|
hostapd
|
struct radius_server_data - Internal RADIUS server data More...
Public Attributes | |
| int | auth_sock |
| auth_sock - Socket for RADIUS authentication messages | |
| int | acct_sock |
| acct_sock - Socket for RADIUS accounting messages | |
| struct radius_client * | clients |
| clients - List of authorized RADIUS clients | |
| unsigned int | next_sess_id |
| next_sess_id - Next session identifier | |
| void * | conf_ctx |
| conf_ctx - Context pointer for callbacks More... | |
| int | num_sess |
| num_sess - Number of active sessions | |
| void * | eap_sim_db_priv |
| eap_sim_db_priv - EAP-SIM/AKA database context More... | |
| void * | ssl_ctx |
| ssl_ctx - TLS context More... | |
| u8 * | pac_opaque_encr_key |
| pac_opaque_encr_key - PAC-Opaque encryption key for EAP-FAST More... | |
| u8 * | eap_fast_a_id |
| eap_fast_a_id - EAP-FAST authority identity (A-ID) More... | |
| size_t | eap_fast_a_id_len |
| eap_fast_a_id_len - Length of eap_fast_a_id buffer in octets | |
| char * | eap_fast_a_id_info |
| eap_fast_a_id_info - EAP-FAST authority identifier information More... | |
| int | eap_fast_prov |
| eap_fast_prov - EAP-FAST provisioning modes More... | |
| int | pac_key_lifetime |
| pac_key_lifetime - EAP-FAST PAC-Key lifetime in seconds More... | |
| int | pac_key_refresh_time |
| pac_key_refresh_time - EAP-FAST PAC-Key refresh time in seconds More... | |
| int | eap_sim_aka_result_ind |
| eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication More... | |
| int | tnc |
| tnc - Trusted Network Connect (TNC) More... | |
| u16 | pwd_group |
| pwd_group - The D-H group assigned for EAP-pwd More... | |
| const char * | server_id |
| server_id - Server identity | |
| int | erp |
| erp - Whether EAP Re-authentication Protocol (ERP) is enabled More... | |
| const char * | erp_domain |
| struct dl_list | erp_keys |
| unsigned int | tls_session_lifetime |
| struct wps_context * | wps |
| wps - Wi-Fi Protected Setup context More... | |
| int | ipv6 |
| ipv6 - Whether to enable IPv6 support in the RADIUS server | |
| struct os_reltime | start_time |
| start_time - Timestamp of server start | |
| struct radius_server_counters | counters |
| counters - Statistics counters for server operations More... | |
| int(* | get_eap_user )(void *ctx, const u8 *identity, size_t identity_len, int phase2, struct eap_user *user) |
| get_eap_user - Callback for fetching EAP user information : Context data from conf_ctx : User identity : identity buffer length in octets : Whether this is for Phase 2 identity : Data structure for filling in the user information Returns: 0 on success, -1 on failure More... | |
| char * | eap_req_id_text |
| eap_req_id_text - Optional data for EAP-Request/Identity More... | |
| size_t | eap_req_id_text_len |
| eap_req_id_text_len - Length of eap_req_id_text buffer in octets | |
| void * | msg_ctx |
| char * | subscr_remediation_url |
| u8 | subscr_remediation_method |
struct radius_server_data - Internal RADIUS server data
| void* radius_server_data::conf_ctx |
conf_ctx - Context pointer for callbacks
This is used as the ctx argument in get_eap_user() calls.
| struct radius_server_counters radius_server_data::counters |
counters - Statistics counters for server operations
These counters are the sum over all clients.
| u8* radius_server_data::eap_fast_a_id |
eap_fast_a_id - EAP-FAST authority identity (A-ID)
If EAP-FAST is not used, this can be set to NULL. In theory, this is a variable length field, but due to some existing implementations requiring A-ID to be 16 octets in length, it is recommended to use that length for the field to provide interoperability with deployed peer implementations.
| char* radius_server_data::eap_fast_a_id_info |
eap_fast_a_id_info - EAP-FAST authority identifier information
This A-ID-Info contains a user-friendly name for the A-ID. For example, this could be the enterprise and server names in human-readable format. This field is encoded as UTF-8. If EAP-FAST is not used, this can be set to NULL.
| int radius_server_data::eap_fast_prov |
eap_fast_prov - EAP-FAST provisioning modes
0 = provisioning disabled, 1 = only anonymous provisioning allowed, 2 = only authenticated provisioning allowed, 3 = both provisioning modes allowed.
| char* radius_server_data::eap_req_id_text |
eap_req_id_text - Optional data for EAP-Request/Identity
This can be used to configure an optional, displayable message that will be sent in EAP-Request/Identity. This string can contain an ASCII-0 character (nul) to separate network infromation per RFC
| int radius_server_data::eap_sim_aka_result_ind |
eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication
This controls whether the protected success/failure indication (AT_RESULT_IND) is used with EAP-SIM and EAP-AKA.
| void* radius_server_data::eap_sim_db_priv |
eap_sim_db_priv - EAP-SIM/AKA database context
This is passed to the EAP-SIM/AKA server implementation as a callback context.
| int radius_server_data::erp |
erp - Whether EAP Re-authentication Protocol (ERP) is enabled
This controls whether the authentication server derives ERP key hierarchy (rRK and rIK) from full EAP authentication and allows these keys to be used to perform ERP to derive rMSK instead of full EAP authentication to derive MSK.
| int(* radius_server_data::get_eap_user) (void *ctx, const u8 *identity, size_t identity_len, int phase2, struct eap_user *user) |
get_eap_user - Callback for fetching EAP user information : Context data from conf_ctx : User identity : identity buffer length in octets : Whether this is for Phase 2 identity : Data structure for filling in the user information Returns: 0 on success, -1 on failure
This is used to fetch information from user database. The callback will fill in information about allowed EAP methods and the user password. The password field will be an allocated copy of the password data and RADIUS server will free it after use.
| int radius_server_data::pac_key_lifetime |
pac_key_lifetime - EAP-FAST PAC-Key lifetime in seconds
This is the hard limit on how long a provisioned PAC-Key can be used.
| int radius_server_data::pac_key_refresh_time |
pac_key_refresh_time - EAP-FAST PAC-Key refresh time in seconds
This is a soft limit on the PAC-Key. The server will automatically generate a new PAC-Key when this number of seconds (or fewer) of the lifetime remains.
| u8* radius_server_data::pac_opaque_encr_key |
pac_opaque_encr_key - PAC-Opaque encryption key for EAP-FAST
This parameter is used to set a key for EAP-FAST to encrypt the PAC-Opaque data. It can be set to NULL if EAP-FAST is not used. If set, must point to a 16-octet key.
| u16 radius_server_data::pwd_group |
pwd_group - The D-H group assigned for EAP-pwd
If EAP-pwd is not used it can be set to zero.
| void* radius_server_data::ssl_ctx |
ssl_ctx - TLS context
This is passed to the EAP server implementation as a callback context for TLS operations.
| int radius_server_data::tnc |
tnc - Trusted Network Connect (TNC)
This controls whether TNC is enabled and will be required before the peer is allowed to connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other EAP method is enabled, the peer will be allowed to connect without TNC.
| struct wps_context* radius_server_data::wps |
wps - Wi-Fi Protected Setup context
If WPS is used with an external RADIUS server (which is quite unlikely configuration), this is used to provide a pointer to WPS context data. Normally, this can be set to NULL.
1.8.12