1 /* 2 * hostapd / Station table 3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "common/sae.h" 16 #include "common/dpp.h" 17 #include "radius/radius.h" 18 #include "radius/radius_client.h" 19 #include "p2p/p2p.h" 20 #include "fst/fst.h" 21 #include "crypto/crypto.h" 22 #include "hostapd.h" 23 #include "accounting.h" 24 #include "ieee802_1x.h" 25 #include "ieee802_11.h" 26 #include "ieee802_11_auth.h" 27 #include "wpa_auth.h" 28 #include "preauth_auth.h" 29 #include "ap_config.h" 30 #include "beacon.h" 31 #include "ap_mlme.h" 32 #include "vlan_init.h" 33 #include "p2p_hostapd.h" 34 #include "ap_drv_ops.h" 35 #include "gas_serv.h" 36 #include "wnm_ap.h" 37 #include "mbo_ap.h" 38 #include "ndisc_snoop.h" 39 #include "sta_info.h" 40 #include "vlan.h" 41 #include "wps_hostapd.h" 42 43 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 44 struct sta_info *sta); 45 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx); 46 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx); 47 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx); 48 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx); 49 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx); 50 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta); 51 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx); 52 53 int ap_for_each_sta(struct hostapd_data *hapd, 54 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta, 55 void *ctx), 56 void *ctx) 57 { 58 struct sta_info *sta; 59 60 for (sta = hapd->sta_list; sta; sta = sta->next) { 61 if (cb(hapd, sta, ctx)) 62 return 1; 63 } 64 65 return 0; 66 } 67 68 69 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta) 70 { 71 struct sta_info *s; 72 73 s = hapd->sta_hash[STA_HASH(sta)]; 74 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0) 75 s = s->hnext; 76 return s; 77 } 78 79 80 #ifdef CONFIG_P2P 81 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr) 82 { 83 struct sta_info *sta; 84 85 for (sta = hapd->sta_list; sta; sta = sta->next) { 86 const u8 *p2p_dev_addr; 87 88 if (sta->p2p_ie == NULL) 89 continue; 90 91 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 92 if (p2p_dev_addr == NULL) 93 continue; 94 95 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0) 96 return sta; 97 } 98 99 return NULL; 100 } 101 #endif /* CONFIG_P2P */ 102 103 104 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta) 105 { 106 struct sta_info *tmp; 107 108 if (hapd->sta_list == sta) { 109 hapd->sta_list = sta->next; 110 return; 111 } 112 113 tmp = hapd->sta_list; 114 while (tmp != NULL && tmp->next != sta) 115 tmp = tmp->next; 116 if (tmp == NULL) { 117 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from " 118 "list.", MAC2STR(sta->addr)); 119 } else 120 tmp->next = sta->next; 121 } 122 123 124 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta) 125 { 126 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)]; 127 hapd->sta_hash[STA_HASH(sta->addr)] = sta; 128 } 129 130 131 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta) 132 { 133 struct sta_info *s; 134 135 s = hapd->sta_hash[STA_HASH(sta->addr)]; 136 if (s == NULL) return; 137 if (os_memcmp(s->addr, sta->addr, 6) == 0) { 138 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext; 139 return; 140 } 141 142 while (s->hnext != NULL && 143 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0) 144 s = s->hnext; 145 if (s->hnext != NULL) 146 s->hnext = s->hnext->hnext; 147 else 148 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR 149 " from hash table", MAC2STR(sta->addr)); 150 } 151 152 153 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta) 154 { 155 sta_ip6addr_del(hapd, sta); 156 } 157 158 159 #ifdef CONFIG_PASN 160 161 void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta) 162 { 163 if (sta->pasn) { 164 wpa_printf(MSG_DEBUG, "PASN: Free PASN context: " MACSTR, 165 MAC2STR(sta->addr)); 166 167 if (sta->pasn->ecdh) 168 crypto_ecdh_deinit(sta->pasn->ecdh); 169 170 wpabuf_free(sta->pasn->secret); 171 sta->pasn->secret = NULL; 172 173 #ifdef CONFIG_SAE 174 sae_clear_data(&sta->pasn->sae); 175 #endif /* CONFIG_SAE */ 176 177 #ifdef CONFIG_FILS 178 /* In practice this pointer should be NULL */ 179 wpabuf_free(sta->pasn->fils.erp_resp); 180 sta->pasn->fils.erp_resp = NULL; 181 #endif /* CONFIG_FILS */ 182 183 bin_clear_free(sta->pasn, sizeof(*sta->pasn)); 184 sta->pasn = NULL; 185 } 186 } 187 188 #endif /* CONFIG_PASN */ 189 190 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) 191 { 192 int set_beacon = 0; 193 194 accounting_sta_stop(hapd, sta); 195 196 /* just in case */ 197 ap_sta_set_authorized(hapd, sta, 0); 198 hostapd_set_sta_flags(hapd, sta); 199 200 if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP)) 201 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0); 202 203 if (sta->ipaddr) 204 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 205 ap_sta_ip6addr_del(hapd, sta); 206 207 if (!hapd->iface->driver_ap_teardown && 208 !(sta->flags & WLAN_STA_PREAUTH)) { 209 hostapd_drv_sta_remove(hapd, sta->addr); 210 sta->added_unassoc = 0; 211 } 212 213 ap_sta_hash_del(hapd, sta); 214 ap_sta_list_del(hapd, sta); 215 216 if (sta->aid > 0) 217 hapd->sta_aid[(sta->aid - 1) / 32] &= 218 ~BIT((sta->aid - 1) % 32); 219 220 hapd->num_sta--; 221 if (sta->nonerp_set) { 222 sta->nonerp_set = 0; 223 hapd->iface->num_sta_non_erp--; 224 if (hapd->iface->num_sta_non_erp == 0) 225 set_beacon++; 226 } 227 228 if (sta->no_short_slot_time_set) { 229 sta->no_short_slot_time_set = 0; 230 hapd->iface->num_sta_no_short_slot_time--; 231 if (hapd->iface->current_mode && 232 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 233 && hapd->iface->num_sta_no_short_slot_time == 0) 234 set_beacon++; 235 } 236 237 if (sta->no_short_preamble_set) { 238 sta->no_short_preamble_set = 0; 239 hapd->iface->num_sta_no_short_preamble--; 240 if (hapd->iface->current_mode && 241 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 242 && hapd->iface->num_sta_no_short_preamble == 0) 243 set_beacon++; 244 } 245 246 if (sta->no_ht_gf_set) { 247 sta->no_ht_gf_set = 0; 248 hapd->iface->num_sta_ht_no_gf--; 249 } 250 251 if (sta->no_ht_set) { 252 sta->no_ht_set = 0; 253 hapd->iface->num_sta_no_ht--; 254 } 255 256 if (sta->ht_20mhz_set) { 257 sta->ht_20mhz_set = 0; 258 hapd->iface->num_sta_ht_20mhz--; 259 } 260 261 #ifdef CONFIG_TAXONOMY 262 wpabuf_free(sta->probe_ie_taxonomy); 263 sta->probe_ie_taxonomy = NULL; 264 wpabuf_free(sta->assoc_ie_taxonomy); 265 sta->assoc_ie_taxonomy = NULL; 266 #endif /* CONFIG_TAXONOMY */ 267 268 ht40_intolerant_remove(hapd->iface, sta); 269 270 #ifdef CONFIG_P2P 271 if (sta->no_p2p_set) { 272 sta->no_p2p_set = 0; 273 hapd->num_sta_no_p2p--; 274 if (hapd->num_sta_no_p2p == 0) 275 hostapd_p2p_non_p2p_sta_disconnected(hapd); 276 } 277 #endif /* CONFIG_P2P */ 278 279 #ifdef NEED_AP_MLME 280 if (hostapd_ht_operation_update(hapd->iface) > 0) 281 set_beacon++; 282 #endif /* NEED_AP_MLME */ 283 284 #ifdef CONFIG_MESH 285 if (hapd->mesh_sta_free_cb) 286 hapd->mesh_sta_free_cb(hapd, sta); 287 #endif /* CONFIG_MESH */ 288 289 if (set_beacon) 290 ieee802_11_set_beacons(hapd->iface); 291 292 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR, 293 __func__, MAC2STR(sta->addr)); 294 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 295 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 296 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 297 ap_sta_clear_disconnect_timeouts(hapd, sta); 298 sae_clear_retransmit_timer(hapd, sta); 299 300 ieee802_1x_free_station(hapd, sta); 301 wpa_auth_sta_deinit(sta->wpa_sm); 302 rsn_preauth_free_station(hapd, sta); 303 #ifndef CONFIG_NO_RADIUS 304 if (hapd->radius) 305 radius_client_flush_auth(hapd->radius, sta->addr); 306 #endif /* CONFIG_NO_RADIUS */ 307 308 #ifndef CONFIG_NO_VLAN 309 /* 310 * sta->wpa_sm->group needs to be released before so that 311 * vlan_remove_dynamic() can check that no stations are left on the 312 * AP_VLAN netdev. 313 */ 314 if (sta->vlan_id) 315 vlan_remove_dynamic(hapd, sta->vlan_id); 316 if (sta->vlan_id_bound) { 317 /* 318 * Need to remove the STA entry before potentially removing the 319 * VLAN. 320 */ 321 if (hapd->iface->driver_ap_teardown && 322 !(sta->flags & WLAN_STA_PREAUTH)) { 323 hostapd_drv_sta_remove(hapd, sta->addr); 324 sta->added_unassoc = 0; 325 } 326 vlan_remove_dynamic(hapd, sta->vlan_id_bound); 327 } 328 #endif /* CONFIG_NO_VLAN */ 329 330 os_free(sta->challenge); 331 332 os_free(sta->sa_query_trans_id); 333 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 334 335 #ifdef CONFIG_P2P 336 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr); 337 #endif /* CONFIG_P2P */ 338 339 #ifdef CONFIG_INTERWORKING 340 if (sta->gas_dialog) { 341 int i; 342 for (i = 0; i < GAS_DIALOG_MAX; i++) 343 gas_serv_dialog_clear(&sta->gas_dialog[i]); 344 os_free(sta->gas_dialog); 345 } 346 #endif /* CONFIG_INTERWORKING */ 347 348 wpabuf_free(sta->wps_ie); 349 wpabuf_free(sta->p2p_ie); 350 wpabuf_free(sta->hs20_ie); 351 wpabuf_free(sta->roaming_consortium); 352 #ifdef CONFIG_FST 353 wpabuf_free(sta->mb_ies); 354 #endif /* CONFIG_FST */ 355 356 os_free(sta->ht_capabilities); 357 os_free(sta->vht_capabilities); 358 os_free(sta->vht_operation); 359 os_free(sta->he_capab); 360 os_free(sta->he_6ghz_capab); 361 hostapd_free_psk_list(sta->psk); 362 os_free(sta->identity); 363 os_free(sta->radius_cui); 364 os_free(sta->remediation_url); 365 os_free(sta->t_c_url); 366 wpabuf_free(sta->hs20_deauth_req); 367 os_free(sta->hs20_session_info_url); 368 369 #ifdef CONFIG_SAE 370 sae_clear_data(sta->sae); 371 os_free(sta->sae); 372 #endif /* CONFIG_SAE */ 373 374 mbo_ap_sta_free(sta); 375 os_free(sta->supp_op_classes); 376 377 #ifdef CONFIG_FILS 378 os_free(sta->fils_pending_assoc_req); 379 wpabuf_free(sta->fils_hlp_resp); 380 wpabuf_free(sta->hlp_dhcp_discover); 381 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta); 382 #ifdef CONFIG_FILS_SK_PFS 383 crypto_ecdh_deinit(sta->fils_ecdh); 384 wpabuf_clear_free(sta->fils_dh_ss); 385 wpabuf_free(sta->fils_g_sta); 386 #endif /* CONFIG_FILS_SK_PFS */ 387 #endif /* CONFIG_FILS */ 388 389 #ifdef CONFIG_OWE 390 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len); 391 crypto_ecdh_deinit(sta->owe_ecdh); 392 #endif /* CONFIG_OWE */ 393 394 #ifdef CONFIG_DPP2 395 dpp_pfs_free(sta->dpp_pfs); 396 sta->dpp_pfs = NULL; 397 #endif /* CONFIG_DPP2 */ 398 399 os_free(sta->ext_capability); 400 401 #ifdef CONFIG_WNM_AP 402 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta); 403 #endif /* CONFIG_WNM_AP */ 404 405 #ifdef CONFIG_PASN 406 ap_free_sta_pasn(hapd, sta); 407 #endif /* CONFIG_PASN */ 408 409 os_free(sta->ifname_wds); 410 411 #ifdef CONFIG_TESTING_OPTIONS 412 os_free(sta->sae_postponed_commit); 413 #endif /* CONFIG_TESTING_OPTIONS */ 414 415 os_free(sta); 416 } 417 418 419 void hostapd_free_stas(struct hostapd_data *hapd) 420 { 421 struct sta_info *sta, *prev; 422 423 sta = hapd->sta_list; 424 425 while (sta) { 426 prev = sta; 427 if (sta->flags & WLAN_STA_AUTH) { 428 mlme_deauthenticate_indication( 429 hapd, sta, WLAN_REASON_UNSPECIFIED); 430 } 431 sta = sta->next; 432 wpa_printf(MSG_DEBUG, "Removing station " MACSTR, 433 MAC2STR(prev->addr)); 434 ap_free_sta(hapd, prev); 435 } 436 } 437 438 439 /** 440 * ap_handle_timer - Per STA timer handler 441 * @eloop_ctx: struct hostapd_data * 442 * @timeout_ctx: struct sta_info * 443 * 444 * This function is called to check station activity and to remove inactive 445 * stations. 446 */ 447 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx) 448 { 449 struct hostapd_data *hapd = eloop_ctx; 450 struct sta_info *sta = timeout_ctx; 451 unsigned long next_time = 0; 452 int reason; 453 454 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d", 455 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags, 456 sta->timeout_next); 457 if (sta->timeout_next == STA_REMOVE) { 458 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 459 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 460 "local deauth request"); 461 ap_free_sta(hapd, sta); 462 return; 463 } 464 465 if ((sta->flags & WLAN_STA_ASSOC) && 466 (sta->timeout_next == STA_NULLFUNC || 467 sta->timeout_next == STA_DISASSOC)) { 468 int inactive_sec; 469 /* 470 * Add random value to timeout so that we don't end up bouncing 471 * all stations at the same time if we have lots of associated 472 * stations that are idle (but keep re-associating). 473 */ 474 int fuzz = os_random() % 20; 475 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr); 476 if (inactive_sec == -1) { 477 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 478 "Check inactivity: Could not " 479 "get station info from kernel driver for " 480 MACSTR, MAC2STR(sta->addr)); 481 /* 482 * The driver may not support this functionality. 483 * Anyway, try again after the next inactivity timeout, 484 * but do not disconnect the station now. 485 */ 486 next_time = hapd->conf->ap_max_inactivity + fuzz; 487 } else if (inactive_sec == -ENOENT) { 488 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 489 "Station " MACSTR " has lost its driver entry", 490 MAC2STR(sta->addr)); 491 492 /* Avoid sending client probe on removed client */ 493 sta->timeout_next = STA_DISASSOC; 494 goto skip_poll; 495 } else if (inactive_sec < hapd->conf->ap_max_inactivity) { 496 /* station activity detected; reset timeout state */ 497 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 498 "Station " MACSTR " has been active %is ago", 499 MAC2STR(sta->addr), inactive_sec); 500 sta->timeout_next = STA_NULLFUNC; 501 next_time = hapd->conf->ap_max_inactivity + fuzz - 502 inactive_sec; 503 } else { 504 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 505 "Station " MACSTR " has been " 506 "inactive too long: %d sec, max allowed: %d", 507 MAC2STR(sta->addr), inactive_sec, 508 hapd->conf->ap_max_inactivity); 509 510 if (hapd->conf->skip_inactivity_poll) 511 sta->timeout_next = STA_DISASSOC; 512 } 513 } 514 515 if ((sta->flags & WLAN_STA_ASSOC) && 516 sta->timeout_next == STA_DISASSOC && 517 !(sta->flags & WLAN_STA_PENDING_POLL) && 518 !hapd->conf->skip_inactivity_poll) { 519 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR 520 " has ACKed data poll", MAC2STR(sta->addr)); 521 /* data nullfunc frame poll did not produce TX errors; assume 522 * station ACKed it */ 523 sta->timeout_next = STA_NULLFUNC; 524 next_time = hapd->conf->ap_max_inactivity; 525 } 526 527 skip_poll: 528 if (next_time) { 529 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 530 "for " MACSTR " (%lu seconds)", 531 __func__, MAC2STR(sta->addr), next_time); 532 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd, 533 sta); 534 return; 535 } 536 537 if (sta->timeout_next == STA_NULLFUNC && 538 (sta->flags & WLAN_STA_ASSOC)) { 539 wpa_printf(MSG_DEBUG, " Polling STA"); 540 sta->flags |= WLAN_STA_PENDING_POLL; 541 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr, 542 sta->flags & WLAN_STA_WMM); 543 } else if (sta->timeout_next != STA_REMOVE) { 544 int deauth = sta->timeout_next == STA_DEAUTH; 545 546 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) { 547 /* Cannot disassociate not-associated STA, so move 548 * directly to deauthentication. */ 549 sta->timeout_next = STA_DEAUTH; 550 deauth = 1; 551 } 552 553 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 554 "Timeout, sending %s info to STA " MACSTR, 555 deauth ? "deauthentication" : "disassociation", 556 MAC2STR(sta->addr)); 557 558 if (deauth) { 559 hostapd_drv_sta_deauth( 560 hapd, sta->addr, 561 WLAN_REASON_PREV_AUTH_NOT_VALID); 562 } else { 563 reason = (sta->timeout_next == STA_DISASSOC) ? 564 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 565 WLAN_REASON_PREV_AUTH_NOT_VALID; 566 567 hostapd_drv_sta_disassoc(hapd, sta->addr, reason); 568 } 569 } 570 571 switch (sta->timeout_next) { 572 case STA_NULLFUNC: 573 sta->timeout_next = STA_DISASSOC; 574 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 575 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)", 576 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY); 577 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer, 578 hapd, sta); 579 break; 580 case STA_DISASSOC: 581 case STA_DISASSOC_FROM_CLI: 582 ap_sta_set_authorized(hapd, sta, 0); 583 sta->flags &= ~WLAN_STA_ASSOC; 584 hostapd_set_sta_flags(hapd, sta); 585 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 586 if (!sta->acct_terminate_cause) 587 sta->acct_terminate_cause = 588 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 589 accounting_sta_stop(hapd, sta); 590 ieee802_1x_free_station(hapd, sta); 591 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 592 HOSTAPD_LEVEL_INFO, "disassociated due to " 593 "inactivity"); 594 reason = (sta->timeout_next == STA_DISASSOC) ? 595 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 596 WLAN_REASON_PREV_AUTH_NOT_VALID; 597 sta->timeout_next = STA_DEAUTH; 598 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 599 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)", 600 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY); 601 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 602 hapd, sta); 603 mlme_disassociate_indication(hapd, sta, reason); 604 break; 605 case STA_DEAUTH: 606 case STA_REMOVE: 607 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 608 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 609 "inactivity (timer DEAUTH/REMOVE)"); 610 if (!sta->acct_terminate_cause) 611 sta->acct_terminate_cause = 612 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 613 mlme_deauthenticate_indication( 614 hapd, sta, 615 WLAN_REASON_PREV_AUTH_NOT_VALID); 616 ap_free_sta(hapd, sta); 617 break; 618 } 619 } 620 621 622 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx) 623 { 624 struct hostapd_data *hapd = eloop_ctx; 625 struct sta_info *sta = timeout_ctx; 626 627 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR, 628 hapd->conf->iface, MAC2STR(sta->addr)); 629 if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC | 630 WLAN_STA_AUTHORIZED))) { 631 if (sta->flags & WLAN_STA_GAS) { 632 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA " 633 "entry " MACSTR, MAC2STR(sta->addr)); 634 ap_free_sta(hapd, sta); 635 } 636 return; 637 } 638 639 hostapd_drv_sta_deauth(hapd, sta->addr, 640 WLAN_REASON_PREV_AUTH_NOT_VALID); 641 mlme_deauthenticate_indication(hapd, sta, 642 WLAN_REASON_PREV_AUTH_NOT_VALID); 643 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 644 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 645 "session timeout"); 646 sta->acct_terminate_cause = 647 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT; 648 ap_free_sta(hapd, sta); 649 } 650 651 652 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta, 653 u32 session_timeout) 654 { 655 if (eloop_replenish_timeout(session_timeout, 0, 656 ap_handle_session_timer, hapd, sta) == 1) { 657 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 658 HOSTAPD_LEVEL_DEBUG, "setting session timeout " 659 "to %d seconds", session_timeout); 660 } 661 } 662 663 664 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta, 665 u32 session_timeout) 666 { 667 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 668 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d " 669 "seconds", session_timeout); 670 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 671 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer, 672 hapd, sta); 673 } 674 675 676 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta) 677 { 678 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 679 } 680 681 682 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx) 683 { 684 #ifdef CONFIG_WNM_AP 685 struct hostapd_data *hapd = eloop_ctx; 686 struct sta_info *sta = timeout_ctx; 687 688 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for " 689 MACSTR, hapd->conf->iface, MAC2STR(sta->addr)); 690 if (sta->hs20_session_info_url == NULL) 691 return; 692 693 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url, 694 sta->hs20_disassoc_timer); 695 #endif /* CONFIG_WNM_AP */ 696 } 697 698 699 void ap_sta_session_warning_timeout(struct hostapd_data *hapd, 700 struct sta_info *sta, int warning_time) 701 { 702 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 703 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer, 704 hapd, sta); 705 } 706 707 708 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr) 709 { 710 struct sta_info *sta; 711 int i; 712 713 sta = ap_get_sta(hapd, addr); 714 if (sta) 715 return sta; 716 717 wpa_printf(MSG_DEBUG, " New STA"); 718 if (hapd->num_sta >= hapd->conf->max_num_sta) { 719 /* FIX: might try to remove some old STAs first? */ 720 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)", 721 hapd->num_sta, hapd->conf->max_num_sta); 722 return NULL; 723 } 724 725 sta = os_zalloc(sizeof(struct sta_info)); 726 if (sta == NULL) { 727 wpa_printf(MSG_ERROR, "malloc failed"); 728 return NULL; 729 } 730 sta->acct_interim_interval = hapd->conf->acct_interim_interval; 731 if (accounting_sta_get_id(hapd, sta) < 0) { 732 os_free(sta); 733 return NULL; 734 } 735 736 for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) { 737 if (!hapd->iface->basic_rates) 738 break; 739 if (hapd->iface->basic_rates[i] < 0) 740 break; 741 sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5; 742 } 743 sta->supported_rates_len = i; 744 745 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) { 746 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 747 "for " MACSTR " (%d seconds - ap_max_inactivity)", 748 __func__, MAC2STR(addr), 749 hapd->conf->ap_max_inactivity); 750 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0, 751 ap_handle_timer, hapd, sta); 752 } 753 754 /* initialize STA info data */ 755 os_memcpy(sta->addr, addr, ETH_ALEN); 756 sta->next = hapd->sta_list; 757 hapd->sta_list = sta; 758 hapd->num_sta++; 759 ap_sta_hash_add(hapd, sta); 760 ap_sta_remove_in_other_bss(hapd, sta); 761 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 762 dl_list_init(&sta->ip6addr); 763 764 #ifdef CONFIG_TAXONOMY 765 sta_track_claim_taxonomy_info(hapd->iface, addr, 766 &sta->probe_ie_taxonomy); 767 #endif /* CONFIG_TAXONOMY */ 768 769 return sta; 770 } 771 772 773 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta) 774 { 775 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 776 777 if (sta->ipaddr) 778 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 779 ap_sta_ip6addr_del(hapd, sta); 780 781 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver", 782 hapd->conf->iface, MAC2STR(sta->addr)); 783 if (hostapd_drv_sta_remove(hapd, sta->addr) && 784 sta->flags & WLAN_STA_ASSOC) { 785 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR 786 " from kernel driver", 787 hapd->conf->iface, MAC2STR(sta->addr)); 788 return -1; 789 } 790 sta->added_unassoc = 0; 791 return 0; 792 } 793 794 795 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 796 struct sta_info *sta) 797 { 798 struct hostapd_iface *iface = hapd->iface; 799 size_t i; 800 801 for (i = 0; i < iface->num_bss; i++) { 802 struct hostapd_data *bss = iface->bss[i]; 803 struct sta_info *sta2; 804 /* bss should always be set during operation, but it may be 805 * NULL during reconfiguration. Assume the STA is not 806 * associated to another BSS in that case to avoid NULL pointer 807 * dereferences. */ 808 if (bss == hapd || bss == NULL) 809 continue; 810 sta2 = ap_get_sta(bss, sta->addr); 811 if (!sta2) 812 continue; 813 814 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR 815 " association from another BSS %s", 816 hapd->conf->iface, MAC2STR(sta2->addr), 817 bss->conf->iface); 818 ap_sta_disconnect(bss, sta2, sta2->addr, 819 WLAN_REASON_PREV_AUTH_NOT_VALID); 820 } 821 } 822 823 824 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx) 825 { 826 struct hostapd_data *hapd = eloop_ctx; 827 struct sta_info *sta = timeout_ctx; 828 829 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR, 830 hapd->conf->iface, MAC2STR(sta->addr)); 831 ap_sta_remove(hapd, sta); 832 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason); 833 } 834 835 836 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta, 837 u16 reason) 838 { 839 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR, 840 hapd->conf->iface, MAC2STR(sta->addr)); 841 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 842 if (hapd->iface->current_mode && 843 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 844 /* Skip deauthentication in DMG/IEEE 802.11ad */ 845 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 846 WLAN_STA_ASSOC_REQ_OK); 847 sta->timeout_next = STA_REMOVE; 848 } else { 849 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 850 sta->timeout_next = STA_DEAUTH; 851 } 852 ap_sta_set_authorized(hapd, sta, 0); 853 hostapd_set_sta_flags(hapd, sta); 854 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 855 "for " MACSTR " (%d seconds - " 856 "AP_MAX_INACTIVITY_AFTER_DISASSOC)", 857 __func__, MAC2STR(sta->addr), 858 AP_MAX_INACTIVITY_AFTER_DISASSOC); 859 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 860 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0, 861 ap_handle_timer, hapd, sta); 862 accounting_sta_stop(hapd, sta); 863 ieee802_1x_free_station(hapd, sta); 864 wpa_auth_sta_deinit(sta->wpa_sm); 865 sta->wpa_sm = NULL; 866 867 sta->disassoc_reason = reason; 868 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 869 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 870 eloop_register_timeout(hapd->iface->drv_flags & 871 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 872 ap_sta_disassoc_cb_timeout, hapd, sta); 873 } 874 875 876 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx) 877 { 878 struct hostapd_data *hapd = eloop_ctx; 879 struct sta_info *sta = timeout_ctx; 880 881 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR, 882 hapd->conf->iface, MAC2STR(sta->addr)); 883 ap_sta_remove(hapd, sta); 884 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason); 885 } 886 887 888 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta, 889 u16 reason) 890 { 891 if (hapd->iface->current_mode && 892 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 893 /* Deauthentication is not used in DMG/IEEE 802.11ad; 894 * disassociate the STA instead. */ 895 ap_sta_disassociate(hapd, sta, reason); 896 return; 897 } 898 899 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR, 900 hapd->conf->iface, MAC2STR(sta->addr)); 901 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 902 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 903 ap_sta_set_authorized(hapd, sta, 0); 904 hostapd_set_sta_flags(hapd, sta); 905 sta->timeout_next = STA_REMOVE; 906 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 907 "for " MACSTR " (%d seconds - " 908 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 909 __func__, MAC2STR(sta->addr), 910 AP_MAX_INACTIVITY_AFTER_DEAUTH); 911 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 912 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 913 ap_handle_timer, hapd, sta); 914 accounting_sta_stop(hapd, sta); 915 ieee802_1x_free_station(hapd, sta); 916 917 sta->deauth_reason = reason; 918 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 919 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 920 eloop_register_timeout(hapd->iface->drv_flags & 921 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 922 ap_sta_deauth_cb_timeout, hapd, sta); 923 } 924 925 926 #ifdef CONFIG_WPS 927 int ap_sta_wps_cancel(struct hostapd_data *hapd, 928 struct sta_info *sta, void *ctx) 929 { 930 if (sta && (sta->flags & WLAN_STA_WPS)) { 931 ap_sta_deauthenticate(hapd, sta, 932 WLAN_REASON_PREV_AUTH_NOT_VALID); 933 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR, 934 __func__, MAC2STR(sta->addr)); 935 return 1; 936 } 937 938 return 0; 939 } 940 #endif /* CONFIG_WPS */ 941 942 943 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd) 944 { 945 struct hostapd_vlan *vlan; 946 int vlan_id = MAX_VLAN_ID + 2; 947 948 retry: 949 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 950 if (vlan->vlan_id == vlan_id) { 951 vlan_id++; 952 goto retry; 953 } 954 } 955 return vlan_id; 956 } 957 958 959 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta, 960 struct vlan_description *vlan_desc) 961 { 962 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL; 963 int old_vlan_id, vlan_id = 0, ret = 0; 964 965 /* Check if there is something to do */ 966 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) { 967 /* This sta is lacking its own vif */ 968 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED && 969 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) { 970 /* sta->vlan_id needs to be reset */ 971 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) { 972 return 0; /* nothing to change */ 973 } 974 975 /* Now the real VLAN changed or the STA just needs its own vif */ 976 if (hapd->conf->ssid.per_sta_vif) { 977 /* Assign a new vif, always */ 978 /* find a free vlan_id sufficiently big */ 979 vlan_id = ap_sta_get_free_vlan_id(hapd); 980 /* Get wildcard VLAN */ 981 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 982 if (vlan->vlan_id == VLAN_ID_WILDCARD) 983 break; 984 } 985 if (!vlan) { 986 hostapd_logger(hapd, sta->addr, 987 HOSTAPD_MODULE_IEEE80211, 988 HOSTAPD_LEVEL_DEBUG, 989 "per_sta_vif missing wildcard"); 990 vlan_id = 0; 991 ret = -1; 992 goto done; 993 } 994 } else if (vlan_desc && vlan_desc->notempty) { 995 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 996 if (!vlan_compare(&vlan->vlan_desc, vlan_desc)) 997 break; 998 if (vlan->vlan_id == VLAN_ID_WILDCARD) 999 wildcard_vlan = vlan; 1000 } 1001 if (vlan) { 1002 vlan_id = vlan->vlan_id; 1003 } else if (wildcard_vlan) { 1004 vlan = wildcard_vlan; 1005 vlan_id = vlan_desc->untagged; 1006 if (vlan_desc->tagged[0]) { 1007 /* Tagged VLAN configuration */ 1008 vlan_id = ap_sta_get_free_vlan_id(hapd); 1009 } 1010 } else { 1011 hostapd_logger(hapd, sta->addr, 1012 HOSTAPD_MODULE_IEEE80211, 1013 HOSTAPD_LEVEL_DEBUG, 1014 "missing vlan and wildcard for vlan=%d%s", 1015 vlan_desc->untagged, 1016 vlan_desc->tagged[0] ? "+" : ""); 1017 vlan_id = 0; 1018 ret = -1; 1019 goto done; 1020 } 1021 } 1022 1023 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) { 1024 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc); 1025 if (vlan == NULL) { 1026 hostapd_logger(hapd, sta->addr, 1027 HOSTAPD_MODULE_IEEE80211, 1028 HOSTAPD_LEVEL_DEBUG, 1029 "could not add dynamic VLAN interface for vlan=%d%s", 1030 vlan_desc ? vlan_desc->untagged : -1, 1031 (vlan_desc && vlan_desc->tagged[0]) ? 1032 "+" : ""); 1033 vlan_id = 0; 1034 ret = -1; 1035 goto done; 1036 } 1037 1038 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1039 HOSTAPD_LEVEL_DEBUG, 1040 "added new dynamic VLAN interface '%s'", 1041 vlan->ifname); 1042 } else if (vlan && vlan->dynamic_vlan > 0) { 1043 vlan->dynamic_vlan++; 1044 hostapd_logger(hapd, sta->addr, 1045 HOSTAPD_MODULE_IEEE80211, 1046 HOSTAPD_LEVEL_DEBUG, 1047 "updated existing dynamic VLAN interface '%s'", 1048 vlan->ifname); 1049 } 1050 done: 1051 old_vlan_id = sta->vlan_id; 1052 sta->vlan_id = vlan_id; 1053 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL; 1054 1055 if (vlan_id != old_vlan_id && old_vlan_id) 1056 vlan_remove_dynamic(hapd, old_vlan_id); 1057 1058 return ret; 1059 } 1060 1061 1062 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta) 1063 { 1064 #ifndef CONFIG_NO_VLAN 1065 const char *iface; 1066 struct hostapd_vlan *vlan = NULL; 1067 int ret; 1068 int old_vlanid = sta->vlan_id_bound; 1069 1070 if ((sta->flags & WLAN_STA_WDS) && sta->vlan_id == 0) { 1071 wpa_printf(MSG_DEBUG, 1072 "Do not override WDS VLAN assignment for STA " 1073 MACSTR, MAC2STR(sta->addr)); 1074 return 0; 1075 } 1076 1077 iface = hapd->conf->iface; 1078 if (hapd->conf->ssid.vlan[0]) 1079 iface = hapd->conf->ssid.vlan; 1080 1081 if (sta->vlan_id > 0) { 1082 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 1083 if (vlan->vlan_id == sta->vlan_id) 1084 break; 1085 } 1086 if (vlan) 1087 iface = vlan->ifname; 1088 } 1089 1090 /* 1091 * Do not increment ref counters if the VLAN ID remains same, but do 1092 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might 1093 * have been called before. 1094 */ 1095 if (sta->vlan_id == old_vlanid) 1096 goto skip_counting; 1097 1098 if (sta->vlan_id > 0 && !vlan && 1099 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) { 1100 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1101 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for " 1102 "binding station to (vlan_id=%d)", 1103 sta->vlan_id); 1104 ret = -1; 1105 goto done; 1106 } else if (vlan && vlan->dynamic_vlan > 0) { 1107 vlan->dynamic_vlan++; 1108 hostapd_logger(hapd, sta->addr, 1109 HOSTAPD_MODULE_IEEE80211, 1110 HOSTAPD_LEVEL_DEBUG, 1111 "updated existing dynamic VLAN interface '%s'", 1112 iface); 1113 } 1114 1115 /* ref counters have been increased, so mark the station */ 1116 sta->vlan_id_bound = sta->vlan_id; 1117 1118 skip_counting: 1119 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1120 HOSTAPD_LEVEL_DEBUG, "binding station to interface " 1121 "'%s'", iface); 1122 1123 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0) 1124 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA"); 1125 1126 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id); 1127 if (ret < 0) { 1128 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1129 HOSTAPD_LEVEL_DEBUG, "could not bind the STA " 1130 "entry to vlan_id=%d", sta->vlan_id); 1131 } 1132 1133 /* During 1x reauth, if the vlan id changes, then remove the old id. */ 1134 if (old_vlanid > 0 && old_vlanid != sta->vlan_id) 1135 vlan_remove_dynamic(hapd, old_vlanid); 1136 done: 1137 1138 return ret; 1139 #else /* CONFIG_NO_VLAN */ 1140 return 0; 1141 #endif /* CONFIG_NO_VLAN */ 1142 } 1143 1144 1145 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta) 1146 { 1147 u32 tu; 1148 struct os_reltime now, passed; 1149 os_get_reltime(&now); 1150 os_reltime_sub(&now, &sta->sa_query_start, &passed); 1151 tu = (passed.sec * 1000000 + passed.usec) / 1024; 1152 if (hapd->conf->assoc_sa_query_max_timeout < tu) { 1153 hostapd_logger(hapd, sta->addr, 1154 HOSTAPD_MODULE_IEEE80211, 1155 HOSTAPD_LEVEL_DEBUG, 1156 "association SA Query timed out"); 1157 sta->sa_query_timed_out = 1; 1158 os_free(sta->sa_query_trans_id); 1159 sta->sa_query_trans_id = NULL; 1160 sta->sa_query_count = 0; 1161 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1162 return 1; 1163 } 1164 1165 return 0; 1166 } 1167 1168 1169 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx) 1170 { 1171 struct hostapd_data *hapd = eloop_ctx; 1172 struct sta_info *sta = timeout_ctx; 1173 unsigned int timeout, sec, usec; 1174 u8 *trans_id, *nbuf; 1175 1176 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR 1177 " (count=%d)", 1178 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count); 1179 1180 if (sta->sa_query_count > 0 && 1181 ap_check_sa_query_timeout(hapd, sta)) 1182 return; 1183 if (sta->sa_query_count >= 1000) 1184 return; 1185 1186 nbuf = os_realloc_array(sta->sa_query_trans_id, 1187 sta->sa_query_count + 1, 1188 WLAN_SA_QUERY_TR_ID_LEN); 1189 if (nbuf == NULL) 1190 return; 1191 if (sta->sa_query_count == 0) { 1192 /* Starting a new SA Query procedure */ 1193 os_get_reltime(&sta->sa_query_start); 1194 } 1195 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN; 1196 sta->sa_query_trans_id = nbuf; 1197 sta->sa_query_count++; 1198 1199 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) { 1200 /* 1201 * We don't really care which ID is used here, so simply 1202 * hardcode this if the mostly theoretical os_get_random() 1203 * failure happens. 1204 */ 1205 trans_id[0] = 0x12; 1206 trans_id[1] = 0x34; 1207 } 1208 1209 timeout = hapd->conf->assoc_sa_query_retry_timeout; 1210 sec = ((timeout / 1000) * 1024) / 1000; 1211 usec = (timeout % 1000) * 1024; 1212 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta); 1213 1214 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1215 HOSTAPD_LEVEL_DEBUG, 1216 "association SA Query attempt %d", sta->sa_query_count); 1217 1218 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id); 1219 } 1220 1221 1222 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1223 { 1224 ap_sa_query_timer(hapd, sta); 1225 } 1226 1227 1228 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1229 { 1230 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1231 os_free(sta->sa_query_trans_id); 1232 sta->sa_query_trans_id = NULL; 1233 sta->sa_query_count = 0; 1234 } 1235 1236 1237 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd, 1238 struct sta_info *sta) 1239 { 1240 struct hostapd_wpa_psk *psk; 1241 struct hostapd_ssid *ssid; 1242 const u8 *pmk; 1243 int pmk_len; 1244 1245 ssid = &hapd->conf->ssid; 1246 1247 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len); 1248 if (!pmk || pmk_len != PMK_LEN) 1249 return NULL; 1250 1251 for (psk = ssid->wpa_psk; psk; psk = psk->next) 1252 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0) 1253 break; 1254 if (!psk) 1255 return NULL; 1256 if (!psk || !psk->keyid[0]) 1257 return NULL; 1258 1259 return psk->keyid; 1260 } 1261 1262 1263 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta, 1264 int authorized) 1265 { 1266 const u8 *dev_addr = NULL; 1267 char buf[100]; 1268 #ifdef CONFIG_P2P 1269 u8 addr[ETH_ALEN]; 1270 u8 ip_addr_buf[4]; 1271 #endif /* CONFIG_P2P */ 1272 1273 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED)) 1274 return; 1275 1276 if (authorized) 1277 sta->flags |= WLAN_STA_AUTHORIZED; 1278 else 1279 sta->flags &= ~WLAN_STA_AUTHORIZED; 1280 1281 #ifdef CONFIG_P2P 1282 if (hapd->p2p_group == NULL) { 1283 if (sta->p2p_ie != NULL && 1284 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0) 1285 dev_addr = addr; 1286 } else 1287 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr); 1288 1289 if (dev_addr) 1290 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR, 1291 MAC2STR(sta->addr), MAC2STR(dev_addr)); 1292 else 1293 #endif /* CONFIG_P2P */ 1294 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr)); 1295 1296 if (hapd->sta_authorized_cb) 1297 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx, 1298 sta->addr, authorized, dev_addr); 1299 1300 if (authorized) { 1301 const char *keyid; 1302 char keyid_buf[100]; 1303 char ip_addr[100]; 1304 1305 keyid_buf[0] = '\0'; 1306 ip_addr[0] = '\0'; 1307 #ifdef CONFIG_P2P 1308 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) { 1309 os_snprintf(ip_addr, sizeof(ip_addr), 1310 " ip_addr=%u.%u.%u.%u", 1311 ip_addr_buf[0], ip_addr_buf[1], 1312 ip_addr_buf[2], ip_addr_buf[3]); 1313 } 1314 #endif /* CONFIG_P2P */ 1315 1316 keyid = ap_sta_wpa_get_keyid(hapd, sta); 1317 if (keyid) { 1318 os_snprintf(keyid_buf, sizeof(keyid_buf), 1319 " keyid=%s", keyid); 1320 } 1321 1322 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s", 1323 buf, ip_addr, keyid_buf); 1324 1325 if (hapd->msg_ctx_parent && 1326 hapd->msg_ctx_parent != hapd->msg_ctx) 1327 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1328 AP_STA_CONNECTED "%s%s%s", 1329 buf, ip_addr, keyid_buf); 1330 } else { 1331 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); 1332 1333 if (hapd->msg_ctx_parent && 1334 hapd->msg_ctx_parent != hapd->msg_ctx) 1335 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1336 AP_STA_DISCONNECTED "%s", buf); 1337 } 1338 1339 #ifdef CONFIG_FST 1340 if (hapd->iface->fst) { 1341 if (authorized) 1342 fst_notify_peer_connected(hapd->iface->fst, sta->addr); 1343 else 1344 fst_notify_peer_disconnected(hapd->iface->fst, 1345 sta->addr); 1346 } 1347 #endif /* CONFIG_FST */ 1348 } 1349 1350 1351 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta, 1352 const u8 *addr, u16 reason) 1353 { 1354 if (sta) 1355 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u", 1356 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1357 reason); 1358 else if (addr) 1359 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u", 1360 hapd->conf->iface, __func__, MAC2STR(addr), 1361 reason); 1362 1363 if (sta == NULL && addr) 1364 sta = ap_get_sta(hapd, addr); 1365 1366 if (addr) 1367 hostapd_drv_sta_deauth(hapd, addr, reason); 1368 1369 if (sta == NULL) 1370 return; 1371 ap_sta_set_authorized(hapd, sta, 0); 1372 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1373 hostapd_set_sta_flags(hapd, sta); 1374 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1375 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1376 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout " 1377 "for " MACSTR " (%d seconds - " 1378 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 1379 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1380 AP_MAX_INACTIVITY_AFTER_DEAUTH); 1381 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1382 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 1383 ap_handle_timer, hapd, sta); 1384 sta->timeout_next = STA_REMOVE; 1385 1386 if (hapd->iface->current_mode && 1387 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 1388 /* Deauthentication is not used in DMG/IEEE 802.11ad; 1389 * disassociate the STA instead. */ 1390 sta->disassoc_reason = reason; 1391 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 1392 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1393 eloop_register_timeout(hapd->iface->drv_flags & 1394 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 1395 2 : 0, 0, ap_sta_disassoc_cb_timeout, 1396 hapd, sta); 1397 return; 1398 } 1399 1400 sta->deauth_reason = reason; 1401 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 1402 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1403 eloop_register_timeout(hapd->iface->drv_flags & 1404 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 1405 ap_sta_deauth_cb_timeout, hapd, sta); 1406 } 1407 1408 1409 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta) 1410 { 1411 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) { 1412 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame"); 1413 return; 1414 } 1415 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB; 1416 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1417 ap_sta_deauth_cb_timeout(hapd, sta); 1418 } 1419 1420 1421 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta) 1422 { 1423 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) { 1424 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame"); 1425 return; 1426 } 1427 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB; 1428 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1429 ap_sta_disassoc_cb_timeout(hapd, sta); 1430 } 1431 1432 1433 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd, 1434 struct sta_info *sta) 1435 { 1436 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0) 1437 wpa_printf(MSG_DEBUG, 1438 "%s: Removed ap_sta_deauth_cb_timeout timeout for " 1439 MACSTR, 1440 hapd->conf->iface, MAC2STR(sta->addr)); 1441 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0) 1442 wpa_printf(MSG_DEBUG, 1443 "%s: Removed ap_sta_disassoc_cb_timeout timeout for " 1444 MACSTR, 1445 hapd->conf->iface, MAC2STR(sta->addr)); 1446 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0) 1447 { 1448 wpa_printf(MSG_DEBUG, 1449 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for " 1450 MACSTR, 1451 hapd->conf->iface, MAC2STR(sta->addr)); 1452 if (sta->flags & WLAN_STA_WPS) 1453 hostapd_wps_eap_completed(hapd); 1454 } 1455 } 1456 1457 1458 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen) 1459 { 1460 int res; 1461 1462 buf[0] = '\0'; 1463 res = os_snprintf(buf, buflen, 1464 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 1465 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""), 1466 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""), 1467 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""), 1468 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" : 1469 ""), 1470 (flags & WLAN_STA_SHORT_PREAMBLE ? 1471 "[SHORT_PREAMBLE]" : ""), 1472 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""), 1473 (flags & WLAN_STA_WMM ? "[WMM]" : ""), 1474 (flags & WLAN_STA_MFP ? "[MFP]" : ""), 1475 (flags & WLAN_STA_WPS ? "[WPS]" : ""), 1476 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""), 1477 (flags & WLAN_STA_WDS ? "[WDS]" : ""), 1478 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""), 1479 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""), 1480 (flags & WLAN_STA_GAS ? "[GAS]" : ""), 1481 (flags & WLAN_STA_HT ? "[HT]" : ""), 1482 (flags & WLAN_STA_VHT ? "[VHT]" : ""), 1483 (flags & WLAN_STA_HE ? "[HE]" : ""), 1484 (flags & WLAN_STA_6GHZ ? "[6GHZ]" : ""), 1485 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""), 1486 (flags & WLAN_STA_WNM_SLEEP_MODE ? 1487 "[WNM_SLEEP_MODE]" : "")); 1488 if (os_snprintf_error(buflen, res)) 1489 res = -1; 1490 1491 return res; 1492 } 1493 1494 1495 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx) 1496 { 1497 struct hostapd_data *hapd = eloop_ctx; 1498 struct sta_info *sta = timeout_ctx; 1499 u16 reason; 1500 1501 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1502 "IEEE 802.1X: Scheduled disconnection of " MACSTR 1503 " after EAP-Failure", MAC2STR(sta->addr)); 1504 1505 reason = sta->disconnect_reason_code; 1506 if (!reason) 1507 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED; 1508 ap_sta_disconnect(hapd, sta, sta->addr, reason); 1509 if (sta->flags & WLAN_STA_WPS) 1510 hostapd_wps_eap_completed(hapd); 1511 } 1512 1513 1514 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1515 struct sta_info *sta) 1516 { 1517 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1518 "IEEE 802.1X: Force disconnection of " MACSTR 1519 " after EAP-Failure in 10 ms", MAC2STR(sta->addr)); 1520 1521 /* 1522 * Add a small sleep to increase likelihood of previously requested 1523 * EAP-Failure TX getting out before this should the driver reorder 1524 * operations. 1525 */ 1526 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta); 1527 eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb, 1528 hapd, sta); 1529 } 1530 1531 1532 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1533 struct sta_info *sta) 1534 { 1535 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb, 1536 hapd, sta); 1537 } 1538 1539 1540 int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta) 1541 { 1542 /* 1543 * If a station that is already associated to the AP, is trying to 1544 * authenticate again, remove the STA entry, in order to make sure the 1545 * STA PS state gets cleared and configuration gets updated. To handle 1546 * this, station's added_unassoc flag is cleared once the station has 1547 * completed association. 1548 */ 1549 ap_sta_set_authorized(hapd, sta, 0); 1550 hostapd_drv_sta_remove(hapd, sta->addr); 1551 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED); 1552 1553 if (hostapd_sta_add(hapd, sta->addr, 0, 0, 1554 sta->supported_rates, 1555 sta->supported_rates_len, 1556 0, NULL, NULL, NULL, 0, NULL, 1557 sta->flags, 0, 0, 0, 0)) { 1558 hostapd_logger(hapd, sta->addr, 1559 HOSTAPD_MODULE_IEEE80211, 1560 HOSTAPD_LEVEL_NOTICE, 1561 "Could not add STA to kernel driver"); 1562 return -1; 1563 } 1564 1565 sta->added_unassoc = 1; 1566 return 0; 1567 } 1568