ieee802_11.c revision 4b06059785b935dd1f4f09314e4e12c417d2c6a4
1/* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#ifndef CONFIG_NATIVE_WINDOWS 12 13#include "utils/common.h" 14#include "utils/eloop.h" 15#include "crypto/crypto.h" 16#include "crypto/sha256.h" 17#include "crypto/random.h" 18#include "drivers/driver.h" 19#include "common/ieee802_11_defs.h" 20#include "common/ieee802_11_common.h" 21#include "common/wpa_ctrl.h" 22#include "common/sae.h" 23#include "radius/radius.h" 24#include "radius/radius_client.h" 25#include "p2p/p2p.h" 26#include "wps/wps.h" 27#include "hostapd.h" 28#include "beacon.h" 29#include "ieee802_11_auth.h" 30#include "sta_info.h" 31#include "ieee802_1x.h" 32#include "wpa_auth.h" 33#include "wmm.h" 34#include "ap_list.h" 35#include "accounting.h" 36#include "ap_config.h" 37#include "ap_mlme.h" 38#include "p2p_hostapd.h" 39#include "ap_drv_ops.h" 40#include "wnm_ap.h" 41#include "ieee802_11.h" 42 43 44u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 45{ 46 u8 *pos = eid; 47 int i, num, count; 48 49 if (hapd->iface->current_rates == NULL) 50 return eid; 51 52 *pos++ = WLAN_EID_SUPP_RATES; 53 num = hapd->iface->num_rates; 54 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 55 num++; 56 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 57 num++; 58 if (num > 8) { 59 /* rest of the rates are encoded in Extended supported 60 * rates element */ 61 num = 8; 62 } 63 64 *pos++ = num; 65 count = 0; 66 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 67 i++) { 68 count++; 69 *pos = hapd->iface->current_rates[i].rate / 5; 70 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 71 *pos |= 0x80; 72 pos++; 73 } 74 75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 76 count++; 77 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 78 } 79 80 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 81 count++; 82 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 83 } 84 85 return pos; 86} 87 88 89u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 90{ 91 u8 *pos = eid; 92 int i, num, count; 93 94 if (hapd->iface->current_rates == NULL) 95 return eid; 96 97 num = hapd->iface->num_rates; 98 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 99 num++; 100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 101 num++; 102 if (num <= 8) 103 return eid; 104 num -= 8; 105 106 *pos++ = WLAN_EID_EXT_SUPP_RATES; 107 *pos++ = num; 108 count = 0; 109 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 110 i++) { 111 count++; 112 if (count <= 8) 113 continue; /* already in SuppRates IE */ 114 *pos = hapd->iface->current_rates[i].rate / 5; 115 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 116 *pos |= 0x80; 117 pos++; 118 } 119 120 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 121 count++; 122 if (count > 8) 123 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 124 } 125 126 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 127 count++; 128 if (count > 8) 129 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 130 } 131 132 return pos; 133} 134 135 136u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 137 int probe) 138{ 139 int capab = WLAN_CAPABILITY_ESS; 140 int privacy; 141 142 if (hapd->iface->num_sta_no_short_preamble == 0 && 143 hapd->iconf->preamble == SHORT_PREAMBLE) 144 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 145 146 privacy = hapd->conf->ssid.wep.keys_set; 147 148 if (hapd->conf->ieee802_1x && 149 (hapd->conf->default_wep_key_len || 150 hapd->conf->individual_wep_key_len)) 151 privacy = 1; 152 153 if (hapd->conf->wpa) 154 privacy = 1; 155 156 if (sta) { 157 int policy, def_klen; 158 if (probe && sta->ssid_probe) { 159 policy = sta->ssid_probe->security_policy; 160 def_klen = sta->ssid_probe->wep.default_len; 161 } else { 162 policy = sta->ssid->security_policy; 163 def_klen = sta->ssid->wep.default_len; 164 } 165 privacy = policy != SECURITY_PLAINTEXT; 166 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 167 privacy = 0; 168 } 169 170 if (privacy) 171 capab |= WLAN_CAPABILITY_PRIVACY; 172 173 if (hapd->iface->current_mode && 174 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 175 hapd->iface->num_sta_no_short_slot_time == 0) 176 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 177 178 return capab; 179} 180 181 182void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len) 183{ 184 int i; 185 if (len > HOSTAPD_MAX_SSID_LEN) 186 len = HOSTAPD_MAX_SSID_LEN; 187 for (i = 0; i < len; i++) { 188 if (ssid[i] >= 32 && ssid[i] < 127) 189 buf[i] = ssid[i]; 190 else 191 buf[i] = '.'; 192 } 193 buf[len] = '\0'; 194} 195 196 197static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 198 u16 auth_transaction, const u8 *challenge, 199 int iswep) 200{ 201 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 202 HOSTAPD_LEVEL_DEBUG, 203 "authentication (shared key, transaction %d)", 204 auth_transaction); 205 206 if (auth_transaction == 1) { 207 if (!sta->challenge) { 208 /* Generate a pseudo-random challenge */ 209 u8 key[8]; 210 struct os_time now; 211 int r; 212 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 213 if (sta->challenge == NULL) 214 return WLAN_STATUS_UNSPECIFIED_FAILURE; 215 216 os_get_time(&now); 217 r = os_random(); 218 os_memcpy(key, &now.sec, 4); 219 os_memcpy(key + 4, &r, 4); 220 rc4_skip(key, sizeof(key), 0, 221 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 222 } 223 return 0; 224 } 225 226 if (auth_transaction != 3) 227 return WLAN_STATUS_UNSPECIFIED_FAILURE; 228 229 /* Transaction 3 */ 230 if (!iswep || !sta->challenge || !challenge || 231 os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { 232 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 233 HOSTAPD_LEVEL_INFO, 234 "shared key authentication - invalid " 235 "challenge-response"); 236 return WLAN_STATUS_CHALLENGE_FAIL; 237 } 238 239 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 240 HOSTAPD_LEVEL_DEBUG, 241 "authentication OK (shared key)"); 242#ifdef IEEE80211_REQUIRE_AUTH_ACK 243 /* Station will be marked authenticated if it ACKs the 244 * authentication reply. */ 245#else 246 sta->flags |= WLAN_STA_AUTH; 247 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 248#endif 249 os_free(sta->challenge); 250 sta->challenge = NULL; 251 252 return 0; 253} 254 255 256static void send_auth_reply(struct hostapd_data *hapd, 257 const u8 *dst, const u8 *bssid, 258 u16 auth_alg, u16 auth_transaction, u16 resp, 259 const u8 *ies, size_t ies_len) 260{ 261 struct ieee80211_mgmt *reply; 262 u8 *buf; 263 size_t rlen; 264 265 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 266 buf = os_zalloc(rlen); 267 if (buf == NULL) 268 return; 269 270 reply = (struct ieee80211_mgmt *) buf; 271 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 272 WLAN_FC_STYPE_AUTH); 273 os_memcpy(reply->da, dst, ETH_ALEN); 274 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 275 os_memcpy(reply->bssid, bssid, ETH_ALEN); 276 277 reply->u.auth.auth_alg = host_to_le16(auth_alg); 278 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 279 reply->u.auth.status_code = host_to_le16(resp); 280 281 if (ies && ies_len) 282 os_memcpy(reply->u.auth.variable, ies, ies_len); 283 284 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 285 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 286 MAC2STR(dst), auth_alg, auth_transaction, 287 resp, (unsigned long) ies_len); 288 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 289 perror("send_auth_reply: send"); 290 291 os_free(buf); 292} 293 294 295#ifdef CONFIG_IEEE80211R 296static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 297 u16 auth_transaction, u16 status, 298 const u8 *ies, size_t ies_len) 299{ 300 struct hostapd_data *hapd = ctx; 301 struct sta_info *sta; 302 303 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 304 status, ies, ies_len); 305 306 if (status != WLAN_STATUS_SUCCESS) 307 return; 308 309 sta = ap_get_sta(hapd, dst); 310 if (sta == NULL) 311 return; 312 313 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 314 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 315 sta->flags |= WLAN_STA_AUTH; 316 mlme_authenticate_indication(hapd, sta); 317} 318#endif /* CONFIG_IEEE80211R */ 319 320 321#ifdef CONFIG_SAE 322 323static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd, 324 struct sta_info *sta) 325{ 326 struct wpabuf *buf; 327 328 if (hapd->conf->ssid.wpa_passphrase == NULL) { 329 wpa_printf(MSG_DEBUG, "SAE: No password available"); 330 return NULL; 331 } 332 333 if (sae_prepare_commit(hapd->own_addr, sta->addr, 334 (u8 *) hapd->conf->ssid.wpa_passphrase, 335 os_strlen(hapd->conf->ssid.wpa_passphrase), 336 sta->sae) < 0) { 337 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 338 return NULL; 339 } 340 341 if (sae_process_commit(sta->sae) < 0) { 342 wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); 343 return NULL; 344 } 345 346 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 347 if (buf == NULL) 348 return NULL; 349 sae_write_commit(sta->sae, buf, NULL); 350 351 return buf; 352} 353 354 355static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 356 struct sta_info *sta) 357{ 358 struct wpabuf *buf; 359 360 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 361 if (buf == NULL) 362 return NULL; 363 364 sae_write_confirm(sta->sae, buf); 365 366 return buf; 367} 368 369 370static int use_sae_anti_clogging(struct hostapd_data *hapd) 371{ 372 struct sta_info *sta; 373 unsigned int open = 0; 374 375 if (hapd->conf->sae_anti_clogging_threshold == 0) 376 return 1; 377 378 for (sta = hapd->sta_list; sta; sta = sta->next) { 379 if (!sta->sae) 380 continue; 381 if (sta->sae->state != SAE_COMMITTED && 382 sta->sae->state != SAE_CONFIRMED) 383 continue; 384 open++; 385 if (open >= hapd->conf->sae_anti_clogging_threshold) 386 return 1; 387 } 388 389 return 0; 390} 391 392 393static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 394 const u8 *token, size_t token_len) 395{ 396 u8 mac[SHA256_MAC_LEN]; 397 398 if (token_len != SHA256_MAC_LEN) 399 return -1; 400 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 401 addr, ETH_ALEN, mac) < 0 || 402 os_memcmp(token, mac, SHA256_MAC_LEN) != 0) 403 return -1; 404 405 return 0; 406} 407 408 409static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 410 const u8 *addr) 411{ 412 struct wpabuf *buf; 413 u8 *token; 414 struct os_time t; 415 416 os_get_time(&t); 417 if (hapd->last_sae_token_key_update == 0 || 418 t.sec > hapd->last_sae_token_key_update + 60) { 419 if (random_get_bytes(hapd->sae_token_key, 420 sizeof(hapd->sae_token_key)) < 0) 421 return NULL; 422 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 423 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 424 hapd->last_sae_token_key_update = t.sec; 425 } 426 427 buf = wpabuf_alloc(SHA256_MAC_LEN); 428 if (buf == NULL) 429 return NULL; 430 431 token = wpabuf_put(buf, SHA256_MAC_LEN); 432 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 433 addr, ETH_ALEN, token); 434 435 return buf; 436} 437 438 439static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 440 const struct ieee80211_mgmt *mgmt, size_t len, 441 u8 auth_transaction) 442{ 443 u16 resp = WLAN_STATUS_SUCCESS; 444 struct wpabuf *data = NULL; 445 446 if (!sta->sae) { 447 if (auth_transaction != 1) 448 return; 449 sta->sae = os_zalloc(sizeof(*sta->sae)); 450 if (sta->sae == NULL) 451 return; 452 sta->sae->state = SAE_NOTHING; 453 } 454 455 if (auth_transaction == 1) { 456 const u8 *token = NULL; 457 size_t token_len = 0; 458 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 459 HOSTAPD_LEVEL_DEBUG, 460 "start SAE authentication (RX commit)"); 461 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 462 ((const u8 *) mgmt) + len - 463 mgmt->u.auth.variable, &token, 464 &token_len, hapd->conf->sae_groups); 465 if (token && check_sae_token(hapd, sta->addr, token, token_len) 466 < 0) { 467 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 468 "incorrect token from " MACSTR, 469 MAC2STR(sta->addr)); 470 return; 471 } 472 473 if (resp == WLAN_STATUS_SUCCESS) { 474 if (!token && use_sae_anti_clogging(hapd)) { 475 wpa_printf(MSG_DEBUG, "SAE: Request anti-" 476 "clogging token from " MACSTR, 477 MAC2STR(sta->addr)); 478 data = auth_build_token_req(hapd, sta->addr); 479 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 480 } else { 481 data = auth_process_sae_commit(hapd, sta); 482 if (data == NULL) 483 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 484 else 485 sta->sae->state = SAE_COMMITTED; 486 } 487 } 488 } else if (auth_transaction == 2) { 489 if (sta->sae->state != SAE_COMMITTED) { 490 hostapd_logger(hapd, sta->addr, 491 HOSTAPD_MODULE_IEEE80211, 492 HOSTAPD_LEVEL_DEBUG, 493 "SAE confirm before commit"); 494 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 495 } 496 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 497 HOSTAPD_LEVEL_DEBUG, 498 "SAE authentication (RX confirm)"); 499 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 500 ((u8 *) mgmt) + len - 501 mgmt->u.auth.variable) < 0) { 502 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 503 } else { 504 resp = WLAN_STATUS_SUCCESS; 505 sta->flags |= WLAN_STA_AUTH; 506 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 507 sta->auth_alg = WLAN_AUTH_SAE; 508 mlme_authenticate_indication(hapd, sta); 509 510 data = auth_build_sae_confirm(hapd, sta); 511 if (data == NULL) 512 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 513 else { 514 sta->sae->state = SAE_ACCEPTED; 515 sae_clear_temp_data(sta->sae); 516 } 517 } 518 } else { 519 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 520 HOSTAPD_LEVEL_DEBUG, 521 "unexpected SAE authentication transaction %u", 522 auth_transaction); 523 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 524 } 525 526 sta->auth_alg = WLAN_AUTH_SAE; 527 528 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 529 auth_transaction, resp, 530 data ? wpabuf_head(data) : (u8 *) "", 531 data ? wpabuf_len(data) : 0); 532 wpabuf_free(data); 533} 534#endif /* CONFIG_SAE */ 535 536 537static void handle_auth(struct hostapd_data *hapd, 538 const struct ieee80211_mgmt *mgmt, size_t len) 539{ 540 u16 auth_alg, auth_transaction, status_code; 541 u16 resp = WLAN_STATUS_SUCCESS; 542 struct sta_info *sta = NULL; 543 int res; 544 u16 fc; 545 const u8 *challenge = NULL; 546 u32 session_timeout, acct_interim_interval; 547 int vlan_id = 0; 548 struct hostapd_sta_wpa_psk_short *psk = NULL; 549 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 550 size_t resp_ies_len = 0; 551 char *identity = NULL; 552 char *radius_cui = NULL; 553 554 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 555 printf("handle_auth - too short payload (len=%lu)\n", 556 (unsigned long) len); 557 return; 558 } 559 560#ifdef CONFIG_TESTING_OPTIONS 561 if (hapd->iconf->ignore_auth_probability > 0.0d && 562 drand48() < hapd->iconf->ignore_auth_probability) { 563 wpa_printf(MSG_INFO, 564 "TESTING: ignoring auth frame from " MACSTR, 565 MAC2STR(mgmt->sa)); 566 return; 567 } 568#endif /* CONFIG_TESTING_OPTIONS */ 569 570 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 571 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 572 status_code = le_to_host16(mgmt->u.auth.status_code); 573 fc = le_to_host16(mgmt->frame_control); 574 575 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 576 2 + WLAN_AUTH_CHALLENGE_LEN && 577 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 578 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 579 challenge = &mgmt->u.auth.variable[2]; 580 581 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 582 "auth_transaction=%d status_code=%d wep=%d%s", 583 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 584 status_code, !!(fc & WLAN_FC_ISWEP), 585 challenge ? " challenge" : ""); 586 587 if (hapd->tkip_countermeasures) { 588 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 589 goto fail; 590 } 591 592 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 593 auth_alg == WLAN_AUTH_OPEN) || 594#ifdef CONFIG_IEEE80211R 595 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 596 auth_alg == WLAN_AUTH_FT) || 597#endif /* CONFIG_IEEE80211R */ 598#ifdef CONFIG_SAE 599 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 600 auth_alg == WLAN_AUTH_SAE) || 601#endif /* CONFIG_SAE */ 602 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 603 auth_alg == WLAN_AUTH_SHARED_KEY))) { 604 printf("Unsupported authentication algorithm (%d)\n", 605 auth_alg); 606 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 607 goto fail; 608 } 609 610 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 611 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 612 printf("Unknown authentication transaction number (%d)\n", 613 auth_transaction); 614 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 615 goto fail; 616 } 617 618 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 619 printf("Station " MACSTR " not allowed to authenticate.\n", 620 MAC2STR(mgmt->sa)); 621 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 622 goto fail; 623 } 624 625 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 626 &session_timeout, 627 &acct_interim_interval, &vlan_id, 628 &psk, &identity, &radius_cui); 629 630 if (res == HOSTAPD_ACL_REJECT) { 631 printf("Station " MACSTR " not allowed to authenticate.\n", 632 MAC2STR(mgmt->sa)); 633 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 634 goto fail; 635 } 636 if (res == HOSTAPD_ACL_PENDING) { 637 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 638 " waiting for an external authentication", 639 MAC2STR(mgmt->sa)); 640 /* Authentication code will re-send the authentication frame 641 * after it has received (and cached) information from the 642 * external source. */ 643 return; 644 } 645 646 sta = ap_sta_add(hapd, mgmt->sa); 647 if (!sta) { 648 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 649 goto fail; 650 } 651 652 if (vlan_id > 0) { 653 if (hostapd_get_vlan_id_ifname(hapd->conf->vlan, 654 vlan_id) == NULL) { 655 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 656 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 657 "%d received from RADIUS server", 658 vlan_id); 659 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 660 goto fail; 661 } 662 sta->vlan_id = vlan_id; 663 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 664 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 665 } 666 667 hostapd_free_psk_list(sta->psk); 668 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 669 sta->psk = psk; 670 psk = NULL; 671 } else { 672 sta->psk = NULL; 673 } 674 675 sta->identity = identity; 676 identity = NULL; 677 sta->radius_cui = radius_cui; 678 radius_cui = NULL; 679 680 sta->flags &= ~WLAN_STA_PREAUTH; 681 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 682 683 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 684 sta->acct_interim_interval = acct_interim_interval; 685 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 686 ap_sta_session_timeout(hapd, sta, session_timeout); 687 else 688 ap_sta_no_session_timeout(hapd, sta); 689 690 switch (auth_alg) { 691 case WLAN_AUTH_OPEN: 692 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 693 HOSTAPD_LEVEL_DEBUG, 694 "authentication OK (open system)"); 695#ifdef IEEE80211_REQUIRE_AUTH_ACK 696 /* Station will be marked authenticated if it ACKs the 697 * authentication reply. */ 698#else 699 sta->flags |= WLAN_STA_AUTH; 700 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 701 sta->auth_alg = WLAN_AUTH_OPEN; 702 mlme_authenticate_indication(hapd, sta); 703#endif 704 break; 705 case WLAN_AUTH_SHARED_KEY: 706 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 707 fc & WLAN_FC_ISWEP); 708 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 709 mlme_authenticate_indication(hapd, sta); 710 if (sta->challenge && auth_transaction == 1) { 711 resp_ies[0] = WLAN_EID_CHALLENGE; 712 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 713 os_memcpy(resp_ies + 2, sta->challenge, 714 WLAN_AUTH_CHALLENGE_LEN); 715 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 716 } 717 break; 718#ifdef CONFIG_IEEE80211R 719 case WLAN_AUTH_FT: 720 sta->auth_alg = WLAN_AUTH_FT; 721 if (sta->wpa_sm == NULL) 722 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 723 sta->addr); 724 if (sta->wpa_sm == NULL) { 725 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 726 "state machine"); 727 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 728 goto fail; 729 } 730 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 731 auth_transaction, mgmt->u.auth.variable, 732 len - IEEE80211_HDRLEN - 733 sizeof(mgmt->u.auth), 734 handle_auth_ft_finish, hapd); 735 /* handle_auth_ft_finish() callback will complete auth. */ 736 return; 737#endif /* CONFIG_IEEE80211R */ 738#ifdef CONFIG_SAE 739 case WLAN_AUTH_SAE: 740 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction); 741 return; 742#endif /* CONFIG_SAE */ 743 } 744 745 fail: 746 os_free(identity); 747 os_free(radius_cui); 748 hostapd_free_psk_list(psk); 749 750 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 751 auth_transaction + 1, resp, resp_ies, resp_ies_len); 752} 753 754 755static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 756{ 757 int i, j = 32, aid; 758 759 /* get a unique AID */ 760 if (sta->aid > 0) { 761 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 762 return 0; 763 } 764 765 for (i = 0; i < AID_WORDS; i++) { 766 if (hapd->sta_aid[i] == (u32) -1) 767 continue; 768 for (j = 0; j < 32; j++) { 769 if (!(hapd->sta_aid[i] & BIT(j))) 770 break; 771 } 772 if (j < 32) 773 break; 774 } 775 if (j == 32) 776 return -1; 777 aid = i * 32 + j + 1; 778 if (aid > 2007) 779 return -1; 780 781 sta->aid = aid; 782 hapd->sta_aid[i] |= BIT(j); 783 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 784 return 0; 785} 786 787 788static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 789 const u8 *ssid_ie, size_t ssid_ie_len) 790{ 791 if (ssid_ie == NULL) 792 return WLAN_STATUS_UNSPECIFIED_FAILURE; 793 794 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 795 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 796 char ssid_txt[33]; 797 ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); 798 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 799 HOSTAPD_LEVEL_INFO, 800 "Station tried to associate with unknown SSID " 801 "'%s'", ssid_txt); 802 return WLAN_STATUS_UNSPECIFIED_FAILURE; 803 } 804 805 return WLAN_STATUS_SUCCESS; 806} 807 808 809static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 810 const u8 *wmm_ie, size_t wmm_ie_len) 811{ 812 sta->flags &= ~WLAN_STA_WMM; 813 sta->qosinfo = 0; 814 if (wmm_ie && hapd->conf->wmm_enabled) { 815 struct wmm_information_element *wmm; 816 817 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 818 hostapd_logger(hapd, sta->addr, 819 HOSTAPD_MODULE_WPA, 820 HOSTAPD_LEVEL_DEBUG, 821 "invalid WMM element in association " 822 "request"); 823 return WLAN_STATUS_UNSPECIFIED_FAILURE; 824 } 825 826 sta->flags |= WLAN_STA_WMM; 827 wmm = (struct wmm_information_element *) wmm_ie; 828 sta->qosinfo = wmm->qos_info; 829 } 830 return WLAN_STATUS_SUCCESS; 831} 832 833 834static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 835 struct ieee802_11_elems *elems) 836{ 837 if (!elems->supp_rates) { 838 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 839 HOSTAPD_LEVEL_DEBUG, 840 "No supported rates element in AssocReq"); 841 return WLAN_STATUS_UNSPECIFIED_FAILURE; 842 } 843 844 if (elems->supp_rates_len + elems->ext_supp_rates_len > 845 sizeof(sta->supported_rates)) { 846 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 847 HOSTAPD_LEVEL_DEBUG, 848 "Invalid supported rates element length %d+%d", 849 elems->supp_rates_len, 850 elems->ext_supp_rates_len); 851 return WLAN_STATUS_UNSPECIFIED_FAILURE; 852 } 853 854 sta->supported_rates_len = merge_byte_arrays( 855 sta->supported_rates, sizeof(sta->supported_rates), 856 elems->supp_rates, elems->supp_rates_len, 857 elems->ext_supp_rates, elems->ext_supp_rates_len); 858 859 return WLAN_STATUS_SUCCESS; 860} 861 862 863static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 864 const u8 *ies, size_t ies_len, int reassoc) 865{ 866 struct ieee802_11_elems elems; 867 u16 resp; 868 const u8 *wpa_ie; 869 size_t wpa_ie_len; 870 871 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 872 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 873 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 874 "association request"); 875 return WLAN_STATUS_UNSPECIFIED_FAILURE; 876 } 877 878 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 879 if (resp != WLAN_STATUS_SUCCESS) 880 return resp; 881 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 882 if (resp != WLAN_STATUS_SUCCESS) 883 return resp; 884 resp = copy_supp_rates(hapd, sta, &elems); 885 if (resp != WLAN_STATUS_SUCCESS) 886 return resp; 887#ifdef CONFIG_IEEE80211N 888 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 889 elems.ht_capabilities_len); 890 if (resp != WLAN_STATUS_SUCCESS) 891 return resp; 892 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 893 !(sta->flags & WLAN_STA_HT)) { 894 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 895 HOSTAPD_LEVEL_INFO, "Station does not support " 896 "mandatory HT PHY - reject association"); 897 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 898 } 899#endif /* CONFIG_IEEE80211N */ 900 901#ifdef CONFIG_IEEE80211AC 902 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities, 903 elems.vht_capabilities_len); 904 if (resp != WLAN_STATUS_SUCCESS) 905 return resp; 906 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 907 !(sta->flags & WLAN_STA_VHT)) { 908 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 909 HOSTAPD_LEVEL_INFO, "Station does not support " 910 "mandatory VHT PHY - reject association"); 911 return WLAN_STATUS_UNSPECIFIED_FAILURE; 912 } 913#endif /* CONFIG_IEEE80211AC */ 914 915 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 916 wpa_ie = elems.rsn_ie; 917 wpa_ie_len = elems.rsn_ie_len; 918 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 919 elems.wpa_ie) { 920 wpa_ie = elems.wpa_ie; 921 wpa_ie_len = elems.wpa_ie_len; 922 } else { 923 wpa_ie = NULL; 924 wpa_ie_len = 0; 925 } 926 927#ifdef CONFIG_WPS 928 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 929 if (hapd->conf->wps_state && elems.wps_ie) { 930 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 931 "Request - assume WPS is used"); 932 sta->flags |= WLAN_STA_WPS; 933 wpabuf_free(sta->wps_ie); 934 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 935 WPS_IE_VENDOR_TYPE); 936 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 937 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 938 sta->flags |= WLAN_STA_WPS2; 939 } 940 wpa_ie = NULL; 941 wpa_ie_len = 0; 942 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 943 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 944 "(Re)Association Request - reject"); 945 return WLAN_STATUS_INVALID_IE; 946 } 947 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 948 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 949 "(Re)Association Request - possible WPS use"); 950 sta->flags |= WLAN_STA_MAYBE_WPS; 951 } else 952#endif /* CONFIG_WPS */ 953 if (hapd->conf->wpa && wpa_ie == NULL) { 954 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 955 HOSTAPD_LEVEL_INFO, 956 "No WPA/RSN IE in association request"); 957 return WLAN_STATUS_INVALID_IE; 958 } 959 960 if (hapd->conf->wpa && wpa_ie) { 961 int res; 962 wpa_ie -= 2; 963 wpa_ie_len += 2; 964 if (sta->wpa_sm == NULL) 965 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 966 sta->addr); 967 if (sta->wpa_sm == NULL) { 968 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 969 "state machine"); 970 return WLAN_STATUS_UNSPECIFIED_FAILURE; 971 } 972 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 973 wpa_ie, wpa_ie_len, 974 elems.mdie, elems.mdie_len); 975 if (res == WPA_INVALID_GROUP) 976 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 977 else if (res == WPA_INVALID_PAIRWISE) 978 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 979 else if (res == WPA_INVALID_AKMP) 980 resp = WLAN_STATUS_AKMP_NOT_VALID; 981 else if (res == WPA_ALLOC_FAIL) 982 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 983#ifdef CONFIG_IEEE80211W 984 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 985 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 986 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 987 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 988#endif /* CONFIG_IEEE80211W */ 989 else if (res == WPA_INVALID_MDIE) 990 resp = WLAN_STATUS_INVALID_MDIE; 991 else if (res != WPA_IE_OK) 992 resp = WLAN_STATUS_INVALID_IE; 993 if (resp != WLAN_STATUS_SUCCESS) 994 return resp; 995#ifdef CONFIG_IEEE80211W 996 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 997 sta->sa_query_count > 0) 998 ap_check_sa_query_timeout(hapd, sta); 999 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1000 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 1001 /* 1002 * STA has already been associated with MFP and SA 1003 * Query timeout has not been reached. Reject the 1004 * association attempt temporarily and start SA Query, 1005 * if one is not pending. 1006 */ 1007 1008 if (sta->sa_query_count == 0) 1009 ap_sta_start_sa_query(hapd, sta); 1010 1011 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1012 } 1013 1014 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1015 sta->flags |= WLAN_STA_MFP; 1016 else 1017 sta->flags &= ~WLAN_STA_MFP; 1018#endif /* CONFIG_IEEE80211W */ 1019 1020#ifdef CONFIG_IEEE80211R 1021 if (sta->auth_alg == WLAN_AUTH_FT) { 1022 if (!reassoc) { 1023 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1024 "to use association (not " 1025 "re-association) with FT auth_alg", 1026 MAC2STR(sta->addr)); 1027 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1028 } 1029 1030 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1031 ies_len); 1032 if (resp != WLAN_STATUS_SUCCESS) 1033 return resp; 1034 } 1035#endif /* CONFIG_IEEE80211R */ 1036 1037#ifdef CONFIG_SAE 1038 if (wpa_auth_uses_sae(sta->wpa_sm) && 1039 sta->auth_alg != WLAN_AUTH_SAE) { 1040 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1041 "SAE AKM after non-SAE auth_alg %u", 1042 MAC2STR(sta->addr), sta->auth_alg); 1043 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1044 } 1045#endif /* CONFIG_SAE */ 1046 1047#ifdef CONFIG_IEEE80211N 1048 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1049 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1050 hostapd_logger(hapd, sta->addr, 1051 HOSTAPD_MODULE_IEEE80211, 1052 HOSTAPD_LEVEL_INFO, 1053 "Station tried to use TKIP with HT " 1054 "association"); 1055 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1056 } 1057#endif /* CONFIG_IEEE80211N */ 1058 } else 1059 wpa_auth_sta_no_wpa(sta->wpa_sm); 1060 1061#ifdef CONFIG_P2P 1062 if (elems.p2p) { 1063 wpabuf_free(sta->p2p_ie); 1064 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1065 P2P_IE_VENDOR_TYPE); 1066 1067 } else { 1068 wpabuf_free(sta->p2p_ie); 1069 sta->p2p_ie = NULL; 1070 } 1071 1072 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1073#endif /* CONFIG_P2P */ 1074 1075#ifdef CONFIG_HS20 1076 wpabuf_free(sta->hs20_ie); 1077 if (elems.hs20 && elems.hs20_len > 4) { 1078 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1079 elems.hs20_len - 4); 1080 } else 1081 sta->hs20_ie = NULL; 1082#endif /* CONFIG_HS20 */ 1083 1084 return WLAN_STATUS_SUCCESS; 1085} 1086 1087 1088static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1089 u16 reason_code) 1090{ 1091 int send_len; 1092 struct ieee80211_mgmt reply; 1093 1094 os_memset(&reply, 0, sizeof(reply)); 1095 reply.frame_control = 1096 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1097 os_memcpy(reply.da, addr, ETH_ALEN); 1098 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1099 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1100 1101 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1102 reply.u.deauth.reason_code = host_to_le16(reason_code); 1103 1104 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1105 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1106 strerror(errno)); 1107} 1108 1109 1110static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1111 u16 status_code, int reassoc, const u8 *ies, 1112 size_t ies_len) 1113{ 1114 int send_len; 1115 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1116 struct ieee80211_mgmt *reply; 1117 u8 *p; 1118 1119 os_memset(buf, 0, sizeof(buf)); 1120 reply = (struct ieee80211_mgmt *) buf; 1121 reply->frame_control = 1122 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1123 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1124 WLAN_FC_STYPE_ASSOC_RESP)); 1125 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1126 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1127 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1128 1129 send_len = IEEE80211_HDRLEN; 1130 send_len += sizeof(reply->u.assoc_resp); 1131 reply->u.assoc_resp.capab_info = 1132 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 1133 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1134 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) 1135 | BIT(14) | BIT(15)); 1136 /* Supported rates */ 1137 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1138 /* Extended supported rates */ 1139 p = hostapd_eid_ext_supp_rates(hapd, p); 1140 1141#ifdef CONFIG_IEEE80211R 1142 if (status_code == WLAN_STATUS_SUCCESS) { 1143 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1144 * Transition Information, RSN, [RIC Response] */ 1145 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1146 buf + sizeof(buf) - p, 1147 sta->auth_alg, ies, ies_len); 1148 } 1149#endif /* CONFIG_IEEE80211R */ 1150 1151#ifdef CONFIG_IEEE80211W 1152 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1153 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1154#endif /* CONFIG_IEEE80211W */ 1155 1156#ifdef CONFIG_IEEE80211N 1157 p = hostapd_eid_ht_capabilities(hapd, p); 1158 p = hostapd_eid_ht_operation(hapd, p); 1159#endif /* CONFIG_IEEE80211N */ 1160 1161#ifdef CONFIG_IEEE80211AC 1162 p = hostapd_eid_vht_capabilities(hapd, p); 1163 p = hostapd_eid_vht_operation(hapd, p); 1164#endif /* CONFIG_IEEE80211AC */ 1165 1166 p = hostapd_eid_ext_capab(hapd, p); 1167 p = hostapd_eid_bss_max_idle_period(hapd, p); 1168 1169 if (sta->flags & WLAN_STA_WMM) 1170 p = hostapd_eid_wmm(hapd, p); 1171 1172#ifdef CONFIG_WPS 1173 if ((sta->flags & WLAN_STA_WPS) || 1174 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1175 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1176 if (wps) { 1177 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1178 p += wpabuf_len(wps); 1179 wpabuf_free(wps); 1180 } 1181 } 1182#endif /* CONFIG_WPS */ 1183 1184#ifdef CONFIG_P2P 1185 if (sta->p2p_ie) { 1186 struct wpabuf *p2p_resp_ie; 1187 enum p2p_status_code status; 1188 switch (status_code) { 1189 case WLAN_STATUS_SUCCESS: 1190 status = P2P_SC_SUCCESS; 1191 break; 1192 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1193 status = P2P_SC_FAIL_LIMIT_REACHED; 1194 break; 1195 default: 1196 status = P2P_SC_FAIL_INVALID_PARAMS; 1197 break; 1198 } 1199 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1200 if (p2p_resp_ie) { 1201 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1202 wpabuf_len(p2p_resp_ie)); 1203 p += wpabuf_len(p2p_resp_ie); 1204 wpabuf_free(p2p_resp_ie); 1205 } 1206 } 1207#endif /* CONFIG_P2P */ 1208 1209#ifdef CONFIG_P2P_MANAGER 1210 if (hapd->conf->p2p & P2P_MANAGE) 1211 p = hostapd_eid_p2p_manage(hapd, p); 1212#endif /* CONFIG_P2P_MANAGER */ 1213 1214 send_len += p - reply->u.assoc_resp.variable; 1215 1216 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) 1217 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1218 strerror(errno)); 1219} 1220 1221 1222static void handle_assoc(struct hostapd_data *hapd, 1223 const struct ieee80211_mgmt *mgmt, size_t len, 1224 int reassoc) 1225{ 1226 u16 capab_info, listen_interval; 1227 u16 resp = WLAN_STATUS_SUCCESS; 1228 const u8 *pos; 1229 int left, i; 1230 struct sta_info *sta; 1231 1232 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1233 sizeof(mgmt->u.assoc_req))) { 1234 printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)" 1235 "\n", reassoc, (unsigned long) len); 1236 return; 1237 } 1238 1239#ifdef CONFIG_TESTING_OPTIONS 1240 if (reassoc) { 1241 if (hapd->iconf->ignore_reassoc_probability > 0.0d && 1242 drand48() < hapd->iconf->ignore_reassoc_probability) { 1243 wpa_printf(MSG_INFO, 1244 "TESTING: ignoring reassoc request from " 1245 MACSTR, MAC2STR(mgmt->sa)); 1246 return; 1247 } 1248 } else { 1249 if (hapd->iconf->ignore_assoc_probability > 0.0d && 1250 drand48() < hapd->iconf->ignore_assoc_probability) { 1251 wpa_printf(MSG_INFO, 1252 "TESTING: ignoring assoc request from " 1253 MACSTR, MAC2STR(mgmt->sa)); 1254 return; 1255 } 1256 } 1257#endif /* CONFIG_TESTING_OPTIONS */ 1258 1259 if (reassoc) { 1260 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 1261 listen_interval = le_to_host16( 1262 mgmt->u.reassoc_req.listen_interval); 1263 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 1264 " capab_info=0x%02x listen_interval=%d current_ap=" 1265 MACSTR, 1266 MAC2STR(mgmt->sa), capab_info, listen_interval, 1267 MAC2STR(mgmt->u.reassoc_req.current_ap)); 1268 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 1269 pos = mgmt->u.reassoc_req.variable; 1270 } else { 1271 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 1272 listen_interval = le_to_host16( 1273 mgmt->u.assoc_req.listen_interval); 1274 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 1275 " capab_info=0x%02x listen_interval=%d", 1276 MAC2STR(mgmt->sa), capab_info, listen_interval); 1277 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 1278 pos = mgmt->u.assoc_req.variable; 1279 } 1280 1281 sta = ap_get_sta(hapd, mgmt->sa); 1282#ifdef CONFIG_IEEE80211R 1283 if (sta && sta->auth_alg == WLAN_AUTH_FT && 1284 (sta->flags & WLAN_STA_AUTH) == 0) { 1285 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 1286 "prior to authentication since it is using " 1287 "over-the-DS FT", MAC2STR(mgmt->sa)); 1288 } else 1289#endif /* CONFIG_IEEE80211R */ 1290 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1291 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1292 HOSTAPD_LEVEL_INFO, "Station tried to " 1293 "associate before authentication " 1294 "(aid=%d flags=0x%x)", 1295 sta ? sta->aid : -1, 1296 sta ? sta->flags : 0); 1297 send_deauth(hapd, mgmt->sa, 1298 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 1299 return; 1300 } 1301 1302 if (hapd->tkip_countermeasures) { 1303 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1304 goto fail; 1305 } 1306 1307 if (listen_interval > hapd->conf->max_listen_interval) { 1308 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1309 HOSTAPD_LEVEL_DEBUG, 1310 "Too large Listen Interval (%d)", 1311 listen_interval); 1312 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 1313 goto fail; 1314 } 1315 1316 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 1317 * is used */ 1318 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 1319 if (resp != WLAN_STATUS_SUCCESS) 1320 goto fail; 1321 1322 if (hostapd_get_aid(hapd, sta) < 0) { 1323 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1324 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1325 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1326 goto fail; 1327 } 1328 1329 sta->capability = capab_info; 1330 sta->listen_interval = listen_interval; 1331 1332 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1333 sta->flags |= WLAN_STA_NONERP; 1334 for (i = 0; i < sta->supported_rates_len; i++) { 1335 if ((sta->supported_rates[i] & 0x7f) > 22) { 1336 sta->flags &= ~WLAN_STA_NONERP; 1337 break; 1338 } 1339 } 1340 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1341 sta->nonerp_set = 1; 1342 hapd->iface->num_sta_non_erp++; 1343 if (hapd->iface->num_sta_non_erp == 1) 1344 ieee802_11_set_beacons(hapd->iface); 1345 } 1346 1347 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1348 !sta->no_short_slot_time_set) { 1349 sta->no_short_slot_time_set = 1; 1350 hapd->iface->num_sta_no_short_slot_time++; 1351 if (hapd->iface->current_mode->mode == 1352 HOSTAPD_MODE_IEEE80211G && 1353 hapd->iface->num_sta_no_short_slot_time == 1) 1354 ieee802_11_set_beacons(hapd->iface); 1355 } 1356 1357 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1358 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1359 else 1360 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1361 1362 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1363 !sta->no_short_preamble_set) { 1364 sta->no_short_preamble_set = 1; 1365 hapd->iface->num_sta_no_short_preamble++; 1366 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1367 && hapd->iface->num_sta_no_short_preamble == 1) 1368 ieee802_11_set_beacons(hapd->iface); 1369 } 1370 1371#ifdef CONFIG_IEEE80211N 1372 update_ht_state(hapd, sta); 1373#endif /* CONFIG_IEEE80211N */ 1374 1375 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1376 HOSTAPD_LEVEL_DEBUG, 1377 "association OK (aid %d)", sta->aid); 1378 /* Station will be marked associated, after it acknowledges AssocResp 1379 */ 1380 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1381 1382#ifdef CONFIG_IEEE80211W 1383 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1384 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1385 "SA Query procedure", reassoc ? "re" : ""); 1386 /* TODO: Send a protected Disassociate frame to the STA using 1387 * the old key and Reason Code "Previous Authentication no 1388 * longer valid". Make sure this is only sent protected since 1389 * unprotected frame would be received by the STA that is now 1390 * trying to associate. 1391 */ 1392 } 1393#endif /* CONFIG_IEEE80211W */ 1394 1395 if (reassoc) { 1396 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, 1397 ETH_ALEN); 1398 } 1399 1400 if (sta->last_assoc_req) 1401 os_free(sta->last_assoc_req); 1402 sta->last_assoc_req = os_malloc(len); 1403 if (sta->last_assoc_req) 1404 os_memcpy(sta->last_assoc_req, mgmt, len); 1405 1406 /* Make sure that the previously registered inactivity timer will not 1407 * remove the STA immediately. */ 1408 sta->timeout_next = STA_NULLFUNC; 1409 1410 fail: 1411 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1412} 1413 1414 1415static void handle_disassoc(struct hostapd_data *hapd, 1416 const struct ieee80211_mgmt *mgmt, size_t len) 1417{ 1418 struct sta_info *sta; 1419 1420 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1421 printf("handle_disassoc - too short payload (len=%lu)\n", 1422 (unsigned long) len); 1423 return; 1424 } 1425 1426 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1427 MAC2STR(mgmt->sa), 1428 le_to_host16(mgmt->u.disassoc.reason_code)); 1429 1430 sta = ap_get_sta(hapd, mgmt->sa); 1431 if (sta == NULL) { 1432 printf("Station " MACSTR " trying to disassociate, but it " 1433 "is not associated.\n", MAC2STR(mgmt->sa)); 1434 return; 1435 } 1436 1437 ap_sta_set_authorized(hapd, sta, 0); 1438 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1439 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1440 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1441 HOSTAPD_LEVEL_INFO, "disassociated"); 1442 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1443 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1444 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1445 * authenticated. */ 1446 accounting_sta_stop(hapd, sta); 1447 ieee802_1x_free_station(sta); 1448 hostapd_drv_sta_remove(hapd, sta->addr); 1449 1450 if (sta->timeout_next == STA_NULLFUNC || 1451 sta->timeout_next == STA_DISASSOC) { 1452 sta->timeout_next = STA_DEAUTH; 1453 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1454 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1455 hapd, sta); 1456 } 1457 1458 mlme_disassociate_indication( 1459 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1460} 1461 1462 1463static void handle_deauth(struct hostapd_data *hapd, 1464 const struct ieee80211_mgmt *mgmt, size_t len) 1465{ 1466 struct sta_info *sta; 1467 1468 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1469 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1470 "payload (len=%lu)", (unsigned long) len); 1471 return; 1472 } 1473 1474 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1475 " reason_code=%d", 1476 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1477 1478 sta = ap_get_sta(hapd, mgmt->sa); 1479 if (sta == NULL) { 1480 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1481 "to deauthenticate, but it is not authenticated", 1482 MAC2STR(mgmt->sa)); 1483 return; 1484 } 1485 1486 ap_sta_set_authorized(hapd, sta, 0); 1487 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1488 WLAN_STA_ASSOC_REQ_OK); 1489 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1490 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1491 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1492 mlme_deauthenticate_indication( 1493 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1494 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1495 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1496 ap_free_sta(hapd, sta); 1497} 1498 1499 1500static void handle_beacon(struct hostapd_data *hapd, 1501 const struct ieee80211_mgmt *mgmt, size_t len, 1502 struct hostapd_frame_info *fi) 1503{ 1504 struct ieee802_11_elems elems; 1505 1506 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1507 printf("handle_beacon - too short payload (len=%lu)\n", 1508 (unsigned long) len); 1509 return; 1510 } 1511 1512 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1513 len - (IEEE80211_HDRLEN + 1514 sizeof(mgmt->u.beacon)), &elems, 1515 0); 1516 1517 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1518} 1519 1520 1521#ifdef CONFIG_IEEE80211W 1522 1523static void hostapd_sa_query_action(struct hostapd_data *hapd, 1524 const struct ieee80211_mgmt *mgmt, 1525 size_t len) 1526{ 1527 const u8 *end; 1528 1529 end = mgmt->u.action.u.sa_query_resp.trans_id + 1530 WLAN_SA_QUERY_TR_ID_LEN; 1531 if (((u8 *) mgmt) + len < end) { 1532 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1533 "frame (len=%lu)", (unsigned long) len); 1534 return; 1535 } 1536 1537 ieee802_11_sa_query_action(hapd, mgmt->sa, 1538 mgmt->u.action.u.sa_query_resp.action, 1539 mgmt->u.action.u.sa_query_resp.trans_id); 1540} 1541 1542 1543static int robust_action_frame(u8 category) 1544{ 1545 return category != WLAN_ACTION_PUBLIC && 1546 category != WLAN_ACTION_HT; 1547} 1548#endif /* CONFIG_IEEE80211W */ 1549 1550 1551#ifdef CONFIG_WNM 1552static void hostapd_wnm_action(struct hostapd_data *hapd, struct sta_info *sta, 1553 const struct ieee80211_mgmt *mgmt, 1554 size_t len) 1555{ 1556 struct rx_action action; 1557 if (len < IEEE80211_HDRLEN + 2) 1558 return; 1559 os_memset(&action, 0, sizeof(action)); 1560 action.da = mgmt->da; 1561 action.sa = mgmt->sa; 1562 action.bssid = mgmt->bssid; 1563 action.category = mgmt->u.action.category; 1564 action.data = (const u8 *) &mgmt->u.action.u.wnm_sleep_req.action; 1565 action.len = len - IEEE80211_HDRLEN - 1; 1566 action.freq = hapd->iface->freq; 1567 ieee802_11_rx_wnm_action_ap(hapd, &action); 1568} 1569#endif /* CONFIG_WNM */ 1570 1571 1572static void handle_action(struct hostapd_data *hapd, 1573 const struct ieee80211_mgmt *mgmt, size_t len) 1574{ 1575 struct sta_info *sta; 1576 sta = ap_get_sta(hapd, mgmt->sa); 1577 1578 if (len < IEEE80211_HDRLEN + 1) { 1579 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1580 HOSTAPD_LEVEL_DEBUG, 1581 "handle_action - too short payload (len=%lu)", 1582 (unsigned long) len); 1583 return; 1584 } 1585 1586 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 1587 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 1588 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 1589 "frame (category=%u) from unassociated STA " MACSTR, 1590 MAC2STR(mgmt->sa), mgmt->u.action.category); 1591 return; 1592 } 1593 1594#ifdef CONFIG_IEEE80211W 1595 if (sta && (sta->flags & WLAN_STA_MFP) && 1596 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP) && 1597 robust_action_frame(mgmt->u.action.category))) { 1598 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1599 HOSTAPD_LEVEL_DEBUG, 1600 "Dropped unprotected Robust Action frame from " 1601 "an MFP STA"); 1602 return; 1603 } 1604#endif /* CONFIG_IEEE80211W */ 1605 1606 switch (mgmt->u.action.category) { 1607#ifdef CONFIG_IEEE80211R 1608 case WLAN_ACTION_FT: 1609 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1610 len - IEEE80211_HDRLEN)) 1611 break; 1612 return; 1613#endif /* CONFIG_IEEE80211R */ 1614 case WLAN_ACTION_WMM: 1615 hostapd_wmm_action(hapd, mgmt, len); 1616 return; 1617#ifdef CONFIG_IEEE80211W 1618 case WLAN_ACTION_SA_QUERY: 1619 hostapd_sa_query_action(hapd, mgmt, len); 1620 return; 1621#endif /* CONFIG_IEEE80211W */ 1622#ifdef CONFIG_WNM 1623 case WLAN_ACTION_WNM: 1624 hostapd_wnm_action(hapd, sta, mgmt, len); 1625 return; 1626#endif /* CONFIG_WNM */ 1627 case WLAN_ACTION_PUBLIC: 1628 if (hapd->public_action_cb) { 1629 hapd->public_action_cb(hapd->public_action_cb_ctx, 1630 (u8 *) mgmt, len, 1631 hapd->iface->freq); 1632 } 1633 if (hapd->public_action_cb2) { 1634 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 1635 (u8 *) mgmt, len, 1636 hapd->iface->freq); 1637 } 1638 if (hapd->public_action_cb || hapd->public_action_cb2) 1639 return; 1640 break; 1641 case WLAN_ACTION_VENDOR_SPECIFIC: 1642 if (hapd->vendor_action_cb) { 1643 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1644 (u8 *) mgmt, len, 1645 hapd->iface->freq) == 0) 1646 return; 1647 } 1648 break; 1649 } 1650 1651 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1652 HOSTAPD_LEVEL_DEBUG, 1653 "handle_action - unknown action category %d or invalid " 1654 "frame", 1655 mgmt->u.action.category); 1656 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1657 !(mgmt->sa[0] & 0x01)) { 1658 struct ieee80211_mgmt *resp; 1659 1660 /* 1661 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1662 * Return the Action frame to the source without change 1663 * except that MSB of the Category set to 1. 1664 */ 1665 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1666 "frame back to sender"); 1667 resp = os_malloc(len); 1668 if (resp == NULL) 1669 return; 1670 os_memcpy(resp, mgmt, len); 1671 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1672 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1673 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1674 resp->u.action.category |= 0x80; 1675 1676 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 1677 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 1678 "Action frame"); 1679 } 1680 os_free(resp); 1681 } 1682} 1683 1684 1685/** 1686 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1687 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1688 * sent to) 1689 * @buf: management frame data (starting from IEEE 802.11 header) 1690 * @len: length of frame data in octets 1691 * @fi: meta data about received frame (signal level, etc.) 1692 * 1693 * Process all incoming IEEE 802.11 management frames. This will be called for 1694 * each frame received from the kernel driver through wlan#ap interface. In 1695 * addition, it can be called to re-inserted pending frames (e.g., when using 1696 * external RADIUS server as an MAC ACL). 1697 */ 1698void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1699 struct hostapd_frame_info *fi) 1700{ 1701 struct ieee80211_mgmt *mgmt; 1702 int broadcast; 1703 u16 fc, stype; 1704 1705 if (len < 24) 1706 return; 1707 1708 mgmt = (struct ieee80211_mgmt *) buf; 1709 fc = le_to_host16(mgmt->frame_control); 1710 stype = WLAN_FC_GET_STYPE(fc); 1711 1712 if (stype == WLAN_FC_STYPE_BEACON) { 1713 handle_beacon(hapd, mgmt, len, fi); 1714 return; 1715 } 1716 1717 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1718 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1719 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1720 1721 if (!broadcast && 1722#ifdef CONFIG_P2P 1723 /* Invitation responses can be sent with the peer MAC as BSSID */ 1724 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1725 stype == WLAN_FC_STYPE_ACTION) && 1726#endif /* CONFIG_P2P */ 1727 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1728 printf("MGMT: BSSID=" MACSTR " not our address\n", 1729 MAC2STR(mgmt->bssid)); 1730 return; 1731 } 1732 1733 1734 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1735 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 1736 return; 1737 } 1738 1739 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1740 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1741 HOSTAPD_LEVEL_DEBUG, 1742 "MGMT: DA=" MACSTR " not our address", 1743 MAC2STR(mgmt->da)); 1744 return; 1745 } 1746 1747 switch (stype) { 1748 case WLAN_FC_STYPE_AUTH: 1749 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1750 handle_auth(hapd, mgmt, len); 1751 break; 1752 case WLAN_FC_STYPE_ASSOC_REQ: 1753 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1754 handle_assoc(hapd, mgmt, len, 0); 1755 break; 1756 case WLAN_FC_STYPE_REASSOC_REQ: 1757 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1758 handle_assoc(hapd, mgmt, len, 1); 1759 break; 1760 case WLAN_FC_STYPE_DISASSOC: 1761 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1762 handle_disassoc(hapd, mgmt, len); 1763 break; 1764 case WLAN_FC_STYPE_DEAUTH: 1765 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1766 handle_deauth(hapd, mgmt, len); 1767 break; 1768 case WLAN_FC_STYPE_ACTION: 1769 wpa_printf(MSG_DEBUG, "mgmt::action"); 1770 handle_action(hapd, mgmt, len); 1771 break; 1772 default: 1773 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1774 HOSTAPD_LEVEL_DEBUG, 1775 "unknown mgmt frame subtype %d", stype); 1776 break; 1777 } 1778} 1779 1780 1781static void handle_auth_cb(struct hostapd_data *hapd, 1782 const struct ieee80211_mgmt *mgmt, 1783 size_t len, int ok) 1784{ 1785 u16 auth_alg, auth_transaction, status_code; 1786 struct sta_info *sta; 1787 1788 if (!ok) { 1789 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1790 HOSTAPD_LEVEL_NOTICE, 1791 "did not acknowledge authentication response"); 1792 return; 1793 } 1794 1795 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1796 printf("handle_auth_cb - too short payload (len=%lu)\n", 1797 (unsigned long) len); 1798 return; 1799 } 1800 1801 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1802 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1803 status_code = le_to_host16(mgmt->u.auth.status_code); 1804 1805 sta = ap_get_sta(hapd, mgmt->da); 1806 if (!sta) { 1807 printf("handle_auth_cb: STA " MACSTR " not found\n", 1808 MAC2STR(mgmt->da)); 1809 return; 1810 } 1811 1812 if (status_code == WLAN_STATUS_SUCCESS && 1813 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1814 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1815 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1816 HOSTAPD_LEVEL_INFO, "authenticated"); 1817 sta->flags |= WLAN_STA_AUTH; 1818 } 1819} 1820 1821 1822static void handle_assoc_cb(struct hostapd_data *hapd, 1823 const struct ieee80211_mgmt *mgmt, 1824 size_t len, int reassoc, int ok) 1825{ 1826 u16 status; 1827 struct sta_info *sta; 1828 int new_assoc = 1; 1829 struct ieee80211_ht_capabilities ht_cap; 1830 struct ieee80211_vht_capabilities vht_cap; 1831 1832 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1833 sizeof(mgmt->u.assoc_resp))) { 1834 printf("handle_assoc_cb(reassoc=%d) - too short payload " 1835 "(len=%lu)\n", reassoc, (unsigned long) len); 1836 return; 1837 } 1838 1839 sta = ap_get_sta(hapd, mgmt->da); 1840 if (!sta) { 1841 printf("handle_assoc_cb: STA " MACSTR " not found\n", 1842 MAC2STR(mgmt->da)); 1843 return; 1844 } 1845 1846 if (!ok) { 1847 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1848 HOSTAPD_LEVEL_DEBUG, 1849 "did not acknowledge association response"); 1850 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 1851 return; 1852 } 1853 1854 if (reassoc) 1855 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1856 else 1857 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1858 1859 if (status != WLAN_STATUS_SUCCESS) 1860 goto fail; 1861 1862 /* Stop previous accounting session, if one is started, and allocate 1863 * new session id for the new session. */ 1864 accounting_sta_stop(hapd, sta); 1865 1866 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1867 HOSTAPD_LEVEL_INFO, 1868 "associated (aid %d)", 1869 sta->aid); 1870 1871 if (sta->flags & WLAN_STA_ASSOC) 1872 new_assoc = 0; 1873 sta->flags |= WLAN_STA_ASSOC; 1874 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa) || 1875 sta->auth_alg == WLAN_AUTH_FT) { 1876 /* 1877 * Open, static WEP, or FT protocol; no separate authorization 1878 * step. 1879 */ 1880 ap_sta_set_authorized(hapd, sta, 1); 1881 } 1882 1883 if (reassoc) 1884 mlme_reassociate_indication(hapd, sta); 1885 else 1886 mlme_associate_indication(hapd, sta); 1887 1888#ifdef CONFIG_IEEE80211W 1889 sta->sa_query_timed_out = 0; 1890#endif /* CONFIG_IEEE80211W */ 1891 1892 /* 1893 * Remove the STA entry in order to make sure the STA PS state gets 1894 * cleared and configuration gets updated in case of reassociation back 1895 * to the same AP. 1896 */ 1897 hostapd_drv_sta_remove(hapd, sta->addr); 1898 1899#ifdef CONFIG_IEEE80211N 1900 if (sta->flags & WLAN_STA_HT) 1901 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1902#endif /* CONFIG_IEEE80211N */ 1903#ifdef CONFIG_IEEE80211AC 1904 if (sta->flags & WLAN_STA_VHT) 1905 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1906#endif /* CONFIG_IEEE80211AC */ 1907 1908 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1909 sta->supported_rates, sta->supported_rates_len, 1910 sta->listen_interval, 1911 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1912 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1913 sta->flags, sta->qosinfo)) { 1914 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1915 HOSTAPD_LEVEL_NOTICE, 1916 "Could not add STA to kernel driver"); 1917 1918 ap_sta_disconnect(hapd, sta, sta->addr, 1919 WLAN_REASON_DISASSOC_AP_BUSY); 1920 1921 goto fail; 1922 } 1923 1924 if (sta->flags & WLAN_STA_WDS) 1925 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 1926 1927 if (sta->eapol_sm == NULL) { 1928 /* 1929 * This STA does not use RADIUS server for EAP authentication, 1930 * so bind it to the selected VLAN interface now, since the 1931 * interface selection is not going to change anymore. 1932 */ 1933 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1934 goto fail; 1935 } else if (sta->vlan_id) { 1936 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 1937 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1938 goto fail; 1939 } 1940 1941 hostapd_set_sta_flags(hapd, sta); 1942 1943 if (sta->auth_alg == WLAN_AUTH_FT) 1944 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 1945 else 1946 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 1947 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 1948 1949 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 1950 1951 fail: 1952 /* Copy of the association request is not needed anymore */ 1953 if (sta->last_assoc_req) { 1954 os_free(sta->last_assoc_req); 1955 sta->last_assoc_req = NULL; 1956 } 1957} 1958 1959 1960static void handle_deauth_cb(struct hostapd_data *hapd, 1961 const struct ieee80211_mgmt *mgmt, 1962 size_t len, int ok) 1963{ 1964 struct sta_info *sta; 1965 if (mgmt->da[0] & 0x01) 1966 return; 1967 sta = ap_get_sta(hapd, mgmt->da); 1968 if (!sta) { 1969 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 1970 " not found", MAC2STR(mgmt->da)); 1971 return; 1972 } 1973 if (ok) 1974 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 1975 MAC2STR(sta->addr)); 1976 else 1977 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1978 "deauth", MAC2STR(sta->addr)); 1979 1980 ap_sta_deauth_cb(hapd, sta); 1981} 1982 1983 1984static void handle_disassoc_cb(struct hostapd_data *hapd, 1985 const struct ieee80211_mgmt *mgmt, 1986 size_t len, int ok) 1987{ 1988 struct sta_info *sta; 1989 if (mgmt->da[0] & 0x01) 1990 return; 1991 sta = ap_get_sta(hapd, mgmt->da); 1992 if (!sta) { 1993 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 1994 " not found", MAC2STR(mgmt->da)); 1995 return; 1996 } 1997 if (ok) 1998 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 1999 MAC2STR(sta->addr)); 2000 else 2001 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2002 "disassoc", MAC2STR(sta->addr)); 2003 2004 ap_sta_disassoc_cb(hapd, sta); 2005} 2006 2007 2008/** 2009 * ieee802_11_mgmt_cb - Process management frame TX status callback 2010 * @hapd: hostapd BSS data structure (the BSS from which the management frame 2011 * was sent from) 2012 * @buf: management frame data (starting from IEEE 802.11 header) 2013 * @len: length of frame data in octets 2014 * @stype: management frame subtype from frame control field 2015 * @ok: Whether the frame was ACK'ed 2016 */ 2017void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 2018 u16 stype, int ok) 2019{ 2020 const struct ieee80211_mgmt *mgmt; 2021 mgmt = (const struct ieee80211_mgmt *) buf; 2022 2023 switch (stype) { 2024 case WLAN_FC_STYPE_AUTH: 2025 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 2026 handle_auth_cb(hapd, mgmt, len, ok); 2027 break; 2028 case WLAN_FC_STYPE_ASSOC_RESP: 2029 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 2030 handle_assoc_cb(hapd, mgmt, len, 0, ok); 2031 break; 2032 case WLAN_FC_STYPE_REASSOC_RESP: 2033 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 2034 handle_assoc_cb(hapd, mgmt, len, 1, ok); 2035 break; 2036 case WLAN_FC_STYPE_PROBE_RESP: 2037 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 2038 break; 2039 case WLAN_FC_STYPE_DEAUTH: 2040 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 2041 handle_deauth_cb(hapd, mgmt, len, ok); 2042 break; 2043 case WLAN_FC_STYPE_DISASSOC: 2044 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 2045 handle_disassoc_cb(hapd, mgmt, len, ok); 2046 break; 2047 case WLAN_FC_STYPE_ACTION: 2048 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 2049 break; 2050 default: 2051 printf("unknown mgmt cb frame subtype %d\n", stype); 2052 break; 2053 } 2054} 2055 2056 2057int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2058{ 2059 /* TODO */ 2060 return 0; 2061} 2062 2063 2064int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 2065 char *buf, size_t buflen) 2066{ 2067 /* TODO */ 2068 return 0; 2069} 2070 2071 2072void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 2073 const u8 *buf, size_t len, int ack) 2074{ 2075 struct sta_info *sta; 2076 struct hostapd_iface *iface = hapd->iface; 2077 2078 sta = ap_get_sta(hapd, addr); 2079 if (sta == NULL && iface->num_bss > 1) { 2080 size_t j; 2081 for (j = 0; j < iface->num_bss; j++) { 2082 hapd = iface->bss[j]; 2083 sta = ap_get_sta(hapd, addr); 2084 if (sta) 2085 break; 2086 } 2087 } 2088 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 2089 return; 2090 if (sta->flags & WLAN_STA_PENDING_POLL) { 2091 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 2092 "activity poll", MAC2STR(sta->addr), 2093 ack ? "ACKed" : "did not ACK"); 2094 if (ack) 2095 sta->flags &= ~WLAN_STA_PENDING_POLL; 2096 } 2097 2098 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 2099} 2100 2101 2102void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 2103 const u8 *data, size_t len, int ack) 2104{ 2105 struct sta_info *sta; 2106 struct hostapd_iface *iface = hapd->iface; 2107 2108 sta = ap_get_sta(hapd, dst); 2109 if (sta == NULL && iface->num_bss > 1) { 2110 size_t j; 2111 for (j = 0; j < iface->num_bss; j++) { 2112 hapd = iface->bss[j]; 2113 sta = ap_get_sta(hapd, dst); 2114 if (sta) 2115 break; 2116 } 2117 } 2118 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 2119 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 2120 MACSTR " that is not currently associated", 2121 MAC2STR(dst)); 2122 return; 2123 } 2124 2125 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 2126} 2127 2128 2129void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 2130{ 2131 struct sta_info *sta; 2132 struct hostapd_iface *iface = hapd->iface; 2133 2134 sta = ap_get_sta(hapd, addr); 2135 if (sta == NULL && iface->num_bss > 1) { 2136 size_t j; 2137 for (j = 0; j < iface->num_bss; j++) { 2138 hapd = iface->bss[j]; 2139 sta = ap_get_sta(hapd, addr); 2140 if (sta) 2141 break; 2142 } 2143 } 2144 if (sta == NULL) 2145 return; 2146 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 2147 return; 2148 2149 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 2150 "activity poll", MAC2STR(sta->addr)); 2151 sta->flags &= ~WLAN_STA_PENDING_POLL; 2152} 2153 2154 2155void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 2156 int wds) 2157{ 2158 struct sta_info *sta; 2159 2160 sta = ap_get_sta(hapd, src); 2161 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 2162 if (!hapd->conf->wds_sta) 2163 return; 2164 2165 if (wds && !(sta->flags & WLAN_STA_WDS)) { 2166 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 2167 "STA " MACSTR " (aid %u)", 2168 MAC2STR(sta->addr), sta->aid); 2169 sta->flags |= WLAN_STA_WDS; 2170 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 2171 } 2172 return; 2173 } 2174 2175 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 2176 MACSTR, MAC2STR(src)); 2177 if (src[0] & 0x01) { 2178 /* Broadcast bit set in SA?! Ignore the frame silently. */ 2179 return; 2180 } 2181 2182 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 2183 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 2184 "already been sent, but no TX status yet known - " 2185 "ignore Class 3 frame issue with " MACSTR, 2186 MAC2STR(src)); 2187 return; 2188 } 2189 2190 if (sta && (sta->flags & WLAN_STA_AUTH)) 2191 hostapd_drv_sta_disassoc( 2192 hapd, src, 2193 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2194 else 2195 hostapd_drv_sta_deauth( 2196 hapd, src, 2197 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2198} 2199 2200 2201#endif /* CONFIG_NATIVE_WINDOWS */ 2202