1 /* 2 * hostapd / Station table 3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "common/sae.h" 16 #include "common/dpp.h" 17 #include "radius/radius.h" 18 #include "radius/radius_client.h" 19 #include "p2p/p2p.h" 20 #include "fst/fst.h" 21 #include "crypto/crypto.h" 22 #include "hostapd.h" 23 #include "accounting.h" 24 #include "ieee802_1x.h" 25 #include "ieee802_11.h" 26 #include "ieee802_11_auth.h" 27 #include "wpa_auth.h" 28 #include "preauth_auth.h" 29 #include "ap_config.h" 30 #include "beacon.h" 31 #include "ap_mlme.h" 32 #include "vlan_init.h" 33 #include "p2p_hostapd.h" 34 #include "ap_drv_ops.h" 35 #include "gas_serv.h" 36 #include "wnm_ap.h" 37 #include "mbo_ap.h" 38 #include "ndisc_snoop.h" 39 #include "sta_info.h" 40 #include "vlan.h" 41 #include "wps_hostapd.h" 42 43 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 44 struct sta_info *sta); 45 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx); 46 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx); 47 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx); 48 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx); 49 #ifdef CONFIG_IEEE80211W 50 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx); 51 #endif /* CONFIG_IEEE80211W */ 52 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta); 53 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx); 54 55 int ap_for_each_sta(struct hostapd_data *hapd, 56 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta, 57 void *ctx), 58 void *ctx) 59 { 60 struct sta_info *sta; 61 62 for (sta = hapd->sta_list; sta; sta = sta->next) { 63 if (cb(hapd, sta, ctx)) 64 return 1; 65 } 66 67 return 0; 68 } 69 70 71 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta) 72 { 73 struct sta_info *s; 74 75 s = hapd->sta_hash[STA_HASH(sta)]; 76 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0) 77 s = s->hnext; 78 return s; 79 } 80 81 82 #ifdef CONFIG_P2P 83 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr) 84 { 85 struct sta_info *sta; 86 87 for (sta = hapd->sta_list; sta; sta = sta->next) { 88 const u8 *p2p_dev_addr; 89 90 if (sta->p2p_ie == NULL) 91 continue; 92 93 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 94 if (p2p_dev_addr == NULL) 95 continue; 96 97 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0) 98 return sta; 99 } 100 101 return NULL; 102 } 103 #endif /* CONFIG_P2P */ 104 105 106 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta) 107 { 108 struct sta_info *tmp; 109 110 if (hapd->sta_list == sta) { 111 hapd->sta_list = sta->next; 112 return; 113 } 114 115 tmp = hapd->sta_list; 116 while (tmp != NULL && tmp->next != sta) 117 tmp = tmp->next; 118 if (tmp == NULL) { 119 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from " 120 "list.", MAC2STR(sta->addr)); 121 } else 122 tmp->next = sta->next; 123 } 124 125 126 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta) 127 { 128 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)]; 129 hapd->sta_hash[STA_HASH(sta->addr)] = sta; 130 } 131 132 133 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta) 134 { 135 struct sta_info *s; 136 137 s = hapd->sta_hash[STA_HASH(sta->addr)]; 138 if (s == NULL) return; 139 if (os_memcmp(s->addr, sta->addr, 6) == 0) { 140 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext; 141 return; 142 } 143 144 while (s->hnext != NULL && 145 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0) 146 s = s->hnext; 147 if (s->hnext != NULL) 148 s->hnext = s->hnext->hnext; 149 else 150 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR 151 " from hash table", MAC2STR(sta->addr)); 152 } 153 154 155 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta) 156 { 157 sta_ip6addr_del(hapd, sta); 158 } 159 160 161 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) 162 { 163 int set_beacon = 0; 164 165 accounting_sta_stop(hapd, sta); 166 167 /* just in case */ 168 ap_sta_set_authorized(hapd, sta, 0); 169 170 if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP)) 171 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0); 172 173 if (sta->ipaddr) 174 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 175 ap_sta_ip6addr_del(hapd, sta); 176 177 if (!hapd->iface->driver_ap_teardown && 178 !(sta->flags & WLAN_STA_PREAUTH)) { 179 hostapd_drv_sta_remove(hapd, sta->addr); 180 sta->added_unassoc = 0; 181 } 182 183 ap_sta_hash_del(hapd, sta); 184 ap_sta_list_del(hapd, sta); 185 186 if (sta->aid > 0) 187 hapd->sta_aid[(sta->aid - 1) / 32] &= 188 ~BIT((sta->aid - 1) % 32); 189 190 hapd->num_sta--; 191 if (sta->nonerp_set) { 192 sta->nonerp_set = 0; 193 hapd->iface->num_sta_non_erp--; 194 if (hapd->iface->num_sta_non_erp == 0) 195 set_beacon++; 196 } 197 198 if (sta->no_short_slot_time_set) { 199 sta->no_short_slot_time_set = 0; 200 hapd->iface->num_sta_no_short_slot_time--; 201 if (hapd->iface->current_mode && 202 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 203 && hapd->iface->num_sta_no_short_slot_time == 0) 204 set_beacon++; 205 } 206 207 if (sta->no_short_preamble_set) { 208 sta->no_short_preamble_set = 0; 209 hapd->iface->num_sta_no_short_preamble--; 210 if (hapd->iface->current_mode && 211 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 212 && hapd->iface->num_sta_no_short_preamble == 0) 213 set_beacon++; 214 } 215 216 if (sta->no_ht_gf_set) { 217 sta->no_ht_gf_set = 0; 218 hapd->iface->num_sta_ht_no_gf--; 219 } 220 221 if (sta->no_ht_set) { 222 sta->no_ht_set = 0; 223 hapd->iface->num_sta_no_ht--; 224 } 225 226 if (sta->ht_20mhz_set) { 227 sta->ht_20mhz_set = 0; 228 hapd->iface->num_sta_ht_20mhz--; 229 } 230 231 #ifdef CONFIG_TAXONOMY 232 wpabuf_free(sta->probe_ie_taxonomy); 233 sta->probe_ie_taxonomy = NULL; 234 wpabuf_free(sta->assoc_ie_taxonomy); 235 sta->assoc_ie_taxonomy = NULL; 236 #endif /* CONFIG_TAXONOMY */ 237 238 #ifdef CONFIG_IEEE80211N 239 ht40_intolerant_remove(hapd->iface, sta); 240 #endif /* CONFIG_IEEE80211N */ 241 242 #ifdef CONFIG_P2P 243 if (sta->no_p2p_set) { 244 sta->no_p2p_set = 0; 245 hapd->num_sta_no_p2p--; 246 if (hapd->num_sta_no_p2p == 0) 247 hostapd_p2p_non_p2p_sta_disconnected(hapd); 248 } 249 #endif /* CONFIG_P2P */ 250 251 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N) 252 if (hostapd_ht_operation_update(hapd->iface) > 0) 253 set_beacon++; 254 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */ 255 256 #ifdef CONFIG_MESH 257 if (hapd->mesh_sta_free_cb) 258 hapd->mesh_sta_free_cb(hapd, sta); 259 #endif /* CONFIG_MESH */ 260 261 if (set_beacon) 262 ieee802_11_set_beacons(hapd->iface); 263 264 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR, 265 __func__, MAC2STR(sta->addr)); 266 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 267 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 268 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 269 ap_sta_clear_disconnect_timeouts(hapd, sta); 270 sae_clear_retransmit_timer(hapd, sta); 271 272 ieee802_1x_free_station(hapd, sta); 273 wpa_auth_sta_deinit(sta->wpa_sm); 274 rsn_preauth_free_station(hapd, sta); 275 #ifndef CONFIG_NO_RADIUS 276 if (hapd->radius) 277 radius_client_flush_auth(hapd->radius, sta->addr); 278 #endif /* CONFIG_NO_RADIUS */ 279 280 #ifndef CONFIG_NO_VLAN 281 /* 282 * sta->wpa_sm->group needs to be released before so that 283 * vlan_remove_dynamic() can check that no stations are left on the 284 * AP_VLAN netdev. 285 */ 286 if (sta->vlan_id) 287 vlan_remove_dynamic(hapd, sta->vlan_id); 288 if (sta->vlan_id_bound) { 289 /* 290 * Need to remove the STA entry before potentially removing the 291 * VLAN. 292 */ 293 if (hapd->iface->driver_ap_teardown && 294 !(sta->flags & WLAN_STA_PREAUTH)) { 295 hostapd_drv_sta_remove(hapd, sta->addr); 296 sta->added_unassoc = 0; 297 } 298 vlan_remove_dynamic(hapd, sta->vlan_id_bound); 299 } 300 #endif /* CONFIG_NO_VLAN */ 301 302 os_free(sta->challenge); 303 304 #ifdef CONFIG_IEEE80211W 305 os_free(sta->sa_query_trans_id); 306 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 307 #endif /* CONFIG_IEEE80211W */ 308 309 #ifdef CONFIG_P2P 310 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr); 311 #endif /* CONFIG_P2P */ 312 313 #ifdef CONFIG_INTERWORKING 314 if (sta->gas_dialog) { 315 int i; 316 for (i = 0; i < GAS_DIALOG_MAX; i++) 317 gas_serv_dialog_clear(&sta->gas_dialog[i]); 318 os_free(sta->gas_dialog); 319 } 320 #endif /* CONFIG_INTERWORKING */ 321 322 wpabuf_free(sta->wps_ie); 323 wpabuf_free(sta->p2p_ie); 324 wpabuf_free(sta->hs20_ie); 325 wpabuf_free(sta->roaming_consortium); 326 #ifdef CONFIG_FST 327 wpabuf_free(sta->mb_ies); 328 #endif /* CONFIG_FST */ 329 330 os_free(sta->ht_capabilities); 331 os_free(sta->vht_capabilities); 332 os_free(sta->vht_operation); 333 os_free(sta->he_capab); 334 hostapd_free_psk_list(sta->psk); 335 os_free(sta->identity); 336 os_free(sta->radius_cui); 337 os_free(sta->remediation_url); 338 os_free(sta->t_c_url); 339 wpabuf_free(sta->hs20_deauth_req); 340 os_free(sta->hs20_session_info_url); 341 342 #ifdef CONFIG_SAE 343 sae_clear_data(sta->sae); 344 os_free(sta->sae); 345 #endif /* CONFIG_SAE */ 346 347 mbo_ap_sta_free(sta); 348 os_free(sta->supp_op_classes); 349 350 #ifdef CONFIG_FILS 351 os_free(sta->fils_pending_assoc_req); 352 wpabuf_free(sta->fils_hlp_resp); 353 wpabuf_free(sta->hlp_dhcp_discover); 354 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta); 355 #ifdef CONFIG_FILS_SK_PFS 356 crypto_ecdh_deinit(sta->fils_ecdh); 357 wpabuf_clear_free(sta->fils_dh_ss); 358 wpabuf_free(sta->fils_g_sta); 359 #endif /* CONFIG_FILS_SK_PFS */ 360 #endif /* CONFIG_FILS */ 361 362 #ifdef CONFIG_OWE 363 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len); 364 crypto_ecdh_deinit(sta->owe_ecdh); 365 #endif /* CONFIG_OWE */ 366 367 #ifdef CONFIG_DPP2 368 dpp_pfs_free(sta->dpp_pfs); 369 sta->dpp_pfs = NULL; 370 #endif /* CONFIG_DPP2 */ 371 372 os_free(sta->ext_capability); 373 374 #ifdef CONFIG_WNM_AP 375 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta); 376 #endif /* CONFIG_WNM_AP */ 377 378 os_free(sta->ifname_wds); 379 380 os_free(sta); 381 } 382 383 384 void hostapd_free_stas(struct hostapd_data *hapd) 385 { 386 struct sta_info *sta, *prev; 387 388 sta = hapd->sta_list; 389 390 while (sta) { 391 prev = sta; 392 if (sta->flags & WLAN_STA_AUTH) { 393 mlme_deauthenticate_indication( 394 hapd, sta, WLAN_REASON_UNSPECIFIED); 395 } 396 sta = sta->next; 397 wpa_printf(MSG_DEBUG, "Removing station " MACSTR, 398 MAC2STR(prev->addr)); 399 ap_free_sta(hapd, prev); 400 } 401 } 402 403 404 /** 405 * ap_handle_timer - Per STA timer handler 406 * @eloop_ctx: struct hostapd_data * 407 * @timeout_ctx: struct sta_info * 408 * 409 * This function is called to check station activity and to remove inactive 410 * stations. 411 */ 412 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx) 413 { 414 struct hostapd_data *hapd = eloop_ctx; 415 struct sta_info *sta = timeout_ctx; 416 unsigned long next_time = 0; 417 int reason; 418 419 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d", 420 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags, 421 sta->timeout_next); 422 if (sta->timeout_next == STA_REMOVE) { 423 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 424 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 425 "local deauth request"); 426 ap_free_sta(hapd, sta); 427 return; 428 } 429 430 if ((sta->flags & WLAN_STA_ASSOC) && 431 (sta->timeout_next == STA_NULLFUNC || 432 sta->timeout_next == STA_DISASSOC)) { 433 int inactive_sec; 434 /* 435 * Add random value to timeout so that we don't end up bouncing 436 * all stations at the same time if we have lots of associated 437 * stations that are idle (but keep re-associating). 438 */ 439 int fuzz = os_random() % 20; 440 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr); 441 if (inactive_sec == -1) { 442 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 443 "Check inactivity: Could not " 444 "get station info from kernel driver for " 445 MACSTR, MAC2STR(sta->addr)); 446 /* 447 * The driver may not support this functionality. 448 * Anyway, try again after the next inactivity timeout, 449 * but do not disconnect the station now. 450 */ 451 next_time = hapd->conf->ap_max_inactivity + fuzz; 452 } else if (inactive_sec == -ENOENT) { 453 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 454 "Station " MACSTR " has lost its driver entry", 455 MAC2STR(sta->addr)); 456 457 /* Avoid sending client probe on removed client */ 458 sta->timeout_next = STA_DISASSOC; 459 goto skip_poll; 460 } else if (inactive_sec < hapd->conf->ap_max_inactivity) { 461 /* station activity detected; reset timeout state */ 462 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 463 "Station " MACSTR " has been active %is ago", 464 MAC2STR(sta->addr), inactive_sec); 465 sta->timeout_next = STA_NULLFUNC; 466 next_time = hapd->conf->ap_max_inactivity + fuzz - 467 inactive_sec; 468 } else { 469 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 470 "Station " MACSTR " has been " 471 "inactive too long: %d sec, max allowed: %d", 472 MAC2STR(sta->addr), inactive_sec, 473 hapd->conf->ap_max_inactivity); 474 475 if (hapd->conf->skip_inactivity_poll) 476 sta->timeout_next = STA_DISASSOC; 477 } 478 } 479 480 if ((sta->flags & WLAN_STA_ASSOC) && 481 sta->timeout_next == STA_DISASSOC && 482 !(sta->flags & WLAN_STA_PENDING_POLL) && 483 !hapd->conf->skip_inactivity_poll) { 484 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR 485 " has ACKed data poll", MAC2STR(sta->addr)); 486 /* data nullfunc frame poll did not produce TX errors; assume 487 * station ACKed it */ 488 sta->timeout_next = STA_NULLFUNC; 489 next_time = hapd->conf->ap_max_inactivity; 490 } 491 492 skip_poll: 493 if (next_time) { 494 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 495 "for " MACSTR " (%lu seconds)", 496 __func__, MAC2STR(sta->addr), next_time); 497 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd, 498 sta); 499 return; 500 } 501 502 if (sta->timeout_next == STA_NULLFUNC && 503 (sta->flags & WLAN_STA_ASSOC)) { 504 wpa_printf(MSG_DEBUG, " Polling STA"); 505 sta->flags |= WLAN_STA_PENDING_POLL; 506 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr, 507 sta->flags & WLAN_STA_WMM); 508 } else if (sta->timeout_next != STA_REMOVE) { 509 int deauth = sta->timeout_next == STA_DEAUTH; 510 511 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) { 512 /* Cannot disassociate not-associated STA, so move 513 * directly to deauthentication. */ 514 sta->timeout_next = STA_DEAUTH; 515 deauth = 1; 516 } 517 518 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 519 "Timeout, sending %s info to STA " MACSTR, 520 deauth ? "deauthentication" : "disassociation", 521 MAC2STR(sta->addr)); 522 523 if (deauth) { 524 hostapd_drv_sta_deauth( 525 hapd, sta->addr, 526 WLAN_REASON_PREV_AUTH_NOT_VALID); 527 } else { 528 reason = (sta->timeout_next == STA_DISASSOC) ? 529 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 530 WLAN_REASON_PREV_AUTH_NOT_VALID; 531 532 hostapd_drv_sta_disassoc(hapd, sta->addr, reason); 533 } 534 } 535 536 switch (sta->timeout_next) { 537 case STA_NULLFUNC: 538 sta->timeout_next = STA_DISASSOC; 539 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 540 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)", 541 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY); 542 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer, 543 hapd, sta); 544 break; 545 case STA_DISASSOC: 546 case STA_DISASSOC_FROM_CLI: 547 ap_sta_set_authorized(hapd, sta, 0); 548 sta->flags &= ~WLAN_STA_ASSOC; 549 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 550 if (!sta->acct_terminate_cause) 551 sta->acct_terminate_cause = 552 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 553 accounting_sta_stop(hapd, sta); 554 ieee802_1x_free_station(hapd, sta); 555 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 556 HOSTAPD_LEVEL_INFO, "disassociated due to " 557 "inactivity"); 558 reason = (sta->timeout_next == STA_DISASSOC) ? 559 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 560 WLAN_REASON_PREV_AUTH_NOT_VALID; 561 sta->timeout_next = STA_DEAUTH; 562 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 563 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)", 564 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY); 565 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 566 hapd, sta); 567 mlme_disassociate_indication(hapd, sta, reason); 568 break; 569 case STA_DEAUTH: 570 case STA_REMOVE: 571 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 572 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 573 "inactivity (timer DEAUTH/REMOVE)"); 574 if (!sta->acct_terminate_cause) 575 sta->acct_terminate_cause = 576 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 577 mlme_deauthenticate_indication( 578 hapd, sta, 579 WLAN_REASON_PREV_AUTH_NOT_VALID); 580 ap_free_sta(hapd, sta); 581 break; 582 } 583 } 584 585 586 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx) 587 { 588 struct hostapd_data *hapd = eloop_ctx; 589 struct sta_info *sta = timeout_ctx; 590 591 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR, 592 hapd->conf->iface, MAC2STR(sta->addr)); 593 if (!(sta->flags & WLAN_STA_AUTH)) { 594 if (sta->flags & WLAN_STA_GAS) { 595 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA " 596 "entry " MACSTR, MAC2STR(sta->addr)); 597 ap_free_sta(hapd, sta); 598 } 599 return; 600 } 601 602 hostapd_drv_sta_deauth(hapd, sta->addr, 603 WLAN_REASON_PREV_AUTH_NOT_VALID); 604 mlme_deauthenticate_indication(hapd, sta, 605 WLAN_REASON_PREV_AUTH_NOT_VALID); 606 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 607 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 608 "session timeout"); 609 sta->acct_terminate_cause = 610 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT; 611 ap_free_sta(hapd, sta); 612 } 613 614 615 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta, 616 u32 session_timeout) 617 { 618 if (eloop_replenish_timeout(session_timeout, 0, 619 ap_handle_session_timer, hapd, sta) == 1) { 620 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 621 HOSTAPD_LEVEL_DEBUG, "setting session timeout " 622 "to %d seconds", session_timeout); 623 } 624 } 625 626 627 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta, 628 u32 session_timeout) 629 { 630 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 631 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d " 632 "seconds", session_timeout); 633 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 634 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer, 635 hapd, sta); 636 } 637 638 639 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta) 640 { 641 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 642 } 643 644 645 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx) 646 { 647 #ifdef CONFIG_WNM_AP 648 struct hostapd_data *hapd = eloop_ctx; 649 struct sta_info *sta = timeout_ctx; 650 651 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for " 652 MACSTR, hapd->conf->iface, MAC2STR(sta->addr)); 653 if (sta->hs20_session_info_url == NULL) 654 return; 655 656 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url, 657 sta->hs20_disassoc_timer); 658 #endif /* CONFIG_WNM_AP */ 659 } 660 661 662 void ap_sta_session_warning_timeout(struct hostapd_data *hapd, 663 struct sta_info *sta, int warning_time) 664 { 665 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 666 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer, 667 hapd, sta); 668 } 669 670 671 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr) 672 { 673 struct sta_info *sta; 674 int i; 675 676 sta = ap_get_sta(hapd, addr); 677 if (sta) 678 return sta; 679 680 wpa_printf(MSG_DEBUG, " New STA"); 681 if (hapd->num_sta >= hapd->conf->max_num_sta) { 682 /* FIX: might try to remove some old STAs first? */ 683 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)", 684 hapd->num_sta, hapd->conf->max_num_sta); 685 return NULL; 686 } 687 688 sta = os_zalloc(sizeof(struct sta_info)); 689 if (sta == NULL) { 690 wpa_printf(MSG_ERROR, "malloc failed"); 691 return NULL; 692 } 693 sta->acct_interim_interval = hapd->conf->acct_interim_interval; 694 if (accounting_sta_get_id(hapd, sta) < 0) { 695 os_free(sta); 696 return NULL; 697 } 698 699 for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) { 700 if (!hapd->iface->basic_rates) 701 break; 702 if (hapd->iface->basic_rates[i] < 0) 703 break; 704 sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5; 705 } 706 sta->supported_rates_len = i; 707 708 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) { 709 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 710 "for " MACSTR " (%d seconds - ap_max_inactivity)", 711 __func__, MAC2STR(addr), 712 hapd->conf->ap_max_inactivity); 713 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0, 714 ap_handle_timer, hapd, sta); 715 } 716 717 /* initialize STA info data */ 718 os_memcpy(sta->addr, addr, ETH_ALEN); 719 sta->next = hapd->sta_list; 720 hapd->sta_list = sta; 721 hapd->num_sta++; 722 ap_sta_hash_add(hapd, sta); 723 ap_sta_remove_in_other_bss(hapd, sta); 724 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 725 dl_list_init(&sta->ip6addr); 726 727 #ifdef CONFIG_TAXONOMY 728 sta_track_claim_taxonomy_info(hapd->iface, addr, 729 &sta->probe_ie_taxonomy); 730 #endif /* CONFIG_TAXONOMY */ 731 732 return sta; 733 } 734 735 736 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta) 737 { 738 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 739 740 if (sta->ipaddr) 741 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 742 ap_sta_ip6addr_del(hapd, sta); 743 744 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver", 745 hapd->conf->iface, MAC2STR(sta->addr)); 746 if (hostapd_drv_sta_remove(hapd, sta->addr) && 747 sta->flags & WLAN_STA_ASSOC) { 748 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR 749 " from kernel driver", 750 hapd->conf->iface, MAC2STR(sta->addr)); 751 return -1; 752 } 753 sta->added_unassoc = 0; 754 return 0; 755 } 756 757 758 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 759 struct sta_info *sta) 760 { 761 struct hostapd_iface *iface = hapd->iface; 762 size_t i; 763 764 for (i = 0; i < iface->num_bss; i++) { 765 struct hostapd_data *bss = iface->bss[i]; 766 struct sta_info *sta2; 767 /* bss should always be set during operation, but it may be 768 * NULL during reconfiguration. Assume the STA is not 769 * associated to another BSS in that case to avoid NULL pointer 770 * dereferences. */ 771 if (bss == hapd || bss == NULL) 772 continue; 773 sta2 = ap_get_sta(bss, sta->addr); 774 if (!sta2) 775 continue; 776 777 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR 778 " association from another BSS %s", 779 hapd->conf->iface, MAC2STR(sta2->addr), 780 bss->conf->iface); 781 ap_sta_disconnect(bss, sta2, sta2->addr, 782 WLAN_REASON_PREV_AUTH_NOT_VALID); 783 } 784 } 785 786 787 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx) 788 { 789 struct hostapd_data *hapd = eloop_ctx; 790 struct sta_info *sta = timeout_ctx; 791 792 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR, 793 hapd->conf->iface, MAC2STR(sta->addr)); 794 ap_sta_remove(hapd, sta); 795 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason); 796 } 797 798 799 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta, 800 u16 reason) 801 { 802 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR, 803 hapd->conf->iface, MAC2STR(sta->addr)); 804 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 805 if (hapd->iface->current_mode && 806 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 807 /* Skip deauthentication in DMG/IEEE 802.11ad */ 808 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 809 WLAN_STA_ASSOC_REQ_OK); 810 sta->timeout_next = STA_REMOVE; 811 } else { 812 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 813 sta->timeout_next = STA_DEAUTH; 814 } 815 ap_sta_set_authorized(hapd, sta, 0); 816 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 817 "for " MACSTR " (%d seconds - " 818 "AP_MAX_INACTIVITY_AFTER_DISASSOC)", 819 __func__, MAC2STR(sta->addr), 820 AP_MAX_INACTIVITY_AFTER_DISASSOC); 821 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 822 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0, 823 ap_handle_timer, hapd, sta); 824 accounting_sta_stop(hapd, sta); 825 ieee802_1x_free_station(hapd, sta); 826 wpa_auth_sta_deinit(sta->wpa_sm); 827 sta->wpa_sm = NULL; 828 829 sta->disassoc_reason = reason; 830 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 831 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 832 eloop_register_timeout(hapd->iface->drv_flags & 833 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 834 ap_sta_disassoc_cb_timeout, hapd, sta); 835 } 836 837 838 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx) 839 { 840 struct hostapd_data *hapd = eloop_ctx; 841 struct sta_info *sta = timeout_ctx; 842 843 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR, 844 hapd->conf->iface, MAC2STR(sta->addr)); 845 ap_sta_remove(hapd, sta); 846 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason); 847 } 848 849 850 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta, 851 u16 reason) 852 { 853 if (hapd->iface->current_mode && 854 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 855 /* Deauthentication is not used in DMG/IEEE 802.11ad; 856 * disassociate the STA instead. */ 857 ap_sta_disassociate(hapd, sta, reason); 858 return; 859 } 860 861 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR, 862 hapd->conf->iface, MAC2STR(sta->addr)); 863 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 864 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 865 ap_sta_set_authorized(hapd, sta, 0); 866 sta->timeout_next = STA_REMOVE; 867 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 868 "for " MACSTR " (%d seconds - " 869 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 870 __func__, MAC2STR(sta->addr), 871 AP_MAX_INACTIVITY_AFTER_DEAUTH); 872 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 873 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 874 ap_handle_timer, hapd, sta); 875 accounting_sta_stop(hapd, sta); 876 ieee802_1x_free_station(hapd, sta); 877 878 sta->deauth_reason = reason; 879 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 880 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 881 eloop_register_timeout(hapd->iface->drv_flags & 882 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 883 ap_sta_deauth_cb_timeout, hapd, sta); 884 } 885 886 887 #ifdef CONFIG_WPS 888 int ap_sta_wps_cancel(struct hostapd_data *hapd, 889 struct sta_info *sta, void *ctx) 890 { 891 if (sta && (sta->flags & WLAN_STA_WPS)) { 892 ap_sta_deauthenticate(hapd, sta, 893 WLAN_REASON_PREV_AUTH_NOT_VALID); 894 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR, 895 __func__, MAC2STR(sta->addr)); 896 return 1; 897 } 898 899 return 0; 900 } 901 #endif /* CONFIG_WPS */ 902 903 904 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd) 905 { 906 struct hostapd_vlan *vlan; 907 int vlan_id = MAX_VLAN_ID + 2; 908 909 retry: 910 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 911 if (vlan->vlan_id == vlan_id) { 912 vlan_id++; 913 goto retry; 914 } 915 } 916 return vlan_id; 917 } 918 919 920 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta, 921 struct vlan_description *vlan_desc) 922 { 923 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL; 924 int old_vlan_id, vlan_id = 0, ret = 0; 925 926 /* Check if there is something to do */ 927 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) { 928 /* This sta is lacking its own vif */ 929 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED && 930 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) { 931 /* sta->vlan_id needs to be reset */ 932 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) { 933 return 0; /* nothing to change */ 934 } 935 936 /* Now the real VLAN changed or the STA just needs its own vif */ 937 if (hapd->conf->ssid.per_sta_vif) { 938 /* Assign a new vif, always */ 939 /* find a free vlan_id sufficiently big */ 940 vlan_id = ap_sta_get_free_vlan_id(hapd); 941 /* Get wildcard VLAN */ 942 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 943 if (vlan->vlan_id == VLAN_ID_WILDCARD) 944 break; 945 } 946 if (!vlan) { 947 hostapd_logger(hapd, sta->addr, 948 HOSTAPD_MODULE_IEEE80211, 949 HOSTAPD_LEVEL_DEBUG, 950 "per_sta_vif missing wildcard"); 951 vlan_id = 0; 952 ret = -1; 953 goto done; 954 } 955 } else if (vlan_desc && vlan_desc->notempty) { 956 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 957 if (!vlan_compare(&vlan->vlan_desc, vlan_desc)) 958 break; 959 if (vlan->vlan_id == VLAN_ID_WILDCARD) 960 wildcard_vlan = vlan; 961 } 962 if (vlan) { 963 vlan_id = vlan->vlan_id; 964 } else if (wildcard_vlan) { 965 vlan = wildcard_vlan; 966 vlan_id = vlan_desc->untagged; 967 if (vlan_desc->tagged[0]) { 968 /* Tagged VLAN configuration */ 969 vlan_id = ap_sta_get_free_vlan_id(hapd); 970 } 971 } else { 972 hostapd_logger(hapd, sta->addr, 973 HOSTAPD_MODULE_IEEE80211, 974 HOSTAPD_LEVEL_DEBUG, 975 "missing vlan and wildcard for vlan=%d%s", 976 vlan_desc->untagged, 977 vlan_desc->tagged[0] ? "+" : ""); 978 vlan_id = 0; 979 ret = -1; 980 goto done; 981 } 982 } 983 984 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) { 985 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc); 986 if (vlan == NULL) { 987 hostapd_logger(hapd, sta->addr, 988 HOSTAPD_MODULE_IEEE80211, 989 HOSTAPD_LEVEL_DEBUG, 990 "could not add dynamic VLAN interface for vlan=%d%s", 991 vlan_desc ? vlan_desc->untagged : -1, 992 (vlan_desc && vlan_desc->tagged[0]) ? 993 "+" : ""); 994 vlan_id = 0; 995 ret = -1; 996 goto done; 997 } 998 999 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1000 HOSTAPD_LEVEL_DEBUG, 1001 "added new dynamic VLAN interface '%s'", 1002 vlan->ifname); 1003 } else if (vlan && vlan->dynamic_vlan > 0) { 1004 vlan->dynamic_vlan++; 1005 hostapd_logger(hapd, sta->addr, 1006 HOSTAPD_MODULE_IEEE80211, 1007 HOSTAPD_LEVEL_DEBUG, 1008 "updated existing dynamic VLAN interface '%s'", 1009 vlan->ifname); 1010 } 1011 done: 1012 old_vlan_id = sta->vlan_id; 1013 sta->vlan_id = vlan_id; 1014 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL; 1015 1016 if (vlan_id != old_vlan_id && old_vlan_id) 1017 vlan_remove_dynamic(hapd, old_vlan_id); 1018 1019 return ret; 1020 } 1021 1022 1023 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta) 1024 { 1025 #ifndef CONFIG_NO_VLAN 1026 const char *iface; 1027 struct hostapd_vlan *vlan = NULL; 1028 int ret; 1029 int old_vlanid = sta->vlan_id_bound; 1030 1031 iface = hapd->conf->iface; 1032 if (hapd->conf->ssid.vlan[0]) 1033 iface = hapd->conf->ssid.vlan; 1034 1035 if (sta->vlan_id > 0) { 1036 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 1037 if (vlan->vlan_id == sta->vlan_id) 1038 break; 1039 } 1040 if (vlan) 1041 iface = vlan->ifname; 1042 } 1043 1044 /* 1045 * Do not increment ref counters if the VLAN ID remains same, but do 1046 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might 1047 * have been called before. 1048 */ 1049 if (sta->vlan_id == old_vlanid) 1050 goto skip_counting; 1051 1052 if (sta->vlan_id > 0 && vlan == NULL) { 1053 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1054 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for " 1055 "binding station to (vlan_id=%d)", 1056 sta->vlan_id); 1057 ret = -1; 1058 goto done; 1059 } else if (vlan && vlan->dynamic_vlan > 0) { 1060 vlan->dynamic_vlan++; 1061 hostapd_logger(hapd, sta->addr, 1062 HOSTAPD_MODULE_IEEE80211, 1063 HOSTAPD_LEVEL_DEBUG, 1064 "updated existing dynamic VLAN interface '%s'", 1065 iface); 1066 } 1067 1068 /* ref counters have been increased, so mark the station */ 1069 sta->vlan_id_bound = sta->vlan_id; 1070 1071 skip_counting: 1072 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1073 HOSTAPD_LEVEL_DEBUG, "binding station to interface " 1074 "'%s'", iface); 1075 1076 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0) 1077 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA"); 1078 1079 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id); 1080 if (ret < 0) { 1081 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1082 HOSTAPD_LEVEL_DEBUG, "could not bind the STA " 1083 "entry to vlan_id=%d", sta->vlan_id); 1084 } 1085 1086 /* During 1x reauth, if the vlan id changes, then remove the old id. */ 1087 if (old_vlanid > 0 && old_vlanid != sta->vlan_id) 1088 vlan_remove_dynamic(hapd, old_vlanid); 1089 done: 1090 1091 return ret; 1092 #else /* CONFIG_NO_VLAN */ 1093 return 0; 1094 #endif /* CONFIG_NO_VLAN */ 1095 } 1096 1097 1098 #ifdef CONFIG_IEEE80211W 1099 1100 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta) 1101 { 1102 u32 tu; 1103 struct os_reltime now, passed; 1104 os_get_reltime(&now); 1105 os_reltime_sub(&now, &sta->sa_query_start, &passed); 1106 tu = (passed.sec * 1000000 + passed.usec) / 1024; 1107 if (hapd->conf->assoc_sa_query_max_timeout < tu) { 1108 hostapd_logger(hapd, sta->addr, 1109 HOSTAPD_MODULE_IEEE80211, 1110 HOSTAPD_LEVEL_DEBUG, 1111 "association SA Query timed out"); 1112 sta->sa_query_timed_out = 1; 1113 os_free(sta->sa_query_trans_id); 1114 sta->sa_query_trans_id = NULL; 1115 sta->sa_query_count = 0; 1116 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1117 return 1; 1118 } 1119 1120 return 0; 1121 } 1122 1123 1124 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx) 1125 { 1126 struct hostapd_data *hapd = eloop_ctx; 1127 struct sta_info *sta = timeout_ctx; 1128 unsigned int timeout, sec, usec; 1129 u8 *trans_id, *nbuf; 1130 1131 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR 1132 " (count=%d)", 1133 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count); 1134 1135 if (sta->sa_query_count > 0 && 1136 ap_check_sa_query_timeout(hapd, sta)) 1137 return; 1138 1139 nbuf = os_realloc_array(sta->sa_query_trans_id, 1140 sta->sa_query_count + 1, 1141 WLAN_SA_QUERY_TR_ID_LEN); 1142 if (nbuf == NULL) 1143 return; 1144 if (sta->sa_query_count == 0) { 1145 /* Starting a new SA Query procedure */ 1146 os_get_reltime(&sta->sa_query_start); 1147 } 1148 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN; 1149 sta->sa_query_trans_id = nbuf; 1150 sta->sa_query_count++; 1151 1152 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) { 1153 /* 1154 * We don't really care which ID is used here, so simply 1155 * hardcode this if the mostly theoretical os_get_random() 1156 * failure happens. 1157 */ 1158 trans_id[0] = 0x12; 1159 trans_id[1] = 0x34; 1160 } 1161 1162 timeout = hapd->conf->assoc_sa_query_retry_timeout; 1163 sec = ((timeout / 1000) * 1024) / 1000; 1164 usec = (timeout % 1000) * 1024; 1165 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta); 1166 1167 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1168 HOSTAPD_LEVEL_DEBUG, 1169 "association SA Query attempt %d", sta->sa_query_count); 1170 1171 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id); 1172 } 1173 1174 1175 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1176 { 1177 ap_sa_query_timer(hapd, sta); 1178 } 1179 1180 1181 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1182 { 1183 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1184 os_free(sta->sa_query_trans_id); 1185 sta->sa_query_trans_id = NULL; 1186 sta->sa_query_count = 0; 1187 } 1188 1189 #endif /* CONFIG_IEEE80211W */ 1190 1191 1192 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd, 1193 struct sta_info *sta) 1194 { 1195 struct hostapd_wpa_psk *psk; 1196 struct hostapd_ssid *ssid; 1197 const u8 *pmk; 1198 int pmk_len; 1199 1200 ssid = &hapd->conf->ssid; 1201 1202 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len); 1203 if (!pmk || pmk_len != PMK_LEN) 1204 return NULL; 1205 1206 for (psk = ssid->wpa_psk; psk; psk = psk->next) 1207 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0) 1208 break; 1209 if (!psk) 1210 return NULL; 1211 if (!psk || !psk->keyid[0]) 1212 return NULL; 1213 1214 return psk->keyid; 1215 } 1216 1217 1218 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta, 1219 int authorized) 1220 { 1221 const u8 *dev_addr = NULL; 1222 char buf[100]; 1223 #ifdef CONFIG_P2P 1224 u8 addr[ETH_ALEN]; 1225 u8 ip_addr_buf[4]; 1226 #endif /* CONFIG_P2P */ 1227 1228 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED)) 1229 return; 1230 1231 if (authorized) 1232 sta->flags |= WLAN_STA_AUTHORIZED; 1233 else 1234 sta->flags &= ~WLAN_STA_AUTHORIZED; 1235 1236 #ifdef CONFIG_P2P 1237 if (hapd->p2p_group == NULL) { 1238 if (sta->p2p_ie != NULL && 1239 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0) 1240 dev_addr = addr; 1241 } else 1242 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr); 1243 1244 if (dev_addr) 1245 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR, 1246 MAC2STR(sta->addr), MAC2STR(dev_addr)); 1247 else 1248 #endif /* CONFIG_P2P */ 1249 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr)); 1250 1251 if (hapd->sta_authorized_cb) 1252 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx, 1253 sta->addr, authorized, dev_addr); 1254 1255 if (authorized) { 1256 const char *keyid; 1257 char keyid_buf[100]; 1258 char ip_addr[100]; 1259 1260 keyid_buf[0] = '\0'; 1261 ip_addr[0] = '\0'; 1262 #ifdef CONFIG_P2P 1263 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) { 1264 os_snprintf(ip_addr, sizeof(ip_addr), 1265 " ip_addr=%u.%u.%u.%u", 1266 ip_addr_buf[0], ip_addr_buf[1], 1267 ip_addr_buf[2], ip_addr_buf[3]); 1268 } 1269 #endif /* CONFIG_P2P */ 1270 1271 keyid = ap_sta_wpa_get_keyid(hapd, sta); 1272 if (keyid) { 1273 os_snprintf(keyid_buf, sizeof(keyid_buf), 1274 " keyid=%s", keyid); 1275 } 1276 1277 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s", 1278 buf, ip_addr, keyid_buf); 1279 1280 if (hapd->msg_ctx_parent && 1281 hapd->msg_ctx_parent != hapd->msg_ctx) 1282 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1283 AP_STA_CONNECTED "%s%s%s", 1284 buf, ip_addr, keyid_buf); 1285 } else { 1286 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); 1287 1288 if (hapd->msg_ctx_parent && 1289 hapd->msg_ctx_parent != hapd->msg_ctx) 1290 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1291 AP_STA_DISCONNECTED "%s", buf); 1292 } 1293 1294 #ifdef CONFIG_FST 1295 if (hapd->iface->fst) { 1296 if (authorized) 1297 fst_notify_peer_connected(hapd->iface->fst, sta->addr); 1298 else 1299 fst_notify_peer_disconnected(hapd->iface->fst, 1300 sta->addr); 1301 } 1302 #endif /* CONFIG_FST */ 1303 } 1304 1305 1306 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta, 1307 const u8 *addr, u16 reason) 1308 { 1309 if (sta) 1310 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u", 1311 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1312 reason); 1313 else if (addr) 1314 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u", 1315 hapd->conf->iface, __func__, MAC2STR(addr), 1316 reason); 1317 1318 if (sta == NULL && addr) 1319 sta = ap_get_sta(hapd, addr); 1320 1321 if (addr) 1322 hostapd_drv_sta_deauth(hapd, addr, reason); 1323 1324 if (sta == NULL) 1325 return; 1326 ap_sta_set_authorized(hapd, sta, 0); 1327 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1328 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1329 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1330 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout " 1331 "for " MACSTR " (%d seconds - " 1332 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 1333 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1334 AP_MAX_INACTIVITY_AFTER_DEAUTH); 1335 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1336 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 1337 ap_handle_timer, hapd, sta); 1338 sta->timeout_next = STA_REMOVE; 1339 1340 if (hapd->iface->current_mode && 1341 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 1342 /* Deauthentication is not used in DMG/IEEE 802.11ad; 1343 * disassociate the STA instead. */ 1344 sta->disassoc_reason = reason; 1345 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 1346 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1347 eloop_register_timeout(hapd->iface->drv_flags & 1348 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 1349 2 : 0, 0, ap_sta_disassoc_cb_timeout, 1350 hapd, sta); 1351 return; 1352 } 1353 1354 sta->deauth_reason = reason; 1355 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 1356 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1357 eloop_register_timeout(hapd->iface->drv_flags & 1358 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 1359 ap_sta_deauth_cb_timeout, hapd, sta); 1360 } 1361 1362 1363 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta) 1364 { 1365 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) { 1366 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame"); 1367 return; 1368 } 1369 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB; 1370 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1371 ap_sta_deauth_cb_timeout(hapd, sta); 1372 } 1373 1374 1375 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta) 1376 { 1377 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) { 1378 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame"); 1379 return; 1380 } 1381 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB; 1382 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1383 ap_sta_disassoc_cb_timeout(hapd, sta); 1384 } 1385 1386 1387 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd, 1388 struct sta_info *sta) 1389 { 1390 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0) 1391 wpa_printf(MSG_DEBUG, 1392 "%s: Removed ap_sta_deauth_cb_timeout timeout for " 1393 MACSTR, 1394 hapd->conf->iface, MAC2STR(sta->addr)); 1395 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0) 1396 wpa_printf(MSG_DEBUG, 1397 "%s: Removed ap_sta_disassoc_cb_timeout timeout for " 1398 MACSTR, 1399 hapd->conf->iface, MAC2STR(sta->addr)); 1400 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0) 1401 { 1402 wpa_printf(MSG_DEBUG, 1403 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for " 1404 MACSTR, 1405 hapd->conf->iface, MAC2STR(sta->addr)); 1406 if (sta->flags & WLAN_STA_WPS) 1407 hostapd_wps_eap_completed(hapd); 1408 } 1409 } 1410 1411 1412 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen) 1413 { 1414 int res; 1415 1416 buf[0] = '\0'; 1417 res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 1418 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""), 1419 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""), 1420 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""), 1421 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" : 1422 ""), 1423 (flags & WLAN_STA_SHORT_PREAMBLE ? 1424 "[SHORT_PREAMBLE]" : ""), 1425 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""), 1426 (flags & WLAN_STA_WMM ? "[WMM]" : ""), 1427 (flags & WLAN_STA_MFP ? "[MFP]" : ""), 1428 (flags & WLAN_STA_WPS ? "[WPS]" : ""), 1429 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""), 1430 (flags & WLAN_STA_WDS ? "[WDS]" : ""), 1431 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""), 1432 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""), 1433 (flags & WLAN_STA_GAS ? "[GAS]" : ""), 1434 (flags & WLAN_STA_HT ? "[HT]" : ""), 1435 (flags & WLAN_STA_VHT ? "[VHT]" : ""), 1436 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""), 1437 (flags & WLAN_STA_WNM_SLEEP_MODE ? 1438 "[WNM_SLEEP_MODE]" : "")); 1439 if (os_snprintf_error(buflen, res)) 1440 res = -1; 1441 1442 return res; 1443 } 1444 1445 1446 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx) 1447 { 1448 struct hostapd_data *hapd = eloop_ctx; 1449 struct sta_info *sta = timeout_ctx; 1450 u16 reason; 1451 1452 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1453 "IEEE 802.1X: Scheduled disconnection of " MACSTR 1454 " after EAP-Failure", MAC2STR(sta->addr)); 1455 1456 reason = sta->disconnect_reason_code; 1457 if (!reason) 1458 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED; 1459 ap_sta_disconnect(hapd, sta, sta->addr, reason); 1460 if (sta->flags & WLAN_STA_WPS) 1461 hostapd_wps_eap_completed(hapd); 1462 } 1463 1464 1465 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1466 struct sta_info *sta) 1467 { 1468 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1469 "IEEE 802.1X: Force disconnection of " MACSTR 1470 " after EAP-Failure in 10 ms", MAC2STR(sta->addr)); 1471 1472 /* 1473 * Add a small sleep to increase likelihood of previously requested 1474 * EAP-Failure TX getting out before this should the driver reorder 1475 * operations. 1476 */ 1477 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta); 1478 eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb, 1479 hapd, sta); 1480 } 1481 1482 1483 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1484 struct sta_info *sta) 1485 { 1486 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb, 1487 hapd, sta); 1488 } 1489