Add EAPOL_SET hostapd command to configure EAPOL parameters

This new control interface command "EAPOL_REAUTH <MAC address>
<parameter> <value>" can be used to implement the IEEE 802.1X PAE
Set Authenticator Configuration operation.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 0533c3ed9f13740ce2fa7befae46fb44470a5a08..16add37ea01965c414effa1083cee94d5bc71f29 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -1905,6 +1905,29 @@ static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd,
 }
 
 
+static int hostapd_ctrl_iface_eapol_set(struct hostapd_data *hapd, char *cmd)
+{
+       u8 addr[ETH_ALEN];
+       struct sta_info *sta;
+       char *pos = cmd, *param;
+
+       if (hwaddr_aton(pos, addr) || pos[17] != ' ')
+               return -1;
+       pos += 18;
+       param = pos;
+       pos = os_strchr(pos, ' ');
+       if (!pos)
+               return -1;
+       *pos++ = '\0';
+
+       sta = ap_get_sta(hapd, addr);
+       if (!sta || !sta->eapol_sm)
+               return -1;
+
+       return eapol_auth_set_conf(sta->eapol_sm, param, pos);
+}
+
+
 static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
                                       void *sock_ctx)
 {
@@ -2157,6 +2180,9 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
        } else if (os_strncmp(buf, "EAPOL_REAUTH ", 13) == 0) {
                if (hostapd_ctrl_iface_eapol_reauth(hapd, buf + 13))
                        reply_len = -1;
+       } else if (os_strncmp(buf, "EAPOL_SET ", 10) == 0) {
+               if (hostapd_ctrl_iface_eapol_set(hapd, buf + 10))
+                       reply_len = -1;
        } else {
                os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
                reply_len = 16;

diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index aed89ecab46d1de1f3eaab5ee38b6aaf49516dd2..cbd5287089ebaa5543a10ec981236b085efcfb5c 100644 (file)
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -1089,6 +1089,78 @@ void eapol_auth_reauthenticate(struct eapol_state_machine *sm)
 }
 
 
+int eapol_auth_set_conf(struct eapol_state_machine *sm, const char *param,
+                       const char *value)
+{
+       wpa_printf(MSG_DEBUG, "EAPOL: External configuration operation for "
+                  MACSTR " - param=%s value=%s",
+                  MAC2STR(sm->addr), param, value);
+
+       if (os_strcasecmp(param, "AdminControlledDirections") == 0) {
+               if (os_strcmp(value, "Both") == 0)
+                       sm->adminControlledDirections = Both;
+               else if (os_strcmp(value, "In") == 0)
+                       sm->adminControlledDirections = In;
+               else
+                       return -1;
+               eapol_auth_step(sm);
+               return 0;
+       }
+
+       if (os_strcasecmp(param, "AdminControlledPortControl") == 0) {
+               if (os_strcmp(value, "ForceAuthorized") == 0)
+                       sm->portControl = ForceAuthorized;
+               else if (os_strcmp(value, "ForceUnauthorized") == 0)
+                       sm->portControl = ForceUnauthorized;
+               else if (os_strcmp(value, "Auto") == 0)
+                       sm->portControl = Auto;
+               else
+                       return -1;
+               eapol_auth_step(sm);
+               return 0;
+       }
+
+       if (os_strcasecmp(param, "quietPeriod") == 0) {
+               sm->quietPeriod = atoi(value);
+               return 0;
+       }
+
+       if (os_strcasecmp(param, "serverTimeout") == 0) {
+               sm->serverTimeout = atoi(value);
+               return 0;
+       }
+
+       if (os_strcasecmp(param, "reAuthPeriod") == 0) {
+               sm->reAuthPeriod = atoi(value);
+               return 0;
+       }
+
+       if (os_strcasecmp(param, "reAuthEnabled") == 0) {
+               if (os_strcmp(value, "TRUE") == 0)
+                       sm->reAuthEnabled = TRUE;
+               else if (os_strcmp(value, "FALSE") == 0)
+                       sm->reAuthEnabled = FALSE;
+               else
+                       return -1;
+               eapol_auth_step(sm);
+               return 0;
+       }
+
+       if (os_strcasecmp(param, "KeyTransmissionEnabled") == 0) {
+               if (os_strcmp(value, "TRUE") == 0)
+                       sm->keyTxEnabled = TRUE;
+               else if (os_strcmp(value, "FALSE") == 0)
+                       sm->keyTxEnabled = FALSE;
+               else
+                       return -1;
+               eapol_auth_step(sm);
+               return 0;
+       }
+
+       return -1;
+}
+
+
 static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
                                 struct eapol_auth_config *src)
 {

diff --git a/src/eapol_auth/eapol_auth_sm.h b/src/eapol_auth/eapol_auth_sm.h
index bea784d349aab4c3abcf92606edcc35089f2c52a..1e0d3cce8c2d71c939d5a67fa1472c198884d68c 100644 (file)
--- a/src/eapol_auth/eapol_auth_sm.h
+++ b/src/eapol_auth/eapol_auth_sm.h
@@ -95,5 +95,7 @@ int eapol_auth_dump_state(struct eapol_state_machine *sm, char *buf,
                          size_t buflen);
 int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
 void eapol_auth_reauthenticate(struct eapol_state_machine *sm);
+int eapol_auth_set_conf(struct eapol_state_machine *sm, const char *param,
+                       const char *value);
 
 #endif /* EAPOL_AUTH_SM_H */