Add EAPOL_REAUTH hostapd command to trigger EAPOL reauthentication

This new control interface command "EAPOL_REAUTH <MAC address>" can be
used to implement the IEEE 802.1X PAE Reauthenticate operation.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 712f94ac2e1b2d58dfc1c65e10656dd6b9c3f652..0533c3ed9f13740ce2fa7befae46fb44470a5a08 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -25,6 +25,7 @@
 #include "common/ieee802_11_defs.h"
 #include "crypto/tls.h"
 #include "drivers/driver.h"
+#include "eapol_auth/eapol_auth_sm.h"
 #include "radius/radius_client.h"
 #include "radius/radius_server.h"
 #include "l2_packet/l2_packet.h"
@@ -1886,6 +1887,24 @@ static int hostapd_ctrl_iface_vendor(struct hostapd_data *hapd, char *cmd,
 }
 
 
+static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd,
+                                          const char *cmd)
+{
+       u8 addr[ETH_ALEN];
+       struct sta_info *sta;
+
+       if (hwaddr_aton(cmd, addr))
+               return -1;
+
+       sta = ap_get_sta(hapd, addr);
+       if (!sta || !sta->eapol_sm)
+               return -1;
+
+       eapol_auth_reauthenticate(sta->eapol_sm);
+       return 0;
+}
+
+
 static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
                                       void *sock_ctx)
 {
@@ -2135,6 +2154,9 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
 #ifdef RADIUS_SERVER
                radius_server_erp_flush(hapd->radius_srv);
 #endif /* RADIUS_SERVER */
+       } else if (os_strncmp(buf, "EAPOL_REAUTH ", 13) == 0) {
+               if (hostapd_ctrl_iface_eapol_reauth(hapd, buf + 13))
+                       reply_len = -1;
        } else {
                os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
                reply_len = 16;

diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index 3b0c2e4df4d55f8a3d01d5dd839dfbfbced730ee..aed89ecab46d1de1f3eaab5ee38b6aaf49516dd2 100644 (file)
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -1,6 +1,6 @@
 /*
  * IEEE 802.1X-2004 Authenticator - EAPOL state machine
- * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -1080,6 +1080,15 @@ int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx)
 }
 
 
+void eapol_auth_reauthenticate(struct eapol_state_machine *sm)
+{
+       wpa_printf(MSG_DEBUG, "EAPOL: External reauthentication trigger for "
+                  MACSTR, MAC2STR(sm->addr));
+       sm->reAuthenticate = TRUE;
+       eapol_auth_step(sm);
+}
+
+
 static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
                                 struct eapol_auth_config *src)
 {

diff --git a/src/eapol_auth/eapol_auth_sm.h b/src/eapol_auth/eapol_auth_sm.h
index ebed19adefc7b84fc1d45578c102dc00249c41aa..bea784d349aab4c3abcf92606edcc35089f2c52a 100644 (file)
--- a/src/eapol_auth/eapol_auth_sm.h
+++ b/src/eapol_auth/eapol_auth_sm.h
@@ -1,6 +1,6 @@
 /*
  * IEEE 802.1X-2004 Authenticator - EAPOL state machine
- * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -94,5 +94,6 @@ void eapol_auth_step(struct eapol_state_machine *sm);
 int eapol_auth_dump_state(struct eapol_state_machine *sm, char *buf,
                          size_t buflen);
 int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
+void eapol_auth_reauthenticate(struct eapol_state_machine *sm);
 
 #endif /* EAPOL_AUTH_SM_H */