1 /* 2 * hostapd / Station table 3 * Copyright (c) 2002-2017, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "common/sae.h" 16 #include "common/dpp.h" 17 #include "radius/radius.h" 18 #include "radius/radius_client.h" 19 #include "p2p/p2p.h" 20 #include "fst/fst.h" 21 #include "crypto/crypto.h" 22 #include "hostapd.h" 23 #include "accounting.h" 24 #include "ieee802_1x.h" 25 #include "ieee802_11.h" 26 #include "ieee802_11_auth.h" 27 #include "wpa_auth.h" 28 #include "preauth_auth.h" 29 #include "ap_config.h" 30 #include "beacon.h" 31 #include "ap_mlme.h" 32 #include "vlan_init.h" 33 #include "p2p_hostapd.h" 34 #include "ap_drv_ops.h" 35 #include "gas_serv.h" 36 #include "wnm_ap.h" 37 #include "mbo_ap.h" 38 #include "ndisc_snoop.h" 39 #include "sta_info.h" 40 #include "vlan.h" 41 #include "wps_hostapd.h" 42 43 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 44 struct sta_info *sta); 45 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx); 46 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx); 47 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx); 48 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx); 49 #ifdef CONFIG_IEEE80211W 50 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx); 51 #endif /* CONFIG_IEEE80211W */ 52 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta); 53 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx); 54 55 int ap_for_each_sta(struct hostapd_data *hapd, 56 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta, 57 void *ctx), 58 void *ctx) 59 { 60 struct sta_info *sta; 61 62 for (sta = hapd->sta_list; sta; sta = sta->next) { 63 if (cb(hapd, sta, ctx)) 64 return 1; 65 } 66 67 return 0; 68 } 69 70 71 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta) 72 { 73 struct sta_info *s; 74 75 s = hapd->sta_hash[STA_HASH(sta)]; 76 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0) 77 s = s->hnext; 78 return s; 79 } 80 81 82 #ifdef CONFIG_P2P 83 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr) 84 { 85 struct sta_info *sta; 86 87 for (sta = hapd->sta_list; sta; sta = sta->next) { 88 const u8 *p2p_dev_addr; 89 90 if (sta->p2p_ie == NULL) 91 continue; 92 93 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 94 if (p2p_dev_addr == NULL) 95 continue; 96 97 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0) 98 return sta; 99 } 100 101 return NULL; 102 } 103 #endif /* CONFIG_P2P */ 104 105 106 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta) 107 { 108 struct sta_info *tmp; 109 110 if (hapd->sta_list == sta) { 111 hapd->sta_list = sta->next; 112 return; 113 } 114 115 tmp = hapd->sta_list; 116 while (tmp != NULL && tmp->next != sta) 117 tmp = tmp->next; 118 if (tmp == NULL) { 119 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from " 120 "list.", MAC2STR(sta->addr)); 121 } else 122 tmp->next = sta->next; 123 } 124 125 126 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta) 127 { 128 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)]; 129 hapd->sta_hash[STA_HASH(sta->addr)] = sta; 130 } 131 132 133 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta) 134 { 135 struct sta_info *s; 136 137 s = hapd->sta_hash[STA_HASH(sta->addr)]; 138 if (s == NULL) return; 139 if (os_memcmp(s->addr, sta->addr, 6) == 0) { 140 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext; 141 return; 142 } 143 144 while (s->hnext != NULL && 145 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0) 146 s = s->hnext; 147 if (s->hnext != NULL) 148 s->hnext = s->hnext->hnext; 149 else 150 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR 151 " from hash table", MAC2STR(sta->addr)); 152 } 153 154 155 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta) 156 { 157 sta_ip6addr_del(hapd, sta); 158 } 159 160 161 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) 162 { 163 int set_beacon = 0; 164 165 accounting_sta_stop(hapd, sta); 166 167 /* just in case */ 168 ap_sta_set_authorized(hapd, sta, 0); 169 170 if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP)) 171 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0); 172 173 if (sta->ipaddr) 174 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 175 ap_sta_ip6addr_del(hapd, sta); 176 177 if (!hapd->iface->driver_ap_teardown && 178 !(sta->flags & WLAN_STA_PREAUTH)) { 179 hostapd_drv_sta_remove(hapd, sta->addr); 180 sta->added_unassoc = 0; 181 } 182 183 ap_sta_hash_del(hapd, sta); 184 ap_sta_list_del(hapd, sta); 185 186 if (sta->aid > 0) 187 hapd->sta_aid[(sta->aid - 1) / 32] &= 188 ~BIT((sta->aid - 1) % 32); 189 190 hapd->num_sta--; 191 if (sta->nonerp_set) { 192 sta->nonerp_set = 0; 193 hapd->iface->num_sta_non_erp--; 194 if (hapd->iface->num_sta_non_erp == 0) 195 set_beacon++; 196 } 197 198 if (sta->no_short_slot_time_set) { 199 sta->no_short_slot_time_set = 0; 200 hapd->iface->num_sta_no_short_slot_time--; 201 if (hapd->iface->current_mode && 202 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 203 && hapd->iface->num_sta_no_short_slot_time == 0) 204 set_beacon++; 205 } 206 207 if (sta->no_short_preamble_set) { 208 sta->no_short_preamble_set = 0; 209 hapd->iface->num_sta_no_short_preamble--; 210 if (hapd->iface->current_mode && 211 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 212 && hapd->iface->num_sta_no_short_preamble == 0) 213 set_beacon++; 214 } 215 216 if (sta->no_ht_gf_set) { 217 sta->no_ht_gf_set = 0; 218 hapd->iface->num_sta_ht_no_gf--; 219 } 220 221 if (sta->no_ht_set) { 222 sta->no_ht_set = 0; 223 hapd->iface->num_sta_no_ht--; 224 } 225 226 if (sta->ht_20mhz_set) { 227 sta->ht_20mhz_set = 0; 228 hapd->iface->num_sta_ht_20mhz--; 229 } 230 231 #ifdef CONFIG_TAXONOMY 232 wpabuf_free(sta->probe_ie_taxonomy); 233 sta->probe_ie_taxonomy = NULL; 234 wpabuf_free(sta->assoc_ie_taxonomy); 235 sta->assoc_ie_taxonomy = NULL; 236 #endif /* CONFIG_TAXONOMY */ 237 238 #ifdef CONFIG_IEEE80211N 239 ht40_intolerant_remove(hapd->iface, sta); 240 #endif /* CONFIG_IEEE80211N */ 241 242 #ifdef CONFIG_P2P 243 if (sta->no_p2p_set) { 244 sta->no_p2p_set = 0; 245 hapd->num_sta_no_p2p--; 246 if (hapd->num_sta_no_p2p == 0) 247 hostapd_p2p_non_p2p_sta_disconnected(hapd); 248 } 249 #endif /* CONFIG_P2P */ 250 251 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N) 252 if (hostapd_ht_operation_update(hapd->iface) > 0) 253 set_beacon++; 254 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */ 255 256 #ifdef CONFIG_MESH 257 if (hapd->mesh_sta_free_cb) 258 hapd->mesh_sta_free_cb(hapd, sta); 259 #endif /* CONFIG_MESH */ 260 261 if (set_beacon) 262 ieee802_11_set_beacons(hapd->iface); 263 264 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR, 265 __func__, MAC2STR(sta->addr)); 266 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 267 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 268 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 269 ap_sta_clear_disconnect_timeouts(hapd, sta); 270 sae_clear_retransmit_timer(hapd, sta); 271 272 ieee802_1x_free_station(hapd, sta); 273 wpa_auth_sta_deinit(sta->wpa_sm); 274 rsn_preauth_free_station(hapd, sta); 275 #ifndef CONFIG_NO_RADIUS 276 if (hapd->radius) 277 radius_client_flush_auth(hapd->radius, sta->addr); 278 #endif /* CONFIG_NO_RADIUS */ 279 280 #ifndef CONFIG_NO_VLAN 281 /* 282 * sta->wpa_sm->group needs to be released before so that 283 * vlan_remove_dynamic() can check that no stations are left on the 284 * AP_VLAN netdev. 285 */ 286 if (sta->vlan_id) 287 vlan_remove_dynamic(hapd, sta->vlan_id); 288 if (sta->vlan_id_bound) { 289 /* 290 * Need to remove the STA entry before potentially removing the 291 * VLAN. 292 */ 293 if (hapd->iface->driver_ap_teardown && 294 !(sta->flags & WLAN_STA_PREAUTH)) { 295 hostapd_drv_sta_remove(hapd, sta->addr); 296 sta->added_unassoc = 0; 297 } 298 vlan_remove_dynamic(hapd, sta->vlan_id_bound); 299 } 300 #endif /* CONFIG_NO_VLAN */ 301 302 os_free(sta->challenge); 303 304 #ifdef CONFIG_IEEE80211W 305 os_free(sta->sa_query_trans_id); 306 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 307 #endif /* CONFIG_IEEE80211W */ 308 309 #ifdef CONFIG_P2P 310 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr); 311 #endif /* CONFIG_P2P */ 312 313 #ifdef CONFIG_INTERWORKING 314 if (sta->gas_dialog) { 315 int i; 316 for (i = 0; i < GAS_DIALOG_MAX; i++) 317 gas_serv_dialog_clear(&sta->gas_dialog[i]); 318 os_free(sta->gas_dialog); 319 } 320 #endif /* CONFIG_INTERWORKING */ 321 322 wpabuf_free(sta->wps_ie); 323 wpabuf_free(sta->p2p_ie); 324 wpabuf_free(sta->hs20_ie); 325 wpabuf_free(sta->roaming_consortium); 326 #ifdef CONFIG_FST 327 wpabuf_free(sta->mb_ies); 328 #endif /* CONFIG_FST */ 329 330 os_free(sta->ht_capabilities); 331 os_free(sta->vht_capabilities); 332 os_free(sta->vht_operation); 333 hostapd_free_psk_list(sta->psk); 334 os_free(sta->identity); 335 os_free(sta->radius_cui); 336 os_free(sta->remediation_url); 337 os_free(sta->t_c_url); 338 wpabuf_free(sta->hs20_deauth_req); 339 os_free(sta->hs20_session_info_url); 340 341 #ifdef CONFIG_SAE 342 sae_clear_data(sta->sae); 343 os_free(sta->sae); 344 #endif /* CONFIG_SAE */ 345 346 mbo_ap_sta_free(sta); 347 os_free(sta->supp_op_classes); 348 349 #ifdef CONFIG_FILS 350 os_free(sta->fils_pending_assoc_req); 351 wpabuf_free(sta->fils_hlp_resp); 352 wpabuf_free(sta->hlp_dhcp_discover); 353 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta); 354 #ifdef CONFIG_FILS_SK_PFS 355 crypto_ecdh_deinit(sta->fils_ecdh); 356 wpabuf_clear_free(sta->fils_dh_ss); 357 wpabuf_free(sta->fils_g_sta); 358 #endif /* CONFIG_FILS_SK_PFS */ 359 #endif /* CONFIG_FILS */ 360 361 #ifdef CONFIG_OWE 362 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len); 363 crypto_ecdh_deinit(sta->owe_ecdh); 364 #endif /* CONFIG_OWE */ 365 366 #ifdef CONFIG_DPP2 367 dpp_pfs_free(sta->dpp_pfs); 368 sta->dpp_pfs = NULL; 369 #endif /* CONFIG_DPP2 */ 370 371 os_free(sta->ext_capability); 372 373 #ifdef CONFIG_WNM_AP 374 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta); 375 #endif /* CONFIG_WNM_AP */ 376 377 os_free(sta->ifname_wds); 378 379 os_free(sta); 380 } 381 382 383 void hostapd_free_stas(struct hostapd_data *hapd) 384 { 385 struct sta_info *sta, *prev; 386 387 sta = hapd->sta_list; 388 389 while (sta) { 390 prev = sta; 391 if (sta->flags & WLAN_STA_AUTH) { 392 mlme_deauthenticate_indication( 393 hapd, sta, WLAN_REASON_UNSPECIFIED); 394 } 395 sta = sta->next; 396 wpa_printf(MSG_DEBUG, "Removing station " MACSTR, 397 MAC2STR(prev->addr)); 398 ap_free_sta(hapd, prev); 399 } 400 } 401 402 403 /** 404 * ap_handle_timer - Per STA timer handler 405 * @eloop_ctx: struct hostapd_data * 406 * @timeout_ctx: struct sta_info * 407 * 408 * This function is called to check station activity and to remove inactive 409 * stations. 410 */ 411 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx) 412 { 413 struct hostapd_data *hapd = eloop_ctx; 414 struct sta_info *sta = timeout_ctx; 415 unsigned long next_time = 0; 416 int reason; 417 418 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d", 419 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags, 420 sta->timeout_next); 421 if (sta->timeout_next == STA_REMOVE) { 422 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 423 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 424 "local deauth request"); 425 ap_free_sta(hapd, sta); 426 return; 427 } 428 429 if ((sta->flags & WLAN_STA_ASSOC) && 430 (sta->timeout_next == STA_NULLFUNC || 431 sta->timeout_next == STA_DISASSOC)) { 432 int inactive_sec; 433 /* 434 * Add random value to timeout so that we don't end up bouncing 435 * all stations at the same time if we have lots of associated 436 * stations that are idle (but keep re-associating). 437 */ 438 int fuzz = os_random() % 20; 439 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr); 440 if (inactive_sec == -1) { 441 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 442 "Check inactivity: Could not " 443 "get station info from kernel driver for " 444 MACSTR, MAC2STR(sta->addr)); 445 /* 446 * The driver may not support this functionality. 447 * Anyway, try again after the next inactivity timeout, 448 * but do not disconnect the station now. 449 */ 450 next_time = hapd->conf->ap_max_inactivity + fuzz; 451 } else if (inactive_sec == -ENOENT) { 452 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 453 "Station " MACSTR " has lost its driver entry", 454 MAC2STR(sta->addr)); 455 456 /* Avoid sending client probe on removed client */ 457 sta->timeout_next = STA_DISASSOC; 458 goto skip_poll; 459 } else if (inactive_sec < hapd->conf->ap_max_inactivity) { 460 /* station activity detected; reset timeout state */ 461 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 462 "Station " MACSTR " has been active %is ago", 463 MAC2STR(sta->addr), inactive_sec); 464 sta->timeout_next = STA_NULLFUNC; 465 next_time = hapd->conf->ap_max_inactivity + fuzz - 466 inactive_sec; 467 } else { 468 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 469 "Station " MACSTR " has been " 470 "inactive too long: %d sec, max allowed: %d", 471 MAC2STR(sta->addr), inactive_sec, 472 hapd->conf->ap_max_inactivity); 473 474 if (hapd->conf->skip_inactivity_poll) 475 sta->timeout_next = STA_DISASSOC; 476 } 477 } 478 479 if ((sta->flags & WLAN_STA_ASSOC) && 480 sta->timeout_next == STA_DISASSOC && 481 !(sta->flags & WLAN_STA_PENDING_POLL) && 482 !hapd->conf->skip_inactivity_poll) { 483 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR 484 " has ACKed data poll", MAC2STR(sta->addr)); 485 /* data nullfunc frame poll did not produce TX errors; assume 486 * station ACKed it */ 487 sta->timeout_next = STA_NULLFUNC; 488 next_time = hapd->conf->ap_max_inactivity; 489 } 490 491 skip_poll: 492 if (next_time) { 493 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 494 "for " MACSTR " (%lu seconds)", 495 __func__, MAC2STR(sta->addr), next_time); 496 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd, 497 sta); 498 return; 499 } 500 501 if (sta->timeout_next == STA_NULLFUNC && 502 (sta->flags & WLAN_STA_ASSOC)) { 503 wpa_printf(MSG_DEBUG, " Polling STA"); 504 sta->flags |= WLAN_STA_PENDING_POLL; 505 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr, 506 sta->flags & WLAN_STA_WMM); 507 } else if (sta->timeout_next != STA_REMOVE) { 508 int deauth = sta->timeout_next == STA_DEAUTH; 509 510 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) { 511 /* Cannot disassociate not-associated STA, so move 512 * directly to deauthentication. */ 513 sta->timeout_next = STA_DEAUTH; 514 deauth = 1; 515 } 516 517 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 518 "Timeout, sending %s info to STA " MACSTR, 519 deauth ? "deauthentication" : "disassociation", 520 MAC2STR(sta->addr)); 521 522 if (deauth) { 523 hostapd_drv_sta_deauth( 524 hapd, sta->addr, 525 WLAN_REASON_PREV_AUTH_NOT_VALID); 526 } else { 527 reason = (sta->timeout_next == STA_DISASSOC) ? 528 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 529 WLAN_REASON_PREV_AUTH_NOT_VALID; 530 531 hostapd_drv_sta_disassoc(hapd, sta->addr, reason); 532 } 533 } 534 535 switch (sta->timeout_next) { 536 case STA_NULLFUNC: 537 sta->timeout_next = STA_DISASSOC; 538 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 539 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)", 540 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY); 541 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer, 542 hapd, sta); 543 break; 544 case STA_DISASSOC: 545 case STA_DISASSOC_FROM_CLI: 546 ap_sta_set_authorized(hapd, sta, 0); 547 sta->flags &= ~WLAN_STA_ASSOC; 548 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 549 if (!sta->acct_terminate_cause) 550 sta->acct_terminate_cause = 551 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 552 accounting_sta_stop(hapd, sta); 553 ieee802_1x_free_station(hapd, sta); 554 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 555 HOSTAPD_LEVEL_INFO, "disassociated due to " 556 "inactivity"); 557 reason = (sta->timeout_next == STA_DISASSOC) ? 558 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 559 WLAN_REASON_PREV_AUTH_NOT_VALID; 560 sta->timeout_next = STA_DEAUTH; 561 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 562 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)", 563 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY); 564 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 565 hapd, sta); 566 mlme_disassociate_indication(hapd, sta, reason); 567 break; 568 case STA_DEAUTH: 569 case STA_REMOVE: 570 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 571 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 572 "inactivity (timer DEAUTH/REMOVE)"); 573 if (!sta->acct_terminate_cause) 574 sta->acct_terminate_cause = 575 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 576 mlme_deauthenticate_indication( 577 hapd, sta, 578 WLAN_REASON_PREV_AUTH_NOT_VALID); 579 ap_free_sta(hapd, sta); 580 break; 581 } 582 } 583 584 585 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx) 586 { 587 struct hostapd_data *hapd = eloop_ctx; 588 struct sta_info *sta = timeout_ctx; 589 590 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR, 591 hapd->conf->iface, MAC2STR(sta->addr)); 592 if (!(sta->flags & WLAN_STA_AUTH)) { 593 if (sta->flags & WLAN_STA_GAS) { 594 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA " 595 "entry " MACSTR, MAC2STR(sta->addr)); 596 ap_free_sta(hapd, sta); 597 } 598 return; 599 } 600 601 hostapd_drv_sta_deauth(hapd, sta->addr, 602 WLAN_REASON_PREV_AUTH_NOT_VALID); 603 mlme_deauthenticate_indication(hapd, sta, 604 WLAN_REASON_PREV_AUTH_NOT_VALID); 605 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 606 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 607 "session timeout"); 608 sta->acct_terminate_cause = 609 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT; 610 ap_free_sta(hapd, sta); 611 } 612 613 614 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta, 615 u32 session_timeout) 616 { 617 if (eloop_replenish_timeout(session_timeout, 0, 618 ap_handle_session_timer, hapd, sta) == 1) { 619 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 620 HOSTAPD_LEVEL_DEBUG, "setting session timeout " 621 "to %d seconds", session_timeout); 622 } 623 } 624 625 626 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta, 627 u32 session_timeout) 628 { 629 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 630 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d " 631 "seconds", session_timeout); 632 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 633 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer, 634 hapd, sta); 635 } 636 637 638 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta) 639 { 640 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 641 } 642 643 644 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx) 645 { 646 #ifdef CONFIG_WNM_AP 647 struct hostapd_data *hapd = eloop_ctx; 648 struct sta_info *sta = timeout_ctx; 649 650 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for " 651 MACSTR, hapd->conf->iface, MAC2STR(sta->addr)); 652 if (sta->hs20_session_info_url == NULL) 653 return; 654 655 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url, 656 sta->hs20_disassoc_timer); 657 #endif /* CONFIG_WNM_AP */ 658 } 659 660 661 void ap_sta_session_warning_timeout(struct hostapd_data *hapd, 662 struct sta_info *sta, int warning_time) 663 { 664 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 665 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer, 666 hapd, sta); 667 } 668 669 670 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr) 671 { 672 struct sta_info *sta; 673 674 sta = ap_get_sta(hapd, addr); 675 if (sta) 676 return sta; 677 678 wpa_printf(MSG_DEBUG, " New STA"); 679 if (hapd->num_sta >= hapd->conf->max_num_sta) { 680 /* FIX: might try to remove some old STAs first? */ 681 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)", 682 hapd->num_sta, hapd->conf->max_num_sta); 683 return NULL; 684 } 685 686 sta = os_zalloc(sizeof(struct sta_info)); 687 if (sta == NULL) { 688 wpa_printf(MSG_ERROR, "malloc failed"); 689 return NULL; 690 } 691 sta->acct_interim_interval = hapd->conf->acct_interim_interval; 692 if (accounting_sta_get_id(hapd, sta) < 0) { 693 os_free(sta); 694 return NULL; 695 } 696 697 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) { 698 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 699 "for " MACSTR " (%d seconds - ap_max_inactivity)", 700 __func__, MAC2STR(addr), 701 hapd->conf->ap_max_inactivity); 702 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0, 703 ap_handle_timer, hapd, sta); 704 } 705 706 /* initialize STA info data */ 707 os_memcpy(sta->addr, addr, ETH_ALEN); 708 sta->next = hapd->sta_list; 709 hapd->sta_list = sta; 710 hapd->num_sta++; 711 ap_sta_hash_add(hapd, sta); 712 ap_sta_remove_in_other_bss(hapd, sta); 713 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 714 dl_list_init(&sta->ip6addr); 715 716 #ifdef CONFIG_TAXONOMY 717 sta_track_claim_taxonomy_info(hapd->iface, addr, 718 &sta->probe_ie_taxonomy); 719 #endif /* CONFIG_TAXONOMY */ 720 721 return sta; 722 } 723 724 725 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta) 726 { 727 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 728 729 if (sta->ipaddr) 730 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 731 ap_sta_ip6addr_del(hapd, sta); 732 733 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver", 734 hapd->conf->iface, MAC2STR(sta->addr)); 735 if (hostapd_drv_sta_remove(hapd, sta->addr) && 736 sta->flags & WLAN_STA_ASSOC) { 737 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR 738 " from kernel driver", 739 hapd->conf->iface, MAC2STR(sta->addr)); 740 return -1; 741 } 742 sta->added_unassoc = 0; 743 return 0; 744 } 745 746 747 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 748 struct sta_info *sta) 749 { 750 struct hostapd_iface *iface = hapd->iface; 751 size_t i; 752 753 for (i = 0; i < iface->num_bss; i++) { 754 struct hostapd_data *bss = iface->bss[i]; 755 struct sta_info *sta2; 756 /* bss should always be set during operation, but it may be 757 * NULL during reconfiguration. Assume the STA is not 758 * associated to another BSS in that case to avoid NULL pointer 759 * dereferences. */ 760 if (bss == hapd || bss == NULL) 761 continue; 762 sta2 = ap_get_sta(bss, sta->addr); 763 if (!sta2) 764 continue; 765 766 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR 767 " association from another BSS %s", 768 hapd->conf->iface, MAC2STR(sta2->addr), 769 bss->conf->iface); 770 ap_sta_disconnect(bss, sta2, sta2->addr, 771 WLAN_REASON_PREV_AUTH_NOT_VALID); 772 } 773 } 774 775 776 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx) 777 { 778 struct hostapd_data *hapd = eloop_ctx; 779 struct sta_info *sta = timeout_ctx; 780 781 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR, 782 hapd->conf->iface, MAC2STR(sta->addr)); 783 ap_sta_remove(hapd, sta); 784 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason); 785 } 786 787 788 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta, 789 u16 reason) 790 { 791 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR, 792 hapd->conf->iface, MAC2STR(sta->addr)); 793 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 794 if (hapd->iface->current_mode && 795 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 796 /* Skip deauthentication in DMG/IEEE 802.11ad */ 797 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 798 WLAN_STA_ASSOC_REQ_OK); 799 sta->timeout_next = STA_REMOVE; 800 } else { 801 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 802 sta->timeout_next = STA_DEAUTH; 803 } 804 ap_sta_set_authorized(hapd, sta, 0); 805 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 806 "for " MACSTR " (%d seconds - " 807 "AP_MAX_INACTIVITY_AFTER_DISASSOC)", 808 __func__, MAC2STR(sta->addr), 809 AP_MAX_INACTIVITY_AFTER_DISASSOC); 810 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 811 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0, 812 ap_handle_timer, hapd, sta); 813 accounting_sta_stop(hapd, sta); 814 ieee802_1x_free_station(hapd, sta); 815 816 sta->disassoc_reason = reason; 817 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 818 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 819 eloop_register_timeout(hapd->iface->drv_flags & 820 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 821 ap_sta_disassoc_cb_timeout, hapd, sta); 822 } 823 824 825 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx) 826 { 827 struct hostapd_data *hapd = eloop_ctx; 828 struct sta_info *sta = timeout_ctx; 829 830 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR, 831 hapd->conf->iface, MAC2STR(sta->addr)); 832 ap_sta_remove(hapd, sta); 833 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason); 834 } 835 836 837 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta, 838 u16 reason) 839 { 840 if (hapd->iface->current_mode && 841 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 842 /* Deauthentication is not used in DMG/IEEE 802.11ad; 843 * disassociate the STA instead. */ 844 ap_sta_disassociate(hapd, sta, reason); 845 return; 846 } 847 848 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR, 849 hapd->conf->iface, MAC2STR(sta->addr)); 850 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 851 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 852 ap_sta_set_authorized(hapd, sta, 0); 853 sta->timeout_next = STA_REMOVE; 854 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 855 "for " MACSTR " (%d seconds - " 856 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 857 __func__, MAC2STR(sta->addr), 858 AP_MAX_INACTIVITY_AFTER_DEAUTH); 859 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 860 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 861 ap_handle_timer, hapd, sta); 862 accounting_sta_stop(hapd, sta); 863 ieee802_1x_free_station(hapd, sta); 864 865 sta->deauth_reason = reason; 866 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 867 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 868 eloop_register_timeout(hapd->iface->drv_flags & 869 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 870 ap_sta_deauth_cb_timeout, hapd, sta); 871 } 872 873 874 #ifdef CONFIG_WPS 875 int ap_sta_wps_cancel(struct hostapd_data *hapd, 876 struct sta_info *sta, void *ctx) 877 { 878 if (sta && (sta->flags & WLAN_STA_WPS)) { 879 ap_sta_deauthenticate(hapd, sta, 880 WLAN_REASON_PREV_AUTH_NOT_VALID); 881 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR, 882 __func__, MAC2STR(sta->addr)); 883 return 1; 884 } 885 886 return 0; 887 } 888 #endif /* CONFIG_WPS */ 889 890 891 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd) 892 { 893 struct hostapd_vlan *vlan; 894 int vlan_id = MAX_VLAN_ID + 2; 895 896 retry: 897 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 898 if (vlan->vlan_id == vlan_id) { 899 vlan_id++; 900 goto retry; 901 } 902 } 903 return vlan_id; 904 } 905 906 907 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta, 908 struct vlan_description *vlan_desc) 909 { 910 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL; 911 int old_vlan_id, vlan_id = 0, ret = 0; 912 913 /* Check if there is something to do */ 914 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) { 915 /* This sta is lacking its own vif */ 916 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED && 917 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) { 918 /* sta->vlan_id needs to be reset */ 919 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) { 920 return 0; /* nothing to change */ 921 } 922 923 /* Now the real VLAN changed or the STA just needs its own vif */ 924 if (hapd->conf->ssid.per_sta_vif) { 925 /* Assign a new vif, always */ 926 /* find a free vlan_id sufficiently big */ 927 vlan_id = ap_sta_get_free_vlan_id(hapd); 928 /* Get wildcard VLAN */ 929 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 930 if (vlan->vlan_id == VLAN_ID_WILDCARD) 931 break; 932 } 933 if (!vlan) { 934 hostapd_logger(hapd, sta->addr, 935 HOSTAPD_MODULE_IEEE80211, 936 HOSTAPD_LEVEL_DEBUG, 937 "per_sta_vif missing wildcard"); 938 vlan_id = 0; 939 ret = -1; 940 goto done; 941 } 942 } else if (vlan_desc && vlan_desc->notempty) { 943 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 944 if (!vlan_compare(&vlan->vlan_desc, vlan_desc)) 945 break; 946 if (vlan->vlan_id == VLAN_ID_WILDCARD) 947 wildcard_vlan = vlan; 948 } 949 if (vlan) { 950 vlan_id = vlan->vlan_id; 951 } else if (wildcard_vlan) { 952 vlan = wildcard_vlan; 953 vlan_id = vlan_desc->untagged; 954 if (vlan_desc->tagged[0]) { 955 /* Tagged VLAN configuration */ 956 vlan_id = ap_sta_get_free_vlan_id(hapd); 957 } 958 } else { 959 hostapd_logger(hapd, sta->addr, 960 HOSTAPD_MODULE_IEEE80211, 961 HOSTAPD_LEVEL_DEBUG, 962 "missing vlan and wildcard for vlan=%d%s", 963 vlan_desc->untagged, 964 vlan_desc->tagged[0] ? "+" : ""); 965 vlan_id = 0; 966 ret = -1; 967 goto done; 968 } 969 } 970 971 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) { 972 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc); 973 if (vlan == NULL) { 974 hostapd_logger(hapd, sta->addr, 975 HOSTAPD_MODULE_IEEE80211, 976 HOSTAPD_LEVEL_DEBUG, 977 "could not add dynamic VLAN interface for vlan=%d%s", 978 vlan_desc ? vlan_desc->untagged : -1, 979 (vlan_desc && vlan_desc->tagged[0]) ? 980 "+" : ""); 981 vlan_id = 0; 982 ret = -1; 983 goto done; 984 } 985 986 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 987 HOSTAPD_LEVEL_DEBUG, 988 "added new dynamic VLAN interface '%s'", 989 vlan->ifname); 990 } else if (vlan && vlan->dynamic_vlan > 0) { 991 vlan->dynamic_vlan++; 992 hostapd_logger(hapd, sta->addr, 993 HOSTAPD_MODULE_IEEE80211, 994 HOSTAPD_LEVEL_DEBUG, 995 "updated existing dynamic VLAN interface '%s'", 996 vlan->ifname); 997 } 998 done: 999 old_vlan_id = sta->vlan_id; 1000 sta->vlan_id = vlan_id; 1001 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL; 1002 1003 if (vlan_id != old_vlan_id && old_vlan_id) 1004 vlan_remove_dynamic(hapd, old_vlan_id); 1005 1006 return ret; 1007 } 1008 1009 1010 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta) 1011 { 1012 #ifndef CONFIG_NO_VLAN 1013 const char *iface; 1014 struct hostapd_vlan *vlan = NULL; 1015 int ret; 1016 int old_vlanid = sta->vlan_id_bound; 1017 1018 iface = hapd->conf->iface; 1019 if (hapd->conf->ssid.vlan[0]) 1020 iface = hapd->conf->ssid.vlan; 1021 1022 if (sta->vlan_id > 0) { 1023 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 1024 if (vlan->vlan_id == sta->vlan_id) 1025 break; 1026 } 1027 if (vlan) 1028 iface = vlan->ifname; 1029 } 1030 1031 /* 1032 * Do not increment ref counters if the VLAN ID remains same, but do 1033 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might 1034 * have been called before. 1035 */ 1036 if (sta->vlan_id == old_vlanid) 1037 goto skip_counting; 1038 1039 if (sta->vlan_id > 0 && vlan == NULL) { 1040 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1041 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for " 1042 "binding station to (vlan_id=%d)", 1043 sta->vlan_id); 1044 ret = -1; 1045 goto done; 1046 } else if (vlan && vlan->dynamic_vlan > 0) { 1047 vlan->dynamic_vlan++; 1048 hostapd_logger(hapd, sta->addr, 1049 HOSTAPD_MODULE_IEEE80211, 1050 HOSTAPD_LEVEL_DEBUG, 1051 "updated existing dynamic VLAN interface '%s'", 1052 iface); 1053 } 1054 1055 /* ref counters have been increased, so mark the station */ 1056 sta->vlan_id_bound = sta->vlan_id; 1057 1058 skip_counting: 1059 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1060 HOSTAPD_LEVEL_DEBUG, "binding station to interface " 1061 "'%s'", iface); 1062 1063 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0) 1064 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA"); 1065 1066 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id); 1067 if (ret < 0) { 1068 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1069 HOSTAPD_LEVEL_DEBUG, "could not bind the STA " 1070 "entry to vlan_id=%d", sta->vlan_id); 1071 } 1072 1073 /* During 1x reauth, if the vlan id changes, then remove the old id. */ 1074 if (old_vlanid > 0 && old_vlanid != sta->vlan_id) 1075 vlan_remove_dynamic(hapd, old_vlanid); 1076 done: 1077 1078 return ret; 1079 #else /* CONFIG_NO_VLAN */ 1080 return 0; 1081 #endif /* CONFIG_NO_VLAN */ 1082 } 1083 1084 1085 #ifdef CONFIG_IEEE80211W 1086 1087 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta) 1088 { 1089 u32 tu; 1090 struct os_reltime now, passed; 1091 os_get_reltime(&now); 1092 os_reltime_sub(&now, &sta->sa_query_start, &passed); 1093 tu = (passed.sec * 1000000 + passed.usec) / 1024; 1094 if (hapd->conf->assoc_sa_query_max_timeout < tu) { 1095 hostapd_logger(hapd, sta->addr, 1096 HOSTAPD_MODULE_IEEE80211, 1097 HOSTAPD_LEVEL_DEBUG, 1098 "association SA Query timed out"); 1099 sta->sa_query_timed_out = 1; 1100 os_free(sta->sa_query_trans_id); 1101 sta->sa_query_trans_id = NULL; 1102 sta->sa_query_count = 0; 1103 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1104 return 1; 1105 } 1106 1107 return 0; 1108 } 1109 1110 1111 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx) 1112 { 1113 struct hostapd_data *hapd = eloop_ctx; 1114 struct sta_info *sta = timeout_ctx; 1115 unsigned int timeout, sec, usec; 1116 u8 *trans_id, *nbuf; 1117 1118 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR 1119 " (count=%d)", 1120 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count); 1121 1122 if (sta->sa_query_count > 0 && 1123 ap_check_sa_query_timeout(hapd, sta)) 1124 return; 1125 1126 nbuf = os_realloc_array(sta->sa_query_trans_id, 1127 sta->sa_query_count + 1, 1128 WLAN_SA_QUERY_TR_ID_LEN); 1129 if (nbuf == NULL) 1130 return; 1131 if (sta->sa_query_count == 0) { 1132 /* Starting a new SA Query procedure */ 1133 os_get_reltime(&sta->sa_query_start); 1134 } 1135 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN; 1136 sta->sa_query_trans_id = nbuf; 1137 sta->sa_query_count++; 1138 1139 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) { 1140 /* 1141 * We don't really care which ID is used here, so simply 1142 * hardcode this if the mostly theoretical os_get_random() 1143 * failure happens. 1144 */ 1145 trans_id[0] = 0x12; 1146 trans_id[1] = 0x34; 1147 } 1148 1149 timeout = hapd->conf->assoc_sa_query_retry_timeout; 1150 sec = ((timeout / 1000) * 1024) / 1000; 1151 usec = (timeout % 1000) * 1024; 1152 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta); 1153 1154 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1155 HOSTAPD_LEVEL_DEBUG, 1156 "association SA Query attempt %d", sta->sa_query_count); 1157 1158 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id); 1159 } 1160 1161 1162 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1163 { 1164 ap_sa_query_timer(hapd, sta); 1165 } 1166 1167 1168 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1169 { 1170 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1171 os_free(sta->sa_query_trans_id); 1172 sta->sa_query_trans_id = NULL; 1173 sta->sa_query_count = 0; 1174 } 1175 1176 #endif /* CONFIG_IEEE80211W */ 1177 1178 1179 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd, 1180 struct sta_info *sta) 1181 { 1182 struct hostapd_wpa_psk *psk; 1183 struct hostapd_ssid *ssid; 1184 const u8 *pmk; 1185 int pmk_len; 1186 1187 ssid = &hapd->conf->ssid; 1188 1189 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len); 1190 if (!pmk || pmk_len != PMK_LEN) 1191 return NULL; 1192 1193 for (psk = ssid->wpa_psk; psk; psk = psk->next) 1194 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0) 1195 break; 1196 if (!psk) 1197 return NULL; 1198 if (!psk || !psk->keyid[0]) 1199 return NULL; 1200 1201 return psk->keyid; 1202 } 1203 1204 1205 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta, 1206 int authorized) 1207 { 1208 const u8 *dev_addr = NULL; 1209 char buf[100]; 1210 #ifdef CONFIG_P2P 1211 u8 addr[ETH_ALEN]; 1212 u8 ip_addr_buf[4]; 1213 #endif /* CONFIG_P2P */ 1214 1215 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED)) 1216 return; 1217 1218 if (authorized) 1219 sta->flags |= WLAN_STA_AUTHORIZED; 1220 else 1221 sta->flags &= ~WLAN_STA_AUTHORIZED; 1222 1223 #ifdef CONFIG_P2P 1224 if (hapd->p2p_group == NULL) { 1225 if (sta->p2p_ie != NULL && 1226 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0) 1227 dev_addr = addr; 1228 } else 1229 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr); 1230 1231 if (dev_addr) 1232 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR, 1233 MAC2STR(sta->addr), MAC2STR(dev_addr)); 1234 else 1235 #endif /* CONFIG_P2P */ 1236 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr)); 1237 1238 if (hapd->sta_authorized_cb) 1239 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx, 1240 sta->addr, authorized, dev_addr); 1241 1242 if (authorized) { 1243 const char *keyid; 1244 char keyid_buf[100]; 1245 char ip_addr[100]; 1246 1247 keyid_buf[0] = '\0'; 1248 ip_addr[0] = '\0'; 1249 #ifdef CONFIG_P2P 1250 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) { 1251 os_snprintf(ip_addr, sizeof(ip_addr), 1252 " ip_addr=%u.%u.%u.%u", 1253 ip_addr_buf[0], ip_addr_buf[1], 1254 ip_addr_buf[2], ip_addr_buf[3]); 1255 } 1256 #endif /* CONFIG_P2P */ 1257 1258 keyid = ap_sta_wpa_get_keyid(hapd, sta); 1259 if (keyid) { 1260 os_snprintf(keyid_buf, sizeof(keyid_buf), 1261 " keyid=%s", keyid); 1262 } 1263 1264 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s", 1265 buf, ip_addr, keyid_buf); 1266 1267 if (hapd->msg_ctx_parent && 1268 hapd->msg_ctx_parent != hapd->msg_ctx) 1269 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1270 AP_STA_CONNECTED "%s%s%s", 1271 buf, ip_addr, keyid_buf); 1272 } else { 1273 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); 1274 1275 if (hapd->msg_ctx_parent && 1276 hapd->msg_ctx_parent != hapd->msg_ctx) 1277 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1278 AP_STA_DISCONNECTED "%s", buf); 1279 } 1280 1281 #ifdef CONFIG_FST 1282 if (hapd->iface->fst) { 1283 if (authorized) 1284 fst_notify_peer_connected(hapd->iface->fst, sta->addr); 1285 else 1286 fst_notify_peer_disconnected(hapd->iface->fst, 1287 sta->addr); 1288 } 1289 #endif /* CONFIG_FST */ 1290 } 1291 1292 1293 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta, 1294 const u8 *addr, u16 reason) 1295 { 1296 if (sta) 1297 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u", 1298 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1299 reason); 1300 else if (addr) 1301 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u", 1302 hapd->conf->iface, __func__, MAC2STR(addr), 1303 reason); 1304 1305 if (sta == NULL && addr) 1306 sta = ap_get_sta(hapd, addr); 1307 1308 if (addr) 1309 hostapd_drv_sta_deauth(hapd, addr, reason); 1310 1311 if (sta == NULL) 1312 return; 1313 ap_sta_set_authorized(hapd, sta, 0); 1314 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1315 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1316 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1317 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout " 1318 "for " MACSTR " (%d seconds - " 1319 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 1320 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1321 AP_MAX_INACTIVITY_AFTER_DEAUTH); 1322 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1323 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 1324 ap_handle_timer, hapd, sta); 1325 sta->timeout_next = STA_REMOVE; 1326 1327 if (hapd->iface->current_mode && 1328 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 1329 /* Deauthentication is not used in DMG/IEEE 802.11ad; 1330 * disassociate the STA instead. */ 1331 sta->disassoc_reason = reason; 1332 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 1333 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1334 eloop_register_timeout(hapd->iface->drv_flags & 1335 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 1336 2 : 0, 0, ap_sta_disassoc_cb_timeout, 1337 hapd, sta); 1338 return; 1339 } 1340 1341 sta->deauth_reason = reason; 1342 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 1343 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1344 eloop_register_timeout(hapd->iface->drv_flags & 1345 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 1346 ap_sta_deauth_cb_timeout, hapd, sta); 1347 } 1348 1349 1350 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta) 1351 { 1352 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) { 1353 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame"); 1354 return; 1355 } 1356 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB; 1357 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1358 ap_sta_deauth_cb_timeout(hapd, sta); 1359 } 1360 1361 1362 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta) 1363 { 1364 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) { 1365 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame"); 1366 return; 1367 } 1368 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB; 1369 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1370 ap_sta_disassoc_cb_timeout(hapd, sta); 1371 } 1372 1373 1374 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd, 1375 struct sta_info *sta) 1376 { 1377 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0) 1378 wpa_printf(MSG_DEBUG, 1379 "%s: Removed ap_sta_deauth_cb_timeout timeout for " 1380 MACSTR, 1381 hapd->conf->iface, MAC2STR(sta->addr)); 1382 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0) 1383 wpa_printf(MSG_DEBUG, 1384 "%s: Removed ap_sta_disassoc_cb_timeout timeout for " 1385 MACSTR, 1386 hapd->conf->iface, MAC2STR(sta->addr)); 1387 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0) 1388 { 1389 wpa_printf(MSG_DEBUG, 1390 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for " 1391 MACSTR, 1392 hapd->conf->iface, MAC2STR(sta->addr)); 1393 if (sta->flags & WLAN_STA_WPS) 1394 hostapd_wps_eap_completed(hapd); 1395 } 1396 } 1397 1398 1399 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen) 1400 { 1401 int res; 1402 1403 buf[0] = '\0'; 1404 res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 1405 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""), 1406 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""), 1407 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""), 1408 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" : 1409 ""), 1410 (flags & WLAN_STA_SHORT_PREAMBLE ? 1411 "[SHORT_PREAMBLE]" : ""), 1412 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""), 1413 (flags & WLAN_STA_WMM ? "[WMM]" : ""), 1414 (flags & WLAN_STA_MFP ? "[MFP]" : ""), 1415 (flags & WLAN_STA_WPS ? "[WPS]" : ""), 1416 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""), 1417 (flags & WLAN_STA_WDS ? "[WDS]" : ""), 1418 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""), 1419 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""), 1420 (flags & WLAN_STA_GAS ? "[GAS]" : ""), 1421 (flags & WLAN_STA_HT ? "[HT]" : ""), 1422 (flags & WLAN_STA_VHT ? "[VHT]" : ""), 1423 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""), 1424 (flags & WLAN_STA_WNM_SLEEP_MODE ? 1425 "[WNM_SLEEP_MODE]" : "")); 1426 if (os_snprintf_error(buflen, res)) 1427 res = -1; 1428 1429 return res; 1430 } 1431 1432 1433 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx) 1434 { 1435 struct hostapd_data *hapd = eloop_ctx; 1436 struct sta_info *sta = timeout_ctx; 1437 u16 reason; 1438 1439 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1440 "IEEE 802.1X: Scheduled disconnection of " MACSTR 1441 " after EAP-Failure", MAC2STR(sta->addr)); 1442 1443 reason = sta->disconnect_reason_code; 1444 if (!reason) 1445 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED; 1446 ap_sta_disconnect(hapd, sta, sta->addr, reason); 1447 if (sta->flags & WLAN_STA_WPS) 1448 hostapd_wps_eap_completed(hapd); 1449 } 1450 1451 1452 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1453 struct sta_info *sta) 1454 { 1455 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1456 "IEEE 802.1X: Force disconnection of " MACSTR 1457 " after EAP-Failure in 10 ms", MAC2STR(sta->addr)); 1458 1459 /* 1460 * Add a small sleep to increase likelihood of previously requested 1461 * EAP-Failure TX getting out before this should the driver reorder 1462 * operations. 1463 */ 1464 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta); 1465 eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb, 1466 hapd, sta); 1467 } 1468 1469 1470 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1471 struct sta_info *sta) 1472 { 1473 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb, 1474 hapd, sta); 1475 } 1476
