Patchwork [PATCHv3] wpa_supplicant: support IBSS RSN STA authorization

login
register
mail settings
Submitter Antonio Quartulli
Date Jan. 29, 2012, 7:39 p.m.
Message ID <1327865948-19788-1-git-send-email-ordex@autistici.org>
Download mbox | patch
Permalink /patch/138475/
State Accepted
Commit e640888c5e6a9931c6785648714da4dffe48ab52
Headers show

Comments

Antonio Quartulli - Jan. 29, 2012, 7:39 p.m.
In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations.
This patch makes wpa_supplicant notify the driver when a station can be
considered authorised.

Signed-hostap: Antonio Quartulli <ordex@autistici.org>
---

This patch has to wait for the related
"cfg80211/mac80211: userspace peer authorization in IBSS" kernel patch in order
to be able to work.


src/drivers/driver_nl80211.c |    6 +++++
 wpa_supplicant/ibss_rsn.c    |   50 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 0 deletions(-)
Antonio Quartulli - Jan. 29, 2012, 7:40 p.m.
On Sun, Jan 29, 2012 at 08:39:08PM +0100, Antonio Quartulli wrote:
> In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations.
> This patch makes wpa_supplicant notify the driver when a station can be
> considered authorised.
> 
> Signed-hostap: Antonio Quartulli <ordex@autistici.org>
> ---
> 
> This patch has to wait for the related
> "cfg80211/mac80211: userspace peer authorization in IBSS" kernel patch in order
> to be able to work.

I hope it can now happily wait for the kernel commit :-)


Cheers,
Antonio Quartulli - Feb. 8, 2012, 11:48 p.m.
On Sun, Jan 29, 2012 at 08:40:10PM +0100, Antonio Quartulli wrote:
> On Sun, Jan 29, 2012 at 08:39:08PM +0100, Antonio Quartulli wrote:
> > In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations.
> > This patch makes wpa_supplicant notify the driver when a station can be
> > considered authorised.
> > 
> > Signed-hostap: Antonio Quartulli <ordex@autistici.org>
> > ---
> > 
> > This patch has to wait for the related
> > "cfg80211/mac80211: userspace peer authorization in IBSS" kernel patch in order
> > to be able to work.
> 
> I hope it can now happily wait for the kernel commit :-)

Hello,

just wanted to ping because the dependency patch has been committed into
wireless-testing (commit 267335d63b808dc861f3a4dc81a605489a8a13ac).

I've done another test and everything seems to work as expected.

Cheers,
Jouni Malinen - Feb. 12, 2012, 4:10 p.m.
On Sun, Jan 29, 2012 at 08:39:08PM +0100, Antonio Quartulli wrote:
> In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations.
> This patch makes wpa_supplicant notify the driver when a station can be
> considered authorised.

Thanks, applied.

Patch

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 0bf1dca..67bd29b 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -6427,6 +6427,12 @@  retry:
 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
 	}
 
+	if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
+	    params->key_mgmt_suite == KEY_MGMT_PSK ||
+	    params->key_mgmt_suite == KEY_MGMT_802_1X_SHA256 ||
+	    params->key_mgmt_suite == KEY_MGMT_PSK_SHA256)
+		NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
+
 	if (params->wpa_ie) {
 		wpa_hexdump(MSG_DEBUG,
 			    "  * Extra IEs for Beacon/Probe Response frames",
diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c
index f9a9090..f1e4e21 100644
--- a/wpa_supplicant/ibss_rsn.c
+++ b/wpa_supplicant/ibss_rsn.c
@@ -320,6 +320,55 @@  static int auth_for_each_sta(void *ctx, int (*cb)(struct wpa_state_machine *sm,
 }
 
 
+static void ibss_set_sta_authorized(struct ibss_rsn *ibss_rsn,
+				    struct ibss_rsn_peer *peer, int authorized)
+{
+	int res;
+
+	if (authorized) {
+		res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
+					    WPA_STA_AUTHORIZED,
+					    WPA_STA_AUTHORIZED, ~0);
+		wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " authorizing port",
+			   MAC2STR(peer->addr));
+	} else {
+		res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
+					    0, 0, ~WPA_STA_AUTHORIZED);
+		wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " unauthorizing port",
+			   MAC2STR(peer->addr));
+	}
+
+	if (res && errno != ENOENT) {
+		wpa_printf(MSG_DEBUG, "Could not set station " MACSTR " flags "
+			   "for kernel driver (errno=%d)",
+			   MAC2STR(peer->addr), errno);
+	}
+}
+
+
+
+static void auth_set_eapol(void *ctx, const u8 *addr,
+				       wpa_eapol_variable var, int value)
+{
+	struct ibss_rsn *ibss_rsn = ctx;
+	struct ibss_rsn_peer *peer = ibss_rsn_get_peer(ibss_rsn, addr);
+
+	if (peer == NULL)
+		return;
+
+	switch (var) {
+	case WPA_EAPOL_authorized:
+		ibss_set_sta_authorized(ibss_rsn, peer, value);
+		break;
+	default:
+		/* do not handle any other event */
+		wpa_printf(MSG_DEBUG, "AUTH: eapol event not handled %d", var);
+		break;
+	}
+}
+
+
+
 static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
 				    const u8 *own_addr)
 {
@@ -340,6 +389,7 @@  static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
 	os_memset(&cb, 0, sizeof(cb));
 	cb.ctx = ibss_rsn;
 	cb.logger = auth_logger;
+	cb.set_eapol = auth_set_eapol;
 	cb.send_eapol = auth_send_eapol;
 	cb.get_psk = auth_get_psk;
 	cb.set_key = auth_set_key;