openwrtv3/package/network/services/hostapd/patches/600-ubus_support.patch
Daniel Golle eba3b028e4 hostapd: update to git snapshot of 2018-03-26
The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
 replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
 replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
 replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
 replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
 replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
 replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
 replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
 replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
 replaced by commit 114f2830d

Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.

For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-03-27 19:25:32 +02:00

351 lines
11 KiB
Diff

--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -165,6 +165,11 @@ OBJS += ../src/common/hw_features_common
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+ifdef CONFIG_UBUS
+CFLAGS += -DUBUS_SUPPORT
+OBJS += ../src/ap/ubus.o
+LIBS += -lubox -lubus
+endif
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -13,6 +13,7 @@
#include "utils/list.h"
#include "ap_config.h"
#include "drivers/driver.h"
+#include "ubus.h"
struct wpa_ctrl_dst;
struct radius_server_data;
@@ -129,6 +130,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
+ struct hostapd_ubus_bss ubus;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
@@ -392,6 +394,8 @@ struct hostapd_iface {
struct hostapd_config *conf;
char phy[16]; /* Name of the PHY (radio) */
+ struct hostapd_ubus_iface ubus;
+
enum hostapd_iface_state {
HAPD_IFACE_UNINITIALIZED,
HAPD_IFACE_DISABLED,
@@ -544,6 +548,7 @@ hostapd_alloc_bss_data(struct hostapd_if
struct hostapd_bss_config *bss);
int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
+void hostapd_set_own_neighbor_report(struct hostapd_data *hapd);
void hostapd_interface_deinit(struct hostapd_iface *iface);
void hostapd_interface_free(struct hostapd_iface *iface);
struct hostapd_iface * hostapd_alloc_iface(void);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -309,6 +309,7 @@ static void hostapd_free_hapd_data(struc
hapd->started = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
+ hostapd_ubus_free_bss(hapd);
iapp_deinit(hapd->iapp);
hapd->iapp = NULL;
accounting_deinit(hapd);
@@ -1186,6 +1187,8 @@ static int hostapd_setup_bss(struct host
if (hapd->driver && hapd->driver->set_operstate)
hapd->driver->set_operstate(hapd->drv_priv, 1);
+ hostapd_ubus_add_bss(hapd);
+
return 0;
}
@@ -1600,7 +1603,7 @@ static enum nr_chan_width hostapd_get_nr
#endif /* NEED_AP_MLME */
-static void hostapd_set_own_neighbor_report(struct hostapd_data *hapd)
+void hostapd_set_own_neighbor_report(struct hostapd_data *hapd)
{
#ifdef NEED_AP_MLME
u16 capab = hostapd_own_capab_info(hapd);
@@ -1807,6 +1810,7 @@ static int hostapd_setup_interface_compl
if (err)
goto fail;
+ hostapd_ubus_add_iface(iface);
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->conf->channel) {
#ifdef NEED_AP_MLME
@@ -1987,6 +1991,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
+ hostapd_ubus_free_iface(iface);
hostapd_set_state(iface, HAPD_IFACE_DISABLED);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
#ifdef CONFIG_FST
@@ -2441,6 +2446,7 @@ void hostapd_interface_deinit_free(struc
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
+ hostapd_ubus_free_iface(iface);
hostapd_interface_deinit(iface);
wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit",
__func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1662,12 +1662,13 @@ ieee802_11_set_radius_info(struct hostap
static void handle_auth(struct hostapd_data *hapd,
- const struct ieee80211_mgmt *mgmt, size_t len)
+ const struct ieee80211_mgmt *mgmt, size_t len,
+ struct hostapd_frame_info *fi)
{
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
- int res, reply_res;
+ int res, reply_res, ubus_resp;
u16 fc;
const u8 *challenge = NULL;
u32 session_timeout, acct_interim_interval;
@@ -1678,6 +1679,11 @@ static void handle_auth(struct hostapd_d
char *identity = NULL;
char *radius_cui = NULL;
u16 seq_ctrl;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_AUTH_REQ,
+ .mgmt_frame = mgmt,
+ .frame_info = fi,
+ };
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
@@ -1836,6 +1842,13 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
+ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+ if (ubus_resp) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
if (res == HOSTAPD_ACL_PENDING)
return;
@@ -3102,12 +3115,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
static void handle_assoc(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
- int reassoc)
+ int reassoc, struct hostapd_frame_info *fi)
{
u16 capab_info, listen_interval, seq_ctrl, fc;
u16 resp = WLAN_STATUS_SUCCESS, reply_res;
const u8 *pos;
- int left, i;
+ int left, i, ubus_resp;
struct sta_info *sta;
u8 *tmp = NULL;
struct hostapd_sta_wpa_psk_short *psk = NULL;
@@ -3116,6 +3129,11 @@ static void handle_assoc(struct hostapd_
#ifdef CONFIG_FILS
int delay_assoc = 0;
#endif /* CONFIG_FILS */
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_ASSOC_REQ,
+ .mgmt_frame = mgmt,
+ .frame_info = fi,
+ };
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
sizeof(mgmt->u.assoc_req))) {
@@ -3287,6 +3305,14 @@ static void handle_assoc(struct hostapd_
}
#endif /* CONFIG_MBO */
+ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+ if (ubus_resp) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+
/*
* sta->capability is used in check_assoc_ies() for RRM enabled
* capability element.
@@ -3500,6 +3526,7 @@ static void handle_disassoc(struct hosta
wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
MAC2STR(mgmt->sa),
le_to_host16(mgmt->u.disassoc.reason_code));
+ hostapd_ubus_notify(hapd, "disassoc", mgmt->sa);
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
@@ -3565,6 +3592,8 @@ static void handle_deauth(struct hostapd
" reason_code=%d",
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
+ hostapd_ubus_notify(hapd, "deauth", mgmt->sa);
+
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
@@ -3884,7 +3913,7 @@ int ieee802_11_mgmt(struct hostapd_data
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
- handle_probe_req(hapd, mgmt, len, ssi_signal);
+ handle_probe_req(hapd, mgmt, len, fi);
return 1;
}
@@ -3904,17 +3933,17 @@ int ieee802_11_mgmt(struct hostapd_data
switch (stype) {
case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth");
- handle_auth(hapd, mgmt, len);
+ handle_auth(hapd, mgmt, len, fi);
ret = 1;
break;
case WLAN_FC_STYPE_ASSOC_REQ:
wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
- handle_assoc(hapd, mgmt, len, 0);
+ handle_assoc(hapd, mgmt, len, 0, fi);
ret = 1;
break;
case WLAN_FC_STYPE_REASSOC_REQ:
wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
- handle_assoc(hapd, mgmt, len, 1);
+ handle_assoc(hapd, mgmt, len, 1, fi);
ret = 1;
break;
case WLAN_FC_STYPE_DISASSOC:
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -720,7 +720,7 @@ void sta_track_claim_taxonomy_info(struc
void handle_probe_req(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
- int ssi_signal)
+ struct hostapd_frame_info *fi)
{
u8 *resp;
struct ieee802_11_elems elems;
@@ -729,6 +729,7 @@ void handle_probe_req(struct hostapd_dat
size_t i, resp_len;
int noack;
enum ssid_match_result res;
+ int ssi_signal = fi->ssi_signal;
int ret;
u16 csa_offs[2];
size_t csa_offs_len;
@@ -737,6 +738,11 @@ void handle_probe_req(struct hostapd_dat
struct hostapd_sta_wpa_psk_short *psk = NULL;
char *identity = NULL;
char *radius_cui = NULL;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_PROBE_REQ,
+ .mgmt_frame = mgmt,
+ .frame_info = fi,
+ };
if (len < IEEE80211_HDRLEN)
return;
@@ -914,6 +920,12 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Probe request for " MACSTR " rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ return;
+ }
+
/* TODO: verify that supp_rates contains at least one matching rate
* with AP configuration */
--- a/src/ap/beacon.h
+++ b/src/ap/beacon.h
@@ -14,7 +14,7 @@ struct ieee80211_mgmt;
void handle_probe_req(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
- int ssi_signal);
+ struct hostapd_frame_info *fi);
int ieee802_11_set_beacon(struct hostapd_data *hapd);
int ieee802_11_set_beacons(struct hostapd_iface *iface);
int ieee802_11_update_beacons(struct hostapd_iface *iface);
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -116,6 +116,10 @@ int hostapd_notif_assoc(struct hostapd_d
u16 reason = WLAN_REASON_UNSPECIFIED;
u16 status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_ASSOC_REQ,
+ .addr = addr,
+ };
if (addr == NULL) {
/*
@@ -195,6 +199,12 @@ int hostapd_notif_assoc(struct hostapd_d
goto fail;
}
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+ MAC2STR(req.addr));
+ goto fail;
+ }
+
#ifdef CONFIG_P2P
if (elems.p2p) {
wpabuf_free(sta->p2p_ie);
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -412,6 +412,7 @@ void ap_handle_timer(void *eloop_ctx, vo
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
ap_free_sta(hapd, sta);
+ hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
return;
}
@@ -559,6 +560,7 @@ skip_poll:
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
ap_free_sta(hapd, sta);
+ hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
break;
}
}
@@ -1220,6 +1222,7 @@ void ap_sta_set_authorized(struct hostap
buf, ip_addr);
} else {
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
+ hostapd_ubus_notify(hapd, "disassoc", sta->addr);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -176,6 +176,7 @@ static void hostapd_wpa_auth_psk_failure
struct hostapd_data *hapd = ctx;
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
MAC2STR(addr));
+ hostapd_ubus_notify(hapd, "key-mismatch", addr);
}