/** * A client-side 802.1x implementation  * * This code is released under both the GPL version 2 and BSD licenses. * Either license may be used.  The respective licenses are found below. * * Copyright (C) 2002 Bryan D. Payne & Nick L. Petroni Jr. * All Rights Reserved * * --- GPL Version 2 License --- * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. * * --- BSD License --- * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * *  - Redistributions of source code must retain the above copyright notice, *    this list of conditions and the following disclaimer. *  - Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in the *    documentation and/or other materials provided with the distribution. *  - All advertising materials mentioning features or use of this software *    must display the following acknowledgement: *       This product includes software developed by the University of *       Maryland at College Park and its contributors. *  - Neither the name of the University nor the names of its contributors *    may be used to endorse or promote products derived from this software *    without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. *//******************************************************************* * The driver function for a Linux application layer EAPOL  * implementation * File: cardif_linux.c * * Authors: Chris.Hessing@utah.edu * * $Id: cardif_linux.c,v 1.24 2004/04/18 03:28:26 chessing Exp $ * $Date: 2004/04/18 03:28:26 $ * $Log: cardif_linux.c,v $ * Revision 1.24  2004/04/18 03:28:26  chessing * * Fixed a little bit of verbage in cardif_linux.c that could be confusing. * * Revision 1.23  2004/04/01 06:12:55  npetroni * fixed off-by-one error * * Revision 1.22  2004/03/29 21:36:38  chessing * * Fixed a problem that would cause XSupplicant to segfault if there was no default network profile defined, an interface was down, and XSupplicant was terminated.  (All at the same time.) * * Revision 1.21  2004/03/27 01:40:45  chessing * * Lots of small updates to free memory that wasn't getting freed, add some additional debug output, and fix a couple of memory leaks. * * Revision 1.20  2004/03/26 21:34:52  chessing * Fixed problem with interface being down on startup causing xsupplicant to not read the proper configuration information when the interface is brought up.  Added/fixed code to rebuild userdata piece of structure when the essid changes.  Added code to avoid setting a key on an interface if the interface doesn't already have encryption enabled.  Added a little bit of debugging code to help find a solution to an IPC socket problem. * * Revision 1.19  2004/03/25 06:06:57  chessing * * Some debug code cleanups.  Fixed a bug with non-existant, or down interfaces defined in the allow_interfaces would loop forever.  Added calls to reset wireless keys to all 0s when we end up in disconnected, or held state. * * Revision 1.18  2004/03/24 18:35:47  chessing * * Added a modified version of a patch from David Relson to fix a problem with some of the debug info in config_grammer.y.  Added some additional checks to eapol_key_type1 that will keep us from segfaulting under some *REALLY* strange conditions.  Changed the set key code in cardif_linux to double check that we aren't a wireless interface before returning an error.  This resolved a problem when XSupplicant was started when an interface was done.  Upon bringing up the interface, XSupplicant would sometimes think it wasn't wireless, and not bother trying to set keys. * * Revision 1.17  2004/03/23 23:34:20  galimorerpg * Removed another un-needed Makefile and added the cardif_get_int patch from Pavel Roskin * * Revision 1.16  2004/03/22 00:41:00  chessing * * Added logfile option to the global config options in the config file.  The logfile is where output will go when we are running in daemon mode.  If no logfile is defined, output will go to the console that started xsupplicant.   Added forking to the code, so that when started, the process can daemonize, and run in the background.  If there is a desire to force running in the foreground (such as for debugging), the -f option was added. * * Revision 1.15  2004/03/06 03:53:54  chessing * * We now send logoffs when the process is terminated.  Added a new option to the config file "wireless_control" which will allow a user to disable non-EAPoL key changes.  Added an update to destination BSSID checking that will reset the wireless key to all 0s when the BSSID changes.  (This is what "wireless_control" disables when it is set to no.)  Roaming should now work, but because we are resetting keys to 128 bit, there may be issues with APs that use 64 bit keys.  I will test this weekend. * * Revision 1.14  2004/02/06 06:13:31  chessing * * Cleaned up some unneeded stuff in the configure.in file as per e-mail from Rakesh Patel.  Added all 12 patches from Jouni Malinen (Including wpa_supplicant patch, until we can add true wpa support in xsupplicant.) * * Revision 1.13  2004/01/20 03:44:32  chessing * * A couple of small updates.  TTLS now uses the correct phase 2 type as defined by the config file.  Setting dest_mac now works, and has the desired results.  One small fix to EAP-SIM. * * Revision 1.12  2004/01/17 21:16:15  chessing * * Various segfault fixes.  PEAP now works correctly again.  Some new error checking in the tls handlers.  Fixes for the way we determine if we have changed ESSIDs.  We now quit when we don't have a config, or when the config is bad. Added code to check and see if a frame is in the queue, and don't sleep if there is.  "Fixed" ID issue by inheriting the ID from the parent where needed.  However, assigning an ID inside of a handler will override the parent ID.  This could cause problems with some EAP types.  We should add a "username" field to PEAP to allow configuration of the inner EAP identity. * * Revision 1.11  2004/01/15 23:45:11  chessing * * Fixed a segfault when looking for wireless interfaces when all we had was a wired interface.  Fixed external command execution so that junk doesn't end up in the processed string anymore.  Changed the state machine to call txRspAuth even if there isn't a frame to process.  This will enable EAP methods to request information from a GUI interface (such as passwords, or supply challenge information that might be needed to generate passwords).  EAP methods now must decide what to do when they are handed NULL for the pointer to the in frame.  If they don't need any more data, they should quietly exit. * * Revision 1.10  2004/01/15 01:12:45  chessing * * Fixed a keying problem (keying material wasn't being generated correctly).  Added support for global counter variables from the config file. (Such as auth_period)  Added support for executing command defined in the config file based on different events.  (Things such as what to do on reauth.)  Added the ability to roam to a different SSID.  We now check to make sure our BSSID hasn't changed, and we follow it, if it has.  Fixed a sefault when the program was terminated in certain states.  Added attempt at better garbage collection on program termination. Various small code cleanups. * * Revision 1.9  2004/01/14 22:07:25  chessing * * Fixes that were needed in order to allow us to authenticate correctly.  We should now be able to authenticate using only information provided by the config file! * * Revision 1.8  2004/01/06 23:35:07  chessing * * Fixed a couple known bugs in SIM.  Config file support should now be in place!!! But, because of the changes, PEAP is probably broken.  We will need to reconsider how the phase 2 piece of PEAP works. * * Revision 1.7  2003/12/28 07:13:21  chessing * * Fixed a problem where we would segfault on an EAP type we didn't understand.  Added EAP-OTP.  EAP-OTP has been tested using the opie package, and Radiator 3.8.  EAP-OTP currently prompts for a passphrase, which it shouldn't do, so it should be considered *VERY* much in test mode until we finish the GUI. * * Revision 1.6  2003/12/19 06:29:57  chessing * * New code to determine if an interface is wireless or not.  Lots of IPC updates. * * Revision 1.5  2003/12/04 04:36:25  chessing * * Added support for multiple interfaces (-D now works), also added DEBUG_EXCESSIVE to help clean up some of the debug output (-d 6). * * Revision 1.4  2003/11/29 03:50:03  chessing * * Added NAK code, EAP Type checking, split out daemon config from user config, added Display of EAP-Notification text, revamped phase 2 selection method for TTLS. * * Revision 1.3  2003/11/24 04:56:04  chessing * * EAP-SIM draft 11 now works.  Statemachine updated to work based on the up/down state of an interface, rather than just assuming it is up. * * Revision 1.2  2003/11/24 02:14:08  chessing * * Added EAP-SIM (draft 11 still needs work), various small changes to eap calls, new hex dump code including ASCII dump (used mostly for dumping frames) * * Revision 1.1.1.1  2003/11/19 04:13:28  chessing * New source tree * * * *******************************************************************/#include <sys/types.h>#include <sys/socket.h>#include <fcntl.h>#include <linux/if.h>#include <linux/if_packet.h>#include <linux/if_ether.h>#include <string.h>#include <sys/ioctl.h>#include <netinet/in.h>#include <linux/wireless.h>#include <stdio.h>#include <errno.h>#include <unistd.h>#include <net/if_arp.h>#include "cardif/cardif.h"#include "config.h"#include "profile.h"#include "xsup_debug.h"#include "xsup_err.h"#ifndef ETH_P_EAPOL#define ETH_P_EAPOL 0x888e#endif/*********************************************** * * Do whatever is needed to get the interface in to a state that we can send * and recieve frames on the network.  Any information that we need to later * use should be stored in the interface_data structure. * ***********************************************/int cardif_init(struct interface_data *thisint){  struct ifreq ifr;  int sockopts, sockerr, retval;  //  char newdest[6];  debug_printf(DEBUG_INT, "Initializing socket for interface %s..\n",	       thisint->intName);  // Establish a socket handle.  thisint->sockInt = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_EAPOL));  if (thisint->sockInt < 0)    {      debug_printf(DEBUG_NORMAL, 		   "Couldn't initialize raw socket for interface %s!\n",		   thisint->intName);      return XENOSOCK;    }          // Tell the ifreq struct which interface we want to use.  strncpy((char *)&ifr.ifr_name, thisint->intName, sizeof(ifr.ifr_name));  retval = ioctl(thisint->sockInt, SIOCGIFINDEX, &ifr);  if (retval < 0)    {      debug_printf(DEBUG_NORMAL, "Error getting interface index value for interface %s\n",		   thisint->intName);      return XESOCKOP;    }  // Build our link layer socket struct, so we can bind it to a specific  // interface.  thisint->sll.sll_family = PF_PACKET;  thisint->sll.sll_ifindex = ifr.ifr_ifindex;  thisint->sll.sll_protocol = htons(ETH_P_EAPOL);  // Bind to the interface.  retval = bind(thisint->sockInt, (const struct sockaddr *)&thisint->sll, 		sizeof(struct sockaddr_ll));  if (retval < 0)    {      debug_printf(DEBUG_NORMAL, "Error binding raw socket to interface %s!\n",		   thisint->intName);      return XESOCKOP;    }  // Get our MAC address.  (Needed for sending frames out correctly.)  retval = ioctl(thisint->sockInt, SIOCGIFHWADDR, &ifr);  if (retval < 0)    {      debug_printf(DEBUG_NORMAL, "Error getting hardware (MAC) address for interface %s!\n",		   thisint->intName);      return XENOTINT;    }  // Store a copy of our source MAC for later use.  memcpy((char *)&thisint->source_mac[0], (char *)&ifr.ifr_hwaddr.sa_data[0], 6);  // Set our socket to non-blocking.  sockopts = fcntl(thisint->sockInt, F_GETFL, 0);  if (sockopts < 0)    {      debug_printf(DEBUG_NORMAL, "Error getting socket options for interface %s!\n",		   thisint->intName);      return XENOTINT;    }  sockerr = fcntl(thisint->sockInt, F_SETFL, sockopts | O_NONBLOCK);  if (sockerr < 0)    {      debug_printf(DEBUG_NORMAL, "Error setting socket options for interface %s!\n",		   thisint->intName);      return XENOTINT;    }  return XENONE;}/************************************************************** *  * Check if encryption is available.  If it is, we will return * TRUE, if it isn't, we will return FALSE.  On error, we return * -1. * **************************************************************/int cardif_enc_enabled(struct interface_data *thisint){  int rc = 0;  int skfd;  struct iwreq wrq;  bzero((struct iwreq *)&wrq, sizeof(struct iwreq));  skfd = socket(AF_INET, SOCK_DGRAM, 0);  if (skfd < 0)    return -1;  strncpy(wrq.ifr_name, thisint->intName, IFNAMSIZ);  if ((rc = ioctl(skfd, SIOCGIWENCODE, &wrq)) < 0)    {      // We got an error while trying to get encryption information      // from the card.      rc = -1;    } else {      // We got some data, so see if we have encryption or not.      if ((wrq.u.data.flags & IW_ENCODE_DISABLED) == IW_ENCODE_DISABLED)	{	  // Encryption is disabled.	  rc = FALSE;	} else {	  // Encryption is enabled.	  rc = TRUE;	}    }   close(skfd);  return rc;}/************************************************************** * * If we have detected, or forced this interface to reset keys, then