/* Process the RADIUS frames from Accounting Server */
static RadiusRxResult
accounting_receive(hostapd *hapd,
struct radius_msg *msg, struct radius_msg *req,
u8 *shared_secret, size_t shared_secret_len, void *data)
{
if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
printf("Unknown RADIUS message code\n");
return RADIUS_RX_UNKNOWN;
}
if (radius_msg_verify_acct(msg, shared_secret, shared_secret_len, req))
{
printf("Incoming RADIUS packet did not have correct "
"Authenticator - dropped\n");
return RADIUS_RX_UNKNOWN;
}
return RADIUS_RX_PROCESSED;
}
/* Return 0 if RADIUS message was a reply to ACL query (and was processed here)
* or -1 if not. */
static RadiusRxResult
hostapd_acl_recv_radius(hostapd *hapd,
struct radius_msg *msg, struct radius_msg *req,
u8 *shared_secret, size_t shared_secret_len,
void *data)
{
struct hostapd_acl_query_data *query, *prev;
struct hostapd_cached_radius_acl *cache;
query = hapd->acl_queries;
prev = NULL;
while (query) {
if (query->radius_id == msg->hdr->identifier)
break;
prev = query;
query = query->next;
}
if (query == NULL)
return RADIUS_RX_UNKNOWN;
HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Found matching Access-Request "
"for RADIUS message (id=%d)\n", query->radius_id);
if (radius_msg_verify_acct(msg, shared_secret, shared_secret_len,
req)) {
printf("Incoming RADIUS packet did not have correct "
"authenticator - dropped\n");
return RADIUS_RX_UNKNOWN;
}
if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
msg->hdr->code != RADIUS_CODE_ACCESS_REJECT) {
printf("Unknown RADIUS message code %d to ACL query\n",
msg->hdr->code);
return RADIUS_RX_UNKNOWN;
}
/* Insert Accept/Reject info into ACL cache */
cache = malloc(sizeof(*cache));
if (cache == NULL) {
printf("Failed to add ACL cache entry\n");
goto done;
}
memset(cache, 0, sizeof(*cache));
time(&cache->timestamp);
memcpy(cache->addr, query->addr, sizeof(cache->addr));
if (msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT,
&cache->session_timeout) == 0)
cache->accepted = HOSTAPD_ACL_ACCEPT_TIMEOUT;
else
cache->accepted = HOSTAPD_ACL_ACCEPT;
if (radius_msg_get_attr_int32(
msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
&cache->acct_interim_interval) == 0 &&
cache->acct_interim_interval < 60) {
HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Ignored too "
"small Acct-Interim-Interval %d for "
"STA " MACSTR "\n",
cache->acct_interim_interval,
MAC2STR(query->addr));
cache->acct_interim_interval = 0;
}
} else
cache->accepted = HOSTAPD_ACL_REJECT;
cache->next = hapd->acl_cache;
hapd->acl_cache = cache;
/* Re-send original authentication frame for 802.11 processing */
HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Re-sending authentication frame "
"after successful RADIUS ACL query\n");
ieee802_11_mgmt(hapd, query->auth_msg, query->auth_msg_len,
WLAN_FC_STYPE_AUTH);
done:
if (prev == NULL)
hapd->acl_queries = query->next;
else
prev->next = query->next;
hostapd_acl_query_free(query);
return RADIUS_RX_PROCESSED;
}
