[PATCH 17/50] AP: MLO: Make 802.1X SM, authserv and radius client singletons
Andrei Otcheretianski
andrei.otcheretianski at intel.com
Wed Feb 15 15:08:31 PST 2023
From: Ilan Peer <ilan.peer at intel.com>
To simplify the handling of MLD stations, assume that all
interfaces/BSSs use the same 802.1X authenticator, same radius
server instance and same radius client.
Signed-off-by: Ilan Peer <ilan.peer at intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski at intel.com>
---
src/ap/authsrv.c | 38 ++++++++++++++++++++++++
src/ap/hostapd.c | 71 +++++++++++++++++++++++++++------------------
src/ap/ieee802_1x.c | 16 ++++++++++
3 files changed, 97 insertions(+), 28 deletions(-)
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 4ab2a4a601..9914ed4e12 100644
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -106,6 +106,15 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
{
struct radius_server_conf srv;
struct hostapd_bss_config *conf = hapd->conf;
+
+ if (hapd->mld_first_bss) {
+ wpa_printf(MSG_DEBUG,
+ "MLD: using radius_srv of first BSS");
+
+ hapd->radius_srv = hapd->mld_first_bss->radius_srv;
+ return 0;
+ }
+
os_memset(&srv, 0, sizeof(srv));
srv.client_file = conf->radius_server_clients;
srv.auth_port = conf->radius_server_auth_port;
@@ -238,6 +247,20 @@ static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd)
int authsrv_init(struct hostapd_data *hapd)
{
+ if (hapd->mld_first_bss) {
+ wpa_printf(MSG_DEBUG,
+ "MLD: using auth_serv of first BSS");
+
+#ifdef EAP_TLS_FUNCS
+ hapd->ssl_ctx = hapd->mld_first_bss->ssl_ctx;
+#endif /* EAP_TLS_FUNCS */
+ hapd->eap_cfg = hapd->mld_first_bss->eap_cfg;
+#ifdef EAP_SIM_DB
+ hapd->eap_sim_db_priv = hapd->mld_first_bss->eap_sim_db_priv;
+#endif /* EAP_SIM_DB */
+ return 0;
+ }
+
#ifdef EAP_TLS_FUNCS
if (hapd->conf->eap_server &&
(hapd->conf->ca_cert || hapd->conf->server_cert ||
@@ -352,6 +375,21 @@ int authsrv_init(struct hostapd_data *hapd)
void authsrv_deinit(struct hostapd_data *hapd)
{
+ if (hapd->mld_first_bss) {
+ wpa_printf(MSG_DEBUG,
+ "MLD: deinit auth_serv of non first BSS");
+
+ hapd->radius_srv = NULL;
+ hapd->eap_cfg = NULL;
+#ifdef EAP_SIM_DB
+ hapd->eap_sim_db_priv = NULL;
+#endif /* EAP_SIM_DB */
+#ifdef EAP_TLS_FUNCS
+ hapd->ssl_ctx = NULL;
+#endif /* EAP_TLS_FUNCS */
+ return;
+ }
+
#ifdef RADIUS_SERVER
radius_server_deinit(hapd->radius_srv);
hapd->radius_srv = NULL;
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index bd353c5523..a47acd2506 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -439,9 +439,11 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
vlan_deinit(hapd);
hostapd_acl_deinit(hapd);
#ifndef CONFIG_NO_RADIUS
- radius_client_deinit(hapd->radius);
+ if (!hapd->mld_first_bss) {
+ radius_client_deinit(hapd->radius);
+ radius_das_deinit(hapd->radius_das);
+ }
hapd->radius = NULL;
- radius_das_deinit(hapd->radius_das);
hapd->radius_das = NULL;
#endif /* CONFIG_NO_RADIUS */
@@ -1215,6 +1217,10 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
u8 if_addr[ETH_ALEN];
int flush_old_stations = 1;
+ if (hapd->mld_first_bss)
+ wpa_printf(MSG_DEBUG,
+ "MLD: %s: setting non-first BSS", __func__);
+
wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s), first=%d)",
__func__, hapd, conf->iface, first);
@@ -1373,34 +1379,43 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
}
#endif /* CONFIG_SQLITE */
- hapd->radius = radius_client_init(hapd, conf->radius);
- if (hapd->radius == NULL) {
- wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
- return -1;
- }
-
- if (conf->radius_das_port) {
- struct radius_das_conf das_conf;
- os_memset(&das_conf, 0, sizeof(das_conf));
- das_conf.port = conf->radius_das_port;
- das_conf.shared_secret = conf->radius_das_shared_secret;
- das_conf.shared_secret_len =
- conf->radius_das_shared_secret_len;
- das_conf.client_addr = &conf->radius_das_client_addr;
- das_conf.time_window = conf->radius_das_time_window;
- das_conf.require_event_timestamp =
- conf->radius_das_require_event_timestamp;
- das_conf.require_message_authenticator =
- conf->radius_das_require_message_authenticator;
- das_conf.ctx = hapd;
- das_conf.disconnect = hostapd_das_disconnect;
- das_conf.coa = hostapd_das_coa;
- hapd->radius_das = radius_das_init(&das_conf);
- if (hapd->radius_das == NULL) {
- wpa_printf(MSG_ERROR, "RADIUS DAS initialization "
- "failed.");
+ if (!hapd->mld_first_bss) {
+ hapd->radius = radius_client_init(hapd, conf->radius);
+ if (!hapd->radius) {
+ wpa_printf(MSG_ERROR,
+ "RADIUS client initialization failed.");
return -1;
}
+
+ if (conf->radius_das_port) {
+ struct radius_das_conf das_conf;
+
+ os_memset(&das_conf, 0, sizeof(das_conf));
+ das_conf.port = conf->radius_das_port;
+ das_conf.shared_secret = conf->radius_das_shared_secret;
+ das_conf.shared_secret_len =
+ conf->radius_das_shared_secret_len;
+ das_conf.client_addr = &conf->radius_das_client_addr;
+ das_conf.time_window = conf->radius_das_time_window;
+ das_conf.require_event_timestamp =
+ conf->radius_das_require_event_timestamp;
+ das_conf.require_message_authenticator =
+ conf->radius_das_require_message_authenticator;
+ das_conf.ctx = hapd;
+ das_conf.disconnect = hostapd_das_disconnect;
+ das_conf.coa = hostapd_das_coa;
+ hapd->radius_das = radius_das_init(&das_conf);
+ if (!hapd->radius_das) {
+ wpa_printf(MSG_ERROR,
+ "RADIUS DAS initialization failed.");
+ return -1;
+ }
+ }
+ } else {
+ wpa_printf(MSG_ERROR,
+ "MLD: Using radius client of first BSS");
+ hapd->radius = hapd->mld_first_bss->radius;
+ hapd->radius_das = hapd->mld_first_bss->radius_das;
}
#endif /* CONFIG_NO_RADIUS */
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 46a47d06e7..e5bd1aba70 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2472,6 +2472,14 @@ int ieee802_1x_init(struct hostapd_data *hapd)
struct eapol_auth_config conf;
struct eapol_auth_cb cb;
+ if (hapd->mld_first_bss) {
+ wpa_printf(MSG_DEBUG,
+ "MLD: using 802.1X SM of first BSS");
+
+ hapd->eapol_auth = hapd->mld_first_bss->eapol_auth;
+ return 0;
+ }
+
dl_list_init(&hapd->erp_keys);
os_memset(&conf, 0, sizeof(conf));
@@ -2556,6 +2564,14 @@ void ieee802_1x_erp_flush(struct hostapd_data *hapd)
void ieee802_1x_deinit(struct hostapd_data *hapd)
{
+ if (hapd->mld_first_bss) {
+ wpa_printf(MSG_DEBUG,
+ "MLD: deinit 802.1X SM of non first BSS");
+
+ hapd->eapol_auth = NULL;
+ return;
+ }
+
#ifdef CONFIG_WEP
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
#endif /* CONFIG_WEP */
--
2.38.1
More information about the Hostap
mailing list