AP: Introduce sta authorized wrappers

To enable making state change notifications on the WLAN_STA_AUTHORIZED
flag, introduce ap_sta_set_authorized(), and to reduce use of the flag
itself also add a wrapper for testing the flag: ap_sta_is_authorized().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

hostapd/dump_state.c

@@ -115,8 +115,7 @@ static void hostapd_dump_state(struct hostapd_data *hapd)
 			(sta->flags & WLAN_STA_PS ? "[PS]" : ""),
 			(sta->flags & WLAN_STA_TIM ? "[TIM]" : ""),
 			(sta->flags & WLAN_STA_PERM ? "[PERM]" : ""),
-			(sta->flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" :
-			 ""),
+			(ap_sta_is_authorized(sta) ? "[AUTHORIZED]" : ""),
 			(sta->flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
 			 ""),
 			(sta->flags & WLAN_STA_SHORT_PREAMBLE ?

src/ap/ieee802_11.c

@@ -1655,7 +1655,7 @@ static void handle_assoc_cb(struct hostapd_data *hapd,
 		 * Open, static WEP, or FT protocol; no separate authorization
 		 * step.
 		 */
-		sta->flags |= WLAN_STA_AUTHORIZED;
+		ap_sta_set_authorized(hapd, sta, 1);
 		wpa_msg(hapd->msg_ctx, MSG_INFO,
 			AP_STA_CONNECTED MACSTR, MAC2STR(sta->addr));
 	}

src/ap/ieee802_1x.c

@@ -89,20 +89,19 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
 		return;
 
 	if (authorized) {
-		if (!(sta->flags & WLAN_STA_AUTHORIZED))
+		if (!ap_sta_is_authorized(sta))
 			wpa_msg(hapd->msg_ctx, MSG_INFO,
 				AP_STA_CONNECTED MACSTR, MAC2STR(sta->addr));
-		sta->flags |= WLAN_STA_AUTHORIZED;
+		ap_sta_set_authorized(hapd, sta, 1);
 		res = hostapd_set_authorized(hapd, sta, 1);
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
 			       HOSTAPD_LEVEL_DEBUG, "authorizing port");
 	} else {
-		if ((sta->flags & (WLAN_STA_AUTHORIZED | WLAN_STA_ASSOC)) ==
-		    (WLAN_STA_AUTHORIZED | WLAN_STA_ASSOC))
+		if (ap_sta_is_authorized(sta) && (sta->flags & WLAN_STA_ASSOC))
 			wpa_msg(hapd->msg_ctx, MSG_INFO,
 				AP_STA_DISCONNECTED MACSTR,
 				MAC2STR(sta->addr));
-		sta->flags &= ~WLAN_STA_AUTHORIZED;
+		ap_sta_set_authorized(hapd, sta, 0);
 		res = hostapd_set_authorized(hapd, sta, 0);
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
 			       HOSTAPD_LEVEL_DEBUG, "unauthorizing port");
@@ -802,7 +801,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
 
 	case IEEE802_1X_TYPE_EAPOL_KEY:
 		wpa_printf(MSG_DEBUG, "   EAPOL-Key");
-		if (!(sta->flags & WLAN_STA_AUTHORIZED)) {
+		if (!ap_sta_is_authorized(sta)) {
 			wpa_printf(MSG_DEBUG, "   Dropped key data from "
 				   "unauthorized Supplicant");
 			break;

src/ap/sta_info.c

@@ -124,6 +124,9 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
 
 	accounting_sta_stop(hapd, sta);
 
+	/* just in case */
+	ap_sta_set_authorized(hapd, sta, 0);
+
 	if (sta->flags & WLAN_STA_WDS)
 		hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 0);
 
@@ -750,6 +753,19 @@ void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
 #endif /* CONFIG_IEEE80211W */
 
 
+void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+			   int authorized)
+{
+	if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
+		return;
+
+	if (authorized)
+		sta->flags |= WLAN_STA_AUTHORIZED;
+	else
+		sta->flags &= ~WLAN_STA_AUTHORIZED;
+}
+
+
 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
 		       const u8 *addr, u16 reason)
 {
@@ -762,7 +778,8 @@ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
 
 	if (sta == NULL)
 		return;
-	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
+	ap_sta_set_authorized(hapd, sta, 0);
+	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
 	eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
 	sta->timeout_next = STA_REMOVE;

src/ap/sta_info.h

@@ -154,4 +154,11 @@ int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta);
 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
 		       const u8 *addr, u16 reason);
 
+void ap_sta_set_authorized(struct hostapd_data *hapd,
+			   struct sta_info *sta, int authorized);
+static inline int ap_sta_is_authorized(struct sta_info *sta)
+{
+	return sta->flags & WLAN_STA_AUTHORIZED;
+}
+
 #endif /* STA_INFO_H */

src/ap/tkip_countermeasures.c

@@ -53,8 +53,8 @@ static void ieee80211_tkip_countermeasures_start(struct hostapd_data *hapd)
 	for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
 		hostapd_drv_sta_deauth(hapd, sta->addr,
 				       WLAN_REASON_MICHAEL_MIC_FAILURE);
-		sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
-				WLAN_STA_AUTHORIZED);
+		ap_sta_set_authorized(hapd, sta, 0);
+		sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
 		hostapd_drv_sta_remove(hapd, sta->addr);
 	}
 }