Hi Peter,
Hi Jouni,
Hi Masashi,
while testing I realized that in order to get mesh-mode work with only
sae_password set, I needed to make changes as shown below. It's not a
bug introduced by your code because you only refactored it. Should it
be fixed before or after your series was applied?
On Thu, Apr 12, 2018 at 02:48:59AM -0700, peter.oh@xxxxxxxxxxxxxxxxx wrote:
From: Peter Oh <peter.oh@xxxxxxxxxxxxxxxxx>
RSN initialization can be used in different phases
if mesh initialization and mesh join don't happen
in sequence such as DFS CAC is done in between,
hence factor it out to help convering the case.
Signed-off-by: Peter Oh <peter.oh@xxxxxxxxxxxxxxxxx>
---
wpa_supplicant/mesh.c | 73 +++++++++++++++++++++++++++++++--------------------
wpa_supplicant/mesh.h | 1 +
2 files changed, 45 insertions(+), 29 deletions(-)
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index f2f417dca..8e0d5ebff 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -147,6 +147,48 @@ static void wpas_mesh_copy_groups(struct hostapd_data *bss,
groups_size);
}
+int wpas_mesh_init_rsn(struct wpa_supplicant *wpa_s)
+{
+ struct hostapd_iface *ifmsh = wpa_s->ifmsh;
+ struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
+ struct wpa_ssid *ssid = wpa_s->current_ssid;
+ struct hostapd_data *bss = ifmsh->bss[0];
+ static int default_groups[] = { 19, 20, 21, 25, 26, -1 };
+ size_t len;
+
+ if (mconf->security != MESH_CONF_SEC_NONE) {
+ if (ssid->passphrase == NULL) {
sae_password has to be handled here...
+ wpa_printf(MSG_ERROR,
+ "mesh: Passphrase for SAE not configured");
+ return -1;
+ }
+
+ bss->conf->wpa = ssid->proto;
+ bss->conf->wpa_key_mgmt = ssid->key_mgmt;
+
+ if (wpa_s->conf->sae_groups &&
+ wpa_s->conf->sae_groups[0] > 0) {
+ wpas_mesh_copy_groups(bss, wpa_s);
+ } else {
+ bss->conf->sae_groups =
+ os_memdup(default_groups,
+ sizeof(default_groups));
+ if (!bss->conf->sae_groups)
+ return -1;
+ }
+
+ len = os_strlen(ssid->passphrase);
and here
+ bss->conf->ssid.wpa_passphrase =
+ dup_binstr(ssid->passphrase, len);
as well.
+
+ wpa_s->mesh_rsn = mesh_rsn_auth_init(wpa_s, mconf);
+ if (!wpa_s->mesh_rsn)
+ return -1;
+ }
+
+ return 0;
+}
+
Hence, once your series is applied, I reckon we should add this on top:
From 30c1693f42326d4f927e76120492bc9593b8f739 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@xxxxxxxxxxxxxx>
Date: Fri, 13 Apr 2018 00:42:10 +0200
Subject: [PATCH] mesh: properly handle sae_password
The recently introduced sae_password parameter is only handled properly
in wpa_supplicant/sme.c while wpa_supplicant/mesh.c assumed that
ssid->passphrase exclusively holds the secret.
Import the logic from sme.c to mesh.c to allow having only sae_password
set which otherwise throws this error:
AP-ENABLED
mesh: Passphrase for SAE not configured
Init RSN failed. Deinit mesh...
wlan1: interface state ENABLED->DISABLED
AP-DISABLED
Segmentation fault
Signed-off-by: Daniel Golle <daniel@xxxxxxxxxxxxxx>
---
wpa_supplicant/mesh.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 22dec4822..0bf87245d 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -154,10 +154,14 @@ int wpas_mesh_init_rsn(struct wpa_supplicant *wpa_s)
struct wpa_ssid *ssid = wpa_s->current_ssid;
struct hostapd_data *bss = ifmsh->bss[0];
static int default_groups[] = { 19, 20, 21, 25, 26, -1 };
+ const char *password;
size_t len;
if (mconf->security != MESH_CONF_SEC_NONE) {
- if (ssid->passphrase == NULL) {
+ password = ssid->sae_password;
+ if (!password)
+ password = ssid->passphrase;
+ if (!password) {
wpa_printf(MSG_ERROR,
"mesh: Passphrase for SAE not configured");
return -1;
@@ -177,9 +181,9 @@ int wpas_mesh_init_rsn(struct wpa_supplicant *wpa_s)
return -1;
}
- len = os_strlen(ssid->passphrase);
+ len = os_strlen(password);
bss->conf->ssid.wpa_passphrase =
- dup_binstr(ssid->passphrase, len);
+ dup_binstr(password, len);
wpa_s->mesh_rsn = mesh_rsn_auth_init(wpa_s, mconf);
if (!wpa_s->mesh_rsn)
