From 16706d49f7aad2f2dfd4525e4712fe5f41e4489c Mon Sep 17 00:00:00 2001 From: PolynomialDivision Date: Tue, 9 Jan 2018 10:14:46 +0100 Subject: [PATCH] add a denied auths array --- files/dawn.config | 1 + src/include/datastorage.h | 9 +++ src/main.c | 5 ++ src/storage/datastorage.c | 147 ++++++++++++++++++++++++++++++++++++++ src/utils/dawn_uci.c | 1 + src/utils/ubus.c | 8 ++- 6 files changed, 170 insertions(+), 1 deletion(-) diff --git a/files/dawn.config b/files/dawn.config index 9cfa5f8..13053d9 100644 --- a/files/dawn.config +++ b/files/dawn.config @@ -14,6 +14,7 @@ config hostapd config times option update_client '10' + option denied_req_threshold '15' option remove_client '15' option remove_probe '120' option remove_ap '460' diff --git a/src/include/datastorage.h b/src/include/datastorage.h index 2b1d1f7..62280e0 100644 --- a/src/include/datastorage.h +++ b/src/include/datastorage.h @@ -67,6 +67,7 @@ struct time_config_s { time_t remove_ap; time_t update_hostapd; time_t update_tcp_con; + time_t denied_req_threshold; }; struct network_config_s { @@ -100,6 +101,7 @@ typedef struct probe_entry_s { uint8_t vht_support; time_t time; int counter; + int deny_counter; } probe_entry; typedef struct auth_entry_s { @@ -108,6 +110,8 @@ typedef struct auth_entry_s { uint8_t target_addr[ETH_ALEN]; uint32_t signal; uint32_t freq; + time_t time; + int counter; } auth_entry; typedef struct hostapd_notify_entry_s { @@ -117,6 +121,11 @@ typedef struct hostapd_notify_entry_s { typedef struct auth_entry_s assoc_entry; +#define DENY_REQ_ARRAY_LEN 100 +struct auth_entry_s denied_req_array[DENY_REQ_ARRAY_LEN]; +pthread_mutex_t denied_array_mutex; +auth_entry insert_to_denied_req_array(auth_entry entry, int inc_counter); + // ---------------- Defines ---------------- #define PROBE_ARRAY_LEN 1000 diff --git a/src/main.c b/src/main.c index 64cb5aa..0b219bc 100644 --- a/src/main.c +++ b/src/main.c @@ -86,6 +86,11 @@ int init_mutex() { printf("\n mutex init failed\n"); return 1; } + + if (pthread_mutex_init(&denied_array_mutex, NULL) != 0) { + printf("\n mutex init failed\n"); + return 1; + } return 0; } diff --git a/src/storage/datastorage.c b/src/storage/datastorage.c index 8ffc800..0333dd7 100644 --- a/src/storage/datastorage.c +++ b/src/storage/datastorage.c @@ -45,10 +45,21 @@ int compare_station_count(uint8_t *bssid_addr_own, uint8_t *bssid_addr_to_compar int automatic_kick); int compare_ssid(uint8_t *bssid_addr_own, uint8_t *bssid_addr_to_compare); +void denied_req_array_insert(auth_entry entry); + +auth_entry denied_req_array_delete(auth_entry entry); + +int denied_req_array_go_next(char sort_order[], int i, auth_entry entry, + auth_entry next_entry); + +int denied_req_array_go_next_help(char sort_order[], int i, auth_entry entry, + auth_entry next_entry); + int probe_entry_last = -1; int client_entry_last = -1; int ap_entry_last = -1; int mac_list_entry_last = -1; +int denied_req_last = -1; void remove_probe_array_cb(struct uloop_timeout *t); @@ -68,6 +79,12 @@ struct uloop_timeout ap_timeout = { .cb = remove_ap_array_cb }; +void denied_req_array_cb(struct uloop_timeout *t); + +struct uloop_timeout denied_req_timeout = { + .cb = denied_req_array_cb +}; + int build_hearing_map_sort_client(struct blob_buf *b) { print_probe_array(); @@ -830,6 +847,7 @@ void uloop_add_data_cbs() { uloop_timeout_add(&probe_timeout); uloop_timeout_add(&client_timeout); uloop_timeout_add(&ap_timeout); + uloop_timeout_add(&denied_req_timeout); } void remove_probe_array_cb(struct uloop_timeout *t) { @@ -857,6 +875,34 @@ void remove_ap_array_cb(struct uloop_timeout *t) { uloop_timeout_set(&ap_timeout, timeout_config.remove_ap * 1000); } +void denied_req_array_cb(struct uloop_timeout *t) { + pthread_mutex_lock(&denied_array_mutex); + printf("[ULOOP] : Processing denied AUTH!\n"); + + time_t current_time = time(0); + + for (int i = 0; i <= denied_req_last; i++) { + // check counter + + //check timer + if (denied_req_array[i].time < current_time - timeout_config.denied_req_threshold) { + + // client is not connected for a given time threshold! + if(!is_connected(denied_req_array[i].bssid_addr, denied_req_array[i].client_addr)) + { + printf("Client has propaly a BAD DRIVER!\n"); + if (insert_to_maclist(denied_req_array[i].client_addr) == 0) { + send_add_mac(denied_req_array[i].client_addr); + write_mac_to_file("/etc/dawn/mac_list", denied_req_array[i].client_addr); + } + } + denied_req_array_delete(denied_req_array[i]); + } + } + pthread_mutex_unlock(&denied_array_mutex); + uloop_timeout_set(&denied_req_timeout, timeout_config.denied_req_threshold * 1000); +} + void insert_client_to_array(client entry) { pthread_mutex_lock(&client_array_mutex); entry.time = time(0); @@ -933,7 +979,108 @@ int mac_in_maclist(uint8_t mac[]) return 0; } +auth_entry insert_to_denied_req_array(auth_entry entry, int inc_counter) { + pthread_mutex_lock(&denied_array_mutex); + entry.time = time(0); + entry.counter = 0; + auth_entry tmp = denied_req_array_delete(entry); + + if (mac_is_equal(entry.bssid_addr, tmp.bssid_addr) + && mac_is_equal(entry.client_addr, tmp.client_addr)) { + entry.counter = tmp.counter; + } + + if (inc_counter) { + + entry.counter++; + } + + denied_req_array_insert(entry); + + pthread_mutex_unlock(&denied_array_mutex); + + return entry; +} + +int denied_req_array_go_next_help(char sort_order[], int i, auth_entry entry, + auth_entry next_entry) { + switch (sort_order[i]) { + // bssid-mac + case 'b': + return mac_is_greater(entry.bssid_addr, next_entry.bssid_addr); + // client-mac + case 'c': + return mac_is_greater(entry.client_addr, next_entry.client_addr) && + mac_is_equal(entry.bssid_addr, next_entry.bssid_addr); + default: + break; + } + return 0; +} + +int denied_req_array_go_next(char sort_order[], int i, auth_entry entry, + auth_entry next_entry) { + int conditions = 1; + for (int j = 0; j < i; j++) { + i &= !(denied_req_array_go_next(sort_order, j, entry, next_entry)); + } + return conditions && denied_req_array_go_next_help(sort_order, i, entry, next_entry); +} + +void denied_req_array_insert(auth_entry entry) { + if (denied_req_last == -1) { + denied_req_array[0] = entry; + denied_req_last++; + return; + } + + int i; + for (i = 0; i <= denied_req_last; i++) { + if (!denied_req_array_go_next("bc", 2, entry, denied_req_array[i])) { + break; + } + } + for (int j = denied_req_last; j >= i; j--) { + if (j + 1 <= DENY_REQ_ARRAY_LEN) { + denied_req_array[j + 1] = denied_req_array[j]; + } + } + denied_req_array[i] = entry; + + if (denied_req_last < DENY_REQ_ARRAY_LEN) { + denied_req_last++; + } +} + +auth_entry denied_req_array_delete(auth_entry entry) { + + int i; + int found_in_array = 0; + auth_entry tmp; + + if (denied_req_last == -1) { + return tmp; + } + + for (i = 0; i <= denied_req_last; i++) { + if (mac_is_equal(entry.bssid_addr, denied_req_array[i].bssid_addr) && + mac_is_equal(entry.client_addr, denied_req_array[i].client_addr)) { + found_in_array = 1; + tmp = denied_req_array[i]; + break; + } + } + + for (int j = i; j < denied_req_last; j++) { + denied_req_array[j] = denied_req_array[j + 1]; + } + + if (denied_req_last > -1 && found_in_array) { + denied_req_last--; + } + return tmp; +} diff --git a/src/utils/dawn_uci.c b/src/utils/dawn_uci.c index 97148ed..659e22f 100644 --- a/src/utils/dawn_uci.c +++ b/src/utils/dawn_uci.c @@ -33,6 +33,7 @@ struct time_config_s uci_get_time_config() { ret.update_hostapd = uci_lookup_option_int(uci_ctx, s, "update_hostapd"); ret.remove_ap = uci_lookup_option_int(uci_ctx, s, "remove_ap"); ret.update_tcp_con = uci_lookup_option_int(uci_ctx, s, "update_tcp_con"); + ret.denied_req_threshold = uci_lookup_option_int(uci_ctx, s, "denied_req_threshold"); return ret; } } diff --git a/src/utils/ubus.c b/src/utils/ubus.c index 7d9abcb..e66a0ed 100644 --- a/src/utils/ubus.c +++ b/src/utils/ubus.c @@ -405,6 +405,7 @@ static int handle_auth_req(struct blob_attr *msg) { print_probe_array(); auth_entry auth_req; parse_to_auth_req(msg, &auth_req); + printf("AUTH Entry: "); print_auth_entry(auth_req); @@ -416,15 +417,18 @@ static int handle_auth_req(struct blob_attr *msg) { // block if entry was not already found in probe database if (!(mac_is_equal(tmp.bssid_addr, auth_req.bssid_addr) && mac_is_equal(tmp.client_addr, auth_req.client_addr))) { printf("DENY AUTH!\n"); + insert_to_denied_req_array(auth_req, 1); return dawn_metric.deny_auth_reason; } if (!decide_function(&tmp, REQ_TYPE_AUTH)) { printf("DENY AUTH\n"); - + insert_to_denied_req_array(auth_req, 1); return dawn_metric.deny_auth_reason; } + // maybe send here that the client is connected? + printf("ALLOW AUTH!\n"); return WLAN_STATUS_SUCCESS; } @@ -445,11 +449,13 @@ static int handle_assoc_req(struct blob_attr *msg) { // block if entry was not already found in probe database if (!(mac_is_equal(tmp.bssid_addr, auth_req.bssid_addr) && mac_is_equal(tmp.client_addr, auth_req.client_addr))) { printf("DENY ASSOC!\n"); + insert_to_denied_req_array(auth_req, 1); return dawn_metric.deny_assoc_reason; } if (!decide_function(&tmp, REQ_TYPE_ASSOC)) { printf("DENY ASSOC\n"); + insert_to_denied_req_array(auth_req, 1); return dawn_metric.deny_assoc_reason; }