Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

hostapd: Debug messages for dodgy RADIUS servers

These were helpful when tracking down why hostapd did not work
properly with a RADIUS server.

Signed-hostap: Ben Greear <greearb@candelatech.com>
Ben Greear 10 years ago
parent
ad905e4a79
commit
400de9b1fe
4 changed files with 28 additions and 6 deletions
Split View Show Diff Stats
  1. 5 0
      src/ap/ieee802_1x.c
  2. 2 1
      src/ap/wpa_auth.c
  3. 7 2
      src/ap/wpa_auth_glue.c
  4. 14 3
      src/radius/radius.c

+ 5 - 0
src/ap/ieee802_1x.c
View File 

@@ -1271,6 +1271,11 @@ static void ieee802_1x_get_keys(struct hostapd_data *hapd,
 
 			sm->eap_if->aaaEapKeyDataLen = len;
 
 			sm->eap_if->aaaEapKeyAvailable = TRUE;
 
 		}
 
+	} else {
 
+		wpa_printf(MSG_DEBUG,
 
+			   "MS-MPPE: 1x_get_keys, could not get keys: %p  send: %p  recv: %p",
 
+			   keys, keys ? keys->send : NULL,
 
+			   keys ? keys->recv : NULL);
 
 	}
 
 
 	if (keys) {

+ 2 - 1
src/ap/wpa_auth.c
View File 

@@ -1839,7 +1839,8 @@ SM_STATE(WPA_PTK, INITPMK)
 
 		}
 
 #endif /* CONFIG_IEEE80211R */
 
 	} else {
 
-		wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
 
+		wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
 
+			   sm->wpa_auth->cb.get_msk);
 
 	}
 
 
 	sm->req_replay_counter_used = 0;

+ 7 - 2
src/ap/wpa_auth_glue.c
View File 

@@ -249,12 +249,17 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
 
 	struct sta_info *sta;
 
 
 	sta = ap_get_sta(hapd, addr);
 
-	if (sta == NULL)
 
+	if (sta == NULL) {
 
+		wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA");
 
 		return -1;
 
+	}
 
 
 	key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
 
-	if (key == NULL)
 
+	if (key == NULL) {
 
+		wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
 
+			   sta->eapol_sm);
 
 		return -1;
 
+	}
 
 
 	if (keylen > *len)
 
 		keylen = *len;

+ 14 - 3
src/radius/radius.c
View File 

@@ -993,13 +993,16 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 
 
 	/* key: 16-bit salt followed by encrypted key info */
 
 
-	if (len < 2 + 16)
 
+	if (len < 2 + 16) {
 
+		wpa_printf(MSG_DEBUG, "RADIUS: %s: Len is too small: %d",
 
+			   __func__, (int) len);
 
 		return NULL;
 
+	}
 
 
 	pos = key + 2;
 
 	left = len - 2;
 
 	if (left % 16) {
 
-		wpa_printf(MSG_INFO, "Invalid ms key len %lu",
 
+		wpa_printf(MSG_INFO, "RADIUS: Invalid ms key len %lu",
 
 			   (unsigned long) left);
 
 		return NULL;
 
 	}
 
@@ -1034,7 +1037,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 
 	}
 
 
 	if (plain[0] == 0 || plain[0] > plen - 1) {
 
-		wpa_printf(MSG_INFO, "Failed to decrypt MPPE key");
 
+		wpa_printf(MSG_INFO, "RADIUS: Failed to decrypt MPPE key");
 
 		os_free(plain);
 
 		return NULL;
 
 	}
 
@@ -1123,6 +1126,10 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
 
 					    sent_msg->hdr->authenticator,
 
 					    secret, secret_len,
 
 					    &keys->send_len);
 
+		if (!keys->send) {
 
+			wpa_printf(MSG_DEBUG,
 
+				   "RADIUS: Failed to decrypt send key");
 
+		}
 
 		os_free(key);
 
 	}
 
 
@@ -1134,6 +1141,10 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
 
 					    sent_msg->hdr->authenticator,
 
 					    secret, secret_len,
 
 					    &keys->recv_len);
 
+		if (!keys->recv) {
 
+			wpa_printf(MSG_DEBUG,
 
+				   "RADIUS: Failed to decrypt recv key");
 
+		}
 
 		os_free(key);
 
 	}