ieee802_11.c revision f21452aea786ac056eb01f1cbba4f553bd502747
1/* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#ifndef CONFIG_NATIVE_WINDOWS 12 13#include "utils/common.h" 14#include "utils/eloop.h" 15#include "crypto/crypto.h" 16#include "crypto/sha256.h" 17#include "crypto/random.h" 18#include "common/ieee802_11_defs.h" 19#include "common/ieee802_11_common.h" 20#include "common/wpa_ctrl.h" 21#include "common/sae.h" 22#include "radius/radius.h" 23#include "radius/radius_client.h" 24#include "p2p/p2p.h" 25#include "wps/wps.h" 26#include "hostapd.h" 27#include "beacon.h" 28#include "ieee802_11_auth.h" 29#include "sta_info.h" 30#include "ieee802_1x.h" 31#include "wpa_auth.h" 32#include "wmm.h" 33#include "ap_list.h" 34#include "accounting.h" 35#include "ap_config.h" 36#include "ap_mlme.h" 37#include "p2p_hostapd.h" 38#include "ap_drv_ops.h" 39#include "wnm_ap.h" 40#include "ieee802_11.h" 41#include "dfs.h" 42 43 44u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 45{ 46 u8 *pos = eid; 47 int i, num, count; 48 49 if (hapd->iface->current_rates == NULL) 50 return eid; 51 52 *pos++ = WLAN_EID_SUPP_RATES; 53 num = hapd->iface->num_rates; 54 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 55 num++; 56 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 57 num++; 58 if (num > 8) { 59 /* rest of the rates are encoded in Extended supported 60 * rates element */ 61 num = 8; 62 } 63 64 *pos++ = num; 65 count = 0; 66 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 67 i++) { 68 count++; 69 *pos = hapd->iface->current_rates[i].rate / 5; 70 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 71 *pos |= 0x80; 72 pos++; 73 } 74 75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 76 count++; 77 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 78 } 79 80 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 81 count++; 82 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 83 } 84 85 return pos; 86} 87 88 89u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 90{ 91 u8 *pos = eid; 92 int i, num, count; 93 94 if (hapd->iface->current_rates == NULL) 95 return eid; 96 97 num = hapd->iface->num_rates; 98 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 99 num++; 100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 101 num++; 102 if (num <= 8) 103 return eid; 104 num -= 8; 105 106 *pos++ = WLAN_EID_EXT_SUPP_RATES; 107 *pos++ = num; 108 count = 0; 109 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 110 i++) { 111 count++; 112 if (count <= 8) 113 continue; /* already in SuppRates IE */ 114 *pos = hapd->iface->current_rates[i].rate / 5; 115 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 116 *pos |= 0x80; 117 pos++; 118 } 119 120 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 121 count++; 122 if (count > 8) 123 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 124 } 125 126 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 127 count++; 128 if (count > 8) 129 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 130 } 131 132 return pos; 133} 134 135 136u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 137 int probe) 138{ 139 int capab = WLAN_CAPABILITY_ESS; 140 int privacy; 141 int dfs; 142 143 /* Check if any of configured channels require DFS */ 144 dfs = hostapd_is_dfs_required(hapd->iface); 145 if (dfs < 0) { 146 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 147 dfs); 148 dfs = 0; 149 } 150 151 if (hapd->iface->num_sta_no_short_preamble == 0 && 152 hapd->iconf->preamble == SHORT_PREAMBLE) 153 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 154 155 privacy = hapd->conf->ssid.wep.keys_set; 156 157 if (hapd->conf->ieee802_1x && 158 (hapd->conf->default_wep_key_len || 159 hapd->conf->individual_wep_key_len)) 160 privacy = 1; 161 162 if (hapd->conf->wpa) 163 privacy = 1; 164 165#ifdef CONFIG_HS20 166 if (hapd->conf->osen) 167 privacy = 1; 168#endif /* CONFIG_HS20 */ 169 170 if (sta) { 171 int policy, def_klen; 172 if (probe && sta->ssid_probe) { 173 policy = sta->ssid_probe->security_policy; 174 def_klen = sta->ssid_probe->wep.default_len; 175 } else { 176 policy = sta->ssid->security_policy; 177 def_klen = sta->ssid->wep.default_len; 178 } 179 privacy = policy != SECURITY_PLAINTEXT; 180 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 181 privacy = 0; 182 } 183 184 if (privacy) 185 capab |= WLAN_CAPABILITY_PRIVACY; 186 187 if (hapd->iface->current_mode && 188 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 189 hapd->iface->num_sta_no_short_slot_time == 0) 190 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 191 192 /* 193 * Currently, Spectrum Management capability bit is set when directly 194 * requested in configuration by spectrum_mgmt_required or when AP is 195 * running on DFS channel. 196 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit 197 */ 198 if (hapd->iface->current_mode && 199 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A && 200 (hapd->iconf->spectrum_mgmt_required || dfs)) 201 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 202 203 return capab; 204} 205 206 207static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 208 u16 auth_transaction, const u8 *challenge, 209 int iswep) 210{ 211 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 212 HOSTAPD_LEVEL_DEBUG, 213 "authentication (shared key, transaction %d)", 214 auth_transaction); 215 216 if (auth_transaction == 1) { 217 if (!sta->challenge) { 218 /* Generate a pseudo-random challenge */ 219 u8 key[8]; 220 struct os_time now; 221 int r; 222 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 223 if (sta->challenge == NULL) 224 return WLAN_STATUS_UNSPECIFIED_FAILURE; 225 226 os_get_time(&now); 227 r = os_random(); 228 os_memcpy(key, &now.sec, 4); 229 os_memcpy(key + 4, &r, 4); 230 rc4_skip(key, sizeof(key), 0, 231 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 232 } 233 return 0; 234 } 235 236 if (auth_transaction != 3) 237 return WLAN_STATUS_UNSPECIFIED_FAILURE; 238 239 /* Transaction 3 */ 240 if (!iswep || !sta->challenge || !challenge || 241 os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { 242 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 243 HOSTAPD_LEVEL_INFO, 244 "shared key authentication - invalid " 245 "challenge-response"); 246 return WLAN_STATUS_CHALLENGE_FAIL; 247 } 248 249 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 250 HOSTAPD_LEVEL_DEBUG, 251 "authentication OK (shared key)"); 252 sta->flags |= WLAN_STA_AUTH; 253 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 254 os_free(sta->challenge); 255 sta->challenge = NULL; 256 257 return 0; 258} 259 260 261static void send_auth_reply(struct hostapd_data *hapd, 262 const u8 *dst, const u8 *bssid, 263 u16 auth_alg, u16 auth_transaction, u16 resp, 264 const u8 *ies, size_t ies_len) 265{ 266 struct ieee80211_mgmt *reply; 267 u8 *buf; 268 size_t rlen; 269 270 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 271 buf = os_zalloc(rlen); 272 if (buf == NULL) 273 return; 274 275 reply = (struct ieee80211_mgmt *) buf; 276 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 277 WLAN_FC_STYPE_AUTH); 278 os_memcpy(reply->da, dst, ETH_ALEN); 279 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 280 os_memcpy(reply->bssid, bssid, ETH_ALEN); 281 282 reply->u.auth.auth_alg = host_to_le16(auth_alg); 283 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 284 reply->u.auth.status_code = host_to_le16(resp); 285 286 if (ies && ies_len) 287 os_memcpy(reply->u.auth.variable, ies, ies_len); 288 289 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 290 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 291 MAC2STR(dst), auth_alg, auth_transaction, 292 resp, (unsigned long) ies_len); 293 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 294 wpa_printf(MSG_INFO, "send_auth_reply: send"); 295 296 os_free(buf); 297} 298 299 300#ifdef CONFIG_IEEE80211R 301static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 302 u16 auth_transaction, u16 status, 303 const u8 *ies, size_t ies_len) 304{ 305 struct hostapd_data *hapd = ctx; 306 struct sta_info *sta; 307 308 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 309 status, ies, ies_len); 310 311 if (status != WLAN_STATUS_SUCCESS) 312 return; 313 314 sta = ap_get_sta(hapd, dst); 315 if (sta == NULL) 316 return; 317 318 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 319 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 320 sta->flags |= WLAN_STA_AUTH; 321 mlme_authenticate_indication(hapd, sta); 322} 323#endif /* CONFIG_IEEE80211R */ 324 325 326#ifdef CONFIG_SAE 327 328static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd, 329 struct sta_info *sta) 330{ 331 struct wpabuf *buf; 332 333 if (hapd->conf->ssid.wpa_passphrase == NULL) { 334 wpa_printf(MSG_DEBUG, "SAE: No password available"); 335 return NULL; 336 } 337 338 if (sae_prepare_commit(hapd->own_addr, sta->addr, 339 (u8 *) hapd->conf->ssid.wpa_passphrase, 340 os_strlen(hapd->conf->ssid.wpa_passphrase), 341 sta->sae) < 0) { 342 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 343 return NULL; 344 } 345 346 if (sae_process_commit(sta->sae) < 0) { 347 wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); 348 return NULL; 349 } 350 351 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 352 if (buf == NULL) 353 return NULL; 354 sae_write_commit(sta->sae, buf, NULL); 355 356 return buf; 357} 358 359 360static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 361 struct sta_info *sta) 362{ 363 struct wpabuf *buf; 364 365 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 366 if (buf == NULL) 367 return NULL; 368 369 sae_write_confirm(sta->sae, buf); 370 371 return buf; 372} 373 374 375static int use_sae_anti_clogging(struct hostapd_data *hapd) 376{ 377 struct sta_info *sta; 378 unsigned int open = 0; 379 380 if (hapd->conf->sae_anti_clogging_threshold == 0) 381 return 1; 382 383 for (sta = hapd->sta_list; sta; sta = sta->next) { 384 if (!sta->sae) 385 continue; 386 if (sta->sae->state != SAE_COMMITTED && 387 sta->sae->state != SAE_CONFIRMED) 388 continue; 389 open++; 390 if (open >= hapd->conf->sae_anti_clogging_threshold) 391 return 1; 392 } 393 394 return 0; 395} 396 397 398static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 399 const u8 *token, size_t token_len) 400{ 401 u8 mac[SHA256_MAC_LEN]; 402 403 if (token_len != SHA256_MAC_LEN) 404 return -1; 405 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 406 addr, ETH_ALEN, mac) < 0 || 407 os_memcmp(token, mac, SHA256_MAC_LEN) != 0) 408 return -1; 409 410 return 0; 411} 412 413 414static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 415 const u8 *addr) 416{ 417 struct wpabuf *buf; 418 u8 *token; 419 struct os_reltime now; 420 421 os_get_reltime(&now); 422 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) || 423 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) { 424 if (random_get_bytes(hapd->sae_token_key, 425 sizeof(hapd->sae_token_key)) < 0) 426 return NULL; 427 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 428 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 429 hapd->last_sae_token_key_update = now; 430 } 431 432 buf = wpabuf_alloc(SHA256_MAC_LEN); 433 if (buf == NULL) 434 return NULL; 435 436 token = wpabuf_put(buf, SHA256_MAC_LEN); 437 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 438 addr, ETH_ALEN, token); 439 440 return buf; 441} 442 443 444static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 445 const struct ieee80211_mgmt *mgmt, size_t len, 446 u8 auth_transaction) 447{ 448 u16 resp = WLAN_STATUS_SUCCESS; 449 struct wpabuf *data = NULL; 450 451 if (!sta->sae) { 452 if (auth_transaction != 1) 453 return; 454 sta->sae = os_zalloc(sizeof(*sta->sae)); 455 if (sta->sae == NULL) 456 return; 457 sta->sae->state = SAE_NOTHING; 458 } 459 460 if (auth_transaction == 1) { 461 const u8 *token = NULL; 462 size_t token_len = 0; 463 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 464 HOSTAPD_LEVEL_DEBUG, 465 "start SAE authentication (RX commit)"); 466 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 467 ((const u8 *) mgmt) + len - 468 mgmt->u.auth.variable, &token, 469 &token_len, hapd->conf->sae_groups); 470 if (token && check_sae_token(hapd, sta->addr, token, token_len) 471 < 0) { 472 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 473 "incorrect token from " MACSTR, 474 MAC2STR(sta->addr)); 475 return; 476 } 477 478 if (resp == WLAN_STATUS_SUCCESS) { 479 if (!token && use_sae_anti_clogging(hapd)) { 480 wpa_printf(MSG_DEBUG, "SAE: Request anti-" 481 "clogging token from " MACSTR, 482 MAC2STR(sta->addr)); 483 data = auth_build_token_req(hapd, sta->addr); 484 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 485 } else { 486 data = auth_process_sae_commit(hapd, sta); 487 if (data == NULL) 488 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 489 else 490 sta->sae->state = SAE_COMMITTED; 491 } 492 } 493 } else if (auth_transaction == 2) { 494 if (sta->sae->state != SAE_COMMITTED) { 495 hostapd_logger(hapd, sta->addr, 496 HOSTAPD_MODULE_IEEE80211, 497 HOSTAPD_LEVEL_DEBUG, 498 "SAE confirm before commit"); 499 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 500 goto failed; 501 } 502 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 503 HOSTAPD_LEVEL_DEBUG, 504 "SAE authentication (RX confirm)"); 505 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 506 ((u8 *) mgmt) + len - 507 mgmt->u.auth.variable) < 0) { 508 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 509 } else { 510 resp = WLAN_STATUS_SUCCESS; 511 sta->flags |= WLAN_STA_AUTH; 512 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 513 sta->auth_alg = WLAN_AUTH_SAE; 514 mlme_authenticate_indication(hapd, sta); 515 516 data = auth_build_sae_confirm(hapd, sta); 517 if (data == NULL) 518 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 519 else { 520 sta->sae->state = SAE_ACCEPTED; 521 sae_clear_temp_data(sta->sae); 522 } 523 } 524 } else { 525 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 526 HOSTAPD_LEVEL_DEBUG, 527 "unexpected SAE authentication transaction %u", 528 auth_transaction); 529 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 530 } 531 532failed: 533 sta->auth_alg = WLAN_AUTH_SAE; 534 535 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 536 auth_transaction, resp, 537 data ? wpabuf_head(data) : (u8 *) "", 538 data ? wpabuf_len(data) : 0); 539 wpabuf_free(data); 540} 541#endif /* CONFIG_SAE */ 542 543 544static void handle_auth(struct hostapd_data *hapd, 545 const struct ieee80211_mgmt *mgmt, size_t len) 546{ 547 u16 auth_alg, auth_transaction, status_code; 548 u16 resp = WLAN_STATUS_SUCCESS; 549 struct sta_info *sta = NULL; 550 int res; 551 u16 fc; 552 const u8 *challenge = NULL; 553 u32 session_timeout, acct_interim_interval; 554 int vlan_id = 0; 555 struct hostapd_sta_wpa_psk_short *psk = NULL; 556 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 557 size_t resp_ies_len = 0; 558 char *identity = NULL; 559 char *radius_cui = NULL; 560 561 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 562 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", 563 (unsigned long) len); 564 return; 565 } 566 567#ifdef CONFIG_TESTING_OPTIONS 568 if (hapd->iconf->ignore_auth_probability > 0.0d && 569 drand48() < hapd->iconf->ignore_auth_probability) { 570 wpa_printf(MSG_INFO, 571 "TESTING: ignoring auth frame from " MACSTR, 572 MAC2STR(mgmt->sa)); 573 return; 574 } 575#endif /* CONFIG_TESTING_OPTIONS */ 576 577 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 578 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 579 status_code = le_to_host16(mgmt->u.auth.status_code); 580 fc = le_to_host16(mgmt->frame_control); 581 582 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 583 2 + WLAN_AUTH_CHALLENGE_LEN && 584 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 585 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 586 challenge = &mgmt->u.auth.variable[2]; 587 588 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 589 "auth_transaction=%d status_code=%d wep=%d%s", 590 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 591 status_code, !!(fc & WLAN_FC_ISWEP), 592 challenge ? " challenge" : ""); 593 594 if (hapd->tkip_countermeasures) { 595 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 596 goto fail; 597 } 598 599 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 600 auth_alg == WLAN_AUTH_OPEN) || 601#ifdef CONFIG_IEEE80211R 602 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 603 auth_alg == WLAN_AUTH_FT) || 604#endif /* CONFIG_IEEE80211R */ 605#ifdef CONFIG_SAE 606 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 607 auth_alg == WLAN_AUTH_SAE) || 608#endif /* CONFIG_SAE */ 609 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 610 auth_alg == WLAN_AUTH_SHARED_KEY))) { 611 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)", 612 auth_alg); 613 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 614 goto fail; 615 } 616 617 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 618 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 619 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)", 620 auth_transaction); 621 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 622 goto fail; 623 } 624 625 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 626 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 627 MAC2STR(mgmt->sa)); 628 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 629 goto fail; 630 } 631 632 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 633 &session_timeout, 634 &acct_interim_interval, &vlan_id, 635 &psk, &identity, &radius_cui); 636 637 if (res == HOSTAPD_ACL_REJECT) { 638 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 639 MAC2STR(mgmt->sa)); 640 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 641 goto fail; 642 } 643 if (res == HOSTAPD_ACL_PENDING) { 644 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 645 " waiting for an external authentication", 646 MAC2STR(mgmt->sa)); 647 /* Authentication code will re-send the authentication frame 648 * after it has received (and cached) information from the 649 * external source. */ 650 return; 651 } 652 653 sta = ap_sta_add(hapd, mgmt->sa); 654 if (!sta) { 655 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 656 goto fail; 657 } 658 659 if (vlan_id > 0) { 660 if (!hostapd_vlan_id_valid(hapd->conf->vlan, vlan_id)) { 661 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 662 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 663 "%d received from RADIUS server", 664 vlan_id); 665 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 666 goto fail; 667 } 668 sta->vlan_id = vlan_id; 669 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 670 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 671 } 672 673 hostapd_free_psk_list(sta->psk); 674 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 675 sta->psk = psk; 676 psk = NULL; 677 } else { 678 sta->psk = NULL; 679 } 680 681 sta->identity = identity; 682 identity = NULL; 683 sta->radius_cui = radius_cui; 684 radius_cui = NULL; 685 686 sta->flags &= ~WLAN_STA_PREAUTH; 687 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 688 689 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 690 sta->acct_interim_interval = acct_interim_interval; 691 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 692 ap_sta_session_timeout(hapd, sta, session_timeout); 693 else 694 ap_sta_no_session_timeout(hapd, sta); 695 696 switch (auth_alg) { 697 case WLAN_AUTH_OPEN: 698 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 699 HOSTAPD_LEVEL_DEBUG, 700 "authentication OK (open system)"); 701 sta->flags |= WLAN_STA_AUTH; 702 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 703 sta->auth_alg = WLAN_AUTH_OPEN; 704 mlme_authenticate_indication(hapd, sta); 705 break; 706 case WLAN_AUTH_SHARED_KEY: 707 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 708 fc & WLAN_FC_ISWEP); 709 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 710 mlme_authenticate_indication(hapd, sta); 711 if (sta->challenge && auth_transaction == 1) { 712 resp_ies[0] = WLAN_EID_CHALLENGE; 713 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 714 os_memcpy(resp_ies + 2, sta->challenge, 715 WLAN_AUTH_CHALLENGE_LEN); 716 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 717 } 718 break; 719#ifdef CONFIG_IEEE80211R 720 case WLAN_AUTH_FT: 721 sta->auth_alg = WLAN_AUTH_FT; 722 if (sta->wpa_sm == NULL) 723 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 724 sta->addr, NULL); 725 if (sta->wpa_sm == NULL) { 726 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 727 "state machine"); 728 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 729 goto fail; 730 } 731 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 732 auth_transaction, mgmt->u.auth.variable, 733 len - IEEE80211_HDRLEN - 734 sizeof(mgmt->u.auth), 735 handle_auth_ft_finish, hapd); 736 /* handle_auth_ft_finish() callback will complete auth. */ 737 return; 738#endif /* CONFIG_IEEE80211R */ 739#ifdef CONFIG_SAE 740 case WLAN_AUTH_SAE: 741 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction); 742 return; 743#endif /* CONFIG_SAE */ 744 } 745 746 fail: 747 os_free(identity); 748 os_free(radius_cui); 749 hostapd_free_psk_list(psk); 750 751 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 752 auth_transaction + 1, resp, resp_ies, resp_ies_len); 753} 754 755 756static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 757{ 758 int i, j = 32, aid; 759 760 /* get a unique AID */ 761 if (sta->aid > 0) { 762 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 763 return 0; 764 } 765 766 for (i = 0; i < AID_WORDS; i++) { 767 if (hapd->sta_aid[i] == (u32) -1) 768 continue; 769 for (j = 0; j < 32; j++) { 770 if (!(hapd->sta_aid[i] & BIT(j))) 771 break; 772 } 773 if (j < 32) 774 break; 775 } 776 if (j == 32) 777 return -1; 778 aid = i * 32 + j + 1; 779 if (aid > 2007) 780 return -1; 781 782 sta->aid = aid; 783 hapd->sta_aid[i] |= BIT(j); 784 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 785 return 0; 786} 787 788 789static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 790 const u8 *ssid_ie, size_t ssid_ie_len) 791{ 792 if (ssid_ie == NULL) 793 return WLAN_STATUS_UNSPECIFIED_FAILURE; 794 795 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 796 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 797 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 798 HOSTAPD_LEVEL_INFO, 799 "Station tried to associate with unknown SSID " 800 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len)); 801 return WLAN_STATUS_UNSPECIFIED_FAILURE; 802 } 803 804 return WLAN_STATUS_SUCCESS; 805} 806 807 808static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 809 const u8 *wmm_ie, size_t wmm_ie_len) 810{ 811 sta->flags &= ~WLAN_STA_WMM; 812 sta->qosinfo = 0; 813 if (wmm_ie && hapd->conf->wmm_enabled) { 814 struct wmm_information_element *wmm; 815 816 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 817 hostapd_logger(hapd, sta->addr, 818 HOSTAPD_MODULE_WPA, 819 HOSTAPD_LEVEL_DEBUG, 820 "invalid WMM element in association " 821 "request"); 822 return WLAN_STATUS_UNSPECIFIED_FAILURE; 823 } 824 825 sta->flags |= WLAN_STA_WMM; 826 wmm = (struct wmm_information_element *) wmm_ie; 827 sta->qosinfo = wmm->qos_info; 828 } 829 return WLAN_STATUS_SUCCESS; 830} 831 832 833static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 834 struct ieee802_11_elems *elems) 835{ 836 if (!elems->supp_rates) { 837 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 838 HOSTAPD_LEVEL_DEBUG, 839 "No supported rates element in AssocReq"); 840 return WLAN_STATUS_UNSPECIFIED_FAILURE; 841 } 842 843 if (elems->supp_rates_len + elems->ext_supp_rates_len > 844 sizeof(sta->supported_rates)) { 845 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 846 HOSTAPD_LEVEL_DEBUG, 847 "Invalid supported rates element length %d+%d", 848 elems->supp_rates_len, 849 elems->ext_supp_rates_len); 850 return WLAN_STATUS_UNSPECIFIED_FAILURE; 851 } 852 853 sta->supported_rates_len = merge_byte_arrays( 854 sta->supported_rates, sizeof(sta->supported_rates), 855 elems->supp_rates, elems->supp_rates_len, 856 elems->ext_supp_rates, elems->ext_supp_rates_len); 857 858 return WLAN_STATUS_SUCCESS; 859} 860 861 862static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, 863 const u8 *ext_capab_ie, size_t ext_capab_ie_len) 864{ 865#ifdef CONFIG_INTERWORKING 866 /* check for QoS Map support */ 867 if (ext_capab_ie_len >= 5) { 868 if (ext_capab_ie[4] & 0x01) 869 sta->qos_map_enabled = 1; 870 } 871#endif /* CONFIG_INTERWORKING */ 872 873 return WLAN_STATUS_SUCCESS; 874} 875 876 877static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 878 const u8 *ies, size_t ies_len, int reassoc) 879{ 880 struct ieee802_11_elems elems; 881 u16 resp; 882 const u8 *wpa_ie; 883 size_t wpa_ie_len; 884 const u8 *p2p_dev_addr = NULL; 885 886 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 887 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 888 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 889 "association request"); 890 return WLAN_STATUS_UNSPECIFIED_FAILURE; 891 } 892 893 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 894 if (resp != WLAN_STATUS_SUCCESS) 895 return resp; 896 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 897 if (resp != WLAN_STATUS_SUCCESS) 898 return resp; 899 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len); 900 if (resp != WLAN_STATUS_SUCCESS) 901 return resp; 902 resp = copy_supp_rates(hapd, sta, &elems); 903 if (resp != WLAN_STATUS_SUCCESS) 904 return resp; 905#ifdef CONFIG_IEEE80211N 906 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 907 elems.ht_capabilities_len); 908 if (resp != WLAN_STATUS_SUCCESS) 909 return resp; 910 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 911 !(sta->flags & WLAN_STA_HT)) { 912 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 913 HOSTAPD_LEVEL_INFO, "Station does not support " 914 "mandatory HT PHY - reject association"); 915 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 916 } 917#endif /* CONFIG_IEEE80211N */ 918 919#ifdef CONFIG_IEEE80211AC 920 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities, 921 elems.vht_capabilities_len); 922 if (resp != WLAN_STATUS_SUCCESS) 923 return resp; 924 925 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif); 926 if (resp != WLAN_STATUS_SUCCESS) 927 return resp; 928 929 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 930 !(sta->flags & WLAN_STA_VHT)) { 931 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 932 HOSTAPD_LEVEL_INFO, "Station does not support " 933 "mandatory VHT PHY - reject association"); 934 return WLAN_STATUS_ASSOC_DENIED_NO_VHT; 935 } 936#endif /* CONFIG_IEEE80211AC */ 937 938#ifdef CONFIG_P2P 939 if (elems.p2p) { 940 wpabuf_free(sta->p2p_ie); 941 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 942 P2P_IE_VENDOR_TYPE); 943 if (sta->p2p_ie) 944 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 945 } else { 946 wpabuf_free(sta->p2p_ie); 947 sta->p2p_ie = NULL; 948 } 949#endif /* CONFIG_P2P */ 950 951 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 952 wpa_ie = elems.rsn_ie; 953 wpa_ie_len = elems.rsn_ie_len; 954 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 955 elems.wpa_ie) { 956 wpa_ie = elems.wpa_ie; 957 wpa_ie_len = elems.wpa_ie_len; 958 } else { 959 wpa_ie = NULL; 960 wpa_ie_len = 0; 961 } 962 963#ifdef CONFIG_WPS 964 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 965 if (hapd->conf->wps_state && elems.wps_ie) { 966 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 967 "Request - assume WPS is used"); 968 sta->flags |= WLAN_STA_WPS; 969 wpabuf_free(sta->wps_ie); 970 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 971 WPS_IE_VENDOR_TYPE); 972 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 973 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 974 sta->flags |= WLAN_STA_WPS2; 975 } 976 wpa_ie = NULL; 977 wpa_ie_len = 0; 978 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 979 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 980 "(Re)Association Request - reject"); 981 return WLAN_STATUS_INVALID_IE; 982 } 983 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 984 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 985 "(Re)Association Request - possible WPS use"); 986 sta->flags |= WLAN_STA_MAYBE_WPS; 987 } else 988#endif /* CONFIG_WPS */ 989 if (hapd->conf->wpa && wpa_ie == NULL) { 990 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 991 HOSTAPD_LEVEL_INFO, 992 "No WPA/RSN IE in association request"); 993 return WLAN_STATUS_INVALID_IE; 994 } 995 996 if (hapd->conf->wpa && wpa_ie) { 997 int res; 998 wpa_ie -= 2; 999 wpa_ie_len += 2; 1000 if (sta->wpa_sm == NULL) 1001 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1002 sta->addr, 1003 p2p_dev_addr); 1004 if (sta->wpa_sm == NULL) { 1005 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1006 "state machine"); 1007 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1008 } 1009 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 1010 wpa_ie, wpa_ie_len, 1011 elems.mdie, elems.mdie_len); 1012 if (res == WPA_INVALID_GROUP) 1013 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 1014 else if (res == WPA_INVALID_PAIRWISE) 1015 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 1016 else if (res == WPA_INVALID_AKMP) 1017 resp = WLAN_STATUS_AKMP_NOT_VALID; 1018 else if (res == WPA_ALLOC_FAIL) 1019 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1020#ifdef CONFIG_IEEE80211W 1021 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 1022 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1023 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 1024 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1025#endif /* CONFIG_IEEE80211W */ 1026 else if (res == WPA_INVALID_MDIE) 1027 resp = WLAN_STATUS_INVALID_MDIE; 1028 else if (res != WPA_IE_OK) 1029 resp = WLAN_STATUS_INVALID_IE; 1030 if (resp != WLAN_STATUS_SUCCESS) 1031 return resp; 1032#ifdef CONFIG_IEEE80211W 1033 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1034 sta->sa_query_count > 0) 1035 ap_check_sa_query_timeout(hapd, sta); 1036 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1037 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 1038 /* 1039 * STA has already been associated with MFP and SA 1040 * Query timeout has not been reached. Reject the 1041 * association attempt temporarily and start SA Query, 1042 * if one is not pending. 1043 */ 1044 1045 if (sta->sa_query_count == 0) 1046 ap_sta_start_sa_query(hapd, sta); 1047 1048 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1049 } 1050 1051 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1052 sta->flags |= WLAN_STA_MFP; 1053 else 1054 sta->flags &= ~WLAN_STA_MFP; 1055#endif /* CONFIG_IEEE80211W */ 1056 1057#ifdef CONFIG_IEEE80211R 1058 if (sta->auth_alg == WLAN_AUTH_FT) { 1059 if (!reassoc) { 1060 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1061 "to use association (not " 1062 "re-association) with FT auth_alg", 1063 MAC2STR(sta->addr)); 1064 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1065 } 1066 1067 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1068 ies_len); 1069 if (resp != WLAN_STATUS_SUCCESS) 1070 return resp; 1071 } 1072#endif /* CONFIG_IEEE80211R */ 1073 1074#ifdef CONFIG_SAE 1075 if (wpa_auth_uses_sae(sta->wpa_sm) && 1076 sta->auth_alg != WLAN_AUTH_SAE && 1077 !(sta->auth_alg == WLAN_AUTH_FT && 1078 wpa_auth_uses_ft_sae(sta->wpa_sm))) { 1079 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1080 "SAE AKM after non-SAE auth_alg %u", 1081 MAC2STR(sta->addr), sta->auth_alg); 1082 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1083 } 1084#endif /* CONFIG_SAE */ 1085 1086#ifdef CONFIG_IEEE80211N 1087 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1088 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1089 hostapd_logger(hapd, sta->addr, 1090 HOSTAPD_MODULE_IEEE80211, 1091 HOSTAPD_LEVEL_INFO, 1092 "Station tried to use TKIP with HT " 1093 "association"); 1094 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1095 } 1096#endif /* CONFIG_IEEE80211N */ 1097#ifdef CONFIG_HS20 1098 } else if (hapd->conf->osen) { 1099 if (elems.osen == NULL) { 1100 hostapd_logger( 1101 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1102 HOSTAPD_LEVEL_INFO, 1103 "No HS 2.0 OSEN element in association request"); 1104 return WLAN_STATUS_INVALID_IE; 1105 } 1106 1107 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association"); 1108 if (sta->wpa_sm == NULL) 1109 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1110 sta->addr, NULL); 1111 if (sta->wpa_sm == NULL) { 1112 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1113 "state machine"); 1114 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1115 } 1116 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm, 1117 elems.osen - 2, elems.osen_len + 2) < 0) 1118 return WLAN_STATUS_INVALID_IE; 1119#endif /* CONFIG_HS20 */ 1120 } else 1121 wpa_auth_sta_no_wpa(sta->wpa_sm); 1122 1123#ifdef CONFIG_P2P 1124 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1125#endif /* CONFIG_P2P */ 1126 1127#ifdef CONFIG_HS20 1128 wpabuf_free(sta->hs20_ie); 1129 if (elems.hs20 && elems.hs20_len > 4) { 1130 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1131 elems.hs20_len - 4); 1132 } else 1133 sta->hs20_ie = NULL; 1134#endif /* CONFIG_HS20 */ 1135 1136 return WLAN_STATUS_SUCCESS; 1137} 1138 1139 1140static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1141 u16 reason_code) 1142{ 1143 int send_len; 1144 struct ieee80211_mgmt reply; 1145 1146 os_memset(&reply, 0, sizeof(reply)); 1147 reply.frame_control = 1148 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1149 os_memcpy(reply.da, addr, ETH_ALEN); 1150 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1151 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1152 1153 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1154 reply.u.deauth.reason_code = host_to_le16(reason_code); 1155 1156 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1157 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1158 strerror(errno)); 1159} 1160 1161 1162static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1163 u16 status_code, int reassoc, const u8 *ies, 1164 size_t ies_len) 1165{ 1166 int send_len; 1167 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1168 struct ieee80211_mgmt *reply; 1169 u8 *p; 1170 1171 os_memset(buf, 0, sizeof(buf)); 1172 reply = (struct ieee80211_mgmt *) buf; 1173 reply->frame_control = 1174 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1175 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1176 WLAN_FC_STYPE_ASSOC_RESP)); 1177 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1178 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1179 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1180 1181 send_len = IEEE80211_HDRLEN; 1182 send_len += sizeof(reply->u.assoc_resp); 1183 reply->u.assoc_resp.capab_info = 1184 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 1185 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1186 reply->u.assoc_resp.aid = host_to_le16(sta->aid | BIT(14) | BIT(15)); 1187 /* Supported rates */ 1188 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1189 /* Extended supported rates */ 1190 p = hostapd_eid_ext_supp_rates(hapd, p); 1191 1192#ifdef CONFIG_IEEE80211R 1193 if (status_code == WLAN_STATUS_SUCCESS) { 1194 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1195 * Transition Information, RSN, [RIC Response] */ 1196 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1197 buf + sizeof(buf) - p, 1198 sta->auth_alg, ies, ies_len); 1199 } 1200#endif /* CONFIG_IEEE80211R */ 1201 1202#ifdef CONFIG_IEEE80211W 1203 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1204 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1205#endif /* CONFIG_IEEE80211W */ 1206 1207#ifdef CONFIG_IEEE80211N 1208 p = hostapd_eid_ht_capabilities(hapd, p); 1209 p = hostapd_eid_ht_operation(hapd, p); 1210#endif /* CONFIG_IEEE80211N */ 1211 1212#ifdef CONFIG_IEEE80211AC 1213 p = hostapd_eid_vht_capabilities(hapd, p); 1214 p = hostapd_eid_vht_operation(hapd, p); 1215#endif /* CONFIG_IEEE80211AC */ 1216 1217 p = hostapd_eid_ext_capab(hapd, p); 1218 p = hostapd_eid_bss_max_idle_period(hapd, p); 1219 if (sta->qos_map_enabled) 1220 p = hostapd_eid_qos_map_set(hapd, p); 1221 1222 if (sta->flags & WLAN_STA_WMM) 1223 p = hostapd_eid_wmm(hapd, p); 1224 1225#ifdef CONFIG_WPS 1226 if ((sta->flags & WLAN_STA_WPS) || 1227 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1228 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1229 if (wps) { 1230 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1231 p += wpabuf_len(wps); 1232 wpabuf_free(wps); 1233 } 1234 } 1235#endif /* CONFIG_WPS */ 1236 1237#ifdef CONFIG_P2P 1238 if (sta->p2p_ie) { 1239 struct wpabuf *p2p_resp_ie; 1240 enum p2p_status_code status; 1241 switch (status_code) { 1242 case WLAN_STATUS_SUCCESS: 1243 status = P2P_SC_SUCCESS; 1244 break; 1245 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1246 status = P2P_SC_FAIL_LIMIT_REACHED; 1247 break; 1248 default: 1249 status = P2P_SC_FAIL_INVALID_PARAMS; 1250 break; 1251 } 1252 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1253 if (p2p_resp_ie) { 1254 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1255 wpabuf_len(p2p_resp_ie)); 1256 p += wpabuf_len(p2p_resp_ie); 1257 wpabuf_free(p2p_resp_ie); 1258 } 1259 } 1260#endif /* CONFIG_P2P */ 1261 1262#ifdef CONFIG_P2P_MANAGER 1263 if (hapd->conf->p2p & P2P_MANAGE) 1264 p = hostapd_eid_p2p_manage(hapd, p); 1265#endif /* CONFIG_P2P_MANAGER */ 1266 1267 send_len += p - reply->u.assoc_resp.variable; 1268 1269 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) 1270 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1271 strerror(errno)); 1272} 1273 1274 1275static void handle_assoc(struct hostapd_data *hapd, 1276 const struct ieee80211_mgmt *mgmt, size_t len, 1277 int reassoc) 1278{ 1279 u16 capab_info, listen_interval; 1280 u16 resp = WLAN_STATUS_SUCCESS; 1281 const u8 *pos; 1282 int left, i; 1283 struct sta_info *sta; 1284 1285 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1286 sizeof(mgmt->u.assoc_req))) { 1287 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)", 1288 reassoc, (unsigned long) len); 1289 return; 1290 } 1291 1292#ifdef CONFIG_TESTING_OPTIONS 1293 if (reassoc) { 1294 if (hapd->iconf->ignore_reassoc_probability > 0.0d && 1295 drand48() < hapd->iconf->ignore_reassoc_probability) { 1296 wpa_printf(MSG_INFO, 1297 "TESTING: ignoring reassoc request from " 1298 MACSTR, MAC2STR(mgmt->sa)); 1299 return; 1300 } 1301 } else { 1302 if (hapd->iconf->ignore_assoc_probability > 0.0d && 1303 drand48() < hapd->iconf->ignore_assoc_probability) { 1304 wpa_printf(MSG_INFO, 1305 "TESTING: ignoring assoc request from " 1306 MACSTR, MAC2STR(mgmt->sa)); 1307 return; 1308 } 1309 } 1310#endif /* CONFIG_TESTING_OPTIONS */ 1311 1312 if (reassoc) { 1313 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 1314 listen_interval = le_to_host16( 1315 mgmt->u.reassoc_req.listen_interval); 1316 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 1317 " capab_info=0x%02x listen_interval=%d current_ap=" 1318 MACSTR, 1319 MAC2STR(mgmt->sa), capab_info, listen_interval, 1320 MAC2STR(mgmt->u.reassoc_req.current_ap)); 1321 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 1322 pos = mgmt->u.reassoc_req.variable; 1323 } else { 1324 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 1325 listen_interval = le_to_host16( 1326 mgmt->u.assoc_req.listen_interval); 1327 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 1328 " capab_info=0x%02x listen_interval=%d", 1329 MAC2STR(mgmt->sa), capab_info, listen_interval); 1330 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 1331 pos = mgmt->u.assoc_req.variable; 1332 } 1333 1334 sta = ap_get_sta(hapd, mgmt->sa); 1335#ifdef CONFIG_IEEE80211R 1336 if (sta && sta->auth_alg == WLAN_AUTH_FT && 1337 (sta->flags & WLAN_STA_AUTH) == 0) { 1338 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 1339 "prior to authentication since it is using " 1340 "over-the-DS FT", MAC2STR(mgmt->sa)); 1341 } else 1342#endif /* CONFIG_IEEE80211R */ 1343 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1344 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1345 HOSTAPD_LEVEL_INFO, "Station tried to " 1346 "associate before authentication " 1347 "(aid=%d flags=0x%x)", 1348 sta ? sta->aid : -1, 1349 sta ? sta->flags : 0); 1350 send_deauth(hapd, mgmt->sa, 1351 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 1352 return; 1353 } 1354 1355 if (hapd->tkip_countermeasures) { 1356 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1357 goto fail; 1358 } 1359 1360 if (listen_interval > hapd->conf->max_listen_interval) { 1361 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1362 HOSTAPD_LEVEL_DEBUG, 1363 "Too large Listen Interval (%d)", 1364 listen_interval); 1365 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 1366 goto fail; 1367 } 1368 1369 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 1370 * is used */ 1371 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 1372 if (resp != WLAN_STATUS_SUCCESS) 1373 goto fail; 1374 1375 if (hostapd_get_aid(hapd, sta) < 0) { 1376 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1377 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1378 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1379 goto fail; 1380 } 1381 1382 sta->capability = capab_info; 1383 sta->listen_interval = listen_interval; 1384 1385 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1386 sta->flags |= WLAN_STA_NONERP; 1387 for (i = 0; i < sta->supported_rates_len; i++) { 1388 if ((sta->supported_rates[i] & 0x7f) > 22) { 1389 sta->flags &= ~WLAN_STA_NONERP; 1390 break; 1391 } 1392 } 1393 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1394 sta->nonerp_set = 1; 1395 hapd->iface->num_sta_non_erp++; 1396 if (hapd->iface->num_sta_non_erp == 1) 1397 ieee802_11_set_beacons(hapd->iface); 1398 } 1399 1400 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1401 !sta->no_short_slot_time_set) { 1402 sta->no_short_slot_time_set = 1; 1403 hapd->iface->num_sta_no_short_slot_time++; 1404 if (hapd->iface->current_mode->mode == 1405 HOSTAPD_MODE_IEEE80211G && 1406 hapd->iface->num_sta_no_short_slot_time == 1) 1407 ieee802_11_set_beacons(hapd->iface); 1408 } 1409 1410 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1411 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1412 else 1413 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1414 1415 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1416 !sta->no_short_preamble_set) { 1417 sta->no_short_preamble_set = 1; 1418 hapd->iface->num_sta_no_short_preamble++; 1419 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1420 && hapd->iface->num_sta_no_short_preamble == 1) 1421 ieee802_11_set_beacons(hapd->iface); 1422 } 1423 1424#ifdef CONFIG_IEEE80211N 1425 update_ht_state(hapd, sta); 1426#endif /* CONFIG_IEEE80211N */ 1427 1428 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1429 HOSTAPD_LEVEL_DEBUG, 1430 "association OK (aid %d)", sta->aid); 1431 /* Station will be marked associated, after it acknowledges AssocResp 1432 */ 1433 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1434 1435#ifdef CONFIG_IEEE80211W 1436 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1437 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1438 "SA Query procedure", reassoc ? "re" : ""); 1439 /* TODO: Send a protected Disassociate frame to the STA using 1440 * the old key and Reason Code "Previous Authentication no 1441 * longer valid". Make sure this is only sent protected since 1442 * unprotected frame would be received by the STA that is now 1443 * trying to associate. 1444 */ 1445 } 1446#endif /* CONFIG_IEEE80211W */ 1447 1448 if (reassoc) { 1449 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, 1450 ETH_ALEN); 1451 } 1452 1453 if (sta->last_assoc_req) 1454 os_free(sta->last_assoc_req); 1455 sta->last_assoc_req = os_malloc(len); 1456 if (sta->last_assoc_req) 1457 os_memcpy(sta->last_assoc_req, mgmt, len); 1458 1459 /* Make sure that the previously registered inactivity timer will not 1460 * remove the STA immediately. */ 1461 sta->timeout_next = STA_NULLFUNC; 1462 1463 fail: 1464 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1465} 1466 1467 1468static void handle_disassoc(struct hostapd_data *hapd, 1469 const struct ieee80211_mgmt *mgmt, size_t len) 1470{ 1471 struct sta_info *sta; 1472 1473 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1474 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)", 1475 (unsigned long) len); 1476 return; 1477 } 1478 1479 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1480 MAC2STR(mgmt->sa), 1481 le_to_host16(mgmt->u.disassoc.reason_code)); 1482 1483 sta = ap_get_sta(hapd, mgmt->sa); 1484 if (sta == NULL) { 1485 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated", 1486 MAC2STR(mgmt->sa)); 1487 return; 1488 } 1489 1490 ap_sta_set_authorized(hapd, sta, 0); 1491 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1492 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1493 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1494 HOSTAPD_LEVEL_INFO, "disassociated"); 1495 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1496 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1497 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1498 * authenticated. */ 1499 accounting_sta_stop(hapd, sta); 1500 ieee802_1x_free_station(sta); 1501 hostapd_drv_sta_remove(hapd, sta->addr); 1502 1503 if (sta->timeout_next == STA_NULLFUNC || 1504 sta->timeout_next == STA_DISASSOC) { 1505 sta->timeout_next = STA_DEAUTH; 1506 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1507 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1508 hapd, sta); 1509 } 1510 1511 mlme_disassociate_indication( 1512 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1513} 1514 1515 1516static void handle_deauth(struct hostapd_data *hapd, 1517 const struct ieee80211_mgmt *mgmt, size_t len) 1518{ 1519 struct sta_info *sta; 1520 1521 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1522 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1523 "payload (len=%lu)", (unsigned long) len); 1524 return; 1525 } 1526 1527 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1528 " reason_code=%d", 1529 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1530 1531 sta = ap_get_sta(hapd, mgmt->sa); 1532 if (sta == NULL) { 1533 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1534 "to deauthenticate, but it is not authenticated", 1535 MAC2STR(mgmt->sa)); 1536 return; 1537 } 1538 1539 ap_sta_set_authorized(hapd, sta, 0); 1540 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1541 WLAN_STA_ASSOC_REQ_OK); 1542 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1543 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1544 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1545 mlme_deauthenticate_indication( 1546 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1547 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1548 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1549 ap_free_sta(hapd, sta); 1550} 1551 1552 1553static void handle_beacon(struct hostapd_data *hapd, 1554 const struct ieee80211_mgmt *mgmt, size_t len, 1555 struct hostapd_frame_info *fi) 1556{ 1557 struct ieee802_11_elems elems; 1558 1559 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1560 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)", 1561 (unsigned long) len); 1562 return; 1563 } 1564 1565 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1566 len - (IEEE80211_HDRLEN + 1567 sizeof(mgmt->u.beacon)), &elems, 1568 0); 1569 1570 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1571} 1572 1573 1574#ifdef CONFIG_IEEE80211W 1575 1576static int hostapd_sa_query_action(struct hostapd_data *hapd, 1577 const struct ieee80211_mgmt *mgmt, 1578 size_t len) 1579{ 1580 const u8 *end; 1581 1582 end = mgmt->u.action.u.sa_query_resp.trans_id + 1583 WLAN_SA_QUERY_TR_ID_LEN; 1584 if (((u8 *) mgmt) + len < end) { 1585 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1586 "frame (len=%lu)", (unsigned long) len); 1587 return 0; 1588 } 1589 1590 ieee802_11_sa_query_action(hapd, mgmt->sa, 1591 mgmt->u.action.u.sa_query_resp.action, 1592 mgmt->u.action.u.sa_query_resp.trans_id); 1593 return 1; 1594} 1595 1596 1597static int robust_action_frame(u8 category) 1598{ 1599 return category != WLAN_ACTION_PUBLIC && 1600 category != WLAN_ACTION_HT; 1601} 1602#endif /* CONFIG_IEEE80211W */ 1603 1604 1605static int handle_action(struct hostapd_data *hapd, 1606 const struct ieee80211_mgmt *mgmt, size_t len) 1607{ 1608 struct sta_info *sta; 1609 sta = ap_get_sta(hapd, mgmt->sa); 1610 1611 if (len < IEEE80211_HDRLEN + 1) { 1612 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1613 HOSTAPD_LEVEL_DEBUG, 1614 "handle_action - too short payload (len=%lu)", 1615 (unsigned long) len); 1616 return 0; 1617 } 1618 1619 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 1620 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 1621 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 1622 "frame (category=%u) from unassociated STA " MACSTR, 1623 MAC2STR(mgmt->sa), mgmt->u.action.category); 1624 return 0; 1625 } 1626 1627#ifdef CONFIG_IEEE80211W 1628 if (sta && (sta->flags & WLAN_STA_MFP) && 1629 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) && 1630 robust_action_frame(mgmt->u.action.category)) { 1631 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1632 HOSTAPD_LEVEL_DEBUG, 1633 "Dropped unprotected Robust Action frame from " 1634 "an MFP STA"); 1635 return 0; 1636 } 1637#endif /* CONFIG_IEEE80211W */ 1638 1639 switch (mgmt->u.action.category) { 1640#ifdef CONFIG_IEEE80211R 1641 case WLAN_ACTION_FT: 1642 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1643 len - IEEE80211_HDRLEN)) 1644 break; 1645 return 1; 1646#endif /* CONFIG_IEEE80211R */ 1647 case WLAN_ACTION_WMM: 1648 hostapd_wmm_action(hapd, mgmt, len); 1649 return 1; 1650#ifdef CONFIG_IEEE80211W 1651 case WLAN_ACTION_SA_QUERY: 1652 return hostapd_sa_query_action(hapd, mgmt, len); 1653#endif /* CONFIG_IEEE80211W */ 1654#ifdef CONFIG_WNM 1655 case WLAN_ACTION_WNM: 1656 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len); 1657 return 1; 1658#endif /* CONFIG_WNM */ 1659 case WLAN_ACTION_PUBLIC: 1660 case WLAN_ACTION_PROTECTED_DUAL: 1661 if (hapd->public_action_cb) { 1662 hapd->public_action_cb(hapd->public_action_cb_ctx, 1663 (u8 *) mgmt, len, 1664 hapd->iface->freq); 1665 } 1666 if (hapd->public_action_cb2) { 1667 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 1668 (u8 *) mgmt, len, 1669 hapd->iface->freq); 1670 } 1671 if (hapd->public_action_cb || hapd->public_action_cb2) 1672 return 1; 1673 break; 1674 case WLAN_ACTION_VENDOR_SPECIFIC: 1675 if (hapd->vendor_action_cb) { 1676 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1677 (u8 *) mgmt, len, 1678 hapd->iface->freq) == 0) 1679 return 1; 1680 } 1681 break; 1682 } 1683 1684 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1685 HOSTAPD_LEVEL_DEBUG, 1686 "handle_action - unknown action category %d or invalid " 1687 "frame", 1688 mgmt->u.action.category); 1689 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1690 !(mgmt->sa[0] & 0x01)) { 1691 struct ieee80211_mgmt *resp; 1692 1693 /* 1694 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1695 * Return the Action frame to the source without change 1696 * except that MSB of the Category set to 1. 1697 */ 1698 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1699 "frame back to sender"); 1700 resp = os_malloc(len); 1701 if (resp == NULL) 1702 return 0; 1703 os_memcpy(resp, mgmt, len); 1704 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1705 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1706 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1707 resp->u.action.category |= 0x80; 1708 1709 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 1710 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 1711 "Action frame"); 1712 } 1713 os_free(resp); 1714 } 1715 1716 return 1; 1717} 1718 1719 1720/** 1721 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1722 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1723 * sent to) 1724 * @buf: management frame data (starting from IEEE 802.11 header) 1725 * @len: length of frame data in octets 1726 * @fi: meta data about received frame (signal level, etc.) 1727 * 1728 * Process all incoming IEEE 802.11 management frames. This will be called for 1729 * each frame received from the kernel driver through wlan#ap interface. In 1730 * addition, it can be called to re-inserted pending frames (e.g., when using 1731 * external RADIUS server as an MAC ACL). 1732 */ 1733int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1734 struct hostapd_frame_info *fi) 1735{ 1736 struct ieee80211_mgmt *mgmt; 1737 int broadcast; 1738 u16 fc, stype; 1739 int ret = 0; 1740 1741#ifdef CONFIG_TESTING_OPTIONS 1742 if (hapd->ext_mgmt_frame_handling) { 1743 size_t hex_len = 2 * len + 1; 1744 char *hex = os_malloc(hex_len); 1745 if (hex) { 1746 wpa_snprintf_hex(hex, hex_len, buf, len); 1747 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-RX %s", hex); 1748 os_free(hex); 1749 } 1750 return 1; 1751 } 1752#endif /* CONFIG_TESTING_OPTIONS */ 1753 1754 if (len < 24) 1755 return 0; 1756 1757 mgmt = (struct ieee80211_mgmt *) buf; 1758 fc = le_to_host16(mgmt->frame_control); 1759 stype = WLAN_FC_GET_STYPE(fc); 1760 1761 if (stype == WLAN_FC_STYPE_BEACON) { 1762 handle_beacon(hapd, mgmt, len, fi); 1763 return 1; 1764 } 1765 1766 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1767 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1768 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1769 1770 if (!broadcast && 1771#ifdef CONFIG_P2P 1772 /* Invitation responses can be sent with the peer MAC as BSSID */ 1773 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1774 stype == WLAN_FC_STYPE_ACTION) && 1775#endif /* CONFIG_P2P */ 1776 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1777 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", 1778 MAC2STR(mgmt->bssid)); 1779 return 0; 1780 } 1781 1782 1783 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1784 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 1785 return 1; 1786 } 1787 1788 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1789 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1790 HOSTAPD_LEVEL_DEBUG, 1791 "MGMT: DA=" MACSTR " not our address", 1792 MAC2STR(mgmt->da)); 1793 return 0; 1794 } 1795 1796 switch (stype) { 1797 case WLAN_FC_STYPE_AUTH: 1798 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1799 handle_auth(hapd, mgmt, len); 1800 ret = 1; 1801 break; 1802 case WLAN_FC_STYPE_ASSOC_REQ: 1803 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1804 handle_assoc(hapd, mgmt, len, 0); 1805 ret = 1; 1806 break; 1807 case WLAN_FC_STYPE_REASSOC_REQ: 1808 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1809 handle_assoc(hapd, mgmt, len, 1); 1810 ret = 1; 1811 break; 1812 case WLAN_FC_STYPE_DISASSOC: 1813 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1814 handle_disassoc(hapd, mgmt, len); 1815 ret = 1; 1816 break; 1817 case WLAN_FC_STYPE_DEAUTH: 1818 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1819 handle_deauth(hapd, mgmt, len); 1820 ret = 1; 1821 break; 1822 case WLAN_FC_STYPE_ACTION: 1823 wpa_printf(MSG_DEBUG, "mgmt::action"); 1824 ret = handle_action(hapd, mgmt, len); 1825 break; 1826 default: 1827 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1828 HOSTAPD_LEVEL_DEBUG, 1829 "unknown mgmt frame subtype %d", stype); 1830 break; 1831 } 1832 1833 return ret; 1834} 1835 1836 1837static void handle_auth_cb(struct hostapd_data *hapd, 1838 const struct ieee80211_mgmt *mgmt, 1839 size_t len, int ok) 1840{ 1841 u16 auth_alg, auth_transaction, status_code; 1842 struct sta_info *sta; 1843 1844 if (!ok) { 1845 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1846 HOSTAPD_LEVEL_NOTICE, 1847 "did not acknowledge authentication response"); 1848 return; 1849 } 1850 1851 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1852 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)", 1853 (unsigned long) len); 1854 return; 1855 } 1856 1857 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1858 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1859 status_code = le_to_host16(mgmt->u.auth.status_code); 1860 1861 sta = ap_get_sta(hapd, mgmt->da); 1862 if (!sta) { 1863 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found", 1864 MAC2STR(mgmt->da)); 1865 return; 1866 } 1867 1868 if (status_code == WLAN_STATUS_SUCCESS && 1869 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1870 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1871 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1872 HOSTAPD_LEVEL_INFO, "authenticated"); 1873 sta->flags |= WLAN_STA_AUTH; 1874 } 1875} 1876 1877 1878static void hostapd_set_wds_encryption(struct hostapd_data *hapd, 1879 struct sta_info *sta, 1880 char *ifname_wds) 1881{ 1882 int i; 1883 struct hostapd_ssid *ssid = sta->ssid; 1884 1885 if (hapd->conf->ieee802_1x || hapd->conf->wpa) 1886 return; 1887 1888 for (i = 0; i < 4; i++) { 1889 if (ssid->wep.key[i] && 1890 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i, 1891 i == ssid->wep.idx, NULL, 0, 1892 ssid->wep.key[i], ssid->wep.len[i])) { 1893 wpa_printf(MSG_WARNING, 1894 "Could not set WEP keys for WDS interface; %s", 1895 ifname_wds); 1896 break; 1897 } 1898 } 1899} 1900 1901 1902static void handle_assoc_cb(struct hostapd_data *hapd, 1903 const struct ieee80211_mgmt *mgmt, 1904 size_t len, int reassoc, int ok) 1905{ 1906 u16 status; 1907 struct sta_info *sta; 1908 int new_assoc = 1; 1909 struct ieee80211_ht_capabilities ht_cap; 1910 struct ieee80211_vht_capabilities vht_cap; 1911 1912 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1913 sizeof(mgmt->u.assoc_resp))) { 1914 wpa_printf(MSG_INFO, "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)", 1915 reassoc, (unsigned long) len); 1916 return; 1917 } 1918 1919 sta = ap_get_sta(hapd, mgmt->da); 1920 if (!sta) { 1921 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found", 1922 MAC2STR(mgmt->da)); 1923 return; 1924 } 1925 1926 if (!ok) { 1927 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1928 HOSTAPD_LEVEL_DEBUG, 1929 "did not acknowledge association response"); 1930 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 1931 return; 1932 } 1933 1934 if (reassoc) 1935 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1936 else 1937 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1938 1939 if (status != WLAN_STATUS_SUCCESS) 1940 goto fail; 1941 1942 /* Stop previous accounting session, if one is started, and allocate 1943 * new session id for the new session. */ 1944 accounting_sta_stop(hapd, sta); 1945 1946 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1947 HOSTAPD_LEVEL_INFO, 1948 "associated (aid %d)", 1949 sta->aid); 1950 1951 if (sta->flags & WLAN_STA_ASSOC) 1952 new_assoc = 0; 1953 sta->flags |= WLAN_STA_ASSOC; 1954 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; 1955 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) || 1956 sta->auth_alg == WLAN_AUTH_FT) { 1957 /* 1958 * Open, static WEP, or FT protocol; no separate authorization 1959 * step. 1960 */ 1961 ap_sta_set_authorized(hapd, sta, 1); 1962 } 1963 1964 if (reassoc) 1965 mlme_reassociate_indication(hapd, sta); 1966 else 1967 mlme_associate_indication(hapd, sta); 1968 1969#ifdef CONFIG_IEEE80211W 1970 sta->sa_query_timed_out = 0; 1971#endif /* CONFIG_IEEE80211W */ 1972 1973 /* 1974 * Remove the STA entry in order to make sure the STA PS state gets 1975 * cleared and configuration gets updated in case of reassociation back 1976 * to the same AP. 1977 */ 1978 hostapd_drv_sta_remove(hapd, sta->addr); 1979 1980#ifdef CONFIG_IEEE80211N 1981 if (sta->flags & WLAN_STA_HT) 1982 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1983#endif /* CONFIG_IEEE80211N */ 1984#ifdef CONFIG_IEEE80211AC 1985 if (sta->flags & WLAN_STA_VHT) 1986 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1987#endif /* CONFIG_IEEE80211AC */ 1988 1989 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1990 sta->supported_rates, sta->supported_rates_len, 1991 sta->listen_interval, 1992 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1993 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1994 sta->flags, sta->qosinfo, sta->vht_opmode)) { 1995 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1996 HOSTAPD_LEVEL_NOTICE, 1997 "Could not add STA to kernel driver"); 1998 1999 ap_sta_disconnect(hapd, sta, sta->addr, 2000 WLAN_REASON_DISASSOC_AP_BUSY); 2001 2002 goto fail; 2003 } 2004 2005 if (sta->flags & WLAN_STA_WDS) { 2006 int ret; 2007 char ifname_wds[IFNAMSIZ + 1]; 2008 2009 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr, 2010 sta->aid, 1); 2011 if (!ret) 2012 hostapd_set_wds_encryption(hapd, sta, ifname_wds); 2013 } 2014 2015 if (sta->eapol_sm == NULL) { 2016 /* 2017 * This STA does not use RADIUS server for EAP authentication, 2018 * so bind it to the selected VLAN interface now, since the 2019 * interface selection is not going to change anymore. 2020 */ 2021 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 2022 goto fail; 2023 } else if (sta->vlan_id) { 2024 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 2025 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 2026 goto fail; 2027 } 2028 2029 hostapd_set_sta_flags(hapd, sta); 2030 2031 if (sta->auth_alg == WLAN_AUTH_FT) 2032 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 2033 else 2034 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 2035 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 2036 2037 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 2038 2039 fail: 2040 /* Copy of the association request is not needed anymore */ 2041 if (sta->last_assoc_req) { 2042 os_free(sta->last_assoc_req); 2043 sta->last_assoc_req = NULL; 2044 } 2045} 2046 2047 2048static void handle_deauth_cb(struct hostapd_data *hapd, 2049 const struct ieee80211_mgmt *mgmt, 2050 size_t len, int ok) 2051{ 2052 struct sta_info *sta; 2053 if (mgmt->da[0] & 0x01) 2054 return; 2055 sta = ap_get_sta(hapd, mgmt->da); 2056 if (!sta) { 2057 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 2058 " not found", MAC2STR(mgmt->da)); 2059 return; 2060 } 2061 if (ok) 2062 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 2063 MAC2STR(sta->addr)); 2064 else 2065 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2066 "deauth", MAC2STR(sta->addr)); 2067 2068 ap_sta_deauth_cb(hapd, sta); 2069} 2070 2071 2072static void handle_disassoc_cb(struct hostapd_data *hapd, 2073 const struct ieee80211_mgmt *mgmt, 2074 size_t len, int ok) 2075{ 2076 struct sta_info *sta; 2077 if (mgmt->da[0] & 0x01) 2078 return; 2079 sta = ap_get_sta(hapd, mgmt->da); 2080 if (!sta) { 2081 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 2082 " not found", MAC2STR(mgmt->da)); 2083 return; 2084 } 2085 if (ok) 2086 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 2087 MAC2STR(sta->addr)); 2088 else 2089 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2090 "disassoc", MAC2STR(sta->addr)); 2091 2092 ap_sta_disassoc_cb(hapd, sta); 2093} 2094 2095 2096/** 2097 * ieee802_11_mgmt_cb - Process management frame TX status callback 2098 * @hapd: hostapd BSS data structure (the BSS from which the management frame 2099 * was sent from) 2100 * @buf: management frame data (starting from IEEE 802.11 header) 2101 * @len: length of frame data in octets 2102 * @stype: management frame subtype from frame control field 2103 * @ok: Whether the frame was ACK'ed 2104 */ 2105void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 2106 u16 stype, int ok) 2107{ 2108 const struct ieee80211_mgmt *mgmt; 2109 mgmt = (const struct ieee80211_mgmt *) buf; 2110 2111#ifdef CONFIG_TESTING_OPTIONS 2112 if (hapd->ext_mgmt_frame_handling) { 2113 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d", 2114 stype, ok); 2115 return; 2116 } 2117#endif /* CONFIG_TESTING_OPTIONS */ 2118 2119 switch (stype) { 2120 case WLAN_FC_STYPE_AUTH: 2121 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 2122 handle_auth_cb(hapd, mgmt, len, ok); 2123 break; 2124 case WLAN_FC_STYPE_ASSOC_RESP: 2125 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 2126 handle_assoc_cb(hapd, mgmt, len, 0, ok); 2127 break; 2128 case WLAN_FC_STYPE_REASSOC_RESP: 2129 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 2130 handle_assoc_cb(hapd, mgmt, len, 1, ok); 2131 break; 2132 case WLAN_FC_STYPE_PROBE_RESP: 2133 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 2134 break; 2135 case WLAN_FC_STYPE_DEAUTH: 2136 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 2137 handle_deauth_cb(hapd, mgmt, len, ok); 2138 break; 2139 case WLAN_FC_STYPE_DISASSOC: 2140 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 2141 handle_disassoc_cb(hapd, mgmt, len, ok); 2142 break; 2143 case WLAN_FC_STYPE_ACTION: 2144 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 2145 break; 2146 default: 2147 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype); 2148 break; 2149 } 2150} 2151 2152 2153int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2154{ 2155 /* TODO */ 2156 return 0; 2157} 2158 2159 2160int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 2161 char *buf, size_t buflen) 2162{ 2163 /* TODO */ 2164 return 0; 2165} 2166 2167 2168void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 2169 const u8 *buf, size_t len, int ack) 2170{ 2171 struct sta_info *sta; 2172 struct hostapd_iface *iface = hapd->iface; 2173 2174 sta = ap_get_sta(hapd, addr); 2175 if (sta == NULL && iface->num_bss > 1) { 2176 size_t j; 2177 for (j = 0; j < iface->num_bss; j++) { 2178 hapd = iface->bss[j]; 2179 sta = ap_get_sta(hapd, addr); 2180 if (sta) 2181 break; 2182 } 2183 } 2184 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 2185 return; 2186 if (sta->flags & WLAN_STA_PENDING_POLL) { 2187 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 2188 "activity poll", MAC2STR(sta->addr), 2189 ack ? "ACKed" : "did not ACK"); 2190 if (ack) 2191 sta->flags &= ~WLAN_STA_PENDING_POLL; 2192 } 2193 2194 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 2195} 2196 2197 2198void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 2199 const u8 *data, size_t len, int ack) 2200{ 2201 struct sta_info *sta; 2202 struct hostapd_iface *iface = hapd->iface; 2203 2204 sta = ap_get_sta(hapd, dst); 2205 if (sta == NULL && iface->num_bss > 1) { 2206 size_t j; 2207 for (j = 0; j < iface->num_bss; j++) { 2208 hapd = iface->bss[j]; 2209 sta = ap_get_sta(hapd, dst); 2210 if (sta) 2211 break; 2212 } 2213 } 2214 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 2215 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 2216 MACSTR " that is not currently associated", 2217 MAC2STR(dst)); 2218 return; 2219 } 2220 2221 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 2222} 2223 2224 2225void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 2226{ 2227 struct sta_info *sta; 2228 struct hostapd_iface *iface = hapd->iface; 2229 2230 sta = ap_get_sta(hapd, addr); 2231 if (sta == NULL && iface->num_bss > 1) { 2232 size_t j; 2233 for (j = 0; j < iface->num_bss; j++) { 2234 hapd = iface->bss[j]; 2235 sta = ap_get_sta(hapd, addr); 2236 if (sta) 2237 break; 2238 } 2239 } 2240 if (sta == NULL) 2241 return; 2242 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 2243 return; 2244 2245 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 2246 "activity poll", MAC2STR(sta->addr)); 2247 sta->flags &= ~WLAN_STA_PENDING_POLL; 2248} 2249 2250 2251void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 2252 int wds) 2253{ 2254 struct sta_info *sta; 2255 2256 sta = ap_get_sta(hapd, src); 2257 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 2258 if (!hapd->conf->wds_sta) 2259 return; 2260 2261 if (wds && !(sta->flags & WLAN_STA_WDS)) { 2262 int ret; 2263 char ifname_wds[IFNAMSIZ + 1]; 2264 2265 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 2266 "STA " MACSTR " (aid %u)", 2267 MAC2STR(sta->addr), sta->aid); 2268 sta->flags |= WLAN_STA_WDS; 2269 ret = hostapd_set_wds_sta(hapd, ifname_wds, 2270 sta->addr, sta->aid, 1); 2271 if (!ret) 2272 hostapd_set_wds_encryption(hapd, sta, 2273 ifname_wds); 2274 } 2275 return; 2276 } 2277 2278 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 2279 MACSTR, MAC2STR(src)); 2280 if (src[0] & 0x01) { 2281 /* Broadcast bit set in SA?! Ignore the frame silently. */ 2282 return; 2283 } 2284 2285 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 2286 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 2287 "already been sent, but no TX status yet known - " 2288 "ignore Class 3 frame issue with " MACSTR, 2289 MAC2STR(src)); 2290 return; 2291 } 2292 2293 if (sta && (sta->flags & WLAN_STA_AUTH)) 2294 hostapd_drv_sta_disassoc( 2295 hapd, src, 2296 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2297 else 2298 hostapd_drv_sta_deauth( 2299 hapd, src, 2300 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2301} 2302 2303 2304#endif /* CONFIG_NATIVE_WINDOWS */ 2305