1 /* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #ifndef CONFIG_NATIVE_WINDOWS 12 13 #include "utils/common.h" 14 #include "utils/eloop.h" 15 #include "crypto/crypto.h" 16 #include "drivers/driver.h" 17 #include "common/ieee802_11_defs.h" 18 #include "common/ieee802_11_common.h" 19 #include "common/wpa_ctrl.h" 20 #include "radius/radius.h" 21 #include "radius/radius_client.h" 22 #include "p2p/p2p.h" 23 #include "wps/wps.h" 24 #include "hostapd.h" 25 #include "beacon.h" 26 #include "ieee802_11_auth.h" 27 #include "sta_info.h" 28 #include "ieee802_1x.h" 29 #include "wpa_auth.h" 30 #include "wmm.h" 31 #include "ap_list.h" 32 #include "accounting.h" 33 #include "ap_config.h" 34 #include "ap_mlme.h" 35 #include "p2p_hostapd.h" 36 #include "ap_drv_ops.h" 37 #include "wnm_ap.h" 38 #include "ieee802_11.h" 39 40 41 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 42 { 43 u8 *pos = eid; 44 int i, num, count; 45 46 if (hapd->iface->current_rates == NULL) 47 return eid; 48 49 *pos++ = WLAN_EID_SUPP_RATES; 50 num = hapd->iface->num_rates; 51 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 52 num++; 53 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 54 num++; 55 if (num > 8) { 56 /* rest of the rates are encoded in Extended supported 57 * rates element */ 58 num = 8; 59 } 60 61 *pos++ = num; 62 count = 0; 63 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 64 i++) { 65 count++; 66 *pos = hapd->iface->current_rates[i].rate / 5; 67 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 68 *pos |= 0x80; 69 pos++; 70 } 71 72 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 73 count++; 74 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 75 } 76 77 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 78 count++; 79 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 80 } 81 82 return pos; 83 } 84 85 86 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 87 { 88 u8 *pos = eid; 89 int i, num, count; 90 91 if (hapd->iface->current_rates == NULL) 92 return eid; 93 94 num = hapd->iface->num_rates; 95 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 96 num++; 97 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 98 num++; 99 if (num <= 8) 100 return eid; 101 num -= 8; 102 103 *pos++ = WLAN_EID_EXT_SUPP_RATES; 104 *pos++ = num; 105 count = 0; 106 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 107 i++) { 108 count++; 109 if (count <= 8) 110 continue; /* already in SuppRates IE */ 111 *pos = hapd->iface->current_rates[i].rate / 5; 112 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 113 *pos |= 0x80; 114 pos++; 115 } 116 117 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 118 count++; 119 if (count > 8) 120 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 121 } 122 123 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 124 count++; 125 if (count > 8) 126 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 127 } 128 129 return pos; 130 } 131 132 133 u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 134 int probe) 135 { 136 int capab = WLAN_CAPABILITY_ESS; 137 int privacy; 138 139 if (hapd->iface->num_sta_no_short_preamble == 0 && 140 hapd->iconf->preamble == SHORT_PREAMBLE) 141 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 142 143 privacy = hapd->conf->ssid.wep.keys_set; 144 145 if (hapd->conf->ieee802_1x && 146 (hapd->conf->default_wep_key_len || 147 hapd->conf->individual_wep_key_len)) 148 privacy = 1; 149 150 if (hapd->conf->wpa) 151 privacy = 1; 152 153 if (sta) { 154 int policy, def_klen; 155 if (probe && sta->ssid_probe) { 156 policy = sta->ssid_probe->security_policy; 157 def_klen = sta->ssid_probe->wep.default_len; 158 } else { 159 policy = sta->ssid->security_policy; 160 def_klen = sta->ssid->wep.default_len; 161 } 162 privacy = policy != SECURITY_PLAINTEXT; 163 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 164 privacy = 0; 165 } 166 167 if (privacy) 168 capab |= WLAN_CAPABILITY_PRIVACY; 169 170 if (hapd->iface->current_mode && 171 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 172 hapd->iface->num_sta_no_short_slot_time == 0) 173 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 174 175 return capab; 176 } 177 178 179 void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len) 180 { 181 int i; 182 if (len > HOSTAPD_MAX_SSID_LEN) 183 len = HOSTAPD_MAX_SSID_LEN; 184 for (i = 0; i < len; i++) { 185 if (ssid[i] >= 32 && ssid[i] < 127) 186 buf[i] = ssid[i]; 187 else 188 buf[i] = '.'; 189 } 190 buf[len] = '\0'; 191 } 192 193 194 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 195 u16 auth_transaction, const u8 *challenge, 196 int iswep) 197 { 198 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 199 HOSTAPD_LEVEL_DEBUG, 200 "authentication (shared key, transaction %d)", 201 auth_transaction); 202 203 if (auth_transaction == 1) { 204 if (!sta->challenge) { 205 /* Generate a pseudo-random challenge */ 206 u8 key[8]; 207 struct os_time now; 208 int r; 209 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 210 if (sta->challenge == NULL) 211 return WLAN_STATUS_UNSPECIFIED_FAILURE; 212 213 os_get_time(&now); 214 r = os_random(); 215 os_memcpy(key, &now.sec, 4); 216 os_memcpy(key + 4, &r, 4); 217 rc4_skip(key, sizeof(key), 0, 218 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 219 } 220 return 0; 221 } 222 223 if (auth_transaction != 3) 224 return WLAN_STATUS_UNSPECIFIED_FAILURE; 225 226 /* Transaction 3 */ 227 if (!iswep || !sta->challenge || !challenge || 228 os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { 229 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 230 HOSTAPD_LEVEL_INFO, 231 "shared key authentication - invalid " 232 "challenge-response"); 233 return WLAN_STATUS_CHALLENGE_FAIL; 234 } 235 236 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 237 HOSTAPD_LEVEL_DEBUG, 238 "authentication OK (shared key)"); 239 #ifdef IEEE80211_REQUIRE_AUTH_ACK 240 /* Station will be marked authenticated if it ACKs the 241 * authentication reply. */ 242 #else 243 sta->flags |= WLAN_STA_AUTH; 244 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 245 #endif 246 os_free(sta->challenge); 247 sta->challenge = NULL; 248 249 return 0; 250 } 251 252 253 static void send_auth_reply(struct hostapd_data *hapd, 254 const u8 *dst, const u8 *bssid, 255 u16 auth_alg, u16 auth_transaction, u16 resp, 256 const u8 *ies, size_t ies_len) 257 { 258 struct ieee80211_mgmt *reply; 259 u8 *buf; 260 size_t rlen; 261 262 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 263 buf = os_zalloc(rlen); 264 if (buf == NULL) 265 return; 266 267 reply = (struct ieee80211_mgmt *) buf; 268 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 269 WLAN_FC_STYPE_AUTH); 270 os_memcpy(reply->da, dst, ETH_ALEN); 271 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 272 os_memcpy(reply->bssid, bssid, ETH_ALEN); 273 274 reply->u.auth.auth_alg = host_to_le16(auth_alg); 275 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 276 reply->u.auth.status_code = host_to_le16(resp); 277 278 if (ies && ies_len) 279 os_memcpy(reply->u.auth.variable, ies, ies_len); 280 281 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 282 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 283 MAC2STR(dst), auth_alg, auth_transaction, 284 resp, (unsigned long) ies_len); 285 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 286 perror("send_auth_reply: send"); 287 288 os_free(buf); 289 } 290 291 292 #ifdef CONFIG_IEEE80211R 293 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 294 u16 auth_transaction, u16 status, 295 const u8 *ies, size_t ies_len) 296 { 297 struct hostapd_data *hapd = ctx; 298 struct sta_info *sta; 299 300 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 301 status, ies, ies_len); 302 303 if (status != WLAN_STATUS_SUCCESS) 304 return; 305 306 sta = ap_get_sta(hapd, dst); 307 if (sta == NULL) 308 return; 309 310 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 311 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 312 sta->flags |= WLAN_STA_AUTH; 313 mlme_authenticate_indication(hapd, sta); 314 } 315 #endif /* CONFIG_IEEE80211R */ 316 317 318 #ifdef CONFIG_SAE 319 320 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, 321 struct sta_info *sta) 322 { 323 struct wpabuf *buf; 324 325 buf = wpabuf_alloc(2); 326 if (buf == NULL) 327 return NULL; 328 329 wpabuf_put_le16(buf, 19); /* Finite Cyclic Group */ 330 /* TODO: Anti-Clogging Token (if requested) */ 331 /* TODO: Scalar */ 332 /* TODO: Element */ 333 334 return buf; 335 } 336 337 338 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 339 struct sta_info *sta) 340 { 341 struct wpabuf *buf; 342 343 buf = wpabuf_alloc(2); 344 if (buf == NULL) 345 return NULL; 346 347 wpabuf_put_le16(buf, sta->sae_send_confirm); 348 sta->sae_send_confirm++; 349 /* TODO: Confirm */ 350 351 return buf; 352 } 353 354 355 static u16 handle_sae_commit(struct hostapd_data *hapd, struct sta_info *sta, 356 const u8 *data, size_t len) 357 { 358 wpa_hexdump(MSG_DEBUG, "SAE commit fields", data, len); 359 360 /* Check Finite Cyclic Group */ 361 if (len < 2) 362 return WLAN_STATUS_UNSPECIFIED_FAILURE; 363 if (WPA_GET_LE16(data) != 19) { 364 wpa_printf(MSG_DEBUG, "SAE: Unsupported Finite Cyclic Group %u", 365 WPA_GET_LE16(data)); 366 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; 367 } 368 369 return WLAN_STATUS_SUCCESS; 370 } 371 372 373 static u16 handle_sae_confirm(struct hostapd_data *hapd, struct sta_info *sta, 374 const u8 *data, size_t len) 375 { 376 u16 rc; 377 378 wpa_hexdump(MSG_DEBUG, "SAE confirm fields", data, len); 379 380 if (len < 2) 381 return WLAN_STATUS_UNSPECIFIED_FAILURE; 382 rc = WPA_GET_LE16(data); 383 wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", rc); 384 385 return WLAN_STATUS_SUCCESS; 386 } 387 388 389 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 390 const struct ieee80211_mgmt *mgmt, size_t len, 391 u8 auth_transaction) 392 { 393 u16 resp = WLAN_STATUS_SUCCESS; 394 struct wpabuf *data; 395 396 if (auth_transaction == 1) { 397 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 398 HOSTAPD_LEVEL_DEBUG, 399 "start SAE authentication (RX commit)"); 400 resp = handle_sae_commit(hapd, sta, mgmt->u.auth.variable, 401 ((u8 *) mgmt) + len - 402 mgmt->u.auth.variable); 403 if (resp == WLAN_STATUS_SUCCESS) 404 sta->sae_state = SAE_COMMIT; 405 } else if (auth_transaction == 2) { 406 if (sta->sae_state != SAE_COMMIT) { 407 hostapd_logger(hapd, sta->addr, 408 HOSTAPD_MODULE_IEEE80211, 409 HOSTAPD_LEVEL_DEBUG, 410 "SAE confirm before commit"); 411 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 412 } 413 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 414 HOSTAPD_LEVEL_DEBUG, 415 "SAE authentication (RX confirm)"); 416 resp = handle_sae_confirm(hapd, sta, mgmt->u.auth.variable, 417 ((u8 *) mgmt) + len - 418 mgmt->u.auth.variable); 419 if (resp == WLAN_STATUS_SUCCESS) { 420 sta->flags |= WLAN_STA_AUTH; 421 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 422 sta->auth_alg = WLAN_AUTH_SAE; 423 mlme_authenticate_indication(hapd, sta); 424 } 425 } else { 426 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 427 HOSTAPD_LEVEL_DEBUG, 428 "unexpected SAE authentication transaction %u", 429 auth_transaction); 430 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 431 } 432 433 sta->auth_alg = WLAN_AUTH_SAE; 434 435 if (resp == WLAN_STATUS_SUCCESS) { 436 if (auth_transaction == 1) 437 data = auth_build_sae_commit(hapd, sta); 438 else 439 data = auth_build_sae_confirm(hapd, sta); 440 if (data == NULL) 441 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 442 } else 443 data = NULL; 444 445 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 446 auth_transaction, resp, 447 data ? wpabuf_head(data) : (u8 *) "", 448 data ? wpabuf_len(data) : 0); 449 wpabuf_free(data); 450 } 451 #endif /* CONFIG_SAE */ 452 453 454 static void handle_auth(struct hostapd_data *hapd, 455 const struct ieee80211_mgmt *mgmt, size_t len) 456 { 457 u16 auth_alg, auth_transaction, status_code; 458 u16 resp = WLAN_STATUS_SUCCESS; 459 struct sta_info *sta = NULL; 460 int res; 461 u16 fc; 462 const u8 *challenge = NULL; 463 u32 session_timeout, acct_interim_interval; 464 int vlan_id = 0; 465 struct hostapd_sta_wpa_psk_short *psk = NULL; 466 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 467 size_t resp_ies_len = 0; 468 char *identity = NULL; 469 char *radius_cui = NULL; 470 471 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 472 printf("handle_auth - too short payload (len=%lu)\n", 473 (unsigned long) len); 474 return; 475 } 476 477 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 478 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 479 status_code = le_to_host16(mgmt->u.auth.status_code); 480 fc = le_to_host16(mgmt->frame_control); 481 482 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 483 2 + WLAN_AUTH_CHALLENGE_LEN && 484 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 485 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 486 challenge = &mgmt->u.auth.variable[2]; 487 488 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 489 "auth_transaction=%d status_code=%d wep=%d%s", 490 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 491 status_code, !!(fc & WLAN_FC_ISWEP), 492 challenge ? " challenge" : ""); 493 494 if (hapd->tkip_countermeasures) { 495 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 496 goto fail; 497 } 498 499 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 500 auth_alg == WLAN_AUTH_OPEN) || 501 #ifdef CONFIG_IEEE80211R 502 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 503 auth_alg == WLAN_AUTH_FT) || 504 #endif /* CONFIG_IEEE80211R */ 505 #ifdef CONFIG_SAE 506 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 507 auth_alg == WLAN_AUTH_SAE) || 508 #endif /* CONFIG_SAE */ 509 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 510 auth_alg == WLAN_AUTH_SHARED_KEY))) { 511 printf("Unsupported authentication algorithm (%d)\n", 512 auth_alg); 513 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 514 goto fail; 515 } 516 517 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 518 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 519 printf("Unknown authentication transaction number (%d)\n", 520 auth_transaction); 521 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 522 goto fail; 523 } 524 525 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 526 printf("Station " MACSTR " not allowed to authenticate.\n", 527 MAC2STR(mgmt->sa)); 528 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 529 goto fail; 530 } 531 532 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 533 &session_timeout, 534 &acct_interim_interval, &vlan_id, 535 &psk, &identity, &radius_cui); 536 537 if (res == HOSTAPD_ACL_REJECT) { 538 printf("Station " MACSTR " not allowed to authenticate.\n", 539 MAC2STR(mgmt->sa)); 540 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 541 goto fail; 542 } 543 if (res == HOSTAPD_ACL_PENDING) { 544 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 545 " waiting for an external authentication", 546 MAC2STR(mgmt->sa)); 547 /* Authentication code will re-send the authentication frame 548 * after it has received (and cached) information from the 549 * external source. */ 550 return; 551 } 552 553 sta = ap_sta_add(hapd, mgmt->sa); 554 if (!sta) { 555 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 556 goto fail; 557 } 558 559 if (vlan_id > 0) { 560 if (hostapd_get_vlan_id_ifname(hapd->conf->vlan, 561 vlan_id) == NULL) { 562 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 563 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 564 "%d received from RADIUS server", 565 vlan_id); 566 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 567 goto fail; 568 } 569 sta->vlan_id = vlan_id; 570 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 571 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 572 } 573 574 hostapd_free_psk_list(sta->psk); 575 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 576 sta->psk = psk; 577 psk = NULL; 578 } else { 579 sta->psk = NULL; 580 } 581 582 sta->identity = identity; 583 identity = NULL; 584 sta->radius_cui = radius_cui; 585 radius_cui = NULL; 586 587 sta->flags &= ~WLAN_STA_PREAUTH; 588 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 589 590 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 591 sta->acct_interim_interval = acct_interim_interval; 592 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 593 ap_sta_session_timeout(hapd, sta, session_timeout); 594 else 595 ap_sta_no_session_timeout(hapd, sta); 596 597 switch (auth_alg) { 598 case WLAN_AUTH_OPEN: 599 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 600 HOSTAPD_LEVEL_DEBUG, 601 "authentication OK (open system)"); 602 #ifdef IEEE80211_REQUIRE_AUTH_ACK 603 /* Station will be marked authenticated if it ACKs the 604 * authentication reply. */ 605 #else 606 sta->flags |= WLAN_STA_AUTH; 607 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 608 sta->auth_alg = WLAN_AUTH_OPEN; 609 mlme_authenticate_indication(hapd, sta); 610 #endif 611 break; 612 case WLAN_AUTH_SHARED_KEY: 613 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 614 fc & WLAN_FC_ISWEP); 615 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 616 mlme_authenticate_indication(hapd, sta); 617 if (sta->challenge && auth_transaction == 1) { 618 resp_ies[0] = WLAN_EID_CHALLENGE; 619 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 620 os_memcpy(resp_ies + 2, sta->challenge, 621 WLAN_AUTH_CHALLENGE_LEN); 622 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 623 } 624 break; 625 #ifdef CONFIG_IEEE80211R 626 case WLAN_AUTH_FT: 627 sta->auth_alg = WLAN_AUTH_FT; 628 if (sta->wpa_sm == NULL) 629 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 630 sta->addr); 631 if (sta->wpa_sm == NULL) { 632 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 633 "state machine"); 634 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 635 goto fail; 636 } 637 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 638 auth_transaction, mgmt->u.auth.variable, 639 len - IEEE80211_HDRLEN - 640 sizeof(mgmt->u.auth), 641 handle_auth_ft_finish, hapd); 642 /* handle_auth_ft_finish() callback will complete auth. */ 643 return; 644 #endif /* CONFIG_IEEE80211R */ 645 #ifdef CONFIG_SAE 646 case WLAN_AUTH_SAE: 647 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction); 648 return; 649 #endif /* CONFIG_SAE */ 650 } 651 652 fail: 653 os_free(identity); 654 os_free(radius_cui); 655 hostapd_free_psk_list(psk); 656 657 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 658 auth_transaction + 1, resp, resp_ies, resp_ies_len); 659 } 660 661 662 static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 663 { 664 int i, j = 32, aid; 665 666 /* get a unique AID */ 667 if (sta->aid > 0) { 668 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 669 return 0; 670 } 671 672 for (i = 0; i < AID_WORDS; i++) { 673 if (hapd->sta_aid[i] == (u32) -1) 674 continue; 675 for (j = 0; j < 32; j++) { 676 if (!(hapd->sta_aid[i] & BIT(j))) 677 break; 678 } 679 if (j < 32) 680 break; 681 } 682 if (j == 32) 683 return -1; 684 aid = i * 32 + j + 1; 685 if (aid > 2007) 686 return -1; 687 688 sta->aid = aid; 689 hapd->sta_aid[i] |= BIT(j); 690 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 691 return 0; 692 } 693 694 695 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 696 const u8 *ssid_ie, size_t ssid_ie_len) 697 { 698 if (ssid_ie == NULL) 699 return WLAN_STATUS_UNSPECIFIED_FAILURE; 700 701 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 702 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 703 char ssid_txt[33]; 704 ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); 705 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 706 HOSTAPD_LEVEL_INFO, 707 "Station tried to associate with unknown SSID " 708 "'%s'", ssid_txt); 709 return WLAN_STATUS_UNSPECIFIED_FAILURE; 710 } 711 712 return WLAN_STATUS_SUCCESS; 713 } 714 715 716 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 717 const u8 *wmm_ie, size_t wmm_ie_len) 718 { 719 sta->flags &= ~WLAN_STA_WMM; 720 sta->qosinfo = 0; 721 if (wmm_ie && hapd->conf->wmm_enabled) { 722 struct wmm_information_element *wmm; 723 724 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 725 hostapd_logger(hapd, sta->addr, 726 HOSTAPD_MODULE_WPA, 727 HOSTAPD_LEVEL_DEBUG, 728 "invalid WMM element in association " 729 "request"); 730 return WLAN_STATUS_UNSPECIFIED_FAILURE; 731 } 732 733 sta->flags |= WLAN_STA_WMM; 734 wmm = (struct wmm_information_element *) wmm_ie; 735 sta->qosinfo = wmm->qos_info; 736 } 737 return WLAN_STATUS_SUCCESS; 738 } 739 740 741 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 742 struct ieee802_11_elems *elems) 743 { 744 if (!elems->supp_rates) { 745 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 746 HOSTAPD_LEVEL_DEBUG, 747 "No supported rates element in AssocReq"); 748 return WLAN_STATUS_UNSPECIFIED_FAILURE; 749 } 750 751 if (elems->supp_rates_len + elems->ext_supp_rates_len > 752 sizeof(sta->supported_rates)) { 753 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 754 HOSTAPD_LEVEL_DEBUG, 755 "Invalid supported rates element length %d+%d", 756 elems->supp_rates_len, 757 elems->ext_supp_rates_len); 758 return WLAN_STATUS_UNSPECIFIED_FAILURE; 759 } 760 761 sta->supported_rates_len = merge_byte_arrays( 762 sta->supported_rates, sizeof(sta->supported_rates), 763 elems->supp_rates, elems->supp_rates_len, 764 elems->ext_supp_rates, elems->ext_supp_rates_len); 765 766 return WLAN_STATUS_SUCCESS; 767 } 768 769 770 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 771 const u8 *ies, size_t ies_len, int reassoc) 772 { 773 struct ieee802_11_elems elems; 774 u16 resp; 775 const u8 *wpa_ie; 776 size_t wpa_ie_len; 777 778 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 779 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 780 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 781 "association request"); 782 return WLAN_STATUS_UNSPECIFIED_FAILURE; 783 } 784 785 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 786 if (resp != WLAN_STATUS_SUCCESS) 787 return resp; 788 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 789 if (resp != WLAN_STATUS_SUCCESS) 790 return resp; 791 resp = copy_supp_rates(hapd, sta, &elems); 792 if (resp != WLAN_STATUS_SUCCESS) 793 return resp; 794 #ifdef CONFIG_IEEE80211N 795 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 796 elems.ht_capabilities_len); 797 if (resp != WLAN_STATUS_SUCCESS) 798 return resp; 799 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 800 !(sta->flags & WLAN_STA_HT)) { 801 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 802 HOSTAPD_LEVEL_INFO, "Station does not support " 803 "mandatory HT PHY - reject association"); 804 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 805 } 806 #endif /* CONFIG_IEEE80211N */ 807 808 #ifdef CONFIG_IEEE80211AC 809 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities, 810 elems.vht_capabilities_len); 811 if (resp != WLAN_STATUS_SUCCESS) 812 return resp; 813 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 814 !(sta->flags & WLAN_STA_VHT)) { 815 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 816 HOSTAPD_LEVEL_INFO, "Station does not support " 817 "mandatory VHT PHY - reject association"); 818 return WLAN_STATUS_UNSPECIFIED_FAILURE; 819 } 820 #endif /* CONFIG_IEEE80211AC */ 821 822 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 823 wpa_ie = elems.rsn_ie; 824 wpa_ie_len = elems.rsn_ie_len; 825 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 826 elems.wpa_ie) { 827 wpa_ie = elems.wpa_ie; 828 wpa_ie_len = elems.wpa_ie_len; 829 } else { 830 wpa_ie = NULL; 831 wpa_ie_len = 0; 832 } 833 834 #ifdef CONFIG_WPS 835 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 836 if (hapd->conf->wps_state && elems.wps_ie) { 837 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 838 "Request - assume WPS is used"); 839 sta->flags |= WLAN_STA_WPS; 840 wpabuf_free(sta->wps_ie); 841 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 842 WPS_IE_VENDOR_TYPE); 843 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 844 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 845 sta->flags |= WLAN_STA_WPS2; 846 } 847 wpa_ie = NULL; 848 wpa_ie_len = 0; 849 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 850 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 851 "(Re)Association Request - reject"); 852 return WLAN_STATUS_INVALID_IE; 853 } 854 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 855 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 856 "(Re)Association Request - possible WPS use"); 857 sta->flags |= WLAN_STA_MAYBE_WPS; 858 } else 859 #endif /* CONFIG_WPS */ 860 if (hapd->conf->wpa && wpa_ie == NULL) { 861 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 862 HOSTAPD_LEVEL_INFO, 863 "No WPA/RSN IE in association request"); 864 return WLAN_STATUS_INVALID_IE; 865 } 866 867 if (hapd->conf->wpa && wpa_ie) { 868 int res; 869 wpa_ie -= 2; 870 wpa_ie_len += 2; 871 if (sta->wpa_sm == NULL) 872 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 873 sta->addr); 874 if (sta->wpa_sm == NULL) { 875 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 876 "state machine"); 877 return WLAN_STATUS_UNSPECIFIED_FAILURE; 878 } 879 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 880 wpa_ie, wpa_ie_len, 881 elems.mdie, elems.mdie_len); 882 if (res == WPA_INVALID_GROUP) 883 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 884 else if (res == WPA_INVALID_PAIRWISE) 885 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 886 else if (res == WPA_INVALID_AKMP) 887 resp = WLAN_STATUS_AKMP_NOT_VALID; 888 else if (res == WPA_ALLOC_FAIL) 889 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 890 #ifdef CONFIG_IEEE80211W 891 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 892 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 893 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 894 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 895 #endif /* CONFIG_IEEE80211W */ 896 else if (res == WPA_INVALID_MDIE) 897 resp = WLAN_STATUS_INVALID_MDIE; 898 else if (res != WPA_IE_OK) 899 resp = WLAN_STATUS_INVALID_IE; 900 if (resp != WLAN_STATUS_SUCCESS) 901 return resp; 902 #ifdef CONFIG_IEEE80211W 903 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 904 sta->sa_query_count > 0) 905 ap_check_sa_query_timeout(hapd, sta); 906 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 907 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 908 /* 909 * STA has already been associated with MFP and SA 910 * Query timeout has not been reached. Reject the 911 * association attempt temporarily and start SA Query, 912 * if one is not pending. 913 */ 914 915 if (sta->sa_query_count == 0) 916 ap_sta_start_sa_query(hapd, sta); 917 918 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 919 } 920 921 if (wpa_auth_uses_mfp(sta->wpa_sm)) 922 sta->flags |= WLAN_STA_MFP; 923 else 924 sta->flags &= ~WLAN_STA_MFP; 925 #endif /* CONFIG_IEEE80211W */ 926 927 #ifdef CONFIG_IEEE80211R 928 if (sta->auth_alg == WLAN_AUTH_FT) { 929 if (!reassoc) { 930 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 931 "to use association (not " 932 "re-association) with FT auth_alg", 933 MAC2STR(sta->addr)); 934 return WLAN_STATUS_UNSPECIFIED_FAILURE; 935 } 936 937 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 938 ies_len); 939 if (resp != WLAN_STATUS_SUCCESS) 940 return resp; 941 } 942 #endif /* CONFIG_IEEE80211R */ 943 944 #ifdef CONFIG_SAE 945 if (wpa_auth_uses_sae(sta->wpa_sm) && 946 sta->auth_alg != WLAN_AUTH_SAE) { 947 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 948 "SAE AKM after non-SAE auth_alg %u", 949 MAC2STR(sta->addr), sta->auth_alg); 950 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 951 } 952 #endif /* CONFIG_SAE */ 953 954 #ifdef CONFIG_IEEE80211N 955 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 956 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 957 hostapd_logger(hapd, sta->addr, 958 HOSTAPD_MODULE_IEEE80211, 959 HOSTAPD_LEVEL_INFO, 960 "Station tried to use TKIP with HT " 961 "association"); 962 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 963 } 964 #endif /* CONFIG_IEEE80211N */ 965 } else 966 wpa_auth_sta_no_wpa(sta->wpa_sm); 967 968 #ifdef CONFIG_P2P 969 if (elems.p2p) { 970 wpabuf_free(sta->p2p_ie); 971 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 972 P2P_IE_VENDOR_TYPE); 973 974 } else { 975 wpabuf_free(sta->p2p_ie); 976 sta->p2p_ie = NULL; 977 } 978 979 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 980 #endif /* CONFIG_P2P */ 981 982 #ifdef CONFIG_HS20 983 wpabuf_free(sta->hs20_ie); 984 if (elems.hs20 && elems.hs20_len > 4) { 985 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 986 elems.hs20_len - 4); 987 } else 988 sta->hs20_ie = NULL; 989 #endif /* CONFIG_HS20 */ 990 991 return WLAN_STATUS_SUCCESS; 992 } 993 994 995 static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 996 u16 reason_code) 997 { 998 int send_len; 999 struct ieee80211_mgmt reply; 1000 1001 os_memset(&reply, 0, sizeof(reply)); 1002 reply.frame_control = 1003 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 1004 os_memcpy(reply.da, addr, ETH_ALEN); 1005 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 1006 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 1007 1008 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 1009 reply.u.deauth.reason_code = host_to_le16(reason_code); 1010 1011 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1012 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1013 strerror(errno)); 1014 } 1015 1016 1017 static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 1018 u16 status_code, int reassoc, const u8 *ies, 1019 size_t ies_len) 1020 { 1021 int send_len; 1022 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 1023 struct ieee80211_mgmt *reply; 1024 u8 *p; 1025 1026 os_memset(buf, 0, sizeof(buf)); 1027 reply = (struct ieee80211_mgmt *) buf; 1028 reply->frame_control = 1029 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1030 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 1031 WLAN_FC_STYPE_ASSOC_RESP)); 1032 os_memcpy(reply->da, sta->addr, ETH_ALEN); 1033 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 1034 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 1035 1036 send_len = IEEE80211_HDRLEN; 1037 send_len += sizeof(reply->u.assoc_resp); 1038 reply->u.assoc_resp.capab_info = 1039 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 1040 reply->u.assoc_resp.status_code = host_to_le16(status_code); 1041 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) 1042 | BIT(14) | BIT(15)); 1043 /* Supported rates */ 1044 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 1045 /* Extended supported rates */ 1046 p = hostapd_eid_ext_supp_rates(hapd, p); 1047 1048 #ifdef CONFIG_IEEE80211R 1049 if (status_code == WLAN_STATUS_SUCCESS) { 1050 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 1051 * Transition Information, RSN, [RIC Response] */ 1052 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 1053 buf + sizeof(buf) - p, 1054 sta->auth_alg, ies, ies_len); 1055 } 1056 #endif /* CONFIG_IEEE80211R */ 1057 1058 #ifdef CONFIG_IEEE80211W 1059 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 1060 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 1061 #endif /* CONFIG_IEEE80211W */ 1062 1063 #ifdef CONFIG_IEEE80211N 1064 p = hostapd_eid_ht_capabilities(hapd, p); 1065 p = hostapd_eid_ht_operation(hapd, p); 1066 #endif /* CONFIG_IEEE80211N */ 1067 1068 #ifdef CONFIG_IEEE80211AC 1069 p = hostapd_eid_vht_capabilities(hapd, p); 1070 p = hostapd_eid_vht_operation(hapd, p); 1071 #endif /* CONFIG_IEEE80211AC */ 1072 1073 p = hostapd_eid_ext_capab(hapd, p); 1074 p = hostapd_eid_bss_max_idle_period(hapd, p); 1075 1076 if (sta->flags & WLAN_STA_WMM) 1077 p = hostapd_eid_wmm(hapd, p); 1078 1079 #ifdef CONFIG_WPS 1080 if ((sta->flags & WLAN_STA_WPS) || 1081 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 1082 struct wpabuf *wps = wps_build_assoc_resp_ie(); 1083 if (wps) { 1084 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 1085 p += wpabuf_len(wps); 1086 wpabuf_free(wps); 1087 } 1088 } 1089 #endif /* CONFIG_WPS */ 1090 1091 #ifdef CONFIG_P2P 1092 if (sta->p2p_ie) { 1093 struct wpabuf *p2p_resp_ie; 1094 enum p2p_status_code status; 1095 switch (status_code) { 1096 case WLAN_STATUS_SUCCESS: 1097 status = P2P_SC_SUCCESS; 1098 break; 1099 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 1100 status = P2P_SC_FAIL_LIMIT_REACHED; 1101 break; 1102 default: 1103 status = P2P_SC_FAIL_INVALID_PARAMS; 1104 break; 1105 } 1106 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 1107 if (p2p_resp_ie) { 1108 os_memcpy(p, wpabuf_head(p2p_resp_ie), 1109 wpabuf_len(p2p_resp_ie)); 1110 p += wpabuf_len(p2p_resp_ie); 1111 wpabuf_free(p2p_resp_ie); 1112 } 1113 } 1114 #endif /* CONFIG_P2P */ 1115 1116 #ifdef CONFIG_P2P_MANAGER 1117 if (hapd->conf->p2p & P2P_MANAGE) 1118 p = hostapd_eid_p2p_manage(hapd, p); 1119 #endif /* CONFIG_P2P_MANAGER */ 1120 1121 send_len += p - reply->u.assoc_resp.variable; 1122 1123 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) 1124 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 1125 strerror(errno)); 1126 } 1127 1128 1129 static void handle_assoc(struct hostapd_data *hapd, 1130 const struct ieee80211_mgmt *mgmt, size_t len, 1131 int reassoc) 1132 { 1133 u16 capab_info, listen_interval; 1134 u16 resp = WLAN_STATUS_SUCCESS; 1135 const u8 *pos; 1136 int left, i; 1137 struct sta_info *sta; 1138 1139 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 1140 sizeof(mgmt->u.assoc_req))) { 1141 printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)" 1142 "\n", reassoc, (unsigned long) len); 1143 return; 1144 } 1145 1146 if (reassoc) { 1147 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 1148 listen_interval = le_to_host16( 1149 mgmt->u.reassoc_req.listen_interval); 1150 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 1151 " capab_info=0x%02x listen_interval=%d current_ap=" 1152 MACSTR, 1153 MAC2STR(mgmt->sa), capab_info, listen_interval, 1154 MAC2STR(mgmt->u.reassoc_req.current_ap)); 1155 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 1156 pos = mgmt->u.reassoc_req.variable; 1157 } else { 1158 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 1159 listen_interval = le_to_host16( 1160 mgmt->u.assoc_req.listen_interval); 1161 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 1162 " capab_info=0x%02x listen_interval=%d", 1163 MAC2STR(mgmt->sa), capab_info, listen_interval); 1164 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 1165 pos = mgmt->u.assoc_req.variable; 1166 } 1167 1168 sta = ap_get_sta(hapd, mgmt->sa); 1169 #ifdef CONFIG_IEEE80211R 1170 if (sta && sta->auth_alg == WLAN_AUTH_FT && 1171 (sta->flags & WLAN_STA_AUTH) == 0) { 1172 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 1173 "prior to authentication since it is using " 1174 "over-the-DS FT", MAC2STR(mgmt->sa)); 1175 } else 1176 #endif /* CONFIG_IEEE80211R */ 1177 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1178 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1179 HOSTAPD_LEVEL_INFO, "Station tried to " 1180 "associate before authentication " 1181 "(aid=%d flags=0x%x)", 1182 sta ? sta->aid : -1, 1183 sta ? sta->flags : 0); 1184 send_deauth(hapd, mgmt->sa, 1185 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 1186 return; 1187 } 1188 1189 if (hapd->tkip_countermeasures) { 1190 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 1191 goto fail; 1192 } 1193 1194 if (listen_interval > hapd->conf->max_listen_interval) { 1195 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1196 HOSTAPD_LEVEL_DEBUG, 1197 "Too large Listen Interval (%d)", 1198 listen_interval); 1199 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 1200 goto fail; 1201 } 1202 1203 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 1204 * is used */ 1205 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 1206 if (resp != WLAN_STATUS_SUCCESS) 1207 goto fail; 1208 1209 if (hostapd_get_aid(hapd, sta) < 0) { 1210 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1211 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1212 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1213 goto fail; 1214 } 1215 1216 sta->capability = capab_info; 1217 sta->listen_interval = listen_interval; 1218 1219 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1220 sta->flags |= WLAN_STA_NONERP; 1221 for (i = 0; i < sta->supported_rates_len; i++) { 1222 if ((sta->supported_rates[i] & 0x7f) > 22) { 1223 sta->flags &= ~WLAN_STA_NONERP; 1224 break; 1225 } 1226 } 1227 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1228 sta->nonerp_set = 1; 1229 hapd->iface->num_sta_non_erp++; 1230 if (hapd->iface->num_sta_non_erp == 1) 1231 ieee802_11_set_beacons(hapd->iface); 1232 } 1233 1234 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1235 !sta->no_short_slot_time_set) { 1236 sta->no_short_slot_time_set = 1; 1237 hapd->iface->num_sta_no_short_slot_time++; 1238 if (hapd->iface->current_mode->mode == 1239 HOSTAPD_MODE_IEEE80211G && 1240 hapd->iface->num_sta_no_short_slot_time == 1) 1241 ieee802_11_set_beacons(hapd->iface); 1242 } 1243 1244 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1245 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1246 else 1247 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1248 1249 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1250 !sta->no_short_preamble_set) { 1251 sta->no_short_preamble_set = 1; 1252 hapd->iface->num_sta_no_short_preamble++; 1253 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1254 && hapd->iface->num_sta_no_short_preamble == 1) 1255 ieee802_11_set_beacons(hapd->iface); 1256 } 1257 1258 #ifdef CONFIG_IEEE80211N 1259 update_ht_state(hapd, sta); 1260 #endif /* CONFIG_IEEE80211N */ 1261 1262 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1263 HOSTAPD_LEVEL_DEBUG, 1264 "association OK (aid %d)", sta->aid); 1265 /* Station will be marked associated, after it acknowledges AssocResp 1266 */ 1267 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1268 1269 #ifdef CONFIG_IEEE80211W 1270 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1271 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1272 "SA Query procedure", reassoc ? "re" : ""); 1273 /* TODO: Send a protected Disassociate frame to the STA using 1274 * the old key and Reason Code "Previous Authentication no 1275 * longer valid". Make sure this is only sent protected since 1276 * unprotected frame would be received by the STA that is now 1277 * trying to associate. 1278 */ 1279 } 1280 #endif /* CONFIG_IEEE80211W */ 1281 1282 if (reassoc) { 1283 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, 1284 ETH_ALEN); 1285 } 1286 1287 if (sta->last_assoc_req) 1288 os_free(sta->last_assoc_req); 1289 sta->last_assoc_req = os_malloc(len); 1290 if (sta->last_assoc_req) 1291 os_memcpy(sta->last_assoc_req, mgmt, len); 1292 1293 /* Make sure that the previously registered inactivity timer will not 1294 * remove the STA immediately. */ 1295 sta->timeout_next = STA_NULLFUNC; 1296 1297 fail: 1298 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1299 } 1300 1301 1302 static void handle_disassoc(struct hostapd_data *hapd, 1303 const struct ieee80211_mgmt *mgmt, size_t len) 1304 { 1305 struct sta_info *sta; 1306 1307 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1308 printf("handle_disassoc - too short payload (len=%lu)\n", 1309 (unsigned long) len); 1310 return; 1311 } 1312 1313 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1314 MAC2STR(mgmt->sa), 1315 le_to_host16(mgmt->u.disassoc.reason_code)); 1316 1317 sta = ap_get_sta(hapd, mgmt->sa); 1318 if (sta == NULL) { 1319 printf("Station " MACSTR " trying to disassociate, but it " 1320 "is not associated.\n", MAC2STR(mgmt->sa)); 1321 return; 1322 } 1323 1324 ap_sta_set_authorized(hapd, sta, 0); 1325 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1326 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1327 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1328 HOSTAPD_LEVEL_INFO, "disassociated"); 1329 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1330 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1331 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1332 * authenticated. */ 1333 accounting_sta_stop(hapd, sta); 1334 ieee802_1x_free_station(sta); 1335 hostapd_drv_sta_remove(hapd, sta->addr); 1336 1337 if (sta->timeout_next == STA_NULLFUNC || 1338 sta->timeout_next == STA_DISASSOC) { 1339 sta->timeout_next = STA_DEAUTH; 1340 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1341 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1342 hapd, sta); 1343 } 1344 1345 mlme_disassociate_indication( 1346 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1347 } 1348 1349 1350 static void handle_deauth(struct hostapd_data *hapd, 1351 const struct ieee80211_mgmt *mgmt, size_t len) 1352 { 1353 struct sta_info *sta; 1354 1355 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1356 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1357 "payload (len=%lu)", (unsigned long) len); 1358 return; 1359 } 1360 1361 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1362 " reason_code=%d", 1363 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1364 1365 sta = ap_get_sta(hapd, mgmt->sa); 1366 if (sta == NULL) { 1367 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1368 "to deauthenticate, but it is not authenticated", 1369 MAC2STR(mgmt->sa)); 1370 return; 1371 } 1372 1373 ap_sta_set_authorized(hapd, sta, 0); 1374 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1375 WLAN_STA_ASSOC_REQ_OK); 1376 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1377 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1378 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1379 mlme_deauthenticate_indication( 1380 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1381 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1382 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1383 ap_free_sta(hapd, sta); 1384 } 1385 1386 1387 static void handle_beacon(struct hostapd_data *hapd, 1388 const struct ieee80211_mgmt *mgmt, size_t len, 1389 struct hostapd_frame_info *fi) 1390 { 1391 struct ieee802_11_elems elems; 1392 1393 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1394 printf("handle_beacon - too short payload (len=%lu)\n", 1395 (unsigned long) len); 1396 return; 1397 } 1398 1399 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1400 len - (IEEE80211_HDRLEN + 1401 sizeof(mgmt->u.beacon)), &elems, 1402 0); 1403 1404 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1405 } 1406 1407 1408 #ifdef CONFIG_IEEE80211W 1409 1410 static void hostapd_sa_query_action(struct hostapd_data *hapd, 1411 const struct ieee80211_mgmt *mgmt, 1412 size_t len) 1413 { 1414 const u8 *end; 1415 1416 end = mgmt->u.action.u.sa_query_resp.trans_id + 1417 WLAN_SA_QUERY_TR_ID_LEN; 1418 if (((u8 *) mgmt) + len < end) { 1419 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1420 "frame (len=%lu)", (unsigned long) len); 1421 return; 1422 } 1423 1424 ieee802_11_sa_query_action(hapd, mgmt->sa, 1425 mgmt->u.action.u.sa_query_resp.action, 1426 mgmt->u.action.u.sa_query_resp.trans_id); 1427 } 1428 1429 1430 static int robust_action_frame(u8 category) 1431 { 1432 return category != WLAN_ACTION_PUBLIC && 1433 category != WLAN_ACTION_HT; 1434 } 1435 #endif /* CONFIG_IEEE80211W */ 1436 1437 1438 #ifdef CONFIG_WNM 1439 static void hostapd_wnm_action(struct hostapd_data *hapd, struct sta_info *sta, 1440 const struct ieee80211_mgmt *mgmt, 1441 size_t len) 1442 { 1443 struct rx_action action; 1444 if (len < IEEE80211_HDRLEN + 2) 1445 return; 1446 os_memset(&action, 0, sizeof(action)); 1447 action.da = mgmt->da; 1448 action.sa = mgmt->sa; 1449 action.bssid = mgmt->bssid; 1450 action.category = mgmt->u.action.category; 1451 action.data = (const u8 *) &mgmt->u.action.u.wnm_sleep_req.action; 1452 action.len = len - IEEE80211_HDRLEN - 1; 1453 action.freq = hapd->iface->freq; 1454 ieee802_11_rx_wnm_action_ap(hapd, &action); 1455 } 1456 #endif /* CONFIG_WNM */ 1457 1458 1459 static void handle_action(struct hostapd_data *hapd, 1460 const struct ieee80211_mgmt *mgmt, size_t len) 1461 { 1462 struct sta_info *sta; 1463 sta = ap_get_sta(hapd, mgmt->sa); 1464 1465 if (len < IEEE80211_HDRLEN + 1) { 1466 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1467 HOSTAPD_LEVEL_DEBUG, 1468 "handle_action - too short payload (len=%lu)", 1469 (unsigned long) len); 1470 return; 1471 } 1472 1473 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 1474 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 1475 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 1476 "frame (category=%u) from unassociated STA " MACSTR, 1477 MAC2STR(mgmt->sa), mgmt->u.action.category); 1478 return; 1479 } 1480 1481 #ifdef CONFIG_IEEE80211W 1482 if (sta && (sta->flags & WLAN_STA_MFP) && 1483 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP) && 1484 robust_action_frame(mgmt->u.action.category))) { 1485 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1486 HOSTAPD_LEVEL_DEBUG, 1487 "Dropped unprotected Robust Action frame from " 1488 "an MFP STA"); 1489 return; 1490 } 1491 #endif /* CONFIG_IEEE80211W */ 1492 1493 switch (mgmt->u.action.category) { 1494 #ifdef CONFIG_IEEE80211R 1495 case WLAN_ACTION_FT: 1496 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1497 len - IEEE80211_HDRLEN)) 1498 break; 1499 return; 1500 #endif /* CONFIG_IEEE80211R */ 1501 case WLAN_ACTION_WMM: 1502 hostapd_wmm_action(hapd, mgmt, len); 1503 return; 1504 #ifdef CONFIG_IEEE80211W 1505 case WLAN_ACTION_SA_QUERY: 1506 hostapd_sa_query_action(hapd, mgmt, len); 1507 return; 1508 #endif /* CONFIG_IEEE80211W */ 1509 #ifdef CONFIG_WNM 1510 case WLAN_ACTION_WNM: 1511 hostapd_wnm_action(hapd, sta, mgmt, len); 1512 return; 1513 #endif /* CONFIG_WNM */ 1514 case WLAN_ACTION_PUBLIC: 1515 if (hapd->public_action_cb) { 1516 hapd->public_action_cb(hapd->public_action_cb_ctx, 1517 (u8 *) mgmt, len, 1518 hapd->iface->freq); 1519 return; 1520 } 1521 break; 1522 case WLAN_ACTION_VENDOR_SPECIFIC: 1523 if (hapd->vendor_action_cb) { 1524 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1525 (u8 *) mgmt, len, 1526 hapd->iface->freq) == 0) 1527 return; 1528 } 1529 break; 1530 } 1531 1532 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1533 HOSTAPD_LEVEL_DEBUG, 1534 "handle_action - unknown action category %d or invalid " 1535 "frame", 1536 mgmt->u.action.category); 1537 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1538 !(mgmt->sa[0] & 0x01)) { 1539 struct ieee80211_mgmt *resp; 1540 1541 /* 1542 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1543 * Return the Action frame to the source without change 1544 * except that MSB of the Category set to 1. 1545 */ 1546 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1547 "frame back to sender"); 1548 resp = os_malloc(len); 1549 if (resp == NULL) 1550 return; 1551 os_memcpy(resp, mgmt, len); 1552 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1553 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1554 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1555 resp->u.action.category |= 0x80; 1556 1557 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 1558 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 1559 "Action frame"); 1560 } 1561 os_free(resp); 1562 } 1563 } 1564 1565 1566 /** 1567 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1568 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1569 * sent to) 1570 * @buf: management frame data (starting from IEEE 802.11 header) 1571 * @len: length of frame data in octets 1572 * @fi: meta data about received frame (signal level, etc.) 1573 * 1574 * Process all incoming IEEE 802.11 management frames. This will be called for 1575 * each frame received from the kernel driver through wlan#ap interface. In 1576 * addition, it can be called to re-inserted pending frames (e.g., when using 1577 * external RADIUS server as an MAC ACL). 1578 */ 1579 void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1580 struct hostapd_frame_info *fi) 1581 { 1582 struct ieee80211_mgmt *mgmt; 1583 int broadcast; 1584 u16 fc, stype; 1585 1586 if (len < 24) 1587 return; 1588 1589 mgmt = (struct ieee80211_mgmt *) buf; 1590 fc = le_to_host16(mgmt->frame_control); 1591 stype = WLAN_FC_GET_STYPE(fc); 1592 1593 if (stype == WLAN_FC_STYPE_BEACON) { 1594 handle_beacon(hapd, mgmt, len, fi); 1595 return; 1596 } 1597 1598 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1599 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1600 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1601 1602 if (!broadcast && 1603 #ifdef CONFIG_P2P 1604 /* Invitation responses can be sent with the peer MAC as BSSID */ 1605 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1606 stype == WLAN_FC_STYPE_ACTION) && 1607 #endif /* CONFIG_P2P */ 1608 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1609 printf("MGMT: BSSID=" MACSTR " not our address\n", 1610 MAC2STR(mgmt->bssid)); 1611 return; 1612 } 1613 1614 1615 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1616 handle_probe_req(hapd, mgmt, len, fi->ssi_signal); 1617 return; 1618 } 1619 1620 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1621 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1622 HOSTAPD_LEVEL_DEBUG, 1623 "MGMT: DA=" MACSTR " not our address", 1624 MAC2STR(mgmt->da)); 1625 return; 1626 } 1627 1628 switch (stype) { 1629 case WLAN_FC_STYPE_AUTH: 1630 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1631 handle_auth(hapd, mgmt, len); 1632 break; 1633 case WLAN_FC_STYPE_ASSOC_REQ: 1634 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1635 handle_assoc(hapd, mgmt, len, 0); 1636 break; 1637 case WLAN_FC_STYPE_REASSOC_REQ: 1638 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1639 handle_assoc(hapd, mgmt, len, 1); 1640 break; 1641 case WLAN_FC_STYPE_DISASSOC: 1642 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1643 handle_disassoc(hapd, mgmt, len); 1644 break; 1645 case WLAN_FC_STYPE_DEAUTH: 1646 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1647 handle_deauth(hapd, mgmt, len); 1648 break; 1649 case WLAN_FC_STYPE_ACTION: 1650 wpa_printf(MSG_DEBUG, "mgmt::action"); 1651 handle_action(hapd, mgmt, len); 1652 break; 1653 default: 1654 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1655 HOSTAPD_LEVEL_DEBUG, 1656 "unknown mgmt frame subtype %d", stype); 1657 break; 1658 } 1659 } 1660 1661 1662 static void handle_auth_cb(struct hostapd_data *hapd, 1663 const struct ieee80211_mgmt *mgmt, 1664 size_t len, int ok) 1665 { 1666 u16 auth_alg, auth_transaction, status_code; 1667 struct sta_info *sta; 1668 1669 if (!ok) { 1670 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1671 HOSTAPD_LEVEL_NOTICE, 1672 "did not acknowledge authentication response"); 1673 return; 1674 } 1675 1676 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1677 printf("handle_auth_cb - too short payload (len=%lu)\n", 1678 (unsigned long) len); 1679 return; 1680 } 1681 1682 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1683 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1684 status_code = le_to_host16(mgmt->u.auth.status_code); 1685 1686 sta = ap_get_sta(hapd, mgmt->da); 1687 if (!sta) { 1688 printf("handle_auth_cb: STA " MACSTR " not found\n", 1689 MAC2STR(mgmt->da)); 1690 return; 1691 } 1692 1693 if (status_code == WLAN_STATUS_SUCCESS && 1694 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1695 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1696 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1697 HOSTAPD_LEVEL_INFO, "authenticated"); 1698 sta->flags |= WLAN_STA_AUTH; 1699 } 1700 } 1701 1702 1703 static void handle_assoc_cb(struct hostapd_data *hapd, 1704 const struct ieee80211_mgmt *mgmt, 1705 size_t len, int reassoc, int ok) 1706 { 1707 u16 status; 1708 struct sta_info *sta; 1709 int new_assoc = 1; 1710 struct ieee80211_ht_capabilities ht_cap; 1711 1712 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1713 sizeof(mgmt->u.assoc_resp))) { 1714 printf("handle_assoc_cb(reassoc=%d) - too short payload " 1715 "(len=%lu)\n", reassoc, (unsigned long) len); 1716 return; 1717 } 1718 1719 sta = ap_get_sta(hapd, mgmt->da); 1720 if (!sta) { 1721 printf("handle_assoc_cb: STA " MACSTR " not found\n", 1722 MAC2STR(mgmt->da)); 1723 return; 1724 } 1725 1726 if (!ok) { 1727 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1728 HOSTAPD_LEVEL_DEBUG, 1729 "did not acknowledge association response"); 1730 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 1731 return; 1732 } 1733 1734 if (reassoc) 1735 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1736 else 1737 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1738 1739 if (status != WLAN_STATUS_SUCCESS) 1740 goto fail; 1741 1742 /* Stop previous accounting session, if one is started, and allocate 1743 * new session id for the new session. */ 1744 accounting_sta_stop(hapd, sta); 1745 1746 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1747 HOSTAPD_LEVEL_INFO, 1748 "associated (aid %d)", 1749 sta->aid); 1750 1751 if (sta->flags & WLAN_STA_ASSOC) 1752 new_assoc = 0; 1753 sta->flags |= WLAN_STA_ASSOC; 1754 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa) || 1755 sta->auth_alg == WLAN_AUTH_FT) { 1756 /* 1757 * Open, static WEP, or FT protocol; no separate authorization 1758 * step. 1759 */ 1760 ap_sta_set_authorized(hapd, sta, 1); 1761 } 1762 1763 if (reassoc) 1764 mlme_reassociate_indication(hapd, sta); 1765 else 1766 mlme_associate_indication(hapd, sta); 1767 1768 #ifdef CONFIG_IEEE80211W 1769 sta->sa_query_timed_out = 0; 1770 #endif /* CONFIG_IEEE80211W */ 1771 1772 /* 1773 * Remove the STA entry in order to make sure the STA PS state gets 1774 * cleared and configuration gets updated in case of reassociation back 1775 * to the same AP. 1776 */ 1777 hostapd_drv_sta_remove(hapd, sta->addr); 1778 1779 #ifdef CONFIG_IEEE80211N 1780 if (sta->flags & WLAN_STA_HT) 1781 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1782 #endif /* CONFIG_IEEE80211N */ 1783 1784 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1785 sta->supported_rates, sta->supported_rates_len, 1786 sta->listen_interval, 1787 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1788 sta->flags, sta->qosinfo)) { 1789 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1790 HOSTAPD_LEVEL_NOTICE, 1791 "Could not add STA to kernel driver"); 1792 1793 ap_sta_disconnect(hapd, sta, sta->addr, 1794 WLAN_REASON_DISASSOC_AP_BUSY); 1795 1796 goto fail; 1797 } 1798 1799 if (sta->flags & WLAN_STA_WDS) 1800 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 1801 1802 if (sta->eapol_sm == NULL) { 1803 /* 1804 * This STA does not use RADIUS server for EAP authentication, 1805 * so bind it to the selected VLAN interface now, since the 1806 * interface selection is not going to change anymore. 1807 */ 1808 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1809 goto fail; 1810 } else if (sta->vlan_id) { 1811 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 1812 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1813 goto fail; 1814 } 1815 1816 hostapd_set_sta_flags(hapd, sta); 1817 1818 if (sta->auth_alg == WLAN_AUTH_FT) 1819 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 1820 else 1821 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 1822 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 1823 1824 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 1825 1826 fail: 1827 /* Copy of the association request is not needed anymore */ 1828 if (sta->last_assoc_req) { 1829 os_free(sta->last_assoc_req); 1830 sta->last_assoc_req = NULL; 1831 } 1832 } 1833 1834 1835 static void handle_deauth_cb(struct hostapd_data *hapd, 1836 const struct ieee80211_mgmt *mgmt, 1837 size_t len, int ok) 1838 { 1839 struct sta_info *sta; 1840 if (mgmt->da[0] & 0x01) 1841 return; 1842 sta = ap_get_sta(hapd, mgmt->da); 1843 if (!sta) { 1844 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 1845 " not found", MAC2STR(mgmt->da)); 1846 return; 1847 } 1848 if (ok) 1849 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 1850 MAC2STR(sta->addr)); 1851 else 1852 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1853 "deauth", MAC2STR(sta->addr)); 1854 1855 ap_sta_deauth_cb(hapd, sta); 1856 } 1857 1858 1859 static void handle_disassoc_cb(struct hostapd_data *hapd, 1860 const struct ieee80211_mgmt *mgmt, 1861 size_t len, int ok) 1862 { 1863 struct sta_info *sta; 1864 if (mgmt->da[0] & 0x01) 1865 return; 1866 sta = ap_get_sta(hapd, mgmt->da); 1867 if (!sta) { 1868 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 1869 " not found", MAC2STR(mgmt->da)); 1870 return; 1871 } 1872 if (ok) 1873 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 1874 MAC2STR(sta->addr)); 1875 else 1876 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1877 "disassoc", MAC2STR(sta->addr)); 1878 1879 ap_sta_disassoc_cb(hapd, sta); 1880 } 1881 1882 1883 /** 1884 * ieee802_11_mgmt_cb - Process management frame TX status callback 1885 * @hapd: hostapd BSS data structure (the BSS from which the management frame 1886 * was sent from) 1887 * @buf: management frame data (starting from IEEE 802.11 header) 1888 * @len: length of frame data in octets 1889 * @stype: management frame subtype from frame control field 1890 * @ok: Whether the frame was ACK'ed 1891 */ 1892 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 1893 u16 stype, int ok) 1894 { 1895 const struct ieee80211_mgmt *mgmt; 1896 mgmt = (const struct ieee80211_mgmt *) buf; 1897 1898 switch (stype) { 1899 case WLAN_FC_STYPE_AUTH: 1900 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 1901 handle_auth_cb(hapd, mgmt, len, ok); 1902 break; 1903 case WLAN_FC_STYPE_ASSOC_RESP: 1904 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 1905 handle_assoc_cb(hapd, mgmt, len, 0, ok); 1906 break; 1907 case WLAN_FC_STYPE_REASSOC_RESP: 1908 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 1909 handle_assoc_cb(hapd, mgmt, len, 1, ok); 1910 break; 1911 case WLAN_FC_STYPE_PROBE_RESP: 1912 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 1913 break; 1914 case WLAN_FC_STYPE_DEAUTH: 1915 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 1916 handle_deauth_cb(hapd, mgmt, len, ok); 1917 break; 1918 case WLAN_FC_STYPE_DISASSOC: 1919 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 1920 handle_disassoc_cb(hapd, mgmt, len, ok); 1921 break; 1922 case WLAN_FC_STYPE_ACTION: 1923 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 1924 break; 1925 default: 1926 printf("unknown mgmt cb frame subtype %d\n", stype); 1927 break; 1928 } 1929 } 1930 1931 1932 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 1933 { 1934 /* TODO */ 1935 return 0; 1936 } 1937 1938 1939 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 1940 char *buf, size_t buflen) 1941 { 1942 /* TODO */ 1943 return 0; 1944 } 1945 1946 1947 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 1948 const u8 *buf, size_t len, int ack) 1949 { 1950 struct sta_info *sta; 1951 struct hostapd_iface *iface = hapd->iface; 1952 1953 sta = ap_get_sta(hapd, addr); 1954 if (sta == NULL && iface->num_bss > 1) { 1955 size_t j; 1956 for (j = 0; j < iface->num_bss; j++) { 1957 hapd = iface->bss[j]; 1958 sta = ap_get_sta(hapd, addr); 1959 if (sta) 1960 break; 1961 } 1962 } 1963 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 1964 return; 1965 if (sta->flags & WLAN_STA_PENDING_POLL) { 1966 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 1967 "activity poll", MAC2STR(sta->addr), 1968 ack ? "ACKed" : "did not ACK"); 1969 if (ack) 1970 sta->flags &= ~WLAN_STA_PENDING_POLL; 1971 } 1972 1973 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 1974 } 1975 1976 1977 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 1978 const u8 *data, size_t len, int ack) 1979 { 1980 struct sta_info *sta; 1981 struct hostapd_iface *iface = hapd->iface; 1982 1983 sta = ap_get_sta(hapd, dst); 1984 if (sta == NULL && iface->num_bss > 1) { 1985 size_t j; 1986 for (j = 0; j < iface->num_bss; j++) { 1987 hapd = iface->bss[j]; 1988 sta = ap_get_sta(hapd, dst); 1989 if (sta) 1990 break; 1991 } 1992 } 1993 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 1994 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 1995 MACSTR " that is not currently associated", 1996 MAC2STR(dst)); 1997 return; 1998 } 1999 2000 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 2001 } 2002 2003 2004 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 2005 { 2006 struct sta_info *sta; 2007 struct hostapd_iface *iface = hapd->iface; 2008 2009 sta = ap_get_sta(hapd, addr); 2010 if (sta == NULL && iface->num_bss > 1) { 2011 size_t j; 2012 for (j = 0; j < iface->num_bss; j++) { 2013 hapd = iface->bss[j]; 2014 sta = ap_get_sta(hapd, addr); 2015 if (sta) 2016 break; 2017 } 2018 } 2019 if (sta == NULL) 2020 return; 2021 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 2022 return; 2023 2024 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 2025 "activity poll", MAC2STR(sta->addr)); 2026 sta->flags &= ~WLAN_STA_PENDING_POLL; 2027 } 2028 2029 2030 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 2031 int wds) 2032 { 2033 struct sta_info *sta; 2034 2035 sta = ap_get_sta(hapd, src); 2036 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 2037 if (!hapd->conf->wds_sta) 2038 return; 2039 2040 if (wds && !(sta->flags & WLAN_STA_WDS)) { 2041 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 2042 "STA " MACSTR " (aid %u)", 2043 MAC2STR(sta->addr), sta->aid); 2044 sta->flags |= WLAN_STA_WDS; 2045 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 2046 } 2047 return; 2048 } 2049 2050 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 2051 MACSTR, MAC2STR(src)); 2052 if (src[0] & 0x01) { 2053 /* Broadcast bit set in SA?! Ignore the frame silently. */ 2054 return; 2055 } 2056 2057 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 2058 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 2059 "already been sent, but no TX status yet known - " 2060 "ignore Class 3 frame issue with " MACSTR, 2061 MAC2STR(src)); 2062 return; 2063 } 2064 2065 if (sta && (sta->flags & WLAN_STA_AUTH)) 2066 hostapd_drv_sta_disassoc( 2067 hapd, src, 2068 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2069 else 2070 hostapd_drv_sta_deauth( 2071 hapd, src, 2072 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 2073 } 2074 2075 2076 #endif /* CONFIG_NATIVE_WINDOWS */ 2077