1 /* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #ifndef CONFIG_NATIVE_WINDOWS 12 13 #include "utils/common.h" 14 #include "utils/eloop.h" 15 #include "crypto/crypto.h" 16 #include "crypto/sha256.h" 17 #include "crypto/random.h" 18 #include "common/ieee802_11_defs.h" 19 #include "common/ieee802_11_common.h" 20 #include "common/wpa_ctrl.h" 21 #include "common/sae.h" 22 #include "radius/radius.h" 23 #include "radius/radius_client.h" 24 #include "p2p/p2p.h" 25 #include "wps/wps.h" 26 #include "fst/fst.h" 27 #include "hostapd.h" 28 #include "beacon.h" 29 #include "ieee802_11_auth.h" 30 #include "sta_info.h" 31 #include "ieee802_1x.h" 32 #include "wpa_auth.h" 33 #include "pmksa_cache_auth.h" 34 #include "wmm.h" 35 #include "ap_list.h" 36 #include "accounting.h" 37 #include "ap_config.h" 38 #include "ap_mlme.h" 39 #include "p2p_hostapd.h" 40 #include "ap_drv_ops.h" 41 #include "wnm_ap.h" 42 #include "hw_features.h" 43 #include "ieee802_11.h" 44 #include "dfs.h" 45 #include "mbo_ap.h" 46 #include "rrm.h" 47 #include "taxonomy.h" 48 49 50 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 51 { 52 u8 *pos = eid; 53 int i, num, count; 54 55 if (hapd->iface->current_rates == NULL) 56 return eid; 57 58 *pos++ = WLAN_EID_SUPP_RATES; 59 num = hapd->iface->num_rates; 60 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 61 num++; 62 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 63 num++; 64 if (num > 8) { 65 /* rest of the rates are encoded in Extended supported 66 * rates element */ 67 num = 8; 68 } 69 70 *pos++ = num; 71 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 72 i++) { 73 count++; 74 *pos = hapd->iface->current_rates[i].rate / 5; 75 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 76 *pos |= 0x80; 77 pos++; 78 } 79 80 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 81 count++; 82 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 83 } 84 85 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 86 count++; 87 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 88 } 89 90 return pos; 91 } 92 93 94 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 95 { 96 u8 *pos = eid; 97 int i, num, count; 98 99 if (hapd->iface->current_rates == NULL) 100 return eid; 101 102 num = hapd->iface->num_rates; 103 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 104 num++; 105 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 106 num++; 107 if (num <= 8) 108 return eid; 109 num -= 8; 110 111 *pos++ = WLAN_EID_EXT_SUPP_RATES; 112 *pos++ = num; 113 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 114 i++) { 115 count++; 116 if (count <= 8) 117 continue; /* already in SuppRates IE */ 118 *pos = hapd->iface->current_rates[i].rate / 5; 119 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 120 *pos |= 0x80; 121 pos++; 122 } 123 124 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 125 count++; 126 if (count > 8) 127 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 128 } 129 130 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 131 count++; 132 if (count > 8) 133 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 134 } 135 136 return pos; 137 } 138 139 140 u16 hostapd_own_capab_info(struct hostapd_data *hapd) 141 { 142 int capab = WLAN_CAPABILITY_ESS; 143 int privacy; 144 int dfs; 145 int i; 146 147 /* Check if any of configured channels require DFS */ 148 dfs = hostapd_is_dfs_required(hapd->iface); 149 if (dfs < 0) { 150 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 151 dfs); 152 dfs = 0; 153 } 154 155 if (hapd->iface->num_sta_no_short_preamble == 0 && 156 hapd->iconf->preamble == SHORT_PREAMBLE) 157 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 158 159 privacy = hapd->conf->ssid.wep.keys_set; 160 161 if (hapd->conf->ieee802_1x && 162 (hapd->conf->default_wep_key_len || 163 hapd->conf->individual_wep_key_len)) 164 privacy = 1; 165 166 if (hapd->conf->wpa) 167 privacy = 1; 168 169 #ifdef CONFIG_HS20 170 if (hapd->conf->osen) 171 privacy = 1; 172 #endif /* CONFIG_HS20 */ 173 174 if (privacy) 175 capab |= WLAN_CAPABILITY_PRIVACY; 176 177 if (hapd->iface->current_mode && 178 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 179 hapd->iface->num_sta_no_short_slot_time == 0) 180 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 181 182 /* 183 * Currently, Spectrum Management capability bit is set when directly 184 * requested in configuration by spectrum_mgmt_required or when AP is 185 * running on DFS channel. 186 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit 187 */ 188 if (hapd->iface->current_mode && 189 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A && 190 (hapd->iconf->spectrum_mgmt_required || dfs)) 191 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 192 193 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) { 194 if (hapd->conf->radio_measurements[i]) { 195 capab |= IEEE80211_CAP_RRM; 196 break; 197 } 198 } 199 200 return capab; 201 } 202 203 204 #ifndef CONFIG_NO_RC4 205 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 206 u16 auth_transaction, const u8 *challenge, 207 int iswep) 208 { 209 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 210 HOSTAPD_LEVEL_DEBUG, 211 "authentication (shared key, transaction %d)", 212 auth_transaction); 213 214 if (auth_transaction == 1) { 215 if (!sta->challenge) { 216 /* Generate a pseudo-random challenge */ 217 u8 key[8]; 218 219 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 220 if (sta->challenge == NULL) 221 return WLAN_STATUS_UNSPECIFIED_FAILURE; 222 223 if (os_get_random(key, sizeof(key)) < 0) { 224 os_free(sta->challenge); 225 sta->challenge = NULL; 226 return WLAN_STATUS_UNSPECIFIED_FAILURE; 227 } 228 229 rc4_skip(key, sizeof(key), 0, 230 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 231 } 232 return 0; 233 } 234 235 if (auth_transaction != 3) 236 return WLAN_STATUS_UNSPECIFIED_FAILURE; 237 238 /* Transaction 3 */ 239 if (!iswep || !sta->challenge || !challenge || 240 os_memcmp_const(sta->challenge, challenge, 241 WLAN_AUTH_CHALLENGE_LEN)) { 242 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 243 HOSTAPD_LEVEL_INFO, 244 "shared key authentication - invalid " 245 "challenge-response"); 246 return WLAN_STATUS_CHALLENGE_FAIL; 247 } 248 249 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 250 HOSTAPD_LEVEL_DEBUG, 251 "authentication OK (shared key)"); 252 sta->flags |= WLAN_STA_AUTH; 253 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 254 os_free(sta->challenge); 255 sta->challenge = NULL; 256 257 return 0; 258 } 259 #endif /* CONFIG_NO_RC4 */ 260 261 262 static int send_auth_reply(struct hostapd_data *hapd, 263 const u8 *dst, const u8 *bssid, 264 u16 auth_alg, u16 auth_transaction, u16 resp, 265 const u8 *ies, size_t ies_len) 266 { 267 struct ieee80211_mgmt *reply; 268 u8 *buf; 269 size_t rlen; 270 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE; 271 272 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 273 buf = os_zalloc(rlen); 274 if (buf == NULL) 275 return -1; 276 277 reply = (struct ieee80211_mgmt *) buf; 278 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 279 WLAN_FC_STYPE_AUTH); 280 os_memcpy(reply->da, dst, ETH_ALEN); 281 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 282 os_memcpy(reply->bssid, bssid, ETH_ALEN); 283 284 reply->u.auth.auth_alg = host_to_le16(auth_alg); 285 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 286 reply->u.auth.status_code = host_to_le16(resp); 287 288 if (ies && ies_len) 289 os_memcpy(reply->u.auth.variable, ies, ies_len); 290 291 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 292 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 293 MAC2STR(dst), auth_alg, auth_transaction, 294 resp, (unsigned long) ies_len); 295 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 296 wpa_printf(MSG_INFO, "send_auth_reply: send failed"); 297 else 298 reply_res = WLAN_STATUS_SUCCESS; 299 300 os_free(buf); 301 302 return reply_res; 303 } 304 305 306 #ifdef CONFIG_IEEE80211R 307 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 308 u16 auth_transaction, u16 status, 309 const u8 *ies, size_t ies_len) 310 { 311 struct hostapd_data *hapd = ctx; 312 struct sta_info *sta; 313 int reply_res; 314 315 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, 316 auth_transaction, status, ies, ies_len); 317 318 sta = ap_get_sta(hapd, dst); 319 if (sta == NULL) 320 return; 321 322 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS || 323 status != WLAN_STATUS_SUCCESS)) { 324 hostapd_drv_sta_remove(hapd, sta->addr); 325 sta->added_unassoc = 0; 326 return; 327 } 328 329 if (status != WLAN_STATUS_SUCCESS) 330 return; 331 332 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 333 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 334 sta->flags |= WLAN_STA_AUTH; 335 mlme_authenticate_indication(hapd, sta); 336 } 337 #endif /* CONFIG_IEEE80211R */ 338 339 340 #ifdef CONFIG_SAE 341 342 #define dot11RSNASAESync 5 /* attempts */ 343 344 345 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, 346 struct sta_info *sta, int update) 347 { 348 struct wpabuf *buf; 349 350 if (hapd->conf->ssid.wpa_passphrase == NULL) { 351 wpa_printf(MSG_DEBUG, "SAE: No password available"); 352 return NULL; 353 } 354 355 if (update && 356 sae_prepare_commit(hapd->own_addr, sta->addr, 357 (u8 *) hapd->conf->ssid.wpa_passphrase, 358 os_strlen(hapd->conf->ssid.wpa_passphrase), 359 sta->sae) < 0) { 360 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 361 return NULL; 362 } 363 364 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN); 365 if (buf == NULL) 366 return NULL; 367 sae_write_commit(sta->sae, buf, sta->sae->tmp ? 368 sta->sae->tmp->anti_clogging_token : NULL); 369 370 return buf; 371 } 372 373 374 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 375 struct sta_info *sta) 376 { 377 struct wpabuf *buf; 378 379 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 380 if (buf == NULL) 381 return NULL; 382 383 sae_write_confirm(sta->sae, buf); 384 385 return buf; 386 } 387 388 389 static int auth_sae_send_commit(struct hostapd_data *hapd, 390 struct sta_info *sta, 391 const u8 *bssid, int update) 392 { 393 struct wpabuf *data; 394 int reply_res; 395 396 data = auth_build_sae_commit(hapd, sta, update); 397 if (data == NULL) 398 return WLAN_STATUS_UNSPECIFIED_FAILURE; 399 400 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1, 401 WLAN_STATUS_SUCCESS, wpabuf_head(data), 402 wpabuf_len(data)); 403 404 wpabuf_free(data); 405 406 return reply_res; 407 } 408 409 410 static int auth_sae_send_confirm(struct hostapd_data *hapd, 411 struct sta_info *sta, 412 const u8 *bssid) 413 { 414 struct wpabuf *data; 415 int reply_res; 416 417 data = auth_build_sae_confirm(hapd, sta); 418 if (data == NULL) 419 return WLAN_STATUS_UNSPECIFIED_FAILURE; 420 421 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2, 422 WLAN_STATUS_SUCCESS, wpabuf_head(data), 423 wpabuf_len(data)); 424 425 wpabuf_free(data); 426 427 return reply_res; 428 } 429 430 431 static int use_sae_anti_clogging(struct hostapd_data *hapd) 432 { 433 struct sta_info *sta; 434 unsigned int open = 0; 435 436 if (hapd->conf->sae_anti_clogging_threshold == 0) 437 return 1; 438 439 for (sta = hapd->sta_list; sta; sta = sta->next) { 440 if (!sta->sae) 441 continue; 442 if (sta->sae->state != SAE_COMMITTED && 443 sta->sae->state != SAE_CONFIRMED) 444 continue; 445 open++; 446 if (open >= hapd->conf->sae_anti_clogging_threshold) 447 return 1; 448 } 449 450 return 0; 451 } 452 453 454 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 455 const u8 *token, size_t token_len) 456 { 457 u8 mac[SHA256_MAC_LEN]; 458 459 if (token_len != SHA256_MAC_LEN) 460 return -1; 461 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 462 addr, ETH_ALEN, mac) < 0 || 463 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0) 464 return -1; 465 466 return 0; 467 } 468 469 470 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 471 int group, const u8 *addr) 472 { 473 struct wpabuf *buf; 474 u8 *token; 475 struct os_reltime now; 476 477 os_get_reltime(&now); 478 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) || 479 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) { 480 if (random_get_bytes(hapd->sae_token_key, 481 sizeof(hapd->sae_token_key)) < 0) 482 return NULL; 483 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 484 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 485 hapd->last_sae_token_key_update = now; 486 } 487 488 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN); 489 if (buf == NULL) 490 return NULL; 491 492 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */ 493 494 token = wpabuf_put(buf, SHA256_MAC_LEN); 495 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 496 addr, ETH_ALEN, token); 497 498 return buf; 499 } 500 501 502 static int sae_check_big_sync(struct sta_info *sta) 503 { 504 if (sta->sae->sync > dot11RSNASAESync) { 505 sta->sae->state = SAE_NOTHING; 506 sta->sae->sync = 0; 507 return -1; 508 } 509 return 0; 510 } 511 512 513 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data) 514 { 515 struct hostapd_data *hapd = eloop_ctx; 516 struct sta_info *sta = eloop_data; 517 int ret; 518 519 if (sae_check_big_sync(sta)) 520 return; 521 sta->sae->sync++; 522 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR 523 " (sync=%d state=%d)", 524 MAC2STR(sta->addr), sta->sae->sync, sta->sae->state); 525 526 switch (sta->sae->state) { 527 case SAE_COMMITTED: 528 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 529 eloop_register_timeout(0, 530 hapd->dot11RSNASAERetransPeriod * 1000, 531 auth_sae_retransmit_timer, hapd, sta); 532 break; 533 case SAE_CONFIRMED: 534 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr); 535 eloop_register_timeout(0, 536 hapd->dot11RSNASAERetransPeriod * 1000, 537 auth_sae_retransmit_timer, hapd, sta); 538 break; 539 default: 540 ret = -1; 541 break; 542 } 543 544 if (ret != WLAN_STATUS_SUCCESS) 545 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret); 546 } 547 548 549 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta) 550 { 551 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 552 } 553 554 555 static void sae_set_retransmit_timer(struct hostapd_data *hapd, 556 struct sta_info *sta) 557 { 558 if (!(hapd->conf->mesh & MESH_ENABLED)) 559 return; 560 561 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 562 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000, 563 auth_sae_retransmit_timer, hapd, sta); 564 } 565 566 567 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta) 568 { 569 sta->flags |= WLAN_STA_AUTH; 570 sta->auth_alg = WLAN_AUTH_SAE; 571 mlme_authenticate_indication(hapd, sta); 572 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 573 sta->sae->state = SAE_ACCEPTED; 574 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, 575 sta->sae->pmk, sta->sae->pmkid); 576 } 577 578 579 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, 580 const u8 *bssid, u8 auth_transaction) 581 { 582 int ret; 583 584 if (auth_transaction != 1 && auth_transaction != 2) 585 return WLAN_STATUS_UNSPECIFIED_FAILURE; 586 587 switch (sta->sae->state) { 588 case SAE_NOTHING: 589 if (auth_transaction == 1) { 590 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 591 if (ret) 592 return ret; 593 sta->sae->state = SAE_COMMITTED; 594 595 if (sae_process_commit(sta->sae) < 0) 596 return WLAN_STATUS_UNSPECIFIED_FAILURE; 597 598 /* 599 * In mesh case, both Commit and Confirm can be sent 600 * immediately. In infrastructure BSS, only a single 601 * Authentication frame (Commit) is expected from the AP 602 * here and the second one (Confirm) will be sent once 603 * the STA has sent its second Authentication frame 604 * (Confirm). 605 */ 606 if (hapd->conf->mesh & MESH_ENABLED) { 607 /* 608 * Send both Commit and Confirm immediately 609 * based on SAE finite state machine 610 * Nothing -> Confirm transition. 611 */ 612 ret = auth_sae_send_confirm(hapd, sta, bssid); 613 if (ret) 614 return ret; 615 sta->sae->state = SAE_CONFIRMED; 616 } else { 617 /* 618 * For infrastructure BSS, send only the Commit 619 * message now to get alternating sequence of 620 * Authentication frames between the AP and STA. 621 * Confirm will be sent in 622 * Committed -> Confirmed/Accepted transition 623 * when receiving Confirm from STA. 624 */ 625 } 626 sta->sae->sync = 0; 627 sae_set_retransmit_timer(hapd, sta); 628 } else { 629 hostapd_logger(hapd, sta->addr, 630 HOSTAPD_MODULE_IEEE80211, 631 HOSTAPD_LEVEL_DEBUG, 632 "SAE confirm before commit"); 633 } 634 break; 635 case SAE_COMMITTED: 636 sae_clear_retransmit_timer(hapd, sta); 637 if (auth_transaction == 1) { 638 if (sae_process_commit(sta->sae) < 0) 639 return WLAN_STATUS_UNSPECIFIED_FAILURE; 640 641 ret = auth_sae_send_confirm(hapd, sta, bssid); 642 if (ret) 643 return ret; 644 sta->sae->state = SAE_CONFIRMED; 645 sta->sae->sync = 0; 646 sae_set_retransmit_timer(hapd, sta); 647 } else if (hapd->conf->mesh & MESH_ENABLED) { 648 /* 649 * In mesh case, follow SAE finite state machine and 650 * send Commit now, if sync count allows. 651 */ 652 if (sae_check_big_sync(sta)) 653 return WLAN_STATUS_SUCCESS; 654 sta->sae->sync++; 655 656 ret = auth_sae_send_commit(hapd, sta, bssid, 0); 657 if (ret) 658 return ret; 659 660 sae_set_retransmit_timer(hapd, sta); 661 } else { 662 /* 663 * For instructure BSS, send the postponed Confirm from 664 * Nothing -> Confirmed transition that was reduced to 665 * Nothing -> Committed above. 666 */ 667 ret = auth_sae_send_confirm(hapd, sta, bssid); 668 if (ret) 669 return ret; 670 671 sta->sae->state = SAE_CONFIRMED; 672 673 /* 674 * Since this was triggered on Confirm RX, run another 675 * step to get to Accepted without waiting for 676 * additional events. 677 */ 678 return sae_sm_step(hapd, sta, bssid, auth_transaction); 679 } 680 break; 681 case SAE_CONFIRMED: 682 sae_clear_retransmit_timer(hapd, sta); 683 if (auth_transaction == 1) { 684 if (sae_check_big_sync(sta)) 685 return WLAN_STATUS_SUCCESS; 686 sta->sae->sync++; 687 688 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 689 if (ret) 690 return ret; 691 692 if (sae_process_commit(sta->sae) < 0) 693 return WLAN_STATUS_UNSPECIFIED_FAILURE; 694 695 ret = auth_sae_send_confirm(hapd, sta, bssid); 696 if (ret) 697 return ret; 698 699 sae_set_retransmit_timer(hapd, sta); 700 } else { 701 sae_accept_sta(hapd, sta); 702 } 703 break; 704 case SAE_ACCEPTED: 705 if (auth_transaction == 1) { 706 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR 707 ") doing reauthentication", 708 MAC2STR(sta->addr)); 709 ap_free_sta(hapd, sta); 710 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 711 } else { 712 if (sae_check_big_sync(sta)) 713 return WLAN_STATUS_SUCCESS; 714 sta->sae->sync++; 715 716 ret = auth_sae_send_confirm(hapd, sta, bssid); 717 sae_clear_temp_data(sta->sae); 718 if (ret) 719 return ret; 720 } 721 break; 722 default: 723 wpa_printf(MSG_ERROR, "SAE: invalid state %d", 724 sta->sae->state); 725 return WLAN_STATUS_UNSPECIFIED_FAILURE; 726 } 727 return WLAN_STATUS_SUCCESS; 728 } 729 730 731 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta) 732 { 733 struct sae_data *sae = sta->sae; 734 int i, *groups = hapd->conf->sae_groups; 735 736 if (sae->state != SAE_COMMITTED) 737 return; 738 739 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group); 740 741 for (i = 0; groups && groups[i] > 0; i++) { 742 if (sae->group == groups[i]) 743 break; 744 } 745 746 if (!groups || groups[i] <= 0) { 747 wpa_printf(MSG_DEBUG, 748 "SAE: Previously selected group not found from the current configuration"); 749 return; 750 } 751 752 for (;;) { 753 i++; 754 if (groups[i] <= 0) { 755 wpa_printf(MSG_DEBUG, 756 "SAE: No alternative group enabled"); 757 return; 758 } 759 760 if (sae_set_group(sae, groups[i]) < 0) 761 continue; 762 763 break; 764 } 765 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]); 766 } 767 768 769 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 770 const struct ieee80211_mgmt *mgmt, size_t len, 771 u16 auth_transaction, u16 status_code) 772 { 773 int resp = WLAN_STATUS_SUCCESS; 774 struct wpabuf *data = NULL; 775 776 if (!sta->sae) { 777 if (auth_transaction != 1 || 778 status_code != WLAN_STATUS_SUCCESS) { 779 resp = -1; 780 goto remove_sta; 781 } 782 sta->sae = os_zalloc(sizeof(*sta->sae)); 783 if (!sta->sae) { 784 resp = -1; 785 goto remove_sta; 786 } 787 sta->sae->state = SAE_NOTHING; 788 sta->sae->sync = 0; 789 } 790 791 if (sta->mesh_sae_pmksa_caching) { 792 wpa_printf(MSG_DEBUG, 793 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication"); 794 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 795 sta->mesh_sae_pmksa_caching = 0; 796 } 797 798 if (auth_transaction == 1) { 799 const u8 *token = NULL, *pos, *end; 800 size_t token_len = 0; 801 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 802 HOSTAPD_LEVEL_DEBUG, 803 "start SAE authentication (RX commit, status=%u)", 804 status_code); 805 806 if ((hapd->conf->mesh & MESH_ENABLED) && 807 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ && 808 sta->sae->tmp) { 809 pos = mgmt->u.auth.variable; 810 end = ((const u8 *) mgmt) + len; 811 if (pos + sizeof(le16) > end) { 812 wpa_printf(MSG_ERROR, 813 "SAE: Too short anti-clogging token request"); 814 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 815 goto reply; 816 } 817 resp = sae_group_allowed(sta->sae, 818 hapd->conf->sae_groups, 819 WPA_GET_LE16(pos)); 820 if (resp != WLAN_STATUS_SUCCESS) { 821 wpa_printf(MSG_ERROR, 822 "SAE: Invalid group in anti-clogging token request"); 823 goto reply; 824 } 825 pos += sizeof(le16); 826 827 wpabuf_free(sta->sae->tmp->anti_clogging_token); 828 sta->sae->tmp->anti_clogging_token = 829 wpabuf_alloc_copy(pos, end - pos); 830 if (sta->sae->tmp->anti_clogging_token == NULL) { 831 wpa_printf(MSG_ERROR, 832 "SAE: Failed to alloc for anti-clogging token"); 833 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 834 goto remove_sta; 835 } 836 837 /* 838 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code 839 * is 76, a new Commit Message shall be constructed 840 * with the Anti-Clogging Token from the received 841 * Authentication frame, and the commit-scalar and 842 * COMMIT-ELEMENT previously sent. 843 */ 844 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0); 845 if (resp != WLAN_STATUS_SUCCESS) { 846 wpa_printf(MSG_ERROR, 847 "SAE: Failed to send commit message"); 848 goto remove_sta; 849 } 850 sta->sae->state = SAE_COMMITTED; 851 sta->sae->sync = 0; 852 sae_set_retransmit_timer(hapd, sta); 853 return; 854 } 855 856 if ((hapd->conf->mesh & MESH_ENABLED) && 857 status_code == 858 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED && 859 sta->sae->tmp) { 860 wpa_printf(MSG_DEBUG, 861 "SAE: Peer did not accept our SAE group"); 862 sae_pick_next_group(hapd, sta); 863 goto remove_sta; 864 } 865 866 if (status_code != WLAN_STATUS_SUCCESS) 867 goto remove_sta; 868 869 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 870 ((const u8 *) mgmt) + len - 871 mgmt->u.auth.variable, &token, 872 &token_len, hapd->conf->sae_groups); 873 if (resp == SAE_SILENTLY_DISCARD) { 874 wpa_printf(MSG_DEBUG, 875 "SAE: Drop commit message from " MACSTR " due to reflection attack", 876 MAC2STR(sta->addr)); 877 goto remove_sta; 878 } 879 if (token && check_sae_token(hapd, sta->addr, token, token_len) 880 < 0) { 881 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 882 "incorrect token from " MACSTR, 883 MAC2STR(sta->addr)); 884 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 885 goto remove_sta; 886 } 887 888 if (resp != WLAN_STATUS_SUCCESS) 889 goto reply; 890 891 if (!token && use_sae_anti_clogging(hapd)) { 892 wpa_printf(MSG_DEBUG, 893 "SAE: Request anti-clogging token from " 894 MACSTR, MAC2STR(sta->addr)); 895 data = auth_build_token_req(hapd, sta->sae->group, 896 sta->addr); 897 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 898 if (hapd->conf->mesh & MESH_ENABLED) 899 sta->sae->state = SAE_NOTHING; 900 goto reply; 901 } 902 903 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 904 } else if (auth_transaction == 2) { 905 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 906 HOSTAPD_LEVEL_DEBUG, 907 "SAE authentication (RX confirm, status=%u)", 908 status_code); 909 if (status_code != WLAN_STATUS_SUCCESS) 910 goto remove_sta; 911 if (sta->sae->state >= SAE_CONFIRMED || 912 !(hapd->conf->mesh & MESH_ENABLED)) { 913 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable, 914 ((u8 *) mgmt) + len - 915 mgmt->u.auth.variable) < 0) { 916 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 917 goto reply; 918 } 919 } 920 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 921 } else { 922 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 923 HOSTAPD_LEVEL_DEBUG, 924 "unexpected SAE authentication transaction %u (status=%u)", 925 auth_transaction, status_code); 926 if (status_code != WLAN_STATUS_SUCCESS) 927 goto remove_sta; 928 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 929 } 930 931 reply: 932 if (resp != WLAN_STATUS_SUCCESS) { 933 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 934 auth_transaction, resp, 935 data ? wpabuf_head(data) : (u8 *) "", 936 data ? wpabuf_len(data) : 0); 937 } 938 939 remove_sta: 940 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 941 status_code != WLAN_STATUS_SUCCESS)) { 942 hostapd_drv_sta_remove(hapd, sta->addr); 943 sta->added_unassoc = 0; 944 } 945 wpabuf_free(data); 946 } 947 948 949 /** 950 * auth_sae_init_committed - Send COMMIT and start SAE in committed state 951 * @hapd: BSS data for the device initiating the authentication 952 * @sta: the peer to which commit authentication frame is sent 953 * 954 * This function implements Init event handling (IEEE Std 802.11-2012, 955 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the 956 * sta->sae structure should be initialized appropriately via a call to 957 * sae_prepare_commit(). 958 */ 959 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta) 960 { 961 int ret; 962 963 if (!sta->sae || !sta->sae->tmp) 964 return -1; 965 966 if (sta->sae->state != SAE_NOTHING) 967 return -1; 968 969 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 970 if (ret) 971 return -1; 972 973 sta->sae->state = SAE_COMMITTED; 974 sta->sae->sync = 0; 975 sae_set_retransmit_timer(hapd, sta); 976 977 return 0; 978 } 979 980 #endif /* CONFIG_SAE */ 981 982 983 static void handle_auth(struct hostapd_data *hapd, 984 const struct ieee80211_mgmt *mgmt, size_t len) 985 { 986 u16 auth_alg, auth_transaction, status_code; 987 u16 resp = WLAN_STATUS_SUCCESS; 988 struct sta_info *sta = NULL; 989 int res, reply_res; 990 u16 fc; 991 const u8 *challenge = NULL; 992 u32 session_timeout, acct_interim_interval; 993 struct vlan_description vlan_id; 994 struct hostapd_sta_wpa_psk_short *psk = NULL; 995 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 996 size_t resp_ies_len = 0; 997 char *identity = NULL; 998 char *radius_cui = NULL; 999 u16 seq_ctrl; 1000 1001 os_memset(&vlan_id, 0, sizeof(vlan_id)); 1002 1003 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1004 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", 1005 (unsigned long) len); 1006 return; 1007 } 1008 1009 #ifdef CONFIG_TESTING_OPTIONS 1010 if (hapd->iconf->ignore_auth_probability > 0.0 && 1011 drand48() < hapd->iconf->ignore_auth_probability) { 1012 wpa_printf(MSG_INFO, 1013 "TESTING: ignoring auth frame from " MACSTR, 1014 MAC2STR(mgmt->sa)); 1015 return; 1016 } 1017 #endif /* CONFIG_TESTING_OPTIONS */ 1018 1019 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1020 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1021 status_code = le_to_host16(mgmt->u.auth.status_code); 1022 fc = le_to_host16(mgmt->frame_control); 1023 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 1024 1025 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 1026 2 + WLAN_AUTH_CHALLENGE_LEN && 1027 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 1028 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 1029 challenge = &mgmt->u.auth.variable[2]; 1030 1031 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 1032 "auth_transaction=%d status_code=%d wep=%d%s " 1033 "seq_ctrl=0x%x%s", 1034 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 1035 status_code, !!(fc & WLAN_FC_ISWEP), 1036 challenge ? " challenge" : "", 1037 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 1038 1039 #ifdef CONFIG_NO_RC4 1040 if (auth_alg == WLAN_AUTH_SHARED_KEY) { 1041 wpa_printf(MSG_INFO, 1042 "Unsupported authentication algorithm (%d)", 1043 auth_alg); 1044 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1045 goto fail; 1046 } 1047 #endif /* CONFIG_NO_RC4 */ 1048 1049 if (hapd->tkip_countermeasures) { 1050 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1051 goto fail; 1052 } 1053 1054 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 1055 auth_alg == WLAN_AUTH_OPEN) || 1056 #ifdef CONFIG_IEEE80211R 1057 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 1058 auth_alg == WLAN_AUTH_FT) || 1059 #endif /* CONFIG_IEEE80211R */ 1060 #ifdef CONFIG_SAE 1061 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 1062 auth_alg == WLAN_AUTH_SAE) || 1063 #endif /* CONFIG_SAE */ 1064 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 1065 auth_alg == WLAN_AUTH_SHARED_KEY))) { 1066 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)", 1067 auth_alg); 1068 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1069 goto fail; 1070 } 1071 1072 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 1073 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 1074 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)", 1075 auth_transaction); 1076 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1077 goto fail; 1078 } 1079 1080 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 1081 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 1082 MAC2STR(mgmt->sa)); 1083 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1084 goto fail; 1085 } 1086 1087 if (hapd->conf->no_auth_if_seen_on) { 1088 struct hostapd_data *other; 1089 1090 other = sta_track_seen_on(hapd->iface, mgmt->sa, 1091 hapd->conf->no_auth_if_seen_on); 1092 if (other) { 1093 u8 *pos; 1094 u32 info; 1095 u8 op_class, channel, phytype; 1096 1097 wpa_printf(MSG_DEBUG, "%s: Reject authentication from " 1098 MACSTR " since STA has been seen on %s", 1099 hapd->conf->iface, MAC2STR(mgmt->sa), 1100 hapd->conf->no_auth_if_seen_on); 1101 1102 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION; 1103 pos = &resp_ies[0]; 1104 *pos++ = WLAN_EID_NEIGHBOR_REPORT; 1105 *pos++ = 13; 1106 os_memcpy(pos, other->own_addr, ETH_ALEN); 1107 pos += ETH_ALEN; 1108 info = 0; /* TODO: BSSID Information */ 1109 WPA_PUT_LE32(pos, info); 1110 pos += 4; 1111 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD) 1112 phytype = 8; /* dmg */ 1113 else if (other->iconf->ieee80211ac) 1114 phytype = 9; /* vht */ 1115 else if (other->iconf->ieee80211n) 1116 phytype = 7; /* ht */ 1117 else if (other->iconf->hw_mode == 1118 HOSTAPD_MODE_IEEE80211A) 1119 phytype = 4; /* ofdm */ 1120 else if (other->iconf->hw_mode == 1121 HOSTAPD_MODE_IEEE80211G) 1122 phytype = 6; /* erp */ 1123 else 1124 phytype = 5; /* hrdsss */ 1125 if (ieee80211_freq_to_channel_ext( 1126 hostapd_hw_get_freq(other, 1127 other->iconf->channel), 1128 other->iconf->secondary_channel, 1129 other->iconf->ieee80211ac, 1130 &op_class, &channel) == NUM_HOSTAPD_MODES) { 1131 op_class = 0; 1132 channel = other->iconf->channel; 1133 } 1134 *pos++ = op_class; 1135 *pos++ = channel; 1136 *pos++ = phytype; 1137 resp_ies_len = pos - &resp_ies[0]; 1138 goto fail; 1139 } 1140 } 1141 1142 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 1143 &session_timeout, 1144 &acct_interim_interval, &vlan_id, 1145 &psk, &identity, &radius_cui); 1146 1147 if (res == HOSTAPD_ACL_REJECT) { 1148 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 1149 MAC2STR(mgmt->sa)); 1150 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1151 goto fail; 1152 } 1153 if (res == HOSTAPD_ACL_PENDING) { 1154 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 1155 " waiting for an external authentication", 1156 MAC2STR(mgmt->sa)); 1157 /* Authentication code will re-send the authentication frame 1158 * after it has received (and cached) information from the 1159 * external source. */ 1160 return; 1161 } 1162 1163 sta = ap_get_sta(hapd, mgmt->sa); 1164 if (sta) { 1165 if ((fc & WLAN_FC_RETRY) && 1166 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 1167 sta->last_seq_ctrl == seq_ctrl && 1168 sta->last_subtype == WLAN_FC_STYPE_AUTH) { 1169 hostapd_logger(hapd, sta->addr, 1170 HOSTAPD_MODULE_IEEE80211, 1171 HOSTAPD_LEVEL_DEBUG, 1172 "Drop repeated authentication frame seq_ctrl=0x%x", 1173 seq_ctrl); 1174 return; 1175 } 1176 #ifdef CONFIG_MESH 1177 if ((hapd->conf->mesh & MESH_ENABLED) && 1178 sta->plink_state == PLINK_BLOCKED) { 1179 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1180 " is blocked - drop Authentication frame", 1181 MAC2STR(mgmt->sa)); 1182 return; 1183 } 1184 #endif /* CONFIG_MESH */ 1185 } else { 1186 #ifdef CONFIG_MESH 1187 if (hapd->conf->mesh & MESH_ENABLED) { 1188 /* if the mesh peer is not available, we don't do auth. 1189 */ 1190 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1191 " not yet known - drop Authentication frame", 1192 MAC2STR(mgmt->sa)); 1193 /* 1194 * Save a copy of the frame so that it can be processed 1195 * if a new peer entry is added shortly after this. 1196 */ 1197 wpabuf_free(hapd->mesh_pending_auth); 1198 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len); 1199 os_get_reltime(&hapd->mesh_pending_auth_time); 1200 return; 1201 } 1202 #endif /* CONFIG_MESH */ 1203 1204 sta = ap_sta_add(hapd, mgmt->sa); 1205 if (!sta) { 1206 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1207 goto fail; 1208 } 1209 } 1210 sta->last_seq_ctrl = seq_ctrl; 1211 sta->last_subtype = WLAN_FC_STYPE_AUTH; 1212 1213 if (vlan_id.notempty && 1214 !hostapd_vlan_valid(hapd->conf->vlan, &vlan_id)) { 1215 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1216 HOSTAPD_LEVEL_INFO, 1217 "Invalid VLAN %d%s received from RADIUS server", 1218 vlan_id.untagged, 1219 vlan_id.tagged[0] ? "+" : ""); 1220 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1221 goto fail; 1222 } 1223 if (ap_sta_set_vlan(hapd, sta, &vlan_id) < 0) { 1224 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1225 goto fail; 1226 } 1227 if (sta->vlan_id) 1228 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1229 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 1230 1231 hostapd_free_psk_list(sta->psk); 1232 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 1233 sta->psk = psk; 1234 psk = NULL; 1235 } else { 1236 sta->psk = NULL; 1237 } 1238 1239 sta->identity = identity; 1240 identity = NULL; 1241 sta->radius_cui = radius_cui; 1242 radius_cui = NULL; 1243 1244 sta->flags &= ~WLAN_STA_PREAUTH; 1245 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 1246 1247 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 1248 sta->acct_interim_interval = acct_interim_interval; 1249 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 1250 ap_sta_session_timeout(hapd, sta, session_timeout); 1251 else 1252 ap_sta_no_session_timeout(hapd, sta); 1253 1254 /* 1255 * If the driver supports full AP client state, add a station to the 1256 * driver before sending authentication reply to make sure the driver 1257 * has resources, and not to go through the entire authentication and 1258 * association handshake, and fail it at the end. 1259 * 1260 * If this is not the first transaction, in a multi-step authentication 1261 * algorithm, the station already exists in the driver 1262 * (sta->added_unassoc = 1) so skip it. 1263 * 1264 * In mesh mode, the station was already added to the driver when the 1265 * NEW_PEER_CANDIDATE event is received. 1266 */ 1267 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) && 1268 !(hapd->conf->mesh & MESH_ENABLED) && 1269 !(sta->added_unassoc)) { 1270 /* 1271 * If a station that is already associated to the AP, is trying 1272 * to authenticate again, remove the STA entry, in order to make 1273 * sure the STA PS state gets cleared and configuration gets 1274 * updated. To handle this, station's added_unassoc flag is 1275 * cleared once the station has completed association. 1276 */ 1277 hostapd_drv_sta_remove(hapd, sta->addr); 1278 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | 1279 WLAN_STA_AUTHORIZED); 1280 1281 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0, 1282 NULL, NULL, sta->flags, 0, 0, 0, 0)) { 1283 hostapd_logger(hapd, sta->addr, 1284 HOSTAPD_MODULE_IEEE80211, 1285 HOSTAPD_LEVEL_NOTICE, 1286 "Could not add STA to kernel driver"); 1287 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1288 goto fail; 1289 } 1290 1291 sta->added_unassoc = 1; 1292 } 1293 1294 switch (auth_alg) { 1295 case WLAN_AUTH_OPEN: 1296 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1297 HOSTAPD_LEVEL_DEBUG, 1298 "authentication OK (open system)"); 1299 sta->flags |= WLAN_STA_AUTH; 1300 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 1301 sta->auth_alg = WLAN_AUTH_OPEN; 1302 mlme_authenticate_indication(hapd, sta); 1303 break; 1304 #ifndef CONFIG_NO_RC4 1305 case WLAN_AUTH_SHARED_KEY: 1306 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 1307 fc & WLAN_FC_ISWEP); 1308 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 1309 mlme_authenticate_indication(hapd, sta); 1310 if (sta->challenge && auth_transaction == 1) { 1311 resp_ies[0] = WLAN_EID_CHALLENGE; 1312 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 1313 os_memcpy(resp_ies + 2, sta->challenge, 1314 WLAN_AUTH_CHALLENGE_LEN); 1315 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 1316 } 1317 break; 1318 #endif /* CONFIG_NO_RC4 */ 1319 #ifdef CONFIG_IEEE80211R 1320 case WLAN_AUTH_FT: 1321 sta->auth_alg = WLAN_AUTH_FT; 1322 if (sta->wpa_sm == NULL) 1323 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1324 sta->addr, NULL); 1325 if (sta->wpa_sm == NULL) { 1326 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 1327 "state machine"); 1328 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1329 goto fail; 1330 } 1331 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 1332 auth_transaction, mgmt->u.auth.variable, 1333 len - IEEE80211_HDRLEN - 1334 sizeof(mgmt->u.auth), 1335 handle_auth_ft_finish, hapd); 1336 /* handle_auth_ft_finish() callback will complete auth. */ 1337 return; 1338 #endif /* CONFIG_IEEE80211R */ 1339 #ifdef CONFIG_SAE 1340 case WLAN_AUTH_SAE: 1341 #ifdef CONFIG_MESH 1342 if (status_code == WLAN_STATUS_SUCCESS && 1343 hapd->conf->mesh & MESH_ENABLED) { 1344 if (sta->wpa_sm == NULL) 1345 sta->wpa_sm = 1346 wpa_auth_sta_init(hapd->wpa_auth, 1347 sta->addr, NULL); 1348 if (sta->wpa_sm == NULL) { 1349 wpa_printf(MSG_DEBUG, 1350 "SAE: Failed to initialize WPA state machine"); 1351 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1352 goto fail; 1353 } 1354 } 1355 #endif /* CONFIG_MESH */ 1356 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction, 1357 status_code); 1358 return; 1359 #endif /* CONFIG_SAE */ 1360 } 1361 1362 fail: 1363 os_free(identity); 1364 os_free(radius_cui); 1365 hostapd_free_psk_list(psk); 1366 1367 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 1368 auth_transaction + 1, resp, resp_ies, 1369 resp_ies_len); 1370 1371 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 1372 reply_res != WLAN_STATUS_SUCCESS)) { 1373 hostapd_drv_sta_remove(hapd, sta->addr); 1374 sta->added_unassoc = 0; 1375 } 1376 } 1377 1378 1379 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 1380 { 1381 int i, j = 32, aid; 1382 1383 /* get a unique AID */ 1384 if (sta->aid > 0) { 1385 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 1386 return 0; 1387 } 1388 1389 if (TEST_FAIL()) 1390 return -1; 1391 1392 for (i = 0; i < AID_WORDS; i++) { 1393 if (hapd->sta_aid[i] == (u32) -1) 1394 continue; 1395 for (j = 0; j < 32; j++) { 1396 if (!(hapd->sta_aid[i] & BIT(j))) 1397 break; 1398 } 1399 if (j < 32) 1400 break; 1401 } 1402 if (j == 32) 1403 return -1; 1404 aid = i * 32 + j + 1; 1405 if (aid > 2007) 1406 return -1; 1407 1408 sta->aid = aid; 1409 hapd->sta_aid[i] |= BIT(j); 1410 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 1411 return 0; 1412 } 1413 1414 1415 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 1416 const u8 *ssid_ie, size_t ssid_ie_len) 1417 { 1418 if (ssid_ie == NULL) 1419 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1420 1421 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 1422 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 1423 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1424 HOSTAPD_LEVEL_INFO, 1425 "Station tried to associate with unknown SSID " 1426 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len)); 1427 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1428 } 1429 1430 return WLAN_STATUS_SUCCESS; 1431 } 1432 1433 1434 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 1435 const u8 *wmm_ie, size_t wmm_ie_len) 1436 { 1437 sta->flags &= ~WLAN_STA_WMM; 1438 sta->qosinfo = 0; 1439 if (wmm_ie && hapd->conf->wmm_enabled) { 1440 struct wmm_information_element *wmm; 1441 1442 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 1443 hostapd_logger(hapd, sta->addr, 1444 HOSTAPD_MODULE_WPA, 1445 HOSTAPD_LEVEL_DEBUG, 1446 "invalid WMM element in association " 1447 "request"); 1448 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1449 } 1450 1451 sta->flags |= WLAN_STA_WMM; 1452 wmm = (struct wmm_information_element *) wmm_ie; 1453 sta->qosinfo = wmm->qos_info; 1454 } 1455 return WLAN_STATUS_SUCCESS; 1456 } 1457 1458 1459 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 1460 struct ieee802_11_elems *elems) 1461 { 1462 if (!elems->supp_rates) { 1463 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1464 HOSTAPD_LEVEL_DEBUG, 1465 "No supported rates element in AssocReq"); 1466 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1467 } 1468 1469 if (elems->supp_rates_len + elems->ext_supp_rates_len > 1470 sizeof(sta->supported_rates)) { 1471 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1472 HOSTAPD_LEVEL_DEBUG, 1473 "Invalid supported rates element length %d+%d", 1474 elems->supp_rates_len, 1475 elems->ext_supp_rates_len); 1476 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1477 } 1478 1479 sta->supported_rates_len = merge_byte_arrays( 1480 sta->supported_rates, sizeof(sta->supported_rates), 1481 elems->supp_rates, elems->supp_rates_len, 1482 elems->ext_supp_rates, elems->ext_supp_rates_len); 1483 1484 return WLAN_STATUS_SUCCESS; 1485 } 1486 1487 1488 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, 1489 const u8 *ext_capab_ie, size_t ext_capab_ie_len) 1490 { 1491 #ifdef CONFIG_INTERWORKING 1492 /* check for QoS Map support */ 1493 if (ext_capab_ie_len >= 5) { 1494 if (ext_capab_ie[4] & 0x01) 1495 sta->qos_map_enabled = 1; 1496 } 1497 #endif /* CONFIG_INTERWORKING */ 1498 1499 if (ext_capab_ie_len > 0) 1500 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2)); 1501 1502 return WLAN_STATUS_SUCCESS; 1503 } 1504 1505 1506 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 1507 const u8 *ies, size_t ies_len, int reassoc) 1508 { 1509 struct ieee802_11_elems elems; 1510 u16 resp; 1511 const u8 *wpa_ie; 1512 size_t wpa_ie_len; 1513 const u8 *p2p_dev_addr = NULL; 1514 1515 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 1516 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1517 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 1518 "association request"); 1519 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1520 } 1521 1522 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 1523 if (resp != WLAN_STATUS_SUCCESS) 1524 return resp; 1525 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 1526 if (resp != WLAN_STATUS_SUCCESS) 1527 return resp; 1528 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len); 1529 if (resp != WLAN_STATUS_SUCCESS) 1530 return resp; 1531 resp = copy_supp_rates(hapd, sta, &elems); 1532 if (resp != WLAN_STATUS_SUCCESS) 1533 return resp; 1534 #ifdef CONFIG_IEEE80211N 1535 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities); 1536 if (resp != WLAN_STATUS_SUCCESS) 1537 return resp; 1538 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 1539 !(sta->flags & WLAN_STA_HT)) { 1540 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1541 HOSTAPD_LEVEL_INFO, "Station does not support " 1542 "mandatory HT PHY - reject association"); 1543 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 1544 } 1545 #endif /* CONFIG_IEEE80211N */ 1546 1547 #ifdef CONFIG_IEEE80211AC 1548 if (hapd->iconf->ieee80211ac) { 1549 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities); 1550 if (resp != WLAN_STATUS_SUCCESS) 1551 return resp; 1552 1553 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif); 1554 if (resp != WLAN_STATUS_SUCCESS) 1555 return resp; 1556 } 1557 1558 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 1559 !(sta->flags & WLAN_STA_VHT)) { 1560 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1561 HOSTAPD_LEVEL_INFO, "Station does not support " 1562 "mandatory VHT PHY - reject association"); 1563 return WLAN_STATUS_ASSOC_DENIED_NO_VHT; 1564 } 1565 1566 if (hapd->conf->vendor_vht && !elems.vht_capabilities) { 1567 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht, 1568 elems.vendor_vht_len); 1569 if (resp != WLAN_STATUS_SUCCESS) 1570 return resp; 1571 } 1572 #endif /* CONFIG_IEEE80211AC */ 1573 1574 #ifdef CONFIG_P2P 1575 if (elems.p2p) { 1576 wpabuf_free(sta->p2p_ie); 1577 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1578 P2P_IE_VENDOR_TYPE); 1579 if (sta->p2p_ie) 1580 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 1581 } else { 1582 wpabuf_free(sta->p2p_ie); 1583 sta->p2p_ie = NULL; 1584 } 1585 #endif /* CONFIG_P2P */ 1586 1587 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 1588 wpa_ie = elems.rsn_ie; 1589 wpa_ie_len = elems.rsn_ie_len; 1590 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 1591 elems.wpa_ie) { 1592 wpa_ie = elems.wpa_ie; 1593 wpa_ie_len = elems.wpa_ie_len; 1594 } else { 1595 wpa_ie = NULL; 1596 wpa_ie_len = 0; 1597 } 1598 1599 #ifdef CONFIG_WPS 1600 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 1601 if (hapd->conf->wps_state && elems.wps_ie) { 1602 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 1603 "Request - assume WPS is used"); 1604 sta->flags |= WLAN_STA_WPS; 1605 wpabuf_free(sta->wps_ie); 1606 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 1607 WPS_IE_VENDOR_TYPE); 1608 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 1609 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 1610 sta->flags |= WLAN_STA_WPS2; 1611 } 1612 wpa_ie = NULL; 1613 wpa_ie_len = 0; 1614 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 1615 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 1616 "(Re)Association Request - reject"); 1617 return WLAN_STATUS_INVALID_IE; 1618 } 1619 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 1620 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 1621 "(Re)Association Request - possible WPS use"); 1622 sta->flags |= WLAN_STA_MAYBE_WPS; 1623 } else 1624 #endif /* CONFIG_WPS */ 1625 if (hapd->conf->wpa && wpa_ie == NULL) { 1626 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1627 HOSTAPD_LEVEL_INFO, 1628 "No WPA/RSN IE in association request"); 1629 return WLAN_STATUS_INVALID_IE; 1630 } 1631 1632 if (hapd->conf->wpa && wpa_ie) { 1633 int res; 1634 wpa_ie -= 2; 1635 wpa_ie_len += 2; 1636 if (sta->wpa_sm == NULL) 1637 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1638 sta->addr, 1639 p2p_dev_addr); 1640 if (sta->wpa_sm == NULL) { 1641 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1642 "state machine"); 1643 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1644 } 1645 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 1646 wpa_ie, wpa_ie_len, 1647 elems.mdie, elems.mdie_len); 1648 if (res == WPA_INVALID_GROUP) 1649 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 1650 else if (res == WPA_INVALID_PAIRWISE) 1651 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 1652 else if (res == WPA_INVALID_AKMP) 1653 resp = WLAN_STATUS_AKMP_NOT_VALID; 1654 else if (res == WPA_ALLOC_FAIL) 1655 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1656 #ifdef CONFIG_IEEE80211W 1657 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 1658 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1659 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 1660 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1661 #endif /* CONFIG_IEEE80211W */ 1662 else if (res == WPA_INVALID_MDIE) 1663 resp = WLAN_STATUS_INVALID_MDIE; 1664 else if (res != WPA_IE_OK) 1665 resp = WLAN_STATUS_INVALID_IE; 1666 if (resp != WLAN_STATUS_SUCCESS) 1667 return resp; 1668 #ifdef CONFIG_IEEE80211W 1669 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1670 sta->sa_query_count > 0) 1671 ap_check_sa_query_timeout(hapd, sta); 1672 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 1673 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 1674 /* 1675 * STA has already been associated with MFP and SA 1676 * Query timeout has not been reached. Reject the 1677 * association attempt temporarily and start SA Query, 1678 * if one is not pending. 1679 */ 1680 1681 if (sta->sa_query_count == 0) 1682 ap_sta_start_sa_query(hapd, sta); 1683 1684 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 1685 } 1686 1687 if (wpa_auth_uses_mfp(sta->wpa_sm)) 1688 sta->flags |= WLAN_STA_MFP; 1689 else 1690 sta->flags &= ~WLAN_STA_MFP; 1691 #endif /* CONFIG_IEEE80211W */ 1692 1693 #ifdef CONFIG_IEEE80211R 1694 if (sta->auth_alg == WLAN_AUTH_FT) { 1695 if (!reassoc) { 1696 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 1697 "to use association (not " 1698 "re-association) with FT auth_alg", 1699 MAC2STR(sta->addr)); 1700 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1701 } 1702 1703 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 1704 ies_len); 1705 if (resp != WLAN_STATUS_SUCCESS) 1706 return resp; 1707 } 1708 #endif /* CONFIG_IEEE80211R */ 1709 1710 #ifdef CONFIG_SAE 1711 if (wpa_auth_uses_sae(sta->wpa_sm) && 1712 sta->auth_alg == WLAN_AUTH_OPEN) { 1713 struct rsn_pmksa_cache_entry *sa; 1714 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm); 1715 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) { 1716 wpa_printf(MSG_DEBUG, 1717 "SAE: No PMKSA cache entry found for " 1718 MACSTR, MAC2STR(sta->addr)); 1719 return WLAN_STATUS_INVALID_PMKID; 1720 } 1721 wpa_printf(MSG_DEBUG, "SAE: " MACSTR 1722 " using PMKSA caching", MAC2STR(sta->addr)); 1723 } else if (wpa_auth_uses_sae(sta->wpa_sm) && 1724 sta->auth_alg != WLAN_AUTH_SAE && 1725 !(sta->auth_alg == WLAN_AUTH_FT && 1726 wpa_auth_uses_ft_sae(sta->wpa_sm))) { 1727 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 1728 "SAE AKM after non-SAE auth_alg %u", 1729 MAC2STR(sta->addr), sta->auth_alg); 1730 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1731 } 1732 #endif /* CONFIG_SAE */ 1733 1734 #ifdef CONFIG_IEEE80211N 1735 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 1736 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 1737 hostapd_logger(hapd, sta->addr, 1738 HOSTAPD_MODULE_IEEE80211, 1739 HOSTAPD_LEVEL_INFO, 1740 "Station tried to use TKIP with HT " 1741 "association"); 1742 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1743 } 1744 #endif /* CONFIG_IEEE80211N */ 1745 #ifdef CONFIG_HS20 1746 } else if (hapd->conf->osen) { 1747 if (elems.osen == NULL) { 1748 hostapd_logger( 1749 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1750 HOSTAPD_LEVEL_INFO, 1751 "No HS 2.0 OSEN element in association request"); 1752 return WLAN_STATUS_INVALID_IE; 1753 } 1754 1755 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association"); 1756 if (sta->wpa_sm == NULL) 1757 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 1758 sta->addr, NULL); 1759 if (sta->wpa_sm == NULL) { 1760 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 1761 "state machine"); 1762 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1763 } 1764 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm, 1765 elems.osen - 2, elems.osen_len + 2) < 0) 1766 return WLAN_STATUS_INVALID_IE; 1767 #endif /* CONFIG_HS20 */ 1768 } else 1769 wpa_auth_sta_no_wpa(sta->wpa_sm); 1770 1771 #ifdef CONFIG_P2P 1772 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 1773 #endif /* CONFIG_P2P */ 1774 1775 #ifdef CONFIG_HS20 1776 wpabuf_free(sta->hs20_ie); 1777 if (elems.hs20 && elems.hs20_len > 4) { 1778 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 1779 elems.hs20_len - 4); 1780 } else 1781 sta->hs20_ie = NULL; 1782 #endif /* CONFIG_HS20 */ 1783 1784 #ifdef CONFIG_FST 1785 wpabuf_free(sta->mb_ies); 1786 if (hapd->iface->fst) 1787 sta->mb_ies = mb_ies_by_info(&elems.mb_ies); 1788 else 1789 sta->mb_ies = NULL; 1790 #endif /* CONFIG_FST */ 1791 1792 #ifdef CONFIG_MBO 1793 mbo_ap_check_sta_assoc(hapd, sta, &elems); 1794 1795 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) && 1796 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) && 1797 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 1798 wpa_printf(MSG_INFO, 1799 "MBO: Reject WPA2 association without PMF"); 1800 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1801 } 1802 #endif /* CONFIG_MBO */ 1803 1804 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes, 1805 elems.supp_op_classes_len); 1806 1807 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) && 1808 elems.rrm_enabled && 1809 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa)) 1810 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled, 1811 sizeof(sta->rrm_enabled_capa)); 1812 1813 return WLAN_STATUS_SUCCESS; 1814 } 1815 1816 1817 static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 1818 u16 reason_code) 1819 { 1820 int send_len; 1821 struct ieee80211_mgmt reply; 1822 1823 os_memset(&reply, 0, sizeof(reply)); 1824 reply.frame_control = 1825 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1826 os_memcpy(reply.da, addr, ETH_ALEN); 1827 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1828 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1829 1830 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1831 reply.u.deauth.reason_code = host_to_le16(reason_code); 1832 1833 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1834 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1835 strerror(errno)); 1836 } 1837 1838 1839 static int add_associated_sta(struct hostapd_data *hapd, 1840 struct sta_info *sta) 1841 { 1842 struct ieee80211_ht_capabilities ht_cap; 1843 struct ieee80211_vht_capabilities vht_cap; 1844 int set = 1; 1845 1846 /* 1847 * Remove the STA entry to ensure the STA PS state gets cleared and 1848 * configuration gets updated. This is relevant for cases, such as 1849 * FT-over-the-DS, where a station re-associates back to the same AP but 1850 * skips the authentication flow, or if working with a driver that 1851 * does not support full AP client state. 1852 * 1853 * Skip this if the STA has already completed FT reassociation and the 1854 * TK has been configured since the TX/RX PN must not be reset to 0 for 1855 * the same key. 1856 */ 1857 if (!sta->added_unassoc && 1858 (!(sta->flags & WLAN_STA_AUTHORIZED) || 1859 !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { 1860 hostapd_drv_sta_remove(hapd, sta->addr); 1861 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); 1862 set = 0; 1863 } 1864 1865 #ifdef CONFIG_IEEE80211N 1866 if (sta->flags & WLAN_STA_HT) 1867 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1868 #endif /* CONFIG_IEEE80211N */ 1869 #ifdef CONFIG_IEEE80211AC 1870 if (sta->flags & WLAN_STA_VHT) 1871 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1872 #endif /* CONFIG_IEEE80211AC */ 1873 1874 /* 1875 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags 1876 * will be set when the ACK frame for the (Re)Association Response frame 1877 * is processed (TX status driver event). 1878 */ 1879 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1880 sta->supported_rates, sta->supported_rates_len, 1881 sta->listen_interval, 1882 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1883 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1884 sta->flags | WLAN_STA_ASSOC, sta->qosinfo, 1885 sta->vht_opmode, sta->p2p_ie ? 1 : 0, 1886 set)) { 1887 hostapd_logger(hapd, sta->addr, 1888 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, 1889 "Could not %s STA to kernel driver", 1890 set ? "set" : "add"); 1891 1892 if (sta->added_unassoc) { 1893 hostapd_drv_sta_remove(hapd, sta->addr); 1894 sta->added_unassoc = 0; 1895 } 1896 1897 return -1; 1898 } 1899 1900 sta->added_unassoc = 0; 1901 1902 return 0; 1903 } 1904 1905 1906 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1907 u16 status_code, int reassoc, const u8 *ies, 1908 size_t ies_len) 1909 { 1910 int send_len; 1911 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1912 struct ieee80211_mgmt *reply; 1913 u8 *p; 1914 1915 os_memset(buf, 0, sizeof(buf)); 1916 reply = (struct ieee80211_mgmt *) buf; 1917 reply->frame_control = 1918 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1919 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1920 WLAN_FC_STYPE_ASSOC_RESP)); 1921 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1922 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1923 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1924 1925 send_len = IEEE80211_HDRLEN; 1926 send_len += sizeof(reply->u.assoc_resp); 1927 reply->u.assoc_resp.capab_info = 1928 host_to_le16(hostapd_own_capab_info(hapd)); 1929 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1930 reply->u.assoc_resp.aid = host_to_le16(sta->aid | BIT(14) | BIT(15)); 1931 /* Supported rates */ 1932 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1933 /* Extended supported rates */ 1934 p = hostapd_eid_ext_supp_rates(hapd, p); 1935 1936 #ifdef CONFIG_IEEE80211R 1937 if (status_code == WLAN_STATUS_SUCCESS) { 1938 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1939 * Transition Information, RSN, [RIC Response] */ 1940 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1941 buf + sizeof(buf) - p, 1942 sta->auth_alg, ies, ies_len); 1943 } 1944 #endif /* CONFIG_IEEE80211R */ 1945 1946 #ifdef CONFIG_IEEE80211W 1947 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1948 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1949 #endif /* CONFIG_IEEE80211W */ 1950 1951 #ifdef CONFIG_IEEE80211N 1952 p = hostapd_eid_ht_capabilities(hapd, p); 1953 p = hostapd_eid_ht_operation(hapd, p); 1954 #endif /* CONFIG_IEEE80211N */ 1955 1956 #ifdef CONFIG_IEEE80211AC 1957 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) { 1958 u32 nsts = 0, sta_nsts; 1959 1960 if (hapd->conf->use_sta_nsts && sta->vht_capabilities) { 1961 struct ieee80211_vht_capabilities *capa; 1962 1963 nsts = (hapd->iface->conf->vht_capab >> 1964 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7; 1965 capa = sta->vht_capabilities; 1966 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >> 1967 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7; 1968 1969 if (nsts < sta_nsts) 1970 nsts = 0; 1971 else 1972 nsts = sta_nsts; 1973 } 1974 p = hostapd_eid_vht_capabilities(hapd, p, nsts); 1975 p = hostapd_eid_vht_operation(hapd, p); 1976 } 1977 #endif /* CONFIG_IEEE80211AC */ 1978 1979 p = hostapd_eid_ext_capab(hapd, p); 1980 p = hostapd_eid_bss_max_idle_period(hapd, p); 1981 if (sta->qos_map_enabled) 1982 p = hostapd_eid_qos_map_set(hapd, p); 1983 1984 #ifdef CONFIG_FST 1985 if (hapd->iface->fst_ies) { 1986 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies), 1987 wpabuf_len(hapd->iface->fst_ies)); 1988 p += wpabuf_len(hapd->iface->fst_ies); 1989 } 1990 #endif /* CONFIG_FST */ 1991 1992 #ifdef CONFIG_IEEE80211AC 1993 if (hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT)) 1994 p = hostapd_eid_vendor_vht(hapd, p); 1995 #endif /* CONFIG_IEEE80211AC */ 1996 1997 if (sta->flags & WLAN_STA_WMM) 1998 p = hostapd_eid_wmm(hapd, p); 1999 2000 #ifdef CONFIG_WPS 2001 if ((sta->flags & WLAN_STA_WPS) || 2002 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 2003 struct wpabuf *wps = wps_build_assoc_resp_ie(); 2004 if (wps) { 2005 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 2006 p += wpabuf_len(wps); 2007 wpabuf_free(wps); 2008 } 2009 } 2010 #endif /* CONFIG_WPS */ 2011 2012 #ifdef CONFIG_P2P 2013 if (sta->p2p_ie && hapd->p2p_group) { 2014 struct wpabuf *p2p_resp_ie; 2015 enum p2p_status_code status; 2016 switch (status_code) { 2017 case WLAN_STATUS_SUCCESS: 2018 status = P2P_SC_SUCCESS; 2019 break; 2020 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 2021 status = P2P_SC_FAIL_LIMIT_REACHED; 2022 break; 2023 default: 2024 status = P2P_SC_FAIL_INVALID_PARAMS; 2025 break; 2026 } 2027 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 2028 if (p2p_resp_ie) { 2029 os_memcpy(p, wpabuf_head(p2p_resp_ie), 2030 wpabuf_len(p2p_resp_ie)); 2031 p += wpabuf_len(p2p_resp_ie); 2032 wpabuf_free(p2p_resp_ie); 2033 } 2034 } 2035 #endif /* CONFIG_P2P */ 2036 2037 #ifdef CONFIG_P2P_MANAGER 2038 if (hapd->conf->p2p & P2P_MANAGE) 2039 p = hostapd_eid_p2p_manage(hapd, p); 2040 #endif /* CONFIG_P2P_MANAGER */ 2041 2042 p = hostapd_eid_mbo(hapd, p, buf + sizeof(buf) - p); 2043 2044 if (hapd->conf->assocresp_elements && 2045 (size_t) (buf + sizeof(buf) - p) >= 2046 wpabuf_len(hapd->conf->assocresp_elements)) { 2047 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements), 2048 wpabuf_len(hapd->conf->assocresp_elements)); 2049 p += wpabuf_len(hapd->conf->assocresp_elements); 2050 } 2051 2052 send_len += p - reply->u.assoc_resp.variable; 2053 2054 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) { 2055 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 2056 strerror(errno)); 2057 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2058 } 2059 2060 return WLAN_STATUS_SUCCESS; 2061 } 2062 2063 2064 static void handle_assoc(struct hostapd_data *hapd, 2065 const struct ieee80211_mgmt *mgmt, size_t len, 2066 int reassoc) 2067 { 2068 u16 capab_info, listen_interval, seq_ctrl, fc; 2069 u16 resp = WLAN_STATUS_SUCCESS, reply_res; 2070 const u8 *pos; 2071 int left, i; 2072 struct sta_info *sta; 2073 2074 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 2075 sizeof(mgmt->u.assoc_req))) { 2076 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)", 2077 reassoc, (unsigned long) len); 2078 return; 2079 } 2080 2081 #ifdef CONFIG_TESTING_OPTIONS 2082 if (reassoc) { 2083 if (hapd->iconf->ignore_reassoc_probability > 0.0 && 2084 drand48() < hapd->iconf->ignore_reassoc_probability) { 2085 wpa_printf(MSG_INFO, 2086 "TESTING: ignoring reassoc request from " 2087 MACSTR, MAC2STR(mgmt->sa)); 2088 return; 2089 } 2090 } else { 2091 if (hapd->iconf->ignore_assoc_probability > 0.0 && 2092 drand48() < hapd->iconf->ignore_assoc_probability) { 2093 wpa_printf(MSG_INFO, 2094 "TESTING: ignoring assoc request from " 2095 MACSTR, MAC2STR(mgmt->sa)); 2096 return; 2097 } 2098 } 2099 #endif /* CONFIG_TESTING_OPTIONS */ 2100 2101 fc = le_to_host16(mgmt->frame_control); 2102 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 2103 2104 if (reassoc) { 2105 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 2106 listen_interval = le_to_host16( 2107 mgmt->u.reassoc_req.listen_interval); 2108 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 2109 " capab_info=0x%02x listen_interval=%d current_ap=" 2110 MACSTR " seq_ctrl=0x%x%s", 2111 MAC2STR(mgmt->sa), capab_info, listen_interval, 2112 MAC2STR(mgmt->u.reassoc_req.current_ap), 2113 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 2114 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 2115 pos = mgmt->u.reassoc_req.variable; 2116 } else { 2117 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 2118 listen_interval = le_to_host16( 2119 mgmt->u.assoc_req.listen_interval); 2120 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 2121 " capab_info=0x%02x listen_interval=%d " 2122 "seq_ctrl=0x%x%s", 2123 MAC2STR(mgmt->sa), capab_info, listen_interval, 2124 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 2125 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 2126 pos = mgmt->u.assoc_req.variable; 2127 } 2128 2129 sta = ap_get_sta(hapd, mgmt->sa); 2130 #ifdef CONFIG_IEEE80211R 2131 if (sta && sta->auth_alg == WLAN_AUTH_FT && 2132 (sta->flags & WLAN_STA_AUTH) == 0) { 2133 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 2134 "prior to authentication since it is using " 2135 "over-the-DS FT", MAC2STR(mgmt->sa)); 2136 2137 /* 2138 * Mark station as authenticated, to avoid adding station 2139 * entry in the driver as associated and not authenticated 2140 */ 2141 sta->flags |= WLAN_STA_AUTH; 2142 } else 2143 #endif /* CONFIG_IEEE80211R */ 2144 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 2145 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2146 HOSTAPD_LEVEL_INFO, "Station tried to " 2147 "associate before authentication " 2148 "(aid=%d flags=0x%x)", 2149 sta ? sta->aid : -1, 2150 sta ? sta->flags : 0); 2151 send_deauth(hapd, mgmt->sa, 2152 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 2153 return; 2154 } 2155 2156 if ((fc & WLAN_FC_RETRY) && 2157 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 2158 sta->last_seq_ctrl == seq_ctrl && 2159 sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 2160 WLAN_FC_STYPE_ASSOC_REQ) { 2161 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2162 HOSTAPD_LEVEL_DEBUG, 2163 "Drop repeated association frame seq_ctrl=0x%x", 2164 seq_ctrl); 2165 return; 2166 } 2167 sta->last_seq_ctrl = seq_ctrl; 2168 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 2169 WLAN_FC_STYPE_ASSOC_REQ; 2170 2171 if (hapd->tkip_countermeasures) { 2172 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 2173 goto fail; 2174 } 2175 2176 if (listen_interval > hapd->conf->max_listen_interval) { 2177 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2178 HOSTAPD_LEVEL_DEBUG, 2179 "Too large Listen Interval (%d)", 2180 listen_interval); 2181 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 2182 goto fail; 2183 } 2184 2185 #ifdef CONFIG_MBO 2186 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) { 2187 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2188 goto fail; 2189 } 2190 #endif /* CONFIG_MBO */ 2191 2192 /* 2193 * sta->capability is used in check_assoc_ies() for RRM enabled 2194 * capability element. 2195 */ 2196 sta->capability = capab_info; 2197 2198 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 2199 * is used */ 2200 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 2201 if (resp != WLAN_STATUS_SUCCESS) 2202 goto fail; 2203 2204 if (hostapd_get_aid(hapd, sta) < 0) { 2205 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2206 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 2207 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2208 goto fail; 2209 } 2210 2211 sta->listen_interval = listen_interval; 2212 2213 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 2214 sta->flags |= WLAN_STA_NONERP; 2215 for (i = 0; i < sta->supported_rates_len; i++) { 2216 if ((sta->supported_rates[i] & 0x7f) > 22) { 2217 sta->flags &= ~WLAN_STA_NONERP; 2218 break; 2219 } 2220 } 2221 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 2222 sta->nonerp_set = 1; 2223 hapd->iface->num_sta_non_erp++; 2224 if (hapd->iface->num_sta_non_erp == 1) 2225 ieee802_11_set_beacons(hapd->iface); 2226 } 2227 2228 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 2229 !sta->no_short_slot_time_set) { 2230 sta->no_short_slot_time_set = 1; 2231 hapd->iface->num_sta_no_short_slot_time++; 2232 if (hapd->iface->current_mode->mode == 2233 HOSTAPD_MODE_IEEE80211G && 2234 hapd->iface->num_sta_no_short_slot_time == 1) 2235 ieee802_11_set_beacons(hapd->iface); 2236 } 2237 2238 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 2239 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 2240 else 2241 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 2242 2243 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 2244 !sta->no_short_preamble_set) { 2245 sta->no_short_preamble_set = 1; 2246 hapd->iface->num_sta_no_short_preamble++; 2247 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 2248 && hapd->iface->num_sta_no_short_preamble == 1) 2249 ieee802_11_set_beacons(hapd->iface); 2250 } 2251 2252 #ifdef CONFIG_IEEE80211N 2253 update_ht_state(hapd, sta); 2254 #endif /* CONFIG_IEEE80211N */ 2255 2256 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2257 HOSTAPD_LEVEL_DEBUG, 2258 "association OK (aid %d)", sta->aid); 2259 /* Station will be marked associated, after it acknowledges AssocResp 2260 */ 2261 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 2262 2263 #ifdef CONFIG_IEEE80211W 2264 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 2265 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 2266 "SA Query procedure", reassoc ? "re" : ""); 2267 /* TODO: Send a protected Disassociate frame to the STA using 2268 * the old key and Reason Code "Previous Authentication no 2269 * longer valid". Make sure this is only sent protected since 2270 * unprotected frame would be received by the STA that is now 2271 * trying to associate. 2272 */ 2273 } 2274 #endif /* CONFIG_IEEE80211W */ 2275 2276 /* Make sure that the previously registered inactivity timer will not 2277 * remove the STA immediately. */ 2278 sta->timeout_next = STA_NULLFUNC; 2279 2280 #ifdef CONFIG_TAXONOMY 2281 taxonomy_sta_info_assoc_req(hapd, sta, pos, left); 2282 #endif /* CONFIG_TAXONOMY */ 2283 2284 fail: 2285 /* 2286 * In case of a successful response, add the station to the driver. 2287 * Otherwise, the kernel may ignore Data frames before we process the 2288 * ACK frame (TX status). In case of a failure, this station will be 2289 * removed. 2290 * 2291 * Note that this is not compliant with the IEEE 802.11 standard that 2292 * states that a non-AP station should transition into the 2293 * authenticated/associated state only after the station acknowledges 2294 * the (Re)Association Response frame. However, still do this as: 2295 * 2296 * 1. In case the station does not acknowledge the (Re)Association 2297 * Response frame, it will be removed. 2298 * 2. Data frames will be dropped in the kernel until the station is 2299 * set into authorized state, and there are no significant known 2300 * issues with processing other non-Data Class 3 frames during this 2301 * window. 2302 */ 2303 if (resp == WLAN_STATUS_SUCCESS && add_associated_sta(hapd, sta)) 2304 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2305 2306 reply_res = send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 2307 2308 /* 2309 * Remove the station in case tranmission of a success response fails 2310 * (the STA was added associated to the driver) or if the station was 2311 * previously added unassociated. 2312 */ 2313 if ((reply_res != WLAN_STATUS_SUCCESS && 2314 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc) { 2315 hostapd_drv_sta_remove(hapd, sta->addr); 2316 sta->added_unassoc = 0; 2317 } 2318 } 2319 2320 2321 static void handle_disassoc(struct hostapd_data *hapd, 2322 const struct ieee80211_mgmt *mgmt, size_t len) 2323 { 2324 struct sta_info *sta; 2325 2326 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 2327 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)", 2328 (unsigned long) len); 2329 return; 2330 } 2331 2332 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 2333 MAC2STR(mgmt->sa), 2334 le_to_host16(mgmt->u.disassoc.reason_code)); 2335 2336 sta = ap_get_sta(hapd, mgmt->sa); 2337 if (sta == NULL) { 2338 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated", 2339 MAC2STR(mgmt->sa)); 2340 return; 2341 } 2342 2343 ap_sta_set_authorized(hapd, sta, 0); 2344 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 2345 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 2346 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 2347 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2348 HOSTAPD_LEVEL_INFO, "disassociated"); 2349 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 2350 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 2351 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 2352 * authenticated. */ 2353 accounting_sta_stop(hapd, sta); 2354 ieee802_1x_free_station(hapd, sta); 2355 if (sta->ipaddr) 2356 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 2357 ap_sta_ip6addr_del(hapd, sta); 2358 hostapd_drv_sta_remove(hapd, sta->addr); 2359 sta->added_unassoc = 0; 2360 2361 if (sta->timeout_next == STA_NULLFUNC || 2362 sta->timeout_next == STA_DISASSOC) { 2363 sta->timeout_next = STA_DEAUTH; 2364 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 2365 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 2366 hapd, sta); 2367 } 2368 2369 mlme_disassociate_indication( 2370 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 2371 } 2372 2373 2374 static void handle_deauth(struct hostapd_data *hapd, 2375 const struct ieee80211_mgmt *mgmt, size_t len) 2376 { 2377 struct sta_info *sta; 2378 2379 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 2380 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 2381 "payload (len=%lu)", (unsigned long) len); 2382 return; 2383 } 2384 2385 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 2386 " reason_code=%d", 2387 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 2388 2389 sta = ap_get_sta(hapd, mgmt->sa); 2390 if (sta == NULL) { 2391 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 2392 "to deauthenticate, but it is not authenticated", 2393 MAC2STR(mgmt->sa)); 2394 return; 2395 } 2396 2397 ap_sta_set_authorized(hapd, sta, 0); 2398 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 2399 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 2400 WLAN_STA_ASSOC_REQ_OK); 2401 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 2402 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2403 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 2404 mlme_deauthenticate_indication( 2405 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 2406 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 2407 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 2408 ap_free_sta(hapd, sta); 2409 } 2410 2411 2412 static void handle_beacon(struct hostapd_data *hapd, 2413 const struct ieee80211_mgmt *mgmt, size_t len, 2414 struct hostapd_frame_info *fi) 2415 { 2416 struct ieee802_11_elems elems; 2417 2418 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 2419 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)", 2420 (unsigned long) len); 2421 return; 2422 } 2423 2424 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 2425 len - (IEEE80211_HDRLEN + 2426 sizeof(mgmt->u.beacon)), &elems, 2427 0); 2428 2429 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 2430 } 2431 2432 2433 #ifdef CONFIG_IEEE80211W 2434 2435 static int hostapd_sa_query_action(struct hostapd_data *hapd, 2436 const struct ieee80211_mgmt *mgmt, 2437 size_t len) 2438 { 2439 const u8 *end; 2440 2441 end = mgmt->u.action.u.sa_query_resp.trans_id + 2442 WLAN_SA_QUERY_TR_ID_LEN; 2443 if (((u8 *) mgmt) + len < end) { 2444 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 2445 "frame (len=%lu)", (unsigned long) len); 2446 return 0; 2447 } 2448 2449 ieee802_11_sa_query_action(hapd, mgmt->sa, 2450 mgmt->u.action.u.sa_query_resp.action, 2451 mgmt->u.action.u.sa_query_resp.trans_id); 2452 return 1; 2453 } 2454 2455 2456 static int robust_action_frame(u8 category) 2457 { 2458 return category != WLAN_ACTION_PUBLIC && 2459 category != WLAN_ACTION_HT; 2460 } 2461 #endif /* CONFIG_IEEE80211W */ 2462 2463 2464 static int handle_action(struct hostapd_data *hapd, 2465 const struct ieee80211_mgmt *mgmt, size_t len) 2466 { 2467 struct sta_info *sta; 2468 sta = ap_get_sta(hapd, mgmt->sa); 2469 2470 if (len < IEEE80211_HDRLEN + 1) { 2471 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2472 HOSTAPD_LEVEL_DEBUG, 2473 "handle_action - too short payload (len=%lu)", 2474 (unsigned long) len); 2475 return 0; 2476 } 2477 2478 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 2479 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 2480 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 2481 "frame (category=%u) from unassociated STA " MACSTR, 2482 MAC2STR(mgmt->sa), mgmt->u.action.category); 2483 return 0; 2484 } 2485 2486 #ifdef CONFIG_IEEE80211W 2487 if (sta && (sta->flags & WLAN_STA_MFP) && 2488 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) && 2489 robust_action_frame(mgmt->u.action.category)) { 2490 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2491 HOSTAPD_LEVEL_DEBUG, 2492 "Dropped unprotected Robust Action frame from " 2493 "an MFP STA"); 2494 return 0; 2495 } 2496 #endif /* CONFIG_IEEE80211W */ 2497 2498 if (sta) { 2499 u16 fc = le_to_host16(mgmt->frame_control); 2500 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 2501 2502 if ((fc & WLAN_FC_RETRY) && 2503 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 2504 sta->last_seq_ctrl == seq_ctrl && 2505 sta->last_subtype == WLAN_FC_STYPE_ACTION) { 2506 hostapd_logger(hapd, sta->addr, 2507 HOSTAPD_MODULE_IEEE80211, 2508 HOSTAPD_LEVEL_DEBUG, 2509 "Drop repeated action frame seq_ctrl=0x%x", 2510 seq_ctrl); 2511 return 1; 2512 } 2513 2514 sta->last_seq_ctrl = seq_ctrl; 2515 sta->last_subtype = WLAN_FC_STYPE_ACTION; 2516 } 2517 2518 switch (mgmt->u.action.category) { 2519 #ifdef CONFIG_IEEE80211R 2520 case WLAN_ACTION_FT: 2521 if (!sta || 2522 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 2523 len - IEEE80211_HDRLEN)) 2524 break; 2525 return 1; 2526 #endif /* CONFIG_IEEE80211R */ 2527 case WLAN_ACTION_WMM: 2528 hostapd_wmm_action(hapd, mgmt, len); 2529 return 1; 2530 #ifdef CONFIG_IEEE80211W 2531 case WLAN_ACTION_SA_QUERY: 2532 return hostapd_sa_query_action(hapd, mgmt, len); 2533 #endif /* CONFIG_IEEE80211W */ 2534 #ifdef CONFIG_WNM 2535 case WLAN_ACTION_WNM: 2536 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len); 2537 return 1; 2538 #endif /* CONFIG_WNM */ 2539 #ifdef CONFIG_FST 2540 case WLAN_ACTION_FST: 2541 if (hapd->iface->fst) 2542 fst_rx_action(hapd->iface->fst, mgmt, len); 2543 else 2544 wpa_printf(MSG_DEBUG, 2545 "FST: Ignore FST Action frame - no FST attached"); 2546 return 1; 2547 #endif /* CONFIG_FST */ 2548 case WLAN_ACTION_PUBLIC: 2549 case WLAN_ACTION_PROTECTED_DUAL: 2550 #ifdef CONFIG_IEEE80211N 2551 if (len >= IEEE80211_HDRLEN + 2 && 2552 mgmt->u.action.u.public_action.action == 2553 WLAN_PA_20_40_BSS_COEX) { 2554 wpa_printf(MSG_DEBUG, 2555 "HT20/40 coex mgmt frame received from STA " 2556 MACSTR, MAC2STR(mgmt->sa)); 2557 hostapd_2040_coex_action(hapd, mgmt, len); 2558 } 2559 #endif /* CONFIG_IEEE80211N */ 2560 if (hapd->public_action_cb) { 2561 hapd->public_action_cb(hapd->public_action_cb_ctx, 2562 (u8 *) mgmt, len, 2563 hapd->iface->freq); 2564 } 2565 if (hapd->public_action_cb2) { 2566 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 2567 (u8 *) mgmt, len, 2568 hapd->iface->freq); 2569 } 2570 if (hapd->public_action_cb || hapd->public_action_cb2) 2571 return 1; 2572 break; 2573 case WLAN_ACTION_VENDOR_SPECIFIC: 2574 if (hapd->vendor_action_cb) { 2575 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 2576 (u8 *) mgmt, len, 2577 hapd->iface->freq) == 0) 2578 return 1; 2579 } 2580 break; 2581 case WLAN_ACTION_RADIO_MEASUREMENT: 2582 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len); 2583 return 1; 2584 } 2585 2586 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2587 HOSTAPD_LEVEL_DEBUG, 2588 "handle_action - unknown action category %d or invalid " 2589 "frame", 2590 mgmt->u.action.category); 2591 if (!is_multicast_ether_addr(mgmt->da) && 2592 !(mgmt->u.action.category & 0x80) && 2593 !is_multicast_ether_addr(mgmt->sa)) { 2594 struct ieee80211_mgmt *resp; 2595 2596 /* 2597 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 2598 * Return the Action frame to the source without change 2599 * except that MSB of the Category set to 1. 2600 */ 2601 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 2602 "frame back to sender"); 2603 resp = os_malloc(len); 2604 if (resp == NULL) 2605 return 0; 2606 os_memcpy(resp, mgmt, len); 2607 os_memcpy(resp->da, resp->sa, ETH_ALEN); 2608 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 2609 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 2610 resp->u.action.category |= 0x80; 2611 2612 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 2613 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 2614 "Action frame"); 2615 } 2616 os_free(resp); 2617 } 2618 2619 return 1; 2620 } 2621 2622 2623 /** 2624 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 2625 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 2626 * sent to) 2627 * @buf: management frame data (starting from IEEE 802.11 header) 2628 * @len: length of frame data in octets 2629 * @fi: meta data about received frame (signal level, etc.) 2630 * 2631 * Process all incoming IEEE 802.11 management frames. This will be called for 2632 * each frame received from the kernel driver through wlan#ap interface. In 2633 * addition, it can be called to re-inserted pending frames (e.g., when using 2634 * external RADIUS server as an MAC ACL). 2635 */ 2636 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 2637 struct hostapd_frame_info *fi) 2638 { 2639 struct ieee80211_mgmt *mgmt; 2640 u16 fc, stype; 2641 int ret = 0; 2642 2643 if (len < 24) 2644 return 0; 2645 2646 mgmt = (struct ieee80211_mgmt *) buf; 2647 fc = le_to_host16(mgmt->frame_control); 2648 stype = WLAN_FC_GET_STYPE(fc); 2649 2650 if (stype == WLAN_FC_STYPE_BEACON) { 2651 handle_beacon(hapd, mgmt, len, fi); 2652 return 1; 2653 } 2654 2655 if (!is_broadcast_ether_addr(mgmt->bssid) && 2656 #ifdef CONFIG_P2P 2657 /* Invitation responses can be sent with the peer MAC as BSSID */ 2658 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 2659 stype == WLAN_FC_STYPE_ACTION) && 2660 #endif /* CONFIG_P2P */ 2661 #ifdef CONFIG_MESH 2662 !(hapd->conf->mesh & MESH_ENABLED) && 2663 #endif /* CONFIG_MESH */ 2664 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 2665 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", 2666 MAC2STR(mgmt->bssid)); 2667 return 0; 2668 } 2669 2670 2671 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 2672 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 2673 return 1; 2674 } 2675 2676 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 2677 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2678 HOSTAPD_LEVEL_DEBUG, 2679 "MGMT: DA=" MACSTR " not our address", 2680 MAC2STR(mgmt->da)); 2681 return 0; 2682 } 2683 2684 if (hapd->iconf->track_sta_max_num) 2685 sta_track_add(hapd->iface, mgmt->sa); 2686 2687 switch (stype) { 2688 case WLAN_FC_STYPE_AUTH: 2689 wpa_printf(MSG_DEBUG, "mgmt::auth"); 2690 handle_auth(hapd, mgmt, len); 2691 ret = 1; 2692 break; 2693 case WLAN_FC_STYPE_ASSOC_REQ: 2694 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 2695 handle_assoc(hapd, mgmt, len, 0); 2696 ret = 1; 2697 break; 2698 case WLAN_FC_STYPE_REASSOC_REQ: 2699 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 2700 handle_assoc(hapd, mgmt, len, 1); 2701 ret = 1; 2702 break; 2703 case WLAN_FC_STYPE_DISASSOC: 2704 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 2705 handle_disassoc(hapd, mgmt, len); 2706 ret = 1; 2707 break; 2708 case WLAN_FC_STYPE_DEAUTH: 2709 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 2710 handle_deauth(hapd, mgmt, len); 2711 ret = 1; 2712 break; 2713 case WLAN_FC_STYPE_ACTION: 2714 wpa_printf(MSG_DEBUG, "mgmt::action"); 2715 ret = handle_action(hapd, mgmt, len); 2716 break; 2717 default: 2718 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 2719 HOSTAPD_LEVEL_DEBUG, 2720 "unknown mgmt frame subtype %d", stype); 2721 break; 2722 } 2723 2724 return ret; 2725 } 2726 2727 2728 static void handle_auth_cb(struct hostapd_data *hapd, 2729 const struct ieee80211_mgmt *mgmt, 2730 size_t len, int ok) 2731 { 2732 u16 auth_alg, auth_transaction, status_code; 2733 struct sta_info *sta; 2734 2735 sta = ap_get_sta(hapd, mgmt->da); 2736 if (!sta) { 2737 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found", 2738 MAC2STR(mgmt->da)); 2739 return; 2740 } 2741 2742 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 2743 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 2744 status_code = le_to_host16(mgmt->u.auth.status_code); 2745 2746 if (!ok) { 2747 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 2748 HOSTAPD_LEVEL_NOTICE, 2749 "did not acknowledge authentication response"); 2750 goto fail; 2751 } 2752 2753 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 2754 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)", 2755 (unsigned long) len); 2756 goto fail; 2757 } 2758 2759 if (status_code == WLAN_STATUS_SUCCESS && 2760 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 2761 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 2762 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2763 HOSTAPD_LEVEL_INFO, "authenticated"); 2764 sta->flags |= WLAN_STA_AUTH; 2765 if (sta->added_unassoc) 2766 hostapd_set_sta_flags(hapd, sta); 2767 return; 2768 } 2769 2770 fail: 2771 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) { 2772 hostapd_drv_sta_remove(hapd, sta->addr); 2773 sta->added_unassoc = 0; 2774 } 2775 } 2776 2777 2778 static void hostapd_set_wds_encryption(struct hostapd_data *hapd, 2779 struct sta_info *sta, 2780 char *ifname_wds) 2781 { 2782 int i; 2783 struct hostapd_ssid *ssid = &hapd->conf->ssid; 2784 2785 if (hapd->conf->ieee802_1x || hapd->conf->wpa) 2786 return; 2787 2788 for (i = 0; i < 4; i++) { 2789 if (ssid->wep.key[i] && 2790 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i, 2791 i == ssid->wep.idx, NULL, 0, 2792 ssid->wep.key[i], ssid->wep.len[i])) { 2793 wpa_printf(MSG_WARNING, 2794 "Could not set WEP keys for WDS interface; %s", 2795 ifname_wds); 2796 break; 2797 } 2798 } 2799 } 2800 2801 2802 static void handle_assoc_cb(struct hostapd_data *hapd, 2803 const struct ieee80211_mgmt *mgmt, 2804 size_t len, int reassoc, int ok) 2805 { 2806 u16 status; 2807 struct sta_info *sta; 2808 int new_assoc = 1; 2809 2810 sta = ap_get_sta(hapd, mgmt->da); 2811 if (!sta) { 2812 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found", 2813 MAC2STR(mgmt->da)); 2814 return; 2815 } 2816 2817 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 2818 sizeof(mgmt->u.assoc_resp))) { 2819 wpa_printf(MSG_INFO, 2820 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)", 2821 reassoc, (unsigned long) len); 2822 hostapd_drv_sta_remove(hapd, sta->addr); 2823 return; 2824 } 2825 2826 if (reassoc) 2827 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 2828 else 2829 status = le_to_host16(mgmt->u.assoc_resp.status_code); 2830 2831 if (!ok) { 2832 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 2833 HOSTAPD_LEVEL_DEBUG, 2834 "did not acknowledge association response"); 2835 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 2836 /* The STA is added only in case of SUCCESS */ 2837 if (status == WLAN_STATUS_SUCCESS) 2838 hostapd_drv_sta_remove(hapd, sta->addr); 2839 2840 return; 2841 } 2842 2843 if (status != WLAN_STATUS_SUCCESS) 2844 return; 2845 2846 /* Stop previous accounting session, if one is started, and allocate 2847 * new session id for the new session. */ 2848 accounting_sta_stop(hapd, sta); 2849 2850 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2851 HOSTAPD_LEVEL_INFO, 2852 "associated (aid %d)", 2853 sta->aid); 2854 2855 if (sta->flags & WLAN_STA_ASSOC) 2856 new_assoc = 0; 2857 sta->flags |= WLAN_STA_ASSOC; 2858 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; 2859 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) || 2860 sta->auth_alg == WLAN_AUTH_FT) { 2861 /* 2862 * Open, static WEP, or FT protocol; no separate authorization 2863 * step. 2864 */ 2865 ap_sta_set_authorized(hapd, sta, 1); 2866 } 2867 2868 if (reassoc) 2869 mlme_reassociate_indication(hapd, sta); 2870 else 2871 mlme_associate_indication(hapd, sta); 2872 2873 #ifdef CONFIG_IEEE80211W 2874 sta->sa_query_timed_out = 0; 2875 #endif /* CONFIG_IEEE80211W */ 2876 2877 if (sta->flags & WLAN_STA_WDS) { 2878 int ret; 2879 char ifname_wds[IFNAMSIZ + 1]; 2880 2881 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr, 2882 sta->aid, 1); 2883 if (!ret) 2884 hostapd_set_wds_encryption(hapd, sta, ifname_wds); 2885 } 2886 2887 if (sta->eapol_sm == NULL) { 2888 /* 2889 * This STA does not use RADIUS server for EAP authentication, 2890 * so bind it to the selected VLAN interface now, since the 2891 * interface selection is not going to change anymore. 2892 */ 2893 if (ap_sta_bind_vlan(hapd, sta) < 0) 2894 return; 2895 } else if (sta->vlan_id) { 2896 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 2897 if (ap_sta_bind_vlan(hapd, sta) < 0) 2898 return; 2899 } 2900 2901 hostapd_set_sta_flags(hapd, sta); 2902 2903 if (sta->auth_alg == WLAN_AUTH_FT) 2904 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 2905 else 2906 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 2907 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 2908 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 2909 2910 if (sta->pending_eapol_rx) { 2911 struct os_reltime now, age; 2912 2913 os_get_reltime(&now); 2914 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age); 2915 if (age.sec == 0 && age.usec < 200000) { 2916 wpa_printf(MSG_DEBUG, 2917 "Process pending EAPOL frame that was received from " MACSTR " just before association notification", 2918 MAC2STR(sta->addr)); 2919 ieee802_1x_receive( 2920 hapd, mgmt->da, 2921 wpabuf_head(sta->pending_eapol_rx->buf), 2922 wpabuf_len(sta->pending_eapol_rx->buf)); 2923 } 2924 wpabuf_free(sta->pending_eapol_rx->buf); 2925 os_free(sta->pending_eapol_rx); 2926 sta->pending_eapol_rx = NULL; 2927 } 2928 } 2929 2930 2931 static void handle_deauth_cb(struct hostapd_data *hapd, 2932 const struct ieee80211_mgmt *mgmt, 2933 size_t len, int ok) 2934 { 2935 struct sta_info *sta; 2936 if (is_multicast_ether_addr(mgmt->da)) 2937 return; 2938 sta = ap_get_sta(hapd, mgmt->da); 2939 if (!sta) { 2940 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 2941 " not found", MAC2STR(mgmt->da)); 2942 return; 2943 } 2944 if (ok) 2945 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 2946 MAC2STR(sta->addr)); 2947 else 2948 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2949 "deauth", MAC2STR(sta->addr)); 2950 2951 ap_sta_deauth_cb(hapd, sta); 2952 } 2953 2954 2955 static void handle_disassoc_cb(struct hostapd_data *hapd, 2956 const struct ieee80211_mgmt *mgmt, 2957 size_t len, int ok) 2958 { 2959 struct sta_info *sta; 2960 if (is_multicast_ether_addr(mgmt->da)) 2961 return; 2962 sta = ap_get_sta(hapd, mgmt->da); 2963 if (!sta) { 2964 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 2965 " not found", MAC2STR(mgmt->da)); 2966 return; 2967 } 2968 if (ok) 2969 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 2970 MAC2STR(sta->addr)); 2971 else 2972 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 2973 "disassoc", MAC2STR(sta->addr)); 2974 2975 ap_sta_disassoc_cb(hapd, sta); 2976 } 2977 2978 2979 /** 2980 * ieee802_11_mgmt_cb - Process management frame TX status callback 2981 * @hapd: hostapd BSS data structure (the BSS from which the management frame 2982 * was sent from) 2983 * @buf: management frame data (starting from IEEE 802.11 header) 2984 * @len: length of frame data in octets 2985 * @stype: management frame subtype from frame control field 2986 * @ok: Whether the frame was ACK'ed 2987 */ 2988 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 2989 u16 stype, int ok) 2990 { 2991 const struct ieee80211_mgmt *mgmt; 2992 mgmt = (const struct ieee80211_mgmt *) buf; 2993 2994 #ifdef CONFIG_TESTING_OPTIONS 2995 if (hapd->ext_mgmt_frame_handling) { 2996 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d", 2997 stype, ok); 2998 return; 2999 } 3000 #endif /* CONFIG_TESTING_OPTIONS */ 3001 3002 switch (stype) { 3003 case WLAN_FC_STYPE_AUTH: 3004 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 3005 handle_auth_cb(hapd, mgmt, len, ok); 3006 break; 3007 case WLAN_FC_STYPE_ASSOC_RESP: 3008 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 3009 handle_assoc_cb(hapd, mgmt, len, 0, ok); 3010 break; 3011 case WLAN_FC_STYPE_REASSOC_RESP: 3012 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 3013 handle_assoc_cb(hapd, mgmt, len, 1, ok); 3014 break; 3015 case WLAN_FC_STYPE_PROBE_RESP: 3016 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok); 3017 break; 3018 case WLAN_FC_STYPE_DEAUTH: 3019 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 3020 handle_deauth_cb(hapd, mgmt, len, ok); 3021 break; 3022 case WLAN_FC_STYPE_DISASSOC: 3023 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 3024 handle_disassoc_cb(hapd, mgmt, len, ok); 3025 break; 3026 case WLAN_FC_STYPE_ACTION: 3027 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok); 3028 break; 3029 default: 3030 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype); 3031 break; 3032 } 3033 } 3034 3035 3036 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 3037 { 3038 /* TODO */ 3039 return 0; 3040 } 3041 3042 3043 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 3044 char *buf, size_t buflen) 3045 { 3046 /* TODO */ 3047 return 0; 3048 } 3049 3050 3051 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 3052 const u8 *buf, size_t len, int ack) 3053 { 3054 struct sta_info *sta; 3055 struct hostapd_iface *iface = hapd->iface; 3056 3057 sta = ap_get_sta(hapd, addr); 3058 if (sta == NULL && iface->num_bss > 1) { 3059 size_t j; 3060 for (j = 0; j < iface->num_bss; j++) { 3061 hapd = iface->bss[j]; 3062 sta = ap_get_sta(hapd, addr); 3063 if (sta) 3064 break; 3065 } 3066 } 3067 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 3068 return; 3069 if (sta->flags & WLAN_STA_PENDING_POLL) { 3070 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 3071 "activity poll", MAC2STR(sta->addr), 3072 ack ? "ACKed" : "did not ACK"); 3073 if (ack) 3074 sta->flags &= ~WLAN_STA_PENDING_POLL; 3075 } 3076 3077 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 3078 } 3079 3080 3081 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 3082 const u8 *data, size_t len, int ack) 3083 { 3084 struct sta_info *sta; 3085 struct hostapd_iface *iface = hapd->iface; 3086 3087 sta = ap_get_sta(hapd, dst); 3088 if (sta == NULL && iface->num_bss > 1) { 3089 size_t j; 3090 for (j = 0; j < iface->num_bss; j++) { 3091 hapd = iface->bss[j]; 3092 sta = ap_get_sta(hapd, dst); 3093 if (sta) 3094 break; 3095 } 3096 } 3097 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 3098 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 3099 MACSTR " that is not currently associated", 3100 MAC2STR(dst)); 3101 return; 3102 } 3103 3104 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 3105 } 3106 3107 3108 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 3109 { 3110 struct sta_info *sta; 3111 struct hostapd_iface *iface = hapd->iface; 3112 3113 sta = ap_get_sta(hapd, addr); 3114 if (sta == NULL && iface->num_bss > 1) { 3115 size_t j; 3116 for (j = 0; j < iface->num_bss; j++) { 3117 hapd = iface->bss[j]; 3118 sta = ap_get_sta(hapd, addr); 3119 if (sta) 3120 break; 3121 } 3122 } 3123 if (sta == NULL) 3124 return; 3125 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR, 3126 MAC2STR(sta->addr)); 3127 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 3128 return; 3129 3130 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 3131 "activity poll", MAC2STR(sta->addr)); 3132 sta->flags &= ~WLAN_STA_PENDING_POLL; 3133 } 3134 3135 3136 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 3137 int wds) 3138 { 3139 struct sta_info *sta; 3140 3141 sta = ap_get_sta(hapd, src); 3142 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 3143 if (!hapd->conf->wds_sta) 3144 return; 3145 3146 if (wds && !(sta->flags & WLAN_STA_WDS)) { 3147 int ret; 3148 char ifname_wds[IFNAMSIZ + 1]; 3149 3150 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 3151 "STA " MACSTR " (aid %u)", 3152 MAC2STR(sta->addr), sta->aid); 3153 sta->flags |= WLAN_STA_WDS; 3154 ret = hostapd_set_wds_sta(hapd, ifname_wds, 3155 sta->addr, sta->aid, 1); 3156 if (!ret) 3157 hostapd_set_wds_encryption(hapd, sta, 3158 ifname_wds); 3159 } 3160 return; 3161 } 3162 3163 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 3164 MACSTR, MAC2STR(src)); 3165 if (is_multicast_ether_addr(src)) { 3166 /* Broadcast bit set in SA?! Ignore the frame silently. */ 3167 return; 3168 } 3169 3170 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 3171 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 3172 "already been sent, but no TX status yet known - " 3173 "ignore Class 3 frame issue with " MACSTR, 3174 MAC2STR(src)); 3175 return; 3176 } 3177 3178 if (sta && (sta->flags & WLAN_STA_AUTH)) 3179 hostapd_drv_sta_disassoc( 3180 hapd, src, 3181 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 3182 else 3183 hostapd_drv_sta_deauth( 3184 hapd, src, 3185 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 3186 } 3187 3188 3189 #endif /* CONFIG_NATIVE_WINDOWS */ 3190