From b2f27f3abe72c299da977f47aeb994e911d5edb5 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Tue, 3 Jul 2018 14:36:33 -0700 Subject: [PATCH] netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP. --- src/ap.c | 16 +++++++++++-- src/device.c | 4 ++-- src/handshake.h | 1 + src/netdev.c | 61 ++++++++++++++++++++++++++++++++++++++----------- src/netdev.h | 2 +- src/wsc.c | 5 +--- 6 files changed, 67 insertions(+), 22 deletions(-) diff --git a/src/ap.c b/src/ap.c index 2a265130..e767d3cb 100644 --- a/src/ap.c +++ b/src/ap.c @@ -151,6 +151,16 @@ static bool ap_sta_match_addr(const void *a, const void *b) return !memcmp(sta->addr, b, 6); } +static void ap_remove_sta(struct sta_state *sta) +{ + if (!l_queue_remove(sta->ap->sta_states, sta)) { + l_error("tried to remove station that doesnt exist"); + return; + } + + ap_sta_free(sta); +} + static void ap_set_sta_cb(struct l_genl_msg *msg, void *user_data) { if (l_genl_msg_get_error(msg) < 0) @@ -398,8 +408,10 @@ static void ap_handshake_event(struct handshake_state *hs, ap_new_rsna(sta); break; case HANDSHAKE_EVENT_FAILED: - ap_deauthenticate_sta(sta, l_get_u16(event_data)); - break; + netdev_handshake_failed(hs, l_get_u16(event_data)); + /* fall through */ + case HANDSHAKE_EVENT_SETTING_KEYS_FAILED: + ap_remove_sta(sta); default: break; } diff --git a/src/device.c b/src/device.c index 6d283e88..7cc16939 100644 --- a/src/device.c +++ b/src/device.c @@ -670,9 +670,9 @@ static void device_handshake_event(struct handshake_state *hs, network_sync_psk(network); break; case HANDSHAKE_EVENT_FAILED: - netdev_handshake_failed(device_get_netdev(device), - l_get_u16(event_data)); + netdev_handshake_failed(hs, l_get_u16(event_data)); break; + case HANDSHAKE_EVENT_SETTING_KEYS_FAILED: case HANDSHAKE_EVENT_COMPLETE: /* * currently we dont care about any other events. The diff --git a/src/handshake.h b/src/handshake.h index 97f6233b..93c675ec 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -45,6 +45,7 @@ enum handshake_kde { enum handshake_event { HANDSHAKE_EVENT_STARTED, HANDSHAKE_EVENT_SETTING_KEYS, + HANDSHAKE_EVENT_SETTING_KEYS_FAILED, HANDSHAKE_EVENT_COMPLETE, HANDSHAKE_EVENT_FAILED }; diff --git a/src/netdev.c b/src/netdev.c index 4586dcfd..655b7de7 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -893,6 +893,25 @@ static struct l_genl_msg *netdev_build_cmd_deauthenticate(struct netdev *netdev, return msg; } +static struct l_genl_msg *netdev_build_cmd_del_station(struct netdev *netdev, + const uint8_t *sta, + uint16_t reason_code, + bool disassociate) +{ + struct l_genl_msg *msg; + uint8_t subtype = disassociate ? + MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION : + MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION; + + msg = l_genl_msg_new_sized(NL80211_CMD_DEL_STATION, 64); + l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index); + l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, 6, sta); + l_genl_msg_append_attr(msg, NL80211_ATTR_MGMT_SUBTYPE, 1, &subtype); + l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code); + + return msg; +} + static void netdev_operstate_cb(bool success, void *user_data) { struct netdev *netdev = user_data; @@ -945,14 +964,21 @@ static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs, netdev->result = NETDEV_RESULT_KEY_SETTING_FAILED; - if (netdev->type != NL80211_IFTYPE_STATION) - return; + handshake_event(&nhs->super, HANDSHAKE_EVENT_SETTING_KEYS_FAILED, NULL); - msg = netdev_build_cmd_disconnect(netdev, - MMPDU_REASON_CODE_UNSPECIFIED); - netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg, + switch (netdev->type) { + case NL80211_IFTYPE_STATION: + msg = netdev_build_cmd_disconnect(netdev, reason_code); + netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg, netdev_connect_failed, netdev, NULL); + break; + case NL80211_IFTYPE_AP: + msg = netdev_build_cmd_del_station(netdev, nhs->super.spa, + reason_code, false); + if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL)) + l_error("error sending DEL_STATION"); + } } static void netdev_set_station_cb(struct l_genl_msg *msg, void *user_data) @@ -1277,8 +1303,11 @@ invalid_key: netdev_setting_keys_failed(nhs, rc); } -void netdev_handshake_failed(struct netdev *netdev, uint16_t reason_code) +void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code) { + struct netdev_handshake_state *nhs = + container_of(hs, struct netdev_handshake_state, super); + struct netdev *netdev = nhs->netdev; struct l_genl_msg *msg; l_error("4-Way handshake failed for ifindex: %d, reason: %u", @@ -1288,13 +1317,19 @@ void netdev_handshake_failed(struct netdev *netdev, uint16_t reason_code) netdev->result = NETDEV_RESULT_HANDSHAKE_FAILED; - if (netdev->type != NL80211_IFTYPE_STATION) - return; - - msg = netdev_build_cmd_disconnect(netdev, reason_code); - netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg, - netdev_connect_failed, - netdev, NULL); + switch (netdev->type) { + case NL80211_IFTYPE_STATION: + msg = netdev_build_cmd_disconnect(netdev, reason_code); + netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg, + netdev_connect_failed, + netdev, NULL); + break; + case NL80211_IFTYPE_AP: + msg = netdev_build_cmd_del_station(netdev, nhs->super.spa, + reason_code, false); + if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL)) + l_error("error sending DEL_STATION"); + } } static void hardware_rekey_cb(struct l_genl_msg *msg, void *data) diff --git a/src/netdev.h b/src/netdev.h index 8cc0655f..7b53cfe3 100644 --- a/src/netdev.h +++ b/src/netdev.h @@ -145,7 +145,7 @@ uint32_t netdev_frame_watch_add(struct netdev *netdev, uint16_t frame_type, void *user_data); bool netdev_frame_watch_remove(struct netdev *netdev, uint32_t id); -void netdev_handshake_failed(struct netdev *netdev, uint16_t reason_code); +void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code); struct netdev *netdev_find(int ifindex); diff --git a/src/wsc.c b/src/wsc.c index 1732c519..59470f43 100644 --- a/src/wsc.c +++ b/src/wsc.c @@ -387,12 +387,9 @@ static void wsc_netdev_event(struct netdev *netdev, enum netdev_event event, static void wsc_handshake_event(struct handshake_state *hs, enum handshake_event event, void *event_data, void *user_data) { - struct wsc *wsc = user_data; - switch (event) { case HANDSHAKE_EVENT_FAILED: - netdev_handshake_failed(device_get_netdev(wsc->device), - l_get_u16(event_data)); + netdev_handshake_failed(hs, l_get_u16(event_data)); break; default: break;