Store RADIUS Class per STA instead of EAPOL SM; preserve Class for ACL/MAC auth and accounting#1010
Open
venkatchimata wants to merge 8 commits into
Open
Store RADIUS Class per STA instead of EAPOL SM; preserve Class for ACL/MAC auth and accounting#1010venkatchimata wants to merge 8 commits into
venkatchimata wants to merge 8 commits into
Conversation
The standard iwinfo added he_chan_info, eht_chan_info and eht_chan_width which rpcd uses unconditionally. The qca-wifi-7 iwinfo lacks these, breaking the rpcd build. Add IWINFO_HAS_EHT_CHAN_INFO to the standard iwinfo header and guard the HE/EHT scan result blocks in rpcd behind it. Signed-off-by: John Crispin <john@phrozen.org>
Move edgecore,eap111 to the correct switch group in 02_network and adjust the WAP588M patch context to match. Signed-off-by: John Crispin <john@phrozen.org>
- Wire hostname validation enable / disable to hostname_validate flag in gateway.json - Fix hostname validation check when server cert Subject CN has other attributes like Organization in case of Insta server certs: subject=CN=*.example.com, O=ExampleInc. Fix backported to libwebsockets from: warmcat/libwebsockets@5124ffe Fixes WIFI-15384 Signed-off-by: Arif Alam <arif.alam@netexperience.com>
When radius_request_cui=1 is configured, the EAP path includes a Chargeable-User-Identity attribute (RFC 4372) but the ACL path used by psk2-radius / mpsk-radius does not. Add a nul CUI to hostapd_radius_acl_query() so the RADIUS server is solicited for CUI in Access-Accept, matching the EAP initial-request behaviour. Signed-off-by: John Crispin <john@phrozen.org>
venkatchimata
force-pushed
the
staging-WIFI-15318
branch
from
fd332df to
5da7d7f
Compare
backport hostapd commit e6ec62aa2d68e9436daeb4470260a101a06c9213 fixes WIFI-15317 Signed-off-by: Arif Alam <arif.alam@netexperience.com>
preserve Class for ACL/MAC auth and accounting Move storage of RADIUS Class attributes from the EAPOL state machine to struct sta_info and update all users accordingly. Previously, Class was kept only in eapol_state_machine->radius_class, which caused Class to be lost for authentication paths where eapol_sm is not created. As a result, Accounting messages and PMKSA cache operations could miss the Class attribute. This change makes sta_info->radius_class the single source of truth for RADIUS Class attributes and ensures they are preserved and echoed in Accounting regardless of whether an EAPOL state machine exists. Fixes WIFI-15318 Signed-off-by: Venkat Chimata <venkat@nearhop.com>
preserve Class for ACL/MAC auth and accounting Move storage of RADIUS Class attributes from the EAPOL state machine to struct sta_info and update all users accordingly. Previously, Class was kept only in eapol_state_machine->radius_class, which caused Class to be lost for authentication paths where eapol_sm is not created. As a result, Accounting messages and PMKSA cache operations could miss the Class attribute. This change makes sta_info->radius_class the single source of truth for RADIUS Class attributes and ensures they are preserved and echoed in Accounting regardless of whether an EAPOL state machine exists. Signed-off-by: Venkat Chimata <venkat@nearhop.com>
EAPOL SM; preserve Class for ACL/MAC auth and accounting Move storage of RADIUS Class attributes from the EAPOL state machine to struct sta_info and update all users accordingly. Previously, Class was kept only in eapol_state_machine->radius_class, which caused Class to be lost for authentication paths where eapol_sm is not created. As a result, Accounting messages and PMKSA cache operations could miss the Class attribute. This change makes sta_info->radius_class the single source of truth for RADIUS Class attributes and ensures they are preserved and echoed in Accounting regardless of whether an EAPOL state machine exists. Signed-off-by: Venkat Chimata <venkat@nearhop.com>
venkatchimata
force-pushed
the
staging-WIFI-15318
branch
from
5da7d7f to
7f99a4d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Move storage of RADIUS Class attributes from the EAPOL state machine to
struct sta_info and update all users accordingly. Previously, Class was
kept only in eapol_state_machine->radius_class, which caused Class to be
lost for authentication paths where eapol_sm is not created. As a result,
Accounting messages and PMKSA cache operations could miss the
Class attribute.
This change makes sta_info->radius_class the single source of truth for
RADIUS Class attributes and ensures they are preserved and echoed in
Accounting regardless of whether an EAPOL state machine exists.