[PATCH] mac80211: handle auth failure returned with unmatching auth algo

[PATCH] mac80211: handle auth failure returned with unmatching auth algo

[Eyal Shapira]

Some Netgear APs like WNAP210 have a quirk behavior when
configured for WEP Shared. They send an auth response with algo
SHARED and status code NOT_SUPPORTED_AUTH_ALG (13) when being
sent a request made with auth algo OPEN. Enable such response to
propagate to userspace instead of discarding it so wpa_s can
reattempt to auth with SHARED.

Reported-by: Noam Shaked <noams@ti.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
---
 net/mac80211/mlme.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 0f45d02..3ad4366 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1783,7 +1783,8 @@ ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
 	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
 	status_code = le16_to_cpu(mgmt->u.auth.status_code);
 
-	if (auth_alg != ifmgd->auth_data->algorithm ||
+	if ((auth_alg != ifmgd->auth_data->algorithm &&
+	     status_code != WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) ||
 	    auth_transaction != ifmgd->auth_data->expected_transaction)
 		return RX_MGMT_NONE;
 
-- 
1.7.4.1

Re: [PATCH] mac80211: handle auth failure returned with unmatching auth algo

[Kalle Valo]

Eyal Shapira <eyal@wizery.com> writes:

> Some Netgear APs like WNAP210 have a quirk behavior when
> configured for WEP Shared. They send an auth response with algo
> SHARED and status code NOT_SUPPORTED_AUTH_ALG (13) when being
> sent a request made with auth algo OPEN. Enable such response to
> propagate to userspace instead of discarding it so wpa_s can
> reattempt to auth with SHARED.
>
> Reported-by: Noam Shaked <noams@ti.com>
> Signed-off-by: Eyal Shapira <eyal@wizery.com>

[...]

> -	if (auth_alg != ifmgd->auth_data->algorithm ||
> +	if ((auth_alg != ifmgd->auth_data->algorithm &&
> +	     status_code != WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) ||

I think a small comment in the code would be nice, like
"WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG is a workaround for Netgear
WNAPxxx".

-- 
Kalle Valo

Re: [PATCH] mac80211: handle auth failure returned with unmatching auth algo

[Johannes Berg]

On Tue, 2012-06-12 at 13:40 +0300, Eyal Shapira wrote:
> Some Netgear APs like WNAP210 have a quirk behavior when
> configured for WEP Shared. They send an auth response with algo
> SHARED and status code NOT_SUPPORTED_AUTH_ALG (13) when being
> sent a request made with auth algo OPEN. Enable such response to
> propagate to userspace instead of discarding it so wpa_s can
> reattempt to auth with SHARED.

Does cfg80211 need to handle this? How does wpa_s even handle it?

johannes

Re: [PATCH] mac80211: handle auth failure returned with unmatching auth algo

[Eyal Shapira]

On 12 June 2012 17:09, Johannes Berg <johannes@sipsolutions.net> wrote:
>
> On Tue, 2012-06-12 at 13:40 +0300, Eyal Shapira wrote:
> > Some Netgear APs like WNAP210 have a quirk behavior when
> > configured for WEP Shared. They send an auth response with algo
> > SHARED and status code NOT_SUPPORTED_AUTH_ALG (13) when being
> > sent a request made with auth algo OPEN. Enable such response to
> > propagate to userspace instead of discarding it so wpa_s can
> > reattempt to auth with SHARED.
>
> Does cfg80211 need to handle this? How does wpa_s even handle it?

wpa_s has the following code in wpa_supplicant/sme.c/sme_event_auth()
to automatically
"escalate" in the auth algorithms it tries (from OPEN to SHARED to LEAP) :

		switch (data->auth.auth_type) {
		case WLAN_AUTH_OPEN:
			wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;

			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
			wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
						 wpa_s->current_ssid);
			return;

		case WLAN_AUTH_SHARED_KEY:
			wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;

			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
			wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
						 wpa_s->current_ssid);
			return;

I have a patch for that code in wpa_s as well which attempts SHARED in
case we sent OPEN
and got the NOT_SUPPORTED_AUTH_ALG response on SHARED.
I first wanted to see that the kernel patch which allows the response
to go through is accepted.

You're right of course that I also need to take care of cfg80211 when
using its SME.
I'll send an additional patch for that.

>
> johannes
>

Re: [PATCH] mac80211: handle auth failure returned with unmatching auth algo

[Eyal Shapira]

On 12 June 2012 16:57, Kalle Valo <kvalo@adurom.com> wrote:
> Eyal Shapira <eyal@wizery.com> writes:
>
>> Some Netgear APs like WNAP210 have a quirk behavior when
>> configured for WEP Shared. They send an auth response with algo
>> SHARED and status code NOT_SUPPORTED_AUTH_ALG (13) when being
>> sent a request made with auth algo OPEN. Enable such response to
>> propagate to userspace instead of discarding it so wpa_s can
>> reattempt to auth with SHARED.
>>
>> Reported-by: Noam Shaked <noams@ti.com>
>> Signed-off-by: Eyal Shapira <eyal@wizery.com>
>
> [...]
>
>> -     if (auth_alg != ifmgd->auth_data->algorithm ||
>> +     if ((auth_alg != ifmgd->auth_data->algorithm &&
>> +          status_code != WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) ||
>
> I think a small comment in the code would be nice, like
> "WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG is a workaround for Netgear
> WNAPxxx".
>
Sure. I'll add that in v2.

> --
> Kalle Valo