hostapd: fix sta psk index for dynamic psk auth

Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs

Fixes: b2a2c286170d ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/network/services/hostapd/patches/601-ucode_support.patch b/package/network/services/hostapd/patches/601-ucode_support.patch
index 1e1f399765b21126a403d66bc14cef86f187a309..cd713ea286a49424124de202aad3c7e47e5019e0 100644 (file)
--- a/package/network/services/hostapd/patches/601-ucode_support.patch
+++ b/package/network/services/hostapd/patches/601-ucode_support.patch
@@ -816,7 +816,7 @@ as adding/removing interfaces.
        if (vlan_id)
                *vlan_id = 0;
        if (psk_len)
-@@ -449,13 +450,16 @@ static const u8 * hostapd_wpa_auth_get_p
+@@ -449,13 +450,18 @@ static const u8 * hostapd_wpa_auth_get_p
         * returned psk which should not be returned again.
         * logic list (all hostapd_get_psk; all sta->psk)
         */
@@ -830,16 +830,23 @@ as adding/removing interfaces.
                        *vlan_id = 0;
                psk = sta->psk->psk;
 -              for (pos = sta->psk; pos; pos = pos->next) {
++              if (vlan_id)
++                      sta->psk_idx = psk_idx;
 +              for (pos = sta->psk; pos; pos = pos->next, psk_idx++) {
                        if (pos->is_passphrase) {
                                if (pbkdf2_sha1(pos->passphrase,
                                                hapd->conf->ssid.ssid,
-@@ -472,6 +476,8 @@ static const u8 * hostapd_wpa_auth_get_p
+@@ -469,9 +475,13 @@ static const u8 * hostapd_wpa_auth_get_p
+                       }
+                       if (pos->psk == prev_psk) {
+                               psk = pos->next ? pos->next->psk : NULL;
++                              if (vlan_id)
++                                      sta->psk_idx = psk_idx + 1;
                                break;
                        }
                }
-+              if (psk)
-+                      sta->psk_idx = psk_idx;
++              if (vlan_id && !psk)
++                      sta->psk_idx = 0;
        }
        return psk;
  }

diff --git a/package/network/services/hostapd/patches/730-ft_iface.patch b/package/network/services/hostapd/patches/730-ft_iface.patch
index 728411bb60908e5bf75fb6474ddedb509c43ccaa..4226a59d6657761ec444dbcc9c567f8f64c78dde 100644 (file)
--- a/package/network/services/hostapd/patches/730-ft_iface.patch
+++ b/package/network/services/hostapd/patches/730-ft_iface.patch
@@ -29,7 +29,7 @@ a VLAN interface on top of the bridge, instead of using the bridge directly
        int bridge_hairpin; /* hairpin_mode on bridge members */
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -1825,8 +1825,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1829,8 +1829,12 @@ int hostapd_setup_wpa(struct hostapd_dat
            wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
                const char *ft_iface;