hostapd: Debug messages for dodgy RADIUS servers

These were helpful when tracking down why hostapd did not work
properly with a RADIUS server.

Signed-hostap: Ben Greear <greearb@candelatech.com>
This commit is contained in:
Ben Greear 2015-01-12 14:15:45 -08:00 committed by Jouni Malinen
parent ad905e4a79
commit 400de9b1fe
4 changed files with 28 additions and 6 deletions

View file

@ -1271,6 +1271,11 @@ static void ieee802_1x_get_keys(struct hostapd_data *hapd,
sm->eap_if->aaaEapKeyDataLen = len; sm->eap_if->aaaEapKeyDataLen = len;
sm->eap_if->aaaEapKeyAvailable = TRUE; sm->eap_if->aaaEapKeyAvailable = TRUE;
} }
} else {
wpa_printf(MSG_DEBUG,
"MS-MPPE: 1x_get_keys, could not get keys: %p send: %p recv: %p",
keys, keys ? keys->send : NULL,
keys ? keys->recv : NULL);
} }
if (keys) { if (keys) {

View file

@ -1839,7 +1839,8 @@ SM_STATE(WPA_PTK, INITPMK)
} }
#endif /* CONFIG_IEEE80211R */ #endif /* CONFIG_IEEE80211R */
} else { } else {
wpa_printf(MSG_DEBUG, "WPA: Could not get PMK"); wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
sm->wpa_auth->cb.get_msk);
} }
sm->req_replay_counter_used = 0; sm->req_replay_counter_used = 0;

View file

@ -249,12 +249,17 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
struct sta_info *sta; struct sta_info *sta;
sta = ap_get_sta(hapd, addr); sta = ap_get_sta(hapd, addr);
if (sta == NULL) if (sta == NULL) {
wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA");
return -1; return -1;
}
key = ieee802_1x_get_key(sta->eapol_sm, &keylen); key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
if (key == NULL) if (key == NULL) {
wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
sta->eapol_sm);
return -1; return -1;
}
if (keylen > *len) if (keylen > *len)
keylen = *len; keylen = *len;

View file

@ -993,13 +993,16 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
/* key: 16-bit salt followed by encrypted key info */ /* key: 16-bit salt followed by encrypted key info */
if (len < 2 + 16) if (len < 2 + 16) {
wpa_printf(MSG_DEBUG, "RADIUS: %s: Len is too small: %d",
__func__, (int) len);
return NULL; return NULL;
}
pos = key + 2; pos = key + 2;
left = len - 2; left = len - 2;
if (left % 16) { if (left % 16) {
wpa_printf(MSG_INFO, "Invalid ms key len %lu", wpa_printf(MSG_INFO, "RADIUS: Invalid ms key len %lu",
(unsigned long) left); (unsigned long) left);
return NULL; return NULL;
} }
@ -1034,7 +1037,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
} }
if (plain[0] == 0 || plain[0] > plen - 1) { if (plain[0] == 0 || plain[0] > plen - 1) {
wpa_printf(MSG_INFO, "Failed to decrypt MPPE key"); wpa_printf(MSG_INFO, "RADIUS: Failed to decrypt MPPE key");
os_free(plain); os_free(plain);
return NULL; return NULL;
} }
@ -1123,6 +1126,10 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
sent_msg->hdr->authenticator, sent_msg->hdr->authenticator,
secret, secret_len, secret, secret_len,
&keys->send_len); &keys->send_len);
if (!keys->send) {
wpa_printf(MSG_DEBUG,
"RADIUS: Failed to decrypt send key");
}
os_free(key); os_free(key);
} }
@ -1134,6 +1141,10 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
sent_msg->hdr->authenticator, sent_msg->hdr->authenticator,
secret, secret_len, secret, secret_len,
&keys->recv_len); &keys->recv_len);
if (!keys->recv) {
wpa_printf(MSG_DEBUG,
"RADIUS: Failed to decrypt recv key");
}
os_free(key); os_free(key);
} }