From: Felix Fietkau Date: Thu, 22 Sep 2022 12:01:52 +0000 (+0200) Subject: hostapd: add ubus notification on sta authorized X-Git-Tag: v23.05.0-rc1~2355 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=8cb995445a26ee124e40b8ef97cc0ddd9d10f82a;p=openwrt%2Fopenwrt.git hostapd: add ubus notification on sta authorized Also include the station auth_type in the ubus and log message in order to detect, if clients used FT or FILS to associate Signed-off-by: Felix Fietkau --- diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index 7c6c5e3814..521e7df82e 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -250,8 +250,62 @@ ap_free_sta(hapd, sta); break; } -@@ -1329,6 +1331,7 @@ void ap_sta_set_authorized(struct hostap - buf, ip_addr, keyid_buf); +@@ -1298,12 +1300,25 @@ void ap_sta_set_authorized(struct hostap + sta->addr, authorized, dev_addr); + + if (authorized) { ++ static const char * const auth_algs[] = { ++ [WLAN_AUTH_OPEN] = "open", ++ [WLAN_AUTH_SHARED_KEY] = "shared", ++ [WLAN_AUTH_FT] = "ft", ++ [WLAN_AUTH_SAE] = "sae", ++ [WLAN_AUTH_FILS_SK] = "fils-sk", ++ [WLAN_AUTH_FILS_SK_PFS] = "fils-sk-pfs", ++ [WLAN_AUTH_FILS_PK] = "fils-pk", ++ [WLAN_AUTH_PASN] = "pasn", ++ }; ++ const char *auth_alg = NULL; + const char *keyid; + char keyid_buf[100]; + char ip_addr[100]; ++ char alg_buf[100]; + + keyid_buf[0] = '\0'; + ip_addr[0] = '\0'; ++ alg_buf[0] = '\0'; + #ifdef CONFIG_P2P + if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) { + os_snprintf(ip_addr, sizeof(ip_addr), +@@ -1313,22 +1328,31 @@ void ap_sta_set_authorized(struct hostap + } + #endif /* CONFIG_P2P */ + ++ if (sta->auth_alg < ARRAY_SIZE(auth_algs)) ++ auth_alg = auth_algs[sta->auth_alg]; ++ ++ if (auth_alg) ++ os_snprintf(alg_buf, sizeof(alg_buf), ++ " auth_alg=%s", auth_alg); ++ + keyid = ap_sta_wpa_get_keyid(hapd, sta); + if (keyid) { + os_snprintf(keyid_buf, sizeof(keyid_buf), + " keyid=%s", keyid); + } + +- wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s", +- buf, ip_addr, keyid_buf); ++ hostapd_ubus_notify_authorized(hapd, sta, auth_alg); ++ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s", ++ buf, ip_addr, keyid_buf, alg_buf); + + if (hapd->msg_ctx_parent && + hapd->msg_ctx_parent != hapd->msg_ctx) + wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, +- AP_STA_CONNECTED "%s%s%s", +- buf, ip_addr, keyid_buf); ++ AP_STA_CONNECTED "%s%s%s%s", ++ buf, ip_addr, keyid_buf, alg_buf); } else { wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); + hostapd_ubus_notify(hapd, "disassoc", sta->addr); diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c index 622eab8838..85281f4197 100644 --- a/package/network/services/hostapd/src/src/ap/ubus.c +++ b/package/network/services/hostapd/src/src/ap/ubus.c @@ -1983,6 +1983,20 @@ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 * ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1); } +void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, + const char *auth_alg) +{ + if (!hapd->ubus.obj.has_subscribers) + return; + + blob_buf_init(&b, 0); + blobmsg_add_macaddr(&b, "address", sta->addr); + if (auth_alg) + blobmsg_add_string(&b, "auth-alg", auth_alg); + + ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1); +} + void hostapd_ubus_notify_beacon_report( struct hostapd_data *hapd, const u8 *addr, u8 token, u8 rep_mode, struct rrm_measurement_beacon_report *rep, size_t len) diff --git a/package/network/services/hostapd/src/src/ap/ubus.h b/package/network/services/hostapd/src/src/ap/ubus.h index 5a33b624d0..b0f7c44ab5 100644 --- a/package/network/services/hostapd/src/src/ap/ubus.h +++ b/package/network/services/hostapd/src/src/ap/ubus.h @@ -65,6 +65,8 @@ void hostapd_ubus_free(struct hapd_interfaces *interfaces); int hostapd_ubus_notify_bss_transition_query( struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason, const u8 *candidate_list, u16 candidate_list_len); +void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, + const char *auth_alg); #else @@ -140,6 +142,13 @@ static inline int hostapd_ubus_notify_bss_transition_query( { return 0; } + +static inline void +hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, + const char *auth_alg) +{ +} + #endif #endif