diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 4336b67e..a876ab22 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2192,6 +2192,12 @@ static int hostapd_config_fill(struct hostapd_config *conf, fclose(f); conf->mana_credout = tmp2; wpa_printf(MSG_INFO, "MANA: Captured credentials will be written to. File %s set.",conf->mana_credout); + } else if (os_strcmp(buf, "mana_eapsuccess") == 0) { + int val = atoi(pos); + conf->mana_eapsuccess = (val != 0); + if (conf->mana_eapsuccess) { + wpa_printf(MSG_DEBUG, "MANA: EAP success mode enabled"); + } // MANA END } else if (os_strcmp(buf, "dump_file") == 0) { wpa_printf(MSG_INFO, "Line %d: DEPRECATED: 'dump_file' configuration variable is not used anymore", @@ -3712,6 +3718,7 @@ struct hostapd_config * hostapd_config_read(const char *fname) conf->mana_ssid_filter_file = "NOT_SET"; //default none conf->mana_wpe = 0; //default off; 1 - dump credentials captured during EAP exchanges 0 - function as normal conf->mana_credout = "NOT_SET"; //default non + conf->mana_eapsuccess = 0; //default off; 1 - allow clients to connect even with incorrect creds 0 - function as normal // MANA END while (fgets(buf, sizeof(buf), f)) { diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index 0d1913a9..9864078a 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -149,6 +149,12 @@ static int hostapd_ctrl_iface_mana_get_wpemode (struct hostapd_data *hapd) return hapd->iconf->mana_wpe; } +static int hostapd_ctrl_iface_mana_get_eapsuccessmode (struct hostapd_data *hapd) +{ + wpa_printf(MSG_DEBUG, "MANA CTRL_IFACE EAPSUCCESS MODE STATUS QUERY"); + return hapd->iconf->mana_eapsuccess; +} + static int hostapd_ctrl_iface_mana_change_ssid (struct hostapd_data *hapd, const char *ssid) { wpa_printf(MSG_DEBUG, "MANA CTRL_IFACE CHANGE SSID %s", ssid); @@ -212,6 +218,18 @@ static int hostapd_ctrl_iface_mana_wpe_enable_disable (struct hostapd_data *hapd return 0; } + +static int hostapd_ctrl_iface_mana_eapsuccess_enable_disable (struct hostapd_data *hapd, int status) +{ + if (status) { + wpa_printf(MSG_DEBUG, "MANA CTRL_IFACE EAPSUCCESS MODE ENABLED"); + } else { + wpa_printf(MSG_DEBUG, "MANA CTRL_IFACE EAPSUCCESS MODE DISABLED"); + } + hapd->iconf->mana_eapsuccess = status; + + return 0; +} // MANA END #ifdef CONFIG_IEEE80211W @@ -2638,38 +2656,6 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, reply_len = hostapd_ctrl_driver_flags(hapd->iface, reply, reply_size); // MANA - } else if (os_strcmp(buf, "MANA_STATE") == 0) { - if (hostapd_ctrl_iface_mana_get_state(hapd)) { - os_memcpy(reply, "MANA ENABLED\n", 14); - reply_len = 14; - } else { - os_memcpy(reply, "MANA DISABLED\n", 15); - reply_len = 15; - } - } else if (os_strcmp(buf, "MANA_MODE") == 0) { - if (hostapd_ctrl_iface_mana_get_mode(hapd)) { - os_memcpy(reply, "MANA LOUD MODE ENABLED\n", 23); - reply_len = 23; - } else { - os_memcpy(reply, "MANA LOUD MODE DISABLED\n", 24); - reply_len = 24; - } - } else if (os_strcmp(buf, "MANA_ACLMODE") == 0) { - if (hostapd_ctrl_iface_mana_get_aclmode(hapd)) { - os_memcpy(reply, "MANA ACL MODE ENABLED\n", 22); - reply_len = 22; - } else { - os_memcpy(reply, "MANA ACL MODE DISABLED\n", 23); - reply_len = 23; - } - } else if (os_strcmp(buf, "WPE_MODE") == 0) { - if (hostapd_ctrl_iface_mana_get_wpemode(hapd)) { - os_memcpy(reply, "MANA WPE MODE ENABLED\n", 22); - reply_len = 22; - } else { - os_memcpy(reply, "MANA WPE MODE DISABLED\n", 23); - reply_len = 23; - } } else if (os_strcmp(buf, "MANA_GET_SSID") == 0) { wpa_printf(MSG_DEBUG, "MANA CTRL_IFACE GET SSID"); size_t len; @@ -2692,24 +2678,70 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, } else if (os_strcmp(buf, "MANA_ENABLE") == 0) { if (hostapd_ctrl_iface_mana_enable_disable(hapd, 1)) reply_len = -1; + } else if (os_strcmp(buf, "MANA_STATE") == 0) { + if (hostapd_ctrl_iface_mana_get_state(hapd)) { + os_memcpy(reply, "MANA ENABLED\n", 14); + reply_len = 14; + } else { + os_memcpy(reply, "MANA DISABLED\n", 15); + reply_len = 15; + } } else if (os_strcmp(buf, "LOUD_ENABLE") == 0) { if (hostapd_ctrl_iface_mana_loud_enable_disable(hapd, 1)) reply_len = -1; } else if (os_strcmp(buf, "LOUD_DISABLE") == 0) { if (hostapd_ctrl_iface_mana_loud_enable_disable(hapd, 0)) reply_len = -1; + } else if (os_strcmp(buf, "MANA_MODE") == 0) { + if (hostapd_ctrl_iface_mana_get_mode(hapd)) { + os_memcpy(reply, "MANA LOUD MODE ENABLED\n", 23); + reply_len = 23; + } else { + os_memcpy(reply, "MANA LOUD MODE DISABLED\n", 24); + reply_len = 24; + } } else if (os_strcmp(buf, "MANAACL_ENABLE") == 0) { if (hostapd_ctrl_iface_mana_macacl_enable_disable(hapd, 1)) reply_len = -1; } else if (os_strcmp(buf, "MANAACL_DISABLE") == 0) { if (hostapd_ctrl_iface_mana_macacl_enable_disable(hapd, 0)) reply_len = -1; + } else if (os_strcmp(buf, "MANA_ACLMODE") == 0) { + if (hostapd_ctrl_iface_mana_get_aclmode(hapd)) { + os_memcpy(reply, "MANA ACL MODE ENABLED\n", 22); + reply_len = 22; + } else { + os_memcpy(reply, "MANA ACL MODE DISABLED\n", 23); + reply_len = 23; + } } else if (os_strcmp(buf, "WPE_ENABLE") == 0) { if (hostapd_ctrl_iface_mana_wpe_enable_disable(hapd, 1)) reply_len = -1; } else if (os_strcmp(buf, "WPE_DISABLE") == 0) { if (hostapd_ctrl_iface_mana_wpe_enable_disable(hapd, 0)) reply_len = -1; + } else if (os_strcmp(buf, "WPE_MODE") == 0) { + if (hostapd_ctrl_iface_mana_get_wpemode(hapd)) { + os_memcpy(reply, "MANA WPE MODE ENABLED\n", 22); + reply_len = 22; + } else { + os_memcpy(reply, "MANA WPE MODE DISABLED\n", 23); + reply_len = 23; + } + } else if (os_strcmp(buf, "EAPSUCCESS_ENABLE") == 0) { + if (hostapd_ctrl_iface_mana_eapsuccess_enable_disable(hapd, 1)) + reply_len = -1; + } else if (os_strcmp(buf, "EAPSUCCESS_DISABLE") == 0) { + if (hostapd_ctrl_iface_mana_eapsuccess_enable_disable(hapd, 0)) + reply_len = -1; + } else if (os_strcmp(buf, "EAPSUCCESS_MODE") == 0) { + if (hostapd_ctrl_iface_mana_get_eapsuccessmode(hapd)) { + os_memcpy(reply, "MANA EAPSUCCESS MODE ENABLED\n", 29); + reply_len = 29; + } else { + os_memcpy(reply, "MANA EAPSUCCESS MODE DISABLED\n", 30); + reply_len = 30; + } // END MANA } else { os_memcpy(reply, "UNKNOWN COMMAND\n", 16); diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index fe881478..86f9065c 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -52,6 +52,12 @@ mana_macacl=0 # from the cracking string by a tab if you'd like to grep & cut. #mana_credout=hostapd.credout +# Enabled EAP Success mode (from WPE) +# Allow clients to connect with incorrect credentials +# Most often, when rogue AP'ing you won't have the clients creds +# But still want a shot at collecting them via MitM +#mana_eapsuccess=1 + ##### hostapd configuration file ############################################## # Empty lines and lines starting with # are ignored diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c index 06d61f77..e22c4be3 100644 --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c @@ -393,7 +393,7 @@ static int hostapd_cli_cmd_mana_macacl_enable(struct wpa_ctrl *ctrl, int argc, c } static int hostapd_cli_cmd_mana_get_aclmode(struct wpa_ctrl *ctrl, int argc, char *argv[]) { - return wpa_ctrl_command(ctrl, "MANA_ACLMODE"); + return wpa_ctrl_command(ctrl, "MANAACL_MODE"); } static int hostapd_cli_cmd_mana_wpe_disable(struct wpa_ctrl *ctrl, int argc, char *argv[]) { @@ -407,6 +407,18 @@ static int hostapd_cli_cmd_mana_get_wpemode(struct wpa_ctrl *ctrl, int argc, cha { return wpa_ctrl_command(ctrl, "WPE_MODE"); } +static int hostapd_cli_cmd_mana_eapsuccess_disable(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + return wpa_ctrl_command(ctrl, "EAPSUCCESS_DISABLE"); +} +static int hostapd_cli_cmd_mana_eapsuccess_enable(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + return wpa_ctrl_command(ctrl, "EAPSUCCESS_ENABLE"); +} +static int hostapd_cli_cmd_mana_get_eapsuccess(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + return wpa_ctrl_command(ctrl, "EAPSUCCESS_STATE"); +} // END MANA @@ -1453,6 +1465,9 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = { { "mana_wpe_off", hostapd_cli_cmd_mana_wpe_disable, NULL, "= disable mana's wpe mode" }, { "mana_wpe_on", hostapd_cli_cmd_mana_wpe_enable, NULL, "= enable mana's wpe mode" }, { "mana_wpe_state", hostapd_cli_cmd_mana_get_wpemode, NULL, "= check mana's wpe mode" }, + { "mana_eapsuccess_off", hostapd_cli_cmd_mana_eapsuccess_disable, NULL, "= disable mana's eapsuccess mode" }, + { "mana_eapsuccess_on", hostapd_cli_cmd_mana_eapsuccess_enable, NULL, "= enable mana's eapsuccess mode" }, + { "mana_eapsuccess_state", hostapd_cli_cmd_mana_get_eapsuccess, NULL, "= check mana's eapsuccess mode" }, // END MANA { NULL, NULL, NULL, NULL } diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 1fbac7b8..52092ebc 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -620,6 +620,7 @@ struct hostapd_config { char * mana_ssid_filter_file; int mana_wpe; char * mana_credout; + int mana_eapsuccess; // MANA END u16 beacon_int; diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c index 1594aa50..0de1feb6 100644 --- a/src/eap_server/eap_server.c +++ b/src/eap_server/eap_server.c @@ -164,29 +164,21 @@ int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len, int phase2) { struct eap_user *user; - struct eap_user *user2; char ident = 't'; wpa_printf(MSG_INFO, "MANA EAP Identity Phase %d: %.*s", phase2, (int)identity_len, identity); if (sm == NULL || sm->eapol_cb == NULL || - sm->eapol_cb->get_eap_user == NULL) { + sm->eapol_cb->get_eap_user == NULL) return -1; - } eap_user_free(sm->user); sm->user = NULL; + user = os_zalloc(sizeof(*user)); - if (user == NULL) { + if (user == NULL) return -1; - } - user2 = os_zalloc(sizeof(*user2)); - if (user2 == NULL) { - return -1; - } - if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity, identity_len, phase2, user2) != 0) { - user2 = NULL; - } + if(phase2) { identity = (const u8 *)&ident; identity_len = 1; @@ -196,15 +188,10 @@ int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len, eap_user_free(user); return -1; } - if (user2 != NULL) { - user->password = user2->password; - user->password_len = user2->password_len; - } sm->user = user; sm->user_eap_method_index = 0; - return 0; } diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c index 37a228d0..476370a8 100644 --- a/src/eap_server/eap_server_mschapv2.c +++ b/src/eap_server/eap_server_mschapv2.c @@ -410,7 +410,11 @@ static void eap_mschapv2_process_response(struct eap_sm *sm, return; } - os_memcpy(expected, nt_response, 24); //MANA set challenges to match + //MANA Start + if (mana.conf->mana_eapsuccess) { + os_memcpy(expected, nt_response, 24); //MANA set challenges to match + } + //MANA End if (os_memcmp_const(nt_response, expected, 24) == 0) { const u8 *pw_hash; u8 pw_hash_buf[16], pw_hash_hash[16]; @@ -451,7 +455,9 @@ static void eap_mschapv2_process_response(struct eap_sm *sm, wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Invalid NT-Response"); data->state = FAILURE_REQ; } - data->state = SUCCESS; //MANA WPE + if (mana.conf->mana_eapsuccess) { //MANA + data->state = SUCCESS; //MANA WPE + } }