📄 wmgr.c
字号:
VOID
vMgrDeAuthenBeginSta(
IN HANDLE hDeviceContext,
IN PSMgmtObject pMgmt,
IN PBYTE abyDestAddress,
IN WORD wReason,
OUT PCMD_STATUS pStatus
)
{
PSDevice pDevice = (PSDevice)hDeviceContext;
WLAN_FR_DEAUTHEN sFrame;
PSTxMgmtPacket pTxPacket = NULL;
pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DEAUTHEN_FR_MAXLEN);
pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
sFrame.len = WLAN_DEAUTHEN_FR_MAXLEN;
vMgrEncodeDeauthen(&sFrame);
/* insert values */
sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
(
WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DEAUTHEN)
));
memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
*(sFrame.pwReason) = cpu_to_le16(wReason); // deauthen. bcs left BSS
/* Adjust the length fields */
pTxPacket->cbMPDULen = sFrame.len;
pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
*pStatus = csMgmt_xmit(pDevice, pTxPacket);
if (*pStatus == CMD_STATUS_PENDING){
*pStatus = CMD_STATUS_SUCCESS;
}
return ;
}
/*+
*
* Routine Description:
* Handle incoming authentication frames.
*
* Return Value:
* None.
*
-*/
static
VOID
s_vMgrRxAuthentication(
IN PSDevice pDevice,
IN PSMgmtObject pMgmt,
IN PSRxMgmtPacket pRxPacket
)
{
WLAN_FR_AUTHEN sFrame;
// we better be an AP or a STA in AUTHPENDING otherwise ignore
if (!(pMgmt->eCurrMode == WMAC_MODE_ESS_AP ||
pMgmt->eCurrState == WMAC_STATE_AUTHPENDING)) {
return;
}
// decode the frame
sFrame.len = pRxPacket->cbMPDULen;
sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
vMgrDecodeAuthen(&sFrame);
switch (cpu_to_le16((*(sFrame.pwAuthSequence )))){
case 1:
//AP funciton
s_vMgrRxAuthenSequence_1(pDevice,pMgmt, &sFrame);
break;
case 2:
s_vMgrRxAuthenSequence_2(pDevice, pMgmt, &sFrame);
break;
case 3:
//AP funciton
s_vMgrRxAuthenSequence_3(pDevice, pMgmt, &sFrame);
break;
case 4:
s_vMgrRxAuthenSequence_4(pDevice, pMgmt, &sFrame);
break;
default:
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Auth Sequence error, seq = %d\n",
cpu_to_le16((*(sFrame.pwAuthSequence))));
break;
}
return;
}
/*+
*
* Routine Description:
* Handles incoming authen frames with sequence 1. Currently
* assumes we're an AP. So far, no one appears to use authentication
* in Ad-Hoc mode.
*
* Return Value:
* None.
*
-*/
static
VOID
s_vMgrRxAuthenSequence_1(
IN PSDevice pDevice,
IN PSMgmtObject pMgmt,
IN PWLAN_FR_AUTHEN pFrame
)
{
PSTxMgmtPacket pTxPacket = NULL;
UINT uNodeIndex;
WLAN_FR_AUTHEN sFrame;
PSKeyItem pTransmitKey;
// Insert a Node entry
if (!BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, pFrame->pHdr->sA3.abyAddr2,
WLAN_ADDR_LEN);
}
if (pMgmt->bShareKeyAlgorithm) {
pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_KNOWN;
pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 1;
}
else {
pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
}
// send auth reply
pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
// format buffer structure
vMgrEncodeAuthen(&sFrame);
// insert values
sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
(
WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
WLAN_SET_FC_ISWEP(0)
));
memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
*(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
*(sFrame.pwAuthSequence) = cpu_to_le16(2);
if (cpu_to_le16(*(pFrame->pwAuthAlgorithm)) == WLAN_AUTH_ALG_SHAREDKEY) {
if (pMgmt->bShareKeyAlgorithm)
*(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
else
*(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
}
else {
if (pMgmt->bShareKeyAlgorithm)
*(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
else
*(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
}
if (pMgmt->bShareKeyAlgorithm &&
(cpu_to_le16(*(sFrame.pwStatus)) == WLAN_MGMT_STATUS_SUCCESS)) {
sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
sFrame.len += WLAN_CHALLENGE_IE_LEN;
sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
memset(pMgmt->abyChallenge, 0, WLAN_CHALLENGE_LEN);
// get group key
if(KeybGetTransmitKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, GROUP_KEY, &pTransmitKey) == TRUE) {
rc4_init(&pDevice->SBox, pDevice->abyPRNG, pTransmitKey->uKeyLength+3);
rc4_encrypt(&pDevice->SBox, pMgmt->abyChallenge, pMgmt->abyChallenge, WLAN_CHALLENGE_LEN);
}
memcpy(sFrame.pChallenge->abyChallenge, pMgmt->abyChallenge , WLAN_CHALLENGE_LEN);
}
/* Adjust the length fields */
pTxPacket->cbMPDULen = sFrame.len;
pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
// send the frame
if (pDevice->bEnableHostapd) {
return;
}
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx.. \n");
if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx failed.\n");
}
return;
}
/*+
*
* Routine Description:
* Handles incoming auth frames with sequence number 2. Currently
* assumes we're a station.
*
*
* Return Value:
* None.
*
-*/
static
VOID
s_vMgrRxAuthenSequence_2(
IN PSDevice pDevice,
IN PSMgmtObject pMgmt,
IN PWLAN_FR_AUTHEN pFrame
)
{
WLAN_FR_AUTHEN sFrame;
PSTxMgmtPacket pTxPacket = NULL;
switch (cpu_to_le16((*(pFrame->pwAuthAlgorithm))))
{
case WLAN_AUTH_ALG_OPENSYSTEM:
if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Successful.\n");
pMgmt->eCurrState = WMAC_STATE_AUTH;
}
else {
DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Failed.\n");
s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
pMgmt->eCurrState = WMAC_STATE_IDLE;
}
if (pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
// spin_unlock_irq(&pDevice->lock);
// vCommandTimerWait((HANDLE)pDevice, 0);
// spin_lock_irq(&pDevice->lock);
}
break;
case WLAN_AUTH_ALG_SHAREDKEY:
if (cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS) {
pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
// format buffer structure
vMgrEncodeAuthen(&sFrame);
// insert values
sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
(
WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
WLAN_SET_FC_ISWEP(1)
));
memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
*(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
*(sFrame.pwAuthSequence) = cpu_to_le16(3);
*(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
sFrame.len += WLAN_CHALLENGE_IE_LEN;
sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
memcpy( sFrame.pChallenge->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN);
// Adjust the length fields
pTxPacket->cbMPDULen = sFrame.len;
pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
// send the frame
if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx failed.\n");
}
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx ...\n");
}
else {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:rx Auth_reply sequence_2 status error ...\n");
if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
// spin_unlock_irq(&pDevice->lock);
// vCommandTimerWait((HANDLE)pDevice, 0);
// spin_lock_irq(&pDevice->lock);
}
s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
}
break;
default:
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt: rx auth.seq = 2 unknown AuthAlgorithm=%d\n", cpu_to_le16((*(pFrame->pwAuthAlgorithm))));
break;
}
return;
}
/*+
*
* Routine Description:
* Handles incoming authen frames with sequence 3. Currently
* assumes we're an AP. This function assumes the frame has
* already been successfully decrypted.
*
*
* Return Value:
* None.
*
-*/
static
VOID
s_vMgrRxAuthenSequence_3(
IN PSDevice pDevice,
IN PSMgmtObject pMgmt,
IN PWLAN_FR_AUTHEN pFrame
)
{
PSTxMgmtPacket pTxPacket = NULL;
UINT uStatusCode = 0 ;
UINT uNodeIndex = 0;
WLAN_FR_AUTHEN sFrame;
if (!WLAN_GET_FC_ISWEP(pFrame->pHdr->sA3.wFrameCtl)) {
uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
goto reply;
}
if (BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
if (pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence != 1) {
uStatusCode = WLAN_MGMT_STATUS_RX_AUTH_NOSEQ;
goto reply;
}
if (memcmp(pMgmt->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN) != 0) {
uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
goto reply;
}
}
else {
uStatusCode = WLAN_MGMT_STATUS_UNSPEC_FAILURE;
goto reply;
}
if (uNodeIndex) {
pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 0;
}
uStatusCode = WLAN_MGMT_STATUS_SUCCESS;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Challenge text check ok..\n");
reply:
// send auth reply
pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
// format buffer structure
vMgrEncodeAuthen(&sFrame);
/* insert values */
sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
(
WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
WLAN_SET_FC_ISWEP(0)
));
memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
*(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
*(sFrame.pwAuthSequence) = cpu_to_le16(4);
*(sFrame.pwStatus) = cpu_to_le16(uStatusCode);
/* Adjust the length fields */
pTxPacket->cbMPDULen = sFrame.len;
pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
// send the frame
if (pDevice->bEnableHostapd) {
return;
}
if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_4 tx failed.\n");
}
return;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -