mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
Interworking: Allow roaming partner configuration
The new roaming_partner parameter within a cred block can be used to configure priorities for roaming partners. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
ae6f927258
commit
bc00053c9d
@ -213,6 +213,13 @@ Credentials can be pre-configured for automatic network selection:
|
||||
# matching with the network. Multiple entries can be used to specify more
|
||||
# than one SSID.
|
||||
#
|
||||
# roaming_partner: Roaming partner information
|
||||
# This optional field can be used to configure preferences between roaming
|
||||
# partners. The field is a string in following format:
|
||||
# <FQDN>,<0/1 exact match>,<priority>,<* or country code>
|
||||
# (non-exact match means any subdomain matches the entry; priority is in
|
||||
# 0..255 range with 0 being the highest priority)
|
||||
#
|
||||
# for example:
|
||||
#
|
||||
#cred={
|
||||
|
@ -1923,6 +1923,7 @@ void wpa_config_free_cred(struct wpa_cred *cred)
|
||||
os_free(cred->phase1);
|
||||
os_free(cred->phase2);
|
||||
os_free(cred->excluded_ssid);
|
||||
os_free(cred->roaming_partner);
|
||||
os_free(cred);
|
||||
}
|
||||
|
||||
@ -2590,6 +2591,63 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (os_strcmp(var, "roaming_partner") == 0) {
|
||||
struct roaming_partner *p;
|
||||
char *pos;
|
||||
|
||||
p = os_realloc_array(cred->roaming_partner,
|
||||
cred->num_roaming_partner + 1,
|
||||
sizeof(struct roaming_partner));
|
||||
if (p == NULL) {
|
||||
os_free(val);
|
||||
return -1;
|
||||
}
|
||||
cred->roaming_partner = p;
|
||||
|
||||
p = &cred->roaming_partner[cred->num_roaming_partner];
|
||||
|
||||
pos = os_strchr(val, ',');
|
||||
if (pos == NULL) {
|
||||
os_free(val);
|
||||
return -1;
|
||||
}
|
||||
*pos++ = '\0';
|
||||
if (pos - val - 1 >= (int) sizeof(p->fqdn)) {
|
||||
os_free(val);
|
||||
return -1;
|
||||
}
|
||||
os_memcpy(p->fqdn, val, pos - val);
|
||||
|
||||
p->exact_match = atoi(pos);
|
||||
|
||||
pos = os_strchr(pos, ',');
|
||||
if (pos == NULL) {
|
||||
os_free(val);
|
||||
return -1;
|
||||
}
|
||||
*pos++ = '\0';
|
||||
|
||||
p->priority = atoi(pos);
|
||||
|
||||
pos = os_strchr(pos, ',');
|
||||
if (pos == NULL) {
|
||||
os_free(val);
|
||||
return -1;
|
||||
}
|
||||
*pos++ = '\0';
|
||||
|
||||
if (os_strlen(pos) >= sizeof(p->country)) {
|
||||
os_free(val);
|
||||
return -1;
|
||||
}
|
||||
os_memcpy(p->country, pos, os_strlen(pos) + 1);
|
||||
|
||||
cred->num_roaming_partner++;
|
||||
os_free(val);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (line) {
|
||||
wpa_printf(MSG_ERROR, "Line %d: unknown cred field '%s'.",
|
||||
line, var);
|
||||
|
@ -236,6 +236,14 @@ struct wpa_cred {
|
||||
size_t ssid_len;
|
||||
} *excluded_ssid;
|
||||
size_t num_excluded_ssid;
|
||||
|
||||
struct roaming_partner {
|
||||
char fqdn[128];
|
||||
int exact_match;
|
||||
u8 priority;
|
||||
char country[3];
|
||||
} *roaming_partner;
|
||||
size_t num_roaming_partner;
|
||||
};
|
||||
|
||||
|
||||
|
@ -796,6 +796,14 @@ static void wpa_config_write_cred(FILE *f, struct wpa_cred *cred)
|
||||
fprintf(f, "\n");
|
||||
}
|
||||
}
|
||||
if (cred->roaming_partner) {
|
||||
for (i = 0; i < cred->num_roaming_partner; i++) {
|
||||
struct roaming_partner *p = &cred->roaming_partner[i];
|
||||
fprintf(f, "\troaming_partner=\"%s,%d,%u,%s\"\n",
|
||||
p->fqdn, p->exact_match, p->priority,
|
||||
p->country);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -155,7 +155,8 @@ static int cred_with_domain(struct wpa_supplicant *wpa_s)
|
||||
struct wpa_cred *cred;
|
||||
|
||||
for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
|
||||
if (cred->domain || cred->pcsc || cred->imsi)
|
||||
if (cred->domain || cred->pcsc || cred->imsi ||
|
||||
cred->roaming_partner)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@ -1630,7 +1631,7 @@ static struct wpa_cred * interworking_credentials_available(
|
||||
|
||||
|
||||
static int domain_name_list_contains(struct wpabuf *domain_names,
|
||||
const char *domain)
|
||||
const char *domain, int exact_match)
|
||||
{
|
||||
const u8 *pos, *end;
|
||||
size_t len;
|
||||
@ -1648,6 +1649,12 @@ static int domain_name_list_contains(struct wpabuf *domain_names,
|
||||
if (pos[0] == len &&
|
||||
os_strncasecmp(domain, (const char *) (pos + 1), len) == 0)
|
||||
return 1;
|
||||
if (!exact_match && pos[0] > len && pos[pos[0] - len] == '.') {
|
||||
const char *ap = (const char *) (pos + 1);
|
||||
int offset = pos[0] - len;
|
||||
if (os_strncasecmp(domain, ap + offset, len) == 0)
|
||||
return 1;
|
||||
}
|
||||
|
||||
pos += 1 + pos[0];
|
||||
}
|
||||
@ -1690,7 +1697,7 @@ int interworking_home_sp_cred(struct wpa_supplicant *wpa_s,
|
||||
wpa_printf(MSG_DEBUG, "Interworking: Search for match "
|
||||
"with SIM/USIM domain %s", realm);
|
||||
if (realm &&
|
||||
domain_name_list_contains(domain_names, realm))
|
||||
domain_name_list_contains(domain_names, realm, 1))
|
||||
return 1;
|
||||
if (realm)
|
||||
ret = 0;
|
||||
@ -1703,7 +1710,7 @@ int interworking_home_sp_cred(struct wpa_supplicant *wpa_s,
|
||||
for (i = 0; i < cred->num_domain; i++) {
|
||||
wpa_printf(MSG_DEBUG, "Interworking: Search for match with "
|
||||
"home SP FQDN %s", cred->domain[i]);
|
||||
if (domain_name_list_contains(domain_names, cred->domain[i]))
|
||||
if (domain_name_list_contains(domain_names, cred->domain[i], 1))
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1755,6 +1762,73 @@ static int interworking_find_network_match(struct wpa_supplicant *wpa_s)
|
||||
}
|
||||
|
||||
|
||||
static int roaming_partner_match(struct wpa_supplicant *wpa_s,
|
||||
struct roaming_partner *partner,
|
||||
struct wpabuf *domain_names)
|
||||
{
|
||||
if (!domain_name_list_contains(domain_names, partner->fqdn,
|
||||
partner->exact_match))
|
||||
return 0;
|
||||
/* TODO: match Country */
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static u8 roaming_prio(struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
|
||||
struct wpa_bss *bss)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
if (bss->anqp == NULL || bss->anqp->domain_name == NULL)
|
||||
return 128; /* cannot check preference with domain name */
|
||||
|
||||
if (interworking_home_sp_cred(wpa_s, cred, bss->anqp->domain_name) > 0)
|
||||
return 0; /* max preference for home SP network */
|
||||
|
||||
for (i = 0; i < cred->num_roaming_partner; i++) {
|
||||
if (roaming_partner_match(wpa_s, &cred->roaming_partner[i],
|
||||
bss->anqp->domain_name))
|
||||
return cred->roaming_partner[i].priority;
|
||||
}
|
||||
|
||||
return 128;
|
||||
}
|
||||
|
||||
|
||||
static struct wpa_bss * pick_best_roaming_partner(struct wpa_supplicant *wpa_s,
|
||||
struct wpa_bss *selected,
|
||||
struct wpa_cred *cred)
|
||||
{
|
||||
struct wpa_bss *bss;
|
||||
u8 best_prio, prio;
|
||||
|
||||
/*
|
||||
* Check if any other BSS is operated by a more preferred roaming
|
||||
* partner.
|
||||
*/
|
||||
|
||||
best_prio = roaming_prio(wpa_s, cred, selected);
|
||||
|
||||
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
||||
if (bss == selected)
|
||||
continue;
|
||||
cred = interworking_credentials_available(wpa_s, bss);
|
||||
if (!cred)
|
||||
continue;
|
||||
if (!wpa_bss_get_ie(bss, WLAN_EID_RSN))
|
||||
continue;
|
||||
prio = roaming_prio(wpa_s, cred, bss);
|
||||
if (prio < best_prio) {
|
||||
best_prio = prio;
|
||||
selected = bss;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return selected;
|
||||
}
|
||||
|
||||
|
||||
static void interworking_select_network(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
struct wpa_bss *bss, *selected = NULL, *selected_home = NULL;
|
||||
@ -1762,7 +1836,8 @@ static void interworking_select_network(struct wpa_supplicant *wpa_s)
|
||||
unsigned int count = 0;
|
||||
const char *type;
|
||||
int res;
|
||||
struct wpa_cred *cred;
|
||||
struct wpa_cred *cred, *selected_cred = NULL;
|
||||
struct wpa_cred *selected_home_cred = NULL;
|
||||
|
||||
wpa_s->network_select = 0;
|
||||
|
||||
@ -1798,12 +1873,14 @@ static void interworking_select_network(struct wpa_supplicant *wpa_s)
|
||||
cred->priority > selected_prio) {
|
||||
selected = bss;
|
||||
selected_prio = cred->priority;
|
||||
selected_cred = cred;
|
||||
}
|
||||
if (res > 0 &&
|
||||
(selected_home == NULL ||
|
||||
cred->priority > selected_home_prio)) {
|
||||
selected_home = bss;
|
||||
selected_home_prio = cred->priority;
|
||||
selected_home_cred = cred;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1812,6 +1889,7 @@ static void interworking_select_network(struct wpa_supplicant *wpa_s)
|
||||
selected_home_prio >= selected_prio) {
|
||||
/* Prefer network operated by the Home SP */
|
||||
selected = selected_home;
|
||||
selected_cred = selected_home_cred;
|
||||
}
|
||||
|
||||
if (count == 0) {
|
||||
@ -1840,8 +1918,11 @@ static void interworking_select_network(struct wpa_supplicant *wpa_s)
|
||||
"with matching credentials found");
|
||||
}
|
||||
|
||||
if (selected)
|
||||
if (selected) {
|
||||
selected = pick_best_roaming_partner(wpa_s, selected,
|
||||
selected_cred);
|
||||
interworking_connect(wpa_s, selected);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -432,6 +432,13 @@ fast_reauth=1
|
||||
# matching with the network. Multiple entries can be used to specify more
|
||||
# than one SSID.
|
||||
#
|
||||
# roaming_partner: Roaming partner information
|
||||
# This optional field can be used to configure preferences between roaming
|
||||
# partners. The field is a string in following format:
|
||||
# <FQDN>,<0/1 exact match>,<priority>,<* or country code>
|
||||
# (non-exact match means any subdomain matches the entry; priority is in
|
||||
# 0..255 range with 0 being the highest priority)
|
||||
#
|
||||
# for example:
|
||||
#
|
||||
#cred={
|
||||
|
Loading…
Reference in New Issue
Block a user