1 /* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2012, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #ifndef CONFIG_NATIVE_WINDOWS 12 13 #include "utils/common.h" 14 #include "utils/eloop.h" 15 #include "crypto/crypto.h" 16 #include "crypto/sha256.h" 17 #include "crypto/random.h" 18 #include "drivers/driver.h" 19 #include "common/ieee802_11_defs.h" 20 #include "common/ieee802_11_common.h" 21 #include "common/wpa_ctrl.h" 22 #include "common/sae.h" 23 #include "radius/radius.h" 24 #include "radius/radius_client.h" 25 #include "p2p/p2p.h" 26 #include "wps/wps.h" 27 #include "hostapd.h" 28 #include "beacon.h" 29 #include "ieee802_11_auth.h" 30 #include "sta_info.h" 31 #include "ieee802_1x.h" 32 #include "wpa_auth.h" 33 #include "wmm.h" 34 #include "ap_list.h" 35 #include "accounting.h" 36 #include "ap_config.h" 37 #include "ap_mlme.h" 38 #include "p2p_hostapd.h" 39 #include "ap_drv_ops.h" 40 #include "wnm_ap.h" 41 #include "ieee802_11.h" 42 43 44 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 45 { 46 u8 *pos = eid; 47 int i, num, count; 48 49 if (hapd->iface->current_rates == NULL) 50 return eid; 51 52 *pos++ = WLAN_EID_SUPP_RATES; 53 num = hapd->iface->num_rates; 54 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 55 num++; 56 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 57 num++; 58 if (num > 8) { 59 /* rest of the rates are encoded in Extended supported 60 * rates element */ 61 num = 8; 62 } 63 64 *pos++ = num; 65 count = 0; 66 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 67 i++) { 68 count++; 69 *pos = hapd->iface->current_rates[i].rate / 5; 70 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 71 *pos |= 0x80; 72 pos++; 73 } 74 75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 76 count++; 77 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 78 } 79 80 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 81 count++; 82 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 83 } 84 85 return pos; 86 } 87 88 89 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 90 { 91 u8 *pos = eid; 92 int i, num, count; 93 94 if (hapd->iface->current_rates == NULL) 95 return eid; 96 97 num = hapd->iface->num_rates; 98 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 99 num++; 100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 101 num++; 102 if (num <= 8) 103 return eid; 104 num -= 8; 105 106 *pos++ = WLAN_EID_EXT_SUPP_RATES; 107 *pos++ = num; 108 count = 0; 109 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 110 i++) { 111 count++; 112 if (count <= 8) 113 continue; /* already in SuppRates IE */ 114 *pos = hapd->iface->current_rates[i].rate / 5; 115 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 116 *pos |= 0x80; 117 pos++; 118 } 119 120 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 121 count++; 122 if (count > 8) 123 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 124 } 125 126 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 127 count++; 128 if (count > 8) 129 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 130 } 131 132 return pos; 133 } 134 135 136 u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 137 int probe) 138 { 139 int capab = WLAN_CAPABILITY_ESS; 140 int privacy; 141 142 if (hapd->iface->num_sta_no_short_preamble == 0 && 143 hapd->iconf->preamble == SHORT_PREAMBLE) 144 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 145 146 privacy = hapd->conf->ssid.wep.keys_set; 147 148 if (hapd->conf->ieee802_1x && 149 (hapd->conf->default_wep_key_len || 150 hapd->conf->individual_wep_key_len)) 151 privacy = 1; 152 153 if (hapd->conf->wpa) 154 privacy = 1; 155 156 if (sta) { 157 int policy, def_klen; 158 if (probe && sta->ssid_probe) { 159 policy = sta->ssid_probe->security_policy; 160 def_klen = sta->ssid_probe->wep.default_len; 161 } else { 162 policy = sta->ssid->security_policy; 163 def_klen = sta->ssid->wep.default_len; 164 } 165 privacy = policy != SECURITY_PLAINTEXT; 166 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 167 privacy = 0; 168 } 169 170 if (privacy) 171 capab |= WLAN_CAPABILITY_PRIVACY; 172 173 if (hapd->iface->current_mode && 174 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 175 hapd->iface->num_sta_no_short_slot_time == 0) 176 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 177 178 return capab; 179 } 180 181 182 void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len) 183 { 184 int i; 185 if (len > HOSTAPD_MAX_SSID_LEN) 186 len = HOSTAPD_MAX_SSID_LEN; 187 for (i = 0; i < len; i++) { 188 if (ssid[i] >= 32 && ssid[i] < 127) 189 buf[i] = ssid[i]; 190 else 191 buf[i] = '.'; 192 } 193 buf[len] = '\0'; 194 } 195 196 197 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 198 u16 auth_transaction, const u8 *challenge, 199 int iswep) 200 { 201 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 202 HOSTAPD_LEVEL_DEBUG, 203 "authentication (shared key, transaction %d)", 204 auth_transaction); 205 206 if (auth_transaction == 1) { 207 if (!sta->challenge) { 208 /* Generate a pseudo-random challenge */ 209 u8 key[8]; 210 struct os_time now; 211 int r; 212 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 213 if (sta->challenge == NULL) 214 return WLAN_STATUS_UNSPECIFIED_FAILURE; 215 216 os_get_time(&now); 217 r = os_random(); 218 os_memcpy(key, &now.sec, 4); 219 os_memcpy(key + 4, &r, 4); 220 rc4_skip(key, sizeof(key), 0, 221 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 222 } 223 return 0; 224 } 225 226 if (auth_transaction != 3) 227 return WLAN_STATUS_UNSPECIFIED_FAILURE; 228 229 /* Transaction 3 */ 230 if (!iswep || !sta->challenge || !challenge || 231 os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { 232 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 233 HOSTAPD_LEVEL_INFO, 234 "shared key authentication - invalid " 235 "challenge-response"); 236 return WLAN_STATUS_CHALLENGE_FAIL; 237 } 238 239 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 240 HOSTAPD_LEVEL_DEBUG, 241 "authentication OK (shared key)"); 242 #ifdef IEEE80211_REQUIRE_AUTH_ACK 243 /* Station will be marked authenticated if it ACKs the 244 * authentication reply. */ 245 #else 246 sta->flags |= WLAN_STA_AUTH; 247 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 248 #endif 249 os_free(sta->challenge); 250 sta->challenge = NULL; 251 252 return 0; 253 } 254 255 256 static void send_auth_reply(struct hostapd_data *hapd, 257 const u8 *dst, const u8 *bssid, 258 u16 auth_alg, u16 auth_transaction, u16 resp, 259 const u8 *ies, size_t ies_len) 260 { 261 struct ieee80211_mgmt *reply; 262 u8 *buf; 263 size_t rlen; 264 265 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 266 buf = os_zalloc(rlen); 267 if (buf == NULL) 268 return; 269 270 reply = (struct ieee80211_mgmt *) buf; 271 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 272 WLAN_FC_STYPE_AUTH); 273 os_memcpy(reply->da, dst, ETH_ALEN); 274 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 275 os_memcpy(reply->bssid, bssid, ETH_ALEN); 276 277 reply->u.auth.auth_alg = host_to_le16(auth_alg); 278 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 279 reply->u.auth.status_code = host_to_le16(resp); 280 281 if (ies && ies_len) 282 os_memcpy(reply->u.auth.variable, ies, ies_len); 283 284 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 285 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 286 MAC2STR(dst), auth_alg, auth_transaction, 287 resp, (unsigned long) ies_len); 288 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 289 perror("send_auth_reply: send"); 290 291 os_free(buf); 292 } 293 294 295 #ifdef CONFIG_IEEE80211R 296 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 297 u16 auth_transaction, u16 status, 298 const u8 *ies, size_t ies_len) 299 { 300 struct hostapd_data *hapd = ctx; 301 struct sta_info *sta; 302 303 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 304 status, ies, ies_len); 305 306 if (status != WLAN_STATUS_SUCCESS) 307 return; 308 309 sta = ap_get_sta(hapd, dst); 310 if (sta == NULL) 311 return; 312 313 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 314 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 315 sta->flags |= WLAN_STA_AUTH; 316 mlme_authenticate_indication(hapd, sta); 317 } 318 #endif /* CONFIG_IEEE80211R */ 319 320 321 #ifdef CONFIG_SAE 322 323 static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd, 324 struct sta_info *sta) 325 { 326 struct wpabuf *buf; 327 328 if (hapd->conf->ssid.wpa_passphrase == NULL) { 329 wpa_printf(MSG_DEBUG, "SAE: No password available"); 330 return NULL; 331 } 332 333 if (sae_prepare_commit(hapd->own_addr, sta->addr, 334 (u8 *) hapd->conf->ssid.wpa_passphrase, 335 os_strlen(hapd->conf->ssid.wpa_passphrase), 336 sta->sae) < 0) { 337 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 338 return NULL; 339 } 340 341 if (sae_process_commit(sta->sae) < 0) { 342 wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); 343 return NULL; 344 } 345 346 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 347 if (buf == NULL) 348 return NULL; 349 sae_write_commit(sta->sae, buf, NULL); 350 351 return buf; 352 } 353 354 355 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 356 struct sta_info *sta) 357 { 358 struct wpabuf *buf; 359 360 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 361 if (buf == NULL) 362 return NULL; 363 364 sae_write_confirm(sta->sae, buf); 365 366 return buf; 367 } 368 369 370 static int use_sae_anti_clogging(struct hostapd_data *hapd) 371 { 372 struct sta_info *sta; 373 unsigned int open = 0; 374 375 if (hapd->conf->sae_anti_clogging_threshold == 0) 376 return 1; 377 378 for (sta = hapd->sta_list; sta; sta = sta->next) { 379 if (!sta->sae) 380 continue; 381 if (sta->sae->state != SAE_COMMITTED && 382 sta->sae->state != SAE_CONFIRMED) 383 continue; 384 open++; 385 if (open >= hapd->conf->sae_anti_clogging_threshold) 386 return 1; 387 } 388 389 return 0; 390 } 391 392 393 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 394 const u8 *token, size_t token_len) 395 { 396 u8 mac[SHA256_MAC_LEN]; 397 398 if (token_len != SHA256_MAC_LEN) 399 return -1; 400 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 401 addr, ETH_ALEN, mac) < 0 || 402 os_memcmp(token, mac, SHA256_MAC_LEN) != 0) 403 return -1; 404 405 return 0; 406 } 407 408 409 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 410 const u8 *addr) 411 { 412 struct wpabuf *buf; 413 u8 *token; 414 struct os_time t; 415 416 os_get_time(&t); 417 if (hapd->last_sae_token_key_update == 0 || 418 t.sec > hapd->last_sae_token_key_update + 60) { 419 if (random_get_bytes(hapd->sae_token_key, 420 sizeof(hapd->sae_token_key)) < 0) 421 return NULL; 422 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 423 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 424 hapd->last_sae_token_key_update = t.sec; 425 } 426 427 buf = wpabuf_alloc(SHA256_MAC_LEN); 428 if (buf == NULL) 429 return NULL; 430 431 token = wpabuf_put(buf, SHA256_MAC_LEN); 432 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 433 addr, ETH_ALEN, token); 434 435 return buf; 436 } 437 438 439 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 440 const struct ieee80211_mgmt *mgmt, size_t len, 441 u8 auth_transaction) 442 { 443 u16 resp = WLAN_STATUS_SUCCESS; 444 struct wpabuf *data = NULL; 445 446 if (!sta->sae) { 447 if (auth_transaction != 1) 448 return; 449 sta->sae = os_zalloc(sizeof(*sta->sae)); 450 if (sta->sae == NULL) 451 return; 452 sta->sae->state = SAE_NOTHING; 453 } 454 455 if (auth_transaction == 1) { 456 const u8 *token = NULL; 457 size_t token_len = 0; 458 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 459 HOSTAPD_LEVEL_DEBUG, 460 "start SAE authentication (RX commit)"); 461 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 462 ((const u8 *) mgmt) + len - 463 mgmt->u.auth.variable, &token, 464 &token_len, hapd->conf->sae_groups); 465 if (token && check_sae_token(hapd, sta->addr, token, token_len) 466 < 0) { 467 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 468 "incorrect token from " MACSTR, 469 MAC2STR(sta->addr)); 470 return; 471 } 472 473 if (resp == WLAN_STATUS_SUCCESS) { 474 if (!token && use_sae_anti_clogging(hapd)) { 475 wpa_printf(MSG_DEBUG, "SAE: Request anti-" 476 "clogging token from " MACSTR, 477 MAC2STR(sta->addr)); 478 data = auth_build_token_req(hapd, sta->addr); 479 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 480 } else { 481 data = auth_process_sae_commit(hapd, sta); 482 if (data == NULL) 483 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 484 else 485 sta->sae->state = SAE_COMMITTED; 486 } 487 } 488 } else if (auth_transaction == 2) { 489 if (sta->sae->state != SAE_COMMITTED) { 490 hostapd_logger(hapd, sta->addr, 491 HOSTAPD_MODULE_IEEE80211, 492 HOSTAPD_LEVEL_DEBUG, 493 "SAE confirm before commit"); 494 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 495 } 496 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 497 HOSTAPD_LEVEL_DEBUG, 498 "SAE authentication (RX confirm)"); 499 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 500 ((u8 *) mgmt) + len - 501 mgmt->u.auth.variable) < 0) { 502 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 503 } else { 504 resp = WLAN_STATUS_SUCCESS; 505 sta->flags |= WLAN_STA_AUTH; 506 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 507 sta->auth_alg = WLAN_AUTH_SAE; 508 mlme_authenticate_indication(hapd, sta); 509 510 data = auth_build_sae_confirm(hapd, sta); 511 if (data == NULL) 512 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 513 else { 514 sta->sae->state = SAE_ACCEPTED; 515 sae_clear_temp_data(sta->sae); 516 } 517 } 518 } else { 519 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 520 HOSTAPD_LEVEL_DEBUG, 521 "unexpected SAE authentication transaction %u", 522 auth_transaction); 523 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 524 } 525 526 sta->auth_alg = WLAN_AUTH_SAE; 527 528 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 529 auth_transaction, resp, 530 data ? wpabuf_head(data) : (u8 *) "", 531 data ? wpabuf_len(data) : 0); 532 wpabuf_free(data); 533 } 534 #endif /* CONFIG_SAE */ 535 536 537 static void handle_auth(struct hostapd_data *hapd, 538 const struct ieee80211_mgmt *mgmt, size_t len) 539 { 540 u16 auth_alg, auth_transaction, status_code; 541 u16 resp = WLAN_STATUS_SUCCESS; 542 struct sta_info *sta = NULL; 543 int res; 544 u16 fc; 545 const u8 *challenge = NULL; 546 u32 session_timeout, acct_interim_interval; 547 int vlan_id = 0; 548 struct hostapd_sta_wpa_psk_short *psk = NULL; 549 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 550 size_t resp_ies_len = 0; 551 char *identity = NULL; 552 char *radius_cui = NULL; 553 554 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 555 printf("handle_auth - too short payload (len=%lu)\n", 556 (unsigned long) len); 557 return; 558 } 559 560 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 561 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 562 status_code = le_to_host16(mgmt->u.auth.status_code); 563 fc = le_to_host16(mgmt->frame_control); 564 565 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 566 2 + WLAN_AUTH_CHALLENGE_LEN && 567 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 568 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 569 challenge = &mgmt->u.auth.variable[2]; 570 571 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 572 "auth_transaction=%d status_code=%d wep=%d%s", 573 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 574 status_code, !!(fc & WLAN_FC_ISWEP), 575 challenge ? " challenge" : ""); 576 577 if (hapd->tkip_countermeasures) { 578 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 579 goto fail; 580 } 581 582 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 583 auth_alg == WLAN_AUTH_OPEN) || 584 #ifdef CONFIG_IEEE80211R 585 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 586 auth_alg == WLAN_AUTH_FT) || 587 #endif /* CONFIG_IEEE80211R */ 588 #ifdef CONFIG_SAE 589 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 590 auth_alg == WLAN_AUTH_SAE) || 591 #endif /* CONFIG_SAE */ 592 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 593 auth_alg == WLAN_AUTH_SHARED_KEY))) { 594 printf("Unsupported authentication algorithm (%d)\n", 595 auth_alg); 596 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 597 goto fail; 598 } 599 600 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 601 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 602 printf("Unknown authentication transaction number (%d)\n", 603 auth_transaction); 604 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 605 goto fail; 606 } 607 608 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 609 printf("Station " MACSTR " not allowed to authenticate.\n", 610 MAC2STR(mgmt->sa)); 611 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 612 goto fail; 613 } 614 615 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 616 &session_timeout, 617 &acct_interim_interval, &vlan_id, 618 &psk, &identity, &radius_cui); 619 620 if (res == HOSTAPD_ACL_REJECT) { 621 printf("Station " MACSTR " not allowed to authenticate.\n", 622 MAC2STR(mgmt->sa)); 623 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 624 goto fail; 625 } 626 if (res == HOSTAPD_ACL_PENDING) { 627 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 628 " waiting for an external authentication", 629 MAC2STR(mgmt->sa)); 630 /* Authentication code will re-send the authentication frame 631 * after it has received (and cached) information from the 632 * external source. */ 633 return; 634 } 635 636 sta = ap_sta_add(hapd, mgmt->sa); 637 if (!sta) { 638 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 639 goto fail; 640 } 641 642 if (vlan_id > 0) { 643 if (hostapd_get_vlan_id_ifname(hapd->conf->vlan, 644 vlan_id) == NULL) { 645 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 646 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 647 "%d received from RADIUS server", 648 vlan_id); 649 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 650 goto fail; 651 } 652 sta->vlan_id = vlan_id; 653 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 654 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 655 } 656 657 hostapd_free_psk_list(sta->psk); 658 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 659 sta->psk = psk; 660 psk = NULL; 661 } else { 662 sta->psk = NULL; 663 } 664 665 sta->identity = identity; 666 identity = NULL; 667 sta->radius_cui = radius_cui; 668 radius_cui = NULL; 669 670 sta->flags &= ~WLAN_STA_PREAUTH; 671 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 672 673 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 674 sta->acct_interim_interval = acct_interim_interval; 675 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 676 ap_sta_session_timeout(hapd, sta, session_timeout); 677 else 678 ap_sta_no_session_timeout(hapd, sta); 679 680 switch (auth_alg) { 681 case WLAN_AUTH_OPEN: 682 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 683 HOSTAPD_LEVEL_DEBUG, 684 "authentication OK (open system)"); 685 #ifdef IEEE80211_REQUIRE_AUTH_ACK 686 /* Station will be marked authenticated if it ACKs the 687 * authentication reply. */ 688 #else 689 sta->flags |= WLAN_STA_AUTH; 690 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 691 sta->auth_alg = WLAN_AUTH_OPEN; 692 mlme_authenticate_indication(hapd, sta); 693 #endif 694 break; 695 case WLAN_AUTH_SHARED_KEY: 696 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 697 fc & WLAN_FC_ISWEP); 698 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 699 mlme_authenticate_indication(hapd, sta); 700 if (sta->challenge && auth_transaction == 1) { 701 resp_ies[0] = WLAN_EID_CHALLENGE; 702 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 703 os_memcpy(resp_ies + 2, sta->challenge, 704 WLAN_AUTH_CHALLENGE_LEN); 705 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 706 } 707 break; 708 #ifdef CONFIG_IEEE80211R 709 case WLAN_AUTH_FT: 710 sta->auth_alg = WLAN_AUTH_FT; 711 if (sta->wpa_sm == NULL) 712 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 713 sta->addr); 714 if (sta->wpa_sm == NULL) { 715 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 716 "state machine"); 717 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 718 goto fail; 719 } 720 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 721 auth_transaction, mgmt->u.auth.variable, 722 len - IEEE80211_HDRLEN - 723 sizeof(mgmt->u.auth), 724 handle_auth_ft_finish, hapd); 725 /* handle_auth_ft_finish() callback will complete auth. */ 726 return; 727 #endif /* CONFIG_IEEE80211R */ 728 #ifdef CONFIG_SAE 729 case WLAN_AUTH_SAE: 730 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction); 731 return; 732 #endif /* CONFIG_SAE */ 733 } 734 735 fail: 736 os_free(identity); 737 os_free(radius_cui); 738 hostapd_free_psk_list(psk); 739 740 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 741 auth_transaction + 1, resp, resp_ies, resp_ies_len); 742 } 743 744 745 static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 746 { 747 int i, j = 32, aid; 748 749 /* get a unique AID */ 750 if (sta->aid > 0) { 751 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 752 return 0; 753 } 754 755 for (i = 0; i < AID_WORDS; i++) { 756 if (hapd->sta_aid[i] == (u32) -1) 757 continue; 758 for (j = 0; j < 32; j++) { 759 if (!(hapd->sta_aid[i] & BIT(j))) 760 break; 761 } 762 if (j < 32) 763 break; 764 } 765 if (j == 32) 766 return -1; 767 aid = i * 32 + j + 1; 768 if (aid > 2007) 769 return -1; 770 771 sta->aid = aid; 772 hapd->sta_aid[i] |= BIT(j); 773 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 774 return 0; 775 } 776 777 778 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 779 const u8 *ssid_ie, size_t ssid_ie_len) 780 { 781 if (ssid_ie == NULL) 782 return WLAN_STATUS_UNSPECIFIED_FAILURE; 783 784 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 785 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 786 char ssid_txt[33]; 787 ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); 788 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 789 HOSTAPD_LEVEL_INFO, 790 "Station tried to associate with unknown SSID " 791 "'%s'", ssid_txt); 792 return WLAN_STATUS_UNSPECIFIED_FAILURE; 793 } 794 795 return WLAN_STATUS_SUCCESS; 796 } 797 798 799 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 800 const u8 *wmm_ie, size_t wmm_ie_len) 801 { 802 sta->flags &= ~WLAN_STA_WMM; 803 sta->qosinfo = 0; 804 if (wmm_ie && hapd->conf->wmm_enabled) { 805 struct wmm_information_element *wmm; 806 807 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 808 hostapd_logger(hapd, sta->addr, 809 HOSTAPD_MODULE_WPA, 810 HOSTAPD_LEVEL_DEBUG, 811 "invalid WMM element in association " 812 "request"); 813 return WLAN_STATUS_UNSPECIFIED_FAILURE; 814 } 815 816 sta->flags |= WLAN_STA_WMM; 817 wmm = (struct wmm_information_element *) wmm_ie; 818 sta->qosinfo = wmm->qos_info; 819 } 820 return WLAN_STATUS_SUCCESS; 821 } 822 823 824 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 825 struct ieee802_11_elems *elems) 826 { 827 if (!elems->supp_rates) { 828 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 829 HOSTAPD_LEVEL_DEBUG, 830 "No supported rates element in AssocReq"); 831 return WLAN_STATUS_UNSPECIFIED_FAILURE; 832 } 833 834 if (elems->supp_rates_len + elems->ext_supp_rates_len > 835 sizeof(sta->supported_rates)) { 836 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 837 HOSTAPD_LEVEL_DEBUG, 838 "Invalid supported rates element length %d+%d", 839 elems->supp_rates_len, 840 elems->ext_supp_rates_len); 841 return WLAN_STATUS_UNSPECIFIED_FAILURE; 842 } 843 844 sta->supported_rates_len = merge_byte_arrays( 845 sta->supported_rates, sizeof(sta->supported_rates), 846 elems->supp_rates, elems->supp_rates_len, 847 elems->ext_supp_rates, elems->ext_supp_rates_len); 848 849 return WLAN_STATUS_SUCCESS; 850 } 851 852 853 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 854 const u8 *ies, size_t ies_len, int reassoc) 855 { 856 struct ieee802_11_elems elems; 857 u16 resp; 858 const u8 *wpa_ie; 859 size_t wpa_ie_len; 860 861 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 862 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 863 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 864 "association request"); 865 return WLAN_STATUS_UNSPECIFIED_FAILURE; 866 } 867 868 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 869 if (resp != WLAN_STATUS_SUCCESS) 870 return resp; 871 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 872 if (resp != WLAN_STATUS_SUCCESS) 873 return resp; 874 resp = copy_supp_rates(hapd, sta, &elems); 875 if (resp != WLAN_STATUS_SUCCESS) 876 return resp; 877 #ifdef CONFIG_IEEE80211N 878 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 879 elems.ht_capabilities_len); 880 if (resp != WLAN_STATUS_SUCCESS) 881 return resp; 882 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 883 !(sta->flags & WLAN_STA_HT)) { 884 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 885 HOSTAPD_LEVEL_INFO, "Station does not support " 886 "mandatory HT PHY - reject association"); 887 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 888 } 889 #endif /* CONFIG_IEEE80211N */ 890 891 #ifdef CONFIG_IEEE80211AC 892 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities, 893 elems.vht_capabilities_len); 894 if (resp != WLAN_STATUS_SUCCESS) 895 return resp; 896 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 897 !(sta->flags & WLAN_STA_VHT)) { 898 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 899 HOSTAPD_LEVEL_INFO, "Station does not support " 900 "mandatory VHT PHY - reject association"); 901 return WLAN_STATUS_UNSPECIFIED_FAILURE; 902 } 903 #endif /* CONFIG_IEEE80211AC */ 904 905 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 906 wpa_ie = elems.rsn_ie; 907 wpa_ie_len = elems.rsn_ie_len; 908 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 909 elems.wpa_ie) { 910 wpa_ie = elems.wpa_ie; 911 wpa_ie_len = elems.wpa_ie_len; 912 } else { 913 wpa_ie = NULL; 914 wpa_ie_len = 0; 915 } 916 917 #ifdef CONFIG_WPS 918 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 919 if (hapd->conf->wps_state && elems.wps_ie) { 920 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 921 "Request - assume WPS is used"); 922 sta->flags |= WLAN_STA_WPS; 923 wpabuf_free(sta->wps_ie); 924 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 925 WPS_IE_VENDOR_TYPE); 926 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 927 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 928 sta->flags |= WLAN_STA_WPS2; 929 } 930 wpa_ie = NULL; 931 wpa_ie_len = 0; 932 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 933 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 934 "(Re)Association Request - reject"); 935 return WLAN_STATUS_INVALID_IE; 936 } 937 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 938 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 939 "(Re)Association Request - possible WPS use"); 940 sta->flags |= WLAN_STA_MAYBE_WPS; 941 } else 942 #endif /* CONFIG_WPS */ 943 if (hapd->conf->wpa && wpa_ie == NULL) { 944 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 945 HOSTAPD_LEVEL_INFO, 946 "No WPA/RSN IE in association request"); 947 return WLAN_STATUS_INVALID_IE; 948 } 949 950 if (hapd->conf->wpa && wpa_ie) { 951 int res; 952 wpa_ie -= 2; 953 wpa_ie_len += 2; 954 if (sta->wpa_sm == NULL) 955 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 956 sta->addr); 957 if (sta->wpa_sm == NULL) { 958 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 959 "state machine"); 960 return WLAN_STATUS_UNSPECIFIED_FAILURE; 961 } 962 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 963 wpa_ie, wpa_ie_len, 964 elems.mdie, elems.mdie_len); 965 if (res == WPA_INVALID_GROUP) 966 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 967 else if (res == WPA_INVALID_PAIRWISE) 968 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 969 else if (res == WPA_INVALID_AKMP) 970 resp = WLAN_STATUS_AKMP_NOT_VALID; 971 else if (res == WPA_ALLOC_FAIL) 972 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 973 #ifdef CONFIG_IEEE80211W 974 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 975 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 976 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 977 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 978 #endif /* CONFIG_IEEE80211W */ 979 else if (res == WPA_INVALID_MDIE) 980 resp = WLAN_STATUS_INVALID_MDIE; 981 else if (res != WPA_IE_OK) 982 resp = WLAN_STATUS_INVALID_IE; 983 if (resp != WLAN_STATUS_SUCCESS) 984 return resp; 985 #ifdef CONFIG_IEEE80211W 986 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 987 sta->sa_query_count > 0) 988 ap_check_sa_query_timeout(hapd, sta); 989 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 990 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 991 /* 992 * STA has already been associated with MFP and SA 993 * Query timeout has not been reached. Reject the 994 * association attempt temporarily and start SA Query, 995 * if one is not pending. 996 */ 997 998 if (sta->sa_query_count == 0) 999 ap_sta_start_sa_query(hapd, sta); 1000 1001 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1002 } 1003 1004 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1005 sta->flags |= WLAN_STA_MFP; 1006 else 1007 sta->flags &= ~WLAN_STA_MFP; 1008 #endif /* CONFIG_IEEE80211W */ 1009 1010 #ifdef CONFIG_IEEE80211R 1011 if (sta->auth_alg == WLAN_AUTH_FT) { 1012 if (!reassoc) { 1013 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1014 "to use association (not " 1015 "re-association) with FT auth_alg", 1016 MAC2STR(sta->addr)); 1017 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1018 } 1019 1020 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1021 ies_len); 1022 if (resp != WLAN_STATUS_SUCCESS) 1023 return resp; 1024 } 1025 #endif /* CONFIG_IEEE80211R */ 1026 1027 #ifdef CONFIG_SAE 1028 if (wpa_auth_uses_sae(sta->wpa_sm) && 1029 sta->auth_alg != WLAN_AUTH_SAE) { 1030 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1031 "SAE AKM after non-SAE auth_alg %u", 1032 MAC2STR(sta->addr), sta->auth_alg); 1033 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1034 } 1035 #endif /* CONFIG_SAE */ 1036 1037 #ifdef CONFIG_IEEE80211N 1038 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1039 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1040 hostapd_logger(hapd, sta->addr, 1041 HOSTAPD_MODULE_IEEE80211, 1042 HOSTAPD_LEVEL_INFO, 1043 "Station tried to use TKIP with HT " 1044 "association"); 1045 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1046 } 1047 #endif /* CONFIG_IEEE80211N */ 1048 } else 1049 wpa_auth_sta_no_wpa(sta->wpa_sm); 1050 1051 #ifdef CONFIG_P2P 1052 if (elems.p2p) { 1053 wpabuf_free(sta->p2p_ie); 1054 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1055 P2P_IE_VENDOR_TYPE); 1056 1057 } else { 1058 wpabuf_free(sta->p2p_ie); 1059 sta->p2p_ie = NULL; 1060 } 1061 1062 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1063 #endif /* CONFIG_P2P */ 1064 1065 #ifdef CONFIG_HS20 1066 wpabuf_free(sta->hs20_ie); 1067 if (elems.hs20 && elems.hs20_len > 4) { 1068 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1069 elems.hs20_len - 4); 1070 } else 1071 sta->hs20_ie = NULL; 1072 #endif /* CONFIG_HS20 */ 1073 1074 return WLAN_STATUS_SUCCESS; 1075 } 1076 1077 1078 static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1079 u16 reason_code) 1080 { 1081 int send_len; 1082 struct ieee80211_mgmt reply; 1083 1084 os_memset(&reply, 0, sizeof(reply)); 1085 reply.frame_control = 1086 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1087 os_memcpy(reply.da, addr, ETH_ALEN); 1088 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1089 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1090 1091 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1092 reply.u.deauth.reason_code = host_to_le16(reason_code); 1093 1094 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1095 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1096 strerror(errno)); 1097 } 1098 1099 1100 static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1101 u16 status_code, int reassoc, const u8 *ies, 1102 size_t ies_len) 1103 { 1104 int send_len; 1105 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1106 struct ieee80211_mgmt *reply; 1107 u8 *p; 1108 1109 os_memset(buf, 0, sizeof(buf)); 1110 reply = (struct ieee80211_mgmt *) buf; 1111 reply->frame_control = 1112 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1113 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1114 WLAN_FC_STYPE_ASSOC_RESP)); 1115 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1116 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1117 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1118 1119 send_len = IEEE80211_HDRLEN; 1120 send_len += sizeof(reply->u.assoc_resp); 1121 reply->u.assoc_resp.capab_info = 1122 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 1123 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1124 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) 1125 | BIT(14) | BIT(15)); 1126 /* Supported rates */ 1127 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1128 /* Extended supported rates */ 1129 p = hostapd_eid_ext_supp_rates(hapd, p); 1130 1131 #ifdef CONFIG_IEEE80211R 1132 if (status_code == WLAN_STATUS_SUCCESS) { 1133 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1134 * Transition Information, RSN, [RIC Response] */ 1135 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1136 buf + sizeof(buf) - p, 1137 sta->auth_alg, ies, ies_len); 1138 } 1139 #endif /* CONFIG_IEEE80211R */ 1140 1141 #ifdef CONFIG_IEEE80211W 1142 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1143 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1144 #endif /* CONFIG_IEEE80211W */ 1145 1146 #ifdef CONFIG_IEEE80211N 1147 p = hostapd_eid_ht_capabilities(hapd, p); 1148 p = hostapd_eid_ht_operation(hapd, p); 1149 #endif /* CONFIG_IEEE80211N */ 1150 1151 #ifdef CONFIG_IEEE80211AC 1152 p = hostapd_eid_vht_capabilities(hapd, p); 1153 p = hostapd_eid_vht_operation(hapd, p); 1154 #endif /* CONFIG_IEEE80211AC */ 1155 1156 p = hostapd_eid_ext_capab(hapd, p); 1157 p = hostapd_eid_bss_max_idle_period(hapd, p); 1158 1159 if (sta->flags & WLAN_STA_WMM) 1160 p = hostapd_eid_wmm(hapd, p); 1161 1162 #ifdef CONFIG_WPS 1163 if ((sta->flags & WLAN_STA_WPS) || 1164 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1165 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1166 if (wps) { 1167 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1168 p += wpabuf_len(wps); 1169 wpabuf_free(wps); 1170 } 1171 } 1172 #endif /* CONFIG_WPS */ 1173 1174 #ifdef CONFIG_P2P 1175 if (sta->p2p_ie) { 1176 struct wpabuf *p2p_resp_ie; 1177 enum p2p_status_code status; 1178 switch (status_code) { 1179 case WLAN_STATUS_SUCCESS: 1180 status = P2P_SC_SUCCESS; 1181 break; 1182 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1183 status = P2P_SC_FAIL_LIMIT_REACHED; 1184 break; 1185 default: 1186 status = P2P_SC_FAIL_INVALID_PARAMS; 1187 break; 1188 } 1189 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1190 if (p2p_resp_ie) { 1191 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1192 wpabuf_len(p2p_resp_ie)); 1193 p += wpabuf_len(p2p_resp_ie); 1194 wpabuf_free(p2p_resp_ie); 1195 } 1196 } 1197 #endif /* CONFIG_P2P */ 1198 1199 #ifdef CONFIG_P2P_MANAGER 1200 if (hapd->conf->p2p & P2P_MANAGE) 1201 p = hostapd_eid_p2p_manage(hapd, p); 1202 #endif /* CONFIG_P2P_MANAGER */ 1203 1204 send_len += p - reply->u.assoc_resp.variable; 1205 1206 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) 1207 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1208 strerror(errno)); 1209 } 1210 1211 1212 static void handle_assoc(struct hostapd_data *hapd, 1213 const struct ieee80211_mgmt *mgmt, size_t len, 1214 int reassoc) 1215 { 1216 u16 capab_info, listen_interval; 1217 u16 resp = WLAN_STATUS_SUCCESS; 1218 const u8 *pos; 1219 int left, i; 1220 struct sta_info *sta; 1221 1222 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1223 sizeof(mgmt->u.assoc_req))) { 1224 printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)" 1225 "\n", reassoc, (unsigned long) len); 1226 return; 1227 } 1228 1229 if (reassoc) { 1230 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 1231 listen_interval = le_to_host16( 1232 mgmt->u.reassoc_req.listen_interval); 1233 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 1234 " capab_info=0x%02x listen_interval=%d current_ap=" 1235 MACSTR, 1236 MAC2STR(mgmt->sa), capab_info, listen_interval, 1237 MAC2STR(mgmt->u.reassoc_req.current_ap)); 1238 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 1239 pos = mgmt->u.reassoc_req.variable; 1240 } else { 1241 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 1242 listen_interval = le_to_host16( 1243 mgmt->u.assoc_req.listen_interval); 1244 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 1245 " capab_info=0x%02x listen_interval=%d", 1246 MAC2STR(mgmt->sa), capab_info, listen_interval); 1247 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 1248 pos = mgmt->u.assoc_req.variable; 1249 } 1250 1251 sta = ap_get_sta(hapd, mgmt->sa); 1252 #ifdef CONFIG_IEEE80211R 1253 if (sta && sta->auth_alg == WLAN_AUTH_FT && 1254 (sta->flags & WLAN_STA_AUTH) == 0) { 1255 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 1256 "prior to authentication since it is using " 1257 "over-the-DS FT", MAC2STR(mgmt->sa)); 1258 } else 1259 #endif /* CONFIG_IEEE80211R */ 1260 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1261 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1262 HOSTAPD_LEVEL_INFO, "Station tried to " 1263 "associate before authentication " 1264 "(aid=%d flags=0x%x)", 1265 sta ? sta->aid : -1, 1266 sta ? sta->flags : 0); 1267 send_deauth(hapd, mgmt->sa, 1268 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 1269 return; 1270 } 1271 1272 if (hapd->tkip_countermeasures) { 1273 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1274 goto fail; 1275 } 1276 1277 if (listen_interval > hapd->conf->max_listen_interval) { 1278 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1279 HOSTAPD_LEVEL_DEBUG, 1280 "Too large Listen Interval (%d)", 1281 listen_interval); 1282 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 1283 goto fail; 1284 } 1285 1286 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 1287 * is used */ 1288 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 1289 if (resp != WLAN_STATUS_SUCCESS) 1290 goto fail; 1291 1292 if (hostapd_get_aid(hapd, sta) < 0) { 1293 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1294 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1295 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1296 goto fail; 1297 } 1298 1299 sta->capability = capab_info; 1300 sta->listen_interval = listen_interval; 1301 1302 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1303 sta->flags |= WLAN_STA_NONERP; 1304 for (i = 0; i < sta->supported_rates_len; i++) { 1305 if ((sta->supported_rates[i] & 0x7f) > 22) { 1306 sta->flags &= ~WLAN_STA_NONERP; 1307 break; 1308 } 1309 } 1310 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1311 sta->nonerp_set = 1; 1312 hapd->iface->num_sta_non_erp++; 1313 if (hapd->iface->num_sta_non_erp == 1) 1314 ieee802_11_set_beacons(hapd->iface); 1315 } 1316 1317 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1318 !sta->no_short_slot_time_set) { 1319 sta->no_short_slot_time_set = 1; 1320 hapd->iface->num_sta_no_short_slot_time++; 1321 if (hapd->iface->current_mode->mode == 1322 HOSTAPD_MODE_IEEE80211G && 1323 hapd->iface->num_sta_no_short_slot_time == 1) 1324 ieee802_11_set_beacons(hapd->iface); 1325 } 1326 1327 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1328 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1329 else 1330 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1331 1332 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1333 !sta->no_short_preamble_set) { 1334 sta->no_short_preamble_set = 1; 1335 hapd->iface->num_sta_no_short_preamble++; 1336 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1337 && hapd->iface->num_sta_no_short_preamble == 1) 1338 ieee802_11_set_beacons(hapd->iface); 1339 } 1340 1341 #ifdef CONFIG_IEEE80211N 1342 update_ht_state(hapd, sta); 1343 #endif /* CONFIG_IEEE80211N */ 1344 1345 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1346 HOSTAPD_LEVEL_DEBUG, 1347 "association OK (aid %d)", sta->aid); 1348 /* Station will be marked associated, after it acknowledges AssocResp 1349 */ 1350 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1351 1352 #ifdef CONFIG_IEEE80211W 1353 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1354 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1355 "SA Query procedure", reassoc ? "re" : ""); 1356 /* TODO: Send a protected Disassociate frame to the STA using 1357 * the old key and Reason Code "Previous Authentication no 1358 * longer valid". Make sure this is only sent protected since 1359 * unprotected frame would be received by the STA that is now 1360 * trying to associate. 1361 */ 1362 } 1363 #endif /* CONFIG_IEEE80211W */ 1364 1365 if (reassoc) { 1366 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, 1367 ETH_ALEN); 1368 } 1369 1370 if (sta->last_assoc_req) 1371 os_free(sta->last_assoc_req); 1372 sta->last_assoc_req = os_malloc(len); 1373 if (sta->last_assoc_req) 1374 os_memcpy(sta->last_assoc_req, mgmt, len); 1375 1376 /* Make sure that the previously registered inactivity timer will not 1377 * remove the STA immediately. */ 1378 sta->timeout_next = STA_NULLFUNC; 1379 1380 fail: 1381 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1382 } 1383 1384 1385 static void handle_disassoc(struct hostapd_data *hapd, 1386 const struct ieee80211_mgmt *mgmt, size_t len) 1387 { 1388 struct sta_info *sta; 1389 1390 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1391 printf("handle_disassoc - too short payload (len=%lu)\n", 1392 (unsigned long) len); 1393 return; 1394 } 1395 1396 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1397 MAC2STR(mgmt->sa), 1398 le_to_host16(mgmt->u.disassoc.reason_code)); 1399 1400 sta = ap_get_sta(hapd, mgmt->sa); 1401 if (sta == NULL) { 1402 printf("Station " MACSTR " trying to disassociate, but it " 1403 "is not associated.\n", MAC2STR(mgmt->sa)); 1404 return; 1405 } 1406 1407 ap_sta_set_authorized(hapd, sta, 0); 1408 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1409 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1410 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1411 HOSTAPD_LEVEL_INFO, "disassociated"); 1412 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1413 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1414 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1415 * authenticated. */ 1416 accounting_sta_stop(hapd, sta); 1417 ieee802_1x_free_station(sta); 1418 hostapd_drv_sta_remove(hapd, sta->addr); 1419 1420 if (sta->timeout_next == STA_NULLFUNC || 1421 sta->timeout_next == STA_DISASSOC) { 1422 sta->timeout_next = STA_DEAUTH; 1423 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1424 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1425 hapd, sta); 1426 } 1427 1428 mlme_disassociate_indication( 1429 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1430 } 1431 1432 1433 static void handle_deauth(struct hostapd_data *hapd, 1434 const struct ieee80211_mgmt *mgmt, size_t len) 1435 { 1436 struct sta_info *sta; 1437 1438 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1439 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1440 "payload (len=%lu)", (unsigned long) len); 1441 return; 1442 } 1443 1444 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1445 " reason_code=%d", 1446 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1447 1448 sta = ap_get_sta(hapd, mgmt->sa); 1449 if (sta == NULL) { 1450 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1451 "to deauthenticate, but it is not authenticated", 1452 MAC2STR(mgmt->sa)); 1453 return; 1454 } 1455 1456 ap_sta_set_authorized(hapd, sta, 0); 1457 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1458 WLAN_STA_ASSOC_REQ_OK); 1459 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1460 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1461 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1462 mlme_deauthenticate_indication( 1463 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1464 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1465 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1466 ap_free_sta(hapd, sta); 1467 } 1468 1469 1470 static void handle_beacon(struct hostapd_data *hapd, 1471 const struct ieee80211_mgmt *mgmt, size_t len, 1472 struct hostapd_frame_info *fi) 1473 { 1474 struct ieee802_11_elems elems; 1475 1476 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1477 printf("handle_beacon - too short payload (len=%lu)\n", 1478 (unsigned long) len); 1479 return; 1480 } 1481 1482 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1483 len - (IEEE80211_HDRLEN + 1484 sizeof(mgmt->u.beacon)), &elems, 1485 0); 1486 1487 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1488 } 1489 1490 1491 #ifdef CONFIG_IEEE80211W 1492 1493 static void hostapd_sa_query_action(struct hostapd_data *hapd, 1494 const struct ieee80211_mgmt *mgmt, 1495 size_t len) 1496 { 1497 const u8 *end; 1498 1499 end = mgmt->u.action.u.sa_query_resp.trans_id + 1500 WLAN_SA_QUERY_TR_ID_LEN; 1501 if (((u8 *) mgmt) + len < end) { 1502 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1503 "frame (len=%lu)", (unsigned long) len); 1504 return; 1505 } 1506 1507 ieee802_11_sa_query_action(hapd, mgmt->sa, 1508 mgmt->u.action.u.sa_query_resp.action, 1509 mgmt->u.action.u.sa_query_resp.trans_id); 1510 } 1511 1512 1513 static int robust_action_frame(u8 category) 1514 { 1515 return category != WLAN_ACTION_PUBLIC && 1516 category != WLAN_ACTION_HT; 1517 } 1518 #endif /* CONFIG_IEEE80211W */ 1519 1520 1521 #ifdef CONFIG_WNM 1522 static void hostapd_wnm_action(struct hostapd_data *hapd, struct sta_info *sta, 1523 const struct ieee80211_mgmt *mgmt, 1524 size_t len) 1525 { 1526 struct rx_action action; 1527 if (len < IEEE80211_HDRLEN + 2) 1528 return; 1529 os_memset(&action, 0, sizeof(action)); 1530 action.da = mgmt->da; 1531 action.sa = mgmt->sa; 1532 action.bssid = mgmt->bssid; 1533 action.category = mgmt->u.action.category; 1534 action.data = (const u8 *) &mgmt->u.action.u.wnm_sleep_req.action; 1535 action.len = len - IEEE80211_HDRLEN - 1; 1536 action.freq = hapd->iface->freq; 1537 ieee802_11_rx_wnm_action_ap(hapd, &action); 1538 } 1539 #endif /* CONFIG_WNM */ 1540 1541 1542 static void handle_action(struct hostapd_data *hapd, 1543 const struct ieee80211_mgmt *mgmt, size_t len) 1544 { 1545 struct sta_info *sta; 1546 sta = ap_get_sta(hapd, mgmt->sa); 1547 1548 if (len < IEEE80211_HDRLEN + 1) { 1549 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1550 HOSTAPD_LEVEL_DEBUG, 1551 "handle_action - too short payload (len=%lu)", 1552 (unsigned long) len); 1553 return; 1554 } 1555 1556 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 1557 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 1558 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 1559 "frame (category=%u) from unassociated STA " MACSTR, 1560 MAC2STR(mgmt->sa), mgmt->u.action.category); 1561 return; 1562 } 1563 1564 #ifdef CONFIG_IEEE80211W 1565 if (sta && (sta->flags & WLAN_STA_MFP) && 1566 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP) && 1567 robust_action_frame(mgmt->u.action.category))) { 1568 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1569 HOSTAPD_LEVEL_DEBUG, 1570 "Dropped unprotected Robust Action frame from " 1571 "an MFP STA"); 1572 return; 1573 } 1574 #endif /* CONFIG_IEEE80211W */ 1575 1576 switch (mgmt->u.action.category) { 1577 #ifdef CONFIG_IEEE80211R 1578 case WLAN_ACTION_FT: 1579 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1580 len - IEEE80211_HDRLEN)) 1581 break; 1582 return; 1583 #endif /* CONFIG_IEEE80211R */ 1584 case WLAN_ACTION_WMM: 1585 hostapd_wmm_action(hapd, mgmt, len); 1586 return; 1587 #ifdef CONFIG_IEEE80211W 1588 case WLAN_ACTION_SA_QUERY: 1589 hostapd_sa_query_action(hapd, mgmt, len); 1590 return; 1591 #endif /* CONFIG_IEEE80211W */ 1592 #ifdef CONFIG_WNM 1593 case WLAN_ACTION_WNM: 1594 hostapd_wnm_action(hapd, sta, mgmt, len); 1595 return; 1596 #endif /* CONFIG_WNM */ 1597 case WLAN_ACTION_PUBLIC: 1598 if (hapd->public_action_cb) { 1599 hapd->public_action_cb(hapd->public_action_cb_ctx, 1600 (u8 *) mgmt, len, 1601 hapd->iface->freq); 1602 } 1603 if (hapd->public_action_cb2) { 1604 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 1605 (u8 *) mgmt, len, 1606 hapd->iface->freq); 1607 } 1608 if (hapd->public_action_cb || hapd->public_action_cb2) 1609 return; 1610 break; 1611 case WLAN_ACTION_VENDOR_SPECIFIC: 1612 if (hapd->vendor_action_cb) { 1613 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1614 (u8 *) mgmt, len, 1615 hapd->iface->freq) == 0) 1616 return; 1617 } 1618 break; 1619 } 1620 1621 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1622 HOSTAPD_LEVEL_DEBUG, 1623 "handle_action - unknown action category %d or invalid " 1624 "frame", 1625 mgmt->u.action.category); 1626 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1627 !(mgmt->sa[0] & 0x01)) { 1628 struct ieee80211_mgmt *resp; 1629 1630 /* 1631 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1632 * Return the Action frame to the source without change 1633 * except that MSB of the Category set to 1. 1634 */ 1635 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1636 "frame back to sender"); 1637 resp = os_malloc(len); 1638 if (resp == NULL) 1639 return; 1640 os_memcpy(resp, mgmt, len); 1641 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1642 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1643 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1644 resp->u.action.category |= 0x80; 1645 1646 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 1647 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 1648 "Action frame"); 1649 } 1650 os_free(resp); 1651 } 1652 } 1653 1654 1655 /** 1656 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1657 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1658 * sent to) 1659 * @buf: management frame data (starting from IEEE 802.11 header) 1660 * @len: length of frame data in octets 1661 * @fi: meta data about received frame (signal level, etc.) 1662 * 1663 * Process all incoming IEEE 802.11 management frames. This will be called for 1664 * each frame received from the kernel driver through wlan#ap interface. In 1665 * addition, it can be called to re-inserted pending frames (e.g., when using 1666 * external RADIUS server as an MAC ACL). 1667 */ 1668 void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1669 struct hostapd_frame_info *fi) 1670 { 1671 struct ieee80211_mgmt *mgmt; 1672 int broadcast; 1673 u16 fc, stype; 1674 1675 if (len < 24) 1676 return; 1677 1678 mgmt = (struct ieee80211_mgmt *) buf; 1679 fc = le_to_host16(mgmt->frame_control); 1680 stype = WLAN_FC_GET_STYPE(fc); 1681 1682 if (stype == WLAN_FC_STYPE_BEACON) { 1683 handle_beacon(hapd, mgmt, len, fi); 1684 return; 1685 } 1686 1687 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1688 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1689 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1690 1691 if (!broadcast && 1692 #ifdef CONFIG_P2P 1693 /* Invitation responses can be sent with the peer MAC as BSSID */ 1694 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1695 stype == WLAN_FC_STYPE_ACTION) && 1696 #endif /* CONFIG_P2P */ 1697 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1698 printf("MGMT: BSSID=" MACSTR " not our address\n", 1699 MAC2STR(mgmt->bssid)); 1700 return; 1701 } 1702 1703 1704 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1705 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 1706 return; 1707 } 1708 1709 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1710 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1711 HOSTAPD_LEVEL_DEBUG, 1712 "MGMT: DA=" MACSTR " not our address", 1713 MAC2STR(mgmt->da)); 1714 return; 1715 } 1716 1717 switch (stype) { 1718 case WLAN_FC_STYPE_AUTH: 1719 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1720 handle_auth(hapd, mgmt, len); 1721 break; 1722 case WLAN_FC_STYPE_ASSOC_REQ: 1723 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1724 handle_assoc(hapd, mgmt, len, 0); 1725 break; 1726 case WLAN_FC_STYPE_REASSOC_REQ: 1727 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1728 handle_assoc(hapd, mgmt, len, 1); 1729 break; 1730 case WLAN_FC_STYPE_DISASSOC: 1731 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1732 handle_disassoc(hapd, mgmt, len); 1733 break; 1734 case WLAN_FC_STYPE_DEAUTH: 1735 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1736 handle_deauth(hapd, mgmt, len); 1737 break; 1738 case WLAN_FC_STYPE_ACTION: 1739 wpa_printf(MSG_DEBUG, "mgmt::action"); 1740 handle_action(hapd, mgmt, len); 1741 break; 1742 default: 1743 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1744 HOSTAPD_LEVEL_DEBUG, 1745 "unknown mgmt frame subtype %d", stype); 1746 break; 1747 } 1748 } 1749 1750 1751 static void handle_auth_cb(struct hostapd_data *hapd, 1752 const struct ieee80211_mgmt *mgmt, 1753 size_t len, int ok) 1754 { 1755 u16 auth_alg, auth_transaction, status_code; 1756 struct sta_info *sta; 1757 1758 if (!ok) { 1759 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1760 HOSTAPD_LEVEL_NOTICE, 1761 "did not acknowledge authentication response"); 1762 return; 1763 } 1764 1765 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1766 printf("handle_auth_cb - too short payload (len=%lu)\n", 1767 (unsigned long) len); 1768 return; 1769 } 1770 1771 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1772 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1773 status_code = le_to_host16(mgmt->u.auth.status_code); 1774 1775 sta = ap_get_sta(hapd, mgmt->da); 1776 if (!sta) { 1777 printf("handle_auth_cb: STA " MACSTR " not found\n", 1778 MAC2STR(mgmt->da)); 1779 return; 1780 } 1781 1782 if (status_code == WLAN_STATUS_SUCCESS && 1783 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1784 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1785 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1786 HOSTAPD_LEVEL_INFO, "authenticated"); 1787 sta->flags |= WLAN_STA_AUTH; 1788 } 1789 } 1790 1791 1792 static void handle_assoc_cb(struct hostapd_data *hapd, 1793 const struct ieee80211_mgmt *mgmt, 1794 size_t len, int reassoc, int ok) 1795 { 1796 u16 status; 1797 struct sta_info *sta; 1798 int new_assoc = 1; 1799 struct ieee80211_ht_capabilities ht_cap; 1800 struct ieee80211_vht_capabilities vht_cap; 1801 1802 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1803 sizeof(mgmt->u.assoc_resp))) { 1804 printf("handle_assoc_cb(reassoc=%d) - too short payload " 1805 "(len=%lu)\n", reassoc, (unsigned long) len); 1806 return; 1807 } 1808 1809 sta = ap_get_sta(hapd, mgmt->da); 1810 if (!sta) { 1811 printf("handle_assoc_cb: STA " MACSTR " not found\n", 1812 MAC2STR(mgmt->da)); 1813 return; 1814 } 1815 1816 if (!ok) { 1817 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1818 HOSTAPD_LEVEL_DEBUG, 1819 "did not acknowledge association response"); 1820 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 1821 return; 1822 } 1823 1824 if (reassoc) 1825 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1826 else 1827 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1828 1829 if (status != WLAN_STATUS_SUCCESS) 1830 goto fail; 1831 1832 /* Stop previous accounting session, if one is started, and allocate 1833 * new session id for the new session. */ 1834 accounting_sta_stop(hapd, sta); 1835 1836 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1837 HOSTAPD_LEVEL_INFO, 1838 "associated (aid %d)", 1839 sta->aid); 1840 1841 if (sta->flags & WLAN_STA_ASSOC) 1842 new_assoc = 0; 1843 sta->flags |= WLAN_STA_ASSOC; 1844 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa) || 1845 sta->auth_alg == WLAN_AUTH_FT) { 1846 /* 1847 * Open, static WEP, or FT protocol; no separate authorization 1848 * step. 1849 */ 1850 ap_sta_set_authorized(hapd, sta, 1); 1851 } 1852 1853 if (reassoc) 1854 mlme_reassociate_indication(hapd, sta); 1855 else 1856 mlme_associate_indication(hapd, sta); 1857 1858 #ifdef CONFIG_IEEE80211W 1859 sta->sa_query_timed_out = 0; 1860 #endif /* CONFIG_IEEE80211W */ 1861 1862 /* 1863 * Remove the STA entry in order to make sure the STA PS state gets 1864 * cleared and configuration gets updated in case of reassociation back 1865 * to the same AP. 1866 */ 1867 hostapd_drv_sta_remove(hapd, sta->addr); 1868 1869 #ifdef CONFIG_IEEE80211N 1870 if (sta->flags & WLAN_STA_HT) 1871 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1872 #endif /* CONFIG_IEEE80211N */ 1873 #ifdef CONFIG_IEEE80211AC 1874 if (sta->flags & WLAN_STA_VHT) 1875 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1876 #endif /* CONFIG_IEEE80211AC */ 1877 1878 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1879 sta->supported_rates, sta->supported_rates_len, 1880 sta->listen_interval, 1881 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1882 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1883 sta->flags, sta->qosinfo)) { 1884 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1885 HOSTAPD_LEVEL_NOTICE, 1886 "Could not add STA to kernel driver"); 1887 1888 ap_sta_disconnect(hapd, sta, sta->addr, 1889 WLAN_REASON_DISASSOC_AP_BUSY); 1890 1891 goto fail; 1892 } 1893 1894 if (sta->flags & WLAN_STA_WDS) 1895 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 1896 1897 if (sta->eapol_sm == NULL) { 1898 /* 1899 * This STA does not use RADIUS server for EAP authentication, 1900 * so bind it to the selected VLAN interface now, since the 1901 * interface selection is not going to change anymore. 1902 */ 1903 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1904 goto fail; 1905 } else if (sta->vlan_id) { 1906 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 1907 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1908 goto fail; 1909 } 1910 1911 hostapd_set_sta_flags(hapd, sta); 1912 1913 if (sta->auth_alg == WLAN_AUTH_FT) 1914 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 1915 else 1916 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 1917 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 1918 1919 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 1920 1921 fail: 1922 /* Copy of the association request is not needed anymore */ 1923 if (sta->last_assoc_req) { 1924 os_free(sta->last_assoc_req); 1925 sta->last_assoc_req = NULL; 1926 } 1927 } 1928 1929 1930 static void handle_deauth_cb(struct hostapd_data *hapd, 1931 const struct ieee80211_mgmt *mgmt, 1932 size_t len, int ok) 1933 { 1934 struct sta_info *sta; 1935 if (mgmt->da[0] & 0x01) 1936 return; 1937 sta = ap_get_sta(hapd, mgmt->da); 1938 if (!sta) { 1939 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 1940 " not found", MAC2STR(mgmt->da)); 1941 return; 1942 } 1943 if (ok) 1944 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 1945 MAC2STR(sta->addr)); 1946 else 1947 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1948 "deauth", MAC2STR(sta->addr)); 1949 1950 ap_sta_deauth_cb(hapd, sta); 1951 } 1952 1953 1954 static void handle_disassoc_cb(struct hostapd_data *hapd, 1955 const struct ieee80211_mgmt *mgmt, 1956 size_t len, int ok) 1957 { 1958 struct sta_info *sta; 1959 if (mgmt->da[0] & 0x01) 1960 return; 1961 sta = ap_get_sta(hapd, mgmt->da); 1962 if (!sta) { 1963 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 1964 " not found", MAC2STR(mgmt->da)); 1965 return; 1966 } 1967 if (ok) 1968 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 1969 MAC2STR(sta->addr)); 1970 else 1971 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1972 "disassoc", MAC2STR(sta->addr)); 1973 1974 ap_sta_disassoc_cb(hapd, sta); 1975 } 1976 1977 1978 /** 1979 * ieee802_11_mgmt_cb - Process management frame TX status callback 1980 * @hapd: hostapd BSS data structure (the BSS from which the management frame 1981 * was sent from) 1982 * @buf: management frame data (starting from IEEE 802.11 header) 1983 * @len: length of frame data in octets 1984 * @stype: management frame subtype from frame control field 1985 * @ok: Whether the frame was ACK'ed 1986 */ 1987 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 1988 u16 stype, int ok) 1989 { 1990 const struct ieee80211_mgmt *mgmt; 1991 mgmt = (const struct ieee80211_mgmt *) buf; 1992 1993 switch (stype) { 1994 case WLAN_FC_STYPE_AUTH: 1995 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 1996 handle_auth_cb(hapd, mgmt, len, ok); 1997 break; 1998 case WLAN_FC_STYPE_ASSOC_RESP: 1999 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 2000 handle_assoc_cb(hapd, mgmt, len, 0, ok); 2001 break; 2002 case WLAN_FC_STYPE_REASSOC_RESP: 2003 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 2004 handle_assoc_cb(hapd, mgmt, len, 1, ok); 2005 break; 2006 case WLAN_FC_STYPE_PROBE_RESP: 2007 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 2008 break; 2009 case WLAN_FC_STYPE_DEAUTH: 2010 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 2011 handle_deauth_cb(hapd, mgmt, len, ok); 2012 break; 2013 case WLAN_FC_STYPE_DISASSOC: 2014 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 2015 handle_disassoc_cb(hapd, mgmt, len, ok); 2016 break; 2017 case WLAN_FC_STYPE_ACTION: 2018 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 2019 break; 2020 default: 2021 printf("unknown mgmt cb frame subtype %d\n", stype); 2022 break; 2023 } 2024 } 2025 2026 2027 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2028 { 2029 /* TODO */ 2030 return 0; 2031 } 2032 2033 2034 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 2035 char *buf, size_t buflen) 2036 { 2037 /* TODO */ 2038 return 0; 2039 } 2040 2041 2042 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 2043 const u8 *buf, size_t len, int ack) 2044 { 2045 struct sta_info *sta; 2046 struct hostapd_iface *iface = hapd->iface; 2047 2048 sta = ap_get_sta(hapd, addr); 2049 if (sta == NULL && iface->num_bss > 1) { 2050 size_t j; 2051 for (j = 0; j < iface->num_bss; j++) { 2052 hapd = iface->bss[j]; 2053 sta = ap_get_sta(hapd, addr); 2054 if (sta) 2055 break; 2056 } 2057 } 2058 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 2059 return; 2060 if (sta->flags & WLAN_STA_PENDING_POLL) { 2061 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 2062 "activity poll", MAC2STR(sta->addr), 2063 ack ? "ACKed" : "did not ACK"); 2064 if (ack) 2065 sta->flags &= ~WLAN_STA_PENDING_POLL; 2066 } 2067 2068 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 2069 } 2070 2071 2072 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 2073 const u8 *data, size_t len, int ack) 2074 { 2075 struct sta_info *sta; 2076 struct hostapd_iface *iface = hapd->iface; 2077 2078 sta = ap_get_sta(hapd, dst); 2079 if (sta == NULL && iface->num_bss > 1) { 2080 size_t j; 2081 for (j = 0; j < iface->num_bss; j++) { 2082 hapd = iface->bss[j]; 2083 sta = ap_get_sta(hapd, dst); 2084 if (sta) 2085 break; 2086 } 2087 } 2088 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 2089 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 2090 MACSTR " that is not currently associated", 2091 MAC2STR(dst)); 2092 return; 2093 } 2094 2095 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 2096 } 2097 2098 2099 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 2100 { 2101 struct sta_info *sta; 2102 struct hostapd_iface *iface = hapd->iface; 2103 2104 sta = ap_get_sta(hapd, addr); 2105 if (sta == NULL && iface->num_bss > 1) { 2106 size_t j; 2107 for (j = 0; j < iface->num_bss; j++) { 2108 hapd = iface->bss[j]; 2109 sta = ap_get_sta(hapd, addr); 2110 if (sta) 2111 break; 2112 } 2113 } 2114 if (sta == NULL) 2115 return; 2116 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 2117 return; 2118 2119 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 2120 "activity poll", MAC2STR(sta->addr)); 2121 sta->flags &= ~WLAN_STA_PENDING_POLL; 2122 } 2123 2124 2125 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 2126 int wds) 2127 { 2128 struct sta_info *sta; 2129 2130 sta = ap_get_sta(hapd, src); 2131 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 2132 if (!hapd->conf->wds_sta) 2133 return; 2134 2135 if (wds && !(sta->flags & WLAN_STA_WDS)) { 2136 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 2137 "STA " MACSTR " (aid %u)", 2138 MAC2STR(sta->addr), sta->aid); 2139 sta->flags |= WLAN_STA_WDS; 2140 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 2141 } 2142 return; 2143 } 2144 2145 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 2146 MACSTR, MAC2STR(src)); 2147 if (src[0] & 0x01) { 2148 /* Broadcast bit set in SA?! Ignore the frame silently. */ 2149 return; 2150 } 2151 2152 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 2153 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 2154 "already been sent, but no TX status yet known - " 2155 "ignore Class 3 frame issue with " MACSTR, 2156 MAC2STR(src)); 2157 return; 2158 } 2159 2160 if (sta && (sta->flags & WLAN_STA_AUTH)) 2161 hostapd_drv_sta_disassoc( 2162 hapd, src, 2163 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2164 else 2165 hostapd_drv_sta_deauth( 2166 hapd, src, 2167 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2168 } 2169 2170 2171 #endif /* CONFIG_NATIVE_WINDOWS */ 2172
