1 /* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2013, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #ifndef CONFIG_NATIVE_WINDOWS 12 13 #include "utils/common.h" 14 #include "utils/eloop.h" 15 #include "crypto/crypto.h" 16 #include "crypto/sha256.h" 17 #include "crypto/random.h" 18 #include "common/ieee802_11_defs.h" 19 #include "common/ieee802_11_common.h" 20 #include "common/wpa_ctrl.h" 21 #include "common/sae.h" 22 #include "radius/radius.h" 23 #include "radius/radius_client.h" 24 #include "p2p/p2p.h" 25 #include "wps/wps.h" 26 #include "hostapd.h" 27 #include "beacon.h" 28 #include "ieee802_11_auth.h" 29 #include "sta_info.h" 30 #include "ieee802_1x.h" 31 #include "wpa_auth.h" 32 #include "wmm.h" 33 #include "ap_list.h" 34 #include "accounting.h" 35 #include "ap_config.h" 36 #include "ap_mlme.h" 37 #include "p2p_hostapd.h" 38 #include "ap_drv_ops.h" 39 #include "wnm_ap.h" 40 #include "ieee802_11.h" 41 #include "dfs.h" 42 43 44 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 45 { 46 u8 *pos = eid; 47 int i, num, count; 48 49 if (hapd->iface->current_rates == NULL) 50 return eid; 51 52 *pos++ = WLAN_EID_SUPP_RATES; 53 num = hapd->iface->num_rates; 54 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 55 num++; 56 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 57 num++; 58 if (num > 8) { 59 /* rest of the rates are encoded in Extended supported 60 * rates element */ 61 num = 8; 62 } 63 64 *pos++ = num; 65 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 66 i++) { 67 count++; 68 *pos = hapd->iface->current_rates[i].rate / 5; 69 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 70 *pos |= 0x80; 71 pos++; 72 } 73 74 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 75 count++; 76 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 77 } 78 79 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 80 count++; 81 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 82 } 83 84 return pos; 85 } 86 87 88 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 89 { 90 u8 *pos = eid; 91 int i, num, count; 92 93 if (hapd->iface->current_rates == NULL) 94 return eid; 95 96 num = hapd->iface->num_rates; 97 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 98 num++; 99 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 100 num++; 101 if (num <= 8) 102 return eid; 103 num -= 8; 104 105 *pos++ = WLAN_EID_EXT_SUPP_RATES; 106 *pos++ = num; 107 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 108 i++) { 109 count++; 110 if (count <= 8) 111 continue; /* already in SuppRates IE */ 112 *pos = hapd->iface->current_rates[i].rate / 5; 113 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 114 *pos |= 0x80; 115 pos++; 116 } 117 118 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 119 count++; 120 if (count > 8) 121 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 122 } 123 124 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 125 count++; 126 if (count > 8) 127 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 128 } 129 130 return pos; 131 } 132 133 134 u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 135 int probe) 136 { 137 int capab = WLAN_CAPABILITY_ESS; 138 int privacy; 139 int dfs; 140 141 /* Check if any of configured channels require DFS */ 142 dfs = hostapd_is_dfs_required(hapd->iface); 143 if (dfs < 0) { 144 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 145 dfs); 146 dfs = 0; 147 } 148 149 if (hapd->iface->num_sta_no_short_preamble == 0 && 150 hapd->iconf->preamble == SHORT_PREAMBLE) 151 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 152 153 privacy = hapd->conf->ssid.wep.keys_set; 154 155 if (hapd->conf->ieee802_1x && 156 (hapd->conf->default_wep_key_len || 157 hapd->conf->individual_wep_key_len)) 158 privacy = 1; 159 160 if (hapd->conf->wpa) 161 privacy = 1; 162 163 #ifdef CONFIG_HS20 164 if (hapd->conf->osen) 165 privacy = 1; 166 #endif /* CONFIG_HS20 */ 167 168 if (sta) { 169 int policy, def_klen; 170 if (probe && sta->ssid_probe) { 171 policy = sta->ssid_probe->security_policy; 172 def_klen = sta->ssid_probe->wep.default_len; 173 } else { 174 policy = sta->ssid->security_policy; 175 def_klen = sta->ssid->wep.default_len; 176 } 177 privacy = policy != SECURITY_PLAINTEXT; 178 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 179 privacy = 0; 180 } 181 182 if (privacy) 183 capab |= WLAN_CAPABILITY_PRIVACY; 184 185 if (hapd->iface->current_mode && 186 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 187 hapd->iface->num_sta_no_short_slot_time == 0) 188 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 189 190 /* 191 * Currently, Spectrum Management capability bit is set when directly 192 * requested in configuration by spectrum_mgmt_required or when AP is 193 * running on DFS channel. 194 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit 195 */ 196 if (hapd->iface->current_mode && 197 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A && 198 (hapd->iconf->spectrum_mgmt_required || dfs)) 199 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 200 201 return capab; 202 } 203 204 205 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 206 u16 auth_transaction, const u8 *challenge, 207 int iswep) 208 { 209 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 210 HOSTAPD_LEVEL_DEBUG, 211 "authentication (shared key, transaction %d)", 212 auth_transaction); 213 214 if (auth_transaction == 1) { 215 if (!sta->challenge) { 216 /* Generate a pseudo-random challenge */ 217 u8 key[8]; 218 struct os_time now; 219 int r; 220 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 221 if (sta->challenge == NULL) 222 return WLAN_STATUS_UNSPECIFIED_FAILURE; 223 224 os_get_time(&now); 225 r = os_random(); 226 os_memcpy(key, &now.sec, 4); 227 os_memcpy(key + 4, &r, 4); 228 rc4_skip(key, sizeof(key), 0, 229 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 230 } 231 return 0; 232 } 233 234 if (auth_transaction != 3) 235 return WLAN_STATUS_UNSPECIFIED_FAILURE; 236 237 /* Transaction 3 */ 238 if (!iswep || !sta->challenge || !challenge || 239 os_memcmp_const(sta->challenge, challenge, 240 WLAN_AUTH_CHALLENGE_LEN)) { 241 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 242 HOSTAPD_LEVEL_INFO, 243 "shared key authentication - invalid " 244 "challenge-response"); 245 return WLAN_STATUS_CHALLENGE_FAIL; 246 } 247 248 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 249 HOSTAPD_LEVEL_DEBUG, 250 "authentication OK (shared key)"); 251 sta->flags |= WLAN_STA_AUTH; 252 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 253 os_free(sta->challenge); 254 sta->challenge = NULL; 255 256 return 0; 257 } 258 259 260 static void send_auth_reply(struct hostapd_data *hapd, 261 const u8 *dst, const u8 *bssid, 262 u16 auth_alg, u16 auth_transaction, u16 resp, 263 const u8 *ies, size_t ies_len) 264 { 265 struct ieee80211_mgmt *reply; 266 u8 *buf; 267 size_t rlen; 268 269 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 270 buf = os_zalloc(rlen); 271 if (buf == NULL) 272 return; 273 274 reply = (struct ieee80211_mgmt *) buf; 275 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 276 WLAN_FC_STYPE_AUTH); 277 os_memcpy(reply->da, dst, ETH_ALEN); 278 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 279 os_memcpy(reply->bssid, bssid, ETH_ALEN); 280 281 reply->u.auth.auth_alg = host_to_le16(auth_alg); 282 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 283 reply->u.auth.status_code = host_to_le16(resp); 284 285 if (ies && ies_len) 286 os_memcpy(reply->u.auth.variable, ies, ies_len); 287 288 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 289 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 290 MAC2STR(dst), auth_alg, auth_transaction, 291 resp, (unsigned long) ies_len); 292 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 293 wpa_printf(MSG_INFO, "send_auth_reply: send"); 294 295 os_free(buf); 296 } 297 298 299 #ifdef CONFIG_IEEE80211R 300 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 301 u16 auth_transaction, u16 status, 302 const u8 *ies, size_t ies_len) 303 { 304 struct hostapd_data *hapd = ctx; 305 struct sta_info *sta; 306 307 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 308 status, ies, ies_len); 309 310 if (status != WLAN_STATUS_SUCCESS) 311 return; 312 313 sta = ap_get_sta(hapd, dst); 314 if (sta == NULL) 315 return; 316 317 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 318 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 319 sta->flags |= WLAN_STA_AUTH; 320 mlme_authenticate_indication(hapd, sta); 321 } 322 #endif /* CONFIG_IEEE80211R */ 323 324 325 #ifdef CONFIG_SAE 326 327 static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd, 328 struct sta_info *sta) 329 { 330 struct wpabuf *buf; 331 332 if (hapd->conf->ssid.wpa_passphrase == NULL) { 333 wpa_printf(MSG_DEBUG, "SAE: No password available"); 334 return NULL; 335 } 336 337 if (sae_prepare_commit(hapd->own_addr, sta->addr, 338 (u8 *) hapd->conf->ssid.wpa_passphrase, 339 os_strlen(hapd->conf->ssid.wpa_passphrase), 340 sta->sae) < 0) { 341 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 342 return NULL; 343 } 344 345 if (sae_process_commit(sta->sae) < 0) { 346 wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); 347 return NULL; 348 } 349 350 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 351 if (buf == NULL) 352 return NULL; 353 sae_write_commit(sta->sae, buf, NULL); 354 355 return buf; 356 } 357 358 359 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 360 struct sta_info *sta) 361 { 362 struct wpabuf *buf; 363 364 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 365 if (buf == NULL) 366 return NULL; 367 368 sae_write_confirm(sta->sae, buf); 369 370 return buf; 371 } 372 373 374 static int use_sae_anti_clogging(struct hostapd_data *hapd) 375 { 376 struct sta_info *sta; 377 unsigned int open = 0; 378 379 if (hapd->conf->sae_anti_clogging_threshold == 0) 380 return 1; 381 382 for (sta = hapd->sta_list; sta; sta = sta->next) { 383 if (!sta->sae) 384 continue; 385 if (sta->sae->state != SAE_COMMITTED && 386 sta->sae->state != SAE_CONFIRMED) 387 continue; 388 open++; 389 if (open >= hapd->conf->sae_anti_clogging_threshold) 390 return 1; 391 } 392 393 return 0; 394 } 395 396 397 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 398 const u8 *token, size_t token_len) 399 { 400 u8 mac[SHA256_MAC_LEN]; 401 402 if (token_len != SHA256_MAC_LEN) 403 return -1; 404 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 405 addr, ETH_ALEN, mac) < 0 || 406 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0) 407 return -1; 408 409 return 0; 410 } 411 412 413 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 414 const u8 *addr) 415 { 416 struct wpabuf *buf; 417 u8 *token; 418 struct os_reltime now; 419 420 os_get_reltime(&now); 421 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) || 422 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) { 423 if (random_get_bytes(hapd->sae_token_key, 424 sizeof(hapd->sae_token_key)) < 0) 425 return NULL; 426 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 427 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 428 hapd->last_sae_token_key_update = now; 429 } 430 431 buf = wpabuf_alloc(SHA256_MAC_LEN); 432 if (buf == NULL) 433 return NULL; 434 435 token = wpabuf_put(buf, SHA256_MAC_LEN); 436 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 437 addr, ETH_ALEN, token); 438 439 return buf; 440 } 441 442 443 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 444 const struct ieee80211_mgmt *mgmt, size_t len, 445 u8 auth_transaction) 446 { 447 u16 resp = WLAN_STATUS_SUCCESS; 448 struct wpabuf *data = NULL; 449 450 if (!sta->sae) { 451 if (auth_transaction != 1) 452 return; 453 sta->sae = os_zalloc(sizeof(*sta->sae)); 454 if (sta->sae == NULL) 455 return; 456 sta->sae->state = SAE_NOTHING; 457 } 458 459 if (auth_transaction == 1) { 460 const u8 *token = NULL; 461 size_t token_len = 0; 462 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 463 HOSTAPD_LEVEL_DEBUG, 464 "start SAE authentication (RX commit)"); 465 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 466 ((const u8 *) mgmt) + len - 467 mgmt->u.auth.variable, &token, 468 &token_len, hapd->conf->sae_groups); 469 if (token && check_sae_token(hapd, sta->addr, token, token_len) 470 < 0) { 471 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 472 "incorrect token from " MACSTR, 473 MAC2STR(sta->addr)); 474 return; 475 } 476 477 if (resp == WLAN_STATUS_SUCCESS) { 478 if (!token && use_sae_anti_clogging(hapd)) { 479 wpa_printf(MSG_DEBUG, "SAE: Request anti-" 480 "clogging token from " MACSTR, 481 MAC2STR(sta->addr)); 482 data = auth_build_token_req(hapd, sta->addr); 483 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 484 } else { 485 data = auth_process_sae_commit(hapd, sta); 486 if (data == NULL) 487 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 488 else 489 sta->sae->state = SAE_COMMITTED; 490 } 491 } 492 } else if (auth_transaction == 2) { 493 if (sta->sae->state != SAE_COMMITTED) { 494 hostapd_logger(hapd, sta->addr, 495 HOSTAPD_MODULE_IEEE80211, 496 HOSTAPD_LEVEL_DEBUG, 497 "SAE confirm before commit"); 498 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 499 goto failed; 500 } 501 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 502 HOSTAPD_LEVEL_DEBUG, 503 "SAE authentication (RX confirm)"); 504 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 505 ((u8 *) mgmt) + len - 506 mgmt->u.auth.variable) < 0) { 507 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 508 } else { 509 resp = WLAN_STATUS_SUCCESS; 510 sta->flags |= WLAN_STA_AUTH; 511 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 512 sta->auth_alg = WLAN_AUTH_SAE; 513 mlme_authenticate_indication(hapd, sta); 514 515 data = auth_build_sae_confirm(hapd, sta); 516 if (data == NULL) 517 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 518 else { 519 sta->sae->state = SAE_ACCEPTED; 520 sae_clear_temp_data(sta->sae); 521 } 522 } 523 } else { 524 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 525 HOSTAPD_LEVEL_DEBUG, 526 "unexpected SAE authentication transaction %u", 527 auth_transaction); 528 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 529 } 530 531 failed: 532 sta->auth_alg = WLAN_AUTH_SAE; 533 534 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 535 auth_transaction, resp, 536 data ? wpabuf_head(data) : (u8 *) "", 537 data ? wpabuf_len(data) : 0); 538 wpabuf_free(data); 539 } 540 #endif /* CONFIG_SAE */ 541 542 543 static void handle_auth(struct hostapd_data *hapd, 544 const struct ieee80211_mgmt *mgmt, size_t len) 545 { 546 u16 auth_alg, auth_transaction, status_code; 547 u16 resp = WLAN_STATUS_SUCCESS; 548 struct sta_info *sta = NULL; 549 int res; 550 u16 fc; 551 const u8 *challenge = NULL; 552 u32 session_timeout, acct_interim_interval; 553 int vlan_id = 0; 554 struct hostapd_sta_wpa_psk_short *psk = NULL; 555 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 556 size_t resp_ies_len = 0; 557 char *identity = NULL; 558 char *radius_cui = NULL; 559 560 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 561 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", 562 (unsigned long) len); 563 return; 564 } 565 566 #ifdef CONFIG_TESTING_OPTIONS 567 if (hapd->iconf->ignore_auth_probability > 0.0 && 568 drand48() < hapd->iconf->ignore_auth_probability) { 569 wpa_printf(MSG_INFO, 570 "TESTING: ignoring auth frame from " MACSTR, 571 MAC2STR(mgmt->sa)); 572 return; 573 } 574 #endif /* CONFIG_TESTING_OPTIONS */ 575 576 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 577 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 578 status_code = le_to_host16(mgmt->u.auth.status_code); 579 fc = le_to_host16(mgmt->frame_control); 580 581 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 582 2 + WLAN_AUTH_CHALLENGE_LEN && 583 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 584 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 585 challenge = &mgmt->u.auth.variable[2]; 586 587 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 588 "auth_transaction=%d status_code=%d wep=%d%s", 589 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 590 status_code, !!(fc & WLAN_FC_ISWEP), 591 challenge ? " challenge" : ""); 592 593 if (hapd->tkip_countermeasures) { 594 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 595 goto fail; 596 } 597 598 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 599 auth_alg == WLAN_AUTH_OPEN) || 600 #ifdef CONFIG_IEEE80211R 601 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 602 auth_alg == WLAN_AUTH_FT) || 603 #endif /* CONFIG_IEEE80211R */ 604 #ifdef CONFIG_SAE 605 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 606 auth_alg == WLAN_AUTH_SAE) || 607 #endif /* CONFIG_SAE */ 608 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 609 auth_alg == WLAN_AUTH_SHARED_KEY))) { 610 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)", 611 auth_alg); 612 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 613 goto fail; 614 } 615 616 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 617 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 618 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)", 619 auth_transaction); 620 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 621 goto fail; 622 } 623 624 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 625 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 626 MAC2STR(mgmt->sa)); 627 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 628 goto fail; 629 } 630 631 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 632 &session_timeout, 633 &acct_interim_interval, &vlan_id, 634 &psk, &identity, &radius_cui); 635 636 if (res == HOSTAPD_ACL_REJECT) { 637 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 638 MAC2STR(mgmt->sa)); 639 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 640 goto fail; 641 } 642 if (res == HOSTAPD_ACL_PENDING) { 643 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 644 " waiting for an external authentication", 645 MAC2STR(mgmt->sa)); 646 /* Authentication code will re-send the authentication frame 647 * after it has received (and cached) information from the 648 * external source. */ 649 return; 650 } 651 652 sta = ap_sta_add(hapd, mgmt->sa); 653 if (!sta) { 654 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 655 goto fail; 656 } 657 658 if (vlan_id > 0) { 659 if (!hostapd_vlan_id_valid(hapd->conf->vlan, vlan_id)) { 660 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 661 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 662 "%d received from RADIUS server", 663 vlan_id); 664 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 665 goto fail; 666 } 667 sta->vlan_id = vlan_id; 668 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 669 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 670 } 671 672 hostapd_free_psk_list(sta->psk); 673 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 674 sta->psk = psk; 675 psk = NULL; 676 } else { 677 sta->psk = NULL; 678 } 679 680 sta->identity = identity; 681 identity = NULL; 682 sta->radius_cui = radius_cui; 683 radius_cui = NULL; 684 685 sta->flags &= ~WLAN_STA_PREAUTH; 686 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 687 688 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 689 sta->acct_interim_interval = acct_interim_interval; 690 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 691 ap_sta_session_timeout(hapd, sta, session_timeout); 692 else 693 ap_sta_no_session_timeout(hapd, sta); 694 695 switch (auth_alg) { 696 case WLAN_AUTH_OPEN: 697 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 698 HOSTAPD_LEVEL_DEBUG, 699 "authentication OK (open system)"); 700 sta->flags |= WLAN_STA_AUTH; 701 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 702 sta->auth_alg = WLAN_AUTH_OPEN; 703 mlme_authenticate_indication(hapd, sta); 704 break; 705 case WLAN_AUTH_SHARED_KEY: 706 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 707 fc & WLAN_FC_ISWEP); 708 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 709 mlme_authenticate_indication(hapd, sta); 710 if (sta->challenge && auth_transaction == 1) { 711 resp_ies[0] = WLAN_EID_CHALLENGE; 712 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 713 os_memcpy(resp_ies + 2, sta->challenge, 714 WLAN_AUTH_CHALLENGE_LEN); 715 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 716 } 717 break; 718 #ifdef CONFIG_IEEE80211R 719 case WLAN_AUTH_FT: 720 sta->auth_alg = WLAN_AUTH_FT; 721 if (sta->wpa_sm == NULL) 722 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 723 sta->addr, NULL); 724 if (sta->wpa_sm == NULL) { 725 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 726 "state machine"); 727 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 728 goto fail; 729 } 730 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 731 auth_transaction, mgmt->u.auth.variable, 732 len - IEEE80211_HDRLEN - 733 sizeof(mgmt->u.auth), 734 handle_auth_ft_finish, hapd); 735 /* handle_auth_ft_finish() callback will complete auth. */ 736 return; 737 #endif /* CONFIG_IEEE80211R */ 738 #ifdef CONFIG_SAE 739 case WLAN_AUTH_SAE: 740 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction); 741 return; 742 #endif /* CONFIG_SAE */ 743 } 744 745 fail: 746 os_free(identity); 747 os_free(radius_cui); 748 hostapd_free_psk_list(psk); 749 750 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 751 auth_transaction + 1, resp, resp_ies, resp_ies_len); 752 } 753 754 755 static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 756 { 757 int i, j = 32, aid; 758 759 /* get a unique AID */ 760 if (sta->aid > 0) { 761 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 762 return 0; 763 } 764 765 for (i = 0; i < AID_WORDS; i++) { 766 if (hapd->sta_aid[i] == (u32) -1) 767 continue; 768 for (j = 0; j < 32; j++) { 769 if (!(hapd->sta_aid[i] & BIT(j))) 770 break; 771 } 772 if (j < 32) 773 break; 774 } 775 if (j == 32) 776 return -1; 777 aid = i * 32 + j + 1; 778 if (aid > 2007) 779 return -1; 780 781 sta->aid = aid; 782 hapd->sta_aid[i] |= BIT(j); 783 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 784 return 0; 785 } 786 787 788 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 789 const u8 *ssid_ie, size_t ssid_ie_len) 790 { 791 if (ssid_ie == NULL) 792 return WLAN_STATUS_UNSPECIFIED_FAILURE; 793 794 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 795 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 796 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 797 HOSTAPD_LEVEL_INFO, 798 "Station tried to associate with unknown SSID " 799 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len)); 800 return WLAN_STATUS_UNSPECIFIED_FAILURE; 801 } 802 803 return WLAN_STATUS_SUCCESS; 804 } 805 806 807 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 808 const u8 *wmm_ie, size_t wmm_ie_len) 809 { 810 sta->flags &= ~WLAN_STA_WMM; 811 sta->qosinfo = 0; 812 if (wmm_ie && hapd->conf->wmm_enabled) { 813 struct wmm_information_element *wmm; 814 815 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 816 hostapd_logger(hapd, sta->addr, 817 HOSTAPD_MODULE_WPA, 818 HOSTAPD_LEVEL_DEBUG, 819 "invalid WMM element in association " 820 "request"); 821 return WLAN_STATUS_UNSPECIFIED_FAILURE; 822 } 823 824 sta->flags |= WLAN_STA_WMM; 825 wmm = (struct wmm_information_element *) wmm_ie; 826 sta->qosinfo = wmm->qos_info; 827 } 828 return WLAN_STATUS_SUCCESS; 829 } 830 831 832 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 833 struct ieee802_11_elems *elems) 834 { 835 if (!elems->supp_rates) { 836 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 837 HOSTAPD_LEVEL_DEBUG, 838 "No supported rates element in AssocReq"); 839 return WLAN_STATUS_UNSPECIFIED_FAILURE; 840 } 841 842 if (elems->supp_rates_len + elems->ext_supp_rates_len > 843 sizeof(sta->supported_rates)) { 844 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 845 HOSTAPD_LEVEL_DEBUG, 846 "Invalid supported rates element length %d+%d", 847 elems->supp_rates_len, 848 elems->ext_supp_rates_len); 849 return WLAN_STATUS_UNSPECIFIED_FAILURE; 850 } 851 852 sta->supported_rates_len = merge_byte_arrays( 853 sta->supported_rates, sizeof(sta->supported_rates), 854 elems->supp_rates, elems->supp_rates_len, 855 elems->ext_supp_rates, elems->ext_supp_rates_len); 856 857 return WLAN_STATUS_SUCCESS; 858 } 859 860 861 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, 862 const u8 *ext_capab_ie, size_t ext_capab_ie_len) 863 { 864 #ifdef CONFIG_INTERWORKING 865 /* check for QoS Map support */ 866 if (ext_capab_ie_len >= 5) { 867 if (ext_capab_ie[4] & 0x01) 868 sta->qos_map_enabled = 1; 869 } 870 #endif /* CONFIG_INTERWORKING */ 871 872 return WLAN_STATUS_SUCCESS; 873 } 874 875 876 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 877 const u8 *ies, size_t ies_len, int reassoc) 878 { 879 struct ieee802_11_elems elems; 880 u16 resp; 881 const u8 *wpa_ie; 882 size_t wpa_ie_len; 883 const u8 *p2p_dev_addr = NULL; 884 885 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 886 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 887 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 888 "association request"); 889 return WLAN_STATUS_UNSPECIFIED_FAILURE; 890 } 891 892 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 893 if (resp != WLAN_STATUS_SUCCESS) 894 return resp; 895 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 896 if (resp != WLAN_STATUS_SUCCESS) 897 return resp; 898 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len); 899 if (resp != WLAN_STATUS_SUCCESS) 900 return resp; 901 resp = copy_supp_rates(hapd, sta, &elems); 902 if (resp != WLAN_STATUS_SUCCESS) 903 return resp; 904 #ifdef CONFIG_IEEE80211N 905 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 906 elems.ht_capabilities_len); 907 if (resp != WLAN_STATUS_SUCCESS) 908 return resp; 909 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 910 !(sta->flags & WLAN_STA_HT)) { 911 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 912 HOSTAPD_LEVEL_INFO, "Station does not support " 913 "mandatory HT PHY - reject association"); 914 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 915 } 916 #endif /* CONFIG_IEEE80211N */ 917 918 #ifdef CONFIG_IEEE80211AC 919 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities, 920 elems.vht_capabilities_len); 921 if (resp != WLAN_STATUS_SUCCESS) 922 return resp; 923 924 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif); 925 if (resp != WLAN_STATUS_SUCCESS) 926 return resp; 927 928 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 929 !(sta->flags & WLAN_STA_VHT)) { 930 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 931 HOSTAPD_LEVEL_INFO, "Station does not support " 932 "mandatory VHT PHY - reject association"); 933 return WLAN_STATUS_ASSOC_DENIED_NO_VHT; 934 } 935 #endif /* CONFIG_IEEE80211AC */ 936 937 #ifdef CONFIG_P2P 938 if (elems.p2p) { 939 wpabuf_free(sta->p2p_ie); 940 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 941 P2P_IE_VENDOR_TYPE); 942 if (sta->p2p_ie) 943 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 944 } else { 945 wpabuf_free(sta->p2p_ie); 946 sta->p2p_ie = NULL; 947 } 948 #endif /* CONFIG_P2P */ 949 950 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 951 wpa_ie = elems.rsn_ie; 952 wpa_ie_len = elems.rsn_ie_len; 953 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 954 elems.wpa_ie) { 955 wpa_ie = elems.wpa_ie; 956 wpa_ie_len = elems.wpa_ie_len; 957 } else { 958 wpa_ie = NULL; 959 wpa_ie_len = 0; 960 } 961 962 #ifdef CONFIG_WPS 963 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 964 if (hapd->conf->wps_state && elems.wps_ie) { 965 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 966 "Request - assume WPS is used"); 967 sta->flags |= WLAN_STA_WPS; 968 wpabuf_free(sta->wps_ie); 969 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 970 WPS_IE_VENDOR_TYPE); 971 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 972 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 973 sta->flags |= WLAN_STA_WPS2; 974 } 975 wpa_ie = NULL; 976 wpa_ie_len = 0; 977 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 978 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 979 "(Re)Association Request - reject"); 980 return WLAN_STATUS_INVALID_IE; 981 } 982 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 983 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 984 "(Re)Association Request - possible WPS use"); 985 sta->flags |= WLAN_STA_MAYBE_WPS; 986 } else 987 #endif /* CONFIG_WPS */ 988 if (hapd->conf->wpa && wpa_ie == NULL) { 989 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 990 HOSTAPD_LEVEL_INFO, 991 "No WPA/RSN IE in association request"); 992 return WLAN_STATUS_INVALID_IE; 993 } 994 995 if (hapd->conf->wpa && wpa_ie) { 996 int res; 997 wpa_ie -= 2; 998 wpa_ie_len += 2; 999 if (sta->wpa_sm == NULL) 1000 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1001 sta->addr, 1002 p2p_dev_addr); 1003 if (sta->wpa_sm == NULL) { 1004 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1005 "state machine"); 1006 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1007 } 1008 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 1009 wpa_ie, wpa_ie_len, 1010 elems.mdie, elems.mdie_len); 1011 if (res == WPA_INVALID_GROUP) 1012 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 1013 else if (res == WPA_INVALID_PAIRWISE) 1014 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 1015 else if (res == WPA_INVALID_AKMP) 1016 resp = WLAN_STATUS_AKMP_NOT_VALID; 1017 else if (res == WPA_ALLOC_FAIL) 1018 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1019 #ifdef CONFIG_IEEE80211W 1020 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 1021 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1022 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 1023 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1024 #endif /* CONFIG_IEEE80211W */ 1025 else if (res == WPA_INVALID_MDIE) 1026 resp = WLAN_STATUS_INVALID_MDIE; 1027 else if (res != WPA_IE_OK) 1028 resp = WLAN_STATUS_INVALID_IE; 1029 if (resp != WLAN_STATUS_SUCCESS) 1030 return resp; 1031 #ifdef CONFIG_IEEE80211W 1032 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1033 sta->sa_query_count > 0) 1034 ap_check_sa_query_timeout(hapd, sta); 1035 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1036 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 1037 /* 1038 * STA has already been associated with MFP and SA 1039 * Query timeout has not been reached. Reject the 1040 * association attempt temporarily and start SA Query, 1041 * if one is not pending. 1042 */ 1043 1044 if (sta->sa_query_count == 0) 1045 ap_sta_start_sa_query(hapd, sta); 1046 1047 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1048 } 1049 1050 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1051 sta->flags |= WLAN_STA_MFP; 1052 else 1053 sta->flags &= ~WLAN_STA_MFP; 1054 #endif /* CONFIG_IEEE80211W */ 1055 1056 #ifdef CONFIG_IEEE80211R 1057 if (sta->auth_alg == WLAN_AUTH_FT) { 1058 if (!reassoc) { 1059 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1060 "to use association (not " 1061 "re-association) with FT auth_alg", 1062 MAC2STR(sta->addr)); 1063 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1064 } 1065 1066 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1067 ies_len); 1068 if (resp != WLAN_STATUS_SUCCESS) 1069 return resp; 1070 } 1071 #endif /* CONFIG_IEEE80211R */ 1072 1073 #ifdef CONFIG_SAE 1074 if (wpa_auth_uses_sae(sta->wpa_sm) && 1075 sta->auth_alg != WLAN_AUTH_SAE && 1076 !(sta->auth_alg == WLAN_AUTH_FT && 1077 wpa_auth_uses_ft_sae(sta->wpa_sm))) { 1078 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1079 "SAE AKM after non-SAE auth_alg %u", 1080 MAC2STR(sta->addr), sta->auth_alg); 1081 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1082 } 1083 #endif /* CONFIG_SAE */ 1084 1085 #ifdef CONFIG_IEEE80211N 1086 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1087 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1088 hostapd_logger(hapd, sta->addr, 1089 HOSTAPD_MODULE_IEEE80211, 1090 HOSTAPD_LEVEL_INFO, 1091 "Station tried to use TKIP with HT " 1092 "association"); 1093 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1094 } 1095 #endif /* CONFIG_IEEE80211N */ 1096 #ifdef CONFIG_HS20 1097 } else if (hapd->conf->osen) { 1098 if (elems.osen == NULL) { 1099 hostapd_logger( 1100 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1101 HOSTAPD_LEVEL_INFO, 1102 "No HS 2.0 OSEN element in association request"); 1103 return WLAN_STATUS_INVALID_IE; 1104 } 1105 1106 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association"); 1107 if (sta->wpa_sm == NULL) 1108 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1109 sta->addr, NULL); 1110 if (sta->wpa_sm == NULL) { 1111 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1112 "state machine"); 1113 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1114 } 1115 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm, 1116 elems.osen - 2, elems.osen_len + 2) < 0) 1117 return WLAN_STATUS_INVALID_IE; 1118 #endif /* CONFIG_HS20 */ 1119 } else 1120 wpa_auth_sta_no_wpa(sta->wpa_sm); 1121 1122 #ifdef CONFIG_P2P 1123 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1124 #endif /* CONFIG_P2P */ 1125 1126 #ifdef CONFIG_HS20 1127 wpabuf_free(sta->hs20_ie); 1128 if (elems.hs20 && elems.hs20_len > 4) { 1129 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1130 elems.hs20_len - 4); 1131 } else 1132 sta->hs20_ie = NULL; 1133 #endif /* CONFIG_HS20 */ 1134 1135 return WLAN_STATUS_SUCCESS; 1136 } 1137 1138 1139 static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1140 u16 reason_code) 1141 { 1142 int send_len; 1143 struct ieee80211_mgmt reply; 1144 1145 os_memset(&reply, 0, sizeof(reply)); 1146 reply.frame_control = 1147 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1148 os_memcpy(reply.da, addr, ETH_ALEN); 1149 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1150 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1151 1152 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1153 reply.u.deauth.reason_code = host_to_le16(reason_code); 1154 1155 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1156 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1157 strerror(errno)); 1158 } 1159 1160 1161 static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1162 u16 status_code, int reassoc, const u8 *ies, 1163 size_t ies_len) 1164 { 1165 int send_len; 1166 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1167 struct ieee80211_mgmt *reply; 1168 u8 *p; 1169 1170 os_memset(buf, 0, sizeof(buf)); 1171 reply = (struct ieee80211_mgmt *) buf; 1172 reply->frame_control = 1173 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1174 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1175 WLAN_FC_STYPE_ASSOC_RESP)); 1176 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1177 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1178 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1179 1180 send_len = IEEE80211_HDRLEN; 1181 send_len += sizeof(reply->u.assoc_resp); 1182 reply->u.assoc_resp.capab_info = 1183 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 1184 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1185 reply->u.assoc_resp.aid = host_to_le16(sta->aid | BIT(14) | BIT(15)); 1186 /* Supported rates */ 1187 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1188 /* Extended supported rates */ 1189 p = hostapd_eid_ext_supp_rates(hapd, p); 1190 1191 #ifdef CONFIG_IEEE80211R 1192 if (status_code == WLAN_STATUS_SUCCESS) { 1193 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1194 * Transition Information, RSN, [RIC Response] */ 1195 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1196 buf + sizeof(buf) - p, 1197 sta->auth_alg, ies, ies_len); 1198 } 1199 #endif /* CONFIG_IEEE80211R */ 1200 1201 #ifdef CONFIG_IEEE80211W 1202 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1203 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1204 #endif /* CONFIG_IEEE80211W */ 1205 1206 #ifdef CONFIG_IEEE80211N 1207 p = hostapd_eid_ht_capabilities(hapd, p); 1208 p = hostapd_eid_ht_operation(hapd, p); 1209 #endif /* CONFIG_IEEE80211N */ 1210 1211 #ifdef CONFIG_IEEE80211AC 1212 p = hostapd_eid_vht_capabilities(hapd, p); 1213 p = hostapd_eid_vht_operation(hapd, p); 1214 #endif /* CONFIG_IEEE80211AC */ 1215 1216 p = hostapd_eid_ext_capab(hapd, p); 1217 p = hostapd_eid_bss_max_idle_period(hapd, p); 1218 if (sta->qos_map_enabled) 1219 p = hostapd_eid_qos_map_set(hapd, p); 1220 1221 if (sta->flags & WLAN_STA_WMM) 1222 p = hostapd_eid_wmm(hapd, p); 1223 1224 #ifdef CONFIG_WPS 1225 if ((sta->flags & WLAN_STA_WPS) || 1226 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1227 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1228 if (wps) { 1229 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1230 p += wpabuf_len(wps); 1231 wpabuf_free(wps); 1232 } 1233 } 1234 #endif /* CONFIG_WPS */ 1235 1236 #ifdef CONFIG_P2P 1237 if (sta->p2p_ie) { 1238 struct wpabuf *p2p_resp_ie; 1239 enum p2p_status_code status; 1240 switch (status_code) { 1241 case WLAN_STATUS_SUCCESS: 1242 status = P2P_SC_SUCCESS; 1243 break; 1244 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1245 status = P2P_SC_FAIL_LIMIT_REACHED; 1246 break; 1247 default: 1248 status = P2P_SC_FAIL_INVALID_PARAMS; 1249 break; 1250 } 1251 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1252 if (p2p_resp_ie) { 1253 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1254 wpabuf_len(p2p_resp_ie)); 1255 p += wpabuf_len(p2p_resp_ie); 1256 wpabuf_free(p2p_resp_ie); 1257 } 1258 } 1259 #endif /* CONFIG_P2P */ 1260 1261 #ifdef CONFIG_P2P_MANAGER 1262 if (hapd->conf->p2p & P2P_MANAGE) 1263 p = hostapd_eid_p2p_manage(hapd, p); 1264 #endif /* CONFIG_P2P_MANAGER */ 1265 1266 send_len += p - reply->u.assoc_resp.variable; 1267 1268 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) 1269 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1270 strerror(errno)); 1271 } 1272 1273 1274 static void handle_assoc(struct hostapd_data *hapd, 1275 const struct ieee80211_mgmt *mgmt, size_t len, 1276 int reassoc) 1277 { 1278 u16 capab_info, listen_interval; 1279 u16 resp = WLAN_STATUS_SUCCESS; 1280 const u8 *pos; 1281 int left, i; 1282 struct sta_info *sta; 1283 1284 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1285 sizeof(mgmt->u.assoc_req))) { 1286 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)", 1287 reassoc, (unsigned long) len); 1288 return; 1289 } 1290 1291 #ifdef CONFIG_TESTING_OPTIONS 1292 if (reassoc) { 1293 if (hapd->iconf->ignore_reassoc_probability > 0.0 && 1294 drand48() < hapd->iconf->ignore_reassoc_probability) { 1295 wpa_printf(MSG_INFO, 1296 "TESTING: ignoring reassoc request from " 1297 MACSTR, MAC2STR(mgmt->sa)); 1298 return; 1299 } 1300 } else { 1301 if (hapd->iconf->ignore_assoc_probability > 0.0 && 1302 drand48() < hapd->iconf->ignore_assoc_probability) { 1303 wpa_printf(MSG_INFO, 1304 "TESTING: ignoring assoc request from " 1305 MACSTR, MAC2STR(mgmt->sa)); 1306 return; 1307 } 1308 } 1309 #endif /* CONFIG_TESTING_OPTIONS */ 1310 1311 if (reassoc) { 1312 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 1313 listen_interval = le_to_host16( 1314 mgmt->u.reassoc_req.listen_interval); 1315 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 1316 " capab_info=0x%02x listen_interval=%d current_ap=" 1317 MACSTR, 1318 MAC2STR(mgmt->sa), capab_info, listen_interval, 1319 MAC2STR(mgmt->u.reassoc_req.current_ap)); 1320 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 1321 pos = mgmt->u.reassoc_req.variable; 1322 } else { 1323 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 1324 listen_interval = le_to_host16( 1325 mgmt->u.assoc_req.listen_interval); 1326 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 1327 " capab_info=0x%02x listen_interval=%d", 1328 MAC2STR(mgmt->sa), capab_info, listen_interval); 1329 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 1330 pos = mgmt->u.assoc_req.variable; 1331 } 1332 1333 sta = ap_get_sta(hapd, mgmt->sa); 1334 #ifdef CONFIG_IEEE80211R 1335 if (sta && sta->auth_alg == WLAN_AUTH_FT && 1336 (sta->flags & WLAN_STA_AUTH) == 0) { 1337 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 1338 "prior to authentication since it is using " 1339 "over-the-DS FT", MAC2STR(mgmt->sa)); 1340 } else 1341 #endif /* CONFIG_IEEE80211R */ 1342 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1343 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1344 HOSTAPD_LEVEL_INFO, "Station tried to " 1345 "associate before authentication " 1346 "(aid=%d flags=0x%x)", 1347 sta ? sta->aid : -1, 1348 sta ? sta->flags : 0); 1349 send_deauth(hapd, mgmt->sa, 1350 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 1351 return; 1352 } 1353 1354 if (hapd->tkip_countermeasures) { 1355 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1356 goto fail; 1357 } 1358 1359 if (listen_interval > hapd->conf->max_listen_interval) { 1360 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1361 HOSTAPD_LEVEL_DEBUG, 1362 "Too large Listen Interval (%d)", 1363 listen_interval); 1364 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 1365 goto fail; 1366 } 1367 1368 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 1369 * is used */ 1370 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 1371 if (resp != WLAN_STATUS_SUCCESS) 1372 goto fail; 1373 1374 if (hostapd_get_aid(hapd, sta) < 0) { 1375 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1376 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1377 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1378 goto fail; 1379 } 1380 1381 sta->capability = capab_info; 1382 sta->listen_interval = listen_interval; 1383 1384 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1385 sta->flags |= WLAN_STA_NONERP; 1386 for (i = 0; i < sta->supported_rates_len; i++) { 1387 if ((sta->supported_rates[i] & 0x7f) > 22) { 1388 sta->flags &= ~WLAN_STA_NONERP; 1389 break; 1390 } 1391 } 1392 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1393 sta->nonerp_set = 1; 1394 hapd->iface->num_sta_non_erp++; 1395 if (hapd->iface->num_sta_non_erp == 1) 1396 ieee802_11_set_beacons(hapd->iface); 1397 } 1398 1399 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1400 !sta->no_short_slot_time_set) { 1401 sta->no_short_slot_time_set = 1; 1402 hapd->iface->num_sta_no_short_slot_time++; 1403 if (hapd->iface->current_mode->mode == 1404 HOSTAPD_MODE_IEEE80211G && 1405 hapd->iface->num_sta_no_short_slot_time == 1) 1406 ieee802_11_set_beacons(hapd->iface); 1407 } 1408 1409 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1410 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1411 else 1412 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1413 1414 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1415 !sta->no_short_preamble_set) { 1416 sta->no_short_preamble_set = 1; 1417 hapd->iface->num_sta_no_short_preamble++; 1418 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1419 && hapd->iface->num_sta_no_short_preamble == 1) 1420 ieee802_11_set_beacons(hapd->iface); 1421 } 1422 1423 #ifdef CONFIG_IEEE80211N 1424 update_ht_state(hapd, sta); 1425 #endif /* CONFIG_IEEE80211N */ 1426 1427 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1428 HOSTAPD_LEVEL_DEBUG, 1429 "association OK (aid %d)", sta->aid); 1430 /* Station will be marked associated, after it acknowledges AssocResp 1431 */ 1432 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1433 1434 #ifdef CONFIG_IEEE80211W 1435 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1436 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1437 "SA Query procedure", reassoc ? "re" : ""); 1438 /* TODO: Send a protected Disassociate frame to the STA using 1439 * the old key and Reason Code "Previous Authentication no 1440 * longer valid". Make sure this is only sent protected since 1441 * unprotected frame would be received by the STA that is now 1442 * trying to associate. 1443 */ 1444 } 1445 #endif /* CONFIG_IEEE80211W */ 1446 1447 /* Make sure that the previously registered inactivity timer will not 1448 * remove the STA immediately. */ 1449 sta->timeout_next = STA_NULLFUNC; 1450 1451 fail: 1452 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1453 } 1454 1455 1456 static void handle_disassoc(struct hostapd_data *hapd, 1457 const struct ieee80211_mgmt *mgmt, size_t len) 1458 { 1459 struct sta_info *sta; 1460 1461 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1462 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)", 1463 (unsigned long) len); 1464 return; 1465 } 1466 1467 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1468 MAC2STR(mgmt->sa), 1469 le_to_host16(mgmt->u.disassoc.reason_code)); 1470 1471 sta = ap_get_sta(hapd, mgmt->sa); 1472 if (sta == NULL) { 1473 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated", 1474 MAC2STR(mgmt->sa)); 1475 return; 1476 } 1477 1478 ap_sta_set_authorized(hapd, sta, 0); 1479 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1480 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1481 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1482 HOSTAPD_LEVEL_INFO, "disassociated"); 1483 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1484 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1485 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1486 * authenticated. */ 1487 accounting_sta_stop(hapd, sta); 1488 ieee802_1x_free_station(sta); 1489 hostapd_drv_sta_remove(hapd, sta->addr); 1490 1491 if (sta->timeout_next == STA_NULLFUNC || 1492 sta->timeout_next == STA_DISASSOC) { 1493 sta->timeout_next = STA_DEAUTH; 1494 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1495 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1496 hapd, sta); 1497 } 1498 1499 mlme_disassociate_indication( 1500 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1501 } 1502 1503 1504 static void handle_deauth(struct hostapd_data *hapd, 1505 const struct ieee80211_mgmt *mgmt, size_t len) 1506 { 1507 struct sta_info *sta; 1508 1509 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1510 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1511 "payload (len=%lu)", (unsigned long) len); 1512 return; 1513 } 1514 1515 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1516 " reason_code=%d", 1517 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1518 1519 sta = ap_get_sta(hapd, mgmt->sa); 1520 if (sta == NULL) { 1521 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1522 "to deauthenticate, but it is not authenticated", 1523 MAC2STR(mgmt->sa)); 1524 return; 1525 } 1526 1527 ap_sta_set_authorized(hapd, sta, 0); 1528 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1529 WLAN_STA_ASSOC_REQ_OK); 1530 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1531 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1532 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1533 mlme_deauthenticate_indication( 1534 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1535 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1536 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1537 ap_free_sta(hapd, sta); 1538 } 1539 1540 1541 static void handle_beacon(struct hostapd_data *hapd, 1542 const struct ieee80211_mgmt *mgmt, size_t len, 1543 struct hostapd_frame_info *fi) 1544 { 1545 struct ieee802_11_elems elems; 1546 1547 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1548 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)", 1549 (unsigned long) len); 1550 return; 1551 } 1552 1553 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1554 len - (IEEE80211_HDRLEN + 1555 sizeof(mgmt->u.beacon)), &elems, 1556 0); 1557 1558 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1559 } 1560 1561 1562 #ifdef CONFIG_IEEE80211W 1563 1564 static int hostapd_sa_query_action(struct hostapd_data *hapd, 1565 const struct ieee80211_mgmt *mgmt, 1566 size_t len) 1567 { 1568 const u8 *end; 1569 1570 end = mgmt->u.action.u.sa_query_resp.trans_id + 1571 WLAN_SA_QUERY_TR_ID_LEN; 1572 if (((u8 *) mgmt) + len < end) { 1573 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1574 "frame (len=%lu)", (unsigned long) len); 1575 return 0; 1576 } 1577 1578 ieee802_11_sa_query_action(hapd, mgmt->sa, 1579 mgmt->u.action.u.sa_query_resp.action, 1580 mgmt->u.action.u.sa_query_resp.trans_id); 1581 return 1; 1582 } 1583 1584 1585 static int robust_action_frame(u8 category) 1586 { 1587 return category != WLAN_ACTION_PUBLIC && 1588 category != WLAN_ACTION_HT; 1589 } 1590 #endif /* CONFIG_IEEE80211W */ 1591 1592 1593 static int handle_action(struct hostapd_data *hapd, 1594 const struct ieee80211_mgmt *mgmt, size_t len) 1595 { 1596 struct sta_info *sta; 1597 sta = ap_get_sta(hapd, mgmt->sa); 1598 1599 if (len < IEEE80211_HDRLEN + 1) { 1600 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1601 HOSTAPD_LEVEL_DEBUG, 1602 "handle_action - too short payload (len=%lu)", 1603 (unsigned long) len); 1604 return 0; 1605 } 1606 1607 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 1608 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 1609 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 1610 "frame (category=%u) from unassociated STA " MACSTR, 1611 MAC2STR(mgmt->sa), mgmt->u.action.category); 1612 return 0; 1613 } 1614 1615 #ifdef CONFIG_IEEE80211W 1616 if (sta && (sta->flags & WLAN_STA_MFP) && 1617 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) && 1618 robust_action_frame(mgmt->u.action.category)) { 1619 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1620 HOSTAPD_LEVEL_DEBUG, 1621 "Dropped unprotected Robust Action frame from " 1622 "an MFP STA"); 1623 return 0; 1624 } 1625 #endif /* CONFIG_IEEE80211W */ 1626 1627 switch (mgmt->u.action.category) { 1628 #ifdef CONFIG_IEEE80211R 1629 case WLAN_ACTION_FT: 1630 if (!sta || 1631 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1632 len - IEEE80211_HDRLEN)) 1633 break; 1634 return 1; 1635 #endif /* CONFIG_IEEE80211R */ 1636 case WLAN_ACTION_WMM: 1637 hostapd_wmm_action(hapd, mgmt, len); 1638 return 1; 1639 #ifdef CONFIG_IEEE80211W 1640 case WLAN_ACTION_SA_QUERY: 1641 return hostapd_sa_query_action(hapd, mgmt, len); 1642 #endif /* CONFIG_IEEE80211W */ 1643 #ifdef CONFIG_WNM 1644 case WLAN_ACTION_WNM: 1645 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len); 1646 return 1; 1647 #endif /* CONFIG_WNM */ 1648 case WLAN_ACTION_PUBLIC: 1649 case WLAN_ACTION_PROTECTED_DUAL: 1650 #ifdef CONFIG_IEEE80211N 1651 if (mgmt->u.action.u.public_action.action == 1652 WLAN_PA_20_40_BSS_COEX) { 1653 wpa_printf(MSG_DEBUG, 1654 "HT20/40 coex mgmt frame received from STA " 1655 MACSTR, MAC2STR(mgmt->sa)); 1656 hostapd_2040_coex_action(hapd, mgmt, len); 1657 } 1658 #endif /* CONFIG_IEEE80211N */ 1659 if (hapd->public_action_cb) { 1660 hapd->public_action_cb(hapd->public_action_cb_ctx, 1661 (u8 *) mgmt, len, 1662 hapd->iface->freq); 1663 } 1664 if (hapd->public_action_cb2) { 1665 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 1666 (u8 *) mgmt, len, 1667 hapd->iface->freq); 1668 } 1669 if (hapd->public_action_cb || hapd->public_action_cb2) 1670 return 1; 1671 break; 1672 case WLAN_ACTION_VENDOR_SPECIFIC: 1673 if (hapd->vendor_action_cb) { 1674 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1675 (u8 *) mgmt, len, 1676 hapd->iface->freq) == 0) 1677 return 1; 1678 } 1679 break; 1680 } 1681 1682 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1683 HOSTAPD_LEVEL_DEBUG, 1684 "handle_action - unknown action category %d or invalid " 1685 "frame", 1686 mgmt->u.action.category); 1687 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1688 !(mgmt->sa[0] & 0x01)) { 1689 struct ieee80211_mgmt *resp; 1690 1691 /* 1692 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1693 * Return the Action frame to the source without change 1694 * except that MSB of the Category set to 1. 1695 */ 1696 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1697 "frame back to sender"); 1698 resp = os_malloc(len); 1699 if (resp == NULL) 1700 return 0; 1701 os_memcpy(resp, mgmt, len); 1702 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1703 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1704 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1705 resp->u.action.category |= 0x80; 1706 1707 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 1708 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 1709 "Action frame"); 1710 } 1711 os_free(resp); 1712 } 1713 1714 return 1; 1715 } 1716 1717 1718 /** 1719 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1720 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1721 * sent to) 1722 * @buf: management frame data (starting from IEEE 802.11 header) 1723 * @len: length of frame data in octets 1724 * @fi: meta data about received frame (signal level, etc.) 1725 * 1726 * Process all incoming IEEE 802.11 management frames. This will be called for 1727 * each frame received from the kernel driver through wlan#ap interface. In 1728 * addition, it can be called to re-inserted pending frames (e.g., when using 1729 * external RADIUS server as an MAC ACL). 1730 */ 1731 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1732 struct hostapd_frame_info *fi) 1733 { 1734 struct ieee80211_mgmt *mgmt; 1735 int broadcast; 1736 u16 fc, stype; 1737 int ret = 0; 1738 1739 if (len < 24) 1740 return 0; 1741 1742 mgmt = (struct ieee80211_mgmt *) buf; 1743 fc = le_to_host16(mgmt->frame_control); 1744 stype = WLAN_FC_GET_STYPE(fc); 1745 1746 if (stype == WLAN_FC_STYPE_BEACON) { 1747 handle_beacon(hapd, mgmt, len, fi); 1748 return 1; 1749 } 1750 1751 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1752 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1753 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1754 1755 if (!broadcast && 1756 #ifdef CONFIG_P2P 1757 /* Invitation responses can be sent with the peer MAC as BSSID */ 1758 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1759 stype == WLAN_FC_STYPE_ACTION) && 1760 #endif /* CONFIG_P2P */ 1761 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1762 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", 1763 MAC2STR(mgmt->bssid)); 1764 return 0; 1765 } 1766 1767 1768 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1769 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 1770 return 1; 1771 } 1772 1773 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1774 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1775 HOSTAPD_LEVEL_DEBUG, 1776 "MGMT: DA=" MACSTR " not our address", 1777 MAC2STR(mgmt->da)); 1778 return 0; 1779 } 1780 1781 switch (stype) { 1782 case WLAN_FC_STYPE_AUTH: 1783 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1784 handle_auth(hapd, mgmt, len); 1785 ret = 1; 1786 break; 1787 case WLAN_FC_STYPE_ASSOC_REQ: 1788 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1789 handle_assoc(hapd, mgmt, len, 0); 1790 ret = 1; 1791 break; 1792 case WLAN_FC_STYPE_REASSOC_REQ: 1793 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1794 handle_assoc(hapd, mgmt, len, 1); 1795 ret = 1; 1796 break; 1797 case WLAN_FC_STYPE_DISASSOC: 1798 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1799 handle_disassoc(hapd, mgmt, len); 1800 ret = 1; 1801 break; 1802 case WLAN_FC_STYPE_DEAUTH: 1803 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1804 handle_deauth(hapd, mgmt, len); 1805 ret = 1; 1806 break; 1807 case WLAN_FC_STYPE_ACTION: 1808 wpa_printf(MSG_DEBUG, "mgmt::action"); 1809 ret = handle_action(hapd, mgmt, len); 1810 break; 1811 default: 1812 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1813 HOSTAPD_LEVEL_DEBUG, 1814 "unknown mgmt frame subtype %d", stype); 1815 break; 1816 } 1817 1818 return ret; 1819 } 1820 1821 1822 static void handle_auth_cb(struct hostapd_data *hapd, 1823 const struct ieee80211_mgmt *mgmt, 1824 size_t len, int ok) 1825 { 1826 u16 auth_alg, auth_transaction, status_code; 1827 struct sta_info *sta; 1828 1829 if (!ok) { 1830 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1831 HOSTAPD_LEVEL_NOTICE, 1832 "did not acknowledge authentication response"); 1833 return; 1834 } 1835 1836 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1837 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)", 1838 (unsigned long) len); 1839 return; 1840 } 1841 1842 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1843 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1844 status_code = le_to_host16(mgmt->u.auth.status_code); 1845 1846 sta = ap_get_sta(hapd, mgmt->da); 1847 if (!sta) { 1848 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found", 1849 MAC2STR(mgmt->da)); 1850 return; 1851 } 1852 1853 if (status_code == WLAN_STATUS_SUCCESS && 1854 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1855 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1856 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1857 HOSTAPD_LEVEL_INFO, "authenticated"); 1858 sta->flags |= WLAN_STA_AUTH; 1859 } 1860 } 1861 1862 1863 static void hostapd_set_wds_encryption(struct hostapd_data *hapd, 1864 struct sta_info *sta, 1865 char *ifname_wds) 1866 { 1867 int i; 1868 struct hostapd_ssid *ssid = sta->ssid; 1869 1870 if (hapd->conf->ieee802_1x || hapd->conf->wpa) 1871 return; 1872 1873 for (i = 0; i < 4; i++) { 1874 if (ssid->wep.key[i] && 1875 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i, 1876 i == ssid->wep.idx, NULL, 0, 1877 ssid->wep.key[i], ssid->wep.len[i])) { 1878 wpa_printf(MSG_WARNING, 1879 "Could not set WEP keys for WDS interface; %s", 1880 ifname_wds); 1881 break; 1882 } 1883 } 1884 } 1885 1886 1887 static void handle_assoc_cb(struct hostapd_data *hapd, 1888 const struct ieee80211_mgmt *mgmt, 1889 size_t len, int reassoc, int ok) 1890 { 1891 u16 status; 1892 struct sta_info *sta; 1893 int new_assoc = 1; 1894 struct ieee80211_ht_capabilities ht_cap; 1895 struct ieee80211_vht_capabilities vht_cap; 1896 1897 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1898 sizeof(mgmt->u.assoc_resp))) { 1899 wpa_printf(MSG_INFO, "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)", 1900 reassoc, (unsigned long) len); 1901 return; 1902 } 1903 1904 sta = ap_get_sta(hapd, mgmt->da); 1905 if (!sta) { 1906 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found", 1907 MAC2STR(mgmt->da)); 1908 return; 1909 } 1910 1911 if (!ok) { 1912 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1913 HOSTAPD_LEVEL_DEBUG, 1914 "did not acknowledge association response"); 1915 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 1916 return; 1917 } 1918 1919 if (reassoc) 1920 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1921 else 1922 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1923 1924 if (status != WLAN_STATUS_SUCCESS) 1925 return; 1926 1927 /* Stop previous accounting session, if one is started, and allocate 1928 * new session id for the new session. */ 1929 accounting_sta_stop(hapd, sta); 1930 1931 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1932 HOSTAPD_LEVEL_INFO, 1933 "associated (aid %d)", 1934 sta->aid); 1935 1936 if (sta->flags & WLAN_STA_ASSOC) 1937 new_assoc = 0; 1938 sta->flags |= WLAN_STA_ASSOC; 1939 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; 1940 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) || 1941 sta->auth_alg == WLAN_AUTH_FT) { 1942 /* 1943 * Open, static WEP, or FT protocol; no separate authorization 1944 * step. 1945 */ 1946 ap_sta_set_authorized(hapd, sta, 1); 1947 } 1948 1949 if (reassoc) 1950 mlme_reassociate_indication(hapd, sta); 1951 else 1952 mlme_associate_indication(hapd, sta); 1953 1954 #ifdef CONFIG_IEEE80211W 1955 sta->sa_query_timed_out = 0; 1956 #endif /* CONFIG_IEEE80211W */ 1957 1958 /* 1959 * Remove the STA entry in order to make sure the STA PS state gets 1960 * cleared and configuration gets updated in case of reassociation back 1961 * to the same AP. 1962 */ 1963 hostapd_drv_sta_remove(hapd, sta->addr); 1964 1965 #ifdef CONFIG_IEEE80211N 1966 if (sta->flags & WLAN_STA_HT) 1967 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1968 #endif /* CONFIG_IEEE80211N */ 1969 #ifdef CONFIG_IEEE80211AC 1970 if (sta->flags & WLAN_STA_VHT) 1971 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1972 #endif /* CONFIG_IEEE80211AC */ 1973 1974 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1975 sta->supported_rates, sta->supported_rates_len, 1976 sta->listen_interval, 1977 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1978 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1979 sta->flags, sta->qosinfo, sta->vht_opmode)) { 1980 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1981 HOSTAPD_LEVEL_NOTICE, 1982 "Could not add STA to kernel driver"); 1983 1984 ap_sta_disconnect(hapd, sta, sta->addr, 1985 WLAN_REASON_DISASSOC_AP_BUSY); 1986 1987 return; 1988 } 1989 1990 if (sta->flags & WLAN_STA_WDS) { 1991 int ret; 1992 char ifname_wds[IFNAMSIZ + 1]; 1993 1994 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr, 1995 sta->aid, 1); 1996 if (!ret) 1997 hostapd_set_wds_encryption(hapd, sta, ifname_wds); 1998 } 1999 2000 if (sta->eapol_sm == NULL) { 2001 /* 2002 * This STA does not use RADIUS server for EAP authentication, 2003 * so bind it to the selected VLAN interface now, since the 2004 * interface selection is not going to change anymore. 2005 */ 2006 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 2007 return; 2008 } else if (sta->vlan_id) { 2009 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 2010 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 2011 return; 2012 } 2013 2014 hostapd_set_sta_flags(hapd, sta); 2015 2016 if (sta->auth_alg == WLAN_AUTH_FT) 2017 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 2018 else 2019 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 2020 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 2021 2022 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 2023 } 2024 2025 2026 static void handle_deauth_cb(struct hostapd_data *hapd, 2027 const struct ieee80211_mgmt *mgmt, 2028 size_t len, int ok) 2029 { 2030 struct sta_info *sta; 2031 if (mgmt->da[0] & 0x01) 2032 return; 2033 sta = ap_get_sta(hapd, mgmt->da); 2034 if (!sta) { 2035 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 2036 " not found", MAC2STR(mgmt->da)); 2037 return; 2038 } 2039 if (ok) 2040 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 2041 MAC2STR(sta->addr)); 2042 else 2043 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2044 "deauth", MAC2STR(sta->addr)); 2045 2046 ap_sta_deauth_cb(hapd, sta); 2047 } 2048 2049 2050 static void handle_disassoc_cb(struct hostapd_data *hapd, 2051 const struct ieee80211_mgmt *mgmt, 2052 size_t len, int ok) 2053 { 2054 struct sta_info *sta; 2055 if (mgmt->da[0] & 0x01) 2056 return; 2057 sta = ap_get_sta(hapd, mgmt->da); 2058 if (!sta) { 2059 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 2060 " not found", MAC2STR(mgmt->da)); 2061 return; 2062 } 2063 if (ok) 2064 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 2065 MAC2STR(sta->addr)); 2066 else 2067 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2068 "disassoc", MAC2STR(sta->addr)); 2069 2070 ap_sta_disassoc_cb(hapd, sta); 2071 } 2072 2073 2074 /** 2075 * ieee802_11_mgmt_cb - Process management frame TX status callback 2076 * @hapd: hostapd BSS data structure (the BSS from which the management frame 2077 * was sent from) 2078 * @buf: management frame data (starting from IEEE 802.11 header) 2079 * @len: length of frame data in octets 2080 * @stype: management frame subtype from frame control field 2081 * @ok: Whether the frame was ACK'ed 2082 */ 2083 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 2084 u16 stype, int ok) 2085 { 2086 const struct ieee80211_mgmt *mgmt; 2087 mgmt = (const struct ieee80211_mgmt *) buf; 2088 2089 #ifdef CONFIG_TESTING_OPTIONS 2090 if (hapd->ext_mgmt_frame_handling) { 2091 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d", 2092 stype, ok); 2093 return; 2094 } 2095 #endif /* CONFIG_TESTING_OPTIONS */ 2096 2097 switch (stype) { 2098 case WLAN_FC_STYPE_AUTH: 2099 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 2100 handle_auth_cb(hapd, mgmt, len, ok); 2101 break; 2102 case WLAN_FC_STYPE_ASSOC_RESP: 2103 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 2104 handle_assoc_cb(hapd, mgmt, len, 0, ok); 2105 break; 2106 case WLAN_FC_STYPE_REASSOC_RESP: 2107 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 2108 handle_assoc_cb(hapd, mgmt, len, 1, ok); 2109 break; 2110 case WLAN_FC_STYPE_PROBE_RESP: 2111 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 2112 break; 2113 case WLAN_FC_STYPE_DEAUTH: 2114 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 2115 handle_deauth_cb(hapd, mgmt, len, ok); 2116 break; 2117 case WLAN_FC_STYPE_DISASSOC: 2118 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 2119 handle_disassoc_cb(hapd, mgmt, len, ok); 2120 break; 2121 case WLAN_FC_STYPE_ACTION: 2122 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 2123 break; 2124 default: 2125 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype); 2126 break; 2127 } 2128 } 2129 2130 2131 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2132 { 2133 /* TODO */ 2134 return 0; 2135 } 2136 2137 2138 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 2139 char *buf, size_t buflen) 2140 { 2141 /* TODO */ 2142 return 0; 2143 } 2144 2145 2146 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 2147 const u8 *buf, size_t len, int ack) 2148 { 2149 struct sta_info *sta; 2150 struct hostapd_iface *iface = hapd->iface; 2151 2152 sta = ap_get_sta(hapd, addr); 2153 if (sta == NULL && iface->num_bss > 1) { 2154 size_t j; 2155 for (j = 0; j < iface->num_bss; j++) { 2156 hapd = iface->bss[j]; 2157 sta = ap_get_sta(hapd, addr); 2158 if (sta) 2159 break; 2160 } 2161 } 2162 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 2163 return; 2164 if (sta->flags & WLAN_STA_PENDING_POLL) { 2165 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 2166 "activity poll", MAC2STR(sta->addr), 2167 ack ? "ACKed" : "did not ACK"); 2168 if (ack) 2169 sta->flags &= ~WLAN_STA_PENDING_POLL; 2170 } 2171 2172 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 2173 } 2174 2175 2176 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 2177 const u8 *data, size_t len, int ack) 2178 { 2179 struct sta_info *sta; 2180 struct hostapd_iface *iface = hapd->iface; 2181 2182 sta = ap_get_sta(hapd, dst); 2183 if (sta == NULL && iface->num_bss > 1) { 2184 size_t j; 2185 for (j = 0; j < iface->num_bss; j++) { 2186 hapd = iface->bss[j]; 2187 sta = ap_get_sta(hapd, dst); 2188 if (sta) 2189 break; 2190 } 2191 } 2192 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 2193 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 2194 MACSTR " that is not currently associated", 2195 MAC2STR(dst)); 2196 return; 2197 } 2198 2199 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 2200 } 2201 2202 2203 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 2204 { 2205 struct sta_info *sta; 2206 struct hostapd_iface *iface = hapd->iface; 2207 2208 sta = ap_get_sta(hapd, addr); 2209 if (sta == NULL && iface->num_bss > 1) { 2210 size_t j; 2211 for (j = 0; j < iface->num_bss; j++) { 2212 hapd = iface->bss[j]; 2213 sta = ap_get_sta(hapd, addr); 2214 if (sta) 2215 break; 2216 } 2217 } 2218 if (sta == NULL) 2219 return; 2220 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 2221 return; 2222 2223 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 2224 "activity poll", MAC2STR(sta->addr)); 2225 sta->flags &= ~WLAN_STA_PENDING_POLL; 2226 } 2227 2228 2229 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 2230 int wds) 2231 { 2232 struct sta_info *sta; 2233 2234 sta = ap_get_sta(hapd, src); 2235 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 2236 if (!hapd->conf->wds_sta) 2237 return; 2238 2239 if (wds && !(sta->flags & WLAN_STA_WDS)) { 2240 int ret; 2241 char ifname_wds[IFNAMSIZ + 1]; 2242 2243 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 2244 "STA " MACSTR " (aid %u)", 2245 MAC2STR(sta->addr), sta->aid); 2246 sta->flags |= WLAN_STA_WDS; 2247 ret = hostapd_set_wds_sta(hapd, ifname_wds, 2248 sta->addr, sta->aid, 1); 2249 if (!ret) 2250 hostapd_set_wds_encryption(hapd, sta, 2251 ifname_wds); 2252 } 2253 return; 2254 } 2255 2256 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 2257 MACSTR, MAC2STR(src)); 2258 if (src[0] & 0x01) { 2259 /* Broadcast bit set in SA?! Ignore the frame silently. */ 2260 return; 2261 } 2262 2263 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 2264 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 2265 "already been sent, but no TX status yet known - " 2266 "ignore Class 3 frame issue with " MACSTR, 2267 MAC2STR(src)); 2268 return; 2269 } 2270 2271 if (sta && (sta->flags & WLAN_STA_AUTH)) 2272 hostapd_drv_sta_disassoc( 2273 hapd, src, 2274 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2275 else 2276 hostapd_drv_sta_deauth( 2277 hapd, src, 2278 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2279 } 2280 2281 2282 #endif /* CONFIG_NATIVE_WINDOWS */ 2283
