1 /* 2 * hostapd / Station table 3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "common/sae.h" 16 #include "common/dpp.h" 17 #include "radius/radius.h" 18 #include "radius/radius_client.h" 19 #include "p2p/p2p.h" 20 #include "fst/fst.h" 21 #include "crypto/crypto.h" 22 #include "hostapd.h" 23 #include "accounting.h" 24 #include "ieee802_1x.h" 25 #include "ieee802_11.h" 26 #include "ieee802_11_auth.h" 27 #include "wpa_auth.h" 28 #include "preauth_auth.h" 29 #include "ap_config.h" 30 #include "beacon.h" 31 #include "ap_mlme.h" 32 #include "vlan_init.h" 33 #include "p2p_hostapd.h" 34 #include "ap_drv_ops.h" 35 #include "gas_serv.h" 36 #include "wnm_ap.h" 37 #include "mbo_ap.h" 38 #include "ndisc_snoop.h" 39 #include "sta_info.h" 40 #include "vlan.h" 41 #include "wps_hostapd.h" 42 43 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 44 struct sta_info *sta); 45 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx); 46 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx); 47 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx); 48 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx); 49 #ifdef CONFIG_IEEE80211W 50 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx); 51 #endif /* CONFIG_IEEE80211W */ 52 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta); 53 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx); 54 55 int ap_for_each_sta(struct hostapd_data *hapd, 56 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta, 57 void *ctx), 58 void *ctx) 59 { 60 struct sta_info *sta; 61 62 for (sta = hapd->sta_list; sta; sta = sta->next) { 63 if (cb(hapd, sta, ctx)) 64 return 1; 65 } 66 67 return 0; 68 } 69 70 71 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta) 72 { 73 struct sta_info *s; 74 75 s = hapd->sta_hash[STA_HASH(sta)]; 76 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0) 77 s = s->hnext; 78 return s; 79 } 80 81 82 #ifdef CONFIG_P2P 83 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr) 84 { 85 struct sta_info *sta; 86 87 for (sta = hapd->sta_list; sta; sta = sta->next) { 88 const u8 *p2p_dev_addr; 89 90 if (sta->p2p_ie == NULL) 91 continue; 92 93 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 94 if (p2p_dev_addr == NULL) 95 continue; 96 97 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0) 98 return sta; 99 } 100 101 return NULL; 102 } 103 #endif /* CONFIG_P2P */ 104 105 106 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta) 107 { 108 struct sta_info *tmp; 109 110 if (hapd->sta_list == sta) { 111 hapd->sta_list = sta->next; 112 return; 113 } 114 115 tmp = hapd->sta_list; 116 while (tmp != NULL && tmp->next != sta) 117 tmp = tmp->next; 118 if (tmp == NULL) { 119 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from " 120 "list.", MAC2STR(sta->addr)); 121 } else 122 tmp->next = sta->next; 123 } 124 125 126 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta) 127 { 128 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)]; 129 hapd->sta_hash[STA_HASH(sta->addr)] = sta; 130 } 131 132 133 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta) 134 { 135 struct sta_info *s; 136 137 s = hapd->sta_hash[STA_HASH(sta->addr)]; 138 if (s == NULL) return; 139 if (os_memcmp(s->addr, sta->addr, 6) == 0) { 140 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext; 141 return; 142 } 143 144 while (s->hnext != NULL && 145 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0) 146 s = s->hnext; 147 if (s->hnext != NULL) 148 s->hnext = s->hnext->hnext; 149 else 150 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR 151 " from hash table", MAC2STR(sta->addr)); 152 } 153 154 155 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta) 156 { 157 sta_ip6addr_del(hapd, sta); 158 } 159 160 161 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) 162 { 163 int set_beacon = 0; 164 165 accounting_sta_stop(hapd, sta); 166 167 /* just in case */ 168 ap_sta_set_authorized(hapd, sta, 0); 169 170 if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP)) 171 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0); 172 173 if (sta->ipaddr) 174 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 175 ap_sta_ip6addr_del(hapd, sta); 176 177 if (!hapd->iface->driver_ap_teardown && 178 !(sta->flags & WLAN_STA_PREAUTH)) { 179 hostapd_drv_sta_remove(hapd, sta->addr); 180 sta->added_unassoc = 0; 181 } 182 183 ap_sta_hash_del(hapd, sta); 184 ap_sta_list_del(hapd, sta); 185 186 if (sta->aid > 0) 187 hapd->sta_aid[(sta->aid - 1) / 32] &= 188 ~BIT((sta->aid - 1) % 32); 189 190 hapd->num_sta--; 191 if (sta->nonerp_set) { 192 sta->nonerp_set = 0; 193 hapd->iface->num_sta_non_erp--; 194 if (hapd->iface->num_sta_non_erp == 0) 195 set_beacon++; 196 } 197 198 if (sta->no_short_slot_time_set) { 199 sta->no_short_slot_time_set = 0; 200 hapd->iface->num_sta_no_short_slot_time--; 201 if (hapd->iface->current_mode && 202 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 203 && hapd->iface->num_sta_no_short_slot_time == 0) 204 set_beacon++; 205 } 206 207 if (sta->no_short_preamble_set) { 208 sta->no_short_preamble_set = 0; 209 hapd->iface->num_sta_no_short_preamble--; 210 if (hapd->iface->current_mode && 211 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 212 && hapd->iface->num_sta_no_short_preamble == 0) 213 set_beacon++; 214 } 215 216 if (sta->no_ht_gf_set) { 217 sta->no_ht_gf_set = 0; 218 hapd->iface->num_sta_ht_no_gf--; 219 } 220 221 if (sta->no_ht_set) { 222 sta->no_ht_set = 0; 223 hapd->iface->num_sta_no_ht--; 224 } 225 226 if (sta->ht_20mhz_set) { 227 sta->ht_20mhz_set = 0; 228 hapd->iface->num_sta_ht_20mhz--; 229 } 230 231 #ifdef CONFIG_TAXONOMY 232 wpabuf_free(sta->probe_ie_taxonomy); 233 sta->probe_ie_taxonomy = NULL; 234 wpabuf_free(sta->assoc_ie_taxonomy); 235 sta->assoc_ie_taxonomy = NULL; 236 #endif /* CONFIG_TAXONOMY */ 237 238 #ifdef CONFIG_IEEE80211N 239 ht40_intolerant_remove(hapd->iface, sta); 240 #endif /* CONFIG_IEEE80211N */ 241 242 #ifdef CONFIG_P2P 243 if (sta->no_p2p_set) { 244 sta->no_p2p_set = 0; 245 hapd->num_sta_no_p2p--; 246 if (hapd->num_sta_no_p2p == 0) 247 hostapd_p2p_non_p2p_sta_disconnected(hapd); 248 } 249 #endif /* CONFIG_P2P */ 250 251 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N) 252 if (hostapd_ht_operation_update(hapd->iface) > 0) 253 set_beacon++; 254 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */ 255 256 #ifdef CONFIG_MESH 257 if (hapd->mesh_sta_free_cb) 258 hapd->mesh_sta_free_cb(hapd, sta); 259 #endif /* CONFIG_MESH */ 260 261 if (set_beacon) 262 ieee802_11_set_beacons(hapd->iface); 263 264 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR, 265 __func__, MAC2STR(sta->addr)); 266 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 267 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 268 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 269 ap_sta_clear_disconnect_timeouts(hapd, sta); 270 sae_clear_retransmit_timer(hapd, sta); 271 272 ieee802_1x_free_station(hapd, sta); 273 wpa_auth_sta_deinit(sta->wpa_sm); 274 rsn_preauth_free_station(hapd, sta); 275 #ifndef CONFIG_NO_RADIUS 276 if (hapd->radius) 277 radius_client_flush_auth(hapd->radius, sta->addr); 278 #endif /* CONFIG_NO_RADIUS */ 279 280 #ifndef CONFIG_NO_VLAN 281 /* 282 * sta->wpa_sm->group needs to be released before so that 283 * vlan_remove_dynamic() can check that no stations are left on the 284 * AP_VLAN netdev. 285 */ 286 if (sta->vlan_id) 287 vlan_remove_dynamic(hapd, sta->vlan_id); 288 if (sta->vlan_id_bound) { 289 /* 290 * Need to remove the STA entry before potentially removing the 291 * VLAN. 292 */ 293 if (hapd->iface->driver_ap_teardown && 294 !(sta->flags & WLAN_STA_PREAUTH)) { 295 hostapd_drv_sta_remove(hapd, sta->addr); 296 sta->added_unassoc = 0; 297 } 298 vlan_remove_dynamic(hapd, sta->vlan_id_bound); 299 } 300 #endif /* CONFIG_NO_VLAN */ 301 302 os_free(sta->challenge); 303 304 #ifdef CONFIG_IEEE80211W 305 os_free(sta->sa_query_trans_id); 306 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 307 #endif /* CONFIG_IEEE80211W */ 308 309 #ifdef CONFIG_P2P 310 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr); 311 #endif /* CONFIG_P2P */ 312 313 #ifdef CONFIG_INTERWORKING 314 if (sta->gas_dialog) { 315 int i; 316 for (i = 0; i < GAS_DIALOG_MAX; i++) 317 gas_serv_dialog_clear(&sta->gas_dialog[i]); 318 os_free(sta->gas_dialog); 319 } 320 #endif /* CONFIG_INTERWORKING */ 321 322 wpabuf_free(sta->wps_ie); 323 wpabuf_free(sta->p2p_ie); 324 wpabuf_free(sta->hs20_ie); 325 wpabuf_free(sta->roaming_consortium); 326 #ifdef CONFIG_FST 327 wpabuf_free(sta->mb_ies); 328 #endif /* CONFIG_FST */ 329 330 os_free(sta->ht_capabilities); 331 os_free(sta->vht_capabilities); 332 os_free(sta->vht_operation); 333 hostapd_free_psk_list(sta->psk); 334 os_free(sta->identity); 335 os_free(sta->radius_cui); 336 os_free(sta->remediation_url); 337 os_free(sta->t_c_url); 338 wpabuf_free(sta->hs20_deauth_req); 339 os_free(sta->hs20_session_info_url); 340 341 #ifdef CONFIG_SAE 342 sae_clear_data(sta->sae); 343 os_free(sta->sae); 344 #endif /* CONFIG_SAE */ 345 346 mbo_ap_sta_free(sta); 347 os_free(sta->supp_op_classes); 348 349 #ifdef CONFIG_FILS 350 os_free(sta->fils_pending_assoc_req); 351 wpabuf_free(sta->fils_hlp_resp); 352 wpabuf_free(sta->hlp_dhcp_discover); 353 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta); 354 #ifdef CONFIG_FILS_SK_PFS 355 crypto_ecdh_deinit(sta->fils_ecdh); 356 wpabuf_clear_free(sta->fils_dh_ss); 357 wpabuf_free(sta->fils_g_sta); 358 #endif /* CONFIG_FILS_SK_PFS */ 359 #endif /* CONFIG_FILS */ 360 361 #ifdef CONFIG_OWE 362 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len); 363 crypto_ecdh_deinit(sta->owe_ecdh); 364 #endif /* CONFIG_OWE */ 365 366 #ifdef CONFIG_DPP2 367 dpp_pfs_free(sta->dpp_pfs); 368 sta->dpp_pfs = NULL; 369 #endif /* CONFIG_DPP2 */ 370 371 os_free(sta->ext_capability); 372 373 #ifdef CONFIG_WNM_AP 374 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta); 375 #endif /* CONFIG_WNM_AP */ 376 377 os_free(sta->ifname_wds); 378 379 os_free(sta); 380 } 381 382 383 void hostapd_free_stas(struct hostapd_data *hapd) 384 { 385 struct sta_info *sta, *prev; 386 387 sta = hapd->sta_list; 388 389 while (sta) { 390 prev = sta; 391 if (sta->flags & WLAN_STA_AUTH) { 392 mlme_deauthenticate_indication( 393 hapd, sta, WLAN_REASON_UNSPECIFIED); 394 } 395 sta = sta->next; 396 wpa_printf(MSG_DEBUG, "Removing station " MACSTR, 397 MAC2STR(prev->addr)); 398 ap_free_sta(hapd, prev); 399 } 400 } 401 402 403 /** 404 * ap_handle_timer - Per STA timer handler 405 * @eloop_ctx: struct hostapd_data * 406 * @timeout_ctx: struct sta_info * 407 * 408 * This function is called to check station activity and to remove inactive 409 * stations. 410 */ 411 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx) 412 { 413 struct hostapd_data *hapd = eloop_ctx; 414 struct sta_info *sta = timeout_ctx; 415 unsigned long next_time = 0; 416 int reason; 417 418 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d", 419 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags, 420 sta->timeout_next); 421 if (sta->timeout_next == STA_REMOVE) { 422 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 423 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 424 "local deauth request"); 425 ap_free_sta(hapd, sta); 426 return; 427 } 428 429 if ((sta->flags & WLAN_STA_ASSOC) && 430 (sta->timeout_next == STA_NULLFUNC || 431 sta->timeout_next == STA_DISASSOC)) { 432 int inactive_sec; 433 /* 434 * Add random value to timeout so that we don't end up bouncing 435 * all stations at the same time if we have lots of associated 436 * stations that are idle (but keep re-associating). 437 */ 438 int fuzz = os_random() % 20; 439 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr); 440 if (inactive_sec == -1) { 441 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 442 "Check inactivity: Could not " 443 "get station info from kernel driver for " 444 MACSTR, MAC2STR(sta->addr)); 445 /* 446 * The driver may not support this functionality. 447 * Anyway, try again after the next inactivity timeout, 448 * but do not disconnect the station now. 449 */ 450 next_time = hapd->conf->ap_max_inactivity + fuzz; 451 } else if (inactive_sec == -ENOENT) { 452 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 453 "Station " MACSTR " has lost its driver entry", 454 MAC2STR(sta->addr)); 455 456 /* Avoid sending client probe on removed client */ 457 sta->timeout_next = STA_DISASSOC; 458 goto skip_poll; 459 } else if (inactive_sec < hapd->conf->ap_max_inactivity) { 460 /* station activity detected; reset timeout state */ 461 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 462 "Station " MACSTR " has been active %is ago", 463 MAC2STR(sta->addr), inactive_sec); 464 sta->timeout_next = STA_NULLFUNC; 465 next_time = hapd->conf->ap_max_inactivity + fuzz - 466 inactive_sec; 467 } else { 468 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 469 "Station " MACSTR " has been " 470 "inactive too long: %d sec, max allowed: %d", 471 MAC2STR(sta->addr), inactive_sec, 472 hapd->conf->ap_max_inactivity); 473 474 if (hapd->conf->skip_inactivity_poll) 475 sta->timeout_next = STA_DISASSOC; 476 } 477 } 478 479 if ((sta->flags & WLAN_STA_ASSOC) && 480 sta->timeout_next == STA_DISASSOC && 481 !(sta->flags & WLAN_STA_PENDING_POLL) && 482 !hapd->conf->skip_inactivity_poll) { 483 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR 484 " has ACKed data poll", MAC2STR(sta->addr)); 485 /* data nullfunc frame poll did not produce TX errors; assume 486 * station ACKed it */ 487 sta->timeout_next = STA_NULLFUNC; 488 next_time = hapd->conf->ap_max_inactivity; 489 } 490 491 skip_poll: 492 if (next_time) { 493 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 494 "for " MACSTR " (%lu seconds)", 495 __func__, MAC2STR(sta->addr), next_time); 496 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd, 497 sta); 498 return; 499 } 500 501 if (sta->timeout_next == STA_NULLFUNC && 502 (sta->flags & WLAN_STA_ASSOC)) { 503 wpa_printf(MSG_DEBUG, " Polling STA"); 504 sta->flags |= WLAN_STA_PENDING_POLL; 505 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr, 506 sta->flags & WLAN_STA_WMM); 507 } else if (sta->timeout_next != STA_REMOVE) { 508 int deauth = sta->timeout_next == STA_DEAUTH; 509 510 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) { 511 /* Cannot disassociate not-associated STA, so move 512 * directly to deauthentication. */ 513 sta->timeout_next = STA_DEAUTH; 514 deauth = 1; 515 } 516 517 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 518 "Timeout, sending %s info to STA " MACSTR, 519 deauth ? "deauthentication" : "disassociation", 520 MAC2STR(sta->addr)); 521 522 if (deauth) { 523 hostapd_drv_sta_deauth( 524 hapd, sta->addr, 525 WLAN_REASON_PREV_AUTH_NOT_VALID); 526 } else { 527 reason = (sta->timeout_next == STA_DISASSOC) ? 528 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 529 WLAN_REASON_PREV_AUTH_NOT_VALID; 530 531 hostapd_drv_sta_disassoc(hapd, sta->addr, reason); 532 } 533 } 534 535 switch (sta->timeout_next) { 536 case STA_NULLFUNC: 537 sta->timeout_next = STA_DISASSOC; 538 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 539 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)", 540 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY); 541 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer, 542 hapd, sta); 543 break; 544 case STA_DISASSOC: 545 case STA_DISASSOC_FROM_CLI: 546 ap_sta_set_authorized(hapd, sta, 0); 547 sta->flags &= ~WLAN_STA_ASSOC; 548 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 549 if (!sta->acct_terminate_cause) 550 sta->acct_terminate_cause = 551 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 552 accounting_sta_stop(hapd, sta); 553 ieee802_1x_free_station(hapd, sta); 554 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 555 HOSTAPD_LEVEL_INFO, "disassociated due to " 556 "inactivity"); 557 reason = (sta->timeout_next == STA_DISASSOC) ? 558 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 559 WLAN_REASON_PREV_AUTH_NOT_VALID; 560 sta->timeout_next = STA_DEAUTH; 561 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 562 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)", 563 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY); 564 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 565 hapd, sta); 566 mlme_disassociate_indication(hapd, sta, reason); 567 break; 568 case STA_DEAUTH: 569 case STA_REMOVE: 570 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 571 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 572 "inactivity (timer DEAUTH/REMOVE)"); 573 if (!sta->acct_terminate_cause) 574 sta->acct_terminate_cause = 575 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 576 mlme_deauthenticate_indication( 577 hapd, sta, 578 WLAN_REASON_PREV_AUTH_NOT_VALID); 579 ap_free_sta(hapd, sta); 580 break; 581 } 582 } 583 584 585 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx) 586 { 587 struct hostapd_data *hapd = eloop_ctx; 588 struct sta_info *sta = timeout_ctx; 589 590 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR, 591 hapd->conf->iface, MAC2STR(sta->addr)); 592 if (!(sta->flags & WLAN_STA_AUTH)) { 593 if (sta->flags & WLAN_STA_GAS) { 594 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA " 595 "entry " MACSTR, MAC2STR(sta->addr)); 596 ap_free_sta(hapd, sta); 597 } 598 return; 599 } 600 601 hostapd_drv_sta_deauth(hapd, sta->addr, 602 WLAN_REASON_PREV_AUTH_NOT_VALID); 603 mlme_deauthenticate_indication(hapd, sta, 604 WLAN_REASON_PREV_AUTH_NOT_VALID); 605 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 606 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 607 "session timeout"); 608 sta->acct_terminate_cause = 609 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT; 610 ap_free_sta(hapd, sta); 611 } 612 613 614 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta, 615 u32 session_timeout) 616 { 617 if (eloop_replenish_timeout(session_timeout, 0, 618 ap_handle_session_timer, hapd, sta) == 1) { 619 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 620 HOSTAPD_LEVEL_DEBUG, "setting session timeout " 621 "to %d seconds", session_timeout); 622 } 623 } 624 625 626 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta, 627 u32 session_timeout) 628 { 629 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 630 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d " 631 "seconds", session_timeout); 632 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 633 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer, 634 hapd, sta); 635 } 636 637 638 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta) 639 { 640 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 641 } 642 643 644 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx) 645 { 646 #ifdef CONFIG_WNM_AP 647 struct hostapd_data *hapd = eloop_ctx; 648 struct sta_info *sta = timeout_ctx; 649 650 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for " 651 MACSTR, hapd->conf->iface, MAC2STR(sta->addr)); 652 if (sta->hs20_session_info_url == NULL) 653 return; 654 655 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url, 656 sta->hs20_disassoc_timer); 657 #endif /* CONFIG_WNM_AP */ 658 } 659 660 661 void ap_sta_session_warning_timeout(struct hostapd_data *hapd, 662 struct sta_info *sta, int warning_time) 663 { 664 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 665 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer, 666 hapd, sta); 667 } 668 669 670 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr) 671 { 672 struct sta_info *sta; 673 674 sta = ap_get_sta(hapd, addr); 675 if (sta) 676 return sta; 677 678 wpa_printf(MSG_DEBUG, " New STA"); 679 if (hapd->num_sta >= hapd->conf->max_num_sta) { 680 /* FIX: might try to remove some old STAs first? */ 681 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)", 682 hapd->num_sta, hapd->conf->max_num_sta); 683 return NULL; 684 } 685 686 sta = os_zalloc(sizeof(struct sta_info)); 687 if (sta == NULL) { 688 wpa_printf(MSG_ERROR, "malloc failed"); 689 return NULL; 690 } 691 sta->acct_interim_interval = hapd->conf->acct_interim_interval; 692 if (accounting_sta_get_id(hapd, sta) < 0) { 693 os_free(sta); 694 return NULL; 695 } 696 697 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) { 698 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 699 "for " MACSTR " (%d seconds - ap_max_inactivity)", 700 __func__, MAC2STR(addr), 701 hapd->conf->ap_max_inactivity); 702 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0, 703 ap_handle_timer, hapd, sta); 704 } 705 706 /* initialize STA info data */ 707 os_memcpy(sta->addr, addr, ETH_ALEN); 708 sta->next = hapd->sta_list; 709 hapd->sta_list = sta; 710 hapd->num_sta++; 711 ap_sta_hash_add(hapd, sta); 712 ap_sta_remove_in_other_bss(hapd, sta); 713 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 714 dl_list_init(&sta->ip6addr); 715 716 #ifdef CONFIG_TAXONOMY 717 sta_track_claim_taxonomy_info(hapd->iface, addr, 718 &sta->probe_ie_taxonomy); 719 #endif /* CONFIG_TAXONOMY */ 720 721 return sta; 722 } 723 724 725 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta) 726 { 727 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 728 729 if (sta->ipaddr) 730 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 731 ap_sta_ip6addr_del(hapd, sta); 732 733 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver", 734 hapd->conf->iface, MAC2STR(sta->addr)); 735 if (hostapd_drv_sta_remove(hapd, sta->addr) && 736 sta->flags & WLAN_STA_ASSOC) { 737 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR 738 " from kernel driver", 739 hapd->conf->iface, MAC2STR(sta->addr)); 740 return -1; 741 } 742 sta->added_unassoc = 0; 743 return 0; 744 } 745 746 747 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 748 struct sta_info *sta) 749 { 750 struct hostapd_iface *iface = hapd->iface; 751 size_t i; 752 753 for (i = 0; i < iface->num_bss; i++) { 754 struct hostapd_data *bss = iface->bss[i]; 755 struct sta_info *sta2; 756 /* bss should always be set during operation, but it may be 757 * NULL during reconfiguration. Assume the STA is not 758 * associated to another BSS in that case to avoid NULL pointer 759 * dereferences. */ 760 if (bss == hapd || bss == NULL) 761 continue; 762 sta2 = ap_get_sta(bss, sta->addr); 763 if (!sta2) 764 continue; 765 766 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR 767 " association from another BSS %s", 768 hapd->conf->iface, MAC2STR(sta2->addr), 769 bss->conf->iface); 770 ap_sta_disconnect(bss, sta2, sta2->addr, 771 WLAN_REASON_PREV_AUTH_NOT_VALID); 772 } 773 } 774 775 776 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx) 777 { 778 struct hostapd_data *hapd = eloop_ctx; 779 struct sta_info *sta = timeout_ctx; 780 781 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR, 782 hapd->conf->iface, MAC2STR(sta->addr)); 783 ap_sta_remove(hapd, sta); 784 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason); 785 } 786 787 788 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta, 789 u16 reason) 790 { 791 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR, 792 hapd->conf->iface, MAC2STR(sta->addr)); 793 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 794 if (hapd->iface->current_mode && 795 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 796 /* Skip deauthentication in DMG/IEEE 802.11ad */ 797 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 798 WLAN_STA_ASSOC_REQ_OK); 799 sta->timeout_next = STA_REMOVE; 800 } else { 801 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 802 sta->timeout_next = STA_DEAUTH; 803 } 804 ap_sta_set_authorized(hapd, sta, 0); 805 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 806 "for " MACSTR " (%d seconds - " 807 "AP_MAX_INACTIVITY_AFTER_DISASSOC)", 808 __func__, MAC2STR(sta->addr), 809 AP_MAX_INACTIVITY_AFTER_DISASSOC); 810 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 811 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0, 812 ap_handle_timer, hapd, sta); 813 accounting_sta_stop(hapd, sta); 814 ieee802_1x_free_station(hapd, sta); 815 wpa_auth_sta_deinit(sta->wpa_sm); 816 sta->wpa_sm = NULL; 817 818 sta->disassoc_reason = reason; 819 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 820 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 821 eloop_register_timeout(hapd->iface->drv_flags & 822 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 823 ap_sta_disassoc_cb_timeout, hapd, sta); 824 } 825 826 827 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx) 828 { 829 struct hostapd_data *hapd = eloop_ctx; 830 struct sta_info *sta = timeout_ctx; 831 832 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR, 833 hapd->conf->iface, MAC2STR(sta->addr)); 834 ap_sta_remove(hapd, sta); 835 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason); 836 } 837 838 839 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta, 840 u16 reason) 841 { 842 if (hapd->iface->current_mode && 843 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 844 /* Deauthentication is not used in DMG/IEEE 802.11ad; 845 * disassociate the STA instead. */ 846 ap_sta_disassociate(hapd, sta, reason); 847 return; 848 } 849 850 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR, 851 hapd->conf->iface, MAC2STR(sta->addr)); 852 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 853 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 854 ap_sta_set_authorized(hapd, sta, 0); 855 sta->timeout_next = STA_REMOVE; 856 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 857 "for " MACSTR " (%d seconds - " 858 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 859 __func__, MAC2STR(sta->addr), 860 AP_MAX_INACTIVITY_AFTER_DEAUTH); 861 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 862 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 863 ap_handle_timer, hapd, sta); 864 accounting_sta_stop(hapd, sta); 865 ieee802_1x_free_station(hapd, sta); 866 867 sta->deauth_reason = reason; 868 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 869 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 870 eloop_register_timeout(hapd->iface->drv_flags & 871 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 872 ap_sta_deauth_cb_timeout, hapd, sta); 873 } 874 875 876 #ifdef CONFIG_WPS 877 int ap_sta_wps_cancel(struct hostapd_data *hapd, 878 struct sta_info *sta, void *ctx) 879 { 880 if (sta && (sta->flags & WLAN_STA_WPS)) { 881 ap_sta_deauthenticate(hapd, sta, 882 WLAN_REASON_PREV_AUTH_NOT_VALID); 883 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR, 884 __func__, MAC2STR(sta->addr)); 885 return 1; 886 } 887 888 return 0; 889 } 890 #endif /* CONFIG_WPS */ 891 892 893 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd) 894 { 895 struct hostapd_vlan *vlan; 896 int vlan_id = MAX_VLAN_ID + 2; 897 898 retry: 899 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 900 if (vlan->vlan_id == vlan_id) { 901 vlan_id++; 902 goto retry; 903 } 904 } 905 return vlan_id; 906 } 907 908 909 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta, 910 struct vlan_description *vlan_desc) 911 { 912 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL; 913 int old_vlan_id, vlan_id = 0, ret = 0; 914 915 /* Check if there is something to do */ 916 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) { 917 /* This sta is lacking its own vif */ 918 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED && 919 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) { 920 /* sta->vlan_id needs to be reset */ 921 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) { 922 return 0; /* nothing to change */ 923 } 924 925 /* Now the real VLAN changed or the STA just needs its own vif */ 926 if (hapd->conf->ssid.per_sta_vif) { 927 /* Assign a new vif, always */ 928 /* find a free vlan_id sufficiently big */ 929 vlan_id = ap_sta_get_free_vlan_id(hapd); 930 /* Get wildcard VLAN */ 931 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 932 if (vlan->vlan_id == VLAN_ID_WILDCARD) 933 break; 934 } 935 if (!vlan) { 936 hostapd_logger(hapd, sta->addr, 937 HOSTAPD_MODULE_IEEE80211, 938 HOSTAPD_LEVEL_DEBUG, 939 "per_sta_vif missing wildcard"); 940 vlan_id = 0; 941 ret = -1; 942 goto done; 943 } 944 } else if (vlan_desc && vlan_desc->notempty) { 945 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 946 if (!vlan_compare(&vlan->vlan_desc, vlan_desc)) 947 break; 948 if (vlan->vlan_id == VLAN_ID_WILDCARD) 949 wildcard_vlan = vlan; 950 } 951 if (vlan) { 952 vlan_id = vlan->vlan_id; 953 } else if (wildcard_vlan) { 954 vlan = wildcard_vlan; 955 vlan_id = vlan_desc->untagged; 956 if (vlan_desc->tagged[0]) { 957 /* Tagged VLAN configuration */ 958 vlan_id = ap_sta_get_free_vlan_id(hapd); 959 } 960 } else { 961 hostapd_logger(hapd, sta->addr, 962 HOSTAPD_MODULE_IEEE80211, 963 HOSTAPD_LEVEL_DEBUG, 964 "missing vlan and wildcard for vlan=%d%s", 965 vlan_desc->untagged, 966 vlan_desc->tagged[0] ? "+" : ""); 967 vlan_id = 0; 968 ret = -1; 969 goto done; 970 } 971 } 972 973 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) { 974 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc); 975 if (vlan == NULL) { 976 hostapd_logger(hapd, sta->addr, 977 HOSTAPD_MODULE_IEEE80211, 978 HOSTAPD_LEVEL_DEBUG, 979 "could not add dynamic VLAN interface for vlan=%d%s", 980 vlan_desc ? vlan_desc->untagged : -1, 981 (vlan_desc && vlan_desc->tagged[0]) ? 982 "+" : ""); 983 vlan_id = 0; 984 ret = -1; 985 goto done; 986 } 987 988 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 989 HOSTAPD_LEVEL_DEBUG, 990 "added new dynamic VLAN interface '%s'", 991 vlan->ifname); 992 } else if (vlan && vlan->dynamic_vlan > 0) { 993 vlan->dynamic_vlan++; 994 hostapd_logger(hapd, sta->addr, 995 HOSTAPD_MODULE_IEEE80211, 996 HOSTAPD_LEVEL_DEBUG, 997 "updated existing dynamic VLAN interface '%s'", 998 vlan->ifname); 999 } 1000 done: 1001 old_vlan_id = sta->vlan_id; 1002 sta->vlan_id = vlan_id; 1003 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL; 1004 1005 if (vlan_id != old_vlan_id && old_vlan_id) 1006 vlan_remove_dynamic(hapd, old_vlan_id); 1007 1008 return ret; 1009 } 1010 1011 1012 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta) 1013 { 1014 #ifndef CONFIG_NO_VLAN 1015 const char *iface; 1016 struct hostapd_vlan *vlan = NULL; 1017 int ret; 1018 int old_vlanid = sta->vlan_id_bound; 1019 1020 iface = hapd->conf->iface; 1021 if (hapd->conf->ssid.vlan[0]) 1022 iface = hapd->conf->ssid.vlan; 1023 1024 if (sta->vlan_id > 0) { 1025 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) { 1026 if (vlan->vlan_id == sta->vlan_id) 1027 break; 1028 } 1029 if (vlan) 1030 iface = vlan->ifname; 1031 } 1032 1033 /* 1034 * Do not increment ref counters if the VLAN ID remains same, but do 1035 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might 1036 * have been called before. 1037 */ 1038 if (sta->vlan_id == old_vlanid) 1039 goto skip_counting; 1040 1041 if (sta->vlan_id > 0 && vlan == NULL) { 1042 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1043 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for " 1044 "binding station to (vlan_id=%d)", 1045 sta->vlan_id); 1046 ret = -1; 1047 goto done; 1048 } else if (vlan && vlan->dynamic_vlan > 0) { 1049 vlan->dynamic_vlan++; 1050 hostapd_logger(hapd, sta->addr, 1051 HOSTAPD_MODULE_IEEE80211, 1052 HOSTAPD_LEVEL_DEBUG, 1053 "updated existing dynamic VLAN interface '%s'", 1054 iface); 1055 } 1056 1057 /* ref counters have been increased, so mark the station */ 1058 sta->vlan_id_bound = sta->vlan_id; 1059 1060 skip_counting: 1061 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1062 HOSTAPD_LEVEL_DEBUG, "binding station to interface " 1063 "'%s'", iface); 1064 1065 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0) 1066 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA"); 1067 1068 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id); 1069 if (ret < 0) { 1070 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1071 HOSTAPD_LEVEL_DEBUG, "could not bind the STA " 1072 "entry to vlan_id=%d", sta->vlan_id); 1073 } 1074 1075 /* During 1x reauth, if the vlan id changes, then remove the old id. */ 1076 if (old_vlanid > 0 && old_vlanid != sta->vlan_id) 1077 vlan_remove_dynamic(hapd, old_vlanid); 1078 done: 1079 1080 return ret; 1081 #else /* CONFIG_NO_VLAN */ 1082 return 0; 1083 #endif /* CONFIG_NO_VLAN */ 1084 } 1085 1086 1087 #ifdef CONFIG_IEEE80211W 1088 1089 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta) 1090 { 1091 u32 tu; 1092 struct os_reltime now, passed; 1093 os_get_reltime(&now); 1094 os_reltime_sub(&now, &sta->sa_query_start, &passed); 1095 tu = (passed.sec * 1000000 + passed.usec) / 1024; 1096 if (hapd->conf->assoc_sa_query_max_timeout < tu) { 1097 hostapd_logger(hapd, sta->addr, 1098 HOSTAPD_MODULE_IEEE80211, 1099 HOSTAPD_LEVEL_DEBUG, 1100 "association SA Query timed out"); 1101 sta->sa_query_timed_out = 1; 1102 os_free(sta->sa_query_trans_id); 1103 sta->sa_query_trans_id = NULL; 1104 sta->sa_query_count = 0; 1105 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1106 return 1; 1107 } 1108 1109 return 0; 1110 } 1111 1112 1113 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx) 1114 { 1115 struct hostapd_data *hapd = eloop_ctx; 1116 struct sta_info *sta = timeout_ctx; 1117 unsigned int timeout, sec, usec; 1118 u8 *trans_id, *nbuf; 1119 1120 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR 1121 " (count=%d)", 1122 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count); 1123 1124 if (sta->sa_query_count > 0 && 1125 ap_check_sa_query_timeout(hapd, sta)) 1126 return; 1127 1128 nbuf = os_realloc_array(sta->sa_query_trans_id, 1129 sta->sa_query_count + 1, 1130 WLAN_SA_QUERY_TR_ID_LEN); 1131 if (nbuf == NULL) 1132 return; 1133 if (sta->sa_query_count == 0) { 1134 /* Starting a new SA Query procedure */ 1135 os_get_reltime(&sta->sa_query_start); 1136 } 1137 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN; 1138 sta->sa_query_trans_id = nbuf; 1139 sta->sa_query_count++; 1140 1141 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) { 1142 /* 1143 * We don't really care which ID is used here, so simply 1144 * hardcode this if the mostly theoretical os_get_random() 1145 * failure happens. 1146 */ 1147 trans_id[0] = 0x12; 1148 trans_id[1] = 0x34; 1149 } 1150 1151 timeout = hapd->conf->assoc_sa_query_retry_timeout; 1152 sec = ((timeout / 1000) * 1024) / 1000; 1153 usec = (timeout % 1000) * 1024; 1154 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta); 1155 1156 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1157 HOSTAPD_LEVEL_DEBUG, 1158 "association SA Query attempt %d", sta->sa_query_count); 1159 1160 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id); 1161 } 1162 1163 1164 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1165 { 1166 ap_sa_query_timer(hapd, sta); 1167 } 1168 1169 1170 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 1171 { 1172 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 1173 os_free(sta->sa_query_trans_id); 1174 sta->sa_query_trans_id = NULL; 1175 sta->sa_query_count = 0; 1176 } 1177 1178 #endif /* CONFIG_IEEE80211W */ 1179 1180 1181 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd, 1182 struct sta_info *sta) 1183 { 1184 struct hostapd_wpa_psk *psk; 1185 struct hostapd_ssid *ssid; 1186 const u8 *pmk; 1187 int pmk_len; 1188 1189 ssid = &hapd->conf->ssid; 1190 1191 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len); 1192 if (!pmk || pmk_len != PMK_LEN) 1193 return NULL; 1194 1195 for (psk = ssid->wpa_psk; psk; psk = psk->next) 1196 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0) 1197 break; 1198 if (!psk) 1199 return NULL; 1200 if (!psk || !psk->keyid[0]) 1201 return NULL; 1202 1203 return psk->keyid; 1204 } 1205 1206 1207 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta, 1208 int authorized) 1209 { 1210 const u8 *dev_addr = NULL; 1211 char buf[100]; 1212 #ifdef CONFIG_P2P 1213 u8 addr[ETH_ALEN]; 1214 u8 ip_addr_buf[4]; 1215 #endif /* CONFIG_P2P */ 1216 1217 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED)) 1218 return; 1219 1220 if (authorized) 1221 sta->flags |= WLAN_STA_AUTHORIZED; 1222 else 1223 sta->flags &= ~WLAN_STA_AUTHORIZED; 1224 1225 #ifdef CONFIG_P2P 1226 if (hapd->p2p_group == NULL) { 1227 if (sta->p2p_ie != NULL && 1228 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0) 1229 dev_addr = addr; 1230 } else 1231 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr); 1232 1233 if (dev_addr) 1234 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR, 1235 MAC2STR(sta->addr), MAC2STR(dev_addr)); 1236 else 1237 #endif /* CONFIG_P2P */ 1238 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr)); 1239 1240 if (hapd->sta_authorized_cb) 1241 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx, 1242 sta->addr, authorized, dev_addr); 1243 1244 if (authorized) { 1245 const char *keyid; 1246 char keyid_buf[100]; 1247 char ip_addr[100]; 1248 1249 keyid_buf[0] = '\0'; 1250 ip_addr[0] = '\0'; 1251 #ifdef CONFIG_P2P 1252 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) { 1253 os_snprintf(ip_addr, sizeof(ip_addr), 1254 " ip_addr=%u.%u.%u.%u", 1255 ip_addr_buf[0], ip_addr_buf[1], 1256 ip_addr_buf[2], ip_addr_buf[3]); 1257 } 1258 #endif /* CONFIG_P2P */ 1259 1260 keyid = ap_sta_wpa_get_keyid(hapd, sta); 1261 if (keyid) { 1262 os_snprintf(keyid_buf, sizeof(keyid_buf), 1263 " keyid=%s", keyid); 1264 } 1265 1266 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s", 1267 buf, ip_addr, keyid_buf); 1268 1269 if (hapd->msg_ctx_parent && 1270 hapd->msg_ctx_parent != hapd->msg_ctx) 1271 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1272 AP_STA_CONNECTED "%s%s%s", 1273 buf, ip_addr, keyid_buf); 1274 } else { 1275 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); 1276 1277 if (hapd->msg_ctx_parent && 1278 hapd->msg_ctx_parent != hapd->msg_ctx) 1279 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1280 AP_STA_DISCONNECTED "%s", buf); 1281 } 1282 1283 #ifdef CONFIG_FST 1284 if (hapd->iface->fst) { 1285 if (authorized) 1286 fst_notify_peer_connected(hapd->iface->fst, sta->addr); 1287 else 1288 fst_notify_peer_disconnected(hapd->iface->fst, 1289 sta->addr); 1290 } 1291 #endif /* CONFIG_FST */ 1292 } 1293 1294 1295 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta, 1296 const u8 *addr, u16 reason) 1297 { 1298 if (sta) 1299 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u", 1300 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1301 reason); 1302 else if (addr) 1303 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u", 1304 hapd->conf->iface, __func__, MAC2STR(addr), 1305 reason); 1306 1307 if (sta == NULL && addr) 1308 sta = ap_get_sta(hapd, addr); 1309 1310 if (addr) 1311 hostapd_drv_sta_deauth(hapd, addr, reason); 1312 1313 if (sta == NULL) 1314 return; 1315 ap_sta_set_authorized(hapd, sta, 0); 1316 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1317 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1318 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1319 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout " 1320 "for " MACSTR " (%d seconds - " 1321 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 1322 hapd->conf->iface, __func__, MAC2STR(sta->addr), 1323 AP_MAX_INACTIVITY_AFTER_DEAUTH); 1324 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1325 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 1326 ap_handle_timer, hapd, sta); 1327 sta->timeout_next = STA_REMOVE; 1328 1329 if (hapd->iface->current_mode && 1330 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 1331 /* Deauthentication is not used in DMG/IEEE 802.11ad; 1332 * disassociate the STA instead. */ 1333 sta->disassoc_reason = reason; 1334 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 1335 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1336 eloop_register_timeout(hapd->iface->drv_flags & 1337 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 1338 2 : 0, 0, ap_sta_disassoc_cb_timeout, 1339 hapd, sta); 1340 return; 1341 } 1342 1343 sta->deauth_reason = reason; 1344 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 1345 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1346 eloop_register_timeout(hapd->iface->drv_flags & 1347 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 1348 ap_sta_deauth_cb_timeout, hapd, sta); 1349 } 1350 1351 1352 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta) 1353 { 1354 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) { 1355 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame"); 1356 return; 1357 } 1358 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB; 1359 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1360 ap_sta_deauth_cb_timeout(hapd, sta); 1361 } 1362 1363 1364 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta) 1365 { 1366 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) { 1367 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame"); 1368 return; 1369 } 1370 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB; 1371 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1372 ap_sta_disassoc_cb_timeout(hapd, sta); 1373 } 1374 1375 1376 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd, 1377 struct sta_info *sta) 1378 { 1379 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0) 1380 wpa_printf(MSG_DEBUG, 1381 "%s: Removed ap_sta_deauth_cb_timeout timeout for " 1382 MACSTR, 1383 hapd->conf->iface, MAC2STR(sta->addr)); 1384 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0) 1385 wpa_printf(MSG_DEBUG, 1386 "%s: Removed ap_sta_disassoc_cb_timeout timeout for " 1387 MACSTR, 1388 hapd->conf->iface, MAC2STR(sta->addr)); 1389 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0) 1390 { 1391 wpa_printf(MSG_DEBUG, 1392 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for " 1393 MACSTR, 1394 hapd->conf->iface, MAC2STR(sta->addr)); 1395 if (sta->flags & WLAN_STA_WPS) 1396 hostapd_wps_eap_completed(hapd); 1397 } 1398 } 1399 1400 1401 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen) 1402 { 1403 int res; 1404 1405 buf[0] = '\0'; 1406 res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 1407 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""), 1408 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""), 1409 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""), 1410 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" : 1411 ""), 1412 (flags & WLAN_STA_SHORT_PREAMBLE ? 1413 "[SHORT_PREAMBLE]" : ""), 1414 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""), 1415 (flags & WLAN_STA_WMM ? "[WMM]" : ""), 1416 (flags & WLAN_STA_MFP ? "[MFP]" : ""), 1417 (flags & WLAN_STA_WPS ? "[WPS]" : ""), 1418 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""), 1419 (flags & WLAN_STA_WDS ? "[WDS]" : ""), 1420 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""), 1421 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""), 1422 (flags & WLAN_STA_GAS ? "[GAS]" : ""), 1423 (flags & WLAN_STA_HT ? "[HT]" : ""), 1424 (flags & WLAN_STA_VHT ? "[VHT]" : ""), 1425 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""), 1426 (flags & WLAN_STA_WNM_SLEEP_MODE ? 1427 "[WNM_SLEEP_MODE]" : "")); 1428 if (os_snprintf_error(buflen, res)) 1429 res = -1; 1430 1431 return res; 1432 } 1433 1434 1435 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx) 1436 { 1437 struct hostapd_data *hapd = eloop_ctx; 1438 struct sta_info *sta = timeout_ctx; 1439 u16 reason; 1440 1441 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1442 "IEEE 802.1X: Scheduled disconnection of " MACSTR 1443 " after EAP-Failure", MAC2STR(sta->addr)); 1444 1445 reason = sta->disconnect_reason_code; 1446 if (!reason) 1447 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED; 1448 ap_sta_disconnect(hapd, sta, sta->addr, reason); 1449 if (sta->flags & WLAN_STA_WPS) 1450 hostapd_wps_eap_completed(hapd); 1451 } 1452 1453 1454 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1455 struct sta_info *sta) 1456 { 1457 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1458 "IEEE 802.1X: Force disconnection of " MACSTR 1459 " after EAP-Failure in 10 ms", MAC2STR(sta->addr)); 1460 1461 /* 1462 * Add a small sleep to increase likelihood of previously requested 1463 * EAP-Failure TX getting out before this should the driver reorder 1464 * operations. 1465 */ 1466 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta); 1467 eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb, 1468 hapd, sta); 1469 } 1470 1471 1472 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, 1473 struct sta_info *sta) 1474 { 1475 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb, 1476 hapd, sta); 1477 } 1478