nl80211: Add IEEE 802.1X PAE control for station mode

Add a new NL80211_ATTR_CONTROL_PORT flag for NL80211_CMD_ASSOCIATE to allow user space to indicate that it will control the IEEE 802.1X port in station mode. Previously, mac80211 was always marking the port authorized in station mode. This was enough when drop_unencrypted flag was set. However, drop_unencrypted can currently be controlled only with WEXT and the current nl80211 design does not allow fully secure configuration. Fix this by providing a mechanism for user space to control the IEEE 802.1X port in station mode (i.e., do the same that we are already doing in AP mode). Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Jouni Malinen <jouni.malinen@atheros.com> 2009-05-11 14:57:57 -0400
committer: John W. Linville <linville@tuxdriver.com> 2009-05-13 15:44:37 -0400
commit: 3f77316c6b99f596bfbf72c0542f47f7230b702e (patch)
tree: d9c8634e62917687c9a2741fdd72dd2c19c04727 /net
parent: eccb8e8f0c3af47aeb6dbe4012eb8d4fc888767a (diff)
5 files changed, 15 insertions, 3 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index d591a936f5c4..6464bfd232c9 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1265,6 +1265,11 @@ static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev,
                sdata->u.mgd.flags &= ~IEEE80211_STA_MFP_ENABLED;
        }
+        if (req->control_port)
+                sdata->u.mgd.flags |= IEEE80211_STA_CONTROL_PORT;
+        else
+                sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT;
        sdata->u.mgd.flags |= IEEE80211_STA_EXT_SME;
        sdata->u.mgd.state = IEEE80211_STA_MLME_ASSOCIATE;
        ieee80211_sta_req_auth(sdata);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 081c57427308..56a49ef446ca 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -235,7 +235,7 @@ struct mesh_preq_queue {
 #define IEEE80211_STA_ASSOCIATED        BIT(4)
 #define IEEE80211_STA_PROBEREQ_POLL     BIT(5)
 #define IEEE80211_STA_CREATE_IBSS       BIT(6)
-/* hole at 7, please re-use */
+#define IEEE80211_STA_CONTROL_PORT      BIT(7)
 #define IEEE80211_STA_WMM_ENABLED       BIT(8)
 /* hole at 9, please re-use */
 #define IEEE80211_STA_AUTO_SSID_SEL     BIT(10)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 6d00e3f738c0..2806f6af7ae7 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1581,8 +1581,9 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
         *        to between the sta_info_alloc() and sta_info_insert() above.
         */
-        set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP |
+        set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP);
-                           WLAN_STA_AUTHORIZED);
+        if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
+                set_sta_flags(sta, WLAN_STA_AUTHORIZED);
        rates = 0;
        basic_rates = 0;
diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c
index d84502644686..c14394744a9c 100644
--- a/net/mac80211/wext.c
+++ b/net/mac80211/wext.c
@@ -41,6 +41,7 @@ static int ieee80211_ioctl_siwgenie(struct net_device *dev,
                        return ret;
                sdata->u.mgd.flags &= ~IEEE80211_STA_AUTO_BSSID_SEL;
                sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME;
+                sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT;
                ieee80211_sta_req_auth(sdata);
                return 0;
        }
@@ -124,6 +125,7 @@ static int ieee80211_ioctl_siwessid(struct net_device *dev,
                        return ret;
                sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME;
+                sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT;
                ieee80211_sta_req_auth(sdata);
                return 0;
        }
@@ -181,6 +183,7 @@ static int ieee80211_ioctl_siwap(struct net_device *dev,
                if (ret)
                        return ret;
                sdata->u.mgd.flags &= ~IEEE80211_STA_EXT_SME;
+                sdata->u.mgd.flags &= ~IEEE80211_STA_CONTROL_PORT;
                ieee80211_sta_req_auth(sdata);
                return 0;
        } else if (sdata->vif.type == NL80211_IFTYPE_WDS) {
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 66024ef57bab..cad281390cfa 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -126,6 +126,7 @@ static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
        [NL80211_ATTR_STA_FLAGS2] = {
                .len = sizeof(struct nl80211_sta_flag_update),
        },
+        [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
 };
 /* IE validation */
@@ -3040,6 +3041,8 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
                }
        }
+        req.control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
        err = drv->ops->assoc(&drv->wiphy, dev, &req);
 out:
author	Jouni Malinen <jouni.malinen@atheros.com>	2009-05-11 14:57:57 -0400
committer	John W. Linville <linville@tuxdriver.com>	2009-05-13 15:44:37 -0400
commit	3f77316c6b99f596bfbf72c0542f47f7230b702e (patch)
tree	d9c8634e62917687c9a2741fdd72dd2c19c04727 /net
parent	eccb8e8f0c3af47aeb6dbe4012eb8d4fc888767a (diff)