mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
PMKSA: Show AP/mesh PMKSA list in PMKSA command
This extends the wpa_supplicant PMKSA control interface command to allow the PMKSA list from the authenticator side to be listed for AP and mesh mode. In addition, this adds a hostapd PMKSA control interface command to show the same list for the AP case. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit is contained in:
parent
2604edbfbd
commit
b8daac18a4
@ -2307,6 +2307,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
|
|||||||
reply_len = hostapd_ctrl_iface_track_sta_list(
|
reply_len = hostapd_ctrl_iface_track_sta_list(
|
||||||
hapd, reply, reply_size);
|
hapd, reply, reply_size);
|
||||||
#endif /* NEED_AP_MLME */
|
#endif /* NEED_AP_MLME */
|
||||||
|
} else if (os_strcmp(buf, "PMKSA") == 0) {
|
||||||
|
reply_len = hostapd_ctrl_iface_pmksa_list(hapd, reply,
|
||||||
|
reply_size);
|
||||||
} else {
|
} else {
|
||||||
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
|
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
|
||||||
reply_len = 16;
|
reply_len = 16;
|
||||||
|
@ -1130,6 +1130,12 @@ static int hostapd_cli_cmd_raw(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int hostapd_cli_cmd_pmksa(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||||
|
{
|
||||||
|
return wpa_ctrl_command(ctrl, "PMKSA");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
struct hostapd_cli_cmd {
|
struct hostapd_cli_cmd {
|
||||||
const char *cmd;
|
const char *cmd;
|
||||||
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
|
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
|
||||||
@ -1189,6 +1195,7 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
|
|||||||
{ "disable", hostapd_cli_cmd_disable },
|
{ "disable", hostapd_cli_cmd_disable },
|
||||||
{ "erp_flush", hostapd_cli_cmd_erp_flush },
|
{ "erp_flush", hostapd_cli_cmd_erp_flush },
|
||||||
{ "log_level", hostapd_cli_cmd_log_level },
|
{ "log_level", hostapd_cli_cmd_log_level },
|
||||||
|
{ "pmksa", hostapd_cli_cmd_pmksa },
|
||||||
{ NULL, NULL }
|
{ NULL, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -568,3 +568,10 @@ int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
|
|||||||
{
|
{
|
||||||
return hostapd_drv_stop_ap(hapd);
|
return hostapd_drv_stop_ap(hapd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int hostapd_ctrl_iface_pmksa_list(struct hostapd_data *hapd, char *buf,
|
||||||
|
size_t len)
|
||||||
|
{
|
||||||
|
return wpa_auth_pmksa_list(hapd->wpa_auth, buf, len);
|
||||||
|
}
|
||||||
|
@ -24,5 +24,7 @@ int hostapd_ctrl_iface_status(struct hostapd_data *hapd, char *buf,
|
|||||||
int hostapd_parse_csa_settings(const char *pos,
|
int hostapd_parse_csa_settings(const char *pos,
|
||||||
struct csa_settings *settings);
|
struct csa_settings *settings);
|
||||||
int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd);
|
int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd);
|
||||||
|
int hostapd_ctrl_iface_pmksa_list(struct hostapd_data *hapd, char *buf,
|
||||||
|
size_t len);
|
||||||
|
|
||||||
#endif /* CTRL_IFACE_AP_H */
|
#endif /* CTRL_IFACE_AP_H */
|
||||||
|
@ -547,3 +547,48 @@ int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
|
|||||||
|
|
||||||
return found ? 0 : -1;
|
return found ? 0 : -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* pmksa_cache_auth_list - Dump text list of entries in PMKSA cache
|
||||||
|
* @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
|
||||||
|
* @buf: Buffer for the list
|
||||||
|
* @len: Length of the buffer
|
||||||
|
* Returns: Number of bytes written to buffer
|
||||||
|
*
|
||||||
|
* This function is used to generate a text format representation of the
|
||||||
|
* current PMKSA cache contents for the ctrl_iface PMKSA command.
|
||||||
|
*/
|
||||||
|
int pmksa_cache_auth_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len)
|
||||||
|
{
|
||||||
|
int i, ret;
|
||||||
|
char *pos = buf;
|
||||||
|
struct rsn_pmksa_cache_entry *entry;
|
||||||
|
struct os_reltime now;
|
||||||
|
|
||||||
|
os_get_reltime(&now);
|
||||||
|
ret = os_snprintf(pos, buf + len - pos,
|
||||||
|
"Index / SPA / PMKID / expiration (in seconds) / opportunistic\n");
|
||||||
|
if (os_snprintf_error(buf + len - pos, ret))
|
||||||
|
return pos - buf;
|
||||||
|
pos += ret;
|
||||||
|
i = 0;
|
||||||
|
entry = pmksa->pmksa;
|
||||||
|
while (entry) {
|
||||||
|
ret = os_snprintf(pos, buf + len - pos, "%d " MACSTR " ",
|
||||||
|
i, MAC2STR(entry->spa));
|
||||||
|
if (os_snprintf_error(buf + len - pos, ret))
|
||||||
|
return pos - buf;
|
||||||
|
pos += ret;
|
||||||
|
pos += wpa_snprintf_hex(pos, buf + len - pos, entry->pmkid,
|
||||||
|
PMKID_LEN);
|
||||||
|
ret = os_snprintf(pos, buf + len - pos, " %d %d\n",
|
||||||
|
(int) (entry->expiration - now.sec),
|
||||||
|
entry->opportunistic);
|
||||||
|
if (os_snprintf_error(buf + len - pos, ret))
|
||||||
|
return pos - buf;
|
||||||
|
pos += ret;
|
||||||
|
entry = entry->next;
|
||||||
|
}
|
||||||
|
return pos - buf;
|
||||||
|
}
|
||||||
|
@ -63,5 +63,6 @@ void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
|
|||||||
struct rsn_pmksa_cache_entry *entry);
|
struct rsn_pmksa_cache_entry *entry);
|
||||||
int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
|
int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
|
||||||
struct radius_das_attrs *attr);
|
struct radius_das_attrs *attr);
|
||||||
|
int pmksa_cache_auth_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len);
|
||||||
|
|
||||||
#endif /* PMKSA_CACHE_H */
|
#endif /* PMKSA_CACHE_H */
|
||||||
|
@ -3359,6 +3359,15 @@ void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
|
||||||
|
size_t len)
|
||||||
|
{
|
||||||
|
if (!wpa_auth || !wpa_auth->pmksa)
|
||||||
|
return 0;
|
||||||
|
return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Remove and free the group from wpa_authenticator. This is triggered by a
|
* Remove and free the group from wpa_authenticator. This is triggered by a
|
||||||
* callback to make sure nobody is currently iterating the group list while it
|
* callback to make sure nobody is currently iterating the group list while it
|
||||||
|
@ -298,6 +298,8 @@ int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
|||||||
const u8 *pmk, const u8 *pmkid);
|
const u8 *pmk, const u8 *pmkid);
|
||||||
void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
|
void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
|
||||||
const u8 *sta_addr);
|
const u8 *sta_addr);
|
||||||
|
int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
|
||||||
|
size_t len);
|
||||||
int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
|
int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
|
||||||
void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
|
void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
|
||||||
struct wpa_state_machine *sm, int ack);
|
struct wpa_state_machine *sm, int ack);
|
||||||
|
@ -1366,6 +1366,44 @@ int wpas_ap_stop_ap(struct wpa_supplicant *wpa_s)
|
|||||||
#endif /* CONFIG_CTRL_IFACE */
|
#endif /* CONFIG_CTRL_IFACE */
|
||||||
|
|
||||||
|
|
||||||
|
int wpas_ap_pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf,
|
||||||
|
size_t len)
|
||||||
|
{
|
||||||
|
size_t reply_len = 0, i;
|
||||||
|
char ap_delimiter[] = "---- AP ----\n";
|
||||||
|
char mesh_delimiter[] = "---- mesh ----\n";
|
||||||
|
size_t dlen;
|
||||||
|
|
||||||
|
if (wpa_s->ap_iface) {
|
||||||
|
dlen = os_strlen(ap_delimiter);
|
||||||
|
if (dlen > len - reply_len)
|
||||||
|
return reply_len;
|
||||||
|
os_memcpy(&buf[reply_len], ap_delimiter, dlen);
|
||||||
|
reply_len += dlen;
|
||||||
|
|
||||||
|
for (i = 0; i < wpa_s->ap_iface->num_bss; i++) {
|
||||||
|
reply_len += hostapd_ctrl_iface_pmksa_list(
|
||||||
|
wpa_s->ap_iface->bss[i],
|
||||||
|
&buf[reply_len], len - reply_len);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wpa_s->ifmsh) {
|
||||||
|
dlen = os_strlen(mesh_delimiter);
|
||||||
|
if (dlen > len - reply_len)
|
||||||
|
return reply_len;
|
||||||
|
os_memcpy(&buf[reply_len], mesh_delimiter, dlen);
|
||||||
|
reply_len += dlen;
|
||||||
|
|
||||||
|
reply_len += hostapd_ctrl_iface_pmksa_list(
|
||||||
|
wpa_s->ifmsh->bss[0], &buf[reply_len],
|
||||||
|
len - reply_len);
|
||||||
|
}
|
||||||
|
|
||||||
|
return reply_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef NEED_AP_MLME
|
#ifdef NEED_AP_MLME
|
||||||
void wpas_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
|
void wpas_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
|
||||||
struct dfs_event *radar)
|
struct dfs_event *radar)
|
||||||
|
@ -82,6 +82,9 @@ int wpa_supplicant_conf_ap_ht(struct wpa_supplicant *wpa_s,
|
|||||||
|
|
||||||
int wpas_ap_stop_ap(struct wpa_supplicant *wpa_s);
|
int wpas_ap_stop_ap(struct wpa_supplicant *wpa_s);
|
||||||
|
|
||||||
|
int wpas_ap_pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf,
|
||||||
|
size_t len);
|
||||||
|
|
||||||
void wpas_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
|
void wpas_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
|
||||||
struct dfs_event *radar);
|
struct dfs_event *radar);
|
||||||
void wpas_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
|
void wpas_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
|
||||||
|
@ -8354,6 +8354,20 @@ static int wpas_ctrl_iface_mac_rand_scan(struct wpa_supplicant *wpa_s,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int wpas_ctrl_iface_pmksa(struct wpa_supplicant *wpa_s,
|
||||||
|
char *buf, size_t buflen)
|
||||||
|
{
|
||||||
|
size_t reply_len;
|
||||||
|
|
||||||
|
reply_len = wpa_sm_pmksa_cache_list(wpa_s->wpa, buf, buflen);
|
||||||
|
#ifdef CONFIG_AP
|
||||||
|
reply_len += wpas_ap_pmksa_cache_list(wpa_s, &buf[reply_len],
|
||||||
|
buflen - reply_len);
|
||||||
|
#endif /* CONFIG_AP */
|
||||||
|
return reply_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int wpas_ctrl_cmd_debug_level(const char *cmd)
|
static int wpas_ctrl_cmd_debug_level(const char *cmd)
|
||||||
{
|
{
|
||||||
if (os_strcmp(cmd, "PING") == 0 ||
|
if (os_strcmp(cmd, "PING") == 0 ||
|
||||||
@ -8425,8 +8439,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
|
|||||||
reply_len = wpa_supplicant_ctrl_iface_status(
|
reply_len = wpa_supplicant_ctrl_iface_status(
|
||||||
wpa_s, buf + 6, reply, reply_size);
|
wpa_s, buf + 6, reply, reply_size);
|
||||||
} else if (os_strcmp(buf, "PMKSA") == 0) {
|
} else if (os_strcmp(buf, "PMKSA") == 0) {
|
||||||
reply_len = wpa_sm_pmksa_cache_list(wpa_s->wpa, reply,
|
reply_len = wpas_ctrl_iface_pmksa(wpa_s, reply, reply_size);
|
||||||
reply_size);
|
|
||||||
} else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) {
|
} else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) {
|
||||||
wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
|
wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
|
||||||
} else if (os_strncmp(buf, "SET ", 4) == 0) {
|
} else if (os_strncmp(buf, "SET ", 4) == 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user