ieee802_11.c revision d5e4923d04122f81300fa68fb07d64ede28fd44d
1/* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#ifndef CONFIG_NATIVE_WINDOWS 12 13#include "utils/common.h" 14#include "utils/eloop.h" 15#include "crypto/crypto.h" 16#include "drivers/driver.h" 17#include "common/ieee802_11_defs.h" 18#include "common/ieee802_11_common.h" 19#include "common/wpa_ctrl.h" 20#include "radius/radius.h" 21#include "radius/radius_client.h" 22#include "p2p/p2p.h" 23#include "wps/wps.h" 24#include "hostapd.h" 25#include "beacon.h" 26#include "ieee802_11_auth.h" 27#include "sta_info.h" 28#include "ieee802_1x.h" 29#include "wpa_auth.h" 30#include "wmm.h" 31#include "ap_list.h" 32#include "accounting.h" 33#include "ap_config.h" 34#include "ap_mlme.h" 35#include "p2p_hostapd.h" 36#include "ap_drv_ops.h" 37#include "ieee802_11.h" 38 39 40u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 41{ 42 u8 *pos = eid; 43 int i, num, count; 44 45 if (hapd->iface->current_rates == NULL) 46 return eid; 47 48 *pos++ = WLAN_EID_SUPP_RATES; 49 num = hapd->iface->num_rates; 50 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 51 num++; 52 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 53 num++; 54 if (num > 8) { 55 /* rest of the rates are encoded in Extended supported 56 * rates element */ 57 num = 8; 58 } 59 60 *pos++ = num; 61 count = 0; 62 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 63 i++) { 64 count++; 65 *pos = hapd->iface->current_rates[i].rate / 5; 66 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 67 *pos |= 0x80; 68 pos++; 69 } 70 71 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 72 count++; 73 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 74 } 75 76 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 77 count++; 78 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 79 } 80 81 return pos; 82} 83 84 85u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 86{ 87 u8 *pos = eid; 88 int i, num, count; 89 90 if (hapd->iface->current_rates == NULL) 91 return eid; 92 93 num = hapd->iface->num_rates; 94 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 95 num++; 96 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 97 num++; 98 if (num <= 8) 99 return eid; 100 num -= 8; 101 102 *pos++ = WLAN_EID_EXT_SUPP_RATES; 103 *pos++ = num; 104 count = 0; 105 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 106 i++) { 107 count++; 108 if (count <= 8) 109 continue; /* already in SuppRates IE */ 110 *pos = hapd->iface->current_rates[i].rate / 5; 111 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 112 *pos |= 0x80; 113 pos++; 114 } 115 116 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 117 count++; 118 if (count > 8) 119 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 120 } 121 122 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 123 count++; 124 if (count > 8) 125 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 126 } 127 128 return pos; 129} 130 131 132u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 133 int probe) 134{ 135 int capab = WLAN_CAPABILITY_ESS; 136 int privacy; 137 138 if (hapd->iface->num_sta_no_short_preamble == 0 && 139 hapd->iconf->preamble == SHORT_PREAMBLE) 140 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 141 142 privacy = hapd->conf->ssid.wep.keys_set; 143 144 if (hapd->conf->ieee802_1x && 145 (hapd->conf->default_wep_key_len || 146 hapd->conf->individual_wep_key_len)) 147 privacy = 1; 148 149 if (hapd->conf->wpa) 150 privacy = 1; 151 152 if (sta) { 153 int policy, def_klen; 154 if (probe && sta->ssid_probe) { 155 policy = sta->ssid_probe->security_policy; 156 def_klen = sta->ssid_probe->wep.default_len; 157 } else { 158 policy = sta->ssid->security_policy; 159 def_klen = sta->ssid->wep.default_len; 160 } 161 privacy = policy != SECURITY_PLAINTEXT; 162 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 163 privacy = 0; 164 } 165 166 if (privacy) 167 capab |= WLAN_CAPABILITY_PRIVACY; 168 169 if (hapd->iface->current_mode && 170 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 171 hapd->iface->num_sta_no_short_slot_time == 0) 172 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 173 174 return capab; 175} 176 177 178void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len) 179{ 180 int i; 181 if (len > HOSTAPD_MAX_SSID_LEN) 182 len = HOSTAPD_MAX_SSID_LEN; 183 for (i = 0; i < len; i++) { 184 if (ssid[i] >= 32 && ssid[i] < 127) 185 buf[i] = ssid[i]; 186 else 187 buf[i] = '.'; 188 } 189 buf[len] = '\0'; 190} 191 192 193static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 194 u16 auth_transaction, const u8 *challenge, 195 int iswep) 196{ 197 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 198 HOSTAPD_LEVEL_DEBUG, 199 "authentication (shared key, transaction %d)", 200 auth_transaction); 201 202 if (auth_transaction == 1) { 203 if (!sta->challenge) { 204 /* Generate a pseudo-random challenge */ 205 u8 key[8]; 206 struct os_time now; 207 int r; 208 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 209 if (sta->challenge == NULL) 210 return WLAN_STATUS_UNSPECIFIED_FAILURE; 211 212 os_get_time(&now); 213 r = os_random(); 214 os_memcpy(key, &now.sec, 4); 215 os_memcpy(key + 4, &r, 4); 216 rc4_skip(key, sizeof(key), 0, 217 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 218 } 219 return 0; 220 } 221 222 if (auth_transaction != 3) 223 return WLAN_STATUS_UNSPECIFIED_FAILURE; 224 225 /* Transaction 3 */ 226 if (!iswep || !sta->challenge || !challenge || 227 os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { 228 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 229 HOSTAPD_LEVEL_INFO, 230 "shared key authentication - invalid " 231 "challenge-response"); 232 return WLAN_STATUS_CHALLENGE_FAIL; 233 } 234 235 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 236 HOSTAPD_LEVEL_DEBUG, 237 "authentication OK (shared key)"); 238#ifdef IEEE80211_REQUIRE_AUTH_ACK 239 /* Station will be marked authenticated if it ACKs the 240 * authentication reply. */ 241#else 242 sta->flags |= WLAN_STA_AUTH; 243 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 244#endif 245 os_free(sta->challenge); 246 sta->challenge = NULL; 247 248 return 0; 249} 250 251 252static void send_auth_reply(struct hostapd_data *hapd, 253 const u8 *dst, const u8 *bssid, 254 u16 auth_alg, u16 auth_transaction, u16 resp, 255 const u8 *ies, size_t ies_len) 256{ 257 struct ieee80211_mgmt *reply; 258 u8 *buf; 259 size_t rlen; 260 261 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 262 buf = os_zalloc(rlen); 263 if (buf == NULL) 264 return; 265 266 reply = (struct ieee80211_mgmt *) buf; 267 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 268 WLAN_FC_STYPE_AUTH); 269 os_memcpy(reply->da, dst, ETH_ALEN); 270 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 271 os_memcpy(reply->bssid, bssid, ETH_ALEN); 272 273 reply->u.auth.auth_alg = host_to_le16(auth_alg); 274 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 275 reply->u.auth.status_code = host_to_le16(resp); 276 277 if (ies && ies_len) 278 os_memcpy(reply->u.auth.variable, ies, ies_len); 279 280 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 281 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 282 MAC2STR(dst), auth_alg, auth_transaction, 283 resp, (unsigned long) ies_len); 284 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 285 perror("send_auth_reply: send"); 286 287 os_free(buf); 288} 289 290 291#ifdef CONFIG_IEEE80211R 292static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 293 u16 auth_transaction, u16 status, 294 const u8 *ies, size_t ies_len) 295{ 296 struct hostapd_data *hapd = ctx; 297 struct sta_info *sta; 298 299 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 300 status, ies, ies_len); 301 302 if (status != WLAN_STATUS_SUCCESS) 303 return; 304 305 sta = ap_get_sta(hapd, dst); 306 if (sta == NULL) 307 return; 308 309 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 310 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 311 sta->flags |= WLAN_STA_AUTH; 312 mlme_authenticate_indication(hapd, sta); 313} 314#endif /* CONFIG_IEEE80211R */ 315 316 317#ifdef CONFIG_SAE 318 319static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, 320 struct sta_info *sta) 321{ 322 struct wpabuf *buf; 323 324 buf = wpabuf_alloc(2); 325 if (buf == NULL) 326 return NULL; 327 328 wpabuf_put_le16(buf, 19); /* Finite Cyclic Group */ 329 /* TODO: Anti-Clogging Token (if requested) */ 330 /* TODO: Scalar */ 331 /* TODO: Element */ 332 333 return buf; 334} 335 336 337static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 338 struct sta_info *sta) 339{ 340 struct wpabuf *buf; 341 342 buf = wpabuf_alloc(2); 343 if (buf == NULL) 344 return NULL; 345 346 wpabuf_put_le16(buf, sta->sae_send_confirm); 347 sta->sae_send_confirm++; 348 /* TODO: Confirm */ 349 350 return buf; 351} 352 353 354static u16 handle_sae_commit(struct hostapd_data *hapd, struct sta_info *sta, 355 const u8 *data, size_t len) 356{ 357 wpa_hexdump(MSG_DEBUG, "SAE commit fields", data, len); 358 359 /* Check Finite Cyclic Group */ 360 if (len < 2) 361 return WLAN_STATUS_UNSPECIFIED_FAILURE; 362 if (WPA_GET_LE16(data) != 19) { 363 wpa_printf(MSG_DEBUG, "SAE: Unsupported Finite Cyclic Group %u", 364 WPA_GET_LE16(data)); 365 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; 366 } 367 368 return WLAN_STATUS_SUCCESS; 369} 370 371 372static u16 handle_sae_confirm(struct hostapd_data *hapd, struct sta_info *sta, 373 const u8 *data, size_t len) 374{ 375 u16 rc; 376 377 wpa_hexdump(MSG_DEBUG, "SAE confirm fields", data, len); 378 379 if (len < 2) 380 return WLAN_STATUS_UNSPECIFIED_FAILURE; 381 rc = WPA_GET_LE16(data); 382 wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", rc); 383 384 return WLAN_STATUS_SUCCESS; 385} 386 387 388static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 389 const struct ieee80211_mgmt *mgmt, size_t len, 390 u8 auth_transaction) 391{ 392 u16 resp = WLAN_STATUS_SUCCESS; 393 struct wpabuf *data; 394 395 if (auth_transaction == 1) { 396 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 397 HOSTAPD_LEVEL_DEBUG, 398 "start SAE authentication (RX commit)"); 399 resp = handle_sae_commit(hapd, sta, mgmt->u.auth.variable, 400 ((u8 *) mgmt) + len - 401 mgmt->u.auth.variable); 402 if (resp == WLAN_STATUS_SUCCESS) 403 sta->sae_state = SAE_COMMIT; 404 } else if (auth_transaction == 2) { 405 if (sta->sae_state != SAE_COMMIT) { 406 hostapd_logger(hapd, sta->addr, 407 HOSTAPD_MODULE_IEEE80211, 408 HOSTAPD_LEVEL_DEBUG, 409 "SAE confirm before commit"); 410 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 411 } 412 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 413 HOSTAPD_LEVEL_DEBUG, 414 "SAE authentication (RX confirm)"); 415 resp = handle_sae_confirm(hapd, sta, mgmt->u.auth.variable, 416 ((u8 *) mgmt) + len - 417 mgmt->u.auth.variable); 418 if (resp == WLAN_STATUS_SUCCESS) { 419 sta->flags |= WLAN_STA_AUTH; 420 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 421 sta->auth_alg = WLAN_AUTH_SAE; 422 mlme_authenticate_indication(hapd, sta); 423 } 424 } else { 425 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 426 HOSTAPD_LEVEL_DEBUG, 427 "unexpected SAE authentication transaction %u", 428 auth_transaction); 429 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 430 } 431 432 sta->auth_alg = WLAN_AUTH_SAE; 433 434 if (resp == WLAN_STATUS_SUCCESS) { 435 if (auth_transaction == 1) 436 data = auth_build_sae_commit(hapd, sta); 437 else 438 data = auth_build_sae_confirm(hapd, sta); 439 if (data == NULL) 440 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 441 } else 442 data = NULL; 443 444 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 445 auth_transaction, resp, 446 data ? wpabuf_head(data) : (u8 *) "", 447 data ? wpabuf_len(data) : 0); 448 wpabuf_free(data); 449} 450#endif /* CONFIG_SAE */ 451 452 453static void handle_auth(struct hostapd_data *hapd, 454 const struct ieee80211_mgmt *mgmt, size_t len) 455{ 456 u16 auth_alg, auth_transaction, status_code; 457 u16 resp = WLAN_STATUS_SUCCESS; 458 struct sta_info *sta = NULL; 459 int res; 460 u16 fc; 461 const u8 *challenge = NULL; 462 u32 session_timeout, acct_interim_interval; 463 int vlan_id = 0; 464 struct hostapd_sta_wpa_psk_short *psk = NULL; 465 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 466 size_t resp_ies_len = 0; 467 char *identity = NULL; 468 char *radius_cui = NULL; 469 470 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 471 printf("handle_auth - too short payload (len=%lu)\n", 472 (unsigned long) len); 473 return; 474 } 475 476 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 477 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 478 status_code = le_to_host16(mgmt->u.auth.status_code); 479 fc = le_to_host16(mgmt->frame_control); 480 481 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 482 2 + WLAN_AUTH_CHALLENGE_LEN && 483 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 484 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 485 challenge = &mgmt->u.auth.variable[2]; 486 487 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 488 "auth_transaction=%d status_code=%d wep=%d%s", 489 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 490 status_code, !!(fc & WLAN_FC_ISWEP), 491 challenge ? " challenge" : ""); 492 493 if (hapd->tkip_countermeasures) { 494 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 495 goto fail; 496 } 497 498 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 499 auth_alg == WLAN_AUTH_OPEN) || 500#ifdef CONFIG_IEEE80211R 501 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 502 auth_alg == WLAN_AUTH_FT) || 503#endif /* CONFIG_IEEE80211R */ 504#ifdef CONFIG_SAE 505 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 506 auth_alg == WLAN_AUTH_SAE) || 507#endif /* CONFIG_SAE */ 508 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 509 auth_alg == WLAN_AUTH_SHARED_KEY))) { 510 printf("Unsupported authentication algorithm (%d)\n", 511 auth_alg); 512 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 513 goto fail; 514 } 515 516 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 517 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 518 printf("Unknown authentication transaction number (%d)\n", 519 auth_transaction); 520 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 521 goto fail; 522 } 523 524 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 525 printf("Station " MACSTR " not allowed to authenticate.\n", 526 MAC2STR(mgmt->sa)); 527 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 528 goto fail; 529 } 530 531 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 532 &session_timeout, 533 &acct_interim_interval, &vlan_id, 534 &psk, &identity, &radius_cui); 535 536 if (res == HOSTAPD_ACL_REJECT) { 537 printf("Station " MACSTR " not allowed to authenticate.\n", 538 MAC2STR(mgmt->sa)); 539 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 540 goto fail; 541 } 542 if (res == HOSTAPD_ACL_PENDING) { 543 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 544 " waiting for an external authentication", 545 MAC2STR(mgmt->sa)); 546 /* Authentication code will re-send the authentication frame 547 * after it has received (and cached) information from the 548 * external source. */ 549 return; 550 } 551 552 sta = ap_sta_add(hapd, mgmt->sa); 553 if (!sta) { 554 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 555 goto fail; 556 } 557 558 if (vlan_id > 0) { 559 if (hostapd_get_vlan_id_ifname(hapd->conf->vlan, 560 vlan_id) == NULL) { 561 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 562 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 563 "%d received from RADIUS server", 564 vlan_id); 565 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 566 goto fail; 567 } 568 sta->vlan_id = vlan_id; 569 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 570 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 571 } 572 573 hostapd_free_psk_list(sta->psk); 574 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 575 sta->psk = psk; 576 psk = NULL; 577 } else { 578 sta->psk = NULL; 579 } 580 581 sta->identity = identity; 582 identity = NULL; 583 sta->radius_cui = radius_cui; 584 radius_cui = NULL; 585 586 sta->flags &= ~WLAN_STA_PREAUTH; 587 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 588 589 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 590 sta->acct_interim_interval = acct_interim_interval; 591 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 592 ap_sta_session_timeout(hapd, sta, session_timeout); 593 else 594 ap_sta_no_session_timeout(hapd, sta); 595 596 switch (auth_alg) { 597 case WLAN_AUTH_OPEN: 598 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 599 HOSTAPD_LEVEL_DEBUG, 600 "authentication OK (open system)"); 601#ifdef IEEE80211_REQUIRE_AUTH_ACK 602 /* Station will be marked authenticated if it ACKs the 603 * authentication reply. */ 604#else 605 sta->flags |= WLAN_STA_AUTH; 606 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 607 sta->auth_alg = WLAN_AUTH_OPEN; 608 mlme_authenticate_indication(hapd, sta); 609#endif 610 break; 611 case WLAN_AUTH_SHARED_KEY: 612 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 613 fc & WLAN_FC_ISWEP); 614 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 615 mlme_authenticate_indication(hapd, sta); 616 if (sta->challenge && auth_transaction == 1) { 617 resp_ies[0] = WLAN_EID_CHALLENGE; 618 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 619 os_memcpy(resp_ies + 2, sta->challenge, 620 WLAN_AUTH_CHALLENGE_LEN); 621 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 622 } 623 break; 624#ifdef CONFIG_IEEE80211R 625 case WLAN_AUTH_FT: 626 sta->auth_alg = WLAN_AUTH_FT; 627 if (sta->wpa_sm == NULL) 628 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 629 sta->addr); 630 if (sta->wpa_sm == NULL) { 631 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 632 "state machine"); 633 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 634 goto fail; 635 } 636 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 637 auth_transaction, mgmt->u.auth.variable, 638 len - IEEE80211_HDRLEN - 639 sizeof(mgmt->u.auth), 640 handle_auth_ft_finish, hapd); 641 /* handle_auth_ft_finish() callback will complete auth. */ 642 return; 643#endif /* CONFIG_IEEE80211R */ 644#ifdef CONFIG_SAE 645 case WLAN_AUTH_SAE: 646 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction); 647 return; 648#endif /* CONFIG_SAE */ 649 } 650 651 fail: 652 os_free(identity); 653 os_free(radius_cui); 654 hostapd_free_psk_list(psk); 655 656 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 657 auth_transaction + 1, resp, resp_ies, resp_ies_len); 658} 659 660 661static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 662{ 663 int i, j = 32, aid; 664 665 /* get a unique AID */ 666 if (sta->aid > 0) { 667 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 668 return 0; 669 } 670 671 for (i = 0; i < AID_WORDS; i++) { 672 if (hapd->sta_aid[i] == (u32) -1) 673 continue; 674 for (j = 0; j < 32; j++) { 675 if (!(hapd->sta_aid[i] & BIT(j))) 676 break; 677 } 678 if (j < 32) 679 break; 680 } 681 if (j == 32) 682 return -1; 683 aid = i * 32 + j + 1; 684 if (aid > 2007) 685 return -1; 686 687 sta->aid = aid; 688 hapd->sta_aid[i] |= BIT(j); 689 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 690 return 0; 691} 692 693 694static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 695 const u8 *ssid_ie, size_t ssid_ie_len) 696{ 697 if (ssid_ie == NULL) 698 return WLAN_STATUS_UNSPECIFIED_FAILURE; 699 700 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 701 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 702 char ssid_txt[33]; 703 ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); 704 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 705 HOSTAPD_LEVEL_INFO, 706 "Station tried to associate with unknown SSID " 707 "'%s'", ssid_txt); 708 return WLAN_STATUS_UNSPECIFIED_FAILURE; 709 } 710 711 return WLAN_STATUS_SUCCESS; 712} 713 714 715static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 716 const u8 *wmm_ie, size_t wmm_ie_len) 717{ 718 sta->flags &= ~WLAN_STA_WMM; 719 sta->qosinfo = 0; 720 if (wmm_ie && hapd->conf->wmm_enabled) { 721 struct wmm_information_element *wmm; 722 723 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 724 hostapd_logger(hapd, sta->addr, 725 HOSTAPD_MODULE_WPA, 726 HOSTAPD_LEVEL_DEBUG, 727 "invalid WMM element in association " 728 "request"); 729 return WLAN_STATUS_UNSPECIFIED_FAILURE; 730 } 731 732 sta->flags |= WLAN_STA_WMM; 733 wmm = (struct wmm_information_element *) wmm_ie; 734 sta->qosinfo = wmm->qos_info; 735 } 736 return WLAN_STATUS_SUCCESS; 737} 738 739 740static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 741 struct ieee802_11_elems *elems) 742{ 743 if (!elems->supp_rates) { 744 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 745 HOSTAPD_LEVEL_DEBUG, 746 "No supported rates element in AssocReq"); 747 return WLAN_STATUS_UNSPECIFIED_FAILURE; 748 } 749 750 if (elems->supp_rates_len + elems->ext_supp_rates_len > 751 sizeof(sta->supported_rates)) { 752 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 753 HOSTAPD_LEVEL_DEBUG, 754 "Invalid supported rates element length %d+%d", 755 elems->supp_rates_len, 756 elems->ext_supp_rates_len); 757 return WLAN_STATUS_UNSPECIFIED_FAILURE; 758 } 759 760 sta->supported_rates_len = merge_byte_arrays( 761 sta->supported_rates, sizeof(sta->supported_rates), 762 elems->supp_rates, elems->supp_rates_len, 763 elems->ext_supp_rates, elems->ext_supp_rates_len); 764 765 return WLAN_STATUS_SUCCESS; 766} 767 768 769static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 770 const u8 *ies, size_t ies_len, int reassoc) 771{ 772 struct ieee802_11_elems elems; 773 u16 resp; 774 const u8 *wpa_ie; 775 size_t wpa_ie_len; 776 777 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 778 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 779 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 780 "association request"); 781 return WLAN_STATUS_UNSPECIFIED_FAILURE; 782 } 783 784 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 785 if (resp != WLAN_STATUS_SUCCESS) 786 return resp; 787 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 788 if (resp != WLAN_STATUS_SUCCESS) 789 return resp; 790 resp = copy_supp_rates(hapd, sta, &elems); 791 if (resp != WLAN_STATUS_SUCCESS) 792 return resp; 793#ifdef CONFIG_IEEE80211N 794 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 795 elems.ht_capabilities_len); 796 if (resp != WLAN_STATUS_SUCCESS) 797 return resp; 798 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 799 !(sta->flags & WLAN_STA_HT)) { 800 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 801 HOSTAPD_LEVEL_INFO, "Station does not support " 802 "mandatory HT PHY - reject association"); 803 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 804 } 805#endif /* CONFIG_IEEE80211N */ 806 807#ifdef CONFIG_IEEE80211AC 808 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities, 809 elems.vht_capabilities_len); 810 if (resp != WLAN_STATUS_SUCCESS) 811 return resp; 812 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 813 !(sta->flags & WLAN_STA_VHT)) { 814 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 815 HOSTAPD_LEVEL_INFO, "Station does not support " 816 "mandatory VHT PHY - reject association"); 817 return WLAN_STATUS_UNSPECIFIED_FAILURE; 818 } 819#endif /* CONFIG_IEEE80211AC */ 820 821 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 822 wpa_ie = elems.rsn_ie; 823 wpa_ie_len = elems.rsn_ie_len; 824 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 825 elems.wpa_ie) { 826 wpa_ie = elems.wpa_ie; 827 wpa_ie_len = elems.wpa_ie_len; 828 } else { 829 wpa_ie = NULL; 830 wpa_ie_len = 0; 831 } 832 833#ifdef CONFIG_WPS 834 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 835 if (hapd->conf->wps_state && elems.wps_ie) { 836 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 837 "Request - assume WPS is used"); 838 sta->flags |= WLAN_STA_WPS; 839 wpabuf_free(sta->wps_ie); 840 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 841 WPS_IE_VENDOR_TYPE); 842 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 843 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 844 sta->flags |= WLAN_STA_WPS2; 845 } 846 wpa_ie = NULL; 847 wpa_ie_len = 0; 848 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 849 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 850 "(Re)Association Request - reject"); 851 return WLAN_STATUS_INVALID_IE; 852 } 853 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 854 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 855 "(Re)Association Request - possible WPS use"); 856 sta->flags |= WLAN_STA_MAYBE_WPS; 857 } else 858#endif /* CONFIG_WPS */ 859 if (hapd->conf->wpa && wpa_ie == NULL) { 860 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 861 HOSTAPD_LEVEL_INFO, 862 "No WPA/RSN IE in association request"); 863 return WLAN_STATUS_INVALID_IE; 864 } 865 866 if (hapd->conf->wpa && wpa_ie) { 867 int res; 868 wpa_ie -= 2; 869 wpa_ie_len += 2; 870 if (sta->wpa_sm == NULL) 871 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 872 sta->addr); 873 if (sta->wpa_sm == NULL) { 874 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 875 "state machine"); 876 return WLAN_STATUS_UNSPECIFIED_FAILURE; 877 } 878 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 879 wpa_ie, wpa_ie_len, 880 elems.mdie, elems.mdie_len); 881 if (res == WPA_INVALID_GROUP) 882 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 883 else if (res == WPA_INVALID_PAIRWISE) 884 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 885 else if (res == WPA_INVALID_AKMP) 886 resp = WLAN_STATUS_AKMP_NOT_VALID; 887 else if (res == WPA_ALLOC_FAIL) 888 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 889#ifdef CONFIG_IEEE80211W 890 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 891 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 892 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 893 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 894#endif /* CONFIG_IEEE80211W */ 895 else if (res == WPA_INVALID_MDIE) 896 resp = WLAN_STATUS_INVALID_MDIE; 897 else if (res != WPA_IE_OK) 898 resp = WLAN_STATUS_INVALID_IE; 899 if (resp != WLAN_STATUS_SUCCESS) 900 return resp; 901#ifdef CONFIG_IEEE80211W 902 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 903 sta->sa_query_count > 0) 904 ap_check_sa_query_timeout(hapd, sta); 905 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 906 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 907 /* 908 * STA has already been associated with MFP and SA 909 * Query timeout has not been reached. Reject the 910 * association attempt temporarily and start SA Query, 911 * if one is not pending. 912 */ 913 914 if (sta->sa_query_count == 0) 915 ap_sta_start_sa_query(hapd, sta); 916 917 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 918 } 919 920 if (wpa_auth_uses_mfp(sta->wpa_sm)) 921 sta->flags |= WLAN_STA_MFP; 922 else 923 sta->flags &= ~WLAN_STA_MFP; 924#endif /* CONFIG_IEEE80211W */ 925 926#ifdef CONFIG_IEEE80211R 927 if (sta->auth_alg == WLAN_AUTH_FT) { 928 if (!reassoc) { 929 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 930 "to use association (not " 931 "re-association) with FT auth_alg", 932 MAC2STR(sta->addr)); 933 return WLAN_STATUS_UNSPECIFIED_FAILURE; 934 } 935 936 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 937 ies_len); 938 if (resp != WLAN_STATUS_SUCCESS) 939 return resp; 940 } 941#endif /* CONFIG_IEEE80211R */ 942 943#ifdef CONFIG_SAE 944 if (wpa_auth_uses_sae(sta->wpa_sm) && 945 sta->auth_alg != WLAN_AUTH_SAE) { 946 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 947 "SAE AKM after non-SAE auth_alg %u", 948 MAC2STR(sta->addr), sta->auth_alg); 949 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 950 } 951#endif /* CONFIG_SAE */ 952 953#ifdef CONFIG_IEEE80211N 954 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 955 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 956 hostapd_logger(hapd, sta->addr, 957 HOSTAPD_MODULE_IEEE80211, 958 HOSTAPD_LEVEL_INFO, 959 "Station tried to use TKIP with HT " 960 "association"); 961 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 962 } 963#endif /* CONFIG_IEEE80211N */ 964 } else 965 wpa_auth_sta_no_wpa(sta->wpa_sm); 966 967#ifdef CONFIG_P2P 968 if (elems.p2p) { 969 wpabuf_free(sta->p2p_ie); 970 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 971 P2P_IE_VENDOR_TYPE); 972 973 } else { 974 wpabuf_free(sta->p2p_ie); 975 sta->p2p_ie = NULL; 976 } 977 978 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 979#endif /* CONFIG_P2P */ 980 981#ifdef CONFIG_HS20 982 wpabuf_free(sta->hs20_ie); 983 if (elems.hs20 && elems.hs20_len > 4) { 984 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 985 elems.hs20_len - 4); 986 } else 987 sta->hs20_ie = NULL; 988#endif /* CONFIG_HS20 */ 989 990 return WLAN_STATUS_SUCCESS; 991} 992 993 994static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 995 u16 reason_code) 996{ 997 int send_len; 998 struct ieee80211_mgmt reply; 999 1000 os_memset(&reply, 0, sizeof(reply)); 1001 reply.frame_control = 1002 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1003 os_memcpy(reply.da, addr, ETH_ALEN); 1004 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1005 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1006 1007 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1008 reply.u.deauth.reason_code = host_to_le16(reason_code); 1009 1010 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1011 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1012 strerror(errno)); 1013} 1014 1015 1016static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1017 u16 status_code, int reassoc, const u8 *ies, 1018 size_t ies_len) 1019{ 1020 int send_len; 1021 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1022 struct ieee80211_mgmt *reply; 1023 u8 *p; 1024 1025 os_memset(buf, 0, sizeof(buf)); 1026 reply = (struct ieee80211_mgmt *) buf; 1027 reply->frame_control = 1028 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1029 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1030 WLAN_FC_STYPE_ASSOC_RESP)); 1031 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1032 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1033 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1034 1035 send_len = IEEE80211_HDRLEN; 1036 send_len += sizeof(reply->u.assoc_resp); 1037 reply->u.assoc_resp.capab_info = 1038 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 1039 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1040 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) 1041 | BIT(14) | BIT(15)); 1042 /* Supported rates */ 1043 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1044 /* Extended supported rates */ 1045 p = hostapd_eid_ext_supp_rates(hapd, p); 1046 1047#ifdef CONFIG_IEEE80211R 1048 if (status_code == WLAN_STATUS_SUCCESS) { 1049 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1050 * Transition Information, RSN, [RIC Response] */ 1051 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1052 buf + sizeof(buf) - p, 1053 sta->auth_alg, ies, ies_len); 1054 } 1055#endif /* CONFIG_IEEE80211R */ 1056 1057#ifdef CONFIG_IEEE80211W 1058 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1059 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1060#endif /* CONFIG_IEEE80211W */ 1061 1062#ifdef CONFIG_IEEE80211N 1063 p = hostapd_eid_ht_capabilities(hapd, p); 1064 p = hostapd_eid_ht_operation(hapd, p); 1065#endif /* CONFIG_IEEE80211N */ 1066 1067#ifdef CONFIG_IEEE80211AC 1068 p = hostapd_eid_vht_capabilities(hapd, p); 1069 p = hostapd_eid_vht_operation(hapd, p); 1070#endif /* CONFIG_IEEE80211AC */ 1071 1072 p = hostapd_eid_ext_capab(hapd, p); 1073 p = hostapd_eid_bss_max_idle_period(hapd, p); 1074 1075 if (sta->flags & WLAN_STA_WMM) 1076 p = hostapd_eid_wmm(hapd, p); 1077 1078#ifdef CONFIG_WPS 1079 if ((sta->flags & WLAN_STA_WPS) || 1080 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1081 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1082 if (wps) { 1083 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1084 p += wpabuf_len(wps); 1085 wpabuf_free(wps); 1086 } 1087 } 1088#endif /* CONFIG_WPS */ 1089 1090#ifdef CONFIG_P2P 1091 if (sta->p2p_ie) { 1092 struct wpabuf *p2p_resp_ie; 1093 enum p2p_status_code status; 1094 switch (status_code) { 1095 case WLAN_STATUS_SUCCESS: 1096 status = P2P_SC_SUCCESS; 1097 break; 1098 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1099 status = P2P_SC_FAIL_LIMIT_REACHED; 1100 break; 1101 default: 1102 status = P2P_SC_FAIL_INVALID_PARAMS; 1103 break; 1104 } 1105 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1106 if (p2p_resp_ie) { 1107 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1108 wpabuf_len(p2p_resp_ie)); 1109 p += wpabuf_len(p2p_resp_ie); 1110 wpabuf_free(p2p_resp_ie); 1111 } 1112 } 1113#endif /* CONFIG_P2P */ 1114 1115#ifdef CONFIG_P2P_MANAGER 1116 if (hapd->conf->p2p & P2P_MANAGE) 1117 p = hostapd_eid_p2p_manage(hapd, p); 1118#endif /* CONFIG_P2P_MANAGER */ 1119 1120 send_len += p - reply->u.assoc_resp.variable; 1121 1122 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) 1123 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1124 strerror(errno)); 1125} 1126 1127 1128static void handle_assoc(struct hostapd_data *hapd, 1129 const struct ieee80211_mgmt *mgmt, size_t len, 1130 int reassoc) 1131{ 1132 u16 capab_info, listen_interval; 1133 u16 resp = WLAN_STATUS_SUCCESS; 1134 const u8 *pos; 1135 int left, i; 1136 struct sta_info *sta; 1137 1138 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1139 sizeof(mgmt->u.assoc_req))) { 1140 printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)" 1141 "\n", reassoc, (unsigned long) len); 1142 return; 1143 } 1144 1145 if (reassoc) { 1146 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 1147 listen_interval = le_to_host16( 1148 mgmt->u.reassoc_req.listen_interval); 1149 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 1150 " capab_info=0x%02x listen_interval=%d current_ap=" 1151 MACSTR, 1152 MAC2STR(mgmt->sa), capab_info, listen_interval, 1153 MAC2STR(mgmt->u.reassoc_req.current_ap)); 1154 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 1155 pos = mgmt->u.reassoc_req.variable; 1156 } else { 1157 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 1158 listen_interval = le_to_host16( 1159 mgmt->u.assoc_req.listen_interval); 1160 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 1161 " capab_info=0x%02x listen_interval=%d", 1162 MAC2STR(mgmt->sa), capab_info, listen_interval); 1163 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 1164 pos = mgmt->u.assoc_req.variable; 1165 } 1166 1167 sta = ap_get_sta(hapd, mgmt->sa); 1168#ifdef CONFIG_IEEE80211R 1169 if (sta && sta->auth_alg == WLAN_AUTH_FT && 1170 (sta->flags & WLAN_STA_AUTH) == 0) { 1171 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 1172 "prior to authentication since it is using " 1173 "over-the-DS FT", MAC2STR(mgmt->sa)); 1174 } else 1175#endif /* CONFIG_IEEE80211R */ 1176 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1177 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1178 HOSTAPD_LEVEL_INFO, "Station tried to " 1179 "associate before authentication " 1180 "(aid=%d flags=0x%x)", 1181 sta ? sta->aid : -1, 1182 sta ? sta->flags : 0); 1183 send_deauth(hapd, mgmt->sa, 1184 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 1185 return; 1186 } 1187 1188 if (hapd->tkip_countermeasures) { 1189 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1190 goto fail; 1191 } 1192 1193 if (listen_interval > hapd->conf->max_listen_interval) { 1194 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1195 HOSTAPD_LEVEL_DEBUG, 1196 "Too large Listen Interval (%d)", 1197 listen_interval); 1198 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 1199 goto fail; 1200 } 1201 1202 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 1203 * is used */ 1204 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 1205 if (resp != WLAN_STATUS_SUCCESS) 1206 goto fail; 1207 1208 if (hostapd_get_aid(hapd, sta) < 0) { 1209 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1210 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1211 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1212 goto fail; 1213 } 1214 1215 sta->capability = capab_info; 1216 sta->listen_interval = listen_interval; 1217 1218 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1219 sta->flags |= WLAN_STA_NONERP; 1220 for (i = 0; i < sta->supported_rates_len; i++) { 1221 if ((sta->supported_rates[i] & 0x7f) > 22) { 1222 sta->flags &= ~WLAN_STA_NONERP; 1223 break; 1224 } 1225 } 1226 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1227 sta->nonerp_set = 1; 1228 hapd->iface->num_sta_non_erp++; 1229 if (hapd->iface->num_sta_non_erp == 1) 1230 ieee802_11_set_beacons(hapd->iface); 1231 } 1232 1233 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1234 !sta->no_short_slot_time_set) { 1235 sta->no_short_slot_time_set = 1; 1236 hapd->iface->num_sta_no_short_slot_time++; 1237 if (hapd->iface->current_mode->mode == 1238 HOSTAPD_MODE_IEEE80211G && 1239 hapd->iface->num_sta_no_short_slot_time == 1) 1240 ieee802_11_set_beacons(hapd->iface); 1241 } 1242 1243 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1244 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1245 else 1246 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1247 1248 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1249 !sta->no_short_preamble_set) { 1250 sta->no_short_preamble_set = 1; 1251 hapd->iface->num_sta_no_short_preamble++; 1252 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1253 && hapd->iface->num_sta_no_short_preamble == 1) 1254 ieee802_11_set_beacons(hapd->iface); 1255 } 1256 1257#ifdef CONFIG_IEEE80211N 1258 update_ht_state(hapd, sta); 1259#endif /* CONFIG_IEEE80211N */ 1260 1261 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1262 HOSTAPD_LEVEL_DEBUG, 1263 "association OK (aid %d)", sta->aid); 1264 /* Station will be marked associated, after it acknowledges AssocResp 1265 */ 1266 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1267 1268#ifdef CONFIG_IEEE80211W 1269 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1270 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1271 "SA Query procedure", reassoc ? "re" : ""); 1272 /* TODO: Send a protected Disassociate frame to the STA using 1273 * the old key and Reason Code "Previous Authentication no 1274 * longer valid". Make sure this is only sent protected since 1275 * unprotected frame would be received by the STA that is now 1276 * trying to associate. 1277 */ 1278 } 1279#endif /* CONFIG_IEEE80211W */ 1280 1281 if (reassoc) { 1282 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, 1283 ETH_ALEN); 1284 } 1285 1286 if (sta->last_assoc_req) 1287 os_free(sta->last_assoc_req); 1288 sta->last_assoc_req = os_malloc(len); 1289 if (sta->last_assoc_req) 1290 os_memcpy(sta->last_assoc_req, mgmt, len); 1291 1292 /* Make sure that the previously registered inactivity timer will not 1293 * remove the STA immediately. */ 1294 sta->timeout_next = STA_NULLFUNC; 1295 1296 fail: 1297 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1298} 1299 1300 1301static void handle_disassoc(struct hostapd_data *hapd, 1302 const struct ieee80211_mgmt *mgmt, size_t len) 1303{ 1304 struct sta_info *sta; 1305 1306 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1307 printf("handle_disassoc - too short payload (len=%lu)\n", 1308 (unsigned long) len); 1309 return; 1310 } 1311 1312 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1313 MAC2STR(mgmt->sa), 1314 le_to_host16(mgmt->u.disassoc.reason_code)); 1315 1316 sta = ap_get_sta(hapd, mgmt->sa); 1317 if (sta == NULL) { 1318 printf("Station " MACSTR " trying to disassociate, but it " 1319 "is not associated.\n", MAC2STR(mgmt->sa)); 1320 return; 1321 } 1322 1323 ap_sta_set_authorized(hapd, sta, 0); 1324 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1325 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1326 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1327 HOSTAPD_LEVEL_INFO, "disassociated"); 1328 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1329 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1330 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1331 * authenticated. */ 1332 accounting_sta_stop(hapd, sta); 1333 ieee802_1x_free_station(sta); 1334 hostapd_drv_sta_remove(hapd, sta->addr); 1335 1336 if (sta->timeout_next == STA_NULLFUNC || 1337 sta->timeout_next == STA_DISASSOC) { 1338 sta->timeout_next = STA_DEAUTH; 1339 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1340 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1341 hapd, sta); 1342 } 1343 1344 mlme_disassociate_indication( 1345 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1346} 1347 1348 1349static void handle_deauth(struct hostapd_data *hapd, 1350 const struct ieee80211_mgmt *mgmt, size_t len) 1351{ 1352 struct sta_info *sta; 1353 1354 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1355 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1356 "payload (len=%lu)", (unsigned long) len); 1357 return; 1358 } 1359 1360 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1361 " reason_code=%d", 1362 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1363 1364 sta = ap_get_sta(hapd, mgmt->sa); 1365 if (sta == NULL) { 1366 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1367 "to deauthenticate, but it is not authenticated", 1368 MAC2STR(mgmt->sa)); 1369 return; 1370 } 1371 1372 ap_sta_set_authorized(hapd, sta, 0); 1373 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1374 WLAN_STA_ASSOC_REQ_OK); 1375 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1376 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1377 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1378 mlme_deauthenticate_indication( 1379 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1380 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1381 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1382 ap_free_sta(hapd, sta); 1383} 1384 1385 1386static void handle_beacon(struct hostapd_data *hapd, 1387 const struct ieee80211_mgmt *mgmt, size_t len, 1388 struct hostapd_frame_info *fi) 1389{ 1390 struct ieee802_11_elems elems; 1391 1392 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1393 printf("handle_beacon - too short payload (len=%lu)\n", 1394 (unsigned long) len); 1395 return; 1396 } 1397 1398 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1399 len - (IEEE80211_HDRLEN + 1400 sizeof(mgmt->u.beacon)), &elems, 1401 0); 1402 1403 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1404} 1405 1406 1407#ifdef CONFIG_IEEE80211W 1408 1409static void hostapd_sa_query_action(struct hostapd_data *hapd, 1410 const struct ieee80211_mgmt *mgmt, 1411 size_t len) 1412{ 1413 const u8 *end; 1414 1415 end = mgmt->u.action.u.sa_query_resp.trans_id + 1416 WLAN_SA_QUERY_TR_ID_LEN; 1417 if (((u8 *) mgmt) + len < end) { 1418 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1419 "frame (len=%lu)", (unsigned long) len); 1420 return; 1421 } 1422 1423 ieee802_11_sa_query_action(hapd, mgmt->sa, 1424 mgmt->u.action.u.sa_query_resp.action, 1425 mgmt->u.action.u.sa_query_resp.trans_id); 1426} 1427 1428 1429static int robust_action_frame(u8 category) 1430{ 1431 return category != WLAN_ACTION_PUBLIC && 1432 category != WLAN_ACTION_HT; 1433} 1434#endif /* CONFIG_IEEE80211W */ 1435 1436 1437static void handle_action(struct hostapd_data *hapd, 1438 const struct ieee80211_mgmt *mgmt, size_t len) 1439{ 1440#if defined(CONFIG_IEEE80211W) || defined(CONFIG_IEEE80211R) 1441 struct sta_info *sta; 1442 sta = ap_get_sta(hapd, mgmt->sa); 1443#endif /* CONFIG_IEEE80211W || CONFIG_IEEE80211R */ 1444 1445 if (len < IEEE80211_HDRLEN + 1) { 1446 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1447 HOSTAPD_LEVEL_DEBUG, 1448 "handle_action - too short payload (len=%lu)", 1449 (unsigned long) len); 1450 return; 1451 } 1452 1453#ifdef CONFIG_IEEE80211W 1454 if (sta && (sta->flags & WLAN_STA_MFP) && 1455 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP) && 1456 robust_action_frame(mgmt->u.action.category))) { 1457 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1458 HOSTAPD_LEVEL_DEBUG, 1459 "Dropped unprotected Robust Action frame from " 1460 "an MFP STA"); 1461 return; 1462 } 1463#endif /* CONFIG_IEEE80211W */ 1464 1465 switch (mgmt->u.action.category) { 1466#ifdef CONFIG_IEEE80211R 1467 case WLAN_ACTION_FT: 1468 { 1469 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 1470 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored FT Action " 1471 "frame from unassociated STA " MACSTR, 1472 MAC2STR(mgmt->sa)); 1473 return; 1474 } 1475 1476 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1477 len - IEEE80211_HDRLEN)) 1478 break; 1479 1480 return; 1481 } 1482#endif /* CONFIG_IEEE80211R */ 1483 case WLAN_ACTION_WMM: 1484 hostapd_wmm_action(hapd, mgmt, len); 1485 return; 1486#ifdef CONFIG_IEEE80211W 1487 case WLAN_ACTION_SA_QUERY: 1488 hostapd_sa_query_action(hapd, mgmt, len); 1489 return; 1490#endif /* CONFIG_IEEE80211W */ 1491 case WLAN_ACTION_PUBLIC: 1492 if (hapd->public_action_cb) { 1493 hapd->public_action_cb(hapd->public_action_cb_ctx, 1494 (u8 *) mgmt, len, 1495 hapd->iface->freq); 1496 return; 1497 } 1498 break; 1499 case WLAN_ACTION_VENDOR_SPECIFIC: 1500 if (hapd->vendor_action_cb) { 1501 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1502 (u8 *) mgmt, len, 1503 hapd->iface->freq) == 0) 1504 return; 1505 } 1506 break; 1507 } 1508 1509 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1510 HOSTAPD_LEVEL_DEBUG, 1511 "handle_action - unknown action category %d or invalid " 1512 "frame", 1513 mgmt->u.action.category); 1514 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1515 !(mgmt->sa[0] & 0x01)) { 1516 struct ieee80211_mgmt *resp; 1517 1518 /* 1519 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1520 * Return the Action frame to the source without change 1521 * except that MSB of the Category set to 1. 1522 */ 1523 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1524 "frame back to sender"); 1525 resp = os_malloc(len); 1526 if (resp == NULL) 1527 return; 1528 os_memcpy(resp, mgmt, len); 1529 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1530 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1531 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1532 resp->u.action.category |= 0x80; 1533 1534 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 1535 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 1536 "Action frame"); 1537 } 1538 os_free(resp); 1539 } 1540} 1541 1542 1543/** 1544 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1545 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1546 * sent to) 1547 * @buf: management frame data (starting from IEEE 802.11 header) 1548 * @len: length of frame data in octets 1549 * @fi: meta data about received frame (signal level, etc.) 1550 * 1551 * Process all incoming IEEE 802.11 management frames. This will be called for 1552 * each frame received from the kernel driver through wlan#ap interface. In 1553 * addition, it can be called to re-inserted pending frames (e.g., when using 1554 * external RADIUS server as an MAC ACL). 1555 */ 1556void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1557 struct hostapd_frame_info *fi) 1558{ 1559 struct ieee80211_mgmt *mgmt; 1560 int broadcast; 1561 u16 fc, stype; 1562 1563 if (len < 24) 1564 return; 1565 1566 mgmt = (struct ieee80211_mgmt *) buf; 1567 fc = le_to_host16(mgmt->frame_control); 1568 stype = WLAN_FC_GET_STYPE(fc); 1569 1570 if (stype == WLAN_FC_STYPE_BEACON) { 1571 handle_beacon(hapd, mgmt, len, fi); 1572 return; 1573 } 1574 1575 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1576 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1577 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1578 1579 if (!broadcast && 1580#ifdef CONFIG_P2P 1581 /* Invitation responses can be sent with the peer MAC as BSSID */ 1582 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1583 stype == WLAN_FC_STYPE_ACTION) && 1584#endif /* CONFIG_P2P */ 1585 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1586 printf("MGMT: BSSID=" MACSTR " not our address\n", 1587 MAC2STR(mgmt->bssid)); 1588 return; 1589 } 1590 1591 1592 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1593 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 1594 return; 1595 } 1596 1597 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1598 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1599 HOSTAPD_LEVEL_DEBUG, 1600 "MGMT: DA=" MACSTR " not our address", 1601 MAC2STR(mgmt->da)); 1602 return; 1603 } 1604 1605 switch (stype) { 1606 case WLAN_FC_STYPE_AUTH: 1607 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1608 handle_auth(hapd, mgmt, len); 1609 break; 1610 case WLAN_FC_STYPE_ASSOC_REQ: 1611 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1612 handle_assoc(hapd, mgmt, len, 0); 1613 break; 1614 case WLAN_FC_STYPE_REASSOC_REQ: 1615 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1616 handle_assoc(hapd, mgmt, len, 1); 1617 break; 1618 case WLAN_FC_STYPE_DISASSOC: 1619 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1620 handle_disassoc(hapd, mgmt, len); 1621 break; 1622 case WLAN_FC_STYPE_DEAUTH: 1623 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1624 handle_deauth(hapd, mgmt, len); 1625 break; 1626 case WLAN_FC_STYPE_ACTION: 1627 wpa_printf(MSG_DEBUG, "mgmt::action"); 1628 handle_action(hapd, mgmt, len); 1629 break; 1630 default: 1631 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1632 HOSTAPD_LEVEL_DEBUG, 1633 "unknown mgmt frame subtype %d", stype); 1634 break; 1635 } 1636} 1637 1638 1639static void handle_auth_cb(struct hostapd_data *hapd, 1640 const struct ieee80211_mgmt *mgmt, 1641 size_t len, int ok) 1642{ 1643 u16 auth_alg, auth_transaction, status_code; 1644 struct sta_info *sta; 1645 1646 if (!ok) { 1647 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1648 HOSTAPD_LEVEL_NOTICE, 1649 "did not acknowledge authentication response"); 1650 return; 1651 } 1652 1653 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1654 printf("handle_auth_cb - too short payload (len=%lu)\n", 1655 (unsigned long) len); 1656 return; 1657 } 1658 1659 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1660 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1661 status_code = le_to_host16(mgmt->u.auth.status_code); 1662 1663 sta = ap_get_sta(hapd, mgmt->da); 1664 if (!sta) { 1665 printf("handle_auth_cb: STA " MACSTR " not found\n", 1666 MAC2STR(mgmt->da)); 1667 return; 1668 } 1669 1670 if (status_code == WLAN_STATUS_SUCCESS && 1671 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1672 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1673 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1674 HOSTAPD_LEVEL_INFO, "authenticated"); 1675 sta->flags |= WLAN_STA_AUTH; 1676 } 1677} 1678 1679 1680static void handle_assoc_cb(struct hostapd_data *hapd, 1681 const struct ieee80211_mgmt *mgmt, 1682 size_t len, int reassoc, int ok) 1683{ 1684 u16 status; 1685 struct sta_info *sta; 1686 int new_assoc = 1; 1687 struct ieee80211_ht_capabilities ht_cap; 1688 1689 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1690 sizeof(mgmt->u.assoc_resp))) { 1691 printf("handle_assoc_cb(reassoc=%d) - too short payload " 1692 "(len=%lu)\n", reassoc, (unsigned long) len); 1693 return; 1694 } 1695 1696 sta = ap_get_sta(hapd, mgmt->da); 1697 if (!sta) { 1698 printf("handle_assoc_cb: STA " MACSTR " not found\n", 1699 MAC2STR(mgmt->da)); 1700 return; 1701 } 1702 1703 if (!ok) { 1704 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1705 HOSTAPD_LEVEL_DEBUG, 1706 "did not acknowledge association response"); 1707 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 1708 return; 1709 } 1710 1711 if (reassoc) 1712 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1713 else 1714 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1715 1716 if (status != WLAN_STATUS_SUCCESS) 1717 goto fail; 1718 1719 /* Stop previous accounting session, if one is started, and allocate 1720 * new session id for the new session. */ 1721 accounting_sta_stop(hapd, sta); 1722 1723 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1724 HOSTAPD_LEVEL_INFO, 1725 "associated (aid %d)", 1726 sta->aid); 1727 1728 if (sta->flags & WLAN_STA_ASSOC) 1729 new_assoc = 0; 1730 sta->flags |= WLAN_STA_ASSOC; 1731 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa) || 1732 sta->auth_alg == WLAN_AUTH_FT) { 1733 /* 1734 * Open, static WEP, or FT protocol; no separate authorization 1735 * step. 1736 */ 1737 ap_sta_set_authorized(hapd, sta, 1); 1738 } 1739 1740 if (reassoc) 1741 mlme_reassociate_indication(hapd, sta); 1742 else 1743 mlme_associate_indication(hapd, sta); 1744 1745#ifdef CONFIG_IEEE80211W 1746 sta->sa_query_timed_out = 0; 1747#endif /* CONFIG_IEEE80211W */ 1748 1749 /* 1750 * Remove the STA entry in order to make sure the STA PS state gets 1751 * cleared and configuration gets updated in case of reassociation back 1752 * to the same AP. 1753 */ 1754 hostapd_drv_sta_remove(hapd, sta->addr); 1755 1756#ifdef CONFIG_IEEE80211N 1757 if (sta->flags & WLAN_STA_HT) 1758 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1759#endif /* CONFIG_IEEE80211N */ 1760 1761 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1762 sta->supported_rates, sta->supported_rates_len, 1763 sta->listen_interval, 1764 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1765 sta->flags, sta->qosinfo)) { 1766 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1767 HOSTAPD_LEVEL_NOTICE, 1768 "Could not add STA to kernel driver"); 1769 1770 ap_sta_disconnect(hapd, sta, sta->addr, 1771 WLAN_REASON_DISASSOC_AP_BUSY); 1772 1773 goto fail; 1774 } 1775 1776 if (sta->flags & WLAN_STA_WDS) 1777 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 1778 1779 if (sta->eapol_sm == NULL) { 1780 /* 1781 * This STA does not use RADIUS server for EAP authentication, 1782 * so bind it to the selected VLAN interface now, since the 1783 * interface selection is not going to change anymore. 1784 */ 1785 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1786 goto fail; 1787 } else if (sta->vlan_id) { 1788 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 1789 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1790 goto fail; 1791 } 1792 1793 hostapd_set_sta_flags(hapd, sta); 1794 1795 if (sta->auth_alg == WLAN_AUTH_FT) 1796 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 1797 else 1798 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 1799 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 1800 1801 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 1802 1803 fail: 1804 /* Copy of the association request is not needed anymore */ 1805 if (sta->last_assoc_req) { 1806 os_free(sta->last_assoc_req); 1807 sta->last_assoc_req = NULL; 1808 } 1809} 1810 1811 1812static void handle_deauth_cb(struct hostapd_data *hapd, 1813 const struct ieee80211_mgmt *mgmt, 1814 size_t len, int ok) 1815{ 1816 struct sta_info *sta; 1817 if (mgmt->da[0] & 0x01) 1818 return; 1819 sta = ap_get_sta(hapd, mgmt->da); 1820 if (!sta) { 1821 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 1822 " not found", MAC2STR(mgmt->da)); 1823 return; 1824 } 1825 if (ok) 1826 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 1827 MAC2STR(sta->addr)); 1828 else 1829 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1830 "deauth", MAC2STR(sta->addr)); 1831 1832 ap_sta_deauth_cb(hapd, sta); 1833} 1834 1835 1836static void handle_disassoc_cb(struct hostapd_data *hapd, 1837 const struct ieee80211_mgmt *mgmt, 1838 size_t len, int ok) 1839{ 1840 struct sta_info *sta; 1841 if (mgmt->da[0] & 0x01) 1842 return; 1843 sta = ap_get_sta(hapd, mgmt->da); 1844 if (!sta) { 1845 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 1846 " not found", MAC2STR(mgmt->da)); 1847 return; 1848 } 1849 if (ok) 1850 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 1851 MAC2STR(sta->addr)); 1852 else 1853 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1854 "disassoc", MAC2STR(sta->addr)); 1855 1856 ap_sta_disassoc_cb(hapd, sta); 1857} 1858 1859 1860/** 1861 * ieee802_11_mgmt_cb - Process management frame TX status callback 1862 * @hapd: hostapd BSS data structure (the BSS from which the management frame 1863 * was sent from) 1864 * @buf: management frame data (starting from IEEE 802.11 header) 1865 * @len: length of frame data in octets 1866 * @stype: management frame subtype from frame control field 1867 * @ok: Whether the frame was ACK'ed 1868 */ 1869void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 1870 u16 stype, int ok) 1871{ 1872 const struct ieee80211_mgmt *mgmt; 1873 mgmt = (const struct ieee80211_mgmt *) buf; 1874 1875 switch (stype) { 1876 case WLAN_FC_STYPE_AUTH: 1877 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 1878 handle_auth_cb(hapd, mgmt, len, ok); 1879 break; 1880 case WLAN_FC_STYPE_ASSOC_RESP: 1881 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 1882 handle_assoc_cb(hapd, mgmt, len, 0, ok); 1883 break; 1884 case WLAN_FC_STYPE_REASSOC_RESP: 1885 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 1886 handle_assoc_cb(hapd, mgmt, len, 1, ok); 1887 break; 1888 case WLAN_FC_STYPE_PROBE_RESP: 1889 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 1890 break; 1891 case WLAN_FC_STYPE_DEAUTH: 1892 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 1893 handle_deauth_cb(hapd, mgmt, len, ok); 1894 break; 1895 case WLAN_FC_STYPE_DISASSOC: 1896 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 1897 handle_disassoc_cb(hapd, mgmt, len, ok); 1898 break; 1899 case WLAN_FC_STYPE_ACTION: 1900 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 1901 break; 1902 default: 1903 printf("unknown mgmt cb frame subtype %d\n", stype); 1904 break; 1905 } 1906} 1907 1908 1909int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 1910{ 1911 /* TODO */ 1912 return 0; 1913} 1914 1915 1916int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 1917 char *buf, size_t buflen) 1918{ 1919 /* TODO */ 1920 return 0; 1921} 1922 1923 1924void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 1925 const u8 *buf, size_t len, int ack) 1926{ 1927 struct sta_info *sta; 1928 struct hostapd_iface *iface = hapd->iface; 1929 1930 sta = ap_get_sta(hapd, addr); 1931 if (sta == NULL && iface->num_bss > 1) { 1932 size_t j; 1933 for (j = 0; j < iface->num_bss; j++) { 1934 hapd = iface->bss[j]; 1935 sta = ap_get_sta(hapd, addr); 1936 if (sta) 1937 break; 1938 } 1939 } 1940 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 1941 return; 1942 if (sta->flags & WLAN_STA_PENDING_POLL) { 1943 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 1944 "activity poll", MAC2STR(sta->addr), 1945 ack ? "ACKed" : "did not ACK"); 1946 if (ack) 1947 sta->flags &= ~WLAN_STA_PENDING_POLL; 1948 } 1949 1950 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 1951} 1952 1953 1954void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 1955 const u8 *data, size_t len, int ack) 1956{ 1957 struct sta_info *sta; 1958 struct hostapd_iface *iface = hapd->iface; 1959 1960 sta = ap_get_sta(hapd, dst); 1961 if (sta == NULL && iface->num_bss > 1) { 1962 size_t j; 1963 for (j = 0; j < iface->num_bss; j++) { 1964 hapd = iface->bss[j]; 1965 sta = ap_get_sta(hapd, dst); 1966 if (sta) 1967 break; 1968 } 1969 } 1970 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 1971 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 1972 MACSTR " that is not currently associated", 1973 MAC2STR(dst)); 1974 return; 1975 } 1976 1977 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 1978} 1979 1980 1981void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 1982{ 1983 struct sta_info *sta; 1984 struct hostapd_iface *iface = hapd->iface; 1985 1986 sta = ap_get_sta(hapd, addr); 1987 if (sta == NULL && iface->num_bss > 1) { 1988 size_t j; 1989 for (j = 0; j < iface->num_bss; j++) { 1990 hapd = iface->bss[j]; 1991 sta = ap_get_sta(hapd, addr); 1992 if (sta) 1993 break; 1994 } 1995 } 1996 if (sta == NULL) 1997 return; 1998 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 1999 return; 2000 2001 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 2002 "activity poll", MAC2STR(sta->addr)); 2003 sta->flags &= ~WLAN_STA_PENDING_POLL; 2004} 2005 2006 2007void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 2008 int wds) 2009{ 2010 struct sta_info *sta; 2011 2012 sta = ap_get_sta(hapd, src); 2013 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 2014 if (!hapd->conf->wds_sta) 2015 return; 2016 2017 if (wds && !(sta->flags & WLAN_STA_WDS)) { 2018 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 2019 "STA " MACSTR " (aid %u)", 2020 MAC2STR(sta->addr), sta->aid); 2021 sta->flags |= WLAN_STA_WDS; 2022 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 2023 } 2024 return; 2025 } 2026 2027 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 2028 MACSTR, MAC2STR(src)); 2029 if (src[0] & 0x01) { 2030 /* Broadcast bit set in SA?! Ignore the frame silently. */ 2031 return; 2032 } 2033 2034 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 2035 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 2036 "already been sent, but no TX status yet known - " 2037 "ignore Class 3 frame issue with " MACSTR, 2038 MAC2STR(src)); 2039 return; 2040 } 2041 2042 if (sta && (sta->flags & WLAN_STA_AUTH)) 2043 hostapd_drv_sta_disassoc( 2044 hapd, src, 2045 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2046 else 2047 hostapd_drv_sta_deauth( 2048 hapd, src, 2049 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2050} 2051 2052 2053#endif /* CONFIG_NATIVE_WINDOWS */ 2054