AP MLD: Fix deferred first link BSS's authentication server init

Currently, RADIUS client, auth server, and 802.1X are copied from the
first link's BSS into the non-first link during its setup. However,
there could be a case where the first link is not initialized fully
because of ACS/HT40 SCAN/DFS. Hence, in such cases, NULL is getting
copied and later it leads to segmentation fault.

Initialize those on behalf of the first link in such case and update it
so that the next time other non-first link can use it.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>

diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 6ed4d063349b01845c03658bf08095fca34044c0..837b6909bde505554a2c5a4d042b7685a357cb27 100644 (file)
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -260,11 +260,20 @@ int authsrv_init(struct hostapd_data *hapd)
        if (!hostapd_mld_is_first_bss(hapd)) {
                struct hostapd_data *first;
 
-               wpa_printf(MSG_DEBUG, "MLD: Using auth_serv of the first BSS");
-
                first = hostapd_mld_get_first_bss(hapd);
                if (!first)
                        return -1;
+
+               if (!first->eap_cfg) {
+                       wpa_printf(MSG_DEBUG,
+                                  "MLD: First BSS auth_serv does not exist. Init on its behalf");
+
+                       if (authsrv_init(first))
+                               return -1;
+               }
+
+               wpa_printf(MSG_DEBUG, "MLD: Using auth_serv of the first BSS");
+
 #ifdef EAP_TLS_FUNCS
                hapd->ssl_ctx = first->ssl_ctx;
 #endif /* EAP_TLS_FUNCS */

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 0506b418f423a3fee945a098e460acaab5b9e426..94489e4c12f48863ec8da246e1d165ad5d0ff34e 100644 (file)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1307,6 +1307,59 @@ static int hostapd_start_beacon(struct hostapd_data *hapd,
 }
 
 
+#ifndef CONFIG_NO_RADIUS
+static int hostapd_bss_radius_init(struct hostapd_data *hapd)
+{
+       struct hostapd_bss_config *conf;
+
+       if (!hapd)
+               return -1;
+
+       conf = hapd->conf;
+
+       if (hapd->radius) {
+               wpa_printf(MSG_DEBUG,
+                          "Skipping RADIUS client init (already done)");
+               return 0;
+       }
+
+       hapd->radius = radius_client_init(hapd, conf->radius);
+       if (!hapd->radius) {
+               wpa_printf(MSG_ERROR,
+                          "RADIUS client initialization failed.");
+               return -1;
+       }
+
+       if (conf->radius_das_port) {
+               struct radius_das_conf das_conf;
+
+               os_memset(&das_conf, 0, sizeof(das_conf));
+               das_conf.port = conf->radius_das_port;
+               das_conf.shared_secret = conf->radius_das_shared_secret;
+               das_conf.shared_secret_len =
+                       conf->radius_das_shared_secret_len;
+               das_conf.client_addr = &conf->radius_das_client_addr;
+               das_conf.time_window = conf->radius_das_time_window;
+               das_conf.require_event_timestamp =
+                       conf->radius_das_require_event_timestamp;
+               das_conf.require_message_authenticator =
+                       conf->radius_das_require_message_authenticator;
+               das_conf.ctx = hapd;
+               das_conf.disconnect = hostapd_das_disconnect;
+               das_conf.coa = hostapd_das_coa;
+               hapd->radius_das = radius_das_init(&das_conf);
+               if (!hapd->radius_das) {
+                       wpa_printf(MSG_ERROR,
+                                  "RADIUS DAS initialization failed.");
+                       return -1;
+               }
+       }
+
+       return 0;
+}
+#endif /* CONFIG_NO_RADIUS */
+
+
 /**
  * hostapd_setup_bss - Per-BSS setup (initialization)
  * @hapd: Pointer to BSS data
@@ -1540,46 +1593,26 @@ setup_mld:
 #endif /* CONFIG_SQLITE */
 
        if (hostapd_mld_is_first_bss(hapd)) {
-               hapd->radius = radius_client_init(hapd, conf->radius);
-               if (!hapd->radius) {
-                       wpa_printf(MSG_ERROR,
-                                  "RADIUS client initialization failed.");
+               if (hostapd_bss_radius_init(hapd))
                        return -1;
-               }
-
-               if (conf->radius_das_port) {
-                       struct radius_das_conf das_conf;
-
-                       os_memset(&das_conf, 0, sizeof(das_conf));
-                       das_conf.port = conf->radius_das_port;
-                       das_conf.shared_secret = conf->radius_das_shared_secret;
-                       das_conf.shared_secret_len =
-                               conf->radius_das_shared_secret_len;
-                       das_conf.client_addr = &conf->radius_das_client_addr;
-                       das_conf.time_window = conf->radius_das_time_window;
-                       das_conf.require_event_timestamp =
-                               conf->radius_das_require_event_timestamp;
-                       das_conf.require_message_authenticator =
-                               conf->radius_das_require_message_authenticator;
-                       das_conf.ctx = hapd;
-                       das_conf.disconnect = hostapd_das_disconnect;
-                       das_conf.coa = hostapd_das_coa;
-                       hapd->radius_das = radius_das_init(&das_conf);
-                       if (!hapd->radius_das) {
-                               wpa_printf(MSG_ERROR,
-                                          "RADIUS DAS initialization failed.");
-                               return -1;
-                       }
-               }
        } else {
 #ifdef CONFIG_IEEE80211BE
                struct hostapd_data *f_bss;
 
-               wpa_printf(MSG_DEBUG,
-                          "MLD: Using RADIUS client of the first BSS");
                f_bss = hostapd_mld_get_first_bss(hapd);
                if (!f_bss)
                        return -1;
+
+               if (!f_bss->radius) {
+                       wpa_printf(MSG_DEBUG,
+                                  "MLD: First BSS RADIUS client does not exist. Init on its behalf");
+
+                       if (hostapd_bss_radius_init(f_bss))
+                               return -1;
+               }
+
+               wpa_printf(MSG_DEBUG,
+                          "MLD: Using RADIUS client of the first BSS");
                hapd->radius = f_bss->radius;
                hapd->radius_das = f_bss->radius_das;
 #endif /* CONFIG_IEEE80211BE */

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 8e98b65216952a20c2eae24f3dfc3b7199f751b9..31a1120110ee7a1186175ac354f1ba0fcd8ca978 100644 (file)
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2543,12 +2543,21 @@ int ieee802_1x_init(struct hostapd_data *hapd)
        if (!hostapd_mld_is_first_bss(hapd)) {
                struct hostapd_data *first;
 
-               wpa_printf(MSG_DEBUG,
-                          "MLD: Using IEEE 802.1X state machine of the first BSS");
-
                first = hostapd_mld_get_first_bss(hapd);
                if (!first)
                        return -1;
+
+               if (!first->eapol_auth) {
+                       wpa_printf(MSG_DEBUG,
+                                  "MLD: First BSS IEEE 802.1X state machine does not exist. Init on its behalf");
+
+                       if (ieee802_1x_init(first))
+                               return -1;
+               }
+
+               wpa_printf(MSG_DEBUG,
+                          "MLD: Using IEEE 802.1X state machine of the first BSS");
+
                hapd->eapol_auth = first->eapol_auth;
                return 0;
        }