mirror of
				https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
				synced 2025-10-26 00:44:03 +00:00 
			
		
		
		
	 345f6b8beb
			
		
	
	
		345f6b8beb
		
	
	
	
	
		
			
			Johann Uhrmann reported a bcm43xx crash and Michael Buesch tracked it down to a problem with the new shared key auth code (recursive calls into the driver) This patch (effectively Michael's patch with a couple of small modifications) solves the problem by sending the authentication challenge response frame from a workqueue entry. I also removed a lone \n from the bcm43xx messages relating to authentication mode - this small change was previously discussed but not patched in. Signed-off-by: Daniel Drake <dsd@gentoo.org> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
		
			
				
	
	
		
			398 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			398 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * This file contains the softmac's authentication logic.
 | |
|  *
 | |
|  * Copyright (c) 2005, 2006 Johannes Berg <johannes@sipsolutions.net>
 | |
|  *                          Joseph Jezak <josejx@gentoo.org>
 | |
|  *                          Larry Finger <Larry.Finger@lwfinger.net>
 | |
|  *                          Danny van Dyk <kugelfang@gentoo.org>
 | |
|  *                          Michael Buesch <mbuesch@freenet.de>
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or modify it
 | |
|  * under the terms of version 2 of the GNU General Public License as
 | |
|  * published by the Free Software Foundation.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful, but WITHOUT
 | |
|  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 | |
|  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 | |
|  * more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * along with this program; if not, write to the Free Software
 | |
|  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 | |
|  *
 | |
|  * The full GNU General Public License is included in this distribution in the
 | |
|  * file called COPYING.
 | |
|  */
 | |
| 
 | |
| #include "ieee80211softmac_priv.h"
 | |
| 
 | |
| static void ieee80211softmac_auth_queue(void *data);
 | |
| 
 | |
| /* Queues an auth request to the desired AP */
 | |
| int
 | |
| ieee80211softmac_auth_req(struct ieee80211softmac_device *mac, 
 | |
| 	struct ieee80211softmac_network *net)
 | |
| {
 | |
| 	struct ieee80211softmac_auth_queue_item *auth;
 | |
| 	unsigned long flags;
 | |
| 	
 | |
| 	if (net->authenticating || net->authenticated)
 | |
| 		return 0;
 | |
| 	net->authenticating = 1;
 | |
| 
 | |
| 	/* Add the network if it's not already added */
 | |
| 	ieee80211softmac_add_network(mac, net);
 | |
| 
 | |
| 	dprintk(KERN_NOTICE PFX "Queueing Authentication Request to "MAC_FMT"\n", MAC_ARG(net->bssid));
 | |
| 	/* Queue the auth request */
 | |
| 	auth = (struct ieee80211softmac_auth_queue_item *)
 | |
| 		kmalloc(sizeof(struct ieee80211softmac_auth_queue_item), GFP_KERNEL);
 | |
| 	if(auth == NULL)
 | |
| 		return -ENOMEM;
 | |
| 
 | |
| 	auth->net = net;
 | |
| 	auth->mac = mac;
 | |
| 	auth->retry = IEEE80211SOFTMAC_AUTH_RETRY_LIMIT;
 | |
| 	auth->state = IEEE80211SOFTMAC_AUTH_OPEN_REQUEST;
 | |
| 	INIT_WORK(&auth->work, &ieee80211softmac_auth_queue, (void *)auth);
 | |
| 	
 | |
| 	/* Lock (for list) */
 | |
| 	spin_lock_irqsave(&mac->lock, flags);
 | |
| 
 | |
| 	/* add to list */
 | |
| 	list_add_tail(&auth->list, &mac->auth_queue);
 | |
| 	schedule_work(&auth->work);
 | |
| 	spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 	
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| 
 | |
| /* Sends an auth request to the desired AP and handles timeouts */
 | |
| static void
 | |
| ieee80211softmac_auth_queue(void *data)
 | |
| {
 | |
| 	struct ieee80211softmac_device *mac;
 | |
| 	struct ieee80211softmac_auth_queue_item *auth;
 | |
| 	struct ieee80211softmac_network *net;
 | |
| 	unsigned long flags;
 | |
| 
 | |
| 	auth = (struct ieee80211softmac_auth_queue_item *)data;
 | |
| 	net = auth->net;
 | |
| 	mac = auth->mac;
 | |
| 
 | |
| 	if(auth->retry > 0) {
 | |
| 		/* Switch to correct channel for this network */
 | |
| 		mac->set_channel(mac->dev, net->channel);
 | |
| 		
 | |
| 		/* Lock and set flags */
 | |
| 		spin_lock_irqsave(&mac->lock, flags);
 | |
| 		if (unlikely(!mac->running)) {
 | |
| 			/* Prevent reschedule on workqueue flush */
 | |
| 			spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 			return;
 | |
| 		}
 | |
| 		net->authenticated = 0;
 | |
| 		/* add a timeout call so we eventually give up waiting for an auth reply */
 | |
| 		schedule_delayed_work(&auth->work, IEEE80211SOFTMAC_AUTH_TIMEOUT);
 | |
| 		auth->retry--;
 | |
| 		spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 		if (ieee80211softmac_send_mgt_frame(mac, auth->net, IEEE80211_STYPE_AUTH, auth->state))
 | |
| 			dprintk(KERN_NOTICE PFX "Sending Authentication Request to "MAC_FMT" failed (this shouldn't happen, wait for the timeout).\n", MAC_ARG(net->bssid));
 | |
| 		else
 | |
| 			dprintk(KERN_NOTICE PFX "Sent Authentication Request to "MAC_FMT".\n", MAC_ARG(net->bssid));
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	printkl(KERN_WARNING PFX "Authentication timed out with "MAC_FMT"\n", MAC_ARG(net->bssid));
 | |
| 	/* Remove this item from the queue */
 | |
| 	spin_lock_irqsave(&mac->lock, flags);
 | |
| 	net->authenticating = 0;
 | |
| 	ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_AUTH_TIMEOUT, net);
 | |
| 	cancel_delayed_work(&auth->work); /* just to make sure... */
 | |
| 	list_del(&auth->list);
 | |
| 	spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 	/* Free it */
 | |
| 	kfree(auth);
 | |
| }
 | |
| 
 | |
| /* Sends a response to an auth challenge (for shared key auth). */
 | |
| static void
 | |
| ieee80211softmac_auth_challenge_response(void *_aq)
 | |
| {
 | |
| 	struct ieee80211softmac_auth_queue_item *aq = _aq;
 | |
| 
 | |
| 	/* Send our response */
 | |
| 	ieee80211softmac_send_mgt_frame(aq->mac, aq->net, IEEE80211_STYPE_AUTH, aq->state);
 | |
| }
 | |
| 
 | |
| /* Handle the auth response from the AP
 | |
|  * This should be registered with ieee80211 as handle_auth 
 | |
|  */
 | |
| int 
 | |
| ieee80211softmac_auth_resp(struct net_device *dev, struct ieee80211_auth *auth)
 | |
| {	
 | |
| 
 | |
| 	struct list_head *list_ptr;
 | |
| 	struct ieee80211softmac_device *mac = ieee80211_priv(dev);
 | |
| 	struct ieee80211softmac_auth_queue_item *aq = NULL;
 | |
| 	struct ieee80211softmac_network *net = NULL;
 | |
| 	unsigned long flags;
 | |
| 	u8 * data;
 | |
| 	
 | |
| 	if (unlikely(!mac->running))
 | |
| 		return -ENODEV;
 | |
| 
 | |
| 	/* Find correct auth queue item */
 | |
| 	spin_lock_irqsave(&mac->lock, flags);
 | |
| 	list_for_each(list_ptr, &mac->auth_queue) {
 | |
| 		aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list);
 | |
| 		net = aq->net;
 | |
| 		if (!memcmp(net->bssid, auth->header.addr2, ETH_ALEN))
 | |
| 			break;
 | |
| 		else
 | |
| 			aq = NULL;
 | |
| 	}
 | |
| 	spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 	
 | |
| 	/* Make sure that we've got an auth queue item for this request */
 | |
| 	if(aq == NULL)
 | |
| 	{
 | |
| 		printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but no queue item exists.\n", MAC_ARG(auth->header.addr2));
 | |
| 		/* Error #? */
 | |
| 		return -1;
 | |
| 	}			
 | |
| 	
 | |
| 	/* Check for out of order authentication */
 | |
| 	if(!net->authenticating)
 | |
| 	{
 | |
| 		printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but did not request authentication.\n",MAC_ARG(auth->header.addr2));
 | |
| 		return -1;
 | |
| 	}
 | |
| 
 | |
| 	/* Parse the auth packet */
 | |
| 	switch(auth->algorithm) {
 | |
| 	case WLAN_AUTH_OPEN:
 | |
| 		/* Check the status code of the response */
 | |
| 
 | |
| 		switch(auth->status) {
 | |
| 		case WLAN_STATUS_SUCCESS:
 | |
| 			/* Update the status to Authenticated */
 | |
| 			spin_lock_irqsave(&mac->lock, flags);
 | |
| 		        net->authenticating = 0;
 | |
| 			net->authenticated = 1;
 | |
| 			spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 			
 | |
| 			/* Send event */
 | |
| 			printkl(KERN_NOTICE PFX "Open Authentication completed with "MAC_FMT"\n", MAC_ARG(net->bssid));
 | |
| 			ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_AUTHENTICATED, net);
 | |
| 			break;
 | |
| 		default:
 | |
| 			/* Lock and reset flags */
 | |
| 			spin_lock_irqsave(&mac->lock, flags);
 | |
| 			net->authenticated = 0;
 | |
| 			net->authenticating = 0;
 | |
| 			spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 			
 | |
| 			printkl(KERN_NOTICE PFX "Open Authentication with "MAC_FMT" failed, error code: %i\n", 
 | |
| 				MAC_ARG(net->bssid), le16_to_cpup(&auth->status));
 | |
| 			/* Count the error? */
 | |
| 			break;
 | |
| 		}
 | |
| 		goto free_aq;
 | |
| 		break;
 | |
| 	case WLAN_AUTH_SHARED_KEY:
 | |
| 		/* Figure out where we are in the process */
 | |
| 		switch(auth->transaction) {
 | |
| 		case IEEE80211SOFTMAC_AUTH_SHARED_CHALLENGE:
 | |
| 			/* Check to make sure we have a challenge IE */
 | |
| 			data = (u8 *)auth->info_element;
 | |
| 			if (*data++ != MFIE_TYPE_CHALLENGE) {
 | |
| 				printkl(KERN_NOTICE PFX "Shared Key Authentication failed due to a missing challenge.\n");
 | |
| 				break;	
 | |
| 			}
 | |
| 			/* Save the challenge */
 | |
| 			spin_lock_irqsave(&mac->lock, flags);
 | |
| 			net->challenge_len = *data++; 	
 | |
| 			if (net->challenge_len > WLAN_AUTH_CHALLENGE_LEN)
 | |
| 				net->challenge_len = WLAN_AUTH_CHALLENGE_LEN;
 | |
| 			if (net->challenge != NULL)
 | |
| 				kfree(net->challenge);
 | |
| 			net->challenge = kmalloc(net->challenge_len, GFP_ATOMIC);
 | |
| 			memcpy(net->challenge, data, net->challenge_len);
 | |
| 			aq->state = IEEE80211SOFTMAC_AUTH_SHARED_RESPONSE; 
 | |
| 
 | |
| 			/* We reuse the work struct from the auth request here.
 | |
| 			 * It is safe to do so as each one is per-request, and
 | |
| 			 * at this point (dealing with authentication response)
 | |
| 			 * we have obviously already sent the initial auth
 | |
| 			 * request. */
 | |
| 			cancel_delayed_work(&aq->work);
 | |
| 			INIT_WORK(&aq->work, &ieee80211softmac_auth_challenge_response, (void *)aq);
 | |
| 			schedule_work(&aq->work);
 | |
| 			spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 			return 0;
 | |
| 		case IEEE80211SOFTMAC_AUTH_SHARED_PASS:
 | |
| 			kfree(net->challenge);
 | |
| 			net->challenge = NULL;
 | |
| 			net->challenge_len = 0;
 | |
| 			/* Check the status code of the response */
 | |
| 			switch(auth->status) {
 | |
| 			case WLAN_STATUS_SUCCESS:
 | |
| 				/* Update the status to Authenticated */	
 | |
| 				spin_lock_irqsave(&mac->lock, flags);
 | |
| 				net->authenticating = 0;
 | |
| 				net->authenticated = 1;
 | |
| 				spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 				printkl(KERN_NOTICE PFX "Shared Key Authentication completed with "MAC_FMT"\n", 
 | |
| 					MAC_ARG(net->bssid));
 | |
| 				ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_AUTHENTICATED, net);
 | |
| 				break;
 | |
| 			default:
 | |
| 				printkl(KERN_NOTICE PFX "Shared Key Authentication with "MAC_FMT" failed, error code: %i\n", 
 | |
| 					MAC_ARG(net->bssid), le16_to_cpup(&auth->status));
 | |
| 				/* Lock and reset flags */
 | |
| 				spin_lock_irqsave(&mac->lock, flags);
 | |
|  				net->authenticating = 0;
 | |
|  				net->authenticated = 0;
 | |
| 				spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 				/* Count the error? */
 | |
| 				break;
 | |
| 			}
 | |
| 			goto free_aq;
 | |
| 			break;
 | |
| 		default:
 | |
| 			printkl(KERN_WARNING PFX "Unhandled Authentication Step: %i\n", auth->transaction);
 | |
| 			break;
 | |
| 		}
 | |
| 		goto free_aq;
 | |
| 		break;
 | |
| 	default:
 | |
| 		/* ERROR */	
 | |
| 		goto free_aq;
 | |
| 		break;
 | |
| 	}
 | |
| 	return 0;
 | |
| free_aq:
 | |
| 	/* Cancel the timeout */
 | |
| 	spin_lock_irqsave(&mac->lock, flags);
 | |
| 	cancel_delayed_work(&aq->work);
 | |
| 	/* Remove this item from the queue */
 | |
| 	list_del(&aq->list);
 | |
| 	spin_unlock_irqrestore(&mac->lock, flags);
 | |
| 
 | |
| 	/* Free it */
 | |
| 	kfree(aq);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Handle deauthorization
 | |
|  */
 | |
| static void
 | |
| ieee80211softmac_deauth_from_net(struct ieee80211softmac_device *mac,
 | |
| 	struct ieee80211softmac_network *net)
 | |
| {
 | |
| 	struct ieee80211softmac_auth_queue_item *aq = NULL;
 | |
| 	struct list_head *list_ptr;
 | |
| 	unsigned long flags;
 | |
| 
 | |
| 	/* deauthentication implies disassociation */
 | |
| 	ieee80211softmac_disassoc(mac);
 | |
| 
 | |
| 	/* Lock and reset status flags */
 | |
| 	spin_lock_irqsave(&mac->lock, flags);
 | |
| 	net->authenticating = 0;
 | |
| 	net->authenticated = 0;
 | |
| 	
 | |
| 	/* Find correct auth queue item, if it exists */
 | |
| 	list_for_each(list_ptr, &mac->auth_queue) {
 | |
| 		aq = list_entry(list_ptr, struct ieee80211softmac_auth_queue_item, list);
 | |
| 		if (!memcmp(net->bssid, aq->net->bssid, ETH_ALEN))
 | |
| 			break;
 | |
| 		else
 | |
| 			aq = NULL;
 | |
| 	}
 | |
| 	
 | |
| 	/* Cancel pending work */
 | |
| 	if(aq != NULL)
 | |
| 		/* Not entirely safe?  What about running work? */
 | |
| 		cancel_delayed_work(&aq->work);
 | |
| 
 | |
| 	/* Free our network ref */
 | |
| 	ieee80211softmac_del_network_locked(mac, net);
 | |
| 	if(net->challenge != NULL)
 | |
| 		kfree(net->challenge);
 | |
| 	kfree(net);
 | |
| 	
 | |
| 	/* can't transmit data right now... */
 | |
| 	netif_carrier_off(mac->dev);
 | |
| 	spin_unlock_irqrestore(&mac->lock, flags);
 | |
| }
 | |
| 
 | |
| /* 
 | |
|  * Sends a deauth request to the desired AP
 | |
|  */
 | |
| int 
 | |
| ieee80211softmac_deauth_req(struct ieee80211softmac_device *mac, 
 | |
| 	struct ieee80211softmac_network *net, int reason)
 | |
| {
 | |
| 	int ret;
 | |
| 	
 | |
| 	/* Make sure the network is authenticated */
 | |
| 	if (!net->authenticated)
 | |
| 	{
 | |
| 		printkl(KERN_DEBUG PFX "Can't send deauthentication packet, network is not authenticated.\n");
 | |
| 		/* Error okay? */
 | |
| 		return -EPERM;
 | |
| 	}
 | |
| 	
 | |
| 	/* Send the de-auth packet */
 | |
| 	if((ret = ieee80211softmac_send_mgt_frame(mac, net, IEEE80211_STYPE_DEAUTH, reason)))
 | |
| 		return ret;
 | |
| 	
 | |
| 	ieee80211softmac_deauth_from_net(mac, net);
 | |
| 	return 0;
 | |
| }
 | |
|  
 | |
| /*
 | |
|  * This should be registered with ieee80211 as handle_deauth
 | |
|  */
 | |
| int 
 | |
| ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *deauth)
 | |
| {
 | |
| 	
 | |
| 	struct ieee80211softmac_network *net = NULL;
 | |
| 	struct ieee80211softmac_device *mac = ieee80211_priv(dev);
 | |
| 	
 | |
| 	if (unlikely(!mac->running))
 | |
| 		return -ENODEV;
 | |
| 
 | |
| 	if (!deauth) {
 | |
| 		dprintk("deauth without deauth packet. eek!\n");
 | |
| 		return 0;
 | |
| 	}
 | |
| 
 | |
| 	net = ieee80211softmac_get_network_by_bssid(mac, deauth->header.addr2);
 | |
| 	
 | |
| 	if (net == NULL) {
 | |
| 		printkl(KERN_DEBUG PFX "Received deauthentication packet from "MAC_FMT", but that network is unknown.\n",
 | |
| 			MAC_ARG(deauth->header.addr2));
 | |
| 		return 0;
 | |
| 	}
 | |
| 
 | |
| 	/* Make sure the network is authenticated */
 | |
| 	if(!net->authenticated)
 | |
| 	{
 | |
| 		printkl(KERN_DEBUG PFX "Can't perform deauthentication, network is not authenticated.\n");
 | |
| 		/* Error okay? */
 | |
| 		return -EPERM;
 | |
| 	}
 | |
| 
 | |
| 	ieee80211softmac_deauth_from_net(mac, net);
 | |
| 
 | |
| 	/* let's try to re-associate */
 | |
| 	schedule_work(&mac->associnfo.work);
 | |
| 	return 0;
 | |
| }
 |