1/* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#ifndef CONFIG_NATIVE_WINDOWS 12 13#include "utils/common.h" 14#include "utils/eloop.h" 15#include "crypto/crypto.h" 16#include "crypto/sha256.h" 17#include "crypto/random.h" 18#include "common/ieee802_11_defs.h" 19#include "common/ieee802_11_common.h" 20#include "common/wpa_ctrl.h" 21#include "common/sae.h" 22#include "radius/radius.h" 23#include "radius/radius_client.h" 24#include "p2p/p2p.h" 25#include "wps/wps.h" 26#include "fst/fst.h" 27#include "hostapd.h" 28#include "beacon.h" 29#include "ieee802_11_auth.h" 30#include "sta_info.h" 31#include "ieee802_1x.h" 32#include "wpa_auth.h" 33#include "pmksa_cache_auth.h" 34#include "wmm.h" 35#include "ap_list.h" 36#include "accounting.h" 37#include "ap_config.h" 38#include "ap_mlme.h" 39#include "p2p_hostapd.h" 40#include "ap_drv_ops.h" 41#include "wnm_ap.h" 42#include "hw_features.h" 43#include "ieee802_11.h" 44#include "dfs.h" 45#include "mbo_ap.h" 46 47 48u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 49{ 50 u8 *pos = eid; 51 int i, num, count; 52 53 if (hapd->iface->current_rates == NULL) 54 return eid; 55 56 *pos++ = WLAN_EID_SUPP_RATES; 57 num = hapd->iface->num_rates; 58 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 59 num++; 60 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 61 num++; 62 if (num > 8) { 63 /* rest of the rates are encoded in Extended supported 64 * rates element */ 65 num = 8; 66 } 67 68 *pos++ = num; 69 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 70 i++) { 71 count++; 72 *pos = hapd->iface->current_rates[i].rate / 5; 73 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 74 *pos |= 0x80; 75 pos++; 76 } 77 78 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 79 count++; 80 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 81 } 82 83 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 84 count++; 85 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 86 } 87 88 return pos; 89} 90 91 92u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 93{ 94 u8 *pos = eid; 95 int i, num, count; 96 97 if (hapd->iface->current_rates == NULL) 98 return eid; 99 100 num = hapd->iface->num_rates; 101 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 102 num++; 103 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 104 num++; 105 if (num <= 8) 106 return eid; 107 num -= 8; 108 109 *pos++ = WLAN_EID_EXT_SUPP_RATES; 110 *pos++ = num; 111 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 112 i++) { 113 count++; 114 if (count <= 8) 115 continue; /* already in SuppRates IE */ 116 *pos = hapd->iface->current_rates[i].rate / 5; 117 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 118 *pos |= 0x80; 119 pos++; 120 } 121 122 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 123 count++; 124 if (count > 8) 125 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 126 } 127 128 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 129 count++; 130 if (count > 8) 131 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 132 } 133 134 return pos; 135} 136 137 138u16 hostapd_own_capab_info(struct hostapd_data *hapd) 139{ 140 int capab = WLAN_CAPABILITY_ESS; 141 int privacy; 142 int dfs; 143 144 /* Check if any of configured channels require DFS */ 145 dfs = hostapd_is_dfs_required(hapd->iface); 146 if (dfs < 0) { 147 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 148 dfs); 149 dfs = 0; 150 } 151 152 if (hapd->iface->num_sta_no_short_preamble == 0 && 153 hapd->iconf->preamble == SHORT_PREAMBLE) 154 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 155 156 privacy = hapd->conf->ssid.wep.keys_set; 157 158 if (hapd->conf->ieee802_1x && 159 (hapd->conf->default_wep_key_len || 160 hapd->conf->individual_wep_key_len)) 161 privacy = 1; 162 163 if (hapd->conf->wpa) 164 privacy = 1; 165 166#ifdef CONFIG_HS20 167 if (hapd->conf->osen) 168 privacy = 1; 169#endif /* CONFIG_HS20 */ 170 171 if (privacy) 172 capab |= WLAN_CAPABILITY_PRIVACY; 173 174 if (hapd->iface->current_mode && 175 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 176 hapd->iface->num_sta_no_short_slot_time == 0) 177 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 178 179 /* 180 * Currently, Spectrum Management capability bit is set when directly 181 * requested in configuration by spectrum_mgmt_required or when AP is 182 * running on DFS channel. 183 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit 184 */ 185 if (hapd->iface->current_mode && 186 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A && 187 (hapd->iconf->spectrum_mgmt_required || dfs)) 188 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 189 190 if (hapd->conf->radio_measurements) 191 capab |= IEEE80211_CAP_RRM; 192 193 return capab; 194} 195 196 197#ifndef CONFIG_NO_RC4 198static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 199 u16 auth_transaction, const u8 *challenge, 200 int iswep) 201{ 202 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 203 HOSTAPD_LEVEL_DEBUG, 204 "authentication (shared key, transaction %d)", 205 auth_transaction); 206 207 if (auth_transaction == 1) { 208 if (!sta->challenge) { 209 /* Generate a pseudo-random challenge */ 210 u8 key[8]; 211 212 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 213 if (sta->challenge == NULL) 214 return WLAN_STATUS_UNSPECIFIED_FAILURE; 215 216 if (os_get_random(key, sizeof(key)) < 0) { 217 os_free(sta->challenge); 218 sta->challenge = NULL; 219 return WLAN_STATUS_UNSPECIFIED_FAILURE; 220 } 221 222 rc4_skip(key, sizeof(key), 0, 223 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 224 } 225 return 0; 226 } 227 228 if (auth_transaction != 3) 229 return WLAN_STATUS_UNSPECIFIED_FAILURE; 230 231 /* Transaction 3 */ 232 if (!iswep || !sta->challenge || !challenge || 233 os_memcmp_const(sta->challenge, challenge, 234 WLAN_AUTH_CHALLENGE_LEN)) { 235 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 236 HOSTAPD_LEVEL_INFO, 237 "shared key authentication - invalid " 238 "challenge-response"); 239 return WLAN_STATUS_CHALLENGE_FAIL; 240 } 241 242 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 243 HOSTAPD_LEVEL_DEBUG, 244 "authentication OK (shared key)"); 245 sta->flags |= WLAN_STA_AUTH; 246 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 247 os_free(sta->challenge); 248 sta->challenge = NULL; 249 250 return 0; 251} 252#endif /* CONFIG_NO_RC4 */ 253 254 255static int send_auth_reply(struct hostapd_data *hapd, 256 const u8 *dst, const u8 *bssid, 257 u16 auth_alg, u16 auth_transaction, u16 resp, 258 const u8 *ies, size_t ies_len) 259{ 260 struct ieee80211_mgmt *reply; 261 u8 *buf; 262 size_t rlen; 263 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE; 264 265 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 266 buf = os_zalloc(rlen); 267 if (buf == NULL) 268 return -1; 269 270 reply = (struct ieee80211_mgmt *) buf; 271 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 272 WLAN_FC_STYPE_AUTH); 273 os_memcpy(reply->da, dst, ETH_ALEN); 274 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 275 os_memcpy(reply->bssid, bssid, ETH_ALEN); 276 277 reply->u.auth.auth_alg = host_to_le16(auth_alg); 278 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 279 reply->u.auth.status_code = host_to_le16(resp); 280 281 if (ies && ies_len) 282 os_memcpy(reply->u.auth.variable, ies, ies_len); 283 284 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 285 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 286 MAC2STR(dst), auth_alg, auth_transaction, 287 resp, (unsigned long) ies_len); 288 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 289 wpa_printf(MSG_INFO, "send_auth_reply: send failed"); 290 else 291 reply_res = WLAN_STATUS_SUCCESS; 292 293 os_free(buf); 294 295 return reply_res; 296} 297 298 299#ifdef CONFIG_IEEE80211R 300static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 301 u16 auth_transaction, u16 status, 302 const u8 *ies, size_t ies_len) 303{ 304 struct hostapd_data *hapd = ctx; 305 struct sta_info *sta; 306 int reply_res; 307 308 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, 309 auth_transaction, status, ies, ies_len); 310 311 sta = ap_get_sta(hapd, dst); 312 if (sta == NULL) 313 return; 314 315 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS || 316 status != WLAN_STATUS_SUCCESS)) { 317 hostapd_drv_sta_remove(hapd, sta->addr); 318 sta->added_unassoc = 0; 319 return; 320 } 321 322 if (status != WLAN_STATUS_SUCCESS) 323 return; 324 325 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 326 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 327 sta->flags |= WLAN_STA_AUTH; 328 mlme_authenticate_indication(hapd, sta); 329} 330#endif /* CONFIG_IEEE80211R */ 331 332 333#ifdef CONFIG_SAE 334 335#define dot11RSNASAESync 5 /* attempts */ 336 337 338static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, 339 struct sta_info *sta, int update) 340{ 341 struct wpabuf *buf; 342 343 if (hapd->conf->ssid.wpa_passphrase == NULL) { 344 wpa_printf(MSG_DEBUG, "SAE: No password available"); 345 return NULL; 346 } 347 348 if (update && 349 sae_prepare_commit(hapd->own_addr, sta->addr, 350 (u8 *) hapd->conf->ssid.wpa_passphrase, 351 os_strlen(hapd->conf->ssid.wpa_passphrase), 352 sta->sae) < 0) { 353 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 354 return NULL; 355 } 356 357 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 358 if (buf == NULL) 359 return NULL; 360 sae_write_commit(sta->sae, buf, sta->sae->tmp ? 361 sta->sae->tmp->anti_clogging_token : NULL); 362 363 return buf; 364} 365 366 367static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 368 struct sta_info *sta) 369{ 370 struct wpabuf *buf; 371 372 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 373 if (buf == NULL) 374 return NULL; 375 376 sae_write_confirm(sta->sae, buf); 377 378 return buf; 379} 380 381 382static int auth_sae_send_commit(struct hostapd_data *hapd, 383 struct sta_info *sta, 384 const u8 *bssid, int update) 385{ 386 struct wpabuf *data; 387 int reply_res; 388 389 data = auth_build_sae_commit(hapd, sta, update); 390 if (data == NULL) 391 return WLAN_STATUS_UNSPECIFIED_FAILURE; 392 393 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1, 394 WLAN_STATUS_SUCCESS, wpabuf_head(data), 395 wpabuf_len(data)); 396 397 wpabuf_free(data); 398 399 return reply_res; 400} 401 402 403static int auth_sae_send_confirm(struct hostapd_data *hapd, 404 struct sta_info *sta, 405 const u8 *bssid) 406{ 407 struct wpabuf *data; 408 int reply_res; 409 410 data = auth_build_sae_confirm(hapd, sta); 411 if (data == NULL) 412 return WLAN_STATUS_UNSPECIFIED_FAILURE; 413 414 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2, 415 WLAN_STATUS_SUCCESS, wpabuf_head(data), 416 wpabuf_len(data)); 417 418 wpabuf_free(data); 419 420 return reply_res; 421} 422 423 424static int use_sae_anti_clogging(struct hostapd_data *hapd) 425{ 426 struct sta_info *sta; 427 unsigned int open = 0; 428 429 if (hapd->conf->sae_anti_clogging_threshold == 0) 430 return 1; 431 432 for (sta = hapd->sta_list; sta; sta = sta->next) { 433 if (!sta->sae) 434 continue; 435 if (sta->sae->state != SAE_COMMITTED && 436 sta->sae->state != SAE_CONFIRMED) 437 continue; 438 open++; 439 if (open >= hapd->conf->sae_anti_clogging_threshold) 440 return 1; 441 } 442 443 return 0; 444} 445 446 447static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 448 const u8 *token, size_t token_len) 449{ 450 u8 mac[SHA256_MAC_LEN]; 451 452 if (token_len != SHA256_MAC_LEN) 453 return -1; 454 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 455 addr, ETH_ALEN, mac) < 0 || 456 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0) 457 return -1; 458 459 return 0; 460} 461 462 463static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 464 int group, const u8 *addr) 465{ 466 struct wpabuf *buf; 467 u8 *token; 468 struct os_reltime now; 469 470 os_get_reltime(&now); 471 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) || 472 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) { 473 if (random_get_bytes(hapd->sae_token_key, 474 sizeof(hapd->sae_token_key)) < 0) 475 return NULL; 476 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 477 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 478 hapd->last_sae_token_key_update = now; 479 } 480 481 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN); 482 if (buf == NULL) 483 return NULL; 484 485 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */ 486 487 token = wpabuf_put(buf, SHA256_MAC_LEN); 488 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 489 addr, ETH_ALEN, token); 490 491 return buf; 492} 493 494 495static int sae_check_big_sync(struct sta_info *sta) 496{ 497 if (sta->sae->sync > dot11RSNASAESync) { 498 sta->sae->state = SAE_NOTHING; 499 sta->sae->sync = 0; 500 return -1; 501 } 502 return 0; 503} 504 505 506static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data) 507{ 508 struct hostapd_data *hapd = eloop_ctx; 509 struct sta_info *sta = eloop_data; 510 int ret; 511 512 if (sae_check_big_sync(sta)) 513 return; 514 sta->sae->sync++; 515 516 switch (sta->sae->state) { 517 case SAE_COMMITTED: 518 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 519 eloop_register_timeout(0, 520 hapd->dot11RSNASAERetransPeriod * 1000, 521 auth_sae_retransmit_timer, hapd, sta); 522 break; 523 case SAE_CONFIRMED: 524 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr); 525 eloop_register_timeout(0, 526 hapd->dot11RSNASAERetransPeriod * 1000, 527 auth_sae_retransmit_timer, hapd, sta); 528 break; 529 default: 530 ret = -1; 531 break; 532 } 533 534 if (ret != WLAN_STATUS_SUCCESS) 535 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret); 536} 537 538 539void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta) 540{ 541 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 542} 543 544 545static void sae_set_retransmit_timer(struct hostapd_data *hapd, 546 struct sta_info *sta) 547{ 548 if (!(hapd->conf->mesh & MESH_ENABLED)) 549 return; 550 551 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 552 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000, 553 auth_sae_retransmit_timer, hapd, sta); 554} 555 556 557void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta) 558{ 559 sta->flags |= WLAN_STA_AUTH; 560 sta->auth_alg = WLAN_AUTH_SAE; 561 mlme_authenticate_indication(hapd, sta); 562 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 563 sta->sae->state = SAE_ACCEPTED; 564 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, 565 sta->sae->pmk, sta->sae->pmkid); 566} 567 568 569static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, 570 const u8 *bssid, u8 auth_transaction) 571{ 572 int ret; 573 574 if (auth_transaction != 1 && auth_transaction != 2) 575 return WLAN_STATUS_UNSPECIFIED_FAILURE; 576 577 switch (sta->sae->state) { 578 case SAE_NOTHING: 579 if (auth_transaction == 1) { 580 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 581 if (ret) 582 return ret; 583 sta->sae->state = SAE_COMMITTED; 584 585 if (sae_process_commit(sta->sae) < 0) 586 return WLAN_STATUS_UNSPECIFIED_FAILURE; 587 588 /* 589 * In mesh case, both Commit and Confirm can be sent 590 * immediately. In infrastructure BSS, only a single 591 * Authentication frame (Commit) is expected from the AP 592 * here and the second one (Confirm) will be sent once 593 * the STA has sent its second Authentication frame 594 * (Confirm). 595 */ 596 if (hapd->conf->mesh & MESH_ENABLED) { 597 /* 598 * Send both Commit and Confirm immediately 599 * based on SAE finite state machine 600 * Nothing -> Confirm transition. 601 */ 602 ret = auth_sae_send_confirm(hapd, sta, bssid); 603 if (ret) 604 return ret; 605 sta->sae->state = SAE_CONFIRMED; 606 } else { 607 /* 608 * For infrastructure BSS, send only the Commit 609 * message now to get alternating sequence of 610 * Authentication frames between the AP and STA. 611 * Confirm will be sent in 612 * Commited -> Confirmed/Accepted transition 613 * when receiving Confirm from STA. 614 */ 615 } 616 sta->sae->sync = 0; 617 sae_set_retransmit_timer(hapd, sta); 618 } else { 619 hostapd_logger(hapd, sta->addr, 620 HOSTAPD_MODULE_IEEE80211, 621 HOSTAPD_LEVEL_DEBUG, 622 "SAE confirm before commit"); 623 } 624 break; 625 case SAE_COMMITTED: 626 sae_clear_retransmit_timer(hapd, sta); 627 if (auth_transaction == 1) { 628 if (sae_process_commit(sta->sae) < 0) 629 return WLAN_STATUS_UNSPECIFIED_FAILURE; 630 631 ret = auth_sae_send_confirm(hapd, sta, bssid); 632 if (ret) 633 return ret; 634 sta->sae->state = SAE_CONFIRMED; 635 sta->sae->sync = 0; 636 sae_set_retransmit_timer(hapd, sta); 637 } else if (hapd->conf->mesh & MESH_ENABLED) { 638 /* 639 * In mesh case, follow SAE finite state machine and 640 * send Commit now, if sync count allows. 641 */ 642 if (sae_check_big_sync(sta)) 643 return WLAN_STATUS_SUCCESS; 644 sta->sae->sync++; 645 646 ret = auth_sae_send_commit(hapd, sta, bssid, 0); 647 if (ret) 648 return ret; 649 650 sae_set_retransmit_timer(hapd, sta); 651 } else { 652 /* 653 * For instructure BSS, send the postponed Confirm from 654 * Nothing -> Confirmed transition that was reduced to 655 * Nothing -> Committed above. 656 */ 657 ret = auth_sae_send_confirm(hapd, sta, bssid); 658 if (ret) 659 return ret; 660 661 sta->sae->state = SAE_CONFIRMED; 662 663 /* 664 * Since this was triggered on Confirm RX, run another 665 * step to get to Accepted without waiting for 666 * additional events. 667 */ 668 return sae_sm_step(hapd, sta, bssid, auth_transaction); 669 } 670 break; 671 case SAE_CONFIRMED: 672 sae_clear_retransmit_timer(hapd, sta); 673 if (auth_transaction == 1) { 674 if (sae_check_big_sync(sta)) 675 return WLAN_STATUS_SUCCESS; 676 sta->sae->sync++; 677 678 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 679 if (ret) 680 return ret; 681 682 if (sae_process_commit(sta->sae) < 0) 683 return WLAN_STATUS_UNSPECIFIED_FAILURE; 684 685 ret = auth_sae_send_confirm(hapd, sta, bssid); 686 if (ret) 687 return ret; 688 689 sae_set_retransmit_timer(hapd, sta); 690 } else { 691 sae_accept_sta(hapd, sta); 692 } 693 break; 694 case SAE_ACCEPTED: 695 if (auth_transaction == 1) { 696 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR 697 ") doing reauthentication", 698 MAC2STR(sta->addr)); 699 ap_free_sta(hapd, sta); 700 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 701 } else { 702 if (sae_check_big_sync(sta)) 703 return WLAN_STATUS_SUCCESS; 704 sta->sae->sync++; 705 706 ret = auth_sae_send_confirm(hapd, sta, bssid); 707 sae_clear_temp_data(sta->sae); 708 if (ret) 709 return ret; 710 } 711 break; 712 default: 713 wpa_printf(MSG_ERROR, "SAE: invalid state %d", 714 sta->sae->state); 715 return WLAN_STATUS_UNSPECIFIED_FAILURE; 716 } 717 return WLAN_STATUS_SUCCESS; 718} 719 720 721static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 722 const struct ieee80211_mgmt *mgmt, size_t len, 723 u16 auth_transaction, u16 status_code) 724{ 725 int resp = WLAN_STATUS_SUCCESS; 726 struct wpabuf *data = NULL; 727 728 if (!sta->sae) { 729 if (auth_transaction != 1 || 730 status_code != WLAN_STATUS_SUCCESS) { 731 resp = -1; 732 goto remove_sta; 733 } 734 sta->sae = os_zalloc(sizeof(*sta->sae)); 735 if (!sta->sae) { 736 resp = -1; 737 goto remove_sta; 738 } 739 sta->sae->state = SAE_NOTHING; 740 sta->sae->sync = 0; 741 } 742 743 if (sta->mesh_sae_pmksa_caching) { 744 wpa_printf(MSG_DEBUG, 745 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication"); 746 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 747 sta->mesh_sae_pmksa_caching = 0; 748 } 749 750 if (auth_transaction == 1) { 751 const u8 *token = NULL, *pos, *end; 752 size_t token_len = 0; 753 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 754 HOSTAPD_LEVEL_DEBUG, 755 "start SAE authentication (RX commit, status=%u)", 756 status_code); 757 758 if ((hapd->conf->mesh & MESH_ENABLED) && 759 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ && 760 sta->sae->tmp) { 761 pos = mgmt->u.auth.variable; 762 end = ((const u8 *) mgmt) + len; 763 if (pos + sizeof(le16) > end) { 764 wpa_printf(MSG_ERROR, 765 "SAE: Too short anti-clogging token request"); 766 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 767 goto reply; 768 } 769 resp = sae_group_allowed(sta->sae, 770 hapd->conf->sae_groups, 771 WPA_GET_LE16(pos)); 772 if (resp != WLAN_STATUS_SUCCESS) { 773 wpa_printf(MSG_ERROR, 774 "SAE: Invalid group in anti-clogging token request"); 775 goto reply; 776 } 777 pos += sizeof(le16); 778 779 wpabuf_free(sta->sae->tmp->anti_clogging_token); 780 sta->sae->tmp->anti_clogging_token = 781 wpabuf_alloc_copy(pos, end - pos); 782 if (sta->sae->tmp->anti_clogging_token == NULL) { 783 wpa_printf(MSG_ERROR, 784 "SAE: Failed to alloc for anti-clogging token"); 785 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 786 goto remove_sta; 787 } 788 789 /* 790 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code 791 * is 76, a new Commit Message shall be constructed 792 * with the Anti-Clogging Token from the received 793 * Authentication frame, and the commit-scalar and 794 * COMMIT-ELEMENT previously sent. 795 */ 796 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0); 797 if (resp != WLAN_STATUS_SUCCESS) { 798 wpa_printf(MSG_ERROR, 799 "SAE: Failed to send commit message"); 800 goto remove_sta; 801 } 802 sta->sae->state = SAE_COMMITTED; 803 sta->sae->sync = 0; 804 sae_set_retransmit_timer(hapd, sta); 805 return; 806 } 807 808 if (status_code != WLAN_STATUS_SUCCESS) 809 goto remove_sta; 810 811 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 812 ((const u8 *) mgmt) + len - 813 mgmt->u.auth.variable, &token, 814 &token_len, hapd->conf->sae_groups); 815 if (resp == SAE_SILENTLY_DISCARD) { 816 wpa_printf(MSG_DEBUG, 817 "SAE: Drop commit message from " MACSTR " due to reflection attack", 818 MAC2STR(sta->addr)); 819 goto remove_sta; 820 } 821 if (token && check_sae_token(hapd, sta->addr, token, token_len) 822 < 0) { 823 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 824 "incorrect token from " MACSTR, 825 MAC2STR(sta->addr)); 826 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 827 goto remove_sta; 828 } 829 830 if (resp != WLAN_STATUS_SUCCESS) 831 goto reply; 832 833 if (!token && use_sae_anti_clogging(hapd)) { 834 wpa_printf(MSG_DEBUG, 835 "SAE: Request anti-clogging token from " 836 MACSTR, MAC2STR(sta->addr)); 837 data = auth_build_token_req(hapd, sta->sae->group, 838 sta->addr); 839 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 840 if (hapd->conf->mesh & MESH_ENABLED) 841 sta->sae->state = SAE_NOTHING; 842 goto reply; 843 } 844 845 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 846 } else if (auth_transaction == 2) { 847 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 848 HOSTAPD_LEVEL_DEBUG, 849 "SAE authentication (RX confirm, status=%u)", 850 status_code); 851 if (status_code != WLAN_STATUS_SUCCESS) 852 goto remove_sta; 853 if (sta->sae->state >= SAE_CONFIRMED || 854 !(hapd->conf->mesh & MESH_ENABLED)) { 855 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 856 ((u8 *) mgmt) + len - 857 mgmt->u.auth.variable) < 0) { 858 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 859 goto reply; 860 } 861 } 862 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 863 } else { 864 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 865 HOSTAPD_LEVEL_DEBUG, 866 "unexpected SAE authentication transaction %u (status=%u)", 867 auth_transaction, status_code); 868 if (status_code != WLAN_STATUS_SUCCESS) 869 goto remove_sta; 870 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 871 } 872 873reply: 874 if (resp != WLAN_STATUS_SUCCESS) { 875 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 876 auth_transaction, resp, 877 data ? wpabuf_head(data) : (u8 *) "", 878 data ? wpabuf_len(data) : 0); 879 } 880 881remove_sta: 882 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 883 status_code != WLAN_STATUS_SUCCESS)) { 884 hostapd_drv_sta_remove(hapd, sta->addr); 885 sta->added_unassoc = 0; 886 } 887 wpabuf_free(data); 888} 889 890 891/** 892 * auth_sae_init_committed - Send COMMIT and start SAE in committed state 893 * @hapd: BSS data for the device initiating the authentication 894 * @sta: the peer to which commit authentication frame is sent 895 * 896 * This function implements Init event handling (IEEE Std 802.11-2012, 897 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the 898 * sta->sae structure should be initialized appropriately via a call to 899 * sae_prepare_commit(). 900 */ 901int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta) 902{ 903 int ret; 904 905 if (!sta->sae || !sta->sae->tmp) 906 return -1; 907 908 if (sta->sae->state != SAE_NOTHING) 909 return -1; 910 911 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 912 if (ret) 913 return -1; 914 915 sta->sae->state = SAE_COMMITTED; 916 sta->sae->sync = 0; 917 sae_set_retransmit_timer(hapd, sta); 918 919 return 0; 920} 921 922#endif /* CONFIG_SAE */ 923 924 925static void handle_auth(struct hostapd_data *hapd, 926 const struct ieee80211_mgmt *mgmt, size_t len) 927{ 928 u16 auth_alg, auth_transaction, status_code; 929 u16 resp = WLAN_STATUS_SUCCESS; 930 struct sta_info *sta = NULL; 931 int res, reply_res; 932 u16 fc; 933 const u8 *challenge = NULL; 934 u32 session_timeout, acct_interim_interval; 935 struct vlan_description vlan_id; 936 struct hostapd_sta_wpa_psk_short *psk = NULL; 937 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 938 size_t resp_ies_len = 0; 939 char *identity = NULL; 940 char *radius_cui = NULL; 941 u16 seq_ctrl; 942 943 os_memset(&vlan_id, 0, sizeof(vlan_id)); 944 945 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 946 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", 947 (unsigned long) len); 948 return; 949 } 950 951#ifdef CONFIG_TESTING_OPTIONS 952 if (hapd->iconf->ignore_auth_probability > 0.0 && 953 drand48() < hapd->iconf->ignore_auth_probability) { 954 wpa_printf(MSG_INFO, 955 "TESTING: ignoring auth frame from " MACSTR, 956 MAC2STR(mgmt->sa)); 957 return; 958 } 959#endif /* CONFIG_TESTING_OPTIONS */ 960 961 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 962 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 963 status_code = le_to_host16(mgmt->u.auth.status_code); 964 fc = le_to_host16(mgmt->frame_control); 965 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 966 967 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 968 2 + WLAN_AUTH_CHALLENGE_LEN && 969 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 970 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 971 challenge = &mgmt->u.auth.variable[2]; 972 973 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 974 "auth_transaction=%d status_code=%d wep=%d%s " 975 "seq_ctrl=0x%x%s", 976 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 977 status_code, !!(fc & WLAN_FC_ISWEP), 978 challenge ? " challenge" : "", 979 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 980 981#ifdef CONFIG_NO_RC4 982 if (auth_alg == WLAN_AUTH_SHARED_KEY) { 983 wpa_printf(MSG_INFO, 984 "Unsupported authentication algorithm (%d)", 985 auth_alg); 986 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 987 goto fail; 988 } 989#endif /* CONFIG_NO_RC4 */ 990 991 if (hapd->tkip_countermeasures) { 992 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 993 goto fail; 994 } 995 996 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 997 auth_alg == WLAN_AUTH_OPEN) || 998#ifdef CONFIG_IEEE80211R 999 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 1000 auth_alg == WLAN_AUTH_FT) || 1001#endif /* CONFIG_IEEE80211R */ 1002#ifdef CONFIG_SAE 1003 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 1004 auth_alg == WLAN_AUTH_SAE) || 1005#endif /* CONFIG_SAE */ 1006 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 1007 auth_alg == WLAN_AUTH_SHARED_KEY))) { 1008 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)", 1009 auth_alg); 1010 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1011 goto fail; 1012 } 1013 1014 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 1015 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 1016 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)", 1017 auth_transaction); 1018 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1019 goto fail; 1020 } 1021 1022 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 1023 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 1024 MAC2STR(mgmt->sa)); 1025 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1026 goto fail; 1027 } 1028 1029 if (hapd->conf->no_auth_if_seen_on) { 1030 struct hostapd_data *other; 1031 1032 other = sta_track_seen_on(hapd->iface, mgmt->sa, 1033 hapd->conf->no_auth_if_seen_on); 1034 if (other) { 1035 u8 *pos; 1036 u32 info; 1037 u8 op_class, channel, phytype; 1038 1039 wpa_printf(MSG_DEBUG, "%s: Reject authentication from " 1040 MACSTR " since STA has been seen on %s", 1041 hapd->conf->iface, MAC2STR(mgmt->sa), 1042 hapd->conf->no_auth_if_seen_on); 1043 1044 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION; 1045 pos = &resp_ies[0]; 1046 *pos++ = WLAN_EID_NEIGHBOR_REPORT; 1047 *pos++ = 13; 1048 os_memcpy(pos, other->own_addr, ETH_ALEN); 1049 pos += ETH_ALEN; 1050 info = 0; /* TODO: BSSID Information */ 1051 WPA_PUT_LE32(pos, info); 1052 pos += 4; 1053 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD) 1054 phytype = 8; /* dmg */ 1055 else if (other->iconf->ieee80211ac) 1056 phytype = 9; /* vht */ 1057 else if (other->iconf->ieee80211n) 1058 phytype = 7; /* ht */ 1059 else if (other->iconf->hw_mode == 1060 HOSTAPD_MODE_IEEE80211A) 1061 phytype = 4; /* ofdm */ 1062 else if (other->iconf->hw_mode == 1063 HOSTAPD_MODE_IEEE80211G) 1064 phytype = 6; /* erp */ 1065 else 1066 phytype = 5; /* hrdsss */ 1067 if (ieee80211_freq_to_channel_ext( 1068 hostapd_hw_get_freq(other, 1069 other->iconf->channel), 1070 other->iconf->secondary_channel, 1071 other->iconf->ieee80211ac, 1072 &op_class, &channel) == NUM_HOSTAPD_MODES) { 1073 op_class = 0; 1074 channel = other->iconf->channel; 1075 } 1076 *pos++ = op_class; 1077 *pos++ = channel; 1078 *pos++ = phytype; 1079 resp_ies_len = pos - &resp_ies[0]; 1080 goto fail; 1081 } 1082 } 1083 1084 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 1085 &session_timeout, 1086 &acct_interim_interval, &vlan_id, 1087 &psk, &identity, &radius_cui); 1088 1089 if (res == HOSTAPD_ACL_REJECT) { 1090 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 1091 MAC2STR(mgmt->sa)); 1092 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1093 goto fail; 1094 } 1095 if (res == HOSTAPD_ACL_PENDING) { 1096 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 1097 " waiting for an external authentication", 1098 MAC2STR(mgmt->sa)); 1099 /* Authentication code will re-send the authentication frame 1100 * after it has received (and cached) information from the 1101 * external source. */ 1102 return; 1103 } 1104 1105 sta = ap_get_sta(hapd, mgmt->sa); 1106 if (sta) { 1107 if ((fc & WLAN_FC_RETRY) && 1108 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 1109 sta->last_seq_ctrl == seq_ctrl && 1110 sta->last_subtype == WLAN_FC_STYPE_AUTH) { 1111 hostapd_logger(hapd, sta->addr, 1112 HOSTAPD_MODULE_IEEE80211, 1113 HOSTAPD_LEVEL_DEBUG, 1114 "Drop repeated authentication frame seq_ctrl=0x%x", 1115 seq_ctrl); 1116 return; 1117 } 1118#ifdef CONFIG_MESH 1119 if ((hapd->conf->mesh & MESH_ENABLED) && 1120 sta->plink_state == PLINK_BLOCKED) { 1121 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1122 " is blocked - drop Authentication frame", 1123 MAC2STR(mgmt->sa)); 1124 return; 1125 } 1126#endif /* CONFIG_MESH */ 1127 } else { 1128#ifdef CONFIG_MESH 1129 if (hapd->conf->mesh & MESH_ENABLED) { 1130 /* if the mesh peer is not available, we don't do auth. 1131 */ 1132 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1133 " not yet known - drop Authentication frame", 1134 MAC2STR(mgmt->sa)); 1135 /* 1136 * Save a copy of the frame so that it can be processed 1137 * if a new peer entry is added shortly after this. 1138 */ 1139 wpabuf_free(hapd->mesh_pending_auth); 1140 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len); 1141 os_get_reltime(&hapd->mesh_pending_auth_time); 1142 return; 1143 } 1144#endif /* CONFIG_MESH */ 1145 1146 sta = ap_sta_add(hapd, mgmt->sa); 1147 if (!sta) { 1148 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1149 goto fail; 1150 } 1151 } 1152 sta->last_seq_ctrl = seq_ctrl; 1153 sta->last_subtype = WLAN_FC_STYPE_AUTH; 1154 1155 if (vlan_id.notempty && 1156 !hostapd_vlan_valid(hapd->conf->vlan, &vlan_id)) { 1157 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1158 HOSTAPD_LEVEL_INFO, 1159 "Invalid VLAN %d%s received from RADIUS server", 1160 vlan_id.untagged, 1161 vlan_id.tagged[0] ? "+" : ""); 1162 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1163 goto fail; 1164 } 1165 if (ap_sta_set_vlan(hapd, sta, &vlan_id) < 0) { 1166 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1167 goto fail; 1168 } 1169 if (sta->vlan_id) 1170 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1171 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 1172 1173 hostapd_free_psk_list(sta->psk); 1174 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 1175 sta->psk = psk; 1176 psk = NULL; 1177 } else { 1178 sta->psk = NULL; 1179 } 1180 1181 sta->identity = identity; 1182 identity = NULL; 1183 sta->radius_cui = radius_cui; 1184 radius_cui = NULL; 1185 1186 sta->flags &= ~WLAN_STA_PREAUTH; 1187 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 1188 1189 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 1190 sta->acct_interim_interval = acct_interim_interval; 1191 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 1192 ap_sta_session_timeout(hapd, sta, session_timeout); 1193 else 1194 ap_sta_no_session_timeout(hapd, sta); 1195 1196 /* 1197 * If the driver supports full AP client state, add a station to the 1198 * driver before sending authentication reply to make sure the driver 1199 * has resources, and not to go through the entire authentication and 1200 * association handshake, and fail it at the end. 1201 * 1202 * If this is not the first transaction, in a multi-step authentication 1203 * algorithm, the station already exists in the driver 1204 * (sta->added_unassoc = 1) so skip it. 1205 * 1206 * In mesh mode, the station was already added to the driver when the 1207 * NEW_PEER_CANDIDATE event is received. 1208 */ 1209 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) && 1210 !(hapd->conf->mesh & MESH_ENABLED) && 1211 !(sta->added_unassoc)) { 1212 /* 1213 * If a station that is already associated to the AP, is trying 1214 * to authenticate again, remove the STA entry, in order to make 1215 * sure the STA PS state gets cleared and configuration gets 1216 * updated. To handle this, station's added_unassoc flag is 1217 * cleared once the station has completed association. 1218 */ 1219 hostapd_drv_sta_remove(hapd, sta->addr); 1220 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | 1221 WLAN_STA_AUTHORIZED); 1222 1223 if (hostapd_sta_add(hapd, sta->addr, 0, 0, 0, 0, 0, 1224 NULL, NULL, sta->flags, 0, 0, 0)) { 1225 hostapd_logger(hapd, sta->addr, 1226 HOSTAPD_MODULE_IEEE80211, 1227 HOSTAPD_LEVEL_NOTICE, 1228 "Could not add STA to kernel driver"); 1229 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1230 goto fail; 1231 } 1232 1233 sta->added_unassoc = 1; 1234 } 1235 1236 switch (auth_alg) { 1237 case WLAN_AUTH_OPEN: 1238 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1239 HOSTAPD_LEVEL_DEBUG, 1240 "authentication OK (open system)"); 1241 sta->flags |= WLAN_STA_AUTH; 1242 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 1243 sta->auth_alg = WLAN_AUTH_OPEN; 1244 mlme_authenticate_indication(hapd, sta); 1245 break; 1246#ifndef CONFIG_NO_RC4 1247 case WLAN_AUTH_SHARED_KEY: 1248 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 1249 fc & WLAN_FC_ISWEP); 1250 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 1251 mlme_authenticate_indication(hapd, sta); 1252 if (sta->challenge && auth_transaction == 1) { 1253 resp_ies[0] = WLAN_EID_CHALLENGE; 1254 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 1255 os_memcpy(resp_ies + 2, sta->challenge, 1256 WLAN_AUTH_CHALLENGE_LEN); 1257 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 1258 } 1259 break; 1260#endif /* CONFIG_NO_RC4 */ 1261#ifdef CONFIG_IEEE80211R 1262 case WLAN_AUTH_FT: 1263 sta->auth_alg = WLAN_AUTH_FT; 1264 if (sta->wpa_sm == NULL) 1265 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1266 sta->addr, NULL); 1267 if (sta->wpa_sm == NULL) { 1268 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 1269 "state machine"); 1270 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1271 goto fail; 1272 } 1273 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 1274 auth_transaction, mgmt->u.auth.variable, 1275 len - IEEE80211_HDRLEN - 1276 sizeof(mgmt->u.auth), 1277 handle_auth_ft_finish, hapd); 1278 /* handle_auth_ft_finish() callback will complete auth. */ 1279 return; 1280#endif /* CONFIG_IEEE80211R */ 1281#ifdef CONFIG_SAE 1282 case WLAN_AUTH_SAE: 1283#ifdef CONFIG_MESH 1284 if (status_code == WLAN_STATUS_SUCCESS && 1285 hapd->conf->mesh & MESH_ENABLED) { 1286 if (sta->wpa_sm == NULL) 1287 sta->wpa_sm = 1288 wpa_auth_sta_init(hapd->wpa_auth, 1289 sta->addr, NULL); 1290 if (sta->wpa_sm == NULL) { 1291 wpa_printf(MSG_DEBUG, 1292 "SAE: Failed to initialize WPA state machine"); 1293 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1294 goto fail; 1295 } 1296 } 1297#endif /* CONFIG_MESH */ 1298 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction, 1299 status_code); 1300 return; 1301#endif /* CONFIG_SAE */ 1302 } 1303 1304 fail: 1305 os_free(identity); 1306 os_free(radius_cui); 1307 hostapd_free_psk_list(psk); 1308 1309 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 1310 auth_transaction + 1, resp, resp_ies, 1311 resp_ies_len); 1312 1313 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 1314 reply_res != WLAN_STATUS_SUCCESS)) { 1315 hostapd_drv_sta_remove(hapd, sta->addr); 1316 sta->added_unassoc = 0; 1317 } 1318} 1319 1320 1321int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 1322{ 1323 int i, j = 32, aid; 1324 1325 /* get a unique AID */ 1326 if (sta->aid > 0) { 1327 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 1328 return 0; 1329 } 1330 1331 for (i = 0; i < AID_WORDS; i++) { 1332 if (hapd->sta_aid[i] == (u32) -1) 1333 continue; 1334 for (j = 0; j < 32; j++) { 1335 if (!(hapd->sta_aid[i] & BIT(j))) 1336 break; 1337 } 1338 if (j < 32) 1339 break; 1340 } 1341 if (j == 32) 1342 return -1; 1343 aid = i * 32 + j + 1; 1344 if (aid > 2007) 1345 return -1; 1346 1347 sta->aid = aid; 1348 hapd->sta_aid[i] |= BIT(j); 1349 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 1350 return 0; 1351} 1352 1353 1354static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 1355 const u8 *ssid_ie, size_t ssid_ie_len) 1356{ 1357 if (ssid_ie == NULL) 1358 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1359 1360 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 1361 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 1362 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1363 HOSTAPD_LEVEL_INFO, 1364 "Station tried to associate with unknown SSID " 1365 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len)); 1366 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1367 } 1368 1369 return WLAN_STATUS_SUCCESS; 1370} 1371 1372 1373static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 1374 const u8 *wmm_ie, size_t wmm_ie_len) 1375{ 1376 sta->flags &= ~WLAN_STA_WMM; 1377 sta->qosinfo = 0; 1378 if (wmm_ie && hapd->conf->wmm_enabled) { 1379 struct wmm_information_element *wmm; 1380 1381 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 1382 hostapd_logger(hapd, sta->addr, 1383 HOSTAPD_MODULE_WPA, 1384 HOSTAPD_LEVEL_DEBUG, 1385 "invalid WMM element in association " 1386 "request"); 1387 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1388 } 1389 1390 sta->flags |= WLAN_STA_WMM; 1391 wmm = (struct wmm_information_element *) wmm_ie; 1392 sta->qosinfo = wmm->qos_info; 1393 } 1394 return WLAN_STATUS_SUCCESS; 1395} 1396 1397 1398static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 1399 struct ieee802_11_elems *elems) 1400{ 1401 if (!elems->supp_rates) { 1402 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1403 HOSTAPD_LEVEL_DEBUG, 1404 "No supported rates element in AssocReq"); 1405 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1406 } 1407 1408 if (elems->supp_rates_len + elems->ext_supp_rates_len > 1409 sizeof(sta->supported_rates)) { 1410 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1411 HOSTAPD_LEVEL_DEBUG, 1412 "Invalid supported rates element length %d+%d", 1413 elems->supp_rates_len, 1414 elems->ext_supp_rates_len); 1415 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1416 } 1417 1418 sta->supported_rates_len = merge_byte_arrays( 1419 sta->supported_rates, sizeof(sta->supported_rates), 1420 elems->supp_rates, elems->supp_rates_len, 1421 elems->ext_supp_rates, elems->ext_supp_rates_len); 1422 1423 return WLAN_STATUS_SUCCESS; 1424} 1425 1426 1427static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, 1428 const u8 *ext_capab_ie, size_t ext_capab_ie_len) 1429{ 1430#ifdef CONFIG_INTERWORKING 1431 /* check for QoS Map support */ 1432 if (ext_capab_ie_len >= 5) { 1433 if (ext_capab_ie[4] & 0x01) 1434 sta->qos_map_enabled = 1; 1435 } 1436#endif /* CONFIG_INTERWORKING */ 1437 1438 if (ext_capab_ie_len > 0) 1439 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2)); 1440 1441 return WLAN_STATUS_SUCCESS; 1442} 1443 1444 1445static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 1446 const u8 *ies, size_t ies_len, int reassoc) 1447{ 1448 struct ieee802_11_elems elems; 1449 u16 resp; 1450 const u8 *wpa_ie; 1451 size_t wpa_ie_len; 1452 const u8 *p2p_dev_addr = NULL; 1453 1454 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 1455 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1456 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 1457 "association request"); 1458 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1459 } 1460 1461 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 1462 if (resp != WLAN_STATUS_SUCCESS) 1463 return resp; 1464 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 1465 if (resp != WLAN_STATUS_SUCCESS) 1466 return resp; 1467 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len); 1468 if (resp != WLAN_STATUS_SUCCESS) 1469 return resp; 1470 resp = copy_supp_rates(hapd, sta, &elems); 1471 if (resp != WLAN_STATUS_SUCCESS) 1472 return resp; 1473#ifdef CONFIG_IEEE80211N 1474 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities); 1475 if (resp != WLAN_STATUS_SUCCESS) 1476 return resp; 1477 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 1478 !(sta->flags & WLAN_STA_HT)) { 1479 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1480 HOSTAPD_LEVEL_INFO, "Station does not support " 1481 "mandatory HT PHY - reject association"); 1482 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 1483 } 1484#endif /* CONFIG_IEEE80211N */ 1485 1486#ifdef CONFIG_IEEE80211AC 1487 if (hapd->iconf->ieee80211ac) { 1488 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities); 1489 if (resp != WLAN_STATUS_SUCCESS) 1490 return resp; 1491 1492 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif); 1493 if (resp != WLAN_STATUS_SUCCESS) 1494 return resp; 1495 } 1496 1497 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 1498 !(sta->flags & WLAN_STA_VHT)) { 1499 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1500 HOSTAPD_LEVEL_INFO, "Station does not support " 1501 "mandatory VHT PHY - reject association"); 1502 return WLAN_STATUS_ASSOC_DENIED_NO_VHT; 1503 } 1504 1505 if (hapd->conf->vendor_vht && !elems.vht_capabilities) { 1506 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht, 1507 elems.vendor_vht_len); 1508 if (resp != WLAN_STATUS_SUCCESS) 1509 return resp; 1510 } 1511#endif /* CONFIG_IEEE80211AC */ 1512 1513#ifdef CONFIG_P2P 1514 if (elems.p2p) { 1515 wpabuf_free(sta->p2p_ie); 1516 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1517 P2P_IE_VENDOR_TYPE); 1518 if (sta->p2p_ie) 1519 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 1520 } else { 1521 wpabuf_free(sta->p2p_ie); 1522 sta->p2p_ie = NULL; 1523 } 1524#endif /* CONFIG_P2P */ 1525 1526 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 1527 wpa_ie = elems.rsn_ie; 1528 wpa_ie_len = elems.rsn_ie_len; 1529 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 1530 elems.wpa_ie) { 1531 wpa_ie = elems.wpa_ie; 1532 wpa_ie_len = elems.wpa_ie_len; 1533 } else { 1534 wpa_ie = NULL; 1535 wpa_ie_len = 0; 1536 } 1537 1538#ifdef CONFIG_WPS 1539 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 1540 if (hapd->conf->wps_state && elems.wps_ie) { 1541 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 1542 "Request - assume WPS is used"); 1543 sta->flags |= WLAN_STA_WPS; 1544 wpabuf_free(sta->wps_ie); 1545 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1546 WPS_IE_VENDOR_TYPE); 1547 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 1548 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 1549 sta->flags |= WLAN_STA_WPS2; 1550 } 1551 wpa_ie = NULL; 1552 wpa_ie_len = 0; 1553 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 1554 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 1555 "(Re)Association Request - reject"); 1556 return WLAN_STATUS_INVALID_IE; 1557 } 1558 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 1559 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 1560 "(Re)Association Request - possible WPS use"); 1561 sta->flags |= WLAN_STA_MAYBE_WPS; 1562 } else 1563#endif /* CONFIG_WPS */ 1564 if (hapd->conf->wpa && wpa_ie == NULL) { 1565 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1566 HOSTAPD_LEVEL_INFO, 1567 "No WPA/RSN IE in association request"); 1568 return WLAN_STATUS_INVALID_IE; 1569 } 1570 1571 if (hapd->conf->wpa && wpa_ie) { 1572 int res; 1573 wpa_ie -= 2; 1574 wpa_ie_len += 2; 1575 if (sta->wpa_sm == NULL) 1576 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1577 sta->addr, 1578 p2p_dev_addr); 1579 if (sta->wpa_sm == NULL) { 1580 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1581 "state machine"); 1582 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1583 } 1584 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 1585 wpa_ie, wpa_ie_len, 1586 elems.mdie, elems.mdie_len); 1587 if (res == WPA_INVALID_GROUP) 1588 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 1589 else if (res == WPA_INVALID_PAIRWISE) 1590 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 1591 else if (res == WPA_INVALID_AKMP) 1592 resp = WLAN_STATUS_AKMP_NOT_VALID; 1593 else if (res == WPA_ALLOC_FAIL) 1594 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1595#ifdef CONFIG_IEEE80211W 1596 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 1597 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1598 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 1599 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1600#endif /* CONFIG_IEEE80211W */ 1601 else if (res == WPA_INVALID_MDIE) 1602 resp = WLAN_STATUS_INVALID_MDIE; 1603 else if (res != WPA_IE_OK) 1604 resp = WLAN_STATUS_INVALID_IE; 1605 if (resp != WLAN_STATUS_SUCCESS) 1606 return resp; 1607#ifdef CONFIG_IEEE80211W 1608 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1609 sta->sa_query_count > 0) 1610 ap_check_sa_query_timeout(hapd, sta); 1611 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1612 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 1613 /* 1614 * STA has already been associated with MFP and SA 1615 * Query timeout has not been reached. Reject the 1616 * association attempt temporarily and start SA Query, 1617 * if one is not pending. 1618 */ 1619 1620 if (sta->sa_query_count == 0) 1621 ap_sta_start_sa_query(hapd, sta); 1622 1623 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1624 } 1625 1626 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1627 sta->flags |= WLAN_STA_MFP; 1628 else 1629 sta->flags &= ~WLAN_STA_MFP; 1630#endif /* CONFIG_IEEE80211W */ 1631 1632#ifdef CONFIG_IEEE80211R 1633 if (sta->auth_alg == WLAN_AUTH_FT) { 1634 if (!reassoc) { 1635 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1636 "to use association (not " 1637 "re-association) with FT auth_alg", 1638 MAC2STR(sta->addr)); 1639 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1640 } 1641 1642 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1643 ies_len); 1644 if (resp != WLAN_STATUS_SUCCESS) 1645 return resp; 1646 } 1647#endif /* CONFIG_IEEE80211R */ 1648 1649#ifdef CONFIG_SAE 1650 if (wpa_auth_uses_sae(sta->wpa_sm) && 1651 sta->auth_alg == WLAN_AUTH_OPEN) { 1652 struct rsn_pmksa_cache_entry *sa; 1653 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm); 1654 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) { 1655 wpa_printf(MSG_DEBUG, 1656 "SAE: No PMKSA cache entry found for " 1657 MACSTR, MAC2STR(sta->addr)); 1658 return WLAN_STATUS_INVALID_PMKID; 1659 } 1660 wpa_printf(MSG_DEBUG, "SAE: " MACSTR 1661 " using PMKSA caching", MAC2STR(sta->addr)); 1662 } else if (wpa_auth_uses_sae(sta->wpa_sm) && 1663 sta->auth_alg != WLAN_AUTH_SAE && 1664 !(sta->auth_alg == WLAN_AUTH_FT && 1665 wpa_auth_uses_ft_sae(sta->wpa_sm))) { 1666 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1667 "SAE AKM after non-SAE auth_alg %u", 1668 MAC2STR(sta->addr), sta->auth_alg); 1669 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1670 } 1671#endif /* CONFIG_SAE */ 1672 1673#ifdef CONFIG_IEEE80211N 1674 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1675 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1676 hostapd_logger(hapd, sta->addr, 1677 HOSTAPD_MODULE_IEEE80211, 1678 HOSTAPD_LEVEL_INFO, 1679 "Station tried to use TKIP with HT " 1680 "association"); 1681 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1682 } 1683#endif /* CONFIG_IEEE80211N */ 1684#ifdef CONFIG_HS20 1685 } else if (hapd->conf->osen) { 1686 if (elems.osen == NULL) { 1687 hostapd_logger( 1688 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1689 HOSTAPD_LEVEL_INFO, 1690 "No HS 2.0 OSEN element in association request"); 1691 return WLAN_STATUS_INVALID_IE; 1692 } 1693 1694 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association"); 1695 if (sta->wpa_sm == NULL) 1696 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1697 sta->addr, NULL); 1698 if (sta->wpa_sm == NULL) { 1699 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1700 "state machine"); 1701 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1702 } 1703 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm, 1704 elems.osen - 2, elems.osen_len + 2) < 0) 1705 return WLAN_STATUS_INVALID_IE; 1706#endif /* CONFIG_HS20 */ 1707 } else 1708 wpa_auth_sta_no_wpa(sta->wpa_sm); 1709 1710#ifdef CONFIG_P2P 1711 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1712#endif /* CONFIG_P2P */ 1713 1714#ifdef CONFIG_HS20 1715 wpabuf_free(sta->hs20_ie); 1716 if (elems.hs20 && elems.hs20_len > 4) { 1717 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1718 elems.hs20_len - 4); 1719 } else 1720 sta->hs20_ie = NULL; 1721#endif /* CONFIG_HS20 */ 1722 1723#ifdef CONFIG_FST 1724 wpabuf_free(sta->mb_ies); 1725 if (hapd->iface->fst) 1726 sta->mb_ies = mb_ies_by_info(&elems.mb_ies); 1727 else 1728 sta->mb_ies = NULL; 1729#endif /* CONFIG_FST */ 1730 1731#ifdef CONFIG_MBO 1732 mbo_ap_check_sta_assoc(hapd, sta, &elems); 1733 1734 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) && 1735 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) && 1736 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 1737 wpa_printf(MSG_INFO, 1738 "MBO: Reject WPA2 association without PMF"); 1739 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1740 } 1741#endif /* CONFIG_MBO */ 1742 1743 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes, 1744 elems.supp_op_classes_len); 1745 1746 return WLAN_STATUS_SUCCESS; 1747} 1748 1749 1750static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1751 u16 reason_code) 1752{ 1753 int send_len; 1754 struct ieee80211_mgmt reply; 1755 1756 os_memset(&reply, 0, sizeof(reply)); 1757 reply.frame_control = 1758 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1759 os_memcpy(reply.da, addr, ETH_ALEN); 1760 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1761 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1762 1763 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1764 reply.u.deauth.reason_code = host_to_le16(reason_code); 1765 1766 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1767 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1768 strerror(errno)); 1769} 1770 1771 1772static int add_associated_sta(struct hostapd_data *hapd, 1773 struct sta_info *sta) 1774{ 1775 struct ieee80211_ht_capabilities ht_cap; 1776 struct ieee80211_vht_capabilities vht_cap; 1777 int set = 1; 1778 1779 /* 1780 * Remove the STA entry to ensure the STA PS state gets cleared and 1781 * configuration gets updated. This is relevant for cases, such as 1782 * FT-over-the-DS, where a station re-associates back to the same AP but 1783 * skips the authentication flow, or if working with a driver that 1784 * does not support full AP client state. 1785 * 1786 * Skip this if the STA has already completed FT reassociation and the 1787 * TK has been configured since the TX/RX PN must not be reset to 0 for 1788 * the same key. 1789 */ 1790 if (!sta->added_unassoc && 1791 (!(sta->flags & WLAN_STA_AUTHORIZED) || 1792 !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { 1793 hostapd_drv_sta_remove(hapd, sta->addr); 1794 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); 1795 set = 0; 1796 } 1797 1798#ifdef CONFIG_IEEE80211N 1799 if (sta->flags & WLAN_STA_HT) 1800 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1801#endif /* CONFIG_IEEE80211N */ 1802#ifdef CONFIG_IEEE80211AC 1803 if (sta->flags & WLAN_STA_VHT) 1804 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1805#endif /* CONFIG_IEEE80211AC */ 1806 1807 /* 1808 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags 1809 * will be set when the ACK frame for the (Re)Association Response frame 1810 * is processed (TX status driver event). 1811 */ 1812 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1813 sta->supported_rates, sta->supported_rates_len, 1814 sta->listen_interval, 1815 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1816 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1817 sta->flags | WLAN_STA_ASSOC, sta->qosinfo, 1818 sta->vht_opmode, set)) { 1819 hostapd_logger(hapd, sta->addr, 1820 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, 1821 "Could not %s STA to kernel driver", 1822 set ? "set" : "add"); 1823 1824 if (sta->added_unassoc) { 1825 hostapd_drv_sta_remove(hapd, sta->addr); 1826 sta->added_unassoc = 0; 1827 } 1828 1829 return -1; 1830 } 1831 1832 sta->added_unassoc = 0; 1833 1834 return 0; 1835} 1836 1837 1838static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1839 u16 status_code, int reassoc, const u8 *ies, 1840 size_t ies_len) 1841{ 1842 int send_len; 1843 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1844 struct ieee80211_mgmt *reply; 1845 u8 *p; 1846 1847 os_memset(buf, 0, sizeof(buf)); 1848 reply = (struct ieee80211_mgmt *) buf; 1849 reply->frame_control = 1850 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1851 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1852 WLAN_FC_STYPE_ASSOC_RESP)); 1853 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1854 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1855 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1856 1857 send_len = IEEE80211_HDRLEN; 1858 send_len += sizeof(reply->u.assoc_resp); 1859 reply->u.assoc_resp.capab_info = 1860 host_to_le16(hostapd_own_capab_info(hapd)); 1861 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1862 reply->u.assoc_resp.aid = host_to_le16(sta->aid | BIT(14) | BIT(15)); 1863 /* Supported rates */ 1864 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1865 /* Extended supported rates */ 1866 p = hostapd_eid_ext_supp_rates(hapd, p); 1867 1868#ifdef CONFIG_IEEE80211R 1869 if (status_code == WLAN_STATUS_SUCCESS) { 1870 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1871 * Transition Information, RSN, [RIC Response] */ 1872 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1873 buf + sizeof(buf) - p, 1874 sta->auth_alg, ies, ies_len); 1875 } 1876#endif /* CONFIG_IEEE80211R */ 1877 1878#ifdef CONFIG_IEEE80211W 1879 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1880 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1881#endif /* CONFIG_IEEE80211W */ 1882 1883#ifdef CONFIG_IEEE80211N 1884 p = hostapd_eid_ht_capabilities(hapd, p); 1885 p = hostapd_eid_ht_operation(hapd, p); 1886#endif /* CONFIG_IEEE80211N */ 1887 1888#ifdef CONFIG_IEEE80211AC 1889 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) { 1890 p = hostapd_eid_vht_capabilities(hapd, p); 1891 p = hostapd_eid_vht_operation(hapd, p); 1892 } 1893#endif /* CONFIG_IEEE80211AC */ 1894 1895 p = hostapd_eid_ext_capab(hapd, p); 1896 p = hostapd_eid_bss_max_idle_period(hapd, p); 1897 if (sta->qos_map_enabled) 1898 p = hostapd_eid_qos_map_set(hapd, p); 1899 1900#ifdef CONFIG_FST 1901 if (hapd->iface->fst_ies) { 1902 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies), 1903 wpabuf_len(hapd->iface->fst_ies)); 1904 p += wpabuf_len(hapd->iface->fst_ies); 1905 } 1906#endif /* CONFIG_FST */ 1907 1908#ifdef CONFIG_IEEE80211AC 1909 if (hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT)) 1910 p = hostapd_eid_vendor_vht(hapd, p); 1911#endif /* CONFIG_IEEE80211AC */ 1912 1913 if (sta->flags & WLAN_STA_WMM) 1914 p = hostapd_eid_wmm(hapd, p); 1915 1916#ifdef CONFIG_WPS 1917 if ((sta->flags & WLAN_STA_WPS) || 1918 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1919 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1920 if (wps) { 1921 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1922 p += wpabuf_len(wps); 1923 wpabuf_free(wps); 1924 } 1925 } 1926#endif /* CONFIG_WPS */ 1927 1928#ifdef CONFIG_P2P 1929 if (sta->p2p_ie && hapd->p2p_group) { 1930 struct wpabuf *p2p_resp_ie; 1931 enum p2p_status_code status; 1932 switch (status_code) { 1933 case WLAN_STATUS_SUCCESS: 1934 status = P2P_SC_SUCCESS; 1935 break; 1936 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1937 status = P2P_SC_FAIL_LIMIT_REACHED; 1938 break; 1939 default: 1940 status = P2P_SC_FAIL_INVALID_PARAMS; 1941 break; 1942 } 1943 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1944 if (p2p_resp_ie) { 1945 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1946 wpabuf_len(p2p_resp_ie)); 1947 p += wpabuf_len(p2p_resp_ie); 1948 wpabuf_free(p2p_resp_ie); 1949 } 1950 } 1951#endif /* CONFIG_P2P */ 1952 1953#ifdef CONFIG_P2P_MANAGER 1954 if (hapd->conf->p2p & P2P_MANAGE) 1955 p = hostapd_eid_p2p_manage(hapd, p); 1956#endif /* CONFIG_P2P_MANAGER */ 1957 1958 p = hostapd_eid_mbo(hapd, p, buf + sizeof(buf) - p); 1959 1960 send_len += p - reply->u.assoc_resp.variable; 1961 1962 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) { 1963 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1964 strerror(errno)); 1965 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1966 } 1967 1968 return WLAN_STATUS_SUCCESS; 1969} 1970 1971 1972static void handle_assoc(struct hostapd_data *hapd, 1973 const struct ieee80211_mgmt *mgmt, size_t len, 1974 int reassoc) 1975{ 1976 u16 capab_info, listen_interval, seq_ctrl, fc; 1977 u16 resp = WLAN_STATUS_SUCCESS, reply_res; 1978 const u8 *pos; 1979 int left, i; 1980 struct sta_info *sta; 1981 1982 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1983 sizeof(mgmt->u.assoc_req))) { 1984 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)", 1985 reassoc, (unsigned long) len); 1986 return; 1987 } 1988 1989#ifdef CONFIG_TESTING_OPTIONS 1990 if (reassoc) { 1991 if (hapd->iconf->ignore_reassoc_probability > 0.0 && 1992 drand48() < hapd->iconf->ignore_reassoc_probability) { 1993 wpa_printf(MSG_INFO, 1994 "TESTING: ignoring reassoc request from " 1995 MACSTR, MAC2STR(mgmt->sa)); 1996 return; 1997 } 1998 } else { 1999 if (hapd->iconf->ignore_assoc_probability > 0.0 && 2000 drand48() < hapd->iconf->ignore_assoc_probability) { 2001 wpa_printf(MSG_INFO, 2002 "TESTING: ignoring assoc request from " 2003 MACSTR, MAC2STR(mgmt->sa)); 2004 return; 2005 } 2006 } 2007#endif /* CONFIG_TESTING_OPTIONS */ 2008 2009 fc = le_to_host16(mgmt->frame_control); 2010 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 2011 2012 if (reassoc) { 2013 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 2014 listen_interval = le_to_host16( 2015 mgmt->u.reassoc_req.listen_interval); 2016 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 2017 " capab_info=0x%02x listen_interval=%d current_ap=" 2018 MACSTR " seq_ctrl=0x%x%s", 2019 MAC2STR(mgmt->sa), capab_info, listen_interval, 2020 MAC2STR(mgmt->u.reassoc_req.current_ap), 2021 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 2022 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 2023 pos = mgmt->u.reassoc_req.variable; 2024 } else { 2025 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 2026 listen_interval = le_to_host16( 2027 mgmt->u.assoc_req.listen_interval); 2028 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 2029 " capab_info=0x%02x listen_interval=%d " 2030 "seq_ctrl=0x%x%s", 2031 MAC2STR(mgmt->sa), capab_info, listen_interval, 2032 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 2033 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 2034 pos = mgmt->u.assoc_req.variable; 2035 } 2036 2037 sta = ap_get_sta(hapd, mgmt->sa); 2038#ifdef CONFIG_IEEE80211R 2039 if (sta && sta->auth_alg == WLAN_AUTH_FT && 2040 (sta->flags & WLAN_STA_AUTH) == 0) { 2041 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 2042 "prior to authentication since it is using " 2043 "over-the-DS FT", MAC2STR(mgmt->sa)); 2044 2045 /* 2046 * Mark station as authenticated, to avoid adding station 2047 * entry in the driver as associated and not authenticated 2048 */ 2049 sta->flags |= WLAN_STA_AUTH; 2050 } else 2051#endif /* CONFIG_IEEE80211R */ 2052 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 2053 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2054 HOSTAPD_LEVEL_INFO, "Station tried to " 2055 "associate before authentication " 2056 "(aid=%d flags=0x%x)", 2057 sta ? sta->aid : -1, 2058 sta ? sta->flags : 0); 2059 send_deauth(hapd, mgmt->sa, 2060 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 2061 return; 2062 } 2063 2064 if ((fc & WLAN_FC_RETRY) && 2065 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 2066 sta->last_seq_ctrl == seq_ctrl && 2067 sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 2068 WLAN_FC_STYPE_ASSOC_REQ) { 2069 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2070 HOSTAPD_LEVEL_DEBUG, 2071 "Drop repeated association frame seq_ctrl=0x%x", 2072 seq_ctrl); 2073 return; 2074 } 2075 sta->last_seq_ctrl = seq_ctrl; 2076 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 2077 WLAN_FC_STYPE_ASSOC_REQ; 2078 2079 if (hapd->tkip_countermeasures) { 2080 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 2081 goto fail; 2082 } 2083 2084 if (listen_interval > hapd->conf->max_listen_interval) { 2085 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2086 HOSTAPD_LEVEL_DEBUG, 2087 "Too large Listen Interval (%d)", 2088 listen_interval); 2089 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 2090 goto fail; 2091 } 2092 2093#ifdef CONFIG_MBO 2094 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) { 2095 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2096 goto fail; 2097 } 2098#endif /* CONFIG_MBO */ 2099 2100 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 2101 * is used */ 2102 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 2103 if (resp != WLAN_STATUS_SUCCESS) 2104 goto fail; 2105 2106 if (hostapd_get_aid(hapd, sta) < 0) { 2107 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2108 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 2109 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2110 goto fail; 2111 } 2112 2113 sta->capability = capab_info; 2114 sta->listen_interval = listen_interval; 2115 2116 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 2117 sta->flags |= WLAN_STA_NONERP; 2118 for (i = 0; i < sta->supported_rates_len; i++) { 2119 if ((sta->supported_rates[i] & 0x7f) > 22) { 2120 sta->flags &= ~WLAN_STA_NONERP; 2121 break; 2122 } 2123 } 2124 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 2125 sta->nonerp_set = 1; 2126 hapd->iface->num_sta_non_erp++; 2127 if (hapd->iface->num_sta_non_erp == 1) 2128 ieee802_11_set_beacons(hapd->iface); 2129 } 2130 2131 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 2132 !sta->no_short_slot_time_set) { 2133 sta->no_short_slot_time_set = 1; 2134 hapd->iface->num_sta_no_short_slot_time++; 2135 if (hapd->iface->current_mode->mode == 2136 HOSTAPD_MODE_IEEE80211G && 2137 hapd->iface->num_sta_no_short_slot_time == 1) 2138 ieee802_11_set_beacons(hapd->iface); 2139 } 2140 2141 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 2142 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 2143 else 2144 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 2145 2146 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 2147 !sta->no_short_preamble_set) { 2148 sta->no_short_preamble_set = 1; 2149 hapd->iface->num_sta_no_short_preamble++; 2150 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 2151 && hapd->iface->num_sta_no_short_preamble == 1) 2152 ieee802_11_set_beacons(hapd->iface); 2153 } 2154 2155#ifdef CONFIG_IEEE80211N 2156 update_ht_state(hapd, sta); 2157#endif /* CONFIG_IEEE80211N */ 2158 2159 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2160 HOSTAPD_LEVEL_DEBUG, 2161 "association OK (aid %d)", sta->aid); 2162 /* Station will be marked associated, after it acknowledges AssocResp 2163 */ 2164 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 2165 2166#ifdef CONFIG_IEEE80211W 2167 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 2168 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 2169 "SA Query procedure", reassoc ? "re" : ""); 2170 /* TODO: Send a protected Disassociate frame to the STA using 2171 * the old key and Reason Code "Previous Authentication no 2172 * longer valid". Make sure this is only sent protected since 2173 * unprotected frame would be received by the STA that is now 2174 * trying to associate. 2175 */ 2176 } 2177#endif /* CONFIG_IEEE80211W */ 2178 2179 /* Make sure that the previously registered inactivity timer will not 2180 * remove the STA immediately. */ 2181 sta->timeout_next = STA_NULLFUNC; 2182 2183 fail: 2184 /* 2185 * In case of a successful response, add the station to the driver. 2186 * Otherwise, the kernel may ignore Data frames before we process the 2187 * ACK frame (TX status). In case of a failure, this station will be 2188 * removed. 2189 * 2190 * Note that this is not compliant with the IEEE 802.11 standard that 2191 * states that a non-AP station should transition into the 2192 * authenticated/associated state only after the station acknowledges 2193 * the (Re)Association Response frame. However, still do this as: 2194 * 2195 * 1. In case the station does not acknowledge the (Re)Association 2196 * Response frame, it will be removed. 2197 * 2. Data frames will be dropped in the kernel until the station is 2198 * set into authorized state, and there are no significant known 2199 * issues with processing other non-Data Class 3 frames during this 2200 * window. 2201 */ 2202 if (resp == WLAN_STATUS_SUCCESS && add_associated_sta(hapd, sta)) 2203 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2204 2205 reply_res = send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 2206 2207 /* 2208 * Remove the station in case tranmission of a success response fails 2209 * (the STA was added associated to the driver) or if the station was 2210 * previously added unassociated. 2211 */ 2212 if ((reply_res != WLAN_STATUS_SUCCESS && 2213 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc) { 2214 hostapd_drv_sta_remove(hapd, sta->addr); 2215 sta->added_unassoc = 0; 2216 } 2217} 2218 2219 2220static void handle_disassoc(struct hostapd_data *hapd, 2221 const struct ieee80211_mgmt *mgmt, size_t len) 2222{ 2223 struct sta_info *sta; 2224 2225 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 2226 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)", 2227 (unsigned long) len); 2228 return; 2229 } 2230 2231 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 2232 MAC2STR(mgmt->sa), 2233 le_to_host16(mgmt->u.disassoc.reason_code)); 2234 2235 sta = ap_get_sta(hapd, mgmt->sa); 2236 if (sta == NULL) { 2237 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated", 2238 MAC2STR(mgmt->sa)); 2239 return; 2240 } 2241 2242 ap_sta_set_authorized(hapd, sta, 0); 2243 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 2244 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 2245 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 2246 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2247 HOSTAPD_LEVEL_INFO, "disassociated"); 2248 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 2249 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 2250 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 2251 * authenticated. */ 2252 accounting_sta_stop(hapd, sta); 2253 ieee802_1x_free_station(hapd, sta); 2254 if (sta->ipaddr) 2255 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 2256 ap_sta_ip6addr_del(hapd, sta); 2257 hostapd_drv_sta_remove(hapd, sta->addr); 2258 sta->added_unassoc = 0; 2259 2260 if (sta->timeout_next == STA_NULLFUNC || 2261 sta->timeout_next == STA_DISASSOC) { 2262 sta->timeout_next = STA_DEAUTH; 2263 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 2264 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 2265 hapd, sta); 2266 } 2267 2268 mlme_disassociate_indication( 2269 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 2270} 2271 2272 2273static void handle_deauth(struct hostapd_data *hapd, 2274 const struct ieee80211_mgmt *mgmt, size_t len) 2275{ 2276 struct sta_info *sta; 2277 2278 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 2279 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 2280 "payload (len=%lu)", (unsigned long) len); 2281 return; 2282 } 2283 2284 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 2285 " reason_code=%d", 2286 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 2287 2288 sta = ap_get_sta(hapd, mgmt->sa); 2289 if (sta == NULL) { 2290 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 2291 "to deauthenticate, but it is not authenticated", 2292 MAC2STR(mgmt->sa)); 2293 return; 2294 } 2295 2296 ap_sta_set_authorized(hapd, sta, 0); 2297 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 2298 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 2299 WLAN_STA_ASSOC_REQ_OK); 2300 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 2301 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2302 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 2303 mlme_deauthenticate_indication( 2304 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 2305 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 2306 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 2307 ap_free_sta(hapd, sta); 2308} 2309 2310 2311static void handle_beacon(struct hostapd_data *hapd, 2312 const struct ieee80211_mgmt *mgmt, size_t len, 2313 struct hostapd_frame_info *fi) 2314{ 2315 struct ieee802_11_elems elems; 2316 2317 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 2318 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)", 2319 (unsigned long) len); 2320 return; 2321 } 2322 2323 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 2324 len - (IEEE80211_HDRLEN + 2325 sizeof(mgmt->u.beacon)), &elems, 2326 0); 2327 2328 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 2329} 2330 2331 2332#ifdef CONFIG_IEEE80211W 2333 2334static int hostapd_sa_query_action(struct hostapd_data *hapd, 2335 const struct ieee80211_mgmt *mgmt, 2336 size_t len) 2337{ 2338 const u8 *end; 2339 2340 end = mgmt->u.action.u.sa_query_resp.trans_id + 2341 WLAN_SA_QUERY_TR_ID_LEN; 2342 if (((u8 *) mgmt) + len < end) { 2343 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 2344 "frame (len=%lu)", (unsigned long) len); 2345 return 0; 2346 } 2347 2348 ieee802_11_sa_query_action(hapd, mgmt->sa, 2349 mgmt->u.action.u.sa_query_resp.action, 2350 mgmt->u.action.u.sa_query_resp.trans_id); 2351 return 1; 2352} 2353 2354 2355static int robust_action_frame(u8 category) 2356{ 2357 return category != WLAN_ACTION_PUBLIC && 2358 category != WLAN_ACTION_HT; 2359} 2360#endif /* CONFIG_IEEE80211W */ 2361 2362 2363static int handle_action(struct hostapd_data *hapd, 2364 const struct ieee80211_mgmt *mgmt, size_t len) 2365{ 2366 struct sta_info *sta; 2367 sta = ap_get_sta(hapd, mgmt->sa); 2368 2369 if (len < IEEE80211_HDRLEN + 1) { 2370 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2371 HOSTAPD_LEVEL_DEBUG, 2372 "handle_action - too short payload (len=%lu)", 2373 (unsigned long) len); 2374 return 0; 2375 } 2376 2377 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 2378 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 2379 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 2380 "frame (category=%u) from unassociated STA " MACSTR, 2381 MAC2STR(mgmt->sa), mgmt->u.action.category); 2382 return 0; 2383 } 2384 2385#ifdef CONFIG_IEEE80211W 2386 if (sta && (sta->flags & WLAN_STA_MFP) && 2387 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) && 2388 robust_action_frame(mgmt->u.action.category)) { 2389 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2390 HOSTAPD_LEVEL_DEBUG, 2391 "Dropped unprotected Robust Action frame from " 2392 "an MFP STA"); 2393 return 0; 2394 } 2395#endif /* CONFIG_IEEE80211W */ 2396 2397 if (sta) { 2398 u16 fc = le_to_host16(mgmt->frame_control); 2399 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 2400 2401 if ((fc & WLAN_FC_RETRY) && 2402 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 2403 sta->last_seq_ctrl == seq_ctrl && 2404 sta->last_subtype == WLAN_FC_STYPE_ACTION) { 2405 hostapd_logger(hapd, sta->addr, 2406 HOSTAPD_MODULE_IEEE80211, 2407 HOSTAPD_LEVEL_DEBUG, 2408 "Drop repeated action frame seq_ctrl=0x%x", 2409 seq_ctrl); 2410 return 1; 2411 } 2412 2413 sta->last_seq_ctrl = seq_ctrl; 2414 sta->last_subtype = WLAN_FC_STYPE_ACTION; 2415 } 2416 2417 switch (mgmt->u.action.category) { 2418#ifdef CONFIG_IEEE80211R 2419 case WLAN_ACTION_FT: 2420 if (!sta || 2421 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 2422 len - IEEE80211_HDRLEN)) 2423 break; 2424 return 1; 2425#endif /* CONFIG_IEEE80211R */ 2426 case WLAN_ACTION_WMM: 2427 hostapd_wmm_action(hapd, mgmt, len); 2428 return 1; 2429#ifdef CONFIG_IEEE80211W 2430 case WLAN_ACTION_SA_QUERY: 2431 return hostapd_sa_query_action(hapd, mgmt, len); 2432#endif /* CONFIG_IEEE80211W */ 2433#ifdef CONFIG_WNM 2434 case WLAN_ACTION_WNM: 2435 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len); 2436 return 1; 2437#endif /* CONFIG_WNM */ 2438#ifdef CONFIG_FST 2439 case WLAN_ACTION_FST: 2440 if (hapd->iface->fst) 2441 fst_rx_action(hapd->iface->fst, mgmt, len); 2442 else 2443 wpa_printf(MSG_DEBUG, 2444 "FST: Ignore FST Action frame - no FST attached"); 2445 return 1; 2446#endif /* CONFIG_FST */ 2447 case WLAN_ACTION_PUBLIC: 2448 case WLAN_ACTION_PROTECTED_DUAL: 2449#ifdef CONFIG_IEEE80211N 2450 if (len >= IEEE80211_HDRLEN + 2 && 2451 mgmt->u.action.u.public_action.action == 2452 WLAN_PA_20_40_BSS_COEX) { 2453 wpa_printf(MSG_DEBUG, 2454 "HT20/40 coex mgmt frame received from STA " 2455 MACSTR, MAC2STR(mgmt->sa)); 2456 hostapd_2040_coex_action(hapd, mgmt, len); 2457 } 2458#endif /* CONFIG_IEEE80211N */ 2459 if (hapd->public_action_cb) { 2460 hapd->public_action_cb(hapd->public_action_cb_ctx, 2461 (u8 *) mgmt, len, 2462 hapd->iface->freq); 2463 } 2464 if (hapd->public_action_cb2) { 2465 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 2466 (u8 *) mgmt, len, 2467 hapd->iface->freq); 2468 } 2469 if (hapd->public_action_cb || hapd->public_action_cb2) 2470 return 1; 2471 break; 2472 case WLAN_ACTION_VENDOR_SPECIFIC: 2473 if (hapd->vendor_action_cb) { 2474 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 2475 (u8 *) mgmt, len, 2476 hapd->iface->freq) == 0) 2477 return 1; 2478 } 2479 break; 2480 } 2481 2482 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2483 HOSTAPD_LEVEL_DEBUG, 2484 "handle_action - unknown action category %d or invalid " 2485 "frame", 2486 mgmt->u.action.category); 2487 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 2488 !(mgmt->sa[0] & 0x01)) { 2489 struct ieee80211_mgmt *resp; 2490 2491 /* 2492 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 2493 * Return the Action frame to the source without change 2494 * except that MSB of the Category set to 1. 2495 */ 2496 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 2497 "frame back to sender"); 2498 resp = os_malloc(len); 2499 if (resp == NULL) 2500 return 0; 2501 os_memcpy(resp, mgmt, len); 2502 os_memcpy(resp->da, resp->sa, ETH_ALEN); 2503 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 2504 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 2505 resp->u.action.category |= 0x80; 2506 2507 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 2508 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 2509 "Action frame"); 2510 } 2511 os_free(resp); 2512 } 2513 2514 return 1; 2515} 2516 2517 2518/** 2519 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 2520 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 2521 * sent to) 2522 * @buf: management frame data (starting from IEEE 802.11 header) 2523 * @len: length of frame data in octets 2524 * @fi: meta data about received frame (signal level, etc.) 2525 * 2526 * Process all incoming IEEE 802.11 management frames. This will be called for 2527 * each frame received from the kernel driver through wlan#ap interface. In 2528 * addition, it can be called to re-inserted pending frames (e.g., when using 2529 * external RADIUS server as an MAC ACL). 2530 */ 2531int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 2532 struct hostapd_frame_info *fi) 2533{ 2534 struct ieee80211_mgmt *mgmt; 2535 int broadcast; 2536 u16 fc, stype; 2537 int ret = 0; 2538 2539 if (len < 24) 2540 return 0; 2541 2542 mgmt = (struct ieee80211_mgmt *) buf; 2543 fc = le_to_host16(mgmt->frame_control); 2544 stype = WLAN_FC_GET_STYPE(fc); 2545 2546 if (stype == WLAN_FC_STYPE_BEACON) { 2547 handle_beacon(hapd, mgmt, len, fi); 2548 return 1; 2549 } 2550 2551 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 2552 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 2553 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 2554 2555 if (!broadcast && 2556#ifdef CONFIG_P2P 2557 /* Invitation responses can be sent with the peer MAC as BSSID */ 2558 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 2559 stype == WLAN_FC_STYPE_ACTION) && 2560#endif /* CONFIG_P2P */ 2561#ifdef CONFIG_MESH 2562 !(hapd->conf->mesh & MESH_ENABLED) && 2563#endif /* CONFIG_MESH */ 2564 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 2565 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", 2566 MAC2STR(mgmt->bssid)); 2567 return 0; 2568 } 2569 2570 2571 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 2572 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 2573 return 1; 2574 } 2575 2576 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 2577 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2578 HOSTAPD_LEVEL_DEBUG, 2579 "MGMT: DA=" MACSTR " not our address", 2580 MAC2STR(mgmt->da)); 2581 return 0; 2582 } 2583 2584 if (hapd->iconf->track_sta_max_num) 2585 sta_track_add(hapd->iface, mgmt->sa); 2586 2587 switch (stype) { 2588 case WLAN_FC_STYPE_AUTH: 2589 wpa_printf(MSG_DEBUG, "mgmt::auth"); 2590 handle_auth(hapd, mgmt, len); 2591 ret = 1; 2592 break; 2593 case WLAN_FC_STYPE_ASSOC_REQ: 2594 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 2595 handle_assoc(hapd, mgmt, len, 0); 2596 ret = 1; 2597 break; 2598 case WLAN_FC_STYPE_REASSOC_REQ: 2599 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 2600 handle_assoc(hapd, mgmt, len, 1); 2601 ret = 1; 2602 break; 2603 case WLAN_FC_STYPE_DISASSOC: 2604 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 2605 handle_disassoc(hapd, mgmt, len); 2606 ret = 1; 2607 break; 2608 case WLAN_FC_STYPE_DEAUTH: 2609 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 2610 handle_deauth(hapd, mgmt, len); 2611 ret = 1; 2612 break; 2613 case WLAN_FC_STYPE_ACTION: 2614 wpa_printf(MSG_DEBUG, "mgmt::action"); 2615 ret = handle_action(hapd, mgmt, len); 2616 break; 2617 default: 2618 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2619 HOSTAPD_LEVEL_DEBUG, 2620 "unknown mgmt frame subtype %d", stype); 2621 break; 2622 } 2623 2624 return ret; 2625} 2626 2627 2628static void handle_auth_cb(struct hostapd_data *hapd, 2629 const struct ieee80211_mgmt *mgmt, 2630 size_t len, int ok) 2631{ 2632 u16 auth_alg, auth_transaction, status_code; 2633 struct sta_info *sta; 2634 2635 sta = ap_get_sta(hapd, mgmt->da); 2636 if (!sta) { 2637 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found", 2638 MAC2STR(mgmt->da)); 2639 return; 2640 } 2641 2642 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 2643 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 2644 status_code = le_to_host16(mgmt->u.auth.status_code); 2645 2646 if (!ok) { 2647 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 2648 HOSTAPD_LEVEL_NOTICE, 2649 "did not acknowledge authentication response"); 2650 goto fail; 2651 } 2652 2653 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 2654 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)", 2655 (unsigned long) len); 2656 goto fail; 2657 } 2658 2659 if (status_code == WLAN_STATUS_SUCCESS && 2660 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 2661 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 2662 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2663 HOSTAPD_LEVEL_INFO, "authenticated"); 2664 sta->flags |= WLAN_STA_AUTH; 2665 if (sta->added_unassoc) 2666 hostapd_set_sta_flags(hapd, sta); 2667 return; 2668 } 2669 2670fail: 2671 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) { 2672 hostapd_drv_sta_remove(hapd, sta->addr); 2673 sta->added_unassoc = 0; 2674 } 2675} 2676 2677 2678static void hostapd_set_wds_encryption(struct hostapd_data *hapd, 2679 struct sta_info *sta, 2680 char *ifname_wds) 2681{ 2682 int i; 2683 struct hostapd_ssid *ssid = &hapd->conf->ssid; 2684 2685 if (hapd->conf->ieee802_1x || hapd->conf->wpa) 2686 return; 2687 2688 for (i = 0; i < 4; i++) { 2689 if (ssid->wep.key[i] && 2690 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i, 2691 i == ssid->wep.idx, NULL, 0, 2692 ssid->wep.key[i], ssid->wep.len[i])) { 2693 wpa_printf(MSG_WARNING, 2694 "Could not set WEP keys for WDS interface; %s", 2695 ifname_wds); 2696 break; 2697 } 2698 } 2699} 2700 2701 2702static void handle_assoc_cb(struct hostapd_data *hapd, 2703 const struct ieee80211_mgmt *mgmt, 2704 size_t len, int reassoc, int ok) 2705{ 2706 u16 status; 2707 struct sta_info *sta; 2708 int new_assoc = 1; 2709 2710 sta = ap_get_sta(hapd, mgmt->da); 2711 if (!sta) { 2712 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found", 2713 MAC2STR(mgmt->da)); 2714 return; 2715 } 2716 2717 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 2718 sizeof(mgmt->u.assoc_resp))) { 2719 wpa_printf(MSG_INFO, 2720 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)", 2721 reassoc, (unsigned long) len); 2722 hostapd_drv_sta_remove(hapd, sta->addr); 2723 return; 2724 } 2725 2726 if (reassoc) 2727 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 2728 else 2729 status = le_to_host16(mgmt->u.assoc_resp.status_code); 2730 2731 if (!ok) { 2732 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 2733 HOSTAPD_LEVEL_DEBUG, 2734 "did not acknowledge association response"); 2735 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 2736 /* The STA is added only in case of SUCCESS */ 2737 if (status == WLAN_STATUS_SUCCESS) 2738 hostapd_drv_sta_remove(hapd, sta->addr); 2739 2740 return; 2741 } 2742 2743 if (status != WLAN_STATUS_SUCCESS) 2744 return; 2745 2746 /* Stop previous accounting session, if one is started, and allocate 2747 * new session id for the new session. */ 2748 accounting_sta_stop(hapd, sta); 2749 2750 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2751 HOSTAPD_LEVEL_INFO, 2752 "associated (aid %d)", 2753 sta->aid); 2754 2755 if (sta->flags & WLAN_STA_ASSOC) 2756 new_assoc = 0; 2757 sta->flags |= WLAN_STA_ASSOC; 2758 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; 2759 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) || 2760 sta->auth_alg == WLAN_AUTH_FT) { 2761 /* 2762 * Open, static WEP, or FT protocol; no separate authorization 2763 * step. 2764 */ 2765 ap_sta_set_authorized(hapd, sta, 1); 2766 } 2767 2768 if (reassoc) 2769 mlme_reassociate_indication(hapd, sta); 2770 else 2771 mlme_associate_indication(hapd, sta); 2772 2773#ifdef CONFIG_IEEE80211W 2774 sta->sa_query_timed_out = 0; 2775#endif /* CONFIG_IEEE80211W */ 2776 2777 if (sta->flags & WLAN_STA_WDS) { 2778 int ret; 2779 char ifname_wds[IFNAMSIZ + 1]; 2780 2781 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr, 2782 sta->aid, 1); 2783 if (!ret) 2784 hostapd_set_wds_encryption(hapd, sta, ifname_wds); 2785 } 2786 2787 if (sta->eapol_sm == NULL) { 2788 /* 2789 * This STA does not use RADIUS server for EAP authentication, 2790 * so bind it to the selected VLAN interface now, since the 2791 * interface selection is not going to change anymore. 2792 */ 2793 if (ap_sta_bind_vlan(hapd, sta) < 0) 2794 return; 2795 } else if (sta->vlan_id) { 2796 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 2797 if (ap_sta_bind_vlan(hapd, sta) < 0) 2798 return; 2799 } 2800 2801 hostapd_set_sta_flags(hapd, sta); 2802 2803 if (sta->auth_alg == WLAN_AUTH_FT) 2804 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 2805 else 2806 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 2807 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 2808 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 2809 2810 if (sta->pending_eapol_rx) { 2811 struct os_reltime now, age; 2812 2813 os_get_reltime(&now); 2814 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age); 2815 if (age.sec == 0 && age.usec < 200000) { 2816 wpa_printf(MSG_DEBUG, 2817 "Process pending EAPOL frame that was received from " MACSTR " just before association notification", 2818 MAC2STR(sta->addr)); 2819 ieee802_1x_receive( 2820 hapd, mgmt->da, 2821 wpabuf_head(sta->pending_eapol_rx->buf), 2822 wpabuf_len(sta->pending_eapol_rx->buf)); 2823 } 2824 wpabuf_free(sta->pending_eapol_rx->buf); 2825 os_free(sta->pending_eapol_rx); 2826 sta->pending_eapol_rx = NULL; 2827 } 2828} 2829 2830 2831static void handle_deauth_cb(struct hostapd_data *hapd, 2832 const struct ieee80211_mgmt *mgmt, 2833 size_t len, int ok) 2834{ 2835 struct sta_info *sta; 2836 if (mgmt->da[0] & 0x01) 2837 return; 2838 sta = ap_get_sta(hapd, mgmt->da); 2839 if (!sta) { 2840 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 2841 " not found", MAC2STR(mgmt->da)); 2842 return; 2843 } 2844 if (ok) 2845 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 2846 MAC2STR(sta->addr)); 2847 else 2848 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2849 "deauth", MAC2STR(sta->addr)); 2850 2851 ap_sta_deauth_cb(hapd, sta); 2852} 2853 2854 2855static void handle_disassoc_cb(struct hostapd_data *hapd, 2856 const struct ieee80211_mgmt *mgmt, 2857 size_t len, int ok) 2858{ 2859 struct sta_info *sta; 2860 if (mgmt->da[0] & 0x01) 2861 return; 2862 sta = ap_get_sta(hapd, mgmt->da); 2863 if (!sta) { 2864 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 2865 " not found", MAC2STR(mgmt->da)); 2866 return; 2867 } 2868 if (ok) 2869 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 2870 MAC2STR(sta->addr)); 2871 else 2872 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2873 "disassoc", MAC2STR(sta->addr)); 2874 2875 ap_sta_disassoc_cb(hapd, sta); 2876} 2877 2878 2879/** 2880 * ieee802_11_mgmt_cb - Process management frame TX status callback 2881 * @hapd: hostapd BSS data structure (the BSS from which the management frame 2882 * was sent from) 2883 * @buf: management frame data (starting from IEEE 802.11 header) 2884 * @len: length of frame data in octets 2885 * @stype: management frame subtype from frame control field 2886 * @ok: Whether the frame was ACK'ed 2887 */ 2888void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 2889 u16 stype, int ok) 2890{ 2891 const struct ieee80211_mgmt *mgmt; 2892 mgmt = (const struct ieee80211_mgmt *) buf; 2893 2894#ifdef CONFIG_TESTING_OPTIONS 2895 if (hapd->ext_mgmt_frame_handling) { 2896 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d", 2897 stype, ok); 2898 return; 2899 } 2900#endif /* CONFIG_TESTING_OPTIONS */ 2901 2902 switch (stype) { 2903 case WLAN_FC_STYPE_AUTH: 2904 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 2905 handle_auth_cb(hapd, mgmt, len, ok); 2906 break; 2907 case WLAN_FC_STYPE_ASSOC_RESP: 2908 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 2909 handle_assoc_cb(hapd, mgmt, len, 0, ok); 2910 break; 2911 case WLAN_FC_STYPE_REASSOC_RESP: 2912 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 2913 handle_assoc_cb(hapd, mgmt, len, 1, ok); 2914 break; 2915 case WLAN_FC_STYPE_PROBE_RESP: 2916 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok); 2917 break; 2918 case WLAN_FC_STYPE_DEAUTH: 2919 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 2920 handle_deauth_cb(hapd, mgmt, len, ok); 2921 break; 2922 case WLAN_FC_STYPE_DISASSOC: 2923 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 2924 handle_disassoc_cb(hapd, mgmt, len, ok); 2925 break; 2926 case WLAN_FC_STYPE_ACTION: 2927 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok); 2928 break; 2929 default: 2930 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype); 2931 break; 2932 } 2933} 2934 2935 2936int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2937{ 2938 /* TODO */ 2939 return 0; 2940} 2941 2942 2943int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 2944 char *buf, size_t buflen) 2945{ 2946 /* TODO */ 2947 return 0; 2948} 2949 2950 2951void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 2952 const u8 *buf, size_t len, int ack) 2953{ 2954 struct sta_info *sta; 2955 struct hostapd_iface *iface = hapd->iface; 2956 2957 sta = ap_get_sta(hapd, addr); 2958 if (sta == NULL && iface->num_bss > 1) { 2959 size_t j; 2960 for (j = 0; j < iface->num_bss; j++) { 2961 hapd = iface->bss[j]; 2962 sta = ap_get_sta(hapd, addr); 2963 if (sta) 2964 break; 2965 } 2966 } 2967 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 2968 return; 2969 if (sta->flags & WLAN_STA_PENDING_POLL) { 2970 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 2971 "activity poll", MAC2STR(sta->addr), 2972 ack ? "ACKed" : "did not ACK"); 2973 if (ack) 2974 sta->flags &= ~WLAN_STA_PENDING_POLL; 2975 } 2976 2977 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 2978} 2979 2980 2981void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 2982 const u8 *data, size_t len, int ack) 2983{ 2984 struct sta_info *sta; 2985 struct hostapd_iface *iface = hapd->iface; 2986 2987 sta = ap_get_sta(hapd, dst); 2988 if (sta == NULL && iface->num_bss > 1) { 2989 size_t j; 2990 for (j = 0; j < iface->num_bss; j++) { 2991 hapd = iface->bss[j]; 2992 sta = ap_get_sta(hapd, dst); 2993 if (sta) 2994 break; 2995 } 2996 } 2997 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 2998 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 2999 MACSTR " that is not currently associated", 3000 MAC2STR(dst)); 3001 return; 3002 } 3003 3004 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 3005} 3006 3007 3008void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 3009{ 3010 struct sta_info *sta; 3011 struct hostapd_iface *iface = hapd->iface; 3012 3013 sta = ap_get_sta(hapd, addr); 3014 if (sta == NULL && iface->num_bss > 1) { 3015 size_t j; 3016 for (j = 0; j < iface->num_bss; j++) { 3017 hapd = iface->bss[j]; 3018 sta = ap_get_sta(hapd, addr); 3019 if (sta) 3020 break; 3021 } 3022 } 3023 if (sta == NULL) 3024 return; 3025 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 3026 return; 3027 3028 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 3029 "activity poll", MAC2STR(sta->addr)); 3030 sta->flags &= ~WLAN_STA_PENDING_POLL; 3031} 3032 3033 3034void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 3035 int wds) 3036{ 3037 struct sta_info *sta; 3038 3039 sta = ap_get_sta(hapd, src); 3040 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 3041 if (!hapd->conf->wds_sta) 3042 return; 3043 3044 if (wds && !(sta->flags & WLAN_STA_WDS)) { 3045 int ret; 3046 char ifname_wds[IFNAMSIZ + 1]; 3047 3048 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 3049 "STA " MACSTR " (aid %u)", 3050 MAC2STR(sta->addr), sta->aid); 3051 sta->flags |= WLAN_STA_WDS; 3052 ret = hostapd_set_wds_sta(hapd, ifname_wds, 3053 sta->addr, sta->aid, 1); 3054 if (!ret) 3055 hostapd_set_wds_encryption(hapd, sta, 3056 ifname_wds); 3057 } 3058 return; 3059 } 3060 3061 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 3062 MACSTR, MAC2STR(src)); 3063 if (src[0] & 0x01) { 3064 /* Broadcast bit set in SA?! Ignore the frame silently. */ 3065 return; 3066 } 3067 3068 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 3069 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 3070 "already been sent, but no TX status yet known - " 3071 "ignore Class 3 frame issue with " MACSTR, 3072 MAC2STR(src)); 3073 return; 3074 } 3075 3076 if (sta && (sta->flags & WLAN_STA_AUTH)) 3077 hostapd_drv_sta_disassoc( 3078 hapd, src, 3079 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 3080 else 3081 hostapd_drv_sta_deauth( 3082 hapd, src, 3083 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 3084} 3085 3086 3087#endif /* CONFIG_NATIVE_WINDOWS */ 3088