Add new wpa_supplicant driver op for setting 802.1X port status

This can be used with drivers that implement PAE to control whether
normal data frames (non-EAPOL) are allowed.
This commit is contained in:
Jouni Malinen 2009-04-22 16:01:37 +03:00 committed by Jouni Malinen
parent f55802e8bf
commit 4bc181ecc7
6 changed files with 61 additions and 1 deletions

View file

@ -1333,6 +1333,14 @@ struct wpa_driver_ops {
const u8 *ie, size_t len); const u8 *ie, size_t len);
int (*set_wps_probe_resp_ie)(const char *ifname, void *priv, int (*set_wps_probe_resp_ie)(const char *ifname, void *priv,
const u8 *ie, size_t len); const u8 *ie, size_t len);
/**
* set_supp_port - Set IEEE 802.1X Supplicant Port status
* @priv: Private driver interface data
* @authorized: Whether the port is authorized
* Returns: 0 on success, -1 on failure
*/
int (*set_supp_port)(void *priv, int authorized);
}; };
/** /**

View file

@ -3264,5 +3264,6 @@ const struct wpa_driver_ops wpa_driver_ndis_ops = {
NULL /* set_radius_acl_expire */, NULL /* set_radius_acl_expire */,
NULL /* set_ht_params */, NULL /* set_ht_params */,
NULL /* set_wps_beacon_ie */, NULL /* set_wps_beacon_ie */,
NULL /* set_wps_probe_resp_ie */ NULL /* set_wps_probe_resp_ie */,
NULL /* set_supp_port */
}; };

View file

@ -193,6 +193,8 @@ static void eapol_sm_txSuppRsp(struct eapol_sm *sm);
static void eapol_sm_abortSupp(struct eapol_sm *sm); static void eapol_sm_abortSupp(struct eapol_sm *sm);
static void eapol_sm_abort_cached(struct eapol_sm *sm); static void eapol_sm_abort_cached(struct eapol_sm *sm);
static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx); static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx);
static void eapol_sm_set_port_authorized(struct eapol_sm *sm);
static void eapol_sm_set_port_unauthorized(struct eapol_sm *sm);
/* Port Timers state machine - implemented as a function that will be called /* Port Timers state machine - implemented as a function that will be called
@ -250,6 +252,7 @@ SM_STATE(SUPP_PAE, LOGOFF)
eapol_sm_txLogoff(sm); eapol_sm_txLogoff(sm);
sm->logoffSent = TRUE; sm->logoffSent = TRUE;
sm->suppPortStatus = Unauthorized; sm->suppPortStatus = Unauthorized;
eapol_sm_set_port_unauthorized(sm);
} }
@ -260,6 +263,7 @@ SM_STATE(SUPP_PAE, DISCONNECTED)
sm->startCount = 0; sm->startCount = 0;
sm->logoffSent = FALSE; sm->logoffSent = FALSE;
sm->suppPortStatus = Unauthorized; sm->suppPortStatus = Unauthorized;
eapol_sm_set_port_unauthorized(sm);
sm->suppAbort = TRUE; sm->suppAbort = TRUE;
sm->unicast_key_received = FALSE; sm->unicast_key_received = FALSE;
@ -315,6 +319,7 @@ SM_STATE(SUPP_PAE, HELD)
sm->heldWhile = sm->heldPeriod; sm->heldWhile = sm->heldPeriod;
eapol_enable_timer_tick(sm); eapol_enable_timer_tick(sm);
sm->suppPortStatus = Unauthorized; sm->suppPortStatus = Unauthorized;
eapol_sm_set_port_unauthorized(sm);
sm->cb_status = EAPOL_CB_FAILURE; sm->cb_status = EAPOL_CB_FAILURE;
} }
@ -323,6 +328,7 @@ SM_STATE(SUPP_PAE, AUTHENTICATED)
{ {
SM_ENTRY(SUPP_PAE, AUTHENTICATED); SM_ENTRY(SUPP_PAE, AUTHENTICATED);
sm->suppPortStatus = Authorized; sm->suppPortStatus = Authorized;
eapol_sm_set_port_authorized(sm);
sm->cb_status = EAPOL_CB_SUCCESS; sm->cb_status = EAPOL_CB_SUCCESS;
} }
@ -338,6 +344,7 @@ SM_STATE(SUPP_PAE, S_FORCE_AUTH)
{ {
SM_ENTRY(SUPP_PAE, S_FORCE_AUTH); SM_ENTRY(SUPP_PAE, S_FORCE_AUTH);
sm->suppPortStatus = Authorized; sm->suppPortStatus = Authorized;
eapol_sm_set_port_authorized(sm);
sm->sPortMode = ForceAuthorized; sm->sPortMode = ForceAuthorized;
} }
@ -346,6 +353,7 @@ SM_STATE(SUPP_PAE, S_FORCE_UNAUTH)
{ {
SM_ENTRY(SUPP_PAE, S_FORCE_UNAUTH); SM_ENTRY(SUPP_PAE, S_FORCE_UNAUTH);
sm->suppPortStatus = Unauthorized; sm->suppPortStatus = Unauthorized;
eapol_sm_set_port_unauthorized(sm);
sm->sPortMode = ForceUnauthorized; sm->sPortMode = ForceUnauthorized;
eapol_sm_txLogoff(sm); eapol_sm_txLogoff(sm);
} }
@ -862,6 +870,20 @@ static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx)
} }
static void eapol_sm_set_port_authorized(struct eapol_sm *sm)
{
if (sm->ctx->port_cb)
sm->ctx->port_cb(sm->ctx->ctx, 1);
}
static void eapol_sm_set_port_unauthorized(struct eapol_sm *sm)
{
if (sm->ctx->port_cb)
sm->ctx->port_cb(sm->ctx->ctx, 0);
}
/** /**
* eapol_sm_step - EAPOL state machine step function * eapol_sm_step - EAPOL state machine step function
* @sm: Pointer to EAPOL state machine allocated with eapol_sm_init() * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
@ -1456,6 +1478,7 @@ void eapol_sm_notify_cached(struct eapol_sm *sm)
wpa_printf(MSG_DEBUG, "EAPOL: PMKSA caching was used - skip EAPOL"); wpa_printf(MSG_DEBUG, "EAPOL: PMKSA caching was used - skip EAPOL");
sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED; sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED;
sm->suppPortStatus = Authorized; sm->suppPortStatus = Authorized;
eapol_sm_set_port_authorized(sm);
sm->portValid = TRUE; sm->portValid = TRUE;
eap_notify_success(sm->eap); eap_notify_success(sm->eap);
eapol_sm_step(sm); eapol_sm_step(sm);
@ -1492,6 +1515,7 @@ static void eapol_sm_abort_cached(struct eapol_sm *sm)
sm->cached_pmk = FALSE; sm->cached_pmk = FALSE;
sm->SUPP_PAE_state = SUPP_PAE_CONNECTING; sm->SUPP_PAE_state = SUPP_PAE_CONNECTING;
sm->suppPortStatus = Unauthorized; sm->suppPortStatus = Unauthorized;
eapol_sm_set_port_unauthorized(sm);
/* Make sure we do not start sending EAPOL-Start frames first, but /* Make sure we do not start sending EAPOL-Start frames first, but
* instead move to RESTART state to start EAPOL authentication. */ * instead move to RESTART state to start EAPOL authentication. */

View file

@ -215,6 +215,13 @@ struct eapol_ctx {
*/ */
void (*eap_param_needed)(void *ctx, const char *field, void (*eap_param_needed)(void *ctx, const char *field,
const char *txt); const char *txt);
/**
* port_cb - Set port authorized/unauthorized callback (optional)
* @ctx: Callback context (ctx)
* @authorized: Whether the supplicant port is now in authorized state
*/
void (*port_cb)(void *ctx, int authorized);
}; };

View file

@ -438,4 +438,14 @@ static inline int wpa_drv_sta_set_flags(struct wpa_supplicant *wpa_s,
return -1; return -1;
} }
static inline int wpa_drv_set_supp_port(struct wpa_supplicant *wpa_s,
int authorized)
{
if (wpa_s->driver->set_supp_port) {
return wpa_s->driver->set_supp_port(wpa_s->drv_priv,
authorized);
}
return 0;
}
#endif /* DRIVER_I_H */ #endif /* DRIVER_I_H */

View file

@ -537,6 +537,15 @@ static void wpa_supplicant_eap_param_needed(void *ctx, const char *field,
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
static void wpa_supplicant_port_cb(void *ctx, int authorized)
{
struct wpa_supplicant *wpa_s = ctx;
wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s",
authorized ? "Authorized" : "Unauthorized");
wpa_drv_set_supp_port(wpa_s, authorized);
}
int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s) int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
{ {
#ifdef IEEE8021X_EAPOL #ifdef IEEE8021X_EAPOL
@ -564,6 +573,7 @@ int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
#endif /* EAP_TLS_OPENSSL */ #endif /* EAP_TLS_OPENSSL */
ctx->wps = wpa_s->wps; ctx->wps = wpa_s->wps;
ctx->eap_param_needed = wpa_supplicant_eap_param_needed; ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
ctx->port_cb = wpa_supplicant_port_cb;
ctx->cb = wpa_supplicant_eapol_cb; ctx->cb = wpa_supplicant_eapol_cb;
ctx->cb_ctx = wpa_s; ctx->cb_ctx = wpa_s;
wpa_s->eapol = eapol_sm_init(ctx); wpa_s->eapol = eapol_sm_init(ctx);