|
|
41389a |
From 175c8ec5f46fbe544eb71b80d83ed517a3c81ba4 Mon Sep 17 00:00:00 2001
|
|
|
41389a |
From: Beniamino Galvani <bgalvani@redhat.com>
|
|
|
41389a |
Date: Thu, 15 Feb 2018 11:50:01 +0100
|
|
|
41389a |
Subject: [PATCH] wpa_supplicant: Fix auth failure when the MAC is updated
|
|
|
41389a |
externally
|
|
|
41389a |
|
|
|
41389a |
When connecting to a WPA-EAP network and the MAC address is changed
|
|
|
41389a |
just before the association (for example by NetworkManager, which sets
|
|
|
41389a |
a random MAC during scans), the authentication sometimes fails in the
|
|
|
41389a |
following way ('####' logs added by me):
|
|
|
41389a |
|
|
|
41389a |
wpa_supplicant logs:
|
|
|
41389a |
wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
|
|
|
41389a |
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
|
|
|
41389a |
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
|
|
|
41389a |
RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
|
|
|
41389a |
wlan0: RSN: no matching PMKID found
|
|
|
41389a |
EAPOL: Successfully fetched key (len=32)
|
|
|
41389a |
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
|
|
|
41389a |
#### WPA: rsn_pmkid():
|
|
|
41389a |
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
|
|
|
41389a |
#### WPA: spa - hexdump(len=6): 66 20 cf ab 8c dc
|
|
|
41389a |
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
|
|
|
41389a |
#### WPA: computed PMKID - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
|
|
|
41389a |
RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
|
|
|
41389a |
nl80211: Delete PMKID for 02:00:00:00:01:00
|
|
|
41389a |
wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
|
|
|
41389a |
RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
|
|
|
41389a |
nl80211: Add PMKID for 02:00:00:00:01:00
|
|
|
41389a |
wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!
|
|
|
41389a |
|
|
|
41389a |
hostapd logs:
|
|
|
41389a |
WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
|
|
|
41389a |
WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
|
|
|
41389a |
wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
|
|
|
41389a |
#### WPA: rsn_pmkid():
|
|
|
41389a |
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
|
|
|
41389a |
#### WPA: spa - hexdump(len=6): 02 00 00 00 00 00
|
|
|
41389a |
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
|
|
|
41389a |
#### WPA: computed PMKID - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
|
|
|
41389a |
WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)
|
|
|
41389a |
|
|
|
41389a |
That's because wpa_supplicant computed the PMKID using the wrong (old)
|
|
|
41389a |
MAC address used during the scan. wpa_supplicant updates own_addr when
|
|
|
41389a |
the interface goes up, as the MAC can only change while the interface
|
|
|
41389a |
is down. However, drivers don't report all interface state changes:
|
|
|
41389a |
for example the nl80211 driver may ignore a down-up cycle if the down
|
|
|
41389a |
message is processed later, when the interface is already up. In such
|
|
|
41389a |
cases, wpa_supplicant (and in particular, the EAP state machine) would
|
|
|
41389a |
continue to use the old MAC.
|
|
|
41389a |
|
|
|
41389a |
Add a new driver event that notifies of MAC address changes while the
|
|
|
41389a |
interface is active.
|
|
|
41389a |
|
|
|
41389a |
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
|
|
|
41389a |
(cherry picked from commit 77a020a118168e05e7cc0d28a7bf661772e531af)
|
|
|
41389a |
---
|
|
|
41389a |
src/drivers/driver.h | 9 +++++++++
|
|
|
41389a |
src/drivers/driver_common.c | 1 +
|
|
|
41389a |
src/drivers/driver_nl80211.c | 11 +++++++----
|
|
|
41389a |
wpa_supplicant/events.c | 3 +++
|
|
|
41389a |
4 files changed, 20 insertions(+), 4 deletions(-)
|
|
|
41389a |
|
|
|
41389a |
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
|
|
|
41389a |
index df996dc21..f8d556133 100644
|
|
|
41389a |
--- a/src/drivers/driver.h
|
|
|
41389a |
+++ b/src/drivers/driver.h
|
|
|
41389a |
@@ -4106,6 +4106,15 @@ enum wpa_event_type {
|
|
|
41389a |
* EVENT_P2P_LO_STOP - Notify that P2P listen offload is stopped
|
|
|
41389a |
*/
|
|
|
41389a |
EVENT_P2P_LO_STOP,
|
|
|
41389a |
+
|
|
|
41389a |
+ /**
|
|
|
41389a |
+ * EVENT_INTERFACE_MAC_CHANGED - Notify that interface MAC changed
|
|
|
41389a |
+ *
|
|
|
41389a |
+ * This event is emitted when the MAC changes while the interface is
|
|
|
41389a |
+ * enabled. When an interface was disabled and becomes enabled, it
|
|
|
41389a |
+ * must be always assumed that the MAC possibly changed.
|
|
|
41389a |
+ */
|
|
|
41389a |
+ EVENT_INTERFACE_MAC_CHANGED,
|
|
|
41389a |
};
|
|
|
41389a |
|
|
|
41389a |
|
|
|
41389a |
diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c
|
|
|
41389a |
index c7107ba89..bdddc0a48 100644
|
|
|
41389a |
--- a/src/drivers/driver_common.c
|
|
|
41389a |
+++ b/src/drivers/driver_common.c
|
|
|
41389a |
@@ -81,6 +81,7 @@ const char * event_to_string(enum wpa_event_type event)
|
|
|
41389a |
E2S(ACS_CHANNEL_SELECTED);
|
|
|
41389a |
E2S(DFS_CAC_STARTED);
|
|
|
41389a |
E2S(P2P_LO_STOP);
|
|
|
41389a |
+ E2S(INTERFACE_MAC_CHANGED);
|
|
|
41389a |
}
|
|
|
41389a |
|
|
|
41389a |
return "UNKNOWN";
|
|
|
41389a |
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
|
|
|
41389a |
index f7f3cfebc..d4a879836 100644
|
|
|
41389a |
--- a/src/drivers/driver_nl80211.c
|
|
|
41389a |
+++ b/src/drivers/driver_nl80211.c
|
|
|
41389a |
@@ -923,7 +923,7 @@ nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
|
|
|
41389a |
|
|
|
41389a |
|
|
|
41389a |
static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv,
|
|
|
41389a |
- int ifindex)
|
|
|
41389a |
+ int ifindex, int notify)
|
|
|
41389a |
{
|
|
|
41389a |
struct i802_bss *bss;
|
|
|
41389a |
u8 addr[ETH_ALEN];
|
|
|
41389a |
@@ -942,6 +942,9 @@ static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv,
|
|
|
41389a |
ifindex, bss->ifname,
|
|
|
41389a |
MAC2STR(bss->addr), MAC2STR(addr));
|
|
|
41389a |
os_memcpy(bss->addr, addr, ETH_ALEN);
|
|
|
41389a |
+ if (notify)
|
|
|
41389a |
+ wpa_supplicant_event(drv->ctx,
|
|
|
41389a |
+ EVENT_INTERFACE_MAC_CHANGED, NULL);
|
|
|
41389a |
}
|
|
|
41389a |
}
|
|
|
41389a |
|
|
|
41389a |
@@ -1010,11 +1013,11 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
|
|
|
41389a |
namebuf[0] = '\0';
|
|
|
41389a |
if (if_indextoname(ifi->ifi_index, namebuf) &&
|
|
|
41389a |
linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) {
|
|
|
41389a |
- /* Re-read MAC address as it may have changed */
|
|
|
41389a |
- nl80211_refresh_mac(drv, ifi->ifi_index);
|
|
|
41389a |
wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
|
|
|
41389a |
"event since interface %s is up", namebuf);
|
|
|
41389a |
drv->ignore_if_down_event = 0;
|
|
|
41389a |
+ /* Re-read MAC address as it may have changed */
|
|
|
41389a |
+ nl80211_refresh_mac(drv, ifi->ifi_index, 1);
|
|
|
41389a |
return;
|
|
|
41389a |
}
|
|
|
41389a |
wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)",
|
|
|
41389a |
@@ -1060,7 +1063,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
|
|
|
41389a |
"removed", drv->first_bss->ifname);
|
|
|
41389a |
} else {
|
|
|
41389a |
/* Re-read MAC address as it may have changed */
|
|
|
41389a |
- nl80211_refresh_mac(drv, ifi->ifi_index);
|
|
|
41389a |
+ nl80211_refresh_mac(drv, ifi->ifi_index, 0);
|
|
|
41389a |
|
|
|
41389a |
wpa_printf(MSG_DEBUG, "nl80211: Interface up");
|
|
|
41389a |
drv->if_disabled = 0;
|
|
|
41389a |
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
|
|
|
41389a |
index 4dc044c2b..6eb35104c 100644
|
|
|
41389a |
--- a/wpa_supplicant/events.c
|
|
|
41389a |
+++ b/wpa_supplicant/events.c
|
|
|
41389a |
@@ -3927,6 +3927,9 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
|
|
41389a |
data->signal_change.current_noise,
|
|
|
41389a |
data->signal_change.current_txrate);
|
|
|
41389a |
break;
|
|
|
41389a |
+ case EVENT_INTERFACE_MAC_CHANGED:
|
|
|
41389a |
+ wpa_supplicant_update_mac_addr(wpa_s);
|
|
|
41389a |
+ break;
|
|
|
41389a |
case EVENT_INTERFACE_ENABLED:
|
|
|
41389a |
wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled");
|
|
|
41389a |
if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
|
|
|
41389a |
--
|
|
|
41389a |
2.14.3
|
|
|
41389a |
|