From a86da0bd1e33f772af9c4c91bdd6c7cf1379e470 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 4 May 2026 07:58:40 +0000 Subject: [PATCH] hostapd: emit ubus key-mismatch event for SAE confirm failures Surface SAE confirm mismatches (wrong password) through the same key-mismatch ubus notification that is already used for PSK failures, so consumers can react uniformly regardless of the authentication method. Signed-off-by: Felix Fietkau --- .../hostapd/patches/600-ubus_support.patch | 26 ++++++++++++------- .../hostapd/patches/601-ucode_support.patch | 2 +- ...ment-APuP-Access-Point-Micro-Peering.patch | 6 ++--- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index 675993b433..290f2e8e4a 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -195,7 +195,15 @@ probe/assoc/auth requests via object subscribe. struct hostapd_iface * hostapd_alloc_iface(void); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -4077,7 +4077,7 @@ static void handle_auth(struct hostapd_d +@@ -2026,6 +2026,7 @@ static void handle_auth_sae(struct hosta + + if (sae_check_confirm(sta->sae, var, var_len, + NULL) < 0) { ++ hostapd_ubus_notify(hapd, "key-mismatch", sta->addr); + if (sae_password_track_fail(hapd, sta)) { + wpa_printf(MSG_DEBUG, + "SAE: Reject mismatching Confirm so that another password can be attempted by " +@@ -4077,7 +4078,7 @@ static void handle_auth(struct hostapd_d u16 auth_alg, auth_transaction, status_code; u16 resp = WLAN_STATUS_SUCCESS; struct sta_info *sta = NULL; @@ -204,7 +212,7 @@ probe/assoc/auth requests via object subscribe. u16 fc; const u8 *challenge = NULL; u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; -@@ -4116,6 +4116,11 @@ static void handle_auth(struct hostapd_d +@@ -4116,6 +4117,11 @@ static void handle_auth(struct hostapd_d else sa = mgmt->sa; #endif /* CONFIG_IEEE80211BE */ @@ -216,7 +224,7 @@ probe/assoc/auth requests via object subscribe. auth_alg = le_to_host16(mgmt->u.auth.auth_alg); auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); -@@ -4306,6 +4311,13 @@ static void handle_auth(struct hostapd_d +@@ -4306,6 +4312,13 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -230,7 +238,7 @@ probe/assoc/auth requests via object subscribe. if (res == HOSTAPD_ACL_PENDING) return; -@@ -6999,7 +7011,7 @@ static void handle_assoc(struct hostapd_ +@@ -6999,7 +7012,7 @@ static void handle_assoc(struct hostapd_ int resp = WLAN_STATUS_SUCCESS; u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE; const u8 *pos; @@ -239,7 +247,7 @@ probe/assoc/auth requests via object subscribe. struct sta_info *sta; u8 *tmp = NULL; #ifdef CONFIG_FILS -@@ -7255,6 +7267,11 @@ static void handle_assoc(struct hostapd_ +@@ -7255,6 +7268,11 @@ static void handle_assoc(struct hostapd_ left = res; } #endif /* CONFIG_FILS */ @@ -251,7 +259,7 @@ probe/assoc/auth requests via object subscribe. /* followed by SSID and Supported rates; and HT capabilities if 802.11n * is used */ -@@ -7347,6 +7364,7 @@ static void handle_assoc(struct hostapd_ +@@ -7347,6 +7365,7 @@ static void handle_assoc(struct hostapd_ #ifdef CONFIG_TAXONOMY taxonomy_sta_info_assoc_req(hapd, sta, pos, left); @@ -259,7 +267,7 @@ probe/assoc/auth requests via object subscribe. #endif /* CONFIG_TAXONOMY */ sta->pending_wds_enable = 0; -@@ -7360,6 +7378,13 @@ static void handle_assoc(struct hostapd_ +@@ -7360,6 +7379,13 @@ static void handle_assoc(struct hostapd_ } #endif /* CONFIG_FILS */ @@ -273,7 +281,7 @@ probe/assoc/auth requests via object subscribe. fail: /* -@@ -7598,6 +7623,7 @@ static void handle_disassoc(struct hosta +@@ -7598,6 +7624,7 @@ static void handle_disassoc(struct hosta (unsigned long) len); return; } @@ -281,7 +289,7 @@ probe/assoc/auth requests via object subscribe. sta = ap_get_sta(hapd, mgmt->sa); if (!sta) { -@@ -7629,6 +7655,8 @@ static void handle_deauth(struct hostapd +@@ -7629,6 +7656,8 @@ static void handle_deauth(struct hostapd /* Clear the PTKSA cache entries for PASN */ ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE); diff --git a/package/network/services/hostapd/patches/601-ucode_support.patch b/package/network/services/hostapd/patches/601-ucode_support.patch index 7a8c7b898b..ab68d70eb0 100644 --- a/package/network/services/hostapd/patches/601-ucode_support.patch +++ b/package/network/services/hostapd/patches/601-ucode_support.patch @@ -494,7 +494,7 @@ as adding/removing interfaces. } } -@@ -4466,6 +4489,12 @@ static void handle_auth(struct hostapd_d +@@ -4467,6 +4490,12 @@ static void handle_auth(struct hostapd_d goto fail; } diff --git a/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch b/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch index ae548c54e8..d0f4d8ffaf 100644 --- a/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch +++ b/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch @@ -373,7 +373,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 #ifdef CONFIG_FILS static struct wpabuf * -@@ -4868,8 +4871,8 @@ static u16 check_multi_ap(struct hostapd +@@ -4869,8 +4872,8 @@ static u16 check_multi_ap(struct hostapd } @@ -384,7 +384,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 { /* Supported rates not used in IEEE 802.11ad/DMG */ if (hapd->iface->current_mode && -@@ -5337,7 +5340,7 @@ static int __check_assoc_ies(struct host +@@ -5338,7 +5341,7 @@ static int __check_assoc_ies(struct host elems->ext_capab_len); if (resp != WLAN_STATUS_SUCCESS) goto out; @@ -393,7 +393,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 if (resp != WLAN_STATUS_SUCCESS) goto out; -@@ -7719,6 +7722,11 @@ static void handle_beacon(struct hostapd +@@ -7720,6 +7723,11 @@ static void handle_beacon(struct hostapd 0); ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);