Add new wpa_supplicant driver op for setting 802.1X port status
This can be used with drivers that implement PAE to control whether normal data frames (non-EAPOL) are allowed.
This commit is contained in:
parent
f55802e8bf
commit
4bc181ecc7
6 changed files with 61 additions and 1 deletions
|
@ -1333,6 +1333,14 @@ struct wpa_driver_ops {
|
||||||
const u8 *ie, size_t len);
|
const u8 *ie, size_t len);
|
||||||
int (*set_wps_probe_resp_ie)(const char *ifname, void *priv,
|
int (*set_wps_probe_resp_ie)(const char *ifname, void *priv,
|
||||||
const u8 *ie, size_t len);
|
const u8 *ie, size_t len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* set_supp_port - Set IEEE 802.1X Supplicant Port status
|
||||||
|
* @priv: Private driver interface data
|
||||||
|
* @authorized: Whether the port is authorized
|
||||||
|
* Returns: 0 on success, -1 on failure
|
||||||
|
*/
|
||||||
|
int (*set_supp_port)(void *priv, int authorized);
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -3264,5 +3264,6 @@ const struct wpa_driver_ops wpa_driver_ndis_ops = {
|
||||||
NULL /* set_radius_acl_expire */,
|
NULL /* set_radius_acl_expire */,
|
||||||
NULL /* set_ht_params */,
|
NULL /* set_ht_params */,
|
||||||
NULL /* set_wps_beacon_ie */,
|
NULL /* set_wps_beacon_ie */,
|
||||||
NULL /* set_wps_probe_resp_ie */
|
NULL /* set_wps_probe_resp_ie */,
|
||||||
|
NULL /* set_supp_port */
|
||||||
};
|
};
|
||||||
|
|
|
@ -193,6 +193,8 @@ static void eapol_sm_txSuppRsp(struct eapol_sm *sm);
|
||||||
static void eapol_sm_abortSupp(struct eapol_sm *sm);
|
static void eapol_sm_abortSupp(struct eapol_sm *sm);
|
||||||
static void eapol_sm_abort_cached(struct eapol_sm *sm);
|
static void eapol_sm_abort_cached(struct eapol_sm *sm);
|
||||||
static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx);
|
static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx);
|
||||||
|
static void eapol_sm_set_port_authorized(struct eapol_sm *sm);
|
||||||
|
static void eapol_sm_set_port_unauthorized(struct eapol_sm *sm);
|
||||||
|
|
||||||
|
|
||||||
/* Port Timers state machine - implemented as a function that will be called
|
/* Port Timers state machine - implemented as a function that will be called
|
||||||
|
@ -250,6 +252,7 @@ SM_STATE(SUPP_PAE, LOGOFF)
|
||||||
eapol_sm_txLogoff(sm);
|
eapol_sm_txLogoff(sm);
|
||||||
sm->logoffSent = TRUE;
|
sm->logoffSent = TRUE;
|
||||||
sm->suppPortStatus = Unauthorized;
|
sm->suppPortStatus = Unauthorized;
|
||||||
|
eapol_sm_set_port_unauthorized(sm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -260,6 +263,7 @@ SM_STATE(SUPP_PAE, DISCONNECTED)
|
||||||
sm->startCount = 0;
|
sm->startCount = 0;
|
||||||
sm->logoffSent = FALSE;
|
sm->logoffSent = FALSE;
|
||||||
sm->suppPortStatus = Unauthorized;
|
sm->suppPortStatus = Unauthorized;
|
||||||
|
eapol_sm_set_port_unauthorized(sm);
|
||||||
sm->suppAbort = TRUE;
|
sm->suppAbort = TRUE;
|
||||||
|
|
||||||
sm->unicast_key_received = FALSE;
|
sm->unicast_key_received = FALSE;
|
||||||
|
@ -315,6 +319,7 @@ SM_STATE(SUPP_PAE, HELD)
|
||||||
sm->heldWhile = sm->heldPeriod;
|
sm->heldWhile = sm->heldPeriod;
|
||||||
eapol_enable_timer_tick(sm);
|
eapol_enable_timer_tick(sm);
|
||||||
sm->suppPortStatus = Unauthorized;
|
sm->suppPortStatus = Unauthorized;
|
||||||
|
eapol_sm_set_port_unauthorized(sm);
|
||||||
sm->cb_status = EAPOL_CB_FAILURE;
|
sm->cb_status = EAPOL_CB_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -323,6 +328,7 @@ SM_STATE(SUPP_PAE, AUTHENTICATED)
|
||||||
{
|
{
|
||||||
SM_ENTRY(SUPP_PAE, AUTHENTICATED);
|
SM_ENTRY(SUPP_PAE, AUTHENTICATED);
|
||||||
sm->suppPortStatus = Authorized;
|
sm->suppPortStatus = Authorized;
|
||||||
|
eapol_sm_set_port_authorized(sm);
|
||||||
sm->cb_status = EAPOL_CB_SUCCESS;
|
sm->cb_status = EAPOL_CB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -338,6 +344,7 @@ SM_STATE(SUPP_PAE, S_FORCE_AUTH)
|
||||||
{
|
{
|
||||||
SM_ENTRY(SUPP_PAE, S_FORCE_AUTH);
|
SM_ENTRY(SUPP_PAE, S_FORCE_AUTH);
|
||||||
sm->suppPortStatus = Authorized;
|
sm->suppPortStatus = Authorized;
|
||||||
|
eapol_sm_set_port_authorized(sm);
|
||||||
sm->sPortMode = ForceAuthorized;
|
sm->sPortMode = ForceAuthorized;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -346,6 +353,7 @@ SM_STATE(SUPP_PAE, S_FORCE_UNAUTH)
|
||||||
{
|
{
|
||||||
SM_ENTRY(SUPP_PAE, S_FORCE_UNAUTH);
|
SM_ENTRY(SUPP_PAE, S_FORCE_UNAUTH);
|
||||||
sm->suppPortStatus = Unauthorized;
|
sm->suppPortStatus = Unauthorized;
|
||||||
|
eapol_sm_set_port_unauthorized(sm);
|
||||||
sm->sPortMode = ForceUnauthorized;
|
sm->sPortMode = ForceUnauthorized;
|
||||||
eapol_sm_txLogoff(sm);
|
eapol_sm_txLogoff(sm);
|
||||||
}
|
}
|
||||||
|
@ -862,6 +870,20 @@ static void eapol_sm_step_timeout(void *eloop_ctx, void *timeout_ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void eapol_sm_set_port_authorized(struct eapol_sm *sm)
|
||||||
|
{
|
||||||
|
if (sm->ctx->port_cb)
|
||||||
|
sm->ctx->port_cb(sm->ctx->ctx, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void eapol_sm_set_port_unauthorized(struct eapol_sm *sm)
|
||||||
|
{
|
||||||
|
if (sm->ctx->port_cb)
|
||||||
|
sm->ctx->port_cb(sm->ctx->ctx, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* eapol_sm_step - EAPOL state machine step function
|
* eapol_sm_step - EAPOL state machine step function
|
||||||
* @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
|
* @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
|
||||||
|
@ -1456,6 +1478,7 @@ void eapol_sm_notify_cached(struct eapol_sm *sm)
|
||||||
wpa_printf(MSG_DEBUG, "EAPOL: PMKSA caching was used - skip EAPOL");
|
wpa_printf(MSG_DEBUG, "EAPOL: PMKSA caching was used - skip EAPOL");
|
||||||
sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED;
|
sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED;
|
||||||
sm->suppPortStatus = Authorized;
|
sm->suppPortStatus = Authorized;
|
||||||
|
eapol_sm_set_port_authorized(sm);
|
||||||
sm->portValid = TRUE;
|
sm->portValid = TRUE;
|
||||||
eap_notify_success(sm->eap);
|
eap_notify_success(sm->eap);
|
||||||
eapol_sm_step(sm);
|
eapol_sm_step(sm);
|
||||||
|
@ -1492,6 +1515,7 @@ static void eapol_sm_abort_cached(struct eapol_sm *sm)
|
||||||
sm->cached_pmk = FALSE;
|
sm->cached_pmk = FALSE;
|
||||||
sm->SUPP_PAE_state = SUPP_PAE_CONNECTING;
|
sm->SUPP_PAE_state = SUPP_PAE_CONNECTING;
|
||||||
sm->suppPortStatus = Unauthorized;
|
sm->suppPortStatus = Unauthorized;
|
||||||
|
eapol_sm_set_port_unauthorized(sm);
|
||||||
|
|
||||||
/* Make sure we do not start sending EAPOL-Start frames first, but
|
/* Make sure we do not start sending EAPOL-Start frames first, but
|
||||||
* instead move to RESTART state to start EAPOL authentication. */
|
* instead move to RESTART state to start EAPOL authentication. */
|
||||||
|
|
|
@ -215,6 +215,13 @@ struct eapol_ctx {
|
||||||
*/
|
*/
|
||||||
void (*eap_param_needed)(void *ctx, const char *field,
|
void (*eap_param_needed)(void *ctx, const char *field,
|
||||||
const char *txt);
|
const char *txt);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* port_cb - Set port authorized/unauthorized callback (optional)
|
||||||
|
* @ctx: Callback context (ctx)
|
||||||
|
* @authorized: Whether the supplicant port is now in authorized state
|
||||||
|
*/
|
||||||
|
void (*port_cb)(void *ctx, int authorized);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -438,4 +438,14 @@ static inline int wpa_drv_sta_set_flags(struct wpa_supplicant *wpa_s,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline int wpa_drv_set_supp_port(struct wpa_supplicant *wpa_s,
|
||||||
|
int authorized)
|
||||||
|
{
|
||||||
|
if (wpa_s->driver->set_supp_port) {
|
||||||
|
return wpa_s->driver->set_supp_port(wpa_s->drv_priv,
|
||||||
|
authorized);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* DRIVER_I_H */
|
#endif /* DRIVER_I_H */
|
||||||
|
|
|
@ -537,6 +537,15 @@ static void wpa_supplicant_eap_param_needed(void *ctx, const char *field,
|
||||||
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
|
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
|
||||||
|
|
||||||
|
|
||||||
|
static void wpa_supplicant_port_cb(void *ctx, int authorized)
|
||||||
|
{
|
||||||
|
struct wpa_supplicant *wpa_s = ctx;
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s",
|
||||||
|
authorized ? "Authorized" : "Unauthorized");
|
||||||
|
wpa_drv_set_supp_port(wpa_s, authorized);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
|
int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
|
||||||
{
|
{
|
||||||
#ifdef IEEE8021X_EAPOL
|
#ifdef IEEE8021X_EAPOL
|
||||||
|
@ -564,6 +573,7 @@ int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
|
||||||
#endif /* EAP_TLS_OPENSSL */
|
#endif /* EAP_TLS_OPENSSL */
|
||||||
ctx->wps = wpa_s->wps;
|
ctx->wps = wpa_s->wps;
|
||||||
ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
|
ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
|
||||||
|
ctx->port_cb = wpa_supplicant_port_cb;
|
||||||
ctx->cb = wpa_supplicant_eapol_cb;
|
ctx->cb = wpa_supplicant_eapol_cb;
|
||||||
ctx->cb_ctx = wpa_s;
|
ctx->cb_ctx = wpa_s;
|
||||||
wpa_s->eapol = eapol_sm_init(ctx);
|
wpa_s->eapol = eapol_sm_init(ctx);
|
||||||
|
|
Loading…
Reference in a new issue