[PATCH 1/4] hostap: Debug messages for dodgy RADIUS servers.
greearb at candelatech.com
greearb
Mon Jan 12 14:15:45 PST 2015
From: Ben Greear <greearb at candelatech.com>
These were helpful when tracking down why hostapd did not work
properly with a RADIUS server.
Signed-hostap: Ben Greear <greearb at candelatech.com>
---
src/ap/ieee802_1x.c | 4 ++++
src/ap/wpa_auth.c | 3 ++-
src/ap/wpa_auth_glue.c | 9 +++++++--
src/radius/radius.c | 14 +++++++++++---
4 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 2287b28..d8fd6d2 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1276,6 +1276,10 @@ static void ieee802_1x_get_keys(struct hostapd_data *hapd,
sm->eap_if->aaaEapKeyAvailable = TRUE;
}
}
+ else {
+ wpa_printf(MSG_DEBUG, "MS-MPPE: 1x_get_keys, could not get keys: %p send: %p recv: %p",
+ keys, keys ? keys->send : NULL, keys ? keys->recv : NULL);
+ }
if (keys) {
os_free(keys->send);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 059b884..19648a0 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1839,7 +1839,8 @@ SM_STATE(WPA_PTK, INITPMK)
}
#endif /* CONFIG_IEEE80211R */
} else {
- wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
+ wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
+ sm->wpa_auth->cb.get_msk);
}
sm->req_replay_counter_used = 0;
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 8592b90..67b7b6c 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -249,12 +249,17 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
struct sta_info *sta;
sta = ap_get_sta(hapd, addr);
- if (sta == NULL)
+ if (sta == NULL) {
+ wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find sta.");
return -1;
+ }
key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
- if (key == NULL)
+ if (key == NULL) {
+ wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
+ sta->eapol_sm);
return -1;
+ }
if (keylen > *len)
keylen = *len;
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 6eba2eb..bdd1af1 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -993,13 +993,15 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
/* key: 16-bit salt followed by encrypted key info */
- if (len < 2 + 16)
+ if (len < 2 + 16) {
+ wpa_printf(MSG_DEBUG, "RADIUS: Len is too small: %i", len);
return NULL;
+ }
pos = key + 2;
left = len - 2;
if (left % 16) {
- wpa_printf(MSG_INFO, "Invalid ms key len %lu",
+ wpa_printf(MSG_INFO, "RADIUS: Invalid ms key len %lu",
(unsigned long) left);
return NULL;
}
@@ -1034,7 +1036,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
}
if (plain[0] == 0 || plain[0] > plen - 1) {
- wpa_printf(MSG_INFO, "Failed to decrypt MPPE key");
+ wpa_printf(MSG_INFO, "RADIUS: Failed to decrypt MPPE key");
os_free(plain);
return NULL;
}
@@ -1123,6 +1125,9 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
sent_msg->hdr->authenticator,
secret, secret_len,
&keys->send_len);
+ if (!keys->send) {
+ wpa_printf(MSG_DEBUG, "RADIUS: Failed to decrypt send key.");
+ }
os_free(key);
}
@@ -1134,6 +1139,9 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
sent_msg->hdr->authenticator,
secret, secret_len,
&keys->recv_len);
+ if (!keys->recv) {
+ wpa_printf(MSG_DEBUG, "RADIUS: Failed to decrypt recv key.");
+ }
os_free(key);
}
--
1.7.11.7
More information about the Hostap
mailing list