diff options
Diffstat (limited to 'net/ieee80211/softmac/ieee80211softmac_auth.c')
-rw-r--r-- | net/ieee80211/softmac/ieee80211softmac_auth.c | 364 |
1 files changed, 364 insertions, 0 deletions
diff --git a/net/ieee80211/softmac/ieee80211softmac_auth.c b/net/ieee80211/softmac/ieee80211softmac_auth.c new file mode 100644 index 000000000000..9a0eac6c61eb --- /dev/null +++ b/net/ieee80211/softmac/ieee80211softmac_auth.c | |||
@@ -0,0 +1,364 @@ | |||
1 | /* | ||
2 | * This file contains the softmac's authentication logic. | ||
3 | * | ||
4 | * Copyright (c) 2005, 2006 Johannes Berg <johannes@sipsolutions.net> | ||
5 | * Joseph Jezak <josejx@gentoo.org> | ||
6 | * Larry Finger <Larry.Finger@lwfinger.net> | ||
7 | * Danny van Dyk <kugelfang@gentoo.org> | ||
8 | * Michael Buesch <mbuesch@freenet.de> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify it | ||
11 | * under the terms of version 2 of the GNU General Public License as | ||
12 | * published by the Free Software Foundation. | ||
13 | * | ||
14 | * This program is distributed in the hope that it will be useful, but WITHOUT | ||
15 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | ||
16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | ||
17 | * more details. | ||
18 | * | ||
19 | * You should have received a copy of the GNU General Public License | ||
20 | * along with this program; if not, write to the Free Software | ||
21 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | ||
22 | * | ||
23 | * The full GNU General Public License is included in this distribution in the | ||
24 | * file called COPYING. | ||
25 | */ | ||
26 | |||
27 | #include "ieee80211softmac_priv.h" | ||
28 | |||
29 | static void ieee80211softmac_auth_queue(void *data); | ||
30 | |||
31 | /* Queues an auth request to the desired AP */ | ||
32 | int | ||
33 | ieee80211softmac_auth_req(struct ieee80211softmac_device *mac, | ||
34 | struct ieee80211softmac_network *net) | ||
35 | { | ||
36 | struct ieee80211softmac_auth_queue_item *auth; | ||
37 | unsigned long flags; | ||
38 | |||
39 | if (net->authenticating) | ||
40 | return 0; | ||
41 | |||
42 | /* Add the network if it's not already added */ | ||
43 | ieee80211softmac_add_network(mac, net); | ||
44 | |||
45 | dprintk(KERN_NOTICE PFX "Queueing Authentication Request to "MAC_FMT"\n", MAC_ARG(net->bssid)); | ||
46 | /* Queue the auth request */ | ||
47 | auth = (struct ieee80211softmac_auth_queue_item *) | ||
48 | kmalloc(sizeof(struct ieee80211softmac_auth_queue_item), GFP_KERNEL); | ||
49 | if(auth == NULL) | ||
50 | return -ENOMEM; | ||
51 | |||
52 | auth->net = net; | ||
53 | auth->mac = mac; | ||
54 | auth->retry = IEEE80211SOFTMAC_AUTH_RETRY_LIMIT; | ||
55 | auth->state = IEEE80211SOFTMAC_AUTH_OPEN_REQUEST; | ||
56 | INIT_WORK(&auth->work, &ieee80211softmac_auth_queue, (void *)auth); | ||
57 | |||
58 | /* Lock (for list) */ | ||
59 | spin_lock_irqsave(&mac->lock, flags); | ||
60 | |||
61 | /* add to list */ | ||
62 | list_add_tail(&auth->list, &mac->auth_queue); | ||
63 | schedule_work(&auth->work); | ||
64 | spin_unlock_irqrestore(&mac->lock, flags); | ||
65 | |||
66 | return 0; | ||
67 | } | ||
68 | |||
69 | |||
70 | /* Sends an auth request to the desired AP and handles timeouts */ | ||
71 | static void | ||
72 | ieee80211softmac_auth_queue(void *data) | ||
73 | { | ||
74 | struct ieee80211softmac_device *mac; | ||
75 | struct ieee80211softmac_auth_queue_item *auth; | ||
76 | struct ieee80211softmac_network *net; | ||
77 | unsigned long flags; | ||
78 | |||
79 | auth = (struct ieee80211softmac_auth_queue_item *)data; | ||
80 | net = auth->net; | ||
81 | mac = auth->mac; | ||
82 | |||
83 | if(auth->retry > 0) { | ||
84 | /* Switch to correct channel for this network */ | ||
85 | mac->set_channel(mac->dev, net->channel); | ||
86 | |||
87 | /* Lock and set flags */ | ||
88 | spin_lock_irqsave(&mac->lock, flags); | ||
89 | net->authenticated = 0; | ||
90 | net->authenticating = 1; | ||
91 | /* add a timeout call so we eventually give up waiting for an auth reply */ | ||
92 | schedule_delayed_work(&auth->work, IEEE80211SOFTMAC_AUTH_TIMEOUT); | ||
93 | auth->retry--; | ||
94 | spin_unlock_irqrestore(&mac->lock, flags); | ||
95 | if (ieee80211softmac_send_mgt_frame(mac, auth->net, IEEE80211_STYPE_AUTH, auth->state)) | ||
96 | dprintk(KERN_NOTICE PFX "Sending Authentication Request to "MAC_FMT" failed (this shouldn't happen, wait for the timeout).\n", MAC_ARG(net->bssid)); | ||
97 | else | ||
98 | dprintk(KERN_NOTICE PFX "Sent Authentication Request to "MAC_FMT".\n", MAC_ARG(net->bssid)); | ||
99 | return; | ||
100 | } | ||
101 | |||
102 | printkl(KERN_WARNING PFX "Authentication timed out with "MAC_FMT"\n", MAC_ARG(net->bssid)); | ||
103 | /* Remove this item from the queue */ | ||
104 | spin_lock_irqsave(&mac->lock, flags); | ||
105 | ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_AUTH_TIMEOUT, net); | ||
106 | cancel_delayed_work(&auth->work); /* just to make sure... */ | ||
107 | list_del(&auth->list); | ||
108 | spin_unlock_irqrestore(&mac->lock, flags); | ||
109 | /* Free it */ | ||
110 | kfree(auth); | ||
111 | } | ||
112 | |||
113 | /* Handle the auth response from the AP | ||
114 | * This should be registered with ieee80211 as handle_auth | ||
115 | */ | ||
116 | int | ||
117 | ieee80211softmac_auth_resp(struct net_device *dev, struct ieee80211_auth *auth) | ||
118 | { | ||
119 | |||
120 | struct list_head *list_ptr; | ||
121 | struct ieee80211softmac_device *mac = ieee80211_priv(dev); | ||
122 | struct ieee80211softmac_auth_queue_item *aq = NULL; | ||
123 | struct ieee80211softmac_network *net = NULL; | ||
124 | unsigned long flags; | ||
125 | u8 * data; | ||
126 | |||
127 | /* Find correct auth queue item */ | ||
128 | spin_lock_irqsave(&mac->lock, flags); | ||
129 | list_for_each(list_ptr, &mac->auth_queue) { | ||
130 | aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list); | ||
131 | net = aq->net; | ||
132 | if (!memcmp(net->bssid, auth->header.addr2, ETH_ALEN)) | ||
133 | break; | ||
134 | else | ||
135 | aq = NULL; | ||
136 | } | ||
137 | spin_unlock_irqrestore(&mac->lock, flags); | ||
138 | |||
139 | /* Make sure that we've got an auth queue item for this request */ | ||
140 | if(aq == NULL) | ||
141 | { | ||
142 | printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but no queue item exists.\n", MAC_ARG(auth->header.addr2)); | ||
143 | /* Error #? */ | ||
144 | return -1; | ||
145 | } | ||
146 | |||
147 | /* Check for out of order authentication */ | ||
148 | if(!net->authenticating) | ||
149 | { | ||
150 | printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but did not request authentication.\n",MAC_ARG(auth->header.addr2)); | ||
151 | return -1; | ||
152 | } | ||
153 | |||
154 | /* Parse the auth packet */ | ||
155 | switch(auth->algorithm) { | ||
156 | case WLAN_AUTH_OPEN: | ||
157 | /* Check the status code of the response */ | ||
158 | |||
159 | switch(auth->status) { | ||
160 | case WLAN_STATUS_SUCCESS: | ||
161 | /* Update the status to Authenticated */ | ||
162 | spin_lock_irqsave(&mac->lock, flags); | ||
163 | net->authenticating = 0; | ||
164 | net->authenticated = 1; | ||
165 | spin_unlock_irqrestore(&mac->lock, flags); | ||
166 | |||
167 | /* Send event */ | ||
168 | printkl(KERN_NOTICE PFX "Open Authentication completed with "MAC_FMT"\n", MAC_ARG(net->bssid)); | ||
169 | ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_AUTHENTICATED, net); | ||
170 | break; | ||
171 | default: | ||
172 | /* Lock and reset flags */ | ||
173 | spin_lock_irqsave(&mac->lock, flags); | ||
174 | net->authenticated = 0; | ||
175 | net->authenticating = 0; | ||
176 | spin_unlock_irqrestore(&mac->lock, flags); | ||
177 | |||
178 | printkl(KERN_NOTICE PFX "Open Authentication with "MAC_FMT" failed, error code: %i\n", | ||
179 | MAC_ARG(net->bssid), le16_to_cpup(&auth->status)); | ||
180 | /* Count the error? */ | ||
181 | break; | ||
182 | } | ||
183 | goto free_aq; | ||
184 | break; | ||
185 | case WLAN_AUTH_SHARED_KEY: | ||
186 | /* Figure out where we are in the process */ | ||
187 | switch(auth->transaction) { | ||
188 | case IEEE80211SOFTMAC_AUTH_SHARED_CHALLENGE: | ||
189 | /* Check to make sure we have a challenge IE */ | ||
190 | data = (u8 *)auth->info_element; | ||
191 | if(*data++ != MFIE_TYPE_CHALLENGE){ | ||
192 | printkl(KERN_NOTICE PFX "Shared Key Authentication failed due to a missing challenge.\n"); | ||
193 | break; | ||
194 | } | ||
195 | /* Save the challenge */ | ||
196 | spin_lock_irqsave(&mac->lock, flags); | ||
197 | net->challenge_len = *data++; | ||
198 | if(net->challenge_len > WLAN_AUTH_CHALLENGE_LEN) | ||
199 | net->challenge_len = WLAN_AUTH_CHALLENGE_LEN; | ||
200 | if(net->challenge != NULL) | ||
201 | kfree(net->challenge); | ||
202 | net->challenge = kmalloc(net->challenge_len, GFP_ATOMIC); | ||
203 | memcpy(net->challenge, data, net->challenge_len); | ||
204 | aq->state = IEEE80211SOFTMAC_AUTH_SHARED_RESPONSE; | ||
205 | spin_unlock_irqrestore(&mac->lock, flags); | ||
206 | |||
207 | /* Switch to correct channel for this network */ | ||
208 | mac->set_channel(mac->dev, net->channel); | ||
209 | |||
210 | /* Send our response (How to encrypt?) */ | ||
211 | ieee80211softmac_send_mgt_frame(mac, aq->net, IEEE80211_STYPE_AUTH, aq->state); | ||
212 | break; | ||
213 | case IEEE80211SOFTMAC_AUTH_SHARED_PASS: | ||
214 | /* Check the status code of the response */ | ||
215 | switch(auth->status) { | ||
216 | case WLAN_STATUS_SUCCESS: | ||
217 | /* Update the status to Authenticated */ | ||
218 | spin_lock_irqsave(&mac->lock, flags); | ||
219 | net->authenticating = 0; | ||
220 | net->authenticated = 1; | ||
221 | spin_unlock_irqrestore(&mac->lock, flags); | ||
222 | printkl(KERN_NOTICE PFX "Shared Key Authentication completed with "MAC_FMT"\n", | ||
223 | MAC_ARG(net->bssid)); | ||
224 | break; | ||
225 | default: | ||
226 | printkl(KERN_NOTICE PFX "Shared Key Authentication with "MAC_FMT" failed, error code: %i\n", | ||
227 | MAC_ARG(net->bssid), le16_to_cpup(&auth->status)); | ||
228 | /* Lock and reset flags */ | ||
229 | spin_lock_irqsave(&mac->lock, flags); | ||
230 | net->authenticating = 0; | ||
231 | net->authenticated = 0; | ||
232 | spin_unlock_irqrestore(&mac->lock, flags); | ||
233 | /* Count the error? */ | ||
234 | break; | ||
235 | } | ||
236 | goto free_aq; | ||
237 | break; | ||
238 | default: | ||
239 | printkl(KERN_WARNING PFX "Unhandled Authentication Step: %i\n", auth->transaction); | ||
240 | break; | ||
241 | } | ||
242 | goto free_aq; | ||
243 | break; | ||
244 | default: | ||
245 | /* ERROR */ | ||
246 | goto free_aq; | ||
247 | break; | ||
248 | } | ||
249 | return 0; | ||
250 | free_aq: | ||
251 | /* Cancel the timeout */ | ||
252 | spin_lock_irqsave(&mac->lock, flags); | ||
253 | cancel_delayed_work(&aq->work); | ||
254 | /* Remove this item from the queue */ | ||
255 | list_del(&aq->list); | ||
256 | spin_unlock_irqrestore(&mac->lock, flags); | ||
257 | |||
258 | /* Free it */ | ||
259 | kfree(aq); | ||
260 | return 0; | ||
261 | } | ||
262 | |||
263 | /* | ||
264 | * Handle deauthorization | ||
265 | */ | ||
266 | static void | ||
267 | ieee80211softmac_deauth_from_net(struct ieee80211softmac_device *mac, | ||
268 | struct ieee80211softmac_network *net) | ||
269 | { | ||
270 | struct ieee80211softmac_auth_queue_item *aq = NULL; | ||
271 | struct list_head *list_ptr; | ||
272 | unsigned long flags; | ||
273 | |||
274 | /* Lock and reset status flags */ | ||
275 | spin_lock_irqsave(&mac->lock, flags); | ||
276 | net->authenticating = 0; | ||
277 | net->authenticated = 0; | ||
278 | |||
279 | /* Find correct auth queue item, if it exists */ | ||
280 | list_for_each(list_ptr, &mac->auth_queue) { | ||
281 | aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list); | ||
282 | if (!memcmp(net->bssid, aq->net->bssid, ETH_ALEN)) | ||
283 | break; | ||
284 | else | ||
285 | aq = NULL; | ||
286 | } | ||
287 | |||
288 | /* Cancel pending work */ | ||
289 | if(aq != NULL) | ||
290 | /* Not entirely safe? What about running work? */ | ||
291 | cancel_delayed_work(&aq->work); | ||
292 | |||
293 | /* Free our network ref */ | ||
294 | ieee80211softmac_del_network_locked(mac, net); | ||
295 | if(net->challenge != NULL) | ||
296 | kfree(net->challenge); | ||
297 | kfree(net); | ||
298 | |||
299 | /* can't transmit data right now... */ | ||
300 | netif_carrier_off(mac->dev); | ||
301 | /* let's try to re-associate */ | ||
302 | schedule_work(&mac->associnfo.work); | ||
303 | spin_unlock_irqrestore(&mac->lock, flags); | ||
304 | } | ||
305 | |||
306 | /* | ||
307 | * Sends a deauth request to the desired AP | ||
308 | */ | ||
309 | int | ||
310 | ieee80211softmac_deauth_req(struct ieee80211softmac_device *mac, | ||
311 | struct ieee80211softmac_network *net, int reason) | ||
312 | { | ||
313 | int ret; | ||
314 | |||
315 | /* Make sure the network is authenticated */ | ||
316 | if (!net->authenticated) | ||
317 | { | ||
318 | printkl(KERN_DEBUG PFX "Can't send deauthentication packet, network is not authenticated.\n"); | ||
319 | /* Error okay? */ | ||
320 | return -EPERM; | ||
321 | } | ||
322 | |||
323 | /* Send the de-auth packet */ | ||
324 | if((ret = ieee80211softmac_send_mgt_frame(mac, net, IEEE80211_STYPE_DEAUTH, reason))) | ||
325 | return ret; | ||
326 | |||
327 | ieee80211softmac_deauth_from_net(mac, net); | ||
328 | return 0; | ||
329 | } | ||
330 | |||
331 | /* | ||
332 | * This should be registered with ieee80211 as handle_deauth | ||
333 | */ | ||
334 | int | ||
335 | ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *deauth) | ||
336 | { | ||
337 | |||
338 | struct ieee80211softmac_network *net = NULL; | ||
339 | struct ieee80211softmac_device *mac = ieee80211_priv(dev); | ||
340 | |||
341 | if (!deauth) { | ||
342 | dprintk("deauth without deauth packet. eek!\n"); | ||
343 | return 0; | ||
344 | } | ||
345 | |||
346 | net = ieee80211softmac_get_network_by_bssid(mac, deauth->header.addr2); | ||
347 | |||
348 | if (net == NULL) { | ||
349 | printkl(KERN_DEBUG PFX "Received deauthentication packet from "MAC_FMT", but that network is unknown.\n", | ||
350 | MAC_ARG(deauth->header.addr2)); | ||
351 | return 0; | ||
352 | } | ||
353 | |||
354 | /* Make sure the network is authenticated */ | ||
355 | if(!net->authenticated) | ||
356 | { | ||
357 | printkl(KERN_DEBUG PFX "Can't perform deauthentication, network is not authenticated.\n"); | ||
358 | /* Error okay? */ | ||
359 | return -EPERM; | ||
360 | } | ||
361 | |||
362 | ieee80211softmac_deauth_from_net(mac, net); | ||
363 | return 0; | ||
364 | } | ||