1 /*
2 * hostapd / Station table
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/sae.h"
16 #include "common/dpp.h"
17 #include "radius/radius.h"
18 #include "radius/radius_client.h"
19 #include "p2p/p2p.h"
20 #include "fst/fst.h"
21 #include "crypto/crypto.h"
22 #include "hostapd.h"
23 #include "accounting.h"
24 #include "ieee802_1x.h"
25 #include "ieee802_11.h"
26 #include "ieee802_11_auth.h"
27 #include "wpa_auth.h"
28 #include "preauth_auth.h"
29 #include "ap_config.h"
30 #include "beacon.h"
31 #include "ap_mlme.h"
32 #include "vlan_init.h"
33 #include "p2p_hostapd.h"
34 #include "ap_drv_ops.h"
35 #include "gas_serv.h"
36 #include "wnm_ap.h"
37 #include "mbo_ap.h"
38 #include "ndisc_snoop.h"
39 #include "sta_info.h"
40 #include "vlan.h"
41 #include "wps_hostapd.h"
42
43 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
44 struct sta_info *sta);
45 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
46 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
47 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
48 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
49 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
50 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
51 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx);
52
ap_for_each_sta(struct hostapd_data * hapd,int (* cb)(struct hostapd_data * hapd,struct sta_info * sta,void * ctx),void * ctx)53 int ap_for_each_sta(struct hostapd_data *hapd,
54 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
55 void *ctx),
56 void *ctx)
57 {
58 struct sta_info *sta;
59
60 for (sta = hapd->sta_list; sta; sta = sta->next) {
61 if (cb(hapd, sta, ctx))
62 return 1;
63 }
64
65 return 0;
66 }
67
68
ap_get_sta(struct hostapd_data * hapd,const u8 * sta)69 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
70 {
71 struct sta_info *s;
72
73 s = hapd->sta_hash[STA_HASH(sta)];
74 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
75 s = s->hnext;
76 return s;
77 }
78
79
80 #ifdef CONFIG_P2P
ap_get_sta_p2p(struct hostapd_data * hapd,const u8 * addr)81 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
82 {
83 struct sta_info *sta;
84
85 for (sta = hapd->sta_list; sta; sta = sta->next) {
86 const u8 *p2p_dev_addr;
87
88 if (sta->p2p_ie == NULL)
89 continue;
90
91 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
92 if (p2p_dev_addr == NULL)
93 continue;
94
95 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0)
96 return sta;
97 }
98
99 return NULL;
100 }
101 #endif /* CONFIG_P2P */
102
103
ap_sta_list_del(struct hostapd_data * hapd,struct sta_info * sta)104 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
105 {
106 struct sta_info *tmp;
107
108 if (hapd->sta_list == sta) {
109 hapd->sta_list = sta->next;
110 return;
111 }
112
113 tmp = hapd->sta_list;
114 while (tmp != NULL && tmp->next != sta)
115 tmp = tmp->next;
116 if (tmp == NULL) {
117 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
118 "list.", MAC2STR(sta->addr));
119 } else
120 tmp->next = sta->next;
121 }
122
123
ap_sta_hash_add(struct hostapd_data * hapd,struct sta_info * sta)124 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
125 {
126 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
127 hapd->sta_hash[STA_HASH(sta->addr)] = sta;
128 }
129
130
ap_sta_hash_del(struct hostapd_data * hapd,struct sta_info * sta)131 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
132 {
133 struct sta_info *s;
134
135 s = hapd->sta_hash[STA_HASH(sta->addr)];
136 if (s == NULL) return;
137 if (os_memcmp(s->addr, sta->addr, 6) == 0) {
138 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
139 return;
140 }
141
142 while (s->hnext != NULL &&
143 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
144 s = s->hnext;
145 if (s->hnext != NULL)
146 s->hnext = s->hnext->hnext;
147 else
148 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
149 " from hash table", MAC2STR(sta->addr));
150 }
151
152
ap_sta_ip6addr_del(struct hostapd_data * hapd,struct sta_info * sta)153 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
154 {
155 sta_ip6addr_del(hapd, sta);
156 }
157
158
159 #ifdef CONFIG_PASN
160
ap_free_sta_pasn(struct hostapd_data * hapd,struct sta_info * sta)161 void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta)
162 {
163 if (sta->pasn) {
164 wpa_printf(MSG_DEBUG, "PASN: Free PASN context: " MACSTR,
165 MAC2STR(sta->addr));
166
167 if (sta->pasn->ecdh)
168 crypto_ecdh_deinit(sta->pasn->ecdh);
169
170 wpabuf_free(sta->pasn->secret);
171 sta->pasn->secret = NULL;
172
173 #ifdef CONFIG_SAE
174 sae_clear_data(&sta->pasn->sae);
175 #endif /* CONFIG_SAE */
176
177 #ifdef CONFIG_FILS
178 /* In practice this pointer should be NULL */
179 wpabuf_free(sta->pasn->fils.erp_resp);
180 sta->pasn->fils.erp_resp = NULL;
181 #endif /* CONFIG_FILS */
182
183 bin_clear_free(sta->pasn, sizeof(*sta->pasn));
184 sta->pasn = NULL;
185 }
186 }
187
188 #endif /* CONFIG_PASN */
189
ap_free_sta(struct hostapd_data * hapd,struct sta_info * sta)190 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
191 {
192 int set_beacon = 0;
193
194 accounting_sta_stop(hapd, sta);
195
196 /* just in case */
197 ap_sta_set_authorized(hapd, sta, 0);
198 hostapd_set_sta_flags(hapd, sta);
199
200 if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP))
201 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
202
203 if (sta->ipaddr)
204 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
205 ap_sta_ip6addr_del(hapd, sta);
206
207 if (!hapd->iface->driver_ap_teardown &&
208 !(sta->flags & WLAN_STA_PREAUTH)) {
209 hostapd_drv_sta_remove(hapd, sta->addr);
210 sta->added_unassoc = 0;
211 }
212
213 ap_sta_hash_del(hapd, sta);
214 ap_sta_list_del(hapd, sta);
215
216 if (sta->aid > 0)
217 hapd->sta_aid[(sta->aid - 1) / 32] &=
218 ~BIT((sta->aid - 1) % 32);
219
220 hapd->num_sta--;
221 if (sta->nonerp_set) {
222 sta->nonerp_set = 0;
223 hapd->iface->num_sta_non_erp--;
224 if (hapd->iface->num_sta_non_erp == 0)
225 set_beacon++;
226 }
227
228 if (sta->no_short_slot_time_set) {
229 sta->no_short_slot_time_set = 0;
230 hapd->iface->num_sta_no_short_slot_time--;
231 if (hapd->iface->current_mode &&
232 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
233 && hapd->iface->num_sta_no_short_slot_time == 0)
234 set_beacon++;
235 }
236
237 if (sta->no_short_preamble_set) {
238 sta->no_short_preamble_set = 0;
239 hapd->iface->num_sta_no_short_preamble--;
240 if (hapd->iface->current_mode &&
241 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
242 && hapd->iface->num_sta_no_short_preamble == 0)
243 set_beacon++;
244 }
245
246 if (sta->no_ht_gf_set) {
247 sta->no_ht_gf_set = 0;
248 hapd->iface->num_sta_ht_no_gf--;
249 }
250
251 if (sta->no_ht_set) {
252 sta->no_ht_set = 0;
253 hapd->iface->num_sta_no_ht--;
254 }
255
256 if (sta->ht_20mhz_set) {
257 sta->ht_20mhz_set = 0;
258 hapd->iface->num_sta_ht_20mhz--;
259 }
260
261 #ifdef CONFIG_TAXONOMY
262 wpabuf_free(sta->probe_ie_taxonomy);
263 sta->probe_ie_taxonomy = NULL;
264 wpabuf_free(sta->assoc_ie_taxonomy);
265 sta->assoc_ie_taxonomy = NULL;
266 #endif /* CONFIG_TAXONOMY */
267
268 ht40_intolerant_remove(hapd->iface, sta);
269
270 #ifdef CONFIG_P2P
271 if (sta->no_p2p_set) {
272 sta->no_p2p_set = 0;
273 hapd->num_sta_no_p2p--;
274 if (hapd->num_sta_no_p2p == 0)
275 hostapd_p2p_non_p2p_sta_disconnected(hapd);
276 }
277 #endif /* CONFIG_P2P */
278
279 #ifdef NEED_AP_MLME
280 if (hostapd_ht_operation_update(hapd->iface) > 0)
281 set_beacon++;
282 #endif /* NEED_AP_MLME */
283
284 #ifdef CONFIG_MESH
285 if (hapd->mesh_sta_free_cb)
286 hapd->mesh_sta_free_cb(hapd, sta);
287 #endif /* CONFIG_MESH */
288
289 if (set_beacon)
290 ieee802_11_set_beacons(hapd->iface);
291
292 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
293 __func__, MAC2STR(sta->addr));
294 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
295 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
296 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
297 ap_sta_clear_disconnect_timeouts(hapd, sta);
298 sae_clear_retransmit_timer(hapd, sta);
299
300 ieee802_1x_free_station(hapd, sta);
301 wpa_auth_sta_deinit(sta->wpa_sm);
302 rsn_preauth_free_station(hapd, sta);
303 #ifndef CONFIG_NO_RADIUS
304 if (hapd->radius)
305 radius_client_flush_auth(hapd->radius, sta->addr);
306 #endif /* CONFIG_NO_RADIUS */
307
308 #ifndef CONFIG_NO_VLAN
309 /*
310 * sta->wpa_sm->group needs to be released before so that
311 * vlan_remove_dynamic() can check that no stations are left on the
312 * AP_VLAN netdev.
313 */
314 if (sta->vlan_id)
315 vlan_remove_dynamic(hapd, sta->vlan_id);
316 if (sta->vlan_id_bound) {
317 /*
318 * Need to remove the STA entry before potentially removing the
319 * VLAN.
320 */
321 if (hapd->iface->driver_ap_teardown &&
322 !(sta->flags & WLAN_STA_PREAUTH)) {
323 hostapd_drv_sta_remove(hapd, sta->addr);
324 sta->added_unassoc = 0;
325 }
326 vlan_remove_dynamic(hapd, sta->vlan_id_bound);
327 }
328 #endif /* CONFIG_NO_VLAN */
329
330 os_free(sta->challenge);
331
332 os_free(sta->sa_query_trans_id);
333 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
334
335 #ifdef CONFIG_P2P
336 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
337 #endif /* CONFIG_P2P */
338
339 #ifdef CONFIG_INTERWORKING
340 if (sta->gas_dialog) {
341 int i;
342 for (i = 0; i < GAS_DIALOG_MAX; i++)
343 gas_serv_dialog_clear(&sta->gas_dialog[i]);
344 os_free(sta->gas_dialog);
345 }
346 #endif /* CONFIG_INTERWORKING */
347
348 wpabuf_free(sta->wps_ie);
349 wpabuf_free(sta->p2p_ie);
350 wpabuf_free(sta->hs20_ie);
351 wpabuf_free(sta->roaming_consortium);
352 #ifdef CONFIG_FST
353 wpabuf_free(sta->mb_ies);
354 #endif /* CONFIG_FST */
355
356 os_free(sta->ht_capabilities);
357 os_free(sta->vht_capabilities);
358 os_free(sta->vht_operation);
359 os_free(sta->he_capab);
360 os_free(sta->he_6ghz_capab);
361 os_free(sta->eht_capab);
362 hostapd_free_psk_list(sta->psk);
363 os_free(sta->identity);
364 os_free(sta->radius_cui);
365 os_free(sta->remediation_url);
366 os_free(sta->t_c_url);
367 wpabuf_free(sta->hs20_deauth_req);
368 os_free(sta->hs20_session_info_url);
369
370 #ifdef CONFIG_SAE
371 sae_clear_data(sta->sae);
372 os_free(sta->sae);
373 #endif /* CONFIG_SAE */
374
375 mbo_ap_sta_free(sta);
376 os_free(sta->supp_op_classes);
377
378 #ifdef CONFIG_FILS
379 os_free(sta->fils_pending_assoc_req);
380 wpabuf_free(sta->fils_hlp_resp);
381 wpabuf_free(sta->hlp_dhcp_discover);
382 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
383 #ifdef CONFIG_FILS_SK_PFS
384 crypto_ecdh_deinit(sta->fils_ecdh);
385 wpabuf_clear_free(sta->fils_dh_ss);
386 wpabuf_free(sta->fils_g_sta);
387 #endif /* CONFIG_FILS_SK_PFS */
388 #endif /* CONFIG_FILS */
389
390 #ifdef CONFIG_OWE
391 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len);
392 crypto_ecdh_deinit(sta->owe_ecdh);
393 #endif /* CONFIG_OWE */
394
395 #ifdef CONFIG_DPP2
396 dpp_pfs_free(sta->dpp_pfs);
397 sta->dpp_pfs = NULL;
398 #endif /* CONFIG_DPP2 */
399
400 os_free(sta->ext_capability);
401
402 #ifdef CONFIG_WNM_AP
403 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
404 #endif /* CONFIG_WNM_AP */
405
406 #ifdef CONFIG_PASN
407 ap_free_sta_pasn(hapd, sta);
408 #endif /* CONFIG_PASN */
409
410 os_free(sta->ifname_wds);
411
412 #ifdef CONFIG_TESTING_OPTIONS
413 os_free(sta->sae_postponed_commit);
414 forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
415 #endif /* CONFIG_TESTING_OPTIONS */
416
417 os_free(sta);
418 }
419
420
hostapd_free_stas(struct hostapd_data * hapd)421 void hostapd_free_stas(struct hostapd_data *hapd)
422 {
423 struct sta_info *sta, *prev;
424
425 sta = hapd->sta_list;
426
427 while (sta) {
428 prev = sta;
429 if (sta->flags & WLAN_STA_AUTH) {
430 mlme_deauthenticate_indication(
431 hapd, sta, WLAN_REASON_UNSPECIFIED);
432 }
433 sta = sta->next;
434 wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
435 MAC2STR(prev->addr));
436 ap_free_sta(hapd, prev);
437 }
438 }
439
440
441 /**
442 * ap_handle_timer - Per STA timer handler
443 * @eloop_ctx: struct hostapd_data *
444 * @timeout_ctx: struct sta_info *
445 *
446 * This function is called to check station activity and to remove inactive
447 * stations.
448 */
ap_handle_timer(void * eloop_ctx,void * timeout_ctx)449 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
450 {
451 struct hostapd_data *hapd = eloop_ctx;
452 struct sta_info *sta = timeout_ctx;
453 unsigned long next_time = 0;
454 int reason;
455
456 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
457 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
458 sta->timeout_next);
459 if (sta->timeout_next == STA_REMOVE) {
460 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
461 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
462 "local deauth request");
463 ap_free_sta(hapd, sta);
464 return;
465 }
466
467 if ((sta->flags & WLAN_STA_ASSOC) &&
468 (sta->timeout_next == STA_NULLFUNC ||
469 sta->timeout_next == STA_DISASSOC)) {
470 int inactive_sec;
471 /*
472 * Add random value to timeout so that we don't end up bouncing
473 * all stations at the same time if we have lots of associated
474 * stations that are idle (but keep re-associating).
475 */
476 int fuzz = os_random() % 20;
477 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
478 if (inactive_sec == -1) {
479 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
480 "Check inactivity: Could not "
481 "get station info from kernel driver for "
482 MACSTR, MAC2STR(sta->addr));
483 /*
484 * The driver may not support this functionality.
485 * Anyway, try again after the next inactivity timeout,
486 * but do not disconnect the station now.
487 */
488 next_time = hapd->conf->ap_max_inactivity + fuzz;
489 } else if (inactive_sec == -ENOENT) {
490 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
491 "Station " MACSTR " has lost its driver entry",
492 MAC2STR(sta->addr));
493
494 /* Avoid sending client probe on removed client */
495 sta->timeout_next = STA_DISASSOC;
496 goto skip_poll;
497 } else if (inactive_sec < hapd->conf->ap_max_inactivity) {
498 /* station activity detected; reset timeout state */
499 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
500 "Station " MACSTR " has been active %is ago",
501 MAC2STR(sta->addr), inactive_sec);
502 sta->timeout_next = STA_NULLFUNC;
503 next_time = hapd->conf->ap_max_inactivity + fuzz -
504 inactive_sec;
505 } else {
506 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
507 "Station " MACSTR " has been "
508 "inactive too long: %d sec, max allowed: %d",
509 MAC2STR(sta->addr), inactive_sec,
510 hapd->conf->ap_max_inactivity);
511
512 if (hapd->conf->skip_inactivity_poll)
513 sta->timeout_next = STA_DISASSOC;
514 }
515 }
516
517 if ((sta->flags & WLAN_STA_ASSOC) &&
518 sta->timeout_next == STA_DISASSOC &&
519 !(sta->flags & WLAN_STA_PENDING_POLL) &&
520 !hapd->conf->skip_inactivity_poll) {
521 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
522 " has ACKed data poll", MAC2STR(sta->addr));
523 /* data nullfunc frame poll did not produce TX errors; assume
524 * station ACKed it */
525 sta->timeout_next = STA_NULLFUNC;
526 next_time = hapd->conf->ap_max_inactivity;
527 }
528
529 skip_poll:
530 if (next_time) {
531 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
532 "for " MACSTR " (%lu seconds)",
533 __func__, MAC2STR(sta->addr), next_time);
534 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
535 sta);
536 return;
537 }
538
539 if (sta->timeout_next == STA_NULLFUNC &&
540 (sta->flags & WLAN_STA_ASSOC)) {
541 wpa_printf(MSG_DEBUG, " Polling STA");
542 sta->flags |= WLAN_STA_PENDING_POLL;
543 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
544 sta->flags & WLAN_STA_WMM);
545 } else if (sta->timeout_next != STA_REMOVE) {
546 int deauth = sta->timeout_next == STA_DEAUTH;
547
548 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) {
549 /* Cannot disassociate not-associated STA, so move
550 * directly to deauthentication. */
551 sta->timeout_next = STA_DEAUTH;
552 deauth = 1;
553 }
554
555 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
556 "Timeout, sending %s info to STA " MACSTR,
557 deauth ? "deauthentication" : "disassociation",
558 MAC2STR(sta->addr));
559
560 if (deauth) {
561 hostapd_drv_sta_deauth(
562 hapd, sta->addr,
563 WLAN_REASON_PREV_AUTH_NOT_VALID);
564 } else {
565 reason = (sta->timeout_next == STA_DISASSOC) ?
566 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
567 WLAN_REASON_PREV_AUTH_NOT_VALID;
568
569 hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
570 }
571 }
572
573 switch (sta->timeout_next) {
574 case STA_NULLFUNC:
575 sta->timeout_next = STA_DISASSOC;
576 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
577 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
578 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
579 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
580 hapd, sta);
581 break;
582 case STA_DISASSOC:
583 case STA_DISASSOC_FROM_CLI:
584 ap_sta_set_authorized(hapd, sta, 0);
585 sta->flags &= ~WLAN_STA_ASSOC;
586 hostapd_set_sta_flags(hapd, sta);
587 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
588 if (!sta->acct_terminate_cause)
589 sta->acct_terminate_cause =
590 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
591 accounting_sta_stop(hapd, sta);
592 ieee802_1x_free_station(hapd, sta);
593 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
594 HOSTAPD_LEVEL_INFO, "disassociated due to "
595 "inactivity");
596 reason = (sta->timeout_next == STA_DISASSOC) ?
597 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
598 WLAN_REASON_PREV_AUTH_NOT_VALID;
599 sta->timeout_next = STA_DEAUTH;
600 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
601 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
602 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
603 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
604 hapd, sta);
605 mlme_disassociate_indication(hapd, sta, reason);
606 break;
607 case STA_DEAUTH:
608 case STA_REMOVE:
609 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
610 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
611 "inactivity (timer DEAUTH/REMOVE)");
612 if (!sta->acct_terminate_cause)
613 sta->acct_terminate_cause =
614 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
615 mlme_deauthenticate_indication(
616 hapd, sta,
617 WLAN_REASON_PREV_AUTH_NOT_VALID);
618 ap_free_sta(hapd, sta);
619 break;
620 }
621 }
622
623
ap_handle_session_timer(void * eloop_ctx,void * timeout_ctx)624 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
625 {
626 struct hostapd_data *hapd = eloop_ctx;
627 struct sta_info *sta = timeout_ctx;
628
629 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
630 hapd->conf->iface, MAC2STR(sta->addr));
631 if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC |
632 WLAN_STA_AUTHORIZED))) {
633 if (sta->flags & WLAN_STA_GAS) {
634 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
635 "entry " MACSTR, MAC2STR(sta->addr));
636 ap_free_sta(hapd, sta);
637 }
638 return;
639 }
640
641 hostapd_drv_sta_deauth(hapd, sta->addr,
642 WLAN_REASON_PREV_AUTH_NOT_VALID);
643 mlme_deauthenticate_indication(hapd, sta,
644 WLAN_REASON_PREV_AUTH_NOT_VALID);
645 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
646 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
647 "session timeout");
648 sta->acct_terminate_cause =
649 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
650 ap_free_sta(hapd, sta);
651 }
652
653
ap_sta_replenish_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)654 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
655 u32 session_timeout)
656 {
657 if (eloop_replenish_timeout(session_timeout, 0,
658 ap_handle_session_timer, hapd, sta) == 1) {
659 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
660 HOSTAPD_LEVEL_DEBUG, "setting session timeout "
661 "to %d seconds", session_timeout);
662 }
663 }
664
665
ap_sta_session_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)666 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
667 u32 session_timeout)
668 {
669 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
670 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
671 "seconds", session_timeout);
672 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
673 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
674 hapd, sta);
675 }
676
677
ap_sta_no_session_timeout(struct hostapd_data * hapd,struct sta_info * sta)678 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
679 {
680 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
681 }
682
683
ap_handle_session_warning_timer(void * eloop_ctx,void * timeout_ctx)684 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
685 {
686 #ifdef CONFIG_WNM_AP
687 struct hostapd_data *hapd = eloop_ctx;
688 struct sta_info *sta = timeout_ctx;
689
690 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
691 MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
692 if (sta->hs20_session_info_url == NULL)
693 return;
694
695 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
696 sta->hs20_disassoc_timer);
697 #endif /* CONFIG_WNM_AP */
698 }
699
700
ap_sta_session_warning_timeout(struct hostapd_data * hapd,struct sta_info * sta,int warning_time)701 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
702 struct sta_info *sta, int warning_time)
703 {
704 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
705 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
706 hapd, sta);
707 }
708
709
ap_sta_add(struct hostapd_data * hapd,const u8 * addr)710 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
711 {
712 struct sta_info *sta;
713 int i;
714
715 sta = ap_get_sta(hapd, addr);
716 if (sta)
717 return sta;
718
719 wpa_printf(MSG_DEBUG, " New STA");
720 if (hapd->num_sta >= hapd->conf->max_num_sta) {
721 /* FIX: might try to remove some old STAs first? */
722 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
723 hapd->num_sta, hapd->conf->max_num_sta);
724 return NULL;
725 }
726
727 sta = os_zalloc(sizeof(struct sta_info));
728 if (sta == NULL) {
729 wpa_printf(MSG_ERROR, "malloc failed");
730 return NULL;
731 }
732 sta->acct_interim_interval = hapd->conf->acct_interim_interval;
733 if (accounting_sta_get_id(hapd, sta) < 0) {
734 os_free(sta);
735 return NULL;
736 }
737
738 for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
739 if (!hapd->iface->basic_rates)
740 break;
741 if (hapd->iface->basic_rates[i] < 0)
742 break;
743 sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5;
744 }
745 sta->supported_rates_len = i;
746
747 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
748 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
749 "for " MACSTR " (%d seconds - ap_max_inactivity)",
750 __func__, MAC2STR(addr),
751 hapd->conf->ap_max_inactivity);
752 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
753 ap_handle_timer, hapd, sta);
754 }
755
756 /* initialize STA info data */
757 os_memcpy(sta->addr, addr, ETH_ALEN);
758 sta->next = hapd->sta_list;
759 hapd->sta_list = sta;
760 hapd->num_sta++;
761 ap_sta_hash_add(hapd, sta);
762 ap_sta_remove_in_other_bss(hapd, sta);
763 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
764 dl_list_init(&sta->ip6addr);
765
766 #ifdef CONFIG_TAXONOMY
767 sta_track_claim_taxonomy_info(hapd->iface, addr,
768 &sta->probe_ie_taxonomy);
769 #endif /* CONFIG_TAXONOMY */
770
771 return sta;
772 }
773
774
ap_sta_remove(struct hostapd_data * hapd,struct sta_info * sta)775 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
776 {
777 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
778
779 if (sta->ipaddr)
780 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
781 ap_sta_ip6addr_del(hapd, sta);
782
783 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
784 hapd->conf->iface, MAC2STR(sta->addr));
785 if (hostapd_drv_sta_remove(hapd, sta->addr) &&
786 sta->flags & WLAN_STA_ASSOC) {
787 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
788 " from kernel driver",
789 hapd->conf->iface, MAC2STR(sta->addr));
790 return -1;
791 }
792 sta->added_unassoc = 0;
793 return 0;
794 }
795
796
ap_sta_remove_in_other_bss(struct hostapd_data * hapd,struct sta_info * sta)797 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
798 struct sta_info *sta)
799 {
800 struct hostapd_iface *iface = hapd->iface;
801 size_t i;
802
803 for (i = 0; i < iface->num_bss; i++) {
804 struct hostapd_data *bss = iface->bss[i];
805 struct sta_info *sta2;
806 /* bss should always be set during operation, but it may be
807 * NULL during reconfiguration. Assume the STA is not
808 * associated to another BSS in that case to avoid NULL pointer
809 * dereferences. */
810 if (bss == hapd || bss == NULL)
811 continue;
812 sta2 = ap_get_sta(bss, sta->addr);
813 if (!sta2)
814 continue;
815
816 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
817 " association from another BSS %s",
818 hapd->conf->iface, MAC2STR(sta2->addr),
819 bss->conf->iface);
820 ap_sta_disconnect(bss, sta2, sta2->addr,
821 WLAN_REASON_PREV_AUTH_NOT_VALID);
822 }
823 }
824
825
ap_sta_disassoc_cb_timeout(void * eloop_ctx,void * timeout_ctx)826 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
827 {
828 struct hostapd_data *hapd = eloop_ctx;
829 struct sta_info *sta = timeout_ctx;
830
831 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
832 hapd->conf->iface, MAC2STR(sta->addr));
833 ap_sta_remove(hapd, sta);
834 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
835 }
836
837
ap_sta_disassociate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)838 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
839 u16 reason)
840 {
841 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
842 hapd->conf->iface, MAC2STR(sta->addr));
843 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
844 if (hapd->iface->current_mode &&
845 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
846 /* Skip deauthentication in DMG/IEEE 802.11ad */
847 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
848 WLAN_STA_ASSOC_REQ_OK);
849 sta->timeout_next = STA_REMOVE;
850 } else {
851 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
852 sta->timeout_next = STA_DEAUTH;
853 }
854 ap_sta_set_authorized(hapd, sta, 0);
855 hostapd_set_sta_flags(hapd, sta);
856 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
857 "for " MACSTR " (%d seconds - "
858 "AP_MAX_INACTIVITY_AFTER_DISASSOC)",
859 __func__, MAC2STR(sta->addr),
860 AP_MAX_INACTIVITY_AFTER_DISASSOC);
861 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
862 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
863 ap_handle_timer, hapd, sta);
864 accounting_sta_stop(hapd, sta);
865 ieee802_1x_free_station(hapd, sta);
866 wpa_auth_sta_deinit(sta->wpa_sm);
867 sta->wpa_sm = NULL;
868
869 sta->disassoc_reason = reason;
870 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
871 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
872 eloop_register_timeout(hapd->iface->drv_flags &
873 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
874 ap_sta_disassoc_cb_timeout, hapd, sta);
875 }
876
877
ap_sta_deauth_cb_timeout(void * eloop_ctx,void * timeout_ctx)878 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
879 {
880 struct hostapd_data *hapd = eloop_ctx;
881 struct sta_info *sta = timeout_ctx;
882
883 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
884 hapd->conf->iface, MAC2STR(sta->addr));
885 ap_sta_remove(hapd, sta);
886 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
887 }
888
889
ap_sta_deauthenticate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)890 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
891 u16 reason)
892 {
893 if (hapd->iface->current_mode &&
894 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
895 /* Deauthentication is not used in DMG/IEEE 802.11ad;
896 * disassociate the STA instead. */
897 ap_sta_disassociate(hapd, sta, reason);
898 return;
899 }
900
901 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
902 hapd->conf->iface, MAC2STR(sta->addr));
903 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
904 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
905 ap_sta_set_authorized(hapd, sta, 0);
906 hostapd_set_sta_flags(hapd, sta);
907 sta->timeout_next = STA_REMOVE;
908 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
909 "for " MACSTR " (%d seconds - "
910 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
911 __func__, MAC2STR(sta->addr),
912 AP_MAX_INACTIVITY_AFTER_DEAUTH);
913 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
914 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
915 ap_handle_timer, hapd, sta);
916 accounting_sta_stop(hapd, sta);
917 ieee802_1x_free_station(hapd, sta);
918
919 sta->deauth_reason = reason;
920 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
921 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
922 eloop_register_timeout(hapd->iface->drv_flags &
923 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
924 ap_sta_deauth_cb_timeout, hapd, sta);
925 }
926
927
928 #ifdef CONFIG_WPS
ap_sta_wps_cancel(struct hostapd_data * hapd,struct sta_info * sta,void * ctx)929 int ap_sta_wps_cancel(struct hostapd_data *hapd,
930 struct sta_info *sta, void *ctx)
931 {
932 if (sta && (sta->flags & WLAN_STA_WPS)) {
933 ap_sta_deauthenticate(hapd, sta,
934 WLAN_REASON_PREV_AUTH_NOT_VALID);
935 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
936 __func__, MAC2STR(sta->addr));
937 return 1;
938 }
939
940 return 0;
941 }
942 #endif /* CONFIG_WPS */
943
944
ap_sta_get_free_vlan_id(struct hostapd_data * hapd)945 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
946 {
947 struct hostapd_vlan *vlan;
948 int vlan_id = MAX_VLAN_ID + 2;
949
950 retry:
951 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
952 if (vlan->vlan_id == vlan_id) {
953 vlan_id++;
954 goto retry;
955 }
956 }
957 return vlan_id;
958 }
959
960
ap_sta_set_vlan(struct hostapd_data * hapd,struct sta_info * sta,struct vlan_description * vlan_desc)961 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
962 struct vlan_description *vlan_desc)
963 {
964 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
965 int old_vlan_id, vlan_id = 0, ret = 0;
966
967 /* Check if there is something to do */
968 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
969 /* This sta is lacking its own vif */
970 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
971 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
972 /* sta->vlan_id needs to be reset */
973 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
974 return 0; /* nothing to change */
975 }
976
977 /* Now the real VLAN changed or the STA just needs its own vif */
978 if (hapd->conf->ssid.per_sta_vif) {
979 /* Assign a new vif, always */
980 /* find a free vlan_id sufficiently big */
981 vlan_id = ap_sta_get_free_vlan_id(hapd);
982 /* Get wildcard VLAN */
983 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
984 if (vlan->vlan_id == VLAN_ID_WILDCARD)
985 break;
986 }
987 if (!vlan) {
988 hostapd_logger(hapd, sta->addr,
989 HOSTAPD_MODULE_IEEE80211,
990 HOSTAPD_LEVEL_DEBUG,
991 "per_sta_vif missing wildcard");
992 vlan_id = 0;
993 ret = -1;
994 goto done;
995 }
996 } else if (vlan_desc && vlan_desc->notempty) {
997 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
998 if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
999 break;
1000 if (vlan->vlan_id == VLAN_ID_WILDCARD)
1001 wildcard_vlan = vlan;
1002 }
1003 if (vlan) {
1004 vlan_id = vlan->vlan_id;
1005 } else if (wildcard_vlan) {
1006 vlan = wildcard_vlan;
1007 vlan_id = vlan_desc->untagged;
1008 if (vlan_desc->tagged[0]) {
1009 /* Tagged VLAN configuration */
1010 vlan_id = ap_sta_get_free_vlan_id(hapd);
1011 }
1012 } else {
1013 hostapd_logger(hapd, sta->addr,
1014 HOSTAPD_MODULE_IEEE80211,
1015 HOSTAPD_LEVEL_DEBUG,
1016 "missing vlan and wildcard for vlan=%d%s",
1017 vlan_desc->untagged,
1018 vlan_desc->tagged[0] ? "+" : "");
1019 vlan_id = 0;
1020 ret = -1;
1021 goto done;
1022 }
1023 }
1024
1025 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
1026 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
1027 if (vlan == NULL) {
1028 hostapd_logger(hapd, sta->addr,
1029 HOSTAPD_MODULE_IEEE80211,
1030 HOSTAPD_LEVEL_DEBUG,
1031 "could not add dynamic VLAN interface for vlan=%d%s",
1032 vlan_desc ? vlan_desc->untagged : -1,
1033 (vlan_desc && vlan_desc->tagged[0]) ?
1034 "+" : "");
1035 vlan_id = 0;
1036 ret = -1;
1037 goto done;
1038 }
1039
1040 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1041 HOSTAPD_LEVEL_DEBUG,
1042 "added new dynamic VLAN interface '%s'",
1043 vlan->ifname);
1044 } else if (vlan && vlan->dynamic_vlan > 0) {
1045 vlan->dynamic_vlan++;
1046 hostapd_logger(hapd, sta->addr,
1047 HOSTAPD_MODULE_IEEE80211,
1048 HOSTAPD_LEVEL_DEBUG,
1049 "updated existing dynamic VLAN interface '%s'",
1050 vlan->ifname);
1051 }
1052 done:
1053 old_vlan_id = sta->vlan_id;
1054 sta->vlan_id = vlan_id;
1055 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
1056
1057 if (vlan_id != old_vlan_id && old_vlan_id)
1058 vlan_remove_dynamic(hapd, old_vlan_id);
1059
1060 return ret;
1061 }
1062
1063
ap_sta_bind_vlan(struct hostapd_data * hapd,struct sta_info * sta)1064 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
1065 {
1066 #ifndef CONFIG_NO_VLAN
1067 const char *iface;
1068 struct hostapd_vlan *vlan = NULL;
1069 int ret;
1070 int old_vlanid = sta->vlan_id_bound;
1071
1072 if ((sta->flags & WLAN_STA_WDS) && sta->vlan_id == 0) {
1073 wpa_printf(MSG_DEBUG,
1074 "Do not override WDS VLAN assignment for STA "
1075 MACSTR, MAC2STR(sta->addr));
1076 return 0;
1077 }
1078
1079 iface = hapd->conf->iface;
1080 if (hapd->conf->ssid.vlan[0])
1081 iface = hapd->conf->ssid.vlan;
1082
1083 if (sta->vlan_id > 0) {
1084 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1085 if (vlan->vlan_id == sta->vlan_id)
1086 break;
1087 }
1088 if (vlan)
1089 iface = vlan->ifname;
1090 }
1091
1092 /*
1093 * Do not increment ref counters if the VLAN ID remains same, but do
1094 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
1095 * have been called before.
1096 */
1097 if (sta->vlan_id == old_vlanid)
1098 goto skip_counting;
1099
1100 if (sta->vlan_id > 0 && !vlan &&
1101 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
1102 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1103 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
1104 "binding station to (vlan_id=%d)",
1105 sta->vlan_id);
1106 ret = -1;
1107 goto done;
1108 } else if (vlan && vlan->dynamic_vlan > 0) {
1109 vlan->dynamic_vlan++;
1110 hostapd_logger(hapd, sta->addr,
1111 HOSTAPD_MODULE_IEEE80211,
1112 HOSTAPD_LEVEL_DEBUG,
1113 "updated existing dynamic VLAN interface '%s'",
1114 iface);
1115 }
1116
1117 /* ref counters have been increased, so mark the station */
1118 sta->vlan_id_bound = sta->vlan_id;
1119
1120 skip_counting:
1121 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1122 HOSTAPD_LEVEL_DEBUG, "binding station to interface "
1123 "'%s'", iface);
1124
1125 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
1126 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
1127
1128 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
1129 if (ret < 0) {
1130 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1131 HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
1132 "entry to vlan_id=%d", sta->vlan_id);
1133 }
1134
1135 /* During 1x reauth, if the vlan id changes, then remove the old id. */
1136 if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
1137 vlan_remove_dynamic(hapd, old_vlanid);
1138 done:
1139
1140 return ret;
1141 #else /* CONFIG_NO_VLAN */
1142 return 0;
1143 #endif /* CONFIG_NO_VLAN */
1144 }
1145
1146
ap_check_sa_query_timeout(struct hostapd_data * hapd,struct sta_info * sta)1147 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
1148 {
1149 u32 tu;
1150 struct os_reltime now, passed;
1151 os_get_reltime(&now);
1152 os_reltime_sub(&now, &sta->sa_query_start, &passed);
1153 tu = (passed.sec * 1000000 + passed.usec) / 1024;
1154 if (hapd->conf->assoc_sa_query_max_timeout < tu) {
1155 hostapd_logger(hapd, sta->addr,
1156 HOSTAPD_MODULE_IEEE80211,
1157 HOSTAPD_LEVEL_DEBUG,
1158 "association SA Query timed out");
1159 sta->sa_query_timed_out = 1;
1160 os_free(sta->sa_query_trans_id);
1161 sta->sa_query_trans_id = NULL;
1162 sta->sa_query_count = 0;
1163 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1164 return 1;
1165 }
1166
1167 return 0;
1168 }
1169
1170
ap_sa_query_timer(void * eloop_ctx,void * timeout_ctx)1171 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1172 {
1173 struct hostapd_data *hapd = eloop_ctx;
1174 struct sta_info *sta = timeout_ctx;
1175 unsigned int timeout, sec, usec;
1176 u8 *trans_id, *nbuf;
1177
1178 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
1179 " (count=%d)",
1180 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
1181
1182 if (sta->sa_query_count > 0 &&
1183 ap_check_sa_query_timeout(hapd, sta))
1184 return;
1185 if (sta->sa_query_count >= 1000)
1186 return;
1187
1188 nbuf = os_realloc_array(sta->sa_query_trans_id,
1189 sta->sa_query_count + 1,
1190 WLAN_SA_QUERY_TR_ID_LEN);
1191 if (nbuf == NULL)
1192 return;
1193 if (sta->sa_query_count == 0) {
1194 /* Starting a new SA Query procedure */
1195 os_get_reltime(&sta->sa_query_start);
1196 }
1197 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1198 sta->sa_query_trans_id = nbuf;
1199 sta->sa_query_count++;
1200
1201 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1202 /*
1203 * We don't really care which ID is used here, so simply
1204 * hardcode this if the mostly theoretical os_get_random()
1205 * failure happens.
1206 */
1207 trans_id[0] = 0x12;
1208 trans_id[1] = 0x34;
1209 }
1210
1211 timeout = hapd->conf->assoc_sa_query_retry_timeout;
1212 sec = ((timeout / 1000) * 1024) / 1000;
1213 usec = (timeout % 1000) * 1024;
1214 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
1215
1216 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1217 HOSTAPD_LEVEL_DEBUG,
1218 "association SA Query attempt %d", sta->sa_query_count);
1219
1220 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
1221 }
1222
1223
ap_sta_start_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1224 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1225 {
1226 ap_sa_query_timer(hapd, sta);
1227 }
1228
1229
ap_sta_stop_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1230 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1231 {
1232 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1233 os_free(sta->sa_query_trans_id);
1234 sta->sa_query_trans_id = NULL;
1235 sta->sa_query_count = 0;
1236 }
1237
1238
ap_sta_wpa_get_keyid(struct hostapd_data * hapd,struct sta_info * sta)1239 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
1240 struct sta_info *sta)
1241 {
1242 struct hostapd_wpa_psk *psk;
1243 struct hostapd_ssid *ssid;
1244 const u8 *pmk;
1245 int pmk_len;
1246
1247 ssid = &hapd->conf->ssid;
1248
1249 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
1250 if (!pmk || pmk_len != PMK_LEN)
1251 return NULL;
1252
1253 for (psk = ssid->wpa_psk; psk; psk = psk->next)
1254 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0)
1255 break;
1256 if (!psk || !psk->keyid[0])
1257 return NULL;
1258
1259 return psk->keyid;
1260 }
1261
1262
ap_sta_set_authorized(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1263 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
1264 int authorized)
1265 {
1266 const u8 *dev_addr = NULL;
1267 char buf[100];
1268 #ifdef CONFIG_P2P
1269 u8 addr[ETH_ALEN];
1270 u8 ip_addr_buf[4];
1271 #endif /* CONFIG_P2P */
1272
1273 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
1274 return;
1275
1276 if (authorized)
1277 sta->flags |= WLAN_STA_AUTHORIZED;
1278 else
1279 sta->flags &= ~WLAN_STA_AUTHORIZED;
1280
1281 #ifdef CONFIG_P2P
1282 if (hapd->p2p_group == NULL) {
1283 if (sta->p2p_ie != NULL &&
1284 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
1285 dev_addr = addr;
1286 } else
1287 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
1288
1289 if (dev_addr)
1290 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
1291 MAC2STR(sta->addr), MAC2STR(dev_addr));
1292 else
1293 #endif /* CONFIG_P2P */
1294 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
1295
1296 if (hapd->sta_authorized_cb)
1297 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
1298 sta->addr, authorized, dev_addr);
1299
1300 if (authorized) {
1301 const char *keyid;
1302 char keyid_buf[100];
1303 char ip_addr[100];
1304
1305 keyid_buf[0] = '\0';
1306 ip_addr[0] = '\0';
1307 #ifdef CONFIG_P2P
1308 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
1309 os_snprintf(ip_addr, sizeof(ip_addr),
1310 " ip_addr=%u.%u.%u.%u",
1311 ip_addr_buf[0], ip_addr_buf[1],
1312 ip_addr_buf[2], ip_addr_buf[3]);
1313 }
1314 #endif /* CONFIG_P2P */
1315
1316 keyid = ap_sta_wpa_get_keyid(hapd, sta);
1317 if (keyid) {
1318 os_snprintf(keyid_buf, sizeof(keyid_buf),
1319 " keyid=%s", keyid);
1320 }
1321
1322 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
1323 buf, ip_addr, keyid_buf);
1324
1325 if (hapd->msg_ctx_parent &&
1326 hapd->msg_ctx_parent != hapd->msg_ctx)
1327 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1328 AP_STA_CONNECTED "%s%s%s",
1329 buf, ip_addr, keyid_buf);
1330 } else {
1331 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
1332
1333 if (hapd->msg_ctx_parent &&
1334 hapd->msg_ctx_parent != hapd->msg_ctx)
1335 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1336 AP_STA_DISCONNECTED "%s", buf);
1337 }
1338
1339 #ifdef CONFIG_FST
1340 if (hapd->iface->fst) {
1341 if (authorized)
1342 fst_notify_peer_connected(hapd->iface->fst, sta->addr);
1343 else
1344 fst_notify_peer_disconnected(hapd->iface->fst,
1345 sta->addr);
1346 }
1347 #endif /* CONFIG_FST */
1348 }
1349
1350
ap_sta_disconnect(struct hostapd_data * hapd,struct sta_info * sta,const u8 * addr,u16 reason)1351 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
1352 const u8 *addr, u16 reason)
1353 {
1354 if (sta)
1355 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
1356 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1357 reason);
1358 else if (addr)
1359 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
1360 hapd->conf->iface, __func__, MAC2STR(addr),
1361 reason);
1362
1363 if (sta == NULL && addr)
1364 sta = ap_get_sta(hapd, addr);
1365
1366 if (addr)
1367 hostapd_drv_sta_deauth(hapd, addr, reason);
1368
1369 if (sta == NULL)
1370 return;
1371 ap_sta_set_authorized(hapd, sta, 0);
1372 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1373 hostapd_set_sta_flags(hapd, sta);
1374 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1375 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1376 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
1377 "for " MACSTR " (%d seconds - "
1378 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
1379 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1380 AP_MAX_INACTIVITY_AFTER_DEAUTH);
1381 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1382 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
1383 ap_handle_timer, hapd, sta);
1384 sta->timeout_next = STA_REMOVE;
1385
1386 if (hapd->iface->current_mode &&
1387 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
1388 /* Deauthentication is not used in DMG/IEEE 802.11ad;
1389 * disassociate the STA instead. */
1390 sta->disassoc_reason = reason;
1391 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
1392 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1393 eloop_register_timeout(hapd->iface->drv_flags &
1394 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ?
1395 2 : 0, 0, ap_sta_disassoc_cb_timeout,
1396 hapd, sta);
1397 return;
1398 }
1399
1400 sta->deauth_reason = reason;
1401 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1402 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1403 eloop_register_timeout(hapd->iface->drv_flags &
1404 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1405 ap_sta_deauth_cb_timeout, hapd, sta);
1406 }
1407
1408
ap_sta_deauth_cb(struct hostapd_data * hapd,struct sta_info * sta)1409 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
1410 {
1411 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
1412 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
1413 return;
1414 }
1415 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
1416 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1417 ap_sta_deauth_cb_timeout(hapd, sta);
1418 }
1419
1420
ap_sta_disassoc_cb(struct hostapd_data * hapd,struct sta_info * sta)1421 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
1422 {
1423 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
1424 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
1425 return;
1426 }
1427 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
1428 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1429 ap_sta_disassoc_cb_timeout(hapd, sta);
1430 }
1431
1432
ap_sta_clear_disconnect_timeouts(struct hostapd_data * hapd,struct sta_info * sta)1433 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
1434 struct sta_info *sta)
1435 {
1436 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
1437 wpa_printf(MSG_DEBUG,
1438 "%s: Removed ap_sta_deauth_cb_timeout timeout for "
1439 MACSTR,
1440 hapd->conf->iface, MAC2STR(sta->addr));
1441 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
1442 wpa_printf(MSG_DEBUG,
1443 "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
1444 MACSTR,
1445 hapd->conf->iface, MAC2STR(sta->addr));
1446 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0)
1447 {
1448 wpa_printf(MSG_DEBUG,
1449 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for "
1450 MACSTR,
1451 hapd->conf->iface, MAC2STR(sta->addr));
1452 if (sta->flags & WLAN_STA_WPS)
1453 hostapd_wps_eap_completed(hapd);
1454 }
1455 }
1456
1457
ap_sta_flags_txt(u32 flags,char * buf,size_t buflen)1458 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
1459 {
1460 int res;
1461
1462 buf[0] = '\0';
1463 res = os_snprintf(buf, buflen,
1464 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1465 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
1466 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
1467 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
1468 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
1469 ""),
1470 (flags & WLAN_STA_SHORT_PREAMBLE ?
1471 "[SHORT_PREAMBLE]" : ""),
1472 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
1473 (flags & WLAN_STA_WMM ? "[WMM]" : ""),
1474 (flags & WLAN_STA_MFP ? "[MFP]" : ""),
1475 (flags & WLAN_STA_WPS ? "[WPS]" : ""),
1476 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
1477 (flags & WLAN_STA_WDS ? "[WDS]" : ""),
1478 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
1479 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
1480 (flags & WLAN_STA_GAS ? "[GAS]" : ""),
1481 (flags & WLAN_STA_HT ? "[HT]" : ""),
1482 (flags & WLAN_STA_VHT ? "[VHT]" : ""),
1483 (flags & WLAN_STA_HE ? "[HE]" : ""),
1484 (flags & WLAN_STA_EHT ? "[EHT]" : ""),
1485 (flags & WLAN_STA_6GHZ ? "[6GHZ]" : ""),
1486 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
1487 (flags & WLAN_STA_WNM_SLEEP_MODE ?
1488 "[WNM_SLEEP_MODE]" : ""));
1489 if (os_snprintf_error(buflen, res))
1490 res = -1;
1491
1492 return res;
1493 }
1494
1495
ap_sta_delayed_1x_auth_fail_cb(void * eloop_ctx,void * timeout_ctx)1496 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
1497 {
1498 struct hostapd_data *hapd = eloop_ctx;
1499 struct sta_info *sta = timeout_ctx;
1500 u16 reason;
1501
1502 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1503 "IEEE 802.1X: Scheduled disconnection of " MACSTR
1504 " after EAP-Failure", MAC2STR(sta->addr));
1505
1506 reason = sta->disconnect_reason_code;
1507 if (!reason)
1508 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
1509 ap_sta_disconnect(hapd, sta, sta->addr, reason);
1510 if (sta->flags & WLAN_STA_WPS)
1511 hostapd_wps_eap_completed(hapd);
1512 }
1513
1514
ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta)1515 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1516 struct sta_info *sta)
1517 {
1518 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1519 "IEEE 802.1X: Force disconnection of " MACSTR
1520 " after EAP-Failure in 10 ms", MAC2STR(sta->addr));
1521
1522 /*
1523 * Add a small sleep to increase likelihood of previously requested
1524 * EAP-Failure TX getting out before this should the driver reorder
1525 * operations.
1526 */
1527 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1528 eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb,
1529 hapd, sta);
1530 }
1531
1532
ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta)1533 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1534 struct sta_info *sta)
1535 {
1536 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
1537 hapd, sta);
1538 }
1539
1540
ap_sta_re_add(struct hostapd_data * hapd,struct sta_info * sta)1541 int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
1542 {
1543 /*
1544 * If a station that is already associated to the AP, is trying to
1545 * authenticate again, remove the STA entry, in order to make sure the
1546 * STA PS state gets cleared and configuration gets updated. To handle
1547 * this, station's added_unassoc flag is cleared once the station has
1548 * completed association.
1549 */
1550 ap_sta_set_authorized(hapd, sta, 0);
1551 hostapd_drv_sta_remove(hapd, sta->addr);
1552 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
1553
1554 if (hostapd_sta_add(hapd, sta->addr, 0, 0,
1555 sta->supported_rates,
1556 sta->supported_rates_len,
1557 0, NULL, NULL, NULL, 0, NULL, 0, NULL,
1558 sta->flags, 0, 0, 0, 0)) {
1559 hostapd_logger(hapd, sta->addr,
1560 HOSTAPD_MODULE_IEEE80211,
1561 HOSTAPD_LEVEL_NOTICE,
1562 "Could not add STA to kernel driver");
1563 return -1;
1564 }
1565
1566 sta->added_unassoc = 1;
1567 return 0;
1568 }
1569