hostapd: add additional radius options
authorJohn Crispin <john@phrozen.org>
Tue, 18 May 2021 15:53:45 +0000 (17:53 +0200)
committerFelix Fietkau <nbd@nbd.name>
Tue, 23 Nov 2021 17:30:04 +0000 (18:30 +0100)
- add functionality to configure RADIUS NAS-Id and Operator-Name
- add functionality to configure RADIUS accounting interval
- enable RADIUS "Chargeable User Identity"

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3bd6c8c728e72444bdf23b8904ef9c52ebb46bb7)

package/network/services/hostapd/files/hostapd.sh

index 4dd1e3218480443c5f7b7ccd72fcf19de3c44921..e62dd844c8b2498505745f9d3cc4a9841beb173d 100644 (file)
@@ -338,6 +338,10 @@ hostapd_common_add_bss_config() {
        config_add_boolean multicast_to_unicast per_sta_vif
 
        config_add_array hostapd_bss_options
+
+       config_add_boolean request_cui
+       config_add_array radius_auth_req_attr
+       config_add_array radius_acct_req_attr
 }
 
 hostapd_set_vlan_file() {
@@ -474,6 +478,14 @@ append_hs20_conn_capab() {
        [ -n "$1" ] && append bss_conf "hs20_conn_capab=$1" "$N"
 }
 
+append_radius_acct_req_attr() {
+       append bss_conf "radius_acct_req_attr=$1" "$N"
+}
+
+append_radius_auth_req_attr() {
+       append bss_conf "radius_auth_req_attr=$1" "$N"
+}
+
 append_airtime_sta_weight() {
        [ -n "$1" ] && append bss_conf "airtime_sta_weight=$1" "$N"
 }
@@ -565,6 +577,7 @@ hostapd_set_bss_options() {
                        append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
                [ -n "$acct_interval" ] && \
                        append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
+               json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
        }
 
        case "$auth_type" in
@@ -619,7 +632,7 @@ hostapd_set_bss_options() {
                                auth_server auth_secret auth_port \
                                dae_client dae_secret dae_port \
                                ownip radius_client_addr \
-                               eap_reauth_period
+                               eap_reauth_period request_cui
 
                        # radius can provide VLAN ID for clients
                        vlan_possible=1
@@ -631,18 +644,20 @@ hostapd_set_bss_options() {
 
                        set_default auth_port 1812
                        set_default dae_port 3799
-
+                       set_default request_cui 0
 
                        append bss_conf "auth_server_addr=$auth_server" "$N"
                        append bss_conf "auth_server_port=$auth_port" "$N"
                        append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
 
+                       [ "$request_cui" -gt 0 ] && append bss_conf "radius_request_cui=$request_cui" "$N"
                        [ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N"
 
                        [ -n "$dae_client" -a -n "$dae_secret" ] && {
                                append bss_conf "radius_das_port=$dae_port" "$N"
                                append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
                        }
+                       json_for_each_item append_radius_auth_req_attr radius_auth_req_attr
 
                        [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
                        [ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"