ieee802_11.c revision cce06667447b5aec83452adb0c15100ada531095
1/* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#ifndef CONFIG_NATIVE_WINDOWS 12 13#include "utils/common.h" 14#include "utils/eloop.h" 15#include "crypto/crypto.h" 16#include "crypto/sha256.h" 17#include "crypto/random.h" 18#include "drivers/driver.h" 19#include "common/ieee802_11_defs.h" 20#include "common/ieee802_11_common.h" 21#include "common/wpa_ctrl.h" 22#include "common/sae.h" 23#include "radius/radius.h" 24#include "radius/radius_client.h" 25#include "p2p/p2p.h" 26#include "wps/wps.h" 27#include "hostapd.h" 28#include "beacon.h" 29#include "ieee802_11_auth.h" 30#include "sta_info.h" 31#include "ieee802_1x.h" 32#include "wpa_auth.h" 33#include "wmm.h" 34#include "ap_list.h" 35#include "accounting.h" 36#include "ap_config.h" 37#include "ap_mlme.h" 38#include "p2p_hostapd.h" 39#include "ap_drv_ops.h" 40#include "wnm_ap.h" 41#include "ieee802_11.h" 42 43 44u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 45{ 46 u8 *pos = eid; 47 int i, num, count; 48 49 if (hapd->iface->current_rates == NULL) 50 return eid; 51 52 *pos++ = WLAN_EID_SUPP_RATES; 53 num = hapd->iface->num_rates; 54 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 55 num++; 56 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 57 num++; 58 if (num > 8) { 59 /* rest of the rates are encoded in Extended supported 60 * rates element */ 61 num = 8; 62 } 63 64 *pos++ = num; 65 count = 0; 66 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 67 i++) { 68 count++; 69 *pos = hapd->iface->current_rates[i].rate / 5; 70 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 71 *pos |= 0x80; 72 pos++; 73 } 74 75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 76 count++; 77 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 78 } 79 80 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 81 count++; 82 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 83 } 84 85 return pos; 86} 87 88 89u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 90{ 91 u8 *pos = eid; 92 int i, num, count; 93 94 if (hapd->iface->current_rates == NULL) 95 return eid; 96 97 num = hapd->iface->num_rates; 98 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 99 num++; 100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 101 num++; 102 if (num <= 8) 103 return eid; 104 num -= 8; 105 106 *pos++ = WLAN_EID_EXT_SUPP_RATES; 107 *pos++ = num; 108 count = 0; 109 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 110 i++) { 111 count++; 112 if (count <= 8) 113 continue; /* already in SuppRates IE */ 114 *pos = hapd->iface->current_rates[i].rate / 5; 115 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 116 *pos |= 0x80; 117 pos++; 118 } 119 120 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 121 count++; 122 if (count > 8) 123 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 124 } 125 126 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 127 count++; 128 if (count > 8) 129 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 130 } 131 132 return pos; 133} 134 135 136u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 137 int probe) 138{ 139 int capab = WLAN_CAPABILITY_ESS; 140 int privacy; 141 142 if (hapd->iface->num_sta_no_short_preamble == 0 && 143 hapd->iconf->preamble == SHORT_PREAMBLE) 144 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 145 146 privacy = hapd->conf->ssid.wep.keys_set; 147 148 if (hapd->conf->ieee802_1x && 149 (hapd->conf->default_wep_key_len || 150 hapd->conf->individual_wep_key_len)) 151 privacy = 1; 152 153 if (hapd->conf->wpa) 154 privacy = 1; 155 156 if (sta) { 157 int policy, def_klen; 158 if (probe && sta->ssid_probe) { 159 policy = sta->ssid_probe->security_policy; 160 def_klen = sta->ssid_probe->wep.default_len; 161 } else { 162 policy = sta->ssid->security_policy; 163 def_klen = sta->ssid->wep.default_len; 164 } 165 privacy = policy != SECURITY_PLAINTEXT; 166 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 167 privacy = 0; 168 } 169 170 if (privacy) 171 capab |= WLAN_CAPABILITY_PRIVACY; 172 173 if (hapd->iface->current_mode && 174 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 175 hapd->iface->num_sta_no_short_slot_time == 0) 176 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 177 178 return capab; 179} 180 181 182void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len) 183{ 184 int i; 185 if (len > HOSTAPD_MAX_SSID_LEN) 186 len = HOSTAPD_MAX_SSID_LEN; 187 for (i = 0; i < len; i++) { 188 if (ssid[i] >= 32 && ssid[i] < 127) 189 buf[i] = ssid[i]; 190 else 191 buf[i] = '.'; 192 } 193 buf[len] = '\0'; 194} 195 196 197static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 198 u16 auth_transaction, const u8 *challenge, 199 int iswep) 200{ 201 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 202 HOSTAPD_LEVEL_DEBUG, 203 "authentication (shared key, transaction %d)", 204 auth_transaction); 205 206 if (auth_transaction == 1) { 207 if (!sta->challenge) { 208 /* Generate a pseudo-random challenge */ 209 u8 key[8]; 210 struct os_time now; 211 int r; 212 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 213 if (sta->challenge == NULL) 214 return WLAN_STATUS_UNSPECIFIED_FAILURE; 215 216 os_get_time(&now); 217 r = os_random(); 218 os_memcpy(key, &now.sec, 4); 219 os_memcpy(key + 4, &r, 4); 220 rc4_skip(key, sizeof(key), 0, 221 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 222 } 223 return 0; 224 } 225 226 if (auth_transaction != 3) 227 return WLAN_STATUS_UNSPECIFIED_FAILURE; 228 229 /* Transaction 3 */ 230 if (!iswep || !sta->challenge || !challenge || 231 os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { 232 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 233 HOSTAPD_LEVEL_INFO, 234 "shared key authentication - invalid " 235 "challenge-response"); 236 return WLAN_STATUS_CHALLENGE_FAIL; 237 } 238 239 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 240 HOSTAPD_LEVEL_DEBUG, 241 "authentication OK (shared key)"); 242#ifdef IEEE80211_REQUIRE_AUTH_ACK 243 /* Station will be marked authenticated if it ACKs the 244 * authentication reply. */ 245#else 246 sta->flags |= WLAN_STA_AUTH; 247 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 248#endif 249 os_free(sta->challenge); 250 sta->challenge = NULL; 251 252 return 0; 253} 254 255 256static void send_auth_reply(struct hostapd_data *hapd, 257 const u8 *dst, const u8 *bssid, 258 u16 auth_alg, u16 auth_transaction, u16 resp, 259 const u8 *ies, size_t ies_len) 260{ 261 struct ieee80211_mgmt *reply; 262 u8 *buf; 263 size_t rlen; 264 265 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 266 buf = os_zalloc(rlen); 267 if (buf == NULL) 268 return; 269 270 reply = (struct ieee80211_mgmt *) buf; 271 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 272 WLAN_FC_STYPE_AUTH); 273 os_memcpy(reply->da, dst, ETH_ALEN); 274 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 275 os_memcpy(reply->bssid, bssid, ETH_ALEN); 276 277 reply->u.auth.auth_alg = host_to_le16(auth_alg); 278 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 279 reply->u.auth.status_code = host_to_le16(resp); 280 281 if (ies && ies_len) 282 os_memcpy(reply->u.auth.variable, ies, ies_len); 283 284 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 285 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 286 MAC2STR(dst), auth_alg, auth_transaction, 287 resp, (unsigned long) ies_len); 288 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 289 wpa_printf(MSG_INFO, "send_auth_reply: send"); 290 291 os_free(buf); 292} 293 294 295#ifdef CONFIG_IEEE80211R 296static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 297 u16 auth_transaction, u16 status, 298 const u8 *ies, size_t ies_len) 299{ 300 struct hostapd_data *hapd = ctx; 301 struct sta_info *sta; 302 303 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 304 status, ies, ies_len); 305 306 if (status != WLAN_STATUS_SUCCESS) 307 return; 308 309 sta = ap_get_sta(hapd, dst); 310 if (sta == NULL) 311 return; 312 313 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 314 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 315 sta->flags |= WLAN_STA_AUTH; 316 mlme_authenticate_indication(hapd, sta); 317} 318#endif /* CONFIG_IEEE80211R */ 319 320 321#ifdef CONFIG_SAE 322 323static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd, 324 struct sta_info *sta) 325{ 326 struct wpabuf *buf; 327 328 if (hapd->conf->ssid.wpa_passphrase == NULL) { 329 wpa_printf(MSG_DEBUG, "SAE: No password available"); 330 return NULL; 331 } 332 333 if (sae_prepare_commit(hapd->own_addr, sta->addr, 334 (u8 *) hapd->conf->ssid.wpa_passphrase, 335 os_strlen(hapd->conf->ssid.wpa_passphrase), 336 sta->sae) < 0) { 337 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 338 return NULL; 339 } 340 341 if (sae_process_commit(sta->sae) < 0) { 342 wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); 343 return NULL; 344 } 345 346 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 347 if (buf == NULL) 348 return NULL; 349 sae_write_commit(sta->sae, buf, NULL); 350 351 return buf; 352} 353 354 355static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 356 struct sta_info *sta) 357{ 358 struct wpabuf *buf; 359 360 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 361 if (buf == NULL) 362 return NULL; 363 364 sae_write_confirm(sta->sae, buf); 365 366 return buf; 367} 368 369 370static int use_sae_anti_clogging(struct hostapd_data *hapd) 371{ 372 struct sta_info *sta; 373 unsigned int open = 0; 374 375 if (hapd->conf->sae_anti_clogging_threshold == 0) 376 return 1; 377 378 for (sta = hapd->sta_list; sta; sta = sta->next) { 379 if (!sta->sae) 380 continue; 381 if (sta->sae->state != SAE_COMMITTED && 382 sta->sae->state != SAE_CONFIRMED) 383 continue; 384 open++; 385 if (open >= hapd->conf->sae_anti_clogging_threshold) 386 return 1; 387 } 388 389 return 0; 390} 391 392 393static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 394 const u8 *token, size_t token_len) 395{ 396 u8 mac[SHA256_MAC_LEN]; 397 398 if (token_len != SHA256_MAC_LEN) 399 return -1; 400 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 401 addr, ETH_ALEN, mac) < 0 || 402 os_memcmp(token, mac, SHA256_MAC_LEN) != 0) 403 return -1; 404 405 return 0; 406} 407 408 409static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 410 const u8 *addr) 411{ 412 struct wpabuf *buf; 413 u8 *token; 414 struct os_time t; 415 416 os_get_time(&t); 417 if (hapd->last_sae_token_key_update == 0 || 418 t.sec > hapd->last_sae_token_key_update + 60) { 419 if (random_get_bytes(hapd->sae_token_key, 420 sizeof(hapd->sae_token_key)) < 0) 421 return NULL; 422 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 423 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 424 hapd->last_sae_token_key_update = t.sec; 425 } 426 427 buf = wpabuf_alloc(SHA256_MAC_LEN); 428 if (buf == NULL) 429 return NULL; 430 431 token = wpabuf_put(buf, SHA256_MAC_LEN); 432 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 433 addr, ETH_ALEN, token); 434 435 return buf; 436} 437 438 439static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 440 const struct ieee80211_mgmt *mgmt, size_t len, 441 u8 auth_transaction) 442{ 443 u16 resp = WLAN_STATUS_SUCCESS; 444 struct wpabuf *data = NULL; 445 446 if (!sta->sae) { 447 if (auth_transaction != 1) 448 return; 449 sta->sae = os_zalloc(sizeof(*sta->sae)); 450 if (sta->sae == NULL) 451 return; 452 sta->sae->state = SAE_NOTHING; 453 } 454 455 if (auth_transaction == 1) { 456 const u8 *token = NULL; 457 size_t token_len = 0; 458 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 459 HOSTAPD_LEVEL_DEBUG, 460 "start SAE authentication (RX commit)"); 461 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 462 ((const u8 *) mgmt) + len - 463 mgmt->u.auth.variable, &token, 464 &token_len, hapd->conf->sae_groups); 465 if (token && check_sae_token(hapd, sta->addr, token, token_len) 466 < 0) { 467 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 468 "incorrect token from " MACSTR, 469 MAC2STR(sta->addr)); 470 return; 471 } 472 473 if (resp == WLAN_STATUS_SUCCESS) { 474 if (!token && use_sae_anti_clogging(hapd)) { 475 wpa_printf(MSG_DEBUG, "SAE: Request anti-" 476 "clogging token from " MACSTR, 477 MAC2STR(sta->addr)); 478 data = auth_build_token_req(hapd, sta->addr); 479 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 480 } else { 481 data = auth_process_sae_commit(hapd, sta); 482 if (data == NULL) 483 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 484 else 485 sta->sae->state = SAE_COMMITTED; 486 } 487 } 488 } else if (auth_transaction == 2) { 489 if (sta->sae->state != SAE_COMMITTED) { 490 hostapd_logger(hapd, sta->addr, 491 HOSTAPD_MODULE_IEEE80211, 492 HOSTAPD_LEVEL_DEBUG, 493 "SAE confirm before commit"); 494 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 495 } 496 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 497 HOSTAPD_LEVEL_DEBUG, 498 "SAE authentication (RX confirm)"); 499 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 500 ((u8 *) mgmt) + len - 501 mgmt->u.auth.variable) < 0) { 502 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 503 } else { 504 resp = WLAN_STATUS_SUCCESS; 505 sta->flags |= WLAN_STA_AUTH; 506 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 507 sta->auth_alg = WLAN_AUTH_SAE; 508 mlme_authenticate_indication(hapd, sta); 509 510 data = auth_build_sae_confirm(hapd, sta); 511 if (data == NULL) 512 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 513 else { 514 sta->sae->state = SAE_ACCEPTED; 515 sae_clear_temp_data(sta->sae); 516 } 517 } 518 } else { 519 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 520 HOSTAPD_LEVEL_DEBUG, 521 "unexpected SAE authentication transaction %u", 522 auth_transaction); 523 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 524 } 525 526 sta->auth_alg = WLAN_AUTH_SAE; 527 528 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 529 auth_transaction, resp, 530 data ? wpabuf_head(data) : (u8 *) "", 531 data ? wpabuf_len(data) : 0); 532 wpabuf_free(data); 533} 534#endif /* CONFIG_SAE */ 535 536 537static void handle_auth(struct hostapd_data *hapd, 538 const struct ieee80211_mgmt *mgmt, size_t len) 539{ 540 u16 auth_alg, auth_transaction, status_code; 541 u16 resp = WLAN_STATUS_SUCCESS; 542 struct sta_info *sta = NULL; 543 int res; 544 u16 fc; 545 const u8 *challenge = NULL; 546 u32 session_timeout, acct_interim_interval; 547 int vlan_id = 0; 548 struct hostapd_sta_wpa_psk_short *psk = NULL; 549 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 550 size_t resp_ies_len = 0; 551 char *identity = NULL; 552 char *radius_cui = NULL; 553 554 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 555 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", 556 (unsigned long) len); 557 return; 558 } 559 560#ifdef CONFIG_TESTING_OPTIONS 561 if (hapd->iconf->ignore_auth_probability > 0.0d && 562 drand48() < hapd->iconf->ignore_auth_probability) { 563 wpa_printf(MSG_INFO, 564 "TESTING: ignoring auth frame from " MACSTR, 565 MAC2STR(mgmt->sa)); 566 return; 567 } 568#endif /* CONFIG_TESTING_OPTIONS */ 569 570 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 571 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 572 status_code = le_to_host16(mgmt->u.auth.status_code); 573 fc = le_to_host16(mgmt->frame_control); 574 575 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 576 2 + WLAN_AUTH_CHALLENGE_LEN && 577 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 578 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 579 challenge = &mgmt->u.auth.variable[2]; 580 581 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 582 "auth_transaction=%d status_code=%d wep=%d%s", 583 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 584 status_code, !!(fc & WLAN_FC_ISWEP), 585 challenge ? " challenge" : ""); 586 587 if (hapd->tkip_countermeasures) { 588 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 589 goto fail; 590 } 591 592 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 593 auth_alg == WLAN_AUTH_OPEN) || 594#ifdef CONFIG_IEEE80211R 595 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 596 auth_alg == WLAN_AUTH_FT) || 597#endif /* CONFIG_IEEE80211R */ 598#ifdef CONFIG_SAE 599 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 600 auth_alg == WLAN_AUTH_SAE) || 601#endif /* CONFIG_SAE */ 602 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 603 auth_alg == WLAN_AUTH_SHARED_KEY))) { 604 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)", 605 auth_alg); 606 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 607 goto fail; 608 } 609 610 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 611 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 612 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)", 613 auth_transaction); 614 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 615 goto fail; 616 } 617 618 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 619 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 620 MAC2STR(mgmt->sa)); 621 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 622 goto fail; 623 } 624 625 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 626 &session_timeout, 627 &acct_interim_interval, &vlan_id, 628 &psk, &identity, &radius_cui); 629 630 if (res == HOSTAPD_ACL_REJECT) { 631 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 632 MAC2STR(mgmt->sa)); 633 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 634 goto fail; 635 } 636 if (res == HOSTAPD_ACL_PENDING) { 637 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 638 " waiting for an external authentication", 639 MAC2STR(mgmt->sa)); 640 /* Authentication code will re-send the authentication frame 641 * after it has received (and cached) information from the 642 * external source. */ 643 return; 644 } 645 646 sta = ap_sta_add(hapd, mgmt->sa); 647 if (!sta) { 648 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 649 goto fail; 650 } 651 652 if (vlan_id > 0) { 653 if (!hostapd_vlan_id_valid(hapd->conf->vlan, vlan_id)) { 654 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 655 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 656 "%d received from RADIUS server", 657 vlan_id); 658 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 659 goto fail; 660 } 661 sta->vlan_id = vlan_id; 662 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 663 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 664 } 665 666 hostapd_free_psk_list(sta->psk); 667 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 668 sta->psk = psk; 669 psk = NULL; 670 } else { 671 sta->psk = NULL; 672 } 673 674 sta->identity = identity; 675 identity = NULL; 676 sta->radius_cui = radius_cui; 677 radius_cui = NULL; 678 679 sta->flags &= ~WLAN_STA_PREAUTH; 680 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 681 682 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 683 sta->acct_interim_interval = acct_interim_interval; 684 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 685 ap_sta_session_timeout(hapd, sta, session_timeout); 686 else 687 ap_sta_no_session_timeout(hapd, sta); 688 689 switch (auth_alg) { 690 case WLAN_AUTH_OPEN: 691 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 692 HOSTAPD_LEVEL_DEBUG, 693 "authentication OK (open system)"); 694#ifdef IEEE80211_REQUIRE_AUTH_ACK 695 /* Station will be marked authenticated if it ACKs the 696 * authentication reply. */ 697#else 698 sta->flags |= WLAN_STA_AUTH; 699 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 700 sta->auth_alg = WLAN_AUTH_OPEN; 701 mlme_authenticate_indication(hapd, sta); 702#endif 703 break; 704 case WLAN_AUTH_SHARED_KEY: 705 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 706 fc & WLAN_FC_ISWEP); 707 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 708 mlme_authenticate_indication(hapd, sta); 709 if (sta->challenge && auth_transaction == 1) { 710 resp_ies[0] = WLAN_EID_CHALLENGE; 711 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 712 os_memcpy(resp_ies + 2, sta->challenge, 713 WLAN_AUTH_CHALLENGE_LEN); 714 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 715 } 716 break; 717#ifdef CONFIG_IEEE80211R 718 case WLAN_AUTH_FT: 719 sta->auth_alg = WLAN_AUTH_FT; 720 if (sta->wpa_sm == NULL) 721 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 722 sta->addr, NULL); 723 if (sta->wpa_sm == NULL) { 724 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 725 "state machine"); 726 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 727 goto fail; 728 } 729 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 730 auth_transaction, mgmt->u.auth.variable, 731 len - IEEE80211_HDRLEN - 732 sizeof(mgmt->u.auth), 733 handle_auth_ft_finish, hapd); 734 /* handle_auth_ft_finish() callback will complete auth. */ 735 return; 736#endif /* CONFIG_IEEE80211R */ 737#ifdef CONFIG_SAE 738 case WLAN_AUTH_SAE: 739 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction); 740 return; 741#endif /* CONFIG_SAE */ 742 } 743 744 fail: 745 os_free(identity); 746 os_free(radius_cui); 747 hostapd_free_psk_list(psk); 748 749 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 750 auth_transaction + 1, resp, resp_ies, resp_ies_len); 751} 752 753 754static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 755{ 756 int i, j = 32, aid; 757 758 /* get a unique AID */ 759 if (sta->aid > 0) { 760 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 761 return 0; 762 } 763 764 for (i = 0; i < AID_WORDS; i++) { 765 if (hapd->sta_aid[i] == (u32) -1) 766 continue; 767 for (j = 0; j < 32; j++) { 768 if (!(hapd->sta_aid[i] & BIT(j))) 769 break; 770 } 771 if (j < 32) 772 break; 773 } 774 if (j == 32) 775 return -1; 776 aid = i * 32 + j + 1; 777 if (aid > 2007) 778 return -1; 779 780 sta->aid = aid; 781 hapd->sta_aid[i] |= BIT(j); 782 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 783 return 0; 784} 785 786 787static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 788 const u8 *ssid_ie, size_t ssid_ie_len) 789{ 790 if (ssid_ie == NULL) 791 return WLAN_STATUS_UNSPECIFIED_FAILURE; 792 793 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 794 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 795 char ssid_txt[33]; 796 ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); 797 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 798 HOSTAPD_LEVEL_INFO, 799 "Station tried to associate with unknown SSID " 800 "'%s'", ssid_txt); 801 return WLAN_STATUS_UNSPECIFIED_FAILURE; 802 } 803 804 return WLAN_STATUS_SUCCESS; 805} 806 807 808static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 809 const u8 *wmm_ie, size_t wmm_ie_len) 810{ 811 sta->flags &= ~WLAN_STA_WMM; 812 sta->qosinfo = 0; 813 if (wmm_ie && hapd->conf->wmm_enabled) { 814 struct wmm_information_element *wmm; 815 816 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 817 hostapd_logger(hapd, sta->addr, 818 HOSTAPD_MODULE_WPA, 819 HOSTAPD_LEVEL_DEBUG, 820 "invalid WMM element in association " 821 "request"); 822 return WLAN_STATUS_UNSPECIFIED_FAILURE; 823 } 824 825 sta->flags |= WLAN_STA_WMM; 826 wmm = (struct wmm_information_element *) wmm_ie; 827 sta->qosinfo = wmm->qos_info; 828 } 829 return WLAN_STATUS_SUCCESS; 830} 831 832 833static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 834 struct ieee802_11_elems *elems) 835{ 836 if (!elems->supp_rates) { 837 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 838 HOSTAPD_LEVEL_DEBUG, 839 "No supported rates element in AssocReq"); 840 return WLAN_STATUS_UNSPECIFIED_FAILURE; 841 } 842 843 if (elems->supp_rates_len + elems->ext_supp_rates_len > 844 sizeof(sta->supported_rates)) { 845 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 846 HOSTAPD_LEVEL_DEBUG, 847 "Invalid supported rates element length %d+%d", 848 elems->supp_rates_len, 849 elems->ext_supp_rates_len); 850 return WLAN_STATUS_UNSPECIFIED_FAILURE; 851 } 852 853 sta->supported_rates_len = merge_byte_arrays( 854 sta->supported_rates, sizeof(sta->supported_rates), 855 elems->supp_rates, elems->supp_rates_len, 856 elems->ext_supp_rates, elems->ext_supp_rates_len); 857 858 return WLAN_STATUS_SUCCESS; 859} 860 861 862static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, 863 const u8 *ext_capab_ie, size_t ext_capab_ie_len) 864{ 865#ifdef CONFIG_INTERWORKING 866 /* check for QoS Map support */ 867 if (ext_capab_ie_len >= 5) { 868 if (ext_capab_ie[4] & 0x01) 869 sta->qos_map_enabled = 1; 870 } 871#endif /* CONFIG_INTERWORKING */ 872 873 return WLAN_STATUS_SUCCESS; 874} 875 876 877static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 878 const u8 *ies, size_t ies_len, int reassoc) 879{ 880 struct ieee802_11_elems elems; 881 u16 resp; 882 const u8 *wpa_ie; 883 size_t wpa_ie_len; 884 const u8 *p2p_dev_addr = NULL; 885 886 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 887 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 888 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 889 "association request"); 890 return WLAN_STATUS_UNSPECIFIED_FAILURE; 891 } 892 893 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 894 if (resp != WLAN_STATUS_SUCCESS) 895 return resp; 896 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 897 if (resp != WLAN_STATUS_SUCCESS) 898 return resp; 899 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len); 900 if (resp != WLAN_STATUS_SUCCESS) 901 return resp; 902 resp = copy_supp_rates(hapd, sta, &elems); 903 if (resp != WLAN_STATUS_SUCCESS) 904 return resp; 905#ifdef CONFIG_IEEE80211N 906 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 907 elems.ht_capabilities_len); 908 if (resp != WLAN_STATUS_SUCCESS) 909 return resp; 910 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 911 !(sta->flags & WLAN_STA_HT)) { 912 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 913 HOSTAPD_LEVEL_INFO, "Station does not support " 914 "mandatory HT PHY - reject association"); 915 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 916 } 917#endif /* CONFIG_IEEE80211N */ 918 919#ifdef CONFIG_IEEE80211AC 920 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities, 921 elems.vht_capabilities_len); 922 if (resp != WLAN_STATUS_SUCCESS) 923 return resp; 924 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 925 !(sta->flags & WLAN_STA_VHT)) { 926 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 927 HOSTAPD_LEVEL_INFO, "Station does not support " 928 "mandatory VHT PHY - reject association"); 929 return WLAN_STATUS_UNSPECIFIED_FAILURE; 930 } 931#endif /* CONFIG_IEEE80211AC */ 932 933#ifdef CONFIG_P2P 934 if (elems.p2p) { 935 wpabuf_free(sta->p2p_ie); 936 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 937 P2P_IE_VENDOR_TYPE); 938 if (sta->p2p_ie) 939 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 940 } else { 941 wpabuf_free(sta->p2p_ie); 942 sta->p2p_ie = NULL; 943 } 944#endif /* CONFIG_P2P */ 945 946 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 947 wpa_ie = elems.rsn_ie; 948 wpa_ie_len = elems.rsn_ie_len; 949 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 950 elems.wpa_ie) { 951 wpa_ie = elems.wpa_ie; 952 wpa_ie_len = elems.wpa_ie_len; 953 } else { 954 wpa_ie = NULL; 955 wpa_ie_len = 0; 956 } 957 958#ifdef CONFIG_WPS 959 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 960 if (hapd->conf->wps_state && elems.wps_ie) { 961 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 962 "Request - assume WPS is used"); 963 sta->flags |= WLAN_STA_WPS; 964 wpabuf_free(sta->wps_ie); 965 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 966 WPS_IE_VENDOR_TYPE); 967 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 968 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 969 sta->flags |= WLAN_STA_WPS2; 970 } 971 wpa_ie = NULL; 972 wpa_ie_len = 0; 973 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 974 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 975 "(Re)Association Request - reject"); 976 return WLAN_STATUS_INVALID_IE; 977 } 978 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 979 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 980 "(Re)Association Request - possible WPS use"); 981 sta->flags |= WLAN_STA_MAYBE_WPS; 982 } else 983#endif /* CONFIG_WPS */ 984 if (hapd->conf->wpa && wpa_ie == NULL) { 985 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 986 HOSTAPD_LEVEL_INFO, 987 "No WPA/RSN IE in association request"); 988 return WLAN_STATUS_INVALID_IE; 989 } 990 991 if (hapd->conf->wpa && wpa_ie) { 992 int res; 993 wpa_ie -= 2; 994 wpa_ie_len += 2; 995 if (sta->wpa_sm == NULL) 996 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 997 sta->addr, 998 p2p_dev_addr); 999 if (sta->wpa_sm == NULL) { 1000 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1001 "state machine"); 1002 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1003 } 1004 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 1005 wpa_ie, wpa_ie_len, 1006 elems.mdie, elems.mdie_len); 1007 if (res == WPA_INVALID_GROUP) 1008 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 1009 else if (res == WPA_INVALID_PAIRWISE) 1010 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 1011 else if (res == WPA_INVALID_AKMP) 1012 resp = WLAN_STATUS_AKMP_NOT_VALID; 1013 else if (res == WPA_ALLOC_FAIL) 1014 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1015#ifdef CONFIG_IEEE80211W 1016 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 1017 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1018 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 1019 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1020#endif /* CONFIG_IEEE80211W */ 1021 else if (res == WPA_INVALID_MDIE) 1022 resp = WLAN_STATUS_INVALID_MDIE; 1023 else if (res != WPA_IE_OK) 1024 resp = WLAN_STATUS_INVALID_IE; 1025 if (resp != WLAN_STATUS_SUCCESS) 1026 return resp; 1027#ifdef CONFIG_IEEE80211W 1028 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1029 sta->sa_query_count > 0) 1030 ap_check_sa_query_timeout(hapd, sta); 1031 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1032 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 1033 /* 1034 * STA has already been associated with MFP and SA 1035 * Query timeout has not been reached. Reject the 1036 * association attempt temporarily and start SA Query, 1037 * if one is not pending. 1038 */ 1039 1040 if (sta->sa_query_count == 0) 1041 ap_sta_start_sa_query(hapd, sta); 1042 1043 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1044 } 1045 1046 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1047 sta->flags |= WLAN_STA_MFP; 1048 else 1049 sta->flags &= ~WLAN_STA_MFP; 1050#endif /* CONFIG_IEEE80211W */ 1051 1052#ifdef CONFIG_IEEE80211R 1053 if (sta->auth_alg == WLAN_AUTH_FT) { 1054 if (!reassoc) { 1055 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1056 "to use association (not " 1057 "re-association) with FT auth_alg", 1058 MAC2STR(sta->addr)); 1059 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1060 } 1061 1062 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1063 ies_len); 1064 if (resp != WLAN_STATUS_SUCCESS) 1065 return resp; 1066 } 1067#endif /* CONFIG_IEEE80211R */ 1068 1069#ifdef CONFIG_SAE 1070 if (wpa_auth_uses_sae(sta->wpa_sm) && 1071 sta->auth_alg != WLAN_AUTH_SAE) { 1072 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1073 "SAE AKM after non-SAE auth_alg %u", 1074 MAC2STR(sta->addr), sta->auth_alg); 1075 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1076 } 1077#endif /* CONFIG_SAE */ 1078 1079#ifdef CONFIG_IEEE80211N 1080 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1081 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1082 hostapd_logger(hapd, sta->addr, 1083 HOSTAPD_MODULE_IEEE80211, 1084 HOSTAPD_LEVEL_INFO, 1085 "Station tried to use TKIP with HT " 1086 "association"); 1087 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1088 } 1089#endif /* CONFIG_IEEE80211N */ 1090 } else 1091 wpa_auth_sta_no_wpa(sta->wpa_sm); 1092 1093#ifdef CONFIG_P2P 1094 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1095#endif /* CONFIG_P2P */ 1096 1097#ifdef CONFIG_HS20 1098 wpabuf_free(sta->hs20_ie); 1099 if (elems.hs20 && elems.hs20_len > 4) { 1100 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1101 elems.hs20_len - 4); 1102 } else 1103 sta->hs20_ie = NULL; 1104#endif /* CONFIG_HS20 */ 1105 1106 return WLAN_STATUS_SUCCESS; 1107} 1108 1109 1110static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1111 u16 reason_code) 1112{ 1113 int send_len; 1114 struct ieee80211_mgmt reply; 1115 1116 os_memset(&reply, 0, sizeof(reply)); 1117 reply.frame_control = 1118 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1119 os_memcpy(reply.da, addr, ETH_ALEN); 1120 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1121 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1122 1123 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1124 reply.u.deauth.reason_code = host_to_le16(reason_code); 1125 1126 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1127 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1128 strerror(errno)); 1129} 1130 1131 1132static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1133 u16 status_code, int reassoc, const u8 *ies, 1134 size_t ies_len) 1135{ 1136 int send_len; 1137 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1138 struct ieee80211_mgmt *reply; 1139 u8 *p; 1140 1141 os_memset(buf, 0, sizeof(buf)); 1142 reply = (struct ieee80211_mgmt *) buf; 1143 reply->frame_control = 1144 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1145 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1146 WLAN_FC_STYPE_ASSOC_RESP)); 1147 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1148 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1149 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1150 1151 send_len = IEEE80211_HDRLEN; 1152 send_len += sizeof(reply->u.assoc_resp); 1153 reply->u.assoc_resp.capab_info = 1154 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 1155 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1156 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) 1157 | BIT(14) | BIT(15)); 1158 /* Supported rates */ 1159 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1160 /* Extended supported rates */ 1161 p = hostapd_eid_ext_supp_rates(hapd, p); 1162 1163#ifdef CONFIG_IEEE80211R 1164 if (status_code == WLAN_STATUS_SUCCESS) { 1165 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1166 * Transition Information, RSN, [RIC Response] */ 1167 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1168 buf + sizeof(buf) - p, 1169 sta->auth_alg, ies, ies_len); 1170 } 1171#endif /* CONFIG_IEEE80211R */ 1172 1173#ifdef CONFIG_IEEE80211W 1174 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1175 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1176#endif /* CONFIG_IEEE80211W */ 1177 1178#ifdef CONFIG_IEEE80211N 1179 p = hostapd_eid_ht_capabilities(hapd, p); 1180 p = hostapd_eid_ht_operation(hapd, p); 1181#endif /* CONFIG_IEEE80211N */ 1182 1183#ifdef CONFIG_IEEE80211AC 1184 p = hostapd_eid_vht_capabilities(hapd, p); 1185 p = hostapd_eid_vht_operation(hapd, p); 1186#endif /* CONFIG_IEEE80211AC */ 1187 1188 p = hostapd_eid_ext_capab(hapd, p); 1189 p = hostapd_eid_bss_max_idle_period(hapd, p); 1190 if (sta->qos_map_enabled) 1191 p = hostapd_eid_qos_map_set(hapd, p); 1192 1193 if (sta->flags & WLAN_STA_WMM) 1194 p = hostapd_eid_wmm(hapd, p); 1195 1196#ifdef CONFIG_WPS 1197 if ((sta->flags & WLAN_STA_WPS) || 1198 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1199 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1200 if (wps) { 1201 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1202 p += wpabuf_len(wps); 1203 wpabuf_free(wps); 1204 } 1205 } 1206#endif /* CONFIG_WPS */ 1207 1208#ifdef CONFIG_P2P 1209 if (sta->p2p_ie) { 1210 struct wpabuf *p2p_resp_ie; 1211 enum p2p_status_code status; 1212 switch (status_code) { 1213 case WLAN_STATUS_SUCCESS: 1214 status = P2P_SC_SUCCESS; 1215 break; 1216 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1217 status = P2P_SC_FAIL_LIMIT_REACHED; 1218 break; 1219 default: 1220 status = P2P_SC_FAIL_INVALID_PARAMS; 1221 break; 1222 } 1223 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1224 if (p2p_resp_ie) { 1225 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1226 wpabuf_len(p2p_resp_ie)); 1227 p += wpabuf_len(p2p_resp_ie); 1228 wpabuf_free(p2p_resp_ie); 1229 } 1230 } 1231#endif /* CONFIG_P2P */ 1232 1233#ifdef CONFIG_P2P_MANAGER 1234 if (hapd->conf->p2p & P2P_MANAGE) 1235 p = hostapd_eid_p2p_manage(hapd, p); 1236#endif /* CONFIG_P2P_MANAGER */ 1237 1238 send_len += p - reply->u.assoc_resp.variable; 1239 1240 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) 1241 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1242 strerror(errno)); 1243} 1244 1245 1246static void handle_assoc(struct hostapd_data *hapd, 1247 const struct ieee80211_mgmt *mgmt, size_t len, 1248 int reassoc) 1249{ 1250 u16 capab_info, listen_interval; 1251 u16 resp = WLAN_STATUS_SUCCESS; 1252 const u8 *pos; 1253 int left, i; 1254 struct sta_info *sta; 1255 1256 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1257 sizeof(mgmt->u.assoc_req))) { 1258 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)", 1259 reassoc, (unsigned long) len); 1260 return; 1261 } 1262 1263#ifdef CONFIG_TESTING_OPTIONS 1264 if (reassoc) { 1265 if (hapd->iconf->ignore_reassoc_probability > 0.0d && 1266 drand48() < hapd->iconf->ignore_reassoc_probability) { 1267 wpa_printf(MSG_INFO, 1268 "TESTING: ignoring reassoc request from " 1269 MACSTR, MAC2STR(mgmt->sa)); 1270 return; 1271 } 1272 } else { 1273 if (hapd->iconf->ignore_assoc_probability > 0.0d && 1274 drand48() < hapd->iconf->ignore_assoc_probability) { 1275 wpa_printf(MSG_INFO, 1276 "TESTING: ignoring assoc request from " 1277 MACSTR, MAC2STR(mgmt->sa)); 1278 return; 1279 } 1280 } 1281#endif /* CONFIG_TESTING_OPTIONS */ 1282 1283 if (reassoc) { 1284 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 1285 listen_interval = le_to_host16( 1286 mgmt->u.reassoc_req.listen_interval); 1287 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 1288 " capab_info=0x%02x listen_interval=%d current_ap=" 1289 MACSTR, 1290 MAC2STR(mgmt->sa), capab_info, listen_interval, 1291 MAC2STR(mgmt->u.reassoc_req.current_ap)); 1292 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 1293 pos = mgmt->u.reassoc_req.variable; 1294 } else { 1295 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 1296 listen_interval = le_to_host16( 1297 mgmt->u.assoc_req.listen_interval); 1298 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 1299 " capab_info=0x%02x listen_interval=%d", 1300 MAC2STR(mgmt->sa), capab_info, listen_interval); 1301 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 1302 pos = mgmt->u.assoc_req.variable; 1303 } 1304 1305 sta = ap_get_sta(hapd, mgmt->sa); 1306#ifdef CONFIG_IEEE80211R 1307 if (sta && sta->auth_alg == WLAN_AUTH_FT && 1308 (sta->flags & WLAN_STA_AUTH) == 0) { 1309 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 1310 "prior to authentication since it is using " 1311 "over-the-DS FT", MAC2STR(mgmt->sa)); 1312 } else 1313#endif /* CONFIG_IEEE80211R */ 1314 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1315 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1316 HOSTAPD_LEVEL_INFO, "Station tried to " 1317 "associate before authentication " 1318 "(aid=%d flags=0x%x)", 1319 sta ? sta->aid : -1, 1320 sta ? sta->flags : 0); 1321 send_deauth(hapd, mgmt->sa, 1322 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 1323 return; 1324 } 1325 1326 if (hapd->tkip_countermeasures) { 1327 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1328 goto fail; 1329 } 1330 1331 if (listen_interval > hapd->conf->max_listen_interval) { 1332 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1333 HOSTAPD_LEVEL_DEBUG, 1334 "Too large Listen Interval (%d)", 1335 listen_interval); 1336 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 1337 goto fail; 1338 } 1339 1340 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 1341 * is used */ 1342 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 1343 if (resp != WLAN_STATUS_SUCCESS) 1344 goto fail; 1345 1346 if (hostapd_get_aid(hapd, sta) < 0) { 1347 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1348 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1349 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1350 goto fail; 1351 } 1352 1353 sta->capability = capab_info; 1354 sta->listen_interval = listen_interval; 1355 1356 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1357 sta->flags |= WLAN_STA_NONERP; 1358 for (i = 0; i < sta->supported_rates_len; i++) { 1359 if ((sta->supported_rates[i] & 0x7f) > 22) { 1360 sta->flags &= ~WLAN_STA_NONERP; 1361 break; 1362 } 1363 } 1364 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1365 sta->nonerp_set = 1; 1366 hapd->iface->num_sta_non_erp++; 1367 if (hapd->iface->num_sta_non_erp == 1) 1368 ieee802_11_set_beacons(hapd->iface); 1369 } 1370 1371 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1372 !sta->no_short_slot_time_set) { 1373 sta->no_short_slot_time_set = 1; 1374 hapd->iface->num_sta_no_short_slot_time++; 1375 if (hapd->iface->current_mode->mode == 1376 HOSTAPD_MODE_IEEE80211G && 1377 hapd->iface->num_sta_no_short_slot_time == 1) 1378 ieee802_11_set_beacons(hapd->iface); 1379 } 1380 1381 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1382 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1383 else 1384 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1385 1386 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1387 !sta->no_short_preamble_set) { 1388 sta->no_short_preamble_set = 1; 1389 hapd->iface->num_sta_no_short_preamble++; 1390 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1391 && hapd->iface->num_sta_no_short_preamble == 1) 1392 ieee802_11_set_beacons(hapd->iface); 1393 } 1394 1395#ifdef CONFIG_IEEE80211N 1396 update_ht_state(hapd, sta); 1397#endif /* CONFIG_IEEE80211N */ 1398 1399 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1400 HOSTAPD_LEVEL_DEBUG, 1401 "association OK (aid %d)", sta->aid); 1402 /* Station will be marked associated, after it acknowledges AssocResp 1403 */ 1404 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1405 1406#ifdef CONFIG_IEEE80211W 1407 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1408 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1409 "SA Query procedure", reassoc ? "re" : ""); 1410 /* TODO: Send a protected Disassociate frame to the STA using 1411 * the old key and Reason Code "Previous Authentication no 1412 * longer valid". Make sure this is only sent protected since 1413 * unprotected frame would be received by the STA that is now 1414 * trying to associate. 1415 */ 1416 } 1417#endif /* CONFIG_IEEE80211W */ 1418 1419 if (reassoc) { 1420 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, 1421 ETH_ALEN); 1422 } 1423 1424 if (sta->last_assoc_req) 1425 os_free(sta->last_assoc_req); 1426 sta->last_assoc_req = os_malloc(len); 1427 if (sta->last_assoc_req) 1428 os_memcpy(sta->last_assoc_req, mgmt, len); 1429 1430 /* Make sure that the previously registered inactivity timer will not 1431 * remove the STA immediately. */ 1432 sta->timeout_next = STA_NULLFUNC; 1433 1434 fail: 1435 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1436} 1437 1438 1439static void handle_disassoc(struct hostapd_data *hapd, 1440 const struct ieee80211_mgmt *mgmt, size_t len) 1441{ 1442 struct sta_info *sta; 1443 1444 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1445 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)", 1446 (unsigned long) len); 1447 return; 1448 } 1449 1450 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1451 MAC2STR(mgmt->sa), 1452 le_to_host16(mgmt->u.disassoc.reason_code)); 1453 1454 sta = ap_get_sta(hapd, mgmt->sa); 1455 if (sta == NULL) { 1456 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated", 1457 MAC2STR(mgmt->sa)); 1458 return; 1459 } 1460 1461 ap_sta_set_authorized(hapd, sta, 0); 1462 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1463 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1464 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1465 HOSTAPD_LEVEL_INFO, "disassociated"); 1466 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1467 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1468 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1469 * authenticated. */ 1470 accounting_sta_stop(hapd, sta); 1471 ieee802_1x_free_station(sta); 1472 hostapd_drv_sta_remove(hapd, sta->addr); 1473 1474 if (sta->timeout_next == STA_NULLFUNC || 1475 sta->timeout_next == STA_DISASSOC) { 1476 sta->timeout_next = STA_DEAUTH; 1477 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1478 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1479 hapd, sta); 1480 } 1481 1482 mlme_disassociate_indication( 1483 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1484} 1485 1486 1487static void handle_deauth(struct hostapd_data *hapd, 1488 const struct ieee80211_mgmt *mgmt, size_t len) 1489{ 1490 struct sta_info *sta; 1491 1492 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1493 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1494 "payload (len=%lu)", (unsigned long) len); 1495 return; 1496 } 1497 1498 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1499 " reason_code=%d", 1500 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1501 1502 sta = ap_get_sta(hapd, mgmt->sa); 1503 if (sta == NULL) { 1504 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1505 "to deauthenticate, but it is not authenticated", 1506 MAC2STR(mgmt->sa)); 1507 return; 1508 } 1509 1510 ap_sta_set_authorized(hapd, sta, 0); 1511 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1512 WLAN_STA_ASSOC_REQ_OK); 1513 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1514 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1515 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1516 mlme_deauthenticate_indication( 1517 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1518 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1519 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1520 ap_free_sta(hapd, sta); 1521} 1522 1523 1524static void handle_beacon(struct hostapd_data *hapd, 1525 const struct ieee80211_mgmt *mgmt, size_t len, 1526 struct hostapd_frame_info *fi) 1527{ 1528 struct ieee802_11_elems elems; 1529 1530 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1531 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)", 1532 (unsigned long) len); 1533 return; 1534 } 1535 1536 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1537 len - (IEEE80211_HDRLEN + 1538 sizeof(mgmt->u.beacon)), &elems, 1539 0); 1540 1541 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1542} 1543 1544 1545#ifdef CONFIG_IEEE80211W 1546 1547static void hostapd_sa_query_action(struct hostapd_data *hapd, 1548 const struct ieee80211_mgmt *mgmt, 1549 size_t len) 1550{ 1551 const u8 *end; 1552 1553 end = mgmt->u.action.u.sa_query_resp.trans_id + 1554 WLAN_SA_QUERY_TR_ID_LEN; 1555 if (((u8 *) mgmt) + len < end) { 1556 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1557 "frame (len=%lu)", (unsigned long) len); 1558 return; 1559 } 1560 1561 ieee802_11_sa_query_action(hapd, mgmt->sa, 1562 mgmt->u.action.u.sa_query_resp.action, 1563 mgmt->u.action.u.sa_query_resp.trans_id); 1564} 1565 1566 1567static int robust_action_frame(u8 category) 1568{ 1569 return category != WLAN_ACTION_PUBLIC && 1570 category != WLAN_ACTION_HT; 1571} 1572#endif /* CONFIG_IEEE80211W */ 1573 1574 1575#ifdef CONFIG_WNM 1576static void hostapd_wnm_action(struct hostapd_data *hapd, struct sta_info *sta, 1577 const struct ieee80211_mgmt *mgmt, 1578 size_t len) 1579{ 1580 struct rx_action action; 1581 if (len < IEEE80211_HDRLEN + 2) 1582 return; 1583 os_memset(&action, 0, sizeof(action)); 1584 action.da = mgmt->da; 1585 action.sa = mgmt->sa; 1586 action.bssid = mgmt->bssid; 1587 action.category = mgmt->u.action.category; 1588 action.data = (const u8 *) &mgmt->u.action.u.wnm_sleep_req.action; 1589 action.len = len - IEEE80211_HDRLEN - 1; 1590 action.freq = hapd->iface->freq; 1591 ieee802_11_rx_wnm_action_ap(hapd, &action); 1592} 1593#endif /* CONFIG_WNM */ 1594 1595 1596static void handle_action(struct hostapd_data *hapd, 1597 const struct ieee80211_mgmt *mgmt, size_t len) 1598{ 1599 struct sta_info *sta; 1600 sta = ap_get_sta(hapd, mgmt->sa); 1601 1602 if (len < IEEE80211_HDRLEN + 1) { 1603 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1604 HOSTAPD_LEVEL_DEBUG, 1605 "handle_action - too short payload (len=%lu)", 1606 (unsigned long) len); 1607 return; 1608 } 1609 1610 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 1611 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 1612 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 1613 "frame (category=%u) from unassociated STA " MACSTR, 1614 MAC2STR(mgmt->sa), mgmt->u.action.category); 1615 return; 1616 } 1617 1618#ifdef CONFIG_IEEE80211W 1619 if (sta && (sta->flags & WLAN_STA_MFP) && 1620 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP) && 1621 robust_action_frame(mgmt->u.action.category))) { 1622 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1623 HOSTAPD_LEVEL_DEBUG, 1624 "Dropped unprotected Robust Action frame from " 1625 "an MFP STA"); 1626 return; 1627 } 1628#endif /* CONFIG_IEEE80211W */ 1629 1630 switch (mgmt->u.action.category) { 1631#ifdef CONFIG_IEEE80211R 1632 case WLAN_ACTION_FT: 1633 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1634 len - IEEE80211_HDRLEN)) 1635 break; 1636 return; 1637#endif /* CONFIG_IEEE80211R */ 1638 case WLAN_ACTION_WMM: 1639 hostapd_wmm_action(hapd, mgmt, len); 1640 return; 1641#ifdef CONFIG_IEEE80211W 1642 case WLAN_ACTION_SA_QUERY: 1643 hostapd_sa_query_action(hapd, mgmt, len); 1644 return; 1645#endif /* CONFIG_IEEE80211W */ 1646#ifdef CONFIG_WNM 1647 case WLAN_ACTION_WNM: 1648 hostapd_wnm_action(hapd, sta, mgmt, len); 1649 return; 1650#endif /* CONFIG_WNM */ 1651 case WLAN_ACTION_PUBLIC: 1652 if (hapd->public_action_cb) { 1653 hapd->public_action_cb(hapd->public_action_cb_ctx, 1654 (u8 *) mgmt, len, 1655 hapd->iface->freq); 1656 } 1657 if (hapd->public_action_cb2) { 1658 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 1659 (u8 *) mgmt, len, 1660 hapd->iface->freq); 1661 } 1662 if (hapd->public_action_cb || hapd->public_action_cb2) 1663 return; 1664 break; 1665 case WLAN_ACTION_VENDOR_SPECIFIC: 1666 if (hapd->vendor_action_cb) { 1667 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1668 (u8 *) mgmt, len, 1669 hapd->iface->freq) == 0) 1670 return; 1671 } 1672 break; 1673 } 1674 1675 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1676 HOSTAPD_LEVEL_DEBUG, 1677 "handle_action - unknown action category %d or invalid " 1678 "frame", 1679 mgmt->u.action.category); 1680 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1681 !(mgmt->sa[0] & 0x01)) { 1682 struct ieee80211_mgmt *resp; 1683 1684 /* 1685 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1686 * Return the Action frame to the source without change 1687 * except that MSB of the Category set to 1. 1688 */ 1689 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1690 "frame back to sender"); 1691 resp = os_malloc(len); 1692 if (resp == NULL) 1693 return; 1694 os_memcpy(resp, mgmt, len); 1695 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1696 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1697 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1698 resp->u.action.category |= 0x80; 1699 1700 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 1701 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 1702 "Action frame"); 1703 } 1704 os_free(resp); 1705 } 1706} 1707 1708 1709/** 1710 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1711 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1712 * sent to) 1713 * @buf: management frame data (starting from IEEE 802.11 header) 1714 * @len: length of frame data in octets 1715 * @fi: meta data about received frame (signal level, etc.) 1716 * 1717 * Process all incoming IEEE 802.11 management frames. This will be called for 1718 * each frame received from the kernel driver through wlan#ap interface. In 1719 * addition, it can be called to re-inserted pending frames (e.g., when using 1720 * external RADIUS server as an MAC ACL). 1721 */ 1722void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1723 struct hostapd_frame_info *fi) 1724{ 1725 struct ieee80211_mgmt *mgmt; 1726 int broadcast; 1727 u16 fc, stype; 1728 1729 if (len < 24) 1730 return; 1731 1732 mgmt = (struct ieee80211_mgmt *) buf; 1733 fc = le_to_host16(mgmt->frame_control); 1734 stype = WLAN_FC_GET_STYPE(fc); 1735 1736 if (stype == WLAN_FC_STYPE_BEACON) { 1737 handle_beacon(hapd, mgmt, len, fi); 1738 return; 1739 } 1740 1741 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1742 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1743 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1744 1745 if (!broadcast && 1746#ifdef CONFIG_P2P 1747 /* Invitation responses can be sent with the peer MAC as BSSID */ 1748 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1749 stype == WLAN_FC_STYPE_ACTION) && 1750#endif /* CONFIG_P2P */ 1751 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1752 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", 1753 MAC2STR(mgmt->bssid)); 1754 return; 1755 } 1756 1757 1758 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1759 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 1760 return; 1761 } 1762 1763 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1764 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1765 HOSTAPD_LEVEL_DEBUG, 1766 "MGMT: DA=" MACSTR " not our address", 1767 MAC2STR(mgmt->da)); 1768 return; 1769 } 1770 1771 switch (stype) { 1772 case WLAN_FC_STYPE_AUTH: 1773 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1774 handle_auth(hapd, mgmt, len); 1775 break; 1776 case WLAN_FC_STYPE_ASSOC_REQ: 1777 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1778 handle_assoc(hapd, mgmt, len, 0); 1779 break; 1780 case WLAN_FC_STYPE_REASSOC_REQ: 1781 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1782 handle_assoc(hapd, mgmt, len, 1); 1783 break; 1784 case WLAN_FC_STYPE_DISASSOC: 1785 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1786 handle_disassoc(hapd, mgmt, len); 1787 break; 1788 case WLAN_FC_STYPE_DEAUTH: 1789 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1790 handle_deauth(hapd, mgmt, len); 1791 break; 1792 case WLAN_FC_STYPE_ACTION: 1793 wpa_printf(MSG_DEBUG, "mgmt::action"); 1794 handle_action(hapd, mgmt, len); 1795 break; 1796 default: 1797 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1798 HOSTAPD_LEVEL_DEBUG, 1799 "unknown mgmt frame subtype %d", stype); 1800 break; 1801 } 1802} 1803 1804 1805static void handle_auth_cb(struct hostapd_data *hapd, 1806 const struct ieee80211_mgmt *mgmt, 1807 size_t len, int ok) 1808{ 1809 u16 auth_alg, auth_transaction, status_code; 1810 struct sta_info *sta; 1811 1812 if (!ok) { 1813 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1814 HOSTAPD_LEVEL_NOTICE, 1815 "did not acknowledge authentication response"); 1816 return; 1817 } 1818 1819 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1820 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)", 1821 (unsigned long) len); 1822 return; 1823 } 1824 1825 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1826 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1827 status_code = le_to_host16(mgmt->u.auth.status_code); 1828 1829 sta = ap_get_sta(hapd, mgmt->da); 1830 if (!sta) { 1831 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found", 1832 MAC2STR(mgmt->da)); 1833 return; 1834 } 1835 1836 if (status_code == WLAN_STATUS_SUCCESS && 1837 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1838 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1839 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1840 HOSTAPD_LEVEL_INFO, "authenticated"); 1841 sta->flags |= WLAN_STA_AUTH; 1842 } 1843} 1844 1845 1846static void hostapd_set_wds_encryption(struct hostapd_data *hapd, 1847 struct sta_info *sta, 1848 char *ifname_wds) 1849{ 1850 int i; 1851 struct hostapd_ssid *ssid = sta->ssid; 1852 1853 if (hapd->conf->ieee802_1x || hapd->conf->wpa) 1854 return; 1855 1856 for (i = 0; i < 4; i++) { 1857 if (ssid->wep.key[i] && 1858 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i, 1859 i == ssid->wep.idx, NULL, 0, 1860 ssid->wep.key[i], ssid->wep.len[i])) { 1861 wpa_printf(MSG_WARNING, 1862 "Could not set WEP keys for WDS interface; %s", 1863 ifname_wds); 1864 break; 1865 } 1866 } 1867} 1868 1869 1870static void handle_assoc_cb(struct hostapd_data *hapd, 1871 const struct ieee80211_mgmt *mgmt, 1872 size_t len, int reassoc, int ok) 1873{ 1874 u16 status; 1875 struct sta_info *sta; 1876 int new_assoc = 1; 1877 struct ieee80211_ht_capabilities ht_cap; 1878 struct ieee80211_vht_capabilities vht_cap; 1879 1880 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1881 sizeof(mgmt->u.assoc_resp))) { 1882 wpa_printf(MSG_INFO, "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)", 1883 reassoc, (unsigned long) len); 1884 return; 1885 } 1886 1887 sta = ap_get_sta(hapd, mgmt->da); 1888 if (!sta) { 1889 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found", 1890 MAC2STR(mgmt->da)); 1891 return; 1892 } 1893 1894 if (!ok) { 1895 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1896 HOSTAPD_LEVEL_DEBUG, 1897 "did not acknowledge association response"); 1898 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 1899 return; 1900 } 1901 1902 if (reassoc) 1903 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1904 else 1905 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1906 1907 if (status != WLAN_STATUS_SUCCESS) 1908 goto fail; 1909 1910 /* Stop previous accounting session, if one is started, and allocate 1911 * new session id for the new session. */ 1912 accounting_sta_stop(hapd, sta); 1913 1914 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1915 HOSTAPD_LEVEL_INFO, 1916 "associated (aid %d)", 1917 sta->aid); 1918 1919 if (sta->flags & WLAN_STA_ASSOC) 1920 new_assoc = 0; 1921 sta->flags |= WLAN_STA_ASSOC; 1922 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa) || 1923 sta->auth_alg == WLAN_AUTH_FT) { 1924 /* 1925 * Open, static WEP, or FT protocol; no separate authorization 1926 * step. 1927 */ 1928 ap_sta_set_authorized(hapd, sta, 1); 1929 } 1930 1931 if (reassoc) 1932 mlme_reassociate_indication(hapd, sta); 1933 else 1934 mlme_associate_indication(hapd, sta); 1935 1936#ifdef CONFIG_IEEE80211W 1937 sta->sa_query_timed_out = 0; 1938#endif /* CONFIG_IEEE80211W */ 1939 1940 /* 1941 * Remove the STA entry in order to make sure the STA PS state gets 1942 * cleared and configuration gets updated in case of reassociation back 1943 * to the same AP. 1944 */ 1945 hostapd_drv_sta_remove(hapd, sta->addr); 1946 1947#ifdef CONFIG_IEEE80211N 1948 if (sta->flags & WLAN_STA_HT) 1949 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1950#endif /* CONFIG_IEEE80211N */ 1951#ifdef CONFIG_IEEE80211AC 1952 if (sta->flags & WLAN_STA_VHT) 1953 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1954#endif /* CONFIG_IEEE80211AC */ 1955 1956 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1957 sta->supported_rates, sta->supported_rates_len, 1958 sta->listen_interval, 1959 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1960 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1961 sta->flags, sta->qosinfo)) { 1962 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1963 HOSTAPD_LEVEL_NOTICE, 1964 "Could not add STA to kernel driver"); 1965 1966 ap_sta_disconnect(hapd, sta, sta->addr, 1967 WLAN_REASON_DISASSOC_AP_BUSY); 1968 1969 goto fail; 1970 } 1971 1972 if (sta->flags & WLAN_STA_WDS) { 1973 int ret; 1974 char ifname_wds[IFNAMSIZ + 1]; 1975 1976 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr, 1977 sta->aid, 1); 1978 if (!ret) 1979 hostapd_set_wds_encryption(hapd, sta, ifname_wds); 1980 } 1981 1982 if (sta->eapol_sm == NULL) { 1983 /* 1984 * This STA does not use RADIUS server for EAP authentication, 1985 * so bind it to the selected VLAN interface now, since the 1986 * interface selection is not going to change anymore. 1987 */ 1988 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1989 goto fail; 1990 } else if (sta->vlan_id) { 1991 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 1992 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1993 goto fail; 1994 } 1995 1996 hostapd_set_sta_flags(hapd, sta); 1997 1998 if (sta->auth_alg == WLAN_AUTH_FT) 1999 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 2000 else 2001 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 2002 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 2003 2004 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 2005 2006 fail: 2007 /* Copy of the association request is not needed anymore */ 2008 if (sta->last_assoc_req) { 2009 os_free(sta->last_assoc_req); 2010 sta->last_assoc_req = NULL; 2011 } 2012} 2013 2014 2015static void handle_deauth_cb(struct hostapd_data *hapd, 2016 const struct ieee80211_mgmt *mgmt, 2017 size_t len, int ok) 2018{ 2019 struct sta_info *sta; 2020 if (mgmt->da[0] & 0x01) 2021 return; 2022 sta = ap_get_sta(hapd, mgmt->da); 2023 if (!sta) { 2024 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 2025 " not found", MAC2STR(mgmt->da)); 2026 return; 2027 } 2028 if (ok) 2029 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 2030 MAC2STR(sta->addr)); 2031 else 2032 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2033 "deauth", MAC2STR(sta->addr)); 2034 2035 ap_sta_deauth_cb(hapd, sta); 2036} 2037 2038 2039static void handle_disassoc_cb(struct hostapd_data *hapd, 2040 const struct ieee80211_mgmt *mgmt, 2041 size_t len, int ok) 2042{ 2043 struct sta_info *sta; 2044 if (mgmt->da[0] & 0x01) 2045 return; 2046 sta = ap_get_sta(hapd, mgmt->da); 2047 if (!sta) { 2048 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 2049 " not found", MAC2STR(mgmt->da)); 2050 return; 2051 } 2052 if (ok) 2053 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 2054 MAC2STR(sta->addr)); 2055 else 2056 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2057 "disassoc", MAC2STR(sta->addr)); 2058 2059 ap_sta_disassoc_cb(hapd, sta); 2060} 2061 2062 2063/** 2064 * ieee802_11_mgmt_cb - Process management frame TX status callback 2065 * @hapd: hostapd BSS data structure (the BSS from which the management frame 2066 * was sent from) 2067 * @buf: management frame data (starting from IEEE 802.11 header) 2068 * @len: length of frame data in octets 2069 * @stype: management frame subtype from frame control field 2070 * @ok: Whether the frame was ACK'ed 2071 */ 2072void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 2073 u16 stype, int ok) 2074{ 2075 const struct ieee80211_mgmt *mgmt; 2076 mgmt = (const struct ieee80211_mgmt *) buf; 2077 2078 switch (stype) { 2079 case WLAN_FC_STYPE_AUTH: 2080 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 2081 handle_auth_cb(hapd, mgmt, len, ok); 2082 break; 2083 case WLAN_FC_STYPE_ASSOC_RESP: 2084 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 2085 handle_assoc_cb(hapd, mgmt, len, 0, ok); 2086 break; 2087 case WLAN_FC_STYPE_REASSOC_RESP: 2088 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 2089 handle_assoc_cb(hapd, mgmt, len, 1, ok); 2090 break; 2091 case WLAN_FC_STYPE_PROBE_RESP: 2092 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 2093 break; 2094 case WLAN_FC_STYPE_DEAUTH: 2095 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 2096 handle_deauth_cb(hapd, mgmt, len, ok); 2097 break; 2098 case WLAN_FC_STYPE_DISASSOC: 2099 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 2100 handle_disassoc_cb(hapd, mgmt, len, ok); 2101 break; 2102 case WLAN_FC_STYPE_ACTION: 2103 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 2104 break; 2105 default: 2106 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype); 2107 break; 2108 } 2109} 2110 2111 2112int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2113{ 2114 /* TODO */ 2115 return 0; 2116} 2117 2118 2119int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 2120 char *buf, size_t buflen) 2121{ 2122 /* TODO */ 2123 return 0; 2124} 2125 2126 2127void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 2128 const u8 *buf, size_t len, int ack) 2129{ 2130 struct sta_info *sta; 2131 struct hostapd_iface *iface = hapd->iface; 2132 2133 sta = ap_get_sta(hapd, addr); 2134 if (sta == NULL && iface->num_bss > 1) { 2135 size_t j; 2136 for (j = 0; j < iface->num_bss; j++) { 2137 hapd = iface->bss[j]; 2138 sta = ap_get_sta(hapd, addr); 2139 if (sta) 2140 break; 2141 } 2142 } 2143 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 2144 return; 2145 if (sta->flags & WLAN_STA_PENDING_POLL) { 2146 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 2147 "activity poll", MAC2STR(sta->addr), 2148 ack ? "ACKed" : "did not ACK"); 2149 if (ack) 2150 sta->flags &= ~WLAN_STA_PENDING_POLL; 2151 } 2152 2153 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 2154} 2155 2156 2157void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 2158 const u8 *data, size_t len, int ack) 2159{ 2160 struct sta_info *sta; 2161 struct hostapd_iface *iface = hapd->iface; 2162 2163 sta = ap_get_sta(hapd, dst); 2164 if (sta == NULL && iface->num_bss > 1) { 2165 size_t j; 2166 for (j = 0; j < iface->num_bss; j++) { 2167 hapd = iface->bss[j]; 2168 sta = ap_get_sta(hapd, dst); 2169 if (sta) 2170 break; 2171 } 2172 } 2173 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 2174 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 2175 MACSTR " that is not currently associated", 2176 MAC2STR(dst)); 2177 return; 2178 } 2179 2180 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 2181} 2182 2183 2184void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 2185{ 2186 struct sta_info *sta; 2187 struct hostapd_iface *iface = hapd->iface; 2188 2189 sta = ap_get_sta(hapd, addr); 2190 if (sta == NULL && iface->num_bss > 1) { 2191 size_t j; 2192 for (j = 0; j < iface->num_bss; j++) { 2193 hapd = iface->bss[j]; 2194 sta = ap_get_sta(hapd, addr); 2195 if (sta) 2196 break; 2197 } 2198 } 2199 if (sta == NULL) 2200 return; 2201 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 2202 return; 2203 2204 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 2205 "activity poll", MAC2STR(sta->addr)); 2206 sta->flags &= ~WLAN_STA_PENDING_POLL; 2207} 2208 2209 2210void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 2211 int wds) 2212{ 2213 struct sta_info *sta; 2214 2215 sta = ap_get_sta(hapd, src); 2216 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 2217 if (!hapd->conf->wds_sta) 2218 return; 2219 2220 if (wds && !(sta->flags & WLAN_STA_WDS)) { 2221 int ret; 2222 char ifname_wds[IFNAMSIZ + 1]; 2223 2224 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 2225 "STA " MACSTR " (aid %u)", 2226 MAC2STR(sta->addr), sta->aid); 2227 sta->flags |= WLAN_STA_WDS; 2228 ret = hostapd_set_wds_sta(hapd, ifname_wds, 2229 sta->addr, sta->aid, 1); 2230 if (!ret) 2231 hostapd_set_wds_encryption(hapd, sta, 2232 ifname_wds); 2233 } 2234 return; 2235 } 2236 2237 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 2238 MACSTR, MAC2STR(src)); 2239 if (src[0] & 0x01) { 2240 /* Broadcast bit set in SA?! Ignore the frame silently. */ 2241 return; 2242 } 2243 2244 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 2245 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 2246 "already been sent, but no TX status yet known - " 2247 "ignore Class 3 frame issue with " MACSTR, 2248 MAC2STR(src)); 2249 return; 2250 } 2251 2252 if (sta && (sta->flags & WLAN_STA_AUTH)) 2253 hostapd_drv_sta_disassoc( 2254 hapd, src, 2255 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2256 else 2257 hostapd_drv_sta_deauth( 2258 hapd, src, 2259 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2260} 2261 2262 2263#endif /* CONFIG_NATIVE_WINDOWS */ 2264