[PATCH v5 11/22] VLAN: Use new VLAN data type in src_ap_wpa_auth

Michael Braun michael-dev
Tue Nov 19 11:47:35 PST 2013


Signed-hostap: Michael Braun <michael-dev at fami-braun.de>
---
 src/ap/wpa_auth.c      |   37 +++++++++++++++++++++----------------
 src/ap/wpa_auth.h      |    9 ++++++---
 src/ap/wpa_auth_ft.c   |    4 ++--
 src/ap/wpa_auth_glue.c |    9 +++++----
 src/ap/wpa_auth_i.h    |    2 +-
 src/ap/wpa_auth_ie.c   |    2 +-
 6 files changed, 36 insertions(+), 27 deletions(-)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 7c508f8..da23a0a 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -109,7 +109,7 @@ static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
 
 
 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
-				   int vlan_id,
+				   struct vlan_description vlan_id,
 				   enum wpa_alg alg, const u8 *addr, int idx,
 				   u8 *key, size_t key_len)
 {
@@ -328,7 +328,8 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
 
 
 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
-					 int vlan_id, int delay_init)
+					 struct vlan_description vlan_id,
+                                        int delay_init)
 {
 	struct wpa_group *group;
 
@@ -337,7 +338,7 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
 		return NULL;
 
 	group->GTKAuthenticator = TRUE;
-	group->vlan_id = vlan_id;
+	vlan_alloc_copy(&group->vlan_id, &vlan_id);
 	group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
 
 	if (random_pool_ready() != 1) {
@@ -400,7 +401,8 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
 		return NULL;
 	}
 
-	wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
+	struct vlan_description vlan_id = VLAN_NULL;
+	wpa_auth->group = wpa_group_init(wpa_auth, vlan_id, 1);
 	if (wpa_auth->group == NULL) {
 		os_free(wpa_auth->wpa_ie);
 		os_free(wpa_auth);
@@ -1448,7 +1450,8 @@ void wpa_remove_ptk(struct wpa_state_machine *sm)
 {
 	sm->PTK_valid = FALSE;
 	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
-	wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
+	wpa_auth_set_key(sm->wpa_auth, VLAN_NULL, WPA_ALG_NONE, sm->addr, 0,
+	                 NULL, 0);
 	sm->pairwise_set = FALSE;
 	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
 }
@@ -2083,7 +2086,7 @@ SM_STATE(WPA_PTK, PTKINITDONE)
 	if (sm->Pair) {
 		enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
 		int klen = wpa_cipher_key_len(sm->pairwise);
-		if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
+		if (wpa_auth_set_key(sm->wpa_auth, VLAN_NULL, alg, sm->addr, 0,
 				     sm->PTK.tk1, klen)) {
 			wpa_sta_disconnect(sm->wpa_auth, sm->addr);
 			return;
@@ -2412,7 +2415,7 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
 			       struct wpa_group *group)
 {
 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
-		   "GTK_INIT (VLAN-ID %d)", group->vlan_id);
+		   "GTK_INIT (VLAN-ID %d)", vlan_untagged(&group->vlan_id));
 	group->changed = FALSE; /* GInit is not cleared here; avoid loop */
 	group->wpa_group_state = WPA_GROUP_GTK_INIT;
 
@@ -2549,7 +2552,7 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
 	int tmp;
 
 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
-		   "SETKEYS (VLAN-ID %d)", group->vlan_id);
+		   "SETKEYS (VLAN-ID %d)", vlan_untagged(&group->vlan_id));
 	group->changed = TRUE;
 	group->wpa_group_state = WPA_GROUP_SETKEYS;
 	group->GTKReKey = FALSE;
@@ -2606,7 +2609,7 @@ static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
 				 struct wpa_group *group)
 {
 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
-		   "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
+		   "SETKEYSDONE (VLAN-ID %d)", vlan_untagged(&group->vlan_id));
 	group->changed = TRUE;
 	group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
 
@@ -2997,7 +3000,7 @@ wpa_group_free(struct wpa_authenticator *wpa_auth, struct wpa_group *group)
 	struct wpa_group *prev = wpa_auth->group;
 
 	wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
-		   group->vlan_id);
+		   vlan_untagged(&group->vlan_id));
 
 	while (prev) {
 		if (prev->next == group) {
@@ -3008,7 +3011,6 @@ wpa_group_free(struct wpa_authenticator *wpa_auth, struct wpa_group *group)
 		}
 		prev = prev->next;
 	}
-
 }
 
 
@@ -3045,7 +3047,8 @@ wpa_group_put(struct wpa_authenticator *wpa_auth, struct wpa_group *group)
  * Call wpa_group_get on the return value!
  */
 static struct wpa_group *
-wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
+wpa_auth_add_group(struct wpa_authenticator *wpa_auth,
+                   struct vlan_description vlan_id)
 {
 	struct wpa_group *group;
 
@@ -3053,7 +3056,7 @@ wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
 		return NULL;
 
 	wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
-		   vlan_id);
+		   vlan_untagged(&vlan_id));
 	group = wpa_group_init(wpa_auth, vlan_id, 0);
 	if (group == NULL)
 		return NULL;
@@ -3065,7 +3068,8 @@ wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
 }
 
 
-int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
+int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm,
+                          struct vlan_description vlan_id)
 {
 	struct wpa_group *group, *oldgroup;
 
@@ -3074,7 +3078,7 @@ int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
 
 	group = sm->wpa_auth->group;
 	while (group) {
-		if (group->vlan_id == vlan_id)
+		if (vlan_cmp(&group->vlan_id, &vlan_id))
 			break;
 		group = group->next;
 	}
@@ -3089,7 +3093,8 @@ int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
 		return 0;
 
 	wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
-		   "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
+		   "machine for VLAN ID %d", MAC2STR(sm->addr),
+		   vlan_untagged(&vlan_id));
 
 	wpa_group_get(sm->wpa_auth, group);
 	oldgroup = sm->group;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 47503d0..2987c17 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -10,6 +10,7 @@
 #define WPA_AUTH_H
 
 #include "common/defs.h"
+#include "common/vlan.h"
 #include "common/eapol_common.h"
 #include "common/wpa_common.h"
 
@@ -187,8 +188,9 @@ struct wpa_auth_callbacks {
 	const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr,
 			      const u8 *prev_psk);
 	int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
-	int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
-		       const u8 *addr, int idx, u8 *key, size_t key_len);
+	int (*set_key)(void *ctx, struct vlan_description vlan_id,
+                      enum wpa_alg alg, const u8 *addr, int idx, u8 *key,
+                      size_t key_len);
 	int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
 	int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
 			  size_t data_len, int encrypt);
@@ -267,7 +269,8 @@ int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
 			       struct eapol_state_machine *eapol);
 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
 			   const u8 *sta_addr);
-int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
+int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm,
+                          struct vlan_description vlan_id);
 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
 				  struct wpa_state_machine *sm, int ack);
 
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 29d9d29..8b5902e 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -738,7 +738,7 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
 
 
 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
-				   int vlan_id,
+				   struct vlan_description vlan_id,
 				   enum wpa_alg alg, const u8 *addr, int idx,
 				   u8 *key, size_t key_len)
 {
@@ -769,7 +769,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
 	 * again after association to get the PTK configured, but that could be
 	 * optimized by adding the STA entry earlier.
 	 */
-	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
+	if (wpa_auth_set_key(sm->wpa_auth, VLAN_NULL, alg, sm->addr, 0,
 			     sm->PTK.tk1, klen))
 		return;
 
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index cbaab9f..fcd66cb 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -246,14 +246,15 @@ static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
 }
 
 
-static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
-				    const u8 *addr, int idx, u8 *key,
-				    size_t key_len)
+static int
+hostapd_wpa_auth_set_key(void *ctx, struct vlan_description vlan_id,
+                         enum wpa_alg alg, const u8 *addr, int idx, u8 *key,
+                         size_t key_len)
 {
 	struct hostapd_data *hapd = ctx;
 	const char *ifname = hapd->conf->iface;
 
-	if (vlan_id > 0) {
+	if (vlan_notempty(&vlan_id) && vlan_untagged(&vlan_id) >= 0) {
 		ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
 		if (ifname == NULL)
 			return -1;
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 4fd06c8..69d6f2c 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -127,7 +127,7 @@ struct wpa_state_machine {
 /* per group key state machine data */
 struct wpa_group {
 	struct wpa_group *next;
-	int vlan_id;
+	struct vlan_description vlan_id;
 
 	Boolean GInit;
 	int GKeyDoneStations;
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index cdfcca1..b0aa98a 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -609,7 +609,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 				 "PMKID found from PMKSA cache "
 				 "eap_type=%d vlan_id=%d",
 				 sm->pmksa->eap_type_authsrv,
-				 sm->pmksa->vlan_id);
+				 vlan_untagged(&sm->pmksa->vlan_id));
 		os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
 	}
 




More information about the Hostap mailing list