Add radius_req_attr_sqlite config option for SQLite database file.
RADIUS attribute database open and close handling.
Invoke functions to add extra attributes during RADIUS auth and accounting request generation.
Signed-off-by: Terry Burton <tez@xxxxxxxxxxxxxxxxx>
---
hostapd/config_file.c | 3 +++
hostapd/hostapd.conf | 4 ++++
src/ap/accounting.c | 3 +++
src/ap/hostapd.c | 21 +++++++++++++++++++++
src/ap/ieee802_1x.c | 3 +++
5 files changed, 34 insertions(+)
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 29ea92e0d..1f2c56583 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2832,6 +2832,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
a = a->next;
a->next = attr;
}
+ } else if (os_strcmp(buf, "radius_req_attr_sqlite") == 0) {
+ os_free(bss->radius_req_attr_sqlite);
+ bss->radius_req_attr_sqlite = os_strdup(pos);
} else if (os_strcmp(buf, "radius_das_port") == 0) {
bss->radius_das_port = atoi(pos);
} else if (os_strcmp(buf, "radius_das_client") == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index f2d587388..82787a9b0 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1384,6 +1384,10 @@ own_ip_addr=127.0.0.1
# Operator-Name = "Operator"
#radius_acct_req_attr=126:s:Operator
+# If SQLite support is included, path to a database from which additional
+# RADIUS request attributes are extracted based on the station MAC address.
+#radius_req_attr_sqlite=radius_attr.sqlite
+
# Dynamic Authorization Extensions (RFC 5176)
# This mechanism can be used to allow dynamic changes to user session based on
# commands from a RADIUS server (or some other disconnect client that has the
diff --git a/src/ap/accounting.c b/src/ap/accounting.c
index 0aacc3c95..f29f2470f 100644
--- a/src/ap/accounting.c
+++ b/src/ap/accounting.c
@@ -97,6 +97,9 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
msg) < 0)
goto fail;
+ if (sta && add_sqlite_radius_attr(hapd, sta, msg, RADIUS_ACCT) < 0)
+ goto fail;
+
if (sta) {
for (i = 0; ; i++) {
val = ieee802_1x_get_radius_class(sta->eapol_sm, &len,
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 4d6a1f945..ac322636c 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1213,6 +1213,23 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
if (wpa_debug_level <= MSG_MSGDUMP)
conf->radius->msg_dumps = 1;
#ifndef CONFIG_NO_RADIUS
+
+#ifdef CONFIG_SQLITE
+ if (conf->radius_req_attr_sqlite) {
+ if (sqlite3_open(conf->radius_req_attr_sqlite, &hapd->rad_attr_db)) {
+ wpa_printf(MSG_ERROR, "Could not open SQLite file '%s'",
+ conf->radius_req_attr_sqlite);
+ return -1;
+ } else {
+ wpa_printf(MSG_DEBUG, "Opening RADIUS attribute database: %s",
+ conf->radius_req_attr_sqlite);
+ }
+ if (!db_table_exists(hapd->rad_attr_db, "radius_attributes") &&
+ db_table_create_radius_attributes(hapd->rad_attr_db) < 0)
+ return -1;
+ }
+#endif /* CONFIG_SQLITE */
+
hapd->radius = radius_client_init(hapd, conf->radius);
if (hapd->radius == NULL) {
wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
@@ -2229,6 +2246,10 @@ static void hostapd_bss_deinit(struct hostapd_data *hapd)
hapd->conf ? hapd->conf->iface : "N/A");
hostapd_bss_deinit_no_free(hapd);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
+#ifdef CONFIG_SQLITE
+ if (hapd->rad_attr_db)
+ sqlite3_close(hapd->rad_attr_db);
+#endif /* CONFIG_SQLITE */
hostapd_cleanup(hapd);
}
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 4630bf85c..ac91ca6f9 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -718,6 +718,9 @@ void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
msg) < 0)
goto fail;
+ if (sta && add_sqlite_radius_attr(hapd, sta, msg, RADIUS_AUTH) < 0)
+ goto fail;
+
/* TODO: should probably check MTU from driver config; 2304 is max for
* IEEE 802.11, but use 1400 to avoid problems with too large packets
*/
--
2.20.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
