cert);
goto fail;
}
if (tls_global_client_cert(hapd->ssl_ctx,
hapd->conf->server_cert)) {
printf("Failed to load server certificate (%s)\n",
hapd->conf->server_cert);
goto fail;
}
if (tls_global_private_key(hapd->ssl_ctx,
hapd->conf->private_key,
hapd->conf->private_key_passwd)) {
printf("Failed to load private key (%s)\n",
hapd->conf->private_key);
goto fail;
}
if (tls_global_set_verify(hapd->ssl_ctx,
hapd->conf->check_crl)) {
printf("Failed to enable check_crl\n");
goto fail;
}
}
#endif /* EAP_TLS_FUNCS */
if (hapd->conf->eap_sim_db) {
hapd->eap_sim_db_priv =
eap_sim_db_init(hapd->conf->eap_sim_db);
if (hapd->eap_sim_db_priv == NULL) {
printf("Failed to initialize EAP-SIM database "
"interface\n");
goto fail;
}
}
if (hapd->conf->assoc_ap)
hapd->assoc_ap_state = WAIT_BEACON;
/* FIX: need to fix this const vs. not */
hapd->driver = (struct driver_ops *) hapd->conf->driver;
return hapd;
fail:
if (hapd) {
if (hapd->ssl_ctx)
tls_deinit(hapd->ssl_ctx);
if (hapd->conf)
hostapd_config_free(hapd->conf);
free(hapd->config_fname);
free(hapd);
}
return NULL;
}
