1 /* 2 * hostapd / Callback functions for driver wrappers 3 * Copyright (c) 2002-2009, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "radius/radius.h" 13 #include "drivers/driver.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/ieee802_11_common.h" 16 #include "crypto/random.h" 17 #include "p2p/p2p.h" 18 #include "wps/wps.h" 19 #include "hostapd.h" 20 #include "ieee802_11.h" 21 #include "sta_info.h" 22 #include "accounting.h" 23 #include "tkip_countermeasures.h" 24 #include "ieee802_1x.h" 25 #include "wpa_auth.h" 26 #include "wps_hostapd.h" 27 #include "ap_drv_ops.h" 28 #include "ap_config.h" 29 30 31 int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, 32 const u8 *req_ies, size_t req_ies_len, int reassoc) 33 { 34 struct sta_info *sta; 35 int new_assoc, res; 36 struct ieee802_11_elems elems; 37 const u8 *ie; 38 size_t ielen; 39 u16 reason = WLAN_REASON_UNSPECIFIED; 40 41 if (addr == NULL) { 42 /* 43 * This could potentially happen with unexpected event from the 44 * driver wrapper. This was seen at least in one case where the 45 * driver ended up being set to station mode while hostapd was 46 * running, so better make sure we stop processing such an 47 * event here. 48 */ 49 wpa_printf(MSG_DEBUG, "hostapd_notif_assoc: Skip event with " 50 "no address"); 51 return -1; 52 } 53 random_add_randomness(addr, ETH_ALEN); 54 55 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 56 HOSTAPD_LEVEL_INFO, "associated"); 57 58 ieee802_11_parse_elems(req_ies, req_ies_len, &elems, 0); 59 if (elems.wps_ie) { 60 ie = elems.wps_ie - 2; 61 ielen = elems.wps_ie_len + 2; 62 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)AssocReq"); 63 } else if (elems.rsn_ie) { 64 ie = elems.rsn_ie - 2; 65 ielen = elems.rsn_ie_len + 2; 66 wpa_printf(MSG_DEBUG, "STA included RSN IE in (Re)AssocReq"); 67 } else if (elems.wpa_ie) { 68 ie = elems.wpa_ie - 2; 69 ielen = elems.wpa_ie_len + 2; 70 wpa_printf(MSG_DEBUG, "STA included WPA IE in (Re)AssocReq"); 71 } else { 72 ie = NULL; 73 ielen = 0; 74 wpa_printf(MSG_DEBUG, "STA did not include WPS/RSN/WPA IE in " 75 "(Re)AssocReq"); 76 } 77 78 sta = ap_get_sta(hapd, addr); 79 if (sta) { 80 accounting_sta_stop(hapd, sta); 81 } else { 82 sta = ap_sta_add(hapd, addr); 83 if (sta == NULL) 84 return -1; 85 } 86 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 87 88 #ifdef CONFIG_P2P 89 if (elems.p2p) { 90 wpabuf_free(sta->p2p_ie); 91 sta->p2p_ie = ieee802_11_vendor_ie_concat(req_ies, req_ies_len, 92 P2P_IE_VENDOR_TYPE); 93 } 94 #endif /* CONFIG_P2P */ 95 96 if (hapd->conf->wpa) { 97 if (ie == NULL || ielen == 0) { 98 #ifdef CONFIG_WPS 99 if (hapd->conf->wps_state) { 100 wpa_printf(MSG_DEBUG, "STA did not include " 101 "WPA/RSN IE in (Re)Association " 102 "Request - possible WPS use"); 103 sta->flags |= WLAN_STA_MAYBE_WPS; 104 goto skip_wpa_check; 105 } 106 #endif /* CONFIG_WPS */ 107 108 wpa_printf(MSG_DEBUG, "No WPA/RSN IE from STA"); 109 return -1; 110 } 111 #ifdef CONFIG_WPS 112 if (hapd->conf->wps_state && ie[0] == 0xdd && ie[1] >= 4 && 113 os_memcmp(ie + 2, "\x00\x50\xf2\x04", 4) == 0) { 114 struct wpabuf *wps; 115 sta->flags |= WLAN_STA_WPS; 116 wps = ieee802_11_vendor_ie_concat(ie, ielen, 117 WPS_IE_VENDOR_TYPE); 118 if (wps) { 119 if (wps_is_20(wps)) { 120 wpa_printf(MSG_DEBUG, "WPS: STA " 121 "supports WPS 2.0"); 122 sta->flags |= WLAN_STA_WPS2; 123 } 124 wpabuf_free(wps); 125 } 126 goto skip_wpa_check; 127 } 128 #endif /* CONFIG_WPS */ 129 130 if (sta->wpa_sm == NULL) 131 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 132 sta->addr); 133 if (sta->wpa_sm == NULL) { 134 wpa_printf(MSG_ERROR, "Failed to initialize WPA state " 135 "machine"); 136 return -1; 137 } 138 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 139 ie, ielen, NULL, 0); 140 if (res != WPA_IE_OK) { 141 wpa_printf(MSG_DEBUG, "WPA/RSN information element " 142 "rejected? (res %u)", res); 143 wpa_hexdump(MSG_DEBUG, "IE", ie, ielen); 144 if (res == WPA_INVALID_GROUP) 145 reason = WLAN_REASON_GROUP_CIPHER_NOT_VALID; 146 else if (res == WPA_INVALID_PAIRWISE) 147 reason = WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID; 148 else if (res == WPA_INVALID_AKMP) 149 reason = WLAN_REASON_AKMP_NOT_VALID; 150 #ifdef CONFIG_IEEE80211W 151 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 152 reason = WLAN_REASON_INVALID_IE; 153 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 154 reason = WLAN_REASON_GROUP_CIPHER_NOT_VALID; 155 #endif /* CONFIG_IEEE80211W */ 156 else 157 reason = WLAN_REASON_INVALID_IE; 158 goto fail; 159 } 160 } else if (hapd->conf->wps_state) { 161 #ifdef CONFIG_WPS 162 struct wpabuf *wps; 163 if (req_ies) 164 wps = ieee802_11_vendor_ie_concat(req_ies, req_ies_len, 165 WPS_IE_VENDOR_TYPE); 166 else 167 wps = NULL; 168 #ifdef CONFIG_WPS_STRICT 169 if (wps && wps_validate_assoc_req(wps) < 0) { 170 reason = WLAN_REASON_INVALID_IE; 171 wpabuf_free(wps); 172 goto fail; 173 } 174 #endif /* CONFIG_WPS_STRICT */ 175 if (wps) { 176 sta->flags |= WLAN_STA_WPS; 177 if (wps_is_20(wps)) { 178 wpa_printf(MSG_DEBUG, "WPS: STA supports " 179 "WPS 2.0"); 180 sta->flags |= WLAN_STA_WPS2; 181 } 182 } else 183 sta->flags |= WLAN_STA_MAYBE_WPS; 184 wpabuf_free(wps); 185 #endif /* CONFIG_WPS */ 186 } 187 #ifdef CONFIG_WPS 188 skip_wpa_check: 189 #endif /* CONFIG_WPS */ 190 191 new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0; 192 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; 193 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 194 195 hostapd_new_assoc_sta(hapd, sta, !new_assoc); 196 197 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 198 199 #ifdef CONFIG_P2P 200 if (req_ies) { 201 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, 202 req_ies, req_ies_len); 203 } 204 #endif /* CONFIG_P2P */ 205 206 return 0; 207 208 fail: 209 hostapd_drv_sta_disassoc(hapd, sta->addr, reason); 210 ap_free_sta(hapd, sta); 211 return -1; 212 } 213 214 215 void hostapd_notif_disassoc(struct hostapd_data *hapd, const u8 *addr) 216 { 217 struct sta_info *sta; 218 219 if (addr == NULL) { 220 /* 221 * This could potentially happen with unexpected event from the 222 * driver wrapper. This was seen at least in one case where the 223 * driver ended up reporting a station mode event while hostapd 224 * was running, so better make sure we stop processing such an 225 * event here. 226 */ 227 wpa_printf(MSG_DEBUG, "hostapd_notif_disassoc: Skip event " 228 "with no address"); 229 return; 230 } 231 232 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 233 HOSTAPD_LEVEL_INFO, "disassociated"); 234 235 sta = ap_get_sta(hapd, addr); 236 if (sta == NULL) { 237 wpa_printf(MSG_DEBUG, "Disassociation notification for " 238 "unknown STA " MACSTR, MAC2STR(addr)); 239 return; 240 } 241 242 ap_sta_set_authorized(hapd, sta, 0); 243 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 244 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 245 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 246 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 247 ap_free_sta(hapd, sta); 248 } 249 250 251 void hostapd_event_sta_low_ack(struct hostapd_data *hapd, const u8 *addr) 252 { 253 struct sta_info *sta = ap_get_sta(hapd, addr); 254 255 if (!sta || !hapd->conf->disassoc_low_ack) 256 return; 257 258 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 259 HOSTAPD_LEVEL_INFO, "disconnected due to excessive " 260 "missing ACKs"); 261 hostapd_drv_sta_disassoc(hapd, addr, WLAN_REASON_DISASSOC_LOW_ACK); 262 if (sta) 263 ap_sta_disassociate(hapd, sta, WLAN_REASON_DISASSOC_LOW_ACK); 264 } 265 266 267 int hostapd_probe_req_rx(struct hostapd_data *hapd, const u8 *sa, const u8 *da, 268 const u8 *bssid, const u8 *ie, size_t ie_len) 269 { 270 size_t i; 271 int ret = 0; 272 273 if (sa == NULL || ie == NULL) 274 return -1; 275 276 random_add_randomness(sa, ETH_ALEN); 277 for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++) { 278 if (hapd->probereq_cb[i].cb(hapd->probereq_cb[i].ctx, 279 sa, da, bssid, ie, ie_len) > 0) { 280 ret = 1; 281 break; 282 } 283 } 284 return ret; 285 } 286 287 288 #ifdef HOSTAPD 289 290 #ifdef NEED_AP_MLME 291 292 #define HAPD_BROADCAST ((struct hostapd_data *) -1) 293 294 static struct hostapd_data * get_hapd_bssid(struct hostapd_iface *iface, 295 const u8 *bssid) 296 { 297 size_t i; 298 299 if (bssid == NULL) 300 return NULL; 301 if (bssid[0] == 0xff && bssid[1] == 0xff && bssid[2] == 0xff && 302 bssid[3] == 0xff && bssid[4] == 0xff && bssid[5] == 0xff) 303 return HAPD_BROADCAST; 304 305 for (i = 0; i < iface->num_bss; i++) { 306 if (os_memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) 307 return iface->bss[i]; 308 } 309 310 return NULL; 311 } 312 313 314 static void hostapd_rx_from_unknown_sta(struct hostapd_data *hapd, 315 const u8 *bssid, const u8 *addr, 316 int wds) 317 { 318 hapd = get_hapd_bssid(hapd->iface, bssid); 319 if (hapd == NULL || hapd == HAPD_BROADCAST) 320 return; 321 322 ieee802_11_rx_from_unknown(hapd, addr, wds); 323 } 324 325 326 static void hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt) 327 { 328 struct hostapd_iface *iface = hapd->iface; 329 const struct ieee80211_hdr *hdr; 330 const u8 *bssid; 331 struct hostapd_frame_info fi; 332 333 hdr = (const struct ieee80211_hdr *) rx_mgmt->frame; 334 bssid = get_hdr_bssid(hdr, rx_mgmt->frame_len); 335 if (bssid == NULL) 336 return; 337 338 hapd = get_hapd_bssid(iface, bssid); 339 if (hapd == NULL) { 340 u16 fc; 341 fc = le_to_host16(hdr->frame_control); 342 343 /* 344 * Drop frames to unknown BSSIDs except for Beacon frames which 345 * could be used to update neighbor information. 346 */ 347 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 348 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) 349 hapd = iface->bss[0]; 350 else 351 return; 352 } 353 354 os_memset(&fi, 0, sizeof(fi)); 355 fi.datarate = rx_mgmt->datarate; 356 fi.ssi_signal = rx_mgmt->ssi_signal; 357 358 if (hapd == HAPD_BROADCAST) { 359 size_t i; 360 for (i = 0; i < iface->num_bss; i++) 361 ieee802_11_mgmt(iface->bss[i], rx_mgmt->frame, 362 rx_mgmt->frame_len, &fi); 363 } else 364 ieee802_11_mgmt(hapd, rx_mgmt->frame, rx_mgmt->frame_len, &fi); 365 366 random_add_randomness(&fi, sizeof(fi)); 367 } 368 369 370 static void hostapd_rx_action(struct hostapd_data *hapd, 371 struct rx_action *rx_action) 372 { 373 struct rx_mgmt rx_mgmt; 374 u8 *buf; 375 struct ieee80211_hdr *hdr; 376 377 wpa_printf(MSG_DEBUG, "EVENT_RX_ACTION DA=" MACSTR " SA=" MACSTR 378 " BSSID=" MACSTR " category=%u", 379 MAC2STR(rx_action->da), MAC2STR(rx_action->sa), 380 MAC2STR(rx_action->bssid), rx_action->category); 381 wpa_hexdump(MSG_MSGDUMP, "Received action frame contents", 382 rx_action->data, rx_action->len); 383 384 buf = os_zalloc(24 + 1 + rx_action->len); 385 if (buf == NULL) 386 return; 387 hdr = (struct ieee80211_hdr *) buf; 388 hdr->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 389 WLAN_FC_STYPE_ACTION); 390 if (rx_action->category == WLAN_ACTION_SA_QUERY) { 391 /* 392 * Assume frame was protected; it would have been dropped if 393 * not. 394 */ 395 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 396 } 397 os_memcpy(hdr->addr1, rx_action->da, ETH_ALEN); 398 os_memcpy(hdr->addr2, rx_action->sa, ETH_ALEN); 399 os_memcpy(hdr->addr3, rx_action->bssid, ETH_ALEN); 400 buf[24] = rx_action->category; 401 os_memcpy(buf + 24 + 1, rx_action->data, rx_action->len); 402 os_memset(&rx_mgmt, 0, sizeof(rx_mgmt)); 403 rx_mgmt.frame = buf; 404 rx_mgmt.frame_len = 24 + 1 + rx_action->len; 405 hostapd_mgmt_rx(hapd, &rx_mgmt); 406 os_free(buf); 407 } 408 409 410 static void hostapd_mgmt_tx_cb(struct hostapd_data *hapd, const u8 *buf, 411 size_t len, u16 stype, int ok) 412 { 413 struct ieee80211_hdr *hdr; 414 hdr = (struct ieee80211_hdr *) buf; 415 hapd = get_hapd_bssid(hapd->iface, get_hdr_bssid(hdr, len)); 416 if (hapd == NULL || hapd == HAPD_BROADCAST) 417 return; 418 ieee802_11_mgmt_cb(hapd, buf, len, stype, ok); 419 } 420 421 #endif /* NEED_AP_MLME */ 422 423 424 static int hostapd_event_new_sta(struct hostapd_data *hapd, const u8 *addr) 425 { 426 struct sta_info *sta = ap_get_sta(hapd, addr); 427 if (sta) 428 return 0; 429 430 wpa_printf(MSG_DEBUG, "Data frame from unknown STA " MACSTR 431 " - adding a new STA", MAC2STR(addr)); 432 sta = ap_sta_add(hapd, addr); 433 if (sta) { 434 hostapd_new_assoc_sta(hapd, sta, 0); 435 } else { 436 wpa_printf(MSG_DEBUG, "Failed to add STA entry for " MACSTR, 437 MAC2STR(addr)); 438 return -1; 439 } 440 441 return 0; 442 } 443 444 445 static void hostapd_event_eapol_rx(struct hostapd_data *hapd, const u8 *src, 446 const u8 *data, size_t data_len) 447 { 448 struct hostapd_iface *iface = hapd->iface; 449 size_t j; 450 451 for (j = 0; j < iface->num_bss; j++) { 452 if (ap_get_sta(iface->bss[j], src)) { 453 hapd = iface->bss[j]; 454 break; 455 } 456 } 457 458 ieee802_1x_receive(hapd, src, data, data_len); 459 } 460 461 462 void wpa_supplicant_event(void *ctx, enum wpa_event_type event, 463 union wpa_event_data *data) 464 { 465 struct hostapd_data *hapd = ctx; 466 #ifndef CONFIG_NO_STDOUT_DEBUG 467 int level = MSG_DEBUG; 468 469 if (event == EVENT_RX_MGMT && data && data->rx_mgmt.frame && 470 data->rx_mgmt.frame_len >= 24) { 471 const struct ieee80211_hdr *hdr; 472 u16 fc; 473 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame; 474 fc = le_to_host16(hdr->frame_control); 475 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 476 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) 477 level = MSG_EXCESSIVE; 478 } 479 480 wpa_dbg(hapd->msg_ctx, level, "Event %s (%d) received", 481 event_to_string(event), event); 482 #endif /* CONFIG_NO_STDOUT_DEBUG */ 483 484 switch (event) { 485 case EVENT_MICHAEL_MIC_FAILURE: 486 michael_mic_failure(hapd, data->michael_mic_failure.src, 1); 487 break; 488 case EVENT_SCAN_RESULTS: 489 if (hapd->iface->scan_cb) 490 hapd->iface->scan_cb(hapd->iface); 491 break; 492 #ifdef CONFIG_IEEE80211R 493 case EVENT_FT_RRB_RX: 494 wpa_ft_rrb_rx(hapd->wpa_auth, data->ft_rrb_rx.src, 495 data->ft_rrb_rx.data, data->ft_rrb_rx.data_len); 496 break; 497 #endif /* CONFIG_IEEE80211R */ 498 case EVENT_WPS_BUTTON_PUSHED: 499 hostapd_wps_button_pushed(hapd, NULL); 500 break; 501 #ifdef NEED_AP_MLME 502 case EVENT_TX_STATUS: 503 switch (data->tx_status.type) { 504 case WLAN_FC_TYPE_MGMT: 505 hostapd_mgmt_tx_cb(hapd, data->tx_status.data, 506 data->tx_status.data_len, 507 data->tx_status.stype, 508 data->tx_status.ack); 509 break; 510 case WLAN_FC_TYPE_DATA: 511 hostapd_tx_status(hapd, data->tx_status.dst, 512 data->tx_status.data, 513 data->tx_status.data_len, 514 data->tx_status.ack); 515 break; 516 } 517 break; 518 case EVENT_EAPOL_TX_STATUS: 519 hostapd_eapol_tx_status(hapd, data->eapol_tx_status.dst, 520 data->eapol_tx_status.data, 521 data->eapol_tx_status.data_len, 522 data->eapol_tx_status.ack); 523 break; 524 case EVENT_DRIVER_CLIENT_POLL_OK: 525 hostapd_client_poll_ok(hapd, data->client_poll.addr); 526 break; 527 case EVENT_RX_FROM_UNKNOWN: 528 hostapd_rx_from_unknown_sta(hapd, data->rx_from_unknown.bssid, 529 data->rx_from_unknown.addr, 530 data->rx_from_unknown.wds); 531 break; 532 case EVENT_RX_MGMT: 533 hostapd_mgmt_rx(hapd, &data->rx_mgmt); 534 break; 535 #endif /* NEED_AP_MLME */ 536 case EVENT_RX_PROBE_REQ: 537 if (data->rx_probe_req.sa == NULL || 538 data->rx_probe_req.ie == NULL) 539 break; 540 hostapd_probe_req_rx(hapd, data->rx_probe_req.sa, 541 data->rx_probe_req.da, 542 data->rx_probe_req.bssid, 543 data->rx_probe_req.ie, 544 data->rx_probe_req.ie_len); 545 break; 546 case EVENT_NEW_STA: 547 hostapd_event_new_sta(hapd, data->new_sta.addr); 548 break; 549 case EVENT_EAPOL_RX: 550 hostapd_event_eapol_rx(hapd, data->eapol_rx.src, 551 data->eapol_rx.data, 552 data->eapol_rx.data_len); 553 break; 554 case EVENT_ASSOC: 555 hostapd_notif_assoc(hapd, data->assoc_info.addr, 556 data->assoc_info.req_ies, 557 data->assoc_info.req_ies_len, 558 data->assoc_info.reassoc); 559 break; 560 case EVENT_DISASSOC: 561 if (data) 562 hostapd_notif_disassoc(hapd, data->disassoc_info.addr); 563 break; 564 case EVENT_DEAUTH: 565 if (data) 566 hostapd_notif_disassoc(hapd, data->deauth_info.addr); 567 break; 568 case EVENT_STATION_LOW_ACK: 569 if (!data) 570 break; 571 hostapd_event_sta_low_ack(hapd, data->low_ack.addr); 572 break; 573 #ifdef NEED_AP_MLME 574 case EVENT_RX_ACTION: 575 if (data->rx_action.da == NULL || data->rx_action.sa == NULL || 576 data->rx_action.bssid == NULL) 577 break; 578 hostapd_rx_action(hapd, &data->rx_action); 579 break; 580 #endif /* NEED_AP_MLME */ 581 default: 582 wpa_printf(MSG_DEBUG, "Unknown event %d", event); 583 break; 584 } 585 } 586 587 #endif /* HOSTAPD */ 588
