LCOV - code coverage report
Current view: top level - src/ap - preauth_auth.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1443382998 Lines: 96 129 74.4 %
Date: 2015-09-27 Functions: 8 8 100.0 %

          Line data    Source code
       1             : /*
       2             :  * hostapd - Authenticator for IEEE 802.11i RSN pre-authentication
       3             :  * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "utils/includes.h"
      10             : 
      11             : #ifdef CONFIG_RSN_PREAUTH
      12             : 
      13             : #include "utils/common.h"
      14             : #include "utils/eloop.h"
      15             : #include "l2_packet/l2_packet.h"
      16             : #include "common/wpa_common.h"
      17             : #include "eapol_auth/eapol_auth_sm.h"
      18             : #include "eapol_auth/eapol_auth_sm_i.h"
      19             : #include "hostapd.h"
      20             : #include "ap_config.h"
      21             : #include "ieee802_1x.h"
      22             : #include "sta_info.h"
      23             : #include "wpa_auth.h"
      24             : #include "preauth_auth.h"
      25             : 
      26             : #ifndef ETH_P_PREAUTH
      27             : #define ETH_P_PREAUTH 0x88C7 /* IEEE 802.11i pre-authentication */
      28             : #endif /* ETH_P_PREAUTH */
      29             : 
      30             : static const int dot11RSNAConfigPMKLifetime = 43200;
      31             : 
      32             : struct rsn_preauth_interface {
      33             :         struct rsn_preauth_interface *next;
      34             :         struct hostapd_data *hapd;
      35             :         struct l2_packet_data *l2;
      36             :         char *ifname;
      37             :         int ifindex;
      38             : };
      39             : 
      40             : 
      41          18 : static void rsn_preauth_receive(void *ctx, const u8 *src_addr,
      42             :                                 const u8 *buf, size_t len)
      43             : {
      44          18 :         struct rsn_preauth_interface *piface = ctx;
      45          18 :         struct hostapd_data *hapd = piface->hapd;
      46             :         struct ieee802_1x_hdr *hdr;
      47             :         struct sta_info *sta;
      48             :         struct l2_ethhdr *ethhdr;
      49             : 
      50          18 :         wpa_printf(MSG_DEBUG, "RSN: receive pre-auth packet "
      51             :                    "from interface '%s'", piface->ifname);
      52          18 :         if (len < sizeof(*ethhdr) + sizeof(*hdr)) {
      53           0 :                 wpa_printf(MSG_DEBUG, "RSN: too short pre-auth packet "
      54             :                            "(len=%lu)", (unsigned long) len);
      55           0 :                 return;
      56             :         }
      57             : 
      58          18 :         ethhdr = (struct l2_ethhdr *) buf;
      59          18 :         hdr = (struct ieee802_1x_hdr *) (ethhdr + 1);
      60             : 
      61          18 :         if (os_memcmp(ethhdr->h_dest, hapd->own_addr, ETH_ALEN) != 0) {
      62           0 :                 wpa_printf(MSG_DEBUG, "RSN: pre-auth for foreign address "
      63           0 :                            MACSTR, MAC2STR(ethhdr->h_dest));
      64           0 :                 return;
      65             :         }
      66             : 
      67          18 :         sta = ap_get_sta(hapd, ethhdr->h_source);
      68          18 :         if (sta && (sta->flags & WLAN_STA_ASSOC)) {
      69           0 :                 wpa_printf(MSG_DEBUG, "RSN: pre-auth for already association "
      70           0 :                            "STA " MACSTR, MAC2STR(sta->addr));
      71           0 :                 return;
      72             :         }
      73          18 :         if (!sta && hdr->type == IEEE802_1X_TYPE_EAPOL_START) {
      74           6 :                 sta = ap_sta_add(hapd, ethhdr->h_source);
      75           6 :                 if (sta == NULL)
      76           1 :                         return;
      77           5 :                 sta->flags = WLAN_STA_PREAUTH;
      78             : 
      79           5 :                 ieee802_1x_new_station(hapd, sta);
      80           5 :                 if (sta->eapol_sm == NULL) {
      81           0 :                         ap_free_sta(hapd, sta);
      82           0 :                         sta = NULL;
      83             :                 } else {
      84           5 :                         sta->eapol_sm->radius_identifier = -1;
      85           5 :                         sta->eapol_sm->portValid = TRUE;
      86           5 :                         sta->eapol_sm->flags |= EAPOL_SM_PREAUTH;
      87             :                 }
      88             :         }
      89          17 :         if (sta == NULL)
      90           0 :                 return;
      91          17 :         sta->preauth_iface = piface;
      92          17 :         ieee802_1x_receive(hapd, ethhdr->h_source, (u8 *) (ethhdr + 1),
      93             :                            len - sizeof(*ethhdr));
      94             : }
      95             : 
      96             : 
      97           4 : static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname)
      98             : {
      99             :         struct rsn_preauth_interface *piface;
     100             : 
     101           4 :         wpa_printf(MSG_DEBUG, "RSN pre-auth interface '%s'", ifname);
     102             : 
     103           4 :         piface = os_zalloc(sizeof(*piface));
     104           4 :         if (piface == NULL)
     105           0 :                 return -1;
     106           4 :         piface->hapd = hapd;
     107             : 
     108           4 :         piface->ifname = os_strdup(ifname);
     109           4 :         if (piface->ifname == NULL) {
     110           0 :                 goto fail1;
     111             :         }
     112             : 
     113           4 :         piface->l2 = l2_packet_init(piface->ifname, NULL, ETH_P_PREAUTH,
     114             :                                     rsn_preauth_receive, piface, 1);
     115           4 :         if (piface->l2 == NULL) {
     116           0 :                 wpa_printf(MSG_ERROR, "Failed to open register layer 2 access "
     117             :                            "to ETH_P_PREAUTH");
     118           0 :                 goto fail2;
     119             :         }
     120             : 
     121           4 :         piface->next = hapd->preauth_iface;
     122           4 :         hapd->preauth_iface = piface;
     123           4 :         return 0;
     124             : 
     125             : fail2:
     126           0 :         os_free(piface->ifname);
     127             : fail1:
     128           0 :         os_free(piface);
     129           0 :         return -1;
     130             : }
     131             : 
     132             : 
     133        1682 : void rsn_preauth_iface_deinit(struct hostapd_data *hapd)
     134             : {
     135             :         struct rsn_preauth_interface *piface, *prev;
     136             : 
     137        1682 :         piface = hapd->preauth_iface;
     138        1682 :         hapd->preauth_iface = NULL;
     139        3368 :         while (piface) {
     140           4 :                 prev = piface;
     141           4 :                 piface = piface->next;
     142           4 :                 l2_packet_deinit(prev->l2);
     143           4 :                 os_free(prev->ifname);
     144           4 :                 os_free(prev);
     145             :         }
     146        1682 : }
     147             : 
     148             : 
     149         946 : int rsn_preauth_iface_init(struct hostapd_data *hapd)
     150             : {
     151             :         char *tmp, *start, *end;
     152             : 
     153         946 :         if (hapd->conf->rsn_preauth_interfaces == NULL)
     154         942 :                 return 0;
     155             : 
     156           4 :         tmp = os_strdup(hapd->conf->rsn_preauth_interfaces);
     157           4 :         if (tmp == NULL)
     158           0 :                 return -1;
     159           4 :         start = tmp;
     160             :         for (;;) {
     161           8 :                 while (*start == ' ')
     162           0 :                         start++;
     163           4 :                 if (*start == '\0')
     164           0 :                         break;
     165           4 :                 end = os_strchr(start, ' ');
     166           4 :                 if (end)
     167           0 :                         *end = '\0';
     168             : 
     169           4 :                 if (rsn_preauth_iface_add(hapd, start)) {
     170           0 :                         rsn_preauth_iface_deinit(hapd);
     171           0 :                         os_free(tmp);
     172           0 :                         return -1;
     173             :                 }
     174             : 
     175           4 :                 if (end)
     176           0 :                         start = end + 1;
     177             :                 else
     178           4 :                         break;
     179           0 :         }
     180           4 :         os_free(tmp);
     181           4 :         return 0;
     182             : }
     183             : 
     184             : 
     185           4 : static void rsn_preauth_finished_cb(void *eloop_ctx, void *timeout_ctx)
     186             : {
     187           4 :         struct hostapd_data *hapd = eloop_ctx;
     188           4 :         struct sta_info *sta = timeout_ctx;
     189          24 :         wpa_printf(MSG_DEBUG, "RSN: Removing pre-authentication STA entry for "
     190          24 :                    MACSTR, MAC2STR(sta->addr));
     191           4 :         ap_free_sta(hapd, sta);
     192           4 : }
     193             : 
     194             : 
     195           4 : void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
     196             :                           int success)
     197             : {
     198             :         const u8 *key;
     199             :         size_t len;
     200           4 :         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
     201             :                        HOSTAPD_LEVEL_INFO, "pre-authentication %s",
     202             :                        success ? "succeeded" : "failed");
     203             : 
     204           4 :         key = ieee802_1x_get_key(sta->eapol_sm, &len);
     205           4 :         if (len > PMK_LEN)
     206           4 :                 len = PMK_LEN;
     207           4 :         if (success && key) {
     208           8 :                 if (wpa_auth_pmksa_add_preauth(hapd->wpa_auth, key, len,
     209           4 :                                                sta->addr,
     210             :                                                dot11RSNAConfigPMKLifetime,
     211             :                                                sta->eapol_sm) == 0) {
     212           4 :                         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
     213             :                                        HOSTAPD_LEVEL_DEBUG,
     214             :                                        "added PMKSA cache entry (pre-auth)");
     215             :                 } else {
     216           0 :                         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
     217             :                                        HOSTAPD_LEVEL_DEBUG,
     218             :                                        "failed to add PMKSA cache entry "
     219             :                                        "(pre-auth)");
     220             :                 }
     221             :         }
     222             : 
     223             :         /*
     224             :          * Finish STA entry removal from timeout in order to avoid freeing
     225             :          * STA data before the caller has finished processing.
     226             :          */
     227           4 :         eloop_register_timeout(0, 0, rsn_preauth_finished_cb, hapd, sta);
     228           4 : }
     229             : 
     230             : 
     231          18 : void rsn_preauth_send(struct hostapd_data *hapd, struct sta_info *sta,
     232             :                       u8 *buf, size_t len)
     233             : {
     234             :         struct rsn_preauth_interface *piface;
     235             :         struct l2_ethhdr *ethhdr;
     236             : 
     237          18 :         piface = hapd->preauth_iface;
     238          36 :         while (piface) {
     239          18 :                 if (piface == sta->preauth_iface)
     240          18 :                         break;
     241           0 :                 piface = piface->next;
     242             :         }
     243             : 
     244          18 :         if (piface == NULL) {
     245           0 :                 wpa_printf(MSG_DEBUG, "RSN: Could not find pre-authentication "
     246           0 :                            "interface for " MACSTR, MAC2STR(sta->addr));
     247           0 :                 return;
     248             :         }
     249             : 
     250          18 :         ethhdr = os_malloc(sizeof(*ethhdr) + len);
     251          18 :         if (ethhdr == NULL)
     252           1 :                 return;
     253             : 
     254          17 :         os_memcpy(ethhdr->h_dest, sta->addr, ETH_ALEN);
     255          17 :         os_memcpy(ethhdr->h_source, hapd->own_addr, ETH_ALEN);
     256          17 :         ethhdr->h_proto = host_to_be16(ETH_P_PREAUTH);
     257          17 :         os_memcpy(ethhdr + 1, buf, len);
     258             : 
     259          17 :         if (l2_packet_send(piface->l2, sta->addr, ETH_P_PREAUTH, (u8 *) ethhdr,
     260             :                            sizeof(*ethhdr) + len) < 0) {
     261           0 :                 wpa_printf(MSG_ERROR, "Failed to send preauth packet using "
     262             :                            "l2_packet_send\n");
     263             :         }
     264          17 :         os_free(ethhdr);
     265             : }
     266             : 
     267             : 
     268        2543 : void rsn_preauth_free_station(struct hostapd_data *hapd, struct sta_info *sta)
     269             : {
     270        2543 :         eloop_cancel_timeout(rsn_preauth_finished_cb, hapd, sta);
     271        2543 : }
     272             : 
     273             : #endif /* CONFIG_RSN_PREAUTH */

Generated by: LCOV version 1.10