Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-28 18:28:23 -05:00
Code Issues Projects Releases Wiki Activity

Interworking: Add required_roaming_consortium parameter for credentials

Browse Source 
This allows credentials to be limited from being used to connect to a
network unless the AP advertises a matching roaming consortium OI.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2013-01-29 21:34:47 -08:00 committed by Jouni Malinen
parent a83e5749ac
commit f47c145285
3 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
wpa_supplicant/config.c
View File

@ -2487,6 +2487,21 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
return 0; return 0;
} }
if (os_strcmp(var, "required_roaming_consortium") == 0) {
if (len < 3 || len > sizeof(cred->required_roaming_consortium))
{
wpa_printf(MSG_ERROR, "Line %d: invalid "
"required_roaming_consortium length %d "
"(3..15 expected)", line, (int) len);
os_free(val);
return -1;
}
os_memcpy(cred->required_roaming_consortium, val, len);
cred->required_roaming_consortium_len = len;
os_free(val);
return 0;
}
if (os_strcmp(var, "excluded_ssid") == 0) { if (os_strcmp(var, "excluded_ssid") == 0) {
struct excluded_ssid *e; struct excluded_ssid *e;

3
wpa_supplicant/config.h
View File

@ -200,6 +200,9 @@ struct wpa_cred {
*/ */
size_t roaming_consortium_len; size_t roaming_consortium_len;
u8 required_roaming_consortium[15];
size_t required_roaming_consortium_len;
/** /**
* eap_method - EAP method to use * eap_method - EAP method to use
* *

29
wpa_supplicant/interworking.c
View File

@ -112,6 +112,8 @@ static int cred_with_roaming_consortium(struct wpa_supplicant *wpa_s)
for (cred = wpa_s->conf->cred; cred; cred = cred->next) { for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
if (cred->roaming_consortium_len) if (cred->roaming_consortium_len)
return 1; return 1;
if (cred->required_roaming_consortium_len)
return 1;
} }
return 0; return 0;
} }
@ -944,6 +946,27 @@ static int roaming_consortium_match(const u8 *ie, const struct wpabuf *anqp,
} }
static int cred_no_required_oi_match(struct wpa_cred *cred, struct wpa_bss *bss)
{
const u8 *ie;
if (cred->required_roaming_consortium_len == 0)
return 0;
ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
if (ie == NULL &&
(bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
return 1;
return !roaming_consortium_match(ie,
bss->anqp ?
bss->anqp->roaming_consortium : NULL,
cred->required_roaming_consortium,
cred->required_roaming_consortium_len);
}
static int cred_excluded_ssid(struct wpa_cred *cred, struct wpa_bss *bss) static int cred_excluded_ssid(struct wpa_cred *cred, struct wpa_bss *bss)
{ {
size_t i; size_t i;
@ -991,6 +1014,8 @@ static struct wpa_cred * interworking_credentials_available_roaming_consortium(
if (cred_excluded_ssid(cred, bss)) if (cred_excluded_ssid(cred, bss))
continue; continue;
if (cred_no_required_oi_match(cred, bss))
continue;
if (selected == NULL || if (selected == NULL ||
selected->priority < cred->priority) selected->priority < cred->priority)
@ -1409,6 +1434,8 @@ static struct wpa_cred * interworking_credentials_available_3gpp(
if (ret) { if (ret) {
if (cred_excluded_ssid(cred, bss)) if (cred_excluded_ssid(cred, bss))
continue; continue;
if (cred_no_required_oi_match(cred, bss))
continue;
if (selected == NULL || if (selected == NULL ||
selected->priority < cred->priority) selected->priority < cred->priority)
selected = cred; selected = cred;
@ -1451,6 +1478,8 @@ static struct wpa_cred * interworking_credentials_available_realm(
if (nai_realm_find_eap(cred, &realm[i])) { if (nai_realm_find_eap(cred, &realm[i])) {
if (cred_excluded_ssid(cred, bss)) if (cred_excluded_ssid(cred, bss))
continue; continue;
if (cred_no_required_oi_match(cred, bss))
continue;
if (selected == NULL || if (selected == NULL ||
selected->priority < cred->priority) selected->priority < cred->priority)
selected = cred; selected = cred;