hostapd: add ubus notification on sta authorized

Also include the station auth_type in the ubus and log message in order
to detect, if clients used FT or FILS to associate

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index 7c6c5e38144215655018704d832c475a83a8208d..521e7df82e2b971dd438cdbc3c4b8df22a5892fd 100644 (file)
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -250,8 +250,62 @@
                ap_free_sta(hapd, sta);
                break;
        }
-@@ -1329,6 +1331,7 @@ void ap_sta_set_authorized(struct hostap
-                                         buf, ip_addr, keyid_buf);
+@@ -1298,12 +1300,25 @@ void ap_sta_set_authorized(struct hostap
+                                       sta->addr, authorized, dev_addr);
+ 
+       if (authorized) {
++              static const char * const auth_algs[] = {
++                      [WLAN_AUTH_OPEN] = "open",
++                      [WLAN_AUTH_SHARED_KEY] = "shared",
++                      [WLAN_AUTH_FT] = "ft",
++                      [WLAN_AUTH_SAE] = "sae",
++                      [WLAN_AUTH_FILS_SK] = "fils-sk",
++                      [WLAN_AUTH_FILS_SK_PFS] = "fils-sk-pfs",
++                      [WLAN_AUTH_FILS_PK] = "fils-pk",
++                      [WLAN_AUTH_PASN] = "pasn",
++              };
++              const char *auth_alg = NULL;
+               const char *keyid;
+               char keyid_buf[100];
+               char ip_addr[100];
++              char alg_buf[100];
+ 
+               keyid_buf[0] = '\0';
+               ip_addr[0] = '\0';
++              alg_buf[0] = '\0';
+ #ifdef CONFIG_P2P
+               if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
+                       os_snprintf(ip_addr, sizeof(ip_addr),
+@@ -1313,22 +1328,31 @@ void ap_sta_set_authorized(struct hostap
+               }
+ #endif /* CONFIG_P2P */
+ 
++              if (sta->auth_alg < ARRAY_SIZE(auth_algs))
++                      auth_alg = auth_algs[sta->auth_alg];
++
++              if (auth_alg)
++                      os_snprintf(alg_buf, sizeof(alg_buf),
++                                  " auth_alg=%s", auth_alg);
++
+               keyid = ap_sta_wpa_get_keyid(hapd, sta);
+               if (keyid) {
+                       os_snprintf(keyid_buf, sizeof(keyid_buf),
+                                   " keyid=%s", keyid);
+               }
+ 
+-              wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
+-                      buf, ip_addr, keyid_buf);
++              hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
++              wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
++                      buf, ip_addr, keyid_buf, alg_buf);
+ 
+               if (hapd->msg_ctx_parent &&
+                   hapd->msg_ctx_parent != hapd->msg_ctx)
+                       wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
+-                                        AP_STA_CONNECTED "%s%s%s",
+-                                        buf, ip_addr, keyid_buf);
++                                        AP_STA_CONNECTED "%s%s%s%s",
++                                        buf, ip_addr, keyid_buf, alg_buf);
        } else {
                wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
 +              hostapd_ubus_notify(hapd, "disassoc", sta->addr);

diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c
index 622eab8838acc3c4bbce0064e8d0fa237efa412f..85281f4197e5d6207cf3aac1bbeec54bb30f8933 100644 (file)
--- a/package/network/services/hostapd/src/src/ap/ubus.c
+++ b/package/network/services/hostapd/src/src/ap/ubus.c
@@ -1983,6 +1983,20 @@ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *
        ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
 }
 
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+                                   const char *auth_alg)
+{
+       if (!hapd->ubus.obj.has_subscribers)
+               return;
+
+       blob_buf_init(&b, 0);
+       blobmsg_add_macaddr(&b, "address", sta->addr);
+       if (auth_alg)
+               blobmsg_add_string(&b, "auth-alg", auth_alg);
+
+       ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1);
+}
+
 void hostapd_ubus_notify_beacon_report(
        struct hostapd_data *hapd, const u8 *addr, u8 token, u8 rep_mode,
        struct rrm_measurement_beacon_report *rep, size_t len)

diff --git a/package/network/services/hostapd/src/src/ap/ubus.h b/package/network/services/hostapd/src/src/ap/ubus.h
index 5a33b624d0873803efd9111c55d387bd4b83c930..b0f7c44ab5f49a576bc004a4aa4dffa8d94ad848 100644 (file)
--- a/package/network/services/hostapd/src/src/ap/ubus.h
+++ b/package/network/services/hostapd/src/src/ap/ubus.h
@@ -65,6 +65,8 @@ void hostapd_ubus_free(struct hapd_interfaces *interfaces);
 int hostapd_ubus_notify_bss_transition_query(
        struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
        const u8 *candidate_list, u16 candidate_list_len);
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+                                   const char *auth_alg);
 
 #else
 
@@ -140,6 +142,13 @@ static inline int hostapd_ubus_notify_bss_transition_query(
 {
        return 0;
 }
+
+static inline void
+hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+                              const char *auth_alg)
+{
+}
+
 #endif
 
 #endif