add a denied auths array

2025-03-09 15:40:12 +00:00 · 2018-01-09 10:14:46 +01:00 · 2018-01-09 10:14:46 +01:00 · 16706d49f7
commit 16706d49f7
parent 65d26ea5a1
6 changed files with 170 additions and 1 deletions
--- a/files/dawn.config
+++ b/files/dawn.config
@ -14,6 +14,7 @@ config hostapd

 config times
    option update_client        '10'
+    option denied_req_threshold '15'
    option remove_client        '15'
    option remove_probe         '120'
    option remove_ap            '460'
--- a/src/include/datastorage.h
+++ b/src/include/datastorage.h
@ -67,6 +67,7 @@ struct time_config_s {
    time_t remove_ap;
    time_t update_hostapd;
    time_t update_tcp_con;
+    time_t denied_req_threshold;
 };

 struct network_config_s {
@ -100,6 +101,7 @@ typedef struct probe_entry_s {
    uint8_t vht_support;
    time_t time;
    int counter;
+    int deny_counter;
 } probe_entry;

 typedef struct auth_entry_s {
@ -108,6 +110,8 @@ typedef struct auth_entry_s {
    uint8_t target_addr[ETH_ALEN];
    uint32_t signal;
    uint32_t freq;
+    time_t time;
+    int counter;
 } auth_entry;

 typedef struct hostapd_notify_entry_s {
@ -117,6 +121,11 @@ typedef struct hostapd_notify_entry_s {

 typedef struct auth_entry_s assoc_entry;

+#define DENY_REQ_ARRAY_LEN 100
+struct auth_entry_s denied_req_array[DENY_REQ_ARRAY_LEN];
+pthread_mutex_t denied_array_mutex;
+auth_entry insert_to_denied_req_array(auth_entry entry, int inc_counter);
+
 // ---------------- Defines ----------------
 #define PROBE_ARRAY_LEN 1000

--- a/src/main.c
+++ b/src/main.c
@ -86,6 +86,11 @@ int init_mutex() {
        printf("\n mutex init failed\n");
        return 1;
    }
+
+    if (pthread_mutex_init(&denied_array_mutex, NULL) != 0) {
+        printf("\n mutex init failed\n");
+        return 1;
+    }
    return 0;
 }

--- a/src/storage/datastorage.c
+++ b/src/storage/datastorage.c
@ -45,10 +45,21 @@ int compare_station_count(uint8_t *bssid_addr_own, uint8_t *bssid_addr_to_compar
                          int automatic_kick);
 int compare_ssid(uint8_t *bssid_addr_own, uint8_t *bssid_addr_to_compare);

+void denied_req_array_insert(auth_entry entry);
+
+auth_entry denied_req_array_delete(auth_entry entry);
+
+int denied_req_array_go_next(char sort_order[], int i, auth_entry entry,
+                             auth_entry next_entry);
+
+int denied_req_array_go_next_help(char sort_order[], int i, auth_entry entry,
+                                  auth_entry next_entry);
+
 int probe_entry_last = -1;
 int client_entry_last = -1;
 int ap_entry_last = -1;
 int mac_list_entry_last = -1;
+int denied_req_last = -1;

 void remove_probe_array_cb(struct uloop_timeout *t);

@ -68,6 +79,12 @@ struct uloop_timeout ap_timeout = {
        .cb = remove_ap_array_cb
 };

+void denied_req_array_cb(struct uloop_timeout *t);
+
+struct uloop_timeout denied_req_timeout = {
+        .cb = denied_req_array_cb
+};
+
 int build_hearing_map_sort_client(struct blob_buf *b)
 {
    print_probe_array();
@ -830,6 +847,7 @@ void uloop_add_data_cbs() {
    uloop_timeout_add(&probe_timeout);
    uloop_timeout_add(&client_timeout);
    uloop_timeout_add(&ap_timeout);
+    uloop_timeout_add(&denied_req_timeout);
 }

 void remove_probe_array_cb(struct uloop_timeout *t) {
@ -857,6 +875,34 @@ void remove_ap_array_cb(struct uloop_timeout *t) {
    uloop_timeout_set(&ap_timeout, timeout_config.remove_ap * 1000);
 }

+void denied_req_array_cb(struct uloop_timeout *t) {
+    pthread_mutex_lock(&denied_array_mutex);
+    printf("[ULOOP] : Processing denied AUTH!\n");
+
+    time_t current_time = time(0);
+
+    for (int i = 0; i <= denied_req_last; i++) {
+        // check counter
+
+        //check timer
+        if (denied_req_array[i].time < current_time - timeout_config.denied_req_threshold) {
+
+            // client is not connected for a given time threshold!
+            if(!is_connected(denied_req_array[i].bssid_addr, denied_req_array[i].client_addr))
+            {
+                printf("Client has propaly a BAD DRIVER!\n");
+                if (insert_to_maclist(denied_req_array[i].client_addr) == 0) {
+                    send_add_mac(denied_req_array[i].client_addr);
+                    write_mac_to_file("/etc/dawn/mac_list", denied_req_array[i].client_addr);
+                }
+            }
+            denied_req_array_delete(denied_req_array[i]);
+        }
+    }
+    pthread_mutex_unlock(&denied_array_mutex);
+    uloop_timeout_set(&denied_req_timeout, timeout_config.denied_req_threshold * 1000);
+}
+
 void insert_client_to_array(client entry) {
    pthread_mutex_lock(&client_array_mutex);
    entry.time = time(0);
@ -933,7 +979,108 @@ int mac_in_maclist(uint8_t mac[])
    return 0;
 }

+auth_entry insert_to_denied_req_array(auth_entry entry, int inc_counter) {
+    pthread_mutex_lock(&denied_array_mutex);

+    entry.time = time(0);
+    entry.counter = 0;
+    auth_entry tmp = denied_req_array_delete(entry);
+
+    if (mac_is_equal(entry.bssid_addr, tmp.bssid_addr)
+        && mac_is_equal(entry.client_addr, tmp.client_addr)) {
+        entry.counter = tmp.counter;
+    }
+
+    if (inc_counter) {
+
+        entry.counter++;
+    }
+
+    denied_req_array_insert(entry);
+
+    pthread_mutex_unlock(&denied_array_mutex);
+
+    return entry;
+}
+
+int denied_req_array_go_next_help(char sort_order[], int i, auth_entry entry,
+                              auth_entry next_entry) {
+    switch (sort_order[i]) {
+        // bssid-mac
+        case 'b':
+            return mac_is_greater(entry.bssid_addr, next_entry.bssid_addr);
+            // client-mac
+        case 'c':
+            return mac_is_greater(entry.client_addr, next_entry.client_addr) &&
+                   mac_is_equal(entry.bssid_addr, next_entry.bssid_addr);
+        default:
+            break;
+    }
+    return 0;
+}
+
+int denied_req_array_go_next(char sort_order[], int i, auth_entry entry,
+                         auth_entry next_entry) {
+    int conditions = 1;
+    for (int j = 0; j < i; j++) {
+        i &= !(denied_req_array_go_next(sort_order, j, entry, next_entry));
+    }
+    return conditions && denied_req_array_go_next_help(sort_order, i, entry, next_entry);
+}
+
+void denied_req_array_insert(auth_entry entry) {
+    if (denied_req_last == -1) {
+        denied_req_array[0] = entry;
+        denied_req_last++;
+        return;
+    }
+
+    int i;
+    for (i = 0; i <= denied_req_last; i++) {
+        if (!denied_req_array_go_next("bc", 2, entry, denied_req_array[i])) {
+            break;
+        }
+    }
+    for (int j = denied_req_last; j >= i; j--) {
+        if (j + 1 <= DENY_REQ_ARRAY_LEN) {
+            denied_req_array[j + 1] = denied_req_array[j];
+        }
+    }
+    denied_req_array[i] = entry;
+
+    if (denied_req_last < DENY_REQ_ARRAY_LEN) {
+        denied_req_last++;
+    }
+}
+
+auth_entry denied_req_array_delete(auth_entry entry) {
+
+    int i;
+    int found_in_array = 0;
+    auth_entry tmp;
+
+    if (denied_req_last == -1) {
+        return tmp;
+    }
+
+    for (i = 0; i <= denied_req_last; i++) {
+        if (mac_is_equal(entry.bssid_addr, denied_req_array[i].bssid_addr) &&
+            mac_is_equal(entry.client_addr, denied_req_array[i].client_addr)) {
+            found_in_array = 1;
+            tmp = denied_req_array[i];
+            break;
+        }
+    }
+
+    for (int j = i; j < denied_req_last; j++) {
+        denied_req_array[j] = denied_req_array[j + 1];
+    }
+
+    if (denied_req_last > -1 && found_in_array) {
+        denied_req_last--;
+    }
+    return tmp;
+}



--- a/src/utils/dawn_uci.c
+++ b/src/utils/dawn_uci.c
@ -33,6 +33,7 @@ struct time_config_s uci_get_time_config() {
            ret.update_hostapd = uci_lookup_option_int(uci_ctx, s, "update_hostapd");
            ret.remove_ap = uci_lookup_option_int(uci_ctx, s, "remove_ap");
            ret.update_tcp_con = uci_lookup_option_int(uci_ctx, s, "update_tcp_con");
+            ret.denied_req_threshold = uci_lookup_option_int(uci_ctx, s, "denied_req_threshold");
            return ret;
        }
    }
--- a/src/utils/ubus.c
+++ b/src/utils/ubus.c
@ -405,6 +405,7 @@ static int handle_auth_req(struct blob_attr *msg) {
    print_probe_array();
    auth_entry auth_req;
    parse_to_auth_req(msg, &auth_req);
+
    printf("AUTH Entry: ");
    print_auth_entry(auth_req);

@ -416,15 +417,18 @@ static int handle_auth_req(struct blob_attr *msg) {
    // block if entry was not already found in probe database
    if (!(mac_is_equal(tmp.bssid_addr, auth_req.bssid_addr) && mac_is_equal(tmp.client_addr, auth_req.client_addr))) {
        printf("DENY AUTH!\n");
+        insert_to_denied_req_array(auth_req, 1);
        return dawn_metric.deny_auth_reason;
    }

    if (!decide_function(&tmp, REQ_TYPE_AUTH)) {
        printf("DENY AUTH\n");
-
+        insert_to_denied_req_array(auth_req, 1);
        return dawn_metric.deny_auth_reason;
    }

+    // maybe send here that the client is connected?
+
    printf("ALLOW AUTH!\n");
    return WLAN_STATUS_SUCCESS;
 }
@ -445,11 +449,13 @@ static int handle_assoc_req(struct blob_attr *msg) {
    // block if entry was not already found in probe database
    if (!(mac_is_equal(tmp.bssid_addr, auth_req.bssid_addr) && mac_is_equal(tmp.client_addr, auth_req.client_addr))) {
        printf("DENY ASSOC!\n");
+        insert_to_denied_req_array(auth_req, 1);
        return dawn_metric.deny_assoc_reason;
    }

    if (!decide_function(&tmp, REQ_TYPE_ASSOC)) {
        printf("DENY ASSOC\n");
+        insert_to_denied_req_array(auth_req, 1);
        return dawn_metric.deny_assoc_reason;
    }