From patchwork Thu Mar 6 00:19:57 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 327247 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 34ED52C00A8 for ; Thu, 6 Mar 2014 11:24:46 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id BB84B17C038; Wed, 5 Mar 2014 19:24:42 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qiklo5wKGHt2; Wed, 5 Mar 2014 19:24:42 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id B873A17C03A; Wed, 5 Mar 2014 19:24:07 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 6F4DC9D399 for ; Wed, 5 Mar 2014 19:24:06 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVguO6xwG5BA for ; Wed, 5 Mar 2014 19:24:00 -0500 (EST) Received: from ns3.lanforge.com (mail.candelatech.com [208.74.158.172]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 0593E9D3B0 for ; Wed, 5 Mar 2014 19:23:29 -0500 (EST) Received: from fs3.candelatech.com (firewall.candelatech.com [70.89.124.249]) by ns3.lanforge.com (8.14.2/8.14.2) with ESMTP id s260Lh2i031348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Mar 2014 16:21:45 -0800 From: greearb@candelatech.com To: hostap@lists.shmoo.com Subject: [PATCH 12/15] interworking: Add logging to track nai_realm_find_eap failures. Date: Wed, 5 Mar 2014 16:19:57 -0800 Message-Id: <1394065200-20377-12-git-send-email-greearb@candelatech.com> X-Mailer: git-send-email 1.7.3.4 In-Reply-To: <1394065200-20377-1-git-send-email-greearb@candelatech.com> References: <1394065200-20377-1-git-send-email-greearb@candelatech.com> Cc: Ben Greear X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.11 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com From: Ben Greear There are lots of reasons we can fail to match an EAP, so add logging to help determine why it is happening in various cases. Signed-off-by: Ben Greear --- wpa_supplicant/interworking.c | 69 ++++++++++++++++++++++++++++++++--------- 1 files changed, 54 insertions(+), 15 deletions(-) diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index 025dcf5..2de12cd 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -574,56 +574,88 @@ static int nai_realm_match(struct nai_realm *realm, const char *home_realm) } -static int nai_realm_cred_username(struct nai_realm_eap *eap) +static int nai_realm_cred_username(struct nai_realm_eap *eap, struct wpa_supplicant *wpa_s) { - if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) + if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) { + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-username: EAP method not supported: %d", + eap->method); return 0; /* method not supported */ + } if (eap->method != EAP_TYPE_TTLS && eap->method != EAP_TYPE_PEAP && eap->method != EAP_TYPE_FAST) { /* Only tunneled methods with username/password supported */ + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-username: Method: %d is not TTLS, PEAP or FAST.", + eap->method); return 0; } if (eap->method == EAP_TYPE_PEAP || eap->method == EAP_TYPE_FAST) { if (eap->inner_method && - eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) + eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) { + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-username: PEAP/FAST: Inner method not supported: %d\n", + eap->inner_method); return 0; + } if (!eap->inner_method && - eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL) + eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL) { + wpa_msg(wpa_s, MSG_DEBUG, "nai-realm-cred-username: MSCHAPv2 not supported"); return 0; + } } if (eap->method == EAP_TYPE_TTLS) { if (eap->inner_method == 0 && eap->inner_non_eap == 0) return 1; /* Assume TTLS/MSCHAPv2 is used */ if (eap->inner_method && - eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) + eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) { + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-username: TTLS, but inner not supported: %d", + eap->inner_method); return 0; + } if (eap->inner_non_eap && eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_PAP && eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_CHAP && eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAP && - eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2) + eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2) { + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-username: TTLS, inner-non-eap not supported: %d", + eap->inner_non_eap); return 0; + } } if (eap->inner_method && eap->inner_method != EAP_TYPE_GTC && - eap->inner_method != EAP_TYPE_MSCHAPV2) + eap->inner_method != EAP_TYPE_MSCHAPV2) { + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-username: inner-method not GTC or MSCHAPv2: %d", + eap->inner_method); return 0; + } return 1; } -static int nai_realm_cred_cert(struct nai_realm_eap *eap) +static int nai_realm_cred_cert(struct nai_realm_eap *eap, struct wpa_supplicant *wpa_s) { - if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) + if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) { + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-cert: method not supported: %d", + eap->method); return 0; /* method not supported */ + } if (eap->method != EAP_TYPE_TLS) { /* Only EAP-TLS supported for credential authentication */ + wpa_msg(wpa_s, MSG_DEBUG, + "nai-realm-cred-cert: method not TLS: %d", + eap->method); return 0; } @@ -632,7 +664,8 @@ static int nai_realm_cred_cert(struct nai_realm_eap *eap) static struct nai_realm_eap * nai_realm_find_eap(struct wpa_cred *cred, - struct nai_realm *realm) + struct nai_realm *realm, + struct wpa_supplicant *wpa_s) { u8 e; @@ -642,16 +675,22 @@ static struct nai_realm_eap * nai_realm_find_eap(struct wpa_cred *cred, ((cred->password == NULL || cred->password[0] == '\0') && (cred->private_key == NULL || - cred->private_key[0] == '\0'))) + cred->private_key[0] == '\0'))) { + wpa_msg(wpa_s, MSG_DEBUG, "nai-realm-find-eap: incomplete cred info:" + " username: %s password: %s private_key: %s\n", + cred->username ? cred->username : "NULL", + cred->password ? cred->password : "NULL", + cred->private_key ? cred->private_key : "NULL"); return NULL; + } for (e = 0; e < realm->eap_count; e++) { struct nai_realm_eap *eap = &realm->eap[e]; if (cred->password && cred->password[0] && - nai_realm_cred_username(eap)) + nai_realm_cred_username(eap, wpa_s)) return eap; if (cred->private_key && cred->private_key[0] && - nai_realm_cred_cert(eap)) + nai_realm_cred_cert(eap, wpa_s)) return eap; } @@ -1618,7 +1657,7 @@ static int interworking_connect_helper(struct wpa_supplicant *wpa_s, for (i = 0; i < count; i++) { if (!nai_realm_match(&realm[i], cred->realm)) continue; - eap = nai_realm_find_eap(cred, &realm[i]); + eap = nai_realm_find_eap(cred, &realm[i], wpa_s); if (eap) break; } @@ -1898,7 +1937,7 @@ static struct wpa_cred * interworking_credentials_available_realm( for (i = 0; i < count; i++) { if (!nai_realm_match(&realm[i], cred->realm)) continue; - if (nai_realm_find_eap(cred, &realm[i])) { + if (nai_realm_find_eap(cred, &realm[i], wpa_s)) { if (cred_no_required_oi_match(cred, bss)) continue; if (!ignore_bw &&