Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Interworking: Add required_roaming_consortium parameter for credentials

This allows credentials to be limited from being used to connect to a
network unless the AP advertises a matching roaming consortium OI.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 12 years ago
parent
a83e5749ac
commit
f47c145285
3 changed files with 47 additions and 0 deletions
Split View Show Diff Stats
  1. 15 0
      wpa_supplicant/config.c
  2. 3 0
      wpa_supplicant/config.h
  3. 29 0
      wpa_supplicant/interworking.c

+ 15 - 0
wpa_supplicant/config.c
View File 

@@ -2487,6 +2487,21 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
 
 		return 0;
 
 	}
 
 
+	if (os_strcmp(var, "required_roaming_consortium") == 0) {
 
+		if (len < 3 || len > sizeof(cred->required_roaming_consortium))
 
+		{
 
+			wpa_printf(MSG_ERROR, "Line %d: invalid "
 
+				   "required_roaming_consortium length %d "
 
+				   "(3..15 expected)", line, (int) len);
 
+			os_free(val);
 
+			return -1;
 
+		}
 
+		os_memcpy(cred->required_roaming_consortium, val, len);
 
+		cred->required_roaming_consortium_len = len;
 
+		os_free(val);
 
+		return 0;
 
+	}
 
+
 
 	if (os_strcmp(var, "excluded_ssid") == 0) {
 
 		struct excluded_ssid *e;

+ 3 - 0
wpa_supplicant/config.h
View File 

@@ -200,6 +200,9 @@ struct wpa_cred {
 
 	 */
 
 	size_t roaming_consortium_len;
 
 
+	u8 required_roaming_consortium[15];
 
+	size_t required_roaming_consortium_len;
 
+
 
 	/**
 
 	 * eap_method - EAP method to use
 
 	 *

+ 29 - 0
wpa_supplicant/interworking.c
View File 

@@ -112,6 +112,8 @@ static int cred_with_roaming_consortium(struct wpa_supplicant *wpa_s)
 
 	for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
 
 		if (cred->roaming_consortium_len)
 
 			return 1;
 
+		if (cred->required_roaming_consortium_len)
 
+			return 1;
 
 	}
 
 	return 0;
 
 }
 
@@ -944,6 +946,27 @@ static int roaming_consortium_match(const u8 *ie, const struct wpabuf *anqp,
 
 }
 
 
 
+static int cred_no_required_oi_match(struct wpa_cred *cred, struct wpa_bss *bss)
 
+{
 
+	const u8 *ie;
 
+
 
+	if (cred->required_roaming_consortium_len == 0)
 
+		return 0;
 
+
 
+	ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
 
+
 
+	if (ie == NULL &&
 
+	    (bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
 
+		return 1;
 
+
 
+	return !roaming_consortium_match(ie,
 
+					 bss->anqp ?
 
+					 bss->anqp->roaming_consortium : NULL,
 
+					 cred->required_roaming_consortium,
 
+					 cred->required_roaming_consortium_len);
 
+}
 
+
 
+
 
 static int cred_excluded_ssid(struct wpa_cred *cred, struct wpa_bss *bss)
 
 {
 
 	size_t i;
 
@@ -991,6 +1014,8 @@ static struct wpa_cred * interworking_credentials_available_roaming_consortium(
 
 
 		if (cred_excluded_ssid(cred, bss))
 
 			continue;
 
+		if (cred_no_required_oi_match(cred, bss))
 
+			continue;
 
 
 		if (selected == NULL ||
 
 		    selected->priority < cred->priority)
 
@@ -1409,6 +1434,8 @@ static struct wpa_cred * interworking_credentials_available_3gpp(
 
 		if (ret) {
 
 			if (cred_excluded_ssid(cred, bss))
 
 				continue;
 
+			if (cred_no_required_oi_match(cred, bss))
 
+				continue;
 
 			if (selected == NULL ||
 
 			    selected->priority < cred->priority)
 
 				selected = cred;
 
@@ -1451,6 +1478,8 @@ static struct wpa_cred * interworking_credentials_available_realm(
 
 			if (nai_realm_find_eap(cred, &realm[i])) {
 
 				if (cred_excluded_ssid(cred, bss))
 
 					continue;
 
+				if (cred_no_required_oi_match(cred, bss))
 
+					continue;
 
 				if (selected == NULL ||
 
 				    selected->priority < cred->priority)
 
 					selected = cred;