diff options
| author | Jouni Malinen <jouni.malinen@atheros.com> | 2009-05-11 14:57:57 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2009-05-13 15:44:37 -0400 |
| commit | 3f77316c6b99f596bfbf72c0542f47f7230b702e (patch) | |
| tree | d9c8634e62917687c9a2741fdd72dd2c19c04727 | |
| parent | eccb8e8f0c3af47aeb6dbe4012eb8d4fc888767a (diff) | |
nl80211: Add IEEE 802.1X PAE control for station mode
Add a new NL80211_ATTR_CONTROL_PORT flag for NL80211_CMD_ASSOCIATE to
allow user space to indicate that it will control the IEEE 802.1X port
in station mode. Previously, mac80211 was always marking the port
authorized in station mode. This was enough when drop_unencrypted flag
was set. However, drop_unencrypted can currently be controlled only
with WEXT and the current nl80211 design does not allow fully secure
configuration. Fix this by providing a mechanism for user space to
control the IEEE 802.1X port in station mode (i.e., do the same that
we are already doing in AP mode).
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
| -rw-r--r-- | include/linux/nl80211.h | 9 | ||||
| -rw-r--r-- | include/net/cfg80211.h | 5 | ||||
| -rw-r--r-- | net/mac80211/cfg.c | 5 | ||||
| -rw-r--r-- | net/mac80211/ieee80211_i.h | 2 | ||||
| -rw-r--r-- | net/mac80211/mlme.c | 5 | ||||
| -rw-r--r-- | net/mac80211/wext.c | 3 | ||||
| -rw-r--r-- | net/wireless/nl80211.c | 3 |
7 files changed, 29 insertions, 3 deletions
diff --git a/include/linux/nl80211.h b/include/linux/nl80211.h index aeefccfac0e1..2781525b03d5 100644 --- a/include/linux/nl80211.h +++ b/include/linux/nl80211.h | |||
| @@ -504,6 +504,13 @@ enum nl80211_commands { | |||
| 504 | * @NL80211_ATTR_STA_FLAGS2: Attribute containing a | 504 | * @NL80211_ATTR_STA_FLAGS2: Attribute containing a |
| 505 | * &struct nl80211_sta_flag_update. | 505 | * &struct nl80211_sta_flag_update. |
| 506 | * | 506 | * |
| 507 | * @NL80211_ATTR_CONTROL_PORT: A flag indicating whether user space controls | ||
| 508 | * IEEE 802.1X port, i.e., sets/clears %NL80211_STA_FLAG_AUTHORIZED, in | ||
| 509 | * station mode. If the flag is included in %NL80211_CMD_ASSOCIATE | ||
| 510 | * request, the driver will assume that the port is unauthorized until | ||
| 511 | * authorized by user space. Otherwise, port is marked authorized by | ||
| 512 | * default in station mode. | ||
| 513 | * | ||
| 507 | * @NL80211_ATTR_MAX: highest attribute number currently defined | 514 | * @NL80211_ATTR_MAX: highest attribute number currently defined |
| 508 | * @__NL80211_ATTR_AFTER_LAST: internal use | 515 | * @__NL80211_ATTR_AFTER_LAST: internal use |
| 509 | */ | 516 | */ |
| @@ -610,6 +617,8 @@ enum nl80211_attrs { | |||
| 610 | 617 | ||
| 611 | NL80211_ATTR_STA_FLAGS2, | 618 | NL80211_ATTR_STA_FLAGS2, |
| 612 | 619 | ||
| 620 | NL80211_ATTR_CONTROL_PORT, | ||
| 621 | |||
| 613 | /* add attributes here, update the policy in nl80211.c */ | 622 | /* add attributes here, update the policy in nl80211.c */ |
| 614 | 623 | ||
| 615 | __NL80211_ATTR_AFTER_LAST, | 624 | __NL80211_ATTR_AFTER_LAST, |
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 0dae6b382940..9e17a83d3432 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h | |||
| @@ -655,6 +655,10 @@ struct cfg80211_auth_request { | |||
| 655 | * @ie: Extra IEs to add to (Re)Association Request frame or %NULL | 655 | * @ie: Extra IEs to add to (Re)Association Request frame or %NULL |
| 656 | * @ie_len: Length of ie buffer in octets | 656 | * @ie_len: Length of ie buffer in octets |
| 657 | * @use_mfp: Use management frame protection (IEEE 802.11w) in this association | 657 | * @use_mfp: Use management frame protection (IEEE 802.11w) in this association |
| 658 | * @control_port: Whether user space controls IEEE 802.1X port, i.e., | ||
| 659 | * sets/clears %NL80211_STA_FLAG_AUTHORIZED. If true, the driver is | ||
| 660 | * required to assume that the port is unauthorized until authorized by | ||
| 661 | * user space. Otherwise, port is marked authorized by default. | ||
| 658 | */ | 662 | */ |
| 659 | struct cfg80211_assoc_request { | 663 | struct cfg80211_assoc_request { |
| 660 | struct ieee80211_channel *chan; | 664 | struct ieee80211_channel *chan; |
| @@ -664,6 +668,7 @@ struct cfg80211_assoc_request { | |||
| 664 | const u8 *ie; | 668 | const u8 *ie; |
| 665 | size_t ie_len; | 669 | size_t ie_len; |
| 666 | bool use_mfp; | 670 | bool use_mfp; |
| 671 | bool control_port; | ||
| 667 | }; | 672 | }; |
| 668 | 673 | ||
| 669 | /** | 674 | /** |
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index d591a936f5c4..6464bfd232c9 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
| @@ -1265,6 +1265,11 @@ static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev, | |||
| 1265 | sdata->u.mgd.flags &= ~IEEE80211_STA_MFP_ENABLED; | 1265 | sdata->u.mgd.flags &= ~IEEE80211_STA_MFP_ENABLED; |
| 1266 | } | 1266 | } |
| 1267 | 1267 | ||
| 1268 | if (req->control_port) | ||
| 1269 | sdata->u.mgd.flags |= IEEE80211_STA_CONTROL_PORT; | ||
| 1270 | else | ||
| 1271 | sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT; | ||
| 1272 | |||
| 1268 | sdata->u.mgd.flags |= IEEE80211_STA_EXT_SME; | 1273 | sdata->u.mgd.flags |= IEEE80211_STA_EXT_SME; |
| 1269 | sdata->u.mgd.state = IEEE80211_STA_MLME_ASSOCIATE; | 1274 | sdata->u.mgd.state = IEEE80211_STA_MLME_ASSOCIATE; |
| 1270 | ieee80211_sta_req_auth(sdata); | 1275 | ieee80211_sta_req_auth(sdata); |
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 081c57427308..56a49ef446ca 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h | |||
| @@ -235,7 +235,7 @@ struct mesh_preq_queue { | |||
| 235 | #define IEEE80211_STA_ASSOCIATED BIT(4) | 235 | #define IEEE80211_STA_ASSOCIATED BIT(4) |
| 236 | #define IEEE80211_STA_PROBEREQ_POLL BIT(5) | 236 | #define IEEE80211_STA_PROBEREQ_POLL BIT(5) |
| 237 | #define IEEE80211_STA_CREATE_IBSS BIT(6) | 237 | #define IEEE80211_STA_CREATE_IBSS BIT(6) |
| 238 | /* hole at 7, please re-use */ | 238 | #define IEEE80211_STA_CONTROL_PORT BIT(7) |
| 239 | #define IEEE80211_STA_WMM_ENABLED BIT(8) | 239 | #define IEEE80211_STA_WMM_ENABLED BIT(8) |
| 240 | /* hole at 9, please re-use */ | 240 | /* hole at 9, please re-use */ |
| 241 | #define IEEE80211_STA_AUTO_SSID_SEL BIT(10) | 241 | #define IEEE80211_STA_AUTO_SSID_SEL BIT(10) |
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 6d00e3f738c0..2806f6af7ae7 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c | |||
| @@ -1581,8 +1581,9 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, | |||
| 1581 | * to between the sta_info_alloc() and sta_info_insert() above. | 1581 | * to between the sta_info_alloc() and sta_info_insert() above. |
| 1582 | */ | 1582 | */ |
| 1583 | 1583 | ||
| 1584 | set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP | | 1584 | set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP); |
| 1585 | WLAN_STA_AUTHORIZED); | 1585 | if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) |
| 1586 | set_sta_flags(sta, WLAN_STA_AUTHORIZED); | ||
| 1586 | 1587 | ||
| 1587 | rates = 0; | 1588 | rates = 0; |
| 1588 | basic_rates = 0; | 1589 | basic_rates = 0; |
diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c index d84502644686..c14394744a9c 100644 --- a/net/mac80211/wext.c +++ b/net/mac80211/wext.c | |||
| @@ -41,6 +41,7 @@ static int ieee80211_ioctl_siwgenie(struct net_device *dev, | |||
| 41 | return ret; | 41 | return ret; |
| 42 | sdata->u.mgd.flags &= ~IEEE80211_STA_AUTO_BSSID_SEL; | 42 | sdata->u.mgd.flags &= ~IEEE80211_STA_AUTO_BSSID_SEL; |
| 43 | sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME; | 43 | sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME; |
| 44 | sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT; | ||
| 44 | ieee80211_sta_req_auth(sdata); | 45 | ieee80211_sta_req_auth(sdata); |
| 45 | return 0; | 46 | return 0; |
| 46 | } | 47 | } |
| @@ -124,6 +125,7 @@ static int ieee80211_ioctl_siwessid(struct net_device *dev, | |||
| 124 | return ret; | 125 | return ret; |
| 125 | 126 | ||
| 126 | sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME; | 127 | sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME; |
| 128 | sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT; | ||
| 127 | ieee80211_sta_req_auth(sdata); | 129 | ieee80211_sta_req_auth(sdata); |
| 128 | return 0; | 130 | return 0; |
| 129 | } | 131 | } |
| @@ -181,6 +183,7 @@ static int ieee80211_ioctl_siwap(struct net_device *dev, | |||
| 181 | if (ret) | 183 | if (ret) |
| 182 | return ret; | 184 | return ret; |
| 183 | sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME; | 185 | sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME; |
| 186 | sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT; | ||
| 184 | ieee80211_sta_req_auth(sdata); | 187 | ieee80211_sta_req_auth(sdata); |
| 185 | return 0; | 188 | return 0; |
| 186 | } else if (sdata->vif.type == NL80211_IFTYPE_WDS) { | 189 | } else if (sdata->vif.type == NL80211_IFTYPE_WDS) { |
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 66024ef57bab..cad281390cfa 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -126,6 +126,7 @@ static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = { | |||
| 126 | [NL80211_ATTR_STA_FLAGS2] = { | 126 | [NL80211_ATTR_STA_FLAGS2] = { |
| 127 | .len = sizeof(struct nl80211_sta_flag_update), | 127 | .len = sizeof(struct nl80211_sta_flag_update), |
| 128 | }, | 128 | }, |
| 129 | [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, | ||
| 129 | }; | 130 | }; |
| 130 | 131 | ||
| 131 | /* IE validation */ | 132 | /* IE validation */ |
| @@ -3040,6 +3041,8 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) | |||
| 3040 | } | 3041 | } |
| 3041 | } | 3042 | } |
| 3042 | 3043 | ||
| 3044 | req.control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; | ||
| 3045 | |||
| 3043 | err = drv->ops->assoc(&drv->wiphy, dev, &req); | 3046 | err = drv->ops->assoc(&drv->wiphy, dev, &req); |
| 3044 | 3047 | ||
| 3045 | out: | 3048 | out: |