From adbc0c1530ff1111a4314b815f2620b0a03e7770 Mon Sep 17 00:00:00 2001 From: Aditya Kumar Singh Date: Tue, 31 Oct 2023 14:21:04 +0530 Subject: [PATCH 1/4] hostapd: fix deferred first link BSS's radius, auth server and 802.1X initialization Currently, radius client, auth server and 802.1X are copied from first link's BSS into the non-first link during its setup. However, there could be a case where the first link is not initialized fully (ACS/HT40 SCAN/DFS). Hence, in such cases, NULL is getting copied and later it leads to segmentation fault. Add changes to initialize those on behalf of the first link if such be the case and update it so that next time other non-first link can use it. If the interface is not the first BSS, then also make the link which is initializing these as the first link of that interface. Signed-off-by: Aditya Kumar Singh --- src/ap/authsrv.c | 32 +++++++++++-- src/ap/authsrv.h | 2 +- src/ap/hostapd.c | 108 +++++++++++++++++++++++++++++++------------- src/ap/ieee802_1x.c | 25 +++++++++- src/ap/ieee802_1x.h | 2 +- 5 files changed, 128 insertions(+), 41 deletions(-) --- a/src/ap/authsrv.c +++ b/src/ap/authsrv.c @@ -250,15 +250,24 @@ static struct eap_config * authsrv_eap_c int authsrv_init(struct hostapd_data *hapd) { #ifdef CONFIG_IEEE80211BE + struct hostapd_data *h_hapd = hostapd_mld_get_first_bss(hapd); + if (!hostapd_mld_is_first_bss(hapd)) { + if (!h_hapd->eap_cfg) { + wpa_printf(MSG_DEBUG, + "MLD: First BSS auth_serv does not exist. Init on its behalf"); + if (authsrv_init(h_hapd)) + return -1; + } + wpa_printf(MSG_DEBUG, "MLD: Using auth_serv of the first BSS"); #ifdef EAP_TLS_FUNCS - hapd->ssl_ctx = hostapd_mld_get_first_bss(hapd)->ssl_ctx; + hapd->ssl_ctx = h_hapd->ssl_ctx; #endif /* EAP_TLS_FUNCS */ - hapd->eap_cfg = hostapd_mld_get_first_bss(hapd)->eap_cfg; + hapd->eap_cfg = h_hapd->eap_cfg; #ifdef EAP_SIM_DB - hapd->eap_sim_db_priv = hostapd_mld_get_first_bss(hapd)->eap_sim_db_priv; + hapd->eap_sim_db_priv = h_hapd->eap_sim_db_priv; #endif /* EAP_SIM_DB */ return 0; } --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -1295,6 +1295,57 @@ static int hostapd_start_beacon(struct h return 0; } +#ifndef CONFIG_NO_RADIUS +static int hostapd_bss_radius_init(struct hostapd_data *hapd) +{ + struct hostapd_bss_config *conf; + + if (!hapd) + return -1; + + conf = hapd->conf; + + if (hapd->radius) { + wpa_printf(MSG_DEBUG, "Skipping RADIUS client init (already done)"); + return 0; + } + + hapd->radius = radius_client_init(hapd, conf->radius); + if (!hapd->radius) { + wpa_printf(MSG_ERROR, + "RADIUS client initialization failed."); + return -1; + } + + if (conf->radius_das_port) { + struct radius_das_conf das_conf; + + os_memset(&das_conf, 0, sizeof(das_conf)); + das_conf.port = conf->radius_das_port; + das_conf.nas_identifier = conf->nas_identifier; + das_conf.shared_secret = conf->radius_das_shared_secret; + das_conf.shared_secret_len = + conf->radius_das_shared_secret_len; + das_conf.client_addr = &conf->radius_das_client_addr; + das_conf.time_window = conf->radius_das_time_window; + das_conf.require_event_timestamp = + conf->radius_das_require_event_timestamp; + das_conf.require_message_authenticator = + conf->radius_das_require_message_authenticator; + das_conf.ctx = hapd; + das_conf.disconnect = hostapd_das_disconnect; + das_conf.coa = hostapd_das_coa; + hapd->radius_das = radius_das_init(&das_conf); + if (!hapd->radius_das) { + wpa_printf(MSG_ERROR, + "RADIUS DAS initialization failed."); + return -1; + } + } + + return 0; +} +#endif /* CONFIG_NO_RADIUS */ /** * hostapd_setup_bss - Per-BSS setup (initialization) @@ -1516,40 +1567,19 @@ setup_mld: #ifdef CONFIG_IEEE80211BE if (hostapd_mld_is_first_bss(hapd)) { #endif /* CONFIG_IEEE80211BE */ - hapd->radius = radius_client_init(hapd, conf->radius); - if (!hapd->radius) { - wpa_printf(MSG_ERROR, - "RADIUS client initialization failed."); + if (hostapd_bss_radius_init(hapd)) return -1; - } - - if (conf->radius_das_port) { - struct radius_das_conf das_conf; +#ifdef CONFIG_IEEE80211BE + } else { + h_hapd = hostapd_mld_get_first_bss(hapd); - os_memset(&das_conf, 0, sizeof(das_conf)); - das_conf.port = conf->radius_das_port; - das_conf.nas_identifier = conf->nas_identifier; - das_conf.shared_secret = conf->radius_das_shared_secret; - das_conf.shared_secret_len = - conf->radius_das_shared_secret_len; - das_conf.client_addr = &conf->radius_das_client_addr; - das_conf.time_window = conf->radius_das_time_window; - das_conf.require_event_timestamp = - conf->radius_das_require_event_timestamp; - das_conf.require_message_authenticator = - conf->radius_das_require_message_authenticator; - das_conf.ctx = hapd; - das_conf.disconnect = hostapd_das_disconnect; - das_conf.coa = hostapd_das_coa; - hapd->radius_das = radius_das_init(&das_conf); - if (!hapd->radius_das) { - wpa_printf(MSG_ERROR, - "RADIUS DAS initialization failed."); + if (!h_hapd->radius) { + wpa_printf(MSG_DEBUG, + "MLD: First BSS RADIUS client does not exist. nit on its behalf"); + if (hostapd_bss_radius_init(h_hapd)) return -1; - } } -#ifdef CONFIG_IEEE80211BE - } else { + wpa_printf(MSG_DEBUG, "MLD: Using RADIUS client of the first BSS"); hapd->radius = hostapd_mld_get_first_bss(hapd)->radius; @@ -2009,7 +2039,6 @@ static int setup_interface(struct hostap */ for (i = 1; i < iface->num_bss; i++) { iface->bss[i]->driver = hapd->driver; - iface->bss[i]->drv_priv = hapd->drv_priv; } if (hostapd_validate_bssid_configuration(iface)) --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -2541,11 +2541,20 @@ int ieee802_1x_init(struct hostapd_data struct eapol_auth_cb cb; #ifdef CONFIG_IEEE80211BE + struct hostapd_data *h_hapd = hostapd_mld_get_first_bss(hapd); + if (!hostapd_mld_is_first_bss(hapd)) { + if (!h_hapd->eapol_auth) { + wpa_printf(MSG_DEBUG, + "MLD: First BSS IEEE 802.1X state machine does not exist. Init on its behalf"); + if (ieee802_1x_init(h_hapd)) + return -1; + } + wpa_printf(MSG_DEBUG, "MLD: Using IEEE 802.1X state machine of the first BSS"); - hapd->eapol_auth = hostapd_mld_get_first_bss(hapd)->eapol_auth; + hapd->eapol_auth = h_hapd->eapol_auth; return 0; } #endif /* CONFIG_IEEE80211BE */