lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1511400546-10875-1-git-send-email-ishraq.i.ashraf@gmail.com>
Date:   Thu, 23 Nov 2017 02:29:06 +0100
From:   ishraq.i.ashraf@...il.com
To:     gregkh@...uxfoundation.org
Cc:     himanshujha199640@...il.com, goudapatilk@...il.com,
        insafonov@...il.com, devel@...verdev.osuosl.org,
        linux-kernel@...r.kernel.org,
        Ishraq Ibne Ashraf <ishraq.i.ashraf@...il.com>
Subject: [PATCH] staging: rtl8188eu: Fix private WEXT IOCTL calls

From: Ishraq Ibne Ashraf <ishraq.i.ashraf@...il.com>

Commit 8bfb36766064 ("wireless: wext: remove ndo_do_ioctl fallback") breaks private WEXT
IOCTL calls of this driver as these are not invoked through ndo_do_ioctl
interface anymore. As a result hostapd stops working with this driver. In
this patch this problem is solved by implementing equivalent private IOCTL
functions of the existing ones which are accessed via iw_handler_def
interface.

Signed-off-by: Ishraq Ibne Ashraf <ishraq.i.ashraf@...il.com>
---
 drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 1042 ++++++++++++++++++++++++
 1 file changed, 1042 insertions(+)

diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
index c0664dc..7503751 100644
--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
@@ -3061,6 +3061,1046 @@ static iw_handler rtw_handlers[] = {
 	NULL,					/*---hole---*/
 };
 
+static int get_private_handler_ieee_param(struct adapter *padapter,
+	union iwreq_data *wrqu,
+	void *param)
+{
+	/*
+	 * This function is expected to be called in master mode, which allows no
+	 * power saving. So we just check hw_init_completed.
+	 */
+
+	if (!padapter->hw_init_completed)
+		return -EPERM;
+
+	if (!wrqu->data.pointer)
+		return -EINVAL;
+
+	/*
+	 * Since we don't allocate memory for param in this function, we assume
+	 * the caller of this function will properly allocate and deallocate memory
+	 * for param.
+	 */
+	if (copy_from_user(param, wrqu->data.pointer, wrqu->data.length))
+		return -EFAULT;
+
+	return 0;
+}
+
+static int rtw_hostapd_sta_flush_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+
+	DBG_88E("%s\n", __func__);
+
+	flush_all_cam_entry(padapter); // Clear CAM.
+
+	return rtw_sta_flush(padapter);
+}
+
+static int rtw_add_sta_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct sta_info *psta = NULL;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	struct sta_priv *pstapriv = &padapter->stapriv;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_add_sta: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_add_sta: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	DBG_88E("rtw_add_sta(aid =%d) =%pM\n", param->u.add_sta.aid, (param->sta_addr));
+
+	if (!check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)))
+		return -EINVAL;
+
+	if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
+	    param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
+	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
+	      return -EINVAL;
+
+	psta = rtw_get_stainfo(pstapriv, param->sta_addr);
+	if (psta) {
+		int flags = param->u.add_sta.flags;
+		psta->aid = param->u.add_sta.aid; // aid = 1~2007.
+
+		memcpy(psta->bssrateset, param->u.add_sta.tx_supp_rates, 16);
+
+		// Check WMM cap.
+		if (WLAN_STA_WME&flags)
+			psta->qos_option = 1;
+		else
+			psta->qos_option = 0;
+
+		if (pmlmepriv->qospriv.qos_option == 0)
+			psta->qos_option = 0;
+
+		// Check 802.11n HT cap.
+		if (WLAN_STA_HT&flags) {
+			psta->htpriv.ht_option = true;
+			psta->qos_option = 1;
+			memcpy(&psta->htpriv.ht_cap,
+			       &param->u.add_sta.ht_cap,
+			       sizeof(struct ieee80211_ht_cap));
+		} else {
+			psta->htpriv.ht_option = false;
+		}
+
+		if (pmlmepriv->htpriv.ht_option == false)
+			psta->htpriv.ht_option = false;
+
+		update_sta_info_apmode(padapter, psta);
+	} else {
+		ret = -ENOMEM;
+	}
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_del_sta_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct sta_info *psta = NULL;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	struct sta_priv *pstapriv = &padapter->stapriv;
+	int updated = 0;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_del_sta: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_del_sta: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	DBG_88E("rtw_del_sta =%pM\n", (param->sta_addr));
+
+	if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true)
+		return -EINVAL;
+
+	if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
+	    param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
+	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
+	      return -EINVAL;
+
+	psta = rtw_get_stainfo(pstapriv, param->sta_addr);
+	if (psta) {
+		spin_lock_bh(&pstapriv->asoc_list_lock);
+		if (!list_empty(&psta->asoc_list)) {
+			list_del_init(&psta->asoc_list);
+			pstapriv->asoc_list_cnt--;
+			updated = ap_free_sta(padapter, psta, true, WLAN_REASON_DEAUTH_LEAVING);
+		}
+		spin_unlock_bh(&pstapriv->asoc_list_lock);
+		associated_clients_update(padapter, updated);
+		psta = NULL;
+	} else {
+		DBG_88E("rtw_del_sta(), sta has already been removed or never been added\n");
+	}
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_set_beacon_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	int len = 0;
+	unsigned char *pbuf = NULL;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	struct sta_priv *pstapriv = &padapter->stapriv;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_set_beacon: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_set_beacon: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	len = wrqu->data.length;
+	pbuf = param->u.bcn_ie.buf;
+
+	DBG_88E("%s, len =%d\n", __func__, len);
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	memcpy(&pstapriv->max_num_sta, param->u.bcn_ie.reserved, 2);
+
+	if ((pstapriv->max_num_sta > NUM_STA) || (pstapriv->max_num_sta <= 0))
+		pstapriv->max_num_sta = NUM_STA;
+
+	if (rtw_check_beacon_data(padapter, pbuf,  (len-12-2)) == _SUCCESS) //  12 = Param header, 2 = Not packed.
+		ret = 0;
+	else
+		ret = -EINVAL;
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_set_encryption_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	int param_len = 0;
+	struct ieee_param *param = NULL;
+	u32 wep_key_idx, wep_key_len, wep_total_len;
+	struct ndis_802_11_wep	 *pwep = NULL;
+	struct sta_info *psta = NULL, *pbcmc_sta = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv	*pmlmepriv = &padapter->mlmepriv;
+	struct security_priv *psecuritypriv = &(padapter->securitypriv);
+	struct sta_priv *pstapriv = &padapter->stapriv;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		ret = -ENOMEM;
+		DBG_88E(" r871x_set_encryption: ieee_param allocate fail !!!\n");
+
+		goto exit;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" r871x_set_encryption: ieee_param get fail !!!\n");
+
+		goto exit;
+	}
+
+	param_len = wrqu->data.length;
+
+	DBG_88E("%s\n", __func__);
+	param->u.crypt.err = 0;
+	param->u.crypt.alg[IEEE_CRYPT_ALG_NAME_LEN - 1] = '\0';
+	if (param_len !=  sizeof(struct ieee_param) + param->u.crypt.key_len) {
+		ret =  -EINVAL;
+		goto exit;
+	}
+	if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
+	    param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
+	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff) {
+		if (param->u.crypt.idx >= WEP_KEYS) {
+			ret = -EINVAL;
+			goto exit;
+		}
+	} else {
+		psta = rtw_get_stainfo(pstapriv, param->sta_addr);
+		if (!psta) {
+			DBG_88E("rtw_set_encryption(), sta has already been removed or never been added\n");
+			goto exit;
+		}
+	}
+
+	if (strcmp(param->u.crypt.alg, "none") == 0 && (!psta)) {
+		// TODO: Clear default encryption keys.
+
+		DBG_88E("clear default encryption keys, keyid =%d\n", param->u.crypt.idx);
+		goto exit;
+	}
+	if (strcmp(param->u.crypt.alg, "WEP") == 0 && (!psta)) {
+		DBG_88E("r871x_set_encryption, crypt.alg = WEP\n");
+		wep_key_idx = param->u.crypt.idx;
+		wep_key_len = param->u.crypt.key_len;
+		DBG_88E("r871x_set_encryption, wep_key_idx=%d, len=%d\n", wep_key_idx, wep_key_len);
+		if ((wep_key_idx >= WEP_KEYS) || (wep_key_len <= 0)) {
+			ret = -EINVAL;
+			goto exit;
+		}
+
+		if (wep_key_len > 0) {
+			wep_key_len = wep_key_len <= 5 ? 5 : 13;
+			wep_total_len = wep_key_len + offsetof(struct ndis_802_11_wep, KeyMaterial);
+			pwep = (struct ndis_802_11_wep *)rtw_malloc(wep_total_len);
+			if (!pwep) {
+				DBG_88E(" r871x_set_encryption: pwep allocate fail !!!\n");
+				goto exit;
+			}
+
+			memset(pwep, 0, wep_total_len);
+
+			pwep->KeyLength = wep_key_len;
+			pwep->Length = wep_total_len;
+		}
+
+		pwep->KeyIndex = wep_key_idx;
+
+		memcpy(pwep->KeyMaterial,  param->u.crypt.key, pwep->KeyLength);
+
+		if (param->u.crypt.set_tx) {
+			DBG_88E("wep, set_tx = 1\n");
+
+			psecuritypriv->ndisencryptstatus = Ndis802_11Encryption1Enabled;
+			psecuritypriv->dot11PrivacyAlgrthm = _WEP40_;
+			psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
+
+			if (pwep->KeyLength == 13) {
+				psecuritypriv->dot11PrivacyAlgrthm = _WEP104_;
+				psecuritypriv->dot118021XGrpPrivacy = _WEP104_;
+			}
+
+			psecuritypriv->dot11PrivacyKeyIndex = wep_key_idx;
+
+			memcpy(&(psecuritypriv->dot11DefKey[wep_key_idx].skey[0]),
+			       pwep->KeyMaterial,
+			       pwep->KeyLength);
+
+			psecuritypriv->dot11DefKeylen[wep_key_idx] = pwep->KeyLength;
+
+			set_wep_key(padapter, pwep->KeyMaterial, pwep->KeyLength, wep_key_idx);
+		} else {
+			DBG_88E("wep, set_tx = 0\n");
+
+			/*
+			 * Don't update "psecuritypriv->dot11PrivacyAlgrthm" and
+			 * "psecuritypriv->dot11PrivacyKeyIndex = keyid", but rtw_set_key()
+			 * can to cam.
+			 */
+
+			memcpy(&(psecuritypriv->dot11DefKey[wep_key_idx].skey[0]),
+			       pwep->KeyMaterial,
+			       pwep->KeyLength);
+
+			psecuritypriv->dot11DefKeylen[wep_key_idx] = pwep->KeyLength;
+
+			set_wep_key(padapter, pwep->KeyMaterial, pwep->KeyLength, wep_key_idx);
+		}
+
+		goto exit;
+	}
+
+	if (!psta && check_fwstate(pmlmepriv, WIFI_AP_STATE)) { //  Group key.
+		if (param->u.crypt.set_tx == 1) {
+			if (strcmp(param->u.crypt.alg, "WEP") == 0) {
+				DBG_88E("%s, set group_key, WEP\n", __func__);
+
+				memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
+				       param->u.crypt.key,
+				       min_t(u16, param->u.crypt.key_len,
+				       16));
+
+				psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
+				if (param->u.crypt.key_len == 13)
+						psecuritypriv->dot118021XGrpPrivacy = _WEP104_;
+			} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
+				DBG_88E("%s, set group_key, TKIP\n", __func__);
+				psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
+				memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
+				       param->u.crypt.key,
+				       min_t(u16, param->u.crypt.key_len,
+				       16));
+				// Set mic key.
+				memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey,
+				       &(param->u.crypt.key[16]),
+				       8);
+				memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey,
+				       &(param->u.crypt.key[24]),
+				       8);
+
+				psecuritypriv->busetkipkey = true;
+			} else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
+				DBG_88E("%s, set group_key, CCMP\n", __func__);
+				psecuritypriv->dot118021XGrpPrivacy = _AES_;
+				memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
+				       param->u.crypt.key,
+				       min_t(u16, param->u.crypt.key_len, 16));
+			} else {
+				DBG_88E("%s, set group_key, none\n", __func__);
+				psecuritypriv->dot118021XGrpPrivacy = _NO_PRIVACY_;
+			}
+			psecuritypriv->dot118021XGrpKeyid = param->u.crypt.idx;
+			psecuritypriv->binstallGrpkey = true;
+			psecuritypriv->dot11PrivacyAlgrthm = psecuritypriv->dot118021XGrpPrivacy;
+			set_group_key(padapter, param->u.crypt.key, psecuritypriv->dot118021XGrpPrivacy, param->u.crypt.idx);
+			pbcmc_sta = rtw_get_bcmc_stainfo(padapter);
+			if (pbcmc_sta) {
+				pbcmc_sta->ieee8021x_blocked = false;
+				pbcmc_sta->dot118021XPrivacy = psecuritypriv->dot118021XGrpPrivacy; // rx will use bmc_sta's dot118021XPrivacy.
+			}
+		}
+		goto exit;
+	}
+
+	if (psecuritypriv->dot11AuthAlgrthm == dot11AuthAlgrthm_8021X && psta) { // psk/802_1x.
+		if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
+			if (param->u.crypt.set_tx == 1) {
+				memcpy(psta->dot118021x_UncstKey.skey,  param->u.crypt.key, min_t(u16, param->u.crypt.key_len, 16));
+
+				if (strcmp(param->u.crypt.alg, "WEP") == 0) {
+					DBG_88E("%s, set pairwise key, WEP\n", __func__);
+
+					psta->dot118021XPrivacy = _WEP40_;
+					if (param->u.crypt.key_len == 13)
+						psta->dot118021XPrivacy = _WEP104_;
+				} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
+					DBG_88E("%s, set pairwise key, TKIP\n", __func__);
+
+					psta->dot118021XPrivacy = _TKIP_;
+
+					// Set mic key.
+					memcpy(psta->dot11tkiptxmickey.skey, &(param->u.crypt.key[16]), 8);
+					memcpy(psta->dot11tkiprxmickey.skey, &(param->u.crypt.key[24]), 8);
+
+					psecuritypriv->busetkipkey = true;
+				} else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
+					DBG_88E("%s, set pairwise key, CCMP\n", __func__);
+
+					psta->dot118021XPrivacy = _AES_;
+				} else {
+					DBG_88E("%s, set pairwise key, none\n", __func__);
+
+					psta->dot118021XPrivacy = _NO_PRIVACY_;
+				}
+
+				set_pairwise_key(padapter, psta);
+
+				psta->ieee8021x_blocked = false;
+			} else { // Group key ?
+				if (strcmp(param->u.crypt.alg, "WEP") == 0) {
+					memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
+					       param->u.crypt.key,
+					       min_t(u16, param->u.crypt.key_len, 16));
+					psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
+					if (param->u.crypt.key_len == 13)
+						psecuritypriv->dot118021XGrpPrivacy = _WEP104_;
+				} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
+					psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
+
+					memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
+					       param->u.crypt.key,
+					       min_t(u16, param->u.crypt.key_len, 16));
+
+					// Set mic key.
+					memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey,
+					       &(param->u.crypt.key[16]), 8);
+					memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey,
+					       &(param->u.crypt.key[24]), 8);
+
+					psecuritypriv->busetkipkey = true;
+				} else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
+					psecuritypriv->dot118021XGrpPrivacy = _AES_;
+
+					memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
+					       param->u.crypt.key,
+					       min_t(u16, param->u.crypt.key_len, 16));
+				} else {
+					psecuritypriv->dot118021XGrpPrivacy = _NO_PRIVACY_;
+				}
+
+				psecuritypriv->dot118021XGrpKeyid = param->u.crypt.idx;
+				psecuritypriv->binstallGrpkey = true;
+				psecuritypriv->dot11PrivacyAlgrthm = psecuritypriv->dot118021XGrpPrivacy;
+
+				set_group_key(padapter,
+					param->u.crypt.key,
+					psecuritypriv->dot118021XGrpPrivacy,
+					param->u.crypt.idx);
+
+				pbcmc_sta = rtw_get_bcmc_stainfo(padapter);
+				if (pbcmc_sta) {
+					pbcmc_sta->ieee8021x_blocked = false;
+					pbcmc_sta->dot118021XPrivacy = psecuritypriv->dot118021XGrpPrivacy; // rx will use bmc_sta's dot118021XPrivacy.
+				}
+			}
+		}
+	}
+
+exit:
+
+	kfree(pwep);
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_get_sta_wpaie_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct sta_info *psta = NULL;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	struct sta_priv *pstapriv = &padapter->stapriv;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_get_sta_wpaie: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_get_sta_wpaie: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	DBG_88E("rtw_get_sta_wpaie, sta_addr: %pM\n", (param->sta_addr));
+
+	if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true)
+		return -EINVAL;
+
+	if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
+	    param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
+	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
+	      return -EINVAL;
+
+	psta = rtw_get_stainfo(pstapriv, param->sta_addr);
+	if (psta) {
+		if (psta->wpa_ie[0] == WLAN_EID_RSN ||
+		    psta->wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC) {
+		      int wpa_ie_len;
+		      int copy_len;
+
+		      wpa_ie_len = psta->wpa_ie[1];
+		      copy_len = min_t(int, wpa_ie_len + 2, sizeof(psta->wpa_ie));
+		      param->u.wpa_ie.len = copy_len;
+		      memcpy(param->u.wpa_ie.reserved, psta->wpa_ie, copy_len);
+		} else {
+			DBG_88E("sta's wpa_ie is NONE\n");
+		}
+	} else {
+		ret = -1;
+	}
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_set_wps_beacon_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct ieee_param *param = NULL;
+	unsigned char wps_oui[4] = {0x0, 0x50, 0xf2, 0x04};
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	struct mlme_ext_priv	*pmlmeext = &(padapter->mlmeextpriv);
+	int len, ie_len;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_set_wps_beacon: ieee_param allocate fail !!!\n");
+
+		return  -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_set_wps_beacon: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	len = wrqu->data.length;
+
+	DBG_88E("%s, len =%d\n", __func__, len);
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	ie_len = len-12-2; // 12 = Param header, 2 = Not packed.
+
+	kfree(pmlmepriv->wps_beacon_ie);
+	pmlmepriv->wps_beacon_ie = NULL;
+
+	if (ie_len > 0) {
+		pmlmepriv->wps_beacon_ie = rtw_malloc(ie_len);
+		pmlmepriv->wps_beacon_ie_len = ie_len;
+		if (!pmlmepriv->wps_beacon_ie) {
+			DBG_88E("%s()-%d: rtw_malloc() ERROR!\n", __func__, __LINE__);
+			return -EINVAL;
+		}
+
+		memcpy(pmlmepriv->wps_beacon_ie, param->u.bcn_ie.buf, ie_len);
+		update_beacon(padapter, _VENDOR_SPECIFIC_IE_, wps_oui, true);
+
+		pmlmeext->bstart_bss = true;
+	}
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_set_wps_probe_resp_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	int len, ie_len;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_set_wps_probe_resp: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_set_wps_probe_resp: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	len = wrqu->data.length;
+
+	DBG_88E("%s, len =%d\n", __func__, len);
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	ie_len = len-12-2; // 12 = Param header, 2 = Not packed.
+
+	kfree(pmlmepriv->wps_probe_resp_ie);
+	pmlmepriv->wps_probe_resp_ie = NULL;
+
+	if (ie_len > 0) {
+		pmlmepriv->wps_probe_resp_ie = rtw_malloc(ie_len);
+		pmlmepriv->wps_probe_resp_ie_len = ie_len;
+		if (!pmlmepriv->wps_probe_resp_ie) {
+			DBG_88E("%s()-%d: rtw_malloc() ERROR!\n", __func__, __LINE__);
+			return -EINVAL;
+		}
+		memcpy(pmlmepriv->wps_probe_resp_ie, param->u.bcn_ie.buf, ie_len);
+	}
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_set_wps_assoc_resp_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	int len, ie_len;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_set_wps_assoc_resp: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_set_wps_assoc_resp: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	len = wrqu->data.length;
+
+	DBG_88E("%s, len =%d\n", __func__, len);
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	ie_len = len-12-2; // 12 = Param header, 2 = Not packed.
+
+	kfree(pmlmepriv->wps_assoc_resp_ie);
+	pmlmepriv->wps_assoc_resp_ie = NULL;
+
+	if (ie_len > 0) {
+		pmlmepriv->wps_assoc_resp_ie = rtw_malloc(ie_len);
+		pmlmepriv->wps_assoc_resp_ie_len = ie_len;
+		if (!pmlmepriv->wps_assoc_resp_ie) {
+			DBG_88E("%s()-%d: rtw_malloc() ERROR!\n", __func__, __LINE__);
+			return -EINVAL;
+		}
+
+		memcpy(pmlmepriv->wps_assoc_resp_ie, param->u.bcn_ie.buf, ie_len);
+	}
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_set_hidden_ssid_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	struct mlme_ext_priv	*pmlmeext = &(padapter->mlmeextpriv);
+	struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
+
+	u8 value;
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_set_hidden_ssid: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_set_hidden_ssid: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	if (param->u.wpa_param.name != 0) // Dummy test.
+		DBG_88E("%s name(%u) != 0\n", __func__, param->u.wpa_param.name);
+	value = param->u.wpa_param.value;
+
+	// Use the same definition of hostapd's ignore_broadcast_ssid.
+	if (value != 1 && value != 2)
+		value = 0;
+	DBG_88E("%s value(%u)\n", __func__, value);
+	pmlmeinfo->hidden_ssid_mode = value;
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_ioctl_get_sta_data_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct sta_info *psta = NULL;
+	struct sta_data *psta_data = NULL;
+	struct ieee_param_ex *param_ex = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+	struct sta_priv *pstapriv = &padapter->stapriv;
+
+	param_ex = (struct ieee_param_ex *)rtw_malloc(wrqu->data.length);
+
+	if (!param_ex) {
+		DBG_88E(" rtw_ioctl_get_sta_data: ieee_param_ex allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param_ex);
+
+	if (ret != 0) {
+		kfree(param_ex);
+		DBG_88E(" rtw_ioctl_get_sta_data: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	psta_data = (struct sta_data *)param_ex->data;
+
+	DBG_88E("rtw_ioctl_get_sta_info, sta_addr: %pM\n", (param_ex->sta_addr));
+
+	if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true)
+		return -EINVAL;
+
+	if (param_ex->sta_addr[0] == 0xff && param_ex->sta_addr[1] == 0xff &&
+	    param_ex->sta_addr[2] == 0xff && param_ex->sta_addr[3] == 0xff &&
+	    param_ex->sta_addr[4] == 0xff && param_ex->sta_addr[5] == 0xff)
+	      return -EINVAL;
+
+	psta = rtw_get_stainfo(pstapriv, param_ex->sta_addr);
+	if (psta) {
+		psta_data->aid = (u16)psta->aid;
+		psta_data->capability = psta->capability;
+		psta_data->flags = psta->flags;
+
+		/*
+		nonerp_set : BIT(0)
+		no_short_slot_time_set : BIT(1)
+		no_short_preamble_set : BIT(2)
+		no_ht_gf_set : BIT(3)
+		no_ht_set : BIT(4)
+		ht_20mhz_set : BIT(5)
+		*/
+
+		psta_data->sta_set = \
+			((psta->nonerp_set) |
+			(psta->no_short_slot_time_set << 1) |
+			(psta->no_short_preamble_set << 2) |
+			(psta->no_ht_gf_set << 3) |
+			(psta->no_ht_set << 4) |
+			(psta->ht_20mhz_set << 5));
+		psta_data->tx_supp_rates_len =  psta->bssratelen;
+		memcpy(psta_data->tx_supp_rates, psta->bssrateset, psta->bssratelen);
+		memcpy(&psta_data->ht_cap,
+		       &psta->htpriv.ht_cap,
+		       sizeof(struct ieee80211_ht_cap));
+		psta_data->rx_pkts = psta->sta_stats.rx_data_pkts;
+		psta_data->rx_bytes = psta->sta_stats.rx_bytes;
+		psta_data->rx_drops = psta->sta_stats.rx_drops;
+		psta_data->tx_pkts = psta->sta_stats.tx_pkts;
+		psta_data->tx_bytes = psta->sta_stats.tx_bytes;
+		psta_data->tx_drops = psta->sta_stats.tx_drops;
+	} else {
+		ret = -1;
+	}
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param_ex, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_ioctl_set_macaddr_acl_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_ioctl_set_macaddr_acl: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_ioctl_set_macaddr_acl: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	rtw_set_macaddr_acl(padapter, param->u.mlme.command);
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_ioctl_acl_add_sta_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_ioctl_acl_add_sta: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_ioctl_acl_add_sta: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
+	    param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
+	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
+	      return -EINVAL;
+
+	ret = rtw_acl_add_sta(padapter, param->sta_addr);
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static int rtw_ioctl_acl_remove_sta_pvt(struct net_device *dev,
+	struct iw_request_info *info,
+	union iwreq_data *wrqu,
+	char *extra)
+{
+	int ret = 0;
+	struct ieee_param *param = NULL;
+	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+	struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
+
+	param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
+
+	if (!param) {
+		DBG_88E(" rtw_ioctl_acl_remove_sta: ieee_param allocate fail !!!\n");
+
+		return -ENOMEM;
+	}
+
+	ret = get_private_handler_ieee_param(padapter, wrqu, param);
+
+	if (ret != 0) {
+		kfree(param);
+		DBG_88E(" rtw_ioctl_acl_remove_sta: ieee_param get fail !!!\n");
+
+		return ret;
+	}
+
+	if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
+		return -EINVAL;
+
+	if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
+	    param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
+	    param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
+	      return -EINVAL;
+
+	ret = rtw_acl_remove_sta(padapter, param->sta_addr);
+
+	if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+		ret = -EFAULT;
+
+	return ret;
+}
+
+static iw_handler rtw_handlers_private[] = {
+	NULL,                          // Empty
+	rtw_hostapd_sta_flush_pvt,     // RTL871X_HOSTAPD_FLUSH
+	rtw_add_sta_pvt,               // RTL871X_HOSTAPD_ADD_STA
+	rtw_del_sta_pvt,               // RTL871X_HOSTAPD_REMOVE_STA
+	rtw_ioctl_get_sta_data_pvt,    // RTL871X_HOSTAPD_GET_INFO_STA
+	rtw_get_sta_wpaie_pvt,         // RTL871X_HOSTAPD_GET_WPAIE_STA
+	rtw_set_encryption_pvt,        // RTL871X_SET_ENCRYPTION
+	NULL,                          // RTL871X_GET_ENCRYPTION
+	NULL,                          // RTL871X_HOSTAPD_SET_FLAGS_STA
+	NULL,                          // RTL871X_HOSTAPD_GET_RID
+	NULL,                          // RTL871X_HOSTAPD_SET_RID
+	NULL,                          // RTL871X_HOSTAPD_SET_ASSOC_AP_ADDR
+	NULL,                          // RTL871X_HOSTAPD_SET_GENERIC_ELEMENT
+	NULL,                          // RTL871X_HOSTAPD_MLME
+	NULL,                          // RTL871X_HOSTAPD_SCAN_REQ
+	NULL,                          // RTL871X_HOSTAPD_STA_CLEAR_STATS
+	rtw_set_beacon_pvt,            // RTL871X_HOSTAPD_SET_BEACON
+	rtw_set_wps_beacon_pvt,        // RTL871X_HOSTAPD_SET_WPS_BEACON
+	rtw_set_wps_probe_resp_pvt,    // RTL871X_HOSTAPD_SET_WPS_PROBE_RESP
+	rtw_set_wps_assoc_resp_pvt,    // RTL871X_HOSTAPD_SET_WPS_ASSOC_RESP
+	rtw_set_hidden_ssid_pvt,       // RTL871X_HOSTAPD_SET_HIDDEN_SSID
+	rtw_ioctl_set_macaddr_acl_pvt, // RTL871X_HOSTAPD_SET_MACADDR_ACL
+	rtw_ioctl_acl_add_sta_pvt,     // RTL871X_HOSTAPD_ACL_ADD_STA
+	rtw_ioctl_acl_remove_sta_pvt,  // RTL871X_HOSTAPD_ACL_REMOVE_STA
+};
+
 static struct iw_statistics *rtw_get_wireless_stats(struct net_device *dev)
 {
 	struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
@@ -3089,6 +4129,8 @@ static struct iw_statistics *rtw_get_wireless_stats(struct net_device *dev)
 struct iw_handler_def rtw_handlers_def = {
 	.standard = rtw_handlers,
 	.num_standard = ARRAY_SIZE(rtw_handlers),
+	.private = rtw_handlers_private,
+	.num_private = ARRAY_SIZE(rtw_handlers_private),
 	.get_wireless_stats = rtw_get_wireless_stats,
 };
 
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ