android_kernel_motorola_sm6225/net/ieee80211/softmac/ieee80211softmac_auth.c
Daniel Drake 345f6b8beb [PATCH] softmac: do shared key auth in workqueue
Johann Uhrmann reported a bcm43xx crash and Michael Buesch tracked
it down to a problem with the new shared key auth code (recursive
calls into the driver)

This patch (effectively Michael's patch with a couple of small
modifications) solves the problem by sending the authentication
challenge response frame from a workqueue entry.

I also removed a lone \n from the bcm43xx messages relating to
authentication mode - this small change was previously discussed but
not patched in.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-07-27 14:37:30 -04:00

397 lines
12 KiB
C

/*
* This file contains the softmac's authentication logic.
*
* Copyright (c) 2005, 2006 Johannes Berg <johannes@sipsolutions.net>
* Joseph Jezak <josejx@gentoo.org>
* Larry Finger <Larry.Finger@lwfinger.net>
* Danny van Dyk <kugelfang@gentoo.org>
* Michael Buesch <mbuesch@freenet.de>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of version 2 of the GNU General Public License as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* The full GNU General Public License is included in this distribution in the
* file called COPYING.
*/
#include "ieee80211softmac_priv.h"
static void ieee80211softmac_auth_queue(void *data);
/* Queues an auth request to the desired AP */
int
ieee80211softmac_auth_req(struct ieee80211softmac_device *mac,
struct ieee80211softmac_network *net)
{
struct ieee80211softmac_auth_queue_item *auth;
unsigned long flags;
if (net->authenticating || net->authenticated)
return 0;
net->authenticating = 1;
/* Add the network if it's not already added */
ieee80211softmac_add_network(mac, net);
dprintk(KERN_NOTICE PFX "Queueing Authentication Request to "MAC_FMT"\n", MAC_ARG(net->bssid));
/* Queue the auth request */
auth = (struct ieee80211softmac_auth_queue_item *)
kmalloc(sizeof(struct ieee80211softmac_auth_queue_item), GFP_KERNEL);
if(auth == NULL)
return -ENOMEM;
auth->net = net;
auth->mac = mac;
auth->retry = IEEE80211SOFTMAC_AUTH_RETRY_LIMIT;
auth->state = IEEE80211SOFTMAC_AUTH_OPEN_REQUEST;
INIT_WORK(&auth->work, &ieee80211softmac_auth_queue, (void *)auth);
/* Lock (for list) */
spin_lock_irqsave(&mac->lock, flags);
/* add to list */
list_add_tail(&auth->list, &mac->auth_queue);
schedule_work(&auth->work);
spin_unlock_irqrestore(&mac->lock, flags);
return 0;
}
/* Sends an auth request to the desired AP and handles timeouts */
static void
ieee80211softmac_auth_queue(void *data)
{
struct ieee80211softmac_device *mac;
struct ieee80211softmac_auth_queue_item *auth;
struct ieee80211softmac_network *net;
unsigned long flags;
auth = (struct ieee80211softmac_auth_queue_item *)data;
net = auth->net;
mac = auth->mac;
if(auth->retry > 0) {
/* Switch to correct channel for this network */
mac->set_channel(mac->dev, net->channel);
/* Lock and set flags */
spin_lock_irqsave(&mac->lock, flags);
if (unlikely(!mac->running)) {
/* Prevent reschedule on workqueue flush */
spin_unlock_irqrestore(&mac->lock, flags);
return;
}
net->authenticated = 0;
/* add a timeout call so we eventually give up waiting for an auth reply */
schedule_delayed_work(&auth->work, IEEE80211SOFTMAC_AUTH_TIMEOUT);
auth->retry--;
spin_unlock_irqrestore(&mac->lock, flags);
if (ieee80211softmac_send_mgt_frame(mac, auth->net, IEEE80211_STYPE_AUTH, auth->state))
dprintk(KERN_NOTICE PFX "Sending Authentication Request to "MAC_FMT" failed (this shouldn't happen, wait for the timeout).\n", MAC_ARG(net->bssid));
else
dprintk(KERN_NOTICE PFX "Sent Authentication Request to "MAC_FMT".\n", MAC_ARG(net->bssid));
return;
}
printkl(KERN_WARNING PFX "Authentication timed out with "MAC_FMT"\n", MAC_ARG(net->bssid));
/* Remove this item from the queue */
spin_lock_irqsave(&mac->lock, flags);
net->authenticating = 0;
ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_AUTH_TIMEOUT, net);
cancel_delayed_work(&auth->work); /* just to make sure... */
list_del(&auth->list);
spin_unlock_irqrestore(&mac->lock, flags);
/* Free it */
kfree(auth);
}
/* Sends a response to an auth challenge (for shared key auth). */
static void
ieee80211softmac_auth_challenge_response(void *_aq)
{
struct ieee80211softmac_auth_queue_item *aq = _aq;
/* Send our response */
ieee80211softmac_send_mgt_frame(aq->mac, aq->net, IEEE80211_STYPE_AUTH, aq->state);
}
/* Handle the auth response from the AP
* This should be registered with ieee80211 as handle_auth
*/
int
ieee80211softmac_auth_resp(struct net_device *dev, struct ieee80211_auth *auth)
{
struct list_head *list_ptr;
struct ieee80211softmac_device *mac = ieee80211_priv(dev);
struct ieee80211softmac_auth_queue_item *aq = NULL;
struct ieee80211softmac_network *net = NULL;
unsigned long flags;
u8 * data;
if (unlikely(!mac->running))
return -ENODEV;
/* Find correct auth queue item */
spin_lock_irqsave(&mac->lock, flags);
list_for_each(list_ptr, &mac->auth_queue) {
aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list);
net = aq->net;
if (!memcmp(net->bssid, auth->header.addr2, ETH_ALEN))
break;
else
aq = NULL;
}
spin_unlock_irqrestore(&mac->lock, flags);
/* Make sure that we've got an auth queue item for this request */
if(aq == NULL)
{
printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but no queue item exists.\n", MAC_ARG(auth->header.addr2));
/* Error #? */
return -1;
}
/* Check for out of order authentication */
if(!net->authenticating)
{
printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but did not request authentication.\n",MAC_ARG(auth->header.addr2));
return -1;
}
/* Parse the auth packet */
switch(auth->algorithm) {
case WLAN_AUTH_OPEN:
/* Check the status code of the response */
switch(auth->status) {
case WLAN_STATUS_SUCCESS:
/* Update the status to Authenticated */
spin_lock_irqsave(&mac->lock, flags);
net->authenticating = 0;
net->authenticated = 1;
spin_unlock_irqrestore(&mac->lock, flags);
/* Send event */
printkl(KERN_NOTICE PFX "Open Authentication completed with "MAC_FMT"\n", MAC_ARG(net->bssid));
ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_AUTHENTICATED, net);
break;
default:
/* Lock and reset flags */
spin_lock_irqsave(&mac->lock, flags);
net->authenticated = 0;
net->authenticating = 0;
spin_unlock_irqrestore(&mac->lock, flags);
printkl(KERN_NOTICE PFX "Open Authentication with "MAC_FMT" failed, error code: %i\n",
MAC_ARG(net->bssid), le16_to_cpup(&auth->status));
/* Count the error? */
break;
}
goto free_aq;
break;
case WLAN_AUTH_SHARED_KEY:
/* Figure out where we are in the process */
switch(auth->transaction) {
case IEEE80211SOFTMAC_AUTH_SHARED_CHALLENGE:
/* Check to make sure we have a challenge IE */
data = (u8 *)auth->info_element;
if (*data++ != MFIE_TYPE_CHALLENGE) {
printkl(KERN_NOTICE PFX "Shared Key Authentication failed due to a missing challenge.\n");
break;
}
/* Save the challenge */
spin_lock_irqsave(&mac->lock, flags);
net->challenge_len = *data++;
if (net->challenge_len > WLAN_AUTH_CHALLENGE_LEN)
net->challenge_len = WLAN_AUTH_CHALLENGE_LEN;
if (net->challenge != NULL)
kfree(net->challenge);
net->challenge = kmalloc(net->challenge_len, GFP_ATOMIC);
memcpy(net->challenge, data, net->challenge_len);
aq->state = IEEE80211SOFTMAC_AUTH_SHARED_RESPONSE;
/* We reuse the work struct from the auth request here.
* It is safe to do so as each one is per-request, and
* at this point (dealing with authentication response)
* we have obviously already sent the initial auth
* request. */
cancel_delayed_work(&aq->work);
INIT_WORK(&aq->work, &ieee80211softmac_auth_challenge_response, (void *)aq);
schedule_work(&aq->work);
spin_unlock_irqrestore(&mac->lock, flags);
return 0;
case IEEE80211SOFTMAC_AUTH_SHARED_PASS:
kfree(net->challenge);
net->challenge = NULL;
net->challenge_len = 0;
/* Check the status code of the response */
switch(auth->status) {
case WLAN_STATUS_SUCCESS:
/* Update the status to Authenticated */
spin_lock_irqsave(&mac->lock, flags);
net->authenticating = 0;
net->authenticated = 1;
spin_unlock_irqrestore(&mac->lock, flags);
printkl(KERN_NOTICE PFX "Shared Key Authentication completed with "MAC_FMT"\n",
MAC_ARG(net->bssid));
ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_AUTHENTICATED, net);
break;
default:
printkl(KERN_NOTICE PFX "Shared Key Authentication with "MAC_FMT" failed, error code: %i\n",
MAC_ARG(net->bssid), le16_to_cpup(&auth->status));
/* Lock and reset flags */
spin_lock_irqsave(&mac->lock, flags);
net->authenticating = 0;
net->authenticated = 0;
spin_unlock_irqrestore(&mac->lock, flags);
/* Count the error? */
break;
}
goto free_aq;
break;
default:
printkl(KERN_WARNING PFX "Unhandled Authentication Step: %i\n", auth->transaction);
break;
}
goto free_aq;
break;
default:
/* ERROR */
goto free_aq;
break;
}
return 0;
free_aq:
/* Cancel the timeout */
spin_lock_irqsave(&mac->lock, flags);
cancel_delayed_work(&aq->work);
/* Remove this item from the queue */
list_del(&aq->list);
spin_unlock_irqrestore(&mac->lock, flags);
/* Free it */
kfree(aq);
return 0;
}
/*
* Handle deauthorization
*/
static void
ieee80211softmac_deauth_from_net(struct ieee80211softmac_device *mac,
struct ieee80211softmac_network *net)
{
struct ieee80211softmac_auth_queue_item *aq = NULL;
struct list_head *list_ptr;
unsigned long flags;
/* deauthentication implies disassociation */
ieee80211softmac_disassoc(mac);
/* Lock and reset status flags */
spin_lock_irqsave(&mac->lock, flags);
net->authenticating = 0;
net->authenticated = 0;
/* Find correct auth queue item, if it exists */
list_for_each(list_ptr, &mac->auth_queue) {
aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list);
if (!memcmp(net->bssid, aq->net->bssid, ETH_ALEN))
break;
else
aq = NULL;
}
/* Cancel pending work */
if(aq != NULL)
/* Not entirely safe? What about running work? */
cancel_delayed_work(&aq->work);
/* Free our network ref */
ieee80211softmac_del_network_locked(mac, net);
if(net->challenge != NULL)
kfree(net->challenge);
kfree(net);
/* can't transmit data right now... */
netif_carrier_off(mac->dev);
spin_unlock_irqrestore(&mac->lock, flags);
}
/*
* Sends a deauth request to the desired AP
*/
int
ieee80211softmac_deauth_req(struct ieee80211softmac_device *mac,
struct ieee80211softmac_network *net, int reason)
{
int ret;
/* Make sure the network is authenticated */
if (!net->authenticated)
{
printkl(KERN_DEBUG PFX "Can't send deauthentication packet, network is not authenticated.\n");
/* Error okay? */
return -EPERM;
}
/* Send the de-auth packet */
if((ret = ieee80211softmac_send_mgt_frame(mac, net, IEEE80211_STYPE_DEAUTH, reason)))
return ret;
ieee80211softmac_deauth_from_net(mac, net);
return 0;
}
/*
* This should be registered with ieee80211 as handle_deauth
*/
int
ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *deauth)
{
struct ieee80211softmac_network *net = NULL;
struct ieee80211softmac_device *mac = ieee80211_priv(dev);
if (unlikely(!mac->running))
return -ENODEV;
if (!deauth) {
dprintk("deauth without deauth packet. eek!\n");
return 0;
}
net = ieee80211softmac_get_network_by_bssid(mac, deauth->header.addr2);
if (net == NULL) {
printkl(KERN_DEBUG PFX "Received deauthentication packet from "MAC_FMT", but that network is unknown.\n",
MAC_ARG(deauth->header.addr2));
return 0;
}
/* Make sure the network is authenticated */
if(!net->authenticated)
{
printkl(KERN_DEBUG PFX "Can't perform deauthentication, network is not authenticated.\n");
/* Error okay? */
return -EPERM;
}
ieee80211softmac_deauth_from_net(mac, net);
/* let's try to re-associate */
schedule_work(&mac->associnfo.work);
return 0;
}