DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Convert RADIUS debug dumps to use wpa_printf()

Browse source 
This allows the debug dumps of RADIUS messages to be captured through
normal wpa_printf() mechanisms.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-02-15 19:26:12 +02:00
parent a0ac572611
commit 38ecb06e16
1 changed files with 37 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
src/radius/radius.c
View file

@ -249,25 +249,17 @@ static struct radius_attr_type *radius_get_attr_type(u8 type)
} }
static void print_char(char c)
{
if (c >= 32 && c < 127)
printf("%c", c);
else
printf("<%02x>", c);
}
static void radius_msg_dump_attr(struct radius_attr_hdr *hdr) static void radius_msg_dump_attr(struct radius_attr_hdr *hdr)
{ {
struct radius_attr_type *attr; struct radius_attr_type *attr;
int i, len; int len;
unsigned char *pos; unsigned char *pos;
char buf[1000];
attr = radius_get_attr_type(hdr->type); attr = radius_get_attr_type(hdr->type);
printf(" Attribute %d (%s) length=%d\n", wpa_printf(MSG_INFO, " Attribute %d (%s) length=%d",
hdr->type, attr ? attr->name : "?Unknown?", hdr->length); hdr->type, attr ? attr->name : "?Unknown?", hdr->length);
if (attr == NULL || hdr->length < sizeof(struct radius_attr_hdr)) if (attr == NULL || hdr->length < sizeof(struct radius_attr_hdr))
return; return;
@ -277,47 +269,50 @@ static void radius_msg_dump_attr(struct radius_attr_hdr *hdr)
switch (attr->data_type) { switch (attr->data_type) {
case RADIUS_ATTR_TEXT: case RADIUS_ATTR_TEXT:
printf(" Value: '"); printf_encode(buf, sizeof(buf), pos, len);
for (i = 0; i < len; i++) wpa_printf(MSG_INFO, " Value: '%s'", buf);
print_char(pos[i]);
printf("'\n");
break; break;
case RADIUS_ATTR_IP: case RADIUS_ATTR_IP:
if (len == 4) { if (len == 4) {
struct in_addr addr; struct in_addr addr;
os_memcpy(&addr, pos, 4); os_memcpy(&addr, pos, 4);
printf(" Value: %s\n", inet_ntoa(addr)); wpa_printf(MSG_INFO, " Value: %s",
} else inet_ntoa(addr));
printf(" Invalid IP address length %d\n", len); } else {
wpa_printf(MSG_INFO, " Invalid IP address length %d",
len);
}
break; break;
#ifdef CONFIG_IPV6 #ifdef CONFIG_IPV6
case RADIUS_ATTR_IPV6: case RADIUS_ATTR_IPV6:
if (len == 16) { if (len == 16) {
char buf[128];
const char *atxt; const char *atxt;
struct in6_addr *addr = (struct in6_addr *) pos; struct in6_addr *addr = (struct in6_addr *) pos;
atxt = inet_ntop(AF_INET6, addr, buf, sizeof(buf)); atxt = inet_ntop(AF_INET6, addr, buf, sizeof(buf));
printf(" Value: %s\n", atxt ? atxt : "?"); wpa_printf(MSG_INFO, " Value: %s",
} else atxt ? atxt : "?");
printf(" Invalid IPv6 address length %d\n", len); } else {
wpa_printf(MSG_INFO, " Invalid IPv6 address length %d",
len);
}
break; break;
#endif /* CONFIG_IPV6 */ #endif /* CONFIG_IPV6 */
case RADIUS_ATTR_HEXDUMP: case RADIUS_ATTR_HEXDUMP:
case RADIUS_ATTR_UNDIST: case RADIUS_ATTR_UNDIST:
printf(" Value:"); wpa_snprintf_hex(buf, sizeof(buf), pos, len);
for (i = 0; i < len; i++) wpa_printf(MSG_INFO, " Value: %s", buf);
printf(" %02x", pos[i]);
printf("\n");
break; break;
case RADIUS_ATTR_INT32: case RADIUS_ATTR_INT32:
if (len == 4) if (len == 4)
printf(" Value: %u\n", WPA_GET_BE32(pos)); wpa_printf(MSG_INFO, " Value: %u",
WPA_GET_BE32(pos));
else else
printf(" Invalid INT32 length %d\n", len); wpa_printf(MSG_INFO, " Invalid INT32 length %d",
len);
break; break;
default: default:
@ -330,9 +325,9 @@ void radius_msg_dump(struct radius_msg *msg)
{ {
size_t i; size_t i;
printf("RADIUS message: code=%d (%s) identifier=%d length=%d\n", wpa_printf(MSG_INFO, "RADIUS message: code=%d (%s) identifier=%d length=%d",
msg->hdr->code, radius_code_string(msg->hdr->code), msg->hdr->code, radius_code_string(msg->hdr->code),
msg->hdr->identifier, be_to_host16(msg->hdr->length)); msg->hdr->identifier, be_to_host16(msg->hdr->length));
for (i = 0; i < msg->attr_used; i++) { for (i = 0; i < msg->attr_used; i++) {
struct radius_attr_hdr *attr = radius_get_attr_hdr(msg, i); struct radius_attr_hdr *attr = radius_get_attr_hdr(msg, i);
@ -384,7 +379,7 @@ int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
auth, MD5_MAC_LEN); auth, MD5_MAC_LEN);
if (attr == NULL) { if (attr == NULL) {
printf("WARNING: Could not add Message-Authenticator\n"); wpa_printf(MSG_ERROR, "WARNING: Could not add Message-Authenticator");
return -1; return -1;
} }
msg->hdr->length = host_to_be16(wpabuf_len(msg->buf)); msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
@ -606,7 +601,7 @@ struct radius_attr_hdr *radius_msg_add_attr(struct radius_msg *msg, u8 type,
struct radius_attr_hdr *attr; struct radius_attr_hdr *attr;
if (data_len > RADIUS_MAX_ATTR_LEN) { if (data_len > RADIUS_MAX_ATTR_LEN) {
printf("radius_msg_add_attr: too long attribute (%lu bytes)\n", wpa_printf(MSG_ERROR, "radius_msg_add_attr: too long attribute (%lu bytes)",
(unsigned long) data_len); (unsigned long) data_len);
return NULL; return NULL;
} }
@ -777,8 +772,7 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
tmp = radius_get_attr_hdr(msg, i); tmp = radius_get_attr_hdr(msg, i);
if (tmp->type == RADIUS_ATTR_MESSAGE_AUTHENTICATOR) { if (tmp->type == RADIUS_ATTR_MESSAGE_AUTHENTICATOR) {
if (attr != NULL) { if (attr != NULL) {
printf("Multiple Message-Authenticator " wpa_printf(MSG_INFO, "Multiple Message-Authenticator attributes in RADIUS message");
"attributes in RADIUS message\n");
return 1; return 1;
} }
attr = tmp; attr = tmp;
@ -786,7 +780,7 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
} }
if (attr == NULL) { if (attr == NULL) {
printf("No Message-Authenticator attribute found\n"); wpa_printf(MSG_INFO, "No Message-Authenticator attribute found");
return 1; return 1;
} }
@ -807,7 +801,7 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
} }
if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) { if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) {
printf("Invalid Message-Authenticator!\n"); wpa_printf(MSG_INFO, "Invalid Message-Authenticator!");
return 1; return 1;
} }
@ -823,7 +817,7 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
u8 hash[MD5_MAC_LEN]; u8 hash[MD5_MAC_LEN];
if (sent_msg == NULL) { if (sent_msg == NULL) {
printf("No matching Access-Request message found\n"); wpa_printf(MSG_INFO, "No matching Access-Request message found");
return 1; return 1;
} }
@ -844,7 +838,7 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
len[3] = secret_len; len[3] = secret_len;
md5_vector(4, addr, len, hash); md5_vector(4, addr, len, hash);
if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) { if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
printf("Response Authenticator invalid!\n"); wpa_printf(MSG_INFO, "Response Authenticator invalid!");
return 1; return 1;
} }
@ -983,7 +977,8 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
pos = key + 2; pos = key + 2;
left = len - 2; left = len - 2;
if (left % 16) { if (left % 16) {
printf("Invalid ms key len %lu\n", (unsigned long) left); wpa_printf(MSG_INFO, "Invalid ms key len %lu",
(unsigned long) left);
return NULL; return NULL;
} }
@ -1017,7 +1012,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
} }
if (plain[0] == 0 || plain[0] > plen - 1) { if (plain[0] == 0 || plain[0] > plen - 1) {
printf("Failed to decrypt MPPE key\n"); wpa_printf(MSG_INFO, "Failed to decrypt MPPE key");
os_free(plain); os_free(plain);
return NULL; return NULL;
} }