mirror/openwrt
1
0
Fork 1
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2026-03-14 23:09:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
openwrt/package/network/services/hostapd/patches/770-radius_server.patch
Nick Hainke 89f57d48f9
Some checks failed
Build Kernel / Build all affected Kernels (push) Waiting to run
Details
Build all core packages / Build all core packages for selected target (push) Waiting to run
Details
Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
Details
hostapd: update to 2026-02-27 
Add patch:
- 001-PASN-Fix-the-compilation-errors-without-CONFIG_PASN.patch

Manually edit patches:
- 110-mbedtls-TLS-crypto-option-initial-port.patch
- 190-hostapd-Fix-hostapd-crash-if-setup-a-iface-with-.patch
- 191-hostapd-add-support-for-specifying-the-link-id-in-th.patch
- 220-indicate-features.patch
- 360-acs_retry.patch
  -> Remove the extra check for -EBUSY (see below) because the code we
     want to skip is now already guarded by:
     https://git.w1.fi/cgit/hostap/commit/?id=af6473761f07ae4f13ef228dec618ca62faf6ef4
      ```
      + if (ret == -EBUSY)
      +         goto fail;
      ```
- 341-mesh-ctrl-iface-channel-switch.patch
- 600-ubus_support.patch
- 601-ucode_support.patch
  -> The patch had this and similar changes:
     ```
      -		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
      +		if (drv->first_bss->ifindex != ifi->ifi_index) {
     ```
     Those changes should be unnecessary due to the commit:
     https://git.w1.fi/cgit/hostap/commit/?id=2bf6d85963b9857b411b57cc7949e30ee2cb1216
- 780-Implement-APuP-Access-Point-Micro-Peering.patch
  -> Needs adjustement because of Enhanced Privacy Protection (EPP):
     https://git.w1.fi/cgit/hostap/commit/?id=1e13ee9c382a5d88c4bb0ffdfaf434fbb31123f3

Remove patch:
- 030-Revert-nl80211-Accept-a-global-nl80211-event-to-a-br.patch
- 060-nl80211-fix-reporting-spurious-frame-events.patch
  -> https://git.w1.fi/cgit/hostap/commit/?id=ca266cc24d8705eb1a2a0857ad326e48b1408b20
- 190-hostapd-Fix-hostapd-crash-if-setup-a-iface-with-.patch
  -> https://git.w1.fi/cgit/hostap/commit/?id=e275c3dc70e1c2947e02e43aeee6c4f9975c3dc7
- 192-nl80211-cancel-scans-whenever-the-first-bss-is-remov.patch
  -> https://git.w1.fi/cgit/hostap/commit/?id=5ce1d41803866782bbd96d575f53d43358a20a2e
- 350-nl80211_del_beacon_bss.patch
  -> https://git.w1.fi/cgit/hostap/commit/?id=b777ecb16274235974edb5c1dfcea6abab25f6c4

Tested-By: Daniel Pawlik <pawlik.dan@gmail.com>
Co-developed-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Link: https://github.com/openwrt/openwrt/pull/20912
Signed-off-by: Nick Hainke <vincent@systemli.org>
2026-03-02 11:58:26 +01:00

162 lines
4.7 KiB
Diff
Raw Permalink Blame History

From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 16 Mar 2023 11:35:50 +0100
Subject: [PATCH] hostapd: add experimental radius server
This can be used to run a standalone EAP server that can be used from
other APs. It uses json as user database format and can automatically
handle reload.
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -63,6 +63,10 @@ endif
OBJS += main.o
OBJS += config_file.o
+ifdef CONFIG_RADIUS_SERVER
+OBJS += radius.o
+endif
+
OBJS += ../src/ap/hostapd.o
OBJS += ../src/ap/wpa_auth_glue.o
OBJS += ../src/ap/drv_callbacks.o
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -41,6 +41,7 @@ struct hapd_global {
static struct hapd_global global;
+extern int radius_main(int argc, char **argv);
#ifndef CONFIG_NO_HOSTAPD_LOGGER
static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
@@ -848,6 +849,11 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
+#ifdef RADIUS_SERVER
+ if (strstr(argv[0], "radius"))
+ return radius_main(argc, argv);
+#endif
+
os_memset(&interfaces, 0, sizeof(interfaces));
interfaces.reload_config = hostapd_reload_config;
interfaces.config_read_cb = hostapd_config_read;
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -63,6 +63,12 @@ struct radius_server_counters {
u32 unknown_acct_types;
};
+struct radius_accept_attr {
+ u8 type;
+ u16 len;
+ void *data;
+};
+
/**
* struct radius_session - Internal RADIUS server data for a session
*/
@@ -89,7 +95,7 @@ struct radius_session {
unsigned int macacl:1;
unsigned int t_c_filtering:1;
- struct hostapd_radius_attr *accept_attr;
+ struct radius_accept_attr *accept_attr;
u32 t_c_timestamp; /* Last read T&C timestamp from user DB */
};
@@ -373,6 +379,7 @@ static void radius_server_session_free(s
radius_msg_free(sess->last_reply);
os_free(sess->username);
os_free(sess->nas_ip);
+ os_free(sess->accept_attr);
os_free(sess);
if (data)
data->num_sess--;
@@ -534,6 +541,36 @@ radius_server_erp_find_key(struct radius
}
#endif /* CONFIG_ERP */
+static struct radius_accept_attr *
+radius_server_copy_attr(const struct hostapd_radius_attr *data)
+{
+ const struct hostapd_radius_attr *attr;
+ struct radius_accept_attr *attr_new;
+ size_t data_size = 0;
+ void *data_buf;
+ int n_attr = 1;
+
+ for (attr = data; attr; attr = attr->next) {
+ n_attr++;
+ data_size += wpabuf_len(attr->val);
+ }
+
+ attr_new = os_zalloc(n_attr * sizeof(*attr) + data_size);
+ if (!attr_new)
+ return NULL;
+
+ data_buf = &attr_new[n_attr];
+ for (n_attr = 0, attr = data; attr; attr = attr->next) {
+ struct radius_accept_attr *cur = &attr_new[n_attr++];
+
+ cur->type = attr->type;
+ cur->len = wpabuf_len(attr->val);
+ cur->data = memcpy(data_buf, wpabuf_head(attr->val), cur->len);
+ data_buf += cur->len;
+ }
+
+ return attr_new;
+}
static struct radius_session *
radius_server_get_new_session(struct radius_server_data *data,
@@ -587,7 +624,7 @@ radius_server_get_new_session(struct rad
eap_user_free(tmp);
return NULL;
}
- sess->accept_attr = tmp->accept_attr;
+ sess->accept_attr = radius_server_copy_attr(tmp->accept_attr);
sess->macacl = tmp->macacl;
eap_user_free(tmp);
@@ -924,11 +961,10 @@ radius_server_encapsulate_eap(struct rad
}
if (code == RADIUS_CODE_ACCESS_ACCEPT) {
- struct hostapd_radius_attr *attr;
- for (attr = sess->accept_attr; attr; attr = attr->next) {
- if (!radius_msg_add_attr(msg, attr->type,
- wpabuf_head(attr->val),
- wpabuf_len(attr->val))) {
+ struct radius_accept_attr *attr;
+ for (attr = sess->accept_attr; attr->data; attr++) {
+ if (!radius_msg_add_attr(msg, attr->type, attr->data,
+ attr->len)) {
wpa_printf(MSG_ERROR, "Could not add RADIUS attribute");
radius_msg_free(msg);
return NULL;
@@ -1024,11 +1060,10 @@ radius_server_macacl(struct radius_serve
}
if (code == RADIUS_CODE_ACCESS_ACCEPT) {
- struct hostapd_radius_attr *attr;
- for (attr = sess->accept_attr; attr; attr = attr->next) {
- if (!radius_msg_add_attr(msg, attr->type,
- wpabuf_head(attr->val),
- wpabuf_len(attr->val))) {
+ struct radius_accept_attr *attr;
+ for (attr = sess->accept_attr; attr->data; attr++) {
+ if (!radius_msg_add_attr(msg, attr->type, attr->data,
+ attr->len)) {
wpa_printf(MSG_ERROR, "Could not add RADIUS attribute");
radius_msg_free(msg);
return NULL;
@@ -2336,7 +2371,7 @@ static int radius_server_get_eap_user(vo
ret = data->get_eap_user(data->conf_ctx, identity, identity_len,
phase2, user);
if (ret == 0 && user) {
- sess->accept_attr = user->accept_attr;
+ sess->accept_attr = radius_server_copy_attr(user->accept_attr);
sess->macacl = user->macacl;
sess->t_c_timestamp = user->t_c_timestamp;
}
Reference in a new issue View git blame Copy permalink