From patchwork Thu Mar 6 00:19:55 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 327246 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 608062C007E for ; Thu, 6 Mar 2014 11:24:32 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id ECAD29D398; Wed, 5 Mar 2014 19:24:26 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pakz20jNco2F; Wed, 5 Mar 2014 19:24:26 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 261E317C02C; Wed, 5 Mar 2014 19:23:56 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id CA71A9D3BD for ; Wed, 5 Mar 2014 19:23:53 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzC8b4XMHEvU for ; Wed, 5 Mar 2014 19:23:48 -0500 (EST) Received: from ns3.lanforge.com (mail.candelatech.com [208.74.158.172]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 5FD6F9D39B for ; Wed, 5 Mar 2014 19:23:22 -0500 (EST) Received: from fs3.candelatech.com (firewall.candelatech.com [70.89.124.249]) by ns3.lanforge.com (8.14.2/8.14.2) with ESMTP id s260Lh2g031348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Mar 2014 16:21:45 -0800 From: greearb@candelatech.com To: hostap@lists.shmoo.com Subject: [PATCH 10/15] hostap: Debug messages for dodgy RADIUS servers. Date: Wed, 5 Mar 2014 16:19:55 -0800 Message-Id: <1394065200-20377-10-git-send-email-greearb@candelatech.com> X-Mailer: git-send-email 1.7.3.4 In-Reply-To: <1394065200-20377-1-git-send-email-greearb@candelatech.com> References: <1394065200-20377-1-git-send-email-greearb@candelatech.com> Cc: Ben Greear X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.11 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com From: Ben Greear These were helpful when tracking down why hostapd did not work properly with a RADIUS server. Signed-hostap: Ben Greear --- src/ap/ieee802_1x.c | 4 ++++ src/ap/wpa_auth.c | 3 ++- src/ap/wpa_auth_glue.c | 9 +++++++-- src/radius/radius.c | 14 +++++++++++--- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index b12c9d6..9f8b18f 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -1119,6 +1119,10 @@ static void ieee802_1x_get_keys(struct hostapd_data *hapd, sm->eap_if->aaaEapKeyAvailable = TRUE; } } + else { + wpa_printf(MSG_DEBUG, "MS-MPPE: 1x_get_keys, could not get keys: %p send: %p recv: %p", + keys, keys ? keys->send : NULL, keys ? keys->recv : NULL); + } if (keys) { os_free(keys->send); diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index ab0cd5b..8a91b58 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1729,7 +1729,8 @@ SM_STATE(WPA_PTK, INITPMK) } #endif /* CONFIG_IEEE80211R */ } else { - wpa_printf(MSG_DEBUG, "WPA: Could not get PMK"); + wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p", + sm->wpa_auth->cb.get_msk); } sm->req_replay_counter_used = 0; diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index da5fea7..627e574 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -248,12 +248,17 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk, struct sta_info *sta; sta = ap_get_sta(hapd, addr); - if (sta == NULL) + if (sta == NULL) { + wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find sta."); return -1; + } key = ieee802_1x_get_key(sta->eapol_sm, &keylen); - if (key == NULL) + if (key == NULL) { + wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p", + sta->eapol_sm); return -1; + } if (keylen > *len) keylen = *len; diff --git a/src/radius/radius.c b/src/radius/radius.c index 370b517..8ba429a 100644 --- a/src/radius/radius.c +++ b/src/radius/radius.c @@ -971,13 +971,15 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len, /* key: 16-bit salt followed by encrypted key info */ - if (len < 2 + 16) + if (len < 2 + 16) { + wpa_printf(MSG_DEBUG, "RADIUS: Len is too small: %i", len); return NULL; + } pos = key + 2; left = len - 2; if (left % 16) { - wpa_printf(MSG_INFO, "Invalid ms key len %lu", + wpa_printf(MSG_INFO, "RADIUS: Invalid ms key len %lu", (unsigned long) left); return NULL; } @@ -1012,7 +1014,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len, } if (plain[0] == 0 || plain[0] > plen - 1) { - wpa_printf(MSG_INFO, "Failed to decrypt MPPE key"); + wpa_printf(MSG_INFO, "RADIUS: Failed to decrypt MPPE key"); os_free(plain); return NULL; } @@ -1101,6 +1103,9 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg, sent_msg->hdr->authenticator, secret, secret_len, &keys->send_len); + if (!keys->send) { + wpa_printf(MSG_DEBUG, "RADIUS: Failed to decrypt send key."); + } os_free(key); } @@ -1112,6 +1117,9 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg, sent_msg->hdr->authenticator, secret, secret_len, &keys->recv_len); + if (!keys->recv) { + wpa_printf(MSG_DEBUG, "RADIUS: Failed to decrypt recv key."); + } os_free(key); }