Dynamic authentication / One-time password

[DaveM]

On 07/20/2012 11:48 AM, michael-dev wrote:
> Hi,
> 
> Am 20.07.2012 05:17, schrieb DaveM:
>>
>> But something is wrong. A) I can see that, on every connect request,
>> hostapd_wpa_auth_get_psk is being called three times. Is this expected
>> behavior somehow? I hope not.
> 
> maybe you'd like to set sta->psk during auth, as
> hostapd_wpa_auth_get_psk is also called on rekeying.
> 
>>
>> B) When a client enters a wrong passphrase, some part of hostapd goes
>> into a tight loop. hostapd_wpa_auth_get_psk will then get called
>> endlessly and I have to kill hostapd. Any idea what could cause this?
> 
> hostapd_wpa_auth_get_psk is an iterator, that means, you should have a
> (virtual) list of unique key pointers to be iterated and
> hostapd_wpa_auth_get_psk should return the key pointer after the
> last_key parameter in the list. After the last key is reached (ie the
> last on is passed as last key), the function should return NULL to break
> that endless loop.
> 
> Regards,
>  M. Braun

Excellent analysis of my issues! Returning NULL after the last key does
solve my loop of death problem. It provides me with a stable solution. Yes!

I do not fully get your 1st comment about setting sta->psk during auth.
I tried it and received SIGSEGV (11). So I removed the line and for now
everything seems working OK. I have to think about this more.

One big improvement for me would be if I could *see* the psk the user is
sending, before responding in any way. This would allow me to handle
multiple users using different passphrases in parallel. (Handing out one
psk to user 1 and handing out a different one to user 2, while user 1
has not managed to connect yet). Would this be possible with the current
architecture? Right now, it seems, only one passphrase/psk can be
offered at a time.

In case you are curious, I'm experimenting with v0.8 on Android 4.1.
Thank you again.