Commit | Line | Data |
---|---|---|
4855d25b JB |
1 | /* |
2 | * This file contains the softmac's authentication logic. | |
3 | * | |
79859051 JB |
4 | * Copyright (c) 2005, 2006 Johannes Berg <johannes@sipsolutions.net> |
5 | * Joseph Jezak <josejx@gentoo.org> | |
6 | * Larry Finger <Larry.Finger@lwfinger.net> | |
7 | * Danny van Dyk <kugelfang@gentoo.org> | |
8 | * Michael Buesch <mbuesch@freenet.de> | |
4855d25b JB |
9 | * |
10 | * This program is free software; you can redistribute it and/or modify it | |
11 | * under the terms of version 2 of the GNU General Public License as | |
12 | * published by the Free Software Foundation. | |
13 | * | |
14 | * This program is distributed in the hope that it will be useful, but WITHOUT | |
15 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | |
17 | * more details. | |
18 | * | |
19 | * You should have received a copy of the GNU General Public License | |
20 | * along with this program; if not, write to the Free Software | |
21 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
22 | * | |
23 | * The full GNU General Public License is included in this distribution in the | |
24 | * file called COPYING. | |
25 | */ | |
26 | ||
370121e5 JB |
27 | #include "ieee80211softmac_priv.h" |
28 | ||
29 | static void ieee80211softmac_auth_queue(void *data); | |
30 | ||
31 | /* Queues an auth request to the desired AP */ | |
32 | int | |
33 | ieee80211softmac_auth_req(struct ieee80211softmac_device *mac, | |
34 | struct ieee80211softmac_network *net) | |
35 | { | |
36 | struct ieee80211softmac_auth_queue_item *auth; | |
37 | unsigned long flags; | |
38 | ||
370121e5 JB |
39 | if (net->authenticating) |
40 | return 0; | |
41 | ||
42 | /* Add the network if it's not already added */ | |
43 | ieee80211softmac_add_network(mac, net); | |
44 | ||
45 | dprintk(KERN_NOTICE PFX "Queueing Authentication Request to "MAC_FMT"\n", MAC_ARG(net->bssid)); | |
46 | /* Queue the auth request */ | |
47 | auth = (struct ieee80211softmac_auth_queue_item *) | |
48 | kmalloc(sizeof(struct ieee80211softmac_auth_queue_item), GFP_KERNEL); | |
49 | if(auth == NULL) | |
50 | return -ENOMEM; | |
51 | ||
52 | auth->net = net; | |
53 | auth->mac = mac; | |
54 | auth->retry = IEEE80211SOFTMAC_AUTH_RETRY_LIMIT; | |
55 | auth->state = IEEE80211SOFTMAC_AUTH_OPEN_REQUEST; | |
56 | INIT_WORK(&auth->work, &ieee80211softmac_auth_queue, (void *)auth); | |
57 | ||
58 | /* Lock (for list) */ | |
59 | spin_lock_irqsave(&mac->lock, flags); | |
60 | ||
61 | /* add to list */ | |
62 | list_add_tail(&auth->list, &mac->auth_queue); | |
5c4df6da | 63 | schedule_work(&auth->work); |
370121e5 JB |
64 | spin_unlock_irqrestore(&mac->lock, flags); |
65 | ||
66 | return 0; | |
67 | } | |
68 | ||
69 | ||
70 | /* Sends an auth request to the desired AP and handles timeouts */ | |
71 | static void | |
72 | ieee80211softmac_auth_queue(void *data) | |
73 | { | |
74 | struct ieee80211softmac_device *mac; | |
75 | struct ieee80211softmac_auth_queue_item *auth; | |
76 | struct ieee80211softmac_network *net; | |
77 | unsigned long flags; | |
78 | ||
370121e5 JB |
79 | auth = (struct ieee80211softmac_auth_queue_item *)data; |
80 | net = auth->net; | |
81 | mac = auth->mac; | |
82 | ||
83 | if(auth->retry > 0) { | |
84 | /* Switch to correct channel for this network */ | |
85 | mac->set_channel(mac->dev, net->channel); | |
86 | ||
87 | /* Lock and set flags */ | |
88 | spin_lock_irqsave(&mac->lock, flags); | |
d57336e3 DD |
89 | if (unlikely(!mac->running)) { |
90 | /* Prevent reschedule on workqueue flush */ | |
91 | spin_unlock_irqrestore(&mac->lock, flags); | |
92 | return; | |
93 | } | |
370121e5 JB |
94 | net->authenticated = 0; |
95 | net->authenticating = 1; | |
96 | /* add a timeout call so we eventually give up waiting for an auth reply */ | |
5c4df6da | 97 | schedule_delayed_work(&auth->work, IEEE80211SOFTMAC_AUTH_TIMEOUT); |
370121e5 JB |
98 | auth->retry--; |
99 | spin_unlock_irqrestore(&mac->lock, flags); | |
100 | if (ieee80211softmac_send_mgt_frame(mac, auth->net, IEEE80211_STYPE_AUTH, auth->state)) | |
101 | dprintk(KERN_NOTICE PFX "Sending Authentication Request to "MAC_FMT" failed (this shouldn't happen, wait for the timeout).\n", MAC_ARG(net->bssid)); | |
102 | else | |
103 | dprintk(KERN_NOTICE PFX "Sent Authentication Request to "MAC_FMT".\n", MAC_ARG(net->bssid)); | |
104 | return; | |
105 | } | |
106 | ||
107 | printkl(KERN_WARNING PFX "Authentication timed out with "MAC_FMT"\n", MAC_ARG(net->bssid)); | |
108 | /* Remove this item from the queue */ | |
109 | spin_lock_irqsave(&mac->lock, flags); | |
76ea4c7f | 110 | net->authenticating = 0; |
370121e5 JB |
111 | ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_AUTH_TIMEOUT, net); |
112 | cancel_delayed_work(&auth->work); /* just to make sure... */ | |
113 | list_del(&auth->list); | |
114 | spin_unlock_irqrestore(&mac->lock, flags); | |
115 | /* Free it */ | |
116 | kfree(auth); | |
117 | } | |
118 | ||
119 | /* Handle the auth response from the AP | |
120 | * This should be registered with ieee80211 as handle_auth | |
121 | */ | |
122 | int | |
123 | ieee80211softmac_auth_resp(struct net_device *dev, struct ieee80211_auth *auth) | |
124 | { | |
125 | ||
126 | struct list_head *list_ptr; | |
127 | struct ieee80211softmac_device *mac = ieee80211_priv(dev); | |
128 | struct ieee80211softmac_auth_queue_item *aq = NULL; | |
129 | struct ieee80211softmac_network *net = NULL; | |
130 | unsigned long flags; | |
131 | u8 * data; | |
132 | ||
d57336e3 DD |
133 | if (unlikely(!mac->running)) |
134 | return -ENODEV; | |
135 | ||
370121e5 JB |
136 | /* Find correct auth queue item */ |
137 | spin_lock_irqsave(&mac->lock, flags); | |
138 | list_for_each(list_ptr, &mac->auth_queue) { | |
139 | aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list); | |
140 | net = aq->net; | |
141 | if (!memcmp(net->bssid, auth->header.addr2, ETH_ALEN)) | |
142 | break; | |
143 | else | |
144 | aq = NULL; | |
145 | } | |
146 | spin_unlock_irqrestore(&mac->lock, flags); | |
147 | ||
148 | /* Make sure that we've got an auth queue item for this request */ | |
149 | if(aq == NULL) | |
150 | { | |
151 | printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but no queue item exists.\n", MAC_ARG(auth->header.addr2)); | |
152 | /* Error #? */ | |
153 | return -1; | |
154 | } | |
155 | ||
156 | /* Check for out of order authentication */ | |
157 | if(!net->authenticating) | |
158 | { | |
159 | printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but did not request authentication.\n",MAC_ARG(auth->header.addr2)); | |
160 | return -1; | |
161 | } | |
162 | ||
163 | /* Parse the auth packet */ | |
164 | switch(auth->algorithm) { | |
165 | case WLAN_AUTH_OPEN: | |
166 | /* Check the status code of the response */ | |
167 | ||
168 | switch(auth->status) { | |
169 | case WLAN_STATUS_SUCCESS: | |
170 | /* Update the status to Authenticated */ | |
171 | spin_lock_irqsave(&mac->lock, flags); | |
172 | net->authenticating = 0; | |
173 | net->authenticated = 1; | |
174 | spin_unlock_irqrestore(&mac->lock, flags); | |
175 | ||
176 | /* Send event */ | |
177 | printkl(KERN_NOTICE PFX "Open Authentication completed with "MAC_FMT"\n", MAC_ARG(net->bssid)); | |
178 | ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_AUTHENTICATED, net); | |
179 | break; | |
180 | default: | |
181 | /* Lock and reset flags */ | |
182 | spin_lock_irqsave(&mac->lock, flags); | |
183 | net->authenticated = 0; | |
184 | net->authenticating = 0; | |
185 | spin_unlock_irqrestore(&mac->lock, flags); | |
186 | ||
187 | printkl(KERN_NOTICE PFX "Open Authentication with "MAC_FMT" failed, error code: %i\n", | |
188 | MAC_ARG(net->bssid), le16_to_cpup(&auth->status)); | |
189 | /* Count the error? */ | |
190 | break; | |
191 | } | |
192 | goto free_aq; | |
193 | break; | |
194 | case WLAN_AUTH_SHARED_KEY: | |
195 | /* Figure out where we are in the process */ | |
196 | switch(auth->transaction) { | |
197 | case IEEE80211SOFTMAC_AUTH_SHARED_CHALLENGE: | |
198 | /* Check to make sure we have a challenge IE */ | |
199 | data = (u8 *)auth->info_element; | |
200 | if(*data++ != MFIE_TYPE_CHALLENGE){ | |
201 | printkl(KERN_NOTICE PFX "Shared Key Authentication failed due to a missing challenge.\n"); | |
202 | break; | |
203 | } | |
204 | /* Save the challenge */ | |
205 | spin_lock_irqsave(&mac->lock, flags); | |
206 | net->challenge_len = *data++; | |
207 | if(net->challenge_len > WLAN_AUTH_CHALLENGE_LEN) | |
208 | net->challenge_len = WLAN_AUTH_CHALLENGE_LEN; | |
209 | if(net->challenge != NULL) | |
210 | kfree(net->challenge); | |
211 | net->challenge = kmalloc(net->challenge_len, GFP_ATOMIC); | |
212 | memcpy(net->challenge, data, net->challenge_len); | |
213 | aq->state = IEEE80211SOFTMAC_AUTH_SHARED_RESPONSE; | |
214 | spin_unlock_irqrestore(&mac->lock, flags); | |
215 | ||
76ea4c7f | 216 | /* Send our response */ |
370121e5 | 217 | ieee80211softmac_send_mgt_frame(mac, aq->net, IEEE80211_STYPE_AUTH, aq->state); |
76ea4c7f | 218 | return 0; |
370121e5 | 219 | case IEEE80211SOFTMAC_AUTH_SHARED_PASS: |
76ea4c7f DD |
220 | kfree(net->challenge); |
221 | net->challenge = NULL; | |
222 | net->challenge_len = 0; | |
370121e5 JB |
223 | /* Check the status code of the response */ |
224 | switch(auth->status) { | |
225 | case WLAN_STATUS_SUCCESS: | |
226 | /* Update the status to Authenticated */ | |
227 | spin_lock_irqsave(&mac->lock, flags); | |
228 | net->authenticating = 0; | |
229 | net->authenticated = 1; | |
230 | spin_unlock_irqrestore(&mac->lock, flags); | |
231 | printkl(KERN_NOTICE PFX "Shared Key Authentication completed with "MAC_FMT"\n", | |
232 | MAC_ARG(net->bssid)); | |
76ea4c7f | 233 | ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_AUTHENTICATED, net); |
370121e5 JB |
234 | break; |
235 | default: | |
236 | printkl(KERN_NOTICE PFX "Shared Key Authentication with "MAC_FMT" failed, error code: %i\n", | |
237 | MAC_ARG(net->bssid), le16_to_cpup(&auth->status)); | |
238 | /* Lock and reset flags */ | |
239 | spin_lock_irqsave(&mac->lock, flags); | |
240 | net->authenticating = 0; | |
241 | net->authenticated = 0; | |
242 | spin_unlock_irqrestore(&mac->lock, flags); | |
243 | /* Count the error? */ | |
244 | break; | |
245 | } | |
246 | goto free_aq; | |
247 | break; | |
248 | default: | |
249 | printkl(KERN_WARNING PFX "Unhandled Authentication Step: %i\n", auth->transaction); | |
250 | break; | |
251 | } | |
252 | goto free_aq; | |
253 | break; | |
254 | default: | |
255 | /* ERROR */ | |
256 | goto free_aq; | |
257 | break; | |
258 | } | |
259 | return 0; | |
260 | free_aq: | |
261 | /* Cancel the timeout */ | |
262 | spin_lock_irqsave(&mac->lock, flags); | |
263 | cancel_delayed_work(&aq->work); | |
264 | /* Remove this item from the queue */ | |
265 | list_del(&aq->list); | |
266 | spin_unlock_irqrestore(&mac->lock, flags); | |
267 | ||
268 | /* Free it */ | |
269 | kfree(aq); | |
270 | return 0; | |
271 | } | |
272 | ||
273 | /* | |
274 | * Handle deauthorization | |
275 | */ | |
714e1a51 | 276 | static void |
370121e5 JB |
277 | ieee80211softmac_deauth_from_net(struct ieee80211softmac_device *mac, |
278 | struct ieee80211softmac_network *net) | |
279 | { | |
280 | struct ieee80211softmac_auth_queue_item *aq = NULL; | |
281 | struct list_head *list_ptr; | |
282 | unsigned long flags; | |
283 | ||
6d92f83f DD |
284 | /* deauthentication implies disassociation */ |
285 | ieee80211softmac_disassoc(mac); | |
286 | ||
370121e5 JB |
287 | /* Lock and reset status flags */ |
288 | spin_lock_irqsave(&mac->lock, flags); | |
289 | net->authenticating = 0; | |
290 | net->authenticated = 0; | |
291 | ||
292 | /* Find correct auth queue item, if it exists */ | |
293 | list_for_each(list_ptr, &mac->auth_queue) { | |
294 | aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list); | |
295 | if (!memcmp(net->bssid, aq->net->bssid, ETH_ALEN)) | |
296 | break; | |
297 | else | |
298 | aq = NULL; | |
299 | } | |
300 | ||
301 | /* Cancel pending work */ | |
302 | if(aq != NULL) | |
303 | /* Not entirely safe? What about running work? */ | |
304 | cancel_delayed_work(&aq->work); | |
305 | ||
306 | /* Free our network ref */ | |
307 | ieee80211softmac_del_network_locked(mac, net); | |
308 | if(net->challenge != NULL) | |
309 | kfree(net->challenge); | |
310 | kfree(net); | |
311 | ||
2dd50801 JB |
312 | /* can't transmit data right now... */ |
313 | netif_carrier_off(mac->dev); | |
370121e5 JB |
314 | spin_unlock_irqrestore(&mac->lock, flags); |
315 | } | |
316 | ||
317 | /* | |
318 | * Sends a deauth request to the desired AP | |
319 | */ | |
320 | int | |
321 | ieee80211softmac_deauth_req(struct ieee80211softmac_device *mac, | |
322 | struct ieee80211softmac_network *net, int reason) | |
323 | { | |
324 | int ret; | |
325 | ||
370121e5 JB |
326 | /* Make sure the network is authenticated */ |
327 | if (!net->authenticated) | |
328 | { | |
329 | printkl(KERN_DEBUG PFX "Can't send deauthentication packet, network is not authenticated.\n"); | |
330 | /* Error okay? */ | |
331 | return -EPERM; | |
332 | } | |
333 | ||
334 | /* Send the de-auth packet */ | |
335 | if((ret = ieee80211softmac_send_mgt_frame(mac, net, IEEE80211_STYPE_DEAUTH, reason))) | |
336 | return ret; | |
337 | ||
338 | ieee80211softmac_deauth_from_net(mac, net); | |
339 | return 0; | |
340 | } | |
341 | ||
342 | /* | |
343 | * This should be registered with ieee80211 as handle_deauth | |
344 | */ | |
345 | int | |
b10c991f | 346 | ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *deauth) |
370121e5 JB |
347 | { |
348 | ||
349 | struct ieee80211softmac_network *net = NULL; | |
350 | struct ieee80211softmac_device *mac = ieee80211_priv(dev); | |
351 | ||
d57336e3 DD |
352 | if (unlikely(!mac->running)) |
353 | return -ENODEV; | |
354 | ||
b10c991f | 355 | if (!deauth) { |
370121e5 JB |
356 | dprintk("deauth without deauth packet. eek!\n"); |
357 | return 0; | |
358 | } | |
359 | ||
b10c991f | 360 | net = ieee80211softmac_get_network_by_bssid(mac, deauth->header.addr2); |
370121e5 JB |
361 | |
362 | if (net == NULL) { | |
f484d582 | 363 | printkl(KERN_DEBUG PFX "Received deauthentication packet from "MAC_FMT", but that network is unknown.\n", |
b10c991f | 364 | MAC_ARG(deauth->header.addr2)); |
370121e5 JB |
365 | return 0; |
366 | } | |
367 | ||
368 | /* Make sure the network is authenticated */ | |
369 | if(!net->authenticated) | |
370 | { | |
371 | printkl(KERN_DEBUG PFX "Can't perform deauthentication, network is not authenticated.\n"); | |
372 | /* Error okay? */ | |
373 | return -EPERM; | |
374 | } | |
375 | ||
376 | ieee80211softmac_deauth_from_net(mac, net); | |
995c9926 DD |
377 | |
378 | /* let's try to re-associate */ | |
379 | schedule_work(&mac->associnfo.work); | |
370121e5 JB |
380 | return 0; |
381 | } |