hostapd: Debug messages for dodgy RADIUS servers

These were helpful when tracking down why hostapd did not work
properly with a RADIUS server.

Signed-hostap: Ben Greear <greearb@candelatech.com>

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 9d257cc3c0d93be0b0524a31d694485e6ff5146a..79dc0f9574880efb2820527532b5f9059c9c3617 100644 (file)
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1271,6 +1271,11 @@ static void ieee802_1x_get_keys(struct hostapd_data *hapd,
                        sm->eap_if->aaaEapKeyDataLen = len;
                        sm->eap_if->aaaEapKeyAvailable = TRUE;
                }
+       } else {
+               wpa_printf(MSG_DEBUG,
+                          "MS-MPPE: 1x_get_keys, could not get keys: %p  send: %p  recv: %p",
+                          keys, keys ? keys->send : NULL,
+                          keys ? keys->recv : NULL);
        }
 
        if (keys) {

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index f71b0285706ec3ddfcf958973ec53d85020d90af..b46b2439f1ce54e30a9191f88cdf3dadf222109e 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1839,7 +1839,8 @@ SM_STATE(WPA_PTK, INITPMK)
                }
 #endif /* CONFIG_IEEE80211R */
        } else {
-               wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
+               wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
+                          sm->wpa_auth->cb.get_msk);
        }
 
        sm->req_replay_counter_used = 0;

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 8592b90b2d176a71ccb4378c0e6477f4ec3a76cd..7f8320708c3963a5693b41c7d28cdba35ac49a3c 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -249,12 +249,17 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
        struct sta_info *sta;
 
        sta = ap_get_sta(hapd, addr);
-       if (sta == NULL)
+       if (sta == NULL) {
+               wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA");
                return -1;
+       }
 
        key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
-       if (key == NULL)
+       if (key == NULL) {
+               wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
+                          sta->eapol_sm);
                return -1;
+       }
 
        if (keylen > *len)
                keylen = *len;

diff --git a/src/radius/radius.c b/src/radius/radius.c
index 6eba2eb6c3b6fcd7a7a9903aede4c90f6f8b9b2b..8d878a4bd0783c817275290f19fb8b851f4309b3 100644 (file)
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -993,13 +993,16 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 
        /* key: 16-bit salt followed by encrypted key info */
 
-       if (len < 2 + 16)
+       if (len < 2 + 16) {
+               wpa_printf(MSG_DEBUG, "RADIUS: %s: Len is too small: %d",
+                          __func__, (int) len);
                return NULL;
+       }
 
        pos = key + 2;
        left = len - 2;
        if (left % 16) {
-               wpa_printf(MSG_INFO, "Invalid ms key len %lu",
+               wpa_printf(MSG_INFO, "RADIUS: Invalid ms key len %lu",
                           (unsigned long) left);
                return NULL;
        }
@@ -1034,7 +1037,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
        }
 
        if (plain[0] == 0 || plain[0] > plen - 1) {
-               wpa_printf(MSG_INFO, "Failed to decrypt MPPE key");
+               wpa_printf(MSG_INFO, "RADIUS: Failed to decrypt MPPE key");
                os_free(plain);
                return NULL;
        }
@@ -1123,6 +1126,10 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
                                            sent_msg->hdr->authenticator,
                                            secret, secret_len,
                                            &keys->send_len);
+               if (!keys->send) {
+                       wpa_printf(MSG_DEBUG,
+                                  "RADIUS: Failed to decrypt send key");
+               }
                os_free(key);
        }
 
@@ -1134,6 +1141,10 @@ radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
                                            sent_msg->hdr->authenticator,
                                            secret, secret_len,
                                            &keys->recv_len);
+               if (!keys->recv) {
+                       wpa_printf(MSG_DEBUG,
+                                  "RADIUS: Failed to decrypt recv key");
+               }
                os_free(key);
        }