1 /* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2014, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #ifndef CONFIG_NATIVE_WINDOWS 12 13 #include "utils/common.h" 14 #include "utils/eloop.h" 15 #include "crypto/crypto.h" 16 #include "crypto/sha256.h" 17 #include "crypto/random.h" 18 #include "common/ieee802_11_defs.h" 19 #include "common/ieee802_11_common.h" 20 #include "common/wpa_ctrl.h" 21 #include "common/sae.h" 22 #include "radius/radius.h" 23 #include "radius/radius_client.h" 24 #include "p2p/p2p.h" 25 #include "wps/wps.h" 26 #include "fst/fst.h" 27 #include "hostapd.h" 28 #include "beacon.h" 29 #include "ieee802_11_auth.h" 30 #include "sta_info.h" 31 #include "ieee802_1x.h" 32 #include "wpa_auth.h" 33 #include "pmksa_cache_auth.h" 34 #include "wmm.h" 35 #include "ap_list.h" 36 #include "accounting.h" 37 #include "ap_config.h" 38 #include "ap_mlme.h" 39 #include "p2p_hostapd.h" 40 #include "ap_drv_ops.h" 41 #include "wnm_ap.h" 42 #include "hw_features.h" 43 #include "ieee802_11.h" 44 #include "dfs.h" 45 #include "mbo_ap.h" 46 47 48 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 49 { 50 u8 *pos = eid; 51 int i, num, count; 52 53 if (hapd->iface->current_rates == NULL) 54 return eid; 55 56 *pos++ = WLAN_EID_SUPP_RATES; 57 num = hapd->iface->num_rates; 58 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 59 num++; 60 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 61 num++; 62 if (num > 8) { 63 /* rest of the rates are encoded in Extended supported 64 * rates element */ 65 num = 8; 66 } 67 68 *pos++ = num; 69 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 70 i++) { 71 count++; 72 *pos = hapd->iface->current_rates[i].rate / 5; 73 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 74 *pos |= 0x80; 75 pos++; 76 } 77 78 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 79 count++; 80 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 81 } 82 83 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 84 count++; 85 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 86 } 87 88 return pos; 89 } 90 91 92 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 93 { 94 u8 *pos = eid; 95 int i, num, count; 96 97 if (hapd->iface->current_rates == NULL) 98 return eid; 99 100 num = hapd->iface->num_rates; 101 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 102 num++; 103 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 104 num++; 105 if (num <= 8) 106 return eid; 107 num -= 8; 108 109 *pos++ = WLAN_EID_EXT_SUPP_RATES; 110 *pos++ = num; 111 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 112 i++) { 113 count++; 114 if (count <= 8) 115 continue; /* already in SuppRates IE */ 116 *pos = hapd->iface->current_rates[i].rate / 5; 117 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 118 *pos |= 0x80; 119 pos++; 120 } 121 122 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 123 count++; 124 if (count > 8) 125 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 126 } 127 128 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 129 count++; 130 if (count > 8) 131 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 132 } 133 134 return pos; 135 } 136 137 138 u16 hostapd_own_capab_info(struct hostapd_data *hapd) 139 { 140 int capab = WLAN_CAPABILITY_ESS; 141 int privacy; 142 int dfs; 143 144 /* Check if any of configured channels require DFS */ 145 dfs = hostapd_is_dfs_required(hapd->iface); 146 if (dfs < 0) { 147 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 148 dfs); 149 dfs = 0; 150 } 151 152 if (hapd->iface->num_sta_no_short_preamble == 0 && 153 hapd->iconf->preamble == SHORT_PREAMBLE) 154 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 155 156 privacy = hapd->conf->ssid.wep.keys_set; 157 158 if (hapd->conf->ieee802_1x && 159 (hapd->conf->default_wep_key_len || 160 hapd->conf->individual_wep_key_len)) 161 privacy = 1; 162 163 if (hapd->conf->wpa) 164 privacy = 1; 165 166 #ifdef CONFIG_HS20 167 if (hapd->conf->osen) 168 privacy = 1; 169 #endif /* CONFIG_HS20 */ 170 171 if (privacy) 172 capab |= WLAN_CAPABILITY_PRIVACY; 173 174 if (hapd->iface->current_mode && 175 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 176 hapd->iface->num_sta_no_short_slot_time == 0) 177 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 178 179 /* 180 * Currently, Spectrum Management capability bit is set when directly 181 * requested in configuration by spectrum_mgmt_required or when AP is 182 * running on DFS channel. 183 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit 184 */ 185 if (hapd->iface->current_mode && 186 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A && 187 (hapd->iconf->spectrum_mgmt_required || dfs)) 188 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 189 190 if (hapd->conf->radio_measurements) 191 capab |= IEEE80211_CAP_RRM; 192 193 return capab; 194 } 195 196 197 #ifndef CONFIG_NO_RC4 198 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 199 u16 auth_transaction, const u8 *challenge, 200 int iswep) 201 { 202 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 203 HOSTAPD_LEVEL_DEBUG, 204 "authentication (shared key, transaction %d)", 205 auth_transaction); 206 207 if (auth_transaction == 1) { 208 if (!sta->challenge) { 209 /* Generate a pseudo-random challenge */ 210 u8 key[8]; 211 212 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 213 if (sta->challenge == NULL) 214 return WLAN_STATUS_UNSPECIFIED_FAILURE; 215 216 if (os_get_random(key, sizeof(key)) < 0) { 217 os_free(sta->challenge); 218 sta->challenge = NULL; 219 return WLAN_STATUS_UNSPECIFIED_FAILURE; 220 } 221 222 rc4_skip(key, sizeof(key), 0, 223 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 224 } 225 return 0; 226 } 227 228 if (auth_transaction != 3) 229 return WLAN_STATUS_UNSPECIFIED_FAILURE; 230 231 /* Transaction 3 */ 232 if (!iswep || !sta->challenge || !challenge || 233 os_memcmp_const(sta->challenge, challenge, 234 WLAN_AUTH_CHALLENGE_LEN)) { 235 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 236 HOSTAPD_LEVEL_INFO, 237 "shared key authentication - invalid " 238 "challenge-response"); 239 return WLAN_STATUS_CHALLENGE_FAIL; 240 } 241 242 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 243 HOSTAPD_LEVEL_DEBUG, 244 "authentication OK (shared key)"); 245 sta->flags |= WLAN_STA_AUTH; 246 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 247 os_free(sta->challenge); 248 sta->challenge = NULL; 249 250 return 0; 251 } 252 #endif /* CONFIG_NO_RC4 */ 253 254 255 static int send_auth_reply(struct hostapd_data *hapd, 256 const u8 *dst, const u8 *bssid, 257 u16 auth_alg, u16 auth_transaction, u16 resp, 258 const u8 *ies, size_t ies_len) 259 { 260 struct ieee80211_mgmt *reply; 261 u8 *buf; 262 size_t rlen; 263 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE; 264 265 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 266 buf = os_zalloc(rlen); 267 if (buf == NULL) 268 return -1; 269 270 reply = (struct ieee80211_mgmt *) buf; 271 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 272 WLAN_FC_STYPE_AUTH); 273 os_memcpy(reply->da, dst, ETH_ALEN); 274 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 275 os_memcpy(reply->bssid, bssid, ETH_ALEN); 276 277 reply->u.auth.auth_alg = host_to_le16(auth_alg); 278 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 279 reply->u.auth.status_code = host_to_le16(resp); 280 281 if (ies && ies_len) 282 os_memcpy(reply->u.auth.variable, ies, ies_len); 283 284 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 285 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 286 MAC2STR(dst), auth_alg, auth_transaction, 287 resp, (unsigned long) ies_len); 288 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 289 wpa_printf(MSG_INFO, "send_auth_reply: send failed"); 290 else 291 reply_res = WLAN_STATUS_SUCCESS; 292 293 os_free(buf); 294 295 return reply_res; 296 } 297 298 299 #ifdef CONFIG_IEEE80211R 300 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 301 u16 auth_transaction, u16 status, 302 const u8 *ies, size_t ies_len) 303 { 304 struct hostapd_data *hapd = ctx; 305 struct sta_info *sta; 306 int reply_res; 307 308 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, 309 auth_transaction, status, ies, ies_len); 310 311 sta = ap_get_sta(hapd, dst); 312 if (sta == NULL) 313 return; 314 315 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS || 316 status != WLAN_STATUS_SUCCESS)) { 317 hostapd_drv_sta_remove(hapd, sta->addr); 318 sta->added_unassoc = 0; 319 return; 320 } 321 322 if (status != WLAN_STATUS_SUCCESS) 323 return; 324 325 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 326 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 327 sta->flags |= WLAN_STA_AUTH; 328 mlme_authenticate_indication(hapd, sta); 329 } 330 #endif /* CONFIG_IEEE80211R */ 331 332 333 #ifdef CONFIG_SAE 334 335 #define dot11RSNASAESync 5 /* attempts */ 336 337 338 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, 339 struct sta_info *sta, int update) 340 { 341 struct wpabuf *buf; 342 343 if (hapd->conf->ssid.wpa_passphrase == NULL) { 344 wpa_printf(MSG_DEBUG, "SAE: No password available"); 345 return NULL; 346 } 347 348 if (update && 349 sae_prepare_commit(hapd->own_addr, sta->addr, 350 (u8 *) hapd->conf->ssid.wpa_passphrase, 351 os_strlen(hapd->conf->ssid.wpa_passphrase), 352 sta->sae) < 0) { 353 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 354 return NULL; 355 } 356 357 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 358 if (buf == NULL) 359 return NULL; 360 sae_write_commit(sta->sae, buf, sta->sae->tmp ? 361 sta->sae->tmp->anti_clogging_token : NULL); 362 363 return buf; 364 } 365 366 367 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 368 struct sta_info *sta) 369 { 370 struct wpabuf *buf; 371 372 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 373 if (buf == NULL) 374 return NULL; 375 376 sae_write_confirm(sta->sae, buf); 377 378 return buf; 379 } 380 381 382 static int auth_sae_send_commit(struct hostapd_data *hapd, 383 struct sta_info *sta, 384 const u8 *bssid, int update) 385 { 386 struct wpabuf *data; 387 int reply_res; 388 389 data = auth_build_sae_commit(hapd, sta, update); 390 if (data == NULL) 391 return WLAN_STATUS_UNSPECIFIED_FAILURE; 392 393 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1, 394 WLAN_STATUS_SUCCESS, wpabuf_head(data), 395 wpabuf_len(data)); 396 397 wpabuf_free(data); 398 399 return reply_res; 400 } 401 402 403 static int auth_sae_send_confirm(struct hostapd_data *hapd, 404 struct sta_info *sta, 405 const u8 *bssid) 406 { 407 struct wpabuf *data; 408 int reply_res; 409 410 data = auth_build_sae_confirm(hapd, sta); 411 if (data == NULL) 412 return WLAN_STATUS_UNSPECIFIED_FAILURE; 413 414 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2, 415 WLAN_STATUS_SUCCESS, wpabuf_head(data), 416 wpabuf_len(data)); 417 418 wpabuf_free(data); 419 420 return reply_res; 421 } 422 423 424 static int use_sae_anti_clogging(struct hostapd_data *hapd) 425 { 426 struct sta_info *sta; 427 unsigned int open = 0; 428 429 if (hapd->conf->sae_anti_clogging_threshold == 0) 430 return 1; 431 432 for (sta = hapd->sta_list; sta; sta = sta->next) { 433 if (!sta->sae) 434 continue; 435 if (sta->sae->state != SAE_COMMITTED && 436 sta->sae->state != SAE_CONFIRMED) 437 continue; 438 open++; 439 if (open >= hapd->conf->sae_anti_clogging_threshold) 440 return 1; 441 } 442 443 return 0; 444 } 445 446 447 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 448 const u8 *token, size_t token_len) 449 { 450 u8 mac[SHA256_MAC_LEN]; 451 452 if (token_len != SHA256_MAC_LEN) 453 return -1; 454 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 455 addr, ETH_ALEN, mac) < 0 || 456 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0) 457 return -1; 458 459 return 0; 460 } 461 462 463 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 464 int group, const u8 *addr) 465 { 466 struct wpabuf *buf; 467 u8 *token; 468 struct os_reltime now; 469 470 os_get_reltime(&now); 471 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) || 472 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) { 473 if (random_get_bytes(hapd->sae_token_key, 474 sizeof(hapd->sae_token_key)) < 0) 475 return NULL; 476 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 477 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 478 hapd->last_sae_token_key_update = now; 479 } 480 481 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN); 482 if (buf == NULL) 483 return NULL; 484 485 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */ 486 487 token = wpabuf_put(buf, SHA256_MAC_LEN); 488 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 489 addr, ETH_ALEN, token); 490 491 return buf; 492 } 493 494 495 static int sae_check_big_sync(struct sta_info *sta) 496 { 497 if (sta->sae->sync > dot11RSNASAESync) { 498 sta->sae->state = SAE_NOTHING; 499 sta->sae->sync = 0; 500 return -1; 501 } 502 return 0; 503 } 504 505 506 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data) 507 { 508 struct hostapd_data *hapd = eloop_ctx; 509 struct sta_info *sta = eloop_data; 510 int ret; 511 512 if (sae_check_big_sync(sta)) 513 return; 514 sta->sae->sync++; 515 516 switch (sta->sae->state) { 517 case SAE_COMMITTED: 518 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 519 eloop_register_timeout(0, 520 hapd->dot11RSNASAERetransPeriod * 1000, 521 auth_sae_retransmit_timer, hapd, sta); 522 break; 523 case SAE_CONFIRMED: 524 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr); 525 eloop_register_timeout(0, 526 hapd->dot11RSNASAERetransPeriod * 1000, 527 auth_sae_retransmit_timer, hapd, sta); 528 break; 529 default: 530 ret = -1; 531 break; 532 } 533 534 if (ret != WLAN_STATUS_SUCCESS) 535 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret); 536 } 537 538 539 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta) 540 { 541 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 542 } 543 544 545 static void sae_set_retransmit_timer(struct hostapd_data *hapd, 546 struct sta_info *sta) 547 { 548 if (!(hapd->conf->mesh & MESH_ENABLED)) 549 return; 550 551 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 552 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000, 553 auth_sae_retransmit_timer, hapd, sta); 554 } 555 556 557 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta) 558 { 559 sta->flags |= WLAN_STA_AUTH; 560 sta->auth_alg = WLAN_AUTH_SAE; 561 mlme_authenticate_indication(hapd, sta); 562 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 563 sta->sae->state = SAE_ACCEPTED; 564 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, 565 sta->sae->pmk, sta->sae->pmkid); 566 } 567 568 569 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, 570 const u8 *bssid, u8 auth_transaction) 571 { 572 int ret; 573 574 if (auth_transaction != 1 && auth_transaction != 2) 575 return WLAN_STATUS_UNSPECIFIED_FAILURE; 576 577 switch (sta->sae->state) { 578 case SAE_NOTHING: 579 if (auth_transaction == 1) { 580 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 581 if (ret) 582 return ret; 583 sta->sae->state = SAE_COMMITTED; 584 585 if (sae_process_commit(sta->sae) < 0) 586 return WLAN_STATUS_UNSPECIFIED_FAILURE; 587 588 /* 589 * In mesh case, both Commit and Confirm can be sent 590 * immediately. In infrastructure BSS, only a single 591 * Authentication frame (Commit) is expected from the AP 592 * here and the second one (Confirm) will be sent once 593 * the STA has sent its second Authentication frame 594 * (Confirm). 595 */ 596 if (hapd->conf->mesh & MESH_ENABLED) { 597 /* 598 * Send both Commit and Confirm immediately 599 * based on SAE finite state machine 600 * Nothing -> Confirm transition. 601 */ 602 ret = auth_sae_send_confirm(hapd, sta, bssid); 603 if (ret) 604 return ret; 605 sta->sae->state = SAE_CONFIRMED; 606 } else { 607 /* 608 * For infrastructure BSS, send only the Commit 609 * message now to get alternating sequence of 610 * Authentication frames between the AP and STA. 611 * Confirm will be sent in 612 * Commited -> Confirmed/Accepted transition 613 * when receiving Confirm from STA. 614 */ 615 } 616 sta->sae->sync = 0; 617 sae_set_retransmit_timer(hapd, sta); 618 } else { 619 hostapd_logger(hapd, sta->addr, 620 HOSTAPD_MODULE_IEEE80211, 621 HOSTAPD_LEVEL_DEBUG, 622 "SAE confirm before commit"); 623 } 624 break; 625 case SAE_COMMITTED: 626 sae_clear_retransmit_timer(hapd, sta); 627 if (auth_transaction == 1) { 628 if (sae_process_commit(sta->sae) < 0) 629 return WLAN_STATUS_UNSPECIFIED_FAILURE; 630 631 ret = auth_sae_send_confirm(hapd, sta, bssid); 632 if (ret) 633 return ret; 634 sta->sae->state = SAE_CONFIRMED; 635 sta->sae->sync = 0; 636 sae_set_retransmit_timer(hapd, sta); 637 } else if (hapd->conf->mesh & MESH_ENABLED) { 638 /* 639 * In mesh case, follow SAE finite state machine and 640 * send Commit now, if sync count allows. 641 */ 642 if (sae_check_big_sync(sta)) 643 return WLAN_STATUS_SUCCESS; 644 sta->sae->sync++; 645 646 ret = auth_sae_send_commit(hapd, sta, bssid, 0); 647 if (ret) 648 return ret; 649 650 sae_set_retransmit_timer(hapd, sta); 651 } else { 652 /* 653 * For instructure BSS, send the postponed Confirm from 654 * Nothing -> Confirmed transition that was reduced to 655 * Nothing -> Committed above. 656 */ 657 ret = auth_sae_send_confirm(hapd, sta, bssid); 658 if (ret) 659 return ret; 660 661 sta->sae->state = SAE_CONFIRMED; 662 663 /* 664 * Since this was triggered on Confirm RX, run another 665 * step to get to Accepted without waiting for 666 * additional events. 667 */ 668 return sae_sm_step(hapd, sta, bssid, auth_transaction); 669 } 670 break; 671 case SAE_CONFIRMED: 672 sae_clear_retransmit_timer(hapd, sta); 673 if (auth_transaction == 1) { 674 if (sae_check_big_sync(sta)) 675 return WLAN_STATUS_SUCCESS; 676 sta->sae->sync++; 677 678 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 679 if (ret) 680 return ret; 681 682 if (sae_process_commit(sta->sae) < 0) 683 return WLAN_STATUS_UNSPECIFIED_FAILURE; 684 685 ret = auth_sae_send_confirm(hapd, sta, bssid); 686 if (ret) 687 return ret; 688 689 sae_set_retransmit_timer(hapd, sta); 690 } else { 691 sae_accept_sta(hapd, sta); 692 } 693 break; 694 case SAE_ACCEPTED: 695 if (auth_transaction == 1) { 696 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR 697 ") doing reauthentication", 698 MAC2STR(sta->addr)); 699 ap_free_sta(hapd, sta); 700 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 701 } else { 702 if (sae_check_big_sync(sta)) 703 return WLAN_STATUS_SUCCESS; 704 sta->sae->sync++; 705 706 ret = auth_sae_send_confirm(hapd, sta, bssid); 707 sae_clear_temp_data(sta->sae); 708 if (ret) 709 return ret; 710 } 711 break; 712 default: 713 wpa_printf(MSG_ERROR, "SAE: invalid state %d", 714 sta->sae->state); 715 return WLAN_STATUS_UNSPECIFIED_FAILURE; 716 } 717 return WLAN_STATUS_SUCCESS; 718 } 719 720 721 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 722 const struct ieee80211_mgmt *mgmt, size_t len, 723 u16 auth_transaction, u16 status_code) 724 { 725 int resp = WLAN_STATUS_SUCCESS; 726 struct wpabuf *data = NULL; 727 728 if (!sta->sae) { 729 if (auth_transaction != 1 || 730 status_code != WLAN_STATUS_SUCCESS) { 731 resp = -1; 732 goto remove_sta; 733 } 734 sta->sae = os_zalloc(sizeof(*sta->sae)); 735 if (!sta->sae) { 736 resp = -1; 737 goto remove_sta; 738 } 739 sta->sae->state = SAE_NOTHING; 740 sta->sae->sync = 0; 741 } 742 743 if (sta->mesh_sae_pmksa_caching) { 744 wpa_printf(MSG_DEBUG, 745 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication"); 746 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 747 sta->mesh_sae_pmksa_caching = 0; 748 } 749 750 if (auth_transaction == 1) { 751 const u8 *token = NULL, *pos, *end; 752 size_t token_len = 0; 753 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 754 HOSTAPD_LEVEL_DEBUG, 755 "start SAE authentication (RX commit, status=%u)", 756 status_code); 757 758 if ((hapd->conf->mesh & MESH_ENABLED) && 759 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ && 760 sta->sae->tmp) { 761 pos = mgmt->u.auth.variable; 762 end = ((const u8 *) mgmt) + len; 763 if (pos + sizeof(le16) > end) { 764 wpa_printf(MSG_ERROR, 765 "SAE: Too short anti-clogging token request"); 766 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 767 goto reply; 768 } 769 resp = sae_group_allowed(sta->sae, 770 hapd->conf->sae_groups, 771 WPA_GET_LE16(pos)); 772 if (resp != WLAN_STATUS_SUCCESS) { 773 wpa_printf(MSG_ERROR, 774 "SAE: Invalid group in anti-clogging token request"); 775 goto reply; 776 } 777 pos += sizeof(le16); 778 779 wpabuf_free(sta->sae->tmp->anti_clogging_token); 780 sta->sae->tmp->anti_clogging_token = 781 wpabuf_alloc_copy(pos, end - pos); 782 if (sta->sae->tmp->anti_clogging_token == NULL) { 783 wpa_printf(MSG_ERROR, 784 "SAE: Failed to alloc for anti-clogging token"); 785 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 786 goto remove_sta; 787 } 788 789 /* 790 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code 791 * is 76, a new Commit Message shall be constructed 792 * with the Anti-Clogging Token from the received 793 * Authentication frame, and the commit-scalar and 794 * COMMIT-ELEMENT previously sent. 795 */ 796 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0); 797 if (resp != WLAN_STATUS_SUCCESS) { 798 wpa_printf(MSG_ERROR, 799 "SAE: Failed to send commit message"); 800 goto remove_sta; 801 } 802 sta->sae->state = SAE_COMMITTED; 803 sta->sae->sync = 0; 804 sae_set_retransmit_timer(hapd, sta); 805 return; 806 } 807 808 if (status_code != WLAN_STATUS_SUCCESS) 809 goto remove_sta; 810 811 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 812 ((const u8 *) mgmt) + len - 813 mgmt->u.auth.variable, &token, 814 &token_len, hapd->conf->sae_groups); 815 if (resp == SAE_SILENTLY_DISCARD) { 816 wpa_printf(MSG_DEBUG, 817 "SAE: Drop commit message from " MACSTR " due to reflection attack", 818 MAC2STR(sta->addr)); 819 goto remove_sta; 820 } 821 if (token && check_sae_token(hapd, sta->addr, token, token_len) 822 < 0) { 823 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 824 "incorrect token from " MACSTR, 825 MAC2STR(sta->addr)); 826 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 827 goto remove_sta; 828 } 829 830 if (resp != WLAN_STATUS_SUCCESS) 831 goto reply; 832 833 if (!token && use_sae_anti_clogging(hapd)) { 834 wpa_printf(MSG_DEBUG, 835 "SAE: Request anti-clogging token from " 836 MACSTR, MAC2STR(sta->addr)); 837 data = auth_build_token_req(hapd, sta->sae->group, 838 sta->addr); 839 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 840 if (hapd->conf->mesh & MESH_ENABLED) 841 sta->sae->state = SAE_NOTHING; 842 goto reply; 843 } 844 845 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 846 } else if (auth_transaction == 2) { 847 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 848 HOSTAPD_LEVEL_DEBUG, 849 "SAE authentication (RX confirm, status=%u)", 850 status_code); 851 if (status_code != WLAN_STATUS_SUCCESS) 852 goto remove_sta; 853 if (sta->sae->state >= SAE_CONFIRMED || 854 !(hapd->conf->mesh & MESH_ENABLED)) { 855 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 856 ((u8 *) mgmt) + len - 857 mgmt->u.auth.variable) < 0) { 858 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 859 goto reply; 860 } 861 } 862 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 863 } else { 864 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 865 HOSTAPD_LEVEL_DEBUG, 866 "unexpected SAE authentication transaction %u (status=%u)", 867 auth_transaction, status_code); 868 if (status_code != WLAN_STATUS_SUCCESS) 869 goto remove_sta; 870 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 871 } 872 873 reply: 874 if (resp != WLAN_STATUS_SUCCESS) { 875 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 876 auth_transaction, resp, 877 data ? wpabuf_head(data) : (u8 *) "", 878 data ? wpabuf_len(data) : 0); 879 } 880 881 remove_sta: 882 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 883 status_code != WLAN_STATUS_SUCCESS)) { 884 hostapd_drv_sta_remove(hapd, sta->addr); 885 sta->added_unassoc = 0; 886 } 887 wpabuf_free(data); 888 } 889 890 891 /** 892 * auth_sae_init_committed - Send COMMIT and start SAE in committed state 893 * @hapd: BSS data for the device initiating the authentication 894 * @sta: the peer to which commit authentication frame is sent 895 * 896 * This function implements Init event handling (IEEE Std 802.11-2012, 897 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the 898 * sta->sae structure should be initialized appropriately via a call to 899 * sae_prepare_commit(). 900 */ 901 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta) 902 { 903 int ret; 904 905 if (!sta->sae || !sta->sae->tmp) 906 return -1; 907 908 if (sta->sae->state != SAE_NOTHING) 909 return -1; 910 911 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 912 if (ret) 913 return -1; 914 915 sta->sae->state = SAE_COMMITTED; 916 sta->sae->sync = 0; 917 sae_set_retransmit_timer(hapd, sta); 918 919 return 0; 920 } 921 922 #endif /* CONFIG_SAE */ 923 924 925 static void handle_auth(struct hostapd_data *hapd, 926 const struct ieee80211_mgmt *mgmt, size_t len) 927 { 928 u16 auth_alg, auth_transaction, status_code; 929 u16 resp = WLAN_STATUS_SUCCESS; 930 struct sta_info *sta = NULL; 931 int res, reply_res; 932 u16 fc; 933 const u8 *challenge = NULL; 934 u32 session_timeout, acct_interim_interval; 935 struct vlan_description vlan_id; 936 struct hostapd_sta_wpa_psk_short *psk = NULL; 937 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 938 size_t resp_ies_len = 0; 939 char *identity = NULL; 940 char *radius_cui = NULL; 941 u16 seq_ctrl; 942 943 os_memset(&vlan_id, 0, sizeof(vlan_id)); 944 945 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 946 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", 947 (unsigned long) len); 948 return; 949 } 950 951 #ifdef CONFIG_TESTING_OPTIONS 952 if (hapd->iconf->ignore_auth_probability > 0.0 && 953 drand48() < hapd->iconf->ignore_auth_probability) { 954 wpa_printf(MSG_INFO, 955 "TESTING: ignoring auth frame from " MACSTR, 956 MAC2STR(mgmt->sa)); 957 return; 958 } 959 #endif /* CONFIG_TESTING_OPTIONS */ 960 961 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 962 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 963 status_code = le_to_host16(mgmt->u.auth.status_code); 964 fc = le_to_host16(mgmt->frame_control); 965 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 966 967 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 968 2 + WLAN_AUTH_CHALLENGE_LEN && 969 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 970 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 971 challenge = &mgmt->u.auth.variable[2]; 972 973 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 974 "auth_transaction=%d status_code=%d wep=%d%s " 975 "seq_ctrl=0x%x%s", 976 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 977 status_code, !!(fc & WLAN_FC_ISWEP), 978 challenge ? " challenge" : "", 979 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 980 981 #ifdef CONFIG_NO_RC4 982 if (auth_alg == WLAN_AUTH_SHARED_KEY) { 983 wpa_printf(MSG_INFO, 984 "Unsupported authentication algorithm (%d)", 985 auth_alg); 986 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 987 goto fail; 988 } 989 #endif /* CONFIG_NO_RC4 */ 990 991 if (hapd->tkip_countermeasures) { 992 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 993 goto fail; 994 } 995 996 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 997 auth_alg == WLAN_AUTH_OPEN) || 998 #ifdef CONFIG_IEEE80211R 999 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 1000 auth_alg == WLAN_AUTH_FT) || 1001 #endif /* CONFIG_IEEE80211R */ 1002 #ifdef CONFIG_SAE 1003 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 1004 auth_alg == WLAN_AUTH_SAE) || 1005 #endif /* CONFIG_SAE */ 1006 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 1007 auth_alg == WLAN_AUTH_SHARED_KEY))) { 1008 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)", 1009 auth_alg); 1010 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1011 goto fail; 1012 } 1013 1014 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 1015 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 1016 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)", 1017 auth_transaction); 1018 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1019 goto fail; 1020 } 1021 1022 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 1023 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 1024 MAC2STR(mgmt->sa)); 1025 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1026 goto fail; 1027 } 1028 1029 if (hapd->conf->no_auth_if_seen_on) { 1030 struct hostapd_data *other; 1031 1032 other = sta_track_seen_on(hapd->iface, mgmt->sa, 1033 hapd->conf->no_auth_if_seen_on); 1034 if (other) { 1035 u8 *pos; 1036 u32 info; 1037 u8 op_class, channel, phytype; 1038 1039 wpa_printf(MSG_DEBUG, "%s: Reject authentication from " 1040 MACSTR " since STA has been seen on %s", 1041 hapd->conf->iface, MAC2STR(mgmt->sa), 1042 hapd->conf->no_auth_if_seen_on); 1043 1044 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION; 1045 pos = &resp_ies[0]; 1046 *pos++ = WLAN_EID_NEIGHBOR_REPORT; 1047 *pos++ = 13; 1048 os_memcpy(pos, other->own_addr, ETH_ALEN); 1049 pos += ETH_ALEN; 1050 info = 0; /* TODO: BSSID Information */ 1051 WPA_PUT_LE32(pos, info); 1052 pos += 4; 1053 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD) 1054 phytype = 8; /* dmg */ 1055 else if (other->iconf->ieee80211ac) 1056 phytype = 9; /* vht */ 1057 else if (other->iconf->ieee80211n) 1058 phytype = 7; /* ht */ 1059 else if (other->iconf->hw_mode == 1060 HOSTAPD_MODE_IEEE80211A) 1061 phytype = 4; /* ofdm */ 1062 else if (other->iconf->hw_mode == 1063 HOSTAPD_MODE_IEEE80211G) 1064 phytype = 6; /* erp */ 1065 else 1066 phytype = 5; /* hrdsss */ 1067 if (ieee80211_freq_to_channel_ext( 1068 hostapd_hw_get_freq(other, 1069 other->iconf->channel), 1070 other->iconf->secondary_channel, 1071 other->iconf->ieee80211ac, 1072 &op_class, &channel) == NUM_HOSTAPD_MODES) { 1073 op_class = 0; 1074 channel = other->iconf->channel; 1075 } 1076 *pos++ = op_class; 1077 *pos++ = channel; 1078 *pos++ = phytype; 1079 resp_ies_len = pos - &resp_ies[0]; 1080 goto fail; 1081 } 1082 } 1083 1084 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 1085 &session_timeout, 1086 &acct_interim_interval, &vlan_id, 1087 &psk, &identity, &radius_cui); 1088 1089 if (res == HOSTAPD_ACL_REJECT) { 1090 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 1091 MAC2STR(mgmt->sa)); 1092 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1093 goto fail; 1094 } 1095 if (res == HOSTAPD_ACL_PENDING) { 1096 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 1097 " waiting for an external authentication", 1098 MAC2STR(mgmt->sa)); 1099 /* Authentication code will re-send the authentication frame 1100 * after it has received (and cached) information from the 1101 * external source. */ 1102 return; 1103 } 1104 1105 sta = ap_get_sta(hapd, mgmt->sa); 1106 if (sta) { 1107 if ((fc & WLAN_FC_RETRY) && 1108 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 1109 sta->last_seq_ctrl == seq_ctrl && 1110 sta->last_subtype == WLAN_FC_STYPE_AUTH) { 1111 hostapd_logger(hapd, sta->addr, 1112 HOSTAPD_MODULE_IEEE80211, 1113 HOSTAPD_LEVEL_DEBUG, 1114 "Drop repeated authentication frame seq_ctrl=0x%x", 1115 seq_ctrl); 1116 return; 1117 } 1118 #ifdef CONFIG_MESH 1119 if ((hapd->conf->mesh & MESH_ENABLED) && 1120 sta->plink_state == PLINK_BLOCKED) { 1121 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1122 " is blocked - drop Authentication frame", 1123 MAC2STR(mgmt->sa)); 1124 return; 1125 } 1126 #endif /* CONFIG_MESH */ 1127 } else { 1128 #ifdef CONFIG_MESH 1129 if (hapd->conf->mesh & MESH_ENABLED) { 1130 /* if the mesh peer is not available, we don't do auth. 1131 */ 1132 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1133 " not yet known - drop Authentication frame", 1134 MAC2STR(mgmt->sa)); 1135 /* 1136 * Save a copy of the frame so that it can be processed 1137 * if a new peer entry is added shortly after this. 1138 */ 1139 wpabuf_free(hapd->mesh_pending_auth); 1140 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len); 1141 os_get_reltime(&hapd->mesh_pending_auth_time); 1142 return; 1143 } 1144 #endif /* CONFIG_MESH */ 1145 1146 sta = ap_sta_add(hapd, mgmt->sa); 1147 if (!sta) { 1148 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1149 goto fail; 1150 } 1151 } 1152 sta->last_seq_ctrl = seq_ctrl; 1153 sta->last_subtype = WLAN_FC_STYPE_AUTH; 1154 1155 if (vlan_id.notempty && 1156 !hostapd_vlan_valid(hapd->conf->vlan, &vlan_id)) { 1157 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1158 HOSTAPD_LEVEL_INFO, 1159 "Invalid VLAN %d%s received from RADIUS server", 1160 vlan_id.untagged, 1161 vlan_id.tagged[0] ? "+" : ""); 1162 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1163 goto fail; 1164 } 1165 if (ap_sta_set_vlan(hapd, sta, &vlan_id) < 0) { 1166 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1167 goto fail; 1168 } 1169 if (sta->vlan_id) 1170 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1171 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 1172 1173 hostapd_free_psk_list(sta->psk); 1174 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 1175 sta->psk = psk; 1176 psk = NULL; 1177 } else { 1178 sta->psk = NULL; 1179 } 1180 1181 sta->identity = identity; 1182 identity = NULL; 1183 sta->radius_cui = radius_cui; 1184 radius_cui = NULL; 1185 1186 sta->flags &= ~WLAN_STA_PREAUTH; 1187 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 1188 1189 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 1190 sta->acct_interim_interval = acct_interim_interval; 1191 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 1192 ap_sta_session_timeout(hapd, sta, session_timeout); 1193 else 1194 ap_sta_no_session_timeout(hapd, sta); 1195 1196 /* 1197 * If the driver supports full AP client state, add a station to the 1198 * driver before sending authentication reply to make sure the driver 1199 * has resources, and not to go through the entire authentication and 1200 * association handshake, and fail it at the end. 1201 * 1202 * If this is not the first transaction, in a multi-step authentication 1203 * algorithm, the station already exists in the driver 1204 * (sta->added_unassoc = 1) so skip it. 1205 * 1206 * In mesh mode, the station was already added to the driver when the 1207 * NEW_PEER_CANDIDATE event is received. 1208 */ 1209 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) && 1210 !(hapd->conf->mesh & MESH_ENABLED) && 1211 !(sta->added_unassoc)) { 1212 /* 1213 * If a station that is already associated to the AP, is trying 1214 * to authenticate again, remove the STA entry, in order to make 1215 * sure the STA PS state gets cleared and configuration gets 1216 * updated. To handle this, station's added_unassoc flag is 1217 * cleared once the station has completed association. 1218 */ 1219 hostapd_drv_sta_remove(hapd, sta->addr); 1220 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | 1221 WLAN_STA_AUTHORIZED); 1222 1223 if (hostapd_sta_add(hapd, sta->addr, 0, 0, 0, 0, 0, 1224 NULL, NULL, sta->flags, 0, 0, 0)) { 1225 hostapd_logger(hapd, sta->addr, 1226 HOSTAPD_MODULE_IEEE80211, 1227 HOSTAPD_LEVEL_NOTICE, 1228 "Could not add STA to kernel driver"); 1229 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1230 goto fail; 1231 } 1232 1233 sta->added_unassoc = 1; 1234 } 1235 1236 switch (auth_alg) { 1237 case WLAN_AUTH_OPEN: 1238 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1239 HOSTAPD_LEVEL_DEBUG, 1240 "authentication OK (open system)"); 1241 sta->flags |= WLAN_STA_AUTH; 1242 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 1243 sta->auth_alg = WLAN_AUTH_OPEN; 1244 mlme_authenticate_indication(hapd, sta); 1245 break; 1246 #ifndef CONFIG_NO_RC4 1247 case WLAN_AUTH_SHARED_KEY: 1248 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 1249 fc & WLAN_FC_ISWEP); 1250 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 1251 mlme_authenticate_indication(hapd, sta); 1252 if (sta->challenge && auth_transaction == 1) { 1253 resp_ies[0] = WLAN_EID_CHALLENGE; 1254 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 1255 os_memcpy(resp_ies + 2, sta->challenge, 1256 WLAN_AUTH_CHALLENGE_LEN); 1257 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 1258 } 1259 break; 1260 #endif /* CONFIG_NO_RC4 */ 1261 #ifdef CONFIG_IEEE80211R 1262 case WLAN_AUTH_FT: 1263 sta->auth_alg = WLAN_AUTH_FT; 1264 if (sta->wpa_sm == NULL) 1265 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1266 sta->addr, NULL); 1267 if (sta->wpa_sm == NULL) { 1268 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 1269 "state machine"); 1270 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1271 goto fail; 1272 } 1273 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 1274 auth_transaction, mgmt->u.auth.variable, 1275 len - IEEE80211_HDRLEN - 1276 sizeof(mgmt->u.auth), 1277 handle_auth_ft_finish, hapd); 1278 /* handle_auth_ft_finish() callback will complete auth. */ 1279 return; 1280 #endif /* CONFIG_IEEE80211R */ 1281 #ifdef CONFIG_SAE 1282 case WLAN_AUTH_SAE: 1283 #ifdef CONFIG_MESH 1284 if (status_code == WLAN_STATUS_SUCCESS && 1285 hapd->conf->mesh & MESH_ENABLED) { 1286 if (sta->wpa_sm == NULL) 1287 sta->wpa_sm = 1288 wpa_auth_sta_init(hapd->wpa_auth, 1289 sta->addr, NULL); 1290 if (sta->wpa_sm == NULL) { 1291 wpa_printf(MSG_DEBUG, 1292 "SAE: Failed to initialize WPA state machine"); 1293 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1294 goto fail; 1295 } 1296 } 1297 #endif /* CONFIG_MESH */ 1298 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction, 1299 status_code); 1300 return; 1301 #endif /* CONFIG_SAE */ 1302 } 1303 1304 fail: 1305 os_free(identity); 1306 os_free(radius_cui); 1307 hostapd_free_psk_list(psk); 1308 1309 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 1310 auth_transaction + 1, resp, resp_ies, 1311 resp_ies_len); 1312 1313 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 1314 reply_res != WLAN_STATUS_SUCCESS)) { 1315 hostapd_drv_sta_remove(hapd, sta->addr); 1316 sta->added_unassoc = 0; 1317 } 1318 } 1319 1320 1321 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 1322 { 1323 int i, j = 32, aid; 1324 1325 /* get a unique AID */ 1326 if (sta->aid > 0) { 1327 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 1328 return 0; 1329 } 1330 1331 for (i = 0; i < AID_WORDS; i++) { 1332 if (hapd->sta_aid[i] == (u32) -1) 1333 continue; 1334 for (j = 0; j < 32; j++) { 1335 if (!(hapd->sta_aid[i] & BIT(j))) 1336 break; 1337 } 1338 if (j < 32) 1339 break; 1340 } 1341 if (j == 32) 1342 return -1; 1343 aid = i * 32 + j + 1; 1344 if (aid > 2007) 1345 return -1; 1346 1347 sta->aid = aid; 1348 hapd->sta_aid[i] |= BIT(j); 1349 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 1350 return 0; 1351 } 1352 1353 1354 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 1355 const u8 *ssid_ie, size_t ssid_ie_len) 1356 { 1357 if (ssid_ie == NULL) 1358 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1359 1360 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 1361 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 1362 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1363 HOSTAPD_LEVEL_INFO, 1364 "Station tried to associate with unknown SSID " 1365 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len)); 1366 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1367 } 1368 1369 return WLAN_STATUS_SUCCESS; 1370 } 1371 1372 1373 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 1374 const u8 *wmm_ie, size_t wmm_ie_len) 1375 { 1376 sta->flags &= ~WLAN_STA_WMM; 1377 sta->qosinfo = 0; 1378 if (wmm_ie && hapd->conf->wmm_enabled) { 1379 struct wmm_information_element *wmm; 1380 1381 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 1382 hostapd_logger(hapd, sta->addr, 1383 HOSTAPD_MODULE_WPA, 1384 HOSTAPD_LEVEL_DEBUG, 1385 "invalid WMM element in association " 1386 "request"); 1387 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1388 } 1389 1390 sta->flags |= WLAN_STA_WMM; 1391 wmm = (struct wmm_information_element *) wmm_ie; 1392 sta->qosinfo = wmm->qos_info; 1393 } 1394 return WLAN_STATUS_SUCCESS; 1395 } 1396 1397 1398 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 1399 struct ieee802_11_elems *elems) 1400 { 1401 if (!elems->supp_rates) { 1402 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1403 HOSTAPD_LEVEL_DEBUG, 1404 "No supported rates element in AssocReq"); 1405 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1406 } 1407 1408 if (elems->supp_rates_len + elems->ext_supp_rates_len > 1409 sizeof(sta->supported_rates)) { 1410 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1411 HOSTAPD_LEVEL_DEBUG, 1412 "Invalid supported rates element length %d+%d", 1413 elems->supp_rates_len, 1414 elems->ext_supp_rates_len); 1415 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1416 } 1417 1418 sta->supported_rates_len = merge_byte_arrays( 1419 sta->supported_rates, sizeof(sta->supported_rates), 1420 elems->supp_rates, elems->supp_rates_len, 1421 elems->ext_supp_rates, elems->ext_supp_rates_len); 1422 1423 return WLAN_STATUS_SUCCESS; 1424 } 1425 1426 1427 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, 1428 const u8 *ext_capab_ie, size_t ext_capab_ie_len) 1429 { 1430 #ifdef CONFIG_INTERWORKING 1431 /* check for QoS Map support */ 1432 if (ext_capab_ie_len >= 5) { 1433 if (ext_capab_ie[4] & 0x01) 1434 sta->qos_map_enabled = 1; 1435 } 1436 #endif /* CONFIG_INTERWORKING */ 1437 1438 if (ext_capab_ie_len > 0) 1439 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2)); 1440 1441 return WLAN_STATUS_SUCCESS; 1442 } 1443 1444 1445 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 1446 const u8 *ies, size_t ies_len, int reassoc) 1447 { 1448 struct ieee802_11_elems elems; 1449 u16 resp; 1450 const u8 *wpa_ie; 1451 size_t wpa_ie_len; 1452 const u8 *p2p_dev_addr = NULL; 1453 1454 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 1455 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1456 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 1457 "association request"); 1458 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1459 } 1460 1461 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 1462 if (resp != WLAN_STATUS_SUCCESS) 1463 return resp; 1464 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 1465 if (resp != WLAN_STATUS_SUCCESS) 1466 return resp; 1467 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len); 1468 if (resp != WLAN_STATUS_SUCCESS) 1469 return resp; 1470 resp = copy_supp_rates(hapd, sta, &elems); 1471 if (resp != WLAN_STATUS_SUCCESS) 1472 return resp; 1473 #ifdef CONFIG_IEEE80211N 1474 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities); 1475 if (resp != WLAN_STATUS_SUCCESS) 1476 return resp; 1477 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 1478 !(sta->flags & WLAN_STA_HT)) { 1479 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1480 HOSTAPD_LEVEL_INFO, "Station does not support " 1481 "mandatory HT PHY - reject association"); 1482 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 1483 } 1484 #endif /* CONFIG_IEEE80211N */ 1485 1486 #ifdef CONFIG_IEEE80211AC 1487 if (hapd->iconf->ieee80211ac) { 1488 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities); 1489 if (resp != WLAN_STATUS_SUCCESS) 1490 return resp; 1491 1492 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif); 1493 if (resp != WLAN_STATUS_SUCCESS) 1494 return resp; 1495 } 1496 1497 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 1498 !(sta->flags & WLAN_STA_VHT)) { 1499 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1500 HOSTAPD_LEVEL_INFO, "Station does not support " 1501 "mandatory VHT PHY - reject association"); 1502 return WLAN_STATUS_ASSOC_DENIED_NO_VHT; 1503 } 1504 1505 if (hapd->conf->vendor_vht && !elems.vht_capabilities) { 1506 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht, 1507 elems.vendor_vht_len); 1508 if (resp != WLAN_STATUS_SUCCESS) 1509 return resp; 1510 } 1511 #endif /* CONFIG_IEEE80211AC */ 1512 1513 #ifdef CONFIG_P2P 1514 if (elems.p2p) { 1515 wpabuf_free(sta->p2p_ie); 1516 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1517 P2P_IE_VENDOR_TYPE); 1518 if (sta->p2p_ie) 1519 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 1520 } else { 1521 wpabuf_free(sta->p2p_ie); 1522 sta->p2p_ie = NULL; 1523 } 1524 #endif /* CONFIG_P2P */ 1525 1526 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 1527 wpa_ie = elems.rsn_ie; 1528 wpa_ie_len = elems.rsn_ie_len; 1529 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 1530 elems.wpa_ie) { 1531 wpa_ie = elems.wpa_ie; 1532 wpa_ie_len = elems.wpa_ie_len; 1533 } else { 1534 wpa_ie = NULL; 1535 wpa_ie_len = 0; 1536 } 1537 1538 #ifdef CONFIG_WPS 1539 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 1540 if (hapd->conf->wps_state && elems.wps_ie) { 1541 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 1542 "Request - assume WPS is used"); 1543 sta->flags |= WLAN_STA_WPS; 1544 wpabuf_free(sta->wps_ie); 1545 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1546 WPS_IE_VENDOR_TYPE); 1547 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 1548 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 1549 sta->flags |= WLAN_STA_WPS2; 1550 } 1551 wpa_ie = NULL; 1552 wpa_ie_len = 0; 1553 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 1554 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 1555 "(Re)Association Request - reject"); 1556 return WLAN_STATUS_INVALID_IE; 1557 } 1558 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 1559 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 1560 "(Re)Association Request - possible WPS use"); 1561 sta->flags |= WLAN_STA_MAYBE_WPS; 1562 } else 1563 #endif /* CONFIG_WPS */ 1564 if (hapd->conf->wpa && wpa_ie == NULL) { 1565 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1566 HOSTAPD_LEVEL_INFO, 1567 "No WPA/RSN IE in association request"); 1568 return WLAN_STATUS_INVALID_IE; 1569 } 1570 1571 if (hapd->conf->wpa && wpa_ie) { 1572 int res; 1573 wpa_ie -= 2; 1574 wpa_ie_len += 2; 1575 if (sta->wpa_sm == NULL) 1576 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1577 sta->addr, 1578 p2p_dev_addr); 1579 if (sta->wpa_sm == NULL) { 1580 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1581 "state machine"); 1582 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1583 } 1584 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 1585 wpa_ie, wpa_ie_len, 1586 elems.mdie, elems.mdie_len); 1587 if (res == WPA_INVALID_GROUP) 1588 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 1589 else if (res == WPA_INVALID_PAIRWISE) 1590 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 1591 else if (res == WPA_INVALID_AKMP) 1592 resp = WLAN_STATUS_AKMP_NOT_VALID; 1593 else if (res == WPA_ALLOC_FAIL) 1594 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1595 #ifdef CONFIG_IEEE80211W 1596 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 1597 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1598 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 1599 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1600 #endif /* CONFIG_IEEE80211W */ 1601 else if (res == WPA_INVALID_MDIE) 1602 resp = WLAN_STATUS_INVALID_MDIE; 1603 else if (res != WPA_IE_OK) 1604 resp = WLAN_STATUS_INVALID_IE; 1605 if (resp != WLAN_STATUS_SUCCESS) 1606 return resp; 1607 #ifdef CONFIG_IEEE80211W 1608 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1609 sta->sa_query_count > 0) 1610 ap_check_sa_query_timeout(hapd, sta); 1611 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1612 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 1613 /* 1614 * STA has already been associated with MFP and SA 1615 * Query timeout has not been reached. Reject the 1616 * association attempt temporarily and start SA Query, 1617 * if one is not pending. 1618 */ 1619 1620 if (sta->sa_query_count == 0) 1621 ap_sta_start_sa_query(hapd, sta); 1622 1623 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1624 } 1625 1626 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1627 sta->flags |= WLAN_STA_MFP; 1628 else 1629 sta->flags &= ~WLAN_STA_MFP; 1630 #endif /* CONFIG_IEEE80211W */ 1631 1632 #ifdef CONFIG_IEEE80211R 1633 if (sta->auth_alg == WLAN_AUTH_FT) { 1634 if (!reassoc) { 1635 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1636 "to use association (not " 1637 "re-association) with FT auth_alg", 1638 MAC2STR(sta->addr)); 1639 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1640 } 1641 1642 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1643 ies_len); 1644 if (resp != WLAN_STATUS_SUCCESS) 1645 return resp; 1646 } 1647 #endif /* CONFIG_IEEE80211R */ 1648 1649 #ifdef CONFIG_SAE 1650 if (wpa_auth_uses_sae(sta->wpa_sm) && 1651 sta->auth_alg == WLAN_AUTH_OPEN) { 1652 struct rsn_pmksa_cache_entry *sa; 1653 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm); 1654 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) { 1655 wpa_printf(MSG_DEBUG, 1656 "SAE: No PMKSA cache entry found for " 1657 MACSTR, MAC2STR(sta->addr)); 1658 return WLAN_STATUS_INVALID_PMKID; 1659 } 1660 wpa_printf(MSG_DEBUG, "SAE: " MACSTR 1661 " using PMKSA caching", MAC2STR(sta->addr)); 1662 } else if (wpa_auth_uses_sae(sta->wpa_sm) && 1663 sta->auth_alg != WLAN_AUTH_SAE && 1664 !(sta->auth_alg == WLAN_AUTH_FT && 1665 wpa_auth_uses_ft_sae(sta->wpa_sm))) { 1666 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1667 "SAE AKM after non-SAE auth_alg %u", 1668 MAC2STR(sta->addr), sta->auth_alg); 1669 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1670 } 1671 #endif /* CONFIG_SAE */ 1672 1673 #ifdef CONFIG_IEEE80211N 1674 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1675 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1676 hostapd_logger(hapd, sta->addr, 1677 HOSTAPD_MODULE_IEEE80211, 1678 HOSTAPD_LEVEL_INFO, 1679 "Station tried to use TKIP with HT " 1680 "association"); 1681 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1682 } 1683 #endif /* CONFIG_IEEE80211N */ 1684 #ifdef CONFIG_HS20 1685 } else if (hapd->conf->osen) { 1686 if (elems.osen == NULL) { 1687 hostapd_logger( 1688 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1689 HOSTAPD_LEVEL_INFO, 1690 "No HS 2.0 OSEN element in association request"); 1691 return WLAN_STATUS_INVALID_IE; 1692 } 1693 1694 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association"); 1695 if (sta->wpa_sm == NULL) 1696 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1697 sta->addr, NULL); 1698 if (sta->wpa_sm == NULL) { 1699 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1700 "state machine"); 1701 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1702 } 1703 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm, 1704 elems.osen - 2, elems.osen_len + 2) < 0) 1705 return WLAN_STATUS_INVALID_IE; 1706 #endif /* CONFIG_HS20 */ 1707 } else 1708 wpa_auth_sta_no_wpa(sta->wpa_sm); 1709 1710 #ifdef CONFIG_P2P 1711 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1712 #endif /* CONFIG_P2P */ 1713 1714 #ifdef CONFIG_HS20 1715 wpabuf_free(sta->hs20_ie); 1716 if (elems.hs20 && elems.hs20_len > 4) { 1717 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1718 elems.hs20_len - 4); 1719 } else 1720 sta->hs20_ie = NULL; 1721 #endif /* CONFIG_HS20 */ 1722 1723 #ifdef CONFIG_FST 1724 wpabuf_free(sta->mb_ies); 1725 if (hapd->iface->fst) 1726 sta->mb_ies = mb_ies_by_info(&elems.mb_ies); 1727 else 1728 sta->mb_ies = NULL; 1729 #endif /* CONFIG_FST */ 1730 1731 #ifdef CONFIG_MBO 1732 mbo_ap_check_sta_assoc(hapd, sta, &elems); 1733 1734 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) && 1735 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) && 1736 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 1737 wpa_printf(MSG_INFO, 1738 "MBO: Reject WPA2 association without PMF"); 1739 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1740 } 1741 #endif /* CONFIG_MBO */ 1742 1743 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes, 1744 elems.supp_op_classes_len); 1745 1746 return WLAN_STATUS_SUCCESS; 1747 } 1748 1749 1750 static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1751 u16 reason_code) 1752 { 1753 int send_len; 1754 struct ieee80211_mgmt reply; 1755 1756 os_memset(&reply, 0, sizeof(reply)); 1757 reply.frame_control = 1758 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1759 os_memcpy(reply.da, addr, ETH_ALEN); 1760 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1761 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1762 1763 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1764 reply.u.deauth.reason_code = host_to_le16(reason_code); 1765 1766 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1767 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1768 strerror(errno)); 1769 } 1770 1771 1772 static int add_associated_sta(struct hostapd_data *hapd, 1773 struct sta_info *sta) 1774 { 1775 struct ieee80211_ht_capabilities ht_cap; 1776 struct ieee80211_vht_capabilities vht_cap; 1777 1778 /* 1779 * Remove the STA entry to ensure the STA PS state gets cleared and 1780 * configuration gets updated. This is relevant for cases, such as 1781 * FT-over-the-DS, where a station re-associates back to the same AP but 1782 * skips the authentication flow, or if working with a driver that 1783 * does not support full AP client state. 1784 */ 1785 if (!sta->added_unassoc) 1786 hostapd_drv_sta_remove(hapd, sta->addr); 1787 1788 #ifdef CONFIG_IEEE80211N 1789 if (sta->flags & WLAN_STA_HT) 1790 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1791 #endif /* CONFIG_IEEE80211N */ 1792 #ifdef CONFIG_IEEE80211AC 1793 if (sta->flags & WLAN_STA_VHT) 1794 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1795 #endif /* CONFIG_IEEE80211AC */ 1796 1797 /* 1798 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags 1799 * will be set when the ACK frame for the (Re)Association Response frame 1800 * is processed (TX status driver event). 1801 */ 1802 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1803 sta->supported_rates, sta->supported_rates_len, 1804 sta->listen_interval, 1805 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1806 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1807 sta->flags | WLAN_STA_ASSOC, sta->qosinfo, 1808 sta->vht_opmode, sta->added_unassoc)) { 1809 hostapd_logger(hapd, sta->addr, 1810 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, 1811 "Could not %s STA to kernel driver", 1812 sta->added_unassoc ? "set" : "add"); 1813 1814 if (sta->added_unassoc) { 1815 hostapd_drv_sta_remove(hapd, sta->addr); 1816 sta->added_unassoc = 0; 1817 } 1818 1819 return -1; 1820 } 1821 1822 sta->added_unassoc = 0; 1823 1824 return 0; 1825 } 1826 1827 1828 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1829 u16 status_code, int reassoc, const u8 *ies, 1830 size_t ies_len) 1831 { 1832 int send_len; 1833 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1834 struct ieee80211_mgmt *reply; 1835 u8 *p; 1836 1837 os_memset(buf, 0, sizeof(buf)); 1838 reply = (struct ieee80211_mgmt *) buf; 1839 reply->frame_control = 1840 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1841 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1842 WLAN_FC_STYPE_ASSOC_RESP)); 1843 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1844 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1845 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1846 1847 send_len = IEEE80211_HDRLEN; 1848 send_len += sizeof(reply->u.assoc_resp); 1849 reply->u.assoc_resp.capab_info = 1850 host_to_le16(hostapd_own_capab_info(hapd)); 1851 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1852 reply->u.assoc_resp.aid = host_to_le16(sta->aid | BIT(14) | BIT(15)); 1853 /* Supported rates */ 1854 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1855 /* Extended supported rates */ 1856 p = hostapd_eid_ext_supp_rates(hapd, p); 1857 1858 #ifdef CONFIG_IEEE80211R 1859 if (status_code == WLAN_STATUS_SUCCESS) { 1860 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1861 * Transition Information, RSN, [RIC Response] */ 1862 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1863 buf + sizeof(buf) - p, 1864 sta->auth_alg, ies, ies_len); 1865 } 1866 #endif /* CONFIG_IEEE80211R */ 1867 1868 #ifdef CONFIG_IEEE80211W 1869 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1870 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1871 #endif /* CONFIG_IEEE80211W */ 1872 1873 #ifdef CONFIG_IEEE80211N 1874 p = hostapd_eid_ht_capabilities(hapd, p); 1875 p = hostapd_eid_ht_operation(hapd, p); 1876 #endif /* CONFIG_IEEE80211N */ 1877 1878 #ifdef CONFIG_IEEE80211AC 1879 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) { 1880 p = hostapd_eid_vht_capabilities(hapd, p); 1881 p = hostapd_eid_vht_operation(hapd, p); 1882 } 1883 #endif /* CONFIG_IEEE80211AC */ 1884 1885 p = hostapd_eid_ext_capab(hapd, p); 1886 p = hostapd_eid_bss_max_idle_period(hapd, p); 1887 if (sta->qos_map_enabled) 1888 p = hostapd_eid_qos_map_set(hapd, p); 1889 1890 #ifdef CONFIG_FST 1891 if (hapd->iface->fst_ies) { 1892 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies), 1893 wpabuf_len(hapd->iface->fst_ies)); 1894 p += wpabuf_len(hapd->iface->fst_ies); 1895 } 1896 #endif /* CONFIG_FST */ 1897 1898 #ifdef CONFIG_IEEE80211AC 1899 if (hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT)) 1900 p = hostapd_eid_vendor_vht(hapd, p); 1901 #endif /* CONFIG_IEEE80211AC */ 1902 1903 if (sta->flags & WLAN_STA_WMM) 1904 p = hostapd_eid_wmm(hapd, p); 1905 1906 #ifdef CONFIG_WPS 1907 if ((sta->flags & WLAN_STA_WPS) || 1908 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1909 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1910 if (wps) { 1911 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1912 p += wpabuf_len(wps); 1913 wpabuf_free(wps); 1914 } 1915 } 1916 #endif /* CONFIG_WPS */ 1917 1918 #ifdef CONFIG_P2P 1919 if (sta->p2p_ie && hapd->p2p_group) { 1920 struct wpabuf *p2p_resp_ie; 1921 enum p2p_status_code status; 1922 switch (status_code) { 1923 case WLAN_STATUS_SUCCESS: 1924 status = P2P_SC_SUCCESS; 1925 break; 1926 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1927 status = P2P_SC_FAIL_LIMIT_REACHED; 1928 break; 1929 default: 1930 status = P2P_SC_FAIL_INVALID_PARAMS; 1931 break; 1932 } 1933 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1934 if (p2p_resp_ie) { 1935 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1936 wpabuf_len(p2p_resp_ie)); 1937 p += wpabuf_len(p2p_resp_ie); 1938 wpabuf_free(p2p_resp_ie); 1939 } 1940 } 1941 #endif /* CONFIG_P2P */ 1942 1943 #ifdef CONFIG_P2P_MANAGER 1944 if (hapd->conf->p2p & P2P_MANAGE) 1945 p = hostapd_eid_p2p_manage(hapd, p); 1946 #endif /* CONFIG_P2P_MANAGER */ 1947 1948 p = hostapd_eid_mbo(hapd, p, buf + sizeof(buf) - p); 1949 1950 send_len += p - reply->u.assoc_resp.variable; 1951 1952 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) { 1953 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1954 strerror(errno)); 1955 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1956 } 1957 1958 return WLAN_STATUS_SUCCESS; 1959 } 1960 1961 1962 static void handle_assoc(struct hostapd_data *hapd, 1963 const struct ieee80211_mgmt *mgmt, size_t len, 1964 int reassoc) 1965 { 1966 u16 capab_info, listen_interval, seq_ctrl, fc; 1967 u16 resp = WLAN_STATUS_SUCCESS, reply_res; 1968 const u8 *pos; 1969 int left, i; 1970 struct sta_info *sta; 1971 1972 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1973 sizeof(mgmt->u.assoc_req))) { 1974 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)", 1975 reassoc, (unsigned long) len); 1976 return; 1977 } 1978 1979 #ifdef CONFIG_TESTING_OPTIONS 1980 if (reassoc) { 1981 if (hapd->iconf->ignore_reassoc_probability > 0.0 && 1982 drand48() < hapd->iconf->ignore_reassoc_probability) { 1983 wpa_printf(MSG_INFO, 1984 "TESTING: ignoring reassoc request from " 1985 MACSTR, MAC2STR(mgmt->sa)); 1986 return; 1987 } 1988 } else { 1989 if (hapd->iconf->ignore_assoc_probability > 0.0 && 1990 drand48() < hapd->iconf->ignore_assoc_probability) { 1991 wpa_printf(MSG_INFO, 1992 "TESTING: ignoring assoc request from " 1993 MACSTR, MAC2STR(mgmt->sa)); 1994 return; 1995 } 1996 } 1997 #endif /* CONFIG_TESTING_OPTIONS */ 1998 1999 fc = le_to_host16(mgmt->frame_control); 2000 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 2001 2002 if (reassoc) { 2003 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 2004 listen_interval = le_to_host16( 2005 mgmt->u.reassoc_req.listen_interval); 2006 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 2007 " capab_info=0x%02x listen_interval=%d current_ap=" 2008 MACSTR " seq_ctrl=0x%x%s", 2009 MAC2STR(mgmt->sa), capab_info, listen_interval, 2010 MAC2STR(mgmt->u.reassoc_req.current_ap), 2011 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 2012 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 2013 pos = mgmt->u.reassoc_req.variable; 2014 } else { 2015 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 2016 listen_interval = le_to_host16( 2017 mgmt->u.assoc_req.listen_interval); 2018 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 2019 " capab_info=0x%02x listen_interval=%d " 2020 "seq_ctrl=0x%x%s", 2021 MAC2STR(mgmt->sa), capab_info, listen_interval, 2022 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 2023 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 2024 pos = mgmt->u.assoc_req.variable; 2025 } 2026 2027 sta = ap_get_sta(hapd, mgmt->sa); 2028 #ifdef CONFIG_IEEE80211R 2029 if (sta && sta->auth_alg == WLAN_AUTH_FT && 2030 (sta->flags & WLAN_STA_AUTH) == 0) { 2031 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 2032 "prior to authentication since it is using " 2033 "over-the-DS FT", MAC2STR(mgmt->sa)); 2034 2035 /* 2036 * Mark station as authenticated, to avoid adding station 2037 * entry in the driver as associated and not authenticated 2038 */ 2039 sta->flags |= WLAN_STA_AUTH; 2040 } else 2041 #endif /* CONFIG_IEEE80211R */ 2042 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 2043 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2044 HOSTAPD_LEVEL_INFO, "Station tried to " 2045 "associate before authentication " 2046 "(aid=%d flags=0x%x)", 2047 sta ? sta->aid : -1, 2048 sta ? sta->flags : 0); 2049 send_deauth(hapd, mgmt->sa, 2050 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 2051 return; 2052 } 2053 2054 if ((fc & WLAN_FC_RETRY) && 2055 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 2056 sta->last_seq_ctrl == seq_ctrl && 2057 sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 2058 WLAN_FC_STYPE_ASSOC_REQ) { 2059 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2060 HOSTAPD_LEVEL_DEBUG, 2061 "Drop repeated association frame seq_ctrl=0x%x", 2062 seq_ctrl); 2063 return; 2064 } 2065 sta->last_seq_ctrl = seq_ctrl; 2066 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 2067 WLAN_FC_STYPE_ASSOC_REQ; 2068 2069 if (hapd->tkip_countermeasures) { 2070 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 2071 goto fail; 2072 } 2073 2074 if (listen_interval > hapd->conf->max_listen_interval) { 2075 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2076 HOSTAPD_LEVEL_DEBUG, 2077 "Too large Listen Interval (%d)", 2078 listen_interval); 2079 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 2080 goto fail; 2081 } 2082 2083 #ifdef CONFIG_MBO 2084 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) { 2085 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2086 goto fail; 2087 } 2088 #endif /* CONFIG_MBO */ 2089 2090 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 2091 * is used */ 2092 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 2093 if (resp != WLAN_STATUS_SUCCESS) 2094 goto fail; 2095 2096 if (hostapd_get_aid(hapd, sta) < 0) { 2097 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2098 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 2099 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2100 goto fail; 2101 } 2102 2103 sta->capability = capab_info; 2104 sta->listen_interval = listen_interval; 2105 2106 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 2107 sta->flags |= WLAN_STA_NONERP; 2108 for (i = 0; i < sta->supported_rates_len; i++) { 2109 if ((sta->supported_rates[i] & 0x7f) > 22) { 2110 sta->flags &= ~WLAN_STA_NONERP; 2111 break; 2112 } 2113 } 2114 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 2115 sta->nonerp_set = 1; 2116 hapd->iface->num_sta_non_erp++; 2117 if (hapd->iface->num_sta_non_erp == 1) 2118 ieee802_11_set_beacons(hapd->iface); 2119 } 2120 2121 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 2122 !sta->no_short_slot_time_set) { 2123 sta->no_short_slot_time_set = 1; 2124 hapd->iface->num_sta_no_short_slot_time++; 2125 if (hapd->iface->current_mode->mode == 2126 HOSTAPD_MODE_IEEE80211G && 2127 hapd->iface->num_sta_no_short_slot_time == 1) 2128 ieee802_11_set_beacons(hapd->iface); 2129 } 2130 2131 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 2132 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 2133 else 2134 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 2135 2136 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 2137 !sta->no_short_preamble_set) { 2138 sta->no_short_preamble_set = 1; 2139 hapd->iface->num_sta_no_short_preamble++; 2140 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 2141 && hapd->iface->num_sta_no_short_preamble == 1) 2142 ieee802_11_set_beacons(hapd->iface); 2143 } 2144 2145 #ifdef CONFIG_IEEE80211N 2146 update_ht_state(hapd, sta); 2147 #endif /* CONFIG_IEEE80211N */ 2148 2149 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2150 HOSTAPD_LEVEL_DEBUG, 2151 "association OK (aid %d)", sta->aid); 2152 /* Station will be marked associated, after it acknowledges AssocResp 2153 */ 2154 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 2155 2156 #ifdef CONFIG_IEEE80211W 2157 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 2158 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 2159 "SA Query procedure", reassoc ? "re" : ""); 2160 /* TODO: Send a protected Disassociate frame to the STA using 2161 * the old key and Reason Code "Previous Authentication no 2162 * longer valid". Make sure this is only sent protected since 2163 * unprotected frame would be received by the STA that is now 2164 * trying to associate. 2165 */ 2166 } 2167 #endif /* CONFIG_IEEE80211W */ 2168 2169 /* Make sure that the previously registered inactivity timer will not 2170 * remove the STA immediately. */ 2171 sta->timeout_next = STA_NULLFUNC; 2172 2173 fail: 2174 /* 2175 * In case of a successful response, add the station to the driver. 2176 * Otherwise, the kernel may ignore Data frames before we process the 2177 * ACK frame (TX status). In case of a failure, this station will be 2178 * removed. 2179 * 2180 * Note that this is not compliant with the IEEE 802.11 standard that 2181 * states that a non-AP station should transition into the 2182 * authenticated/associated state only after the station acknowledges 2183 * the (Re)Association Response frame. However, still do this as: 2184 * 2185 * 1. In case the station does not acknowledge the (Re)Association 2186 * Response frame, it will be removed. 2187 * 2. Data frames will be dropped in the kernel until the station is 2188 * set into authorized state, and there are no significant known 2189 * issues with processing other non-Data Class 3 frames during this 2190 * window. 2191 */ 2192 if (resp == WLAN_STATUS_SUCCESS && add_associated_sta(hapd, sta)) 2193 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2194 2195 reply_res = send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 2196 2197 /* 2198 * Remove the station in case tranmission of a success response fails 2199 * (the STA was added associated to the driver) or if the station was 2200 * previously added unassociated. 2201 */ 2202 if ((reply_res != WLAN_STATUS_SUCCESS && 2203 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc) { 2204 hostapd_drv_sta_remove(hapd, sta->addr); 2205 sta->added_unassoc = 0; 2206 } 2207 } 2208 2209 2210 static void handle_disassoc(struct hostapd_data *hapd, 2211 const struct ieee80211_mgmt *mgmt, size_t len) 2212 { 2213 struct sta_info *sta; 2214 2215 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 2216 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)", 2217 (unsigned long) len); 2218 return; 2219 } 2220 2221 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 2222 MAC2STR(mgmt->sa), 2223 le_to_host16(mgmt->u.disassoc.reason_code)); 2224 2225 sta = ap_get_sta(hapd, mgmt->sa); 2226 if (sta == NULL) { 2227 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated", 2228 MAC2STR(mgmt->sa)); 2229 return; 2230 } 2231 2232 ap_sta_set_authorized(hapd, sta, 0); 2233 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 2234 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 2235 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 2236 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2237 HOSTAPD_LEVEL_INFO, "disassociated"); 2238 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 2239 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 2240 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 2241 * authenticated. */ 2242 accounting_sta_stop(hapd, sta); 2243 ieee802_1x_free_station(hapd, sta); 2244 if (sta->ipaddr) 2245 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 2246 ap_sta_ip6addr_del(hapd, sta); 2247 hostapd_drv_sta_remove(hapd, sta->addr); 2248 sta->added_unassoc = 0; 2249 2250 if (sta->timeout_next == STA_NULLFUNC || 2251 sta->timeout_next == STA_DISASSOC) { 2252 sta->timeout_next = STA_DEAUTH; 2253 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 2254 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 2255 hapd, sta); 2256 } 2257 2258 mlme_disassociate_indication( 2259 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 2260 } 2261 2262 2263 static void handle_deauth(struct hostapd_data *hapd, 2264 const struct ieee80211_mgmt *mgmt, size_t len) 2265 { 2266 struct sta_info *sta; 2267 2268 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 2269 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 2270 "payload (len=%lu)", (unsigned long) len); 2271 return; 2272 } 2273 2274 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 2275 " reason_code=%d", 2276 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 2277 2278 sta = ap_get_sta(hapd, mgmt->sa); 2279 if (sta == NULL) { 2280 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 2281 "to deauthenticate, but it is not authenticated", 2282 MAC2STR(mgmt->sa)); 2283 return; 2284 } 2285 2286 ap_sta_set_authorized(hapd, sta, 0); 2287 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 2288 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 2289 WLAN_STA_ASSOC_REQ_OK); 2290 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 2291 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2292 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 2293 mlme_deauthenticate_indication( 2294 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 2295 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 2296 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 2297 ap_free_sta(hapd, sta); 2298 } 2299 2300 2301 static void handle_beacon(struct hostapd_data *hapd, 2302 const struct ieee80211_mgmt *mgmt, size_t len, 2303 struct hostapd_frame_info *fi) 2304 { 2305 struct ieee802_11_elems elems; 2306 2307 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 2308 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)", 2309 (unsigned long) len); 2310 return; 2311 } 2312 2313 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 2314 len - (IEEE80211_HDRLEN + 2315 sizeof(mgmt->u.beacon)), &elems, 2316 0); 2317 2318 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 2319 } 2320 2321 2322 #ifdef CONFIG_IEEE80211W 2323 2324 static int hostapd_sa_query_action(struct hostapd_data *hapd, 2325 const struct ieee80211_mgmt *mgmt, 2326 size_t len) 2327 { 2328 const u8 *end; 2329 2330 end = mgmt->u.action.u.sa_query_resp.trans_id + 2331 WLAN_SA_QUERY_TR_ID_LEN; 2332 if (((u8 *) mgmt) + len < end) { 2333 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 2334 "frame (len=%lu)", (unsigned long) len); 2335 return 0; 2336 } 2337 2338 ieee802_11_sa_query_action(hapd, mgmt->sa, 2339 mgmt->u.action.u.sa_query_resp.action, 2340 mgmt->u.action.u.sa_query_resp.trans_id); 2341 return 1; 2342 } 2343 2344 2345 static int robust_action_frame(u8 category) 2346 { 2347 return category != WLAN_ACTION_PUBLIC && 2348 category != WLAN_ACTION_HT; 2349 } 2350 #endif /* CONFIG_IEEE80211W */ 2351 2352 2353 static int handle_action(struct hostapd_data *hapd, 2354 const struct ieee80211_mgmt *mgmt, size_t len) 2355 { 2356 struct sta_info *sta; 2357 sta = ap_get_sta(hapd, mgmt->sa); 2358 2359 if (len < IEEE80211_HDRLEN + 1) { 2360 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2361 HOSTAPD_LEVEL_DEBUG, 2362 "handle_action - too short payload (len=%lu)", 2363 (unsigned long) len); 2364 return 0; 2365 } 2366 2367 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 2368 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 2369 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 2370 "frame (category=%u) from unassociated STA " MACSTR, 2371 MAC2STR(mgmt->sa), mgmt->u.action.category); 2372 return 0; 2373 } 2374 2375 #ifdef CONFIG_IEEE80211W 2376 if (sta && (sta->flags & WLAN_STA_MFP) && 2377 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) && 2378 robust_action_frame(mgmt->u.action.category)) { 2379 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2380 HOSTAPD_LEVEL_DEBUG, 2381 "Dropped unprotected Robust Action frame from " 2382 "an MFP STA"); 2383 return 0; 2384 } 2385 #endif /* CONFIG_IEEE80211W */ 2386 2387 if (sta) { 2388 u16 fc = le_to_host16(mgmt->frame_control); 2389 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 2390 2391 if ((fc & WLAN_FC_RETRY) && 2392 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 2393 sta->last_seq_ctrl == seq_ctrl && 2394 sta->last_subtype == WLAN_FC_STYPE_ACTION) { 2395 hostapd_logger(hapd, sta->addr, 2396 HOSTAPD_MODULE_IEEE80211, 2397 HOSTAPD_LEVEL_DEBUG, 2398 "Drop repeated action frame seq_ctrl=0x%x", 2399 seq_ctrl); 2400 return 1; 2401 } 2402 2403 sta->last_seq_ctrl = seq_ctrl; 2404 sta->last_subtype = WLAN_FC_STYPE_ACTION; 2405 } 2406 2407 switch (mgmt->u.action.category) { 2408 #ifdef CONFIG_IEEE80211R 2409 case WLAN_ACTION_FT: 2410 if (!sta || 2411 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 2412 len - IEEE80211_HDRLEN)) 2413 break; 2414 return 1; 2415 #endif /* CONFIG_IEEE80211R */ 2416 case WLAN_ACTION_WMM: 2417 hostapd_wmm_action(hapd, mgmt, len); 2418 return 1; 2419 #ifdef CONFIG_IEEE80211W 2420 case WLAN_ACTION_SA_QUERY: 2421 return hostapd_sa_query_action(hapd, mgmt, len); 2422 #endif /* CONFIG_IEEE80211W */ 2423 #ifdef CONFIG_WNM 2424 case WLAN_ACTION_WNM: 2425 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len); 2426 return 1; 2427 #endif /* CONFIG_WNM */ 2428 #ifdef CONFIG_FST 2429 case WLAN_ACTION_FST: 2430 if (hapd->iface->fst) 2431 fst_rx_action(hapd->iface->fst, mgmt, len); 2432 else 2433 wpa_printf(MSG_DEBUG, 2434 "FST: Ignore FST Action frame - no FST attached"); 2435 return 1; 2436 #endif /* CONFIG_FST */ 2437 case WLAN_ACTION_PUBLIC: 2438 case WLAN_ACTION_PROTECTED_DUAL: 2439 #ifdef CONFIG_IEEE80211N 2440 if (len >= IEEE80211_HDRLEN + 2 && 2441 mgmt->u.action.u.public_action.action == 2442 WLAN_PA_20_40_BSS_COEX) { 2443 wpa_printf(MSG_DEBUG, 2444 "HT20/40 coex mgmt frame received from STA " 2445 MACSTR, MAC2STR(mgmt->sa)); 2446 hostapd_2040_coex_action(hapd, mgmt, len); 2447 } 2448 #endif /* CONFIG_IEEE80211N */ 2449 if (hapd->public_action_cb) { 2450 hapd->public_action_cb(hapd->public_action_cb_ctx, 2451 (u8 *) mgmt, len, 2452 hapd->iface->freq); 2453 } 2454 if (hapd->public_action_cb2) { 2455 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 2456 (u8 *) mgmt, len, 2457 hapd->iface->freq); 2458 } 2459 if (hapd->public_action_cb || hapd->public_action_cb2) 2460 return 1; 2461 break; 2462 case WLAN_ACTION_VENDOR_SPECIFIC: 2463 if (hapd->vendor_action_cb) { 2464 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 2465 (u8 *) mgmt, len, 2466 hapd->iface->freq) == 0) 2467 return 1; 2468 } 2469 break; 2470 } 2471 2472 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2473 HOSTAPD_LEVEL_DEBUG, 2474 "handle_action - unknown action category %d or invalid " 2475 "frame", 2476 mgmt->u.action.category); 2477 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 2478 !(mgmt->sa[0] & 0x01)) { 2479 struct ieee80211_mgmt *resp; 2480 2481 /* 2482 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 2483 * Return the Action frame to the source without change 2484 * except that MSB of the Category set to 1. 2485 */ 2486 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 2487 "frame back to sender"); 2488 resp = os_malloc(len); 2489 if (resp == NULL) 2490 return 0; 2491 os_memcpy(resp, mgmt, len); 2492 os_memcpy(resp->da, resp->sa, ETH_ALEN); 2493 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 2494 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 2495 resp->u.action.category |= 0x80; 2496 2497 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 2498 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 2499 "Action frame"); 2500 } 2501 os_free(resp); 2502 } 2503 2504 return 1; 2505 } 2506 2507 2508 /** 2509 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 2510 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 2511 * sent to) 2512 * @buf: management frame data (starting from IEEE 802.11 header) 2513 * @len: length of frame data in octets 2514 * @fi: meta data about received frame (signal level, etc.) 2515 * 2516 * Process all incoming IEEE 802.11 management frames. This will be called for 2517 * each frame received from the kernel driver through wlan#ap interface. In 2518 * addition, it can be called to re-inserted pending frames (e.g., when using 2519 * external RADIUS server as an MAC ACL). 2520 */ 2521 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 2522 struct hostapd_frame_info *fi) 2523 { 2524 struct ieee80211_mgmt *mgmt; 2525 int broadcast; 2526 u16 fc, stype; 2527 int ret = 0; 2528 2529 if (len < 24) 2530 return 0; 2531 2532 mgmt = (struct ieee80211_mgmt *) buf; 2533 fc = le_to_host16(mgmt->frame_control); 2534 stype = WLAN_FC_GET_STYPE(fc); 2535 2536 if (stype == WLAN_FC_STYPE_BEACON) { 2537 handle_beacon(hapd, mgmt, len, fi); 2538 return 1; 2539 } 2540 2541 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 2542 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 2543 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 2544 2545 if (!broadcast && 2546 #ifdef CONFIG_P2P 2547 /* Invitation responses can be sent with the peer MAC as BSSID */ 2548 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 2549 stype == WLAN_FC_STYPE_ACTION) && 2550 #endif /* CONFIG_P2P */ 2551 #ifdef CONFIG_MESH 2552 !(hapd->conf->mesh & MESH_ENABLED) && 2553 #endif /* CONFIG_MESH */ 2554 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 2555 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", 2556 MAC2STR(mgmt->bssid)); 2557 return 0; 2558 } 2559 2560 2561 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 2562 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 2563 return 1; 2564 } 2565 2566 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 2567 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2568 HOSTAPD_LEVEL_DEBUG, 2569 "MGMT: DA=" MACSTR " not our address", 2570 MAC2STR(mgmt->da)); 2571 return 0; 2572 } 2573 2574 if (hapd->iconf->track_sta_max_num) 2575 sta_track_add(hapd->iface, mgmt->sa); 2576 2577 switch (stype) { 2578 case WLAN_FC_STYPE_AUTH: 2579 wpa_printf(MSG_DEBUG, "mgmt::auth"); 2580 handle_auth(hapd, mgmt, len); 2581 ret = 1; 2582 break; 2583 case WLAN_FC_STYPE_ASSOC_REQ: 2584 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 2585 handle_assoc(hapd, mgmt, len, 0); 2586 ret = 1; 2587 break; 2588 case WLAN_FC_STYPE_REASSOC_REQ: 2589 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 2590 handle_assoc(hapd, mgmt, len, 1); 2591 ret = 1; 2592 break; 2593 case WLAN_FC_STYPE_DISASSOC: 2594 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 2595 handle_disassoc(hapd, mgmt, len); 2596 ret = 1; 2597 break; 2598 case WLAN_FC_STYPE_DEAUTH: 2599 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 2600 handle_deauth(hapd, mgmt, len); 2601 ret = 1; 2602 break; 2603 case WLAN_FC_STYPE_ACTION: 2604 wpa_printf(MSG_DEBUG, "mgmt::action"); 2605 ret = handle_action(hapd, mgmt, len); 2606 break; 2607 default: 2608 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2609 HOSTAPD_LEVEL_DEBUG, 2610 "unknown mgmt frame subtype %d", stype); 2611 break; 2612 } 2613 2614 return ret; 2615 } 2616 2617 2618 static void handle_auth_cb(struct hostapd_data *hapd, 2619 const struct ieee80211_mgmt *mgmt, 2620 size_t len, int ok) 2621 { 2622 u16 auth_alg, auth_transaction, status_code; 2623 struct sta_info *sta; 2624 2625 sta = ap_get_sta(hapd, mgmt->da); 2626 if (!sta) { 2627 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found", 2628 MAC2STR(mgmt->da)); 2629 return; 2630 } 2631 2632 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 2633 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 2634 status_code = le_to_host16(mgmt->u.auth.status_code); 2635 2636 if (!ok) { 2637 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 2638 HOSTAPD_LEVEL_NOTICE, 2639 "did not acknowledge authentication response"); 2640 goto fail; 2641 } 2642 2643 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 2644 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)", 2645 (unsigned long) len); 2646 goto fail; 2647 } 2648 2649 if (status_code == WLAN_STATUS_SUCCESS && 2650 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 2651 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 2652 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2653 HOSTAPD_LEVEL_INFO, "authenticated"); 2654 sta->flags |= WLAN_STA_AUTH; 2655 if (sta->added_unassoc) 2656 hostapd_set_sta_flags(hapd, sta); 2657 return; 2658 } 2659 2660 fail: 2661 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) { 2662 hostapd_drv_sta_remove(hapd, sta->addr); 2663 sta->added_unassoc = 0; 2664 } 2665 } 2666 2667 2668 static void hostapd_set_wds_encryption(struct hostapd_data *hapd, 2669 struct sta_info *sta, 2670 char *ifname_wds) 2671 { 2672 int i; 2673 struct hostapd_ssid *ssid = &hapd->conf->ssid; 2674 2675 if (hapd->conf->ieee802_1x || hapd->conf->wpa) 2676 return; 2677 2678 for (i = 0; i < 4; i++) { 2679 if (ssid->wep.key[i] && 2680 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i, 2681 i == ssid->wep.idx, NULL, 0, 2682 ssid->wep.key[i], ssid->wep.len[i])) { 2683 wpa_printf(MSG_WARNING, 2684 "Could not set WEP keys for WDS interface; %s", 2685 ifname_wds); 2686 break; 2687 } 2688 } 2689 } 2690 2691 2692 static void handle_assoc_cb(struct hostapd_data *hapd, 2693 const struct ieee80211_mgmt *mgmt, 2694 size_t len, int reassoc, int ok) 2695 { 2696 u16 status; 2697 struct sta_info *sta; 2698 int new_assoc = 1; 2699 2700 sta = ap_get_sta(hapd, mgmt->da); 2701 if (!sta) { 2702 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found", 2703 MAC2STR(mgmt->da)); 2704 return; 2705 } 2706 2707 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 2708 sizeof(mgmt->u.assoc_resp))) { 2709 wpa_printf(MSG_INFO, 2710 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)", 2711 reassoc, (unsigned long) len); 2712 hostapd_drv_sta_remove(hapd, sta->addr); 2713 return; 2714 } 2715 2716 if (reassoc) 2717 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 2718 else 2719 status = le_to_host16(mgmt->u.assoc_resp.status_code); 2720 2721 if (!ok) { 2722 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 2723 HOSTAPD_LEVEL_DEBUG, 2724 "did not acknowledge association response"); 2725 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 2726 /* The STA is added only in case of SUCCESS */ 2727 if (status == WLAN_STATUS_SUCCESS) 2728 hostapd_drv_sta_remove(hapd, sta->addr); 2729 2730 return; 2731 } 2732 2733 if (status != WLAN_STATUS_SUCCESS) 2734 return; 2735 2736 /* Stop previous accounting session, if one is started, and allocate 2737 * new session id for the new session. */ 2738 accounting_sta_stop(hapd, sta); 2739 2740 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2741 HOSTAPD_LEVEL_INFO, 2742 "associated (aid %d)", 2743 sta->aid); 2744 2745 if (sta->flags & WLAN_STA_ASSOC) 2746 new_assoc = 0; 2747 sta->flags |= WLAN_STA_ASSOC; 2748 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; 2749 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) || 2750 sta->auth_alg == WLAN_AUTH_FT) { 2751 /* 2752 * Open, static WEP, or FT protocol; no separate authorization 2753 * step. 2754 */ 2755 ap_sta_set_authorized(hapd, sta, 1); 2756 } 2757 2758 if (reassoc) 2759 mlme_reassociate_indication(hapd, sta); 2760 else 2761 mlme_associate_indication(hapd, sta); 2762 2763 #ifdef CONFIG_IEEE80211W 2764 sta->sa_query_timed_out = 0; 2765 #endif /* CONFIG_IEEE80211W */ 2766 2767 if (sta->flags & WLAN_STA_WDS) { 2768 int ret; 2769 char ifname_wds[IFNAMSIZ + 1]; 2770 2771 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr, 2772 sta->aid, 1); 2773 if (!ret) 2774 hostapd_set_wds_encryption(hapd, sta, ifname_wds); 2775 } 2776 2777 if (sta->eapol_sm == NULL) { 2778 /* 2779 * This STA does not use RADIUS server for EAP authentication, 2780 * so bind it to the selected VLAN interface now, since the 2781 * interface selection is not going to change anymore. 2782 */ 2783 if (ap_sta_bind_vlan(hapd, sta) < 0) 2784 return; 2785 } else if (sta->vlan_id) { 2786 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 2787 if (ap_sta_bind_vlan(hapd, sta) < 0) 2788 return; 2789 } 2790 2791 hostapd_set_sta_flags(hapd, sta); 2792 2793 if (sta->auth_alg == WLAN_AUTH_FT) 2794 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 2795 else 2796 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 2797 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 2798 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 2799 2800 if (sta->pending_eapol_rx) { 2801 struct os_reltime now, age; 2802 2803 os_get_reltime(&now); 2804 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age); 2805 if (age.sec == 0 && age.usec < 200000) { 2806 wpa_printf(MSG_DEBUG, 2807 "Process pending EAPOL frame that was received from " MACSTR " just before association notification", 2808 MAC2STR(sta->addr)); 2809 ieee802_1x_receive( 2810 hapd, mgmt->da, 2811 wpabuf_head(sta->pending_eapol_rx->buf), 2812 wpabuf_len(sta->pending_eapol_rx->buf)); 2813 } 2814 wpabuf_free(sta->pending_eapol_rx->buf); 2815 os_free(sta->pending_eapol_rx); 2816 sta->pending_eapol_rx = NULL; 2817 } 2818 } 2819 2820 2821 static void handle_deauth_cb(struct hostapd_data *hapd, 2822 const struct ieee80211_mgmt *mgmt, 2823 size_t len, int ok) 2824 { 2825 struct sta_info *sta; 2826 if (mgmt->da[0] & 0x01) 2827 return; 2828 sta = ap_get_sta(hapd, mgmt->da); 2829 if (!sta) { 2830 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 2831 " not found", MAC2STR(mgmt->da)); 2832 return; 2833 } 2834 if (ok) 2835 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 2836 MAC2STR(sta->addr)); 2837 else 2838 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2839 "deauth", MAC2STR(sta->addr)); 2840 2841 ap_sta_deauth_cb(hapd, sta); 2842 } 2843 2844 2845 static void handle_disassoc_cb(struct hostapd_data *hapd, 2846 const struct ieee80211_mgmt *mgmt, 2847 size_t len, int ok) 2848 { 2849 struct sta_info *sta; 2850 if (mgmt->da[0] & 0x01) 2851 return; 2852 sta = ap_get_sta(hapd, mgmt->da); 2853 if (!sta) { 2854 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 2855 " not found", MAC2STR(mgmt->da)); 2856 return; 2857 } 2858 if (ok) 2859 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 2860 MAC2STR(sta->addr)); 2861 else 2862 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2863 "disassoc", MAC2STR(sta->addr)); 2864 2865 ap_sta_disassoc_cb(hapd, sta); 2866 } 2867 2868 2869 /** 2870 * ieee802_11_mgmt_cb - Process management frame TX status callback 2871 * @hapd: hostapd BSS data structure (the BSS from which the management frame 2872 * was sent from) 2873 * @buf: management frame data (starting from IEEE 802.11 header) 2874 * @len: length of frame data in octets 2875 * @stype: management frame subtype from frame control field 2876 * @ok: Whether the frame was ACK'ed 2877 */ 2878 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 2879 u16 stype, int ok) 2880 { 2881 const struct ieee80211_mgmt *mgmt; 2882 mgmt = (const struct ieee80211_mgmt *) buf; 2883 2884 #ifdef CONFIG_TESTING_OPTIONS 2885 if (hapd->ext_mgmt_frame_handling) { 2886 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d", 2887 stype, ok); 2888 return; 2889 } 2890 #endif /* CONFIG_TESTING_OPTIONS */ 2891 2892 switch (stype) { 2893 case WLAN_FC_STYPE_AUTH: 2894 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 2895 handle_auth_cb(hapd, mgmt, len, ok); 2896 break; 2897 case WLAN_FC_STYPE_ASSOC_RESP: 2898 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 2899 handle_assoc_cb(hapd, mgmt, len, 0, ok); 2900 break; 2901 case WLAN_FC_STYPE_REASSOC_RESP: 2902 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 2903 handle_assoc_cb(hapd, mgmt, len, 1, ok); 2904 break; 2905 case WLAN_FC_STYPE_PROBE_RESP: 2906 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok); 2907 break; 2908 case WLAN_FC_STYPE_DEAUTH: 2909 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 2910 handle_deauth_cb(hapd, mgmt, len, ok); 2911 break; 2912 case WLAN_FC_STYPE_DISASSOC: 2913 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 2914 handle_disassoc_cb(hapd, mgmt, len, ok); 2915 break; 2916 case WLAN_FC_STYPE_ACTION: 2917 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok); 2918 break; 2919 default: 2920 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype); 2921 break; 2922 } 2923 } 2924 2925 2926 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 2927 { 2928 /* TODO */ 2929 return 0; 2930 } 2931 2932 2933 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 2934 char *buf, size_t buflen) 2935 { 2936 /* TODO */ 2937 return 0; 2938 } 2939 2940 2941 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 2942 const u8 *buf, size_t len, int ack) 2943 { 2944 struct sta_info *sta; 2945 struct hostapd_iface *iface = hapd->iface; 2946 2947 sta = ap_get_sta(hapd, addr); 2948 if (sta == NULL && iface->num_bss > 1) { 2949 size_t j; 2950 for (j = 0; j < iface->num_bss; j++) { 2951 hapd = iface->bss[j]; 2952 sta = ap_get_sta(hapd, addr); 2953 if (sta) 2954 break; 2955 } 2956 } 2957 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 2958 return; 2959 if (sta->flags & WLAN_STA_PENDING_POLL) { 2960 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 2961 "activity poll", MAC2STR(sta->addr), 2962 ack ? "ACKed" : "did not ACK"); 2963 if (ack) 2964 sta->flags &= ~WLAN_STA_PENDING_POLL; 2965 } 2966 2967 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 2968 } 2969 2970 2971 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 2972 const u8 *data, size_t len, int ack) 2973 { 2974 struct sta_info *sta; 2975 struct hostapd_iface *iface = hapd->iface; 2976 2977 sta = ap_get_sta(hapd, dst); 2978 if (sta == NULL && iface->num_bss > 1) { 2979 size_t j; 2980 for (j = 0; j < iface->num_bss; j++) { 2981 hapd = iface->bss[j]; 2982 sta = ap_get_sta(hapd, dst); 2983 if (sta) 2984 break; 2985 } 2986 } 2987 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 2988 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 2989 MACSTR " that is not currently associated", 2990 MAC2STR(dst)); 2991 return; 2992 } 2993 2994 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 2995 } 2996 2997 2998 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 2999 { 3000 struct sta_info *sta; 3001 struct hostapd_iface *iface = hapd->iface; 3002 3003 sta = ap_get_sta(hapd, addr); 3004 if (sta == NULL && iface->num_bss > 1) { 3005 size_t j; 3006 for (j = 0; j < iface->num_bss; j++) { 3007 hapd = iface->bss[j]; 3008 sta = ap_get_sta(hapd, addr); 3009 if (sta) 3010 break; 3011 } 3012 } 3013 if (sta == NULL) 3014 return; 3015 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 3016 return; 3017 3018 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 3019 "activity poll", MAC2STR(sta->addr)); 3020 sta->flags &= ~WLAN_STA_PENDING_POLL; 3021 } 3022 3023 3024 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 3025 int wds) 3026 { 3027 struct sta_info *sta; 3028 3029 sta = ap_get_sta(hapd, src); 3030 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 3031 if (!hapd->conf->wds_sta) 3032 return; 3033 3034 if (wds && !(sta->flags & WLAN_STA_WDS)) { 3035 int ret; 3036 char ifname_wds[IFNAMSIZ + 1]; 3037 3038 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 3039 "STA " MACSTR " (aid %u)", 3040 MAC2STR(sta->addr), sta->aid); 3041 sta->flags |= WLAN_STA_WDS; 3042 ret = hostapd_set_wds_sta(hapd, ifname_wds, 3043 sta->addr, sta->aid, 1); 3044 if (!ret) 3045 hostapd_set_wds_encryption(hapd, sta, 3046 ifname_wds); 3047 } 3048 return; 3049 } 3050 3051 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 3052 MACSTR, MAC2STR(src)); 3053 if (src[0] & 0x01) { 3054 /* Broadcast bit set in SA?! Ignore the frame silently. */ 3055 return; 3056 } 3057 3058 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 3059 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 3060 "already been sent, but no TX status yet known - " 3061 "ignore Class 3 frame issue with " MACSTR, 3062 MAC2STR(src)); 3063 return; 3064 } 3065 3066 if (sta && (sta->flags & WLAN_STA_AUTH)) 3067 hostapd_drv_sta_disassoc( 3068 hapd, src, 3069 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 3070 else 3071 hostapd_drv_sta_deauth( 3072 hapd, src, 3073 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 3074 } 3075 3076 3077 #endif /* CONFIG_NATIVE_WINDOWS */ 3078
