From patchwork Thu Sep 17 23:20:58 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?UmFmYcWCIE1pxYJlY2tp?= <zajec5@gmail.com>
X-Patchwork-Id: 519073
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (arrakis.dune.hu [78.24.191.176])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 1886414010F
	for <incoming@patchwork.ozlabs.org>;
	Fri, 18 Sep 2015 09:21:27 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=sah8usCU;
	dkim-atps=neutral
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 4618628BCB5;
	Fri, 18 Sep 2015 01:19:58 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,
	FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, T_DKIM_INVALID autolearn=no
	version=3.3.2
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id DFA3128BC99
	for <openwrt-devel@lists.openwrt.org>;
	Fri, 18 Sep 2015 01:19:54 +0200 (CEST)
X-policyd-weight: using cached result; rate: -8.5
Received: from mail-lb0-f178.google.com (mail-lb0-f178.google.com
	[209.85.217.178]) by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Fri, 18 Sep 2015 01:19:54 +0200 (CEST)
Received: by lbcao8 with SMTP id ao8so17027584lbc.3
	for <openwrt-devel@lists.openwrt.org>;
	Thu, 17 Sep 2015 16:21:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding;
	bh=ZCEa1kOKigFwbxFSk70mj7rSLJDQWgU2Y0wG9gIQ+IU=;
	b=sah8usCURvTnSf04vYUl0ZbXngMNmeZExzIaxtwboxCvgevl59IJQ6ojM6xDicQkgV
	Cr/L0u8FwjxSMu0dVrMBKyE/Ql7NrIXufVQXwnkPU3cIfu0NCfdDcIdFsZkew6Yda+xw
	TKVpU3hTkebh6W/POmO0YfcH+EqDAzuIZKswBWAKwUUzNQ2YIoRMlfrS4S79i/VUGPLB
	qQT4qp+Q9rk+ZGSTc7pT5Iujt7jWDkxI8uJX8QU4Uhp0Uo6IKrcZV1OnfwPyvkxoDDP6
	a8kDePGj60lKdgR4C9JRiEr/aDkZGx/Jn1NfBarkXKyCVc97pKd9G/+rhpvaeRqb5x2H
	KjJg==
X-Received: by 10.152.29.169 with SMTP id l9mr805097lah.115.1442532065287;
	Thu, 17 Sep 2015 16:21:05 -0700 (PDT)
Received: from linux-tdhb.lan
	(ip-194-187-74-233.konfederacka.maverick.com.pl. [194.187.74.233])
	by smtp.gmail.com with ESMTPSA id
	rv2sm738127lbb.30.2015.09.17.16.21.03
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 Sep 2015 16:21:04 -0700 (PDT)
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
To: openwrt-devel@lists.openwrt.org
Date: Fri, 18 Sep 2015 01:20:58 +0200
Message-Id: <1442532058-24717-1-git-send-email-zajec5@gmail.com>
X-Mailer: git-send-email 1.8.4.5
MIME-Version: 1.0
Subject: [OpenWrt-Devel] [PATCH] hostapd: check for banned client on
	association event
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so
check for banned client in probe request handler won't ever be used.
Since cfg80211 provides us info about STA associating let's put a check
there.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
---
 .../hostapd/patches/600-ubus_support.patch         | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index 1efe84e..df2eac8 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -830,3 +830,29 @@
  int ieee802_11_set_beacon(struct hostapd_data *hapd);
  int ieee802_11_set_beacons(struct hostapd_iface *iface);
  int ieee802_11_update_beacons(struct hostapd_iface *iface);
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -49,6 +49,10 @@ int hostapd_notif_assoc(struct hostapd_d
+ 	u16 reason = WLAN_REASON_UNSPECIFIED;
+ 	u16 status = WLAN_STATUS_SUCCESS;
+ 	const u8 *p2p_dev_addr = NULL;
++	struct hostapd_ubus_request req = {
++		.type = HOSTAPD_UBUS_ASSOC_REQ,
++		.addr = addr,
++	};
+ 
+ 	if (addr == NULL) {
+ 		/*
+@@ -113,6 +117,12 @@ int hostapd_notif_assoc(struct hostapd_d
+ 	}
+ 	sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
+ 
++	if (hostapd_ubus_handle_event(hapd, &req)) {
++		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
++			   MAC2STR(req.addr));
++		goto fail;
++	}
++
+ #ifdef CONFIG_P2P
+ 	if (elems.p2p) {
+ 		wpabuf_free(sta->p2p_ie);