[PATCH] ath10k: fix station authorization

Michal Kazior <michal.kazior@xxxxxxxxx> · Fri, 4 Oct 2013 10:30:28 +0200

Peer authorization should be delayed until
mac80211 says given station has transitioned into
authorized state.

The state is propagated from mac80211 for both
open and protected networks.

This should prevent data traffic to/from given
station until authorization completes. Until now
it was probably possible for unauthorized traffic
to pass leading to possible security issues.

Signed-off-by: Michal Kazior <michal.kazior@xxxxxxxxx>
---
I've been keeping this patch in my closet apparently.

Tested briefly and seems there are no regressions.

 drivers/net/wireless/ath/ath10k/mac.c |   27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index 8684e03..0175d22 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -781,7 +781,6 @@ static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
 	memcpy(arg->addr, sta->addr, ETH_ALEN);
 	arg->vdev_id = arvif->vdev_id;
 	arg->peer_aid = sta->aid;
-	arg->peer_flags |= WMI_PEER_AUTH;
 
 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
 		/*
@@ -2603,6 +2602,32 @@ static int ath10k_sta_state(struct ieee80211_hw *hw,
 		if (ret)
 			ath10k_warn("Failed to disassociate station: %pM\n",
 				    sta->addr);
+	} else if (old_state == IEEE80211_STA_ASSOC &&
+		   new_state == IEEE80211_STA_AUTHORIZED) {
+		/*
+		 * Authorization
+		 */
+		ath10k_dbg(ATH10K_DBG_MAC, "mac sta %pM authorized\n",
+			   sta->addr);
+
+		ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
+						WMI_PEER_AUTHORIZE, 1);
+		if (ret)
+			ath10k_warn("Failed to authorize station: %pM\n",
+				    sta->addr);
+	} else if (old_state == IEEE80211_STA_AUTHORIZED &&
+		   new_state == IEEE80211_STA_ASSOC) {
+		/*
+		 * De-Authorization
+		 */
+		ath10k_dbg(ATH10K_DBG_MAC, "mac sta %pM de-authorized\n",
+			   sta->addr);
+
+		ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
+						WMI_PEER_AUTHORIZE, 0);
+		if (ret)
+			ath10k_warn("Failed to de-authorize station: %pM\n",
+				    sta->addr);
 	}
 
 	mutex_unlock(&ar->conf_mutex);
-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







