[openwrt/openwrt] hostapd: add ubus notification on sta authorized

LEDE Commits lede-commits at lists.infradead.org
Thu Sep 22 06:27:24 PDT 2022 

nbd pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/8cb995445a26ee124e40b8ef97cc0ddd9d10f82a

commit 8cb995445a26ee124e40b8ef97cc0ddd9d10f82a
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Thu Sep 22 14:01:52 2022 +0200

    hostapd: add ubus notification on sta authorized
    
    Also include the station auth_type in the ubus and log message in order
    to detect, if clients used FT or FILS to associate
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
 .../hostapd/patches/600-ubus_support.patch         | 58 +++++++++++++++++++++-
 package/network/services/hostapd/src/src/ap/ubus.c | 14 ++++++
 package/network/services/hostapd/src/src/ap/ubus.h |  9 ++++
 3 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index 7c6c5e3814..521e7df82e 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -250,8 +250,62 @@
  		ap_free_sta(hapd, sta);
  		break;
  	}
-@@ -1329,6 +1331,7 @@ void ap_sta_set_authorized(struct hostap
- 					  buf, ip_addr, keyid_buf);
+@@ -1298,12 +1300,25 @@ void ap_sta_set_authorized(struct hostap
+ 					sta->addr, authorized, dev_addr);
+ 
+ 	if (authorized) {
++		static const char * const auth_algs[] = {
++			[WLAN_AUTH_OPEN] = "open",
++			[WLAN_AUTH_SHARED_KEY] = "shared",
++			[WLAN_AUTH_FT] = "ft",
++			[WLAN_AUTH_SAE] = "sae",
++			[WLAN_AUTH_FILS_SK] = "fils-sk",
++			[WLAN_AUTH_FILS_SK_PFS] = "fils-sk-pfs",
++			[WLAN_AUTH_FILS_PK] = "fils-pk",
++			[WLAN_AUTH_PASN] = "pasn",
++		};
++		const char *auth_alg = NULL;
+ 		const char *keyid;
+ 		char keyid_buf[100];
+ 		char ip_addr[100];
++		char alg_buf[100];
+ 
+ 		keyid_buf[0] = '\0';
+ 		ip_addr[0] = '\0';
++		alg_buf[0] = '\0';
+ #ifdef CONFIG_P2P
+ 		if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
+ 			os_snprintf(ip_addr, sizeof(ip_addr),
+@@ -1313,22 +1328,31 @@ void ap_sta_set_authorized(struct hostap
+ 		}
+ #endif /* CONFIG_P2P */
+ 
++		if (sta->auth_alg < ARRAY_SIZE(auth_algs))
++			auth_alg = auth_algs[sta->auth_alg];
++
++		if (auth_alg)
++			os_snprintf(alg_buf, sizeof(alg_buf),
++				    " auth_alg=%s", auth_alg);
++
+ 		keyid = ap_sta_wpa_get_keyid(hapd, sta);
+ 		if (keyid) {
+ 			os_snprintf(keyid_buf, sizeof(keyid_buf),
+ 				    " keyid=%s", keyid);
+ 		}
+ 
+-		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
+-			buf, ip_addr, keyid_buf);
++		hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
++		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
++			buf, ip_addr, keyid_buf, alg_buf);
+ 
+ 		if (hapd->msg_ctx_parent &&
+ 		    hapd->msg_ctx_parent != hapd->msg_ctx)
+ 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
+-					  AP_STA_CONNECTED "%s%s%s",
+-					  buf, ip_addr, keyid_buf);
++					  AP_STA_CONNECTED "%s%s%s%s",
++					  buf, ip_addr, keyid_buf, alg_buf);
  	} else {
  		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
 +		hostapd_ubus_notify(hapd, "disassoc", sta->addr);
diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c
index 622eab8838..85281f4197 100644
--- a/package/network/services/hostapd/src/src/ap/ubus.c
+++ b/package/network/services/hostapd/src/src/ap/ubus.c
@@ -1983,6 +1983,20 @@ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *
 	ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
 }
 
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+				    const char *auth_alg)
+{
+	if (!hapd->ubus.obj.has_subscribers)
+		return;
+
+	blob_buf_init(&b, 0);
+	blobmsg_add_macaddr(&b, "address", sta->addr);
+	if (auth_alg)
+		blobmsg_add_string(&b, "auth-alg", auth_alg);
+
+	ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1);
+}
+
 void hostapd_ubus_notify_beacon_report(
 	struct hostapd_data *hapd, const u8 *addr, u8 token, u8 rep_mode,
 	struct rrm_measurement_beacon_report *rep, size_t len)
diff --git a/package/network/services/hostapd/src/src/ap/ubus.h b/package/network/services/hostapd/src/src/ap/ubus.h
index 5a33b624d0..b0f7c44ab5 100644
--- a/package/network/services/hostapd/src/src/ap/ubus.h
+++ b/package/network/services/hostapd/src/src/ap/ubus.h
@@ -65,6 +65,8 @@ void hostapd_ubus_free(struct hapd_interfaces *interfaces);
 int hostapd_ubus_notify_bss_transition_query(
 	struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
 	const u8 *candidate_list, u16 candidate_list_len);
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+				    const char *auth_alg);
 
 #else
 
@@ -140,6 +142,13 @@ static inline int hostapd_ubus_notify_bss_transition_query(
 {
 	return 0;
 }
+
+static inline void
+hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+			       const char *auth_alg)
+{
+}
+
 #endif
 
 #endif

More information about the lede-commits mailing list