[PATCH 10/15] hostap: Debug messages for dodgy RADIUS servers.

greearb at candelatech.com greearb
Wed Mar 5 16:19:55 PST 2014


From: Ben Greear <greearb at candelatech.com>

These were helpful when tracking down why hostapd did not work
properly with a RADIUS server.

Signed-hostap: Ben Greear <greearb at candelatech.com>
---
 src/ap/ieee802_1x.c    |    4 ++++
 src/ap/wpa_auth.c      |    3 ++-
 src/ap/wpa_auth_glue.c |    9 +++++++--
 src/radius/radius.c    |   14 +++++++++++---
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index b12c9d6..9f8b18f 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1119,6 +1119,10 @@ static void ieee802_1x_get_keys(struct hostapd_data *hapd,
 			sm->eap_if->aaaEapKeyAvailable = TRUE;
 		}
 	}
+	else {
+		wpa_printf(MSG_DEBUG, "MS-MPPE: 1x_get_keys, could not get keys: %p  send: %p  recv: %p",
+			   keys, keys ? keys->send : NULL, keys ? keys->recv : NULL);
+	}
 
 	if (keys) {
 		os_free(keys->send);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index ab0cd5b..8a91b58 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1729,7 +1729,8 @@ SM_STATE(WPA_PTK, INITPMK)
 		}
 #endif /* CONFIG_IEEE80211R */
 	} else {
-		wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
+		wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
+			   sm->wpa_auth->cb.get_msk);
 	}
 
 	sm->req_replay_counter_used = 0;
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index da5fea7..627e574 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -248,12 +248,17 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
 	struct sta_info *sta;
 
 	sta = ap_get_sta(hapd, addr);
-	if (sta == NULL)
+	if (sta == NULL) {
+		wpa_printf(MSG_DEBUG, "AUTH_GET_MSK:  Cannot find sta.");
 		return -1;
+	}
 
 	key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
-	if (key == NULL)
+	if (key == NULL) {
+		wpa_printf(MSG_DEBUG, "AUTH_GET_MSK:  Key is null, eapol_sm: %p",
+			   sta->eapol_sm);
 		return -1;
+	}
 
 	if (keylen > *len)
 		keylen = *len;
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 370b517..8ba429a 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -971,13 +971,15 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 
 	/* key: 16-bit salt followed by encrypted key info */
 
-	if (len < 2 + 16)
+	if (len < 2 + 16) {
+		wpa_printf(MSG_DEBUG, "RADIUS: Len is too small: %i", len);
 		return NULL;
+	}
 
 	pos = key + 2;
 	left = len - 2;
 	if (left % 16) {
-		wpa_printf(MSG_INFO, "Invalid ms key len %lu",
+		wpa_printf(MSG_INFO, "RADIUS: Invalid ms key len %lu",
 			   (unsigned long) left);
 		return NULL;
 	}
@@ -1012,7 +1014,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 	}
 
 	if (plain[0] == 0 || plain[0] > plen - 1) {
-		wpa_printf(MSG_INFO, "Failed to decrypt MPPE key");
+		wpa_printf(MSG_INFO, "RADIUS: Failed to decrypt MPPE key");
 		os_free(plain);
 		return NULL;
 	}
@@ -1101,6 +1103,9 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
 					    sent_msg->hdr->authenticator,
 					    secret, secret_len,
 					    &keys->send_len);
+		if (!keys->send) {
+			wpa_printf(MSG_DEBUG, "RADIUS: Failed to decrypt send key.");
+		}
 		os_free(key);
 	}
 
@@ -1112,6 +1117,9 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
 					    sent_msg->hdr->authenticator,
 					    secret, secret_len,
 					    &keys->recv_len);
+		if (!keys->recv) {
+			wpa_printf(MSG_DEBUG, "RADIUS: Failed to decrypt recv key.");
+		}
 		os_free(key);
 	}
 
-- 
1.7.3.4




More information about the Hostap mailing list