[PATCH 3/4] Clone SSID twins to enable encrypted catchall APs
Stefan Tomanek
stefan.tomanek
Sat Apr 25 08:37:42 PDT 2015
This change makes it possible to use encryption with catchall networks.
Upon associating a new client with a custom SSID, a new "twin" of the existing
ssid structure is created and keys are regenerated using the new SSID and the
existing origin configuration as a template. So multiple clones of the same
network can coexist using different SSID names - hence the term "twin".
Signed-off-by: Stefan Tomanek <stefan.tomanek at wertarbyte.de>
---
src/ap/ap_config.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++----
src/ap/ap_config.h | 8 ++++++-
src/ap/beacon.c | 11 +++++++--
src/ap/ieee802_11.c | 7 ++++--
src/ap/sta_info.c | 4 ++++
src/ap/wpa_auth_glue.c | 2 +-
6 files changed, 86 insertions(+), 11 deletions(-)
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index cccbfab..63b42bd 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -18,6 +18,7 @@
#include "wpa_auth.h"
#include "sta_info.h"
#include "ap_config.h"
+#include "hostapd.h"
static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
@@ -314,10 +315,8 @@ static int hostapd_derive_psk(struct hostapd_ssid *ssid)
}
-int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
+static int hostapd_setup_wpa_ssid_psk(struct hostapd_ssid *ssid, struct hostapd_bss_config *conf)
{
- struct hostapd_ssid *ssid = &conf->ssid;
-
if (ssid->wpa_passphrase != NULL) {
if (ssid->wpa_psk != NULL) {
wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
@@ -340,6 +339,11 @@ int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
return 0;
}
+int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
+{
+ return hostapd_setup_wpa_ssid_psk(&conf->ssid, conf);
+}
+
static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
int num_servers)
@@ -666,12 +670,17 @@ const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
}
-const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
+const u8 * hostapd_get_psk(struct hostapd_data *hapd,
const u8 *addr, const u8 *p2p_dev_addr,
const u8 *prev_psk)
{
struct hostapd_wpa_psk *psk;
int next_ok = prev_psk == NULL;
+ struct hostapd_bss_config *conf = hapd->conf;
+ struct hostapd_ssid *ssid = &conf->ssid;
+ struct sta_info *sta = ap_get_sta(hapd, addr);
+ if (sta && sta->ssid)
+ ssid = sta->ssid;
if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
@@ -684,7 +693,7 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
MAC2STR(addr), prev_psk);
}
- for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
+ for (psk = ssid->wpa_psk; psk != NULL; psk = psk->next) {
if (next_ok &&
(psk->group ||
(addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
@@ -946,3 +955,49 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
}
}
+
+/**
+ * hostapd_clone_twin_ssid - Create a copy of an SSID struct
+ * @bss: The BSS to use as template for the cloning
+ * @ssid: The SSID identifier to use for the twin network
+ * @ssid_len: The length of the SSID identifier to be used
+ * Returns: The cloned hostapd_ssid struct.
+ *
+ * Create an independent copy of the hostapd_ssid struct used
+ * by the BSS instance and substitute the identifier; if a WPA
+ * passphrase is used, the new keys are derived using the new
+ * network identifier.
+ */
+struct hostapd_ssid * hostapd_clone_twin_ssid(struct hostapd_bss_config *bss,
+ const u8 *ssid, size_t ssid_len) {
+ /* clone ssid struct */
+ struct hostapd_ssid *orig = &bss->ssid;
+ struct hostapd_ssid *clone = os_zalloc(sizeof(*orig));
+ if (clone == NULL)
+ return NULL;
+ os_memcpy(clone, orig, sizeof(*orig));
+ clone->origin = orig;
+ /* insert new SSID */
+ os_memcpy(&clone->ssid, ssid, ssid_len);
+ clone->ssid_len = ssid_len;
+ /* clear and reinitialize WPA keys */
+ clone->wpa_psk = NULL;
+ hostapd_setup_wpa_ssid_psk(clone, bss);
+ return clone;
+}
+
+/**
+ * hostapd_free_cloned_ssid - Destroy a cloned SSID structure
+ * @ssid: The SSID structure to free
+ *
+ * Free the memory allocated for the hostapd_ssid structure
+ * and its contained WPA keys if the instance has been cloned
+ * instead of originating from the BSS config.
+ */
+void hostapd_free_cloned_ssid(struct hostapd_ssid *ssid) {
+ /* is this ssid a clone? */
+ if (!ssid || !ssid->origin)
+ return;
+ hostapd_config_clear_wpa_psk(&ssid->wpa_psk);
+ os_free(ssid);
+}
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index c2d7043..b7d4c6a 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -15,6 +15,7 @@
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "wps/wps.h"
+#include "sta_info.h"
/**
* mesh_conf - local MBSS state and settings
@@ -106,6 +107,8 @@ struct hostapd_ssid {
#ifdef CONFIG_FULL_DYNAMIC_VLAN
char *vlan_tagged_interface;
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+ struct hostapd_ssid *origin;
};
@@ -666,7 +669,7 @@ void hostapd_config_free(struct hostapd_config *conf);
int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
const u8 *addr, int *vlan_id);
int hostapd_rate_found(int *list, int rate);
-const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
+const u8 * hostapd_get_psk(struct hostapd_data *hapd,
const u8 *addr, const u8 *p2p_dev_addr,
const u8 *prev_psk);
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
@@ -679,4 +682,7 @@ int hostapd_config_check(struct hostapd_config *conf, int full_config);
void hostapd_set_security_params(struct hostapd_bss_config *bss,
int full_config);
+struct hostapd_ssid *hostapd_clone_twin_ssid(struct hostapd_bss_config *bss,
+ const u8 *ssid, size_t ssid_len);
+void hostapd_free_cloned_ssid(struct hostapd_ssid *ssid);
#endif /* HOSTAPD_CONFIG_H */
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 66b76e9..d49716b 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -684,8 +684,15 @@ void handle_probe_req(struct hostapd_data *hapd,
}
if (res != NO_SSID_MATCH) {
- if (sta)
- sta->ssid_probe = &hapd->conf->ssid;
+ if (sta) {
+ hostapd_free_cloned_ssid(sta->ssid_probe);
+ sta->ssid_probe = NULL;
+ if (res == CATCHALL_SSID_MATCH) {
+ sta->ssid_probe = hostapd_clone_twin_ssid(hapd->conf, ssid, ssid_len);
+ } else {
+ sta->ssid_probe = &hapd->conf->ssid;
+ }
+ }
} else {
if (!(mgmt->da[0] & 0x01)) {
wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 7321c1d..76a3119 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1196,6 +1196,9 @@ static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
HOSTAPD_LEVEL_INFO,
"Station associating with catchall network, requested SSID "
"'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
+ sta->ssid = hostapd_clone_twin_ssid(hapd->conf, ssid_ie, ssid_ie_len);
+ if (sta->ssid == NULL)
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
return WLAN_STATUS_SUCCESS;
}
@@ -2407,8 +2410,8 @@ static void handle_assoc_cb(struct hostapd_data *hapd,
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO,
- "associated (aid %d)",
- sta->aid);
+ "associated (aid %d) [%s]",
+ sta->aid, wpa_ssid_txt(sta->ssid->ssid, sta->ssid->ssid_len));
if (sta->flags & WLAN_STA_ASSOC)
new_assoc = 0;
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 1576db9..73e98a3 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -311,6 +311,10 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
os_free(sta->sae);
#endif /* CONFIG_SAE */
+ /* free cloned SSIDs */
+ hostapd_free_cloned_ssid(sta->ssid);
+ hostapd_free_cloned_ssid(sta->ssid_probe);
+
os_free(sta);
}
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 7cd0b6c..2f8246c 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -229,7 +229,7 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
}
#endif /* CONFIG_SAE */
- psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk);
+ psk = hostapd_get_psk(hapd, addr, p2p_dev_addr, prev_psk);
/*
* This is about to iterate over all psks, prev_psk gives the last
* returned psk which should not be returned again.
--
2.1.4
More information about the Hostap
mailing list